SRVKP-6439 : Implement s3 provide for cache step action

SRVKP-6439 : Add Vendor Directory SRVKP-6439 : Encapsualte S3 Provider FixLint SRVKP-6439 : FixLint SRVKP-6439 : FixLint SRVKP-6439 : FixLint SRVKP-6439 : FixLint Fix Lint
openshift-pipelines · Sep 26, 2024 · 4016f76 · 4016f76
1 parent 25e44c5
commit 4016f76
Show file tree

Hide file tree

Showing 584 changed files with 166,319 additions and 5 deletions.
diff --git a/dev/install.sh b/dev/install.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+
+kubectl patch configmap -n tekton-pipelines --type merge -p '{"data":{"enable-step-actions": "true"}}' feature-flags
+
+kubectl create secret generic regcred \
+        --from-file=config.json=${HOME}/.docker/config.json
+
+
diff --git a/dev/pipeline/pipeline.yaml b/dev/pipeline/pipeline.yaml
@@ -0,0 +1,108 @@
+---
+apiVersion: tekton.dev/v1
+kind: Pipeline
+metadata:
+  name: pipeline
+spec:
+  params:
+    - name: repo_url
+      type: string
+    - name: revision
+      type: string
+    - name: registry
+      type: string
+    - name: buildCommand
+      type: string
+      default: go build -v .
+    - name: cachePatterns
+      type: array
+      default: [ "**go.mod", "**go.sum" ]
+    - name: image
+      type: string
+      default: golang:latest
+    - name: force-cache-upload
+      type: string
+      default: "false"
+  workspaces:
+    - name: source
+    - name: cred
+  tasks:
+    - displayName: Build go application
+      name: build-task
+      workspaces:
+        - name: source
+          workspace: source
+      taskSpec:
+        workspaces:
+          - name: source
+          - name: cred
+        params:
+          - name: buildCommand
+            default: $(params.buildCommand)
+          - name: cachePatterns
+            default: $(params.cachePatterns)
+          - name: image
+            default: $(params.image)
+        steps:
+          - name: create-repo
+            image: $(params.image)
+            script: |
+              mkdir -p $(workspaces.source.path)/repo
+              chmod 777 $(workspaces.source.path)/repo
+          - name: fetch-repo
+            ref:
+              resolver: http
+              params:
+                - name: url
+                  value: https://raw.githubusercontent.com/tektoncd/catalog/main/stepaction/git-clone/0.1/git-clone.yaml
+            params:
+              - name: output-path
+                value: $(workspaces.source.path)/repo
+              - name: url
+                value: $(params.repo_url)
+              - name: revision
+                value: $(params.revision)
+          - name: cache-fetch
+            ref:
+              name: cache-fetch
+            params:
+              - name: patterns
+                value: $(params.cachePatterns)
+              - name: source
+                value: $(params.registry)/cache-go:{{hash}}
+              - name: cachePath
+                value: $(workspaces.source.path)/cache
+              - name: workingdir
+                value: $(workspaces.source.path)/repo
+              - name: cred-store
+                value: $(workspaces.cred.path)
+
+          - name: run-go-build
+            workingDir: $(workspaces.source.path)/repo
+            image: $(params.image)
+            env:
+              - name: GOCACHE
+                value: $(workspaces.source.path)/cache/gocache
+              - name: GOMODCACHE
+                value: $(workspaces.source.path)/cache/gomodcache
+            script: |
+              set -x
+              git config --global --add safe.directory $(workspaces.source.path)/repo
+              $(params.buildCommand)
+              echo "Cache size is $(du -sh $(workspaces.source.path)/cache)"
+          - name: cache-upload
+            ref:
+              name: cache-upload
+            params:
+              - name: patterns
+                value: $(params.cachePatterns)
+              - name: target
+                value: $(params.registry)/cache-go:{{hash}}
+              - name: cachePath
+                value: $(workspaces.source.path)/cache
+              - name: workingdir
+                value: $(workspaces.source.path)/repo
+              - name: cred-store
+                value: $(workspaces.cred.path)
+              - name: force-cache-upload
+                value: $(params.force-cache-upload)
diff --git a/dev/pr/pipelinerun-oci.yaml b/dev/pr/pipelinerun-oci.yaml
@@ -0,0 +1,26 @@
+---
+apiVersion: tekton.dev/v1
+kind: PipelineRun
+metadata:
+  generateName: pipelinerun-oci-
+spec:
+  pipelineRef:
+    name: pipeline
+  params:
+    - name: repo_url
+      value: https://github.com/chmouel/go-helloworld
+    - name: revision
+      value: main
+      # This uses S3 bucket  to upload Caches
+    - name: registry
+      value: oci://docker.io/<username>
+    - name: buildCommand
+      value: go build -v ./
+    - name: image
+      value: golang:1.21
+  workspaces:
+    - name: cred
+      secret:
+        secretName: regcred
+    - name: source
+      emptyDir: {}
diff --git a/dev/pr/pipelinerun-s3.yaml b/dev/pr/pipelinerun-s3.yaml
@@ -0,0 +1,26 @@
+---
+apiVersion: tekton.dev/v1
+kind: PipelineRun
+metadata:
+  generateName: pipelinerun-s3-
+spec:
+  pipelineRef:
+    name: pipeline
+  params:
+    - name: repo_url
+      value: https://github.com/chmouel/go-helloworld
+    - name: revision
+      value: main
+      # This uses S3 bucket  to upload Caches
+    - name: registry
+      value: s3://tekton-caches
+    - name: buildCommand
+      value: go build -v ./
+    - name: image
+      value: golang:1.21
+  workspaces:
+    - name: cred
+      secret:
+        secretName: aws-cred
+    - name: source
+      emptyDir: {}
diff --git a/dev/step-action/cache-fetch.yaml b/dev/step-action/cache-fetch.yaml
@@ -0,0 +1,88 @@
+apiVersion: tekton.dev/v1alpha1
+kind: StepAction
+metadata:
+  name: cache-fetch
+  annotations:
+    tekton.dev/pipelines.minVersion: "0.56.0"
+    tekton.dev/tags: "cache"
+spec:
+  params:
+    - name: patterns
+      description: |
+        Regular expression to select files to include to compute the hash.
+        For example, in the case of a Go project, you can use `go.mod` for this, so the value would be "**/go.sum" (to work with possible sub go modules as well).
+      type: array
+    - name: source
+      description: |
+        The source from where the cache should be fetched. It's a URI with the scheme defining the "provider". In addition, one can add a {{hash}} variable to use the computed hash in the reference (oci image tags, path in s3, …)
+        Currently supported:
+        - oci:// (e.g. oci://quay.io/vdemeester/go-cache:{{hash}}
+        - s3:// (e.g. s3://
+      type: string
+    - name: cachePath
+      description: |
+        Path where to extract the cache content.
+        It can refer any folder, backed by a workspace or a volume, or nothing.
+      type: string
+    - name: workingdir
+      description: |
+        The working dir from where the files patterns needs to be taken
+      type: string
+    - name: insecure
+      description: |
+        Whether to use insecure mode for fetching the cache
+      type: string
+      default: "false"
+    - name: googleCredentialsPath
+      description: |
+        The path where to find the google credentials. If left empty, it is ignored.
+      type: string
+      default: ""
+    - name: cred-store
+      description: |
+        The path where to find the creds to download cache files . If left empty, it is ignored.
+      type: string
+      default: ""
+  results: # Any result to "publish" ?
+    - name: fetched
+      description: |
+        Whether a cache was fetched or not (true/false). This step won't fail if it didn't manage to fetch cache. This results allows the next step to act whether something was fetched or not.
+  env:
+    - name: PARAM_SOURCE
+      value: $(params.source)
+    - name: PARAM_CACHE_PATH
+      value: $(params.cachePath)
+    - name: PARAM_WORKINGDIR
+      value: $(params.workingdir)
+    - name: PARAM_INSECURE
+      value: $(params.insecure)
+    - name: GOOGLE_APPLICATION_CREDENTIALS
+      value: $(params.googleCredentialsPath)
+    - name: CRED_STORE
+      value: $(params.cred-store)
+
+  # FIXME: use a released version once something is released :)
+  image: ko://github.com/openshift-pipelines/tekton-caches/cmd/cache
+  args: ["$(params.patterns[*])"]
+  script: |
+    #!/bin/sh
+
+    PATTERN_FLAGS=""
+    echo "Patterns: $*"
+    for p in $*; do
+      PATTERN_FLAGS="${PATTERN_FLAGS} --pattern ${p}"
+    done
+
+    set -x
+    /ko-app/cache fetch ${PATTERN_FLAGS} \
+                        --source ${PARAM_SOURCE} \
+                        --folder ${PARAM_CACHE_PATH} \
+                        --insecure ${PARAM_INSECURE} \
+                        --workingdir ${PARAM_WORKINGDIR}
+    if [ $? -eq 0 ]; then
+      echo -n true > $(step.results.fetched.path)
+    else
+      echo -n false > $(step.results.fetched.path)
+    fi
+
+    exit 0
diff --git a/dev/step-action/cache-upload.yaml b/dev/step-action/cache-upload.yaml
@@ -0,0 +1,95 @@
+apiVersion: tekton.dev/v1alpha1
+kind: StepAction
+metadata:
+  name: cache-upload
+  annotations:
+    tekton.dev/pipelines.minVersion: "0.56.0"
+    tekton.dev/tags: "cache"
+spec:
+  params:
+    - name: patterns
+      description: |
+        Regular expression to select files to include to compute the hash.
+        For example, in the case of a Go project, you can use `go.mod` for this, so the value would be "**/go.sum" (to work with possible sub go modules as well).
+      type: array
+    - name: target
+      description: |
+        The target from where the cache should be uploaded. It's a URI with the scheme defining the "provider". In addition, one can add a {{hash}} variable to use the computed hash in the reference (oci image tags, path in s3, …)
+        Currently supported:
+        - oci:// (e.g. oci://quay.io/vdemeester/go-cache:{{hash}}
+        - s3:// (e.g. s3://
+      type: string
+    - name: cachePath
+      description: |
+        Path where to extract the cache content.
+        It can refer any folder, backed by a workspace or a volume, or nothing.
+      type: string
+    - name: workingdir
+      description: |
+        The working dir from where the files patterns needs to be taken
+      type: string
+    - name: insecure
+      description: |
+        Whether to use insecure mode for fetching the cache
+      type: string
+      default: "false"
+    - name: fetched
+      description: |
+        Wether cache was fetched or not previously
+      type: string
+      default: "false"
+    - name: force-cache-upload
+      description: |
+        Whether to force the cache upload even if it was fetched previously
+      type: string
+      default: "false"
+    - name: googleCredentialsPath
+      description: |
+        The path where to find the google credentials. If left empty, it is ignored.
+      type: string
+      default: ""
+    - name: cred-store
+      description: |
+        The path where to find the creds to upload cache files . If left empty, it is ignored.
+      type: string
+      default: ""
+  env:
+    - name: PARAM_TARGET
+      value: $(params.target)
+    - name: PARAM_CACHE_PATH
+      value: $(params.cachePath)
+    - name: PARAM_WORKINGDIR
+      value: $(params.workingdir)
+    - name: PARAM_INSECURE
+      value: $(params.insecure)
+    - name: RESULT_CACHE_FETCHED
+      value: $(params.fetched)
+    - name: PARAM_FORCE_CACHE_UPLOAD
+      value: $(params.force-cache-upload)
+    - name: GOOGLE_APPLICATION_CREDENTIALS
+      value: $(params.googleCredentialsPath)
+    - name: CRED_STORE
+      value: $(params.cred-store)
+  # FIXME: use a released version once something is released :)
+  image: ko://github.com/openshift-pipelines/tekton-caches/cmd/cache
+  args: ["$(params.patterns[*])"]
+  script: |
+    #!/usr/bin/env sh
+    set -x
+    if [[ ${PARAM_FORCE_CACHE_UPLOAD} == "false" && ${RESULT_CACHE_FETCHED} == "true" ]]; then
+      echo "no need to upload cache"
+      exit 0
+    fi
+
+    PATTERN_FLAGS=""
+    echo "Patterns: $*"
+    for p in $*; do
+      PATTERN_FLAGS="${PATTERN_FLAGS} --pattern ${p}"
+    done
+
+    set -ex
+    /ko-app/cache upload ${PATTERN_FLAGS} \
+                        --target ${PARAM_TARGET} \
+                        --folder ${PARAM_CACHE_PATH} \
+                        --insecure ${PARAM_INSECURE} \
+                        --workingdir ${PARAM_WORKINGDIR}
diff --git a/go.mod b/go.mod
@@ -5,6 +5,9 @@ go 1.22
 require (
 	cloud.google.com/go/storage v1.43.0
 	github.com/GoogleCloudPlatform/cloud-builders/gcs-fetcher v0.0.0-20240628152042-7b3987f0b238
+	github.com/aws/aws-sdk-go-v2 v1.31.0
+	github.com/aws/aws-sdk-go-v2/config v1.27.37
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.63.1
 	github.com/codeclysm/extract/v3 v3.1.1
 	github.com/google/go-containerregistry v0.20.2
 	github.com/moby/patternmatcher v0.6.0
@@ -19,6 +22,21 @@ require (
 	cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect
 	cloud.google.com/go/compute/metadata v0.5.1 // indirect
 	cloud.google.com/go/iam v1.2.0 // indirect
+	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.5 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.35 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.14 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.18 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.18 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.18 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.20 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.20 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.18 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.23.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.31.1 // indirect
+	github.com/aws/smithy-go v1.21.0 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
 	github.com/docker/cli v27.1.1+incompatible // indirect
 	github.com/docker/distribution v2.8.2+incompatible // indirect