init

tasks/git-clone-checkout/task.yaml

@@ -1,228 +1,99 @@
-apiVersion: tekton.dev/v1beta1
+apiVersion: tekton.dev/v1
 kind: Task
 metadata:
   name: git-clone-checkout
-  labels:
+  namespace: tekton-pipelines
-    app.kubernetes.io/version: "0.4"
-  annotations:
-    tekton.dev/pipelines.minVersion: "0.21.0"
-    tekton.dev/categories: git
-    tekton.dev/tags: git
-    tekton.dev/displayName: "git-clone-checkout"
-    tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le"
 spec:
-  description: >-
-    This task can be used to perform git operations.
-
-    git command that needs to be run can be passed as a script to
-    the task.
-
   workspaces:
     - name: output
-      description: The git repo will be cloned onto the volume backing this Workspace.
     - name: ssh-directory
       optional: true
-      description: |
-        A .ssh directory with private key, known_hosts, config, etc. Copied to
-        the user's home before git commands are executed. Used to authenticate
-        with the git remote when performing the clone. Binding a Secret to this
-        Workspace is strongly recommended over other volume types.
     - name: basic-auth
       optional: true
-      description: |
-        A Workspace containing a .gitconfig and .git-credentials file. These
-        will be copied to the user's home before any git commands are run. Any
-        other files in this Workspace are ignored. It is strongly recommended
-        to use ssh-directory over basic-auth whenever possible and to bind a
-        Secret to this Workspace over other volume types.
     - name: ssl-ca-directory
       optional: true
-      description: |
-        A workspace containing CA certificates, this will be used by Git to
-        verify the peer with when fetching or pushing over HTTPS.
-  
   params:
     - name: repo-url
-      description: Repository URL to clone from.
       type: string
     - name: revision
-      description: Revision to checkout. (branch, tag, sha, ref, etc...)
       type: string
+      default: ""
+    - name: verbose
+      type: string
+      default: "true"
     - name: gitInitImage
-      description: The image providing the git-init binary that this Task runs.
       type: string
       default: "alpine/git:latest"
     - name: userHome
-      description: |
-        Absolute path to the user's home directory.
       type: string
       default: "/home/git"
-
+  results:
-
+    - name: commit
-
+    - name: url
+    - name: committer-date
   steps:
+
     - name: clone-checkout
-      image: $(params.gitInitImage)
+      image: "$(params.gitInitImage)"
-      workingDir: $(workspaces.output.path)
+      env:
+        - name: HOME
+          value: "$(params.userHome)"
+        - name: PARAM_URL
+          value: $(params.repo-url)
+        - name: PARAM_REVISION
+          value: $(params.revision)
+        - name: PARAM_VERBOSE
+          value: $(params.verbose)
+        - name: PARAM_USER_HOME
+          value: $(params.userHome)
+        - name: WORKSPACE_OUTPUT_PATH
+          value: $(workspaces.output.path)
+        - name: WORKSPACE_SSH_DIRECTORY_BOUND
+          value: $(workspaces.ssh-directory.bound)
+        - name: WORKSPACE_SSH_DIRECTORY_PATH
+          value: $(workspaces.ssh-directory.path)
+        - name: WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND
+          value: $(workspaces.basic-auth.bound)
+        - name: WORKSPACE_BASIC_AUTH_DIRECTORY_PATH
+          value: $(workspaces.basic-auth.path)
+        - name: WORKSPACE_SSL_CA_DIRECTORY_BOUND
+          value: $(workspaces.ssl-ca-directory.bound)
+        - name: WORKSPACE_SSL_CA_DIRECTORY_PATH
+          value: $(workspaces.ssl-ca-directory.path)
       script: |
         #!/usr/bin/env sh
         set -eu
 
-      securityContext:
+        if [ "${PARAM_VERBOSE}" = "true" ]; then
-        allowPrivilegeEscalation: false
+          set -x
-        capabilities:
+        fi
-          drop:
-          - "ALL"
-        runAsUser: 65532
-        runAsGroup: 65532
-        runAsNonRoot: true
-        seccompProfile:
-          type: RuntimeDefault
 
+        if [ "${WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND}" = "true" ]; then
+          cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials" "${PARAM_USER_HOME}/.git-credentials"
+          cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig" "${PARAM_USER_HOME}/.gitconfig"
+          chmod 400 "${PARAM_USER_HOME}/.git-credentials"
+          chmod 400 "${PARAM_USER_HOME}/.gitconfig"
+        fi
 
+        if [ "${WORKSPACE_SSH_DIRECTORY_BOUND}" = "true" ]; then
+          cp -R "${WORKSPACE_SSH_DIRECTORY_PATH}" "${PARAM_USER_HOME}/.ssh"
+          chmod 700 "${PARAM_USER_HOME}/.ssh"
+          chmod -R 400 "${PARAM_USER_HOME}/.ssh"/*
+        fi
 
-# apiVersion: tekton.dev/v1
+        if [ "${WORKSPACE_SSL_CA_DIRECTORY_BOUND}" = "true" ]; then
-# kind: Task
+          export GIT_SSL_CAPATH="${WORKSPACE_SSL_CA_DIRECTORY_PATH}"
-# metadata:
+        fi
-#   name: git-clone-checkout
-#   labels:
-#     app.kubernetes.io/version: "0.9"
-#   annotations:
-#     tekton.dev/pipelines.minVersion: "0.38.0"
-#     tekton.dev/categories: Git
-#     tekton.dev/tags: git
-#     tekton.dev/displayName: "git clone & checkout"
-#     tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64"
-# spec:
-#   description: >-
-#     These Tasks are Git tasks to work with repositories used by other tasks
-#     in your Pipeline.
 
-#     The git-clone-checkout Task will clone a repo from the provided url into the
+        git config --global --add safe.directory "${WORKSPACE_OUTPUT_PATH}"
-#     output Workspace. By default the repo will be cloned into the root of
+        cd "${WORKSPACE_OUTPUT_PATH}"
-#     your Workspace. You can clone into a subdirectory by setting this Task's
-#     subdirectory param. This Task also supports sparse checkouts. To perform
-#     a sparse checkout, pass a list of comma separated directory patterns to
-#     this Task's sparseCheckoutDirectories param.
-#   workspaces:
-#     - name: output
-#       description: The git repo will be cloned onto the volume backing this Workspace.
-#     - name: ssh-directory
-#       optional: true
-#       description: |
-#         A .ssh directory with private key, known_hosts, config, etc. Copied to
-#         the user's home before git commands are executed. Used to authenticate
-#         with the git remote when performing the clone. Binding a Secret to this
-#         Workspace is strongly recommended over other volume types.
-#     - name: basic-auth
-#       optional: true
-#       description: |
-#         A Workspace containing a .gitconfig and .git-credentials file. These
-#         will be copied to the user's home before any git commands are run. Any
-#         other files in this Workspace are ignored. It is strongly recommended
-#         to use ssh-directory over basic-auth whenever possible and to bind a
-#         Secret to this Workspace over other volume types.
-#     - name: ssl-ca-directory
-#       optional: true
-#       description: |
-#         A workspace containing CA certificates, this will be used by Git to
-#         verify the peer with when fetching or pushing over HTTPS.
-#   params:
-#     - name: repo-url
-#       description: Repository URL to clone from.
-#       type: string
-#     - name: revision
-#       description: Revision to checkout. (branch, tag, sha, ref, etc...)
-#       type: string
-#       default: ""
-#     - name: verbose
-#       description: Log the commands that are executed during `git-clone-checkout`'s operation.
-#       type: string
-#       default: "true"
-#     - name: gitInitImage
-#       description: The image providing the git-init binary that this Task runs.
-#       type: string
-#       default: "alpine/git:latest"
-#     - name: userHome
-#       description: |
-#         Absolute path to the user's home directory.
-#       type: string
-#       default: "/home/git"
-#   results:
-#     - name: commit
-#       description: The precise commit SHA that was fetched by this Task.
-#     - name: url
-#       description: The precise URL that was fetched by this Task.
-#     - name: committer-date
-#       description: The epoch timestamp of the commit that was fetched by this Task.
-#   steps:
-#     - name: clone-checkout
-#       image: "$(params.gitInitImage)"
-#       env:
-#         - name: HOME
-#           value: "$(params.userHome)"
-#         - name: PARAM_URL
-#           value: $(params.repo-url)
-#         - name: PARAM_REVISION
-#           value: $(params.revision)
-#         - name: PARAM_VERBOSE
-#           value: $(params.verbose)
-#         - name: PARAM_USER_HOME
-#           value: $(params.userHome)
-#         - name: WORKSPACE_OUTPUT_PATH
-#           value: $(workspaces.output.path)
-#         - name: WORKSPACE_SSH_DIRECTORY_BOUND
-#           value: $(workspaces.ssh-directory.bound)
-#         - name: WORKSPACE_SSH_DIRECTORY_PATH
-#           value: $(workspaces.ssh-directory.path)
-#         - name: WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND
-#           value: $(workspaces.basic-auth.bound)
-#         - name: WORKSPACE_BASIC_AUTH_DIRECTORY_PATH
-#           value: $(workspaces.basic-auth.path)
-#         - name: WORKSPACE_SSL_CA_DIRECTORY_BOUND
-#           value: $(workspaces.ssl-ca-directory.bound)
-#         - name: WORKSPACE_SSL_CA_DIRECTORY_PATH
-#           value: $(workspaces.ssl-ca-directory.path)
-#       script: |
-#         #!/usr/bin/env sh
-#         set -eu
 
-#         if [ "${PARAM_VERBOSE}" = "true" ] ; then
+        git clone "${PARAM_URL}" .
-#           set -x
+        git checkout "${PARAM_REVISION}"
-#         fi
 
-#         if [ "${WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND}" = "true" ] ; then
+        RESULT_SHA="$(git rev-parse HEAD)"
-#           cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials" "${PARAM_USER_HOME}/.git-credentials"
+        RESULT_COMMITTER_DATE="$(git log -1 --pretty=%ct)"
-#           cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig" "${PARAM_USER_HOME}/.gitconfig"
-#           chmod 400 "${PARAM_USER_HOME}/.git-credentials"
-#           chmod 400 "${PARAM_USER_HOME}/.gitconfig"
-#         fi
 
-#         if [ "${WORKSPACE_SSH_DIRECTORY_BOUND}" = "true" ] ; then
+        printf "%s" "${RESULT_COMMITTER_DATE}" > "$(results.committer-date.path)"
-#           cp -R "${WORKSPACE_SSH_DIRECTORY_PATH}" "${PARAM_USER_HOME}"/.ssh
+        printf "%s" "${RESULT_SHA}" > "$(results.commit.path)"
-#           chmod 700 "${PARAM_USER_HOME}"/.ssh
+        printf "%s" "${PARAM_URL}" > "$(results.url.path)"
-#           chmod -R 400 "${PARAM_USER_HOME}"/.ssh/*
-#         fi
-
-#         if [ "${WORKSPACE_SSL_CA_DIRECTORY_BOUND}" = "true" ] ; then
-#            export GIT_SSL_CAPATH="${WORKSPACE_SSL_CA_DIRECTORY_PATH}"
-#            if [ "${PARAM_CRT_FILENAME}" != "" ] ; then
-#               export GIT_SSL_CAINFO="${WORKSPACE_SSL_CA_DIRECTORY_PATH}/${PARAM_CRT_FILENAME}"
-#            fi
-#         fi
-
-#         git config --global --add safe.directory "${WORKSPACE_OUTPUT_PATH}"
-#         cd "${WORKSPACE_OUTPUT_PATH}"
-
-#         git clone "${PARAM_URL}" .
-#         git checkout "${PARAM_REVISION}"
-
-#         RESULT_SHA="$(git rev-parse HEAD)"
-#         EXIT_CODE="$?"
-#         if [ "${EXIT_CODE}" != 0 ] ; then
-#           exit "${EXIT_CODE}"
-#         fi
-#         RESULT_COMMITTER_DATE="$(git log -1 --pretty=%ct)"
-#         printf "%s" "${RESULT_COMMITTER_DATE}" > "$(results.committer-date.path)"
-#         printf "%s" "${RESULT_SHA}" > "$(results.commit.path)"
-#         printf "%s" "${PARAM_URL}" > "$(results.url.path)"