From 73b9353adafa3566dc0c24fb1acaf46bb3c7e206 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Huss?= Date: Wed, 22 May 2024 14:23:52 +0200 Subject: [PATCH] fix --- share/tekton-tasks/all_Task.tf | 1510 ++++++++++++++++++++++++++++++++ share/tekton-tasks/common.tf | 13 + share/tekton-tasks/index.yaml | 27 + 3 files changed, 1550 insertions(+) create mode 100644 share/tekton-tasks/all_Task.tf create mode 100644 share/tekton-tasks/common.tf create mode 100644 share/tekton-tasks/index.yaml diff --git a/share/tekton-tasks/all_Task.tf b/share/tekton-tasks/all_Task.tf new file mode 100644 index 0000000..6e3d42a --- /dev/null +++ b/share/tekton-tasks/all_Task.tf @@ -0,0 +1,1510 @@ +resource "kubectl_manifest" "Task_python-coverage" { + yaml_body = <<-EOF + apiVersion: tekton.dev/v1beta1 + kind: Task + metadata: + name: python-coverage + labels: ${jsonencode(local.common_labels)} + annotations: + tekton.dev/categories: Code Quality + tekton.dev/pipelines.minVersion: 0.12.1 + tekton.dev/tags: python, coverage + tekton.dev/displayName: python coverage + tekton.dev/platforms: linux/amd64,linux/s390x,linux/ppc64le + namespace: ${var.namespace} + spec: + description: This task can be used to measure code coverage of Python projects. + workspaces: + - name: source + params: + - name: PYTHON + description: The used Python version, more precisely the tag for the Python image + type: string + default: latest + - name: ARGS + description: The additional arguments to be used with pytest + type: string + default: '' + - name: SOURCE_PATH + description: The path to the source code + default: . + - name: REQUIREMENTS_FILE + description: The name of the requirements file inside the source location + default: requirements.txt + steps: + - name: code-coverage + image: docker.io/python:$(inputs.params.PYTHON) + workingDir: $(workspaces.source.path) + script: |- + export PATH=$PATH:$HOME/.local/bin + if [ -n "$(inputs.params.REQUIREMENTS_FILE)" ] && [ -e "$(inputs.params.REQUIREMENTS_FILE)" ];then + pip install -r $(inputs.params.SOURCE_PATH)/$(inputs.params.REQUIREMENTS_FILE) + pip show pytest || { + echo "###\nWarning: Pytest is missing in your requirements\n###"; + pip install pytest + } + pip show coverage || { + echo "###\nWarning: Coverage is missing in your requirements\n###"; + pip install coverage + } + else + pip install pytest coverage + fi + coverage run -m pytest $(inputs.params.ARGS) $(inputs.params.SOURCE_PATH) + coverage report -m +EOF +} + +resource "kubectl_manifest" "Task_npm" { + yaml_body = <<-EOF + apiVersion: tekton.dev/v1beta1 + kind: Task + metadata: + name: npm + labels: ${jsonencode(local.common_labels)} + annotations: + tekton.dev/pipelines.minVersion: 0.17.0 + tekton.dev/categories: Build Tools + tekton.dev/tags: build-tool + tekton.dev/platforms: linux/amd64,linux/s390x,linux/ppc64le + namespace: ${var.namespace} + spec: + description: |- + This task can be used to run npm goals on a project. + This task can be used to run npm goals on a project where package.json is present and has some pre-defined npm scripts. + workspaces: + - name: source + params: + - name: PATH_CONTEXT + type: string + default: . + description: The path where package.json of the project is defined. + - name: ARGS + type: array + default: + - version + description: The npm goals you want to run. + - name: IMAGE + type: string + default: docker.io/library/node:12-alpine@sha256:dfbebf17bfb014e1e7068e76325a117bccf8679c68aec6a28514184a209c8bae + description: The node image you want to use. + steps: + - name: npm-run + image: $(params.IMAGE) + command: + - npm + args: + - $(params.ARGS) + workingDir: $(workspaces.source.path)/$(params.PATH_CONTEXT) + env: + - name: CI + value: 'true' +EOF +} + +resource "kubectl_manifest" "Task_pytest" { + yaml_body = <<-EOF + apiVersion: tekton.dev/v1beta1 + kind: Task + metadata: + name: pytest + labels: ${jsonencode(local.common_labels)} + annotations: + tekton.dev/categories: Testing + tekton.dev/pipelines.minVersion: 0.17.0 + tekton.dev/tags: python, pytest + tekton.dev/displayName: pytest + tekton.dev/platforms: linux/amd64,linux/s390x,linux/ppc64le + namespace: ${var.namespace} + spec: + description: This task will run pytest on the provided input. + workspaces: + - name: source + - description: The workspace consisting of the custom pip settings. + name: pip-conf + optional: true + params: + - name: PYTHON_IMAGE + description: The used Python image + type: string + default: docker.io/python:3.11.1-bullseye + - name: ARGS + description: The additional arguments to be used with pytest + type: string + default: '' + - name: SOURCE_PATH + description: The path to the source code + default: . + - name: REQUIREMENTS_FILE + description: The name of the requirements file inside the source location, with fallback to the requirements file in the root location + default: requirements.txt + - name: PIP_CONF_FILE + description: The name of the custom pip config file. + default: pip.conf + steps: + - name: unit-test + image: $(params.PYTHON_IMAGE) + workingDir: $(workspaces.source.path) + env: + - name: PARAM_PIP_CONF_FILE + value: $(params.PIP_CONF_FILE) + - name: WORKSPACE_PIP_CONF_BOUND + value: $(workspaces.pip-conf.bound) + - name: WORKSPACE_PIP_CONF_PATH + value: $(workspaces.pip-conf.path) + script: |- + export PATH=$PATH:$HOME/.local/bin + + if [ "$${WORKSPACE_PIP_CONF_BOUND}" = "true" ] ; then + export PIP_CONFIG_FILE="$${WORKSPACE_PIP_CONF_PATH}/$${PARAM_PIP_CONF_FILE}" + fi + + if [ -e "$(params.SOURCE_PATH)"/"$(params.REQUIREMENTS_FILE)" ]; + then + pip install -r "$(params.SOURCE_PATH)"/"$(params.REQUIREMENTS_FILE)" + pip show pytest || { + printf "###\nWarning: Pytest is missing in your test requirements file\n###"; + pip install pytest + } + else + if [ -e "$(params.REQUIREMENTS_FILE)" ]; + then + pip install -r "$(params.REQUIREMENTS_FILE)" + fi + pip install pytest + fi + if [ -z "$(params.ARGS)" ]; then + pytest "$(params.SOURCE_PATH)" + else + pytest "$(params.ARGS)" "$(params.SOURCE_PATH)" + fi +EOF +} + +resource "kubectl_manifest" "Task_shellcheck" { + yaml_body = <<-EOF + apiVersion: tekton.dev/v1beta1 + kind: Task + metadata: + name: shellcheck + labels: ${jsonencode(local.common_labels)} + annotations: + tekton.dev/pipelines.minVersion: 0.12.1 + tekton.dev/categories: Code Quality + tekton.dev/tags: linter + tekton.dev/displayName: Shellcheck + tekton.dev/platforms: linux/amd64 + namespace: ${var.namespace} + spec: + description: This task can be used to perform lint check on Shell Script files + workspaces: + - name: shared-workspace + description: A workspace that contains the fetched git repository. + params: + - name: args + type: array + description: extra args needs to append + default: + - --help + steps: + - name: lint-shell + image: docker.io/koalaman/shellcheck:v0.7.1@sha256:ad95c140f7bf5cc66e50e19da7d72c398583ba24c5866ac32c882eb3ddc153ee + workingDir: $(workspaces.shared-workspace.path) + command: + - /bin/shellcheck + args: + - $(params.args) +EOF +} + +resource "kubectl_manifest" "Task_markdown-lint" { + yaml_body = <<-EOF + apiVersion: tekton.dev/v1beta1 + kind: Task + metadata: + name: markdown-lint + labels: ${jsonencode(local.common_labels)} + annotations: + tekton.dev/pipelines.minVersion: 0.12.1 + tekton.dev/categories: Code Quality + tekton.dev/tags: linter + tekton.dev/displayName: Markdown linter + tekton.dev/platforms: linux/amd64 + namespace: ${var.namespace} + spec: + description: This task can be used to perform lint check on Markdown files + workspaces: + - name: shared-workspace + description: A workspace that contains the fetched git repository. + params: + - name: args + type: array + description: extra args needs to append + default: + - --help + steps: + - name: lint-markdown-files + image: docker.io/markdownlint/markdownlint:0.11.0@sha256:399a199c92f89f42cf3a0a1159bd86ca5cdc293fcfd39f87c0669ddee9767724 + workingDir: $(workspaces.shared-workspace.path) + command: + - mdl + args: + - $(params.args) +EOF +} + +resource "kubectl_manifest" "Task_black" { + yaml_body = <<-EOF + apiVersion: tekton.dev/v1beta1 + kind: Task + metadata: + name: black + labels: ${jsonencode(local.common_labels)} + annotations: + tekton.dev/pipelines.minVersion: 0.12.1 + tekton.dev/categories: Code Quality + tekton.dev/tags: formatter, python, black + tekton.dev/displayName: Python Black + tekton.dev/platforms: linux/amd64 + namespace: ${var.namespace} + spec: + description: This task can be used to format Python code + workspaces: + - name: shared-workspace + description: The workspace containing python source code which we want to format. + params: + - name: image + description: The container image to use black in + default: docker.io/cytopia/black:latest-0.2@sha256:2ec766f1c7e42e6b59c0873ce066fa0a2aa2bf8a80dbc1c40f1566bb539303e0 + - name: requirements_file + description: The name of the requirements file inside the source location + default: requirements.txt + - name: args + type: array + description: extra args that needs to be appended + default: + - --help + steps: + - name: format-python-code + image: $(params.image) + workingDir: $(workspaces.shared-workspace.path) + script: | + export HOME=/tmp/python + export PATH=$PATH:/tmp/python/.local/bin + if [ -n "$(params.requirements_file)" ] && [ -e "$(params.requirements_file)" ];then + python -mpip install --user -r $(params.requirements_file) + fi + black $@ + args: + - $(params.args) +EOF +} + +resource "kubectl_manifest" "Task_kube-linter" { + yaml_body = <<-EOF + apiVersion: tekton.dev/v1beta1 + kind: Task + metadata: + name: kube-linter + labels: ${jsonencode(local.common_labels)} + annotations: + tekton.dev/pipelines.minVersion: 0.12.1 + tekton.dev/categories: Code Quality + tekton.dev/tags: Kubernetes, Misconfiguration + tekton.dev/displayName: Kube-Linter + tekton.dev/platforms: linux/amd64 + namespace: ${var.namespace} + spec: + description: |- + This task makes it possible to use kube-linter within Tekton Pipeline. + The KubeLinter tool by StackRox is an open-source command-line interface to identify misconfigurations in Kubernetes objects. KubeLinter offers the ability to integrate checks on Kubernetes YAML files and Helm charts before deployment into a Kubernetes cluster. With 31 standard built-in checks and the room to configure your own, you get immediate feedback about misconfigurations and Kubernetes security violations. + workspaces: + - name: source + description: A workspace that contains fetched git repo. + params: + - name: config_file_url + type: string + description: url from where the config file would be fetched. + default: '' + - name: config_file_path + type: string + description: path to config file. + default: '' + - name: manifest + type: string + description: path to manifest files or manifest directory to be checked. + default: . + - name: includelist + type: string + description: A string with comma separated checks to be included + default: '' + - name: excludelist + type: string + description: A string with comma separated checks to be excluded + default: '' + - name: default_option + type: string + description: 'provides two options (adding all built-in checks or disabling all default checks): add-all-built-in and/do-not-auto-add-defaults' + default: '' + - name: output_format + type: string + description: format in which report will be generated. (json|sarif|plain) (default:"json") + default: json + - name: args + type: array + description: args + default: [] + steps: + - name: fetch-config-file + image: registry.access.redhat.com/ubi8/ubi-minimal:8.2 + workingDir: $(workspaces.source.path) + script: | + #!/usr/bin/env bash + set -e + + if [ -n "$(params.config_file_url)" ] + then + curl "$(params.config_file_url)" --output "$(params.config_file_path)" + echo "Fetched the config file from given ($(params.config_file_url)) URL and successfully saved at $(workspaces.source.path)/$(params.config_file_path)" + else + echo "No config file url was set" + fi + - name: lint-yaml + image: docker.io/stackrox/kube-linter:0.2.2-2-g7d10a69154-alpine@sha256:e520e9d8d3a2dfa611914836536545b135845e7bda9f1df34b060e116232dbf0 + workingDir: $(workspaces.source.path) + script: | + mv ../../kube-linter ../../bin; + + if [ -n "$(params.config_file_path)" ] + then + kube-linter lint "$(params.manifest)" --config "$(params.config_file_path)" --format "$(params.output_format)" "$@" + else + if [ -n "$(params.default_option)" ] + then + kube-linter lint "$(params.manifest)" --"$(params.default_option)" --include "$(params.includelist)" --exclude "$(params.excludelist)" --format "$(params.output_format)" "$@" + else + kube-linter lint "$(params.manifest)" --include "$(params.includelist)" --exclude "$(params.excludelist)" --format "$(params.output_format)" "$@" + fi + fi + args: + - $(params.args) +EOF +} + +resource "kubectl_manifest" "Task_yaml-lint" { + yaml_body = <<-EOF + apiVersion: tekton.dev/v1beta1 + kind: Task + metadata: + name: yaml-lint + labels: ${jsonencode(local.common_labels)} + annotations: + tekton.dev/pipelines.minVersion: 0.12.1 + tekton.dev/categories: Code Quality + tekton.dev/tags: linter + tekton.dev/displayName: YAML linter + tekton.dev/platforms: linux/amd64 + namespace: ${var.namespace} + spec: + description: This task can be used to perform lint check on YAML files + workspaces: + - name: shared-workspace + description: A workspace that contains the fetched git repository. + params: + - name: args + type: array + description: extra args needs to append + default: + - --help + steps: + - name: lint-yaml-files + image: docker.io/cytopia/yamllint:1.23@sha256:e9deea51bbdc35950cacf6594dab94100d9bbf5c987540b8874167d58e6bdce2 + workingDir: $(workspaces.shared-workspace.path) + command: + - yamllint + args: + - $(params.args) +EOF +} + +resource "kubectl_manifest" "Task_buildpacks-phases" { + yaml_body = <<-EOF + apiVersion: tekton.dev/v1beta1 + kind: Task + metadata: + name: buildpacks-phases + labels: ${jsonencode(local.common_labels)} + annotations: + tekton.dev/categories: Image Build, Security + tekton.dev/pipelines.minVersion: 0.17.0 + tekton.dev/tags: image-build + tekton.dev/displayName: Buildpacks (phases) + tekton.dev/platforms: linux/amd64 + namespace: ${var.namespace} + spec: + description: The Buildpacks-Phases task builds source into a container image and pushes it to a registry, using Cloud Native Buildpacks. This task separately calls the aspects of the Cloud Native Buildpacks lifecycle, to provide increased security via container isolation. + workspaces: + - name: source + description: Directory where application source is located. + - name: cache + description: Directory where cache is stored (when no cache image is provided). + optional: true + params: + - name: APP_IMAGE + description: The name of where to store the app image. + - name: BUILDER_IMAGE + description: The image on which builds will run (must include lifecycle and compatible buildpacks). + - name: SOURCE_SUBPATH + description: A subpath within the `source` input where the source to build is located. + default: '' + - name: ENV_VARS + type: array + description: Environment variables to set during _build-time_. + default: [] + - name: PROCESS_TYPE + description: The default process type to set on the image. + default: web + - name: RUN_IMAGE + description: Reference to a run image to use. + default: '' + - name: CACHE_IMAGE + description: The name of the persistent app cache image (if no cache workspace is provided). + default: '' + - name: USER_ID + description: The user ID of the builder image user. + default: '1000' + - name: GROUP_ID + description: The group ID of the builder image user. + default: '1000' + - name: PLATFORM_DIR + description: The name of the platform directory. + default: empty-dir + - name: LIFECYCLE_IMAGE + description: The image to use when executing sensitive phases. + default: docker.io/buildpacksio/lifecycle:0.10.2@sha256:1bf8d3fc41d2fdf0ee4abdad50038ab8902ef58c74f5bcfc432c26767d889ed0 + - name: USER_HOME + description: Absolute path to the user's home directory. + default: /tekton/home + results: + - name: APP_IMAGE_DIGEST + description: The digest of the built `APP_IMAGE`. + stepTemplate: + env: + - name: CNB_PLATFORM_API + value: '0.4' + - name: HOME + value: $(params.USER_HOME) + steps: + - name: prepare + image: docker.io/library/bash:5.1.4@sha256:b208215a4655538be652b2769d82e576bc4d0a2bb132144c060efc5be8c3f5d6 + args: + - --env-vars + - $(params.ENV_VARS[*]) + script: | + #!/usr/bin/env bash + set -e + + if [[ "$(workspaces.cache.bound)" == "true" ]]; then + echo "> Setting permissions on '$(workspaces.cache.path)'..." + chown -R "$(params.USER_ID):$(params.GROUP_ID)" "$(workspaces.cache.path)" + fi + + for path in "/tekton/home" "/layers" "$(workspaces.source.path)"; do + echo "> Setting permissions on '$path'..." + chown -R "$(params.USER_ID):$(params.GROUP_ID)" "$path" + done + + echo "> Parsing additional configuration..." + parsing_flag="" + envs=() + for arg in "$@"; do + if [[ "$arg" == "--env-vars" ]]; then + echo "-> Parsing env variables..." + parsing_flag="env-vars" + elif [[ "$parsing_flag" == "env-vars" ]]; then + envs+=("$arg") + fi + done + + echo "> Processing any environment variables..." + ENV_DIR="/platform/env" + + echo "--> Creating 'env' directory: $ENV_DIR" + mkdir -p "$ENV_DIR" + + for env in "$${envs[@]}"; do + IFS='=' read -r key value string <<< "$env" + if [[ "$key" != "" && "$value" != "" ]]; then + path="$${ENV_DIR}/$${key}" + echo "--> Writing $${path}..." + echo -n "$value" > "$path" + fi + done + volumeMounts: + - name: layers-dir + mountPath: /layers + - name: $(params.PLATFORM_DIR) + mountPath: /platform + securityContext: + privileged: true + - name: copy-stack-toml + image: $(params.BUILDER_IMAGE) + imagePullPolicy: Always + command: + - /bin/sh + args: + - -c + - | + cp /cnb/stack.toml /layers/ + volumeMounts: + - name: layers-dir + mountPath: /layers + - name: detect + image: $(params.BUILDER_IMAGE) + imagePullPolicy: Always + command: + - /cnb/lifecycle/detector + args: + - -app=$(workspaces.source.path)/$(params.SOURCE_SUBPATH) + - -group=/layers/group.toml + - -plan=/layers/plan.toml + volumeMounts: + - name: layers-dir + mountPath: /layers + - name: $(params.PLATFORM_DIR) + mountPath: /platform + - name: empty-dir + mountPath: /tekton/home + - name: analyze + image: $(params.LIFECYCLE_IMAGE) + imagePullPolicy: Always + command: + - /cnb/lifecycle/analyzer + args: + - -layers=/layers + - -group=/layers/group.toml + - -cache-dir=$(workspaces.cache.path) + - -cache-image=$(params.CACHE_IMAGE) + - -uid=$(params.USER_ID) + - -gid=$(params.GROUP_ID) + - $(params.APP_IMAGE) + volumeMounts: + - name: layers-dir + mountPath: /layers + - name: restore + image: $(params.LIFECYCLE_IMAGE) + imagePullPolicy: Always + command: + - /cnb/lifecycle/restorer + args: + - -group=/layers/group.toml + - -layers=/layers + - -cache-dir=$(workspaces.cache.path) + - -cache-image=$(params.CACHE_IMAGE) + - -uid=$(params.USER_ID) + - -gid=$(params.GROUP_ID) + volumeMounts: + - name: layers-dir + mountPath: /layers + - name: build + image: $(params.BUILDER_IMAGE) + imagePullPolicy: Always + command: + - /cnb/lifecycle/builder + args: + - -app=$(workspaces.source.path)/$(params.SOURCE_SUBPATH) + - -layers=/layers + - -group=/layers/group.toml + - -plan=/layers/plan.toml + volumeMounts: + - name: layers-dir + mountPath: /layers + - name: $(params.PLATFORM_DIR) + mountPath: /platform + - name: empty-dir + mountPath: /tekton/home + - name: export + image: $(params.LIFECYCLE_IMAGE) + imagePullPolicy: Always + command: + - /cnb/lifecycle/exporter + args: + - -app=$(workspaces.source.path)/$(params.SOURCE_SUBPATH) + - -layers=/layers + - -group=/layers/group.toml + - -cache-dir=$(workspaces.cache.path) + - -cache-image=$(params.CACHE_IMAGE) + - -report=/layers/report.toml + - -process-type=$(params.PROCESS_TYPE) + - -uid=$(params.USER_ID) + - -gid=$(params.GROUP_ID) + - -stack=/layers/stack.toml + - -run-image=$(params.RUN_IMAGE) + - $(params.APP_IMAGE) + volumeMounts: + - name: layers-dir + mountPath: /layers + - name: results + image: docker.io/library/bash:5.1.4@sha256:b208215a4655538be652b2769d82e576bc4d0a2bb132144c060efc5be8c3f5d6 + script: | + #!/usr/bin/env bash + set -e + cat /layers/report.toml | grep "digest" | cut -d'"' -f2 | cut -d'"' -f2 | tr -d '\n' | tee $(results.APP_IMAGE_DIGEST.path) + volumeMounts: + - name: layers-dir + mountPath: /layers + volumes: + - name: empty-dir + emptyDir: {} + - name: layers-dir + emptyDir: {} +EOF +} + +resource "kubectl_manifest" "Task_sonarqube-scanner" { + yaml_body = <<-EOF + apiVersion: tekton.dev/v1beta1 + kind: Task + metadata: + name: sonarqube-scanner + labels: ${jsonencode(local.common_labels)} + annotations: + tekton.dev/deprecated: 'true' + tekton.dev/pipelines.minVersion: 0.17.0 + tekton.dev/categories: Security + tekton.dev/tags: security + tekton.dev/displayName: sonarqube scanner + tekton.dev/platforms: linux/amd64 + namespace: ${var.namespace} + spec: + description: |- + The following task can be used to perform static analysis on the source code provided the SonarQube server is hosted + SonarQube is the leading tool for continuously inspecting the Code Quality and Security of your codebases, all while empowering development teams. Analyze over 25 popular programming languages including C#, VB.Net, JavaScript, TypeScript and C++. It detects bugs, vulnerabilities and code smells across project branches and pull requests. + workspaces: + - name: source + description: Workspace containing the code which needs to be scanned by SonarQube + - name: sonar-settings + description: Optional workspace where SonarQube properties can be mounted + optional: true + - name: sonar-credentials + description: | + A workspace containing a login or password for use within sonarqube. + optional: true + params: + - name: SONAR_HOST_URL + description: SonarQube server URL + default: '' + - name: SONAR_PROJECT_KEY + description: Project's unique key + default: '' + - name: PROJECT_VERSION + description: 'Version of the project. Default: 1.0' + default: '1.0' + - name: SOURCE_TO_SCAN + description: Comma-separated paths to directories containing main source files + default: . + - name: SONAR_ORGANIZATION + description: The organization in sonarqube where the project exists + default: '' + - name: SONAR_SCANNER_IMAGE + description: The sonarqube scanner CLI image which will run the scan + default: docker.io/sonarsource/sonar-scanner-cli:4.6@sha256:7a976330a8bad1beca6584c1c118e946e7a25fdc5b664d5c0a869a6577d81b4f + - name: SONAR_LOGIN_KEY + description: Name of the file of the login within the sonarqube credentials workspace + default: login + - name: SONAR_PASSWORD_KEY + description: Name of the file of the password within the sonarqube credentials workspace + default: password + steps: + - name: sonar-properties-create + image: registry.access.redhat.com/ubi8/ubi-minimal:8.2 + workingDir: $(workspaces.source.path) + env: + - name: SONAR_HOST_URL + value: $(params.SONAR_HOST_URL) + - name: SONAR_PROJECT_KEY + value: $(params.SONAR_PROJECT_KEY) + - name: PROJECT_VERSION + value: $(params.PROJECT_VERSION) + - name: SOURCE_TO_SCAN + value: $(params.SOURCE_TO_SCAN) + - name: SONAR_ORGANIZATION + value: $(params.SONAR_ORGANIZATION) + script: | + #!/usr/bin/env bash + + replaceValues() { + filename=$1 + thekey=$2 + newvalue=$3 + + if ! grep -R "^[#]*\s*$${thekey}=.*" $filename >/dev/null; then + echo "APPENDING because '$${thekey}' not found" + echo "" >>$filename + echo "$thekey=$newvalue" >>$filename + else + echo "SETTING because '$${thekey}' found already" + sed -ir "s|^[#]*\s*$${thekey}=.*|$thekey=$newvalue|" $filename + fi + } + + if [[ "$(workspaces.sonar-settings.bound)" == "true" ]]; then + if [[ -f $(workspaces.sonar-settings.path)/sonar-project.properties ]]; then + echo "using user provided sonar-project.properties file" + cp -RL $(workspaces.sonar-settings.path)/sonar-project.properties $(workspaces.source.path)/sonar-project.properties + fi + fi + + if [[ -f $(workspaces.source.path)/sonar-project.properties ]]; then + if [[ -n "$${SONAR_HOST_URL}" ]]; then + echo "replacing sonar host URL" + replaceValues $(workspaces.source.path)/sonar-project.properties sonar.host.url "$${SONAR_HOST_URL}" + fi + if [[ -n "$${SONAR_PROJECT_KEY}" ]]; then + echo "replacing sonar project key" + replaceValues $(workspaces.source.path)/sonar-project.properties sonar.projectKey "$${SONAR_PROJECT_KEY}" + fi + echo "Values in sonar-project.properties file replaced successfully..." + else + echo "Creating sonar-project.properties file..." + touch sonar-project.properties + [[ -n "$${SONAR_PROJECT_KEY}" ]] && { + echo "sonar.projectKey=$${SONAR_PROJECT_KEY}" >> sonar-project.properties + } || { + echo "missing property SONAR_PROJECT_KEY" + exit 1 + } + + [[ -n "$${SONAR_HOST_URL}" ]] && { + echo "sonar.host.url=$${SONAR_HOST_URL}" >> sonar-project.properties + } || { + echo "missing property SONAR_HOST_URL" + exit 1 + } + + [[ -n "$${PROJECT_VERSION}" ]] && { + echo "sonar.projectVersion=$${PROJECT_VERSION}" >> sonar-project.properties + } || { + echo "missing property PROJECT_VERSION" + exit 1 + } + + [[ -n "$${SONAR_ORGANIZATION}" ]] && { + echo "sonar.organization=$${SONAR_ORGANIZATION}" >> sonar-project.properties + } || { + echo "missing property SONAR_ORGANIZATION" + exit 1 + } + echo "sonar.sources=$${SOURCE_TO_SCAN}" >> sonar-project.properties + echo "---------------------------" + cat $(workspaces.source.path)/sonar-project.properties + fi + + if [[ "$(workspaces.sonar-credentials.bound)" == "true" ]]; then + if [[ -f $(workspaces.sonar-credentials.path)/$(params.SONAR_PASSWORD_KEY) ]]; then + SONAR_PASSWORD=`cat $(workspaces.sonar-credentials.path)/$(params.SONAR_PASSWORD_KEY)` + replaceValues $(workspaces.source.path)/sonar-project.properties sonar.password "$${SONAR_PASSWORD}" + fi + if [[ -f $(workspaces.sonar-credentials.path)/$(params.SONAR_LOGIN_KEY) ]]; then + SONAR_LOGIN=`cat $(workspaces.sonar-credentials.path)/$(params.SONAR_LOGIN_KEY)` + replaceValues $(workspaces.source.path)/sonar-project.properties sonar.login "$${SONAR_LOGIN}" + fi + fi + - name: sonar-scan + image: $(params.SONAR_SCANNER_IMAGE) + workingDir: $(workspaces.source.path) + command: + - sonar-scanner +EOF +} + +resource "kubectl_manifest" "Task_check-make" { + yaml_body = <<-EOF + apiVersion: tekton.dev/v1beta1 + kind: Task + metadata: + name: check-make + labels: ${jsonencode(local.common_labels)} + annotations: + tekton.dev/pipelines.minVersion: 0.12.1 + tekton.dev/categories: Code Quality + tekton.dev/tags: linter + tekton.dev/displayName: Makefile linter + tekton.dev/platforms: linux/amd64 + namespace: ${var.namespace} + spec: + description: This task can be used to perform lint check on Makefiles + workspaces: + - name: shared-workspace + description: A workspace that contains the fetched git repository. + params: + - name: args + type: array + description: extra args needs to append + default: + - --help + steps: + - name: lint-makefile + image: docker.io/cytopia/checkmake:0.1.0@sha256:50957311f1ae25fd5925e1a45798d323cf00b3654cd1eede8db7814c72cec41d + workingDir: $(workspaces.shared-workspace.path) + command: + - checkmake + args: + - $(params.args) +EOF +} + +resource "kubectl_manifest" "Task_gitea-set-status" { + yaml_body = <<-EOF + apiVersion: tekton.dev/v1beta1 + kind: Task + metadata: + name: gitea-set-status + labels: ${jsonencode(local.common_labels)} + annotations: + tekton.dev/categories: Git + tekton.dev/pipelines.minVersion: 0.12.1 + tekton.dev/tags: gitea + tekton.dev/displayName: set gitea status + tekton.dev/platforms: linux/amd64,linux/s390x,linux/ppc64le + namespace: ${var.namespace} + spec: + description: |- + This task will set the status of the CI job to the specified value along with a link to the specified target URL where developers can follow the progress of the CI job. + The `gitea-set-status` task allows external services to mark Gitea commits with an `error`, `failure`, `pending`, or `success` state, which is then reflected in pull requests involving those commits. Statuses include as well a `description` and a `target_url`, to give the user informations about the CI statuses or a direct link to the full log. + params: + - name: GITEA_HOST_URL + description: | + The Gitea host, e.g: git.yourcompany.com. Can include port. + type: string + default: gitea-http.${var.domain}-ci.svc:3000 + - name: GITEA_HTTPS_OR_HTTP + description: | + If we should connect with HTTP or HTTPS. Use "http" or "https" here. + type: string + default: http + - name: API_PATH_PREFIX + description: | + The API path prefix of Gitea, default: /api/v1 + default: /api/v1 + type: string + - name: REPO_FULL_NAME + description: | + The Gitea repository full name, e.g.: tektoncd/catalog + type: string + - name: GITEA_TOKEN_SECRET_NAME + description: | + The name of the kubernetes secret that contains the Gitea token, default: gitea + type: string + default: gitea + - name: GITEA_TOKEN_SECRET_KEY + description: | + The key within the kubernetes secret that contains the Gitea token, default: token + type: string + default: token + - name: SHA + description: | + Commit SHA to set the status for. + type: string + - name: TARGET_URL + description: | + The target URL to associate with this status. This URL will be linked + from the Gitea UI to allow users to easily see the source of the + status. + type: string + - name: DESCRIPTION + description: | + A short description of the status. + type: string + - name: CONTEXT + description: | + The Gitea context, A string label to differentiate this status from + the status of other systems. ie: "continuous-integration/tekton" + default: continuous-integration/tekton + type: string + - name: STATE + description: | + The state of the status. Can be one of the following `error`, + `failure`, `pending`, `warning` or `success`. + type: string + - name: IMAGE + description: | + Image providing the python binary which this task uses. + type: string + default: python:3.10.1-alpine3.15@sha256:affe0faa14e7553fc570beec3864e74b5e36f8c19b2bb49ae8ba79c0e9e7236e + - name: SHEBANG + description: | + Python path. Depends on the image. + type: string + default: /usr/bin/env python + volumes: + - name: giteatoken + secret: + secretName: $(params.GITEA_TOKEN_SECRET_NAME) + steps: + - name: set-status + volumeMounts: + - name: giteatoken + mountPath: /etc/gitea-set-status + image: $(params.IMAGE) + script: |- + #!$(params.SHEBANG) + + """This script will set the CI status on a Gitea commit""" + + import json + import sys + import http.client + + gitea_token = open("/etc/gitea-set-status/$(params.GITEA_TOKEN_SECRET_KEY)", "r").read() + + status_url = "$(params.API_PATH_PREFIX)" + "/repos/$(params.REPO_FULL_NAME)/" + \ + "statuses/$(params.SHA)" + + data = { + "state": "$(params.STATE)", + "target_url": "$(params.TARGET_URL)", + "description": "$(params.DESCRIPTION)", + "context": "$(params.CONTEXT)" + } + print("Sending this data to Gitea: ") + print(data) + + authHeader = "token " + gitea_token + + if "$(params.GITEA_HTTPS_OR_HTTP)" == "https": + conn = http.client.HTTPSConnection("$(params.GITEA_HOST_URL)") + else: + conn = http.client.HTTPConnection("$(params.GITEA_HOST_URL)") + + conn.request( + "POST", + status_url, + body=json.dumps(data), + headers={ + "User-Agent": "TektonCD, the peaceful cat", + "Authorization": authHeader, + "Accept": "application/json", + "Content-Type": "application/json", + }) + resp = conn.getresponse() + if not str(resp.status).startswith("2"): + print("Error: %d" % (resp.status)) + print(resp.read()) + sys.exit(1) + else: + print("Gitea status '$(params.STATE)' has been set on " + "$(params.REPO_FULL_NAME)#$(params.SHA) ") +EOF +} + +resource "kubectl_manifest" "Task_hadolint" { + yaml_body = <<-EOF + apiVersion: tekton.dev/v1beta1 + kind: Task + metadata: + annotations: + tekton.dev/categories: Code Quality + tekton.dev/displayName: Hadolint + tekton.dev/pipelines.minVersion: 0.12.1 + tekton.dev/platforms: linux/amd64 + tekton.dev/tags: Kubernetes, Misconfiguration + name: hadolint + labels: ${jsonencode(local.common_labels)} + namespace: ${var.namespace} + spec: + description: |- + This task makes it possible to use Hadolint within Tekton Pipeline. + A smarter Dockerfile linter that helps you build best practice Docker images. The linter parses the Dockerfile into an AST and performs rules on top of the AST + params: + - default: '' + description: ignore rules. + name: ignore-rules + type: string + - default: ./Dockerfile + description: Dockerfile path. + name: dockerfile-path + type: string + - default: tty + description: The output format for the results [tty | json | checkstyle | codeclimate | gitlab_codeclimate | codacy] (default tty). + name: output-format + type: string + steps: + - image: ghcr.io/hadolint/hadolint:v2.8.0-debian@sha256:50b0e60aa2b4aba5a26eeb4ad08c96ed7a828fca996632e29114aabea18345f4 + name: lint-dockerfile + script: | + #!/bin/bash + set -e + if [ -n "$RULES" ] + then + IFS="," read -a RULES <<< "$RULES" + for rule in $${RULES[@]}; do ignore_rules="--ignore $rule $ignore_rules"; done + command_to_run="hadolint $${ignore_rules}" + else + command_to_run="hadolint" + fi + $command_to_run "$DOCKERFILE" -f "$OFORMAT" + env: + - name: RULES + value: $(params.ignore-rules) + - name: DOCKERFILE + value: $(params.dockerfile-path) + - name: OFORMAT + value: $(params.output-format) + workingDir: $(workspaces.source.path) + workspaces: + - description: A workspace that contains fetched git repo. + name: source +EOF +} + +resource "kubectl_manifest" "Task_hugo" { + yaml_body = <<-EOF + apiVersion: tekton.dev/v1 + kind: Task + metadata: + name: hugo + labels: ${jsonencode(local.common_labels)} + annotations: + tekton.dev/pipelines.minVersion: 0.12.1 + tekton.dev/categories: Build Tools, Cloud + tekton.dev/tags: buildtools, cloud + tekton.dev/displayName: Hugo + tekton.dev/platforms: linux/amd64 + namespace: ${var.namespace} + spec: + description: |- + A Task that builds a Hugo site. + This task uses the Hugo static site generator to build a static site from the content in the specified directory. + workspaces: + - name: work-dir + params: + - name: content-dir + type: string + description: The directory where the content is located + default: '' + - name: minify + type: string + description: Minify the output e.g. HTML, CSS, JS, XML + default: 'false' + - name: base-url + type: string + description: The base URL for the Hugo site. By default reads from the hugo.toml or hugo.yaml + default: '' + - name: verbose + type: string + description: Verbose output + default: 'false' + results: + - name: output + description: generated static site + steps: + - name: build + env: + - name: HUGO_MINIFY + value: $(params.minify) + - name: HUGO_BASEURL + value: $(params.base-url) + - name: HUGO_VERBOSE + value: $(params.verbose) + - name: HUGO_CONTENT_DIR + value: $(params.content-dir) + image: docker.io/hugomods/hugo:0.122.0@sha256:e90f2e6786969463f3475c7d5e7f031cb5dbf75a8394687d52f99d6c9d0eda0d + script: |- + export HUGOCMD="hugo" + + + if [ "$HUGO_MINIFY" = 'true' ]; then + export HUGOCMD="$${HUGOCMD} --minify" + fi + + if [ "$HUGO_BASEURL" != '' ]; then + export HUGOCMD="$${HUGOCMD} --baseURL $HUGO_BASEURL" + fi + + if [ "$HUGO_VERBOSE" = 'true' ]; then + export HUGOCMD="$${HUGOCMD} --verbose" + fi + + if [ "$HUGO_CONTENT_DIR" != '' ]; then + export HUGOCMD="$${HUGOCMD} --contentDir $${HUGO_CONTENT_DIR}" + fi + + cd "$(workspaces.work-dir.path)" || exit + $HUGOCMD + + printf "%s/public" "$(workspaces.work-dir.path)" | tee /tekton/results/output +EOF +} + +resource "kubectl_manifest" "Task_buildah" { + yaml_body = <<-EOF + apiVersion: tekton.dev/v1beta1 + kind: Task + metadata: + name: buildah + labels: ${jsonencode(local.common_labels)} + annotations: + tekton.dev/categories: Image Build + tekton.dev/pipelines.minVersion: 0.17.0 + tekton.dev/tags: image-build + tekton.dev/platforms: linux/amd64,linux/s390x,linux/ppc64le,linux/arm64 + tekton.dev/displayName: buildah + namespace: ${var.namespace} + spec: + description: |- + Buildah task builds source into a container image and then pushes it to a container registry. + Buildah Task builds source into a container image using Project Atomic's Buildah build tool.It uses Buildah's support for building from Dockerfiles, using its buildah bud command.This command executes the directives in the Dockerfile to assemble a container image, then pushes that image to a container registry. + params: + - name: IMAGE + description: Reference of the image buildah will produce. + - name: BUILDER_IMAGE + description: The location of the buildah builder image. + default: quay.io/buildah/stable:v1 + - name: STORAGE_DRIVER + description: Set buildah storage driver + default: overlay + - name: DOCKERFILE + description: Path to the Dockerfile to build. + default: ./Dockerfile + - name: CONTEXT + description: Path to the directory to use as context. + default: . + - name: TLSVERIFY + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) + default: 'true' + - name: FORMAT + description: The format of the built container, oci or docker + default: oci + - name: BUILD_EXTRA_ARGS + description: Extra parameters passed for the build command when building images. + default: '' + - name: PUSH_EXTRA_ARGS + description: Extra parameters passed for the push command when pushing images. + type: string + default: '' + - name: SKIP_PUSH + description: Skip pushing the built image + default: 'false' + workspaces: + - name: source + - name: sslcertdir + optional: true + - name: dockerconfig + description: An optional workspace that allows providing a .docker/config.json file for Buildah to access the container registry. The file should be placed at the root of the Workspace with name config.json. + optional: true + results: + - name: IMAGE_DIGEST + description: Digest of the image just built. + - name: IMAGE_URL + description: Image repository where the built image would be pushed to + steps: + - name: build-and-push + image: $(params.BUILDER_IMAGE) + workingDir: $(workspaces.source.path) + script: | + [ "$(workspaces.sslcertdir.bound)" = "true" ] && CERT_DIR_FLAG="--cert-dir=$(workspaces.sslcertdir.path)" + [ "$(workspaces.dockerconfig.bound)" = "true" ] && DOCKER_CONFIG="$(workspaces.dockerconfig.path)" && export DOCKER_CONFIG + # build the image (CERT_DIR_FLAG should be omitted if empty and BUILD_EXTRA_ARGS can contain multiple args) + # shellcheck disable=SC2046,SC2086 + buildah $${CERT_DIR_FLAG} "--storage-driver=$(params.STORAGE_DRIVER)" bud $(params.BUILD_EXTRA_ARGS) \ + "--format=$(params.FORMAT)" "--tls-verify=$(params.TLSVERIFY)" \ + -f "$(params.DOCKERFILE)" -t "$(params.IMAGE)" "$(params.CONTEXT)" + [ "$(params.SKIP_PUSH)" = "true" ] && echo "Push skipped" && exit 0 + # push the image (CERT_DIR_FLAG should be omitted if empty and PUSH_EXTRA_ARGS can contain multiple args) + # shellcheck disable=SC2046,SC2086 + buildah $${CERT_DIR_FLAG} "--storage-driver=$(params.STORAGE_DRIVER)" push $(params.PUSH_EXTRA_ARGS) \ + "--tls-verify=$(params.TLSVERIFY)" --digestfile /tmp/image-digest "$(params.IMAGE)" \ + "docker://$(params.IMAGE)" + tee "$(results.IMAGE_DIGEST.path)" < /tmp/image-digest + printf '%s' "$(params.IMAGE)" | tee "$(results.IMAGE_URL.path)" + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + securityContext: + privileged: true + volumes: + - name: varlibcontainers + emptyDir: {} +EOF +} + +resource "kubectl_manifest" "Task_buildpacks" { + yaml_body = <<-EOF + apiVersion: tekton.dev/v1beta1 + kind: Task + metadata: + name: buildpacks + labels: ${jsonencode(local.common_labels)} + annotations: + tekton.dev/categories: Image Build + tekton.dev/pipelines.minVersion: 0.17.0 + tekton.dev/tags: image-build + tekton.dev/displayName: Buildpacks + tekton.dev/platforms: linux/amd64 + namespace: ${var.namespace} + spec: + description: The Buildpacks task builds source into a container image and pushes it to a registry, using Cloud Native Buildpacks. + workspaces: + - name: source + description: Directory where application source is located. + - name: cache + description: Directory where cache is stored (when no cache image is provided). + optional: true + - name: dockerconfig + description: An optional workspace that allows providing a .docker/config.json file for Buildpacks lifecycle binary to access the container registry. The file should be placed at the root of the Workspace with name config.json. + optional: true + params: + - name: APP_IMAGE + description: The name of where to store the app image. + - name: BUILDER_IMAGE + description: The image on which builds will run (must include lifecycle and compatible buildpacks). + - name: SOURCE_SUBPATH + description: A subpath within the `source` input where the source to build is located. + default: '' + - name: ENV_VARS + type: array + description: Environment variables to set during _build-time_. + default: [] + - name: PROCESS_TYPE + description: The default process type to set on the image. + default: web + - name: RUN_IMAGE + description: Reference to a run image to use. + default: '' + - name: CACHE_IMAGE + description: The name of the persistent app cache image (if no cache workspace is provided). + default: '' + - name: SKIP_RESTORE + description: Do not write layer metadata or restore cached layers. + default: 'false' + - name: USER_ID + description: The user ID of the builder image user. + default: '1000' + - name: GROUP_ID + description: The group ID of the builder image user. + default: '1000' + - name: PLATFORM_DIR + description: The name of the platform directory. + default: empty-dir + results: + - name: APP_IMAGE_DIGEST + description: The digest of the built `APP_IMAGE`. + - name: APP_IMAGE_URL + description: The URL of the built `APP_IMAGE`. + stepTemplate: + env: + - name: CNB_PLATFORM_API + value: '0.9' + steps: + - name: prepare + image: docker.io/library/bash:5.1.4@sha256:b208215a4655538be652b2769d82e576bc4d0a2bb132144c060efc5be8c3f5d6 + args: + - --env-vars + - $(params.ENV_VARS[*]) + script: | + #!/usr/bin/env bash + set -e + + if [[ "$(workspaces.cache.bound)" == "true" ]]; then + echo "> Setting permissions on '$(workspaces.cache.path)'..." + chown -R "$(params.USER_ID):$(params.GROUP_ID)" "$(workspaces.cache.path)" + fi + + for path in "/tekton/home" "/layers" "$(workspaces.source.path)"; do + echo "> Setting permissions on '$path'..." + chown -R "$(params.USER_ID):$(params.GROUP_ID)" "$path" + + if [[ "$path" == "$(workspaces.source.path)" ]]; then + chmod 775 "$(workspaces.source.path)" + fi + done + + echo "> Parsing additional configuration..." + parsing_flag="" + envs=() + for arg in "$@"; do + if [[ "$arg" == "--env-vars" ]]; then + echo "-> Parsing env variables..." + parsing_flag="env-vars" + elif [[ "$parsing_flag" == "env-vars" ]]; then + envs+=("$arg") + fi + done + + echo "> Processing any environment variables..." + ENV_DIR="/platform/env" + + echo "--> Creating 'env' directory: $ENV_DIR" + mkdir -p "$ENV_DIR" + + for env in "$${envs[@]}"; do + IFS='=' read -r key value <<< "$env" + if [[ "$key" != "" && "$value" != "" ]]; then + path="$${ENV_DIR}/$${key}" + echo "--> Writing $${path}..." + echo -n "$value" > "$path" + fi + done + volumeMounts: + - name: layers-dir + mountPath: /layers + - name: $(params.PLATFORM_DIR) + mountPath: /platform + - name: create + image: $(params.BUILDER_IMAGE) + imagePullPolicy: Always + command: + - /cnb/lifecycle/creator + env: + - name: DOCKER_CONFIG + value: $(workspaces.dockerconfig.path) + args: + - -app=$(workspaces.source.path)/$(params.SOURCE_SUBPATH) + - -cache-dir=$(workspaces.cache.path) + - -cache-image=$(params.CACHE_IMAGE) + - -uid=$(params.USER_ID) + - -gid=$(params.GROUP_ID) + - -layers=/layers + - -platform=/platform + - -report=/layers/report.toml + - -process-type=$(params.PROCESS_TYPE) + - -skip-restore=$(params.SKIP_RESTORE) + - -previous-image=$(params.APP_IMAGE) + - -run-image=$(params.RUN_IMAGE) + - $(params.APP_IMAGE) + volumeMounts: + - name: layers-dir + mountPath: /layers + - name: $(params.PLATFORM_DIR) + mountPath: /platform + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + - name: results + image: docker.io/library/bash:5.1.4@sha256:b208215a4655538be652b2769d82e576bc4d0a2bb132144c060efc5be8c3f5d6 + script: | + #!/usr/bin/env bash + set -e + grep "digest" /layers/report.toml | cut -d'"' -f2 | cut -d'"' -f2 | tr -d '\n' | tee "$(results.APP_IMAGE_DIGEST.path)" + echo -n "$(params.APP_IMAGE)" | tee "$(results.APP_IMAGE_URL.path)" + volumeMounts: + - name: layers-dir + mountPath: /layers + volumes: + - name: empty-dir + emptyDir: {} + - name: layers-dir + emptyDir: {} +EOF +} + +resource "kubectl_manifest" "Task_kubeval" { + yaml_body = <<-EOF + apiVersion: tekton.dev/v1beta1 + kind: Task + metadata: + name: kubeval + labels: ${jsonencode(local.common_labels)} + annotations: + tekton.dev/pipelines.minVersion: 0.12.1 + tekton.dev/categories: Code Quality, Kubernetes + tekton.dev/tags: test + tekton.dev/platforms: linux/amd64 + namespace: ${var.namespace} + spec: + description: |- + This task makes it possible to use Kubeval within your Tekton pipelines. + Kubeval is a tool used for validating Kubernetes configuration files. By default the task will recursively scan the provided repository for YAML files and validate them against the Kubernetes schemas. + workspaces: + - name: source + params: + - name: files + default: . + - name: output + default: stdout + - name: args + type: array + default: [] + steps: + - name: kubeval + workingDir: $(workspaces.source.path) + image: docker.io/garethr/kubeval:0.15.0@sha256:6962d8ecbb7839637667f66e6703e6ebaae0c29dfe93a31d9968fba4324c7b8d + command: + - kubeval + - -d + - $(params.files) + - -o + - $(params.output) + - $(params.args) +EOF +} + +resource "kubectl_manifest" "Task_pylint" { + yaml_body = <<-EOF + apiVersion: tekton.dev/v1beta1 + kind: Task + metadata: + name: pylint + labels: ${jsonencode(local.common_labels)} + annotations: + tekton.dev/categories: Code Quality + tekton.dev/pipelines.minVersion: 0.17.0 + tekton.dev/tags: python, pylint + tekton.dev/displayName: pylint + tekton.dev/platforms: linux/amd64 + namespace: ${var.namespace} + spec: + description: This task will run pylint on the provided input. + workspaces: + - name: source + - description: The workspace consisting of the custom pip settings. + name: pip-conf + optional: true + params: + - name: image + description: The container image with pylint + default: registry.gitlab.com/pipeline-components/pylint:0.12.0@sha256:051b701936dfab6fa27bd1ebd50ef56b19577565661bc0227e50dd1cf94a3d6e + - name: path + description: The path to the module which should be analysed by pylint + default: . + type: string + - name: requirements_file + description: The name of the requirements file inside the source location + default: requirements.txt + - name: args + description: The arguments to pass to the pylint CLI. + type: array + default: [] + - name: pip_conf_file + description: The name of the custom pip config file. + default: pip.conf + steps: + - name: pylint + image: $(params.image) + workingDir: $(workspaces.source.path) + env: + - name: HOME + value: /tmp/python + - name: PARAM_PIP_CONF_FILE + value: $(params.pip_conf_file) + - name: WORKSPACE_PIP_CONF_BOUND + value: $(workspaces.pip-conf.bound) + - name: WORKSPACE_PIP_CONF_PATH + value: $(workspaces.pip-conf.path) + script: | + export PATH=$PATH:$HOME/.local/bin + + if [ "$${WORKSPACE_PIP_CONF_BOUND}" = "true" ] ; then + export PIP_CONFIG_FILE="$${WORKSPACE_PIP_CONF_PATH}/$${PARAM_PIP_CONF_FILE}" + fi + + if [ -n "$(params.requirements_file)" ] && [ -e "$(params.requirements_file)" ];then + python -mpip install --user -r "$(params.requirements_file)" + fi + pylint $@ "$(params.path)" + args: + - $(params.args) +EOF +} + diff --git a/share/tekton-tasks/common.tf b/share/tekton-tasks/common.tf new file mode 100644 index 0000000..47a6e0c --- /dev/null +++ b/share/tekton-tasks/common.tf @@ -0,0 +1,13 @@ + +locals { + common_labels = { + "vynil.solidite.fr/owner-name" = var.instance + "vynil.solidite.fr/owner-namespace" = var.namespace + "vynil.solidite.fr/owner-category" = var.category + "vynil.solidite.fr/owner-component" = var.component + "app.kubernetes.io/managed-by" = "vynil" + "app.kubernetes.io/name" = var.component + "app.kubernetes.io/instance" = var.instance + } + common-labels = local.common_labels +} diff --git a/share/tekton-tasks/index.yaml b/share/tekton-tasks/index.yaml new file mode 100644 index 0000000..823b62c --- /dev/null +++ b/share/tekton-tasks/index.yaml @@ -0,0 +1,27 @@ +--- +apiVersion: vinyl.solidite.fr/v1beta1 +kind: Component +category: share +metadata: + name: tekton-tasks + description: Install base tekton-tasks +options: + domain: + default: media + examples: + - media + type: string +dependencies: +- dist: null + category: workflow + component: tekton-pipelines +providers: + kubernetes: null + authentik: null + kubectl: true + postgresql: null + mysql: null + restapi: null + http: null + gitea: null +tfaddtype: null