Created
January 14, 2021 22:51
-
-
Save arilivigni/9986e5b74cb31f1c78de588b37e7e6c3 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: tekton.dev/v1beta1 | |
| kind: Task | |
| metadata: | |
| name: extract-check-build-verify-push | |
| spec: | |
| workspaces: | |
| - name: source | |
| description: The image building will be done onto the volume backing this workspace | |
| params: | |
| - name: contextDir | |
| description: Path to dockerfile | |
| type: string | |
| default: . | |
| - name: dockerFile | |
| description: Dockerfile name | |
| type: string | |
| default: "Dockerfile" | |
| - name: sslVerify | |
| type: string | |
| description: tls verify | |
| default: "false" | |
| - name: imageRegistry | |
| type: string | |
| description: Image registry to push images to | |
| default: "image-registry.openshift-image-registry.svc:5000" | |
| - name: imageName | |
| type: string | |
| description: Image name | |
| default: "" | |
| - name: nameSpace | |
| type: string | |
| description: Cluster namespace to use for pipelines | |
| default: "app-sre-cicd" | |
| - name: remoteRegistry | |
| type: string | |
| description: Remote registry to push image to | |
| default: "quay.io" | |
| - name: remoteOrg | |
| type: string | |
| description: Remote registry organization or user registry namespace | |
| default: "arilivigni" | |
| steps: | |
| - name: extract-container-info | |
| image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:latest | |
| workingDir: $(workspaces.source.path) | |
| script: | | |
| #!/bin/sh | |
| set -e -o pipefail | |
| # set image name | |
| IMAGENAME=$(params.imageName) | |
| if [ "$IMAGENAME" == "" ]; then | |
| IMAGENAME=$( cat $(params.contextDir)/$(params.dockerFile) | grep -m1 "name=" | cut -d '"' -f 2 ) | |
| fi | |
| echo "$IMAGENAME" | tee $(workspaces.source.path)/IMAGENAME.txt | |
| # get git sha | |
| git rev-parse --verify --short HEAD | tee $(workspaces.source.path)/SHA.txt | |
| - name: check-image-tag | |
| image: quay.io/openshift/origin-cli:latest | |
| workingDir: $(workspaces.source.path) | |
| script: | | |
| IMAGENAME=$( cat $(workspaces.source.path)/IMAGENAME.txt ) | |
| GITSHA=$( cat $(workspaces.source.path)/SHA.txt ) | |
| oc get is/$IMAGENAME | grep -v NAME | awk '{print $3}' | sed 's/,*stable*,*//; s/,*latest*,*//' | tee > $(workspaces.source.path)/ISTAG.txt | |
| ISTAG=$( cat $(workspaces.source.path)/ISTAG.txt ) | |
| echo "Image Name: $IMAGENAME" | |
| echo "Git SHA: $GITSHA" | |
| echo "Image Stream SHA: $ISTAG" | |
| if [ "$GITSHA" == "$ISTAG" ]; then | |
| echo "The git sha and the local image stream tag match - $GITSHA = $ISTAG" | |
| touch $(workspaces.source.path)/MATCH | |
| fi | |
| - name: build-image | |
| image: quay.io/buildah/stable | |
| workingDir: $(workspaces.source.path) | |
| script: | | |
| #!/usr/bin/env bash | |
| set -e -o pipefail | |
| # check if local image stream tag already exists | |
| MATCHFILE="$(workspaces.source.path)/MATCH" | |
| if [ ! -f "$MATCHFILE" ]; then | |
| echo "Local image registry does not have the image stream tag...continuing" | |
| # unique id | |
| uuidgen | cut -d '-' -f 1 | tee $(workspaces.source.path)/UUID.txt | |
| IMAGENAME=$( cat $(workspaces.source.path)/IMAGENAME.txt ) | |
| GITSHA=$( cat $(workspaces.source.path)/SHA.txt ) | |
| ISTAG=$( cat $(workspaces.source.path)/ISTAG.txt ) | |
| echo "Image Name: $IMAGENAME" | |
| echo "Git SHA: $GITSHA" | |
| echo "Image Stream SHA: $ISTAG" | |
| # build image | |
| buildah bud --tls-verify=$(params.sslVerify) \ | |
| --layers \ | |
| -f $(params.contextDir)/$(params.dockerFile) \ | |
| -t $(params.imageRegistry)/$(params.nameSpace)/$IMAGENAME:$GITSHA . | |
| else | |
| echo "Local image registry contains the image stream tag...nothing to do" | |
| fi | |
| securityContext: | |
| privileged: true | |
| volumeMounts: | |
| - name: varlibcontainers | |
| mountPath: /var/lib/containers | |
| - name: push-image | |
| image: quay.io/buildah/stable | |
| workingDir: $(workspaces.source.path)/$(params.contextDir) | |
| script: | | |
| #!/usr/bin/env bash | |
| set -e -o pipefail | |
| # check if local image stream tag already exists | |
| MATCHFILE="$(workspaces.source.path)/MATCH" | |
| if [ ! -f "$MATCHFILE" ]; then | |
| IMAGENAME=$( cat $(workspaces.source.path)/IMAGENAME.txt ) | |
| GITSHA=$( cat $(workspaces.source.path)/SHA.txt ) | |
| ISTAG=$( cat $(workspaces.source.path)/ISTAG.txt ) | |
| echo "Image Name: $IMAGENAME" | |
| echo "Git SHA: $GITSHA" | |
| echo "Image Stream SHA: $ISTAG" | |
| # push image with with git SHA | |
| buildah push --tls-verify=$(params.sslVerify) \ | |
| $(params.imageRegistry)/$(params.nameSpace)/$IMAGENAME:$GITSHA \ | |
| docker://$(params.imageRegistry)/$(params.nameSpace)/$IMAGENAME:$GITSHA | |
| else | |
| echo "Local image registry contains the image stream tag...nothing to do" | |
| fi | |
| securityContext: | |
| privileged: true | |
| volumeMounts: | |
| - name: varlibcontainers | |
| mountPath: /var/lib/containers | |
| - name: tag-image | |
| image: quay.io/openshift/origin-cli:latest | |
| workingDir: $(workspaces.source.path) | |
| script: | | |
| # check if local image stream tag already exists | |
| MATCHFILE="$(workspaces.source.path)/MATCH" | |
| if [ ! -f "$MATCHFILE" ]; then | |
| IMAGENAME=$( cat $(workspaces.source.path)/IMAGENAME.txt ) | |
| GITSHA=$( cat $(workspaces.source.path)/SHA.txt ) | |
| ISTAG=$( cat $(workspaces.source.path)/ISTAG.txt ) | |
| echo "Image Name: $IMAGENAME" | |
| echo "Git SHA: $GITSHA" | |
| echo "Image Stream SHA: $ISTAG" | |
| oc tag $(params.nameSpace)/$IMAGENAME:$GITSHA $(params.nameSpace)/$IMAGENAME:latest | |
| else | |
| echo "Local image registry contains the image stream tag...nothing to do" | |
| fi | |
| securityContext: | |
| privileged: true | |
| volumeMounts: | |
| - name: varlibcontainers | |
| mountPath: /var/lib/containers | |
| - name: push-image-to-remote-reg | |
| env: | |
| - name: REGISTRY_AUTH_FILE | |
| value: /workspace/.docker/config.json | |
| image: quay.io/buildah/stable | |
| workingDir: $(workspaces.source.path)/$(params.contextDir) | |
| script: | | |
| #!/usr/bin/env bash | |
| set -e -o pipefail | |
| # check if local image stream tag already exists | |
| MATCHFILE="$(workspaces.source.path)/MATCH" | |
| if [ ! -f "$MATCHFILE" ]; then | |
| IMAGENAME=$( cat $(workspaces.source.path)/IMAGENAME.txt ) | |
| GITSHA=$( cat $(workspaces.source.path)/SHA.txt ) | |
| ISTAG=$( cat $(workspaces.source.path)/ISTAG.txt ) | |
| echo "Image Name: $IMAGENAME" | |
| echo "Git SHA: $GITSHA" | |
| echo "Image Stream SHA: $ISTAG" | |
| # pull down the local image we built and tagged | |
| buildah pull --tls-verify=$(params.sslVerify) \ | |
| docker://$(params.imageRegistry)/$(params.nameSpace)/$IMAGENAME:$GITSHA | |
| # push to remote registry and organization with GITSHA tag | |
| echo "" | |
| echo "Push $(params.imageRegistry)/$(params.nameSpace)/$IMAGENAME:$GITSHA to \ | |
| $(params.remoteRegistry)/$(params.remoteOrg)/$IMAGENAME:$GITSHA" | |
| echo "" | |
| buildah push --tls-verify=$(params.sslVerify) \ | |
| $(params.imageRegistry)/$(params.nameSpace)/$IMAGENAME:$GITSHA \ | |
| $(params.remoteRegistry)/$(params.remoteOrg)/$IMAGENAME:$GITSHA | |
| # push to remote registry and organization with latest tag | |
| echo "" | |
| echo "Push $(params.imageRegistry)/$(params.nameSpace)/$IMAGENAME:$GITSHA to \ | |
| $(params.remoteRegistry)/$(params.remoteOrg)/$IMAGENAME:latest" | |
| echo "" | |
| buildah push --tls-verify=$(params.sslVerify) \ | |
| $(params.imageRegistry)/$(params.nameSpace)/$IMAGENAME:$GITSHA \ | |
| $(params.remoteRegistry)/$(params.remoteOrg)/$IMAGENAME:latest | |
| else | |
| echo "Local image registry contains the image stream tag...nothing to do" | |
| fi | |
| securityContext: | |
| privileged: true | |
| volumeMounts: | |
| - name: varlibcontainers | |
| mountPath: /var/lib/containers | |
| - name: docker-secret | |
| mountPath: /workspace/.docker | |
| volumes: | |
| - name: varlibcontainers | |
| emptyDir: {} | |
| - name: docker-secret | |
| secret: | |
| secretName: regcreds | |
| items: | |
| - key: .dockerconfigjson | |
| path: config.json | |
| --- | |
| apiVersion: tekton.dev/v1beta1 | |
| kind: Task | |
| metadata: | |
| name: get-shared-workspace-info | |
| spec: | |
| workspaces: | |
| - name: source | |
| description: View files in the shared workspace used for the pipeline and underlying tasks | |
| steps: | |
| - name: cat-txt-files-workspace | |
| image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:latest | |
| workingDir: $(workspaces.source.path) | |
| script: | | |
| #!/bin/sh | |
| set -e -o pipefail | |
| ls $(workspaces.source.path)/*.txt | xargs -I{} cat {} | |
| --- | |
| apiVersion: tekton.dev/v1beta1 | |
| kind: Pipeline | |
| metadata: | |
| name: app-sre-build-push | |
| spec: | |
| description: | | |
| Use clustertask git-clone, build image, push image | |
| params: | |
| - name: repo-url | |
| type: string | |
| description: The git repository URL to clone from. | |
| - name: branch-name | |
| description: The git branch to clone. | |
| type: string | |
| default: "master" | |
| - name: context-dir | |
| description: The relative path to the Dockerfile | |
| type: string | |
| default: "." | |
| - name: docker-file | |
| description: The name of the Dockerfile | |
| type: string | |
| default: "Dockerfile" | |
| - name: tls-verify | |
| type: string | |
| description: tls verify | |
| default: "false" | |
| - name: image-registry | |
| type: string | |
| description: Image registry to push images to | |
| default: "image-registry.openshift-image-registry.svc:5000" | |
| - name: image-name | |
| type: string | |
| description: Image name | |
| default: "" | |
| - name: name-space | |
| type: string | |
| description: Cluster namespace to use for pipelines | |
| default: "" | |
| - name: remote-registry | |
| type: string | |
| description: Remote registry to push image to | |
| default: "" | |
| - name: remote-org | |
| type: string | |
| description: Remote registry organization or user registry namespace | |
| default: "" | |
| workspaces: | |
| - name: shared-data | |
| description: | | |
| This workspace will receive the cloned git repo and be passed | |
| to the next Task for verifying, building, and pushing files. | |
| tasks: | |
| - name: clone-repo | |
| taskRef: | |
| name: git-clone | |
| kind: ClusterTask | |
| workspaces: | |
| - name: output | |
| workspace: shared-data | |
| params: | |
| - name: url | |
| value: $(params.repo-url) | |
| - name: revision | |
| value: $(params.branch-name) | |
| - name: sslVerify | |
| value: $(params.tls-verify) | |
| - name: deleteExisting | |
| value: "true" | |
| - name: check-build-push | |
| runAfter: ["clone-repo"] # Wait until the clone-repo is complete | |
| taskRef: | |
| name: extract-check-build-verify-push | |
| workspaces: | |
| - name: source | |
| workspace: shared-data | |
| params: | |
| - name: contextDir | |
| value: $(params.context-dir) | |
| - name: dockerFile | |
| value: $(params.docker-file) | |
| - name: sslVerify | |
| value: $(params.tls-verify) | |
| - name: imageRegistry | |
| value: $(params.image-registry) | |
| - name: imageName | |
| value: $(params.image-name) | |
| - name: nameSpace | |
| value: $(params.name-space) | |
| - name: remoteRegistry | |
| value: $(params.remote-registry) | |
| - name: remoteOrg | |
| value: $(params.remote-org) | |
| - name: workspace-info | |
| runAfter: ["check-build-push"] # Wait until check-build-push task is complete | |
| taskRef: | |
| name: get-shared-workspace-info | |
| workspaces: | |
| - name: source | |
| workspace: shared-data | |
| --- | |
| apiVersion: tekton.dev/v1beta1 | |
| kind: PipelineRun | |
| metadata: | |
| generateName: clone-build-push- | |
| spec: | |
| pipelineRef: | |
| name: app-sre-build-push | |
| params: | |
| - name: repo-url | |
| value: "https://github.com/app-sre/qontract-reconcile.git" | |
| - name: context-dir | |
| value: "dockerfiles" | |
| - name: image-registry | |
| value: "image-registry.openshift-image-registry.svc:5000" | |
| - name: image-name | |
| value: "qontract-reconcile" | |
| - name: name-space | |
| value: "app-sre-cicd" | |
| - name: remote-registry | |
| value: "quay.io" | |
| - name: remote-org | |
| value: "arilivigni" | |
| workspaces: | |
| - name: shared-data | |
| persistentVolumeClaim: | |
| claimName: pipelines-task-pvc |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment