From 02345bfafde2db28d62b921ddd39db0e64ce6cae Mon Sep 17 00:00:00 2001
From: Dibyo Mukherjee <dibyo@google.com>
Date: Wed, 24 Jun 2020 15:11:55 -0400
Subject: [PATCH] Fix publish-tekton-triggers task

This commit includes two fixes:

1. Replaces `CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE` with an explicit call to
`gcloud auth activate-service-account`. This is the same fix as
tektoncd/pipeline#2847.

2. Pass images with tags to ko_parse.py to validate the images. This bug was
introduced in #598

Signed-off-by: Dibyo Mukherjee <dibyo@google.com>
---
 tekton/publish.yaml | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/tekton/publish.yaml b/tekton/publish.yaml
index 0249b49a1..b28643062 100644
--- a/tekton/publish.yaml
+++ b/tekton/publish.yaml
@@ -56,13 +56,14 @@ spec:
       value: $(inputs.params.imageRegistry)
     - name: GOPATH
       value: /workspace/go
-    - name: CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE
+    - name: GOOGLE_APPLICATION_CREDENTIALS
       value: /secret/release.json
     script: |
       #!/bin/sh
       set -ex
-
-      # Auth with CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE
+      # Activate service account
+      gcloud auth activate-service-account --key-file=${GOOGLE_APPLICATION_CREDENTIALS}
+      # Setup docker-auth
       gcloud auth configure-docker
 
       # ko requires this variable to be set in order to set image creation timestamps correctly https://github.com/google/go-containerregistry/pull/146
@@ -110,12 +111,12 @@ spec:
 
       REGIONS=(us eu asia)
       IMAGES=(
-        $(inputs.params.imageRegistry)/$(inputs.params.pathToProject)/$(outputs.resources.builtControllerImage.url)
-        $(inputs.params.imageRegistry)/$(inputs.params.pathToProject)/$(outputs.resources.builtWebhookImage.url)
-        $(inputs.params.imageRegistry)/$(inputs.params.pathToProject)/$(outputs.resources.builtEventListenerSinkImage.url)
+      $(inputs.params.imageRegistry)/$(inputs.params.pathToProject)/$(outputs.resources.builtControllerImage.url):$(inputs.params.versionTag)
+      $(inputs.params.imageRegistry)/$(inputs.params.pathToProject)/$(outputs.resources.builtWebhookImage.url):$(inputs.params.versionTag)
+      $(inputs.params.imageRegistry)/$(inputs.params.pathToProject)/$(outputs.resources.builtEventListenerSinkImage.url):$(inputs.params.versionTag)
       )
       # Parse the built images from the release.yaml generated by ko
-      BUILT_IMAGES=( $(/workspace/go/src/github.com/tektoncd/triggers/tekton/koparse/koparse.py --path /workspace/output/bucket/latest/release.yaml --base $(inputs.params.imageRegistry)/$(inputs.params.pathToProject) --images ${IMAGES[@]}) )
+      BUILT_IMAGES=( $(/workspace/go/src/github.com/tektoncd/triggers/tekton/koparse/koparse.py --path /workspace/output/bucket/previous/$(inputs.params.versionTag)/release.yaml --base $(inputs.params.imageRegistry)/$(inputs.params.pathToProject) --images ${IMAGES[@]}) )
 
       # Auth with account credentials
       gcloud auth activate-service-account --key-file=/secret/release.json