apiVersion: tekton.dev/v1beta1 kind: Task metadata: name: git-clone labels: app.kubernetes.io/version: "0.9" annotations: tekton.dev/pipelines.minVersion: "0.38.0" tekton.dev/categories: Git tekton.dev/tags: git tekton.dev/displayName: "git clone" tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" spec: description: >- These Tasks are Git tasks to work with repositories used by other tasks in your Pipeline. The git-clone Task will clone a repo from the provided url into the output Workspace. By default the repo will be cloned into the root of your Workspace. You can clone into a subdirectory by setting this Task's subdirectory param. This Task also supports sparse checkouts. To perform a sparse checkout, pass a list of comma separated directory patterns to this Task's sparseCheckoutDirectories param. workspaces: - name: base description: The workspace where the repository will be cloned. params: - name: context type: string default: "" description: context directory - name: source type: string default: "source" description: | source directory (sub directory of context) - name: url description: Repository URL to clone from. type: string - name: revision description: Revision to checkout. (branch, tag, sha, ref, etc...) type: string default: "" - name: refspec description: Refspec to fetch before checking out revision. default: "" - name: submodules description: Initialize and fetch git submodules. type: string default: "true" - name: depth description: Perform a shallow clone, fetching only the most recent N commits. type: string default: "1" - name: sslVerify description: Set the `http.sslVerify` global git config. Setting this to `false` is not advised unless you are sure that you trust your git remote. type: string default: "true" - name: crtFileName description: file name of mounted crt using ssl-ca-directory workspace. default value is ca-bundle.crt. type: string default: "ca-bundle.crt" - name: sparseCheckoutDirectories description: Define the directory patterns to match or exclude when performing a sparse checkout. type: string default: "" - name: deleteExisting description: Clean out the contents of the destination directory if it already exists before cloning. type: string default: "true" - name: httpProxy description: HTTP proxy server for non-SSL requests. type: string default: "" - name: httpsProxy description: HTTPS proxy server for SSL requests. type: string default: "" - name: noProxy description: Opt out of proxying HTTP/HTTPS requests. type: string default: "" - name: verbose description: Log the commands that are executed during `git-clone`'s operation. type: string default: "true" - name: gitInitImage description: The image providing the git-init binary that this Task runs. type: string default: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.40.2" results: - name: commit description: The precise commit SHA that was fetched by this Task. - name: url description: The precise URL that was fetched by this Task. - name: committer-date description: The epoch timestamp of the commit that was fetched by this Task. steps: - name: clone image: "$(params.gitInitImage)" env: - name: HOME value: /workspace/base/$(params.context)/home - name: PARAM_CONTEXT value: $(params.context) - name: PARAM_SOURCE value: $(params.source) - name: PARAM_URL value: $(params.url) - name: PARAM_REVISION value: $(params.revision) - name: PARAM_REFSPEC value: $(params.refspec) - name: PARAM_SUBMODULES value: $(params.submodules) - name: PARAM_DEPTH value: $(params.depth) - name: PARAM_SSL_VERIFY value: $(params.sslVerify) - name: PARAM_CRT_FILENAME value: $(params.crtFileName) - name: PARAM_DELETE_EXISTING value: $(params.deleteExisting) - name: PARAM_HTTP_PROXY value: $(params.httpProxy) - name: PARAM_HTTPS_PROXY value: $(params.httpsProxy) - name: PARAM_NO_PROXY value: $(params.noProxy) - name: PARAM_VERBOSE value: $(params.verbose) - name: PARAM_SPARSE_CHECKOUT_DIRECTORIES value: $(params.sparseCheckoutDirectories) - name: WORKSPACE_BASE_PATH value: $(workspaces.base.path) - name: SSL_CA_DIRECTORY_PATH value: /workspace/base/$(params.context)/home/.cert securityContext: runAsNonRoot: true runAsUser: 65532 script: | #!/usr/bin/env sh set -eu if [ "${PARAM_VERBOSE}" = "true" ] ; then set -x fi if [ -d "${SSL_CA_DIRECTORY_PATH}" ] && [ -f "${SSL_CA_DIRECTORY_PATH}/${PARAM_CRT_FILENAME}" ]; then export GIT_SSL_CAPATH="${SSL_CA_DIRECTORY_PATH}" export GIT_SSL_CAINFO="${SSL_CA_DIRECTORY_PATH}/${PARAM_CRT_FILENAME}" fi CHECKOUT_DIR="${WORKSPACE_BASE_PATH}/${PARAM_CONTEXT}/${PARAM_SOURCE}" cleandir() { # Delete any existing contents of the repo directory if it exists. # # We don't just "rm -rf ${CHECKOUT_DIR}" because ${CHECKOUT_DIR} might be "/" # or the root of a mounted volume. if [ -d "${CHECKOUT_DIR}" ] ; then # Delete non-hidden files and directories rm -rf "${CHECKOUT_DIR:?}"/* # Delete files and directories starting with . but excluding .. rm -rf "${CHECKOUT_DIR}"/.[!.]* # Delete files and directories starting with .. plus any other character rm -rf "${CHECKOUT_DIR}"/..?* fi } if [ "${PARAM_DELETE_EXISTING}" = "true" ] ; then cleandir || true fi test -z "${PARAM_HTTP_PROXY}" || export HTTP_PROXY="${PARAM_HTTP_PROXY}" test -z "${PARAM_HTTPS_PROXY}" || export HTTPS_PROXY="${PARAM_HTTPS_PROXY}" test -z "${PARAM_NO_PROXY}" || export NO_PROXY="${PARAM_NO_PROXY}" git config --global --add safe.directory "${WORKSPACE_BASE_PATH}/${PARAM_CONTEXT}" /ko-app/git-init \ -url="${PARAM_URL}" \ -revision="${PARAM_REVISION}" \ -refspec="${PARAM_REFSPEC}" \ -path="${CHECKOUT_DIR}" \ -sslVerify="${PARAM_SSL_VERIFY}" \ -submodules="${PARAM_SUBMODULES}" \ -depth="${PARAM_DEPTH}" \ -sparseCheckoutDirectories="${PARAM_SPARSE_CHECKOUT_DIRECTORIES}" cd "${CHECKOUT_DIR}" RESULT_SHA="$(git rev-parse HEAD)" EXIT_CODE="$?" if [ "${EXIT_CODE}" != 0 ] ; then exit "${EXIT_CODE}" fi RESULT_COMMITTER_DATE="$(git log -1 --pretty=%ct)" printf "%s" "${RESULT_COMMITTER_DATE}" > "$(results.committer-date.path)" printf "%s" "${RESULT_SHA}" > "$(results.commit.path)" printf "%s" "${PARAM_URL}" > "$(results.url.path)"