init

tasks/gitops-repository/task.yaml

@@ -2,101 +2,98 @@ apiVersion: tekton.dev/v1beta1
 kind: Task
 metadata:
   name: gitops-repository
+  annotations:
+    tekton.dev/pipelines.minVersion: "0.19.0"
+    tekton.dev/categories: GitOps
+    tekton.dev/tags: git, helm, devops
+    tekton.dev/displayName: "Update image tag in Helm values.yaml"
+    tekton.dev/platforms: "linux/amd64"
 spec:
+  description: |
+    Updates the image.tag field in a Helm values.yaml file and commits the change
+    to the corresponding GitOps repository derived from the application source repo.
+
   params:
     - name: repositoryUrl
       type: string
-      description: |
+      description: Source repository URL (used to derive GitOps repo)
-        Source repository URL (used to derive GitOps repo) 
-        (e.g. git@github.com:org/app.git)
-        (e.g. https://github.com/org/app.git)
 
     - name: branch
       type: string
       default: main
-      description: Branch to push to
+      description: Git branch to push to
 
     - name: imageUrl
       type: string
-      description: Full image URL (e.g. registry.com/app:v0.2.0)
+      description: Full image URL (e.g. registry/app:v0.2.0)
 
-    - name: kustomizationPath
+    - name: valuesPath
       type: string
-      default: overlays/staging/kustomization.yaml
+      description: Path to Helm values file (e.g. overlays/staging/values-staging.yaml)
-      description: Relative path to file to update
 
     - name: commitMessage
       type: string
       default: "chore(gitops): update image tag"
-      description: Commit message to use
+      description: Commit message
 
   workspaces:
     - name: ssh-directory
       optional: true
-      description: |
+      description: SSH credentials (private key, known_hosts)
-        A .ssh directory with private key, known_hosts, config, etc.
-        Copied to the user's home before git commands are executed.
 
     - name: basic-auth
       optional: true
-      description: |
+      description: .gitconfig and .git-credentials
-        A Workspace containing a .gitconfig and .git-credentials file.
 
     - name: ssl-ca-directory
       optional: true
-      description: |
+      description: Custom CA certificates (optional)
-        A workspace containing CA certificates, used by Git for SSL verification.
 
   steps:
-    - name: clone-update-push
+    - name: update-and-push
-      image: alpine/git
+      image: alpine:3.19
-      env:
+      workingDir: /workspace
-        - name: HOME
-          value: /tekton/home
       script: |
         #!/bin/sh
         set -e
 
-        echo "🔐 Git 인증 설정 중..."
+        echo "🔐 Preparing Git authentication..."
-        mkdir -p /tekton/home
+        mkdir -p /root/.ssh
         if [ -d /workspace/ssh-directory ]; then
-          mkdir -p /tekton/home/.ssh
+          cp -R /workspace/ssh-directory/* /root/.ssh/
-          cp -R /workspace/ssh-directory/* /tekton/home/.ssh/
+          chmod 700 /root/.ssh
-          chmod 700 /tekton/home/.ssh
         fi
         if [ -d /workspace/basic-auth ]; then
-          cp /workspace/basic-auth/.gitconfig /tekton/home/.gitconfig || true
+          cp /workspace/basic-auth/.gitconfig /root/.gitconfig || true
-          cp /workspace/basic-auth/.git-credentials /tekton/home/.git-credentials || true
+          cp /workspace/basic-auth/.git-credentials /root/.git-credentials || true
         fi
         if [ -d /workspace/ssl-ca-directory ]; then
           export GIT_SSL_CAINFO="/workspace/ssl-ca-directory/ca.crt"
         fi
 
-        echo "🔧 GitOps 저장소 URL 자동 변환"
+        echo "📦 Installing Git + yq..."
-        SOURCE_REPO="$(params.repositoryUrl)"
+        apk add --no-cache git yq openssh
-        GITOPS_REPO=$(echo "$SOURCE_REPO" | sed 's/\.git$/-ops.git/')
-        echo "🧩 Cloning GitOps repo: $GITOPS_REPO"
 
-        TMP_DIR="/tmp/gitops"
+        REPO_URL="$(params.repositoryUrl)"
-        rm -rf "$TMP_DIR"
+        GITOPS_REPO=$(echo "$REPO_URL" | sed 's/\.git$/-ops.git/')
-        git clone --branch "$(params.branch)" "$GITOPS_REPO" "$TMP_DIR"
+        BRANCH="$(params.branch)"
+        VALUES_PATH="$(params.valuesPath)"
+        IMAGE="$(params.imageUrl)"
+        TAG=$(echo "$IMAGE" | cut -d: -f2)
+
+        echo "📥 Cloning $GITOPS_REPO..."
+        TMP_DIR=$(mktemp -d)
+        git clone --branch "$BRANCH" "$GITOPS_REPO" "$TMP_DIR"
         cd "$TMP_DIR"
 
-        echo "🔍 Updating image tag in: $(params.kustomizationPath)"
+        echo "🛠 Updating image.tag in $VALUES_PATH to $TAG"
-        IMAGE_FULL="$(params.imageUrl)"
+        yq e ".image.tag = \"$TAG\"" -i "$VALUES_PATH"
-        NAME=$(echo "$IMAGE_FULL" | cut -d: -f1)
-        TAG=$(echo "$IMAGE_FULL" | cut -d: -f2)
-        sed -i "s|\(name: $NAME\s*newTag: \).*|\1$TAG|" "$(params.kustomizationPath)" || {
-          echo "❌ Failed to patch tag"
-          exit 1
-        }
 
-        echo "✅ Committing & pushing changes"
         git config user.name "tekton-ci"
         git config user.email "ci@example.com"
-        git add "$(params.kustomizationPath)"
+        git add "$VALUES_PATH"
         git commit -m "$(params.commitMessage)" || echo "No changes to commit."
-        git push origin "$(params.branch)"
+        git push origin "$BRANCH"
 
-        echo "🧹 Cleaning up"
+        echo "🧹 Cleaning up..."
         rm -rf "$TMP_DIR"