I have a cluster running with Openshift 4.7. I installed the IBM Cloud-Native Toolkit in order to use the pipelines. My code repository is on Gitlab

When run the commmand oc pipeline --tekton , i have this error:

Creating pipeline on openshift cluster in XXXXX namespace
Getting git parameters
Git credentials have already been stored for user: [email protected]
  Project git repo: https://eu-de.git.cloud.ibm.com/XXXXX/YYYYYY/ZZZZZZ/RRRRR.git
            branch: dev
? Select the Pipeline to use in the PipelineRun: ibm-java-maven
? Would you like to enable the pipeline to scan the image for vulnerabilities? Yes
Copying tasks from tools
Copied Pipeline from tools/ibm-java-maven to XXXXXXX/YYYYYYY
Creating TriggerTemplate for pipeline: RRRRRR
Error registering pipeline: Unable to identify Git host type: https://eu-de.git.cloud.ibm.com/XXXXX/YYYYYY/ZZZZZZ/RRRRR.git

I think that this error is because the pipeline doesn't work correctly with gitlab .

We have an environment that we are using gogs which is deployed internally and we need to use http instead of https using git credentials.

The environment assumes that the git credentials and content is not sensitive as this is a lab/sample environment

The pipeline fails at this stage, using dev branch

[health : health-check] {"level":"info","ts":1584534080.5110245,"logger":"fallback-logger","caller":"logging/config.go:69","msg":"Fetch GitHub commit ID from kodata failed: \"KO_DATA_PATH\" does not exist or is empty"}
[health : health-check] Error from server (NotFound): ingresses.extensions "template-node-typescript" not found
[health : health-check] Error from server (NotFound): routes.route.openshift.io "template-node-typescript" not found

I'm trying to follow this example from the documentation, however, after creating the pipeline for the ace repo, the very first pipeline run fails with the following error:

Pipeline inventory-service-dev/inventory-mgmt-ace-solution can't be Run; it contains Tasks that don't exist: Couldn't retrieve Task "ibm-setup": tasks.tekton.dev "ibm-setup" not found

Checking at the actual Tasks, I've confirmed they have now the version appended: -v2-7-7 so I've appended it in the YAML, but now it fails in the build phase without any output, it only fails after cloning the repo.

++ cat ./chart/base/Chart.yaml
++ yq r - name

• export CHART_NAME=base
• CHART_NAME=base
  CHART_NAME: base
• echo 'CHART_NAME: base'
• [[ base != \f\o\u\r-\m\e\t\r\i\c\s-\a\p\p ]]
  Renaming chart from base to four-metrics-app
• echo 'Renaming chart from base to four-metrics-app'
• cp -R ./chart/base ./chart/four-metrics-app
  cp: can't create directory './chart/four-metrics-app': Permission denied

Add pipeline to handle app models such as https://github.com/IBM/MAX-Object-Detector

quay.io has an API that we can create a sample task to scan images

Here is an example
https://github.com/kitty-catt/bc-full/blob/main/tekton-tasks/ibm-quay-cve-check.yaml#L40

Today when the app is not found in the root of the gitops git repo, a directory is created with the app-name

This creates problems when running workshops or environments when the different developer use the same app-name, in the case of a workshop every developer will clone the template app name the app the same in their git org/users.

The gitops task would be updated to create a directory in the root with the git user/org and then copy the app files inside.

There should be a config map that allows the user to specify the specific app to use in the git repo, or the parent directory.

The Tekon task for building the catalog index fails as opm can't reach the image

This is after editing the task to add the skip tls which was the first problem found --skip-tls=true

+ opm index add --skip-tls=true --bundles image-registry.openshift-image-registry.svc:5000/project1-dev/ansible-operator-bundle:0.0.3 --generate -d ./index.Dockerfile
time="2021-02-04T03:44:45Z" level=warning msg="--skip-tls flag is set: this mode is insecure and meant for development purposes only."
time="2021-02-04T03:44:45Z" level=info msg="building the index" bundles="[image-registry.openshift-image-registry.svc:5000/project1-dev/ansible-operator-bundle:0.0.3]"
time="2021-02-04T03:44:45Z" level=error msg="permissive mode disabled" bundles="[image-registry.openshift-image-registry.svc:5000/project1-dev/ansible-operator-bundle:0.0.3]" error="[error resolving name : unexpected status code [manifests 0.0.3]: 400 Bad Request, image \"image-registry.openshift-image-registry.svc:5000/project1-dev/ansible-operator-bundle:0.0.3\": not found]"
Error: [error resolving name : unexpected status code [manifests 0.0.3]: 400 Bad Request, image "image-registry.openshift-image-registry.svc:5000/project1-dev/ansible-operator-bundle:0.0.3": not found]

How to Reproduce:

1. Log in to the cluster using: icc [cluster name]
2. oc new-project tools
3. RELEASE=$(curl -s https://api.github.com/repos/IBM/ibm-garage-tekton-tasks/releases/latest | jq -r '.tag_name')
4. export NAMESPACE="tools"
5. kubectl apply -n ${NAMESPACE} -f "https://github.com/IBM/ibm-garage-tekton-tasks/releases/download/${RELEASE}/release.yaml"
6. oc create serviceaccount pipeline
7. oc adm policy add-scc-to-user privileged -z pipeline
8. oc adm policy add-role-to-user edit -z pipeline
9. oc new-project [your ReactJS application]-dev
10. git clone [your ReactJS application repo located in github.ibm.com]
11. cd [to your cloned ReactJS application folder]
12. oc sync [your ReactJS application]-dev
13. oc pipeline --tekton

Note: At this point it is expected that the pipeline is running.

• On Openshift Container Platform -> Click Pipeline: Task Status: "Last run status: failed"

• On Openshift Container Platform -> Click Pipeline -> Click Task Status: "Log" says:

setup
STEP-GIT-CLONE
set +x
Cloning into '/source'...
fatal: unable to access 'https://github.com:[email protected]/XXXXX/four-metrics-app.git/'
: URL using bad/illegal format or missing URL

NOTE:

• xxxxxx symbol in the URL represents my git Personal token. [Actual valued removed for security purposes - just here]
• XXX symbol in the URL represents my folder name. [Actual value removed as well on purpose - just]

Thanks.

Pipelines start to fail on tag-release task with error code:
fatal: could not read Username for 'https://github.com': No such device or address

when it tries to execute git push --tags -v command on 7-tag-release.yaml line 97.

Using release 2.3.0, installed as described in README.

Ran oc pipeline on our project and every step works except for the final gitops step. It gives the following message and the pipeline says it failed.

unable to find result referenced by param "helm-url" in "gitops": Could not find result with name helm-url for task run helm-release

If the project uses yarn to install dependencies and/or build the application (evidenced by a yarn.lock) then yarn should be used to install the dependencies.

We use OpenShift 4.8 and 4.9 for customers' MVP and the ibm-garage-tekton-task version v2.7.7 & v3.0.3, respectively. The applications are Java. However, we are getting this error:

oc pipeline --tekton
Creating pipeline on kubernetes cluster in xxxxxxx namespace
Retrieving git parameters
Git credentials have already been stored for user: schijioke-uche
  Project git repo: https://github.com/xxxxxxxxx/xxxxxxxxxxxxxxx.git
  Branch: optimized
Retrieving available template pipelines from tools
Pipeline templates filtered based on detected runtime: openjdk/maven
? Select the Pipeline to use in the PipelineRun: ibm-java-maven
? scan-image: Enable the pipeline to scan the image for vulnerabilities? No
? lint-dockerfile: Enable the pipeline to lint the Dockerfile for best practices? No
Copying tasks from tools
Copied Pipeline from tools/ibm-java-maven to xxxxxxxxx/xxxxxxxxxxxxx-mvp
Creating TriggerTemplate for pipeline: xxxxxxxxxxxxx-mvp
Creating TriggerBinding for pipeline: xxxxxxxxxxxxx-mvp
Creating/updating TriggerEventListener for pipeline: tekton
  Creating new event listener
  Creating new event listener
_`Error registering pipeline: admission webhook "webhook.triggers.tekton.dev" denied the request: mutation failed: cannot decode incoming new object: json: unknown field "name"`_

**Redhat Verified Recommended Solution: ** https://access.redhat.com/solutions/6956938

However, we seemed not to have visibility or access to fix this since the **EventListener** template cannot be created before the issue occurs, as you can see.

@triceam
@jjasghar
@csantanapr
@christo4ferris
@dalelotts
Can any of you provide a patch? This impacts our MVPs with the customers as they want to adopt the IBM Garage pipeline tool but cannot move forward without resolving this. I appreciate your support.

Thanks.

Steps to reproduce:

1. Create a repo named deployment-blah-blah
2. Create a pipeline with oc pipeline --tekton
3. Observe that the deploy step will fail

The error happens around here because it uses grep with the word deployment which mistakenly grabs the service named deployment-blah-blah and then tries to wait for the rollout.

I observed this in ibm-deploy-v2-6-13

Sonar scan step is failing with the following error while running igc pipeline (igc version: 1.35) for node-typescript starter kit (https://github.com/IBM/template-node-typescript) on ROSA 4.10 cluster:

• APP_NAME=temp-node-ts
• command -v sonar-scanner
• '[' -n http://sonarqube-sonarqube.tools:9000 ]
• sonar-scanner '-Dsonar.login=admin' '-Dsonar.password=Welcome1' '-Dsonar.host.url=http://sonarqube-sonarqube.tools:9000' '-Dsonar.projectKey=temp-node-ts'
  INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
  INFO: Project root configuration file: /source/sonar-project.properties
  INFO: SonarScanner 4.6.2.2472
  INFO: Java 11.0.14 Alpine (64-bit)
  INFO: Linux 4.18.0-305.45.1.el8_4.x86_64 amd64
  INFO: User cache: /source/cache
  INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
  INFO: Project root configuration file: /source/sonar-project.properties
  INFO: Analyzing on SonarQube server 9.5.0.56709
  INFO: Default locale: "en_US", source code encoding: "UTF-8"
  INFO: Load global settings
  INFO: Load global settings (done) | time=286ms
  INFO: Server id: EA8D9556-AYJ8o1uRJhqXLAA_4ZMa
  INFO: User cache: /source/cache
  INFO: Load/download plugins
  INFO: Load plugins index
  INFO: Load plugins index (done) | time=204ms
  INFO: Load/download plugins (done) | time=5741ms
  INFO: Process project properties
  INFO: Process project properties (done) | time=14ms
  INFO: Execute project builders
  INFO: Execute project builders (done) | time=2ms
  INFO: Project key: temp-node-ts
  INFO: Base dir: /source
  INFO: Working dir: /source/.scannerwork
  INFO: Load project settings for component key: 'temp-node-ts'
  INFO: Load project settings for component key: 'temp-node-ts' (done) | time=361ms
  INFO: Load quality profiles
  INFO: Load quality profiles (done) | time=399ms
  INFO: Load active rules
  INFO: Load active rules (done) | time=10403ms
  INFO: Load analysis cache
  INFO: Load analysis cache (404) | time=191ms
  INFO: Load project repositories
  INFO: Load project repositories (done) | time=206ms
  INFO: Indexing files...
  INFO: Project configuration:
  INFO: Excluded sources for coverage: src/logger/
  INFO: 47 files indexed
  INFO: 0 files ignored because of scm ignore settings
  INFO: Quality profile for ts: Sonar way
  INFO: ------------- Run sensors on module temp-node-ts
  INFO: Load metrics repository
  INFO: Load metrics repository (done) | time=209ms
  INFO: Sensor JaCoCo XML Report Importer [jacoco]
  INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
  INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
  INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=4ms
  INFO: Sensor TypeScript analysis [javascript]
  INFO: Found 1 tsconfig.json file(s): [/source/tsconfig.json]
  INFO: Creating TypeScript program
  INFO: TypeScript configuration file /source/tsconfig.json
  INFO: 47 source files to be analyzed
  INFO: Creating TypeScript program (done) | time=3708ms
  INFO: Starting analysis with current program
  INFO: Analyzed 47 file(s) with current program
  INFO: 47/47 source files have been analyzed
  INFO: Sensor TypeScript analysis [javascript] (done) | time=15669ms
  INFO: Sensor JavaScript/TypeScript Coverage [javascript]
  INFO: Analysing [/source/coverage/lcov.info]
  WARN: Found 18 inconsistencies in coverage report. Re-run analyse in debug mode to see details.
  INFO: Sensor JavaScript/TypeScript Coverage [javascript] (done) | time=18ms
  INFO: Sensor CSS Rules [javascript]
  INFO: No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
  INFO: Sensor CSS Rules [javascript] (done) | time=0ms
  INFO: Sensor C# Project Type Information [csharp]
  INFO: Sensor C# Project Type Information [csharp] (done) | time=1ms
  INFO: Sensor C# Analysis Log [csharp]
  INFO: Sensor C# Analysis Log [csharp] (done) | time=18ms
  INFO: Sensor C# Properties [csharp]
  INFO: Sensor C# Properties [csharp] (done) | time=0ms
  INFO: Sensor HTML [web]
  INFO: Sensor HTML [web] (done) | time=3ms
  INFO: Sensor Text Sensor [text]
  INFO: 47 source files to be analyzed
  INFO: 47/47 source files have been analyzed
  INFO: Sensor Text Sensor [text] (done) | time=21ms
  INFO: Sensor VB.NET Project Type Information [vbnet]
  INFO: Sensor VB.NET Project Type Information [vbnet] (done) | time=2ms
  INFO: Sensor VB.NET Analysis Log [vbnet]
  INFO: Sensor VB.NET Analysis Log [vbnet] (done) | time=25ms
  INFO: Sensor VB.NET Properties [vbnet]
  INFO: Sensor VB.NET Properties [vbnet] (done) | time=0ms
  INFO: Sensor Generic Test Executions Report
  INFO: Parsing /source/test-report.xml
  INFO: Imported test execution data for 10 files
  INFO: Sensor Generic Test Executions Report (done) | time=28ms
  INFO: ------------- Run sensors on project
  INFO: Sensor Analysis Warnings import [csharp]
  INFO: Sensor Analysis Warnings import [csharp] (done) | time=4ms
  INFO: Sensor Zero Coverage Sensor
  INFO: Sensor Zero Coverage Sensor (done) | time=4ms
  INFO: CPD Executor 18 files had no CPD blocks
  INFO: CPD Executor Calculating CPD for 15 files
  INFO: CPD Executor CPD calculation finished (done) | time=24ms
  INFO: Analysis report generated in 94ms, dir size=211.8 kB
  INFO: Analysis report compressed in 102ms, zip size=101.1 kB
  INFO: Analysis report uploaded in 288ms
  INFO: ANALYSIS SUCCESSFUL, you can find the results at: http://sonarqube-sonarqube.tools:9000/dashboard?id=temp-node-ts
  INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
  INFO: More about the report processing at http://sonarqube-sonarqube.tools:9000/api/ce/task?id=AYJ9mwQsJhqXLAA_4iwH
  INFO: ------------------------------------------------------------------------
  INFO: EXECUTION FAILURE
  INFO: ------------------------------------------------------------------------
  INFO: Total time: 45.336s
  INFO: Final Memory: 17M/212M
  INFO: ------------------------------------------------------------------------
  ERROR: Error during SonarScanner execution
  java.lang.IllegalStateException: Unable to load components interface org.sonar.api.batch.postjob.PostJob
  at org.sonar.core.platform.SpringComponentContainer.getComponentsByType(SpringComponentContainer.java:156)
  at org.sonar.scanner.bootstrap.AbstractExtensionDictionary.completeScannerExtensions(AbstractExtensionDictionary.java:82)
  at org.sonar.scanner.bootstrap.AbstractExtensionDictionary.getExtensions(AbstractExtensionDictionary.java:77)
  at org.sonar.scanner.bootstrap.AbstractExtensionDictionary.getFilteredExtensions(AbstractExtensionDictionary.java:67)
  at org.sonar.scanner.bootstrap.PostJobExtensionDictionary.selectPostJobs(PostJobExtensionDictionary.java:42)
  at org.sonar.scanner.postjob.PostJobsExecutor.execute(PostJobsExecutor.java:38)
  at org.sonar.scanner.scan.SpringProjectScanContainer.doAfterStart(SpringProjectScanContainer.java:372)
  at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)
  at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)
  at org.sonar.scanner.bootstrap.SpringGlobalContainer.doAfterStart(SpringGlobalContainer.java:135)
  at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)
  at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)
  at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:72)
  at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:66)
  at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
  at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
  at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.base/java.lang.reflect.Method.invoke(Method.java:566)
  at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
  at com.sun.proxy.$Proxy0.execute(Unknown Source)
  at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
  at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
  at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
  at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
  at org.sonarsource.scanner.cli.Main.main(Main.java:61)
  Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ClassRealm{stash}-org.sonar.plugins.stash.StashIssueReportingPostJob': Lookup method resolution failed; nested exception is java.lang.IllegalStateException: Failed to introspect Class [org.sonar.plugins.stash.StashIssueReportingPostJob] from ClassLoader [ClassRealm{stash}]
  at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.determineCandidateConstructors(AutowiredAnnotationBeanPostProcessor.java:289)
  at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.determineConstructorsFromBeanPostProcessors(AbstractAutowireCapableBeanFactory.java:1302)
  at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1219)
  at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:582)
  at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:542)
  at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335)
  at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234)
  at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333)
  at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208)
  at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeansOfType(DefaultListableBeanFactory.java:671)
  at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeansOfType(DefaultListableBeanFactory.java:659)
  at org.springframework.context.support.AbstractApplicationContext.getBeansOfType(AbstractApplicationContext.java:1300)
  at org.sonar.core.platform.SpringComponentContainer.getComponentsByType(SpringComponentContainer.java:154)
  ... 25 more
  Caused by: java.lang.IllegalStateException: Failed to introspect Class [org.sonar.plugins.stash.StashIssueReportingPostJob] from ClassLoader [ClassRealm{stash}]
  at org.springframework.util.ReflectionUtils.getDeclaredMethods(ReflectionUtils.java:485)
  at org.springframework.util.ReflectionUtils.doWithLocalMethods(ReflectionUtils.java:321)
  at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.determineCandidateConstructors(AutowiredAnnotationBeanPostProcessor.java:267)
  ... 37 more
  Caused by: java.lang.NoClassDefFoundError: org/sonar/api/batch/postjob/issue/PostJobIssue
  at java.base/java.lang.Class.getDeclaredMethods0(Native Method)
  at java.base/java.lang.Class.privateGetDeclaredMethods(Class.java:3166)
  at java.base/java.lang.Class.getDeclaredMethods(Class.java:2309)
  at org.springframework.util.ReflectionUtils.getDeclaredMethods(ReflectionUtils.java:467)
  ... 39 more
  Caused by: java.lang.ClassNotFoundException: org.sonar.api.batch.postjob.issue.PostJobIssue
  at org.sonar.classloader.ParentFirstStrategy.loadClass(ParentFirstStrategy.java:39)
  at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:87)
  at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:76)
  ... 43 more
  ERROR:
  ERROR: Re-run SonarScanner using the -X switch to enable full debug logging

Attaching the complete log file of node-test task run for reference:
node-test-task.log
.

• Create a git repo that doesn't have a chart
• create a tekton pipeline
• Expected behavior: a message like "unable to find ./chart - are you sure you added a helm chart?"
• Actual behavior: it will fail with the message "cannot create directory... permission denied"

Using branch dev health check is using the image url to get the app name instead of using new approach of git repo name

In health check we use tools-image and basename can't be use the same way

INGRESS_NAME=$(basename -s .git `git config --get remote.origin.url` | tr '[:upper:]' '[:lower:]' | sed 's/_/-/g')

xist or is empty"}
[health : health-check] BusyBox v1.30.1 (2019-06-12 17:51:55 UTC) multi-call binary.
[health : health-check] 
[health : health-check] Usage: basename FILE [SUFFIX]
[health : health-check] 
[health : health-check] Strip directory path and .SUFFIX from FILE
[health : health-check] error: arguments in resource/name form must have a single resource and name
[health : health-check] error: arguments in resource/name form must have a single resource and name

When I add the task and run it with the default, then fails

[image-scan : scan-image] FAILED
[image-scan : scan-image] Configuration error: mkdir /home/devops/.bluemix/plugins: permission denied
[image-scan : scan-image]

value:

• build a parent and its child seperately;
• local nexus should be quicker;

Logs:

• [[ base != \t\e\m\p-\n\o\d\e-\t\s ]]
• echo 'Renaming chart from base to temp-node-ts'
  Renaming chart from base to temp-node-ts
• cp -R ./chart/base ./chart/temp-node-ts
  cp: can't create directory './chart/temp-node-ts': Permission denied

Setup taski incorrectly calculated REGISTRY_REPOSITORY using basename and awk if repo name contained 'git' world.
This is fixed in this PR

Hi,

I had a pipeline run with a trivy scan on an image that was build using appsody in a tekton task.

The trivy tekton task fails, I see it copy the image into OCP.

The environment is OpenShift version: 4.6.15 via CodeReady Containers version: 1.22.0+6faff76f

trivy-run.txt

The ibm-java-maven-test-v2-1-4 task has a param for sonarqube-java-bin-path which is not configurable and defaults to /target

For some applications we will want to scan another location instead. In order to do this currently the new path needs to be added to the pipeline/task definition and hard coded.

See my workaround here: https://ibm-cloud-architecture.github.io/modernization-playbook/applications/liberty/liberty-deploy-cloud-native-toolkit/#register-the-application-with-the-toolkit-pipeline

The new image quay.io/ibmgaragecloud/ibmcloud-dev:v2.0.1

Has issues because node is install as root

The old image node is install as nvm

❯ oc run gitops --image ibmgaragecloud/ibmcloud-dev:1.2.2 --command -- sleep 1h
pod/gitops created
❯ oc exec gitops -it -- bash
devops@gitops:~$ id
uid=1000(devops) gid=1000(devops) groups=1000(devops),0(root),27(sudo),999(docker)
devops@gitops:~$ which npm
/home/devops/.nvm/versions/node/v12.18.4/bin/npm

The repo already has a tag 0.0.1
Then I push some code into master branch
Start a new pipeline run
It errors with

From https://github.com/csantanapr-cn-toolkit-tests/cn-node-typescript
 * branch            master     -> FETCH_HEAD
 * [new tag]         0.0.1      -> 0.0.1
 * [new branch]      master     -> origin/master
+ git checkout master
Already on 'master'
+ git branch --set-upstream-to=origin/master master
Branch master set up to track remote branch master from origin.
+ git config --global user.name 'Jenkins Pipeline'
+ git config --global user.email [email protected]
+ git config --local credential.helper '!f() { echo username=\; echo password=\; }; f'
+ mkdir -p /tekton/home/.npm
+ npm config set prefix /tekton/home/.npm
+ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/tekton/home/.npm/bin
+ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/tekton/home/.npm/bin
+ npm i -g release-it
/tekton/home/.npm/bin/release-it -> /tekton/home/.npm/lib/node_modules/release-it/bin/release-it.js
+ [email protected]
added 307 packages from 207 contributors in 18.534s
+ [[ master != \m\a\s\t\e\r ]]
+ release-it patch --ci --no-npm '--hooks.after:release=echo "IMAGE_VERSION=${version}" > ./env-config' --verbose -VV
🚀 Let's release cn-node-typescript (0.0.0...0.0.1)
Changelog:
* update package.json with app name (f8268bc)
Empty changeset

On branch master
Your branch is up-to-date with 'origin/master'.
nothing to commit, working tree clean
WARNING No changes to commit. The latest commit will be tagged.
ERROR fatal: tag '0.0.1' already exists
Rolling back changes...

Should it create a tag 0.0.2 ?

Pactbroker task is by-passed due to mismatch in pactbroker secret and url key in test task and cloudnative toolkit:
STEP-PUBLISH-PACT

Skipping Pact publish

• [ -n ]

• echo Skipping Pact publish
  STEP-VERIFY-PACT

• [ -n ]

• echo Skipping Pact publish
  Skipping Pact publish

Build task fails with the following error: "failed to create task run pod "template-node-cshell-17b4dcee565-build-zb5l5": pods "template-node-cshell-17b4dcee565-build-zb5l5-pod-v9cq5" is forbidden: unable to validate against any security context constraint: [spec.containers[1].securityContext.privileged: Invalid value: true: Privileged containers are not allowed spec.containers[1].securityContext.privileged: Invalid value: true: Privileged containers are not allowed spec.containers[1].securityContext.privileged: Invalid value: true: Privileged containers are not allowed spec.containers[1].securityContext.privileged: Invalid value: true: Privileged containers are not allowed]. Maybe missing or invalid Task build-test/ibm-build-tag-push-v2-7-2".

Temporary solution: oc adm policy add-scc-to-user privileged -z pipeline
Challenge: This command can be run by cluster admin or any person who has permission to create scc. This issue will really effect an normal end-user's cloud-native toolkit experience(https://ibm-gsi-ecosystem.github.io/ibm-gsi-cloudnative-journey/developer-intermediate/deploy-app) as their first pipeline will fail and can be fixed only by one of the cluster admin's help.

This is useful if app doesn't have any unit tests, or test can't be run unless the app is deploy which in that case the tests are more E2E

login to IBM cloud does not work in tekton task to do the VA scan.

Current Code (does not work):

      ibmcloud login --apikey ${IBM_CLOUD_APIKEY} -g ${IBM_CLOUD_RESOURCE_GROUP} -r ${IBM_CLOUD_REGION} 

Working Code (does work):

      ibmcloud login --apikey ${IBM_CLOUD_APIKEY} -r ${IBM_CLOUD_REGION}
      ibmcloud target -r ${IBM_CLOUD_REGION} 

I am working with region eu-de to push to de.icr.io/kitty-catt/lightbluecompute-catalog:latest

I will submit a pull request.

• remove pre 0.7 tekton tasks
• remove from readme references to old version of tekton and ocp3

[lint] 2021/04/26 21:26:33 Error executing command: fork/exec /tekton/scripts/script-1-qm58j: no such file or directory
container step-lint has failed : [{"key":"StartedAt","value":"2021-04-26T21:26:33.384Z","resourceRef":{}}]

To reproduce use dev branch

Create new repo using "tempalte" from template-node-typescript
Setup with tekton pipeline igc-nodejs
On first run image push fails

ap[] Message:CMD npm run serve Original:CMD npm run serve}: error parsing target image name "image-registry.openshift-image-registry.svc:5000/dev-cs1/cn-node-typescript:": error parsing image name "image-registry.openshift-image-registry.svc:5000/dev-cs1/cn-node-typescript:": invalid reference format

failed to get logs for task build : container step-build has failed  : [{"name":"","digest":"","key":"StartedAt","value":"2020-03-18T11:46:37Z","resourceRef":{}}]

Due to the way the task is currently written, the task can fail to push the Helm chart to artifactory yet still appear green and let the rest of the pipeline proceed. This is due to the fact that there is no error-handling done on the CURL calls that are talking to Artifactory:

curl  -uadmin:xxxx -s -T mq-spring-app-0.0.2.tgz http://artifactory-artifactory.tools:8082/artifactory/generic-local/ci/mq-spring-app-0.0.2.tgz
{
  "errors" : [ {
    "status" : 403,
    "message" : "This request is blocked due to recurrent login failures, please try again in 1 seconds"
  } ]
}curl  -uadmin:xxxx -s -T index.yaml http://artifactory-artifactory.tools:8082/artifactory/generic-local/ci/index.yaml
{
  "errors" : [ {
    "status" : 403,
    "message" : "This request is blocked due to recurrent login failures, please try again in 3 seconds"
  } ]
}

There should be code to ensure that the responses from Artifactory are of the HTTP 200 variety and not HTTP 403 etc.

Task logs: helm-release.log