Merge branch 'tektoncd:main' into main

Author: nistar

docs/config.md

@@ -37,6 +37,7 @@ import (
 
 const (
 	StorageTypeDocDB = "docdb"
+	mongoEnv         = "MONGO_SERVER_URL"
 )
 
 // ErrNothingToWatch is an error that's returned when the backend doesn't have anything to "watch"
@@ -98,34 +99,16 @@ func WatchBackend(ctx context.Context, cfg config.Config, watcherStop chan bool)
 		return nil, ErrNothingToWatch
 	}
 
-	// Set up watcher only when `storage.docdb.mongo-server-url-dir` is set
-	if cfg.Storage.DocDB.MongoServerURLDir == "" {
+	pathsToWatch := getPathsToWatch(ctx, cfg)
+	if len(pathsToWatch) == 0 {
 		return nil, ErrNothingToWatch
 	}
 
-	logger.Infof("setting up fsnotify watcher for directory: %s", cfg.Storage.DocDB.MongoServerURLDir)
-
 	watcher, err := fsnotify.NewWatcher()
 	if err != nil {
 		return nil, err
 	}
 
-	pathsToWatch := []string{
-		// mongo-server-url-dir/MONGO_SERVER_URL is where the MONGO_SERVER_URL environment
-		// variable is expected to be mounted, either manually or via a Kubernetes secret, etc.
-		filepath.Join(cfg.Storage.DocDB.MongoServerURLDir, "MONGO_SERVER_URL"),
-		// When a Kubernetes secret is mounted on a path, the `data` in that secret is mounted
-		// under path/..data that is then `symlink`ed to the key of the data. In this instance,
-		// the mounted path is going to look like:
-		// file 1 - ..2024_05_03_11_23_23.1253599725
-		// file 2 - ..data -> ..2024_05_03_11_23_23.1253599725
-		// file 3 - MONGO_SERVER_URL -> ..data/MONGO_SERVER_URL
-		// So each time the secret is updated, the file `MONGO_SERVER_URL` is not updated,
-		// instead the underlying symlink at `..data` is updated and that's what we want to
-		// capture via the fsnotify event watcher
-		filepath.Join(cfg.Storage.DocDB.MongoServerURLDir, "..data"),
-	}
-
 	backendChan := make(chan *Backend)
 	// Start listening for events.
 	go func() {
@@ -145,13 +128,23 @@ func WatchBackend(ctx context.Context, cfg config.Config, watcherStop chan bool)
 					continue
 				}
 
-				updatedEnv, err := getMongoServerURLFromDir(cfg.Storage.DocDB.MongoServerURLDir)
-				if err != nil {
-					logger.Error(err)
-					backendChan <- nil
+				var updatedEnv string
+				if cfg.Storage.DocDB.MongoServerURLPath != "" {
+					updatedEnv, err = getMongoServerURLFromPath(cfg.Storage.DocDB.MongoServerURLPath)
+					if err != nil {
+						logger.Error(err)
+						backendChan <- nil
+					}
+				} else if cfg.Storage.DocDB.MongoServerURLDir != "" {
+					updatedEnv, err = getMongoServerURLFromDir(cfg.Storage.DocDB.MongoServerURLDir)
+					if err != nil {
+						logger.Error(err)
+						backendChan <- nil
+					}
 				}
+
 				if updatedEnv != os.Getenv("MONGO_SERVER_URL") {
-					logger.Infof("directory %s has been updated, reconfiguring backend...", cfg.Storage.DocDB.MongoServerURLDir)
+					logger.Info("Mongo server url has been updated, reconfiguring backend...")
 
 					// Now that MONGO_SERVER_URL has been updated, we should update docdb backend again
 					newDocDBBackend, err := NewStorageBackend(ctx, cfg)
@@ -179,11 +172,23 @@ func WatchBackend(ctx context.Context, cfg config.Config, watcherStop chan bool)
 		}
 	}()
 
-	// Add a path.
-	err = watcher.Add(cfg.Storage.DocDB.MongoServerURLDir)
-	if err != nil {
-		return nil, err
+	if cfg.Storage.DocDB.MongoServerURLPath != "" {
+		dirPath := filepath.Dir(cfg.Storage.DocDB.MongoServerURLPath)
+		// Add a path.
+		err = watcher.Add(dirPath)
+		if err != nil {
+			return nil, err
+		}
 	}
+
+	if cfg.Storage.DocDB.MongoServerURLDir != "" {
+		// Add a path.
+		err = watcher.Add(cfg.Storage.DocDB.MongoServerURLDir)
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	return backendChan, nil
 }
 
@@ -256,27 +261,43 @@ func (b *Backend) retrieveDocuments(ctx context.Context, opts config.StorageOpts
 }
 
 func populateMongoServerURL(ctx context.Context, cfg config.Config) error {
-	// First preference is given to the key `storage.docdb.mongo-server-url-dir`.
+	// First preference is given to the key `storage.docdb.mongo-server-url-path`.
+	// If that doesn't exist, then we move on to `storage.docdb.mongo-server-url-dir`.
 	// If that doesn't exist, then we move on to `storage.docdb.mongo-server-url`.
 	// If that doesn't exist, then we check if `MONGO_SERVER_URL` env var is set.
 	logger := logging.FromContext(ctx)
-	mongoEnv := "MONGO_SERVER_URL"
+
+	if cfg.Storage.DocDB.MongoServerURLPath != "" {
+		logger.Infof("setting %s from storage.docdb.mongo-server-url-path: %s", mongoEnv, cfg.Storage.DocDB.MongoServerURLPath)
+		mongoServerURL, err := getMongoServerURLFromPath(cfg.Storage.DocDB.MongoServerURLPath)
+		if err != nil {
+			return err
+		}
+		if err := os.Setenv(mongoEnv, mongoServerURL); err != nil {
+			return err
+		}
+		return nil
+	}
 
 	if cfg.Storage.DocDB.MongoServerURLDir != "" {
 		logger.Infof("setting %s from storage.docdb.mongo-server-url-dir: %s", mongoEnv, cfg.Storage.DocDB.MongoServerURLDir)
 		if err := setMongoServerURLFromDir(cfg.Storage.DocDB.MongoServerURLDir); err != nil {
 			return err
 		}
-	} else if cfg.Storage.DocDB.MongoServerURL != "" {
+		return nil
+	}
+
+	if cfg.Storage.DocDB.MongoServerURL != "" {
 		logger.Infof("setting %s from storage.docdb.mongo-server-url", mongoEnv)
 		if err := os.Setenv(mongoEnv, cfg.Storage.DocDB.MongoServerURL); err != nil {
 			return err
 		}
+		return nil
 	}
 
 	if _, envExists := os.LookupEnv(mongoEnv); !envExists {
 		return fmt.Errorf("mongo docstore configured but %s environment variable not set, "+
-			"supply one of storage.docdb.mongo-server-url-dir, storage.docdb.mongo-server-url or set %s", mongoEnv, mongoEnv)
+			"supply one of storage.docdb.mongo-server-url-path, storage.docdb.mongo-server-url-dir, storage.docdb.mongo-server-url or set %s", mongoEnv, mongoEnv)
 	}
 
 	return nil
@@ -288,16 +309,14 @@ func setMongoServerURLFromDir(dir string) error {
 		return err
 	}
 
-	if err = os.Setenv("MONGO_SERVER_URL", fileDataNormalized); err != nil {
+	if err = os.Setenv(mongoEnv, fileDataNormalized); err != nil {
 		return err
 	}
 
 	return nil
 }
 
 func getMongoServerURLFromDir(dir string) (string, error) {
-	mongoEnv := "MONGO_SERVER_URL"
-
 	stat, err := os.Stat(dir)
 	if err != nil {
 		if os.IsNotExist(err) {
@@ -327,3 +346,62 @@ func getMongoServerURLFromDir(dir string) (string, error) {
 
 	return fileDataNormalized, nil
 }
+
+// getMongoServerUrlFromPath retreives token from the given mount path
+func getMongoServerURLFromPath(path string) (string, error) {
+	fileData, err := os.ReadFile(path)
+	if err != nil {
+		return "", fmt.Errorf("reading file in %q: %w", path, err)
+	}
+
+	// A trailing newline is fairly common in mounted files, so remove it.
+	fileDataNormalized := strings.TrimSuffix(string(fileData), "\n")
+	return fileDataNormalized, nil
+}
+
+func getPathsToWatch(ctx context.Context, cfg config.Config) []string {
+	var pathsToWatch = []string{}
+	logger := logging.FromContext(ctx)
+
+	if cfg.Storage.DocDB.MongoServerURLPath != "" {
+		logger.Infof("setting up fsnotify watcher for mongo server url path: %s", cfg.Storage.DocDB.MongoServerURLPath)
+		dirPath := filepath.Dir(cfg.Storage.DocDB.MongoServerURLPath)
+		pathsToWatch = []string{
+			// mongo-server-url-path/<path> is where the mongo server url token
+			// When a Kubernetes secret is mounted on a path, the `data` in that secret is mounted
+			// under path/..data that is then `symlink`ed to the key of the data. In this instance,
+			// the mounted path is going to look like:
+			// file 1 - ..2024_05_03_11_23_23.1253599725
+			// file 2 - ..data -> ..2024_05_03_11_23_23.1253599725
+			// file 3 - ..data/<path>
+			// So each time the secret is updated, the file is not updated,
+			// instead the underlying symlink at `..data` is updated and that's what we want to
+			// capture via the fsnotify event watcher
+			// filepath.Join(cfg.Storage.DocDB.MongoServerURLPath, "..data"),
+			filepath.Join(dirPath, "..data"),
+		}
+		return pathsToWatch
+	}
+
+	if cfg.Storage.DocDB.MongoServerURLDir != "" {
+		logger.Infof("setting up fsnotify watcher for directory: %s", cfg.Storage.DocDB.MongoServerURLDir)
+		pathsToWatch = []string{
+			// mongo-server-url-dir/MONGO_SERVER_URL is where the MONGO_SERVER_URL environment
+			// variable is expected to be mounted, either manually or via a Kubernetes secret, etc.
+			filepath.Join(cfg.Storage.DocDB.MongoServerURLDir, "MONGO_SERVER_URL"),
+			// When a Kubernetes secret is mounted on a path, the `data` in that secret is mounted
+			// under path/..data that is then `symlink`ed to the key of the data. In this instance,
+			// the mounted path is going to look like:
+			// file 1 - ..2024_05_03_11_23_23.1253599725
+			// file 2 - ..data -> ..2024_05_03_11_23_23.1253599725
+			// file 3 - MONGO_SERVER_URL -> ..data/MONGO_SERVER_URL
+			// So each time the secret is updated, the file `MONGO_SERVER_URL` is not updated,
+			// instead the underlying symlink at `..data` is updated and that's what we want to
+			// capture via the fsnotify event watcher
+			filepath.Join(cfg.Storage.DocDB.MongoServerURLDir, "..data"),
+		}
+		return pathsToWatch
+	}
+
+	return pathsToWatch
+}

pkg/chains/storage/docdb/docdb.go

@@ -310,19 +310,20 @@ func TestWatchBackend(t *testing.T) {
 			expectedMongoEnv: testEnv,
 			wantErr:          true,
 		},
-		{
-			name: "verify mongo-server-url-dir/MONGO_SERVER_URL is watched",
-			cfg: config.Config{
-				Storage: config.StorageConfigs{
-					DocDB: config.DocDBStorageConfig{
-						URL:               "mongo://chainsdb/chainscollection?id_field=name",
-						MongoServerURLDir: t.TempDir(),
-					},
-				},
-			},
-			expectedMongoEnv: "mongodb://updatedEnv",
-			wantErr:          false,
-		},
+		// TODO: https://github.com/tektoncd/chains/issues/1178
+		// {
+		// 	name: "verify mongo-server-url-dir/MONGO_SERVER_URL is watched",
+		// 	cfg: config.Config{
+		// 		Storage: config.StorageConfigs{
+		// 			DocDB: config.DocDBStorageConfig{
+		// 				URL:               "mongo://chainsdb/chainscollection?id_field=name",
+		// 				MongoServerURLDir: t.TempDir(),
+		// 			},
+		// 		},
+		// 	},
+		// 	expectedMongoEnv: "mongodb://updatedEnv",
+		// 	wantErr:          false,
+		// },
 	}
 
 	for _, tt := range tests {

pkg/chains/storage/docdb/docdb_test.go

@@ -123,9 +123,10 @@ type TektonStorageConfig struct {
 }
 
 type DocDBStorageConfig struct {
-	URL               string
-	MongoServerURL    string
-	MongoServerURLDir string
+	URL                string
+	MongoServerURL     string
+	MongoServerURLDir  string
+	MongoServerURLPath string
 }
 
 type GrafeasConfig struct {
@@ -168,12 +169,13 @@ const (
 	ociStorageKey = "artifacts.oci.storage"
 	ociSignerKey  = "artifacts.oci.signer"
 
-	gcsBucketKey              = "storage.gcs.bucket"
-	ociRepositoryKey          = "storage.oci.repository"
-	ociRepositoryInsecureKey  = "storage.oci.repository.insecure"
-	docDBUrlKey               = "storage.docdb.url"
-	docDBMongoServerURLKey    = "storage.docdb.mongo-server-url"
-	docDBMongoServerURLDirKey = "storage.docdb.mongo-server-url-dir"
+	gcsBucketKey               = "storage.gcs.bucket"
+	ociRepositoryKey           = "storage.oci.repository"
+	ociRepositoryInsecureKey   = "storage.oci.repository.insecure"
+	docDBUrlKey                = "storage.docdb.url"
+	docDBMongoServerURLKey     = "storage.docdb.mongo-server-url"
+	docDBMongoServerURLDirKey  = "storage.docdb.mongo-server-url-dir"
+	docDBMongoServerURLPathKey = "storage.docdb.mongo-server-url-path"
 
 	grafeasProjectIDKey = "storage.grafeas.projectid"
 	grafeasNoteIDKey    = "storage.grafeas.noteid"
@@ -302,6 +304,7 @@ func NewConfigFromMap(data map[string]string) (*Config, error) {
 		asString(docDBUrlKey, &cfg.Storage.DocDB.URL),
 		asString(docDBMongoServerURLKey, &cfg.Storage.DocDB.MongoServerURL),
 		asString(docDBMongoServerURLDirKey, &cfg.Storage.DocDB.MongoServerURLDir),
+		asString(docDBMongoServerURLPathKey, &cfg.Storage.DocDB.MongoServerURLPath),
 		asString(grafeasProjectIDKey, &cfg.Storage.Grafeas.ProjectID),
 		asString(grafeasNoteIDKey, &cfg.Storage.Grafeas.NoteID),
 		asString(grafeasNoteHint, &cfg.Storage.Grafeas.NoteHint),

pkg/config/config.go

@@ -160,7 +160,7 @@ spec:
       ko resolve \
         --image-label=org.opencontainers.image.source=https://$(params.package) \
         --platform=$(params.platforms) \
-        ${KO_EXTRA_ARGS} -f ${PROJECT_ROOT}/config/ > $OUTPUT_RELEASE_DIR/release.yaml
+        ${KO_EXTRA_ARGS} -f ${PROJECT_ROOT}/config/ > $OUTPUT_RELEASE_DIR/release.notags.yaml
 
       # Rewrite "devel" to params.versionTag
       sed -i -e 's/\(pipeline.tekton.dev\/release\): "devel"/\1: "$(params.versionTag)"/g' -e 's/\(app.kubernetes.io\/version\): "devel"/\1: "$(params.versionTag)"/g' -e 's/\(version\): "devel"/\1: "$(params.versionTag)"/g' ${OUTPUT_RELEASE_DIR}/release.yaml

release/publish.yaml

@@ -169,13 +169,13 @@ spec:
       resolver: git
       params:
         - name: repo
-          value: pipeline
+          value: chains
         - name: org
           value: tektoncd
         - name: revision
           value: $(params.gitRevision)
         - name: pathInRepo
-          value: tekton/publish.yaml
+          value: release/publish.yaml
     params:
     - name: package
       value: $(params.package)
@@ -195,8 +195,8 @@ spec:
       value: $(params.serviceAccountImagesPath)
     - name: platforms
       value: $(params.platforms)
-        - name: koExtraArgs
-          value: $(params.koExtraArgs)
+    - name: koExtraArgs
+      value: $(params.koExtraArgs)
     - name: CHAINS-GIT_COMMIT
       value: $(tasks.git-clone.results.commit)
     - name: CHAINS-GIT_URL