├── .gitignore ├── .tekton ├── pipeline.yaml └── tekton.yaml ├── .yamllint ├── LICENSE ├── Makefile ├── OWNERS ├── README.md ├── openshift ├── gen │ ├── generate-pipeline-catalog.py │ ├── pipeline.django.yaml │ └── prestep.yaml └── release │ ├── README.md │ ├── create-release-branch.sh │ ├── cron-nightly-ci-run.yaml │ ├── nightly-ci-run.yaml │ └── update-to-head.sh ├── requirements.txt └── task ├── s2i-dotnet └── 0.1 │ ├── README.md │ ├── s2i-dotnet.yaml │ └── tests │ ├── pv.yaml │ └── step.yaml ├── s2i-eap └── 0.1 │ ├── README.md │ └── s2i-eap.yaml ├── s2i-go └── 0.1 │ ├── README.md │ ├── s2i-go.yaml │ └── tests │ ├── pv.yaml │ └── step.yaml ├── s2i-java └── 0.1 │ ├── README.md │ ├── s2i-java.yaml │ └── tests │ ├── pv.yaml │ └── step.yaml ├── s2i-nodejs └── 0.1 │ ├── README.md │ ├── s2i-nodejs.yaml │ └── tests │ ├── pv.yaml │ └── step.yaml ├── s2i-perl └── 0.1 │ ├── README.md │ ├── s2i-perl.yaml │ └── tests.disabled │ ├── pv.yaml │ └── step.yaml ├── s2i-php └── 0.1 │ ├── README.md │ ├── s2i-php.yaml │ └── tests │ ├── pv.yaml │ └── step.yaml ├── s2i-python └── 0.1 │ ├── README.md │ ├── s2i-python.yaml │ └── tests │ ├── pv.yaml │ └── step.yaml └── s2i-ruby └── 0.1 ├── README.md ├── s2i-ruby.yaml └── tests ├── pv.yaml └── step.yaml /.gitignore: -------------------------------------------------------------------------------- 1 | .venv 2 | -------------------------------------------------------------------------------- /.tekton/pipeline.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tekton.dev/v1beta1 3 | kind: Task 4 | metadata: 5 | name: s2i-dotnet 6 | labels: 7 | app.kubernetes.io/version: "0.1" 8 | annotations: 9 | tekton.dev/pipelines.minVersion: "0.19" 10 | tekton.dev/tags: s2i, dotnet, workspace 11 | tekton.dev/displayName: "s2i dotnet" 12 | spec: 13 | description: >- 14 | s2i-dotnet task fetches a Git repository and builds and 15 | pushes a container image using S2I and a .NET Core builder image. 16 | 17 | results: 18 | - name: IMAGE_DIGEST 19 | description: Digest of the image just built. 20 | params: 21 | - name: BUILDER_IMAGE 22 | description: The location of the buildah builder image. 23 | default: quay.io/buildah/stable:v1.17.0 24 | - name: VERSION 25 | description: The tag of .NET imagestream for .NET version 26 | default: '3.1-ubi8' 27 | type: string 28 | - name: PATH_CONTEXT 29 | description: The location of the path to run s2i from. 30 | default: . 31 | type: string 32 | - name: TLSVERIFY 33 | description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) 34 | default: "true" 35 | type: string 36 | - name: IMAGE 37 | description: Location of the repo where image has to be pushed 38 | type: string 39 | workspaces: 40 | - name: source 41 | mountPath: /workspace/source 42 | steps: 43 | - name: generate 44 | image: quay.io/openshift-pipeline/s2i 45 | workingdir: $(workspaces.source.path) 46 | command: ['s2i', 'build', '$(params.PATH_CONTEXT)', 'image-registry.openshift-image-registry.svc:5000/openshift/dotnet:$(params.VERSION)', '--as-dockerfile', '/gen-source/Dockerfile.gen'] 47 | volumeMounts: 48 | - name: gen-source 49 | mountPath: /gen-source 50 | - name: build 51 | image: $(params.BUILDER_IMAGE) 52 | workingdir: /gen-source 53 | command: ['buildah', 'bud', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(params.IMAGE)', '.'] 54 | volumeMounts: 55 | - name: varlibcontainers 56 | mountPath: /var/lib/containers 57 | - name: gen-source 58 | mountPath: /gen-source 59 | - name: push 60 | workingDir: $(workspaces.source.path) 61 | image: $(params.BUILDER_IMAGE) 62 | command: ['buildah', 'push', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--digestfile=$(workspaces.source.path)/image-digest', '$(params.IMAGE)', 'docker://$(params.IMAGE)'] 63 | volumeMounts: 64 | - name: varlibcontainers 65 | mountPath: /var/lib/containers 66 | - name: digest-to-results 67 | image: $(params.BUILDER_IMAGE) 68 | script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST 69 | volumes: 70 | - name: varlibcontainers 71 | emptyDir: {} 72 | - name: gen-source 73 | emptyDir: {} 74 | 75 | --- 76 | apiVersion: v1 77 | kind: PersistentVolumeClaim 78 | metadata: 79 | name: s2i-dotnet-workspace 80 | spec: 81 | accessModes: 82 | - ReadWriteOnce 83 | resources: 84 | requests: 85 | storage: 100Mi 86 | --- 87 | apiVersion: tekton.dev/v1beta1 88 | kind: Task 89 | metadata: 90 | name: s2i-go 91 | labels: 92 | app.kubernetes.io/version: "0.1" 93 | annotations: 94 | tekton.dev/pipelines.minVersion: "0.19" 95 | tekton.dev/tags: s2i, go, workspace 96 | tekton.dev/displayName: "s2i go" 97 | spec: 98 | description: >- 99 | s2i-go task clones a Git repository and builds and 100 | pushes a container image using S2I and a Go builder image. 101 | 102 | results: 103 | - name: IMAGE_DIGEST 104 | description: Digest of the image just built. 105 | params: 106 | - name: VERSION 107 | description: The tag of go imagestream for go version 108 | default: '1.14.7-ubi8' 109 | type: string 110 | - name: PATH_CONTEXT 111 | description: The location of the path to run s2i from. 112 | default: . 113 | type: string 114 | - name: TLSVERIFY 115 | description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) 116 | default: "true" 117 | type: string 118 | - name: IMAGE 119 | description: Location of the repo where image has to be pushed 120 | type: string 121 | - name: BUILDER_IMAGE 122 | description: The location of the buildah builder image. 123 | default: quay.io/buildah/stable:v1.17.0 124 | workspaces: 125 | - name: source 126 | mountPath: /workspace/source 127 | steps: 128 | - name: generate 129 | image: quay.io/openshift-pipeline/s2i 130 | workingdir: $(workspaces.source.path) 131 | command: ['s2i', 'build', '$(params.PATH_CONTEXT)', 'image-registry.openshift-image-registry.svc:5000/openshift/golang:$(params.VERSION)', '--as-dockerfile', '/gen-source/Dockerfile.gen'] 132 | volumeMounts: 133 | - name: gen-source 134 | mountPath: /gen-source 135 | - name: build 136 | image: $(params.BUILDER_IMAGE) 137 | workingdir: /gen-source 138 | command: ['buildah', 'bud', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(params.IMAGE)', '.'] 139 | volumeMounts: 140 | - name: varlibcontainers 141 | mountPath: /var/lib/containers 142 | - name: gen-source 143 | mountPath: /gen-source 144 | - name: push 145 | workingDir: $(workspaces.source.path) 146 | image: $(params.BUILDER_IMAGE) 147 | command: ['buildah', 'push', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--digestfile=$(workspaces.source.path)/image-digest', '$(params.IMAGE)', 'docker://$(params.IMAGE)'] 148 | volumeMounts: 149 | - name: varlibcontainers 150 | mountPath: /var/lib/containers 151 | - name: digest-to-results 152 | image: $(params.BUILDER_IMAGE) 153 | script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST 154 | volumes: 155 | - name: varlibcontainers 156 | emptyDir: {} 157 | - name: gen-source 158 | emptyDir: {} 159 | 160 | --- 161 | apiVersion: v1 162 | kind: PersistentVolumeClaim 163 | metadata: 164 | name: s2i-go-workspace 165 | spec: 166 | accessModes: 167 | - ReadWriteOnce 168 | resources: 169 | requests: 170 | storage: 100Mi 171 | --- 172 | apiVersion: tekton.dev/v1beta1 173 | kind: Task 174 | metadata: 175 | name: s2i-java 176 | labels: 177 | app.kubernetes.io/version: "0.1" 178 | annotations: 179 | tekton.dev/pipelines.minVersion: "0.19" 180 | tekton.dev/tags: s2i, java, workspace 181 | tekton.dev/displayName: "s2i java" 182 | spec: 183 | description: >- 184 | s2i-java task clones a Git repository and builds and 185 | pushes a container image using S2I and a Java builder image. 186 | 187 | results: 188 | - name: IMAGE_DIGEST 189 | description: Digest of the image just built. 190 | params: 191 | - name: VERSION 192 | description: The tag of java imagestream for java version 193 | default: 'openjdk-11-ubi8' 194 | type: string 195 | - name: PATH_CONTEXT 196 | description: The location of the path to run s2i from 197 | default: . 198 | type: string 199 | - name: TLSVERIFY 200 | description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) 201 | default: "true" 202 | type: string 203 | - name: MAVEN_ARGS_APPEND 204 | description: Additional Maven arguments 205 | default: "" 206 | type: string 207 | - name: MAVEN_CLEAR_REPO 208 | description: Remove the Maven repository after the artifact is built 209 | default: "false" 210 | type: string 211 | - name: MAVEN_MIRROR_URL 212 | description: The base URL of a mirror used for retrieving artifacts 213 | default: "" 214 | type: string 215 | - name: IMAGE 216 | description: Location of the repo where image has to be pushed 217 | type: string 218 | - name: BUILDER_IMAGE 219 | description: The location of the buildah builder image. 220 | default: quay.io/buildah/stable:v1.17.0 221 | workspaces: 222 | - name: source 223 | mountPath: /workspace/source 224 | steps: 225 | - name: gen-env-file 226 | image: quay.io/openshift-pipeline/s2i 227 | workingdir: /env-params 228 | command: 229 | - '/bin/sh' 230 | - '-c' 231 | args: 232 | - |- 233 | echo "MAVEN_CLEAR_REPO=$(params.MAVEN_CLEAR_REPO)" > env-file 234 | 235 | [[ '$(params.MAVEN_ARGS_APPEND)' != "" ]] && 236 | echo "MAVEN_ARGS_APPEND=$(params.MAVEN_ARGS_APPEND)" >> env-file 237 | 238 | [[ '$(params.MAVEN_MIRROR_URL)' != "" ]] && 239 | echo "MAVEN_MIRROR_URL=$(params.MAVEN_MIRROR_URL)" >> env-file 240 | 241 | echo "Generated Env file" 242 | echo "------------------------------" 243 | cat env-file 244 | echo "------------------------------" 245 | volumeMounts: 246 | - name: envparams 247 | mountPath: /env-params 248 | - name: generate 249 | image: quay.io/openshift-pipeline/s2i 250 | workingdir: $(workspaces.source.path) 251 | command: 252 | - 's2i' 253 | - 'build' 254 | - '$(params.PATH_CONTEXT)' 255 | - 'image-registry.openshift-image-registry.svc:5000/openshift/java:$(params.VERSION)' 256 | - '--image-scripts-url' 257 | - 'image:///usr/local/s2i' 258 | - '--as-dockerfile' 259 | - '/gen-source/Dockerfile.gen' 260 | - '--environment-file' 261 | - '/env-params/env-file' 262 | volumeMounts: 263 | - name: gen-source 264 | mountPath: /gen-source 265 | - name: envparams 266 | mountPath: /env-params 267 | - name: build 268 | image: $(params.BUILDER_IMAGE) 269 | workingdir: /gen-source 270 | command: ['buildah', 'bud', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(params.IMAGE)', '.'] 271 | volumeMounts: 272 | - name: varlibcontainers 273 | mountPath: /var/lib/containers 274 | - name: gen-source 275 | mountPath: /gen-source 276 | - name: push 277 | image: $(params.BUILDER_IMAGE) 278 | workingDir: $(workspaces.source.path) 279 | command: ['buildah', 'push', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--digestfile=$(workspaces.source.path)/image-digest', '$(params.IMAGE)', 'docker://$(params.IMAGE)'] 280 | volumeMounts: 281 | - name: varlibcontainers 282 | mountPath: /var/lib/containers 283 | - name: digest-to-results 284 | image: $(params.BUILDER_IMAGE) 285 | script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST 286 | volumes: 287 | - name: varlibcontainers 288 | emptyDir: {} 289 | - name: gen-source 290 | emptyDir: {} 291 | - name: envparams 292 | emptyDir: {} 293 | 294 | --- 295 | apiVersion: v1 296 | kind: PersistentVolumeClaim 297 | metadata: 298 | name: s2i-java-workspace 299 | spec: 300 | accessModes: 301 | - ReadWriteOnce 302 | resources: 303 | requests: 304 | storage: 100Mi 305 | --- 306 | apiVersion: tekton.dev/v1beta1 307 | kind: Task 308 | metadata: 309 | name: s2i-nodejs 310 | labels: 311 | app.kubernetes.io/version: "0.1" 312 | annotations: 313 | tekton.dev/pipelines.minVersion: "0.19" 314 | tekton.dev/tags: s2i, nodejs, workspace 315 | tekton.dev/displayName: "s2i nodejs" 316 | spec: 317 | description: >- 318 | s2i-nodejs task clones a Git repository and builds and 319 | pushes a container image using S2I and a nodejs builder image. 320 | 321 | results: 322 | - name: IMAGE_DIGEST 323 | description: Digest of the image just built. 324 | params: 325 | - name: VERSION 326 | description: The tag of nodejs imagestream for nodejs version 327 | default: '14-ubi8' 328 | type: string 329 | - name: PATH_CONTEXT 330 | description: The location of the path to run s2i from. 331 | default: . 332 | type: string 333 | - name: TLSVERIFY 334 | description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) 335 | default: "true" 336 | type: string 337 | - name: IMAGE 338 | description: Location of the repo where image has to be pushed 339 | type: string 340 | - name: BUILDER_IMAGE 341 | description: The location of the buildah builder image. 342 | default: quay.io/buildah/stable:v1.17.0 343 | workspaces: 344 | - name: source 345 | mountPath: /workspace/source 346 | steps: 347 | - name: generate 348 | image: quay.io/openshift-pipeline/s2i 349 | workingdir: $(workspaces.source.path) 350 | command: ['s2i', 'build', '$(params.PATH_CONTEXT)', 'image-registry.openshift-image-registry.svc:5000/openshift/nodejs:$(params.VERSION)', '--as-dockerfile', '/gen-source/Dockerfile.gen'] 351 | volumeMounts: 352 | - name: gen-source 353 | mountPath: /gen-source 354 | - name: build 355 | image: $(params.BUILDER_IMAGE) 356 | workingdir: /gen-source 357 | command: ['buildah', 'bud', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(params.IMAGE)', '.'] 358 | volumeMounts: 359 | - name: varlibcontainers 360 | mountPath: /var/lib/containers 361 | - name: gen-source 362 | mountPath: /gen-source 363 | - name: push 364 | image: $(params.BUILDER_IMAGE) 365 | workingDir: $(workspaces.source.path) 366 | command: ['buildah', 'push', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--digestfile=$(workspaces.source.path)/image-digest', '$(params.IMAGE)', 'docker://$(params.IMAGE)'] 367 | volumeMounts: 368 | - name: varlibcontainers 369 | mountPath: /var/lib/containers 370 | - name: digest-to-results 371 | image: $(params.BUILDER_IMAGE) 372 | script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST 373 | volumes: 374 | - name: varlibcontainers 375 | emptyDir: {} 376 | - name: gen-source 377 | emptyDir: {} 378 | 379 | --- 380 | apiVersion: v1 381 | kind: PersistentVolumeClaim 382 | metadata: 383 | name: s2i-nodejs-workspace 384 | spec: 385 | accessModes: 386 | - ReadWriteOnce 387 | resources: 388 | requests: 389 | storage: 100Mi 390 | --- 391 | apiVersion: tekton.dev/v1beta1 392 | kind: Task 393 | metadata: 394 | name: s2i-php 395 | labels: 396 | app.kubernetes.io/version: "0.1" 397 | annotations: 398 | tekton.dev/pipelines.minVersion: "0.19" 399 | tekton.dev/tags: s2i, php, workspace 400 | tekton.dev/displayName: "s2i php" 401 | spec: 402 | description: >- 403 | s2i-php task clones a Git repository and builds and 404 | pushes a container image using S2I and a PHP builder image. 405 | 406 | results: 407 | - name: IMAGE_DIGEST 408 | description: Digest of the image just built. 409 | params: 410 | - name: VERSION 411 | description: The tag of php imagestream for php version 412 | default: '7.4-ubi8' 413 | type: string 414 | - name: PATH_CONTEXT 415 | description: The location of the path to run s2i from. 416 | default: . 417 | type: string 418 | - name: TLSVERIFY 419 | description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) 420 | default: "true" 421 | type: string 422 | - name: IMAGE 423 | description: Location of the repo where image has to be pushed 424 | type: string 425 | - name: BUILDER_IMAGE 426 | description: The location of the buildah builder image. 427 | default: quay.io/buildah/stable:v1.17.0 428 | workspaces: 429 | - name: source 430 | mountPath: /workspace/source 431 | steps: 432 | - name: generate 433 | image: quay.io/openshift-pipeline/s2i 434 | workingdir: $(workspaces.source.path) 435 | command: ['s2i', 'build', '$(params.PATH_CONTEXT)', 'image-registry.openshift-image-registry.svc:5000/openshift/php:$(params.VERSION)', '--as-dockerfile', '/gen-source/Dockerfile.gen'] 436 | volumeMounts: 437 | - name: gen-source 438 | mountPath: /gen-source 439 | - name: build 440 | image: $(params.BUILDER_IMAGE) 441 | workingdir: /gen-source 442 | command: ['buildah', 'bud', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(params.IMAGE)', '.'] 443 | volumeMounts: 444 | - name: varlibcontainers 445 | mountPath: /var/lib/containers 446 | - name: gen-source 447 | mountPath: /gen-source 448 | - name: push 449 | image: $(params.BUILDER_IMAGE) 450 | command: ['buildah', 'push', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--digestfile=$(workspaces.source.path)/image-digest', '$(params.IMAGE)', 'docker://$(params.IMAGE)'] 451 | volumeMounts: 452 | - name: varlibcontainers 453 | mountPath: /var/lib/containers 454 | - name: digest-to-results 455 | image: $(params.BUILDER_IMAGE) 456 | script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST 457 | volumes: 458 | - name: varlibcontainers 459 | emptyDir: {} 460 | - name: gen-source 461 | emptyDir: {} 462 | 463 | --- 464 | apiVersion: v1 465 | kind: PersistentVolumeClaim 466 | metadata: 467 | name: s2i-php-workspace 468 | spec: 469 | accessModes: 470 | - ReadWriteOnce 471 | resources: 472 | requests: 473 | storage: 100Mi 474 | 475 | --- 476 | apiVersion: tekton.dev/v1beta1 477 | kind: Task 478 | metadata: 479 | name: s2i-python 480 | labels: 481 | app.kubernetes.io/version: "0.1" 482 | annotations: 483 | tekton.dev/pipelines.minVersion: "0.19" 484 | tekton.dev/tags: s2i, python, workspace 485 | tekton.dev/displayName: "s2i python" 486 | spec: 487 | description: >- 488 | s2i-python task clones a Git repository and builds and 489 | pushes a container image using S2I and a Python builder image. 490 | 491 | results: 492 | - name: IMAGE_DIGEST 493 | description: Digest of the image just built. 494 | params: 495 | - name: VERSION 496 | description: The tag of python imagestream for python version 497 | default: '3.8-ubi8' 498 | type: string 499 | - name: PATH_CONTEXT 500 | description: The location of the path to run s2i from. 501 | default: . 502 | type: string 503 | - name: TLSVERIFY 504 | description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) 505 | default: "true" 506 | type: string 507 | - name: IMAGE 508 | description: Location of the repo where image has to be pushed 509 | type: string 510 | - name: BUILDER_IMAGE 511 | description: The location of the buildah builder image. 512 | default: quay.io/buildah/stable:v1.17.0 513 | workspaces: 514 | - name: source 515 | mountPath: /workspace/source 516 | steps: 517 | - name: generate 518 | image: quay.io/openshift-pipeline/s2i 519 | workingdir: $(workspaces.source.path) 520 | command: ['s2i', 'build', '$(params.PATH_CONTEXT)', 'image-registry.openshift-image-registry.svc:5000/openshift/python:$(params.VERSION)', '--as-dockerfile', '/gen-source/Dockerfile.gen'] 521 | volumeMounts: 522 | - name: gen-source 523 | mountPath: /gen-source 524 | - name: build 525 | image: $(params.BUILDER_IMAGE) 526 | workingdir: /gen-source 527 | command: ['buildah', 'bud', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(params.IMAGE)', '.'] 528 | volumeMounts: 529 | - name: varlibcontainers 530 | mountPath: /var/lib/containers 531 | - name: gen-source 532 | mountPath: /gen-source 533 | - name: push 534 | 535 | workingDir: $(workspaces.source.path) 536 | image: $(params.BUILDER_IMAGE) 537 | command: ['buildah', 'push', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--digestfile=$(workspaces.source.path)/image-digest', '$(params.IMAGE)', 'docker://$(params.IMAGE)'] 538 | volumeMounts: 539 | - name: varlibcontainers 540 | mountPath: /var/lib/containers 541 | - name: digest-to-results 542 | image: $(params.BUILDER_IMAGE) 543 | script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST 544 | volumes: 545 | - name: varlibcontainers 546 | emptyDir: {} 547 | - name: gen-source 548 | emptyDir: {} 549 | 550 | --- 551 | apiVersion: v1 552 | kind: PersistentVolumeClaim 553 | metadata: 554 | name: s2i-python-workspace 555 | spec: 556 | accessModes: 557 | - ReadWriteOnce 558 | resources: 559 | requests: 560 | storage: 100Mi 561 | 562 | --- 563 | apiVersion: tekton.dev/v1beta1 564 | kind: Task 565 | metadata: 566 | name: s2i-ruby 567 | labels: 568 | app.kubernetes.io/version: "0.1" 569 | annotations: 570 | tekton.dev/pipelines.minVersion: "0.19" 571 | tekton.dev/tags: s2i, ruby, workspace 572 | tekton.dev/displayName: "s2i ruby" 573 | spec: 574 | description: >- 575 | s2i-ruby task clones a Git repository and builds and 576 | pushes a container image using S2I and a Ruby builder image. 577 | 578 | results: 579 | - name: IMAGE_DIGEST 580 | description: Digest of the image just built. 581 | params: 582 | - name: VERSION 583 | description: The tag of ruby imagestream for ruby version 584 | default: '2.7-ubi8' 585 | type: string 586 | - name: PATH_CONTEXT 587 | description: The location of the path to run s2i from. 588 | default: . 589 | type: string 590 | - name: TLSVERIFY 591 | description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) 592 | default: "true" 593 | type: string 594 | - name: IMAGE 595 | description: Location of the repo where image has to be pushed 596 | type: string 597 | - name: BUILDER_IMAGE 598 | description: The location of the buildah builder image. 599 | default: quay.io/buildah/stable:v1.17.0 600 | workspaces: 601 | - name: source 602 | mountPath: /workspace/source 603 | steps: 604 | - name: generate 605 | image: quay.io/openshift-pipeline/s2i 606 | workingdir: $(workspaces.source.path) 607 | command: ['s2i', 'build', '$(params.PATH_CONTEXT)', 'image-registry.openshift-image-registry.svc:5000/openshift/ruby:$(params.VERSION)', '--as-dockerfile', '/gen-source/Dockerfile.gen'] 608 | volumeMounts: 609 | - name: gen-source 610 | mountPath: /gen-source 611 | - name: build 612 | image: $(params.BUILDER_IMAGE) 613 | workingdir: /gen-source 614 | command: ['buildah', 'bud', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(params.IMAGE)', '.'] 615 | volumeMounts: 616 | - name: varlibcontainers 617 | mountPath: /var/lib/containers 618 | - name: gen-source 619 | mountPath: /gen-source 620 | - name: push 621 | image: $(params.BUILDER_IMAGE) 622 | workingDir: $(workspaces.source.path) 623 | command: ['buildah', 'push', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--digestfile=$(workspaces.source.path)/image-digest', '$(params.IMAGE)', 'docker://$(params.IMAGE)'] 624 | volumeMounts: 625 | - name: varlibcontainers 626 | mountPath: /var/lib/containers 627 | - name: digest-to-results 628 | image: $(params.BUILDER_IMAGE) 629 | script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST 630 | volumes: 631 | - name: varlibcontainers 632 | emptyDir: {} 633 | - name: gen-source 634 | emptyDir: {} 635 | --- 636 | apiVersion: v1 637 | kind: PersistentVolumeClaim 638 | metadata: 639 | name: s2i-ruby-workspace 640 | spec: 641 | accessModes: 642 | - ReadWriteOnce 643 | resources: 644 | requests: 645 | storage: 100Mi 646 | 647 | --- 648 | apiVersion: tekton.dev/v1beta1 649 | kind: Pipeline 650 | metadata: 651 | name: pipelines-catalog 652 | spec: 653 | params: 654 | - name: repo_url 655 | - name: revision 656 | workspaces: 657 | - name: source 658 | - name: s2i-dotnet-workspace 659 | - name: s2i-go-workspace 660 | - name: s2i-java-workspace 661 | - name: s2i-nodejs-workspace 662 | - name: s2i-php-workspace 663 | - name: s2i-python-workspace 664 | - name: s2i-ruby-workspace 665 | 666 | tasks: 667 | 668 | - name: fetch 669 | taskRef: 670 | name: git-clone 671 | params: 672 | - name: url 673 | value: $(params.repo_url) 674 | - name: revision 675 | value: $(params.revision) 676 | workspaces: 677 | - name: output 678 | workspace: source 679 | 680 | - name: yaml-lint 681 | runAfter: [fetch] 682 | workspaces: 683 | - name: source 684 | workspace: source 685 | taskSpec: 686 | workspaces: 687 | - name: source 688 | steps: 689 | - name: yaml-lint 690 | # we get bumped out when using hte official image with docker.io 691 | # ratelimit so workaround this. 692 | image: registry.access.redhat.com/ubi8/python-38 693 | workingdir: $(workspaces.source.path) 694 | script: | 695 | pip install yamllint 696 | yamllint .tekton/ task/ 697 | 698 | - name: kubectl-dry-run 699 | runAfter: [yaml-lint] 700 | taskSpec: 701 | workspaces: 702 | - name: source 703 | steps: 704 | - name: kubectl-apply-check 705 | # TODO: find an UBI with kubectl 706 | image: quay.io/openshift/origin-cli:4.6 707 | workingdir: $(workspaces.source.path) 708 | script: | 709 | for i in task/*/*/;do kubectl apply -f ${i} --dry-run=client;done 710 | workspaces: 711 | - name: source 712 | workspace: source 713 | 714 | - name: check-generated-yaml 715 | runAfter: [kubectl-dry-run] 716 | workspaces: 717 | - name: source 718 | workspace: source 719 | taskSpec: 720 | workspaces: 721 | - name: source 722 | steps: 723 | - name: check-generated-yaml 724 | workingdir: $(workspaces.source.path) 725 | image: registry.access.redhat.com/ubi8/python-38 726 | # For whatever reason, make check is not working, so let's do this with 727 | # git filename instead which should be as a robust check and we don't 728 | # have to care having to maintain a dockerfile for it. 729 | script: | 730 | #!/usr/bin/env bash 731 | set -exu 732 | CHANGED_FILES=($(git log HEAD --pretty="format:" --name-only -1)) 733 | needregen= 734 | for yaml in ${CHANGED_FILES[*]};do 735 | [[ ${yaml} == .tekton/pipeline.yaml ]] && { exit 0 ;} 736 | [[ ${yaml} == task/*/*yaml || ${yaml} == openshift/gen/*yaml ]] && needregen=1 737 | done 738 | [[ -n ${needregen} ]] && { 739 | echo "There was some yaml modifications but pipeline.yaml wasn't generated" 740 | echo "Rerun make generated" 741 | exit 1 742 | } 743 | 744 | - name: prestep 745 | runAfter: [kubectl-dry-run, yaml-lint, check-generated-yaml] 746 | taskSpec: 747 | steps: 748 | - name: prestep-mind-the-gap 749 | image: registry.access.redhat.com/ubi8/ubi-minimal:8.2 750 | script: | 751 | echo "OK: pre-step has passed" 752 | 753 | 754 | - name: fetch-repository-s2i-dotnet 755 | params: 756 | - name: url 757 | value: https://github.com/redhat-developer/s2i-dotnetcore-ex 758 | - name: subdirectory 759 | value: '' 760 | - name: deleteExisting 761 | value: 'true' 762 | - name: revision 763 | value: dotnetcore-3.1 764 | runAfter: 765 | - prestep 766 | taskRef: 767 | name: git-clone 768 | workspaces: 769 | - name: output 770 | workspace: s2i-dotnet-workspace 771 | - name: s2i-dotnet-test 772 | params: 773 | - name: TLSVERIFY 774 | value: 'false' 775 | - name: PATH_CONTEXT 776 | value: app 777 | - name: IMAGE 778 | value: image-registry.openshift-image-registry.svc:5000/{{namespace}}/s2i-dotnet 779 | runAfter: 780 | - fetch-repository-s2i-dotnet 781 | taskRef: 782 | name: s2i-dotnet 783 | workspaces: 784 | - name: source 785 | workspace: s2i-dotnet-workspace 786 | 787 | - name: fetch-repository-s2i-go 788 | params: 789 | - name: url 790 | value: https://github.com/sclorg/golang-ex 791 | - name: subdirectory 792 | value: '' 793 | - name: deleteExisting 794 | value: 'true' 795 | - name: revision 796 | value: master 797 | runAfter: 798 | - prestep 799 | taskRef: 800 | name: git-clone 801 | workspaces: 802 | - name: output 803 | workspace: s2i-go-workspace 804 | - name: s2i-go-test 805 | params: 806 | - name: TLSVERIFY 807 | value: 'false' 808 | - name: IMAGE 809 | value: image-registry.openshift-image-registry.svc:5000/{{namespace}}/s2i-go 810 | runAfter: 811 | - fetch-repository-s2i-go 812 | taskRef: 813 | name: s2i-go 814 | workspaces: 815 | - name: source 816 | workspace: s2i-go-workspace 817 | 818 | - name: fetch-repository-s2i-java 819 | params: 820 | - name: url 821 | value: https://github.com/piyush-garg/spring-petclinic 822 | - name: subdirectory 823 | value: '' 824 | - name: deleteExisting 825 | value: 'true' 826 | - name: revision 827 | value: main 828 | runAfter: 829 | - prestep 830 | taskRef: 831 | name: git-clone 832 | workspaces: 833 | - name: output 834 | workspace: s2i-java-workspace 835 | - name: s2i-java-test 836 | params: 837 | - name: TLSVERIFY 838 | value: 'false' 839 | - name: IMAGE 840 | value: image-registry.openshift-image-registry.svc:5000/{{namespace}}/s2i-java 841 | runAfter: 842 | - fetch-repository-s2i-java 843 | taskRef: 844 | name: s2i-java 845 | workspaces: 846 | - name: source 847 | workspace: s2i-java-workspace 848 | 849 | - name: fetch-repository-s2i-nodejs 850 | params: 851 | - name: url 852 | value: https://github.com/sclorg/nodejs-ex 853 | - name: subdirectory 854 | value: '' 855 | - name: deleteExisting 856 | value: 'true' 857 | - name: revision 858 | value: master 859 | runAfter: 860 | - prestep 861 | taskRef: 862 | name: git-clone 863 | workspaces: 864 | - name: output 865 | workspace: s2i-nodejs-workspace 866 | - name: s2i-nodejs-test 867 | params: 868 | - name: TLSVERIFY 869 | value: 'false' 870 | - name: IMAGE 871 | value: image-registry.openshift-image-registry.svc:5000/{{namespace}}/s2i-nodejs 872 | runAfter: 873 | - fetch-repository-s2i-nodejs 874 | taskRef: 875 | name: s2i-nodejs 876 | workspaces: 877 | - name: source 878 | workspace: s2i-nodejs-workspace 879 | 880 | - name: fetch-repository-s2i-php 881 | params: 882 | - name: url 883 | value: https://github.com/sclorg/s2i-php-container/ 884 | - name: subdirectory 885 | value: '' 886 | - name: deleteExisting 887 | value: 'true' 888 | - name: revision 889 | value: master 890 | runAfter: 891 | - prestep 892 | taskRef: 893 | name: git-clone 894 | workspaces: 895 | - name: output 896 | workspace: s2i-php-workspace 897 | - name: s2i-php-test 898 | params: 899 | - name: TLSVERIFY 900 | value: 'false' 901 | - name: PATH_CONTEXT 902 | value: test/test-app 903 | - name: IMAGE 904 | value: image-registry.openshift-image-registry.svc:5000/{{namespace}}/s2i-php 905 | runAfter: 906 | - fetch-repository-s2i-php 907 | taskRef: 908 | name: s2i-php 909 | workspaces: 910 | - name: source 911 | workspace: s2i-php-workspace 912 | 913 | - name: fetch-repository-s2i-python 914 | params: 915 | - name: url 916 | value: https://github.com/sclorg/django-ex 917 | - name: subdirectory 918 | value: '' 919 | - name: deleteExisting 920 | value: 'true' 921 | - name: revision 922 | value: master 923 | runAfter: 924 | - prestep 925 | taskRef: 926 | name: git-clone 927 | workspaces: 928 | - name: output 929 | workspace: s2i-python-workspace 930 | - name: s2i-python-test 931 | params: 932 | - name: TLSVERIFY 933 | value: 'false' 934 | - name: IMAGE 935 | value: image-registry.openshift-image-registry.svc:5000/{{namespace}}/s2i-python 936 | runAfter: 937 | - fetch-repository-s2i-python 938 | taskRef: 939 | name: s2i-python 940 | workspaces: 941 | - name: source 942 | workspace: s2i-python-workspace 943 | 944 | - name: fetch-repository-s2i-ruby 945 | params: 946 | - name: url 947 | value: https://github.com/sclorg/ruby-ex 948 | - name: subdirectory 949 | value: '' 950 | - name: deleteExisting 951 | value: 'true' 952 | - name: revision 953 | value: master 954 | runAfter: 955 | - prestep 956 | taskRef: 957 | name: git-clone 958 | workspaces: 959 | - name: output 960 | workspace: s2i-ruby-workspace 961 | - name: s2i-ruby-test 962 | params: 963 | - name: TLSVERIFY 964 | value: 'false' 965 | - name: IMAGE 966 | value: image-registry.openshift-image-registry.svc:5000/{{namespace}}/s2i-ruby 967 | runAfter: 968 | - fetch-repository-s2i-ruby 969 | taskRef: 970 | name: s2i-ruby 971 | workspaces: 972 | - name: source 973 | workspace: s2i-ruby-workspace 974 | 975 | finally: 976 | - name: finally 977 | taskSpec: 978 | steps: 979 | - name: send-to-slack 980 | env: 981 | - name: SLACK_WEBHOOK_URL 982 | valueFrom: 983 | secretKeyRef: 984 | name: slack-tektoncd-ci-webhook 985 | key: hook_url 986 | - name: PIPELINERUN 987 | valueFrom: 988 | fieldRef: 989 | fieldPath: metadata.labels['tekton.dev/pipelineRun'] 990 | - name: GITHUB_PULL_LABEL 991 | value: "{{pull_request.labels}}" 992 | - name: LABEL_TO_CHECK 993 | value: "nightly-ci" 994 | - name: SUCCESS_URL_ICON 995 | value: "https://github.com/tektoncd.png" 996 | - name: FAILURE_URL_ICON 997 | value: "https://www.vhv.rs/dpng/d/415-4154815_grumpy-cat-png-photos-grumpy-cat-png-transparent.png" 998 | - name: SUCCESS_SUBJECT 999 | value: "Pipelines Catalog CI ran successfull on {{pull_request.html_url}} :pipelinedance: :dancing-penguin: :yay2:" 1000 | - name: FAILURE_SUBJECT 1001 | value: "Pipelines Catalog CI has failed on {{pull_request.html_url}} :fb-sad: :crying_cat_face: :crying:" 1002 | - name: LOG_URL 1003 | value: "{{openshift_console_pipelinerun_href}}" 1004 | 1005 | image: quay.io/chmouel/tekton-asa-code:latest 1006 | command: ["/code/misc/send-slack-notifications.py"] 1007 | 1008 | --- 1009 | apiVersion: tekton.dev/v1beta1 1010 | kind: PipelineRun 1011 | metadata: 1012 | name: pipelines-catalog-run 1013 | spec: 1014 | 1015 | pipelineRef: 1016 | name: pipelines-catalog 1017 | params: 1018 | - name: repo_url 1019 | value: {{repo_url}} 1020 | - name: revision 1021 | value: {{revision}} 1022 | 1023 | workspaces: 1024 | - name: source 1025 | volumeClaimTemplate: 1026 | spec: 1027 | accessModes: 1028 | - ReadWriteOnce 1029 | resources: 1030 | requests: 1031 | storage: 500Mi 1032 | 1033 | - name: s2i-dotnet-workspace 1034 | persistentvolumeclaim: 1035 | claimName: s2i-dotnet-workspace 1036 | - name: s2i-go-workspace 1037 | persistentvolumeclaim: 1038 | claimName: s2i-go-workspace 1039 | - name: s2i-java-workspace 1040 | persistentvolumeclaim: 1041 | claimName: s2i-java-workspace 1042 | - name: s2i-nodejs-workspace 1043 | persistentvolumeclaim: 1044 | claimName: s2i-nodejs-workspace 1045 | - name: s2i-php-workspace 1046 | persistentvolumeclaim: 1047 | claimName: s2i-php-workspace 1048 | - name: s2i-python-workspace 1049 | persistentvolumeclaim: 1050 | claimName: s2i-python-workspace 1051 | - name: s2i-ruby-workspace 1052 | persistentvolumeclaim: 1053 | claimName: s2i-ruby-workspace 1054 | -------------------------------------------------------------------------------- /.tekton/tekton.yaml: -------------------------------------------------------------------------------- 1 | owners: 2 | - "@openshift-pipelines" 3 | 4 | tasks: 5 | - git-clone 6 | 7 | files: 8 | - pipeline.yaml 9 | 10 | secrets: 11 | - slack-tektoncd-ci-webhook 12 | -------------------------------------------------------------------------------- /.yamllint: -------------------------------------------------------------------------------- 1 | ignore: | 2 | /vendor 3 | 4 | rules: 5 | braces: enable 6 | brackets: enable 7 | colons: enable 8 | commas: enable 9 | comments: 10 | level: warning 11 | comments-indentation: 12 | level: warning 13 | document-end: disable 14 | document-start: disable 15 | empty-lines: enable 16 | empty-values: enable 17 | hyphens: enable 18 | key-duplicates: enable 19 | key-ordering: disable 20 | line-length: disable 21 | new-line-at-end-of-file: disable 22 | new-lines: enable 23 | octal-values: enable 24 | quoted-strings: disable 25 | trailing-spaces: disable 26 | truthy: 27 | level: warning 28 | 29 | # accept both key: 30 | # - item 31 | # 32 | # and key: 33 | # - item 34 | indentation: 35 | indent-sequences: whatever 36 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | PIPELINE_OUTPUT_FILE := .tekton/pipeline.yaml 2 | TEMPLATE_FILE := openshift/gen/pipeline.django.yaml 3 | PRESTEP_FILE := openshift/gen/prestep.yaml 4 | 5 | all: yamlcheck generate 6 | 7 | venv: 8 | @set -x;[ -d .venv/ ] || { python3 -mvenv .venv && ./.venv/bin/pip install -r requirements.txt || rm -rf .venv ;} 9 | .PHONY: generate 10 | 11 | generate: venv 12 | .venv/bin/python3 ./openshift/gen/generate-pipeline-catalog.py task/ $(TEMPLATE_FILE) $(PRESTEP_FILE) > $(PIPELINE_OUTPUT_FILE) 13 | .PHONY: generate 14 | 15 | yamlcheck: 16 | yamllint task 17 | 18 | check: 19 | @make generate PIPELINE_OUTPUT_FILE=/tmp/pipeline-check.yaml 20 | @diff -u $(PIPELINE_OUTPUT_FILE) /tmp/pipeline-check.yaml || exit 1 21 | 22 | # need a cluster check 23 | apply-check: SHELL:=/bin/bash 24 | apply-check: 25 | kubectl apply --dry-run=client -f <(sed -e 's,{{namespace}},pipelines-catalog,g' -e 's,{{repo_url}},https://github.com/openshift/pipelines-catalog,' -e 's,{{revision}},master,' .tekton/pipeline.yaml) 26 | -------------------------------------------------------------------------------- /OWNERS: -------------------------------------------------------------------------------- 1 | # The OWNERS file is used by prow to automatically merge approved PRs. 2 | 3 | approvers: 4 | - chmouel 5 | - sthaha 6 | - vdemeester 7 | - siamaksade 8 | - nikhil-thomas 9 | - piyush-garg 10 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ⚠️ ⚠ ️⚠️ Warning ⚠️ ⚠️ ⚠️ 2 | 3 | This repository is deprecated. 4 | 5 | 🧑‍💻 Development and maitenence of these tasks have moved to: 6 | https://github.com/tektoncd/operator/tree/main/cmd/openshift/operator/kodata/tekton-addon/addons/02-clustertasks/source_local 7 | 8 | The tasks in this repository are not maintained anymore. 9 | 10 | --- 11 | 12 | # Pipelines Catalog 13 | 14 | This repository contains a catalog of Tekton `Task` resources (and 15 | someday `Pipeline`s and `Resource`s), which are designed to be 16 | reusable in many pipelines. 17 | 18 | Each `Task` is provided in a separate directory along with a README.md and a 19 | Kubernetes manifest, so you can choose which `Task`s to install on your 20 | cluster. 21 | 22 | This is an OpenShift-specific Tekton catalog, which follows the same 23 | rules and patterns as 24 | [`tektoncd/catalog`](https://github.com/tektoncd/catalog). 25 | -------------------------------------------------------------------------------- /openshift/gen/generate-pipeline-catalog.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # -*- coding: utf-8 -*- 3 | # Author: Chmouel Boudjnah 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 6 | # not use this file except in compliance with the License. You may obtain 7 | # a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 14 | # License for the specific language governing permissions and limitations 15 | # under the License. 16 | import argparse 17 | import sys 18 | from pathlib import Path 19 | 20 | import jinja2 21 | import yaml 22 | 23 | SERVICE_ACCOUNT_PRIV = 'pipeline' 24 | 25 | 26 | def debug(stringy): 27 | sys.stderr.write(stringy + "\n") 28 | 29 | 30 | def read_metadata_name(yamlfile): 31 | with open(yamlfile) as stream: 32 | return [doc['metadata']['name'] for doc in yaml.safe_load_all(stream)] 33 | 34 | 35 | def read_resource_name_type(yamlfile): 36 | with open(yamlfile) as stream: 37 | return [(doc['spec']['type'], doc['metadata']['name']) 38 | for doc in yaml.safe_load_all(stream)] 39 | 40 | 41 | def check_document_start(text): 42 | if text[0:3] != "---": 43 | text = "---\n" + text 44 | return text 45 | 46 | 47 | def check_no_doublons(filep, listp, filet): 48 | if filet == 'step': 49 | for doc in yaml.safe_load_all(filep.open()): 50 | _names = [s['name'] for s in doc] 51 | else: 52 | _names = read_metadata_name(filep) 53 | 54 | for name in _names: 55 | if name in listp: 56 | debug( 57 | f"ERROR: In file {filep}, we saw the {filet} '{name}' already." 58 | ) 59 | sys.exit(1) 60 | listp.append(name) 61 | return listp 62 | 63 | 64 | # add_pre_steps add a runAfter {stepname} for {step}, so making sure that every 65 | # steps run only after that 66 | def add_pre_steps(steps, stepname): 67 | step_dic = yaml.safe_load(steps.read_text()) 68 | first_step = step_dic[0] 69 | if 'runAfter' in first_step: 70 | first_step['runAfter'].extend(stepname) 71 | else: 72 | first_step['runAfter'] = stepname 73 | step_dic[0] = first_step 74 | return yaml.dump(step_dic) 75 | 76 | 77 | def process_task(taskdir, 78 | pipeline_name, 79 | pipelinetemplate, 80 | presteptemplate, 81 | privileged=False): 82 | ret = [] 83 | steps = [] 84 | steps_names = [] 85 | workspaces = [] 86 | workspaces_names = [] 87 | resources = [] 88 | resources_names = [] 89 | 90 | if presteptemplate.exists(): 91 | steps.append(presteptemplate.read_text()) 92 | 93 | for path in taskdir.glob("*/*/tests"): 94 | taskdir = Path(str(path).replace("/tests", "")) 95 | taskname, taskversion = path.parts[1:3] 96 | config_file = path / "config.yaml" 97 | config = {} 98 | if config_file.exists(): 99 | config = yaml.safe_load(open(config_file)) 100 | 101 | if not privileged and 'privileged' in config and config['privileged']: 102 | debug(f"Skipping {taskname} we want non-priv and it's priv") 103 | continue 104 | if privileged and 'privileged' not in config: 105 | debug(f"Skipping {taskname} we want priv and it's non-priv") 106 | continue 107 | 108 | task = taskdir / f"{taskname}.yaml" 109 | if not task.exists(): 110 | debug(f"WARNING: Could not find the file {task} skipping") 111 | continue 112 | ret.append(check_document_start(task.read_text())) 113 | 114 | run = path / "step.yaml" 115 | if not run.exists(): 116 | debug( 117 | f"WARNING: there is no step.yaml file in {taskname}-{taskversion}" 118 | ) 119 | continue 120 | 121 | debug(f"Adding runstep {run}") 122 | steps_names = check_no_doublons(run, steps_names, 'step') 123 | run_text = add_pre_steps(run, ["prestep"]) 124 | steps.append(run_text) 125 | 126 | persistentvolume = path / "pv.yaml" 127 | if persistentvolume.exists(): 128 | workspaces_names = check_no_doublons(persistentvolume, 129 | workspaces_names, 130 | 'persistentvolume') 131 | debug(f"Adding persistentvolume {persistentvolume}") 132 | workspaces.extend(read_metadata_name(persistentvolume)) 133 | ret.append(check_document_start(persistentvolume.read_text())) 134 | 135 | resource = path / "resource.yaml" 136 | if resource.exists(): 137 | resources_names = check_no_doublons(resource, resources_names, 138 | 'resource') 139 | 140 | debug(f"Adding resource {resource}") 141 | resources.extend(read_resource_name_type(resource)) 142 | 143 | # Add every yaml file verbatim, unless it's a pv/config/run ones which 144 | # we do differently 145 | for yamlfile in path.iterdir(): 146 | if yamlfile.suffix != ".yaml": 147 | continue 148 | if yamlfile.name.replace(yamlfile.suffix, 149 | "") in ("pv", "config", "step"): 150 | continue 151 | debug(f"Adding extras task {yamlfile}") 152 | ret.append(check_document_start(yamlfile.read_text())) 153 | 154 | template_str = open(pipelinetemplate).read() 155 | template = jinja2.Environment(loader=jinja2.FileSystemLoader( 156 | "openshift/gen")).from_string(template_str) 157 | if privileged: 158 | service_accountname = SERVICE_ACCOUNT_PRIV 159 | else: 160 | service_accountname = '' 161 | if not steps: 162 | return '' 163 | ret.append( 164 | template.render(steps=steps, 165 | config=config, 166 | workspaces=workspaces, 167 | pipeline_name=pipeline_name, 168 | resources=resources, 169 | serviceAccountname=service_accountname)) 170 | 171 | return "\n".join(ret) 172 | 173 | 174 | def generate_pipeline(taskdir, pipelinetemplate, presteptemplate): 175 | 176 | print( 177 | process_task(taskdir, 178 | pipelinetemplate=pipelinetemplate, 179 | presteptemplate=presteptemplate, 180 | pipeline_name="pipelines-catalog", 181 | privileged=False)) 182 | 183 | 184 | if __name__ == '__main__': 185 | parser = argparse.ArgumentParser() 186 | parser.add_argument("taskdir") 187 | parser.add_argument("pipelinetemplate") 188 | parser.add_argument("presteptemplate") 189 | args = parser.parse_args(sys.argv[1:]) 190 | generate_pipeline(Path(args.taskdir), args.pipelinetemplate, 191 | Path(args.presteptemplate)) 192 | -------------------------------------------------------------------------------- /openshift/gen/pipeline.django.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tekton.dev/v1beta1 3 | kind: Pipeline 4 | metadata: 5 | name: {{pipeline_name}} 6 | spec: 7 | params: 8 | - name: repo_url 9 | - name: revision 10 | workspaces: 11 | - name: source 12 | {%if workspaces -%} 13 | {% for workspace in workspaces -%} 14 | - name: {{ workspace }} 15 | {% endfor -%} 16 | {% endif -%} 17 | {%- if resources %} 18 | resources: 19 | {% for resource in resources -%} 20 | - name: {{ resource[1] }} 21 | type: {{ resource[0] }} 22 | {% endfor %} 23 | {% endif %} 24 | tasks: 25 | {% filter indent(width=4) %} 26 | {% for step in steps -%} 27 | {{ step }} 28 | {% endfor -%} 29 | {% endfilter %} 30 | finally: 31 | - name: finally 32 | taskSpec: 33 | steps: 34 | - name: send-to-slack 35 | env: 36 | - name: SLACK_WEBHOOK_URL 37 | valueFrom: 38 | secretKeyRef: 39 | name: slack-tektoncd-ci-webhook 40 | key: hook_url 41 | - name: PIPELINERUN 42 | valueFrom: 43 | fieldRef: 44 | fieldPath: metadata.labels['tekton.dev/pipelineRun'] 45 | {% raw -%} 46 | - name: GITHUB_PULL_LABEL 47 | value: "{{pull_request.labels}}" 48 | - name: LABEL_TO_CHECK 49 | value: "nightly-ci" 50 | - name: SUCCESS_URL_ICON 51 | value: "https://github.com/tektoncd.png" 52 | - name: FAILURE_URL_ICON 53 | value: "https://www.vhv.rs/dpng/d/415-4154815_grumpy-cat-png-photos-grumpy-cat-png-transparent.png" 54 | - name: SUCCESS_SUBJECT 55 | value: "Pipelines Catalog CI ran successfull on {{pull_request.html_url}} :pipelinedance: :dancing-penguin: :yay2:" 56 | - name: FAILURE_SUBJECT 57 | value: "Pipelines Catalog CI has failed on {{pull_request.html_url}} :fb-sad: :crying_cat_face: :crying:" 58 | - name: LOG_URL 59 | value: "{{openshift_console_pipelinerun_href}}" 60 | {% endraw %} 61 | image: quay.io/chmouel/tekton-asa-code:latest 62 | command: ["/code/misc/send-slack-notifications.py"] 63 | 64 | --- 65 | apiVersion: tekton.dev/v1beta1 66 | kind: PipelineRun 67 | metadata: 68 | name: {{pipeline_name}}-run 69 | spec: 70 | {% if serviceAccountName -%} 71 | serviceAccountName: {{serviceAccountName}} 72 | {% endif %} 73 | pipelineRef: 74 | name: {{pipeline_name}} 75 | params: 76 | {% raw -%} 77 | - name: repo_url 78 | value: {{repo_url}} 79 | - name: revision 80 | value: {{revision}} 81 | {% endraw %} 82 | workspaces: 83 | - name: source 84 | volumeClaimTemplate: 85 | spec: 86 | accessModes: 87 | - ReadWriteOnce 88 | resources: 89 | requests: 90 | storage: 500Mi 91 | {%if workspaces %} 92 | {% for workspace in workspaces -%} 93 | - name: {{ workspace }} 94 | persistentvolumeclaim: 95 | claimName: {{workspace}} 96 | {% endfor %} 97 | {% endif %} 98 | {%if resources %} 99 | resources: 100 | {% for resource in resources -%} 101 | - name: {{ resource[1] }} 102 | resourceRef: 103 | name: {{resource[1]}} 104 | {% endfor %} 105 | {% endif %} 106 | -------------------------------------------------------------------------------- /openshift/gen/prestep.yaml: -------------------------------------------------------------------------------- 1 | - name: fetch 2 | taskRef: 3 | name: git-clone 4 | params: 5 | - name: url 6 | value: $(params.repo_url) 7 | - name: revision 8 | value: $(params.revision) 9 | workspaces: 10 | - name: output 11 | workspace: source 12 | 13 | - name: yaml-lint 14 | runAfter: [fetch] 15 | workspaces: 16 | - name: source 17 | workspace: source 18 | taskSpec: 19 | workspaces: 20 | - name: source 21 | steps: 22 | - name: yaml-lint 23 | # we get bumped out when using hte official image with docker.io 24 | # ratelimit so workaround this. 25 | image: registry.access.redhat.com/ubi8/python-38 26 | workingdir: $(workspaces.source.path) 27 | script: | 28 | pip install yamllint 29 | yamllint .tekton/ task/ 30 | 31 | - name: kubectl-dry-run 32 | runAfter: [yaml-lint] 33 | taskSpec: 34 | workspaces: 35 | - name: source 36 | steps: 37 | - name: kubectl-apply-check 38 | # TODO: find an UBI with kubectl 39 | image: quay.io/openshift/origin-cli:4.6 40 | workingdir: $(workspaces.source.path) 41 | script: | 42 | for i in task/*/*/;do kubectl apply -f ${i} --dry-run=client;done 43 | workspaces: 44 | - name: source 45 | workspace: source 46 | 47 | - name: check-generated-yaml 48 | runAfter: [kubectl-dry-run] 49 | workspaces: 50 | - name: source 51 | workspace: source 52 | taskSpec: 53 | workspaces: 54 | - name: source 55 | steps: 56 | - name: check-generated-yaml 57 | workingdir: $(workspaces.source.path) 58 | image: registry.access.redhat.com/ubi8/python-38 59 | # For whatever reason, make check is not working, so let's do this with 60 | # git filename instead which should be as a robust check and we don't 61 | # have to care having to maintain a dockerfile for it. 62 | script: | 63 | #!/usr/bin/env bash 64 | set -exu 65 | CHANGED_FILES=($(git log HEAD --pretty="format:" --name-only -1)) 66 | needregen= 67 | for yaml in ${CHANGED_FILES[*]};do 68 | [[ ${yaml} == .tekton/pipeline.yaml ]] && { exit 0 ;} 69 | [[ ${yaml} == task/*/*yaml || ${yaml} == openshift/gen/*yaml ]] && needregen=1 70 | done 71 | [[ -n ${needregen} ]] && { 72 | echo "There was some yaml modifications but pipeline.yaml wasn't generated" 73 | echo "Rerun make generated" 74 | exit 1 75 | } 76 | 77 | - name: prestep 78 | runAfter: [kubectl-dry-run, yaml-lint, check-generated-yaml] 79 | taskSpec: 80 | steps: 81 | - name: prestep-mind-the-gap 82 | image: registry.access.redhat.com/ubi8/ubi-minimal:8.2 83 | script: | 84 | echo "OK: pre-step has passed" 85 | -------------------------------------------------------------------------------- /openshift/release/README.md: -------------------------------------------------------------------------------- 1 | # Release creation 2 | 3 | ### Creating a branch based off an upstream release tag 4 | 5 | To create a clean branch from an upstream release tag, use the `create-release-branch.sh` script: 6 | 7 | ```bash 8 | $ ./openshift/release/create-release-branch.sh v0.4.1 9 | ``` 10 | 11 | This will create a new branch `release-0.4` based off the tag `v0.4.1` and push 12 | the tag and release branch to origin. 13 | 14 | If you have a `v0.4.2` release it will reset the `release-0.4` branch to it. 15 | -------------------------------------------------------------------------------- /openshift/release/create-release-branch.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -eu 3 | 4 | tag=$1 5 | tag_regexp="^v([0-9]+)\.([0-9]+)\.([0-9]+)" 6 | 7 | if [[ -z ${tag} ]];then 8 | echo "You need specify a tag like v0.9.1" 9 | exit 1 10 | fi 11 | 12 | if [[ ! $tag =~ $tag_regexp ]];then 13 | echo "\"$tag\" is wrong format. Must have proper format like v1.2.3" 14 | exit 1 15 | fi 16 | 17 | release=release-v${BASH_REMATCH[1]}.${BASH_REMATCH[2]} 18 | 19 | echo "===== Resetting branch ${release} based on ${tag}" 20 | 21 | # Fetch the latest tags and checkout a new branch from the wanted tag. 22 | git fetch origin --tags 23 | 24 | echo "===== Checkout origin/master as base" 25 | git checkout --no-track -B "${release}" origin/master 26 | 27 | echo "===== Creating tag ${tag}" 28 | git tag --force ${tag} 29 | 30 | echo "===== Pushing branch '${release}' to origin remote" 31 | git push origin ${release} 32 | 33 | echo "===== Pushing tag '${tag}' to origin remote" 34 | git push --tags origin ${tag} 35 | 36 | echo "===== Done" 37 | echo "$(git remote get-url origin)/tree/${release}" 38 | -------------------------------------------------------------------------------- /openshift/release/cron-nightly-ci-run.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1beta1 2 | kind: CronJob 3 | metadata: 4 | name: pipelines-catalog-nightly-ci-run 5 | spec: 6 | failedJobsHistoryLimit: 1 7 | successfulJobsHistoryLimit: 1 8 | concurrencyPolicy: Replace 9 | schedule: "0 0 * * *" 10 | jobTemplate: 11 | spec: 12 | template: 13 | spec: 14 | serviceAccountName: tkn-aac-sa 15 | containers: 16 | - name: cleanup 17 | image: quay.io/openshift/origin-cli:4.6 18 | command: ["/bin/bash", "-c", "kubectl delete pipelinerun pipelines-catalog-nightly || true;kubectl create -f https://raw.githubusercontent.com/openshift/pipelines-catalog/master/openshift/release/nightly-ci-run.yaml"] 19 | restartPolicy: Never 20 | -------------------------------------------------------------------------------- /openshift/release/nightly-ci-run.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tekton.dev/v1beta1 3 | kind: PipelineRun 4 | metadata: 5 | name: pipelines-catalog-nightly 6 | spec: 7 | pipelineSpec: 8 | workspaces: 9 | - name: source 10 | tasks: 11 | - name: fetch-repository 12 | taskRef: 13 | name: git-clone 14 | workspaces: 15 | - name: output 16 | workspace: source 17 | params: 18 | - name: url 19 | value: https://github.com/openshift/pipelines-catalog 20 | - name: revision 21 | value: master 22 | - name: subdirectory 23 | value: "" 24 | - name: deleteExisting 25 | value: "true" 26 | - name: create-pr 27 | runAfter: 28 | - fetch-repository 29 | workspaces: 30 | - workspace: source 31 | name: source 32 | taskSpec: 33 | workspaces: 34 | - name: source 35 | steps: 36 | - name: create-pr 37 | workingDir: $(workspaces.source.path) 38 | env: 39 | - name: HUB_VERSION 40 | value: "true" 41 | - name: GITHUB_TOKEN 42 | valueFrom: 43 | secretKeyRef: 44 | name: nightly-ci-github-hub-token 45 | key: hub-token 46 | image: gcr.io/tekton-releases/dogfooding/hub:latest 47 | script: | 48 | #!/usr/bin/env bash 49 | set -xe 50 | 51 | # Configure git email and name 52 | git config user.email "pipelines-dev@redhat.com" 53 | git config user.name "OpenShift Pipelines" 54 | 55 | ## Make sure we can push to the branch with our GITHUB_TOKEN (disable logging to not leak) 56 | set +x 57 | git remote set-url origin $(git remote get-url origin|sed "s,https://github.com/,https://${GITHUB_TOKEN}@github.com/,") 58 | set -x 59 | # Launch script 60 | openshift/release/update-to-head.sh 61 | workspaces: 62 | - name: source 63 | volumeClaimTemplate: 64 | spec: 65 | accessModes: 66 | - ReadWriteOnce 67 | resources: 68 | requests: 69 | storage: 500Mi 70 | -------------------------------------------------------------------------------- /openshift/release/update-to-head.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Synchs the release-next branch to master and then triggers CI 4 | # Usage: update-to-head.sh 5 | 6 | set -e 7 | set -x 8 | REPO_NAME=`basename $(git remote get-url origin)` 9 | BRANCH=${BRANCH:-master} 10 | LABEL=nightly-ci 11 | 12 | # Reset release-next to upstream/master. 13 | git fetch origin ${BRANCH} 14 | git checkout origin/${BRANCH} --no-track -B release-next 15 | 16 | git push -f origin HEAD:release-next 17 | 18 | # Trigger CI 19 | git checkout release-next --no-track -B release-next-ci 20 | date > ci 21 | git add ci 22 | git commit -m "Tekton as a code triggered CI on branch 'release-next' after synching to upstream/master" 23 | 24 | git push -f origin HEAD:release-next-ci 25 | 26 | already_open_github_issue_id=$(hub pr list -s open -f "%I %l%n"|grep ${LABEL}| awk '{print $1}'|head -1) 27 | [[ -n ${already_open_github_issue_id} ]] && { 28 | # echo "PR for nightly is already open on #${already_open_github_issue_id} sending a /retest" 29 | # hub api repos/openshift/${REPO_NAME}/issues/${already_open_github_issue_id}/comments -f body='/retest' 30 | exit 31 | } 32 | 33 | hub pull-request -m "🛑🔥 Triggering Nightly CI for ${REPO_NAME} 🔥🛑" -m "/hold" -m "Nightly CI do not merge :stop_sign:" \ 34 | --no-edit -l "${LABEL}" -b openshift/${REPO_NAME}:release-next -h openshift/${REPO_NAME}:release-next-ci 35 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | jinja2 2 | pyyaml 3 | -------------------------------------------------------------------------------- /task/s2i-dotnet/0.1/README.md: -------------------------------------------------------------------------------- 1 | # .NET Core Source-to-Image 2 | 3 | This task can be used for building `.NET Core` apps as reproducible Docker 4 | images using Source-to-Image. [Source-to-Image (S2I)](https://github.com/openshift/source-to-image) 5 | is a toolkit and a workflow for building reproducible container images 6 | from source code. This tasks uses the s2i-dotnet image build from [redhat-developer/s2i-dotnetcore](https://github.com/redhat-developer/s2i-dotnetcore). 7 | 8 | .NET Core versions currently provided are: 9 | - 2.1 10 | - 2.7-el7 11 | - 2.1-ubi8 12 | - 3.1 13 | - 3.1-el7 14 | - 3.1-ubi8 15 | 16 | ## Installing the .NET Core Task 17 | 18 | ``` 19 | kubectl apply -f https://raw.githubusercontent.com/openshift/pipelines-catalog/master/task/s2i-dotnet/0.1/s2i-dotnet.yaml 20 | ``` 21 | 22 | ## Parameters 23 | 24 | * **VERSION**: Version of the .NET Core 25 | (_default: 3.1-ubi8_) 26 | * **PATH_CONTEXT**: Source path from where S2I command needs to be run 27 | (_default: ._) 28 | * **TLSVERIFY**: Verify the TLS on the registry endpoint (for push/pull to a 29 | non-TLS registry) (_default:_ `true`) 30 | * **IMAGE**: Location of the repo where image has to be pushed. 31 | 32 | ## Workspaces 33 | 34 | * **source**: A workspace specifying the location of the source to 35 | build. 36 | 37 | ## Creating a ServiceAccount 38 | 39 | S2I builds an image and pushes it to the destination registry which is 40 | defined as a parameter. The image needs proper credentials to be 41 | authenticated by the remote container registry. These credentials can 42 | be provided through a serviceaccount. See [Authentication](https://github.com/tektoncd/pipeline/blob/master/docs/auth.md#basic-authentication-docker) 43 | for further details. 44 | 45 | If you run on OpenShift, you also need to allow the service 46 | account to run privileged containers. Due to security considerations 47 | OpenShift does not allow containers to run as privileged containers 48 | by default. 49 | 50 | Run the following in order to create a service account named 51 | `pipelines` on OpenShift and allow it to run privileged containers: 52 | 53 | ``` 54 | oc create serviceaccount pipeline 55 | oc adm policy add-scc-to-user privileged -z pipeline 56 | oc adm policy add-role-to-user edit -z pipeline 57 | ``` 58 | 59 | ## Using a `Pipeline` with `git-clone` 60 | 61 | ```yaml 62 | apiVersion: tekton.dev/v1beta1 63 | kind: Pipeline 64 | metadata: 65 | name: s2i-dotnet-pipeline 66 | spec: 67 | params: 68 | - name: IMAGE 69 | description: Location of the repo where image has to be pushed 70 | type: string 71 | workspaces: 72 | - name: shared-workspace 73 | tasks: 74 | - name: fetch-repository 75 | taskRef: 76 | name: git-clone 77 | workspaces: 78 | - name: output 79 | workspace: shared-workspace 80 | params: 81 | - name: url 82 | value: https://github.com/username/reponame 83 | - name: subdirectory 84 | value: "" 85 | - name: deleteExisting 86 | value: "true" 87 | - name: s2i 88 | taskRef: 89 | name: s2i-dotnet 90 | workspaces: 91 | - name: source 92 | workspace: shared-workspace 93 | params: 94 | - name: IMAGE 95 | value: $(params.IMAGE) 96 | ``` 97 | 98 | ## Creating the pipelinerun 99 | 100 | This PipelineRun runs the .NET Core Task to fetch a Git repository and builds and 101 | pushes a container image using S2I and a .NET Core builder image. 102 | 103 | ```yaml 104 | apiVersion: tekton.dev/v1beta1 105 | kind: PipelineRun 106 | metadata: 107 | name: s2i-dotnet-pipelinerun 108 | spec: 109 | # Use service account with git and image repo credentials 110 | serviceAccountName: pipeline 111 | pipelineRunRef: 112 | name: s2i-dotnet-pipeline 113 | params: 114 | - name: IMAGE 115 | value: quay.io/my-repo/my-image-name 116 | workspaces: 117 | - name: shared-data 118 | volumeClaimTemplate: 119 | spec: 120 | accessModes: 121 | - ReadWriteOnce 122 | resources: 123 | requests: 124 | storage: 1Gi 125 | ``` 126 | -------------------------------------------------------------------------------- /task/s2i-dotnet/0.1/s2i-dotnet.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: s2i-dotnet 5 | labels: 6 | app.kubernetes.io/version: "0.1" 7 | annotations: 8 | tekton.dev/pipelines.minVersion: "0.19" 9 | tekton.dev/tags: s2i, dotnet, workspace 10 | tekton.dev/displayName: "s2i dotnet" 11 | spec: 12 | description: >- 13 | s2i-dotnet task fetches a Git repository and builds and 14 | pushes a container image using S2I and a .NET Core builder image. 15 | 16 | results: 17 | - name: IMAGE_DIGEST 18 | description: Digest of the image just built. 19 | params: 20 | - name: BUILDER_IMAGE 21 | description: The location of the buildah builder image. 22 | default: quay.io/buildah/stable:v1.17.0 23 | - name: VERSION 24 | description: The tag of .NET imagestream for .NET version 25 | default: '3.1-ubi8' 26 | type: string 27 | - name: PATH_CONTEXT 28 | description: The location of the path to run s2i from. 29 | default: . 30 | type: string 31 | - name: TLSVERIFY 32 | description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) 33 | default: "true" 34 | type: string 35 | - name: IMAGE 36 | description: Location of the repo where image has to be pushed 37 | type: string 38 | workspaces: 39 | - name: source 40 | mountPath: /workspace/source 41 | steps: 42 | - name: generate 43 | image: quay.io/openshift-pipeline/s2i 44 | workingdir: $(workspaces.source.path) 45 | command: ['s2i', 'build', '$(params.PATH_CONTEXT)', 'image-registry.openshift-image-registry.svc:5000/openshift/dotnet:$(params.VERSION)', '--as-dockerfile', '/gen-source/Dockerfile.gen'] 46 | volumeMounts: 47 | - name: gen-source 48 | mountPath: /gen-source 49 | env: 50 | - name: HOME 51 | value: /tekton/home 52 | - name: build 53 | image: $(params.BUILDER_IMAGE) 54 | workingdir: /gen-source 55 | command: ['buildah', 'bud', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(params.IMAGE)', '.'] 56 | volumeMounts: 57 | - name: varlibcontainers 58 | mountPath: /var/lib/containers 59 | - name: gen-source 60 | mountPath: /gen-source 61 | - name: push 62 | workingDir: $(workspaces.source.path) 63 | image: $(params.BUILDER_IMAGE) 64 | command: ['buildah', 'push', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--digestfile=$(workspaces.source.path)/image-digest', '$(params.IMAGE)', 'docker://$(params.IMAGE)'] 65 | volumeMounts: 66 | - name: varlibcontainers 67 | mountPath: /var/lib/containers 68 | - name: digest-to-results 69 | image: $(params.BUILDER_IMAGE) 70 | script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST 71 | volumes: 72 | - name: varlibcontainers 73 | emptyDir: {} 74 | - name: gen-source 75 | emptyDir: {} 76 | -------------------------------------------------------------------------------- /task/s2i-dotnet/0.1/tests/pv.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: s2i-dotnet-workspace 6 | spec: 7 | accessModes: 8 | - ReadWriteOnce 9 | resources: 10 | requests: 11 | storage: 100Mi 12 | -------------------------------------------------------------------------------- /task/s2i-dotnet/0.1/tests/step.yaml: -------------------------------------------------------------------------------- 1 | - name: fetch-repository-s2i-dotnet 2 | taskRef: 3 | name: git-clone 4 | workspaces: 5 | - name: output 6 | workspace: s2i-dotnet-workspace 7 | params: 8 | - name: url 9 | value: https://github.com/redhat-developer/s2i-dotnetcore-ex 10 | - name: subdirectory 11 | value: "" 12 | - name: deleteExisting 13 | value: "true" 14 | - name: revision 15 | value: "dotnetcore-3.1" 16 | 17 | - name: s2i-dotnet-test 18 | taskRef: 19 | name: s2i-dotnet 20 | runAfter: 21 | - fetch-repository-s2i-dotnet 22 | workspaces: 23 | - name: source 24 | workspace: s2i-dotnet-workspace 25 | params: 26 | - name: TLSVERIFY 27 | value: "false" 28 | - name: PATH_CONTEXT 29 | value: "app" 30 | - name: IMAGE 31 | value: "image-registry.openshift-image-registry.svc:5000/{{namespace}}/s2i-dotnet" 32 | -------------------------------------------------------------------------------- /task/s2i-eap/0.1/README.md: -------------------------------------------------------------------------------- 1 | # Java EAP Source-to-Image 2 | 3 | This task can be used for building `Java EAP` apps as reproducible Docker 4 | images using Source-to-Image. [Source-to-Image (S2I)](https://github.com/openshift/source-to-image) is a toolkit and a workflow for building reproducible container images from source code. This java eap task uses `registry.redhat.io/jboss-eap-7-tech-preview/eap-cd-openshift-rhel8` builder image. 5 | 6 | This current version of the Java EAP S2I builder image supports OpenJDK 11, EAP CD 18, and Maven 3.5.4-5. 7 | 8 | ## Installing the Java EAP Task 9 | 10 | ``` 11 | kubectl apply -f https://raw.githubusercontent.com/openshift/pipelines-catalog/master/task/s2i-eap/0.1/s2i-eap.yaml 12 | ``` 13 | 14 | ## Parameters 15 | 16 | * **PATH_CONTEXT**: Source path from where S2I command needs to be run 17 | (_default: `.`_) 18 | * **TLSVERIFY**: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) (_default:_ `true`) 19 | * **IMAGE**: Location of the repo where image has to be pushed. 20 | 21 | ## Workspaces 22 | 23 | * **source**: A workspace specifying the location of the source to 24 | build. 25 | 26 | Example: 27 | ``` 28 | apiVersion: v1 29 | kind: ConfigMap 30 | metadata: 31 | name: s2i-eap-configmap 32 | data: 33 | env-file: | 34 | MAVEN_ARGS_APPEND=-Dcom.redhat.xpaas.repo.jbossorg 35 | GALLEON_PROVISION_DEFAULT_FAT_SERVER=true 36 | ``` 37 | 38 | ## Creating a ServiceAccount 39 | 40 | S2I builds an image and pushes it to the destination registry which is 41 | defined as a parameter. The image needs proper credentials to be 42 | authenticated by the remote container registry. These credentials can 43 | be provided through a serviceaccount. See [Authentication](https://github.com/tektoncd/pipeline/blob/master/docs/auth.md#basic-authentication-docker) 44 | for further details. 45 | 46 | If you run on OpenShift, you also need to allow the service 47 | account to run privileged containers. Due to security considerations 48 | OpenShift does not allow containers to run as privileged containers 49 | by default. 50 | 51 | Run the following in order to create a service account named 52 | `pipelines` on OpenShift and allow it to run privileged containers: 53 | 54 | ``` 55 | oc create serviceaccount pipeline 56 | oc adm policy add-scc-to-user privileged -z pipeline 57 | oc adm policy add-role-to-user edit -z pipeline 58 | ``` 59 | 60 | As EAP requires terms acceptance, a secret is needed for pulling the s2i source image. Create a secret with an Red Hat account (if you don't have one, join the [Developer Program](https://developers.redhat.com/) or register for a [30-day Trial Subscription](https://access.redhat.com/products/red-hat-jboss-enterprise-application-platform/evaluation)) and link it to the pipeline ServiceAccount. 61 | 62 | ``` 63 | oc create secret docker-registry \ 64 | --docker-server=registry.redhat.io \ 65 | --docker-username= \ 66 | --docker-password= \ 67 | --docker-email= 68 | 69 | oc secrets link pipeline 70 | ``` 71 | 72 | ## Using a `Pipeline` with `git-clone` 73 | 74 | ```yaml 75 | apiVersion: tekton.dev/v1beta1 76 | kind: Pipeline 77 | metadata: 78 | name: s2i-eap-pipeline 79 | spec: 80 | params: 81 | - name: IMAGE 82 | description: Location of the repo where image has to be pushed 83 | type: string 84 | workspaces: 85 | - name: shared-workspace 86 | tasks: 87 | - name: fetch-repository 88 | taskRef: 89 | name: git-clone 90 | workspaces: 91 | - name: output 92 | workspace: shared-workspace 93 | params: 94 | - name: url 95 | value: https://github.com/username/reponame 96 | - name: subdirectory 97 | value: "" 98 | - name: deleteExisting 99 | value: "true" 100 | - name: s2i 101 | taskRef: 102 | name: s2i-eap 103 | workspaces: 104 | - name: source 105 | workspace: shared-workspace 106 | params: 107 | - name: IMAGE 108 | value: $(params.IMAGE) 109 | - name: TLSVERIFY 110 | value: 'false' 111 | ``` 112 | 113 | ## Creating the pipelinerun 114 | 115 | This PipelineRun runs the Java EAP Task to fetch a Git repository and builds and 116 | pushes a container image using S2I and a Java EAP builder image. 117 | 118 | ```yaml 119 | apiVersion: tekton.dev/v1beta1 120 | kind: PipelineRun 121 | metadata: 122 | name: s2i-eap-pipelinerun 123 | spec: 124 | # Use service account with git and image repo credentials 125 | serviceAccountName: pipeline 126 | pipelineRunRef: 127 | name: s2i-eap-pipeline 128 | params: 129 | - name: IMAGE 130 | value: quay.io/my-repo/my-image-name 131 | workspaces: 132 | - name: shared-data 133 | volumeClaimTemplate: 134 | spec: 135 | accessModes: 136 | - ReadWriteOnce 137 | resources: 138 | requests: 139 | storage: 1Gi 140 | ``` 141 | -------------------------------------------------------------------------------- /task/s2i-eap/0.1/s2i-eap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: s2i-eap 5 | labels: 6 | app.kubernetes.io/version: "0.1" 7 | annotations: 8 | tekton.dev/pipelines.minVersion: "0.19" 9 | tekton.dev/tags: s2i, eap 10 | tekton.dev/displayName: "s2i eap" 11 | spec: 12 | description: >- 13 | s2i-eap task fetches a Git repository and builds and 14 | pushes a container image using S2I and a Java EAP builder image 15 | 16 | This current version of the Java EAP S2I builder image supports 17 | OpenJDK 11, EAP CD 18, and Maven 3.5.4-5. 18 | 19 | results: 20 | - name: IMAGE_DIGEST 21 | description: Digest of the image just built. 22 | params: 23 | - name: PATH_CONTEXT 24 | description: The location of the path to run s2i from 25 | default: . 26 | type: string 27 | - name: TLSVERIFY 28 | description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) 29 | default: "true" 30 | type: string 31 | - name: IMAGE 32 | description: Location of the repo where image has to be pushed 33 | default: "localhost:5000/s2i-eap" 34 | type: string 35 | - name: BUILDER_IMAGE 36 | description: The location of the buildah builder image. 37 | default: quay.io/buildah/stable:v1.17.0 38 | workspaces: 39 | - name: source 40 | mountPath: /workspace/source 41 | stepTemplate: 42 | envFrom: 43 | - configMapRef: 44 | name: s2i-eap-configmap # used for build env 45 | steps: 46 | - name: generate 47 | image: quay.io/openshift-pipeline/s2i 48 | workingdir: $(workspaces.source.path) 49 | command: 50 | - 's2i' 51 | - 'build' 52 | - '$(params.PATH_CONTEXT)' 53 | - 'registry.redhat.io/jboss-eap-7-tech-preview/eap-cd-openshift-rhel8' 54 | - '--assemble-user' 55 | - '185' 56 | - '--image-scripts-url' 57 | - 'image:///usr/local/s2i' 58 | - '--as-dockerfile' 59 | - '/gen-source/Dockerfile.gen' 60 | - '--environment-file' 61 | - '/env-params/env-file' 62 | volumeMounts: 63 | - name: gen-source 64 | mountPath: /gen-source 65 | - name: envparams 66 | mountPath: /env-params 67 | env: 68 | - name: HOME 69 | value: /tekton/home 70 | - name: build 71 | image: $(params.BUILDER_IMAGE) 72 | workingdir: /gen-source 73 | command: ['buildah', 'bud', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(params.IMAGE)', '.'] 74 | volumeMounts: 75 | - name: varlibcontainers 76 | mountPath: /var/lib/containers 77 | - name: gen-source 78 | mountPath: /gen-source 79 | - name: push 80 | image: $(params.BUILDER_IMAGE) 81 | workingDir: $(workspaces.source.path) 82 | command: ['buildah', 'push', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--digestfile=$(workspaces.source.path)/image-digest', '$(params.IMAGE)', 'docker://$(params.IMAGE)'] 83 | volumeMounts: 84 | - name: varlibcontainers 85 | mountPath: /var/lib/containers 86 | - name: digest-to-results 87 | image: $(params.BUILDER_IMAGE) 88 | script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST 89 | volumes: 90 | - name: varlibcontainers 91 | emptyDir: {} 92 | - name: gen-source 93 | emptyDir: {} 94 | - name: envparams 95 | configMap: 96 | name: s2i-eap-configmap 97 | -------------------------------------------------------------------------------- /task/s2i-go/0.1/README.md: -------------------------------------------------------------------------------- 1 | # Go Source-to-Image 2 | 3 | This task can be used for building `GO` apps as reproducible Docker 4 | images using Source-to-Image. [Source-to-Image (S2I)](https://github.com/openshift/source-to-image) 5 | is a toolkit and a workflow for building reproducible container images 6 | from source code. This tasks uses the s2i-go image build from [sclorg/golang-container](https://github.com/sclorg/golang-container). 7 | 8 | GO versions currently provided are: 9 | 10 | - 1.13.4-ubi7 11 | - 1.14.7-ubi8 12 | 13 | ## Installing the Go Task 14 | 15 | ``` 16 | kubectl apply -f https://raw.githubusercontent.com/openshift/pipelines-catalog/master/task/s2i-go/0.1/s2i-go.yaml 17 | ``` 18 | 19 | ## Parameters 20 | 21 | * **VERSION**: The tag of go imagestream for go version 22 | (_default: 1.14.7-ubi8_) 23 | * **PATH_CONTEXT**: Source path from where S2I command needs to be run 24 | (_default: ._) 25 | * **TLSVERIFY**: Verify the TLS on the registry endpoint (for push/pull to a 26 | non-TLS registry) (_default:_ `true`) 27 | * **IMAGE**: Location of the repo where image has to be pushed. 28 | 29 | ## Workspaces 30 | 31 | * **source**: A workspace specifying the location of the source to 32 | build. 33 | 34 | ## Creating a ServiceAccount 35 | 36 | S2I builds an image and pushes it to the destination registry which is 37 | defined as a parameter. The image needs proper credentials to be 38 | authenticated by the remote container registry. These credentials can 39 | be provided through a serviceaccount. See [Authentication](https://github.com/tektoncd/pipeline/blob/master/docs/auth.md#basic-authentication-docker) 40 | for further details. 41 | 42 | If you run on OpenShift, you also need to allow the service 43 | account to run privileged containers. Due to security considerations 44 | OpenShift does not allow containers to run as privileged containers 45 | by default. 46 | 47 | Run the following in order to create a service account named 48 | `pipelines` on OpenShift and allow it to run privileged containers: 49 | 50 | ``` 51 | oc create serviceaccount pipeline 52 | oc adm policy add-scc-to-user privileged -z pipeline 53 | oc adm policy add-role-to-user edit -z pipeline 54 | ``` 55 | 56 | ## Using a `Pipeline` with `git-clone` 57 | 58 | ```yaml 59 | apiVersion: tekton.dev/v1beta1 60 | kind: Pipeline 61 | metadata: 62 | name: s2i-go-pipeline 63 | spec: 64 | params: 65 | - name: IMAGE 66 | description: Location of the repo where image has to be pushed 67 | type: string 68 | workspaces: 69 | - name: shared-workspace 70 | tasks: 71 | - name: fetch-repository 72 | taskRef: 73 | name: git-clone 74 | workspaces: 75 | - name: output 76 | workspace: shared-workspace 77 | params: 78 | - name: url 79 | value: https://github.com/username/reponame 80 | - name: subdirectory 81 | value: "" 82 | - name: deleteExisting 83 | value: "true" 84 | - name: s2i 85 | taskRef: 86 | name: s2i-go 87 | workspaces: 88 | - name: source 89 | workspace: shared-workspace 90 | params: 91 | - name: IMAGE 92 | value: $(params.IMAGE) 93 | ``` 94 | 95 | ## Creating the pipelinerun 96 | 97 | This PipelineRun runs the Go Task to fetch a Git repository and builds and 98 | pushes a container image using S2I and a Go builder image. 99 | 100 | ```yaml 101 | apiVersion: tekton.dev/v1beta1 102 | kind: PipelineRun 103 | metadata: 104 | name: s2i-go-pipelinerun 105 | spec: 106 | # Use service account with git and image repo credentials 107 | serviceAccountName: pipeline 108 | pipelineRunRef: 109 | name: s2i-go-pipeline 110 | params: 111 | - name: IMAGE 112 | value: quay.io/my-repo/my-image-name 113 | workspaces: 114 | - name: shared-data 115 | volumeClaimTemplate: 116 | spec: 117 | accessModes: 118 | - ReadWriteOnce 119 | resources: 120 | requests: 121 | storage: 1Gi 122 | ``` 123 | -------------------------------------------------------------------------------- /task/s2i-go/0.1/s2i-go.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: s2i-go 5 | labels: 6 | app.kubernetes.io/version: "0.1" 7 | annotations: 8 | tekton.dev/pipelines.minVersion: "0.19" 9 | tekton.dev/tags: s2i, go, workspace 10 | tekton.dev/displayName: "s2i go" 11 | spec: 12 | description: >- 13 | s2i-go task clones a Git repository and builds and 14 | pushes a container image using S2I and a Go builder image. 15 | 16 | results: 17 | - name: IMAGE_DIGEST 18 | description: Digest of the image just built. 19 | params: 20 | - name: VERSION 21 | description: The tag of go imagestream for go version 22 | default: '1.14.7-ubi8' 23 | type: string 24 | - name: PATH_CONTEXT 25 | description: The location of the path to run s2i from. 26 | default: . 27 | type: string 28 | - name: TLSVERIFY 29 | description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) 30 | default: "true" 31 | type: string 32 | - name: IMAGE 33 | description: Location of the repo where image has to be pushed 34 | type: string 35 | - name: BUILDER_IMAGE 36 | description: The location of the buildah builder image. 37 | default: quay.io/buildah/stable:v1.17.0 38 | workspaces: 39 | - name: source 40 | mountPath: /workspace/source 41 | steps: 42 | - name: generate 43 | image: quay.io/openshift-pipeline/s2i 44 | workingdir: $(workspaces.source.path) 45 | command: ['s2i', 'build', '$(params.PATH_CONTEXT)', 'image-registry.openshift-image-registry.svc:5000/openshift/golang:$(params.VERSION)', '--as-dockerfile', '/gen-source/Dockerfile.gen'] 46 | env: 47 | - name: HOME 48 | value: /tekton/home 49 | volumeMounts: 50 | - name: gen-source 51 | mountPath: /gen-source 52 | - name: build 53 | image: $(params.BUILDER_IMAGE) 54 | workingdir: /gen-source 55 | command: ['buildah', 'bud', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(params.IMAGE)', '.'] 56 | volumeMounts: 57 | - name: varlibcontainers 58 | mountPath: /var/lib/containers 59 | - name: gen-source 60 | mountPath: /gen-source 61 | - name: push 62 | workingDir: $(workspaces.source.path) 63 | image: $(params.BUILDER_IMAGE) 64 | command: ['buildah', 'push', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--digestfile=$(workspaces.source.path)/image-digest', '$(params.IMAGE)', 'docker://$(params.IMAGE)'] 65 | volumeMounts: 66 | - name: varlibcontainers 67 | mountPath: /var/lib/containers 68 | - name: digest-to-results 69 | image: $(params.BUILDER_IMAGE) 70 | script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST 71 | volumes: 72 | - name: varlibcontainers 73 | emptyDir: {} 74 | - name: gen-source 75 | emptyDir: {} 76 | -------------------------------------------------------------------------------- /task/s2i-go/0.1/tests/pv.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: s2i-go-workspace 6 | spec: 7 | accessModes: 8 | - ReadWriteOnce 9 | resources: 10 | requests: 11 | storage: 100Mi 12 | -------------------------------------------------------------------------------- /task/s2i-go/0.1/tests/step.yaml: -------------------------------------------------------------------------------- 1 | - name: fetch-repository-s2i-go 2 | taskRef: 3 | name: git-clone 4 | workspaces: 5 | - name: output 6 | workspace: s2i-go-workspace 7 | params: 8 | - name: url 9 | value: https://github.com/sclorg/golang-ex 10 | - name: subdirectory 11 | value: "" 12 | - name: deleteExisting 13 | value: "true" 14 | - name: revision 15 | value: "master" 16 | 17 | - name: s2i-go-test 18 | taskRef: 19 | name: s2i-go 20 | runAfter: 21 | - fetch-repository-s2i-go 22 | workspaces: 23 | - name: source 24 | workspace: s2i-go-workspace 25 | params: 26 | - name: TLSVERIFY 27 | value: "false" 28 | - name: IMAGE 29 | value: "image-registry.openshift-image-registry.svc:5000/{{namespace}}/s2i-go" 30 | -------------------------------------------------------------------------------- /task/s2i-java/0.1/README.md: -------------------------------------------------------------------------------- 1 | # Java Source-to-Image 2 | 3 | This task can be used for building `Java` apps as reproducible Docker 4 | images using Source-to-Image. [Source-to-Image (S2I)](https://github.com/openshift/source-to-image) 5 | is a toolkit and a workflow for building reproducible container images 6 | from source code. This java task uses `image-registry.openshift-image-registry.svc:5000/openshift/java` builder image 7 | 8 | Java versions currently provided are: 9 | 10 | - 11 11 | - openjdk-11-el7 12 | - openjdk-11-ubi8 13 | - 8 14 | - openjdk-8-el7 15 | - openjdk-8-ubi8 16 | 17 | ## Installing the Java Task 18 | 19 | ``` 20 | kubectl apply -f https://raw.githubusercontent.com/openshift/pipelines-catalog/master/task/s2i-java/0.1/s2i-java.yaml 21 | ``` 22 | 23 | ## Parameters 24 | 25 | * **VERSION**: The tag of java imagestream for java version 26 | (_default: openjdk-11-ubi8_) 27 | * **PATH_CONTEXT**: Source path from where S2I command needs to be run 28 | (_default: `.`_) 29 | * **TLSVERIFY**: Verify the TLS on the registry endpoint (for push/pull to a 30 | non-TLS registry) (_default:_ `true`) 31 | * **MAVEN_ARGS_APPEND**: Additional Maven arguments (_optional_, _no default_) 32 | * **MAVEN_CLEAR_REPO**: Remove the Maven repository after the artifact is 33 | built (_default:_ `false`) 34 | * **MAVEN_MIRROR_URL**: The base URL of a mirror used for retrieving artifacts 35 | ((_optional_, _no default_)) 36 | 37 | ## Workspaces 38 | 39 | * **source**: A workspace specifying the location of the source to 40 | build. 41 | 42 | ## Creating a ServiceAccount 43 | 44 | S2I builds an image and pushes it to the destination registry which is 45 | defined as a parameter. The image needs proper credentials to be 46 | authenticated by the remote container registry. These credentials can 47 | be provided through a serviceaccount. See [Authentication](https://github.com/tektoncd/pipeline/blob/master/docs/auth.md#basic-authentication-docker) 48 | for further details. 49 | 50 | If you run on OpenShift, you also need to allow the service 51 | account to run privileged containers. Due to security considerations 52 | OpenShift does not allow containers to run as privileged containers 53 | by default. 54 | 55 | Run the following in order to create a service account named 56 | `pipelines` on OpenShift and allow it to run privileged containers: 57 | 58 | ``` 59 | oc create serviceaccount pipeline 60 | oc adm policy add-scc-to-user privileged -z pipeline 61 | oc adm policy add-role-to-user edit -z pipeline 62 | ``` 63 | 64 | ## Using a `Pipeline` with `git-clone` 65 | 66 | ```yaml 67 | apiVersion: tekton.dev/v1beta1 68 | kind: Pipeline 69 | metadata: 70 | name: s2i-java-pipeline 71 | spec: 72 | params: 73 | - name: IMAGE 74 | description: Location of the repo where image has to be pushed 75 | type: string 76 | workspaces: 77 | - name: shared-workspace 78 | tasks: 79 | - name: fetch-repository 80 | taskRef: 81 | name: git-clone 82 | workspaces: 83 | - name: output 84 | workspace: shared-workspace 85 | params: 86 | - name: url 87 | value: https://github.com/username/reponame 88 | - name: subdirectory 89 | value: "" 90 | - name: deleteExisting 91 | value: "true" 92 | - name: s2i 93 | taskRef: 94 | name: s2i-java 95 | workspaces: 96 | - name: source 97 | workspace: shared-workspace 98 | params: 99 | - name: IMAGE 100 | value: $(params.IMAGE) 101 | ``` 102 | 103 | ## Creating the pipelinerun 104 | 105 | This PipelineRun runs the Java Task to fetch a Git repository and builds and 106 | pushes a container image using S2I and a Java builder image. 107 | 108 | ```yaml 109 | apiVersion: tekton.dev/v1beta1 110 | kind: PipelineRun 111 | metadata: 112 | name: s2i-java-pipelinerun 113 | spec: 114 | # Use service account with git and image repo credentials 115 | serviceAccountName: pipeline 116 | pipelineRunRef: 117 | name: s2i-java-pipeline 118 | params: 119 | - name: IMAGE 120 | value: quay.io/my-repo/my-image-name 121 | workspaces: 122 | - name: shared-data 123 | volumeClaimTemplate: 124 | spec: 125 | accessModes: 126 | - ReadWriteOnce 127 | resources: 128 | requests: 129 | storage: 1Gi 130 | ``` 131 | -------------------------------------------------------------------------------- /task/s2i-java/0.1/s2i-java.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: s2i-java 5 | labels: 6 | app.kubernetes.io/version: "0.1" 7 | annotations: 8 | tekton.dev/pipelines.minVersion: "0.19" 9 | tekton.dev/tags: s2i, java, workspace 10 | tekton.dev/displayName: "s2i java" 11 | spec: 12 | description: >- 13 | s2i-java task clones a Git repository and builds and 14 | pushes a container image using S2I and a Java builder image. 15 | 16 | results: 17 | - name: IMAGE_DIGEST 18 | description: Digest of the image just built. 19 | params: 20 | - name: VERSION 21 | description: The tag of java imagestream for java version 22 | default: 'openjdk-11-ubi8' 23 | type: string 24 | - name: PATH_CONTEXT 25 | description: The location of the path to run s2i from 26 | default: . 27 | type: string 28 | - name: TLSVERIFY 29 | description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) 30 | default: "true" 31 | type: string 32 | - name: MAVEN_ARGS_APPEND 33 | description: Additional Maven arguments 34 | default: "" 35 | type: string 36 | - name: MAVEN_CLEAR_REPO 37 | description: Remove the Maven repository after the artifact is built 38 | default: "false" 39 | type: string 40 | - name: MAVEN_MIRROR_URL 41 | description: The base URL of a mirror used for retrieving artifacts 42 | default: "" 43 | type: string 44 | - name: IMAGE 45 | description: Location of the repo where image has to be pushed 46 | type: string 47 | - name: BUILDER_IMAGE 48 | description: The location of the buildah builder image. 49 | default: quay.io/buildah/stable:v1.17.0 50 | workspaces: 51 | - name: source 52 | mountPath: /workspace/source 53 | steps: 54 | - name: gen-env-file 55 | image: quay.io/openshift-pipeline/s2i 56 | workingdir: /env-params 57 | command: 58 | - '/bin/sh' 59 | - '-c' 60 | args: 61 | - |- 62 | echo "MAVEN_CLEAR_REPO=$(params.MAVEN_CLEAR_REPO)" > env-file 63 | 64 | [[ '$(params.MAVEN_ARGS_APPEND)' != "" ]] && 65 | echo "MAVEN_ARGS_APPEND=$(params.MAVEN_ARGS_APPEND)" >> env-file 66 | 67 | [[ '$(params.MAVEN_MIRROR_URL)' != "" ]] && 68 | echo "MAVEN_MIRROR_URL=$(params.MAVEN_MIRROR_URL)" >> env-file 69 | 70 | echo "Generated Env file" 71 | echo "------------------------------" 72 | cat env-file 73 | echo "------------------------------" 74 | volumeMounts: 75 | - name: envparams 76 | mountPath: /env-params 77 | env: 78 | - name: HOME 79 | value: /tekton/home 80 | - name: generate 81 | image: quay.io/openshift-pipeline/s2i 82 | workingdir: $(workspaces.source.path) 83 | command: 84 | - 's2i' 85 | - 'build' 86 | - '$(params.PATH_CONTEXT)' 87 | - 'image-registry.openshift-image-registry.svc:5000/openshift/java:$(params.VERSION)' 88 | - '--image-scripts-url' 89 | - 'image:///usr/local/s2i' 90 | - '--as-dockerfile' 91 | - '/gen-source/Dockerfile.gen' 92 | - '--environment-file' 93 | - '/env-params/env-file' 94 | volumeMounts: 95 | - name: gen-source 96 | mountPath: /gen-source 97 | - name: envparams 98 | mountPath: /env-params 99 | env: 100 | - name: HOME 101 | value: /tekton/home 102 | - name: build 103 | image: $(params.BUILDER_IMAGE) 104 | workingdir: /gen-source 105 | command: ['buildah', 'bud', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(params.IMAGE)', '.'] 106 | volumeMounts: 107 | - name: varlibcontainers 108 | mountPath: /var/lib/containers 109 | - name: gen-source 110 | mountPath: /gen-source 111 | - name: push 112 | image: $(params.BUILDER_IMAGE) 113 | workingDir: $(workspaces.source.path) 114 | command: ['buildah', 'push', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--digestfile=$(workspaces.source.path)/image-digest', '$(params.IMAGE)', 'docker://$(params.IMAGE)'] 115 | volumeMounts: 116 | - name: varlibcontainers 117 | mountPath: /var/lib/containers 118 | - name: digest-to-results 119 | image: $(params.BUILDER_IMAGE) 120 | script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST 121 | volumes: 122 | - name: varlibcontainers 123 | emptyDir: {} 124 | - name: gen-source 125 | emptyDir: {} 126 | - name: envparams 127 | emptyDir: {} 128 | -------------------------------------------------------------------------------- /task/s2i-java/0.1/tests/pv.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: s2i-java-workspace 6 | spec: 7 | accessModes: 8 | - ReadWriteOnce 9 | resources: 10 | requests: 11 | storage: 100Mi 12 | -------------------------------------------------------------------------------- /task/s2i-java/0.1/tests/step.yaml: -------------------------------------------------------------------------------- 1 | - name: fetch-repository-s2i-java 2 | taskRef: 3 | name: git-clone 4 | workspaces: 5 | - name: output 6 | workspace: s2i-java-workspace 7 | params: 8 | - name: url 9 | value: https://github.com/piyush-garg/spring-petclinic 10 | - name: subdirectory 11 | value: "" 12 | - name: deleteExisting 13 | value: "true" 14 | - name: revision 15 | value: "main" 16 | 17 | - name: s2i-java--test 18 | taskRef: 19 | name: s2i-java 20 | runAfter: 21 | - fetch-repository-s2i-java 22 | workspaces: 23 | - name: source 24 | workspace: s2i-java-workspace 25 | params: 26 | - name: TLSVERIFY 27 | value: "false" 28 | - name: IMAGE 29 | value: "image-registry.openshift-image-registry.svc:5000/{{namespace}}/s2i-java" 30 | -------------------------------------------------------------------------------- /task/s2i-nodejs/0.1/README.md: -------------------------------------------------------------------------------- 1 | # Nodejs Source-to-Image 2 | 3 | This task can be used for building `Nodejs` apps as reproducible Docker 4 | images using Source-to-Image. [Source-to-Image (S2I)](https://github.com/openshift/source-to-image) 5 | is a toolkit and a workflow for building reproducible container images 6 | from source code. This tasks uses the Node.js S2I builder image from [sclorg/s2i-nodejs-container](https://github.com/sclorg/s2i-nodejs-container). 7 | 8 | Node.js versions currently provided are: 9 | 10 | - 10 11 | - 10-ubi7 12 | - 10-ubi8 13 | - 12 14 | - 12-ubi7 15 | - 12-ubi8 16 | - 14-ubi7 17 | - 14-ubi8 18 | 19 | ## Installing the Nodejs Task 20 | 21 | ``` 22 | kubectl apply -f https://raw.githubusercontent.com/openshift/pipelines-catalog/master/task/s2i-nodejs/0.1/s2i-nodejs.yaml 23 | ``` 24 | 25 | ## Parameters 26 | 27 | * **VERSION**: The tag of nodejs imagestream for nodejs version 28 | (_default: 14-ubi8_) 29 | * **PATH_CONTEXT**: Source path from where the S2I command needs to be run 30 | (_default: ._) 31 | * **TLSVERIFY**: Verify the TLS on the registry endpoint (for push/pull to a 32 | non-TLS registry) (_default:_ `true`) 33 | * **IMAGE**: Location of the repo where image has to be pushed. 34 | 35 | ## Workspaces 36 | 37 | * **source**: A workspace specifying the location of the source to 38 | build. 39 | 40 | ## Creating a ServiceAccount 41 | 42 | S2I builds an image and pushes it to the destination registry which is 43 | defined as a parameter. The image needs proper credentials to be 44 | authenticated by the remote container registry. These credentials can 45 | be provided through a `ServiceAccount`. See [Authentication](https://github.com/tektoncd/pipeline/blob/master/docs/auth.md#basic-authentication-docker) 46 | for further details. 47 | 48 | If you run on OpenShift, you also need to allow the `ServiceAccount` to run privileged containers. Due to security considerations, OpenShift does not allow containers to run as privileged containers by default. 49 | 50 | Run the following in order to create a `ServiceAccount` named 51 | `pipelines` on OpenShift and allow it to run privileged containers: 52 | 53 | ``` 54 | oc create serviceaccount pipeline 55 | oc adm policy add-scc-to-user privileged -z pipeline 56 | oc adm policy add-role-to-user edit -z pipeline 57 | ``` 58 | 59 | ## Using a `Pipeline` with `git-clone` 60 | 61 | ```yaml 62 | apiVersion: tekton.dev/v1beta1 63 | kind: Pipeline 64 | metadata: 65 | name: s2i-nodejs-pipeline 66 | spec: 67 | params: 68 | - name: IMAGE 69 | description: Location of the repo where image has to be pushed 70 | type: string 71 | workspaces: 72 | - name: shared-workspace 73 | tasks: 74 | - name: fetch-repository 75 | taskRef: 76 | name: git-clone 77 | workspaces: 78 | - name: output 79 | workspace: shared-workspace 80 | params: 81 | - name: url 82 | value: https://github.com/username/reponame 83 | - name: subdirectory 84 | value: "" 85 | - name: deleteExisting 86 | value: "true" 87 | - name: s2i 88 | taskRef: 89 | name: s2i-nodejs 90 | workspaces: 91 | - name: source 92 | workspace: shared-workspace 93 | params: 94 | - name: IMAGE 95 | value: $(params.IMAGE) 96 | ``` 97 | 98 | ## Creating the pipelinerun 99 | 100 | This PipelineRun runs the Node.js Task to fetch a Git repository and builds and 101 | pushes a container image using S2I and a [Node.js S2I builder image](https://github.com/sclorg/s2i-nodejs-container). 102 | 103 | ```yaml 104 | apiVersion: tekton.dev/v1beta1 105 | kind: PipelineRun 106 | metadata: 107 | name: s2i-nodejs-pipelinerun 108 | spec: 109 | # Use service account with git and image repo credentials 110 | serviceAccountName: pipeline 111 | pipelineRunRef: 112 | name: s2i-nodejs-pipeline 113 | params: 114 | - name: IMAGE 115 | value: quay.io/my-repo/my-image-name 116 | workspaces: 117 | - name: shared-data 118 | volumeClaimTemplate: 119 | spec: 120 | accessModes: 121 | - ReadWriteOnce 122 | resources: 123 | requests: 124 | storage: 1Gi 125 | ``` 126 | -------------------------------------------------------------------------------- /task/s2i-nodejs/0.1/s2i-nodejs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: s2i-nodejs 5 | labels: 6 | app.kubernetes.io/version: "0.1" 7 | annotations: 8 | tekton.dev/pipelines.minVersion: "0.19" 9 | tekton.dev/tags: s2i, nodejs, workspace 10 | tekton.dev/displayName: "s2i nodejs" 11 | spec: 12 | description: >- 13 | s2i-nodejs task clones a Git repository and builds and 14 | pushes a container image using S2I and a nodejs builder image. 15 | 16 | results: 17 | - name: IMAGE_DIGEST 18 | description: Digest of the image just built. 19 | params: 20 | - name: VERSION 21 | description: The tag of nodejs imagestream for nodejs version 22 | default: '14-ubi8' 23 | type: string 24 | - name: PATH_CONTEXT 25 | description: The location of the path to run s2i from. 26 | default: . 27 | type: string 28 | - name: TLSVERIFY 29 | description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) 30 | default: "true" 31 | type: string 32 | - name: IMAGE 33 | description: Location of the repo where image has to be pushed 34 | type: string 35 | - name: BUILDER_IMAGE 36 | description: The location of the buildah builder image. 37 | default: quay.io/buildah/stable:v1.17.0 38 | workspaces: 39 | - name: source 40 | mountPath: /workspace/source 41 | steps: 42 | - name: generate 43 | image: quay.io/openshift-pipeline/s2i 44 | workingdir: $(workspaces.source.path) 45 | command: ['s2i', 'build', '$(params.PATH_CONTEXT)', 'image-registry.openshift-image-registry.svc:5000/openshift/nodejs:$(params.VERSION)', '--as-dockerfile', '/gen-source/Dockerfile.gen'] 46 | volumeMounts: 47 | - name: gen-source 48 | mountPath: /gen-source 49 | env: 50 | - name: HOME 51 | value: /tekton/home 52 | - name: build 53 | image: $(params.BUILDER_IMAGE) 54 | workingdir: /gen-source 55 | command: ['buildah', 'bud', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(params.IMAGE)', '.'] 56 | volumeMounts: 57 | - name: varlibcontainers 58 | mountPath: /var/lib/containers 59 | - name: gen-source 60 | mountPath: /gen-source 61 | - name: push 62 | image: $(params.BUILDER_IMAGE) 63 | workingDir: $(workspaces.source.path) 64 | command: ['buildah', 'push', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--digestfile=$(workspaces.source.path)/image-digest', '$(params.IMAGE)', 'docker://$(params.IMAGE)'] 65 | volumeMounts: 66 | - name: varlibcontainers 67 | mountPath: /var/lib/containers 68 | - name: digest-to-results 69 | image: $(params.BUILDER_IMAGE) 70 | script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST 71 | volumes: 72 | - name: varlibcontainers 73 | emptyDir: {} 74 | - name: gen-source 75 | emptyDir: {} 76 | -------------------------------------------------------------------------------- /task/s2i-nodejs/0.1/tests/pv.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: s2i-nodejs-workspace 6 | spec: 7 | accessModes: 8 | - ReadWriteOnce 9 | resources: 10 | requests: 11 | storage: 100Mi 12 | -------------------------------------------------------------------------------- /task/s2i-nodejs/0.1/tests/step.yaml: -------------------------------------------------------------------------------- 1 | - name: fetch-repository-s2i-nodejs 2 | taskRef: 3 | name: git-clone 4 | workspaces: 5 | - name: output 6 | workspace: s2i-nodejs-workspace 7 | params: 8 | - name: url 9 | value: https://github.com/sclorg/nodejs-ex 10 | - name: subdirectory 11 | value: "" 12 | - name: deleteExisting 13 | value: "true" 14 | - name: revision 15 | value: "master" 16 | 17 | - name: s2i-nodejs-test 18 | taskRef: 19 | name: s2i-nodejs 20 | runAfter: 21 | - fetch-repository-s2i-nodejs 22 | workspaces: 23 | - name: source 24 | workspace: s2i-nodejs-workspace 25 | params: 26 | - name: TLSVERIFY 27 | value: "false" 28 | - name: IMAGE 29 | value: "image-registry.openshift-image-registry.svc:5000/{{namespace}}/s2i-nodejs" 30 | -------------------------------------------------------------------------------- /task/s2i-perl/0.1/README.md: -------------------------------------------------------------------------------- 1 | # Perl Source-to-Image 2 | 3 | This task can be used for building `Perl` apps as reproducible Docker 4 | images using Source-to-Image. [Source-to-Image (S2I)](https://github.com/openshift/source-to-image) 5 | is a toolkit and a workflow for building reproducible container images 6 | from source code. This tasks uses the s2i-perl image build from [sclorg/s2i-perl-container](https://github.com/sclorg/s2i-perl-container). 7 | 8 | Perl versions currently provided are: 9 | 10 | - 5.26 11 | - 5.26-el7 12 | - 5.26-ubi8 13 | - 5.30 14 | - 5.30-el7 15 | - 5.30-ubi8 16 | 17 | ## Installing the Perl Task 18 | 19 | ``` 20 | kubectl apply -f https://raw.githubusercontent.com/openshift/pipelines-catalog/master/task/s2i-perl/0.1/s2i-perl.yaml 21 | ``` 22 | 23 | ## Parameters 24 | 25 | * **VERSION**: The tag of perl imagestream for perl version 26 | (_default: 5.30-ubi8_) 27 | * **PATH_CONTEXT**: Source path from where S2I command needs to be run 28 | (_default: ._) 29 | * **TLSVERIFY**: Verify the TLS on the registry endpoint (for push/pull to a 30 | non-TLS registry) (_default:_ `true`) 31 | * **IMAGE**: Location of the repo where image has to be pushed. 32 | 33 | ## Workspaces 34 | 35 | * **source**: A workspace specifying the location of the source to 36 | build. 37 | 38 | ## Creating a ServiceAccount 39 | 40 | S2I builds an image and pushes it to the destination registry which is 41 | defined as a parameter. The image needs proper credentials to be 42 | authenticated by the remote container registry. These credentials can 43 | be provided through a serviceaccount. See [Authentication](https://github.com/tektoncd/pipeline/blob/master/docs/auth.md#basic-authentication-docker) 44 | for further details. 45 | 46 | If you run on OpenShift, you also need to allow the service 47 | account to run privileged containers. Due to security considerations 48 | OpenShift does not allow containers to run as privileged containers 49 | by default. 50 | 51 | Run the following in order to create a service account named 52 | `pipelines` on OpenShift and allow it to run privileged containers: 53 | 54 | ``` 55 | oc create serviceaccount pipeline 56 | oc adm policy add-scc-to-user privileged -z pipeline 57 | oc adm policy add-role-to-user edit -z pipeline 58 | ``` 59 | 60 | ## Using a `Pipeline` with `git-clone` 61 | 62 | ```yaml 63 | apiVersion: tekton.dev/v1beta1 64 | kind: Pipeline 65 | metadata: 66 | name: s2i-perl-pipeline 67 | spec: 68 | params: 69 | - name: IMAGE 70 | description: Location of the repo where image has to be pushed 71 | type: string 72 | workspaces: 73 | - name: shared-workspace 74 | tasks: 75 | - name: fetch-repository 76 | taskRef: 77 | name: git-clone 78 | workspaces: 79 | - name: output 80 | workspace: shared-workspace 81 | params: 82 | - name: url 83 | value: https://github.com/username/reponame 84 | - name: subdirectory 85 | value: "" 86 | - name: deleteExisting 87 | value: "true" 88 | - name: s2i 89 | taskRef: 90 | name: s2i-perl 91 | workspaces: 92 | - name: source 93 | workspace: shared-workspace 94 | params: 95 | - name: IMAGE 96 | value: $(params.IMAGE) 97 | ``` 98 | 99 | ## Creating the pipelinerun 100 | 101 | This PipelineRun runs the perl Task to fetch a Git repository and builds and 102 | pushes a container image using S2I and a perl builder image. 103 | 104 | ```yaml 105 | apiVersion: tekton.dev/v1beta1 106 | kind: PipelineRun 107 | metadata: 108 | name: s2i-perl-pipelinerun 109 | spec: 110 | # Use service account with git and image repo credentials 111 | serviceAccountName: pipeline 112 | pipelineRunRef: 113 | name: s2i-perl-pipeline 114 | params: 115 | - name: IMAGE 116 | value: quay.io/my-repo/my-image-name 117 | workspaces: 118 | - name: shared-data 119 | volumeClaimTemplate: 120 | spec: 121 | accessModes: 122 | - ReadWriteOnce 123 | resources: 124 | requests: 125 | storage: 1Gi 126 | ``` 127 | -------------------------------------------------------------------------------- /task/s2i-perl/0.1/s2i-perl.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: s2i-perl 5 | labels: 6 | app.kubernetes.io/version: "0.1" 7 | annotations: 8 | tekton.dev/pipelines.minVersion: "0.19" 9 | tekton.dev/tags: s2i, perl, workspace 10 | tekton.dev/displayName: "s2i perl" 11 | spec: 12 | description: >- 13 | s2i-perl task clones a Git repository and builds and 14 | pushes a container image using S2I and a Perl builder image. 15 | 16 | results: 17 | - name: IMAGE_DIGEST 18 | description: Digest of the image just built. 19 | params: 20 | - name: VERSION 21 | description: The tag of perl imagestream for perl version 22 | default: '5.30-ubi8' 23 | type: string 24 | - name: PATH_CONTEXT 25 | description: The location of the path to run s2i from. 26 | default: . 27 | type: string 28 | - name: TLSVERIFY 29 | description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) 30 | default: "true" 31 | type: string 32 | - name: IMAGE 33 | description: Location of the repo where image has to be pushed 34 | type: string 35 | - name: BUILDER_IMAGE 36 | description: The location of the buildah builder image. 37 | default: quay.io/buildah/stable:v1.17.0 38 | workspaces: 39 | - name: source 40 | mountPath: /workspace/source 41 | steps: 42 | - name: generate 43 | image: quay.io/openshift-pipeline/s2i 44 | workingdir: $(workspaces.source.path) 45 | command: ['s2i', 'build', '$(params.PATH_CONTEXT)', 'image-registry.openshift-image-registry.svc:5000/openshift/perl:$(params.VERSION)', '--as-dockerfile', '/gen-source/Dockerfile.gen'] 46 | volumeMounts: 47 | - name: gen-source 48 | mountPath: /gen-source 49 | env: 50 | - name: HOME 51 | value: /tekton/home 52 | - name: build 53 | image: $(params.BUILDER_IMAGE) 54 | workingdir: /gen-source 55 | command: ['buildah', 'bud', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(params.IMAGE)', '.'] 56 | volumeMounts: 57 | - name: varlibcontainers 58 | mountPath: /var/lib/containers 59 | - name: gen-source 60 | mountPath: /gen-source 61 | - name: push 62 | workingDir: $(workspaces.source.path) 63 | image: $(params.BUILDER_IMAGE) 64 | command: ['buildah', 'push', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--digestfile=$(workspaces.source.path)/image-digest', '$(params.IMAGE)', 'docker://$(params.IMAGE)'] 65 | volumeMounts: 66 | - name: varlibcontainers 67 | mountPath: /var/lib/containers 68 | - name: digest-to-results 69 | image: $(params.BUILDER_IMAGE) 70 | script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST 71 | volumes: 72 | - name: varlibcontainers 73 | emptyDir: {} 74 | - name: gen-source 75 | emptyDir: {} 76 | -------------------------------------------------------------------------------- /task/s2i-perl/0.1/tests.disabled/pv.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: s2i-perl-workspace 6 | spec: 7 | accessModes: 8 | - ReadWriteOnce 9 | resources: 10 | requests: 11 | storage: 100Mi 12 | -------------------------------------------------------------------------------- /task/s2i-perl/0.1/tests.disabled/step.yaml: -------------------------------------------------------------------------------- 1 | - name: fetch-repository-s2i-perl 2 | taskRef: 3 | name: git-clone 4 | workspaces: 5 | - name: output 6 | workspace: s2i-perl-workspace 7 | params: 8 | - name: url 9 | value: https://github.com/sclorg/s2i-perl-container 10 | - name: subdirectory 11 | value: "" 12 | - name: deleteExisting 13 | value: "true" 14 | - name: revision 15 | value: "dotnetcore-3.1" 16 | 17 | - name: s2i-perl-test 18 | taskRef: 19 | name: s2i-perl 20 | runAfter: 21 | - fetch-repository-s2i-perl 22 | workspaces: 23 | - name: source 24 | workspace: s2i-perl-workspace 25 | params: 26 | - name: TLSVERIFY 27 | value: "false" 28 | - name: PATH_CONTEXT 29 | value: "examples/sample-test-app" 30 | - name: IMAGE 31 | value: "image-registry.openshift-image-registry.svc:5000/{{namespace}}/s2i-perl" 32 | 33 | --- 34 | -------------------------------------------------------------------------------- /task/s2i-php/0.1/README.md: -------------------------------------------------------------------------------- 1 | # PHP Source-to-Image 2 | 3 | This task can be used for building `PHP` apps as reproducible Docker 4 | images using Source-to-Image. [Source-to-Image (S2I)](https://github.com/openshift/source-to-image) 5 | is a toolkit and a workflow for building reproducible container images 6 | from source code. This tasks uses the s2i-php image build from [sclorg/s2i-php-container](https://github.com/sclorg/s2i-php-container). 7 | 8 | PHP versions currently provided are: 9 | 10 | - 7.4-ubi8 11 | - 7.3 12 | - 7.3-ubi7 13 | - 7.3-ubi8 14 | - 7.2-ubi8 15 | 16 | ## Installing the PHP Task 17 | 18 | ``` 19 | kubectl apply -f https://raw.githubusercontent.com/openshift/pipelines-catalog/master/task/s2i-php/0.1/s2i-php.yaml 20 | ``` 21 | 22 | ## Parameters 23 | 24 | * **VERSION**: The tag of php imagestream for php version 25 | (_default: 7.4-ubi8_) 26 | * **PATH_CONTEXT**: Source path from where S2I command needs to be run 27 | (_default: ._) 28 | * **TLSVERIFY**: Verify the TLS on the registry endpoint (for push/pull to a 29 | non-TLS registry) (_default:_ `true`) 30 | * **IMAGE**: Location of the repo where image has to be pushed. 31 | 32 | ## Workspaces 33 | 34 | * **source**: A workspace specifying the location of the source to 35 | build. 36 | 37 | ## Creating a ServiceAccount 38 | 39 | S2I builds an image and pushes it to the destination registry which is 40 | defined as a parameter. The image needs proper credentials to be 41 | authenticated by the remote container registry. These credentials can 42 | be provided through a serviceaccount. See [Authentication](https://github.com/tektoncd/pipeline/blob/master/docs/auth.md#basic-authentication-docker) 43 | for further details. 44 | 45 | If you run on OpenShift, you also need to allow the service 46 | account to run privileged containers. Due to security considerations 47 | OpenShift does not allow containers to run as privileged containers 48 | by default. 49 | 50 | Run the following in order to create a service account named 51 | `pipelines` on OpenShift and allow it to run privileged containers: 52 | 53 | ``` 54 | oc create serviceaccount pipeline 55 | oc adm policy add-scc-to-user privileged -z pipeline 56 | oc adm policy add-role-to-user edit -z pipeline 57 | ``` 58 | * **IMAGE**: Location of the repo where image has to be pushed. 59 | 60 | ## Workspaces 61 | 62 | * **source**: A workspace specifying the location of the source to 63 | build. 64 | 65 | ## Using a `Pipeline` with `git-clone` 66 | 67 | ```yaml 68 | apiVersion: tekton.dev/v1beta1 69 | kind: Pipeline 70 | metadata: 71 | name: s2i-php-pipeline 72 | spec: 73 | params: 74 | - name: IMAGE 75 | description: Location of the repo where image has to be pushed 76 | type: string 77 | workspaces: 78 | - name: shared-workspace 79 | tasks: 80 | - name: fetch-repository 81 | taskRef: 82 | name: git-clone 83 | workspaces: 84 | - name: output 85 | workspace: shared-workspace 86 | params: 87 | - name: url 88 | value: https://github.com/username/reponame 89 | - name: subdirectory 90 | value: "" 91 | - name: deleteExisting 92 | value: "true" 93 | - name: s2i 94 | taskRef: 95 | name: s2i-php 96 | workspaces: 97 | - name: source 98 | workspace: shared-workspace 99 | params: 100 | - name: IMAGE 101 | value: $(params.IMAGE) 102 | ``` 103 | 104 | ## Creating the pipelinerun 105 | 106 | This PipelineRun runs the php Task to fetch a Git repository and builds and 107 | pushes a container image using S2I and a php builder image. 108 | 109 | ```yaml 110 | apiVersion: tekton.dev/v1beta1 111 | kind: PipelineRun 112 | metadata: 113 | name: s2i-php-pipelinerun 114 | spec: 115 | # Use service account with git and image repo credentials 116 | serviceAccountName: pipeline 117 | pipelineRunRef: 118 | name: s2i-php-pipeline 119 | params: 120 | - name: IMAGE 121 | value: quay.io/my-repo/my-image-name 122 | workspaces: 123 | - name: shared-data 124 | volumeClaimTemplate: 125 | spec: 126 | accessModes: 127 | - ReadWriteOnce 128 | resources: 129 | requests: 130 | storage: 1Gi 131 | ``` 132 | -------------------------------------------------------------------------------- /task/s2i-php/0.1/s2i-php.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: s2i-php 5 | labels: 6 | app.kubernetes.io/version: "0.1" 7 | annotations: 8 | tekton.dev/pipelines.minVersion: "0.19" 9 | tekton.dev/tags: s2i, php, workspace 10 | tekton.dev/displayName: "s2i php" 11 | spec: 12 | description: >- 13 | s2i-php task clones a Git repository and builds and 14 | pushes a container image using S2I and a PHP builder image. 15 | 16 | results: 17 | - name: IMAGE_DIGEST 18 | description: Digest of the image just built. 19 | params: 20 | - name: VERSION 21 | description: The tag of php imagestream for php version 22 | default: '7.4-ubi8' 23 | type: string 24 | - name: PATH_CONTEXT 25 | description: The location of the path to run s2i from. 26 | default: . 27 | type: string 28 | - name: TLSVERIFY 29 | description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) 30 | default: "true" 31 | type: string 32 | - name: IMAGE 33 | description: Location of the repo where image has to be pushed 34 | type: string 35 | - name: BUILDER_IMAGE 36 | description: The location of the buildah builder image. 37 | default: quay.io/buildah/stable:v1.17.0 38 | workspaces: 39 | - name: source 40 | mountPath: /workspace/source 41 | steps: 42 | - name: generate 43 | image: quay.io/openshift-pipeline/s2i 44 | workingdir: $(workspaces.source.path) 45 | command: ['s2i', 'build', '$(params.PATH_CONTEXT)', 'image-registry.openshift-image-registry.svc:5000/openshift/php:$(params.VERSION)', '--as-dockerfile', '/gen-source/Dockerfile.gen'] 46 | volumeMounts: 47 | - name: gen-source 48 | mountPath: /gen-source 49 | env: 50 | - name: HOME 51 | value: /tekton/home 52 | - name: build 53 | image: $(params.BUILDER_IMAGE) 54 | workingdir: /gen-source 55 | command: ['buildah', 'bud', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(params.IMAGE)', '.'] 56 | volumeMounts: 57 | - name: varlibcontainers 58 | mountPath: /var/lib/containers 59 | - name: gen-source 60 | mountPath: /gen-source 61 | - name: push 62 | image: $(params.BUILDER_IMAGE) 63 | command: ['buildah', 'push', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--digestfile=$(workspaces.source.path)/image-digest', '$(params.IMAGE)', 'docker://$(params.IMAGE)'] 64 | volumeMounts: 65 | - name: varlibcontainers 66 | mountPath: /var/lib/containers 67 | - name: digest-to-results 68 | image: $(params.BUILDER_IMAGE) 69 | script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST 70 | volumes: 71 | - name: varlibcontainers 72 | emptyDir: {} 73 | - name: gen-source 74 | emptyDir: {} 75 | -------------------------------------------------------------------------------- /task/s2i-php/0.1/tests/pv.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: s2i-php-workspace 6 | spec: 7 | accessModes: 8 | - ReadWriteOnce 9 | resources: 10 | requests: 11 | storage: 100Mi 12 | -------------------------------------------------------------------------------- /task/s2i-php/0.1/tests/step.yaml: -------------------------------------------------------------------------------- 1 | - name: fetch-repository-s2i-php 2 | taskRef: 3 | name: git-clone 4 | workspaces: 5 | - name: output 6 | workspace: s2i-php-workspace 7 | params: 8 | - name: url 9 | value: https://github.com/sclorg/s2i-php-container/ 10 | - name: subdirectory 11 | value: "" 12 | - name: deleteExisting 13 | value: "true" 14 | - name: revision 15 | value: master 16 | 17 | - name: s2i-php-test 18 | taskRef: 19 | name: s2i-php 20 | runAfter: 21 | - fetch-repository-s2i-php 22 | workspaces: 23 | - name: source 24 | workspace: s2i-php-workspace 25 | params: 26 | - name: TLSVERIFY 27 | value: "false" 28 | - name: PATH_CONTEXT 29 | value: "test/test-app" 30 | - name: IMAGE 31 | value: "image-registry.openshift-image-registry.svc:5000/{{namespace}}/s2i-php" 32 | -------------------------------------------------------------------------------- /task/s2i-python/0.1/README.md: -------------------------------------------------------------------------------- 1 | # Python Source-to-Image 2 | 3 | This task can be used for building `Python` apps as reproducible Docker 4 | images using Source-to-Image. [Source-to-Image (S2I)](https://github.com/openshift/source-to-image) 5 | is a toolkit and a workflow for building reproducible container images 6 | from source code. This tasks uses the s2i-python image build from [sclorg/s2i-python-container](https://github.com/sclorg/s2i-python-container). 7 | 8 | Python versions currently provided are: 9 | 10 | - 3.8 11 | - 3.8-ubi8 12 | - 3.8-ubi7 13 | - 3.6-ubi8 14 | - 2.7 15 | - 2.7-ubi7 16 | - 2.7-ubi8 17 | 18 | ## Installing the Python Task 19 | 20 | ``` 21 | kubectl apply -f https://raw.githubusercontent.com/openshift/pipelines-catalog/master/task/s2i-python/0.1/s2i-python.yaml 22 | ``` 23 | 24 | ## Parameters 25 | 26 | * **VERSION**: The tag of python imagestream for python version 27 | (_default: 3.8-ubi8_) 28 | * **PATH_CONTEXT**: Source path from where S2I command needs to be run 29 | (_default: ._) 30 | * **TLSVERIFY**: Verify the TLS on the registry endpoint (for push/pull to a 31 | non-TLS registry) (_default:_ `true`) 32 | * **IMAGE**: Location of the repo where image has to be pushed. 33 | 34 | ## Workspaces 35 | 36 | * **source**: A workspace specifying the location of the source to 37 | build. 38 | 39 | ## Creating a ServiceAccount 40 | 41 | S2I builds an image and pushes it to the destination registry which is 42 | defined as a parameter. The image needs proper credentials to be 43 | authenticated by the remote container registry. These credentials can 44 | be provided through a serviceaccount. See [Authentication](https://github.com/tektoncd/pipeline/blob/master/docs/auth.md#basic-authentication-docker) 45 | for further details. 46 | 47 | If you run on OpenShift, you also need to allow the service 48 | account to run privileged containers. Due to security considerations 49 | OpenShift does not allow containers to run as privileged containers 50 | by default. 51 | 52 | Run the following in order to create a service account named 53 | `pipelines` on OpenShift and allow it to run privileged containers: 54 | 55 | ``` 56 | oc create serviceaccount pipeline 57 | oc adm policy add-scc-to-user privileged -z pipeline 58 | oc adm policy add-role-to-user edit -z pipeline 59 | ``` 60 | 61 | ## Using a `Pipeline` with `git-clone` 62 | 63 | ```yaml 64 | apiVersion: tekton.dev/v1beta1 65 | kind: Pipeline 66 | metadata: 67 | name: s2i-python-pipeline 68 | spec: 69 | params: 70 | - name: IMAGE 71 | description: Location of the repo where image has to be pushed 72 | type: string 73 | workspaces: 74 | - name: shared-workspace 75 | tasks: 76 | - name: fetch-repository 77 | taskRef: 78 | name: git-clone 79 | workspaces: 80 | - name: output 81 | workspace: shared-workspace 82 | params: 83 | - name: url 84 | value: https://github.com/username/reponame 85 | - name: subdirectory 86 | value: "" 87 | - name: deleteExisting 88 | value: "true" 89 | - name: s2i 90 | taskRef: 91 | name: s2i-python-3 92 | workspaces: 93 | - name: source 94 | workspace: shared-workspace 95 | params: 96 | - name: IMAGE 97 | value: $(params.IMAGE) 98 | ``` 99 | 100 | ## Creating the pipelinerun 101 | 102 | This PipelineRun runs the python Task to fetch a Git repository and builds and 103 | pushes a container image using S2I and a python builder image. 104 | 105 | ```yaml 106 | apiVersion: tekton.dev/v1beta1 107 | kind: PipelineRun 108 | metadata: 109 | name: s2i-python-pipelinerun 110 | spec: 111 | # Use service account with git and image repo credentials 112 | serviceAccountName: pipeline 113 | pipelineRunRef: 114 | name: s2i-python-pipeline 115 | params: 116 | - name: IMAGE 117 | value: quay.io/my-repo/my-image-name 118 | workspaces: 119 | - name: shared-data 120 | volumeClaimTemplate: 121 | spec: 122 | accessModes: 123 | - ReadWriteOnce 124 | resources: 125 | requests: 126 | storage: 1Gi 127 | ``` 128 | -------------------------------------------------------------------------------- /task/s2i-python/0.1/s2i-python.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: s2i-python 5 | labels: 6 | app.kubernetes.io/version: "0.1" 7 | annotations: 8 | tekton.dev/pipelines.minVersion: "0.19" 9 | tekton.dev/tags: s2i, python, workspace 10 | tekton.dev/displayName: "s2i python" 11 | spec: 12 | description: >- 13 | s2i-python task clones a Git repository and builds and 14 | pushes a container image using S2I and a Python builder image. 15 | 16 | results: 17 | - name: IMAGE_DIGEST 18 | description: Digest of the image just built. 19 | params: 20 | - name: VERSION 21 | description: The tag of python imagestream for python version 22 | default: '3.8-ubi8' 23 | type: string 24 | - name: PATH_CONTEXT 25 | description: The location of the path to run s2i from. 26 | default: . 27 | type: string 28 | - name: TLSVERIFY 29 | description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) 30 | default: "true" 31 | type: string 32 | - name: IMAGE 33 | description: Location of the repo where image has to be pushed 34 | type: string 35 | - name: BUILDER_IMAGE 36 | description: The location of the buildah builder image. 37 | default: quay.io/buildah/stable:v1.17.0 38 | workspaces: 39 | - name: source 40 | mountPath: /workspace/source 41 | steps: 42 | - name: generate 43 | image: quay.io/openshift-pipeline/s2i 44 | workingdir: $(workspaces.source.path) 45 | command: ['s2i', 'build', '$(params.PATH_CONTEXT)', 'image-registry.openshift-image-registry.svc:5000/openshift/python:$(params.VERSION)', '--as-dockerfile', '/gen-source/Dockerfile.gen'] 46 | volumeMounts: 47 | - name: gen-source 48 | mountPath: /gen-source 49 | env: 50 | - name: HOME 51 | value: /tekton/home 52 | - name: build 53 | image: $(params.BUILDER_IMAGE) 54 | workingdir: /gen-source 55 | command: ['buildah', 'bud', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(params.IMAGE)', '.'] 56 | volumeMounts: 57 | - name: varlibcontainers 58 | mountPath: /var/lib/containers 59 | - name: gen-source 60 | mountPath: /gen-source 61 | - name: push 62 | 63 | workingDir: $(workspaces.source.path) 64 | image: $(params.BUILDER_IMAGE) 65 | command: ['buildah', 'push', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--digestfile=$(workspaces.source.path)/image-digest', '$(params.IMAGE)', 'docker://$(params.IMAGE)'] 66 | volumeMounts: 67 | - name: varlibcontainers 68 | mountPath: /var/lib/containers 69 | - name: digest-to-results 70 | image: $(params.BUILDER_IMAGE) 71 | script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST 72 | volumes: 73 | - name: varlibcontainers 74 | emptyDir: {} 75 | - name: gen-source 76 | emptyDir: {} 77 | -------------------------------------------------------------------------------- /task/s2i-python/0.1/tests/pv.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: s2i-python-workspace 6 | spec: 7 | accessModes: 8 | - ReadWriteOnce 9 | resources: 10 | requests: 11 | storage: 100Mi 12 | -------------------------------------------------------------------------------- /task/s2i-python/0.1/tests/step.yaml: -------------------------------------------------------------------------------- 1 | - name: fetch-repository-s2i-python 2 | taskRef: 3 | name: git-clone 4 | workspaces: 5 | - name: output 6 | workspace: s2i-python-workspace 7 | params: 8 | - name: url 9 | value: https://github.com/sclorg/django-ex 10 | - name: subdirectory 11 | value: "" 12 | - name: deleteExisting 13 | value: "true" 14 | - name: revision 15 | value: "master" 16 | 17 | - name: s2i-python-test 18 | taskRef: 19 | name: s2i-python 20 | runAfter: 21 | - fetch-repository-s2i-python 22 | workspaces: 23 | - name: source 24 | workspace: s2i-python-workspace 25 | params: 26 | - name: TLSVERIFY 27 | value: "false" 28 | - name: IMAGE 29 | value: "image-registry.openshift-image-registry.svc:5000/{{namespace}}/s2i-python" 30 | -------------------------------------------------------------------------------- /task/s2i-ruby/0.1/README.md: -------------------------------------------------------------------------------- 1 | # Ruby Source-to-Image 2 | 3 | This task can be used for building `Ruby` apps as reproducible Docker 4 | images using Source-to-Image. [Source-to-Image (S2I)](https://github.com/openshift/source-to-image) 5 | is a toolkit and a workflow for building reproducible container images 6 | from source code. This tasks uses the s2i-ruby image build from [sclorg/s2i-ruby-container](https://github.com/sclorg/s2i-ruby-container). 7 | 8 | Ruby versions currently provided are: 9 | 10 | - 2.7 11 | - 2.7-ubi7 12 | - 2.7-ubi8 13 | - 2.6 14 | - 2.6-ubi7 15 | - 2.6-ubi8 16 | - 2.5 17 | - 2.5-ubi7 18 | - 2.5-ubi8 19 | 20 | ## Installing the Ruby Task 21 | 22 | ``` 23 | kubectl apply -f https://raw.githubusercontent.com/openshift/pipelines-catalog/master/task/s2i-ruby/0.1/s2i-ruby.yaml 24 | ``` 25 | 26 | ## Parameters 27 | 28 | * **VERSION**: The tag of ruby imagestream for ruby version 29 | (_default: 2.7-ubi8_) 30 | * **PATH_CONTEXT**: Source path from where S2I command needs to be run 31 | (_default: ._) 32 | * **TLSVERIFY**: Verify the TLS on the registry endpoint (for push/pull to a 33 | non-TLS registry) (_default:_ `true`) 34 | * **IMAGE**: Location of the repo where image has to be pushed. 35 | 36 | ## Workspaces 37 | 38 | * **source**: A workspace specifying the location of the source to 39 | build. 40 | 41 | ## Creating a ServiceAccount 42 | 43 | S2I builds an image and pushes it to the destination registry which is 44 | defined as a parameter. The image needs proper credentials to be 45 | authenticated by the remote container registry. These credentials can 46 | be provided through a serviceaccount. See [Authentication](https://github.com/tektoncd/pipeline/blob/master/docs/auth.md#basic-authentication-docker) 47 | for further details. 48 | 49 | If you run on OpenShift, you also need to allow the service 50 | account to run privileged containers. Due to security considerations 51 | OpenShift does not allow containers to run as privileged containers 52 | by default. 53 | 54 | Run the following in order to create a service account named 55 | `pipelines` on OpenShift and allow it to run privileged containers: 56 | 57 | ``` 58 | oc create serviceaccount pipeline 59 | oc adm policy add-scc-to-user privileged -z pipeline 60 | oc adm policy add-role-to-user edit -z pipeline 61 | ``` 62 | 63 | ## Using a `Pipeline` with `git-clone` 64 | 65 | ```yaml 66 | apiVersion: tekton.dev/v1beta1 67 | kind: Pipeline 68 | metadata: 69 | name: s2i-ruby-pipeline 70 | spec: 71 | params: 72 | - name: IMAGE 73 | description: Location of the repo where image has to be pushed 74 | type: string 75 | workspaces: 76 | - name: shared-workspace 77 | tasks: 78 | - name: fetch-repository 79 | taskRef: 80 | name: git-clone 81 | workspaces: 82 | - name: output 83 | workspace: shared-workspace 84 | params: 85 | - name: url 86 | value: https://github.com/username/reponame 87 | - name: subdirectory 88 | value: "" 89 | - name: deleteExisting 90 | value: "true" 91 | - name: s2i 92 | taskRef: 93 | name: s2i-ruby 94 | workspaces: 95 | - name: source 96 | workspace: shared-workspace 97 | params: 98 | - name: IMAGE 99 | value: $(params.IMAGE) 100 | ``` 101 | 102 | ## Creating the pipelinerun 103 | 104 | This PipelineRun runs the ruby Task to fetch a Git repository and builds and 105 | pushes a container image using S2I and a ruby builder image. 106 | 107 | ```yaml 108 | apiVersion: tekton.dev/v1beta1 109 | kind: PipelineRun 110 | metadata: 111 | name: s2i-ruby-pipelinerun 112 | spec: 113 | # Use service account with git and image repo credentials 114 | serviceAccountName: pipeline 115 | pipelineRunRef: 116 | name: s2i-ruby-pipeline 117 | params: 118 | - name: IMAGE 119 | value: quay.io/my-repo/my-image-name 120 | workspaces: 121 | - name: shared-data 122 | volumeClaimTemplate: 123 | spec: 124 | accessModes: 125 | - ReadWriteOnce 126 | resources: 127 | requests: 128 | storage: 1Gi 129 | ``` 130 | -------------------------------------------------------------------------------- /task/s2i-ruby/0.1/s2i-ruby.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: s2i-ruby 5 | labels: 6 | app.kubernetes.io/version: "0.1" 7 | annotations: 8 | tekton.dev/pipelines.minVersion: "0.19" 9 | tekton.dev/tags: s2i, ruby, workspace 10 | tekton.dev/displayName: "s2i ruby" 11 | spec: 12 | description: >- 13 | s2i-ruby task clones a Git repository and builds and 14 | pushes a container image using S2I and a Ruby builder image. 15 | 16 | results: 17 | - name: IMAGE_DIGEST 18 | description: Digest of the image just built. 19 | params: 20 | - name: VERSION 21 | description: The tag of ruby imagestream for ruby version 22 | default: '2.7-ubi8' 23 | type: string 24 | - name: PATH_CONTEXT 25 | description: The location of the path to run s2i from. 26 | default: . 27 | type: string 28 | - name: TLSVERIFY 29 | description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) 30 | default: "true" 31 | type: string 32 | - name: IMAGE 33 | description: Location of the repo where image has to be pushed 34 | type: string 35 | - name: BUILDER_IMAGE 36 | description: The location of the buildah builder image. 37 | default: quay.io/buildah/stable:v1.17.0 38 | workspaces: 39 | - name: source 40 | mountPath: /workspace/source 41 | steps: 42 | - name: generate 43 | image: quay.io/openshift-pipeline/s2i 44 | workingdir: $(workspaces.source.path) 45 | command: ['s2i', 'build', '$(params.PATH_CONTEXT)', 'image-registry.openshift-image-registry.svc:5000/openshift/ruby:$(params.VERSION)', '--as-dockerfile', '/gen-source/Dockerfile.gen'] 46 | volumeMounts: 47 | - name: gen-source 48 | mountPath: /gen-source 49 | env: 50 | - name: HOME 51 | value: /tekton/home 52 | - name: build 53 | image: $(params.BUILDER_IMAGE) 54 | workingdir: /gen-source 55 | command: ['buildah', 'bud', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(params.IMAGE)', '.'] 56 | volumeMounts: 57 | - name: varlibcontainers 58 | mountPath: /var/lib/containers 59 | - name: gen-source 60 | mountPath: /gen-source 61 | - name: push 62 | image: $(params.BUILDER_IMAGE) 63 | workingDir: $(workspaces.source.path) 64 | command: ['buildah', 'push', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--digestfile=$(workspaces.source.path)/image-digest', '$(params.IMAGE)', 'docker://$(params.IMAGE)'] 65 | volumeMounts: 66 | - name: varlibcontainers 67 | mountPath: /var/lib/containers 68 | - name: digest-to-results 69 | image: $(params.BUILDER_IMAGE) 70 | script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST 71 | volumes: 72 | - name: varlibcontainers 73 | emptyDir: {} 74 | - name: gen-source 75 | emptyDir: {} 76 | -------------------------------------------------------------------------------- /task/s2i-ruby/0.1/tests/pv.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: s2i-ruby-workspace 6 | spec: 7 | accessModes: 8 | - ReadWriteOnce 9 | resources: 10 | requests: 11 | storage: 100Mi 12 | -------------------------------------------------------------------------------- /task/s2i-ruby/0.1/tests/step.yaml: -------------------------------------------------------------------------------- 1 | - name: fetch-repository-s2i-ruby 2 | taskRef: 3 | name: git-clone 4 | workspaces: 5 | - name: output 6 | workspace: s2i-ruby-workspace 7 | params: 8 | - name: url 9 | value: https://github.com/sclorg/ruby-ex 10 | - name: subdirectory 11 | value: "" 12 | - name: deleteExisting 13 | value: "true" 14 | - name: revision 15 | value: "master" 16 | 17 | - name: s2i-ruby-test 18 | taskRef: 19 | name: s2i-ruby 20 | runAfter: 21 | - fetch-repository-s2i-ruby 22 | workspaces: 23 | - name: source 24 | workspace: s2i-ruby-workspace 25 | params: 26 | - name: TLSVERIFY 27 | value: "false" 28 | - name: IMAGE 29 | value: "image-registry.openshift-image-registry.svc:5000/{{namespace}}/s2i-ruby" 30 | --------------------------------------------------------------------------------