qontract-reconcile 0.10.0__py3-none-any.whl → 0.10.1.dev1203__py3-none-any.whl

reconcile/openshift_rolebindings.py

@@ -1,3 +1,4 @@
+import contextlib
 import sys
 
 import reconcile.openshift_base as ob
@@ -51,10 +52,10 @@ QONTRACT_INTEGRATION_VERSION = make_semver(0, 3, 0)
 def construct_user_oc_resource(role, user):
     name = f"{role}-{user}"
     body = {
-        "apiVersion": "authorization.openshift.io/v1",
+        "apiVersion": "rbac.authorization.k8s.io/v1",
         "kind": "RoleBinding",
         "metadata": {"name": name},
-        "roleRef": {"name": role},
+        "roleRef": {"kind": "ClusterRole", "name": role},
         "subjects": [{"kind": "User", "name": user}],
     }
     return (
@@ -68,14 +69,13 @@ def construct_user_oc_resource(role, user):
 def construct_sa_oc_resource(role, namespace, sa_name):
     name = f"{role}-{namespace}-{sa_name}"
     body = {
-        "apiVersion": "authorization.openshift.io/v1",
+        "apiVersion": "rbac.authorization.k8s.io/v1",
         "kind": "RoleBinding",
         "metadata": {"name": name},
-        "roleRef": {"name": role},
+        "roleRef": {"kind": "ClusterRole", "name": role},
         "subjects": [
             {"kind": "ServiceAccount", "name": sa_name, "namespace": namespace}
         ],
-        "userNames": [f"system:serviceaccount:{namespace}:{sa_name}"],
     }
     return (
         OR(
@@ -97,7 +97,8 @@ def fetch_desired_state(ri, oc_map, enforced_user_keys=None):
                 "role": a["role"],
             }
             for a in role["access"] or []
-            if None not in [a["namespace"], a["role"]]
+            if a["namespace"]
+            and a["role"]
             and a["namespace"].get("managedRoles")
             and not ob.is_namespace_deleted(a["namespace"])
         ]
@@ -136,19 +137,18 @@ def fetch_desired_state(ri, oc_map, enforced_user_keys=None):
                     oc_resource, resource_name = construct_user_oc_resource(
                         permission["role"], username
                     )
-                    try:
+                    with contextlib.suppress(ResourceKeyExistsError):
+                        # a user may have a Role assigned to them
+                        # from multiple app-interface roles
                         ri.add_desired(
                             cluster,
                             perm_namespace_name,
-                            "RoleBinding.authorization.openshift.io",
+                            "RoleBinding.rbac.authorization.k8s.io",
                             resource_name,
                             oc_resource,
                             privileged=privileged,
                         )
-                    except ResourceKeyExistsError:
-                        # a user may have a Role assigned to them
-                        # from multiple app-interface roles
-                        pass
+
             for sa in service_accounts:
                 if ri is None:
                     continue
@@ -156,20 +156,17 @@ def fetch_desired_state(ri, oc_map, enforced_user_keys=None):
                 oc_resource, resource_name = construct_sa_oc_resource(
                     permission["role"], sa_namespace_name, sa_name
                 )
-                try:
+                with contextlib.suppress(ResourceKeyExistsError):
+                    # a ServiceAccount may have a Role assigned to it
+                    # from multiple app-interface roles
                     ri.add_desired(
                         cluster,
                         perm_namespace_name,
-                        "RoleBinding.authorization.openshift.io",
+                        "RoleBinding.rbac.authorization.k8s.io",
                         resource_name,
                         oc_resource,
                         privileged=privileged,
                     )
-                except ResourceKeyExistsError:
-                    # a ServiceAccount may have a Role assigned to it
-                    # from multiple app-interface roles
-                    pass
-
     return users_desired_state
 
 
@@ -189,12 +186,13 @@ def run(dry_run, thread_pool_size=10, internal=None, use_jump_host=True, defer=N
         thread_pool_size=thread_pool_size,
         integration=QONTRACT_INTEGRATION,
         integration_version=QONTRACT_INTEGRATION_VERSION,
-        override_managed_types=["RoleBinding.authorization.openshift.io"],
+        override_managed_types=["RoleBinding.rbac.authorization.k8s.io"],
         internal=internal,
         use_jump_host=use_jump_host,
     )
     defer(oc_map.cleanup)
     fetch_desired_state(ri, oc_map)
+    ob.publish_metrics(ri, QONTRACT_INTEGRATION)
     ob.realize_data(dry_run, oc_map, ri, thread_pool_size)
 
     if ri.has_error_registered():

reconcile/openshift_saas_deploy.py

@@ -1,34 +1,39 @@
+import json
 import logging
+import os
 import sys
 from collections.abc import Callable
-from typing import Optional
 
-import reconcile.jenkins_plugins as jenkins_base
 import reconcile.openshift_base as ob
 from reconcile import (
-    mr_client_gateway,
+    jenkins_base,
+    openshift_saas_deploy_trigger_images,
+    openshift_saas_deploy_trigger_upstream_jobs,
     queries,
 )
 from reconcile.gql_definitions.common.saas_files import PipelinesProviderTektonV1
-from reconcile.openshift_tekton_resources import build_one_per_saas_file_tkn_object_name
+from reconcile.openshift_tekton_resources import (
+    build_one_per_saas_file_tkn_pipeline_name,
+)
 from reconcile.slack_base import slackapi_from_slack_workspace
 from reconcile.status import ExitCodes
 from reconcile.typed_queries.app_interface_vault_settings import (
     get_app_interface_vault_settings,
 )
 from reconcile.typed_queries.saas_files import (
-    get_saas_files,
+    SaasFile,
+    SaasFileList,
     get_saasherder_settings,
 )
 from reconcile.utils.defer import defer
 from reconcile.utils.gitlab_api import GitLabApi
 from reconcile.utils.openshift_resource import ResourceInventory
 from reconcile.utils.saasherder import SaasHerder
-from reconcile.utils.saasherder.interfaces import SaasFile
 from reconcile.utils.secret_reader import create_secret_reader
 from reconcile.utils.semver_helper import make_semver
 from reconcile.utils.slack_api import SlackApi
 from reconcile.utils.state import init_state
+from reconcile.utils.unleash import get_feature_toggle_state
 
 QONTRACT_INTEGRATION = "openshift-saas-deploy"
 QONTRACT_INTEGRATION_VERSION = make_semver(0, 1, 0)
@@ -44,13 +49,15 @@ def compose_console_url(saas_file: SaasFile, env_name: str) -> str:
         if not saas_file.pipelines_provider.pipeline_templates
         else saas_file.pipelines_provider.pipeline_templates.openshift_saas_deploy.name
     )
-    pipeline_name = build_one_per_saas_file_tkn_object_name(
+    pipeline_name = build_one_per_saas_file_tkn_pipeline_name(
         pipeline_template_name, saas_file.name
     )
+    tkn_name, _ = SaasHerder.build_saas_file_env_combo(saas_file.name, env_name)
+
     return (
-        f"{saas_file.pipelines_provider.namespace.cluster.console_url}/k8s/ns/{saas_file.pipelines_provider.namespace.name}/"
-        + "tekton.dev~v1beta1~Pipeline/"
-        + f"{pipeline_name}/Runs?name={saas_file.name}-{env_name}"
+        f"{saas_file.pipelines_provider.namespace.cluster.console_url}/k8s/ns/"
+        f"{saas_file.pipelines_provider.namespace.name}/tekton.dev~v1~Pipeline/"
+        f"{pipeline_name}/Runs?name={tkn_name}"
     )
 
 
@@ -61,8 +68,21 @@ def slack_notify(
     ri: ResourceInventory,
     console_url: str,
     in_progress: bool,
+    trigger_integration: str | None = None,
+    trigger_reason: str | None = None,
+    skip_successful_notifications: bool | None = False,
 ) -> None:
     success = not ri.has_error_registered()
+    # if the deployment doesn't want any notifications for successful
+    # deployments, then we should grant the wish. However, there's a user
+    # expereince concern where the deployment owners will receive a "in
+    # progress" notice but no subsequent notice. We handle this case by
+    # including an "fyi" message for in progress deployments down below.
+    if success and skip_successful_notifications and not in_progress:
+        logging.info(
+            f"Skipping Slack notification for {saas_file_name} to {env_name} because deploy was successful."
+        )
+        return
     if in_progress:
         icon = ":yellow_jenkins_circle:"
         description = "In Progress"
@@ -77,6 +97,12 @@ def slack_notify(
         + f"deployment to environment *{env_name}*: "
         + f"{description} (<{console_url}|Open>)"
     )
+    if trigger_reason:
+        message += f". Reason: {trigger_reason}"
+    if trigger_integration:
+        message += f" triggered by _{trigger_integration}_"
+    if in_progress and skip_successful_notifications:
+        message += ". There will not be a notice for success."
     slack.chat_post_message(message)
 
 
@@ -86,16 +112,21 @@ def run(
     thread_pool_size: int = 10,
     io_dir: str = "throughput/",
     use_jump_host: bool = True,
-    saas_file_name: Optional[str] = None,
-    env_name: Optional[str] = None,
-    gitlab_project_id: Optional[str] = None,
-    defer: Optional[Callable] = None,
+    saas_file_name: str | None = None,
+    env_name: str | None = None,
+    trigger_integration: str | None = None,
+    trigger_reason: str | None = None,
+    saas_file_list: SaasFileList | None = None,
+    defer: Callable | None = None,
 ) -> None:
     vault_settings = get_app_interface_vault_settings()
     secret_reader = create_secret_reader(use_vault=vault_settings.vault)
 
-    all_saas_files = get_saas_files()
-    saas_files = get_saas_files(saas_file_name, env_name)
+    if not saas_file_list:
+        saas_file_list = SaasFileList()
+    all_saas_files = saas_file_list.saas_files
+    saas_files = saas_file_list.where(name=saas_file_name, env_name=env_name)
+
     if not saas_files:
         logging.error("no saas files found")
         raise RuntimeError("no saas files found")
@@ -105,6 +136,9 @@ def run(
     # - this is not a dry run
     # - there is a single saas file deployed
     notify = not dry_run and len(saas_files) == 1
+    skip_successful_deploy_notifications = (
+        saas_files[0].skip_successful_deploy_notifications if saas_files else False
+    )
     slack = None
     if notify:
         saas_file = saas_files[0]
@@ -134,6 +168,9 @@ def run(
                         ri,
                         console_url,
                         in_progress=False,
+                        trigger_integration=trigger_integration,
+                        trigger_reason=trigger_reason,
+                        skip_successful_notifications=skip_successful_deploy_notifications,
                     )
                 )
             # deployment start notification
@@ -145,6 +182,9 @@ def run(
                     ri,
                     console_url,
                     in_progress=True,
+                    trigger_integration=trigger_integration,
+                    trigger_reason=trigger_reason,
+                    skip_successful_notifications=skip_successful_deploy_notifications,
                 )
 
     jenkins_map = jenkins_base.get_jenkins_map()
@@ -169,6 +209,7 @@ def run(
         gitlab=gl,
         jenkins_map=jenkins_map,
         state=init_state(integration=QONTRACT_INTEGRATION, secret_reader=secret_reader),
+        all_saas_files=saas_file_list.saas_files,
     )
     if defer:
         defer(saasherder.cleanup)
@@ -176,6 +217,11 @@ def run(
         logging.warning("no targets found")
         sys.exit(ExitCodes.SUCCESS)
 
+    # check enable_init_projects flag status
+    enable_init_projects = get_feature_toggle_state(
+        "enable_init_projects",
+        default=False,
+    )
     ri, oc_map = ob.fetch_current_state(
         namespaces=[ns.dict(by_alias=True) for ns in saasherder.namespaces],
         thread_pool_size=thread_pool_size,
@@ -184,6 +230,7 @@ def run(
         init_api_resources=True,
         cluster_admin=bool(saasherder.cluster_admin),
         use_jump_host=use_jump_host,
+        init_projects=enable_init_projects,
     )
     if defer:  # defer is provided by the method decorator. this makes just mypy happy
         defer(oc_map.cleanup)
@@ -198,7 +245,8 @@ def run(
 
     # validate that the deployment will succeed
     # to the best of our ability to predict
-    ob.validate_planned_data(ri, oc_map)
+    if saasherder.validate_planned_data:
+        ob.validate_planned_data(ri, oc_map)
 
     # if saas_file_name is defined, the integration
     # is being called from multiple running instances
@@ -235,10 +283,7 @@ def run(
         # Auto-promotions are now created by saas-auto-promotions-manager integration
         # However, we still need saas-herder to publish the state to S3, because
         # saas-auto-promotions-manager needs that information
-        with mr_client_gateway.init(gitlab_project_id=gitlab_project_id) as mr_cli:
-            saasherder.publish_promotions(
-                success, all_saas_files, mr_cli, auto_promote=False
-            )
+        saasherder.publish_promotions(success, all_saas_files)
 
     if not success:
         sys.exit(ExitCodes.ERROR)
@@ -262,3 +307,42 @@ def run(
                 + f"{action['kind']} {action['name']} {action['action']}"
             )
             slack.chat_post_message(message)
+
+    # get upstream repo info for sast scan
+    # get image info for clamav scan
+    # we only do this if:
+    # - this is not a dry run
+    # - there is a single saas file deployed
+    # - saas-deploy triggered by upstream job or image build
+    allowed_integration = [
+        openshift_saas_deploy_trigger_upstream_jobs.QONTRACT_INTEGRATION,
+        openshift_saas_deploy_trigger_images.QONTRACT_INTEGRATION,
+    ]
+    scan = (
+        not dry_run
+        and len(saas_files) == 1
+        and trigger_integration
+        and trigger_integration in allowed_integration
+        and trigger_reason
+    )
+    if scan:
+        saas_file = saas_files[0]
+        owners = saas_file.app.service_owners or []
+        emails = " ".join([o.email for o in owners])
+        file, url = saasherder.get_archive_info(saas_file, trigger_reason)
+        sast_file = os.path.join(io_dir, "sast")
+        with open(sast_file, "w", encoding="locale") as f:
+            f.write(file + "\n")
+            f.write(url + "\n")
+            f.write(emails + "\n")
+        images = " ".join(saasherder.images)
+        app_name = saas_file.app.name
+        clamav_file = os.path.join(io_dir, "clamav")
+        with open(clamav_file, "w", encoding="locale") as f:
+            f.write(images + "\n")
+            f.write(app_name + "\n")
+        image_auth = saasherder._initiate_image_auth(saas_file)
+        if image_auth.auth_server:
+            json_file = os.path.join(io_dir, "dockerconfigjson")
+            with open(json_file, "w", encoding="locale") as f:
+                f.write(json.dumps(image_auth.getDockerConfigJson(), indent=2))

reconcile/openshift_saas_deploy_change_tester.py

@@ -1,10 +1,7 @@
 import logging
 import sys
 from collections.abc import Iterable
-from typing import (
-    Any,
-    Optional,
-)
+from typing import Any
 
 from pydantic import BaseModel
 from sretoolbox.utils import threaded
@@ -18,7 +15,7 @@ from reconcile.gql_definitions.common.saas_files import (
 from reconcile.gql_definitions.fragments.vault_secret import VaultSecret
 from reconcile.typed_queries.saas_files import (
     SaasFile,
-    get_saas_files,
+    SaasFileList,
 )
 from reconcile.utils import gql
 from reconcile.utils.gitlab_api import GitLabApi
@@ -37,7 +34,7 @@ class Definition(BaseModel):
 class State(BaseModel):
     saas_file_path: str
     saas_file_name: str
-    saas_file_deploy_resources: Optional[DeployResourcesV1]
+    saas_file_deploy_resources: DeployResourcesV1 | None
     resource_template_name: str
     cluster: str
     namespace: str
@@ -47,10 +44,10 @@ class State(BaseModel):
     parameters: dict[str, Any]
     secret_parameters: dict[str, VaultSecret]
     saas_file_definitions: Definition
-    upstream: Optional[SaasResourceTemplateTargetUpstreamV1]
-    disable: Optional[bool]
-    delete: Optional[bool]
-    target_path: Optional[str]
+    upstream: SaasResourceTemplateTargetUpstreamV1 | None
+    disable: bool | None
+    delete: bool | None
+    target_path: str | None
 
 
 def osd_run_wrapper(
@@ -58,7 +55,7 @@ def osd_run_wrapper(
     dry_run: bool,
     available_thread_pool_size: int,
     use_jump_host: bool,
-    gitlab_project_id: str,
+    saas_file_list: SaasFileList | None,
 ) -> int:
     saas_file_name, env_name = spec
     exit_code = 0
@@ -69,7 +66,7 @@ def osd_run_wrapper(
             use_jump_host=use_jump_host,
             saas_file_name=saas_file_name,
             env_name=env_name,
-            gitlab_project_id=gitlab_project_id,
+            saas_file_list=saas_file_list,
         )
     except SystemExit as e:
         exit_code = e.code if isinstance(e.code, int) else 1
@@ -98,18 +95,15 @@ def collect_state(saas_files: list[SaasFile]) -> list[State]:
                 parameters.update(resource_template.parameters or {})
                 parameters.update(target.parameters or {})
                 secret_parameters: dict[str, VaultSecret] = {}
-                secret_parameters.update(
-                    {s.name: s.secret for s in saas_file.secret_parameters or []}
-                )
-                secret_parameters.update(
-                    {
-                        s.name: s.secret
-                        for s in resource_template.secret_parameters or []
-                    }
-                )
-                secret_parameters.update(
-                    {s.name: s.secret for s in target.secret_parameters or []}
-                )
+                secret_parameters.update({
+                    s.name: s.secret for s in saas_file.secret_parameters or []
+                })
+                secret_parameters.update({
+                    s.name: s.secret for s in resource_template.secret_parameters or []
+                })
+                secret_parameters.update({
+                    s.name: s.secret for s in target.secret_parameters or []
+                })
                 state.append(
                     State(
                         saas_file_path=saas_file.path,
@@ -153,7 +147,7 @@ def collect_compare_diffs(
             # that changes another saas file was merged but is not yet
             # reflected in the baseline graphql endpoint.
             # https://issues.redhat.com/browse/APPSRE-3029
-            logging.debug(f"Diff not found in changed paths, skipping: {str(d)}")
+            logging.debug(f"Diff not found in changed paths, skipping: {d!s}")
             continue
         for c in current_state:
             if d.saas_file_name != c.saas_file_name:
@@ -188,17 +182,17 @@ def update_mr_with_ref_diffs(
         project_id=gitlab_project_id,
         settings=queries.get_secret_reader_settings(),
     ) as gl:
-        changed_paths = gl.get_merge_request_changed_paths(gitlab_merge_request_id)
+        merge_request = gl.get_merge_request(gitlab_merge_request_id)
+        changed_paths = gl.get_merge_request_changed_paths(merge_request)
         compare_diffs = collect_compare_diffs(
             current_state, desired_state, changed_paths
         )
         if compare_diffs:
-            compare_diffs_comment_body = "Diffs:\n" + "\n".join(
-                [f"- {d}" for d in compare_diffs]
-            )
-            gl.add_comment_to_merge_request(
-                gitlab_merge_request_id, compare_diffs_comment_body
-            )
+            compare_diffs_comment_body = "Diffs:\n" + "\n".join([
+                f"- {d}" for d in compare_diffs
+            ])
+            gl.delete_merge_request_comments(merge_request, startswith="Diffs:")
+            gl.add_comment_to_merge_request(merge_request, compare_diffs_comment_body)
 
 
 def run(
@@ -214,9 +208,10 @@ def run(
     )
     # find the differences in saas-file state
     comparison_saas_file_state = collect_state(
-        get_saas_files(query_func=comparison_gql_api.query)
+        SaasFileList(query_func=comparison_gql_api.query).saas_files
     )
-    desired_saas_file_state = collect_state(get_saas_files())
+    saas_file_list = SaasFileList()
+    desired_saas_file_state = collect_state(saas_file_list.saas_files)
     # compare dicts against dicts which is much faster than comparing BaseModel objects
     comparison_saas_file_state_dicts = [s.dict() for s in comparison_saas_file_state]
     saas_file_state_diffs = [
@@ -248,7 +243,7 @@ def run(
         dry_run=dry_run,
         available_thread_pool_size=available_thread_pool_size,
         use_jump_host=use_jump_host,
-        gitlab_project_id=gitlab_project_id,
+        saas_file_list=saas_file_list,
     )
 
     if [ec for ec in exit_codes if ec]:

reconcile/openshift_saas_deploy_trigger_base.py

@@ -1,18 +1,18 @@
-import datetime
 import logging
 from collections.abc import Callable
 from threading import Lock
-from typing import (
-    Any,
-    Optional,
-)
+from typing import Any
 
 from sretoolbox.utils import threaded
 
-import reconcile.jenkins_plugins as jenkins_base
 import reconcile.openshift_base as osb
-from reconcile import queries
-from reconcile.openshift_tekton_resources import build_one_per_saas_file_tkn_object_name
+from reconcile import (
+    jenkins_base,
+    queries,
+)
+from reconcile.openshift_tekton_resources import (
+    build_one_per_saas_file_tkn_pipeline_name,
+)
 from reconcile.typed_queries.app_interface_vault_settings import (
     get_app_interface_vault_settings,
 )
@@ -33,7 +33,6 @@ from reconcile.utils.oc_map import (
 from reconcile.utils.openshift_resource import OpenshiftResource as OR
 from reconcile.utils.parse_dhms_duration import dhms_to_seconds
 from reconcile.utils.saasherder import (
-    UNIQUE_SAAS_FILE_ENV_COMBO_LEN,
     Providers,
     SaasHerder,
     TriggerSpecUnion,
@@ -61,7 +60,7 @@ def run(
     internal: bool,
     use_jump_host: bool,
     include_trigger_trace: bool,
-    defer: Optional[Callable] = None,
+    defer: Callable | None = None,
 ) -> bool:
     """Run trigger integration
 
@@ -247,7 +246,7 @@ def _trigger_tekton(
         if spec.pipelines_provider.pipeline_templates
         else spec.pipelines_provider.defaults.pipeline_templates.openshift_saas_deploy.name
     )
-    tkn_pipeline_name = build_one_per_saas_file_tkn_object_name(
+    tkn_pipeline_name = build_one_per_saas_file_tkn_pipeline_name(
         pipeline_template_name, spec.saas_file_name
     )
     tkn_namespace_name = spec.pipelines_provider.namespace.name
@@ -298,7 +297,7 @@ def _trigger_tekton(
             logging.error(
                 f"could not trigger pipeline {tkn_name} "
                 + f"in {tkn_cluster_name}/{tkn_namespace_name}. "
-                + f"details: {str(e)}"
+                + f"details: {e!s}"
             )
 
     if not error and not dry_run:
@@ -314,24 +313,27 @@ def _pipeline_exists(
     if isinstance(oc, OCLogMsg):
         logging.error(oc.message)
         raise RuntimeError(f"No OC client for {tkn_cluster_name}: {oc.message}")
-    if oc.get(
-        namespace=tkn_namespace_name, kind="Pipeline", name=name, allow_not_found=True
-    ):
-        return True
-    return False
+    return bool(
+        oc.get(
+            namespace=tkn_namespace_name,
+            kind="Pipeline",
+            name=name,
+            allow_not_found=True,
+        )
+    )
 
 
 def _construct_tekton_trigger_resource(
     saas_file_name: str,
     env_name: str,
     tkn_pipeline_name: str,
-    timeout: Optional[str],
+    timeout: str | None,
     tkn_cluster_console_url: str,
     tkn_namespace_name: str,
     integration: str,
     integration_version: str,
     include_trigger_trace: bool,
-    reason: Optional[str],
+    reason: str | None,
 ) -> tuple[OR, str]:
     """Construct a resource (PipelineRun) to trigger a deployment via Tekton.
 
@@ -350,13 +352,10 @@ def _construct_tekton_trigger_resource(
     Returns:
         OpenshiftResource: OpenShift resource to be applied
     """
-    long_name = f"{saas_file_name}-{env_name}".lower()
-    # using a timestamp to make the resource name unique.
-    # we may want to revisit traceability, but this is compatible
-    # with what we currently have in Jenkins.
-    ts = datetime.datetime.utcnow().strftime("%Y%m%d%H%M")  # len 12
-    # max name length can be 63. leaving 12 for the timestamp - 51
-    name = f"{long_name[:UNIQUE_SAAS_FILE_ENV_COMBO_LEN]}-{ts}"
+    tkn_name, tkn_long_name = SaasHerder.build_saas_file_env_combo(
+        saas_file_name, env_name
+    )
+    name = tkn_name.lower()
 
     parameters = [
         {"name": "saas_file_name", "value": saas_file_name},
@@ -370,16 +369,14 @@ def _construct_tekton_trigger_resource(
                 "reason must be provided if include_trigger_trace is True"
             )
 
-        parameters.extend(
-            [
-                {"name": "trigger_integration", "value": integration},
-                {"name": "trigger_reason", "value": reason},
-            ]
-        )
+        parameters.extend([
+            {"name": "trigger_integration", "value": integration},
+            {"name": "trigger_reason", "value": reason},
+        ])
     body: dict[str, Any] = {
-        "apiVersion": "tekton.dev/v1beta1",
+        "apiVersion": "tekton.dev/v1",
         "kind": "PipelineRun",
-        "metadata": {"name": name},
+        "metadata": {"generateName": f"{name}-"},
         "spec": {
             "pipelineRef": {"name": tkn_pipeline_name},
             "params": parameters,
@@ -393,9 +390,15 @@ def _construct_tekton_trigger_resource(
                 f"timeout {timeout} is smaller than 60 minutes"
             )
 
-        body["spec"]["timeout"] = timeout
+        body["spec"]["timeouts"] = {
+            "pipeline": "0",
+            "tasks": timeout,
+        }
 
-    return OR(body, integration, integration_version, error_details=name), long_name
+    return (
+        OR(body, integration, integration_version, error_details=name),
+        tkn_long_name.lower(),
+    )
 
 
 def _register_trigger(name: str, already_triggered: set[str]) -> bool: