vynil/domain-incoming
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2024-04-23 13:50:43 +02:00
parent 2f2419f393
commit 04885995d3
5 changed files with 1 additions and 375 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
share/gitea-tekton-org/index.rhai
View File

@@ -4,16 +4,13 @@ const duplicates=["auto-ci-detector.py"];
const sources=[
#{url: "https://github.com/tektoncd/catalog/raw/main/task/python-coverage/0.1/python-coverage.yaml", name: "python-coverage.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/black/0.2/black.yaml", name: "black.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/buildkit-daemonless/0.1/buildkit-daemonless.yaml", name: "buildkit-daemonless.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/buildpacks-phases/0.2/buildpacks-phases.yaml", name: "buildpacks-phases.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/buildpacks/0.6/buildpacks.yaml", name: "buildpacks.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/check-make/0.1/check-make.yaml", name: "check-make.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/docker-build/0.1/docker-build.yaml", name: "docker-build.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/generate-build-id/0.1/generate-build-id.yaml", name: "generate-build-id.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/gitea-set-status/0.1/gitea-set-status.yaml", name: "gitea-set-status.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/hadolint/0.1/hadolint.yaml", name: "hadolint.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/hugo/0.1/hugo.yaml", name: "hugo.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/kaniko/0.6/kaniko.yaml", name: "kaniko.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/kube-linter/0.1/kube-linter.yaml", name: "kube-linter.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/kubeval/0.1/kubeval.yaml", name: "kubeval.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/markdown-lint/0.1/markdown-lint.yaml", name: "markdown-lint.yaml"},
@@ -33,14 +30,11 @@ const sources=[
#{url: "https://github.com/tektoncd/catalog/raw/main/task/ansible-builder/0.1/ansible-builder.yaml", name: "ansible-builder.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/ansible-runner/0.2/ansible-runner.yaml", name: "ansible-runner.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/yq/0.4/yq.yaml", name: "yq.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/pipeline/buildpacks/0.2/buildpacks.yaml", name: "buildpacks-pipeline.yaml"}
];
// https://github.com/tektoncd/catalog/raw/main/task/trivy-scanner/0.2/trivy-scanner.yaml
fn pre_pack() {
for file in global::sources {
//shell(`curl -sL ${file.url} > ${global::SRC}/${file.name}`);
shell(`curl -sL ${file.url} > ${global::SRC}/${file.name}`);
}
}
fn post_pack() {

139
share/gitea-tekton-org/tekton.dev_v1beta1_Pipeline_buildpacks.yaml
View File

@@ -1,139 +0,0 @@
---
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: buildpacks
labels:
app.kubernetes.io/version: "0.2"
annotations:
tekton.dev/pipelines.minVersion: "0.17.0"
tekton.dev/tags: image-build
tekton.dev/displayName: "Buildpacks"
tekton.dev/platforms: "linux/amd64"
spec:
description: >-
The Buildpacks pipeline builds source from a Git repository into a container image and pushes it to a registry, using Cloud Native Buildpacks.
workspaces:
- name: source-ws
description: Location where source is stored.
- name: cache-ws
description: Location where cache is stored if CACHE_IMAGE is not provided.
optional: true
params:
- name: BUILDER_IMAGE
description: The image on which builds will run (must include lifecycle and compatible buildpacks).
- name: TRUST_BUILDER
description: >-
Whether the builder image is trusted.
When false, each build phase is executed in isolation and credentials are only shared with trusted images.
default: "false"
- name: APP_IMAGE
description: The name of where to store the app image.
- name: SOURCE_URL
description: A git repo url where the source code resides.
- name: SOURCE_REFERENCE
description: The branch, tag or SHA to checkout.
default: ""
- name: SOURCE_SUBPATH
description: A subpath within checked out source where the source to build is located.
default: ""
- name: ENV_VARS
type: array
description: Environment variables to set during _build-time_.
default: [""]
- name: PROCESS_TYPE
description: The default process type to set on the image.
default: "web"
- name: RUN_IMAGE
description: The name of the run image to use (defaults to image specified in builder).
default: ""
- name: CACHE_IMAGE
description: The name of the persistent cache image.
default: ""
- name: USER_ID
description: The user ID of the builder image user.
default: "1000"
- name: GROUP_ID
description: The group ID of the builder image user.
default: "1000"
tasks:
- name: fetch-from-git
taskRef:
name: git-clone
params:
- name: url
value: $(params.SOURCE_URL)
- name: revision
value: $(params.SOURCE_REFERENCE)
workspaces:
- name: output
workspace: source-ws
- name: build-trusted
runAfter:
- fetch-from-git
taskRef:
name: buildpacks
when:
- input: "$(params.TRUST_BUILDER)"
operator: in
values: ["true", "yes", "TRUE", "True"]
workspaces:
- name: source
workspace: source-ws
- name: cache
workspace: cache-ws
params:
- name: BUILDER_IMAGE
value: "$(params.BUILDER_IMAGE)"
- name: APP_IMAGE
value: "$(params.APP_IMAGE)"
- name: SOURCE_SUBPATH
value: "$(params.SOURCE_SUBPATH)"
- name: PROCESS_TYPE
value: "$(params.PROCESS_TYPE)"
- name: ENV_VARS
value: ["$(params.ENV_VARS)"]
- name: RUN_IMAGE
value: "$(params.RUN_IMAGE)"
- name: CACHE_IMAGE
value: "$(params.CACHE_IMAGE)"
- name: USER_ID
value: "$(params.USER_ID)"
- name: GROUP_ID
value: "$(params.GROUP_ID)"
- name: build-untrusted
runAfter:
- fetch-from-git
taskRef:
name: buildpacks-phases
when:
- input: "$(params.TRUST_BUILDER)"
operator: notin
values: ["true", "yes", "TRUE", "True"]
workspaces:
- name: source
workspace: source-ws
- name: cache
workspace: cache-ws
params:
- name: BUILDER_IMAGE
value: "$(params.BUILDER_IMAGE)"
- name: APP_IMAGE
value: "$(params.APP_IMAGE)"
- name: SOURCE_SUBPATH
value: "$(params.SOURCE_SUBPATH)"
- name: ENV_VARS
value: ["$(params.ENV_VARS)"]
- name: PROCESS_TYPE
value: "$(params.PROCESS_TYPE)"
- name: RUN_IMAGE
value: "$(params.RUN_IMAGE)"
- name: CACHE_IMAGE
value: "$(params.CACHE_IMAGE)"
- name: USER_ID
value: "$(params.USER_ID)"
- name: GROUP_ID
value: "$(params.GROUP_ID)"

51
share/gitea-tekton-org/tekton.dev_v1beta1_Task_buildkit-daemonless.yaml
View File

@@ -1,51 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: buildkit-daemonless
labels:
app.kubernetes.io/version: "0.1"
annotations:
tekton.dev/pipelines.minVersion: "0.12.1"
tekton.dev/categories: Image Build
tekton.dev/tags: image-build
tekton.dev/displayName: "buildkit daemonless"
tekton.dev/platforms: "linux/amd64"
tekton.dev/deprecated: "true"
spec:
description: >-
This Task builds source into a container image using Moby BuildKit.
This buildkit-daemonless Task is similar to buildkit but does not need
creating Secret, Deployment, and Service resources for setting up the
buildkitd daemon cluster.
params:
- name: DOCKERFILE
description: The name of the Dockerfile
default: "Dockerfile"
- name: BUILDKIT_IMAGE
description: The name of the BuildKit image
# The image needs to be rootful because Tekton creates /builder/home/.docker/config.json owned by root:root with 0600
# https://github.com/tektoncd/pipeline/issues/852
default: "docker.io/moby/buildkit:v0.6.2@sha256:db234cf7362aef489e4273a6937794cb19c09ba15c7ee0ec6f85044086ea4f6a"
workspaces:
- name: source
resources:
outputs:
- name: image
type: image
steps:
- name: build-and-push
image: $(params.BUILDKIT_IMAGE)
workingDir: $(workspaces.source.path)
securityContext:
privileged: true
command: ["buildctl-daemonless.sh", "--debug",
"build",
"--progress=plain",
"--frontend=dockerfile.v0",
"--opt", "filename=$(params.DOCKERFILE)",
"--local", "context=.", "--local", "dockerfile=.",
"--output", "type=image,name=$(resources.outputs.image.url),push=true",
"--export-cache", "type=inline",
"--import-cache", "type=registry,ref=$(resources.outputs.image.url)"]

113
share/gitea-tekton-org/tekton.dev_v1beta1_Task_docker-build.yaml
View File

@@ -1,113 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: docker-build
labels:
app.kubernetes.io/version: "0.1"
annotations:
tekton.dev/pipelines.minVersion: "0.12.1"
tekton.dev/categories: Image Build
tekton.dev/tags: docker, build-image, push-image, dind
tekton.dev/displayName: docker-build
tekton.dev/platforms: "linux/amd64"
spec:
description: >-
This task will build and push an image using docker.
The task will build an out image out of a Dockerfile.
This image will be pushed to an image registry.
The image will be built and pushed using a dind sidecar over TCP+TLS.
params:
- name: image
description: Reference of the image docker will produce.
- name: builder_image
description: The location of the docker builder image.
default: docker.io/library/docker:stable@sha256:18ff92d3d31725b53fa6633d60bed323effb6d5d4588be7b547078d384e0d4bf #tag: stable
- name: dind_image
description: The location of the docker-in-docker image.
default: docker:dind
- name: dockerfile
description: Path to the Dockerfile to build.
default: ./Dockerfile
- name: context
description: Path to the directory to use as context.
default: .
- name: build_extra_args
description: Extra parameters passed for the build command when building images.
default: ""
- name: push_extra_args
description: Extra parameters passed for the push command when pushing images.
default: ""
- name: insecure_registry
description: Allows the user to push to an insecure registry that has been specified
default: ""
workspaces:
- name: source
results:
- name: IMAGE_DIGEST
description: Digest of the image just built.
steps:
- name: docker-build
image: $(params.builder_image)
env:
# Connect to the sidecar over TCP, with TLS.
- name: DOCKER_HOST
value: tcp://localhost:2376
# Verify TLS.
- name: DOCKER_TLS_VERIFY
value: '1'
# Use the certs generated by the sidecar daemon.
- name: DOCKER_CERT_PATH
value: /certs/client
workingDir: $(workspaces.source.path)
script: |
docker build \
$(params.build_extra_args) \
--no-cache \
-f $(params.dockerfile) -t $(params.image) $(params.context)
volumeMounts:
- mountPath: /certs/client
name: dind-certs
- name: docker-push
image: $(params.builder_image)
env:
# Connect to the sidecar over TCP, with TLS.
- name: DOCKER_HOST
value: tcp://localhost:2376
# Verify TLS.
- name: DOCKER_TLS_VERIFY
value: '1'
# Use the certs generated by the sidecar daemon.
- name: DOCKER_CERT_PATH
value: /certs/client
workingDir: $(workspaces.source.path)
script: |
docker push $(params.push_extra_args) $(params.image)
volumeMounts:
- mountPath: /certs/client
name: dind-certs
sidecars:
- image: $(params.dind_image)
name: server
args:
- --storage-driver=vfs
- --userland-proxy=false
- --debug
- --insecure-registry=$(params.insecure_registry)
securityContext:
privileged: true
env:
# Write generated certs to the path shared with the client.
- name: DOCKER_TLS_CERTDIR
value: /certs
volumeMounts:
- mountPath: /certs/client
name: dind-certs
# Wait for the dind daemon to generate the certs it will share with the
# client.
readinessProbe:
periodSeconds: 1
exec:
command: ['ls', '/certs/client/ca.pem']
volumes:
- name: dind-certs
emptyDir: {}

65
share/gitea-tekton-org/tekton.dev_v1beta1_Task_kaniko.yaml
View File

@@ -1,65 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: kaniko
labels:
app.kubernetes.io/version: "0.6"
annotations:
tekton.dev/pipelines.minVersion: "0.17.0"
tekton.dev/categories: Image Build
tekton.dev/tags: image-build
tekton.dev/displayName: "Build and upload container image using Kaniko"
tekton.dev/platforms: "linux/amd64,linux/arm64,linux/ppc64le"
spec:
description: >-
This Task builds a simple Dockerfile with kaniko and pushes to a registry.
This Task stores the image name and digest as results, allowing Tekton Chains to pick up
that an image was built & sign it.
params:
- name: IMAGE
description: Name (reference) of the image to build.
- name: DOCKERFILE
description: Path to the Dockerfile to build.
default: ./Dockerfile
- name: CONTEXT
description: The build context used by Kaniko.
default: ./
- name: EXTRA_ARGS
type: array
default: []
- name: BUILDER_IMAGE
description: The image on which builds will run (default is v1.5.1)
default: gcr.io/kaniko-project/executor:v1.5.1@sha256:c6166717f7fe0b7da44908c986137ecfeab21f31ec3992f6e128fff8a94be8a5
workspaces:
- name: source
description: Holds the context and Dockerfile
- name: dockerconfig
description: Includes a docker `config.json`
optional: true
mountPath: /kaniko/.docker
results:
- name: IMAGE_DIGEST
description: Digest of the image just built.
- name: IMAGE_URL
description: URL of the image just built.
steps:
- name: build-and-push
workingDir: $(workspaces.source.path)
image: $(params.BUILDER_IMAGE)
args:
- $(params.EXTRA_ARGS)
- --dockerfile=$(params.DOCKERFILE)
- --context=$(workspaces.source.path)/$(params.CONTEXT) # The user does not need to care the workspace and the source.
- --destination=$(params.IMAGE)
- --digest-file=$(results.IMAGE_DIGEST.path)
# kaniko assumes it is running as root, which means this example fails on platforms
# that default to run containers as random uid (like OpenShift). Adding this securityContext
# makes it explicit that it needs to run as root.
securityContext:
runAsUser: 0
- name: write-url
image: docker.io/library/bash:5.1.4@sha256:c523c636b722339f41b6a431b44588ab2f762c5de5ec3bd7964420ff982fb1d9
script: |
set -e
image="$(params.IMAGE)"
echo -n "${image}" | tee "$(results.IMAGE_URL.path)"