From e4c7ffe4e463838a656853ac9e755f1539ff6811 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= Date: Tue, 8 Apr 2025 15:13:11 +0200 Subject: [PATCH] fix things that broke with last release of openshift pipelines --- examples/htop/tekton/pipeline.yaml | 2 +- examples/htop/tekton/pipelinerun.yaml | 10 +- examples/nodejs/tekton/pipeline.yaml | 4 +- examples/nodejs/tekton/pipelinerun.yaml | 18 +- examples/quarkus/tekton/pipeline.yaml | 7 +- examples/quarkus/tekton/pipelinerun.yaml | 10 +- tekton/kustomization.yaml | 2 + tekton/task-git-clone.yaml | 242 +++++++++++++++++++++++ tekton/task-maven.yaml | 176 +++++++++++++++++ 9 files changed, 447 insertions(+), 24 deletions(-) create mode 100644 tekton/task-git-clone.yaml create mode 100644 tekton/task-maven.yaml diff --git a/examples/htop/tekton/pipeline.yaml b/examples/htop/tekton/pipeline.yaml index d075af9..3e8624d 100644 --- a/examples/htop/tekton/pipeline.yaml +++ b/examples/htop/tekton/pipeline.yaml @@ -25,7 +25,7 @@ spec: - name: clone-repo taskRef: - kind: ClusterTask + kind: Task name: git-clone params: - name: url diff --git a/examples/htop/tekton/pipelinerun.yaml b/examples/htop/tekton/pipelinerun.yaml index d3aca80..47bed08 100644 --- a/examples/htop/tekton/pipelinerun.yaml +++ b/examples/htop/tekton/pipelinerun.yaml @@ -9,7 +9,7 @@ spec: - name: git-url value: https://github.com/nmasse-itix/tekton-pipeline-multiarch.git - name: image-name - value: quay.io/nmasse_itix/htop-multiarch + value: quay.io/nmasse-redhat/htop-multiarch - name: context-dir value: examples/htop/src - name: containerfile-path @@ -39,11 +39,11 @@ spec: taskRunTemplate: serviceAccountName: buildbot taskRunSpecs: - - pipelineTaskName: build-x86-64 - podTemplate: - nodeSelector: - beta.kubernetes.io/arch: amd64 - pipelineTaskName: build-aarch64 podTemplate: nodeSelector: beta.kubernetes.io/arch: arm64 + tolerations: + - key: "emea-open-demo.redhat.com/arm64-architecture" + operator: "Exists" + effect: "NoSchedule" diff --git a/examples/nodejs/tekton/pipeline.yaml b/examples/nodejs/tekton/pipeline.yaml index 40ec5a8..bb377b3 100644 --- a/examples/nodejs/tekton/pipeline.yaml +++ b/examples/nodejs/tekton/pipeline.yaml @@ -25,7 +25,7 @@ spec: - name: clone-repo-x86-64 taskRef: - kind: ClusterTask + kind: Task name: git-clone params: - name: url @@ -39,7 +39,7 @@ spec: - name: clone-repo-aarch64 taskRef: - kind: ClusterTask + kind: Task name: git-clone params: - name: url diff --git a/examples/nodejs/tekton/pipelinerun.yaml b/examples/nodejs/tekton/pipelinerun.yaml index e52e9a3..c13e7ac 100644 --- a/examples/nodejs/tekton/pipelinerun.yaml +++ b/examples/nodejs/tekton/pipelinerun.yaml @@ -9,7 +9,7 @@ spec: - name: git-url value: https://github.com/nmasse-itix/tekton-pipeline-multiarch.git - name: image-name - value: quay.io/nmasse_itix/nodejs-hello-world-multiarch + value: quay.io/nmasse-redhat/nodejs-hello-world-multiarch - name: context-dir value: examples/nodejs/src - name: containerfile-path @@ -39,19 +39,19 @@ spec: taskRunTemplate: serviceAccountName: buildbot taskRunSpecs: - - pipelineTaskName: npm-install-x86-64 - podTemplate: - nodeSelector: - beta.kubernetes.io/arch: amd64 - pipelineTaskName: npm-install-aarch64 podTemplate: nodeSelector: beta.kubernetes.io/arch: arm64 - - pipelineTaskName: build-x86-64 - podTemplate: - nodeSelector: - beta.kubernetes.io/arch: amd64 + tolerations: + - key: "emea-open-demo.redhat.com/arm64-architecture" + operator: "Exists" + effect: "NoSchedule" - pipelineTaskName: build-aarch64 podTemplate: nodeSelector: beta.kubernetes.io/arch: arm64 + tolerations: + - key: "emea-open-demo.redhat.com/arm64-architecture" + operator: "Exists" + effect: "NoSchedule" diff --git a/examples/quarkus/tekton/pipeline.yaml b/examples/quarkus/tekton/pipeline.yaml index 7d59429..199bc0d 100644 --- a/examples/quarkus/tekton/pipeline.yaml +++ b/examples/quarkus/tekton/pipeline.yaml @@ -26,7 +26,7 @@ spec: - name: clone-repo taskRef: - kind: ClusterTask + kind: Task name: git-clone params: - name: url @@ -40,11 +40,14 @@ spec: - name: maven-package runAfter: ["clone-repo"] taskRef: - kind: ClusterTask + kind: Task name: maven params: - name: CONTEXT_DIR value: $(params.context-dir) + - name: GOALS + value: + - package workspaces: - name: source workspace: sources diff --git a/examples/quarkus/tekton/pipelinerun.yaml b/examples/quarkus/tekton/pipelinerun.yaml index d410209..b1ae5ba 100644 --- a/examples/quarkus/tekton/pipelinerun.yaml +++ b/examples/quarkus/tekton/pipelinerun.yaml @@ -9,7 +9,7 @@ spec: - name: git-url value: https://github.com/nmasse-itix/tekton-pipeline-multiarch.git - name: image-name - value: quay.io/nmasse_itix/quarkus-getting-started-multiarch + value: quay.io/nmasse-redhat/quarkus-getting-started-multiarch - name: context-dir value: examples/quarkus/src - name: containerfile-path @@ -41,11 +41,11 @@ spec: taskRunTemplate: serviceAccountName: buildbot taskRunSpecs: - - pipelineTaskName: build-x86-64 - podTemplate: - nodeSelector: - beta.kubernetes.io/arch: amd64 - pipelineTaskName: build-aarch64 podTemplate: nodeSelector: beta.kubernetes.io/arch: arm64 + tolerations: + - key: "emea-open-demo.redhat.com/arm64-architecture" + operator: "Exists" + effect: "NoSchedule" diff --git a/tekton/kustomization.yaml b/tekton/kustomization.yaml index 236c442..83782e9 100644 --- a/tekton/kustomization.yaml +++ b/tekton/kustomization.yaml @@ -3,3 +3,5 @@ resources: - task-buildah-build.yaml - task-buildah-push.yaml - task-npm-install.yaml +- task-git-clone.yaml +- task-maven.yaml diff --git a/tekton/task-git-clone.yaml b/tekton/task-git-clone.yaml new file mode 100644 index 0000000..8b81e2d --- /dev/null +++ b/tekton/task-git-clone.yaml @@ -0,0 +1,242 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: git-clone + labels: + app.kubernetes.io/version: "0.9" + annotations: + tekton.dev/pipelines.minVersion: "0.38.0" + tekton.dev/categories: Git + tekton.dev/tags: git + tekton.dev/displayName: "git clone" + tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" +spec: + description: >- + These Tasks are Git tasks to work with repositories used by other tasks + in your Pipeline. + + The git-clone Task will clone a repo from the provided url into the + output Workspace. By default the repo will be cloned into the root of + your Workspace. You can clone into a subdirectory by setting this Task's + subdirectory param. This Task also supports sparse checkouts. To perform + a sparse checkout, pass a list of comma separated directory patterns to + this Task's sparseCheckoutDirectories param. + workspaces: + - name: output + description: The git repo will be cloned onto the volume backing this Workspace. + - name: ssh-directory + optional: true + description: | + A .ssh directory with private key, known_hosts, config, etc. Copied to + the user's home before git commands are executed. Used to authenticate + with the git remote when performing the clone. Binding a Secret to this + Workspace is strongly recommended over other volume types. + - name: basic-auth + optional: true + description: | + A Workspace containing a .gitconfig and .git-credentials file. These + will be copied to the user's home before any git commands are run. Any + other files in this Workspace are ignored. It is strongly recommended + to use ssh-directory over basic-auth whenever possible and to bind a + Secret to this Workspace over other volume types. + - name: ssl-ca-directory + optional: true + description: | + A workspace containing CA certificates, this will be used by Git to + verify the peer with when fetching or pushing over HTTPS. + params: + - name: url + description: Repository URL to clone from. + type: string + - name: revision + description: Revision to checkout. (branch, tag, sha, ref, etc...) + type: string + default: "" + - name: refspec + description: Refspec to fetch before checking out revision. + default: "" + - name: submodules + description: Initialize and fetch git submodules. + type: string + default: "true" + - name: depth + description: Perform a shallow clone, fetching only the most recent N commits. + type: string + default: "1" + - name: sslVerify + description: Set the `http.sslVerify` global git config. Setting this to `false` is not advised unless you are sure that you trust your git remote. + type: string + default: "true" + - name: crtFileName + description: file name of mounted crt using ssl-ca-directory workspace. default value is ca-bundle.crt. + type: string + default: "ca-bundle.crt" + - name: subdirectory + description: Subdirectory inside the `output` Workspace to clone the repo into. + type: string + default: "" + - name: sparseCheckoutDirectories + description: Define the directory patterns to match or exclude when performing a sparse checkout. + type: string + default: "" + - name: deleteExisting + description: Clean out the contents of the destination directory if it already exists before cloning. + type: string + default: "true" + - name: httpProxy + description: HTTP proxy server for non-SSL requests. + type: string + default: "" + - name: httpsProxy + description: HTTPS proxy server for SSL requests. + type: string + default: "" + - name: noProxy + description: Opt out of proxying HTTP/HTTPS requests. + type: string + default: "" + - name: verbose + description: Log the commands that are executed during `git-clone`'s operation. + type: string + default: "true" + - name: gitInitImage + description: The image providing the git-init binary that this Task runs. + type: string + default: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.40.2" + - name: userHome + description: | + Absolute path to the user's home directory. + type: string + default: "/home/git" + results: + - name: commit + description: The precise commit SHA that was fetched by this Task. + - name: url + description: The precise URL that was fetched by this Task. + - name: committer-date + description: The epoch timestamp of the commit that was fetched by this Task. + steps: + - name: clone + image: "$(params.gitInitImage)" + env: + - name: HOME + value: "$(params.userHome)" + - name: PARAM_URL + value: $(params.url) + - name: PARAM_REVISION + value: $(params.revision) + - name: PARAM_REFSPEC + value: $(params.refspec) + - name: PARAM_SUBMODULES + value: $(params.submodules) + - name: PARAM_DEPTH + value: $(params.depth) + - name: PARAM_SSL_VERIFY + value: $(params.sslVerify) + - name: PARAM_CRT_FILENAME + value: $(params.crtFileName) + - name: PARAM_SUBDIRECTORY + value: $(params.subdirectory) + - name: PARAM_DELETE_EXISTING + value: $(params.deleteExisting) + - name: PARAM_HTTP_PROXY + value: $(params.httpProxy) + - name: PARAM_HTTPS_PROXY + value: $(params.httpsProxy) + - name: PARAM_NO_PROXY + value: $(params.noProxy) + - name: PARAM_VERBOSE + value: $(params.verbose) + - name: PARAM_SPARSE_CHECKOUT_DIRECTORIES + value: $(params.sparseCheckoutDirectories) + - name: PARAM_USER_HOME + value: $(params.userHome) + - name: WORKSPACE_OUTPUT_PATH + value: $(workspaces.output.path) + - name: WORKSPACE_SSH_DIRECTORY_BOUND + value: $(workspaces.ssh-directory.bound) + - name: WORKSPACE_SSH_DIRECTORY_PATH + value: $(workspaces.ssh-directory.path) + - name: WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND + value: $(workspaces.basic-auth.bound) + - name: WORKSPACE_BASIC_AUTH_DIRECTORY_PATH + value: $(workspaces.basic-auth.path) + - name: WORKSPACE_SSL_CA_DIRECTORY_BOUND + value: $(workspaces.ssl-ca-directory.bound) + - name: WORKSPACE_SSL_CA_DIRECTORY_PATH + value: $(workspaces.ssl-ca-directory.path) + securityContext: + runAsNonRoot: false + runAsUser: 0 + script: | + #!/usr/bin/env sh + set -eu + + if [ "${PARAM_VERBOSE}" = "true" ] ; then + set -x + fi + + if [ "${WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND}" = "true" ] ; then + cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials" "${PARAM_USER_HOME}/.git-credentials" + cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig" "${PARAM_USER_HOME}/.gitconfig" + chmod 400 "${PARAM_USER_HOME}/.git-credentials" + chmod 400 "${PARAM_USER_HOME}/.gitconfig" + fi + + if [ "${WORKSPACE_SSH_DIRECTORY_BOUND}" = "true" ] ; then + cp -R "${WORKSPACE_SSH_DIRECTORY_PATH}" "${PARAM_USER_HOME}"/.ssh + chmod 700 "${PARAM_USER_HOME}"/.ssh + chmod -R 400 "${PARAM_USER_HOME}"/.ssh/* + fi + + if [ "${WORKSPACE_SSL_CA_DIRECTORY_BOUND}" = "true" ] ; then + export GIT_SSL_CAPATH="${WORKSPACE_SSL_CA_DIRECTORY_PATH}" + if [ "${PARAM_CRT_FILENAME}" != "" ] ; then + export GIT_SSL_CAINFO="${WORKSPACE_SSL_CA_DIRECTORY_PATH}/${PARAM_CRT_FILENAME}" + fi + fi + CHECKOUT_DIR="${WORKSPACE_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}" + + cleandir() { + # Delete any existing contents of the repo directory if it exists. + # + # We don't just "rm -rf ${CHECKOUT_DIR}" because ${CHECKOUT_DIR} might be "/" + # or the root of a mounted volume. + if [ -d "${CHECKOUT_DIR}" ] ; then + # Delete non-hidden files and directories + rm -rf "${CHECKOUT_DIR:?}"/* + # Delete files and directories starting with . but excluding .. + rm -rf "${CHECKOUT_DIR}"/.[!.]* + # Delete files and directories starting with .. plus any other character + rm -rf "${CHECKOUT_DIR}"/..?* + fi + } + + if [ "${PARAM_DELETE_EXISTING}" = "true" ] ; then + cleandir || true + fi + + test -z "${PARAM_HTTP_PROXY}" || export HTTP_PROXY="${PARAM_HTTP_PROXY}" + test -z "${PARAM_HTTPS_PROXY}" || export HTTPS_PROXY="${PARAM_HTTPS_PROXY}" + test -z "${PARAM_NO_PROXY}" || export NO_PROXY="${PARAM_NO_PROXY}" + + git config --global --add safe.directory "${WORKSPACE_OUTPUT_PATH}" + /ko-app/git-init \ + -url="${PARAM_URL}" \ + -revision="${PARAM_REVISION}" \ + -refspec="${PARAM_REFSPEC}" \ + -path="${CHECKOUT_DIR}" \ + -sslVerify="${PARAM_SSL_VERIFY}" \ + -submodules="${PARAM_SUBMODULES}" \ + -depth="${PARAM_DEPTH}" \ + -sparseCheckoutDirectories="${PARAM_SPARSE_CHECKOUT_DIRECTORIES}" + cd "${CHECKOUT_DIR}" + RESULT_SHA="$(git rev-parse HEAD)" + EXIT_CODE="$?" + if [ "${EXIT_CODE}" != 0 ] ; then + exit "${EXIT_CODE}" + fi + RESULT_COMMITTER_DATE="$(git log -1 --pretty=%ct)" + printf "%s" "${RESULT_COMMITTER_DATE}" > "$(results.committer-date.path)" + printf "%s" "${RESULT_SHA}" > "$(results.commit.path)" + printf "%s" "${PARAM_URL}" > "$(results.url.path)" diff --git a/tekton/task-maven.yaml b/tekton/task-maven.yaml new file mode 100644 index 0000000..2fd5e72 --- /dev/null +++ b/tekton/task-maven.yaml @@ -0,0 +1,176 @@ +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: maven + labels: + app.kubernetes.io/version: "0.4" + annotations: + tekton.dev/pipelines.minVersion: "0.50.0" + tekton.dev/categories: Build Tools + tekton.dev/tags: build-tool + tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le" +spec: + description: >- + This Task can be used to run a Maven build. It uses a workspace to store m2 local repo. + + workspaces: + - name: source + description: The workspace consisting of maven project. + - name: maven-settings + description: >- + The workspace consisting of the custom maven settings + provided by the user. + - name: maven-local-repo + description: Local repo (m2) workspace + optional: true + params: + - name: MAVEN_IMAGE + type: string + description: Maven base image + default: docker.io/library/maven:3.9-eclipse-temurin-17-alpine + - name: GOALS + description: maven goals to run + type: array + default: + - "package" + - name: MAVEN_MIRROR_URL + description: The Maven repository mirror url + type: string + default: "" + - name: SERVER_USER + description: The username for the server + type: string + default: "" + - name: SERVER_PASSWORD + description: The password for the server + type: string + default: "" + - name: PROXY_USER + description: The username for the proxy server + type: string + default: "" + - name: PROXY_PASSWORD + description: The password for the proxy server + type: string + default: "" + - name: PROXY_PORT + description: Port number for the proxy server + type: string + default: "" + - name: PROXY_HOST + description: Proxy server Host + type: string + default: "" + - name: PROXY_NON_PROXY_HOSTS + description: Non proxy server host + type: string + default: "" + - name: PROXY_PROTOCOL + description: Protocol for the proxy ie http or https + type: string + default: "http" + - name: CONTEXT_DIR + type: string + description: >- + The context directory within the repository for sources on + which we want to execute maven goals. + default: "." + results: + - description: Maven project group id + name: group-id + type: string + - description: Maven project artifact id + name: artifact-id + type: string + - description: version + name: version + type: string + steps: + - name: mvn-settings + image: registry.access.redhat.com/ubi8/ubi-minimal:8.2 + securityContext: + runAsNonRoot: false + runAsUser: 0 + script: | + #!/usr/bin/env bash + + [[ -f $(workspaces.maven-settings.path)/settings.xml ]] && \ + echo "using existing $(workspaces.maven-settings.path)/settings.xml" && exit 0 + + cat > "$(workspaces.maven-settings.path)/settings.xml" < + + + + + + + + + + + + + + EOF + + xml="" + if [ -n "$(params.PROXY_HOST)" ] && [ -n "$(params.PROXY_PORT)" ]; then + xml="\ + genproxy\ + true\ + $(params.PROXY_PROTOCOL)\ + $(params.PROXY_HOST)\ + $(params.PROXY_PORT)" + if [ -n "$(params.PROXY_USER)" ] && [ -n "$(params.PROXY_PASSWORD)" ]; then + xml="$xml\ + $(params.PROXY_USER)\ + $(params.PROXY_PASSWORD)" + fi + if [ -n "$(params.PROXY_NON_PROXY_HOSTS)" ]; then + xml="$xml\ + $(params.PROXY_NON_PROXY_HOSTS)" + fi + xml="$xml\ + " + sed -i "s||$xml|" "$(workspaces.maven-settings.path)/settings.xml" + fi + + if [ -n "$(params.SERVER_USER)" ] && [ -n "$(params.SERVER_PASSWORD)" ]; then + xml="\ + serverid" + xml="$xml\ + $(params.SERVER_USER)\ + $(params.SERVER_PASSWORD)" + xml="$xml\ + " + sed -i "s||$xml|" "$(workspaces.maven-settings.path)/settings.xml" + fi + + if [ -n "$(params.MAVEN_MIRROR_URL)" ]; then + xml=" \ + mirror.default\ + $(params.MAVEN_MIRROR_URL)\ + central\ + " + sed -i "s||$xml|" "$(workspaces.maven-settings.path)/settings.xml" + fi + + - name: mvn-goals + image: $(params.MAVEN_IMAGE) + workingDir: $(workspaces.source.path)/$(params.CONTEXT_DIR) + args: ["$(params.GOALS[*])"] + securityContext: + runAsNonRoot: false + runAsUser: 0 + script: | + #!/usr/bin/env bash + + /usr/bin/mvn -s $(workspaces.maven-settings.path)/settings.xml "$@" '-Dmaven.repo.local=$(workspaces.maven-local-repo.path)/.m2' + + GROUPID=$(/usr/bin/mvn -s $(workspaces.maven-settings.path)/settings.xml '-Dmaven.repo.local=$(workspaces.maven-local-repo.path)/.m2' -q -Dexec.executable=echo -Dexec.args='${project.groupId}' --non-recursive exec:exec) + echo -n $GROUPID | tee $(results.group-id.path) + ARTIFACTID=$(/usr/bin/mvn -s $(workspaces.maven-settings.path)/settings.xml '-Dmaven.repo.local=$(workspaces.maven-local-repo.path)/.m2' -q -Dexec.executable=echo -Dexec.args='${project.artifactId}' --non-recursive exec:exec) + echo -n $ARTIFACTID | tee $(results.artifact-id.path) + VERSION=$(/usr/bin/mvn -s $(workspaces.maven-settings.path)/settings.xml '-Dmaven.repo.local=$(workspaces.maven-local-repo.path)/.m2' -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec) + echo -n $VERSION | tee $(results.version.path)