init

tasks/docker-registry/task.yaml

@@ -1,4 +1,4 @@
-apiVersion: tekton.dev/v1beta1
+apiVersion: tekton.dev/v1
 kind: Task
 metadata:
   name: docker-registry
@@ -39,38 +39,51 @@ spec:
       description: Final pushed image URL with tag (e.g. registry/app:v0.2.0)
 
   steps:
-    - name: write-docker-config
+    - name: build-and-push
-      image: alpine:3.18
+      image: bash:5
-      workingDir: /workspace/source
-      script: |
-        #!/bin/sh
-        set -e
-
-        if [ -n "$(params.subdirectory)" ]; then
-          cd "$(params.subdirectory)"
-        fi
-
-        IMAGE="$(params.imageName):$(params.tag)"
-        USERNAME=$(cat /workspace/docker-auth/username)
-        PASSWORD=$(cat /workspace/docker-auth/password)
-        REGISTRY=$(echo "$IMAGE" | cut -d/ -f1)
-
-        echo "🔐 Creating Docker config for $REGISTRY..."
-        mkdir -p /tekton/home/.docker
-        echo "{\"auths\": {\"$REGISTRY\": {\"auth\": \"$(echo -n "$USERNAME:$PASSWORD" | base64)\"}}}" \
-          > /tekton/home/.docker/config.json
-
-    - name: kaniko-build
-      image: gcr.io/kaniko-project/executor:v1.23.2
       workingDir: /workspace/source
       env:
         - name: DOCKER_CONFIG
           value: /tekton/home/.docker
-      args:
+      script: |
-        - --dockerfile=$(params.dockerfile)
+        #!/usr/bin/env bash
-        - --context=$(params.context)
+        set -euo pipefail
-        - --destination=$(params.imageName):$(params.tag)
+
-        - --skip-tls-verify
+        if [[ -n "$(params.subdirectory)" ]]; then
-        - --reproducible
+          cd "$(params.subdirectory)"
-        - --verbosity=info
+        fi
+
+        IMAGE="$(params.imageName):$(params.tag)"
+        echo "📦 Using image: $IMAGE"
+        echo -n "$IMAGE" > /tekton/results/imageUrl
+
+        USERNAME=$(cat /workspace/docker-auth/username)
+        PASSWORD=$(cat /workspace/docker-auth/password)
+        REGISTRY=$(cut -d/ -f1 <<< "$IMAGE")
+
+        echo "🔐 Writing Docker config for $REGISTRY..."
+        mkdir -p "$DOCKER_CONFIG"
+        cat > "$DOCKER_CONFIG/config.json" <<EOF
+        {
+          "auths": {
+            "$REGISTRY": {
+              "auth": "$(echo -n "$USERNAME:$PASSWORD" | base64)"
+            }
+          }
+        }
+        EOF
+
+        echo "📥 Downloading Kaniko executor..."
+        curl -sSL -o /kaniko.tar.gz https://github.com/GoogleContainerTools/kaniko/releases/download/v1.23.2/executor-linux-amd64.tar.gz
+        mkdir -p /kaniko && tar -xzf /kaniko.tar.gz -C /kaniko
+        chmod +x /kaniko/executor
+
+        echo "🚀 Building and pushing image..."
+        /kaniko/executor \
+          --dockerfile="$(params.dockerfile)" \
+          --context="$(params.context)" \
+          --destination="$IMAGE" \
+          --skip-tls-verify \
+          --reproducible \
+          --verbosity=info
 

tasks/git-gitops-sync/task.yaml

@@ -1,4 +1,4 @@
-apiVersion: tekton.dev/v1beta1
+apiVersion: tekton.dev/v1
 kind: Task
 metadata:
   name: git-gitops-sync

tasks/nodejs-nx-version/task.yaml

@@ -1,4 +1,4 @@
-apiVersion: tekton.dev/v1beta1
+apiVersion: tekton.dev/v1
 kind: Task
 metadata:
   name: nx-nodejs-version

tasks/pybuild/task.yaml

@@ -1,4 +1,4 @@
-apiVersion: tekton.dev/v1beta1
+apiVersion: tekton.dev/v1
 kind: Task
 metadata:
   name: pybuild

tasks/pylint/task.yaml

@@ -1,4 +1,4 @@
-apiVersion: tekton.dev/v1beta1
+apiVersion: tekton.dev/v1
 kind: Task
 metadata:
   name: pylint

tasks/pypi/task.yaml

@@ -1,4 +1,4 @@
-apiVersion: tekton.dev/v1beta1
+apiVersion: tekton.dev/v1
 kind: Task
 metadata:
   name: pypi

tasks/pytest/task.yaml

@@ -1,4 +1,4 @@
-apiVersion: tekton.dev/v1beta1
+apiVersion: tekton.dev/v1
 kind: Task
 metadata:
   name: pytest

tasks/pyversion/task.yaml

@@ -1,4 +1,4 @@
-apiVersion: tekton.dev/v1beta1
+apiVersion: tekton.dev/v1
 kind: Task
 metadata:
   name: pyversion

tasks/sonarqube-analysis/taks.yaml

@@ -0,0 +1,48 @@
+apiVersion: tekton.dev/v1
+kind: Task
+metadata:
+  name: sonarqube-analysis
+spec:
+  params:
+    - name: subdirectory
+      type: string
+      default: ""
+      description: Subdirectory within workspace containing the source (if any)
+
+    - name: sonarHostUrl
+      type: string
+      default: "https://sonarqube.unbox-x.net"
+      description: SonarQube server URL
+
+    - name: projectKey
+      type: string
+      description: SonarQube project key
+
+  workspaces:
+    - name: source
+      description: Workspace with source code (e.g. from git-clone)
+
+    - name: sonar-auth
+      description: |
+        Workspace containing authentication token (file: `token`)
+
+  steps:
+    - name: sonar-scan
+      image: sonarsource/sonar-scanner-cli:5
+      workingDir: /workspace/source
+      script: |
+        #!/bin/sh
+        set -e
+
+        if [ -n "$(params.subdirectory)" ]; then
+          cd "$(params.subdirectory)"
+        fi
+
+        SONAR_TOKEN=$(cat /workspace/sonar-auth/token)
+
+        echo "📡 Running SonarQube analysis on project $(params.projectKey)..."
+
+        sonar-scanner \
+          -Dsonar.projectKey=$(params.projectKey) \
+          -Dsonar.host.url=$(params.sonarHostUrl) \
+          -Dsonar.login=$SONAR_TOKEN