From 8d2ba3476a59ee4e0f89cd07f0956ba9773b8a85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ra=C3=BAl=20Hern=C3=A1ndez?= Date: Wed, 29 Oct 2025 12:22:16 +0100 Subject: [PATCH 1/2] Introduce 'run-opm-command' in the fbc pipeline --- .konflux/Dockerfile.catalog | 29 ++------ .konflux/catalog/catalog-idms.yaml | 11 +++ .tekton/fbc-pipeline.yaml | 67 ++++++++++++++++++- ...fecycle-manager-fbc-4-21-pull-request.yaml | 3 +- ...aware-lifecycle-manager-fbc-4-21-push.yaml | 3 +- Makefile | 6 +- 6 files changed, 87 insertions(+), 32 deletions(-) create mode 100644 .konflux/catalog/catalog-idms.yaml diff --git a/.konflux/Dockerfile.catalog b/.konflux/Dockerfile.catalog index cfde90a0f..9b36d9c62 100644 --- a/.konflux/Dockerfile.catalog +++ b/.konflux/Dockerfile.catalog @@ -3,37 +3,18 @@ ARG OPM_IMAGE=registry.redhat.io/openshift4/ose-operator-registry-rhel9:v4.20 # CNF-18555: When there is a Konflux build available for this then we need to update from the brew image ARG BUILDER_IMAGE=brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_9_golang_1.24 -# build the catalog +# fix the catalog (talm exclusive, naming issue) FROM ${BUILDER_IMAGE} AS builder -# create dir structure to generate the catalog -RUN mkdir -p /app/hack /app/.konflux/catalog +# create dir structure to fix the catalog +RUN mkdir -p /app/.konflux/catalog COPY Makefile /app COPY .konflux/catalog/ /app/.konflux/catalog/ -COPY telco5g-konflux /app/telco5g-konflux - # we need to copy the vendor/ folder as the Makefile depends on it COPY vendor/ /app/vendor/ -# generate the catalog - -# debug -RUN echo "root dir" && ls -lra $HOME - WORKDIR /app -RUN --mount=type=secret,id=telco-5g-redhat-pull-secret/.dockerconfigjson \ - mkdir -p $HOME/.docker/ && \ - cp /run/secrets/telco-5g-redhat-pull-secret/.dockerconfigjson $HOME/.docker/config.json - -# debug -RUN echo "run secrets" && ls -lra /run/secrets/ && echo "docker dir" && ls -lra $HOME/.docker/ && cat $HOME/.docker/config.json - -ENV REGISTRY_AUTH_FILE=$HOME/.docker/config.json - -# The Konflux build is not hermetic so it will download the tools (opm, yq, etc) automatically -# Konflux will externally sync the submodules so we can skip it here -RUN SKIP_SUBMODULE_SYNC=yes make konflux-generate-catalog-production && \ - rm -f $HOME/.docker/config.json +RUN SKIP_SUBMODULE_SYNC=yes make konflux-fix-catalog-name # run the catalog FROM ${OPM_IMAGE} @@ -44,6 +25,8 @@ CMD ["serve", "/configs", "--cache-dir=/tmp/cache"] # ensure this correponds to olm.package name ENV PACKAGE_NAME=topology-aware-lifecycle-manager +# This assumes that the catalog is already built and exists in the .konflux/catalog/$PACKAGE_NAME directory +# This should be done automatically by the fbc pipeline using the `run-opm-command` task COPY --from=builder /app/.konflux/catalog/$PACKAGE_NAME/ /configs/$PACKAGE_NAME # RUN ["/bin/opm", "validate", "/configs/topology-aware-lifecycle-manager"] RUN ["/bin/opm", "serve", "/configs", "--cache-dir=/tmp/cache", "--cache-only"] diff --git a/.konflux/catalog/catalog-idms.yaml b/.konflux/catalog/catalog-idms.yaml new file mode 100644 index 000000000..35056aa95 --- /dev/null +++ b/.konflux/catalog/catalog-idms.yaml @@ -0,0 +1,11 @@ +--- +# We use this IDMS to map the quay.io build to registry.redhat.io in the catalog.json post rendering +apiVersion: config.openshift.io/v1 +kind: ImageDigestMirrorSet +metadata: + name: catalog-idms +spec: + imageDigestMirrors: + - mirrors: + - quay.io/redhat-user-workloads/telco-5g-tenant/topology-aware-lifecycle-manager-bundle-4-21 + source: registry.redhat.io/openshift4/topology-aware-lifecycle-manager-operator-bundle diff --git a/.tekton/fbc-pipeline.yaml b/.tekton/fbc-pipeline.yaml index 2ec38e80f..f1da3cf94 100644 --- a/.tekton/fbc-pipeline.yaml +++ b/.tekton/fbc-pipeline.yaml @@ -148,18 +148,78 @@ spec: workspaces: - name: basic-auth workspace: git-auth + - name: run-opm-pre-actions + params: + - name: ociStorage + value: $(params.output-image).script + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) + - name: SCRIPT_RUNNER_IMAGE + value: quay.io/konflux-ci/yq:latest + # update catalog template + - name: SCRIPT + value: ./telco5g-konflux/scripts/catalog/konflux-update-catalog-template.sh --set-catalog-template-input-file .konflux/catalog/catalog-template.in.yaml --set-bundle-builds-file .konflux/catalog/bundle.builds.in.yaml + - name: HERMETIC + value: $(params.hermetic) + - name: SOURCE_ARTIFACT + value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + runAfter: + - clone-repository + taskRef: + params: + - name: name + value: run-script-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-run-script-oci-ta:0.1@sha256:834a934f1e631a79aea7f2d001162cf90086e664e648c8ca15b69ad9798571ee + - name: kind + value: task + resolver: bundles + - name: run-opm-command + params: + - name: SOURCE_ARTIFACT + value: $(tasks.run-opm-pre-actions.results.SCRIPT_ARTIFACT) + - name: ociStorage + value: $(params.output-image).opm + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) + - name: OPM_ARGS + value: + - alpha + - render-template + - basic + # arg for OCP 4.17 and newer + - "--migrate-level=bundle-object-to-csv-metadata" + - ".konflux/catalog/catalog-template.in.yaml" + - name: OPM_OUTPUT_PATH + value: ".konflux/catalog/topology-aware-lifecycle-manager/catalog.json" + # replace catalog.json pullspecs with idms config + - name: IDMS_PATH + value: ".konflux/catalog/catalog-idms.yaml" + - name: FILE_TO_UPDATE_PULLSPEC + value: ".konflux/catalog/topology-aware-lifecycle-manager/catalog.json" + runAfter: + - run-opm-pre-actions + taskRef: + params: + - name: name + value: run-opm-command-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-run-opm-command-oci-ta:0.1@sha256:4ab5dba35166a976c3d6293913501fdfc79a3222395388fc6208641ab8bc9359 + - name: kind + value: task + resolver: bundles - name: prefetch-dependencies params: - name: input value: $(params.prefetch-input) - name: SOURCE_ARTIFACT - value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + value: $(tasks.run-opm-command.results.SOURCE_ARTIFACT) - name: ociStorage value: $(params.output-image).prefetch - name: ociArtifactExpiresAfter value: $(params.image-expires-after) runAfter: - - clone-repository + - run-opm-command taskRef: params: - name: name @@ -202,6 +262,9 @@ spec: value: $(params.build-args-file) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: ADDITIONAL_BASE_IMAGES + value: + - $(tasks.run-opm-pre-actions.results.SCRIPT_RUNNER_IMAGE_REFERENCE) - name: CACHI2_ARTIFACT value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - name: IMAGE_APPEND_PLATFORM diff --git a/.tekton/topology-aware-lifecycle-manager-fbc-4-21-pull-request.yaml b/.tekton/topology-aware-lifecycle-manager-fbc-4-21-pull-request.yaml index f1216c3ac..d3e00bfd1 100644 --- a/.tekton/topology-aware-lifecycle-manager-fbc-4-21-pull-request.yaml +++ b/.tekton/topology-aware-lifecycle-manager-fbc-4-21-pull-request.yaml @@ -47,9 +47,8 @@ spec: value: .konflux/container_build_args.conf - name: additional-tags value: [] - # We have configured an fbc exception for hermetic builds on the release repo. - name: hermetic - value: "false" + value: "true" pipelineRef: name: fbc-pipeline taskRunTemplate: diff --git a/.tekton/topology-aware-lifecycle-manager-fbc-4-21-push.yaml b/.tekton/topology-aware-lifecycle-manager-fbc-4-21-push.yaml index 1ffa7c84d..7c5cd0eec 100644 --- a/.tekton/topology-aware-lifecycle-manager-fbc-4-21-push.yaml +++ b/.tekton/topology-aware-lifecycle-manager-fbc-4-21-push.yaml @@ -44,9 +44,8 @@ spec: value: .konflux/container_build_args.conf - name: additional-tags value: ["latest"] - # We have configured an fbc exception for hermetic builds on the release repo. - name: hermetic - value: "false" + value: "true" pipelineRef: name: fbc-pipeline taskRunTemplate: diff --git a/Makefile b/Makefile index 6175090aa..4fb2eaf19 100644 --- a/Makefile +++ b/Makefile @@ -86,7 +86,7 @@ CRD_OPTIONS ?= "crd" PACKAGE_NAME_KONFLUX = topology-aware-lifecycle-manager CATALOG_TEMPLATE_KONFLUX_INPUT = .konflux/catalog/catalog-template.in.yaml CATALOG_TEMPLATE_KONFLUX_OUTPUT = .konflux/catalog/catalog-template.out.yaml -CATALOG_KONFLUX = .konflux/catalog/$(PACKAGE_NAME_KONFLUX)/catalog.yaml +CATALOG_KONFLUX = .konflux/catalog/$(PACKAGE_NAME_KONFLUX)/catalog.json # Konflux bundle image configuration BUNDLE_NAME_SUFFIX = bundle-4-21 @@ -566,9 +566,9 @@ sync-git-submodules: .PHONY: konflux-fix-catalog-name konflux-fix-catalog-name: ## Fix catalog package name for TALM if [ "$$(uname)" = "Darwin" ]; then \ - sed -i '' 's/cluster-group-upgrades-operator/topology-aware-lifecycle-manager/g' .konflux/catalog/$(PACKAGE_NAME_KONFLUX)/catalog.yaml; \ + sed -i '' 's/cluster-group-upgrades-operator/topology-aware-lifecycle-manager/g' $(CATALOG_KONFLUX); \ else \ - sed -i 's/cluster-group-upgrades-operator/topology-aware-lifecycle-manager/g' .konflux/catalog/$(PACKAGE_NAME_KONFLUX)/catalog.yaml; \ + sed -i 's/cluster-group-upgrades-operator/topology-aware-lifecycle-manager/g' $(CATALOG_KONFLUX); \ fi .PHONY: konflux-validate-catalog-template-bundle From 5e4275379a021d8581ee718f9dc9e809a8114055 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ra=C3=BAl=20Hern=C3=A1ndez?= Date: Mon, 24 Nov 2025 15:23:13 +0100 Subject: [PATCH 2/2] Add catalog format management --- .konflux/catalog/.gitignore | 3 ++- Makefile | 7 +++++-- telco5g-konflux | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.konflux/catalog/.gitignore b/.konflux/catalog/.gitignore index f4bc0e4b6..487ae2af2 100644 --- a/.konflux/catalog/.gitignore +++ b/.konflux/catalog/.gitignore @@ -1,2 +1,3 @@ -topology-aware-lifecycle-manager/catalog.yaml catalog-template.out.yaml +topology-aware-lifecycle-manager/catalog.yaml +topology-aware-lifecycle-manager/catalog.json diff --git a/Makefile b/Makefile index 4fb2eaf19..bac5842d8 100644 --- a/Makefile +++ b/Makefile @@ -86,7 +86,8 @@ CRD_OPTIONS ?= "crd" PACKAGE_NAME_KONFLUX = topology-aware-lifecycle-manager CATALOG_TEMPLATE_KONFLUX_INPUT = .konflux/catalog/catalog-template.in.yaml CATALOG_TEMPLATE_KONFLUX_OUTPUT = .konflux/catalog/catalog-template.out.yaml -CATALOG_KONFLUX = .konflux/catalog/$(PACKAGE_NAME_KONFLUX)/catalog.json +CATALOG_OUTPUT_FORMAT = json +CATALOG_KONFLUX = .konflux/catalog/$(PACKAGE_NAME_KONFLUX)/catalog.$(CATALOG_OUTPUT_FORMAT) # Konflux bundle image configuration BUNDLE_NAME_SUFFIX = bundle-4-21 @@ -211,7 +212,7 @@ unittests: pre-cache-unit-test rm -f recovery-coverage.out; \ fi @echo "Coverage report generated: coverage.out" - + .PHONY: common-deps-update common-deps-update: controller-gen kustomize go mod tidy @@ -592,6 +593,7 @@ konflux-generate-catalog: sync-git-submodules yq opm ## generate a quay.io catal CATALOG_TEMPLATE_KONFLUX_INPUT=$(PROJECT_DIR)/$(CATALOG_TEMPLATE_KONFLUX_INPUT) \ CATALOG_TEMPLATE_KONFLUX_OUTPUT=$(PROJECT_DIR)/$(CATALOG_TEMPLATE_KONFLUX_OUTPUT) \ CATALOG_KONFLUX=$(PROJECT_DIR)/$(CATALOG_KONFLUX) \ + CATALOG_OUTPUT_FORMAT=$(CATALOG_OUTPUT_FORMAT) \ PACKAGE_NAME_KONFLUX=$(PACKAGE_NAME_KONFLUX) \ BUNDLE_BUILDS_FILE=$(PROJECT_DIR)/.konflux/catalog/bundle.builds.in.yaml \ OPM=$(OPM) \ @@ -605,6 +607,7 @@ konflux-generate-catalog-production: sync-git-submodules yq opm ## generate a re CATALOG_TEMPLATE_KONFLUX_INPUT=$(PROJECT_DIR)/$(CATALOG_TEMPLATE_KONFLUX_INPUT) \ CATALOG_TEMPLATE_KONFLUX_OUTPUT=$(PROJECT_DIR)/$(CATALOG_TEMPLATE_KONFLUX_OUTPUT) \ CATALOG_KONFLUX=$(PROJECT_DIR)/$(CATALOG_KONFLUX) \ + CATALOG_OUTPUT_FORMAT=$(CATALOG_OUTPUT_FORMAT) \ PACKAGE_NAME_KONFLUX=$(PACKAGE_NAME_KONFLUX) \ BUNDLE_NAME_SUFFIX=$(BUNDLE_NAME_SUFFIX) \ PRODUCTION_BUNDLE_NAME=$(PRODUCTION_BUNDLE_NAME) \ diff --git a/telco5g-konflux b/telco5g-konflux index a3d90721b..01c334c31 160000 --- a/telco5g-konflux +++ b/telco5g-konflux @@ -1 +1 @@ -Subproject commit a3d90721bf11b308a5f916d49c293bc09e03828d +Subproject commit 01c334c3144684789edab99f5a20a52eb171eac4