Skip to content

Commit 7dccdd8

Browse files
jcapiitaojcapiitao
committed
.tekton: enabling hermetic builds
This will force Konflux to prefetch the dependencies defined in the lock.yaml file with [1]. Then during the build, Konflux will 1. inject the repositories where the deps are stored, 2. configure the clients to pull the deps from there, 3. build without network. As rpm is still not fully supported [2], we have to enable `dev-package-managers` for now. [1] https://github.com/konflux-ci/build-definitions/tree/main/task/prefetch-dependencies-oci-ta/0.2 [2] https://github.com/hermetoproject/hermeto?tab=readme-ov-file#package-managers
1 parent 4652a24 commit 7dccdd8

11 files changed

+1391
-0
lines changed

.tekton/coreos-assembler-pull-request.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,14 @@ spec:
3434
value: Dockerfile
3535
- name: path-context
3636
value: .
37+
- name: hermetic
38+
value: true
39+
- name: prefetch-input
40+
value: '[{"type": "rpm", "path": "."}]'
41+
# Note: to be removed once rpm fully supported
42+
# https://github.com/hermetoproject/hermeto?tab=readme-ov-file#package-managers
43+
- name: dev-package-managers
44+
value: true
3745
pipelineRef:
3846
params:
3947
- name: bundle

.tekton/coreos-assembler-push.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,14 @@ spec:
3131
value: Dockerfile
3232
- name: path-context
3333
value: .
34+
- name: hermetic
35+
value: true
36+
- name: prefetch-input
37+
value: '[{"type": "rpm", "path": "."}]'
38+
# Note: to be removed once rpm fully supported
39+
# https://github.com/hermetoproject/hermeto?tab=readme-ov-file#package-managers
40+
- name: dev-package-managers
41+
value: true
3442
pipelineRef:
3543
params:
3644
- name: bundle

.tekton/kola-nfs-pull-request.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,14 @@ spec:
3535
value: Containerfile
3636
- name: path-context
3737
value: tests/containers/nfs
38+
- name: hermetic
39+
value: true
40+
- name: prefetch-input
41+
value: '[{"type": "rpm", "path": "."}]'
42+
# Note: to be removed once rpm fully supported
43+
# https://github.com/hermetoproject/hermeto?tab=readme-ov-file#package-managers
44+
- name: dev-package-managers
45+
value: true
3846
pipelineRef:
3947
params:
4048
- name: bundle

.tekton/kola-nfs-push.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,14 @@ spec:
3131
value: Containerfile
3232
- name: path-context
3333
value: tests/containers/nfs
34+
- name: hermetic
35+
value: true
36+
- name: prefetch-input
37+
value: '[{"type": "rpm", "path": "."}]'
38+
# Note: to be removed once rpm fully supported
39+
# https://github.com/hermetoproject/hermeto?tab=readme-ov-file#package-managers
40+
- name: dev-package-managers
41+
value: true
3442
pipelineRef:
3543
params:
3644
- name: bundle

.tekton/kola-tang-pull-request.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,14 @@ spec:
3434
value: ./tests/containers/tang/Containerfile
3535
- name: path-context
3636
value: .
37+
- name: hermetic
38+
value: true
39+
- name: prefetch-input
40+
value: '[{"type": "rpm", "path": "."}]'
41+
# Note: to be removed once rpm fully supported
42+
# https://github.com/hermetoproject/hermeto?tab=readme-ov-file#package-managers
43+
- name: dev-package-managers
44+
value: true
3745
pipelineRef:
3846
params:
3947
- name: bundle

.tekton/kola-tang-push.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,14 @@ spec:
3131
value: ./tests/containers/tang/Containerfile
3232
- name: path-context
3333
value: .
34+
- name: hermetic
35+
value: true
36+
- name: prefetch-input
37+
value: '[{"type": "rpm", "path": "."}]'
38+
# Note: to be removed once rpm fully supported
39+
# https://github.com/hermetoproject/hermeto?tab=readme-ov-file#package-managers
40+
- name: dev-package-managers
41+
value: true
3442
pipelineRef:
3543
params:
3644
- name: bundle

.tekton/kola-targetcli-pull-request.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,14 @@ spec:
3434
value: ./tests/containers/targetcli/Containerfile
3535
- name: path-context
3636
value: .
37+
- name: hermetic
38+
value: true
39+
- name: prefetch-input
40+
value: '[{"type": "rpm", "path": "."}]'
41+
# Note: to be removed once rpm fully supported
42+
# https://github.com/hermetoproject/hermeto?tab=readme-ov-file#package-managers
43+
- name: dev-package-managers
44+
value: true
3745
pipelineRef:
3846
params:
3947
- name: bundle

.tekton/kola-targetcli-push.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,14 @@ spec:
3131
value: ./tests/containers/targetcli/Containerfile
3232
- name: path-context
3333
value: .
34+
- name: hermetic
35+
value: true
36+
- name: prefetch-input
37+
value: '[{"type": "rpm", "path": "."}]'
38+
# Note: to be removed once rpm fully supported
39+
# https://github.com/hermetoproject/hermeto?tab=readme-ov-file#package-managers
40+
- name: dev-package-managers
41+
value: true
3442
pipelineRef:
3543
params:
3644
- name: bundle

fedora.repo

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
[fedora]
2+
name=Fedora $releasever - $basearch
3+
#baseurl=http://download.example/pub/fedora/linux/releases/$releasever/Everything/$basearch/os/
4+
metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch
5+
enabled=1
6+
countme=1
7+
metadata_expire=7d
8+
repo_gpgcheck=0
9+
type=rpm
10+
gpgcheck=1
11+
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
12+
skip_if_unavailable=False
13+
14+
[updates]
15+
name=Fedora $releasever - $basearch - Updates
16+
#baseurl=http://download.example/pub/fedora/linux/updates/$releasever/Everything/$basearch/
17+
metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch
18+
enabled=1
19+
countme=1
20+
repo_gpgcheck=0
21+
type=rpm
22+
gpgcheck=1
23+
metadata_expire=6h
24+
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
25+
skip_if_unavailable=False

rpms.in.yaml

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
contentOrigin:
2+
repofiles:
3+
- ./fedora.repo
4+
packages:
5+
- kmod
6+
- nfs-utils
7+
- systemd
8+
- tang
9+
- targetcli
10+
- /usr/bin/ps
11+
12+
arches:
13+
- x86_64

0 commit comments

Comments
 (0)