9 changed files with 447 additions and 24 deletions
@ -0,0 +1,242 @@ |
|||||
|
apiVersion: tekton.dev/v1beta1 |
||||
|
kind: Task |
||||
|
metadata: |
||||
|
name: git-clone |
||||
|
labels: |
||||
|
app.kubernetes.io/version: "0.9" |
||||
|
annotations: |
||||
|
tekton.dev/pipelines.minVersion: "0.38.0" |
||||
|
tekton.dev/categories: Git |
||||
|
tekton.dev/tags: git |
||||
|
tekton.dev/displayName: "git clone" |
||||
|
tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" |
||||
|
spec: |
||||
|
description: >- |
||||
|
These Tasks are Git tasks to work with repositories used by other tasks |
||||
|
in your Pipeline. |
||||
|
|
||||
|
The git-clone Task will clone a repo from the provided url into the |
||||
|
output Workspace. By default the repo will be cloned into the root of |
||||
|
your Workspace. You can clone into a subdirectory by setting this Task's |
||||
|
subdirectory param. This Task also supports sparse checkouts. To perform |
||||
|
a sparse checkout, pass a list of comma separated directory patterns to |
||||
|
this Task's sparseCheckoutDirectories param. |
||||
|
workspaces: |
||||
|
- name: output |
||||
|
description: The git repo will be cloned onto the volume backing this Workspace. |
||||
|
- name: ssh-directory |
||||
|
optional: true |
||||
|
description: | |
||||
|
A .ssh directory with private key, known_hosts, config, etc. Copied to |
||||
|
the user's home before git commands are executed. Used to authenticate |
||||
|
with the git remote when performing the clone. Binding a Secret to this |
||||
|
Workspace is strongly recommended over other volume types. |
||||
|
- name: basic-auth |
||||
|
optional: true |
||||
|
description: | |
||||
|
A Workspace containing a .gitconfig and .git-credentials file. These |
||||
|
will be copied to the user's home before any git commands are run. Any |
||||
|
other files in this Workspace are ignored. It is strongly recommended |
||||
|
to use ssh-directory over basic-auth whenever possible and to bind a |
||||
|
Secret to this Workspace over other volume types. |
||||
|
- name: ssl-ca-directory |
||||
|
optional: true |
||||
|
description: | |
||||
|
A workspace containing CA certificates, this will be used by Git to |
||||
|
verify the peer with when fetching or pushing over HTTPS. |
||||
|
params: |
||||
|
- name: url |
||||
|
description: Repository URL to clone from. |
||||
|
type: string |
||||
|
- name: revision |
||||
|
description: Revision to checkout. (branch, tag, sha, ref, etc...) |
||||
|
type: string |
||||
|
default: "" |
||||
|
- name: refspec |
||||
|
description: Refspec to fetch before checking out revision. |
||||
|
default: "" |
||||
|
- name: submodules |
||||
|
description: Initialize and fetch git submodules. |
||||
|
type: string |
||||
|
default: "true" |
||||
|
- name: depth |
||||
|
description: Perform a shallow clone, fetching only the most recent N commits. |
||||
|
type: string |
||||
|
default: "1" |
||||
|
- name: sslVerify |
||||
|
description: Set the `http.sslVerify` global git config. Setting this to `false` is not advised unless you are sure that you trust your git remote. |
||||
|
type: string |
||||
|
default: "true" |
||||
|
- name: crtFileName |
||||
|
description: file name of mounted crt using ssl-ca-directory workspace. default value is ca-bundle.crt. |
||||
|
type: string |
||||
|
default: "ca-bundle.crt" |
||||
|
- name: subdirectory |
||||
|
description: Subdirectory inside the `output` Workspace to clone the repo into. |
||||
|
type: string |
||||
|
default: "" |
||||
|
- name: sparseCheckoutDirectories |
||||
|
description: Define the directory patterns to match or exclude when performing a sparse checkout. |
||||
|
type: string |
||||
|
default: "" |
||||
|
- name: deleteExisting |
||||
|
description: Clean out the contents of the destination directory if it already exists before cloning. |
||||
|
type: string |
||||
|
default: "true" |
||||
|
- name: httpProxy |
||||
|
description: HTTP proxy server for non-SSL requests. |
||||
|
type: string |
||||
|
default: "" |
||||
|
- name: httpsProxy |
||||
|
description: HTTPS proxy server for SSL requests. |
||||
|
type: string |
||||
|
default: "" |
||||
|
- name: noProxy |
||||
|
description: Opt out of proxying HTTP/HTTPS requests. |
||||
|
type: string |
||||
|
default: "" |
||||
|
- name: verbose |
||||
|
description: Log the commands that are executed during `git-clone`'s operation. |
||||
|
type: string |
||||
|
default: "true" |
||||
|
- name: gitInitImage |
||||
|
description: The image providing the git-init binary that this Task runs. |
||||
|
type: string |
||||
|
default: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.40.2" |
||||
|
- name: userHome |
||||
|
description: | |
||||
|
Absolute path to the user's home directory. |
||||
|
type: string |
||||
|
default: "/home/git" |
||||
|
results: |
||||
|
- name: commit |
||||
|
description: The precise commit SHA that was fetched by this Task. |
||||
|
- name: url |
||||
|
description: The precise URL that was fetched by this Task. |
||||
|
- name: committer-date |
||||
|
description: The epoch timestamp of the commit that was fetched by this Task. |
||||
|
steps: |
||||
|
- name: clone |
||||
|
image: "$(params.gitInitImage)" |
||||
|
env: |
||||
|
- name: HOME |
||||
|
value: "$(params.userHome)" |
||||
|
- name: PARAM_URL |
||||
|
value: $(params.url) |
||||
|
- name: PARAM_REVISION |
||||
|
value: $(params.revision) |
||||
|
- name: PARAM_REFSPEC |
||||
|
value: $(params.refspec) |
||||
|
- name: PARAM_SUBMODULES |
||||
|
value: $(params.submodules) |
||||
|
- name: PARAM_DEPTH |
||||
|
value: $(params.depth) |
||||
|
- name: PARAM_SSL_VERIFY |
||||
|
value: $(params.sslVerify) |
||||
|
- name: PARAM_CRT_FILENAME |
||||
|
value: $(params.crtFileName) |
||||
|
- name: PARAM_SUBDIRECTORY |
||||
|
value: $(params.subdirectory) |
||||
|
- name: PARAM_DELETE_EXISTING |
||||
|
value: $(params.deleteExisting) |
||||
|
- name: PARAM_HTTP_PROXY |
||||
|
value: $(params.httpProxy) |
||||
|
- name: PARAM_HTTPS_PROXY |
||||
|
value: $(params.httpsProxy) |
||||
|
- name: PARAM_NO_PROXY |
||||
|
value: $(params.noProxy) |
||||
|
- name: PARAM_VERBOSE |
||||
|
value: $(params.verbose) |
||||
|
- name: PARAM_SPARSE_CHECKOUT_DIRECTORIES |
||||
|
value: $(params.sparseCheckoutDirectories) |
||||
|
- name: PARAM_USER_HOME |
||||
|
value: $(params.userHome) |
||||
|
- name: WORKSPACE_OUTPUT_PATH |
||||
|
value: $(workspaces.output.path) |
||||
|
- name: WORKSPACE_SSH_DIRECTORY_BOUND |
||||
|
value: $(workspaces.ssh-directory.bound) |
||||
|
- name: WORKSPACE_SSH_DIRECTORY_PATH |
||||
|
value: $(workspaces.ssh-directory.path) |
||||
|
- name: WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND |
||||
|
value: $(workspaces.basic-auth.bound) |
||||
|
- name: WORKSPACE_BASIC_AUTH_DIRECTORY_PATH |
||||
|
value: $(workspaces.basic-auth.path) |
||||
|
- name: WORKSPACE_SSL_CA_DIRECTORY_BOUND |
||||
|
value: $(workspaces.ssl-ca-directory.bound) |
||||
|
- name: WORKSPACE_SSL_CA_DIRECTORY_PATH |
||||
|
value: $(workspaces.ssl-ca-directory.path) |
||||
|
securityContext: |
||||
|
runAsNonRoot: false |
||||
|
runAsUser: 0 |
||||
|
script: | |
||||
|
#!/usr/bin/env sh |
||||
|
set -eu |
||||
|
|
||||
|
if [ "${PARAM_VERBOSE}" = "true" ] ; then |
||||
|
set -x |
||||
|
fi |
||||
|
|
||||
|
if [ "${WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND}" = "true" ] ; then |
||||
|
cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials" "${PARAM_USER_HOME}/.git-credentials" |
||||
|
cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig" "${PARAM_USER_HOME}/.gitconfig" |
||||
|
chmod 400 "${PARAM_USER_HOME}/.git-credentials" |
||||
|
chmod 400 "${PARAM_USER_HOME}/.gitconfig" |
||||
|
fi |
||||
|
|
||||
|
if [ "${WORKSPACE_SSH_DIRECTORY_BOUND}" = "true" ] ; then |
||||
|
cp -R "${WORKSPACE_SSH_DIRECTORY_PATH}" "${PARAM_USER_HOME}"/.ssh |
||||
|
chmod 700 "${PARAM_USER_HOME}"/.ssh |
||||
|
chmod -R 400 "${PARAM_USER_HOME}"/.ssh/* |
||||
|
fi |
||||
|
|
||||
|
if [ "${WORKSPACE_SSL_CA_DIRECTORY_BOUND}" = "true" ] ; then |
||||
|
export GIT_SSL_CAPATH="${WORKSPACE_SSL_CA_DIRECTORY_PATH}" |
||||
|
if [ "${PARAM_CRT_FILENAME}" != "" ] ; then |
||||
|
export GIT_SSL_CAINFO="${WORKSPACE_SSL_CA_DIRECTORY_PATH}/${PARAM_CRT_FILENAME}" |
||||
|
fi |
||||
|
fi |
||||
|
CHECKOUT_DIR="${WORKSPACE_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}" |
||||
|
|
||||
|
cleandir() { |
||||
|
# Delete any existing contents of the repo directory if it exists. |
||||
|
# |
||||
|
# We don't just "rm -rf ${CHECKOUT_DIR}" because ${CHECKOUT_DIR} might be "/" |
||||
|
# or the root of a mounted volume. |
||||
|
if [ -d "${CHECKOUT_DIR}" ] ; then |
||||
|
# Delete non-hidden files and directories |
||||
|
rm -rf "${CHECKOUT_DIR:?}"/* |
||||
|
# Delete files and directories starting with . but excluding .. |
||||
|
rm -rf "${CHECKOUT_DIR}"/.[!.]* |
||||
|
# Delete files and directories starting with .. plus any other character |
||||
|
rm -rf "${CHECKOUT_DIR}"/..?* |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
if [ "${PARAM_DELETE_EXISTING}" = "true" ] ; then |
||||
|
cleandir || true |
||||
|
fi |
||||
|
|
||||
|
test -z "${PARAM_HTTP_PROXY}" || export HTTP_PROXY="${PARAM_HTTP_PROXY}" |
||||
|
test -z "${PARAM_HTTPS_PROXY}" || export HTTPS_PROXY="${PARAM_HTTPS_PROXY}" |
||||
|
test -z "${PARAM_NO_PROXY}" || export NO_PROXY="${PARAM_NO_PROXY}" |
||||
|
|
||||
|
git config --global --add safe.directory "${WORKSPACE_OUTPUT_PATH}" |
||||
|
/ko-app/git-init \ |
||||
|
-url="${PARAM_URL}" \ |
||||
|
-revision="${PARAM_REVISION}" \ |
||||
|
-refspec="${PARAM_REFSPEC}" \ |
||||
|
-path="${CHECKOUT_DIR}" \ |
||||
|
-sslVerify="${PARAM_SSL_VERIFY}" \ |
||||
|
-submodules="${PARAM_SUBMODULES}" \ |
||||
|
-depth="${PARAM_DEPTH}" \ |
||||
|
-sparseCheckoutDirectories="${PARAM_SPARSE_CHECKOUT_DIRECTORIES}" |
||||
|
cd "${CHECKOUT_DIR}" |
||||
|
RESULT_SHA="$(git rev-parse HEAD)" |
||||
|
EXIT_CODE="$?" |
||||
|
if [ "${EXIT_CODE}" != 0 ] ; then |
||||
|
exit "${EXIT_CODE}" |
||||
|
fi |
||||
|
RESULT_COMMITTER_DATE="$(git log -1 --pretty=%ct)" |
||||
|
printf "%s" "${RESULT_COMMITTER_DATE}" > "$(results.committer-date.path)" |
||||
|
printf "%s" "${RESULT_SHA}" > "$(results.commit.path)" |
||||
|
printf "%s" "${PARAM_URL}" > "$(results.url.path)" |
||||
@ -0,0 +1,176 @@ |
|||||
|
apiVersion: tekton.dev/v1 |
||||
|
kind: Task |
||||
|
metadata: |
||||
|
name: maven |
||||
|
labels: |
||||
|
app.kubernetes.io/version: "0.4" |
||||
|
annotations: |
||||
|
tekton.dev/pipelines.minVersion: "0.50.0" |
||||
|
tekton.dev/categories: Build Tools |
||||
|
tekton.dev/tags: build-tool |
||||
|
tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le" |
||||
|
spec: |
||||
|
description: >- |
||||
|
This Task can be used to run a Maven build. It uses a workspace to store m2 local repo. |
||||
|
|
||||
|
workspaces: |
||||
|
- name: source |
||||
|
description: The workspace consisting of maven project. |
||||
|
- name: maven-settings |
||||
|
description: >- |
||||
|
The workspace consisting of the custom maven settings |
||||
|
provided by the user. |
||||
|
- name: maven-local-repo |
||||
|
description: Local repo (m2) workspace |
||||
|
optional: true |
||||
|
params: |
||||
|
- name: MAVEN_IMAGE |
||||
|
type: string |
||||
|
description: Maven base image |
||||
|
default: docker.io/library/maven:3.9-eclipse-temurin-17-alpine |
||||
|
- name: GOALS |
||||
|
description: maven goals to run |
||||
|
type: array |
||||
|
default: |
||||
|
- "package" |
||||
|
- name: MAVEN_MIRROR_URL |
||||
|
description: The Maven repository mirror url |
||||
|
type: string |
||||
|
default: "" |
||||
|
- name: SERVER_USER |
||||
|
description: The username for the server |
||||
|
type: string |
||||
|
default: "" |
||||
|
- name: SERVER_PASSWORD |
||||
|
description: The password for the server |
||||
|
type: string |
||||
|
default: "" |
||||
|
- name: PROXY_USER |
||||
|
description: The username for the proxy server |
||||
|
type: string |
||||
|
default: "" |
||||
|
- name: PROXY_PASSWORD |
||||
|
description: The password for the proxy server |
||||
|
type: string |
||||
|
default: "" |
||||
|
- name: PROXY_PORT |
||||
|
description: Port number for the proxy server |
||||
|
type: string |
||||
|
default: "" |
||||
|
- name: PROXY_HOST |
||||
|
description: Proxy server Host |
||||
|
type: string |
||||
|
default: "" |
||||
|
- name: PROXY_NON_PROXY_HOSTS |
||||
|
description: Non proxy server host |
||||
|
type: string |
||||
|
default: "" |
||||
|
- name: PROXY_PROTOCOL |
||||
|
description: Protocol for the proxy ie http or https |
||||
|
type: string |
||||
|
default: "http" |
||||
|
- name: CONTEXT_DIR |
||||
|
type: string |
||||
|
description: >- |
||||
|
The context directory within the repository for sources on |
||||
|
which we want to execute maven goals. |
||||
|
default: "." |
||||
|
results: |
||||
|
- description: Maven project group id |
||||
|
name: group-id |
||||
|
type: string |
||||
|
- description: Maven project artifact id |
||||
|
name: artifact-id |
||||
|
type: string |
||||
|
- description: version |
||||
|
name: version |
||||
|
type: string |
||||
|
steps: |
||||
|
- name: mvn-settings |
||||
|
image: registry.access.redhat.com/ubi8/ubi-minimal:8.2 |
||||
|
securityContext: |
||||
|
runAsNonRoot: false |
||||
|
runAsUser: 0 |
||||
|
script: | |
||||
|
#!/usr/bin/env bash |
||||
|
|
||||
|
[[ -f $(workspaces.maven-settings.path)/settings.xml ]] && \ |
||||
|
echo "using existing $(workspaces.maven-settings.path)/settings.xml" && exit 0 |
||||
|
|
||||
|
cat > "$(workspaces.maven-settings.path)/settings.xml" <<EOF |
||||
|
<settings> |
||||
|
<servers> |
||||
|
<!-- The servers added here are generated from environment variables. Don't change. --> |
||||
|
<!-- ### SERVER's USER INFO from ENV ### --> |
||||
|
</servers> |
||||
|
<mirrors> |
||||
|
<!-- The mirrors added here are generated from environment variables. Don't change. --> |
||||
|
<!-- ### mirrors from ENV ### --> |
||||
|
</mirrors> |
||||
|
<proxies> |
||||
|
<!-- The proxies added here are generated from environment variables. Don't change. --> |
||||
|
<!-- ### HTTP proxy from ENV ### --> |
||||
|
</proxies> |
||||
|
</settings> |
||||
|
EOF |
||||
|
|
||||
|
xml="" |
||||
|
if [ -n "$(params.PROXY_HOST)" ] && [ -n "$(params.PROXY_PORT)" ]; then |
||||
|
xml="<proxy>\ |
||||
|
<id>genproxy</id>\ |
||||
|
<active>true</active>\ |
||||
|
<protocol>$(params.PROXY_PROTOCOL)</protocol>\ |
||||
|
<host>$(params.PROXY_HOST)</host>\ |
||||
|
<port>$(params.PROXY_PORT)</port>" |
||||
|
if [ -n "$(params.PROXY_USER)" ] && [ -n "$(params.PROXY_PASSWORD)" ]; then |
||||
|
xml="$xml\ |
||||
|
<username>$(params.PROXY_USER)</username>\ |
||||
|
<password>$(params.PROXY_PASSWORD)</password>" |
||||
|
fi |
||||
|
if [ -n "$(params.PROXY_NON_PROXY_HOSTS)" ]; then |
||||
|
xml="$xml\ |
||||
|
<nonProxyHosts>$(params.PROXY_NON_PROXY_HOSTS)</nonProxyHosts>" |
||||
|
fi |
||||
|
xml="$xml\ |
||||
|
</proxy>" |
||||
|
sed -i "s|<!-- ### HTTP proxy from ENV ### -->|$xml|" "$(workspaces.maven-settings.path)/settings.xml" |
||||
|
fi |
||||
|
|
||||
|
if [ -n "$(params.SERVER_USER)" ] && [ -n "$(params.SERVER_PASSWORD)" ]; then |
||||
|
xml="<server>\ |
||||
|
<id>serverid</id>" |
||||
|
xml="$xml\ |
||||
|
<username>$(params.SERVER_USER)</username>\ |
||||
|
<password>$(params.SERVER_PASSWORD)</password>" |
||||
|
xml="$xml\ |
||||
|
</server>" |
||||
|
sed -i "s|<!-- ### SERVER's USER INFO from ENV ### -->|$xml|" "$(workspaces.maven-settings.path)/settings.xml" |
||||
|
fi |
||||
|
|
||||
|
if [ -n "$(params.MAVEN_MIRROR_URL)" ]; then |
||||
|
xml=" <mirror>\ |
||||
|
<id>mirror.default</id>\ |
||||
|
<url>$(params.MAVEN_MIRROR_URL)</url>\ |
||||
|
<mirrorOf>central</mirrorOf>\ |
||||
|
</mirror>" |
||||
|
sed -i "s|<!-- ### mirrors from ENV ### -->|$xml|" "$(workspaces.maven-settings.path)/settings.xml" |
||||
|
fi |
||||
|
|
||||
|
- name: mvn-goals |
||||
|
image: $(params.MAVEN_IMAGE) |
||||
|
workingDir: $(workspaces.source.path)/$(params.CONTEXT_DIR) |
||||
|
args: ["$(params.GOALS[*])"] |
||||
|
securityContext: |
||||
|
runAsNonRoot: false |
||||
|
runAsUser: 0 |
||||
|
script: | |
||||
|
#!/usr/bin/env bash |
||||
|
|
||||
|
/usr/bin/mvn -s $(workspaces.maven-settings.path)/settings.xml "$@" '-Dmaven.repo.local=$(workspaces.maven-local-repo.path)/.m2' |
||||
|
|
||||
|
GROUPID=$(/usr/bin/mvn -s $(workspaces.maven-settings.path)/settings.xml '-Dmaven.repo.local=$(workspaces.maven-local-repo.path)/.m2' -q -Dexec.executable=echo -Dexec.args='${project.groupId}' --non-recursive exec:exec) |
||||
|
echo -n $GROUPID | tee $(results.group-id.path) |
||||
|
ARTIFACTID=$(/usr/bin/mvn -s $(workspaces.maven-settings.path)/settings.xml '-Dmaven.repo.local=$(workspaces.maven-local-repo.path)/.m2' -q -Dexec.executable=echo -Dexec.args='${project.artifactId}' --non-recursive exec:exec) |
||||
|
echo -n $ARTIFACTID | tee $(results.artifact-id.path) |
||||
|
VERSION=$(/usr/bin/mvn -s $(workspaces.maven-settings.path)/settings.xml '-Dmaven.repo.local=$(workspaces.maven-local-repo.path)/.m2' -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec) |
||||
|
echo -n $VERSION | tee $(results.version.path) |
||||
Loading…
Reference in new issue