Downstream 0.14.0 4

.tekton/tekton-results-api-pull-request.yaml

@@ -0,0 +1,40 @@
+---
+# Triggers Tekton Results api image build on pull request
+apiVersion: tekton.dev/v1beta1
+kind: PipelineRun
+metadata:
+  name: tekton-results-api-on-pull-request
+  annotations:
+    pipelinesascode.tekton.dev/on-event: "[pull_request]"
+    # Use downstream branch since we are using openshift-pipeline/tektoncd-results and not upstream
+    pipelinesascode.tekton.dev/on-target-branch: "[downstream-*]"
+    pipelinesascode.tekton.dev/max-keep-runs: "5"
+spec:
+  params:
+    - name: git-url
+      value: "{{repo_url}}"
+    - name: revision
+      value: "{{revision}}"
+    - name: output-image
+      value: "quay.io/konflux-ci/pull-request-builds:tekton-results-api-{{revision}}"
+    - name: dockerfile
+      value: images/api/Dockerfile
+  pipelineRef:
+    params:
+      - name: bundle
+        value: >-
+          quay.io/redhat-appstudio-tekton-catalog/pipeline-core-services-docker-build:latest
+      - name: name
+        value: docker-build
+      - name: kind
+        value: Pipeline
+    resolver: bundles
+  workspaces:
+    - name: workspace
+      volumeClaimTemplate:
+        spec:
+          accessModes:
+            - ReadWriteOnce
+          resources:
+            requests:
+              storage: 1Gi

.tekton/tekton-results-api-push.yaml

@@ -0,0 +1,40 @@
+---
+# Triggers Tekton Results api image build on push
+apiVersion: tekton.dev/v1beta1
+kind: PipelineRun
+metadata:
+  name: tekton-results-api-on-push
+  annotations:
+    pipelinesascode.tekton.dev/on-event: "[push]"
+    # Use downstream branch since we are using openshift-pipeline/tektoncd-results and not upstream
+    pipelinesascode.tekton.dev/on-target-branch: "[downstream-*]"
+    pipelinesascode.tekton.dev/max-keep-runs: "5"
+spec:
+  params:
+    - name: git-url
+      value: "{{repo_url}}"
+    - name: revision
+      value: "{{revision}}"
+    - name: output-image
+      value: "quay.io/konflux-ci/tekton-results-api:{{revision}}"
+    - name: dockerfile
+      value: images/api/Dockerfile
+  pipelineRef:
+    params:
+      - name: bundle
+        value: >-
+          quay.io/redhat-appstudio-tekton-catalog/pipeline-core-services-docker-build:latest
+      - name: name
+        value: docker-build
+      - name: kind
+        value: Pipeline
+    resolver: bundles
+  workspaces:
+    - name: workspace
+      volumeClaimTemplate:
+        spec:
+          accessModes:
+            - ReadWriteOnce
+          resources:
+            requests:
+              storage: 1Gi

.tekton/tekton-results-retention-policy-agent-pull-request.yaml

@@ -0,0 +1,40 @@
+---
+# Triggers Tekton Results retention-policy-agent image build on pull request
+apiVersion: tekton.dev/v1beta1
+kind: PipelineRun
+metadata:
+  name: tekton-results-retention-policy-agent-on-pull-request
+  annotations:
+    pipelinesascode.tekton.dev/on-event: "[pull_request]"
+    # Use downstream branch since we are using openshift-pipeline/tektoncd-results and not upstream
+    pipelinesascode.tekton.dev/on-target-branch: "[downstream-*]"
+    pipelinesascode.tekton.dev/max-keep-runs: "5"
+spec:
+  params:
+    - name: git-url
+      value: "{{repo_url}}"
+    - name: revision
+      value: "{{revision}}"
+    - name: output-image
+      value: "quay.io/konflux-ci/pull-request-builds:tekton-results-retention-policy-agent-{{revision}}"
+    - name: dockerfile
+      value: images/retention-policy-agent/Dockerfile
+  pipelineRef:
+    params:
+      - name: bundle
+        value: >-
+          quay.io/redhat-appstudio-tekton-catalog/pipeline-core-services-docker-build:latest
+      - name: name
+        value: docker-build
+      - name: kind
+        value: Pipeline
+    resolver: bundles
+  workspaces:
+    - name: workspace
+      volumeClaimTemplate:
+        spec:
+          accessModes:
+            - ReadWriteOnce
+          resources:
+            requests:
+              storage: 1Gi

.tekton/tekton-results-retention-policy-agent-push.yaml

@@ -0,0 +1,40 @@
+---
+# Triggers Tekton Results retention-policy-agent image build on push
+apiVersion: tekton.dev/v1beta1
+kind: PipelineRun
+metadata:
+  name: tekton-results-retention-policy-agent-on-push
+  annotations:
+    pipelinesascode.tekton.dev/on-event: "[push]"
+    # Use downstream branch since we are using openshift-pipeline/tektoncd-results and not upstream
+    pipelinesascode.tekton.dev/on-target-branch: "[downstream-*]"
+    pipelinesascode.tekton.dev/max-keep-runs: "5"
+spec:
+  params:
+    - name: git-url
+      value: "{{repo_url}}"
+    - name: revision
+      value: "{{revision}}"
+    - name: output-image
+      value: "quay.io/konflux-ci/tekton-results-retention-policy-agent:{{revision}}"
+    - name: dockerfile
+      value: images/retention-policy-agent/Dockerfile
+  pipelineRef:
+    params:
+      - name: bundle
+        value: >-
+          quay.io/redhat-appstudio-tekton-catalog/pipeline-core-services-docker-build:latest
+      - name: name
+        value: docker-build
+      - name: kind
+        value: Pipeline
+    resolver: bundles
+  workspaces:
+    - name: workspace
+      volumeClaimTemplate:
+        spec:
+          accessModes:
+            - ReadWriteOnce
+          resources:
+            requests:
+              storage: 1Gi

.tekton/tekton-results-update-pipeline-service.yaml.save

@@ -0,0 +1,45 @@
+---
+apiVersion: tekton.dev/v1beta1
+kind: PipelineRun
+metadata:
+  name: tekton-results-update-pipeline-service
+  annotations:
+    pipelinesascode.tekton.dev/on-event: "[push]"
+    # Use downstream branch since we are using openshift-pipeline/tektoncd-results and not upstream
+    pipelinesascode.tekton.dev/on-target-branch: "[downstream-*]"
+    pipelinesascode.tekton.dev/max-keep-runs: "5"
+spec:
+  params:
+    - name: git-url
+      value: "{{ repo_url }}"
+    - name: revision
+      value: "{{ revision }}"
+    - name: infra-deployment-update-script
+      value: |
+        sed -i -E 's/[0-9a-f]{40}/{{ revision }}/g' operator/gitops/argocd/pipeline-service/tekton-results/kustomization.yaml
+  pipelineSpec:
+    params:
+      - description: 'Source Repository URL'
+        name: git-url
+        type: string
+      - description: 'Revision of the Source Repository'
+        name: revision
+        type: string
+      - default: ""
+        name: infra-deployment-update-script
+    tasks:
+      - name: update-infra-repo
+        params:
+          - name: ORIGIN_REPO
+            value: $(params.git-url)
+          - name: REVISION
+            value: $(params.revision)
+          - name: SCRIPT
+            value: $(params.infra-deployment-update-script)
+          - name: TARGET_GH_REPO
+            value: openshift-pipelines/pipeline-service
+          - name: GITHUB_APP_INSTALLATION_ID
+            value: "35628851"
+        taskRef:
+          bundle: quay.io/redhat-appstudio-tekton-catalog/task-update-infra-deployments:0.1
+          name: update-infra-deployments

.tekton/tekton-results-watcher-pull-request.yaml

@@ -0,0 +1,40 @@
+---
+# Triggers Tekton Results watcher image build on pull request
+apiVersion: tekton.dev/v1beta1
+kind: PipelineRun
+metadata:
+  name: tekton-results-watcher-on-pull-request
+  annotations:
+    pipelinesascode.tekton.dev/on-event: "[pull_request]"
+    # Use downstream branch since we are using openshift-pipeline/tektoncd-results and not upstream
+    pipelinesascode.tekton.dev/on-target-branch: "[downstream-*]"
+    pipelinesascode.tekton.dev/max-keep-runs: "5"
+spec:
+  params:
+    - name: git-url
+      value: "{{repo_url}}"
+    - name: revision
+      value: "{{revision}}"
+    - name: output-image
+      value: "quay.io/konflux-ci/pull-request-builds:tekton-results-watcher-{{revision}}"
+    - name: dockerfile
+      value: images/watcher/Dockerfile
+  pipelineRef:
+    params:
+      - name: bundle
+        value: >-
+          quay.io/redhat-appstudio-tekton-catalog/pipeline-core-services-docker-build:latest
+      - name: name
+        value: docker-build
+      - name: kind
+        value: Pipeline
+    resolver: bundles
+  workspaces:
+    - name: workspace
+      volumeClaimTemplate:
+        spec:
+          accessModes:
+            - ReadWriteOnce
+          resources:
+            requests:
+              storage: 1Gi

.tekton/tekton-results-watcher-push.yaml

@@ -0,0 +1,40 @@
+---
+# Triggers Tekton Results watcher image build on push
+apiVersion: tekton.dev/v1beta1
+kind: PipelineRun
+metadata:
+  name: tekton-results-watcher-on-push
+  annotations:
+    pipelinesascode.tekton.dev/on-event: "[push]"
+    # Use downstream branch since we are using openshift-pipeline/tektoncd-results and not upstream
+    pipelinesascode.tekton.dev/on-target-branch: "[downstream-*]"
+    pipelinesascode.tekton.dev/max-keep-runs: "5"
+spec:
+  params:
+    - name: git-url
+      value: "{{repo_url}}"
+    - name: revision
+      value: "{{revision}}"
+    - name: output-image
+      value: "quay.io/konflux-ci/tekton-results-watcher:{{revision}}"
+    - name: dockerfile
+      value: images/watcher/Dockerfile
+  pipelineRef:
+    params:
+      - name: bundle
+        value: >-
+          quay.io/redhat-appstudio-tekton-catalog/pipeline-core-services-docker-build:latest
+      - name: name
+        value: docker-build
+      - name: kind
+        value: Pipeline
+    resolver: bundles
+  workspaces:
+    - name: workspace
+      volumeClaimTemplate:
+        spec:
+          accessModes:
+            - ReadWriteOnce
+          resources:
+            requests:
+              storage: 1Gi

cmd/watcher/main.go

@@ -54,7 +54,8 @@ import (
 const (
 	// Service Account token path. See https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#accessing-the-api-from-a-pod
 	// This is a fixed path which does not contain a hard-coded secret or credential
-	podTokenPath = "/var/run/secrets/kubernetes.io/serviceaccount/token" //nolint:gosec
+	podTokenPath             = "/var/run/secrets/kubernetes.io/serviceaccount/token" //nolint:gosec
+	finalizerRequeueInterval = 10 * time.Second
 )
 
 var (
@@ -122,6 +123,7 @@ func main() {
 		DynamicReconcileTimeout:      dynamicReconcileTimeout,
 		StoreEvent:                   *storeEvent,
 		StoreDeadline:                storeDeadline,
+		FinalizerRequeueInterval:     finalizerRequeueInterval,
 		ForwardBuffer:                forwardBuffer,
 		LogsTimestamps:               *logsTimestamps,
 		SummaryLabels:                *summaryLabels,

config/base/migrator.yaml

@@ -0,0 +1,54 @@
+# Copyright 2023 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: api
+  namespace: tekton-pipelines
+spec:
+  template:
+    spec:
+      initContainers:
+        - name: migrator
+          image: ko://github.com/tektoncd/results/tools/migrator
+          env:
+            - name: DB_HOST
+              value: tekton-results-postgres-service.tekton-pipelines.svc.cluster.local
+            - name: DB_USER
+              valueFrom:
+                secretKeyRef:
+                  name: tekton-results-postgres
+                  key: POSTGRES_USER
+            - name: DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: tekton-results-postgres
+                  key: POSTGRES_PASSWORD
+            - name: DB_NAME
+              value: tekton-results
+          volumeMounts:
+            - name: config
+              mountPath: /etc/tekton/results
+              readOnly: true
+          securityContext:
+            seccompProfile:
+              type: RuntimeDefault
+            runAsNonRoot: true
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+              add:
+                - NET_BIND_SERVICE

config/base/watcher.yaml

@@ -56,6 +56,8 @@ spec:
               value: tekton-results-api-service.tekton-pipelines.svc.cluster.local:8080
             - name: AUTH_MODE
               value: token
+            - name: KUBERNETES_MIN_VERSION
+              value: "v1.28.0"
           ports:
             - name: metrics
               containerPort: 9090

docs/cli/tkn-results_pipelinerun.md

@@ -50,5 +50,6 @@ Examples:
 ### SEE ALSO
 
 * [tkn-results](tkn-results.md)	 - Tekton Results CLI
+* [tkn-results pipelinerun describe](tkn-results_pipelinerun_describe.md)	 - Describe a PipelineRun
 * [tkn-results pipelinerun list](tkn-results_pipelinerun_list.md)	 - List PipelineRuns in a namespace