### Install rpm-lockfile-prototype and Dependencies Source: https://github.com/konflux-ci/docs/blob/main/modules/building/pages/activation-keys-subscription.adoc Install `pip`, `skopeo`, and `jq` using `dnf`, then install the `rpm-lockfile-prototype` tool using `pip` by fetching the latest release from GitHub. ```bash dnf install -y pip skopeo jq pip install --user https://github.com/konflux-ci/rpm-lockfile-prototype/archive/refs/tags/$(curl -s "https://api.github.com/repos/konflux-ci/rpm-lockfile-prototype/releases/latest" | jq -r '.tag_name').tar.gz ``` -------------------------------- ### RPM Prefetch Containerfile Example Source: https://github.com/konflux-ci/docs/blob/main/modules/building/pages/prefetching-dependencies.adoc Example Containerfile demonstrating how to prefetch RPM dependencies. Ensure the Containerfile is committed to your repository. ```dockerfile FROM registry.redhat.io/ubi9/ubi:latest # Install build dependencies RUN dnf install -y --setopt=tsflags=nodocs --refresh \ gcc \ make \ python3-devel \ # Add any other build dependencies here && dnf clean all # Copy application source code COPY . /app WORKDIR /app # Install dependencies using rpm-lockfile-prototype # This step assumes you have rpms.in.yaml and rpms.lock.yaml in your repository RUN rpm-lockfile-prototype --input rpms.in.yaml --output rpms.lock.yaml RUN dnf install -y --setopt=tsflags=nodocs --refresh $(cat rpms.lock.yaml | grep -v "^#" | sed 's/:.*//') # Build your application # Example: RUN make # Set the entrypoint or command for your container # CMD ["/usr/bin/your-app"] ``` -------------------------------- ### Complete Example Tekton Pipeline File Source: https://github.com/konflux-ci/docs/blob/main/modules/testing/pages/integration/creating.adoc This is a complete example of a Tekton pipeline file, including parameters and a task declaration for integration testing. ```yaml kind: Pipeline apiVersion: tekton.dev/v1beta1 metadata: name: example-pipeline spec: params: - description: 'Snapshot of the application' name: SNAPSHOT default: '{"components": [{"name":"test-app", "containerImage": "quay.io/example/repo:latest"}]}' type: string tasks: - name: task-1 description: Placeholder task that prints the Snapshot and outputs standard TEST_OUTPUT params: - name: SNAPSHOT value: $(params.SNAPSHOT) taskSpec: params: - name: SNAPSHOT results: - name: TEST_OUTPUT description: Test output steps: - image: registry.redhat.io/openshift4/ose-cli:latest env: - name: SNAPSHOT value: $(params.SNAPSHOT) script: | #!/bin/bash set -e dnf -y install jq snapshotComponents=$(jq -c '.components[]' <<< "${SNAPSHOT}") ``` -------------------------------- ### Example ReleasePlanAdmission Configuration Source: https://github.com/konflux-ci/docs/blob/main/modules/building/pages/component-nudges.adoc This YAML snippet shows an example of a ReleasePlanAdmission configuration that includes a mapping for components, which is necessary for nudging images from distribution repositories. ```yaml spec: data: mapping: components: - name: component1 repository: quay.io/some-org/released-image ``` -------------------------------- ### Install pipeline-migration-tool Source: https://github.com/konflux-ci/docs/blob/main/modules/building/pages/apply-task-migrations.adoc Installs a specific version of the pipeline-migration-tool using pipx. This makes the `pipeline-migration-tool` and `pmt` executables available in your PATH. ```bash pipx install https://github.com/konflux-ci/pipeline-migration-tool/archive/refs/tags/v0.4.2.zip ``` -------------------------------- ### Example Component.yaml for GitLab Source: https://github.com/konflux-ci/docs/blob/main/modules/building/pages/creating-gitlab.adoc This is an example `Component.yaml` object used for creating a component from a GitLab repository via the CLI. ```yaml apiVersion: "pipelines.openshift.io/v1alpha1" kind: Component metadata: name: my-component spec: source: git: url: "https://gitlab.com/your-org/your-project" ref: branch: main contextDir: "path/to/context" provider: gitlab url: "https://gitlab.com" # ... other component configurations ``` -------------------------------- ### Example ImageRepository.yaml object Source: https://github.com/konflux-ci/docs/blob/main/modules/building/pages/creating-github.adoc This is an example of an `ImageRepository.yaml` object, which is required when creating a component via the CLI. This resource defines where the built images will be stored. ```yaml apiVersion: image.openshift.io/v1 kind: ImageRepository metadata: name: my-component-imagerepo spec: from: kind: Component name: my-component ``` -------------------------------- ### Example Cluster-config ConfigMap Source: https://github.com/konflux-ci/docs/blob/main/modules/building/pages/caching-proxy.adoc This is a complete example of a `cluster-config` ConfigMap, demonstrating how to set `allow-cache-proxy`, `http-proxy`, and `no-proxy` values. ```yaml apiVersion: v1 kind: ConfigMap metadata: name: cluster-config namespace: konflux-info data: allow-cache-proxy: "true" http-proxy: "squid.caching.svc.cluster.local:3128" no-proxy: "quay.io,registry.redhat.io,docker.io" ``` -------------------------------- ### Containerfile for Git Submodules Source: https://github.com/konflux-ci/docs/blob/main/modules/patterns/pages/git-submodules.adoc A basic Containerfile example that installs dependencies, updates a git submodule, and builds a binary from its sources. ```dockerfile FROM # Install necessary dependencies RUN dnf -y install # Set the working directory ENV /path/to/submodule WORKDIR ${} # Commands to update the submodule for the current image build RUN sed -i 's///g' file/in/submodule/directory # Commands to build binary from submodule sources RUN go build file/in/submodule/directory WORKDIR /app LABEL name=""] ``` -------------------------------- ### Build and Serve Documentation Locally Source: https://github.com/konflux-ci/docs/blob/main/CONTRIBUTING.md Installs project dependencies and builds the documentation site for local review. Visit http://127.0.0.1:8080 to view the site. ```bash npm install npm run build ``` -------------------------------- ### Directory Structure for Releases Source: https://github.com/konflux-ci/docs/blob/main/modules/patterns/pages/gitops-for-manual-releases.adoc Example directory structure for organizing release files, including release.yaml and snapshot.yaml for each version. ```bash tree . └── releases ├── 1.2.0 │ ├── release.yaml │ └── snapshot.yaml └── 1.2.1 ├── release.yaml └── snapshot.yaml ``` -------------------------------- ### Example Cosign Tree Output Source: https://github.com/konflux-ci/docs/blob/main/modules/metadata/pages/discover.adoc This is an example output of the 'cosign tree' command, illustrating the structure of metadata including SBOMs, attestations, and signatures associated with an image. ```text 📦 Supply Chain Security Related artifacts for an image: quay.io/redhat-user-workload/your-tenant/application/component@sha256: └── 📦 SBOMs for an image tag: quay.io/redhat-user-workload/your-tenant/application/component:sha256-.sbom └── 🍒 sha256: └── 💾 Attestations for an image tag: quay.io/redhat-user-workload/your-tenant/application/component:sha256-.att └── 🍒 sha256: └── 🔐 Signatures for an image tag: quay.io/redhat-user-workload/your-tenant/application/component:sha256-.sig └── 🍒 sha256: ``` -------------------------------- ### Example renovate.json with Presets Source: https://github.com/konflux-ci/docs/blob/main/modules/mintmaker/pages/user.adoc This example disables major version updates and groups Python `requirements.txt` updates into a single PR. Note that RPM security automerge is not enabled by these presets. ```json { "extends": [ ":disableMajorUpdates", "github>konflux-ci/mintmaker-presets:group-python-requirements" ] } ``` -------------------------------- ### Example Tekton Pipeline File Source: https://github.com/konflux-ci/docs/blob/main/modules/testing/pages/integration/creating.adoc This is the beginning of a Tekton pipeline definition. It includes parameters for defining the application snapshot. ```yaml kind: Pipeline apiVersion: tekton.dev/v1beta1 metadata: name: example-pipeline spec: params: - description: 'Snapshot of the application' name: SNAPSHOT default: '{"components": [{"name":"test-app", "containerImage": "quay.io/example/repo:latest"}]}' type: string tasks: ---- ``` -------------------------------- ### Example RPM Lock File Structure Source: https://github.com/konflux-ci/docs/blob/main/modules/building/pages/activation-keys-subscription.adoc This is an example of the generated `rpms.lock.yaml` file, detailing package information, repository IDs, sizes, checksums, and versions. ```yaml lockfileVersion: 1 lockfileVendor: redhat arches: - arch: x86_64 packages: - url: https://cdn.redhat.com/content/dist/layered/rhel9/x86_64/rhocp/4.16/os/Packages/o/openshift-clients-4.16.0-202410172045.p0.gcf533b5.assembly.stream.el9.x86_64.rpm repoid: rhocp-4.16-for-rhel-9-x86_64-rpms size: 54912665 checksum: sha256:0ffd7347620fd10bb75774520e571702361a6d0352de9112979693d003964038 name: openshift-clients evr: 4.16.0-202410172045.p0.gcf533b5.assembly.stream.el9 sourcerpm: openshift-clients-4.16.0-202410172045.p0.gcf533b5.assembly.stream.el9.src.rpm ... ``` -------------------------------- ### Example Merged Registry Auth File Source: https://github.com/konflux-ci/docs/blob/main/modules/troubleshooting/pages/registries.adoc This JSON structure shows an example of a merged authentication file for a container registry, illustrating how credentials for specific paths and generic registry paths are handled. ```json { "auths": { "quay.io/my-org": { "auth": "..." }, "quay.io": { "auth": "..." } } } ``` -------------------------------- ### Example Component.yaml object Source: https://github.com/konflux-ci/docs/blob/main/modules/building/pages/creating-github.adoc This is an example of a `Component.yaml` object used for creating a component from a GitHub repository via the CLI. Ensure the `build.appstudio.openshift.io/request` annotation is set appropriately for automated pull request creation. ```yaml apiVersion: appstudio.redhat.com/v1alpha1 kind: Component metadata: name: my-component spec: application: my-application source: git: url: https://github.com/my-org/my-repo ref: main context: dir: src/backend secret: name: my-secret dockerfile: path: Dockerfile # Optional: configure-pac-no-mr will prevent automatic PR creation # annotations: # build.appstudio.openshift.io/request: configure-pac-no-mr ``` -------------------------------- ### Install Asciidoctor on Fedora/RHEL Source: https://github.com/konflux-ci/docs/blob/main/CONTRIBUTING.md Installs the asciidoctor software required for rendering AsciiDoc pages locally. Use this command on Fedora or RHEL systems. ```bash sudo dnf install -y asciidoctor ``` -------------------------------- ### Renovate ConfigMap Example Source: https://github.com/konflux-ci/docs/blob/main/modules/building/pages/component-nudges.adoc This is an example of a ConfigMap used to customize Renovate's behavior for component nudging. It demonstrates how to set options like automerge and labels. ```yaml apiVersion: v1 kind: ConfigMap metadata: name: namespace-wide-nudging-renovate-config data: automerge: "true" automergeType: "pr" commitMessagePrefix: "chore: " commitMessageSuffix: " [skip ci]" fileMatch: ",*.yaml, *.yml" ignoreTests: "true" platformAutomerge: "true" gitLabIgnoreApprovals: "false" automergeSchedule: "0 0 * * *" labels: "dependencies, renovate" ``` -------------------------------- ### Example Snapshot Resource Source: https://github.com/konflux-ci/docs/blob/main/modules/testing/pages/integration/snapshots/index.adoc This YAML defines an example Snapshot resource, detailing the application, components, container image digests, and source Git repository information. ```yaml apiVersion: appstudio.redhat.com/v1alpha1 kind: Snapshot metadata: name: snapshot-sample <.> namespace: ws-sample-tenant <.> spec: application: application-sample <.> components: - name: component-sample <.> containerImage: quay.io/redhat-user-workloads/ws-sample-tenant/application-sample/component-sample@sha256:0db0a473a6abf5c15c424ab07cfbd5c40c06622fe648d4fe6a6b6abc224a0d0c <.> source: <.> git: url: https://github.com/sample-org/sample-repo revision: fa8b89274a61ef0f1c257b7a84c37aa2ec844109 ``` -------------------------------- ### Example on-cel-expression for push pipelinerun Source: https://github.com/konflux-ci/docs/blob/main/modules/end-to-end/pages/building-tekton-tasks.adoc This example shows how to configure the on-cel-expression for a push pipelinerun to trigger only when changes are detected in specific task paths or its associated pipeline definition. ```yaml pipelinesascode.tekton.dev/on-cel-expression: | event == "push" && target_branch == "main" && ( "tasks/echo/0.1/***".pathChanged() || ".tekton/echo-v01-push.yaml".pathChanged() ) ``` -------------------------------- ### Example Component.yaml for Forgejo Source: https://github.com/konflux-ci/docs/blob/main/modules/building/pages/creating-forgejo.adoc This is an example of a Component.yaml object used to create a component from a Forgejo repository via the CLI. Ensure the Git provider annotation and Git URL annotation are correctly set for Forgejo. ```yaml apiVersion: appstudio.io/v1alpha1 kind: Component metadata: name: my-forgejo-component spec: source: git: url: https://forgejo.example.com/org/repo.git ref: branch: main type: git contextDir: / dockerfilePath: Dockerfile gitProviderAnnotation: forgejo gitUrlAnnotation: https://forgejo.example.com ``` -------------------------------- ### Import RPM GPG Keys and Install Package Source: https://github.com/konflux-ci/docs/blob/main/modules/building/partials/konflux-example-prefetch-rpm-trust-keys.adoc Use these Dockerfile commands to import RPM GPG keys and install the bash package into a specified root directory. ```dockerfile RUN rpmkeys --import /etc/pki/rpm-gpg/RPM-GPG-KEY-* --root "${NEWROOT}" RUN dnf install -y "--installroot=${NEWROOT}" bash ``` -------------------------------- ### Renovate Configuration for Base Branch Patterns Source: https://github.com/konflux-ci/docs/blob/main/modules/mintmaker/pages/user.adoc Example Renovate configuration specifying multiple base branches. Be aware of potential concurrent job conflicts when used with MintMaker. ```json { "baseBranchPatterns": ["main", "release-2.0"] } ``` -------------------------------- ### Dockerfile for Prefetching RPMs Source: https://github.com/konflux-ci/docs/blob/main/modules/building/partials/konflux-example-prefetch-rpm-containerfile.adoc This Dockerfile installs the Cargo build tool and sets its version command as the entrypoint. Use this as a base for building container images that require Cargo. ```docker FROM quay.io/fedora/fedora:rawhide RUN dnf -y install cargo WORKDIR /workdir ENTRYPOINT ["cargo", "--version"] ``` -------------------------------- ### Base renovate.json Configuration Source: https://github.com/konflux-ci/docs/blob/main/modules/mintmaker/pages/user.adoc Use this as a starting point for your custom `renovate.json` file. Ensure the schema is correctly referenced. ```json { "$schema": "https://docs.renovatebot.com/renovate-schema.json" } ``` -------------------------------- ### Example on-cel-expression for on-pr pipelinerun Source: https://github.com/konflux-ci/docs/blob/main/modules/end-to-end/pages/building-tekton-tasks.adoc This example shows how to configure the on-cel-expression for an on-pr pipelinerun to trigger only when changes are detected in specific task paths or its associated pipeline definition. ```yaml pipelinesascode.tekton.dev/on-cel-expression: | event == "pull_request" && target_branch == "main" && ( "tasks/echo/0.1/***".pathChanged() || ".tekton/echo-v01-pull-request.yaml".pathChanged() ) ``` -------------------------------- ### Log Output: Cache Proxy Enabled Source: https://github.com/konflux-ci/docs/blob/main/modules/building/pages/caching-proxy.adoc Example log output from the `init` task indicating that the cache proxy is enabled and showing the configured `HTTP_PROXY` and `NO_PROXY` values. ```text Fetching cluster-config from konflux-info namespace... Cache proxy enabled (cluster-enabled: true, task-enable: true) Setting HTTP_PROXY to squid.caching.svc.cluster.local:3128 Setting NO_PROXY to quay.io,registry.redhat.io,docker.io ``` -------------------------------- ### Example ReleasePlan.yaml Object Source: https://github.com/konflux-ci/docs/blob/main/modules/releasing/pages/create-release-plan.adoc Define a ReleasePlan CR for a specific application, specifying release automation, target namespaces, and optional parameters like pipeline references and service accounts. ```yaml apiVersion: appstudio.redhat.com/v1alpha1 kind: ReleasePlan metadata: labels: release.appstudio.openshift.io/auto-release: 'true' release.appstudio.openshift.io/standing-attribution: 'true' release.appstudio.openshift.io/releasePlanAdmission: 'rpa-name' name: sre-production namespace: dev-tenant-namespace spec: application: data: pipelineRef: serviceAccount: releaseGracePeriodDays: target: managed-tenant-namespace ``` -------------------------------- ### Log Output: Cluster-config Not Found Source: https://github.com/konflux-ci/docs/blob/main/modules/building/pages/caching-proxy.adoc Example log output when the `cluster-config` ConfigMap is not found, showing a warning and that the init task will proceed with default values. ```text Warning: Failed to fetch cluster-config ConfigMap. Proceeding with defaults. ``` -------------------------------- ### Check Documentation for Errors Only Source: https://github.com/konflux-ci/docs/blob/main/CONTRIBUTING.md Run this command to check all documentation files and report only the errors, ignoring warnings. Ensure Vale is installed and configured. ```bash # Checking the above files but only reporting the errors npm run lint:docs:errors ``` -------------------------------- ### Example 'buildah' Task Log Output (Cache Proxy Enabled) Source: https://github.com/konflux-ci/docs/blob/main/modules/building/pages/caching-proxy.adoc This log output confirms that the 'buildah' task is using the proxy settings passed from the 'init' task. ```log [2026-01-27T10:15:30.123456789+00:00] Setting proxy to squid.caching.svc.cluster.local:3128 [2026-01-27T10:15:30.123456789+00:00] Bypassing proxy for quay.io,registry.redhat.io,docker.io ``` -------------------------------- ### Run All Documentation Style Checks Source: https://github.com/konflux-ci/docs/blob/main/CONTRIBUTING.md Execute this command to check all documentation files for style violations, including warnings and errors. Ensure Vale is installed and configured. ```bash # Check all documentation (warnings and errors) npm run lint:docs ``` -------------------------------- ### Log Output: Cache Proxy Disabled Source: https://github.com/konflux-ci/docs/blob/main/modules/building/pages/caching-proxy.adoc Example log output from the `init` task indicating that the cache proxy is disabled, showing empty `HTTP_PROXY` and `NO_PROXY` values. ```text Fetching cluster-config from konflux-info namespace... Cache proxy disabled (cluster-enabled: true, task-enable: false) Setting HTTP_PROXY to Setting NO_PROXY to ``` -------------------------------- ### Verify PulpAccessRequest Status Source: https://github.com/konflux-ci/docs/blob/main/modules/building/pages/pulp-access.adoc Check the status of a PulpAccessRequest using `kubectl get`. Look for `Ready: True` in the conditions to confirm successful setup. ```bash kubectl get pulpaccessrequest my-pulp-access -o yaml ``` -------------------------------- ### Execute RPM Prefetch Example Source: https://github.com/konflux-ci/docs/blob/main/modules/building/partials/konflux-example-prefetch-rpm-execute.adoc Use this command to prefetch RPMs for a given base image and an input file containing RPM specifications. Ensure the BASE_IMAGE environment variable is set correctly. ```bash $ BASE_IMAGE=quay.io/fedora/fedora:rawhide $ rpm-lockfile-prototype --image $BASE_IMAGE rpms.in.yaml <1> ``` -------------------------------- ### Directory Structure for Multiple Application Versions Source: https://github.com/konflux-ci/docs/blob/main/modules/building/pages/configuration-as-code.adoc This structure demonstrates how to organize configurations for multiple application versions, including base components and version-specific overlays. ```bash ├── base │ ├── component.yaml │ └── kustomization.yaml ├── overlay │ └── application-a │ ├── base │ │ ├── application.yaml │ │ ├── component-a │ │ │ ├── component-a-override.yaml │ │ │ └── kustomization.yaml │ │ ├── component-b │ │ │ ├── component-b-override.yaml │ │ │ └── kustomization.yaml │ │ └── kustomization.yaml │ ├── v1-overlay │ │ ├── application-patch.yaml │ │ ├── component-patch.yaml │ │ ├── exception-component-patch-1.yaml │ │ └── kustomization.yaml │ └── v2-overlay │ ├── application-patch.yaml │ ├── component-patch.yaml │ ├── exception-component-patch-1.yaml │ └── kustomization.yaml └── README.md ``` -------------------------------- ### Trust GPG Keys for Custom Install Root Source: https://github.com/konflux-ci/docs/blob/main/modules/building/pages/prefetching-dependencies.adoc If using a custom install root with commands like `dnf install --installroot`, import the required GPG keys into that root first to verify package authenticity. ```bash dnf --installroot=/path/to/custom/root --releasever=38 install -y gpg-keys ``` -------------------------------- ### Sample Pipeline File Source: https://github.com/konflux-ci/docs/blob/main/modules/patterns/pages/centralize-pipeline-definitions.adoc Populate your local pipeline definition file with the Pipeline resource. This file will contain your kind: Pipeline resource. ```yaml apiVersion: tekton.dev/v1 kind: Pipeline metadata: name: build-pipeline spec: params: - name: repo-url type: string - name: repo-ref type: string - name: image-name type: string tasks: - name: clone-repository taskRef: name: git-clone params: - name: url value: $(params.repo-url) - name: revision value: $(params.repo-ref) - name: build-image runAfter: - clone-repository taskRef: name: buildah params: - name: IMAGE value: $(params.image-name) - name: TLSVERIFY value: "false" # The buildah task expects the source code to be in /workspace/source # The git-clone task clones the repository into /workspace/source by default - name: push-image runAfter: - build-image taskRef: name: buildah params: - name: IMAGE value: $(params.image-name) - name: STORAGE value: docker-daemon - name: TLSVERIFY value: "false" # The buildah task expects the source code to be in /workspace/source # The git-clone task clones the repository into /workspace/source by default ``` -------------------------------- ### Example Generated RPM Lockfile Source: https://github.com/konflux-ci/docs/blob/main/modules/building/pages/prefetching-dependencies.adoc An example of a generated `rpms.lock.yaml` file, detailing the resolved RPM dependencies including transitive ones. ```yaml --- version: 1 arches: packages: x86_64: - name: "my-package" version: "1.0" release: "1.el8" arch: "x86_64" - name: "dependency-package" version: "2.0" release: "2.el8" arch: "x86_64" ``` -------------------------------- ### Directory Structure for Multiple Applications Source: https://github.com/konflux-ci/docs/blob/main/modules/building/pages/configuration-as-code.adoc This structure illustrates how to define and organize configurations for multiple distinct applications, each with its own set of components and versioned overlays. ```bash ├── base │ ├── component.yaml │ └── kustomization.yaml ├── overlay │ ├── application-a │ │ ├── base │ │ │ ├── application.yaml │ │ │ ├── component-a │ │ │ │ ├── component-a-override.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── component-b │ │ │ │ ├── component-b-override.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── kustomization.yaml │ │ ├── v1-overlay │ │ │ ├── application-patch.yaml │ │ │ ├── component-patch.yaml │ │ │ ├── exception-component-patch-1.yaml │ │ │ └── kustomization.yaml │ │ └── v2-overlay │ │ ├── application-patch.yaml │ │ ├── component-patch.yaml │ │ ├── exception-component-patch-1.yaml │ │ └── kustomization.yaml │ └── application-b │ ├── base │ │ ├── application.yaml │ │ ├── component-c │ │ │ ├── component-c-override.yaml │ │ │ └── kustomization.yaml │ │ ├── component-d │ │ │ ├── component-d-override.yaml │ │ │ └── kustomization.yaml │ │ └── kustomization.yaml │ └── v1-overlay │ ├── application-patch.yaml │ ├── component-patch.yaml │ ├── exception-component-patch-1.yaml │ └── kustomization.yaml └── README.md ``` -------------------------------- ### Run UBI 9 Container with Mounted Source Code Source: https://github.com/konflux-ci/docs/blob/main/modules/building/pages/activation-keys-subscription.adoc Starts a Red Hat Universal Base Image 9 container, mounting the current working directory to `/source`. This container is used for subsequent subscription management and lockfile generation steps. ```bash podman run --rm -it -v $(pwd):/source:Z registry.access.redhat.com/ubi9 ``` -------------------------------- ### Apply Component and ImageRepository Resources Source: https://github.com/konflux-ci/docs/blob/main/modules/building/pages/creating-forgejo.adoc Use this command to apply your component and ImageRepository configurations to the namespace. Ensure both Component.yaml and ImageRepository.yaml are present. ```shell $ kubectl apply -f Component.yaml ImageRepository.yaml ``` -------------------------------- ### Create Multiple Applications Source: https://github.com/konflux-ci/docs/blob/main/modules/building/pages/creating.adoc Add configurations for multiple applications within the same `Application.yaml` file by separating each custom resource with `---`. ```yaml apiVersion: "application.weave.works/v1alpha1" kind: "Application" metadata: name: "my-app-1" spec: descriptor: type: "git" targetRevision: "main" url: "https://github.com/my-org/my-repo-1.git" --- apiVersion: "application.weave.works/v1alpha1" kind: "Application" metadata: name: "my-app-2" spec: descriptor: type: "git" targetRevision: "main" url: "https://github.com/my-org/my-repo-2.git" ``` -------------------------------- ### Copy and Prepare Red Hat Repository File Source: https://github.com/konflux-ci/docs/blob/main/modules/building/pages/activation-keys-subscription.adoc Copy the system's `redhat.repo` file to a local `source/` directory and use `sed` to replace the current architecture with `$basearch` for broader compatibility. ```bash cp /etc/yum.repos.d/redhat.repo /source/redhat.repo ``` ```bash sed -i "s/$(uname -m)/\$basearch/g" redhat.repo ``` -------------------------------- ### List Components Source: https://github.com/konflux-ci/docs/blob/main/modules/building/pages/reconfiguring-build-pipeline.adoc Use this command to list all components in your namespace. This is a prerequisite for editing or resetting a component. ```bash $ kubectl get components ``` -------------------------------- ### Example Snapshot Spec JSON Source: https://github.com/konflux-ci/docs/blob/main/modules/testing/pages/integration/creating.adoc This is an example of the JSON output for a snapshot's `.spec` when retrieved via kubectl. It details the application, components, container images, and git source information. ```json {"application":"application-sample","artifacts":{},"components":[{"containerImage":"quay.io/redhat-user-workloads/test-namespace/>/>@sha256:0db0a473a6abf5c15c424ab07cfbd5c40c06622fe648d4fe6a6b6abc224a0d0c","name":"component-sample","source":{"git":{"revision":"4242510959e20b2422e71f71b886aef6c40a5ead","url":"https://github.com/sample-org/sample-repo"}}}]} ``` -------------------------------- ### Start mcpdoc in SSE mode for MCP Inspector Source: https://github.com/konflux-ci/docs/blob/main/modules/reference/pages/llms-txt.adoc This bash command starts the mcpdoc server in Server-Sent Events (SSE) mode, listening on localhost:8082. It's used for testing with the MCP Inspector tool. ```bash uvx --from mcpdoc mcpdoc \ --urls "Konflux Documentation:https://konflux-ci.dev/docs/llms.txt" \ --transport sse \ --port 8082 \ --host localhost ``` -------------------------------- ### Apply Component and ImageRepository resources Source: https://github.com/konflux-ci/docs/blob/main/modules/building/pages/creating-github.adoc Use this command to apply the locally created `Component.yaml` and `ImageRepository.yaml` files to your Kubernetes namespace. This command initiates the component creation process. ```shell kubectl apply -f Component.yaml ImageRepository.yaml ``` -------------------------------- ### Get Component Definition for Verification Source: https://github.com/konflux-ci/docs/blob/main/modules/building/pages/component-nudges.adoc Retrieve the YAML definition of a component to verify that the build-nudges-ref has been correctly applied. ```bash kubectl get components/ -o yaml --kubeconfig= | less ``` -------------------------------- ### Register with Subscription Manager using Activation Key Source: https://github.com/konflux-ci/docs/blob/main/modules/building/pages/activation-keys-subscription.adoc Registers the containerized `subscription-manager` with Red Hat using a provided activation key and organization ID. Ensure the KEY_NAME and ORG_ID environment variables are set. ```bash subscription-manager register --activationkey="$KEY_NAME" --org="$ORG_ID" ``` -------------------------------- ### List Components Source: https://github.com/konflux-ci/docs/blob/main/modules/building/pages/component-nudges.adoc Use this command to list all components in your cluster and identify the names of components for establishing nudging relationships. ```bash kubectl get components ``` -------------------------------- ### PipelineInfo Source: https://github.com/konflux-ci/docs/blob/main/modules/reference/pages/kube-apis/release-service.adoc Defines the observed state of a release pipeline processing, including start and completion times, and associated PipelineRun. ```APIDOC ## PipelineInfo PipelineInfo defines the observed state of a release pipeline processing. ### Appears In: **** - xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-collectorsinfo[$$CollectorsInfo$$] - xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-releasestatus[$$ReleaseStatus$$] **** ### Fields [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation | *`completionTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#time-v1-meta[$$Time$$]__ | CompletionTime is the time when the Release processing was completed + | | | *`pipelineRun`* __string__ | PipelineRun contains the namespaced name of the managed Release PipelineRun executed as part of this release + | | Pattern: `^[a-z0-9]([-a-z0-9]\*[a-z0-9])?/[a-z0-9]([-a-z0-9]*[a-z0-9])?$` + | *`roleBindings`* __xref:{anchor_prefix}-github-com-konflux-ci-release-service-api-v1alpha1-rolebindingtype[$$RoleBindingType$$]__ | RoleBindings defines the roleBindings for accessing resources during the Release + PipelineRun executed as part of this release. + | | | *`startTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.3/#time-v1-meta[$$Time$$]__ | StartTime is the time when the Release processing started + | | |=== ``` -------------------------------- ### Example ReleasePlanAdmission.yaml Configuration Source: https://github.com/konflux-ci/docs/blob/main/modules/patterns/pages/maintaining-references-before-release.adoc This YAML configuration defines release plan admissions, specifying target repositories for components within applications. It maps component names to their respective target image repositories. ```yaml apiVersion: appstudio.redhat.com/v1alpha1 kind: ReleasePlanAdmission spec: applications: - demo-app <.> data: mapping: components: <.> - name: demo-component-1 repository: target-image-repository-1 - name: demo-component-2 repository: target-image-repository-2 origin: <.> ``` -------------------------------- ### Configure CODEOWNERS for Release Approval Source: https://github.com/konflux-ci/docs/blob/main/modules/patterns/pages/gitops-for-manual-releases.adoc Example CODEOWNERS file configuration requiring approval from specified groups for changes to be merged. ```yaml cat CODEOWNERS [Managers] * @sally [Devs] * @jen @soren [QE] * @remus [Docs] * @john ``` -------------------------------- ### Base Images Configuration Source: https://github.com/konflux-ci/docs/blob/main/modules/testing/pages/integration/third-parties/openshift-ci.adoc Specifies the base image stream tag for the build root. This configuration is part of the `ci-operator` setup. ```yaml build_root: image_stream_tag: name: release namespace: openshift tag: rhel-9-release-golang-1.24-openshift-4.20 base_images: ``` -------------------------------- ### Generate API Documentation Source: https://github.com/konflux-ci/docs/blob/main/CONTRIBUTING.md Runs the api-gen script using npm to generate API documentation. Assumes the crd-ref-docs tool is installed. ```bash npm run api-gen ``` -------------------------------- ### Download build-time SBOM using Cosign CLI Source: https://github.com/konflux-ci/docs/blob/main/modules/metadata/pages/sboms.adoc Use Cosign to download the build-time SBOM for a component. Ensure the IMAGE environment variable is set to the component's image. ```bash $ cosign download sbom --platform linux/amd64 $IMAGE ``` -------------------------------- ### Example Release.yaml for Manual Release Source: https://github.com/konflux-ci/docs/blob/main/modules/releasing/partials/example-manual-release.adoc This YAML defines a Release object for a manual release. Ensure labels indicate it's not automated and include the author's ID. Optional data can be provided for the release pipeline. ```yaml apiVersion: appstudio.redhat.com/v1alpha1 kind: Release metadata: generateName: namespace: dev-tenant-namespace labels: release.appstudio.openshift.io/automated: "false" release.appstudio.openshift.io/author: my-userid spec: releasePlan: snapshot: data: ``` -------------------------------- ### Set up Watchmedo for Auto-reloading Source: https://github.com/konflux-ci/docs/blob/main/CONTRIBUTING.md Configures the development server to automatically restart when AsciiDoc files change. This requires Python and pip to be installed. ```bash python3 -m venv venv source venv/bin/activate python -m pip install watchdog[watchmedo] watchmedo auto-restart --patterns="*.adoc" --recursive npm run dev ``` -------------------------------- ### Dockerfile for Building Binaries Source: https://github.com/konflux-ci/docs/blob/main/modules/building/partials/konflux-example-binary-dockerfile.adoc Use this Dockerfile to define the build environment. Ensure the base image has necessary tools and copy your build script and application source code before running the build. ```dockerfile FROM quay.io/fedora/fedora:rawhide // <1> COPY build-binary.sh build-binary.sh // <2> COPY /app // <3> RUN ./build-binary.sh // <4> ``` -------------------------------- ### Final Pipeline Configuration in ReleasePlan Source: https://github.com/konflux-ci/docs/blob/main/modules/releasing/pages/tenant-release-pipelines.adoc Example of how to declare a `finalPipeline` within a `ReleasePlan` to execute a tenant pipeline after the main release workflow completes. ```yaml apiVersion: appstudio.redhat.com/v1alpha1 kind: ReleasePlan ... spec: ... finalPipeline: pipelineRef: resolver: git params: - name: url value: "https://github.com//.git" - name: revision value: main - name: pathInRepo value: "" useEmptyDir: true serviceAccountName: build-pipeline-$COMPONENT_NAME ``` -------------------------------- ### Apply Application Configuration to New Tenant Namespace Source: https://github.com/konflux-ci/docs/blob/main/modules/patterns/pages/managing-security-fix.adoc Apply the generated YAML file to the new private tenant namespace to import the application configuration. This file contains the necessary information for the import process. ```bash kubectl apply -f ./data/ --namespace ``` -------------------------------- ### Save Image Path to Variable Source: https://github.com/konflux-ci/docs/blob/main/modules/building/pages/creating.adoc This example shows how to assign the retrieved image path to a shell variable for easier use in subsequent commands. ```shell IMAGE=quay.io/redhat-user-workloads/your-tenant/application/component@sha256: ``` -------------------------------- ### List Pipeline Runs Source: https://github.com/konflux-ci/docs/blob/main/modules/building/pages/running.adoc This command lists all active pipeline runs. The output shows the name, start time, duration, and status of each run. ```bash $ tkn pipelinerun list [Example Output] NAME STARTED DURATION STATUS your-component-jfrdb 4 seconds ago --- Running ```