initcron · February 6, 2025 05:37
diff --git a/gistfile1.txt b/gistfile1.txt
 apiVersion: argoproj.io/v1alpha1
 kind: Workflow
 metadata:
  generateName: vote-ci-
 spec:
  entrypoint: main
  arguments:
    parameters:
    - name: repo-url
      value: "https://github.com/xxxxxx/vote.git"
    - name: branch
      value: "main"
    - name: image
      value: "yyyyyy/vote"
    - name: dockerfile
      value: "Dockerfile"

  volumeClaimTemplates:
  - metadata:
      name: workspace
    spec:
      accessModes: ["ReadWriteOnce"]
      resources:
        requests:
          storage: 100Mi

  volumes:
  - name: docker-config
    secret:
      secretName: docker-registry-creds
      items:
        - key: .dockerconfigjson
          path: config.json
  - name: git-credentials
    secret:
      secretName: git-credentials
      items:
        - key: username
          path: git-credentials-username
        - key: password
          path: git-credentials-password
          
  templates:
  - name: main
    inputs:
      parameters:
      - name: repo-url
      - name: branch
      - name: image
      - name: dockerfile
    steps:
    - - name: clone
        template: clone
        arguments:
          parameters:
          - name: repo-url
            value: "{{inputs.parameters.repo-url}}"
          - name: branch
            value: "{{inputs.parameters.branch}}"
    - - name: build
        template: build
    - - name: test
        template: test
    - - name: imagebuild
        template: imagebuild
        arguments:
          parameters:
          - name: commit-sha
            value: "{{steps.clone.outputs.parameters.commit-sha}}"
          - name: image
            value: "{{inputs.parameters.image}}"
          - name: dockerfile
            value: "{{inputs.parameters.dockerfile}}"

  # Clone task
  - name: clone
    inputs:
      parameters:
      - name: repo-url
      - name: branch
    script:
      image: alpine/git
      command: [sh]
      source: |
        #!/bin/sh
        # Read credentials from secret
        GIT_USERNAME=$(cat /secrets/git-credentials-username)
        GIT_PASSWORD=$(cat /secrets/git-credentials-password)
        # Convert HTTPS repo URL to include credentials
        AUTHENTICATED_URL=$(echo "{{inputs.parameters.repo-url}}" | sed -e "s#https://#https://$GIT_USERNAME:$GIT_PASSWORD@#")
        git clone --branch {{inputs.parameters.branch}} $AUTHENTICATED_URL /workspace
        cd /workspace
        COMMIT_SHA=$(git rev-parse --short HEAD)
        echo $COMMIT_SHA > /workspace/commit-sha.txt
      volumeMounts:
      - name: workspace
        mountPath: /workspace
      - name: git-credentials
        mountPath: /secrets
        readOnly: true
    outputs:
      parameters:
      - name: commit-sha
        valueFrom:
          path: /workspace/commit-sha.txt

  # Build task
  - name: build
    script:
      image: python:3.9
      command: ["sh"]
      source: |
        #!/bin/sh
        cd /workspace
        pip install -r requirements.txt
      volumeMounts:
      - name: workspace
        mountPath: /workspace

  # Test task
  - name: test
    script:
      image: python:3.9
      command: ["sh"]
      source: |
        #!/bin/sh
        cd /workspace
        pip install nose
        nosetests
      volumeMounts:
      - name: workspace
        mountPath: /workspace

  # Image build and publish task using Kaniko
  - name: imagebuild
    inputs:
      parameters:
      - name: commit-sha
      - name: image
      - name: dockerfile
    container:
      image: gcr.io/kaniko-project/executor:latest
      command: ["/kaniko/executor"]
      args:
      - --dockerfile=/workspace/{{inputs.parameters.dockerfile}}
      - --context=/workspace
      - --destination={{inputs.parameters.image}}:{{inputs.parameters.commit-sha}}
      - --force
      volumeMounts:
      - name: workspace
        mountPath: /workspace
      - name: docker-config
        mountPath: /kaniko/.docker
      env:
      - name: DOCKER_CONFIG
        value: /kaniko/.docker
	apiVersion: argoproj.io/v1alpha1
	kind: Workflow
	metadata:
	generateName: vote-ci-
	spec:
	entrypoint: main
	arguments:
	parameters:
	- name: repo-url
	value: "https://github.com/xxxxxx/vote.git"
	- name: branch
	value: "main"
	- name: image
	value: "yyyyyy/vote"
	- name: dockerfile
	value: "Dockerfile"

	volumeClaimTemplates:
	- metadata:
	name: workspace
	spec:
	accessModes: ["ReadWriteOnce"]
	resources:
	requests:
	storage: 100Mi

	volumes:
	- name: docker-config
	secret:
	secretName: docker-registry-creds
	items:
	- key: .dockerconfigjson
	path: config.json
	- name: git-credentials
	secret:
	secretName: git-credentials
	items:
	- key: username
	path: git-credentials-username
	- key: password
	path: git-credentials-password

	templates:
	- name: main
	inputs:
	parameters:
	- name: repo-url
	- name: branch
	- name: image
	- name: dockerfile
	steps:
	- - name: clone
	template: clone
	arguments:
	parameters:
	- name: repo-url
	value: "{{inputs.parameters.repo-url}}"
	- name: branch
	value: "{{inputs.parameters.branch}}"
	- - name: build
	template: build
	- - name: test
	template: test
	- - name: imagebuild
	template: imagebuild
	arguments:
	parameters:
	- name: commit-sha
	value: "{{steps.clone.outputs.parameters.commit-sha}}"
	- name: image
	value: "{{inputs.parameters.image}}"
	- name: dockerfile
	value: "{{inputs.parameters.dockerfile}}"

	# Clone task
	- name: clone
	inputs:
	parameters:
	- name: repo-url
	- name: branch
	script:
	image: alpine/git
	command: [sh]
	source: \|
	#!/bin/sh
	# Read credentials from secret
	GIT_USERNAME=$(cat /secrets/git-credentials-username)
	GIT_PASSWORD=$(cat /secrets/git-credentials-password)
	# Convert HTTPS repo URL to include credentials
	AUTHENTICATED_URL=$(echo "{{inputs.parameters.repo-url}}" \| sed -e "s#https://#https://$GIT_USERNAME:$GIT_PASSWORD@#")
	git clone --branch {{inputs.parameters.branch}} $AUTHENTICATED_URL /workspace
	cd /workspace
	COMMIT_SHA=$(git rev-parse --short HEAD)
	echo $COMMIT_SHA > /workspace/commit-sha.txt
	volumeMounts:
	- name: workspace
	mountPath: /workspace
	- name: git-credentials
	mountPath: /secrets
	readOnly: true
	outputs:
	parameters:
	- name: commit-sha
	valueFrom:
	path: /workspace/commit-sha.txt

	# Build task
	- name: build
	script:
	image: python:3.9
	command: ["sh"]
	source: \|
	#!/bin/sh
	cd /workspace
	pip install -r requirements.txt
	volumeMounts:
	- name: workspace
	mountPath: /workspace

	# Test task
	- name: test
	script:
	image: python:3.9
	command: ["sh"]
	source: \|
	#!/bin/sh
	cd /workspace
	pip install nose
	nosetests
	volumeMounts:
	- name: workspace
	mountPath: /workspace

	# Image build and publish task using Kaniko
	- name: imagebuild
	inputs:
	parameters:
	- name: commit-sha
	- name: image
	- name: dockerfile
	container:
	image: gcr.io/kaniko-project/executor:latest
	command: ["/kaniko/executor"]
	args:
	- --dockerfile=/workspace/{{inputs.parameters.dockerfile}}
	- --context=/workspace
	- --destination={{inputs.parameters.image}}:{{inputs.parameters.commit-sha}}
	- --force
	volumeMounts:
	- name: workspace
	mountPath: /workspace
	- name: docker-config
	mountPath: /kaniko/.docker
	env:
	- name: DOCKER_CONFIG
	value: /kaniko/.docker