📂 update OpenShift specific files

hack/openshift-pipelines.sh

@@ -0,0 +1,85 @@
+#!/usr/bin/env bash
+
+# Copyright 2022 The OpenShift Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+# source of tasks (in this case to the project root folder)
+source_path=$(dirname $(cd $(dirname $0) && pwd ))
+
+openshift_pipelines() {
+  echo "Installing Openshift Pipelines..."
+
+  PIPELINE_OPERATOR_DEFAULT_CHANNEL=$(oc get packagemanifests openshift-pipelines-operator-rh -n openshift-marketplace -o json | jq '.status.defaultChannel' | tr -d '"')
+  PIPELINE_OPERATOR_CHANNEL=${PIPELINE_OPERATOR_CHANNEL:-${PIPELINE_OPERATOR_DEFAULT_CHANNEL}}
+  PIPELINE_TARGET_VERSION=$(oc get packagemanifests openshift-pipelines-operator-rh -n openshift-marketplace -o json | CHANNEL=$PIPELINE_OPERATOR_CHANNEL jq '.status.channels[] | select(.name==env.CHANNEL) | .currentCSV')
+
+  echo Channel: $PIPELINE_OPERATOR_CHANNEL Target Version: $PIPELINE_TARGET_VERSION 
+
+  cat << EOF | oc apply -f -
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: openshift-pipelines-operator-rh
+  namespace: openshift-operators
+spec:
+  channel: $PIPELINE_OPERATOR_CHANNEL
+  name: openshift-pipelines-operator-rh
+  source: redhat-operators
+  sourceNamespace: openshift-marketplace
+EOF
+
+}
+
+wait_pipelines_ready() {
+  echo "Waiting for Openshift Pipeline to get ready..."
+  rc=1
+  set +e
+  for i in $(seq 5); do
+    oc wait subscription.operators.coreos.com/openshift-pipelines-operator-rh -n openshift-operators --for=jsonpath='{.status.state}'="AtLatestKnown" --timeout=60s && \
+        oc wait pod --for=condition=Ready --timeout=180s -n openshift-pipelines -l "app=tekton-pipelines-controller" && \
+        oc wait pod --for=condition=Ready --timeout=180s -n openshift-pipelines -l "app=tekton-pipelines-webhook" && \
+        rc=0 && break || (echo "Conditions are not matched. Retrying in 10 secs" && sleep 10)
+  done
+  set -e
+  if (( $rc )); then
+    echo "Installing Openshift pipelines has failed"
+    exit 1
+  fi
+}
+
+tekton_tasks() {
+  echo "Creating Pipeline tasks..."
+  oc apply -f ${source_path}/pkg/pipelines/resources/tekton/task/func-deploy/0.1/func-deploy.yaml
+  oc apply -f ${source_path}/pkg/pipelines/resources/tekton/task/func-s2i/0.1/func-s2i.yaml
+  oc apply -f ${source_path}/pkg/pipelines/resources/tekton/task/func-buildpacks/0.1/func-buildpacks.yaml
+}
+
+tasks_only=false
+if [[ $# -ge 1 && "$1" == "--tasks-only" ]]; then
+  tasks_only=true
+elif [[ $# -ge 1 ]]; then
+  echo "Unknown parameters, use '--tasks-only' to only install Tekton Tasks"
+fi
+
+if [ $tasks_only = false ] ; then
+  openshift_pipelines
+  wait_pipelines_ready
+fi
+tekton_tasks
+
+echo Done

openshift/patches/0001-tekton-tasks.patch

@@ -0,0 +1,54 @@
+diff --git a/pkg/pipelines/tekton/tasks.go b/pkg/pipelines/tekton/tasks.go
+index e9cb0c47..787150ca 100644
+--- a/pkg/pipelines/tekton/tasks.go
++++ b/pkg/pipelines/tekton/tasks.go
+@@ -4,6 +4,8 @@ import (
+ 	"fmt"
+
+ 	pplnv1beta1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1"
++
++	"knative.dev/func/pkg/openshift"
+ )
+
+ const (
+@@ -13,10 +15,16 @@ const (
+ )
+
+ func taskFetchSources() pplnv1beta1.PipelineTask {
++	var taskKind = pplnv1beta1.NamespacedTaskKind
++	if openshift.IsOpenShift() {
++		taskKind = pplnv1beta1.ClusterTaskKind
++	}
++
+ 	return pplnv1beta1.PipelineTask{
+ 		Name: taskNameFetchSources,
+ 		TaskRef: &pplnv1beta1.TaskRef{
+ 			Name: "git-clone",
++			Kind: taskKind,
+ 		},
+ 		Workspaces: []pplnv1beta1.WorkspacePipelineTaskBinding{{
+ 			Name:      "output",
+@@ -34,6 +42,7 @@ func taskBuildpacks(runAfter []string) pplnv1beta1.PipelineTask {
+ 		Name: taskNameBuild,
+ 		TaskRef: &pplnv1beta1.TaskRef{
+ 			Name: "func-buildpacks",
++			Kind: pplnv1beta1.ClusterTaskKind,
+ 		},
+ 		RunAfter: runAfter,
+ 		Workspaces: []pplnv1beta1.WorkspacePipelineTaskBinding{
+@@ -78,6 +87,7 @@ func taskS2iBuild(runAfter []string) pplnv1beta1.PipelineTask {
+ 		Name: taskNameBuild,
+ 		TaskRef: &pplnv1beta1.TaskRef{
+ 			Name: "func-s2i",
++			Kind: pplnv1beta1.ClusterTaskKind,
+ 		},
+ 		RunAfter: runAfter,
+ 		Workspaces: []pplnv1beta1.WorkspacePipelineTaskBinding{
+@@ -111,6 +121,7 @@ func taskDeploy(runAfter string, referenceImageFromPreviousTaskResults bool) ppl
+ 		Name: taskNameDeploy,
+ 		TaskRef: &pplnv1beta1.TaskRef{
+ 			Name: "func-deploy",
++			Kind: pplnv1beta1.ClusterTaskKind,
+ 		},
+ 		RunAfter: []string{runAfter},
+ 		Workspaces: []pplnv1beta1.WorkspacePipelineTaskBinding{{

openshift/patches/0002-default-build.patch

@@ -0,0 +1,13 @@
+diff --git a/pkg/builders/builders.go b/pkg/builders/builders.go
+index 3575a8d3..6539235b 100644
+--- a/pkg/builders/builders.go
++++ b/pkg/builders/builders.go
+@@ -15,7 +15,7 @@ import (
+ const (
+ 	Pack    = "pack"
+ 	S2I     = "s2i"
+-	Default = Pack
++	Default = S2I
+ )
+
+ // Known builder names with a pretty-printed string representation

openshift/patches/0003-quarkus-productized.patch

@@ -0,0 +1,102 @@
+diff --git a/templates/quarkus/cloudevents/pom.xml b/templates/quarkus/cloudevents/pom.xml
+index 58abbb0a..f71561e3 100644
+--- a/templates/quarkus/cloudevents/pom.xml
++++ b/templates/quarkus/cloudevents/pom.xml
+@@ -7,12 +7,12 @@
+   <version>1.0.0-SNAPSHOT</version>
+   <properties>
+     <compiler-plugin.version>3.8.1</compiler-plugin.version>
+-    <maven.compiler.release>11</maven.compiler.release>
++    <maven.compiler.release>17</maven.compiler.release>
+     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+     <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+     <quarkus.platform.artifact-id>quarkus-bom</quarkus.platform.artifact-id>
+-    <quarkus.platform.group-id>io.quarkus.platform</quarkus.platform.group-id>
+-    <quarkus.platform.version>3.2.0.Final</quarkus.platform.version>
++    <quarkus.platform.group-id>com.redhat.quarkus.platform</quarkus.platform.group-id>
++    <quarkus.platform.version>2.13.7.SP3-redhat-00003</quarkus.platform.version>
+     <skipITs>true</skipITs>
+     <surefire-plugin.version>3.0.0-M7</surefire-plugin.version>
+   </properties>
+@@ -51,6 +51,30 @@
+       <scope>test</scope>
+     </dependency>
+   </dependencies>
++  <repositories>
++    <repository>
++      <releases>
++        <enabled>true</enabled>
++      </releases>
++      <snapshots>
++        <enabled>false</enabled>
++      </snapshots>
++      <id>redhat</id>
++      <url>https://maven.repository.redhat.com/ga</url>
++    </repository>
++  </repositories>
++  <pluginRepositories>
++    <pluginRepository>
++      <releases>
++        <enabled>true</enabled>
++      </releases>
++      <snapshots>
++        <enabled>false</enabled>
++      </snapshots>
++      <id>redhat</id>
++      <url>https://maven.repository.redhat.com/ga</url>
++    </pluginRepository>
++  </pluginRepositories>
+   <build>
+     <plugins>
+       <plugin>
+diff --git a/templates/quarkus/http/pom.xml b/templates/quarkus/http/pom.xml
+index 58abbb0a..f71561e3 100644
+--- a/templates/quarkus/http/pom.xml
++++ b/templates/quarkus/http/pom.xml
+@@ -7,12 +7,12 @@
+   <version>1.0.0-SNAPSHOT</version>
+   <properties>
+     <compiler-plugin.version>3.8.1</compiler-plugin.version>
+-    <maven.compiler.release>11</maven.compiler.release>
++    <maven.compiler.release>17</maven.compiler.release>
+     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+     <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+     <quarkus.platform.artifact-id>quarkus-bom</quarkus.platform.artifact-id>
+-    <quarkus.platform.group-id>io.quarkus.platform</quarkus.platform.group-id>
+-    <quarkus.platform.version>3.2.0.Final</quarkus.platform.version>
++    <quarkus.platform.group-id>com.redhat.quarkus.platform</quarkus.platform.group-id>
++    <quarkus.platform.version>2.13.7.SP3-redhat-00003</quarkus.platform.version>
+     <skipITs>true</skipITs>
+     <surefire-plugin.version>3.0.0-M7</surefire-plugin.version>
+   </properties>
+@@ -51,6 +51,30 @@
+       <scope>test</scope>
+     </dependency>
+   </dependencies>
++  <repositories>
++    <repository>
++      <releases>
++        <enabled>true</enabled>
++      </releases>
++      <snapshots>
++        <enabled>false</enabled>
++      </snapshots>
++      <id>redhat</id>
++      <url>https://maven.repository.redhat.com/ga</url>
++    </repository>
++  </repositories>
++  <pluginRepositories>
++    <pluginRepository>
++      <releases>
++        <enabled>true</enabled>
++      </releases>
++      <snapshots>
++        <enabled>false</enabled>
++      </snapshots>
++      <id>redhat</id>
++      <url>https://maven.repository.redhat.com/ga</url>
++    </pluginRepository>
++  </pluginRepositories>
+   <build>
+     <plugins>
+       <plugin>

openshift/patches/0004-quarkus-java-version.patch

@@ -0,0 +1,11 @@
+diff --git a/templates/quarkus/manifest.yaml b/templates/quarkus/manifest.yaml
+index 48668216..57cda2a2 100644
+--- a/templates/quarkus/manifest.yaml
++++ b/templates/quarkus/manifest.yaml
+@@ -1,4 +1,6 @@
+ buildEnvs:
++  - name: BP_JVM_VERSION
++    value: "17"
+   - name: BP_NATIVE_IMAGE
+     value: "false"
+   - name: BP_MAVEN_BUILT_ARTIFACT

openshift/patches/0005-unset-ids.patch

@@ -0,0 +1,21 @@
+diff --git a/pkg/k8s/security_context.go b/pkg/k8s/security_context.go
+index 7d2fd569..956c7623 100644
+--- a/pkg/k8s/security_context.go
++++ b/pkg/k8s/security_context.go
+@@ -9,14 +9,8 @@ import (
+ var oneTwentyFour = semver.MustParse("1.24")
+
+ func defaultPodSecurityContext() *corev1.PodSecurityContext {
+-	// change ownership of the mounted volume to the first non-root user uid=1000
+-	runAsUser := int64(1000)
+-	runAsGroup := int64(1000)
+-	return &corev1.PodSecurityContext{
+-		RunAsUser:  &runAsUser,
+-		RunAsGroup: &runAsGroup,
+-		FSGroup:    &runAsGroup,
+-	}
++	// for OpenShift [u|g|fs] ids are set automatically
++	return nil
+ }
+
+ func defaultSecurityContext(client *kubernetes.Clientset) *corev1.SecurityContext {

openshift/patches/0006-tekton-pipelines.patch

@@ -0,0 +1,42 @@
+diff --git a/pkg/pipelines/resources/tekton/task/func-buildpacks/0.1/func-buildpacks.yaml b/pkg/pipelines/resources/tekton/task/func-buildpacks/0.1/func-buildpacks.yaml
+index ee227cf7..ac42d639 100644
+--- a/pkg/pipelines/resources/tekton/task/func-buildpacks/0.1/func-buildpacks.yaml
++++ b/pkg/pipelines/resources/tekton/task/func-buildpacks/0.1/func-buildpacks.yaml
+@@ -1,6 +1,6 @@
+ ---
+ apiVersion: tekton.dev/v1beta1
+-kind: Task
++kind: ClusterTask
+ metadata:
+   name: func-buildpacks
+   labels:
+diff --git a/pkg/pipelines/resources/tekton/task/func-deploy/0.1/func-deploy.yaml b/pkg/pipelines/resources/tekton/task/func-deploy/0.1/func-deploy.yaml
+index c58ff568..4658f04f 100644
+--- a/pkg/pipelines/resources/tekton/task/func-deploy/0.1/func-deploy.yaml
++++ b/pkg/pipelines/resources/tekton/task/func-deploy/0.1/func-deploy.yaml
+@@ -1,5 +1,5 @@
+ apiVersion: tekton.dev/v1beta1
+-kind: Task
++kind: ClusterTask
+ metadata:
+   name: func-deploy
+   labels:
+diff --git a/pkg/pipelines/resources/tekton/task/func-s2i/0.1/func-s2i.yaml b/pkg/pipelines/resources/tekton/task/func-s2i/0.1/func-s2i.yaml
+index bf90adfa..7f9fe8fc 100644
+--- a/pkg/pipelines/resources/tekton/task/func-s2i/0.1/func-s2i.yaml
++++ b/pkg/pipelines/resources/tekton/task/func-s2i/0.1/func-s2i.yaml
+@@ -1,5 +1,5 @@
+ apiVersion: tekton.dev/v1beta1
+-kind: Task
++kind: ClusterTask
+ metadata:
+   name: func-s2i
+   labels:
+@@ -26,6 +26,7 @@ spec:
+       description: Reference of the image S2I will produce.
+     - name: REGISTRY
+       description: The registry associated with the function image.
++      default: ""
+     - name: PATH_CONTEXT
+       description: The location of the path to run s2i from.
+       default: .

openshift/patches/0007-s2i-task-images.patch

@@ -0,0 +1,23 @@
+diff --git a/pkg/pipelines/resources/tekton/task/func-s2i/0.1/func-s2i.yaml b/pkg/pipelines/resources/tekton/task/func-s2i/0.1/func-s2i.yaml
+index 7bdf75df..22d17717 100644
+--- a/pkg/pipelines/resources/tekton/task/func-s2i/0.1/func-s2i.yaml
++++ b/pkg/pipelines/resources/tekton/task/func-s2i/0.1/func-s2i.yaml
+@@ -61,7 +61,7 @@ spec:
+       description: Digest of the image just built.
+   steps:
+     - name: generate
+-      image: quay.io/openshift-pipeline/s2i:nightly
++      image: registry.redhat.io/ocp-tools-4-tech-preview/source-to-image-rhel8@sha256:98d8cb3a255641ca6a1bce854e5e2460c20de9fb9b28e3cc67eb459f122873dd
+       workingDir: $(workspaces.source.path)
+       args: ["$(params.ENV_VARS[*])"]
+       script: |
+@@ -100,7 +100,7 @@ spec:
+         - mountPath: /env-vars
+           name: env-vars
+     - name: build
+-      image: quay.io/buildah/stable:v1.27.0
++      image: registry.redhat.io/rhel8/buildah@sha256:a1e5cc0fb334e333e5eab69689223e8bd1f0c060810d260603b26cf8c0da2023
+       workingDir: /gen-source
+       script: |
+         [[ "$(workspaces.sslcertdir.bound)" == "true" ]] && CERT_DIR_FLAG="--cert-dir $(workspaces.sslcertdir.path)"
+