From 534e0ffcdc3b4888941e3bac1a674aa68bcfbceb Mon Sep 17 00:00:00 2001 From: "W. Trevor King" Date: Thu, 1 Dec 2022 10:10:25 -0800 Subject: [PATCH] ci-operator/config/openshift/cincinnati-graph-data: Publish graph-data image We'd removed similar publishing in 45509b1eea (ci-operator/config/openshift: Decouple Cincinnati ecosystem from OpenShift branching, 2022-08-22, #31237). But it turns out some folks are interested in a graph-data image that contains only YAML configuration, even if those images are not produced by Red Hat's internal build system and signed. This commit asks Prow to build and promote a from-scratch graph-data image for those consumers, using the dockerfile_literal approach from [1] and the 'paths' approach from [1,2]. [1]: https://docs.ci.openshift.org/docs/architecture/ci-operator/#building-container-images [2]: https://docs.openshift.com/container-platform/4.11/cicd/builds/creating-build-inputs.html#builds-image-source_creating-build-inputs --- ...penshift-cincinnati-graph-data-master.yaml | 22 ++++ ...cinnati-graph-data-master-postsubmits.yaml | 111 ++++++++++++++++++ 2 files changed, 133 insertions(+) create mode 100644 ci-operator/jobs/openshift/cincinnati-graph-data/openshift-cincinnati-graph-data-master-postsubmits.yaml diff --git a/ci-operator/config/openshift/cincinnati-graph-data/openshift-cincinnati-graph-data-master.yaml b/ci-operator/config/openshift/cincinnati-graph-data/openshift-cincinnati-graph-data-master.yaml index 7f3d7c77638d8..b451f9b633e63 100644 --- a/ci-operator/config/openshift/cincinnati-graph-data/openshift-cincinnati-graph-data-master.yaml +++ b/ci-operator/config/openshift/cincinnati-graph-data/openshift-cincinnati-graph-data-master.yaml @@ -21,6 +21,28 @@ images: to: stable - dockerfile_path: graph-data.rs/Dockerfile to: graphdata-unittests +- dockerfile_literal: |- + FROM scratch + COPY blocked-edges /blocked-edges + COPY channels /channels + COPY raw /raw + USER 1000:1000 + ENV PATH / + ENV HOME / + WORKDIR / + ENTRYPOINT ["/this-image-is-not-executable"] + inputs: + src: + paths: + - destination_dir: . + source_path: /go/src/github.com/openshift/cincinnati-graph-data/. + to: graph-data +promotion: + excluded_images: + - stable + - graphdata-unittests + name: cincinnati-graph-data + namespace: cincinnati-ci-public raw_steps: - pipeline_image_cache_step: commands: | diff --git a/ci-operator/jobs/openshift/cincinnati-graph-data/openshift-cincinnati-graph-data-master-postsubmits.yaml b/ci-operator/jobs/openshift/cincinnati-graph-data/openshift-cincinnati-graph-data-master-postsubmits.yaml new file mode 100644 index 0000000000000..b2fdc29b935f8 --- /dev/null +++ b/ci-operator/jobs/openshift/cincinnati-graph-data/openshift-cincinnati-graph-data-master-postsubmits.yaml @@ -0,0 +1,111 @@ +postsubmits: + openshift/cincinnati-graph-data: + - agent: kubernetes + always_run: true + branches: + - ^master$ + cluster: build01 + decorate: true + decoration_config: + skip_cloning: true + labels: + ci-operator.openshift.io/is-promotion: "true" + ci.openshift.io/generator: prowgen + max_concurrency: 1 + name: branch-ci-openshift-cincinnati-graph-data-master-images + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --image-mirror-push-secret=/etc/push-secret/.dockerconfigjson + - --promote + - --report-credentials-file=/etc/report/credentials + - --target=[images] + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/push-secret + name: push-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: push-secret + secret: + secretName: registry-push-credentials-ci-central + - name: result-aggregator + secret: + secretName: result-aggregator + - agent: kubernetes + always_run: true + branches: + - ^master$ + cluster: arm01 + decorate: true + decoration_config: + skip_cloning: true + labels: + ci-operator.openshift.io/cluster: arm01 + ci-operator.openshift.io/is-promotion: "true" + ci.openshift.io/generator: prowgen + max_concurrency: 1 + name: branch-ci-openshift-cincinnati-graph-data-master-images-arm64 + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --image-mirror-push-secret=/etc/push-secret/.dockerconfigjson + - --promote + - --report-credentials-file=/etc/report/credentials + - --target=[images] + command: + - ci-operator + image: registry.arm-build01.arm-build.devcluster.openshift.com/ci-arm64/ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/push-secret + name: push-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: push-secret + secret: + secretName: registry-push-credentials-ci-central + - name: result-aggregator + secret: + secretName: result-aggregator