diff --git a/share/gitea-tekton-org/index.rhai b/share/gitea-tekton-org/index.rhai index 22febfa..dee0616 100644 --- a/share/gitea-tekton-org/index.rhai +++ b/share/gitea-tekton-org/index.rhai @@ -4,16 +4,13 @@ const duplicates=["auto-ci-detector.py"]; const sources=[ #{url: "https://github.com/tektoncd/catalog/raw/main/task/python-coverage/0.1/python-coverage.yaml", name: "python-coverage.yaml"}, #{url: "https://github.com/tektoncd/catalog/raw/main/task/black/0.2/black.yaml", name: "black.yaml"}, - #{url: "https://github.com/tektoncd/catalog/raw/main/task/buildkit-daemonless/0.1/buildkit-daemonless.yaml", name: "buildkit-daemonless.yaml"}, #{url: "https://github.com/tektoncd/catalog/raw/main/task/buildpacks-phases/0.2/buildpacks-phases.yaml", name: "buildpacks-phases.yaml"}, #{url: "https://github.com/tektoncd/catalog/raw/main/task/buildpacks/0.6/buildpacks.yaml", name: "buildpacks.yaml"}, #{url: "https://github.com/tektoncd/catalog/raw/main/task/check-make/0.1/check-make.yaml", name: "check-make.yaml"}, - #{url: "https://github.com/tektoncd/catalog/raw/main/task/docker-build/0.1/docker-build.yaml", name: "docker-build.yaml"}, #{url: "https://github.com/tektoncd/catalog/raw/main/task/generate-build-id/0.1/generate-build-id.yaml", name: "generate-build-id.yaml"}, #{url: "https://github.com/tektoncd/catalog/raw/main/task/gitea-set-status/0.1/gitea-set-status.yaml", name: "gitea-set-status.yaml"}, #{url: "https://github.com/tektoncd/catalog/raw/main/task/hadolint/0.1/hadolint.yaml", name: "hadolint.yaml"}, #{url: "https://github.com/tektoncd/catalog/raw/main/task/hugo/0.1/hugo.yaml", name: "hugo.yaml"}, - #{url: "https://github.com/tektoncd/catalog/raw/main/task/kaniko/0.6/kaniko.yaml", name: "kaniko.yaml"}, #{url: "https://github.com/tektoncd/catalog/raw/main/task/kube-linter/0.1/kube-linter.yaml", name: "kube-linter.yaml"}, #{url: "https://github.com/tektoncd/catalog/raw/main/task/kubeval/0.1/kubeval.yaml", name: "kubeval.yaml"}, #{url: "https://github.com/tektoncd/catalog/raw/main/task/markdown-lint/0.1/markdown-lint.yaml", name: "markdown-lint.yaml"}, @@ -33,14 +30,11 @@ const sources=[ #{url: "https://github.com/tektoncd/catalog/raw/main/task/ansible-builder/0.1/ansible-builder.yaml", name: "ansible-builder.yaml"}, #{url: "https://github.com/tektoncd/catalog/raw/main/task/ansible-runner/0.2/ansible-runner.yaml", name: "ansible-runner.yaml"}, #{url: "https://github.com/tektoncd/catalog/raw/main/task/yq/0.4/yq.yaml", name: "yq.yaml"}, - #{url: "https://github.com/tektoncd/catalog/raw/main/pipeline/buildpacks/0.2/buildpacks.yaml", name: "buildpacks-pipeline.yaml"} ]; -// https://github.com/tektoncd/catalog/raw/main/task/trivy-scanner/0.2/trivy-scanner.yaml - fn pre_pack() { for file in global::sources { - //shell(`curl -sL ${file.url} > ${global::SRC}/${file.name}`); + shell(`curl -sL ${file.url} > ${global::SRC}/${file.name}`); } } fn post_pack() { diff --git a/share/gitea-tekton-org/tekton.dev_v1beta1_Pipeline_buildpacks.yaml b/share/gitea-tekton-org/tekton.dev_v1beta1_Pipeline_buildpacks.yaml deleted file mode 100644 index 4c1ba5c..0000000 --- a/share/gitea-tekton-org/tekton.dev_v1beta1_Pipeline_buildpacks.yaml +++ /dev/null @@ -1,139 +0,0 @@ ---- -apiVersion: tekton.dev/v1beta1 -kind: Pipeline -metadata: - name: buildpacks - labels: - app.kubernetes.io/version: "0.2" - annotations: - tekton.dev/pipelines.minVersion: "0.17.0" - tekton.dev/tags: image-build - tekton.dev/displayName: "Buildpacks" - tekton.dev/platforms: "linux/amd64" -spec: - description: >- - The Buildpacks pipeline builds source from a Git repository into a container image and pushes it to a registry, using Cloud Native Buildpacks. - - workspaces: - - name: source-ws - description: Location where source is stored. - - name: cache-ws - description: Location where cache is stored if CACHE_IMAGE is not provided. - optional: true - - params: - - name: BUILDER_IMAGE - description: The image on which builds will run (must include lifecycle and compatible buildpacks). - - name: TRUST_BUILDER - description: >- - Whether the builder image is trusted. - When false, each build phase is executed in isolation and credentials are only shared with trusted images. - default: "false" - - name: APP_IMAGE - description: The name of where to store the app image. - - name: SOURCE_URL - description: A git repo url where the source code resides. - - name: SOURCE_REFERENCE - description: The branch, tag or SHA to checkout. - default: "" - - name: SOURCE_SUBPATH - description: A subpath within checked out source where the source to build is located. - default: "" - - name: ENV_VARS - type: array - description: Environment variables to set during _build-time_. - default: [""] - - name: PROCESS_TYPE - description: The default process type to set on the image. - default: "web" - - name: RUN_IMAGE - description: The name of the run image to use (defaults to image specified in builder). - default: "" - - name: CACHE_IMAGE - description: The name of the persistent cache image. - default: "" - - name: USER_ID - description: The user ID of the builder image user. - default: "1000" - - name: GROUP_ID - description: The group ID of the builder image user. - default: "1000" - - tasks: - - name: fetch-from-git - taskRef: - name: git-clone - params: - - name: url - value: $(params.SOURCE_URL) - - name: revision - value: $(params.SOURCE_REFERENCE) - workspaces: - - name: output - workspace: source-ws - - name: build-trusted - runAfter: - - fetch-from-git - taskRef: - name: buildpacks - when: - - input: "$(params.TRUST_BUILDER)" - operator: in - values: ["true", "yes", "TRUE", "True"] - workspaces: - - name: source - workspace: source-ws - - name: cache - workspace: cache-ws - params: - - name: BUILDER_IMAGE - value: "$(params.BUILDER_IMAGE)" - - name: APP_IMAGE - value: "$(params.APP_IMAGE)" - - name: SOURCE_SUBPATH - value: "$(params.SOURCE_SUBPATH)" - - name: PROCESS_TYPE - value: "$(params.PROCESS_TYPE)" - - name: ENV_VARS - value: ["$(params.ENV_VARS)"] - - name: RUN_IMAGE - value: "$(params.RUN_IMAGE)" - - name: CACHE_IMAGE - value: "$(params.CACHE_IMAGE)" - - name: USER_ID - value: "$(params.USER_ID)" - - name: GROUP_ID - value: "$(params.GROUP_ID)" - - name: build-untrusted - runAfter: - - fetch-from-git - taskRef: - name: buildpacks-phases - when: - - input: "$(params.TRUST_BUILDER)" - operator: notin - values: ["true", "yes", "TRUE", "True"] - workspaces: - - name: source - workspace: source-ws - - name: cache - workspace: cache-ws - params: - - name: BUILDER_IMAGE - value: "$(params.BUILDER_IMAGE)" - - name: APP_IMAGE - value: "$(params.APP_IMAGE)" - - name: SOURCE_SUBPATH - value: "$(params.SOURCE_SUBPATH)" - - name: ENV_VARS - value: ["$(params.ENV_VARS)"] - - name: PROCESS_TYPE - value: "$(params.PROCESS_TYPE)" - - name: RUN_IMAGE - value: "$(params.RUN_IMAGE)" - - name: CACHE_IMAGE - value: "$(params.CACHE_IMAGE)" - - name: USER_ID - value: "$(params.USER_ID)" - - name: GROUP_ID - value: "$(params.GROUP_ID)" \ No newline at end of file diff --git a/share/gitea-tekton-org/tekton.dev_v1beta1_Task_buildkit-daemonless.yaml b/share/gitea-tekton-org/tekton.dev_v1beta1_Task_buildkit-daemonless.yaml deleted file mode 100644 index a25f4f2..0000000 --- a/share/gitea-tekton-org/tekton.dev_v1beta1_Task_buildkit-daemonless.yaml +++ /dev/null @@ -1,51 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: buildkit-daemonless - labels: - app.kubernetes.io/version: "0.1" - annotations: - tekton.dev/pipelines.minVersion: "0.12.1" - tekton.dev/categories: Image Build - tekton.dev/tags: image-build - tekton.dev/displayName: "buildkit daemonless" - tekton.dev/platforms: "linux/amd64" - tekton.dev/deprecated: "true" -spec: - description: >- - This Task builds source into a container image using Moby BuildKit. - - This buildkit-daemonless Task is similar to buildkit but does not need - creating Secret, Deployment, and Service resources for setting up the - buildkitd daemon cluster. - - params: - - name: DOCKERFILE - description: The name of the Dockerfile - default: "Dockerfile" - - name: BUILDKIT_IMAGE - description: The name of the BuildKit image - # The image needs to be rootful because Tekton creates /builder/home/.docker/config.json owned by root:root with 0600 - # https://github.com/tektoncd/pipeline/issues/852 - default: "docker.io/moby/buildkit:v0.6.2@sha256:db234cf7362aef489e4273a6937794cb19c09ba15c7ee0ec6f85044086ea4f6a" - workspaces: - - name: source - resources: - outputs: - - name: image - type: image - steps: - - name: build-and-push - image: $(params.BUILDKIT_IMAGE) - workingDir: $(workspaces.source.path) - securityContext: - privileged: true - command: ["buildctl-daemonless.sh", "--debug", - "build", - "--progress=plain", - "--frontend=dockerfile.v0", - "--opt", "filename=$(params.DOCKERFILE)", - "--local", "context=.", "--local", "dockerfile=.", - "--output", "type=image,name=$(resources.outputs.image.url),push=true", - "--export-cache", "type=inline", - "--import-cache", "type=registry,ref=$(resources.outputs.image.url)"] \ No newline at end of file diff --git a/share/gitea-tekton-org/tekton.dev_v1beta1_Task_docker-build.yaml b/share/gitea-tekton-org/tekton.dev_v1beta1_Task_docker-build.yaml deleted file mode 100644 index 55606a9..0000000 --- a/share/gitea-tekton-org/tekton.dev_v1beta1_Task_docker-build.yaml +++ /dev/null @@ -1,113 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: docker-build - labels: - app.kubernetes.io/version: "0.1" - annotations: - tekton.dev/pipelines.minVersion: "0.12.1" - tekton.dev/categories: Image Build - tekton.dev/tags: docker, build-image, push-image, dind - tekton.dev/displayName: docker-build - tekton.dev/platforms: "linux/amd64" -spec: - description: >- - This task will build and push an image using docker. - The task will build an out image out of a Dockerfile. - This image will be pushed to an image registry. - The image will be built and pushed using a dind sidecar over TCP+TLS. - params: - - name: image - description: Reference of the image docker will produce. - - name: builder_image - description: The location of the docker builder image. - default: docker.io/library/docker:stable@sha256:18ff92d3d31725b53fa6633d60bed323effb6d5d4588be7b547078d384e0d4bf #tag: stable - - name: dind_image - description: The location of the docker-in-docker image. - default: docker:dind - - name: dockerfile - description: Path to the Dockerfile to build. - default: ./Dockerfile - - name: context - description: Path to the directory to use as context. - default: . - - name: build_extra_args - description: Extra parameters passed for the build command when building images. - default: "" - - name: push_extra_args - description: Extra parameters passed for the push command when pushing images. - default: "" - - name: insecure_registry - description: Allows the user to push to an insecure registry that has been specified - default: "" - workspaces: - - name: source - results: - - name: IMAGE_DIGEST - description: Digest of the image just built. - steps: - - name: docker-build - image: $(params.builder_image) - env: - # Connect to the sidecar over TCP, with TLS. - - name: DOCKER_HOST - value: tcp://localhost:2376 - # Verify TLS. - - name: DOCKER_TLS_VERIFY - value: '1' - # Use the certs generated by the sidecar daemon. - - name: DOCKER_CERT_PATH - value: /certs/client - workingDir: $(workspaces.source.path) - script: | - docker build \ - $(params.build_extra_args) \ - --no-cache \ - -f $(params.dockerfile) -t $(params.image) $(params.context) - volumeMounts: - - mountPath: /certs/client - name: dind-certs - - name: docker-push - image: $(params.builder_image) - env: - # Connect to the sidecar over TCP, with TLS. - - name: DOCKER_HOST - value: tcp://localhost:2376 - # Verify TLS. - - name: DOCKER_TLS_VERIFY - value: '1' - # Use the certs generated by the sidecar daemon. - - name: DOCKER_CERT_PATH - value: /certs/client - workingDir: $(workspaces.source.path) - script: | - docker push $(params.push_extra_args) $(params.image) - volumeMounts: - - mountPath: /certs/client - name: dind-certs - sidecars: - - image: $(params.dind_image) - name: server - args: - - --storage-driver=vfs - - --userland-proxy=false - - --debug - - --insecure-registry=$(params.insecure_registry) - securityContext: - privileged: true - env: - # Write generated certs to the path shared with the client. - - name: DOCKER_TLS_CERTDIR - value: /certs - volumeMounts: - - mountPath: /certs/client - name: dind-certs - # Wait for the dind daemon to generate the certs it will share with the - # client. - readinessProbe: - periodSeconds: 1 - exec: - command: ['ls', '/certs/client/ca.pem'] - volumes: - - name: dind-certs - emptyDir: {} \ No newline at end of file diff --git a/share/gitea-tekton-org/tekton.dev_v1beta1_Task_kaniko.yaml b/share/gitea-tekton-org/tekton.dev_v1beta1_Task_kaniko.yaml deleted file mode 100644 index 68eab0b..0000000 --- a/share/gitea-tekton-org/tekton.dev_v1beta1_Task_kaniko.yaml +++ /dev/null @@ -1,65 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: kaniko - labels: - app.kubernetes.io/version: "0.6" - annotations: - tekton.dev/pipelines.minVersion: "0.17.0" - tekton.dev/categories: Image Build - tekton.dev/tags: image-build - tekton.dev/displayName: "Build and upload container image using Kaniko" - tekton.dev/platforms: "linux/amd64,linux/arm64,linux/ppc64le" -spec: - description: >- - This Task builds a simple Dockerfile with kaniko and pushes to a registry. - This Task stores the image name and digest as results, allowing Tekton Chains to pick up - that an image was built & sign it. - params: - - name: IMAGE - description: Name (reference) of the image to build. - - name: DOCKERFILE - description: Path to the Dockerfile to build. - default: ./Dockerfile - - name: CONTEXT - description: The build context used by Kaniko. - default: ./ - - name: EXTRA_ARGS - type: array - default: [] - - name: BUILDER_IMAGE - description: The image on which builds will run (default is v1.5.1) - default: gcr.io/kaniko-project/executor:v1.5.1@sha256:c6166717f7fe0b7da44908c986137ecfeab21f31ec3992f6e128fff8a94be8a5 - workspaces: - - name: source - description: Holds the context and Dockerfile - - name: dockerconfig - description: Includes a docker `config.json` - optional: true - mountPath: /kaniko/.docker - results: - - name: IMAGE_DIGEST - description: Digest of the image just built. - - name: IMAGE_URL - description: URL of the image just built. - steps: - - name: build-and-push - workingDir: $(workspaces.source.path) - image: $(params.BUILDER_IMAGE) - args: - - $(params.EXTRA_ARGS) - - --dockerfile=$(params.DOCKERFILE) - - --context=$(workspaces.source.path)/$(params.CONTEXT) # The user does not need to care the workspace and the source. - - --destination=$(params.IMAGE) - - --digest-file=$(results.IMAGE_DIGEST.path) - # kaniko assumes it is running as root, which means this example fails on platforms - # that default to run containers as random uid (like OpenShift). Adding this securityContext - # makes it explicit that it needs to run as root. - securityContext: - runAsUser: 0 - - name: write-url - image: docker.io/library/bash:5.1.4@sha256:c523c636b722339f41b6a431b44588ab2f762c5de5ec3bd7964420ff982fb1d9 - script: | - set -e - image="$(params.IMAGE)" - echo -n "${image}" | tee "$(results.IMAGE_URL.path)" \ No newline at end of file