-
Notifications
You must be signed in to change notification settings - Fork 13
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
task-containers: Auto-update tekton tasks resources\n\nURL: https://g…
- Loading branch information
1 parent
3ca366e
commit a71bc5e
Showing
20 changed files
with
2,482 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
`Buildah` Tekton Task | ||
----------------------- | ||
|
||
# Abstract | ||
|
||
The `buildah` Task is meant to build [OCI][OCI] container images without the requirement of container runtime daemon like Docker daemon using [Buildah][Buildah], the Task results contain the image name and the SHA256 image digest. | ||
|
||
# Usage | ||
|
||
Please, consider the usage example below: | ||
|
||
```yaml | ||
--- | ||
apiVersion: tekton.dev/v1beta1 | ||
kind: PipelineRun | ||
metadata: {} | ||
spec: | ||
pipelineRef: | ||
name: task-buildah | ||
params: | ||
- name: IMAGE | ||
value: your-image-name | ||
- name: TLS_VERIFY | ||
value: true | ||
- name: VERBOSE | ||
value: false | ||
workspaces: | ||
- name: source | ||
persistentVolumeClaim: | ||
claimName: your-pvc-name | ||
``` | ||
You'll need to replace `your-image-name` with the actual name of the image you want to build, and `your-pvc-name` with the name of the PersistentVolumeClaim where your source code is stored. | ||
In case the Container Registry requires authentication, please consider the [Tekton Pipelines documentation][tektonPipelineAuth]. In a nutshell, you need to create a Kubernetes Secret describing the following attributes: | ||
|
||
```bash | ||
kubectl create secret docker-registry imagestreams \ | ||
--docker-server="image-registry.openshift-image-registry.svc:5000" \ | ||
--docker-username="${REGISTRY_USERNAME}" \ | ||
--docker-password="${REGISTRY_TOKEN}" | ||
``` | ||
|
||
Then make sure the Secret is linked with the Service-Account running the `TaskRun`/`PipelineRun`. | ||
|
||
## Workspace | ||
|
||
| Name | Optional | Description | | ||
| :------------ | :------------------------: | :--------------------------- | | ||
| `source` | `false` | Container build context, like for instnace a application source code followed by a `Containerfile`. | | ||
|
||
|
||
## Params | ||
|
||
| Param | Type | Default | Description | | ||
| :------------ | :------------------------: | :--------------------------- | :------------------------- | | ||
| `IMAGE` | `string` | (required) | Fully qualified source container image name, including tag, to be built by buildah. | | ||
| `CONTAINERFILE_PATH` | `string` | `Containerfile` | Path to the `Containerfile` (or `Dockerfile`) relative to the `source` workspace. | | ||
| `TLS_VERIFY` | `string` | `true` | Sets the TLS verification flags, `true` is recommended. | | ||
| `VERBOSE` | `string` | `false` | Shows a more verbose (debug) output. | | ||
| `SUBDIRECTORY` | `string` | `.` | Relative subdirectory to the `source` Workspace for the build-context. | | ||
| `STORAGE_DRIVER` | `string` | `overlay` | Set buildah storage driver to reflect the currrent cluster node's settings. | | ||
| `BUILD_EXTRA_ARGS` | `string` | `` | Extra parameters passed for the build command when building images. | | ||
| `PUSH_EXTRA_ARGS` | `string` | `` | Extra parameters passed for the push command when pushing images. | | ||
| `SKIP_PUSH` | `string` | `false` | Skip pushing the image to the container registry. | | ||
|
||
|
||
## Results | ||
|
||
| Result | Description | | ||
| :------------ | :------------------------- | | ||
| `IMAGE_URL` | Fully qualified image name. | | ||
| `IMAGE_DIGEST` | SHA256 digest of the image just built. | | ||
|
||
[tektonPipelineAuth]: https://tekton.dev/docs/pipelines/auth/#configuring-docker-authentication-for-docker | ||
[Buildah]: https://github.com/containers/buildah | ||
[OCI]: https://opencontainers.org/ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,152 @@ | ||
--- | ||
# Source: task-containers/templates/task-buildah.yaml | ||
apiVersion: tekton.dev/v1beta1 | ||
kind: Task | ||
metadata: | ||
name: buildah | ||
labels: | ||
app.kubernetes.io/version: 0.2.0 | ||
annotations: | ||
tekton.dev/categories: containers | ||
tekton.dev/pipelines.minVersion: 0.41.0 | ||
tekton.dev/tags: containers | ||
spec: | ||
description: | | ||
Buildah task builds source into a container image and | ||
then pushes it to a container registry. | ||
workspaces: | ||
- name: source | ||
optional: false | ||
description: | | ||
Container build context, like for instnace a application source code | ||
followed by a `Dockerfile`. | ||
- name: dockerconfig | ||
description: >- | ||
An optional workspace that allows providing a .docker/config.json file | ||
for Buildah to access the container registry. | ||
The file should be placed at the root of the Workspace with name config.json | ||
or .dockerconfigjson. | ||
optional: true | ||
params: | ||
- name: IMAGE | ||
type: string | ||
description: | | ||
Fully qualified container image name to be built by buildah. | ||
- name: DOCKERFILE | ||
type: string | ||
default: ./Dockerfile | ||
description: | | ||
Path to the `Dockerfile` (or `Containerfile`) relative to the `source` workspace. | ||
- name: CONTEXT | ||
type: string | ||
default: "." | ||
description: | | ||
Path to the directory to use as context. | ||
- name: STORAGE_DRIVER | ||
type: string | ||
default: vfs | ||
description: | | ||
Set buildah storage driver to reflect the currrent cluster node's | ||
settings. | ||
- name: FORMAT | ||
description: The format of the built container, oci or docker | ||
default: "oci" | ||
- name: BUILD_EXTRA_ARGS | ||
type: string | ||
default: "" | ||
description: | | ||
Extra parameters passed for the build command when building images. | ||
- name: PUSH_EXTRA_ARGS | ||
type: string | ||
default: "" | ||
description: | | ||
Extra parameters passed for the push command when pushing images. | ||
- name: SKIP_PUSH | ||
default: "false" | ||
description: | | ||
Skip pushing the image to the container registry. | ||
- name: TLS_VERIFY | ||
type: string | ||
default: "true" | ||
description: | | ||
Sets the TLS verification flag, `true` is recommended. | ||
- name: VERBOSE | ||
type: string | ||
default: "false" | ||
description: | | ||
Turns on verbose logging, all commands executed will be printed out. | ||
results: | ||
- name: IMAGE_URL | ||
description: | | ||
Fully qualified image name. | ||
- name: IMAGE_DIGEST | ||
description: | | ||
Digest of the image just built. | ||
stepTemplate: | ||
env: | ||
|
||
- name: PARAMS_IMAGE | ||
value: "$(params.IMAGE)" | ||
- name: PARAMS_CONTEXT | ||
value: "$(params.CONTEXT)" | ||
- name: PARAMS_DOCKERFILE | ||
value: "$(params.DOCKERFILE)" | ||
- name: PARAMS_FORMAT | ||
value: "$(params.FORMAT)" | ||
- name: PARAMS_STORAGE_DRIVER | ||
value: "$(params.STORAGE_DRIVER)" | ||
- name: PARAMS_BUILD_EXTRA_ARGS | ||
value: "$(params.BUILD_EXTRA_ARGS)" | ||
- name: PARAMS_PUSH_EXTRA_ARGS | ||
value: "$(params.PUSH_EXTRA_ARGS)" | ||
- name: PARAMS_SKIP_PUSH | ||
value: "$(params.SKIP_PUSH)" | ||
- name: PARAMS_TLS_VERIFY | ||
value: "$(params.TLS_VERIFY)" | ||
- name: PARAMS_VERBOSE | ||
value: "$(params.VERBOSE)" | ||
- name: WORKSPACES_SOURCE_BOUND | ||
value: "$(workspaces.source.bound)" | ||
- name: WORKSPACES_SOURCE_PATH | ||
value: "$(workspaces.source.path)" | ||
- name: WORKSPACES_DOCKERCONFIG_BOUND | ||
value: "$(workspaces.dockerconfig.bound)" | ||
- name: WORKSPACES_DOCKERCONFIG_PATH | ||
value: "$(workspaces.dockerconfig.path)" | ||
- name: RESULTS_IMAGE_URL_PATH | ||
value: "$(results.IMAGE_URL.path)" | ||
- name: RESULTS_IMAGE_DIGEST_PATH | ||
value: "$(results.IMAGE_DIGEST.path)" | ||
|
||
steps: | ||
- name: load-scripts | ||
image: registry.access.redhat.com/ubi8-minimal:8.9 | ||
workingDir: /scripts | ||
script: | | ||
set -e | ||
printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgV3JhcHBlciBhcm91bmQgImJ1aWxkYWggYnVkIiB0byBidWlsZCBhbmQgcHVzaCBhIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiBhIERvY2tlcmZpbGUuCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvYnVpbGRhaC1jb21tb24uc2giCgpmdW5jdGlvbiBfYnVpbGRhaCgpIHsKICAgIGJ1aWxkYWggXAogICAgICAgIC0tc3RvcmFnZS1kcml2ZXI9IiR7UEFSQU1TX1NUT1JBR0VfRFJJVkVSfSIgXAogICAgICAgIC0tdGxzLXZlcmlmeT0iJHtQQVJBTVNfVExTX1ZFUklGWX0iIFwKICAgICAgICAkeyp9Cn0KCiMKIyBQcmVwYXJlCiMKCiMgbWFraW5nIHN1cmUgdGhlIHJlcXVpcmVkIHdvcmtzcGFjZSAic291cmNlIiBpcyBib3VuZGVkLCB3aGljaCBtZWFucyBpdHMgdm9sdW1lIGlzIGN1cnJlbnRseSBtb3VudGVkCiMgYW5kIHJlYWR5IHRvIHVzZQpwaGFzZSAiSW5zcGVjdGluZyBzb3VyY2Ugd29ya3NwYWNlICcke1dPUktTUEFDRVNfU09VUkNFX1BBVEh9JyAoUFdEPScke1BXRH0nKSIKW1sgIiR7V09SS1NQQUNFU19TT1VSQ0VfQk9VTkR9IiAhPSAidHJ1ZSIgXV0gJiYKICAgIGZhaWwgIldvcmtzcGFjZSAnc291cmNlJyBpcyBub3QgYm91bmRlZCIKCnBoYXNlICJBc3NlcnRpbmcgdGhlIGRvY2tlcmZpbGUvY29udGFpbmVyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyBleGlzdHMiCltbICEgLWYgIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgIkRvY2tlcmZpbGUgbm90IGZvdW5kIGF0OiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJDT05URVhUIHBhcmFtIGlzIG5vdCBmb3VuZCBhdCAnJHtQQVJBTVNfQ09OVEVYVH0nLCBvbiBzb3VyY2Ugd29ya3NwYWNlIgoKIyBIYW5kbGUgb3B0aW9uYWwgZG9ja2VyY29uZmlnIHNlY3JldAppZiBbWyAiJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORH0iID09ICJ0cnVlIiBdXTsgdGhlbgoKICAgICMgaWYgY29uZmlnLmpzb24gZXhpc3RzIGF0IHdvcmtzcGFjZSByb290LCB3ZSB1c2UgdGhhdAogICAgaWYgdGVzdCAtZiAiJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIfS9jb25maWcuanNvbiI7IHRoZW4KICAgICAgICBleHBvcnQgRE9DS0VSX0NPTkZJRz0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIfSIKCiAgICAgICAgIyBlbHNlIHdlIGxvb2sgZm9yIC5kb2NrZXJjb25maWdqc29uIGF0IHRoZSByb290CiAgICBlbGlmIHRlc3QgLWYgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0vLmRvY2tlcmNvbmZpZ2pzb24iOyB0aGVuCiAgICAgICAgY3AgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0vLmRvY2tlcmNvbmZpZ2pzb24iICIkSE9NRS8uZG9ja2VyL2NvbmZpZy5qc29uIgogICAgICAgIGV4cG9ydCBET0NLRVJfQ09ORklHPSIkSE9NRS8uZG9ja2VyIgoKICAgICAgICAjIG5lZWQgdG8gZXJyb3Igb3V0IGlmIG5laXRoZXIgZmlsZXMgYXJlIHByZXNlbnQKICAgIGVsc2UKICAgICAgICBlY2hvICJuZWl0aGVyICdjb25maWcuanNvbicgbm9yICcuZG9ja2VyY29uZmlnanNvbicgZm91bmQgYXQgd29ya3NwYWNlIHJvb3QiCiAgICAgICAgZXhpdCAxCiAgICBmaQpmaQoKIwojIEJ1aWxkCiMKCnBoYXNlICJCdWlsZGluZyAnJHtQQVJBTVNfSU1BR0V9JyBiYXNlZCBvbiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCltbIC1uICIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX0JVSUxEX0VYVFJBX0FSR1N9JyIKCl9idWlsZGFoIGJ1ZCAke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSBcCiAgICAtLW5vLWNhY2hlIFwKICAgIC0tZmlsZT0iJHtET0NLRVJGSUxFX0ZVTEx9IiBcCiAgICAtLXRhZz0iJHtQQVJBTVNfSU1BR0V9IiBcCiAgICAke1BBUkFNU19DT05URVhUfQoKaWYgW1sgIiR7UEFSQU1TX1NLSVBfUFVTSH0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgcGhhc2UgIlNraXBwaW5nIHB1c2hpbmcgJyR7UEFSQU1TX0lNQUdFfScgdG8gdGhlIGNvbnRhaW5lciByZWdpc3RyeSEiCiAgICBleGl0IDAKZmkKCiMKIyBQdXNoCiMKCnBoYXNlICJQdXNoaW5nICcke1BBUkFNU19JTUFHRX0nIHRvIHRoZSBjb250YWluZXIgcmVnaXN0cnkiCgpbWyAtbiAiJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX1BVU0hfRVhUUkFfQVJHU30nIgoKIyB0ZW1wb3JhcnkgZmlsZSB0byBzdG9yZSB0aGUgaW1hZ2UgZGlnZXN0LCBpbmZvcm1hdGlvbiBvbmx5IG9idGFpbmVkIGFmdGVyIHB1c2hpbmcgdGhlIGltYWdlIHRvIHRoZQojIGNvbnRhaW5lciByZWdpc3RyeQpkZWNsYXJlIC1yIGRpZ2VzdF9maWxlPSIvdG1wL2J1aWxkYWgtZGlnZXN0LnR4dCIKCl9idWlsZGFoIHB1c2ggJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSBcCiAgICAtLWRpZ2VzdGZpbGU9IiR7ZGlnZXN0X2ZpbGV9IiBcCiAgICAke1BBUkFNU19JTUFHRX0gXAogICAgZG9ja2VyOi8vJHtQQVJBTVNfSU1BR0V9CgojCiMgUmVzdWx0cwojCgpwaGFzZSAiSW5zcGVjdGluZyBkaWdlc3QgcmVwb3J0ICgnJHtkaWdlc3RfZmlsZX0nKSIKCltbICEgLXIgIiR7ZGlnZXN0X2ZpbGV9IiBdXSAmJgogICAgZmFpbCAiVW5hYmxlIHRvIGZpbmQgZGlnZXN0LWZpbGUgYXQgJyR7ZGlnZXN0X2ZpbGV9JyIKCmRlY2xhcmUgLXIgZGlnZXN0X3N1bT0iJChjYXQgJHtkaWdlc3RfZmlsZX0pIgoKW1sgLXogIiR7ZGlnZXN0X3N1bX0iIF1dICYmCiAgICBmYWlsICJEaWdlc3QgZmlsZSAnJHtkaWdlc3RfZmlsZX0nIGlzIGVtcHR5ISIKCnBoYXNlICJTdWNjZXNzZnVseSBidWlsdCBjb250YWluZXIgaW1hZ2UgJyR7UEFSQU1TX0lNQUdFfScgKCcke2RpZ2VzdF9zdW19JykiCmVjaG8gLW4gIiR7UEFSQU1TX0lNQUdFfSIgfCB0ZWUgJHtSRVNVTFRTX0lNQUdFX1VSTF9QQVRIfQplY2hvIC1uICIke2RpZ2VzdF9zdW19IiB8IHRlZSAke1JFU1VMVFNfSU1BR0VfRElHRVNUX1BBVEh9Cg==" |base64 -d >buildah-bud.sh | ||
printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKZGVjbGFyZSAtcnggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKZGVjbGFyZSAtcnggUEFSQU1TX0RPQ0tFUkZJTEU9IiR7UEFSQU1TX0RPQ0tFUkZJTEU6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19DT05URVhUPSIke1BBUkFNU19DT05URVhUOi19IgpkZWNsYXJlIC1yeCBQQVJBTVNfU1RPUkFHRV9EUklWRVI9IiR7UEFSQU1TX1NUT1JBR0VfRFJJVkVSOi19IgpkZWNsYXJlIC1yeCBQQVJBTVNfQlVJTERfRVhUUkFfQVJHUz0iJHtQQVJBTVNfQlVJTERfRVhUUkFfQVJHUzotfSIKZGVjbGFyZSAtcnggUEFSQU1TX1BVU0hfRVhUUkFfQVJHUz0iJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTOi19IgpkZWNsYXJlIC1yeCBQQVJBTVNfU0tJUF9QVVNIPSIke1BBUkFNU19TS0lQX1BVU0g6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19UTFNfVkVSSUZZPSIke1BBUkFNU19UTFNfVkVSSUZZOi19IgpkZWNsYXJlIC1yeCBQQVJBTVNfVkVSQk9TRT0iJHtQQVJBTVNfVkVSQk9TRTotfSIKCmRlY2xhcmUgLXJ4IFdPUktTUEFDRVNfU09VUkNFX1BBVEg9IiR7V09SS1NQQUNFU19TT1VSQ0VfUEFUSDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19TT1VSQ0VfQk9VTkQ9IiR7V09SS1NQQUNFU19TT1VSQ0VfQk9VTkQ6LX0iCmRlY2xhcmUgLXJ4IFdPUktTUEFDRVNfRE9DS0VSQ09ORklHX1BBVEg9IiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19ET0NLRVJDT05GSUdfQk9VTkQ9IiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfQk9VTkQ6LX0iCgpkZWNsYXJlIC1yeCBSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIPSIke1JFU1VMVFNfSU1BR0VfRElHRVNUX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFJFU1VMVFNfSU1BR0VfVVJMX1BBVEg9IiR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSDotfSIKCiMKIyBEb2NrZXJmaWxlCiMKCiMgZXhwb3NpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUsIHdoaWNoIGJ5IGRlZmF1bHQgc2hvdWxkIGJlIHJlbGF0aXZlIHRvIHRoZSBwcmltYXJ5CiMgd29ya3NwYWNlLCB0byByZWNlaXZlIGEgZGlmZmVyZW50IGNvbnRhaW5lci1maWxlIGxvY2F0aW9uCmRlY2xhcmUgLXIgZG9ja2VyZmlsZV9vbl93cz0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19ET0NLRVJGSUxFfSIKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7RE9DS0VSRklMRV9GVUxMOi0ke2RvY2tlcmZpbGVfb25fd3N9fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKW1sgLXogIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgInVuYWJsZSB0byBmaW5kIHRoZSBEb2NrZXJmaWxlLCBET0NLRVJGSUxFIG1heSBoYXZlIGFuIGluY29ycmVjdCBsb2NhdGlvbiIKCmV4cG9ydGVkX29yX2ZhaWwgXAogICAgV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBcCiAgICBQQVJBTVNfSU1BR0UKCiMKIyBWZXJib3NlIE91dHB1dAojCgppZiBbWyAiJHtQQVJBTVNfVkVSQk9TRX0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgc2V0IC14CmZpCg==" |base64 -d >buildah-common.sh | ||
printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >common.sh | ||
chmod +x buildah-*.sh | ||
volumeMounts: | ||
- name: scripts-dir | ||
mountPath: /scripts | ||
|
||
- name: build | ||
image: registry.access.redhat.com/ubi8/buildah:8.9 | ||
workingDir: /workspace/source | ||
command: | ||
- /scripts/buildah-bud.sh | ||
securityContext: | ||
capabilities: | ||
add: ["SETFCAP"] | ||
volumeMounts: | ||
- name: scripts-dir | ||
mountPath: /scripts | ||
|
||
volumes: | ||
- name: scripts-dir | ||
emptyDir: {} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,83 @@ | ||
Source-to-Image Tekton Tasks (`s2i`) | ||
------------------------------------ | ||
|
||
# Abstract | ||
|
||
Describes the Tekton Tasks supporting Source-to-Image for various ecosystems. | ||
|
||
# `s2i` Builder Images | ||
|
||
This section we explain each language ecosystem comes with a predefined set of builder images, supported by Red Hat. | ||
|
||
The `s2i` Task helps in building reproducible container images from source code i.e. task for supporting s2i functionality. | ||
|
||
The s2i Task has been customized with builder images specific to various languages and have been named appropriately as follows: | ||
|
||
| Task Name | Builder Image Used | | ||
| ---------- | ---------------------------------------------------------------------- | | ||
| s2i-python | http://registry.access.redhat.com/ubi8/python-39:latest | | ||
| s2i-go | http://registry.access.redhat.com/ubi8/go-toolset:1.19.10-3 | | ||
| s2i-java | http://registry.access.redhat.com/ubi8/openjdk-11:latest | | ||
| s2i-dotnet | http://registry.access.redhat.com/ubi8/dotnet-60:6.0-37.20230802191230 | | ||
| s2i-php | http://registry.access.redhat.com/ubi9/php-81:1-29 | | ||
| s2i-nodejs | http://registry.access.redhat.com/ubi8/nodejs-18:latest | | ||
| s2i-perl | http://registry.access.redhat.com/ubi9/perl-532:1-91 | | ||
| s2i-ruby | http://registry.access.redhat.com/ubi9/ruby-31:1-50 | | ||
|
||
In case, the above builder images associated with the languages aren’t satisfactory for your source code, you can change it using appropriate parameter. | ||
|
||
# Usage | ||
|
||
Please, consider the usage example below: | ||
|
||
```yaml | ||
--- | ||
apiVersion: tekton.dev/v1beta1 | ||
kind: TaskRun | ||
metadata: {} | ||
spec: | ||
taskRef: | ||
name: s2i-python | ||
params: | ||
- name: IMAGE | ||
value: registry.registry.svc.cluster.local:32222/task-containers/task-s2i-python:latest | ||
``` | ||
In case the Container Registry requires authentication, please consider the [Tekton Pipelines documentation][tektonPipelineAuth]. In a nutshell, you need to create a Kubernetes Secret describing the following attributes: | ||
```bash | ||
kubectl create secret docker-registry imagestreams \ | ||
--docker-server="image-registry.openshift-image-registry.svc:5000" \ | ||
--docker-username="${REGISTRY_USERNAME}" \ | ||
--docker-password="${REGISTRY_TOKEN}" | ||
``` | ||
|
||
Then make sure the Secret is linked with the Service-Account running the `TaskRun`/`PipelineRun`. | ||
|
||
## Workspaces | ||
|
||
All of the s2i tasks use the `source` workspace which is meant to contain the Application source code, which acts as the build context for S2I workflow. | ||
|
||
|
||
## Params | ||
|
||
| Param | Type | Default | Description | | ||
| ----------------- | ------ | ------------------------ | ------------------------------------------------------------------------- | | ||
| IMAGE | string | (required) | Fully qualified container image name to be built by s2i | | ||
| IMAGE_SCRIPTS_URL | string | image:///usr/libexec/s2i | URL containing the default assemble and run scripts for the builder image | | ||
| ENV_VARS | array | [] | Array containing string of Environment Variables as "KEY=VALUE” | | ||
| SUBDIRECTORY | string | . | Relative subdirectory to the source Workspace for the build-context. | | ||
| STORAGE_DRIVER | string | overlay | Set buildah storage driver to reflect the currrent cluster node's | | ||
| settings. | | ||
| BUILD_EXTRA_ARGS | string | | Extra parameters passed for the build command when building images. | | ||
| PUSH_EXTRA_ARGS | string | | Extra parameters passed for the push command when pushing images. | | ||
| SKIP_PUSH | string | false | Skip pushing the image to the container registry. | | ||
| TLS_VERIFY | string | true | Sets the TLS verification flag, true is recommended. | | ||
| VERBOSE | string | false | Turns on verbose logging, all commands executed will be printed out. | | ||
|
||
## Results | ||
|
||
| Result | Description | | ||
| ------------ | ------------------------------- | | ||
| IMAGE_URL | Fully qualified image name. | | ||
| IMAGE_DIGEST | Digest of the image just built. | |
Oops, something went wrong.