From f7f7c986083752ccd934949f5dab249a4327ec90 Mon Sep 17 00:00:00 2001 From: BAK BYEONG JUN Date: Mon, 7 Apr 2025 23:23:27 +0000 Subject: [PATCH] first commit --- .devcontainer/Dockerfile | 5 + .devcontainer/devcontainer.json | 73 ++++++++++++++ .devcontainer/docker-compose.yaml | 48 ++++++++++ .devcontainer/postCreateCommand.sh | 11 +++ README.md | 0 tasks/git/task.yaml | 147 +++++++++++++++++++++++++++++ tasks/poetry/task.yaml | 69 ++++++++++++++ tasks/pypi/task.yaml | 91 ++++++++++++++++++ tasks/pytest/task.yaml | 50 ++++++++++ 9 files changed, 494 insertions(+) create mode 100644 .devcontainer/Dockerfile create mode 100644 .devcontainer/devcontainer.json create mode 100644 .devcontainer/docker-compose.yaml create mode 100644 .devcontainer/postCreateCommand.sh create mode 100644 README.md create mode 100644 tasks/git/task.yaml create mode 100644 tasks/poetry/task.yaml create mode 100644 tasks/pypi/task.yaml create mode 100644 tasks/pytest/task.yaml diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile new file mode 100644 index 0000000..d7da93a --- /dev/null +++ b/.devcontainer/Dockerfile @@ -0,0 +1,5 @@ +FROM mcr.microsoft.com/devcontainers/base:ubuntu + +RUN apt clean && apt update --fix-missing +RUN apt install -y pkg-config \ + && rm -rf /var/lib/apt/lists/* diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 0000000..f628b97 --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,73 @@ +{ + "name": "loafle.tekton-hub", + // Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile + "dockerComposeFile": "docker-compose.yaml", + "service": "app", + "workspaceFolder": "/workspace", + "shutdownAction": "stopCompose", + "features": { + "ghcr.io/devcontainers/features/git:1": {}, + "ghcr.io/devcontainers/features/docker-in-docker:2": {} + }, + // Configure tool-specific properties. + "customizations": { + // Configure properties specific to VS Code. + "vscode": { + "settings": { + "terminal.integrated.defaultProfile.linux": "zsh", + "terminal.integrated.profiles.linux": { + "zsh": { + "path": "/bin/zsh" + } + }, + "yaml.schemas": { + // ⚠️ Tekton은 참고용이며 완전한 스키마 아님 (자동완성 or lint는 제한적) + "https://raw.githubusercontent.com/tektoncd/catalog/main/task/task.yaml": [ + "**/tasks/**/*.yaml" + ], + "https://raw.githubusercontent.com/tektoncd/catalog/main/pipeline/pipeline.yaml": [ + "**/pipelines/**/*.yaml" + ], + "https://json.schemastore.org/kustomization.json": [ + "**/kustomization.yaml" + ] + }, + "yaml.customTags": [ + "!Ref", + "!Sub", + "!GetAtt", + "!Join", + "!If", + "!Equals", + "!Not", + "!And", + "!Or" + ], + "yaml.format.enable": true, + "yaml.validate": true, + "editor.formatOnSave": true + }, + "extensions": [ + "eamodio.gitlens", + "esbenp.prettier-vscode", + "ms-azuretools.vscode-docker", + "ms-kubernetes-tools.vscode-kubernetes-tools", + "redhat.vscode-tekton-pipelines", + "streetsidesoftware.code-spell-checker", + "tamasfe.even-better-toml" + ] + } + }, + // Use 'forwardPorts' to make a list of ports inside the container available locally. + // "forwardPorts": [], + // Use 'postCreateCommand' to run commands after the container is created. + "postCreateCommand": "/bin/sh ./.devcontainer/postCreateCommand.sh", + // Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root. + // "remoteUser": "vscode" + "mounts": [ + "source=${localEnv:HOME}/.gitconfig,target=/home/vscode/.gitconfig,type=bind,consistency=cached", + "source=${localEnv:HOME}/.config/pypoetry,target=/home/vscode/.config/pypoetry,type=bind,consistency=cached", + "source=${localEnv:HOME}/.ssh/id_rsa,target=/home/vscode/.ssh/id_rsa,type=bind,consistency=cached", + "source=${localEnv:HOME}/.kube/config,target=/home/vscode/.kube/config,type=bind,consistency=cached" + ] +} \ No newline at end of file diff --git a/.devcontainer/docker-compose.yaml b/.devcontainer/docker-compose.yaml new file mode 100644 index 0000000..f92ffa9 --- /dev/null +++ b/.devcontainer/docker-compose.yaml @@ -0,0 +1,48 @@ +version: "3.8" + +services: + app: + # Using a Dockerfile is optional, but included for completeness. + build: + context: . + dockerfile: Dockerfile + # [Optional] You can use build args to set options. e.g. 'VARIANT' below affects the image in the Dockerfile + # args: + # VARIANT: buster + # environment: + # PORT: 3000 + # ports: + # - 3000:3000 + + volumes: + # This is where VS Code should expect to find your project's source code and the value of "workspaceFolder" in .devcontainer/devcontainer.json + - ..:/workspace:cached + + # Uncomment the next line to use Docker from inside the container. See https://aka.ms/vscode-remote/samples/docker-from-docker-compose for details. + # - /var/run/docker.sock:/var/run/docker.sock + + # Overrides default command so things don't shut down after the process ends. + # command: /bin/sh -c "while sleep 1000; do :; done" + command: sleep infinity + + # Runs app on the same network as the service container, allows "forwardPorts" in devcontainer.json function. + # network_mode: service:another-service + + # Use "forwardPorts" in **devcontainer.json** to forward an app port locally. + # (Adding the "ports" property to this file will not forward from a Codespace.) + + # Uncomment the next line to use a non-root user for all processes - See https://aka.ms/vscode-remote/containers/non-root for details. + # user: vscode + + # Uncomment the next four lines if you will use a ptrace-based debugger like C++, Go, and Rust. + # cap_add: + # - SYS_PTRACE + # security_opt: + # - seccomp:unconfined + + # You can include other services not opened by VS Code as well + # another-service: + # image: mongo:latest + # restart: unless-stopped + + # As in the "app" service, use "forwardPorts" in **devcontainer.json** to forward an app port locally. \ No newline at end of file diff --git a/.devcontainer/postCreateCommand.sh b/.devcontainer/postCreateCommand.sh new file mode 100644 index 0000000..391bfd0 --- /dev/null +++ b/.devcontainer/postCreateCommand.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env bash + +set -ex + +# sudo apt clean +# sudo apt update --fix-missing + +# project dependency +cd /tmp +curl -LO https://github.com/tektoncd/cli/releases/download/v0.40.0/tkn_0.40.0_Linux_x86_64.tar.gz +sudo tar xvzf tkn_0.40.0_Linux_x86_64.tar.gz -C /usr/local/bin/ tkn \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..e69de29 diff --git a/tasks/git/task.yaml b/tasks/git/task.yaml new file mode 100644 index 0000000..009ce00 --- /dev/null +++ b/tasks/git/task.yaml @@ -0,0 +1,147 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: git + labels: + app.kubernetes.io/version: "0.4" + annotations: + tekton.dev/pipelines.minVersion: "0.21.0" + tekton.dev/categories: Git + tekton.dev/tags: git + tekton.dev/displayName: "git" + tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le" +spec: + description: >- + This task can be used to perform git operations. + + Git command that needs to be run can be passed as a script to + the task. This task needs authentication to git in order to push + after the git operation. + + workspaces: + - name: source + description: A workspace that contains the fetched git repository. + + - name: input + optional: true + description: | + An optional workspace that contains the files that need to be added to git. You can + access the workspace from your script using `$(workspaces.input.path)`, for instance: + + cp $(workspaces.input.path)/file_that_i_want . + git add file_that_i_want + # etc + + - name: ssh-directory + optional: true + description: | + A .ssh directory with private key, known_hosts, config, etc. Copied to + the user's home before git commands are executed. Used to authenticate + with the git remote when performing the clone. Binding a Secret to this + Workspace is strongly recommended over other volume types. + + - name: basic-auth + optional: true + description: | + A Workspace containing a .gitconfig and .git-credentials file. These + will be copied to the user's home before any git commands are run. Any + other files in this Workspace are ignored. It is strongly recommended + to use ssh-directory over basic-auth whenever possible and to bind a + Secret to this Workspace over other volume types. + params: + - name: BASE_IMAGE + description: | + The base image for the task. + type: string + # TODO: Deprecate use of root image. + default: cgr.dev/chainguard/git:root-2.39@sha256:7759f87050dd8bacabe61354d75ccd7f864d6b6f8ec42697db7159eccd491139 + + - name: GIT_USER_NAME + type: string + description: | + Git user name for performing git operation. + default: "" + + - name: GIT_USER_EMAIL + type: string + description: | + Git user email for performing git operation. + default: "" + + - name: GIT_SCRIPT + description: The git script to run. + type: string + default: | + git help + + - name: USER_HOME + description: | + Absolute path to the user's home directory. Set this explicitly if you are running the image as a non-root user or have overridden + the gitInitImage param with an image containing custom user configuration. + type: string + default: "/root" + + - name: VERBOSE + description: Log the commands that are executed during `git-clone`'s operation. + type: string + default: "true" + + results: + - name: commit + description: The precise commit SHA after the git operation. + + steps: + - name: git + image: $(params.BASE_IMAGE) + workingDir: $(workspaces.source.path) + env: + - name: HOME + value: $(params.USER_HOME) + - name: PARAM_VERBOSE + value: $(params.VERBOSE) + - name: PARAM_USER_HOME + value: $(params.USER_HOME) + - name: WORKSPACE_SSH_DIRECTORY_BOUND + value: $(workspaces.ssh-directory.bound) + - name: WORKSPACE_SSH_DIRECTORY_PATH + value: $(workspaces.ssh-directory.path) + - name: WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND + value: $(workspaces.basic-auth.bound) + - name: WORKSPACE_BASIC_AUTH_DIRECTORY_PATH + value: $(workspaces.basic-auth.path) + script: | + #!/usr/bin/env sh + set -eu + + if [ "${PARAM_VERBOSE}" = "true" ] ; then + set -x + fi + + if [ "${WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND}" = "true" ] ; then + cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials" "${PARAM_USER_HOME}/.git-credentials" + cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig" "${PARAM_USER_HOME}/.gitconfig" + chmod 400 "${PARAM_USER_HOME}/.git-credentials" + chmod 400 "${PARAM_USER_HOME}/.gitconfig" + fi + + if [ "${WORKSPACE_SSH_DIRECTORY_BOUND}" = "true" ] ; then + cp -R "${WORKSPACE_SSH_DIRECTORY_PATH}" "${PARAM_USER_HOME}"/.ssh + chmod 700 "${PARAM_USER_HOME}"/.ssh + chmod -R 400 "${PARAM_USER_HOME}"/.ssh/* + fi + + # Setting up the config for the git. + git config --global user.email "$(params.GIT_USER_EMAIL)" + git config --global user.name "$(params.GIT_USER_NAME)" + + eval '$(params.GIT_SCRIPT)' + + RESULT_SHA="$(git rev-parse HEAD | tr -d '\n')" + EXIT_CODE="$?" + if [ "$EXIT_CODE" != 0 ] + then + exit $EXIT_CODE + fi + # Make sure we don't add a trailing newline to the result! + printf "%s" "$RESULT_SHA" > "$(results.commit.path)" \ No newline at end of file diff --git a/tasks/poetry/task.yaml b/tasks/poetry/task.yaml new file mode 100644 index 0000000..93021f7 --- /dev/null +++ b/tasks/poetry/task.yaml @@ -0,0 +1,69 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: poetry + labels: + app.kubernetes.io/version: "0.4" + annotations: + tekton.dev/pipelines.minVersion: "0.21.0" + tekton.dev/categories: Poetry + tekton.dev/tags: poetry + tekton.dev/displayName: "poetry" + tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le" +spec: + description: >- + This task can be used to perform python poetry operations. + + python poetry command that needs to be run can be passed as a script to + the task. + + workspaces: + - name: source + description: A workspace that contains python source. + + params: + - name: BASE_IMAGE + description: | + The base image for the task. + type: string + default: python:3.13.2-bullseye + + - name: POETRY_VERSION + description: | + The base version of the poetry. + type: string + default: 2.1.2 + + - name: POETRY_SCRIPT + description: The poetry and python script to run. + type: string + default: | + poetry help + + - name: VERBOSE + description: Log the commands that are executed during operation. + type: string + default: "true" + + steps: + - name: poetry + image: $(params.BASE_IMAGE) + workingDir: $(workspaces.source.path) + env: + - name: POETRY_VERSION + value: $(params.POETRY_VERSION) + - name: PARAM_VERBOSE + value: $(params.VERBOSE) + script: | + #!/usr/bin/env sh + set -eu + + if [ "${PARAM_VERBOSE}" = "true" ] ; then + set -x + fi + + pipx install poetry==${POETRY_VERSION} + export PATH="$HOME/.local/bin:$PATH" + + eval '$(params.POETRY_SCRIPT)' diff --git a/tasks/pypi/task.yaml b/tasks/pypi/task.yaml new file mode 100644 index 0000000..fbc0629 --- /dev/null +++ b/tasks/pypi/task.yaml @@ -0,0 +1,91 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: pypi + labels: + app.kubernetes.io/version: "0.2" + annotations: + tekton.dev/pipelines.minVersion: "0.12.1" + tekton.dev/categories: Publishing + tekton.dev/tags: build + tekton.dev/displayName: "pypi" + tekton.dev/platforms: "linux/amd64" +spec: + description: >- + This Task publishes Python packages to PyPI index using Twine utility module. + + It provides build system independent uploads of source and binary distribution + artifacts for both new and existing projects. + + params: + - name: TWINE_REPOSITORY_URL + description: The repository (package index) to upload the package to. + default: "https://upload.pypi.org/legacy/" + type: string + - name: SECRET_NAME + description: Name of the secret containing the username & password used to upload the package. + default: "pypi-secret" + type: string + - name: SECRET_USERNAME_KEY + description: Name of the secret key containing the username. + default: "username" + type: string + - name: SECRET_PASSWORD_KEY + description: Name of the secret key containing the password. + default: "password" + type: string + - name: PREBUILD_SCRIPT + description: Script to execute prior to running setup.py. + type: string + default: '' + - name: BUILDER_IMAGE + description: Image to use for building the package + type: string + default: 'python:3.9' + + workspaces: + - name: source + + steps: + - name: build-package + image: $(params.BUILDER_IMAGE) + workingDir: $(workspaces.source.path) + script: | + $(params.PREBUILD_SCRIPT) + + python setup.py sdist bdist_wheel + - name: upload-package + image: quay.io/thoth-station/twine:v0.0.2 #tag: v0.0.2 + workingDir: $(workspaces.source.path) + env: + - name: TWINE_REPOSITORY_URL + value: $(params.TWINE_REPOSITORY_URL) + - name: TWINE_USERNAME + valueFrom: + secretKeyRef: + name: $(params.SECRET_NAME) + key: $(params.SECRET_USERNAME_KEY) + - name: TWINE_PASSWORD + valueFrom: + secretKeyRef: + name: $(params.SECRET_NAME) + key: $(params.SECRET_PASSWORD_KEY) + script: | + twine upload --disable-progress-bar dist/* + # Now write out all our results, stripping newlines. + # sdist files are .tar.gz's + sha256sum dist/*.tar.gz | tr -d '\n' | tee $(results.sdist_sha.path) + # bdist files are .whls's + sha256sum dist/*.whl | tr -d '\n' | tee $(results.bdist_sha.path) + python setup.py --name | tr -d '\n' | tee $(results.package_name.path) + python setup.py --version | tr -d '\n' | tee $(results.package_version.path) + results: + - name: sdist_sha + description: sha256 (and filename) of the sdist package + - name: bdist_sha + description: sha256 (and filename) of the bdist package + - name: package_name + description: name of the uploaded package + - name: package_version + description: version of the uploaded package \ No newline at end of file diff --git a/tasks/pytest/task.yaml b/tasks/pytest/task.yaml new file mode 100644 index 0000000..70f7614 --- /dev/null +++ b/tasks/pytest/task.yaml @@ -0,0 +1,50 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: pytest + labels: + app.kubernetes.io/version: "0.2" + annotations: + tekton.dev/pipelines.minVersion: "0.56.1" + tekton.dev/displayName: "pytest" + tekton.dev/categories: Developer Tools + tekton.dev/tags: pytest + tekton.dev/platforms: "linux/amd64" +spec: + description: >- + These tasks make it possible to use pytest within your Tekton pipelines + + pytest is a tool for testing configuration files using Open Policy Agent. + + workspaces: + - name: source + params: + - name: BASE_IMAGE + description: | + The base image for the task. + type: string + default: python:3.13.2-bullseye + - name: VERBOSE + description: Log the commands that are executed during operation. + type: string + default: "true" + + steps: + - name: pytest + image: $(params.BASE_IMAGE) + workingDir: $(workspaces.source.path) + env: + - name: PARAM_VERBOSE + value: $(params.VERBOSE) + script: | + #!/usr/bin/env sh + set -eu + + if [ "${PARAM_VERBOSE}" = "true" ] ; then + set -x + fi + + pip install -U pytest + + pytest \ No newline at end of file