feat(RELEASE-1328): embargo-check pipeline is called via git resolver

This commit updates the managed task that calls the embargo-check internal pipeline to call the pipeline via git resolver instead of cluster resolver. It also moves the internal embargo-check pipeline to its proper directory, which is where the internal-request script expects it. Signed-off-by: Johnny Bieren <[email protected]>
konflux-ci · Jan 24, 2025 · 964cdba · 964cdba
1 parent e405d54
commit 964cdba
Show file tree

Hide file tree

Showing 12 changed files with 20 additions and 14 deletions.
diff --git a/internal/resources/check-embargoed-cves.yaml b/internal/resources/check-embargoed-cves.yaml
diff --git a/.../pipelines/check-embargoed-cves/README.md → ...s/internal/check-embargoed-cves/README.md b/.../pipelines/check-embargoed-cves/README.md → ...s/internal/check-embargoed-cves/README.md
diff --git a/...-embargoed-cves/check-embargoed-cves.yaml → ...-embargoed-cves/check-embargoed-cves.yaml b/...-embargoed-cves/check-embargoed-cves.yaml → ...-embargoed-cves/check-embargoed-cves.yaml
diff --git a/tasks/managed/embargo-check/README.md b/tasks/managed/embargo-check/README.md
@@ -15,6 +15,12 @@ by server using curl and checks the CVEs via an InternalRequest. If any issue or
 
 ## Changes in 0.5.0
 * Added taskGiturl and taskGitRevision parameters to be passed to the internalRequest
+* The pipeline is called via git resolver now instead of cluster resolver
+  * This was done by changing from `-r` to `--pipeline` in the `internal-request` call
+  * The base image was updated to include this new functionality
+* Add --pipeline-timeout as an argument to the internalRequest that is the same value as the requestTimeout
+  * This surpresses the warning about the pipeline timeout exceeding the request timeout
+* Updated logic to determine InternalRequest name more reliably
 
 ## Changes in 0.4.1
 * fix linting issues in embargo-check task 

diff --git a/tasks/managed/embargo-check/embargo-check.yaml b/tasks/managed/embargo-check/embargo-check.yaml
@@ -35,7 +35,7 @@ spec:
       description: The workspace where the snapshot spec json file resides
   steps:
     - name: check-issues
-      image: quay.io/konflux-ci/release-service-utils:e633d51cd41d73e4b3310face21bb980af7a662f
+      image: quay.io/konflux-ci/release-service-utils:0f82be4be43294b6a96846d87ef7f7c0b9e34267
       script: |
         #!/usr/bin/env bash
         set -x
@@ -79,7 +79,7 @@ spec:
 
         exit $RC
     - name: check-cves
-      image: quay.io/konflux-ci/release-service-utils:e633d51cd41d73e4b3310face21bb980af7a662f
+      image: quay.io/konflux-ci/release-service-utils:0f82be4be43294b6a96846d87ef7f7c0b9e34267
       script: |
         #!/usr/bin/env bash
 
@@ -101,17 +101,18 @@ spec:
 
         echo "Checking the following CVEs: ${CVES}"
 
-        internal-request -r "check-embargoed-cves" \
+        internal-request --pipeline "check-embargoed-cves" \
             -p cves="${CVES}" \
             -p taskGitUrl="$(params.taskGitUrl)" \
             -p taskGitRevision="$(params.taskGitRevision)" \
             -l ${PIPELINERUN_LABEL}="$(params.pipelineRunUid)" \
             -t "$(params.requestTimeout)" \
+            --pipeline-timeout "$(params.requestTimeout)" \
             -s true \
             > "$(workspaces.data.path)"/ir-result.txt || \
             (grep "^\[" "$(workspaces.data.path)"/ir-result.txt | jq . && exit 1)
 
-        internalRequest=$(awk 'NR==1{ print $2 }' "$(workspaces.data.path)"/ir-result.txt | xargs)
+        internalRequest=$(grep created "$(workspaces.data.path)"/ir-result.txt | awk 'NR==1{ print $2 }' | xargs)
         echo "done (${internalRequest})"
 
         results=$(kubectl get internalrequest "$internalRequest" -o=jsonpath='{.status.results}')

diff --git a/tasks/managed/embargo-check/tests/mocks.sh b/tasks/managed/embargo-check/tests/mocks.sh
@@ -23,11 +23,11 @@ function curl() {
 
 function internal-request() {
   if [[ "$*" == *"CVE-999"* ]]; then
-    echo "Name: embargo-ir"
+    echo "InternalRequest 'embargo-ir' created."
   elif [[ "$*" == *"CVE-FAIL-555"* ]]; then
     exit 1
   else
-    echo "Name: success-ir"
+    echo "InternalRequest 'success-ir' created."
   fi
 }
 

diff --git a/tasks/managed/embargo-check/tests/test-embargo-check-embargoed-cve.yaml b/tasks/managed/embargo-check/tests/test-embargo-check-embargoed-cve.yaml
@@ -19,7 +19,7 @@ spec:
           - name: data
         steps:
           - name: setup-values
-            image: quay.io/konflux-ci/release-service-utils:e633d51cd41d73e4b3310face21bb980af7a662f
+            image: quay.io/konflux-ci/release-service-utils:0f82be4be43294b6a96846d87ef7f7c0b9e34267
             script: |
               #!/usr/bin/env sh
               set -eux

diff --git a/tasks/managed/embargo-check/tests/test-embargo-check-embargoed-issue.yaml b/tasks/managed/embargo-check/tests/test-embargo-check-embargoed-issue.yaml
@@ -19,7 +19,7 @@ spec:
           - name: data
         steps:
           - name: setup-values
-            image: quay.io/konflux-ci/release-service-utils:e633d51cd41d73e4b3310face21bb980af7a662f
+            image: quay.io/konflux-ci/release-service-utils:0f82be4be43294b6a96846d87ef7f7c0b9e34267
             script: |
               #!/usr/bin/env sh
               set -eux

diff --git a/tasks/managed/embargo-check/tests/test-embargo-check-ir-failure.yaml b/tasks/managed/embargo-check/tests/test-embargo-check-ir-failure.yaml
@@ -19,7 +19,7 @@ spec:
           - name: data
         steps:
           - name: setup-values
-            image: quay.io/konflux-ci/release-service-utils:e633d51cd41d73e4b3310face21bb980af7a662f
+            image: quay.io/konflux-ci/release-service-utils:0f82be4be43294b6a96846d87ef7f7c0b9e34267
             script: |
               #!/usr/bin/env sh
               set -eux

diff --git a/tasks/managed/embargo-check/tests/test-embargo-check-no-release-notes.yaml b/tasks/managed/embargo-check/tests/test-embargo-check-no-release-notes.yaml
@@ -17,7 +17,7 @@ spec:
           - name: data
         steps:
           - name: setup-values
-            image: quay.io/konflux-ci/release-service-utils:e633d51cd41d73e4b3310face21bb980af7a662f
+            image: quay.io/konflux-ci/release-service-utils:0f82be4be43294b6a96846d87ef7f7c0b9e34267
             script: |
               #!/usr/bin/env sh
               set -eux

diff --git a/tasks/managed/embargo-check/tests/test-embargo-check-public-cves.yaml b/tasks/managed/embargo-check/tests/test-embargo-check-public-cves.yaml
@@ -17,7 +17,7 @@ spec:
           - name: data
         steps:
           - name: setup-values
-            image: quay.io/konflux-ci/release-service-utils:e633d51cd41d73e4b3310face21bb980af7a662f
+            image: quay.io/konflux-ci/release-service-utils:0f82be4be43294b6a96846d87ef7f7c0b9e34267
             script: |
               #!/usr/bin/env sh
               set -eux

diff --git a/tasks/managed/embargo-check/tests/test-embargo-check-public-issues.yaml b/tasks/managed/embargo-check/tests/test-embargo-check-public-issues.yaml
@@ -17,7 +17,7 @@ spec:
           - name: data
         steps:
           - name: setup-values
-            image: quay.io/konflux-ci/release-service-utils:e633d51cd41d73e4b3310face21bb980af7a662f
+            image: quay.io/konflux-ci/release-service-utils:0f82be4be43294b6a96846d87ef7f7c0b9e34267
             script: |
               #!/usr/bin/env sh
               set -eux
@@ -64,7 +64,7 @@ spec:
       taskSpec:
         steps:
           - name: check-result
-            image: quay.io/konflux-ci/release-service-utils:e633d51cd41d73e4b3310face21bb980af7a662f
+            image: quay.io/konflux-ci/release-service-utils:0f82be4be43294b6a96846d87ef7f7c0b9e34267
             script: |
               #!/usr/bin/env bash
               set -eux