From f61a15663180cdcc29ef191550f8627cbfea4a90 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Wed, 18 Sep 2024 16:21:38 -0400 Subject: [PATCH] Apply labels in the buildah task, if provided For https://issues.redhat.com/browse/KONFLUX-4274 --- .../docker-build-multi-platform-oci-ta/README.md | 1 + pipelines/docker-build-oci-ta/README.md | 1 + pipelines/docker-build/README.md | 1 + pipelines/fbc-builder/README.md | 1 + task/buildah-oci-ta/0.2/README.md | 1 + task/buildah-oci-ta/0.2/buildah-oci-ta.yaml | 11 +++++++++++ .../0.2/buildah-remote-oci-ta.yaml | 11 +++++++++++ task/buildah-remote/0.2/buildah-remote.yaml | 11 +++++++++++ task/buildah/0.2/buildah.yaml | 10 ++++++++++ 9 files changed, 48 insertions(+) diff --git a/pipelines/docker-build-multi-platform-oci-ta/README.md b/pipelines/docker-build-multi-platform-oci-ta/README.md index c54180b7da..c010cdfad8 100644 --- a/pipelines/docker-build-multi-platform-oci-ta/README.md +++ b/pipelines/docker-build-multi-platform-oci-ta/README.md @@ -45,6 +45,7 @@ This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/reposito |name|description|default value|already set by| |---|---|---|---| |ACTIVATION_KEY| Name of secret which contains subscription activation key| activation-key| | +|ADDITIONAL_LABELS| Additional key=value labels that should be applied to the image| []| | |ADDITIONAL_SECRET| Name of a secret which will be made available to the build with 'buildah build --secret' at /run/secrets/$ADDITIONAL_SECRET| does-not-exist| | |ADD_CAPABILITIES| Comma separated list of extra capabilities to add when running 'buildah build'| | | |BUILD_ARGS| Array of --build-arg values ("arg=value" strings)| []| '['$(params.build-args[*])']'| diff --git a/pipelines/docker-build-oci-ta/README.md b/pipelines/docker-build-oci-ta/README.md index 506cb0d6c4..d8045cb7b1 100644 --- a/pipelines/docker-build-oci-ta/README.md +++ b/pipelines/docker-build-oci-ta/README.md @@ -44,6 +44,7 @@ This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/reposito |name|description|default value|already set by| |---|---|---|---| |ACTIVATION_KEY| Name of secret which contains subscription activation key| activation-key| | +|ADDITIONAL_LABELS| Additional key=value labels that should be applied to the image| []| | |ADDITIONAL_SECRET| Name of a secret which will be made available to the build with 'buildah build --secret' at /run/secrets/$ADDITIONAL_SECRET| does-not-exist| | |ADD_CAPABILITIES| Comma separated list of extra capabilities to add when running 'buildah build'| | | |BUILD_ARGS| Array of --build-arg values ("arg=value" strings)| []| '['$(params.build-args[*])']'| diff --git a/pipelines/docker-build/README.md b/pipelines/docker-build/README.md index 19a50c4dd4..61d046f747 100644 --- a/pipelines/docker-build/README.md +++ b/pipelines/docker-build/README.md @@ -44,6 +44,7 @@ This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/reposito |name|description|default value|already set by| |---|---|---|---| |ACTIVATION_KEY| Name of secret which contains subscription activation key| activation-key| | +|ADDITIONAL_LABELS| Additional key=value labels that should be applied to the image| []| | |ADDITIONAL_SECRET| Name of a secret which will be made available to the build with 'buildah build --secret' at /run/secrets/$ADDITIONAL_SECRET| does-not-exist| | |ADD_CAPABILITIES| Comma separated list of extra capabilities to add when running 'buildah build'| | | |BUILD_ARGS| Array of --build-arg values ("arg=value" strings)| []| '['$(params.build-args[*])']'| diff --git a/pipelines/fbc-builder/README.md b/pipelines/fbc-builder/README.md index ed1a7c1876..662d06d224 100644 --- a/pipelines/fbc-builder/README.md +++ b/pipelines/fbc-builder/README.md @@ -42,6 +42,7 @@ This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/reposito |name|description|default value|already set by| |---|---|---|---| |ACTIVATION_KEY| Name of secret which contains subscription activation key| activation-key| | +|ADDITIONAL_LABELS| Additional key=value labels that should be applied to the image| []| | |ADDITIONAL_SECRET| Name of a secret which will be made available to the build with 'buildah build --secret' at /run/secrets/$ADDITIONAL_SECRET| does-not-exist| | |ADD_CAPABILITIES| Comma separated list of extra capabilities to add when running 'buildah build'| | | |BUILD_ARGS| Array of --build-arg values ("arg=value" strings)| []| | diff --git a/task/buildah-oci-ta/0.2/README.md b/task/buildah-oci-ta/0.2/README.md index ff1099db5a..78188c1e9a 100644 --- a/task/buildah-oci-ta/0.2/README.md +++ b/task/buildah-oci-ta/0.2/README.md @@ -9,6 +9,7 @@ When prefetch-dependencies task was activated it is using its artifacts to run b |name|description|default value|required| |---|---|---|---| |ACTIVATION_KEY|Name of secret which contains subscription activation key|activation-key|false| +|ADDITIONAL_LABELS|Additional key=value labels that should be applied to the image|[]|false| |ADDITIONAL_SECRET|Name of a secret which will be made available to the build with 'buildah build --secret' at /run/secrets/$ADDITIONAL_SECRET|does-not-exist|false| |ADD_CAPABILITIES|Comma separated list of extra capabilities to add when running 'buildah build'|""|false| |BUILD_ARGS|Array of --build-arg values ("arg=value" strings)|[]|false| diff --git a/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml b/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml index 133df7524f..3453ff50bd 100644 --- a/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml +++ b/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml @@ -20,6 +20,11 @@ spec: description: Name of secret which contains subscription activation key type: string default: activation-key + - name: ADDITIONAL_LABELS + description: Additional key=value labels that should be applied to the + image + type: string + default: '[]' - name: ADDITIONAL_SECRET description: Name of a secret which will be made available to the build with 'buildah build --secret' at /run/secrets/$ADDITIONAL_SECRET @@ -173,6 +178,8 @@ spec: env: - name: ACTIVATION_KEY value: $(params.ACTIVATION_KEY) + - name: ADDITIONAL_LABELS + value: $(params.ADDITIONAL_LABELS) - name: ADDITIONAL_SECRET value: $(params.ADDITIONAL_SECRET) - name: ADD_CAPABILITIES @@ -383,6 +390,10 @@ spec: [ -n "$COMMIT_SHA" ] && LABELS+=("--label" "vcs-ref=$COMMIT_SHA") [ -n "$IMAGE_EXPIRES_AFTER" ] && LABELS+=("--label" "quay.expires-after=$IMAGE_EXPIRES_AFTER") + for label in $(echo "${ADDITIONAL_LABELS}" | jq -r '.[]'); do + LABELS+=("--label" "$label") + done + ACTIVATION_KEY_PATH="/activation-key" ENTITLEMENT_PATH="/entitlement" diff --git a/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml b/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml index 24743cc0b1..1df37672b0 100644 --- a/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml +++ b/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml @@ -20,6 +20,10 @@ spec: description: Name of secret which contains subscription activation key name: ACTIVATION_KEY type: string + - default: '[]' + description: Additional key=value labels that should be applied to the image + name: ADDITIONAL_LABELS + type: string - default: does-not-exist description: Name of a secret which will be made available to the build with 'buildah build --secret' at /run/secrets/$ADDITIONAL_SECRET @@ -154,6 +158,8 @@ spec: env: - name: ACTIVATION_KEY value: $(params.ACTIVATION_KEY) + - name: ADDITIONAL_LABELS + value: $(params.ADDITIONAL_LABELS) - name: ADDITIONAL_SECRET value: $(params.ADDITIONAL_SECRET) - name: ADD_CAPABILITIES @@ -418,6 +424,10 @@ spec: [ -n "$COMMIT_SHA" ] && LABELS+=("--label" "vcs-ref=$COMMIT_SHA") [ -n "$IMAGE_EXPIRES_AFTER" ] && LABELS+=("--label" "quay.expires-after=$IMAGE_EXPIRES_AFTER") + for label in $(echo "${ADDITIONAL_LABELS}" | jq -r '.[]'); do + LABELS+=("--label" "$label") + done + ACTIVATION_KEY_PATH="/activation-key" ENTITLEMENT_PATH="/entitlement" @@ -483,6 +493,7 @@ spec: ssh $SSH_ARGS "$SSH_HOST" $PORT_FORWARD podman run $PODMAN_PORT_FORWARD \ --tmpfs /run/secrets \ -e ACTIVATION_KEY="$ACTIVATION_KEY" \ + -e ADDITIONAL_LABELS="$ADDITIONAL_LABELS" \ -e ADDITIONAL_SECRET="$ADDITIONAL_SECRET" \ -e ADD_CAPABILITIES="$ADD_CAPABILITIES" \ -e BUILDAH_FORMAT="$BUILDAH_FORMAT" \ diff --git a/task/buildah-remote/0.2/buildah-remote.yaml b/task/buildah-remote/0.2/buildah-remote.yaml index 2d5a682359..6aeb99a8bd 100644 --- a/task/buildah-remote/0.2/buildah-remote.yaml +++ b/task/buildah-remote/0.2/buildah-remote.yaml @@ -115,6 +115,10 @@ spec: stages name: SKIP_UNUSED_STAGES type: string + - default: '[]' + description: Additional key=value labels that should be applied to the image + name: ADDITIONAL_LABELS + type: string - description: The platform to build on name: PLATFORM type: string @@ -181,6 +185,8 @@ spec: value: $(params.SQUASH) - name: SKIP_UNUSED_STAGES value: $(params.SKIP_UNUSED_STAGES) + - name: ADDITIONAL_LABELS + value: $(params.ADDITIONAL_LABELS) - name: BUILDER_IMAGE value: quay.io/konflux-ci/buildah-task:latest@sha256:860a239c5f25376a435a514ae6d53a5c75b1fa492461d17774e9b7cb32d1e275 - name: PLATFORM @@ -400,6 +406,10 @@ spec: [ -n "$COMMIT_SHA" ] && LABELS+=("--label" "vcs-ref=$COMMIT_SHA") [ -n "$IMAGE_EXPIRES_AFTER" ] && LABELS+=("--label" "quay.expires-after=$IMAGE_EXPIRES_AFTER") + for label in $(echo "${ADDITIONAL_LABELS}" | jq -r '.[]'); do + LABELS+=("--label" "$label") + done + ACTIVATION_KEY_PATH="/activation-key" ENTITLEMENT_PATH="/entitlement" @@ -483,6 +493,7 @@ spec: -e ADD_CAPABILITIES="$ADD_CAPABILITIES" \ -e SQUASH="$SQUASH" \ -e SKIP_UNUSED_STAGES="$SKIP_UNUSED_STAGES" \ + -e ADDITIONAL_LABELS="$ADDITIONAL_LABELS" \ -e COMMIT_SHA="$COMMIT_SHA" \ -v "$BUILD_DIR/workspaces/source:$(workspaces.source.path):Z" \ -v "$BUILD_DIR/volumes/shared:/shared:Z" \ diff --git a/task/buildah/0.2/buildah.yaml b/task/buildah/0.2/buildah.yaml index 96561dfd76..dea756ac44 100644 --- a/task/buildah/0.2/buildah.yaml +++ b/task/buildah/0.2/buildah.yaml @@ -103,6 +103,10 @@ spec: description: Whether to skip stages in Containerfile that seem unused by subsequent stages type: string default: "true" + - name: ADDITIONAL_LABELS + description: Additional key=value labels that should be applied to the image + type: string + default: "[]" results: - description: Digest of the image just built @@ -162,6 +166,8 @@ spec: value: $(params.SQUASH) - name: SKIP_UNUSED_STAGES value: $(params.SKIP_UNUSED_STAGES) + - name: ADDITIONAL_LABELS + value: $(params.ADDITIONAL_LABELS) steps: - image: quay.io/konflux-ci/buildah-task:latest@sha256:860a239c5f25376a435a514ae6d53a5c75b1fa492461d17774e9b7cb32d1e275 @@ -320,6 +326,10 @@ spec: [ -n "$COMMIT_SHA" ] && LABELS+=("--label" "vcs-ref=$COMMIT_SHA") [ -n "$IMAGE_EXPIRES_AFTER" ] && LABELS+=("--label" "quay.expires-after=$IMAGE_EXPIRES_AFTER") + for label in $(echo "${ADDITIONAL_LABELS}" | jq -r '.[]'); do + LABELS+=("--label" "$label") + done + ACTIVATION_KEY_PATH="/activation-key" ENTITLEMENT_PATH="/entitlement"