controllers

package
v0.0.0-...-f2ddc2e Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 18, 2024 License: Apache-2.0 Imports: 56 Imported by: 2

Documentation

Index

Constants

View Source 
const (
	BuildRequestAnnotationName                  = "build.appstudio.openshift.io/request"
	BuildRequestTriggerPaCBuildAnnotationValue  = "trigger-pac-build"
	BuildRequestConfigurePaCAnnotationValue     = "configure-pac"
	BuildRequestConfigurePaCNoMrAnnotationValue = "configure-pac-no-mr"
	BuildRequestUnconfigurePaCAnnotationValue   = "unconfigure-pac"

	BuildStatusAnnotationName = "build.appstudio.openshift.io/status"

	PaCProvisionFinalizer            = "pac.component.appstudio.openshift.io/finalizer"
	ImageRegistrySecretLinkFinalizer = "image-registry-secret-sa-link.component.appstudio.openshift.io/finalizer"

	ApplicationNameLabelName  = "appstudio.openshift.io/application"
	ComponentNameLabelName    = "appstudio.openshift.io/component"
	PartOfLabelName           = "app.kubernetes.io/part-of"
	PartOfAppStudioLabelValue = "appstudio"
)
View Source 
const (
	PipelineRunOnPRExpirationEnvVar  = "IMAGE_TAG_ON_PR_EXPIRATION"
	PipelineRunOnPRExpirationDefault = "5d"

	// Annotation that specifies git provider id for self hosted SCM instances, e.g. github or gitlab.
	GitProviderAnnotationName = "git-provider"
	GitProviderAnnotationURL  = "git-provider-url"
)
View Source 
const (

	// PipelineRunTypeLabelName contains the type of the PipelineRunType
	PipelineRunTypeLabelName = "pipelines.appstudio.openshift.io/type"
	// PipelineRunBuildType is the type denoting a build PipelineRun.
	PipelineRunBuildType = "build"
	// PacEventTypeAnnotationName represents the current event type
	PacEventTypeAnnotationName = "pipelinesascode.tekton.dev/event-type"
	PacEventPushType           = "push"
	PacEventIncomingType       = "incoming"
	ImageUrlParamName          = "IMAGE_URL"
	ImageDigestParamName       = "IMAGE_DIGEST"

	NudgeProcessedAnnotationName = "build.appstudio.openshift.io/component-nudge-processed"
	NudgeFinalizer               = "build.appstudio.openshift.io/build-nudge-finalizer"
	FailureCountAnnotationName   = "build.appstudio.openshift.io/build-nudge-failures"
	NudgeFilesAnnotationName     = "build.appstudio.openshift.io/build-nudge-files"

	ComponentNudgedEventType      = "ComponentNudged"
	ComponentNudgeFailedEventType = "ComponentNudgeFailed"
	MaxAttempts                   = 3
	KubeApiUpdateMaxAttempts      = 5

	FailureRetryTime  = time.Minute * 5 // We retry after 5 minutes on failure
	DefaultNudgeFiles = ".*Dockerfile.*, .*.yaml, .*Containerfile.*"
)
View Source 
const (
	RenovateImageEnvName    = "RENOVATE_IMAGE"
	DefaultRenovateImageUrl = "quay.io/konflux-ci/mintmaker-renovate-image:cdbc220"
	DefaultRenovateUser     = "red-hat-konflux"
	CaConfigMapLabel        = "config.openshift.io/inject-trusted-cabundle"
	CaConfigMapKey          = "ca-bundle.crt"
	CaFilePath              = "tls-ca-bundle.pem"
	CaMountPath             = "/etc/pki/ca-trust/extracted/pem"
	CaVolumeMountName       = "trusted-ca"
)

Variables

View Source 
var DisableAllPackageRules = PackageRule{MatchPackagePatterns: []string{"*"}, Enabled: false}
View Source 
var GenerateRenovateConfigForNudge func(target updateTarget, buildResult *BuildResult) (RenovateConfig, error) = generateRenovateConfigForNudge
View Source 
var GetHttpClientFunction = getHttpClient

That way it can be mocked in tests

Functions

func GetComponentFromPipelineRun 

func GetComponentFromPipelineRun(c client.Client, ctx context.Context, pipelineRun *tektonapi.PipelineRun) (*applicationapi.Component, error)

GetComponentFromPipelineRun loads from the cluster the Component referenced in the given PipelineRun. If the PipelineRun doesn't specify a Component we return nil, if the component is not specified we return an error

func GetMatchedCredentialForImageRepository 

func GetMatchedCredentialForImageRepository(ctx context.Context, outputImage string, imageRepoSecrets []RepositoryCredentials) (string, string, error)

GetMatchedCredentialForImageRepository returns credentials for image repository it is trying to search for credential for the given image repository from all provided credentials first it tries to find exact repo match then it tries to find the best (the longest) partial match

func IsBuildPushPipelineRun 

func IsBuildPushPipelineRun(object client.Object) bool

Types

type BuildPipeline 

type BuildPipeline struct {
	Name             string   `json:"name,omitempty"`
	Bundle           string   `json:"bundle,omitempty"`
	AdditionalParams []string `json:"additional-params,omitempty"`
}

type BuildResult 

type BuildResult struct {
	BuiltImageRepository     string
	BuiltImageTag            string
	Digest                   string
	DistributionRepositories []string
	FileMatches              string
	Component                *applicationapi.Component
}

type BuildStatus 

type BuildStatus struct {
	PaC *PaCBuildStatus `json:"pac,omitempty"`
	// Shows build methods agnostic messages, e.g. invalid build request.
	Message string `json:"message,omitempty"`
}

type ComponentBuildReconciler 

type ComponentBuildReconciler struct {
	Client             client.Client
	Scheme             *runtime.Scheme
	EventRecorder      record.EventRecorder
	CredentialProvider *k8s.GitCredentialProvider
	WebhookURLLoader   webhook.WebhookURLLoader
}

ComponentBuildReconciler watches AppStudio Component objects in order to provision Pipelines as Code configuration for the Component or submit initial builds and dependent resources if PaC is not configured.

func (*ComponentBuildReconciler) ConfigureRepositoryForPaC 

func (r *ComponentBuildReconciler) ConfigureRepositoryForPaC(ctx context.Context, component *appstudiov1alpha1.Component, pacConfig map[string][]byte, webhookTargetUrl, webhookSecret string) (prUrl string, err error)

ConfigureRepositoryForPaC creates a merge request with initial Pipelines as Code configuration and configures a webhook to notify in-cluster PaC unless application (on the repository side) is used.

func (*ComponentBuildReconciler) GetBuildPipelineFromComponentAnnotation 

func (r *ComponentBuildReconciler) GetBuildPipelineFromComponentAnnotation(ctx context.Context, component *appstudiov1alpha1.Component) (*tektonapi.PipelineRef, []string, error)

GetBuildPipelineFromComponentAnnotation parses pipeline annotation on component and returns build pipeline

func (*ComponentBuildReconciler) ProvisionPaCForComponent 

func (r *ComponentBuildReconciler) ProvisionPaCForComponent(ctx context.Context, component *appstudiov1alpha1.Component) (string, error)

ProvisionPaCForComponent does Pipelines as Code provision for the given component. Mainly, it creates PaC configuration merge request into the component source repositotiry. If GitHub PaC application is not configured, creates a webhook for PaC.

func (*ComponentBuildReconciler) Reconcile 

func (r *ComponentBuildReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

func (*ComponentBuildReconciler) SetDefaultBuildPipelineComponentAnnotation 

func (r *ComponentBuildReconciler) SetDefaultBuildPipelineComponentAnnotation(ctx context.Context, component *appstudiov1alpha1.Component) error

SetDefaultBuildPipelineComponentAnnotation sets default build pipeline to component pipeline annotation

func (*ComponentBuildReconciler) SetupWithManager 

func (r *ComponentBuildReconciler) SetupWithManager(mgr ctrl.Manager) error

SetupWithManager sets up the controller with the Manager.

func (*ComponentBuildReconciler) TriggerPaCBuild 

func (r *ComponentBuildReconciler) TriggerPaCBuild(ctx context.Context, component *appstudiov1alpha1.Component) (bool, error)

func (*ComponentBuildReconciler) UnconfigureRepositoryForPaC 

func (r *ComponentBuildReconciler) UnconfigureRepositoryForPaC(ctx context.Context, component *appstudiov1alpha1.Component, pacConfig map[string][]byte, webhookTargetUrl string) (baseBranch string, prUrl string, action string, err error)

UnconfigureRepositoryForPaC creates a merge request that deletes Pipelines as Code configuration of the diven component in its repository. Deletes PaC webhook if it's used. Does not delete PaC GitHub application from the repository as its installation was done manually by the user. Returns merge request web URL or empty string if it's not needed.

func (*ComponentBuildReconciler) UndoPaCProvisionForComponent 

func (r *ComponentBuildReconciler) UndoPaCProvisionForComponent(ctx context.Context, component *appstudiov1alpha1.Component) (string, error)

UndoPaCProvisionForComponent creates merge request that removes Pipelines as Code configuration from component source repository. Deletes PaC webhook if used. In case of any errors just logs them and does not block Component deletion.

func (*ComponentBuildReconciler) WaitForCacheUpdate 

func (r *ComponentBuildReconciler) WaitForCacheUpdate(ctx context.Context, namespace types.NamespacedName, component *appstudiov1alpha1.Component)

type ComponentDependenciesUpdater 

type ComponentDependenciesUpdater struct {
	Client             client.Client
	Scheme             *runtime.Scheme
	EventRecorder      record.EventRecorder
	CredentialProvider *k8s.GitCredentialProvider
}

func NewComponentDependenciesUpdater 

func NewComponentDependenciesUpdater(client client.Client, scheme *runtime.Scheme, eventRecorder record.EventRecorder) *ComponentDependenciesUpdater

func (ComponentDependenciesUpdater) CreateRenovaterPipeline 

func (u ComponentDependenciesUpdater) CreateRenovaterPipeline(ctx context.Context, namespace string, targets []updateTarget, debug bool, buildResult *BuildResult) error

CreateRenovaterPipeline will create a renovate pipeline in the user namespace, to update component dependencies. The reasons for using a pipeline in the component namespace instead of a Job in the system namespace is as follows: - The user namespace has direct access to secrets to allow updating private images - Job's are removed after a timeout, so lots of nudges in a short period could make the namespace unusable due to pod Quota, while pipelines are pruned much more aggressively - Users can view the results of pipelines and the results are stored, making debugging much easier - Tekton automatically provides docker config from linked service accounts for private images, with a job I would need to implement this manually

Warning: the installation token used here should only be scoped to the individual repositories being updated

func (ComponentDependenciesUpdater) GetUpdateTargetsBasicAuth 

func (u ComponentDependenciesUpdater) GetUpdateTargetsBasicAuth(ctx context.Context, componentList []v1alpha1.Component, imageRepositoryHost, imageRepositoryUsername, imageRepositoryPassword string) []updateTarget

GetUpdateTargetsBasicAuth This method returns targets for components based on basic auth

func (ComponentDependenciesUpdater) GetUpdateTargetsGithubApp 

func (u ComponentDependenciesUpdater) GetUpdateTargetsGithubApp(ctx context.Context, componentList []v1alpha1.Component, imageRepositoryHost, imageRepositoryUsername, imageRepositoryPassword string) []updateTarget

GetUpdateTargetsGithubApp This method returns targets for components based on github app

type ComponentDependencyUpdateReconciler 

type ComponentDependencyUpdateReconciler struct {
	Client                       client.Client
	ApiReader                    client.Reader
	Scheme                       *runtime.Scheme
	EventRecorder                record.EventRecorder
	ComponentDependenciesUpdater ComponentDependenciesUpdater
}

ComponentDependencyUpdateReconciler reconciles a PipelineRun object

func (*ComponentDependencyUpdateReconciler) Reconcile 

func (r *ComponentDependencyUpdateReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

The following line for configmaps is informational, the actual permissions are defined in component_build_controller. +kubebuilder:rbac:groups=core,resources=configmaps,verbs=create;get;list;watch;update;patch;delete +kubebuilder:rbac:groups=appstudio.redhat.com,resources=components,verbs=get;list;watch;update;patch +kubebuilder:rbac:groups=appstudio.redhat.com,resources=components/status,verbs=get;list;watch +kubebuilder:rbac:groups=tekton.dev,resources=pipelineruns,verbs=get;list;watch;create;update;patch;delete;deletecollection +kubebuilder:rbac:groups=tekton.dev,resources=pipelineruns/status,verbs=get;update;patch +kubebuilder:rbac:groups=tekton.dev,resources=pipelineruns/finalizers,verbs=update +kubebuilder:rbac:groups="",resources=events,verbs=create;patch

func (*ComponentDependencyUpdateReconciler) SetupWithManager 

func (r *ComponentDependencyUpdateReconciler) SetupWithManager(manager ctrl.Manager) error

SetupController creates a new Integration reconciler and adds it to the Manager.

type CustomManager 

type CustomManager struct {
	FileMatch            []string `json:"fileMatch,omitempty"`
	CustomType           string   `json:"customType"`
	DatasourceTemplate   string   `json:"datasourceTemplate"`
	MatchStrings         []string `json:"matchStrings"`
	CurrentValueTemplate string   `json:"currentValueTemplate"`
	DepNameTemplate      string   `json:"depNameTemplate"`
}

type ErrorInfo 

type ErrorInfo struct {
	ErrId      int    `json:"error-id,omitempty"`
	ErrMessage string `json:"error-message,omitempty"`
}

Describes persistent error for build request.

type PaCBuildStatus 

type PaCBuildStatus struct {
	// State shows if PaC is used.
	// Values are: enabled, disabled.
	State string `json:"state,omitempty"`
	// Contains link to PaC provision / unprovision pull request
	MergeUrl string `json:"merge-url,omitempty"`
	// Time of the last successful PaC configuration in RFC1123 format
	ConfigurationTime string `json:"configuration-time,omitempty"`

	ErrorInfo
}

type PaCPipelineRunPrunerReconciler 

type PaCPipelineRunPrunerReconciler struct {
	Client        client.Client
	Scheme        *runtime.Scheme
	EventRecorder record.EventRecorder
}

PaCPipelineRunPrunerReconciler watches AppStudio Component object in order to clean up running PipelineRuns created by Pipeline-as-Code when the Component gets deleted.

func (*PaCPipelineRunPrunerReconciler) PrunePipelineRuns 

func (r *PaCPipelineRunPrunerReconciler) PrunePipelineRuns(ctx context.Context, req ctrl.Request) error

PrunePipelineRuns deletes PipelineRuns, if any, assocoated with the given Component.

func (*PaCPipelineRunPrunerReconciler) Reconcile 

func (r *PaCPipelineRunPrunerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

func (*PaCPipelineRunPrunerReconciler) SetupWithManager 

func (r *PaCPipelineRunPrunerReconciler) SetupWithManager(mgr ctrl.Manager) error

SetupWithManager sets up the controller with the Manager.

type PackageRule 

type PackageRule struct {
	MatchPackagePatterns []string `json:"matchPackagePatterns,omitempty"`
	MatchPackageNames    []string `json:"matchPackageNames,omitempty"`
	GroupName            string   `json:"groupName,omitempty"`
	BranchName           string   `json:"branchName,omitempty"`
	CommitMessageTopic   string   `json:"commitMessageTopic,omitempty"`
	PRFooter             string   `json:"prFooter,omitempty"`
	RecreateWhen         string   `json:"recreateWhen,omitempty"`
	RebaseWhen           string   `json:"rebaseWhen,omitempty"`
	Enabled              bool     `json:"enabled"`
	FollowTag            string   `json:"followTag,omitempty"`
}

type RenovateConfig 

type RenovateConfig struct {
	GitProvider         string               `json:"platform"`
	Username            string               `json:"username"`
	GitAuthor           string               `json:"gitAuthor"`
	Onboarding          bool                 `json:"onboarding"`
	RequireConfig       string               `json:"requireConfig"`
	Repositories        []renovateRepository `json:"repositories"`
	EnabledManagers     []string             `json:"enabledManagers"`
	Endpoint            string               `json:"endpoint"`
	CustomManagers      []CustomManager      `json:"customManagers,omitempty"`
	RegistryAliases     map[string]string    `json:"registryAliases,omitempty"`
	PackageRules        []PackageRule        `json:"packageRules,omitempty"`
	ForkProcessing      string               `json:"forkProcessing"`
	Extends             []string             `json:"extends"`
	DependencyDashboard bool                 `json:"dependencyDashboard"`
	Labels              []string             `json:"labels"`
}

type RepositoryConfigAuth 

type RepositoryConfigAuth struct {
	Username string `json:"username,omitempty"`
	Password string `json:"password,omitempty"`
	Email    string `json:"email,omitempty"`
	Auth     string `json:"auth,omitempty"`
}

type RepositoryCredentials 

type RepositoryCredentials struct {
	SecretName string
	RepoName   string
	UserName   string
	Password   string
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.