29. Component Dependencies

Status

Accepted

Context

As an Konflux user, I want to be able to build and test multiple coupled components which depend on each other by digest reference. I want that process to be easy.

There are three use cases in scope for this document:

In theory any combination of the cases above could be present in an app. They could have one common parent image, many operand images that depend on that, and one or more operator bundles which depend on those.

Today, users work around how complicated it is to manage digests themselves by instead using floating tags, which have the benefit of being easy to use - no need to update - but have the problem of being unclear. It’s not exactly clear what you’re building against if you refer to it by tag. Potentially insecure. We want to make it easy for users to do better.

Decision

Interface changes

Declared Component Dependencies: Introduce a new field on the Component resource called build-nudges-ref that lets one Component declare its builds nudge references in another Component.

PR Groups: Introduce a new convention for PRs that lets one PR declare that it is related to another PR.

Important to understand: the declared dependencies as defined on the Components’ build-nudges-ref lists and PR Groups are two different things:

CEL expressions on Build Pipelines: Pipelines as Code(PaC) supports advanced event matching by way of a pipelinesascode.tekton.dev/on-cel-expression annotation on the PipelineRun. When used with the .pathChanged field, PaC can be directed to only create a PipelineRun for events which include changes to the declared context directory in the git repository. This enables us to only run PipelineRuns that are relevant to Components that change in a given push or pull request event. By default, this is “.”: the entire git repository.

See also RHTAP-371.

Integration-service and Component dependencies

Build-service and Component dependencies

The build-service will also update the PR it filed (PR#2) when it detects new PipelineRuns from the originating PRs (PR#1) that previously triggered build-service to create the PR#2, indicating that the originating PRs (PR#1) were merged or had new commits pushed to them. The build-service may need to update the description of PR#2 and/or it may rebase PR#2 on the main branch. Need to figure out what we want here.

Integration-service and PR Groups

Build-service and PR Groups

Applied to Use Cases

Let’s apply the architecture to some use cases, and see how it plays out:

Common Parent Image

Scenario: an application image depends on a common parent image. The user has 1 Application, and 2 Components. One of them is the parent image. The other is a child image which uses the parent image in its FROM line.

Think about branches:

OLM Operators, with components in different repos

Scenario: the user has 5 components. One of them is a “bundle” image. It contains references to the other four images by digest. None of the images are in the same repo.

Think about branches:


OLM Operators, with components in the same repo

Another OLM Operator Scenario: an operator git repo contains both the controller code and the bundle metadata.

Think about branches:

Miscellany

Consequences