vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8944d1380ee9a193aadb4b03bed53f0f94369abe
domain/share/gitea-tekton-org/git_Task.tf
Sébastien Huss 8944d1380e fix
2024-06-01 15:08:02 +02:00

364 lines
15 KiB
HCL
Raw Blame History

resource "kubectl_manifest" "Task_git-version" {
yaml_body = <<-EOF
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: git-version
labels: ${jsonencode(local.common_labels)}
annotations:
tekton.dev/pipelines.minVersion: 0.12.0
tekton.dev/displayName: git version
tekton.dev/categories: Git
tekton.dev/tags: git
tekton.dev/platforms: linux/amd64
namespace: ${var.namespace}
ownerReferences: ${jsonencode(var.install_owner)}
spec:
description: This task can be used to create a version from git history
params:
- name: gitversion-image
default: gittools/gitversion:6.0.0-alpine.3.18-7.0
description: The name of the toolbox image
type: string
- name: branch
type: string
results:
- description: The calculated git version you could use for git tagging e.g. "0.1.0-tektonize.1-188"
name: gitVersion
- description: A normalized version for use in container images e.g. "0.1.0-tektonize.1-188"
name: packageVersion
- name: shortSHA
steps:
- name: set-git-version
image: $(params.gitversion-image)
workingDir: $(workspaces.source.path)
script: |-
#!/usr/bin/env ash
git switch $(params.branch)
ShortSha=$(/tools/dotnet-gitversion . /showvariable ShortSha)
echo -n "ShortSha: "
echo -n "$${ShortSha}" | tee $(results.shortSHA.path)
echo
FullSemVer=$(/tools/dotnet-gitversion . /showvariable FullSemVer)
echo "FullSemVer: "
echo -n "$${FullSemVer}" | tee $(results.gitVersion.path)
echo
# normalize a bit because
# image tags can only contain `abcdefghijklmnopqrstuvwxyz0123456789_-.ABCDEFGHIJKLMNOPQRSTUVWXYZ`
packageVersion=$(echo -n $FullSemVer | sed 's/[^-._0-9A-Za-z]/-/g'|sed 's/-/-beta./')
echo -n "packageVersion: "
echo -n "$${packageVersion}" | tee $(results.packageVersion.path)
workspaces:
- name: source
description: A workspace that contains the fetched git repository to create a version for.
EOF
}
resource "kubectl_manifest" "Task_generate-build-id" {
yaml_body = <<-EOF
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: generate-build-id
labels: ${jsonencode(local.common_labels)}
annotations:
tekton.dev/pipelines.minVersion: 0.12.1
tekton.dev/categories: Build Tools
tekton.dev/tags: build-tool
tekton.dev/displayName: buildid
tekton.dev/platforms: linux/amd64,linux/s390x,linux/ppc64le,linux/arm64
namespace: ${var.namespace}
ownerReferences: ${jsonencode(var.install_owner)}
spec:
description: Given a base version, this task generates a unique build id by appending the base-version to the current timestamp.
params:
- name: toolbox-image
default: sebt3/basic-toolbox-image:1.29.4
description: The name of the toolbox image
type: string
- name: branch
type: string
results:
- name: timestamp
description: Current timestamp
- name: commitcount
description: Current commitcount
- name: build-id
description: Current commitcount
steps:
- name: get-build-id
image: $(params.toolbox-image)
workingDir: $(workspaces.source.path)
script: |
#!/usr/bin/env bash
git config --global --add safe.directory /workspace/source
ts=`date "+%Y%m%d-%H%M%S"`
t2=`date "+%Y%m%d.%H%M%S"`
cc=`git rev-list --count HEAD`
buildId="$(params.branch)-$${cc}.$${t2}"
echo -n "Current Timestamp: "
echo -n $${ts} | tee $(results.timestamp.path)
echo -ne "\nCommit Count: "
echo -n $${cc} | tee $(results.commitcount.path)
echo -ne "\nBuild ID: "
echo -n $${buildId} | tee $(results.build-id.path)
workspaces:
- name: source
description: A workspace that contains the fetched git repository to create a version for.
EOF
}
resource "kubectl_manifest" "Task_git-clone" {
yaml_body = <<-EOF
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: git-clone
labels: ${jsonencode(local.common_labels)}
annotations:
tekton.dev/pipelines.minVersion: 0.38.0
tekton.dev/categories: Git
tekton.dev/tags: git
tekton.dev/displayName: git clone
tekton.dev/platforms: linux/amd64,linux/s390x,linux/ppc64le,linux/arm64
namespace: ${var.namespace}
ownerReferences: ${jsonencode(var.install_owner)}
spec:
description: |-
These Tasks are Git tasks to work with repositories used by other tasks in your Pipeline.
The git-clone Task will clone a repo from the provided url into the output Workspace. By default the repo will be cloned into the root of your Workspace. You can clone into a subdirectory by setting this Task's subdirectory param. This Task also supports sparse checkouts. To perform a sparse checkout, pass a list of comma separated directory patterns to this Task's sparseCheckoutDirectories param.
workspaces:
- name: output
description: The git repo will be cloned onto the volume backing this Workspace.
- name: ssh-directory
optional: true
description: |
A .ssh directory with private key, known_hosts, config, etc. Copied to
the user's home before git commands are executed. Used to authenticate
with the git remote when performing the clone. Binding a Secret to this
Workspace is strongly recommended over other volume types.
- name: basic-auth
optional: true
description: |
A Workspace containing a .gitconfig and .git-credentials file. These
will be copied to the user's home before any git commands are run. Any
other files in this Workspace are ignored. It is strongly recommended
to use ssh-directory over basic-auth whenever possible and to bind a
Secret to this Workspace over other volume types.
- name: ssl-ca-directory
optional: true
description: |
A workspace containing CA certificates, this will be used by Git to
verify the peer with when fetching or pushing over HTTPS.
params:
- name: toolbox-image
default: sebt3/basic-toolbox-image:1.29.4
description: The name of the toolbox image
type: string
- name: url
description: Repository URL to clone from.
type: string
- name: revision
description: Revision to checkout. (branch, tag, sha, ref, etc...)
type: string
default: ''
- name: refspec
description: Refspec to fetch before checking out revision.
default: ''
- name: submodules
description: Initialize and fetch git submodules.
type: string
default: 'true'
- name: depth
description: Perform a shallow clone, fetching only the most recent N commits.
type: string
default: '1'
- name: sslVerify
description: Set the `http.sslVerify` global git config. Setting this to `false` is not advised unless you are sure that you trust your git remote.
type: string
default: 'true'
- name: crtFileName
description: file name of mounted crt using ssl-ca-directory workspace. default value is ca-bundle.crt.
type: string
default: ca-bundle.crt
- name: subdirectory
description: Subdirectory inside the `output` Workspace to clone the repo into.
type: string
default: ''
- name: sparseCheckoutDirectories
description: Define the directory patterns to match or exclude when performing a sparse checkout.
type: string
default: ''
- name: deleteExisting
description: Clean out the contents of the destination directory if it already exists before cloning.
type: string
default: 'true'
- name: httpProxy
description: HTTP proxy server for non-SSL requests.
type: string
default: ''
- name: httpsProxy
description: HTTPS proxy server for SSL requests.
type: string
default: ''
- name: noProxy
description: Opt out of proxying HTTP/HTTPS requests.
type: string
default: ''
- name: verbose
description: Log the commands that are executed during `git-clone`'s operation.
type: string
default: 'true'
- name: userHome
description: |
Absolute path to the user's home directory.
type: string
default: /home/git
results:
- name: commit
description: The precise commit SHA that was fetched by this Task.
- name: url
description: The precise URL that was fetched by this Task.
- name: committer-date
description: The epoch timestamp of the commit that was fetched by this Task.
volumes:
- name: home
emptyDir: {}
steps:
- name: clone
image: $(params.toolbox-image)
env:
- name: HOME
value: $(params.userHome)
- name: PARAM_URL
value: $(params.url)
- name: PARAM_REVISION
value: $(params.revision)
- name: PARAM_REFSPEC
value: $(params.refspec)
- name: PARAM_SUBMODULES
value: $(params.submodules)
- name: PARAM_DEPTH
value: $(params.depth)
- name: PARAM_SSL_VERIFY
value: $(params.sslVerify)
- name: PARAM_CRT_FILENAME
value: $(params.crtFileName)
- name: PARAM_SUBDIRECTORY
value: $(params.subdirectory)
- name: PARAM_DELETE_EXISTING
value: $(params.deleteExisting)
- name: PARAM_HTTP_PROXY
value: $(params.httpProxy)
- name: PARAM_HTTPS_PROXY
value: $(params.httpsProxy)
- name: PARAM_NO_PROXY
value: $(params.noProxy)
- name: PARAM_VERBOSE
value: $(params.verbose)
- name: PARAM_SPARSE_CHECKOUT_DIRECTORIES
value: $(params.sparseCheckoutDirectories)
- name: PARAM_USER_HOME
value: $(params.userHome)
- name: WORKSPACE_OUTPUT_PATH
value: $(workspaces.output.path)
- name: WORKSPACE_SSH_DIRECTORY_BOUND
value: $(workspaces.ssh-directory.bound)
- name: WORKSPACE_SSH_DIRECTORY_PATH
value: $(workspaces.ssh-directory.path)
- name: WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND
value: $(workspaces.basic-auth.bound)
- name: WORKSPACE_BASIC_AUTH_DIRECTORY_PATH
value: $(workspaces.basic-auth.path)
- name: WORKSPACE_SSL_CA_DIRECTORY_BOUND
value: $(workspaces.ssl-ca-directory.bound)
- name: WORKSPACE_SSL_CA_DIRECTORY_PATH
value: $(workspaces.ssl-ca-directory.path)
securityContext:
runAsNonRoot: true
runAsUser: 65532
volumeMounts:
- mountPath: $(params.userHome)
name: home
script: |-
#!/usr/bin/env sh
set -eu
if [ "$${PARAM_VERBOSE}" = "true" ] ; then
set -x
fi
if [ "$${WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND}" = "true" ] ; then
cp "$${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials" "$${PARAM_USER_HOME}/.git-credentials"
cp "$${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig" "$${PARAM_USER_HOME}/.gitconfig"
chmod 400 "$${PARAM_USER_HOME}/.git-credentials"
chmod 400 "$${PARAM_USER_HOME}/.gitconfig"
fi
if [ "$${WORKSPACE_SSH_DIRECTORY_BOUND}" = "true" ] ; then
cp -R "$${WORKSPACE_SSH_DIRECTORY_PATH}" "$${PARAM_USER_HOME}"/.ssh
chmod 700 "$${PARAM_USER_HOME}"/.ssh
chmod -R 400 "$${PARAM_USER_HOME}"/.ssh/*
fi
if [ "$${WORKSPACE_SSL_CA_DIRECTORY_BOUND}" = "true" ] ; then
export GIT_SSL_CAPATH="$${WORKSPACE_SSL_CA_DIRECTORY_PATH}"
if [ "$${PARAM_CRT_FILENAME}" != "" ] ; then
export GIT_SSL_CAINFO="$${WORKSPACE_SSL_CA_DIRECTORY_PATH}/$${PARAM_CRT_FILENAME}"
fi
fi
CHECKOUT_DIR="$${WORKSPACE_OUTPUT_PATH}/$${PARAM_SUBDIRECTORY}"
cleandir() {
# Delete any existing contents of the repo directory if it exists.
#
# We don't just "rm -rf $${CHECKOUT_DIR}" because $${CHECKOUT_DIR} might be "/"
# or the root of a mounted volume.
if [ -d "$${CHECKOUT_DIR}" ] ; then
# Delete non-hidden files and directories
rm -rf "$${CHECKOUT_DIR:?}"/*
# Delete files and directories starting with . but excluding ..
rm -rf "$${CHECKOUT_DIR}"/.[!.]*
# Delete files and directories starting with .. plus any other character
rm -rf "$${CHECKOUT_DIR}"/..?*
fi
}
if [ "$${PARAM_DELETE_EXISTING}" = "true" ] ; then
cleandir || true
fi
test -z "$${PARAM_HTTP_PROXY}" || export HTTP_PROXY="$${PARAM_HTTP_PROXY}"
test -z "$${PARAM_HTTPS_PROXY}" || export HTTPS_PROXY="$${PARAM_HTTPS_PROXY}"
test -z "$${PARAM_NO_PROXY}" || export NO_PROXY="$${PARAM_NO_PROXY}"
FETCH_CMD=""
if [ $PARAM_DEPTH -gt 0 ];then
FETCH_CMD="$${FETCH_CMD} --depth $PARAM_DEPTH"
fi
git config --global --add safe.directory "$${WORKSPACE_OUTPUT_PATH}"
git config --global --add http.sslVerify "$${PARAM_SSL_VERIFY}"
cd "$${CHECKOUT_DIR}"
git init
if [ "$${PARAM_SPARSE_CHECKOUT_DIRECTORIES}" != "" ];then
git config --global --add core.sparsecheckout true
mkdir -p .git/info/
echo "$${PARAM_SPARSE_CHECKOUT_DIRECTORIES}"|sed 's/,/\n/'>.git/info/sparse-checkout
chmod 644 .git/info/sparse-checkout
fi
git remote add origin "$${PARAM_URL}"
git fetch "--recurse-submodules=$${PARAM_SUBMODULES}" $FETCH_CMD origin --update-head-ok --force
git reset --hard "$${PARAM_REVISION}"
cd "$${CHECKOUT_DIR}"
RESULT_SHA="$(git rev-parse HEAD)"
EXIT_CODE="$?"
if [ "$${EXIT_CODE}" != 0 ] ; then
exit "$${EXIT_CODE}"
fi
RESULT_COMMITTER_DATE="$(git log -1 --pretty=%ct)"
printf "%s" "$${RESULT_COMMITTER_DATE}" > "$(results.committer-date.path)"
printf "%s" "$${RESULT_SHA}" > "$(results.commit.path)"
printf "%s" "$${PARAM_URL}" > "$(results.url.path)"
EOF
}
Reference in New Issue View Git Blame Copy Permalink