diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml new file mode 100644 index 00000000..5e12b9be --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -0,0 +1,63 @@ +name: Bug 🐞 +description: Report a bug report +type: bug + +body: + - type: markdown + attributes: + value: | + Before opening a bug report, please search for the behaviour in the existing issues. + + --- + + Thank you for taking the time to file a bug report. To address this bug as fast as possible, we need some information. + + - type: textarea + id: bug-description + attributes: + label: Bug description + description: What happened? + validations: + required: true + + - type: input + id: user-agent + attributes: + label: user agent + description: 'Which operating system are you on? Please provide the version as well. If you are on a Mac, please specify Apple silicon or Intel.' + placeholder: 'macOS Ventura 13.4 (Arm), Windows 11' + validations: + required: true + + - type: dropdown + id: install + attributes: + label: Installation Method + description: 'How did you install Podman Desktop?' + options: + - 'Installer from website/GitHub releases' + - 'Brew (macOS)' + - 'Chocolatey (Windows)' + - 'Flathub (Linux)' + - 'Scoop (Windows)' + - 'Winget (Windows)' + - 'Other' + + - type: textarea + id: environment + attributes: + label: which environment + description: What steps do we need to take to reproduce this error? + + - type: textarea + id: image-proxy + attributes: + label: image of proxy + description: If applicable, provide relevant log output. + render: shell + + - type: textarea + id: additional-context + attributes: + label: Additional context + description: Add any other context or screenshots here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml new file mode 100644 index 00000000..df518d5f --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.yml @@ -0,0 +1,41 @@ +name: Feature 🐞 +description: Request a feature +type: feature + +body: + - type: markdown + attributes: + value: | + Before opening a feature request, please search for the behaviour in the existing issues. + + --- + + Thank you for taking the time to file a bug report. To address this bug as fast as possible, we need some information. + + - type: textarea + id: feature-description + attributes: + label: Feature description + description: What happened? + validations: + required: true + + - type: dropdown + id: install + attributes: + label: Installation Method + description: 'How did you install Podman Desktop?' + options: + - 'Installer from website/GitHub releases' + - 'Brew (macOS)' + - 'Chocolatey (Windows)' + - 'Flathub (Linux)' + - 'Scoop (Windows)' + - 'Winget (Windows)' + - 'Other' + + - type: textarea + id: additional-context + attributes: + label: Additional context + description: Add any other context or screenshots here. diff --git a/.tekton/cara-konflux-ui-test-b1228-pull-request.yaml b/.tekton/cara-konflux-ui-test-b1228-pull-request.yaml new file mode 100644 index 00000000..b644df07 --- /dev/null +++ b/.tekton/cara-konflux-ui-test-b1228-pull-request.yaml @@ -0,0 +1,583 @@ +apiVersion: tekton.dev/v1 +kind: PipelineRun +metadata: + annotations: + build.appstudio.openshift.io/repo: https://github.com/testcara/konflux-ui-test?rev={{revision}} + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/cancel-in-progress: "true" + pipelinesascode.tekton.dev/max-keep-runs: "3" + pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch + == "main" + creationTimestamp: null + labels: + appstudio.openshift.io/application: konflux-ui-test + appstudio.openshift.io/component: cara-konflux-ui-test-b1228 + pipelines.appstudio.openshift.io/type: build + name: cara-konflux-ui-test-b1228-on-pull-request + namespace: wlin-tenant +spec: + params: + - name: git-url + value: '{{source_url}}' + - name: revision + value: '{{revision}}' + - name: output-image + value: quay.io/redhat-user-workloads-stage/wlin-tenant/cara-konflux-ui-test-b1228:on-pr-{{revision}} + - name: image-expires-after + value: 5d + - name: dockerfile + value: Dockerfile + pipelineSpec: + description: | + This pipeline is ideal for building container images from a Containerfile while maintaining trust after pipeline customization. + + _Uses `buildah` to create a container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://conforma.dev/docs/policy/packages/release_trusted_task.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks. + This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build-oci-ta?tab=tags)_ + params: + - description: Source Repository URL + name: git-url + type: string + - default: "" + description: Revision of the Source Repository + name: revision + type: string + - description: Fully Qualified Output Image + name: output-image + type: string + - default: . + description: Path to the source code of an application's component from where + to build image. + name: path-context + type: string + - default: Dockerfile + description: Path to the Dockerfile inside the context specified by parameter + path-context + name: dockerfile + type: string + - default: "false" + description: Skip checks against built image + name: skip-checks + type: string + - default: "false" + description: Execute the build with network isolation + name: hermetic + type: string + - default: "" + description: Build dependencies to be prefetched + name: prefetch-input + type: string + - default: "" + description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. + name: image-expires-after + type: string + - default: "false" + description: Build a source image. + name: build-source-image + type: string + - default: "false" + description: Add built image into an OCI image index + name: build-image-index + type: string + - default: docker + description: The format for the resulting image's mediaType. Valid values are + oci or docker. + name: buildah-format + type: string + - default: "false" + description: Enable cache proxy configuration + name: enable-cache-proxy + - default: [] + description: Array of --build-arg values ("arg=value" strings) for buildah + name: build-args + type: array + - default: "" + description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file + name: build-args-file + type: string + - default: "false" + description: Whether to enable privileged mode, should be used only with remote + VMs + name: privileged-nested + type: string + results: + - description: "" + name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - description: "" + name: CHAINS-GIT_URL + value: $(tasks.clone-repository.results.url) + - description: "" + name: CHAINS-GIT_COMMIT + value: $(tasks.clone-repository.results.commit) + tasks: + - name: init + params: + - name: enable-cache-proxy + value: $(params.enable-cache-proxy) + taskRef: + params: + - name: name + value: init + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:288f3106118edc1d0f0c79a89c960abf5841a4dd8bc3f38feb10527253105b19 + - name: kind + value: task + resolver: bundles + - name: clone-repository + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + - name: ociStorage + value: $(params.output-image).git + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) + runAfter: + - init + taskRef: + params: + - name: name + value: git-clone-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:2c388d28651457db60bb90287e7d8c3680303197196e4476878d98d81e8b6dc9 + - name: kind + value: task + resolver: bundles + workspaces: + - name: basic-auth + workspace: git-auth + - name: prefetch-dependencies + params: + - name: input + value: $(params.prefetch-input) + - name: SOURCE_ARTIFACT + value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + - name: ociStorage + value: $(params.output-image).prefetch + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) + runAfter: + - clone-repository + taskRef: + params: + - name: name + value: prefetch-dependencies-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:22612d629796a29ddd177d6e29c18a4319875d4e2348286ea01d16427cec0dc1 + - name: kind + value: task + resolver: bundles + workspaces: + - name: git-basic-auth + workspace: git-auth + - name: netrc + workspace: netrc + - name: build-container + params: + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + - name: PRIVILEGED_NESTED + value: $(params.privileged-nested) + - name: SOURCE_URL + value: $(tasks.clone-repository.results.url) + - name: BUILDAH_FORMAT + value: $(params.buildah-format) + - name: HTTP_PROXY + value: $(tasks.init.results.http-proxy) + - name: NO_PROXY + value: $(tasks.init.results.no-proxy) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - prefetch-dependencies + taskRef: + params: + - name: name + value: buildah-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.9@sha256:8db8c8fe3dcbf75a7ae2e55691d9b68823e106ebe302ef89556e8b71484c3725 + - name: kind + value: task + resolver: bundles + - name: build-image-index + params: + - name: IMAGE + value: $(params.output-image) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: ALWAYS_BUILD_INDEX + value: $(params.build-image-index) + - name: IMAGES + value: + - $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST) + - name: BUILDAH_FORMAT + value: $(params.buildah-format) + runAfter: + - build-container + taskRef: + params: + - name: name + value: build-image-index + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.2@sha256:ac4f8b58ade5000f6e47d287b72832f0d89a91651849467be73e05da639cff7d + - name: kind + value: task + resolver: bundles + - name: build-source-image + params: + - name: BINARY_IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: BINARY_IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: source-build-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:eb620d137d2dfa9966d991ac210ad14f391cfa9cfc501e3cc1eb24e3332c6986 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.build-source-image) + operator: in + values: + - "true" + - name: deprecated-base-image-check + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: deprecated-image-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:808fe09bb5b8503de569de097ae5dd619a7488110f79e8e215e69862ee3fce6d + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: clair-scan + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clair-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:654b989d7cdc03d082e56f216a29de04847215ee379a8d9ca315e453ad2b15c2 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: ecosystem-cert-preflight-checks + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: ecosystem-cert-preflight-checks + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:945f8ba72381402ce6b00efa24a6eeb19a27ba68b445474c28ebfbfb21bb365f + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-snyk-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-snyk-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:49b7d09db82e6cad98152db8f16707ca3d90a1709e846e3ed8c91a433c88724f + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: clamav-scan + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clamav-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:b2f25599a10ab0846e4659f76b5b78c0fddf561404656fda52055eda31e70d83 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-coverity-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - coverity-availability-check + taskRef: + params: + - name: name + value: sast-coverity-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check-oci-ta:0.3@sha256:9978b6163d54473a72ded5eb9b75d9ffae92118e544c7b96dc805cd66870b12d + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - input: $(tasks.coverity-availability-check.results.STATUS) + operator: in + values: + - success + - name: coverity-availability-check + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: coverity-availability-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:267d5bc069a0323f41e24732ddfd1057e5c639e853d1e620c67505fab78f1301 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-shell-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-shell-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:e7a51575f9188a1461d4520da25aaa4efdd3b896c97dc750941fa22840e55c13 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-unicode-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-unicode-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.4@sha256:0ca0203c25e22c9f12cc32436f6bf02df19fd177ba5f84926d804c711146974e + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: apply-tags + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: apply-tags + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:510b6d2a3b188adeb716e49566b57d611ab36bd69a2794b5ddfc11dbf014c2ca + - name: kind + value: task + resolver: bundles + - name: push-dockerfile + params: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: push-dockerfile-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.3@sha256:1bc2d0f26b89259db090a47bb38217c82c05e335d626653d184adf1d196ca131 + - name: kind + value: task + resolver: bundles + - name: rpms-signature-scan + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:47b81d6b3d752649eddfbb8b3fd8f6522c4bb07f6d1946f9bc45dae3f92e2c9a + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: git-auth + optional: true + - name: netrc + optional: true + taskRunTemplate: + serviceAccountName: build-pipeline-cara-konflux-ui-test-b1228 + workspaces: + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' +status: {} diff --git a/.tekton/cara-konflux-ui-test-b1228-push.yaml b/.tekton/cara-konflux-ui-test-b1228-push.yaml new file mode 100644 index 00000000..71e9eed9 --- /dev/null +++ b/.tekton/cara-konflux-ui-test-b1228-push.yaml @@ -0,0 +1,582 @@ +apiVersion: tekton.dev/v1 +kind: PipelineRun +metadata: + annotations: + build.appstudio.openshift.io/repo: https://github.com/testcara/konflux-ui-test?rev={{revision}} + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/cancel-in-progress: "false" + pipelinesascode.tekton.dev/max-keep-runs: "3" + pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch + == "main" + creationTimestamp: null + labels: + appstudio.openshift.io/application: konflux-ui-test + appstudio.openshift.io/component: cara-konflux-ui-test-b1228 + pipelines.appstudio.openshift.io/type: build + name: cara-konflux-ui-test-b1228-on-push + namespace: wlin-tenant +spec: + params: + - name: git-url + value: '{{source_url}}' + - name: revision + value: '{{revision}}' + - name: output-image + value: quay.io/redhat-user-workloads-stage/wlin-tenant/cara-konflux-ui-test-b1228:{{revision}} + - name: dockerfile + value: Dockerfile + - name: skip-checks + value: "true" + pipelineSpec: + description: | + This pipeline is ideal for building container images from a Containerfile while maintaining trust after pipeline customization. + + _Uses `buildah` to create a container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://conforma.dev/docs/policy/packages/release_trusted_task.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks. + This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build-oci-ta?tab=tags)_ + params: + - description: Source Repository URL + name: git-url + type: string + - default: "" + description: Revision of the Source Repository + name: revision + type: string + - description: Fully Qualified Output Image + name: output-image + type: string + - default: . + description: Path to the source code of an application's component from where + to build image. + name: path-context + type: string + - default: Dockerfile + description: Path to the Dockerfile inside the context specified by parameter + path-context + name: dockerfile + type: string + - default: "false" + description: Skip checks against built image + name: skip-checks + type: string + - default: "false" + description: Execute the build with network isolation + name: hermetic + type: string + - default: "" + description: Build dependencies to be prefetched + name: prefetch-input + type: string + - default: "" + description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. + name: image-expires-after + type: string + - default: "false" + description: Build a source image. + name: build-source-image + type: string + - default: "false" + description: Add built image into an OCI image index + name: build-image-index + type: string + - default: docker + description: The format for the resulting image's mediaType. Valid values are + oci or docker. + name: buildah-format + type: string + - default: "false" + description: Enable cache proxy configuration + name: enable-cache-proxy + - default: [] + description: Array of --build-arg values ("arg=value" strings) for buildah + name: build-args + type: array + - default: "" + description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file + name: build-args-file + type: string + - default: "false" + description: Whether to enable privileged mode, should be used only with remote + VMs + name: privileged-nested + type: string + results: + - description: "" + name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - description: "" + name: CHAINS-GIT_URL + value: $(tasks.clone-repository.results.url) + - description: "" + name: CHAINS-GIT_COMMIT + value: $(tasks.clone-repository.results.commit) + tasks: + - name: init + params: + - name: enable-cache-proxy + value: $(params.enable-cache-proxy) + taskRef: + params: + - name: name + value: init + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:288f3106118edc1d0f0c79a89c960abf5841a4dd8bc3f38feb10527253105b19 + - name: kind + value: task + resolver: bundles + - name: clone-repository + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + - name: ociStorage + value: $(params.output-image).git + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) + runAfter: + - init + taskRef: + params: + - name: name + value: git-clone-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:2c388d28651457db60bb90287e7d8c3680303197196e4476878d98d81e8b6dc9 + - name: kind + value: task + resolver: bundles + workspaces: + - name: basic-auth + workspace: git-auth + - name: prefetch-dependencies + params: + - name: input + value: $(params.prefetch-input) + - name: SOURCE_ARTIFACT + value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + - name: ociStorage + value: $(params.output-image).prefetch + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) + runAfter: + - clone-repository + taskRef: + params: + - name: name + value: prefetch-dependencies-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:22612d629796a29ddd177d6e29c18a4319875d4e2348286ea01d16427cec0dc1 + - name: kind + value: task + resolver: bundles + workspaces: + - name: git-basic-auth + workspace: git-auth + - name: netrc + workspace: netrc + - name: build-container + params: + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + - name: PRIVILEGED_NESTED + value: $(params.privileged-nested) + - name: SOURCE_URL + value: $(tasks.clone-repository.results.url) + - name: BUILDAH_FORMAT + value: $(params.buildah-format) + - name: HTTP_PROXY + value: $(tasks.init.results.http-proxy) + - name: NO_PROXY + value: $(tasks.init.results.no-proxy) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - prefetch-dependencies + taskRef: + params: + - name: name + value: buildah-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.9@sha256:8db8c8fe3dcbf75a7ae2e55691d9b68823e106ebe302ef89556e8b71484c3725 + - name: kind + value: task + resolver: bundles + - name: build-image-index + params: + - name: IMAGE + value: $(params.output-image) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: ALWAYS_BUILD_INDEX + value: $(params.build-image-index) + - name: IMAGES + value: + - $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST) + - name: BUILDAH_FORMAT + value: $(params.buildah-format) + runAfter: + - build-container + taskRef: + params: + - name: name + value: build-image-index + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.2@sha256:ac4f8b58ade5000f6e47d287b72832f0d89a91651849467be73e05da639cff7d + - name: kind + value: task + resolver: bundles + - name: build-source-image + params: + - name: BINARY_IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: BINARY_IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: source-build-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:eb620d137d2dfa9966d991ac210ad14f391cfa9cfc501e3cc1eb24e3332c6986 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.build-source-image) + operator: in + values: + - "true" + - name: deprecated-base-image-check + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: deprecated-image-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:808fe09bb5b8503de569de097ae5dd619a7488110f79e8e215e69862ee3fce6d + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: clair-scan + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clair-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:654b989d7cdc03d082e56f216a29de04847215ee379a8d9ca315e453ad2b15c2 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: ecosystem-cert-preflight-checks + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: ecosystem-cert-preflight-checks + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:945f8ba72381402ce6b00efa24a6eeb19a27ba68b445474c28ebfbfb21bb365f + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-snyk-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-snyk-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:49b7d09db82e6cad98152db8f16707ca3d90a1709e846e3ed8c91a433c88724f + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: clamav-scan + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clamav-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:b2f25599a10ab0846e4659f76b5b78c0fddf561404656fda52055eda31e70d83 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-coverity-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - coverity-availability-check + taskRef: + params: + - name: name + value: sast-coverity-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check-oci-ta:0.3@sha256:9978b6163d54473a72ded5eb9b75d9ffae92118e544c7b96dc805cd66870b12d + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - input: $(tasks.coverity-availability-check.results.STATUS) + operator: in + values: + - success + - name: coverity-availability-check + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: coverity-availability-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:267d5bc069a0323f41e24732ddfd1057e5c639e853d1e620c67505fab78f1301 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-shell-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-shell-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:e7a51575f9188a1461d4520da25aaa4efdd3b896c97dc750941fa22840e55c13 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-unicode-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-unicode-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.4@sha256:0ca0203c25e22c9f12cc32436f6bf02df19fd177ba5f84926d804c711146974e + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: apply-tags + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: apply-tags + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:510b6d2a3b188adeb716e49566b57d611ab36bd69a2794b5ddfc11dbf014c2ca + - name: kind + value: task + resolver: bundles + - name: push-dockerfile + params: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: push-dockerfile-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.3@sha256:1bc2d0f26b89259db090a47bb38217c82c05e335d626653d184adf1d196ca131 + - name: kind + value: task + resolver: bundles + - name: rpms-signature-scan + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:47b81d6b3d752649eddfbb8b3fd8f6522c4bb07f6d1946f9bc45dae3f92e2c9a + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: git-auth + optional: true + - name: netrc + optional: true + taskRunTemplate: + serviceAccountName: build-pipeline-cara-konflux-ui-test-b1228 + workspaces: + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' +status: {} diff --git a/.tekton/konflux-ui-pull-request.yaml b/.tekton/konflux-ui-pull-request.yaml index 0b26ed07..ed7172b4 100644 --- a/.tekton/konflux-ui-pull-request.yaml +++ b/.tekton/konflux-ui-pull-request.yaml @@ -10,11 +10,11 @@ metadata: pipelinesascode.tekton.dev/on-cel-expression: (event == "pull_request" && target_branch == "main" && ( !has(body.pull_request) || !body.pull_request.draft) ) || (event == "push" && target_branch.startsWith("gh-readonly-queue/main/") && body.head_commit != "null" ) creationTimestamp: labels: - appstudio.openshift.io/application: konflux-ui - appstudio.openshift.io/component: konflux-ui + appstudio.openshift.io/application: dummy-konflux + appstudio.openshift.io/component: konflux-ui-test pipelines.appstudio.openshift.io/type: build name: konflux-ui-on-pull-request - namespace: konflux-ui-tenant + namespace: abhindas-tenant spec: params: - name: git-url diff --git a/.tekton/konflux-ui-test-pull-request.yaml b/.tekton/konflux-ui-test-pull-request.yaml new file mode 100644 index 00000000..131ca19a --- /dev/null +++ b/.tekton/konflux-ui-test-pull-request.yaml @@ -0,0 +1,583 @@ +apiVersion: tekton.dev/v1 +kind: PipelineRun +metadata: + annotations: + build.appstudio.openshift.io/repo: https://github.com/abhinandan13jan/konflux-ui-test?rev={{revision}} + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/cancel-in-progress: "true" + pipelinesascode.tekton.dev/max-keep-runs: "3" + pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch + == "main" + creationTimestamp: null + labels: + appstudio.openshift.io/application: dummy-konflux + appstudio.openshift.io/component: konflux-ui-test + pipelines.appstudio.openshift.io/type: build + name: konflux-ui-test-on-pull-request + namespace: abhindas-tenant +spec: + params: + - name: git-url + value: '{{source_url}}' + - name: revision + value: '{{revision}}' + - name: output-image + value: quay.io/redhat-user-workloads-stage/abhindas-tenant/konflux-ui-test:on-pr-{{revision}} + - name: image-expires-after + value: 5d + - name: dockerfile + value: Dockerfile + pipelineSpec: + description: | + This pipeline is ideal for building container images from a Containerfile while maintaining trust after pipeline customization. + + _Uses `buildah` to create a container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://conforma.dev/docs/policy/packages/release_trusted_task.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks. + This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build-oci-ta?tab=tags)_ + params: + - description: Source Repository URL + name: git-url + type: string + - default: "" + description: Revision of the Source Repository + name: revision + type: string + - description: Fully Qualified Output Image + name: output-image + type: string + - default: . + description: Path to the source code of an application's component from where + to build image. + name: path-context + type: string + - default: Dockerfile + description: Path to the Dockerfile inside the context specified by parameter + path-context + name: dockerfile + type: string + - default: "false" + description: Skip checks against built image + name: skip-checks + type: string + - default: "false" + description: Execute the build with network isolation + name: hermetic + type: string + - default: "" + description: Build dependencies to be prefetched + name: prefetch-input + type: string + - default: "" + description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. + name: image-expires-after + type: string + - default: "false" + description: Build a source image. + name: build-source-image + type: string + - default: "false" + description: Add built image into an OCI image index + name: build-image-index + type: string + - default: docker + description: The format for the resulting image's mediaType. Valid values are + oci or docker. + name: buildah-format + type: string + - default: "false" + description: Enable cache proxy configuration + name: enable-cache-proxy + - default: [] + description: Array of --build-arg values ("arg=value" strings) for buildah + name: build-args + type: array + - default: "" + description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file + name: build-args-file + type: string + - default: "false" + description: Whether to enable privileged mode, should be used only with remote + VMs + name: privileged-nested + type: string + results: + - description: "" + name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - description: "" + name: CHAINS-GIT_URL + value: $(tasks.clone-repository.results.url) + - description: "" + name: CHAINS-GIT_COMMIT + value: $(tasks.clone-repository.results.commit) + tasks: + - name: init + params: + - name: enable-cache-proxy + value: $(params.enable-cache-proxy) + taskRef: + params: + - name: name + value: init + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:288f3106118edc1d0f0c79a89c960abf5841a4dd8bc3f38feb10527253105b19 + - name: kind + value: task + resolver: bundles + - name: clone-repository + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + - name: ociStorage + value: $(params.output-image).git + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) + runAfter: + - init + taskRef: + params: + - name: name + value: git-clone-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:2c388d28651457db60bb90287e7d8c3680303197196e4476878d98d81e8b6dc9 + - name: kind + value: task + resolver: bundles + workspaces: + - name: basic-auth + workspace: git-auth + - name: prefetch-dependencies + params: + - name: input + value: $(params.prefetch-input) + - name: SOURCE_ARTIFACT + value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + - name: ociStorage + value: $(params.output-image).prefetch + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) + runAfter: + - clone-repository + taskRef: + params: + - name: name + value: prefetch-dependencies-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:22612d629796a29ddd177d6e29c18a4319875d4e2348286ea01d16427cec0dc1 + - name: kind + value: task + resolver: bundles + workspaces: + - name: git-basic-auth + workspace: git-auth + - name: netrc + workspace: netrc + - name: build-container + params: + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + - name: PRIVILEGED_NESTED + value: $(params.privileged-nested) + - name: SOURCE_URL + value: $(tasks.clone-repository.results.url) + - name: BUILDAH_FORMAT + value: $(params.buildah-format) + - name: HTTP_PROXY + value: $(tasks.init.results.http-proxy) + - name: NO_PROXY + value: $(tasks.init.results.no-proxy) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - prefetch-dependencies + taskRef: + params: + - name: name + value: buildah-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.9@sha256:8db8c8fe3dcbf75a7ae2e55691d9b68823e106ebe302ef89556e8b71484c3725 + - name: kind + value: task + resolver: bundles + - name: build-image-index + params: + - name: IMAGE + value: $(params.output-image) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: ALWAYS_BUILD_INDEX + value: $(params.build-image-index) + - name: IMAGES + value: + - $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST) + - name: BUILDAH_FORMAT + value: $(params.buildah-format) + runAfter: + - build-container + taskRef: + params: + - name: name + value: build-image-index + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.2@sha256:ac4f8b58ade5000f6e47d287b72832f0d89a91651849467be73e05da639cff7d + - name: kind + value: task + resolver: bundles + - name: build-source-image + params: + - name: BINARY_IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: BINARY_IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: source-build-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:eb620d137d2dfa9966d991ac210ad14f391cfa9cfc501e3cc1eb24e3332c6986 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.build-source-image) + operator: in + values: + - "true" + - name: deprecated-base-image-check + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: deprecated-image-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:808fe09bb5b8503de569de097ae5dd619a7488110f79e8e215e69862ee3fce6d + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: clair-scan + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clair-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:654b989d7cdc03d082e56f216a29de04847215ee379a8d9ca315e453ad2b15c2 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: ecosystem-cert-preflight-checks + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: ecosystem-cert-preflight-checks + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:945f8ba72381402ce6b00efa24a6eeb19a27ba68b445474c28ebfbfb21bb365f + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-snyk-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-snyk-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:49b7d09db82e6cad98152db8f16707ca3d90a1709e846e3ed8c91a433c88724f + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: clamav-scan + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clamav-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:b2f25599a10ab0846e4659f76b5b78c0fddf561404656fda52055eda31e70d83 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-coverity-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - coverity-availability-check + taskRef: + params: + - name: name + value: sast-coverity-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check-oci-ta:0.3@sha256:9978b6163d54473a72ded5eb9b75d9ffae92118e544c7b96dc805cd66870b12d + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - input: $(tasks.coverity-availability-check.results.STATUS) + operator: in + values: + - success + - name: coverity-availability-check + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: coverity-availability-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:267d5bc069a0323f41e24732ddfd1057e5c639e853d1e620c67505fab78f1301 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-shell-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-shell-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:e7a51575f9188a1461d4520da25aaa4efdd3b896c97dc750941fa22840e55c13 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-unicode-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-unicode-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.4@sha256:0ca0203c25e22c9f12cc32436f6bf02df19fd177ba5f84926d804c711146974e + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: apply-tags + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: apply-tags + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:510b6d2a3b188adeb716e49566b57d611ab36bd69a2794b5ddfc11dbf014c2ca + - name: kind + value: task + resolver: bundles + - name: push-dockerfile + params: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: push-dockerfile-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.3@sha256:322d515ca66d92188067344761733d1e5c64d4b7bb790d10f35540da5e6289f1 + - name: kind + value: task + resolver: bundles + - name: rpms-signature-scan + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:47b81d6b3d752649eddfbb8b3fd8f6522c4bb07f6d1946f9bc45dae3f92e2c9a + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: git-auth + optional: true + - name: netrc + optional: true + taskRunTemplate: + serviceAccountName: build-pipeline-konflux-ui-test + workspaces: + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' +status: {} diff --git a/.tekton/konflux-ui-test-push.yaml b/.tekton/konflux-ui-test-push.yaml new file mode 100644 index 00000000..7b1ffb65 --- /dev/null +++ b/.tekton/konflux-ui-test-push.yaml @@ -0,0 +1,580 @@ +apiVersion: tekton.dev/v1 +kind: PipelineRun +metadata: + annotations: + build.appstudio.openshift.io/repo: https://github.com/abhinandan13jan/konflux-ui-test?rev={{revision}} + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/cancel-in-progress: "false" + pipelinesascode.tekton.dev/max-keep-runs: "3" + pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch + == "main" + creationTimestamp: null + labels: + appstudio.openshift.io/application: dummy-konflux + appstudio.openshift.io/component: konflux-ui-test + pipelines.appstudio.openshift.io/type: build + name: konflux-ui-test-on-push + namespace: abhindas-tenant +spec: + params: + - name: git-url + value: '{{source_url}}' + - name: revision + value: '{{revision}}' + - name: output-image + value: quay.io/redhat-user-workloads-stage/abhindas-tenant/konflux-ui-test:{{revision}} + - name: dockerfile + value: Dockerfile + pipelineSpec: + description: | + This pipeline is ideal for building container images from a Containerfile while maintaining trust after pipeline customization. + + _Uses `buildah` to create a container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://conforma.dev/docs/policy/packages/release_trusted_task.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks. + This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build-oci-ta?tab=tags)_ + params: + - description: Source Repository URL + name: git-url + type: string + - default: "" + description: Revision of the Source Repository + name: revision + type: string + - description: Fully Qualified Output Image + name: output-image + type: string + - default: . + description: Path to the source code of an application's component from where + to build image. + name: path-context + type: string + - default: Dockerfile + description: Path to the Dockerfile inside the context specified by parameter + path-context + name: dockerfile + type: string + - default: "false" + description: Skip checks against built image + name: skip-checks + type: string + - default: "false" + description: Execute the build with network isolation + name: hermetic + type: string + - default: "" + description: Build dependencies to be prefetched + name: prefetch-input + type: string + - default: "" + description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. + name: image-expires-after + type: string + - default: "false" + description: Build a source image. + name: build-source-image + type: string + - default: "false" + description: Add built image into an OCI image index + name: build-image-index + type: string + - default: docker + description: The format for the resulting image's mediaType. Valid values are + oci or docker. + name: buildah-format + type: string + - default: "false" + description: Enable cache proxy configuration + name: enable-cache-proxy + - default: [] + description: Array of --build-arg values ("arg=value" strings) for buildah + name: build-args + type: array + - default: "" + description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file + name: build-args-file + type: string + - default: "false" + description: Whether to enable privileged mode, should be used only with remote + VMs + name: privileged-nested + type: string + results: + - description: "" + name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - description: "" + name: CHAINS-GIT_URL + value: $(tasks.clone-repository.results.url) + - description: "" + name: CHAINS-GIT_COMMIT + value: $(tasks.clone-repository.results.commit) + tasks: + - name: init + params: + - name: enable-cache-proxy + value: $(params.enable-cache-proxy) + taskRef: + params: + - name: name + value: init + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:288f3106118edc1d0f0c79a89c960abf5841a4dd8bc3f38feb10527253105b19 + - name: kind + value: task + resolver: bundles + - name: clone-repository + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + - name: ociStorage + value: $(params.output-image).git + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) + runAfter: + - init + taskRef: + params: + - name: name + value: git-clone-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:2c388d28651457db60bb90287e7d8c3680303197196e4476878d98d81e8b6dc9 + - name: kind + value: task + resolver: bundles + workspaces: + - name: basic-auth + workspace: git-auth + - name: prefetch-dependencies + params: + - name: input + value: $(params.prefetch-input) + - name: SOURCE_ARTIFACT + value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + - name: ociStorage + value: $(params.output-image).prefetch + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) + runAfter: + - clone-repository + taskRef: + params: + - name: name + value: prefetch-dependencies-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:22612d629796a29ddd177d6e29c18a4319875d4e2348286ea01d16427cec0dc1 + - name: kind + value: task + resolver: bundles + workspaces: + - name: git-basic-auth + workspace: git-auth + - name: netrc + workspace: netrc + - name: build-container + params: + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + - name: PRIVILEGED_NESTED + value: $(params.privileged-nested) + - name: SOURCE_URL + value: $(tasks.clone-repository.results.url) + - name: BUILDAH_FORMAT + value: $(params.buildah-format) + - name: HTTP_PROXY + value: $(tasks.init.results.http-proxy) + - name: NO_PROXY + value: $(tasks.init.results.no-proxy) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - prefetch-dependencies + taskRef: + params: + - name: name + value: buildah-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.9@sha256:8db8c8fe3dcbf75a7ae2e55691d9b68823e106ebe302ef89556e8b71484c3725 + - name: kind + value: task + resolver: bundles + - name: build-image-index + params: + - name: IMAGE + value: $(params.output-image) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: ALWAYS_BUILD_INDEX + value: $(params.build-image-index) + - name: IMAGES + value: + - $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST) + - name: BUILDAH_FORMAT + value: $(params.buildah-format) + runAfter: + - build-container + taskRef: + params: + - name: name + value: build-image-index + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.2@sha256:ac4f8b58ade5000f6e47d287b72832f0d89a91651849467be73e05da639cff7d + - name: kind + value: task + resolver: bundles + - name: build-source-image + params: + - name: BINARY_IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: BINARY_IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: source-build-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:eb620d137d2dfa9966d991ac210ad14f391cfa9cfc501e3cc1eb24e3332c6986 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.build-source-image) + operator: in + values: + - "true" + - name: deprecated-base-image-check + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: deprecated-image-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:808fe09bb5b8503de569de097ae5dd619a7488110f79e8e215e69862ee3fce6d + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: clair-scan + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clair-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:654b989d7cdc03d082e56f216a29de04847215ee379a8d9ca315e453ad2b15c2 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: ecosystem-cert-preflight-checks + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: ecosystem-cert-preflight-checks + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:945f8ba72381402ce6b00efa24a6eeb19a27ba68b445474c28ebfbfb21bb365f + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-snyk-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-snyk-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:49b7d09db82e6cad98152db8f16707ca3d90a1709e846e3ed8c91a433c88724f + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: clamav-scan + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clamav-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:b2f25599a10ab0846e4659f76b5b78c0fddf561404656fda52055eda31e70d83 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-coverity-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - coverity-availability-check + taskRef: + params: + - name: name + value: sast-coverity-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check-oci-ta:0.3@sha256:9978b6163d54473a72ded5eb9b75d9ffae92118e544c7b96dc805cd66870b12d + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - input: $(tasks.coverity-availability-check.results.STATUS) + operator: in + values: + - success + - name: coverity-availability-check + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: coverity-availability-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:267d5bc069a0323f41e24732ddfd1057e5c639e853d1e620c67505fab78f1301 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-shell-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-shell-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:e7a51575f9188a1461d4520da25aaa4efdd3b896c97dc750941fa22840e55c13 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-unicode-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-unicode-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.4@sha256:0ca0203c25e22c9f12cc32436f6bf02df19fd177ba5f84926d804c711146974e + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: apply-tags + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: apply-tags + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:510b6d2a3b188adeb716e49566b57d611ab36bd69a2794b5ddfc11dbf014c2ca + - name: kind + value: task + resolver: bundles + - name: push-dockerfile + params: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: push-dockerfile-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.3@sha256:322d515ca66d92188067344761733d1e5c64d4b7bb790d10f35540da5e6289f1 + - name: kind + value: task + resolver: bundles + - name: rpms-signature-scan + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:47b81d6b3d752649eddfbb8b3fd8f6522c4bb07f6d1946f9bc45dae3f92e2c9a + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: git-auth + optional: true + - name: netrc + optional: true + taskRunTemplate: + serviceAccountName: build-pipeline-konflux-ui-test + workspaces: + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' +status: {} diff --git a/deploy-konflux-ci.yaml b/deploy-konflux-ci.yaml new file mode 100644 index 00000000..68929c9b --- /dev/null +++ b/deploy-konflux-ci.yaml @@ -0,0 +1,247 @@ +--- +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: deploy-konflux-ci + labels: + konflux-ci/kind: "true" + app.kubernetes.io/version: "0.2" + upstream-usable: "true" + annotations: + tekton.dev/pipelines.minVersion: "0.44.x" + tekton.dev/tags: konflux +spec: + description: | + This task performs a full Konflux CI deployment. It clones the specified Git repository, + checks out the desired branch, and runs deployment scripts using a kubeconfig retrieved from + a Kubernetes secret. It is intended for use in OpenShift Pipelines or other Tekton environments. + + params: + - name: cluster-access-secret + description: Name of the Kubernetes Secret that contains the kubeconfig (base64 encoded) used to access the target cluster. + - name: repo-url + description: URL of the Git repository containing the Konflux CI deployment scripts. + default: https://github.com/konflux-ci/konflux-ci.git + - name: repo-branch + description: Git branch to check out when cloning the repository. + default: main + - name: create-test-resources + description: 'Indicates if a set of test resources should be installed' + default: 'true' + - name: component-name + description: | + The GitHub repository name of the Konflux CI component to customize (e.g., `build-service`, `release-service`). + Used for applying image or Kubernetes manifest overrides. + default: '' + - name: component-image-repository + description: | + Overrides the container image repository for the `component-name` (e.g., `quay.io/my-org/my-custom-image`). + default: '' + - name: component-image-tag + description: | + Overrides the container image tag for the `component-name` (e.g., `latest`, `my-feature-branch`). + default: '' + - name: component-pr-owner + description: | + GitHub owner (user|org) of the fork/PR providing custom Kubernetes manifests for the `component-name`. + default: '' + - name: component-pr-sha + description: | + Commit SHA of the PR (from `component-pr-owner`) supplying custom Kubernetes manifests for the `component-name`. + default: '' + - name: component-pr-source-branch + description: | + GitHub source branch of the pull request. + default: '' + - name: oci-ref + type: string + description: Full OCI artifact reference in a format "quay.io/org/repo:tag. It's used for storing logs from the Task's Steps + - name: oci-credentials + type: string + description: | + The secret name containing credentials for container registry where the artifacts will be stored. + The secret should contain `data.oci-storage-dockerconfigjson: ` + default: "konflux-test-infra" + + volumes: + - name: credentials + secret: + secretName: $(params.cluster-access-secret) + - name: workdir + emptyDir: {} + - name: logs + emptyDir: {} + - name: konflux-test-infra-volume + secret: + secretName: $(params.oci-credentials) + + stepTemplate: + env: + - name: KUBECONFIG + value: '/credentials/kubeconfig' + - name: LOG_FILENAME + value: '/var/log-dir/deploy-konflux-ci.log' + volumeMounts: + - name: credentials + mountPath: /credentials + - name: workdir + mountPath: /var/workdir + - name: logs + mountPath: /var/log-dir/ + + steps: + - name: clone-konflux-ci + image: quay.io/openshift-pipeline/pipelines-git-init-rhel9@sha256:7eee14366c516d92cf7480c9bc256cf0e544bf06da5d46ffb5e8bfe3e448326c + onError: continue + workingDir: /var/workdir + securityContext: + runAsUser: 0 + args: + - -url=$(params.repo-url) + - -revision=$(params.repo-branch) + - -path=. + - name: solve-pr-pairing + image: quay.io/konflux-ci/tekton-integration-catalog/utils:latest + onError: continue + workingDir: /var/workdir + when: + - input: "$(params.component-name)" + operator: notin + values: [""] + env: + - name: COMPONENT_NAME + value: "$(params.component-name)" + - name: PR_SOURCE_BRANCH + value: "$(params.component-pr-source-branch)" + - name: PR_AUTHOR + value: "$(params.component-pr-owner)" + - name: PR_SHA + value: "$(params.component-pr-sha)" + script: | + #!/bin/bash + set -euo pipefail + + { + echo "[INFO] Fetching and executing solve-pr-pairing.sh..." + curl -sSfL https://raw.githubusercontent.com/konflux-ci/tekton-integration-catalog/main/scripts/konflux-ci-deploy/solve-pr-pairing.sh | bash + } 2>&1 | tee -a $LOG_FILENAME + - name: update-kustomization + image: quay.io/konflux-ci/tekton-integration-catalog/utils:latest + onError: continue + workingDir: /var/workdir + when: + - input: "$(params.component-name)" + operator: notin + values: [""] + script: | + #!/bin/bash + set -euo pipefail + + { + if [ -f /var/workdir/.env ]; then + echo "[INFO] Loading env vars from /var/workdir/.env: $(cat /var/workdir/.env)" + source /var/workdir/.env + else + echo "[INFO] Loading env vars from parameters" + + COMPONENT_NAME="$(params.component-name)" + IMAGE_REPO="$(params.component-image-repository)" + IMAGE_TAG="$(params.component-image-tag)" + PR_OWNER="$(params.component-pr-owner)" + PR_SHA="$(params.component-pr-sha)" + fi + + # Repo names do not match the ones of the component. Try to find the right kustomization.yaml based on the component name. + KUSTOMIZATION_PATH=$(find konflux-ci/ -type f -name "kustomization.yaml" -path "*${COMPONENT_NAME%-service}*/core/*" | head -n 1) + + # Check if the file exists + if [[ ! -f "${KUSTOMIZATION_PATH}" ]]; then + echo "[WARNING] No substitutions will be applied as the kustomization file for $(params.component-name) has not been found." + exit 0 + fi + + # Apply substitutions + if [[ -n "$IMAGE_REPO" ]]; then + echo "[INFO] Updating image repository to $IMAGE_REPO" + yq -i e "(.images.[] | select(.name==\"quay.io/konflux-ci/${COMPONENT_NAME}\")) |= .newName=\"${IMAGE_REPO}\"" "$KUSTOMIZATION_PATH" + fi + + if [[ -n "$IMAGE_TAG" ]]; then + echo "[INFO] Updating image tag to $IMAGE_TAG" + yq -i e "(.images.[] | select(.name==\"quay.io/konflux-ci/${COMPONENT_NAME}\")) |= .newTag=\"${IMAGE_TAG}\"" "$KUSTOMIZATION_PATH" + fi + + if [[ -n "$PR_OWNER" && -n "$PR_SHA" ]]; then + echo "[INFO] Updating GitHub reference to $PR_OWNER@$PR_SHA" + yq -i e "(.resources[] | select(. ==\"*github.com/konflux-ci/${COMPONENT_NAME}/config/default*\")) |= \"https://github.com/${PR_OWNER}/${COMPONENT_NAME}/config/default?ref=${PR_SHA}\"" "$KUSTOMIZATION_PATH" + yq -i e "(.resources[] | select(. ==\"*github.com/konflux-ci/${COMPONENT_NAME}/config/snapshotgc*\")) |= \"https://github.com/${PR_OWNER}/${COMPONENT_NAME}/config/snapshotgc?ref=${PR_SHA}\"" "$KUSTOMIZATION_PATH" + fi + } 2>&1 | tee -a $LOG_FILENAME + + - name: deploy + image: quay.io/konflux-ci/tekton-integration-catalog/utils:latest + onError: continue + workingDir: /var/workdir + script: | + #!/bin/bash + set -euo pipefail + + { + kubectl cluster-info + + echo "[INFO] Installing Konflux CI dependencies" + ./deploy-deps.sh + ./wait-for-all.sh + + echo "[INFO] Installing Konflux CI..." + ./deploy-konflux.sh + + kubectl get po -A + } 2>&1 | tee -a $LOG_FILENAME + - name: create-test-resources + image: quay.io/konflux-ci/tekton-integration-catalog/utils:latest + onError: continue + workingDir: /var/workdir + when: + - input: "$(params.create-test-resources)" + operator: in + values: ["true"] + script: | + #!/bin/bash + set -euo pipefail + + { + echo "[INFO] Applying Kyverno to reduce resources for testing" + kubectl apply -f ./dependencies/kyverno/policy/e2e-reduce-resources.yaml + + echo "[INFO] Creating Test Resources..." + ./deploy-test-resources.sh + } 2>&1 | tee -a $LOG_FILENAME + + - name: secure-push-oci + ref: + resolver: git + params: + - name: url + value: https://github.com/konflux-ci/tekton-integration-catalog.git + - name: revision + value: main + - name: pathInRepo + value: stepactions/secure-push-oci/0.1/secure-push-oci.yaml + params: + - name: workdir-path + value: /var/log-dir/ + - name: oci-ref + value: $(params.oci-ref) + - name: credentials-volume-name + value: konflux-test-infra-volume + - name: fail-if-any-step-failed + ref: + resolver: git + params: + - name: url + value: https://github.com/konflux-ci/tekton-integration-catalog.git + - name: revision + value: main + - name: pathInRepo + value: stepactions/fail-if-any-step-failed/0.1/fail-if-any-step-failed.yaml diff --git a/integration-tests/IntegrationTestScenarios/e2e-konflux-ui.yaml b/integration-tests/IntegrationTestScenarios/e2e-konflux-ui.yaml new file mode 100644 index 00000000..bfa4af4a --- /dev/null +++ b/integration-tests/IntegrationTestScenarios/e2e-konflux-ui.yaml @@ -0,0 +1,38 @@ +apiVersion: appstudio.redhat.com/v1beta2 +kind: IntegrationTestScenario +metadata: + labels: + test.appstudio.openshift.io/optional: 'false' + name: konflux-ui-e2e +spec: + application: konflux-ui-test + contexts: + - description: execute the integration test in all cases - this would be the default state + name: application + - description: execute the integration test for a Snapshot created for a `pull request` event + name: pull_request + params: + - name: konflux-test-infra-secret + value: konflux-test-infra + - name: oci-credentials-secret + value: quay-secret + - name: github-credentials-secret + value: github-credentials + - name: cypress-credentials-secret + value: cypress-credentials + - name: cypress-cloud-secret + value: cypress-cloud-credentials-disabled + - name: slack-credentials-secret + value: slack-credentials + - name: debug-pause-minutes + value: "10" + resolverRef: + params: + - name: url + value: https://github.com/testcara/konflux-ui-test + - name: revision + value: main + - name: pathInRepo + value: integration-tests/Pipelines/e2e-main-pipeline.yaml + resolver: git + resourceKind: pipeline diff --git a/integration-tests/PLRs/PipelineRuns.yaml b/integration-tests/PLRs/PipelineRuns.yaml new file mode 100644 index 00000000..e0497fdc --- /dev/null +++ b/integration-tests/PLRs/PipelineRuns.yaml @@ -0,0 +1,31 @@ +apiVersion: tekton.dev/v1beta1 +kind: PipelineRun +metadata: + generateName: e2e-test- + namespace: wlin-tenant +spec: + pipelineRef: + resolver: git + params: + - name: url + value: https://github.com/testcara/konflux-ui-test + - name: revision + value: main + - name: pathInRepo + value: integration-tests/Pipelines/e2e-main-pipeline.yaml + params: + # IMPORTANT: Replace with actual component name and image from your build + # Example: quay.io/redhat-user-workloads-stage/wlin-tenant/cara-konflux-ui-test-b1228@sha256:... + - name: SNAPSHOT + value: '{"components": [{"name":"cara-konflux-ui-test-b1228", "containerImage": "quay.io/redhat-user-workloads-stage/wlin-tenant/cara-konflux-ui-test-b1228:latest"}]}' + - name: konflux-test-infra-secret + value: konflux-test-infra + - name: oci-credentials-secret + value: quay-secret + - name: github-credentials-secret + value: github-credentials + - name: cypress-credentials-secret + value: cypress-credentials + - name: slack-credentials-secret + value: slack-credentials + timeout: 2h0m0s diff --git a/integration-tests/Pipelines/e2e-main-pipeline.yaml b/integration-tests/Pipelines/e2e-main-pipeline.yaml new file mode 100644 index 00000000..64c50f49 --- /dev/null +++ b/integration-tests/Pipelines/e2e-main-pipeline.yaml @@ -0,0 +1,303 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: Pipeline +metadata: + name: e2e-main-pipeline + namespace: wlin-tenant +spec: + params: + - name: SNAPSHOT + description: 'The JSON string representing the snapshot of the application under test.' + default: '{"components": [{"name":"test-app", "containerImage": "quay.io/example/repo:latest"}]}' + type: string + - name: konflux-test-infra-secret + description: The name of secret where testing infrastructures credentials are stored. + type: string + - name: oci-container-repo + default: 'quay.io/carawang/konflux-ui-test' + description: The ORAS container used to store all test artifacts. + - name: e2e-artifacts-repo + default: 'quay.io/konflux_ui_qe/pr-check-artefacts' + description: The OCI repository to store E2E test artifacts (videos, screenshots, reports) + type: string + - name: artifact-browser-url + description: 'URL to the artifact browser deployment. If provided, a link will be added to PR comments.' + default: '' + type: string + - name: github-credentials-secret + description: 'Secret name containing GitHub token' + default: 'github-credentials' + type: string + - name: cypress-credentials-secret + description: 'Secret name containing Cypress credentials' + default: 'cypress-credentials' + type: string + - name: cypress-cloud-secret + description: 'Secret name containing Cypress Cloud credentials' + default: 'cypress-cloud-credentials' + type: string + - name: slack-credentials-secret + description: 'Secret name containing Slack credentials' + default: 'slack-credentials' + type: string + - name: oci-credentials-secret + description: 'Secret name containing OCI registry credentials (Quay.io)' + default: 'quay-secret' + type: string + - name: skip-provision + description: 'Skip provisioning Kind cluster (use existing cluster for debugging)' + default: 'false' + type: string + - name: skip-deploy + description: 'Skip deploying Konflux (use existing deployment for debugging)' + default: 'false' + type: string + - name: skip-deprovision + description: 'Skip deprovisioning Kind cluster (keep cluster for debugging)' + default: 'false' + type: string + - name: cluster-kubeconfig-secret + description: 'Name of cluster kubeconfig secret. Use existing secret name when skip-provision=true, or leave empty for auto-generated name.' + default: '' + type: string + - name: debug-pause-minutes + description: 'Minutes to pause for manual debugging after port-forward setup (0 to skip)' + default: '0' + type: string + tasks: + - name: konflux-ui-pr-metadata + taskRef: + resolver: git + params: + - name: url + value: https://github.com/testcara/konflux-ui-test + - name: revision + value: main + - name: pathInRepo + value: integration-tests/Tasks/konflux-ui-pr-metadata.yaml + params: + - name: SNAPSHOT + value: $(params.SNAPSHOT) + - name: test-name + value: $(context.pipelineRun.name) + - name: show-snapshot-data + taskRef: + resolver: git + params: + - name: url + value: https://github.com/testcara/konflux-ui-test + - name: revision + value: main + - name: pathInRepo + value: integration-tests/Tasks/show-snapshot-data.yaml + params: + - name: snapshot + value: $(params.SNAPSHOT) + - name: check-org-membership + runAfter: + - show-snapshot-data + - konflux-ui-pr-metadata + taskRef: + resolver: git + params: + - name: url + value: https://github.com/testcara/konflux-ui-test + - name: revision + value: main + - name: pathInRepo + value: integration-tests/Tasks/check-org-membership.yaml + params: + - name: job-spec + value: $(tasks.konflux-ui-pr-metadata.results.job-spec) + - name: github-credentials-secret + value: $(params.github-credentials-secret) + - name: provision-kind-cluster + runAfter: + - check-org-membership + when: + - input: '$(tasks.konflux-ui-pr-metadata.results.pull-request-author)' + operator: notin + values: ['red-hat-konflux[bot]'] + - input: '$(params.skip-provision)' + operator: in + values: ['false'] + taskRef: + resolver: git + params: + - name: url + value: https://github.com/konflux-ci/tekton-integration-catalog + - name: revision + value: main + - name: pathInRepo + value: tasks/mapt-oci/kind-aws-spot/provision/0.2/kind-aws-provision.yaml + params: + - name: secret-aws-credentials + value: $(params.konflux-test-infra-secret) + - name: cluster-access-secret-name + value: kfg-$(context.pipelineRun.name) + - name: id + value: $(context.pipelineRun.name) + - name: tags + value: 'owner=konflux-devprod@redhat.com,project=Konflux,created-by=integration-pipeline,component=release-service-catalog' + - name: debug + value: 'false' + - name: ownerKind + value: PipelineRun + - name: ownerName + value: $(context.pipelineRun.name) + - name: ownerUid + value: $(context.pipelineRun.uid) + - name: oci-ref + value: $(params.oci-container-repo):$(context.pipelineRun.name) + - name: oci-credentials + value: $(params.oci-credentials-secret) + - name: cpus + value: '4' + - name: memory + value: '16' + - name: compute-sizes + value: 'm5.xlarge,m5a.xlarge,m5d.xlarge,m6i.xlarge,m6a.xlarge,m7i.xlarge,t3.xlarge,t3a.xlarge' + - name: deploy-konflux + when: + - input: '$(tasks.konflux-ui-pr-metadata.results.pull-request-author)' + operator: notin + values: ['red-hat-konflux[bot]'] + - input: '$(params.skip-deploy)' + operator: in + values: ['false'] + runAfter: + - provision-kind-cluster + taskRef: + resolver: git + params: + - name: url + value: https://github.com/konflux-ci/tekton-integration-catalog + - name: revision + value: main + - name: pathInRepo + value: tasks/konflux-ci/deploy/0.2/deploy-konflux-ci.yaml + params: + - name: create-test-resources + value: 'false' + - name: cluster-access-secret + value: kfg-$(context.pipelineRun.name) + - name: component-name + value: release-service-catalog + - name: component-pr-owner + value: $(tasks.konflux-ui-pr-metadata.results.pull-request-author) + - name: component-pr-sha + value: '' + - name: component-pr-source-branch + value: $(tasks.konflux-ui-pr-metadata.results.source-repo-branch) + - name: oci-ref + value: $(params.oci-container-repo):$(context.pipelineRun.name) + - name: oci-credentials + value: $(params.oci-credentials-secret) + - name: run-e2e-konflux-ui + when: + - input: '$(tasks.konflux-ui-pr-metadata.results.pull-request-author)' + operator: notin + values: ['red-hat-konflux[bot]'] + runAfter: + - deploy-konflux + - check-org-membership + taskRef: + resolver: git + params: + - name: url + value: https://github.com/testcara/konflux-ui-test + - name: revision + value: main + - name: pathInRepo + value: integration-tests/Tasks/run-e2e-konflux-ui.yaml + params: + - name: job-spec + value: '$(tasks.konflux-ui-pr-metadata.results.job-spec)' + - name: git-url + value: 'https://github.com/testcara/konflux-ui-test' + - name: git-revision + value: 'main' + - name: cypress-credentials-secret + value: $(params.cypress-credentials-secret) + - name: cypress-cloud-secret + value: $(params.cypress-cloud-secret) + - name: slack-credentials-secret + value: $(params.slack-credentials-secret) + - name: github-credentials-secret + value: $(params.github-credentials-secret) + - name: cluster-access-secret + value: '$(params.cluster-kubeconfig-secret)' + - name: debug-pause-minutes + value: $(params.debug-pause-minutes) + - name: oci-storage + value: '$(params.e2e-artifacts-repo)' + - name: oci-credentials-secret + value: $(params.oci-credentials-secret) + finally: + - name: deprovision-kind-cluster + when: + - input: '$(tasks.konflux-ui-pr-metadata.results.pull-request-author)' + operator: notin + values: ['red-hat-konflux[bot]'] + - input: '$(params.skip-deprovision)' + operator: in + values: ['false'] + taskRef: + resolver: git + params: + - name: url + value: https://github.com/konflux-ci/tekton-integration-catalog + - name: revision + value: main + - name: pathInRepo + value: tasks/mapt-oci/kind-aws-spot/deprovision/0.1/kind-aws-deprovision.yaml + params: + - name: secret-aws-credentials + value: $(params.konflux-test-infra-secret) + - name: id + value: $(context.pipelineRun.name) + - name: cluster-access-secret + value: kfg-$(context.pipelineRun.name) + - name: oci-container + value: $(params.oci-container-repo):$(context.pipelineRun.name) + - name: oci-credentials + value: $(params.oci-credentials-secret) + - name: pull-request-status-message + when: + - input: '$(tasks.konflux-ui-pr-metadata.results.pull-request-author)' + operator: notin + values: ['red-hat-konflux[bot]'] + taskRef: + resolver: git + params: + - name: url + value: https://github.com/konflux-ci/tekton-integration-catalog.git + - name: revision + value: main + - name: pathInRepo + value: tasks/pull-request-comment/0.1/pull-request-comment.yaml + params: + - name: test-name + value: '$(context.pipelineRun.name)' + - name: oci-container + value: '$(params.oci-container-repo):$(context.pipelineRun.name)' + - name: pipeline-aggregate-status + value: '$(tasks.status)' + - name: pull-request-author + value: '$(tasks.konflux-ui-pr-metadata.results.pull-request-author)' + - name: pull-request-number + value: '$(tasks.konflux-ui-pr-metadata.results.pull-request-number)' + - name: git-repo + value: '$(tasks.konflux-ui-pr-metadata.results.git-repo)' + - name: git-org + value: '$(tasks.konflux-ui-pr-metadata.results.git-org)' + - name: git-revision + value: '$(tasks.konflux-ui-pr-metadata.results.git-revision)' + - name: junit-report-name + value: e2e-report.xml + - name: e2e-log-name + value: e2e-tests.log + - name: cluster-provision-log-name + value: cluster-provision.log + - name: enable-test-results-analysis + value: 'true' diff --git a/integration-tests/Tasks/check-org-membership.yaml b/integration-tests/Tasks/check-org-membership.yaml new file mode 100644 index 00000000..361e5157 --- /dev/null +++ b/integration-tests/Tasks/check-org-membership.yaml @@ -0,0 +1,81 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: check-org-membership + annotations: + tekton.dev/displayName: 'konflux-ui-org-membership' + tekton.dev/categories: 'Pipeline' + tekton.dev/tags: 'config,rhads' +spec: + description: >- + checks org membership for konflux-ui + params: + - name: job-spec + description: 'Job specification metadata' + type: string + - name: github-credentials-secret + description: 'Secret name containing GitHub token' + type: string + default: "github-credentials" + results: + - name: membership-result + description: 'The RHADS configuration content (base64 encoded)' + steps: + - name: check-org-membership + image: quay.io/konflux-ci/appstudio-utils:ab6b0b8e40e440158e7288c73aff1cf83a2cc8a9@sha256:24179f0efd06c65d16868c2d7eb82573cce8e43533de6cea14fec3b7446e0b14 + env: + - name: JOB_SPEC + value: $(params.job-spec) + - name: GITHUB_TOKEN + valueFrom: + secretKeyRef: + name: $(params.github-credentials-secret) + key: token + optional: true + script: | + #!/usr/bin/env bash + set -euo pipefail + + # First check event type - if not PR, skip all checks + EVENT_TYPE=$(jq -r '.git.event_type' <<< "$JOB_SPEC") + + if [ "$EVENT_TYPE" != 'pull_request' ]; then + echo "The workflow is not triggered from PR, but $EVENT_TYPE - skipping further checks." + exit 0 + fi + + # Only parse PR-specific fields if this is a PR event + SOURCE_REPO_URL=$(jq -r '.git.source_repo_url' <<< "$JOB_SPEC") + PR_AUTHOR=$(jq -r '.git.pull_request_author // "unknown"' <<< "$JOB_SPEC") + PR_LABELS=$(jq -r '.git.pull_request_labels // ""' <<< "$JOB_SPEC") + + echo "$PR_AUTHOR $PR_LABELS" + + WHITELISTED_BOT_NAME=("red-hat-konflux[bot]" "konflux-staging[bot]") + REQUIRED_LABEL_NAME="ok-to-test" + + ORG=$(jq -r '.git.git_org // "unknown"' <<< "$JOB_SPEC") + + for bot in "${WHITELISTED_BOT_NAME[@]}"; do + if [[ "$bot" == "$PR_AUTHOR" ]]; then + echo "PR author is a whitelisted bot, skipping further checks." + exit 0 + fi + done + + if [[ "$PR_LABELS" == *$REQUIRED_LABEL_NAME* ]]; then + echo "PR has '$REQUIRED_LABEL_NAME' label, skipping further checks." + exit 0 + fi + + ALLOWED_USERS=("Katka92" "rrosatti" "janaki29" "sahil143" "testcara" "milantaky" "StanislavJochman" "JoaoPedroPP" "rakshett" "abhinandan13jan" "marcin-michal") + for author in "${ALLOWED_USERS[@]}"; do + if [[ "$author" == "$PR_AUTHOR" ]]; then + echo "PR author is in ALLOWED_USERS list. Running E2E tests." + exit 0 + fi + done + + echo "Still allowing. change this to exit 1 later" + exit 0 diff --git a/integration-tests/Tasks/konflux-ui-pr-metadata.yaml b/integration-tests/Tasks/konflux-ui-pr-metadata.yaml new file mode 100644 index 00000000..8d0f0904 --- /dev/null +++ b/integration-tests/Tasks/konflux-ui-pr-metadata.yaml @@ -0,0 +1,208 @@ +--- +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: konflux-ui-pr-metadata + labels: + app.kubernetes.io/version: '0.1' + upstream-usable: 'true' + annotations: + tekton.dev/pipelines.minVersion: 0.12.1 + tekton.dev/tags: konflux +spec: + description: | + The `konflux-ui-pr-metadata` Task is responsible for gathering and processing metadata during the execution of a pipeline test. + It collects various Git and repository details, such as the type of event that triggered the pipeline (Push or Pull Request), + the Git URL and revision, PR-labels and details about the container image built during the test. + The task processes metadata labels and annotations, constructs a job specification for the Konflux CI system, + and writes this information to specified results. + results: + - name: test-event-type + description: Indicates if the job is triggered by a Pull Request or a Push event. + - name: pull-request-number + description: The pull request number if the job is triggered by a pull request event. + - name: git-url + description: The Git URL from which the test pipeline is originating. This can be from a fork or the original repository. + - name: git-revision + description: The Git revision (commit SHA) from which the test pipeline is originating. + - name: container-image + description: The container image built from the specified Git revision. + - name: git-org + description: The GitHub organization from which the test is originating. + - name: git-repo + description: The repository from which the test is originating. + - name: pull-request-author + description: The GitHub author of the pull request event. + - name: pull-request-labels + description: The GitHub author of the pull request event. + - name: job-spec + description: The Konflux CI job spec metadata generated. + - name: source-repo-url + description: Will show the source from where a Pull Request was opened. Can be from a fork or upstream. + - name: source-repo-branch + description: Get the branch from the fork or upstream repo where the pipeline is executed. + - name: target-repo-branch + description: The target branch value from the Pull Request or the current branch value in case of push event. + - name: component-name + description: The name of the component that is being executed from Konflux. + params: + - name: SNAPSHOT + description: The JSON string of the Snapshot under test. + - name: test-name + type: string + description: The name of the test being executed. + steps: + - name: test-metadata + image: quay.io/konflux-qe-incubator/konflux-qe-tools:latest + workingDir: /workspace + env: + - name: SNAPSHOT + value: $(params.SNAPSHOT) + - name: EVENT_TYPE + valueFrom: + fieldRef: + fieldPath: metadata.labels['pac.test.appstudio.openshift.io/event-type'] + - name: KONFLUX_COMPONENT_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['appstudio.openshift.io/component'] + - name: PULL_REQUEST_NUMBER + valueFrom: + fieldRef: + fieldPath: metadata.labels['pac.test.appstudio.openshift.io/pull-request'] + - name: GIT_ORGANIZATION + valueFrom: + fieldRef: + fieldPath: metadata.labels['pac.test.appstudio.openshift.io/url-org'] + - name: GIT_REPOSITORY + valueFrom: + fieldRef: + fieldPath: metadata.labels['pac.test.appstudio.openshift.io/url-repository'] + - name: SOURCE_REPO_URL + valueFrom: + fieldRef: + fieldPath: metadata.annotations['pac.test.appstudio.openshift.io/source-repo-url'] + - name: SOURCE_REPO_BRANCH + valueFrom: + fieldRef: + fieldPath: metadata.annotations['pac.test.appstudio.openshift.io/source-branch'] + # This value refers to the target branch value in 'pull-request' events and branch value in 'push' events. + # E.g. for push event to 'main' branch this will have the value 'main'. For PR event that targets 'main' branch, this will be also 'main'. + - name: TARGET_REPO_BRANCH + valueFrom: + fieldRef: + fieldPath: metadata.annotations['pac.test.appstudio.openshift.io/branch'] + - name: GROUP_TEST_INFO + valueFrom: + fieldRef: + fieldPath: metadata.annotations['test.appstudio.openshift.io/group-test-info'] + script: | + #!/bin/bash + + # If KONFLUX_COMPONENT_NAME is empty, use the first component from SNAPSHOT + if [[ -z "$KONFLUX_COMPONENT_NAME" ]]; then + KONFLUX_COMPONENT_NAME=$(jq -r '.components[0].name' <<< "$SNAPSHOT") + echo "[INFO] No component label found, using first component: $KONFLUX_COMPONENT_NAME" + fi + + # Extract additional environment variables from SNAPSHOT + GIT_URL=$(jq -r --arg component_name "$KONFLUX_COMPONENT_NAME" '.components[] | select(.name == $component_name) | .source.git.url' <<< "$SNAPSHOT") + GIT_REVISION=$(jq -r --arg component_name "$KONFLUX_COMPONENT_NAME" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT") + COMPONENT_CONTAINER_IMAGE=$(jq -r --arg component_name "$KONFLUX_COMPONENT_NAME" '.components[] | select(.name == $component_name) | .containerImage' <<< "$SNAPSHOT") + + # If GIT_ORGANIZATION or GIT_REPOSITORY are empty, extract from GIT_URL + if [[ -z "$GIT_ORGANIZATION" || -z "$GIT_REPOSITORY" ]]; then + echo "[INFO] Extracting org/repo from GIT_URL: $GIT_URL" + GIT_ORGANIZATION=$(echo "$GIT_URL" | sed -n 's#.*github.com/\([^/]*\)/.*#\1#p') + GIT_REPOSITORY=$(echo "$GIT_URL" | sed -n 's#.*github.com/[^/]*/\([^/]*\).*#\1#p' | sed 's/\.git$//') + fi + + # If PULL_REQUEST_NUMBER is empty, try to extract from GROUP_TEST_INFO + if [[ -z "$PULL_REQUEST_NUMBER" && -n "$GROUP_TEST_INFO" ]]; then + echo "[INFO] Extracting PR number from GROUP_TEST_INFO" + PULL_REQUEST_NUMBER=$(echo "$GROUP_TEST_INFO" | jq -r --arg component "$KONFLUX_COMPONENT_NAME" '.[] | select(.component == $component) | .pullRequestNumber' | head -1) + if [[ -z "$PULL_REQUEST_NUMBER" || "$PULL_REQUEST_NUMBER" == "null" ]]; then + # Fallback: use the first component's PR number + PULL_REQUEST_NUMBER=$(echo "$GROUP_TEST_INFO" | jq -r '.[0].pullRequestNumber') + fi + echo "[INFO] Found PR number: $PULL_REQUEST_NUMBER" + fi + + PR_AUTHOR="$(curl -s https://api.github.com/repos/${GIT_ORGANIZATION}/${GIT_REPOSITORY}/pulls/${PULL_REQUEST_NUMBER} | jq -r .user.login)" + PR_LABELS="$(curl -s https://api.github.com/repos/${GIT_ORGANIZATION}/${GIT_REPOSITORY}/pulls/${PULL_REQUEST_NUMBER} | jq -r .labels)" + + + + if [[ "$EVENT_TYPE" != "push" && -n "$PULL_REQUEST_NUMBER" ]]; then + EVENT_TYPE="pull_request" + elif [[ -z "$PULL_REQUEST_NUMBER" && "$EVENT_TYPE" != "push" ]]; then + EVENT_TYPE="push" + fi + + # For push events, set PR fields to null for valid JSON + if [[ "$EVENT_TYPE" == "push" || -z "$PULL_REQUEST_NUMBER" || "$PULL_REQUEST_NUMBER" == "null" ]]; then + PR_NUMBER_JSON="null" + else + PR_NUMBER_JSON="$PULL_REQUEST_NUMBER" + fi + + if [[ -z "$PR_AUTHOR" || "$PR_AUTHOR" == "null" ]]; then + PR_AUTHOR_JSON="null" + else + PR_AUTHOR_JSON="\"$PR_AUTHOR\"" + fi + + JOB_SPEC=$(cat < $(results.test-event-type.path) + echo -n "$PULL_REQUEST_NUMBER" > $(results.pull-request-number.path) + echo -n "$GIT_ORGANIZATION" > $(results.git-org.path) + echo -n "$GIT_REPOSITORY" > $(results.git-repo.path) + echo -n "$COMPONENT_CONTAINER_IMAGE" > $(results.container-image.path) + echo -n "$GIT_URL" > $(results.git-url.path) + echo -n "$GIT_REVISION" > $(results.git-revision.path) + echo -n "$PR_AUTHOR" > $(results.pull-request-author.path) + echo -n "$PR_LABELS" > $(results.pull-request-labels.path) + echo -n "$JOB_SPEC" > $(results.job-spec.path) + echo -n "$SOURCE_REPO_URL" > $(results.source-repo-url.path) + echo -n "$SOURCE_REPO_BRANCH" > $(results.source-repo-branch.path) + echo -n "$TARGET_REPO_BRANCH" > $(results.target-repo-branch.path) + echo -n "$KONFLUX_COMPONENT_NAME" > $(results.component-name.path) diff --git a/integration-tests/Tasks/run-e2e-konflux-ui.yaml b/integration-tests/Tasks/run-e2e-konflux-ui.yaml new file mode 100644 index 00000000..2cabfe85 --- /dev/null +++ b/integration-tests/Tasks/run-e2e-konflux-ui.yaml @@ -0,0 +1,745 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: run-e2e-konflux-ui + annotations: + tekton.dev/displayName: 'konflux-ui-e2e-tests' + tekton.dev/categories: 'Pipeline' + tekton.dev/tags: 'e2e,cypress,konflux-ui' +spec: + description: >- + Runs E2E tests for Konflux UI using Cypress + params: + - name: job-spec + description: 'Job specification metadata' + type: string + - name: job-type + description: 'Type of job (e.g., periodic-stage, periodic, pr)' + type: string + default: "pr-check" + - name: git-url + description: 'Git repository URL' + type: string + - name: git-revision + description: 'Git revision to checkout' + type: string + default: "main" + - name: cypress-credentials-secret + description: 'Secret name containing Cypress credentials (username, password)' + type: string + default: "cypress-credentials" + - name: slack-credentials-secret + description: 'Secret name containing Slack credentials' + type: string + default: "slack-credentials" + - name: github-credentials-secret + description: 'Secret name containing GitHub token' + type: string + default: "github-credentials" + - name: cluster-access-secret + description: 'Secret name containing kubeconfig for accessing Kind cluster' + type: string + default: "" + - name: cypress-cloud-secret + description: 'Secret name containing Cypress Cloud credentials (project-id, record-key)' + type: string + default: "cypress-cloud-credentials" + - name: debug-pause-minutes + description: 'Minutes to pause after test for artifact inspection (0 to skip, max 60)' + type: string + default: "0" + - name: oci-storage + description: 'OCI repository to store test artifacts (e.g., quay.io/user/repo:tag)' + type: string + default: "" + - name: oci-credentials-secret + description: 'Secret containing OCI registry credentials' + type: string + default: "quay-secret" + results: + - name: e2e-output + description: 'Result of e2e test' + volumes: + - name: kubeconfig + secret: + secretName: $(params.cluster-access-secret) + optional: true + - name: shared-data + emptyDir: {} + - name: oci-credentials + secret: + secretName: $(params.oci-credentials-secret) + optional: true + items: + - key: .dockerconfigjson + path: .dockerconfigjson + sidecars: + - name: port-forward + image: quay.io/konflux-ci/appstudio-utils:ab6b0b8e40e440158e7288c73aff1cf83a2cc8a9@sha256:24179f0efd06c65d16868c2d7eb82573cce8e43533de6cea14fec3b7446e0b14 + volumeMounts: + - name: kubeconfig + mountPath: /credentials + - name: shared-data + mountPath: /shared + env: + - name: JOB_TYPE + value: $(params.job-type) + - name: CLUSTER_SECRET + value: $(params.cluster-access-secret) + script: | + #!/usr/bin/env bash + set -euo pipefail + + echo "=== PORT FORWARD SIDECAR START ===" + echo "JOB_TYPE: ${JOB_TYPE}" + echo "cluster-access-secret param: ${CLUSTER_SECRET}" + echo "" + + echo "Checking /credentials:" + ls -la /credentials/ 2>&1 || echo "Dir not found" + echo "" + + if [[ -f /credentials/kubeconfig ]]; then + echo "✓ Found kubeconfig ($(wc -c < /credentials/kubeconfig) bytes)" + else + echo "✗ kubeconfig NOT FOUND" + echo "Secret expected: ${CLUSTER_SECRET}" + find /credentials -type f 2>/dev/null | head -10 + fi + echo "" + + # Skip port forwarding for periodic-stage jobs + if [[ "${JOB_TYPE}" == "periodic-stage" ]]; then + echo "INFO: Skipping port forward for periodic-stage job" + echo "skipped" > /shared/port-forward-status + sleep infinity + exit 0 + fi + + # Check if kubeconfig exists + if [[ ! -f /credentials/kubeconfig ]]; then + echo "ERROR: kubeconfig not found!" + if [[ -z "${CLUSTER_SECRET}" ]]; then + echo "CAUSE: cluster-access-secret parameter is EMPTY" + echo "Check Pipeline taskRef params mapping" + else + echo "CAUSE: Secret '${CLUSTER_SECRET}' not found or missing 'kubeconfig' key" + echo "Verify: kubectl get secret ${CLUSTER_SECRET} -o jsonpath='{.data.kubeconfig}'" + fi + echo "failed" > /shared/port-forward-status + sleep infinity + exit 1 + fi + + export KUBECONFIG=/credentials/kubeconfig + echo "✓ KUBECONFIG set to: ${KUBECONFIG}" + echo "" + + echo "=== Port Forward Sidecar Starting ===" + echo "Waiting for Konflux UI deployment to be ready..." + + # Wait for deployment + kubectl wait --for=condition=available --timeout=300s deployment/proxy -n konflux-ui || { + echo "ERROR: Konflux UI proxy deployment not ready" + kubectl get pods -n konflux-ui + echo "failed" > /shared/port-forward-status + exit 1 + } + + echo "✓ Deployment is ready" + + # Get service and pod info + kubectl get svc proxy -n konflux-ui -o wide + echo "" + + # Get pod name + POD_NAME=$(kubectl get pod -n konflux-ui -l app=proxy -o jsonpath='{.items[0].metadata.name}') + if [[ -z "${POD_NAME}" ]]; then + echo "ERROR: Could not find proxy pod" + kubectl get pods -n konflux-ui + echo "failed" > /shared/port-forward-status + exit 1 + fi + + echo "Found pod: ${POD_NAME}" + echo "" + + # Get detailed pod information + echo "=== Pod Details ===" + kubectl get pod ${POD_NAME} -n konflux-ui -o wide + echo "" + + echo "=== Container Ports Configuration ===" + kubectl get pod ${POD_NAME} -n konflux-ui -o jsonpath='{range .spec.containers[*]}Container: {.name}{"\n"}{range .ports[*]} - {.name}: {.containerPort}/{.protocol}{"\n"}{end}{"\n"}{end}' + echo "" + + # Get nginx container ports + NGINX_HTTP_PORT=$(kubectl get pod ${POD_NAME} -n konflux-ui -o jsonpath='{.spec.containers[?(@.name=="nginx")].ports[?(@.name=="web")].containerPort}') + NGINX_HTTPS_PORT=$(kubectl get pod ${POD_NAME} -n konflux-ui -o jsonpath='{.spec.containers[?(@.name=="nginx")].ports[?(@.name=="web-tls")].containerPort}') + + echo "Nginx HTTP port (web): ${NGINX_HTTP_PORT}" + echo "Nginx HTTPS port (web-tls): ${NGINX_HTTPS_PORT}" + echo "" + + # Check what's actually listening inside the pod + echo "=== Checking Listening Ports in Pod ===" + echo "Running 'ss -tln' in nginx container:" + kubectl exec ${POD_NAME} -n konflux-ui -c nginx -- ss -tln 2>/dev/null | grep LISTEN || echo "Could not run ss" + echo "" + + echo "Running 'ss -tln' in oauth2-proxy container:" + kubectl exec ${POD_NAME} -n konflux-ui -c oauth2-proxy -- ss -tln 2>/dev/null | grep LISTEN || echo "Could not run ss" + echo "" + + # Test connectivity from within the cluster + echo "=== Testing Pod Connectivity from Cluster ===" + POD_IP=$(kubectl get pod ${POD_NAME} -n konflux-ui -o jsonpath='{.status.podIP}') + echo "Pod IP: ${POD_IP}" + + echo "Testing HTTP to pod IP:${NGINX_HTTP_PORT}..." + HTTP_TEST=$(timeout 5 kubectl exec ${POD_NAME} -n konflux-ui -c nginx -- curl -s -o /dev/null -w "%{http_code}" http://localhost:${NGINX_HTTP_PORT} 2>&1 || echo "failed") + echo " Result: ${HTTP_TEST}" + + echo "Testing HTTPS to pod IP:${NGINX_HTTPS_PORT}..." + HTTPS_TEST=$(timeout 5 kubectl exec ${POD_NAME} -n konflux-ui -c nginx -- curl -k -s -o /dev/null -w "%{http_code}" https://localhost:${NGINX_HTTPS_PORT} 2>&1 || echo "failed") + echo " Result: ${HTTPS_TEST}" + echo "" + + # Start port forward to nginx container's HTTPS port (9443) + # We use HTTPS because nginx definitely listens on 9443 + echo "==========================================" + echo "STARTING PORT FORWARD" + echo "==========================================" + echo "Command: kubectl port-forward -n konflux-ui pod/${POD_NAME} 8080:${NGINX_HTTPS_PORT}" + echo "This will forward:" + echo " localhost:8080 (in this sidecar) -> pod ${POD_NAME}:${NGINX_HTTPS_PORT} (nginx HTTPS)" + echo "" + echo "Port forward starting in background..." + + # Start port-forward in background + kubectl port-forward -n konflux-ui pod/${POD_NAME} 8080:${NGINX_HTTPS_PORT} & + PF_PID=$! + + echo "Port-forward process started with PID: ${PF_PID}" + + # Wait for port-forward to be ready + echo "Waiting for port-forward to be ready..." + MAX_WAIT=30 + ELAPSED=0 + while [[ ${ELAPSED} -lt ${MAX_WAIT} ]]; do + # Use HTTPS with -k to ignore cert, since we're forwarding to port 9443 (HTTPS) + HTTP_CODE=$(curl -k -s -o /dev/null -w "%{http_code}" https://localhost:8080 2>/dev/null || echo "000") + echo " Attempt $((ELAPSED + 1)): HTTP code = ${HTTP_CODE}" + if echo "${HTTP_CODE}" | grep -qE "^(200|301|302|304|401|403|404)$"; then + echo "✓ Port-forward is ready!" + break + fi + sleep 1 + ELAPSED=$((ELAPSED + 1)) + done + + if [[ ${ELAPSED} -ge ${MAX_WAIT} ]]; then + echo "ERROR: Port-forward not ready after ${MAX_WAIT}s" + echo "Last HTTP code: ${HTTP_CODE}" + echo "failed" > /shared/port-forward-status + exit 1 + fi + + # Signal that port-forward is ready + echo "ready" > /shared/port-forward-status + echo "✓ Readiness marker created at /shared/port-forward-status" + + # Keep sidecar alive by waiting for the port-forward process + echo "Port-forward is running. Waiting for process to complete..." + wait $PF_PID + steps: + - name: run-e2e-test + image: quay.io/konflux_ui_qe/konflux-ui-tests:latest + workingDir: /tmp/e2e + volumeMounts: + - name: shared-data + mountPath: /shared + env: + - name: JOB_SPEC + value: $(params.job-spec) + - name: JOB_TYPE + value: $(params.job-type) + - name: CYPRESS_LOCAL_CLUSTER + value: "true" + - name: CYPRESS_PERIODIC_RUN_STAGE + value: "false" + - name: CYPRESS_USERNAME + valueFrom: + secretKeyRef: + name: $(params.cypress-credentials-secret) + key: username + - name: CYPRESS_PASSWORD + valueFrom: + secretKeyRef: + name: $(params.cypress-credentials-secret) + key: password + - name: CYPRESS_GH_TOKEN + valueFrom: + secretKeyRef: + name: $(params.github-credentials-secret) + key: token + - name: CYPRESS_PROJECT_ID + valueFrom: + secretKeyRef: + name: $(params.cypress-cloud-secret) + key: project-id + optional: true + - name: CYPRESS_RECORD_KEY + valueFrom: + secretKeyRef: + name: $(params.cypress-cloud-secret) + key: record-key + optional: true + script: | + #!/usr/bin/env bash + set -euo pipefail + + echo "==========================================" + echo "STEP-RUN-E2E-TEST" + echo "==========================================" + echo "=== Running Cypress E2E Tests ===" + echo "Job Type: ${JOB_TYPE}" + echo "" + echo "=== DEBUG: Task Parameters ===" + echo "Parameters received by this step:" + echo " JOB_TYPE: ${JOB_TYPE}" + echo " CYPRESS_LOCAL_CLUSTER: ${CYPRESS_LOCAL_CLUSTER}" + echo " CYPRESS_PERIODIC_RUN_STAGE: ${CYPRESS_PERIODIC_RUN_STAGE}" + echo "" + echo "Note: cluster-access-secret is used by the port-forward sidecar" + echo " Check sidecar logs for parameter passing details" + echo "" + + # Verify CYPRESS_GH_TOKEN + if [[ -z "${CYPRESS_GH_TOKEN:-}" ]]; then + echo "ERROR: CYPRESS_GH_TOKEN is not set!" + exit 1 + fi + echo "✓ CYPRESS_GH_TOKEN is set (length: ${#CYPRESS_GH_TOKEN})" + echo "" + + # Configure based on job type + if [[ ${JOB_TYPE} == 'periodic-stage' ]]; then + echo "Running against stage environment..." + export CYPRESS_LOCAL_CLUSTER=false + export CYPRESS_PERIODIC_RUN_STAGE=true + else + echo "Running against local Kind cluster..." + + # Wait for port-forward sidecar to be ready using shared marker file + echo "=== Waiting for port-forward sidecar ===" + echo "Checking for readiness marker at /shared/port-forward-status..." + echo "" + MAX_WAIT=60 + ELAPSED=0 + + while [[ ${ELAPSED} -lt ${MAX_WAIT} ]]; do + if [[ -f /shared/port-forward-status ]]; then + STATUS=$(cat /shared/port-forward-status) + echo "Status file found! Content: '${STATUS}'" + if [[ "${STATUS}" == "ready" ]]; then + echo "✓ Port-forward sidecar is ready!" + break + elif [[ "${STATUS}" == "failed" ]]; then + echo "" + echo "==========================================" + echo "ERROR: Port-forward sidecar FAILED" + echo "==========================================" + echo "" + echo "The port-forward sidecar reported a failure." + echo "Check the 'port-forward' sidecar logs for details:" + echo "" + echo " kubectl logs -c port-forward -n " + echo "" + echo "Common issues:" + echo " 1. cluster-access-secret parameter is empty or not passed" + echo " 2. Secret doesn't exist in the namespace" + echo " 3. Secret exists but missing 'kubeconfig' key" + echo " 4. Deployment not ready (timeout waiting for proxy deployment)" + echo "" + exit 1 + elif [[ "${STATUS}" == "skipped" ]]; then + echo "ERROR: Port-forward was skipped but required for local cluster" + echo "This should only happen for periodic-stage jobs." + exit 1 + else + echo "Unknown status: '${STATUS}' - continuing to wait..." + fi + fi + echo "Waiting for port-forward readiness (${ELAPSED}s/${MAX_WAIT}s)..." + sleep 2 + ELAPSED=$((ELAPSED + 2)) + done + + if [[ ${ELAPSED} -ge ${MAX_WAIT} ]]; then + echo "" + echo "==========================================" + echo "ERROR: Port-forward not ready after ${MAX_WAIT}s" + echo "==========================================" + echo "" + echo "Status file check:" + if [[ -f /shared/port-forward-status ]]; then + echo " Status file exists with content: '$(cat /shared/port-forward-status)'" + else + echo " ✗ Status file NOT FOUND at /shared/port-forward-status" + echo "" + echo "This means the port-forward sidecar never wrote the status file." + echo "Possible causes:" + echo " 1. Sidecar is still initializing" + echo " 2. Sidecar failed before writing status (check sidecar logs)" + echo " 3. Shared volume mount issue" + echo "" + echo "Check sidecar logs:" + echo " kubectl logs -c port-forward -n " + fi + echo "" + exit 1 + fi + echo "" + + # Port-forward maps localhost:8080 to nginx HTTPS port (9443) + export CYPRESS_KONFLUX_BASE_URL="https://localhost:8080" + fi + + # Run tests + SPEC_FILE="tests/basic-happy-path.spec.ts" + echo "" + echo "Running: ${SPEC_FILE}" + echo "CYPRESS_KONFLUX_BASE_URL: ${CYPRESS_KONFLUX_BASE_URL:-not set}" + echo "CYPRESS_LOCAL_CLUSTER: ${CYPRESS_LOCAL_CLUSTER}" + echo "CYPRESS_PERIODIC_RUN_STAGE: ${CYPRESS_PERIODIC_RUN_STAGE}" + echo "" + + # Build Cypress command with optional recording + CYPRESS_ARGS="--runner-ui -b chrome --spec ${SPEC_FILE}" + + if [[ -n "${CYPRESS_PROJECT_ID:-}" && -n "${CYPRESS_RECORD_KEY:-}" ]]; then + echo "✓ Cypress Cloud recording enabled" + echo " Project ID: ${CYPRESS_PROJECT_ID}" + CYPRESS_ARGS="${CYPRESS_ARGS} --record" + + # Add tag if JOB_TYPE is set and not empty + if [[ -n "${JOB_TYPE:-}" ]]; then + CYPRESS_ARGS="${CYPRESS_ARGS} --tag ${JOB_TYPE}" + echo " Tag: ${JOB_TYPE}" + fi + else + echo "ℹ Cypress Cloud recording disabled (PROJECT_ID or RECORD_KEY not set)" + fi + + echo "Running: npx cypress run ${CYPRESS_ARGS}" + npx cypress run ${CYPRESS_ARGS} || EXIT_CODE=$? + + EXIT_CODE=${EXIT_CODE:-0} + echo ${EXIT_CODE} > /tmp/e2e-exit-code + + # Show artifact locations + echo "" + echo "==========================================" + echo "TEST ARTIFACTS SUMMARY" + echo "==========================================" + + if [[ -d /tmp/e2e/cypress ]]; then + echo "" + echo "Artifacts available at:" + echo " Location: /tmp/e2e/cypress" + echo "" + + if ls /tmp/e2e/cypress/videos/*.mp4 >/dev/null 2>&1; then + echo "Videos:" + ls -lh /tmp/e2e/cypress/videos/ + echo "" + fi + + if [[ -d /tmp/e2e/cypress/screenshots ]] && [[ -n "$(ls -A /tmp/e2e/cypress/screenshots 2>/dev/null)" ]]; then + echo "Screenshots:" + find /tmp/e2e/cypress/screenshots -type f + echo "" + fi + + if [[ -f /tmp/e2e/cypress/index.html ]]; then + echo "HTML Report:" + echo " /tmp/e2e/cypress/index.html" + echo "" + fi + fi + + # Debug pause for manual artifact inspection + DEBUG_PAUSE=$(params.debug-pause-minutes) + if [[ "${DEBUG_PAUSE}" != "0" ]] && [[ -n "${DEBUG_PAUSE}" ]]; then + PAUSE_SECONDS=$((DEBUG_PAUSE * 60)) + + echo "==========================================" + echo "DEBUG PAUSE ACTIVATED" + echo "==========================================" + echo "" + echo "Pod will remain alive for ${DEBUG_PAUSE} minute(s)" + echo "" + echo "To download artifacts, run:" + echo "" + echo " # Get this pod name" + echo " POD_NAME=\$(kubectl get pods -n wlin-tenant -l tekton.dev/taskRun --field-selector status.phase=Running -o jsonpath='{.items[0].metadata.name}')" + echo "" + echo " # Download all artifacts" + echo " kubectl cp wlin-tenant/\${POD_NAME}:/tmp/e2e/cypress ./cypress-artifacts -c run-e2e-test" + echo "" + echo " # Download video only" + echo " kubectl cp wlin-tenant/\${POD_NAME}:/tmp/e2e/cypress/videos ./videos -c run-e2e-test" + echo "" + echo " # Download screenshots only" + echo " kubectl cp wlin-tenant/\${POD_NAME}:/tmp/e2e/cypress/screenshots ./screenshots -c run-e2e-test" + echo "" + echo " # Download HTML report" + echo " kubectl cp wlin-tenant/\${POD_NAME}:/tmp/e2e/cypress/index.html ./test-report.html -c run-e2e-test" + echo "" + echo "Pausing now..." + echo "" + + # Countdown with status updates + REMAINING=${PAUSE_SECONDS} + while [[ ${REMAINING} -gt 0 ]]; do + MINS=$((REMAINING / 60)) + SECS=$((REMAINING % 60)) + echo "⏳ Time remaining: ${MINS}m ${SECS}s (Cancel PipelineRun to exit early)" + sleep 60 + REMAINING=$((REMAINING - 60)) + done + + echo "" + echo "Debug pause complete. Continuing..." + fi + + exit ${EXIT_CODE} + + - name: upload-artifacts-to-oci + image: quay.io/konflux-ci/oras:latest + workingDir: /tmp/e2e + env: + - name: OCI_STORAGE + value: $(params.oci-storage) + - name: GIT_REVISION + value: $(params.git-revision) + - name: JOB_TYPE + value: $(params.job-type) + - name: REGISTRY_AUTH_FILE + value: /secrets/.dockerconfigjson + - name: PIPELINE_RUN_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['tekton.dev/pipelineRun'] + volumeMounts: + - name: oci-credentials + mountPath: /secrets + readOnly: true + script: | + #!/usr/bin/env bash + set -euo pipefail + + # Skip if OCI storage not configured + if [[ -z "${OCI_STORAGE}" || "${OCI_STORAGE}" == "" ]]; then + echo "ℹ OCI storage not configured, skipping artifact upload" + exit 0 + fi + + echo "==========================================" + echo "UPLOADING ARTIFACTS TO OCI REGISTRY" + echo "==========================================" + echo "" + + # Check if artifacts exist + if [[ ! -d /tmp/e2e/cypress ]]; then + echo "⚠ No artifacts found at /tmp/e2e/cypress" + exit 0 + fi + + # Verify authentication + if [[ ! -f "${REGISTRY_AUTH_FILE}" ]]; then + echo "ERROR: Registry auth file not found at ${REGISTRY_AUTH_FILE}" + echo "Make sure the secret '$(params.oci-credentials-secret)' exists and contains '.dockerconfigjson' key" + exit 1 + fi + + echo "✓ Registry authentication file found" + echo "" + + # Generate unique tag based on git revision and timestamp + SHORT_SHA="${GIT_REVISION:0:7}" + TIMESTAMP=$(date -u +%Y%m%d-%H%M%S) + + # Build the full OCI reference with tag + # Remove any existing tag from OCI_STORAGE base + OCI_BASE="${OCI_STORAGE%%:*}" + + # Create unique tag: - + TAG="${SHORT_SHA}-${TIMESTAMP}" + OCI_REF="${OCI_BASE}:${TAG}" + + echo "Configuration:" + echo " Base repository: ${OCI_BASE}" + echo " Tag: ${TAG}" + echo " Full reference: ${OCI_REF}" + echo " Git revision: ${GIT_REVISION}" + echo " Job type: ${JOB_TYPE}" + echo " PipelineRun: ${PIPELINE_RUN_NAME:-N/A}" + echo "" + + cd /tmp/e2e/cypress + + # Create a tarball of all artifacts + TARBALL="/tmp/cypress-artifacts.tar.gz" + echo "Creating tarball of artifacts..." + tar czf "${TARBALL}" . 2>/dev/null || { + echo "ERROR: Failed to create tarball" + exit 1 + } + + if [[ ! -f "${TARBALL}" ]]; then + echo "ERROR: Tarball was not created" + exit 1 + fi + + TARBALL_SIZE=$(du -h "${TARBALL}" | cut -f1) + echo "✓ Tarball created: ${TARBALL_SIZE}" + echo "" + + # Prepare annotations with metadata + CREATED_AT=$(date -u +%Y-%m-%dT%H:%M:%SZ) + + echo "Uploading to OCI registry..." + echo "Command: oras push ${OCI_REF}" + echo "" + + # Upload using oras with rich annotations + oras push "${OCI_REF}" \ + "${TARBALL}:application/gzip" \ + --annotation "org.opencontainers.image.title=cypress-e2e-artifacts" \ + --annotation "org.opencontainers.image.description=Cypress test artifacts (videos, screenshots, reports)" \ + --annotation "org.opencontainers.image.created=${CREATED_AT}" \ + --annotation "org.opencontainers.image.revision=${GIT_REVISION}" \ + --annotation "dev.konflux.job-type=${JOB_TYPE}" \ + --annotation "dev.konflux.pipeline-run=${PIPELINE_RUN_NAME:-unknown}" \ + --annotation "dev.konflux.artifact-type=cypress-test-results" || { + echo "" + echo "ERROR: Failed to push artifacts to OCI registry" + echo "This might be due to:" + echo " 1. Invalid credentials in secret '$(params.oci-credentials-secret)'" + echo " 2. Insufficient permissions to push to ${OCI_BASE}" + echo " 3. Network connectivity issues" + echo "" + echo "To verify credentials:" + echo " oc get secret $(params.oci-credentials-secret) -o jsonpath='{.data.\.dockerconfigjson}' | base64 -d | jq" + echo "" + exit 1 + } + + echo "" + echo "==========================================" + echo "✓ ARTIFACTS UPLOADED SUCCESSFULLY" + echo "==========================================" + echo "" + echo "Artifact Details:" + echo " Repository: ${OCI_BASE}" + echo " Tag: ${TAG}" + echo " Full reference: ${OCI_REF}" + echo " Size: ${TARBALL_SIZE}" + echo " Created: ${CREATED_AT}" + echo "" + echo "To download and extract artifacts:" + echo " oras pull ${OCI_REF}" + echo " tar xzf cypress-artifacts.tar.gz" + echo "" + echo "To view in browser:" + echo " https://quay.io/repository/konflux_ui_qe/pr-check-artefacts?tab=tags" + echo "" + + - name: report-to-slack + image: quay.io/konflux-ci/appstudio-utils:ab6b0b8e40e440158e7288c73aff1cf83a2cc8a9@sha256:24179f0efd06c65d16868c2d7eb82573cce8e43533de6cea14fec3b7446e0b14 + env: + - name: JOB_TYPE + value: $(params.job-type) + - name: SLACK_TOKEN + valueFrom: + secretKeyRef: + name: $(params.slack-credentials-secret) + key: token + optional: true + - name: SLACK_CHANNEL_ID + valueFrom: + configMapKeyRef: + name: slack-config + key: channel-id + optional: true + - name: PIPELINE_RUN_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['tekton.dev/pipelineRun'] + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + script: | + #!/usr/bin/env bash + + # Only send Slack report for periodic jobs + if [[ ! ${JOB_TYPE} == periodic* ]]; then + echo "Not a periodic job (JOB_TYPE=${JOB_TYPE}), skipping Slack report" + exit 0 + fi + + # Check if Slack is configured + if [[ -z "${SLACK_TOKEN}" || -z "${SLACK_CHANNEL_ID}" ]]; then + echo "Slack not configured, skipping report" + exit 0 + fi + + # Determine test outcome + E2E_OUTCOME="success" + if [[ -f /tmp/e2e-exit-code ]] && [[ $(cat /tmp/e2e-exit-code) -ne 0 ]]; then + E2E_OUTCOME="failure" + fi + + # Generate message + if [[ $E2E_OUTCOME == "success" ]]; then + ICON=":white_check_mark:" + else + ICON=":x:" + fi + + DATE_STR=$(date '+%b %-d') + + case "$JOB_TYPE" in + "periodic-local") + JOB_DESC="LOCAL Periodic job" + ;; + "periodic-stage") + JOB_DESC="STAGE Periodic job" + ;; + "periodic-cleanup") + JOB_DESC="CLEANUP Periodic job" + ;; + *) + JOB_DESC="Periodic job (${JOB_TYPE})" + ;; + esac + + # Add PipelineRun info to message + if [[ -n "${PIPELINE_RUN_NAME}" ]]; then + MESSAGE="${ICON} Report ${DATE_STR}: ${JOB_DESC} (PipelineRun: ${PIPELINE_RUN_NAME})" + else + MESSAGE="${ICON} Report ${DATE_STR}: ${JOB_DESC}" + fi + + echo "Sending Slack notification: ${MESSAGE}" + + # Send to Slack + curl -X POST https://slack.com/api/chat.postMessage \ + -H "Authorization: Bearer ${SLACK_TOKEN}" \ + -H "Content-Type: application/json; charset=utf-8" \ + -d "{\"channel\": \"${SLACK_CHANNEL_ID}\", \"text\": \"${MESSAGE}\"}" \ + || echo "Failed to send Slack notification (non-fatal)" diff --git a/integration-tests/Tasks/run-e2e-konflux-ui.yaml.debug-backup b/integration-tests/Tasks/run-e2e-konflux-ui.yaml.debug-backup new file mode 100644 index 00000000..52b3614d --- /dev/null +++ b/integration-tests/Tasks/run-e2e-konflux-ui.yaml.debug-backup @@ -0,0 +1,856 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: run-e2e-konflux-ui + annotations: + tekton.dev/displayName: 'konflux-ui-e2e-tests' + tekton.dev/categories: 'Pipeline' + tekton.dev/tags: 'e2e,cypress,konflux-ui' +spec: + description: >- + Runs E2E tests for Konflux UI using Cypress + params: + - name: job-spec + description: 'Job specification metadata' + type: string + - name: job-type + description: 'Type of job (e.g., periodic-stage, periodic, pr)' + type: string + default: "pr-check" + - name: git-url + description: 'Git repository URL' + type: string + - name: git-revision + description: 'Git revision to checkout' + type: string + default: "main" + - name: cypress-credentials-secret + description: 'Secret name containing Cypress credentials (username, password)' + type: string + default: "cypress-credentials" + - name: slack-credentials-secret + description: 'Secret name containing Slack credentials' + type: string + default: "slack-credentials" + - name: github-credentials-secret + description: 'Secret name containing GitHub token' + type: string + default: "github-credentials" + - name: cluster-access-secret + description: 'Secret name containing kubeconfig for accessing Kind cluster' + type: string + default: "" + - name: cypress-cloud-secret + description: 'Secret name containing Cypress Cloud credentials (project-id, record-key)' + type: string + default: "cypress-cloud-credentials" + - name: debug-pause-minutes + description: 'Minutes to pause after test for artifact inspection (0 to skip, max 60)' + type: string + default: "0" + - name: oci-storage + description: 'OCI repository to store test artifacts (e.g., quay.io/user/repo:tag)' + type: string + default: "" + - name: oci-credentials-secret + description: 'Secret containing OCI registry credentials' + type: string + default: "quay-secret" + results: + - name: e2e-output + description: 'Result of e2e test' + volumes: + - name: kubeconfig + secret: + secretName: $(params.cluster-access-secret) + optional: true + - name: shared-data + emptyDir: {} + - name: oci-credentials + secret: + secretName: $(params.oci-credentials-secret) + optional: true + items: + - key: .dockerconfigjson + path: .dockerconfigjson + sidecars: + - name: port-forward + image: quay.io/konflux-ci/appstudio-utils:ab6b0b8e40e440158e7288c73aff1cf83a2cc8a9@sha256:24179f0efd06c65d16868c2d7eb82573cce8e43533de6cea14fec3b7446e0b14 + volumeMounts: + - name: kubeconfig + mountPath: /credentials + - name: shared-data + mountPath: /shared + env: + - name: JOB_TYPE + value: $(params.job-type) + - name: CLUSTER_ACCESS_SECRET_PARAM + value: $(params.cluster-access-secret) + script: | + #!/usr/bin/env bash + set -euo pipefail + + echo "==========================================" + echo "PORT FORWARD SIDECAR - DEBUG INFO" + echo "==========================================" + echo "" + echo "Environment:" + echo " JOB_TYPE: ${JOB_TYPE}" + echo "" + echo "Task Parameters Received:" + echo " cluster-access-secret (from param): $(params.cluster-access-secret)" + echo " cluster-access-secret (from env): ${CLUSTER_ACCESS_SECRET_PARAM}" + echo "" + echo "IMPORTANT: If the above shows empty string, the parameter was not passed from Pipeline!" + echo "" + + echo "=== Checking /credentials directory ===" + if [[ -d /credentials ]]; then + echo "✓ Directory exists. Contents:" + ls -laR /credentials/ || echo "Cannot list /credentials" + echo "" + echo "File count: $(find /credentials -type f 2>/dev/null | wc -l)" + echo "Total size: $(du -sh /credentials 2>/dev/null | cut -f1)" + else + echo "✗ ERROR: /credentials directory does not exist!" + echo "This means the volume was not mounted at all." + fi + echo "" + + echo "=== Checking kubeconfig file ===" + if [[ -f /credentials/kubeconfig ]]; then + echo "✓ Found /credentials/kubeconfig" + ls -lh /credentials/kubeconfig + echo "File size: $(wc -c < /credentials/kubeconfig) bytes" + echo "First 5 lines:" + head -5 /credentials/kubeconfig || echo "Cannot read file" + else + echo "✗ /credentials/kubeconfig NOT FOUND" + echo "" + echo "=== Troubleshooting Info ===" + echo "" + echo "1. Checking what files exist in /credentials:" + if [[ -d /credentials ]]; then + FILE_COUNT=$(find /credentials -type f 2>/dev/null | wc -l) + echo " Found ${FILE_COUNT} file(s):" + find /credentials -type f 2>/dev/null | while read f; do + echo " - $f (size: $(stat -c%s "$f" 2>/dev/null || echo "unknown") bytes)" + done + else + echo " /credentials directory does not exist" + fi + echo "" + echo "2. Checking volume mount configuration:" + echo " Expected secret name: ${CLUSTER_ACCESS_SECRET_PARAM}" + echo " Expected key in secret: kubeconfig" + echo " Mount path: /credentials" + echo "" + echo "3. Attempting to list secrets in current namespace:" + # Try to use default service account token + if [[ -f /var/run/secrets/kubernetes.io/serviceaccount/token ]]; then + NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace) + echo " Current namespace: ${NAMESPACE}" + TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token) + CA_CERT=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt + + echo "" + echo " Secrets matching 'kfg-*' in namespace ${NAMESPACE}:" + SECRET_LIST=$(curl -s --cacert ${CA_CERT} -H "Authorization: Bearer ${TOKEN}" \ + "https://kubernetes.default.svc/api/v1/namespaces/${NAMESPACE}/secrets" \ + | grep -o '"name":"kfg-[^"]*"' | cut -d'"' -f4 || echo "") + if [[ -n "${SECRET_LIST}" ]]; then + echo "${SECRET_LIST}" | while read secret; do + echo " - ${secret}" + done + else + echo " No secrets starting with 'kfg-' found" + fi + + echo "" + echo " Checking if the specified secret exists:" + if [[ -n "${CLUSTER_ACCESS_SECRET_PARAM}" ]]; then + SECRET_EXISTS=$(curl -s --cacert ${CA_CERT} -H "Authorization: Bearer ${TOKEN}" \ + "https://kubernetes.default.svc/api/v1/namespaces/${NAMESPACE}/secrets/${CLUSTER_ACCESS_SECRET_PARAM}" \ + | grep -o '"name":"[^"]*"' | cut -d'"' -f4 || echo "") + if [[ -n "${SECRET_EXISTS}" ]]; then + echo " ✓ Secret '${CLUSTER_ACCESS_SECRET_PARAM}' EXISTS in namespace ${NAMESPACE}" + else + echo " ✗ Secret '${CLUSTER_ACCESS_SECRET_PARAM}' NOT FOUND in namespace ${NAMESPACE}" + fi + else + echo " Cannot check - cluster-access-secret parameter is empty!" + fi + else + echo " No service account token available - cannot list secrets" + fi + fi + echo "" + + # Skip port forwarding for periodic-stage jobs + if [[ "${JOB_TYPE}" == "periodic-stage" ]]; then + echo "INFO: Skipping port forward for periodic-stage job" + echo "skipped" > /shared/port-forward-status + sleep infinity + exit 0 + fi + + # Check if kubeconfig exists + if [[ ! -f /credentials/kubeconfig ]]; then + echo "==========================================" + echo "ERROR: Cannot proceed without kubeconfig" + echo "==========================================" + echo "" + echo "ROOT CAUSE ANALYSIS:" + echo "" + if [[ -z "${CLUSTER_ACCESS_SECRET_PARAM}" ]]; then + echo "✗ CRITICAL: The 'cluster-access-secret' parameter is EMPTY!" + echo "" + echo "This means the Pipeline did not pass the parameter to the Task." + echo "" + echo "Verify in Pipeline YAML that the parameter is correctly mapped:" + echo " - Pipeline parameter: 'cluster-kubeconfig-secret'" + echo " - Task parameter: 'cluster-access-secret'" + echo " - Expected mapping in Pipeline taskRef:" + echo " params:" + echo " - name: cluster-access-secret" + echo " value: '\$(params.cluster-kubeconfig-secret)'" + else + echo "Parameter 'cluster-access-secret' = '${CLUSTER_ACCESS_SECRET_PARAM}'" + echo "" + echo "The parameter is set, but the kubeconfig file is missing." + echo "Possible causes:" + echo "" + echo " 1. Secret '${CLUSTER_ACCESS_SECRET_PARAM}' doesn't exist in the namespace" + echo " 2. Secret exists but doesn't have a 'kubeconfig' key" + echo " 3. Volume mount failed (check pod events)" + echo "" + echo "Manual verification steps:" + echo " # Check if secret exists" + echo " kubectl get secret ${CLUSTER_ACCESS_SECRET_PARAM} -n " + echo "" + echo " # Check secret keys" + echo " kubectl get secret ${CLUSTER_ACCESS_SECRET_PARAM} -n -o jsonpath='{.data}' | jq 'keys'" + echo "" + echo " # Verify kubeconfig key exists and has data" + echo " kubectl get secret ${CLUSTER_ACCESS_SECRET_PARAM} -n -o jsonpath='{.data.kubeconfig}' | base64 -d | head -5" + fi + echo "" + echo "See detailed troubleshooting info above for more details." + echo "" + echo "failed" > /shared/port-forward-status + sleep infinity + exit 1 + fi + + export KUBECONFIG=/credentials/kubeconfig + echo "✓ KUBECONFIG set to: ${KUBECONFIG}" + echo "" + + echo "=== Port Forward Sidecar Starting ===" + echo "Waiting for Konflux UI deployment to be ready..." + + # Wait for deployment + kubectl wait --for=condition=available --timeout=300s deployment/proxy -n konflux-ui || { + echo "ERROR: Konflux UI proxy deployment not ready" + kubectl get pods -n konflux-ui + echo "failed" > /shared/port-forward-status + exit 1 + } + + echo "✓ Deployment is ready" + + # Get service and pod info + kubectl get svc proxy -n konflux-ui -o wide + echo "" + + # Get pod name + POD_NAME=$(kubectl get pod -n konflux-ui -l app=proxy -o jsonpath='{.items[0].metadata.name}') + if [[ -z "${POD_NAME}" ]]; then + echo "ERROR: Could not find proxy pod" + kubectl get pods -n konflux-ui + echo "failed" > /shared/port-forward-status + exit 1 + fi + + echo "Found pod: ${POD_NAME}" + echo "" + + # Get detailed pod information + echo "=== Pod Details ===" + kubectl get pod ${POD_NAME} -n konflux-ui -o wide + echo "" + + echo "=== Container Ports Configuration ===" + kubectl get pod ${POD_NAME} -n konflux-ui -o jsonpath='{range .spec.containers[*]}Container: {.name}{"\n"}{range .ports[*]} - {.name}: {.containerPort}/{.protocol}{"\n"}{end}{"\n"}{end}' + echo "" + + # Get nginx container ports + NGINX_HTTP_PORT=$(kubectl get pod ${POD_NAME} -n konflux-ui -o jsonpath='{.spec.containers[?(@.name=="nginx")].ports[?(@.name=="web")].containerPort}') + NGINX_HTTPS_PORT=$(kubectl get pod ${POD_NAME} -n konflux-ui -o jsonpath='{.spec.containers[?(@.name=="nginx")].ports[?(@.name=="web-tls")].containerPort}') + + echo "Nginx HTTP port (web): ${NGINX_HTTP_PORT}" + echo "Nginx HTTPS port (web-tls): ${NGINX_HTTPS_PORT}" + echo "" + + # Check what's actually listening inside the pod + echo "=== Checking Listening Ports in Pod ===" + echo "Running 'ss -tln' in nginx container:" + kubectl exec ${POD_NAME} -n konflux-ui -c nginx -- ss -tln 2>/dev/null | grep LISTEN || echo "Could not run ss" + echo "" + + echo "Running 'ss -tln' in oauth2-proxy container:" + kubectl exec ${POD_NAME} -n konflux-ui -c oauth2-proxy -- ss -tln 2>/dev/null | grep LISTEN || echo "Could not run ss" + echo "" + + # Test connectivity from within the cluster + echo "=== Testing Pod Connectivity from Cluster ===" + POD_IP=$(kubectl get pod ${POD_NAME} -n konflux-ui -o jsonpath='{.status.podIP}') + echo "Pod IP: ${POD_IP}" + + echo "Testing HTTP to pod IP:${NGINX_HTTP_PORT}..." + HTTP_TEST=$(timeout 5 kubectl exec ${POD_NAME} -n konflux-ui -c nginx -- curl -s -o /dev/null -w "%{http_code}" http://localhost:${NGINX_HTTP_PORT} 2>&1 || echo "failed") + echo " Result: ${HTTP_TEST}" + + echo "Testing HTTPS to pod IP:${NGINX_HTTPS_PORT}..." + HTTPS_TEST=$(timeout 5 kubectl exec ${POD_NAME} -n konflux-ui -c nginx -- curl -k -s -o /dev/null -w "%{http_code}" https://localhost:${NGINX_HTTPS_PORT} 2>&1 || echo "failed") + echo " Result: ${HTTPS_TEST}" + echo "" + + # Start port forward to nginx container's HTTPS port (9443) + # We use HTTPS because nginx definitely listens on 9443 + echo "==========================================" + echo "STARTING PORT FORWARD" + echo "==========================================" + echo "Command: kubectl port-forward -n konflux-ui pod/${POD_NAME} 8080:${NGINX_HTTPS_PORT}" + echo "This will forward:" + echo " localhost:8080 (in this sidecar) -> pod ${POD_NAME}:${NGINX_HTTPS_PORT} (nginx HTTPS)" + echo "" + echo "Port forward starting in background..." + + # Start port-forward in background + kubectl port-forward -n konflux-ui pod/${POD_NAME} 8080:${NGINX_HTTPS_PORT} & + PF_PID=$! + + echo "Port-forward process started with PID: ${PF_PID}" + + # Wait for port-forward to be ready + echo "Waiting for port-forward to be ready..." + MAX_WAIT=30 + ELAPSED=0 + while [[ ${ELAPSED} -lt ${MAX_WAIT} ]]; do + # Use HTTPS with -k to ignore cert, since we're forwarding to port 9443 (HTTPS) + HTTP_CODE=$(curl -k -s -o /dev/null -w "%{http_code}" https://localhost:8080 2>/dev/null || echo "000") + echo " Attempt $((ELAPSED + 1)): HTTP code = ${HTTP_CODE}" + if echo "${HTTP_CODE}" | grep -qE "^(200|301|302|304|401|403|404)$"; then + echo "✓ Port-forward is ready!" + break + fi + sleep 1 + ELAPSED=$((ELAPSED + 1)) + done + + if [[ ${ELAPSED} -ge ${MAX_WAIT} ]]; then + echo "ERROR: Port-forward not ready after ${MAX_WAIT}s" + echo "Last HTTP code: ${HTTP_CODE}" + echo "failed" > /shared/port-forward-status + exit 1 + fi + + # Signal that port-forward is ready + echo "ready" > /shared/port-forward-status + echo "✓ Readiness marker created at /shared/port-forward-status" + + # Keep sidecar alive by waiting for the port-forward process + echo "Port-forward is running. Waiting for process to complete..." + wait $PF_PID + steps: + - name: run-e2e-test + image: quay.io/konflux_ui_qe/konflux-ui-tests:latest + workingDir: /tmp/e2e + volumeMounts: + - name: shared-data + mountPath: /shared + env: + - name: JOB_SPEC + value: $(params.job-spec) + - name: JOB_TYPE + value: $(params.job-type) + - name: CYPRESS_LOCAL_CLUSTER + value: "true" + - name: CYPRESS_PERIODIC_RUN_STAGE + value: "false" + - name: CYPRESS_USERNAME + valueFrom: + secretKeyRef: + name: $(params.cypress-credentials-secret) + key: username + - name: CYPRESS_PASSWORD + valueFrom: + secretKeyRef: + name: $(params.cypress-credentials-secret) + key: password + - name: CYPRESS_GH_TOKEN + valueFrom: + secretKeyRef: + name: $(params.github-credentials-secret) + key: token + - name: CYPRESS_PROJECT_ID + valueFrom: + secretKeyRef: + name: $(params.cypress-cloud-secret) + key: project-id + optional: true + - name: CYPRESS_RECORD_KEY + valueFrom: + secretKeyRef: + name: $(params.cypress-cloud-secret) + key: record-key + optional: true + script: | + #!/usr/bin/env bash + set -euo pipefail + + echo "==========================================" + echo "STEP-RUN-E2E-TEST" + echo "==========================================" + echo "=== Running Cypress E2E Tests ===" + echo "Job Type: ${JOB_TYPE}" + echo "" + echo "=== DEBUG: Task Parameters ===" + echo "Parameters received by this step:" + echo " JOB_TYPE: ${JOB_TYPE}" + echo " CYPRESS_LOCAL_CLUSTER: ${CYPRESS_LOCAL_CLUSTER}" + echo " CYPRESS_PERIODIC_RUN_STAGE: ${CYPRESS_PERIODIC_RUN_STAGE}" + echo "" + echo "Note: cluster-access-secret is used by the port-forward sidecar" + echo " Check sidecar logs for parameter passing details" + echo "" + + # Verify CYPRESS_GH_TOKEN + if [[ -z "${CYPRESS_GH_TOKEN:-}" ]]; then + echo "ERROR: CYPRESS_GH_TOKEN is not set!" + exit 1 + fi + echo "✓ CYPRESS_GH_TOKEN is set (length: ${#CYPRESS_GH_TOKEN})" + echo "" + + # Configure based on job type + if [[ ${JOB_TYPE} == 'periodic-stage' ]]; then + echo "Running against stage environment..." + export CYPRESS_LOCAL_CLUSTER=false + export CYPRESS_PERIODIC_RUN_STAGE=true + else + echo "Running against local Kind cluster..." + + # Wait for port-forward sidecar to be ready using shared marker file + echo "=== Waiting for port-forward sidecar ===" + echo "Checking for readiness marker at /shared/port-forward-status..." + echo "" + MAX_WAIT=60 + ELAPSED=0 + + while [[ ${ELAPSED} -lt ${MAX_WAIT} ]]; do + if [[ -f /shared/port-forward-status ]]; then + STATUS=$(cat /shared/port-forward-status) + echo "Status file found! Content: '${STATUS}'" + if [[ "${STATUS}" == "ready" ]]; then + echo "✓ Port-forward sidecar is ready!" + break + elif [[ "${STATUS}" == "failed" ]]; then + echo "" + echo "==========================================" + echo "ERROR: Port-forward sidecar FAILED" + echo "==========================================" + echo "" + echo "The port-forward sidecar reported a failure." + echo "Check the 'port-forward' sidecar logs for details:" + echo "" + echo " kubectl logs -c port-forward -n " + echo "" + echo "Common issues:" + echo " 1. cluster-access-secret parameter is empty or not passed" + echo " 2. Secret doesn't exist in the namespace" + echo " 3. Secret exists but missing 'kubeconfig' key" + echo " 4. Deployment not ready (timeout waiting for proxy deployment)" + echo "" + exit 1 + elif [[ "${STATUS}" == "skipped" ]]; then + echo "ERROR: Port-forward was skipped but required for local cluster" + echo "This should only happen for periodic-stage jobs." + exit 1 + else + echo "Unknown status: '${STATUS}' - continuing to wait..." + fi + fi + echo "Waiting for port-forward readiness (${ELAPSED}s/${MAX_WAIT}s)..." + sleep 2 + ELAPSED=$((ELAPSED + 2)) + done + + if [[ ${ELAPSED} -ge ${MAX_WAIT} ]]; then + echo "" + echo "==========================================" + echo "ERROR: Port-forward not ready after ${MAX_WAIT}s" + echo "==========================================" + echo "" + echo "Status file check:" + if [[ -f /shared/port-forward-status ]]; then + echo " Status file exists with content: '$(cat /shared/port-forward-status)'" + else + echo " ✗ Status file NOT FOUND at /shared/port-forward-status" + echo "" + echo "This means the port-forward sidecar never wrote the status file." + echo "Possible causes:" + echo " 1. Sidecar is still initializing" + echo " 2. Sidecar failed before writing status (check sidecar logs)" + echo " 3. Shared volume mount issue" + echo "" + echo "Check sidecar logs:" + echo " kubectl logs -c port-forward -n " + fi + echo "" + exit 1 + fi + echo "" + + # Port-forward maps localhost:8080 to nginx HTTPS port (9443) + export CYPRESS_KONFLUX_BASE_URL="https://localhost:8080" + fi + + # Run tests + SPEC_FILE="tests/basic-happy-path.spec.ts" + echo "" + echo "Running: ${SPEC_FILE}" + echo "CYPRESS_KONFLUX_BASE_URL: ${CYPRESS_KONFLUX_BASE_URL:-not set}" + echo "CYPRESS_LOCAL_CLUSTER: ${CYPRESS_LOCAL_CLUSTER}" + echo "CYPRESS_PERIODIC_RUN_STAGE: ${CYPRESS_PERIODIC_RUN_STAGE}" + echo "" + + # Build Cypress command with optional recording + CYPRESS_ARGS="--runner-ui -b chrome --spec ${SPEC_FILE}" + + if [[ -n "${CYPRESS_PROJECT_ID:-}" && -n "${CYPRESS_RECORD_KEY:-}" ]]; then + echo "✓ Cypress Cloud recording enabled" + echo " Project ID: ${CYPRESS_PROJECT_ID}" + CYPRESS_ARGS="${CYPRESS_ARGS} --record" + + # Add tag if JOB_TYPE is set and not empty + if [[ -n "${JOB_TYPE:-}" ]]; then + CYPRESS_ARGS="${CYPRESS_ARGS} --tag ${JOB_TYPE}" + echo " Tag: ${JOB_TYPE}" + fi + else + echo "ℹ Cypress Cloud recording disabled (PROJECT_ID or RECORD_KEY not set)" + fi + + echo "Running: npx cypress run ${CYPRESS_ARGS}" + npx cypress run ${CYPRESS_ARGS} || EXIT_CODE=$? + + EXIT_CODE=${EXIT_CODE:-0} + echo ${EXIT_CODE} > /tmp/e2e-exit-code + + # Show artifact locations + echo "" + echo "==========================================" + echo "TEST ARTIFACTS SUMMARY" + echo "==========================================" + + if [[ -d /tmp/e2e/cypress ]]; then + echo "" + echo "Artifacts available at:" + echo " Location: /tmp/e2e/cypress" + echo "" + + if ls /tmp/e2e/cypress/videos/*.mp4 >/dev/null 2>&1; then + echo "Videos:" + ls -lh /tmp/e2e/cypress/videos/ + echo "" + fi + + if [[ -d /tmp/e2e/cypress/screenshots ]] && [[ -n "$(ls -A /tmp/e2e/cypress/screenshots 2>/dev/null)" ]]; then + echo "Screenshots:" + find /tmp/e2e/cypress/screenshots -type f + echo "" + fi + + if [[ -f /tmp/e2e/cypress/index.html ]]; then + echo "HTML Report:" + echo " /tmp/e2e/cypress/index.html" + echo "" + fi + fi + + # Debug pause for manual artifact inspection + DEBUG_PAUSE=$(params.debug-pause-minutes) + if [[ "${DEBUG_PAUSE}" != "0" ]] && [[ -n "${DEBUG_PAUSE}" ]]; then + PAUSE_SECONDS=$((DEBUG_PAUSE * 60)) + + echo "==========================================" + echo "DEBUG PAUSE ACTIVATED" + echo "==========================================" + echo "" + echo "Pod will remain alive for ${DEBUG_PAUSE} minute(s)" + echo "" + echo "To download artifacts, run:" + echo "" + echo " # Get this pod name" + echo " POD_NAME=\$(kubectl get pods -n wlin-tenant -l tekton.dev/taskRun --field-selector status.phase=Running -o jsonpath='{.items[0].metadata.name}')" + echo "" + echo " # Download all artifacts" + echo " kubectl cp wlin-tenant/\${POD_NAME}:/tmp/e2e/cypress ./cypress-artifacts -c run-e2e-test" + echo "" + echo " # Download video only" + echo " kubectl cp wlin-tenant/\${POD_NAME}:/tmp/e2e/cypress/videos ./videos -c run-e2e-test" + echo "" + echo " # Download screenshots only" + echo " kubectl cp wlin-tenant/\${POD_NAME}:/tmp/e2e/cypress/screenshots ./screenshots -c run-e2e-test" + echo "" + echo " # Download HTML report" + echo " kubectl cp wlin-tenant/\${POD_NAME}:/tmp/e2e/cypress/index.html ./test-report.html -c run-e2e-test" + echo "" + echo "Pausing now..." + echo "" + + # Countdown with status updates + REMAINING=${PAUSE_SECONDS} + while [[ ${REMAINING} -gt 0 ]]; do + MINS=$((REMAINING / 60)) + SECS=$((REMAINING % 60)) + echo "⏳ Time remaining: ${MINS}m ${SECS}s (Cancel PipelineRun to exit early)" + sleep 60 + REMAINING=$((REMAINING - 60)) + done + + echo "" + echo "Debug pause complete. Continuing..." + fi + + exit ${EXIT_CODE} + + - name: upload-artifacts-to-oci + image: quay.io/konflux-ci/oras:latest + workingDir: /tmp/e2e + env: + - name: OCI_STORAGE + value: $(params.oci-storage) + - name: GIT_REVISION + value: $(params.git-revision) + - name: JOB_TYPE + value: $(params.job-type) + - name: REGISTRY_AUTH_FILE + value: /secrets/.dockerconfigjson + - name: PIPELINE_RUN_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['tekton.dev/pipelineRun'] + volumeMounts: + - name: oci-credentials + mountPath: /secrets + readOnly: true + script: | + #!/usr/bin/env bash + set -euo pipefail + + # Skip if OCI storage not configured + if [[ -z "${OCI_STORAGE}" || "${OCI_STORAGE}" == "" ]]; then + echo "ℹ OCI storage not configured, skipping artifact upload" + exit 0 + fi + + echo "==========================================" + echo "UPLOADING ARTIFACTS TO OCI REGISTRY" + echo "==========================================" + echo "" + + # Check if artifacts exist + if [[ ! -d /tmp/e2e/cypress ]]; then + echo "⚠ No artifacts found at /tmp/e2e/cypress" + exit 0 + fi + + # Verify authentication + if [[ ! -f "${REGISTRY_AUTH_FILE}" ]]; then + echo "ERROR: Registry auth file not found at ${REGISTRY_AUTH_FILE}" + echo "Make sure the secret '$(params.oci-credentials-secret)' exists and contains '.dockerconfigjson' key" + exit 1 + fi + + echo "✓ Registry authentication file found" + echo "" + + # Generate unique tag based on git revision and timestamp + SHORT_SHA="${GIT_REVISION:0:7}" + TIMESTAMP=$(date -u +%Y%m%d-%H%M%S) + + # Build the full OCI reference with tag + # Remove any existing tag from OCI_STORAGE base + OCI_BASE="${OCI_STORAGE%%:*}" + + # Create unique tag: - + TAG="${SHORT_SHA}-${TIMESTAMP}" + OCI_REF="${OCI_BASE}:${TAG}" + + echo "Configuration:" + echo " Base repository: ${OCI_BASE}" + echo " Tag: ${TAG}" + echo " Full reference: ${OCI_REF}" + echo " Git revision: ${GIT_REVISION}" + echo " Job type: ${JOB_TYPE}" + echo " PipelineRun: ${PIPELINE_RUN_NAME:-N/A}" + echo "" + + cd /tmp/e2e/cypress + + # Create a tarball of all artifacts + TARBALL="/tmp/cypress-artifacts.tar.gz" + echo "Creating tarball of artifacts..." + tar czf "${TARBALL}" . 2>/dev/null || { + echo "ERROR: Failed to create tarball" + exit 1 + } + + if [[ ! -f "${TARBALL}" ]]; then + echo "ERROR: Tarball was not created" + exit 1 + fi + + TARBALL_SIZE=$(du -h "${TARBALL}" | cut -f1) + echo "✓ Tarball created: ${TARBALL_SIZE}" + echo "" + + # Prepare annotations with metadata + CREATED_AT=$(date -u +%Y-%m-%dT%H:%M:%SZ) + + echo "Uploading to OCI registry..." + echo "Command: oras push ${OCI_REF}" + echo "" + + # Upload using oras with rich annotations + oras push "${OCI_REF}" \ + "${TARBALL}:application/gzip" \ + --annotation "org.opencontainers.image.title=cypress-e2e-artifacts" \ + --annotation "org.opencontainers.image.description=Cypress test artifacts (videos, screenshots, reports)" \ + --annotation "org.opencontainers.image.created=${CREATED_AT}" \ + --annotation "org.opencontainers.image.revision=${GIT_REVISION}" \ + --annotation "dev.konflux.job-type=${JOB_TYPE}" \ + --annotation "dev.konflux.pipeline-run=${PIPELINE_RUN_NAME:-unknown}" \ + --annotation "dev.konflux.artifact-type=cypress-test-results" || { + echo "" + echo "ERROR: Failed to push artifacts to OCI registry" + echo "This might be due to:" + echo " 1. Invalid credentials in secret '$(params.oci-credentials-secret)'" + echo " 2. Insufficient permissions to push to ${OCI_BASE}" + echo " 3. Network connectivity issues" + echo "" + echo "To verify credentials:" + echo " oc get secret $(params.oci-credentials-secret) -o jsonpath='{.data.\.dockerconfigjson}' | base64 -d | jq" + echo "" + exit 1 + } + + echo "" + echo "==========================================" + echo "✓ ARTIFACTS UPLOADED SUCCESSFULLY" + echo "==========================================" + echo "" + echo "Artifact Details:" + echo " Repository: ${OCI_BASE}" + echo " Tag: ${TAG}" + echo " Full reference: ${OCI_REF}" + echo " Size: ${TARBALL_SIZE}" + echo " Created: ${CREATED_AT}" + echo "" + echo "To download and extract artifacts:" + echo " oras pull ${OCI_REF}" + echo " tar xzf cypress-artifacts.tar.gz" + echo "" + echo "To view in browser:" + echo " https://quay.io/repository/konflux_ui_qe/pr-check-artefacts?tab=tags" + echo "" + + - name: report-to-slack + image: quay.io/konflux-ci/appstudio-utils:ab6b0b8e40e440158e7288c73aff1cf83a2cc8a9@sha256:24179f0efd06c65d16868c2d7eb82573cce8e43533de6cea14fec3b7446e0b14 + env: + - name: JOB_TYPE + value: $(params.job-type) + - name: SLACK_TOKEN + valueFrom: + secretKeyRef: + name: $(params.slack-credentials-secret) + key: token + optional: true + - name: SLACK_CHANNEL_ID + valueFrom: + configMapKeyRef: + name: slack-config + key: channel-id + optional: true + - name: PIPELINE_RUN_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['tekton.dev/pipelineRun'] + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + script: | + #!/usr/bin/env bash + + # Only send Slack report for periodic jobs + if [[ ! ${JOB_TYPE} == periodic* ]]; then + echo "Not a periodic job (JOB_TYPE=${JOB_TYPE}), skipping Slack report" + exit 0 + fi + + # Check if Slack is configured + if [[ -z "${SLACK_TOKEN}" || -z "${SLACK_CHANNEL_ID}" ]]; then + echo "Slack not configured, skipping report" + exit 0 + fi + + # Determine test outcome + E2E_OUTCOME="success" + if [[ -f /tmp/e2e-exit-code ]] && [[ $(cat /tmp/e2e-exit-code) -ne 0 ]]; then + E2E_OUTCOME="failure" + fi + + # Generate message + if [[ $E2E_OUTCOME == "success" ]]; then + ICON=":white_check_mark:" + else + ICON=":x:" + fi + + DATE_STR=$(date '+%b %-d') + + case "$JOB_TYPE" in + "periodic-local") + JOB_DESC="LOCAL Periodic job" + ;; + "periodic-stage") + JOB_DESC="STAGE Periodic job" + ;; + "periodic-cleanup") + JOB_DESC="CLEANUP Periodic job" + ;; + *) + JOB_DESC="Periodic job (${JOB_TYPE})" + ;; + esac + + # Add PipelineRun info to message + if [[ -n "${PIPELINE_RUN_NAME}" ]]; then + MESSAGE="${ICON} Report ${DATE_STR}: ${JOB_DESC} (PipelineRun: ${PIPELINE_RUN_NAME})" + else + MESSAGE="${ICON} Report ${DATE_STR}: ${JOB_DESC}" + fi + + echo "Sending Slack notification: ${MESSAGE}" + + # Send to Slack + curl -X POST https://slack.com/api/chat.postMessage \ + -H "Authorization: Bearer ${SLACK_TOKEN}" \ + -H "Content-Type: application/json; charset=utf-8" \ + -d "{\"channel\": \"${SLACK_CHANNEL_ID}\", \"text\": \"${MESSAGE}\"}" \ + || echo "Failed to send Slack notification (non-fatal)" diff --git a/integration-tests/Tasks/show-snapshot-data.yaml b/integration-tests/Tasks/show-snapshot-data.yaml new file mode 100644 index 00000000..9561c803 --- /dev/null +++ b/integration-tests/Tasks/show-snapshot-data.yaml @@ -0,0 +1,18 @@ +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: test-metadata +spec: + params: + - name: snapshot + description: 'The JSON string representing the snapshot of the application under test.' + type: string + steps: + - name: echo + image: alpine + env: + - name: SNAPSHOT + value: $(params.snapshot) + script: | + #!/bin/sh + echo "${SNAPSHOT}" diff --git a/integration-tests/test-run-e2e-task.yaml b/integration-tests/test-run-e2e-task.yaml new file mode 100644 index 00000000..5c0810df --- /dev/null +++ b/integration-tests/test-run-e2e-task.yaml @@ -0,0 +1,46 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: TaskRun +metadata: + generateName: test-run-e2e- + namespace: wlin-tenant +spec: + taskRef: + resolver: git + params: + - name: url + value: https://github.com/testcara/konflux-ui-test + - name: revision + value: main + - name: pathInRepo + value: integration-tests/Tasks/run-e2e-konflux-ui.yaml + params: + - name: job-spec + value: | + { + "container_image": "quay.io/redhat-user-workloads-stage/wlin-tenant/cara-konflux-ui-test-b1228:latest", + "konflux_component": "cara-konflux-ui-test-b1228", + "git": { + "pull_request_number": null, + "pull_request_author": null, + "git_org": "testcara", + "git_repo": "konflux-ui-test", + "commit_sha": "f1be336", + "event_type": "push", + "source_repo_url": "https://github.com/testcara/konflux-ui-test", + "source_repo_branch": "refs/heads/main", + "target_repo_branch": "main" + } + } + - name: job-type + value: "" + - name: git-url + value: https://github.com/testcara/konflux-ui-test + - name: git-revision + value: main + - name: cypress-credentials-secret + value: cypress-credentials + - name: slack-credentials-secret + value: slack-credentials + - name: github-credentials-secret + value: github-credentials diff --git a/pr_check.sh b/pr_check.sh index 2328a6be..53b8ce65 100755 --- a/pr_check.sh +++ b/pr_check.sh @@ -7,7 +7,7 @@ export TEST_IMAGE="quay.io/konflux_ui_qe/konflux-ui-tests:latest" build_ui_image() { set -euo pipefail - + # add debug by cara echo "Building UI from commit sha ${HEAD_SHA}" export IMAGE_NAME=localhost/test/test diff --git a/src/trigger-pull-1/trigger-pull.js b/src/trigger-pull-1/trigger-pull.js new file mode 100644 index 00000000..28d79220 --- /dev/null +++ b/src/trigger-pull-1/trigger-pull.js @@ -0,0 +1,3 @@ +export const triggerPull = () => { + return 'Trigger Pull'; +}; diff --git a/src/trigger-pull/trigger-pull.js b/src/trigger-pull/trigger-pull.js new file mode 100644 index 00000000..a1cd4849 --- /dev/null +++ b/src/trigger-pull/trigger-pull.js @@ -0,0 +1,3 @@ +export const TriggerPull = () => { + return 'trigger pull'; +}; diff --git a/yarn.lock b/yarn.lock index 1e92f240..34b041d7 100644 --- a/yarn.lock +++ b/yarn.lock @@ -15,7 +15,16 @@ "@jridgewell/gen-mapping" "^0.3.5" "@jridgewell/trace-mapping" "^0.3.24" -"@babel/code-frame@^7.0.0", "@babel/code-frame@^7.10.4", "@babel/code-frame@^7.12.13", "@babel/code-frame@^7.16.7", "@babel/code-frame@^7.24.7": +"@babel/code-frame@^7.0.0": + version "7.29.0" + resolved "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.29.0.tgz#7cd7a59f15b3cc0dcd803038f7792712a7d0b15c" + integrity sha512-9NhCeYjq9+3uxgdtp20LSiJXJvN0FeCtNGpJxuMFZ1Kv3cWUNb6DOhJwUvcVCzKGR66cw4njwM6hrJLqgOwbcw== + dependencies: + "@babel/helper-validator-identifier" "^7.28.5" + js-tokens "^4.0.0" + picocolors "^1.1.1" + +"@babel/code-frame@^7.10.4", "@babel/code-frame@^7.12.13", "@babel/code-frame@^7.16.7", "@babel/code-frame@^7.24.7": version "7.24.7" resolved "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.24.7.tgz" integrity sha512-BcYH1CVJBO9tvyIZ2jVeXgSIMvGZ2FDRvDdOIVQyuklNKSsx+eppDEBq/g47Ayw+RqNFE+URvOShmf+f/qwAlA== @@ -373,21 +382,16 @@ resolved "https://registry.yarnpkg.com/@babel/helper-string-parser/-/helper-string-parser-7.27.1.tgz#54da796097ab19ce67ed9f88b47bb2ec49367687" integrity sha512-qMlSxKbpRlAridDExk92nSobyDdpPijUq2DW6oDnUqd0iOGxmQjyqhMIihI9+zv4LPyZdRje2cavWPbCbWm3eA== -"@babel/helper-validator-identifier@^7.24.7": - version "7.24.7" - resolved "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.24.7.tgz" - integrity sha512-rR+PBcQ1SMQDDyF6X0wxtG8QyLCgUB0eRAGguqRLfkCA87l7yAP7ehq8SNj96OOGTO8OBV70KhuFYcIkHXOg0w== +"@babel/helper-validator-identifier@^7.24.7", "@babel/helper-validator-identifier@^7.25.9", "@babel/helper-validator-identifier@^7.28.5": + version "7.28.5" + resolved "https://registry.yarnpkg.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.28.5.tgz#010b6938fab7cb7df74aa2bbc06aa503b8fe5fb4" + integrity sha512-qSs4ifwzKJSV39ucNjsvc6WVHs6b7S03sOh2OcHF9UHfVPqWWALUsNUVzhSBiItjRZoLHx7nIarVjqKVusUZ1Q== "@babel/helper-validator-identifier@^7.27.1": version "7.27.1" resolved "https://registry.yarnpkg.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.27.1.tgz#a7054dcc145a967dd4dc8fee845a57c1316c9df8" integrity sha512-D2hP9eA+Sqx1kBZgzxZh0y1trbuU+JoDkiEwqhQ36nodYqJwyEIhPSdMNd7lOm/4io72luTPWH20Yda0xOuUow== -"@babel/helper-validator-identifier@^7.28.5": - version "7.28.5" - resolved "https://registry.yarnpkg.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.28.5.tgz#010b6938fab7cb7df74aa2bbc06aa503b8fe5fb4" - integrity sha512-qSs4ifwzKJSV39ucNjsvc6WVHs6b7S03sOh2OcHF9UHfVPqWWALUsNUVzhSBiItjRZoLHx7nIarVjqKVusUZ1Q== - "@babel/helper-validator-option@^7.24.8": version "7.24.8" resolved "https://registry.yarnpkg.com/@babel/helper-validator-option/-/helper-validator-option-7.24.8.tgz#3725cdeea8b480e86d34df15304806a06975e33d" @@ -432,11 +436,11 @@ "@babel/types" "^7.28.4" "@babel/highlight@^7.24.7": - version "7.24.7" - resolved "https://registry.npmjs.org/@babel/highlight/-/highlight-7.24.7.tgz" - integrity sha512-EStJpq4OuY8xYfhGVXngigBJRWxftKX9ksiGDnmlY3o7B/V7KIAc9X4oiK87uPJSc/vs5L869bem5fhZa8caZw== + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/highlight/-/highlight-7.25.9.tgz#8141ce68fc73757946f983b343f1231f4691acc6" + integrity sha512-llL88JShoCsth8fF8R4SJnIn+WLvR6ccFxu1H3FlMhDontdcmZWf2HgIZ7AIqV3Xcck1idlohrN4EUBQz6klbw== dependencies: - "@babel/helper-validator-identifier" "^7.24.7" + "@babel/helper-validator-identifier" "^7.25.9" chalk "^2.4.2" js-tokens "^4.0.0" picocolors "^1.0.0" @@ -1522,157 +1526,156 @@ integrity sha512-Ir+AOibqzrIsL6ajt3Rz3LskB7OiMVHqltZmspbW/TJuTVuyOMirVqAkjfY6JISiLHgyNqicAC8AyHHGzNd/dA== "@commitlint/cli@^19.3.0": - version "19.3.0" - resolved "https://registry.yarnpkg.com/@commitlint/cli/-/cli-19.3.0.tgz#44e6da9823a01f0cdcc43054bbefdd2c6c5ddf39" - integrity sha512-LgYWOwuDR7BSTQ9OLZ12m7F/qhNY+NpAyPBgo4YNMkACE7lGuUnuQq1yi9hz1KA4+3VqpOYl8H1rY/LYK43v7g== - dependencies: - "@commitlint/format" "^19.3.0" - "@commitlint/lint" "^19.2.2" - "@commitlint/load" "^19.2.0" - "@commitlint/read" "^19.2.1" - "@commitlint/types" "^19.0.3" - execa "^8.0.1" + version "19.8.1" + resolved "https://registry.yarnpkg.com/@commitlint/cli/-/cli-19.8.1.tgz#85f7d9f331344e1f0a2b9d8b24fd3695466e1158" + integrity sha512-LXUdNIkspyxrlV6VDHWBmCZRtkEVRpBKxi2Gtw3J54cGWhLCTouVD/Q6ZSaSvd2YaDObWK8mDjrz3TIKtaQMAA== + dependencies: + "@commitlint/format" "^19.8.1" + "@commitlint/lint" "^19.8.1" + "@commitlint/load" "^19.8.1" + "@commitlint/read" "^19.8.1" + "@commitlint/types" "^19.8.1" + tinyexec "^1.0.0" yargs "^17.0.0" "@commitlint/config-conventional@^19.2.2": - version "19.2.2" - resolved "https://registry.yarnpkg.com/@commitlint/config-conventional/-/config-conventional-19.2.2.tgz#1f4e6975d428985deacf2b3ff6547e02c9302054" - integrity sha512-mLXjsxUVLYEGgzbxbxicGPggDuyWNkf25Ht23owXIH+zV2pv1eJuzLK3t1gDY5Gp6pxdE60jZnWUY5cvgL3ufw== + version "19.8.1" + resolved "https://registry.yarnpkg.com/@commitlint/config-conventional/-/config-conventional-19.8.1.tgz#eab42df58cda44f18410ae0cbd6785ece00f214b" + integrity sha512-/AZHJL6F6B/G959CsMAzrPKKZjeEiAVifRyEwXxcT6qtqbPwGw+iQxmNS+Bu+i09OCtdNRW6pNpBvgPrtMr9EQ== dependencies: - "@commitlint/types" "^19.0.3" + "@commitlint/types" "^19.8.1" conventional-changelog-conventionalcommits "^7.0.2" -"@commitlint/config-validator@^19.0.3": - version "19.0.3" - resolved "https://registry.yarnpkg.com/@commitlint/config-validator/-/config-validator-19.0.3.tgz#052b181a30da6b4fc16dc5230f4589ac95e0bc81" - integrity sha512-2D3r4PKjoo59zBc2auodrSCaUnCSALCx54yveOFwwP/i2kfEAQrygwOleFWswLqK0UL/F9r07MFi5ev2ohyM4Q== +"@commitlint/config-validator@^19.8.1": + version "19.8.1" + resolved "https://registry.yarnpkg.com/@commitlint/config-validator/-/config-validator-19.8.1.tgz#29e9bb1360fa41b9439b23d8e25deaaf097306b5" + integrity sha512-0jvJ4u+eqGPBIzzSdqKNX1rvdbSU1lPNYlfQQRIFnBgLy26BtC0cFnr7c/AyuzExMxWsMOte6MkTi9I3SQ3iGQ== dependencies: - "@commitlint/types" "^19.0.3" + "@commitlint/types" "^19.8.1" ajv "^8.11.0" -"@commitlint/ensure@^19.0.3": - version "19.0.3" - resolved "https://registry.yarnpkg.com/@commitlint/ensure/-/ensure-19.0.3.tgz#d172b1b72ca88cbd317ea1ee79f3a03dbaccc76e" - integrity sha512-SZEpa/VvBLoT+EFZVb91YWbmaZ/9rPH3ESrINOl0HD2kMYsjvl0tF7nMHh0EpTcv4+gTtZBAe1y/SS6/OhfZzQ== +"@commitlint/ensure@^19.8.1": + version "19.8.1" + resolved "https://registry.yarnpkg.com/@commitlint/ensure/-/ensure-19.8.1.tgz#938c54d6f586bda600b5c8e8e842edb281546e14" + integrity sha512-mXDnlJdvDzSObafjYrOSvZBwkD01cqB4gbnnFuVyNpGUM5ijwU/r/6uqUmBXAAOKRfyEjpkGVZxaDsCVnHAgyw== dependencies: - "@commitlint/types" "^19.0.3" + "@commitlint/types" "^19.8.1" lodash.camelcase "^4.3.0" lodash.kebabcase "^4.1.1" lodash.snakecase "^4.1.1" lodash.startcase "^4.4.0" lodash.upperfirst "^4.3.1" -"@commitlint/execute-rule@^19.0.0": - version "19.0.0" - resolved "https://registry.yarnpkg.com/@commitlint/execute-rule/-/execute-rule-19.0.0.tgz#928fb239ae8deec82a6e3b05ec9cfe20afa83856" - integrity sha512-mtsdpY1qyWgAO/iOK0L6gSGeR7GFcdW7tIjcNFxcWkfLDF5qVbPHKuGATFqRMsxcO8OUKNj0+3WOHB7EHm4Jdw== +"@commitlint/execute-rule@^19.8.1": + version "19.8.1" + resolved "https://registry.yarnpkg.com/@commitlint/execute-rule/-/execute-rule-19.8.1.tgz#53000363b737773e2d25e97c20f15eaa78742067" + integrity sha512-YfJyIqIKWI64Mgvn/sE7FXvVMQER/Cd+s3hZke6cI1xgNT/f6ZAz5heND0QtffH+KbcqAwXDEE1/5niYayYaQA== -"@commitlint/format@^19.3.0": - version "19.3.0" - resolved "https://registry.yarnpkg.com/@commitlint/format/-/format-19.3.0.tgz#48dd9e6930d41eb0ca19f36159ee940c5b25d857" - integrity sha512-luguk5/aF68HiF4H23ACAfk8qS8AHxl4LLN5oxPc24H+2+JRPsNr1OS3Gaea0CrH7PKhArBMKBz5RX9sA5NtTg== +"@commitlint/format@^19.8.1": + version "19.8.1" + resolved "https://registry.yarnpkg.com/@commitlint/format/-/format-19.8.1.tgz#3e09b1291b3e29092d7a86f0afbbcfc0d99d3ad4" + integrity sha512-kSJj34Rp10ItP+Eh9oCItiuN/HwGQMXBnIRk69jdOwEW9llW9FlyqcWYbHPSGofmjsqeoxa38UaEA5tsbm2JWw== dependencies: - "@commitlint/types" "^19.0.3" + "@commitlint/types" "^19.8.1" chalk "^5.3.0" -"@commitlint/is-ignored@^19.2.2": - version "19.2.2" - resolved "https://registry.yarnpkg.com/@commitlint/is-ignored/-/is-ignored-19.2.2.tgz#503ddcf908ac6b2bc4586a49cb53893a1856f5b2" - integrity sha512-eNX54oXMVxncORywF4ZPFtJoBm3Tvp111tg1xf4zWXGfhBPKpfKG6R+G3G4v5CPlRROXpAOpQ3HMhA9n1Tck1g== +"@commitlint/is-ignored@^19.8.1": + version "19.8.1" + resolved "https://registry.yarnpkg.com/@commitlint/is-ignored/-/is-ignored-19.8.1.tgz#fed0851360ea2d21799eaf8ec9ef6d98c15536e3" + integrity sha512-AceOhEhekBUQ5dzrVhDDsbMaY5LqtN8s1mqSnT2Kz1ERvVZkNihrs3Sfk1Je/rxRNbXYFzKZSHaPsEJJDJV8dg== dependencies: - "@commitlint/types" "^19.0.3" + "@commitlint/types" "^19.8.1" semver "^7.6.0" -"@commitlint/lint@^19.2.2": - version "19.2.2" - resolved "https://registry.yarnpkg.com/@commitlint/lint/-/lint-19.2.2.tgz#57f69e24bd832a7dcce8ebf82d11e3bf03ccc2a9" - integrity sha512-xrzMmz4JqwGyKQKTpFzlN0dx0TAiT7Ran1fqEBgEmEj+PU98crOFtysJgY+QdeSagx6EDRigQIXJVnfrI0ratA== - dependencies: - "@commitlint/is-ignored" "^19.2.2" - "@commitlint/parse" "^19.0.3" - "@commitlint/rules" "^19.0.3" - "@commitlint/types" "^19.0.3" - -"@commitlint/load@^19.2.0": - version "19.2.0" - resolved "https://registry.yarnpkg.com/@commitlint/load/-/load-19.2.0.tgz#3ca51fdead4f1e1e09c9c7df343306412b1ef295" - integrity sha512-XvxxLJTKqZojCxaBQ7u92qQLFMMZc4+p9qrIq/9kJDy8DOrEa7P1yx7Tjdc2u2JxIalqT4KOGraVgCE7eCYJyQ== - dependencies: - "@commitlint/config-validator" "^19.0.3" - "@commitlint/execute-rule" "^19.0.0" - "@commitlint/resolve-extends" "^19.1.0" - "@commitlint/types" "^19.0.3" +"@commitlint/lint@^19.8.1": + version "19.8.1" + resolved "https://registry.yarnpkg.com/@commitlint/lint/-/lint-19.8.1.tgz#c21bf9000ca54e41c5b0139c98aaf12473c03bb0" + integrity sha512-52PFbsl+1EvMuokZXLRlOsdcLHf10isTPlWwoY1FQIidTsTvjKXVXYb7AvtpWkDzRO2ZsqIgPK7bI98x8LRUEw== + dependencies: + "@commitlint/is-ignored" "^19.8.1" + "@commitlint/parse" "^19.8.1" + "@commitlint/rules" "^19.8.1" + "@commitlint/types" "^19.8.1" + +"@commitlint/load@^19.8.1": + version "19.8.1" + resolved "https://registry.yarnpkg.com/@commitlint/load/-/load-19.8.1.tgz#b997b1f65a961bf0a47189f15f6dc8786ceb4576" + integrity sha512-9V99EKG3u7z+FEoe4ikgq7YGRCSukAcvmKQuTtUyiYPnOd9a2/H9Ak1J9nJA1HChRQp9OA/sIKPugGS+FK/k1A== + dependencies: + "@commitlint/config-validator" "^19.8.1" + "@commitlint/execute-rule" "^19.8.1" + "@commitlint/resolve-extends" "^19.8.1" + "@commitlint/types" "^19.8.1" chalk "^5.3.0" cosmiconfig "^9.0.0" - cosmiconfig-typescript-loader "^5.0.0" + cosmiconfig-typescript-loader "^6.1.0" lodash.isplainobject "^4.0.6" lodash.merge "^4.6.2" lodash.uniq "^4.5.0" -"@commitlint/message@^19.0.0": - version "19.0.0" - resolved "https://registry.yarnpkg.com/@commitlint/message/-/message-19.0.0.tgz#f789dd1b7a1f9c784578e0111f46cc3fecf5a531" - integrity sha512-c9czf6lU+9oF9gVVa2lmKaOARJvt4soRsVmbR7Njwp9FpbBgste5i7l/2l5o8MmbwGh4yE1snfnsy2qyA2r/Fw== +"@commitlint/message@^19.8.1": + version "19.8.1" + resolved "https://registry.yarnpkg.com/@commitlint/message/-/message-19.8.1.tgz#d5d0d87837483d9f9b4559ffa06e1aaa26d266d6" + integrity sha512-+PMLQvjRXiU+Ae0Wc+p99EoGEutzSXFVwQfa3jRNUZLNW5odZAyseb92OSBTKCu+9gGZiJASt76Cj3dLTtcTdg== -"@commitlint/parse@^19.0.3": - version "19.0.3" - resolved "https://registry.yarnpkg.com/@commitlint/parse/-/parse-19.0.3.tgz#a2d09876d458e17ad0e1695b04f41af8b50a41c2" - integrity sha512-Il+tNyOb8VDxN3P6XoBBwWJtKKGzHlitEuXA5BP6ir/3loWlsSqDr5aecl6hZcC/spjq4pHqNh0qPlfeWu38QA== +"@commitlint/parse@^19.8.1": + version "19.8.1" + resolved "https://registry.yarnpkg.com/@commitlint/parse/-/parse-19.8.1.tgz#73125d04f07f11477cf563cbfe0cc9f6dc85a747" + integrity sha512-mmAHYcMBmAgJDKWdkjIGq50X4yB0pSGpxyOODwYmoexxxiUCy5JJT99t1+PEMK7KtsCtzuWYIAXYAiKR+k+/Jw== dependencies: - "@commitlint/types" "^19.0.3" + "@commitlint/types" "^19.8.1" conventional-changelog-angular "^7.0.0" conventional-commits-parser "^5.0.0" -"@commitlint/read@^19.2.1": - version "19.2.1" - resolved "https://registry.yarnpkg.com/@commitlint/read/-/read-19.2.1.tgz#7296b99c9a989e60e5927fff8388a1dd44299c2f" - integrity sha512-qETc4+PL0EUv7Q36lJbPG+NJiBOGg7SSC7B5BsPWOmei+Dyif80ErfWQ0qXoW9oCh7GTpTNRoaVhiI8RbhuaNw== +"@commitlint/read@^19.8.1": + version "19.8.1" + resolved "https://registry.yarnpkg.com/@commitlint/read/-/read-19.8.1.tgz#812930fd0f616e796e122751cb983346e5454ec8" + integrity sha512-03Jbjb1MqluaVXKHKRuGhcKWtSgh3Jizqy2lJCRbRrnWpcM06MYm8th59Xcns8EqBYvo0Xqb+2DoZFlga97uXQ== dependencies: - "@commitlint/top-level" "^19.0.0" - "@commitlint/types" "^19.0.3" - execa "^8.0.1" + "@commitlint/top-level" "^19.8.1" + "@commitlint/types" "^19.8.1" git-raw-commits "^4.0.0" minimist "^1.2.8" + tinyexec "^1.0.0" -"@commitlint/resolve-extends@^19.1.0": - version "19.1.0" - resolved "https://registry.yarnpkg.com/@commitlint/resolve-extends/-/resolve-extends-19.1.0.tgz#fa5b8f921e9c8d76f53624c35bf25b9676bd73fa" - integrity sha512-z2riI+8G3CET5CPgXJPlzftH+RiWYLMYv4C9tSLdLXdr6pBNimSKukYP9MS27ejmscqCTVA4almdLh0ODD2KYg== +"@commitlint/resolve-extends@^19.8.1": + version "19.8.1" + resolved "https://registry.yarnpkg.com/@commitlint/resolve-extends/-/resolve-extends-19.8.1.tgz#a44bb4c22e3e7d407cc9a3758fcf58f5c360b694" + integrity sha512-GM0mAhFk49I+T/5UCYns5ayGStkTt4XFFrjjf0L4S26xoMTSkdCf9ZRO8en1kuopC4isDFuEm7ZOm/WRVeElVg== dependencies: - "@commitlint/config-validator" "^19.0.3" - "@commitlint/types" "^19.0.3" + "@commitlint/config-validator" "^19.8.1" + "@commitlint/types" "^19.8.1" global-directory "^4.0.1" import-meta-resolve "^4.0.0" lodash.mergewith "^4.6.2" resolve-from "^5.0.0" -"@commitlint/rules@^19.0.3": - version "19.0.3" - resolved "https://registry.yarnpkg.com/@commitlint/rules/-/rules-19.0.3.tgz#de647a9055847cae4f3ae32b4798096b604584f3" - integrity sha512-TspKb9VB6svklxNCKKwxhELn7qhtY1rFF8ls58DcFd0F97XoG07xugPjjbVnLqmMkRjZDbDIwBKt9bddOfLaPw== +"@commitlint/rules@^19.8.1": + version "19.8.1" + resolved "https://registry.yarnpkg.com/@commitlint/rules/-/rules-19.8.1.tgz#1cea53d5bf970ce56dc105e1da5e6655a2fe7a5f" + integrity sha512-Hnlhd9DyvGiGwjfjfToMi1dsnw1EXKGJNLTcsuGORHz6SS9swRgkBsou33MQ2n51/boIDrbsg4tIBbRpEWK2kw== dependencies: - "@commitlint/ensure" "^19.0.3" - "@commitlint/message" "^19.0.0" - "@commitlint/to-lines" "^19.0.0" - "@commitlint/types" "^19.0.3" - execa "^8.0.1" + "@commitlint/ensure" "^19.8.1" + "@commitlint/message" "^19.8.1" + "@commitlint/to-lines" "^19.8.1" + "@commitlint/types" "^19.8.1" -"@commitlint/to-lines@^19.0.0": - version "19.0.0" - resolved "https://registry.yarnpkg.com/@commitlint/to-lines/-/to-lines-19.0.0.tgz#aa6618eb371bafbc0cd3b48f0db565c4a40462c6" - integrity sha512-vkxWo+VQU5wFhiP9Ub9Sre0FYe019JxFikrALVoD5UGa8/t3yOJEpEhxC5xKiENKKhUkTpEItMTRAjHw2SCpZw== +"@commitlint/to-lines@^19.8.1": + version "19.8.1" + resolved "https://registry.yarnpkg.com/@commitlint/to-lines/-/to-lines-19.8.1.tgz#c1a28a84542c7ba321c1c11178b83ae024257b47" + integrity sha512-98Mm5inzbWTKuZQr2aW4SReY6WUukdWXuZhrqf1QdKPZBCCsXuG87c+iP0bwtD6DBnmVVQjgp4whoHRVixyPBg== -"@commitlint/top-level@^19.0.0": - version "19.0.0" - resolved "https://registry.yarnpkg.com/@commitlint/top-level/-/top-level-19.0.0.tgz#9c44d7cec533bb9598bfae9658737e2d6a903605" - integrity sha512-KKjShd6u1aMGNkCkaX4aG1jOGdn7f8ZI8TR1VEuNqUOjWTOdcDSsmglinglJ18JTjuBX5I1PtjrhQCRcixRVFQ== +"@commitlint/top-level@^19.8.1": + version "19.8.1" + resolved "https://registry.yarnpkg.com/@commitlint/top-level/-/top-level-19.8.1.tgz#2c942189d83a29b21ff7ba6e91607301efdf5916" + integrity sha512-Ph8IN1IOHPSDhURCSXBz44+CIu+60duFwRsg6HqaISFHQHbmBtxVw4ZrFNIYUzEP7WwrNPxa2/5qJ//NK1FGcw== dependencies: find-up "^7.0.0" -"@commitlint/types@^19.0.3": - version "19.0.3" - resolved "https://registry.yarnpkg.com/@commitlint/types/-/types-19.0.3.tgz#feff4ecac2b5c359f2a57f9ab094b2ac80ef0266" - integrity sha512-tpyc+7i6bPG9mvaBbtKUeghfyZSDgWquIDfMgqYtTbmZ9Y9VzEm2je9EYcQ0aoz5o7NvGS+rcDec93yO08MHYA== +"@commitlint/types@^19.8.1": + version "19.8.1" + resolved "https://registry.yarnpkg.com/@commitlint/types/-/types-19.8.1.tgz#7971fbd56b0cfb31692a4e1941b74ac8217c44e5" + integrity sha512-/yCrWGCoA1SVKOks25EGadP9Pnj0oAIHGpl2wH2M2Y46dPM2ueb8wyCVOD7O3WCTkaJ0IkKvzhl1JY7+uCT2Dw== dependencies: "@types/conventional-commits-parser" "^5.0.0" chalk "^5.3.0" @@ -2718,9 +2721,9 @@ "@types/node" "*" "@types/conventional-commits-parser@^5.0.0": - version "5.0.0" - resolved "https://registry.yarnpkg.com/@types/conventional-commits-parser/-/conventional-commits-parser-5.0.0.tgz#8c9d23e0b415b24b91626d07017303755d542dc8" - integrity sha512-loB369iXNmAZglwWATL+WRe+CRMmmBPtpolYzIebFaX4YA3x+BEfLqhUAV9WanycKI3TG1IMr5bMJDajDKLlUQ== + version "5.0.2" + resolved "https://registry.yarnpkg.com/@types/conventional-commits-parser/-/conventional-commits-parser-5.0.2.tgz#987db915796deb9d0c8ffb7a8ed42cb5bb257cd5" + integrity sha512-BgT2szDXnVypgpNxOK8aL5SGjUdaQbC++WZNjF1Qge3Og2+zhHj+RWhmehLhYyvQwqAmvezruVfOf8+3m74W+g== dependencies: "@types/node" "*" @@ -3112,11 +3115,11 @@ "@types/node" "*" "@types/node@*": - version "20.14.10" - resolved "https://registry.yarnpkg.com/@types/node/-/node-20.14.10.tgz#a1a218290f1b6428682e3af044785e5874db469a" - integrity sha512-MdiXf+nDuMvY0gJKxyfZ7/6UFsETO7mGKF54MVD/ekJS6HdFtpZFBgrh6Pseu64XTb2MLyFPlbW6hj8HYRQNOQ== + version "25.5.0" + resolved "https://registry.yarnpkg.com/@types/node/-/node-25.5.0.tgz#5c99f37c443d9ccc4985866913f1ed364217da31" + integrity sha512-jp2P3tQMSxWugkCUKLRPVUpGaL5MVFwF8RDuSRztfwgN1wmqJeMSbKlnEtQqU8UrhTmzEmZdu2I6v2dpp7XIxw== dependencies: - undici-types "~5.26.4" + undici-types "~7.18.0" "@types/prop-types@*": version "15.7.12" @@ -3573,7 +3576,7 @@ ajv@^8.0.0, ajv@^8.9.0: json-schema-traverse "^1.0.0" require-from-string "^2.0.2" -ajv@^8.0.1, ajv@^8.11.0: +ajv@^8.0.1: version "8.16.0" resolved "https://registry.npmjs.org/ajv/-/ajv-8.16.0.tgz" integrity sha512-F0twR8U1ZU67JIEtekUcLkXkoO5mMMmgGD8sK/xUFzJ805jxHQl92hImFAqqXMyMYjSPOyUPAwHYhB72g5sTXw== @@ -3583,6 +3586,16 @@ ajv@^8.0.1, ajv@^8.11.0: require-from-string "^2.0.2" uri-js "^4.4.1" +ajv@^8.11.0: + version "8.18.0" + resolved "https://registry.yarnpkg.com/ajv/-/ajv-8.18.0.tgz#8864186b6738d003eb3a933172bb3833e10cefbc" + integrity sha512-PlXPeEWMXMZ7sPYOHqmDyCJzcfNrUr3fGNKtezX14ykXOEIvyK81d+qydx89KY5O71FKMPaQ2vBfBFI5NHR63A== + dependencies: + fast-deep-equal "^3.1.3" + fast-uri "^3.0.1" + json-schema-traverse "^1.0.0" + require-from-string "^2.0.2" + ansi-escapes@^4.2.1: version "4.3.2" resolved "https://registry.yarnpkg.com/ansi-escapes/-/ansi-escapes-4.3.2.tgz#6b2291d1db7d98b6521d5f1efa42d0f3a9feb65e" @@ -3607,7 +3620,7 @@ ansi-html@^0.0.9: ansi-regex@^5.0.1: version "5.0.1" - resolved "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz" + resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-5.0.1.tgz#082cb2c89c9fe8659a311a53bd6a4dc5301db304" integrity sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ== ansi-regex@^6.0.1: @@ -3617,7 +3630,7 @@ ansi-regex@^6.0.1: ansi-styles@^3.2.1: version "3.2.1" - resolved "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz" + resolved "https://registry.yarnpkg.com/ansi-styles/-/ansi-styles-3.2.1.tgz#41fbb20243e50b12be0f04b8dedbf07520ce841d" integrity sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA== dependencies: color-convert "^1.9.0" @@ -3656,7 +3669,7 @@ argparse@^1.0.7: argparse@^2.0.1: version "2.0.1" - resolved "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz" + resolved "https://registry.yarnpkg.com/argparse/-/argparse-2.0.1.tgz#246f50f3ca78a3240f6c997e8a9bd1eac49e4b38" integrity sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q== aria-query@5.3.0, aria-query@^5.0.0: @@ -4087,7 +4100,7 @@ call-bound@^1.0.2, call-bound@^1.0.3, call-bound@^1.0.4: callsites@^3.0.0: version "3.1.0" - resolved "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz" + resolved "https://registry.yarnpkg.com/callsites/-/callsites-3.1.0.tgz#b3630abd8943432f54b3f0519238e33cd7df2f73" integrity sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ== camel-case@^4.1.2: @@ -4120,7 +4133,7 @@ caniuse-lite@^1.0.30001726: chalk@^2.4.2: version "2.4.2" - resolved "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz" + resolved "https://registry.yarnpkg.com/chalk/-/chalk-2.4.2.tgz#cd42541677a54333cf541a49108c1432b44c9424" integrity sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ== dependencies: ansi-styles "^3.2.1" @@ -4143,7 +4156,12 @@ chalk@^4.0.0, chalk@^4.0.2, chalk@^4.1.0, chalk@^4.1.2: ansi-styles "^4.1.0" supports-color "^7.1.0" -chalk@^5.3.0, chalk@~5.3.0: +chalk@^5.3.0: + version "5.6.2" + resolved "https://registry.yarnpkg.com/chalk/-/chalk-5.6.2.tgz#b1238b6e23ea337af71c7f8a295db5af0c158aea" + integrity sha512-7NzBL0rN6fMUW+f7A6Io4h40qQlG+xGmtMxfbnH/K7TAtt8JQWVQK+6g0UXKMeVJoyV5EkkNsErQ8pVD3bLHbA== + +chalk@~5.3.0: version "5.3.0" resolved "https://registry.npmjs.org/chalk/-/chalk-5.3.0.tgz" integrity sha512-dLitG79d+GV1Nb/VYcCDFivJeK1hiukt9QjRNVOsUtTy1rR1YJsmpGGTZ3qJos+uw7WmWF4wUwBd9jxjocFC2w== @@ -4261,14 +4279,14 @@ color-convert@^1.9.0, color-convert@^1.9.3: color-convert@^2.0.1: version "2.0.1" - resolved "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz" + resolved "https://registry.yarnpkg.com/color-convert/-/color-convert-2.0.1.tgz#72d3a68d598c9bdb3af2ad1e84f21d896abd4de3" integrity sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ== dependencies: color-name "~1.1.4" color-name@1.1.3: version "1.1.3" - resolved "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz" + resolved "https://registry.yarnpkg.com/color-name/-/color-name-1.1.3.tgz#a7d0558bd89c42f795dd42328f740831ca53bc25" integrity sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw== color-name@^1.0.0, color-name@~1.1.4: @@ -4468,12 +4486,12 @@ core-util-is@~1.0.0: resolved "https://registry.yarnpkg.com/core-util-is/-/core-util-is-1.0.3.tgz#a6042d3634c2b27e9328f837b965fac83808db85" integrity sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ== -cosmiconfig-typescript-loader@^5.0.0: - version "5.0.0" - resolved "https://registry.yarnpkg.com/cosmiconfig-typescript-loader/-/cosmiconfig-typescript-loader-5.0.0.tgz#0d3becfe022a871f7275ceb2397d692e06045dc8" - integrity sha512-+8cK7jRAReYkMwMiG+bxhcNKiHJDM6bR9FD/nGBXOWdMLuYawjF5cGrtLilJ+LGd3ZjCXnJjR5DkfWPoIVlqJA== +cosmiconfig-typescript-loader@^6.1.0: + version "6.2.0" + resolved "https://registry.yarnpkg.com/cosmiconfig-typescript-loader/-/cosmiconfig-typescript-loader-6.2.0.tgz#26399fa92e9569052062846afd038c94628f0f69" + integrity sha512-GEN39v7TgdxgIoNcdkRE3uiAzQt3UXLyHbRHD6YoL048XAeOomyxaP+Hh/+2C6C2wYjxJ2onhJcsQp+L4YEkVQ== dependencies: - jiti "^1.19.1" + jiti "^2.6.1" cosmiconfig@^8.1.3, cosmiconfig@^8.2.0: version "8.3.6" @@ -4486,9 +4504,9 @@ cosmiconfig@^8.1.3, cosmiconfig@^8.2.0: path-type "^4.0.0" cosmiconfig@^9.0.0: - version "9.0.0" - resolved "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-9.0.0.tgz" - integrity sha512-itvL5h8RETACmOTFc4UfIyB2RfEHi71Ax6E/PivVxq9NseKbOWpeyHEOIbmAw1rs8Ak0VursQNww7lf7YtUwzg== + version "9.0.1" + resolved "https://registry.yarnpkg.com/cosmiconfig/-/cosmiconfig-9.0.1.tgz#df110631a8547b5d1a98915271986f06e3011379" + integrity sha512-hr4ihw+DBqcvrsEDioRO31Z17x71pUYoNe/4h6Z0wB72p7MU7/9gH8Q3s12NFhHPfYBBOV3qyfUxmr/Yn3shnQ== dependencies: env-paths "^2.2.1" import-fresh "^3.3.0" @@ -5339,7 +5357,7 @@ emoji-regex@^10.3.0: emoji-regex@^8.0.0: version "8.0.0" - resolved "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz" + resolved "https://registry.yarnpkg.com/emoji-regex/-/emoji-regex-8.0.0.tgz#e818fd69ce5ccfcb404594f842963bf53164cc37" integrity sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A== emoji-regex@^9.2.2: @@ -5390,7 +5408,7 @@ entities@^4.2.0, entities@^4.4.0: env-paths@^2.2.1: version "2.2.1" - resolved "https://registry.npmjs.org/env-paths/-/env-paths-2.2.1.tgz" + resolved "https://registry.yarnpkg.com/env-paths/-/env-paths-2.2.1.tgz#420399d416ce1fbe9bc0a07c62fa68d67fd0f8f2" integrity sha512-+h1lkLKhZMTYjog1VEpJNG7NZJWcuc2DDk/qsqSTRRCOXiLjeQ1d1/udrUGhqMxUgAlwKNZ0cf2uqan5GLuS2A== envinfo@^7.7.3: @@ -5399,9 +5417,9 @@ envinfo@^7.7.3: integrity sha512-cvcaMr7KqXVh4nyzGTVqTum+gAiL265x5jUWQIDLq//zOGbW+gSW/C+OWLleY/rs9Qole6AZLMXPbtIFQbqu+Q== error-ex@^1.3.1: - version "1.3.2" - resolved "https://registry.npmjs.org/error-ex/-/error-ex-1.3.2.tgz" - integrity sha512-7dFHNmqeFSEt2ZBsCriorKnn3Z2pj+fd9kmI6QoWw4//DL+icEBfc0U7qJCisqrTsKTjw4fNFy2pW9OqStD84g== + version "1.3.4" + resolved "https://registry.yarnpkg.com/error-ex/-/error-ex-1.3.4.tgz#b3a8d8bb6f92eecc1629e3e27d3c8607a8a32414" + integrity sha512-sqQamAnR14VgCr1A618A3sGrygcpK+HEbenA/HiEAkkUwcZIIB/tgWqHFxWgOyDh4nB4JCRimh79dR5Ywc9MDQ== dependencies: is-arrayish "^0.2.1" @@ -5542,16 +5560,16 @@ es-to-primitive@^1.3.0: is-date-object "^1.0.5" is-symbol "^1.0.4" -escalade@^3.1.1, escalade@^3.1.2: - version "3.1.2" - resolved "https://registry.yarnpkg.com/escalade/-/escalade-3.1.2.tgz#54076e9ab29ea5bf3d8f1ed62acffbb88272df27" - integrity sha512-ErCHMCae19vR8vQGe50xIsVomy19rg6gFu3+r3jkEO46suLMWBksvVyoGgQV+jOfl84ZSOSlmv6Gxa89PmTGmA== - -escalade@^3.2.0: +escalade@^3.1.1, escalade@^3.2.0: version "3.2.0" resolved "https://registry.yarnpkg.com/escalade/-/escalade-3.2.0.tgz#011a3f69856ba189dffa7dc8fcce99d2a87903e5" integrity sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA== +escalade@^3.1.2: + version "3.1.2" + resolved "https://registry.yarnpkg.com/escalade/-/escalade-3.1.2.tgz#54076e9ab29ea5bf3d8f1ed62acffbb88272df27" + integrity sha512-ErCHMCae19vR8vQGe50xIsVomy19rg6gFu3+r3jkEO46suLMWBksvVyoGgQV+jOfl84ZSOSlmv6Gxa89PmTGmA== + escape-html@^1.0.3, escape-html@~1.0.3: version "1.0.3" resolved "https://registry.yarnpkg.com/escape-html/-/escape-html-1.0.3.tgz#0258eae4d3d0c0974de1c169188ef0051d1d1988" @@ -5559,7 +5577,7 @@ escape-html@^1.0.3, escape-html@~1.0.3: escape-string-regexp@^1.0.5: version "1.0.5" - resolved "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz" + resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz#1b61c0562190a8dff6ae3bb2cf0200ca130b86d4" integrity sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg== escape-string-regexp@^2.0.0: @@ -5825,7 +5843,7 @@ execa@^5.0.0, execa@^5.1.1: signal-exit "^3.0.3" strip-final-newline "^2.0.0" -execa@^8.0.1, execa@~8.0.1: +execa@~8.0.1: version "8.0.1" resolved "https://registry.npmjs.org/execa/-/execa-8.0.1.tgz" integrity sha512-VyhnebXciFV2DESc+p6B+y0LjSm0krU4OgJN44qFAhBY0TJ+1V61tYD2+wHusZ6F9n5K+vl8k0sTy7PEfV4qpg== @@ -5895,7 +5913,7 @@ express@^4.17.3: fast-deep-equal@^3.1.1, fast-deep-equal@^3.1.3: version "3.1.3" - resolved "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz" + resolved "https://registry.yarnpkg.com/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz#3a7d56b559d6cbc3eb512325244e619a65c6c525" integrity sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q== fast-diff@^1.1.2: @@ -6485,7 +6503,7 @@ has-bigints@^1.0.2: has-flag@^3.0.0: version "3.0.0" - resolved "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz" + resolved "https://registry.yarnpkg.com/has-flag/-/has-flag-3.0.0.tgz#b5d454dc2199ae225699f3467e5a07f3b955bafd" integrity sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw== has-flag@^4.0.0: @@ -6750,7 +6768,7 @@ immutable@^4.0.0: resolved "https://registry.yarnpkg.com/immutable/-/immutable-4.3.6.tgz#6a05f7858213238e587fb83586ffa3b4b27f0447" integrity sha512-Ju0+lEMyzMVZarkTn/gqRpdqd5dOPaz1mCZ0SH3JV6iFw81PldE/PEB1hWVEA288HPt4WXW8O7AWxB10M+03QQ== -import-fresh@^3.2.1, import-fresh@^3.3.0: +import-fresh@^3.2.1: version "3.3.0" resolved "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.0.tgz" integrity sha512-veYYhQa+D1QBKznvhUHxb8faxlrwUnxseDAbAp457E0wLNio2bOSKnjYDhMj+YiAq61xrMGhQk9iXVk5FzgQMw== @@ -6758,6 +6776,14 @@ import-fresh@^3.2.1, import-fresh@^3.3.0: parent-module "^1.0.0" resolve-from "^4.0.0" +import-fresh@^3.3.0: + version "3.3.1" + resolved "https://registry.yarnpkg.com/import-fresh/-/import-fresh-3.3.1.tgz#9cecb56503c0ada1f2741dbbd6546e4b13b57ccf" + integrity sha512-TR3KfrTZTYLPB6jUjfx6MF9WcWrHL9su5TObK4ZkYgBdWKPOFoSoQIdEuTuR82pmtxH2spWG9h6etwfr1pLBqQ== + dependencies: + parent-module "^1.0.0" + resolve-from "^4.0.0" + import-local@^3.0.2: version "3.1.0" resolved "https://registry.yarnpkg.com/import-local/-/import-local-3.1.0.tgz#b4479df8a5fd44f6cdce24070675676063c95cb4" @@ -6767,9 +6793,9 @@ import-local@^3.0.2: resolve-cwd "^3.0.0" import-meta-resolve@^4.0.0: - version "4.1.0" - resolved "https://registry.yarnpkg.com/import-meta-resolve/-/import-meta-resolve-4.1.0.tgz#f9db8bead9fafa61adb811db77a2bf22c5399706" - integrity sha512-I6fiaX09Xivtk+THaMfAwnA3MVA5Big1WHF1Dfx9hFuvNIWpXnorlkzhcQf6ehrqQiiZECRt1poOAkPmer3ruw== + version "4.2.0" + resolved "https://registry.yarnpkg.com/import-meta-resolve/-/import-meta-resolve-4.2.0.tgz#08cb85b5bd37ecc8eb1e0f670dc2767002d43734" + integrity sha512-Iqv2fzaTQN28s/FwZAoFq0ZSs/7hMAHJVX+w8PZl3cY19Pxk6jFFalxQoIfW2826i/fDLXv8IiEZRIT0lDuWcg== imurmurhash@^0.1.4: version "0.1.4" @@ -6849,7 +6875,7 @@ is-array-buffer@^3.0.4, is-array-buffer@^3.0.5: is-arrayish@^0.2.1: version "0.2.1" - resolved "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz" + resolved "https://registry.yarnpkg.com/is-arrayish/-/is-arrayish-0.2.1.tgz#77c99840527aa8ecb1a8ba697b80645a7a926a9d" integrity sha512-zz06S8t0ozoDXMG+ube26zeCTNXcKIPJZJi8hBrF4idCLms4CG9QtK7qBl1boi5ODzFpjswb5JPmHCbMpjaYzg== is-arrayish@^0.3.1: @@ -6957,7 +6983,7 @@ is-finalizationregistry@^1.1.0: is-fullwidth-code-point@^3.0.0: version "3.0.0" - resolved "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz" + resolved "https://registry.yarnpkg.com/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz#f116f8064fe90b3f7844a38997c0b75051269f1d" integrity sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg== is-fullwidth-code-point@^4.0.0: @@ -7656,10 +7682,10 @@ jest@^29.7.0: import-local "^3.0.2" jest-cli "^29.7.0" -jiti@^1.19.1: - version "1.21.6" - resolved "https://registry.yarnpkg.com/jiti/-/jiti-1.21.6.tgz#6c7f7398dd4b3142767f9a168af2f317a428d268" - integrity sha512-2yTgeWTWzMWkHu6Jp9NKgePDaYHbntiwvYuuJLbbN9vl7DC9DvXKOB2BC3ZZ92D3cvV/aflH0osDfwpHepQ53w== +jiti@^2.6.1: + version "2.6.1" + resolved "https://registry.yarnpkg.com/jiti/-/jiti-2.6.1.tgz#178ef2fc9a1a594248c20627cd820187a4d78d92" + integrity sha512-ekilCSN1jwRvIbgeg/57YFh8qQDNbwDb9xT/qu2DAHbFFZUicIl4ygVaAvzveMhMVr3LnpSKTNnwt8PoOfmKhQ== js-base64@^3.7.7: version "3.7.7" @@ -7680,9 +7706,9 @@ js-yaml@^3.13.1: esprima "^4.0.0" js-yaml@^4.1.0: - version "4.1.0" - resolved "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz" - integrity sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA== + version "4.1.1" + resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-4.1.1.tgz#854c292467705b699476e1a2decc0c8a3458806b" + integrity sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA== dependencies: argparse "^2.0.1" @@ -7740,7 +7766,7 @@ json-buffer@3.0.1: json-parse-even-better-errors@^2.3.0, json-parse-even-better-errors@^2.3.1: version "2.3.1" - resolved "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz" + resolved "https://registry.yarnpkg.com/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz#7c47805a94319928e05777405dc12e1f7a4ee02d" integrity sha512-xyFwyhro/JEof6Ghe2iz2NcXoj2sloNsWr/XsERDK/oiPCfaNhl5ONfp+jQdAZRQQ0IJWNzH9zIZF7li91kh2w== json-schema-traverse@^0.4.1: @@ -7750,7 +7776,7 @@ json-schema-traverse@^0.4.1: json-schema-traverse@^1.0.0: version "1.0.0" - resolved "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz" + resolved "https://registry.yarnpkg.com/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz#ae7bcb3656ab77a73ba5c49bf654f38e6b6860e2" integrity sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug== json-stable-stringify-without-jsonify@^1.0.1: @@ -7869,7 +7895,7 @@ linear-layout-vector@0.0.1: lines-and-columns@^1.1.6: version "1.2.4" - resolved "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz" + resolved "https://registry.yarnpkg.com/lines-and-columns/-/lines-and-columns-1.2.4.tgz#eca284f75d2965079309dc0ad9255abb2ebc1632" integrity sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg== lint-staged@^15.2.7: @@ -7962,7 +7988,7 @@ lodash.kebabcase@^4.1.1: lodash.merge@^4.6.2: version "4.6.2" - resolved "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz" + resolved "https://registry.yarnpkg.com/lodash.merge/-/lodash.merge-4.6.2.tgz#558aa53b43b661e1925a0afdfa36a9a1085fe57a" integrity sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ== lodash.mergewith@^4.6.2: @@ -8622,14 +8648,14 @@ param-case@^3.0.4: parent-module@^1.0.0: version "1.0.1" - resolved "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz" + resolved "https://registry.yarnpkg.com/parent-module/-/parent-module-1.0.1.tgz#691d2709e78c79fae3a156622452d00762caaaa2" integrity sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g== dependencies: callsites "^3.0.0" parse-json@^5.2.0: version "5.2.0" - resolved "https://registry.npmjs.org/parse-json/-/parse-json-5.2.0.tgz" + resolved "https://registry.yarnpkg.com/parse-json/-/parse-json-5.2.0.tgz#c76fc66dee54231c962b22bcc8a72cf2f99753cd" integrity sha512-ayCKvm/phCGxOkYRSCM82iDwct8/EonSEgCSxWxD7ve6jHggsFl4fZVQBPRNgQoKiuV/odhFrGzQXZwbifC8Rg== dependencies: "@babel/code-frame" "^7.0.0" @@ -8724,7 +8750,12 @@ path-type@^4.0.0: resolved "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz" integrity sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw== -picocolors@^1.0.0, picocolors@^1.0.1: +picocolors@^1.0.0, picocolors@^1.1.1: + version "1.1.1" + resolved "https://registry.yarnpkg.com/picocolors/-/picocolors-1.1.1.tgz#3d321af3eab939b083c8f929a1d12cda81c26b6b" + integrity sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA== + +picocolors@^1.0.1: version "1.0.1" resolved "https://registry.npmjs.org/picocolors/-/picocolors-1.0.1.tgz" integrity sha512-anP1Z8qwhkbmu7MFP5iTt+wQKXgwzf7zTyGlcdzabySa9vd0Xt392U0rVmz9poOaBj0uHJKyyo9/upk0HrEQew== @@ -8734,11 +8765,6 @@ picocolors@^1.1.0: resolved "https://registry.yarnpkg.com/picocolors/-/picocolors-1.1.0.tgz#5358b76a78cde483ba5cef6a9dc9671440b27d59" integrity sha512-TQ92mBOW0l3LeMeyLV6mzy/kWr8lkd/hp3mTg7wYK7zJhuBStmGMBG0BdeDZS/dZx1IukaX6Bk11zcln25o1Aw== -picocolors@^1.1.1: - version "1.1.1" - resolved "https://registry.yarnpkg.com/picocolors/-/picocolors-1.1.1.tgz#3d321af3eab939b083c8f929a1d12cda81c26b6b" - integrity sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA== - picomatch@^2.0.4, picomatch@^2.2.1, picomatch@^2.2.3, picomatch@^2.3.1: version "2.3.1" resolved "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz" @@ -8970,7 +8996,7 @@ psl@^1.1.33: punycode@^2.1.0, punycode@^2.1.1: version "2.3.1" - resolved "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz" + resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.3.1.tgz#027422e2faec0b25e1549c3e1bd8309b9133b6e5" integrity sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg== pure-rand@^6.0.0: @@ -9287,7 +9313,7 @@ require-directory@^2.1.1: require-from-string@^2.0.2: version "2.0.2" - resolved "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz" + resolved "https://registry.yarnpkg.com/require-from-string/-/require-from-string-2.0.2.tgz#89a7fdd938261267318eafe14f9c32e598c36909" integrity sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw== requires-port@^1.0.0: @@ -9309,12 +9335,12 @@ resolve-cwd@^3.0.0: resolve-from@^4.0.0: version "4.0.0" - resolved "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz" + resolved "https://registry.yarnpkg.com/resolve-from/-/resolve-from-4.0.0.tgz#4abcd852ad32dd7baabfe9b40e00a36db5f392e6" integrity sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g== resolve-from@^5.0.0: version "5.0.0" - resolved "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz" + resolved "https://registry.yarnpkg.com/resolve-from/-/resolve-from-5.0.0.tgz#c35225843df8f776df21c57557bc087e9dfdfc69" integrity sha512-qYg9KP24dD5qka9J47d0aVky0N+b4fTU89LN9iDnjB5waksiC49rvMB0PrUJQGoTmH50XPiqOvAjDfaijGxYZw== resolve-pkg-maps@^1.0.0: @@ -9553,9 +9579,9 @@ semver@^7.3.5, semver@^7.5.3, semver@^7.5.4: integrity sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A== semver@^7.6.0: - version "7.6.2" - resolved "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz" - integrity sha512-FNAIBWCx9qcRhoHcgcJ0gvU7SN1lYU2ZXuSfl04bSC5OpvDHFyJCjdNHomPXxjQlCBU67YW64PzY7/VIEH7F2w== + version "7.7.4" + resolved "https://registry.yarnpkg.com/semver/-/semver-7.7.4.tgz#28464e36060e991fa7a11d0279d2d3f3b57a7e8a" + integrity sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA== semver@^7.6.3: version "7.7.1" @@ -9952,7 +9978,7 @@ string-length@^4.0.1: string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.3: version "4.2.3" - resolved "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz" + resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010" integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g== dependencies: emoji-regex "^8.0.0" @@ -10059,7 +10085,7 @@ string_decoder@~1.1.1: strip-ansi@^6.0.0, strip-ansi@^6.0.1: version "6.0.1" - resolved "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz" + resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9" integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A== dependencies: ansi-regex "^5.0.1" @@ -10192,7 +10218,7 @@ stylelint@^16.6.1: supports-color@^5.3.0: version "5.5.0" - resolved "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz" + resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-5.5.0.tgz#e2e69a44ac8772f78a1ec0b35b689df6530efc8f" integrity sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow== dependencies: has-flag "^3.0.0" @@ -10361,6 +10387,11 @@ tiny-warning@^1.0.2: resolved "https://registry.yarnpkg.com/tiny-warning/-/tiny-warning-1.0.3.tgz#94a30db453df4c643d0fd566060d60a875d84754" integrity sha512-lBN9zLN/oAf68o3zNXYrdCt1kP8WsiGW8Oo2ka41b2IM5JL/S1CTyX1rW0mb/zSuJun0ZUrDxx4sqvYS2FWzPA== +tinyexec@^1.0.0: + version "1.0.4" + resolved "https://registry.yarnpkg.com/tinyexec/-/tinyexec-1.0.4.tgz#6c60864fe1d01331b2f17c6890f535d7e5385408" + integrity sha512-u9r3uZC0bdpGOXtlxUIdwf9pkmvhqJdrVCH9fapQtgy/OeTTMZ1nqH7agtvEfmGui6e1XxjcdrlxvxJvc3sMqw== + tinyglobby@^0.2.12: version "0.2.12" resolved "https://registry.yarnpkg.com/tinyglobby/-/tinyglobby-0.2.12.tgz#ac941a42e0c5773bd0b5d08f32de82e74a1a61b5" @@ -10548,10 +10579,10 @@ unbox-primitive@^1.1.0: has-symbols "^1.1.0" which-boxed-primitive "^1.1.1" -undici-types@~5.26.4: - version "5.26.5" - resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-5.26.5.tgz#bcd539893d00b56e964fd2657a4866b221a65617" - integrity sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA== +undici-types@~7.18.0: + version "7.18.2" + resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-7.18.2.tgz#29357a89e7b7ca4aef3bf0fd3fd0cd73884229e9" + integrity sha512-AsuCzffGHJybSaRrmr5eHr81mwJU3kjw6M+uprWvCXiNeN9SOGwQ3Jn8jb8m3Z6izVgknn1R0FTCEAP2QrLY/w== unicode-canonical-property-names-ecmascript@^2.0.0: version "2.0.1" @@ -11356,9 +11387,9 @@ yocto-queue@^0.1.0: integrity sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q== yocto-queue@^1.0.0: - version "1.1.1" - resolved "https://registry.yarnpkg.com/yocto-queue/-/yocto-queue-1.1.1.tgz#fef65ce3ac9f8a32ceac5a634f74e17e5b232110" - integrity sha512-b4JR1PFR10y1mKjhHY9LaGo6tmrgjit7hxVIeAmyMw3jegXR4dhYqLaQF5zMXZxY7tLpMyJeLjr1C4rLmkVe8g== + version "1.2.2" + resolved "https://registry.yarnpkg.com/yocto-queue/-/yocto-queue-1.2.2.tgz#3e09c95d3f1aa89a58c114c99223edf639152c00" + integrity sha512-4LCcse/U2MHZ63HAJVE+v71o7yOdIe4cZ70Wpf8D/IyjDKYQLV5GD46B+hSTjJsvV5PztjvHoU580EftxjDZFQ== yocto-queue@^1.1.1: version "1.2.1"