Skip to content

Commit

Permalink
task-containers: Auto-update tekton tasks resources\n\nURL: https://g…
Browse files Browse the repository at this point in the history
  • Loading branch information
github-actions authored and openshift-merge-bot[bot] committed Dec 19, 2023
1 parent 3ca366e commit a71bc5e
Show file tree
Hide file tree
Showing 20 changed files with 2,482 additions and 0 deletions.
76 changes: 76 additions & 0 deletions tasks/task-buildah/0.2.0/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
`Buildah` Tekton Task
-----------------------

# Abstract

The `buildah` Task is meant to build [OCI][OCI] container images without the requirement of container runtime daemon like Docker daemon using [Buildah][Buildah], the Task results contain the image name and the SHA256 image digest.

# Usage

Please, consider the usage example below:

```yaml
---
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata: {}
spec:
pipelineRef:
name: task-buildah
params:
- name: IMAGE
value: your-image-name
- name: TLS_VERIFY
value: true
- name: VERBOSE
value: false
workspaces:
- name: source
persistentVolumeClaim:
claimName: your-pvc-name
```
You'll need to replace `your-image-name` with the actual name of the image you want to build, and `your-pvc-name` with the name of the PersistentVolumeClaim where your source code is stored.
In case the Container Registry requires authentication, please consider the [Tekton Pipelines documentation][tektonPipelineAuth]. In a nutshell, you need to create a Kubernetes Secret describing the following attributes:

```bash
kubectl create secret docker-registry imagestreams \
--docker-server="image-registry.openshift-image-registry.svc:5000" \
--docker-username="${REGISTRY_USERNAME}" \
--docker-password="${REGISTRY_TOKEN}"
```

Then make sure the Secret is linked with the Service-Account running the `TaskRun`/`PipelineRun`.

## Workspace

| Name | Optional | Description |
| :------------ | :------------------------: | :--------------------------- |
| `source` | `false` | Container build context, like for instnace a application source code followed by a `Containerfile`. |


## Params

| Param | Type | Default | Description |
| :------------ | :------------------------: | :--------------------------- | :------------------------- |
| `IMAGE` | `string` | (required) | Fully qualified source container image name, including tag, to be built by buildah. |
| `CONTAINERFILE_PATH` | `string` | `Containerfile` | Path to the `Containerfile` (or `Dockerfile`) relative to the `source` workspace. |
| `TLS_VERIFY` | `string` | `true` | Sets the TLS verification flags, `true` is recommended. |
| `VERBOSE` | `string` | `false` | Shows a more verbose (debug) output. |
| `SUBDIRECTORY` | `string` | `.` | Relative subdirectory to the `source` Workspace for the build-context. |
| `STORAGE_DRIVER` | `string` | `overlay` | Set buildah storage driver to reflect the currrent cluster node's settings. |
| `BUILD_EXTRA_ARGS` | `string` | `` | Extra parameters passed for the build command when building images. |
| `PUSH_EXTRA_ARGS` | `string` | `` | Extra parameters passed for the push command when pushing images. |
| `SKIP_PUSH` | `string` | `false` | Skip pushing the image to the container registry. |


## Results

| Result | Description |
| :------------ | :------------------------- |
| `IMAGE_URL` | Fully qualified image name. |
| `IMAGE_DIGEST` | SHA256 digest of the image just built. |

[tektonPipelineAuth]: https://tekton.dev/docs/pipelines/auth/#configuring-docker-authentication-for-docker
[Buildah]: https://github.com/containers/buildah
[OCI]: https://opencontainers.org/

152 changes: 152 additions & 0 deletions tasks/task-buildah/0.2.0/task-buildah.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,152 @@
---
# Source: task-containers/templates/task-buildah.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: buildah
labels:
app.kubernetes.io/version: 0.2.0
annotations:
tekton.dev/categories: containers
tekton.dev/pipelines.minVersion: 0.41.0
tekton.dev/tags: containers
spec:
description: |
Buildah task builds source into a container image and
then pushes it to a container registry.
workspaces:
- name: source
optional: false
description: |
Container build context, like for instnace a application source code
followed by a `Dockerfile`.
- name: dockerconfig
description: >-
An optional workspace that allows providing a .docker/config.json file
for Buildah to access the container registry.
The file should be placed at the root of the Workspace with name config.json
or .dockerconfigjson.
optional: true
params:
- name: IMAGE
type: string
description: |
Fully qualified container image name to be built by buildah.
- name: DOCKERFILE
type: string
default: ./Dockerfile
description: |
Path to the `Dockerfile` (or `Containerfile`) relative to the `source` workspace.
- name: CONTEXT
type: string
default: "."
description: |
Path to the directory to use as context.
- name: STORAGE_DRIVER
type: string
default: vfs
description: |
Set buildah storage driver to reflect the currrent cluster node's
settings.
- name: FORMAT
description: The format of the built container, oci or docker
default: "oci"
- name: BUILD_EXTRA_ARGS
type: string
default: ""
description: |
Extra parameters passed for the build command when building images.
- name: PUSH_EXTRA_ARGS
type: string
default: ""
description: |
Extra parameters passed for the push command when pushing images.
- name: SKIP_PUSH
default: "false"
description: |
Skip pushing the image to the container registry.
- name: TLS_VERIFY
type: string
default: "true"
description: |
Sets the TLS verification flag, `true` is recommended.
- name: VERBOSE
type: string
default: "false"
description: |
Turns on verbose logging, all commands executed will be printed out.
results:
- name: IMAGE_URL
description: |
Fully qualified image name.
- name: IMAGE_DIGEST
description: |
Digest of the image just built.
stepTemplate:
env:

- name: PARAMS_IMAGE
value: "$(params.IMAGE)"
- name: PARAMS_CONTEXT
value: "$(params.CONTEXT)"
- name: PARAMS_DOCKERFILE
value: "$(params.DOCKERFILE)"
- name: PARAMS_FORMAT
value: "$(params.FORMAT)"
- name: PARAMS_STORAGE_DRIVER
value: "$(params.STORAGE_DRIVER)"
- name: PARAMS_BUILD_EXTRA_ARGS
value: "$(params.BUILD_EXTRA_ARGS)"
- name: PARAMS_PUSH_EXTRA_ARGS
value: "$(params.PUSH_EXTRA_ARGS)"
- name: PARAMS_SKIP_PUSH
value: "$(params.SKIP_PUSH)"
- name: PARAMS_TLS_VERIFY
value: "$(params.TLS_VERIFY)"
- name: PARAMS_VERBOSE
value: "$(params.VERBOSE)"
- name: WORKSPACES_SOURCE_BOUND
value: "$(workspaces.source.bound)"
- name: WORKSPACES_SOURCE_PATH
value: "$(workspaces.source.path)"
- name: WORKSPACES_DOCKERCONFIG_BOUND
value: "$(workspaces.dockerconfig.bound)"
- name: WORKSPACES_DOCKERCONFIG_PATH
value: "$(workspaces.dockerconfig.path)"
- name: RESULTS_IMAGE_URL_PATH
value: "$(results.IMAGE_URL.path)"
- name: RESULTS_IMAGE_DIGEST_PATH
value: "$(results.IMAGE_DIGEST.path)"

steps:
- name: load-scripts
image: registry.access.redhat.com/ubi8-minimal:8.9
workingDir: /scripts
script: |
set -e
printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgV3JhcHBlciBhcm91bmQgImJ1aWxkYWggYnVkIiB0byBidWlsZCBhbmQgcHVzaCBhIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiBhIERvY2tlcmZpbGUuCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvYnVpbGRhaC1jb21tb24uc2giCgpmdW5jdGlvbiBfYnVpbGRhaCgpIHsKICAgIGJ1aWxkYWggXAogICAgICAgIC0tc3RvcmFnZS1kcml2ZXI9IiR7UEFSQU1TX1NUT1JBR0VfRFJJVkVSfSIgXAogICAgICAgIC0tdGxzLXZlcmlmeT0iJHtQQVJBTVNfVExTX1ZFUklGWX0iIFwKICAgICAgICAkeyp9Cn0KCiMKIyBQcmVwYXJlCiMKCiMgbWFraW5nIHN1cmUgdGhlIHJlcXVpcmVkIHdvcmtzcGFjZSAic291cmNlIiBpcyBib3VuZGVkLCB3aGljaCBtZWFucyBpdHMgdm9sdW1lIGlzIGN1cnJlbnRseSBtb3VudGVkCiMgYW5kIHJlYWR5IHRvIHVzZQpwaGFzZSAiSW5zcGVjdGluZyBzb3VyY2Ugd29ya3NwYWNlICcke1dPUktTUEFDRVNfU09VUkNFX1BBVEh9JyAoUFdEPScke1BXRH0nKSIKW1sgIiR7V09SS1NQQUNFU19TT1VSQ0VfQk9VTkR9IiAhPSAidHJ1ZSIgXV0gJiYKICAgIGZhaWwgIldvcmtzcGFjZSAnc291cmNlJyBpcyBub3QgYm91bmRlZCIKCnBoYXNlICJBc3NlcnRpbmcgdGhlIGRvY2tlcmZpbGUvY29udGFpbmVyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyBleGlzdHMiCltbICEgLWYgIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgIkRvY2tlcmZpbGUgbm90IGZvdW5kIGF0OiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJDT05URVhUIHBhcmFtIGlzIG5vdCBmb3VuZCBhdCAnJHtQQVJBTVNfQ09OVEVYVH0nLCBvbiBzb3VyY2Ugd29ya3NwYWNlIgoKIyBIYW5kbGUgb3B0aW9uYWwgZG9ja2VyY29uZmlnIHNlY3JldAppZiBbWyAiJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORH0iID09ICJ0cnVlIiBdXTsgdGhlbgoKICAgICMgaWYgY29uZmlnLmpzb24gZXhpc3RzIGF0IHdvcmtzcGFjZSByb290LCB3ZSB1c2UgdGhhdAogICAgaWYgdGVzdCAtZiAiJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIfS9jb25maWcuanNvbiI7IHRoZW4KICAgICAgICBleHBvcnQgRE9DS0VSX0NPTkZJRz0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIfSIKCiAgICAgICAgIyBlbHNlIHdlIGxvb2sgZm9yIC5kb2NrZXJjb25maWdqc29uIGF0IHRoZSByb290CiAgICBlbGlmIHRlc3QgLWYgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0vLmRvY2tlcmNvbmZpZ2pzb24iOyB0aGVuCiAgICAgICAgY3AgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0vLmRvY2tlcmNvbmZpZ2pzb24iICIkSE9NRS8uZG9ja2VyL2NvbmZpZy5qc29uIgogICAgICAgIGV4cG9ydCBET0NLRVJfQ09ORklHPSIkSE9NRS8uZG9ja2VyIgoKICAgICAgICAjIG5lZWQgdG8gZXJyb3Igb3V0IGlmIG5laXRoZXIgZmlsZXMgYXJlIHByZXNlbnQKICAgIGVsc2UKICAgICAgICBlY2hvICJuZWl0aGVyICdjb25maWcuanNvbicgbm9yICcuZG9ja2VyY29uZmlnanNvbicgZm91bmQgYXQgd29ya3NwYWNlIHJvb3QiCiAgICAgICAgZXhpdCAxCiAgICBmaQpmaQoKIwojIEJ1aWxkCiMKCnBoYXNlICJCdWlsZGluZyAnJHtQQVJBTVNfSU1BR0V9JyBiYXNlZCBvbiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCltbIC1uICIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX0JVSUxEX0VYVFJBX0FSR1N9JyIKCl9idWlsZGFoIGJ1ZCAke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSBcCiAgICAtLW5vLWNhY2hlIFwKICAgIC0tZmlsZT0iJHtET0NLRVJGSUxFX0ZVTEx9IiBcCiAgICAtLXRhZz0iJHtQQVJBTVNfSU1BR0V9IiBcCiAgICAke1BBUkFNU19DT05URVhUfQoKaWYgW1sgIiR7UEFSQU1TX1NLSVBfUFVTSH0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgcGhhc2UgIlNraXBwaW5nIHB1c2hpbmcgJyR7UEFSQU1TX0lNQUdFfScgdG8gdGhlIGNvbnRhaW5lciByZWdpc3RyeSEiCiAgICBleGl0IDAKZmkKCiMKIyBQdXNoCiMKCnBoYXNlICJQdXNoaW5nICcke1BBUkFNU19JTUFHRX0nIHRvIHRoZSBjb250YWluZXIgcmVnaXN0cnkiCgpbWyAtbiAiJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX1BVU0hfRVhUUkFfQVJHU30nIgoKIyB0ZW1wb3JhcnkgZmlsZSB0byBzdG9yZSB0aGUgaW1hZ2UgZGlnZXN0LCBpbmZvcm1hdGlvbiBvbmx5IG9idGFpbmVkIGFmdGVyIHB1c2hpbmcgdGhlIGltYWdlIHRvIHRoZQojIGNvbnRhaW5lciByZWdpc3RyeQpkZWNsYXJlIC1yIGRpZ2VzdF9maWxlPSIvdG1wL2J1aWxkYWgtZGlnZXN0LnR4dCIKCl9idWlsZGFoIHB1c2ggJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSBcCiAgICAtLWRpZ2VzdGZpbGU9IiR7ZGlnZXN0X2ZpbGV9IiBcCiAgICAke1BBUkFNU19JTUFHRX0gXAogICAgZG9ja2VyOi8vJHtQQVJBTVNfSU1BR0V9CgojCiMgUmVzdWx0cwojCgpwaGFzZSAiSW5zcGVjdGluZyBkaWdlc3QgcmVwb3J0ICgnJHtkaWdlc3RfZmlsZX0nKSIKCltbICEgLXIgIiR7ZGlnZXN0X2ZpbGV9IiBdXSAmJgogICAgZmFpbCAiVW5hYmxlIHRvIGZpbmQgZGlnZXN0LWZpbGUgYXQgJyR7ZGlnZXN0X2ZpbGV9JyIKCmRlY2xhcmUgLXIgZGlnZXN0X3N1bT0iJChjYXQgJHtkaWdlc3RfZmlsZX0pIgoKW1sgLXogIiR7ZGlnZXN0X3N1bX0iIF1dICYmCiAgICBmYWlsICJEaWdlc3QgZmlsZSAnJHtkaWdlc3RfZmlsZX0nIGlzIGVtcHR5ISIKCnBoYXNlICJTdWNjZXNzZnVseSBidWlsdCBjb250YWluZXIgaW1hZ2UgJyR7UEFSQU1TX0lNQUdFfScgKCcke2RpZ2VzdF9zdW19JykiCmVjaG8gLW4gIiR7UEFSQU1TX0lNQUdFfSIgfCB0ZWUgJHtSRVNVTFRTX0lNQUdFX1VSTF9QQVRIfQplY2hvIC1uICIke2RpZ2VzdF9zdW19IiB8IHRlZSAke1JFU1VMVFNfSU1BR0VfRElHRVNUX1BBVEh9Cg==" |base64 -d >buildah-bud.sh
printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKZGVjbGFyZSAtcnggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKZGVjbGFyZSAtcnggUEFSQU1TX0RPQ0tFUkZJTEU9IiR7UEFSQU1TX0RPQ0tFUkZJTEU6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19DT05URVhUPSIke1BBUkFNU19DT05URVhUOi19IgpkZWNsYXJlIC1yeCBQQVJBTVNfU1RPUkFHRV9EUklWRVI9IiR7UEFSQU1TX1NUT1JBR0VfRFJJVkVSOi19IgpkZWNsYXJlIC1yeCBQQVJBTVNfQlVJTERfRVhUUkFfQVJHUz0iJHtQQVJBTVNfQlVJTERfRVhUUkFfQVJHUzotfSIKZGVjbGFyZSAtcnggUEFSQU1TX1BVU0hfRVhUUkFfQVJHUz0iJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTOi19IgpkZWNsYXJlIC1yeCBQQVJBTVNfU0tJUF9QVVNIPSIke1BBUkFNU19TS0lQX1BVU0g6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19UTFNfVkVSSUZZPSIke1BBUkFNU19UTFNfVkVSSUZZOi19IgpkZWNsYXJlIC1yeCBQQVJBTVNfVkVSQk9TRT0iJHtQQVJBTVNfVkVSQk9TRTotfSIKCmRlY2xhcmUgLXJ4IFdPUktTUEFDRVNfU09VUkNFX1BBVEg9IiR7V09SS1NQQUNFU19TT1VSQ0VfUEFUSDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19TT1VSQ0VfQk9VTkQ9IiR7V09SS1NQQUNFU19TT1VSQ0VfQk9VTkQ6LX0iCmRlY2xhcmUgLXJ4IFdPUktTUEFDRVNfRE9DS0VSQ09ORklHX1BBVEg9IiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19ET0NLRVJDT05GSUdfQk9VTkQ9IiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfQk9VTkQ6LX0iCgpkZWNsYXJlIC1yeCBSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIPSIke1JFU1VMVFNfSU1BR0VfRElHRVNUX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFJFU1VMVFNfSU1BR0VfVVJMX1BBVEg9IiR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSDotfSIKCiMKIyBEb2NrZXJmaWxlCiMKCiMgZXhwb3NpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUsIHdoaWNoIGJ5IGRlZmF1bHQgc2hvdWxkIGJlIHJlbGF0aXZlIHRvIHRoZSBwcmltYXJ5CiMgd29ya3NwYWNlLCB0byByZWNlaXZlIGEgZGlmZmVyZW50IGNvbnRhaW5lci1maWxlIGxvY2F0aW9uCmRlY2xhcmUgLXIgZG9ja2VyZmlsZV9vbl93cz0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19ET0NLRVJGSUxFfSIKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7RE9DS0VSRklMRV9GVUxMOi0ke2RvY2tlcmZpbGVfb25fd3N9fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKW1sgLXogIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgInVuYWJsZSB0byBmaW5kIHRoZSBEb2NrZXJmaWxlLCBET0NLRVJGSUxFIG1heSBoYXZlIGFuIGluY29ycmVjdCBsb2NhdGlvbiIKCmV4cG9ydGVkX29yX2ZhaWwgXAogICAgV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBcCiAgICBQQVJBTVNfSU1BR0UKCiMKIyBWZXJib3NlIE91dHB1dAojCgppZiBbWyAiJHtQQVJBTVNfVkVSQk9TRX0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgc2V0IC14CmZpCg==" |base64 -d >buildah-common.sh
printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >common.sh
chmod +x buildah-*.sh
volumeMounts:
- name: scripts-dir
mountPath: /scripts

- name: build
image: registry.access.redhat.com/ubi8/buildah:8.9
workingDir: /workspace/source
command:
- /scripts/buildah-bud.sh
securityContext:
capabilities:
add: ["SETFCAP"]
volumeMounts:
- name: scripts-dir
mountPath: /scripts

volumes:
- name: scripts-dir
emptyDir: {}
83 changes: 83 additions & 0 deletions tasks/task-s2i-dotnet/0.2.0/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
Source-to-Image Tekton Tasks (`s2i`)
------------------------------------

# Abstract

Describes the Tekton Tasks supporting Source-to-Image for various ecosystems.

# `s2i` Builder Images

This section we explain each language ecosystem comes with a predefined set of builder images, supported by Red Hat.

The `s2i` Task helps in building reproducible container images from source code i.e. task for supporting s2i functionality.

The s2i Task has been customized with builder images specific to various languages and have been named appropriately as follows:

| Task Name | Builder Image Used |
| ---------- | ---------------------------------------------------------------------- |
| s2i-python | http://registry.access.redhat.com/ubi8/python-39:latest |
| s2i-go | http://registry.access.redhat.com/ubi8/go-toolset:1.19.10-3 |
| s2i-java | http://registry.access.redhat.com/ubi8/openjdk-11:latest |
| s2i-dotnet | http://registry.access.redhat.com/ubi8/dotnet-60:6.0-37.20230802191230 |
| s2i-php | http://registry.access.redhat.com/ubi9/php-81:1-29 |
| s2i-nodejs | http://registry.access.redhat.com/ubi8/nodejs-18:latest |
| s2i-perl | http://registry.access.redhat.com/ubi9/perl-532:1-91 |
| s2i-ruby | http://registry.access.redhat.com/ubi9/ruby-31:1-50 |

In case, the above builder images associated with the languages aren’t satisfactory for your source code, you can change it using appropriate parameter.

# Usage

Please, consider the usage example below:

```yaml
---
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata: {}
spec:
taskRef:
name: s2i-python
params:
- name: IMAGE
value: registry.registry.svc.cluster.local:32222/task-containers/task-s2i-python:latest
```
In case the Container Registry requires authentication, please consider the [Tekton Pipelines documentation][tektonPipelineAuth]. In a nutshell, you need to create a Kubernetes Secret describing the following attributes:
```bash
kubectl create secret docker-registry imagestreams \
--docker-server="image-registry.openshift-image-registry.svc:5000" \
--docker-username="${REGISTRY_USERNAME}" \
--docker-password="${REGISTRY_TOKEN}"
```

Then make sure the Secret is linked with the Service-Account running the `TaskRun`/`PipelineRun`.

## Workspaces

All of the s2i tasks use the `source` workspace which is meant to contain the Application source code, which acts as the build context for S2I workflow.


## Params

| Param | Type | Default | Description |
| ----------------- | ------ | ------------------------ | ------------------------------------------------------------------------- |
| IMAGE | string | (required) | Fully qualified container image name to be built by s2i |
| IMAGE_SCRIPTS_URL | string | image:///usr/libexec/s2i | URL containing the default assemble and run scripts for the builder image |
| ENV_VARS | array | [] | Array containing string of Environment Variables as "KEY=VALUE” |
| SUBDIRECTORY | string | . | Relative subdirectory to the source Workspace for the build-context. |
| STORAGE_DRIVER | string | overlay | Set buildah storage driver to reflect the currrent cluster node's |
| settings. |
| BUILD_EXTRA_ARGS | string | | Extra parameters passed for the build command when building images. |
| PUSH_EXTRA_ARGS | string | | Extra parameters passed for the push command when pushing images. |
| SKIP_PUSH | string | false | Skip pushing the image to the container registry. |
| TLS_VERIFY | string | true | Sets the TLS verification flag, true is recommended. |
| VERBOSE | string | false | Turns on verbose logging, all commands executed will be printed out. |

## Results

| Result | Description |
| ------------ | ------------------------------- |
| IMAGE_URL | Fully qualified image name. |
| IMAGE_DIGEST | Digest of the image just built. |
Loading

0 comments on commit a71bc5e

Please sign in to comment.