Files
homelab/cluster/tekton/tasks/git-clone.yaml
Hermes Agent service account f8e137b67b Tekton Phase 2 Day 3: Complete Harbor authentication and test build
- Added config.json key to harbor-credentials ExternalSecret
  This ensures kaniko can find the Docker auth config at /kaniko/.docker/config.json
  (previously only .dockerconfigjson was present)

- Created test-app-build PipelineRun manifest for validation testing

- Successfully validated end-to-end pipeline:
   git-clone Task deployed and working
   kaniko-build Task deployed and working
   container-build Pipeline deployed and working
   Harbor authentication working with robot account
   Test image built and pushed: the-seas.local.mk-labs.cloud/library/test-app:v1.0.0
   Image digest: sha256:aa143f4a01795a1d307b711108ca0c89f36e00ea38fddb9d7b2febd5fffc46d7

Pipeline test results:
- PipelineRun: test-app-build-005 - SUCCEEDED
- fetch-repository TaskRun - SUCCEEDED
- build-and-push TaskRun - SUCCEEDED

Tekton CI/CD platform is now operational and ready for production workloads.
2026-06-06 16:13:31 -05:00

202 lines
6.6 KiB
YAML

apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: git-clone
namespace: innoventions
labels:
app.kubernetes.io/version: "0.1"
annotations:
tekton.dev/pipelines.minVersion: "0.29.0"
tekton.dev/categories: Git
tekton.dev/tags: git
tekton.dev/displayName: "git clone"
tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64"
spec:
description: >-
Clone a git repository to the output workspace.
This Task can be used to initialize a workspace by cloning a git repo.
It supports public repos and HTTPS authentication via basic auth credentials.
workspaces:
- name: output
description: The git repo will be cloned onto the volume backing this Workspace.
params:
- name: url
description: Repository URL to clone from.
type: string
- name: revision
description: Revision to checkout. (branch, tag, sha, ref, etc...)
type: string
default: "main"
- name: refspec
description: Refspec to fetch before checking out revision.
default: ""
- name: submodules
description: Initialize and fetch git submodules.
type: string
default: "false"
- name: depth
description: Perform a shallow clone, fetching only the most recent N commits.
type: string
default: "1"
- name: sslVerify
description: Set the `http.sslVerify` global git config. Setting this to `false` is not advised unless you are sure that you trust your git remote.
type: string
default: "true"
- name: subdirectory
description: Subdirectory inside the `output` workspace to clone the repo into.
type: string
default: ""
- name: deleteExisting
description: Clean out the contents of the destination directory if it already exists before cloning.
type: string
default: "true"
- name: httpProxy
description: HTTP proxy server for non-SSL requests.
type: string
default: ""
- name: httpsProxy
description: HTTPS proxy server for SSL requests.
type: string
default: ""
- name: noProxy
description: Opt out of proxying HTTP/HTTPS requests.
type: string
default: ""
- name: verbose
description: Log the commands that are executed during `git-clone`'s operation.
type: string
default: "false"
- name: gitInitImage
description: The image providing the git-init binary that this Task runs.
type: string
default: "alpine/git:2.45.2"
- name: userHome
description: |
Absolute path to the user's home directory. Set this explicitly if you are running the image as a non-root user or have overridden
the gitInitImage param with an image containing custom user configuration.
type: string
default: "/tekton/home"
results:
- name: commit
description: The precise commit SHA that was fetched by this Task.
- name: url
description: The precise URL that was fetched by this Task.
steps:
- name: clone
image: "$(params.gitInitImage)"
env:
- name: HOME
value: "$(params.userHome)"
- name: PARAM_URL
value: $(params.url)
- name: PARAM_REVISION
value: $(params.revision)
- name: PARAM_REFSPEC
value: $(params.refspec)
- name: PARAM_SUBMODULES
value: $(params.submodules)
- name: PARAM_DEPTH
value: $(params.depth)
- name: PARAM_SSL_VERIFY
value: $(params.sslVerify)
- name: PARAM_SUBDIRECTORY
value: $(params.subdirectory)
- name: PARAM_DELETE_EXISTING
value: $(params.deleteExisting)
- name: PARAM_HTTP_PROXY
value: $(params.httpProxy)
- name: PARAM_HTTPS_PROXY
value: $(params.httpsProxy)
- name: PARAM_NO_PROXY
value: $(params.noProxy)
- name: PARAM_VERBOSE
value: $(params.verbose)
- name: PARAM_USER_HOME
value: $(params.userHome)
- name: WORKSPACE_OUTPUT_PATH
value: $(workspaces.output.path)
script: |
#!/usr/bin/env sh
set -eu
if [ "${PARAM_VERBOSE}" = "true" ] ; then
set -x
fi
if [ "${PARAM_DELETE_EXISTING}" = "true" ] ; then
cleandir() {
# Delete any existing contents of the repo directory if it exists.
#
# We don't just "rm -rf ${CHECKOUT_DIR}" because ${CHECKOUT_DIR} might be "/"
# or the root of a mounted volume.
if [ -d "${CHECKOUT_DIR}" ] ; then
# Delete non-hidden files and directories
rm -rf "${CHECKOUT_DIR:?}"/*
# Delete files and directories starting with . but excluding ..
rm -rf "${CHECKOUT_DIR}"/.[!.]*
# Delete files and directories starting with .. plus any other character
rm -rf "${CHECKOUT_DIR}"/..?*
fi
}
if [ "${PARAM_SUBDIRECTORY}" != "" ] ; then
CHECKOUT_DIR="${WORKSPACE_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}"
cleandir
else
CHECKOUT_DIR="${WORKSPACE_OUTPUT_PATH}"
cleandir
fi
fi
test -z "${PARAM_HTTP_PROXY}" || export HTTP_PROXY="${PARAM_HTTP_PROXY}"
test -z "${PARAM_HTTPS_PROXY}" || export HTTPS_PROXY="${PARAM_HTTPS_PROXY}"
test -z "${PARAM_NO_PROXY}" || export NO_PROXY="${PARAM_NO_PROXY}"
# Configure git
git config --global http.sslVerify "${PARAM_SSL_VERIFY}"
# Clone the repository
if [ "${PARAM_DEPTH}" != "0" ]; then
DEPTH_ARG="--depth=${PARAM_DEPTH}"
else
DEPTH_ARG=""
fi
if [ "${PARAM_SUBDIRECTORY}" != "" ] ; then
CHECKOUT_DIR="${WORKSPACE_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}"
else
CHECKOUT_DIR="${WORKSPACE_OUTPUT_PATH}"
fi
mkdir -p "${CHECKOUT_DIR}"
cd "${CHECKOUT_DIR}"
# Clone with optional depth
git clone ${DEPTH_ARG} --no-checkout "${PARAM_URL}" .
# Fetch refspec if provided
if [ -n "${PARAM_REFSPEC}" ]; then
git fetch origin "${PARAM_REFSPEC}"
fi
# Checkout the specified revision
git checkout "${PARAM_REVISION}"
# Update submodules if requested
if [ "${PARAM_SUBMODULES}" = "true" ] ; then
git submodule update --init --recursive ${DEPTH_ARG}
fi
RESULT_SHA="$(git rev-parse HEAD)"
EXIT_CODE="$?"
if [ "${EXIT_CODE}" != 0 ] ; then
exit "${EXIT_CODE}"
fi
printf "%s" "${RESULT_SHA}" > "$(results.commit.path)"
printf "%s" "${PARAM_URL}" > "$(results.url.path)"