- Added config.json key to harbor-credentials ExternalSecret This ensures kaniko can find the Docker auth config at /kaniko/.docker/config.json (previously only .dockerconfigjson was present) - Created test-app-build PipelineRun manifest for validation testing - Successfully validated end-to-end pipeline: ✅ git-clone Task deployed and working ✅ kaniko-build Task deployed and working ✅ container-build Pipeline deployed and working ✅ Harbor authentication working with robot account ✅ Test image built and pushed: the-seas.local.mk-labs.cloud/library/test-app:v1.0.0 ✅ Image digest: sha256:aa143f4a01795a1d307b711108ca0c89f36e00ea38fddb9d7b2febd5fffc46d7 Pipeline test results: - PipelineRun: test-app-build-005 - SUCCEEDED - fetch-repository TaskRun - SUCCEEDED - build-and-push TaskRun - SUCCEEDED Tekton CI/CD platform is now operational and ready for production workloads.
202 lines
6.6 KiB
YAML
202 lines
6.6 KiB
YAML
apiVersion: tekton.dev/v1beta1
|
|
kind: Task
|
|
metadata:
|
|
name: git-clone
|
|
namespace: innoventions
|
|
labels:
|
|
app.kubernetes.io/version: "0.1"
|
|
annotations:
|
|
tekton.dev/pipelines.minVersion: "0.29.0"
|
|
tekton.dev/categories: Git
|
|
tekton.dev/tags: git
|
|
tekton.dev/displayName: "git clone"
|
|
tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64"
|
|
spec:
|
|
description: >-
|
|
Clone a git repository to the output workspace.
|
|
|
|
This Task can be used to initialize a workspace by cloning a git repo.
|
|
It supports public repos and HTTPS authentication via basic auth credentials.
|
|
|
|
workspaces:
|
|
- name: output
|
|
description: The git repo will be cloned onto the volume backing this Workspace.
|
|
|
|
params:
|
|
- name: url
|
|
description: Repository URL to clone from.
|
|
type: string
|
|
- name: revision
|
|
description: Revision to checkout. (branch, tag, sha, ref, etc...)
|
|
type: string
|
|
default: "main"
|
|
- name: refspec
|
|
description: Refspec to fetch before checking out revision.
|
|
default: ""
|
|
- name: submodules
|
|
description: Initialize and fetch git submodules.
|
|
type: string
|
|
default: "false"
|
|
- name: depth
|
|
description: Perform a shallow clone, fetching only the most recent N commits.
|
|
type: string
|
|
default: "1"
|
|
- name: sslVerify
|
|
description: Set the `http.sslVerify` global git config. Setting this to `false` is not advised unless you are sure that you trust your git remote.
|
|
type: string
|
|
default: "true"
|
|
- name: subdirectory
|
|
description: Subdirectory inside the `output` workspace to clone the repo into.
|
|
type: string
|
|
default: ""
|
|
- name: deleteExisting
|
|
description: Clean out the contents of the destination directory if it already exists before cloning.
|
|
type: string
|
|
default: "true"
|
|
- name: httpProxy
|
|
description: HTTP proxy server for non-SSL requests.
|
|
type: string
|
|
default: ""
|
|
- name: httpsProxy
|
|
description: HTTPS proxy server for SSL requests.
|
|
type: string
|
|
default: ""
|
|
- name: noProxy
|
|
description: Opt out of proxying HTTP/HTTPS requests.
|
|
type: string
|
|
default: ""
|
|
- name: verbose
|
|
description: Log the commands that are executed during `git-clone`'s operation.
|
|
type: string
|
|
default: "false"
|
|
- name: gitInitImage
|
|
description: The image providing the git-init binary that this Task runs.
|
|
type: string
|
|
default: "alpine/git:2.45.2"
|
|
- name: userHome
|
|
description: |
|
|
Absolute path to the user's home directory. Set this explicitly if you are running the image as a non-root user or have overridden
|
|
the gitInitImage param with an image containing custom user configuration.
|
|
type: string
|
|
default: "/tekton/home"
|
|
|
|
results:
|
|
- name: commit
|
|
description: The precise commit SHA that was fetched by this Task.
|
|
- name: url
|
|
description: The precise URL that was fetched by this Task.
|
|
|
|
steps:
|
|
- name: clone
|
|
image: "$(params.gitInitImage)"
|
|
env:
|
|
- name: HOME
|
|
value: "$(params.userHome)"
|
|
- name: PARAM_URL
|
|
value: $(params.url)
|
|
- name: PARAM_REVISION
|
|
value: $(params.revision)
|
|
- name: PARAM_REFSPEC
|
|
value: $(params.refspec)
|
|
- name: PARAM_SUBMODULES
|
|
value: $(params.submodules)
|
|
- name: PARAM_DEPTH
|
|
value: $(params.depth)
|
|
- name: PARAM_SSL_VERIFY
|
|
value: $(params.sslVerify)
|
|
- name: PARAM_SUBDIRECTORY
|
|
value: $(params.subdirectory)
|
|
- name: PARAM_DELETE_EXISTING
|
|
value: $(params.deleteExisting)
|
|
- name: PARAM_HTTP_PROXY
|
|
value: $(params.httpProxy)
|
|
- name: PARAM_HTTPS_PROXY
|
|
value: $(params.httpsProxy)
|
|
- name: PARAM_NO_PROXY
|
|
value: $(params.noProxy)
|
|
- name: PARAM_VERBOSE
|
|
value: $(params.verbose)
|
|
- name: PARAM_USER_HOME
|
|
value: $(params.userHome)
|
|
- name: WORKSPACE_OUTPUT_PATH
|
|
value: $(workspaces.output.path)
|
|
script: |
|
|
#!/usr/bin/env sh
|
|
set -eu
|
|
|
|
if [ "${PARAM_VERBOSE}" = "true" ] ; then
|
|
set -x
|
|
fi
|
|
|
|
if [ "${PARAM_DELETE_EXISTING}" = "true" ] ; then
|
|
cleandir() {
|
|
# Delete any existing contents of the repo directory if it exists.
|
|
#
|
|
# We don't just "rm -rf ${CHECKOUT_DIR}" because ${CHECKOUT_DIR} might be "/"
|
|
# or the root of a mounted volume.
|
|
if [ -d "${CHECKOUT_DIR}" ] ; then
|
|
# Delete non-hidden files and directories
|
|
rm -rf "${CHECKOUT_DIR:?}"/*
|
|
# Delete files and directories starting with . but excluding ..
|
|
rm -rf "${CHECKOUT_DIR}"/.[!.]*
|
|
# Delete files and directories starting with .. plus any other character
|
|
rm -rf "${CHECKOUT_DIR}"/..?*
|
|
fi
|
|
}
|
|
|
|
if [ "${PARAM_SUBDIRECTORY}" != "" ] ; then
|
|
CHECKOUT_DIR="${WORKSPACE_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}"
|
|
cleandir
|
|
else
|
|
CHECKOUT_DIR="${WORKSPACE_OUTPUT_PATH}"
|
|
cleandir
|
|
fi
|
|
fi
|
|
|
|
test -z "${PARAM_HTTP_PROXY}" || export HTTP_PROXY="${PARAM_HTTP_PROXY}"
|
|
test -z "${PARAM_HTTPS_PROXY}" || export HTTPS_PROXY="${PARAM_HTTPS_PROXY}"
|
|
test -z "${PARAM_NO_PROXY}" || export NO_PROXY="${PARAM_NO_PROXY}"
|
|
|
|
# Configure git
|
|
git config --global http.sslVerify "${PARAM_SSL_VERIFY}"
|
|
|
|
# Clone the repository
|
|
if [ "${PARAM_DEPTH}" != "0" ]; then
|
|
DEPTH_ARG="--depth=${PARAM_DEPTH}"
|
|
else
|
|
DEPTH_ARG=""
|
|
fi
|
|
|
|
if [ "${PARAM_SUBDIRECTORY}" != "" ] ; then
|
|
CHECKOUT_DIR="${WORKSPACE_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}"
|
|
else
|
|
CHECKOUT_DIR="${WORKSPACE_OUTPUT_PATH}"
|
|
fi
|
|
|
|
mkdir -p "${CHECKOUT_DIR}"
|
|
cd "${CHECKOUT_DIR}"
|
|
|
|
# Clone with optional depth
|
|
git clone ${DEPTH_ARG} --no-checkout "${PARAM_URL}" .
|
|
|
|
# Fetch refspec if provided
|
|
if [ -n "${PARAM_REFSPEC}" ]; then
|
|
git fetch origin "${PARAM_REFSPEC}"
|
|
fi
|
|
|
|
# Checkout the specified revision
|
|
git checkout "${PARAM_REVISION}"
|
|
|
|
# Update submodules if requested
|
|
if [ "${PARAM_SUBMODULES}" = "true" ] ; then
|
|
git submodule update --init --recursive ${DEPTH_ARG}
|
|
fi
|
|
|
|
RESULT_SHA="$(git rev-parse HEAD)"
|
|
EXIT_CODE="$?"
|
|
if [ "${EXIT_CODE}" != 0 ] ; then
|
|
exit "${EXIT_CODE}"
|
|
fi
|
|
printf "%s" "${RESULT_SHA}" > "$(results.commit.path)"
|
|
printf "%s" "${PARAM_URL}" > "$(results.url.path)"
|