loafle/tekton-hub
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
tekton-hub/tasks/git-clone-checkout/task.yaml
BAK BYEONG JUN ab1659d34f init
2025-04-08 18:45:47 +00:00

229 lines
8.5 KiB
YAML
Raw Blame History

apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: git-clone-checkout
labels:
app.kubernetes.io/version: "0.4"
annotations:
tekton.dev/pipelines.minVersion: "0.21.0"
tekton.dev/categories: git
tekton.dev/tags: git
tekton.dev/displayName: "git-clone-checkout"
tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le"
spec:
description: >-
This task can be used to perform git operations.
git command that needs to be run can be passed as a script to
the task.
workspaces:
- name: output
description: The git repo will be cloned onto the volume backing this Workspace.
- name: ssh-directory
optional: true
description: |
A .ssh directory with private key, known_hosts, config, etc. Copied to
the user's home before git commands are executed. Used to authenticate
with the git remote when performing the clone. Binding a Secret to this
Workspace is strongly recommended over other volume types.
- name: basic-auth
optional: true
description: |
A Workspace containing a .gitconfig and .git-credentials file. These
will be copied to the user's home before any git commands are run. Any
other files in this Workspace are ignored. It is strongly recommended
to use ssh-directory over basic-auth whenever possible and to bind a
Secret to this Workspace over other volume types.
- name: ssl-ca-directory
optional: true
description: |
A workspace containing CA certificates, this will be used by Git to
verify the peer with when fetching or pushing over HTTPS.
params:
- name: repo-url
description: Repository URL to clone from.
type: string
- name: revision
description: Revision to checkout. (branch, tag, sha, ref, etc...)
type: string
- name: gitInitImage
description: The image providing the git-init binary that this Task runs.
type: string
default: "alpine/git:latest"
- name: userHome
description: |
Absolute path to the user's home directory.
type: string
default: "/home/git"
steps:
- name: clone-checkout
image: $(params.gitInitImage)
workingDir: $(workspaces.output.path)
script: |
#!/usr/bin/env sh
set -eu
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
runAsUser: 65532
runAsGroup: 65532
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
# apiVersion: tekton.dev/v1
# kind: Task
# metadata:
# name: git-clone-checkout
# labels:
# app.kubernetes.io/version: "0.9"
# annotations:
# tekton.dev/pipelines.minVersion: "0.38.0"
# tekton.dev/categories: Git
# tekton.dev/tags: git
# tekton.dev/displayName: "git clone & checkout"
# tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64"
# spec:
# description: >-
# These Tasks are Git tasks to work with repositories used by other tasks
# in your Pipeline.
# The git-clone-checkout Task will clone a repo from the provided url into the
# output Workspace. By default the repo will be cloned into the root of
# your Workspace. You can clone into a subdirectory by setting this Task's
# subdirectory param. This Task also supports sparse checkouts. To perform
# a sparse checkout, pass a list of comma separated directory patterns to
# this Task's sparseCheckoutDirectories param.
# workspaces:
# - name: output
# description: The git repo will be cloned onto the volume backing this Workspace.
# - name: ssh-directory
# optional: true
# description: |
# A .ssh directory with private key, known_hosts, config, etc. Copied to
# the user's home before git commands are executed. Used to authenticate
# with the git remote when performing the clone. Binding a Secret to this
# Workspace is strongly recommended over other volume types.
# - name: basic-auth
# optional: true
# description: |
# A Workspace containing a .gitconfig and .git-credentials file. These
# will be copied to the user's home before any git commands are run. Any
# other files in this Workspace are ignored. It is strongly recommended
# to use ssh-directory over basic-auth whenever possible and to bind a
# Secret to this Workspace over other volume types.
# - name: ssl-ca-directory
# optional: true
# description: |
# A workspace containing CA certificates, this will be used by Git to
# verify the peer with when fetching or pushing over HTTPS.
# params:
# - name: repo-url
# description: Repository URL to clone from.
# type: string
# - name: revision
# description: Revision to checkout. (branch, tag, sha, ref, etc...)
# type: string
# default: ""
# - name: verbose
# description: Log the commands that are executed during `git-clone-checkout`'s operation.
# type: string
# default: "true"
# - name: gitInitImage
# description: The image providing the git-init binary that this Task runs.
# type: string
# default: "alpine/git:latest"
# - name: userHome
# description: |
# Absolute path to the user's home directory.
# type: string
# default: "/home/git"
# results:
# - name: commit
# description: The precise commit SHA that was fetched by this Task.
# - name: url
# description: The precise URL that was fetched by this Task.
# - name: committer-date
# description: The epoch timestamp of the commit that was fetched by this Task.
# steps:
# - name: clone-checkout
# image: "$(params.gitInitImage)"
# env:
# - name: HOME
# value: "$(params.userHome)"
# - name: PARAM_URL
# value: $(params.repo-url)
# - name: PARAM_REVISION
# value: $(params.revision)
# - name: PARAM_VERBOSE
# value: $(params.verbose)
# - name: PARAM_USER_HOME
# value: $(params.userHome)
# - name: WORKSPACE_OUTPUT_PATH
# value: $(workspaces.output.path)
# - name: WORKSPACE_SSH_DIRECTORY_BOUND
# value: $(workspaces.ssh-directory.bound)
# - name: WORKSPACE_SSH_DIRECTORY_PATH
# value: $(workspaces.ssh-directory.path)
# - name: WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND
# value: $(workspaces.basic-auth.bound)
# - name: WORKSPACE_BASIC_AUTH_DIRECTORY_PATH
# value: $(workspaces.basic-auth.path)
# - name: WORKSPACE_SSL_CA_DIRECTORY_BOUND
# value: $(workspaces.ssl-ca-directory.bound)
# - name: WORKSPACE_SSL_CA_DIRECTORY_PATH
# value: $(workspaces.ssl-ca-directory.path)
# script: |
# #!/usr/bin/env sh
# set -eu
# if [ "${PARAM_VERBOSE}" = "true" ] ; then
# set -x
# fi
# if [ "${WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND}" = "true" ] ; then
# cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials" "${PARAM_USER_HOME}/.git-credentials"
# cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig" "${PARAM_USER_HOME}/.gitconfig"
# chmod 400 "${PARAM_USER_HOME}/.git-credentials"
# chmod 400 "${PARAM_USER_HOME}/.gitconfig"
# fi
# if [ "${WORKSPACE_SSH_DIRECTORY_BOUND}" = "true" ] ; then
# cp -R "${WORKSPACE_SSH_DIRECTORY_PATH}" "${PARAM_USER_HOME}"/.ssh
# chmod 700 "${PARAM_USER_HOME}"/.ssh
# chmod -R 400 "${PARAM_USER_HOME}"/.ssh/*
# fi
# if [ "${WORKSPACE_SSL_CA_DIRECTORY_BOUND}" = "true" ] ; then
# export GIT_SSL_CAPATH="${WORKSPACE_SSL_CA_DIRECTORY_PATH}"
# if [ "${PARAM_CRT_FILENAME}" != "" ] ; then
# export GIT_SSL_CAINFO="${WORKSPACE_SSL_CA_DIRECTORY_PATH}/${PARAM_CRT_FILENAME}"
# fi
# fi
# git config --global --add safe.directory "${WORKSPACE_OUTPUT_PATH}"
# cd "${WORKSPACE_OUTPUT_PATH}"
# git clone "${PARAM_URL}" .
# git checkout "${PARAM_REVISION}"
# RESULT_SHA="$(git rev-parse HEAD)"
# EXIT_CODE="$?"
# if [ "${EXIT_CODE}" != 0 ] ; then
# exit "${EXIT_CODE}"
# fi
# RESULT_COMMITTER_DATE="$(git log -1 --pretty=%ct)"
# printf "%s" "${RESULT_COMMITTER_DATE}" > "$(results.committer-date.path)"
# printf "%s" "${RESULT_SHA}" > "$(results.commit.path)"
# printf "%s" "${PARAM_URL}" > "$(results.url.path)"
Reference in New Issue View Git Blame Copy Permalink