From b2ae163c7f851fe1500066d1754bdfa28c0f4911 Mon Sep 17 00:00:00 2001
From: Dale Haiducek <19750917+dhaiducek@users.noreply.github.com>
Date: Tue, 14 Jan 2025 15:48:29 -0500
Subject: [PATCH] Implement git submodules

Konflux doesn't have the ability to cache git
repos for hermetic builds, but it can handle git
submodules.

doc: https://git-scm.com/book/en/v2/Git-Tools-Submodules
Signed-off-by: Dale Haiducek <19750917+dhaiducek@users.noreply.github.com>
---
 .gitignore                                |  1 -
 .gitmodules                               |  9 +++++++++
 .tekton/acm-cli-acm-213-pull-request.yaml |  2 +-
 .tekton/acm-cli-acm-213-push.yaml         |  2 +-
 Dockerfile                                |  2 +-
 Dockerfile.rhtap                          |  2 +-
 Makefile                                  | 14 +++++---------
 external/policy-cli                       |  1 +
 external/policy-generator-plugin          |  1 +
 9 files changed, 20 insertions(+), 14 deletions(-)
 create mode 100644 .gitmodules
 create mode 160000 external/policy-cli
 create mode 160000 external/policy-generator-plugin

diff --git a/.gitignore b/.gitignore
index ee5aa5d..1836234 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,4 +2,3 @@ build/_output/
 bin/
 gosec.json
 kubeconfig_*
-external/
diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000..66c8c93
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,9 @@
+[submodule "policy-cli"]
+	path = external/policy-cli
+	url = https://github.com/stolostron/policy-cli
+	branch = release-2.13
+
+[submodule "policy-generator-plugin"]
+	path = external/policy-generator-plugin
+	url = https://github.com/stolostron/policy-generator-plugin
+	branch = release-2.13
diff --git a/.tekton/acm-cli-acm-213-pull-request.yaml b/.tekton/acm-cli-acm-213-pull-request.yaml
index 96ed8e9..4c75a7b 100644
--- a/.tekton/acm-cli-acm-213-pull-request.yaml
+++ b/.tekton/acm-cli-acm-213-pull-request.yaml
@@ -35,7 +35,7 @@ spec:
     - name: hermetic
       value: "true"
     - name: prefetch-input
-      value: '[{"type": "gomod", "path": "."},{"type": "rpm", "path": "."}]'
+      value: '[{"type": "gomod", "path": "."},{"type": "gomod", "path": "external/policy-cli"},{"type": "gomod", "path": "external/policy-generator-plugin"},{"type": "rpm", "path": "."}]'
   pipelineSpec:
     description: |
       This pipeline is ideal for building multi-arch container images from a Containerfile while maintaining trust after pipeline customization.
diff --git a/.tekton/acm-cli-acm-213-push.yaml b/.tekton/acm-cli-acm-213-push.yaml
index 66e4638..db2d9b7 100644
--- a/.tekton/acm-cli-acm-213-push.yaml
+++ b/.tekton/acm-cli-acm-213-push.yaml
@@ -32,7 +32,7 @@ spec:
     - name: hermetic
       value: "true"
     - name: prefetch-input
-      value: '[{"type": "gomod", "path": "."},{"type": "rpm", "path": "."}]'
+      value: '[{"type": "gomod", "path": "."},{"type": "gomod", "path": "external/policy-cli"},{"type": "gomod", "path": "external/policy-generator-plugin"},{"type": "rpm", "path": "."}]'
   pipelineSpec:
     description: |
       This pipeline is ideal for building multi-arch container images from a Containerfile while maintaining trust after pipeline customization.
diff --git a/Dockerfile b/Dockerfile
index 600529c..b1921a2 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -10,7 +10,7 @@ COPY . .
 RUN make build
 
 # Fetch and package imported binaries
-RUN make clone-build-package
+RUN make sync-build-package
 
 FROM registry.access.redhat.com/ubi9/ubi-minimal:latest
 
diff --git a/Dockerfile.rhtap b/Dockerfile.rhtap
index 9bd7009..e6365e1 100644
--- a/Dockerfile.rhtap
+++ b/Dockerfile.rhtap
@@ -10,7 +10,7 @@ COPY . .
 RUN make build
 
 # Fetch and package imported binaries
-RUN make clone-build-package
+RUN make sync-build-package
 
 FROM registry.access.redhat.com/ubi9/ubi-minimal:latest
 
diff --git a/Makefile b/Makefile
index 38a5877..dbaa42f 100644
--- a/Makefile
+++ b/Makefile
@@ -56,19 +56,15 @@ build:
 build-image:
 	$(CONTAINER_ENGINE) build --platform linux/$(ARCH) $(BUILD_ARGS) -t $(IMAGE_NAME_AND_VERSION):$(TAG) .
 
-.PHONY: clone-build-package
-clone-build-package: clone-repos build-and-package
+.PHONY: sync-build-package
+sync-build-package: sync-repos build-and-package
 
 .PHONY: build-and-package
 build-and-package: build-binaries package-binaries
 
-.PHONY: clone-repos
-clone-repos:
-	while IFS=, read -r git_url build_cmd build_dir; do \
-		if [[ "$${git_url}" != "GIT REPO URL" ]]; then \
-			git clone --branch=${RELEASE_TAG} --depth=1 $${git_url} $(REMOTE_SOURCES_DIR)/$${git_url##*/}/$(REMOTE_SOURCES_SUBDIR); \
-		fi; \
-	done < ./build/cli_map.csv
+.PHONY: sync-repos
+sync-repos:
+	git submodule update --init
 
 .PHONY: build-binaries
 build-binaries:
diff --git a/external/policy-cli b/external/policy-cli
new file mode 160000
index 0000000..4bd6d4f
--- /dev/null
+++ b/external/policy-cli
@@ -0,0 +1 @@
+Subproject commit 4bd6d4f958bd9c4631e7801687804e8345582e12
diff --git a/external/policy-generator-plugin b/external/policy-generator-plugin
new file mode 160000
index 0000000..84e1fb8
--- /dev/null
+++ b/external/policy-generator-plugin
@@ -0,0 +1 @@
+Subproject commit 84e1fb8137c6ec16dde4159e5f4cc151914db340