vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2024-05-12 16:52:18 +02:00
parent 8ed9c2fab3
commit 20513e57c7
24 changed files with 1580 additions and 1554 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
share/gitea-tekton-org/check.rhai
View File

@@ -1,8 +1,19 @@
const DOMAIN = config.domain;
fn pre_check() {
const NS = namespace;
fn check_gitea() {
assert(have_install(`${global::DOMAIN}-ci`, "gitea"), `No gitea installation in ${global::DOMAIN}-ci`);
assert(have_ingress(`${global::DOMAIN}-ci`, "gitea"), `No gitea ingress in ${global::DOMAIN}-ci`);
assert(have_secret(`${global::DOMAIN}-ci`, "gitea"), `No gitea secret in ${global::DOMAIN}-ci`);
assert(have_secret(`${global::DOMAIN}-ci`, "gitea"), `No gitea secret in ${global::DOMAIN}-ci`);
assert(have_secret(`${global::DOMAIN}-ci`, "gitea-admin-user"), `No gitea-admin-user secret in ${global::DOMAIN}-ci`);
log_info("Ready to install");
}
fn pre_check() {
check_gitea();
let ing = get_ingress(`${global::DOMAIN}-ci`, "gitea");
let sc = list_storage_class();
save_to_tf("/tmp/toto.tf", "conditions", #{
have_gitea: have_install(`${global::DOMAIN}-ci`, "gitea"),
gitea_url: ing.spec.rules[0].host,
storage_class: sc.items[0].metadata.name
});
}

26
share/gitea-tekton-org/index.rhai
View File

@@ -1,32 +1,6 @@
const SRC=src;
const DEST=dest;
const duplicates=["auto-ci-detector.py"];
const sources=[
#{url: "https://github.com/tektoncd/catalog/raw/main/task/python-coverage/0.1/python-coverage.yaml", name: "python-coverage.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/black/0.2/black.yaml", name: "black.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/buildpacks-phases/0.2/buildpacks-phases.yaml", name: "buildpacks-phases.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/buildpacks/0.6/buildpacks.yaml", name: "buildpacks.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/check-make/0.1/check-make.yaml", name: "check-make.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/gitea-set-status/0.1/gitea-set-status.yaml", name: "gitea-set-status.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/hadolint/0.1/hadolint.yaml", name: "hadolint.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/hugo/0.1/hugo.yaml", name: "hugo.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/kube-linter/0.1/kube-linter.yaml", name: "kube-linter.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/kubeval/0.1/kubeval.yaml", name: "kubeval.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/markdown-lint/0.1/markdown-lint.yaml", name: "markdown-lint.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/npm/0.1/npm.yaml", name: "npm.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/pylint/0.3/pylint.yaml", name: "pylint.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/buildah/0.7/buildah.yaml", name: "buildah.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/pytest/0.2/pytest.yaml", name: "pytest.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/python-coverage/0.1/python-coverage.yaml", name: "python-coverage.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/shellcheck/0.1/shellcheck.yaml", name: "shellcheck.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/sonarqube-scanner/0.4/sonarqube-scanner.yaml", name: "sonarqube-scanner.yaml"},
#{url: "https://github.com/tektoncd/catalog/raw/main/task/yaml-lint/0.1/yaml-lint.yaml", name: "yaml-lint.yaml"},
];
fn pre_pack() {
for file in global::sources {
//shell(`curl -sL ${file.url} > ${global::SRC}/${file.name}`);
}
}
fn post_pack() {
for file in global::duplicates {
shell(`cp ${global::SRC}/${file} ${global::DEST}/${file}`);

3
share/gitea-tekton-org/index.yaml
View File

@@ -95,9 +95,6 @@ options:
type: object
type: object
dependencies:
- dist: null
category: apps
component: gitea
- dist: null
category: workflow
component: tekton-pipelines

86
share/gitea-tekton-org/tekton.dev_v1_Task_hugo.yaml
View File

@@ -1,86 +0,0 @@
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: hugo
labels:
app.kubernetes.io/version: "0.1"
annotations:
tekton.dev/pipelines.minVersion: "0.12.1"
tekton.dev/categories: Build Tools, Cloud
tekton.dev/tags: buildtools, cloud
tekton.dev/displayName: Hugo
tekton.dev/platforms: "linux/amd64"
spec:
description: >-
A Task that builds a Hugo site.
This task uses the Hugo static site generator to build a static site from the
content in the specified directory.
workspaces:
- name: work-dir
params:
- name: content-dir
type: string
description: The directory where the content is located
default: ""
- name: minify
type: string
description: Minify the output e.g. HTML, CSS, JS, XML
default: "false"
- name: base-url
type: string
description: The base URL for the Hugo site. By default reads from the hugo.toml or hugo.yaml
default: ""
- name: verbose
type: string
description: Verbose output
default: "false"
results:
- name: output
description: generated static site
steps:
- name: build
env:
- name: HUGO_MINIFY
value: $(params.minify)
- name: HUGO_BASEURL
value: $(params.base-url)
- name: HUGO_VERBOSE
value: $(params.verbose)
- name: HUGO_CONTENT_DIR
value: $(params.content-dir)
image: docker.io/hugomods/hugo:0.122.0@sha256:e90f2e6786969463f3475c7d5e7f031cb5dbf75a8394687d52f99d6c9d0eda0d
script: |
export HUGOCMD="hugo"
if [ "$HUGO_MINIFY" = 'true' ]; then
export HUGOCMD="${HUGOCMD} --minify"
fi
if [ "$HUGO_BASEURL" != '' ]; then
export HUGOCMD="${HUGOCMD} --baseURL $HUGO_BASEURL"
fi
if [ "$HUGO_VERBOSE" = 'true' ]; then
export HUGOCMD="${HUGOCMD} --verbose"
fi
if [ "$HUGO_CONTENT_DIR" != '' ]; then
export HUGOCMD="${HUGOCMD} --contentDir ${HUGO_CONTENT_DIR}"
fi
cd "$(workspaces.work-dir.path)" || exit
$HUGOCMD
printf "%s/public" "$(workspaces.work-dir.path)" | tee /tekton/results/output

43
share/gitea-tekton-org/tekton.dev_v1beta1_Task_black.yaml
View File

@@ -1,43 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: black
labels:
app.kubernetes.io/version: "0.2"
annotations:
tekton.dev/pipelines.minVersion: "0.12.1"
tekton.dev/categories: Code Quality
tekton.dev/tags: formatter, python, black
tekton.dev/displayName: "Python Black"
tekton.dev/platforms: "linux/amd64"
spec:
description: >-
This task can be used to format Python code
workspaces:
- name: shared-workspace
description: >-
The workspace containing python source code which we want to format.
params:
- name: image
description: The container image to use black in
default: docker.io/cytopia/black:latest-0.2@sha256:2ec766f1c7e42e6b59c0873ce066fa0a2aa2bf8a80dbc1c40f1566bb539303e0
- name: requirements_file
description: The name of the requirements file inside the source location
default: requirements.txt
- name: args
type: array
description: extra args that needs to be appended
default: ["--help"]
steps:
- name: format-python-code
image: $(params.image)
workingDir: $(workspaces.shared-workspace.path)
script: |
export HOME=/tmp/python
export PATH=$PATH:/tmp/python/.local/bin
if [ -n "$(params.requirements_file)" ] && [ -e "$(params.requirements_file)" ];then
python -mpip install --user -r $(params.requirements_file)
fi
black $@
args:
- $(params.args)

98
share/gitea-tekton-org/tekton.dev_v1beta1_Task_buildah.yaml
View File

@@ -1,98 +0,0 @@
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: buildah
labels:
app.kubernetes.io/version: "0.7"
annotations:
tekton.dev/categories: Image Build
tekton.dev/pipelines.minVersion: "0.17.0"
tekton.dev/tags: image-build
tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64"
tekton.dev/displayName: buildah
spec:
description: >-
Buildah task builds source into a container image and
then pushes it to a container registry.
Buildah Task builds source into a container image using Project Atomic's
Buildah build tool.It uses Buildah's support for building from Dockerfiles,
using its buildah bud command.This command executes the directives in the
Dockerfile to assemble a container image, then pushes that image to a
container registry.
params:
- name: IMAGE
description: Reference of the image buildah will produce.
- name: BUILDER_IMAGE
description: The location of the buildah builder image.
default: quay.io/buildah/stable:v1
- name: STORAGE_DRIVER
description: Set buildah storage driver
default: overlay
- name: DOCKERFILE
description: Path to the Dockerfile to build.
default: ./Dockerfile
- name: CONTEXT
description: Path to the directory to use as context.
default: .
- name: TLSVERIFY
description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry)
default: "true"
- name: FORMAT
description: The format of the built container, oci or docker
default: "oci"
- name: BUILD_EXTRA_ARGS
description: Extra parameters passed for the build command when building images.
default: ""
- name: PUSH_EXTRA_ARGS
description: Extra parameters passed for the push command when pushing images.
type: string
default: ""
- name: SKIP_PUSH
description: Skip pushing the built image
default: "false"
workspaces:
- name: source
- name: sslcertdir
optional: true
- name: dockerconfig
description: >-
An optional workspace that allows providing a .docker/config.json file
for Buildah to access the container registry.
The file should be placed at the root of the Workspace with name config.json.
optional: true
results:
- name: IMAGE_DIGEST
description: Digest of the image just built.
- name: IMAGE_URL
description: Image repository where the built image would be pushed to
steps:
- name: build-and-push
image: $(params.BUILDER_IMAGE)
workingDir: $(workspaces.source.path)
script: |
[ "$(workspaces.sslcertdir.bound)" = "true" ] && CERT_DIR_FLAG="--cert-dir=$(workspaces.sslcertdir.path)"
[ "$(workspaces.dockerconfig.bound)" = "true" ] && DOCKER_CONFIG="$(workspaces.dockerconfig.path)" && export DOCKER_CONFIG
# build the image (CERT_DIR_FLAG should be omitted if empty and BUILD_EXTRA_ARGS can contain multiple args)
# shellcheck disable=SC2046,SC2086
buildah ${CERT_DIR_FLAG} "--storage-driver=$(params.STORAGE_DRIVER)" bud $(params.BUILD_EXTRA_ARGS) \
"--format=$(params.FORMAT)" "--tls-verify=$(params.TLSVERIFY)" \
-f "$(params.DOCKERFILE)" -t "$(params.IMAGE)" "$(params.CONTEXT)"
[ "$(params.SKIP_PUSH)" = "true" ] && echo "Push skipped" && exit 0
# push the image (CERT_DIR_FLAG should be omitted if empty and PUSH_EXTRA_ARGS can contain multiple args)
# shellcheck disable=SC2046,SC2086
buildah ${CERT_DIR_FLAG} "--storage-driver=$(params.STORAGE_DRIVER)" push $(params.PUSH_EXTRA_ARGS) \
"--tls-verify=$(params.TLSVERIFY)" --digestfile /tmp/image-digest "$(params.IMAGE)" \
"docker://$(params.IMAGE)"
tee "$(results.IMAGE_DIGEST.path)" < /tmp/image-digest
printf '%s' "$(params.IMAGE)" | tee "$(results.IMAGE_URL.path)"
volumeMounts:
- name: varlibcontainers
mountPath: /var/lib/containers
securityContext:
privileged: true
volumes:
- name: varlibcontainers
emptyDir: {}

241
share/gitea-tekton-org/tekton.dev_v1beta1_Task_buildpacks-phases.yaml
View File

@@ -1,241 +0,0 @@
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: buildpacks-phases
labels:
app.kubernetes.io/version: "0.2"
annotations:
tekton.dev/categories: Image Build, Security
tekton.dev/pipelines.minVersion: "0.17.0"
tekton.dev/tags: image-build
tekton.dev/displayName: "Buildpacks (phases)"
tekton.dev/platforms: "linux/amd64"
spec:
description: >-
The Buildpacks-Phases task builds source into a container image and pushes it to
a registry, using Cloud Native Buildpacks. This task separately calls the aspects of the
Cloud Native Buildpacks lifecycle, to provide increased security via container isolation.
workspaces:
- name: source
description: Directory where application source is located.
- name: cache
description: Directory where cache is stored (when no cache image is provided).
optional: true
params:
- name: APP_IMAGE
description: The name of where to store the app image.
- name: BUILDER_IMAGE
description: The image on which builds will run (must include lifecycle and compatible buildpacks).
- name: SOURCE_SUBPATH
description: A subpath within the `source` input where the source to build is located.
default: ""
- name: ENV_VARS
type: array
description: Environment variables to set during _build-time_.
default: []
- name: PROCESS_TYPE
description: The default process type to set on the image.
default: "web"
- name: RUN_IMAGE
description: Reference to a run image to use.
default: ""
- name: CACHE_IMAGE
description: The name of the persistent app cache image (if no cache workspace is provided).
default: ""
- name: USER_ID
description: The user ID of the builder image user.
default: "1000"
- name: GROUP_ID
description: The group ID of the builder image user.
default: "1000"
- name: PLATFORM_DIR
description: The name of the platform directory.
default: empty-dir
- name: LIFECYCLE_IMAGE
description: The image to use when executing sensitive phases.
default: docker.io/buildpacksio/lifecycle:0.10.2@sha256:1bf8d3fc41d2fdf0ee4abdad50038ab8902ef58c74f5bcfc432c26767d889ed0
- name: USER_HOME
description: Absolute path to the user's home directory.
default: /tekton/home
results:
- name: APP_IMAGE_DIGEST
description: The digest of the built `APP_IMAGE`.
stepTemplate:
env:
- name: CNB_PLATFORM_API
value: "0.4"
- name: HOME
value: $(params.USER_HOME)
steps:
- name: prepare
image: docker.io/library/bash:5.1.4@sha256:b208215a4655538be652b2769d82e576bc4d0a2bb132144c060efc5be8c3f5d6
args:
- "--env-vars"
- "$(params.ENV_VARS[*])"
script: |
#!/usr/bin/env bash
set -e
if [[ "$(workspaces.cache.bound)" == "true" ]]; then
echo "> Setting permissions on '$(workspaces.cache.path)'..."
chown -R "$(params.USER_ID):$(params.GROUP_ID)" "$(workspaces.cache.path)"
fi
for path in "/tekton/home" "/layers" "$(workspaces.source.path)"; do
echo "> Setting permissions on '$path'..."
chown -R "$(params.USER_ID):$(params.GROUP_ID)" "$path"
done
echo "> Parsing additional configuration..."
parsing_flag=""
envs=()
for arg in "$@"; do
if [[ "$arg" == "--env-vars" ]]; then
echo "-> Parsing env variables..."
parsing_flag="env-vars"
elif [[ "$parsing_flag" == "env-vars" ]]; then
envs+=("$arg")
fi
done
echo "> Processing any environment variables..."
ENV_DIR="/platform/env"
echo "--> Creating 'env' directory: $ENV_DIR"
mkdir -p "$ENV_DIR"
for env in "${envs[@]}"; do
IFS='=' read -r key value string <<< "$env"
if [[ "$key" != "" && "$value" != "" ]]; then
path="${ENV_DIR}/${key}"
echo "--> Writing ${path}..."
echo -n "$value" > "$path"
fi
done
volumeMounts:
- name: layers-dir
mountPath: /layers
- name: $(params.PLATFORM_DIR)
mountPath: /platform
securityContext:
privileged: true
# Copy stack.toml so that it will be accessible to the exporter, since the lifecycle image will not contain it.
- name: copy-stack-toml
image: $(params.BUILDER_IMAGE)
imagePullPolicy: Always
command: ["/bin/sh"]
args:
- "-c"
- >
cp /cnb/stack.toml /layers/
volumeMounts:
- name: layers-dir
mountPath: /layers
- name: detect
image: $(params.BUILDER_IMAGE)
imagePullPolicy: Always
command: ["/cnb/lifecycle/detector"]
args:
- "-app=$(workspaces.source.path)/$(params.SOURCE_SUBPATH)"
- "-group=/layers/group.toml"
- "-plan=/layers/plan.toml"
volumeMounts:
- name: layers-dir
mountPath: /layers
- name: $(params.PLATFORM_DIR)
mountPath: /platform
- name: empty-dir
mountPath: /tekton/home
- name: analyze
image: $(params.LIFECYCLE_IMAGE)
imagePullPolicy: Always
command: ["/cnb/lifecycle/analyzer"]
args:
- "-layers=/layers"
- "-group=/layers/group.toml"
- "-cache-dir=$(workspaces.cache.path)"
- "-cache-image=$(params.CACHE_IMAGE)"
- "-uid=$(params.USER_ID)"
- "-gid=$(params.GROUP_ID)"
- "$(params.APP_IMAGE)"
volumeMounts:
- name: layers-dir
mountPath: /layers
- name: restore
image: $(params.LIFECYCLE_IMAGE)
imagePullPolicy: Always
command: ["/cnb/lifecycle/restorer"]
args:
- "-group=/layers/group.toml"
- "-layers=/layers"
- "-cache-dir=$(workspaces.cache.path)"
- "-cache-image=$(params.CACHE_IMAGE)"
- "-uid=$(params.USER_ID)"
- "-gid=$(params.GROUP_ID)"
volumeMounts:
- name: layers-dir
mountPath: /layers
- name: build
image: $(params.BUILDER_IMAGE)
imagePullPolicy: Always
command: ["/cnb/lifecycle/builder"]
args:
- "-app=$(workspaces.source.path)/$(params.SOURCE_SUBPATH)"
- "-layers=/layers"
- "-group=/layers/group.toml"
- "-plan=/layers/plan.toml"
volumeMounts:
- name: layers-dir
mountPath: /layers
- name: $(params.PLATFORM_DIR)
mountPath: /platform
- name: empty-dir
mountPath: /tekton/home
- name: export
image: $(params.LIFECYCLE_IMAGE)
imagePullPolicy: Always
command: ["/cnb/lifecycle/exporter"]
args:
- "-app=$(workspaces.source.path)/$(params.SOURCE_SUBPATH)"
- "-layers=/layers"
- "-group=/layers/group.toml"
- "-cache-dir=$(workspaces.cache.path)"
- "-cache-image=$(params.CACHE_IMAGE)"
- "-report=/layers/report.toml"
- "-process-type=$(params.PROCESS_TYPE)"
- "-uid=$(params.USER_ID)"
- "-gid=$(params.GROUP_ID)"
- "-stack=/layers/stack.toml"
- "-run-image=$(params.RUN_IMAGE)"
- "$(params.APP_IMAGE)"
volumeMounts:
- name: layers-dir
mountPath: /layers
- name: results
image: docker.io/library/bash:5.1.4@sha256:b208215a4655538be652b2769d82e576bc4d0a2bb132144c060efc5be8c3f5d6
script: |
#!/usr/bin/env bash
set -e
cat /layers/report.toml | grep "digest" | cut -d'"' -f2 | cut -d'"' -f2 | tr -d '\n' | tee $(results.APP_IMAGE_DIGEST.path)
volumeMounts:
- name: layers-dir
mountPath: /layers
volumes:
- name: empty-dir
emptyDir: {}
- name: layers-dir
emptyDir: {}

178
share/gitea-tekton-org/tekton.dev_v1beta1_Task_buildpacks.yaml
View File

@@ -1,178 +0,0 @@
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: buildpacks
labels:
app.kubernetes.io/version: "0.6"
annotations:
tekton.dev/categories: Image Build
tekton.dev/pipelines.minVersion: "0.17.0"
tekton.dev/tags: image-build
tekton.dev/displayName: "Buildpacks"
tekton.dev/platforms: "linux/amd64"
spec:
description: >-
The Buildpacks task builds source into a container image and pushes it to a registry,
using Cloud Native Buildpacks.
workspaces:
- name: source
description: Directory where application source is located.
- name: cache
description: Directory where cache is stored (when no cache image is provided).
optional: true
- name: dockerconfig
description: >-
An optional workspace that allows providing a .docker/config.json file
for Buildpacks lifecycle binary to access the container registry.
The file should be placed at the root of the Workspace with name config.json.
optional: true
params:
- name: APP_IMAGE
description: The name of where to store the app image.
- name: BUILDER_IMAGE
description: The image on which builds will run (must include lifecycle and compatible buildpacks).
- name: SOURCE_SUBPATH
description: A subpath within the `source` input where the source to build is located.
default: ""
- name: ENV_VARS
type: array
description: Environment variables to set during _build-time_.
default: []
- name: PROCESS_TYPE
description: The default process type to set on the image.
default: "web"
- name: RUN_IMAGE
description: Reference to a run image to use.
default: ""
- name: CACHE_IMAGE
description: The name of the persistent app cache image (if no cache workspace is provided).
default: ""
- name: SKIP_RESTORE
description: Do not write layer metadata or restore cached layers.
default: "false"
- name: USER_ID
description: The user ID of the builder image user.
default: "1000"
- name: GROUP_ID
description: The group ID of the builder image user.
default: "1000"
- name: PLATFORM_DIR
description: The name of the platform directory.
default: empty-dir
results:
- name: APP_IMAGE_DIGEST
description: The digest of the built `APP_IMAGE`.
- name: APP_IMAGE_URL
description: The URL of the built `APP_IMAGE`.
stepTemplate:
env:
- name: CNB_PLATFORM_API
value: "0.9"
steps:
- name: prepare
image: docker.io/library/bash:5.1.4@sha256:b208215a4655538be652b2769d82e576bc4d0a2bb132144c060efc5be8c3f5d6
args:
- "--env-vars"
- "$(params.ENV_VARS[*])"
script: |
#!/usr/bin/env bash
set -e
if [[ "$(workspaces.cache.bound)" == "true" ]]; then
echo "> Setting permissions on '$(workspaces.cache.path)'..."
chown -R "$(params.USER_ID):$(params.GROUP_ID)" "$(workspaces.cache.path)"
fi
for path in "/tekton/home" "/layers" "$(workspaces.source.path)"; do
echo "> Setting permissions on '$path'..."
chown -R "$(params.USER_ID):$(params.GROUP_ID)" "$path"
if [[ "$path" == "$(workspaces.source.path)" ]]; then
chmod 775 "$(workspaces.source.path)"
fi
done
echo "> Parsing additional configuration..."
parsing_flag=""
envs=()
for arg in "$@"; do
if [[ "$arg" == "--env-vars" ]]; then
echo "-> Parsing env variables..."
parsing_flag="env-vars"
elif [[ "$parsing_flag" == "env-vars" ]]; then
envs+=("$arg")
fi
done
echo "> Processing any environment variables..."
ENV_DIR="/platform/env"
echo "--> Creating 'env' directory: $ENV_DIR"
mkdir -p "$ENV_DIR"
for env in "${envs[@]}"; do
IFS='=' read -r key value <<< "$env"
if [[ "$key" != "" && "$value" != "" ]]; then
path="${ENV_DIR}/${key}"
echo "--> Writing ${path}..."
echo -n "$value" > "$path"
fi
done
volumeMounts:
- name: layers-dir
mountPath: /layers
- name: $(params.PLATFORM_DIR)
mountPath: /platform
- name: create
image: $(params.BUILDER_IMAGE)
imagePullPolicy: Always
command: ["/cnb/lifecycle/creator"]
env:
- name: DOCKER_CONFIG
value: $(workspaces.dockerconfig.path)
args:
- "-app=$(workspaces.source.path)/$(params.SOURCE_SUBPATH)"
- "-cache-dir=$(workspaces.cache.path)"
- "-cache-image=$(params.CACHE_IMAGE)"
- "-uid=$(params.USER_ID)"
- "-gid=$(params.GROUP_ID)"
- "-layers=/layers"
- "-platform=/platform"
- "-report=/layers/report.toml"
- "-process-type=$(params.PROCESS_TYPE)"
- "-skip-restore=$(params.SKIP_RESTORE)"
- "-previous-image=$(params.APP_IMAGE)"
- "-run-image=$(params.RUN_IMAGE)"
- "$(params.APP_IMAGE)"
volumeMounts:
- name: layers-dir
mountPath: /layers
- name: $(params.PLATFORM_DIR)
mountPath: /platform
securityContext:
runAsUser: 1000
runAsGroup: 1000
- name: results
image: docker.io/library/bash:5.1.4@sha256:b208215a4655538be652b2769d82e576bc4d0a2bb132144c060efc5be8c3f5d6
script: |
#!/usr/bin/env bash
set -e
grep "digest" /layers/report.toml | cut -d'"' -f2 | cut -d'"' -f2 | tr -d '\n' | tee "$(results.APP_IMAGE_DIGEST.path)"
echo -n "$(params.APP_IMAGE)" | tee "$(results.APP_IMAGE_URL.path)"
volumeMounts:
- name: layers-dir
mountPath: /layers
volumes:
- name: empty-dir
emptyDir: {}
- name: layers-dir
emptyDir: {}

31
share/gitea-tekton-org/tekton.dev_v1beta1_Task_check-make.yaml
View File

@@ -1,31 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: check-make
labels:
app.kubernetes.io/version: "0.1"
annotations:
tekton.dev/pipelines.minVersion: "0.12.1"
tekton.dev/categories: Code Quality
tekton.dev/tags: linter
tekton.dev/displayName: "Makefile linter"
tekton.dev/platforms: "linux/amd64"
spec:
description: >-
This task can be used to perform lint check on Makefiles
workspaces:
- name: shared-workspace
description: A workspace that contains the fetched git repository.
params:
- name: args
type: array
description: extra args needs to append
default: ["--help"]
steps:
- name: lint-makefile
image: docker.io/cytopia/checkmake:0.1.0@sha256:50957311f1ae25fd5925e1a45798d323cf00b3654cd1eede8db7814c72cec41d #tag: 0.1.0
workingDir: $(workspaces.shared-workspace.path)
command:
- checkmake
args:
- $(params.args)

162
share/gitea-tekton-org/tekton.dev_v1beta1_Task_gitea-set-status.yaml
View File

@@ -1,162 +0,0 @@
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: gitea-set-status
labels:
app.kubernetes.io/version: "0.1"
annotations:
tekton.dev/categories: Git
tekton.dev/pipelines.minVersion: "0.12.1"
tekton.dev/tags: gitea
tekton.dev/displayName: "set gitea status"
tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le"
spec:
description: >-
This task will set the status of the CI job to the specified value along
with a link to the specified target URL where developers can follow the
progress of the CI job.
The `gitea-set-status` task allows external services to mark Gitea commits
with an `error`, `failure`, `pending`, or `success` state, which is then
reflected in pull requests involving those commits. Statuses include as well a
`description` and a `target_url`, to give the user informations about the CI
statuses or a direct link to the full log.
params:
- name: GITEA_HOST_URL
description: |
The Gitea host, e.g: git.yourcompany.com. Can include port.
type: string
- name: GITEA_HTTPS_OR_HTTP
description: |
If we should connect with HTTP or HTTPS. Use "http" or "https" here.
type: string
default: https
- name: API_PATH_PREFIX
description: |
The API path prefix of Gitea, default: /api/v1
default: "/api/v1"
type: string
- name: REPO_FULL_NAME
description: |
The Gitea repository full name, e.g.: tektoncd/catalog
type: string
- name: GITEA_TOKEN_SECRET_NAME
description: |
The name of the kubernetes secret that contains the Gitea token, default: gitea
type: string
default: gitea
- name: GITEA_TOKEN_SECRET_KEY
description: |
The key within the kubernetes secret that contains the Gitea token, default: token
type: string
default: token
- name: SHA
description: |
Commit SHA to set the status for.
type: string
- name: TARGET_URL
description: |
The target URL to associate with this status. This URL will be linked
from the Gitea UI to allow users to easily see the source of the
status.
type: string
- name: DESCRIPTION
description: |
A short description of the status.
type: string
- name: CONTEXT
description: |
The Gitea context, A string label to differentiate this status from
the status of other systems. ie: "continuous-integration/tekton"
default: "continuous-integration/tekton"
type: string
- name: STATE
description: |
The state of the status. Can be one of the following `error`,
`failure`, `pending`, `warning` or `success`.
type: string
- name: IMAGE
description: |
Image providing the python binary which this task uses.
type: string
default: python:3.10.1-alpine3.15@sha256:affe0faa14e7553fc570beec3864e74b5e36f8c19b2bb49ae8ba79c0e9e7236e
- name: SHEBANG
description: |
Python path. Depends on the image.
type: string
default: /usr/bin/env python
volumes:
- name: giteatoken
secret:
secretName: $(params.GITEA_TOKEN_SECRET_NAME)
steps:
- name: set-status
volumeMounts:
- name: giteatoken
mountPath: /etc/gitea-set-status
image: $(params.IMAGE)
script: |
#!$(params.SHEBANG)
"""This script will set the CI status on a Gitea commit"""
import json
import sys
import http.client
gitea_token = open("/etc/gitea-set-status/$(params.GITEA_TOKEN_SECRET_KEY)", "r").read()
status_url = "$(params.API_PATH_PREFIX)" + "/repos/$(params.REPO_FULL_NAME)/" + \
"statuses/$(params.SHA)"
data = {
"state": "$(params.STATE)",
"target_url": "$(params.TARGET_URL)",
"description": "$(params.DESCRIPTION)",
"context": "$(params.CONTEXT)"
}
print("Sending this data to Gitea: ")
print(data)
authHeader = "token " + gitea_token
if "$(params.GITEA_HTTPS_OR_HTTP)" == "https":
conn = http.client.HTTPSConnection("$(params.GITEA_HOST_URL)")
else:
conn = http.client.HTTPConnection("$(params.GITEA_HOST_URL)")
conn.request(
"POST",
status_url,
body=json.dumps(data),
headers={
"User-Agent": "TektonCD, the peaceful cat",
"Authorization": authHeader,
"Accept": "application/json",
"Content-Type": "application/json",
})
resp = conn.getresponse()
if not str(resp.status).startswith("2"):
print("Error: %d" % (resp.status))
print(resp.read())
sys.exit(1)
else:
print("Gitea status '$(params.STATE)' has been set on "
"$(params.REPO_FULL_NAME)#$(params.SHA) ")

60
share/gitea-tekton-org/tekton.dev_v1beta1_Task_hadolint.yaml
View File

@@ -1,60 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
annotations:
tekton.dev/categories: Code Quality
tekton.dev/displayName: Hadolint
tekton.dev/pipelines.minVersion: 0.12.1
tekton.dev/platforms: linux/amd64
tekton.dev/tags: 'Kubernetes, Misconfiguration'
name: hadolint
labels:
app.kubernetes.io/version: '0.1'
spec:
description: >-
This task makes it possible to use Hadolint within Tekton Pipeline.
A smarter Dockerfile linter that helps you build best practice Docker
images. The linter parses the Dockerfile into an AST and performs rules on
top of the AST
params:
- default: ''
description: ignore rules.
name: ignore-rules
type: string
- default: './Dockerfile'
description: Dockerfile path.
name: dockerfile-path
type: string
- default: tty
description: >-
The output format for the results [tty | json | checkstyle | codeclimate
| gitlab_codeclimate | codacy] (default tty).
name: output-format
type: string
steps:
- image: 'ghcr.io/hadolint/hadolint:v2.8.0-debian@sha256:50b0e60aa2b4aba5a26eeb4ad08c96ed7a828fca996632e29114aabea18345f4'
name: lint-dockerfile
script: |
#!/bin/bash
set -e
if [ -n "$RULES" ]
then
IFS="," read -a RULES <<< "$RULES"
for rule in ${RULES[@]}; do ignore_rules="--ignore $rule $ignore_rules"; done
command_to_run="hadolint ${ignore_rules}"
else
command_to_run="hadolint"
fi
$command_to_run "$DOCKERFILE" -f "$OFORMAT"
env:
- name: RULES
value: "$(params.ignore-rules)"
- name: DOCKERFILE
value: "$(params.dockerfile-path)"
- name: OFORMAT
value: "$(params.output-format)"
workingDir: $(workspaces.source.path)
workspaces:
- description: A workspace that contains fetched git repo.
name: source

90
share/gitea-tekton-org/tekton.dev_v1beta1_Task_kube-linter.yaml
View File

@@ -1,90 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: kube-linter
labels:
app.kubernetes.io/version: "0.1"
annotations:
tekton.dev/pipelines.minVersion: "0.12.1"
tekton.dev/categories: Code Quality
tekton.dev/tags: Kubernetes, Misconfiguration
tekton.dev/displayName: "Kube-Linter"
tekton.dev/platforms: "linux/amd64"
spec:
description: >-
This task makes it possible to use kube-linter within Tekton Pipeline.
The KubeLinter tool by StackRox is an open-source command-line interface to identify misconfigurations in Kubernetes objects.
KubeLinter offers the ability to integrate checks on Kubernetes YAML files and Helm charts before deployment into a Kubernetes cluster.
With 31 standard built-in checks and the room to configure your own, you get immediate feedback about misconfigurations and Kubernetes security violations.
workspaces:
- name: source
description: A workspace that contains fetched git repo.
params:
- name: config_file_url
type: string
description: url from where the config file would be fetched.
default: ""
- name: config_file_path
type: string
description: path to config file.
default: ""
- name: manifest
type: string
description: path to manifest files or manifest directory to be checked.
default: "."
- name: includelist
type: string
description: "A string with comma separated checks to be included"
default: ""
- name: excludelist
type: string
description: "A string with comma separated checks to be excluded"
default: ""
- name: default_option
type: string
description: "provides two options (adding all built-in checks or disabling all default checks): add-all-built-in and/do-not-auto-add-defaults"
default: ""
- name: output_format
type: string
description: format in which report will be generated. (json|sarif|plain) (default:"json")
default: json
- name: args
type: array
description: "args"
default: []
steps:
- name: fetch-config-file
image: registry.access.redhat.com/ubi8/ubi-minimal:8.2
workingDir: $(workspaces.source.path)
script: |
#!/usr/bin/env bash
set -e
if [ -n "$(params.config_file_url)" ]
then
curl "$(params.config_file_url)" --output "$(params.config_file_path)"
echo "Fetched the config file from given ($(params.config_file_url)) URL and successfully saved at $(workspaces.source.path)/$(params.config_file_path)"
else
echo "No config file url was set"
fi
- name: lint-yaml
image: docker.io/stackrox/kube-linter:0.2.2-2-g7d10a69154-alpine@sha256:e520e9d8d3a2dfa611914836536545b135845e7bda9f1df34b060e116232dbf0
workingDir: $(workspaces.source.path)
script: |
mv ../../kube-linter ../../bin;
if [ -n "$(params.config_file_path)" ]
then
kube-linter lint "$(params.manifest)" --config "$(params.config_file_path)" --format "$(params.output_format)" "$@"
else
if [ -n "$(params.default_option)" ]
then
kube-linter lint "$(params.manifest)" --"$(params.default_option)" --include "$(params.includelist)" --exclude "$(params.excludelist)" --format "$(params.output_format)" "$@"
else
kube-linter lint "$(params.manifest)" --include "$(params.includelist)" --exclude "$(params.excludelist)" --format "$(params.output_format)" "$@"
fi
fi
args:
- $(params.args)

41
share/gitea-tekton-org/tekton.dev_v1beta1_Task_kubeval.yaml
View File

@@ -1,41 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: kubeval
labels:
app.kubernetes.io/version: "0.1"
annotations:
tekton.dev/pipelines.minVersion: "0.12.1"
tekton.dev/categories: Code Quality, Kubernetes
tekton.dev/tags: test
tekton.dev/platforms: "linux/amd64"
spec:
description: >-
This task makes it possible to use Kubeval within your Tekton pipelines.
Kubeval is a tool used for validating Kubernetes configuration files. By
default the task will recursively scan the provided repository for YAML
files and validate them against the Kubernetes schemas.
workspaces:
- name: source
params:
- name: files
default: "."
- name: output
default: "stdout"
- name: args
type: array
default: []
steps:
- name: kubeval
workingDir: $(workspaces.source.path)
image: docker.io/garethr/kubeval:0.15.0@sha256:6962d8ecbb7839637667f66e6703e6ebaae0c29dfe93a31d9968fba4324c7b8d #tag: 0.15.0
command:
- kubeval
- -d
- $(params.files)
- -o
- $(params.output)
- $(params.args)

31
share/gitea-tekton-org/tekton.dev_v1beta1_Task_markdown-lint.yaml
View File

@@ -1,31 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: markdown-lint
labels:
app.kubernetes.io/version: "0.1"
annotations:
tekton.dev/pipelines.minVersion: "0.12.1"
tekton.dev/categories: Code Quality
tekton.dev/tags: linter
tekton.dev/displayName: "Markdown linter"
tekton.dev/platforms: "linux/amd64"
spec:
description: >-
This task can be used to perform lint check on Markdown files
workspaces:
- name: shared-workspace
description: A workspace that contains the fetched git repository.
params:
- name: args
type: array
description: extra args needs to append
default: ["--help"]
steps:
- name: lint-markdown-files
image: docker.io/markdownlint/markdownlint:0.11.0@sha256:399a199c92f89f42cf3a0a1159bd86ca5cdc293fcfd39f87c0669ddee9767724 #tag: 0.11.0
workingDir: $(workspaces.shared-workspace.path)
command:
- mdl
args:
- $(params.args)

44
share/gitea-tekton-org/tekton.dev_v1beta1_Task_npm.yaml
View File

@@ -1,44 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: npm
labels:
app.kubernetes.io/version: "0.1"
annotations:
tekton.dev/pipelines.minVersion: "0.17.0"
tekton.dev/categories: Build Tools
tekton.dev/tags: build-tool
tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le"
spec:
description: >-
This task can be used to run npm goals on a project.
This task can be used to run npm goals on a project
where package.json is present and has some pre-defined
npm scripts.
workspaces:
- name: source
params:
- name: PATH_CONTEXT
type: string
default: "."
description: The path where package.json of the project is defined.
- name: ARGS
type: array
default: ["version"]
description: The npm goals you want to run.
- name: IMAGE
type: string
default: "docker.io/library/node:12-alpine@sha256:dfbebf17bfb014e1e7068e76325a117bccf8679c68aec6a28514184a209c8bae"
description: The node image you want to use.
steps:
- name: npm-run
image: $(params.IMAGE)
command:
- "npm"
args:
- $(params.ARGS)
workingDir: $(workspaces.source.path)/$(params.PATH_CONTEXT)
env:
- name: CI
value: "true"

66
share/gitea-tekton-org/tekton.dev_v1beta1_Task_pylint.yaml
View File

@@ -1,66 +0,0 @@
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: pylint
labels:
app.kubernetes.io/version: "0.3"
annotations:
tekton.dev/categories: Code Quality
tekton.dev/pipelines.minVersion: "0.17.0"
tekton.dev/tags: python, pylint
tekton.dev/displayName: pylint
tekton.dev/platforms: "linux/amd64"
spec:
description: >-
This task will run pylint on the provided input.
workspaces:
- name: source
- description: The workspace consisting of the custom pip settings.
name: pip-conf
optional: true
params:
- name: image
description: The container image with pylint
default: registry.gitlab.com/pipeline-components/pylint:0.12.0@sha256:051b701936dfab6fa27bd1ebd50ef56b19577565661bc0227e50dd1cf94a3d6e
- name: path
description: The path to the module which should be analysed by pylint
default: "."
type: string
- name: requirements_file
description: The name of the requirements file inside the source location
default: "requirements.txt"
- name: args
description: The arguments to pass to the pylint CLI.
type: array
default: []
- name: pip_conf_file
description: The name of the custom pip config file.
default: "pip.conf"
steps:
- name: pylint
image: $(params.image)
workingDir: $(workspaces.source.path)
env:
- name: HOME
value: /tmp/python
- name: PARAM_PIP_CONF_FILE
value: $(params.pip_conf_file)
- name: WORKSPACE_PIP_CONF_BOUND
value: $(workspaces.pip-conf.bound)
- name: WORKSPACE_PIP_CONF_PATH
value: $(workspaces.pip-conf.path)
script: |
export PATH=$PATH:$HOME/.local/bin
if [ "${WORKSPACE_PIP_CONF_BOUND}" = "true" ] ; then
export PIP_CONFIG_FILE="${WORKSPACE_PIP_CONF_PATH}/${PARAM_PIP_CONF_FILE}"
fi
if [ -n "$(params.requirements_file)" ] && [ -e "$(params.requirements_file)" ];then
python -mpip install --user -r "$(params.requirements_file)"
fi
pylint $@ "$(params.path)"
args:
- "$(params.args)"

77
share/gitea-tekton-org/tekton.dev_v1beta1_Task_pytest.yaml
View File

@@ -1,77 +0,0 @@
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: pytest
labels:
app.kubernetes.io/version: "0.2"
annotations:
tekton.dev/categories: Testing
tekton.dev/pipelines.minVersion: "0.17.0"
tekton.dev/tags: python, pytest
tekton.dev/displayName: pytest
tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le"
spec:
description: >-
This task will run pytest on the provided input.
workspaces:
- name: source
- description: The workspace consisting of the custom pip settings.
name: pip-conf
optional: true
params:
- name: PYTHON_IMAGE
description: The used Python image
type: string
default: "docker.io/python:3.11.1-bullseye"
- name: ARGS
description: The additional arguments to be used with pytest
type: string
default: ""
- name: SOURCE_PATH
description: The path to the source code
default: "."
- name: REQUIREMENTS_FILE
description: The name of the requirements file inside the source location, with fallback to the requirements file in the root location
default: "requirements.txt"
- name: PIP_CONF_FILE
description: The name of the custom pip config file.
default: "pip.conf"
steps:
- name: unit-test
image: $(params.PYTHON_IMAGE)
workingDir: $(workspaces.source.path)
env:
- name: PARAM_PIP_CONF_FILE
value: $(params.PIP_CONF_FILE)
- name: WORKSPACE_PIP_CONF_BOUND
value: $(workspaces.pip-conf.bound)
- name: WORKSPACE_PIP_CONF_PATH
value: $(workspaces.pip-conf.path)
script: |
export PATH=$PATH:$HOME/.local/bin
if [ "${WORKSPACE_PIP_CONF_BOUND}" = "true" ] ; then
export PIP_CONFIG_FILE="${WORKSPACE_PIP_CONF_PATH}/${PARAM_PIP_CONF_FILE}"
fi
if [ -e "$(params.SOURCE_PATH)"/"$(params.REQUIREMENTS_FILE)" ];
then
pip install -r "$(params.SOURCE_PATH)"/"$(params.REQUIREMENTS_FILE)"
pip show pytest || {
printf "###\nWarning: Pytest is missing in your test requirements file\n###";
pip install pytest
}
else
if [ -e "$(params.REQUIREMENTS_FILE)" ];
then
pip install -r "$(params.REQUIREMENTS_FILE)"
fi
pip install pytest
fi
if [ -z "$(params.ARGS)" ]; then
pytest "$(params.SOURCE_PATH)"
else
pytest "$(params.ARGS)" "$(params.SOURCE_PATH)"
fi

55
share/gitea-tekton-org/tekton.dev_v1beta1_Task_python-coverage.yaml
View File

@@ -1,55 +0,0 @@
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: python-coverage
labels:
app.kubernetes.io/version: "0.1"
annotations:
tekton.dev/categories: Code Quality
tekton.dev/pipelines.minVersion: "0.12.1"
tekton.dev/tags: python, coverage
tekton.dev/displayName: python coverage
tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le"
spec:
description: >-
This task can be used to measure code coverage of Python projects.
workspaces:
- name: source
params:
- name: PYTHON
description: The used Python version, more precisely the tag for the Python image
type: string
default: "latest"
- name: ARGS
description: The additional arguments to be used with pytest
type: string
default: ""
- name: SOURCE_PATH
description: The path to the source code
default: "."
- name: REQUIREMENTS_FILE
description: The name of the requirements file inside the source location
default: "requirements.txt"
steps:
- name: code-coverage
image: docker.io/python:$(inputs.params.PYTHON)
workingDir: $(workspaces.source.path)
script: |
export PATH=$PATH:$HOME/.local/bin
if [ -n "$(inputs.params.REQUIREMENTS_FILE)" ] && [ -e "$(inputs.params.REQUIREMENTS_FILE)" ];then
pip install -r $(inputs.params.SOURCE_PATH)/$(inputs.params.REQUIREMENTS_FILE)
pip show pytest || {
echo "###\nWarning: Pytest is missing in your requirements\n###";
pip install pytest
}
pip show coverage || {
echo "###\nWarning: Coverage is missing in your requirements\n###";
pip install coverage
}
else
pip install pytest coverage
fi
coverage run -m pytest $(inputs.params.ARGS) $(inputs.params.SOURCE_PATH)
coverage report -m

31
share/gitea-tekton-org/tekton.dev_v1beta1_Task_shellcheck.yaml
View File

@@ -1,31 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: shellcheck
labels:
app.kubernetes.io/version: "0.1"
annotations:
tekton.dev/pipelines.minVersion: "0.12.1"
tekton.dev/categories: Code Quality
tekton.dev/tags: linter
tekton.dev/displayName: "Shellcheck"
tekton.dev/platforms: "linux/amd64"
spec:
description: >-
This task can be used to perform lint check on Shell Script files
workspaces:
- name: shared-workspace
description: A workspace that contains the fetched git repository.
params:
- name: args
type: array
description: extra args needs to append
default: ["--help"]
steps:
- name: lint-shell
image: docker.io/koalaman/shellcheck:v0.7.1@sha256:ad95c140f7bf5cc66e50e19da7d72c398583ba24c5866ac32c882eb3ddc153ee #tag: v0.7.1
workingDir: $(workspaces.shared-workspace.path)
command:
- /bin/shellcheck
args:
- $(params.args)

158
share/gitea-tekton-org/tekton.dev_v1beta1_Task_sonarqube-scanner.yaml
View File

@@ -1,158 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: sonarqube-scanner
labels:
app.kubernetes.io/version: "0.4"
annotations:
tekton.dev/deprecated: "true"
tekton.dev/pipelines.minVersion: "0.17.0"
tekton.dev/categories: Security
tekton.dev/tags: security
tekton.dev/displayName: "sonarqube scanner"
tekton.dev/platforms: "linux/amd64"
spec:
description: >-
The following task can be used to perform static analysis on the source code
provided the SonarQube server is hosted
SonarQube is the leading tool for continuously inspecting the Code Quality and Security
of your codebases, all while empowering development teams. Analyze over 25 popular
programming languages including C#, VB.Net, JavaScript, TypeScript and C++. It detects
bugs, vulnerabilities and code smells across project branches and pull requests.
workspaces:
- name: source
description: "Workspace containing the code which needs to be scanned by SonarQube"
- name: sonar-settings
description: "Optional workspace where SonarQube properties can be mounted"
optional: true
- name: sonar-credentials
description: |
A workspace containing a login or password for use within sonarqube.
optional: true
params:
- name: SONAR_HOST_URL
description: SonarQube server URL
default: ""
- name: SONAR_PROJECT_KEY
description: Project's unique key
default: ""
- name: PROJECT_VERSION
description: "Version of the project. Default: 1.0"
default: "1.0"
- name: SOURCE_TO_SCAN
description: "Comma-separated paths to directories containing main source files"
default: "."
- name: SONAR_ORGANIZATION
description: "The organization in sonarqube where the project exists"
default: ""
- name: SONAR_SCANNER_IMAGE
description: "The sonarqube scanner CLI image which will run the scan"
default: "docker.io/sonarsource/sonar-scanner-cli:4.6@sha256:7a976330a8bad1beca6584c1c118e946e7a25fdc5b664d5c0a869a6577d81b4f"
- name: SONAR_LOGIN_KEY
description: Name of the file of the login within the sonarqube credentials workspace
default: "login"
- name: SONAR_PASSWORD_KEY
description: Name of the file of the password within the sonarqube credentials workspace
default: "password"
steps:
- name: sonar-properties-create
image: registry.access.redhat.com/ubi8/ubi-minimal:8.2
workingDir: $(workspaces.source.path)
env:
- name: SONAR_HOST_URL
value: $(params.SONAR_HOST_URL)
- name: SONAR_PROJECT_KEY
value: $(params.SONAR_PROJECT_KEY)
- name: PROJECT_VERSION
value: $(params.PROJECT_VERSION)
- name: SOURCE_TO_SCAN
value: $(params.SOURCE_TO_SCAN)
- name: SONAR_ORGANIZATION
value: $(params.SONAR_ORGANIZATION)
script: |
#!/usr/bin/env bash
replaceValues() {
filename=$1
thekey=$2
newvalue=$3
if ! grep -R "^[#]*\s*${thekey}=.*" $filename >/dev/null; then
echo "APPENDING because '${thekey}' not found"
echo "" >>$filename
echo "$thekey=$newvalue" >>$filename
else
echo "SETTING because '${thekey}' found already"
sed -ir "s|^[#]*\s*${thekey}=.*|$thekey=$newvalue|" $filename
fi
}
if [[ "$(workspaces.sonar-settings.bound)" == "true" ]]; then
if [[ -f $(workspaces.sonar-settings.path)/sonar-project.properties ]]; then
echo "using user provided sonar-project.properties file"
cp -RL $(workspaces.sonar-settings.path)/sonar-project.properties $(workspaces.source.path)/sonar-project.properties
fi
fi
if [[ -f $(workspaces.source.path)/sonar-project.properties ]]; then
if [[ -n "${SONAR_HOST_URL}" ]]; then
echo "replacing sonar host URL"
replaceValues $(workspaces.source.path)/sonar-project.properties sonar.host.url "${SONAR_HOST_URL}"
fi
if [[ -n "${SONAR_PROJECT_KEY}" ]]; then
echo "replacing sonar project key"
replaceValues $(workspaces.source.path)/sonar-project.properties sonar.projectKey "${SONAR_PROJECT_KEY}"
fi
echo "Values in sonar-project.properties file replaced successfully..."
else
echo "Creating sonar-project.properties file..."
touch sonar-project.properties
[[ -n "${SONAR_PROJECT_KEY}" ]] && {
echo "sonar.projectKey=${SONAR_PROJECT_KEY}" >> sonar-project.properties
} || {
echo "missing property SONAR_PROJECT_KEY"
exit 1
}
[[ -n "${SONAR_HOST_URL}" ]] && {
echo "sonar.host.url=${SONAR_HOST_URL}" >> sonar-project.properties
} || {
echo "missing property SONAR_HOST_URL"
exit 1
}
[[ -n "${PROJECT_VERSION}" ]] && {
echo "sonar.projectVersion=${PROJECT_VERSION}" >> sonar-project.properties
} || {
echo "missing property PROJECT_VERSION"
exit 1
}
[[ -n "${SONAR_ORGANIZATION}" ]] && {
echo "sonar.organization=${SONAR_ORGANIZATION}" >> sonar-project.properties
} || {
echo "missing property SONAR_ORGANIZATION"
exit 1
}
echo "sonar.sources=${SOURCE_TO_SCAN}" >> sonar-project.properties
echo "---------------------------"
cat $(workspaces.source.path)/sonar-project.properties
fi
if [[ "$(workspaces.sonar-credentials.bound)" == "true" ]]; then
if [[ -f $(workspaces.sonar-credentials.path)/$(params.SONAR_PASSWORD_KEY) ]]; then
SONAR_PASSWORD=`cat $(workspaces.sonar-credentials.path)/$(params.SONAR_PASSWORD_KEY)`
replaceValues $(workspaces.source.path)/sonar-project.properties sonar.password "${SONAR_PASSWORD}"
fi
if [[ -f $(workspaces.sonar-credentials.path)/$(params.SONAR_LOGIN_KEY) ]]; then
SONAR_LOGIN=`cat $(workspaces.sonar-credentials.path)/$(params.SONAR_LOGIN_KEY)`
replaceValues $(workspaces.source.path)/sonar-project.properties sonar.login "${SONAR_LOGIN}"
fi
fi
- name: sonar-scan
image: $(params.SONAR_SCANNER_IMAGE)
workingDir: $(workspaces.source.path)
command:
- sonar-scanner

31
share/gitea-tekton-org/tekton.dev_v1beta1_Task_yaml-lint.yaml
View File

@@ -1,31 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: yaml-lint
labels:
app.kubernetes.io/version: "0.1"
annotations:
tekton.dev/pipelines.minVersion: "0.12.1"
tekton.dev/categories: Code Quality
tekton.dev/tags: linter
tekton.dev/displayName: "YAML linter"
tekton.dev/platforms: "linux/amd64"
spec:
description: >-
This task can be used to perform lint check on YAML files
workspaces:
- name: shared-workspace
description: A workspace that contains the fetched git repository.
params:
- name: args
type: array
description: extra args needs to append
default: ["--help"]
steps:
- name: lint-yaml-files
image: docker.io/cytopia/yamllint:1.23@sha256:e9deea51bbdc35950cacf6594dab94100d9bbf5c987540b8874167d58e6bdce2 #tag: 1.23
workingDir: $(workspaces.shared-workspace.path)
command:
- yamllint
args:
- $(params.args)

18
share/organisation/ci-space.tf
View File

@@ -34,6 +34,24 @@ resource "kubectl_manifest" "tekton" {
EOF
}
resource "kubectl_manifest" "tasks" {
count = var.haveGitea && var.haveTekton?1:0
depends_on = [kubernetes_namespace_v1.ns-tekton]
yaml_body = <<-EOF
apiVersion: "vynil.solidite.fr/v1"
kind: "Install"
metadata:
name: "tasks-base"
namespace: "${var.domain}-ci-${var.instance}"
labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "share"
component: "tekton-tasks"
options: {}
EOF
}
resource "kubectl_manifest" "ci-ssh-creds" {
depends_on = [kubernetes_namespace_v1.ns-tekton]
count = var.haveGitea && var.haveTekton?1:0

1527
share/tekton-tasks/all_Task.tf Normal file
View File

File diff suppressed because it is too large Load Diff

22
share/tekton-tasks/index.yaml Normal file
View File

@@ -0,0 +1,22 @@
---
apiVersion: vinyl.solidite.fr/v1beta1
kind: Component
category: share
metadata:
name: tekton-tasks
description: Install base tekton-tasks
options: {}
dependencies:
- dist: null
category: workflow
component: tekton-pipelines
providers:
kubernetes: null
authentik: null
kubectl: true
postgresql: null
mysql: null
restapi: null
http: null
gitea: null
tfaddtype: null