From 33c1953588b3b04499d28e14723a5e3e4f212e55 Mon Sep 17 00:00:00 2001 From: github-actions Date: Thu, 21 Mar 2024 12:19:32 +0000 Subject: [PATCH] task-git: Auto-update tekton tasks resources\n\nURL: https://github.com/openshift-pipelines/task-git\nIgnoredVersions: --- tasks/task-git-cli/0.3.0/README.md | 152 +++++++++++ tasks/task-git-cli/0.3.0/task-git-cli.yaml | 229 ++++++++++++++++ tasks/task-git-clone/0.3.0/README.md | 146 ++++++++++ .../task-git-clone/0.3.0/task-git-clone.yaml | 255 ++++++++++++++++++ 4 files changed, 782 insertions(+) create mode 100644 tasks/task-git-cli/0.3.0/README.md create mode 100644 tasks/task-git-cli/0.3.0/task-git-cli.yaml create mode 100644 tasks/task-git-clone/0.3.0/README.md create mode 100644 tasks/task-git-clone/0.3.0/task-git-clone.yaml diff --git a/tasks/task-git-cli/0.3.0/README.md b/tasks/task-git-cli/0.3.0/README.md new file mode 100644 index 00000000..579ad296 --- /dev/null +++ b/tasks/task-git-cli/0.3.0/README.md @@ -0,0 +1,152 @@ +## `git-cli` Tekton Task + +The `git-cli` Task is used to preform various git operations. + +A quick usage example is: + +```yaml +--- +apiVersion: tekton.dev/v1beta1 +kind: TaskRun +metadata: + name: example-taskrun +spec: + taskRef: + name: git-cli + params: + - name: GIT_SCRIPT + value: | + git init + git remote add origin https://github.com/username/public-repo + git pull origin main + workspaces: + - name: source + emptyDir: {} +``` + +Please consider the [Workspaces](#workspaces), [Parameters](#parameters) and [Results](#results) described below. + +# Workspaces + +A single Workspace is required for this Task, while the optional Workspaces will allow advanced Git configuration and authentication. + +## `source` + +The `source` is a required Workspace, represents the primary location where the Git repository data will be stored & used for the various steps. + +Knowing the Workspace data will be employed on other Tasks, the recommended approach is using a [persistent volume][tektonPVC], for instance a [`PersistentVolumeClaim` (PVC)][k8sPVC]. + +## `input` + +An optional workspace that contains the files that need to be added to git. You can access the workspace from your script using `$(workspaces.input.path)`, for instance: + + cp $(workspaces.input.path)/file_that_i_want . + git add file_that_i_want + # etc + +## Authentication Workspaces + +The recommended approach to authentication is using the [default mechanisms supported by Tekton Pipeline][tektonAuthentication], please consider it as your first option. + +More advanced use-cases may require different methods of interacting with private repositories, the following Workspaces are meant to support advanced Git configuration and authentication. + +### `basic-auth` (HTTP/SSH) + +The `basic-auth` is a optional Workspace to provide Git credentials and configuration. + +The following Workspace files (items) are shared with Git before cloning the repository, the Task copies the files to the Git user home directory, configured by the parameter `USER_HOME`. + +| Workspace File | Required | Description | +| :----------------- | :------: | :------------------------------------- | +| `.git-credentials` | `true` | [Git credentials file][gitCredentials] | +| `.gitconfig` | `true` | [Git configuration file][gitConfig] | + +Typically, this type of data is stored as a Kubernetes Secret. For example: + +```bash +kubectl create secret generic basic-auth-ex \ + --from-file=".git-credentials=${HOME}/.git-credentials" \ + --from-file=".gitconfig=${HOME}/.gitconfig" +``` + +Then, you can [reference the Secret][tektonWorkspaceSecret] as the `basic-auth` Workspace. + +### `ssh-directory` (SSH) + +The `ssh-directory` is a optional Workspace, meant to store the files commonly found on a [`~/.ssh` directory][dotSSHDirectory], when informed, the whole directory will be copied into the Git's home (configured by the parameter `USER_HOME`). + +During the `prepare` step you can see the details about what's being copied, please consider the output log snippet below. For more verbose logging set the peramater `VERBOSE` to `true`. + +``` +---> Phase: Copying '.ssh' from ssh-directory workspace ('/workspaces/ssh-directory')... +'/workspaces/ssh-directory' -> '/home/git/.ssh' +'/workspaces/ssh-directory/config' -> '/home/git/.ssh/config' +mode of '/home/git/.ssh' changed from 0755 (rwxr-xr-x) to 0700 (rwx------) +mode of '/home/git/.ssh/config' changed from 0644 (rw-r--r--) to 0400 (r--------) + +``` + +It's recommended storing this type of data as a Kubernetes Secret, like the following example: + +```bash +kubectl create secret generic ssh-directory-ex \ + --from-file="config=${HOME}/.ssh/config" \ + --from-file="authorized_keys=${HOME}/.ssh/authorized_keys" +``` + +Then, you can [reference the Secret][tektonWorkspaceSecret] as the `ssh-directory` Workspace. + +### `ssl-ca-directory` (mTLS) + +The `ssl-ca-directory` is a optional Workspace to store a additional [Certificate Authority (CA)][tlsCA] bundles, commonly `.pem` or `.crt` files. The exact bundle file name is defined by the parameter `CRT_FILENAME`. + +Before running the Git commands, the [`GIT_SSL_CAINFO` environment variable][gitSSLCAInfo] is exported with the full path to the `CRT_FILENAME` in the `ssl-ca-directory` Workspace. + +You can observe the setting taking place on the beginning of the `git-cli` step: + +``` +phase 'Exporting custom CA certificate "GIT_SSL_CAINFO=/workspaces/ssl-ca-directory/ca-bundle.crt"' +``` + +This is a sensitive information and therefore it's recommended to store as a Kubernetes Secret, please consider the previous examples to create Secrets with the `--from-file` option. + +Finally, you can [reference the Secret][tektonWorkspaceSecret] as the `ssl-ca-directory` Workspace. + +# Parameters + +The following parameters are supported by this Task. + +| Parameter | Type | Default | Description | +| :---------------- | :------: | :-------------- | :------------------------------------------------------------------------------------------------------------------------ | --- | +| `GIT_USER_NAME` | `string` | "" (empty) | Git user name for performing git operation. | +| `GIT_USER_EMAIL` | `string` | "" (empty) | Git user email for performing git operation | +| `GIT_SCRIPT` | `string` | `git help` | The git script to run | +| `SSL_VERIFY` | `string` | `true` | Sets the global [`http.sslVerify`][gitHTTPSSLVerify] value, `false` is not advised unless you trust the remote repository | +| `CRT_FILENAME` | `string` | `ca-bundle.crt` | Certificate Authority (CA) bundle filename on the `ssl-ca-directory` Workspace. | +| `SUBDIRECTORY` | `string` | "" (empty) | Relative path to the `source` Workspace where various operations in `GIT_SCRIPT` will occur. | | +| `DELETE_EXISTING` | `string` | `true` | Clean out the contents of the `source` Workspace before any operations, if data exists. | +| `HTTP_PROXY` | `string` | "" (empty) | HTTP proxy server (non-TLS requests) | +| `HTTPS_PROXY` | `string` | "" (empty) | HTTPS proxy server (TLS requests) | +| `NO_PROXY` | `string` | "" (empty) | Opt out of proxying HTTP/HTTPS requests | +| `VERBOSE` | `string` | `false` | Log the commands executed | +| `USER_HOME` | `string` | `/home/git` | Absolute path to the Git user home directory | + +# Results + +The following results are produced by this Task. + +| Name | Description | +| :------- | :---------------------------- | +| `COMMIT` | The precise commit SHA digest | + +[dotSSHDirectory]: https://man.openbsd.org/sshd#FILES +[gitConfig]: https://git-scm.com/docs/git-config#FILES +[gitCredentials]: https://git-scm.com/docs/git-credential-store#Documentation/git-credential-store.txt-git-credentials +[gitHTTPSSLVerify]: https://git-scm.com/docs/git-config#Documentation/git-config.txt-httpsslVerify +[gitSparseCheckout]: https://git-scm.com/docs/git-sparse-checkout#_description +[gitSSLCAInfo]: https://git-scm.com/docs/git-config#Documentation/git-config.txt-httpsslCAInfo +[k8sPVC]: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ +[tektonAuthentication]: https://tekton.dev/docs/pipelines/auth/ +[tektonPVC]: https://tekton.dev/docs/pipelines/workspaces/#using-persistentvolumeclaims-as-volumesource +[tektonWorkspaceSecret]: https://tekton.dev/docs/pipelines/workspaces/#secret +[tlsCA]: https://en.wikipedia.org/wiki/Certificate_authority diff --git a/tasks/task-git-cli/0.3.0/task-git-cli.yaml b/tasks/task-git-cli/0.3.0/task-git-cli.yaml new file mode 100644 index 00000000..e03dc9d9 --- /dev/null +++ b/tasks/task-git-cli/0.3.0/task-git-cli.yaml @@ -0,0 +1,229 @@ +--- +# Source: task-git/templates/task-git-cli.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: git-cli + labels: + app.kubernetes.io/version: 0.3.0 + annotations: + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/categories: Git + tekton.dev/displayName: git + tekton.dev/pipelines.minVersion: 0.41.0 + tekton.dev/platforms: linux/amd64,linux/s390x,linux/ppc64le,linux/arm64 + tekton.dev/tags: git +spec: + description: >- + This task can be used to perform git operations. + + Git command that needs to be run can be passed as a script to + the task. This task needs authentication to git in order to push + after the git operation. + + + workspaces: + - name: ssh-directory + optional: true + description: | + A `.ssh` directory with private key, `known_hosts`, `config`, etc. + Copied to the Git user's home before cloning the repository, in order to + server as authentication mechanismBinding a Secret to this Workspace is + strongly recommended over other volume types. + - name: basic-auth + optional: true + description: | + A Workspace containing a `.gitconfig` and `.git-credentials` files. + These will be copied to the user's home before Git commands run. All + other files in this Workspace are ignored. It is strongly recommended to + use `ssh-directory` over `basic-auth` whenever possible, and to bind a + Secret to this Workspace over other volume types. + - name: ssl-ca-directory + optional: true + description: | + A Workspace containing CA certificates, this will be used by Git to + verify the peer with when interacting with remote repositories using + HTTPS. + - name: source + description: A workspace that contains the fetched git repository. + - name: input + optional: true + description: | + An optional workspace that contains the files that need to be added to git. You can + access the workspace from your script using `$(workspaces.input.path)`, for instance: + + cp $(workspaces.input.path)/file_that_i_want . + git add file_that_i_want + # etc + + params: + - name: CRT_FILENAME + type: string + default: ca-bundle.crt + description: | + Certificate Authority (CA) bundle filename on the `ssl-ca-directory` + Workspace. + - name: HTTP_PROXY + type: string + default: "" + description: | + HTTP proxy server (non-TLS requests). + - name: HTTPS_PROXY + type: string + default: "" + description: | + HTTPS proxy server (TLS requests). + - name: NO_PROXY + type: string + default: "" + description: | + Opt out of proxying HTTP/HTTPS requests. + - name: SUBDIRECTORY + type: string + default: "" + description: | + Relative path to the default Workspace where the git repository will be present. + - name: USER_HOME + type: string + default: "/home/git" + description: | + Absolute path to the Git user home directory. + - name: DELETE_EXISTING + type: string + default: "true" + description: | + Clean out the contents of the default Workspace before specific git operations occur, if data exists. + - name: VERBOSE + type: string + default: "false" + description: | + Log the commands executed. + - name: SSL_VERIFY + type: string + default: "true" + description: | + Sets the global `http.sslVerify` value, `false` is not advised unless + you trust the remote repository. + - name: GIT_USER_NAME + type: string + description: | + Git user name for performing git operation. + default: "" + - name: GIT_USER_EMAIL + type: string + description: | + Git user email for performing git operation. + default: "" + - name: GIT_SCRIPT + description: The git script to run. + type: string + default: | + git help + + results: + - name: COMMIT + description: | + The precise commit SHA digest cloned. + + volumes: + - name: user-home + emptyDir: {} + - name: scripts-dir + emptyDir: {} + + stepTemplate: + env: + + - name: PARAMS_GIT_USER_EMAIL + value: "$(params.GIT_USER_EMAIL)" + - name: PARAMS_GIT_USER_NAME + value: "$(params.GIT_USER_NAME)" + - name: PARAMS_GIT_SCRIPT + value: "$(params.GIT_SCRIPT)" + - name: WORKSPACES_SOURCE_PATH + value: "$(workspaces.source.path)" + + - name: PARAMS_SSL_VERIFY + value: "$(params.SSL_VERIFY)" + - name: PARAMS_CRT_FILENAME + value: "$(params.CRT_FILENAME)" + - name: PARAMS_SUBDIRECTORY + value: "$(params.SUBDIRECTORY)" + - name: PARAMS_DELETE_EXISTING + value: "$(params.DELETE_EXISTING)" + - name: PARAMS_HTTP_PROXY + value: "$(params.HTTP_PROXY)" + - name: PARAMS_HTTPS_PROXY + value: "$(params.HTTPS_PROXY)" + - name: PARAMS_NO_PROXY + value: "$(params.NO_PROXY)" + - name: PARAMS_VERBOSE + value: "$(params.VERBOSE)" + - name: PARAMS_USER_HOME + value: "$(params.USER_HOME)" + - name: WORKSPACES_SSH_DIRECTORY_BOUND + value: "$(workspaces.ssh-directory.bound)" + - name: WORKSPACES_SSH_DIRECTORY_PATH + value: "$(workspaces.ssh-directory.path)" + - name: WORKSPACES_BASIC_AUTH_BOUND + value: "$(workspaces.basic-auth.bound)" + - name: WORKSPACES_BASIC_AUTH_PATH + value: "$(workspaces.basic-auth.path)" + - name: WORKSPACES_SSL_CA_DIRECTORY_BOUND + value: "$(workspaces.ssl-ca-directory.bound)" + - name: WORKSPACES_SSL_CA_DIRECTORY_PATH + value: "$(workspaces.ssl-ca-directory.path)" + - name: RESULTS_COMMIT_PATH + value: "$(results.commit.path)" + computeResources: + limits: + cpu: 100m + memory: 256Mi + requests: + cpu: 100m + memory: 256Mi + securityContext: + runAsNonRoot: true + runAsUser: 65532 + + steps: + - name: load-scripts + image: registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8@sha256:c4b2183f7c7997bd401d86b33eefb637b3ef2fa90618e875106292cd69a15c14 + workingDir: /scripts + script: | + set -e + printf '%s' "IyEvdXNyL2Jpbi9lbnYgc2gKCmV4cG9ydCBQQVJBTVNfVVJMPSIke1BBUkFNU19VUkw6LX0iCmV4cG9ydCBQQVJBTVNfUkVWSVNJT049IiR7UEFSQU1TX1JFVklTSU9OOi19IgpleHBvcnQgUEFSQU1TX1JFRlNQRUM9IiR7UEFSQU1TX1JFRlNQRUM6LX0iCmV4cG9ydCBQQVJBTVNfU1VCTU9EVUxFUz0iJHtQQVJBTVNfU1VCTU9EVUxFUzotfSIKZXhwb3J0IFBBUkFNU19ERVBUSD0iJHtQQVJBTVNfREVQVEg6LX0iCmV4cG9ydCBQQVJBTVNfU1NMX1ZFUklGWT0iJHtQQVJBTVNfU1NMX1ZFUklGWTotfSIKZXhwb3J0IFBBUkFNU19DUlRfRklMRU5BTUU9IiR7UEFSQU1TX0NSVF9GSUxFTkFNRTotfSIKZXhwb3J0IFBBUkFNU19TVUJESVJFQ1RPUlk9IiR7UEFSQU1TX1NVQkRJUkVDVE9SWTotfSIKZXhwb3J0IFBBUkFNU19TUEFSU0VfQ0hFQ0tPVVRfRElSRUNUT1JJRVM9IiR7UEFSQU1TX1NQQVJTRV9DSEVDS09VVF9ESVJFQ1RPUklFUzotfSIKZXhwb3J0IFBBUkFNU19ERUxFVEVfRVhJU1RJTkc9IiR7UEFSQU1TX0RFTEVURV9FWElTVElORzotfSIKZXhwb3J0IFBBUkFNU19IVFRQX1BST1hZPSIke1BBUkFNU19IVFRQX1BST1hZOi19IgpleHBvcnQgUEFSQU1TX0hUVFBTX1BST1hZPSIke1BBUkFNU19IVFRQU19QUk9YWTotfSIKZXhwb3J0IFBBUkFNU19OT19QUk9YWT0iJHtQQVJBTVNfTk9fUFJPWFk6LX0iCmV4cG9ydCBQQVJBTVNfVkVSQk9TRT0iJHtQQVJBTVNfVkVSQk9TRTotfSIKZXhwb3J0IFBBUkFNU19VU0VSX0hPTUU9IiR7UEFSQU1TX1VTRVJfSE9NRTotfSIKZXhwb3J0IFBBUkFNU19HSVRfVVNFUl9FTUFJTD0iJHtQQVJBTVNfR0lUX1VTRVJfRU1BSUw6LX0iCmV4cG9ydCBQQVJBTVNfR0lUX1VTRVJfTkFNRT0iJHtQQVJBTVNfR0lUX1VTRVJfTkFNRTotfSIKZXhwb3J0IFBBUkFNU19HSVRfU0NSSVBUPSIke1BBUkFNU19HSVRfU0NSSVBUOi19IgoKZXhwb3J0IFdPUktTUEFDRVNfU09VUkNFX1BBVEg9IiR7V09SS1NQQUNFU19TT1VSQ0VfUEFUSDotfSIKZXhwb3J0IFdPUktTUEFDRVNfT1VUUFVUX1BBVEg9IiR7V09SS1NQQUNFU19PVVRQVVRfUEFUSDotfSIKZXhwb3J0IFdPUktTUEFDRVNfU1NIX0RJUkVDVE9SWV9CT1VORD0iJHtXT1JLU1BBQ0VTX1NTSF9ESVJFQ1RPUllfQk9VTkQ6LX0iCmV4cG9ydCBXT1JLU1BBQ0VTX1NTSF9ESVJFQ1RPUllfUEFUSD0iJHtXT1JLU1BBQ0VTX1NTSF9ESVJFQ1RPUllfUEFUSDotfSIKZXhwb3J0IFdPUktTUEFDRVNfQkFTSUNfQVVUSF9CT1VORD0iJHtXT1JLU1BBQ0VTX0JBU0lDX0FVVEhfQk9VTkQ6LX0iCmV4cG9ydCBXT1JLU1BBQ0VTX0JBU0lDX0FVVEhfUEFUSD0iJHtXT1JLU1BBQ0VTX0JBU0lDX0FVVEhfUEFUSDotfSIKZXhwb3J0IFdPUktTUEFDRVNfU1NMX0NBX0RJUkVDVE9SWV9CT1VORD0iJHtXT1JLU1BBQ0VTX1NTTF9DQV9ESVJFQ1RPUllfQk9VTkQ6LX0iCmV4cG9ydCBXT1JLU1BBQ0VTX1NTTF9DQV9ESVJFQ1RPUllfUEFUSD0iJHtXT1JLU1BBQ0VTX1NTTF9DQV9ESVJFQ1RPUllfUEFUSDotfSIKCmV4cG9ydCBSRVNVTFRTX0NPTU1JVFRFUl9EQVRFX1BBVEg9IiR7UkVTVUxUU19DT01NSVRURVJfREFURV9QQVRIOi19IgpleHBvcnQgUkVTVUxUU19DT01NSVRfUEFUSD0iJHtSRVNVTFRTX0NPTU1JVF9QQVRIOi19IgpleHBvcnQgUkVTVUxUU19VUkxfUEFUSD0iJHtSRVNVTFRTX1VSTF9QQVRIOi19IgoKIyBmdWxsIHBhdGggdG8gdGhlIGNoZWNrb3V0IGRpcmVjdG9yeSwgdXNpbmcgdGhlIHNvdXJjZSB3b3Jrc3BhY2UgYW5kIHN1YmRpcmVjdG9yIHBhcmFtZXRlcgpbWyAhIC16ICR7V09SS1NQQUNFU19TT1VSQ0VfUEFUSH0gXV0gJiYgZXhwb3J0IFdPUktTUEFDRVNfUk9PVF9QQVRIPSIke1dPUktTUEFDRVNfU09VUkNFX1BBVEh9IgpbWyAhIC16ICR7V09SS1NQQUNFU19PVVRQVVRfUEFUSH0gXV0gJiYgZXhwb3J0IFdPUktTUEFDRVNfUk9PVF9QQVRIPSIke1dPUktTUEFDRVNfT1VUUFVUX1BBVEh9IgoKY2hlY2tvdXRfZGlyPSIke1dPUktTUEFDRVNfUk9PVF9QQVRIfS8ke1BBUkFNU19TVUJESVJFQ1RPUll9IgoKIwojIEZ1bmN0aW9ucwojCgpmYWlsKCkgewogICAgZWNobyAiRVJST1I6ICR7QH0iIDE+JjIKICAgIGV4aXQgMQp9CgpwaGFzZSgpIHsKICAgIGVjaG8gIi0tLT4gUGhhc2U6ICR7QH0uLi4iCn0KCiMgSW5zcGVjdCB0aGUgZW52aXJvbm1lbnQgdmFyaWFibGVzIHRvIGFzc2VydCB0aGUgbWluaW11bSBjb25maWd1cmF0aW9uIGlzIGluZm9ybWVkLgphc3NlcnRfcmVxdWlyZWRfY29uZmlndXJhdGlvbl9vcl9mYWlsKCkgewogICAgW1sgLXogIiR7UEFSQU1TX1VSTH0iICAmJiAgLXogIiR7UEFSQU1TX0dJVF9TQ1JJUFR9IiBdXSAmJgogICAgICAgIGZhaWwgIlBhcmFtZXRlciBVUkwgb3IgU0NSSVBUIG11c3QgYmUgc2V0ISIKCiAgICBbWyAteiAiJHtXT1JLU1BBQ0VTX1JPT1RfUEFUSH0iIF1dICYmCiAgICAgICAgZmFpbCAiUm9vdCBXb3Jrc3BhY2UgaXMgbm90IHNldCEiCgogICAgW1sgISAtZCAiJHtXT1JLU1BBQ0VTX1JPT1RfUEFUSH0iIF1dICYmCiAgICAgICAgZmFpbCAiUm9vdCBXb3Jrc3BhY2UgZGlyZWN0b3J5IG5vdCBmb3VuZCEiCiAgICByZXR1cm4gMAp9CgojIENvcHkgdGhlIGZpbGUgaW50byB0aGUgZGVzdGluYXRpb24sIGNoZWNraW5nIGlmIHRoZSBzb3VyY2UgZXhpc3RzLgpjb3B5X29yX2ZhaWwoKSB7CiAgICBsb2NhbCBfbW9kZT0iJHsxfSIKICAgIGxvY2FsIF9zcmM9IiR7Mn0iCiAgICBsb2NhbCBfZHN0PSIkezN9IgoKICAgIGlmIFtbICEgLWYgIiR7X3NyY30iICYmICEgLWQgIiR7X3NyY30iIF1dOyB0aGVuCiAgICAgICAgZmFpbCAiU291cmNlIGZpbGUvZGlyZWN0b3J5IGlzIG5vdCBmb3VuZCBhdCAnJHtfc3JjfSciCiAgICBmaQoKICAgIGlmIFtbIC1kICIke19zcmN9IiBdXTsgdGhlbgogICAgICAgIGNwIC1SdiAke19zcmN9ICR7X2RzdH0KICAgICAgICBjaG1vZCAtdiAke19tb2RlfSAke19kc3R9CiAgICBlbHNlCiAgICAgICAgaW5zdGFsbCAtLXZlcmJvc2UgLS1tb2RlPSR7X21vZGV9ICR7X3NyY30gJHtfZHN0fQogICAgZmkKfQoKIyBEZWxldGUgYW55IGV4aXN0aW5nIGNvbnRlbnRzIG9mIHRoZSByZXBvIGRpcmVjdG9yeSBpZiBpdCBleGlzdHMuIFdlIGRvbid0IGp1c3QgInJtIC1yZiA8ZGlyPiIKIyBiZWNhdXNlIG1pZ2h0IGJlICIvIiBvciB0aGUgcm9vdCBvZiBhIG1vdW50ZWQgdm9sdW1lLgpjbGVhbl9kaXIoKSB7CiAgICBsb2NhbCBfZGlyPSIkezF9IgoKICAgIFtbICEgLWQgIiR7X2Rpcn0iIF1dICYmCiAgICAgICAgcmV0dXJuIDAKCiAgICAjIERlbGV0ZSBub24taGlkZGVuIGZpbGVzIGFuZCBkaXJlY3RvcmllcwogICAgcm0gLXJmdiAke19kaXI6P30vKgogICAgIyBEZWxldGUgZmlsZXMgYW5kIGRpcmVjdG9yaWVzIHN0YXJ0aW5nIHdpdGggLiBidXQgZXhjbHVkaW5nIC4uCiAgICBybSAtcmZ2ICR7X2Rpcn0vLlshLl0qCiAgICAjIERlbGV0ZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgc3RhcnRpbmcgd2l0aCAuLiBwbHVzIGFueSBvdGhlciBjaGFyYWN0ZXIKICAgIHJtIC1yZnYgJHtfZGlyfS8uLj8qCn0KCiMKIyBTZXR0aW5ncwojCgojIHdoZW4gdGhlIGtvLWFwcCBkaXJlY3RvcnkgaXMgcHJlc2VudCwgbWFraW5nIHN1cmUgaXQncyBwYXJ0IG9mIHRoZSBQQVRICltbIC1kICIva28tYXBwIiBdXSAmJiBleHBvcnQgUEFUSD0iJHtQQVRIfTova28tYXBwIgoKIyBtYWtpbmcgdGhlIHNoZWxsIHZlcmJvc2Ugd2hlbiB0aGUgcGFyYW10ZXIgaXMgc2V0CltbICIke1BBUkFNU19WRVJCT1NFfSIgPT0gInRydWUiIF1dICYmIHNldCAteAoKcmV0dXJuIDA=" |base64 -d >common.sh + printf '%s' "IyEvdXNyL2Jpbi9lbnYgc2gKc2V0IC1ldQoKc291cmNlICQoQ0RQQVRIPSBjZCAtLSAiJChkaXJuYW1lIC0tICR7MH0pIiAmJiBwd2QpL2NvbW1vbi5zaAoKYXNzZXJ0X3JlcXVpcmVkX2NvbmZpZ3VyYXRpb25fb3JfZmFpbAoKcGhhc2UgIlNldHRpbmcgb3V0cHV0IHdvcmtzcGFjZSBhcyBzYWZlIGRpcmVjdG9yeSAoJyR7V09SS1NQQUNFU19ST09UX1BBVEh9JykiCmdpdCBjb25maWcgLS1nbG9iYWwgLS1hZGQgc2FmZS5kaXJlY3RvcnkgIiR7V09SS1NQQUNFU19ST09UX1BBVEh9IgoKIyBTZXR0aW5nIHVwIHRoZSBjb25maWcgZm9yIHRoZSBnaXQuCgppZiBbIC1uICIke1BBUkFNU19HSVRfVVNFUl9FTUFJTH0iIF0gOyB0aGVuCiAgICBwaGFzZSAiU2V0dGluZyBnbG9iYWwgZW1haWwgZm9yIGdpdCAke1BBUkFNU19HSVRfVVNFUl9FTUFJTH0iCiAgICBnaXQgY29uZmlnIC0tZ2xvYmFsIHVzZXIuZW1haWwgIiR7UEFSQU1TX0dJVF9VU0VSX0VNQUlMfSIKZmkKCmlmIFsgLW4gIiR7UEFSQU1TX0dJVF9VU0VSX05BTUV9IiBdIDsgdGhlbgogICAgcGhhc2UgIlNldHRpbmcgZ2xvYmFsIHVzZXJuYW1lIGZvciBnaXQgJHtQQVJBTVNfR0lUX1VTRVJfTkFNRX0iCiAgICBnaXQgY29uZmlnIC0tZ2xvYmFsIHVzZXIubmFtZSAiJHtQQVJBTVNfR0lUX1VTRVJfTkFNRX0iCmZpCgojCiMgQ0EgKGBzc2wtY2EtZGlyZWN0b3J5YCBXb3Jrc3BhY2UpCiMKCmlmIFtbICIke1dPUktTUEFDRVNfU1NMX0NBX0RJUkVDVE9SWV9CT1VORH0iID09ICJ0cnVlIiAmJiAtbiAiJHtQQVJBTVNfQ1JUX0ZJTEVOQU1FfSIgXV07IHRoZW4KCXBoYXNlICJJbnNwZWN0aW5nICdzc2wtY2EtZGlyZWN0b3J5JyB3b3Jrc3BhY2UgbG9va2luZyBmb3IgJyR7UEFSQU1TX0NSVF9GSUxFTkFNRX0nIGZpbGUiCgljcnQ9IiR7V09SS1NQQUNFU19TU0xfQ0FfRElSRUNUT1JZX1BBVEh9LyR7UEFSQU1TX0NSVF9GSUxFTkFNRX0iCglbWyAhIC1mICIke2NydH0iIF1dICYmCgkJZmFpbCAiQ1JUIGZpbGUgKFBBUkFNU19DUlRfRklMRU5BTUUpIG5vdCBmb3VuZCBhdCAnJHtjcnR9JyIKCglwaGFzZSAiRXhwb3J0aW5nIGN1c3RvbSBDQSBjZXJ0aWZpY2F0ZSAnR0lUX1NTTF9DQUlORk89JHtjcnR9JyIKCWV4cG9ydCBHSVRfU1NMX0NBSU5GTz0ke2NydH0KZmkKCiMKIyBQcm94eSBTZXR0aW5ncwojCgpwaGFzZSAiU2V0dGluZyB1cCBIVFRQX1BST1hZPScke1BBUkFNU19IVFRQX1BST1hZfSciCltbIC1uICIke1BBUkFNU19IVFRQX1BST1hZfSIgXV0gJiYgZXhwb3J0IEhUVFBfUFJPWFk9IiR7UEFSQU1TX0hUVFBfUFJPWFl9IgoKcGhhc2UgIlNldHR0aW5nIHVwIEhUVFBTX1BST1hZPScke1BBUkFNU19IVFRQU19QUk9YWX0nIgpbWyAtbiAiJHtQQVJBTVNfSFRUUFNfUFJPWFl9IiBdXSAmJiBleHBvcnQgSFRUUFNfUFJPWFk9IiR7UEFSQU1TX0hUVFBTX1BST1hZfSIKCnBoYXNlICJTZXR0aW5nIHVwIE5PX1BST1hZPScke1BBUkFNU19OT19QUk9YWX0nIgpbWyAtbiAiJHtQQVJBTVNfTk9fUFJPWFl9IiBdXSAmJiBleHBvcnQgTk9fUFJPWFk9IiR7UEFSQU1TX05PX1BST1hZfSIKCgppZiBbWyAhIC16ICIke1BBUkFNU19VUkx9IiBdXTsKdGhlbgogICAgcGhhc2UgIkNsb25pbmcgJyR7UEFSQU1TX1VSTH0nIGludG8gJyR7Y2hlY2tvdXRfZGlyfSciCiAgICBzZXQgLXgKICAgIGV4ZWMgZ2l0LWluaXQgXAogICAgICAgIC11cmw9IiR7UEFSQU1TX1VSTH0iIFwKICAgICAgICAtcmV2aXNpb249IiR7UEFSQU1TX1JFVklTSU9OfSIgXAogICAgICAgIC1yZWZzcGVjPSIke1BBUkFNU19SRUZTUEVDfSIgXAogICAgICAgIC1wYXRoPSIke2NoZWNrb3V0X2Rpcn0iIFwKICAgICAgICAtc3NsVmVyaWZ5PSIke1BBUkFNU19TU0xfVkVSSUZZfSIgXAogICAgICAgIC1zdWJtb2R1bGVzPSIke1BBUkFNU19TVUJNT0RVTEVTfSIgXAogICAgICAgIC1kZXB0aD0iJHtQQVJBTVNfREVQVEh9IiBcCiAgICAgICAgLXNwYXJzZUNoZWNrb3V0RGlyZWN0b3JpZXM9IiR7UEFSQU1TX1NQQVJTRV9DSEVDS09VVF9ESVJFQ1RPUklFU30iCmVsc2UKICAgIHBoYXNlICJSdW5uaW5nIHRoZSBwcm92aWRlZCBzY3JpcHRzICR7UEFSQU1TX0dJVF9TQ1JJUFR9IGluICR7Y2hlY2tvdXRfZGlyfSIKICAgIGV2YWwgIiR7UEFSQU1TX0dJVF9TQ1JJUFR9IgoKICAgIFJFU1VMVF9TSEE9IiQoZ2l0IHJldi1wYXJzZSBIRUFEIHwgdHIgLWQgJ1xuJykiCiAgICBFWElUX0NPREU9IiQ/IgogICAgaWYgWyAiJEVYSVRfQ09ERSIgIT0gMCBdCiAgICB0aGVuCiAgICAgICAgZXhpdCAkRVhJVF9DT0RFCiAgICBmaQogICAgIyBNYWtlIHN1cmUgd2UgZG9uJ3QgYWRkIGEgdHJhaWxpbmcgbmV3bGluZSB0byB0aGUgcmVzdWx0IQogICAgcHJpbnRmICIlcyIgIiRSRVNVTFRfU0hBIiA+ICIke1JFU1VMVFNfQ09NTUlUX1BBVEh9IgogICAgZWNobyAkUkVTVUxUX1NIQQpmaQoK" |base64 -d >git-run.sh + printf '%s' "IyEvdXNyL2Jpbi9lbnYgc2gKIwojIFNldHMgdXAgdGhlIGJhc2ljIGFuZCBTU0ggYXV0aGVudGljYXRpb24gYmFzZWQgb24gaW5mb3JtZWQgd29ya3NwYWNlcywgYXMgd2VsbCBhcyBjbGVhbmluZyB1cCB0aGUKIyBwcmV2aW91cyBnaXQtY2xvbmUgc3RhbGUgZGF0YS4KIwoKc2V0IC1ldQoKc291cmNlICQoQ0RQQVRIPSBjZCAtLSAiJChkaXJuYW1lIC0tICR7MH0pIiAmJiBwd2QpL2NvbW1vbi5zaAoKYXNzZXJ0X3JlcXVpcmVkX2NvbmZpZ3VyYXRpb25fb3JfZmFpbAoKcGhhc2UgIlByZXBhcmluZyB0aGUgZmlsZXN5c3RlbSBiZWZvcmUgY2xvbmluZyB0aGUgcmVwb3NpdG9yeSIKCmlmIFtbICIke1BBUkFNU19ERUxFVEVfRVhJU1RJTkd9IiA9PSAidHJ1ZSIgXV07IHRoZW4KCXBoYXNlICJEZWxldGluZyBhbGwgY29udGVudHMgb2YgY2hlY2tvdXQtZGlyICcke2NoZWNrb3V0X2Rpcn0nIgoJY2xlYW5fZGlyICR7Y2hlY2tvdXRfZGlyfSB8fCB0cnVlCmZpCgppZiBbWyAiJHtXT1JLU1BBQ0VTX0JBU0lDX0FVVEhfQk9VTkR9IiA9PSAidHJ1ZSIgXV07IHRoZW4KCXBoYXNlICJDb25maWd1cmluZyBHaXQgYXV0aGVudGljYXRpb24gd2l0aCAnYmFzaWMtYXV0aCcgV29ya3NwYWNlIGZpbGVzIgoKCWZvciBmIGluIC5naXQtY3JlZGVudGlhbHMgLmdpdGNvbmZpZzsgZG8KCQlzcmM9IiR7V09SS1NQQUNFU19CQVNJQ19BVVRIX1BBVEh9LyR7Zn0iCgkJcGhhc2UgIkNvcHlpbmcgJyR7c3JjfScgdG8gJyR7UEFSQU1TX1VTRVJfSE9NRX0nIgoJCWNvcHlfb3JfZmFpbCA0MDAgJHtzcmN9ICIke1BBUkFNU19VU0VSX0hPTUV9LyIKCWRvbmUKZmkKCmlmIFtbICIke1dPUktTUEFDRVNfU1NIX0RJUkVDVE9SWV9CT1VORH0iID09ICJ0cnVlIiBdXTsgdGhlbgoJcGhhc2UgIkNvcHlpbmcgJy5zc2gnIGZyb20gc3NoLWRpcmVjdG9yeSB3b3Jrc3BhY2UgKCcke1dPUktTUEFDRVNfU1NIX0RJUkVDVE9SWV9QQVRIfScpIgoKCWRvdF9zc2g9IiR7UEFSQU1TX1VTRVJfSE9NRX0vLnNzaCIKCWNvcHlfb3JfZmFpbCA3MDAgJHtXT1JLU1BBQ0VTX1NTSF9ESVJFQ1RPUllfUEFUSH0gJHtkb3Rfc3NofQoJY2htb2QgLVJ2IDQwMCAke2RvdF9zc2h9LyoKZmkKCgpleGl0IDA=" |base64 -d >prepare.sh + printf '%s' "IyEvdXNyL2Jpbi9lbnYgc2gKIwojIFNjYW4gdGhlIGNsb25lZCByZXBvc2l0b3J5IGluIG9yZGVyIHRvIHJlcG9ydCBkZXRhaWxzIHdyaXR0aW5nIHRoZSByZXN1bHQgZmlsZXMuCiMKCnNldCAtZXUKCnNvdXJjZSAkKENEUEFUSD0gY2QgLS0gIiQoZGlybmFtZSAtLSAkezB9KSIgJiYgcHdkKS9jb21tb24uc2gKCmFzc2VydF9yZXF1aXJlZF9jb25maWd1cmF0aW9uX29yX2ZhaWwKCnBoYXNlICJDb2xsZWN0aW5nIGNsb25lZCByZXBvc2l0b3J5IGluZm9ybWF0aW9uICgnJHtjaGVja291dF9kaXJ9JykiCgpjZCAiJHtjaGVja291dF9kaXJ9IiB8fCBmYWlsICJOb3QgYWJsZSB0byBlbnRlciBjaGVja291dC1kaXIgJyR7Y2hlY2tvdXRfZGlyfSciCgpwaGFzZSAiU2V0dGluZyBvdXRwdXQgd29ya3NwYWNlIGFzIHNhZmUgZGlyZWN0b3J5ICgnJHtXT1JLU1BBQ0VTX1JPT1RfUEFUSH0nKSIKZ2l0IGNvbmZpZyAtLWdsb2JhbCAtLWFkZCBzYWZlLmRpcmVjdG9yeSAiJHtXT1JLU1BBQ0VTX1JPT1RfUEFUSH0iCgpyZXN1bHRfc2hhPSIkKGdpdCByZXYtcGFyc2UgSEVBRCkiCnJlc3VsdF9jb21taXR0ZXJfZGF0ZT0iJChnaXQgbG9nIC0xIC0tcHJldHR5PSVjdCkiCgpwaGFzZSAiUmVwb3J0aW5nIGxhc3QgY29tbWl0IGRhdGUgJyR7cmVzdWx0X2NvbW1pdHRlcl9kYXRlfSciCnByaW50ZiAiJXMiICIke3Jlc3VsdF9jb21taXR0ZXJfZGF0ZX0iID4ke1JFU1VMVFNfQ09NTUlUVEVSX0RBVEVfUEFUSH0KCnBoYXNlICJSZXBvcnRpbmcgcGFyc2VkIHJldmlzaW9uIFNIQSAnJHtyZXN1bHRfc2hhfSciCnByaW50ZiAiJXMiICIke3Jlc3VsdF9zaGF9IiA+JHtSRVNVTFRTX0NPTU1JVF9QQVRIfQoKcGhhc2UgIlJlcG9ydGluZyByZXBvc2l0b3J5IFVSTCAnJHtQQVJBTVNfVVJMfSciCnByaW50ZiAiJXMiICIke1BBUkFNU19VUkx9IiA+JHtSRVNVTFRTX1VSTF9QQVRIfQoKZXhpdCAw" |base64 -d >report.sh + chmod +x *.sh + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: prepare + image: registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8@sha256:c4b2183f7c7997bd401d86b33eefb637b3ef2fa90618e875106292cd69a15c14 + workingDir: $(workspaces.source.path) + command: + - /scripts/prepare.sh + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: user-home + mountPath: "$(params.USER_HOME)" + + - name: git-run + image: registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8@sha256:c4b2183f7c7997bd401d86b33eefb637b3ef2fa90618e875106292cd69a15c14 + workingDir: $(workspaces.source.path) + command: + - /scripts/git-run.sh + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: user-home + mountPath: "$(params.USER_HOME)" diff --git a/tasks/task-git-clone/0.3.0/README.md b/tasks/task-git-clone/0.3.0/README.md new file mode 100644 index 00000000..b1682c51 --- /dev/null +++ b/tasks/task-git-clone/0.3.0/README.md @@ -0,0 +1,146 @@ +## `git-clone` Tekton Task + +The `git-clone` Task will clone and prepare a Git repository on the `output` Workspace. By default the Git repository (`URL`) will be cloned on the root of the Workspace, but you can alter the clone location using the `SUBDIRECTORY` parameter, and [other settings](#parameters). + +A quick usage example is: + +```yaml +--- +apiVersion: tekton.dev/v1beta1 +kind: TaskRun +metadata: + name: example-taskrun +spec: + taskRef: + name: git-clone + params: + - name: URL + value: https://github.com/openshift-pipelines/task-git.git + workspaces: + - name: output + emptyDir: {} +``` + +Please consider the [Workspaces](#workspaces), [Parameters](#parameters) and [Results](#results) described below. + +# Workspaces + +A single Workspace is required for this Task, while the optional Workspaces will allow advanced Git configuration and authentication. + +## `output` + +The `output` is a required Workspace, represents the primary location where the Git repository data will be stored, and later on, this Workspace will be mounted in subsequent Pipeline's Task. + +Knowing the Workspace data will be employed on other Tasks, the recommended approach is using a [persistent volume][tektonPVC], for instance a [`PersistentVolumeClaim` (PVC)][k8sPVC]. + +## Authentication Workspaces + +The recommended approach to authentication is using the [default mechanisms supported by Tekton Pipeline][tektonAuthentication], please consider it as your first option. + +More advanced use-cases may require different methods of interacting with private repositories, the following Workspaces are meant to support advanced Git configuration and authentication. + +### `basic-auth` (HTTP/SSH) + +The `basic-auth` is a optional Workspace to provide Git credentials and configuration. + +The following Workspace files (items) are shared with Git before cloning the repository, the Task copies the files to the Git user home directory, configured by the parameter `USER_HOME`. + +| Workspace File | Required | Description | +| :----------------- | :------: | :------------------------------------- | +| `.git-credentials` | `true` | [Git credentials file][gitCredentials] | +| `.gitconfig` | `true` | [Git configuration file][gitConfig] | + +Typically, this type of data is stored as a Kubernetes Secret. For example: + +```bash +kubectl create secret generic basic-auth-ex \ + --from-file=".git-credentials=${HOME}/.git-credentials" \ + --from-file=".gitconfig=${HOME}/.gitconfig" +``` + +Then, you can [reference the Secret][tektonWorkspaceSecret] as the `basic-auth` Workspace. + +### `ssh-directory` (SSH) + +The `ssh-directory` is a optional Workspace, meant to store the files commonly found on a [`~/.ssh` directory][dotSSHDirectory], when informed, the whole directory will be copied into the Git's home (configured by the parameter `USER_HOME`). + +During the `prepare` step you can see the details about what's being copied, please consider the output log snippet below. For more verbose logging set the peramater `VERBOSE` to `true`. + +``` +---> Phase: Copying '.ssh' from ssh-directory workspace ('/workspaces/ssh-directory')... +'/workspaces/ssh-directory' -> '/home/git/.ssh' +'/workspaces/ssh-directory/config' -> '/home/git/.ssh/config' +mode of '/home/git/.ssh' changed from 0755 (rwxr-xr-x) to 0700 (rwx------) +mode of '/home/git/.ssh/config' changed from 0644 (rw-r--r--) to 0400 (r--------) + +``` + +It's recommended storing this type of data as a Kubernetes Secret, like the following example: + +```bash +kubectl create secret generic ssh-directory-ex \ + --from-file="config=${HOME}/.ssh/config" \ + --from-file="authorized_keys=${HOME}/.ssh/authorized_keys" +``` + +Then, you can [reference the Secret][tektonWorkspaceSecret] as the `ssh-directory` Workspace. + +### `ssl-ca-directory` (mTLS) + +The `ssl-ca-directory` is a optional Workspace to store a additional [Certificate Authority (CA)][tlsCA] bundles, commonly `.pem` or `.crt` files. The exact bundle file name is defined by the parameter `CRT_FILENAME`. + +Before running the Git clone command, the [`GIT_SSL_CAINFO` environment variable][gitSSLCAInfo] is exported with the full path to the `CRT_FILENAME` in the `ssl-ca-directory` Workspace. + +You can observe the setting taking place on the beggining of the `git-clone` step: + +``` +phase 'Exporting custom CA certificate "GIT_SSL_CAINFO=/workspaces/ssl-ca-directory/ca-bundle.crt"' +``` + +This is a sensitive information and therefore it's recommended to store as a Kubernetes Secret, please consider the previous examples to create Secrets with the `--from-file` option. + +Finally, you can [reference the Secret][tektonWorkspaceSecret] as the `ssl-ca-directory` Workspace. + +# Parameters + +The following parameters are supported by this Task. + +| Parameter | Type | Default | Description | +| :---------------------------- | :------: | :-------------- | :------------------------------------------------------------------------------------------------------------------------ | +| `URL` | `string` | (required) | Git repository URL | +| `REVISION` | `string` | `main` | Revision to checkout, an branch, tag, sha, ref, etc... | +| `SUBMODULES` | `string` | `true` | Initialize and fetch Git submodules | +| `DEPTH` | `string` | `1` | [Number of commits to fetch][gitCloneDepath], a "shallow clone" is a single commit | +| `SSL_VERIFY` | `string` | `true` | Sets the global [`http.sslVerify`][gitHTTPSSLVerify] value, `false` is not advised unless you trust the remote repository | +| `CRT_FILENAME` | `string` | `ca-bundle.crt` | Certificate Authority (CA) bundle filename on the `ssl-ca-directory` Workspace. | +| `SUBDIRECTORY` | `string` | "" (empty) | Relative path to the `output` Workspace where the repository will be cloned | +| `SPARSE_CHECKOUT_DIRECTORIES` | `string` | "" (empty) | List of directory patterns split by comma to perform ["sparse checkout"][gitSparseCheckout] | +| `DELETE_EXISTING` | `string` | `true` | Clean out the contents of the `output` Workspace before cloning the repository, if data exists. | +| `HTTP_PROXY` | `string` | "" (empty) | HTTP proxy server (non-TLS requests) | +| `HTTPS_PROXY` | `string` | "" (empty) | HTTPS proxy server (TLS requests) | +| `NO_PROXY` | `string` | "" (empty) | Opt out of proxying HTTP/HTTPS requests | +| `VERBOSE` | `string` | `false` | Log the commands executed | +| `USER_HOME` | `string` | `/home/git` | Absolute path to the Git user home directory | + +# Results + +The following results are produced by this Task. + +| Name | Description | +| :--------------- | :--------------------------------------- | +| `COMMIT` | The precise commit SHA digest cloned | +| `URL` | The precise repository URL | +| `COMMITTER_DATE` | The epoch timestamp of the commit cloned | + +[dotSSHDirectory]: https://man.openbsd.org/sshd#FILES +[gitCloneDepath]: https://git-scm.com/docs/git-clone#Documentation/git-clone.txt---depthltdepthgt +[gitConfig]: https://git-scm.com/docs/git-config#FILES +[gitCredentials]: https://git-scm.com/docs/git-credential-store#Documentation/git-credential-store.txt-git-credentials +[gitHTTPSSLVerify]: https://git-scm.com/docs/git-config#Documentation/git-config.txt-httpsslVerify +[gitSparseCheckout]: https://git-scm.com/docs/git-sparse-checkout#_description +[gitSSLCAInfo]: https://git-scm.com/docs/git-config#Documentation/git-config.txt-httpsslCAInfo +[k8sPVC]: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ +[tektonAuthentication]: https://tekton.dev/docs/pipelines/auth/ +[tektonPVC]: https://tekton.dev/docs/pipelines/workspaces/#using-persistentvolumeclaims-as-volumesource +[tektonWorkspaceSecret]: https://tekton.dev/docs/pipelines/workspaces/#secret +[tlsCA]: https://en.wikipedia.org/wiki/Certificate_authority diff --git a/tasks/task-git-clone/0.3.0/task-git-clone.yaml b/tasks/task-git-clone/0.3.0/task-git-clone.yaml new file mode 100644 index 00000000..6b537b41 --- /dev/null +++ b/tasks/task-git-clone/0.3.0/task-git-clone.yaml @@ -0,0 +1,255 @@ +--- +# Source: task-git/templates/task-git-clone.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: git-clone + labels: + app.kubernetes.io/version: 0.3.0 + annotations: + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/categories: Git + tekton.dev/displayName: git + tekton.dev/pipelines.minVersion: 0.41.0 + tekton.dev/platforms: linux/amd64,linux/s390x,linux/ppc64le,linux/arm64 + tekton.dev/tags: git +spec: + description: | + This Task represents Git and is able to initialize and clone a remote repository on the informed Workspace. It's likely to become the first `step` on a Pipeline. + + + workspaces: + - name: ssh-directory + optional: true + description: | + A `.ssh` directory with private key, `known_hosts`, `config`, etc. + Copied to the Git user's home before cloning the repository, in order to + server as authentication mechanismBinding a Secret to this Workspace is + strongly recommended over other volume types. + - name: basic-auth + optional: true + description: | + A Workspace containing a `.gitconfig` and `.git-credentials` files. + These will be copied to the user's home before Git commands run. All + other files in this Workspace are ignored. It is strongly recommended to + use `ssh-directory` over `basic-auth` whenever possible, and to bind a + Secret to this Workspace over other volume types. + - name: ssl-ca-directory + optional: true + description: | + A Workspace containing CA certificates, this will be used by Git to + verify the peer with when interacting with remote repositories using + HTTPS. + - name: output + description: | + A workspace that contains the fetched git repository, data will be placed on the root of the + Workspace, or on the relative path defined by the SUBDIRECTORY + parameter. + + params: + - name: CRT_FILENAME + type: string + default: ca-bundle.crt + description: | + Certificate Authority (CA) bundle filename on the `ssl-ca-directory` + Workspace. + - name: HTTP_PROXY + type: string + default: "" + description: | + HTTP proxy server (non-TLS requests). + - name: HTTPS_PROXY + type: string + default: "" + description: | + HTTPS proxy server (TLS requests). + - name: NO_PROXY + type: string + default: "" + description: | + Opt out of proxying HTTP/HTTPS requests. + - name: SUBDIRECTORY + type: string + default: "" + description: | + Relative path to the default Workspace where the git repository will be present. + - name: USER_HOME + type: string + default: "/home/git" + description: | + Absolute path to the Git user home directory. + - name: DELETE_EXISTING + type: string + default: "true" + description: | + Clean out the contents of the default Workspace before specific git operations occur, if data exists. + - name: VERBOSE + type: string + default: "false" + description: | + Log the commands executed. + - name: SSL_VERIFY + type: string + default: "true" + description: | + Sets the global `http.sslVerify` value, `false` is not advised unless + you trust the remote repository. + - name: URL + type: string + description: | + Git repository URL. + - name: REVISION + type: string + default: main + description: | + Revision to checkout, an branch, tag, sha, ref, etc... + - name: REFSPEC + default: "" + description: | + Repository `refspec` to fetch before checking out the revision. + - name: SUBMODULES + type: string + default: "true" + description: | + Initialize and fetch Git submodules. + - name: DEPTH + type: string + default: "1" + description: | + Number of commits to fetch, a "shallow clone" is a single commit. + - name: SPARSE_CHECKOUT_DIRECTORIES + type: string + default: "" + description: | + List of directory patterns split by comma to perform "sparse checkout". + + results: + - name: COMMIT + description: | + The precise commit SHA digest cloned. + - name: URL + description: | + The precise repository URL. + - name: COMMITTER_DATE + description: | + The epoch timestamp of the commit cloned. + + volumes: + - name: user-home + emptyDir: {} + - name: scripts-dir + emptyDir: {} + + stepTemplate: + env: + + - name: PARAMS_URL + value: "$(params.URL)" + - name: PARAMS_REVISION + value: "$(params.REVISION)" + - name: PARAMS_REFSPEC + value: "$(params.REFSPEC)" + - name: PARAMS_SUBMODULES + value: "$(params.SUBMODULES)" + - name: PARAMS_DEPTH + value: "$(params.DEPTH)" + - name: PARAMS_SPARSE_CHECKOUT_DIRECTORIES + value: "$(params.SPARSE_CHECKOUT_DIRECTORIES)" + - name: RESULTS_COMMITTER_DATE_PATH + value: "$(results.COMMITTER_DATE.path)" + - name: RESULTS_URL_PATH + value: "$(results.URL.path)" + - name: WORKSPACES_OUTPUT_PATH + value: "$(workspaces.output.path)" + + - name: PARAMS_SSL_VERIFY + value: "$(params.SSL_VERIFY)" + - name: PARAMS_CRT_FILENAME + value: "$(params.CRT_FILENAME)" + - name: PARAMS_SUBDIRECTORY + value: "$(params.SUBDIRECTORY)" + - name: PARAMS_DELETE_EXISTING + value: "$(params.DELETE_EXISTING)" + - name: PARAMS_HTTP_PROXY + value: "$(params.HTTP_PROXY)" + - name: PARAMS_HTTPS_PROXY + value: "$(params.HTTPS_PROXY)" + - name: PARAMS_NO_PROXY + value: "$(params.NO_PROXY)" + - name: PARAMS_VERBOSE + value: "$(params.VERBOSE)" + - name: PARAMS_USER_HOME + value: "$(params.USER_HOME)" + - name: WORKSPACES_SSH_DIRECTORY_BOUND + value: "$(workspaces.ssh-directory.bound)" + - name: WORKSPACES_SSH_DIRECTORY_PATH + value: "$(workspaces.ssh-directory.path)" + - name: WORKSPACES_BASIC_AUTH_BOUND + value: "$(workspaces.basic-auth.bound)" + - name: WORKSPACES_BASIC_AUTH_PATH + value: "$(workspaces.basic-auth.path)" + - name: WORKSPACES_SSL_CA_DIRECTORY_BOUND + value: "$(workspaces.ssl-ca-directory.bound)" + - name: WORKSPACES_SSL_CA_DIRECTORY_PATH + value: "$(workspaces.ssl-ca-directory.path)" + - name: RESULTS_COMMIT_PATH + value: "$(results.commit.path)" + computeResources: + limits: + cpu: 100m + memory: 256Mi + requests: + cpu: 100m + memory: 256Mi + securityContext: + runAsNonRoot: true + runAsUser: 65532 + + steps: + - name: load-scripts + image: registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8@sha256:c4b2183f7c7997bd401d86b33eefb637b3ef2fa90618e875106292cd69a15c14 + workingDir: /scripts + script: | + set -e + printf '%s' "IyEvdXNyL2Jpbi9lbnYgc2gKCmV4cG9ydCBQQVJBTVNfVVJMPSIke1BBUkFNU19VUkw6LX0iCmV4cG9ydCBQQVJBTVNfUkVWSVNJT049IiR7UEFSQU1TX1JFVklTSU9OOi19IgpleHBvcnQgUEFSQU1TX1JFRlNQRUM9IiR7UEFSQU1TX1JFRlNQRUM6LX0iCmV4cG9ydCBQQVJBTVNfU1VCTU9EVUxFUz0iJHtQQVJBTVNfU1VCTU9EVUxFUzotfSIKZXhwb3J0IFBBUkFNU19ERVBUSD0iJHtQQVJBTVNfREVQVEg6LX0iCmV4cG9ydCBQQVJBTVNfU1NMX1ZFUklGWT0iJHtQQVJBTVNfU1NMX1ZFUklGWTotfSIKZXhwb3J0IFBBUkFNU19DUlRfRklMRU5BTUU9IiR7UEFSQU1TX0NSVF9GSUxFTkFNRTotfSIKZXhwb3J0IFBBUkFNU19TVUJESVJFQ1RPUlk9IiR7UEFSQU1TX1NVQkRJUkVDVE9SWTotfSIKZXhwb3J0IFBBUkFNU19TUEFSU0VfQ0hFQ0tPVVRfRElSRUNUT1JJRVM9IiR7UEFSQU1TX1NQQVJTRV9DSEVDS09VVF9ESVJFQ1RPUklFUzotfSIKZXhwb3J0IFBBUkFNU19ERUxFVEVfRVhJU1RJTkc9IiR7UEFSQU1TX0RFTEVURV9FWElTVElORzotfSIKZXhwb3J0IFBBUkFNU19IVFRQX1BST1hZPSIke1BBUkFNU19IVFRQX1BST1hZOi19IgpleHBvcnQgUEFSQU1TX0hUVFBTX1BST1hZPSIke1BBUkFNU19IVFRQU19QUk9YWTotfSIKZXhwb3J0IFBBUkFNU19OT19QUk9YWT0iJHtQQVJBTVNfTk9fUFJPWFk6LX0iCmV4cG9ydCBQQVJBTVNfVkVSQk9TRT0iJHtQQVJBTVNfVkVSQk9TRTotfSIKZXhwb3J0IFBBUkFNU19VU0VSX0hPTUU9IiR7UEFSQU1TX1VTRVJfSE9NRTotfSIKZXhwb3J0IFBBUkFNU19HSVRfVVNFUl9FTUFJTD0iJHtQQVJBTVNfR0lUX1VTRVJfRU1BSUw6LX0iCmV4cG9ydCBQQVJBTVNfR0lUX1VTRVJfTkFNRT0iJHtQQVJBTVNfR0lUX1VTRVJfTkFNRTotfSIKZXhwb3J0IFBBUkFNU19HSVRfU0NSSVBUPSIke1BBUkFNU19HSVRfU0NSSVBUOi19IgoKZXhwb3J0IFdPUktTUEFDRVNfU09VUkNFX1BBVEg9IiR7V09SS1NQQUNFU19TT1VSQ0VfUEFUSDotfSIKZXhwb3J0IFdPUktTUEFDRVNfT1VUUFVUX1BBVEg9IiR7V09SS1NQQUNFU19PVVRQVVRfUEFUSDotfSIKZXhwb3J0IFdPUktTUEFDRVNfU1NIX0RJUkVDVE9SWV9CT1VORD0iJHtXT1JLU1BBQ0VTX1NTSF9ESVJFQ1RPUllfQk9VTkQ6LX0iCmV4cG9ydCBXT1JLU1BBQ0VTX1NTSF9ESVJFQ1RPUllfUEFUSD0iJHtXT1JLU1BBQ0VTX1NTSF9ESVJFQ1RPUllfUEFUSDotfSIKZXhwb3J0IFdPUktTUEFDRVNfQkFTSUNfQVVUSF9CT1VORD0iJHtXT1JLU1BBQ0VTX0JBU0lDX0FVVEhfQk9VTkQ6LX0iCmV4cG9ydCBXT1JLU1BBQ0VTX0JBU0lDX0FVVEhfUEFUSD0iJHtXT1JLU1BBQ0VTX0JBU0lDX0FVVEhfUEFUSDotfSIKZXhwb3J0IFdPUktTUEFDRVNfU1NMX0NBX0RJUkVDVE9SWV9CT1VORD0iJHtXT1JLU1BBQ0VTX1NTTF9DQV9ESVJFQ1RPUllfQk9VTkQ6LX0iCmV4cG9ydCBXT1JLU1BBQ0VTX1NTTF9DQV9ESVJFQ1RPUllfUEFUSD0iJHtXT1JLU1BBQ0VTX1NTTF9DQV9ESVJFQ1RPUllfUEFUSDotfSIKCmV4cG9ydCBSRVNVTFRTX0NPTU1JVFRFUl9EQVRFX1BBVEg9IiR7UkVTVUxUU19DT01NSVRURVJfREFURV9QQVRIOi19IgpleHBvcnQgUkVTVUxUU19DT01NSVRfUEFUSD0iJHtSRVNVTFRTX0NPTU1JVF9QQVRIOi19IgpleHBvcnQgUkVTVUxUU19VUkxfUEFUSD0iJHtSRVNVTFRTX1VSTF9QQVRIOi19IgoKIyBmdWxsIHBhdGggdG8gdGhlIGNoZWNrb3V0IGRpcmVjdG9yeSwgdXNpbmcgdGhlIHNvdXJjZSB3b3Jrc3BhY2UgYW5kIHN1YmRpcmVjdG9yIHBhcmFtZXRlcgpbWyAhIC16ICR7V09SS1NQQUNFU19TT1VSQ0VfUEFUSH0gXV0gJiYgZXhwb3J0IFdPUktTUEFDRVNfUk9PVF9QQVRIPSIke1dPUktTUEFDRVNfU09VUkNFX1BBVEh9IgpbWyAhIC16ICR7V09SS1NQQUNFU19PVVRQVVRfUEFUSH0gXV0gJiYgZXhwb3J0IFdPUktTUEFDRVNfUk9PVF9QQVRIPSIke1dPUktTUEFDRVNfT1VUUFVUX1BBVEh9IgoKY2hlY2tvdXRfZGlyPSIke1dPUktTUEFDRVNfUk9PVF9QQVRIfS8ke1BBUkFNU19TVUJESVJFQ1RPUll9IgoKIwojIEZ1bmN0aW9ucwojCgpmYWlsKCkgewogICAgZWNobyAiRVJST1I6ICR7QH0iIDE+JjIKICAgIGV4aXQgMQp9CgpwaGFzZSgpIHsKICAgIGVjaG8gIi0tLT4gUGhhc2U6ICR7QH0uLi4iCn0KCiMgSW5zcGVjdCB0aGUgZW52aXJvbm1lbnQgdmFyaWFibGVzIHRvIGFzc2VydCB0aGUgbWluaW11bSBjb25maWd1cmF0aW9uIGlzIGluZm9ybWVkLgphc3NlcnRfcmVxdWlyZWRfY29uZmlndXJhdGlvbl9vcl9mYWlsKCkgewogICAgW1sgLXogIiR7UEFSQU1TX1VSTH0iICAmJiAgLXogIiR7UEFSQU1TX0dJVF9TQ1JJUFR9IiBdXSAmJgogICAgICAgIGZhaWwgIlBhcmFtZXRlciBVUkwgb3IgU0NSSVBUIG11c3QgYmUgc2V0ISIKCiAgICBbWyAteiAiJHtXT1JLU1BBQ0VTX1JPT1RfUEFUSH0iIF1dICYmCiAgICAgICAgZmFpbCAiUm9vdCBXb3Jrc3BhY2UgaXMgbm90IHNldCEiCgogICAgW1sgISAtZCAiJHtXT1JLU1BBQ0VTX1JPT1RfUEFUSH0iIF1dICYmCiAgICAgICAgZmFpbCAiUm9vdCBXb3Jrc3BhY2UgZGlyZWN0b3J5IG5vdCBmb3VuZCEiCiAgICByZXR1cm4gMAp9CgojIENvcHkgdGhlIGZpbGUgaW50byB0aGUgZGVzdGluYXRpb24sIGNoZWNraW5nIGlmIHRoZSBzb3VyY2UgZXhpc3RzLgpjb3B5X29yX2ZhaWwoKSB7CiAgICBsb2NhbCBfbW9kZT0iJHsxfSIKICAgIGxvY2FsIF9zcmM9IiR7Mn0iCiAgICBsb2NhbCBfZHN0PSIkezN9IgoKICAgIGlmIFtbICEgLWYgIiR7X3NyY30iICYmICEgLWQgIiR7X3NyY30iIF1dOyB0aGVuCiAgICAgICAgZmFpbCAiU291cmNlIGZpbGUvZGlyZWN0b3J5IGlzIG5vdCBmb3VuZCBhdCAnJHtfc3JjfSciCiAgICBmaQoKICAgIGlmIFtbIC1kICIke19zcmN9IiBdXTsgdGhlbgogICAgICAgIGNwIC1SdiAke19zcmN9ICR7X2RzdH0KICAgICAgICBjaG1vZCAtdiAke19tb2RlfSAke19kc3R9CiAgICBlbHNlCiAgICAgICAgaW5zdGFsbCAtLXZlcmJvc2UgLS1tb2RlPSR7X21vZGV9ICR7X3NyY30gJHtfZHN0fQogICAgZmkKfQoKIyBEZWxldGUgYW55IGV4aXN0aW5nIGNvbnRlbnRzIG9mIHRoZSByZXBvIGRpcmVjdG9yeSBpZiBpdCBleGlzdHMuIFdlIGRvbid0IGp1c3QgInJtIC1yZiA8ZGlyPiIKIyBiZWNhdXNlIG1pZ2h0IGJlICIvIiBvciB0aGUgcm9vdCBvZiBhIG1vdW50ZWQgdm9sdW1lLgpjbGVhbl9kaXIoKSB7CiAgICBsb2NhbCBfZGlyPSIkezF9IgoKICAgIFtbICEgLWQgIiR7X2Rpcn0iIF1dICYmCiAgICAgICAgcmV0dXJuIDAKCiAgICAjIERlbGV0ZSBub24taGlkZGVuIGZpbGVzIGFuZCBkaXJlY3RvcmllcwogICAgcm0gLXJmdiAke19kaXI6P30vKgogICAgIyBEZWxldGUgZmlsZXMgYW5kIGRpcmVjdG9yaWVzIHN0YXJ0aW5nIHdpdGggLiBidXQgZXhjbHVkaW5nIC4uCiAgICBybSAtcmZ2ICR7X2Rpcn0vLlshLl0qCiAgICAjIERlbGV0ZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgc3RhcnRpbmcgd2l0aCAuLiBwbHVzIGFueSBvdGhlciBjaGFyYWN0ZXIKICAgIHJtIC1yZnYgJHtfZGlyfS8uLj8qCn0KCiMKIyBTZXR0aW5ncwojCgojIHdoZW4gdGhlIGtvLWFwcCBkaXJlY3RvcnkgaXMgcHJlc2VudCwgbWFraW5nIHN1cmUgaXQncyBwYXJ0IG9mIHRoZSBQQVRICltbIC1kICIva28tYXBwIiBdXSAmJiBleHBvcnQgUEFUSD0iJHtQQVRIfTova28tYXBwIgoKIyBtYWtpbmcgdGhlIHNoZWxsIHZlcmJvc2Ugd2hlbiB0aGUgcGFyYW10ZXIgaXMgc2V0CltbICIke1BBUkFNU19WRVJCT1NFfSIgPT0gInRydWUiIF1dICYmIHNldCAteAoKcmV0dXJuIDA=" |base64 -d >common.sh + printf '%s' "IyEvdXNyL2Jpbi9lbnYgc2gKc2V0IC1ldQoKc291cmNlICQoQ0RQQVRIPSBjZCAtLSAiJChkaXJuYW1lIC0tICR7MH0pIiAmJiBwd2QpL2NvbW1vbi5zaAoKYXNzZXJ0X3JlcXVpcmVkX2NvbmZpZ3VyYXRpb25fb3JfZmFpbAoKcGhhc2UgIlNldHRpbmcgb3V0cHV0IHdvcmtzcGFjZSBhcyBzYWZlIGRpcmVjdG9yeSAoJyR7V09SS1NQQUNFU19ST09UX1BBVEh9JykiCmdpdCBjb25maWcgLS1nbG9iYWwgLS1hZGQgc2FmZS5kaXJlY3RvcnkgIiR7V09SS1NQQUNFU19ST09UX1BBVEh9IgoKIyBTZXR0aW5nIHVwIHRoZSBjb25maWcgZm9yIHRoZSBnaXQuCgppZiBbIC1uICIke1BBUkFNU19HSVRfVVNFUl9FTUFJTH0iIF0gOyB0aGVuCiAgICBwaGFzZSAiU2V0dGluZyBnbG9iYWwgZW1haWwgZm9yIGdpdCAke1BBUkFNU19HSVRfVVNFUl9FTUFJTH0iCiAgICBnaXQgY29uZmlnIC0tZ2xvYmFsIHVzZXIuZW1haWwgIiR7UEFSQU1TX0dJVF9VU0VSX0VNQUlMfSIKZmkKCmlmIFsgLW4gIiR7UEFSQU1TX0dJVF9VU0VSX05BTUV9IiBdIDsgdGhlbgogICAgcGhhc2UgIlNldHRpbmcgZ2xvYmFsIHVzZXJuYW1lIGZvciBnaXQgJHtQQVJBTVNfR0lUX1VTRVJfTkFNRX0iCiAgICBnaXQgY29uZmlnIC0tZ2xvYmFsIHVzZXIubmFtZSAiJHtQQVJBTVNfR0lUX1VTRVJfTkFNRX0iCmZpCgojCiMgQ0EgKGBzc2wtY2EtZGlyZWN0b3J5YCBXb3Jrc3BhY2UpCiMKCmlmIFtbICIke1dPUktTUEFDRVNfU1NMX0NBX0RJUkVDVE9SWV9CT1VORH0iID09ICJ0cnVlIiAmJiAtbiAiJHtQQVJBTVNfQ1JUX0ZJTEVOQU1FfSIgXV07IHRoZW4KCXBoYXNlICJJbnNwZWN0aW5nICdzc2wtY2EtZGlyZWN0b3J5JyB3b3Jrc3BhY2UgbG9va2luZyBmb3IgJyR7UEFSQU1TX0NSVF9GSUxFTkFNRX0nIGZpbGUiCgljcnQ9IiR7V09SS1NQQUNFU19TU0xfQ0FfRElSRUNUT1JZX1BBVEh9LyR7UEFSQU1TX0NSVF9GSUxFTkFNRX0iCglbWyAhIC1mICIke2NydH0iIF1dICYmCgkJZmFpbCAiQ1JUIGZpbGUgKFBBUkFNU19DUlRfRklMRU5BTUUpIG5vdCBmb3VuZCBhdCAnJHtjcnR9JyIKCglwaGFzZSAiRXhwb3J0aW5nIGN1c3RvbSBDQSBjZXJ0aWZpY2F0ZSAnR0lUX1NTTF9DQUlORk89JHtjcnR9JyIKCWV4cG9ydCBHSVRfU1NMX0NBSU5GTz0ke2NydH0KZmkKCiMKIyBQcm94eSBTZXR0aW5ncwojCgpwaGFzZSAiU2V0dGluZyB1cCBIVFRQX1BST1hZPScke1BBUkFNU19IVFRQX1BST1hZfSciCltbIC1uICIke1BBUkFNU19IVFRQX1BST1hZfSIgXV0gJiYgZXhwb3J0IEhUVFBfUFJPWFk9IiR7UEFSQU1TX0hUVFBfUFJPWFl9IgoKcGhhc2UgIlNldHR0aW5nIHVwIEhUVFBTX1BST1hZPScke1BBUkFNU19IVFRQU19QUk9YWX0nIgpbWyAtbiAiJHtQQVJBTVNfSFRUUFNfUFJPWFl9IiBdXSAmJiBleHBvcnQgSFRUUFNfUFJPWFk9IiR7UEFSQU1TX0hUVFBTX1BST1hZfSIKCnBoYXNlICJTZXR0aW5nIHVwIE5PX1BST1hZPScke1BBUkFNU19OT19QUk9YWX0nIgpbWyAtbiAiJHtQQVJBTVNfTk9fUFJPWFl9IiBdXSAmJiBleHBvcnQgTk9fUFJPWFk9IiR7UEFSQU1TX05PX1BST1hZfSIKCgppZiBbWyAhIC16ICIke1BBUkFNU19VUkx9IiBdXTsKdGhlbgogICAgcGhhc2UgIkNsb25pbmcgJyR7UEFSQU1TX1VSTH0nIGludG8gJyR7Y2hlY2tvdXRfZGlyfSciCiAgICBzZXQgLXgKICAgIGV4ZWMgZ2l0LWluaXQgXAogICAgICAgIC11cmw9IiR7UEFSQU1TX1VSTH0iIFwKICAgICAgICAtcmV2aXNpb249IiR7UEFSQU1TX1JFVklTSU9OfSIgXAogICAgICAgIC1yZWZzcGVjPSIke1BBUkFNU19SRUZTUEVDfSIgXAogICAgICAgIC1wYXRoPSIke2NoZWNrb3V0X2Rpcn0iIFwKICAgICAgICAtc3NsVmVyaWZ5PSIke1BBUkFNU19TU0xfVkVSSUZZfSIgXAogICAgICAgIC1zdWJtb2R1bGVzPSIke1BBUkFNU19TVUJNT0RVTEVTfSIgXAogICAgICAgIC1kZXB0aD0iJHtQQVJBTVNfREVQVEh9IiBcCiAgICAgICAgLXNwYXJzZUNoZWNrb3V0RGlyZWN0b3JpZXM9IiR7UEFSQU1TX1NQQVJTRV9DSEVDS09VVF9ESVJFQ1RPUklFU30iCmVsc2UKICAgIHBoYXNlICJSdW5uaW5nIHRoZSBwcm92aWRlZCBzY3JpcHRzICR7UEFSQU1TX0dJVF9TQ1JJUFR9IGluICR7Y2hlY2tvdXRfZGlyfSIKICAgIGV2YWwgIiR7UEFSQU1TX0dJVF9TQ1JJUFR9IgoKICAgIFJFU1VMVF9TSEE9IiQoZ2l0IHJldi1wYXJzZSBIRUFEIHwgdHIgLWQgJ1xuJykiCiAgICBFWElUX0NPREU9IiQ/IgogICAgaWYgWyAiJEVYSVRfQ09ERSIgIT0gMCBdCiAgICB0aGVuCiAgICAgICAgZXhpdCAkRVhJVF9DT0RFCiAgICBmaQogICAgIyBNYWtlIHN1cmUgd2UgZG9uJ3QgYWRkIGEgdHJhaWxpbmcgbmV3bGluZSB0byB0aGUgcmVzdWx0IQogICAgcHJpbnRmICIlcyIgIiRSRVNVTFRfU0hBIiA+ICIke1JFU1VMVFNfQ09NTUlUX1BBVEh9IgogICAgZWNobyAkUkVTVUxUX1NIQQpmaQoK" |base64 -d >git-run.sh + printf '%s' "IyEvdXNyL2Jpbi9lbnYgc2gKIwojIFNldHMgdXAgdGhlIGJhc2ljIGFuZCBTU0ggYXV0aGVudGljYXRpb24gYmFzZWQgb24gaW5mb3JtZWQgd29ya3NwYWNlcywgYXMgd2VsbCBhcyBjbGVhbmluZyB1cCB0aGUKIyBwcmV2aW91cyBnaXQtY2xvbmUgc3RhbGUgZGF0YS4KIwoKc2V0IC1ldQoKc291cmNlICQoQ0RQQVRIPSBjZCAtLSAiJChkaXJuYW1lIC0tICR7MH0pIiAmJiBwd2QpL2NvbW1vbi5zaAoKYXNzZXJ0X3JlcXVpcmVkX2NvbmZpZ3VyYXRpb25fb3JfZmFpbAoKcGhhc2UgIlByZXBhcmluZyB0aGUgZmlsZXN5c3RlbSBiZWZvcmUgY2xvbmluZyB0aGUgcmVwb3NpdG9yeSIKCmlmIFtbICIke1BBUkFNU19ERUxFVEVfRVhJU1RJTkd9IiA9PSAidHJ1ZSIgXV07IHRoZW4KCXBoYXNlICJEZWxldGluZyBhbGwgY29udGVudHMgb2YgY2hlY2tvdXQtZGlyICcke2NoZWNrb3V0X2Rpcn0nIgoJY2xlYW5fZGlyICR7Y2hlY2tvdXRfZGlyfSB8fCB0cnVlCmZpCgppZiBbWyAiJHtXT1JLU1BBQ0VTX0JBU0lDX0FVVEhfQk9VTkR9IiA9PSAidHJ1ZSIgXV07IHRoZW4KCXBoYXNlICJDb25maWd1cmluZyBHaXQgYXV0aGVudGljYXRpb24gd2l0aCAnYmFzaWMtYXV0aCcgV29ya3NwYWNlIGZpbGVzIgoKCWZvciBmIGluIC5naXQtY3JlZGVudGlhbHMgLmdpdGNvbmZpZzsgZG8KCQlzcmM9IiR7V09SS1NQQUNFU19CQVNJQ19BVVRIX1BBVEh9LyR7Zn0iCgkJcGhhc2UgIkNvcHlpbmcgJyR7c3JjfScgdG8gJyR7UEFSQU1TX1VTRVJfSE9NRX0nIgoJCWNvcHlfb3JfZmFpbCA0MDAgJHtzcmN9ICIke1BBUkFNU19VU0VSX0hPTUV9LyIKCWRvbmUKZmkKCmlmIFtbICIke1dPUktTUEFDRVNfU1NIX0RJUkVDVE9SWV9CT1VORH0iID09ICJ0cnVlIiBdXTsgdGhlbgoJcGhhc2UgIkNvcHlpbmcgJy5zc2gnIGZyb20gc3NoLWRpcmVjdG9yeSB3b3Jrc3BhY2UgKCcke1dPUktTUEFDRVNfU1NIX0RJUkVDVE9SWV9QQVRIfScpIgoKCWRvdF9zc2g9IiR7UEFSQU1TX1VTRVJfSE9NRX0vLnNzaCIKCWNvcHlfb3JfZmFpbCA3MDAgJHtXT1JLU1BBQ0VTX1NTSF9ESVJFQ1RPUllfUEFUSH0gJHtkb3Rfc3NofQoJY2htb2QgLVJ2IDQwMCAke2RvdF9zc2h9LyoKZmkKCgpleGl0IDA=" |base64 -d >prepare.sh + printf '%s' "IyEvdXNyL2Jpbi9lbnYgc2gKIwojIFNjYW4gdGhlIGNsb25lZCByZXBvc2l0b3J5IGluIG9yZGVyIHRvIHJlcG9ydCBkZXRhaWxzIHdyaXR0aW5nIHRoZSByZXN1bHQgZmlsZXMuCiMKCnNldCAtZXUKCnNvdXJjZSAkKENEUEFUSD0gY2QgLS0gIiQoZGlybmFtZSAtLSAkezB9KSIgJiYgcHdkKS9jb21tb24uc2gKCmFzc2VydF9yZXF1aXJlZF9jb25maWd1cmF0aW9uX29yX2ZhaWwKCnBoYXNlICJDb2xsZWN0aW5nIGNsb25lZCByZXBvc2l0b3J5IGluZm9ybWF0aW9uICgnJHtjaGVja291dF9kaXJ9JykiCgpjZCAiJHtjaGVja291dF9kaXJ9IiB8fCBmYWlsICJOb3QgYWJsZSB0byBlbnRlciBjaGVja291dC1kaXIgJyR7Y2hlY2tvdXRfZGlyfSciCgpwaGFzZSAiU2V0dGluZyBvdXRwdXQgd29ya3NwYWNlIGFzIHNhZmUgZGlyZWN0b3J5ICgnJHtXT1JLU1BBQ0VTX1JPT1RfUEFUSH0nKSIKZ2l0IGNvbmZpZyAtLWdsb2JhbCAtLWFkZCBzYWZlLmRpcmVjdG9yeSAiJHtXT1JLU1BBQ0VTX1JPT1RfUEFUSH0iCgpyZXN1bHRfc2hhPSIkKGdpdCByZXYtcGFyc2UgSEVBRCkiCnJlc3VsdF9jb21taXR0ZXJfZGF0ZT0iJChnaXQgbG9nIC0xIC0tcHJldHR5PSVjdCkiCgpwaGFzZSAiUmVwb3J0aW5nIGxhc3QgY29tbWl0IGRhdGUgJyR7cmVzdWx0X2NvbW1pdHRlcl9kYXRlfSciCnByaW50ZiAiJXMiICIke3Jlc3VsdF9jb21taXR0ZXJfZGF0ZX0iID4ke1JFU1VMVFNfQ09NTUlUVEVSX0RBVEVfUEFUSH0KCnBoYXNlICJSZXBvcnRpbmcgcGFyc2VkIHJldmlzaW9uIFNIQSAnJHtyZXN1bHRfc2hhfSciCnByaW50ZiAiJXMiICIke3Jlc3VsdF9zaGF9IiA+JHtSRVNVTFRTX0NPTU1JVF9QQVRIfQoKcGhhc2UgIlJlcG9ydGluZyByZXBvc2l0b3J5IFVSTCAnJHtQQVJBTVNfVVJMfSciCnByaW50ZiAiJXMiICIke1BBUkFNU19VUkx9IiA+JHtSRVNVTFRTX1VSTF9QQVRIfQoKZXhpdCAw" |base64 -d >report.sh + chmod +x *.sh + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: prepare + image: registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8@sha256:c4b2183f7c7997bd401d86b33eefb637b3ef2fa90618e875106292cd69a15c14 + workingDir: $(workspaces.output.path) + command: + - /scripts/prepare.sh + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: user-home + mountPath: "$(params.USER_HOME)" + + - name: git-run + image: registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8@sha256:c4b2183f7c7997bd401d86b33eefb637b3ef2fa90618e875106292cd69a15c14 + workingDir: $(workspaces.output.path) + command: + - /scripts/git-run.sh + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: user-home + mountPath: "$(params.USER_HOME)" + - name: report + image: registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8@sha256:c4b2183f7c7997bd401d86b33eefb637b3ef2fa90618e875106292cd69a15c14 + command: + - /scripts/report.sh + volumeMounts: + - name: scripts-dir + mountPath: /scripts