From c10a857a839538022e14304e524454b0134d7160 Mon Sep 17 00:00:00 2001 From: BAK BYEONG JUN Date: Mon, 14 Apr 2025 20:15:05 +0000 Subject: [PATCH] init --- tasks/docker-registry/task.yaml | 28 ++++-------- tasks/secret-extract-kaniko/task.yaml | 64 +++++++++++++++++++++++++++ 2 files changed, 72 insertions(+), 20 deletions(-) create mode 100644 tasks/secret-extract-kaniko/task.yaml diff --git a/tasks/docker-registry/task.yaml b/tasks/docker-registry/task.yaml index cce7b68..8018abe 100644 --- a/tasks/docker-registry/task.yaml +++ b/tasks/docker-registry/task.yaml @@ -27,13 +27,8 @@ spec: type: string default: . - - name: pypi-username - description: PyPI username - type: string - default: "" - - - name: pypi-password - description: PyPI password + - name: kanikoArgs + description: arguments for kaniko type: string default: "" @@ -81,15 +76,6 @@ spec: } EOF - - name: debug-paths - image: alpine - workingDir: $(workspaces.source.path)/$(params.subdirectory) - script: | - #!/bin/sh - echo "▶ Current dir: $(pwd)" - echo "▶ Files:" - find . -type f - - name: kaniko-build image: gcr.io/kaniko-project/executor:v1.23.2 workingDir: $(workspaces.source.path)/$(params.subdirectory) @@ -105,7 +91,9 @@ spec: - --skip-tls-verify - --verbosity=info - --reproducible - - --build-arg - - PYPI_USERNAME=$(params.pypi-username) - - --build-arg - - PYPI_PASSWORD=$(params.pypi-password) \ No newline at end of file + {{- if ne (params.kanikoArgs) "" }} + {{- $kanikoArgs := splitList " " .Params.kanikoArgs }} + {{- range $kanikoArgs }} + - {{ . }} + {{- end }} + {{- end }} diff --git a/tasks/secret-extract-kaniko/task.yaml b/tasks/secret-extract-kaniko/task.yaml new file mode 100644 index 0000000..1603f30 --- /dev/null +++ b/tasks/secret-extract-kaniko/task.yaml @@ -0,0 +1,64 @@ +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: secret-extract-kaniko + annotations: + description: > + This task reads secret values from a workspace and combines them with parameter keys + to produce '--build-arg KEY=VALUE' formatted strings for use with Kaniko or other CLI tools. + +spec: + params: + - name: kanikoFlags + type: array + description: > + A list of argument flags (e.g. --build-arg, --verbosity) to be paired with key=value strings. + The index of each item should correspond with argumentKeys and secretKeys. + - name: argumentKeys + type: array + description: > + Build argument keys (e.g. PYPI_USERNAME) + - name: secretKeys + type: array + description: > + File names inside the secret workspace, used as values + + workspaces: + - name: secret + description: Secret workspace with files matching secretKeys + + results: + - name: kaniko-args + description: > + A space-separated string of arguments in the format '--build-arg KEY=VALUE', suitable for passing to the Kaniko executor. + + steps: + - name: extract + image: alpine:3.21.3 + workingDir: /workspace/secret + script: | + #!/bin/sh + set -e + + KANIKO_FLAGS=($(params.kanikoFlags[*])) + ARGUMENT_KEYS=($(params.argumentKeys[*])) + SECRET_KEYS=($(params.secretKeys[*])) + + FINAL_ARGS="" + + for i in $(seq 0 $((${#KANIKO_FLAGS[@]} - 1))); do + KANIKO_FLAG="${KANIKO_FLAGS[$i]}" + ARGUMENT_KEY="${ARGUMENT_KEYS[$i]}" + SECRET_KEY="${SECRET_KEYS[$i]}" + + if [ -f "$SECRET_KEY" ]; then + VAL=$(cat "$SECRET_KEY") + FINAL_ARGS="$FINAL_ARGS $KANIKO_FLAG $ARGUMENT_KEY=$VAL" + else + echo "❌ ERROR: Secret file '$SECRET_KEY' not found in workspace" + exit 1 + fi + done + + echo "✅ Final build args: $FINAL_ARGS" + echo -n "$FINAL_ARGS" > /tekton/results/kaniko-args \ No newline at end of file