feat(RELEASE-400): adds check-data-keys task in release pipelines (#720)

This commit adds the check-data-keys task into the release pipelines to ensure validation of required data keys.. Signed-off-by: Sean Conroy <[email protected]>
konflux-ci · Dec 19, 2024 · 4feb12e · 4feb12e
1 parent e63b1f2
commit 4feb12e
Show file tree

Hide file tree

Showing 25 changed files with 536 additions and 29 deletions.
diff --git a/pipelines/managed/fbc-release/README.md b/pipelines/managed/fbc-release/README.md
@@ -19,6 +19,8 @@ Tekton release pipeline to interact with FBC Pipeline
 | taskGitUrl                      | The url to the git repo where the release-service-catalog tasks to be used are stored                    | Yes       | https://github.com/konflux-ci/release-service-catalog.git |
 | taskGitRevision                 | The revision in the taskGitUrl repo to be used                                                           | No        | -                                                               |
 
+## Changes in 4.1.0
+* Add the `check-data-keys` task to validate the `data.json` file using the JSON schema.
 
 ## Changes in 4.0.4
 * The `sign-index-image` task now receives new mandatory parameter `releasePlanAdmissionPath`

diff --git a/pipelines/managed/fbc-release/fbc-release.yaml b/pipelines/managed/fbc-release/fbc-release.yaml
@@ -4,7 +4,7 @@ kind: Pipeline
 metadata:
   name: fbc-release
   labels:
-    app.kubernetes.io/version: "4.0.4"
+    app.kubernetes.io/version: "4.1.0"
   annotations:
     tekton.dev/pipelines.minVersion: "0.12.1"
     tekton.dev/tags: release
@@ -122,6 +122,30 @@ spec:
           workspace: release-workspace
       runAfter:
         - verify-access-to-resources
+    - name: check-data-keys
+      params:
+        - name: dataPath
+          value: "$(tasks.collect-data.results.data)"
+        - name: schema
+          value: $(params.taskGitUrl)/raw/$(params.taskGitRevision)/schema/dataKeys.json
+        - name: systems
+          value: 
+            - fbc
+            - sign
+      taskRef:
+        params:
+          - name: url
+            value: $(params.taskGitUrl)
+          - name: revision
+            value: $(params.taskGitRevision)
+          - name: pathInRepo
+            value: tasks/check-data-keys/check-data-keys.yaml
+        resolver: git
+      workspaces:
+        - name: data
+          workspace: release-workspace
+      runAfter:
+        - collect-data
     - name: validate-single-component
       taskRef:
         resolver: "git"

diff --git a/pipelines/managed/push-binaries-to-dev-portal/README.md b/pipelines/managed/push-binaries-to-dev-portal/README.md
@@ -19,6 +19,9 @@ Tekton pipeline to sign and release Red Hat binaries to the Red Hat Developer Po
 | taskGitUrl                      | The url to the git repo where the release-service-catalog tasks to be used are stored                  | Yes      | https://github.com/konflux-ci/release-service-catalog.git |
 | taskGitRevision                 | The revision in the taskGitUrl repo to be used                                                         | No       | -             |
 
+## Changes in 1.5.0
+* Add the `check-data-keys` task to validate the `data.json` file using the JSON schema.
+
 ## Changes in 1.4.0
 * Use results from `sign-binaries` task for `push-to-cdn` and `publish-to-cgw` instead of `extract-binaries-from-image`
 

diff --git a/pipelines/managed/push-binaries-to-dev-portal/push-binaries-to-dev-portal.yaml b/pipelines/managed/push-binaries-to-dev-portal/push-binaries-to-dev-portal.yaml
@@ -4,7 +4,7 @@ kind: Pipeline
 metadata:
   name: push-binaries-to-dev-portal
   labels:
-    app.kubernetes.io/version: "1.4.0"
+    app.kubernetes.io/version: "1.5.0"
   annotations:
     tekton.dev/pipelines.minVersion: "0.12.1"
     tekton.dev/tags: release
@@ -109,6 +109,30 @@ spec:
           workspace: release-workspace
       runAfter:
         - verify-access-to-resources
+    - name: check-data-keys
+      params:
+        - name: dataPath
+          value: "$(tasks.collect-data.results.data)"
+        - name: schema
+          value: $(params.taskGitUrl)/raw/$(params.taskGitRevision)/schema/dataKeys.json
+        - name: systems
+          value: 
+            - cdn
+            - contentGateway
+      taskRef:
+        params:
+          - name: url
+            value: $(params.taskGitUrl)
+          - name: revision
+            value: $(params.taskGitRevision)
+          - name: pathInRepo
+            value: tasks/check-data-keys/check-data-keys.yaml
+        resolver: git
+      workspaces:
+        - name: data
+          workspace: release-workspace
+      runAfter:
+        - collect-data
     - name: reduce-snapshot
       taskRef:
         resolver: "git"

diff --git a/pipelines/managed/push-disk-images-to-cdn/README.md b/pipelines/managed/push-disk-images-to-cdn/README.md
@@ -20,6 +20,9 @@ Tekton Pipeline to push disk images to a cdn using pulp
 | taskGitUrl                      | The url to the git repo where the release-service-catalog tasks to be used are stored                  | Yes | https://github.com/konflux-ci/release-service-catalog.git |
 | taskGitRevision                 | The revision in the taskGitUrl repo to be used                                                         | No       | -               |
 
+## Changes in 1.3.0
+* Add new parameter `schema` to the `check-data-keys` task.
+
 ## Changes in 1.2.0
 * The `push-disk-images` task now gets the `resultsDir` parameter from `collect-data` results
 * Add the task `update-cr-status` at the end of the pipeline to save all pipeline results

diff --git a/pipelines/managed/push-disk-images-to-cdn/push-disk-images-to-cdn.yaml b/pipelines/managed/push-disk-images-to-cdn/push-disk-images-to-cdn.yaml
@@ -4,7 +4,7 @@ kind: Pipeline
 metadata:
   name: push-disk-images-to-cdn
   labels:
-    app.kubernetes.io/version: "1.2.0"
+    app.kubernetes.io/version: "1.3.0"
   annotations:
     tekton.dev/pipelines.minVersion: "0.12.1"
     tekton.dev/tags: release
@@ -191,6 +191,8 @@ spec:
       params:
         - name: dataPath
           value: "$(tasks.collect-data.results.data)"
+        - name: schema
+          value:  $(params.taskGitUrl)/raw/$(params.taskGitRevision)/schema/dataKeys.json
         - name: systems
           value:
             - cdn
@@ -207,7 +209,7 @@ spec:
         - name: data
           workspace: release-workspace
       runAfter:
-        - verify-enterprise-contract
+        - collect-data
     - name: push-disk-images
       timeout: "2h00m0s"
       when:

diff --git a/pipelines/managed/push-to-addons-registry/README.md b/pipelines/managed/push-to-addons-registry/README.md
@@ -19,5 +19,8 @@ Tekton pipeline to release a single FBC component to the Addons Registry.
 | taskGitUrl                      | The url to the git repo where the release-service-catalog tasks to be used are stored                                              | Yes      | https://github.com/konflux-ci/release-service-catalog.git |
 | taskGitRevision                 | The revision in the taskGitUrl repo to be used                                                                                     | No       | -                                                         |
 
+## Changes in 0.1.0
+* Add the `check-data-keys` task to validate the `data.json` file using the JSON schema.
+
 ## Changes in 0.0.1
 * Initially forked from push-to-external-registry v5.2.1
diff --git a/pipelines/managed/push-to-addons-registry/push-to-addons-registry.yaml b/pipelines/managed/push-to-addons-registry/push-to-addons-registry.yaml
@@ -4,7 +4,7 @@ kind: Pipeline
 metadata:
   name: push-to-addons-registry
   labels:
-    app.kubernetes.io/version: "0.0.1"
+    app.kubernetes.io/version: "0.1.0"
   annotations:
     tekton.dev/pipelines.minVersion: "0.12.1"
     tekton.dev/tags: release
@@ -109,6 +109,29 @@ spec:
           workspace: release-workspace
       runAfter:
         - verify-access-to-resources
+    - name: check-data-keys
+      params:
+        - name: dataPath
+          value: "$(tasks.collect-data.results.data)"
+        - name: schema
+          value: $(params.taskGitUrl)/raw/$(params.taskGitRevision)/schema/dataKeys.json
+        - name: systems
+          value: 
+            - mapping
+      taskRef:
+        params:
+          - name: url
+            value: $(params.taskGitUrl)
+          - name: revision
+            value: $(params.taskGitRevision)
+          - name: pathInRepo
+            value: tasks/check-data-keys/check-data-keys.yaml
+        resolver: git
+      workspaces:
+        - name: data
+          workspace: release-workspace
+      runAfter:
+        - collect-data
     - name: reduce-snapshot
       taskRef:
         resolver: "git"

diff --git a/pipelines/managed/push-to-external-registry/README.md b/pipelines/managed/push-to-external-registry/README.md
@@ -19,6 +19,10 @@ Tekton pipeline to release Snapshots to an external registry.
 | taskGitUrl               | The url to the git repo where the release-service-catalog tasks to be used are stored                  | Yes      | https://github.com/konflux-ci/release-service-catalog.git |
 | taskGitRevision          | The revision in the taskGitUrl repo to be used                                                         | No       | -             |
 
+
+## Changes in 5.3.0
+* Add the `check-data-keys` task to validate the `data.json` file using the JSON schema.
+
 ## Changes in 5.2.1
 * Add retries for some tasks
 

diff --git a/pipelines/managed/push-to-external-registry/push-to-external-registry.yaml b/pipelines/managed/push-to-external-registry/push-to-external-registry.yaml
@@ -4,7 +4,7 @@ kind: Pipeline
 metadata:
   name: push-to-external-registry
   labels:
-    app.kubernetes.io/version: "5.2.1"
+    app.kubernetes.io/version: "5.3.0"
   annotations:
     tekton.dev/pipelines.minVersion: "0.12.1"
     tekton.dev/tags: release
@@ -109,6 +109,29 @@ spec:
           workspace: release-workspace
       runAfter:
         - verify-access-to-resources
+    - name: check-data-keys
+      params:
+        - name: dataPath
+          value: "$(tasks.collect-data.results.data)"
+        - name: schema
+          value: $(params.taskGitUrl)/raw/$(params.taskGitRevision)/schema/dataKeys.json
+        - name: systems
+          value: 
+            - mapping
+      taskRef:
+        params:
+          - name: url
+            value: $(params.taskGitUrl)
+          - name: revision
+            value: $(params.taskGitRevision)
+          - name: pathInRepo
+            value: tasks/check-data-keys/check-data-keys.yaml
+        resolver: git
+      workspaces:
+        - name: data
+          workspace: release-workspace
+      runAfter:
+        - collect-data
     - name: reduce-snapshot
       taskRef:
         resolver: "git"

diff --git a/pipelines/managed/release-to-github/README.md b/pipelines/managed/release-to-github/README.md
@@ -19,6 +19,9 @@ Tekton release pipeline to release binaries extracted from the image built with
 | taskGitUrl                | The url to the git repo where the release-service-catalog tasks to be used are stored | Yes | https://github.com/konflux-ci/release-service-catalog.git |
 | taskGitRevision           | The revision in the taskGitUrl repo to be used                        | No        | -            |
 
+## Changes in 4.1.0
+* Add the `check-data-keys` task to validate the `data.json` file using the JSON schema.
+
 ## Changes in 4.0.0
 * Drop the `enterpriseContractPublicKey` param. The verify task will take the value from the policy.
 

diff --git a/pipelines/managed/release-to-github/release-to-github.yaml b/pipelines/managed/release-to-github/release-to-github.yaml
@@ -4,7 +4,7 @@ kind: Pipeline
 metadata:
   name: release-to-github
   labels:
-    app.kubernetes.io/version: "4.0.0"
+    app.kubernetes.io/version: "4.1.0"
   annotations:
     tekton.dev/pipelines.minVersion: "0.12.1"
     tekton.dev/tags: release
@@ -110,6 +110,30 @@ spec:
           workspace: release-workspace
       runAfter:
         - verify-access-to-resources
+    - name: check-data-keys
+      params:
+        - name: dataPath
+          value: "$(tasks.collect-data.results.data)"
+        - name: schema
+          value: $(params.taskGitUrl)/raw/$(params.taskGitRevision)/schema/dataKeys.json
+        - name: systems
+          value: 
+            - github
+            - sign
+      taskRef:
+        params:
+          - name: url
+            value: $(params.taskGitUrl)
+          - name: revision
+            value: $(params.taskGitRevision)
+          - name: pathInRepo
+            value: tasks/check-data-keys/check-data-keys.yaml
+        resolver: git
+      workspaces:
+        - name: data
+          workspace: release-workspace
+      runAfter:
+        - collect-data
     - name: validate-single-component
       taskRef:
         resolver: "git"

diff --git a/pipelines/managed/release-to-mrrc/README.md b/pipelines/managed/release-to-mrrc/README.md
@@ -18,3 +18,7 @@ Tekton release pipeline to release maven artifacts extracted from the maven repo
 | verify_ec_task_bundle           | The location of the bundle containing the verify-enterprise-contract task                                                          | No       | -                                                         |
 | taskGitUrl                      | The url to the git repo where the release-service-catalog tasks to be used are stored                                              | Yes      | https://github.com/konflux-ci/release-service-catalog.git |
 | taskGitRevision                 | The revision in the taskGitUrl repo to be used                                                                                     | Yes      | production                                                |
+
+
+## Changes in 0.2.0
+* Add the `check-data-keys` task to validate the `data.json` file using the JSON schema.
diff --git a/pipelines/managed/release-to-mrrc/release-to-mrrc.yaml b/pipelines/managed/release-to-mrrc/release-to-mrrc.yaml
@@ -4,7 +4,7 @@ kind: Pipeline
 metadata:
   name: release-to-mrrc
   labels:
-    app.kubernetes.io/version: "0.1.0"
+    app.kubernetes.io/version: "0.2.0"
   annotations:
     tekton.dev/pipelines.minVersion: "0.12.1"
     tekton.dev/tags: release
@@ -107,6 +107,29 @@ spec:
           workspace: release-workspace
       runAfter:
         - verify-access-to-resources
+    - name: check-data-keys
+      params:
+        - name: dataPath
+          value: "$(tasks.collect-data.results.data)"
+        - name: schema
+          value: $(params.taskGitUrl)/raw/$(params.taskGitRevision)/schema/dataKeys.json
+        - name: systems
+          value: 
+            - mrrc
+      taskRef:
+        params:
+          - name: url
+            value: $(params.taskGitUrl)
+          - name: revision
+            value: $(params.taskGitRevision)
+          - name: pathInRepo
+            value: tasks/check-data-keys/check-data-keys.yaml
+        resolver: git
+      workspaces:
+        - name: data
+          workspace: release-workspace
+      runAfter:
+        - collect-data
     - name: verify-enterprise-contract
       taskRef:
         resolver: "bundles"

diff --git a/pipelines/managed/rh-advisories/README.md b/pipelines/managed/rh-advisories/README.md
@@ -23,6 +23,10 @@ the rh-push-to-registry-redhat-io pipeline.
 | taskGitUrl                      | The url to the git repo where the release-service-catalog tasks to be used are stored                                              | Yes      | https://github.com/konflux-ci/release-service-catalog.git |
 | taskGitRevision                 | The revision in the taskGitUrl repo to be used                                                                                     | No       | -                                                         |
 
+## Changes in 1.6.0
+* Add new parameter `schema` to the `check-data-keys` task. 
+* Add new systems pyxis,mapping & signing to the task.
+
 ## Changes in 1.5.7
 * new mandatory parameter `dataPath` added to `create-pyxis-image` task
 

diff --git a/pipelines/managed/rh-advisories/rh-advisories.yaml b/pipelines/managed/rh-advisories/rh-advisories.yaml
@@ -4,7 +4,7 @@ kind: Pipeline
 metadata:
   name: rh-advisories
   labels:
-    app.kubernetes.io/version: "1.5.7"
+    app.kubernetes.io/version: "1.6.0"
   annotations:
     tekton.dev/pipelines.minVersion: "0.12.1"
     tekton.dev/tags: release
@@ -511,9 +511,14 @@ spec:
       params:
         - name: dataPath
           value: "$(tasks.collect-data.results.data)"
+        - name: schema
+          value:  $(params.taskGitUrl)/raw/$(params.taskGitRevision)/schema/dataKeys.json
         - name: systems
           value:
             - releaseNotes
+            - pyxis
+            - mapping
+            - sign
       taskRef:
         params:
           - name: url

diff --git a/pipelines/managed/rh-push-to-external-registry/README.md b/pipelines/managed/rh-push-to-external-registry/README.md
@@ -19,6 +19,10 @@ Tekton pipeline to release Red Hat Snapshots to an external registry. This pipel
 | taskGitUrl              | The url to the git repo where the release-service-catalog tasks to be used are stored | Yes      | https://github.com/konflux-ci/release-service-catalog.git |
 | taskGitRevision         | The revision in the taskGitUrl repo to be used                                       | No        | -            |
 
+
+## Changes in 5.4.0
+* Add the `check-data-keys` task to validate the `data.json` file using the JSON schema.
+
 ## Changes in 5.3.3
 * new mandatory parameter `dataPath` added to `create-pyxis-image` task