ci: install Tekton and PAC in cluster by default (#2896)

* ci: install Tekton and PAC in cluster by default * add PAC and Tekton to hack script versions * fix tekton affinity workaround
2025-06-30 16:50:16 +09:00 · 2025-06-30 16:50:16 +09:00 · 69bdcbbecd
parent ec66c1a496
commit 69bdcbbecd
13 changed files with 114 additions and 164 deletions
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@ -171,8 +171,6 @@ jobs:
          echo "------------------ finished! attempt $attempt ------------------"
      - name: Setup testing images
        run: ./hack/setup-testing-images.sh
      - name: Deploy Tekton
        run: ./hack/install-tekton.sh
      - name: Deploy Test Git Server
        run: ./hack/install-git-server.sh
      - name: E2E On Cluster Test
--- a/.github/workflows/test-e2e-oncluster-runtime.yaml
+++ b/.github/workflows/test-e2e-oncluster-runtime.yaml
@ -42,8 +42,6 @@ jobs:
          echo "------------------ finished! attempt $attempt ------------------"
      - name: Setup testing images
        run: ./hack/setup-testing-images.sh
      - name: Deploy Tekton
        run: ./hack/install-tekton.sh
      - name: Deploy Test Git Server
        run: ./hack/install-git-server.sh
      - name: E2E On Cluster Test (Runtimes)
--- a/.github/workflows/test-e2e-oncluster.yaml
+++ b/.github/workflows/test-e2e-oncluster.yaml
@ -40,8 +40,6 @@ jobs:
          echo "------------------ finished! attempt $attempt ------------------"
      - name: Setup testing images
        run: ./hack/setup-testing-images.sh
      - name: Deploy Tekton
        run: ./hack/install-tekton.sh
      - name: Deploy Test Git Server
        run: ./hack/install-git-server.sh
      - name: E2E On Cluster Test
--- a/.github/workflows/test-integration.yaml
+++ b/.github/workflows/test-integration.yaml
@ -52,10 +52,6 @@ jobs:
        run: ./hack/registry.sh
      - name: Setup testing images
        run: ./hack/setup-testing-images.sh
      - name: Install Tekton
        run: ./hack/install-tekton.sh
      - name: Install Pipelines as Code
        run: ./hack/install-pac.sh
      - name: Install Gitlab
        run: ./hack/install-gitlab.sh
      - name: Patch Hosts
--- a/docs/building-functions/on_cluster_build.md
+++ b/docs/building-functions/on_cluster_build.md
@ -3,7 +3,11 @@
 This guide describes how you can build a Function on Cluster with Tekton Pipelines. The on cluster build is enabled by fetching Function source code from a remote Git repository. Buildpacks or S2I builder strategy can be used to build the Function image.
 ## Prerequisite
-1. Install Tekton Pipelines on the cluster. Please refer to [Tekton Pipelines documentation](https://github.com/tektoncd/pipeline/blob/main/docs/install.md) or run the following command:
+1. Install Tekton Pipelines on the cluster.
   **Note:** If you're using `./hack/allocate.sh` for development/testing, Tekton and PAC are automatically installed.
   For production environments, please refer to [Tekton Pipelines documentation](https://github.com/tektoncd/pipeline/blob/main/docs/install.md) or run the following command:
 ```bash
 kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.49.0/release.yaml
 ```
--- a/hack/allocate.sh
+++ b/hack/allocate.sh
@ -37,12 +37,14 @@ main() {
  echo "evt:  Eventing and Namespace"
  echo "reg:  Local Registry"
  echo "dpr:  Dapr Runtime"
  echo "tkt:  Tekton Pipelines"
  echo ""
  ( set -o pipefail; (serving && dns && networking) 2>&1 | sed  -e 's/^/svr /')&
  ( set -o pipefail; (eventing && namespace) 2>&1 | sed  -e 's/^/evt /')&
  ( set -o pipefail; registry 2>&1 | sed  -e 's/^/reg /') &
  ( set -o pipefail; dapr_runtime 2>&1 | sed  -e 's/^/dpr /')&
  ( set -o pipefail; (tekton && pac) 2>&1 | sed  -e 's/^/tkt /')&
  local job
  for job in $(jobs -p); do
@ -368,6 +370,70 @@ EOF
  echo "${green}✅ Dapr Runtime${reset}"
 }
 tekton() {
  echo "${blue}Installing Tekton ${tekton_version} ${reset}"
  tekton_release="previous/${tekton_version}"
  namespace="${NAMESPACE:-default}"
  $KUBECTL apply -f "https://storage.googleapis.com/tekton-releases/pipeline/${tekton_release}/release.yaml"
  sleep 10
  $KUBECTL wait pod --for=condition=Ready --timeout=180s -n tekton-pipelines -l "app=tekton-pipelines-controller"
  $KUBECTL wait pod --for=condition=Ready --timeout=180s -n tekton-pipelines -l "app=tekton-pipelines-webhook"
  sleep 10
  $KUBECTL create clusterrolebinding "${namespace}:knative-serving-namespaced-admin" --clusterrole=knative-serving-namespaced-admin --serviceaccount="${namespace}:default"
  # TEMPORARY WORKAROUND: Disable affinity assistant to prevent pod scheduling issues
  # This is a workaround for issues where affinity assistant pod names don't match
  # what's expected by task pods, causing them to fail scheduling.
  # Related issues:
  # - https://github.com/tektoncd/pipeline/issues/6740
  # - https://github.com/tektoncd/pipeline/issues/7503
  # TODO: Remove this workaround once the underlying Tekton issue is resolved
  echo "${blue}- Disabling affinity assistant (temporary workaround)${reset}"
  $KUBECTL patch configmap feature-flags -n tekton-pipelines \
    -p '{"data":{"disable-affinity-assistant":"true"}}' \
    --type=merge
  echo "${green}✅ Tekton${reset}"
 }
 pac() {
  echo "${blue}Installing PAC (Pipelines-as-Code) ${pac_version} ${reset}"
  local -r pac_ctr_host="${PAC_CONTROLLER_HOSTNAME:-pac-ctr.127.0.0.1.sslip.io}"
  # Install Pipelines as Code
  $KUBECTL apply -f "https://raw.githubusercontent.com/openshift-pipelines/pipelines-as-code/release-${pac_version}/release.k8s.yaml"
  sleep 5
  $KUBECTL wait pod --for=condition=Ready -l '!job-name' -n pipelines-as-code --timeout=5m
  # Install ingress for the PaC controller. This is used by VCS Webhooks.
  $KUBECTL apply -f - << EOF
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: pipelines-as-code
  namespace: pipelines-as-code
 spec:
  ingressClassName: contour-external
  rules:
  - host: ${pac_ctr_host}
    http:
      paths:
      - backend:
          service:
            name: pipelines-as-code-controller
            port:
              number: 8080
        pathType: Prefix
        path: /
 EOF
  echo "the Pipeline as Code controller is available at: http://${pac_ctr_host}"
  echo "${green}✅ PAC${reset}"
 }
 next_steps() {
  echo -e ""
  echo -e "${blue}Next Steps${reset}"
--- a/hack/cmd/update-knative-components/main.go
+++ b/hack/cmd/update-knative-components/main.go
@ -1,3 +1,23 @@
 // Package main implements a tool for automatically updating component
 // versions for use in the hack/* scripts.
 //
 // Files interacted with:
 //  1. The source-of-truth file at hack/component-versions.json
 //  2. Autogenerated script at hack/component-versions.sh
 //
 // Usage:
 //
 // Most of the time this file will be used in a workflow that will run
 // on scheduled basis checking if a new latest version of corresponding
 // components exists (check components in 'Versions' struct). Please note that
 // KindNode is NOT being updated programmatically at this time.
 // When new latest version is detected, the program will create a PR in
 // knative/func repository with the latest changes allowing the CI/CD workflows
 // to run automatically before using the latest in main branch.
 //
 // Alternative use: You can run this file from hack/ directory to locally
 // regenerate 2 files mentioned above (if you made some changes etc.) - you can
 // use the root Makefile for your convenience -- 'make regenerate-kn-components'
 package main
 import (
@ -14,31 +34,6 @@ import (
 	github "github.com/google/go-github/v68/github"
 )
 // -------------------------------------------------------------------------- \\
 // ---------------------------- File description ---------------------------- \\
 //
 // #update-knative-components/main.go -- This file takes care of updating
 // knative components programatically.
 //
 // Files interacted with:
 // 1) The source-of-truth file and its content can be found at
 // root/hack/component-versions.json
 // 2) autogenerated script in root/hack/component-versions.sh (2 directories up)
 //
 // How to use this file:
 // Most of the time this file will be used in a workflow that will run
 // on scheduled basis checking if a new latest version of corresponding
 // components exists (check components in 'Versions' struct). Please note that
 // KindNode is NOT being updated programatically at this time.
 // When new latest version is detected, the program will create a PR in
 // knative/func repository with the latest changes allowing the CI/CD workflows
 // to run automatically before using the latest in main branch.
 // Alternative use: You can run this file from hack/ directory to locally
 // regenerate 2 files mentioned above (if you made some changes etc.) - you can
 // use the root Makefile for your convenience -- 'make regenerate-kn-components'
 //
 // -------------------------------------------------------------------------- \\
 const (
 	fileScript string = "component-versions.sh"
 	fileJson   string = "component-versions.json"
@ -59,6 +54,8 @@ set_versions() {
 	knative_serving_version="{{.Serving}}"
 	knative_eventing_version="{{.Eventing}}"
 	contour_version="{{.Contour}}"
 	tekton_version="{{.Tekton}}"
 	pac_version="{{.Pac}}"
 }
 `
 )
@ -69,6 +66,8 @@ type Versions struct {
 	Serving  string
 	Eventing string
 	Contour  string
 	Tekton   string
 	Pac      string
 }
 func main() {
@ -367,7 +366,7 @@ func prExists(ctx context.Context, c *github.Client, title string) (bool, error)
 // -------------------------------------------------------------------------- \\
 // -------------------------------------------------------------------------- \\
-// This is used when running this file with 1st argument "generate".
+// This is used when running this file with 1st argument "local".
 // Regenerate written files (source (.json) & autogenerated .sh file)
 // Generally you wont use this, but in case you make local changes to the
 // files, you can simply regenerate them with this
--- a/hack/cmd/update-knative-components/main_test.go
+++ b/hack/cmd/update-knative-components/main_test.go
@ -25,6 +25,8 @@ set_versions() {
 	knative_serving_version="v1.2.3"
 	knative_eventing_version="v1.4.5"
 	contour_version="v1.4.6"
 	tekton_version="v0.56.4"
 	pac_version="v0.24.6"
 }
 `
@ -32,7 +34,9 @@ const expectedJson string = `{
 	"KindNode": "v1.30",
 	"Serving": "v1.2.3",
 	"Eventing": "v1.4.5",
-	"Contour": "v1.4.6"
+	"Contour": "v1.4.6",
 	"Tekton": "v0.56.4",
 	"Pac": "v0.24.6"
 }
 `
@ -44,7 +48,9 @@ func TestRead(t *testing.T) {
 	"Serving": "v1.14",
 	"Eventing": "v1.15",
 	"Contour": "v1.61",
-	"KindNode": "1.3456"
+	"KindNode": "1.3456",
 	"Tekton": "v0.50.0",
 	"Pac": "v0.20.0"
 }
 `
 	tmpJson := path.Join(dir, "json.json")
@ -72,6 +78,8 @@ func TestWrite(t *testing.T) {
 		Eventing: "v1.4.5",
 		Contour:  "v1.4.6",
 		KindNode: "v1.30",
 		Tekton:   "v0.56.4",
 		Pac:      "v0.24.6",
 	}
 	// write to script (generate it)
--- a/hack/component-versions.json
+++ b/hack/component-versions.json
@ -2,5 +2,7 @@
 	"KindNode": "v1.32.0@sha256:c48c62eac5da28cdadcf560d1d8616cfa6783b58f0d94cf63ad1bf49600cb027",
 	"Serving": "v1.18.1",
 	"Eventing": "v1.18.1",
-	"Contour": "v1.18.0"
+	"Contour": "v1.18.0",
 	"Tekton": "v0.56.4",
 	"Pac": "v0.24.6"
 }
--- a/hack/component-versions.sh
+++ b/hack/component-versions.sh
@ -14,4 +14,6 @@ set_versions() {
 	knative_serving_version="v1.18.1"
 	knative_eventing_version="v1.18.1"
 	contour_version="v1.18.0"
 	tekton_version="v0.56.4"
 	pac_version="v0.24.6"
 }
--- a/hack/install-pac.sh
+++ b/hack/install-pac.sh
@ -1,66 +0,0 @@
 #!/usr/bin/env bash
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
 # Installs the Pipelines-as-code controller
 #
 source "$(dirname "$(realpath "$0")")/common.sh"
 function install_pac() {
    echo "${blue}Installing the Pipelines-as-Code Controller${reset}"
    local -r pac_ctr_host="${PAC_CONTROLLER_HOSTNAME:-pac-ctr.127.0.0.1.sslip.io}"
    local -r pac_version="v0.24.6"
    # Install Pipelines as Code
    $KUBECTL apply -f "https://raw.githubusercontent.com/openshift-pipelines/pipelines-as-code/release-${pac_version}/release.k8s.yaml"
    sleep 5
    $KUBECTL wait pod --for=condition=Ready -l '!job-name' -n pipelines-as-code --timeout=5m
    # Install ingress for the PaC controller. This is used by VCS Webhooks.
    $KUBECTL apply -f - << EOF
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: pipelines-as-code
  namespace: pipelines-as-code
 spec:
  ingressClassName: contour-external
  rules:
  - host: ${pac_ctr_host}
    http:
      paths:
      - backend:
          service:
            name: pipelines-as-code-controller
            port:
              number: 8080
        pathType: Prefix
        path: /
 EOF
  echo "the Pipeline as Code controller is available at: http://${pac_ctr_host}"
  echo "${green}✅ PAC${reset}"
 }
 if [ "$0" = "${BASH_SOURCE[0]}" ]; then
  set -o errexit
  set -o nounset
  set -o pipefail
  function main() {
      install_pac
  }
  main "$@"
 fi
--- a/hack/install-tekton.sh
+++ b/hack/install-tekton.sh
@ -1,50 +0,0 @@
 #!/usr/bin/env bash
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
 # Install Tekton and required tasks in the cluster
 #
 source "$(dirname "$(realpath "$0")")/common.sh"
 install_tekton() {
  echo "${blue}Installing Tekton${reset}"
  tekton_release="previous/v0.56.4"
  namespace="${NAMESPACE:-default}"
  $KUBECTL apply -f "https://storage.googleapis.com/tekton-releases/pipeline/${tekton_release}/release.yaml"
  $KUBECTL patch cm/feature-flags -n tekton-pipelines --patch '{"data":{"disable-affinity-assistant":"true"}}'
  sleep 10
  $KUBECTL wait pod --for=condition=Ready --timeout=180s -n tekton-pipelines -l "app=tekton-pipelines-controller"
  $KUBECTL wait pod --for=condition=Ready --timeout=180s -n tekton-pipelines -l "app=tekton-pipelines-webhook"
  sleep 10
  $KUBECTL create clusterrolebinding "${namespace}:knative-serving-namespaced-admin" --clusterrole=knative-serving-namespaced-admin --serviceaccount="${namespace}:default"
  echo "${green}✅ Tekton${reset}"
 }
 # Invoke only when run directly
 # Be a library when sourced
 if [ "$0" = "${BASH_SOURCE[0]}" ]; then
  set -o errexit
  set -o nounset
  set -o pipefail
  function main() {
    install_tekton
  }
  main "$@"
 fi
--- a/test/README.md
+++ b/test/README.md
@ -27,12 +27,8 @@ a Kubernetes Cluster with the following deployed:
 - Tekton Tasks listed [here](../docs/reference/on_cluster_build.md)
 - Embedded Git Server (`func-git`) used by tests
-For your convenience you can run the following script to setup Tekton and required Tasks:
+When using `./hack/allocate.sh` to create a test cluster, Tekton and PAC (Pipelines-as-Code)
-```
+are automatically installed. You only need to install the Git Server:
 $ ./hack/install-tekton.sh
 ```
 To install the Git Server required by tests, run:
 ```
 $ ./hack/install-git-server.sh
 ```
@ -42,8 +38,7 @@ $ ./hack/install-git-server.sh
 The below instructions will run all the tests on KinD using an **ephemeral** container registry.
 ```
 # Pre-Reqs
-./hack/allocate.sh
+./hack/allocate.sh  # This automatically installs Tekton and PAC
 ./hack/install-tekton.sh
 ./hack/install-git-server.sh
 make build