loafle/tekton-hub
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

init

Browse Source
This commit is contained in:
병준 박 2025-04-15 06:35:10 +00:00
parent 31ffd7c620
commit 73210d1db7
4 changed files with 44 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
tasks/before-pipeline/task.yaml
View File

@ -32,5 +32,6 @@ spec:
#!/bin/bash #!/bin/bash
workingFolder="$(params.workingFolderPrefix)-$(date +%s)-$(head /dev/urandom | tr -dc a-z0-9 | head -c 6)" workingFolder="$(params.workingFolderPrefix)-$(date +%s)-$(head /dev/urandom | tr -dc a-z0-9 | head -c 6)"
mkdir -p /workspace/shared/${workingFolder} mkdir -p /workspace/shared/${workingFolder}
mkdir -p /workspace/shared/${workingFolder}/___HOME___
echo "Created folder: ${workingFolder}" echo "Created folder: ${workingFolder}"
echo -n "${workingFolder}" > $(results.workingFolder.path) echo -n "${workingFolder}" > $(results.workingFolder.path)

6
tasks/docker-registry/task.yaml
View File

@ -87,14 +87,10 @@ spec:
value: /tekton/home/.docker value: /tekton/home/.docker
command: command:
- /kaniko/executor - /kaniko/executor
args: |- args:
{{- range splitList " " .Params.kanikoArgsList }}
- '{{ . }}'
{{- end }}
- --dockerfile=$(params.dockerfile) - --dockerfile=$(params.dockerfile)
- --context=$(params.context) - --context=$(params.context)
- --destination=$(params.imageName):$(params.tag) - --destination=$(params.imageName):$(params.tag)
- --skip-tls-verify - --skip-tls-verify
- --verbosity=info - --verbosity=info
- --reproducible - --reproducible

120
tasks/secret-extract-kaniko/task.yaml
View File

@ -1,120 +0,0 @@
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: secret-extract-kaniko
annotations:
description: >
Combines parameterized keys and values from a mounted secret workspace into a Kaniko-style
'--build-arg KEY=VALUE' flat string. This result is usable with splitList and Kaniko's args.
spec:
params:
- name: kanikoFlags
type: array
description: >
List of argument flags such as '--build-arg' (length must match argumentKeys and secretKeys).
- name: argumentKeys
type: array
description: >
Keys to be used as the left-hand side of '--build-arg KEY=VALUE'.
- name: secretKeys
type: array
description: >
File names to read from the 'secret' workspace for the corresponding key's value.
results:
- name: kanikoArgs
description: >
Flat string of build arguments for Kaniko (e.g. '--build-arg KEY=VALUE ...').
workspaces:
- name: secret
description: >
Workspace where secret files (secretKeys) are mounted.
steps:
- name: build-arg-string
image: alpine:3.21.3
workingDir: /workspace/secret
args:
- $(params.kanikoFlags[*])
- ---
- $(params.argumentKeys[*])
- ---
- $(params.secretKeys[*])
script: |
#!/bin/sh
set -e
# Parse positional args by splitting into three sections via delimiter ---
kanikoFlag_section=true
argumentKey_section=false
secretKey_section=false
KANIKO_FLAGS=""
ARGUMENT_KEYS=""
SECRET_KEYS=""
for val in "$@"; do
if [ "$val" = "---" ]; then
if [ "$kanikoFlag_section" = true ]; then
kanikoFlag_section=false
argumentKey_section=true
elif [ "$argumentKey_section" = true ]; then
argumentKey_section=false
secretKey_section=true
fi
continue
fi
if [ "$kanikoFlag_section" = true ]; then
KANIKO_FLAGS="$KANIKO_FLAGS $val"
elif [ "$argumentKey_section" = true ]; then
ARGUMENT_KEYS="$ARGUMENT_KEYS $val"
elif [ "$secretKey_section" = true ]; then
SECRET_KEYS="$SECRET_KEYS $val"
fi
done
# Trim leading/trailing spaces
KANIKO_FLAGS=$(echo "$KANIKO_FLAGS" | sed 's/^ *//;s/ *$//')
ARGUMENT_KEYS=$(echo "$ARGUMENT_KEYS" | sed 's/^ *//;s/ *$//')
SECRET_KEYS=$(echo "$SECRET_KEYS" | sed 's/^ *//;s/ *$//')
# Count elements in each list
count_flags=$(echo "$KANIKO_FLAGS" | wc -w)
count_keys=$(echo "$ARGUMENT_KEYS" | wc -w)
count_secrets=$(echo "$SECRET_KEYS" | wc -w)
if [ "$count_flags" != "$count_keys" ] || [ "$count_flags" != "$count_secrets" ]; then
echo "❌ Mismatched counts for flags, keys, or secrets."
exit 1
fi
KANIKO_ARGS=""
i=1
while [ "$i" -le "$count_flags" ]; do
# Extract i-th element
kanikoFlag=$(echo "$KANIKO_FLAGS" | cut -d' ' -f"$i")
argumentKey=$(echo "$ARGUMENT_KEYS" | cut -d' ' -f"$i")
secretKey=$(echo "$SECRET_KEYS" | cut -d' ' -f"$i")
if [ ! -f "$secretKey" ]; then
echo "❌ Missing secret file: $secretKey"
exit 1
fi
secretValue=$(cat "$secretKey")
if [ -z "$KANIKO_ARGS" ]; then
KANIKO_ARGS="$kanikoFlag=$argumentKey=$secretValue"
else
KANIKO_ARGS="${KANIKO_ARGS} $kanikoFlag=$argumentKey=$secretValue"
fi
i=$((i + 1))
done
# Trim leading/trailing spaces from final output
KANIKO_ARGS=$(echo "$KANIKO_ARGS" | sed 's/^ *//;s/ *$//')
echo "✅ Final Kaniko args:"
echo "$KANIKO_ARGS"
echo -e "$KANIKO_ARGS" > /tekton/results/kanikoArgs

42
tasks/secret-home/task.yaml Normal file
View File

@ -0,0 +1,42 @@
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: secret-home
spec:
params:
- name: subdirectory
type: string
description: Subdirectory within the repo where the source code is located
default: ""
- name: keys
type: array
description: Name of the key(s) to extract from the secret
workspaces:
- name: source
description: Workspace containing the cloned Git repository
steps:
- name: extract
image: alpine:3.21.3
workingDir: /workspace/source/$(params.subdirectory)
script: |
#!/bin/sh
set -e
apk add --no-cache rsync
for key in $(params.keys); do
echo "Copying $key"
target="/workspace/source/$(params.subdirectory)/___HOME___/$key"
mkdir -p "$(dirname "$target")"
rsync -R "/secrets/credentials/$key" "$(dirname "$target")"
done
volumeMounts:
- name: credentials
mountPath: /secrets/credentials
volumes:
- name: credentials
secret:
secretName: credentials