qubership-pipelines-common-library 0.2.5__py3-none-any.whl → 2.0.0__py3-none-any.whl

qubership_pipelines_common_library/v2/github/safe_github_client.py

@@ -0,0 +1,24 @@
+from qubership_pipelines_common_library.v1.execution.exec_info import ExecutionInfo
+from qubership_pipelines_common_library.v2.github.github_client import GithubClient
+from qubership_pipelines_common_library.v2.utils.retry_decorator import RetryDecorator
+
+
+class SafeGithubClient(GithubClient):
+
+    def __init__(self, api_url: str, token: str):
+        super().__init__(api_url=api_url, token=token)
+
+    @classmethod
+    @RetryDecorator(condition_func=lambda result: result is not None)
+    def create_github_client(cls, api_url: str, token, retry_timeout_seconds: int = 180, retry_wait_seconds: int = 1):
+        return cls(api_url=api_url, token=token)
+
+    @RetryDecorator(
+        condition_func=lambda result: result is not None and result.get_status() not in [
+            ExecutionInfo.STATUS_NOT_STARTED, ExecutionInfo.STATUS_UNKNOWN]
+    )
+    def trigger_workflow(self, owner: str, repo_name: str, workflow_file_name: str, branch: str,
+                         pipeline_params, retry_timeout_seconds: int = 180, retry_wait_seconds: int = 1):
+        return super().trigger_workflow(owner=owner, repo_name=repo_name,
+                                        workflow_file_name=workflow_file_name,
+                                        branch=branch, pipeline_params=pipeline_params)

qubership_pipelines_common_library/v2/gitlab/custom_extensions.py

@@ -0,0 +1,101 @@
+from pathlib import Path
+
+from qubership_pipelines_common_library.v1.execution.exec_command import ExecutionCommandExtension
+from qubership_pipelines_common_library.v1.execution.exec_info import ExecutionInfo
+from qubership_pipelines_common_library.v2.extensions.pipeline_data_importer import PipelineDataImporter
+
+
+class GitlabDOBPParamsPreExt(ExecutionCommandExtension):
+    """
+    Pre-execution extension, enriching 'pipeline_params' with values from environment variables
+    """
+    def execute(self):
+        self.context.logger.info("Adding DOBP-specific params to pipeline_params...")
+
+        # Add upstream-cancelled params:
+        import os
+        if project_url := os.getenv('PROJECT_URL'):
+            from urllib.parse import urlparse
+            parsed_project_url = urlparse(project_url)
+            self.command.pipeline_params.setdefault('DOBP_UPSTREAM_SERVER_URL', f"{parsed_project_url.scheme}://{parsed_project_url.netloc}")
+            self.command.pipeline_params.setdefault('DOBP_UPSTREAM_PROJECT_PATH', parsed_project_url.path.strip('/'))
+
+        if pipeline_id := os.getenv('PIPELINE_ID'):
+            self.command.pipeline_params.setdefault('DOBP_UPSTREAM_PIPELINE_ID', pipeline_id)
+
+        # Add retry params:
+        if retry_downstream_pipeline_id := os.getenv('DOBP_RETRY_DOWNSTREAM_PIPELINE_ID'):
+            self.command.pipeline_params.setdefault('DOBP_RETRY_PIPELINE_ID', retry_downstream_pipeline_id)
+
+
+class GitlabModulesOpsPipelineDataImporter(PipelineDataImporter):
+    """
+    GitLab Modules Ops implementation:
+        imports data from contracted GitLab Declarative Pipelines
+        extracts output files and params of targeted pipeline into 'output' folder of this command
+    """
+
+    IMPORTED_CONTEXT_FILE = 'pipeline/output/context.yaml'
+
+    def import_pipeline_data(self, execution: ExecutionInfo) -> None:
+        import os, zipfile
+        self.context.logger.info("GitlabModulesOpsPipelineDataImporter - importing pipeline data...")
+        project_id = execution.get_name()
+        pipeline_id = execution.get_id()
+
+        if job := self.command.gl_client.get_latest_job(project_id, pipeline_id):
+            self.context.logger.info(f"Latest job: {job.id}")
+            local_dirpath = self.context.path_temp
+            self.context.logger.debug(f"Contents of folder {local_dirpath}: {os.listdir(local_dirpath)}")
+            if artifacts_file := self.command.gl_client.download_job_artifacts(job.pipeline.get('project_id'), job.id, local_dirpath):
+                with zipfile.ZipFile(artifacts_file) as zf:
+                    self.context.logger.debug(f"Zip contents: ${zf.namelist()}")
+                    zf.extractall(local_dirpath)
+            self.context.logger.debug(f"Contents of folder {local_dirpath} (after zip.extractall): {os.listdir(local_dirpath)}")
+            self._import_downloaded_data(local_dirpath / self.IMPORTED_CONTEXT_FILE)
+        else:
+            self.context.logger.warning(f"No jobs found")
+
+        self.context.output_params.load(self.context.context.get("paths.output.params"))
+        self.context.output_params_secure.load(self.context.context.get("paths.output.params_secure"))
+
+    def _import_downloaded_data(self, src_context_filepath: Path):
+        import shutil
+        from qubership_pipelines_common_library.v1.utils.utils_file import UtilsFile
+        from qubership_pipelines_common_library.v1.utils.utils_dictionary import UtilsDictionary
+
+        if src_context_filepath.is_file():
+            self.context.logger.info(f"Importing from context file {src_context_filepath}")
+            src_context = UtilsFile.read_yaml(src_context_filepath)
+            src_base_dirpath = src_context_filepath.parent
+
+            def get_path_from_src_context(param, default_value=None):
+                if param_value := UtilsDictionary.get_by_path(src_context, param, default_value):
+                    return Path(src_base_dirpath, param_value)
+                return None
+
+            for src in ('paths.output.params', 'paths.output.params_secure',):
+                src_filepath = get_path_from_src_context(src)
+                if src_filepath and src_filepath.is_file():
+                    dst_file = self.context.context.get(src)
+                    self.context.logger.info(f"Copying file {src_filepath} -> {dst_file}")
+                    UtilsFile.create_parent_dirs(dst_file)
+                    shutil.copyfile(src_filepath, dst_file)
+
+            src_files_dirpath = get_path_from_src_context('paths.output.files')
+            if src_files_dirpath and src_files_dirpath.is_dir():
+                dst_files_dir = self.context.context.get('paths.output.files')
+                self.context.logger.info(f"Copying dir {src_files_dirpath} -> {dst_files_dir}")
+                shutil.copytree(src_files_dirpath, dst_files_dir, dirs_exist_ok=True)
+
+            src_logs_dirpath = get_path_from_src_context('paths.logs', 'logs')
+            for _ext in ('json', 'yaml',):
+                src_exec_report_filepath = src_logs_dirpath / f"execution_report.{_ext}"
+                if src_exec_report_filepath.is_file():
+                    dst_exec_report_filepath = self.context.path_logs / f"nested_pipeline_report.{_ext}"
+                    UtilsFile.create_parent_dirs(dst_exec_report_filepath)
+                    self.context.logger.info(f"Copying file {src_exec_report_filepath} -> {dst_exec_report_filepath}")
+                    shutil.copyfile(src_exec_report_filepath, dst_exec_report_filepath)
+
+        else:
+            self.context.logger.warning(f"Imported context file does not exist: {src_context_filepath}")

qubership_pipelines_common_library/v2/gitlab/gitlab_client.py

@@ -0,0 +1,36 @@
+import os, logging
+
+from qubership_pipelines_common_library.v1.execution.exec_info import ExecutionInfo
+from qubership_pipelines_common_library.v1.gitlab_client import GitlabClient as GitlabClientV1
+
+
+class GitlabClient(GitlabClientV1):
+
+    def trigger_pipeline(self, project_id: str, ref: str, trigger_token: str = None, variables: dict = None, use_ci_job_token: bool = False):
+        """"""
+        if variables is None:
+            variables = {}
+        if use_ci_job_token:
+            trigger_token = os.getenv('CI_JOB_TOKEN')
+        trigger_data = {k: self._cast_to_string(v) for k, v in variables.items()}
+        project = self.gl.projects.get(project_id, lazy=True)
+        pipeline = project.trigger_pipeline(ref, trigger_token, trigger_data)
+        logging.info(f"Pipeline successfully started (via TRIGGER) at {pipeline.web_url}")
+        return ExecutionInfo().with_name(project_id).with_id(pipeline.get_id()) \
+            .with_url(pipeline.web_url).with_params(trigger_data) \
+            .start()
+
+    def create_pipeline(self, project_id: str, ref: str, variables: dict):
+        """"""
+        if variables is None:
+            variables = {}
+        create_data = {
+            'ref': ref,
+            'variables': [{'key': k, 'value': self._cast_to_string(v)} for k, v in variables.items()],
+        }
+        project = self.gl.projects.get(project_id, lazy=True)
+        pipeline = project.pipelines.create(create_data)
+        logging.info(f"Pipeline successfully started (via CREATE) at {pipeline.web_url}")
+        return ExecutionInfo().with_name(project_id).with_id(pipeline.get_id()) \
+            .with_url(pipeline.web_url).with_params(create_data) \
+            .start()

qubership_pipelines_common_library/v2/gitlab/gitlab_pipeline_data_importer.py

@@ -0,0 +1,26 @@
+import zipfile
+from pathlib import Path
+
+from qubership_pipelines_common_library.v1.execution.exec_info import ExecutionInfo
+from qubership_pipelines_common_library.v2.extensions.pipeline_data_importer import PipelineDataImporter
+
+
+class DefaultGitlabPipelineDataImporter(PipelineDataImporter):
+    """
+    Default GitLab implementation:
+        downloads all available workflow run artifacts,
+        extracts them into context-defined 'paths.output.files' path
+    """
+    def import_pipeline_data(self, execution: ExecutionInfo) -> None:
+        self.context.logger.info("DefaultGitlabPipelineDataImporter - importing pipeline data...")
+        project_id = execution.get_name()
+        pipeline_id = execution.get_id()
+        if job := self.command.gl_client.get_latest_job(project_id, pipeline_id):
+            if artifacts_file := self.command.gl_client.download_job_artifacts(job.pipeline.get('project_id'), job.id, self.context.path_temp):
+                output_path = Path(self.context.input_param_get("paths.output.files"))
+                output_path.mkdir(parents=True, exist_ok=True)
+                with zipfile.ZipFile(artifacts_file) as zf:
+                    self.context.logger.debug(f"Zip contents: ${zf.namelist()}")
+                    zf.extractall(output_path)
+        else:
+            self.context.logger.warning(f"Job not found! project_id: {project_id}, pipeline_id: {pipeline_id}")

qubership_pipelines_common_library/v2/gitlab/gitlab_run_pipeline_command.py

@@ -0,0 +1,195 @@
+from qubership_pipelines_common_library.v1.execution.exec_command import ExecutionCommand
+from qubership_pipelines_common_library.v1.execution.exec_info import ExecutionInfo
+from qubership_pipelines_common_library.v1.utils.utils_string import UtilsString
+from qubership_pipelines_common_library.v2.extensions.pipeline_data_importer import PipelineDataImporter
+from qubership_pipelines_common_library.v2.gitlab.gitlab_pipeline_data_importer import DefaultGitlabPipelineDataImporter
+from qubership_pipelines_common_library.v2.gitlab.safe_gitlab_client import SafeGitlabClient
+
+
+class GitlabRunPipeline(ExecutionCommand):
+    """
+    Runs GitLab Pipeline via Trigger or Create API and optionally imports artifacts.
+
+    This command runs GitLab Pipeline, monitors its execution, and provides
+    options for importing resulting artifacts and custom data processing through extensible
+    importers.
+
+    Input Parameters Structure (this structure is expected inside "input_params.params" block):
+    ```
+    {
+        "pipeline_path": "path/to/gitlab_project",               # REQUIRED: Full pipeline path (e.g. "group/subgroup/repo")
+        "pipeline_branch": "main",                               # OPTIONAL: Branch to run pipeline from (default: repo's default branch)
+        "trigger_type": "CREATE_PIPELINE",                       # OPTIONAL: Which API will be used to trigger the pipeline (CREATE_PIPELINE or TRIGGER_PIPELINE)
+        "pipeline_params": {                                     # OPTIONAL: Input parameters to pass to the pipeline
+            "KEY1": "VALUE1",
+            "KEY2": "VALUE2"
+        },
+        "import_artifacts": false,                               # OPTIONAL: Whether to import pipeline artifacts (default: false)
+        "use_existing_pipeline": 123456789,                      # OPTIONAL: Use existing pipeline ID (or use 'latest' here) instead of starting new one (debug feature)
+        "timeout_seconds": 1800,                                 # OPTIONAL: Maximum wait time for pipeline completion in seconds (default: 1800, 0 for async execution)
+        "wait_seconds": 1,                                       # OPTIONAL: Wait interval between status checks in seconds (default: 1)
+        "retry_timeout_seconds": 180,                            # OPTIONAL: Timeout for GitLab client initialization and pipeline start retries in seconds (default: 180)
+        "retry_wait_seconds": 1,                                 # OPTIONAL: Wait interval between retries in seconds (default: 1)
+        "success_statuses": "SUCCESS,UNSTABLE"                   # OPTIONAL: Comma-separated list of acceptable completion statuses (default: SUCCESS)
+    }
+    ```
+
+    Systems Configuration (expected in "systems.gitlab" block):
+    ```
+    {
+        "url": "https://github.com",                             # OPTIONAL: GitLab URL for self-hosted instances (default: https://gitlab.com)
+        "password": "<gitlab_token>"                             # REQUIRED: GitLab access token with CI/CD permissions
+        "trigger_token": "<gitlab_trigger_token>"                # OPTIONAL: Special token issued for triggering pipeline. If not provided - will try to use CI_JOB_TOKEN
+    }
+    ```
+
+    Output Parameters:
+        - params.build.url: URL to view the pipeline run in GitLab
+        - params.build.id: ID of the executed pipeline
+        - params.build.status: Final status of the pipeline execution
+        - params.build.date: Workflow start time in ISO format
+        - params.build.duration: Total execution duration in human-readable format
+        - params.build.name: Name of the pipeline execution
+
+    Extension Points:
+        - Custom pipeline data importers can be implemented by extending PipelineDataImporter interface
+        - PipelineDataImporter is passed into constructor of command via "pipeline_data_importer" arg
+
+    Notes:
+        - Setting timeout_seconds to 0 enables asynchronous execution (workflow starts but command doesn't wait for completion)
+        - For self-hosted GitLab instances, configure "systems.github.url"
+        - Custom data importers receive the command context and can implement advanced processing logic
+    """
+
+    # default timeout values
+    WAIT_TIMEOUT = 1800
+    WAIT_SECONDS = 1
+    RETRY_TIMEOUT_SECONDS = 180
+    RETRY_WAIT_SECONDS = 1
+
+    TRIGGER_TYPE_TRIGGER_PIPELINE = 'TRIGGER_PIPELINE'
+    TRIGGER_TYPE_CREATE_PIPELINE = 'CREATE_PIPELINE'
+    TRIGGER_TYPES = (TRIGGER_TYPE_TRIGGER_PIPELINE, TRIGGER_TYPE_CREATE_PIPELINE,)
+
+    def __init__(self, *args, pipeline_data_importer: PipelineDataImporter = None, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.pipeline_data_importer = pipeline_data_importer or DefaultGitlabPipelineDataImporter()
+        if pipeline_data_importer and not isinstance(pipeline_data_importer, PipelineDataImporter):
+            raise TypeError(f"Class {type(pipeline_data_importer)} must inherit from PipelineDataImporter")
+
+    def _validate(self):
+        names = [
+            "paths.input.params",
+            "paths.output.params",
+            "paths.output.files",
+            "systems.gitlab.password",
+            "params.pipeline_path",
+        ]
+        if not self.context.validate(names):
+            return False
+
+        self.timeout_seconds = max(0, int(self.context.input_param_get("params.timeout_seconds", self.WAIT_TIMEOUT)))
+        self.wait_seconds = max(1, int(self.context.input_param_get("params.wait_seconds", self.WAIT_SECONDS)))
+
+        self.retry_timeout_seconds = int(self.context.input_param_get("params.retry_timeout_seconds", self.RETRY_TIMEOUT_SECONDS))
+        self.retry_wait_seconds = int(self.context.input_param_get("params.retry_wait_seconds", self.RETRY_WAIT_SECONDS))
+
+        if self.timeout_seconds == 0:
+            self.context.logger.info(f"Timeout is set to: {self.timeout_seconds}. This means that the pipeline will be started asynchronously")
+
+        self.gitlab_url = self.context.input_param_get("systems.gitlab.url", "https://gitlab.com")
+        self.pipeline_path = self.context.input_param_get("params.pipeline_path").strip("/")
+        self.pipeline_branch = self.context.input_param_get("params.pipeline_branch")
+
+        self.trigger_type = self.context.input_param_get("params.trigger_type", self.TRIGGER_TYPE_CREATE_PIPELINE)
+        if self.trigger_type not in self.TRIGGER_TYPES:
+            self.context.logger.error(f"Unsupported trigger_type: {self.trigger_type}")
+            return False
+        if self.trigger_type == self.TRIGGER_TYPE_TRIGGER_PIPELINE:
+            self.trigger_token = self.context.input_param_get("systems.gitlab.trigger_token")
+
+        self.pipeline_params = self.context.input_param_get("params.pipeline_params", {})
+        if not self.pipeline_params:
+            self.context.logger.info(f"Pipeline parameters were not specified. This means that pipeline will be started with its default values")
+        if not isinstance(self.pipeline_params, dict):
+            self.context.logger.error(f"Pipeline parameters were not loaded correctly. Probably mistake in the params definition")
+            return False
+        self.import_artifacts = UtilsString.convert_to_bool(self.context.input_param_get("params.import_artifacts", False))
+        self.success_statuses = [x.strip() for x in self.context.input_param_get("params.success_statuses", ExecutionInfo.STATUS_SUCCESS).split(",")]
+        self.use_existing_pipeline = self.context.input_param_get("params.use_existing_pipeline")
+        return True
+
+    def _execute(self):
+        self.context.logger.info("Running gitlab-run-pipeline...")
+
+        self.gl_client = SafeGitlabClient.create_gitlab_client(
+            host=self.gitlab_url,
+            username="",
+            password=self.context.input_param_get("systems.gitlab.password"),
+            retry_timeout_seconds=self.retry_timeout_seconds,
+            retry_wait_seconds=self.retry_wait_seconds
+        )
+        self.context.logger.info(f"Successfully initialized GitLab client")
+
+        if not self.pipeline_branch:
+            self.pipeline_branch = self.gl_client.get_default_branch(project_id=self.pipeline_path)
+
+        if self.use_existing_pipeline: # work with existing pipeline run
+            if self.use_existing_pipeline == 'latest':
+                pipeline_id = self.gl_client.get_latest_pipeline_id(project_id=self.pipeline_path, ref=self.pipeline_branch)
+            else:
+                pipeline_id = self.use_existing_pipeline
+            self.context.logger.info(f"Using existing pipeline: {pipeline_id}")
+            execution = ExecutionInfo().with_name(self.pipeline_path).with_id(pipeline_id).with_status(ExecutionInfo.STATUS_UNKNOWN)
+            execution.start()
+        else:
+            if self.trigger_type == self.TRIGGER_TYPE_CREATE_PIPELINE:
+                execution = self.gl_client.create_pipeline(
+                    project_id=self.pipeline_path,
+                    ref=self.pipeline_branch,
+                    variables=self.pipeline_params,
+                    retry_timeout_seconds=self.retry_timeout_seconds,
+                    retry_wait_seconds=self.retry_wait_seconds
+                )
+            elif self.trigger_type == self.TRIGGER_TYPE_TRIGGER_PIPELINE:
+                 execution = self.gl_client.trigger_pipeline(
+                     project_id=self.pipeline_path,
+                     ref=self.pipeline_branch,
+                     trigger_token=self.trigger_token,
+                     variables=self.pipeline_params,
+                     use_ci_job_token=(self.trigger_token is None),
+                     retry_timeout_seconds=self.retry_timeout_seconds,
+                     retry_wait_seconds=self.retry_wait_seconds
+                 )
+
+        if execution.get_status() != ExecutionInfo.STATUS_IN_PROGRESS:
+            self._exit(False, f"Pipeline was not started. Status {execution.get_status()}")
+        elif self.timeout_seconds < 1:
+            self.context.logger.info("Pipeline was started in asynchronous mode. Pipeline status and artifacts will not be processed")
+            return
+
+        self.context.logger.info(f"Pipeline successfully started. Waiting {self.timeout_seconds} seconds for execution to complete")
+        execution = self.gl_client.wait_pipeline_execution(execution=execution, timeout_seconds=self.timeout_seconds,
+                                                           wait_seconds=self.wait_seconds)
+        self.context.logger.info(f"Pipeline status: {execution.get_status()}")
+
+        if self.import_artifacts and self.pipeline_data_importer and execution.get_status() in ExecutionInfo.STATUSES_COMPLETE:
+            try:
+                self.pipeline_data_importer.with_command(self)
+                self.pipeline_data_importer.import_pipeline_data(execution)
+            except Exception as e:
+                self.context.logger.error(f"Exception during pipeline_data_importer execution: {e}")
+
+        self._save_execution_info(execution)
+        if execution.get_status() not in self.success_statuses:
+            self._exit(False, f"Status: {execution.get_status()}")
+
+    def _save_execution_info(self, execution: ExecutionInfo):
+        self.context.logger.info(f"Writing GitLab pipeline execution status")
+        self.context.output_param_set("params.build.url", execution.get_url())
+        self.context.output_param_set("params.build.id", execution.get_id())
+        self.context.output_param_set("params.build.status", execution.get_status())
+        self.context.output_param_set("params.build.date", execution.get_time_start().isoformat())
+        self.context.output_param_set("params.build.duration", execution.get_duration_str())
+        self.context.output_param_set("params.build.name", execution.get_name())
+        self.context.output_params_save()

qubership_pipelines_common_library/v2/gitlab/safe_gitlab_client.py

@@ -0,0 +1,32 @@
+from qubership_pipelines_common_library.v1.execution.exec_info import ExecutionInfo
+from qubership_pipelines_common_library.v2.gitlab.gitlab_client import GitlabClient
+from qubership_pipelines_common_library.v2.utils.retry_decorator import RetryDecorator
+
+
+class SafeGitlabClient(GitlabClient):
+
+    def __init__(self, host: str, username: str, password: str):
+        super().__init__(host=host, username=username, password=password)
+
+    @classmethod
+    @RetryDecorator(condition_func=lambda result: result is not None)
+    def create_gitlab_client(cls, host: str, username: str, password: str,
+                             retry_timeout_seconds: int = 180, retry_wait_seconds: int = 1):
+        return cls(host, username, password)
+
+    @RetryDecorator(
+        condition_func=lambda result: result is not None and result.get_status() not in [
+            ExecutionInfo.STATUS_NOT_STARTED, ExecutionInfo.STATUS_UNKNOWN]
+    )
+    def trigger_pipeline(self, project_id: str, ref: str, trigger_token: str = None, variables: dict = None,
+                         use_ci_job_token: bool = False, retry_timeout_seconds: int = 180, retry_wait_seconds: int = 1):
+        return super().trigger_pipeline(project_id=project_id, ref=ref, trigger_token=trigger_token,
+                                        variables=variables, use_ci_job_token=use_ci_job_token)
+
+    @RetryDecorator(
+        condition_func=lambda result: result is not None and result.get_status() not in [
+            ExecutionInfo.STATUS_NOT_STARTED, ExecutionInfo.STATUS_UNKNOWN]
+    )
+    def create_pipeline(self, project_id: str, ref: str, variables: dict = None,
+                         retry_timeout_seconds: int = 180, retry_wait_seconds: int = 1):
+        return super().create_pipeline(project_id=project_id, ref=ref, variables=variables)

qubership_pipelines_common_library/v2/podman/podman_command.md

@@ -0,0 +1,172 @@
+# Podman Run Image Command
+
+Executes a container using `podman run` command.
+
+This command supports running containers with configurable execution parameters, environment variable management, file mounting, and output extraction.
+
+## Input Parameters
+
+This structure is expected inside the `input_params.params` block:
+
+```json
+{
+    "image": "docker.io/library/hello-world:latest",
+    "command": "python -m pipelines_declarative_executor run --pipeline_dir=\"/WORK/EXEC_DIR\"",
+    "execution_config": {
+        "working_dir": "/some/dir/inside/container",
+        "timeout": "600",
+        "operations_timeout": "15",
+        "remove_container": true,
+        "save_stdout_to_logs": true,
+        "save_stdout_to_files": true,
+        "save_stdout_to_params": false,
+        "expected_return_codes": "0,125",
+        "additional_run_flags": "--cgroups=disabled"
+    },
+    "before_script": {
+        "mounts": {
+            "output_files": "/WORK",
+            "prepared_data": "/CONFIGS"
+        },
+        "env_vars": {
+            "explicit": {
+                "PIPELINES_DECLARATIVE_EXECUTOR_ENCRYPT_OUTPUT_SECURE_PARAMS": false
+            },
+            "env_files": [
+                "../CONFIGS/sample.env"
+            ],
+            "pass_via_file": {
+                "SOMETHING_VERY_SECURE": "PASSWORD"
+            },
+            "host_prefixes": [
+                "SOME_PREFIX_*"
+            ]
+        }
+    },
+    "after_script": {
+        "copy_files_to_host": {
+            "output_files/report.json": "/WORK/EXEC_DIR/pipeline_state/pipeline_ui_view.json",
+            "output_files/pipeline_state": "/WORK/EXEC_DIR/pipeline_state"
+        },
+        "extract_params_from_files": {
+            "SOME_FILE_IN_CONTAINER": "SECTION_NAME_IN_PARAMS_WHERE_IT_WILL_BE_STORED"
+        }
+    }
+}
+```
+
+## Parameter Reference
+
+All params are referenced here without their top-level "params" section.
+
+Actual `input_params.yaml` should look like this sample:
+
+```yaml
+kind: AtlasModuleParamsInsecure
+apiVersion: v1
+params:
+  image: docker.io/library/hello-world:latest
+  command: ....
+  execution_config:
+    timeout: 300
+    save_container_stdout_to_params: True
+  before_script:
+    mounts:
+      output_files: /WORK
+```
+
+Or you can also pass required parameters via CLI arguments:
+
+`qubership_cli_samples podman-run -p params.image=docker.io/my_image -p params.execution_config.timeout=300`
+
+### Required Parameters
+
+- **`image`** (string): Container image to run
+
+### Optional Parameters
+
+#### Execution Configuration
+
+- **`command`** (string): Command to execute in container
+- **`execution_config`** (object): Container execution settings
+  - **`working_dir`** (string): Working directory inside container
+  - **`timeout`** (float/string): Maximum execution time in seconds (e.g. "60", "36.6", etc.)
+  - **`operations_timeout`** (float/string): Timeout for operations like file copying in seconds
+  - **`remove_container`** (boolean): Whether to remove container after execution
+  - **`save_stdout_to_logs`** (boolean): Save container stdout to execution logs
+  - **`save_stdout_to_files`** (boolean): Save container stdout to output files
+  - **`save_stdout_to_params`** (boolean): Save container stdout to output parameters
+  - **`expected_return_codes`** (string): Comma-separated list of acceptable exit codes
+  - **`additional_run_flags`** (string): Flags that will be added to "podman run" command
+
+#### Before Script Configuration
+
+- **`before_script`** (object): Pre-execution configuration
+  - **`mounts`** (object): Filesystem mounts from host to container (`host_path: container_path`)
+  - **`env_vars`** (object): Environment variable configuration. There's podman-specific priority of these vars (lower to highest): file vars, direct vars, host vars.
+    - **`explicit`** (object): Direct environment variable assignment
+    - **`env_files`** (array): Environment files on host to load and pass into container
+    - **`pass_via_file`** (object): Sensitive vars passed via temp file
+    - **`host_prefixes`** (array): Host environment variable prefixes to pass through (can use `"*"` to pass everything from host)
+
+#### After Script Configuration
+
+- **`after_script`** (object): Post-execution operations
+  - **`copy_files_to_host`** (object): Copy files from container to host after execution (`host_path: container_path`)
+  - **`extract_params_from_files`** (object): Extract parameters from container files (supports JSON, YAML, and ENV files)
+
+## Output Parameters
+
+- `params.execution_time`: Total execution time in seconds
+- `params.return_code`: Container exit code
+- `params.stdout`: Container stdout (if `save_stdout_to_params` enabled)
+- `params.stderr`: Container stderr (if `save_stdout_to_params` enabled)
+- `params.extracted_output.*`: Extracted parameters from files (if `extract_params_from_files` configured)
+
+## Notes
+
+- The command automatically handles container lifecycle including start, execution, and cleanup
+- All host-paths (including mount paths) are resolved relative to context directory
+
+## Adding podman executable in your image
+
+To install and use `podman run` in your Dockerimage (`python:3.11-slim` was used as a base image, to run `Pipelines Declarative Executor`) inside usual CIs (GitHub/GitLab) following approaches worked:
+
+### GitHub
+
+1. `apt-get install podman nftables fuse-overlayfs`
+2. ```bash
+    RUN cat <<EOF > /etc/containers/storage.conf
+    [storage]
+    driver = "overlay"
+    runroot = "/run/containers/storage"
+    graphroot = "/var/lib/containers/storage"
+    [storage.options]
+    mount_program = "/usr/bin/fuse-overlayfs"
+    EOF
+    ```
+3. In your workflow file, need to pass `--privileged` option
+    ```
+   jobs:
+      execute-pipeline:
+        runs-on: ubuntu-latest
+        container:
+          image: ghcr.io/netcracker/qubership-pipelines-declarative-executor:dev_podman_engine
+          options: --privileged
+    ```
+4. Need to run `PodmanRunImage` command with additional flags: `"additional_run_flags": "--cgroups=disabled"`
+
+### GitLab
+
+1. `apt-get install podman nftables slirp4netns fuse-overlayfs`
+2. ```bash
+    RUN cat <<EOF > /etc/containers/storage.conf
+    [storage]
+    driver = "overlay"
+    runroot = "/run/containers/storage"
+    graphroot = "/var/lib/containers/storage"
+    [storage.options]
+    mount_program = "/usr/bin/fuse-overlayfs"
+    EOF
+    ```
+3. Need to run `PodmanRunImage` command with additional flags: `"additional_run_flags": "--cgroups=disabled --network slirp4netns"`