From 0a67e45804ccdc90a7d38e222b4fab2056ef9c48 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christoph=20St=C3=A4bler?= Date: Mon, 30 Sep 2024 17:58:52 +0200 Subject: [PATCH 1/4] Add workflow in each repo to apply Konflux manifests on changes --- ... => reusable-apply-konflux-manifests.yaml} | 7 +++++-- cmd/konflux-apply/README.md | 9 ++++++++- cmd/konflux-gen/main.go | 2 ++ .../apply-konflux-manifests-workflow.yaml | 12 +++++++++++ pkg/konfluxgen/konfluxgen.go | 20 +++++++++++++++++++ pkg/prowgen/prowgen_konflux.go | 2 ++ 6 files changed, 49 insertions(+), 3 deletions(-) rename .github/workflows/{apply-konflux-manifests.yaml => reusable-apply-konflux-manifests.yaml} (88%) create mode 100644 pkg/konfluxgen/apply-konflux-manifests-workflow.yaml diff --git a/.github/workflows/apply-konflux-manifests.yaml b/.github/workflows/reusable-apply-konflux-manifests.yaml similarity index 88% rename from .github/workflows/apply-konflux-manifests.yaml rename to .github/workflows/reusable-apply-konflux-manifests.yaml index efbbaad74..2501c767f 100644 --- a/.github/workflows/apply-konflux-manifests.yaml +++ b/.github/workflows/reusable-apply-konflux-manifests.yaml @@ -1,4 +1,4 @@ -name: Apply Konflux Manifests +name: Reusable Apply Konflux Manifests on: schedule: - cron: "0 6 * * *" # Daily at 06:00. @@ -6,6 +6,9 @@ on: push: paths: - ".konflux/**" + branches: + - 'main', + - 'release-v*' defaults: run: shell: bash @@ -32,4 +35,4 @@ jobs: kubectl config use-context konflux-sa@konflux - name: Apply Manifests - run: make konflux-apply + run: kubectl apply -Rf .konflux/ diff --git a/cmd/konflux-apply/README.md b/cmd/konflux-apply/README.md index 805c3ac5b..114befd15 100644 --- a/cmd/konflux-apply/README.md +++ b/cmd/konflux-apply/README.md @@ -34,4 +34,11 @@ As we use by default Tokens with a validity of 6 months, we need to recreate the 3. Create a new Token for 6 months and [update the `KONFLUX_SA_TOKEN` secret](https://github.com/openshift-knative/hack/settings/secrets/actions) with its value: ```shell kubectl create token gh-action --duration $((6*30*24))h - ``` \ No newline at end of file + ``` + +## Manually apply all Konflux Manifests + +In case you want to manually apply all Konflux manifests across all repos, do the following: + +0. Make sure, you're logged in to Konflux via the CLI and have access to the `ocp-serverless` workspace. Check for example the [Konflux kickstart recording](https://drive.google.com/drive/u/0/folders/0AB3Zk0vHI6ulUk9PVA) or the [Konflux docs](https://gitlab.cee.redhat.com/konflux/docs/users/-/blob/main/topics/getting-started/getting-access.md#accessing-konflux-via-cli) +1. Run `make konflux-apply`. This will clone all repos and checkout the branches which have Konflux enabled and apply their Konflux manifests. diff --git a/cmd/konflux-gen/main.go b/cmd/konflux-gen/main.go index b87f16767..ba8f544b1 100644 --- a/cmd/konflux-gen/main.go +++ b/cmd/konflux-gen/main.go @@ -18,6 +18,7 @@ const ( fbcBuilderImagesFlag = "fbc-images" outputFlag = "output" pipelineOutputFlag = "pipeline-output" + workflowsPathFlag = "workflows-path" ) func main() { @@ -34,6 +35,7 @@ func run() error { pflag.StringVar(&cfg.ApplicationName, applicationNameFlag, "", "Konflux application name") pflag.StringVar(&cfg.ResourcesOutputPath, outputFlag, "", "output path") pflag.StringVar(&cfg.PipelinesOutputPath, pipelineOutputFlag, ".tekton", "output path for pipelines") + pflag.StringVar(&cfg.WorkflowsPath, workflowsPathFlag, ".github/workflows", "output path for Github workflows") pflag.StringArrayVar(&cfg.Includes, includesFlag, nil, "Regex to select CI config files to include") pflag.StringArrayVar(&cfg.Excludes, excludesFlag, nil, "Regex to select CI config files to exclude") pflag.StringArrayVar(&cfg.ExcludesImages, excludeImagesFlag, nil, "Regex to select CI config images to exclude") diff --git a/pkg/konfluxgen/apply-konflux-manifests-workflow.yaml b/pkg/konfluxgen/apply-konflux-manifests-workflow.yaml new file mode 100644 index 000000000..533180d22 --- /dev/null +++ b/pkg/konfluxgen/apply-konflux-manifests-workflow.yaml @@ -0,0 +1,12 @@ +name: Apply Konflux Manifests +on: + workflow_dispatch: # Manual workflow trigger + push: + paths: + - ".konflux/**" + branches: + - 'main', + - 'release-v*' +jobs: + konflux-apply: + uses: openshift-knative/hack/.github/workflows/reusable-apply-konflux-manifests.yaml@main diff --git a/pkg/konfluxgen/konfluxgen.go b/pkg/konfluxgen/konfluxgen.go index 05e7c0a94..e37665772 100644 --- a/pkg/konfluxgen/konfluxgen.go +++ b/pkg/konfluxgen/konfluxgen.go @@ -40,6 +40,10 @@ const ( stageRegistry = stageRegistryHost + "/" + registryRepoName ) +const ( + APPLY_KONFLUX_MANIFESTS_WORKFLOW_FILE = "apply-konflux-manifests.yaml" +) + //go:embed application.template.yaml var ApplicationTemplate embed.FS @@ -64,6 +68,9 @@ var PipelineFBCBuildTemplate embed.FS //go:embed integration-test-scenario.template.yaml var EnterpriseContractTestScenarioTemplate embed.FS +//go:embed apply-konflux-manifests-workflow.yaml +var ApplyKonfluxManifestsWorkflow []byte + //go:embed releaseplanadmission-component.template.yaml var ComponentReleasePlanAdmissionsTemplate embed.FS @@ -91,6 +98,7 @@ type Config struct { PipelinesOutputPathSkipRemove bool PipelinesOutputPath string + WorkflowsPath string AdditionalTektonCELExpressionFunc func(cfg cioperatorapi.ReleaseBuildConfiguration, ib cioperatorapi.ProjectDirectoryImageBuildStepConfiguration) string NudgesFunc func(cfg cioperatorapi.ReleaseBuildConfiguration, ib cioperatorapi.ProjectDirectoryImageBuildStepConfiguration) []string @@ -473,9 +481,21 @@ func Generate(cfg Config) error { } } + if err := addApplyKonfluxManifestsWorkflow(cfg); err != nil { + return fmt.Errorf("failed to set apply-konflux-manifests workflow: %w", err) + } + return nil } +func addApplyKonfluxManifestsWorkflow(cfg Config) error { + if err := os.MkdirAll(cfg.WorkflowsPath, 0755); err != nil { + return fmt.Errorf("failed to create %s: %w", cfg.WorkflowsPath, err) + } + + return os.WriteFile(filepath.Join(cfg.WorkflowsPath, APPLY_KONFLUX_MANIFESTS_WORKFLOW_FILE), ApplyKonfluxManifestsWorkflow, 0644) +} + func collectConfigurations(openshiftReleasePath string, includes []*regexp.Regexp, excludes []*regexp.Regexp, additionalConfigs []TemplateConfig) ([]TemplateConfig, error) { configs := make([]TemplateConfig, 0, 8) err := filepath.WalkDir(openshiftReleasePath, func(path string, info fs.DirEntry, err error) error { diff --git a/pkg/prowgen/prowgen_konflux.go b/pkg/prowgen/prowgen_konflux.go index 906ab3dad..6971ce33c 100644 --- a/pkg/prowgen/prowgen_konflux.go +++ b/pkg/prowgen/prowgen_konflux.go @@ -150,6 +150,7 @@ func GenerateKonflux(ctx context.Context, openshiftRelease Repository, configs [ JavaImages: b.Konflux.JavaImages, ResourcesOutputPath: fmt.Sprintf("%s/.konflux", r.RepositoryDirectory()), PipelinesOutputPath: fmt.Sprintf("%s/.tekton", r.RepositoryDirectory()), + WorkflowsPath: fmt.Sprintf("%s/.github/workflows", r.RepositoryDirectory()), Nudges: nudges, // Preserve the version tag as first tag in any instance since SO, when bumping the patch version // will change it before merging the PR. @@ -304,6 +305,7 @@ func GenerateKonfluxServerlessOperator(ctx context.Context, openshiftRelease Rep ResourcesOutputPathSkipRemove: true, ResourcesOutputPath: resourceOutputPath, PipelinesOutputPath: fmt.Sprintf("%s/.tekton", r.RepositoryDirectory()), + WorkflowsPath: fmt.Sprintf("%s/.github/workflows", r.RepositoryDirectory()), Nudges: b.Konflux.Nudges, NudgesFunc: func(cfg cioperatorapi.ReleaseBuildConfiguration, ib cioperatorapi.ProjectDirectoryImageBuildStepConfiguration) []string { if strings.Contains(string(ib.To), "serverless-bundle") { From bc19cab8803a82d92bffe6ddbca3f7ae555176d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christoph=20St=C3=A4bler?= Date: Tue, 1 Oct 2024 07:58:19 +0200 Subject: [PATCH 2/4] Remove schedule & on-push triggers from reusable workflow and add only `on.workflow_call` --- .../workflows/reusable-apply-konflux-manifests.yaml | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/.github/workflows/reusable-apply-konflux-manifests.yaml b/.github/workflows/reusable-apply-konflux-manifests.yaml index 2501c767f..f5fb55470 100644 --- a/.github/workflows/reusable-apply-konflux-manifests.yaml +++ b/.github/workflows/reusable-apply-konflux-manifests.yaml @@ -1,14 +1,6 @@ name: Reusable Apply Konflux Manifests on: - schedule: - - cron: "0 6 * * *" # Daily at 06:00. - workflow_dispatch: # Manual workflow trigger - push: - paths: - - ".konflux/**" - branches: - - 'main', - - 'release-v*' + workflow_call: defaults: run: shell: bash From 0cec2067299e315d1a5e9b11c414dfd34a45aa25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christoph=20St=C3=A4bler?= Date: Tue, 1 Oct 2024 08:09:00 +0200 Subject: [PATCH 3/4] Fix to inherit secrets to reusable workflow --- pkg/konfluxgen/apply-konflux-manifests-workflow.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/konfluxgen/apply-konflux-manifests-workflow.yaml b/pkg/konfluxgen/apply-konflux-manifests-workflow.yaml index 533180d22..095a64401 100644 --- a/pkg/konfluxgen/apply-konflux-manifests-workflow.yaml +++ b/pkg/konfluxgen/apply-konflux-manifests-workflow.yaml @@ -10,3 +10,4 @@ on: jobs: konflux-apply: uses: openshift-knative/hack/.github/workflows/reusable-apply-konflux-manifests.yaml@main + secrets: inherit From f2813e44bb16a6a9861b9cedfbc290916efe6305 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christoph=20St=C3=A4bler?= Date: Thu, 31 Oct 2024 12:33:12 +0100 Subject: [PATCH 4/4] Change to call remote workflow in hack repo --- ...ests.yaml => apply-konflux-manifests.yaml} | 13 +++++++++--- cmd/konflux-apply/README.md | 4 ++-- .../apply-konflux-manifests-workflow.yaml | 20 +++++++++++++++---- pkg/konfluxgen/konfluxgen.go | 14 +++++++------ pkg/prowgen/prowgen_konflux.go | 6 ++++++ 5 files changed, 42 insertions(+), 15 deletions(-) rename .github/workflows/{reusable-apply-konflux-manifests.yaml => apply-konflux-manifests.yaml} (77%) diff --git a/.github/workflows/reusable-apply-konflux-manifests.yaml b/.github/workflows/apply-konflux-manifests.yaml similarity index 77% rename from .github/workflows/reusable-apply-konflux-manifests.yaml rename to .github/workflows/apply-konflux-manifests.yaml index f5fb55470..2175c4908 100644 --- a/.github/workflows/reusable-apply-konflux-manifests.yaml +++ b/.github/workflows/apply-konflux-manifests.yaml @@ -1,6 +1,13 @@ -name: Reusable Apply Konflux Manifests +name: Apply Konflux Manifests on: - workflow_call: + schedule: + - cron: "0 6 * * *" # Daily at 06:00. + workflow_dispatch: # Manual workflow trigger + push: + paths: + - ".konflux/**" + branches: + - 'main' defaults: run: shell: bash @@ -27,4 +34,4 @@ jobs: kubectl config use-context konflux-sa@konflux - name: Apply Manifests - run: kubectl apply -Rf .konflux/ + run: make konflux-apply diff --git a/cmd/konflux-apply/README.md b/cmd/konflux-apply/README.md index 114befd15..3efc95e3a 100644 --- a/cmd/konflux-apply/README.md +++ b/cmd/konflux-apply/README.md @@ -40,5 +40,5 @@ As we use by default Tokens with a validity of 6 months, we need to recreate the In case you want to manually apply all Konflux manifests across all repos, do the following: -0. Make sure, you're logged in to Konflux via the CLI and have access to the `ocp-serverless` workspace. Check for example the [Konflux kickstart recording](https://drive.google.com/drive/u/0/folders/0AB3Zk0vHI6ulUk9PVA) or the [Konflux docs](https://gitlab.cee.redhat.com/konflux/docs/users/-/blob/main/topics/getting-started/getting-access.md#accessing-konflux-via-cli) -1. Run `make konflux-apply`. This will clone all repos and checkout the branches which have Konflux enabled and apply their Konflux manifests. +1. Make sure, you're logged in to Konflux via the CLI and have access to the `ocp-serverless` workspace. Check for example the [Konflux kickstart recording](https://drive.google.com/drive/u/0/folders/0AB3Zk0vHI6ulUk9PVA) or the [Konflux docs](https://gitlab.cee.redhat.com/konflux/docs/users/-/blob/main/topics/getting-started/getting-access.md#accessing-konflux-via-cli) +2. Run `make konflux-apply`. This will clone all repos and checkout the branches which have Konflux enabled and apply their Konflux manifests. diff --git a/pkg/konfluxgen/apply-konflux-manifests-workflow.yaml b/pkg/konfluxgen/apply-konflux-manifests-workflow.yaml index 095a64401..dcdc4a626 100644 --- a/pkg/konfluxgen/apply-konflux-manifests-workflow.yaml +++ b/pkg/konfluxgen/apply-konflux-manifests-workflow.yaml @@ -5,9 +5,21 @@ on: paths: - ".konflux/**" branches: - - 'main', + - 'main' - 'release-v*' jobs: - konflux-apply: - uses: openshift-knative/hack/.github/workflows/reusable-apply-konflux-manifests.yaml@main - secrets: inherit + trigger-konflux-apply: + name: Trigger Konflux Apply + runs-on: ubuntu-latest + steps: + - name: Trigger Konflux Apply + uses: actions/github-script@v7 + with: + github-token: ${{ secrets.SERVERLESS_QE_ROBOT }} + script: | + github.rest.actions.createWorkflowDispatch({ + owner: context.repo.owner, + repo: 'hack', + workflow_id: 'apply-konflux-manifests.yaml', + ref: 'main', + }) diff --git a/pkg/konfluxgen/konfluxgen.go b/pkg/konfluxgen/konfluxgen.go index e37665772..ce6f3cac5 100644 --- a/pkg/konfluxgen/konfluxgen.go +++ b/pkg/konfluxgen/konfluxgen.go @@ -38,10 +38,8 @@ const ( registryRepoName = "openshift-serverless-1" prodRegistry = prodRegistryHost + "/" + registryRepoName stageRegistry = stageRegistryHost + "/" + registryRepoName -) -const ( - APPLY_KONFLUX_MANIFESTS_WORKFLOW_FILE = "apply-konflux-manifests.yaml" + triggerKonfluxApplyManifestsWorkflowFile = "apply-konflux-manifests.yaml" ) //go:embed application.template.yaml @@ -116,6 +114,8 @@ type Config struct { ComponentReleasePlanConfig *ComponentReleasePlanConfig AdditionalComponentConfigs []TemplateConfig + + SkipApplyKonfluxWorkflowCreation bool } type PrefetchDeps struct { @@ -481,8 +481,10 @@ func Generate(cfg Config) error { } } - if err := addApplyKonfluxManifestsWorkflow(cfg); err != nil { - return fmt.Errorf("failed to set apply-konflux-manifests workflow: %w", err) + if !cfg.SkipApplyKonfluxWorkflowCreation { + if err := addApplyKonfluxManifestsWorkflow(cfg); err != nil { + return fmt.Errorf("failed to add apply-konflux-manifests workflow: %w", err) + } } return nil @@ -493,7 +495,7 @@ func addApplyKonfluxManifestsWorkflow(cfg Config) error { return fmt.Errorf("failed to create %s: %w", cfg.WorkflowsPath, err) } - return os.WriteFile(filepath.Join(cfg.WorkflowsPath, APPLY_KONFLUX_MANIFESTS_WORKFLOW_FILE), ApplyKonfluxManifestsWorkflow, 0644) + return os.WriteFile(filepath.Join(cfg.WorkflowsPath, triggerKonfluxApplyManifestsWorkflowFile), ApplyKonfluxManifestsWorkflow, 0644) } func collectConfigurations(openshiftReleasePath string, includes []*regexp.Regexp, excludes []*regexp.Regexp, additionalConfigs []TemplateConfig) ([]TemplateConfig, error) { diff --git a/pkg/prowgen/prowgen_konflux.go b/pkg/prowgen/prowgen_konflux.go index 6971ce33c..33a22a687 100644 --- a/pkg/prowgen/prowgen_konflux.go +++ b/pkg/prowgen/prowgen_konflux.go @@ -322,6 +322,9 @@ func GenerateKonfluxServerlessOperator(ctx context.Context, openshiftRelease Rep // will change it before merging the PR. // See `openshift-knative/serverless-operator/hack/generate/update-pipelines.sh` for more details. Tags: []string{soMetadata.Project.Version}, + // We can skip the GH workflow creation to apply the Konflux manifests, as the SO + // manifests are stored in the hack repo and the workflow is anyhow present in there + SkipApplyKonfluxWorkflowCreation: true, } if len(cfg.ExcludesImages) == 0 { cfg.ExcludesImages = []string{ @@ -415,6 +418,9 @@ func generateFBCApplications(soMetadata *project.Metadata, openshiftRelease Repo // will change it before merging the PR. // See `openshift-knative/serverless-operator/hack/generate/update-pipelines.sh` for more details. Tags: []string{soMetadata.Project.Version}, + // We can skip the GH workflow creation to apply the Konflux manifests, as the SO + // manifests are stored in the hack repo and the workflow is anyhow present in there + SkipApplyKonfluxWorkflowCreation: true, } if err := konfluxgen.Generate(c); err != nil {