From dde89b397037ff57bc25085b8d1322eb58612252 Mon Sep 17 00:00:00 2001 From: Martin Malina Date: Wed, 30 Oct 2024 20:34:57 +0530 Subject: [PATCH] fix: run create-advisory late in the rh-advisories pipeline (#651) Task `create-advisory` would run after `publish-pyxis-repository` which would ensure it runs late in the pipeline. But with the changes in 1.5.0, `publish-pyxis-repository` runs much earlier now. So make `create-advisory` run after `push-rpm-data-to-pyxis` which is what `publish-pyxis-repository` ran after originally. Also add a few more `runAfter` for create-advisory so it's really running as late as possible. Also, add a few more explicit `runAfter` items to some other tasks to make order more explicit. Signed-off-by: Martin Malina --- pipelines/rh-advisories/README.md | 19 +++++++++++++++++++ pipelines/rh-advisories/rh-advisories.yaml | 9 +++++++-- .../rh-push-to-registry-redhat-io/README.md | 6 ++++++ .../rh-push-to-registry-redhat-io.yaml | 4 +++- 4 files changed, 35 insertions(+), 3 deletions(-) diff --git a/pipelines/rh-advisories/README.md b/pipelines/rh-advisories/README.md index d378978e5..3fdfdc2ea 100644 --- a/pipelines/rh-advisories/README.md +++ b/pipelines/rh-advisories/README.md @@ -23,6 +23,25 @@ the rh-push-to-registry-redhat-io pipeline. | taskGitUrl | The url to the git repo where the release-service-catalog tasks to be used are stored | Yes | https://github.com/konflux-ci/release-service-catalog.git | | taskGitRevision | The revision in the taskGitUrl repo to be used | No | - | +## Changes in 1.5.2 +* Make sure `create-advisory` runs late in the pipeline + * Task `create-advisory` would run after `publish-pyxis-repository` which + would ensure it runs late in the pipeline. But with the changes in 1.5.0, + `publish-pyxis-repository` runs much earlier now. + * So make `create-advisory` + run after `push-rpm-data-to-pyxis` which is what `publish-pyxis-repository` + ran after originally. + * But also, add a few more `runAfter` entries to make it run as late + as possible: + * `run-file-updates` + * `rh-sign-image` + * `rh-sign-image-cosign` +* Make some other tasks' order more explicit + * No functional change, the tasks already depended on the other tasks' + results, but this makes it more explicit (and Tekton PLR UI + is known to show incorrect order when relying on task results only) + + ## Changes in 1.5.1 * Task `publish-pyxis-repository` should only run after `apply-mapping` has completed as it depends on the `repository` value diff --git a/pipelines/rh-advisories/rh-advisories.yaml b/pipelines/rh-advisories/rh-advisories.yaml index b7a80c930..99346a7dc 100644 --- a/pipelines/rh-advisories/rh-advisories.yaml +++ b/pipelines/rh-advisories/rh-advisories.yaml @@ -4,7 +4,7 @@ kind: Pipeline metadata: name: rh-advisories labels: - app.kubernetes.io/version: "1.5.1" + app.kubernetes.io/version: "1.5.2" annotations: tekton.dev/pipelines.minVersion: "0.12.1" tekton.dev/tags: release @@ -309,6 +309,7 @@ spec: runAfter: - verify-enterprise-contract - push-snapshot + - collect-cosign-params - name: push-snapshot retries: 5 when: @@ -398,6 +399,7 @@ spec: - embargo-check - verify-enterprise-contract - publish-pyxis-repository + - extract-requester-from-release - name: create-pyxis-image retries: 5 taskRef: @@ -548,7 +550,10 @@ spec: runAfter: - check-data-keys - embargo-check - - publish-pyxis-repository + - push-rpm-data-to-pyxis + - run-file-updates + - rh-sign-image + - rh-sign-image-cosign - name: update-cr-status params: - name: resource diff --git a/pipelines/rh-push-to-registry-redhat-io/README.md b/pipelines/rh-push-to-registry-redhat-io/README.md index 981ab13ef..a6d13bb4d 100644 --- a/pipelines/rh-push-to-registry-redhat-io/README.md +++ b/pipelines/rh-push-to-registry-redhat-io/README.md @@ -20,6 +20,12 @@ Tekton pipeline to release content to registry.redhat.io registry. | taskGitUrl | The url to the git repo where the release-service-catalog tasks to be used are stored | Yes | https://github.com/konflux-ci/release-service-catalog.git | | taskGitRevision | The revision in the taskGitUrl repo to be used | No | - | +## Changes in 4.5.2 +* Make task order more explicit + * No functional change, the tasks already depended on the other tasks' + results, but this makes it more explicit (and Tekton PLR UI + is known to show incorrect order when relying on task results only) + ## Changes in 4.5.1 * Task `publish-pyxis-repository` should only run after `apply-mapping` has completed as it depends on the `repository` value diff --git a/pipelines/rh-push-to-registry-redhat-io/rh-push-to-registry-redhat-io.yaml b/pipelines/rh-push-to-registry-redhat-io/rh-push-to-registry-redhat-io.yaml index ebc7f36fd..556691939 100644 --- a/pipelines/rh-push-to-registry-redhat-io/rh-push-to-registry-redhat-io.yaml +++ b/pipelines/rh-push-to-registry-redhat-io/rh-push-to-registry-redhat-io.yaml @@ -4,7 +4,7 @@ kind: Pipeline metadata: name: rh-push-to-registry-redhat-io labels: - app.kubernetes.io/version: "4.5.1" + app.kubernetes.io/version: "4.5.2" annotations: tekton.dev/pipelines.minVersion: "0.12.1" tekton.dev/tags: release @@ -264,6 +264,7 @@ spec: workspace: release-workspace runAfter: - push-snapshot + - collect-cosign-params - name: push-snapshot retries: 5 when: @@ -349,6 +350,7 @@ spec: - verify-enterprise-contract - apply-mapping - publish-pyxis-repository + - extract-requester-from-release - name: create-pyxis-image retries: 5 taskRef: