From e0e2e1cd8d9fdaf5e6bd48869985dcd64033199f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= <nicolas.masse@itix.fr>
Date: Fri, 15 Mar 2024 15:17:19 +0100
Subject: [PATCH] wip

---
 README.md                            | 33 ++++++++++++
 tekton/pipeline-build-multiarch.yaml | 76 ++++++++++++++++++++++++++++
 tekton/pipelinerun.yaml              | 42 +++++++++++++++
 tekton/quay-authentication.yaml      |  7 +++
 tekton/serviceaccount-buildbot.yaml  |  6 +++
 tekton/task-podman-build.yaml        | 27 ++++++++++
 tekton/task-podman-push.yaml         | 22 ++++++++
 7 files changed, 213 insertions(+)
 create mode 100644 README.md
 create mode 100644 tekton/pipeline-build-multiarch.yaml
 create mode 100644 tekton/pipelinerun.yaml
 create mode 100644 tekton/quay-authentication.yaml
 create mode 100644 tekton/serviceaccount-buildbot.yaml
 create mode 100644 tekton/task-podman-build.yaml
 create mode 100644 tekton/task-podman-push.yaml

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..646d28e
--- /dev/null
+++ b/README.md
@@ -0,0 +1,33 @@
+# Multi-architecture Tekton Pipeline
+
+## Setup on AWS
+
+- [Install the AWS EFS CSI Driver Operator](https://docs.openshift.com/container-platform/4.15/storage/container_storage_interface/persistent-storage-csi-aws-efs.html#persistent-storage-csi-olm-operator-install_persistent-storage-csi-aws-efs)
+
+- Install the AWS EFS CSI Driver
+
+```yaml
+apiVersion: operator.openshift.io/v1
+kind: ClusterCSIDriver
+metadata:
+    name: efs.csi.aws.com
+spec:
+  managementState: Managed
+```
+
+- [Create an EFS volume](https://docs.aws.amazon.com/efs/latest/ug/gs-step-two-create-efs-resources.html)
+
+- Create the StorageClass
+
+```yaml
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: efs-csi
+provisioner: efs.csi.aws.com
+parameters:
+  provisioningMode: efs-ap
+  fileSystemId: fs-123456
+  directoryPerms: "700"
+  basePath: "/pv"
+```
diff --git a/tekton/pipeline-build-multiarch.yaml b/tekton/pipeline-build-multiarch.yaml
new file mode 100644
index 0000000..e90f7f7
--- /dev/null
+++ b/tekton/pipeline-build-multiarch.yaml
@@ -0,0 +1,76 @@
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+  name: build-multiarch
+spec:
+
+  workspaces:
+  - name: source-workspace
+  - name: container-storage
+
+  params:
+  - name: git-url
+    type: string
+  - name: docker-image-name
+    type: string
+  - name: manifest-name
+    type: string
+    default: "tekton"
+
+  tasks:
+
+  - name: clone-repo
+    taskRef:
+      kind: ClusterTask
+      name: git-clone
+    params:
+    - name: url
+      value: $(params.git-url)
+    - name: revision
+      value: "main"
+    workspaces:
+    - name: output
+      workspace: source-workspace
+  
+  - name: podman-build-amd64
+    runAfter: ["clone-repo"]
+    taskRef:
+      name: podman-build
+    params:
+    - name: manifest-name
+      value: $(params.manifest-name)
+    - name: arch
+      value: "amd64"
+    workspaces:
+    - name: source-workspace
+      workspace: source-workspace
+    - name: container-storage
+      workspace: container-storage
+  
+  - name: podman-build-arm64
+    runAfter: ["clone-repo"]
+    taskRef:
+      name: podman-build
+    params:
+    - name: manifest-name
+      value: $(params.manifest-name)
+    - name: arch
+      value: "arm64"
+    workspaces:
+    - name: source-workspace
+      workspace: source-workspace
+    - name: container-storage
+      workspace: container-storage
+
+  - name: push-image
+    runAfter: ["podman-build-amd64", "podman-build-arm64"]
+    taskRef:
+      name: buildah-push
+    params:
+    - name: image-name
+      value: $(params.docker-image-name)
+    - name: manifest-name
+      value: $(params.manifest-name)
+    workspaces:
+    - name: container-storage
+      workspace: container-storage
diff --git a/tekton/pipelinerun.yaml b/tekton/pipelinerun.yaml
new file mode 100644
index 0000000..14737c8
--- /dev/null
+++ b/tekton/pipelinerun.yaml
@@ -0,0 +1,42 @@
+apiVersion: tekton.dev/v1
+kind: PipelineRun
+metadata:
+  generateName: build-multiarch-
+spec:
+  pipelineRef:
+    name: build-multiarch
+  params:
+  - name: git-url
+    value: https://github.com/nmasse-itix/tekton-pipeline-multiarch.git
+  - name: docker-image-name
+    value: quay.io/nmasse_itix/htop-multiarch
+  workspaces:
+  - name: container-storage
+    volumeClaimTemplate:
+      spec:
+        storageClassName: efs-csi
+        accessModes:
+        - ReadWriteMany
+        resources:
+          requests:
+            storage: 10Gi
+  - name: source-workspace
+    volumeClaimTemplate:
+      spec:
+        storageClassName: efs-csi
+        accessModes:
+        - ReadWriteMany
+        resources:
+          requests:
+            storage: 1Gi
+  taskRunTemplate:
+    serviceAccountName: buildbot
+  taskRunSpecs:
+  - pipelineTaskName: podman-build-amd64
+    podTemplate:
+      nodeSelector:
+        beta.kubernetes.io/arch: amd64
+  - pipelineTaskName: podman-build-arm64
+    podTemplate:
+      nodeSelector:
+        beta.kubernetes.io/arch: arm64
diff --git a/tekton/quay-authentication.yaml b/tekton/quay-authentication.yaml
new file mode 100644
index 0000000..7b4833c
--- /dev/null
+++ b/tekton/quay-authentication.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: quay-authentication
+data:
+    .dockerconfigjson: REDACTED
+type: kubernetes.io/dockerconfigjson
diff --git a/tekton/serviceaccount-buildbot.yaml b/tekton/serviceaccount-buildbot.yaml
new file mode 100644
index 0000000..219cbdc
--- /dev/null
+++ b/tekton/serviceaccount-buildbot.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: buildbot
+imagePullSecrets:
+- name: quay-authentication
diff --git a/tekton/task-podman-build.yaml b/tekton/task-podman-build.yaml
new file mode 100644
index 0000000..82f351f
--- /dev/null
+++ b/tekton/task-podman-build.yaml
@@ -0,0 +1,27 @@
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: podman-build
+spec:
+  params:
+  - name: manifest-name
+    type: string
+  - name: context-dir
+    type: string
+    default: .
+  - name: arch
+    type: string
+  workspaces:
+  - name: source-workspace
+    description: Workspace containing source code
+  - name: container-storage
+    description: Persistent volume to store container images
+    mountPath: /var/lib/containers
+  steps:
+  - name: build
+    image: quay.io/podman/stable
+    script: |
+      #!/bin/bash
+      set -Eeuo pipefail
+      export STORAGE_DRIVER=vfs
+      podman build --no-cache --manifest $(params.manifest-name) $(workspaces.source-workspace.path)/$(params.context-dir)
diff --git a/tekton/task-podman-push.yaml b/tekton/task-podman-push.yaml
new file mode 100644
index 0000000..d956776
--- /dev/null
+++ b/tekton/task-podman-push.yaml
@@ -0,0 +1,22 @@
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: buildah-push
+spec:
+  params:
+  - name: image-name
+    type: string
+  - name: manifest-name
+    type: string
+  workspaces:
+  - name: container-storage
+    description: Persistent volume to store container images
+    mountPath: /var/lib/containers
+  steps:
+  - name: push
+    image: quay.io/podman/stable
+    script: |
+      #!/bin/bash
+      set -Eeuo pipefail
+      export STORAGE_DRIVER=vfs
+      buildah manifest push --all $(params.manifest-name) docker://$(params.image-name)