--- apiVersion: tekton.dev/v1beta1 kind: Task metadata: name: git labels: app.kubernetes.io/version: "0.4" annotations: tekton.dev/pipelines.minVersion: "0.21.0" tekton.dev/categories: Git tekton.dev/tags: git tekton.dev/displayName: "git" tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le" spec: description: >- This task can be used to perform git operations. Git command that needs to be run can be passed as a script to the task. This task needs authentication to git in order to push after the git operation. workspaces: - name: source description: A workspace that contains the fetched git repository. - name: input optional: true description: | An optional workspace that contains the files that need to be added to git. You can access the workspace from your script using `$(workspaces.input.path)`, for instance: cp $(workspaces.input.path)/file_that_i_want . git add file_that_i_want # etc - name: ssh-directory optional: true description: | A .ssh directory with private key, known_hosts, config, etc. Copied to the user's home before git commands are executed. Used to authenticate with the git remote when performing the clone. Binding a Secret to this Workspace is strongly recommended over other volume types. - name: basic-auth optional: true description: | A Workspace containing a .gitconfig and .git-credentials file. These will be copied to the user's home before any git commands are run. Any other files in this Workspace are ignored. It is strongly recommended to use ssh-directory over basic-auth whenever possible and to bind a Secret to this Workspace over other volume types. params: - name: BASE_IMAGE description: | The base image for the task. type: string # TODO: Deprecate use of root image. default: cgr.dev/chainguard/git:root-2.39@sha256:7759f87050dd8bacabe61354d75ccd7f864d6b6f8ec42697db7159eccd491139 - name: GIT_USER_NAME type: string description: | Git user name for performing git operation. default: "" - name: GIT_USER_EMAIL type: string description: | Git user email for performing git operation. default: "" - name: GIT_SCRIPT description: The git script to run. type: string default: | git help - name: USER_HOME description: | Absolute path to the user's home directory. Set this explicitly if you are running the image as a non-root user or have overridden the gitInitImage param with an image containing custom user configuration. type: string default: "/root" - name: VERBOSE description: Log the commands that are executed during `git-clone`'s operation. type: string default: "true" results: - name: commit description: The precise commit SHA after the git operation. steps: - name: git image: $(params.BASE_IMAGE) workingDir: $(workspaces.source.path) env: - name: HOME value: $(params.USER_HOME) - name: PARAM_VERBOSE value: $(params.VERBOSE) - name: PARAM_USER_HOME value: $(params.USER_HOME) - name: WORKSPACE_SSH_DIRECTORY_BOUND value: $(workspaces.ssh-directory.bound) - name: WORKSPACE_SSH_DIRECTORY_PATH value: $(workspaces.ssh-directory.path) - name: WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND value: $(workspaces.basic-auth.bound) - name: WORKSPACE_BASIC_AUTH_DIRECTORY_PATH value: $(workspaces.basic-auth.path) script: | #!/usr/bin/env sh set -eu if [ "${PARAM_VERBOSE}" = "true" ] ; then set -x fi if [ "${WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND}" = "true" ] ; then cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials" "${PARAM_USER_HOME}/.git-credentials" cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig" "${PARAM_USER_HOME}/.gitconfig" chmod 400 "${PARAM_USER_HOME}/.git-credentials" chmod 400 "${PARAM_USER_HOME}/.gitconfig" fi if [ "${WORKSPACE_SSH_DIRECTORY_BOUND}" = "true" ] ; then cp -R "${WORKSPACE_SSH_DIRECTORY_PATH}" "${PARAM_USER_HOME}"/.ssh chmod 700 "${PARAM_USER_HOME}"/.ssh chmod -R 400 "${PARAM_USER_HOME}"/.ssh/* fi # Setting up the config for the git. git config --global user.email "$(params.GIT_USER_EMAIL)" git config --global user.name "$(params.GIT_USER_NAME)" eval '$(params.GIT_SCRIPT)' RESULT_SHA="$(git rev-parse HEAD | tr -d '\n')" EXIT_CODE="$?" if [ "$EXIT_CODE" != 0 ] then exit $EXIT_CODE fi # Make sure we don't add a trailing newline to the result! printf "%s" "$RESULT_SHA" > "$(results.commit.path)"