feat: Add PipelineRun support to BuildRun reconciler

This commit introduces PipelineRun support to the BuildRun
reconciler, enabling Shipwright to use Tekton PipelineRuns as an alternative
to TaskRuns for build execution.

Key changes:
- Add pipelinerun_runner.go with TektonPipelineRunWrapper implementation
  that wraps Tekton PipelineRuns and injects TaskRun specs into PipelineRun
  structures.
- Implement ImageBuildRunner and ImageBuildRunnerFactory interfaces for
  PipelineRun support.
- Add reconciliation logic for PipelineRun status updates, including
  condition handling and failure detection
- Add UpdateBuildRunUsingPipelineRunCondition function to update BuildRun
  status based on PipelineRun conditions (timeout, cancellation, success,
  failure)
- Refactor volume checking to use GetUnderlyingTaskRun() method for both
  TaskRun and PipelineRun executors, eliminating the need for separate
  volume checking methods
- Add RunnerFactories map to support configurable executor selection
  between TaskRun and PipelineRun implementations
- Update error handling in CreateImageBuildRunner
- Add UpdateImageBuildRunFromExecutor to handle updating Buildrun based on
  used executor (pipelinerun or taskrun)

The implementation maintains backward compatibility.

Signed-off-by: Hasan Awad <[email protected]>

Author: hasanawad94

.github/workflows/ci.yml

@@ -150,6 +150,9 @@ jobs:
           export IMAGE_PROCESSING_CONTAINER_IMAGE="$(KO_DOCKER_REPO=kind.local ko publish ./cmd/image-processing)"
 
           make test-integration
+      - name: Test-PipelineRun
+        run: |
+          BUILDRUN_EXECUTOR=PipelineRun ginkgo --focus-file="buildruns_to_pipelineruns_test.go" -v test/integration/...
 
   e2e:
     strategy:
@@ -240,6 +243,33 @@ jobs:
           export TEST_E2E_FLAGS="-r --procs 8 --randomize-all --timeout=1h --trace --vv"
           export TEST_E2E_TIMEOUT_MULTIPLIER=2
           make test-e2e
+      - name: Test-PipelineRun
+        run: |
+          export TEST_NAMESPACE=shp-e2e
+          export TEST_IMAGE_REPO=registry.registry.svc.cluster.local:32222/shipwright-io/build-e2e
+          export TEST_IMAGE_REPO_INSECURE=true
+          export TEST_E2E_TIMEOUT_MULTIPLIER=1
+          kubectl patch deployment shipwright-build-controller -n shipwright-build --type='json' -p='[
+            {
+              "op": "add",
+              "path": "/spec/template/spec/containers/0/env/-",
+              "value": {
+                "name": "BUILDRUN_EXECUTOR",
+                "value": "PipelineRun"
+              }
+            }
+          ]'
+          # Wait for the rollout to complete
+          kubectl rollout restart deployment shipwright-build-controller -n shipwright-build
+          kubectl rollout status deployment shipwright-build-controller -n shipwright-build
+          
+          # Run PipelineRun tests
+          TEST_CONTROLLER_NAMESPACE=${TEST_NAMESPACE} \
+          TEST_WATCH_NAMESPACE=${TEST_NAMESPACE} \
+          TEST_E2E_SERVICEACCOUNT_NAME=pipeline \
+          TEST_E2E_TIMEOUT_MULTIPLIER=${TEST_E2E_TIMEOUT_MULTIPLIER} \
+          TEST_E2E_VERIFY_TEKTONOBJECTS=true \
+          ginkgo --focus="PipelineRun E2E Tests" --procs 8 --timeout=1h --vv test/e2e/v1beta1/
       - name: Build controller logs
         if: ${{ failure() }}
         run: |

Makefile

@@ -213,6 +213,7 @@ test-integration: install-apis ginkgo
 		--randomize-all \
 		--randomize-suites \
 		--fail-on-pending \
+		--skip-file=buildruns_to_pipelineruns_test.go \
 		-trace \
 		test/integration/...
 
@@ -226,7 +227,7 @@ test-e2e-plain: ginkgo
 	TEST_E2E_SERVICEACCOUNT_NAME=${TEST_E2E_SERVICEACCOUNT_NAME} \
 	TEST_E2E_TIMEOUT_MULTIPLIER=${TEST_E2E_TIMEOUT_MULTIPLIER} \
 	TEST_E2E_VERIFY_TEKTONOBJECTS=${TEST_E2E_VERIFY_TEKTONOBJECTS} \
-	$(GINKGO) ${TEST_E2E_FLAGS} test/e2e/
+	$(GINKGO) --skip-file=e2e_pipelinerun_test.go ${TEST_E2E_FLAGS} test/e2e/
 
 .PHONY: test-e2e-kind-with-prereq-install
 test-e2e-kind-with-prereq-install: ginkgo install-controller-kind install-strategies test-e2e-plain

deploy/200-role.yaml

@@ -67,6 +67,10 @@ rules:
   # With the OwnerReferencesPermissionEnforcement admission controller enabled, controllers need the "delete" permission on objects that they set owner references on.
   verbs:     ['get', 'list', 'watch', 'create', 'delete', 'patch']
 
+- apiGroups: ['tekton.dev']
+  resources: ['pipelineruns']
+  verbs:     ['get', 'list', 'watch', 'create', 'delete', 'patch']
+
 - apiGroups: ['']
   resources: ['pods']
   verbs:     ['get', 'list', 'watch']

docs/configuration.md

@@ -37,6 +37,7 @@ The following environment variables are available:
 | `KUBE_API_BURST`                                 | Burst to use for the Kubernetes API client. See [Config.Burst]. A value of 0 or lower will use the default from client-go, which currently is 10. Default is 0.                                                                                                                                                                                                                                                                                                                                                                                                          |
 | `KUBE_API_QPS`                                   | QPS to use for the Kubernetes API client. See [Config.QPS]. A value of 0 or lower will use the default from client-go, which currently is 5. Default is 0.                                                                                                                                                                                                                                                                                                                                                                                                               |
 | `VULNERABILITY_COUNT_LIMIT`                      | holds vulnerability count limit if vulnerability scan is enabled for the output image. If it is defined as 10, then it will output only 10 vulnerabilities sorted by severity in the buildrun status.Output. Default is 50.                                                                                                                                                                                                                                                                                                                                              |
+| `BUILDRUN_EXECUTOR`                              | Sets the kind of buildrun exectutor that will be used. Value can be `TaskRun` or `PipelineRun`. By default buildrun will use `TaskRun` for its build executor.                                                                                                                                                                                                                                                                                                                                          |
 
 [^1]: The `runAsUser` and `runAsGroup` are dynamically overwritten depending on the build strategy that is used. See [Security Contexts](buildstrategies.md#security-contexts) for more information.
 

pkg/config/config.go

@@ -66,6 +66,7 @@ const (
 	controllerBuildRunMaxConcurrentReconciles             = "BUILDRUN_MAX_CONCURRENT_RECONCILES"
 	controllerBuildStrategyMaxConcurrentReconciles        = "BUILDSTRATEGY_MAX_CONCURRENT_RECONCILES"
 	controllerClusterBuildStrategyMaxConcurrentReconciles = "CLUSTERBUILDSTRATEGY_MAX_CONCURRENT_RECONCILES"
+	controllerBuildrunExecutorEnvVar                      = "BUILDRUN_EXECUTOR"
 
 	// environment variables for the kube API
 	kubeAPIBurst = "KUBE_API_BURST"
@@ -107,6 +108,7 @@ type Config struct {
 	KubeAPIOptions                   KubeAPIOptions
 	GitRewriteRule                   bool
 	VulnerabilityCountLimit          int
+	BuildrunExecutor                 string
 }
 
 // PrometheusConfig contains the specific configuration for the
@@ -163,6 +165,7 @@ func NewDefaultConfig() *Config {
 		TerminationLogPath:            terminationLogPathDefault,
 		GitRewriteRule:                false,
 		VulnerabilityCountLimit:       50,
+		BuildrunExecutor:              "TaskRun",
 
 		GitContainerTemplate: Step{
 			Image: gitDefaultImage,
@@ -361,6 +364,11 @@ func (c *Config) SetConfigFromEnv() error {
 		c.VulnerabilityCountLimit = vc
 	}
 
+	// set environment variable for executor type
+	if executor := os.Getenv(controllerBuildrunExecutorEnvVar); executor != "" {
+		c.BuildrunExecutor = executor
+	}
+
 	// Mark that the Git wrapper is suppose to use Git rewrite rule
 	if useGitRewriteRule := os.Getenv(useGitRewriteRule); useGitRewriteRule != "" {
 		c.GitRewriteRule = strings.ToLower(useGitRewriteRule) == "true"