loafle/tekton-hub
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

init

Browse Source
This commit is contained in:
병준 박 2025-04-10 12:51:20 +00:00
parent 2db7e72d88
commit e7e998b1a7
1 changed files with 162 additions and 186 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

344
tasks/git-clone-checkout/task.yaml
View File

@ -3,93 +3,114 @@ kind: Task
metadata: metadata:
name: git-clone-checkout name: git-clone-checkout
spec: spec:
description: |
This task clones a Git repository and checks out a specified branch if it exists.
Supports SSH, basic-auth, custom CA certs, sparse checkout, submodules, shallow clone, and proxy settings.
The commit SHA, committer date, and fetched URL are exposed as Task results.
params:
- name: repoUrl
type: string
description: The Git repository URL to clone.
- name: revision
type: string
default: ""
description: The branch or commit SHA to check out. If empty, default branch will be used.
- name: refspec
type: string
default: ""
description: Refspec to fetch before checking out revision.
- name: submodules
type: string
default: "true"
description: Initialize and fetch git submodules.
- name: depth
type: string
default: "1"
description: Perform a shallow clone, fetching only the most recent N commits.
- name: sslVerify
type: string
default: "true"
description: |
Set the `http.sslVerify` global git config.
Setting this to `false` is not advised unless you are sure that you trust your git remote.
- name: crtFileName
type: string
default: "ca-bundle.crt"
description: file name of mounted crt using ssl-ca-directory workspace.
- name: subdirectory
type: string
default: ""
description: Subdirectory inside the `output` Workspace to clone the repo into.
- name: sparseCheckoutDirectories
type: string
default: ""
description: Define the directory patterns to match or exclude when performing a sparse checkout.
- name: deleteExisting
type: string
default: "true"
description: Clean out the contents of the destination directory if it already exists before cloning.
- name: httpProxy
type: string
default: ""
description: HTTP proxy server for non-SSL requests.
- name: httpsProxy
type: string
default: ""
description: HTTPS proxy server for SSL requests.
- name: noProxy
type: string
default: ""
description: Opt out of proxying HTTP/HTTPS requests.
- name: verbose
type: string
default: "true"
description: Log the commands that are executed during `git-clone`'s operation.
- name: gitInitImage
type: string
default: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.40.2"
description: The image providing the git-init binary that this Task runs.
- name: userHome
type: string
default: "/home/git"
description: Absolute path to the user's home directory.
workspaces: workspaces:
- name: output - name: output
description: The git repo will be cloned onto the volume backing this Workspace. description: The workspace where the repository will be cloned.
- name: ssh-directory - name: ssh-directory
optional: true optional: true
description: | description: |
A .ssh directory with private key, known_hosts, config, etc. Copied to A .ssh directory with private key, known_hosts, config, etc.
the user's home before git commands are executed. Used to authenticate Copied to the user's home before git commands are executed.
with the git remote when performing the clone. Binding a Secret to this
Workspace is strongly recommended over other volume types.
- name: basic-auth - name: basic-auth
optional: true optional: true
description: | description: |
A Workspace containing a .gitconfig and .git-credentials file. These A Workspace containing a .gitconfig and .git-credentials file.
will be copied to the user's home before any git commands are run. Any
other files in this Workspace are ignored. It is strongly recommended
to use ssh-directory over basic-auth whenever possible and to bind a
Secret to this Workspace over other volume types.
- name: ssl-ca-directory - name: ssl-ca-directory
optional: true optional: true
description: | description: |
A workspace containing CA certificates, this will be used by Git to A workspace containing CA certificates, used by Git for SSL verification.
verify the peer with when fetching or pushing over HTTPS.
params:
- name: url
description: Repository URL to clone from.
type: string
- name: revision
description: Revision to checkout. (branch, tag, sha, ref, etc...)
type: string
default: ""
- name: refspec
description: Refspec to fetch before checking out revision.
default: ""
- name: submodules
description: Initialize and fetch git submodules.
type: string
default: "true"
- name: depth
description: Perform a shallow clone, fetching only the most recent N commits.
type: string
default: "1"
- name: sslVerify
description: Set the `http.sslVerify` global git config. Setting this to `false` is not advised unless you are sure that you trust your git remote.
type: string
default: "true"
- name: crtFileName
description: file name of mounted crt using ssl-ca-directory workspace. default value is ca-bundle.crt.
type: string
default: "ca-bundle.crt"
- name: subdirectory
description: Subdirectory inside the `output` Workspace to clone the repo into.
type: string
default: ""
- name: sparseCheckoutDirectories
description: Define the directory patterns to match or exclude when performing a sparse checkout.
type: string
default: ""
- name: deleteExisting
description: Clean out the contents of the destination directory if it already exists before cloning.
type: string
default: "true"
- name: httpProxy
description: HTTP proxy server for non-SSL requests.
type: string
default: ""
- name: httpsProxy
description: HTTPS proxy server for SSL requests.
type: string
default: ""
- name: noProxy
description: Opt out of proxying HTTP/HTTPS requests.
type: string
default: ""
- name: verbose
description: Log the commands that are executed during `git-clone`'s operation.
type: string
default: "true"
- name: gitInitImage
description: The image providing the git-init binary that this Task runs.
type: string
default: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.40.2"
- name: userHome
description: |
Absolute path to the user's home directory.
type: string
default: "/home/git"
results: results:
- name: commit - name: commit
description: The precise commit SHA that was fetched by this Task. description: The precise commit SHA that was fetched by this Task.
@ -97,129 +118,84 @@ spec:
description: The precise URL that was fetched by this Task. description: The precise URL that was fetched by this Task.
- name: committer-date - name: committer-date
description: The epoch timestamp of the commit that was fetched by this Task. description: The epoch timestamp of the commit that was fetched by this Task.
steps: steps:
- name: clone - name: clone
image: "$(params.gitInitImage)" image: $(params.gitInitImage)
env: env:
- name: HOME - name: HOME
value: "$(params.userHome)"
- name: PARAM_URL
value: $(params.url)
- name: PARAM_REVISION
value: $(params.revision)
- name: PARAM_REFSPEC
value: $(params.refspec)
- name: PARAM_SUBMODULES
value: $(params.submodules)
- name: PARAM_DEPTH
value: $(params.depth)
- name: PARAM_SSL_VERIFY
value: $(params.sslVerify)
- name: PARAM_CRT_FILENAME
value: $(params.crtFileName)
- name: PARAM_SUBDIRECTORY
value: $(params.subdirectory)
- name: PARAM_DELETE_EXISTING
value: $(params.deleteExisting)
- name: PARAM_HTTP_PROXY
value: $(params.httpProxy)
- name: PARAM_HTTPS_PROXY
value: $(params.httpsProxy)
- name: PARAM_NO_PROXY
value: $(params.noProxy)
- name: PARAM_VERBOSE
value: $(params.verbose)
- name: PARAM_SPARSE_CHECKOUT_DIRECTORIES
value: $(params.sparseCheckoutDirectories)
- name: PARAM_USER_HOME
value: $(params.userHome) value: $(params.userHome)
- name: WORKSPACE_OUTPUT_PATH - name: SSL_CERT_FILE
value: $(workspaces.output.path) value: "/workspace/ssl-ca-directory/$(params.crtFileName)"
- name: WORKSPACE_SSH_DIRECTORY_BOUND - name: HTTP_PROXY
value: $(workspaces.ssh-directory.bound) value: $(params.httpProxy)
- name: WORKSPACE_SSH_DIRECTORY_PATH - name: HTTPS_PROXY
value: $(workspaces.ssh-directory.path) value: $(params.httpsProxy)
- name: WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND - name: NO_PROXY
value: $(workspaces.basic-auth.bound) value: $(params.noProxy)
- name: WORKSPACE_BASIC_AUTH_DIRECTORY_PATH
value: $(workspaces.basic-auth.path)
- name: WORKSPACE_SSL_CA_DIRECTORY_BOUND
value: $(workspaces.ssl-ca-directory.bound)
- name: WORKSPACE_SSL_CA_DIRECTORY_PATH
value: $(workspaces.ssl-ca-directory.path)
securityContext:
runAsNonRoot: true
runAsUser: 65532
script: | script: |
#!/usr/bin/env sh #!/bin/sh
set -eu set -eu
if [ "${PARAM_VERBOSE}" = "true" ] ; then echo "[INFO] Preparing home and auth setup..."
set -x mkdir -p $(params.userHome)/.ssh
if [ -d "/workspace/ssh-directory" ]; then
cp -R /workspace/ssh-directory/* $(params.userHome)/.ssh/
chmod 700 $(params.userHome)/.ssh
chmod 600 $(params.userHome)/.ssh/*
fi fi
if [ "${WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND}" = "true" ] ; then if [ -d "/workspace/basic-auth" ]; then
cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials" "${PARAM_USER_HOME}/.git-credentials" cp /workspace/basic-auth/.gitconfig $(params.userHome)/.gitconfig || true
cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig" "${PARAM_USER_HOME}/.gitconfig" cp /workspace/basic-auth/.git-credentials $(params.userHome)/.git-credentials || true
chmod 400 "${PARAM_USER_HOME}/.git-credentials"
chmod 400 "${PARAM_USER_HOME}/.gitconfig"
fi fi
if [ "${WORKSPACE_SSH_DIRECTORY_BOUND}" = "true" ] ; then if [ "$(params.sslVerify)" = "false" ]; then
cp -R "${WORKSPACE_SSH_DIRECTORY_PATH}" "${PARAM_USER_HOME}"/.ssh echo "[INFO] Disabling SSL verification"
chmod 700 "${PARAM_USER_HOME}"/.ssh git config --global http.sslVerify false
chmod -R 400 "${PARAM_USER_HOME}"/.ssh/*
fi fi
if [ "${WORKSPACE_SSL_CA_DIRECTORY_BOUND}" = "true" ] ; then cd /workspace/output
export GIT_SSL_CAPATH="${WORKSPACE_SSL_CA_DIRECTORY_PATH}"
if [ "${PARAM_CRT_FILENAME}" != "" ] ; then
export GIT_SSL_CAINFO="${WORKSPACE_SSL_CA_DIRECTORY_PATH}/${PARAM_CRT_FILENAME}"
fi
fi
CHECKOUT_DIR="${WORKSPACE_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}"
cleandir() { CLONE_DIR="$(params.subdirectory)"
# Delete any existing contents of the repo directory if it exists. if [ -z "$CLONE_DIR" ]; then
# CLONE_DIR="."
# We don't just "rm -rf ${CHECKOUT_DIR}" because ${CHECKOUT_DIR} might be "/"
# or the root of a mounted volume.
if [ -d "${CHECKOUT_DIR}" ] ; then
# Delete non-hidden files and directories
rm -rf "${CHECKOUT_DIR:?}"/*
# Delete files and directories starting with . but excluding ..
rm -rf "${CHECKOUT_DIR}"/.[!.]*
# Delete files and directories starting with .. plus any other character
rm -rf "${CHECKOUT_DIR}"/..?*
fi
}
if [ "${PARAM_DELETE_EXISTING}" = "true" ] ; then
cleandir || true
fi fi
test -z "${PARAM_HTTP_PROXY}" || export HTTP_PROXY="${PARAM_HTTP_PROXY}" if [ "$(params.deleteExisting)" = "true" ] && [ -d "$CLONE_DIR" ]; then
test -z "${PARAM_HTTPS_PROXY}" || export HTTPS_PROXY="${PARAM_HTTPS_PROXY}" echo "[INFO] Deleting existing directory $CLONE_DIR"
test -z "${PARAM_NO_PROXY}" || export NO_PROXY="${PARAM_NO_PROXY}" rm -rf "$CLONE_DIR"
git config --global --add safe.directory "${WORKSPACE_OUTPUT_PATH}"
/ko-app/git-init \
-url="${PARAM_URL}" \
-revision="${PARAM_REVISION}" \
-refspec="${PARAM_REFSPEC}" \
-path="${CHECKOUT_DIR}" \
-sslVerify="${PARAM_SSL_VERIFY}" \
-submodules="${PARAM_SUBMODULES}" \
-depth="${PARAM_DEPTH}" \
-sparseCheckoutDirectories="${PARAM_SPARSE_CHECKOUT_DIRECTORIES}"
cd "${CHECKOUT_DIR}"
RESULT_SHA="$(git rev-parse HEAD)"
EXIT_CODE="$?"
if [ "${EXIT_CODE}" != 0 ] ; then
exit "${EXIT_CODE}"
fi fi
RESULT_COMMITTER_DATE="$(git log -1 --pretty=%ct)"
printf "%s" "${RESULT_COMMITTER_DATE}" > "$(results.committer-date.path)" echo "[INFO] Cloning repository..."
printf "%s" "${RESULT_SHA}" > "$(results.commit.path)" git clone --depth=$(params.depth) $(params.repoUrl) "$CLONE_DIR"
printf "%s" "${PARAM_URL}" > "$(results.url.path)" cd "$CLONE_DIR"
if [ -n "$(params.refspec)" ]; then
git fetch origin $(params.refspec)
fi
if [ -n "$(params.revision)" ]; then
echo "[INFO] Checking out revision: $(params.revision)"
git checkout $(params.revision) || git checkout -b $(params.revision) origin/$(params.revision) || echo "[WARN] Failed to checkout revision"
fi
if [ "$(params.submodules)" = "true" ]; then
echo "[INFO] Initializing submodules..."
git submodule update --init --recursive
fi
if [ -n "$(params.sparseCheckoutDirectories)" ]; then
echo "[INFO] Setting up sparse checkout..."
git config core.sparseCheckout true
echo "$(params.sparseCheckoutDirectories)" > .git/info/sparse-checkout
git read-tree -mu HEAD
fi
echo "[INFO] Writing Task results..."
echo -n "$(git rev-parse HEAD)" > $(results.commit.path)
echo -n "$(git config --get remote.origin.url)" > $(results.url.path)
echo -n "$(git show -s --format=%ct HEAD)" > $(results.committer-date.path)
echo "[INFO] Clone and checkout complete"