Cloning into '/home/prow/go/src/github.com/google/licenseclassifier'... Docker in Docker enabled, initializing... ================================================================================ * Starting Docker: docker ...done. Waiting for docker to be ready, sleeping for 1 seconds. Cleaning up binfmt_misc ... ================================================================================ Done setting up docker in docker. Activated service account credentials for: [prow-account@tekton-releases.iam.gserviceaccount.com] == Running ./runner.sh backward compatibility test runner === + [[ 12 -ne 0 ]] + case $1 in ++ cut -d = -f2 + gcloud auth activate-service-account --key-file=/etc/test-account/service-account.json Activated service account credentials for: [prow-account@tekton-releases.iam.gserviceaccount.com] + shift + [[ 11 -ne 0 ]] + case $1 in + shift + [[ -- == \-\- ]] + shift + break + /usr/local/bin/kind-e2e --k8s-version v1.28.x --nodes 3 --e2e-script ./test/e2e-tests.sh --e2e-env ./test/e2e-tests-kind-prow.env + K8S_VERSION=v1.28.x + REGISTRY_NAME=registry.local + REGISTRY_PORT=5000 + CLUSTER_SUFFIX=cluster.local + NODE_COUNT=1 + REGISTRY_AUTH=0 + ESTARGZ_SUPPORT=0 + E2E_SCRIPT=test/e2e-tests.sh + E2E_ENV= + [[ 8 -ne 0 ]] + parameter=--k8s-version + case "${parameter}" in + shift + K8S_VERSION=v1.28.x + shift + [[ 6 -ne 0 ]] + parameter=--nodes + case "${parameter}" in + shift + NODE_COUNT=3 + shift + [[ 4 -ne 0 ]] + parameter=--e2e-script + case "${parameter}" in + shift + E2E_SCRIPT=./test/e2e-tests.sh + shift + [[ 2 -ne 0 ]] + parameter=--e2e-env + case "${parameter}" in + shift + E2E_ENV=./test/e2e-tests-kind-prow.env + shift + [[ 0 -ne 0 ]] + [[ ./test/e2e-tests-kind-prow.env != '' ]] + [[ ! -f ./test/e2e-tests-kind-prow.env ]] + case ${K8S_VERSION} in + K8S_VERSION=1.28.9 + KIND_IMAGE_SHA=sha256:dca54bc6a6079dd34699d53d7d4ffa2e853e46a20cd12d619a09207e35300bd0 + KIND_IMAGE=kindest/node:1.28.9@sha256:dca54bc6a6079dd34699d53d7d4ffa2e853e46a20cd12d619a09207e35300bd0 + echo '--- Setup KinD Cluster' --- Setup KinD Cluster + cat ++ seq 1 1 3 + for i in $(seq 1 1 "${NODE_COUNT}") + cat + for i in $(seq 1 1 "${NODE_COUNT}") + cat + for i in $(seq 1 1 "${NODE_COUNT}") + cat + cat ++ containerd_config ++ [[ 0 = \1 ]] ++ cat + echo '--- kind.yaml' --- kind.yaml + cat kind.yaml apiVersion: kind.x-k8s.io/v1alpha4 kind: Cluster nodes: - role: control-plane image: "kindest/node:1.28.9@sha256:dca54bc6a6079dd34699d53d7d4ffa2e853e46a20cd12d619a09207e35300bd0" - role: worker image: "kindest/node:1.28.9@sha256:dca54bc6a6079dd34699d53d7d4ffa2e853e46a20cd12d619a09207e35300bd0" - role: worker image: "kindest/node:1.28.9@sha256:dca54bc6a6079dd34699d53d7d4ffa2e853e46a20cd12d619a09207e35300bd0" - role: worker image: "kindest/node:1.28.9@sha256:dca54bc6a6079dd34699d53d7d4ffa2e853e46a20cd12d619a09207e35300bd0" kubeadmConfigPatches: # This is needed in order to support projected volumes with service account tokens. # See: https://kubernetes.slack.com/archives/CEKK1KTN2/p1600268272383600 - | apiVersion: kubeadm.k8s.io/v1beta2 kind: ClusterConfiguration metadata: name: config apiServer: extraArgs: "service-account-issuer": "kubernetes.default.svc" "service-account-signing-key-file": "/etc/kubernetes/pki/sa.key" networking: dnsDomain: "cluster.local" # This is needed to avoid filling our disk. # See: https://kubernetes.slack.com/archives/CEKK1KTN2/p1603391142276400 - | kind: KubeletConfiguration metadata: name: config imageGCHighThresholdPercent: 90 containerdConfigPatches: - |- [plugins."io.containerd.grpc.v1.cri".containerd] # Support many layered images: https://kubernetes.slack.com/archives/CEKK1KTN2/p1602770111199000 disable_snapshot_annotations = true # Support a local registry [plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.local:5000"] endpoint = ["http://registry.local:5000"] + kind --version kind version 0.23.0 + docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + kind create cluster --config kind.yaml Creating cluster "kind" ... â€ĸ Ensuring node image (kindest/node:1.28.9) đŸ–ŧ ... ✓ Ensuring node image (kindest/node:1.28.9) đŸ–ŧ â€ĸ Preparing nodes đŸ“Ļ đŸ“Ļ đŸ“Ļ đŸ“Ļ ... ✓ Preparing nodes đŸ“Ļ đŸ“Ļ đŸ“Ļ đŸ“Ļ â€ĸ Writing configuration 📜 ... ✓ Writing configuration 📜 â€ĸ Starting control-plane 🕹ī¸ ... ✓ Starting control-plane 🕹ī¸ â€ĸ Installing CNI 🔌 ... ✓ Installing CNI 🔌 â€ĸ Installing StorageClass 💾 ... ✓ Installing StorageClass 💾 â€ĸ Joining worker nodes 🚜 ... ✓ Joining worker nodes 🚜 Set kubectl context to "kind-kind" You can now use your cluster with: kubectl cluster-info --context kind-kind Have a nice day! 👋 + echo '--- Setup metallb' --- Setup metallb + kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.10/config/manifests/metallb-native.yaml namespace/metallb-system created customresourcedefinition.apiextensions.k8s.io/addresspools.metallb.io created customresourcedefinition.apiextensions.k8s.io/bfdprofiles.metallb.io created customresourcedefinition.apiextensions.k8s.io/bgpadvertisements.metallb.io created customresourcedefinition.apiextensions.k8s.io/bgppeers.metallb.io created customresourcedefinition.apiextensions.k8s.io/communities.metallb.io created customresourcedefinition.apiextensions.k8s.io/ipaddresspools.metallb.io created customresourcedefinition.apiextensions.k8s.io/l2advertisements.metallb.io created serviceaccount/controller created serviceaccount/speaker created role.rbac.authorization.k8s.io/controller created role.rbac.authorization.k8s.io/pod-lister created clusterrole.rbac.authorization.k8s.io/metallb-system:controller created clusterrole.rbac.authorization.k8s.io/metallb-system:speaker created rolebinding.rbac.authorization.k8s.io/controller created rolebinding.rbac.authorization.k8s.io/pod-lister created clusterrolebinding.rbac.authorization.k8s.io/metallb-system:controller created clusterrolebinding.rbac.authorization.k8s.io/metallb-system:speaker created configmap/metallb-excludel2 created secret/webhook-server-cert created service/webhook-service created deployment.apps/controller created daemonset.apps/speaker created validatingwebhookconfiguration.admissionregistration.k8s.io/metallb-webhook-configuration created ++ openssl rand -base64 128 + kubectl create secret generic -n metallb-system memberlist '--from-literal=secretkey=D5apREXsztqZ4O4TaZGBf6V161RI0ePrVKQFC7DhVvQ3159a7Yjcj7MJIijNdZIG TYyYsQhbgz6xXvfQPw4YRKyT8LyUFYIbVtKo6SPp77xaE0bqHTVoB8BWFzINzOq+ VQlI+S4kV5b/pPBm25N7t06LAKO2ZlmMIaZ7snQw6Lc=' secret/memberlist created ++ cut -d . -f1,2 ++ docker network inspect kind -f '{{(index .IPAM.Config 0).Subnet}}' + network=fc00:f853:ccd:e793::/64 + kubectl apply -f - + cat configmap/config created + echo '--- Setup container registry' --- Setup container registry + EXTRA_ARGS=() + [[ 0 == \1 ]] + docker run -d --restart=always -p 5000:5000 --name registry.local registry:2 Unable to find image 'registry:2' locally 2: Pulling from library/registry 44cf07d57ee4: Pulling fs layer bbbdd6c6894b: Pulling fs layer 8e82f80af0de: Pulling fs layer 3493bf46cdec: Pulling fs layer 6d464ea18732: Pulling fs layer 3493bf46cdec: Waiting 6d464ea18732: Waiting bbbdd6c6894b: Download complete 8e82f80af0de: Verifying Checksum 8e82f80af0de: Download complete 44cf07d57ee4: Verifying Checksum 44cf07d57ee4: Download complete 3493bf46cdec: Verifying Checksum 3493bf46cdec: Download complete 6d464ea18732: Verifying Checksum 6d464ea18732: Download complete 44cf07d57ee4: Pull complete bbbdd6c6894b: Pull complete 8e82f80af0de: Pull complete 3493bf46cdec: Pull complete 6d464ea18732: Pull complete Digest: sha256:a3d8aaa63ed8681a604f1dea0aa03f100d5895b6a58ace528858a7b332415373 Status: Downloaded newer image for registry:2 4f35e69388b02d45e09ab3481d8578e65f9f581a6f7ae1e3a238b5470ca291ab + docker network connect kind registry.local + echo '127.0.0.1 registry.local' + tee -a /etc/hosts 127.0.0.1 registry.local + [[ 0 == \1 ]] + export KO_DOCKER_REPO=kind.local + KO_DOCKER_REPO=kind.local + [[ ./test/e2e-tests.sh == '' ]] + [[ ./test/e2e-tests-kind-prow.env != '' ]] + set -o allexport + source ./test/e2e-tests-kind-prow.env ++ E2E_SKIP_CLUSTER_CREATION=true ++ KO_DOCKER_REPO=registry.local:5000 ++ ARTIFACTS=/workspace/source/artifacts + set +o allexport + ./test/e2e-tests.sh ./test/../vendor/github.com/tektoncd/plumbing/scripts/library.sh: line 22: SERVING_GKE_VERSION: readonly variable ./test/../vendor/github.com/tektoncd/plumbing/scripts/library.sh: line 23: SERVING_GKE_IMAGE: readonly variable ./test/../vendor/github.com/tektoncd/plumbing/scripts/library.sh: line 34: IS_PROW: readonly variable ./test/../vendor/github.com/tektoncd/plumbing/scripts/library.sh: line 36: REPO_ROOT_DIR: readonly variable ./test/../vendor/github.com/tektoncd/plumbing/scripts/library.sh: line 37: REPO_NAME: readonly variable ./test/../vendor/github.com/tektoncd/plumbing/scripts/library.sh: line 402: _PLUMBING_SCRIPTS_DIR: readonly variable ./test/../vendor/github.com/tektoncd/plumbing/scripts/library.sh: line 403: REPO_NAME_FORMATTED: readonly variable ./test/../vendor/github.com/tektoncd/plumbing/scripts/e2e-tests.sh: line 47: E2E_CLUSTER_BACKUP_REGIONS: readonly variable ./test/../vendor/github.com/tektoncd/plumbing/scripts/e2e-tests.sh: line 48: E2E_CLUSTER_BACKUP_ZONES: readonly variable ./test/../vendor/github.com/tektoncd/plumbing/scripts/e2e-tests.sh: line 50: E2E_CLUSTER_MACHINE: readonly variable ./test/../vendor/github.com/tektoncd/plumbing/scripts/e2e-tests.sh: line 51: E2E_GKE_ENVIRONMENT: readonly variable ./test/../vendor/github.com/tektoncd/plumbing/scripts/e2e-tests.sh: line 52: E2E_GKE_COMMAND_GROUP: readonly variable ./test/../vendor/github.com/tektoncd/plumbing/scripts/e2e-tests.sh: line 57: E2E_MIN_CLUSTER_NODES: readonly variable ./test/../vendor/github.com/tektoncd/plumbing/scripts/e2e-tests.sh: line 58: E2E_MAX_CLUSTER_NODES: readonly variable ./test/../vendor/github.com/tektoncd/plumbing/scripts/e2e-tests.sh: line 60: E2E_BASE_NAME: readonly variable ./test/../vendor/github.com/tektoncd/plumbing/scripts/e2e-tests.sh: line 61: E2E_CLUSTER_NAME: readonly variable ./test/../vendor/github.com/tektoncd/plumbing/scripts/e2e-tests.sh: line 62: E2E_NETWORK_NAME: readonly variable ./test/../vendor/github.com/tektoncd/plumbing/scripts/e2e-tests.sh: line 63: TEST_RESULT_FILE: readonly variable >> Deploying Tekton Pipelines Installing https://github.com/tektoncd/pipeline/releases/download/v1.1.0/release.yaml namespace/tekton-pipelines created clusterrole.rbac.authorization.k8s.io/tekton-pipelines-controller-cluster-access created clusterrole.rbac.authorization.k8s.io/tekton-pipelines-controller-tenant-access created clusterrole.rbac.authorization.k8s.io/tekton-pipelines-webhook-cluster-access created clusterrole.rbac.authorization.k8s.io/tekton-events-controller-cluster-access created role.rbac.authorization.k8s.io/tekton-pipelines-controller created role.rbac.authorization.k8s.io/tekton-pipelines-webhook created role.rbac.authorization.k8s.io/tekton-pipelines-events-controller created role.rbac.authorization.k8s.io/tekton-pipelines-leader-election created role.rbac.authorization.k8s.io/tekton-pipelines-info created serviceaccount/tekton-pipelines-controller created serviceaccount/tekton-pipelines-webhook created serviceaccount/tekton-events-controller created clusterrolebinding.rbac.authorization.k8s.io/tekton-pipelines-controller-cluster-access created clusterrolebinding.rbac.authorization.k8s.io/tekton-pipelines-controller-tenant-access created clusterrolebinding.rbac.authorization.k8s.io/tekton-pipelines-webhook-cluster-access created clusterrolebinding.rbac.authorization.k8s.io/tekton-events-controller-cluster-access created rolebinding.rbac.authorization.k8s.io/tekton-pipelines-controller created rolebinding.rbac.authorization.k8s.io/tekton-pipelines-webhook created rolebinding.rbac.authorization.k8s.io/tekton-pipelines-controller-leaderelection created rolebinding.rbac.authorization.k8s.io/tekton-pipelines-webhook-leaderelection created rolebinding.rbac.authorization.k8s.io/tekton-pipelines-info created rolebinding.rbac.authorization.k8s.io/tekton-pipelines-events-controller created rolebinding.rbac.authorization.k8s.io/tekton-events-controller-leaderelection created customresourcedefinition.apiextensions.k8s.io/customruns.tekton.dev created customresourcedefinition.apiextensions.k8s.io/pipelines.tekton.dev created customresourcedefinition.apiextensions.k8s.io/pipelineruns.tekton.dev created customresourcedefinition.apiextensions.k8s.io/resolutionrequests.resolution.tekton.dev created customresourcedefinition.apiextensions.k8s.io/stepactions.tekton.dev created customresourcedefinition.apiextensions.k8s.io/tasks.tekton.dev created customresourcedefinition.apiextensions.k8s.io/taskruns.tekton.dev created customresourcedefinition.apiextensions.k8s.io/verificationpolicies.tekton.dev created secret/webhook-certs created validatingwebhookconfiguration.admissionregistration.k8s.io/validation.webhook.pipeline.tekton.dev created mutatingwebhookconfiguration.admissionregistration.k8s.io/webhook.pipeline.tekton.dev created validatingwebhookconfiguration.admissionregistration.k8s.io/config.webhook.pipeline.tekton.dev created clusterrole.rbac.authorization.k8s.io/tekton-aggregate-edit created clusterrole.rbac.authorization.k8s.io/tekton-aggregate-view created configmap/config-defaults created configmap/config-events created configmap/feature-flags created configmap/pipelines-info created configmap/config-leader-election-controller created configmap/config-leader-election-events created configmap/config-leader-election-webhook created configmap/config-logging created configmap/config-observability created configmap/config-registry-cert created configmap/config-spire created configmap/config-tracing created deployment.apps/tekton-pipelines-controller created service/tekton-pipelines-controller created deployment.apps/tekton-events-controller created service/tekton-events-controller created namespace/tekton-pipelines-resolvers created clusterrole.rbac.authorization.k8s.io/tekton-pipelines-resolvers-resolution-request-updates created role.rbac.authorization.k8s.io/tekton-pipelines-resolvers-namespace-rbac created serviceaccount/tekton-pipelines-resolvers created clusterrolebinding.rbac.authorization.k8s.io/tekton-pipelines-resolvers created rolebinding.rbac.authorization.k8s.io/tekton-pipelines-resolvers-namespace-rbac created configmap/bundleresolver-config created configmap/cluster-resolver-config created configmap/resolvers-feature-flags created configmap/config-leader-election-resolvers created configmap/config-logging created configmap/config-observability created configmap/git-resolver-config created configmap/http-resolver-config created configmap/hubresolver-config created deployment.apps/tekton-pipelines-remote-resolvers created service/tekton-pipelines-remote-resolvers created horizontalpodautoscaler.autoscaling/tekton-pipelines-webhook created deployment.apps/tekton-pipelines-webhook created service/tekton-pipelines-webhook created Enabling StepActions on the cluster configmap/feature-flags patched (no change) No resources found No resources found No resources found No resources found No resources found Waiting until all pods in namespace tekton-pipelines are up..... All pods are up: tekton-events-controller-6b7779c458-shz2l 1/1 Running 0 12s tekton-pipelines-controller-645847c466-hw9x2 1/1 Running 0 12s tekton-pipelines-webhook-5889b64bc-9lcfg 1/1 Running 0 12s + set -o pipefail ++ echo stepaction/git-clone/0.1/tests stepaction/git-clone/0.2/tests stepaction/tekton-catalog-publish/0.1/tests stepaction/tekton-catalog-publish/0.2/tests stepaction/tekton-catalog-publish/0.3/tests + all_stepactions='stepaction/git-clone/0.1/tests stepaction/git-clone/0.2/tests stepaction/tekton-catalog-publish/0.1/tests stepaction/tekton-catalog-publish/0.2/tests stepaction/tekton-catalog-publish/0.3/tests' ++ echo task/ansible-builder/0.1/tests task/ansible-runner/0.1/tests task/ansible-runner/0.2/tests task/asciidoctor/0.1/tests task/bentoml/0.1/tests task/black/0.1/tests task/black/0.2/tests task/blue-green-deploy/0.1/tests task/blue-green-deploy/0.2/tests task/buildah/0.1/tests task/buildah/0.2/tests task/buildah/0.3/tests task/buildah/0.4/tests task/buildah/0.5/tests task/buildah/0.6/tests task/buildah/0.7/tests task/buildah/0.8/tests task/buildah/0.9/tests task/buildpacks-phases/0.1/tests task/buildpacks-phases/0.2/tests task/buildpacks-phases/0.3/tests task/buildpacks/0.1/tests task/buildpacks/0.2/tests task/buildpacks/0.3/tests task/buildpacks/0.4/tests task/buildpacks/0.5/tests task/buildpacks/0.6/tests task/check-make/0.1/tests task/codecov/0.1/tests task/codecov/0.2/tests task/curl/0.1/tests task/docker-build/0.1/tests task/dockerslim-build/0.1/tests task/flake8/0.1/tests task/gcloud/0.3/tests task/generate-build-id/0.1/tests task/git-batch-merge/0.1/tests task/git-batch-merge/0.2/tests task/git-batch-merge/0.3/tests task/git-cli/0.1/tests task/git-cli/0.2/tests task/git-cli/0.3/tests task/git-cli/0.4/tests task/git-clone/0.1/tests task/git-clone/0.10/tests task/git-clone/0.2/tests task/git-clone/0.3/tests task/git-clone/0.4/tests task/git-clone/0.5/tests task/git-clone/0.6/tests task/git-clone/0.7/tests task/git-clone/0.8/tests task/git-clone/0.9/tests task/git-version/0.1/tests task/gitea-set-status/0.1/tests task/github-add-comment/0.1/tests task/github-add-comment/0.2/tests task/github-add-comment/0.3/tests task/github-add-comment/0.4/tests task/github-add-comment/0.5/tests task/github-add-comment/0.6/tests task/github-add-comment/0.7/tests task/github-add-gist/0.1/tests task/github-add-gist/0.2/tests task/github-create-deployment-status/0.1/tests task/github-create-deployment/0.2/tests task/github-open-pr/0.1/tests task/github-open-pr/0.2/tests task/github-request-reviewers/0.1/tests task/github-set-status/0.4/tests task/gitlab-set-status/0.1/tests task/gitlab-set-status/0.2/tests task/gitleaks/0.1/tests task/golang-build/0.1/tests task/golang-build/0.2/tests task/golang-build/0.3/tests task/golang-fuzz/0.1/tests task/golang-test/0.1/tests task/golang-test/0.2/tests task/golangci-lint/0.1/tests task/golangci-lint/0.2/tests task/gradle/0.1/tests task/gradle/0.2/tests task/gradle/0.3/tests task/gradle/0.4/tests task/grype/0.1/tests task/hadolint/0.1/tests task/helm-render-manifests-from-repo/0.1/tests task/helm-upgrade-from-repo/0.1/tests task/helm-upgrade-from-repo/0.2/tests task/helm-upgrade-from-repo/0.3/tests task/helm-upgrade-from-source/0.1/tests task/helm-upgrade-from-source/0.2/tests task/helm-upgrade-from-source/0.3/tests task/helm-upgrade-from-source/0.4/tests task/hugo/0.1/tests task/jenkins/0.1/tests task/jib-gradle/0.1/tests task/jib-gradle/0.2/tests task/jib-gradle/0.3/tests task/jib-gradle/0.4/tests task/jib-maven/0.1/tests task/jib-maven/0.2/tests task/jib-maven/0.3/tests task/jib-maven/0.4/tests task/jib-maven/0.5/tests task/jq/0.1/tests task/kamel-run/0.1/tests task/kaniko/0.1/tests task/kaniko/0.2/tests task/kaniko/0.3/tests task/kaniko/0.4/tests task/kaniko/0.5/tests task/kaniko/0.6/tests task/kaniko/0.7/tests task/kind/0.1/tests task/ko/0.1/tests task/kube-linter/0.1/tests task/kubeconfig-creator/0.1/tests task/kubeconfig-creator/0.2/tests task/kubernetes-actions/0.2/tests task/kythe-go/0.1/tests task/kythe-go/0.2/tests task/markdown-lint/0.1/tests task/maven/0.1/tests task/maven/0.2/tests task/maven/0.3/tests task/maven/0.4/tests task/mypy-lint/0.1/tests task/mypy-lint/0.2/tests task/npm/0.1/tests task/openshift-client/0.1/tests task/openshift-client/0.2/tests task/orka-deploy/0.1/tests task/orka-deploy/0.2/tests task/orka-full/0.1/tests task/orka-full/0.2/tests task/orka-init/0.1/tests task/orka-init/0.2/tests task/orka-teardown/0.1/tests task/orka-teardown/0.2/tests task/pluto/0.1/tests task/powershell/0.1/tests task/prettier/0.1/tests task/pull-request/0.1/tests task/pull-request/0.2/tests task/pylint/0.1/tests task/pylint/0.2/tests task/pylint/0.3/tests task/pytest/0.1/tests task/pytest/0.2/tests task/python-coverage/0.1/tests task/redhat-codeready-dependency-analysis/0.1/tests task/redhat-dependency-analytics/0.1/tests task/redhat-dependency-analytics/0.2/tests task/replace-tokens/0.1/tests task/robot-framework/0.1/tests task/ruby-lint/0.1/tests task/s2i/0.1/tests task/s2i/0.2/tests task/s2i/0.3/tests task/shellcheck/0.1/tests task/shp/0.1/tests task/skopeo-copy/0.1/tests task/skopeo-copy/0.2/tests task/skopeo-copy/0.3/tests task/skopeo-copy/0.4/tests task/sonarqube-scanner/0.2/tests task/sonarqube-scanner/0.3/tests task/sonarqube-scanner/0.4/tests task/syft/0.1/tests task/tekton-catalog-publish/0.1/tests task/tekton-catalog-publish/0.2/tests task/tkn/0.2/tests task/tkn/0.3/tests task/tkn/0.4/tests task/tkn/0.5/tests task/trigger-jenkins-job/0.1/tests task/trivy-scanner/0.1/tests task/trivy-scanner/0.2/tests task/ts-lint/0.1/tests task/upload-pypi/0.2/tests task/valint/0.1/tests task/wget/0.1/tests task/write-file/0.1/tests task/yaml-lint/0.1/tests task/yq/0.1/tests task/yq/0.2/tests task/yq/0.3/tests task/yq/0.4/tests + all_tests='task/ansible-builder/0.1/tests task/ansible-runner/0.1/tests task/ansible-runner/0.2/tests task/asciidoctor/0.1/tests task/bentoml/0.1/tests task/black/0.1/tests task/black/0.2/tests task/blue-green-deploy/0.1/tests task/blue-green-deploy/0.2/tests task/buildah/0.1/tests task/buildah/0.2/tests task/buildah/0.3/tests task/buildah/0.4/tests task/buildah/0.5/tests task/buildah/0.6/tests task/buildah/0.7/tests task/buildah/0.8/tests task/buildah/0.9/tests task/buildpacks-phases/0.1/tests task/buildpacks-phases/0.2/tests task/buildpacks-phases/0.3/tests task/buildpacks/0.1/tests task/buildpacks/0.2/tests task/buildpacks/0.3/tests task/buildpacks/0.4/tests task/buildpacks/0.5/tests task/buildpacks/0.6/tests task/check-make/0.1/tests task/codecov/0.1/tests task/codecov/0.2/tests task/curl/0.1/tests task/docker-build/0.1/tests task/dockerslim-build/0.1/tests task/flake8/0.1/tests task/gcloud/0.3/tests task/generate-build-id/0.1/tests task/git-batch-merge/0.1/tests task/git-batch-merge/0.2/tests task/git-batch-merge/0.3/tests task/git-cli/0.1/tests task/git-cli/0.2/tests task/git-cli/0.3/tests task/git-cli/0.4/tests task/git-clone/0.1/tests task/git-clone/0.10/tests task/git-clone/0.2/tests task/git-clone/0.3/tests task/git-clone/0.4/tests task/git-clone/0.5/tests task/git-clone/0.6/tests task/git-clone/0.7/tests task/git-clone/0.8/tests task/git-clone/0.9/tests task/git-version/0.1/tests task/gitea-set-status/0.1/tests task/github-add-comment/0.1/tests task/github-add-comment/0.2/tests task/github-add-comment/0.3/tests task/github-add-comment/0.4/tests task/github-add-comment/0.5/tests task/github-add-comment/0.6/tests task/github-add-comment/0.7/tests task/github-add-gist/0.1/tests task/github-add-gist/0.2/tests task/github-create-deployment-status/0.1/tests task/github-create-deployment/0.2/tests task/github-open-pr/0.1/tests task/github-open-pr/0.2/tests task/github-request-reviewers/0.1/tests task/github-set-status/0.4/tests task/gitlab-set-status/0.1/tests task/gitlab-set-status/0.2/tests task/gitleaks/0.1/tests task/golang-build/0.1/tests task/golang-build/0.2/tests task/golang-build/0.3/tests task/golang-fuzz/0.1/tests task/golang-test/0.1/tests task/golang-test/0.2/tests task/golangci-lint/0.1/tests task/golangci-lint/0.2/tests task/gradle/0.1/tests task/gradle/0.2/tests task/gradle/0.3/tests task/gradle/0.4/tests task/grype/0.1/tests task/hadolint/0.1/tests task/helm-render-manifests-from-repo/0.1/tests task/helm-upgrade-from-repo/0.1/tests task/helm-upgrade-from-repo/0.2/tests task/helm-upgrade-from-repo/0.3/tests task/helm-upgrade-from-source/0.1/tests task/helm-upgrade-from-source/0.2/tests task/helm-upgrade-from-source/0.3/tests task/helm-upgrade-from-source/0.4/tests task/hugo/0.1/tests task/jenkins/0.1/tests task/jib-gradle/0.1/tests task/jib-gradle/0.2/tests task/jib-gradle/0.3/tests task/jib-gradle/0.4/tests task/jib-maven/0.1/tests task/jib-maven/0.2/tests task/jib-maven/0.3/tests task/jib-maven/0.4/tests task/jib-maven/0.5/tests task/jq/0.1/tests task/kamel-run/0.1/tests task/kaniko/0.1/tests task/kaniko/0.2/tests task/kaniko/0.3/tests task/kaniko/0.4/tests task/kaniko/0.5/tests task/kaniko/0.6/tests task/kaniko/0.7/tests task/kind/0.1/tests task/ko/0.1/tests task/kube-linter/0.1/tests task/kubeconfig-creator/0.1/tests task/kubeconfig-creator/0.2/tests task/kubernetes-actions/0.2/tests task/kythe-go/0.1/tests task/kythe-go/0.2/tests task/markdown-lint/0.1/tests task/maven/0.1/tests task/maven/0.2/tests task/maven/0.3/tests task/maven/0.4/tests task/mypy-lint/0.1/tests task/mypy-lint/0.2/tests task/npm/0.1/tests task/openshift-client/0.1/tests task/openshift-client/0.2/tests task/orka-deploy/0.1/tests task/orka-deploy/0.2/tests task/orka-full/0.1/tests task/orka-full/0.2/tests task/orka-init/0.1/tests task/orka-init/0.2/tests task/orka-teardown/0.1/tests task/orka-teardown/0.2/tests task/pluto/0.1/tests task/powershell/0.1/tests task/prettier/0.1/tests task/pull-request/0.1/tests task/pull-request/0.2/tests task/pylint/0.1/tests task/pylint/0.2/tests task/pylint/0.3/tests task/pytest/0.1/tests task/pytest/0.2/tests task/python-coverage/0.1/tests task/redhat-codeready-dependency-analysis/0.1/tests task/redhat-dependency-analytics/0.1/tests task/redhat-dependency-analytics/0.2/tests task/replace-tokens/0.1/tests task/robot-framework/0.1/tests task/ruby-lint/0.1/tests task/s2i/0.1/tests task/s2i/0.2/tests task/s2i/0.3/tests task/shellcheck/0.1/tests task/shp/0.1/tests task/skopeo-copy/0.1/tests task/skopeo-copy/0.2/tests task/skopeo-copy/0.3/tests task/skopeo-copy/0.4/tests task/sonarqube-scanner/0.2/tests task/sonarqube-scanner/0.3/tests task/sonarqube-scanner/0.4/tests task/syft/0.1/tests task/tekton-catalog-publish/0.1/tests task/tekton-catalog-publish/0.2/tests task/tkn/0.2/tests task/tkn/0.3/tests task/tkn/0.4/tests task/tkn/0.5/tests task/trigger-jenkins-job/0.1/tests task/trivy-scanner/0.1/tests task/trivy-scanner/0.2/tests task/ts-lint/0.1/tests task/upload-pypi/0.2/tests task/valint/0.1/tests task/wget/0.1/tests task/write-file/0.1/tests task/yaml-lint/0.1/tests task/yq/0.1/tests task/yq/0.2/tests task/yq/0.3/tests task/yq/0.4/tests' + [[ -z '' ]] ++ detect_changed_e2e_test +++ pwd ++ echo '====> Folder is: /home/prow/go/src/github.com/tektoncd/catalog' +++ git branch ++ echo '====> Branches are: * main' ++ echo '====> PULL_BASE_SHA:' ++ git show c9818f3dcecde0bc48b88749675eb13f0d314707 ++ echo '====> PULL_PULL_SHA:' ++ git show 5021a9dfa7ebdecdef63bf7115f83a7bb834d293 ++ echo '====> HEAD:' ++ git show HEAD ++ git --no-pager diff --name-only c9818f3dcecde0bc48b88749675eb13f0d314707..5021a9dfa7ebdecdef63bf7115f83a7bb834d293 ++ egrep '^(hack/setup-kind.sh|test/[^/]*)' + [[ ! -z ====> Folder is: /home/prow/go/src/github.com/tektoncd/catalog ====> Branches are: * main ====> PULL_BASE_SHA: commit c9818f3dcecde0bc48b88749675eb13f0d314707 Author: Andrea Frittoli Date: Wed Dec 18 15:10:44 2024 +0000 Switch container images from gcr.io to ghcr.io Replace all references to images on gcr.io with the corresponding copy on ghcr.io. The target images are identical to the source ones, so there is no functional change in tasks or stepaction. This PR changes old versions of tasks too and no new version is created, which should make it easier for people to start pulling from ghcr.io instead of gcr.io. Signed-off-by: Andrea Frittoli diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ed92b26 --- /dev/null +++ b/.gitignore @@ -0,0 +1,9 @@ +# Python +.venv +venv + +# MacOS +**/.DS_Store + +# IDEs +**/.idea diff --git a/stepaction/git-clone/0.1/git-clone.yaml b/stepaction/git-clone/0.1/git-clone.yaml index a329179..4cfb394 100644 --- a/stepaction/git-clone/0.1/git-clone.yaml +++ b/stepaction/git-clone/0.1/git-clone.yaml @@ -10,6 +10,7 @@ metadata: tekton.dev/tags: git tekton.dev/displayName: "git clone" tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" + tekton.dev/deprecated: "true" spec: params: - name: output-path diff --git a/stepaction/git-clone/0.2/README.md b/stepaction/git-clone/0.2/README.md new file mode 100644 index 0000000..a07aacd --- /dev/null +++ b/stepaction/git-clone/0.2/README.md @@ -0,0 +1,328 @@ +# `git-clone` + +**Note: this StepAction is only compatible with Tekton Pipelines versions 0.54.0 and greater!** + +**Note: this StepAction is not backwards compatible with the previous versions as it is now run as a non-root user!** + +This `StepAction` has two required inputs: + +1. The URL of a git repo to clone provided with the `url` param. +2. A path called `output-path` which should be provided by a `Workspace/Volume` in a Task. + +The `git-clone` `StepAction` will clone a repo from the provided `url` into the +`output-path` directory. By default the repo will be cloned into the root of +your directory. You can clone into a subdirectory by setting this `StepAction`'s +`subdirectory` param. If the directory where the repo will be cloned is +already populated then by default the contents will be deleted before the +clone takes place. This behaviour can be disabled by setting the +`deleteExisting` param to `"false"`. + +**Note**: The `git-clone` StepAction is run as nonroot. The files cloned on to the `output-path` +directory will end up owned by user 65532. + +## Workspace-Paths + +**Note**: `StepAction`s do not accept `Workspaces`. They only need the path to a directory +which can be passed in via a `param`. The directory can be provided by the `Task` via a +`Workspace`. + +**Note**: This stepaction is executed in a Task as a non-root user with UID 65532 and GID 65532. +Generally, the default permissions for storage volumes are configured for the +root user. To make the volumes accessible by the non-root user, you will need +to either configure the permissions manually or set the `fsGroup` field under +`PodSecurityContext` in your TaskRun or PipelineRun. + +An example PipelineRun will look like: +```yaml +apiVersion: tekton.dev/v1beta1 +kind: PipelineRun +metadata: + generateName: git-clone- +spec: + pipelineRef: + name: git-clone-pipeline + podTemplate: + securityContext: + fsGroup: 65532 +... +... +``` + +An example TaskRun will look like: +```yaml +apiVersion: tekton.dev/v1beta1 +kind: TaskRun +metadata: + name: taskrun +spec: + taskRef: + name: git-clone + podTemplate: + securityContext: + fsGroup: 65532 +... +... +``` + +* **output**: An example workspace for this StepAction to fetch the git repository in to. + **Note**: The underlying StepAction only needs the path which can be provided via + the param as follows: + ```yaml + params: + - name: output-path + value: $(workspaces.output.path) + ``` +* **ssh-directory**: An optional workspace to provide SSH credentials. At + minimum this should include a private key but can also include other common + files from `.ssh` including `config` and `known_hosts`. It is **strongly** + recommended that this workspace be bound to a Kubernetes `Secret`. + **Note**: The underlying StepAction only needs the path which can be provided via + the param as follows: + ```yaml + params: + - name: ssh-directory-path + value: $(workspaces.ssh-directory.path) + ``` + +* **ssl-ca-directory**: An optional workspace to provide custom CA certificates. + Like the /etc/ssl/certs path this directory can have any pem or cert files, + this uses libcurl ssl capath directive. See this SO answer here + https://stackoverflow.com/a/9880236 on how it works. + **Note**: The underlying StepAction only needs the path which can be provided via + the param as follows: + ```yaml + params: + - name: ssl-ca-directory-path + value: $(workspaces.ssa-ca-directory.path) + ``` + +* **basic-auth**: An optional workspace containing `.gitconfig` and + `.git-credentials` files. This allows username/password/access token to be + provided for basic auth. + + It is **strongly** recommended that this workspace be bound to a Kubernetes + `Secret`. For details on the correct format of the files in this Workspace + see [Using basic-auth Credentials](#using-basic-auth-credentials) below. + + **Note**: Settings provided as part of a `.gitconfig` file can affect the + execution of `git` in ways that conflict with the parameters of this StepAction. + For example, specifying proxy settings in `.gitconfig` could conflict with + the `httpProxy` and `httpsProxy` parameters this StepAction provides. Nothing + prevents you setting these parameters but it is not advised. + + **Note**: The underlying StepAction only needs the path which can be provided via + the param as follows: + ```yaml + params: + - name: basic-auth-path + value: $(workspaces.basic-auth.path) + ``` + +## Parameters + +* **output-path**: The git repo will be cloned onto this path +* **ssh-directory-path**: A .ssh directory with private key, known_hosts, config, etc. +* **basic-auth-path**: A directory path containing a .gitconfig and .git-credentials file. +* **ssl-ca-directory-path**: A directory containing CA certificates, this will be used by Git to verify the peer with when fetching or pushing over HTTPS. +* **url**: Repository URL to clone from. (_required_) +* **revision**: Revision to checkout. (branch, tag, sha, ref, etc...) (_default_: "") +* **refspec**: Refspec to fetch before checking out revision. (_default_:"") +* **submodules**: Initialize and fetch git submodules. (_default_: true) +* **depth**: Perform a shallow clone, fetching only the most recent N commits. (_default_: 1) +* **sslVerify**: Set the `http.sslVerify` global git config. Setting this to `false` is not advised unless you are sure that you trust your git remote. (_default_: true) +* **crtFileName**: If `sslVerify` is **true** and `ssl-ca-directory` workspace is given then set `crtFileName` if mounted file name is different than `ca-bundle.crt`. (_default_: "ca-bundle.crt") +* **subdirectory**: Subdirectory inside the `output` workspace to clone the repo into. (_default:_ "") +* **deleteExisting**: Clean out the contents of the destination directory if it already exists before cloning. (_default_: true) +* **httpProxy**: HTTP proxy server for non-SSL requests. (_default_: "") +* **httpsProxy**: HTTPS proxy server for SSL requests. (_default_: "") +* **noProxy**: Opt out of proxying HTTP/HTTPS requests. (_default_: "") +* **verbose**: Log the commands that are executed during `git-clone`'s operation. (_default_: true) +* **sparseCheckoutDirectories**: Which directories to match or exclude when performing a sparse checkout (_default_: "") +* **gitInitImage**: The image providing the git-init binary that this StepAction runs. (_default_: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:TODO") +* **userHome**: The user's home directory. (_default_: "/tekton/home") + +## Results + +* **commit**: The precise commit SHA that was fetched by this StepAction +* **url**: The precise URL that was fetched by this StepAction +* **committer-date**: The epoch timestamp of the commit that was fetched by this StepAction + +## Platforms + +The StepAction can be run on `linux/amd64`, `linux/s390x`, `linux/arm64`, and `linux/ppc64le` platforms. + +## Usage + +If the `revision` is not provided in the param of the taskrun +then it will auto-detect the branch as specified by the `default` +in the respective git repository. + +The following pipelines demonstrate usage of the git-clone StepAction: + +- [Cloning a branch](./samples/git-clone-checking-out-a-branch.yaml) +- [Checking out a specific git commit](./samples/git-clone-checking-out-a-commit.yaml) +- [Checking out a git tag and using the "commit" Step Result](./samples/using-git-clone-result.yaml) + +## Cloning Private Repositories + +This StepAction supports fetching private repositories. There are three ways to +authenticate: + +1. The simplest approach is to bind an `ssh-directory` workspace to this +StepAction. The workspace should contain private keys (e.g. `id_rsa`), `config` +and `known_hosts` files - anything you need to interact with your git remote +via SSH. It's **strongly** recommended that you use Kubernetes `Secrets` to +hold your credentials and bind to this workspace. + + In a TaskRun that would look something like this: + + ```yaml + kind: TaskRun + spec: + workspaces: + - name: ssh-directory + secret: + secretName: my-ssh-credentials + ``` + + And in a Pipeline and PipelineRun it would look like this: + + ```yaml + kind: Pipeline + spec: + workspaces: + - name: ssh-creds + # ... + tasks: + - name: fetch-source + taskSpec: + workspaces: + - name: ssh-creds + steps: + - ref: + name: git-clone + params: + - name: ssh-directory-path + value: $(workspaces.ssh-creds.path) + workspaces: + -name: ssh-creds + # ... + --- + kind: PipelineRun + spec: + workspaces: + - name: ssh-creds + secret: + secretName: my-ssh-credentials + # ... + ``` + + The `Secret` would appear the same in both cases - structured like a `.ssh` + directory: + + ```yaml + kind: Secret + apiVersion: v1 + metadata: + name: my-ssh-credentials + data: + id_rsa: # ... base64-encoded private key ... + known_hosts: # ... base64-encoded known_hosts file ... + config: # ... base64-encoded ssh config file ... + ``` + + Including `known_hosts` is optional but strongly recommended. Without it + the `git-clone` StepAction will blindly accept the remote server's identity. + +2. Use Tekton Pipelines' built-in credentials support as [documented in +Pipelines' auth.md](https://github.com/tektoncd/pipeline/blob/master/docs/auth.md). + +3. Another approach is to bind an `ssl-ca-directory` workspace to this +StepAction. The workspace should contain crt keys (e.g. `ca-bundle.crt`)files - anything you need to interact with your git remote +via custom CA . It's **strongly** recommended that you use Kubernetes `Secrets` to +hold your credentials and bind to this workspace. + + In a TaskRun that would look something like this: + + ```yaml + kind: TaskRun + spec: + workspaces: + - name: ssl-ca-directory + secret: + secretName: my-ssl-credentials + ``` + + And in a Pipeline and PipelineRun it would look like this: + + ```yaml + kind: Pipeline + spec: + workspaces: + - name: ssl-creds + # ... + tasks: + - name: fetch-source + workspaces: + - name: ssl-creds + taskSpec: + workspaces: + - name: ssl-creds + steps: + - ref: + name: git-clone + params: + - name: ssl-ca-directory-path + value: $(workspaces.ssl-creds.path) + # ... + --- + kind: PipelineRun + spec: + workspaces: + - name: ssl-creds + secret: + secretName: my-ssl-credentials + # ... + ``` + + The `Secret` would appear like below: + + ```yaml + kind: Secret + apiVersion: v1 + metadata: + name: my-ssl-credentials + data: + ca-bundle.crt: # ... base64-encoded crt ... # If key/filename is other than ca-bundle.crt then set crtFileName param as explained under Parameters section + ``` + +## Using basic-auth Credentials + +**Note**: It is strongly advised that you use `ssh` credentials when the option +is available to you before using basic auth. You can generate a short +lived token from WebVCS platforms (Github, Gitlab, Bitbucket etc..) to be used +as a password and generally be able to use `git` as the username. +On bitbucket server the token may have a / into it so you would need +to urlquote them before in the `Secret`, see this stackoverflow answer : + +https://stackoverflow.com/a/24719496 + +To support basic-auth this StepAction exposes an optional `basic-auth` Workspace. +The bound Workspace must contain a `.gitconfig` and `.git-credentials` file. +Any other files on this Workspace are ignored. A typical `Secret` containing +these credentials looks as follows: + +```yaml +kind: Secret +apiVersion: v1 +metadata: + name: my-basic-auth-secret +type: Opaque +stringData: + .gitconfig: | + [credential "https://"] + helper = store + .git-credentials: | + https://:@ +``` + diff --git a/stepaction/git-clone/0.2/git-clone.yaml b/stepaction/git-clone/0.2/git-clone.yaml new file mode 100644 index 0000000..eb64a4e --- /dev/null +++ b/stepaction/git-clone/0.2/git-clone.yaml @@ -0,0 +1,223 @@ +apiVersion: tekton.dev/v1beta1 +kind: StepAction +metadata: + name: git-clone + labels: + app.kubernetes.io/version: "0.2" + annotations: + tekton.dev/pipelines.minVersion: "0.54.0" + tekton.dev/categories: Git + tekton.dev/tags: git + tekton.dev/displayName: "git clone" + tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" +spec: + params: + - name: output-path + description: The git repo will be cloned onto this path + - name: ssh-directory-path + description: | + A .ssh directory with private key, known_hosts, config, etc. Copied to + the user's home before git commands are executed. Used to authenticate + with the git remote when performing the clone. We recommend providing this + path from a workspace that is bound by a Secret over other volume types. + default: "no-path" + - name: basic-auth-path + description: | + A directory path containing a .gitconfig and .git-credentials file. These + will be copied to the user's home before any git commands are run. Any + other files in this directory are ignored. It is strongly recommended + to use ssh-directory over basic-auth whenever possible and to bind a + Secret to the Workspace providing this path over other volume types. + default: "no-path" + - name: ssl-ca-directory-path + description: | + A directory containing CA certificates, this will be used by Git to + verify the peer with when fetching or pushing over HTTPS. + default: "no-path" + - name: url + description: Repository URL to clone from. + type: string + - name: revision + description: Revision to checkout. (branch, tag, sha, ref, etc...) + type: string + default: "" + - name: refspec + description: Refspec to fetch before checking out revision. + default: "" + - name: submodules + description: Initialize and fetch git submodules. + type: string + default: "true" + - name: depth + description: Perform a shallow clone, fetching only the most recent N commits. + type: string + default: "1" + - name: sslVerify + description: Set the `http.sslVerify` global git config. Setting this to `false` is not advised unless you are sure that you trust your git remote. + type: string + default: "true" + - name: crtFileName + description: file name of mounted crt using ssl-ca-directory workspace. default value is ca-bundle.crt. + type: string + default: "ca-bundle.crt" + - name: subdirectory + description: Subdirectory inside the `output` Workspace to clone the repo into. + type: string + default: "" + - name: sparseCheckoutDirectories + description: Define the directory patterns to match or exclude when performing a sparse checkout. + type: string + default: "" + - name: deleteExisting + description: Clean out the contents of the destination directory if it already exists before cloning. + type: string + default: "true" + - name: httpProxy + description: HTTP proxy server for non-SSL requests. + type: string + default: "" + - name: httpsProxy + description: HTTPS proxy server for SSL requests. + type: string + default: "" + - name: noProxy + description: Opt out of proxying HTTP/HTTPS requests. + type: string + default: "" + - name: verbose + description: Log the commands that are executed during `git-clone`'s operation. + type: string + default: "true" + - name: gitInitImage + description: The image providing the git-init binary that this StepAction runs. + type: string + default: "ghcr.io/tektoncd/github.com/tektoncd/pipeline/cmd/git-init:v0.40.2" + - name: userHome + description: | + Absolute path to the user's home directory. + type: string + default: "/home/git" + results: + - name: commit + description: The precise commit SHA that was fetched by this StepAction. + - name: url + description: The precise URL that was fetched by this StepAction. + - name: committer-date + description: The epoch timestamp of the commit that was fetched by this StepAction. + image: "$(params.gitInitImage)" + env: + - name: HOME + value: "$(params.userHome)" + - name: PARAM_URL + value: $(params.url) + - name: PARAM_REVISION + value: $(params.revision) + - name: PARAM_REFSPEC + value: $(params.refspec) + - name: PARAM_SUBMODULES + value: $(params.submodules) + - name: PARAM_DEPTH + value: $(params.depth) + - name: PARAM_SSL_VERIFY + value: $(params.sslVerify) + - name: PARAM_CRT_FILENAME + value: $(params.crtFileName) + - name: PARAM_SUBDIRECTORY + value: $(params.subdirectory) + - name: PARAM_DELETE_EXISTING + value: $(params.deleteExisting) + - name: PARAM_HTTP_PROXY + value: $(params.httpProxy) + - name: PARAM_HTTPS_PROXY + value: $(params.httpsProxy) + - name: PARAM_NO_PROXY + value: $(params.noProxy) + - name: PARAM_VERBOSE + value: $(params.verbose) + - name: PARAM_SPARSE_CHECKOUT_DIRECTORIES + value: $(params.sparseCheckoutDirectories) + - name: PARAM_USER_HOME + value: $(params.userHome) + - name: PARAM_OUTPUT_PATH + value: $(params.output-path) + - name: PARAM_SSH_DIRECTORY_PATH + value: $(params.ssh-directory-path) + - name: PARAM_BASIC_AUTH_DIRECTORY_PATH + value: $(params.basic-auth-path) + - name: PARAM_SSL_CA_DIRECTORY_PATH + value: $(params.ssl-ca-directory-path) + securityContext: + runAsNonRoot: true + runAsUser: 65532 + script: | + #!/usr/bin/env sh + set -eu + + if [ "${PARAM_VERBOSE}" = "true" ] ; then + set -x + fi + + if [ "${PARAM_BASIC_AUTH_DIRECTORY_PATH}" != "no-path" ] ; then + cp "${PARAM_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials" "${PARAM_USER_HOME}/.git-credentials" + cp "${PARAM_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig" "${PARAM_USER_HOME}/.gitconfig" + chmod 400 "${PARAM_USER_HOME}/.git-credentials" + chmod 400 "${PARAM_USER_HOME}/.gitconfig" + fi + + if [ "${PARAM_SSH_DIRECTORY_PATH}" != "no-path" ] ; then + cp -R "${PARAM_SSH_DIRECTORY_PATH}" "${PARAM_USER_HOME}"/.ssh + chmod 700 "${PARAM_USER_HOME}"/.ssh + chmod -R 400 "${PARAM_USER_HOME}"/.ssh/* + fi + + if [ "${PARAM_SSL_CA_DIRECTORY_PATH}" != "no-path" ] ; then + export GIT_SSL_CAPATH="${PARAM_SSL_CA_DIRECTORY_PATH}" + if [ "${PARAM_CRT_FILENAME}" != "" ] ; then + export GIT_SSL_CAINFO="${PARAM_SSL_CA_DIRECTORY_PATH}/${PARAM_CRT_FILENAME}" + fi + fi + CHECKOUT_DIR="${PARAM_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}" + + cleandir() { + # Delete any existing contents of the repo directory if it exists. + # + # We don't just "rm -rf ${CHECKOUT_DIR}" because ${CHECKOUT_DIR} might be "/" + # or the root of a mounted volume. + if [ -d "${CHECKOUT_DIR}" ] ; then + # Delete non-hidden files and directories + rm -rf "${CHECKOUT_DIR:?}"/* + # Delete files and directories starting with . but excluding .. + rm -rf "${CHECKOUT_DIR}"/.[!.]* + # Delete files and directories starting with .. plus any other character + rm -rf "${CHECKOUT_DIR}"/..?* + fi + } + + if [ "${PARAM_DELETE_EXISTING}" = "true" ] ; then + cleandir || true + fi + + test -z "${PARAM_HTTP_PROXY}" || export HTTP_PROXY="${PARAM_HTTP_PROXY}" + test -z "${PARAM_HTTPS_PROXY}" || export HTTPS_PROXY="${PARAM_HTTPS_PROXY}" + test -z "${PARAM_NO_PROXY}" || export NO_PROXY="${PARAM_NO_PROXY}" + + git config --global --add safe.directory "${PARAM_OUTPUT_PATH}" + /ko-app/git-init \ + -url="${PARAM_URL}" \ + -revision="${PARAM_REVISION}" \ + -refspec="${PARAM_REFSPEC}" \ + -path="${CHECKOUT_DIR}" \ + -sslVerify="${PARAM_SSL_VERIFY}" \ + -submodules="${PARAM_SUBMODULES}" \ + -depth="${PARAM_DEPTH}" \ + -sparseCheckoutDirectories="${PARAM_SPARSE_CHECKOUT_DIRECTORIES}" + cd "${CHECKOUT_DIR}" + RESULT_SHA="$(git rev-parse HEAD)" + EXIT_CODE="$?" + if [ "${EXIT_CODE}" != 0 ] ; then + exit "${EXIT_CODE}" + fi + RESULT_COMMITTER_DATE="$(git log -1 --pretty=%ct)" + printf "%s" "${RESULT_COMMITTER_DATE}" > "$(step.results.committer-date.path)" + printf "%s" "${RESULT_SHA}" > "$(step.results.commit.path)" + printf "%s" "${PARAM_URL}" > "$(step.results.url.path)" diff --git a/stepaction/git-clone/0.2/samples/git-clone-checking-out-a-branch.yaml b/stepaction/git-clone/0.2/samples/git-clone-checking-out-a-branch.yaml new file mode 100644 index 0000000..80344fb --- /dev/null +++ b/stepaction/git-clone/0.2/samples/git-clone-checking-out-a-branch.yaml @@ -0,0 +1,62 @@ +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: cat-branch-readme +spec: + description: | + cat-branch-readme takes a git repository and a branch name and + prints the README.md file from that branch. This is an example + Task demonstrating the following: + - Using the git-clone catalog StepAction to clone a branch + - Passing a cloned repo to subsequent Steps using a Workspace. + git-clone completes before we try to read from the Workspace. + - Using a volumeClaimTemplate Volume as a Workspace. + - Avoiding hard-coded paths by using a Workspace's path + variable instead. + params: + - name: repo-url + type: string + description: The git repository URL to clone from. + - name: branch-name + type: string + description: The git branch to clone. + workspaces: + - name: shared-data + description: | + This workspace will receive the cloned git repo and be accessible + in the next Step for the repo's README.md file to be read. + steps: + - name: fetch-repo + ref: + name: git-clone + params: + - name: url + value: $(params.repo-url) + - name: revision + value: $(params.branch-name) + - name: output-path + value: $(workspaces.shared-data.path) + - name: cat-readme + image: zshusers/zsh:4.3.15 + script: | + #!/usr/bin/env zsh + cat $(workspaces.shared-data.path)/README.md +--- +apiVersion: tekton.dev/v1 +kind: TaskRun +metadata: + name: git-clone-checking-out-a-branch +spec: + taskRef: + name: cat-branch-readme + podTemplate: + securityContext: + fsGroup: 65532 + workspaces: + - name: shared-data + emptyDir: {} + params: + - name: repo-url + value: https://github.com/tektoncd/pipeline.git + - name: branch-name + value: release-v0.12.x diff --git a/stepaction/git-clone/0.2/samples/git-clone-checking-out-a-commit.yaml b/stepaction/git-clone/0.2/samples/git-clone-checking-out-a-commit.yaml new file mode 100644 index 0000000..82c7ff3 --- /dev/null +++ b/stepaction/git-clone/0.2/samples/git-clone-checking-out-a-commit.yaml @@ -0,0 +1,93 @@ +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: checking-out-a-revision +spec: + description: | + checking-out-a-revision takes a git repository and a commit SHA + and validates that cloning the revision succeeds. This is an example + Task demonstrating the following: + - Using the git-clone catalog StepAction to clone a specific commit + - Passing a cloned repo to subsequent Steps using a Workspace. + git-clone completes before we try to read from the Workspace. + - Using a volumeClaimTemplate Volume as a Workspace. + - Avoiding hard-coded paths by using a Workspace's path + variable instead. + params: + - name: repo-url + type: string + description: The git repository URL to clone from. + - name: commit + type: string + description: The git commit to fetch. + - name: user-home + type: string + description: The home directory of the user performing the git clone. + default: "/tekton/home" + - name: user-uid + type: string + description: The UID of the user performing the git clone. + default: "0" + workspaces: + - name: shared-data + description: | + This workspace will receive the cloned git repo and be passed + to the next Step for the commit to be checked. + steps: + - name: fetch-repo + ref: + name: git-clone + params: + - name: url + value: $(params.repo-url) + - name: revision + value: $(params.commit) + - name: gitInitImage + value: localhost:5000/git-init-4874978a9786b6625dd8b6ef2a21aa70:latest + - name: userHome + value: $(params.user-home) + - name: output-path + value: $(workspaces.shared-data.path) + - name: check-expectations + image: alpine/git:v2.24.3 + script: | + #!/usr/bin/env sh + cd "$(workspaces.shared-data.path)" + receivedCommit="$(git rev-parse HEAD)" + if [ "$receivedCommit" != "$(params.commit)" ]; then + echo "Expected commit $(params.commit) but received $receivedCommit." + exit 1 + else + echo "Received commit $receivedCommit as expected." + fi + detectedUID="$(ls -l ./README.md | awk '{ print $3 }')" + if [ "$detectedUID" != "$(params.user-uid)" ]; then + echo "Expected README UID of $(params.user-uid) but received $detectedUID." + exit 2 + else + echo "Saw README with owner of $detectedUID as expected." + fi +--- +apiVersion: tekton.dev/v1 +kind: TaskRun +metadata: + generateName: git-clone-checking-out-a-commit- +spec: + taskRef: + name: checking-out-a-revision + podTemplate: + securityContext: + runAsNonRoot: true + fsGroup: 65532 + workspaces: + - name: shared-data + emptyDir: {} + params: + - name: repo-url + value: https://github.com/tektoncd/pipeline.git + - name: commit + value: 301b41380e95382a18b391c2165fa3a6a3de93b0 # Tekton Task's first ever commit! + - name: user-home + value: "/home/nonroot" + - name: user-uid + value: "65532" diff --git a/stepaction/git-clone/0.2/samples/git-clone-for-ssl-ca.yaml b/stepaction/git-clone/0.2/samples/git-clone-for-ssl-ca.yaml new file mode 100644 index 0000000..03231f1 --- /dev/null +++ b/stepaction/git-clone/0.2/samples/git-clone-for-ssl-ca.yaml @@ -0,0 +1,71 @@ +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: cat-readme +spec: + description: | + cat-readme takes a git repository and + prints the README.md file from main branch. This is an example + Task demonstrating the following: + - Using the git-clone catalog StepAction to clone a main branch for the repo which uses custom CAs for HTTPS + - Passing a cloned repo to subsequent StepActions using a Workspace. + git-clone completes before we try to read from the Workspace. + - Using a volumeClaimTemplate Volume as a Workspace. + - Avoiding hard-coded paths by using a Workspace's path + variable instead. + params: + - name: repo-url + type: string + description: The git repository URL to clone from. + workspaces: + - name: shared-data + description: | + This workspace will receive the cloned git repo and be passed + to the next Step for the repo's README.md file to be read. + - name: ssl-ca-dir + description: | + This workspace contains CA certificates, this will be used by Git to + verify the peer with when fetching or pushing over HTTPS. + steps: + - name: fetch-repo + ref: + name: git-clone + params: + - name: url + value: $(params.repo-url) + - name: output-path + value: $(workspaces.shared-data.path) + - name: ssl-ca-directory-path + value: $(workspaces.ssl-ca-dir.path) + - name: cat-readme + image: zshusers/zsh:4.3.15 + script: | + #!/usr/bin/env zsh + cat $(workspaces.source.path)/README.md +--- +apiVersion: tekton.dev/v1 +kind: TaskRun +metadata: + name: git-clone-checking-out-a-branch +spec: + taskRef: + name: cat-branch-readme + podTemplate: + securityContext: + fsGroup: 65532 + workspaces: + - name: shared-data + emptyDir: {} + - name: ssl-ca-dir + secret: + secretName: my-ssl-credentials + params: + - name: repo-url + value: https://github.com/tektoncd/pipeline.git +--- +kind: Secret +apiVersion: v1 +metadata: + name: my-ssl-credentials +data: + ca-bundle.crt: jdsfjshfj122w # base64-encoded crt ... If key/filename is other than ca-bundle.crt then set crtFileName param as explained under Parameters section. diff --git a/stepaction/git-clone/0.2/samples/git-clone-sparse-checkout.yaml b/stepaction/git-clone/0.2/samples/git-clone-sparse-checkout.yaml new file mode 100644 index 0000000..6551177 --- /dev/null +++ b/stepaction/git-clone/0.2/samples/git-clone-sparse-checkout.yaml @@ -0,0 +1,63 @@ +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: sparse-checkout-list-dir +spec: + description: | + sparse-checkout-list-dir takes a git repository and a list of + directory patterns to match and lists all cloned files and directories. + This is an example task demonstrating the following: + - Using the git-clone catalog StepAction to clone a specific set of + files based on directory patterns. + - Passing a cloned repo to subsequent Steps using a Workspace. + git-clone completes before we try to read from the Workspace. + - Using a volumeClaimTemplate Volume as a Workspace. + - Avoiding hard-coded paths by using a Workspace's path + variable instead. + params: + - name: repo-url + type: string + description: The git repository URL to clone from. + - name: sparseCheckoutDirectories + type: string + description: directory patterns to clone + workspaces: + - name: shared-data + description: | + This workspace will receive the cloned git repo and be passed + to the next Step to list all cloned files and directories. + steps: + - name: fetch-repo + ref: + name: git-clone + params: + - name: url + value: $(params.repo-url) + - name: sparseCheckoutDirectories + value: $(params.sparseCheckoutDirectories) + - name: output-path + value: $(workspaces.shared-data.path) + - name: list-dirs + image: zshusers/zsh:4.3.15 + script: | + #!/usr/bin/env zsh + ls -R $(workspaces.shared-data.path)/ +--- +apiVersion: tekton.dev/v1 +kind: TaskRun +metadata: + name: git-clone-sparse-checkout +spec: + taskRef: + name: sparse-checkout-list-dir + podTemplate: + securityContext: + fsGroup: 65532 + workspaces: + - name: shared-data + emptyDir: {} + params: + - name: repo-url + value: https://github.com/tektoncd/pipeline.git + - name: sparseCheckoutDirectories + value: /*,!/*/,/docs/,/cmd/ diff --git a/stepaction/git-clone/0.2/samples/using-git-clone-result.yaml b/stepaction/git-clone/0.2/samples/using-git-clone-result.yaml new file mode 100644 index 0000000..b4d03c9 --- /dev/null +++ b/stepaction/git-clone/0.2/samples/using-git-clone-result.yaml @@ -0,0 +1,70 @@ +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: validate-tag-sha +spec: + description: | + validate-tag-sha takes a git repository, tag name, and a commit SHA and + checks whether the given tag resolves to that commit. This example + Task demonstrates the following: + - How to use the git-clone catalog StepAction + - How to use the git-clone Step's "commit" Step Result from another Step. + - How to discard the contents of the git repo when it isn't needed by + passing an `emptyDir` Volume as its "output" workspace. + params: + - name: repo-url + type: string + description: The git repository URL to clone from. + - name: tag-name + type: string + description: The git tag to clone. + - name: expected-sha + type: string + description: The expected SHA to be received for the supplied revision. + workspaces: + - name: output + steps: + - name: fetch-repository + ref: + name: git-clone + params: + - name: url + value: $(params.repo-url) + - name: revision + value: $(params.tag-name) + - name: output-path + value: $(workspaces.output.path) + - name: validate-revision-sha + image: zshusers/zsh:4.3.15 + env: + - name: RESULT_COMMIT + value: $(steps.fetch-repository.results.commit) + script: | + #!/usr/bin/env zsh + if [ "$(params.expected-sha)" != "${RESULT_COMMIT}" ]; then + echo "Expected revision $(params.tag-name) to have SHA $(params.expected-sha)." + exit 1 + else + echo "Revision $(params.tag-name) has expected SHA $(params.expected-sha)." + fi +--- +apiVersion: tekton.dev/v1 +kind: TaskRun +metadata: + generateName: using-git-clone-result- +spec: + taskRef: + name: validate-tag-sha + podTemplate: + securityContext: + fsGroup: 65532 + workspaces: + - name: output + emptyDir: {} # We don't care about the repo contents in this example, just the "commit" result + params: + - name: repo-url + value: https://github.com/tektoncd/pipeline.git + - name: tag-name + value: v0.12.1 + - name: expected-sha + value: a54dd3984affab47f3018852e61a1a6f9946ecfa diff --git a/stepaction/git-clone/0.2/tests/run.yaml b/stepaction/git-clone/0.2/tests/run.yaml new file mode 100644 index 0000000..d98cda4 --- /dev/null +++ b/stepaction/git-clone/0.2/tests/run.yaml @@ -0,0 +1,300 @@ +--- +apiVersion: tekton.dev/v1 +kind: TaskRun +metadata: + name: git-clone-run-noargs +spec: + workspaces: + - name: output + emptyDir: {} + taskSpec: + workspaces: + - name: output + steps: + - ref: + name: git-clone + params: + - name: url + value: $(params.url) + - name: output-path + value: $(workspaces.output.path) + podTemplate: + securityContext: + fsGroup: 65532 + params: + - name: url + value: https://github.com/kelseyhightower/nocode +--- +apiVersion: tekton.dev/v1 +kind: TaskRun +metadata: + name: git-clone-run-tag +spec: + workspaces: + - name: output + emptyDir: {} + taskSpec: + workspaces: + - name: output + steps: + - ref: + name: git-clone + params: + - name: url + value: $(params.url) + - name: revision + value: $(params.revision) + - name: output-path + value: $(workspaces.output.path) + podTemplate: + securityContext: + fsGroup: 65532 + params: + - name: url + value: https://github.com/kelseyhightower/nocode + - name: revision + value: 1.0.0 +--- +apiVersion: tekton.dev/v1 +kind: TaskRun +metadata: + name: git-clone-run-no-submodules +spec: + workspaces: + - name: output + emptyDir: {} + taskSpec: + workspaces: + - name: output + steps: + - ref: + name: git-clone + params: + - name: url + value: $(params.url) + - name: submodules + value: $(params.submodules) + - name: output-path + value: $(workspaces.output.path) + podTemplate: + securityContext: + fsGroup: 65532 + params: + - name: url + value: https://github.com/githubtraining/example-dependency + - name: submodules + value: "false" +--- +apiVersion: tekton.dev/v1 +kind: TaskRun +metadata: + name: git-clone-run-no-depth-2 +spec: + workspaces: + - name: output + emptyDir: {} + podTemplate: + securityContext: + fsGroup: 65532 + taskSpec: + workspaces: + - name: output + steps: + - ref: + name: git-clone + params: + - name: url + value: $(params.url) + - name: depth + value: $(params.depth) + - name: output-path + value: $(workspaces.output.path) + params: + - name: url + value: https://github.com/kelseyhightower/nocode + - name: depth + value: "2" +--- +apiVersion: tekton.dev/v1 +kind: TaskRun +metadata: + name: git-clone-run-sslverify-none +spec: + workspaces: + - name: output + emptyDir: {} + taskSpec: + workspaces: + - name: output + steps: + - ref: + name: git-clone + params: + - name: url + value: $(params.url) + - name: sslVerify + value: $(params.sslVerify) + - name: output-path + value: $(workspaces.output.path) + podTemplate: + securityContext: + fsGroup: 65532 + params: + - name: url + value: https://github.com/kelseyhightower/nocode + - name: sslVerify + value: "false" +--- +apiVersion: tekton.dev/v1 +kind: TaskRun +metadata: + name: git-clone-run-ssl-cadirectory-empty +spec: + workspaces: + - name: output + emptyDir: {} + - name: ssl-ca-directory + emptyDir: {} + taskSpec: + workspaces: + - name: output + steps: + - ref: + name: git-clone + params: + - name: url + value: $(params.url) + - name: crtFileName + value: $(params.crtFileName) + - name: output-path + value: $(workspaces.output.path) + - name: ssl-ca-directory-path + value: $(workspaces.ssl-ca-directory.path) + podTemplate: + securityContext: + fsGroup: 65532 + params: + - name: url + value: https://github.com/kelseyhightower/nocode + - name: crtFileName + value: "" +--- +apiVersion: tekton.dev/v1 +kind: TaskRun +metadata: + name: git-clone-run-subdirectory +spec: + workspaces: + - name: output + emptyDir: {} + taskSpec: + workspaces: + - name: output + steps: + - ref: + name: git-clone + params: + - name: url + value: $(params.url) + - name: subdirectory + value: $(params.subdirectory) + - name: output-path + value: $(workspaces.output.path) + podTemplate: + securityContext: + fsGroup: 65532 + params: + - name: url + value: https://github.com/kelseyhightower/nocode + - name: subdirectory + value: "hellomoto" +--- +apiVersion: tekton.dev/v1 +kind: TaskRun +metadata: + name: git-clone-run-delete-existing +spec: + workspaces: + - name: output + emptyDir: {} + taskSpec: + workspaces: + - name: output + steps: + - ref: + name: git-clone + params: + - name: url + value: $(params.url) + - name: deleteExisting + value: $(params.deleteExisting) + - name: output-path + value: $(workspaces.output.path) + podTemplate: + securityContext: + fsGroup: 65532 + params: + - name: url + value: https://github.com/kelseyhightower/nocode + - name: deleteExisting + value: "true" +--- +apiVersion: tekton.dev/v1 +kind: TaskRun +metadata: + name: git-clone-run-without-verbose +spec: + workspaces: + - name: output + emptyDir: {} + taskSpec: + workspaces: + - name: output + steps: + - ref: + name: git-clone + params: + - name: url + value: $(params.url) + - name: verbose + value: $(params.verbose) + - name: output-path + value: $(workspaces.output.path) + podTemplate: + securityContext: + fsGroup: 65532 + params: + - name: url + value: https://github.com/kelseyhightower/nocode + - name: verbose + value: "false" +--- +apiVersion: tekton.dev/v1 +kind: TaskRun +metadata: + name: git-clone-sparse +spec: + workspaces: + - name: output + emptyDir: {} + taskSpec: + workspaces: + - name: output + steps: + - ref: + name: git-clone + params: + - name: url + value: $(params.url) + - name: sparseCheckoutDirectories + value: $(params.sparseCheckoutDirectories) + - name: output-path + value: $(workspaces.output.path) + podTemplate: + securityContext: + fsGroup: 65532 + params: + - name: url + value: https://github.com/kelseyhightower/nocode + - name: sparseCheckoutDirectories + value: "CONTRIBUTING.md,STYLE.md" diff --git a/stepaction/tekton-catalog-publish/0.1/tekton-catalog-publish.yaml b/stepaction/tekton-catalog-publish/0.1/tekton-catalog-publish.yaml index 47ca01c..7ec68b5 100644 --- a/stepaction/tekton-catalog-publish/0.1/tekton-catalog-publish.yaml +++ b/stepaction/tekton-catalog-publish/0.1/tekton-catalog-publish.yaml @@ -12,12 +12,13 @@ metadata: tekton.dev/tags: catalog, bundles tekton.dev/displayName: "Publish a Tekton Catalog" tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le" + tekton.dev/deprecated: "true" spec: params: - name: TKN_IMAGE type: string description: tkn CLI container image to run this stepaction - default: gcr.io/tekton-releases/dogfooding/tkn@sha256:79d21abf8a29128ede5091773078d5d8528f47240e455adb9824222d2fff489a + default: ghcr.io/tektoncd/plumbing/tkn@sha256:79d21abf8a29128ede5091773078d5d8528f47240e455adb9824222d2fff489a - name: REGISTRY type: string description: The registry where bundles are published to diff --git a/stepaction/tekton-catalog-publish/0.2/tekton-catalog-publish.yaml b/stepaction/tekton-catalog-publish/0.2/tekton-catalog-publish.yaml index a48e95f..734a37a 100644 --- a/stepaction/tekton-catalog-publish/0.2/tekton-catalog-publish.yaml +++ b/stepaction/tekton-catalog-publish/0.2/tekton-catalog-publish.yaml @@ -17,7 +17,7 @@ spec: - name: TKN_IMAGE type: string description: tkn CLI container image to run this stepaction - default: gcr.io/tekton-releases/dogfooding/tkn@sha256:328b4a98eb566ccad4aafcd7fb8307a97c5771e681d85bda669e21e37c071a81 + default: ghcr.io/tektoncd/plumbing/tkn@sha256:328b4a98eb566ccad4aafcd7fb8307a97c5771e681d85bda669e21e37c071a81 - name: TKN_ARGS description: Extra args to be passed to tkn, as a single string default: "" diff --git a/stepaction/tekton-catalog-publish/0.3/README.md b/stepaction/tekton-catalog-publish/0.3/README.md new file mode 100644 index 0000000..b992d9e --- /dev/null +++ b/stepaction/tekton-catalog-publish/0.3/README.md @@ -0,0 +1,119 @@ +# Tekton Catalog Publish + +This stepaction publishes each Task/StepAction in a Tekton catalog as [Tekton Bundles](https://tekton.dev/docs/pipelines/pipelines/#tekton-bundles). +The catalog must be structured as a [Tekton Catalog](https://github.com/tektoncd/catalog#catalog-structure). + +Bundles are published to `$REGISTRY/$PATH/:` and, when `TAG` is provided, to +`$REGISTRY/$PATH/:$TAG`. An example of extra tag could be the git sha of the catalog repo that +is being published. The task uses the `tkn bundle` command to publish and support for decoding `StepActions`, which is available +in `tkn` starting with version `v0.34.0`. + +Bundles are published with two OCI labels by default: +- `org.opencontainers.image.description`: The individual resource name, obtained from the containing folder name +- `org.opencontainers.image.version`: The individual resource version, obtained from the containing folder name and `$(params.TAG)`, if provided + +## Install the StepAction + +```bash +kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/main/stepaction/tekton-catalog-publish/0.1/tekton-catalog-publish.yaml +``` + +## Parameters + +| name | description | default | +| ---------------- | ------------------------------------------------------------------------------ | ------------------------------------- | +| TKN_IMAGE | `tkn` CLI container image to run this task. | gcr.io/tekton-releases/dogfooding/tkn | +| TKN_ARGS | Extra command line arguments passed as last to the `tkn` CLI. | "--label org.opencontainers.image.source=github.com/tektoncd/catalog" | +| REGISTRY | The registry where bundles are published to | | +| RESOURCE | The type of resouce being published: task or stepaction | task | +| PATH | The path in the registry | tekton/catalog/tasks | +| TAG | An optional extra tag (optional) | "" | +| catalogPath | The directory containing the catalog to be published | | +| dockerconfigPath | The directory providing `.docker/config.json`. | no-path | +| | The file should be placed at the root of the Workspace with name `config.json` | | + +## Platforms + +The Task can be run on `linux/amd64`, `linux/s390x`, and `linux/ppc64le` platforms. + +## Usage + +1. Passing `REGISTRY` and catalog workspace: + +```yaml +apiVersion: tekton.dev/v1beta1 +kind: TaskRun +metadata: + generateName: tekton-catalog-publish- +spec: + taskSpec: + workspaces: + - name: source + steps: + - name: publish + ref: + name: tekton-catalog-publish + params: + - name: catalogPath + value: $(workspaces.source.path) + - name: REGISTRY + value: $(params.REGISTRY) + workspaces: + - name: source + persistentVolumeClaim: + claimName: my-source + params: + - name: REGISTRY + value: icr.io +``` + +2. Passing `REGISTRY`, `PATH`, `TAG`, `TKN_ARGS` and both workspaces + + 1. Sample secret can be found [here](https://github.com/tektoncd/catalog/tree/main/task/tekton-catalog-publish/0.1/samples/secrets.yaml) + + 2. Create `TaskRun` + +```yaml +apiVersion: tekton.dev/v1beta1 +kind: TaskRun +metadata: + generateName: tekton-catalog-publish- +spec: + taskSpec: + workspaces: + - name: source + - name: dockerconfig + steps: + - name: publish + ref: + name: tekton-catalog-publish + params: + - name: catalogPath + value: $(workspaces.source.path) + - name: dockerconfigPath + value: $(workspaces.dockerconfig.path) + - name: REGISTRY + value: $(params.REGISTRY) + - name: PATH + value: $(params.PATH) + - name: TAG + value: $(params.TAG) + - name: TKN_ARGS + value: $(params.TKN_ARGS) + workspaces: + - name: source + persistentVolumeClaim: + claimName: my-source + - name: dockerconfig + secret: + secretName: regcred + params: + - name: REGISTRY + value: icr.io + - name: PATH + value: tekton/mycatalog/tasks + - name: TAG + value: 49456927aef7e81a48a972db2bfd6e19a64d9a77 + - name: TKN_ARGS + value: "--label org.opencontainers.image.source=github.com/tektoncd/catalog" +``` diff --git a/stepaction/tekton-catalog-publish/0.3/samples/run-with-workspace-secret.yaml b/stepaction/tekton-catalog-publish/0.3/samples/run-with-workspace-secret.yaml new file mode 100644 index 0000000..f3f7099 --- /dev/null +++ b/stepaction/tekton-catalog-publish/0.3/samples/run-with-workspace-secret.yaml @@ -0,0 +1,40 @@ +apiVersion: tekton.dev/v1 +kind: TaskRun +metadata: + generateName: tekton-catalog-publish- +spec: + taskSpec: + workspaces: + - name: dockerconfig + - name: source + ref: + name: tekton-catalog-publish + params: + - name: catalogPath + value: $(workspaces.source.path) + - name: dockerconfigPath + value: $(workspaces.dockerconfig.path) + - name: REGISTRY + value: $(params.REGISTRY) + - name: PATH + value: $(params.PATH) + - name: TAG + value: $(params.TAG) + - name: TKN_ARGS + value: $(params.TKN_ARGS) + workspaces: + - name: source + persistentVolumeClaim: + claimName: my-source + - name: dockerconfig + secret: + secretName: regcred + params: + - name: REGISTRY + value: icr.io + - name: PATH + value: tekton/mycatalog/tasks + - name: TAG + value: 49456927aef7e81a48a972db2bfd6e19a64d9a77 + - name: TKN_ARGS + value: "--label org.opencontainers.image.source=github.com/tektoncd/catalog" diff --git a/stepaction/tekton-catalog-publish/0.3/samples/run-without-workspace-secret.yaml b/stepaction/tekton-catalog-publish/0.3/samples/run-without-workspace-secret.yaml new file mode 100644 index 0000000..422d0e5 --- /dev/null +++ b/stepaction/tekton-catalog-publish/0.3/samples/run-without-workspace-secret.yaml @@ -0,0 +1,22 @@ +apiVersion: tekton.dev/v1 +kind: TaskRun +metadata: + generateName: tekton-catalog-publish- +spec: + taskSpec: + workspaces: + - name: source + ref: + name: tekton-catalog-publish + params: + - name: catalogPath + value: $(workspaces.source.path) + - name: REGISTRY + value: $(params.REGISTRY) + workspaces: + - name: source + persistentVolumeClaim: + claimName: my-source + params: + - name: REGISTRY + value: icr.io diff --git a/stepaction/tekton-catalog-publish/0.3/samples/secrets.yaml b/stepaction/tekton-catalog-publish/0.3/samples/secrets.yaml new file mode 100644 index 0000000..93b946a --- /dev/null +++ b/stepaction/tekton-catalog-publish/0.3/samples/secrets.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Secret +metadata: + name: regcred +stringData: + config.json: | + { + "auths" : { + "icr.io" : { + "auth" : "iamapikey", + "identitytoken" : "test123test123" + }, + } + } diff --git a/stepaction/tekton-catalog-publish/0.3/tekton-catalog-publish.yaml b/stepaction/tekton-catalog-publish/0.3/tekton-catalog-publish.yaml new file mode 100644 index 0000000..63891ca --- /dev/null +++ b/stepaction/tekton-catalog-publish/0.3/tekton-catalog-publish.yaml @@ -0,0 +1,88 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: StepAction +metadata: + name: tekton-catalog-publish + labels: + app.kubernetes.io/version: "0.3" + annotations: + tekton.dev/categories: Publishing + tekton.dev/pipelines.minVersion: "0.54.0" + tekton.dev/cli.minVersion: "0.34.0" + tekton.dev/tags: catalog, bundles + tekton.dev/displayName: "Publish a Tekton Catalog" + tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le" +spec: + params: + - name: TKN_IMAGE + type: string + description: tkn CLI container image to run this stepaction + default: ghcr.io/tektoncd/plumbing/tkn@sha256:328b4a98eb566ccad4aafcd7fb8307a97c5771e681d85bda669e21e37c071a81 + - name: TKN_ARGS + description: Extra args to be passed to tkn, as a single string + default: "" + - name: REGISTRY + type: string + description: The registry where bundles are published to + - name: PATH + type: string + description: The path in the registry + default: tekton/catalog/tasks + - name: RESOURCE + type: string + description: task or stepaction. It must match the resource name in the root of the catalog path. + default: task + - name: TAG + type: string + description: An optional extra tag. If provided, tasks are tagged with it too. + default: "" + - name: catalogPath + description: >- + A directory that holds the catalog to be published. The catalog must be stored + in the root of the directory, and is must follow the + [Tetkon Catalog](https://github.com/tektoncd/catalog#catalog-structure) structure. + - name: dockerconfigPath + description: >- + An optional directory that allows providing a .docker/config.json + file for tkn to access the container registry. The file should be placed at + the root of the Directory with name config.json. + default: "no-path" + image: "$(params.TKN_IMAGE)" + workingDir: "$(params.catalogPath)" + env: + - name: REGISTRY + value: $(params.REGISTRY) + - name: REGISTRY_PATH + value: $(params.PATH) + - name: TAG + value: $(params.TAG) + - name: DOCKER_CONFIG_PATH + value: $(params.dockerconfigPath) + - name: RESOURCE + value: $(params.RESOURCE) + - name: TKN_ARGS + value: $(params.TKN_ARGS) + script: | + #!/usr/bin/env sh + set -e -o pipefail + TARGET="${REGISTRY}" + [ "${REGISTRY_PATH}" != "" ] && TARGET="${TARGET}/${REGISTRY_PATH}" + # If a dockerconfig workspace was provided, set DOCKER_CONFIG to point to it + if [ -d "$DOCKER_CONFIG_PATH" ]; then + export DOCKER_CONFIG="${DOCKER_CONFIG_PATH}" + fi + find ${RESOURCE} -type f -mindepth 3 -maxdepth 3 -name '*.yaml' -o -name '*.yml'| while read -r resource_version_dir; do + FOLDER=$(dirname "$resource_version_dir") + VERSION=$(basename "$FOLDER") + RESOURCE_NAME=$(basename "$(dirname "$FOLDER")") + tkn bundle push \ + --label org.opencontainers.image.description="${RESOURCE_NAME}" \ + --label org.opencontainers.image.version="${VERSION}" \ + ${TKN_ARGS} "${TARGET}/${RESOURCE_NAME}:${VERSION}" -f "$resource_version_dir" + [ "${TAG}" != "" ] && \ + tkn bundle push \ + --label org.opencontainers.image.description="${RESOURCE_NAME}" \ + --label org.opencontainers.image.version="${TAG}" \ + ${TKN_ARGS} "${TARGET}/${RESOURCE_NAME}:${TAG}" -f "$resource_version_dir" + sleep 0.1 + done diff --git a/stepaction/tekton-catalog-publish/0.3/tests/pre-apply-task-hook.sh b/stepaction/tekton-catalog-publish/0.3/tests/pre-apply-task-hook.sh new file mode 100755 index 0000000..d9b1bde --- /dev/null +++ b/stepaction/tekton-catalog-publish/0.3/tests/pre-apply-task-hook.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +# Add git-clone +add_stepaction git-clone latest diff --git a/stepaction/tekton-catalog-publish/0.3/tests/run.yaml b/stepaction/tekton-catalog-publish/0.3/tests/run.yaml new file mode 100644 index 0000000..4be6b2a --- /dev/null +++ b/stepaction/tekton-catalog-publish/0.3/tests/run.yaml @@ -0,0 +1,54 @@ +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: catalog-publish-test-task +spec: + workspaces: + - name: shared-workspace + steps: + - name: fetch-repository + ref: + name: git-clone + params: + - name: url + value: https://github.com/tektoncd/catalog + - name: subdirectory + value: "" + - name: deleteExisting + value: "true" + - name: output-path + value: $(workspaces.shared-workspace.path) + - name: reduce + image: alpine + script: | + set -e + cd "$(workspaces.shared-workspace.path)/stepaction" + ls | grep -v 'git-clone' | xargs rm -rf + - name: publish + params: + - name: REGISTRY + value: localhost:5000 + - name: RESOURCE + value: stepaction + - name: PATH + value: tekton/catalog/stepactions + - name: TAG + value: $(steps.fetch-repository.results.commit) + - name: catalogPath + value: $(workspaces.shared-workspace.path) + ref: + name: tekton-catalog-publish + sidecars: + - name: registry + image: registry +--- +apiVersion: tekton.dev/v1 +kind: TaskRun +metadata: + name: catalog-publish-test-task-run +spec: + taskRef: + name: catalog-publish-test-task + workspaces: + - name: shared-workspace + emptyDir: {} diff --git a/task/buildpacks-phases/0.3/README.md b/task/buildpacks-phases/0.3/README.md index d10116f..40c3608 100644 --- a/task/buildpacks-phases/0.3/README.md +++ b/task/buildpacks-phases/0.3/README.md @@ -96,7 +96,7 @@ spec: - name: revision value: main - name: pathInRepo - value: task/git-clone/0.9/git-clone.yaml + value: task/git-clone/0.10/git-clone.yaml workspaces: - name: output workspace: source-ws diff --git a/task/buildpacks-phases/0.3/samples/bp-env-vars.yaml b/task/buildpacks-phases/0.3/samples/bp-env-vars.yaml index c7a243d..1d798d8 100644 --- a/task/buildpacks-phases/0.3/samples/bp-env-vars.yaml +++ b/task/buildpacks-phases/0.3/samples/bp-env-vars.yaml @@ -48,7 +48,7 @@ spec: - name: revision value: main - name: pathInRepo - value: task/git-clone/0.9/git-clone.yaml + value: task/git-clone/0.10/git-clone.yaml workspaces: - name: output workspace: source-ws diff --git a/task/buildpacks-phases/0.3/samples/cache.yaml b/task/buildpacks-phases/0.3/samples/cache.yaml index 932f73f..ac14bce 100644 --- a/task/buildpacks-phases/0.3/samples/cache.yaml +++ b/task/buildpacks-phases/0.3/samples/cache.yaml @@ -60,7 +60,7 @@ spec: - name: revision value: main - name: pathInRepo - value: task/git-clone/0.9/git-clone.yaml + value: task/git-clone/0.10/git-clone.yaml workspaces: - name: output workspace: source-ws diff --git a/task/buildpacks-phases/0.3/samples/results.yaml b/task/buildpacks-phases/0.3/samples/results.yaml index 3ff2143..1a92dd9 100644 --- a/task/buildpacks-phases/0.3/samples/results.yaml +++ b/task/buildpacks-phases/0.3/samples/results.yaml @@ -48,7 +48,7 @@ spec: - name: revision value: main - name: pathInRepo - value: task/git-clone/0.9/git-clone.yaml + value: task/git-clone/0.10/git-clone.yaml workspaces: - name: output workspace: source-ws diff --git a/task/buildpacks-phases/0.3/tests/run.yaml b/task/buildpacks-phases/0.3/tests/run.yaml index 425738b..38be768 100644 --- a/task/buildpacks-phases/0.3/tests/run.yaml +++ b/task/buildpacks-phases/0.3/tests/run.yaml @@ -42,7 +42,7 @@ spec: - name: revision value: main - name: pathInRepo - value: task/git-clone/0.9/git-clone.yaml + value: task/git-clone/0.10/git-clone.yaml workspaces: - name: output workspace: source-ws diff --git a/task/codecov/0.1/codecov.yaml b/task/codecov/0.1/codecov.yaml index 8e5811c..3d714ea 100644 --- a/task/codecov/0.1/codecov.yaml +++ b/task/codecov/0.1/codecov.yaml @@ -11,6 +11,7 @@ metadata: tekton.dev/tags: build,ci tekton.dev/displayName: "upload coverage report to codecov" tekton.dev/platforms: "linux/amd64" + tekton.dev/deprecated: "true" spec: description: >- This task publishes coverage report to Codecov.io. @@ -37,7 +38,7 @@ spec: steps: - name: codecov-run - image: gcr.io/tekton-releases/dogfooding/test-runner@sha256:44aa00796831a4ed5586152058dd96a6d14174b8a4ea9fcae663fb37f72c9454 + image: ghcr.io/tektoncd/plumbing/test-runner@sha256:44aa00796831a4ed5586152058dd96a6d14174b8a4ea9fcae663fb37f72c9454 workingDir: $(workspaces.source.path) env: - name: CODECOV_TOKEN diff --git a/task/codecov/0.2/README.md b/task/codecov/0.2/README.md new file mode 100644 index 0000000..37c23e7 --- /dev/null +++ b/task/codecov/0.2/README.md @@ -0,0 +1,31 @@ +# Codecov + +Upload your code coverage to [codecov.io](https://codecov.io) + +## Installing the Task + +```bash +kubectl apply -f https://api.hub.tekton.dev/v1/resource/tekton/task/codecov/0.1/raw +``` + +## Parameters + +- **codecov-token-secret**: Name of the secret holding the codecov token. (_Default_: `codecov-token`) +- **codecov-token-secret-key**: Name of the secret key holding the codecov token. (_Default_: `token`) +- **args**: Extra arguments to be passed to the codecov script, more details [here](https://docs.codecov.io/docs/about-the-codecov-bash-uploader#arguments) (_Default_: [`-Z`]) + +## Platforms + +The Task can be run on `linux/amd64` platform. + +## Usage + +Generate the code coverage file for your project inside your workspace, see here +for the [codecov.io](https://codecov.io) documentation: + +https://docs.codecov.io/docs/supported-languages + +Follow with the codecov task to upload the coverage. + +See [this sample](./samples/codecov.sample.yaml) for a task uploading the +coverage of a python application. diff --git a/task/codecov/0.2/codecov.yaml b/task/codecov/0.2/codecov.yaml new file mode 100644 index 0000000..e2138ce --- /dev/null +++ b/task/codecov/0.2/codecov.yaml @@ -0,0 +1,52 @@ +--- +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: codecov + labels: + app.kubernetes.io/version: "0.2" + annotations: + tekton.dev/categories: Code Quality, Publishing + tekton.dev/pipelines.minVersion: "0.41.0" + tekton.dev/tags: build,ci + tekton.dev/displayName: "upload coverage report to codecov" + tekton.dev/platforms: "linux/amd64" +spec: + description: >- + This task publishes coverage report to Codecov.io. + + This task will help you publishes the coverage report of your project to + https://codecov.io. + + params: + - name: codecov-token-secret + type: string + description: Name of the secret holding the github-token. + default: codecov-token + - name: codecov-token-secret-key + type: string + description: Name of the secret key holding the codecov token + default: token + - name: args + type: array + description: Extra arguments to be passed to the codecov script. + default: ["-Z"] + + workspaces: + - name: source + + steps: + - name: codecov-run + image: ghcr.io/tektoncd/plumbing/test-runner@sha256:44aa00796831a4ed5586152058dd96a6d14174b8a4ea9fcae663fb37f72c9454 + workingDir: $(workspaces.source.path) + env: + - name: CODECOV_TOKEN + valueFrom: + secretKeyRef: + name: $(params.codecov-token-secret) + key: $(params.codecov-token-secret-key) + script: | + #!/usr/bin/env bash + bash <(wget -O- -o/dev/null https://codecov.io/bash) $@ + args: + - $(params.args) diff --git a/task/codecov/0.2/samples/codecov.sample.yaml b/task/codecov/0.2/samples/codecov.sample.yaml new file mode 100644 index 0000000..43e30d7 --- /dev/null +++ b/task/codecov/0.2/samples/codecov.sample.yaml @@ -0,0 +1,60 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: PipelineRun +metadata: + generateName: codecov-python-sample-run- +spec: + pipelineSpec: + params: + - name: repo_url + - name: revision + workspaces: + - name: source + tasks: + - name: fetch + taskRef: + name: git-clone + params: + - name: url + value: $(params.repo_url) + - name: revision + value: $(params.revision) + workspaces: + - name: output + workspace: source + - name: python-unittest + runAfter: [fetch] + taskRef: + name: pytest + params: + - name: ARGS + value: "--cov=./ --cov-report=xml" + workspaces: + - name: source + workspace: source + - name: codecov + runAfter: [python-unittest] + taskRef: + name: codecov + params: + - name: codecov-token-secret + value: "codecov-secret" + - name: codecov-token-secret-key + value: "secret" + workspaces: + - name: source + workspace: source + params: + - name: repo_url + value: https://github.com/pypa/sampleproject + - name: revision + value: master + workspaces: + - name: source + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi diff --git a/task/codecov/0.2/tests/pre-apply-task-hook.sh b/task/codecov/0.2/tests/pre-apply-task-hook.sh new file mode 100755 index 0000000..ca60d45 --- /dev/null +++ b/task/codecov/0.2/tests/pre-apply-task-hook.sh @@ -0,0 +1,3 @@ +#!/bin/bash +add_task git-clone latest +add_task golang-test latest diff --git a/task/codecov/0.2/tests/run.yaml b/task/codecov/0.2/tests/run.yaml new file mode 100644 index 0000000..aa5b088 --- /dev/null +++ b/task/codecov/0.2/tests/run.yaml @@ -0,0 +1,65 @@ +--- +# Dummy secret used for tests. +kind: Secret +apiVersion: v1 +metadata: + name: codecov-token +stringData: + token: SECRET_TOKEN +--- +apiVersion: tekton.dev/v1beta1 +kind: PipelineRun +metadata: + name: codecov-test +spec: + pipelineSpec: + workspaces: + - name: source + tasks: + - name: fetch-repository + taskRef: + name: git-clone + workspaces: + - name: output + workspace: source + params: + - name: url + value: https://github.com/chmouel/go-rest-api-test + - name: subdirectory + value: "" + - name: deleteExisting + value: "true" + + - name: run-test + taskRef: + name: golang-test + runAfter: + - fetch-repository + workspaces: + - name: source + workspace: source + params: + - name: package + value: github.com/chmouel/go-rest-api-test + - name: flags + value: "-race -coverprofile=coverage.txt -covermode=atomic" + - name: codecov-test + runAfter: + - run-test + taskRef: + name: codecov + params: + - name: args + value: ["-d"] + workspaces: + - name: source + workspace: source + workspaces: + - name: source + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 500Mi diff --git a/task/git-batch-merge/0.1/git-batch-merge.yaml b/task/git-batch-merge/0.1/git-batch-merge.yaml index e6e04d6..d0736db 100644 --- a/task/git-batch-merge/0.1/git-batch-merge.yaml +++ b/task/git-batch-merge/0.1/git-batch-merge.yaml @@ -10,6 +10,7 @@ metadata: tekton.dev/tags: git tekton.dev/displayName: "git batch merge" tekton.dev/platforms: "linux/amd64" + tekton.dev/deprecated: "true" spec: description: >- This task takes a set of refspecs, fetches them and performs git operations @@ -79,7 +80,7 @@ spec: description: The git tree SHA that was obtained after batching all provided refs onto revision. steps: - name: clone - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.14.2 + image: ghcr.io/tektoncd/github.com/tektoncd/pipeline/cmd/git-init:v0.14.2 script: | CHECKOUT_DIR="$(workspaces.output.path)/$(params.subdirectory)" diff --git a/task/git-batch-merge/0.2/git-batch-merge.yaml b/task/git-batch-merge/0.2/git-batch-merge.yaml index 88e380e..49abeb4 100644 --- a/task/git-batch-merge/0.2/git-batch-merge.yaml +++ b/task/git-batch-merge/0.2/git-batch-merge.yaml @@ -10,6 +10,7 @@ metadata: tekton.dev/tags: git tekton.dev/displayName: "git batch merge" tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" + tekton.dev/deprecated: "true" spec: description: >- This task takes a set of refspecs, fetches them and performs git operations @@ -74,7 +75,7 @@ spec: default: "false" - name: gitInitImage description: The image used where the git-init binary is. - default: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.18.1" + default: "ghcr.io/tektoncd/github.com/tektoncd/pipeline/cmd/git-init:v0.18.1" type: string results: - name: commit diff --git a/task/git-batch-merge/0.3/README.md b/task/git-batch-merge/0.3/README.md new file mode 100644 index 0000000..cb08581 --- /dev/null +++ b/task/git-batch-merge/0.3/README.md @@ -0,0 +1,53 @@ +# Git Task + +This `Task` is Git task to work with repositories used by other tasks +in your Pipeline. + +## `git-batch-merge` + +This task takes a set of refspecs, fetches them and performs git operations +(cherry-pick or merge) to apply them in order on the given base revision (default master). +The resulting commit SHA will not match across taskruns, but the git tree SHA should +match. This can be useful for batch testing changes, for example, when you want to +batch up your PRs into a single merge by taking the HEAD of the branch you want to merge +to, and adding all the PRs to it. This concept is used in tools such as [Tide][tide] to +batch test PR's, and [Zuul CI Gating][zuul-ci], to perform speculative execution of +PR's/change requests individually + +This `Task` has four required inputs: + +1. The URL of a git repo to clone provided with the `url` param. +1. A space separated string of refs `BatchedRefs` to fetch and batch over the given `revision` +1. Merge `mode` to use while batching (merge, merge-resolve, merge-squash, cherry-pick) +1. A Workspace called `output`. + +There are 4 additional parameters in addition to the ones mentioned above for the git-clone task: +* **batchedRefs**: space separated git [refnames][git-ref] to fetch and batch on top of revision using the given mode + (must be a valid refs, no commit SHA's). +* **mode**: Batch mode to select (_default_: merge)
+   `merge`: corresponds to git merge -s recursive. This is the default mode used by github
+   `cherry-pick`: corresponds to git cherry-pick
+ See [git-merge][git-merge] and [git-cherry-pick][git-cherry-pick] +* **gitUserName**: git user name to use for creating the batched commit (First Last) + (_default_: GitBatch Task). See [git-user-config][git-user-config] +* **gitUserEmail**: git user email to use for creating the batched commit (First.Last@domain.com) + (_default_: GitBatch.Task@tekton.dev). See [git-user-config][git-user-config] + +### Results + +* **commit**: The precise commit SHA that was fetched by this Task +* **tree**: The [git tree][git-tree] object SHA that was created after batch merging the refs on HEAD. + +## Platforms + +The Task can be run on `linux/amd64`, `linux/s390x`, `linux/arm64`, and `linux/ppc64le` platforms. + +### Usage + +[git-ref](https://git-scm.com/book/en/v2/Git-Internals-Git-References) +[git-merge](https://git-scm.com/docs/git-merge) +[git-cherry-pick](https://git-scm.com/docs/git-cherry-pick) +[git-user-config](https://git-scm.com/docs/git-config#Documentation/git-config.txt-username) +[git-tree](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects) +[tide](https://github.com/kubernetes/test-infra/blob/master/prow/cmd/tide/README.md) +[zuul-ci](https://zuul-ci.org/docs/zuul/discussion/gating.html) diff --git a/task/git-batch-merge/0.3/git-batch-merge.yaml b/task/git-batch-merge/0.3/git-batch-merge.yaml new file mode 100644 index 0000000..47aaf02 --- /dev/null +++ b/task/git-batch-merge/0.3/git-batch-merge.yaml @@ -0,0 +1,145 @@ +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: git-batch-merge + labels: + app.kubernetes.io/version: "0.3" + annotations: + tekton.dev/pipelines.minVersion: "0.41.0" + tekton.dev/categories: Git + tekton.dev/tags: git + tekton.dev/displayName: "git batch merge" + tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" +spec: + description: >- + This task takes a set of refspecs, fetches them and performs git operations + (cherry-pick or merge) to apply them in order on the given base revision (default master). + + The resulting commit SHA will not match across taskruns, but the git tree SHA should + match. This can be useful for batch testing changes, for example, when you want to + batch up your PRs into a single merge by taking the HEAD of the branch you want to merge + to, and adding all the PRs to it. This concept is used in tools such as Tide to + batch test PR’s, and Zuul CI Gating, to perform speculative execution of + PR’s/change requests individually + + workspaces: + - name: output + description: The git repo will be cloned onto the volume backing this workspace + params: + - name: url + description: git url to clone + type: string + - name: revision + description: base git revision to checkout (branch, tag, sha, refâ€Ļ) + type: string + default: master + - name: refspec + description: base git refspec to fetch before checking out revision + type: string + default: "refs/heads/master:refs/heads/master" + - name: batchedRefs + description: git refs to fetch and batch on top of revision using the given mode (must be a valid refname, no commit SHA's) + type: string + - name: gitUserName + description: git user name to use for creating the batched commit (First Last) + type: string + default: GitBatch Task + - name: gitUserEmail + description: git user email to use for creating the batched commit (First.Last@domain.com) + type: string + default: GitBatch.Task@tekton.dev + - name: mode + description: git operation to perform while batching (choose from merge, cherry-pick) + type: string + default: merge + - name: submodules + description: defines if the resource should initialize and fetch the submodules + type: string + default: "true" + - name: depth + description: performs a shallow clone where only the most recent commit(s) will be fetched + type: string + default: "0" + - name: sslVerify + description: defines if http.sslVerify should be set to true or false in the global git config + type: string + default: "true" + - name: subdirectory + description: subdirectory inside the "output" workspace to clone the git repo into + type: string + default: "" + - name: deleteExisting + description: clean out the contents of the repo's destination directory (if it already exists) before trying to clone the repo there + type: string + default: "false" + - name: gitInitImage + description: The image used where the git-init binary is. + default: "ghcr.io/tektoncd/github.com/tektoncd/pipeline/cmd/git-init:v0.18.1" + type: string + results: + - name: commit + description: The final commit SHA that was obtained after batching all provided refs onto revision + - name: tree + description: The git tree SHA that was obtained after batching all provided refs onto revision. + steps: + - name: clone + image: $(params.gitInitImage) + script: | + CHECKOUT_DIR="$(workspaces.output.path)/$(params.subdirectory)" + + cleandir() { + # Delete any existing contents of the repo directory if it exists. + # + # We don't just "rm -rf $CHECKOUT_DIR" because $CHECKOUT_DIR might be "/" + # or the root of a mounted volume. + if [[ -d "$CHECKOUT_DIR" ]] ; then + # Delete non-hidden files and directories + rm -rf "$CHECKOUT_DIR"/* + # Delete files and directories starting with . but excluding .. + rm -rf "$CHECKOUT_DIR"/.[!.]* + # Delete files and directories starting with .. plus any other character + rm -rf "$CHECKOUT_DIR"/..?* + fi + } + + if [[ "$(params.deleteExisting)" == "true" ]] ; then + cleandir + fi + + p="$(params.batchedRefs)" + refs="$(params.refspec)" + for ref in $p; do + refs="$refs $ref:refs/batch/$ref" + done + + /ko-app/git-init \ + -url "$(params.url)" \ + -revision "$(params.revision)" \ + -refspec "$refs" \ + -path "$CHECKOUT_DIR" \ + -sslVerify="$(params.sslVerify)" \ + -submodules="$(params.submodules)" \ + -depth "$(params.depth)" + + git -C $CHECKOUT_DIR config user.name "$(params.gitUserName)" + git -C $CHECKOUT_DIR config user.email "$(params.gitUserEmail)" + + mode="$(params.mode)" + if [[ $mode == "merge" ]]; then + for ref in $p; do + git -C $CHECKOUT_DIR merge --quiet --allow-unrelated-histories refs/batch/$ref + done + elif [[ $mode == "cherry-pick" ]]; then + for ref in $p; do + git -C $CHECKOUT_DIR cherry-pick --allow-empty --keep-redundant-commits refs/batch/$ref + done + else + echo "unsupported mode $mode" + exit 1 + fi + + RESULT_SHA="$(git -C $CHECKOUT_DIR rev-parse HEAD)" + TREE_SHA="$(git -C $CHECKOUT_DIR rev-parse HEAD^{tree})" + # Make sure we don't add a trailing newline to the result! + echo -n "$(echo $RESULT_SHA | tr -d '\n')" > $(results.commit.path) + echo -n "$(echo $TREE_SHA | tr -d '\n')" > $(results.tree.path) diff --git a/task/git-batch-merge/0.3/tests/run.yaml b/task/git-batch-merge/0.3/tests/run.yaml new file mode 100644 index 0000000..b1d564c --- /dev/null +++ b/task/git-batch-merge/0.3/tests/run.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: TaskRun +metadata: + name: git-batch-merge-test-mode-merge +spec: + workspaces: + - name: output + emptyDir: {} + taskRef: + name: git-batch-merge + params: + - name: url + value: https://github.com/tektoncd/catalog + - name: mode + value: "merge" + - name: refspec + value: "refs/heads/main:refs/heads/main" + - name: batchedRefs + value: "refs/pull/474/head refs/pull/475/head" + - name: revision + value: 3c23c446a970c5e02c011c894e2387e685ca086c +--- +apiVersion: tekton.dev/v1beta1 +kind: TaskRun +metadata: + name: git-batch-merge-test-mode-merge-cherry-pick +spec: + workspaces: + - name: output + emptyDir: {} + taskRef: + name: git-batch-merge + params: + - name: url + value: https://github.com/tektoncd/catalog + - name: mode + value: "cherry-pick" + - name: refspec + value: "refs/heads/main:refs/heads/main" + - name: batchedRefs + value: "refs/pull/474/head refs/pull/475/head" + - name: revision + value: 3c23c446a970c5e02c011c894e2387e685ca086c diff --git a/task/git-clone/0.1/git-clone.yaml b/task/git-clone/0.1/git-clone.yaml index 4cbc39b..02304b6 100644 --- a/task/git-clone/0.1/git-clone.yaml +++ b/task/git-clone/0.1/git-clone.yaml @@ -10,6 +10,7 @@ metadata: tekton.dev/tags: git tekton.dev/displayName: "git clone" tekton.dev/platforms: "linux/amd64" + tekton.dev/deprecated: "true" spec: description: >- These Tasks are Git tasks to work with repositories used by other tasks @@ -68,7 +69,7 @@ spec: default: "" - name: gitInitImage description: The image used where the git-init binary is. - default: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.15.2" + default: "ghcr.io/tektoncd/github.com/tektoncd/pipeline/cmd/git-init:v0.15.2" type: string - name: userHome description: | diff --git a/task/git-clone/0.2/git-clone.yaml b/task/git-clone/0.2/git-clone.yaml index 5d7bf5c..1c1f733 100644 --- a/task/git-clone/0.2/git-clone.yaml +++ b/task/git-clone/0.2/git-clone.yaml @@ -10,6 +10,7 @@ metadata: tekton.dev/tags: git tekton.dev/displayName: "git clone" tekton.dev/platforms: "linux/amd64" + tekton.dev/deprecated: "true" spec: description: >- These Tasks are Git tasks to work with repositories used by other tasks @@ -73,7 +74,7 @@ spec: - name: gitInitImage description: the image used where the git-init binary is type: string - default: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.18.1" + default: "ghcr.io/tektoncd/github.com/tektoncd/pipeline/cmd/git-init:v0.18.1" results: - name: commit description: The precise commit SHA that was fetched by this Task diff --git a/task/git-clone/0.3/git-clone.yaml b/task/git-clone/0.3/git-clone.yaml index 0cc4623..30750e5 100644 --- a/task/git-clone/0.3/git-clone.yaml +++ b/task/git-clone/0.3/git-clone.yaml @@ -10,6 +10,7 @@ metadata: tekton.dev/tags: git tekton.dev/displayName: "git clone" tekton.dev/platforms: "linux/amd64" + tekton.dev/deprecated: "true" spec: description: >- These Tasks are Git tasks to work with repositories used by other tasks @@ -79,7 +80,7 @@ spec: - name: gitInitImage description: the image used where the git-init binary is type: string - default: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.21.0" + default: "ghcr.io/tektoncd/github.com/tektoncd/pipeline/cmd/git-init:v0.21.0" results: - name: commit description: The precise commit SHA that was fetched by this Task diff --git a/task/git-clone/0.4/git-clone.yaml b/task/git-clone/0.4/git-clone.yaml index dc544d2..214e9f6 100644 --- a/task/git-clone/0.4/git-clone.yaml +++ b/task/git-clone/0.4/git-clone.yaml @@ -10,6 +10,7 @@ metadata: tekton.dev/tags: git tekton.dev/displayName: "git clone" tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" + tekton.dev/deprecated: "true" spec: description: >- These Tasks are Git tasks to work with repositories used by other tasks @@ -93,7 +94,7 @@ spec: - name: gitInitImage description: The image providing the git-init binary that this Task runs. type: string - default: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.21.0" + default: "ghcr.io/tektoncd/github.com/tektoncd/pipeline/cmd/git-init:v0.21.0" - name: userHome description: | Absolute path to the user's home directory. Set this explicitly if you are running the image as a non-root user or have overridden diff --git a/task/git-clone/0.5/git-clone.yaml b/task/git-clone/0.5/git-clone.yaml index 844f9d6..a735b34 100644 --- a/task/git-clone/0.5/git-clone.yaml +++ b/task/git-clone/0.5/git-clone.yaml @@ -10,6 +10,7 @@ metadata: tekton.dev/tags: git tekton.dev/displayName: "git clone" tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" + tekton.dev/deprecated: "true" spec: description: >- These Tasks are Git tasks to work with repositories used by other tasks @@ -98,7 +99,7 @@ spec: - name: gitInitImage description: The image providing the git-init binary that this Task runs. type: string - default: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.21.0" + default: "ghcr.io/tektoncd/github.com/tektoncd/pipeline/cmd/git-init:v0.21.0" - name: userHome description: | Absolute path to the user's home directory. Set this explicitly if you are running the image as a non-root user or have overridden diff --git a/task/git-clone/0.6/git-clone.yaml b/task/git-clone/0.6/git-clone.yaml index 46222f1..e0548d1 100644 --- a/task/git-clone/0.6/git-clone.yaml +++ b/task/git-clone/0.6/git-clone.yaml @@ -10,6 +10,7 @@ metadata: tekton.dev/tags: git tekton.dev/displayName: "git clone" tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" + tekton.dev/deprecated: "true" spec: description: >- These Tasks are Git tasks to work with repositories used by other tasks @@ -98,7 +99,7 @@ spec: - name: gitInitImage description: The image providing the git-init binary that this Task runs. type: string - default: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.29.0" + default: "ghcr.io/tektoncd/github.com/tektoncd/pipeline/cmd/git-init:v0.29.0" - name: userHome description: | Absolute path to the user's home directory. Set this explicitly if you are running the image as a non-root user or have overridden diff --git a/task/git-clone/0.7/git-clone.yaml b/task/git-clone/0.7/git-clone.yaml index d40eedf..4fa2959 100644 --- a/task/git-clone/0.7/git-clone.yaml +++ b/task/git-clone/0.7/git-clone.yaml @@ -10,6 +10,7 @@ metadata: tekton.dev/tags: git tekton.dev/displayName: "git clone" tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" + tekton.dev/deprecated: "true" spec: description: >- These Tasks are Git tasks to work with repositories used by other tasks @@ -102,7 +103,7 @@ spec: - name: gitInitImage description: The image providing the git-init binary that this Task runs. type: string - default: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.29.0" + default: "ghcr.io/tektoncd/github.com/tektoncd/pipeline/cmd/git-init:v0.29.0" - name: userHome description: | Absolute path to the user's home directory. Set this explicitly if you are running the image as a non-root user or have overridden diff --git a/task/git-clone/0.8/git-clone.yaml b/task/git-clone/0.8/git-clone.yaml index 6b17769..31f65ab 100644 --- a/task/git-clone/0.8/git-clone.yaml +++ b/task/git-clone/0.8/git-clone.yaml @@ -10,6 +10,7 @@ metadata: tekton.dev/tags: git tekton.dev/displayName: "git clone" tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" + tekton.dev/deprecated: "true" spec: description: >- These Tasks are Git tasks to work with repositories used by other tasks @@ -102,7 +103,7 @@ spec: - name: gitInitImage description: The image providing the git-init binary that this Task runs. type: string - default: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.29.0" + default: "ghcr.io/tektoncd/github.com/tektoncd/pipeline/cmd/git-init:v0.29.0" - name: userHome description: | Absolute path to the user's home directory. diff --git a/task/git-clone/0.9/git-clone.yaml b/task/git-clone/0.9/git-clone.yaml index 0ac2d72..11cd44f 100644 --- a/task/git-clone/0.9/git-clone.yaml +++ b/task/git-clone/0.9/git-clone.yaml @@ -10,6 +10,7 @@ metadata: tekton.dev/tags: git tekton.dev/displayName: "git clone" tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" + tekton.dev/deprecated: "true" spec: description: >- These Tasks are Git tasks to work with repositories used by other tasks @@ -102,7 +103,7 @@ spec: - name: gitInitImage description: The image providing the git-init binary that this Task runs. type: string - default: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.40.2" + default: "ghcr.io/tektoncd/github.com/tektoncd/pipeline/cmd/git-init:v0.40.2" - name: userHome description: | Absolute path to the user's home directory. diff --git a/task/grype/0.1/tests/run-daemon.yaml b/task/grype/0.1/tests/run-daemon.yaml index 47e7a89..a60503a 100644 --- a/task/grype/0.1/tests/run-daemon.yaml +++ b/task/grype/0.1/tests/run-daemon.yaml @@ -26,7 +26,7 @@ spec: params: - name: ARGS value: - - gcr.io/tekton-releases/dogfooding/tkn + - ghcr.io/tektoncd/plumbing/tkn pipelineRef: name: pipeline-grype-test-daemon timeout: 10m diff --git a/task/kaniko/0.1/kaniko.yaml b/task/kaniko/0.1/kaniko.yaml index 528513b..12b8792 100644 --- a/task/kaniko/0.1/kaniko.yaml +++ b/task/kaniko/0.1/kaniko.yaml @@ -62,7 +62,7 @@ spec: runAsUser: 0 - name: write-digest workingDir: $(workspaces.source.path) - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/imagedigestexporter:v0.16.2 + image: ghcr.io/tektoncd/github.com/tektoncd/pipeline/cmd/imagedigestexporter:v0.16.2 # output of imagedigestexport [{"key":"digest","value":"sha256:eed29..660","resourceRef":{"name":"myrepo/myimage"}}] command: ["/ko-app/imagedigestexporter"] args: diff --git a/task/kaniko/0.2/kaniko.yaml b/task/kaniko/0.2/kaniko.yaml index 9b6edd7..bbec6a5 100644 --- a/task/kaniko/0.2/kaniko.yaml +++ b/task/kaniko/0.2/kaniko.yaml @@ -61,7 +61,7 @@ spec: runAsUser: 0 - name: write-digest workingDir: $(workspaces.source.path) - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/imagedigestexporter:v0.16.2 + image: ghcr.io/tektoncd/github.com/tektoncd/pipeline/cmd/imagedigestexporter:v0.16.2 # output of imagedigestexport [{"key":"digest","value":"sha256:eed29..660","resourceRef":{"name":"myrepo/myimage"}}] command: ["/ko-app/imagedigestexporter"] args: diff --git a/task/kaniko/0.3/kaniko.yaml b/task/kaniko/0.3/kaniko.yaml index 274b513..c161a2f 100644 --- a/task/kaniko/0.3/kaniko.yaml +++ b/task/kaniko/0.3/kaniko.yaml @@ -61,7 +61,7 @@ spec: runAsUser: 0 - name: write-digest workingDir: $(workspaces.source.path) - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/imagedigestexporter:v0.16.2 + image: ghcr.io/tektoncd/github.com/tektoncd/pipeline/cmd/imagedigestexporter:v0.16.2 # output of imagedigestexport [{"key":"digest","value":"sha256:eed29..660","resourceRef":{"name":"myrepo/myimage"}}] command: ["/ko-app/imagedigestexporter"] args: diff --git a/task/kaniko/0.4/kaniko.yaml b/task/kaniko/0.4/kaniko.yaml index 197ef3b..a07f109 100644 --- a/task/kaniko/0.4/kaniko.yaml +++ b/task/kaniko/0.4/kaniko.yaml @@ -66,7 +66,7 @@ spec: runAsUser: 0 - name: write-digest workingDir: $(workspaces.source.path) - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/imagedigestexporter:v0.18.0 + image: ghcr.io/tektoncd/github.com/tektoncd/pipeline/cmd/imagedigestexporter:v0.18.0 # output of imagedigestexport [{"key":"digest","value":"sha256:eed29..660","resourceRef":{"name":"myrepo/myimage"}}] command: ["/ko-app/imagedigestexporter"] args: diff --git a/task/kind/0.1/tests/run.yaml b/task/kind/0.1/tests/run.yaml index 1cb3e86..783f925 100644 --- a/task/kind/0.1/tests/run.yaml +++ b/task/kind/0.1/tests/run.yaml @@ -23,7 +23,7 @@ spec: - name: command value: ["$(workspaces.source.path)/test.sh"] - name: image - value: gcr.io/tekton-releases/dogfooding/kind-runner@sha256:bfe11e36d3d44ac89e5e9b39382c9b3638f5a3fedc3dc45b54ade8bb0248286d + value: ghcr.io/tektoncd/plumbing/kind-runner@sha256:bfe11e36d3d44ac89e5e9b39382c9b3638f5a3fedc3dc45b54ade8bb0248286d workspaces: - name: source workspace: workspace diff --git a/task/kubeconfig-creator/0.1/kubeconfig-creator.yaml b/task/kubeconfig-creator/0.1/kubeconfig-creator.yaml index 8831444..3620a67 100644 --- a/task/kubeconfig-creator/0.1/kubeconfig-creator.yaml +++ b/task/kubeconfig-creator/0.1/kubeconfig-creator.yaml @@ -10,6 +10,7 @@ metadata: tekton.dev/tags: deploy tekton.dev/displayName: "kubeconfig creator" tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le" + tekton.dev/deprecated: "true" spec: description: >- This Task do a similar job to the Cluster PipelineResource and @@ -63,7 +64,7 @@ spec: - name: output steps: - name: write - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/kubeconfigwriter@sha256:b2c6d0962cda88fb3095128b6202da9b0e6c9c0df3ef6cf7863505ffd25072fd #tag: v0.20.1 + image: ghcr.io/tektoncd/github.com/tektoncd/pipeline/cmd/kubeconfigwriter@sha256:b2c6d0962cda88fb3095128b6202da9b0e6c9c0df3ef6cf7863505ffd25072fd #tag: v0.20.1 command: ["/ko-app/kubeconfigwriter"] args: # passing the required json in the form of string to generate the kubeconfig file. diff --git a/task/kubeconfig-creator/0.2/README.md b/task/kubeconfig-creator/0.2/README.md new file mode 100644 index 0000000..cb0096e --- /dev/null +++ b/task/kubeconfig-creator/0.2/README.md @@ -0,0 +1,130 @@ +# Kubeconfig Creator Task + +This `Task` do a similar job to the [Cluster](https://github.com/tektoncd/pipeline/blob/main/docs/resources.md#cluster-resource) +`PipelineResource` and +are intended as its replacement. This is part of our plan to [offer replacement +`tasks` for Pipeline Resources](https://github.com/tektoncd/catalog/issues/95) +as well as +[document those replacements](https://github.com/tektoncd/pipeline/issues/1369). + +This task creates a [kubeconfig](https://kubernetes.io/docs/tasks/access-application-cluster/configure-access-multiple-clusters/) +file that can be used to configure access to the different clusters. +A common use case for this task is to deploy your `application/function` on different clusters. + +The task will use the [kubeconfigwriter](https://github.com/tektoncd/pipeline/blob/main/cmd/kubeconfigwriter/main.go) +image and the provided parameters to create a `kubeconfig` file that can be used by other tasks +in the pipeline to access the target cluster. The kubeconfig will be placed at +`/workspace//kubeconfig`. + +This task provides users variety of ways to authenticate: +- Authenticate using tokens. +- Authenticate using client key and client certificates. + +## Install the Task + +``` +kubectl apply -f https://api.hub.tekton.dev/v1/resource/tekton/task/kubeconfig-creator/0.1/raw +``` + +## Workspace + +* **output**: A workspace that stores the generated kubeconfig file, such that it can be used in the other tasks to access the cluster. + + +## Parameters + +* **Name**: Name of the `cluster`. +* **URL**: Address of the target cluster (_e.g.:_ + `https://hostname:port`) +* **Username**: Username for basic authentication to the cluster +(_default:_ `""`) +* **Password**: Password for basic authentication to the cluster +(_default:_ `""`) +* **Cadata**: Contains PEM-encoded certificate authority certificates +(_default:_ `""`) +* **ClientKeyData**: Contains PEM-encoded data from a client key file for TLS +(_default:_ `""`) +* **ClientCertificateData**: Contains PEM-encoded data from a client cert file for TLS +(_default:_ `""`) +* **Namespace**: Default namespace to use on unspecified requests +(_default:_ `""`) +* **Token**: Bearer token for authentication to the cluster +(_default:_ `""`) +* **Insecure**: If true, skips the validity check for the server's certificate. +This will make your HTTPS connections insecure +(_default:_ `false`) + +## Platforms + +The Task can be run on `linux/amd64`, `linux/s390x` and `linux/ppc64le` platforms. + +## Usage + +This [example](../0.1/samples) task uses a +`shared workspace` with [`PVC`](https://kubernetes.io/docs/concepts/storage/persistent-volumes) +to store the `kubeconfig` in the `output` directory. +Kubeconfig file is stored at `/workspace//kubeconfig`. + +Task can be used with the other task in the pipeline to authenticate the cluster. +In this example, pipeline has a task `kubeconfig-creator` that generates a +`kubeconfig file` for the cluster and the `test-task` uses that kubeconfig file and verifiy whether the +application has an access to the cluster or not by using some `kubectl/oc` commands. + +Required `params` can be passed in the pipeline as follows: + +``` +params: + - name: name + value: cluster-bot + - name: username + value: admin + - name: url + value: https://api.ci-ln-13f81c2-d5d6b.origin-ci-int-aws.dev.rhcloud.com:6443 + - name: cadata + value: LS0tLS1C.... + - name: clientCertificateData + value: LS0tLS1C.... + - name: clientKeyData + value: LS0tLS1C.... +``` +[This](../0.1/samples/pipeline.yaml) can be referred for the pipeline example. + + +`Test-task` uses shared-workspace to fetch the kubeconfig file from the +`input` named workspace and uses `oc` commands to check whether + the `cluster` is configured or not. + +``` +steps: + - name: get + image: quay.io/openshift/origin-cli:4.6 + script: | + export KUBECONFIG="$(workspaces.input.path)/$(inputs.params.filename)" + # + # check that the cluster is configured + oc get pods +``` + +Workspace with `PVC` is used, as shown below. +``` +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: kubeconfig-pvc +spec: + resources: + requests: + storage: 5Gi + volumeMode: Filesystem + accessModes: + - ReadWriteOnce + ``` + + Finally, PipelineRun is used to execute the tasks in the pipeline and get the results. + Reference for sample PipelineRun can be found [here](../kubeconfig-creator/example/pipelinerun.yaml). + +***NOTE*** + +- Since only one `authentication` technique is allowed per user, either a `token` or a `password` should be provided, if both are provided, the password will be ignored. + +- `clientKeyData` and `clientCertificateData` are only required if `token` or `password` is not provided for authentication to cluster. diff --git a/task/kubeconfig-creator/0.2/kubeconfig-creator.yaml b/task/kubeconfig-creator/0.2/kubeconfig-creator.yaml new file mode 100644 index 0000000..f7e10de --- /dev/null +++ b/task/kubeconfig-creator/0.2/kubeconfig-creator.yaml @@ -0,0 +1,86 @@ +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: kubeconfig-creator + labels: + app.kubernetes.io/version: "0.2" + annotations: + tekton.dev/pipelines.minVersion: "0.41.0" + tekton.dev/categories: Deployment, Kubernetes + tekton.dev/tags: deploy + tekton.dev/displayName: "kubeconfig creator" + tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le" +spec: + description: >- + This Task do a similar job to the Cluster PipelineResource and + are intended as its replacement. + + This task creates a kubeconfig file that can be used to configure access + to the different clusters. A common use case for this task is to deploy your + application/function on different clusters. The task will use the kubeconfigwriter + image and the provided parameters to create a kubeconfig file that can be used by + other tasks in the pipeline to access the target cluster. + + params: + - name: name + description: name of the cluster + type: string + - name: url + description: address of the cluster + type: string + - name: username + description: username for basic authentication to the cluster + type: string + - name: password + description: password for basic authentication to the cluster + type: string + default: "" + - name: cadata + description: contains PEM-encoded certificate authority certificates + type: string + default: "" + - name: clientKeyData + description: contains PEM-encoded data from a client key file for TLS + type: string + default: "" + - name: clientCertificateData + description: contains PEM-encoded data from a client cert file for TLS + type: string + default: "" + - name: namespace + description: default namespace to use on unspecified requests + type: string + default: "" + - name: token + description: bearer token for authentication to the cluster + type: string + default: "" + - name: insecure + description: to indicate server should be accessed without verifying the TLS certificate + type: string + default: "false" + workspaces: + - name: output + steps: + - name: write + image: ghcr.io/tektoncd/github.com/tektoncd/pipeline/cmd/kubeconfigwriter@sha256:b2c6d0962cda88fb3095128b6202da9b0e6c9c0df3ef6cf7863505ffd25072fd #tag: v0.20.1 + command: ["/ko-app/kubeconfigwriter"] + args: + # passing the required json in the form of string to generate the kubeconfig file. + # + - -clusterConfig + - '{ + "name":"$(params.name)", + "url":"$(params.url)", + "username":"$(params.username)", + "password":"$(params.password)", + "cadata":"$(params.cadata)", + "clientKeyData":"$(params.clientKeyData)", + "clientCertificateData":"$(params.clientCertificateData)", + "namespace":"$(params.namespace)", + "token":"$(params.token)", + "Insecure":$(params.insecure) + }' + # path to the destination directory, where kubeconfig file will be stored. + - -destinationDir + - '$(workspaces.output.path)' diff --git a/task/kubeconfig-creator/0.2/samples/pers-vol.yaml b/task/kubeconfig-creator/0.2/samples/pers-vol.yaml new file mode 100644 index 0000000..830dd60 --- /dev/null +++ b/task/kubeconfig-creator/0.2/samples/pers-vol.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: kubeconfig-pvc +spec: + resources: + requests: + storage: 5Gi + volumeMode: Filesystem + accessModes: + - ReadWriteOnce \ No newline at end of file diff --git a/task/kubeconfig-creator/0.2/samples/pipeline.yaml b/task/kubeconfig-creator/0.2/samples/pipeline.yaml new file mode 100644 index 0000000..6df814d --- /dev/null +++ b/task/kubeconfig-creator/0.2/samples/pipeline.yaml @@ -0,0 +1,38 @@ +apiVersion: tekton.dev/v1beta1 +kind: Pipeline +metadata: + name: kubeconfig-test-pipeline +spec: + workspaces: + - name: shared-workspace + tasks: + - name: kubeconfig-creator + taskRef: + name: kubeconfig-creator + workspaces: + - name: output + workspace: shared-workspace + params: + - name: name + value: cluster-bot + - name: username + value: kubeadmin + - name: url + value: https://api.ci-ln-... + - name: cadata + value: LS0tLS... + - name: clientKeyData + value: LS0tLS... + - name: clientCertificateData + value: LS0tLS... + - name: authentication-test + taskRef: + name: authentication-test + workspaces: + - name: input + workspace: shared-workspace + params: + - name: filename + value: kubeconfig + runAfter: + - kubeconfig-creator \ No newline at end of file diff --git a/task/kubeconfig-creator/0.2/samples/pipelinerun.yaml b/task/kubeconfig-creator/0.2/samples/pipelinerun.yaml new file mode 100644 index 0000000..011c2fa --- /dev/null +++ b/task/kubeconfig-creator/0.2/samples/pipelinerun.yaml @@ -0,0 +1,11 @@ +apiVersion: tekton.dev/v1beta1 +kind: PipelineRun +metadata: + name: kubeconfig-test-pipeline-run +spec: + pipelineRef: + name: kubeconfig-test-pipeline + workspaces: + - name: shared-workspace + persistentVolumeClaim: + claimName: kubeconfig-pvc \ No newline at end of file diff --git a/task/kubeconfig-creator/0.2/samples/test-task.yaml b/task/kubeconfig-creator/0.2/samples/test-task.yaml new file mode 100644 index 0000000..808729a --- /dev/null +++ b/task/kubeconfig-creator/0.2/samples/test-task.yaml @@ -0,0 +1,21 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: authentication-test +spec: + params: + - name: filename + description: kubeconfig file name + type: string + workspaces: + - name: input + readOnly: true + steps: + - name: get + image: quay.io/openshift/origin-cli:4.6 + script: | + + export KUBECONFIG="$(workspaces.input.path)/$(inputs.params.filename)" + # + # check that the cluster is configured + oc get pods diff --git a/task/kubeconfig-creator/0.2/tests/run.yaml b/task/kubeconfig-creator/0.2/tests/run.yaml new file mode 100644 index 0000000..610c8bc --- /dev/null +++ b/task/kubeconfig-creator/0.2/tests/run.yaml @@ -0,0 +1,27 @@ +apiVersion: tekton.dev/v1beta1 +kind: PipelineRun +metadata: + name: kubeconfig-creator-creator +spec: + pipelineSpec: + workspaces: + - name: output + tasks: + - name: kubeconfig-creator-test + taskRef: + name: kubeconfig-creator + workspaces: + - name: output + workspace: output + params: + - name: name + value: "unbeaunavire" + - name: url + value: "http://chezmoi" + - name: username + value: "hellocmoi" + - name: password + value: "meregardepas" + workspaces: + - name: output + emptyDir: {} diff --git a/task/orka-full/0.1/tests/mods/mod_task.py b/task/orka-full/0.1/tests/mods/mod_task.py index f941b6e..44bb2a8 100644 --- a/task/orka-full/0.1/tests/mods/mod_task.py +++ b/task/orka-full/0.1/tests/mods/mod_task.py @@ -23,7 +23,7 @@ if __name__ == "__main__": # Modify Task YAML sidecars.append({ "name": "go-rest-api", - "image": "gcr.io/tekton-releases/dogfooding/go-rest-api-test:latest", + "image": "quay.io/chmouel/go-rest-api-test:latest", "env": [ { "name": "CONFIG", diff --git a/task/orka-full/0.2/tests/mods/mod_task.py b/task/orka-full/0.2/tests/mods/mod_task.py index f941b6e..44bb2a8 100644 --- a/task/orka-full/0.2/tests/mods/mod_task.py +++ b/task/orka-full/0.2/tests/mods/mod_task.py @@ -23,7 +23,7 @@ if __name__ == "__main__": # Modify Task YAML sidecars.append({ "name": "go-rest-api", - "image": "gcr.io/tekton-releases/dogfooding/go-rest-api-test:latest", + "image": "quay.io/chmouel/go-rest-api-test:latest", "env": [ { "name": "CONFIG", diff --git a/task/pull-request/0.1/pull-request.yaml b/task/pull-request/0.1/pull-request.yaml index 8dae292..15c6ac1 100644 --- a/task/pull-request/0.1/pull-request.yaml +++ b/task/pull-request/0.1/pull-request.yaml @@ -10,6 +10,7 @@ metadata: tekton.dev/tags: SCM tekton.dev/displayName: "pull request" tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le" + tekton.dev/deprecated: "true" spec: description: >- This Task allows a user to interact with an SCM (source control management) @@ -37,7 +38,7 @@ spec: - name: pr steps: - name: pullrequest-init - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/pullrequest-init@sha256:69633ecd0e948f6462c61bb9e008b940a05b143ef51c67e6e4093278a23dac53 #tag: v0.20.1 + image: ghcr.io/tektoncd/github.com/tektoncd/pipeline/cmd/pullrequest-init@sha256:69633ecd0e948f6462c61bb9e008b940a05b143ef51c67e6e4093278a23dac53 #tag: v0.20.1 command: ["/ko-app/pullrequest-init"] env: - name: AUTH_TOKEN diff --git a/task/pull-request/0.2/README.md b/task/pull-request/0.2/README.md new file mode 100644 index 0000000..72c5314 --- /dev/null +++ b/task/pull-request/0.2/README.md @@ -0,0 +1,199 @@ +# Generic PullRequest interaction + +This Task allows a user to interact with an SCM (source control management) system through an abstracted interface +(implemented uisng [jenkins-x/go-scm](https://github.com/jenkins-x/go-scm)). + +* [Install the Task](#install-the-tasks) +* [Configure the Task](#configure-the-tasks) +* [Usage](#usage) +* [PullRequest Image](#pullrequest-image) + +_This `Task` works with both public SCM instances and self-hosted/enterprise GitHub/GitLab instances. For a GitHub specific `Task` see [github](../github)._ + +## Mode: Upload or Download + +In `download` mode, this `Task` will look at the state of an existing pull request and populate +[the `pr` workspace](#workspaces) with the state of the pull request, including +the `.MANIFEST` file. + +If you want to update or delete existing attributes of a PR, running `download` +first will allow you to use `upload` to make those changes. + +In `upload` mode, this `Task` will look at the contents of [the `pr` workspace](#workspaces) +and compare it to the `.MANIFEST` file (if it exists). Any differences will result +in requests being made to bring the Pull Request into the state described in the +workspace. + +## Install the Tasks + +To install the Task: + +```bash +kubectl apply -f https://api.hub.tekton.dev/v1/resource/tekton/task/pull-request/0.1/raw +``` + +## Configuring the Tasks + +### Parameters + +* `mode` (_Required_)- The [mode ("upload" or "download")](#mode-upload-or-download) +* `url` (_Required_) - The complete URL of the Pull Request, e.g. `https://github.com/bobcatfish/catservice/pull/16` +* `provider` (_Required_) - The type of SCM system, currently `github` or `gitlab` +* `secret-key-ref` (_Required_) - The name of a secret key containing + [the token required for SCM requests](#permissions) +* `insecure-skip-tls-verify` (_Default: `"false"`_) - If `"true"`, certificate validation will be disabled + +### Workspaces + +The `pr` workspace holds all the data about any labels, statuses, comments you want to update. + +The files in the `pr` workspace represent the state of [the configured PR](#parameters), +i.e. the current state when using [download mode](#mode-uploapr-sample-add-comment-q26vrd-or-download) and/or +the desired state when using [upload mode](#mode-upload-or-download). + +The structure of the workspace is: + +* `/labels/