From c691f38732a2d59a11bafc53e0471ed233349bc4 Mon Sep 17 00:00:00 2001 From: Joel Capitao Date: Thu, 3 Jul 2025 15:43:59 +0200 Subject: [PATCH 1/3] .tekton: switch to dedicated SA We change the Service Account used by build pipeline from "appstudio-pipeline" to dedicated to the Component Service Account. --- .tekton/coreos-assembler-pull-request.yaml | 2 ++ .tekton/coreos-assembler-push.yaml | 2 ++ .tekton/kola-nfs-pull-request.yaml | 2 ++ .tekton/kola-nfs-push.yaml | 2 ++ .tekton/kola-tang-pull-request.yaml | 2 ++ .tekton/kola-tang-push.yaml | 2 ++ .tekton/kola-targetcli-pull-request.yaml | 2 ++ .tekton/kola-targetcli-push.yaml | 2 ++ 8 files changed, 16 insertions(+) diff --git a/.tekton/coreos-assembler-pull-request.yaml b/.tekton/coreos-assembler-pull-request.yaml index b722199aa1..a9f0f5ba04 100644 --- a/.tekton/coreos-assembler-pull-request.yaml +++ b/.tekton/coreos-assembler-pull-request.yaml @@ -53,6 +53,8 @@ spec: - name: kind value: pipeline resolver: bundles + taskRunTemplate: + serviceAccountName: build-pipeline-coreos-assembler workspaces: - name: git-auth secret: diff --git a/.tekton/coreos-assembler-push.yaml b/.tekton/coreos-assembler-push.yaml index 2fc57370df..3723e4a904 100644 --- a/.tekton/coreos-assembler-push.yaml +++ b/.tekton/coreos-assembler-push.yaml @@ -50,6 +50,8 @@ spec: - name: kind value: pipeline resolver: bundles + taskRunTemplate: + serviceAccountName: build-pipeline-coreos-assembler workspaces: - name: git-auth secret: diff --git a/.tekton/kola-nfs-pull-request.yaml b/.tekton/kola-nfs-pull-request.yaml index e2f1bec461..13932d6855 100644 --- a/.tekton/kola-nfs-pull-request.yaml +++ b/.tekton/kola-nfs-pull-request.yaml @@ -55,6 +55,8 @@ spec: - name: kind value: pipeline resolver: bundles + taskRunTemplate: + serviceAccountName: build-pipeline-kola-nfs workspaces: - name: git-auth secret: diff --git a/.tekton/kola-nfs-push.yaml b/.tekton/kola-nfs-push.yaml index ec77f6c227..758a4a17b2 100644 --- a/.tekton/kola-nfs-push.yaml +++ b/.tekton/kola-nfs-push.yaml @@ -51,6 +51,8 @@ spec: - name: kind value: pipeline resolver: bundles + taskRunTemplate: + serviceAccountName: build-pipeline-kola-nfs workspaces: - name: git-auth secret: diff --git a/.tekton/kola-tang-pull-request.yaml b/.tekton/kola-tang-pull-request.yaml index a5d6bad861..a54d945e21 100644 --- a/.tekton/kola-tang-pull-request.yaml +++ b/.tekton/kola-tang-pull-request.yaml @@ -55,6 +55,8 @@ spec: - name: kind value: pipeline resolver: bundles + taskRunTemplate: + serviceAccountName: build-pipeline-kola-tang workspaces: - name: git-auth secret: diff --git a/.tekton/kola-tang-push.yaml b/.tekton/kola-tang-push.yaml index c10cc55525..c80b7aed2e 100644 --- a/.tekton/kola-tang-push.yaml +++ b/.tekton/kola-tang-push.yaml @@ -51,6 +51,8 @@ spec: - name: kind value: pipeline resolver: bundles + taskRunTemplate: + serviceAccountName: build-pipeline-kola-tang workspaces: - name: git-auth secret: diff --git a/.tekton/kola-targetcli-pull-request.yaml b/.tekton/kola-targetcli-pull-request.yaml index c99c6682ce..55b8d3e180 100644 --- a/.tekton/kola-targetcli-pull-request.yaml +++ b/.tekton/kola-targetcli-pull-request.yaml @@ -55,6 +55,8 @@ spec: - name: kind value: pipeline resolver: bundles + taskRunTemplate: + serviceAccountName: build-pipeline-kola-targetcli workspaces: - name: git-auth secret: diff --git a/.tekton/kola-targetcli-push.yaml b/.tekton/kola-targetcli-push.yaml index 0ef4fd4277..e42f78deda 100644 --- a/.tekton/kola-targetcli-push.yaml +++ b/.tekton/kola-targetcli-push.yaml @@ -51,6 +51,8 @@ spec: - name: kind value: pipeline resolver: bundles + taskRunTemplate: + serviceAccountName: build-pipeline-kola-targetcli workspaces: - name: git-auth secret: From 94d958709cfe46ec0394a1c247c301dca265b376 Mon Sep 17 00:00:00 2001 From: Joel Capitao Date: Thu, 3 Jul 2025 16:11:35 +0200 Subject: [PATCH 2/3] .tekton: do not prefetch deps As a follow-up of [1], we also need to disable prefetching the dependencies to not rely on the lockfiles. Those files are not automatically updated as for now. [1] fb71d1d9a5dbd44ec537db55739689c01db62977 --- .tekton/coreos-assembler-pull-request.yaml | 12 ++++++------ .tekton/coreos-assembler-push.yaml | 12 ++++++------ .tekton/kola-nfs-pull-request.yaml | 4 ++-- .tekton/kola-nfs-push.yaml | 4 ++-- .tekton/kola-tang-pull-request.yaml | 4 ++-- .tekton/kola-tang-push.yaml | 4 ++-- .tekton/kola-targetcli-pull-request.yaml | 4 ++-- .tekton/kola-targetcli-push.yaml | 4 ++-- 8 files changed, 24 insertions(+), 24 deletions(-) diff --git a/.tekton/coreos-assembler-pull-request.yaml b/.tekton/coreos-assembler-pull-request.yaml index a9f0f5ba04..e2b99645c7 100644 --- a/.tekton/coreos-assembler-pull-request.yaml +++ b/.tekton/coreos-assembler-pull-request.yaml @@ -36,14 +36,14 @@ spec: value: . - name: hermetic value: false - - name: prefetch-input - value: '[{"type": "rpm", "path": "ci/hermetic"}, {"path": "ci/hermetic", "type": "generic"}]' + #- name: prefetch-input + # value: '[{"type": "rpm", "path": "ci/hermetic"}, {"path": "ci/hermetic", "type": "generic"}]' # Note: to be removed once rpm fully supported # https://github.com/hermetoproject/hermeto?tab=readme-ov-file#package-managers - - name: dev-package-managers - value: true - - name: build-args - value: ["NO_NETWORK=1"] + #- name: dev-package-managers + # value: true + #- name: build-args + # value: ["NO_NETWORK=1"] pipelineRef: params: - name: bundle diff --git a/.tekton/coreos-assembler-push.yaml b/.tekton/coreos-assembler-push.yaml index 3723e4a904..aaec3fbba2 100644 --- a/.tekton/coreos-assembler-push.yaml +++ b/.tekton/coreos-assembler-push.yaml @@ -33,14 +33,14 @@ spec: value: . - name: hermetic value: false - - name: prefetch-input - value: '[{"type": "rpm", "path": "ci/hermetic"}, {"path": "ci/hermetic", "type": "generic"}]' + #- name: prefetch-input + # value: '[{"type": "rpm", "path": "ci/hermetic"}, {"path": "ci/hermetic", "type": "generic"}]' # Note: to be removed once rpm fully supported # https://github.com/hermetoproject/hermeto?tab=readme-ov-file#package-managers - - name: dev-package-managers - value: true - - name: build-args - value: ["NO_NETWORK=1"] + #- name: dev-package-managers + # value: true + #- name: build-args + # value: ["NO_NETWORK=1"] pipelineRef: params: - name: bundle diff --git a/.tekton/kola-nfs-pull-request.yaml b/.tekton/kola-nfs-pull-request.yaml index 13932d6855..ee579cf50e 100644 --- a/.tekton/kola-nfs-pull-request.yaml +++ b/.tekton/kola-nfs-pull-request.yaml @@ -40,8 +40,8 @@ spec: value: tests/containers/nfs - name: hermetic value: false - - name: prefetch-input - value: '[{"type": "rpm", "path": "ci/hermetic"}]' + #- name: prefetch-input + # value: '[{"type": "rpm", "path": "ci/hermetic"}]' # Note: to be removed once rpm fully supported # https://github.com/hermetoproject/hermeto?tab=readme-ov-file#package-managers - name: dev-package-managers diff --git a/.tekton/kola-nfs-push.yaml b/.tekton/kola-nfs-push.yaml index 758a4a17b2..219366ce25 100644 --- a/.tekton/kola-nfs-push.yaml +++ b/.tekton/kola-nfs-push.yaml @@ -36,8 +36,8 @@ spec: value: tests/containers/nfs - name: hermetic value: false - - name: prefetch-input - value: '[{"type": "rpm", "path": "ci/hermetic"}]' + #- name: prefetch-input + # value: '[{"type": "rpm", "path": "ci/hermetic"}]' # Note: to be removed once rpm fully supported # https://github.com/hermetoproject/hermeto?tab=readme-ov-file#package-managers - name: dev-package-managers diff --git a/.tekton/kola-tang-pull-request.yaml b/.tekton/kola-tang-pull-request.yaml index a54d945e21..0834aca015 100644 --- a/.tekton/kola-tang-pull-request.yaml +++ b/.tekton/kola-tang-pull-request.yaml @@ -40,8 +40,8 @@ spec: value: . - name: hermetic value: false - - name: prefetch-input - value: '[{"type": "rpm", "path": "ci/hermetic"}]' + #- name: prefetch-input + # value: '[{"type": "rpm", "path": "ci/hermetic"}]' # Note: to be removed once rpm fully supported # https://github.com/hermetoproject/hermeto?tab=readme-ov-file#package-managers - name: dev-package-managers diff --git a/.tekton/kola-tang-push.yaml b/.tekton/kola-tang-push.yaml index c80b7aed2e..c4b6fbb0ef 100644 --- a/.tekton/kola-tang-push.yaml +++ b/.tekton/kola-tang-push.yaml @@ -36,8 +36,8 @@ spec: value: . - name: hermetic value: false - - name: prefetch-input - value: '[{"type": "rpm", "path": "ci/hermetic"}]' + #- name: prefetch-input + # value: '[{"type": "rpm", "path": "ci/hermetic"}]' # Note: to be removed once rpm fully supported # https://github.com/hermetoproject/hermeto?tab=readme-ov-file#package-managers - name: dev-package-managers diff --git a/.tekton/kola-targetcli-pull-request.yaml b/.tekton/kola-targetcli-pull-request.yaml index 55b8d3e180..bd4fad819e 100644 --- a/.tekton/kola-targetcli-pull-request.yaml +++ b/.tekton/kola-targetcli-pull-request.yaml @@ -40,8 +40,8 @@ spec: value: . - name: hermetic value: false - - name: prefetch-input - value: '[{"type": "rpm", "path": "ci/hermetic"}]' + #- name: prefetch-input + # value: '[{"type": "rpm", "path": "ci/hermetic"}]' # Note: to be removed once rpm fully supported # https://github.com/hermetoproject/hermeto?tab=readme-ov-file#package-managers - name: dev-package-managers diff --git a/.tekton/kola-targetcli-push.yaml b/.tekton/kola-targetcli-push.yaml index e42f78deda..371b47950a 100644 --- a/.tekton/kola-targetcli-push.yaml +++ b/.tekton/kola-targetcli-push.yaml @@ -36,8 +36,8 @@ spec: value: . - name: hermetic value: false - - name: prefetch-input - value: '[{"type": "rpm", "path": "ci/hermetic"}]' + #- name: prefetch-input + # value: '[{"type": "rpm", "path": "ci/hermetic"}]' # Note: to be removed once rpm fully supported # https://github.com/hermetoproject/hermeto?tab=readme-ov-file#package-managers - name: dev-package-managers From 654814afd3503bab1d4fe83d04c921b1a5f8d39f Mon Sep 17 00:00:00 2001 From: Joel Capitao Date: Thu, 3 Jul 2025 17:29:50 +0200 Subject: [PATCH 3/3] .tekton: skip checks We disable the default Konflux checks for now as we don't need them during the onboarding process. We'll enable them again once all the pipeline set up. --- .tekton/coreos-assembler-pull-request.yaml | 2 ++ .tekton/coreos-assembler-push.yaml | 2 ++ .tekton/kola-nfs-pull-request.yaml | 2 ++ .tekton/kola-nfs-push.yaml | 2 ++ .tekton/kola-tang-pull-request.yaml | 2 ++ .tekton/kola-tang-push.yaml | 2 ++ .tekton/kola-targetcli-pull-request.yaml | 2 ++ .tekton/kola-targetcli-push.yaml | 2 ++ 8 files changed, 16 insertions(+) diff --git a/.tekton/coreos-assembler-pull-request.yaml b/.tekton/coreos-assembler-pull-request.yaml index e2b99645c7..2d41ed7c88 100644 --- a/.tekton/coreos-assembler-pull-request.yaml +++ b/.tekton/coreos-assembler-pull-request.yaml @@ -34,6 +34,8 @@ spec: value: Dockerfile - name: path-context value: . + - name: skip-checks + value: true - name: hermetic value: false #- name: prefetch-input diff --git a/.tekton/coreos-assembler-push.yaml b/.tekton/coreos-assembler-push.yaml index aaec3fbba2..74bfd2b9a1 100644 --- a/.tekton/coreos-assembler-push.yaml +++ b/.tekton/coreos-assembler-push.yaml @@ -31,6 +31,8 @@ spec: value: Dockerfile - name: path-context value: . + - name: skip-checks + value: true - name: hermetic value: false #- name: prefetch-input diff --git a/.tekton/kola-nfs-pull-request.yaml b/.tekton/kola-nfs-pull-request.yaml index ee579cf50e..4aa8831b48 100644 --- a/.tekton/kola-nfs-pull-request.yaml +++ b/.tekton/kola-nfs-pull-request.yaml @@ -38,6 +38,8 @@ spec: value: Containerfile - name: path-context value: tests/containers/nfs + - name: skip-checks + value: true - name: hermetic value: false #- name: prefetch-input diff --git a/.tekton/kola-nfs-push.yaml b/.tekton/kola-nfs-push.yaml index 219366ce25..cbdf6e578c 100644 --- a/.tekton/kola-nfs-push.yaml +++ b/.tekton/kola-nfs-push.yaml @@ -34,6 +34,8 @@ spec: value: Containerfile - name: path-context value: tests/containers/nfs + - name: skip-checks + value: true - name: hermetic value: false #- name: prefetch-input diff --git a/.tekton/kola-tang-pull-request.yaml b/.tekton/kola-tang-pull-request.yaml index 0834aca015..c1d5d2e5e2 100644 --- a/.tekton/kola-tang-pull-request.yaml +++ b/.tekton/kola-tang-pull-request.yaml @@ -38,6 +38,8 @@ spec: value: ./tests/containers/tang/Containerfile - name: path-context value: . + - name: skip-checks + value: true - name: hermetic value: false #- name: prefetch-input diff --git a/.tekton/kola-tang-push.yaml b/.tekton/kola-tang-push.yaml index c4b6fbb0ef..0e2a2ab86e 100644 --- a/.tekton/kola-tang-push.yaml +++ b/.tekton/kola-tang-push.yaml @@ -34,6 +34,8 @@ spec: value: ./tests/containers/tang/Containerfile - name: path-context value: . + - name: skip-checks + value: true - name: hermetic value: false #- name: prefetch-input diff --git a/.tekton/kola-targetcli-pull-request.yaml b/.tekton/kola-targetcli-pull-request.yaml index bd4fad819e..af7d304d8a 100644 --- a/.tekton/kola-targetcli-pull-request.yaml +++ b/.tekton/kola-targetcli-pull-request.yaml @@ -38,6 +38,8 @@ spec: value: ./tests/containers/targetcli/Containerfile - name: path-context value: . + - name: skip-checks + value: true - name: hermetic value: false #- name: prefetch-input diff --git a/.tekton/kola-targetcli-push.yaml b/.tekton/kola-targetcli-push.yaml index 371b47950a..a2612f7593 100644 --- a/.tekton/kola-targetcli-push.yaml +++ b/.tekton/kola-targetcli-push.yaml @@ -34,6 +34,8 @@ spec: value: ./tests/containers/targetcli/Containerfile - name: path-context value: . + - name: skip-checks + value: true - name: hermetic value: false #- name: prefetch-input