9 changed files with 447 additions and 24 deletions
@ -0,0 +1,242 @@ |
|||
apiVersion: tekton.dev/v1beta1 |
|||
kind: Task |
|||
metadata: |
|||
name: git-clone |
|||
labels: |
|||
app.kubernetes.io/version: "0.9" |
|||
annotations: |
|||
tekton.dev/pipelines.minVersion: "0.38.0" |
|||
tekton.dev/categories: Git |
|||
tekton.dev/tags: git |
|||
tekton.dev/displayName: "git clone" |
|||
tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" |
|||
spec: |
|||
description: >- |
|||
These Tasks are Git tasks to work with repositories used by other tasks |
|||
in your Pipeline. |
|||
|
|||
The git-clone Task will clone a repo from the provided url into the |
|||
output Workspace. By default the repo will be cloned into the root of |
|||
your Workspace. You can clone into a subdirectory by setting this Task's |
|||
subdirectory param. This Task also supports sparse checkouts. To perform |
|||
a sparse checkout, pass a list of comma separated directory patterns to |
|||
this Task's sparseCheckoutDirectories param. |
|||
workspaces: |
|||
- name: output |
|||
description: The git repo will be cloned onto the volume backing this Workspace. |
|||
- name: ssh-directory |
|||
optional: true |
|||
description: | |
|||
A .ssh directory with private key, known_hosts, config, etc. Copied to |
|||
the user's home before git commands are executed. Used to authenticate |
|||
with the git remote when performing the clone. Binding a Secret to this |
|||
Workspace is strongly recommended over other volume types. |
|||
- name: basic-auth |
|||
optional: true |
|||
description: | |
|||
A Workspace containing a .gitconfig and .git-credentials file. These |
|||
will be copied to the user's home before any git commands are run. Any |
|||
other files in this Workspace are ignored. It is strongly recommended |
|||
to use ssh-directory over basic-auth whenever possible and to bind a |
|||
Secret to this Workspace over other volume types. |
|||
- name: ssl-ca-directory |
|||
optional: true |
|||
description: | |
|||
A workspace containing CA certificates, this will be used by Git to |
|||
verify the peer with when fetching or pushing over HTTPS. |
|||
params: |
|||
- name: url |
|||
description: Repository URL to clone from. |
|||
type: string |
|||
- name: revision |
|||
description: Revision to checkout. (branch, tag, sha, ref, etc...) |
|||
type: string |
|||
default: "" |
|||
- name: refspec |
|||
description: Refspec to fetch before checking out revision. |
|||
default: "" |
|||
- name: submodules |
|||
description: Initialize and fetch git submodules. |
|||
type: string |
|||
default: "true" |
|||
- name: depth |
|||
description: Perform a shallow clone, fetching only the most recent N commits. |
|||
type: string |
|||
default: "1" |
|||
- name: sslVerify |
|||
description: Set the `http.sslVerify` global git config. Setting this to `false` is not advised unless you are sure that you trust your git remote. |
|||
type: string |
|||
default: "true" |
|||
- name: crtFileName |
|||
description: file name of mounted crt using ssl-ca-directory workspace. default value is ca-bundle.crt. |
|||
type: string |
|||
default: "ca-bundle.crt" |
|||
- name: subdirectory |
|||
description: Subdirectory inside the `output` Workspace to clone the repo into. |
|||
type: string |
|||
default: "" |
|||
- name: sparseCheckoutDirectories |
|||
description: Define the directory patterns to match or exclude when performing a sparse checkout. |
|||
type: string |
|||
default: "" |
|||
- name: deleteExisting |
|||
description: Clean out the contents of the destination directory if it already exists before cloning. |
|||
type: string |
|||
default: "true" |
|||
- name: httpProxy |
|||
description: HTTP proxy server for non-SSL requests. |
|||
type: string |
|||
default: "" |
|||
- name: httpsProxy |
|||
description: HTTPS proxy server for SSL requests. |
|||
type: string |
|||
default: "" |
|||
- name: noProxy |
|||
description: Opt out of proxying HTTP/HTTPS requests. |
|||
type: string |
|||
default: "" |
|||
- name: verbose |
|||
description: Log the commands that are executed during `git-clone`'s operation. |
|||
type: string |
|||
default: "true" |
|||
- name: gitInitImage |
|||
description: The image providing the git-init binary that this Task runs. |
|||
type: string |
|||
default: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.40.2" |
|||
- name: userHome |
|||
description: | |
|||
Absolute path to the user's home directory. |
|||
type: string |
|||
default: "/home/git" |
|||
results: |
|||
- name: commit |
|||
description: The precise commit SHA that was fetched by this Task. |
|||
- name: url |
|||
description: The precise URL that was fetched by this Task. |
|||
- name: committer-date |
|||
description: The epoch timestamp of the commit that was fetched by this Task. |
|||
steps: |
|||
- name: clone |
|||
image: "$(params.gitInitImage)" |
|||
env: |
|||
- name: HOME |
|||
value: "$(params.userHome)" |
|||
- name: PARAM_URL |
|||
value: $(params.url) |
|||
- name: PARAM_REVISION |
|||
value: $(params.revision) |
|||
- name: PARAM_REFSPEC |
|||
value: $(params.refspec) |
|||
- name: PARAM_SUBMODULES |
|||
value: $(params.submodules) |
|||
- name: PARAM_DEPTH |
|||
value: $(params.depth) |
|||
- name: PARAM_SSL_VERIFY |
|||
value: $(params.sslVerify) |
|||
- name: PARAM_CRT_FILENAME |
|||
value: $(params.crtFileName) |
|||
- name: PARAM_SUBDIRECTORY |
|||
value: $(params.subdirectory) |
|||
- name: PARAM_DELETE_EXISTING |
|||
value: $(params.deleteExisting) |
|||
- name: PARAM_HTTP_PROXY |
|||
value: $(params.httpProxy) |
|||
- name: PARAM_HTTPS_PROXY |
|||
value: $(params.httpsProxy) |
|||
- name: PARAM_NO_PROXY |
|||
value: $(params.noProxy) |
|||
- name: PARAM_VERBOSE |
|||
value: $(params.verbose) |
|||
- name: PARAM_SPARSE_CHECKOUT_DIRECTORIES |
|||
value: $(params.sparseCheckoutDirectories) |
|||
- name: PARAM_USER_HOME |
|||
value: $(params.userHome) |
|||
- name: WORKSPACE_OUTPUT_PATH |
|||
value: $(workspaces.output.path) |
|||
- name: WORKSPACE_SSH_DIRECTORY_BOUND |
|||
value: $(workspaces.ssh-directory.bound) |
|||
- name: WORKSPACE_SSH_DIRECTORY_PATH |
|||
value: $(workspaces.ssh-directory.path) |
|||
- name: WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND |
|||
value: $(workspaces.basic-auth.bound) |
|||
- name: WORKSPACE_BASIC_AUTH_DIRECTORY_PATH |
|||
value: $(workspaces.basic-auth.path) |
|||
- name: WORKSPACE_SSL_CA_DIRECTORY_BOUND |
|||
value: $(workspaces.ssl-ca-directory.bound) |
|||
- name: WORKSPACE_SSL_CA_DIRECTORY_PATH |
|||
value: $(workspaces.ssl-ca-directory.path) |
|||
securityContext: |
|||
runAsNonRoot: false |
|||
runAsUser: 0 |
|||
script: | |
|||
#!/usr/bin/env sh |
|||
set -eu |
|||
|
|||
if [ "${PARAM_VERBOSE}" = "true" ] ; then |
|||
set -x |
|||
fi |
|||
|
|||
if [ "${WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND}" = "true" ] ; then |
|||
cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials" "${PARAM_USER_HOME}/.git-credentials" |
|||
cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig" "${PARAM_USER_HOME}/.gitconfig" |
|||
chmod 400 "${PARAM_USER_HOME}/.git-credentials" |
|||
chmod 400 "${PARAM_USER_HOME}/.gitconfig" |
|||
fi |
|||
|
|||
if [ "${WORKSPACE_SSH_DIRECTORY_BOUND}" = "true" ] ; then |
|||
cp -R "${WORKSPACE_SSH_DIRECTORY_PATH}" "${PARAM_USER_HOME}"/.ssh |
|||
chmod 700 "${PARAM_USER_HOME}"/.ssh |
|||
chmod -R 400 "${PARAM_USER_HOME}"/.ssh/* |
|||
fi |
|||
|
|||
if [ "${WORKSPACE_SSL_CA_DIRECTORY_BOUND}" = "true" ] ; then |
|||
export GIT_SSL_CAPATH="${WORKSPACE_SSL_CA_DIRECTORY_PATH}" |
|||
if [ "${PARAM_CRT_FILENAME}" != "" ] ; then |
|||
export GIT_SSL_CAINFO="${WORKSPACE_SSL_CA_DIRECTORY_PATH}/${PARAM_CRT_FILENAME}" |
|||
fi |
|||
fi |
|||
CHECKOUT_DIR="${WORKSPACE_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}" |
|||
|
|||
cleandir() { |
|||
# Delete any existing contents of the repo directory if it exists. |
|||
# |
|||
# We don't just "rm -rf ${CHECKOUT_DIR}" because ${CHECKOUT_DIR} might be "/" |
|||
# or the root of a mounted volume. |
|||
if [ -d "${CHECKOUT_DIR}" ] ; then |
|||
# Delete non-hidden files and directories |
|||
rm -rf "${CHECKOUT_DIR:?}"/* |
|||
# Delete files and directories starting with . but excluding .. |
|||
rm -rf "${CHECKOUT_DIR}"/.[!.]* |
|||
# Delete files and directories starting with .. plus any other character |
|||
rm -rf "${CHECKOUT_DIR}"/..?* |
|||
fi |
|||
} |
|||
|
|||
if [ "${PARAM_DELETE_EXISTING}" = "true" ] ; then |
|||
cleandir || true |
|||
fi |
|||
|
|||
test -z "${PARAM_HTTP_PROXY}" || export HTTP_PROXY="${PARAM_HTTP_PROXY}" |
|||
test -z "${PARAM_HTTPS_PROXY}" || export HTTPS_PROXY="${PARAM_HTTPS_PROXY}" |
|||
test -z "${PARAM_NO_PROXY}" || export NO_PROXY="${PARAM_NO_PROXY}" |
|||
|
|||
git config --global --add safe.directory "${WORKSPACE_OUTPUT_PATH}" |
|||
/ko-app/git-init \ |
|||
-url="${PARAM_URL}" \ |
|||
-revision="${PARAM_REVISION}" \ |
|||
-refspec="${PARAM_REFSPEC}" \ |
|||
-path="${CHECKOUT_DIR}" \ |
|||
-sslVerify="${PARAM_SSL_VERIFY}" \ |
|||
-submodules="${PARAM_SUBMODULES}" \ |
|||
-depth="${PARAM_DEPTH}" \ |
|||
-sparseCheckoutDirectories="${PARAM_SPARSE_CHECKOUT_DIRECTORIES}" |
|||
cd "${CHECKOUT_DIR}" |
|||
RESULT_SHA="$(git rev-parse HEAD)" |
|||
EXIT_CODE="$?" |
|||
if [ "${EXIT_CODE}" != 0 ] ; then |
|||
exit "${EXIT_CODE}" |
|||
fi |
|||
RESULT_COMMITTER_DATE="$(git log -1 --pretty=%ct)" |
|||
printf "%s" "${RESULT_COMMITTER_DATE}" > "$(results.committer-date.path)" |
|||
printf "%s" "${RESULT_SHA}" > "$(results.commit.path)" |
|||
printf "%s" "${PARAM_URL}" > "$(results.url.path)" |
|||
@ -0,0 +1,176 @@ |
|||
apiVersion: tekton.dev/v1 |
|||
kind: Task |
|||
metadata: |
|||
name: maven |
|||
labels: |
|||
app.kubernetes.io/version: "0.4" |
|||
annotations: |
|||
tekton.dev/pipelines.minVersion: "0.50.0" |
|||
tekton.dev/categories: Build Tools |
|||
tekton.dev/tags: build-tool |
|||
tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le" |
|||
spec: |
|||
description: >- |
|||
This Task can be used to run a Maven build. It uses a workspace to store m2 local repo. |
|||
|
|||
workspaces: |
|||
- name: source |
|||
description: The workspace consisting of maven project. |
|||
- name: maven-settings |
|||
description: >- |
|||
The workspace consisting of the custom maven settings |
|||
provided by the user. |
|||
- name: maven-local-repo |
|||
description: Local repo (m2) workspace |
|||
optional: true |
|||
params: |
|||
- name: MAVEN_IMAGE |
|||
type: string |
|||
description: Maven base image |
|||
default: docker.io/library/maven:3.9-eclipse-temurin-17-alpine |
|||
- name: GOALS |
|||
description: maven goals to run |
|||
type: array |
|||
default: |
|||
- "package" |
|||
- name: MAVEN_MIRROR_URL |
|||
description: The Maven repository mirror url |
|||
type: string |
|||
default: "" |
|||
- name: SERVER_USER |
|||
description: The username for the server |
|||
type: string |
|||
default: "" |
|||
- name: SERVER_PASSWORD |
|||
description: The password for the server |
|||
type: string |
|||
default: "" |
|||
- name: PROXY_USER |
|||
description: The username for the proxy server |
|||
type: string |
|||
default: "" |
|||
- name: PROXY_PASSWORD |
|||
description: The password for the proxy server |
|||
type: string |
|||
default: "" |
|||
- name: PROXY_PORT |
|||
description: Port number for the proxy server |
|||
type: string |
|||
default: "" |
|||
- name: PROXY_HOST |
|||
description: Proxy server Host |
|||
type: string |
|||
default: "" |
|||
- name: PROXY_NON_PROXY_HOSTS |
|||
description: Non proxy server host |
|||
type: string |
|||
default: "" |
|||
- name: PROXY_PROTOCOL |
|||
description: Protocol for the proxy ie http or https |
|||
type: string |
|||
default: "http" |
|||
- name: CONTEXT_DIR |
|||
type: string |
|||
description: >- |
|||
The context directory within the repository for sources on |
|||
which we want to execute maven goals. |
|||
default: "." |
|||
results: |
|||
- description: Maven project group id |
|||
name: group-id |
|||
type: string |
|||
- description: Maven project artifact id |
|||
name: artifact-id |
|||
type: string |
|||
- description: version |
|||
name: version |
|||
type: string |
|||
steps: |
|||
- name: mvn-settings |
|||
image: registry.access.redhat.com/ubi8/ubi-minimal:8.2 |
|||
securityContext: |
|||
runAsNonRoot: false |
|||
runAsUser: 0 |
|||
script: | |
|||
#!/usr/bin/env bash |
|||
|
|||
[[ -f $(workspaces.maven-settings.path)/settings.xml ]] && \ |
|||
echo "using existing $(workspaces.maven-settings.path)/settings.xml" && exit 0 |
|||
|
|||
cat > "$(workspaces.maven-settings.path)/settings.xml" <<EOF |
|||
<settings> |
|||
<servers> |
|||
<!-- The servers added here are generated from environment variables. Don't change. --> |
|||
<!-- ### SERVER's USER INFO from ENV ### --> |
|||
</servers> |
|||
<mirrors> |
|||
<!-- The mirrors added here are generated from environment variables. Don't change. --> |
|||
<!-- ### mirrors from ENV ### --> |
|||
</mirrors> |
|||
<proxies> |
|||
<!-- The proxies added here are generated from environment variables. Don't change. --> |
|||
<!-- ### HTTP proxy from ENV ### --> |
|||
</proxies> |
|||
</settings> |
|||
EOF |
|||
|
|||
xml="" |
|||
if [ -n "$(params.PROXY_HOST)" ] && [ -n "$(params.PROXY_PORT)" ]; then |
|||
xml="<proxy>\ |
|||
<id>genproxy</id>\ |
|||
<active>true</active>\ |
|||
<protocol>$(params.PROXY_PROTOCOL)</protocol>\ |
|||
<host>$(params.PROXY_HOST)</host>\ |
|||
<port>$(params.PROXY_PORT)</port>" |
|||
if [ -n "$(params.PROXY_USER)" ] && [ -n "$(params.PROXY_PASSWORD)" ]; then |
|||
xml="$xml\ |
|||
<username>$(params.PROXY_USER)</username>\ |
|||
<password>$(params.PROXY_PASSWORD)</password>" |
|||
fi |
|||
if [ -n "$(params.PROXY_NON_PROXY_HOSTS)" ]; then |
|||
xml="$xml\ |
|||
<nonProxyHosts>$(params.PROXY_NON_PROXY_HOSTS)</nonProxyHosts>" |
|||
fi |
|||
xml="$xml\ |
|||
</proxy>" |
|||
sed -i "s|<!-- ### HTTP proxy from ENV ### -->|$xml|" "$(workspaces.maven-settings.path)/settings.xml" |
|||
fi |
|||
|
|||
if [ -n "$(params.SERVER_USER)" ] && [ -n "$(params.SERVER_PASSWORD)" ]; then |
|||
xml="<server>\ |
|||
<id>serverid</id>" |
|||
xml="$xml\ |
|||
<username>$(params.SERVER_USER)</username>\ |
|||
<password>$(params.SERVER_PASSWORD)</password>" |
|||
xml="$xml\ |
|||
</server>" |
|||
sed -i "s|<!-- ### SERVER's USER INFO from ENV ### -->|$xml|" "$(workspaces.maven-settings.path)/settings.xml" |
|||
fi |
|||
|
|||
if [ -n "$(params.MAVEN_MIRROR_URL)" ]; then |
|||
xml=" <mirror>\ |
|||
<id>mirror.default</id>\ |
|||
<url>$(params.MAVEN_MIRROR_URL)</url>\ |
|||
<mirrorOf>central</mirrorOf>\ |
|||
</mirror>" |
|||
sed -i "s|<!-- ### mirrors from ENV ### -->|$xml|" "$(workspaces.maven-settings.path)/settings.xml" |
|||
fi |
|||
|
|||
- name: mvn-goals |
|||
image: $(params.MAVEN_IMAGE) |
|||
workingDir: $(workspaces.source.path)/$(params.CONTEXT_DIR) |
|||
args: ["$(params.GOALS[*])"] |
|||
securityContext: |
|||
runAsNonRoot: false |
|||
runAsUser: 0 |
|||
script: | |
|||
#!/usr/bin/env bash |
|||
|
|||
/usr/bin/mvn -s $(workspaces.maven-settings.path)/settings.xml "$@" '-Dmaven.repo.local=$(workspaces.maven-local-repo.path)/.m2' |
|||
|
|||
GROUPID=$(/usr/bin/mvn -s $(workspaces.maven-settings.path)/settings.xml '-Dmaven.repo.local=$(workspaces.maven-local-repo.path)/.m2' -q -Dexec.executable=echo -Dexec.args='${project.groupId}' --non-recursive exec:exec) |
|||
echo -n $GROUPID | tee $(results.group-id.path) |
|||
ARTIFACTID=$(/usr/bin/mvn -s $(workspaces.maven-settings.path)/settings.xml '-Dmaven.repo.local=$(workspaces.maven-local-repo.path)/.m2' -q -Dexec.executable=echo -Dexec.args='${project.artifactId}' --non-recursive exec:exec) |
|||
echo -n $ARTIFACTID | tee $(results.artifact-id.path) |
|||
VERSION=$(/usr/bin/mvn -s $(workspaces.maven-settings.path)/settings.xml '-Dmaven.repo.local=$(workspaces.maven-local-repo.path)/.m2' -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec) |
|||
echo -n $VERSION | tee $(results.version.path) |
|||
Loading…
Reference in new issue