Add changes for onboarding PAC to Konflux

This PR integrates PAC into Konflux, an open-source,
cloud-native software factory that prioritizes software
supply chain security.By leveraging Konflux,
PAC can now be built and released with enhanced security
and consistency. Konflux ensures all images are
built hermetically, prefetching dependencies
in advance to eliminate runtime internet downloads.
Additionally, it enforces policy checks to verify
that all preconditions are satisfied,
reinforcing compliance and reliability during the build process.

Signed-off-by: savitaashture <[email protected]>

.konflux/README.md

@@ -0,0 +1,3 @@
+# konflux-ci manifests
+
+This folder contains [konflux-ci](https://konflux-ci.dev/) configuration that is synced with the konflux-ci cluster.

.konflux/dockerfiles/cli.Dockerfile

@@ -0,0 +1,33 @@
+ARG GO_BUILDER=brew.registry.redhat.io/rh-osbs/openshift-golang-builder:v1.22
+ARG RUNTIME=registry.access.redhat.com/ubi9/ubi-minimal:latest@sha256:c0e70387664f30cd9cf2795b547e4a9a51002c44a4a86aa9335ab030134bf392
+
+FROM $GO_BUILDER AS builder
+
+ARG TKN_PAC_VERSION=nightly
+WORKDIR /go/src/github.com/openshift-pipelines/pipelines-as-code
+COPY . .
+RUN set -e; for f in patches/*.patch; do echo ${f}; [[ -f ${f} ]] || continue; git apply ${f}; done
+ENV GODEBUG="http2server=0"
+RUN go build -mod=vendor -tags disable_gcp -v  \
+    -ldflags "-X github.com/openshift-pipelines/pipelines-as-code/pkg/params/version.Version=${TKN_PAC_VERSION}" \
+    -o /tmp/tkn-pac ./cmd/tkn-pac
+
+FROM $RUNTIME
+ARG VERSION=pipelines-as-code-cli-main
+
+COPY --from=builder /tmp/tkn-pac /usr/bin
+
+LABEL \
+      com.redhat.component="openshift-pipelines-cli-tkn-pac-container" \
+      name="openshift-pipelines/pipelines-cli-tkn-pac-rhel8" \
+      version=$VERSION \
+      summary="Red Hat OpenShift pipelines tkn pac CLI" \
+      maintainer="[email protected]" \
+      description="CLI client 'tkn-pac' for managing openshift pipelines" \
+      io.k8s.display-name="Red Hat OpenShift Pipelines tkn pac CLI" \
+      io.k8s.description="Red Hat OpenShift Pipelines tkn pac CLI" \
+      io.openshift.tags="pipelines,tekton,openshift"
+
+RUN microdnf install -y shadow-utils
+RUN groupadd -r -g 65532 nonroot && useradd --no-log-init -r -u 65532 -g nonroot nonroot
+USER 65532

.konflux/dockerfiles/controller.Dockerfile

@@ -0,0 +1,38 @@
+ARG GO_BUILDER=brew.registry.redhat.io/rh-osbs/openshift-golang-builder:v1.22
+ARG RUNTIME=registry.access.redhat.com/ubi9/ubi-minimal:latest@sha256:c0e70387664f30cd9cf2795b547e4a9a51002c44a4a86aa9335ab030134bf392
+
+FROM $GO_BUILDER AS builder
+
+WORKDIR /go/src/github.com/openshift-pipelines/pipelines-as-code
+COPY . .
+RUN set -e; for f in patches/*.patch; do echo ${f}; [[ -f ${f} ]] || continue; git apply ${f}; done
+ENV GODEBUG="http2server=0"
+RUN git rev-parse HEAD > /tmp/HEAD
+RUN go build -ldflags="-s -w" -mod=vendor -tags disable_gcp -v -o /tmp/pipelines-as-code-controller \
+    ./cmd/pipelines-as-code-controller
+
+FROM $RUNTIME
+ARG VERSION=pipelines-as-code-controller-main
+
+ENV KO_APP=/ko-app \
+    KO_DATA_PATH=/kodata
+
+COPY --from=builder /tmp/pipelines-as-code-controller ${KO_APP}/pipelines-as-code-controller
+COPY --from=builder /tmp/HEAD ${KO_DATA_PATH}/HEAD
+
+LABEL \
+      com.redhat.component="openshift-pipelines-pipelines-as-code-controller-container" \
+      name="openshift-pipelines/pipelines-pipelines-as-code-controller-rhel8" \
+      version=$VERSION \
+      summary="Red Hat OpenShift Pipelines Pipelines as Code Controller" \
+      maintainer="[email protected]" \
+      description="Red Hat OpenShift Pipelines Pipelines as Code Controller" \
+      io.k8s.display-name="Red Hat OpenShift Pipelines Pipelines as Code Controller" \
+      io.k8s.description="Red Hat OpenShift Pipelines Pipelines as Code Controller" \
+      io.openshift.tags="pipelines,tekton,openshift"
+
+RUN microdnf install -y shadow-utils
+RUN groupadd -r -g 65532 nonroot && useradd --no-log-init -r -u 65532 -g nonroot nonroot
+USER 65532
+
+ENTRYPOINT ["/ko-app/pipelines-as-code-controller"]

.konflux/dockerfiles/watcher.Dockerfile

@@ -0,0 +1,38 @@
+ARG GO_BUILDER=brew.registry.redhat.io/rh-osbs/openshift-golang-builder:v1.22
+ARG RUNTIME=registry.access.redhat.com/ubi9/ubi-minimal:latest@sha256:c0e70387664f30cd9cf2795b547e4a9a51002c44a4a86aa9335ab030134bf392
+
+FROM $GO_BUILDER AS builder
+
+WORKDIR /go/src/github.com/openshift-pipelines/pipelines-as-code
+COPY . .
+RUN set -e; for f in patches/*.patch; do echo ${f}; [[ -f ${f} ]] || continue; git apply ${f}; done
+ENV GODEBUG="http2server=0"
+RUN git rev-parse HEAD > /tmp/HEAD
+RUN go build -ldflags="-s -w" -mod=vendor -tags disable_gcp -v -o /tmp/pipelines-as-code-watcher \
+    ./cmd/pipelines-as-code-watcher
+
+FROM $RUNTIME
+ARG VERSION=pipelines-as-code-watcher-main
+
+ENV KO_APP=/ko-app \
+    KO_DATA_PATH=/kodata
+
+COPY --from=builder /tmp/pipelines-as-code-watcher ${KO_APP}/pipelines-as-code-watcher
+COPY --from=builder /tmp/HEAD ${KO_DATA_PATH}/HEAD
+
+LABEL \
+      com.redhat.component="openshift-pipelines-pipelines-as-code-watcher-container" \
+      name="openshift-pipelines/pipelines-as-code-watcher-rhel8" \
+      version=$VERSION \
+      summary="Red Hat OpenShift Pipelines Pipelines as Code Watcher" \
+      maintainer="[email protected]" \
+      description="Red Hat OpenShift Pipelines Pipelines as Code Watcher" \
+      io.k8s.display-name="Red Hat OpenShift Pipelines Pipelines as Code Watcher" \
+      io.k8s.description="Red Hat OpenShift Pipelines Pipelines as Code Watcher" \
+      io.openshift.tags="pipelines,tekton,openshift"
+
+RUN microdnf install -y shadow-utils
+RUN groupadd -r -g 65532 nonroot && useradd --no-log-init -r -u 65532 -g nonroot nonroot
+USER 65532
+
+ENTRYPOINT ["/ko-app/pipelines-as-code-watcher"]

.konflux/dockerfiles/webhook.Dockerfile

@@ -0,0 +1,38 @@
+ARG GO_BUILDER=brew.registry.redhat.io/rh-osbs/openshift-golang-builder:v1.22
+ARG RUNTIME=registry.access.redhat.com/ubi9/ubi-minimal:latest@sha256:c0e70387664f30cd9cf2795b547e4a9a51002c44a4a86aa9335ab030134bf392
+
+FROM $GO_BUILDER AS builder
+
+WORKDIR /go/src/github.com/openshift-pipelines/pipelines-as-code
+COPY . .
+RUN set -e; for f in patches/*.patch; do echo ${f}; [[ -f ${f} ]] || continue; git apply ${f}; done
+ENV GODEBUG="http2server=0"
+RUN git rev-parse HEAD > /tmp/HEAD
+RUN go build -ldflags="-s -w" -mod=vendor -tags disable_gcp -v -o /tmp/pipelines-as-code-webhook \
+    ./cmd/pipelines-as-code-webhook
+
+FROM $RUNTIME
+ARG VERSION=pipelines-as-code-webhook-main
+
+ENV KO_APP=/ko-app \
+    KO_DATA_PATH=/kodata
+
+COPY --from=builder /tmp/pipelines-as-code-webhook ${KO_APP}/pipelines-as-code-webhook
+COPY --from=builder /tmp/HEAD ${KO_DATA_PATH}/HEAD
+
+LABEL \
+      com.redhat.component="openshift-pipelines-pipelines-as-code-webhook-container" \
+      name="openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel8" \
+      version=$VERSION \
+      summary="Red Hat OpenShift Pipelines Pipelines as Code Webhook" \
+      maintainer="[email protected]" \
+      description="Red Hat OpenShift Pipelines Pipelines as Code Webhook" \
+      io.k8s.display-name="Red Hat OpenShift Pipelines Pipelines as Code Webhook" \
+      io.k8s.description="Red Hat OpenShift Pipelines Pipelines as Code Webhook" \
+      io.openshift.tags="pipelines,tekton,openshift"
+
+RUN microdnf install -y shadow-utils
+RUN groupadd -r -g 65532 nonroot && useradd --no-log-init -r -u 65532 -g nonroot nonroot
+USER 65532
+
+ENTRYPOINT ["/ko-app/pipelines-as-code-webhook"]

.konflux/rpms/rpms.in.yaml

@@ -0,0 +1,10 @@
+contentOrigin:
+  repofiles:
+    - ./ubi.repo
+packages: [shadow-utils]
+arches:
+  # The list of architectures
+  - aarch64
+  - x86_64
+  - ppc64le
+  - s390x