diff --git a/.golangci.yaml b/.golangci.yaml index b69f16d8a..3a6321d9c 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -73,4 +73,4 @@ formatters: - builtin$ - examples$ run: - timeout: 5m + timeout: 10m diff --git a/.tekton/single-arch-build-pipeline.yaml b/.tekton/single-arch-build-pipeline.yaml index b9e86703b..857903ee0 100644 --- a/.tekton/single-arch-build-pipeline.yaml +++ b/.tekton/single-arch-build-pipeline.yaml @@ -73,10 +73,6 @@ spec: default: 'true' description: Use the package registry proxy when prefetching dependencies type: string - - name: sast-target-dirs - type: string - default: . - description: Target directories to scan with SAST tools. Multiple values should be separated with commas. results: - name: IMAGE_URL value: $(tasks.build-image-index.results.IMAGE_URL) @@ -185,6 +181,33 @@ spec: workspace: git-auth - name: netrc workspace: netrc + - name: run-script + params: + - name: ociStorage + value: $(params.output-image).script + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) + - name: SCRIPT_RUNNER_IMAGE + value: registry.access.redhat.com/ubi9/go-toolset:1.25 + - name: SCRIPT + value: | + export COMMIT_SHA="$(tasks.clone-repository.results.commit)" + exec ./hack/bump-version.sh + - name: HERMETIC + value: "true" + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + runAfter: + - prefetch-dependencies + taskRef: + params: + - name: name + value: run-script-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-run-script-oci-ta:0.1@sha256:0e13a74cc02c945e7119ecd4cc0c9148e7591b50f87e415b212154caad0479c0 + - name: kind + value: task + resolver: bundles - name: build-container params: - name: IMAGE @@ -217,11 +240,14 @@ spec: - name: NO_PROXY value: $(tasks.init.results.no-proxy) - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + value: $(tasks.run-script.results.SCRIPT_ARTIFACT) - name: CACHI2_ARTIFACT value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + - name: ADDITIONAL_BASE_IMAGES + value: + - $(tasks.run-script.results.SCRIPT_RUNNER_IMAGE_REFERENCE) runAfter: - - prefetch-dependencies + - run-script taskRef: params: - name: name @@ -261,7 +287,7 @@ spec: - name: BINARY_IMAGE_DIGEST value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + value: $(tasks.run-script.results.SCRIPT_ARTIFACT) - name: CACHI2_ARTIFACT value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: @@ -352,11 +378,9 @@ spec: - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + value: $(tasks.run-script.results.SCRIPT_ARTIFACT) - name: CACHI2_ARTIFACT value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - - name: TARGET_DIRS - value: $(params.sast-target-dirs) runAfter: - build-image-index taskRef: @@ -422,11 +446,9 @@ spec: - name: BUILD_ARGS_FILE value: $(params.build-args-file) - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + value: $(tasks.run-script.results.SCRIPT_ARTIFACT) - name: CACHI2_ARTIFACT value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - - name: TARGET_DIRS - value: $(params.sast-target-dirs) runAfter: - coverity-availability-check taskRef: @@ -472,11 +494,9 @@ spec: - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + value: $(tasks.run-script.results.SCRIPT_ARTIFACT) - name: CACHI2_ARTIFACT value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - - name: TARGET_DIRS - value: $(params.sast-target-dirs) runAfter: - build-image-index taskRef: @@ -501,11 +521,9 @@ spec: - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + value: $(tasks.run-script.results.SCRIPT_ARTIFACT) - name: CACHI2_ARTIFACT value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - - name: TARGET_DIRS - value: $(params.sast-target-dirs) runAfter: - build-image-index taskRef: @@ -551,7 +569,7 @@ spec: - name: CONTEXT value: $(params.path-context) - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + value: $(tasks.run-script.results.SCRIPT_ARTIFACT) runAfter: - build-image-index taskRef: diff --git a/hack/bump-version.sh b/hack/bump-version.sh index b1a6f3c94..669c2d779 100755 --- a/hack/bump-version.sh +++ b/hack/bump-version.sh @@ -2,50 +2,109 @@ set -e -# Accept version as first argument, fall back to VERSION env var, or show usage +# Generate or accept version +# Priority: 1) command line arg, 2) OPERATOR_VERSION env var, 3) generate from Makefile + commit if [ -n "$1" ]; then VERSION="$1" -elif [ -z "$VERSION" ]; then - echo "Usage: $0 " - echo " or set VERSION environment variable" - echo "Example: $0 1.2.1" - exit 1 + echo "Using version from argument: $VERSION" +elif [ -n "$OPERATOR_VERSION" ]; then + VERSION="$OPERATOR_VERSION" + echo "Using version from OPERATOR_VERSION environment: $VERSION" +else + # Generate version from Makefile + commit SHA + echo "Generating version dynamically..." + + # Read base version from Makefile + if [ -f Makefile ]; then + BASE_VERSION=$(grep -E "^VERSION \?=" Makefile | awk '{print $3}') + else + echo "❌ ERROR: Makefile not found and VERSION not provided" + echo "Usage: $0 " + echo " or set OPERATOR_VERSION environment variable" + exit 1 + fi + + if [ -z "$BASE_VERSION" ]; then + echo "❌ ERROR: Could not read VERSION from Makefile" + exit 1 + fi + + # Get commit SHA from environment variable (set by pipeline) or git + COMMIT_SHA_VALUE="${COMMIT_SHA:-}" + if [ -z "$COMMIT_SHA_VALUE" ] && command -v git &> /dev/null && [ -d .git ]; then + COMMIT_SHA_VALUE=$(git rev-parse HEAD 2>/dev/null || echo "") + fi + + # If we have a commit SHA, append it to the version + if [ -n "$COMMIT_SHA_VALUE" ]; then + COMMIT_SHORT="${COMMIT_SHA_VALUE:0:7}" + VERSION="${BASE_VERSION}-${COMMIT_SHORT}" + echo "Generated version: $VERSION (from Makefile: $BASE_VERSION + commit: $COMMIT_SHORT)" + else + VERSION="$BASE_VERSION" + echo "Using base version from Makefile: $VERSION (no commit SHA available)" + fi fi echo "Bumping version to: $VERSION" -# Extract major.minor version for CPE label (e.g., 1.3.4 -> 1.3) +# Extract major.minor version for CPE label (e.g., 1.3.4 -> 1.3, 1.3.0-abc1234 -> 1.3) MAJOR_MINOR=$(echo "$VERSION" | sed -E 's/^([0-9]+\.[0-9]+).*/\1/') echo "CPE version (major.minor): $MAJOR_MINOR" -yq -i ".spec.version=\"${VERSION}\"" config/manifests/bases/multiarch-tuning-operator.clusterserviceversion.yaml -yq -i ".metadata.name=\"multiarch-tuning-operator.v${VERSION}\"" config/manifests/bases/multiarch-tuning-operator.clusterserviceversion.yaml -yq -i ".spec.startingCSV=\"multiarch-tuning-operator.v${VERSION}\"" deploy/base/operators.coreos.com/subscriptions/openshift-multiarch-tuning-operator/subscription.yaml -yq eval-all -i "(select(.schema==\"olm.channel\").entries[0].name)=\"multiarch-tuning-operator.v${VERSION}\"" index.base.yaml - - -if [[ "$(uname)" == "Darwin" ]]; then - # macOS BSD sed - sed -i '' "s/^LABEL release=.*/LABEL release=\"${VERSION}\"/" Dockerfile - sed -i '' "s/^LABEL version=.*/LABEL version=\"${VERSION}\"/" Dockerfile - sed -i '' "s/^LABEL cpe=.*/LABEL cpe=\"cpe:\/a:redhat:multiarch_tuning_operator:${MAJOR_MINOR}::el9\"/" Dockerfile - sed -i '' "s/^LABEL release=.*/LABEL release=\"${VERSION}\"/" konflux.Dockerfile - sed -i '' "s/^LABEL version=.*/LABEL version=\"${VERSION}\"/" konflux.Dockerfile - sed -i '' "s/^LABEL cpe=.*/LABEL cpe=\"cpe:\/a:redhat:multiarch_tuning_operator:${MAJOR_MINOR}::el9\"/" konflux.Dockerfile - sed -i '' "s/^LABEL cpe=.*/LABEL cpe=\"cpe:\/a:redhat:multiarch_tuning_operator:${MAJOR_MINOR}::el9\"/" bundle.Dockerfile - sed -i '' "s/^LABEL cpe=.*/LABEL cpe=\"cpe:\/a:redhat:multiarch_tuning_operator:${MAJOR_MINOR}::el9\"/" bundle.konflux.Dockerfile - sed -i '' "s/^VERSION ?= .*/VERSION ?= ${VERSION}/" Makefile +# Escape version for use in sed (handles dots and dashes) +VERSION_ESCAPED=$(echo "$VERSION" | sed 's/[.]/\\./g') + +echo "Updating version references..." + +# Update config/manifests/bases/multiarch-tuning-operator.clusterserviceversion.yaml +sed -i "s/^ version: .*/ version: ${VERSION}/" config/manifests/bases/multiarch-tuning-operator.clusterserviceversion.yaml +sed -i "s/^ name: multiarch-tuning-operator\.v.*/ name: multiarch-tuning-operator.v${VERSION}/" config/manifests/bases/multiarch-tuning-operator.clusterserviceversion.yaml + +# Update deploy/base/operators.coreos.com/subscriptions/openshift-multiarch-tuning-operator/subscription.yaml +sed -i "s/^ startingCSV: multiarch-tuning-operator\.v.*/ startingCSV: multiarch-tuning-operator.v${VERSION}/" deploy/base/operators.coreos.com/subscriptions/openshift-multiarch-tuning-operator/subscription.yaml + +# Update index.base.yaml (channel entry name) +sed -i "s/^ name: multiarch-tuning-operator\.v.*/ name: multiarch-tuning-operator.v${VERSION}/" index.base.yaml + +# Update Dockerfiles +sed -i "s/^LABEL release=.*/LABEL release=\"${VERSION}\"/" Dockerfile +sed -i "s/^LABEL version=.*/LABEL version=\"${VERSION}\"/" Dockerfile +sed -i "s/^LABEL cpe=.*/LABEL cpe=\"cpe:\/a:redhat:multiarch_tuning_operator:${MAJOR_MINOR}::el9\"/" Dockerfile + +sed -i "s/^LABEL release=.*/LABEL release=\"${VERSION}\"/" konflux.Dockerfile +sed -i "s/^LABEL version=.*/LABEL version=\"${VERSION}\"/" konflux.Dockerfile +sed -i "s/^LABEL cpe=.*/LABEL cpe=\"cpe:\/a:redhat:multiarch_tuning_operator:${MAJOR_MINOR}::el9\"/" konflux.Dockerfile + +sed -i "s/^LABEL release=.*/LABEL release=\"${VERSION}\"/" bundle.Dockerfile +sed -i "s/^LABEL version=.*/LABEL version=\"${VERSION}\"/" bundle.Dockerfile +sed -i "s/^LABEL cpe=.*/LABEL cpe=\"cpe:\/a:redhat:multiarch_tuning_operator:${MAJOR_MINOR}::el9\"/" bundle.Dockerfile + +sed -i "s/^LABEL release=.*/LABEL release=\"${VERSION}\"/" bundle.konflux.Dockerfile +sed -i "s/^LABEL version=.*/LABEL version=\"${VERSION}\"/" bundle.konflux.Dockerfile +sed -i "s/^LABEL cpe=.*/LABEL cpe=\"cpe:\/a:redhat:multiarch_tuning_operator:${MAJOR_MINOR}::el9\"/" bundle.konflux.Dockerfile + +# Update Makefile +sed -i "s/^VERSION ?= .*/VERSION ?= ${VERSION}/" Makefile + +# Update bundle files directly (instead of running make bundle) +echo "Updating bundle files..." + +# Update bundle/manifests/multiarch-tuning-operator.clusterserviceversion.yaml +if [ -f bundle/manifests/multiarch-tuning-operator.clusterserviceversion.yaml ]; then + sed -i "s/^ version: .*/ version: ${VERSION}/" bundle/manifests/multiarch-tuning-operator.clusterserviceversion.yaml + sed -i "s/^ name: multiarch-tuning-operator\.v.*/ name: multiarch-tuning-operator.v${VERSION}/" bundle/manifests/multiarch-tuning-operator.clusterserviceversion.yaml else - # Linux GNU sed - sed -i "s/^LABEL release=.*/LABEL release=\"${VERSION}\"/" Dockerfile - sed -i "s/^LABEL version=.*/LABEL version=\"${VERSION}\"/" Dockerfile - sed -i "s/^LABEL cpe=.*/LABEL cpe=\"cpe:\/a:redhat:multiarch_tuning_operator:${MAJOR_MINOR}::el9\"/" Dockerfile - sed -i "s/^LABEL release=.*/LABEL release=\"${VERSION}\"/" konflux.Dockerfile - sed -i "s/^LABEL version=.*/LABEL version=\"${VERSION}\"/" konflux.Dockerfile - sed -i "s/^LABEL cpe=.*/LABEL cpe=\"cpe:\/a:redhat:multiarch_tuning_operator:${MAJOR_MINOR}::el9\"/" konflux.Dockerfile - sed -i "s/^LABEL cpe=.*/LABEL cpe=\"cpe:\/a:redhat:multiarch_tuning_operator:${MAJOR_MINOR}::el9\"/" bundle.Dockerfile - sed -i "s/^LABEL cpe=.*/LABEL cpe=\"cpe:\/a:redhat:multiarch_tuning_operator:${MAJOR_MINOR}::el9\"/" bundle.konflux.Dockerfile - sed -i "s/^VERSION ?= .*/VERSION ?= ${VERSION}/" Makefile + echo "⚠️ Warning: bundle/manifests/multiarch-tuning-operator.clusterserviceversion.yaml not found, skipping" fi -echo "make bundle" -make bundle \ No newline at end of file + +# Update bundle/metadata/annotations.yaml +if [ -f bundle/metadata/annotations.yaml ]; then + # The annotations.yaml has version in several places, update all + sed -i "s/operators\.operatorframework\.io\.bundle\.channels\.v1: .*/operators.operatorframework.io.bundle.channels.v1: stable/" bundle/metadata/annotations.yaml +else + echo "⚠️ Warning: bundle/metadata/annotations.yaml not found, skipping" +fi + +echo "✅ Version bumped to: $VERSION" +echo "✅ All version references updated" \ No newline at end of file