StoneSoup Build System

 

The StoneSoup Build System is composed of the following components:

This repository installs all the components and includes a set of example scripts that simplify usage and provide examples of a working system. There are no additional components needed to use the build system API, however some utilities and scripts are provided to demonstrate functionality.

Quickstart

To try out a pre-configured, follow these steps.

Steps  
1. Create project for your pipelines execution. This can be run as any non-admin user (or admin) and is needed to hold your execution pipelines. oc new-project demo
2. Run build-deploy example with a quarkus app. ./hack/build/build-via-appstudio.sh https://github.com/devfile-samples/devfile-sample-code-with-quarkus src/main/docker/Dockerfile.jvm.staged
3. View your build on the OpenShift Console under the pipelines page or view the logs via CLI. tkn pipelinerun logs

Tests via RHTAP

To validate execution via RHTAP you can run ./hack/build/build-via-appstudio.sh script which sets credentials and RHTAP application and components. Without parameters it creates example components. To build specific repository, pass its URL and path to repository’s Dockerfile as arguments as shown below:

./hack/build/build-via-appstudio.sh https://github.com/devfile-samples/devfile-sample-java-springboot-basic docker/Dockerfile

To enable PipelineAsCode integration you need to set PIPELINESASCODE env variable to 1 and also have to have set GitHub credentials in your ./hack/preview.env. One may use GitHub PipelineAsCode application or webhook. To use GitHub application set PAC_GITHUB_APP_PRIVATE_KEY and PAC_GITHUB_APP_ID in your ./hack/preview.env. Alternatively, to use GitHub webhook set PAC_GITHUB_TOKEN with required permissions or make sure that MY_GITHUB_TOKEN set and has the required permissions. Then run:

PIPELINESASCODE=1 ./hack/build/build-via-appstudio.sh https://github.com/Michkov/devfile-sample-go-basic docker/Dockerfile

Change of default pipeline bundle

Pipeline bundles are generated by build-definitions.

By default, the bundle is defined in components/build-service/base/build-pipeline-config/build-pipeline-config.yaml.

Stage Cluster integration prerequisites

Before creating component in Stage cluster it’s necessary install GitHub application AppStudio Staging CI into managed repository or into whole GitHub organization.

Repository secrets

The secret must be linked secret to appstudio-pipeline service account in the execution namespace

Build Service secrets

List of secrets:

Name Source Description
pipelines-as-code-secret appsre vault Secret containg ‘github-application-id’, ‘github-private-key’ and ‘webhook.secret’ of GitHub Application used by Build service for creating pull-requests

Rotation rule: Secrets must be rotated within 7 days after someone with access leaves the organization. Secrets older than one year should be rotated.

Instructions for rotation of pipelines-as-code-secret

The secret is shared and is managed by Pipeline Service team. We load the secret from the Pipeline Service vault. We don’t need to take any steps for rotation. After they rotate the secret it will be updated automatically on next external secret sync-up.