init

tasks/docker-registry/task.yaml

@@ -0,0 +1,91 @@
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: docker-registry
+spec:
+  params:
+    - name: subdirectory
+      type: string
+      description: Subdirectory within the repo where the source code is located
+      default: ""
+
+    - name: imageName
+      description: Base image name with registry (e.g. registry.unbox-x.net/unbox-x-aisi-cron-app)
+      type: string
+
+    - name: tag
+      description: Version tag to apply to the image (e.g. v0.2.0)
+      type: string
+
+    - name: dockerfile
+      description: Path to Dockerfile
+      type: string
+      default: ./Dockerfile
+
+    - name: context
+      description: Build context path
+      type: string
+      default: .
+
+  workspaces:
+    - name: source
+      description: Source code workspace
+
+    - name: docker-auth
+      description: Docker registry credentials (username + password)
+
+  results:
+    - name: imageUrl
+      description: Final pushed image URL with tag (e.g. registry/app:v0.2.0)
+
+  steps:
+    - name: build-and-push
+      image: alpine:3.18
+      workingDir: /workspace/source
+      env:
+        - name: DOCKER_CONFIG
+          value: /tekton/home/.docker/
+      script: |
+        #!/bin/sh
+        set -e
+
+        if [ -n "$(params.subdirectory)" ]; then
+          cd "$(params.subdirectory)"
+        fi
+
+        cd "$(params.context)"
+
+        IMAGE="$(params.imageName):$(params.tag)"
+        echo "📦 Using image: $IMAGE"
+        echo -n "$IMAGE" > /tekton/results/imageUrl
+
+        echo "🔐 Loading Docker credentials..."
+        USERNAME=$(cat /workspace/docker-auth/username)
+        PASSWORD=$(cat /workspace/docker-auth/password)
+        REGISTRY=$(echo "$IMAGE" | cut -d/ -f1)
+
+        echo "📝 Writing Docker config for $REGISTRY"
+        mkdir -p /tekton/home/.docker
+        cat > /tekton/home/.docker/config.json <<EOF
+        {
+          "auths": {
+            "$REGISTRY": {
+              "username": "$USERNAME",
+              "password": "$PASSWORD",
+              "auth": "$(echo -n "$USERNAME:$PASSWORD" | base64)"
+            }
+          }
+        }
+        EOF
+
+        echo "📥 Installing Kaniko executor..."
+        wget -q -O /kaniko.tar.gz https://github.com/GoogleContainerTools/kaniko/releases/download/v1.17.0/executor-linux-amd64.tar.gz
+        tar -xzf /kaniko.tar.gz -C /usr/local/bin
+        chmod +x /usr/local/bin/executor
+
+        echo "🚀 Building and pushing image with Kaniko..."
+        executor \
+          --dockerfile=$(params.dockerfile) \
+          --context="$(params.context)" \
+          --destination="$IMAGE" \
+          --skip-tls-verify

tasks/gitops-repository/task.yaml

@@ -0,0 +1,102 @@
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: gitops-repository
+spec:
+  params:
+    - name: repositoryUrl
+      type: string
+      description: |
+        Source repository URL (used to derive GitOps repo) 
+        (e.g. git@github.com:org/app.git)
+        (e.g. https://github.com/org/app.git)
+
+    - name: branch
+      type: string
+      default: main
+      description: Branch to push to
+
+    - name: imageUrl
+      type: string
+      description: Full image URL (e.g. registry.com/app:v0.2.0)
+
+    - name: kustomizationPath
+      type: string
+      default: overlays/staging/kustomization.yaml
+      description: Relative path to file to update
+
+    - name: commitMessage
+      type: string
+      default: "chore(gitops): update image tag"
+      description: Commit message to use
+
+  workspaces:
+    - name: ssh-directory
+      optional: true
+      description: |
+        A .ssh directory with private key, known_hosts, config, etc.
+        Copied to the user's home before git commands are executed.
+
+    - name: basic-auth
+      optional: true
+      description: |
+        A Workspace containing a .gitconfig and .git-credentials file.
+
+    - name: ssl-ca-directory
+      optional: true
+      description: |
+        A workspace containing CA certificates, used by Git for SSL verification.
+
+  steps:
+    - name: clone-update-push
+      image: alpine/git
+      env:
+        - name: HOME
+          value: /tekton/home
+      script: |
+        #!/bin/sh
+        set -e
+
+        echo "🔐 Git 인증 설정 중..."
+        mkdir -p /tekton/home
+        if [ -d /workspace/ssh-directory ]; then
+          mkdir -p /tekton/home/.ssh
+          cp -R /workspace/ssh-directory/* /tekton/home/.ssh/
+          chmod 700 /tekton/home/.ssh
+        fi
+        if [ -d /workspace/basic-auth ]; then
+          cp /workspace/basic-auth/.gitconfig /tekton/home/.gitconfig || true
+          cp /workspace/basic-auth/.git-credentials /tekton/home/.git-credentials || true
+        fi
+        if [ -d /workspace/ssl-ca-directory ]; then
+          export GIT_SSL_CAINFO="/workspace/ssl-ca-directory/ca.crt"
+        fi
+
+        echo "🔧 GitOps 저장소 URL 자동 변환"
+        SOURCE_REPO="$(params.repositoryUrl)"
+        GITOPS_REPO=$(echo "$SOURCE_REPO" | sed 's/\.git$/-ops.git/')
+        echo "🧩 Cloning GitOps repo: $GITOPS_REPO"
+
+        TMP_DIR="/tmp/gitops"
+        rm -rf "$TMP_DIR"
+        git clone --branch "$(params.branch)" "$GITOPS_REPO" "$TMP_DIR"
+        cd "$TMP_DIR"
+
+        echo "🔍 Updating image tag in: $(params.kustomizationPath)"
+        IMAGE_FULL="$(params.imageUrl)"
+        NAME=$(echo "$IMAGE_FULL" | cut -d: -f1)
+        TAG=$(echo "$IMAGE_FULL" | cut -d: -f2)
+        sed -i "s|\(name: $NAME\s*newTag: \).*|\1$TAG|" "$(params.kustomizationPath)" || {
+          echo "❌ Failed to patch tag"
+          exit 1
+        }
+
+        echo "✅ Committing & pushing changes"
+        git config user.name "tekton-ci"
+        git config user.email "ci@example.com"
+        git add "$(params.kustomizationPath)"
+        git commit -m "$(params.commitMessage)" || echo "No changes to commit."
+        git push origin "$(params.branch)"
+
+        echo "🧹 Cleaning up"
+        rm -rf "$TMP_DIR"

tasks/pyversion/task.yaml

@@ -0,0 +1,60 @@
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: pyversion
+spec:
+  params:
+    - name: subdirectory
+      type: string
+      description: Subdirectory within the repo where the source code is located
+      default: ""
+
+    - name: ref
+      type: string
+      description: Full Git ref string (e.g., refs/tags/v0.2.0)
+
+    - name: python-version
+      type: string
+      description: Python version to use (e.g., 3.9, 3.11)
+      default: "3.9"
+
+  workspaces:
+    - name: source
+      description: Source code workspace (includes pyproject.toml)
+
+  results:
+    - name: version
+      description: Extracted project version (e.g. 0.2.0)
+
+  steps:
+    - name: verify-tag
+      image: python:$(params.python-version)-slim
+      workingDir: /workspace/source
+      script: |
+        #!/usr/bin/env bash
+        set -e
+
+        if [ -n "$(params.subdirectory)" ]; then
+          cd "$(params.subdirectory)"
+        fi
+
+        echo "🔍 Extracting tag from Git ref..."
+        FULL_REF="$(params.ref)"
+        TAG_FROM_REF=$(basename "$FULL_REF")  # → v0.2.0
+
+        echo "📄 Reading version from pyproject.toml..."
+        pip install tomli
+        VERSION=$(python3 -c 'import tomli; print(tomli.load(open("pyproject.toml", "rb"))["tool"]["poetry"]["version"])')
+        TAG_FROM_PROJECT="v${VERSION}"
+
+        echo "🔁 Comparing Git tag and project version:"
+        echo "   - Git ref tag:      $TAG_FROM_REF"
+        echo "   - Project version:  $TAG_FROM_PROJECT"
+
+        if [ "$TAG_FROM_REF" != "$TAG_FROM_PROJECT" ]; then
+          echo "❌ Mismatch! Git tag and project version are not the same."
+          exit 1
+        fi
+
+        echo "✅ Tag and version match: $VERSION"
+        echo -n "$VERSION" > /tekton/results/version