diff --git a/cert.pem b/cert.pem new file mode 100644 index 0000000000..2e2107f874 --- /dev/null +++ b/cert.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFvTCCA6WgAwIBAgIUULfkY2RQ4/lH1On/GwiQdgjbYNkwDQYJKoZIhvcNAQEL +BQAwSDFGMEQGA1UEAww9dGVrdG9uLXJlc3VsdHMtYXBpLXNlcnZpY2UudGVrdG9u +LXBpcGVsaW5lcy5zdmMuY2x1c3Rlci5sb2NhbDAeFw0yNDExMjAwNTM2MDVaFw0y +NTExMjAwNTM2MDVaMEgxRjBEBgNVBAMMPXRla3Rvbi1yZXN1bHRzLWFwaS1zZXJ2 +aWNlLnRla3Rvbi1waXBlbGluZXMuc3ZjLmNsdXN0ZXIubG9jYWwwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQD11JE/Lr0rImOGKoteI7a35R/UFrn8tlky +ozFAVNBAkQ4C5xbLEaS7nG2mhe9WrG1Rx1NpISI7EpSq8rd3+cIIGqe6MKXj4Pks +/ETeUdydWH8ZWMRLNwmWXqAJ94ksQDYtGvttrz8uf8tuqH1re2TpUH/wZYB/irJ0 +HkFD2z/jXVdkBSPLMB/jGZyJtBpEt5Te25HC47QtgOor95fdHZfq21CXqqriR2IT +XAyu04EUisebt5tvnbuGCXuUb8WL9YjPBgHtAsw2lprNssaqtjm2DN6gvfIZIRY0 +DS/ZhKLRNhuas5VoTCnX6xZgtZcmyf8Mx549OnfY1WhUgirmbI3QYsQpssKbB1c4 +lbum3EIPXrWFFxzGd0f26sCe0/gd04BHZLW+RC2Yj97Vr+CwT+qWyXiJl/8E39Ib +HvL9YXeyibNMHEl2ONFeGHWw8Cajpd5Yh6uM1QNSKHgwp7sxKZEHrcURxKugd3id +dE/4qaUdtoIhr/kykPNMKefG/P+FiywjBu91k2Sua9tRYYJmefyVafRwuDvS4CAs +8Iuf6svfWkRQP5sHdTSBD4lKncGjSVBB8zDUdvSTFShBBvv0xLGF9t6RjC42i/Hy +wQJ6u4adMSQKnZ2eoyeZ2BDTYTIUW4WKcmv5kXQnYki527nGO6qD6E18v3FXv86t +EuAD1uKsrQIDAQABo4GeMIGbMB0GA1UdDgQWBBSgKuryMpbiqQnvzE5vEbzlIB2K +GTAfBgNVHSMEGDAWgBSgKuryMpbiqQnvzE5vEbzlIB2KGTAPBgNVHRMBAf8EBTAD +AQH/MEgGA1UdEQRBMD+CPXRla3Rvbi1yZXN1bHRzLWFwaS1zZXJ2aWNlLnRla3Rv +bi1waXBlbGluZXMuc3ZjLmNsdXN0ZXIubG9jYWwwDQYJKoZIhvcNAQELBQADggIB +ABwvKtdX05Pn68cYt/9Gluj5hoXF6n9sHZ0ONErTfnhaUUYdWUPFqqibkGnqsv5j +2wQSclSStSPNt8AWdjkwVlqD4C23hKb3WzWVs4ci2haAEUkDCoOemkORaBjhOt9E +R3a94MNfVjhHUYJ6xHSuNaTaOFU7LSUxnYgE5ZlfyVTEnihF9YP+Od9OuvtomCv6 +6IM0eKlcz0Lsg3yasfwziNUxe3PJxiWofTT8tQ2xYk/onYnYkzN7Z0leuuR4oUMa +F5QKnBiqnKZTuIzpEfdExhy5e/nLtZfm1x05LdOPW6m9AL8Kht3HURQmT9eVtdvj +yuq0Z2F3B95GFK36+31tzyv+34ydAOe6hAirJpmeZAO0iITs9KkRMs9Hr4KXJv0R +Q57kgc8FJuovLVi+eeCvb+cpUak1dDVzP/r7lYsK5uXJcOANZMY4PcGXiQFZm3NV +CH+RMvuMQvCVTvxjNft52CxBfy+FCbuhZsr858w/CGP4jzYP38RG4k1cnv3NnGvF +tW4+P1ARZvnLDe+yxqoNLQ5LVNcVY8YK0J6A049JkYH+4or8Nc5AfjuvyOX3DjGa +FqBg0ciNF658MwDR7C8cTaSMcUGdhss8VuMsr5HnYhzUMPfi3wd4gxQUT+Sn8Wcg +GwgDlpW7XOpyuBwl7ko4q2H81WhPs6DnwZ+tTvnwLhFi +-----END CERTIFICATE----- diff --git a/cmd/kubernetes/operator/kodata/manual-approval-gate/0.3.0/release-kubernetes.yaml b/cmd/kubernetes/operator/kodata/manual-approval-gate/0.3.0/release-kubernetes.yaml new file mode 100644 index 0000000000..123ba1af64 --- /dev/null +++ b/cmd/kubernetes/operator/kodata/manual-approval-gate/0.3.0/release-kubernetes.yaml @@ -0,0 +1,719 @@ +# Copyright 2022 The OpenShift Pipelines Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: manual-approval-gate-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: manual-approval-gate-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates + +--- +# Copyright 2022 The OpenShift Pipelines Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: manual-approval-gate-controller-cluster-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +rules: + # Controller needs cluster access to all of the CRDs that it is responsible for managing. + - apiGroups: ["tekton.dev"] + resources: ["runs", "taskruns", "customruns"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["tasks"] + verbs: ["get", "list"] + - apiGroups: ["tekton.dev"] + resources: ["runs/status", "taskruns/status", "customruns/status"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["openshift-pipelines.org"] + resources: ["approvaltasks"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["taskruns/finalizers", "pipelineruns/finalizers", "runs/finalizers", "customruns/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["runs/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["openshift-pipelines.org"] + resources: ["approvaltasks/status"] + verbs: ["update", "patch", "create"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + # This is the access that the controller needs on a per-namespace basis. + name: manual-approval-gate-controller-tenant-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: manual-approval-gate-webhook-cluster-access + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +rules: + # The webhook needs to be able to list and update customresourcedefinitions, + # mainly to update the webhook certificates. + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions", "customresourcedefinitions/status"] + verbs: ["get", "list", "update", "patch", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + # The webhook performs a reconciliation on these two resources and continuously + # updates configuration. + resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] + # knative starts informers on these things, which is why we need get, list and watch. + verbs: ["list", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations"] + # This mutating webhook is responsible for applying defaults to tekton objects + # as they are received. + resourceNames: ["webhook.approvaltask.openshift.org"] + # When there are changes to the configs or secrets, knative updates the mutatingwebhook config + # with the updated certificates or the refreshed set of rules. + verbs: ["get", "update"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + # validation.webhook.approvaltask.openshift.org performs schema validation when you, for example, create TaskLoops. + resourceNames: ["validation.webhook.manual-approval.openshift-pipelines.org"] + # When there are changes to the configs or secrets, knative updates the validatingwebhook config + # with the updated certificates or the refreshed set of rules. + verbs: ["get", "list", "update", "patch", "watch"] + - apiGroups: ["openshift-pipelines.org"] + resources: ["approvaltasks"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["openshift-pipelines.org"] + resources: ["approvaltasks/status"] + verbs: ["update", "patch", "create"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: manual-approval-gate-leader-election + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +rules: + # We uses leases for leaderelection + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + +--- +# Copyright 2022 The OpenShift Pipelines Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: manual-approval-gate-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["list", "watch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + resourceNames: ["manual-approval-config-leader-election", "config-logging", "config-observability"] +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: manual-approval-gate-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["list", "watch"] + # The webhook needs access to these configmaps for logging information. + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + resourceNames: ["config-logging", "config-observability", "manual-approval-config-leader-election"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["list", "watch"] + # The webhook daemon makes a reconciliation loop on manual-approval-gate-webhook-certs. Whenever + # the secret changes it updates the webhook configurations with the certificates + # stored in the secret. + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "update"] + resourceNames: ["manual-approval-gate-webhook-certs"] + +--- +# Copyright 2022 The OpenShift Pipelines Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: manual-approval-gate-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +subjects: + - kind: ServiceAccount + name: manual-approval-gate-controller + namespace: tekton-pipelines +roleRef: + kind: Role + name: manual-approval-gate-controller + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: manual-approval-gate-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +subjects: + - kind: ServiceAccount + name: manual-approval-gate-webhook + namespace: tekton-pipelines +roleRef: + kind: Role + name: manual-approval-gate-webhook + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2022 The OpenShift Pipelines Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: manual-approval-gate-controller-cluster-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +subjects: + - kind: ServiceAccount + name: manual-approval-gate-controller + namespace: tekton-pipelines + - kind: Group + name: system:authenticated + apiGroup: rbac.authorization.k8s.io +roleRef: + kind: ClusterRole + name: manual-approval-gate-controller-cluster-access + apiGroup: rbac.authorization.k8s.io +--- +# If this ClusterRoleBinding is replaced with a RoleBinding +# then the ClusterRole would be namespaced. The access described by +# the tekton-taskgroup-controller-tenant-access ClusterRole would +# be scoped to individual tenant namespaces. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: manual-approval-gate-controller-tenant-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +subjects: + - kind: ServiceAccount + name: manual-approval-gate-controller + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: manual-approval-gate-controller-tenant-access + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: manual-approval-gate-controller-leaderelection + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +subjects: + - kind: ServiceAccount + name: manual-approval-gate-controller + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: manual-approval-gate-leader-election + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: manual-approval-gate-webhook-cluster-access + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +subjects: + - kind: ServiceAccount + name: manual-approval-gate-webhook + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: manual-approval-gate-webhook-cluster-access + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: manual-approval-gate-webhook-leaderelection + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +subjects: + - kind: ServiceAccount + name: manual-approval-gate-webhook + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: manual-approval-gate-leader-election + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2022 The OpenShift Pipelines Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: approvaltasks.openshift-pipelines.org + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates + pipeline.tekton.dev/release: "devel" + version: "v0.3.0" +spec: + group: openshift-pipelines.org + preserveUnknownFields: false + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: ApprovalTask + plural: approvaltasks + categories: + - tekton + - tekton-pipelines + scope: Namespaced + +--- +# Copyright 2024 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: manual-approval-gate-webhook-certs + namespace: tekton-pipelines +# The data is populated at install time. +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.webhook.manual-approval.openshift-pipelines.org +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: manual-approval-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: validation.webhook.manual-approval.openshift-pipelines.org +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: manual-approval-config-leader-election + namespace: tekton-pipelines + labels: + operator.tekton.dev/release: devel + app.kubernetes.io/instance: default +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" + +--- +# Copyright 2022 The OpenShift Pipelines Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: manual-approval-gate-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.3.0" + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "devel" + # labels below are related to istio and should not be used for resource lookup + version: "v0.3.0" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.3.0" + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "devel" + # labels below are related to istio and should not be used for resource lookup + app: tekton-taskgroup-controller + version: "v0.3.0" + spec: + serviceAccountName: manual-approval-gate-controller + containers: + - name: tekton-taskgroup-controller + image: ghcr.io/openshift-pipelines/manual-approval-gate/controller-b21cda49f4c608e77b59fc6a3bf67c9e:v0.3.0@sha256:eabc17a5598be5d5aa1e626ed6ad76f3b6a67294a7ddc2e59f092fa5467bb9d8 + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LEADERELECTION_NAME + value: manual-approval-config-leader-election + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: openshift-pipelines.org/manual-approval-gate + securityContext: + seccompProfile: + type: RuntimeDefault + runAsNonRoot: true + allowPrivilegeEscalation: false + runAsUser: 65532 + capabilities: + drop: + - ALL + +--- +# Copyright 2024 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: manual-approval-gate-webhook + namespace: tekton-pipelines + labels: + version: "v0.3.0" +spec: + replicas: 1 + selector: + matchLabels: + name: manual-approval-gate-webhook + template: + metadata: + labels: + name: manual-approval-gate-webhook + app: manual-approval-gate-webhook + spec: + serviceAccountName: manual-approval-gate-webhook + containers: + - name: manual-approval + image: "ghcr.io/openshift-pipelines/manual-approval-gate/webhook-3d5568be3d188037c7bf9bfde2cf1321:v0.3.0@sha256:c7ec84de1eb5645384c5138e117438a5209fc6abc6ade0b9e7ec35f2a0b8ea7e" + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: WEBHOOK_SERVICE_NAME + value: manual-approval-webhook + - name: WEBHOOK_SECRET_NAME + value: manual-approval-gate-webhook-certs + - name: CONFIG_LEADERELECTION_NAME + value: manual-approval-config-leader-election + ports: + - name: https-webhook + containerPort: 8443 + securityContext: + seccompProfile: + type: RuntimeDefault + runAsNonRoot: true + allowPrivilegeEscalation: false + runAsUser: 65532 + capabilities: + drop: + - ALL +--- +apiVersion: v1 +kind: Service +metadata: + name: manual-approval-webhook + namespace: tekton-pipelines + labels: + version: "v0.3.0" +spec: + ports: + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + name: manual-approval-gate-webhook + +--- +# Copyright 2024 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: manual-approval-gate-info + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: manual-approval-gate +data: + version: "v0.3.0" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: manual-approval-gate-info + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: manual-approval-gate +rules: + # All system:authenticated users need to have access + # to the manual-approval-gate-info ConfigMap even if they don't + # have access to other resources present in the + # installed namespace + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["manual-approval-gate-info"] + verbs: ["get"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: manual-approval-gate-info + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: manual-approval-gate +subjects: + # Giving all system:authenticated users the access to the + # ConfigMap which contains version information + - kind: Group + name: system:authenticated + apiGroup: rbac.authorization.k8s.io +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: manual-approval-gate-info + +--- diff --git a/cmd/kubernetes/operator/kodata/tekton-chains/0.22.2/00-chains.yaml b/cmd/kubernetes/operator/kodata/tekton-chains/0.22.2/00-chains.yaml new file mode 100644 index 0000000000..0ef861b68d --- /dev/null +++ b/cmd/kubernetes/operator/kodata/tekton-chains/0.22.2/00-chains.yaml @@ -0,0 +1,551 @@ +# Copyright 2021 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: Namespace +apiVersion: v1 +metadata: + name: tekton-chains + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains +--- +apiVersion: v1 +kind: Secret +metadata: + name: signing-secrets + namespace: tekton-chains + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains + +# The data is populated at install time. +# data: +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: chains-config + namespace: tekton-chains + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains + +# The data can be tweaked at install time, it is commented out +# because these are the default settings. +# data: +# artifacts.taskrun.format: tekton +# artifacts.taskrun.storage: tekton +# artifacts.taskrun.signer: x509 +# artifacts.oci.storage: oci +# artifacts.oci.format: simplesigning +# artifacts.oci.signer: x509 +# transparency.enabled: false +# transparency.url: https://rekor.sigstore.dev +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-chains-controller + namespace: tekton-chains + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains + pipeline.tekton.dev/release: "devel" + version: "v0.22.2" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app: tekton-chains-controller + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains + # # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "devel" + version: "v0.22.2" + spec: + serviceAccountName: tekton-chains-controller + containers: + - name: tekton-chains-controller + image: gcr.io/tekton-releases/github.com/tektoncd/chains/cmd/controller:v0.22.2@sha256:997d5e40fa93895658975cd10326e3cd71de985962fdc458feb6a574d9596050 + volumeMounts: + - name: signing-secrets + mountPath: /etc/signing-secrets + - name: oidc-info + mountPath: /var/run/sigstore/cosign + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: METRICS_DOMAIN + value: tekton.dev/chains + - name: CONFIG_OBSERVABILITY_NAME + value: tekton-chains-config-observability + - name: CONFIG_LEADERELECTION_NAME + value: tekton-chains-config-leader-election + ports: + - name: metrics + containerPort: 9090 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + # User 65532 is the distroless nonroot user ID + runAsUser: 65532 + runAsGroup: 65532 + volumes: + - name: signing-secrets + secret: + secretName: signing-secrets + - name: oidc-info + projected: + sources: + # The "public good" instance supports tokens from EKS and GKE by default. + # The fulcio URL can also be redirected to an instance that has been + # configured to accept other issuers as well. Removing this volume + # completely will direct chains to use alternate ambient credentials + # (e.g. GKE workload identity, SPIFFE) + - serviceAccountToken: + path: oidc-token + expirationSeconds: 600 # Use as short-lived as possible. + audience: sigstore + +--- +# Copyright 2021 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-chains-controller-cluster-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains +subjects: + - kind: ServiceAccount + name: tekton-chains-controller + namespace: tekton-chains +roleRef: + kind: ClusterRole + name: tekton-chains-controller-cluster-access + apiGroup: rbac.authorization.k8s.io +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-chains-controller-cluster-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains +rules: + - apiGroups: [""] + # Controller needs to watch Pods created by TaskRuns to see them progress. + resources: ["pods"] + verbs: ["list", "watch"] + # Controller needs cluster access to all of the CRDs that it is responsible for + # managing. + - apiGroups: ["tekton.dev"] + resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "pipelineresources", "conditions", "runs"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["taskruns/finalizers", "pipelineruns/finalizers", "runs/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status", "pipelineruns/status", "pipelineresources/status", "runs/status"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + # This is the access that the controller needs on a per-namespace basis. + name: tekton-chains-controller-tenant-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains +rules: + # Read-write access to create Pods, K8s Events and PVCs (for Workspaces) + - apiGroups: [""] + resources: ["pods", "pods/log", "events", "persistentvolumeclaims"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + # Read-only access to these. + - apiGroups: [""] + resources: ["configmaps", "limitranges", "secrets", "serviceaccounts"] + verbs: ["get", "list", "watch"] + # Read-write access to StatefulSets for Affinity Assistant. + - apiGroups: ["apps"] + resources: ["statefulsets"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +# If this ClusterRoleBinding is replaced with a RoleBinding +# then the ClusterRole would be namespaced. The access described by +# the tekton-pipelines-controller-tenant-access ClusterRole would +# be scoped to individual tenant namespaces. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-chains-controller-tenant-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains +subjects: + - kind: ServiceAccount + name: tekton-chains-controller + namespace: tekton-chains +roleRef: + kind: ClusterRole + name: tekton-chains-controller-tenant-access + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-chains-controller + namespace: tekton-chains + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-chains-leader-election + namespace: tekton-chains + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains +rules: + # We uses leases for leaderelection + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-chains-controller-leaderelection + namespace: tekton-chains + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains +subjects: + - kind: ServiceAccount + name: tekton-chains-controller + namespace: tekton-chains +roleRef: + kind: Role + name: tekton-chains-leader-election + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: tekton-chains-info + namespace: tekton-chains + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains +rules: + # All system:authenticated users need to have access + # to the chains-info ConfigMap even if they don't + # have access to other resources present in the + # installed namespace + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["chains-info"] + verbs: ["get"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-chains-info + namespace: tekton-chains + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains +subjects: + # Giving all system:authenticated users the access to the + # ConfigMap which contains version information + - kind: Group + name: system:authenticated + apiGroup: rbac.authorization.k8s.io +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: tekton-chains-info + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: chains-info + namespace: tekton-chains + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains +data: + # Contains chains version which can be queried by external + # tools such as CLI. Elevated permissions are given to + # this ConfigMap such that even if we don't have access to + # other resources in the namespace, we can still access + # this ConfigMap. + version: "v0.22.2" + +--- +# Copyright 2023 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: tekton-chains-config-leader-election + namespace: tekton-chains + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" + +--- +# Copyright 2019 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-logging + namespace: tekton-chains + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains +data: + # Common configuration for all knative codebase + zap-logger-config: | + { + "level": "info", + "development": false, + "sampling": { + "initial": 100, + "thereafter": 100 + }, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "ts", + "levelKey": "level", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "msg", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "iso8601", + "durationEncoder": "", + "callerEncoder": "" + } + } + # Log level overrides + loglevel.controller: "info" + loglevel.webhook: "info" + +--- +# Copyright 2023 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: tekton-chains-config-observability + namespace: tekton-chains + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # + # metrics.backend-destination field specifies the system metrics destination. + # It supports either prometheus (the default) or stackdriver. + # Note: Using Stackdriver will incur additional charges. + # + metrics.backend-destination: prometheus + # + # metrics.stackdriver-project-id field specifies the Stackdriver project ID. This + # field is optional. When running on GCE, application default credentials will be + # used and metrics will be sent to the cluster's project if this field is + # not provided. + # + metrics.stackdriver-project-id: "" + # + # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed + # to send metrics to Stackdriver using "global" resource type and custom + # metric type. Setting this flag to "true" could cause extra Stackdriver + # charge. If metrics.backend-destination is not Stackdriver, this is + # ignored. + # + metrics.allow-stackdriver-custom-metrics: "false" + +--- +# Copyright 2023 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: tekton-chains-metrics + namespace: tekton-chains + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains + app: tekton-chains-controller +spec: + ports: + - name: http-metrics + port: 9090 + protocol: TCP + targetPort: 9090 + selector: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains + +--- diff --git a/cmd/kubernetes/operator/kodata/tekton-dashboard/tekton-dashboard-fullaccess/0.52.0/00-dashboard.yaml b/cmd/kubernetes/operator/kodata/tekton-dashboard/tekton-dashboard-fullaccess/0.52.0/00-dashboard.yaml new file mode 100644 index 0000000000..05c6deac4a --- /dev/null +++ b/cmd/kubernetes/operator/kodata/tekton-dashboard/tekton-dashboard-fullaccess/0.52.0/00-dashboard.yaml @@ -0,0 +1,407 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + name: tekton-dashboard +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + name: extensions.dashboard.tekton.dev +spec: + group: dashboard.tekton.dev + names: + categories: + - tekton + - tekton-dashboard + kind: Extension + plural: extensions + shortNames: + - ext + - exts + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.apiVersion + name: API version + type: string + - jsonPath: .spec.name + name: Kind + type: string + - jsonPath: .spec.displayName + name: Display name + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + name: tekton-dashboard + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + name: tekton-dashboard-info + namespace: tekton-pipelines +rules: + - apiGroups: + - "" + resourceNames: + - dashboard-info + resources: + - configmaps + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + name: tekton-dashboard-backend +rules: + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - tekton.dev + resources: + - clustertasks + verbs: + - get + - list + - watch + - apiGroups: + - triggers.tekton.dev + resources: + - clusterinterceptors + - clustertriggerbindings + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + - watch + - apiGroups: + - dashboard.tekton.dev + resources: + - extensions + verbs: + - create + - update + - delete + - patch + - apiGroups: + - tekton.dev + resources: + - clustertasks + verbs: + - create + - update + - delete + - patch + - apiGroups: + - triggers.tekton.dev + resources: + - clusterinterceptors + - clustertriggerbindings + verbs: + - create + - update + - delete + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + name: tekton-dashboard-tenant +rules: + - apiGroups: + - dashboard.tekton.dev + resources: + - extensions + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + - namespaces + - pods + - pods/log + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - stepactions + - tasks + - taskruns + - pipelines + - pipelineruns + - customruns + verbs: + - get + - list + - watch + - apiGroups: + - triggers.tekton.dev + resources: + - eventlisteners + - interceptors + - triggerbindings + - triggers + - triggertemplates + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - stepactions + - tasks + - taskruns + - pipelines + - pipelineruns + - customruns + verbs: + - create + - update + - delete + - patch + - apiGroups: + - triggers.tekton.dev + resources: + - eventlisteners + - interceptors + - triggerbindings + - triggers + - triggertemplates + verbs: + - create + - update + - delete + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + name: tekton-dashboard-info + namespace: tekton-pipelines +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: tekton-dashboard-info +subjects: + - apiGroup: rbac.authorization.k8s.io + kind: Group + name: system:authenticated +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + rbac.dashboard.tekton.dev/subject: tekton-dashboard + name: tekton-dashboard-backend +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-dashboard-backend +subjects: + - kind: ServiceAccount + name: tekton-dashboard + namespace: tekton-pipelines +--- +apiVersion: v1 +data: + version: v0.52.0 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + name: dashboard-info + namespace: tekton-pipelines +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: tekton-dashboard + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/name: dashboard + app.kubernetes.io/part-of: tekton-dashboard + app.kubernetes.io/version: v0.52.0 + dashboard.tekton.dev/release: v0.52.0 + version: v0.52.0 + name: tekton-dashboard + namespace: tekton-pipelines +spec: + ports: + - name: http + port: 9097 + protocol: TCP + targetPort: 9097 + selector: + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/name: dashboard + app.kubernetes.io/part-of: tekton-dashboard +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: tekton-dashboard + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/name: dashboard + app.kubernetes.io/part-of: tekton-dashboard + app.kubernetes.io/version: v0.52.0 + dashboard.tekton.dev/release: v0.52.0 + version: v0.52.0 + name: tekton-dashboard + namespace: tekton-pipelines +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/name: dashboard + app.kubernetes.io/part-of: tekton-dashboard + template: + metadata: + labels: + app: tekton-dashboard + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/name: dashboard + app.kubernetes.io/part-of: tekton-dashboard + app.kubernetes.io/version: v0.52.0 + name: tekton-dashboard + spec: + containers: + - args: + - --port=9097 + - --logout-url= + - --pipelines-namespace=tekton-pipelines + - --triggers-namespace=tekton-pipelines + - --read-only=false + - --log-level=info + - --log-format=json + - --default-namespace= + - --namespaces= + - --stream-logs=true + - --external-logs= + env: + - name: INSTALLED_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: ghcr.io/tektoncd/dashboard/dashboard-9623576a202fe86c8b7d1bc489905f86:v0.52.0@sha256:c01298c714fc9fa4ab8813469f15e94b4924328a749e178f984be0b70f78face + livenessProbe: + httpGet: + path: /health + port: 9097 + name: tekton-dashboard + ports: + - containerPort: 9097 + readinessProbe: + httpGet: + path: /readiness + port: 9097 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 + seccompProfile: + type: RuntimeDefault + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: tekton-dashboard + volumes: [] + +--- +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + rbac.dashboard.tekton.dev/subject: tekton-dashboard + name: tekton-dashboard-tenant +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-dashboard-tenant +subjects: + - kind: ServiceAccount + name: tekton-dashboard + namespace: tekton-pipelines diff --git a/cmd/kubernetes/operator/kodata/tekton-dashboard/tekton-dashboard-readonly/0.52.0/00-dashboard.yaml b/cmd/kubernetes/operator/kodata/tekton-dashboard/tekton-dashboard-readonly/0.52.0/00-dashboard.yaml new file mode 100644 index 0000000000..72007b2592 --- /dev/null +++ b/cmd/kubernetes/operator/kodata/tekton-dashboard/tekton-dashboard-readonly/0.52.0/00-dashboard.yaml @@ -0,0 +1,336 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + name: extensions.dashboard.tekton.dev +spec: + group: dashboard.tekton.dev + names: + categories: + - tekton + - tekton-dashboard + kind: Extension + plural: extensions + shortNames: + - ext + - exts + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.apiVersion + name: API version + type: string + - jsonPath: .spec.name + name: Kind + type: string + - jsonPath: .spec.displayName + name: Display name + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + name: tekton-dashboard + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + name: tekton-dashboard-info + namespace: tekton-pipelines +rules: + - apiGroups: + - "" + resourceNames: + - dashboard-info + resources: + - configmaps + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + name: tekton-dashboard-backend +rules: + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - tekton.dev + resources: + - clustertasks + verbs: + - get + - list + - watch + - apiGroups: + - triggers.tekton.dev + resources: + - clusterinterceptors + - clustertriggerbindings + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + name: tekton-dashboard-tenant +rules: + - apiGroups: + - dashboard.tekton.dev + resources: + - extensions + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + - namespaces + - pods + - pods/log + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - stepactions + - tasks + - taskruns + - pipelines + - pipelineruns + - customruns + verbs: + - get + - list + - watch + - apiGroups: + - triggers.tekton.dev + resources: + - eventlisteners + - interceptors + - triggerbindings + - triggers + - triggertemplates + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + name: tekton-dashboard-info + namespace: tekton-pipelines +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: tekton-dashboard-info +subjects: + - apiGroup: rbac.authorization.k8s.io + kind: Group + name: system:authenticated +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + rbac.dashboard.tekton.dev/subject: tekton-dashboard + name: tekton-dashboard-backend +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-dashboard-backend +subjects: + - kind: ServiceAccount + name: tekton-dashboard + namespace: tekton-pipelines +--- +apiVersion: v1 +data: + version: v0.52.0 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + name: dashboard-info + namespace: tekton-pipelines +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: tekton-dashboard + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/name: dashboard + app.kubernetes.io/part-of: tekton-dashboard + app.kubernetes.io/version: v0.52.0 + dashboard.tekton.dev/release: v0.52.0 + version: v0.52.0 + name: tekton-dashboard + namespace: tekton-pipelines +spec: + ports: + - name: http + port: 9097 + protocol: TCP + targetPort: 9097 + selector: + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/name: dashboard + app.kubernetes.io/part-of: tekton-dashboard +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: tekton-dashboard + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/name: dashboard + app.kubernetes.io/part-of: tekton-dashboard + app.kubernetes.io/version: v0.52.0 + dashboard.tekton.dev/release: v0.52.0 + version: v0.52.0 + name: tekton-dashboard + namespace: tekton-pipelines +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/name: dashboard + app.kubernetes.io/part-of: tekton-dashboard + template: + metadata: + labels: + app: tekton-dashboard + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/name: dashboard + app.kubernetes.io/part-of: tekton-dashboard + app.kubernetes.io/version: v0.52.0 + name: tekton-dashboard + spec: + containers: + - args: + - --port=9097 + - --logout-url= + - --pipelines-namespace=tekton-pipelines + - --triggers-namespace=tekton-pipelines + - --read-only=true + - --log-level=info + - --log-format=json + - --default-namespace= + - --namespaces= + - --stream-logs=true + - --external-logs= + env: + - name: INSTALLED_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: ghcr.io/tektoncd/dashboard/dashboard-9623576a202fe86c8b7d1bc489905f86:v0.52.0@sha256:c01298c714fc9fa4ab8813469f15e94b4924328a749e178f984be0b70f78face + livenessProbe: + httpGet: + path: /health + port: 9097 + name: tekton-dashboard + ports: + - containerPort: 9097 + readinessProbe: + httpGet: + path: /readiness + port: 9097 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 + seccompProfile: + type: RuntimeDefault + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: tekton-dashboard + volumes: [] + +--- +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + rbac.dashboard.tekton.dev/subject: tekton-dashboard + name: tekton-dashboard-tenant +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-dashboard-tenant +subjects: + - kind: ServiceAccount + name: tekton-dashboard + namespace: tekton-pipelines diff --git a/cmd/kubernetes/operator/kodata/tekton-hub/v1.18.0/api/api.yaml b/cmd/kubernetes/operator/kodata/tekton-hub/v1.18.0/api/api.yaml new file mode 100644 index 0000000000..c50ad494e2 --- /dev/null +++ b/cmd/kubernetes/operator/kodata/tekton-hub/v1.18.0/api/api.yaml @@ -0,0 +1,339 @@ +# Copyright © 2022 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: tekton-hub-api + labels: + app: tekton-hub-api +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + +--- +apiVersion: v1 +kind: Secret +metadata: + name: tekton-hub-api +type: Opaque +stringData: + GH_CLIENT_ID: '' + GH_CLIENT_SECRET: '' + GHE_URL: '' + GL_CLIENT_ID: '' + GL_CLIENT_SECRET: '' + GLE_URL: '' + BB_CLIENT_ID: '' + BB_CLIENT_SECRET: '' + JWT_SIGNING_KEY: '' + ACCESS_JWT_EXPIRES_IN: '' + REFRESH_JWT_EXPIRES_IN: '' + AUTH_BASE_URL: '' + +--- +# Copyright © 2020 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http:www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: tekton-hub-api + labels: + app: tekton-hub-api +data: + CATEGORIES: | + - Automation + - Build Tools + - CLI + - Cloud + - Code Quality + - Continuous Integration + - Deployment + - Developer Tools + - Image Build + - Integration & Delivery + - Git + - Kubernetes + - Messaging + - Monitoring + - Networking + - Openshift + - Publishing + - Security + - Storage + - Testing + CATALOGS: | + - name: tekton + org: tektoncd + type: community + provider: github + url: https://github.com/tektoncd/catalog + revision: main + SCOPES: | + - name: agent:create + users: [vinamra28, piyush-garg, pratap0007, puneetpunamiya, sm43, sthaha, vdemeester] + - name: catalog:refresh + users: [vinamra28, piyush-garg, pratap0007, puneetpunamiya, sm43, sthaha, vdemeester] + - name: config:refresh + users: [vinamra28, piyush-garg, pratap0007, puneetpunamiya, sm43, sthaha, vdemeester] + DEFAULT: | + scopes: + - rating:read + - rating:write + CATALOG_REFRESH_INTERVAL: 30m + +--- +# Copyright © 2020 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-hub-api + labels: + app: tekton-hub-api +spec: + selector: + matchLabels: + app: tekton-hub-api + replicas: 1 + template: + metadata: + labels: + app: tekton-hub-api + spec: + volumes: + - name: catalog-source + persistentVolumeClaim: + claimName: tekton-hub-api + - name: tekton-hub-config + configMap: + name: tekton-hub-api + items: + - key: CATEGORIES + path: 'categories' + - key: CATALOGS + path: 'catalogs' + - key: SCOPES + path: 'scopes' + - key: CATALOG_REFRESH_INTERVAL + path: 'catalog_refresh_interval' + - key: DEFAULT + path: 'default' + - name: ssh-creds + secret: + secretName: tekton-hub-api-ssh-crds + optional: true + securityContext: + fsGroup: 65532 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + containers: + - name: tekton-hub-api + image: quay.io/tekton-hub/api:v1.18.0 + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 500m + memory: 500Mi + volumeMounts: + - name: catalog-source + mountPath: '/tmp/catalog' + - name: ssh-creds + mountPath: '/home/hub/.ssh' + - name: tekton-hub-config + mountPath: '/tmp/config' + ports: + - containerPort: 8000 + - containerPort: 4200 + readinessProbe: + failureThreshold: 3 + httpGet: + path: / + port: 8000 + scheme: HTTP + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + httpGet: + path: / + port: 8000 + scheme: HTTP + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 1 + securityContext: + allowPrivilegeEscalation: false + runAsUser: 65532 + capabilities: + drop: + - ALL + env: + - name: HOME + value: /home/hub + - name: POSTGRES_HOST + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_HOST + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_PORT + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_DB + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_USER + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_PASSWORD + - name: CATALOG_REFRESH_INTERVAL + valueFrom: + configMapKeyRef: + name: tekton-hub-api + key: CATALOG_REFRESH_INTERVAL + - name: GH_CLIENT_ID + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: GH_CLIENT_ID + - name: GH_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: GH_CLIENT_SECRET + - name: GHE_URL + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: GHE_URL + - name: GL_CLIENT_ID + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: GL_CLIENT_ID + - name: GL_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: GL_CLIENT_SECRET + - name: GLE_URL + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: GLE_URL + - name: BB_CLIENT_ID + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: BB_CLIENT_ID + - name: BB_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: BB_CLIENT_SECRET + - name: JWT_SIGNING_KEY + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: JWT_SIGNING_KEY + - name: ACCESS_JWT_EXPIRES_IN + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: ACCESS_JWT_EXPIRES_IN + - name: REFRESH_JWT_EXPIRES_IN + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: REFRESH_JWT_EXPIRES_IN + - name: AUTH_BASE_URL + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: AUTH_BASE_URL + +--- +# Copyright © 2020 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Service +metadata: + name: tekton-hub-api + labels: + app: tekton-hub-api +spec: + selector: + app: tekton-hub-api + ports: + - name: tekton-hub-api + port: 8000 + targetPort: 8000 + - name: tekton-hub-auth + port: 4200 + targetPort: 4200 + type: NodePort + +--- diff --git a/cmd/kubernetes/operator/kodata/tekton-hub/v1.18.0/db-migration/db-migration.yaml b/cmd/kubernetes/operator/kodata/tekton-hub/v1.18.0/db-migration/db-migration.yaml new file mode 100644 index 0000000000..f5b4f7a32b --- /dev/null +++ b/cmd/kubernetes/operator/kodata/tekton-hub/v1.18.0/db-migration/db-migration.yaml @@ -0,0 +1,67 @@ +# Copyright © 2020 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: batch/v1 +kind: Job +metadata: + name: tekton-hub-db-migration + labels: + app: tekton-hub-db +spec: + template: + spec: + securityContext: + fsGroup: 65532 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + containers: + - name: tekton-hub-db-migration + image: quay.io/tekton-hub/db-migration:v1.18.0 + securityContext: + allowPrivilegeEscalation: false + runAsUser: 65532 + capabilities: + drop: + - ALL + env: + - name: POSTGRES_HOST + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_HOST + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_PORT + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_DB + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_USER + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_PASSWORD + restartPolicy: Never + backoffLimit: 3 + +--- diff --git a/cmd/kubernetes/operator/kodata/tekton-hub/v1.18.0/db/db.yaml b/cmd/kubernetes/operator/kodata/tekton-hub/v1.18.0/db/db.yaml new file mode 100644 index 0000000000..3adb610ec9 --- /dev/null +++ b/cmd/kubernetes/operator/kodata/tekton-hub/v1.18.0/db/db.yaml @@ -0,0 +1,204 @@ +# Copyright © 2020 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Namespace +metadata: + name: tekton-hub +spec: {} + +--- +# Copyright © 2020 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: tekton-hub-db + labels: + app: tekton-hub-db +type: Opaque +stringData: + POSTGRES_HOST: tekton-hub-db + POSTGRES_DB: hub + POSTGRES_USER: postgres + POSTGRES_PASSWORD: postgres + POSTGRES_PORT: "5432" + +--- +# Copyright © 2020 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: tekton-hub-db + labels: + app: tekton-hub-db +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + +--- +# Copyright © 2020 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-hub-db + labels: + app: tekton-hub-db +spec: + replicas: 1 + selector: + matchLabels: + app: tekton-hub-db + template: + metadata: + labels: + app: tekton-hub-db + spec: + securityContext: + fsGroup: 65532 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + containers: + - name: tekton-hub-db + image: postgres:13 + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 500m + memory: 500Mi + imagePullPolicy: IfNotPresent + ports: + - containerPort: 5432 + protocol: TCP + securityContext: + allowPrivilegeEscalation: false + runAsUser: 65532 + capabilities: + drop: + - ALL + env: + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_DB + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_USER + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_PASSWORD + - name: PGDATA + value: /var/lib/postgresql/data/pgdata + volumeMounts: + - name: tekton-hub-db + mountPath: /var/lib/postgresql/data + readinessProbe: + exec: + command: [bash, -c, "psql -w -U ${POSTGRES_USER} -d ${POSTGRES_DB} -c 'SELECT 1'"] + initialDelaySeconds: 15 + timeoutSeconds: 2 + periodSeconds: 15 + livenessProbe: + exec: + command: [bash, -c, "psql -w -U ${POSTGRES_USER} -d ${POSTGRES_DB} -c 'SELECT 1'"] + initialDelaySeconds: 45 + timeoutSeconds: 2 + periodSeconds: 15 + volumes: + - name: tekton-hub-db + persistentVolumeClaim: + claimName: tekton-hub-db + restartPolicy: Always + +--- +# Copyright © 2020 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: tekton-hub-db + labels: + app: tekton-hub-db +spec: + type: ClusterIP + selector: + app: tekton-hub-db + ports: + - name: postgresql + port: 5432 + protocol: TCP + targetPort: 5432 + +--- diff --git a/cmd/kubernetes/operator/kodata/tekton-hub/v1.18.0/hub-info/hub-info.yaml b/cmd/kubernetes/operator/kodata/tekton-hub/v1.18.0/hub-info/hub-info.yaml new file mode 100644 index 0000000000..07bc7513c5 --- /dev/null +++ b/cmd/kubernetes/operator/kodata/tekton-hub/v1.18.0/hub-info/hub-info.yaml @@ -0,0 +1,74 @@ +# Copyright 2024 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: hub-info + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-hub +data: + version: v1.18.0 + +--- +# Copyright 2024 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: tekton-hub-info + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-hub +rules: + # All system:authenticated users need to have access + # to the hub-info ConfigMap even if they don't + # have access to other resources present in the + # installed namespace + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["hub-info"] + verbs: ["get"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-hub-info + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-hub +subjects: + # Giving all system:authenticated users the access to the + # ConfigMap which contains version information + - kind: Group + name: system:authenticated + apiGroup: rbac.authorization.k8s.io +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: tekton-hub-info + +--- diff --git a/cmd/kubernetes/operator/kodata/tekton-hub/v1.18.0/ui/ui.yaml b/cmd/kubernetes/operator/kodata/tekton-hub/v1.18.0/ui/ui.yaml new file mode 100644 index 0000000000..368fba1b30 --- /dev/null +++ b/cmd/kubernetes/operator/kodata/tekton-hub/v1.18.0/ui/ui.yaml @@ -0,0 +1,120 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: tekton-hub-ui +data: + API_URL: 'https://api.hub.tekton.dev' + API_VERSION: '' + AUTH_BASE_URL: '' + REDIRECT_URI: '' + CUSTOM_LOGO_MEDIA_TYPE: 'image/png' + CUSTOM_LOGO_BASE64_DATA: '' + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-hub-ui + labels: + app: tekton-hub-ui +spec: + selector: + matchLabels: + app: tekton-hub-ui + template: + metadata: + name: tekton-hub-ui + labels: + app: tekton-hub-ui + spec: + securityContext: + fsGroup: 65532 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + containers: + - name: tekton-hub-ui + image: quay.io/tekton-hub/ui:v1.18.0 + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 500m + memory: 500Mi + securityContext: + allowPrivilegeEscalation: false + runAsUser: 65532 + capabilities: + drop: + - ALL + env: + - name: API_URL + valueFrom: + configMapKeyRef: + name: tekton-hub-ui + key: API_URL + - name: API_VERSION + valueFrom: + configMapKeyRef: + name: tekton-hub-ui + key: API_VERSION + - name: AUTH_BASE_URL + valueFrom: + configMapKeyRef: + name: tekton-hub-ui + key: AUTH_BASE_URL + - name: REDIRECT_URI + valueFrom: + configMapKeyRef: + name: tekton-hub-ui + key: REDIRECT_URI + - name: CUSTOM_LOGO_MEDIA_TYPE + valueFrom: + configMapKeyRef: + name: tekton-hub-ui + key: CUSTOM_LOGO_MEDIA_TYPE + - name: CUSTOM_LOGO_BASE64_DATA + valueFrom: + configMapKeyRef: + name: tekton-hub-ui + key: CUSTOM_LOGO_BASE64_DATA + ports: + - containerPort: 8080 + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: / + port: 8080 + scheme: HTTP + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + httpGet: + path: / + port: 8080 + scheme: HTTP + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 1 + +--- +apiVersion: v1 +kind: Service +metadata: + name: tekton-hub-ui + labels: + app: tekton-hub-ui +spec: + type: NodePort + selector: + app: tekton-hub-ui + ports: + - port: 8080 + targetPort: 8080 + protocol: TCP + +--- diff --git a/cmd/kubernetes/operator/kodata/tekton-pipeline/0.65.0/00-pipelines.yaml b/cmd/kubernetes/operator/kodata/tekton-pipeline/0.65.0/00-pipelines.yaml new file mode 100644 index 0000000000..6dbae028f5 --- /dev/null +++ b/cmd/kubernetes/operator/kodata/tekton-pipeline/0.65.0/00-pipelines.yaml @@ -0,0 +1,3572 @@ +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Namespace +metadata: + name: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pod-security.kubernetes.io/enforce: restricted + +--- +# Copyright 2020-2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-controller-cluster-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + - apiGroups: [""] + # Controller needs to watch Pods created by TaskRuns to see them progress. + resources: ["pods"] + verbs: ["list", "watch"] + - apiGroups: [""] + # Controller needs to get the list of cordoned nodes over the course of a single run + resources: ["nodes"] + verbs: ["list"] + # Controller needs cluster access to all of the CRDs that it is responsible for + # managing. + - apiGroups: ["tekton.dev"] + resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "customruns", "stepactions"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["verificationpolicies"] + verbs: ["get", "list", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["taskruns/finalizers", "pipelineruns/finalizers", "customruns/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status", "pipelineruns/status", "customruns/status", "verificationpolicies/status", "stepactions/status"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + # resolution.tekton.dev + - apiGroups: ["resolution.tekton.dev"] + resources: ["resolutionrequests", "resolutionrequests/status"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + # This is the access that the controller needs on a per-namespace basis. + name: tekton-pipelines-controller-tenant-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + # Read-write access to create Pods and PVCs (for Workspaces) + - apiGroups: [""] + resources: ["pods", "persistentvolumeclaims"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + # Write permissions to publish events. + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "update", "patch"] + # Read-only access to these. + - apiGroups: [""] + resources: ["configmaps", "limitranges", "secrets", "serviceaccounts"] + verbs: ["get", "list", "watch"] + # Read-write access to StatefulSets for Affinity Assistant. + - apiGroups: ["apps"] + resources: ["statefulsets"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-webhook-cluster-access + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + # The webhook needs to be able to get and update customresourcedefinitions, + # mainly to update the webhook certificates. + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions", "customresourcedefinitions/status"] + verbs: ["get", "update", "patch"] + resourceNames: + - pipelines.tekton.dev + - pipelineruns.tekton.dev + - tasks.tekton.dev + - clustertasks.tekton.dev + - taskruns.tekton.dev + - resolutionrequests.resolution.tekton.dev + - customruns.tekton.dev + - verificationpolicies.tekton.dev + - stepactions.tekton.dev + # knative.dev/pkg needs list/watch permissions to set up informers for the webhook. + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["list", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + # The webhook performs a reconciliation on these two resources and continuously + # updates configuration. + resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] + # knative starts informers on these things, which is why we need get, list and watch. + verbs: ["list", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations"] + # This mutating webhook is responsible for applying defaults to tekton objects + # as they are received. + resourceNames: ["webhook.pipeline.tekton.dev"] + # When there are changes to the configs or secrets, knative updates the mutatingwebhook config + # with the updated certificates or the refreshed set of rules. + verbs: ["get", "update", "delete"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + # validation.webhook.pipeline.tekton.dev performs schema validation when you, for example, create TaskRuns. + # config.webhook.pipeline.tekton.dev validates the logging configuration against knative's logging structure + resourceNames: ["validation.webhook.pipeline.tekton.dev", "config.webhook.pipeline.tekton.dev"] + # When there are changes to the configs or secrets, knative updates the validatingwebhook config + # with the updated certificates or the refreshed set of rules. + verbs: ["get", "update", "delete"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get"] + # The webhook configured the namespace as the OwnerRef on various cluster-scoped resources, + # which requires we can Get the system namespace. + resourceNames: ["tekton-pipelines"] + - apiGroups: [""] + resources: ["namespaces/finalizers"] + verbs: ["update"] + # The webhook configured the namespace as the OwnerRef on various cluster-scoped resources, + # which requires we can update the system namespace finalizers. + resourceNames: ["tekton-pipelines"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-events-controller-cluster-access + labels: + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + - apiGroups: ["tekton.dev"] + resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "customruns"] + verbs: ["get", "list", "watch"] + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["list", "watch"] + # The controller needs access to these configmaps for logging information and runtime configuration. + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + resourceNames: ["config-logging", "config-observability", "feature-flags", "config-leader-election-controller", "config-registry-cert"] +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["list", "watch"] + # The webhook needs access to these configmaps for logging information. + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + resourceNames: ["config-logging", "config-observability", "config-leader-election-webhook", "feature-flags"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["list", "watch"] + # The webhook daemon makes a reconciliation loop on webhook-certs. Whenever + # the secret changes it updates the webhook configurations with the certificates + # stored in the secret. + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "update"] + resourceNames: ["webhook-certs"] +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-events-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["list", "watch"] + # The controller needs access to these configmaps for logging information and runtime configuration. + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + resourceNames: ["config-logging", "config-observability", "feature-flags", "config-leader-election-events", "config-registry-cert"] +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-leader-election + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + # We uses leases for leaderelection + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: tekton-pipelines-info + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + # All system:authenticated users needs to have access + # of the pipelines-info ConfigMap even if they don't + # have access to the other resources present in the + # installed namespace. + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["pipelines-info"] + verbs: ["get"] + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-pipelines-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-events-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelines-controller-cluster-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-controller + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-pipelines-controller-cluster-access + apiGroup: rbac.authorization.k8s.io +--- +# If this ClusterRoleBinding is replaced with a RoleBinding +# then the ClusterRole would be namespaced. The access described by +# the tekton-pipelines-controller-tenant-access ClusterRole would +# be scoped to individual tenant namespaces. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelines-controller-tenant-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-controller + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-pipelines-controller-tenant-access + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelines-webhook-cluster-access + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-webhook + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-pipelines-webhook-cluster-access + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-events-controller-cluster-access + labels: + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-events-controller + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-events-controller-cluster-access + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-pipelines-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-controller + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-pipelines-controller + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-webhook + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-pipelines-webhook + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-pipelines-controller-leaderelection + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-controller + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-pipelines-leader-election + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-pipelines-webhook-leaderelection + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-webhook + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-pipelines-leader-election + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-pipelines-info + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + # Giving all system:authenticated users the access of the + # ConfigMap which contains version information. + - kind: Group + name: system:authenticated + apiGroup: rbac.authorization.k8s.io +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: tekton-pipelines-info +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-pipelines-events-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-events-controller + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-pipelines-events-controller + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-events-controller-leaderelection + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-events-controller + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-pipelines-leader-election + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clustertasks.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.65.0" + version: "v0.65.0" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: ClusterTask + plural: clustertasks + singular: clustertask + categories: + - tekton + - tekton-pipelines + scope: Cluster + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: customruns.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.65.0" + version: "v0.65.0" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: CustomRun + plural: customruns + singular: customrun + categories: + - tekton + - tekton-pipelines + scope: Namespaced + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: pipelines.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.65.0" + version: "v0.65.0" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - name: v1beta1 + served: true + storage: false + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # OpenAPIV3 schema allows Kubernetes to perform validation on the schema fields + # and use the schema in tooling such as `kubectl explain`. + # Using "x-kubernetes-preserve-unknown-fields: true" + # at the root of the schema (or within it) allows arbitrary fields. + # We currently perform our own validation separately. + # See https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#specifying-a-structural-schema + # for more info. + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: Pipeline + plural: pipelines + singular: pipeline + categories: + - tekton + - tekton-pipelines + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1beta1", "v1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: pipelineruns.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.65.0" + version: "v0.65.0" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - name: v1beta1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: PipelineRun + plural: pipelineruns + singular: pipelinerun + categories: + - tekton + - tekton-pipelines + shortNames: + - pr + - prs + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1beta1", "v1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: resolutionrequests.resolution.tekton.dev + labels: + resolution.tekton.dev/release: devel +spec: + group: resolution.tekton.dev + scope: Namespaced + names: + kind: ResolutionRequest + plural: resolutionrequests + singular: resolutionrequest + categories: + - tekton + - tekton-pipelines + shortNames: + - resolutionrequest + - resolutionrequests + versions: + - name: v1alpha1 + served: true + deprecated: true + storage: false + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type=='Succeeded')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Succeeded')].reason" + - name: v1beta1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: OwnerKind + type: string + jsonPath: ".metadata.ownerReferences[0].kind" + - name: Owner + type: string + jsonPath: ".metadata.ownerReferences[0].name" + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type=='Succeeded')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Succeeded')].reason" + - name: StartTime + type: string + jsonPath: .metadata.creationTimestamp + - name: EndTime + type: string + jsonPath: .status.conditions[?(@.type=='Succeeded')].lastTransitionTime + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1alpha1", "v1beta1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + +--- +# Copyright 2023 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: stepactions.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.65.0" + version: "v0.65.0" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: StepAction + plural: stepactions + singular: stepaction + categories: + - tekton + - tekton-pipelines + scope: Namespaced + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: tasks.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.65.0" + version: "v0.65.0" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - name: v1beta1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # TODO(#1461): Add OpenAPIV3 schema + # OpenAPIV3 schema allows Kubernetes to perform validation on the schema fields + # and use the schema in tooling such as `kubectl explain`. + # Using "x-kubernetes-preserve-unknown-fields: true" + # at the root of the schema (or within it) allows arbitrary fields. + # We currently perform our own validation separately. + # See https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#specifying-a-structural-schema + # for more info. + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: Task + plural: tasks + singular: task + categories: + - tekton + - tekton-pipelines + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1beta1", "v1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: taskruns.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.65.0" + version: "v0.65.0" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - name: v1beta1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: TaskRun + plural: taskruns + singular: taskrun + categories: + - tekton + - tekton-pipelines + shortNames: + - tr + - trs + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1beta1", "v1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: verificationpolicies.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.65.0" + version: "v0.65.0" +spec: + group: tekton.dev + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + names: + kind: VerificationPolicy + plural: verificationpolicies + singular: verificationpolicy + categories: + - tekton + - tekton-pipelines + scope: Namespaced + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: webhook-certs + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.65.0" +# The data is populated at install time. +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.webhook.pipeline.tekton.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.65.0" +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: validation.webhook.pipeline.tekton.dev +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: webhook.pipeline.tekton.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.65.0" +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: webhook.pipeline.tekton.dev +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: config.webhook.pipeline.tekton.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.65.0" +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: config.webhook.pipeline.tekton.dev + objectSelector: + matchLabels: + app.kubernetes.io/part-of: tekton-pipelines + +--- +# Copyright 2019-2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-aggregate-edit + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - tekton.dev + resources: + - tasks + - taskruns + - pipelines + - pipelineruns + - runs + - customruns + - stepactions + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + +--- +# Copyright 2019-2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-aggregate-view + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: + - apiGroups: + - tekton.dev + resources: + - tasks + - taskruns + - pipelines + - pipelineruns + - runs + - customruns + - stepactions + verbs: + - get + - list + - watch + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-defaults + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # default-timeout-minutes contains the default number of + # minutes to use for TaskRun and PipelineRun, if none is specified. + default-timeout-minutes: "60" # 60 minutes + + # default-service-account contains the default service account name + # to use for TaskRun and PipelineRun, if none is specified. + default-service-account: "default" + + # default-managed-by-label-value contains the default value given to the + # "app.kubernetes.io/managed-by" label applied to all Pods created for + # TaskRuns. If a user's requested TaskRun specifies another value for this + # label, the user's request supercedes. + default-managed-by-label-value: "tekton-pipelines" + + # default-pod-template contains the default pod template to use for + # TaskRun and PipelineRun. If a pod template is specified on the + # PipelineRun, the default-pod-template is merged with that one. + # default-pod-template: + + # default-affinity-assistant-pod-template contains the default pod template + # to use for affinity assistant pods. If a pod template is specified on the + # PipelineRun, the default-affinity-assistant-pod-template is merged with + # that one. + # default-affinity-assistant-pod-template: + + # default-cloud-events-sink contains the default CloudEvents sink to be + # used for TaskRun and PipelineRun, when no sink is specified. + # Note that right now it is still not possible to set a PipelineRun or + # TaskRun specific sink, so the default is the only option available. + # If no sink is specified, no CloudEvent is generated + # default-cloud-events-sink: + + # default-task-run-workspace-binding contains the default workspace + # configuration provided for any Workspaces that a Task declares + # but that a TaskRun does not explicitly provide. + # default-task-run-workspace-binding: | + # emptyDir: {} + + # default-max-matrix-combinations-count contains the default maximum number + # of combinations from a Matrix, if none is specified. + default-max-matrix-combinations-count: "256" + + # default-forbidden-env contains comma seperated environment variables that cannot be + # overridden by podTemplate. + default-forbidden-env: + + # default-resolver-type contains the default resolver type to be used in the cluster, + # no default-resolver-type is specified by default + default-resolver-type: + + # default-imagepullbackoff-timeout contains the default duration to wait + # before requeuing the TaskRun to retry, specifying 0 here is equivalent to fail fast + # possible values could be 1m, 5m, 10s, 1h, etc + # default-imagepullbackoff-timeout: "5m" + + # default-container-resource-requirements allow users to update default resource requirements + # to a init-containers and containers of a pods create by the controller + # Onet: All the resource requirements are applied to init-containers and containers + # only if the existing resource requirements are empty. + # default-container-resource-requirements: | + # place-scripts: # updates resource requirements of a 'place-scripts' container + # requests: + # memory: "64Mi" + # cpu: "250m" + # limits: + # memory: "128Mi" + # cpu: "500m" + # + # prepare: # updates resource requirements of a 'prepare' container + # requests: + # memory: "64Mi" + # cpu: "250m" + # limits: + # memory: "256Mi" + # cpu: "500m" + # + # working-dir-initializer: # updates resource requirements of a 'working-dir-initializer' container + # requests: + # memory: "64Mi" + # cpu: "250m" + # limits: + # memory: "512Mi" + # cpu: "500m" + # + # prefix-scripts: # updates resource requirements of containers which starts with 'scripts-' + # requests: + # memory: "64Mi" + # cpu: "250m" + # limits: + # memory: "128Mi" + # cpu: "500m" + # + # prefix-sidecar-scripts: # updates resource requirements of containers which starts with 'sidecar-scripts-' + # requests: + # memory: "64Mi" + # cpu: "250m" + # limits: + # memory: "128Mi" + # cpu: "500m" + # + # default: # updates resource requirements of init-containers and containers which has empty resource resource requirements + # requests: + # memory: "64Mi" + # cpu: "250m" + # limits: + # memory: "256Mi" + # cpu: "500m" + +--- +# Copyright 2023 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-events + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # formats contains a comma seperated list of event formats to be used + # the only format supported today is "tektonv1". An empty string is not + # a valid configuration. To disable events, do not specify the sink. + formats: "tektonv1" + + # sink contains the event sink to be used for TaskRun, PipelineRun and + # CustomRun. If no sink is specified, no CloudEvent is generated. + # This setting supercedes the "default-cloud-events-sink" from the + # "config-defaults" config map + sink: "https://events.sink/cdevents" + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: feature-flags + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # Setting this flag to "true" will prevent Tekton to create an + # Affinity Assistant for every TaskRun sharing a PVC workspace + # + # The default behaviour is for Tekton to create Affinity Assistants + # + # See more in the Affinity Assistant documentation + # https://github.com/tektoncd/pipeline/blob/main/docs/affinityassistants.md + # or https://github.com/tektoncd/pipeline/pull/2630 for more info. + # + # Note: This feature flag is deprecated and will be removed in release v0.60. Consider using `coschedule` feature flag to configure Affinity Assistant behavior. + disable-affinity-assistant: "false" + # Setting this flag will determine how PipelineRun Pods are scheduled with Affinity Assistant. + # Acceptable values are "workspaces" (default), "pipelineruns", "isolate-pipelinerun", or "disabled". + # + # Setting it to "workspaces" will schedule all the taskruns sharing the same PVC-based workspace in a pipelinerun to the same node. + # Setting it to "pipelineruns" will schedule all the taskruns in a pipelinerun to the same node. + # Setting it to "isolate-pipelinerun" will schedule all the taskruns in a pipelinerun to the same node, + # and only allows one pipelinerun to run on a node at a time. + # Setting it to "disabled" will not apply any coschedule policy. + # + # See more in the Affinity Assistant documentation + # https://github.com/tektoncd/pipeline/blob/main/docs/affinityassistants.md + coschedule: "workspaces" + # Setting this flag to "true" will prevent Tekton scanning attached + # service accounts and injecting any credentials it finds into your + # Steps. + # + # The default behaviour currently is for Tekton to search service + # accounts for secrets matching a specified format and automatically + # mount those into your Steps. + # + # Note: setting this to "true" will prevent PipelineResources from + # working. + # + # See https://github.com/tektoncd/pipeline/issues/2791 for more + # info. + disable-creds-init: "false" + # Setting this flag to "false" will stop Tekton from waiting for a + # TaskRun's sidecar containers to be running before starting the first + # step. This will allow Tasks to be run in environments that don't + # support the DownwardAPI volume type, but may lead to unintended + # behaviour if sidecars are used. + # + # See https://github.com/tektoncd/pipeline/issues/4937 for more info. + await-sidecar-readiness: "true" + # This option should be set to false when Pipelines is running in a + # cluster that does not use injected sidecars such as Istio. Setting + # it to false should decrease the time it takes for a TaskRun to start + # running. For clusters that use injected sidecars, setting this + # option to false can lead to unexpected behavior. + # + # See https://github.com/tektoncd/pipeline/issues/2080 for more info. + running-in-environment-with-injected-sidecars: "true" + # Setting this flag to "true" will require that any Git SSH Secret + # offered to Tekton must have known_hosts included. + # + # See https://github.com/tektoncd/pipeline/issues/2981 for more + # info. + require-git-ssh-secret-known-hosts: "false" + # Setting this flag to "true" enables the use of Tekton OCI bundle. + # This is an experimental feature and thus should still be considered + # an alpha feature. + enable-tekton-oci-bundles: "false" + # Setting this flag will determine which gated features are enabled. + # Acceptable values are "stable", "beta", or "alpha". + enable-api-fields: "beta" + # Setting this flag to "true" enables CloudEvents for CustomRuns and Runs, as long as a + # CloudEvents sink is configured in the config-defaults config map + send-cloudevents-for-runs: "false" + # This flag affects the behavior of taskruns and pipelineruns in cases where no VerificationPolicies match them. + # If it is set to "fail", TaskRuns and PipelineRuns will fail verification if no matching policies are found. + # If it is set to "warn", TaskRuns and PipelineRuns will run to completion if no matching policies are found, and an error will be logged. + # If it is set to "ignore", TaskRuns and PipelineRuns will run to completion if no matching policies are found, and no error will be logged. + trusted-resources-verification-no-match-policy: "ignore" + # Setting this flag to "true" enables populating the "provenance" field in TaskRun + # and PipelineRun status. This field contains metadata about resources used + # in the TaskRun/PipelineRun such as the source from where a remote Task/Pipeline + # definition was fetched. + enable-provenance-in-status: "true" + # Setting this flag will determine how Tekton pipelines will handle non-falsifiable provenance. + # If set to "spire", then SPIRE will be used to ensure non-falsifiable provenance. + # If set to "none", then Tekton will not have non-falsifiable provenance. + # This is an experimental feature and thus should still be considered an alpha feature. + enforce-nonfalsifiability: "none" + # Setting this flag will determine how Tekton pipelines will handle extracting results from the task. + # Acceptable values are "termination-message" or "sidecar-logs". + # "sidecar-logs" is now a beta feature. + results-from: "termination-message" + # Setting this flag will determine the upper limit of each task result + # This flag is optional and only associated with the previous flag, results-from + # When results-from is set to "sidecar-logs", this flag can be used to configure the upper limit of a task result + # max-result-size: "4096" + # Setting this flag to "true" will limit privileges for containers injected by Tekton into TaskRuns. + # This allows TaskRuns to run in namespaces with "restricted" pod security standards. + # Not all Kubernetes implementations support this option. + set-security-context: "false" + # Setting this flag to "true" will keep pod on cancellation + # allowing examination of the logs on the pods from cancelled taskruns + keep-pod-on-cancel: "false" + # Setting this flag to "true" will enable the CEL evaluation in WhenExpression + enable-cel-in-whenexpression: "false" + # Setting this flag to "true" will enable the use of StepActions in Steps + # This feature is in preview mode and not implemented yet. Please check #7259 for updates. + enable-step-actions: "false" + # Setting this flag to "true" will enable the use of Artifacts in Steps + # This feature is in preview mode and not implemented yet. Please check #7693 for updates. + enable-artifacts: "false" + # Setting this flag to "true" will enable the built-in param input validation via param enum. + enable-param-enum: "false" + # Setting this flag to "pipeline,pipelinerun,taskrun" will prevent users from creating + # embedded spec Taskruns or Pipelineruns for Pipeline, Pipelinerun and taskrun + # respectively. We can specify "pipeline" to disable for Pipeline resource only. + # "pipelinerun" for Pipelinerun and "taskrun" for Taskrun. Or a combination of + # these. + disable-inline-spec: "" + # Setting this flag to "true" will enable the use of concise resolver syntax + enable-concise-resolver-syntax: "false" + # Setthing this flag to "true" will enable native Kubernetes Sidecar support + enable-kubernetes-sidecar: "false" + +--- +# Copyright 2021 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: pipelines-info + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # Contains pipelines version which can be queried by external + # tools such as CLI. Elevated permissions are already given to + # this ConfigMap such that even if we don't have access to + # other resources in the namespace we still can have access to + # this ConfigMap. + version: "v0.65.0" + +--- +# Copyright 2020 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-leader-election-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" + +--- +# Copyright 2023 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-leader-election-events + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" + +--- +# Copyright 2023 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-leader-election-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" + +--- +# Copyright 2019 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-logging + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + zap-logger-config: | + { + "level": "info", + "development": false, + "sampling": { + "initial": 100, + "thereafter": 100 + }, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "timestamp", + "levelKey": "severity", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "message", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "iso8601", + "durationEncoder": "", + "callerEncoder": "" + } + } + # Log level overrides + loglevel.controller: "info" + loglevel.webhook: "info" + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-observability + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # metrics.backend-destination field specifies the system metrics destination. + # It supports either prometheus (the default) or stackdriver. + # Note: Using Stackdriver will incur additional charges. + metrics.backend-destination: prometheus + + # metrics.stackdriver-project-id field specifies the Stackdriver project ID. This + # field is optional. When running on GCE, application default credentials will be + # used and metrics will be sent to the cluster's project if this field is + # not provided. + metrics.stackdriver-project-id: "" + + # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed + # to send metrics to Stackdriver using "global" resource type and custom + # metric type. Setting this flag to "true" could cause extra Stackdriver + # charge. If metrics.backend-destination is not Stackdriver, this is + # ignored. + metrics.allow-stackdriver-custom-metrics: "false" + metrics.taskrun.level: "task" + metrics.taskrun.duration-type: "histogram" + metrics.pipelinerun.level: "pipeline" + metrics.pipelinerun.duration-type: "histogram" + metrics.count.enable-reason: "false" + metrics.running-pipelinerun.level: "" + +--- +# Copyright 2020 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-registry-cert + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +# data: +# # Registry's self-signed certificate +# cert: | + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-spire + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # + # spire-trust-domain specifies the SPIRE trust domain to use. + # spire-trust-domain: "example.org" + # + # spire-socket-path specifies the SPIRE agent socket for SPIFFE workload API. + # spire-socket-path: "unix:///spiffe-workload-api/spire-agent.sock" + # + # spire-server-addr specifies the SPIRE server address for workload/node registration. + # spire-server-addr: "spire-server.spire.svc.cluster.local:8081" + # + # spire-node-alias-prefix specifies the SPIRE node alias prefix to use. + # spire-node-alias-prefix: "/tekton-node/" + +--- +# Copyright 2023 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-tracing + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # + # Enable sending traces to defined endpoint by setting this to true + enabled: "true" + # + # API endpoint to send the traces to + # (optional): The default value is given below + endpoint: "http://jaeger-collector.jaeger.svc.cluster.local:14268/api/traces" + # (optional) Name of the k8s secret which contains basic auth credentials + credentialsSecret: "jaeger-creds" + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-pipelines-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.65.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.65.0" + # labels below are related to istio and should not be used for resource lookup + version: "v0.65.0" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + template: + metadata: + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.65.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.65.0" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelines-controller + version: "v0.65.0" + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: NotIn + values: + - windows + serviceAccountName: tekton-pipelines-controller + containers: + - name: tekton-pipelines-controller + image: ghcr.io/tektoncd/pipeline/controller-10a3e32792f33651396d02b6855a6e36:v0.65.0@sha256:96cfed37cd749a696a2acbcc782b2b4cba5c0f7531b620ac52761af3d8e7d13b + args: [ + # These images are built on-demand by `ko resolve` and are replaced + # by image references by digest. + "-entrypoint-image", "ghcr.io/tektoncd/pipeline/entrypoint-bff0a22da108bc2f16c818c97641a296:v0.65.0@sha256:7b53db05ce43e10e08affddc41d8298fdd20a4ae9954f8f69f21319b1264aea1", "-nop-image", "ghcr.io/tektoncd/pipeline/nop-8eac7c133edad5df719dc37b36b62482:v0.65.0@sha256:3d7788764e58c78401c8f6bff18d8df22724446108c659baf4b14901b38030d3", "-sidecarlogresults-image", "ghcr.io/tektoncd/pipeline/sidecarlogresults-7501c6a20d741631510a448b48ab098f:v0.65.0@sha256:23db7cc51a918437d84c59946b60e95306e5157f50ba79ed927d953fd35a6534", "-workingdirinit-image", "ghcr.io/tektoncd/pipeline/workingdirinit-0c558922ec6a1b739e550e349f2d5fc1:v0.65.0@sha256:fc8af4ec91b0a6bd4da56d74f46d3d8740e2b8372f5d991bae478d98830d1332", + # The shell image must allow root in order to create directories and copy files to PVCs. + # cgr.dev/chainguard/busybox as of April 14 2022 + # image shall not contains tag, so it will be supported on a runtime like cri-o + "-shell-image", "cgr.dev/chainguard/busybox@sha256:19f02276bf8dbdd62f069b922f10c65262cc34b710eea26ff928129a736be791", + # for script mode to work with windows we need a powershell image + # pinning to nanoserver tag as of July 15 2021 + "-shell-image-win", "mcr.microsoft.com/powershell:nanoserver@sha256:b6d5ff841b78bdf2dfed7550000fd4f3437385b8fa686ec0f010be24777654d6"] + volumeMounts: + - name: config-logging + mountPath: /etc/config-logging + - name: config-registry-cert + mountPath: /etc/config-registry-cert + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + # If you are changing these names, you will also need to update + # the controller's Role in 200-role.yaml to include the new + # values in the "configmaps" "get" rule. + - name: CONFIG_DEFAULTS_NAME + value: config-defaults + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: CONFIG_FEATURE_FLAGS_NAME + value: feature-flags + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election-controller + - name: CONFIG_SPIRE + value: config-spire + - name: SSL_CERT_FILE + value: /etc/config-registry-cert/cert + - name: SSL_CERT_DIR + value: /etc/ssl/certs + - name: METRICS_DOMAIN + value: tekton.dev/pipeline + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - "ALL" + # User 65532 is the nonroot user ID + runAsUser: 65532 + runAsGroup: 65532 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: probes + containerPort: 8080 + livenessProbe: + httpGet: + path: /health + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /readiness + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + volumes: + - name: config-logging + configMap: + name: config-logging + - name: config-registry-cert + configMap: + name: config-registry-cert +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.65.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.65.0" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelines-controller + version: "v0.65.0" + name: tekton-pipelines-controller + namespace: tekton-pipelines +spec: + ports: + - name: http-metrics + port: 9090 + protocol: TCP + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: probes + port: 8080 + selector: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + +--- +# Copyright 2023 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-events-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: events + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.65.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.65.0" + # labels below are related to istio and should not be used for resource lookup + version: "v0.65.0" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: events + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + template: + metadata: + labels: + app.kubernetes.io/name: events + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.65.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.65.0" + # labels below are related to istio and should not be used for resource lookup + app: tekton-events-controller + version: "v0.65.0" + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: NotIn + values: + - windows + serviceAccountName: tekton-events-controller + containers: + - name: tekton-events-controller + image: ghcr.io/tektoncd/pipeline/events-a9042f7efb0cbade2a868a1ee5ddd52c:v0.65.0@sha256:923a20abe3f21c44dac6ff4ebf6a54c711153676c6c8e88e80850c7b4491cc5d + args: [] + volumeMounts: + - name: config-logging + mountPath: /etc/config-logging + - name: config-registry-cert + mountPath: /etc/config-registry-cert + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + # If you are changing these names, you will also need to update + # the controller's Role in 200-role.yaml to include the new + # values in the "configmaps" "get" rule. + - name: CONFIG_DEFAULTS_NAME + value: config-defaults + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election-events + - name: SSL_CERT_FILE + value: /etc/config-registry-cert/cert + - name: SSL_CERT_DIR + value: /etc/ssl/certs + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - "ALL" + # User 65532 is the nonroot user ID + runAsUser: 65532 + runAsGroup: 65532 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: probes + containerPort: 8080 + livenessProbe: + httpGet: + path: /health + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /readiness + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + volumes: + - name: config-logging + configMap: + name: config-logging + - name: config-registry-cert + configMap: + name: config-registry-cert +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: events + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.65.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.65.0" + # labels below are related to istio and should not be used for resource lookup + app: tekton-events-controller + version: "v0.65.0" + name: tekton-events-controller + namespace: tekton-pipelines +spec: + ports: + - name: http-metrics + port: 9090 + protocol: TCP + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: probes + port: 8080 + selector: + app.kubernetes.io/name: events + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Namespace +metadata: + name: tekton-pipelines-resolvers + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pod-security.kubernetes.io/enforce: restricted + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + # ClusterRole for resolvers to monitor and update resolutionrequests. + name: tekton-pipelines-resolvers-resolution-request-updates + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + - apiGroups: ["resolution.tekton.dev"] + resources: ["resolutionrequests", "resolutionrequests/status"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["tekton.dev"] + resources: ["tasks", "pipelines"] + verbs: ["get", "list"] + # Read-only access to these. + - apiGroups: [""] + resources: ["secrets", "serviceaccounts"] + verbs: ["get", "list", "watch"] + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-resolvers-namespace-rbac + namespace: tekton-pipelines-resolvers + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + # Needed to watch and load configuration and secret data. + - apiGroups: [""] + resources: ["configmaps", "secrets"] + verbs: ["get", "list", "update", "watch"] + # This is needed by leader election to run the controller in HA. + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-pipelines-resolvers + namespace: tekton-pipelines-resolvers + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + +--- +# Copyright 2021 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelines-resolvers + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-resolvers + namespace: tekton-pipelines-resolvers +roleRef: + kind: ClusterRole + name: tekton-pipelines-resolvers-resolution-request-updates + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2021 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-pipelines-resolvers-namespace-rbac + namespace: tekton-pipelines-resolvers + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-resolvers + namespace: tekton-pipelines-resolvers +roleRef: + kind: Role + name: tekton-pipelines-resolvers-namespace-rbac + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: bundleresolver-config + namespace: tekton-pipelines-resolvers + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # the default service account name to use for bundle requests. + default-service-account: "default" + # The default layer kind in the bundle image. + default-kind: "task" + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: cluster-resolver-config + namespace: tekton-pipelines-resolvers + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # The default kind to fetch. + default-kind: "task" + # The default namespace to look for resources in. + default-namespace: "" + # An optional comma-separated list of namespaces which the resolver is allowed to access. Defaults to empty, meaning all namespaces are allowed. + allowed-namespaces: "" + # An optional comma-separated list of namespaces which the resolver is blocked from accessing. Defaults to empty, meaning all namespaces are allowed. + blocked-namespaces: "" + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: resolvers-feature-flags + namespace: tekton-pipelines-resolvers + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # Setting this flag to "true" enables remote resolution of Tekton OCI bundles. + enable-bundles-resolver: "true" + # Setting this flag to "true" enables remote resolution of tasks and pipelines via the Tekton Hub. + enable-hub-resolver: "true" + # Setting this flag to "true" enables remote resolution of tasks and pipelines from Git repositories. + enable-git-resolver: "true" + # Setting this flag to "true" enables remote resolution of tasks and pipelines from other namespaces within the cluster. + enable-cluster-resolver: "true" + +--- +# Copyright 2020 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-leader-election-resolvers + namespace: tekton-pipelines-resolvers + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" + +--- +# Copyright 2019 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-logging + namespace: tekton-pipelines-resolvers + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + zap-logger-config: | + { + "level": "info", + "development": false, + "sampling": { + "initial": 100, + "thereafter": 100 + }, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "timestamp", + "levelKey": "severity", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "message", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "iso8601", + "durationEncoder": "", + "callerEncoder": "" + } + } + # Log level overrides + loglevel.controller: "info" + loglevel.webhook: "info" + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-observability + namespace: tekton-pipelines-resolvers + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # metrics.backend-destination field specifies the system metrics destination. + # It supports either prometheus (the default) or stackdriver. + # Note: Using stackdriver will incur additional charges + metrics.backend-destination: prometheus + + # metrics.request-metrics-backend-destination specifies the request metrics + # destination. If non-empty, it enables queue proxy to send request metrics. + # Currently supported values: prometheus, stackdriver. + metrics.request-metrics-backend-destination: prometheus + + # metrics.stackdriver-project-id field specifies the stackdriver project ID. This + # field is optional. When running on GCE, application default credentials will be + # used if this field is not provided. + metrics.stackdriver-project-id: "" + + # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to + # Stackdriver using "global" resource type and custom metric type if the + # metrics are not supported by "knative_revision" resource type. Setting this + # flag to "true" could cause extra Stackdriver charge. + # If metrics.backend-destination is not Stackdriver, this is ignored. + metrics.allow-stackdriver-custom-metrics: "false" + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: git-resolver-config + namespace: tekton-pipelines-resolvers + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # The maximum amount of time a single anonymous cloning resolution may take. + fetch-timeout: "1m" + # The git url to fetch the remote resource from when using anonymous cloning. + default-url: "https://github.com/tektoncd/catalog.git" + # The git revision to fetch the remote resource from with either anonymous cloning or the authenticated API. + default-revision: "main" + # The SCM type to use with the authenticated API. Can be github, gitlab, gitea, bitbucketserver, bitbucketcloud + scm-type: "github" + # The SCM server URL to use with the authenticated API. Not needed when using github.com, gitlab.com, or BitBucket Cloud + server-url: "" + # The Kubernetes secret containing the API token for the SCM provider. Required when using the authenticated API. + api-token-secret-name: "" + # The key in the API token secret containing the actual token. Required when using the authenticated API. + api-token-secret-key: "" + # The namespace containing the API token secret. Defaults to "default". + api-token-secret-namespace: "default" + # The default organization to look for repositories under when using the authenticated API, + # if not specified in the resolver parameters. Optional. + default-org: "" + +--- +# Copyright 2023 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: http-resolver-config + namespace: tekton-pipelines-resolvers + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # The maximum amount of time the http resolver will wait for a response from the server. + fetch-timeout: "1m" + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: hubresolver-config + namespace: tekton-pipelines-resolvers + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # the default Tekton Hub catalog from where to pull the resource. + default-tekton-hub-catalog: "Tekton" + # the default Artifact Hub Task catalog from where to pull the resource. + default-artifact-hub-task-catalog: "tekton-catalog-tasks" + # the default Artifact Hub Pipeline catalog from where to pull the resource. + default-artifact-hub-pipeline-catalog: "tekton-catalog-pipelines" + # the default layer kind in the hub image. + default-kind: "task" + # the default hub source to pull the resource from. + default-type: "artifact" + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-pipelines-remote-resolvers + namespace: tekton-pipelines-resolvers + labels: + app.kubernetes.io/name: resolvers + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.65.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.65.0" + # labels below are related to istio and should not be used for resource lookup + version: "v0.65.0" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: resolvers + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + template: + metadata: + labels: + app.kubernetes.io/name: resolvers + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.65.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.65.0" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelines-resolvers + version: "v0.65.0" + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: resolvers + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: tekton-pipelines-resolvers + containers: + - name: controller + image: ghcr.io/tektoncd/pipeline/resolvers-ff86b24f130c42b88983d3c13993056d:v0.65.0@sha256:45e3c00d345a487622353b7703f7aaeafde57a9a5135c0be3eca477af23eaff1 + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 1000m + memory: 4Gi + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + # This must match the value of the environment variable PROBES_PORT. + - name: probes + containerPort: 8080 + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + # If you are changing these names, you will also need to update + # the controller's Role in 200-role.yaml to include the new + # values in the "configmaps" "get" rule. + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: CONFIG_FEATURE_FLAGS_NAME + value: feature-flags + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election-resolvers + - name: METRICS_DOMAIN + value: tekton.dev/resolution + - name: PROBES_PORT + value: "8080" + # Override this env var to set a private hub api endpoint + - name: ARTIFACT_HUB_API + value: "https://artifacthub.io/" + - name: TEKTON_HUB_API + value: "https://api.hub.tekton.dev/" + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - "ALL" + seccompProfile: + type: RuntimeDefault + +--- +# Copyright 2023 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: resolvers + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.65.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.65.0" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelines-remote-resolvers + version: "v0.65.0" + name: tekton-pipelines-remote-resolvers + namespace: tekton-pipelines-resolvers +spec: + ports: + - name: http-metrics + port: 9090 + protocol: TCP + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: probes + port: 8080 + selector: + app.kubernetes.io/name: resolvers + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.65.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.65.0" + # labels below are related to istio and should not be used for resource lookup + version: "v0.65.0" +spec: + minReplicas: 1 + maxReplicas: 5 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: tekton-pipelines-webhook + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 100 + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + # Note: the Deployment name must be the same as the Service name specified in + # config/400-webhook-service.yaml. If you change this name, you must also + # change the value of WEBHOOK_SERVICE_NAME below. + name: tekton-pipelines-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.65.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.65.0" + # labels below are related to istio and should not be used for resource lookup + version: "v0.65.0" +spec: + selector: + matchLabels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + template: + metadata: + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.65.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.65.0" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelines-webhook + version: "v0.65.0" + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: NotIn + values: + - windows + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: tekton-pipelines-webhook + containers: + - name: webhook + # This is the Go import path for the binary that is containerized + # and substituted here. + image: ghcr.io/tektoncd/pipeline/webhook-d4749e605405422fd87700164e31b2d1:v0.65.0@sha256:268ccf3ec8b3f861313ab0e422b85012b734099e7135611935e92567dfd55b04 + # Resource request required for autoscaler to take any action for a metric + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 500m + memory: 500Mi + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + # If you are changing these names, you will also need to update + # the webhook's Role in 200-role.yaml to include the new + # values in the "configmaps" "get" rule. + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election-webhook + - name: CONFIG_FEATURE_FLAGS_NAME + value: feature-flags + # If you change PROBES_PORT, you will also need to change the + # containerPort "probes" to the same value. + - name: PROBES_PORT + value: "8080" + # If you change WEBHOOK_PORT, you will also need to change the + # containerPort "https-webhook" to the same value. + - name: WEBHOOK_PORT + value: "8443" + # if you change WEBHOOK_ADMISSION_CONTROLLER_NAME, you will also need to update + # the webhooks.name in 500-webhooks.yaml to include the new names of admission webhooks. + # Additionally, you will also need to change the resource names (metadata.name) of + # "MutatingWebhookConfiguration" and "ValidatingWebhookConfiguration" in 500-webhooks.yaml + # to reflect the change in the name of the admission webhook. + # Followed by changing the webhook's Role in 200-clusterrole.yaml to update the "resourceNames" of + # "mutatingwebhookconfigurations" and "validatingwebhookconfigurations" resources. + - name: WEBHOOK_ADMISSION_CONTROLLER_NAME + value: webhook.pipeline.tekton.dev + - name: WEBHOOK_SERVICE_NAME + value: tekton-pipelines-webhook + - name: WEBHOOK_SECRET_NAME + value: webhook-certs + - name: METRICS_DOMAIN + value: tekton.dev/pipeline + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - "ALL" + # User 65532 is the distroless nonroot user ID + runAsUser: 65532 + runAsGroup: 65532 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + # This must match the value of the environment variable WEBHOOK_PORT. + - name: https-webhook + containerPort: 8443 + # This must match the value of the environment variable PROBES_PORT. + - name: probes + containerPort: 8080 + livenessProbe: + httpGet: + path: /health + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /readiness + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.65.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.65.0" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelines-webhook + version: "v0.65.0" + name: tekton-pipelines-webhook + namespace: tekton-pipelines +spec: + ports: + # Define metrics and profiling for them to be accessible within service meshes. + - name: http-metrics + port: 9090 + targetPort: metrics + - name: http-profiling + port: 8008 + targetPort: profiling + - name: https-webhook + port: 443 + targetPort: https-webhook + - name: probes + port: 8080 + targetPort: probes + selector: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + +--- diff --git a/cmd/kubernetes/operator/kodata/tekton-pruner/00-pruner.yaml b/cmd/kubernetes/operator/kodata/tekton-pruner/00-pruner.yaml new file mode 100644 index 0000000000..07902d83d1 --- /dev/null +++ b/cmd/kubernetes/operator/kodata/tekton-pruner/00-pruner.yaml @@ -0,0 +1,69 @@ +# Copyright 2023 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-resource-pruner + labels: + app.kubernetes.io/part-of: tekton-config +rules: + # allow tkn command to delete pipelinerun and taskrun + - apiGroups: + - tekton.dev + resources: + - taskruns + - pipelineruns + verbs: + - list + - get + - delete + - deletecollection + # allow tkn command to list pipelines and tasks + # if individual resource selection enabled, + # tkn cmd has to get pipelinerun and taskrun parent resource names + # ie, pipelines, tasks + - apiGroups: + - tekton.dev + resources: + - tasks + - pipelines + verbs: + - list + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-resource-pruner + namespace: tekton-pipelines + labels: + app.kubernetes.io/part-of: tekton-config + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-resource-pruner + labels: + app.kubernetes.io/part-of: tekton-config +subjects: + - kind: ServiceAccount + name: tekton-resource-pruner + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-resource-pruner + apiGroup: rbac.authorization.k8s.io diff --git a/cmd/kubernetes/operator/kodata/tekton-results/0.12.1/00-results.yaml b/cmd/kubernetes/operator/kodata/tekton-results/0.12.1/00-results.yaml new file mode 100644 index 0000000000..47f1fcf912 --- /dev/null +++ b/cmd/kubernetes/operator/kodata/tekton-results/0.12.1/00-results.yaml @@ -0,0 +1,809 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.12.1 + name: tekton-results-api + namespace: tekton-pipelines +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.12.1 + name: tekton-results-watcher + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/name: tekton-results-info + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.12.1 + name: tekton-results-info + namespace: tekton-pipelines +rules: + - apiGroups: + - "" + resourceNames: + - tekton-results-info + resources: + - configmaps + verbs: + - get + - describe +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.12.1 + rbac.authorization.k8s.io/aggregate-to-admin: "true" + name: tekton-results-admin +rules: + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - create + - update + - get + - list + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.12.1 + name: tekton-results-api +rules: + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.12.1 + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: tekton-results-readonly +rules: + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + - summary + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.12.1 + name: tekton-results-readwrite +rules: + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - create + - update + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.12.1 + name: tekton-results-watcher +rules: + - apiGroups: + - results.tekton.dev + resources: + - logs + - results + - records + verbs: + - create + - get + - update + - apiGroups: + - tekton.dev + resources: + - pipelineruns + - taskruns + verbs: + - get + - list + - patch + - update + - watch + - delete + - apiGroups: + - "" + resources: + - configmaps + - pods + - events + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - create + - update + - delete + - patch + - watch + - apiGroups: + - tekton.dev + resources: + - pipelines + verbs: + - get + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: tekton-results-info + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.12.1 + name: tekton-results-info + namespace: tekton-pipelines +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: tekton-results-info +subjects: + - apiGroup: rbac.authorization.k8s.io + kind: Group + name: system:authenticated +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.12.1 + name: tekton-results-api +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-results-api +subjects: + - kind: ServiceAccount + name: tekton-results-api + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.12.1 + name: tekton-results-watcher +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-results-watcher +subjects: + - kind: ServiceAccount + name: tekton-results-watcher + namespace: tekton-pipelines +--- +apiVersion: v1 +data: + config: |- + DB_USER= + DB_PASSWORD= + DB_HOST=tekton-results-postgres-service.tekton-pipelines.svc.cluster.local + DB_PORT=5432 + DB_NAME=tekton-results + DB_SSLMODE=disable + DB_SSLROOTCERT= + DB_ENABLE_AUTO_MIGRATION=true + DB_MAX_IDLE_CONNECTIONS=10 + DB_MAX_OPEN_CONNECTIONS=10 + GRPC_WORKER_POOL=2 + K8S_QPS=5 + K8S_BURST=10 + PROFILING=false + PROFILING_PORT=6060 + SERVER_PORT=8080 + PROMETHEUS_PORT=9090 + PROMETHEUS_HISTOGRAM=false + TLS_PATH=/etc/tls + AUTH_DISABLE=false + AUTH_IMPERSONATE=true + LOG_LEVEL=info + LOGS_API=false + LOGS_TYPE=File + LOGS_BUFFER_SIZE=32768 + LOGS_PATH=/logs + S3_BUCKET_NAME= + S3_ENDPOINT= + S3_HOSTNAME_IMMUTABLE=false + S3_REGION= + S3_ACCESS_KEY_ID= + S3_SECRET_ACCESS_KEY= + S3_MULTI_PART_SIZE=5242880 + GCS_BUCKET_NAME= + STORAGE_EMULATOR_HOST= + CONVERTER_ENABLE=false + CONVERTER_DB_LIMIT=50 + MAX_RETENTION= + LOGGING_PLUGIN_PROXY_PATH=/api/logs/v1/application + LOGGING_PLUGIN_API_URL= + LOGGING_PLUGIN_TOKEN_PATH=/var/run/secrets/kubernetes.io/serviceaccount/token + LOGGING_PLUGIN_NAMESPACE_KEY=kubernetes_namespace_name + LOGGING_PLUGIN_STATIC_LABELS='log_type=application' + LOGGING_PLUGIN_CA_CERT= + LOGGING_PLUGIN_QUERY_LIMIT=1700 + LOGGING_PLUGIN_TLS_VERIFICATION_DISABLE= + LOGGING_PLUGIN_FORWARDER_DELAY_DURATION=10 + LOGGING_PLUGIN_QUERY_PARAMS='direction=forward' +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.12.1 + name: tekton-results-api-config + namespace: tekton-pipelines +--- +apiVersion: v1 +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: tekton-results-leader-election + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.12.1 + name: tekton-results-config-leader-election + namespace: tekton-pipelines +--- +apiVersion: v1 +data: + loglevel.watcher: info + zap-logger-config: | + { + "level": "info", + "development": false, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "time", + "levelKey": "level", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "msg", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "iso8601", + "durationEncoder": "string", + "callerEncoder": "" + } + } +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: tekton-results-logging + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.12.1 + name: tekton-results-config-logging + namespace: tekton-pipelines +--- +apiVersion: v1 +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # metrics.backend-destination field specifies the system metrics destination. + # It supports either prometheus (the default) or stackdriver. + # Note: Using Stackdriver will incur additional charges. + metrics.backend-destination: prometheus + + # metrics.stackdriver-project-id field specifies the Stackdriver project ID. This + # field is optional. When running on GCE, application default credentials will be + # used and metrics will be sent to the cluster's project if this field is + # not provided. + metrics.stackdriver-project-id: "" + + # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed + # to send metrics to Stackdriver using "global" resource type and custom + # metric type. Setting this flag to "true" could cause extra Stackdriver + # charge. If metrics.backend-destination is not Stackdriver, this is + # ignored. + metrics.allow-stackdriver-custom-metrics: "false" + metrics.taskrun.level: "task" + metrics.taskrun.duration-type: "histogram" + metrics.pipelinerun.level: "pipeline" + metrics.pipelinerun.duration-type: "histogram" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: tekton-results-observability + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.12.1 + name: tekton-results-config-observability + namespace: tekton-pipelines +--- +apiVersion: v1 +data: + maxRetention: "30" + runAt: 5 5 * * 0 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: tekton-results-retention-policy + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.12.1 + name: tekton-results-config-results-retention-policy + namespace: tekton-pipelines +--- +apiVersion: v1 +data: + version: v0.12.1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: tekton-results-info + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.12.1 + name: tekton-results-info + namespace: tekton-pipelines +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: tekton-results-api + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.12.1 + name: tekton-results-api-service + namespace: tekton-pipelines +spec: + ports: + - name: server + port: 8080 + protocol: TCP + targetPort: 8080 + - name: prometheus + port: 9090 + protocol: TCP + targetPort: 9090 + - name: profiling + port: 6060 + protocol: TCP + targetPort: 6060 + selector: + app.kubernetes.io/name: tekton-results-api + app.kubernetes.io/version: v0.12.1 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: tekton-results-watcher + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.12.1 + name: tekton-results-watcher + namespace: tekton-pipelines +spec: + ports: + - name: metrics + port: 9090 + - name: profiling + port: 8008 + selector: + app.kubernetes.io/name: tekton-results-watcher + app.kubernetes.io/version: v0.12.1 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: tekton-results-api + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.12.1 + name: tekton-results-api + namespace: tekton-pipelines +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: tekton-results-api + app.kubernetes.io/version: v0.12.1 + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app.kubernetes.io/name: tekton-results-api + app.kubernetes.io/version: v0.12.1 + spec: + containers: + - env: + - name: DB_USER + valueFrom: + secretKeyRef: + key: POSTGRES_USER + name: tekton-results-postgres + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: POSTGRES_PASSWORD + name: tekton-results-postgres + image: gcr.io/tekton-releases/github.com/tektoncd/results/cmd/api:v0.12.1@sha256:9020aecc838d13505f742a7f0cea10245bc0eeaa7684672639b0f366250b4c9a + livenessProbe: + httpGet: + path: /healthz + port: 8080 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 + name: api + readinessProbe: + httpGet: + path: /healthz + port: 8080 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + startupProbe: + failureThreshold: 10 + httpGet: + path: /healthz + port: 8080 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tekton/results + name: config + readOnly: true + - mountPath: /etc/tls + name: tls + readOnly: true + serviceAccountName: tekton-results-api + volumes: + - configMap: + name: tekton-results-api-config + name: config + - name: tls + secret: + secretName: tekton-results-tls +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: tekton-results-retention-policy-agent + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.12.1 + name: tekton-results-retention-policy-agent + namespace: tekton-pipelines +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: tekton-results-retention-policy-agent + app.kubernetes.io/version: v0.12.1 + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app.kubernetes.io/name: tekton-results-retention-policy-agent + app.kubernetes.io/version: v0.12.1 + spec: + containers: + - env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: tekton-results-config-logging + - name: DB_USER + valueFrom: + secretKeyRef: + key: POSTGRES_USER + name: tekton-results-postgres + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: POSTGRES_PASSWORD + name: tekton-results-postgres + image: gcr.io/tekton-releases/github.com/tektoncd/results/cmd/retention-policy-agent:v0.12.1@sha256:7f725bc5ece7b8d345d586dc4fad2eeb7c58fcd83ae7417be487dfe4572785dd + name: retention-policy-agent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/tekton/results + name: config + readOnly: true + - mountPath: /etc/tls + name: tls + readOnly: true + serviceAccountName: tekton-results-watcher + volumes: + - configMap: + name: tekton-results-api-config + name: config + - name: tls + secret: + secretName: tekton-results-tls +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: tekton-results-watcher + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.12.1 + name: tekton-results-watcher + namespace: tekton-pipelines +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: tekton-results-watcher + app.kubernetes.io/version: v0.12.1 + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app.kubernetes.io/name: tekton-results-watcher + app.kubernetes.io/version: v0.12.1 + spec: + containers: + - args: + - -api_addr + - $(TEKTON_RESULTS_API_SERVICE) + - -auth_mode + - $(AUTH_MODE) + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: tekton-results-config-logging + - name: CONFIG_LEADERELECTION_NAME + value: tekton-results-config-leader-election + - name: CONFIG_OBSERVABILITY_NAME + value: tekton-results-config-observability + - name: METRICS_DOMAIN + value: tekton.dev/results + - name: TEKTON_RESULTS_API_SERVICE + value: tekton-results-api-service.tekton-pipelines.svc.cluster.local:8080 + - name: AUTH_MODE + value: token + image: gcr.io/tekton-releases/github.com/tektoncd/results/cmd/watcher:v0.12.1@sha256:d89e018cf6865f2b4d0697f3edb82d25607d360642534470a5eb1ac1e720650a + name: watcher + ports: + - containerPort: 9090 + name: metrics + - containerPort: 8008 + name: profiling + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/tls + name: tls + readOnly: true + serviceAccountName: tekton-results-watcher + volumes: + - name: tls + secret: + secretName: tekton-results-tls + +--- +apiVersion: v1 +data: + POSTGRES_DB: tekton-results +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: tekton-results-postgres + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: devel + name: tekton-results-postgres + namespace: tekton-pipelines +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: tekton-results-postgres + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: devel + name: tekton-results-postgres-service + namespace: tekton-pipelines +spec: + ports: + - name: postgres + port: 5432 + selector: + app.kubernetes.io/name: tekton-results-postgres + app.kubernetes.io/version: devel + type: NodePort +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app.kubernetes.io/name: tekton-results-postgres + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: devel + name: tekton-results-postgres + namespace: tekton-pipelines +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: tekton-results-postgres + app.kubernetes.io/version: devel + serviceName: postgres + template: + metadata: + labels: + app.kubernetes.io/name: tekton-results-postgres + app.kubernetes.io/version: devel + spec: + containers: + - envFrom: + - configMapRef: + name: tekton-results-postgres + - secretRef: + name: tekton-results-postgres + image: bitnami/postgresql@sha256:35c57c2abb3775004d4a247b1119b2e436b0ef620c9236c64aebce373b58ff9a + name: postgres + ports: + - containerPort: 5432 + name: postgredb + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /bitnami/postgresql + name: postgredb + volumeClaimTemplates: + - metadata: + labels: + app.kubernetes.io/version: devel + name: postgredb + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi diff --git a/cmd/kubernetes/operator/kodata/tekton-trigger/0.29.1/00-triggers.yaml b/cmd/kubernetes/operator/kodata/tekton-trigger/0.29.1/00-triggers.yaml new file mode 100644 index 0000000000..7409bac364 --- /dev/null +++ b/cmd/kubernetes/operator/kodata/tekton-trigger/0.29.1/00-triggers.yaml @@ -0,0 +1,1648 @@ +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-triggers-admin + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +rules: + - apiGroups: [""] + resources: ["configmaps", "services", "events"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["apps"] + resources: ["deployments", "deployments/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["triggers.tekton.dev"] + resources: ["clustertriggerbindings", "clusterinterceptors", "interceptors", "eventlisteners", "triggerbindings", "triggertemplates", "triggers", "eventlisteners/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["triggers.tekton.dev"] + resources: ["clustertriggerbindings/status", "clusterinterceptors/status", "interceptors/status", "eventlisteners/status", "triggerbindings/status", "triggertemplates/status", "triggers/status"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + # We uses leases for leaderelection + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["serving.knative.dev"] + resources: ["*", "*/status", "*/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "deletecollection", "patch", "watch"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get"] + # The webhook configured the namespace as the OwnerRef on various cluster-scoped resources, + # which requires we can Get the system namespace. + resourceNames: ["tekton-pipelines"] + - apiGroups: [""] + resources: ["namespaces/finalizers"] + verbs: ["update"] + # The webhook configured the namespace as the OwnerRef on various cluster-scoped resources, + # which requires we can update the system namespace finalizers. + resourceNames: ["tekton-pipelines"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-triggers-core-interceptors + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-triggers-core-interceptors-secrets + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +rules: + - apiGroups: ["triggers.tekton.dev"] + resources: ["clusterinterceptors"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch", "update"] + resourceNames: ["tekton-triggers-core-interceptors-certs"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-triggers-eventlistener-roles + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +rules: + - apiGroups: ["triggers.tekton.dev"] + resources: ["eventlisteners", "triggerbindings", "interceptors", "triggertemplates", "triggers"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["pipelineruns", "pipelineresources", "taskruns"] + verbs: ["create"] + - apiGroups: [""] + resources: ["serviceaccounts"] + verbs: ["impersonate"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-triggers-eventlistener-clusterroles + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +rules: + - apiGroups: ["triggers.tekton.dev"] + resources: ["clustertriggerbindings", "clusterinterceptors"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: when multi-tenant EventListener progresses, moving this Role +# to a ClusterRole is not the advisable path. Additional Roles that +# adds access to Secrets to the Namespaces managed by the multi-tenant +# EventListener is what should be done. While not as simple, it avoids +# giving access to K8S system level, cluster admin privileged level Secrets + +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-triggers-admin-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: tekton-triggers-info + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +rules: + # All system:authenticated users needs to have access + # of the triggers-info ConfigMap even if they don't + # have access to the other resources present in the + # installed namespace. + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["triggers-info"] + verbs: ["get"] + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-triggers-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-triggers-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-triggers-controller-admin + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +subjects: + - kind: ServiceAccount + name: tekton-triggers-controller + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-triggers-admin + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-triggers-webhook-admin + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +subjects: + - kind: ServiceAccount + name: tekton-triggers-webhook + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-triggers-admin + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-triggers-core-interceptors + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +subjects: + - kind: ServiceAccount + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-triggers-core-interceptors + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-triggers-core-interceptors-secrets + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +subjects: + - kind: ServiceAccount + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-triggers-core-interceptors-secrets + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-triggers-webhook-admin + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +subjects: + - kind: ServiceAccount + name: tekton-triggers-webhook + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-triggers-admin-webhook + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +subjects: + - kind: ServiceAccount + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-triggers-core-interceptors + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-triggers-info + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +subjects: + # Giving all system:authenticated users the access of the + # ConfigMap which contains version information. + - kind: Group + name: system:authenticated + apiGroup: rbac.authorization.k8s.io +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: tekton-triggers-info + +--- +# Copyright 2021 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterinterceptors.triggers.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.29.1" + version: "v0.29.1" +spec: + group: triggers.tekton.dev + scope: Cluster + names: + kind: ClusterInterceptor + plural: clusterinterceptors + singular: clusterinterceptor + shortNames: + - ci + categories: + - tekton + - tekton-triggers + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clustertriggerbindings.triggers.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.29.1" + version: "v0.29.1" +spec: + group: triggers.tekton.dev + scope: Cluster + names: + kind: ClusterTriggerBinding + plural: clustertriggerbindings + singular: clustertriggerbinding + shortNames: + - ctb + categories: + - tekton + - tekton-triggers + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + - name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: eventlisteners.triggers.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.29.1" + version: "v0.29.1" +spec: + group: triggers.tekton.dev + scope: Namespaced + names: + kind: EventListener + plural: eventlisteners + singular: eventlistener + shortNames: + - el + categories: + - tekton + - tekton-triggers + versions: + - name: v1beta1 + served: true + storage: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Address + type: string + jsonPath: .status.address.url + - name: Available + type: string + jsonPath: ".status.conditions[?(@.type=='Available')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Available')].reason" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + - name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + additionalPrinterColumns: + - name: Address + type: string + jsonPath: .status.address.url + - name: Available + type: string + jsonPath: ".status.conditions[?(@.type=='Available')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Available')].reason" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: interceptors.triggers.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.29.1" + version: "v0.29.1" +spec: + group: triggers.tekton.dev + scope: Namespaced + names: + kind: Interceptor + plural: interceptors + singular: interceptor + shortNames: + - ni + categories: + - tekton + - tekton-triggers + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: triggers.triggers.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.29.1" + version: "v0.29.1" +spec: + group: triggers.tekton.dev + scope: Namespaced + names: + kind: Trigger + plural: triggers + singular: trigger + shortNames: + - tri + categories: + - tekton + - tekton-triggers + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + - name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: triggerbindings.triggers.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.29.1" + version: "v0.29.1" +spec: + group: triggers.tekton.dev + scope: Namespaced + names: + kind: TriggerBinding + plural: triggerbindings + singular: triggerbinding + shortNames: + - tb + categories: + - tekton + - tekton-triggers + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: triggertemplates.triggers.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.29.1" + version: "v0.29.1" +spec: + group: triggers.tekton.dev + scope: Namespaced + names: + kind: TriggerTemplate + plural: triggertemplates + singular: triggertemplate + shortNames: + - tt + categories: + - tekton + - tekton-triggers + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: triggers-webhook-certs + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.29.1" +# The data is populated at install time. +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.webhook.triggers.tekton.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.29.1" +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: tekton-triggers-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: validation.webhook.triggers.tekton.dev +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: webhook.triggers.tekton.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.29.1" +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: tekton-triggers-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: webhook.triggers.tekton.dev +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: config.webhook.triggers.tekton.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.29.1" +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: tekton-triggers-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: config.webhook.triggers.tekton.dev + namespaceSelector: + matchExpressions: + - key: triggers.tekton.dev/release + operator: Exists + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-triggers-aggregate-edit + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - triggers.tekton.dev + resources: + - clustertriggerbindings + - clusterinterceptors + - eventlisteners + - interceptors + - triggers + - triggerbindings + - triggertemplates + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-triggers-aggregate-view + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: + - apiGroups: + - triggers.tekton.dev + resources: + - clustertriggerbindings + - clusterinterceptors + - eventlisteners + - interceptors + - triggers + - triggerbindings + - triggertemplates + verbs: + - get + - list + - watch + +--- +# Copyright 2021 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-defaults-triggers + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # default-service-account contains the default service account name + # to use for TaskRun and PipelineRun, if none is specified. + default-service-account: "default" + default-run-as-user: "65532" + default-run-as-group: "65532" + default-fs-group: "65532" + default-run-as-non-root: "true" # allowed values are true and false + +--- +# Copyright 2021 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: feature-flags-triggers + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # Setting this flag will determine which gated features are enabled. + # Acceptable values are "stable" or "alpha". + enable-api-fields: "stable" + # Setting this field with valid regex pattern matching the pattern will exclude labels from + # getting added to resources created by the EventListener such as the deployment + labels-exclusion-pattern: "" + +--- +# Copyright 2021 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: triggers-info + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +data: + # Contains triggers version which can be queried by external + # tools such as CLI. Elevated permissions are already given to + # this ConfigMap such that even if we don't have access to + # other resources in the namespace we still can have access to + # this ConfigMap. + version: "v0.29.1" + +--- +# Copyright 2023 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-leader-election-triggers-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" + +--- +# Copyright 2023 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-leader-election-triggers-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" + +--- +# Copyright 2019 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-logging-triggers + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +data: + # Common configuration for all knative codebase + zap-logger-config: | + { + "level": "info", + "development": false, + "disableStacktrace": true, + "sampling": { + "initial": 100, + "thereafter": 100 + }, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "timestamp", + "levelKey": "severity", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "message", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "iso8601", + "durationEncoder": "", + "callerEncoder": "" + } + } + # Log level overrides + loglevel.controller: "info" + loglevel.webhook: "info" + loglevel.eventlistener: "info" + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-observability-triggers + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # metrics.backend-destination field specifies the system metrics destination. + # It supports either prometheus (the default) or stackdriver. + # Note: Using stackdriver will incur additional charges + metrics.backend-destination: prometheus + + # metrics.stackdriver-project-id field specifies the stackdriver project ID. This + # field is optional. When running on GCE, application default credentials will be + # used if this field is not provided. + metrics.stackdriver-project-id: "" + + # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to + # Stackdriver using "global" resource type and custom metric type if the + # metrics are not supported by "knative_revision" resource type. Setting this + # flag to "true" could cause extra Stackdriver charge. + # If metrics.backend-destination is not Stackdriver, this is ignored. + metrics.allow-stackdriver-custom-metrics: "false" + +--- +# Copyright 2019 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.29.1" + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.29.1" + app: tekton-triggers-controller + version: "v0.29.1" + name: tekton-triggers-controller + namespace: tekton-pipelines +spec: + ports: + - name: http-metrics + port: 9000 + protocol: TCP + targetPort: 9000 + selector: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-triggers-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.29.1" + app.kubernetes.io/part-of: tekton-triggers + # tekton.dev/release value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml + triggers.tekton.dev/release: "v0.29.1" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + template: + metadata: + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.29.1" + app.kubernetes.io/part-of: tekton-triggers + app: tekton-triggers-controller + triggers.tekton.dev/release: "v0.29.1" + # version value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml + version: "v0.29.1" + spec: + serviceAccountName: tekton-triggers-controller + containers: + - name: tekton-triggers-controller + image: "gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/controller:v0.29.1@sha256:34aa909bd6de6b24c78004bbd5eac0d8d1f438bba4be5beb385b61b88977bffe" + args: ["-logtostderr", "-stderrthreshold", "INFO", "-el-image", "gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/eventlistenersink:v0.29.1@sha256:d12845f2d3aea7a35616e94959e7b3b2e07386ac9121dae9d6eba91606fb03db", "-el-port", "8080", "-el-security-context=true", "-el-read-only-root-filesystem=true", "-el-events", "disable", "-el-readtimeout", "5", "-el-writetimeout", "40", "-el-idletimeout", "120", "-el-timeouthandler", "30", "-el-httpclient-readtimeout", "30", "-el-httpclient-keep-alive", "30", "-el-httpclient-tlshandshaketimeout", "10", "-el-httpclient-responseheadertimeout", "10", "-el-httpclient-expectcontinuetimeout", "1", "-period-seconds", "10", "-failure-threshold", "3"] + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging-triggers + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability-triggers + - name: CONFIG_DEFAULTS_NAME + value: config-defaults-triggers + - name: METRICS_DOMAIN + value: tekton.dev/triggers + - name: METRICS_PROMETHEUS_PORT + value: "9000" + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election-triggers-controllers + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - "ALL" + # User 65532 is the distroless nonroot user ID + runAsUser: 65532 + runAsGroup: 65532 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: tekton-triggers-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.29.1" + app.kubernetes.io/part-of: tekton-triggers + app: tekton-triggers-webhook + version: "v0.29.1" + triggers.tekton.dev/release: "v0.29.1" +spec: + ports: + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-triggers-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.29.1" + app.kubernetes.io/part-of: tekton-triggers + # tekton.dev/release value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml + triggers.tekton.dev/release: "v0.29.1" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + template: + metadata: + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.29.1" + app.kubernetes.io/part-of: tekton-triggers + app: tekton-triggers-webhook + triggers.tekton.dev/release: "v0.29.1" + # version value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml + version: "v0.29.1" + spec: + serviceAccountName: tekton-triggers-webhook + containers: + - name: webhook + # This is the Go import path for the binary that is containerized + # and substituted here. + image: "gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/webhook:v0.29.1@sha256:6ec798175d57ad3fef752b6c2eddab78145d0d4e1472c79535bf4d9772cd1cca" + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging-triggers + - name: WEBHOOK_SERVICE_NAME + value: tekton-triggers-webhook + - name: WEBHOOK_SECRET_NAME + value: triggers-webhook-certs + - name: METRICS_DOMAIN + value: tekton.dev/triggers + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election-triggers-webhook + ports: + - name: metrics + containerPort: 9000 + - name: profiling + containerPort: 8008 + - name: https-webhook + containerPort: 8443 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + # User 65532 is the distroless nonroot user ID + runAsUser: 65532 + runAsGroup: 65532 + runAsNonRoot: true + capabilities: + drop: + - "ALL" + seccompProfile: + type: RuntimeDefault + +--- diff --git a/cmd/kubernetes/operator/kodata/tekton-trigger/0.29.1/01-interceptors.yaml b/cmd/kubernetes/operator/kodata/tekton-trigger/0.29.1/01-interceptors.yaml new file mode 100644 index 0000000000..be9138909d --- /dev/null +++ b/cmd/kubernetes/operator/kodata/tekton-trigger/0.29.1/01-interceptors.yaml @@ -0,0 +1,230 @@ +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: tekton-triggers-core-interceptors-certs + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: core-interceptors + app.kubernetes.io/component: interceptors + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.29.1" +# The data is populated at install time. + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: core-interceptors + app.kubernetes.io/component: interceptors + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.29.1" + app.kubernetes.io/part-of: tekton-triggers + # tekton.dev/release value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml + triggers.tekton.dev/release: "v0.29.1" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: core-interceptors + app.kubernetes.io/component: interceptors + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + template: + metadata: + labels: + app.kubernetes.io/name: core-interceptors + app.kubernetes.io/component: interceptors + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.29.1" + app.kubernetes.io/part-of: tekton-triggers + app: tekton-triggers-core-interceptors + triggers.tekton.dev/release: "v0.29.1" + # version value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml + version: "v0.29.1" + spec: + serviceAccountName: tekton-triggers-core-interceptors + containers: + - name: tekton-triggers-core-interceptors + image: "gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/interceptors:v0.29.1@sha256:8de2dd26b46ce62270597b1be6c2a102fcc8828128c186ccc97aa0570f0f8656" + ports: + - containerPort: 8443 + args: ["-logtostderr", "-stderrthreshold", "INFO"] + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging-triggers + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability-triggers + - name: METRICS_DOMAIN + value: tekton.dev/triggers + # assuming service and deployment names are same always for consistency + - name: INTERCEPTOR_TLS_SVC_NAME + value: tekton-triggers-core-interceptors + - name: INTERCEPTOR_TLS_SECRET_NAME + value: tekton-triggers-core-interceptors-certs + readinessProbe: + httpGet: + path: /ready + port: 8443 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + # User 65532 is the distroless nonroot user ID + runAsUser: 65532 + runAsGroup: 65532 + runAsNonRoot: true + capabilities: + drop: + - "ALL" + seccompProfile: + type: RuntimeDefault +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: tekton-triggers-core-interceptors + app.kubernetes.io/component: interceptors + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.29.1" + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.29.1" + app: tekton-triggers-core-interceptors + version: "v0.29.1" + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines +spec: + ports: + - name: "https" + port: 8443 + selector: + app.kubernetes.io/name: core-interceptors + app.kubernetes.io/component: interceptors + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + +--- +# Copyright 2021 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: triggers.tekton.dev/v1alpha1 +kind: ClusterInterceptor +metadata: + name: cel + labels: + server/type: https +spec: + clientConfig: + service: + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines + path: "cel" + port: 8443 +--- +apiVersion: triggers.tekton.dev/v1alpha1 +kind: ClusterInterceptor +metadata: + name: bitbucket + labels: + server/type: https +spec: + clientConfig: + service: + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines + path: "bitbucket" + port: 8443 +--- +apiVersion: triggers.tekton.dev/v1alpha1 +kind: ClusterInterceptor +metadata: + name: slack + labels: + server/type: https +spec: + clientConfig: + service: + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines + path: "slack" + port: 8443 +--- +apiVersion: triggers.tekton.dev/v1alpha1 +kind: ClusterInterceptor +metadata: + name: github + labels: + server/type: https +spec: + clientConfig: + service: + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines + path: "github" + port: 8443 +--- +apiVersion: triggers.tekton.dev/v1alpha1 +kind: ClusterInterceptor +metadata: + name: gitlab + labels: + server/type: https +spec: + clientConfig: + service: + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines + path: "gitlab" + port: 8443 + +--- diff --git a/cmd/openshift/operator/kodata/manual-approval-gate/0.3.0/release-openshift.yaml b/cmd/openshift/operator/kodata/manual-approval-gate/0.3.0/release-openshift.yaml new file mode 100644 index 0000000000..21631ab006 --- /dev/null +++ b/cmd/openshift/operator/kodata/manual-approval-gate/0.3.0/release-openshift.yaml @@ -0,0 +1,719 @@ +# Copyright 2022 The OpenShift Pipelines Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: manual-approval-gate-controller + namespace: openshift-pipelines + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: manual-approval-gate-webhook + namespace: openshift-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates + +--- +# Copyright 2022 The OpenShift Pipelines Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: manual-approval-gate-controller-cluster-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +rules: + # Controller needs cluster access to all of the CRDs that it is responsible for managing. + - apiGroups: ["tekton.dev"] + resources: ["runs", "taskruns", "customruns"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["tasks"] + verbs: ["get", "list"] + - apiGroups: ["tekton.dev"] + resources: ["runs/status", "taskruns/status", "customruns/status"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["openshift-pipelines.org"] + resources: ["approvaltasks"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["taskruns/finalizers", "pipelineruns/finalizers", "runs/finalizers", "customruns/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["runs/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["openshift-pipelines.org"] + resources: ["approvaltasks/status"] + verbs: ["update", "patch", "get"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + # This is the access that the controller needs on a per-namespace basis. + name: manual-approval-gate-controller-tenant-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: manual-approval-gate-webhook-cluster-access + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +rules: + # The webhook needs to be able to list and update customresourcedefinitions, + # mainly to update the webhook certificates. + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions", "customresourcedefinitions/status"] + verbs: ["get", "list", "update", "patch", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + # The webhook performs a reconciliation on these two resources and continuously + # updates configuration. + resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] + # knative starts informers on these things, which is why we need get, list and watch. + verbs: ["list", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations"] + # This mutating webhook is responsible for applying defaults to tekton objects + # as they are received. + resourceNames: ["webhook.approvaltask.openshift.org"] + # When there are changes to the configs or secrets, knative updates the mutatingwebhook config + # with the updated certificates or the refreshed set of rules. + verbs: ["get", "update"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + # validation.webhook.approvaltask.openshift.org performs schema validation when you, for example, create TaskLoops. + resourceNames: ["validation.webhook.manual-approval.openshift-pipelines.org"] + # When there are changes to the configs or secrets, knative updates the validatingwebhook config + # with the updated certificates or the refreshed set of rules. + verbs: ["get", "list", "update", "patch", "watch", "delete", "create"] + - apiGroups: ["openshift-pipelines.org"] + resources: ["approvaltasks"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["openshift-pipelines.org"] + resources: ["approvaltasks/status"] + verbs: ["update", "patch", "create"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: manual-approval-gate-leader-election + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +rules: + # We uses leases for leaderelection + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + +--- +# Copyright 2022 The OpenShift Pipelines Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: manual-approval-gate-controller + namespace: openshift-pipelines + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["list", "watch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + resourceNames: ["manual-approval-config-leader-election", "config-logging", "config-observability"] +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: manual-approval-gate-webhook + namespace: openshift-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["list", "watch"] + # The webhook needs access to these configmaps for logging information. + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + resourceNames: ["config-logging", "config-observability", "manual-approval-config-leader-election"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["list", "watch"] + # The webhook daemon makes a reconciliation loop on manual-approval-gate-webhook-certs. Whenever + # the secret changes it updates the webhook configurations with the certificates + # stored in the secret. + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "update"] + resourceNames: ["manual-approval-gate-webhook-certs"] + +--- +# Copyright 2022 The OpenShift Pipelines Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: manual-approval-gate-controller + namespace: openshift-pipelines + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +subjects: + - kind: ServiceAccount + name: manual-approval-gate-controller + namespace: openshift-pipelines +roleRef: + kind: Role + name: manual-approval-gate-controller + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: manual-approval-gate-webhook + namespace: openshift-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +subjects: + - kind: ServiceAccount + name: manual-approval-gate-webhook + namespace: openshift-pipelines +roleRef: + kind: Role + name: manual-approval-gate-webhook + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2022 The OpenShift Pipelines Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: manual-approval-gate-controller-cluster-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +subjects: + - kind: ServiceAccount + name: manual-approval-gate-controller + namespace: openshift-pipelines + - kind: Group + name: system:authenticated + apiGroup: rbac.authorization.k8s.io +roleRef: + kind: ClusterRole + name: manual-approval-gate-controller-cluster-access + apiGroup: rbac.authorization.k8s.io +--- +# If this ClusterRoleBinding is replaced with a RoleBinding +# then the ClusterRole would be namespaced. The access described by +# the tekton-taskgroup-controller-tenant-access ClusterRole would +# be scoped to individual tenant namespaces. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: manual-approval-gate-controller-tenant-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +subjects: + - kind: ServiceAccount + name: manual-approval-gate-controller + namespace: openshift-pipelines +roleRef: + kind: ClusterRole + name: manual-approval-gate-controller-tenant-access + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: manual-approval-gate-controller-leaderelection + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +subjects: + - kind: ServiceAccount + name: manual-approval-gate-controller + namespace: openshift-pipelines +roleRef: + kind: ClusterRole + name: manual-approval-gate-leader-election + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: manual-approval-gate-webhook-cluster-access + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +subjects: + - kind: ServiceAccount + name: manual-approval-gate-webhook + namespace: openshift-pipelines +roleRef: + kind: ClusterRole + name: manual-approval-gate-webhook-cluster-access + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: manual-approval-gate-webhook-leaderelection + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +subjects: + - kind: ServiceAccount + name: manual-approval-gate-webhook + namespace: openshift-pipelines +roleRef: + kind: ClusterRole + name: manual-approval-gate-leader-election + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2022 The OpenShift Pipelines Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: approvaltasks.openshift-pipelines.org + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates + pipeline.tekton.dev/release: "devel" + version: "v0.3.0" +spec: + group: openshift-pipelines.org + preserveUnknownFields: false + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: ApprovalTask + plural: approvaltasks + categories: + - tekton + - openshift-pipelines + scope: Namespaced + +--- +# Copyright 2024 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: manual-approval-gate-webhook-certs + namespace: openshift-pipelines +# The data is populated at install time. +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.webhook.manual-approval.openshift-pipelines.org +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: manual-approval-webhook + namespace: openshift-pipelines + failurePolicy: Fail + sideEffects: None + name: validation.webhook.manual-approval.openshift-pipelines.org +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: manual-approval-config-leader-election + namespace: openshift-pipelines + labels: + operator.tekton.dev/release: devel + app.kubernetes.io/instance: default +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" + +--- +# Copyright 2022 The OpenShift Pipelines Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: manual-approval-gate-controller + namespace: openshift-pipelines + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.3.0" + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "devel" + # labels below are related to istio and should not be used for resource lookup + version: "v0.3.0" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.3.0" + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "devel" + # labels below are related to istio and should not be used for resource lookup + app: tekton-taskgroup-controller + version: "v0.3.0" + spec: + serviceAccountName: manual-approval-gate-controller + containers: + - name: tekton-taskgroup-controller + image: ghcr.io/openshift-pipelines/manual-approval-gate/controller-b21cda49f4c608e77b59fc6a3bf67c9e:v0.3.0@sha256:eabc17a5598be5d5aa1e626ed6ad76f3b6a67294a7ddc2e59f092fa5467bb9d8 + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LEADERELECTION_NAME + value: manual-approval-config-leader-election + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: openshift-pipelines.org/manual-approval-gate + securityContext: + seccompProfile: + type: RuntimeDefault + # runAsNonRoot: true + allowPrivilegeEscalation: false + # runAsUser: 65532 + capabilities: + drop: + - ALL + +--- +# Copyright 2024 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: manual-approval-gate-webhook + namespace: openshift-pipelines + labels: + version: "v0.3.0" +spec: + replicas: 1 + selector: + matchLabels: + name: manual-approval-gate-webhook + template: + metadata: + labels: + name: manual-approval-gate-webhook + app: manual-approval-gate-webhook + spec: + serviceAccountName: manual-approval-gate-webhook + containers: + - name: manual-approval + image: "ghcr.io/openshift-pipelines/manual-approval-gate/webhook-3d5568be3d188037c7bf9bfde2cf1321:v0.3.0@sha256:c7ec84de1eb5645384c5138e117438a5209fc6abc6ade0b9e7ec35f2a0b8ea7e" + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: WEBHOOK_SERVICE_NAME + value: manual-approval-webhook + - name: WEBHOOK_SECRET_NAME + value: manual-approval-gate-webhook-certs + - name: CONFIG_LEADERELECTION_NAME + value: manual-approval-config-leader-election + ports: + - name: https-webhook + containerPort: 8443 + securityContext: + seccompProfile: + type: RuntimeDefault + # runAsNonRoot: true + allowPrivilegeEscalation: false + # runAsUser: 65532 + capabilities: + drop: + - ALL +--- +apiVersion: v1 +kind: Service +metadata: + name: manual-approval-webhook + namespace: openshift-pipelines + labels: + version: "v0.3.0" +spec: + ports: + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + name: manual-approval-gate-webhook + +--- +# Copyright 2024 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: manual-approval-gate-info + namespace: openshift-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: manual-approval-gate +data: + version: "v0.3.0" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: manual-approval-gate-info + namespace: openshift-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: manual-approval-gate +rules: + # All system:authenticated users need to have access + # to the manual-approval-gate-info ConfigMap even if they don't + # have access to other resources present in the + # installed namespace + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["manual-approval-gate-info"] + verbs: ["get"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: manual-approval-gate-info + namespace: openshift-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: manual-approval-gate +subjects: + # Giving all system:authenticated users the access to the + # ConfigMap which contains version information + - kind: Group + name: system:authenticated + apiGroup: rbac.authorization.k8s.io +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: manual-approval-gate-info + +--- diff --git a/cmd/openshift/operator/kodata/manual-approval-gate/0.4.0/release-openshift.yaml b/cmd/openshift/operator/kodata/manual-approval-gate/0.4.0/release-openshift.yaml new file mode 100644 index 0000000000..dfeaf2427e --- /dev/null +++ b/cmd/openshift/operator/kodata/manual-approval-gate/0.4.0/release-openshift.yaml @@ -0,0 +1,719 @@ +# Copyright 2022 The OpenShift Pipelines Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: manual-approval-gate-controller + namespace: openshift-pipelines + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: manual-approval-gate-webhook + namespace: openshift-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates + +--- +# Copyright 2022 The OpenShift Pipelines Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: manual-approval-gate-controller-cluster-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +rules: + # Controller needs cluster access to all of the CRDs that it is responsible for managing. + - apiGroups: ["tekton.dev"] + resources: ["runs", "taskruns", "customruns"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["tasks"] + verbs: ["get", "list"] + - apiGroups: ["tekton.dev"] + resources: ["runs/status", "taskruns/status", "customruns/status"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["openshift-pipelines.org"] + resources: ["approvaltasks"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["taskruns/finalizers", "pipelineruns/finalizers", "runs/finalizers", "customruns/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["runs/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["openshift-pipelines.org"] + resources: ["approvaltasks/status"] + verbs: ["update", "patch", "get"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + # This is the access that the controller needs on a per-namespace basis. + name: manual-approval-gate-controller-tenant-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: manual-approval-gate-webhook-cluster-access + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +rules: + # The webhook needs to be able to list and update customresourcedefinitions, + # mainly to update the webhook certificates. + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions", "customresourcedefinitions/status"] + verbs: ["get", "list", "update", "patch", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + # The webhook performs a reconciliation on these two resources and continuously + # updates configuration. + resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] + # knative starts informers on these things, which is why we need get, list and watch. + verbs: ["list", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations"] + # This mutating webhook is responsible for applying defaults to tekton objects + # as they are received. + resourceNames: ["webhook.approvaltask.openshift.org"] + # When there are changes to the configs or secrets, knative updates the mutatingwebhook config + # with the updated certificates or the refreshed set of rules. + verbs: ["get", "update"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + # validation.webhook.approvaltask.openshift.org performs schema validation when you, for example, create TaskLoops. + resourceNames: ["validation.webhook.manual-approval.openshift-pipelines.org"] + # When there are changes to the configs or secrets, knative updates the validatingwebhook config + # with the updated certificates or the refreshed set of rules. + verbs: ["get", "list", "update", "patch", "watch", "delete", "create"] + - apiGroups: ["openshift-pipelines.org"] + resources: ["approvaltasks"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["openshift-pipelines.org"] + resources: ["approvaltasks/status"] + verbs: ["update", "patch", "create"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: manual-approval-gate-leader-election + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +rules: + # We uses leases for leaderelection + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + +--- +# Copyright 2022 The OpenShift Pipelines Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: manual-approval-gate-controller + namespace: openshift-pipelines + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["list", "watch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + resourceNames: ["manual-approval-config-leader-election", "config-logging", "config-observability"] +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: manual-approval-gate-webhook + namespace: openshift-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["list", "watch"] + # The webhook needs access to these configmaps for logging information. + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + resourceNames: ["config-logging", "config-observability", "manual-approval-config-leader-election"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["list", "watch"] + # The webhook daemon makes a reconciliation loop on manual-approval-gate-webhook-certs. Whenever + # the secret changes it updates the webhook configurations with the certificates + # stored in the secret. + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "update"] + resourceNames: ["manual-approval-gate-webhook-certs"] + +--- +# Copyright 2022 The OpenShift Pipelines Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: manual-approval-gate-controller + namespace: openshift-pipelines + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +subjects: + - kind: ServiceAccount + name: manual-approval-gate-controller + namespace: openshift-pipelines +roleRef: + kind: Role + name: manual-approval-gate-controller + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: manual-approval-gate-webhook + namespace: openshift-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +subjects: + - kind: ServiceAccount + name: manual-approval-gate-webhook + namespace: openshift-pipelines +roleRef: + kind: Role + name: manual-approval-gate-webhook + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2022 The OpenShift Pipelines Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: manual-approval-gate-controller-cluster-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +subjects: + - kind: ServiceAccount + name: manual-approval-gate-controller + namespace: openshift-pipelines + - kind: Group + name: system:authenticated + apiGroup: rbac.authorization.k8s.io +roleRef: + kind: ClusterRole + name: manual-approval-gate-controller-cluster-access + apiGroup: rbac.authorization.k8s.io +--- +# If this ClusterRoleBinding is replaced with a RoleBinding +# then the ClusterRole would be namespaced. The access described by +# the tekton-taskgroup-controller-tenant-access ClusterRole would +# be scoped to individual tenant namespaces. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: manual-approval-gate-controller-tenant-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +subjects: + - kind: ServiceAccount + name: manual-approval-gate-controller + namespace: openshift-pipelines +roleRef: + kind: ClusterRole + name: manual-approval-gate-controller-tenant-access + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: manual-approval-gate-controller-leaderelection + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +subjects: + - kind: ServiceAccount + name: manual-approval-gate-controller + namespace: openshift-pipelines +roleRef: + kind: ClusterRole + name: manual-approval-gate-leader-election + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: manual-approval-gate-webhook-cluster-access + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +subjects: + - kind: ServiceAccount + name: manual-approval-gate-webhook + namespace: openshift-pipelines +roleRef: + kind: ClusterRole + name: manual-approval-gate-webhook-cluster-access + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: manual-approval-gate-webhook-leaderelection + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates +subjects: + - kind: ServiceAccount + name: manual-approval-gate-webhook + namespace: openshift-pipelines +roleRef: + kind: ClusterRole + name: manual-approval-gate-leader-election + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2022 The OpenShift Pipelines Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: approvaltasks.openshift-pipelines.org + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates + pipeline.tekton.dev/release: "devel" + version: "v0.4.0" +spec: + group: openshift-pipelines.org + preserveUnknownFields: false + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: ApprovalTask + plural: approvaltasks + categories: + - tekton + - openshift-pipelines + scope: Namespaced + +--- +# Copyright 2024 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: manual-approval-gate-webhook-certs + namespace: openshift-pipelines +# The data is populated at install time. +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.webhook.manual-approval.openshift-pipelines.org +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: manual-approval-webhook + namespace: openshift-pipelines + failurePolicy: Fail + sideEffects: None + name: validation.webhook.manual-approval.openshift-pipelines.org +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: manual-approval-config-leader-election + namespace: openshift-pipelines + labels: + operator.tekton.dev/release: devel + app.kubernetes.io/instance: default +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" + +--- +# Copyright 2022 The OpenShift Pipelines Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: manual-approval-gate-controller + namespace: openshift-pipelines + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.4.0" + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "devel" + # labels below are related to istio and should not be used for resource lookup + version: "v0.4.0" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.4.0" + app.kubernetes.io/part-of: openshift-pipelines-manual-approval-gates + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "devel" + # labels below are related to istio and should not be used for resource lookup + app: tekton-taskgroup-controller + version: "v0.4.0" + spec: + serviceAccountName: manual-approval-gate-controller + containers: + - name: tekton-taskgroup-controller + image: ghcr.io/openshift-pipelines/manual-approval-gate/controller-b21cda49f4c608e77b59fc6a3bf67c9e:v0.4.0@sha256:b11dc07401cdf251fb1f1a21186f982db216fbb4a57c2793fb8f003973fb92eb + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LEADERELECTION_NAME + value: manual-approval-config-leader-election + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: openshift-pipelines.org/manual-approval-gate + securityContext: + seccompProfile: + type: RuntimeDefault + # runAsNonRoot: true + allowPrivilegeEscalation: false + # runAsUser: 65532 + capabilities: + drop: + - ALL + +--- +# Copyright 2024 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: manual-approval-gate-webhook + namespace: openshift-pipelines + labels: + version: "v0.4.0" +spec: + replicas: 1 + selector: + matchLabels: + name: manual-approval-gate-webhook + template: + metadata: + labels: + name: manual-approval-gate-webhook + app: manual-approval-gate-webhook + spec: + serviceAccountName: manual-approval-gate-webhook + containers: + - name: manual-approval + image: "ghcr.io/openshift-pipelines/manual-approval-gate/webhook-3d5568be3d188037c7bf9bfde2cf1321:v0.4.0@sha256:5a6db9739ce59f9180e09d98eae03a158d271693a97d99c544d7e9a766cb4333" + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: WEBHOOK_SERVICE_NAME + value: manual-approval-webhook + - name: WEBHOOK_SECRET_NAME + value: manual-approval-gate-webhook-certs + - name: CONFIG_LEADERELECTION_NAME + value: manual-approval-config-leader-election + ports: + - name: https-webhook + containerPort: 8443 + securityContext: + seccompProfile: + type: RuntimeDefault + # runAsNonRoot: true + allowPrivilegeEscalation: false + # runAsUser: 65532 + capabilities: + drop: + - ALL +--- +apiVersion: v1 +kind: Service +metadata: + name: manual-approval-webhook + namespace: openshift-pipelines + labels: + version: "v0.4.0" +spec: + ports: + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + name: manual-approval-gate-webhook + +--- +# Copyright 2024 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: manual-approval-gate-info + namespace: openshift-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: manual-approval-gate +data: + version: "v0.4.0" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: manual-approval-gate-info + namespace: openshift-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: manual-approval-gate +rules: + # All system:authenticated users need to have access + # to the manual-approval-gate-info ConfigMap even if they don't + # have access to other resources present in the + # installed namespace + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["manual-approval-gate-info"] + verbs: ["get"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: manual-approval-gate-info + namespace: openshift-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: manual-approval-gate +subjects: + # Giving all system:authenticated users the access to the + # ConfigMap which contains version information + - kind: Group + name: system:authenticated + apiGroup: rbac.authorization.k8s.io +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: manual-approval-gate-info + +--- diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/02-clustertasks/source_external/git-clone/git-clone-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/02-clustertasks/source_external/git-clone/git-clone-task.yaml new file mode 100644 index 0000000000..ec0a72c158 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/02-clustertasks/source_external/git-clone/git-clone-task.yaml @@ -0,0 +1,247 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/tektoncd/catalog/main/task/git-clone/0.9/git-clone.yaml +# +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: git-clone + labels: + app.kubernetes.io/version: "0.9" + annotations: + tekton.dev/pipelines.minVersion: "0.38.0" + tekton.dev/categories: Git + tekton.dev/tags: git + tekton.dev/displayName: "git clone" + tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" +spec: + description: >- + These Tasks are Git tasks to work with repositories used by other tasks + in your Pipeline. + + The git-clone Task will clone a repo from the provided url into the + output Workspace. By default the repo will be cloned into the root of + your Workspace. You can clone into a subdirectory by setting this Task's + subdirectory param. This Task also supports sparse checkouts. To perform + a sparse checkout, pass a list of comma separated directory patterns to + this Task's sparseCheckoutDirectories param. + workspaces: + - name: output + description: The git repo will be cloned onto the volume backing this Workspace. + - name: ssh-directory + optional: true + description: | + A .ssh directory with private key, known_hosts, config, etc. Copied to + the user's home before git commands are executed. Used to authenticate + with the git remote when performing the clone. Binding a Secret to this + Workspace is strongly recommended over other volume types. + - name: basic-auth + optional: true + description: | + A Workspace containing a .gitconfig and .git-credentials file. These + will be copied to the user's home before any git commands are run. Any + other files in this Workspace are ignored. It is strongly recommended + to use ssh-directory over basic-auth whenever possible and to bind a + Secret to this Workspace over other volume types. + - name: ssl-ca-directory + optional: true + description: | + A workspace containing CA certificates, this will be used by Git to + verify the peer with when fetching or pushing over HTTPS. + params: + - name: url + description: Repository URL to clone from. + type: string + - name: revision + description: Revision to checkout. (branch, tag, sha, ref, etc...) + type: string + default: "" + - name: refspec + description: Refspec to fetch before checking out revision. + default: "" + - name: submodules + description: Initialize and fetch git submodules. + type: string + default: "true" + - name: depth + description: Perform a shallow clone, fetching only the most recent N commits. + type: string + default: "1" + - name: sslVerify + description: Set the `http.sslVerify` global git config. Setting this to `false` is not advised unless you are sure that you trust your git remote. + type: string + default: "true" + - name: crtFileName + description: file name of mounted crt using ssl-ca-directory workspace. default value is ca-bundle.crt. + type: string + default: "ca-bundle.crt" + - name: subdirectory + description: Subdirectory inside the `output` Workspace to clone the repo into. + type: string + default: "" + - name: sparseCheckoutDirectories + description: Define the directory patterns to match or exclude when performing a sparse checkout. + type: string + default: "" + - name: deleteExisting + description: Clean out the contents of the destination directory if it already exists before cloning. + type: string + default: "true" + - name: httpProxy + description: HTTP proxy server for non-SSL requests. + type: string + default: "" + - name: httpsProxy + description: HTTPS proxy server for SSL requests. + type: string + default: "" + - name: noProxy + description: Opt out of proxying HTTP/HTTPS requests. + type: string + default: "" + - name: verbose + description: Log the commands that are executed during `git-clone`'s operation. + type: string + default: "true" + - name: gitInitImage + description: The image providing the git-init binary that this Task runs. + type: string + default: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.40.2" + - name: userHome + description: | + Absolute path to the user's home directory. + type: string + default: "/home/git" + results: + - name: commit + description: The precise commit SHA that was fetched by this Task. + - name: url + description: The precise URL that was fetched by this Task. + - name: committer-date + description: The epoch timestamp of the commit that was fetched by this Task. + steps: + - name: clone + image: "$(params.gitInitImage)" + env: + - name: HOME + value: "$(params.userHome)" + - name: PARAM_URL + value: $(params.url) + - name: PARAM_REVISION + value: $(params.revision) + - name: PARAM_REFSPEC + value: $(params.refspec) + - name: PARAM_SUBMODULES + value: $(params.submodules) + - name: PARAM_DEPTH + value: $(params.depth) + - name: PARAM_SSL_VERIFY + value: $(params.sslVerify) + - name: PARAM_CRT_FILENAME + value: $(params.crtFileName) + - name: PARAM_SUBDIRECTORY + value: $(params.subdirectory) + - name: PARAM_DELETE_EXISTING + value: $(params.deleteExisting) + - name: PARAM_HTTP_PROXY + value: $(params.httpProxy) + - name: PARAM_HTTPS_PROXY + value: $(params.httpsProxy) + - name: PARAM_NO_PROXY + value: $(params.noProxy) + - name: PARAM_VERBOSE + value: $(params.verbose) + - name: PARAM_SPARSE_CHECKOUT_DIRECTORIES + value: $(params.sparseCheckoutDirectories) + - name: PARAM_USER_HOME + value: $(params.userHome) + - name: WORKSPACE_OUTPUT_PATH + value: $(workspaces.output.path) + - name: WORKSPACE_SSH_DIRECTORY_BOUND + value: $(workspaces.ssh-directory.bound) + - name: WORKSPACE_SSH_DIRECTORY_PATH + value: $(workspaces.ssh-directory.path) + - name: WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND + value: $(workspaces.basic-auth.bound) + - name: WORKSPACE_BASIC_AUTH_DIRECTORY_PATH + value: $(workspaces.basic-auth.path) + - name: WORKSPACE_SSL_CA_DIRECTORY_BOUND + value: $(workspaces.ssl-ca-directory.bound) + - name: WORKSPACE_SSL_CA_DIRECTORY_PATH + value: $(workspaces.ssl-ca-directory.path) + securityContext: + runAsNonRoot: true + runAsUser: 65532 + script: | + #!/usr/bin/env sh + set -eu + + if [ "${PARAM_VERBOSE}" = "true" ] ; then + set -x + fi + + if [ "${WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND}" = "true" ] ; then + cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials" "${PARAM_USER_HOME}/.git-credentials" + cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig" "${PARAM_USER_HOME}/.gitconfig" + chmod 400 "${PARAM_USER_HOME}/.git-credentials" + chmod 400 "${PARAM_USER_HOME}/.gitconfig" + fi + + if [ "${WORKSPACE_SSH_DIRECTORY_BOUND}" = "true" ] ; then + cp -R "${WORKSPACE_SSH_DIRECTORY_PATH}" "${PARAM_USER_HOME}"/.ssh + chmod 700 "${PARAM_USER_HOME}"/.ssh + chmod -R 400 "${PARAM_USER_HOME}"/.ssh/* + fi + + if [ "${WORKSPACE_SSL_CA_DIRECTORY_BOUND}" = "true" ] ; then + export GIT_SSL_CAPATH="${WORKSPACE_SSL_CA_DIRECTORY_PATH}" + if [ "${PARAM_CRT_FILENAME}" != "" ] ; then + export GIT_SSL_CAINFO="${WORKSPACE_SSL_CA_DIRECTORY_PATH}/${PARAM_CRT_FILENAME}" + fi + fi + CHECKOUT_DIR="${WORKSPACE_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}" + + cleandir() { + # Delete any existing contents of the repo directory if it exists. + # + # We don't just "rm -rf ${CHECKOUT_DIR}" because ${CHECKOUT_DIR} might be "/" + # or the root of a mounted volume. + if [ -d "${CHECKOUT_DIR}" ] ; then + # Delete non-hidden files and directories + rm -rf "${CHECKOUT_DIR:?}"/* + # Delete files and directories starting with . but excluding .. + rm -rf "${CHECKOUT_DIR}"/.[!.]* + # Delete files and directories starting with .. plus any other character + rm -rf "${CHECKOUT_DIR}"/..?* + fi + } + + if [ "${PARAM_DELETE_EXISTING}" = "true" ] ; then + cleandir || true + fi + + test -z "${PARAM_HTTP_PROXY}" || export HTTP_PROXY="${PARAM_HTTP_PROXY}" + test -z "${PARAM_HTTPS_PROXY}" || export HTTPS_PROXY="${PARAM_HTTPS_PROXY}" + test -z "${PARAM_NO_PROXY}" || export NO_PROXY="${PARAM_NO_PROXY}" + + git config --global --add safe.directory "${WORKSPACE_OUTPUT_PATH}" + /ko-app/git-init \ + -url="${PARAM_URL}" \ + -revision="${PARAM_REVISION}" \ + -refspec="${PARAM_REFSPEC}" \ + -path="${CHECKOUT_DIR}" \ + -sslVerify="${PARAM_SSL_VERIFY}" \ + -submodules="${PARAM_SUBMODULES}" \ + -depth="${PARAM_DEPTH}" \ + -sparseCheckoutDirectories="${PARAM_SPARSE_CHECKOUT_DIRECTORIES}" + cd "${CHECKOUT_DIR}" + RESULT_SHA="$(git rev-parse HEAD)" + EXIT_CODE="$?" + if [ "${EXIT_CODE}" != 0 ] ; then + exit "${EXIT_CODE}" + fi + RESULT_COMMITTER_DATE="$(git log -1 --pretty=%ct)" + printf "%s" "${RESULT_COMMITTER_DATE}" > "$(results.committer-date.path)" + printf "%s" "${RESULT_SHA}" > "$(results.commit.path)" + printf "%s" "${PARAM_URL}" > "$(results.url.path)" diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/02-clustertasks/source_external/kn-apply/kn-apply-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/02-clustertasks/source_external/kn-apply/kn-apply-task.yaml new file mode 100644 index 0000000000..b61cba1d7c --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/02-clustertasks/source_external/kn-apply/kn-apply-task.yaml @@ -0,0 +1,41 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/tektoncd/catalog/main/task/kn-apply/0.2/kn-apply.yaml +# +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: kn-apply + labels: + app.kubernetes.io/version: "0.2" + annotations: + tekton.dev/displayName: "kn apply" + tekton.dev/pipelines.minVersion: "0.12.1" + tekton.dev/categories: Deployment + tekton.dev/tags: cli + tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" +spec: + description: >- + This task deploys a given image to a Knative Service. + + It uses `kn service apply` to create or update given knative service. + params: + - name: KN_IMAGE + description: kn CLI container image to run this task + default: gcr.io/knative-releases/knative.dev/client/cmd/kn:latest + - name: SERVICE + description: Knative service name + - name: IMAGE + description: Image to deploy + steps: + - name: kn + image: "$(params.KN_IMAGE)" + command: ["/ko-app/kn"] + args: ["service", "apply", "$(params.SERVICE)", "--image", "$(params.IMAGE)"] + securityContext: + runAsNonRoot: true + runAsUser: 65532 + env: + - name: HOME + value: /tekton/home diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/02-clustertasks/source_external/kn/kn-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/02-clustertasks/source_external/kn/kn-task.yaml new file mode 100644 index 0000000000..0651bd88bc --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/02-clustertasks/source_external/kn/kn-task.yaml @@ -0,0 +1,42 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/tektoncd/catalog/main/task/kn/0.2/kn.yaml +# +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: kn + labels: + app.kubernetes.io/version: "0.2" + annotations: + tekton.dev/displayName: "kn" + tekton.dev/pipelines.minVersion: "0.12.1" + tekton.dev/categories: CLI + tekton.dev/tags: cli + tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" +spec: + description: >- + This Task performs operations on Knative resources + (services, revisions, routes) using kn CLI + + params: + - name: kn-image + description: kn CLI container image to run this task + default: gcr.io/knative-releases/knative.dev/client/cmd/kn:latest + - name: ARGS + type: array + description: kn CLI arguments to run + default: + - "help" + steps: + - name: kn + env: + - name: HOME + value: /tekton/home + image: "$(params.kn-image)" + command: ["/ko-app/kn"] + args: ["$(params.ARGS)"] + securityContext: + runAsNonRoot: true + runAsUser: 65532 diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/02-clustertasks/source_external/skopeo-copy/skopeo-copy-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/02-clustertasks/source_external/skopeo-copy/skopeo-copy-task.yaml new file mode 100644 index 0000000000..b178c75a92 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/02-clustertasks/source_external/skopeo-copy/skopeo-copy-task.yaml @@ -0,0 +1,84 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/tektoncd/catalog/main/task/skopeo-copy/0.3/skopeo-copy.yaml +# +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: skopeo-copy + labels: + app.kubernetes.io/version: "0.3" + annotations: + tekton.dev/pipelines.minVersion: "0.12.1" + tekton.dev/categories: CLI + tekton.dev/tags: cli + tekton.dev/displayName: "skopeo copy" + tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" +spec: + description: >- + Skopeo is a command line tool for working with remote image registries. + + Skopeo doesn’t require a daemon to be running while performing its operations. + In particular, the handy skopeo command called copy will ease the whole image + copy operation. The copy command will take care of copying the image from + internal.registry to production.registry. If your production registry requires + credentials to login in order to push the image, skopeo can handle that as well. + + workspaces: + - name: images-url + params: + - name: srcImageURL + description: URL of the image to be copied to the destination registry + type: string + default: "" + - name: destImageURL + description: URL of the image where the image from source should be copied to + type: string + default: "" + - name: srcTLSverify + description: Verify the TLS on the src registry endpoint + type: string + default: "true" + - name: destTLSverify + description: Verify the TLS on the dest registry endpoint + type: string + default: "true" + steps: + - name: skopeo-copy + env: + - name: HOME + value: /tekton/home + image: quay.io/skopeo/stable:v1 + script: | + # Function to copy multiple images. + # + copyimages() { + filename="$(workspaces.images-url.path)/url.txt" + while IFS= read -r line || [ -n "$line" ] + do + cmd="" + for url in $line + do + # echo $url + cmd="$cmd \ + $url" + done + read -ra sourceDest <<<"${cmd}" + skopeo copy "${sourceDest[@]}" --src-tls-verify="$(params.srcTLSverify)" --dest-tls-verify="$(params.destTLSverify)" + echo "$cmd" + done < "$filename" + } + # + # If single image is to be copied then, it can be passed through + # params in the taskrun. + if [ "$(params.srcImageURL)" != "" ] && [ "$(params.destImageURL)" != "" ] ; then + skopeo copy "$(params.srcImageURL)" "$(params.destImageURL)" --src-tls-verify="$(params.srcTLSverify)" --dest-tls-verify="$(params.destTLSverify)" + else + # If file is provided as a configmap in the workspace then multiple images can be copied. + # + copyimages + fi + securityContext: + runAsNonRoot: true + runAsUser: 65532 diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/02-clustertasks/source_external/tkn/tkn-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/02-clustertasks/source_external/tkn/tkn-task.yaml new file mode 100644 index 0000000000..0f25aab766 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/02-clustertasks/source_external/tkn/tkn-task.yaml @@ -0,0 +1,57 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/tektoncd/catalog/main/task/tkn/0.4/tkn.yaml +# +--- +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: tkn + labels: + app.kubernetes.io/version: "0.4" + annotations: + tekton.dev/pipelines.minVersion: "0.17.0" + tekton.dev/categories: CLI + tekton.dev/tags: cli + tekton.dev/displayName: "Tekton CLI" + tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le" +spec: + workspaces: + - name: kubeconfig + description: >- + An optional workspace that allows you to provide a .kube/config + file for tkn to access the cluster. The file should be placed at + the root of the Workspace with name kubeconfig. + optional: true + description: >- + This task performs operations on Tekton resources using tkn + + params: + - name: TKN_IMAGE + description: tkn CLI container image to run this task + default: gcr.io/tekton-releases/dogfooding/tkn@sha256:d17fec04f655551464a47dd59553c9b44cf660cc72dbcdbd52c0b8e8668c0579 + - name: SCRIPT + description: tkn CLI script to execute + type: string + default: "tkn $@" + - name: ARGS + type: array + description: tkn CLI arguments to run + default: ["--help"] + steps: + - name: tkn + env: + - name: HOME + value: /tekton/home + image: "$(params.TKN_IMAGE)" + script: | + if [ "$(workspaces.kubeconfig.bound)" = "true" ] && [ -e $(workspaces.kubeconfig.path)/kubeconfig ]; then + export KUBECONFIG="$(workspaces.kubeconfig.path)"/kubeconfig + fi + + eval "$(params.SCRIPT)" + args: ["$(params.ARGS)"] + securityContext: + runAsNonRoot: true + runAsUser: 65532 diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/stepactions/stepaction-git-clone/stepaction-git-clone-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/stepactions/stepaction-git-clone/stepaction-git-clone-task.yaml new file mode 100644 index 0000000000..218a9ffbce --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/stepactions/stepaction-git-clone/stepaction-git-clone-task.yaml @@ -0,0 +1,263 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/stepactions/stepaction-git-clone/0.4.1/stepaction-git-clone.yaml +# +--- +--- +# Source: task-git/templates/stepaction-git-clone.yaml +apiVersion: tekton.dev/v1beta1 +kind: StepAction +metadata: + name: git-clone + labels: + app.kubernetes.io/version: 0.4.1 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-git" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/categories: Git + tekton.dev/displayName: git + tekton.dev/pipelines.minVersion: 0.54.0 + tekton.dev/platforms: linux/amd64,linux/s390x,linux/ppc64le,linux/arm64 + tekton.dev/tags: git +spec: + + + params: + - name: OUTPUT_PATH + description: | + A directory that contains the fetched git repository. Cloned repo data is + placed in the root of the directory or in the relative path defined by the + `SUBDIRECTORY` parameter + - name: SSH_DIRECTORY_PATH + description: | + A `.ssh` directory with private key, `known_hosts`, `config`, etc. + Copied to the Git user's home before cloning the repository, in order to + server as authentication mechanismBinding a Secret to this Workspace is + strongly recommended over other volume types. + default: "no-path" + - name: BASIC_AUTH_PATH + default: "no-path" + description: | + A directory containing `.gitconfig` and `.git-credentials` files. + These files are copied to the user home directory before Git commands run. + All other files in this Workspace are ignored. It is strongly recommended to + use `ssh-directory` over `basic-auth` whenever possible, and to bind a + Secret to the Workspace providing this directory. + - name: SSL_CA_DIRECTORY_PATH + default: "no-path" + description: | + A directory containing CA certificates. Git uses these certificates to + verify the peer with when interacting with remote repositories using + HTTPS. + - name: CRT_FILENAME + type: string + default: ca-bundle.crt + description: | + Certificate Authority (CA) bundle filename in the SSL CA directory. + - name: HTTP_PROXY + type: string + default: "" + description: | + HTTP proxy server (non-TLS requests). + - name: HTTPS_PROXY + type: string + default: "" + description: | + HTTPS proxy server (TLS requests). + - name: NO_PROXY + type: string + default: "" + description: | + Opt out of proxying HTTP/HTTPS requests. + - name: SUBDIRECTORY + type: string + default: "" + description: | + Path to the directory for storing the cloned Git repository, relative to the + output directory. + - name: USER_HOME + type: string + default: "/home/git" + description: | + Absolute path to the Git user home directory. + - name: DELETE_EXISTING + type: string + default: "true" + description: | + Clean out the contents of the default Workspace before specific Git operations occur, if data exists. + - name: VERBOSE + type: string + default: "false" + description: | + Log the executed commands. + - name: SSL_VERIFY + type: string + default: "true" + description: | + Sets the global `http.sslVerify` value, `false` is not advised unless + you trust the remote repository. + - name: URL + type: string + description: | + Git repository URL. + - name: REVISION + type: string + default: main + description: | + Revision to checkout, an branch, tag, sha, ref, etc... + - name: REFSPEC + default: "" + description: | + Repository `refspec` to fetch before checking out the revision. + - name: SUBMODULES + type: string + default: "true" + description: | + Initialize and fetch Git submodules. + - name: DEPTH + type: string + default: "1" + description: | + Number of commits to fetch, a "shallow clone" is a single commit. + - name: SPARSE_CHECKOUT_DIRECTORIES + type: string + default: "" + description: | + List of directory patterns split by comma to perform "sparse checkout". + + results: + - name: COMMIT + description: | + The precise commit SHA digest cloned. + - name: URL + description: | + The precise repository URL. + - name: COMMITTER_DATE + description: | + The epoch timestamp of the commit cloned. + + env: + + - name: PARAMS_URL + value: "$(params.URL)" + - name: PARAMS_REVISION + value: "$(params.REVISION)" + - name: PARAMS_REFSPEC + value: "$(params.REFSPEC)" + - name: PARAMS_SUBMODULES + value: "$(params.SUBMODULES)" + - name: PARAMS_DEPTH + value: "$(params.DEPTH)" + - name: PARAMS_SPARSE_CHECKOUT_DIRECTORIES + value: "$(params.SPARSE_CHECKOUT_DIRECTORIES)" + - name: PARAMS_OUTPUT_PATH + value: "$(params.OUTPUT_PATH)" + - name: PARAMS_SSH_DIRECTORY_PATH + value: "$(params.SSH_DIRECTORY_PATH)" + - name: PARAMS_BASIC_AUTH_PATH + value: "$(params.BASIC_AUTH_PATH)" + - name: PARAMS_SSL_CA_DIRECTORY_PATH + value: "$(params.SSL_CA_DIRECTORY_PATH)" + + - name: PARAMS_SSL_VERIFY + value: "$(params.SSL_VERIFY)" + - name: PARAMS_CRT_FILENAME + value: "$(params.CRT_FILENAME)" + - name: PARAMS_SUBDIRECTORY + value: "$(params.SUBDIRECTORY)" + - name: PARAMS_DELETE_EXISTING + value: "$(params.DELETE_EXISTING)" + - name: PARAMS_HTTP_PROXY + value: "$(params.HTTP_PROXY)" + - name: PARAMS_HTTPS_PROXY + value: "$(params.HTTPS_PROXY)" + - name: PARAMS_NO_PROXY + value: "$(params.NO_PROXY)" + - name: PARAMS_VERBOSE + value: "$(params.VERBOSE)" + - name: PARAMS_USER_HOME + value: "$(params.USER_HOME)" + securityContext: + runAsNonRoot: true + runAsUser: 65532 + + image: registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8@sha256:c4b2183f7c7997bd401d86b33eefb637b3ef2fa90618e875106292cd69a15c14 + + script: | + #!/usr/bin/env sh + set -eu + + if [ "${PARAMS_VERBOSE}" = "true" ] ; then + set -x + fi + + if [ "${PARAMS_BASIC_AUTH_PATH}" != "no-path" ] ; then + cp "${PARAMS_BASIC_AUTH_PATH}/.git-credentials" "${PARAMS_USER_HOME}/.git-credentials" + cp "${PARAMS_BASIC_AUTH_PATH}/.gitconfig" "${PARAMS_USER_HOME}/.gitconfig" + chmod 400 "${PARAMS_USER_HOME}/.git-credentials" + chmod 400 "${PARAMS_USER_HOME}/.gitconfig" + fi + + if [ "${PARAMS_SSH_DIRECTORY_PATH}" != "no-path" ] ; then + cp -R "${PARAMS_SSH_DIRECTORY_PATH}" "${PARAMS_USER_HOME}"/.ssh + chmod 700 "${PARAMS_USER_HOME}"/.ssh + chmod -R 400 "${PARAMS_USER_HOME}"/.ssh/* + fi + + if [ "${PARAMS_SSL_CA_DIRECTORY_PATH}" != "no-path" ] ; then + export GIT_SSL_CAPATH="${PARAMS_SSL_CA_DIRECTORY_PATH}" + if [ "${PARAMS_CRT_FILENAME}" != "" ] ; then + export GIT_SSL_CAINFO="${PARAMS_SSL_CA_DIRECTORY_PATH}/${PARAMS_CRT_FILENAME}" + fi + fi + CHECKOUT_DIR="${PARAMS_OUTPUT_PATH}/${PARAMS_SUBDIRECTORY}" + + cleandir() { + # Delete any existing contents of the repo directory if it exists. + # + # We don't just "rm -rf ${CHECKOUT_DIR}" because ${CHECKOUT_DIR} might be "/" + # or the root of a mounted volume. + if [ -d "${CHECKOUT_DIR}" ] ; then + # Delete non-hidden files and directories + rm -rf "${CHECKOUT_DIR:?}"/* + # Delete files and directories starting with . but excluding .. + rm -rf "${CHECKOUT_DIR}"/.[!.]* + # Delete files and directories starting with .. plus any other character + rm -rf "${CHECKOUT_DIR}"/..?* + fi + } + + if [ "${PARAMS_DELETE_EXISTING}" = "true" ] ; then + cleandir || true + fi + + test -z "${PARAMS_HTTP_PROXY}" || export HTTP_PROXY="${PARAMS_HTTP_PROXY}" + test -z "${PARAMS_HTTPS_PROXY}" || export HTTPS_PROXY="${PARAMS_HTTPS_PROXY}" + test -z "${PARAMS_NO_PROXY}" || export NO_PROXY="${PARAMS_NO_PROXY}" + + git config --global --add safe.directory "${PARAMS_OUTPUT_PATH}" + /ko-app/git-init \ + -url="${PARAMS_URL}" \ + -revision="${PARAMS_REVISION}" \ + -refspec="${PARAMS_REFSPEC}" \ + -path="${CHECKOUT_DIR}" \ + -sslVerify="${PARAMS_SSL_VERIFY}" \ + -submodules="${PARAMS_SUBMODULES}" \ + -depth="${PARAMS_DEPTH}" \ + -sparseCheckoutDirectories="${PARAMS_SPARSE_CHECKOUT_DIRECTORIES}" + cd "${CHECKOUT_DIR}" + RESULT_SHA="$(git rev-parse HEAD)" + EXIT_CODE="$?" + if [ "${EXIT_CODE}" != 0 ] ; then + exit "${EXIT_CODE}" + fi + RESULT_COMMITTER_DATE="$(git log -1 --pretty=%ct)" + printf "%s" "${RESULT_COMMITTER_DATE}" > "$(step.results.COMMITTER_DATE.path)" + printf "%s" "${RESULT_SHA}" > "$(step.results.COMMIT.path)" + printf "%s" "${PARAMS_URL}" > "$(step.results.URL.path)" diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-buildah/task-buildah-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-buildah/task-buildah-task.yaml new file mode 100644 index 0000000000..10c0ea1de7 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-buildah/task-buildah-task.yaml @@ -0,0 +1,177 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-buildah/0.4.1/task-buildah.yaml +# +--- +--- +# Source: task-containers/templates/task-buildah.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: buildah + labels: + app.kubernetes.io/version: 0.4.1 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-containers" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/categories: containers + tekton.dev/pipelines.minVersion: 0.41.0 + tekton.dev/tags: containers +spec: + description: | + Buildah task builds source into a container image and + then pushes it to a container registry. + + workspaces: + - name: source + optional: false + description: | + Container build context, like for instnace a application source code + followed by a `Dockerfile`. + - name: dockerconfig + description: >- + An optional workspace that allows providing a .docker/config.json file + for Buildah to access the container registry. + The file should be placed at the root of the Workspace with name config.json + or .dockerconfigjson. + optional: true + - name: rhel-entitlement + description: >- + An optional workspace that allows providing the entitlement keys + for Buildah to access subscription. The mounted workspace contains + entitlement.pem and entitlement-key.pem. + optional: true + mountPath: /tmp/entitlement + params: + - name: IMAGE + type: string + description: | + Fully qualified container image name to be built by buildah. + - name: DOCKERFILE + type: string + default: ./Dockerfile + description: | + Path to the `Dockerfile` (or `Containerfile`) relative to the `source` workspace. + - name: BUILD_ARGS + type: array + default: + - "" + description: | + Dockerfile build arguments, array of key=value + - name: CONTEXT + type: string + default: "." + description: | + Path to the directory to use as context. + - name: STORAGE_DRIVER + type: string + default: vfs + description: | + Set buildah storage driver to reflect the currrent cluster node's + settings. + - name: FORMAT + description: The format of the built container, oci or docker + default: "oci" + - name: BUILD_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the build command when building images. + - name: PUSH_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the push command when pushing images. + - name: SKIP_PUSH + default: "false" + description: | + Skip pushing the image to the container registry. + - name: TLS_VERIFY + type: string + default: "true" + description: | + Sets the TLS verification flag, `true` is recommended. + - name: VERBOSE + type: string + default: "false" + description: | + Turns on verbose logging, all commands executed will be printed out. + + results: + - name: IMAGE_URL + description: | + Fully qualified image name. + - name: IMAGE_DIGEST + description: | + Digest of the image just built. + + stepTemplate: + env: + + - name: PARAMS_IMAGE + value: "$(params.IMAGE)" + - name: PARAMS_CONTEXT + value: "$(params.CONTEXT)" + - name: PARAMS_DOCKERFILE + value: "$(params.DOCKERFILE)" + - name: PARAMS_FORMAT + value: "$(params.FORMAT)" + - name: PARAMS_STORAGE_DRIVER + value: "$(params.STORAGE_DRIVER)" + - name: PARAMS_BUILD_EXTRA_ARGS + value: "$(params.BUILD_EXTRA_ARGS)" + - name: PARAMS_PUSH_EXTRA_ARGS + value: "$(params.PUSH_EXTRA_ARGS)" + - name: PARAMS_SKIP_PUSH + value: "$(params.SKIP_PUSH)" + - name: PARAMS_TLS_VERIFY + value: "$(params.TLS_VERIFY)" + - name: PARAMS_VERBOSE + value: "$(params.VERBOSE)" + - name: WORKSPACES_SOURCE_BOUND + value: "$(workspaces.source.bound)" + - name: WORKSPACES_SOURCE_PATH + value: "$(workspaces.source.path)" + - name: WORKSPACES_DOCKERCONFIG_BOUND + value: "$(workspaces.dockerconfig.bound)" + - name: WORKSPACES_DOCKERCONFIG_PATH + value: "$(workspaces.dockerconfig.path)" + - name: WORKSPACES_RHEL_ENTITLEMENT_BOUND + value: "$(workspaces.rhel-entitlement.bound)" + - name: WORKSPACES_RHEL_ENTITLEMENT_PATH + value: "$(workspaces.rhel-entitlement.path)" + - name: RESULTS_IMAGE_URL_PATH + value: "$(results.IMAGE_URL.path)" + - name: RESULTS_IMAGE_DIGEST_PATH + value: "$(results.IMAGE_DIGEST.path)" + + steps: + - name: build + image: registry.access.redhat.com/ubi8/buildah:8.10-5 + workingDir: $(workspaces.source.path) + args: + - $(params.BUILD_ARGS[*]) + script: | + set -e + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgV3JhcHBlciBhcm91bmQgImJ1aWxkYWggYnVkIiB0byBidWlsZCBhbmQgcHVzaCBhIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiBhIERvY2tlcmZpbGUuCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvYnVpbGRhaC1jb21tb24uc2giCgpmdW5jdGlvbiBfYnVpbGRhaCgpIHsKICAgIGJ1aWxkYWggXAogICAgICAgIC0tc3RvcmFnZS1kcml2ZXI9IiR7UEFSQU1TX1NUT1JBR0VfRFJJVkVSfSIgXAogICAgICAgIC0tdGxzLXZlcmlmeT0iJHtQQVJBTVNfVExTX1ZFUklGWX0iIFwKICAgICAgICAkeyp9Cn0KCiMKIyBQcmVwYXJlCiMKCiMgbWFraW5nIHN1cmUgdGhlIHJlcXVpcmVkIHdvcmtzcGFjZSAic291cmNlIiBpcyBib3VuZGVkLCB3aGljaCBtZWFucyBpdHMgdm9sdW1lIGlzIGN1cnJlbnRseSBtb3VudGVkCiMgYW5kIHJlYWR5IHRvIHVzZQpwaGFzZSAiSW5zcGVjdGluZyBzb3VyY2Ugd29ya3NwYWNlICcke1dPUktTUEFDRVNfU09VUkNFX1BBVEh9JyAoUFdEPScke1BXRH0nKSIKW1sgIiR7V09SS1NQQUNFU19TT1VSQ0VfQk9VTkR9IiAhPSAidHJ1ZSIgXV0gJiYKICAgIGZhaWwgIldvcmtzcGFjZSAnc291cmNlJyBpcyBub3QgYm91bmRlZCIKCnBoYXNlICJBc3NlcnRpbmcgdGhlIGRvY2tlcmZpbGUvY29udGFpbmVyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyBleGlzdHMiCltbICEgLWYgIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgIkRvY2tlcmZpbGUgbm90IGZvdW5kIGF0OiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJDT05URVhUIHBhcmFtIGlzIG5vdCBmb3VuZCBhdCAnJHtQQVJBTVNfQ09OVEVYVH0nLCBvbiBzb3VyY2Ugd29ya3NwYWNlIgoKcGhhc2UgIkJ1aWxkaW5nIGJ1aWxkIGFyZ3MiCkJVSUxEX0FSR1M9KCkKZm9yIGJ1aWxkYXJnIGluICIkQCI7IGRvCiAgICBCVUlMRF9BUkdTKz0oIi0tYnVpbGQtYXJnPSRidWlsZGFyZyIpCmRvbmUKCiMgSGFuZGxlIG9wdGlvbmFsIGRvY2tlcmNvbmZpZyBzZWNyZXQKaWYgW1sgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfQk9VTkR9IiA9PSAidHJ1ZSIgXV07IHRoZW4KCiAgICAjIGlmIGNvbmZpZy5qc29uIGV4aXN0cyBhdCB3b3Jrc3BhY2Ugcm9vdCwgd2UgdXNlIHRoYXQKICAgIGlmIHRlc3QgLWYgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0vY29uZmlnLmpzb24iOyB0aGVuCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0iCgogICAgICAgICMgZWxzZSB3ZSBsb29rIGZvciAuZG9ja2VyY29uZmlnanNvbiBhdCB0aGUgcm9vdAogICAgZWxpZiB0ZXN0IC1mICIke1dPUktTUEFDRVNfRE9DS0VSQ09ORklHX1BBVEh9Ly5kb2NrZXJjb25maWdqc29uIjsgdGhlbgogICAgICAgICMgZW5zdXJlIC5kb2NrZXIgZXhpc3QgYmVmb3JlIHRoZSBjb3B5aW5nIHRoZSBjb250ZW50CiAgICAgICAgaWYgWyAhIC1kICIkSE9NRS8uZG9ja2VyIiBdOyB0aGVuCiAgICAgICAgICAgbWtkaXIgLXAgIiRIT01FLy5kb2NrZXIiCiAgICAgICAgZmkKICAgICAgICBjcCAiJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIfS8uZG9ja2VyY29uZmlnanNvbiIgIiRIT01FLy5kb2NrZXIvY29uZmlnLmpzb24iCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiRIT01FLy5kb2NrZXIiCgogICAgICAgICMgbmVlZCB0byBlcnJvciBvdXQgaWYgbmVpdGhlciBmaWxlcyBhcmUgcHJlc2VudAogICAgZWxzZQogICAgICAgIGVjaG8gIm5laXRoZXIgJ2NvbmZpZy5qc29uJyBub3IgJy5kb2NrZXJjb25maWdqc29uJyBmb3VuZCBhdCB3b3Jrc3BhY2Ugcm9vdCIKICAgICAgICBleGl0IDEKICAgIGZpCmZpCgpFTlRJVExFTUVOVF9WT0xVTUU9IiIKaWYgW1sgIiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX0JPVU5EfSIgPT0gInRydWUiIF1dOyB0aGVuCiAgICBFTlRJVExFTUVOVF9WT0xVTUU9Ii0tdm9sdW1lICR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEh9Oi9ldGMvcGtpL2VudGl0bGVtZW50IgpmaQoKIwojIEJ1aWxkCiMKCnBoYXNlICJCdWlsZGluZyAnJHtQQVJBTVNfSU1BR0V9JyBiYXNlZCBvbiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCltbIC1uICIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX0JVSUxEX0VYVFJBX0FSR1N9JyIKCl9idWlsZGFoIGJ1ZCAke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSBcCiAgICAkRU5USVRMRU1FTlRfVk9MVU1FIFwKICAgICIke0JVSUxEX0FSR1NbQF19IiBcCiAgICAtLWZpbGU9IiR7RE9DS0VSRklMRV9GVUxMfSIgXAogICAgLS10YWc9IiR7UEFSQU1TX0lNQUdFfSIgXAogICAgIiR7UEFSQU1TX0NPTlRFWFR9IgoKaWYgW1sgIiR7UEFSQU1TX1NLSVBfUFVTSH0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgcGhhc2UgIlNraXBwaW5nIHB1c2hpbmcgJyR7UEFSQU1TX0lNQUdFfScgdG8gdGhlIGNvbnRhaW5lciByZWdpc3RyeSEiCiAgICBleGl0IDAKZmkKCiMKIyBQdXNoCiMKCnBoYXNlICJQdXNoaW5nICcke1BBUkFNU19JTUFHRX0nIHRvIHRoZSBjb250YWluZXIgcmVnaXN0cnkiCgpbWyAtbiAiJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX1BVU0hfRVhUUkFfQVJHU30nIgoKIyB0ZW1wb3JhcnkgZmlsZSB0byBzdG9yZSB0aGUgaW1hZ2UgZGlnZXN0LCBpbmZvcm1hdGlvbiBvbmx5IG9idGFpbmVkIGFmdGVyIHB1c2hpbmcgdGhlIGltYWdlIHRvIHRoZQojIGNvbnRhaW5lciByZWdpc3RyeQpkZWNsYXJlIC1yIGRpZ2VzdF9maWxlPSIvdG1wL2J1aWxkYWgtZGlnZXN0LnR4dCIKCl9idWlsZGFoIHB1c2ggJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSBcCiAgICAtLWRpZ2VzdGZpbGU9IiR7ZGlnZXN0X2ZpbGV9IiBcCiAgICAiJHtQQVJBTVNfSU1BR0V9IiBcCiAgICAiZG9ja2VyOi8vJHtQQVJBTVNfSU1BR0V9IgoKIwojIFJlc3VsdHMKIwoKcGhhc2UgIkluc3BlY3RpbmcgZGlnZXN0IHJlcG9ydCAoJyR7ZGlnZXN0X2ZpbGV9JykiCgpbWyAhIC1yICIke2RpZ2VzdF9maWxlfSIgXV0gJiYKICAgIGZhaWwgIlVuYWJsZSB0byBmaW5kIGRpZ2VzdC1maWxlIGF0ICcke2RpZ2VzdF9maWxlfSciCgpkZWNsYXJlIC1yIGRpZ2VzdF9zdW09IiQoY2F0ICR7ZGlnZXN0X2ZpbGV9KSIKCltbIC16ICIke2RpZ2VzdF9zdW19IiBdXSAmJgogICAgZmFpbCAiRGlnZXN0IGZpbGUgJyR7ZGlnZXN0X2ZpbGV9JyBpcyBlbXB0eSEiCgpwaGFzZSAiU3VjY2Vzc2Z1bHkgYnVpbHQgY29udGFpbmVyIGltYWdlICcke1BBUkFNU19JTUFHRX0nICgnJHtkaWdlc3Rfc3VtfScpIgplY2hvIC1uICIke1BBUkFNU19JTUFHRX0iIHwgdGVlICR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSH0KZWNobyAtbiAiJHtkaWdlc3Rfc3VtfSIgfCB0ZWUgJHtSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIfQo=" |base64 -d >"/scripts/buildah-bud.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKZGVjbGFyZSAtcnggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKZGVjbGFyZSAtcnggUEFSQU1TX0RPQ0tFUkZJTEU9IiR7UEFSQU1TX0RPQ0tFUkZJTEU6LX0iCmRlY2xhcmUgLXggUEFSQU1TX0NPTlRFWFQ9IiR7UEFSQU1TX0NPTlRFWFQ6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TVE9SQUdFX0RSSVZFUj0iJHtQQVJBTVNfU1RPUkFHRV9EUklWRVI6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19CVUlMRF9FWFRSQV9BUkdTPSIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTOi19IgpkZWNsYXJlIC1yeCBQQVJBTVNfUFVTSF9FWFRSQV9BUkdTPSIke1BBUkFNU19QVVNIX0VYVFJBX0FSR1M6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TS0lQX1BVU0g9IiR7UEFSQU1TX1NLSVBfUFVTSDotfSIKZGVjbGFyZSAtcnggUEFSQU1TX1RMU19WRVJJRlk9IiR7UEFSQU1TX1RMU19WRVJJRlk6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19WRVJCT1NFPSIke1BBUkFNU19WRVJCT1NFOi19IgoKZGVjbGFyZSAtcnggV09SS1NQQUNFU19TT1VSQ0VfUEFUSD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg9IiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFdPUktTUEFDRVNfUkhFTF9FTlRJVExFTUVOVF9CT1VORD0iJHtXT1JLU1BBQ0VTX1JIRUxfRU5USVRMRU1FTlRfQk9VTkQ6LX0iCgpkZWNsYXJlIC1yeCBSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIPSIke1JFU1VMVFNfSU1BR0VfRElHRVNUX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFJFU1VMVFNfSU1BR0VfVVJMX1BBVEg9IiR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSDotfSIKCiMKIyBEb2NrZXJmaWxlCiMKCiMgZXhwb3NpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUsIHdoaWNoIGJ5IGRlZmF1bHQgc2hvdWxkIGJlIHJlbGF0aXZlIHRvIHRoZSBwcmltYXJ5CiMgd29ya3NwYWNlLCB0byByZWNlaXZlIGEgZGlmZmVyZW50IGNvbnRhaW5lci1maWxlIGxvY2F0aW9uCmRlY2xhcmUgLXIgZG9ja2VyZmlsZV9vbl93cz0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19ET0NLRVJGSUxFfSIKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7RE9DS0VSRklMRV9GVUxMOi0ke2RvY2tlcmZpbGVfb25fd3N9fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKW1sgLXogIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgInVuYWJsZSB0byBmaW5kIHRoZSBEb2NrZXJmaWxlLCBET0NLRVJGSUxFIG1heSBoYXZlIGFuIGluY29ycmVjdCBsb2NhdGlvbiIKCmV4cG9ydGVkX29yX2ZhaWwgXAogICAgV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBcCiAgICBQQVJBTVNfSU1BR0UKCiMKIyBWZXJib3NlIE91dHB1dAojCgppZiBbWyAiJHtQQVJBTVNfVkVSQk9TRX0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgc2V0IC14CmZpCg==" |base64 -d >"/scripts/buildah-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + ls /scripts/buildah-*.sh; + chmod +x /scripts/buildah-*.sh;echo "Running Script /scripts/buildah-bud.sh"; + /scripts/buildah-bud.sh; + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + + volumes: + - name: scripts-dir + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-git-cli/task-git-cli-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-git-cli/task-git-cli-task.yaml new file mode 100644 index 0000000000..770fe81327 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-git-cli/task-git-cli-task.yaml @@ -0,0 +1,218 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-git-cli/0.4.1/task-git-cli.yaml +# +--- +--- +# Source: task-git/templates/task-git-cli.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: git-cli + labels: + app.kubernetes.io/version: 0.4.1 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-git" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/categories: Git + tekton.dev/displayName: git + tekton.dev/pipelines.minVersion: 0.54.0 + tekton.dev/platforms: linux/amd64,linux/s390x,linux/ppc64le,linux/arm64 + tekton.dev/tags: git +spec: + description: >- + This task can be used to perform git operations. + + Git command that needs to be run can be passed as a script to + the task. This task needs authentication to git in order to push + after the git operation. + + + workspaces: + - name: ssh-directory + optional: true + description: | + A `.ssh` directory with private key, `known_hosts`, `config`, etc. + Copied to the Git user's home before cloning the repository, in order to + server as authentication mechanismBinding a Secret to this Workspace is + strongly recommended over other volume types. + - name: basic-auth + optional: true + description: | + A Workspace containing a `.gitconfig` and `.git-credentials` files. + These will be copied to the user's home before Git commands run. All + other files in this Workspace are ignored. It is strongly recommended to + use `ssh-directory` over `basic-auth` whenever possible, and to bind a + Secret to this Workspace over other volume types. + - name: ssl-ca-directory + optional: true + description: | + A Workspace containing CA certificates, this will be used by Git to + verify the peer with when interacting with remote repositories using + HTTPS. + - name: source + description: A workspace that contains the fetched git repository. + - name: input + optional: true + description: | + An optional workspace that contains the files that need to be added to git. You can + access the workspace from your script using `$(workspaces.input.path)`, for instance: + + cp $(workspaces.input.path)/file_that_i_want . + git add file_that_i_want + # etc + + params: + - name: CRT_FILENAME + type: string + default: ca-bundle.crt + description: | + Certificate Authority (CA) bundle filename in the SSL CA directory. + - name: HTTP_PROXY + type: string + default: "" + description: | + HTTP proxy server (non-TLS requests). + - name: HTTPS_PROXY + type: string + default: "" + description: | + HTTPS proxy server (TLS requests). + - name: NO_PROXY + type: string + default: "" + description: | + Opt out of proxying HTTP/HTTPS requests. + - name: SUBDIRECTORY + type: string + default: "" + description: | + Path to the directory for storing the cloned Git repository, relative to the + output directory. + - name: USER_HOME + type: string + default: "/home/git" + description: | + Absolute path to the Git user home directory. + - name: DELETE_EXISTING + type: string + default: "true" + description: | + Clean out the contents of the default Workspace before specific Git operations occur, if data exists. + - name: VERBOSE + type: string + default: "false" + description: | + Log the executed commands. + - name: SSL_VERIFY + type: string + default: "true" + description: | + Sets the global `http.sslVerify` value, `false` is not advised unless + you trust the remote repository. + - name: GIT_USER_NAME + type: string + description: | + Git user name for performing git operation. + default: "" + - name: GIT_USER_EMAIL + type: string + description: | + Git user email for performing git operation. + default: "" + - name: GIT_SCRIPT + description: The git script to run. + type: string + default: | + git help + + results: + - name: COMMIT + description: | + The precise commit SHA digest cloned. + + volumes: + - name: user-home + emptyDir: {} + - name: scripts-dir + emptyDir: {} + + stepTemplate: + env: + + - name: PARAMS_GIT_USER_EMAIL + value: "$(params.GIT_USER_EMAIL)" + - name: PARAMS_GIT_USER_NAME + value: "$(params.GIT_USER_NAME)" + - name: PARAMS_GIT_SCRIPT + value: "$(params.GIT_SCRIPT)" + - name: WORKSPACES_SOURCE_PATH + value: "$(workspaces.source.path)" + + - name: PARAMS_SSL_VERIFY + value: "$(params.SSL_VERIFY)" + - name: PARAMS_CRT_FILENAME + value: "$(params.CRT_FILENAME)" + - name: PARAMS_SUBDIRECTORY + value: "$(params.SUBDIRECTORY)" + - name: PARAMS_DELETE_EXISTING + value: "$(params.DELETE_EXISTING)" + - name: PARAMS_HTTP_PROXY + value: "$(params.HTTP_PROXY)" + - name: PARAMS_HTTPS_PROXY + value: "$(params.HTTPS_PROXY)" + - name: PARAMS_NO_PROXY + value: "$(params.NO_PROXY)" + - name: PARAMS_VERBOSE + value: "$(params.VERBOSE)" + - name: PARAMS_USER_HOME + value: "$(params.USER_HOME)" + - name: WORKSPACES_SSH_DIRECTORY_BOUND + value: "$(workspaces.ssh-directory.bound)" + - name: WORKSPACES_SSH_DIRECTORY_PATH + value: "$(workspaces.ssh-directory.path)" + - name: WORKSPACES_BASIC_AUTH_BOUND + value: "$(workspaces.basic-auth.bound)" + - name: WORKSPACES_BASIC_AUTH_PATH + value: "$(workspaces.basic-auth.path)" + - name: WORKSPACES_SSL_CA_DIRECTORY_BOUND + value: "$(workspaces.ssl-ca-directory.bound)" + - name: WORKSPACES_SSL_CA_DIRECTORY_PATH + value: "$(workspaces.ssl-ca-directory.path)" + - name: RESULTS_COMMIT_PATH + value: "$(results.COMMIT.path)" + computeResources: + limits: + cpu: 100m + memory: 256Mi + requests: + cpu: 100m + memory: 256Mi + securityContext: + runAsNonRoot: true + runAsUser: 65532 + + steps: + - name: prepare-and-run + image: registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8@sha256:c4b2183f7c7997bd401d86b33eefb637b3ef2fa90618e875106292cd69a15c14 + workingDir: $(workspaces.source.path) + script: | + set -e + printf '%s' "IyEvdXNyL2Jpbi9lbnYgc2gKCmV4cG9ydCBQQVJBTVNfVVJMPSIke1BBUkFNU19VUkw6LX0iCmV4cG9ydCBQQVJBTVNfUkVWSVNJT049IiR7UEFSQU1TX1JFVklTSU9OOi19IgpleHBvcnQgUEFSQU1TX1JFRlNQRUM9IiR7UEFSQU1TX1JFRlNQRUM6LX0iCmV4cG9ydCBQQVJBTVNfU1VCTU9EVUxFUz0iJHtQQVJBTVNfU1VCTU9EVUxFUzotfSIKZXhwb3J0IFBBUkFNU19ERVBUSD0iJHtQQVJBTVNfREVQVEg6LX0iCmV4cG9ydCBQQVJBTVNfU1NMX1ZFUklGWT0iJHtQQVJBTVNfU1NMX1ZFUklGWTotfSIKZXhwb3J0IFBBUkFNU19DUlRfRklMRU5BTUU9IiR7UEFSQU1TX0NSVF9GSUxFTkFNRTotfSIKZXhwb3J0IFBBUkFNU19TVUJESVJFQ1RPUlk9IiR7UEFSQU1TX1NVQkRJUkVDVE9SWTotfSIKZXhwb3J0IFBBUkFNU19TUEFSU0VfQ0hFQ0tPVVRfRElSRUNUT1JJRVM9IiR7UEFSQU1TX1NQQVJTRV9DSEVDS09VVF9ESVJFQ1RPUklFUzotfSIKZXhwb3J0IFBBUkFNU19ERUxFVEVfRVhJU1RJTkc9IiR7UEFSQU1TX0RFTEVURV9FWElTVElORzotfSIKZXhwb3J0IFBBUkFNU19IVFRQX1BST1hZPSIke1BBUkFNU19IVFRQX1BST1hZOi19IgpleHBvcnQgUEFSQU1TX0hUVFBTX1BST1hZPSIke1BBUkFNU19IVFRQU19QUk9YWTotfSIKZXhwb3J0IFBBUkFNU19OT19QUk9YWT0iJHtQQVJBTVNfTk9fUFJPWFk6LX0iCmV4cG9ydCBQQVJBTVNfVkVSQk9TRT0iJHtQQVJBTVNfVkVSQk9TRTotfSIKZXhwb3J0IFBBUkFNU19VU0VSX0hPTUU9IiR7UEFSQU1TX1VTRVJfSE9NRTotfSIKZXhwb3J0IFBBUkFNU19HSVRfVVNFUl9FTUFJTD0iJHtQQVJBTVNfR0lUX1VTRVJfRU1BSUw6LX0iCmV4cG9ydCBQQVJBTVNfR0lUX1VTRVJfTkFNRT0iJHtQQVJBTVNfR0lUX1VTRVJfTkFNRTotfSIKZXhwb3J0IFBBUkFNU19HSVRfU0NSSVBUPSIke1BBUkFNU19HSVRfU0NSSVBUOi19IgoKZXhwb3J0IFdPUktTUEFDRVNfU09VUkNFX1BBVEg9IiR7V09SS1NQQUNFU19TT1VSQ0VfUEFUSDotfSIKZXhwb3J0IFdPUktTUEFDRVNfT1VUUFVUX1BBVEg9IiR7V09SS1NQQUNFU19PVVRQVVRfUEFUSDotfSIKZXhwb3J0IFdPUktTUEFDRVNfU1NIX0RJUkVDVE9SWV9CT1VORD0iJHtXT1JLU1BBQ0VTX1NTSF9ESVJFQ1RPUllfQk9VTkQ6LX0iCmV4cG9ydCBXT1JLU1BBQ0VTX1NTSF9ESVJFQ1RPUllfUEFUSD0iJHtXT1JLU1BBQ0VTX1NTSF9ESVJFQ1RPUllfUEFUSDotfSIKZXhwb3J0IFdPUktTUEFDRVNfQkFTSUNfQVVUSF9CT1VORD0iJHtXT1JLU1BBQ0VTX0JBU0lDX0FVVEhfQk9VTkQ6LX0iCmV4cG9ydCBXT1JLU1BBQ0VTX0JBU0lDX0FVVEhfUEFUSD0iJHtXT1JLU1BBQ0VTX0JBU0lDX0FVVEhfUEFUSDotfSIKZXhwb3J0IFdPUktTUEFDRVNfU1NMX0NBX0RJUkVDVE9SWV9CT1VORD0iJHtXT1JLU1BBQ0VTX1NTTF9DQV9ESVJFQ1RPUllfQk9VTkQ6LX0iCmV4cG9ydCBXT1JLU1BBQ0VTX1NTTF9DQV9ESVJFQ1RPUllfUEFUSD0iJHtXT1JLU1BBQ0VTX1NTTF9DQV9ESVJFQ1RPUllfUEFUSDotfSIKCmV4cG9ydCBSRVNVTFRTX0NPTU1JVFRFUl9EQVRFX1BBVEg9IiR7UkVTVUxUU19DT01NSVRURVJfREFURV9QQVRIOi19IgpleHBvcnQgUkVTVUxUU19DT01NSVRfUEFUSD0iJHtSRVNVTFRTX0NPTU1JVF9QQVRIOi19IgpleHBvcnQgUkVTVUxUU19VUkxfUEFUSD0iJHtSRVNVTFRTX1VSTF9QQVRIOi19IgoKIyBmdWxsIHBhdGggdG8gdGhlIGNoZWNrb3V0IGRpcmVjdG9yeSwgdXNpbmcgdGhlIHNvdXJjZSB3b3Jrc3BhY2UgYW5kIHN1YmRpcmVjdG9yIHBhcmFtZXRlcgpbWyAhIC16ICR7V09SS1NQQUNFU19TT1VSQ0VfUEFUSH0gXV0gJiYgZXhwb3J0IFdPUktTUEFDRVNfUk9PVF9QQVRIPSIke1dPUktTUEFDRVNfU09VUkNFX1BBVEh9IgpbWyAhIC16ICR7V09SS1NQQUNFU19PVVRQVVRfUEFUSH0gXV0gJiYgZXhwb3J0IFdPUktTUEFDRVNfUk9PVF9QQVRIPSIke1dPUktTUEFDRVNfT1VUUFVUX1BBVEh9IgoKY2hlY2tvdXRfZGlyPSIke1dPUktTUEFDRVNfUk9PVF9QQVRIfS8ke1BBUkFNU19TVUJESVJFQ1RPUll9IgoKIwojIEZ1bmN0aW9ucwojCgpmYWlsKCkgewogICAgZWNobyAiRVJST1I6ICR7QH0iIDE+JjIKICAgIGV4aXQgMQp9CgpwaGFzZSgpIHsKICAgIGVjaG8gIi0tLT4gUGhhc2U6ICR7QH0uLi4iCn0KCiMgSW5zcGVjdCB0aGUgZW52aXJvbm1lbnQgdmFyaWFibGVzIHRvIGFzc2VydCB0aGUgbWluaW11bSBjb25maWd1cmF0aW9uIGlzIGluZm9ybWVkLgphc3NlcnRfcmVxdWlyZWRfY29uZmlndXJhdGlvbl9vcl9mYWlsKCkgewogICAgW1sgLXogIiR7UEFSQU1TX1VSTH0iICAmJiAgLXogIiR7UEFSQU1TX0dJVF9TQ1JJUFR9IiBdXSAmJgogICAgICAgIGZhaWwgIlBhcmFtZXRlciBVUkwgb3IgU0NSSVBUIG11c3QgYmUgc2V0ISIKCiAgICBbWyAteiAiJHtXT1JLU1BBQ0VTX1JPT1RfUEFUSH0iIF1dICYmCiAgICAgICAgZmFpbCAiUm9vdCBXb3Jrc3BhY2UgaXMgbm90IHNldCEiCgogICAgW1sgISAtZCAiJHtXT1JLU1BBQ0VTX1JPT1RfUEFUSH0iIF1dICYmCiAgICAgICAgZmFpbCAiUm9vdCBXb3Jrc3BhY2UgZGlyZWN0b3J5IG5vdCBmb3VuZCEiCiAgICByZXR1cm4gMAp9CgojIENvcHkgdGhlIGZpbGUgaW50byB0aGUgZGVzdGluYXRpb24sIGNoZWNraW5nIGlmIHRoZSBzb3VyY2UgZXhpc3RzLgpjb3B5X29yX2ZhaWwoKSB7CiAgICBsb2NhbCBfbW9kZT0iJHsxfSIKICAgIGxvY2FsIF9zcmM9IiR7Mn0iCiAgICBsb2NhbCBfZHN0PSIkezN9IgoKICAgIGlmIFtbICEgLWYgIiR7X3NyY30iICYmICEgLWQgIiR7X3NyY30iIF1dOyB0aGVuCiAgICAgICAgZmFpbCAiU291cmNlIGZpbGUvZGlyZWN0b3J5IGlzIG5vdCBmb3VuZCBhdCAnJHtfc3JjfSciCiAgICBmaQoKICAgIGlmIFtbIC1kICIke19zcmN9IiBdXTsgdGhlbgogICAgICAgIGNwIC1SdiAke19zcmN9ICR7X2RzdH0KICAgICAgICBjaG1vZCAtdiAke19tb2RlfSAke19kc3R9CiAgICBlbHNlCiAgICAgICAgaW5zdGFsbCAtLXZlcmJvc2UgLS1tb2RlPSR7X21vZGV9ICR7X3NyY30gJHtfZHN0fQogICAgZmkKfQoKIyBEZWxldGUgYW55IGV4aXN0aW5nIGNvbnRlbnRzIG9mIHRoZSByZXBvIGRpcmVjdG9yeSBpZiBpdCBleGlzdHMuIFdlIGRvbid0IGp1c3QgInJtIC1yZiA8ZGlyPiIKIyBiZWNhdXNlIG1pZ2h0IGJlICIvIiBvciB0aGUgcm9vdCBvZiBhIG1vdW50ZWQgdm9sdW1lLgpjbGVhbl9kaXIoKSB7CiAgICBsb2NhbCBfZGlyPSIkezF9IgoKICAgIFtbICEgLWQgIiR7X2Rpcn0iIF1dICYmCiAgICAgICAgcmV0dXJuIDAKCiAgICAjIERlbGV0ZSBub24taGlkZGVuIGZpbGVzIGFuZCBkaXJlY3RvcmllcwogICAgcm0gLXJmdiAke19kaXI6P30vKgogICAgIyBEZWxldGUgZmlsZXMgYW5kIGRpcmVjdG9yaWVzIHN0YXJ0aW5nIHdpdGggLiBidXQgZXhjbHVkaW5nIC4uCiAgICBybSAtcmZ2ICR7X2Rpcn0vLlshLl0qCiAgICAjIERlbGV0ZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgc3RhcnRpbmcgd2l0aCAuLiBwbHVzIGFueSBvdGhlciBjaGFyYWN0ZXIKICAgIHJtIC1yZnYgJHtfZGlyfS8uLj8qCn0KCiMKIyBTZXR0aW5ncwojCgojIHdoZW4gdGhlIGtvLWFwcCBkaXJlY3RvcnkgaXMgcHJlc2VudCwgbWFraW5nIHN1cmUgaXQncyBwYXJ0IG9mIHRoZSBQQVRICltbIC1kICIva28tYXBwIiBdXSAmJiBleHBvcnQgUEFUSD0iJHtQQVRIfTova28tYXBwIgoKIyBtYWtpbmcgdGhlIHNoZWxsIHZlcmJvc2Ugd2hlbiB0aGUgcGFyYW10ZXIgaXMgc2V0CltbICIke1BBUkFNU19WRVJCT1NFfSIgPT0gInRydWUiIF1dICYmIHNldCAteAoKcmV0dXJuIDA=" |base64 -d >"/scripts/common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgc2gKc2V0IC1ldQoKc291cmNlICQoQ0RQQVRIPSBjZCAtLSAiJChkaXJuYW1lIC0tICR7MH0pIiAmJiBwd2QpL2NvbW1vbi5zaAoKYXNzZXJ0X3JlcXVpcmVkX2NvbmZpZ3VyYXRpb25fb3JfZmFpbAoKcGhhc2UgIlNldHRpbmcgb3V0cHV0IHdvcmtzcGFjZSBhcyBzYWZlIGRpcmVjdG9yeSAoJyR7V09SS1NQQUNFU19ST09UX1BBVEh9JykiCmdpdCBjb25maWcgLS1nbG9iYWwgLS1hZGQgc2FmZS5kaXJlY3RvcnkgIiR7V09SS1NQQUNFU19ST09UX1BBVEh9IgoKIyBTZXR0aW5nIHVwIHRoZSBjb25maWcgZm9yIHRoZSBnaXQuCgppZiBbIC1uICIke1BBUkFNU19HSVRfVVNFUl9FTUFJTH0iIF0gOyB0aGVuCiAgICBwaGFzZSAiU2V0dGluZyBnbG9iYWwgZW1haWwgZm9yIGdpdCAke1BBUkFNU19HSVRfVVNFUl9FTUFJTH0iCiAgICBnaXQgY29uZmlnIC0tZ2xvYmFsIHVzZXIuZW1haWwgIiR7UEFSQU1TX0dJVF9VU0VSX0VNQUlMfSIKZmkKCmlmIFsgLW4gIiR7UEFSQU1TX0dJVF9VU0VSX05BTUV9IiBdIDsgdGhlbgogICAgcGhhc2UgIlNldHRpbmcgZ2xvYmFsIHVzZXJuYW1lIGZvciBnaXQgJHtQQVJBTVNfR0lUX1VTRVJfTkFNRX0iCiAgICBnaXQgY29uZmlnIC0tZ2xvYmFsIHVzZXIubmFtZSAiJHtQQVJBTVNfR0lUX1VTRVJfTkFNRX0iCmZpCgojCiMgQ0EgKGBzc2wtY2EtZGlyZWN0b3J5YCBXb3Jrc3BhY2UpCiMKCmlmIFtbICIke1dPUktTUEFDRVNfU1NMX0NBX0RJUkVDVE9SWV9CT1VORH0iID09ICJ0cnVlIiAmJiAtbiAiJHtQQVJBTVNfQ1JUX0ZJTEVOQU1FfSIgXV07IHRoZW4KCXBoYXNlICJJbnNwZWN0aW5nICdzc2wtY2EtZGlyZWN0b3J5JyB3b3Jrc3BhY2UgbG9va2luZyBmb3IgJyR7UEFSQU1TX0NSVF9GSUxFTkFNRX0nIGZpbGUiCgljcnQ9IiR7V09SS1NQQUNFU19TU0xfQ0FfRElSRUNUT1JZX1BBVEh9LyR7UEFSQU1TX0NSVF9GSUxFTkFNRX0iCglbWyAhIC1mICIke2NydH0iIF1dICYmCgkJZmFpbCAiQ1JUIGZpbGUgKFBBUkFNU19DUlRfRklMRU5BTUUpIG5vdCBmb3VuZCBhdCAnJHtjcnR9JyIKCglwaGFzZSAiRXhwb3J0aW5nIGN1c3RvbSBDQSBjZXJ0aWZpY2F0ZSAnR0lUX1NTTF9DQUlORk89JHtjcnR9JyIKCWV4cG9ydCBHSVRfU1NMX0NBSU5GTz0ke2NydH0KZmkKCiMKIyBQcm94eSBTZXR0aW5ncwojCgpwaGFzZSAiU2V0dGluZyB1cCBIVFRQX1BST1hZPScke1BBUkFNU19IVFRQX1BST1hZfSciCltbIC1uICIke1BBUkFNU19IVFRQX1BST1hZfSIgXV0gJiYgZXhwb3J0IEhUVFBfUFJPWFk9IiR7UEFSQU1TX0hUVFBfUFJPWFl9IgoKcGhhc2UgIlNldHR0aW5nIHVwIEhUVFBTX1BST1hZPScke1BBUkFNU19IVFRQU19QUk9YWX0nIgpbWyAtbiAiJHtQQVJBTVNfSFRUUFNfUFJPWFl9IiBdXSAmJiBleHBvcnQgSFRUUFNfUFJPWFk9IiR7UEFSQU1TX0hUVFBTX1BST1hZfSIKCnBoYXNlICJTZXR0aW5nIHVwIE5PX1BST1hZPScke1BBUkFNU19OT19QUk9YWX0nIgpbWyAtbiAiJHtQQVJBTVNfTk9fUFJPWFl9IiBdXSAmJiBleHBvcnQgTk9fUFJPWFk9IiR7UEFSQU1TX05PX1BST1hZfSIKCgppZiBbWyAhIC16ICIke1BBUkFNU19VUkx9IiBdXTsKdGhlbgogICAgcGhhc2UgIkNsb25pbmcgJyR7UEFSQU1TX1VSTH0nIGludG8gJyR7Y2hlY2tvdXRfZGlyfSciCiAgICBzZXQgLXgKICAgIGV4ZWMgZ2l0LWluaXQgXAogICAgICAgIC11cmw9IiR7UEFSQU1TX1VSTH0iIFwKICAgICAgICAtcmV2aXNpb249IiR7UEFSQU1TX1JFVklTSU9OfSIgXAogICAgICAgIC1yZWZzcGVjPSIke1BBUkFNU19SRUZTUEVDfSIgXAogICAgICAgIC1wYXRoPSIke2NoZWNrb3V0X2Rpcn0iIFwKICAgICAgICAtc3NsVmVyaWZ5PSIke1BBUkFNU19TU0xfVkVSSUZZfSIgXAogICAgICAgIC1zdWJtb2R1bGVzPSIke1BBUkFNU19TVUJNT0RVTEVTfSIgXAogICAgICAgIC1kZXB0aD0iJHtQQVJBTVNfREVQVEh9IiBcCiAgICAgICAgLXNwYXJzZUNoZWNrb3V0RGlyZWN0b3JpZXM9IiR7UEFSQU1TX1NQQVJTRV9DSEVDS09VVF9ESVJFQ1RPUklFU30iCmVsc2UKICAgIHBoYXNlICJSdW5uaW5nIHRoZSBwcm92aWRlZCBzY3JpcHRzICR7UEFSQU1TX0dJVF9TQ1JJUFR9IGluICR7Y2hlY2tvdXRfZGlyfSIKICAgIGV2YWwgIiR7UEFSQU1TX0dJVF9TQ1JJUFR9IgoKICAgIFJFU1VMVF9TSEE9IiQoZ2l0IHJldi1wYXJzZSBIRUFEIHwgdHIgLWQgJ1xuJykiCiAgICBFWElUX0NPREU9IiQ/IgogICAgaWYgWyAiJEVYSVRfQ09ERSIgIT0gMCBdCiAgICB0aGVuCiAgICAgICAgZXhpdCAkRVhJVF9DT0RFCiAgICBmaQogICAgIyBNYWtlIHN1cmUgd2UgZG9uJ3QgYWRkIGEgdHJhaWxpbmcgbmV3bGluZSB0byB0aGUgcmVzdWx0IQogICAgcHJpbnRmICIlcyIgIiRSRVNVTFRfU0hBIiA+ICIke1JFU1VMVFNfQ09NTUlUX1BBVEh9IgogICAgZWNobyAkUkVTVUxUX1NIQQpmaQoK" |base64 -d >"/scripts/git-run.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgc2gKIwojIFNldHMgdXAgdGhlIGJhc2ljIGFuZCBTU0ggYXV0aGVudGljYXRpb24gYmFzZWQgb24gaW5mb3JtZWQgd29ya3NwYWNlcywgYXMgd2VsbCBhcyBjbGVhbmluZyB1cCB0aGUKIyBwcmV2aW91cyBnaXQtY2xvbmUgc3RhbGUgZGF0YS4KIwoKc2V0IC1ldQoKc291cmNlICQoQ0RQQVRIPSBjZCAtLSAiJChkaXJuYW1lIC0tICR7MH0pIiAmJiBwd2QpL2NvbW1vbi5zaAoKYXNzZXJ0X3JlcXVpcmVkX2NvbmZpZ3VyYXRpb25fb3JfZmFpbAoKcGhhc2UgIlByZXBhcmluZyB0aGUgZmlsZXN5c3RlbSBiZWZvcmUgY2xvbmluZyB0aGUgcmVwb3NpdG9yeSIKCmlmIFtbICIke1BBUkFNU19ERUxFVEVfRVhJU1RJTkd9IiA9PSAidHJ1ZSIgXV07IHRoZW4KCXBoYXNlICJEZWxldGluZyBhbGwgY29udGVudHMgb2YgY2hlY2tvdXQtZGlyICcke2NoZWNrb3V0X2Rpcn0nIgoJY2xlYW5fZGlyICR7Y2hlY2tvdXRfZGlyfSB8fCB0cnVlCmZpCgppZiBbWyAiJHtXT1JLU1BBQ0VTX0JBU0lDX0FVVEhfQk9VTkR9IiA9PSAidHJ1ZSIgXV07IHRoZW4KCXBoYXNlICJDb25maWd1cmluZyBHaXQgYXV0aGVudGljYXRpb24gd2l0aCAnYmFzaWMtYXV0aCcgV29ya3NwYWNlIGZpbGVzIgoKCWZvciBmIGluIC5naXQtY3JlZGVudGlhbHMgLmdpdGNvbmZpZzsgZG8KCQlzcmM9IiR7V09SS1NQQUNFU19CQVNJQ19BVVRIX1BBVEh9LyR7Zn0iCgkJcGhhc2UgIkNvcHlpbmcgJyR7c3JjfScgdG8gJyR7UEFSQU1TX1VTRVJfSE9NRX0nIgoJCWNvcHlfb3JfZmFpbCA0MDAgJHtzcmN9ICIke1BBUkFNU19VU0VSX0hPTUV9LyIKCWRvbmUKZmkKCmlmIFtbICIke1dPUktTUEFDRVNfU1NIX0RJUkVDVE9SWV9CT1VORH0iID09ICJ0cnVlIiBdXTsgdGhlbgoJcGhhc2UgIkNvcHlpbmcgJy5zc2gnIGZyb20gc3NoLWRpcmVjdG9yeSB3b3Jrc3BhY2UgKCcke1dPUktTUEFDRVNfU1NIX0RJUkVDVE9SWV9QQVRIfScpIgoKCWRvdF9zc2g9IiR7UEFSQU1TX1VTRVJfSE9NRX0vLnNzaCIKCWNvcHlfb3JfZmFpbCA3MDAgJHtXT1JLU1BBQ0VTX1NTSF9ESVJFQ1RPUllfUEFUSH0gJHtkb3Rfc3NofQoJY2htb2QgLVJ2IDQwMCAke2RvdF9zc2h9LyoKZmkKCgpleGl0IDA=" |base64 -d >"/scripts/prepare.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgc2gKIwojIFNjYW4gdGhlIGNsb25lZCByZXBvc2l0b3J5IGluIG9yZGVyIHRvIHJlcG9ydCBkZXRhaWxzIHdyaXR0aW5nIHRoZSByZXN1bHQgZmlsZXMuCiMKCnNldCAtZXUKCnNvdXJjZSAkKENEUEFUSD0gY2QgLS0gIiQoZGlybmFtZSAtLSAkezB9KSIgJiYgcHdkKS9jb21tb24uc2gKCmFzc2VydF9yZXF1aXJlZF9jb25maWd1cmF0aW9uX29yX2ZhaWwKCnBoYXNlICJDb2xsZWN0aW5nIGNsb25lZCByZXBvc2l0b3J5IGluZm9ybWF0aW9uICgnJHtjaGVja291dF9kaXJ9JykiCgpjZCAiJHtjaGVja291dF9kaXJ9IiB8fCBmYWlsICJOb3QgYWJsZSB0byBlbnRlciBjaGVja291dC1kaXIgJyR7Y2hlY2tvdXRfZGlyfSciCgpwaGFzZSAiU2V0dGluZyBvdXRwdXQgd29ya3NwYWNlIGFzIHNhZmUgZGlyZWN0b3J5ICgnJHtXT1JLU1BBQ0VTX1JPT1RfUEFUSH0nKSIKZ2l0IGNvbmZpZyAtLWdsb2JhbCAtLWFkZCBzYWZlLmRpcmVjdG9yeSAiJHtXT1JLU1BBQ0VTX1JPT1RfUEFUSH0iCgpyZXN1bHRfc2hhPSIkKGdpdCByZXYtcGFyc2UgSEVBRCkiCnJlc3VsdF9jb21taXR0ZXJfZGF0ZT0iJChnaXQgbG9nIC0xIC0tcHJldHR5PSVjdCkiCgpwaGFzZSAiUmVwb3J0aW5nIGxhc3QgY29tbWl0IGRhdGUgJyR7cmVzdWx0X2NvbW1pdHRlcl9kYXRlfSciCnByaW50ZiAiJXMiICIke3Jlc3VsdF9jb21taXR0ZXJfZGF0ZX0iID4ke1JFU1VMVFNfQ09NTUlUVEVSX0RBVEVfUEFUSH0KCnBoYXNlICJSZXBvcnRpbmcgcGFyc2VkIHJldmlzaW9uIFNIQSAnJHtyZXN1bHRfc2hhfSciCnByaW50ZiAiJXMiICIke3Jlc3VsdF9zaGF9IiA+JHtSRVNVTFRTX0NPTU1JVF9QQVRIfQoKcGhhc2UgIlJlcG9ydGluZyByZXBvc2l0b3J5IFVSTCAnJHtQQVJBTVNfVVJMfSciCnByaW50ZiAiJXMiICIke1BBUkFNU19VUkx9IiA+JHtSRVNVTFRTX1VSTF9QQVRIfQoKZXhpdCAw" |base64 -d >"/scripts/report.sh" + chmod +x /scripts/*.sh;echo "Running Script /scripts/prepare.sh"; + /scripts/prepare.sh;echo "Running Script /scripts/git-run.sh"; + /scripts/git-run.sh; + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: user-home + mountPath: "$(params.USER_HOME)" diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-git-clone/task-git-clone-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-git-clone/task-git-clone-task.yaml new file mode 100644 index 0000000000..fb01b4b0d7 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-git-clone/task-git-clone-task.yaml @@ -0,0 +1,238 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-git-clone/0.4.1/task-git-clone.yaml +# +--- +--- +# Source: task-git/templates/task-git-clone.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: git-clone + labels: + app.kubernetes.io/version: 0.4.1 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-git" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/categories: Git + tekton.dev/displayName: git + tekton.dev/pipelines.minVersion: 0.54.0 + tekton.dev/platforms: linux/amd64,linux/s390x,linux/ppc64le,linux/arm64 + tekton.dev/tags: git +spec: + description: | + This object represents Git and is able to initialize and clone a remote repository on the informed Workspace. It's likely to become the first `step` on a Pipeline. + + + workspaces: + - name: ssh-directory + optional: true + description: | + A `.ssh` directory with private key, `known_hosts`, `config`, etc. + Copied to the Git user's home before cloning the repository, in order to + server as authentication mechanismBinding a Secret to this Workspace is + strongly recommended over other volume types. + - name: basic-auth + optional: true + description: | + A Workspace containing a `.gitconfig` and `.git-credentials` files. + These will be copied to the user's home before Git commands run. All + other files in this Workspace are ignored. It is strongly recommended to + use `ssh-directory` over `basic-auth` whenever possible, and to bind a + Secret to this Workspace over other volume types. + - name: ssl-ca-directory + optional: true + description: | + A Workspace containing CA certificates, this will be used by Git to + verify the peer with when interacting with remote repositories using + HTTPS. + - name: output + description: | + A workspace that contains the fetched git repository, data will be placed on the root of the + Workspace, or on the relative path defined by the SUBDIRECTORY + parameter. + + params: + - name: CRT_FILENAME + type: string + default: ca-bundle.crt + description: | + Certificate Authority (CA) bundle filename in the SSL CA directory. + - name: HTTP_PROXY + type: string + default: "" + description: | + HTTP proxy server (non-TLS requests). + - name: HTTPS_PROXY + type: string + default: "" + description: | + HTTPS proxy server (TLS requests). + - name: NO_PROXY + type: string + default: "" + description: | + Opt out of proxying HTTP/HTTPS requests. + - name: SUBDIRECTORY + type: string + default: "" + description: | + Path to the directory for storing the cloned Git repository, relative to the + output directory. + - name: USER_HOME + type: string + default: "/home/git" + description: | + Absolute path to the Git user home directory. + - name: DELETE_EXISTING + type: string + default: "true" + description: | + Clean out the contents of the default Workspace before specific Git operations occur, if data exists. + - name: VERBOSE + type: string + default: "false" + description: | + Log the executed commands. + - name: SSL_VERIFY + type: string + default: "true" + description: | + Sets the global `http.sslVerify` value, `false` is not advised unless + you trust the remote repository. + - name: URL + type: string + description: | + Git repository URL. + - name: REVISION + type: string + default: main + description: | + Revision to checkout, an branch, tag, sha, ref, etc... + - name: REFSPEC + default: "" + description: | + Repository `refspec` to fetch before checking out the revision. + - name: SUBMODULES + type: string + default: "true" + description: | + Initialize and fetch Git submodules. + - name: DEPTH + type: string + default: "1" + description: | + Number of commits to fetch, a "shallow clone" is a single commit. + - name: SPARSE_CHECKOUT_DIRECTORIES + type: string + default: "" + description: | + List of directory patterns split by comma to perform "sparse checkout". + + results: + - name: COMMIT + description: | + The precise commit SHA digest cloned. + - name: URL + description: | + The precise repository URL. + - name: COMMITTER_DATE + description: | + The epoch timestamp of the commit cloned. + + volumes: + - name: user-home + emptyDir: {} + - name: scripts-dir + emptyDir: {} + + stepTemplate: + env: + + - name: PARAMS_URL + value: "$(params.URL)" + - name: PARAMS_REVISION + value: "$(params.REVISION)" + - name: PARAMS_REFSPEC + value: "$(params.REFSPEC)" + - name: PARAMS_SUBMODULES + value: "$(params.SUBMODULES)" + - name: PARAMS_DEPTH + value: "$(params.DEPTH)" + - name: PARAMS_SPARSE_CHECKOUT_DIRECTORIES + value: "$(params.SPARSE_CHECKOUT_DIRECTORIES)" + - name: RESULTS_COMMITTER_DATE_PATH + value: "$(results.COMMITTER_DATE.path)" + - name: RESULTS_URL_PATH + value: "$(results.URL.path)" + - name: WORKSPACES_OUTPUT_PATH + value: "$(workspaces.output.path)" + + - name: PARAMS_SSL_VERIFY + value: "$(params.SSL_VERIFY)" + - name: PARAMS_CRT_FILENAME + value: "$(params.CRT_FILENAME)" + - name: PARAMS_SUBDIRECTORY + value: "$(params.SUBDIRECTORY)" + - name: PARAMS_DELETE_EXISTING + value: "$(params.DELETE_EXISTING)" + - name: PARAMS_HTTP_PROXY + value: "$(params.HTTP_PROXY)" + - name: PARAMS_HTTPS_PROXY + value: "$(params.HTTPS_PROXY)" + - name: PARAMS_NO_PROXY + value: "$(params.NO_PROXY)" + - name: PARAMS_VERBOSE + value: "$(params.VERBOSE)" + - name: PARAMS_USER_HOME + value: "$(params.USER_HOME)" + - name: WORKSPACES_SSH_DIRECTORY_BOUND + value: "$(workspaces.ssh-directory.bound)" + - name: WORKSPACES_SSH_DIRECTORY_PATH + value: "$(workspaces.ssh-directory.path)" + - name: WORKSPACES_BASIC_AUTH_BOUND + value: "$(workspaces.basic-auth.bound)" + - name: WORKSPACES_BASIC_AUTH_PATH + value: "$(workspaces.basic-auth.path)" + - name: WORKSPACES_SSL_CA_DIRECTORY_BOUND + value: "$(workspaces.ssl-ca-directory.bound)" + - name: WORKSPACES_SSL_CA_DIRECTORY_PATH + value: "$(workspaces.ssl-ca-directory.path)" + - name: RESULTS_COMMIT_PATH + value: "$(results.COMMIT.path)" + computeResources: + limits: + cpu: 100m + memory: 256Mi + requests: + cpu: 100m + memory: 256Mi + securityContext: + runAsNonRoot: true + runAsUser: 65532 + + steps: + - name: prepare-and-run + image: registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8@sha256:c4b2183f7c7997bd401d86b33eefb637b3ef2fa90618e875106292cd69a15c14 + workingDir: $(workspaces.output.path) + script: | + set -e + printf '%s' "IyEvdXNyL2Jpbi9lbnYgc2gKCmV4cG9ydCBQQVJBTVNfVVJMPSIke1BBUkFNU19VUkw6LX0iCmV4cG9ydCBQQVJBTVNfUkVWSVNJT049IiR7UEFSQU1TX1JFVklTSU9OOi19IgpleHBvcnQgUEFSQU1TX1JFRlNQRUM9IiR7UEFSQU1TX1JFRlNQRUM6LX0iCmV4cG9ydCBQQVJBTVNfU1VCTU9EVUxFUz0iJHtQQVJBTVNfU1VCTU9EVUxFUzotfSIKZXhwb3J0IFBBUkFNU19ERVBUSD0iJHtQQVJBTVNfREVQVEg6LX0iCmV4cG9ydCBQQVJBTVNfU1NMX1ZFUklGWT0iJHtQQVJBTVNfU1NMX1ZFUklGWTotfSIKZXhwb3J0IFBBUkFNU19DUlRfRklMRU5BTUU9IiR7UEFSQU1TX0NSVF9GSUxFTkFNRTotfSIKZXhwb3J0IFBBUkFNU19TVUJESVJFQ1RPUlk9IiR7UEFSQU1TX1NVQkRJUkVDVE9SWTotfSIKZXhwb3J0IFBBUkFNU19TUEFSU0VfQ0hFQ0tPVVRfRElSRUNUT1JJRVM9IiR7UEFSQU1TX1NQQVJTRV9DSEVDS09VVF9ESVJFQ1RPUklFUzotfSIKZXhwb3J0IFBBUkFNU19ERUxFVEVfRVhJU1RJTkc9IiR7UEFSQU1TX0RFTEVURV9FWElTVElORzotfSIKZXhwb3J0IFBBUkFNU19IVFRQX1BST1hZPSIke1BBUkFNU19IVFRQX1BST1hZOi19IgpleHBvcnQgUEFSQU1TX0hUVFBTX1BST1hZPSIke1BBUkFNU19IVFRQU19QUk9YWTotfSIKZXhwb3J0IFBBUkFNU19OT19QUk9YWT0iJHtQQVJBTVNfTk9fUFJPWFk6LX0iCmV4cG9ydCBQQVJBTVNfVkVSQk9TRT0iJHtQQVJBTVNfVkVSQk9TRTotfSIKZXhwb3J0IFBBUkFNU19VU0VSX0hPTUU9IiR7UEFSQU1TX1VTRVJfSE9NRTotfSIKZXhwb3J0IFBBUkFNU19HSVRfVVNFUl9FTUFJTD0iJHtQQVJBTVNfR0lUX1VTRVJfRU1BSUw6LX0iCmV4cG9ydCBQQVJBTVNfR0lUX1VTRVJfTkFNRT0iJHtQQVJBTVNfR0lUX1VTRVJfTkFNRTotfSIKZXhwb3J0IFBBUkFNU19HSVRfU0NSSVBUPSIke1BBUkFNU19HSVRfU0NSSVBUOi19IgoKZXhwb3J0IFdPUktTUEFDRVNfU09VUkNFX1BBVEg9IiR7V09SS1NQQUNFU19TT1VSQ0VfUEFUSDotfSIKZXhwb3J0IFdPUktTUEFDRVNfT1VUUFVUX1BBVEg9IiR7V09SS1NQQUNFU19PVVRQVVRfUEFUSDotfSIKZXhwb3J0IFdPUktTUEFDRVNfU1NIX0RJUkVDVE9SWV9CT1VORD0iJHtXT1JLU1BBQ0VTX1NTSF9ESVJFQ1RPUllfQk9VTkQ6LX0iCmV4cG9ydCBXT1JLU1BBQ0VTX1NTSF9ESVJFQ1RPUllfUEFUSD0iJHtXT1JLU1BBQ0VTX1NTSF9ESVJFQ1RPUllfUEFUSDotfSIKZXhwb3J0IFdPUktTUEFDRVNfQkFTSUNfQVVUSF9CT1VORD0iJHtXT1JLU1BBQ0VTX0JBU0lDX0FVVEhfQk9VTkQ6LX0iCmV4cG9ydCBXT1JLU1BBQ0VTX0JBU0lDX0FVVEhfUEFUSD0iJHtXT1JLU1BBQ0VTX0JBU0lDX0FVVEhfUEFUSDotfSIKZXhwb3J0IFdPUktTUEFDRVNfU1NMX0NBX0RJUkVDVE9SWV9CT1VORD0iJHtXT1JLU1BBQ0VTX1NTTF9DQV9ESVJFQ1RPUllfQk9VTkQ6LX0iCmV4cG9ydCBXT1JLU1BBQ0VTX1NTTF9DQV9ESVJFQ1RPUllfUEFUSD0iJHtXT1JLU1BBQ0VTX1NTTF9DQV9ESVJFQ1RPUllfUEFUSDotfSIKCmV4cG9ydCBSRVNVTFRTX0NPTU1JVFRFUl9EQVRFX1BBVEg9IiR7UkVTVUxUU19DT01NSVRURVJfREFURV9QQVRIOi19IgpleHBvcnQgUkVTVUxUU19DT01NSVRfUEFUSD0iJHtSRVNVTFRTX0NPTU1JVF9QQVRIOi19IgpleHBvcnQgUkVTVUxUU19VUkxfUEFUSD0iJHtSRVNVTFRTX1VSTF9QQVRIOi19IgoKIyBmdWxsIHBhdGggdG8gdGhlIGNoZWNrb3V0IGRpcmVjdG9yeSwgdXNpbmcgdGhlIHNvdXJjZSB3b3Jrc3BhY2UgYW5kIHN1YmRpcmVjdG9yIHBhcmFtZXRlcgpbWyAhIC16ICR7V09SS1NQQUNFU19TT1VSQ0VfUEFUSH0gXV0gJiYgZXhwb3J0IFdPUktTUEFDRVNfUk9PVF9QQVRIPSIke1dPUktTUEFDRVNfU09VUkNFX1BBVEh9IgpbWyAhIC16ICR7V09SS1NQQUNFU19PVVRQVVRfUEFUSH0gXV0gJiYgZXhwb3J0IFdPUktTUEFDRVNfUk9PVF9QQVRIPSIke1dPUktTUEFDRVNfT1VUUFVUX1BBVEh9IgoKY2hlY2tvdXRfZGlyPSIke1dPUktTUEFDRVNfUk9PVF9QQVRIfS8ke1BBUkFNU19TVUJESVJFQ1RPUll9IgoKIwojIEZ1bmN0aW9ucwojCgpmYWlsKCkgewogICAgZWNobyAiRVJST1I6ICR7QH0iIDE+JjIKICAgIGV4aXQgMQp9CgpwaGFzZSgpIHsKICAgIGVjaG8gIi0tLT4gUGhhc2U6ICR7QH0uLi4iCn0KCiMgSW5zcGVjdCB0aGUgZW52aXJvbm1lbnQgdmFyaWFibGVzIHRvIGFzc2VydCB0aGUgbWluaW11bSBjb25maWd1cmF0aW9uIGlzIGluZm9ybWVkLgphc3NlcnRfcmVxdWlyZWRfY29uZmlndXJhdGlvbl9vcl9mYWlsKCkgewogICAgW1sgLXogIiR7UEFSQU1TX1VSTH0iICAmJiAgLXogIiR7UEFSQU1TX0dJVF9TQ1JJUFR9IiBdXSAmJgogICAgICAgIGZhaWwgIlBhcmFtZXRlciBVUkwgb3IgU0NSSVBUIG11c3QgYmUgc2V0ISIKCiAgICBbWyAteiAiJHtXT1JLU1BBQ0VTX1JPT1RfUEFUSH0iIF1dICYmCiAgICAgICAgZmFpbCAiUm9vdCBXb3Jrc3BhY2UgaXMgbm90IHNldCEiCgogICAgW1sgISAtZCAiJHtXT1JLU1BBQ0VTX1JPT1RfUEFUSH0iIF1dICYmCiAgICAgICAgZmFpbCAiUm9vdCBXb3Jrc3BhY2UgZGlyZWN0b3J5IG5vdCBmb3VuZCEiCiAgICByZXR1cm4gMAp9CgojIENvcHkgdGhlIGZpbGUgaW50byB0aGUgZGVzdGluYXRpb24sIGNoZWNraW5nIGlmIHRoZSBzb3VyY2UgZXhpc3RzLgpjb3B5X29yX2ZhaWwoKSB7CiAgICBsb2NhbCBfbW9kZT0iJHsxfSIKICAgIGxvY2FsIF9zcmM9IiR7Mn0iCiAgICBsb2NhbCBfZHN0PSIkezN9IgoKICAgIGlmIFtbICEgLWYgIiR7X3NyY30iICYmICEgLWQgIiR7X3NyY30iIF1dOyB0aGVuCiAgICAgICAgZmFpbCAiU291cmNlIGZpbGUvZGlyZWN0b3J5IGlzIG5vdCBmb3VuZCBhdCAnJHtfc3JjfSciCiAgICBmaQoKICAgIGlmIFtbIC1kICIke19zcmN9IiBdXTsgdGhlbgogICAgICAgIGNwIC1SdiAke19zcmN9ICR7X2RzdH0KICAgICAgICBjaG1vZCAtdiAke19tb2RlfSAke19kc3R9CiAgICBlbHNlCiAgICAgICAgaW5zdGFsbCAtLXZlcmJvc2UgLS1tb2RlPSR7X21vZGV9ICR7X3NyY30gJHtfZHN0fQogICAgZmkKfQoKIyBEZWxldGUgYW55IGV4aXN0aW5nIGNvbnRlbnRzIG9mIHRoZSByZXBvIGRpcmVjdG9yeSBpZiBpdCBleGlzdHMuIFdlIGRvbid0IGp1c3QgInJtIC1yZiA8ZGlyPiIKIyBiZWNhdXNlIG1pZ2h0IGJlICIvIiBvciB0aGUgcm9vdCBvZiBhIG1vdW50ZWQgdm9sdW1lLgpjbGVhbl9kaXIoKSB7CiAgICBsb2NhbCBfZGlyPSIkezF9IgoKICAgIFtbICEgLWQgIiR7X2Rpcn0iIF1dICYmCiAgICAgICAgcmV0dXJuIDAKCiAgICAjIERlbGV0ZSBub24taGlkZGVuIGZpbGVzIGFuZCBkaXJlY3RvcmllcwogICAgcm0gLXJmdiAke19kaXI6P30vKgogICAgIyBEZWxldGUgZmlsZXMgYW5kIGRpcmVjdG9yaWVzIHN0YXJ0aW5nIHdpdGggLiBidXQgZXhjbHVkaW5nIC4uCiAgICBybSAtcmZ2ICR7X2Rpcn0vLlshLl0qCiAgICAjIERlbGV0ZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgc3RhcnRpbmcgd2l0aCAuLiBwbHVzIGFueSBvdGhlciBjaGFyYWN0ZXIKICAgIHJtIC1yZnYgJHtfZGlyfS8uLj8qCn0KCiMKIyBTZXR0aW5ncwojCgojIHdoZW4gdGhlIGtvLWFwcCBkaXJlY3RvcnkgaXMgcHJlc2VudCwgbWFraW5nIHN1cmUgaXQncyBwYXJ0IG9mIHRoZSBQQVRICltbIC1kICIva28tYXBwIiBdXSAmJiBleHBvcnQgUEFUSD0iJHtQQVRIfTova28tYXBwIgoKIyBtYWtpbmcgdGhlIHNoZWxsIHZlcmJvc2Ugd2hlbiB0aGUgcGFyYW10ZXIgaXMgc2V0CltbICIke1BBUkFNU19WRVJCT1NFfSIgPT0gInRydWUiIF1dICYmIHNldCAteAoKcmV0dXJuIDA=" |base64 -d >"/scripts/common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgc2gKc2V0IC1ldQoKc291cmNlICQoQ0RQQVRIPSBjZCAtLSAiJChkaXJuYW1lIC0tICR7MH0pIiAmJiBwd2QpL2NvbW1vbi5zaAoKYXNzZXJ0X3JlcXVpcmVkX2NvbmZpZ3VyYXRpb25fb3JfZmFpbAoKcGhhc2UgIlNldHRpbmcgb3V0cHV0IHdvcmtzcGFjZSBhcyBzYWZlIGRpcmVjdG9yeSAoJyR7V09SS1NQQUNFU19ST09UX1BBVEh9JykiCmdpdCBjb25maWcgLS1nbG9iYWwgLS1hZGQgc2FmZS5kaXJlY3RvcnkgIiR7V09SS1NQQUNFU19ST09UX1BBVEh9IgoKIyBTZXR0aW5nIHVwIHRoZSBjb25maWcgZm9yIHRoZSBnaXQuCgppZiBbIC1uICIke1BBUkFNU19HSVRfVVNFUl9FTUFJTH0iIF0gOyB0aGVuCiAgICBwaGFzZSAiU2V0dGluZyBnbG9iYWwgZW1haWwgZm9yIGdpdCAke1BBUkFNU19HSVRfVVNFUl9FTUFJTH0iCiAgICBnaXQgY29uZmlnIC0tZ2xvYmFsIHVzZXIuZW1haWwgIiR7UEFSQU1TX0dJVF9VU0VSX0VNQUlMfSIKZmkKCmlmIFsgLW4gIiR7UEFSQU1TX0dJVF9VU0VSX05BTUV9IiBdIDsgdGhlbgogICAgcGhhc2UgIlNldHRpbmcgZ2xvYmFsIHVzZXJuYW1lIGZvciBnaXQgJHtQQVJBTVNfR0lUX1VTRVJfTkFNRX0iCiAgICBnaXQgY29uZmlnIC0tZ2xvYmFsIHVzZXIubmFtZSAiJHtQQVJBTVNfR0lUX1VTRVJfTkFNRX0iCmZpCgojCiMgQ0EgKGBzc2wtY2EtZGlyZWN0b3J5YCBXb3Jrc3BhY2UpCiMKCmlmIFtbICIke1dPUktTUEFDRVNfU1NMX0NBX0RJUkVDVE9SWV9CT1VORH0iID09ICJ0cnVlIiAmJiAtbiAiJHtQQVJBTVNfQ1JUX0ZJTEVOQU1FfSIgXV07IHRoZW4KCXBoYXNlICJJbnNwZWN0aW5nICdzc2wtY2EtZGlyZWN0b3J5JyB3b3Jrc3BhY2UgbG9va2luZyBmb3IgJyR7UEFSQU1TX0NSVF9GSUxFTkFNRX0nIGZpbGUiCgljcnQ9IiR7V09SS1NQQUNFU19TU0xfQ0FfRElSRUNUT1JZX1BBVEh9LyR7UEFSQU1TX0NSVF9GSUxFTkFNRX0iCglbWyAhIC1mICIke2NydH0iIF1dICYmCgkJZmFpbCAiQ1JUIGZpbGUgKFBBUkFNU19DUlRfRklMRU5BTUUpIG5vdCBmb3VuZCBhdCAnJHtjcnR9JyIKCglwaGFzZSAiRXhwb3J0aW5nIGN1c3RvbSBDQSBjZXJ0aWZpY2F0ZSAnR0lUX1NTTF9DQUlORk89JHtjcnR9JyIKCWV4cG9ydCBHSVRfU1NMX0NBSU5GTz0ke2NydH0KZmkKCiMKIyBQcm94eSBTZXR0aW5ncwojCgpwaGFzZSAiU2V0dGluZyB1cCBIVFRQX1BST1hZPScke1BBUkFNU19IVFRQX1BST1hZfSciCltbIC1uICIke1BBUkFNU19IVFRQX1BST1hZfSIgXV0gJiYgZXhwb3J0IEhUVFBfUFJPWFk9IiR7UEFSQU1TX0hUVFBfUFJPWFl9IgoKcGhhc2UgIlNldHR0aW5nIHVwIEhUVFBTX1BST1hZPScke1BBUkFNU19IVFRQU19QUk9YWX0nIgpbWyAtbiAiJHtQQVJBTVNfSFRUUFNfUFJPWFl9IiBdXSAmJiBleHBvcnQgSFRUUFNfUFJPWFk9IiR7UEFSQU1TX0hUVFBTX1BST1hZfSIKCnBoYXNlICJTZXR0aW5nIHVwIE5PX1BST1hZPScke1BBUkFNU19OT19QUk9YWX0nIgpbWyAtbiAiJHtQQVJBTVNfTk9fUFJPWFl9IiBdXSAmJiBleHBvcnQgTk9fUFJPWFk9IiR7UEFSQU1TX05PX1BST1hZfSIKCgppZiBbWyAhIC16ICIke1BBUkFNU19VUkx9IiBdXTsKdGhlbgogICAgcGhhc2UgIkNsb25pbmcgJyR7UEFSQU1TX1VSTH0nIGludG8gJyR7Y2hlY2tvdXRfZGlyfSciCiAgICBzZXQgLXgKICAgIGV4ZWMgZ2l0LWluaXQgXAogICAgICAgIC11cmw9IiR7UEFSQU1TX1VSTH0iIFwKICAgICAgICAtcmV2aXNpb249IiR7UEFSQU1TX1JFVklTSU9OfSIgXAogICAgICAgIC1yZWZzcGVjPSIke1BBUkFNU19SRUZTUEVDfSIgXAogICAgICAgIC1wYXRoPSIke2NoZWNrb3V0X2Rpcn0iIFwKICAgICAgICAtc3NsVmVyaWZ5PSIke1BBUkFNU19TU0xfVkVSSUZZfSIgXAogICAgICAgIC1zdWJtb2R1bGVzPSIke1BBUkFNU19TVUJNT0RVTEVTfSIgXAogICAgICAgIC1kZXB0aD0iJHtQQVJBTVNfREVQVEh9IiBcCiAgICAgICAgLXNwYXJzZUNoZWNrb3V0RGlyZWN0b3JpZXM9IiR7UEFSQU1TX1NQQVJTRV9DSEVDS09VVF9ESVJFQ1RPUklFU30iCmVsc2UKICAgIHBoYXNlICJSdW5uaW5nIHRoZSBwcm92aWRlZCBzY3JpcHRzICR7UEFSQU1TX0dJVF9TQ1JJUFR9IGluICR7Y2hlY2tvdXRfZGlyfSIKICAgIGV2YWwgIiR7UEFSQU1TX0dJVF9TQ1JJUFR9IgoKICAgIFJFU1VMVF9TSEE9IiQoZ2l0IHJldi1wYXJzZSBIRUFEIHwgdHIgLWQgJ1xuJykiCiAgICBFWElUX0NPREU9IiQ/IgogICAgaWYgWyAiJEVYSVRfQ09ERSIgIT0gMCBdCiAgICB0aGVuCiAgICAgICAgZXhpdCAkRVhJVF9DT0RFCiAgICBmaQogICAgIyBNYWtlIHN1cmUgd2UgZG9uJ3QgYWRkIGEgdHJhaWxpbmcgbmV3bGluZSB0byB0aGUgcmVzdWx0IQogICAgcHJpbnRmICIlcyIgIiRSRVNVTFRfU0hBIiA+ICIke1JFU1VMVFNfQ09NTUlUX1BBVEh9IgogICAgZWNobyAkUkVTVUxUX1NIQQpmaQoK" |base64 -d >"/scripts/git-run.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgc2gKIwojIFNldHMgdXAgdGhlIGJhc2ljIGFuZCBTU0ggYXV0aGVudGljYXRpb24gYmFzZWQgb24gaW5mb3JtZWQgd29ya3NwYWNlcywgYXMgd2VsbCBhcyBjbGVhbmluZyB1cCB0aGUKIyBwcmV2aW91cyBnaXQtY2xvbmUgc3RhbGUgZGF0YS4KIwoKc2V0IC1ldQoKc291cmNlICQoQ0RQQVRIPSBjZCAtLSAiJChkaXJuYW1lIC0tICR7MH0pIiAmJiBwd2QpL2NvbW1vbi5zaAoKYXNzZXJ0X3JlcXVpcmVkX2NvbmZpZ3VyYXRpb25fb3JfZmFpbAoKcGhhc2UgIlByZXBhcmluZyB0aGUgZmlsZXN5c3RlbSBiZWZvcmUgY2xvbmluZyB0aGUgcmVwb3NpdG9yeSIKCmlmIFtbICIke1BBUkFNU19ERUxFVEVfRVhJU1RJTkd9IiA9PSAidHJ1ZSIgXV07IHRoZW4KCXBoYXNlICJEZWxldGluZyBhbGwgY29udGVudHMgb2YgY2hlY2tvdXQtZGlyICcke2NoZWNrb3V0X2Rpcn0nIgoJY2xlYW5fZGlyICR7Y2hlY2tvdXRfZGlyfSB8fCB0cnVlCmZpCgppZiBbWyAiJHtXT1JLU1BBQ0VTX0JBU0lDX0FVVEhfQk9VTkR9IiA9PSAidHJ1ZSIgXV07IHRoZW4KCXBoYXNlICJDb25maWd1cmluZyBHaXQgYXV0aGVudGljYXRpb24gd2l0aCAnYmFzaWMtYXV0aCcgV29ya3NwYWNlIGZpbGVzIgoKCWZvciBmIGluIC5naXQtY3JlZGVudGlhbHMgLmdpdGNvbmZpZzsgZG8KCQlzcmM9IiR7V09SS1NQQUNFU19CQVNJQ19BVVRIX1BBVEh9LyR7Zn0iCgkJcGhhc2UgIkNvcHlpbmcgJyR7c3JjfScgdG8gJyR7UEFSQU1TX1VTRVJfSE9NRX0nIgoJCWNvcHlfb3JfZmFpbCA0MDAgJHtzcmN9ICIke1BBUkFNU19VU0VSX0hPTUV9LyIKCWRvbmUKZmkKCmlmIFtbICIke1dPUktTUEFDRVNfU1NIX0RJUkVDVE9SWV9CT1VORH0iID09ICJ0cnVlIiBdXTsgdGhlbgoJcGhhc2UgIkNvcHlpbmcgJy5zc2gnIGZyb20gc3NoLWRpcmVjdG9yeSB3b3Jrc3BhY2UgKCcke1dPUktTUEFDRVNfU1NIX0RJUkVDVE9SWV9QQVRIfScpIgoKCWRvdF9zc2g9IiR7UEFSQU1TX1VTRVJfSE9NRX0vLnNzaCIKCWNvcHlfb3JfZmFpbCA3MDAgJHtXT1JLU1BBQ0VTX1NTSF9ESVJFQ1RPUllfUEFUSH0gJHtkb3Rfc3NofQoJY2htb2QgLVJ2IDQwMCAke2RvdF9zc2h9LyoKZmkKCgpleGl0IDA=" |base64 -d >"/scripts/prepare.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgc2gKIwojIFNjYW4gdGhlIGNsb25lZCByZXBvc2l0b3J5IGluIG9yZGVyIHRvIHJlcG9ydCBkZXRhaWxzIHdyaXR0aW5nIHRoZSByZXN1bHQgZmlsZXMuCiMKCnNldCAtZXUKCnNvdXJjZSAkKENEUEFUSD0gY2QgLS0gIiQoZGlybmFtZSAtLSAkezB9KSIgJiYgcHdkKS9jb21tb24uc2gKCmFzc2VydF9yZXF1aXJlZF9jb25maWd1cmF0aW9uX29yX2ZhaWwKCnBoYXNlICJDb2xsZWN0aW5nIGNsb25lZCByZXBvc2l0b3J5IGluZm9ybWF0aW9uICgnJHtjaGVja291dF9kaXJ9JykiCgpjZCAiJHtjaGVja291dF9kaXJ9IiB8fCBmYWlsICJOb3QgYWJsZSB0byBlbnRlciBjaGVja291dC1kaXIgJyR7Y2hlY2tvdXRfZGlyfSciCgpwaGFzZSAiU2V0dGluZyBvdXRwdXQgd29ya3NwYWNlIGFzIHNhZmUgZGlyZWN0b3J5ICgnJHtXT1JLU1BBQ0VTX1JPT1RfUEFUSH0nKSIKZ2l0IGNvbmZpZyAtLWdsb2JhbCAtLWFkZCBzYWZlLmRpcmVjdG9yeSAiJHtXT1JLU1BBQ0VTX1JPT1RfUEFUSH0iCgpyZXN1bHRfc2hhPSIkKGdpdCByZXYtcGFyc2UgSEVBRCkiCnJlc3VsdF9jb21taXR0ZXJfZGF0ZT0iJChnaXQgbG9nIC0xIC0tcHJldHR5PSVjdCkiCgpwaGFzZSAiUmVwb3J0aW5nIGxhc3QgY29tbWl0IGRhdGUgJyR7cmVzdWx0X2NvbW1pdHRlcl9kYXRlfSciCnByaW50ZiAiJXMiICIke3Jlc3VsdF9jb21taXR0ZXJfZGF0ZX0iID4ke1JFU1VMVFNfQ09NTUlUVEVSX0RBVEVfUEFUSH0KCnBoYXNlICJSZXBvcnRpbmcgcGFyc2VkIHJldmlzaW9uIFNIQSAnJHtyZXN1bHRfc2hhfSciCnByaW50ZiAiJXMiICIke3Jlc3VsdF9zaGF9IiA+JHtSRVNVTFRTX0NPTU1JVF9QQVRIfQoKcGhhc2UgIlJlcG9ydGluZyByZXBvc2l0b3J5IFVSTCAnJHtQQVJBTVNfVVJMfSciCnByaW50ZiAiJXMiICIke1BBUkFNU19VUkx9IiA+JHtSRVNVTFRTX1VSTF9QQVRIfQoKZXhpdCAw" |base64 -d >"/scripts/report.sh" + chmod +x /scripts/*.sh;echo "Running Script /scripts/prepare.sh"; + /scripts/prepare.sh;echo "Running Script /scripts/git-run.sh"; + /scripts/git-run.sh;echo "Running Script /scripts/report.sh"; + /scripts/report.sh; + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: user-home + mountPath: "$(params.USER_HOME)" diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-kn-apply/task-kn-apply-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-kn-apply/task-kn-apply-task.yaml new file mode 100644 index 0000000000..27d31fff9f --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-kn-apply/task-kn-apply-task.yaml @@ -0,0 +1,48 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-kn-apply/0.2.2/task-kn-apply.yaml +# +--- +--- +# Source: task-openshift/templates/task-kn-apply.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: kn-apply + labels: + app.kubernetes.io/version: 0.2.2 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-openshift" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/displayName: CLI + tekton.dev/pipelines.minVersion: 0.17.0 + tekton.dev/tags: cli +spec: + description: >- + This task deploys a given image to a Knative Service. + It uses `kn service apply` to create or update given knative service. + + params: + - name: SERVICE + description: Knative service name + - name: IMAGE + description: Image to deploy + + steps: + - name: kn + env: + - name: HOME + value: /tekton/home + image: registry.redhat.io/openshift-serverless-1/client-kn-rhel8:1.11.2-4 + command: ["/ko-app/kn"] + args: + ["service", "apply", "$(params.SERVICE)", "--image", "$(params.IMAGE)"] + securityContext: + runAsNonRoot: true + runAsUser: 65532 diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-kn/task-kn-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-kn/task-kn-task.yaml new file mode 100644 index 0000000000..7927f99643 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-kn/task-kn-task.yaml @@ -0,0 +1,48 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-kn/0.2.2/task-kn.yaml +# +--- +--- +# Source: task-openshift/templates/task-kn.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: kn + labels: + app.kubernetes.io/version: 0.2.2 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-openshift" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/displayName: CLI + tekton.dev/pipelines.minVersion: 0.17.0 + tekton.dev/tags: cli +spec: + description: >- + This Task performs operations on Knative resources + (services, revisions, routes) using kn CLI + + params: + - name: ARGS + type: array + description: kn CLI arguments to run + default: + - "help" + + steps: + - name: kn + env: + - name: HOME + value: /tekton/home + image: registry.redhat.io/openshift-serverless-1/client-kn-rhel8:1.11.2-4 + command: ["/ko-app/kn"] + args: ["$(params.ARGS)"] + securityContext: + runAsNonRoot: true + runAsUser: 65532 diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-maven/task-maven-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-maven/task-maven-task.yaml new file mode 100644 index 0000000000..38c5469e95 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-maven/task-maven-task.yaml @@ -0,0 +1,133 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-maven/0.3.2/task-maven.yaml +# +--- +--- +# Source: task-maven/templates/task-maven.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: maven + labels: + app.kubernetes.io/version: 0.3.2 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-maven" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/categories: containers + tekton.dev/pipelines.minVersion: 0.41.0 + tekton.dev/tags: containers +spec: + description: >- + This Task can be used to run a Maven build. + + workspaces: + - name: source + optional: false + description: The workspace consisting of maven project. + - name: server_secret + optional: true + description: The workspace containing server secrets (username and password) + - name: proxy_secret + optional: true + description: The workspace containing proxy server access credentials (username, password). + - name: proxy_configmap + optional: true + description: The workspace containing some proxy values (proxy_port,proxy_host,proxy_protocol,proxy_non_proxy_hosts) + - name: maven_settings + optional: true + description: The workspace consisting of the custom maven settings provided by the user. + params: + - name: GOALS + description: maven goals to run + type: array + default: + - "package" + - name: MAVEN_MIRROR_URL + description: The Maven repository mirror url + type: string + default: "" + - name: SUBDIRECTORY + type: string + description: >- + The subdirectory within the repository for sources on + which we want to execute maven goals. + default: "." + + stepTemplate: + env: + + - name: PARAMS_MAVEN_MIRROR_URL + value: "$(params.MAVEN_MIRROR_URL)" + - name: PARAMS_SUBDIRECTORY + value: "$(params.SUBDIRECTORY)" + - name: WORKSPACES_SOURCE_PATH + value: "$(workspaces.source.path)" + - name: WORKSPACES_SOURCE_BOUND + value: "$(workspaces.source.bound)" + - name: WORKSPACES_SERVER_SECRET_PATH + value: "$(workspaces.server_secret.path)" + - name: WORKSPACES_SERVER_SECRET_BOUND + value: "$(workspaces.server_secret.bound)" + - name: WORKSPACES_PROXY_SECRET_PATH + value: "$(workspaces.proxy_secret.path)" + - name: WORKSPACES_PROXY_SECRET_BOUND + value: "$(workspaces.proxy_secret.bound)" + - name: WORKSPACES_PROXY_CONFIGMAP_PATH + value: "$(workspaces.proxy_configmap.path)" + - name: WORKSPACES_PROXY_CONFIGMAP_BOUND + value: "$(workspaces.proxy_configmap.bound)" + - name: WORKSPACES_MAVEN_SETTINGS_PATH + value: "$(workspaces.maven_settings.path)" + - name: WORKSPACES_MAVEN_SETTINGS_BOUND + value: "$(workspaces.maven_settings.bound)" + + steps: + - name: maven-generate + image: registry.access.redhat.com/ubi8/ubi-minimal:8.9 + env: + - name: HOME + value: /tekton/home + script: | + set -e + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKZGVjbGFyZSAtcnggTUFWRU5fR0VORVJBVEVfRElSRUNUT1JZPSIke1dPUktTUEFDRVNfU09VUkNFX1BBVEh9LyR7UEFSQU1TX1NVQkRJUkVDVE9SWX0vbWF2ZW4tZ2VuZXJhdGUiCgpkZWNsYXJlIC1yeCBNQVZFTl9TRVRUSU5HU19GSUxFPSIke01BVkVOX0dFTkVSQVRFX0RJUkVDVE9SWX0vc2V0dGluZ3MueG1sIgoKaWYgW1sgLWYgJHtNQVZFTl9TRVRUSU5HU19GSUxFfSBdXTsgdGhlbgogICAgZWNobyAidXNpbmcgZXhpc3RpbmcgJyR7TUFWRU5fU0VUVElOR1NfRklMRX0nIgogICAgY2F0ICR7TUFWRU5fU0VUVElOR1NfRklMRX0KICAgIGV4aXQgMApmaQoKbWtkaXIgIiR7TUFWRU5fR0VORVJBVEVfRElSRUNUT1JZfSIKCiMgQ2hlY2sgaWYgc2V0dGluZ3MueG1sIGV4aXN0cyBpbiB0aGUgd29ya3NwYWNlIG1hdmVuLXNldHRpbmdzCmlmIFtbIC1mICIke1dPUktTUEFDRVNfTUFWRU5fU0VUVElOR1NfUEFUSH0vc2V0dGluZ3MueG1sIiBdXTsgdGhlbgogICAgY3AgIiR7V09SS1NQQUNFU19NQVZFTl9TRVRUSU5HU19QQVRIfS9zZXR0aW5ncy54bWwiICIke01BVkVOX1NFVFRJTkdTX0ZJTEV9IgogICAgZWNobyAiVXNpbmcgJyR7TUFWRU5fU0VUVElOR1NfRklMRX0nIGNvcGllZCBmcm9tIG9wdGlvbmFsIHdvcmtzcGFjZSBtYXZlbi1zZXR0aW5ncyIKICAgIGNhdCAke01BVkVOX1NFVFRJTkdTX0ZJTEV9CiAgICBleGl0IDAKZmkKCmNhdCA+ICIke01BVkVOX1NFVFRJTkdTX0ZJTEV9IiA8PEVPRgo8c2V0dGluZ3M+CiAgICA8c2VydmVycz4KICAgIDwhLS0gVGhlIHNlcnZlcnMgYWRkZWQgaGVyZSBhcmUgZ2VuZXJhdGVkIGZyb20gZW52aXJvbm1lbnQgdmFyaWFibGVzLiBEb24ndCBjaGFuZ2UuIC0tPgogICAgPCEtLSAjIyMgU0VSVkVSJ3MgVVNFUiBJTkZPIGZyb20gRU5WICMjIyAtLT4KICAgIDwvc2VydmVycz4KICAgIDxtaXJyb3JzPgogICAgPCEtLSBUaGUgbWlycm9ycyBhZGRlZCBoZXJlIGFyZSBnZW5lcmF0ZWQgZnJvbSBlbnZpcm9ubWVudCB2YXJpYWJsZXMuIERvbid0IGNoYW5nZS4gLS0+CiAgICA8IS0tICMjIyBtaXJyb3JzIGZyb20gRU5WICMjIyAtLT4KICAgIDwvbWlycm9ycz4KICAgIDxwcm94aWVzPgogICAgPCEtLSBUaGUgcHJveGllcyBhZGRlZCBoZXJlIGFyZSBnZW5lcmF0ZWQgZnJvbSBlbnZpcm9ubWVudCB2YXJpYWJsZXMuIERvbid0IGNoYW5nZS4gLS0+CiAgICA8IS0tICMjIyBIVFRQIHByb3h5IGZyb20gRU5WICMjIyAtLT4KICAgIDwvcHJveGllcz4KPC9zZXR0aW5ncz4KRU9GCgpjYXQgIiR7TUFWRU5fU0VUVElOR1NfRklMRX0iCgp4bWw9IiIKaWYgW1sgIiR7V09SS1NQQUNFU19QUk9YWV9TRUNSRVRfQk9VTkR9IiA9PSAidHJ1ZSIgXV07IHRoZW4KICAgIGlmIHRlc3QgLWYgJHtXT1JLU1BBQ0VTX1BST1hZX1NFQ1JFVF9QQVRIfS91c2VybmFtZSAmJiB0ZXN0IC1mICR7V09SS1NQQUNFU19QUk9YWV9TRUNSRVRfUEFUSH0vcGFzc3dvcmQ7IHRoZW4KICAgIFBBUkFNU19QUk9YWV9VU0VSPSQoY2F0ICR7V09SS1NQQUNFU19QUk9YWV9TRUNSRVRfUEFUSH0vdXNlcm5hbWUpCiAgICBQQVJBTVNfUFJPWFlfUEFTU1dPUkQ9JChjYXQgJHtXT1JLU1BBQ0VTX1BST1hZX1NFQ1JFVF9QQVRIfS9wYXNzd29yZCkKCiAgICAjIEZldGNoaW5nIHByb3h5IGNvbmZpZ3VyYXRpb24gdmFsdWVzIGZyb20gQ29uZmlnTWFwIHdvcmtzcGFjZQogICAgUEFSQU1TX1BST1hZX0hPU1Q9JChjYXQgJHtXT1JLU1BBQ0VTX1BST1hZX0NPTkZJR01BUF9QQVRIfS9wcm94eV9ob3N0KQogICAgUEFSQU1TX1BST1hZX1BPUlQ9JChjYXQgJHtXT1JLU1BBQ0VTX1BST1hZX0NPTkZJR01BUF9QQVRIfS9wcm94eV9wb3J0KQogICAgUEFSQU1TX1BST1hZX1BST1RPQ09MPSQoY2F0ICR7V09SS1NQQUNFU19QUk9YWV9DT05GSUdNQVBfUEFUSH0vcHJveHlfcHJvdG9jb2wpCiAgICBQQVJBTVNfUFJPWFlfTk9OX1BST1hZX0hPU1RTPSQoY2F0ICR7V09SS1NQQUNFU19QUk9YWV9DT05GSUdNQVBfUEFUSH0vcHJveHlfbm9uX3Byb3h5X2hvc3RzKQoKICAgIGlmIFsgLW4gIiR7UEFSQU1TX1BST1hZX0hPU1R9IiAtYSAtbiAiJHtQQVJBTVNfUFJPWFlfUE9SVH0iIF07IHRoZW4KICAgICAgICB4bWw9Ijxwcm94eT5cCiAgICAgICAgPGlkPmdlbnByb3h5PC9pZD5cCiAgICAgICAgPGFjdGl2ZT50cnVlPC9hY3RpdmU+XAogICAgICAgIDxwcm90b2NvbD4ke1BBUkFNU19QUk9YWV9QUk9UT0NPTH08L3Byb3RvY29sPlwKICAgICAgICA8aG9zdD4ke1BBUkFNU19QUk9YWV9IT1NUfTwvaG9zdD5cCiAgICAgICAgPHBvcnQ+JHtQQVJBTVNfUFJPWFlfUE9SVH08L3BvcnQ+IgogICAgICAgIGlmIFsgLW4gIiR7UEFSQU1TX1BST1hZX1VTRVJ9IiAtYSAtbiAiJHtQQVJBTVNfUFJPWFlfUEFTU1dPUkR9IiBdOyB0aGVuCiAgICAgICAgICAgIHhtbD0iJHhtbFwKICAgICAgICAgICAgPHVzZXJuYW1lPiR7UEFSQU1TX1BST1hZX1VTRVJ9PC91c2VybmFtZT5cCiAgICAgICAgICAgIDxwYXNzd29yZD4ke1BBUkFNU19QUk9YWV9QQVNTV09SRH08L3Bhc3N3b3JkPiIKICAgICAgICBmaQogICAgICAgIGlmIFsgLW4gIiR7UEFSQU1TX1BST1hZX05PTl9QUk9YWV9IT1NUU30iIF07IHRoZW4KICAgICAgICAgICAgeG1sPSIkeG1sXAogICAgICAgICAgICA8bm9uUHJveHlIb3N0cz4ke1BBUkFNU19QUk9YWV9OT05fUFJPWFlfSE9TVFN9PC9ub25Qcm94eUhvc3RzPiIKICAgICAgICBmaQogICAgICAgIHhtbD0iJHhtbFwKICAgICAgICA8L3Byb3h5PiIKICAgICAgICBzZWQgLWkgInN8PCEtLSAjIyMgSFRUUCBwcm94eSBmcm9tIEVOViAjIyMgLS0+fCR4bWx8IiAke01BVkVOX1NFVFRJTkdTX0ZJTEV9CiAgICBmaQogICAgZWxzZQogICAgICAgIGVjaG8gIm5vICd1c2VybmFtZScgb3IgJ3Bhc3N3b3JkJyBmaWxlIGZvdW5kIGF0IHdvcmtzcGFjZSBwcm94eV9zZWNyZXQiCiAgICAgICAgZXhpdCAxCiAgICBmaQpmaQoKaWYgW1sgIiR7V09SS1NQQUNFU19TRVJWRVJfU0VDUkVUX0JPVU5EfSIgPT0gInRydWUiIF1dOyB0aGVuCiAgICBpZiB0ZXN0IC1mICR7V09SS1NQQUNFU19TRVJWRVJfU0VDUkVUX1BBVEh9L3VzZXJuYW1lICYmIHRlc3QgLWYke1dPUktTUEFDRVNfU0VSVkVSX1NFQ1JFVF9QQVRIfS9wYXNzd29yZDsgdGhlbgoJU0VSVkVSX1VTRVI9JChjYXQgJHtXT1JLU1BBQ0VTX1NFUlZFUl9TRUNSRVRfUEFUSH0vdXNlcm5hbWUpCglTRVJWRVJfUEFTU1dPUkQ9JChjYXQgJHtXT1JLU1BBQ0VTX1NFUlZFUl9TRUNSRVRfUEFUSH0vcGFzc3dvcmQpCglpZiBbIC1uICIke1NFUlZFUl9VU0VSfSIgLWEgLW4gIiR7U0VSVkVSX1BBU1NXT1JEfSIgXTsgdGhlbgoJICAgIHhtbD0iPHNlcnZlcj5cCiAgICAgICAgPGlkPnNlcnZlcmlkPC9pZD4iCgkgICAgeG1sPSIkeG1sXAogICAgICAgIDx1c2VybmFtZT4ke1NFUlZFUl9VU0VSfTwvdXNlcm5hbWU+XAogICAgICAgIDxwYXNzd29yZD4ke1NFUlZFUl9QQVNTV09SRH08L3Bhc3N3b3JkPiIKCSAgICB4bWw9IiR4bWxcCiAgICAgICAgPC9zZXJ2ZXI+IgoJICAgIHNlZCAtaSAic3w8IS0tICMjIyBTRVJWRVIncyBVU0VSIElORk8gZnJvbSBFTlYgIyMjIC0tPnwkeG1sfCIgJHtNQVZFTl9TRVRUSU5HU19GSUxFfQoJICAgIGVjaG8gIlNFUlZFUiBDcmVkcyBVcGRhdGVkIgoJZmkKICAgIGVsc2UKCWVjaG8gIm5vICd1c2VyJyBvciAncGFzc3dvcmQnIGZpbGUgZm91bmQgYXQgd29ya3NwYWNlIHNlcnZlcl9zZWNyZXQiCiAgICAgICAgZXhpdCAxCiAgICBmaQpmaQoKaWYgWyAtbiAiJHtQQVJBTVNfTUFWRU5fTUlSUk9SX1VSTH0iIF07IHRoZW4KICAgIHhtbD0iICAgIDxtaXJyb3I+XAogICAgPGlkPm1pcnJvci5kZWZhdWx0PC9pZD5cCiAgICA8dXJsPiR7UEFSQU1TX01BVkVOX01JUlJPUl9VUkx9PC91cmw+XAogICAgPG1pcnJvck9mPmNlbnRyYWw8L21pcnJvck9mPlwKICAgIDwvbWlycm9yPiIKICAgIHNlZCAtaSAic3w8IS0tICMjIyBtaXJyb3JzIGZyb20gRU5WICMjIyAtLT58JHhtbHwiICR7TUFWRU5fU0VUVElOR1NfRklMRX0KZmkK" |base64 -d >"/scripts/maven-generate.sh" + chmod +x /scripts/maven-*.sh;echo "Running Script /scripts/maven-generate.sh"; + /scripts/maven-generate.sh; + securityContext: + runAsNonRoot: true + runAsUser: 65532 + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: maven-settings-dir + mountPath: /maven-generate + + - name: maven-goals + env: + - name: HOME + value: /tekton/home + image: registry.access.redhat.com/ubi8/openjdk-11:latest + workingDir: $(workspaces.source.path)/$(params.SUBDIRECTORY) + command: ["/usr/bin/mvn"] + args: + - -s + - maven-generate/settings.xml + - "$(params.GOALS[*])" + securityContext: + runAsNonRoot: true + runAsUser: 65532 + volumeMounts: + - name: maven-settings-dir + mountPath: /maven-generate + + volumes: + - name: scripts-dir + emptyDir: {} + - name: maven-settings-dir + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-openshift-client/task-openshift-client-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-openshift-client/task-openshift-client-task.yaml new file mode 100644 index 0000000000..3282d1a521 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-openshift-client/task-openshift-client-task.yaml @@ -0,0 +1,93 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-openshift-client/0.2.2/task-openshift-client.yaml +# +--- +--- +# Source: task-openshift/templates/task-openshift-client.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: openshift-client + labels: + app.kubernetes.io/version: 0.2.2 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-openshift" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/displayName: CLI + tekton.dev/pipelines.minVersion: 0.17.0 + tekton.dev/tags: cli +spec: + description: >- + This task runs commands against the cluster provided by user + and if not provided then where the Task is being executed. + + OpenShift is a Kubernetes distribution from Red Hat which provides oc, + the OpenShift CLI that complements kubectl for simplifying deployment + and configuration applications on OpenShift. + + workspaces: + - name: manifest_dir + optional: true + description: >- + The workspace which contains kubernetes manifests which we want to apply on the cluster. + - name: kubeconfig_dir + optional: true + description: >- + The workspace which contains the the kubeconfig file if in case we want to run the oc command on another cluster. + + params: + - name: SCRIPT + description: The OpenShift CLI arguments to run + type: string + default: "oc help" + - name: VERSION + description: The OpenShift Version to use + type: string + default: "latest" + + stepTemplate: + env: + + - name: PARAMS_SCRIPT + value: "$(params.SCRIPT)" + - name: PARAMS_VERSION + value: "$(params.VERSION)" + - name: WORKSPACES_MANIFEST_DIR_BOUND + value: "$(workspaces.manifest_dir.bound)" + - name: WORKSPACES_MANIFEST_DIR_PATH + value: "$(workspaces.manifest_dir.path)" + - name: WORKSPACES_KUBECONFIG_DIR_BOUND + value: "$(workspaces.kubeconfig_dir.bound)" + - name: WORKSPACES_KUBECONFIG_DIR_PATH + value: "$(workspaces.kubeconfig_dir.path)" + + steps: + - name: oc + image: registry.redhat.io/openshift4/ose-cli@sha256:3d5b31cc3fbf878015e5c3ed1d48379d74b15b77a1a823024a7a2b7cd5e2e86d + env: + - name: HOME + value: /tekton/home + script: | + set -e + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQoK" |base64 -d >"/scripts/common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKc2hvcHQgLXMgaW5oZXJpdF9lcnJleGl0CnNldCAtZXUgLW8gcGlwZWZhaWwKCnNvdXJjZSAiJChkaXJuYW1lICR7QkFTSF9TT1VSQ0VbMF19KS9jb21tb24uc2giCnNvdXJjZSAiJChkaXJuYW1lICR7QkFTSF9TT1VSQ0VbMF19KS9vYy1jb21tb24uc2giCgpbWyAiJHtXT1JLU1BBQ0VTX01BTklGRVNUX0RJUl9CT1VORH0iID09ICJ0cnVlIiBdXSAmJiBcCiAgICAgIGNkICR7V09SS1NQQUNFU19NQU5JRkVTVF9ESVJfUEFUSH0KCltbICIke1dPUktTUEFDRVNfS1VCRUNPTkZJR19ESVJfQk9VTkR9IiA9PSAidHJ1ZSIgXV0gJiYgXApbWyAtZiAke1dPUktTUEFDRVNfS1VCRUNPTkZJR19ESVJfUEFUSH0va3ViZWNvbmZpZyBdXSAmJiBcCmV4cG9ydCBLVUJFQ09ORklHPSR7V09SS1NQQUNFU19LVUJFQ09ORklHX0RJUl9QQVRIfS9rdWJlY29uZmlnCgpldmFsICIke1BBUkFNU19TQ1JJUFR9IgoK" |base64 -d >"/scripts/oc-client.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKCmRlY2xhcmUgLXJ4IFBBUkFNU19TQ1JJUFQ9IiR7UEFSQU1TX1NDUklQVDotfSIKZGVjbGFyZSAtcnggUEFSQU1TX1ZFUlNJT049IiR7UEFSQU1TX1ZFUlNJT046LX0iCgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX01BTklGRVNUX0RJUl9QQVRIPSIke1dPUktTUEFDRVNfTUFOSUZFU1RfRElSX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFdPUktTUEFDRVNfTUFOSUZFU1RfRElSX0JPVU5EPSIke1dPUktTUEFDRVNfTUFOSUZFU1RfRElSX0JPVU5EOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX0tVQkVDT05GSUdfRElSX1BBVEg9IiR7V09SS1NQQUNFU19LVUJFQ09ORklHX0RJUl9QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX0tVQkVDT05GSUdfRElSX0JPVU5EPSIke1dPUktTUEFDRVNfS1VCRUNPTkZJR19ESVJfQk9VTkQ6LX0iCgojCiMgQXNzZXJ0aW5nIEVudmlyb25tZW50CiMKCmV4cG9ydGVkX29yX2ZhaWwgXAogICAgV09SS1NQQUNFU19NQU5JRkVTVF9ESVJfQk9VTkQgXAogICAgV09SS1NQQUNFU19LVUJFQ09ORklHX0RJUl9CT1VORCBcCiAgICBQQVJBTVNfU0NSSVBUIFwKICAgIFBBUkFNU19WRVJTSU9OCg==" |base64 -d >"/scripts/oc-common.sh" + chmod +x /scripts/oc-*.sh;echo "Running Script /scripts/oc-client.sh"; + /scripts/oc-client.sh $@; + securityContext: + runAsNonRoot: true + runAsUser: 65532 + volumeMounts: + - name: scripts-dir + mountPath: /scripts + + volumes: + - name: scripts-dir + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-s2i-dotnet/task-s2i-dotnet-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-s2i-dotnet/task-s2i-dotnet-task.yaml new file mode 100644 index 0000000000..2fdf6242a0 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-s2i-dotnet/task-s2i-dotnet-task.yaml @@ -0,0 +1,197 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-s2i-dotnet/0.4.1/task-s2i-dotnet.yaml +# +--- +--- +# Source: task-containers/templates/task-s2i-dotnet.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: s2i-dotnet + labels: + app.kubernetes.io/version: 0.4.1 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-containers" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/categories: containers + tekton.dev/pipelines.minVersion: 0.41.0 + tekton.dev/tags: containers +spec: + description: | + Builds the source code using the s2i's dotnet builder-image + "image-registry.openshift-image-registry.svc:5000/openshift/dotnet". + + + workspaces: + - name: source + optional: false + description: | + Application source code, the build context for S2I workflow. + - name: dockerconfig + optional: true + description: >- + An optional workspace that allows providing a .docker/config.json file for Buildah to access the container registry. + The file should be placed at the root of the Workspace with name config.json. + + params: + - name: IMAGE + type: string + description: | + Fully qualified container image name to be built by s2i. + - name: VERSION + description: The tag of the imagestream for the corresponding language version + default: latest + type: string + - name: IMAGE_SCRIPTS_URL + type: string + default: image:///usr/libexec/s2i + description: | + Specify a URL containing the default assemble and run scripts for the builder image + - name: ENV_VARS + type: array + default: [] + description: | + Array containing string of Environment Variables as "KEY=VALUE" + - name: CONTEXT + type: string + default: "." + description: | + Path to the directory to use as context. + - name: STORAGE_DRIVER + type: string + default: vfs + description: | + Set buildah storage driver to reflect the currrent cluster node's + settings. + - name: FORMAT + description: The format of the built container, oci or docker + default: "oci" + - name: BUILD_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the build command when building images. + - name: PUSH_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the push command when pushing images. + - name: SKIP_PUSH + default: "false" + description: | + Skip pushing the image to the container registry. + - name: TLS_VERIFY + type: string + default: "true" + description: | + Sets the TLS verification flag, `true` is recommended. + - name: VERBOSE + type: string + default: "false" + description: | + Turns on verbose logging, all commands executed will be printed out. + + results: + - name: IMAGE_URL + description: | + Fully qualified image name. + - name: IMAGE_DIGEST + description: | + Digest of the image just built. + + stepTemplate: + env: + + - name: PARAMS_IMAGE + value: "$(params.IMAGE)" + - name: PARAMS_VERSION + value: "$(params.VERSION)" + - name: PARAMS_IMAGE_SCRIPTS_URL + value: "$(params.IMAGE_SCRIPTS_URL)" + - name: PARAMS_CONTEXT + value: "$(params.CONTEXT)" + - name: PARAMS_FORMAT + value: "$(params.FORMAT)" + - name: PARAMS_STORAGE_DRIVER + value: "$(params.STORAGE_DRIVER)" + - name: PARAMS_BUILD_EXTRA_ARGS + value: "$(params.BUILD_EXTRA_ARGS)" + - name: PARAMS_PUSH_EXTRA_ARGS + value: "$(params.PUSH_EXTRA_ARGS)" + - name: PARAMS_SKIP_PUSH + value: "$(params.SKIP_PUSH)" + - name: PARAMS_TLS_VERIFY + value: "$(params.TLS_VERIFY)" + - name: PARAMS_VERBOSE + value: "$(params.VERBOSE)" + - name: WORKSPACES_SOURCE_BOUND + value: "$(workspaces.source.bound)" + - name: WORKSPACES_SOURCE_PATH + value: "$(workspaces.source.path)" + - name: WORKSPACES_DOCKERCONFIG_BOUND + value: "$(workspaces.dockerconfig.bound)" + - name: WORKSPACES_DOCKERCONFIG_PATH + value: "$(workspaces.dockerconfig.path)" + - name: RESULTS_IMAGE_URL_PATH + value: "$(results.IMAGE_URL.path)" + - name: RESULTS_IMAGE_DIGEST_PATH + value: "$(results.IMAGE_DIGEST.path)" + + steps: + - name: s2i-generate + image: registry.access.redhat.com/source-to-image/source-to-image-rhel8:v1.3.9-6 + workingDir: $(workspaces.source.path) + env: + - name: S2I_BUILDER_IMAGE + value: "image-registry.openshift-image-registry.svc:5000/openshift/dotnet:$(params.VERSION)" + script: | + set -e + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgV3JhcHBlciBhcm91bmQgImJ1aWxkYWggYnVkIiB0byBidWlsZCBhbmQgcHVzaCBhIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiBhIERvY2tlcmZpbGUuCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvYnVpbGRhaC1jb21tb24uc2giCgpmdW5jdGlvbiBfYnVpbGRhaCgpIHsKICAgIGJ1aWxkYWggXAogICAgICAgIC0tc3RvcmFnZS1kcml2ZXI9IiR7UEFSQU1TX1NUT1JBR0VfRFJJVkVSfSIgXAogICAgICAgIC0tdGxzLXZlcmlmeT0iJHtQQVJBTVNfVExTX1ZFUklGWX0iIFwKICAgICAgICAkeyp9Cn0KCiMKIyBQcmVwYXJlCiMKCiMgbWFraW5nIHN1cmUgdGhlIHJlcXVpcmVkIHdvcmtzcGFjZSAic291cmNlIiBpcyBib3VuZGVkLCB3aGljaCBtZWFucyBpdHMgdm9sdW1lIGlzIGN1cnJlbnRseSBtb3VudGVkCiMgYW5kIHJlYWR5IHRvIHVzZQpwaGFzZSAiSW5zcGVjdGluZyBzb3VyY2Ugd29ya3NwYWNlICcke1dPUktTUEFDRVNfU09VUkNFX1BBVEh9JyAoUFdEPScke1BXRH0nKSIKW1sgIiR7V09SS1NQQUNFU19TT1VSQ0VfQk9VTkR9IiAhPSAidHJ1ZSIgXV0gJiYKICAgIGZhaWwgIldvcmtzcGFjZSAnc291cmNlJyBpcyBub3QgYm91bmRlZCIKCnBoYXNlICJBc3NlcnRpbmcgdGhlIGRvY2tlcmZpbGUvY29udGFpbmVyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyBleGlzdHMiCltbICEgLWYgIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgIkRvY2tlcmZpbGUgbm90IGZvdW5kIGF0OiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJDT05URVhUIHBhcmFtIGlzIG5vdCBmb3VuZCBhdCAnJHtQQVJBTVNfQ09OVEVYVH0nLCBvbiBzb3VyY2Ugd29ya3NwYWNlIgoKcGhhc2UgIkJ1aWxkaW5nIGJ1aWxkIGFyZ3MiCkJVSUxEX0FSR1M9KCkKZm9yIGJ1aWxkYXJnIGluICIkQCI7IGRvCiAgICBCVUlMRF9BUkdTKz0oIi0tYnVpbGQtYXJnPSRidWlsZGFyZyIpCmRvbmUKCiMgSGFuZGxlIG9wdGlvbmFsIGRvY2tlcmNvbmZpZyBzZWNyZXQKaWYgW1sgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfQk9VTkR9IiA9PSAidHJ1ZSIgXV07IHRoZW4KCiAgICAjIGlmIGNvbmZpZy5qc29uIGV4aXN0cyBhdCB3b3Jrc3BhY2Ugcm9vdCwgd2UgdXNlIHRoYXQKICAgIGlmIHRlc3QgLWYgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0vY29uZmlnLmpzb24iOyB0aGVuCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0iCgogICAgICAgICMgZWxzZSB3ZSBsb29rIGZvciAuZG9ja2VyY29uZmlnanNvbiBhdCB0aGUgcm9vdAogICAgZWxpZiB0ZXN0IC1mICIke1dPUktTUEFDRVNfRE9DS0VSQ09ORklHX1BBVEh9Ly5kb2NrZXJjb25maWdqc29uIjsgdGhlbgogICAgICAgICMgZW5zdXJlIC5kb2NrZXIgZXhpc3QgYmVmb3JlIHRoZSBjb3B5aW5nIHRoZSBjb250ZW50CiAgICAgICAgaWYgWyAhIC1kICIkSE9NRS8uZG9ja2VyIiBdOyB0aGVuCiAgICAgICAgICAgbWtkaXIgLXAgIiRIT01FLy5kb2NrZXIiCiAgICAgICAgZmkKICAgICAgICBjcCAiJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIfS8uZG9ja2VyY29uZmlnanNvbiIgIiRIT01FLy5kb2NrZXIvY29uZmlnLmpzb24iCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiRIT01FLy5kb2NrZXIiCgogICAgICAgICMgbmVlZCB0byBlcnJvciBvdXQgaWYgbmVpdGhlciBmaWxlcyBhcmUgcHJlc2VudAogICAgZWxzZQogICAgICAgIGVjaG8gIm5laXRoZXIgJ2NvbmZpZy5qc29uJyBub3IgJy5kb2NrZXJjb25maWdqc29uJyBmb3VuZCBhdCB3b3Jrc3BhY2Ugcm9vdCIKICAgICAgICBleGl0IDEKICAgIGZpCmZpCgpFTlRJVExFTUVOVF9WT0xVTUU9IiIKaWYgW1sgIiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX0JPVU5EfSIgPT0gInRydWUiIF1dOyB0aGVuCiAgICBFTlRJVExFTUVOVF9WT0xVTUU9Ii0tdm9sdW1lICR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEh9Oi9ldGMvcGtpL2VudGl0bGVtZW50IgpmaQoKIwojIEJ1aWxkCiMKCnBoYXNlICJCdWlsZGluZyAnJHtQQVJBTVNfSU1BR0V9JyBiYXNlZCBvbiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCltbIC1uICIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX0JVSUxEX0VYVFJBX0FSR1N9JyIKCl9idWlsZGFoIGJ1ZCAke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSBcCiAgICAkRU5USVRMRU1FTlRfVk9MVU1FIFwKICAgICIke0JVSUxEX0FSR1NbQF19IiBcCiAgICAtLWZpbGU9IiR7RE9DS0VSRklMRV9GVUxMfSIgXAogICAgLS10YWc9IiR7UEFSQU1TX0lNQUdFfSIgXAogICAgIiR7UEFSQU1TX0NPTlRFWFR9IgoKaWYgW1sgIiR7UEFSQU1TX1NLSVBfUFVTSH0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgcGhhc2UgIlNraXBwaW5nIHB1c2hpbmcgJyR7UEFSQU1TX0lNQUdFfScgdG8gdGhlIGNvbnRhaW5lciByZWdpc3RyeSEiCiAgICBleGl0IDAKZmkKCiMKIyBQdXNoCiMKCnBoYXNlICJQdXNoaW5nICcke1BBUkFNU19JTUFHRX0nIHRvIHRoZSBjb250YWluZXIgcmVnaXN0cnkiCgpbWyAtbiAiJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX1BVU0hfRVhUUkFfQVJHU30nIgoKIyB0ZW1wb3JhcnkgZmlsZSB0byBzdG9yZSB0aGUgaW1hZ2UgZGlnZXN0LCBpbmZvcm1hdGlvbiBvbmx5IG9idGFpbmVkIGFmdGVyIHB1c2hpbmcgdGhlIGltYWdlIHRvIHRoZQojIGNvbnRhaW5lciByZWdpc3RyeQpkZWNsYXJlIC1yIGRpZ2VzdF9maWxlPSIvdG1wL2J1aWxkYWgtZGlnZXN0LnR4dCIKCl9idWlsZGFoIHB1c2ggJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSBcCiAgICAtLWRpZ2VzdGZpbGU9IiR7ZGlnZXN0X2ZpbGV9IiBcCiAgICAiJHtQQVJBTVNfSU1BR0V9IiBcCiAgICAiZG9ja2VyOi8vJHtQQVJBTVNfSU1BR0V9IgoKIwojIFJlc3VsdHMKIwoKcGhhc2UgIkluc3BlY3RpbmcgZGlnZXN0IHJlcG9ydCAoJyR7ZGlnZXN0X2ZpbGV9JykiCgpbWyAhIC1yICIke2RpZ2VzdF9maWxlfSIgXV0gJiYKICAgIGZhaWwgIlVuYWJsZSB0byBmaW5kIGRpZ2VzdC1maWxlIGF0ICcke2RpZ2VzdF9maWxlfSciCgpkZWNsYXJlIC1yIGRpZ2VzdF9zdW09IiQoY2F0ICR7ZGlnZXN0X2ZpbGV9KSIKCltbIC16ICIke2RpZ2VzdF9zdW19IiBdXSAmJgogICAgZmFpbCAiRGlnZXN0IGZpbGUgJyR7ZGlnZXN0X2ZpbGV9JyBpcyBlbXB0eSEiCgpwaGFzZSAiU3VjY2Vzc2Z1bHkgYnVpbHQgY29udGFpbmVyIGltYWdlICcke1BBUkFNU19JTUFHRX0nICgnJHtkaWdlc3Rfc3VtfScpIgplY2hvIC1uICIke1BBUkFNU19JTUFHRX0iIHwgdGVlICR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSH0KZWNobyAtbiAiJHtkaWdlc3Rfc3VtfSIgfCB0ZWUgJHtSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIfQo=" |base64 -d >"/scripts/buildah-bud.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKZGVjbGFyZSAtcnggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKZGVjbGFyZSAtcnggUEFSQU1TX0RPQ0tFUkZJTEU9IiR7UEFSQU1TX0RPQ0tFUkZJTEU6LX0iCmRlY2xhcmUgLXggUEFSQU1TX0NPTlRFWFQ9IiR7UEFSQU1TX0NPTlRFWFQ6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TVE9SQUdFX0RSSVZFUj0iJHtQQVJBTVNfU1RPUkFHRV9EUklWRVI6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19CVUlMRF9FWFRSQV9BUkdTPSIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTOi19IgpkZWNsYXJlIC1yeCBQQVJBTVNfUFVTSF9FWFRSQV9BUkdTPSIke1BBUkFNU19QVVNIX0VYVFJBX0FSR1M6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TS0lQX1BVU0g9IiR7UEFSQU1TX1NLSVBfUFVTSDotfSIKZGVjbGFyZSAtcnggUEFSQU1TX1RMU19WRVJJRlk9IiR7UEFSQU1TX1RMU19WRVJJRlk6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19WRVJCT1NFPSIke1BBUkFNU19WRVJCT1NFOi19IgoKZGVjbGFyZSAtcnggV09SS1NQQUNFU19TT1VSQ0VfUEFUSD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg9IiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFdPUktTUEFDRVNfUkhFTF9FTlRJVExFTUVOVF9CT1VORD0iJHtXT1JLU1BBQ0VTX1JIRUxfRU5USVRMRU1FTlRfQk9VTkQ6LX0iCgpkZWNsYXJlIC1yeCBSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIPSIke1JFU1VMVFNfSU1BR0VfRElHRVNUX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFJFU1VMVFNfSU1BR0VfVVJMX1BBVEg9IiR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSDotfSIKCiMKIyBEb2NrZXJmaWxlCiMKCiMgZXhwb3NpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUsIHdoaWNoIGJ5IGRlZmF1bHQgc2hvdWxkIGJlIHJlbGF0aXZlIHRvIHRoZSBwcmltYXJ5CiMgd29ya3NwYWNlLCB0byByZWNlaXZlIGEgZGlmZmVyZW50IGNvbnRhaW5lci1maWxlIGxvY2F0aW9uCmRlY2xhcmUgLXIgZG9ja2VyZmlsZV9vbl93cz0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19ET0NLRVJGSUxFfSIKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7RE9DS0VSRklMRV9GVUxMOi0ke2RvY2tlcmZpbGVfb25fd3N9fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKW1sgLXogIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgInVuYWJsZSB0byBmaW5kIHRoZSBEb2NrZXJmaWxlLCBET0NLRVJGSUxFIG1heSBoYXZlIGFuIGluY29ycmVjdCBsb2NhdGlvbiIKCmV4cG9ydGVkX29yX2ZhaWwgXAogICAgV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBcCiAgICBQQVJBTVNfSU1BR0UKCiMKIyBWZXJib3NlIE91dHB1dAojCgppZiBbWyAiJHtQQVJBTVNfVkVSQk9TRX0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgc2V0IC14CmZpCg==" |base64 -d >"/scripts/buildah-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + ls /scripts/buildah-*.sh; + chmod +x /scripts/buildah-*.sh; + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVXNlcyB0aGUgRG9ja2VyZmlsZSBnZW5lcmF0ZWQgYnkgczJpIHRvIGFzc2VtYmxlIGEgbmV3IGNvbnRhaW5lciBpbWFnZSB1c2luZyBidWlsZGFoLgojCgpzaG9wdCAtcyBpbmhlcml0X2VycmV4aXQKc2V0IC1ldSAtbyBwaXBlZmFpbAoKZGVjbGFyZSAtciBjdXJfZGlyPSIkKGRpcm5hbWUgJHtCQVNIX1NPVVJDRVswXX0pIgoKc291cmNlICIke2N1cl9kaXJ9L2NvbW1vbi5zaCIKc291cmNlICIke2N1cl9kaXJ9L3MyaS1jb21tb24uc2giCgojIGxvYWRpbmcgYnVpbGRhaCBzZXR0aW5ncyBvdmVyd3JpdHRpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7UzJJX0RPQ0tFUkZJTEV9Igpzb3VyY2UgIiR7Y3VyX2Rpcn0vYnVpbGRhaC1jb21tb24uc2giCgpwaGFzZSAiQ2hhbmdpbmcgJFBBUkFNU19DT05URVhUIHRvIHBvaW50IHRvIHByZXNlbnQgd29ya2luZyBkaXJlY3RvcnkiCltbICIkUEFSQU1TX0NPTlRFWFQiICE9ICIuIiBdXSAmJiAKICAgIFBBUkFNU19DT05URVhUPSIuIgoKcGhhc2UgIkluc3BlY3RpbmcgY29udGV4dCAnJHtQQVJBTVNfQ09OVEVYVH0nIgpbWyAhIC1kICIke1BBUkFNU19DT05URVhUfSIgXV0gJiYKICAgIGZhaWwgIkFwcGxpY2F0aW9uIHNvdXJjZSBjb2RlIGRpcmVjdG9yeSBub3QgZm91bmQgYXQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKCnBoYXNlICJCdWlsZGluZyB0aGUgRG9ja2VyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyB3aXRoIGJ1aWxkYWgiCmV4ZWMgJHtjdXJfZGlyfS9idWlsZGFoLWJ1ZC5zaAo=" |base64 -d >"/scripts/s2i-build.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0YXJnZXQgaW1hZ2UgbmFtZSAoZnVsbHkgcXVhbGlmaWVkKSB0byBiZSBidWlsZCB3aXRoIHMyaSwgcmVkZWNsYXJpbmcgdGhlIHNhbWUgcGFyYW1ldGVyIG5hbWUgdGhhbgojIGJ1aWxkYWggdGFzayB1c2VzCmRlY2xhcmUgLXggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKIyBTcGVjaWZ5IGEgVVJMIGNvbnRhaW5pbmcgdGhlIGRlZmF1bHQgYXNzZW1ibGUgYW5kIHJ1biBzY3JpcHRzIGZvciB0aGUgYnVpbGRlciBpbWFnZQpkZWNsYXJlIC1yeCBQQVJBTVNfSU1BR0VfU0NSSVBUU19VUkw9IiR7UEFSQU1TX0lNQUdFX1NDUklQVFNfVVJMOi19IgoKIyB2b2x1bWUgbW91bnQgb3IgZGlyZWN0b3J5IHJlc3BvbnNpYmxlIGZvciBob2xkaW5nIGZpbGVzIAojIGxpa2UgZW52LCBEb2NrZXJmaWxlIGFuZCBhbnkgb3RoZXJzIG5lZWRlZCB0byBzdXBwb3J0IHMyaQpkZWNsYXJlIC1yeCBTMklfR0VORVJBVEVfRElSRUNUT1JZPSIke1MySV9HRU5FUkFURV9ESVJFQ1RPUlk6LS9zMmktZ2VuZXJhdGV9IgoKIyBmdWxsIHBhdGggdG8gdGhlIGNvbnRhaW5lciBmaWxlIGdlbmVyYXRlZCBieSBzMmkKZGVjbGFyZSAtcnggUzJJX0RPQ0tFUkZJTEU9IiR7UzJJX0RPQ0tFUkZJTEU6LSR7UzJJX0dFTkVSQVRFX0RJUkVDVE9SWX0vRG9ja2VyZmlsZS5nZW59IgoKIyBmdWxsIHBhdGggdG8gdGhlIGVudiBmaWxlIHVzZWQgd2l0aCB0aGUgLS1lbnZpcm9ubWVudC1maWxlIHBhcmFtZXRlciBvZiBzMmkKZGVjbGFyZSAtcnggUzJJX0VOVklST05NRU5UX0ZJTEU9IiR7UzJJX0VOVklST05NRU5UX0ZJTEU6LSR7UzJJX0dFTkVSQVRFX0RJUkVDVE9SWX0vZW52fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKZXhwb3J0ZWRfb3JfZmFpbCBcCiAgICBXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIIFwKICAgIFBBUkFNU19JTUFHRQoKIwojIFZlcmJvc2UgT3V0cHV0CiMKCmRlY2xhcmUgLXggUzJJX0xPR0xFVkVMPSIwIgoKaWYgW1sgIiR7UEFSQU1TX1ZFUkJPU0V9IiA9PSAidHJ1ZSIgXV07IHRoZW4KICAgIFMySV9MT0dMRVZFTD0iMiIKICAgIHNldCAteApmaQo=" |base64 -d >"/scripts/s2i-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVXNlcyBzMmkgdG8gZ2VuZXJhdGUgdGhlIHJlcGVzY3RpdmUgQ29udGFpbmVyZmlsZSBiYXNlZCBvbiB0aGUgaW5mb21yZWQgYnVpbGRlci4gVGhlIENvbnRhaW5lcmZpbGUKIyBpcyBzdG9yZWQgb24gYSB0ZW1wb3JhcnkgbG9jYXRpb24uCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvczJpLWNvbW1vbi5zaCIKCiMgczJpIGJ1aWxkZXIgaW1hZ2UgbmFtZSAoZnVsbHkgcXVhbGlmaWVkKQpkZWNsYXJlIC1yeCBTMklfQlVJTERFUl9JTUFHRT0iJHtTMklfQlVJTERFUl9JTUFHRTotfSIKCiMgdGFrZXMgdGhlIHZhbHVlcyBpbiBhcmd1bWVudCBFTlZfVkFSUyBhbmQgY3JlYXRlcyBhbiBhcnJheSB1c2luZyB0aG9zZSB2YWx1ZXMKZGVjbGFyZSAtcmEgRU5WX1ZBUlM9KCR7QH0pCgojIHJlLXVzaW5nIHRoZSBzYW1lIHBhcmFtZXRlcnMgdGhhbiBidWlsZGFoLCBzMmkgbmVlZHMgYnVpbGRhaCBhYmlsaXRpZXMgdG8gY3JlYXRlIHRoZSBmaW5hbAojIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiB3aGF0IHMyaSBnZW5lcmF0ZXMKc291cmNlICIkKGRpcm5hbWUgJHtCQVNIX1NPVVJDRVswXX0pL2J1aWxkYWgtY29tbW9uLnNoIgoKIwojIFByZXBhcmUKIwoKIyBtYWtpbmcgc3VyZSB0aGUgcmVxdWlyZWQgd29ya3NwYWNlICJzb3VyY2UiIGlzIGJvdW5kZWQsIHdoaWNoIG1lYW5zIGl0cyB2b2x1bWUgaXMgY3VycmVudGx5IG1vdW50ZWQKIyBhbmQgcmVhZHkgdG8gdXNlCnBoYXNlICJJbnNwZWN0aW5nIHNvdXJjZSB3b3Jrc3BhY2UgJyR7V09SS1NQQUNFU19TT1VSQ0VfUEFUSH0nIChQV0Q9JyR7UFdEfScpIgpbWyAiJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORH0iICE9ICJ0cnVlIiBdXSAmJgogICAgZmFpbCAiV29ya3NwYWNlICdzb3VyY2UnIGlzIG5vdCBib3VuZGVkIgoKcGhhc2UgIkFwcGVuZGluZyAkUEFSQU1TX0NPTlRFWFQgd2l0aCAkV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBpZiBpdCdzIHJlbGF0aXZlIgpbWyAiJFBBUkFNU19DT05URVhUIiAhPSAiLiIgJiYgIiRQQVJBTVNfQ09OVEVYVCIgIT0gLyogXV0gJiYgCiAgICBQQVJBTVNfQ09OVEVYVD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19DT05URVhUfSIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJBcHBsaWNhdGlvbiBzb3VyY2UgY29kZSBkaXJlY3Rvcnkgbm90IGZvdW5kIGF0ICcke1BBUkFNU19DT05URVhUfSciCgpwaGFzZSAiQWRkaW5nIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdG8gJyR7UzJJX0VOVklST05NRU5UX0ZJTEV9JyIKCiMgYWRkIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdGhhdCBhcmUgc2VudCBhcyBjb21tYW5kIGxpbmUgYXJndW1lbnRzIGZyb20gRU5WX1ZBUlMgcGFyYW1ldGVyCnRvdWNoICIke1MySV9FTlZJUk9OTUVOVF9GSUxFfSIKaWYgWyAkeyNFTlZfVkFSU1tAXX0gLWd0IDAgXTsgdGhlbgogICAgZm9yIGVudl92YXIgaW4gIiR7RU5WX1ZBUlNbQF19IjsgZG8KICAgICAgICBlY2hvICIke2Vudl92YXJ9IiA+PiAiJHtTMklfRU5WSVJPTk1FTlRfRklMRX0iCiAgICBkb25lCmZpCgojCiMgUzJJIEdlbmVyYXRlCiMKCnBoYXNlICJHZW5lcmF0aW5nIHRoZSBEb2NrZXJmaWxlIGZvciBTMkkgYnVpbGRlciBpbWFnZSAnJHtTMklfQlVJTERFUl9JTUFHRX0nIgpzMmkgLS1sb2dsZXZlbCAiJHtTMklfTE9HTEVWRUx9IiBcCiAgICBidWlsZCAiJHtQQVJBTVNfQ09OVEVYVH0iICIke1MySV9CVUlMREVSX0lNQUdFfSIgXAogICAgICAgIC0taW1hZ2Utc2NyaXB0cy11cmwgIiR7UEFSQU1TX0lNQUdFX1NDUklQVFNfVVJMfSIgXAogICAgICAgIC0tYXMtZG9ja2VyZmlsZSAiJHtTMklfRE9DS0VSRklMRX0iIFwKICAgICAgICAtLWVudmlyb25tZW50LWZpbGUgIiR7UzJJX0VOVklST05NRU5UX0ZJTEV9IgoKcGhhc2UgIkluc3BlY3RpbmcgdGhlIERvY2tlcmZpbGUgZ2VuZXJhdGVkIGF0ICcke1MySV9ET0NLRVJGSUxFfSciCltbICEgLWYgIiR7UzJJX0RPQ0tFUkZJTEV9IiBdXSAmJgogICAgZmFpbCAiR2VuZXJhdGVkIERvY2tlcmZpbGUgaXMgbm90IGZvdW5kISIKCnNldCAreApwaGFzZSAiR2VuZXJhdGVkIERvY2tlcmZpbGUgcGF5bG9hZCIKZWNobyAtZW4gIj4+PiAke1MySV9ET0NLRVJGSUxFfVxuJChjYXQgJHtTMklfRE9DS0VSRklMRX0pXG48PDwgRU9GXG4iCg==" |base64 -d >"/scripts/s2i-generate.sh" + ls /scripts/s2i-*.sh; + chmod +x /scripts/s2i-*.sh;echo "Running Script /scripts/s2i-generate.sh"; + /scripts/s2i-generate.sh; + args: + - "$(params.ENV_VARS[*])" + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: s2i-generate-dir + mountPath: /s2i-generate + + - name: s2i-build + image: registry.access.redhat.com/ubi8/buildah:8.10-5 + workingDir: /s2i-generate + command: + - /scripts/s2i-build.sh + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: s2i-generate-dir + mountPath: /s2i-generate + + volumes: + - name: scripts-dir + emptyDir: {} + - name: s2i-generate-dir + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-s2i-go/task-s2i-go-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-s2i-go/task-s2i-go-task.yaml new file mode 100644 index 0000000000..8d54be6b9f --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-s2i-go/task-s2i-go-task.yaml @@ -0,0 +1,197 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-s2i-go/0.4.1/task-s2i-go.yaml +# +--- +--- +# Source: task-containers/templates/task-s2i-go.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: s2i-go + labels: + app.kubernetes.io/version: 0.4.1 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-containers" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/categories: containers + tekton.dev/pipelines.minVersion: 0.41.0 + tekton.dev/tags: containers +spec: + description: | + Builds the source code using the s2i's Golang builder-image + "image-registry.openshift-image-registry.svc:5000/openshift/golang". + + + workspaces: + - name: source + optional: false + description: | + Application source code, the build context for S2I workflow. + - name: dockerconfig + optional: true + description: >- + An optional workspace that allows providing a .docker/config.json file for Buildah to access the container registry. + The file should be placed at the root of the Workspace with name config.json. + + params: + - name: IMAGE + type: string + description: | + Fully qualified container image name to be built by s2i. + - name: VERSION + description: The tag of the imagestream for the corresponding language version + default: latest + type: string + - name: IMAGE_SCRIPTS_URL + type: string + default: image:///usr/libexec/s2i + description: | + Specify a URL containing the default assemble and run scripts for the builder image + - name: ENV_VARS + type: array + default: [] + description: | + Array containing string of Environment Variables as "KEY=VALUE" + - name: CONTEXT + type: string + default: "." + description: | + Path to the directory to use as context. + - name: STORAGE_DRIVER + type: string + default: vfs + description: | + Set buildah storage driver to reflect the currrent cluster node's + settings. + - name: FORMAT + description: The format of the built container, oci or docker + default: "oci" + - name: BUILD_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the build command when building images. + - name: PUSH_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the push command when pushing images. + - name: SKIP_PUSH + default: "false" + description: | + Skip pushing the image to the container registry. + - name: TLS_VERIFY + type: string + default: "true" + description: | + Sets the TLS verification flag, `true` is recommended. + - name: VERBOSE + type: string + default: "false" + description: | + Turns on verbose logging, all commands executed will be printed out. + + results: + - name: IMAGE_URL + description: | + Fully qualified image name. + - name: IMAGE_DIGEST + description: | + Digest of the image just built. + + stepTemplate: + env: + + - name: PARAMS_IMAGE + value: "$(params.IMAGE)" + - name: PARAMS_VERSION + value: "$(params.VERSION)" + - name: PARAMS_IMAGE_SCRIPTS_URL + value: "$(params.IMAGE_SCRIPTS_URL)" + - name: PARAMS_CONTEXT + value: "$(params.CONTEXT)" + - name: PARAMS_FORMAT + value: "$(params.FORMAT)" + - name: PARAMS_STORAGE_DRIVER + value: "$(params.STORAGE_DRIVER)" + - name: PARAMS_BUILD_EXTRA_ARGS + value: "$(params.BUILD_EXTRA_ARGS)" + - name: PARAMS_PUSH_EXTRA_ARGS + value: "$(params.PUSH_EXTRA_ARGS)" + - name: PARAMS_SKIP_PUSH + value: "$(params.SKIP_PUSH)" + - name: PARAMS_TLS_VERIFY + value: "$(params.TLS_VERIFY)" + - name: PARAMS_VERBOSE + value: "$(params.VERBOSE)" + - name: WORKSPACES_SOURCE_BOUND + value: "$(workspaces.source.bound)" + - name: WORKSPACES_SOURCE_PATH + value: "$(workspaces.source.path)" + - name: WORKSPACES_DOCKERCONFIG_BOUND + value: "$(workspaces.dockerconfig.bound)" + - name: WORKSPACES_DOCKERCONFIG_PATH + value: "$(workspaces.dockerconfig.path)" + - name: RESULTS_IMAGE_URL_PATH + value: "$(results.IMAGE_URL.path)" + - name: RESULTS_IMAGE_DIGEST_PATH + value: "$(results.IMAGE_DIGEST.path)" + + steps: + - name: s2i-generate + image: registry.access.redhat.com/source-to-image/source-to-image-rhel8:v1.3.9-6 + workingDir: $(workspaces.source.path) + env: + - name: S2I_BUILDER_IMAGE + value: "image-registry.openshift-image-registry.svc:5000/openshift/golang:$(params.VERSION)" + script: | + set -e + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgV3JhcHBlciBhcm91bmQgImJ1aWxkYWggYnVkIiB0byBidWlsZCBhbmQgcHVzaCBhIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiBhIERvY2tlcmZpbGUuCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvYnVpbGRhaC1jb21tb24uc2giCgpmdW5jdGlvbiBfYnVpbGRhaCgpIHsKICAgIGJ1aWxkYWggXAogICAgICAgIC0tc3RvcmFnZS1kcml2ZXI9IiR7UEFSQU1TX1NUT1JBR0VfRFJJVkVSfSIgXAogICAgICAgIC0tdGxzLXZlcmlmeT0iJHtQQVJBTVNfVExTX1ZFUklGWX0iIFwKICAgICAgICAkeyp9Cn0KCiMKIyBQcmVwYXJlCiMKCiMgbWFraW5nIHN1cmUgdGhlIHJlcXVpcmVkIHdvcmtzcGFjZSAic291cmNlIiBpcyBib3VuZGVkLCB3aGljaCBtZWFucyBpdHMgdm9sdW1lIGlzIGN1cnJlbnRseSBtb3VudGVkCiMgYW5kIHJlYWR5IHRvIHVzZQpwaGFzZSAiSW5zcGVjdGluZyBzb3VyY2Ugd29ya3NwYWNlICcke1dPUktTUEFDRVNfU09VUkNFX1BBVEh9JyAoUFdEPScke1BXRH0nKSIKW1sgIiR7V09SS1NQQUNFU19TT1VSQ0VfQk9VTkR9IiAhPSAidHJ1ZSIgXV0gJiYKICAgIGZhaWwgIldvcmtzcGFjZSAnc291cmNlJyBpcyBub3QgYm91bmRlZCIKCnBoYXNlICJBc3NlcnRpbmcgdGhlIGRvY2tlcmZpbGUvY29udGFpbmVyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyBleGlzdHMiCltbICEgLWYgIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgIkRvY2tlcmZpbGUgbm90IGZvdW5kIGF0OiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJDT05URVhUIHBhcmFtIGlzIG5vdCBmb3VuZCBhdCAnJHtQQVJBTVNfQ09OVEVYVH0nLCBvbiBzb3VyY2Ugd29ya3NwYWNlIgoKcGhhc2UgIkJ1aWxkaW5nIGJ1aWxkIGFyZ3MiCkJVSUxEX0FSR1M9KCkKZm9yIGJ1aWxkYXJnIGluICIkQCI7IGRvCiAgICBCVUlMRF9BUkdTKz0oIi0tYnVpbGQtYXJnPSRidWlsZGFyZyIpCmRvbmUKCiMgSGFuZGxlIG9wdGlvbmFsIGRvY2tlcmNvbmZpZyBzZWNyZXQKaWYgW1sgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfQk9VTkR9IiA9PSAidHJ1ZSIgXV07IHRoZW4KCiAgICAjIGlmIGNvbmZpZy5qc29uIGV4aXN0cyBhdCB3b3Jrc3BhY2Ugcm9vdCwgd2UgdXNlIHRoYXQKICAgIGlmIHRlc3QgLWYgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0vY29uZmlnLmpzb24iOyB0aGVuCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0iCgogICAgICAgICMgZWxzZSB3ZSBsb29rIGZvciAuZG9ja2VyY29uZmlnanNvbiBhdCB0aGUgcm9vdAogICAgZWxpZiB0ZXN0IC1mICIke1dPUktTUEFDRVNfRE9DS0VSQ09ORklHX1BBVEh9Ly5kb2NrZXJjb25maWdqc29uIjsgdGhlbgogICAgICAgICMgZW5zdXJlIC5kb2NrZXIgZXhpc3QgYmVmb3JlIHRoZSBjb3B5aW5nIHRoZSBjb250ZW50CiAgICAgICAgaWYgWyAhIC1kICIkSE9NRS8uZG9ja2VyIiBdOyB0aGVuCiAgICAgICAgICAgbWtkaXIgLXAgIiRIT01FLy5kb2NrZXIiCiAgICAgICAgZmkKICAgICAgICBjcCAiJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIfS8uZG9ja2VyY29uZmlnanNvbiIgIiRIT01FLy5kb2NrZXIvY29uZmlnLmpzb24iCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiRIT01FLy5kb2NrZXIiCgogICAgICAgICMgbmVlZCB0byBlcnJvciBvdXQgaWYgbmVpdGhlciBmaWxlcyBhcmUgcHJlc2VudAogICAgZWxzZQogICAgICAgIGVjaG8gIm5laXRoZXIgJ2NvbmZpZy5qc29uJyBub3IgJy5kb2NrZXJjb25maWdqc29uJyBmb3VuZCBhdCB3b3Jrc3BhY2Ugcm9vdCIKICAgICAgICBleGl0IDEKICAgIGZpCmZpCgpFTlRJVExFTUVOVF9WT0xVTUU9IiIKaWYgW1sgIiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX0JPVU5EfSIgPT0gInRydWUiIF1dOyB0aGVuCiAgICBFTlRJVExFTUVOVF9WT0xVTUU9Ii0tdm9sdW1lICR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEh9Oi9ldGMvcGtpL2VudGl0bGVtZW50IgpmaQoKIwojIEJ1aWxkCiMKCnBoYXNlICJCdWlsZGluZyAnJHtQQVJBTVNfSU1BR0V9JyBiYXNlZCBvbiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCltbIC1uICIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX0JVSUxEX0VYVFJBX0FSR1N9JyIKCl9idWlsZGFoIGJ1ZCAke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSBcCiAgICAkRU5USVRMRU1FTlRfVk9MVU1FIFwKICAgICIke0JVSUxEX0FSR1NbQF19IiBcCiAgICAtLWZpbGU9IiR7RE9DS0VSRklMRV9GVUxMfSIgXAogICAgLS10YWc9IiR7UEFSQU1TX0lNQUdFfSIgXAogICAgIiR7UEFSQU1TX0NPTlRFWFR9IgoKaWYgW1sgIiR7UEFSQU1TX1NLSVBfUFVTSH0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgcGhhc2UgIlNraXBwaW5nIHB1c2hpbmcgJyR7UEFSQU1TX0lNQUdFfScgdG8gdGhlIGNvbnRhaW5lciByZWdpc3RyeSEiCiAgICBleGl0IDAKZmkKCiMKIyBQdXNoCiMKCnBoYXNlICJQdXNoaW5nICcke1BBUkFNU19JTUFHRX0nIHRvIHRoZSBjb250YWluZXIgcmVnaXN0cnkiCgpbWyAtbiAiJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX1BVU0hfRVhUUkFfQVJHU30nIgoKIyB0ZW1wb3JhcnkgZmlsZSB0byBzdG9yZSB0aGUgaW1hZ2UgZGlnZXN0LCBpbmZvcm1hdGlvbiBvbmx5IG9idGFpbmVkIGFmdGVyIHB1c2hpbmcgdGhlIGltYWdlIHRvIHRoZQojIGNvbnRhaW5lciByZWdpc3RyeQpkZWNsYXJlIC1yIGRpZ2VzdF9maWxlPSIvdG1wL2J1aWxkYWgtZGlnZXN0LnR4dCIKCl9idWlsZGFoIHB1c2ggJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSBcCiAgICAtLWRpZ2VzdGZpbGU9IiR7ZGlnZXN0X2ZpbGV9IiBcCiAgICAiJHtQQVJBTVNfSU1BR0V9IiBcCiAgICAiZG9ja2VyOi8vJHtQQVJBTVNfSU1BR0V9IgoKIwojIFJlc3VsdHMKIwoKcGhhc2UgIkluc3BlY3RpbmcgZGlnZXN0IHJlcG9ydCAoJyR7ZGlnZXN0X2ZpbGV9JykiCgpbWyAhIC1yICIke2RpZ2VzdF9maWxlfSIgXV0gJiYKICAgIGZhaWwgIlVuYWJsZSB0byBmaW5kIGRpZ2VzdC1maWxlIGF0ICcke2RpZ2VzdF9maWxlfSciCgpkZWNsYXJlIC1yIGRpZ2VzdF9zdW09IiQoY2F0ICR7ZGlnZXN0X2ZpbGV9KSIKCltbIC16ICIke2RpZ2VzdF9zdW19IiBdXSAmJgogICAgZmFpbCAiRGlnZXN0IGZpbGUgJyR7ZGlnZXN0X2ZpbGV9JyBpcyBlbXB0eSEiCgpwaGFzZSAiU3VjY2Vzc2Z1bHkgYnVpbHQgY29udGFpbmVyIGltYWdlICcke1BBUkFNU19JTUFHRX0nICgnJHtkaWdlc3Rfc3VtfScpIgplY2hvIC1uICIke1BBUkFNU19JTUFHRX0iIHwgdGVlICR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSH0KZWNobyAtbiAiJHtkaWdlc3Rfc3VtfSIgfCB0ZWUgJHtSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIfQo=" |base64 -d >"/scripts/buildah-bud.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKZGVjbGFyZSAtcnggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKZGVjbGFyZSAtcnggUEFSQU1TX0RPQ0tFUkZJTEU9IiR7UEFSQU1TX0RPQ0tFUkZJTEU6LX0iCmRlY2xhcmUgLXggUEFSQU1TX0NPTlRFWFQ9IiR7UEFSQU1TX0NPTlRFWFQ6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TVE9SQUdFX0RSSVZFUj0iJHtQQVJBTVNfU1RPUkFHRV9EUklWRVI6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19CVUlMRF9FWFRSQV9BUkdTPSIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTOi19IgpkZWNsYXJlIC1yeCBQQVJBTVNfUFVTSF9FWFRSQV9BUkdTPSIke1BBUkFNU19QVVNIX0VYVFJBX0FSR1M6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TS0lQX1BVU0g9IiR7UEFSQU1TX1NLSVBfUFVTSDotfSIKZGVjbGFyZSAtcnggUEFSQU1TX1RMU19WRVJJRlk9IiR7UEFSQU1TX1RMU19WRVJJRlk6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19WRVJCT1NFPSIke1BBUkFNU19WRVJCT1NFOi19IgoKZGVjbGFyZSAtcnggV09SS1NQQUNFU19TT1VSQ0VfUEFUSD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg9IiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFdPUktTUEFDRVNfUkhFTF9FTlRJVExFTUVOVF9CT1VORD0iJHtXT1JLU1BBQ0VTX1JIRUxfRU5USVRMRU1FTlRfQk9VTkQ6LX0iCgpkZWNsYXJlIC1yeCBSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIPSIke1JFU1VMVFNfSU1BR0VfRElHRVNUX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFJFU1VMVFNfSU1BR0VfVVJMX1BBVEg9IiR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSDotfSIKCiMKIyBEb2NrZXJmaWxlCiMKCiMgZXhwb3NpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUsIHdoaWNoIGJ5IGRlZmF1bHQgc2hvdWxkIGJlIHJlbGF0aXZlIHRvIHRoZSBwcmltYXJ5CiMgd29ya3NwYWNlLCB0byByZWNlaXZlIGEgZGlmZmVyZW50IGNvbnRhaW5lci1maWxlIGxvY2F0aW9uCmRlY2xhcmUgLXIgZG9ja2VyZmlsZV9vbl93cz0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19ET0NLRVJGSUxFfSIKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7RE9DS0VSRklMRV9GVUxMOi0ke2RvY2tlcmZpbGVfb25fd3N9fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKW1sgLXogIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgInVuYWJsZSB0byBmaW5kIHRoZSBEb2NrZXJmaWxlLCBET0NLRVJGSUxFIG1heSBoYXZlIGFuIGluY29ycmVjdCBsb2NhdGlvbiIKCmV4cG9ydGVkX29yX2ZhaWwgXAogICAgV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBcCiAgICBQQVJBTVNfSU1BR0UKCiMKIyBWZXJib3NlIE91dHB1dAojCgppZiBbWyAiJHtQQVJBTVNfVkVSQk9TRX0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgc2V0IC14CmZpCg==" |base64 -d >"/scripts/buildah-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + ls /scripts/buildah-*.sh; + chmod +x /scripts/buildah-*.sh; + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVXNlcyB0aGUgRG9ja2VyZmlsZSBnZW5lcmF0ZWQgYnkgczJpIHRvIGFzc2VtYmxlIGEgbmV3IGNvbnRhaW5lciBpbWFnZSB1c2luZyBidWlsZGFoLgojCgpzaG9wdCAtcyBpbmhlcml0X2VycmV4aXQKc2V0IC1ldSAtbyBwaXBlZmFpbAoKZGVjbGFyZSAtciBjdXJfZGlyPSIkKGRpcm5hbWUgJHtCQVNIX1NPVVJDRVswXX0pIgoKc291cmNlICIke2N1cl9kaXJ9L2NvbW1vbi5zaCIKc291cmNlICIke2N1cl9kaXJ9L3MyaS1jb21tb24uc2giCgojIGxvYWRpbmcgYnVpbGRhaCBzZXR0aW5ncyBvdmVyd3JpdHRpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7UzJJX0RPQ0tFUkZJTEV9Igpzb3VyY2UgIiR7Y3VyX2Rpcn0vYnVpbGRhaC1jb21tb24uc2giCgpwaGFzZSAiQ2hhbmdpbmcgJFBBUkFNU19DT05URVhUIHRvIHBvaW50IHRvIHByZXNlbnQgd29ya2luZyBkaXJlY3RvcnkiCltbICIkUEFSQU1TX0NPTlRFWFQiICE9ICIuIiBdXSAmJiAKICAgIFBBUkFNU19DT05URVhUPSIuIgoKcGhhc2UgIkluc3BlY3RpbmcgY29udGV4dCAnJHtQQVJBTVNfQ09OVEVYVH0nIgpbWyAhIC1kICIke1BBUkFNU19DT05URVhUfSIgXV0gJiYKICAgIGZhaWwgIkFwcGxpY2F0aW9uIHNvdXJjZSBjb2RlIGRpcmVjdG9yeSBub3QgZm91bmQgYXQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKCnBoYXNlICJCdWlsZGluZyB0aGUgRG9ja2VyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyB3aXRoIGJ1aWxkYWgiCmV4ZWMgJHtjdXJfZGlyfS9idWlsZGFoLWJ1ZC5zaAo=" |base64 -d >"/scripts/s2i-build.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0YXJnZXQgaW1hZ2UgbmFtZSAoZnVsbHkgcXVhbGlmaWVkKSB0byBiZSBidWlsZCB3aXRoIHMyaSwgcmVkZWNsYXJpbmcgdGhlIHNhbWUgcGFyYW1ldGVyIG5hbWUgdGhhbgojIGJ1aWxkYWggdGFzayB1c2VzCmRlY2xhcmUgLXggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKIyBTcGVjaWZ5IGEgVVJMIGNvbnRhaW5pbmcgdGhlIGRlZmF1bHQgYXNzZW1ibGUgYW5kIHJ1biBzY3JpcHRzIGZvciB0aGUgYnVpbGRlciBpbWFnZQpkZWNsYXJlIC1yeCBQQVJBTVNfSU1BR0VfU0NSSVBUU19VUkw9IiR7UEFSQU1TX0lNQUdFX1NDUklQVFNfVVJMOi19IgoKIyB2b2x1bWUgbW91bnQgb3IgZGlyZWN0b3J5IHJlc3BvbnNpYmxlIGZvciBob2xkaW5nIGZpbGVzIAojIGxpa2UgZW52LCBEb2NrZXJmaWxlIGFuZCBhbnkgb3RoZXJzIG5lZWRlZCB0byBzdXBwb3J0IHMyaQpkZWNsYXJlIC1yeCBTMklfR0VORVJBVEVfRElSRUNUT1JZPSIke1MySV9HRU5FUkFURV9ESVJFQ1RPUlk6LS9zMmktZ2VuZXJhdGV9IgoKIyBmdWxsIHBhdGggdG8gdGhlIGNvbnRhaW5lciBmaWxlIGdlbmVyYXRlZCBieSBzMmkKZGVjbGFyZSAtcnggUzJJX0RPQ0tFUkZJTEU9IiR7UzJJX0RPQ0tFUkZJTEU6LSR7UzJJX0dFTkVSQVRFX0RJUkVDVE9SWX0vRG9ja2VyZmlsZS5nZW59IgoKIyBmdWxsIHBhdGggdG8gdGhlIGVudiBmaWxlIHVzZWQgd2l0aCB0aGUgLS1lbnZpcm9ubWVudC1maWxlIHBhcmFtZXRlciBvZiBzMmkKZGVjbGFyZSAtcnggUzJJX0VOVklST05NRU5UX0ZJTEU9IiR7UzJJX0VOVklST05NRU5UX0ZJTEU6LSR7UzJJX0dFTkVSQVRFX0RJUkVDVE9SWX0vZW52fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKZXhwb3J0ZWRfb3JfZmFpbCBcCiAgICBXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIIFwKICAgIFBBUkFNU19JTUFHRQoKIwojIFZlcmJvc2UgT3V0cHV0CiMKCmRlY2xhcmUgLXggUzJJX0xPR0xFVkVMPSIwIgoKaWYgW1sgIiR7UEFSQU1TX1ZFUkJPU0V9IiA9PSAidHJ1ZSIgXV07IHRoZW4KICAgIFMySV9MT0dMRVZFTD0iMiIKICAgIHNldCAteApmaQo=" |base64 -d >"/scripts/s2i-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVXNlcyBzMmkgdG8gZ2VuZXJhdGUgdGhlIHJlcGVzY3RpdmUgQ29udGFpbmVyZmlsZSBiYXNlZCBvbiB0aGUgaW5mb21yZWQgYnVpbGRlci4gVGhlIENvbnRhaW5lcmZpbGUKIyBpcyBzdG9yZWQgb24gYSB0ZW1wb3JhcnkgbG9jYXRpb24uCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvczJpLWNvbW1vbi5zaCIKCiMgczJpIGJ1aWxkZXIgaW1hZ2UgbmFtZSAoZnVsbHkgcXVhbGlmaWVkKQpkZWNsYXJlIC1yeCBTMklfQlVJTERFUl9JTUFHRT0iJHtTMklfQlVJTERFUl9JTUFHRTotfSIKCiMgdGFrZXMgdGhlIHZhbHVlcyBpbiBhcmd1bWVudCBFTlZfVkFSUyBhbmQgY3JlYXRlcyBhbiBhcnJheSB1c2luZyB0aG9zZSB2YWx1ZXMKZGVjbGFyZSAtcmEgRU5WX1ZBUlM9KCR7QH0pCgojIHJlLXVzaW5nIHRoZSBzYW1lIHBhcmFtZXRlcnMgdGhhbiBidWlsZGFoLCBzMmkgbmVlZHMgYnVpbGRhaCBhYmlsaXRpZXMgdG8gY3JlYXRlIHRoZSBmaW5hbAojIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiB3aGF0IHMyaSBnZW5lcmF0ZXMKc291cmNlICIkKGRpcm5hbWUgJHtCQVNIX1NPVVJDRVswXX0pL2J1aWxkYWgtY29tbW9uLnNoIgoKIwojIFByZXBhcmUKIwoKIyBtYWtpbmcgc3VyZSB0aGUgcmVxdWlyZWQgd29ya3NwYWNlICJzb3VyY2UiIGlzIGJvdW5kZWQsIHdoaWNoIG1lYW5zIGl0cyB2b2x1bWUgaXMgY3VycmVudGx5IG1vdW50ZWQKIyBhbmQgcmVhZHkgdG8gdXNlCnBoYXNlICJJbnNwZWN0aW5nIHNvdXJjZSB3b3Jrc3BhY2UgJyR7V09SS1NQQUNFU19TT1VSQ0VfUEFUSH0nIChQV0Q9JyR7UFdEfScpIgpbWyAiJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORH0iICE9ICJ0cnVlIiBdXSAmJgogICAgZmFpbCAiV29ya3NwYWNlICdzb3VyY2UnIGlzIG5vdCBib3VuZGVkIgoKcGhhc2UgIkFwcGVuZGluZyAkUEFSQU1TX0NPTlRFWFQgd2l0aCAkV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBpZiBpdCdzIHJlbGF0aXZlIgpbWyAiJFBBUkFNU19DT05URVhUIiAhPSAiLiIgJiYgIiRQQVJBTVNfQ09OVEVYVCIgIT0gLyogXV0gJiYgCiAgICBQQVJBTVNfQ09OVEVYVD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19DT05URVhUfSIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJBcHBsaWNhdGlvbiBzb3VyY2UgY29kZSBkaXJlY3Rvcnkgbm90IGZvdW5kIGF0ICcke1BBUkFNU19DT05URVhUfSciCgpwaGFzZSAiQWRkaW5nIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdG8gJyR7UzJJX0VOVklST05NRU5UX0ZJTEV9JyIKCiMgYWRkIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdGhhdCBhcmUgc2VudCBhcyBjb21tYW5kIGxpbmUgYXJndW1lbnRzIGZyb20gRU5WX1ZBUlMgcGFyYW1ldGVyCnRvdWNoICIke1MySV9FTlZJUk9OTUVOVF9GSUxFfSIKaWYgWyAkeyNFTlZfVkFSU1tAXX0gLWd0IDAgXTsgdGhlbgogICAgZm9yIGVudl92YXIgaW4gIiR7RU5WX1ZBUlNbQF19IjsgZG8KICAgICAgICBlY2hvICIke2Vudl92YXJ9IiA+PiAiJHtTMklfRU5WSVJPTk1FTlRfRklMRX0iCiAgICBkb25lCmZpCgojCiMgUzJJIEdlbmVyYXRlCiMKCnBoYXNlICJHZW5lcmF0aW5nIHRoZSBEb2NrZXJmaWxlIGZvciBTMkkgYnVpbGRlciBpbWFnZSAnJHtTMklfQlVJTERFUl9JTUFHRX0nIgpzMmkgLS1sb2dsZXZlbCAiJHtTMklfTE9HTEVWRUx9IiBcCiAgICBidWlsZCAiJHtQQVJBTVNfQ09OVEVYVH0iICIke1MySV9CVUlMREVSX0lNQUdFfSIgXAogICAgICAgIC0taW1hZ2Utc2NyaXB0cy11cmwgIiR7UEFSQU1TX0lNQUdFX1NDUklQVFNfVVJMfSIgXAogICAgICAgIC0tYXMtZG9ja2VyZmlsZSAiJHtTMklfRE9DS0VSRklMRX0iIFwKICAgICAgICAtLWVudmlyb25tZW50LWZpbGUgIiR7UzJJX0VOVklST05NRU5UX0ZJTEV9IgoKcGhhc2UgIkluc3BlY3RpbmcgdGhlIERvY2tlcmZpbGUgZ2VuZXJhdGVkIGF0ICcke1MySV9ET0NLRVJGSUxFfSciCltbICEgLWYgIiR7UzJJX0RPQ0tFUkZJTEV9IiBdXSAmJgogICAgZmFpbCAiR2VuZXJhdGVkIERvY2tlcmZpbGUgaXMgbm90IGZvdW5kISIKCnNldCAreApwaGFzZSAiR2VuZXJhdGVkIERvY2tlcmZpbGUgcGF5bG9hZCIKZWNobyAtZW4gIj4+PiAke1MySV9ET0NLRVJGSUxFfVxuJChjYXQgJHtTMklfRE9DS0VSRklMRX0pXG48PDwgRU9GXG4iCg==" |base64 -d >"/scripts/s2i-generate.sh" + ls /scripts/s2i-*.sh; + chmod +x /scripts/s2i-*.sh;echo "Running Script /scripts/s2i-generate.sh"; + /scripts/s2i-generate.sh; + args: + - "$(params.ENV_VARS[*])" + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: s2i-generate-dir + mountPath: /s2i-generate + + - name: s2i-build + image: registry.access.redhat.com/ubi8/buildah:8.10-5 + workingDir: /s2i-generate + command: + - /scripts/s2i-build.sh + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: s2i-generate-dir + mountPath: /s2i-generate + + volumes: + - name: scripts-dir + emptyDir: {} + - name: s2i-generate-dir + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-s2i-java/task-s2i-java-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-s2i-java/task-s2i-java-task.yaml new file mode 100644 index 0000000000..b4b0ba2715 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-s2i-java/task-s2i-java-task.yaml @@ -0,0 +1,197 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-s2i-java/0.4.1/task-s2i-java.yaml +# +--- +--- +# Source: task-containers/templates/task-s2i-java.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: s2i-java + labels: + app.kubernetes.io/version: 0.4.1 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-containers" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/categories: containers + tekton.dev/pipelines.minVersion: 0.41.0 + tekton.dev/tags: containers +spec: + description: | + Builds the source code using the s2i's Java builder-image + "image-registry.openshift-image-registry.svc:5000/openshift/java". + + + workspaces: + - name: source + optional: false + description: | + Application source code, the build context for S2I workflow. + - name: dockerconfig + optional: true + description: >- + An optional workspace that allows providing a .docker/config.json file for Buildah to access the container registry. + The file should be placed at the root of the Workspace with name config.json. + + params: + - name: IMAGE + type: string + description: | + Fully qualified container image name to be built by s2i. + - name: VERSION + description: The tag of the imagestream for the corresponding language version + default: latest + type: string + - name: IMAGE_SCRIPTS_URL + type: string + default: image:///usr/libexec/s2i + description: | + Specify a URL containing the default assemble and run scripts for the builder image + - name: ENV_VARS + type: array + default: [] + description: | + Array containing string of Environment Variables as "KEY=VALUE" + - name: CONTEXT + type: string + default: "." + description: | + Path to the directory to use as context. + - name: STORAGE_DRIVER + type: string + default: vfs + description: | + Set buildah storage driver to reflect the currrent cluster node's + settings. + - name: FORMAT + description: The format of the built container, oci or docker + default: "oci" + - name: BUILD_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the build command when building images. + - name: PUSH_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the push command when pushing images. + - name: SKIP_PUSH + default: "false" + description: | + Skip pushing the image to the container registry. + - name: TLS_VERIFY + type: string + default: "true" + description: | + Sets the TLS verification flag, `true` is recommended. + - name: VERBOSE + type: string + default: "false" + description: | + Turns on verbose logging, all commands executed will be printed out. + + results: + - name: IMAGE_URL + description: | + Fully qualified image name. + - name: IMAGE_DIGEST + description: | + Digest of the image just built. + + stepTemplate: + env: + + - name: PARAMS_IMAGE + value: "$(params.IMAGE)" + - name: PARAMS_VERSION + value: "$(params.VERSION)" + - name: PARAMS_IMAGE_SCRIPTS_URL + value: "$(params.IMAGE_SCRIPTS_URL)" + - name: PARAMS_CONTEXT + value: "$(params.CONTEXT)" + - name: PARAMS_FORMAT + value: "$(params.FORMAT)" + - name: PARAMS_STORAGE_DRIVER + value: "$(params.STORAGE_DRIVER)" + - name: PARAMS_BUILD_EXTRA_ARGS + value: "$(params.BUILD_EXTRA_ARGS)" + - name: PARAMS_PUSH_EXTRA_ARGS + value: "$(params.PUSH_EXTRA_ARGS)" + - name: PARAMS_SKIP_PUSH + value: "$(params.SKIP_PUSH)" + - name: PARAMS_TLS_VERIFY + value: "$(params.TLS_VERIFY)" + - name: PARAMS_VERBOSE + value: "$(params.VERBOSE)" + - name: WORKSPACES_SOURCE_BOUND + value: "$(workspaces.source.bound)" + - name: WORKSPACES_SOURCE_PATH + value: "$(workspaces.source.path)" + - name: WORKSPACES_DOCKERCONFIG_BOUND + value: "$(workspaces.dockerconfig.bound)" + - name: WORKSPACES_DOCKERCONFIG_PATH + value: "$(workspaces.dockerconfig.path)" + - name: RESULTS_IMAGE_URL_PATH + value: "$(results.IMAGE_URL.path)" + - name: RESULTS_IMAGE_DIGEST_PATH + value: "$(results.IMAGE_DIGEST.path)" + + steps: + - name: s2i-generate + image: registry.access.redhat.com/source-to-image/source-to-image-rhel8:v1.3.9-6 + workingDir: $(workspaces.source.path) + env: + - name: S2I_BUILDER_IMAGE + value: "image-registry.openshift-image-registry.svc:5000/openshift/java:$(params.VERSION)" + script: | + set -e + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgV3JhcHBlciBhcm91bmQgImJ1aWxkYWggYnVkIiB0byBidWlsZCBhbmQgcHVzaCBhIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiBhIERvY2tlcmZpbGUuCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvYnVpbGRhaC1jb21tb24uc2giCgpmdW5jdGlvbiBfYnVpbGRhaCgpIHsKICAgIGJ1aWxkYWggXAogICAgICAgIC0tc3RvcmFnZS1kcml2ZXI9IiR7UEFSQU1TX1NUT1JBR0VfRFJJVkVSfSIgXAogICAgICAgIC0tdGxzLXZlcmlmeT0iJHtQQVJBTVNfVExTX1ZFUklGWX0iIFwKICAgICAgICAkeyp9Cn0KCiMKIyBQcmVwYXJlCiMKCiMgbWFraW5nIHN1cmUgdGhlIHJlcXVpcmVkIHdvcmtzcGFjZSAic291cmNlIiBpcyBib3VuZGVkLCB3aGljaCBtZWFucyBpdHMgdm9sdW1lIGlzIGN1cnJlbnRseSBtb3VudGVkCiMgYW5kIHJlYWR5IHRvIHVzZQpwaGFzZSAiSW5zcGVjdGluZyBzb3VyY2Ugd29ya3NwYWNlICcke1dPUktTUEFDRVNfU09VUkNFX1BBVEh9JyAoUFdEPScke1BXRH0nKSIKW1sgIiR7V09SS1NQQUNFU19TT1VSQ0VfQk9VTkR9IiAhPSAidHJ1ZSIgXV0gJiYKICAgIGZhaWwgIldvcmtzcGFjZSAnc291cmNlJyBpcyBub3QgYm91bmRlZCIKCnBoYXNlICJBc3NlcnRpbmcgdGhlIGRvY2tlcmZpbGUvY29udGFpbmVyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyBleGlzdHMiCltbICEgLWYgIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgIkRvY2tlcmZpbGUgbm90IGZvdW5kIGF0OiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJDT05URVhUIHBhcmFtIGlzIG5vdCBmb3VuZCBhdCAnJHtQQVJBTVNfQ09OVEVYVH0nLCBvbiBzb3VyY2Ugd29ya3NwYWNlIgoKcGhhc2UgIkJ1aWxkaW5nIGJ1aWxkIGFyZ3MiCkJVSUxEX0FSR1M9KCkKZm9yIGJ1aWxkYXJnIGluICIkQCI7IGRvCiAgICBCVUlMRF9BUkdTKz0oIi0tYnVpbGQtYXJnPSRidWlsZGFyZyIpCmRvbmUKCiMgSGFuZGxlIG9wdGlvbmFsIGRvY2tlcmNvbmZpZyBzZWNyZXQKaWYgW1sgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfQk9VTkR9IiA9PSAidHJ1ZSIgXV07IHRoZW4KCiAgICAjIGlmIGNvbmZpZy5qc29uIGV4aXN0cyBhdCB3b3Jrc3BhY2Ugcm9vdCwgd2UgdXNlIHRoYXQKICAgIGlmIHRlc3QgLWYgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0vY29uZmlnLmpzb24iOyB0aGVuCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0iCgogICAgICAgICMgZWxzZSB3ZSBsb29rIGZvciAuZG9ja2VyY29uZmlnanNvbiBhdCB0aGUgcm9vdAogICAgZWxpZiB0ZXN0IC1mICIke1dPUktTUEFDRVNfRE9DS0VSQ09ORklHX1BBVEh9Ly5kb2NrZXJjb25maWdqc29uIjsgdGhlbgogICAgICAgICMgZW5zdXJlIC5kb2NrZXIgZXhpc3QgYmVmb3JlIHRoZSBjb3B5aW5nIHRoZSBjb250ZW50CiAgICAgICAgaWYgWyAhIC1kICIkSE9NRS8uZG9ja2VyIiBdOyB0aGVuCiAgICAgICAgICAgbWtkaXIgLXAgIiRIT01FLy5kb2NrZXIiCiAgICAgICAgZmkKICAgICAgICBjcCAiJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIfS8uZG9ja2VyY29uZmlnanNvbiIgIiRIT01FLy5kb2NrZXIvY29uZmlnLmpzb24iCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiRIT01FLy5kb2NrZXIiCgogICAgICAgICMgbmVlZCB0byBlcnJvciBvdXQgaWYgbmVpdGhlciBmaWxlcyBhcmUgcHJlc2VudAogICAgZWxzZQogICAgICAgIGVjaG8gIm5laXRoZXIgJ2NvbmZpZy5qc29uJyBub3IgJy5kb2NrZXJjb25maWdqc29uJyBmb3VuZCBhdCB3b3Jrc3BhY2Ugcm9vdCIKICAgICAgICBleGl0IDEKICAgIGZpCmZpCgpFTlRJVExFTUVOVF9WT0xVTUU9IiIKaWYgW1sgIiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX0JPVU5EfSIgPT0gInRydWUiIF1dOyB0aGVuCiAgICBFTlRJVExFTUVOVF9WT0xVTUU9Ii0tdm9sdW1lICR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEh9Oi9ldGMvcGtpL2VudGl0bGVtZW50IgpmaQoKIwojIEJ1aWxkCiMKCnBoYXNlICJCdWlsZGluZyAnJHtQQVJBTVNfSU1BR0V9JyBiYXNlZCBvbiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCltbIC1uICIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX0JVSUxEX0VYVFJBX0FSR1N9JyIKCl9idWlsZGFoIGJ1ZCAke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSBcCiAgICAkRU5USVRMRU1FTlRfVk9MVU1FIFwKICAgICIke0JVSUxEX0FSR1NbQF19IiBcCiAgICAtLWZpbGU9IiR7RE9DS0VSRklMRV9GVUxMfSIgXAogICAgLS10YWc9IiR7UEFSQU1TX0lNQUdFfSIgXAogICAgIiR7UEFSQU1TX0NPTlRFWFR9IgoKaWYgW1sgIiR7UEFSQU1TX1NLSVBfUFVTSH0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgcGhhc2UgIlNraXBwaW5nIHB1c2hpbmcgJyR7UEFSQU1TX0lNQUdFfScgdG8gdGhlIGNvbnRhaW5lciByZWdpc3RyeSEiCiAgICBleGl0IDAKZmkKCiMKIyBQdXNoCiMKCnBoYXNlICJQdXNoaW5nICcke1BBUkFNU19JTUFHRX0nIHRvIHRoZSBjb250YWluZXIgcmVnaXN0cnkiCgpbWyAtbiAiJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX1BVU0hfRVhUUkFfQVJHU30nIgoKIyB0ZW1wb3JhcnkgZmlsZSB0byBzdG9yZSB0aGUgaW1hZ2UgZGlnZXN0LCBpbmZvcm1hdGlvbiBvbmx5IG9idGFpbmVkIGFmdGVyIHB1c2hpbmcgdGhlIGltYWdlIHRvIHRoZQojIGNvbnRhaW5lciByZWdpc3RyeQpkZWNsYXJlIC1yIGRpZ2VzdF9maWxlPSIvdG1wL2J1aWxkYWgtZGlnZXN0LnR4dCIKCl9idWlsZGFoIHB1c2ggJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSBcCiAgICAtLWRpZ2VzdGZpbGU9IiR7ZGlnZXN0X2ZpbGV9IiBcCiAgICAiJHtQQVJBTVNfSU1BR0V9IiBcCiAgICAiZG9ja2VyOi8vJHtQQVJBTVNfSU1BR0V9IgoKIwojIFJlc3VsdHMKIwoKcGhhc2UgIkluc3BlY3RpbmcgZGlnZXN0IHJlcG9ydCAoJyR7ZGlnZXN0X2ZpbGV9JykiCgpbWyAhIC1yICIke2RpZ2VzdF9maWxlfSIgXV0gJiYKICAgIGZhaWwgIlVuYWJsZSB0byBmaW5kIGRpZ2VzdC1maWxlIGF0ICcke2RpZ2VzdF9maWxlfSciCgpkZWNsYXJlIC1yIGRpZ2VzdF9zdW09IiQoY2F0ICR7ZGlnZXN0X2ZpbGV9KSIKCltbIC16ICIke2RpZ2VzdF9zdW19IiBdXSAmJgogICAgZmFpbCAiRGlnZXN0IGZpbGUgJyR7ZGlnZXN0X2ZpbGV9JyBpcyBlbXB0eSEiCgpwaGFzZSAiU3VjY2Vzc2Z1bHkgYnVpbHQgY29udGFpbmVyIGltYWdlICcke1BBUkFNU19JTUFHRX0nICgnJHtkaWdlc3Rfc3VtfScpIgplY2hvIC1uICIke1BBUkFNU19JTUFHRX0iIHwgdGVlICR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSH0KZWNobyAtbiAiJHtkaWdlc3Rfc3VtfSIgfCB0ZWUgJHtSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIfQo=" |base64 -d >"/scripts/buildah-bud.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKZGVjbGFyZSAtcnggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKZGVjbGFyZSAtcnggUEFSQU1TX0RPQ0tFUkZJTEU9IiR7UEFSQU1TX0RPQ0tFUkZJTEU6LX0iCmRlY2xhcmUgLXggUEFSQU1TX0NPTlRFWFQ9IiR7UEFSQU1TX0NPTlRFWFQ6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TVE9SQUdFX0RSSVZFUj0iJHtQQVJBTVNfU1RPUkFHRV9EUklWRVI6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19CVUlMRF9FWFRSQV9BUkdTPSIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTOi19IgpkZWNsYXJlIC1yeCBQQVJBTVNfUFVTSF9FWFRSQV9BUkdTPSIke1BBUkFNU19QVVNIX0VYVFJBX0FSR1M6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TS0lQX1BVU0g9IiR7UEFSQU1TX1NLSVBfUFVTSDotfSIKZGVjbGFyZSAtcnggUEFSQU1TX1RMU19WRVJJRlk9IiR7UEFSQU1TX1RMU19WRVJJRlk6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19WRVJCT1NFPSIke1BBUkFNU19WRVJCT1NFOi19IgoKZGVjbGFyZSAtcnggV09SS1NQQUNFU19TT1VSQ0VfUEFUSD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg9IiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFdPUktTUEFDRVNfUkhFTF9FTlRJVExFTUVOVF9CT1VORD0iJHtXT1JLU1BBQ0VTX1JIRUxfRU5USVRMRU1FTlRfQk9VTkQ6LX0iCgpkZWNsYXJlIC1yeCBSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIPSIke1JFU1VMVFNfSU1BR0VfRElHRVNUX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFJFU1VMVFNfSU1BR0VfVVJMX1BBVEg9IiR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSDotfSIKCiMKIyBEb2NrZXJmaWxlCiMKCiMgZXhwb3NpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUsIHdoaWNoIGJ5IGRlZmF1bHQgc2hvdWxkIGJlIHJlbGF0aXZlIHRvIHRoZSBwcmltYXJ5CiMgd29ya3NwYWNlLCB0byByZWNlaXZlIGEgZGlmZmVyZW50IGNvbnRhaW5lci1maWxlIGxvY2F0aW9uCmRlY2xhcmUgLXIgZG9ja2VyZmlsZV9vbl93cz0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19ET0NLRVJGSUxFfSIKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7RE9DS0VSRklMRV9GVUxMOi0ke2RvY2tlcmZpbGVfb25fd3N9fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKW1sgLXogIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgInVuYWJsZSB0byBmaW5kIHRoZSBEb2NrZXJmaWxlLCBET0NLRVJGSUxFIG1heSBoYXZlIGFuIGluY29ycmVjdCBsb2NhdGlvbiIKCmV4cG9ydGVkX29yX2ZhaWwgXAogICAgV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBcCiAgICBQQVJBTVNfSU1BR0UKCiMKIyBWZXJib3NlIE91dHB1dAojCgppZiBbWyAiJHtQQVJBTVNfVkVSQk9TRX0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgc2V0IC14CmZpCg==" |base64 -d >"/scripts/buildah-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + ls /scripts/buildah-*.sh; + chmod +x /scripts/buildah-*.sh; + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVXNlcyB0aGUgRG9ja2VyZmlsZSBnZW5lcmF0ZWQgYnkgczJpIHRvIGFzc2VtYmxlIGEgbmV3IGNvbnRhaW5lciBpbWFnZSB1c2luZyBidWlsZGFoLgojCgpzaG9wdCAtcyBpbmhlcml0X2VycmV4aXQKc2V0IC1ldSAtbyBwaXBlZmFpbAoKZGVjbGFyZSAtciBjdXJfZGlyPSIkKGRpcm5hbWUgJHtCQVNIX1NPVVJDRVswXX0pIgoKc291cmNlICIke2N1cl9kaXJ9L2NvbW1vbi5zaCIKc291cmNlICIke2N1cl9kaXJ9L3MyaS1jb21tb24uc2giCgojIGxvYWRpbmcgYnVpbGRhaCBzZXR0aW5ncyBvdmVyd3JpdHRpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7UzJJX0RPQ0tFUkZJTEV9Igpzb3VyY2UgIiR7Y3VyX2Rpcn0vYnVpbGRhaC1jb21tb24uc2giCgpwaGFzZSAiQ2hhbmdpbmcgJFBBUkFNU19DT05URVhUIHRvIHBvaW50IHRvIHByZXNlbnQgd29ya2luZyBkaXJlY3RvcnkiCltbICIkUEFSQU1TX0NPTlRFWFQiICE9ICIuIiBdXSAmJiAKICAgIFBBUkFNU19DT05URVhUPSIuIgoKcGhhc2UgIkluc3BlY3RpbmcgY29udGV4dCAnJHtQQVJBTVNfQ09OVEVYVH0nIgpbWyAhIC1kICIke1BBUkFNU19DT05URVhUfSIgXV0gJiYKICAgIGZhaWwgIkFwcGxpY2F0aW9uIHNvdXJjZSBjb2RlIGRpcmVjdG9yeSBub3QgZm91bmQgYXQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKCnBoYXNlICJCdWlsZGluZyB0aGUgRG9ja2VyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyB3aXRoIGJ1aWxkYWgiCmV4ZWMgJHtjdXJfZGlyfS9idWlsZGFoLWJ1ZC5zaAo=" |base64 -d >"/scripts/s2i-build.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0YXJnZXQgaW1hZ2UgbmFtZSAoZnVsbHkgcXVhbGlmaWVkKSB0byBiZSBidWlsZCB3aXRoIHMyaSwgcmVkZWNsYXJpbmcgdGhlIHNhbWUgcGFyYW1ldGVyIG5hbWUgdGhhbgojIGJ1aWxkYWggdGFzayB1c2VzCmRlY2xhcmUgLXggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKIyBTcGVjaWZ5IGEgVVJMIGNvbnRhaW5pbmcgdGhlIGRlZmF1bHQgYXNzZW1ibGUgYW5kIHJ1biBzY3JpcHRzIGZvciB0aGUgYnVpbGRlciBpbWFnZQpkZWNsYXJlIC1yeCBQQVJBTVNfSU1BR0VfU0NSSVBUU19VUkw9IiR7UEFSQU1TX0lNQUdFX1NDUklQVFNfVVJMOi19IgoKIyB2b2x1bWUgbW91bnQgb3IgZGlyZWN0b3J5IHJlc3BvbnNpYmxlIGZvciBob2xkaW5nIGZpbGVzIAojIGxpa2UgZW52LCBEb2NrZXJmaWxlIGFuZCBhbnkgb3RoZXJzIG5lZWRlZCB0byBzdXBwb3J0IHMyaQpkZWNsYXJlIC1yeCBTMklfR0VORVJBVEVfRElSRUNUT1JZPSIke1MySV9HRU5FUkFURV9ESVJFQ1RPUlk6LS9zMmktZ2VuZXJhdGV9IgoKIyBmdWxsIHBhdGggdG8gdGhlIGNvbnRhaW5lciBmaWxlIGdlbmVyYXRlZCBieSBzMmkKZGVjbGFyZSAtcnggUzJJX0RPQ0tFUkZJTEU9IiR7UzJJX0RPQ0tFUkZJTEU6LSR7UzJJX0dFTkVSQVRFX0RJUkVDVE9SWX0vRG9ja2VyZmlsZS5nZW59IgoKIyBmdWxsIHBhdGggdG8gdGhlIGVudiBmaWxlIHVzZWQgd2l0aCB0aGUgLS1lbnZpcm9ubWVudC1maWxlIHBhcmFtZXRlciBvZiBzMmkKZGVjbGFyZSAtcnggUzJJX0VOVklST05NRU5UX0ZJTEU9IiR7UzJJX0VOVklST05NRU5UX0ZJTEU6LSR7UzJJX0dFTkVSQVRFX0RJUkVDVE9SWX0vZW52fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKZXhwb3J0ZWRfb3JfZmFpbCBcCiAgICBXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIIFwKICAgIFBBUkFNU19JTUFHRQoKIwojIFZlcmJvc2UgT3V0cHV0CiMKCmRlY2xhcmUgLXggUzJJX0xPR0xFVkVMPSIwIgoKaWYgW1sgIiR7UEFSQU1TX1ZFUkJPU0V9IiA9PSAidHJ1ZSIgXV07IHRoZW4KICAgIFMySV9MT0dMRVZFTD0iMiIKICAgIHNldCAteApmaQo=" |base64 -d >"/scripts/s2i-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVXNlcyBzMmkgdG8gZ2VuZXJhdGUgdGhlIHJlcGVzY3RpdmUgQ29udGFpbmVyZmlsZSBiYXNlZCBvbiB0aGUgaW5mb21yZWQgYnVpbGRlci4gVGhlIENvbnRhaW5lcmZpbGUKIyBpcyBzdG9yZWQgb24gYSB0ZW1wb3JhcnkgbG9jYXRpb24uCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvczJpLWNvbW1vbi5zaCIKCiMgczJpIGJ1aWxkZXIgaW1hZ2UgbmFtZSAoZnVsbHkgcXVhbGlmaWVkKQpkZWNsYXJlIC1yeCBTMklfQlVJTERFUl9JTUFHRT0iJHtTMklfQlVJTERFUl9JTUFHRTotfSIKCiMgdGFrZXMgdGhlIHZhbHVlcyBpbiBhcmd1bWVudCBFTlZfVkFSUyBhbmQgY3JlYXRlcyBhbiBhcnJheSB1c2luZyB0aG9zZSB2YWx1ZXMKZGVjbGFyZSAtcmEgRU5WX1ZBUlM9KCR7QH0pCgojIHJlLXVzaW5nIHRoZSBzYW1lIHBhcmFtZXRlcnMgdGhhbiBidWlsZGFoLCBzMmkgbmVlZHMgYnVpbGRhaCBhYmlsaXRpZXMgdG8gY3JlYXRlIHRoZSBmaW5hbAojIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiB3aGF0IHMyaSBnZW5lcmF0ZXMKc291cmNlICIkKGRpcm5hbWUgJHtCQVNIX1NPVVJDRVswXX0pL2J1aWxkYWgtY29tbW9uLnNoIgoKIwojIFByZXBhcmUKIwoKIyBtYWtpbmcgc3VyZSB0aGUgcmVxdWlyZWQgd29ya3NwYWNlICJzb3VyY2UiIGlzIGJvdW5kZWQsIHdoaWNoIG1lYW5zIGl0cyB2b2x1bWUgaXMgY3VycmVudGx5IG1vdW50ZWQKIyBhbmQgcmVhZHkgdG8gdXNlCnBoYXNlICJJbnNwZWN0aW5nIHNvdXJjZSB3b3Jrc3BhY2UgJyR7V09SS1NQQUNFU19TT1VSQ0VfUEFUSH0nIChQV0Q9JyR7UFdEfScpIgpbWyAiJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORH0iICE9ICJ0cnVlIiBdXSAmJgogICAgZmFpbCAiV29ya3NwYWNlICdzb3VyY2UnIGlzIG5vdCBib3VuZGVkIgoKcGhhc2UgIkFwcGVuZGluZyAkUEFSQU1TX0NPTlRFWFQgd2l0aCAkV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBpZiBpdCdzIHJlbGF0aXZlIgpbWyAiJFBBUkFNU19DT05URVhUIiAhPSAiLiIgJiYgIiRQQVJBTVNfQ09OVEVYVCIgIT0gLyogXV0gJiYgCiAgICBQQVJBTVNfQ09OVEVYVD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19DT05URVhUfSIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJBcHBsaWNhdGlvbiBzb3VyY2UgY29kZSBkaXJlY3Rvcnkgbm90IGZvdW5kIGF0ICcke1BBUkFNU19DT05URVhUfSciCgpwaGFzZSAiQWRkaW5nIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdG8gJyR7UzJJX0VOVklST05NRU5UX0ZJTEV9JyIKCiMgYWRkIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdGhhdCBhcmUgc2VudCBhcyBjb21tYW5kIGxpbmUgYXJndW1lbnRzIGZyb20gRU5WX1ZBUlMgcGFyYW1ldGVyCnRvdWNoICIke1MySV9FTlZJUk9OTUVOVF9GSUxFfSIKaWYgWyAkeyNFTlZfVkFSU1tAXX0gLWd0IDAgXTsgdGhlbgogICAgZm9yIGVudl92YXIgaW4gIiR7RU5WX1ZBUlNbQF19IjsgZG8KICAgICAgICBlY2hvICIke2Vudl92YXJ9IiA+PiAiJHtTMklfRU5WSVJPTk1FTlRfRklMRX0iCiAgICBkb25lCmZpCgojCiMgUzJJIEdlbmVyYXRlCiMKCnBoYXNlICJHZW5lcmF0aW5nIHRoZSBEb2NrZXJmaWxlIGZvciBTMkkgYnVpbGRlciBpbWFnZSAnJHtTMklfQlVJTERFUl9JTUFHRX0nIgpzMmkgLS1sb2dsZXZlbCAiJHtTMklfTE9HTEVWRUx9IiBcCiAgICBidWlsZCAiJHtQQVJBTVNfQ09OVEVYVH0iICIke1MySV9CVUlMREVSX0lNQUdFfSIgXAogICAgICAgIC0taW1hZ2Utc2NyaXB0cy11cmwgIiR7UEFSQU1TX0lNQUdFX1NDUklQVFNfVVJMfSIgXAogICAgICAgIC0tYXMtZG9ja2VyZmlsZSAiJHtTMklfRE9DS0VSRklMRX0iIFwKICAgICAgICAtLWVudmlyb25tZW50LWZpbGUgIiR7UzJJX0VOVklST05NRU5UX0ZJTEV9IgoKcGhhc2UgIkluc3BlY3RpbmcgdGhlIERvY2tlcmZpbGUgZ2VuZXJhdGVkIGF0ICcke1MySV9ET0NLRVJGSUxFfSciCltbICEgLWYgIiR7UzJJX0RPQ0tFUkZJTEV9IiBdXSAmJgogICAgZmFpbCAiR2VuZXJhdGVkIERvY2tlcmZpbGUgaXMgbm90IGZvdW5kISIKCnNldCAreApwaGFzZSAiR2VuZXJhdGVkIERvY2tlcmZpbGUgcGF5bG9hZCIKZWNobyAtZW4gIj4+PiAke1MySV9ET0NLRVJGSUxFfVxuJChjYXQgJHtTMklfRE9DS0VSRklMRX0pXG48PDwgRU9GXG4iCg==" |base64 -d >"/scripts/s2i-generate.sh" + ls /scripts/s2i-*.sh; + chmod +x /scripts/s2i-*.sh;echo "Running Script /scripts/s2i-generate.sh"; + /scripts/s2i-generate.sh; + args: + - "$(params.ENV_VARS[*])" + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: s2i-generate-dir + mountPath: /s2i-generate + + - name: s2i-build + image: registry.access.redhat.com/ubi8/buildah:8.10-5 + workingDir: /s2i-generate + command: + - /scripts/s2i-build.sh + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: s2i-generate-dir + mountPath: /s2i-generate + + volumes: + - name: scripts-dir + emptyDir: {} + - name: s2i-generate-dir + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-s2i-nodejs/task-s2i-nodejs-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-s2i-nodejs/task-s2i-nodejs-task.yaml new file mode 100644 index 0000000000..f67f06533b --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-s2i-nodejs/task-s2i-nodejs-task.yaml @@ -0,0 +1,197 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-s2i-nodejs/0.4.1/task-s2i-nodejs.yaml +# +--- +--- +# Source: task-containers/templates/task-s2i-nodejs.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: s2i-nodejs + labels: + app.kubernetes.io/version: 0.4.1 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-containers" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/categories: containers + tekton.dev/pipelines.minVersion: 0.41.0 + tekton.dev/tags: containers +spec: + description: | + Builds the source code using the s2i's Nodejs builder-image + "image-registry.openshift-image-registry.svc:5000/openshift/nodejs". + + + workspaces: + - name: source + optional: false + description: | + Application source code, the build context for S2I workflow. + - name: dockerconfig + optional: true + description: >- + An optional workspace that allows providing a .docker/config.json file for Buildah to access the container registry. + The file should be placed at the root of the Workspace with name config.json. + + params: + - name: IMAGE + type: string + description: | + Fully qualified container image name to be built by s2i. + - name: VERSION + description: The tag of the imagestream for the corresponding language version + default: latest + type: string + - name: IMAGE_SCRIPTS_URL + type: string + default: image:///usr/libexec/s2i + description: | + Specify a URL containing the default assemble and run scripts for the builder image + - name: ENV_VARS + type: array + default: [] + description: | + Array containing string of Environment Variables as "KEY=VALUE" + - name: CONTEXT + type: string + default: "." + description: | + Path to the directory to use as context. + - name: STORAGE_DRIVER + type: string + default: vfs + description: | + Set buildah storage driver to reflect the currrent cluster node's + settings. + - name: FORMAT + description: The format of the built container, oci or docker + default: "oci" + - name: BUILD_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the build command when building images. + - name: PUSH_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the push command when pushing images. + - name: SKIP_PUSH + default: "false" + description: | + Skip pushing the image to the container registry. + - name: TLS_VERIFY + type: string + default: "true" + description: | + Sets the TLS verification flag, `true` is recommended. + - name: VERBOSE + type: string + default: "false" + description: | + Turns on verbose logging, all commands executed will be printed out. + + results: + - name: IMAGE_URL + description: | + Fully qualified image name. + - name: IMAGE_DIGEST + description: | + Digest of the image just built. + + stepTemplate: + env: + + - name: PARAMS_IMAGE + value: "$(params.IMAGE)" + - name: PARAMS_VERSION + value: "$(params.VERSION)" + - name: PARAMS_IMAGE_SCRIPTS_URL + value: "$(params.IMAGE_SCRIPTS_URL)" + - name: PARAMS_CONTEXT + value: "$(params.CONTEXT)" + - name: PARAMS_FORMAT + value: "$(params.FORMAT)" + - name: PARAMS_STORAGE_DRIVER + value: "$(params.STORAGE_DRIVER)" + - name: PARAMS_BUILD_EXTRA_ARGS + value: "$(params.BUILD_EXTRA_ARGS)" + - name: PARAMS_PUSH_EXTRA_ARGS + value: "$(params.PUSH_EXTRA_ARGS)" + - name: PARAMS_SKIP_PUSH + value: "$(params.SKIP_PUSH)" + - name: PARAMS_TLS_VERIFY + value: "$(params.TLS_VERIFY)" + - name: PARAMS_VERBOSE + value: "$(params.VERBOSE)" + - name: WORKSPACES_SOURCE_BOUND + value: "$(workspaces.source.bound)" + - name: WORKSPACES_SOURCE_PATH + value: "$(workspaces.source.path)" + - name: WORKSPACES_DOCKERCONFIG_BOUND + value: "$(workspaces.dockerconfig.bound)" + - name: WORKSPACES_DOCKERCONFIG_PATH + value: "$(workspaces.dockerconfig.path)" + - name: RESULTS_IMAGE_URL_PATH + value: "$(results.IMAGE_URL.path)" + - name: RESULTS_IMAGE_DIGEST_PATH + value: "$(results.IMAGE_DIGEST.path)" + + steps: + - name: s2i-generate + image: registry.access.redhat.com/source-to-image/source-to-image-rhel8:v1.3.9-6 + workingDir: $(workspaces.source.path) + env: + - name: S2I_BUILDER_IMAGE + value: "image-registry.openshift-image-registry.svc:5000/openshift/nodejs:$(params.VERSION)" + script: | + set -e + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgV3JhcHBlciBhcm91bmQgImJ1aWxkYWggYnVkIiB0byBidWlsZCBhbmQgcHVzaCBhIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiBhIERvY2tlcmZpbGUuCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvYnVpbGRhaC1jb21tb24uc2giCgpmdW5jdGlvbiBfYnVpbGRhaCgpIHsKICAgIGJ1aWxkYWggXAogICAgICAgIC0tc3RvcmFnZS1kcml2ZXI9IiR7UEFSQU1TX1NUT1JBR0VfRFJJVkVSfSIgXAogICAgICAgIC0tdGxzLXZlcmlmeT0iJHtQQVJBTVNfVExTX1ZFUklGWX0iIFwKICAgICAgICAkeyp9Cn0KCiMKIyBQcmVwYXJlCiMKCiMgbWFraW5nIHN1cmUgdGhlIHJlcXVpcmVkIHdvcmtzcGFjZSAic291cmNlIiBpcyBib3VuZGVkLCB3aGljaCBtZWFucyBpdHMgdm9sdW1lIGlzIGN1cnJlbnRseSBtb3VudGVkCiMgYW5kIHJlYWR5IHRvIHVzZQpwaGFzZSAiSW5zcGVjdGluZyBzb3VyY2Ugd29ya3NwYWNlICcke1dPUktTUEFDRVNfU09VUkNFX1BBVEh9JyAoUFdEPScke1BXRH0nKSIKW1sgIiR7V09SS1NQQUNFU19TT1VSQ0VfQk9VTkR9IiAhPSAidHJ1ZSIgXV0gJiYKICAgIGZhaWwgIldvcmtzcGFjZSAnc291cmNlJyBpcyBub3QgYm91bmRlZCIKCnBoYXNlICJBc3NlcnRpbmcgdGhlIGRvY2tlcmZpbGUvY29udGFpbmVyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyBleGlzdHMiCltbICEgLWYgIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgIkRvY2tlcmZpbGUgbm90IGZvdW5kIGF0OiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJDT05URVhUIHBhcmFtIGlzIG5vdCBmb3VuZCBhdCAnJHtQQVJBTVNfQ09OVEVYVH0nLCBvbiBzb3VyY2Ugd29ya3NwYWNlIgoKcGhhc2UgIkJ1aWxkaW5nIGJ1aWxkIGFyZ3MiCkJVSUxEX0FSR1M9KCkKZm9yIGJ1aWxkYXJnIGluICIkQCI7IGRvCiAgICBCVUlMRF9BUkdTKz0oIi0tYnVpbGQtYXJnPSRidWlsZGFyZyIpCmRvbmUKCiMgSGFuZGxlIG9wdGlvbmFsIGRvY2tlcmNvbmZpZyBzZWNyZXQKaWYgW1sgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfQk9VTkR9IiA9PSAidHJ1ZSIgXV07IHRoZW4KCiAgICAjIGlmIGNvbmZpZy5qc29uIGV4aXN0cyBhdCB3b3Jrc3BhY2Ugcm9vdCwgd2UgdXNlIHRoYXQKICAgIGlmIHRlc3QgLWYgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0vY29uZmlnLmpzb24iOyB0aGVuCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0iCgogICAgICAgICMgZWxzZSB3ZSBsb29rIGZvciAuZG9ja2VyY29uZmlnanNvbiBhdCB0aGUgcm9vdAogICAgZWxpZiB0ZXN0IC1mICIke1dPUktTUEFDRVNfRE9DS0VSQ09ORklHX1BBVEh9Ly5kb2NrZXJjb25maWdqc29uIjsgdGhlbgogICAgICAgICMgZW5zdXJlIC5kb2NrZXIgZXhpc3QgYmVmb3JlIHRoZSBjb3B5aW5nIHRoZSBjb250ZW50CiAgICAgICAgaWYgWyAhIC1kICIkSE9NRS8uZG9ja2VyIiBdOyB0aGVuCiAgICAgICAgICAgbWtkaXIgLXAgIiRIT01FLy5kb2NrZXIiCiAgICAgICAgZmkKICAgICAgICBjcCAiJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIfS8uZG9ja2VyY29uZmlnanNvbiIgIiRIT01FLy5kb2NrZXIvY29uZmlnLmpzb24iCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiRIT01FLy5kb2NrZXIiCgogICAgICAgICMgbmVlZCB0byBlcnJvciBvdXQgaWYgbmVpdGhlciBmaWxlcyBhcmUgcHJlc2VudAogICAgZWxzZQogICAgICAgIGVjaG8gIm5laXRoZXIgJ2NvbmZpZy5qc29uJyBub3IgJy5kb2NrZXJjb25maWdqc29uJyBmb3VuZCBhdCB3b3Jrc3BhY2Ugcm9vdCIKICAgICAgICBleGl0IDEKICAgIGZpCmZpCgpFTlRJVExFTUVOVF9WT0xVTUU9IiIKaWYgW1sgIiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX0JPVU5EfSIgPT0gInRydWUiIF1dOyB0aGVuCiAgICBFTlRJVExFTUVOVF9WT0xVTUU9Ii0tdm9sdW1lICR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEh9Oi9ldGMvcGtpL2VudGl0bGVtZW50IgpmaQoKIwojIEJ1aWxkCiMKCnBoYXNlICJCdWlsZGluZyAnJHtQQVJBTVNfSU1BR0V9JyBiYXNlZCBvbiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCltbIC1uICIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX0JVSUxEX0VYVFJBX0FSR1N9JyIKCl9idWlsZGFoIGJ1ZCAke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSBcCiAgICAkRU5USVRMRU1FTlRfVk9MVU1FIFwKICAgICIke0JVSUxEX0FSR1NbQF19IiBcCiAgICAtLWZpbGU9IiR7RE9DS0VSRklMRV9GVUxMfSIgXAogICAgLS10YWc9IiR7UEFSQU1TX0lNQUdFfSIgXAogICAgIiR7UEFSQU1TX0NPTlRFWFR9IgoKaWYgW1sgIiR7UEFSQU1TX1NLSVBfUFVTSH0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgcGhhc2UgIlNraXBwaW5nIHB1c2hpbmcgJyR7UEFSQU1TX0lNQUdFfScgdG8gdGhlIGNvbnRhaW5lciByZWdpc3RyeSEiCiAgICBleGl0IDAKZmkKCiMKIyBQdXNoCiMKCnBoYXNlICJQdXNoaW5nICcke1BBUkFNU19JTUFHRX0nIHRvIHRoZSBjb250YWluZXIgcmVnaXN0cnkiCgpbWyAtbiAiJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX1BVU0hfRVhUUkFfQVJHU30nIgoKIyB0ZW1wb3JhcnkgZmlsZSB0byBzdG9yZSB0aGUgaW1hZ2UgZGlnZXN0LCBpbmZvcm1hdGlvbiBvbmx5IG9idGFpbmVkIGFmdGVyIHB1c2hpbmcgdGhlIGltYWdlIHRvIHRoZQojIGNvbnRhaW5lciByZWdpc3RyeQpkZWNsYXJlIC1yIGRpZ2VzdF9maWxlPSIvdG1wL2J1aWxkYWgtZGlnZXN0LnR4dCIKCl9idWlsZGFoIHB1c2ggJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSBcCiAgICAtLWRpZ2VzdGZpbGU9IiR7ZGlnZXN0X2ZpbGV9IiBcCiAgICAiJHtQQVJBTVNfSU1BR0V9IiBcCiAgICAiZG9ja2VyOi8vJHtQQVJBTVNfSU1BR0V9IgoKIwojIFJlc3VsdHMKIwoKcGhhc2UgIkluc3BlY3RpbmcgZGlnZXN0IHJlcG9ydCAoJyR7ZGlnZXN0X2ZpbGV9JykiCgpbWyAhIC1yICIke2RpZ2VzdF9maWxlfSIgXV0gJiYKICAgIGZhaWwgIlVuYWJsZSB0byBmaW5kIGRpZ2VzdC1maWxlIGF0ICcke2RpZ2VzdF9maWxlfSciCgpkZWNsYXJlIC1yIGRpZ2VzdF9zdW09IiQoY2F0ICR7ZGlnZXN0X2ZpbGV9KSIKCltbIC16ICIke2RpZ2VzdF9zdW19IiBdXSAmJgogICAgZmFpbCAiRGlnZXN0IGZpbGUgJyR7ZGlnZXN0X2ZpbGV9JyBpcyBlbXB0eSEiCgpwaGFzZSAiU3VjY2Vzc2Z1bHkgYnVpbHQgY29udGFpbmVyIGltYWdlICcke1BBUkFNU19JTUFHRX0nICgnJHtkaWdlc3Rfc3VtfScpIgplY2hvIC1uICIke1BBUkFNU19JTUFHRX0iIHwgdGVlICR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSH0KZWNobyAtbiAiJHtkaWdlc3Rfc3VtfSIgfCB0ZWUgJHtSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIfQo=" |base64 -d >"/scripts/buildah-bud.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKZGVjbGFyZSAtcnggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKZGVjbGFyZSAtcnggUEFSQU1TX0RPQ0tFUkZJTEU9IiR7UEFSQU1TX0RPQ0tFUkZJTEU6LX0iCmRlY2xhcmUgLXggUEFSQU1TX0NPTlRFWFQ9IiR7UEFSQU1TX0NPTlRFWFQ6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TVE9SQUdFX0RSSVZFUj0iJHtQQVJBTVNfU1RPUkFHRV9EUklWRVI6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19CVUlMRF9FWFRSQV9BUkdTPSIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTOi19IgpkZWNsYXJlIC1yeCBQQVJBTVNfUFVTSF9FWFRSQV9BUkdTPSIke1BBUkFNU19QVVNIX0VYVFJBX0FSR1M6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TS0lQX1BVU0g9IiR7UEFSQU1TX1NLSVBfUFVTSDotfSIKZGVjbGFyZSAtcnggUEFSQU1TX1RMU19WRVJJRlk9IiR7UEFSQU1TX1RMU19WRVJJRlk6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19WRVJCT1NFPSIke1BBUkFNU19WRVJCT1NFOi19IgoKZGVjbGFyZSAtcnggV09SS1NQQUNFU19TT1VSQ0VfUEFUSD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg9IiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFdPUktTUEFDRVNfUkhFTF9FTlRJVExFTUVOVF9CT1VORD0iJHtXT1JLU1BBQ0VTX1JIRUxfRU5USVRMRU1FTlRfQk9VTkQ6LX0iCgpkZWNsYXJlIC1yeCBSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIPSIke1JFU1VMVFNfSU1BR0VfRElHRVNUX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFJFU1VMVFNfSU1BR0VfVVJMX1BBVEg9IiR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSDotfSIKCiMKIyBEb2NrZXJmaWxlCiMKCiMgZXhwb3NpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUsIHdoaWNoIGJ5IGRlZmF1bHQgc2hvdWxkIGJlIHJlbGF0aXZlIHRvIHRoZSBwcmltYXJ5CiMgd29ya3NwYWNlLCB0byByZWNlaXZlIGEgZGlmZmVyZW50IGNvbnRhaW5lci1maWxlIGxvY2F0aW9uCmRlY2xhcmUgLXIgZG9ja2VyZmlsZV9vbl93cz0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19ET0NLRVJGSUxFfSIKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7RE9DS0VSRklMRV9GVUxMOi0ke2RvY2tlcmZpbGVfb25fd3N9fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKW1sgLXogIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgInVuYWJsZSB0byBmaW5kIHRoZSBEb2NrZXJmaWxlLCBET0NLRVJGSUxFIG1heSBoYXZlIGFuIGluY29ycmVjdCBsb2NhdGlvbiIKCmV4cG9ydGVkX29yX2ZhaWwgXAogICAgV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBcCiAgICBQQVJBTVNfSU1BR0UKCiMKIyBWZXJib3NlIE91dHB1dAojCgppZiBbWyAiJHtQQVJBTVNfVkVSQk9TRX0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgc2V0IC14CmZpCg==" |base64 -d >"/scripts/buildah-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + ls /scripts/buildah-*.sh; + chmod +x /scripts/buildah-*.sh; + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVXNlcyB0aGUgRG9ja2VyZmlsZSBnZW5lcmF0ZWQgYnkgczJpIHRvIGFzc2VtYmxlIGEgbmV3IGNvbnRhaW5lciBpbWFnZSB1c2luZyBidWlsZGFoLgojCgpzaG9wdCAtcyBpbmhlcml0X2VycmV4aXQKc2V0IC1ldSAtbyBwaXBlZmFpbAoKZGVjbGFyZSAtciBjdXJfZGlyPSIkKGRpcm5hbWUgJHtCQVNIX1NPVVJDRVswXX0pIgoKc291cmNlICIke2N1cl9kaXJ9L2NvbW1vbi5zaCIKc291cmNlICIke2N1cl9kaXJ9L3MyaS1jb21tb24uc2giCgojIGxvYWRpbmcgYnVpbGRhaCBzZXR0aW5ncyBvdmVyd3JpdHRpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7UzJJX0RPQ0tFUkZJTEV9Igpzb3VyY2UgIiR7Y3VyX2Rpcn0vYnVpbGRhaC1jb21tb24uc2giCgpwaGFzZSAiQ2hhbmdpbmcgJFBBUkFNU19DT05URVhUIHRvIHBvaW50IHRvIHByZXNlbnQgd29ya2luZyBkaXJlY3RvcnkiCltbICIkUEFSQU1TX0NPTlRFWFQiICE9ICIuIiBdXSAmJiAKICAgIFBBUkFNU19DT05URVhUPSIuIgoKcGhhc2UgIkluc3BlY3RpbmcgY29udGV4dCAnJHtQQVJBTVNfQ09OVEVYVH0nIgpbWyAhIC1kICIke1BBUkFNU19DT05URVhUfSIgXV0gJiYKICAgIGZhaWwgIkFwcGxpY2F0aW9uIHNvdXJjZSBjb2RlIGRpcmVjdG9yeSBub3QgZm91bmQgYXQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKCnBoYXNlICJCdWlsZGluZyB0aGUgRG9ja2VyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyB3aXRoIGJ1aWxkYWgiCmV4ZWMgJHtjdXJfZGlyfS9idWlsZGFoLWJ1ZC5zaAo=" |base64 -d >"/scripts/s2i-build.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0YXJnZXQgaW1hZ2UgbmFtZSAoZnVsbHkgcXVhbGlmaWVkKSB0byBiZSBidWlsZCB3aXRoIHMyaSwgcmVkZWNsYXJpbmcgdGhlIHNhbWUgcGFyYW1ldGVyIG5hbWUgdGhhbgojIGJ1aWxkYWggdGFzayB1c2VzCmRlY2xhcmUgLXggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKIyBTcGVjaWZ5IGEgVVJMIGNvbnRhaW5pbmcgdGhlIGRlZmF1bHQgYXNzZW1ibGUgYW5kIHJ1biBzY3JpcHRzIGZvciB0aGUgYnVpbGRlciBpbWFnZQpkZWNsYXJlIC1yeCBQQVJBTVNfSU1BR0VfU0NSSVBUU19VUkw9IiR7UEFSQU1TX0lNQUdFX1NDUklQVFNfVVJMOi19IgoKIyB2b2x1bWUgbW91bnQgb3IgZGlyZWN0b3J5IHJlc3BvbnNpYmxlIGZvciBob2xkaW5nIGZpbGVzIAojIGxpa2UgZW52LCBEb2NrZXJmaWxlIGFuZCBhbnkgb3RoZXJzIG5lZWRlZCB0byBzdXBwb3J0IHMyaQpkZWNsYXJlIC1yeCBTMklfR0VORVJBVEVfRElSRUNUT1JZPSIke1MySV9HRU5FUkFURV9ESVJFQ1RPUlk6LS9zMmktZ2VuZXJhdGV9IgoKIyBmdWxsIHBhdGggdG8gdGhlIGNvbnRhaW5lciBmaWxlIGdlbmVyYXRlZCBieSBzMmkKZGVjbGFyZSAtcnggUzJJX0RPQ0tFUkZJTEU9IiR7UzJJX0RPQ0tFUkZJTEU6LSR7UzJJX0dFTkVSQVRFX0RJUkVDVE9SWX0vRG9ja2VyZmlsZS5nZW59IgoKIyBmdWxsIHBhdGggdG8gdGhlIGVudiBmaWxlIHVzZWQgd2l0aCB0aGUgLS1lbnZpcm9ubWVudC1maWxlIHBhcmFtZXRlciBvZiBzMmkKZGVjbGFyZSAtcnggUzJJX0VOVklST05NRU5UX0ZJTEU9IiR7UzJJX0VOVklST05NRU5UX0ZJTEU6LSR7UzJJX0dFTkVSQVRFX0RJUkVDVE9SWX0vZW52fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKZXhwb3J0ZWRfb3JfZmFpbCBcCiAgICBXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIIFwKICAgIFBBUkFNU19JTUFHRQoKIwojIFZlcmJvc2UgT3V0cHV0CiMKCmRlY2xhcmUgLXggUzJJX0xPR0xFVkVMPSIwIgoKaWYgW1sgIiR7UEFSQU1TX1ZFUkJPU0V9IiA9PSAidHJ1ZSIgXV07IHRoZW4KICAgIFMySV9MT0dMRVZFTD0iMiIKICAgIHNldCAteApmaQo=" |base64 -d >"/scripts/s2i-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVXNlcyBzMmkgdG8gZ2VuZXJhdGUgdGhlIHJlcGVzY3RpdmUgQ29udGFpbmVyZmlsZSBiYXNlZCBvbiB0aGUgaW5mb21yZWQgYnVpbGRlci4gVGhlIENvbnRhaW5lcmZpbGUKIyBpcyBzdG9yZWQgb24gYSB0ZW1wb3JhcnkgbG9jYXRpb24uCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvczJpLWNvbW1vbi5zaCIKCiMgczJpIGJ1aWxkZXIgaW1hZ2UgbmFtZSAoZnVsbHkgcXVhbGlmaWVkKQpkZWNsYXJlIC1yeCBTMklfQlVJTERFUl9JTUFHRT0iJHtTMklfQlVJTERFUl9JTUFHRTotfSIKCiMgdGFrZXMgdGhlIHZhbHVlcyBpbiBhcmd1bWVudCBFTlZfVkFSUyBhbmQgY3JlYXRlcyBhbiBhcnJheSB1c2luZyB0aG9zZSB2YWx1ZXMKZGVjbGFyZSAtcmEgRU5WX1ZBUlM9KCR7QH0pCgojIHJlLXVzaW5nIHRoZSBzYW1lIHBhcmFtZXRlcnMgdGhhbiBidWlsZGFoLCBzMmkgbmVlZHMgYnVpbGRhaCBhYmlsaXRpZXMgdG8gY3JlYXRlIHRoZSBmaW5hbAojIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiB3aGF0IHMyaSBnZW5lcmF0ZXMKc291cmNlICIkKGRpcm5hbWUgJHtCQVNIX1NPVVJDRVswXX0pL2J1aWxkYWgtY29tbW9uLnNoIgoKIwojIFByZXBhcmUKIwoKIyBtYWtpbmcgc3VyZSB0aGUgcmVxdWlyZWQgd29ya3NwYWNlICJzb3VyY2UiIGlzIGJvdW5kZWQsIHdoaWNoIG1lYW5zIGl0cyB2b2x1bWUgaXMgY3VycmVudGx5IG1vdW50ZWQKIyBhbmQgcmVhZHkgdG8gdXNlCnBoYXNlICJJbnNwZWN0aW5nIHNvdXJjZSB3b3Jrc3BhY2UgJyR7V09SS1NQQUNFU19TT1VSQ0VfUEFUSH0nIChQV0Q9JyR7UFdEfScpIgpbWyAiJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORH0iICE9ICJ0cnVlIiBdXSAmJgogICAgZmFpbCAiV29ya3NwYWNlICdzb3VyY2UnIGlzIG5vdCBib3VuZGVkIgoKcGhhc2UgIkFwcGVuZGluZyAkUEFSQU1TX0NPTlRFWFQgd2l0aCAkV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBpZiBpdCdzIHJlbGF0aXZlIgpbWyAiJFBBUkFNU19DT05URVhUIiAhPSAiLiIgJiYgIiRQQVJBTVNfQ09OVEVYVCIgIT0gLyogXV0gJiYgCiAgICBQQVJBTVNfQ09OVEVYVD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19DT05URVhUfSIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJBcHBsaWNhdGlvbiBzb3VyY2UgY29kZSBkaXJlY3Rvcnkgbm90IGZvdW5kIGF0ICcke1BBUkFNU19DT05URVhUfSciCgpwaGFzZSAiQWRkaW5nIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdG8gJyR7UzJJX0VOVklST05NRU5UX0ZJTEV9JyIKCiMgYWRkIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdGhhdCBhcmUgc2VudCBhcyBjb21tYW5kIGxpbmUgYXJndW1lbnRzIGZyb20gRU5WX1ZBUlMgcGFyYW1ldGVyCnRvdWNoICIke1MySV9FTlZJUk9OTUVOVF9GSUxFfSIKaWYgWyAkeyNFTlZfVkFSU1tAXX0gLWd0IDAgXTsgdGhlbgogICAgZm9yIGVudl92YXIgaW4gIiR7RU5WX1ZBUlNbQF19IjsgZG8KICAgICAgICBlY2hvICIke2Vudl92YXJ9IiA+PiAiJHtTMklfRU5WSVJPTk1FTlRfRklMRX0iCiAgICBkb25lCmZpCgojCiMgUzJJIEdlbmVyYXRlCiMKCnBoYXNlICJHZW5lcmF0aW5nIHRoZSBEb2NrZXJmaWxlIGZvciBTMkkgYnVpbGRlciBpbWFnZSAnJHtTMklfQlVJTERFUl9JTUFHRX0nIgpzMmkgLS1sb2dsZXZlbCAiJHtTMklfTE9HTEVWRUx9IiBcCiAgICBidWlsZCAiJHtQQVJBTVNfQ09OVEVYVH0iICIke1MySV9CVUlMREVSX0lNQUdFfSIgXAogICAgICAgIC0taW1hZ2Utc2NyaXB0cy11cmwgIiR7UEFSQU1TX0lNQUdFX1NDUklQVFNfVVJMfSIgXAogICAgICAgIC0tYXMtZG9ja2VyZmlsZSAiJHtTMklfRE9DS0VSRklMRX0iIFwKICAgICAgICAtLWVudmlyb25tZW50LWZpbGUgIiR7UzJJX0VOVklST05NRU5UX0ZJTEV9IgoKcGhhc2UgIkluc3BlY3RpbmcgdGhlIERvY2tlcmZpbGUgZ2VuZXJhdGVkIGF0ICcke1MySV9ET0NLRVJGSUxFfSciCltbICEgLWYgIiR7UzJJX0RPQ0tFUkZJTEV9IiBdXSAmJgogICAgZmFpbCAiR2VuZXJhdGVkIERvY2tlcmZpbGUgaXMgbm90IGZvdW5kISIKCnNldCAreApwaGFzZSAiR2VuZXJhdGVkIERvY2tlcmZpbGUgcGF5bG9hZCIKZWNobyAtZW4gIj4+PiAke1MySV9ET0NLRVJGSUxFfVxuJChjYXQgJHtTMklfRE9DS0VSRklMRX0pXG48PDwgRU9GXG4iCg==" |base64 -d >"/scripts/s2i-generate.sh" + ls /scripts/s2i-*.sh; + chmod +x /scripts/s2i-*.sh;echo "Running Script /scripts/s2i-generate.sh"; + /scripts/s2i-generate.sh; + args: + - "$(params.ENV_VARS[*])" + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: s2i-generate-dir + mountPath: /s2i-generate + + - name: s2i-build + image: registry.access.redhat.com/ubi8/buildah:8.10-5 + workingDir: /s2i-generate + command: + - /scripts/s2i-build.sh + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: s2i-generate-dir + mountPath: /s2i-generate + + volumes: + - name: scripts-dir + emptyDir: {} + - name: s2i-generate-dir + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-s2i-perl/task-s2i-perl-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-s2i-perl/task-s2i-perl-task.yaml new file mode 100644 index 0000000000..3f48071c72 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-s2i-perl/task-s2i-perl-task.yaml @@ -0,0 +1,197 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-s2i-perl/0.4.1/task-s2i-perl.yaml +# +--- +--- +# Source: task-containers/templates/task-s2i-perl.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: s2i-perl + labels: + app.kubernetes.io/version: 0.4.1 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-containers" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/categories: containers + tekton.dev/pipelines.minVersion: 0.41.0 + tekton.dev/tags: containers +spec: + description: | + Builds the source code using the s2i's Perl builder-image + "image-registry.openshift-image-registry.svc:5000/openshift/perl". + + + workspaces: + - name: source + optional: false + description: | + Application source code, the build context for S2I workflow. + - name: dockerconfig + optional: true + description: >- + An optional workspace that allows providing a .docker/config.json file for Buildah to access the container registry. + The file should be placed at the root of the Workspace with name config.json. + + params: + - name: IMAGE + type: string + description: | + Fully qualified container image name to be built by s2i. + - name: VERSION + description: The tag of the imagestream for the corresponding language version + default: latest + type: string + - name: IMAGE_SCRIPTS_URL + type: string + default: image:///usr/libexec/s2i + description: | + Specify a URL containing the default assemble and run scripts for the builder image + - name: ENV_VARS + type: array + default: [] + description: | + Array containing string of Environment Variables as "KEY=VALUE" + - name: CONTEXT + type: string + default: "." + description: | + Path to the directory to use as context. + - name: STORAGE_DRIVER + type: string + default: vfs + description: | + Set buildah storage driver to reflect the currrent cluster node's + settings. + - name: FORMAT + description: The format of the built container, oci or docker + default: "oci" + - name: BUILD_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the build command when building images. + - name: PUSH_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the push command when pushing images. + - name: SKIP_PUSH + default: "false" + description: | + Skip pushing the image to the container registry. + - name: TLS_VERIFY + type: string + default: "true" + description: | + Sets the TLS verification flag, `true` is recommended. + - name: VERBOSE + type: string + default: "false" + description: | + Turns on verbose logging, all commands executed will be printed out. + + results: + - name: IMAGE_URL + description: | + Fully qualified image name. + - name: IMAGE_DIGEST + description: | + Digest of the image just built. + + stepTemplate: + env: + + - name: PARAMS_IMAGE + value: "$(params.IMAGE)" + - name: PARAMS_VERSION + value: "$(params.VERSION)" + - name: PARAMS_IMAGE_SCRIPTS_URL + value: "$(params.IMAGE_SCRIPTS_URL)" + - name: PARAMS_CONTEXT + value: "$(params.CONTEXT)" + - name: PARAMS_FORMAT + value: "$(params.FORMAT)" + - name: PARAMS_STORAGE_DRIVER + value: "$(params.STORAGE_DRIVER)" + - name: PARAMS_BUILD_EXTRA_ARGS + value: "$(params.BUILD_EXTRA_ARGS)" + - name: PARAMS_PUSH_EXTRA_ARGS + value: "$(params.PUSH_EXTRA_ARGS)" + - name: PARAMS_SKIP_PUSH + value: "$(params.SKIP_PUSH)" + - name: PARAMS_TLS_VERIFY + value: "$(params.TLS_VERIFY)" + - name: PARAMS_VERBOSE + value: "$(params.VERBOSE)" + - name: WORKSPACES_SOURCE_BOUND + value: "$(workspaces.source.bound)" + - name: WORKSPACES_SOURCE_PATH + value: "$(workspaces.source.path)" + - name: WORKSPACES_DOCKERCONFIG_BOUND + value: "$(workspaces.dockerconfig.bound)" + - name: WORKSPACES_DOCKERCONFIG_PATH + value: "$(workspaces.dockerconfig.path)" + - name: RESULTS_IMAGE_URL_PATH + value: "$(results.IMAGE_URL.path)" + - name: RESULTS_IMAGE_DIGEST_PATH + value: "$(results.IMAGE_DIGEST.path)" + + steps: + - name: s2i-generate + image: registry.access.redhat.com/source-to-image/source-to-image-rhel8:v1.3.9-6 + workingDir: $(workspaces.source.path) + env: + - name: S2I_BUILDER_IMAGE + value: "image-registry.openshift-image-registry.svc:5000/openshift/perl:$(params.VERSION)" + script: | + set -e + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgV3JhcHBlciBhcm91bmQgImJ1aWxkYWggYnVkIiB0byBidWlsZCBhbmQgcHVzaCBhIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiBhIERvY2tlcmZpbGUuCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvYnVpbGRhaC1jb21tb24uc2giCgpmdW5jdGlvbiBfYnVpbGRhaCgpIHsKICAgIGJ1aWxkYWggXAogICAgICAgIC0tc3RvcmFnZS1kcml2ZXI9IiR7UEFSQU1TX1NUT1JBR0VfRFJJVkVSfSIgXAogICAgICAgIC0tdGxzLXZlcmlmeT0iJHtQQVJBTVNfVExTX1ZFUklGWX0iIFwKICAgICAgICAkeyp9Cn0KCiMKIyBQcmVwYXJlCiMKCiMgbWFraW5nIHN1cmUgdGhlIHJlcXVpcmVkIHdvcmtzcGFjZSAic291cmNlIiBpcyBib3VuZGVkLCB3aGljaCBtZWFucyBpdHMgdm9sdW1lIGlzIGN1cnJlbnRseSBtb3VudGVkCiMgYW5kIHJlYWR5IHRvIHVzZQpwaGFzZSAiSW5zcGVjdGluZyBzb3VyY2Ugd29ya3NwYWNlICcke1dPUktTUEFDRVNfU09VUkNFX1BBVEh9JyAoUFdEPScke1BXRH0nKSIKW1sgIiR7V09SS1NQQUNFU19TT1VSQ0VfQk9VTkR9IiAhPSAidHJ1ZSIgXV0gJiYKICAgIGZhaWwgIldvcmtzcGFjZSAnc291cmNlJyBpcyBub3QgYm91bmRlZCIKCnBoYXNlICJBc3NlcnRpbmcgdGhlIGRvY2tlcmZpbGUvY29udGFpbmVyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyBleGlzdHMiCltbICEgLWYgIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgIkRvY2tlcmZpbGUgbm90IGZvdW5kIGF0OiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJDT05URVhUIHBhcmFtIGlzIG5vdCBmb3VuZCBhdCAnJHtQQVJBTVNfQ09OVEVYVH0nLCBvbiBzb3VyY2Ugd29ya3NwYWNlIgoKcGhhc2UgIkJ1aWxkaW5nIGJ1aWxkIGFyZ3MiCkJVSUxEX0FSR1M9KCkKZm9yIGJ1aWxkYXJnIGluICIkQCI7IGRvCiAgICBCVUlMRF9BUkdTKz0oIi0tYnVpbGQtYXJnPSRidWlsZGFyZyIpCmRvbmUKCiMgSGFuZGxlIG9wdGlvbmFsIGRvY2tlcmNvbmZpZyBzZWNyZXQKaWYgW1sgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfQk9VTkR9IiA9PSAidHJ1ZSIgXV07IHRoZW4KCiAgICAjIGlmIGNvbmZpZy5qc29uIGV4aXN0cyBhdCB3b3Jrc3BhY2Ugcm9vdCwgd2UgdXNlIHRoYXQKICAgIGlmIHRlc3QgLWYgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0vY29uZmlnLmpzb24iOyB0aGVuCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0iCgogICAgICAgICMgZWxzZSB3ZSBsb29rIGZvciAuZG9ja2VyY29uZmlnanNvbiBhdCB0aGUgcm9vdAogICAgZWxpZiB0ZXN0IC1mICIke1dPUktTUEFDRVNfRE9DS0VSQ09ORklHX1BBVEh9Ly5kb2NrZXJjb25maWdqc29uIjsgdGhlbgogICAgICAgICMgZW5zdXJlIC5kb2NrZXIgZXhpc3QgYmVmb3JlIHRoZSBjb3B5aW5nIHRoZSBjb250ZW50CiAgICAgICAgaWYgWyAhIC1kICIkSE9NRS8uZG9ja2VyIiBdOyB0aGVuCiAgICAgICAgICAgbWtkaXIgLXAgIiRIT01FLy5kb2NrZXIiCiAgICAgICAgZmkKICAgICAgICBjcCAiJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIfS8uZG9ja2VyY29uZmlnanNvbiIgIiRIT01FLy5kb2NrZXIvY29uZmlnLmpzb24iCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiRIT01FLy5kb2NrZXIiCgogICAgICAgICMgbmVlZCB0byBlcnJvciBvdXQgaWYgbmVpdGhlciBmaWxlcyBhcmUgcHJlc2VudAogICAgZWxzZQogICAgICAgIGVjaG8gIm5laXRoZXIgJ2NvbmZpZy5qc29uJyBub3IgJy5kb2NrZXJjb25maWdqc29uJyBmb3VuZCBhdCB3b3Jrc3BhY2Ugcm9vdCIKICAgICAgICBleGl0IDEKICAgIGZpCmZpCgpFTlRJVExFTUVOVF9WT0xVTUU9IiIKaWYgW1sgIiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX0JPVU5EfSIgPT0gInRydWUiIF1dOyB0aGVuCiAgICBFTlRJVExFTUVOVF9WT0xVTUU9Ii0tdm9sdW1lICR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEh9Oi9ldGMvcGtpL2VudGl0bGVtZW50IgpmaQoKIwojIEJ1aWxkCiMKCnBoYXNlICJCdWlsZGluZyAnJHtQQVJBTVNfSU1BR0V9JyBiYXNlZCBvbiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCltbIC1uICIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX0JVSUxEX0VYVFJBX0FSR1N9JyIKCl9idWlsZGFoIGJ1ZCAke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSBcCiAgICAkRU5USVRMRU1FTlRfVk9MVU1FIFwKICAgICIke0JVSUxEX0FSR1NbQF19IiBcCiAgICAtLWZpbGU9IiR7RE9DS0VSRklMRV9GVUxMfSIgXAogICAgLS10YWc9IiR7UEFSQU1TX0lNQUdFfSIgXAogICAgIiR7UEFSQU1TX0NPTlRFWFR9IgoKaWYgW1sgIiR7UEFSQU1TX1NLSVBfUFVTSH0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgcGhhc2UgIlNraXBwaW5nIHB1c2hpbmcgJyR7UEFSQU1TX0lNQUdFfScgdG8gdGhlIGNvbnRhaW5lciByZWdpc3RyeSEiCiAgICBleGl0IDAKZmkKCiMKIyBQdXNoCiMKCnBoYXNlICJQdXNoaW5nICcke1BBUkFNU19JTUFHRX0nIHRvIHRoZSBjb250YWluZXIgcmVnaXN0cnkiCgpbWyAtbiAiJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX1BVU0hfRVhUUkFfQVJHU30nIgoKIyB0ZW1wb3JhcnkgZmlsZSB0byBzdG9yZSB0aGUgaW1hZ2UgZGlnZXN0LCBpbmZvcm1hdGlvbiBvbmx5IG9idGFpbmVkIGFmdGVyIHB1c2hpbmcgdGhlIGltYWdlIHRvIHRoZQojIGNvbnRhaW5lciByZWdpc3RyeQpkZWNsYXJlIC1yIGRpZ2VzdF9maWxlPSIvdG1wL2J1aWxkYWgtZGlnZXN0LnR4dCIKCl9idWlsZGFoIHB1c2ggJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSBcCiAgICAtLWRpZ2VzdGZpbGU9IiR7ZGlnZXN0X2ZpbGV9IiBcCiAgICAiJHtQQVJBTVNfSU1BR0V9IiBcCiAgICAiZG9ja2VyOi8vJHtQQVJBTVNfSU1BR0V9IgoKIwojIFJlc3VsdHMKIwoKcGhhc2UgIkluc3BlY3RpbmcgZGlnZXN0IHJlcG9ydCAoJyR7ZGlnZXN0X2ZpbGV9JykiCgpbWyAhIC1yICIke2RpZ2VzdF9maWxlfSIgXV0gJiYKICAgIGZhaWwgIlVuYWJsZSB0byBmaW5kIGRpZ2VzdC1maWxlIGF0ICcke2RpZ2VzdF9maWxlfSciCgpkZWNsYXJlIC1yIGRpZ2VzdF9zdW09IiQoY2F0ICR7ZGlnZXN0X2ZpbGV9KSIKCltbIC16ICIke2RpZ2VzdF9zdW19IiBdXSAmJgogICAgZmFpbCAiRGlnZXN0IGZpbGUgJyR7ZGlnZXN0X2ZpbGV9JyBpcyBlbXB0eSEiCgpwaGFzZSAiU3VjY2Vzc2Z1bHkgYnVpbHQgY29udGFpbmVyIGltYWdlICcke1BBUkFNU19JTUFHRX0nICgnJHtkaWdlc3Rfc3VtfScpIgplY2hvIC1uICIke1BBUkFNU19JTUFHRX0iIHwgdGVlICR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSH0KZWNobyAtbiAiJHtkaWdlc3Rfc3VtfSIgfCB0ZWUgJHtSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIfQo=" |base64 -d >"/scripts/buildah-bud.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKZGVjbGFyZSAtcnggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKZGVjbGFyZSAtcnggUEFSQU1TX0RPQ0tFUkZJTEU9IiR7UEFSQU1TX0RPQ0tFUkZJTEU6LX0iCmRlY2xhcmUgLXggUEFSQU1TX0NPTlRFWFQ9IiR7UEFSQU1TX0NPTlRFWFQ6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TVE9SQUdFX0RSSVZFUj0iJHtQQVJBTVNfU1RPUkFHRV9EUklWRVI6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19CVUlMRF9FWFRSQV9BUkdTPSIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTOi19IgpkZWNsYXJlIC1yeCBQQVJBTVNfUFVTSF9FWFRSQV9BUkdTPSIke1BBUkFNU19QVVNIX0VYVFJBX0FSR1M6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TS0lQX1BVU0g9IiR7UEFSQU1TX1NLSVBfUFVTSDotfSIKZGVjbGFyZSAtcnggUEFSQU1TX1RMU19WRVJJRlk9IiR7UEFSQU1TX1RMU19WRVJJRlk6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19WRVJCT1NFPSIke1BBUkFNU19WRVJCT1NFOi19IgoKZGVjbGFyZSAtcnggV09SS1NQQUNFU19TT1VSQ0VfUEFUSD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg9IiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFdPUktTUEFDRVNfUkhFTF9FTlRJVExFTUVOVF9CT1VORD0iJHtXT1JLU1BBQ0VTX1JIRUxfRU5USVRMRU1FTlRfQk9VTkQ6LX0iCgpkZWNsYXJlIC1yeCBSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIPSIke1JFU1VMVFNfSU1BR0VfRElHRVNUX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFJFU1VMVFNfSU1BR0VfVVJMX1BBVEg9IiR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSDotfSIKCiMKIyBEb2NrZXJmaWxlCiMKCiMgZXhwb3NpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUsIHdoaWNoIGJ5IGRlZmF1bHQgc2hvdWxkIGJlIHJlbGF0aXZlIHRvIHRoZSBwcmltYXJ5CiMgd29ya3NwYWNlLCB0byByZWNlaXZlIGEgZGlmZmVyZW50IGNvbnRhaW5lci1maWxlIGxvY2F0aW9uCmRlY2xhcmUgLXIgZG9ja2VyZmlsZV9vbl93cz0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19ET0NLRVJGSUxFfSIKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7RE9DS0VSRklMRV9GVUxMOi0ke2RvY2tlcmZpbGVfb25fd3N9fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKW1sgLXogIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgInVuYWJsZSB0byBmaW5kIHRoZSBEb2NrZXJmaWxlLCBET0NLRVJGSUxFIG1heSBoYXZlIGFuIGluY29ycmVjdCBsb2NhdGlvbiIKCmV4cG9ydGVkX29yX2ZhaWwgXAogICAgV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBcCiAgICBQQVJBTVNfSU1BR0UKCiMKIyBWZXJib3NlIE91dHB1dAojCgppZiBbWyAiJHtQQVJBTVNfVkVSQk9TRX0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgc2V0IC14CmZpCg==" |base64 -d >"/scripts/buildah-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + ls /scripts/buildah-*.sh; + chmod +x /scripts/buildah-*.sh; + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVXNlcyB0aGUgRG9ja2VyZmlsZSBnZW5lcmF0ZWQgYnkgczJpIHRvIGFzc2VtYmxlIGEgbmV3IGNvbnRhaW5lciBpbWFnZSB1c2luZyBidWlsZGFoLgojCgpzaG9wdCAtcyBpbmhlcml0X2VycmV4aXQKc2V0IC1ldSAtbyBwaXBlZmFpbAoKZGVjbGFyZSAtciBjdXJfZGlyPSIkKGRpcm5hbWUgJHtCQVNIX1NPVVJDRVswXX0pIgoKc291cmNlICIke2N1cl9kaXJ9L2NvbW1vbi5zaCIKc291cmNlICIke2N1cl9kaXJ9L3MyaS1jb21tb24uc2giCgojIGxvYWRpbmcgYnVpbGRhaCBzZXR0aW5ncyBvdmVyd3JpdHRpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7UzJJX0RPQ0tFUkZJTEV9Igpzb3VyY2UgIiR7Y3VyX2Rpcn0vYnVpbGRhaC1jb21tb24uc2giCgpwaGFzZSAiQ2hhbmdpbmcgJFBBUkFNU19DT05URVhUIHRvIHBvaW50IHRvIHByZXNlbnQgd29ya2luZyBkaXJlY3RvcnkiCltbICIkUEFSQU1TX0NPTlRFWFQiICE9ICIuIiBdXSAmJiAKICAgIFBBUkFNU19DT05URVhUPSIuIgoKcGhhc2UgIkluc3BlY3RpbmcgY29udGV4dCAnJHtQQVJBTVNfQ09OVEVYVH0nIgpbWyAhIC1kICIke1BBUkFNU19DT05URVhUfSIgXV0gJiYKICAgIGZhaWwgIkFwcGxpY2F0aW9uIHNvdXJjZSBjb2RlIGRpcmVjdG9yeSBub3QgZm91bmQgYXQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKCnBoYXNlICJCdWlsZGluZyB0aGUgRG9ja2VyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyB3aXRoIGJ1aWxkYWgiCmV4ZWMgJHtjdXJfZGlyfS9idWlsZGFoLWJ1ZC5zaAo=" |base64 -d >"/scripts/s2i-build.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0YXJnZXQgaW1hZ2UgbmFtZSAoZnVsbHkgcXVhbGlmaWVkKSB0byBiZSBidWlsZCB3aXRoIHMyaSwgcmVkZWNsYXJpbmcgdGhlIHNhbWUgcGFyYW1ldGVyIG5hbWUgdGhhbgojIGJ1aWxkYWggdGFzayB1c2VzCmRlY2xhcmUgLXggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKIyBTcGVjaWZ5IGEgVVJMIGNvbnRhaW5pbmcgdGhlIGRlZmF1bHQgYXNzZW1ibGUgYW5kIHJ1biBzY3JpcHRzIGZvciB0aGUgYnVpbGRlciBpbWFnZQpkZWNsYXJlIC1yeCBQQVJBTVNfSU1BR0VfU0NSSVBUU19VUkw9IiR7UEFSQU1TX0lNQUdFX1NDUklQVFNfVVJMOi19IgoKIyB2b2x1bWUgbW91bnQgb3IgZGlyZWN0b3J5IHJlc3BvbnNpYmxlIGZvciBob2xkaW5nIGZpbGVzIAojIGxpa2UgZW52LCBEb2NrZXJmaWxlIGFuZCBhbnkgb3RoZXJzIG5lZWRlZCB0byBzdXBwb3J0IHMyaQpkZWNsYXJlIC1yeCBTMklfR0VORVJBVEVfRElSRUNUT1JZPSIke1MySV9HRU5FUkFURV9ESVJFQ1RPUlk6LS9zMmktZ2VuZXJhdGV9IgoKIyBmdWxsIHBhdGggdG8gdGhlIGNvbnRhaW5lciBmaWxlIGdlbmVyYXRlZCBieSBzMmkKZGVjbGFyZSAtcnggUzJJX0RPQ0tFUkZJTEU9IiR7UzJJX0RPQ0tFUkZJTEU6LSR7UzJJX0dFTkVSQVRFX0RJUkVDVE9SWX0vRG9ja2VyZmlsZS5nZW59IgoKIyBmdWxsIHBhdGggdG8gdGhlIGVudiBmaWxlIHVzZWQgd2l0aCB0aGUgLS1lbnZpcm9ubWVudC1maWxlIHBhcmFtZXRlciBvZiBzMmkKZGVjbGFyZSAtcnggUzJJX0VOVklST05NRU5UX0ZJTEU9IiR7UzJJX0VOVklST05NRU5UX0ZJTEU6LSR7UzJJX0dFTkVSQVRFX0RJUkVDVE9SWX0vZW52fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKZXhwb3J0ZWRfb3JfZmFpbCBcCiAgICBXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIIFwKICAgIFBBUkFNU19JTUFHRQoKIwojIFZlcmJvc2UgT3V0cHV0CiMKCmRlY2xhcmUgLXggUzJJX0xPR0xFVkVMPSIwIgoKaWYgW1sgIiR7UEFSQU1TX1ZFUkJPU0V9IiA9PSAidHJ1ZSIgXV07IHRoZW4KICAgIFMySV9MT0dMRVZFTD0iMiIKICAgIHNldCAteApmaQo=" |base64 -d >"/scripts/s2i-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVXNlcyBzMmkgdG8gZ2VuZXJhdGUgdGhlIHJlcGVzY3RpdmUgQ29udGFpbmVyZmlsZSBiYXNlZCBvbiB0aGUgaW5mb21yZWQgYnVpbGRlci4gVGhlIENvbnRhaW5lcmZpbGUKIyBpcyBzdG9yZWQgb24gYSB0ZW1wb3JhcnkgbG9jYXRpb24uCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvczJpLWNvbW1vbi5zaCIKCiMgczJpIGJ1aWxkZXIgaW1hZ2UgbmFtZSAoZnVsbHkgcXVhbGlmaWVkKQpkZWNsYXJlIC1yeCBTMklfQlVJTERFUl9JTUFHRT0iJHtTMklfQlVJTERFUl9JTUFHRTotfSIKCiMgdGFrZXMgdGhlIHZhbHVlcyBpbiBhcmd1bWVudCBFTlZfVkFSUyBhbmQgY3JlYXRlcyBhbiBhcnJheSB1c2luZyB0aG9zZSB2YWx1ZXMKZGVjbGFyZSAtcmEgRU5WX1ZBUlM9KCR7QH0pCgojIHJlLXVzaW5nIHRoZSBzYW1lIHBhcmFtZXRlcnMgdGhhbiBidWlsZGFoLCBzMmkgbmVlZHMgYnVpbGRhaCBhYmlsaXRpZXMgdG8gY3JlYXRlIHRoZSBmaW5hbAojIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiB3aGF0IHMyaSBnZW5lcmF0ZXMKc291cmNlICIkKGRpcm5hbWUgJHtCQVNIX1NPVVJDRVswXX0pL2J1aWxkYWgtY29tbW9uLnNoIgoKIwojIFByZXBhcmUKIwoKIyBtYWtpbmcgc3VyZSB0aGUgcmVxdWlyZWQgd29ya3NwYWNlICJzb3VyY2UiIGlzIGJvdW5kZWQsIHdoaWNoIG1lYW5zIGl0cyB2b2x1bWUgaXMgY3VycmVudGx5IG1vdW50ZWQKIyBhbmQgcmVhZHkgdG8gdXNlCnBoYXNlICJJbnNwZWN0aW5nIHNvdXJjZSB3b3Jrc3BhY2UgJyR7V09SS1NQQUNFU19TT1VSQ0VfUEFUSH0nIChQV0Q9JyR7UFdEfScpIgpbWyAiJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORH0iICE9ICJ0cnVlIiBdXSAmJgogICAgZmFpbCAiV29ya3NwYWNlICdzb3VyY2UnIGlzIG5vdCBib3VuZGVkIgoKcGhhc2UgIkFwcGVuZGluZyAkUEFSQU1TX0NPTlRFWFQgd2l0aCAkV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBpZiBpdCdzIHJlbGF0aXZlIgpbWyAiJFBBUkFNU19DT05URVhUIiAhPSAiLiIgJiYgIiRQQVJBTVNfQ09OVEVYVCIgIT0gLyogXV0gJiYgCiAgICBQQVJBTVNfQ09OVEVYVD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19DT05URVhUfSIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJBcHBsaWNhdGlvbiBzb3VyY2UgY29kZSBkaXJlY3Rvcnkgbm90IGZvdW5kIGF0ICcke1BBUkFNU19DT05URVhUfSciCgpwaGFzZSAiQWRkaW5nIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdG8gJyR7UzJJX0VOVklST05NRU5UX0ZJTEV9JyIKCiMgYWRkIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdGhhdCBhcmUgc2VudCBhcyBjb21tYW5kIGxpbmUgYXJndW1lbnRzIGZyb20gRU5WX1ZBUlMgcGFyYW1ldGVyCnRvdWNoICIke1MySV9FTlZJUk9OTUVOVF9GSUxFfSIKaWYgWyAkeyNFTlZfVkFSU1tAXX0gLWd0IDAgXTsgdGhlbgogICAgZm9yIGVudl92YXIgaW4gIiR7RU5WX1ZBUlNbQF19IjsgZG8KICAgICAgICBlY2hvICIke2Vudl92YXJ9IiA+PiAiJHtTMklfRU5WSVJPTk1FTlRfRklMRX0iCiAgICBkb25lCmZpCgojCiMgUzJJIEdlbmVyYXRlCiMKCnBoYXNlICJHZW5lcmF0aW5nIHRoZSBEb2NrZXJmaWxlIGZvciBTMkkgYnVpbGRlciBpbWFnZSAnJHtTMklfQlVJTERFUl9JTUFHRX0nIgpzMmkgLS1sb2dsZXZlbCAiJHtTMklfTE9HTEVWRUx9IiBcCiAgICBidWlsZCAiJHtQQVJBTVNfQ09OVEVYVH0iICIke1MySV9CVUlMREVSX0lNQUdFfSIgXAogICAgICAgIC0taW1hZ2Utc2NyaXB0cy11cmwgIiR7UEFSQU1TX0lNQUdFX1NDUklQVFNfVVJMfSIgXAogICAgICAgIC0tYXMtZG9ja2VyZmlsZSAiJHtTMklfRE9DS0VSRklMRX0iIFwKICAgICAgICAtLWVudmlyb25tZW50LWZpbGUgIiR7UzJJX0VOVklST05NRU5UX0ZJTEV9IgoKcGhhc2UgIkluc3BlY3RpbmcgdGhlIERvY2tlcmZpbGUgZ2VuZXJhdGVkIGF0ICcke1MySV9ET0NLRVJGSUxFfSciCltbICEgLWYgIiR7UzJJX0RPQ0tFUkZJTEV9IiBdXSAmJgogICAgZmFpbCAiR2VuZXJhdGVkIERvY2tlcmZpbGUgaXMgbm90IGZvdW5kISIKCnNldCAreApwaGFzZSAiR2VuZXJhdGVkIERvY2tlcmZpbGUgcGF5bG9hZCIKZWNobyAtZW4gIj4+PiAke1MySV9ET0NLRVJGSUxFfVxuJChjYXQgJHtTMklfRE9DS0VSRklMRX0pXG48PDwgRU9GXG4iCg==" |base64 -d >"/scripts/s2i-generate.sh" + ls /scripts/s2i-*.sh; + chmod +x /scripts/s2i-*.sh;echo "Running Script /scripts/s2i-generate.sh"; + /scripts/s2i-generate.sh; + args: + - "$(params.ENV_VARS[*])" + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: s2i-generate-dir + mountPath: /s2i-generate + + - name: s2i-build + image: registry.access.redhat.com/ubi8/buildah:8.10-5 + workingDir: /s2i-generate + command: + - /scripts/s2i-build.sh + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: s2i-generate-dir + mountPath: /s2i-generate + + volumes: + - name: scripts-dir + emptyDir: {} + - name: s2i-generate-dir + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-s2i-php/task-s2i-php-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-s2i-php/task-s2i-php-task.yaml new file mode 100644 index 0000000000..8bf8c9e38b --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-s2i-php/task-s2i-php-task.yaml @@ -0,0 +1,197 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-s2i-php/0.4.1/task-s2i-php.yaml +# +--- +--- +# Source: task-containers/templates/task-s2i-php.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: s2i-php + labels: + app.kubernetes.io/version: 0.4.1 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-containers" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/categories: containers + tekton.dev/pipelines.minVersion: 0.41.0 + tekton.dev/tags: containers +spec: + description: | + Builds the source code using the s2i's php builder-image + "image-registry.openshift-image-registry.svc:5000/openshift/php". + + + workspaces: + - name: source + optional: false + description: | + Application source code, the build context for S2I workflow. + - name: dockerconfig + optional: true + description: >- + An optional workspace that allows providing a .docker/config.json file for Buildah to access the container registry. + The file should be placed at the root of the Workspace with name config.json. + + params: + - name: IMAGE + type: string + description: | + Fully qualified container image name to be built by s2i. + - name: VERSION + description: The tag of the imagestream for the corresponding language version + default: latest + type: string + - name: IMAGE_SCRIPTS_URL + type: string + default: image:///usr/libexec/s2i + description: | + Specify a URL containing the default assemble and run scripts for the builder image + - name: ENV_VARS + type: array + default: [] + description: | + Array containing string of Environment Variables as "KEY=VALUE" + - name: CONTEXT + type: string + default: "." + description: | + Path to the directory to use as context. + - name: STORAGE_DRIVER + type: string + default: vfs + description: | + Set buildah storage driver to reflect the currrent cluster node's + settings. + - name: FORMAT + description: The format of the built container, oci or docker + default: "oci" + - name: BUILD_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the build command when building images. + - name: PUSH_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the push command when pushing images. + - name: SKIP_PUSH + default: "false" + description: | + Skip pushing the image to the container registry. + - name: TLS_VERIFY + type: string + default: "true" + description: | + Sets the TLS verification flag, `true` is recommended. + - name: VERBOSE + type: string + default: "false" + description: | + Turns on verbose logging, all commands executed will be printed out. + + results: + - name: IMAGE_URL + description: | + Fully qualified image name. + - name: IMAGE_DIGEST + description: | + Digest of the image just built. + + stepTemplate: + env: + + - name: PARAMS_IMAGE + value: "$(params.IMAGE)" + - name: PARAMS_VERSION + value: "$(params.VERSION)" + - name: PARAMS_IMAGE_SCRIPTS_URL + value: "$(params.IMAGE_SCRIPTS_URL)" + - name: PARAMS_CONTEXT + value: "$(params.CONTEXT)" + - name: PARAMS_FORMAT + value: "$(params.FORMAT)" + - name: PARAMS_STORAGE_DRIVER + value: "$(params.STORAGE_DRIVER)" + - name: PARAMS_BUILD_EXTRA_ARGS + value: "$(params.BUILD_EXTRA_ARGS)" + - name: PARAMS_PUSH_EXTRA_ARGS + value: "$(params.PUSH_EXTRA_ARGS)" + - name: PARAMS_SKIP_PUSH + value: "$(params.SKIP_PUSH)" + - name: PARAMS_TLS_VERIFY + value: "$(params.TLS_VERIFY)" + - name: PARAMS_VERBOSE + value: "$(params.VERBOSE)" + - name: WORKSPACES_SOURCE_BOUND + value: "$(workspaces.source.bound)" + - name: WORKSPACES_SOURCE_PATH + value: "$(workspaces.source.path)" + - name: WORKSPACES_DOCKERCONFIG_BOUND + value: "$(workspaces.dockerconfig.bound)" + - name: WORKSPACES_DOCKERCONFIG_PATH + value: "$(workspaces.dockerconfig.path)" + - name: RESULTS_IMAGE_URL_PATH + value: "$(results.IMAGE_URL.path)" + - name: RESULTS_IMAGE_DIGEST_PATH + value: "$(results.IMAGE_DIGEST.path)" + + steps: + - name: s2i-generate + image: registry.access.redhat.com/source-to-image/source-to-image-rhel8:v1.3.9-6 + workingDir: $(workspaces.source.path) + env: + - name: S2I_BUILDER_IMAGE + value: "image-registry.openshift-image-registry.svc:5000/openshift/php:$(params.VERSION)" + script: | + set -e + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgV3JhcHBlciBhcm91bmQgImJ1aWxkYWggYnVkIiB0byBidWlsZCBhbmQgcHVzaCBhIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiBhIERvY2tlcmZpbGUuCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvYnVpbGRhaC1jb21tb24uc2giCgpmdW5jdGlvbiBfYnVpbGRhaCgpIHsKICAgIGJ1aWxkYWggXAogICAgICAgIC0tc3RvcmFnZS1kcml2ZXI9IiR7UEFSQU1TX1NUT1JBR0VfRFJJVkVSfSIgXAogICAgICAgIC0tdGxzLXZlcmlmeT0iJHtQQVJBTVNfVExTX1ZFUklGWX0iIFwKICAgICAgICAkeyp9Cn0KCiMKIyBQcmVwYXJlCiMKCiMgbWFraW5nIHN1cmUgdGhlIHJlcXVpcmVkIHdvcmtzcGFjZSAic291cmNlIiBpcyBib3VuZGVkLCB3aGljaCBtZWFucyBpdHMgdm9sdW1lIGlzIGN1cnJlbnRseSBtb3VudGVkCiMgYW5kIHJlYWR5IHRvIHVzZQpwaGFzZSAiSW5zcGVjdGluZyBzb3VyY2Ugd29ya3NwYWNlICcke1dPUktTUEFDRVNfU09VUkNFX1BBVEh9JyAoUFdEPScke1BXRH0nKSIKW1sgIiR7V09SS1NQQUNFU19TT1VSQ0VfQk9VTkR9IiAhPSAidHJ1ZSIgXV0gJiYKICAgIGZhaWwgIldvcmtzcGFjZSAnc291cmNlJyBpcyBub3QgYm91bmRlZCIKCnBoYXNlICJBc3NlcnRpbmcgdGhlIGRvY2tlcmZpbGUvY29udGFpbmVyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyBleGlzdHMiCltbICEgLWYgIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgIkRvY2tlcmZpbGUgbm90IGZvdW5kIGF0OiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJDT05URVhUIHBhcmFtIGlzIG5vdCBmb3VuZCBhdCAnJHtQQVJBTVNfQ09OVEVYVH0nLCBvbiBzb3VyY2Ugd29ya3NwYWNlIgoKcGhhc2UgIkJ1aWxkaW5nIGJ1aWxkIGFyZ3MiCkJVSUxEX0FSR1M9KCkKZm9yIGJ1aWxkYXJnIGluICIkQCI7IGRvCiAgICBCVUlMRF9BUkdTKz0oIi0tYnVpbGQtYXJnPSRidWlsZGFyZyIpCmRvbmUKCiMgSGFuZGxlIG9wdGlvbmFsIGRvY2tlcmNvbmZpZyBzZWNyZXQKaWYgW1sgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfQk9VTkR9IiA9PSAidHJ1ZSIgXV07IHRoZW4KCiAgICAjIGlmIGNvbmZpZy5qc29uIGV4aXN0cyBhdCB3b3Jrc3BhY2Ugcm9vdCwgd2UgdXNlIHRoYXQKICAgIGlmIHRlc3QgLWYgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0vY29uZmlnLmpzb24iOyB0aGVuCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0iCgogICAgICAgICMgZWxzZSB3ZSBsb29rIGZvciAuZG9ja2VyY29uZmlnanNvbiBhdCB0aGUgcm9vdAogICAgZWxpZiB0ZXN0IC1mICIke1dPUktTUEFDRVNfRE9DS0VSQ09ORklHX1BBVEh9Ly5kb2NrZXJjb25maWdqc29uIjsgdGhlbgogICAgICAgICMgZW5zdXJlIC5kb2NrZXIgZXhpc3QgYmVmb3JlIHRoZSBjb3B5aW5nIHRoZSBjb250ZW50CiAgICAgICAgaWYgWyAhIC1kICIkSE9NRS8uZG9ja2VyIiBdOyB0aGVuCiAgICAgICAgICAgbWtkaXIgLXAgIiRIT01FLy5kb2NrZXIiCiAgICAgICAgZmkKICAgICAgICBjcCAiJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIfS8uZG9ja2VyY29uZmlnanNvbiIgIiRIT01FLy5kb2NrZXIvY29uZmlnLmpzb24iCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiRIT01FLy5kb2NrZXIiCgogICAgICAgICMgbmVlZCB0byBlcnJvciBvdXQgaWYgbmVpdGhlciBmaWxlcyBhcmUgcHJlc2VudAogICAgZWxzZQogICAgICAgIGVjaG8gIm5laXRoZXIgJ2NvbmZpZy5qc29uJyBub3IgJy5kb2NrZXJjb25maWdqc29uJyBmb3VuZCBhdCB3b3Jrc3BhY2Ugcm9vdCIKICAgICAgICBleGl0IDEKICAgIGZpCmZpCgpFTlRJVExFTUVOVF9WT0xVTUU9IiIKaWYgW1sgIiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX0JPVU5EfSIgPT0gInRydWUiIF1dOyB0aGVuCiAgICBFTlRJVExFTUVOVF9WT0xVTUU9Ii0tdm9sdW1lICR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEh9Oi9ldGMvcGtpL2VudGl0bGVtZW50IgpmaQoKIwojIEJ1aWxkCiMKCnBoYXNlICJCdWlsZGluZyAnJHtQQVJBTVNfSU1BR0V9JyBiYXNlZCBvbiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCltbIC1uICIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX0JVSUxEX0VYVFJBX0FSR1N9JyIKCl9idWlsZGFoIGJ1ZCAke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSBcCiAgICAkRU5USVRMRU1FTlRfVk9MVU1FIFwKICAgICIke0JVSUxEX0FSR1NbQF19IiBcCiAgICAtLWZpbGU9IiR7RE9DS0VSRklMRV9GVUxMfSIgXAogICAgLS10YWc9IiR7UEFSQU1TX0lNQUdFfSIgXAogICAgIiR7UEFSQU1TX0NPTlRFWFR9IgoKaWYgW1sgIiR7UEFSQU1TX1NLSVBfUFVTSH0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgcGhhc2UgIlNraXBwaW5nIHB1c2hpbmcgJyR7UEFSQU1TX0lNQUdFfScgdG8gdGhlIGNvbnRhaW5lciByZWdpc3RyeSEiCiAgICBleGl0IDAKZmkKCiMKIyBQdXNoCiMKCnBoYXNlICJQdXNoaW5nICcke1BBUkFNU19JTUFHRX0nIHRvIHRoZSBjb250YWluZXIgcmVnaXN0cnkiCgpbWyAtbiAiJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX1BVU0hfRVhUUkFfQVJHU30nIgoKIyB0ZW1wb3JhcnkgZmlsZSB0byBzdG9yZSB0aGUgaW1hZ2UgZGlnZXN0LCBpbmZvcm1hdGlvbiBvbmx5IG9idGFpbmVkIGFmdGVyIHB1c2hpbmcgdGhlIGltYWdlIHRvIHRoZQojIGNvbnRhaW5lciByZWdpc3RyeQpkZWNsYXJlIC1yIGRpZ2VzdF9maWxlPSIvdG1wL2J1aWxkYWgtZGlnZXN0LnR4dCIKCl9idWlsZGFoIHB1c2ggJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSBcCiAgICAtLWRpZ2VzdGZpbGU9IiR7ZGlnZXN0X2ZpbGV9IiBcCiAgICAiJHtQQVJBTVNfSU1BR0V9IiBcCiAgICAiZG9ja2VyOi8vJHtQQVJBTVNfSU1BR0V9IgoKIwojIFJlc3VsdHMKIwoKcGhhc2UgIkluc3BlY3RpbmcgZGlnZXN0IHJlcG9ydCAoJyR7ZGlnZXN0X2ZpbGV9JykiCgpbWyAhIC1yICIke2RpZ2VzdF9maWxlfSIgXV0gJiYKICAgIGZhaWwgIlVuYWJsZSB0byBmaW5kIGRpZ2VzdC1maWxlIGF0ICcke2RpZ2VzdF9maWxlfSciCgpkZWNsYXJlIC1yIGRpZ2VzdF9zdW09IiQoY2F0ICR7ZGlnZXN0X2ZpbGV9KSIKCltbIC16ICIke2RpZ2VzdF9zdW19IiBdXSAmJgogICAgZmFpbCAiRGlnZXN0IGZpbGUgJyR7ZGlnZXN0X2ZpbGV9JyBpcyBlbXB0eSEiCgpwaGFzZSAiU3VjY2Vzc2Z1bHkgYnVpbHQgY29udGFpbmVyIGltYWdlICcke1BBUkFNU19JTUFHRX0nICgnJHtkaWdlc3Rfc3VtfScpIgplY2hvIC1uICIke1BBUkFNU19JTUFHRX0iIHwgdGVlICR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSH0KZWNobyAtbiAiJHtkaWdlc3Rfc3VtfSIgfCB0ZWUgJHtSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIfQo=" |base64 -d >"/scripts/buildah-bud.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKZGVjbGFyZSAtcnggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKZGVjbGFyZSAtcnggUEFSQU1TX0RPQ0tFUkZJTEU9IiR7UEFSQU1TX0RPQ0tFUkZJTEU6LX0iCmRlY2xhcmUgLXggUEFSQU1TX0NPTlRFWFQ9IiR7UEFSQU1TX0NPTlRFWFQ6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TVE9SQUdFX0RSSVZFUj0iJHtQQVJBTVNfU1RPUkFHRV9EUklWRVI6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19CVUlMRF9FWFRSQV9BUkdTPSIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTOi19IgpkZWNsYXJlIC1yeCBQQVJBTVNfUFVTSF9FWFRSQV9BUkdTPSIke1BBUkFNU19QVVNIX0VYVFJBX0FSR1M6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TS0lQX1BVU0g9IiR7UEFSQU1TX1NLSVBfUFVTSDotfSIKZGVjbGFyZSAtcnggUEFSQU1TX1RMU19WRVJJRlk9IiR7UEFSQU1TX1RMU19WRVJJRlk6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19WRVJCT1NFPSIke1BBUkFNU19WRVJCT1NFOi19IgoKZGVjbGFyZSAtcnggV09SS1NQQUNFU19TT1VSQ0VfUEFUSD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg9IiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFdPUktTUEFDRVNfUkhFTF9FTlRJVExFTUVOVF9CT1VORD0iJHtXT1JLU1BBQ0VTX1JIRUxfRU5USVRMRU1FTlRfQk9VTkQ6LX0iCgpkZWNsYXJlIC1yeCBSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIPSIke1JFU1VMVFNfSU1BR0VfRElHRVNUX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFJFU1VMVFNfSU1BR0VfVVJMX1BBVEg9IiR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSDotfSIKCiMKIyBEb2NrZXJmaWxlCiMKCiMgZXhwb3NpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUsIHdoaWNoIGJ5IGRlZmF1bHQgc2hvdWxkIGJlIHJlbGF0aXZlIHRvIHRoZSBwcmltYXJ5CiMgd29ya3NwYWNlLCB0byByZWNlaXZlIGEgZGlmZmVyZW50IGNvbnRhaW5lci1maWxlIGxvY2F0aW9uCmRlY2xhcmUgLXIgZG9ja2VyZmlsZV9vbl93cz0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19ET0NLRVJGSUxFfSIKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7RE9DS0VSRklMRV9GVUxMOi0ke2RvY2tlcmZpbGVfb25fd3N9fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKW1sgLXogIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgInVuYWJsZSB0byBmaW5kIHRoZSBEb2NrZXJmaWxlLCBET0NLRVJGSUxFIG1heSBoYXZlIGFuIGluY29ycmVjdCBsb2NhdGlvbiIKCmV4cG9ydGVkX29yX2ZhaWwgXAogICAgV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBcCiAgICBQQVJBTVNfSU1BR0UKCiMKIyBWZXJib3NlIE91dHB1dAojCgppZiBbWyAiJHtQQVJBTVNfVkVSQk9TRX0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgc2V0IC14CmZpCg==" |base64 -d >"/scripts/buildah-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + ls /scripts/buildah-*.sh; + chmod +x /scripts/buildah-*.sh; + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVXNlcyB0aGUgRG9ja2VyZmlsZSBnZW5lcmF0ZWQgYnkgczJpIHRvIGFzc2VtYmxlIGEgbmV3IGNvbnRhaW5lciBpbWFnZSB1c2luZyBidWlsZGFoLgojCgpzaG9wdCAtcyBpbmhlcml0X2VycmV4aXQKc2V0IC1ldSAtbyBwaXBlZmFpbAoKZGVjbGFyZSAtciBjdXJfZGlyPSIkKGRpcm5hbWUgJHtCQVNIX1NPVVJDRVswXX0pIgoKc291cmNlICIke2N1cl9kaXJ9L2NvbW1vbi5zaCIKc291cmNlICIke2N1cl9kaXJ9L3MyaS1jb21tb24uc2giCgojIGxvYWRpbmcgYnVpbGRhaCBzZXR0aW5ncyBvdmVyd3JpdHRpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7UzJJX0RPQ0tFUkZJTEV9Igpzb3VyY2UgIiR7Y3VyX2Rpcn0vYnVpbGRhaC1jb21tb24uc2giCgpwaGFzZSAiQ2hhbmdpbmcgJFBBUkFNU19DT05URVhUIHRvIHBvaW50IHRvIHByZXNlbnQgd29ya2luZyBkaXJlY3RvcnkiCltbICIkUEFSQU1TX0NPTlRFWFQiICE9ICIuIiBdXSAmJiAKICAgIFBBUkFNU19DT05URVhUPSIuIgoKcGhhc2UgIkluc3BlY3RpbmcgY29udGV4dCAnJHtQQVJBTVNfQ09OVEVYVH0nIgpbWyAhIC1kICIke1BBUkFNU19DT05URVhUfSIgXV0gJiYKICAgIGZhaWwgIkFwcGxpY2F0aW9uIHNvdXJjZSBjb2RlIGRpcmVjdG9yeSBub3QgZm91bmQgYXQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKCnBoYXNlICJCdWlsZGluZyB0aGUgRG9ja2VyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyB3aXRoIGJ1aWxkYWgiCmV4ZWMgJHtjdXJfZGlyfS9idWlsZGFoLWJ1ZC5zaAo=" |base64 -d >"/scripts/s2i-build.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0YXJnZXQgaW1hZ2UgbmFtZSAoZnVsbHkgcXVhbGlmaWVkKSB0byBiZSBidWlsZCB3aXRoIHMyaSwgcmVkZWNsYXJpbmcgdGhlIHNhbWUgcGFyYW1ldGVyIG5hbWUgdGhhbgojIGJ1aWxkYWggdGFzayB1c2VzCmRlY2xhcmUgLXggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKIyBTcGVjaWZ5IGEgVVJMIGNvbnRhaW5pbmcgdGhlIGRlZmF1bHQgYXNzZW1ibGUgYW5kIHJ1biBzY3JpcHRzIGZvciB0aGUgYnVpbGRlciBpbWFnZQpkZWNsYXJlIC1yeCBQQVJBTVNfSU1BR0VfU0NSSVBUU19VUkw9IiR7UEFSQU1TX0lNQUdFX1NDUklQVFNfVVJMOi19IgoKIyB2b2x1bWUgbW91bnQgb3IgZGlyZWN0b3J5IHJlc3BvbnNpYmxlIGZvciBob2xkaW5nIGZpbGVzIAojIGxpa2UgZW52LCBEb2NrZXJmaWxlIGFuZCBhbnkgb3RoZXJzIG5lZWRlZCB0byBzdXBwb3J0IHMyaQpkZWNsYXJlIC1yeCBTMklfR0VORVJBVEVfRElSRUNUT1JZPSIke1MySV9HRU5FUkFURV9ESVJFQ1RPUlk6LS9zMmktZ2VuZXJhdGV9IgoKIyBmdWxsIHBhdGggdG8gdGhlIGNvbnRhaW5lciBmaWxlIGdlbmVyYXRlZCBieSBzMmkKZGVjbGFyZSAtcnggUzJJX0RPQ0tFUkZJTEU9IiR7UzJJX0RPQ0tFUkZJTEU6LSR7UzJJX0dFTkVSQVRFX0RJUkVDVE9SWX0vRG9ja2VyZmlsZS5nZW59IgoKIyBmdWxsIHBhdGggdG8gdGhlIGVudiBmaWxlIHVzZWQgd2l0aCB0aGUgLS1lbnZpcm9ubWVudC1maWxlIHBhcmFtZXRlciBvZiBzMmkKZGVjbGFyZSAtcnggUzJJX0VOVklST05NRU5UX0ZJTEU9IiR7UzJJX0VOVklST05NRU5UX0ZJTEU6LSR7UzJJX0dFTkVSQVRFX0RJUkVDVE9SWX0vZW52fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKZXhwb3J0ZWRfb3JfZmFpbCBcCiAgICBXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIIFwKICAgIFBBUkFNU19JTUFHRQoKIwojIFZlcmJvc2UgT3V0cHV0CiMKCmRlY2xhcmUgLXggUzJJX0xPR0xFVkVMPSIwIgoKaWYgW1sgIiR7UEFSQU1TX1ZFUkJPU0V9IiA9PSAidHJ1ZSIgXV07IHRoZW4KICAgIFMySV9MT0dMRVZFTD0iMiIKICAgIHNldCAteApmaQo=" |base64 -d >"/scripts/s2i-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVXNlcyBzMmkgdG8gZ2VuZXJhdGUgdGhlIHJlcGVzY3RpdmUgQ29udGFpbmVyZmlsZSBiYXNlZCBvbiB0aGUgaW5mb21yZWQgYnVpbGRlci4gVGhlIENvbnRhaW5lcmZpbGUKIyBpcyBzdG9yZWQgb24gYSB0ZW1wb3JhcnkgbG9jYXRpb24uCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvczJpLWNvbW1vbi5zaCIKCiMgczJpIGJ1aWxkZXIgaW1hZ2UgbmFtZSAoZnVsbHkgcXVhbGlmaWVkKQpkZWNsYXJlIC1yeCBTMklfQlVJTERFUl9JTUFHRT0iJHtTMklfQlVJTERFUl9JTUFHRTotfSIKCiMgdGFrZXMgdGhlIHZhbHVlcyBpbiBhcmd1bWVudCBFTlZfVkFSUyBhbmQgY3JlYXRlcyBhbiBhcnJheSB1c2luZyB0aG9zZSB2YWx1ZXMKZGVjbGFyZSAtcmEgRU5WX1ZBUlM9KCR7QH0pCgojIHJlLXVzaW5nIHRoZSBzYW1lIHBhcmFtZXRlcnMgdGhhbiBidWlsZGFoLCBzMmkgbmVlZHMgYnVpbGRhaCBhYmlsaXRpZXMgdG8gY3JlYXRlIHRoZSBmaW5hbAojIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiB3aGF0IHMyaSBnZW5lcmF0ZXMKc291cmNlICIkKGRpcm5hbWUgJHtCQVNIX1NPVVJDRVswXX0pL2J1aWxkYWgtY29tbW9uLnNoIgoKIwojIFByZXBhcmUKIwoKIyBtYWtpbmcgc3VyZSB0aGUgcmVxdWlyZWQgd29ya3NwYWNlICJzb3VyY2UiIGlzIGJvdW5kZWQsIHdoaWNoIG1lYW5zIGl0cyB2b2x1bWUgaXMgY3VycmVudGx5IG1vdW50ZWQKIyBhbmQgcmVhZHkgdG8gdXNlCnBoYXNlICJJbnNwZWN0aW5nIHNvdXJjZSB3b3Jrc3BhY2UgJyR7V09SS1NQQUNFU19TT1VSQ0VfUEFUSH0nIChQV0Q9JyR7UFdEfScpIgpbWyAiJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORH0iICE9ICJ0cnVlIiBdXSAmJgogICAgZmFpbCAiV29ya3NwYWNlICdzb3VyY2UnIGlzIG5vdCBib3VuZGVkIgoKcGhhc2UgIkFwcGVuZGluZyAkUEFSQU1TX0NPTlRFWFQgd2l0aCAkV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBpZiBpdCdzIHJlbGF0aXZlIgpbWyAiJFBBUkFNU19DT05URVhUIiAhPSAiLiIgJiYgIiRQQVJBTVNfQ09OVEVYVCIgIT0gLyogXV0gJiYgCiAgICBQQVJBTVNfQ09OVEVYVD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19DT05URVhUfSIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJBcHBsaWNhdGlvbiBzb3VyY2UgY29kZSBkaXJlY3Rvcnkgbm90IGZvdW5kIGF0ICcke1BBUkFNU19DT05URVhUfSciCgpwaGFzZSAiQWRkaW5nIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdG8gJyR7UzJJX0VOVklST05NRU5UX0ZJTEV9JyIKCiMgYWRkIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdGhhdCBhcmUgc2VudCBhcyBjb21tYW5kIGxpbmUgYXJndW1lbnRzIGZyb20gRU5WX1ZBUlMgcGFyYW1ldGVyCnRvdWNoICIke1MySV9FTlZJUk9OTUVOVF9GSUxFfSIKaWYgWyAkeyNFTlZfVkFSU1tAXX0gLWd0IDAgXTsgdGhlbgogICAgZm9yIGVudl92YXIgaW4gIiR7RU5WX1ZBUlNbQF19IjsgZG8KICAgICAgICBlY2hvICIke2Vudl92YXJ9IiA+PiAiJHtTMklfRU5WSVJPTk1FTlRfRklMRX0iCiAgICBkb25lCmZpCgojCiMgUzJJIEdlbmVyYXRlCiMKCnBoYXNlICJHZW5lcmF0aW5nIHRoZSBEb2NrZXJmaWxlIGZvciBTMkkgYnVpbGRlciBpbWFnZSAnJHtTMklfQlVJTERFUl9JTUFHRX0nIgpzMmkgLS1sb2dsZXZlbCAiJHtTMklfTE9HTEVWRUx9IiBcCiAgICBidWlsZCAiJHtQQVJBTVNfQ09OVEVYVH0iICIke1MySV9CVUlMREVSX0lNQUdFfSIgXAogICAgICAgIC0taW1hZ2Utc2NyaXB0cy11cmwgIiR7UEFSQU1TX0lNQUdFX1NDUklQVFNfVVJMfSIgXAogICAgICAgIC0tYXMtZG9ja2VyZmlsZSAiJHtTMklfRE9DS0VSRklMRX0iIFwKICAgICAgICAtLWVudmlyb25tZW50LWZpbGUgIiR7UzJJX0VOVklST05NRU5UX0ZJTEV9IgoKcGhhc2UgIkluc3BlY3RpbmcgdGhlIERvY2tlcmZpbGUgZ2VuZXJhdGVkIGF0ICcke1MySV9ET0NLRVJGSUxFfSciCltbICEgLWYgIiR7UzJJX0RPQ0tFUkZJTEV9IiBdXSAmJgogICAgZmFpbCAiR2VuZXJhdGVkIERvY2tlcmZpbGUgaXMgbm90IGZvdW5kISIKCnNldCAreApwaGFzZSAiR2VuZXJhdGVkIERvY2tlcmZpbGUgcGF5bG9hZCIKZWNobyAtZW4gIj4+PiAke1MySV9ET0NLRVJGSUxFfVxuJChjYXQgJHtTMklfRE9DS0VSRklMRX0pXG48PDwgRU9GXG4iCg==" |base64 -d >"/scripts/s2i-generate.sh" + ls /scripts/s2i-*.sh; + chmod +x /scripts/s2i-*.sh;echo "Running Script /scripts/s2i-generate.sh"; + /scripts/s2i-generate.sh; + args: + - "$(params.ENV_VARS[*])" + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: s2i-generate-dir + mountPath: /s2i-generate + + - name: s2i-build + image: registry.access.redhat.com/ubi8/buildah:8.10-5 + workingDir: /s2i-generate + command: + - /scripts/s2i-build.sh + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: s2i-generate-dir + mountPath: /s2i-generate + + volumes: + - name: scripts-dir + emptyDir: {} + - name: s2i-generate-dir + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-s2i-python/task-s2i-python-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-s2i-python/task-s2i-python-task.yaml new file mode 100644 index 0000000000..d582427204 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-s2i-python/task-s2i-python-task.yaml @@ -0,0 +1,197 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-s2i-python/0.4.1/task-s2i-python.yaml +# +--- +--- +# Source: task-containers/templates/task-s2i-python.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: s2i-python + labels: + app.kubernetes.io/version: 0.4.1 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-containers" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/categories: containers + tekton.dev/pipelines.minVersion: 0.41.0 + tekton.dev/tags: containers +spec: + description: | + Builds the source code using the s2i's Python builder-image + "image-registry.openshift-image-registry.svc:5000/openshift/python". + + + workspaces: + - name: source + optional: false + description: | + Application source code, the build context for S2I workflow. + - name: dockerconfig + optional: true + description: >- + An optional workspace that allows providing a .docker/config.json file for Buildah to access the container registry. + The file should be placed at the root of the Workspace with name config.json. + + params: + - name: IMAGE + type: string + description: | + Fully qualified container image name to be built by s2i. + - name: VERSION + description: The tag of the imagestream for the corresponding language version + default: latest + type: string + - name: IMAGE_SCRIPTS_URL + type: string + default: image:///usr/libexec/s2i + description: | + Specify a URL containing the default assemble and run scripts for the builder image + - name: ENV_VARS + type: array + default: [] + description: | + Array containing string of Environment Variables as "KEY=VALUE" + - name: CONTEXT + type: string + default: "." + description: | + Path to the directory to use as context. + - name: STORAGE_DRIVER + type: string + default: vfs + description: | + Set buildah storage driver to reflect the currrent cluster node's + settings. + - name: FORMAT + description: The format of the built container, oci or docker + default: "oci" + - name: BUILD_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the build command when building images. + - name: PUSH_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the push command when pushing images. + - name: SKIP_PUSH + default: "false" + description: | + Skip pushing the image to the container registry. + - name: TLS_VERIFY + type: string + default: "true" + description: | + Sets the TLS verification flag, `true` is recommended. + - name: VERBOSE + type: string + default: "false" + description: | + Turns on verbose logging, all commands executed will be printed out. + + results: + - name: IMAGE_URL + description: | + Fully qualified image name. + - name: IMAGE_DIGEST + description: | + Digest of the image just built. + + stepTemplate: + env: + + - name: PARAMS_IMAGE + value: "$(params.IMAGE)" + - name: PARAMS_VERSION + value: "$(params.VERSION)" + - name: PARAMS_IMAGE_SCRIPTS_URL + value: "$(params.IMAGE_SCRIPTS_URL)" + - name: PARAMS_CONTEXT + value: "$(params.CONTEXT)" + - name: PARAMS_FORMAT + value: "$(params.FORMAT)" + - name: PARAMS_STORAGE_DRIVER + value: "$(params.STORAGE_DRIVER)" + - name: PARAMS_BUILD_EXTRA_ARGS + value: "$(params.BUILD_EXTRA_ARGS)" + - name: PARAMS_PUSH_EXTRA_ARGS + value: "$(params.PUSH_EXTRA_ARGS)" + - name: PARAMS_SKIP_PUSH + value: "$(params.SKIP_PUSH)" + - name: PARAMS_TLS_VERIFY + value: "$(params.TLS_VERIFY)" + - name: PARAMS_VERBOSE + value: "$(params.VERBOSE)" + - name: WORKSPACES_SOURCE_BOUND + value: "$(workspaces.source.bound)" + - name: WORKSPACES_SOURCE_PATH + value: "$(workspaces.source.path)" + - name: WORKSPACES_DOCKERCONFIG_BOUND + value: "$(workspaces.dockerconfig.bound)" + - name: WORKSPACES_DOCKERCONFIG_PATH + value: "$(workspaces.dockerconfig.path)" + - name: RESULTS_IMAGE_URL_PATH + value: "$(results.IMAGE_URL.path)" + - name: RESULTS_IMAGE_DIGEST_PATH + value: "$(results.IMAGE_DIGEST.path)" + + steps: + - name: s2i-generate + image: registry.access.redhat.com/source-to-image/source-to-image-rhel8:v1.3.9-6 + workingDir: $(workspaces.source.path) + env: + - name: S2I_BUILDER_IMAGE + value: "image-registry.openshift-image-registry.svc:5000/openshift/python:$(params.VERSION)" + script: | + set -e + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgV3JhcHBlciBhcm91bmQgImJ1aWxkYWggYnVkIiB0byBidWlsZCBhbmQgcHVzaCBhIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiBhIERvY2tlcmZpbGUuCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvYnVpbGRhaC1jb21tb24uc2giCgpmdW5jdGlvbiBfYnVpbGRhaCgpIHsKICAgIGJ1aWxkYWggXAogICAgICAgIC0tc3RvcmFnZS1kcml2ZXI9IiR7UEFSQU1TX1NUT1JBR0VfRFJJVkVSfSIgXAogICAgICAgIC0tdGxzLXZlcmlmeT0iJHtQQVJBTVNfVExTX1ZFUklGWX0iIFwKICAgICAgICAkeyp9Cn0KCiMKIyBQcmVwYXJlCiMKCiMgbWFraW5nIHN1cmUgdGhlIHJlcXVpcmVkIHdvcmtzcGFjZSAic291cmNlIiBpcyBib3VuZGVkLCB3aGljaCBtZWFucyBpdHMgdm9sdW1lIGlzIGN1cnJlbnRseSBtb3VudGVkCiMgYW5kIHJlYWR5IHRvIHVzZQpwaGFzZSAiSW5zcGVjdGluZyBzb3VyY2Ugd29ya3NwYWNlICcke1dPUktTUEFDRVNfU09VUkNFX1BBVEh9JyAoUFdEPScke1BXRH0nKSIKW1sgIiR7V09SS1NQQUNFU19TT1VSQ0VfQk9VTkR9IiAhPSAidHJ1ZSIgXV0gJiYKICAgIGZhaWwgIldvcmtzcGFjZSAnc291cmNlJyBpcyBub3QgYm91bmRlZCIKCnBoYXNlICJBc3NlcnRpbmcgdGhlIGRvY2tlcmZpbGUvY29udGFpbmVyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyBleGlzdHMiCltbICEgLWYgIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgIkRvY2tlcmZpbGUgbm90IGZvdW5kIGF0OiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJDT05URVhUIHBhcmFtIGlzIG5vdCBmb3VuZCBhdCAnJHtQQVJBTVNfQ09OVEVYVH0nLCBvbiBzb3VyY2Ugd29ya3NwYWNlIgoKcGhhc2UgIkJ1aWxkaW5nIGJ1aWxkIGFyZ3MiCkJVSUxEX0FSR1M9KCkKZm9yIGJ1aWxkYXJnIGluICIkQCI7IGRvCiAgICBCVUlMRF9BUkdTKz0oIi0tYnVpbGQtYXJnPSRidWlsZGFyZyIpCmRvbmUKCiMgSGFuZGxlIG9wdGlvbmFsIGRvY2tlcmNvbmZpZyBzZWNyZXQKaWYgW1sgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfQk9VTkR9IiA9PSAidHJ1ZSIgXV07IHRoZW4KCiAgICAjIGlmIGNvbmZpZy5qc29uIGV4aXN0cyBhdCB3b3Jrc3BhY2Ugcm9vdCwgd2UgdXNlIHRoYXQKICAgIGlmIHRlc3QgLWYgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0vY29uZmlnLmpzb24iOyB0aGVuCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0iCgogICAgICAgICMgZWxzZSB3ZSBsb29rIGZvciAuZG9ja2VyY29uZmlnanNvbiBhdCB0aGUgcm9vdAogICAgZWxpZiB0ZXN0IC1mICIke1dPUktTUEFDRVNfRE9DS0VSQ09ORklHX1BBVEh9Ly5kb2NrZXJjb25maWdqc29uIjsgdGhlbgogICAgICAgICMgZW5zdXJlIC5kb2NrZXIgZXhpc3QgYmVmb3JlIHRoZSBjb3B5aW5nIHRoZSBjb250ZW50CiAgICAgICAgaWYgWyAhIC1kICIkSE9NRS8uZG9ja2VyIiBdOyB0aGVuCiAgICAgICAgICAgbWtkaXIgLXAgIiRIT01FLy5kb2NrZXIiCiAgICAgICAgZmkKICAgICAgICBjcCAiJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIfS8uZG9ja2VyY29uZmlnanNvbiIgIiRIT01FLy5kb2NrZXIvY29uZmlnLmpzb24iCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiRIT01FLy5kb2NrZXIiCgogICAgICAgICMgbmVlZCB0byBlcnJvciBvdXQgaWYgbmVpdGhlciBmaWxlcyBhcmUgcHJlc2VudAogICAgZWxzZQogICAgICAgIGVjaG8gIm5laXRoZXIgJ2NvbmZpZy5qc29uJyBub3IgJy5kb2NrZXJjb25maWdqc29uJyBmb3VuZCBhdCB3b3Jrc3BhY2Ugcm9vdCIKICAgICAgICBleGl0IDEKICAgIGZpCmZpCgpFTlRJVExFTUVOVF9WT0xVTUU9IiIKaWYgW1sgIiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX0JPVU5EfSIgPT0gInRydWUiIF1dOyB0aGVuCiAgICBFTlRJVExFTUVOVF9WT0xVTUU9Ii0tdm9sdW1lICR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEh9Oi9ldGMvcGtpL2VudGl0bGVtZW50IgpmaQoKIwojIEJ1aWxkCiMKCnBoYXNlICJCdWlsZGluZyAnJHtQQVJBTVNfSU1BR0V9JyBiYXNlZCBvbiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCltbIC1uICIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX0JVSUxEX0VYVFJBX0FSR1N9JyIKCl9idWlsZGFoIGJ1ZCAke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSBcCiAgICAkRU5USVRMRU1FTlRfVk9MVU1FIFwKICAgICIke0JVSUxEX0FSR1NbQF19IiBcCiAgICAtLWZpbGU9IiR7RE9DS0VSRklMRV9GVUxMfSIgXAogICAgLS10YWc9IiR7UEFSQU1TX0lNQUdFfSIgXAogICAgIiR7UEFSQU1TX0NPTlRFWFR9IgoKaWYgW1sgIiR7UEFSQU1TX1NLSVBfUFVTSH0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgcGhhc2UgIlNraXBwaW5nIHB1c2hpbmcgJyR7UEFSQU1TX0lNQUdFfScgdG8gdGhlIGNvbnRhaW5lciByZWdpc3RyeSEiCiAgICBleGl0IDAKZmkKCiMKIyBQdXNoCiMKCnBoYXNlICJQdXNoaW5nICcke1BBUkFNU19JTUFHRX0nIHRvIHRoZSBjb250YWluZXIgcmVnaXN0cnkiCgpbWyAtbiAiJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX1BVU0hfRVhUUkFfQVJHU30nIgoKIyB0ZW1wb3JhcnkgZmlsZSB0byBzdG9yZSB0aGUgaW1hZ2UgZGlnZXN0LCBpbmZvcm1hdGlvbiBvbmx5IG9idGFpbmVkIGFmdGVyIHB1c2hpbmcgdGhlIGltYWdlIHRvIHRoZQojIGNvbnRhaW5lciByZWdpc3RyeQpkZWNsYXJlIC1yIGRpZ2VzdF9maWxlPSIvdG1wL2J1aWxkYWgtZGlnZXN0LnR4dCIKCl9idWlsZGFoIHB1c2ggJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSBcCiAgICAtLWRpZ2VzdGZpbGU9IiR7ZGlnZXN0X2ZpbGV9IiBcCiAgICAiJHtQQVJBTVNfSU1BR0V9IiBcCiAgICAiZG9ja2VyOi8vJHtQQVJBTVNfSU1BR0V9IgoKIwojIFJlc3VsdHMKIwoKcGhhc2UgIkluc3BlY3RpbmcgZGlnZXN0IHJlcG9ydCAoJyR7ZGlnZXN0X2ZpbGV9JykiCgpbWyAhIC1yICIke2RpZ2VzdF9maWxlfSIgXV0gJiYKICAgIGZhaWwgIlVuYWJsZSB0byBmaW5kIGRpZ2VzdC1maWxlIGF0ICcke2RpZ2VzdF9maWxlfSciCgpkZWNsYXJlIC1yIGRpZ2VzdF9zdW09IiQoY2F0ICR7ZGlnZXN0X2ZpbGV9KSIKCltbIC16ICIke2RpZ2VzdF9zdW19IiBdXSAmJgogICAgZmFpbCAiRGlnZXN0IGZpbGUgJyR7ZGlnZXN0X2ZpbGV9JyBpcyBlbXB0eSEiCgpwaGFzZSAiU3VjY2Vzc2Z1bHkgYnVpbHQgY29udGFpbmVyIGltYWdlICcke1BBUkFNU19JTUFHRX0nICgnJHtkaWdlc3Rfc3VtfScpIgplY2hvIC1uICIke1BBUkFNU19JTUFHRX0iIHwgdGVlICR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSH0KZWNobyAtbiAiJHtkaWdlc3Rfc3VtfSIgfCB0ZWUgJHtSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIfQo=" |base64 -d >"/scripts/buildah-bud.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKZGVjbGFyZSAtcnggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKZGVjbGFyZSAtcnggUEFSQU1TX0RPQ0tFUkZJTEU9IiR7UEFSQU1TX0RPQ0tFUkZJTEU6LX0iCmRlY2xhcmUgLXggUEFSQU1TX0NPTlRFWFQ9IiR7UEFSQU1TX0NPTlRFWFQ6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TVE9SQUdFX0RSSVZFUj0iJHtQQVJBTVNfU1RPUkFHRV9EUklWRVI6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19CVUlMRF9FWFRSQV9BUkdTPSIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTOi19IgpkZWNsYXJlIC1yeCBQQVJBTVNfUFVTSF9FWFRSQV9BUkdTPSIke1BBUkFNU19QVVNIX0VYVFJBX0FSR1M6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TS0lQX1BVU0g9IiR7UEFSQU1TX1NLSVBfUFVTSDotfSIKZGVjbGFyZSAtcnggUEFSQU1TX1RMU19WRVJJRlk9IiR7UEFSQU1TX1RMU19WRVJJRlk6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19WRVJCT1NFPSIke1BBUkFNU19WRVJCT1NFOi19IgoKZGVjbGFyZSAtcnggV09SS1NQQUNFU19TT1VSQ0VfUEFUSD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg9IiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFdPUktTUEFDRVNfUkhFTF9FTlRJVExFTUVOVF9CT1VORD0iJHtXT1JLU1BBQ0VTX1JIRUxfRU5USVRMRU1FTlRfQk9VTkQ6LX0iCgpkZWNsYXJlIC1yeCBSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIPSIke1JFU1VMVFNfSU1BR0VfRElHRVNUX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFJFU1VMVFNfSU1BR0VfVVJMX1BBVEg9IiR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSDotfSIKCiMKIyBEb2NrZXJmaWxlCiMKCiMgZXhwb3NpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUsIHdoaWNoIGJ5IGRlZmF1bHQgc2hvdWxkIGJlIHJlbGF0aXZlIHRvIHRoZSBwcmltYXJ5CiMgd29ya3NwYWNlLCB0byByZWNlaXZlIGEgZGlmZmVyZW50IGNvbnRhaW5lci1maWxlIGxvY2F0aW9uCmRlY2xhcmUgLXIgZG9ja2VyZmlsZV9vbl93cz0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19ET0NLRVJGSUxFfSIKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7RE9DS0VSRklMRV9GVUxMOi0ke2RvY2tlcmZpbGVfb25fd3N9fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKW1sgLXogIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgInVuYWJsZSB0byBmaW5kIHRoZSBEb2NrZXJmaWxlLCBET0NLRVJGSUxFIG1heSBoYXZlIGFuIGluY29ycmVjdCBsb2NhdGlvbiIKCmV4cG9ydGVkX29yX2ZhaWwgXAogICAgV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBcCiAgICBQQVJBTVNfSU1BR0UKCiMKIyBWZXJib3NlIE91dHB1dAojCgppZiBbWyAiJHtQQVJBTVNfVkVSQk9TRX0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgc2V0IC14CmZpCg==" |base64 -d >"/scripts/buildah-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + ls /scripts/buildah-*.sh; + chmod +x /scripts/buildah-*.sh; + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVXNlcyB0aGUgRG9ja2VyZmlsZSBnZW5lcmF0ZWQgYnkgczJpIHRvIGFzc2VtYmxlIGEgbmV3IGNvbnRhaW5lciBpbWFnZSB1c2luZyBidWlsZGFoLgojCgpzaG9wdCAtcyBpbmhlcml0X2VycmV4aXQKc2V0IC1ldSAtbyBwaXBlZmFpbAoKZGVjbGFyZSAtciBjdXJfZGlyPSIkKGRpcm5hbWUgJHtCQVNIX1NPVVJDRVswXX0pIgoKc291cmNlICIke2N1cl9kaXJ9L2NvbW1vbi5zaCIKc291cmNlICIke2N1cl9kaXJ9L3MyaS1jb21tb24uc2giCgojIGxvYWRpbmcgYnVpbGRhaCBzZXR0aW5ncyBvdmVyd3JpdHRpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7UzJJX0RPQ0tFUkZJTEV9Igpzb3VyY2UgIiR7Y3VyX2Rpcn0vYnVpbGRhaC1jb21tb24uc2giCgpwaGFzZSAiQ2hhbmdpbmcgJFBBUkFNU19DT05URVhUIHRvIHBvaW50IHRvIHByZXNlbnQgd29ya2luZyBkaXJlY3RvcnkiCltbICIkUEFSQU1TX0NPTlRFWFQiICE9ICIuIiBdXSAmJiAKICAgIFBBUkFNU19DT05URVhUPSIuIgoKcGhhc2UgIkluc3BlY3RpbmcgY29udGV4dCAnJHtQQVJBTVNfQ09OVEVYVH0nIgpbWyAhIC1kICIke1BBUkFNU19DT05URVhUfSIgXV0gJiYKICAgIGZhaWwgIkFwcGxpY2F0aW9uIHNvdXJjZSBjb2RlIGRpcmVjdG9yeSBub3QgZm91bmQgYXQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKCnBoYXNlICJCdWlsZGluZyB0aGUgRG9ja2VyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyB3aXRoIGJ1aWxkYWgiCmV4ZWMgJHtjdXJfZGlyfS9idWlsZGFoLWJ1ZC5zaAo=" |base64 -d >"/scripts/s2i-build.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0YXJnZXQgaW1hZ2UgbmFtZSAoZnVsbHkgcXVhbGlmaWVkKSB0byBiZSBidWlsZCB3aXRoIHMyaSwgcmVkZWNsYXJpbmcgdGhlIHNhbWUgcGFyYW1ldGVyIG5hbWUgdGhhbgojIGJ1aWxkYWggdGFzayB1c2VzCmRlY2xhcmUgLXggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKIyBTcGVjaWZ5IGEgVVJMIGNvbnRhaW5pbmcgdGhlIGRlZmF1bHQgYXNzZW1ibGUgYW5kIHJ1biBzY3JpcHRzIGZvciB0aGUgYnVpbGRlciBpbWFnZQpkZWNsYXJlIC1yeCBQQVJBTVNfSU1BR0VfU0NSSVBUU19VUkw9IiR7UEFSQU1TX0lNQUdFX1NDUklQVFNfVVJMOi19IgoKIyB2b2x1bWUgbW91bnQgb3IgZGlyZWN0b3J5IHJlc3BvbnNpYmxlIGZvciBob2xkaW5nIGZpbGVzIAojIGxpa2UgZW52LCBEb2NrZXJmaWxlIGFuZCBhbnkgb3RoZXJzIG5lZWRlZCB0byBzdXBwb3J0IHMyaQpkZWNsYXJlIC1yeCBTMklfR0VORVJBVEVfRElSRUNUT1JZPSIke1MySV9HRU5FUkFURV9ESVJFQ1RPUlk6LS9zMmktZ2VuZXJhdGV9IgoKIyBmdWxsIHBhdGggdG8gdGhlIGNvbnRhaW5lciBmaWxlIGdlbmVyYXRlZCBieSBzMmkKZGVjbGFyZSAtcnggUzJJX0RPQ0tFUkZJTEU9IiR7UzJJX0RPQ0tFUkZJTEU6LSR7UzJJX0dFTkVSQVRFX0RJUkVDVE9SWX0vRG9ja2VyZmlsZS5nZW59IgoKIyBmdWxsIHBhdGggdG8gdGhlIGVudiBmaWxlIHVzZWQgd2l0aCB0aGUgLS1lbnZpcm9ubWVudC1maWxlIHBhcmFtZXRlciBvZiBzMmkKZGVjbGFyZSAtcnggUzJJX0VOVklST05NRU5UX0ZJTEU9IiR7UzJJX0VOVklST05NRU5UX0ZJTEU6LSR7UzJJX0dFTkVSQVRFX0RJUkVDVE9SWX0vZW52fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKZXhwb3J0ZWRfb3JfZmFpbCBcCiAgICBXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIIFwKICAgIFBBUkFNU19JTUFHRQoKIwojIFZlcmJvc2UgT3V0cHV0CiMKCmRlY2xhcmUgLXggUzJJX0xPR0xFVkVMPSIwIgoKaWYgW1sgIiR7UEFSQU1TX1ZFUkJPU0V9IiA9PSAidHJ1ZSIgXV07IHRoZW4KICAgIFMySV9MT0dMRVZFTD0iMiIKICAgIHNldCAteApmaQo=" |base64 -d >"/scripts/s2i-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVXNlcyBzMmkgdG8gZ2VuZXJhdGUgdGhlIHJlcGVzY3RpdmUgQ29udGFpbmVyZmlsZSBiYXNlZCBvbiB0aGUgaW5mb21yZWQgYnVpbGRlci4gVGhlIENvbnRhaW5lcmZpbGUKIyBpcyBzdG9yZWQgb24gYSB0ZW1wb3JhcnkgbG9jYXRpb24uCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvczJpLWNvbW1vbi5zaCIKCiMgczJpIGJ1aWxkZXIgaW1hZ2UgbmFtZSAoZnVsbHkgcXVhbGlmaWVkKQpkZWNsYXJlIC1yeCBTMklfQlVJTERFUl9JTUFHRT0iJHtTMklfQlVJTERFUl9JTUFHRTotfSIKCiMgdGFrZXMgdGhlIHZhbHVlcyBpbiBhcmd1bWVudCBFTlZfVkFSUyBhbmQgY3JlYXRlcyBhbiBhcnJheSB1c2luZyB0aG9zZSB2YWx1ZXMKZGVjbGFyZSAtcmEgRU5WX1ZBUlM9KCR7QH0pCgojIHJlLXVzaW5nIHRoZSBzYW1lIHBhcmFtZXRlcnMgdGhhbiBidWlsZGFoLCBzMmkgbmVlZHMgYnVpbGRhaCBhYmlsaXRpZXMgdG8gY3JlYXRlIHRoZSBmaW5hbAojIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiB3aGF0IHMyaSBnZW5lcmF0ZXMKc291cmNlICIkKGRpcm5hbWUgJHtCQVNIX1NPVVJDRVswXX0pL2J1aWxkYWgtY29tbW9uLnNoIgoKIwojIFByZXBhcmUKIwoKIyBtYWtpbmcgc3VyZSB0aGUgcmVxdWlyZWQgd29ya3NwYWNlICJzb3VyY2UiIGlzIGJvdW5kZWQsIHdoaWNoIG1lYW5zIGl0cyB2b2x1bWUgaXMgY3VycmVudGx5IG1vdW50ZWQKIyBhbmQgcmVhZHkgdG8gdXNlCnBoYXNlICJJbnNwZWN0aW5nIHNvdXJjZSB3b3Jrc3BhY2UgJyR7V09SS1NQQUNFU19TT1VSQ0VfUEFUSH0nIChQV0Q9JyR7UFdEfScpIgpbWyAiJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORH0iICE9ICJ0cnVlIiBdXSAmJgogICAgZmFpbCAiV29ya3NwYWNlICdzb3VyY2UnIGlzIG5vdCBib3VuZGVkIgoKcGhhc2UgIkFwcGVuZGluZyAkUEFSQU1TX0NPTlRFWFQgd2l0aCAkV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBpZiBpdCdzIHJlbGF0aXZlIgpbWyAiJFBBUkFNU19DT05URVhUIiAhPSAiLiIgJiYgIiRQQVJBTVNfQ09OVEVYVCIgIT0gLyogXV0gJiYgCiAgICBQQVJBTVNfQ09OVEVYVD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19DT05URVhUfSIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJBcHBsaWNhdGlvbiBzb3VyY2UgY29kZSBkaXJlY3Rvcnkgbm90IGZvdW5kIGF0ICcke1BBUkFNU19DT05URVhUfSciCgpwaGFzZSAiQWRkaW5nIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdG8gJyR7UzJJX0VOVklST05NRU5UX0ZJTEV9JyIKCiMgYWRkIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdGhhdCBhcmUgc2VudCBhcyBjb21tYW5kIGxpbmUgYXJndW1lbnRzIGZyb20gRU5WX1ZBUlMgcGFyYW1ldGVyCnRvdWNoICIke1MySV9FTlZJUk9OTUVOVF9GSUxFfSIKaWYgWyAkeyNFTlZfVkFSU1tAXX0gLWd0IDAgXTsgdGhlbgogICAgZm9yIGVudl92YXIgaW4gIiR7RU5WX1ZBUlNbQF19IjsgZG8KICAgICAgICBlY2hvICIke2Vudl92YXJ9IiA+PiAiJHtTMklfRU5WSVJPTk1FTlRfRklMRX0iCiAgICBkb25lCmZpCgojCiMgUzJJIEdlbmVyYXRlCiMKCnBoYXNlICJHZW5lcmF0aW5nIHRoZSBEb2NrZXJmaWxlIGZvciBTMkkgYnVpbGRlciBpbWFnZSAnJHtTMklfQlVJTERFUl9JTUFHRX0nIgpzMmkgLS1sb2dsZXZlbCAiJHtTMklfTE9HTEVWRUx9IiBcCiAgICBidWlsZCAiJHtQQVJBTVNfQ09OVEVYVH0iICIke1MySV9CVUlMREVSX0lNQUdFfSIgXAogICAgICAgIC0taW1hZ2Utc2NyaXB0cy11cmwgIiR7UEFSQU1TX0lNQUdFX1NDUklQVFNfVVJMfSIgXAogICAgICAgIC0tYXMtZG9ja2VyZmlsZSAiJHtTMklfRE9DS0VSRklMRX0iIFwKICAgICAgICAtLWVudmlyb25tZW50LWZpbGUgIiR7UzJJX0VOVklST05NRU5UX0ZJTEV9IgoKcGhhc2UgIkluc3BlY3RpbmcgdGhlIERvY2tlcmZpbGUgZ2VuZXJhdGVkIGF0ICcke1MySV9ET0NLRVJGSUxFfSciCltbICEgLWYgIiR7UzJJX0RPQ0tFUkZJTEV9IiBdXSAmJgogICAgZmFpbCAiR2VuZXJhdGVkIERvY2tlcmZpbGUgaXMgbm90IGZvdW5kISIKCnNldCAreApwaGFzZSAiR2VuZXJhdGVkIERvY2tlcmZpbGUgcGF5bG9hZCIKZWNobyAtZW4gIj4+PiAke1MySV9ET0NLRVJGSUxFfVxuJChjYXQgJHtTMklfRE9DS0VSRklMRX0pXG48PDwgRU9GXG4iCg==" |base64 -d >"/scripts/s2i-generate.sh" + ls /scripts/s2i-*.sh; + chmod +x /scripts/s2i-*.sh;echo "Running Script /scripts/s2i-generate.sh"; + /scripts/s2i-generate.sh; + args: + - "$(params.ENV_VARS[*])" + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: s2i-generate-dir + mountPath: /s2i-generate + + - name: s2i-build + image: registry.access.redhat.com/ubi8/buildah:8.10-5 + workingDir: /s2i-generate + command: + - /scripts/s2i-build.sh + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: s2i-generate-dir + mountPath: /s2i-generate + + volumes: + - name: scripts-dir + emptyDir: {} + - name: s2i-generate-dir + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-s2i-ruby/task-s2i-ruby-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-s2i-ruby/task-s2i-ruby-task.yaml new file mode 100644 index 0000000000..82cebba7b5 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-s2i-ruby/task-s2i-ruby-task.yaml @@ -0,0 +1,197 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-s2i-ruby/0.4.1/task-s2i-ruby.yaml +# +--- +--- +# Source: task-containers/templates/task-s2i-ruby.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: s2i-ruby + labels: + app.kubernetes.io/version: 0.4.1 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-containers" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/categories: containers + tekton.dev/pipelines.minVersion: 0.41.0 + tekton.dev/tags: containers +spec: + description: | + Builds the source code using the s2i's Ruby builder-image + "image-registry.openshift-image-registry.svc:5000/openshift/ruby". + + + workspaces: + - name: source + optional: false + description: | + Application source code, the build context for S2I workflow. + - name: dockerconfig + optional: true + description: >- + An optional workspace that allows providing a .docker/config.json file for Buildah to access the container registry. + The file should be placed at the root of the Workspace with name config.json. + + params: + - name: IMAGE + type: string + description: | + Fully qualified container image name to be built by s2i. + - name: VERSION + description: The tag of the imagestream for the corresponding language version + default: latest + type: string + - name: IMAGE_SCRIPTS_URL + type: string + default: image:///usr/libexec/s2i + description: | + Specify a URL containing the default assemble and run scripts for the builder image + - name: ENV_VARS + type: array + default: [] + description: | + Array containing string of Environment Variables as "KEY=VALUE" + - name: CONTEXT + type: string + default: "." + description: | + Path to the directory to use as context. + - name: STORAGE_DRIVER + type: string + default: vfs + description: | + Set buildah storage driver to reflect the currrent cluster node's + settings. + - name: FORMAT + description: The format of the built container, oci or docker + default: "oci" + - name: BUILD_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the build command when building images. + - name: PUSH_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the push command when pushing images. + - name: SKIP_PUSH + default: "false" + description: | + Skip pushing the image to the container registry. + - name: TLS_VERIFY + type: string + default: "true" + description: | + Sets the TLS verification flag, `true` is recommended. + - name: VERBOSE + type: string + default: "false" + description: | + Turns on verbose logging, all commands executed will be printed out. + + results: + - name: IMAGE_URL + description: | + Fully qualified image name. + - name: IMAGE_DIGEST + description: | + Digest of the image just built. + + stepTemplate: + env: + + - name: PARAMS_IMAGE + value: "$(params.IMAGE)" + - name: PARAMS_VERSION + value: "$(params.VERSION)" + - name: PARAMS_IMAGE_SCRIPTS_URL + value: "$(params.IMAGE_SCRIPTS_URL)" + - name: PARAMS_CONTEXT + value: "$(params.CONTEXT)" + - name: PARAMS_FORMAT + value: "$(params.FORMAT)" + - name: PARAMS_STORAGE_DRIVER + value: "$(params.STORAGE_DRIVER)" + - name: PARAMS_BUILD_EXTRA_ARGS + value: "$(params.BUILD_EXTRA_ARGS)" + - name: PARAMS_PUSH_EXTRA_ARGS + value: "$(params.PUSH_EXTRA_ARGS)" + - name: PARAMS_SKIP_PUSH + value: "$(params.SKIP_PUSH)" + - name: PARAMS_TLS_VERIFY + value: "$(params.TLS_VERIFY)" + - name: PARAMS_VERBOSE + value: "$(params.VERBOSE)" + - name: WORKSPACES_SOURCE_BOUND + value: "$(workspaces.source.bound)" + - name: WORKSPACES_SOURCE_PATH + value: "$(workspaces.source.path)" + - name: WORKSPACES_DOCKERCONFIG_BOUND + value: "$(workspaces.dockerconfig.bound)" + - name: WORKSPACES_DOCKERCONFIG_PATH + value: "$(workspaces.dockerconfig.path)" + - name: RESULTS_IMAGE_URL_PATH + value: "$(results.IMAGE_URL.path)" + - name: RESULTS_IMAGE_DIGEST_PATH + value: "$(results.IMAGE_DIGEST.path)" + + steps: + - name: s2i-generate + image: registry.access.redhat.com/source-to-image/source-to-image-rhel8:v1.3.9-6 + workingDir: $(workspaces.source.path) + env: + - name: S2I_BUILDER_IMAGE + value: "image-registry.openshift-image-registry.svc:5000/openshift/ruby:$(params.VERSION)" + script: | + set -e + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgV3JhcHBlciBhcm91bmQgImJ1aWxkYWggYnVkIiB0byBidWlsZCBhbmQgcHVzaCBhIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiBhIERvY2tlcmZpbGUuCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvYnVpbGRhaC1jb21tb24uc2giCgpmdW5jdGlvbiBfYnVpbGRhaCgpIHsKICAgIGJ1aWxkYWggXAogICAgICAgIC0tc3RvcmFnZS1kcml2ZXI9IiR7UEFSQU1TX1NUT1JBR0VfRFJJVkVSfSIgXAogICAgICAgIC0tdGxzLXZlcmlmeT0iJHtQQVJBTVNfVExTX1ZFUklGWX0iIFwKICAgICAgICAkeyp9Cn0KCiMKIyBQcmVwYXJlCiMKCiMgbWFraW5nIHN1cmUgdGhlIHJlcXVpcmVkIHdvcmtzcGFjZSAic291cmNlIiBpcyBib3VuZGVkLCB3aGljaCBtZWFucyBpdHMgdm9sdW1lIGlzIGN1cnJlbnRseSBtb3VudGVkCiMgYW5kIHJlYWR5IHRvIHVzZQpwaGFzZSAiSW5zcGVjdGluZyBzb3VyY2Ugd29ya3NwYWNlICcke1dPUktTUEFDRVNfU09VUkNFX1BBVEh9JyAoUFdEPScke1BXRH0nKSIKW1sgIiR7V09SS1NQQUNFU19TT1VSQ0VfQk9VTkR9IiAhPSAidHJ1ZSIgXV0gJiYKICAgIGZhaWwgIldvcmtzcGFjZSAnc291cmNlJyBpcyBub3QgYm91bmRlZCIKCnBoYXNlICJBc3NlcnRpbmcgdGhlIGRvY2tlcmZpbGUvY29udGFpbmVyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyBleGlzdHMiCltbICEgLWYgIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgIkRvY2tlcmZpbGUgbm90IGZvdW5kIGF0OiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJDT05URVhUIHBhcmFtIGlzIG5vdCBmb3VuZCBhdCAnJHtQQVJBTVNfQ09OVEVYVH0nLCBvbiBzb3VyY2Ugd29ya3NwYWNlIgoKcGhhc2UgIkJ1aWxkaW5nIGJ1aWxkIGFyZ3MiCkJVSUxEX0FSR1M9KCkKZm9yIGJ1aWxkYXJnIGluICIkQCI7IGRvCiAgICBCVUlMRF9BUkdTKz0oIi0tYnVpbGQtYXJnPSRidWlsZGFyZyIpCmRvbmUKCiMgSGFuZGxlIG9wdGlvbmFsIGRvY2tlcmNvbmZpZyBzZWNyZXQKaWYgW1sgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfQk9VTkR9IiA9PSAidHJ1ZSIgXV07IHRoZW4KCiAgICAjIGlmIGNvbmZpZy5qc29uIGV4aXN0cyBhdCB3b3Jrc3BhY2Ugcm9vdCwgd2UgdXNlIHRoYXQKICAgIGlmIHRlc3QgLWYgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0vY29uZmlnLmpzb24iOyB0aGVuCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0iCgogICAgICAgICMgZWxzZSB3ZSBsb29rIGZvciAuZG9ja2VyY29uZmlnanNvbiBhdCB0aGUgcm9vdAogICAgZWxpZiB0ZXN0IC1mICIke1dPUktTUEFDRVNfRE9DS0VSQ09ORklHX1BBVEh9Ly5kb2NrZXJjb25maWdqc29uIjsgdGhlbgogICAgICAgICMgZW5zdXJlIC5kb2NrZXIgZXhpc3QgYmVmb3JlIHRoZSBjb3B5aW5nIHRoZSBjb250ZW50CiAgICAgICAgaWYgWyAhIC1kICIkSE9NRS8uZG9ja2VyIiBdOyB0aGVuCiAgICAgICAgICAgbWtkaXIgLXAgIiRIT01FLy5kb2NrZXIiCiAgICAgICAgZmkKICAgICAgICBjcCAiJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIfS8uZG9ja2VyY29uZmlnanNvbiIgIiRIT01FLy5kb2NrZXIvY29uZmlnLmpzb24iCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiRIT01FLy5kb2NrZXIiCgogICAgICAgICMgbmVlZCB0byBlcnJvciBvdXQgaWYgbmVpdGhlciBmaWxlcyBhcmUgcHJlc2VudAogICAgZWxzZQogICAgICAgIGVjaG8gIm5laXRoZXIgJ2NvbmZpZy5qc29uJyBub3IgJy5kb2NrZXJjb25maWdqc29uJyBmb3VuZCBhdCB3b3Jrc3BhY2Ugcm9vdCIKICAgICAgICBleGl0IDEKICAgIGZpCmZpCgpFTlRJVExFTUVOVF9WT0xVTUU9IiIKaWYgW1sgIiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX0JPVU5EfSIgPT0gInRydWUiIF1dOyB0aGVuCiAgICBFTlRJVExFTUVOVF9WT0xVTUU9Ii0tdm9sdW1lICR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEh9Oi9ldGMvcGtpL2VudGl0bGVtZW50IgpmaQoKIwojIEJ1aWxkCiMKCnBoYXNlICJCdWlsZGluZyAnJHtQQVJBTVNfSU1BR0V9JyBiYXNlZCBvbiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCltbIC1uICIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX0JVSUxEX0VYVFJBX0FSR1N9JyIKCl9idWlsZGFoIGJ1ZCAke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSBcCiAgICAkRU5USVRMRU1FTlRfVk9MVU1FIFwKICAgICIke0JVSUxEX0FSR1NbQF19IiBcCiAgICAtLWZpbGU9IiR7RE9DS0VSRklMRV9GVUxMfSIgXAogICAgLS10YWc9IiR7UEFSQU1TX0lNQUdFfSIgXAogICAgIiR7UEFSQU1TX0NPTlRFWFR9IgoKaWYgW1sgIiR7UEFSQU1TX1NLSVBfUFVTSH0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgcGhhc2UgIlNraXBwaW5nIHB1c2hpbmcgJyR7UEFSQU1TX0lNQUdFfScgdG8gdGhlIGNvbnRhaW5lciByZWdpc3RyeSEiCiAgICBleGl0IDAKZmkKCiMKIyBQdXNoCiMKCnBoYXNlICJQdXNoaW5nICcke1BBUkFNU19JTUFHRX0nIHRvIHRoZSBjb250YWluZXIgcmVnaXN0cnkiCgpbWyAtbiAiJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX1BVU0hfRVhUUkFfQVJHU30nIgoKIyB0ZW1wb3JhcnkgZmlsZSB0byBzdG9yZSB0aGUgaW1hZ2UgZGlnZXN0LCBpbmZvcm1hdGlvbiBvbmx5IG9idGFpbmVkIGFmdGVyIHB1c2hpbmcgdGhlIGltYWdlIHRvIHRoZQojIGNvbnRhaW5lciByZWdpc3RyeQpkZWNsYXJlIC1yIGRpZ2VzdF9maWxlPSIvdG1wL2J1aWxkYWgtZGlnZXN0LnR4dCIKCl9idWlsZGFoIHB1c2ggJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSBcCiAgICAtLWRpZ2VzdGZpbGU9IiR7ZGlnZXN0X2ZpbGV9IiBcCiAgICAiJHtQQVJBTVNfSU1BR0V9IiBcCiAgICAiZG9ja2VyOi8vJHtQQVJBTVNfSU1BR0V9IgoKIwojIFJlc3VsdHMKIwoKcGhhc2UgIkluc3BlY3RpbmcgZGlnZXN0IHJlcG9ydCAoJyR7ZGlnZXN0X2ZpbGV9JykiCgpbWyAhIC1yICIke2RpZ2VzdF9maWxlfSIgXV0gJiYKICAgIGZhaWwgIlVuYWJsZSB0byBmaW5kIGRpZ2VzdC1maWxlIGF0ICcke2RpZ2VzdF9maWxlfSciCgpkZWNsYXJlIC1yIGRpZ2VzdF9zdW09IiQoY2F0ICR7ZGlnZXN0X2ZpbGV9KSIKCltbIC16ICIke2RpZ2VzdF9zdW19IiBdXSAmJgogICAgZmFpbCAiRGlnZXN0IGZpbGUgJyR7ZGlnZXN0X2ZpbGV9JyBpcyBlbXB0eSEiCgpwaGFzZSAiU3VjY2Vzc2Z1bHkgYnVpbHQgY29udGFpbmVyIGltYWdlICcke1BBUkFNU19JTUFHRX0nICgnJHtkaWdlc3Rfc3VtfScpIgplY2hvIC1uICIke1BBUkFNU19JTUFHRX0iIHwgdGVlICR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSH0KZWNobyAtbiAiJHtkaWdlc3Rfc3VtfSIgfCB0ZWUgJHtSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIfQo=" |base64 -d >"/scripts/buildah-bud.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKZGVjbGFyZSAtcnggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKZGVjbGFyZSAtcnggUEFSQU1TX0RPQ0tFUkZJTEU9IiR7UEFSQU1TX0RPQ0tFUkZJTEU6LX0iCmRlY2xhcmUgLXggUEFSQU1TX0NPTlRFWFQ9IiR7UEFSQU1TX0NPTlRFWFQ6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TVE9SQUdFX0RSSVZFUj0iJHtQQVJBTVNfU1RPUkFHRV9EUklWRVI6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19CVUlMRF9FWFRSQV9BUkdTPSIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTOi19IgpkZWNsYXJlIC1yeCBQQVJBTVNfUFVTSF9FWFRSQV9BUkdTPSIke1BBUkFNU19QVVNIX0VYVFJBX0FSR1M6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TS0lQX1BVU0g9IiR7UEFSQU1TX1NLSVBfUFVTSDotfSIKZGVjbGFyZSAtcnggUEFSQU1TX1RMU19WRVJJRlk9IiR7UEFSQU1TX1RMU19WRVJJRlk6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19WRVJCT1NFPSIke1BBUkFNU19WRVJCT1NFOi19IgoKZGVjbGFyZSAtcnggV09SS1NQQUNFU19TT1VSQ0VfUEFUSD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg9IiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFdPUktTUEFDRVNfUkhFTF9FTlRJVExFTUVOVF9CT1VORD0iJHtXT1JLU1BBQ0VTX1JIRUxfRU5USVRMRU1FTlRfQk9VTkQ6LX0iCgpkZWNsYXJlIC1yeCBSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIPSIke1JFU1VMVFNfSU1BR0VfRElHRVNUX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFJFU1VMVFNfSU1BR0VfVVJMX1BBVEg9IiR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSDotfSIKCiMKIyBEb2NrZXJmaWxlCiMKCiMgZXhwb3NpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUsIHdoaWNoIGJ5IGRlZmF1bHQgc2hvdWxkIGJlIHJlbGF0aXZlIHRvIHRoZSBwcmltYXJ5CiMgd29ya3NwYWNlLCB0byByZWNlaXZlIGEgZGlmZmVyZW50IGNvbnRhaW5lci1maWxlIGxvY2F0aW9uCmRlY2xhcmUgLXIgZG9ja2VyZmlsZV9vbl93cz0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19ET0NLRVJGSUxFfSIKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7RE9DS0VSRklMRV9GVUxMOi0ke2RvY2tlcmZpbGVfb25fd3N9fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKW1sgLXogIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgInVuYWJsZSB0byBmaW5kIHRoZSBEb2NrZXJmaWxlLCBET0NLRVJGSUxFIG1heSBoYXZlIGFuIGluY29ycmVjdCBsb2NhdGlvbiIKCmV4cG9ydGVkX29yX2ZhaWwgXAogICAgV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBcCiAgICBQQVJBTVNfSU1BR0UKCiMKIyBWZXJib3NlIE91dHB1dAojCgppZiBbWyAiJHtQQVJBTVNfVkVSQk9TRX0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgc2V0IC14CmZpCg==" |base64 -d >"/scripts/buildah-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + ls /scripts/buildah-*.sh; + chmod +x /scripts/buildah-*.sh; + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVXNlcyB0aGUgRG9ja2VyZmlsZSBnZW5lcmF0ZWQgYnkgczJpIHRvIGFzc2VtYmxlIGEgbmV3IGNvbnRhaW5lciBpbWFnZSB1c2luZyBidWlsZGFoLgojCgpzaG9wdCAtcyBpbmhlcml0X2VycmV4aXQKc2V0IC1ldSAtbyBwaXBlZmFpbAoKZGVjbGFyZSAtciBjdXJfZGlyPSIkKGRpcm5hbWUgJHtCQVNIX1NPVVJDRVswXX0pIgoKc291cmNlICIke2N1cl9kaXJ9L2NvbW1vbi5zaCIKc291cmNlICIke2N1cl9kaXJ9L3MyaS1jb21tb24uc2giCgojIGxvYWRpbmcgYnVpbGRhaCBzZXR0aW5ncyBvdmVyd3JpdHRpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7UzJJX0RPQ0tFUkZJTEV9Igpzb3VyY2UgIiR7Y3VyX2Rpcn0vYnVpbGRhaC1jb21tb24uc2giCgpwaGFzZSAiQ2hhbmdpbmcgJFBBUkFNU19DT05URVhUIHRvIHBvaW50IHRvIHByZXNlbnQgd29ya2luZyBkaXJlY3RvcnkiCltbICIkUEFSQU1TX0NPTlRFWFQiICE9ICIuIiBdXSAmJiAKICAgIFBBUkFNU19DT05URVhUPSIuIgoKcGhhc2UgIkluc3BlY3RpbmcgY29udGV4dCAnJHtQQVJBTVNfQ09OVEVYVH0nIgpbWyAhIC1kICIke1BBUkFNU19DT05URVhUfSIgXV0gJiYKICAgIGZhaWwgIkFwcGxpY2F0aW9uIHNvdXJjZSBjb2RlIGRpcmVjdG9yeSBub3QgZm91bmQgYXQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKCnBoYXNlICJCdWlsZGluZyB0aGUgRG9ja2VyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyB3aXRoIGJ1aWxkYWgiCmV4ZWMgJHtjdXJfZGlyfS9idWlsZGFoLWJ1ZC5zaAo=" |base64 -d >"/scripts/s2i-build.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0YXJnZXQgaW1hZ2UgbmFtZSAoZnVsbHkgcXVhbGlmaWVkKSB0byBiZSBidWlsZCB3aXRoIHMyaSwgcmVkZWNsYXJpbmcgdGhlIHNhbWUgcGFyYW1ldGVyIG5hbWUgdGhhbgojIGJ1aWxkYWggdGFzayB1c2VzCmRlY2xhcmUgLXggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKIyBTcGVjaWZ5IGEgVVJMIGNvbnRhaW5pbmcgdGhlIGRlZmF1bHQgYXNzZW1ibGUgYW5kIHJ1biBzY3JpcHRzIGZvciB0aGUgYnVpbGRlciBpbWFnZQpkZWNsYXJlIC1yeCBQQVJBTVNfSU1BR0VfU0NSSVBUU19VUkw9IiR7UEFSQU1TX0lNQUdFX1NDUklQVFNfVVJMOi19IgoKIyB2b2x1bWUgbW91bnQgb3IgZGlyZWN0b3J5IHJlc3BvbnNpYmxlIGZvciBob2xkaW5nIGZpbGVzIAojIGxpa2UgZW52LCBEb2NrZXJmaWxlIGFuZCBhbnkgb3RoZXJzIG5lZWRlZCB0byBzdXBwb3J0IHMyaQpkZWNsYXJlIC1yeCBTMklfR0VORVJBVEVfRElSRUNUT1JZPSIke1MySV9HRU5FUkFURV9ESVJFQ1RPUlk6LS9zMmktZ2VuZXJhdGV9IgoKIyBmdWxsIHBhdGggdG8gdGhlIGNvbnRhaW5lciBmaWxlIGdlbmVyYXRlZCBieSBzMmkKZGVjbGFyZSAtcnggUzJJX0RPQ0tFUkZJTEU9IiR7UzJJX0RPQ0tFUkZJTEU6LSR7UzJJX0dFTkVSQVRFX0RJUkVDVE9SWX0vRG9ja2VyZmlsZS5nZW59IgoKIyBmdWxsIHBhdGggdG8gdGhlIGVudiBmaWxlIHVzZWQgd2l0aCB0aGUgLS1lbnZpcm9ubWVudC1maWxlIHBhcmFtZXRlciBvZiBzMmkKZGVjbGFyZSAtcnggUzJJX0VOVklST05NRU5UX0ZJTEU9IiR7UzJJX0VOVklST05NRU5UX0ZJTEU6LSR7UzJJX0dFTkVSQVRFX0RJUkVDVE9SWX0vZW52fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKZXhwb3J0ZWRfb3JfZmFpbCBcCiAgICBXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIIFwKICAgIFBBUkFNU19JTUFHRQoKIwojIFZlcmJvc2UgT3V0cHV0CiMKCmRlY2xhcmUgLXggUzJJX0xPR0xFVkVMPSIwIgoKaWYgW1sgIiR7UEFSQU1TX1ZFUkJPU0V9IiA9PSAidHJ1ZSIgXV07IHRoZW4KICAgIFMySV9MT0dMRVZFTD0iMiIKICAgIHNldCAteApmaQo=" |base64 -d >"/scripts/s2i-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVXNlcyBzMmkgdG8gZ2VuZXJhdGUgdGhlIHJlcGVzY3RpdmUgQ29udGFpbmVyZmlsZSBiYXNlZCBvbiB0aGUgaW5mb21yZWQgYnVpbGRlci4gVGhlIENvbnRhaW5lcmZpbGUKIyBpcyBzdG9yZWQgb24gYSB0ZW1wb3JhcnkgbG9jYXRpb24uCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvczJpLWNvbW1vbi5zaCIKCiMgczJpIGJ1aWxkZXIgaW1hZ2UgbmFtZSAoZnVsbHkgcXVhbGlmaWVkKQpkZWNsYXJlIC1yeCBTMklfQlVJTERFUl9JTUFHRT0iJHtTMklfQlVJTERFUl9JTUFHRTotfSIKCiMgdGFrZXMgdGhlIHZhbHVlcyBpbiBhcmd1bWVudCBFTlZfVkFSUyBhbmQgY3JlYXRlcyBhbiBhcnJheSB1c2luZyB0aG9zZSB2YWx1ZXMKZGVjbGFyZSAtcmEgRU5WX1ZBUlM9KCR7QH0pCgojIHJlLXVzaW5nIHRoZSBzYW1lIHBhcmFtZXRlcnMgdGhhbiBidWlsZGFoLCBzMmkgbmVlZHMgYnVpbGRhaCBhYmlsaXRpZXMgdG8gY3JlYXRlIHRoZSBmaW5hbAojIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiB3aGF0IHMyaSBnZW5lcmF0ZXMKc291cmNlICIkKGRpcm5hbWUgJHtCQVNIX1NPVVJDRVswXX0pL2J1aWxkYWgtY29tbW9uLnNoIgoKIwojIFByZXBhcmUKIwoKIyBtYWtpbmcgc3VyZSB0aGUgcmVxdWlyZWQgd29ya3NwYWNlICJzb3VyY2UiIGlzIGJvdW5kZWQsIHdoaWNoIG1lYW5zIGl0cyB2b2x1bWUgaXMgY3VycmVudGx5IG1vdW50ZWQKIyBhbmQgcmVhZHkgdG8gdXNlCnBoYXNlICJJbnNwZWN0aW5nIHNvdXJjZSB3b3Jrc3BhY2UgJyR7V09SS1NQQUNFU19TT1VSQ0VfUEFUSH0nIChQV0Q9JyR7UFdEfScpIgpbWyAiJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORH0iICE9ICJ0cnVlIiBdXSAmJgogICAgZmFpbCAiV29ya3NwYWNlICdzb3VyY2UnIGlzIG5vdCBib3VuZGVkIgoKcGhhc2UgIkFwcGVuZGluZyAkUEFSQU1TX0NPTlRFWFQgd2l0aCAkV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBpZiBpdCdzIHJlbGF0aXZlIgpbWyAiJFBBUkFNU19DT05URVhUIiAhPSAiLiIgJiYgIiRQQVJBTVNfQ09OVEVYVCIgIT0gLyogXV0gJiYgCiAgICBQQVJBTVNfQ09OVEVYVD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19DT05URVhUfSIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJBcHBsaWNhdGlvbiBzb3VyY2UgY29kZSBkaXJlY3Rvcnkgbm90IGZvdW5kIGF0ICcke1BBUkFNU19DT05URVhUfSciCgpwaGFzZSAiQWRkaW5nIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdG8gJyR7UzJJX0VOVklST05NRU5UX0ZJTEV9JyIKCiMgYWRkIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdGhhdCBhcmUgc2VudCBhcyBjb21tYW5kIGxpbmUgYXJndW1lbnRzIGZyb20gRU5WX1ZBUlMgcGFyYW1ldGVyCnRvdWNoICIke1MySV9FTlZJUk9OTUVOVF9GSUxFfSIKaWYgWyAkeyNFTlZfVkFSU1tAXX0gLWd0IDAgXTsgdGhlbgogICAgZm9yIGVudl92YXIgaW4gIiR7RU5WX1ZBUlNbQF19IjsgZG8KICAgICAgICBlY2hvICIke2Vudl92YXJ9IiA+PiAiJHtTMklfRU5WSVJPTk1FTlRfRklMRX0iCiAgICBkb25lCmZpCgojCiMgUzJJIEdlbmVyYXRlCiMKCnBoYXNlICJHZW5lcmF0aW5nIHRoZSBEb2NrZXJmaWxlIGZvciBTMkkgYnVpbGRlciBpbWFnZSAnJHtTMklfQlVJTERFUl9JTUFHRX0nIgpzMmkgLS1sb2dsZXZlbCAiJHtTMklfTE9HTEVWRUx9IiBcCiAgICBidWlsZCAiJHtQQVJBTVNfQ09OVEVYVH0iICIke1MySV9CVUlMREVSX0lNQUdFfSIgXAogICAgICAgIC0taW1hZ2Utc2NyaXB0cy11cmwgIiR7UEFSQU1TX0lNQUdFX1NDUklQVFNfVVJMfSIgXAogICAgICAgIC0tYXMtZG9ja2VyZmlsZSAiJHtTMklfRE9DS0VSRklMRX0iIFwKICAgICAgICAtLWVudmlyb25tZW50LWZpbGUgIiR7UzJJX0VOVklST05NRU5UX0ZJTEV9IgoKcGhhc2UgIkluc3BlY3RpbmcgdGhlIERvY2tlcmZpbGUgZ2VuZXJhdGVkIGF0ICcke1MySV9ET0NLRVJGSUxFfSciCltbICEgLWYgIiR7UzJJX0RPQ0tFUkZJTEV9IiBdXSAmJgogICAgZmFpbCAiR2VuZXJhdGVkIERvY2tlcmZpbGUgaXMgbm90IGZvdW5kISIKCnNldCAreApwaGFzZSAiR2VuZXJhdGVkIERvY2tlcmZpbGUgcGF5bG9hZCIKZWNobyAtZW4gIj4+PiAke1MySV9ET0NLRVJGSUxFfVxuJChjYXQgJHtTMklfRE9DS0VSRklMRX0pXG48PDwgRU9GXG4iCg==" |base64 -d >"/scripts/s2i-generate.sh" + ls /scripts/s2i-*.sh; + chmod +x /scripts/s2i-*.sh;echo "Running Script /scripts/s2i-generate.sh"; + /scripts/s2i-generate.sh; + args: + - "$(params.ENV_VARS[*])" + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: s2i-generate-dir + mountPath: /s2i-generate + + - name: s2i-build + image: registry.access.redhat.com/ubi8/buildah:8.10-5 + workingDir: /s2i-generate + command: + - /scripts/s2i-build.sh + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: s2i-generate-dir + mountPath: /s2i-generate + + volumes: + - name: scripts-dir + emptyDir: {} + - name: s2i-generate-dir + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-skopeo-copy/task-skopeo-copy-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-skopeo-copy/task-skopeo-copy-task.yaml new file mode 100644 index 0000000000..38f1f58320 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-skopeo-copy/task-skopeo-copy-task.yaml @@ -0,0 +1,119 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-skopeo-copy/0.4.1/task-skopeo-copy.yaml +# +--- +--- +# Source: task-containers/templates/task-skopeo-copy.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: skopeo-copy + labels: + app.kubernetes.io/version: 0.4.1 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-containers" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/categories: containers + tekton.dev/pipelines.minVersion: 0.41.0 + tekton.dev/tags: containers +spec: + description: | + Skopeo is a command line tool for working with remote image registries. + Skopeo doesn’t require a daemon to be running while performing its operations. In particular, + the handy skopeo command called copy will ease the whole image copy operation. + The copy command will take care of copying the image from internal.registry to production.registry. + If your production registry requires credentials to login in order to push the image, skopeo can handle that as well. + After copying the source and destination images SHA256 digest is stored as results. + workspaces: + - name: images_url + optional: true + description: | + For storing image urls in case we have more than one image to copy. + params: + - name: SOURCE_IMAGE_URL + type: string + description: | + Fully qualified source container image name, including tag, to be copied + into `DESTINATION_IMAGE_URL` param. + - name: DESTINATION_IMAGE_URL + type: string + description: | + Fully qualified destination container image name, including tag. + - name: SRC_TLS_VERIFY + type: string + default: "true" + description: | + Sets the TLS verification flags for the source registry, `true` is recommended. + - name: DEST_TLS_VERIFY + type: string + default: "true" + description: | + Sets the TLS verification flags for the destination registry, `true` is recommended. + - name: VERBOSE + type: string + default: "false" + description: | + Shows a more verbose (debug) output. + + results: + - name: SOURCE_DIGEST + type: string + description: | + Source image SHA256 digest. + - name: DESTINATION_DIGEST + type: string + description: | + Destination image SHA256 digest. + + volumes: + - name: scripts-dir + emptyDir: {} + + stepTemplate: + env: + + - name: PARAMS_SOURCE_IMAGE_URL + value: "$(params.SOURCE_IMAGE_URL)" + - name: PARAMS_DESTINATION_IMAGE_URL + value: "$(params.DESTINATION_IMAGE_URL)" + - name: PARAMS_SRC_TLS_VERIFY + value: "$(params.SRC_TLS_VERIFY)" + - name: PARAMS_DEST_TLS_VERIFY + value: "$(params.DEST_TLS_VERIFY)" + - name: PARAMS_VERBOSE + value: "$(params.VERBOSE)" + - name: WORKSPACES_IMAGES_URL_BOUND + value: "$(workspaces.images_url.bound)" + - name: WORKSPACES_IMAGES_URL_PATH + value: "$(workspaces.images_url.path)" + - name: RESULTS_SOURCE_DIGEST_PATH + value: "$(results.SOURCE_DIGEST.path)" + - name: RESULTS_DESTINATION_DIGEST_PATH + value: "$(results.DESTINATION_DIGEST.path)" + + steps: + - name: skopeo-copy + env: + - name: HOME + value: /workspace/home + image: registry.access.redhat.com/ubi8/skopeo:8.10-5 + script: | + set -e + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKZGVjbGFyZSAtcnggUEFSQU1TX1NPVVJDRV9JTUFHRV9VUkw9IiR7UEFSQU1TX1NPVVJDRV9JTUFHRV9VUkw6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19ERVNUSU5BVElPTl9JTUFHRV9VUkw9IiR7UEFSQU1TX0RFU1RJTkFUSU9OX0lNQUdFX1VSTDotfSIKZGVjbGFyZSAtcnggUEFSQU1TX1NSQ19UTFNfVkVSSUZZPSIke1BBUkFNU19TUkNfVExTX1ZFUklGWTotfSIKZGVjbGFyZSAtcnggUEFSQU1TX0RFU1RfVExTX1ZFUklGWT0iJHtQQVJBTVNfREVTVF9UTFNfVkVSSUZZOi19IgpkZWNsYXJlIC1yeCBQQVJBTVNfVkVSQk9TRT0iJHtQQVJBTVNfVkVSQk9TRTotfSIKCmRlY2xhcmUgLXJ4IFdPUktTUEFDRVNfSU1BR0VTX1VSTF9QQVRIPSIke1dPUktTUEFDRVNfSU1BR0VTX1VSTF9QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX0lNQUdFU19VUkxfQk9VTkQ9IiR7V09SS1NQQUNFU19JTUFHRVNfVVJMX0JPVU5EOi19IgoKZGVjbGFyZSAtcnggUkVTVUxUU19TT1VSQ0VfRElHRVNUX1BBVEg9IiR7UkVTVUxUU19TT1VSQ0VfRElHRVNUX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFJFU1VMVFNfREVTVElOQVRJT05fRElHRVNUX1BBVEg9IiR7UkVTVUxUU19ERVNUSU5BVElPTl9ESUdFU1RfUEFUSDotfSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKZXhwb3J0ZWRfb3JfZmFpbCBcCiAgICBQQVJBTVNfU09VUkNFX0lNQUdFX1VSTCBcCiAgICBQQVJBTVNfREVTVElOQVRJT05fSU1BR0VfVVJMIFwKICAgIFJFU1VMVFNfU09VUkNFX0RJR0VTVF9QQVRIIFwKICAgIFJFU1VMVFNfREVTVElOQVRJT05fRElHRVNUX1BBVEgKICAgICAKCiMKIyBTa29wZW8gQXV0aGVudGljYXRpb24KIwoKZGVjbGFyZSAteCBSRUdJU1RSWV9BVVRIX0ZJTEU9IiIKCmRvY2tlcl9jb25maWc9Ii93b3Jrc3BhY2UvaG9tZS8uZG9ja2VyL2NvbmZpZy5qc29uIgppZiBbWyAtZiAiJHtkb2NrZXJfY29uZmlnfSIgXV07IHRoZW4KICAgIHBoYXNlICJTZXR0aW5nIFJFR0lTVFJZX0FVVEhfRklMRSB0byAnJHtkb2NrZXJfY29uZmlnfSciCiAgICBSRUdJU1RSWV9BVVRIX0ZJTEU9JHtkb2NrZXJfY29uZmlnfQpmaQoKIwojIFZlcmJvc2UgT3V0cHV0CiMKCmRlY2xhcmUgLXggU0tPUEVPX0RFQlVHX0ZMQUc9IiIKCmlmIFtbICIke1BBUkFNU19WRVJCT1NFfSIgPT0gInRydWUiIF1dOyB0aGVuCiAgICBTS09QRU9fREVCVUdfRkxBRz0iLS1kZWJ1ZyIKICAgIHNldCAteApmaQo=" |base64 -d >"/scripts/skopeo-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKc2hvcHQgLXMgaW5oZXJpdF9lcnJleGl0CnNldCAtZXUgLW8gcGlwZWZhaWwKCnNvdXJjZSAiJChkaXJuYW1lICIke0JBU0hfU09VUkNFWzBdfSIpL2NvbW1vbi5zaCIKc291cmNlICIkKGRpcm5hbWUgIiR7QkFTSF9TT1VSQ0VbMF19Iikvc2tvcGVvLWNvbW1vbi5zaCIKCiMgRW5zdXJlIHRoZSAvdGVrdG9uL2hvbWUvLmRvY2tlciBkaXJlY3RvcnkgZXhpc3RzCm1rZGlyIC1wIC93b3Jrc3BhY2UvaG9tZS8uZG9ja2VyCgpwaGFzZSAiQ29weWluZyAnJHtQQVJBTVNfU09VUkNFX0lNQUdFX1VSTH0nIGludG8gJyR7UEFSQU1TX0RFU1RJTkFUSU9OX0lNQUdFX1VSTH0nIgoKc2V0IC14CgppZiBbIC1uICIke1BBUkFNU19TT1VSQ0VfSU1BR0VfVVJMfSIgXSAmJiBbIC1uICIke1BBUkFNU19ERVNUSU5BVElPTl9JTUFHRV9VUkx9IiBdOyB0aGVuCiAgICBza29wZW8gY29weSAke1NLT1BFT19ERUJVR19GTEFHfSBcCiAgICAgICAgLS1zcmMtdGxzLXZlcmlmeT0iJHtQQVJBTVNfU1JDX1RMU19WRVJJRll9IiBcCiAgICAgICAgLS1kZXN0LXRscy12ZXJpZnk9IiR7UEFSQU1TX0RFU1RfVExTX1ZFUklGWX0iIFwKICAgICAgICAiJHtQQVJBTVNfU09VUkNFX0lNQUdFX1VSTH0iIFwKICAgICAgICAiJHtQQVJBTVNfREVTVElOQVRJT05fSU1BR0VfVVJMfSIKZWxzZQogICAgIyBGdW5jdGlvbiB0byBjb3B5IG11bHRpcGxlIGltYWdlcy4KICAgIGNvcHlpbWFnZXMoKSB7CiAgICAgICAgZmlsZW5hbWU9IiR7V09SS1NQQUNFU19JTUFHRVNfVVJMX1BBVEh9L3VybC50eHQiCiAgICAgICAgd2hpbGUgSUZTPSByZWFkIC1yIGxpbmUgfHwgWyAtbiAiJGxpbmUiIF0KICAgICAgICBkbwogICAgICAgICAgICBjbWQ9IiIKICAgICAgICAgICAgZm9yIHVybCBpbiAkbGluZQogICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgY21kPSIkY21kICR1cmwiCiAgICAgICAgICAgIGRvbmUKICAgICAgICAgICAgcmVhZCAtcmEgU09VUkNFIDw8PCIke2NtZH0iCiAgICAgICAgICAgIHNrb3BlbyBjb3B5ICIke1NPVVJDRVtAXX0iIC0tc3JjLXRscy12ZXJpZnk9IiR7UEFSQU1TX1NSQ19UTFNfVkVSSUZZfSIgLS1kZXN0LXRscy12ZXJpZnk9IiR7UEFSQU1TX0RFU1RfVExTX1ZFUklGWX0iCiAgICAgICAgICAgIGVjaG8gIiRjbWQiCiAgICAgICAgZG9uZSA8ICIkZmlsZW5hbWUiCiAgICB9CgogICAgY29weWltYWdlcwpmaQo=" |base64 -d >"/scripts/skopeo-copy.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKc2hvcHQgLXMgaW5oZXJpdF9lcnJleGl0CnNldCAtZXUgLW8gcGlwZWZhaWwKCnNvdXJjZSAiJChkaXJuYW1lICR7QkFTSF9TT1VSQ0VbMF19KS9jb21tb24uc2giCnNvdXJjZSAiJChkaXJuYW1lICR7QkFTSF9TT1VSQ0VbMF19KS9za29wZW8tY29tbW9uLnNoIgoKZnVuY3Rpb24gc2tvcGVvX2luc3BlY3QoKSB7CiAgICBsb2NhbCBpbWFnZT0iJDEiCiAgICBsb2NhbCB0bHNfdmVyaWZ5PSIkMiIKICAgIHNrb3BlbyBpbnNwZWN0ICR7U0tPUEVPX0RFQlVHX0ZMQUd9IFwKICAgICAgICAtLXRscy12ZXJpZnk9IiR7dGxzX3ZlcmlmeX0iIFwKICAgICAgICAtLWZvcm1hdD0ne3sgLkRpZ2VzdCB9fScgXAogICAgICAgICIke2ltYWdlfSIKfQoKcGhhc2UgIkV4dHJhY3RpbmcgJyR7UEFSQU1TX1NPVVJDRV9JTUFHRV9VUkx9JyBzb3VyY2UgaW1hZ2UgZGlnZXN0Igpzb3VyY2VfZGlnZXN0PSIkKHNrb3Blb19pbnNwZWN0ICIke1BBUkFNU19TT1VSQ0VfSU1BR0VfVVJMfSIgIiR7UEFSQU1TX1NSQ19UTFNfVkVSSUZZfSIpIgpwaGFzZSAiU291cmNlIGltYWdlIGRpZ2VzdCAnJHtzb3VyY2VfZGlnZXN0fSciCgpwaGFzZSAiRXh0cmFjdGluZyAnJHtQQVJBTVNfREVTVElOQVRJT05fSU1BR0VfVVJMfScgZGVzdGluYXRpb24gaW1hZ2UgZGlnZXN0IgpkZXN0aW5hdGlvbl9kaWdlc3Q9IiQoc2tvcGVvX2luc3BlY3QgIiR7UEFSQU1TX0RFU1RJTkFUSU9OX0lNQUdFX1VSTH0iICIke1BBUkFNU19ERVNUX1RMU19WRVJJRll9IikiCnBoYXNlICJEZXN0aW5hdGlvbiBpbWFnZSBkaWdlc3QgJyR7ZGVzdGluYXRpb25fZGlnZXN0fSciCgpwcmludGYgIiVzIiAiJHtzb3VyY2VfZGlnZXN0fSIgPiAiJHtSRVNVTFRTX1NPVVJDRV9ESUdFU1RfUEFUSH0iCnByaW50ZiAiJXMiICIke2Rlc3RpbmF0aW9uX2RpZ2VzdH0iID4gIiR7UkVTVUxUU19ERVNUSU5BVElPTl9ESUdFU1RfUEFUSH0iCg==" |base64 -d >"/scripts/skopeo-results.sh" + ls /scripts/skopeo-*.sh; + chmod +x /scripts/skopeo-*.sh;echo "Running Script /scripts/skopeo-copy.sh"; + /scripts/skopeo-copy.sh;echo "Running Script /scripts/skopeo-results.sh"; + /scripts/skopeo-results.sh; + volumeMounts: + - name: scripts-dir + mountPath: /scripts diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-tkn/task-tkn-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-tkn/task-tkn-task.yaml new file mode 100644 index 0000000000..679ca31592 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/06-ecosystem/tasks/task-tkn/task-tkn-task.yaml @@ -0,0 +1,81 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-tkn/0.2.2/task-tkn.yaml +# +--- +--- +# Source: task-openshift/templates/task-tkn.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: tkn + labels: + app.kubernetes.io/version: 0.2.2 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-openshift" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/displayName: CLI + tekton.dev/pipelines.minVersion: 0.17.0 + tekton.dev/tags: cli +spec: + description: >- + This task performs operations on Tekton resources using tkn. + + workspaces: + - name: kubeconfig_dir + optional: true + description: >- + An optional workspace that allows you to provide a .kube/config + file for tkn to access the cluster. The file should be placed at + the root of the Workspace with name kubeconfig. + + params: + - name: SCRIPT + description: tkn CLI script to execute + type: string + default: "tkn $@" + - name: ARGS + type: array + description: tkn CLI arguments to run + default: ["--help"] + + stepTemplate: + env: + + - name: PARAMS_SCRIPT + value: "$(params.SCRIPT)" + - name: WORKSPACES_KUBECONFIG_DIR_BOUND + value: "$(workspaces.kubeconfig_dir.bound)" + - name: WORKSPACES_KUBECONFIG_DIR_PATH + value: "$(workspaces.kubeconfig_dir.path)" + + steps: + - name: tkn + image: registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:72394dfaed68c4b6b490c3c971fb1d9f0139f8656f6672b55b8e02ea98d1298d + env: + - name: HOME + value: /tekton/home + script: | + set -e + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQoK" |base64 -d >"/scripts/common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKc2hvcHQgLXMgaW5oZXJpdF9lcnJleGl0CnNldCAtZXUgLW8gcGlwZWZhaWwKCnNvdXJjZSAiJChkaXJuYW1lICR7QkFTSF9TT1VSQ0VbMF19KS9jb21tb24uc2giCnNvdXJjZSAiJChkaXJuYW1lICR7QkFTSF9TT1VSQ0VbMF19KS90a24tY29tbW9uLnNoIgoKW1sgIiR7V09SS1NQQUNFU19LVUJFQ09ORklHX0RJUl9CT1VORH0iID09ICJ0cnVlIiBdXSAmJiBcCltbIC1mICR7V09SS1NQQUNFU19LVUJFQ09ORklHX0RJUl9QQVRIfS9rdWJlY29uZmlnIF1dICYmIFwKZXhwb3J0IEtVQkVDT05GSUc9JHtXT1JLU1BBQ0VTX0tVQkVDT05GSUdfRElSX1BBVEh9L2t1YmVjb25maWcKCmV2YWwgJHtQQVJBTVNfU0NSSVBUfQo=" |base64 -d >"/scripts/tkn-client.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKZGVjbGFyZSAtcnggUEFSQU1TX1NDUklQVD0iJHtQQVJBTVNfU0NSSVBUOi19IgoKZGVjbGFyZSAtcnggV09SS1NQQUNFU19LVUJFQ09ORklHX0RJUl9QQVRIPSIke1dPUktTUEFDRVNfS1VCRUNPTkZJR19ESVJfUEFUSDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19LVUJFQ09ORklHX0RJUl9CT1VORD0iJHtXT1JLU1BBQ0VTX0tVQkVDT05GSUdfRElSX0JPVU5EOi19IgoKIwojIEFzc2VydGluZyBFbnZpcm9ubWVudAojCgpleHBvcnRlZF9vcl9mYWlsIFwKICAgIFdPUktTUEFDRVNfS1VCRUNPTkZJR19ESVJfQk9VTkQgXAogICAgUEFSQU1TX1NDUklQVCBcCiAgIAo=" |base64 -d >"/scripts/tkn-common.sh" + chmod +x /scripts/tkn-*.sh;echo "Running Script /scripts/tkn-client.sh"; + /scripts/tkn-client.sh $@; + args: ["$(params.ARGS)"] + securityContext: + runAsNonRoot: true + runAsUser: 65532 + volumeMounts: + - name: scripts-dir + mountPath: /scripts + + volumes: + - name: scripts-dir + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/stepactions/stepaction-git-clone/stepaction-git-clone-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/stepactions/stepaction-git-clone/stepaction-git-clone-task.yaml new file mode 100644 index 0000000000..218a9ffbce --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/stepactions/stepaction-git-clone/stepaction-git-clone-task.yaml @@ -0,0 +1,263 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/stepactions/stepaction-git-clone/0.4.1/stepaction-git-clone.yaml +# +--- +--- +# Source: task-git/templates/stepaction-git-clone.yaml +apiVersion: tekton.dev/v1beta1 +kind: StepAction +metadata: + name: git-clone + labels: + app.kubernetes.io/version: 0.4.1 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-git" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/categories: Git + tekton.dev/displayName: git + tekton.dev/pipelines.minVersion: 0.54.0 + tekton.dev/platforms: linux/amd64,linux/s390x,linux/ppc64le,linux/arm64 + tekton.dev/tags: git +spec: + + + params: + - name: OUTPUT_PATH + description: | + A directory that contains the fetched git repository. Cloned repo data is + placed in the root of the directory or in the relative path defined by the + `SUBDIRECTORY` parameter + - name: SSH_DIRECTORY_PATH + description: | + A `.ssh` directory with private key, `known_hosts`, `config`, etc. + Copied to the Git user's home before cloning the repository, in order to + server as authentication mechanismBinding a Secret to this Workspace is + strongly recommended over other volume types. + default: "no-path" + - name: BASIC_AUTH_PATH + default: "no-path" + description: | + A directory containing `.gitconfig` and `.git-credentials` files. + These files are copied to the user home directory before Git commands run. + All other files in this Workspace are ignored. It is strongly recommended to + use `ssh-directory` over `basic-auth` whenever possible, and to bind a + Secret to the Workspace providing this directory. + - name: SSL_CA_DIRECTORY_PATH + default: "no-path" + description: | + A directory containing CA certificates. Git uses these certificates to + verify the peer with when interacting with remote repositories using + HTTPS. + - name: CRT_FILENAME + type: string + default: ca-bundle.crt + description: | + Certificate Authority (CA) bundle filename in the SSL CA directory. + - name: HTTP_PROXY + type: string + default: "" + description: | + HTTP proxy server (non-TLS requests). + - name: HTTPS_PROXY + type: string + default: "" + description: | + HTTPS proxy server (TLS requests). + - name: NO_PROXY + type: string + default: "" + description: | + Opt out of proxying HTTP/HTTPS requests. + - name: SUBDIRECTORY + type: string + default: "" + description: | + Path to the directory for storing the cloned Git repository, relative to the + output directory. + - name: USER_HOME + type: string + default: "/home/git" + description: | + Absolute path to the Git user home directory. + - name: DELETE_EXISTING + type: string + default: "true" + description: | + Clean out the contents of the default Workspace before specific Git operations occur, if data exists. + - name: VERBOSE + type: string + default: "false" + description: | + Log the executed commands. + - name: SSL_VERIFY + type: string + default: "true" + description: | + Sets the global `http.sslVerify` value, `false` is not advised unless + you trust the remote repository. + - name: URL + type: string + description: | + Git repository URL. + - name: REVISION + type: string + default: main + description: | + Revision to checkout, an branch, tag, sha, ref, etc... + - name: REFSPEC + default: "" + description: | + Repository `refspec` to fetch before checking out the revision. + - name: SUBMODULES + type: string + default: "true" + description: | + Initialize and fetch Git submodules. + - name: DEPTH + type: string + default: "1" + description: | + Number of commits to fetch, a "shallow clone" is a single commit. + - name: SPARSE_CHECKOUT_DIRECTORIES + type: string + default: "" + description: | + List of directory patterns split by comma to perform "sparse checkout". + + results: + - name: COMMIT + description: | + The precise commit SHA digest cloned. + - name: URL + description: | + The precise repository URL. + - name: COMMITTER_DATE + description: | + The epoch timestamp of the commit cloned. + + env: + + - name: PARAMS_URL + value: "$(params.URL)" + - name: PARAMS_REVISION + value: "$(params.REVISION)" + - name: PARAMS_REFSPEC + value: "$(params.REFSPEC)" + - name: PARAMS_SUBMODULES + value: "$(params.SUBMODULES)" + - name: PARAMS_DEPTH + value: "$(params.DEPTH)" + - name: PARAMS_SPARSE_CHECKOUT_DIRECTORIES + value: "$(params.SPARSE_CHECKOUT_DIRECTORIES)" + - name: PARAMS_OUTPUT_PATH + value: "$(params.OUTPUT_PATH)" + - name: PARAMS_SSH_DIRECTORY_PATH + value: "$(params.SSH_DIRECTORY_PATH)" + - name: PARAMS_BASIC_AUTH_PATH + value: "$(params.BASIC_AUTH_PATH)" + - name: PARAMS_SSL_CA_DIRECTORY_PATH + value: "$(params.SSL_CA_DIRECTORY_PATH)" + + - name: PARAMS_SSL_VERIFY + value: "$(params.SSL_VERIFY)" + - name: PARAMS_CRT_FILENAME + value: "$(params.CRT_FILENAME)" + - name: PARAMS_SUBDIRECTORY + value: "$(params.SUBDIRECTORY)" + - name: PARAMS_DELETE_EXISTING + value: "$(params.DELETE_EXISTING)" + - name: PARAMS_HTTP_PROXY + value: "$(params.HTTP_PROXY)" + - name: PARAMS_HTTPS_PROXY + value: "$(params.HTTPS_PROXY)" + - name: PARAMS_NO_PROXY + value: "$(params.NO_PROXY)" + - name: PARAMS_VERBOSE + value: "$(params.VERBOSE)" + - name: PARAMS_USER_HOME + value: "$(params.USER_HOME)" + securityContext: + runAsNonRoot: true + runAsUser: 65532 + + image: registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8@sha256:c4b2183f7c7997bd401d86b33eefb637b3ef2fa90618e875106292cd69a15c14 + + script: | + #!/usr/bin/env sh + set -eu + + if [ "${PARAMS_VERBOSE}" = "true" ] ; then + set -x + fi + + if [ "${PARAMS_BASIC_AUTH_PATH}" != "no-path" ] ; then + cp "${PARAMS_BASIC_AUTH_PATH}/.git-credentials" "${PARAMS_USER_HOME}/.git-credentials" + cp "${PARAMS_BASIC_AUTH_PATH}/.gitconfig" "${PARAMS_USER_HOME}/.gitconfig" + chmod 400 "${PARAMS_USER_HOME}/.git-credentials" + chmod 400 "${PARAMS_USER_HOME}/.gitconfig" + fi + + if [ "${PARAMS_SSH_DIRECTORY_PATH}" != "no-path" ] ; then + cp -R "${PARAMS_SSH_DIRECTORY_PATH}" "${PARAMS_USER_HOME}"/.ssh + chmod 700 "${PARAMS_USER_HOME}"/.ssh + chmod -R 400 "${PARAMS_USER_HOME}"/.ssh/* + fi + + if [ "${PARAMS_SSL_CA_DIRECTORY_PATH}" != "no-path" ] ; then + export GIT_SSL_CAPATH="${PARAMS_SSL_CA_DIRECTORY_PATH}" + if [ "${PARAMS_CRT_FILENAME}" != "" ] ; then + export GIT_SSL_CAINFO="${PARAMS_SSL_CA_DIRECTORY_PATH}/${PARAMS_CRT_FILENAME}" + fi + fi + CHECKOUT_DIR="${PARAMS_OUTPUT_PATH}/${PARAMS_SUBDIRECTORY}" + + cleandir() { + # Delete any existing contents of the repo directory if it exists. + # + # We don't just "rm -rf ${CHECKOUT_DIR}" because ${CHECKOUT_DIR} might be "/" + # or the root of a mounted volume. + if [ -d "${CHECKOUT_DIR}" ] ; then + # Delete non-hidden files and directories + rm -rf "${CHECKOUT_DIR:?}"/* + # Delete files and directories starting with . but excluding .. + rm -rf "${CHECKOUT_DIR}"/.[!.]* + # Delete files and directories starting with .. plus any other character + rm -rf "${CHECKOUT_DIR}"/..?* + fi + } + + if [ "${PARAMS_DELETE_EXISTING}" = "true" ] ; then + cleandir || true + fi + + test -z "${PARAMS_HTTP_PROXY}" || export HTTP_PROXY="${PARAMS_HTTP_PROXY}" + test -z "${PARAMS_HTTPS_PROXY}" || export HTTPS_PROXY="${PARAMS_HTTPS_PROXY}" + test -z "${PARAMS_NO_PROXY}" || export NO_PROXY="${PARAMS_NO_PROXY}" + + git config --global --add safe.directory "${PARAMS_OUTPUT_PATH}" + /ko-app/git-init \ + -url="${PARAMS_URL}" \ + -revision="${PARAMS_REVISION}" \ + -refspec="${PARAMS_REFSPEC}" \ + -path="${CHECKOUT_DIR}" \ + -sslVerify="${PARAMS_SSL_VERIFY}" \ + -submodules="${PARAMS_SUBMODULES}" \ + -depth="${PARAMS_DEPTH}" \ + -sparseCheckoutDirectories="${PARAMS_SPARSE_CHECKOUT_DIRECTORIES}" + cd "${CHECKOUT_DIR}" + RESULT_SHA="$(git rev-parse HEAD)" + EXIT_CODE="$?" + if [ "${EXIT_CODE}" != 0 ] ; then + exit "${EXIT_CODE}" + fi + RESULT_COMMITTER_DATE="$(git log -1 --pretty=%ct)" + printf "%s" "${RESULT_COMMITTER_DATE}" > "$(step.results.COMMITTER_DATE.path)" + printf "%s" "${RESULT_SHA}" > "$(step.results.COMMIT.path)" + printf "%s" "${PARAMS_URL}" > "$(step.results.URL.path)" diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-buildah/task-buildah-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-buildah/task-buildah-task.yaml new file mode 100644 index 0000000000..10c0ea1de7 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-buildah/task-buildah-task.yaml @@ -0,0 +1,177 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-buildah/0.4.1/task-buildah.yaml +# +--- +--- +# Source: task-containers/templates/task-buildah.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: buildah + labels: + app.kubernetes.io/version: 0.4.1 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-containers" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/categories: containers + tekton.dev/pipelines.minVersion: 0.41.0 + tekton.dev/tags: containers +spec: + description: | + Buildah task builds source into a container image and + then pushes it to a container registry. + + workspaces: + - name: source + optional: false + description: | + Container build context, like for instnace a application source code + followed by a `Dockerfile`. + - name: dockerconfig + description: >- + An optional workspace that allows providing a .docker/config.json file + for Buildah to access the container registry. + The file should be placed at the root of the Workspace with name config.json + or .dockerconfigjson. + optional: true + - name: rhel-entitlement + description: >- + An optional workspace that allows providing the entitlement keys + for Buildah to access subscription. The mounted workspace contains + entitlement.pem and entitlement-key.pem. + optional: true + mountPath: /tmp/entitlement + params: + - name: IMAGE + type: string + description: | + Fully qualified container image name to be built by buildah. + - name: DOCKERFILE + type: string + default: ./Dockerfile + description: | + Path to the `Dockerfile` (or `Containerfile`) relative to the `source` workspace. + - name: BUILD_ARGS + type: array + default: + - "" + description: | + Dockerfile build arguments, array of key=value + - name: CONTEXT + type: string + default: "." + description: | + Path to the directory to use as context. + - name: STORAGE_DRIVER + type: string + default: vfs + description: | + Set buildah storage driver to reflect the currrent cluster node's + settings. + - name: FORMAT + description: The format of the built container, oci or docker + default: "oci" + - name: BUILD_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the build command when building images. + - name: PUSH_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the push command when pushing images. + - name: SKIP_PUSH + default: "false" + description: | + Skip pushing the image to the container registry. + - name: TLS_VERIFY + type: string + default: "true" + description: | + Sets the TLS verification flag, `true` is recommended. + - name: VERBOSE + type: string + default: "false" + description: | + Turns on verbose logging, all commands executed will be printed out. + + results: + - name: IMAGE_URL + description: | + Fully qualified image name. + - name: IMAGE_DIGEST + description: | + Digest of the image just built. + + stepTemplate: + env: + + - name: PARAMS_IMAGE + value: "$(params.IMAGE)" + - name: PARAMS_CONTEXT + value: "$(params.CONTEXT)" + - name: PARAMS_DOCKERFILE + value: "$(params.DOCKERFILE)" + - name: PARAMS_FORMAT + value: "$(params.FORMAT)" + - name: PARAMS_STORAGE_DRIVER + value: "$(params.STORAGE_DRIVER)" + - name: PARAMS_BUILD_EXTRA_ARGS + value: "$(params.BUILD_EXTRA_ARGS)" + - name: PARAMS_PUSH_EXTRA_ARGS + value: "$(params.PUSH_EXTRA_ARGS)" + - name: PARAMS_SKIP_PUSH + value: "$(params.SKIP_PUSH)" + - name: PARAMS_TLS_VERIFY + value: "$(params.TLS_VERIFY)" + - name: PARAMS_VERBOSE + value: "$(params.VERBOSE)" + - name: WORKSPACES_SOURCE_BOUND + value: "$(workspaces.source.bound)" + - name: WORKSPACES_SOURCE_PATH + value: "$(workspaces.source.path)" + - name: WORKSPACES_DOCKERCONFIG_BOUND + value: "$(workspaces.dockerconfig.bound)" + - name: WORKSPACES_DOCKERCONFIG_PATH + value: "$(workspaces.dockerconfig.path)" + - name: WORKSPACES_RHEL_ENTITLEMENT_BOUND + value: "$(workspaces.rhel-entitlement.bound)" + - name: WORKSPACES_RHEL_ENTITLEMENT_PATH + value: "$(workspaces.rhel-entitlement.path)" + - name: RESULTS_IMAGE_URL_PATH + value: "$(results.IMAGE_URL.path)" + - name: RESULTS_IMAGE_DIGEST_PATH + value: "$(results.IMAGE_DIGEST.path)" + + steps: + - name: build + image: registry.access.redhat.com/ubi8/buildah:8.10-5 + workingDir: $(workspaces.source.path) + args: + - $(params.BUILD_ARGS[*]) + script: | + set -e + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgV3JhcHBlciBhcm91bmQgImJ1aWxkYWggYnVkIiB0byBidWlsZCBhbmQgcHVzaCBhIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiBhIERvY2tlcmZpbGUuCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvYnVpbGRhaC1jb21tb24uc2giCgpmdW5jdGlvbiBfYnVpbGRhaCgpIHsKICAgIGJ1aWxkYWggXAogICAgICAgIC0tc3RvcmFnZS1kcml2ZXI9IiR7UEFSQU1TX1NUT1JBR0VfRFJJVkVSfSIgXAogICAgICAgIC0tdGxzLXZlcmlmeT0iJHtQQVJBTVNfVExTX1ZFUklGWX0iIFwKICAgICAgICAkeyp9Cn0KCiMKIyBQcmVwYXJlCiMKCiMgbWFraW5nIHN1cmUgdGhlIHJlcXVpcmVkIHdvcmtzcGFjZSAic291cmNlIiBpcyBib3VuZGVkLCB3aGljaCBtZWFucyBpdHMgdm9sdW1lIGlzIGN1cnJlbnRseSBtb3VudGVkCiMgYW5kIHJlYWR5IHRvIHVzZQpwaGFzZSAiSW5zcGVjdGluZyBzb3VyY2Ugd29ya3NwYWNlICcke1dPUktTUEFDRVNfU09VUkNFX1BBVEh9JyAoUFdEPScke1BXRH0nKSIKW1sgIiR7V09SS1NQQUNFU19TT1VSQ0VfQk9VTkR9IiAhPSAidHJ1ZSIgXV0gJiYKICAgIGZhaWwgIldvcmtzcGFjZSAnc291cmNlJyBpcyBub3QgYm91bmRlZCIKCnBoYXNlICJBc3NlcnRpbmcgdGhlIGRvY2tlcmZpbGUvY29udGFpbmVyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyBleGlzdHMiCltbICEgLWYgIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgIkRvY2tlcmZpbGUgbm90IGZvdW5kIGF0OiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJDT05URVhUIHBhcmFtIGlzIG5vdCBmb3VuZCBhdCAnJHtQQVJBTVNfQ09OVEVYVH0nLCBvbiBzb3VyY2Ugd29ya3NwYWNlIgoKcGhhc2UgIkJ1aWxkaW5nIGJ1aWxkIGFyZ3MiCkJVSUxEX0FSR1M9KCkKZm9yIGJ1aWxkYXJnIGluICIkQCI7IGRvCiAgICBCVUlMRF9BUkdTKz0oIi0tYnVpbGQtYXJnPSRidWlsZGFyZyIpCmRvbmUKCiMgSGFuZGxlIG9wdGlvbmFsIGRvY2tlcmNvbmZpZyBzZWNyZXQKaWYgW1sgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfQk9VTkR9IiA9PSAidHJ1ZSIgXV07IHRoZW4KCiAgICAjIGlmIGNvbmZpZy5qc29uIGV4aXN0cyBhdCB3b3Jrc3BhY2Ugcm9vdCwgd2UgdXNlIHRoYXQKICAgIGlmIHRlc3QgLWYgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0vY29uZmlnLmpzb24iOyB0aGVuCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0iCgogICAgICAgICMgZWxzZSB3ZSBsb29rIGZvciAuZG9ja2VyY29uZmlnanNvbiBhdCB0aGUgcm9vdAogICAgZWxpZiB0ZXN0IC1mICIke1dPUktTUEFDRVNfRE9DS0VSQ09ORklHX1BBVEh9Ly5kb2NrZXJjb25maWdqc29uIjsgdGhlbgogICAgICAgICMgZW5zdXJlIC5kb2NrZXIgZXhpc3QgYmVmb3JlIHRoZSBjb3B5aW5nIHRoZSBjb250ZW50CiAgICAgICAgaWYgWyAhIC1kICIkSE9NRS8uZG9ja2VyIiBdOyB0aGVuCiAgICAgICAgICAgbWtkaXIgLXAgIiRIT01FLy5kb2NrZXIiCiAgICAgICAgZmkKICAgICAgICBjcCAiJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIfS8uZG9ja2VyY29uZmlnanNvbiIgIiRIT01FLy5kb2NrZXIvY29uZmlnLmpzb24iCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiRIT01FLy5kb2NrZXIiCgogICAgICAgICMgbmVlZCB0byBlcnJvciBvdXQgaWYgbmVpdGhlciBmaWxlcyBhcmUgcHJlc2VudAogICAgZWxzZQogICAgICAgIGVjaG8gIm5laXRoZXIgJ2NvbmZpZy5qc29uJyBub3IgJy5kb2NrZXJjb25maWdqc29uJyBmb3VuZCBhdCB3b3Jrc3BhY2Ugcm9vdCIKICAgICAgICBleGl0IDEKICAgIGZpCmZpCgpFTlRJVExFTUVOVF9WT0xVTUU9IiIKaWYgW1sgIiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX0JPVU5EfSIgPT0gInRydWUiIF1dOyB0aGVuCiAgICBFTlRJVExFTUVOVF9WT0xVTUU9Ii0tdm9sdW1lICR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEh9Oi9ldGMvcGtpL2VudGl0bGVtZW50IgpmaQoKIwojIEJ1aWxkCiMKCnBoYXNlICJCdWlsZGluZyAnJHtQQVJBTVNfSU1BR0V9JyBiYXNlZCBvbiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCltbIC1uICIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX0JVSUxEX0VYVFJBX0FSR1N9JyIKCl9idWlsZGFoIGJ1ZCAke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSBcCiAgICAkRU5USVRMRU1FTlRfVk9MVU1FIFwKICAgICIke0JVSUxEX0FSR1NbQF19IiBcCiAgICAtLWZpbGU9IiR7RE9DS0VSRklMRV9GVUxMfSIgXAogICAgLS10YWc9IiR7UEFSQU1TX0lNQUdFfSIgXAogICAgIiR7UEFSQU1TX0NPTlRFWFR9IgoKaWYgW1sgIiR7UEFSQU1TX1NLSVBfUFVTSH0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgcGhhc2UgIlNraXBwaW5nIHB1c2hpbmcgJyR7UEFSQU1TX0lNQUdFfScgdG8gdGhlIGNvbnRhaW5lciByZWdpc3RyeSEiCiAgICBleGl0IDAKZmkKCiMKIyBQdXNoCiMKCnBoYXNlICJQdXNoaW5nICcke1BBUkFNU19JTUFHRX0nIHRvIHRoZSBjb250YWluZXIgcmVnaXN0cnkiCgpbWyAtbiAiJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX1BVU0hfRVhUUkFfQVJHU30nIgoKIyB0ZW1wb3JhcnkgZmlsZSB0byBzdG9yZSB0aGUgaW1hZ2UgZGlnZXN0LCBpbmZvcm1hdGlvbiBvbmx5IG9idGFpbmVkIGFmdGVyIHB1c2hpbmcgdGhlIGltYWdlIHRvIHRoZQojIGNvbnRhaW5lciByZWdpc3RyeQpkZWNsYXJlIC1yIGRpZ2VzdF9maWxlPSIvdG1wL2J1aWxkYWgtZGlnZXN0LnR4dCIKCl9idWlsZGFoIHB1c2ggJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSBcCiAgICAtLWRpZ2VzdGZpbGU9IiR7ZGlnZXN0X2ZpbGV9IiBcCiAgICAiJHtQQVJBTVNfSU1BR0V9IiBcCiAgICAiZG9ja2VyOi8vJHtQQVJBTVNfSU1BR0V9IgoKIwojIFJlc3VsdHMKIwoKcGhhc2UgIkluc3BlY3RpbmcgZGlnZXN0IHJlcG9ydCAoJyR7ZGlnZXN0X2ZpbGV9JykiCgpbWyAhIC1yICIke2RpZ2VzdF9maWxlfSIgXV0gJiYKICAgIGZhaWwgIlVuYWJsZSB0byBmaW5kIGRpZ2VzdC1maWxlIGF0ICcke2RpZ2VzdF9maWxlfSciCgpkZWNsYXJlIC1yIGRpZ2VzdF9zdW09IiQoY2F0ICR7ZGlnZXN0X2ZpbGV9KSIKCltbIC16ICIke2RpZ2VzdF9zdW19IiBdXSAmJgogICAgZmFpbCAiRGlnZXN0IGZpbGUgJyR7ZGlnZXN0X2ZpbGV9JyBpcyBlbXB0eSEiCgpwaGFzZSAiU3VjY2Vzc2Z1bHkgYnVpbHQgY29udGFpbmVyIGltYWdlICcke1BBUkFNU19JTUFHRX0nICgnJHtkaWdlc3Rfc3VtfScpIgplY2hvIC1uICIke1BBUkFNU19JTUFHRX0iIHwgdGVlICR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSH0KZWNobyAtbiAiJHtkaWdlc3Rfc3VtfSIgfCB0ZWUgJHtSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIfQo=" |base64 -d >"/scripts/buildah-bud.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKZGVjbGFyZSAtcnggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKZGVjbGFyZSAtcnggUEFSQU1TX0RPQ0tFUkZJTEU9IiR7UEFSQU1TX0RPQ0tFUkZJTEU6LX0iCmRlY2xhcmUgLXggUEFSQU1TX0NPTlRFWFQ9IiR7UEFSQU1TX0NPTlRFWFQ6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TVE9SQUdFX0RSSVZFUj0iJHtQQVJBTVNfU1RPUkFHRV9EUklWRVI6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19CVUlMRF9FWFRSQV9BUkdTPSIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTOi19IgpkZWNsYXJlIC1yeCBQQVJBTVNfUFVTSF9FWFRSQV9BUkdTPSIke1BBUkFNU19QVVNIX0VYVFJBX0FSR1M6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TS0lQX1BVU0g9IiR7UEFSQU1TX1NLSVBfUFVTSDotfSIKZGVjbGFyZSAtcnggUEFSQU1TX1RMU19WRVJJRlk9IiR7UEFSQU1TX1RMU19WRVJJRlk6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19WRVJCT1NFPSIke1BBUkFNU19WRVJCT1NFOi19IgoKZGVjbGFyZSAtcnggV09SS1NQQUNFU19TT1VSQ0VfUEFUSD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg9IiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFdPUktTUEFDRVNfUkhFTF9FTlRJVExFTUVOVF9CT1VORD0iJHtXT1JLU1BBQ0VTX1JIRUxfRU5USVRMRU1FTlRfQk9VTkQ6LX0iCgpkZWNsYXJlIC1yeCBSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIPSIke1JFU1VMVFNfSU1BR0VfRElHRVNUX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFJFU1VMVFNfSU1BR0VfVVJMX1BBVEg9IiR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSDotfSIKCiMKIyBEb2NrZXJmaWxlCiMKCiMgZXhwb3NpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUsIHdoaWNoIGJ5IGRlZmF1bHQgc2hvdWxkIGJlIHJlbGF0aXZlIHRvIHRoZSBwcmltYXJ5CiMgd29ya3NwYWNlLCB0byByZWNlaXZlIGEgZGlmZmVyZW50IGNvbnRhaW5lci1maWxlIGxvY2F0aW9uCmRlY2xhcmUgLXIgZG9ja2VyZmlsZV9vbl93cz0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19ET0NLRVJGSUxFfSIKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7RE9DS0VSRklMRV9GVUxMOi0ke2RvY2tlcmZpbGVfb25fd3N9fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKW1sgLXogIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgInVuYWJsZSB0byBmaW5kIHRoZSBEb2NrZXJmaWxlLCBET0NLRVJGSUxFIG1heSBoYXZlIGFuIGluY29ycmVjdCBsb2NhdGlvbiIKCmV4cG9ydGVkX29yX2ZhaWwgXAogICAgV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBcCiAgICBQQVJBTVNfSU1BR0UKCiMKIyBWZXJib3NlIE91dHB1dAojCgppZiBbWyAiJHtQQVJBTVNfVkVSQk9TRX0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgc2V0IC14CmZpCg==" |base64 -d >"/scripts/buildah-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + ls /scripts/buildah-*.sh; + chmod +x /scripts/buildah-*.sh;echo "Running Script /scripts/buildah-bud.sh"; + /scripts/buildah-bud.sh; + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + + volumes: + - name: scripts-dir + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-git-cli/task-git-cli-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-git-cli/task-git-cli-task.yaml new file mode 100644 index 0000000000..770fe81327 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-git-cli/task-git-cli-task.yaml @@ -0,0 +1,218 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-git-cli/0.4.1/task-git-cli.yaml +# +--- +--- +# Source: task-git/templates/task-git-cli.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: git-cli + labels: + app.kubernetes.io/version: 0.4.1 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-git" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/categories: Git + tekton.dev/displayName: git + tekton.dev/pipelines.minVersion: 0.54.0 + tekton.dev/platforms: linux/amd64,linux/s390x,linux/ppc64le,linux/arm64 + tekton.dev/tags: git +spec: + description: >- + This task can be used to perform git operations. + + Git command that needs to be run can be passed as a script to + the task. This task needs authentication to git in order to push + after the git operation. + + + workspaces: + - name: ssh-directory + optional: true + description: | + A `.ssh` directory with private key, `known_hosts`, `config`, etc. + Copied to the Git user's home before cloning the repository, in order to + server as authentication mechanismBinding a Secret to this Workspace is + strongly recommended over other volume types. + - name: basic-auth + optional: true + description: | + A Workspace containing a `.gitconfig` and `.git-credentials` files. + These will be copied to the user's home before Git commands run. All + other files in this Workspace are ignored. It is strongly recommended to + use `ssh-directory` over `basic-auth` whenever possible, and to bind a + Secret to this Workspace over other volume types. + - name: ssl-ca-directory + optional: true + description: | + A Workspace containing CA certificates, this will be used by Git to + verify the peer with when interacting with remote repositories using + HTTPS. + - name: source + description: A workspace that contains the fetched git repository. + - name: input + optional: true + description: | + An optional workspace that contains the files that need to be added to git. You can + access the workspace from your script using `$(workspaces.input.path)`, for instance: + + cp $(workspaces.input.path)/file_that_i_want . + git add file_that_i_want + # etc + + params: + - name: CRT_FILENAME + type: string + default: ca-bundle.crt + description: | + Certificate Authority (CA) bundle filename in the SSL CA directory. + - name: HTTP_PROXY + type: string + default: "" + description: | + HTTP proxy server (non-TLS requests). + - name: HTTPS_PROXY + type: string + default: "" + description: | + HTTPS proxy server (TLS requests). + - name: NO_PROXY + type: string + default: "" + description: | + Opt out of proxying HTTP/HTTPS requests. + - name: SUBDIRECTORY + type: string + default: "" + description: | + Path to the directory for storing the cloned Git repository, relative to the + output directory. + - name: USER_HOME + type: string + default: "/home/git" + description: | + Absolute path to the Git user home directory. + - name: DELETE_EXISTING + type: string + default: "true" + description: | + Clean out the contents of the default Workspace before specific Git operations occur, if data exists. + - name: VERBOSE + type: string + default: "false" + description: | + Log the executed commands. + - name: SSL_VERIFY + type: string + default: "true" + description: | + Sets the global `http.sslVerify` value, `false` is not advised unless + you trust the remote repository. + - name: GIT_USER_NAME + type: string + description: | + Git user name for performing git operation. + default: "" + - name: GIT_USER_EMAIL + type: string + description: | + Git user email for performing git operation. + default: "" + - name: GIT_SCRIPT + description: The git script to run. + type: string + default: | + git help + + results: + - name: COMMIT + description: | + The precise commit SHA digest cloned. + + volumes: + - name: user-home + emptyDir: {} + - name: scripts-dir + emptyDir: {} + + stepTemplate: + env: + + - name: PARAMS_GIT_USER_EMAIL + value: "$(params.GIT_USER_EMAIL)" + - name: PARAMS_GIT_USER_NAME + value: "$(params.GIT_USER_NAME)" + - name: PARAMS_GIT_SCRIPT + value: "$(params.GIT_SCRIPT)" + - name: WORKSPACES_SOURCE_PATH + value: "$(workspaces.source.path)" + + - name: PARAMS_SSL_VERIFY + value: "$(params.SSL_VERIFY)" + - name: PARAMS_CRT_FILENAME + value: "$(params.CRT_FILENAME)" + - name: PARAMS_SUBDIRECTORY + value: "$(params.SUBDIRECTORY)" + - name: PARAMS_DELETE_EXISTING + value: "$(params.DELETE_EXISTING)" + - name: PARAMS_HTTP_PROXY + value: "$(params.HTTP_PROXY)" + - name: PARAMS_HTTPS_PROXY + value: "$(params.HTTPS_PROXY)" + - name: PARAMS_NO_PROXY + value: "$(params.NO_PROXY)" + - name: PARAMS_VERBOSE + value: "$(params.VERBOSE)" + - name: PARAMS_USER_HOME + value: "$(params.USER_HOME)" + - name: WORKSPACES_SSH_DIRECTORY_BOUND + value: "$(workspaces.ssh-directory.bound)" + - name: WORKSPACES_SSH_DIRECTORY_PATH + value: "$(workspaces.ssh-directory.path)" + - name: WORKSPACES_BASIC_AUTH_BOUND + value: "$(workspaces.basic-auth.bound)" + - name: WORKSPACES_BASIC_AUTH_PATH + value: "$(workspaces.basic-auth.path)" + - name: WORKSPACES_SSL_CA_DIRECTORY_BOUND + value: "$(workspaces.ssl-ca-directory.bound)" + - name: WORKSPACES_SSL_CA_DIRECTORY_PATH + value: "$(workspaces.ssl-ca-directory.path)" + - name: RESULTS_COMMIT_PATH + value: "$(results.COMMIT.path)" + computeResources: + limits: + cpu: 100m + memory: 256Mi + requests: + cpu: 100m + memory: 256Mi + securityContext: + runAsNonRoot: true + runAsUser: 65532 + + steps: + - name: prepare-and-run + image: registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8@sha256:c4b2183f7c7997bd401d86b33eefb637b3ef2fa90618e875106292cd69a15c14 + workingDir: $(workspaces.source.path) + script: | + set -e + printf '%s' "IyEvdXNyL2Jpbi9lbnYgc2gKCmV4cG9ydCBQQVJBTVNfVVJMPSIke1BBUkFNU19VUkw6LX0iCmV4cG9ydCBQQVJBTVNfUkVWSVNJT049IiR7UEFSQU1TX1JFVklTSU9OOi19IgpleHBvcnQgUEFSQU1TX1JFRlNQRUM9IiR7UEFSQU1TX1JFRlNQRUM6LX0iCmV4cG9ydCBQQVJBTVNfU1VCTU9EVUxFUz0iJHtQQVJBTVNfU1VCTU9EVUxFUzotfSIKZXhwb3J0IFBBUkFNU19ERVBUSD0iJHtQQVJBTVNfREVQVEg6LX0iCmV4cG9ydCBQQVJBTVNfU1NMX1ZFUklGWT0iJHtQQVJBTVNfU1NMX1ZFUklGWTotfSIKZXhwb3J0IFBBUkFNU19DUlRfRklMRU5BTUU9IiR7UEFSQU1TX0NSVF9GSUxFTkFNRTotfSIKZXhwb3J0IFBBUkFNU19TVUJESVJFQ1RPUlk9IiR7UEFSQU1TX1NVQkRJUkVDVE9SWTotfSIKZXhwb3J0IFBBUkFNU19TUEFSU0VfQ0hFQ0tPVVRfRElSRUNUT1JJRVM9IiR7UEFSQU1TX1NQQVJTRV9DSEVDS09VVF9ESVJFQ1RPUklFUzotfSIKZXhwb3J0IFBBUkFNU19ERUxFVEVfRVhJU1RJTkc9IiR7UEFSQU1TX0RFTEVURV9FWElTVElORzotfSIKZXhwb3J0IFBBUkFNU19IVFRQX1BST1hZPSIke1BBUkFNU19IVFRQX1BST1hZOi19IgpleHBvcnQgUEFSQU1TX0hUVFBTX1BST1hZPSIke1BBUkFNU19IVFRQU19QUk9YWTotfSIKZXhwb3J0IFBBUkFNU19OT19QUk9YWT0iJHtQQVJBTVNfTk9fUFJPWFk6LX0iCmV4cG9ydCBQQVJBTVNfVkVSQk9TRT0iJHtQQVJBTVNfVkVSQk9TRTotfSIKZXhwb3J0IFBBUkFNU19VU0VSX0hPTUU9IiR7UEFSQU1TX1VTRVJfSE9NRTotfSIKZXhwb3J0IFBBUkFNU19HSVRfVVNFUl9FTUFJTD0iJHtQQVJBTVNfR0lUX1VTRVJfRU1BSUw6LX0iCmV4cG9ydCBQQVJBTVNfR0lUX1VTRVJfTkFNRT0iJHtQQVJBTVNfR0lUX1VTRVJfTkFNRTotfSIKZXhwb3J0IFBBUkFNU19HSVRfU0NSSVBUPSIke1BBUkFNU19HSVRfU0NSSVBUOi19IgoKZXhwb3J0IFdPUktTUEFDRVNfU09VUkNFX1BBVEg9IiR7V09SS1NQQUNFU19TT1VSQ0VfUEFUSDotfSIKZXhwb3J0IFdPUktTUEFDRVNfT1VUUFVUX1BBVEg9IiR7V09SS1NQQUNFU19PVVRQVVRfUEFUSDotfSIKZXhwb3J0IFdPUktTUEFDRVNfU1NIX0RJUkVDVE9SWV9CT1VORD0iJHtXT1JLU1BBQ0VTX1NTSF9ESVJFQ1RPUllfQk9VTkQ6LX0iCmV4cG9ydCBXT1JLU1BBQ0VTX1NTSF9ESVJFQ1RPUllfUEFUSD0iJHtXT1JLU1BBQ0VTX1NTSF9ESVJFQ1RPUllfUEFUSDotfSIKZXhwb3J0IFdPUktTUEFDRVNfQkFTSUNfQVVUSF9CT1VORD0iJHtXT1JLU1BBQ0VTX0JBU0lDX0FVVEhfQk9VTkQ6LX0iCmV4cG9ydCBXT1JLU1BBQ0VTX0JBU0lDX0FVVEhfUEFUSD0iJHtXT1JLU1BBQ0VTX0JBU0lDX0FVVEhfUEFUSDotfSIKZXhwb3J0IFdPUktTUEFDRVNfU1NMX0NBX0RJUkVDVE9SWV9CT1VORD0iJHtXT1JLU1BBQ0VTX1NTTF9DQV9ESVJFQ1RPUllfQk9VTkQ6LX0iCmV4cG9ydCBXT1JLU1BBQ0VTX1NTTF9DQV9ESVJFQ1RPUllfUEFUSD0iJHtXT1JLU1BBQ0VTX1NTTF9DQV9ESVJFQ1RPUllfUEFUSDotfSIKCmV4cG9ydCBSRVNVTFRTX0NPTU1JVFRFUl9EQVRFX1BBVEg9IiR7UkVTVUxUU19DT01NSVRURVJfREFURV9QQVRIOi19IgpleHBvcnQgUkVTVUxUU19DT01NSVRfUEFUSD0iJHtSRVNVTFRTX0NPTU1JVF9QQVRIOi19IgpleHBvcnQgUkVTVUxUU19VUkxfUEFUSD0iJHtSRVNVTFRTX1VSTF9QQVRIOi19IgoKIyBmdWxsIHBhdGggdG8gdGhlIGNoZWNrb3V0IGRpcmVjdG9yeSwgdXNpbmcgdGhlIHNvdXJjZSB3b3Jrc3BhY2UgYW5kIHN1YmRpcmVjdG9yIHBhcmFtZXRlcgpbWyAhIC16ICR7V09SS1NQQUNFU19TT1VSQ0VfUEFUSH0gXV0gJiYgZXhwb3J0IFdPUktTUEFDRVNfUk9PVF9QQVRIPSIke1dPUktTUEFDRVNfU09VUkNFX1BBVEh9IgpbWyAhIC16ICR7V09SS1NQQUNFU19PVVRQVVRfUEFUSH0gXV0gJiYgZXhwb3J0IFdPUktTUEFDRVNfUk9PVF9QQVRIPSIke1dPUktTUEFDRVNfT1VUUFVUX1BBVEh9IgoKY2hlY2tvdXRfZGlyPSIke1dPUktTUEFDRVNfUk9PVF9QQVRIfS8ke1BBUkFNU19TVUJESVJFQ1RPUll9IgoKIwojIEZ1bmN0aW9ucwojCgpmYWlsKCkgewogICAgZWNobyAiRVJST1I6ICR7QH0iIDE+JjIKICAgIGV4aXQgMQp9CgpwaGFzZSgpIHsKICAgIGVjaG8gIi0tLT4gUGhhc2U6ICR7QH0uLi4iCn0KCiMgSW5zcGVjdCB0aGUgZW52aXJvbm1lbnQgdmFyaWFibGVzIHRvIGFzc2VydCB0aGUgbWluaW11bSBjb25maWd1cmF0aW9uIGlzIGluZm9ybWVkLgphc3NlcnRfcmVxdWlyZWRfY29uZmlndXJhdGlvbl9vcl9mYWlsKCkgewogICAgW1sgLXogIiR7UEFSQU1TX1VSTH0iICAmJiAgLXogIiR7UEFSQU1TX0dJVF9TQ1JJUFR9IiBdXSAmJgogICAgICAgIGZhaWwgIlBhcmFtZXRlciBVUkwgb3IgU0NSSVBUIG11c3QgYmUgc2V0ISIKCiAgICBbWyAteiAiJHtXT1JLU1BBQ0VTX1JPT1RfUEFUSH0iIF1dICYmCiAgICAgICAgZmFpbCAiUm9vdCBXb3Jrc3BhY2UgaXMgbm90IHNldCEiCgogICAgW1sgISAtZCAiJHtXT1JLU1BBQ0VTX1JPT1RfUEFUSH0iIF1dICYmCiAgICAgICAgZmFpbCAiUm9vdCBXb3Jrc3BhY2UgZGlyZWN0b3J5IG5vdCBmb3VuZCEiCiAgICByZXR1cm4gMAp9CgojIENvcHkgdGhlIGZpbGUgaW50byB0aGUgZGVzdGluYXRpb24sIGNoZWNraW5nIGlmIHRoZSBzb3VyY2UgZXhpc3RzLgpjb3B5X29yX2ZhaWwoKSB7CiAgICBsb2NhbCBfbW9kZT0iJHsxfSIKICAgIGxvY2FsIF9zcmM9IiR7Mn0iCiAgICBsb2NhbCBfZHN0PSIkezN9IgoKICAgIGlmIFtbICEgLWYgIiR7X3NyY30iICYmICEgLWQgIiR7X3NyY30iIF1dOyB0aGVuCiAgICAgICAgZmFpbCAiU291cmNlIGZpbGUvZGlyZWN0b3J5IGlzIG5vdCBmb3VuZCBhdCAnJHtfc3JjfSciCiAgICBmaQoKICAgIGlmIFtbIC1kICIke19zcmN9IiBdXTsgdGhlbgogICAgICAgIGNwIC1SdiAke19zcmN9ICR7X2RzdH0KICAgICAgICBjaG1vZCAtdiAke19tb2RlfSAke19kc3R9CiAgICBlbHNlCiAgICAgICAgaW5zdGFsbCAtLXZlcmJvc2UgLS1tb2RlPSR7X21vZGV9ICR7X3NyY30gJHtfZHN0fQogICAgZmkKfQoKIyBEZWxldGUgYW55IGV4aXN0aW5nIGNvbnRlbnRzIG9mIHRoZSByZXBvIGRpcmVjdG9yeSBpZiBpdCBleGlzdHMuIFdlIGRvbid0IGp1c3QgInJtIC1yZiA8ZGlyPiIKIyBiZWNhdXNlIG1pZ2h0IGJlICIvIiBvciB0aGUgcm9vdCBvZiBhIG1vdW50ZWQgdm9sdW1lLgpjbGVhbl9kaXIoKSB7CiAgICBsb2NhbCBfZGlyPSIkezF9IgoKICAgIFtbICEgLWQgIiR7X2Rpcn0iIF1dICYmCiAgICAgICAgcmV0dXJuIDAKCiAgICAjIERlbGV0ZSBub24taGlkZGVuIGZpbGVzIGFuZCBkaXJlY3RvcmllcwogICAgcm0gLXJmdiAke19kaXI6P30vKgogICAgIyBEZWxldGUgZmlsZXMgYW5kIGRpcmVjdG9yaWVzIHN0YXJ0aW5nIHdpdGggLiBidXQgZXhjbHVkaW5nIC4uCiAgICBybSAtcmZ2ICR7X2Rpcn0vLlshLl0qCiAgICAjIERlbGV0ZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgc3RhcnRpbmcgd2l0aCAuLiBwbHVzIGFueSBvdGhlciBjaGFyYWN0ZXIKICAgIHJtIC1yZnYgJHtfZGlyfS8uLj8qCn0KCiMKIyBTZXR0aW5ncwojCgojIHdoZW4gdGhlIGtvLWFwcCBkaXJlY3RvcnkgaXMgcHJlc2VudCwgbWFraW5nIHN1cmUgaXQncyBwYXJ0IG9mIHRoZSBQQVRICltbIC1kICIva28tYXBwIiBdXSAmJiBleHBvcnQgUEFUSD0iJHtQQVRIfTova28tYXBwIgoKIyBtYWtpbmcgdGhlIHNoZWxsIHZlcmJvc2Ugd2hlbiB0aGUgcGFyYW10ZXIgaXMgc2V0CltbICIke1BBUkFNU19WRVJCT1NFfSIgPT0gInRydWUiIF1dICYmIHNldCAteAoKcmV0dXJuIDA=" |base64 -d >"/scripts/common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgc2gKc2V0IC1ldQoKc291cmNlICQoQ0RQQVRIPSBjZCAtLSAiJChkaXJuYW1lIC0tICR7MH0pIiAmJiBwd2QpL2NvbW1vbi5zaAoKYXNzZXJ0X3JlcXVpcmVkX2NvbmZpZ3VyYXRpb25fb3JfZmFpbAoKcGhhc2UgIlNldHRpbmcgb3V0cHV0IHdvcmtzcGFjZSBhcyBzYWZlIGRpcmVjdG9yeSAoJyR7V09SS1NQQUNFU19ST09UX1BBVEh9JykiCmdpdCBjb25maWcgLS1nbG9iYWwgLS1hZGQgc2FmZS5kaXJlY3RvcnkgIiR7V09SS1NQQUNFU19ST09UX1BBVEh9IgoKIyBTZXR0aW5nIHVwIHRoZSBjb25maWcgZm9yIHRoZSBnaXQuCgppZiBbIC1uICIke1BBUkFNU19HSVRfVVNFUl9FTUFJTH0iIF0gOyB0aGVuCiAgICBwaGFzZSAiU2V0dGluZyBnbG9iYWwgZW1haWwgZm9yIGdpdCAke1BBUkFNU19HSVRfVVNFUl9FTUFJTH0iCiAgICBnaXQgY29uZmlnIC0tZ2xvYmFsIHVzZXIuZW1haWwgIiR7UEFSQU1TX0dJVF9VU0VSX0VNQUlMfSIKZmkKCmlmIFsgLW4gIiR7UEFSQU1TX0dJVF9VU0VSX05BTUV9IiBdIDsgdGhlbgogICAgcGhhc2UgIlNldHRpbmcgZ2xvYmFsIHVzZXJuYW1lIGZvciBnaXQgJHtQQVJBTVNfR0lUX1VTRVJfTkFNRX0iCiAgICBnaXQgY29uZmlnIC0tZ2xvYmFsIHVzZXIubmFtZSAiJHtQQVJBTVNfR0lUX1VTRVJfTkFNRX0iCmZpCgojCiMgQ0EgKGBzc2wtY2EtZGlyZWN0b3J5YCBXb3Jrc3BhY2UpCiMKCmlmIFtbICIke1dPUktTUEFDRVNfU1NMX0NBX0RJUkVDVE9SWV9CT1VORH0iID09ICJ0cnVlIiAmJiAtbiAiJHtQQVJBTVNfQ1JUX0ZJTEVOQU1FfSIgXV07IHRoZW4KCXBoYXNlICJJbnNwZWN0aW5nICdzc2wtY2EtZGlyZWN0b3J5JyB3b3Jrc3BhY2UgbG9va2luZyBmb3IgJyR7UEFSQU1TX0NSVF9GSUxFTkFNRX0nIGZpbGUiCgljcnQ9IiR7V09SS1NQQUNFU19TU0xfQ0FfRElSRUNUT1JZX1BBVEh9LyR7UEFSQU1TX0NSVF9GSUxFTkFNRX0iCglbWyAhIC1mICIke2NydH0iIF1dICYmCgkJZmFpbCAiQ1JUIGZpbGUgKFBBUkFNU19DUlRfRklMRU5BTUUpIG5vdCBmb3VuZCBhdCAnJHtjcnR9JyIKCglwaGFzZSAiRXhwb3J0aW5nIGN1c3RvbSBDQSBjZXJ0aWZpY2F0ZSAnR0lUX1NTTF9DQUlORk89JHtjcnR9JyIKCWV4cG9ydCBHSVRfU1NMX0NBSU5GTz0ke2NydH0KZmkKCiMKIyBQcm94eSBTZXR0aW5ncwojCgpwaGFzZSAiU2V0dGluZyB1cCBIVFRQX1BST1hZPScke1BBUkFNU19IVFRQX1BST1hZfSciCltbIC1uICIke1BBUkFNU19IVFRQX1BST1hZfSIgXV0gJiYgZXhwb3J0IEhUVFBfUFJPWFk9IiR7UEFSQU1TX0hUVFBfUFJPWFl9IgoKcGhhc2UgIlNldHR0aW5nIHVwIEhUVFBTX1BST1hZPScke1BBUkFNU19IVFRQU19QUk9YWX0nIgpbWyAtbiAiJHtQQVJBTVNfSFRUUFNfUFJPWFl9IiBdXSAmJiBleHBvcnQgSFRUUFNfUFJPWFk9IiR7UEFSQU1TX0hUVFBTX1BST1hZfSIKCnBoYXNlICJTZXR0aW5nIHVwIE5PX1BST1hZPScke1BBUkFNU19OT19QUk9YWX0nIgpbWyAtbiAiJHtQQVJBTVNfTk9fUFJPWFl9IiBdXSAmJiBleHBvcnQgTk9fUFJPWFk9IiR7UEFSQU1TX05PX1BST1hZfSIKCgppZiBbWyAhIC16ICIke1BBUkFNU19VUkx9IiBdXTsKdGhlbgogICAgcGhhc2UgIkNsb25pbmcgJyR7UEFSQU1TX1VSTH0nIGludG8gJyR7Y2hlY2tvdXRfZGlyfSciCiAgICBzZXQgLXgKICAgIGV4ZWMgZ2l0LWluaXQgXAogICAgICAgIC11cmw9IiR7UEFSQU1TX1VSTH0iIFwKICAgICAgICAtcmV2aXNpb249IiR7UEFSQU1TX1JFVklTSU9OfSIgXAogICAgICAgIC1yZWZzcGVjPSIke1BBUkFNU19SRUZTUEVDfSIgXAogICAgICAgIC1wYXRoPSIke2NoZWNrb3V0X2Rpcn0iIFwKICAgICAgICAtc3NsVmVyaWZ5PSIke1BBUkFNU19TU0xfVkVSSUZZfSIgXAogICAgICAgIC1zdWJtb2R1bGVzPSIke1BBUkFNU19TVUJNT0RVTEVTfSIgXAogICAgICAgIC1kZXB0aD0iJHtQQVJBTVNfREVQVEh9IiBcCiAgICAgICAgLXNwYXJzZUNoZWNrb3V0RGlyZWN0b3JpZXM9IiR7UEFSQU1TX1NQQVJTRV9DSEVDS09VVF9ESVJFQ1RPUklFU30iCmVsc2UKICAgIHBoYXNlICJSdW5uaW5nIHRoZSBwcm92aWRlZCBzY3JpcHRzICR7UEFSQU1TX0dJVF9TQ1JJUFR9IGluICR7Y2hlY2tvdXRfZGlyfSIKICAgIGV2YWwgIiR7UEFSQU1TX0dJVF9TQ1JJUFR9IgoKICAgIFJFU1VMVF9TSEE9IiQoZ2l0IHJldi1wYXJzZSBIRUFEIHwgdHIgLWQgJ1xuJykiCiAgICBFWElUX0NPREU9IiQ/IgogICAgaWYgWyAiJEVYSVRfQ09ERSIgIT0gMCBdCiAgICB0aGVuCiAgICAgICAgZXhpdCAkRVhJVF9DT0RFCiAgICBmaQogICAgIyBNYWtlIHN1cmUgd2UgZG9uJ3QgYWRkIGEgdHJhaWxpbmcgbmV3bGluZSB0byB0aGUgcmVzdWx0IQogICAgcHJpbnRmICIlcyIgIiRSRVNVTFRfU0hBIiA+ICIke1JFU1VMVFNfQ09NTUlUX1BBVEh9IgogICAgZWNobyAkUkVTVUxUX1NIQQpmaQoK" |base64 -d >"/scripts/git-run.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgc2gKIwojIFNldHMgdXAgdGhlIGJhc2ljIGFuZCBTU0ggYXV0aGVudGljYXRpb24gYmFzZWQgb24gaW5mb3JtZWQgd29ya3NwYWNlcywgYXMgd2VsbCBhcyBjbGVhbmluZyB1cCB0aGUKIyBwcmV2aW91cyBnaXQtY2xvbmUgc3RhbGUgZGF0YS4KIwoKc2V0IC1ldQoKc291cmNlICQoQ0RQQVRIPSBjZCAtLSAiJChkaXJuYW1lIC0tICR7MH0pIiAmJiBwd2QpL2NvbW1vbi5zaAoKYXNzZXJ0X3JlcXVpcmVkX2NvbmZpZ3VyYXRpb25fb3JfZmFpbAoKcGhhc2UgIlByZXBhcmluZyB0aGUgZmlsZXN5c3RlbSBiZWZvcmUgY2xvbmluZyB0aGUgcmVwb3NpdG9yeSIKCmlmIFtbICIke1BBUkFNU19ERUxFVEVfRVhJU1RJTkd9IiA9PSAidHJ1ZSIgXV07IHRoZW4KCXBoYXNlICJEZWxldGluZyBhbGwgY29udGVudHMgb2YgY2hlY2tvdXQtZGlyICcke2NoZWNrb3V0X2Rpcn0nIgoJY2xlYW5fZGlyICR7Y2hlY2tvdXRfZGlyfSB8fCB0cnVlCmZpCgppZiBbWyAiJHtXT1JLU1BBQ0VTX0JBU0lDX0FVVEhfQk9VTkR9IiA9PSAidHJ1ZSIgXV07IHRoZW4KCXBoYXNlICJDb25maWd1cmluZyBHaXQgYXV0aGVudGljYXRpb24gd2l0aCAnYmFzaWMtYXV0aCcgV29ya3NwYWNlIGZpbGVzIgoKCWZvciBmIGluIC5naXQtY3JlZGVudGlhbHMgLmdpdGNvbmZpZzsgZG8KCQlzcmM9IiR7V09SS1NQQUNFU19CQVNJQ19BVVRIX1BBVEh9LyR7Zn0iCgkJcGhhc2UgIkNvcHlpbmcgJyR7c3JjfScgdG8gJyR7UEFSQU1TX1VTRVJfSE9NRX0nIgoJCWNvcHlfb3JfZmFpbCA0MDAgJHtzcmN9ICIke1BBUkFNU19VU0VSX0hPTUV9LyIKCWRvbmUKZmkKCmlmIFtbICIke1dPUktTUEFDRVNfU1NIX0RJUkVDVE9SWV9CT1VORH0iID09ICJ0cnVlIiBdXTsgdGhlbgoJcGhhc2UgIkNvcHlpbmcgJy5zc2gnIGZyb20gc3NoLWRpcmVjdG9yeSB3b3Jrc3BhY2UgKCcke1dPUktTUEFDRVNfU1NIX0RJUkVDVE9SWV9QQVRIfScpIgoKCWRvdF9zc2g9IiR7UEFSQU1TX1VTRVJfSE9NRX0vLnNzaCIKCWNvcHlfb3JfZmFpbCA3MDAgJHtXT1JLU1BBQ0VTX1NTSF9ESVJFQ1RPUllfUEFUSH0gJHtkb3Rfc3NofQoJY2htb2QgLVJ2IDQwMCAke2RvdF9zc2h9LyoKZmkKCgpleGl0IDA=" |base64 -d >"/scripts/prepare.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgc2gKIwojIFNjYW4gdGhlIGNsb25lZCByZXBvc2l0b3J5IGluIG9yZGVyIHRvIHJlcG9ydCBkZXRhaWxzIHdyaXR0aW5nIHRoZSByZXN1bHQgZmlsZXMuCiMKCnNldCAtZXUKCnNvdXJjZSAkKENEUEFUSD0gY2QgLS0gIiQoZGlybmFtZSAtLSAkezB9KSIgJiYgcHdkKS9jb21tb24uc2gKCmFzc2VydF9yZXF1aXJlZF9jb25maWd1cmF0aW9uX29yX2ZhaWwKCnBoYXNlICJDb2xsZWN0aW5nIGNsb25lZCByZXBvc2l0b3J5IGluZm9ybWF0aW9uICgnJHtjaGVja291dF9kaXJ9JykiCgpjZCAiJHtjaGVja291dF9kaXJ9IiB8fCBmYWlsICJOb3QgYWJsZSB0byBlbnRlciBjaGVja291dC1kaXIgJyR7Y2hlY2tvdXRfZGlyfSciCgpwaGFzZSAiU2V0dGluZyBvdXRwdXQgd29ya3NwYWNlIGFzIHNhZmUgZGlyZWN0b3J5ICgnJHtXT1JLU1BBQ0VTX1JPT1RfUEFUSH0nKSIKZ2l0IGNvbmZpZyAtLWdsb2JhbCAtLWFkZCBzYWZlLmRpcmVjdG9yeSAiJHtXT1JLU1BBQ0VTX1JPT1RfUEFUSH0iCgpyZXN1bHRfc2hhPSIkKGdpdCByZXYtcGFyc2UgSEVBRCkiCnJlc3VsdF9jb21taXR0ZXJfZGF0ZT0iJChnaXQgbG9nIC0xIC0tcHJldHR5PSVjdCkiCgpwaGFzZSAiUmVwb3J0aW5nIGxhc3QgY29tbWl0IGRhdGUgJyR7cmVzdWx0X2NvbW1pdHRlcl9kYXRlfSciCnByaW50ZiAiJXMiICIke3Jlc3VsdF9jb21taXR0ZXJfZGF0ZX0iID4ke1JFU1VMVFNfQ09NTUlUVEVSX0RBVEVfUEFUSH0KCnBoYXNlICJSZXBvcnRpbmcgcGFyc2VkIHJldmlzaW9uIFNIQSAnJHtyZXN1bHRfc2hhfSciCnByaW50ZiAiJXMiICIke3Jlc3VsdF9zaGF9IiA+JHtSRVNVTFRTX0NPTU1JVF9QQVRIfQoKcGhhc2UgIlJlcG9ydGluZyByZXBvc2l0b3J5IFVSTCAnJHtQQVJBTVNfVVJMfSciCnByaW50ZiAiJXMiICIke1BBUkFNU19VUkx9IiA+JHtSRVNVTFRTX1VSTF9QQVRIfQoKZXhpdCAw" |base64 -d >"/scripts/report.sh" + chmod +x /scripts/*.sh;echo "Running Script /scripts/prepare.sh"; + /scripts/prepare.sh;echo "Running Script /scripts/git-run.sh"; + /scripts/git-run.sh; + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: user-home + mountPath: "$(params.USER_HOME)" diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-git-clone/task-git-clone-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-git-clone/task-git-clone-task.yaml new file mode 100644 index 0000000000..fb01b4b0d7 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-git-clone/task-git-clone-task.yaml @@ -0,0 +1,238 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-git-clone/0.4.1/task-git-clone.yaml +# +--- +--- +# Source: task-git/templates/task-git-clone.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: git-clone + labels: + app.kubernetes.io/version: 0.4.1 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-git" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/categories: Git + tekton.dev/displayName: git + tekton.dev/pipelines.minVersion: 0.54.0 + tekton.dev/platforms: linux/amd64,linux/s390x,linux/ppc64le,linux/arm64 + tekton.dev/tags: git +spec: + description: | + This object represents Git and is able to initialize and clone a remote repository on the informed Workspace. It's likely to become the first `step` on a Pipeline. + + + workspaces: + - name: ssh-directory + optional: true + description: | + A `.ssh` directory with private key, `known_hosts`, `config`, etc. + Copied to the Git user's home before cloning the repository, in order to + server as authentication mechanismBinding a Secret to this Workspace is + strongly recommended over other volume types. + - name: basic-auth + optional: true + description: | + A Workspace containing a `.gitconfig` and `.git-credentials` files. + These will be copied to the user's home before Git commands run. All + other files in this Workspace are ignored. It is strongly recommended to + use `ssh-directory` over `basic-auth` whenever possible, and to bind a + Secret to this Workspace over other volume types. + - name: ssl-ca-directory + optional: true + description: | + A Workspace containing CA certificates, this will be used by Git to + verify the peer with when interacting with remote repositories using + HTTPS. + - name: output + description: | + A workspace that contains the fetched git repository, data will be placed on the root of the + Workspace, or on the relative path defined by the SUBDIRECTORY + parameter. + + params: + - name: CRT_FILENAME + type: string + default: ca-bundle.crt + description: | + Certificate Authority (CA) bundle filename in the SSL CA directory. + - name: HTTP_PROXY + type: string + default: "" + description: | + HTTP proxy server (non-TLS requests). + - name: HTTPS_PROXY + type: string + default: "" + description: | + HTTPS proxy server (TLS requests). + - name: NO_PROXY + type: string + default: "" + description: | + Opt out of proxying HTTP/HTTPS requests. + - name: SUBDIRECTORY + type: string + default: "" + description: | + Path to the directory for storing the cloned Git repository, relative to the + output directory. + - name: USER_HOME + type: string + default: "/home/git" + description: | + Absolute path to the Git user home directory. + - name: DELETE_EXISTING + type: string + default: "true" + description: | + Clean out the contents of the default Workspace before specific Git operations occur, if data exists. + - name: VERBOSE + type: string + default: "false" + description: | + Log the executed commands. + - name: SSL_VERIFY + type: string + default: "true" + description: | + Sets the global `http.sslVerify` value, `false` is not advised unless + you trust the remote repository. + - name: URL + type: string + description: | + Git repository URL. + - name: REVISION + type: string + default: main + description: | + Revision to checkout, an branch, tag, sha, ref, etc... + - name: REFSPEC + default: "" + description: | + Repository `refspec` to fetch before checking out the revision. + - name: SUBMODULES + type: string + default: "true" + description: | + Initialize and fetch Git submodules. + - name: DEPTH + type: string + default: "1" + description: | + Number of commits to fetch, a "shallow clone" is a single commit. + - name: SPARSE_CHECKOUT_DIRECTORIES + type: string + default: "" + description: | + List of directory patterns split by comma to perform "sparse checkout". + + results: + - name: COMMIT + description: | + The precise commit SHA digest cloned. + - name: URL + description: | + The precise repository URL. + - name: COMMITTER_DATE + description: | + The epoch timestamp of the commit cloned. + + volumes: + - name: user-home + emptyDir: {} + - name: scripts-dir + emptyDir: {} + + stepTemplate: + env: + + - name: PARAMS_URL + value: "$(params.URL)" + - name: PARAMS_REVISION + value: "$(params.REVISION)" + - name: PARAMS_REFSPEC + value: "$(params.REFSPEC)" + - name: PARAMS_SUBMODULES + value: "$(params.SUBMODULES)" + - name: PARAMS_DEPTH + value: "$(params.DEPTH)" + - name: PARAMS_SPARSE_CHECKOUT_DIRECTORIES + value: "$(params.SPARSE_CHECKOUT_DIRECTORIES)" + - name: RESULTS_COMMITTER_DATE_PATH + value: "$(results.COMMITTER_DATE.path)" + - name: RESULTS_URL_PATH + value: "$(results.URL.path)" + - name: WORKSPACES_OUTPUT_PATH + value: "$(workspaces.output.path)" + + - name: PARAMS_SSL_VERIFY + value: "$(params.SSL_VERIFY)" + - name: PARAMS_CRT_FILENAME + value: "$(params.CRT_FILENAME)" + - name: PARAMS_SUBDIRECTORY + value: "$(params.SUBDIRECTORY)" + - name: PARAMS_DELETE_EXISTING + value: "$(params.DELETE_EXISTING)" + - name: PARAMS_HTTP_PROXY + value: "$(params.HTTP_PROXY)" + - name: PARAMS_HTTPS_PROXY + value: "$(params.HTTPS_PROXY)" + - name: PARAMS_NO_PROXY + value: "$(params.NO_PROXY)" + - name: PARAMS_VERBOSE + value: "$(params.VERBOSE)" + - name: PARAMS_USER_HOME + value: "$(params.USER_HOME)" + - name: WORKSPACES_SSH_DIRECTORY_BOUND + value: "$(workspaces.ssh-directory.bound)" + - name: WORKSPACES_SSH_DIRECTORY_PATH + value: "$(workspaces.ssh-directory.path)" + - name: WORKSPACES_BASIC_AUTH_BOUND + value: "$(workspaces.basic-auth.bound)" + - name: WORKSPACES_BASIC_AUTH_PATH + value: "$(workspaces.basic-auth.path)" + - name: WORKSPACES_SSL_CA_DIRECTORY_BOUND + value: "$(workspaces.ssl-ca-directory.bound)" + - name: WORKSPACES_SSL_CA_DIRECTORY_PATH + value: "$(workspaces.ssl-ca-directory.path)" + - name: RESULTS_COMMIT_PATH + value: "$(results.COMMIT.path)" + computeResources: + limits: + cpu: 100m + memory: 256Mi + requests: + cpu: 100m + memory: 256Mi + securityContext: + runAsNonRoot: true + runAsUser: 65532 + + steps: + - name: prepare-and-run + image: registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8@sha256:c4b2183f7c7997bd401d86b33eefb637b3ef2fa90618e875106292cd69a15c14 + workingDir: $(workspaces.output.path) + script: | + set -e + printf '%s' "IyEvdXNyL2Jpbi9lbnYgc2gKCmV4cG9ydCBQQVJBTVNfVVJMPSIke1BBUkFNU19VUkw6LX0iCmV4cG9ydCBQQVJBTVNfUkVWSVNJT049IiR7UEFSQU1TX1JFVklTSU9OOi19IgpleHBvcnQgUEFSQU1TX1JFRlNQRUM9IiR7UEFSQU1TX1JFRlNQRUM6LX0iCmV4cG9ydCBQQVJBTVNfU1VCTU9EVUxFUz0iJHtQQVJBTVNfU1VCTU9EVUxFUzotfSIKZXhwb3J0IFBBUkFNU19ERVBUSD0iJHtQQVJBTVNfREVQVEg6LX0iCmV4cG9ydCBQQVJBTVNfU1NMX1ZFUklGWT0iJHtQQVJBTVNfU1NMX1ZFUklGWTotfSIKZXhwb3J0IFBBUkFNU19DUlRfRklMRU5BTUU9IiR7UEFSQU1TX0NSVF9GSUxFTkFNRTotfSIKZXhwb3J0IFBBUkFNU19TVUJESVJFQ1RPUlk9IiR7UEFSQU1TX1NVQkRJUkVDVE9SWTotfSIKZXhwb3J0IFBBUkFNU19TUEFSU0VfQ0hFQ0tPVVRfRElSRUNUT1JJRVM9IiR7UEFSQU1TX1NQQVJTRV9DSEVDS09VVF9ESVJFQ1RPUklFUzotfSIKZXhwb3J0IFBBUkFNU19ERUxFVEVfRVhJU1RJTkc9IiR7UEFSQU1TX0RFTEVURV9FWElTVElORzotfSIKZXhwb3J0IFBBUkFNU19IVFRQX1BST1hZPSIke1BBUkFNU19IVFRQX1BST1hZOi19IgpleHBvcnQgUEFSQU1TX0hUVFBTX1BST1hZPSIke1BBUkFNU19IVFRQU19QUk9YWTotfSIKZXhwb3J0IFBBUkFNU19OT19QUk9YWT0iJHtQQVJBTVNfTk9fUFJPWFk6LX0iCmV4cG9ydCBQQVJBTVNfVkVSQk9TRT0iJHtQQVJBTVNfVkVSQk9TRTotfSIKZXhwb3J0IFBBUkFNU19VU0VSX0hPTUU9IiR7UEFSQU1TX1VTRVJfSE9NRTotfSIKZXhwb3J0IFBBUkFNU19HSVRfVVNFUl9FTUFJTD0iJHtQQVJBTVNfR0lUX1VTRVJfRU1BSUw6LX0iCmV4cG9ydCBQQVJBTVNfR0lUX1VTRVJfTkFNRT0iJHtQQVJBTVNfR0lUX1VTRVJfTkFNRTotfSIKZXhwb3J0IFBBUkFNU19HSVRfU0NSSVBUPSIke1BBUkFNU19HSVRfU0NSSVBUOi19IgoKZXhwb3J0IFdPUktTUEFDRVNfU09VUkNFX1BBVEg9IiR7V09SS1NQQUNFU19TT1VSQ0VfUEFUSDotfSIKZXhwb3J0IFdPUktTUEFDRVNfT1VUUFVUX1BBVEg9IiR7V09SS1NQQUNFU19PVVRQVVRfUEFUSDotfSIKZXhwb3J0IFdPUktTUEFDRVNfU1NIX0RJUkVDVE9SWV9CT1VORD0iJHtXT1JLU1BBQ0VTX1NTSF9ESVJFQ1RPUllfQk9VTkQ6LX0iCmV4cG9ydCBXT1JLU1BBQ0VTX1NTSF9ESVJFQ1RPUllfUEFUSD0iJHtXT1JLU1BBQ0VTX1NTSF9ESVJFQ1RPUllfUEFUSDotfSIKZXhwb3J0IFdPUktTUEFDRVNfQkFTSUNfQVVUSF9CT1VORD0iJHtXT1JLU1BBQ0VTX0JBU0lDX0FVVEhfQk9VTkQ6LX0iCmV4cG9ydCBXT1JLU1BBQ0VTX0JBU0lDX0FVVEhfUEFUSD0iJHtXT1JLU1BBQ0VTX0JBU0lDX0FVVEhfUEFUSDotfSIKZXhwb3J0IFdPUktTUEFDRVNfU1NMX0NBX0RJUkVDVE9SWV9CT1VORD0iJHtXT1JLU1BBQ0VTX1NTTF9DQV9ESVJFQ1RPUllfQk9VTkQ6LX0iCmV4cG9ydCBXT1JLU1BBQ0VTX1NTTF9DQV9ESVJFQ1RPUllfUEFUSD0iJHtXT1JLU1BBQ0VTX1NTTF9DQV9ESVJFQ1RPUllfUEFUSDotfSIKCmV4cG9ydCBSRVNVTFRTX0NPTU1JVFRFUl9EQVRFX1BBVEg9IiR7UkVTVUxUU19DT01NSVRURVJfREFURV9QQVRIOi19IgpleHBvcnQgUkVTVUxUU19DT01NSVRfUEFUSD0iJHtSRVNVTFRTX0NPTU1JVF9QQVRIOi19IgpleHBvcnQgUkVTVUxUU19VUkxfUEFUSD0iJHtSRVNVTFRTX1VSTF9QQVRIOi19IgoKIyBmdWxsIHBhdGggdG8gdGhlIGNoZWNrb3V0IGRpcmVjdG9yeSwgdXNpbmcgdGhlIHNvdXJjZSB3b3Jrc3BhY2UgYW5kIHN1YmRpcmVjdG9yIHBhcmFtZXRlcgpbWyAhIC16ICR7V09SS1NQQUNFU19TT1VSQ0VfUEFUSH0gXV0gJiYgZXhwb3J0IFdPUktTUEFDRVNfUk9PVF9QQVRIPSIke1dPUktTUEFDRVNfU09VUkNFX1BBVEh9IgpbWyAhIC16ICR7V09SS1NQQUNFU19PVVRQVVRfUEFUSH0gXV0gJiYgZXhwb3J0IFdPUktTUEFDRVNfUk9PVF9QQVRIPSIke1dPUktTUEFDRVNfT1VUUFVUX1BBVEh9IgoKY2hlY2tvdXRfZGlyPSIke1dPUktTUEFDRVNfUk9PVF9QQVRIfS8ke1BBUkFNU19TVUJESVJFQ1RPUll9IgoKIwojIEZ1bmN0aW9ucwojCgpmYWlsKCkgewogICAgZWNobyAiRVJST1I6ICR7QH0iIDE+JjIKICAgIGV4aXQgMQp9CgpwaGFzZSgpIHsKICAgIGVjaG8gIi0tLT4gUGhhc2U6ICR7QH0uLi4iCn0KCiMgSW5zcGVjdCB0aGUgZW52aXJvbm1lbnQgdmFyaWFibGVzIHRvIGFzc2VydCB0aGUgbWluaW11bSBjb25maWd1cmF0aW9uIGlzIGluZm9ybWVkLgphc3NlcnRfcmVxdWlyZWRfY29uZmlndXJhdGlvbl9vcl9mYWlsKCkgewogICAgW1sgLXogIiR7UEFSQU1TX1VSTH0iICAmJiAgLXogIiR7UEFSQU1TX0dJVF9TQ1JJUFR9IiBdXSAmJgogICAgICAgIGZhaWwgIlBhcmFtZXRlciBVUkwgb3IgU0NSSVBUIG11c3QgYmUgc2V0ISIKCiAgICBbWyAteiAiJHtXT1JLU1BBQ0VTX1JPT1RfUEFUSH0iIF1dICYmCiAgICAgICAgZmFpbCAiUm9vdCBXb3Jrc3BhY2UgaXMgbm90IHNldCEiCgogICAgW1sgISAtZCAiJHtXT1JLU1BBQ0VTX1JPT1RfUEFUSH0iIF1dICYmCiAgICAgICAgZmFpbCAiUm9vdCBXb3Jrc3BhY2UgZGlyZWN0b3J5IG5vdCBmb3VuZCEiCiAgICByZXR1cm4gMAp9CgojIENvcHkgdGhlIGZpbGUgaW50byB0aGUgZGVzdGluYXRpb24sIGNoZWNraW5nIGlmIHRoZSBzb3VyY2UgZXhpc3RzLgpjb3B5X29yX2ZhaWwoKSB7CiAgICBsb2NhbCBfbW9kZT0iJHsxfSIKICAgIGxvY2FsIF9zcmM9IiR7Mn0iCiAgICBsb2NhbCBfZHN0PSIkezN9IgoKICAgIGlmIFtbICEgLWYgIiR7X3NyY30iICYmICEgLWQgIiR7X3NyY30iIF1dOyB0aGVuCiAgICAgICAgZmFpbCAiU291cmNlIGZpbGUvZGlyZWN0b3J5IGlzIG5vdCBmb3VuZCBhdCAnJHtfc3JjfSciCiAgICBmaQoKICAgIGlmIFtbIC1kICIke19zcmN9IiBdXTsgdGhlbgogICAgICAgIGNwIC1SdiAke19zcmN9ICR7X2RzdH0KICAgICAgICBjaG1vZCAtdiAke19tb2RlfSAke19kc3R9CiAgICBlbHNlCiAgICAgICAgaW5zdGFsbCAtLXZlcmJvc2UgLS1tb2RlPSR7X21vZGV9ICR7X3NyY30gJHtfZHN0fQogICAgZmkKfQoKIyBEZWxldGUgYW55IGV4aXN0aW5nIGNvbnRlbnRzIG9mIHRoZSByZXBvIGRpcmVjdG9yeSBpZiBpdCBleGlzdHMuIFdlIGRvbid0IGp1c3QgInJtIC1yZiA8ZGlyPiIKIyBiZWNhdXNlIG1pZ2h0IGJlICIvIiBvciB0aGUgcm9vdCBvZiBhIG1vdW50ZWQgdm9sdW1lLgpjbGVhbl9kaXIoKSB7CiAgICBsb2NhbCBfZGlyPSIkezF9IgoKICAgIFtbICEgLWQgIiR7X2Rpcn0iIF1dICYmCiAgICAgICAgcmV0dXJuIDAKCiAgICAjIERlbGV0ZSBub24taGlkZGVuIGZpbGVzIGFuZCBkaXJlY3RvcmllcwogICAgcm0gLXJmdiAke19kaXI6P30vKgogICAgIyBEZWxldGUgZmlsZXMgYW5kIGRpcmVjdG9yaWVzIHN0YXJ0aW5nIHdpdGggLiBidXQgZXhjbHVkaW5nIC4uCiAgICBybSAtcmZ2ICR7X2Rpcn0vLlshLl0qCiAgICAjIERlbGV0ZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgc3RhcnRpbmcgd2l0aCAuLiBwbHVzIGFueSBvdGhlciBjaGFyYWN0ZXIKICAgIHJtIC1yZnYgJHtfZGlyfS8uLj8qCn0KCiMKIyBTZXR0aW5ncwojCgojIHdoZW4gdGhlIGtvLWFwcCBkaXJlY3RvcnkgaXMgcHJlc2VudCwgbWFraW5nIHN1cmUgaXQncyBwYXJ0IG9mIHRoZSBQQVRICltbIC1kICIva28tYXBwIiBdXSAmJiBleHBvcnQgUEFUSD0iJHtQQVRIfTova28tYXBwIgoKIyBtYWtpbmcgdGhlIHNoZWxsIHZlcmJvc2Ugd2hlbiB0aGUgcGFyYW10ZXIgaXMgc2V0CltbICIke1BBUkFNU19WRVJCT1NFfSIgPT0gInRydWUiIF1dICYmIHNldCAteAoKcmV0dXJuIDA=" |base64 -d >"/scripts/common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgc2gKc2V0IC1ldQoKc291cmNlICQoQ0RQQVRIPSBjZCAtLSAiJChkaXJuYW1lIC0tICR7MH0pIiAmJiBwd2QpL2NvbW1vbi5zaAoKYXNzZXJ0X3JlcXVpcmVkX2NvbmZpZ3VyYXRpb25fb3JfZmFpbAoKcGhhc2UgIlNldHRpbmcgb3V0cHV0IHdvcmtzcGFjZSBhcyBzYWZlIGRpcmVjdG9yeSAoJyR7V09SS1NQQUNFU19ST09UX1BBVEh9JykiCmdpdCBjb25maWcgLS1nbG9iYWwgLS1hZGQgc2FmZS5kaXJlY3RvcnkgIiR7V09SS1NQQUNFU19ST09UX1BBVEh9IgoKIyBTZXR0aW5nIHVwIHRoZSBjb25maWcgZm9yIHRoZSBnaXQuCgppZiBbIC1uICIke1BBUkFNU19HSVRfVVNFUl9FTUFJTH0iIF0gOyB0aGVuCiAgICBwaGFzZSAiU2V0dGluZyBnbG9iYWwgZW1haWwgZm9yIGdpdCAke1BBUkFNU19HSVRfVVNFUl9FTUFJTH0iCiAgICBnaXQgY29uZmlnIC0tZ2xvYmFsIHVzZXIuZW1haWwgIiR7UEFSQU1TX0dJVF9VU0VSX0VNQUlMfSIKZmkKCmlmIFsgLW4gIiR7UEFSQU1TX0dJVF9VU0VSX05BTUV9IiBdIDsgdGhlbgogICAgcGhhc2UgIlNldHRpbmcgZ2xvYmFsIHVzZXJuYW1lIGZvciBnaXQgJHtQQVJBTVNfR0lUX1VTRVJfTkFNRX0iCiAgICBnaXQgY29uZmlnIC0tZ2xvYmFsIHVzZXIubmFtZSAiJHtQQVJBTVNfR0lUX1VTRVJfTkFNRX0iCmZpCgojCiMgQ0EgKGBzc2wtY2EtZGlyZWN0b3J5YCBXb3Jrc3BhY2UpCiMKCmlmIFtbICIke1dPUktTUEFDRVNfU1NMX0NBX0RJUkVDVE9SWV9CT1VORH0iID09ICJ0cnVlIiAmJiAtbiAiJHtQQVJBTVNfQ1JUX0ZJTEVOQU1FfSIgXV07IHRoZW4KCXBoYXNlICJJbnNwZWN0aW5nICdzc2wtY2EtZGlyZWN0b3J5JyB3b3Jrc3BhY2UgbG9va2luZyBmb3IgJyR7UEFSQU1TX0NSVF9GSUxFTkFNRX0nIGZpbGUiCgljcnQ9IiR7V09SS1NQQUNFU19TU0xfQ0FfRElSRUNUT1JZX1BBVEh9LyR7UEFSQU1TX0NSVF9GSUxFTkFNRX0iCglbWyAhIC1mICIke2NydH0iIF1dICYmCgkJZmFpbCAiQ1JUIGZpbGUgKFBBUkFNU19DUlRfRklMRU5BTUUpIG5vdCBmb3VuZCBhdCAnJHtjcnR9JyIKCglwaGFzZSAiRXhwb3J0aW5nIGN1c3RvbSBDQSBjZXJ0aWZpY2F0ZSAnR0lUX1NTTF9DQUlORk89JHtjcnR9JyIKCWV4cG9ydCBHSVRfU1NMX0NBSU5GTz0ke2NydH0KZmkKCiMKIyBQcm94eSBTZXR0aW5ncwojCgpwaGFzZSAiU2V0dGluZyB1cCBIVFRQX1BST1hZPScke1BBUkFNU19IVFRQX1BST1hZfSciCltbIC1uICIke1BBUkFNU19IVFRQX1BST1hZfSIgXV0gJiYgZXhwb3J0IEhUVFBfUFJPWFk9IiR7UEFSQU1TX0hUVFBfUFJPWFl9IgoKcGhhc2UgIlNldHR0aW5nIHVwIEhUVFBTX1BST1hZPScke1BBUkFNU19IVFRQU19QUk9YWX0nIgpbWyAtbiAiJHtQQVJBTVNfSFRUUFNfUFJPWFl9IiBdXSAmJiBleHBvcnQgSFRUUFNfUFJPWFk9IiR7UEFSQU1TX0hUVFBTX1BST1hZfSIKCnBoYXNlICJTZXR0aW5nIHVwIE5PX1BST1hZPScke1BBUkFNU19OT19QUk9YWX0nIgpbWyAtbiAiJHtQQVJBTVNfTk9fUFJPWFl9IiBdXSAmJiBleHBvcnQgTk9fUFJPWFk9IiR7UEFSQU1TX05PX1BST1hZfSIKCgppZiBbWyAhIC16ICIke1BBUkFNU19VUkx9IiBdXTsKdGhlbgogICAgcGhhc2UgIkNsb25pbmcgJyR7UEFSQU1TX1VSTH0nIGludG8gJyR7Y2hlY2tvdXRfZGlyfSciCiAgICBzZXQgLXgKICAgIGV4ZWMgZ2l0LWluaXQgXAogICAgICAgIC11cmw9IiR7UEFSQU1TX1VSTH0iIFwKICAgICAgICAtcmV2aXNpb249IiR7UEFSQU1TX1JFVklTSU9OfSIgXAogICAgICAgIC1yZWZzcGVjPSIke1BBUkFNU19SRUZTUEVDfSIgXAogICAgICAgIC1wYXRoPSIke2NoZWNrb3V0X2Rpcn0iIFwKICAgICAgICAtc3NsVmVyaWZ5PSIke1BBUkFNU19TU0xfVkVSSUZZfSIgXAogICAgICAgIC1zdWJtb2R1bGVzPSIke1BBUkFNU19TVUJNT0RVTEVTfSIgXAogICAgICAgIC1kZXB0aD0iJHtQQVJBTVNfREVQVEh9IiBcCiAgICAgICAgLXNwYXJzZUNoZWNrb3V0RGlyZWN0b3JpZXM9IiR7UEFSQU1TX1NQQVJTRV9DSEVDS09VVF9ESVJFQ1RPUklFU30iCmVsc2UKICAgIHBoYXNlICJSdW5uaW5nIHRoZSBwcm92aWRlZCBzY3JpcHRzICR7UEFSQU1TX0dJVF9TQ1JJUFR9IGluICR7Y2hlY2tvdXRfZGlyfSIKICAgIGV2YWwgIiR7UEFSQU1TX0dJVF9TQ1JJUFR9IgoKICAgIFJFU1VMVF9TSEE9IiQoZ2l0IHJldi1wYXJzZSBIRUFEIHwgdHIgLWQgJ1xuJykiCiAgICBFWElUX0NPREU9IiQ/IgogICAgaWYgWyAiJEVYSVRfQ09ERSIgIT0gMCBdCiAgICB0aGVuCiAgICAgICAgZXhpdCAkRVhJVF9DT0RFCiAgICBmaQogICAgIyBNYWtlIHN1cmUgd2UgZG9uJ3QgYWRkIGEgdHJhaWxpbmcgbmV3bGluZSB0byB0aGUgcmVzdWx0IQogICAgcHJpbnRmICIlcyIgIiRSRVNVTFRfU0hBIiA+ICIke1JFU1VMVFNfQ09NTUlUX1BBVEh9IgogICAgZWNobyAkUkVTVUxUX1NIQQpmaQoK" |base64 -d >"/scripts/git-run.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgc2gKIwojIFNldHMgdXAgdGhlIGJhc2ljIGFuZCBTU0ggYXV0aGVudGljYXRpb24gYmFzZWQgb24gaW5mb3JtZWQgd29ya3NwYWNlcywgYXMgd2VsbCBhcyBjbGVhbmluZyB1cCB0aGUKIyBwcmV2aW91cyBnaXQtY2xvbmUgc3RhbGUgZGF0YS4KIwoKc2V0IC1ldQoKc291cmNlICQoQ0RQQVRIPSBjZCAtLSAiJChkaXJuYW1lIC0tICR7MH0pIiAmJiBwd2QpL2NvbW1vbi5zaAoKYXNzZXJ0X3JlcXVpcmVkX2NvbmZpZ3VyYXRpb25fb3JfZmFpbAoKcGhhc2UgIlByZXBhcmluZyB0aGUgZmlsZXN5c3RlbSBiZWZvcmUgY2xvbmluZyB0aGUgcmVwb3NpdG9yeSIKCmlmIFtbICIke1BBUkFNU19ERUxFVEVfRVhJU1RJTkd9IiA9PSAidHJ1ZSIgXV07IHRoZW4KCXBoYXNlICJEZWxldGluZyBhbGwgY29udGVudHMgb2YgY2hlY2tvdXQtZGlyICcke2NoZWNrb3V0X2Rpcn0nIgoJY2xlYW5fZGlyICR7Y2hlY2tvdXRfZGlyfSB8fCB0cnVlCmZpCgppZiBbWyAiJHtXT1JLU1BBQ0VTX0JBU0lDX0FVVEhfQk9VTkR9IiA9PSAidHJ1ZSIgXV07IHRoZW4KCXBoYXNlICJDb25maWd1cmluZyBHaXQgYXV0aGVudGljYXRpb24gd2l0aCAnYmFzaWMtYXV0aCcgV29ya3NwYWNlIGZpbGVzIgoKCWZvciBmIGluIC5naXQtY3JlZGVudGlhbHMgLmdpdGNvbmZpZzsgZG8KCQlzcmM9IiR7V09SS1NQQUNFU19CQVNJQ19BVVRIX1BBVEh9LyR7Zn0iCgkJcGhhc2UgIkNvcHlpbmcgJyR7c3JjfScgdG8gJyR7UEFSQU1TX1VTRVJfSE9NRX0nIgoJCWNvcHlfb3JfZmFpbCA0MDAgJHtzcmN9ICIke1BBUkFNU19VU0VSX0hPTUV9LyIKCWRvbmUKZmkKCmlmIFtbICIke1dPUktTUEFDRVNfU1NIX0RJUkVDVE9SWV9CT1VORH0iID09ICJ0cnVlIiBdXTsgdGhlbgoJcGhhc2UgIkNvcHlpbmcgJy5zc2gnIGZyb20gc3NoLWRpcmVjdG9yeSB3b3Jrc3BhY2UgKCcke1dPUktTUEFDRVNfU1NIX0RJUkVDVE9SWV9QQVRIfScpIgoKCWRvdF9zc2g9IiR7UEFSQU1TX1VTRVJfSE9NRX0vLnNzaCIKCWNvcHlfb3JfZmFpbCA3MDAgJHtXT1JLU1BBQ0VTX1NTSF9ESVJFQ1RPUllfUEFUSH0gJHtkb3Rfc3NofQoJY2htb2QgLVJ2IDQwMCAke2RvdF9zc2h9LyoKZmkKCgpleGl0IDA=" |base64 -d >"/scripts/prepare.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgc2gKIwojIFNjYW4gdGhlIGNsb25lZCByZXBvc2l0b3J5IGluIG9yZGVyIHRvIHJlcG9ydCBkZXRhaWxzIHdyaXR0aW5nIHRoZSByZXN1bHQgZmlsZXMuCiMKCnNldCAtZXUKCnNvdXJjZSAkKENEUEFUSD0gY2QgLS0gIiQoZGlybmFtZSAtLSAkezB9KSIgJiYgcHdkKS9jb21tb24uc2gKCmFzc2VydF9yZXF1aXJlZF9jb25maWd1cmF0aW9uX29yX2ZhaWwKCnBoYXNlICJDb2xsZWN0aW5nIGNsb25lZCByZXBvc2l0b3J5IGluZm9ybWF0aW9uICgnJHtjaGVja291dF9kaXJ9JykiCgpjZCAiJHtjaGVja291dF9kaXJ9IiB8fCBmYWlsICJOb3QgYWJsZSB0byBlbnRlciBjaGVja291dC1kaXIgJyR7Y2hlY2tvdXRfZGlyfSciCgpwaGFzZSAiU2V0dGluZyBvdXRwdXQgd29ya3NwYWNlIGFzIHNhZmUgZGlyZWN0b3J5ICgnJHtXT1JLU1BBQ0VTX1JPT1RfUEFUSH0nKSIKZ2l0IGNvbmZpZyAtLWdsb2JhbCAtLWFkZCBzYWZlLmRpcmVjdG9yeSAiJHtXT1JLU1BBQ0VTX1JPT1RfUEFUSH0iCgpyZXN1bHRfc2hhPSIkKGdpdCByZXYtcGFyc2UgSEVBRCkiCnJlc3VsdF9jb21taXR0ZXJfZGF0ZT0iJChnaXQgbG9nIC0xIC0tcHJldHR5PSVjdCkiCgpwaGFzZSAiUmVwb3J0aW5nIGxhc3QgY29tbWl0IGRhdGUgJyR7cmVzdWx0X2NvbW1pdHRlcl9kYXRlfSciCnByaW50ZiAiJXMiICIke3Jlc3VsdF9jb21taXR0ZXJfZGF0ZX0iID4ke1JFU1VMVFNfQ09NTUlUVEVSX0RBVEVfUEFUSH0KCnBoYXNlICJSZXBvcnRpbmcgcGFyc2VkIHJldmlzaW9uIFNIQSAnJHtyZXN1bHRfc2hhfSciCnByaW50ZiAiJXMiICIke3Jlc3VsdF9zaGF9IiA+JHtSRVNVTFRTX0NPTU1JVF9QQVRIfQoKcGhhc2UgIlJlcG9ydGluZyByZXBvc2l0b3J5IFVSTCAnJHtQQVJBTVNfVVJMfSciCnByaW50ZiAiJXMiICIke1BBUkFNU19VUkx9IiA+JHtSRVNVTFRTX1VSTF9QQVRIfQoKZXhpdCAw" |base64 -d >"/scripts/report.sh" + chmod +x /scripts/*.sh;echo "Running Script /scripts/prepare.sh"; + /scripts/prepare.sh;echo "Running Script /scripts/git-run.sh"; + /scripts/git-run.sh;echo "Running Script /scripts/report.sh"; + /scripts/report.sh; + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: user-home + mountPath: "$(params.USER_HOME)" diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-kn-apply/task-kn-apply-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-kn-apply/task-kn-apply-task.yaml new file mode 100644 index 0000000000..27d31fff9f --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-kn-apply/task-kn-apply-task.yaml @@ -0,0 +1,48 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-kn-apply/0.2.2/task-kn-apply.yaml +# +--- +--- +# Source: task-openshift/templates/task-kn-apply.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: kn-apply + labels: + app.kubernetes.io/version: 0.2.2 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-openshift" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/displayName: CLI + tekton.dev/pipelines.minVersion: 0.17.0 + tekton.dev/tags: cli +spec: + description: >- + This task deploys a given image to a Knative Service. + It uses `kn service apply` to create or update given knative service. + + params: + - name: SERVICE + description: Knative service name + - name: IMAGE + description: Image to deploy + + steps: + - name: kn + env: + - name: HOME + value: /tekton/home + image: registry.redhat.io/openshift-serverless-1/client-kn-rhel8:1.11.2-4 + command: ["/ko-app/kn"] + args: + ["service", "apply", "$(params.SERVICE)", "--image", "$(params.IMAGE)"] + securityContext: + runAsNonRoot: true + runAsUser: 65532 diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-kn/task-kn-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-kn/task-kn-task.yaml new file mode 100644 index 0000000000..7927f99643 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-kn/task-kn-task.yaml @@ -0,0 +1,48 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-kn/0.2.2/task-kn.yaml +# +--- +--- +# Source: task-openshift/templates/task-kn.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: kn + labels: + app.kubernetes.io/version: 0.2.2 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-openshift" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/displayName: CLI + tekton.dev/pipelines.minVersion: 0.17.0 + tekton.dev/tags: cli +spec: + description: >- + This Task performs operations on Knative resources + (services, revisions, routes) using kn CLI + + params: + - name: ARGS + type: array + description: kn CLI arguments to run + default: + - "help" + + steps: + - name: kn + env: + - name: HOME + value: /tekton/home + image: registry.redhat.io/openshift-serverless-1/client-kn-rhel8:1.11.2-4 + command: ["/ko-app/kn"] + args: ["$(params.ARGS)"] + securityContext: + runAsNonRoot: true + runAsUser: 65532 diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-maven/task-maven-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-maven/task-maven-task.yaml new file mode 100644 index 0000000000..38c5469e95 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-maven/task-maven-task.yaml @@ -0,0 +1,133 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-maven/0.3.2/task-maven.yaml +# +--- +--- +# Source: task-maven/templates/task-maven.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: maven + labels: + app.kubernetes.io/version: 0.3.2 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-maven" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/categories: containers + tekton.dev/pipelines.minVersion: 0.41.0 + tekton.dev/tags: containers +spec: + description: >- + This Task can be used to run a Maven build. + + workspaces: + - name: source + optional: false + description: The workspace consisting of maven project. + - name: server_secret + optional: true + description: The workspace containing server secrets (username and password) + - name: proxy_secret + optional: true + description: The workspace containing proxy server access credentials (username, password). + - name: proxy_configmap + optional: true + description: The workspace containing some proxy values (proxy_port,proxy_host,proxy_protocol,proxy_non_proxy_hosts) + - name: maven_settings + optional: true + description: The workspace consisting of the custom maven settings provided by the user. + params: + - name: GOALS + description: maven goals to run + type: array + default: + - "package" + - name: MAVEN_MIRROR_URL + description: The Maven repository mirror url + type: string + default: "" + - name: SUBDIRECTORY + type: string + description: >- + The subdirectory within the repository for sources on + which we want to execute maven goals. + default: "." + + stepTemplate: + env: + + - name: PARAMS_MAVEN_MIRROR_URL + value: "$(params.MAVEN_MIRROR_URL)" + - name: PARAMS_SUBDIRECTORY + value: "$(params.SUBDIRECTORY)" + - name: WORKSPACES_SOURCE_PATH + value: "$(workspaces.source.path)" + - name: WORKSPACES_SOURCE_BOUND + value: "$(workspaces.source.bound)" + - name: WORKSPACES_SERVER_SECRET_PATH + value: "$(workspaces.server_secret.path)" + - name: WORKSPACES_SERVER_SECRET_BOUND + value: "$(workspaces.server_secret.bound)" + - name: WORKSPACES_PROXY_SECRET_PATH + value: "$(workspaces.proxy_secret.path)" + - name: WORKSPACES_PROXY_SECRET_BOUND + value: "$(workspaces.proxy_secret.bound)" + - name: WORKSPACES_PROXY_CONFIGMAP_PATH + value: "$(workspaces.proxy_configmap.path)" + - name: WORKSPACES_PROXY_CONFIGMAP_BOUND + value: "$(workspaces.proxy_configmap.bound)" + - name: WORKSPACES_MAVEN_SETTINGS_PATH + value: "$(workspaces.maven_settings.path)" + - name: WORKSPACES_MAVEN_SETTINGS_BOUND + value: "$(workspaces.maven_settings.bound)" + + steps: + - name: maven-generate + image: registry.access.redhat.com/ubi8/ubi-minimal:8.9 + env: + - name: HOME + value: /tekton/home + script: | + set -e + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKZGVjbGFyZSAtcnggTUFWRU5fR0VORVJBVEVfRElSRUNUT1JZPSIke1dPUktTUEFDRVNfU09VUkNFX1BBVEh9LyR7UEFSQU1TX1NVQkRJUkVDVE9SWX0vbWF2ZW4tZ2VuZXJhdGUiCgpkZWNsYXJlIC1yeCBNQVZFTl9TRVRUSU5HU19GSUxFPSIke01BVkVOX0dFTkVSQVRFX0RJUkVDVE9SWX0vc2V0dGluZ3MueG1sIgoKaWYgW1sgLWYgJHtNQVZFTl9TRVRUSU5HU19GSUxFfSBdXTsgdGhlbgogICAgZWNobyAidXNpbmcgZXhpc3RpbmcgJyR7TUFWRU5fU0VUVElOR1NfRklMRX0nIgogICAgY2F0ICR7TUFWRU5fU0VUVElOR1NfRklMRX0KICAgIGV4aXQgMApmaQoKbWtkaXIgIiR7TUFWRU5fR0VORVJBVEVfRElSRUNUT1JZfSIKCiMgQ2hlY2sgaWYgc2V0dGluZ3MueG1sIGV4aXN0cyBpbiB0aGUgd29ya3NwYWNlIG1hdmVuLXNldHRpbmdzCmlmIFtbIC1mICIke1dPUktTUEFDRVNfTUFWRU5fU0VUVElOR1NfUEFUSH0vc2V0dGluZ3MueG1sIiBdXTsgdGhlbgogICAgY3AgIiR7V09SS1NQQUNFU19NQVZFTl9TRVRUSU5HU19QQVRIfS9zZXR0aW5ncy54bWwiICIke01BVkVOX1NFVFRJTkdTX0ZJTEV9IgogICAgZWNobyAiVXNpbmcgJyR7TUFWRU5fU0VUVElOR1NfRklMRX0nIGNvcGllZCBmcm9tIG9wdGlvbmFsIHdvcmtzcGFjZSBtYXZlbi1zZXR0aW5ncyIKICAgIGNhdCAke01BVkVOX1NFVFRJTkdTX0ZJTEV9CiAgICBleGl0IDAKZmkKCmNhdCA+ICIke01BVkVOX1NFVFRJTkdTX0ZJTEV9IiA8PEVPRgo8c2V0dGluZ3M+CiAgICA8c2VydmVycz4KICAgIDwhLS0gVGhlIHNlcnZlcnMgYWRkZWQgaGVyZSBhcmUgZ2VuZXJhdGVkIGZyb20gZW52aXJvbm1lbnQgdmFyaWFibGVzLiBEb24ndCBjaGFuZ2UuIC0tPgogICAgPCEtLSAjIyMgU0VSVkVSJ3MgVVNFUiBJTkZPIGZyb20gRU5WICMjIyAtLT4KICAgIDwvc2VydmVycz4KICAgIDxtaXJyb3JzPgogICAgPCEtLSBUaGUgbWlycm9ycyBhZGRlZCBoZXJlIGFyZSBnZW5lcmF0ZWQgZnJvbSBlbnZpcm9ubWVudCB2YXJpYWJsZXMuIERvbid0IGNoYW5nZS4gLS0+CiAgICA8IS0tICMjIyBtaXJyb3JzIGZyb20gRU5WICMjIyAtLT4KICAgIDwvbWlycm9ycz4KICAgIDxwcm94aWVzPgogICAgPCEtLSBUaGUgcHJveGllcyBhZGRlZCBoZXJlIGFyZSBnZW5lcmF0ZWQgZnJvbSBlbnZpcm9ubWVudCB2YXJpYWJsZXMuIERvbid0IGNoYW5nZS4gLS0+CiAgICA8IS0tICMjIyBIVFRQIHByb3h5IGZyb20gRU5WICMjIyAtLT4KICAgIDwvcHJveGllcz4KPC9zZXR0aW5ncz4KRU9GCgpjYXQgIiR7TUFWRU5fU0VUVElOR1NfRklMRX0iCgp4bWw9IiIKaWYgW1sgIiR7V09SS1NQQUNFU19QUk9YWV9TRUNSRVRfQk9VTkR9IiA9PSAidHJ1ZSIgXV07IHRoZW4KICAgIGlmIHRlc3QgLWYgJHtXT1JLU1BBQ0VTX1BST1hZX1NFQ1JFVF9QQVRIfS91c2VybmFtZSAmJiB0ZXN0IC1mICR7V09SS1NQQUNFU19QUk9YWV9TRUNSRVRfUEFUSH0vcGFzc3dvcmQ7IHRoZW4KICAgIFBBUkFNU19QUk9YWV9VU0VSPSQoY2F0ICR7V09SS1NQQUNFU19QUk9YWV9TRUNSRVRfUEFUSH0vdXNlcm5hbWUpCiAgICBQQVJBTVNfUFJPWFlfUEFTU1dPUkQ9JChjYXQgJHtXT1JLU1BBQ0VTX1BST1hZX1NFQ1JFVF9QQVRIfS9wYXNzd29yZCkKCiAgICAjIEZldGNoaW5nIHByb3h5IGNvbmZpZ3VyYXRpb24gdmFsdWVzIGZyb20gQ29uZmlnTWFwIHdvcmtzcGFjZQogICAgUEFSQU1TX1BST1hZX0hPU1Q9JChjYXQgJHtXT1JLU1BBQ0VTX1BST1hZX0NPTkZJR01BUF9QQVRIfS9wcm94eV9ob3N0KQogICAgUEFSQU1TX1BST1hZX1BPUlQ9JChjYXQgJHtXT1JLU1BBQ0VTX1BST1hZX0NPTkZJR01BUF9QQVRIfS9wcm94eV9wb3J0KQogICAgUEFSQU1TX1BST1hZX1BST1RPQ09MPSQoY2F0ICR7V09SS1NQQUNFU19QUk9YWV9DT05GSUdNQVBfUEFUSH0vcHJveHlfcHJvdG9jb2wpCiAgICBQQVJBTVNfUFJPWFlfTk9OX1BST1hZX0hPU1RTPSQoY2F0ICR7V09SS1NQQUNFU19QUk9YWV9DT05GSUdNQVBfUEFUSH0vcHJveHlfbm9uX3Byb3h5X2hvc3RzKQoKICAgIGlmIFsgLW4gIiR7UEFSQU1TX1BST1hZX0hPU1R9IiAtYSAtbiAiJHtQQVJBTVNfUFJPWFlfUE9SVH0iIF07IHRoZW4KICAgICAgICB4bWw9Ijxwcm94eT5cCiAgICAgICAgPGlkPmdlbnByb3h5PC9pZD5cCiAgICAgICAgPGFjdGl2ZT50cnVlPC9hY3RpdmU+XAogICAgICAgIDxwcm90b2NvbD4ke1BBUkFNU19QUk9YWV9QUk9UT0NPTH08L3Byb3RvY29sPlwKICAgICAgICA8aG9zdD4ke1BBUkFNU19QUk9YWV9IT1NUfTwvaG9zdD5cCiAgICAgICAgPHBvcnQ+JHtQQVJBTVNfUFJPWFlfUE9SVH08L3BvcnQ+IgogICAgICAgIGlmIFsgLW4gIiR7UEFSQU1TX1BST1hZX1VTRVJ9IiAtYSAtbiAiJHtQQVJBTVNfUFJPWFlfUEFTU1dPUkR9IiBdOyB0aGVuCiAgICAgICAgICAgIHhtbD0iJHhtbFwKICAgICAgICAgICAgPHVzZXJuYW1lPiR7UEFSQU1TX1BST1hZX1VTRVJ9PC91c2VybmFtZT5cCiAgICAgICAgICAgIDxwYXNzd29yZD4ke1BBUkFNU19QUk9YWV9QQVNTV09SRH08L3Bhc3N3b3JkPiIKICAgICAgICBmaQogICAgICAgIGlmIFsgLW4gIiR7UEFSQU1TX1BST1hZX05PTl9QUk9YWV9IT1NUU30iIF07IHRoZW4KICAgICAgICAgICAgeG1sPSIkeG1sXAogICAgICAgICAgICA8bm9uUHJveHlIb3N0cz4ke1BBUkFNU19QUk9YWV9OT05fUFJPWFlfSE9TVFN9PC9ub25Qcm94eUhvc3RzPiIKICAgICAgICBmaQogICAgICAgIHhtbD0iJHhtbFwKICAgICAgICA8L3Byb3h5PiIKICAgICAgICBzZWQgLWkgInN8PCEtLSAjIyMgSFRUUCBwcm94eSBmcm9tIEVOViAjIyMgLS0+fCR4bWx8IiAke01BVkVOX1NFVFRJTkdTX0ZJTEV9CiAgICBmaQogICAgZWxzZQogICAgICAgIGVjaG8gIm5vICd1c2VybmFtZScgb3IgJ3Bhc3N3b3JkJyBmaWxlIGZvdW5kIGF0IHdvcmtzcGFjZSBwcm94eV9zZWNyZXQiCiAgICAgICAgZXhpdCAxCiAgICBmaQpmaQoKaWYgW1sgIiR7V09SS1NQQUNFU19TRVJWRVJfU0VDUkVUX0JPVU5EfSIgPT0gInRydWUiIF1dOyB0aGVuCiAgICBpZiB0ZXN0IC1mICR7V09SS1NQQUNFU19TRVJWRVJfU0VDUkVUX1BBVEh9L3VzZXJuYW1lICYmIHRlc3QgLWYke1dPUktTUEFDRVNfU0VSVkVSX1NFQ1JFVF9QQVRIfS9wYXNzd29yZDsgdGhlbgoJU0VSVkVSX1VTRVI9JChjYXQgJHtXT1JLU1BBQ0VTX1NFUlZFUl9TRUNSRVRfUEFUSH0vdXNlcm5hbWUpCglTRVJWRVJfUEFTU1dPUkQ9JChjYXQgJHtXT1JLU1BBQ0VTX1NFUlZFUl9TRUNSRVRfUEFUSH0vcGFzc3dvcmQpCglpZiBbIC1uICIke1NFUlZFUl9VU0VSfSIgLWEgLW4gIiR7U0VSVkVSX1BBU1NXT1JEfSIgXTsgdGhlbgoJICAgIHhtbD0iPHNlcnZlcj5cCiAgICAgICAgPGlkPnNlcnZlcmlkPC9pZD4iCgkgICAgeG1sPSIkeG1sXAogICAgICAgIDx1c2VybmFtZT4ke1NFUlZFUl9VU0VSfTwvdXNlcm5hbWU+XAogICAgICAgIDxwYXNzd29yZD4ke1NFUlZFUl9QQVNTV09SRH08L3Bhc3N3b3JkPiIKCSAgICB4bWw9IiR4bWxcCiAgICAgICAgPC9zZXJ2ZXI+IgoJICAgIHNlZCAtaSAic3w8IS0tICMjIyBTRVJWRVIncyBVU0VSIElORk8gZnJvbSBFTlYgIyMjIC0tPnwkeG1sfCIgJHtNQVZFTl9TRVRUSU5HU19GSUxFfQoJICAgIGVjaG8gIlNFUlZFUiBDcmVkcyBVcGRhdGVkIgoJZmkKICAgIGVsc2UKCWVjaG8gIm5vICd1c2VyJyBvciAncGFzc3dvcmQnIGZpbGUgZm91bmQgYXQgd29ya3NwYWNlIHNlcnZlcl9zZWNyZXQiCiAgICAgICAgZXhpdCAxCiAgICBmaQpmaQoKaWYgWyAtbiAiJHtQQVJBTVNfTUFWRU5fTUlSUk9SX1VSTH0iIF07IHRoZW4KICAgIHhtbD0iICAgIDxtaXJyb3I+XAogICAgPGlkPm1pcnJvci5kZWZhdWx0PC9pZD5cCiAgICA8dXJsPiR7UEFSQU1TX01BVkVOX01JUlJPUl9VUkx9PC91cmw+XAogICAgPG1pcnJvck9mPmNlbnRyYWw8L21pcnJvck9mPlwKICAgIDwvbWlycm9yPiIKICAgIHNlZCAtaSAic3w8IS0tICMjIyBtaXJyb3JzIGZyb20gRU5WICMjIyAtLT58JHhtbHwiICR7TUFWRU5fU0VUVElOR1NfRklMRX0KZmkK" |base64 -d >"/scripts/maven-generate.sh" + chmod +x /scripts/maven-*.sh;echo "Running Script /scripts/maven-generate.sh"; + /scripts/maven-generate.sh; + securityContext: + runAsNonRoot: true + runAsUser: 65532 + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: maven-settings-dir + mountPath: /maven-generate + + - name: maven-goals + env: + - name: HOME + value: /tekton/home + image: registry.access.redhat.com/ubi8/openjdk-11:latest + workingDir: $(workspaces.source.path)/$(params.SUBDIRECTORY) + command: ["/usr/bin/mvn"] + args: + - -s + - maven-generate/settings.xml + - "$(params.GOALS[*])" + securityContext: + runAsNonRoot: true + runAsUser: 65532 + volumeMounts: + - name: maven-settings-dir + mountPath: /maven-generate + + volumes: + - name: scripts-dir + emptyDir: {} + - name: maven-settings-dir + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-openshift-client/task-openshift-client-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-openshift-client/task-openshift-client-task.yaml new file mode 100644 index 0000000000..3282d1a521 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-openshift-client/task-openshift-client-task.yaml @@ -0,0 +1,93 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-openshift-client/0.2.2/task-openshift-client.yaml +# +--- +--- +# Source: task-openshift/templates/task-openshift-client.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: openshift-client + labels: + app.kubernetes.io/version: 0.2.2 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-openshift" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/displayName: CLI + tekton.dev/pipelines.minVersion: 0.17.0 + tekton.dev/tags: cli +spec: + description: >- + This task runs commands against the cluster provided by user + and if not provided then where the Task is being executed. + + OpenShift is a Kubernetes distribution from Red Hat which provides oc, + the OpenShift CLI that complements kubectl for simplifying deployment + and configuration applications on OpenShift. + + workspaces: + - name: manifest_dir + optional: true + description: >- + The workspace which contains kubernetes manifests which we want to apply on the cluster. + - name: kubeconfig_dir + optional: true + description: >- + The workspace which contains the the kubeconfig file if in case we want to run the oc command on another cluster. + + params: + - name: SCRIPT + description: The OpenShift CLI arguments to run + type: string + default: "oc help" + - name: VERSION + description: The OpenShift Version to use + type: string + default: "latest" + + stepTemplate: + env: + + - name: PARAMS_SCRIPT + value: "$(params.SCRIPT)" + - name: PARAMS_VERSION + value: "$(params.VERSION)" + - name: WORKSPACES_MANIFEST_DIR_BOUND + value: "$(workspaces.manifest_dir.bound)" + - name: WORKSPACES_MANIFEST_DIR_PATH + value: "$(workspaces.manifest_dir.path)" + - name: WORKSPACES_KUBECONFIG_DIR_BOUND + value: "$(workspaces.kubeconfig_dir.bound)" + - name: WORKSPACES_KUBECONFIG_DIR_PATH + value: "$(workspaces.kubeconfig_dir.path)" + + steps: + - name: oc + image: registry.redhat.io/openshift4/ose-cli@sha256:3d5b31cc3fbf878015e5c3ed1d48379d74b15b77a1a823024a7a2b7cd5e2e86d + env: + - name: HOME + value: /tekton/home + script: | + set -e + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQoK" |base64 -d >"/scripts/common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKc2hvcHQgLXMgaW5oZXJpdF9lcnJleGl0CnNldCAtZXUgLW8gcGlwZWZhaWwKCnNvdXJjZSAiJChkaXJuYW1lICR7QkFTSF9TT1VSQ0VbMF19KS9jb21tb24uc2giCnNvdXJjZSAiJChkaXJuYW1lICR7QkFTSF9TT1VSQ0VbMF19KS9vYy1jb21tb24uc2giCgpbWyAiJHtXT1JLU1BBQ0VTX01BTklGRVNUX0RJUl9CT1VORH0iID09ICJ0cnVlIiBdXSAmJiBcCiAgICAgIGNkICR7V09SS1NQQUNFU19NQU5JRkVTVF9ESVJfUEFUSH0KCltbICIke1dPUktTUEFDRVNfS1VCRUNPTkZJR19ESVJfQk9VTkR9IiA9PSAidHJ1ZSIgXV0gJiYgXApbWyAtZiAke1dPUktTUEFDRVNfS1VCRUNPTkZJR19ESVJfUEFUSH0va3ViZWNvbmZpZyBdXSAmJiBcCmV4cG9ydCBLVUJFQ09ORklHPSR7V09SS1NQQUNFU19LVUJFQ09ORklHX0RJUl9QQVRIfS9rdWJlY29uZmlnCgpldmFsICIke1BBUkFNU19TQ1JJUFR9IgoK" |base64 -d >"/scripts/oc-client.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKCmRlY2xhcmUgLXJ4IFBBUkFNU19TQ1JJUFQ9IiR7UEFSQU1TX1NDUklQVDotfSIKZGVjbGFyZSAtcnggUEFSQU1TX1ZFUlNJT049IiR7UEFSQU1TX1ZFUlNJT046LX0iCgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX01BTklGRVNUX0RJUl9QQVRIPSIke1dPUktTUEFDRVNfTUFOSUZFU1RfRElSX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFdPUktTUEFDRVNfTUFOSUZFU1RfRElSX0JPVU5EPSIke1dPUktTUEFDRVNfTUFOSUZFU1RfRElSX0JPVU5EOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX0tVQkVDT05GSUdfRElSX1BBVEg9IiR7V09SS1NQQUNFU19LVUJFQ09ORklHX0RJUl9QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX0tVQkVDT05GSUdfRElSX0JPVU5EPSIke1dPUktTUEFDRVNfS1VCRUNPTkZJR19ESVJfQk9VTkQ6LX0iCgojCiMgQXNzZXJ0aW5nIEVudmlyb25tZW50CiMKCmV4cG9ydGVkX29yX2ZhaWwgXAogICAgV09SS1NQQUNFU19NQU5JRkVTVF9ESVJfQk9VTkQgXAogICAgV09SS1NQQUNFU19LVUJFQ09ORklHX0RJUl9CT1VORCBcCiAgICBQQVJBTVNfU0NSSVBUIFwKICAgIFBBUkFNU19WRVJTSU9OCg==" |base64 -d >"/scripts/oc-common.sh" + chmod +x /scripts/oc-*.sh;echo "Running Script /scripts/oc-client.sh"; + /scripts/oc-client.sh $@; + securityContext: + runAsNonRoot: true + runAsUser: 65532 + volumeMounts: + - name: scripts-dir + mountPath: /scripts + + volumes: + - name: scripts-dir + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-s2i-dotnet/task-s2i-dotnet-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-s2i-dotnet/task-s2i-dotnet-task.yaml new file mode 100644 index 0000000000..2fdf6242a0 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-s2i-dotnet/task-s2i-dotnet-task.yaml @@ -0,0 +1,197 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-s2i-dotnet/0.4.1/task-s2i-dotnet.yaml +# +--- +--- +# Source: task-containers/templates/task-s2i-dotnet.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: s2i-dotnet + labels: + app.kubernetes.io/version: 0.4.1 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-containers" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/categories: containers + tekton.dev/pipelines.minVersion: 0.41.0 + tekton.dev/tags: containers +spec: + description: | + Builds the source code using the s2i's dotnet builder-image + "image-registry.openshift-image-registry.svc:5000/openshift/dotnet". + + + workspaces: + - name: source + optional: false + description: | + Application source code, the build context for S2I workflow. + - name: dockerconfig + optional: true + description: >- + An optional workspace that allows providing a .docker/config.json file for Buildah to access the container registry. + The file should be placed at the root of the Workspace with name config.json. + + params: + - name: IMAGE + type: string + description: | + Fully qualified container image name to be built by s2i. + - name: VERSION + description: The tag of the imagestream for the corresponding language version + default: latest + type: string + - name: IMAGE_SCRIPTS_URL + type: string + default: image:///usr/libexec/s2i + description: | + Specify a URL containing the default assemble and run scripts for the builder image + - name: ENV_VARS + type: array + default: [] + description: | + Array containing string of Environment Variables as "KEY=VALUE" + - name: CONTEXT + type: string + default: "." + description: | + Path to the directory to use as context. + - name: STORAGE_DRIVER + type: string + default: vfs + description: | + Set buildah storage driver to reflect the currrent cluster node's + settings. + - name: FORMAT + description: The format of the built container, oci or docker + default: "oci" + - name: BUILD_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the build command when building images. + - name: PUSH_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the push command when pushing images. + - name: SKIP_PUSH + default: "false" + description: | + Skip pushing the image to the container registry. + - name: TLS_VERIFY + type: string + default: "true" + description: | + Sets the TLS verification flag, `true` is recommended. + - name: VERBOSE + type: string + default: "false" + description: | + Turns on verbose logging, all commands executed will be printed out. + + results: + - name: IMAGE_URL + description: | + Fully qualified image name. + - name: IMAGE_DIGEST + description: | + Digest of the image just built. + + stepTemplate: + env: + + - name: PARAMS_IMAGE + value: "$(params.IMAGE)" + - name: PARAMS_VERSION + value: "$(params.VERSION)" + - name: PARAMS_IMAGE_SCRIPTS_URL + value: "$(params.IMAGE_SCRIPTS_URL)" + - name: PARAMS_CONTEXT + value: "$(params.CONTEXT)" + - name: PARAMS_FORMAT + value: "$(params.FORMAT)" + - name: PARAMS_STORAGE_DRIVER + value: "$(params.STORAGE_DRIVER)" + - name: PARAMS_BUILD_EXTRA_ARGS + value: "$(params.BUILD_EXTRA_ARGS)" + - name: PARAMS_PUSH_EXTRA_ARGS + value: "$(params.PUSH_EXTRA_ARGS)" + - name: PARAMS_SKIP_PUSH + value: "$(params.SKIP_PUSH)" + - name: PARAMS_TLS_VERIFY + value: "$(params.TLS_VERIFY)" + - name: PARAMS_VERBOSE + value: "$(params.VERBOSE)" + - name: WORKSPACES_SOURCE_BOUND + value: "$(workspaces.source.bound)" + - name: WORKSPACES_SOURCE_PATH + value: "$(workspaces.source.path)" + - name: WORKSPACES_DOCKERCONFIG_BOUND + value: "$(workspaces.dockerconfig.bound)" + - name: WORKSPACES_DOCKERCONFIG_PATH + value: "$(workspaces.dockerconfig.path)" + - name: RESULTS_IMAGE_URL_PATH + value: "$(results.IMAGE_URL.path)" + - name: RESULTS_IMAGE_DIGEST_PATH + value: "$(results.IMAGE_DIGEST.path)" + + steps: + - name: s2i-generate + image: registry.access.redhat.com/source-to-image/source-to-image-rhel8:v1.3.9-6 + workingDir: $(workspaces.source.path) + env: + - name: S2I_BUILDER_IMAGE + value: "image-registry.openshift-image-registry.svc:5000/openshift/dotnet:$(params.VERSION)" + script: | + set -e + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgV3JhcHBlciBhcm91bmQgImJ1aWxkYWggYnVkIiB0byBidWlsZCBhbmQgcHVzaCBhIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiBhIERvY2tlcmZpbGUuCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvYnVpbGRhaC1jb21tb24uc2giCgpmdW5jdGlvbiBfYnVpbGRhaCgpIHsKICAgIGJ1aWxkYWggXAogICAgICAgIC0tc3RvcmFnZS1kcml2ZXI9IiR7UEFSQU1TX1NUT1JBR0VfRFJJVkVSfSIgXAogICAgICAgIC0tdGxzLXZlcmlmeT0iJHtQQVJBTVNfVExTX1ZFUklGWX0iIFwKICAgICAgICAkeyp9Cn0KCiMKIyBQcmVwYXJlCiMKCiMgbWFraW5nIHN1cmUgdGhlIHJlcXVpcmVkIHdvcmtzcGFjZSAic291cmNlIiBpcyBib3VuZGVkLCB3aGljaCBtZWFucyBpdHMgdm9sdW1lIGlzIGN1cnJlbnRseSBtb3VudGVkCiMgYW5kIHJlYWR5IHRvIHVzZQpwaGFzZSAiSW5zcGVjdGluZyBzb3VyY2Ugd29ya3NwYWNlICcke1dPUktTUEFDRVNfU09VUkNFX1BBVEh9JyAoUFdEPScke1BXRH0nKSIKW1sgIiR7V09SS1NQQUNFU19TT1VSQ0VfQk9VTkR9IiAhPSAidHJ1ZSIgXV0gJiYKICAgIGZhaWwgIldvcmtzcGFjZSAnc291cmNlJyBpcyBub3QgYm91bmRlZCIKCnBoYXNlICJBc3NlcnRpbmcgdGhlIGRvY2tlcmZpbGUvY29udGFpbmVyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyBleGlzdHMiCltbICEgLWYgIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgIkRvY2tlcmZpbGUgbm90IGZvdW5kIGF0OiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJDT05URVhUIHBhcmFtIGlzIG5vdCBmb3VuZCBhdCAnJHtQQVJBTVNfQ09OVEVYVH0nLCBvbiBzb3VyY2Ugd29ya3NwYWNlIgoKcGhhc2UgIkJ1aWxkaW5nIGJ1aWxkIGFyZ3MiCkJVSUxEX0FSR1M9KCkKZm9yIGJ1aWxkYXJnIGluICIkQCI7IGRvCiAgICBCVUlMRF9BUkdTKz0oIi0tYnVpbGQtYXJnPSRidWlsZGFyZyIpCmRvbmUKCiMgSGFuZGxlIG9wdGlvbmFsIGRvY2tlcmNvbmZpZyBzZWNyZXQKaWYgW1sgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfQk9VTkR9IiA9PSAidHJ1ZSIgXV07IHRoZW4KCiAgICAjIGlmIGNvbmZpZy5qc29uIGV4aXN0cyBhdCB3b3Jrc3BhY2Ugcm9vdCwgd2UgdXNlIHRoYXQKICAgIGlmIHRlc3QgLWYgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0vY29uZmlnLmpzb24iOyB0aGVuCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0iCgogICAgICAgICMgZWxzZSB3ZSBsb29rIGZvciAuZG9ja2VyY29uZmlnanNvbiBhdCB0aGUgcm9vdAogICAgZWxpZiB0ZXN0IC1mICIke1dPUktTUEFDRVNfRE9DS0VSQ09ORklHX1BBVEh9Ly5kb2NrZXJjb25maWdqc29uIjsgdGhlbgogICAgICAgICMgZW5zdXJlIC5kb2NrZXIgZXhpc3QgYmVmb3JlIHRoZSBjb3B5aW5nIHRoZSBjb250ZW50CiAgICAgICAgaWYgWyAhIC1kICIkSE9NRS8uZG9ja2VyIiBdOyB0aGVuCiAgICAgICAgICAgbWtkaXIgLXAgIiRIT01FLy5kb2NrZXIiCiAgICAgICAgZmkKICAgICAgICBjcCAiJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIfS8uZG9ja2VyY29uZmlnanNvbiIgIiRIT01FLy5kb2NrZXIvY29uZmlnLmpzb24iCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiRIT01FLy5kb2NrZXIiCgogICAgICAgICMgbmVlZCB0byBlcnJvciBvdXQgaWYgbmVpdGhlciBmaWxlcyBhcmUgcHJlc2VudAogICAgZWxzZQogICAgICAgIGVjaG8gIm5laXRoZXIgJ2NvbmZpZy5qc29uJyBub3IgJy5kb2NrZXJjb25maWdqc29uJyBmb3VuZCBhdCB3b3Jrc3BhY2Ugcm9vdCIKICAgICAgICBleGl0IDEKICAgIGZpCmZpCgpFTlRJVExFTUVOVF9WT0xVTUU9IiIKaWYgW1sgIiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX0JPVU5EfSIgPT0gInRydWUiIF1dOyB0aGVuCiAgICBFTlRJVExFTUVOVF9WT0xVTUU9Ii0tdm9sdW1lICR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEh9Oi9ldGMvcGtpL2VudGl0bGVtZW50IgpmaQoKIwojIEJ1aWxkCiMKCnBoYXNlICJCdWlsZGluZyAnJHtQQVJBTVNfSU1BR0V9JyBiYXNlZCBvbiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCltbIC1uICIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX0JVSUxEX0VYVFJBX0FSR1N9JyIKCl9idWlsZGFoIGJ1ZCAke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSBcCiAgICAkRU5USVRMRU1FTlRfVk9MVU1FIFwKICAgICIke0JVSUxEX0FSR1NbQF19IiBcCiAgICAtLWZpbGU9IiR7RE9DS0VSRklMRV9GVUxMfSIgXAogICAgLS10YWc9IiR7UEFSQU1TX0lNQUdFfSIgXAogICAgIiR7UEFSQU1TX0NPTlRFWFR9IgoKaWYgW1sgIiR7UEFSQU1TX1NLSVBfUFVTSH0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgcGhhc2UgIlNraXBwaW5nIHB1c2hpbmcgJyR7UEFSQU1TX0lNQUdFfScgdG8gdGhlIGNvbnRhaW5lciByZWdpc3RyeSEiCiAgICBleGl0IDAKZmkKCiMKIyBQdXNoCiMKCnBoYXNlICJQdXNoaW5nICcke1BBUkFNU19JTUFHRX0nIHRvIHRoZSBjb250YWluZXIgcmVnaXN0cnkiCgpbWyAtbiAiJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX1BVU0hfRVhUUkFfQVJHU30nIgoKIyB0ZW1wb3JhcnkgZmlsZSB0byBzdG9yZSB0aGUgaW1hZ2UgZGlnZXN0LCBpbmZvcm1hdGlvbiBvbmx5IG9idGFpbmVkIGFmdGVyIHB1c2hpbmcgdGhlIGltYWdlIHRvIHRoZQojIGNvbnRhaW5lciByZWdpc3RyeQpkZWNsYXJlIC1yIGRpZ2VzdF9maWxlPSIvdG1wL2J1aWxkYWgtZGlnZXN0LnR4dCIKCl9idWlsZGFoIHB1c2ggJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSBcCiAgICAtLWRpZ2VzdGZpbGU9IiR7ZGlnZXN0X2ZpbGV9IiBcCiAgICAiJHtQQVJBTVNfSU1BR0V9IiBcCiAgICAiZG9ja2VyOi8vJHtQQVJBTVNfSU1BR0V9IgoKIwojIFJlc3VsdHMKIwoKcGhhc2UgIkluc3BlY3RpbmcgZGlnZXN0IHJlcG9ydCAoJyR7ZGlnZXN0X2ZpbGV9JykiCgpbWyAhIC1yICIke2RpZ2VzdF9maWxlfSIgXV0gJiYKICAgIGZhaWwgIlVuYWJsZSB0byBmaW5kIGRpZ2VzdC1maWxlIGF0ICcke2RpZ2VzdF9maWxlfSciCgpkZWNsYXJlIC1yIGRpZ2VzdF9zdW09IiQoY2F0ICR7ZGlnZXN0X2ZpbGV9KSIKCltbIC16ICIke2RpZ2VzdF9zdW19IiBdXSAmJgogICAgZmFpbCAiRGlnZXN0IGZpbGUgJyR7ZGlnZXN0X2ZpbGV9JyBpcyBlbXB0eSEiCgpwaGFzZSAiU3VjY2Vzc2Z1bHkgYnVpbHQgY29udGFpbmVyIGltYWdlICcke1BBUkFNU19JTUFHRX0nICgnJHtkaWdlc3Rfc3VtfScpIgplY2hvIC1uICIke1BBUkFNU19JTUFHRX0iIHwgdGVlICR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSH0KZWNobyAtbiAiJHtkaWdlc3Rfc3VtfSIgfCB0ZWUgJHtSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIfQo=" |base64 -d >"/scripts/buildah-bud.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKZGVjbGFyZSAtcnggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKZGVjbGFyZSAtcnggUEFSQU1TX0RPQ0tFUkZJTEU9IiR7UEFSQU1TX0RPQ0tFUkZJTEU6LX0iCmRlY2xhcmUgLXggUEFSQU1TX0NPTlRFWFQ9IiR7UEFSQU1TX0NPTlRFWFQ6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TVE9SQUdFX0RSSVZFUj0iJHtQQVJBTVNfU1RPUkFHRV9EUklWRVI6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19CVUlMRF9FWFRSQV9BUkdTPSIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTOi19IgpkZWNsYXJlIC1yeCBQQVJBTVNfUFVTSF9FWFRSQV9BUkdTPSIke1BBUkFNU19QVVNIX0VYVFJBX0FSR1M6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TS0lQX1BVU0g9IiR7UEFSQU1TX1NLSVBfUFVTSDotfSIKZGVjbGFyZSAtcnggUEFSQU1TX1RMU19WRVJJRlk9IiR7UEFSQU1TX1RMU19WRVJJRlk6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19WRVJCT1NFPSIke1BBUkFNU19WRVJCT1NFOi19IgoKZGVjbGFyZSAtcnggV09SS1NQQUNFU19TT1VSQ0VfUEFUSD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg9IiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFdPUktTUEFDRVNfUkhFTF9FTlRJVExFTUVOVF9CT1VORD0iJHtXT1JLU1BBQ0VTX1JIRUxfRU5USVRMRU1FTlRfQk9VTkQ6LX0iCgpkZWNsYXJlIC1yeCBSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIPSIke1JFU1VMVFNfSU1BR0VfRElHRVNUX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFJFU1VMVFNfSU1BR0VfVVJMX1BBVEg9IiR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSDotfSIKCiMKIyBEb2NrZXJmaWxlCiMKCiMgZXhwb3NpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUsIHdoaWNoIGJ5IGRlZmF1bHQgc2hvdWxkIGJlIHJlbGF0aXZlIHRvIHRoZSBwcmltYXJ5CiMgd29ya3NwYWNlLCB0byByZWNlaXZlIGEgZGlmZmVyZW50IGNvbnRhaW5lci1maWxlIGxvY2F0aW9uCmRlY2xhcmUgLXIgZG9ja2VyZmlsZV9vbl93cz0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19ET0NLRVJGSUxFfSIKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7RE9DS0VSRklMRV9GVUxMOi0ke2RvY2tlcmZpbGVfb25fd3N9fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKW1sgLXogIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgInVuYWJsZSB0byBmaW5kIHRoZSBEb2NrZXJmaWxlLCBET0NLRVJGSUxFIG1heSBoYXZlIGFuIGluY29ycmVjdCBsb2NhdGlvbiIKCmV4cG9ydGVkX29yX2ZhaWwgXAogICAgV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBcCiAgICBQQVJBTVNfSU1BR0UKCiMKIyBWZXJib3NlIE91dHB1dAojCgppZiBbWyAiJHtQQVJBTVNfVkVSQk9TRX0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgc2V0IC14CmZpCg==" |base64 -d >"/scripts/buildah-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + ls /scripts/buildah-*.sh; + chmod +x /scripts/buildah-*.sh; + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVXNlcyB0aGUgRG9ja2VyZmlsZSBnZW5lcmF0ZWQgYnkgczJpIHRvIGFzc2VtYmxlIGEgbmV3IGNvbnRhaW5lciBpbWFnZSB1c2luZyBidWlsZGFoLgojCgpzaG9wdCAtcyBpbmhlcml0X2VycmV4aXQKc2V0IC1ldSAtbyBwaXBlZmFpbAoKZGVjbGFyZSAtciBjdXJfZGlyPSIkKGRpcm5hbWUgJHtCQVNIX1NPVVJDRVswXX0pIgoKc291cmNlICIke2N1cl9kaXJ9L2NvbW1vbi5zaCIKc291cmNlICIke2N1cl9kaXJ9L3MyaS1jb21tb24uc2giCgojIGxvYWRpbmcgYnVpbGRhaCBzZXR0aW5ncyBvdmVyd3JpdHRpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7UzJJX0RPQ0tFUkZJTEV9Igpzb3VyY2UgIiR7Y3VyX2Rpcn0vYnVpbGRhaC1jb21tb24uc2giCgpwaGFzZSAiQ2hhbmdpbmcgJFBBUkFNU19DT05URVhUIHRvIHBvaW50IHRvIHByZXNlbnQgd29ya2luZyBkaXJlY3RvcnkiCltbICIkUEFSQU1TX0NPTlRFWFQiICE9ICIuIiBdXSAmJiAKICAgIFBBUkFNU19DT05URVhUPSIuIgoKcGhhc2UgIkluc3BlY3RpbmcgY29udGV4dCAnJHtQQVJBTVNfQ09OVEVYVH0nIgpbWyAhIC1kICIke1BBUkFNU19DT05URVhUfSIgXV0gJiYKICAgIGZhaWwgIkFwcGxpY2F0aW9uIHNvdXJjZSBjb2RlIGRpcmVjdG9yeSBub3QgZm91bmQgYXQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKCnBoYXNlICJCdWlsZGluZyB0aGUgRG9ja2VyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyB3aXRoIGJ1aWxkYWgiCmV4ZWMgJHtjdXJfZGlyfS9idWlsZGFoLWJ1ZC5zaAo=" |base64 -d >"/scripts/s2i-build.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0YXJnZXQgaW1hZ2UgbmFtZSAoZnVsbHkgcXVhbGlmaWVkKSB0byBiZSBidWlsZCB3aXRoIHMyaSwgcmVkZWNsYXJpbmcgdGhlIHNhbWUgcGFyYW1ldGVyIG5hbWUgdGhhbgojIGJ1aWxkYWggdGFzayB1c2VzCmRlY2xhcmUgLXggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKIyBTcGVjaWZ5IGEgVVJMIGNvbnRhaW5pbmcgdGhlIGRlZmF1bHQgYXNzZW1ibGUgYW5kIHJ1biBzY3JpcHRzIGZvciB0aGUgYnVpbGRlciBpbWFnZQpkZWNsYXJlIC1yeCBQQVJBTVNfSU1BR0VfU0NSSVBUU19VUkw9IiR7UEFSQU1TX0lNQUdFX1NDUklQVFNfVVJMOi19IgoKIyB2b2x1bWUgbW91bnQgb3IgZGlyZWN0b3J5IHJlc3BvbnNpYmxlIGZvciBob2xkaW5nIGZpbGVzIAojIGxpa2UgZW52LCBEb2NrZXJmaWxlIGFuZCBhbnkgb3RoZXJzIG5lZWRlZCB0byBzdXBwb3J0IHMyaQpkZWNsYXJlIC1yeCBTMklfR0VORVJBVEVfRElSRUNUT1JZPSIke1MySV9HRU5FUkFURV9ESVJFQ1RPUlk6LS9zMmktZ2VuZXJhdGV9IgoKIyBmdWxsIHBhdGggdG8gdGhlIGNvbnRhaW5lciBmaWxlIGdlbmVyYXRlZCBieSBzMmkKZGVjbGFyZSAtcnggUzJJX0RPQ0tFUkZJTEU9IiR7UzJJX0RPQ0tFUkZJTEU6LSR7UzJJX0dFTkVSQVRFX0RJUkVDVE9SWX0vRG9ja2VyZmlsZS5nZW59IgoKIyBmdWxsIHBhdGggdG8gdGhlIGVudiBmaWxlIHVzZWQgd2l0aCB0aGUgLS1lbnZpcm9ubWVudC1maWxlIHBhcmFtZXRlciBvZiBzMmkKZGVjbGFyZSAtcnggUzJJX0VOVklST05NRU5UX0ZJTEU9IiR7UzJJX0VOVklST05NRU5UX0ZJTEU6LSR7UzJJX0dFTkVSQVRFX0RJUkVDVE9SWX0vZW52fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKZXhwb3J0ZWRfb3JfZmFpbCBcCiAgICBXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIIFwKICAgIFBBUkFNU19JTUFHRQoKIwojIFZlcmJvc2UgT3V0cHV0CiMKCmRlY2xhcmUgLXggUzJJX0xPR0xFVkVMPSIwIgoKaWYgW1sgIiR7UEFSQU1TX1ZFUkJPU0V9IiA9PSAidHJ1ZSIgXV07IHRoZW4KICAgIFMySV9MT0dMRVZFTD0iMiIKICAgIHNldCAteApmaQo=" |base64 -d >"/scripts/s2i-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVXNlcyBzMmkgdG8gZ2VuZXJhdGUgdGhlIHJlcGVzY3RpdmUgQ29udGFpbmVyZmlsZSBiYXNlZCBvbiB0aGUgaW5mb21yZWQgYnVpbGRlci4gVGhlIENvbnRhaW5lcmZpbGUKIyBpcyBzdG9yZWQgb24gYSB0ZW1wb3JhcnkgbG9jYXRpb24uCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvczJpLWNvbW1vbi5zaCIKCiMgczJpIGJ1aWxkZXIgaW1hZ2UgbmFtZSAoZnVsbHkgcXVhbGlmaWVkKQpkZWNsYXJlIC1yeCBTMklfQlVJTERFUl9JTUFHRT0iJHtTMklfQlVJTERFUl9JTUFHRTotfSIKCiMgdGFrZXMgdGhlIHZhbHVlcyBpbiBhcmd1bWVudCBFTlZfVkFSUyBhbmQgY3JlYXRlcyBhbiBhcnJheSB1c2luZyB0aG9zZSB2YWx1ZXMKZGVjbGFyZSAtcmEgRU5WX1ZBUlM9KCR7QH0pCgojIHJlLXVzaW5nIHRoZSBzYW1lIHBhcmFtZXRlcnMgdGhhbiBidWlsZGFoLCBzMmkgbmVlZHMgYnVpbGRhaCBhYmlsaXRpZXMgdG8gY3JlYXRlIHRoZSBmaW5hbAojIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiB3aGF0IHMyaSBnZW5lcmF0ZXMKc291cmNlICIkKGRpcm5hbWUgJHtCQVNIX1NPVVJDRVswXX0pL2J1aWxkYWgtY29tbW9uLnNoIgoKIwojIFByZXBhcmUKIwoKIyBtYWtpbmcgc3VyZSB0aGUgcmVxdWlyZWQgd29ya3NwYWNlICJzb3VyY2UiIGlzIGJvdW5kZWQsIHdoaWNoIG1lYW5zIGl0cyB2b2x1bWUgaXMgY3VycmVudGx5IG1vdW50ZWQKIyBhbmQgcmVhZHkgdG8gdXNlCnBoYXNlICJJbnNwZWN0aW5nIHNvdXJjZSB3b3Jrc3BhY2UgJyR7V09SS1NQQUNFU19TT1VSQ0VfUEFUSH0nIChQV0Q9JyR7UFdEfScpIgpbWyAiJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORH0iICE9ICJ0cnVlIiBdXSAmJgogICAgZmFpbCAiV29ya3NwYWNlICdzb3VyY2UnIGlzIG5vdCBib3VuZGVkIgoKcGhhc2UgIkFwcGVuZGluZyAkUEFSQU1TX0NPTlRFWFQgd2l0aCAkV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBpZiBpdCdzIHJlbGF0aXZlIgpbWyAiJFBBUkFNU19DT05URVhUIiAhPSAiLiIgJiYgIiRQQVJBTVNfQ09OVEVYVCIgIT0gLyogXV0gJiYgCiAgICBQQVJBTVNfQ09OVEVYVD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19DT05URVhUfSIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJBcHBsaWNhdGlvbiBzb3VyY2UgY29kZSBkaXJlY3Rvcnkgbm90IGZvdW5kIGF0ICcke1BBUkFNU19DT05URVhUfSciCgpwaGFzZSAiQWRkaW5nIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdG8gJyR7UzJJX0VOVklST05NRU5UX0ZJTEV9JyIKCiMgYWRkIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdGhhdCBhcmUgc2VudCBhcyBjb21tYW5kIGxpbmUgYXJndW1lbnRzIGZyb20gRU5WX1ZBUlMgcGFyYW1ldGVyCnRvdWNoICIke1MySV9FTlZJUk9OTUVOVF9GSUxFfSIKaWYgWyAkeyNFTlZfVkFSU1tAXX0gLWd0IDAgXTsgdGhlbgogICAgZm9yIGVudl92YXIgaW4gIiR7RU5WX1ZBUlNbQF19IjsgZG8KICAgICAgICBlY2hvICIke2Vudl92YXJ9IiA+PiAiJHtTMklfRU5WSVJPTk1FTlRfRklMRX0iCiAgICBkb25lCmZpCgojCiMgUzJJIEdlbmVyYXRlCiMKCnBoYXNlICJHZW5lcmF0aW5nIHRoZSBEb2NrZXJmaWxlIGZvciBTMkkgYnVpbGRlciBpbWFnZSAnJHtTMklfQlVJTERFUl9JTUFHRX0nIgpzMmkgLS1sb2dsZXZlbCAiJHtTMklfTE9HTEVWRUx9IiBcCiAgICBidWlsZCAiJHtQQVJBTVNfQ09OVEVYVH0iICIke1MySV9CVUlMREVSX0lNQUdFfSIgXAogICAgICAgIC0taW1hZ2Utc2NyaXB0cy11cmwgIiR7UEFSQU1TX0lNQUdFX1NDUklQVFNfVVJMfSIgXAogICAgICAgIC0tYXMtZG9ja2VyZmlsZSAiJHtTMklfRE9DS0VSRklMRX0iIFwKICAgICAgICAtLWVudmlyb25tZW50LWZpbGUgIiR7UzJJX0VOVklST05NRU5UX0ZJTEV9IgoKcGhhc2UgIkluc3BlY3RpbmcgdGhlIERvY2tlcmZpbGUgZ2VuZXJhdGVkIGF0ICcke1MySV9ET0NLRVJGSUxFfSciCltbICEgLWYgIiR7UzJJX0RPQ0tFUkZJTEV9IiBdXSAmJgogICAgZmFpbCAiR2VuZXJhdGVkIERvY2tlcmZpbGUgaXMgbm90IGZvdW5kISIKCnNldCAreApwaGFzZSAiR2VuZXJhdGVkIERvY2tlcmZpbGUgcGF5bG9hZCIKZWNobyAtZW4gIj4+PiAke1MySV9ET0NLRVJGSUxFfVxuJChjYXQgJHtTMklfRE9DS0VSRklMRX0pXG48PDwgRU9GXG4iCg==" |base64 -d >"/scripts/s2i-generate.sh" + ls /scripts/s2i-*.sh; + chmod +x /scripts/s2i-*.sh;echo "Running Script /scripts/s2i-generate.sh"; + /scripts/s2i-generate.sh; + args: + - "$(params.ENV_VARS[*])" + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: s2i-generate-dir + mountPath: /s2i-generate + + - name: s2i-build + image: registry.access.redhat.com/ubi8/buildah:8.10-5 + workingDir: /s2i-generate + command: + - /scripts/s2i-build.sh + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: s2i-generate-dir + mountPath: /s2i-generate + + volumes: + - name: scripts-dir + emptyDir: {} + - name: s2i-generate-dir + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-s2i-go/task-s2i-go-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-s2i-go/task-s2i-go-task.yaml new file mode 100644 index 0000000000..8d54be6b9f --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-s2i-go/task-s2i-go-task.yaml @@ -0,0 +1,197 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-s2i-go/0.4.1/task-s2i-go.yaml +# +--- +--- +# Source: task-containers/templates/task-s2i-go.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: s2i-go + labels: + app.kubernetes.io/version: 0.4.1 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-containers" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/categories: containers + tekton.dev/pipelines.minVersion: 0.41.0 + tekton.dev/tags: containers +spec: + description: | + Builds the source code using the s2i's Golang builder-image + "image-registry.openshift-image-registry.svc:5000/openshift/golang". + + + workspaces: + - name: source + optional: false + description: | + Application source code, the build context for S2I workflow. + - name: dockerconfig + optional: true + description: >- + An optional workspace that allows providing a .docker/config.json file for Buildah to access the container registry. + The file should be placed at the root of the Workspace with name config.json. + + params: + - name: IMAGE + type: string + description: | + Fully qualified container image name to be built by s2i. + - name: VERSION + description: The tag of the imagestream for the corresponding language version + default: latest + type: string + - name: IMAGE_SCRIPTS_URL + type: string + default: image:///usr/libexec/s2i + description: | + Specify a URL containing the default assemble and run scripts for the builder image + - name: ENV_VARS + type: array + default: [] + description: | + Array containing string of Environment Variables as "KEY=VALUE" + - name: CONTEXT + type: string + default: "." + description: | + Path to the directory to use as context. + - name: STORAGE_DRIVER + type: string + default: vfs + description: | + Set buildah storage driver to reflect the currrent cluster node's + settings. + - name: FORMAT + description: The format of the built container, oci or docker + default: "oci" + - name: BUILD_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the build command when building images. + - name: PUSH_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the push command when pushing images. + - name: SKIP_PUSH + default: "false" + description: | + Skip pushing the image to the container registry. + - name: TLS_VERIFY + type: string + default: "true" + description: | + Sets the TLS verification flag, `true` is recommended. + - name: VERBOSE + type: string + default: "false" + description: | + Turns on verbose logging, all commands executed will be printed out. + + results: + - name: IMAGE_URL + description: | + Fully qualified image name. + - name: IMAGE_DIGEST + description: | + Digest of the image just built. + + stepTemplate: + env: + + - name: PARAMS_IMAGE + value: "$(params.IMAGE)" + - name: PARAMS_VERSION + value: "$(params.VERSION)" + - name: PARAMS_IMAGE_SCRIPTS_URL + value: "$(params.IMAGE_SCRIPTS_URL)" + - name: PARAMS_CONTEXT + value: "$(params.CONTEXT)" + - name: PARAMS_FORMAT + value: "$(params.FORMAT)" + - name: PARAMS_STORAGE_DRIVER + value: "$(params.STORAGE_DRIVER)" + - name: PARAMS_BUILD_EXTRA_ARGS + value: "$(params.BUILD_EXTRA_ARGS)" + - name: PARAMS_PUSH_EXTRA_ARGS + value: "$(params.PUSH_EXTRA_ARGS)" + - name: PARAMS_SKIP_PUSH + value: "$(params.SKIP_PUSH)" + - name: PARAMS_TLS_VERIFY + value: "$(params.TLS_VERIFY)" + - name: PARAMS_VERBOSE + value: "$(params.VERBOSE)" + - name: WORKSPACES_SOURCE_BOUND + value: "$(workspaces.source.bound)" + - name: WORKSPACES_SOURCE_PATH + value: "$(workspaces.source.path)" + - name: WORKSPACES_DOCKERCONFIG_BOUND + value: "$(workspaces.dockerconfig.bound)" + - name: WORKSPACES_DOCKERCONFIG_PATH + value: "$(workspaces.dockerconfig.path)" + - name: RESULTS_IMAGE_URL_PATH + value: "$(results.IMAGE_URL.path)" + - name: RESULTS_IMAGE_DIGEST_PATH + value: "$(results.IMAGE_DIGEST.path)" + + steps: + - name: s2i-generate + image: registry.access.redhat.com/source-to-image/source-to-image-rhel8:v1.3.9-6 + workingDir: $(workspaces.source.path) + env: + - name: S2I_BUILDER_IMAGE + value: "image-registry.openshift-image-registry.svc:5000/openshift/golang:$(params.VERSION)" + script: | + set -e + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgV3JhcHBlciBhcm91bmQgImJ1aWxkYWggYnVkIiB0byBidWlsZCBhbmQgcHVzaCBhIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiBhIERvY2tlcmZpbGUuCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvYnVpbGRhaC1jb21tb24uc2giCgpmdW5jdGlvbiBfYnVpbGRhaCgpIHsKICAgIGJ1aWxkYWggXAogICAgICAgIC0tc3RvcmFnZS1kcml2ZXI9IiR7UEFSQU1TX1NUT1JBR0VfRFJJVkVSfSIgXAogICAgICAgIC0tdGxzLXZlcmlmeT0iJHtQQVJBTVNfVExTX1ZFUklGWX0iIFwKICAgICAgICAkeyp9Cn0KCiMKIyBQcmVwYXJlCiMKCiMgbWFraW5nIHN1cmUgdGhlIHJlcXVpcmVkIHdvcmtzcGFjZSAic291cmNlIiBpcyBib3VuZGVkLCB3aGljaCBtZWFucyBpdHMgdm9sdW1lIGlzIGN1cnJlbnRseSBtb3VudGVkCiMgYW5kIHJlYWR5IHRvIHVzZQpwaGFzZSAiSW5zcGVjdGluZyBzb3VyY2Ugd29ya3NwYWNlICcke1dPUktTUEFDRVNfU09VUkNFX1BBVEh9JyAoUFdEPScke1BXRH0nKSIKW1sgIiR7V09SS1NQQUNFU19TT1VSQ0VfQk9VTkR9IiAhPSAidHJ1ZSIgXV0gJiYKICAgIGZhaWwgIldvcmtzcGFjZSAnc291cmNlJyBpcyBub3QgYm91bmRlZCIKCnBoYXNlICJBc3NlcnRpbmcgdGhlIGRvY2tlcmZpbGUvY29udGFpbmVyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyBleGlzdHMiCltbICEgLWYgIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgIkRvY2tlcmZpbGUgbm90IGZvdW5kIGF0OiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJDT05URVhUIHBhcmFtIGlzIG5vdCBmb3VuZCBhdCAnJHtQQVJBTVNfQ09OVEVYVH0nLCBvbiBzb3VyY2Ugd29ya3NwYWNlIgoKcGhhc2UgIkJ1aWxkaW5nIGJ1aWxkIGFyZ3MiCkJVSUxEX0FSR1M9KCkKZm9yIGJ1aWxkYXJnIGluICIkQCI7IGRvCiAgICBCVUlMRF9BUkdTKz0oIi0tYnVpbGQtYXJnPSRidWlsZGFyZyIpCmRvbmUKCiMgSGFuZGxlIG9wdGlvbmFsIGRvY2tlcmNvbmZpZyBzZWNyZXQKaWYgW1sgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfQk9VTkR9IiA9PSAidHJ1ZSIgXV07IHRoZW4KCiAgICAjIGlmIGNvbmZpZy5qc29uIGV4aXN0cyBhdCB3b3Jrc3BhY2Ugcm9vdCwgd2UgdXNlIHRoYXQKICAgIGlmIHRlc3QgLWYgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0vY29uZmlnLmpzb24iOyB0aGVuCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0iCgogICAgICAgICMgZWxzZSB3ZSBsb29rIGZvciAuZG9ja2VyY29uZmlnanNvbiBhdCB0aGUgcm9vdAogICAgZWxpZiB0ZXN0IC1mICIke1dPUktTUEFDRVNfRE9DS0VSQ09ORklHX1BBVEh9Ly5kb2NrZXJjb25maWdqc29uIjsgdGhlbgogICAgICAgICMgZW5zdXJlIC5kb2NrZXIgZXhpc3QgYmVmb3JlIHRoZSBjb3B5aW5nIHRoZSBjb250ZW50CiAgICAgICAgaWYgWyAhIC1kICIkSE9NRS8uZG9ja2VyIiBdOyB0aGVuCiAgICAgICAgICAgbWtkaXIgLXAgIiRIT01FLy5kb2NrZXIiCiAgICAgICAgZmkKICAgICAgICBjcCAiJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIfS8uZG9ja2VyY29uZmlnanNvbiIgIiRIT01FLy5kb2NrZXIvY29uZmlnLmpzb24iCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiRIT01FLy5kb2NrZXIiCgogICAgICAgICMgbmVlZCB0byBlcnJvciBvdXQgaWYgbmVpdGhlciBmaWxlcyBhcmUgcHJlc2VudAogICAgZWxzZQogICAgICAgIGVjaG8gIm5laXRoZXIgJ2NvbmZpZy5qc29uJyBub3IgJy5kb2NrZXJjb25maWdqc29uJyBmb3VuZCBhdCB3b3Jrc3BhY2Ugcm9vdCIKICAgICAgICBleGl0IDEKICAgIGZpCmZpCgpFTlRJVExFTUVOVF9WT0xVTUU9IiIKaWYgW1sgIiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX0JPVU5EfSIgPT0gInRydWUiIF1dOyB0aGVuCiAgICBFTlRJVExFTUVOVF9WT0xVTUU9Ii0tdm9sdW1lICR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEh9Oi9ldGMvcGtpL2VudGl0bGVtZW50IgpmaQoKIwojIEJ1aWxkCiMKCnBoYXNlICJCdWlsZGluZyAnJHtQQVJBTVNfSU1BR0V9JyBiYXNlZCBvbiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCltbIC1uICIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX0JVSUxEX0VYVFJBX0FSR1N9JyIKCl9idWlsZGFoIGJ1ZCAke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSBcCiAgICAkRU5USVRMRU1FTlRfVk9MVU1FIFwKICAgICIke0JVSUxEX0FSR1NbQF19IiBcCiAgICAtLWZpbGU9IiR7RE9DS0VSRklMRV9GVUxMfSIgXAogICAgLS10YWc9IiR7UEFSQU1TX0lNQUdFfSIgXAogICAgIiR7UEFSQU1TX0NPTlRFWFR9IgoKaWYgW1sgIiR7UEFSQU1TX1NLSVBfUFVTSH0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgcGhhc2UgIlNraXBwaW5nIHB1c2hpbmcgJyR7UEFSQU1TX0lNQUdFfScgdG8gdGhlIGNvbnRhaW5lciByZWdpc3RyeSEiCiAgICBleGl0IDAKZmkKCiMKIyBQdXNoCiMKCnBoYXNlICJQdXNoaW5nICcke1BBUkFNU19JTUFHRX0nIHRvIHRoZSBjb250YWluZXIgcmVnaXN0cnkiCgpbWyAtbiAiJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX1BVU0hfRVhUUkFfQVJHU30nIgoKIyB0ZW1wb3JhcnkgZmlsZSB0byBzdG9yZSB0aGUgaW1hZ2UgZGlnZXN0LCBpbmZvcm1hdGlvbiBvbmx5IG9idGFpbmVkIGFmdGVyIHB1c2hpbmcgdGhlIGltYWdlIHRvIHRoZQojIGNvbnRhaW5lciByZWdpc3RyeQpkZWNsYXJlIC1yIGRpZ2VzdF9maWxlPSIvdG1wL2J1aWxkYWgtZGlnZXN0LnR4dCIKCl9idWlsZGFoIHB1c2ggJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSBcCiAgICAtLWRpZ2VzdGZpbGU9IiR7ZGlnZXN0X2ZpbGV9IiBcCiAgICAiJHtQQVJBTVNfSU1BR0V9IiBcCiAgICAiZG9ja2VyOi8vJHtQQVJBTVNfSU1BR0V9IgoKIwojIFJlc3VsdHMKIwoKcGhhc2UgIkluc3BlY3RpbmcgZGlnZXN0IHJlcG9ydCAoJyR7ZGlnZXN0X2ZpbGV9JykiCgpbWyAhIC1yICIke2RpZ2VzdF9maWxlfSIgXV0gJiYKICAgIGZhaWwgIlVuYWJsZSB0byBmaW5kIGRpZ2VzdC1maWxlIGF0ICcke2RpZ2VzdF9maWxlfSciCgpkZWNsYXJlIC1yIGRpZ2VzdF9zdW09IiQoY2F0ICR7ZGlnZXN0X2ZpbGV9KSIKCltbIC16ICIke2RpZ2VzdF9zdW19IiBdXSAmJgogICAgZmFpbCAiRGlnZXN0IGZpbGUgJyR7ZGlnZXN0X2ZpbGV9JyBpcyBlbXB0eSEiCgpwaGFzZSAiU3VjY2Vzc2Z1bHkgYnVpbHQgY29udGFpbmVyIGltYWdlICcke1BBUkFNU19JTUFHRX0nICgnJHtkaWdlc3Rfc3VtfScpIgplY2hvIC1uICIke1BBUkFNU19JTUFHRX0iIHwgdGVlICR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSH0KZWNobyAtbiAiJHtkaWdlc3Rfc3VtfSIgfCB0ZWUgJHtSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIfQo=" |base64 -d >"/scripts/buildah-bud.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKZGVjbGFyZSAtcnggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKZGVjbGFyZSAtcnggUEFSQU1TX0RPQ0tFUkZJTEU9IiR7UEFSQU1TX0RPQ0tFUkZJTEU6LX0iCmRlY2xhcmUgLXggUEFSQU1TX0NPTlRFWFQ9IiR7UEFSQU1TX0NPTlRFWFQ6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TVE9SQUdFX0RSSVZFUj0iJHtQQVJBTVNfU1RPUkFHRV9EUklWRVI6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19CVUlMRF9FWFRSQV9BUkdTPSIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTOi19IgpkZWNsYXJlIC1yeCBQQVJBTVNfUFVTSF9FWFRSQV9BUkdTPSIke1BBUkFNU19QVVNIX0VYVFJBX0FSR1M6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TS0lQX1BVU0g9IiR7UEFSQU1TX1NLSVBfUFVTSDotfSIKZGVjbGFyZSAtcnggUEFSQU1TX1RMU19WRVJJRlk9IiR7UEFSQU1TX1RMU19WRVJJRlk6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19WRVJCT1NFPSIke1BBUkFNU19WRVJCT1NFOi19IgoKZGVjbGFyZSAtcnggV09SS1NQQUNFU19TT1VSQ0VfUEFUSD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg9IiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFdPUktTUEFDRVNfUkhFTF9FTlRJVExFTUVOVF9CT1VORD0iJHtXT1JLU1BBQ0VTX1JIRUxfRU5USVRMRU1FTlRfQk9VTkQ6LX0iCgpkZWNsYXJlIC1yeCBSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIPSIke1JFU1VMVFNfSU1BR0VfRElHRVNUX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFJFU1VMVFNfSU1BR0VfVVJMX1BBVEg9IiR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSDotfSIKCiMKIyBEb2NrZXJmaWxlCiMKCiMgZXhwb3NpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUsIHdoaWNoIGJ5IGRlZmF1bHQgc2hvdWxkIGJlIHJlbGF0aXZlIHRvIHRoZSBwcmltYXJ5CiMgd29ya3NwYWNlLCB0byByZWNlaXZlIGEgZGlmZmVyZW50IGNvbnRhaW5lci1maWxlIGxvY2F0aW9uCmRlY2xhcmUgLXIgZG9ja2VyZmlsZV9vbl93cz0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19ET0NLRVJGSUxFfSIKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7RE9DS0VSRklMRV9GVUxMOi0ke2RvY2tlcmZpbGVfb25fd3N9fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKW1sgLXogIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgInVuYWJsZSB0byBmaW5kIHRoZSBEb2NrZXJmaWxlLCBET0NLRVJGSUxFIG1heSBoYXZlIGFuIGluY29ycmVjdCBsb2NhdGlvbiIKCmV4cG9ydGVkX29yX2ZhaWwgXAogICAgV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBcCiAgICBQQVJBTVNfSU1BR0UKCiMKIyBWZXJib3NlIE91dHB1dAojCgppZiBbWyAiJHtQQVJBTVNfVkVSQk9TRX0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgc2V0IC14CmZpCg==" |base64 -d >"/scripts/buildah-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + ls /scripts/buildah-*.sh; + chmod +x /scripts/buildah-*.sh; + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVXNlcyB0aGUgRG9ja2VyZmlsZSBnZW5lcmF0ZWQgYnkgczJpIHRvIGFzc2VtYmxlIGEgbmV3IGNvbnRhaW5lciBpbWFnZSB1c2luZyBidWlsZGFoLgojCgpzaG9wdCAtcyBpbmhlcml0X2VycmV4aXQKc2V0IC1ldSAtbyBwaXBlZmFpbAoKZGVjbGFyZSAtciBjdXJfZGlyPSIkKGRpcm5hbWUgJHtCQVNIX1NPVVJDRVswXX0pIgoKc291cmNlICIke2N1cl9kaXJ9L2NvbW1vbi5zaCIKc291cmNlICIke2N1cl9kaXJ9L3MyaS1jb21tb24uc2giCgojIGxvYWRpbmcgYnVpbGRhaCBzZXR0aW5ncyBvdmVyd3JpdHRpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7UzJJX0RPQ0tFUkZJTEV9Igpzb3VyY2UgIiR7Y3VyX2Rpcn0vYnVpbGRhaC1jb21tb24uc2giCgpwaGFzZSAiQ2hhbmdpbmcgJFBBUkFNU19DT05URVhUIHRvIHBvaW50IHRvIHByZXNlbnQgd29ya2luZyBkaXJlY3RvcnkiCltbICIkUEFSQU1TX0NPTlRFWFQiICE9ICIuIiBdXSAmJiAKICAgIFBBUkFNU19DT05URVhUPSIuIgoKcGhhc2UgIkluc3BlY3RpbmcgY29udGV4dCAnJHtQQVJBTVNfQ09OVEVYVH0nIgpbWyAhIC1kICIke1BBUkFNU19DT05URVhUfSIgXV0gJiYKICAgIGZhaWwgIkFwcGxpY2F0aW9uIHNvdXJjZSBjb2RlIGRpcmVjdG9yeSBub3QgZm91bmQgYXQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKCnBoYXNlICJCdWlsZGluZyB0aGUgRG9ja2VyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyB3aXRoIGJ1aWxkYWgiCmV4ZWMgJHtjdXJfZGlyfS9idWlsZGFoLWJ1ZC5zaAo=" |base64 -d >"/scripts/s2i-build.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0YXJnZXQgaW1hZ2UgbmFtZSAoZnVsbHkgcXVhbGlmaWVkKSB0byBiZSBidWlsZCB3aXRoIHMyaSwgcmVkZWNsYXJpbmcgdGhlIHNhbWUgcGFyYW1ldGVyIG5hbWUgdGhhbgojIGJ1aWxkYWggdGFzayB1c2VzCmRlY2xhcmUgLXggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKIyBTcGVjaWZ5IGEgVVJMIGNvbnRhaW5pbmcgdGhlIGRlZmF1bHQgYXNzZW1ibGUgYW5kIHJ1biBzY3JpcHRzIGZvciB0aGUgYnVpbGRlciBpbWFnZQpkZWNsYXJlIC1yeCBQQVJBTVNfSU1BR0VfU0NSSVBUU19VUkw9IiR7UEFSQU1TX0lNQUdFX1NDUklQVFNfVVJMOi19IgoKIyB2b2x1bWUgbW91bnQgb3IgZGlyZWN0b3J5IHJlc3BvbnNpYmxlIGZvciBob2xkaW5nIGZpbGVzIAojIGxpa2UgZW52LCBEb2NrZXJmaWxlIGFuZCBhbnkgb3RoZXJzIG5lZWRlZCB0byBzdXBwb3J0IHMyaQpkZWNsYXJlIC1yeCBTMklfR0VORVJBVEVfRElSRUNUT1JZPSIke1MySV9HRU5FUkFURV9ESVJFQ1RPUlk6LS9zMmktZ2VuZXJhdGV9IgoKIyBmdWxsIHBhdGggdG8gdGhlIGNvbnRhaW5lciBmaWxlIGdlbmVyYXRlZCBieSBzMmkKZGVjbGFyZSAtcnggUzJJX0RPQ0tFUkZJTEU9IiR7UzJJX0RPQ0tFUkZJTEU6LSR7UzJJX0dFTkVSQVRFX0RJUkVDVE9SWX0vRG9ja2VyZmlsZS5nZW59IgoKIyBmdWxsIHBhdGggdG8gdGhlIGVudiBmaWxlIHVzZWQgd2l0aCB0aGUgLS1lbnZpcm9ubWVudC1maWxlIHBhcmFtZXRlciBvZiBzMmkKZGVjbGFyZSAtcnggUzJJX0VOVklST05NRU5UX0ZJTEU9IiR7UzJJX0VOVklST05NRU5UX0ZJTEU6LSR7UzJJX0dFTkVSQVRFX0RJUkVDVE9SWX0vZW52fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKZXhwb3J0ZWRfb3JfZmFpbCBcCiAgICBXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIIFwKICAgIFBBUkFNU19JTUFHRQoKIwojIFZlcmJvc2UgT3V0cHV0CiMKCmRlY2xhcmUgLXggUzJJX0xPR0xFVkVMPSIwIgoKaWYgW1sgIiR7UEFSQU1TX1ZFUkJPU0V9IiA9PSAidHJ1ZSIgXV07IHRoZW4KICAgIFMySV9MT0dMRVZFTD0iMiIKICAgIHNldCAteApmaQo=" |base64 -d >"/scripts/s2i-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVXNlcyBzMmkgdG8gZ2VuZXJhdGUgdGhlIHJlcGVzY3RpdmUgQ29udGFpbmVyZmlsZSBiYXNlZCBvbiB0aGUgaW5mb21yZWQgYnVpbGRlci4gVGhlIENvbnRhaW5lcmZpbGUKIyBpcyBzdG9yZWQgb24gYSB0ZW1wb3JhcnkgbG9jYXRpb24uCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvczJpLWNvbW1vbi5zaCIKCiMgczJpIGJ1aWxkZXIgaW1hZ2UgbmFtZSAoZnVsbHkgcXVhbGlmaWVkKQpkZWNsYXJlIC1yeCBTMklfQlVJTERFUl9JTUFHRT0iJHtTMklfQlVJTERFUl9JTUFHRTotfSIKCiMgdGFrZXMgdGhlIHZhbHVlcyBpbiBhcmd1bWVudCBFTlZfVkFSUyBhbmQgY3JlYXRlcyBhbiBhcnJheSB1c2luZyB0aG9zZSB2YWx1ZXMKZGVjbGFyZSAtcmEgRU5WX1ZBUlM9KCR7QH0pCgojIHJlLXVzaW5nIHRoZSBzYW1lIHBhcmFtZXRlcnMgdGhhbiBidWlsZGFoLCBzMmkgbmVlZHMgYnVpbGRhaCBhYmlsaXRpZXMgdG8gY3JlYXRlIHRoZSBmaW5hbAojIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiB3aGF0IHMyaSBnZW5lcmF0ZXMKc291cmNlICIkKGRpcm5hbWUgJHtCQVNIX1NPVVJDRVswXX0pL2J1aWxkYWgtY29tbW9uLnNoIgoKIwojIFByZXBhcmUKIwoKIyBtYWtpbmcgc3VyZSB0aGUgcmVxdWlyZWQgd29ya3NwYWNlICJzb3VyY2UiIGlzIGJvdW5kZWQsIHdoaWNoIG1lYW5zIGl0cyB2b2x1bWUgaXMgY3VycmVudGx5IG1vdW50ZWQKIyBhbmQgcmVhZHkgdG8gdXNlCnBoYXNlICJJbnNwZWN0aW5nIHNvdXJjZSB3b3Jrc3BhY2UgJyR7V09SS1NQQUNFU19TT1VSQ0VfUEFUSH0nIChQV0Q9JyR7UFdEfScpIgpbWyAiJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORH0iICE9ICJ0cnVlIiBdXSAmJgogICAgZmFpbCAiV29ya3NwYWNlICdzb3VyY2UnIGlzIG5vdCBib3VuZGVkIgoKcGhhc2UgIkFwcGVuZGluZyAkUEFSQU1TX0NPTlRFWFQgd2l0aCAkV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBpZiBpdCdzIHJlbGF0aXZlIgpbWyAiJFBBUkFNU19DT05URVhUIiAhPSAiLiIgJiYgIiRQQVJBTVNfQ09OVEVYVCIgIT0gLyogXV0gJiYgCiAgICBQQVJBTVNfQ09OVEVYVD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19DT05URVhUfSIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJBcHBsaWNhdGlvbiBzb3VyY2UgY29kZSBkaXJlY3Rvcnkgbm90IGZvdW5kIGF0ICcke1BBUkFNU19DT05URVhUfSciCgpwaGFzZSAiQWRkaW5nIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdG8gJyR7UzJJX0VOVklST05NRU5UX0ZJTEV9JyIKCiMgYWRkIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdGhhdCBhcmUgc2VudCBhcyBjb21tYW5kIGxpbmUgYXJndW1lbnRzIGZyb20gRU5WX1ZBUlMgcGFyYW1ldGVyCnRvdWNoICIke1MySV9FTlZJUk9OTUVOVF9GSUxFfSIKaWYgWyAkeyNFTlZfVkFSU1tAXX0gLWd0IDAgXTsgdGhlbgogICAgZm9yIGVudl92YXIgaW4gIiR7RU5WX1ZBUlNbQF19IjsgZG8KICAgICAgICBlY2hvICIke2Vudl92YXJ9IiA+PiAiJHtTMklfRU5WSVJPTk1FTlRfRklMRX0iCiAgICBkb25lCmZpCgojCiMgUzJJIEdlbmVyYXRlCiMKCnBoYXNlICJHZW5lcmF0aW5nIHRoZSBEb2NrZXJmaWxlIGZvciBTMkkgYnVpbGRlciBpbWFnZSAnJHtTMklfQlVJTERFUl9JTUFHRX0nIgpzMmkgLS1sb2dsZXZlbCAiJHtTMklfTE9HTEVWRUx9IiBcCiAgICBidWlsZCAiJHtQQVJBTVNfQ09OVEVYVH0iICIke1MySV9CVUlMREVSX0lNQUdFfSIgXAogICAgICAgIC0taW1hZ2Utc2NyaXB0cy11cmwgIiR7UEFSQU1TX0lNQUdFX1NDUklQVFNfVVJMfSIgXAogICAgICAgIC0tYXMtZG9ja2VyZmlsZSAiJHtTMklfRE9DS0VSRklMRX0iIFwKICAgICAgICAtLWVudmlyb25tZW50LWZpbGUgIiR7UzJJX0VOVklST05NRU5UX0ZJTEV9IgoKcGhhc2UgIkluc3BlY3RpbmcgdGhlIERvY2tlcmZpbGUgZ2VuZXJhdGVkIGF0ICcke1MySV9ET0NLRVJGSUxFfSciCltbICEgLWYgIiR7UzJJX0RPQ0tFUkZJTEV9IiBdXSAmJgogICAgZmFpbCAiR2VuZXJhdGVkIERvY2tlcmZpbGUgaXMgbm90IGZvdW5kISIKCnNldCAreApwaGFzZSAiR2VuZXJhdGVkIERvY2tlcmZpbGUgcGF5bG9hZCIKZWNobyAtZW4gIj4+PiAke1MySV9ET0NLRVJGSUxFfVxuJChjYXQgJHtTMklfRE9DS0VSRklMRX0pXG48PDwgRU9GXG4iCg==" |base64 -d >"/scripts/s2i-generate.sh" + ls /scripts/s2i-*.sh; + chmod +x /scripts/s2i-*.sh;echo "Running Script /scripts/s2i-generate.sh"; + /scripts/s2i-generate.sh; + args: + - "$(params.ENV_VARS[*])" + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: s2i-generate-dir + mountPath: /s2i-generate + + - name: s2i-build + image: registry.access.redhat.com/ubi8/buildah:8.10-5 + workingDir: /s2i-generate + command: + - /scripts/s2i-build.sh + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: s2i-generate-dir + mountPath: /s2i-generate + + volumes: + - name: scripts-dir + emptyDir: {} + - name: s2i-generate-dir + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-s2i-java/task-s2i-java-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-s2i-java/task-s2i-java-task.yaml new file mode 100644 index 0000000000..b4b0ba2715 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-s2i-java/task-s2i-java-task.yaml @@ -0,0 +1,197 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-s2i-java/0.4.1/task-s2i-java.yaml +# +--- +--- +# Source: task-containers/templates/task-s2i-java.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: s2i-java + labels: + app.kubernetes.io/version: 0.4.1 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-containers" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/categories: containers + tekton.dev/pipelines.minVersion: 0.41.0 + tekton.dev/tags: containers +spec: + description: | + Builds the source code using the s2i's Java builder-image + "image-registry.openshift-image-registry.svc:5000/openshift/java". + + + workspaces: + - name: source + optional: false + description: | + Application source code, the build context for S2I workflow. + - name: dockerconfig + optional: true + description: >- + An optional workspace that allows providing a .docker/config.json file for Buildah to access the container registry. + The file should be placed at the root of the Workspace with name config.json. + + params: + - name: IMAGE + type: string + description: | + Fully qualified container image name to be built by s2i. + - name: VERSION + description: The tag of the imagestream for the corresponding language version + default: latest + type: string + - name: IMAGE_SCRIPTS_URL + type: string + default: image:///usr/libexec/s2i + description: | + Specify a URL containing the default assemble and run scripts for the builder image + - name: ENV_VARS + type: array + default: [] + description: | + Array containing string of Environment Variables as "KEY=VALUE" + - name: CONTEXT + type: string + default: "." + description: | + Path to the directory to use as context. + - name: STORAGE_DRIVER + type: string + default: vfs + description: | + Set buildah storage driver to reflect the currrent cluster node's + settings. + - name: FORMAT + description: The format of the built container, oci or docker + default: "oci" + - name: BUILD_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the build command when building images. + - name: PUSH_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the push command when pushing images. + - name: SKIP_PUSH + default: "false" + description: | + Skip pushing the image to the container registry. + - name: TLS_VERIFY + type: string + default: "true" + description: | + Sets the TLS verification flag, `true` is recommended. + - name: VERBOSE + type: string + default: "false" + description: | + Turns on verbose logging, all commands executed will be printed out. + + results: + - name: IMAGE_URL + description: | + Fully qualified image name. + - name: IMAGE_DIGEST + description: | + Digest of the image just built. + + stepTemplate: + env: + + - name: PARAMS_IMAGE + value: "$(params.IMAGE)" + - name: PARAMS_VERSION + value: "$(params.VERSION)" + - name: PARAMS_IMAGE_SCRIPTS_URL + value: "$(params.IMAGE_SCRIPTS_URL)" + - name: PARAMS_CONTEXT + value: "$(params.CONTEXT)" + - name: PARAMS_FORMAT + value: "$(params.FORMAT)" + - name: PARAMS_STORAGE_DRIVER + value: "$(params.STORAGE_DRIVER)" + - name: PARAMS_BUILD_EXTRA_ARGS + value: "$(params.BUILD_EXTRA_ARGS)" + - name: PARAMS_PUSH_EXTRA_ARGS + value: "$(params.PUSH_EXTRA_ARGS)" + - name: PARAMS_SKIP_PUSH + value: "$(params.SKIP_PUSH)" + - name: PARAMS_TLS_VERIFY + value: "$(params.TLS_VERIFY)" + - name: PARAMS_VERBOSE + value: "$(params.VERBOSE)" + - name: WORKSPACES_SOURCE_BOUND + value: "$(workspaces.source.bound)" + - name: WORKSPACES_SOURCE_PATH + value: "$(workspaces.source.path)" + - name: WORKSPACES_DOCKERCONFIG_BOUND + value: "$(workspaces.dockerconfig.bound)" + - name: WORKSPACES_DOCKERCONFIG_PATH + value: "$(workspaces.dockerconfig.path)" + - name: RESULTS_IMAGE_URL_PATH + value: "$(results.IMAGE_URL.path)" + - name: RESULTS_IMAGE_DIGEST_PATH + value: "$(results.IMAGE_DIGEST.path)" + + steps: + - name: s2i-generate + image: registry.access.redhat.com/source-to-image/source-to-image-rhel8:v1.3.9-6 + workingDir: $(workspaces.source.path) + env: + - name: S2I_BUILDER_IMAGE + value: "image-registry.openshift-image-registry.svc:5000/openshift/java:$(params.VERSION)" + script: | + set -e + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgV3JhcHBlciBhcm91bmQgImJ1aWxkYWggYnVkIiB0byBidWlsZCBhbmQgcHVzaCBhIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiBhIERvY2tlcmZpbGUuCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvYnVpbGRhaC1jb21tb24uc2giCgpmdW5jdGlvbiBfYnVpbGRhaCgpIHsKICAgIGJ1aWxkYWggXAogICAgICAgIC0tc3RvcmFnZS1kcml2ZXI9IiR7UEFSQU1TX1NUT1JBR0VfRFJJVkVSfSIgXAogICAgICAgIC0tdGxzLXZlcmlmeT0iJHtQQVJBTVNfVExTX1ZFUklGWX0iIFwKICAgICAgICAkeyp9Cn0KCiMKIyBQcmVwYXJlCiMKCiMgbWFraW5nIHN1cmUgdGhlIHJlcXVpcmVkIHdvcmtzcGFjZSAic291cmNlIiBpcyBib3VuZGVkLCB3aGljaCBtZWFucyBpdHMgdm9sdW1lIGlzIGN1cnJlbnRseSBtb3VudGVkCiMgYW5kIHJlYWR5IHRvIHVzZQpwaGFzZSAiSW5zcGVjdGluZyBzb3VyY2Ugd29ya3NwYWNlICcke1dPUktTUEFDRVNfU09VUkNFX1BBVEh9JyAoUFdEPScke1BXRH0nKSIKW1sgIiR7V09SS1NQQUNFU19TT1VSQ0VfQk9VTkR9IiAhPSAidHJ1ZSIgXV0gJiYKICAgIGZhaWwgIldvcmtzcGFjZSAnc291cmNlJyBpcyBub3QgYm91bmRlZCIKCnBoYXNlICJBc3NlcnRpbmcgdGhlIGRvY2tlcmZpbGUvY29udGFpbmVyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyBleGlzdHMiCltbICEgLWYgIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgIkRvY2tlcmZpbGUgbm90IGZvdW5kIGF0OiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJDT05URVhUIHBhcmFtIGlzIG5vdCBmb3VuZCBhdCAnJHtQQVJBTVNfQ09OVEVYVH0nLCBvbiBzb3VyY2Ugd29ya3NwYWNlIgoKcGhhc2UgIkJ1aWxkaW5nIGJ1aWxkIGFyZ3MiCkJVSUxEX0FSR1M9KCkKZm9yIGJ1aWxkYXJnIGluICIkQCI7IGRvCiAgICBCVUlMRF9BUkdTKz0oIi0tYnVpbGQtYXJnPSRidWlsZGFyZyIpCmRvbmUKCiMgSGFuZGxlIG9wdGlvbmFsIGRvY2tlcmNvbmZpZyBzZWNyZXQKaWYgW1sgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfQk9VTkR9IiA9PSAidHJ1ZSIgXV07IHRoZW4KCiAgICAjIGlmIGNvbmZpZy5qc29uIGV4aXN0cyBhdCB3b3Jrc3BhY2Ugcm9vdCwgd2UgdXNlIHRoYXQKICAgIGlmIHRlc3QgLWYgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0vY29uZmlnLmpzb24iOyB0aGVuCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0iCgogICAgICAgICMgZWxzZSB3ZSBsb29rIGZvciAuZG9ja2VyY29uZmlnanNvbiBhdCB0aGUgcm9vdAogICAgZWxpZiB0ZXN0IC1mICIke1dPUktTUEFDRVNfRE9DS0VSQ09ORklHX1BBVEh9Ly5kb2NrZXJjb25maWdqc29uIjsgdGhlbgogICAgICAgICMgZW5zdXJlIC5kb2NrZXIgZXhpc3QgYmVmb3JlIHRoZSBjb3B5aW5nIHRoZSBjb250ZW50CiAgICAgICAgaWYgWyAhIC1kICIkSE9NRS8uZG9ja2VyIiBdOyB0aGVuCiAgICAgICAgICAgbWtkaXIgLXAgIiRIT01FLy5kb2NrZXIiCiAgICAgICAgZmkKICAgICAgICBjcCAiJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIfS8uZG9ja2VyY29uZmlnanNvbiIgIiRIT01FLy5kb2NrZXIvY29uZmlnLmpzb24iCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiRIT01FLy5kb2NrZXIiCgogICAgICAgICMgbmVlZCB0byBlcnJvciBvdXQgaWYgbmVpdGhlciBmaWxlcyBhcmUgcHJlc2VudAogICAgZWxzZQogICAgICAgIGVjaG8gIm5laXRoZXIgJ2NvbmZpZy5qc29uJyBub3IgJy5kb2NrZXJjb25maWdqc29uJyBmb3VuZCBhdCB3b3Jrc3BhY2Ugcm9vdCIKICAgICAgICBleGl0IDEKICAgIGZpCmZpCgpFTlRJVExFTUVOVF9WT0xVTUU9IiIKaWYgW1sgIiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX0JPVU5EfSIgPT0gInRydWUiIF1dOyB0aGVuCiAgICBFTlRJVExFTUVOVF9WT0xVTUU9Ii0tdm9sdW1lICR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEh9Oi9ldGMvcGtpL2VudGl0bGVtZW50IgpmaQoKIwojIEJ1aWxkCiMKCnBoYXNlICJCdWlsZGluZyAnJHtQQVJBTVNfSU1BR0V9JyBiYXNlZCBvbiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCltbIC1uICIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX0JVSUxEX0VYVFJBX0FSR1N9JyIKCl9idWlsZGFoIGJ1ZCAke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSBcCiAgICAkRU5USVRMRU1FTlRfVk9MVU1FIFwKICAgICIke0JVSUxEX0FSR1NbQF19IiBcCiAgICAtLWZpbGU9IiR7RE9DS0VSRklMRV9GVUxMfSIgXAogICAgLS10YWc9IiR7UEFSQU1TX0lNQUdFfSIgXAogICAgIiR7UEFSQU1TX0NPTlRFWFR9IgoKaWYgW1sgIiR7UEFSQU1TX1NLSVBfUFVTSH0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgcGhhc2UgIlNraXBwaW5nIHB1c2hpbmcgJyR7UEFSQU1TX0lNQUdFfScgdG8gdGhlIGNvbnRhaW5lciByZWdpc3RyeSEiCiAgICBleGl0IDAKZmkKCiMKIyBQdXNoCiMKCnBoYXNlICJQdXNoaW5nICcke1BBUkFNU19JTUFHRX0nIHRvIHRoZSBjb250YWluZXIgcmVnaXN0cnkiCgpbWyAtbiAiJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX1BVU0hfRVhUUkFfQVJHU30nIgoKIyB0ZW1wb3JhcnkgZmlsZSB0byBzdG9yZSB0aGUgaW1hZ2UgZGlnZXN0LCBpbmZvcm1hdGlvbiBvbmx5IG9idGFpbmVkIGFmdGVyIHB1c2hpbmcgdGhlIGltYWdlIHRvIHRoZQojIGNvbnRhaW5lciByZWdpc3RyeQpkZWNsYXJlIC1yIGRpZ2VzdF9maWxlPSIvdG1wL2J1aWxkYWgtZGlnZXN0LnR4dCIKCl9idWlsZGFoIHB1c2ggJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSBcCiAgICAtLWRpZ2VzdGZpbGU9IiR7ZGlnZXN0X2ZpbGV9IiBcCiAgICAiJHtQQVJBTVNfSU1BR0V9IiBcCiAgICAiZG9ja2VyOi8vJHtQQVJBTVNfSU1BR0V9IgoKIwojIFJlc3VsdHMKIwoKcGhhc2UgIkluc3BlY3RpbmcgZGlnZXN0IHJlcG9ydCAoJyR7ZGlnZXN0X2ZpbGV9JykiCgpbWyAhIC1yICIke2RpZ2VzdF9maWxlfSIgXV0gJiYKICAgIGZhaWwgIlVuYWJsZSB0byBmaW5kIGRpZ2VzdC1maWxlIGF0ICcke2RpZ2VzdF9maWxlfSciCgpkZWNsYXJlIC1yIGRpZ2VzdF9zdW09IiQoY2F0ICR7ZGlnZXN0X2ZpbGV9KSIKCltbIC16ICIke2RpZ2VzdF9zdW19IiBdXSAmJgogICAgZmFpbCAiRGlnZXN0IGZpbGUgJyR7ZGlnZXN0X2ZpbGV9JyBpcyBlbXB0eSEiCgpwaGFzZSAiU3VjY2Vzc2Z1bHkgYnVpbHQgY29udGFpbmVyIGltYWdlICcke1BBUkFNU19JTUFHRX0nICgnJHtkaWdlc3Rfc3VtfScpIgplY2hvIC1uICIke1BBUkFNU19JTUFHRX0iIHwgdGVlICR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSH0KZWNobyAtbiAiJHtkaWdlc3Rfc3VtfSIgfCB0ZWUgJHtSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIfQo=" |base64 -d >"/scripts/buildah-bud.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKZGVjbGFyZSAtcnggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKZGVjbGFyZSAtcnggUEFSQU1TX0RPQ0tFUkZJTEU9IiR7UEFSQU1TX0RPQ0tFUkZJTEU6LX0iCmRlY2xhcmUgLXggUEFSQU1TX0NPTlRFWFQ9IiR7UEFSQU1TX0NPTlRFWFQ6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TVE9SQUdFX0RSSVZFUj0iJHtQQVJBTVNfU1RPUkFHRV9EUklWRVI6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19CVUlMRF9FWFRSQV9BUkdTPSIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTOi19IgpkZWNsYXJlIC1yeCBQQVJBTVNfUFVTSF9FWFRSQV9BUkdTPSIke1BBUkFNU19QVVNIX0VYVFJBX0FSR1M6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TS0lQX1BVU0g9IiR7UEFSQU1TX1NLSVBfUFVTSDotfSIKZGVjbGFyZSAtcnggUEFSQU1TX1RMU19WRVJJRlk9IiR7UEFSQU1TX1RMU19WRVJJRlk6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19WRVJCT1NFPSIke1BBUkFNU19WRVJCT1NFOi19IgoKZGVjbGFyZSAtcnggV09SS1NQQUNFU19TT1VSQ0VfUEFUSD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg9IiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFdPUktTUEFDRVNfUkhFTF9FTlRJVExFTUVOVF9CT1VORD0iJHtXT1JLU1BBQ0VTX1JIRUxfRU5USVRMRU1FTlRfQk9VTkQ6LX0iCgpkZWNsYXJlIC1yeCBSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIPSIke1JFU1VMVFNfSU1BR0VfRElHRVNUX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFJFU1VMVFNfSU1BR0VfVVJMX1BBVEg9IiR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSDotfSIKCiMKIyBEb2NrZXJmaWxlCiMKCiMgZXhwb3NpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUsIHdoaWNoIGJ5IGRlZmF1bHQgc2hvdWxkIGJlIHJlbGF0aXZlIHRvIHRoZSBwcmltYXJ5CiMgd29ya3NwYWNlLCB0byByZWNlaXZlIGEgZGlmZmVyZW50IGNvbnRhaW5lci1maWxlIGxvY2F0aW9uCmRlY2xhcmUgLXIgZG9ja2VyZmlsZV9vbl93cz0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19ET0NLRVJGSUxFfSIKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7RE9DS0VSRklMRV9GVUxMOi0ke2RvY2tlcmZpbGVfb25fd3N9fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKW1sgLXogIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgInVuYWJsZSB0byBmaW5kIHRoZSBEb2NrZXJmaWxlLCBET0NLRVJGSUxFIG1heSBoYXZlIGFuIGluY29ycmVjdCBsb2NhdGlvbiIKCmV4cG9ydGVkX29yX2ZhaWwgXAogICAgV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBcCiAgICBQQVJBTVNfSU1BR0UKCiMKIyBWZXJib3NlIE91dHB1dAojCgppZiBbWyAiJHtQQVJBTVNfVkVSQk9TRX0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgc2V0IC14CmZpCg==" |base64 -d >"/scripts/buildah-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + ls /scripts/buildah-*.sh; + chmod +x /scripts/buildah-*.sh; + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVXNlcyB0aGUgRG9ja2VyZmlsZSBnZW5lcmF0ZWQgYnkgczJpIHRvIGFzc2VtYmxlIGEgbmV3IGNvbnRhaW5lciBpbWFnZSB1c2luZyBidWlsZGFoLgojCgpzaG9wdCAtcyBpbmhlcml0X2VycmV4aXQKc2V0IC1ldSAtbyBwaXBlZmFpbAoKZGVjbGFyZSAtciBjdXJfZGlyPSIkKGRpcm5hbWUgJHtCQVNIX1NPVVJDRVswXX0pIgoKc291cmNlICIke2N1cl9kaXJ9L2NvbW1vbi5zaCIKc291cmNlICIke2N1cl9kaXJ9L3MyaS1jb21tb24uc2giCgojIGxvYWRpbmcgYnVpbGRhaCBzZXR0aW5ncyBvdmVyd3JpdHRpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7UzJJX0RPQ0tFUkZJTEV9Igpzb3VyY2UgIiR7Y3VyX2Rpcn0vYnVpbGRhaC1jb21tb24uc2giCgpwaGFzZSAiQ2hhbmdpbmcgJFBBUkFNU19DT05URVhUIHRvIHBvaW50IHRvIHByZXNlbnQgd29ya2luZyBkaXJlY3RvcnkiCltbICIkUEFSQU1TX0NPTlRFWFQiICE9ICIuIiBdXSAmJiAKICAgIFBBUkFNU19DT05URVhUPSIuIgoKcGhhc2UgIkluc3BlY3RpbmcgY29udGV4dCAnJHtQQVJBTVNfQ09OVEVYVH0nIgpbWyAhIC1kICIke1BBUkFNU19DT05URVhUfSIgXV0gJiYKICAgIGZhaWwgIkFwcGxpY2F0aW9uIHNvdXJjZSBjb2RlIGRpcmVjdG9yeSBub3QgZm91bmQgYXQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKCnBoYXNlICJCdWlsZGluZyB0aGUgRG9ja2VyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyB3aXRoIGJ1aWxkYWgiCmV4ZWMgJHtjdXJfZGlyfS9idWlsZGFoLWJ1ZC5zaAo=" |base64 -d >"/scripts/s2i-build.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0YXJnZXQgaW1hZ2UgbmFtZSAoZnVsbHkgcXVhbGlmaWVkKSB0byBiZSBidWlsZCB3aXRoIHMyaSwgcmVkZWNsYXJpbmcgdGhlIHNhbWUgcGFyYW1ldGVyIG5hbWUgdGhhbgojIGJ1aWxkYWggdGFzayB1c2VzCmRlY2xhcmUgLXggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKIyBTcGVjaWZ5IGEgVVJMIGNvbnRhaW5pbmcgdGhlIGRlZmF1bHQgYXNzZW1ibGUgYW5kIHJ1biBzY3JpcHRzIGZvciB0aGUgYnVpbGRlciBpbWFnZQpkZWNsYXJlIC1yeCBQQVJBTVNfSU1BR0VfU0NSSVBUU19VUkw9IiR7UEFSQU1TX0lNQUdFX1NDUklQVFNfVVJMOi19IgoKIyB2b2x1bWUgbW91bnQgb3IgZGlyZWN0b3J5IHJlc3BvbnNpYmxlIGZvciBob2xkaW5nIGZpbGVzIAojIGxpa2UgZW52LCBEb2NrZXJmaWxlIGFuZCBhbnkgb3RoZXJzIG5lZWRlZCB0byBzdXBwb3J0IHMyaQpkZWNsYXJlIC1yeCBTMklfR0VORVJBVEVfRElSRUNUT1JZPSIke1MySV9HRU5FUkFURV9ESVJFQ1RPUlk6LS9zMmktZ2VuZXJhdGV9IgoKIyBmdWxsIHBhdGggdG8gdGhlIGNvbnRhaW5lciBmaWxlIGdlbmVyYXRlZCBieSBzMmkKZGVjbGFyZSAtcnggUzJJX0RPQ0tFUkZJTEU9IiR7UzJJX0RPQ0tFUkZJTEU6LSR7UzJJX0dFTkVSQVRFX0RJUkVDVE9SWX0vRG9ja2VyZmlsZS5nZW59IgoKIyBmdWxsIHBhdGggdG8gdGhlIGVudiBmaWxlIHVzZWQgd2l0aCB0aGUgLS1lbnZpcm9ubWVudC1maWxlIHBhcmFtZXRlciBvZiBzMmkKZGVjbGFyZSAtcnggUzJJX0VOVklST05NRU5UX0ZJTEU9IiR7UzJJX0VOVklST05NRU5UX0ZJTEU6LSR7UzJJX0dFTkVSQVRFX0RJUkVDVE9SWX0vZW52fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKZXhwb3J0ZWRfb3JfZmFpbCBcCiAgICBXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIIFwKICAgIFBBUkFNU19JTUFHRQoKIwojIFZlcmJvc2UgT3V0cHV0CiMKCmRlY2xhcmUgLXggUzJJX0xPR0xFVkVMPSIwIgoKaWYgW1sgIiR7UEFSQU1TX1ZFUkJPU0V9IiA9PSAidHJ1ZSIgXV07IHRoZW4KICAgIFMySV9MT0dMRVZFTD0iMiIKICAgIHNldCAteApmaQo=" |base64 -d >"/scripts/s2i-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVXNlcyBzMmkgdG8gZ2VuZXJhdGUgdGhlIHJlcGVzY3RpdmUgQ29udGFpbmVyZmlsZSBiYXNlZCBvbiB0aGUgaW5mb21yZWQgYnVpbGRlci4gVGhlIENvbnRhaW5lcmZpbGUKIyBpcyBzdG9yZWQgb24gYSB0ZW1wb3JhcnkgbG9jYXRpb24uCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvczJpLWNvbW1vbi5zaCIKCiMgczJpIGJ1aWxkZXIgaW1hZ2UgbmFtZSAoZnVsbHkgcXVhbGlmaWVkKQpkZWNsYXJlIC1yeCBTMklfQlVJTERFUl9JTUFHRT0iJHtTMklfQlVJTERFUl9JTUFHRTotfSIKCiMgdGFrZXMgdGhlIHZhbHVlcyBpbiBhcmd1bWVudCBFTlZfVkFSUyBhbmQgY3JlYXRlcyBhbiBhcnJheSB1c2luZyB0aG9zZSB2YWx1ZXMKZGVjbGFyZSAtcmEgRU5WX1ZBUlM9KCR7QH0pCgojIHJlLXVzaW5nIHRoZSBzYW1lIHBhcmFtZXRlcnMgdGhhbiBidWlsZGFoLCBzMmkgbmVlZHMgYnVpbGRhaCBhYmlsaXRpZXMgdG8gY3JlYXRlIHRoZSBmaW5hbAojIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiB3aGF0IHMyaSBnZW5lcmF0ZXMKc291cmNlICIkKGRpcm5hbWUgJHtCQVNIX1NPVVJDRVswXX0pL2J1aWxkYWgtY29tbW9uLnNoIgoKIwojIFByZXBhcmUKIwoKIyBtYWtpbmcgc3VyZSB0aGUgcmVxdWlyZWQgd29ya3NwYWNlICJzb3VyY2UiIGlzIGJvdW5kZWQsIHdoaWNoIG1lYW5zIGl0cyB2b2x1bWUgaXMgY3VycmVudGx5IG1vdW50ZWQKIyBhbmQgcmVhZHkgdG8gdXNlCnBoYXNlICJJbnNwZWN0aW5nIHNvdXJjZSB3b3Jrc3BhY2UgJyR7V09SS1NQQUNFU19TT1VSQ0VfUEFUSH0nIChQV0Q9JyR7UFdEfScpIgpbWyAiJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORH0iICE9ICJ0cnVlIiBdXSAmJgogICAgZmFpbCAiV29ya3NwYWNlICdzb3VyY2UnIGlzIG5vdCBib3VuZGVkIgoKcGhhc2UgIkFwcGVuZGluZyAkUEFSQU1TX0NPTlRFWFQgd2l0aCAkV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBpZiBpdCdzIHJlbGF0aXZlIgpbWyAiJFBBUkFNU19DT05URVhUIiAhPSAiLiIgJiYgIiRQQVJBTVNfQ09OVEVYVCIgIT0gLyogXV0gJiYgCiAgICBQQVJBTVNfQ09OVEVYVD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19DT05URVhUfSIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJBcHBsaWNhdGlvbiBzb3VyY2UgY29kZSBkaXJlY3Rvcnkgbm90IGZvdW5kIGF0ICcke1BBUkFNU19DT05URVhUfSciCgpwaGFzZSAiQWRkaW5nIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdG8gJyR7UzJJX0VOVklST05NRU5UX0ZJTEV9JyIKCiMgYWRkIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdGhhdCBhcmUgc2VudCBhcyBjb21tYW5kIGxpbmUgYXJndW1lbnRzIGZyb20gRU5WX1ZBUlMgcGFyYW1ldGVyCnRvdWNoICIke1MySV9FTlZJUk9OTUVOVF9GSUxFfSIKaWYgWyAkeyNFTlZfVkFSU1tAXX0gLWd0IDAgXTsgdGhlbgogICAgZm9yIGVudl92YXIgaW4gIiR7RU5WX1ZBUlNbQF19IjsgZG8KICAgICAgICBlY2hvICIke2Vudl92YXJ9IiA+PiAiJHtTMklfRU5WSVJPTk1FTlRfRklMRX0iCiAgICBkb25lCmZpCgojCiMgUzJJIEdlbmVyYXRlCiMKCnBoYXNlICJHZW5lcmF0aW5nIHRoZSBEb2NrZXJmaWxlIGZvciBTMkkgYnVpbGRlciBpbWFnZSAnJHtTMklfQlVJTERFUl9JTUFHRX0nIgpzMmkgLS1sb2dsZXZlbCAiJHtTMklfTE9HTEVWRUx9IiBcCiAgICBidWlsZCAiJHtQQVJBTVNfQ09OVEVYVH0iICIke1MySV9CVUlMREVSX0lNQUdFfSIgXAogICAgICAgIC0taW1hZ2Utc2NyaXB0cy11cmwgIiR7UEFSQU1TX0lNQUdFX1NDUklQVFNfVVJMfSIgXAogICAgICAgIC0tYXMtZG9ja2VyZmlsZSAiJHtTMklfRE9DS0VSRklMRX0iIFwKICAgICAgICAtLWVudmlyb25tZW50LWZpbGUgIiR7UzJJX0VOVklST05NRU5UX0ZJTEV9IgoKcGhhc2UgIkluc3BlY3RpbmcgdGhlIERvY2tlcmZpbGUgZ2VuZXJhdGVkIGF0ICcke1MySV9ET0NLRVJGSUxFfSciCltbICEgLWYgIiR7UzJJX0RPQ0tFUkZJTEV9IiBdXSAmJgogICAgZmFpbCAiR2VuZXJhdGVkIERvY2tlcmZpbGUgaXMgbm90IGZvdW5kISIKCnNldCAreApwaGFzZSAiR2VuZXJhdGVkIERvY2tlcmZpbGUgcGF5bG9hZCIKZWNobyAtZW4gIj4+PiAke1MySV9ET0NLRVJGSUxFfVxuJChjYXQgJHtTMklfRE9DS0VSRklMRX0pXG48PDwgRU9GXG4iCg==" |base64 -d >"/scripts/s2i-generate.sh" + ls /scripts/s2i-*.sh; + chmod +x /scripts/s2i-*.sh;echo "Running Script /scripts/s2i-generate.sh"; + /scripts/s2i-generate.sh; + args: + - "$(params.ENV_VARS[*])" + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: s2i-generate-dir + mountPath: /s2i-generate + + - name: s2i-build + image: registry.access.redhat.com/ubi8/buildah:8.10-5 + workingDir: /s2i-generate + command: + - /scripts/s2i-build.sh + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: s2i-generate-dir + mountPath: /s2i-generate + + volumes: + - name: scripts-dir + emptyDir: {} + - name: s2i-generate-dir + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-s2i-nodejs/task-s2i-nodejs-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-s2i-nodejs/task-s2i-nodejs-task.yaml new file mode 100644 index 0000000000..f67f06533b --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-s2i-nodejs/task-s2i-nodejs-task.yaml @@ -0,0 +1,197 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-s2i-nodejs/0.4.1/task-s2i-nodejs.yaml +# +--- +--- +# Source: task-containers/templates/task-s2i-nodejs.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: s2i-nodejs + labels: + app.kubernetes.io/version: 0.4.1 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-containers" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/categories: containers + tekton.dev/pipelines.minVersion: 0.41.0 + tekton.dev/tags: containers +spec: + description: | + Builds the source code using the s2i's Nodejs builder-image + "image-registry.openshift-image-registry.svc:5000/openshift/nodejs". + + + workspaces: + - name: source + optional: false + description: | + Application source code, the build context for S2I workflow. + - name: dockerconfig + optional: true + description: >- + An optional workspace that allows providing a .docker/config.json file for Buildah to access the container registry. + The file should be placed at the root of the Workspace with name config.json. + + params: + - name: IMAGE + type: string + description: | + Fully qualified container image name to be built by s2i. + - name: VERSION + description: The tag of the imagestream for the corresponding language version + default: latest + type: string + - name: IMAGE_SCRIPTS_URL + type: string + default: image:///usr/libexec/s2i + description: | + Specify a URL containing the default assemble and run scripts for the builder image + - name: ENV_VARS + type: array + default: [] + description: | + Array containing string of Environment Variables as "KEY=VALUE" + - name: CONTEXT + type: string + default: "." + description: | + Path to the directory to use as context. + - name: STORAGE_DRIVER + type: string + default: vfs + description: | + Set buildah storage driver to reflect the currrent cluster node's + settings. + - name: FORMAT + description: The format of the built container, oci or docker + default: "oci" + - name: BUILD_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the build command when building images. + - name: PUSH_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the push command when pushing images. + - name: SKIP_PUSH + default: "false" + description: | + Skip pushing the image to the container registry. + - name: TLS_VERIFY + type: string + default: "true" + description: | + Sets the TLS verification flag, `true` is recommended. + - name: VERBOSE + type: string + default: "false" + description: | + Turns on verbose logging, all commands executed will be printed out. + + results: + - name: IMAGE_URL + description: | + Fully qualified image name. + - name: IMAGE_DIGEST + description: | + Digest of the image just built. + + stepTemplate: + env: + + - name: PARAMS_IMAGE + value: "$(params.IMAGE)" + - name: PARAMS_VERSION + value: "$(params.VERSION)" + - name: PARAMS_IMAGE_SCRIPTS_URL + value: "$(params.IMAGE_SCRIPTS_URL)" + - name: PARAMS_CONTEXT + value: "$(params.CONTEXT)" + - name: PARAMS_FORMAT + value: "$(params.FORMAT)" + - name: PARAMS_STORAGE_DRIVER + value: "$(params.STORAGE_DRIVER)" + - name: PARAMS_BUILD_EXTRA_ARGS + value: "$(params.BUILD_EXTRA_ARGS)" + - name: PARAMS_PUSH_EXTRA_ARGS + value: "$(params.PUSH_EXTRA_ARGS)" + - name: PARAMS_SKIP_PUSH + value: "$(params.SKIP_PUSH)" + - name: PARAMS_TLS_VERIFY + value: "$(params.TLS_VERIFY)" + - name: PARAMS_VERBOSE + value: "$(params.VERBOSE)" + - name: WORKSPACES_SOURCE_BOUND + value: "$(workspaces.source.bound)" + - name: WORKSPACES_SOURCE_PATH + value: "$(workspaces.source.path)" + - name: WORKSPACES_DOCKERCONFIG_BOUND + value: "$(workspaces.dockerconfig.bound)" + - name: WORKSPACES_DOCKERCONFIG_PATH + value: "$(workspaces.dockerconfig.path)" + - name: RESULTS_IMAGE_URL_PATH + value: "$(results.IMAGE_URL.path)" + - name: RESULTS_IMAGE_DIGEST_PATH + value: "$(results.IMAGE_DIGEST.path)" + + steps: + - name: s2i-generate + image: registry.access.redhat.com/source-to-image/source-to-image-rhel8:v1.3.9-6 + workingDir: $(workspaces.source.path) + env: + - name: S2I_BUILDER_IMAGE + value: "image-registry.openshift-image-registry.svc:5000/openshift/nodejs:$(params.VERSION)" + script: | + set -e + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgV3JhcHBlciBhcm91bmQgImJ1aWxkYWggYnVkIiB0byBidWlsZCBhbmQgcHVzaCBhIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiBhIERvY2tlcmZpbGUuCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvYnVpbGRhaC1jb21tb24uc2giCgpmdW5jdGlvbiBfYnVpbGRhaCgpIHsKICAgIGJ1aWxkYWggXAogICAgICAgIC0tc3RvcmFnZS1kcml2ZXI9IiR7UEFSQU1TX1NUT1JBR0VfRFJJVkVSfSIgXAogICAgICAgIC0tdGxzLXZlcmlmeT0iJHtQQVJBTVNfVExTX1ZFUklGWX0iIFwKICAgICAgICAkeyp9Cn0KCiMKIyBQcmVwYXJlCiMKCiMgbWFraW5nIHN1cmUgdGhlIHJlcXVpcmVkIHdvcmtzcGFjZSAic291cmNlIiBpcyBib3VuZGVkLCB3aGljaCBtZWFucyBpdHMgdm9sdW1lIGlzIGN1cnJlbnRseSBtb3VudGVkCiMgYW5kIHJlYWR5IHRvIHVzZQpwaGFzZSAiSW5zcGVjdGluZyBzb3VyY2Ugd29ya3NwYWNlICcke1dPUktTUEFDRVNfU09VUkNFX1BBVEh9JyAoUFdEPScke1BXRH0nKSIKW1sgIiR7V09SS1NQQUNFU19TT1VSQ0VfQk9VTkR9IiAhPSAidHJ1ZSIgXV0gJiYKICAgIGZhaWwgIldvcmtzcGFjZSAnc291cmNlJyBpcyBub3QgYm91bmRlZCIKCnBoYXNlICJBc3NlcnRpbmcgdGhlIGRvY2tlcmZpbGUvY29udGFpbmVyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyBleGlzdHMiCltbICEgLWYgIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgIkRvY2tlcmZpbGUgbm90IGZvdW5kIGF0OiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJDT05URVhUIHBhcmFtIGlzIG5vdCBmb3VuZCBhdCAnJHtQQVJBTVNfQ09OVEVYVH0nLCBvbiBzb3VyY2Ugd29ya3NwYWNlIgoKcGhhc2UgIkJ1aWxkaW5nIGJ1aWxkIGFyZ3MiCkJVSUxEX0FSR1M9KCkKZm9yIGJ1aWxkYXJnIGluICIkQCI7IGRvCiAgICBCVUlMRF9BUkdTKz0oIi0tYnVpbGQtYXJnPSRidWlsZGFyZyIpCmRvbmUKCiMgSGFuZGxlIG9wdGlvbmFsIGRvY2tlcmNvbmZpZyBzZWNyZXQKaWYgW1sgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfQk9VTkR9IiA9PSAidHJ1ZSIgXV07IHRoZW4KCiAgICAjIGlmIGNvbmZpZy5qc29uIGV4aXN0cyBhdCB3b3Jrc3BhY2Ugcm9vdCwgd2UgdXNlIHRoYXQKICAgIGlmIHRlc3QgLWYgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0vY29uZmlnLmpzb24iOyB0aGVuCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0iCgogICAgICAgICMgZWxzZSB3ZSBsb29rIGZvciAuZG9ja2VyY29uZmlnanNvbiBhdCB0aGUgcm9vdAogICAgZWxpZiB0ZXN0IC1mICIke1dPUktTUEFDRVNfRE9DS0VSQ09ORklHX1BBVEh9Ly5kb2NrZXJjb25maWdqc29uIjsgdGhlbgogICAgICAgICMgZW5zdXJlIC5kb2NrZXIgZXhpc3QgYmVmb3JlIHRoZSBjb3B5aW5nIHRoZSBjb250ZW50CiAgICAgICAgaWYgWyAhIC1kICIkSE9NRS8uZG9ja2VyIiBdOyB0aGVuCiAgICAgICAgICAgbWtkaXIgLXAgIiRIT01FLy5kb2NrZXIiCiAgICAgICAgZmkKICAgICAgICBjcCAiJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIfS8uZG9ja2VyY29uZmlnanNvbiIgIiRIT01FLy5kb2NrZXIvY29uZmlnLmpzb24iCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiRIT01FLy5kb2NrZXIiCgogICAgICAgICMgbmVlZCB0byBlcnJvciBvdXQgaWYgbmVpdGhlciBmaWxlcyBhcmUgcHJlc2VudAogICAgZWxzZQogICAgICAgIGVjaG8gIm5laXRoZXIgJ2NvbmZpZy5qc29uJyBub3IgJy5kb2NrZXJjb25maWdqc29uJyBmb3VuZCBhdCB3b3Jrc3BhY2Ugcm9vdCIKICAgICAgICBleGl0IDEKICAgIGZpCmZpCgpFTlRJVExFTUVOVF9WT0xVTUU9IiIKaWYgW1sgIiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX0JPVU5EfSIgPT0gInRydWUiIF1dOyB0aGVuCiAgICBFTlRJVExFTUVOVF9WT0xVTUU9Ii0tdm9sdW1lICR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEh9Oi9ldGMvcGtpL2VudGl0bGVtZW50IgpmaQoKIwojIEJ1aWxkCiMKCnBoYXNlICJCdWlsZGluZyAnJHtQQVJBTVNfSU1BR0V9JyBiYXNlZCBvbiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCltbIC1uICIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX0JVSUxEX0VYVFJBX0FSR1N9JyIKCl9idWlsZGFoIGJ1ZCAke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSBcCiAgICAkRU5USVRMRU1FTlRfVk9MVU1FIFwKICAgICIke0JVSUxEX0FSR1NbQF19IiBcCiAgICAtLWZpbGU9IiR7RE9DS0VSRklMRV9GVUxMfSIgXAogICAgLS10YWc9IiR7UEFSQU1TX0lNQUdFfSIgXAogICAgIiR7UEFSQU1TX0NPTlRFWFR9IgoKaWYgW1sgIiR7UEFSQU1TX1NLSVBfUFVTSH0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgcGhhc2UgIlNraXBwaW5nIHB1c2hpbmcgJyR7UEFSQU1TX0lNQUdFfScgdG8gdGhlIGNvbnRhaW5lciByZWdpc3RyeSEiCiAgICBleGl0IDAKZmkKCiMKIyBQdXNoCiMKCnBoYXNlICJQdXNoaW5nICcke1BBUkFNU19JTUFHRX0nIHRvIHRoZSBjb250YWluZXIgcmVnaXN0cnkiCgpbWyAtbiAiJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX1BVU0hfRVhUUkFfQVJHU30nIgoKIyB0ZW1wb3JhcnkgZmlsZSB0byBzdG9yZSB0aGUgaW1hZ2UgZGlnZXN0LCBpbmZvcm1hdGlvbiBvbmx5IG9idGFpbmVkIGFmdGVyIHB1c2hpbmcgdGhlIGltYWdlIHRvIHRoZQojIGNvbnRhaW5lciByZWdpc3RyeQpkZWNsYXJlIC1yIGRpZ2VzdF9maWxlPSIvdG1wL2J1aWxkYWgtZGlnZXN0LnR4dCIKCl9idWlsZGFoIHB1c2ggJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSBcCiAgICAtLWRpZ2VzdGZpbGU9IiR7ZGlnZXN0X2ZpbGV9IiBcCiAgICAiJHtQQVJBTVNfSU1BR0V9IiBcCiAgICAiZG9ja2VyOi8vJHtQQVJBTVNfSU1BR0V9IgoKIwojIFJlc3VsdHMKIwoKcGhhc2UgIkluc3BlY3RpbmcgZGlnZXN0IHJlcG9ydCAoJyR7ZGlnZXN0X2ZpbGV9JykiCgpbWyAhIC1yICIke2RpZ2VzdF9maWxlfSIgXV0gJiYKICAgIGZhaWwgIlVuYWJsZSB0byBmaW5kIGRpZ2VzdC1maWxlIGF0ICcke2RpZ2VzdF9maWxlfSciCgpkZWNsYXJlIC1yIGRpZ2VzdF9zdW09IiQoY2F0ICR7ZGlnZXN0X2ZpbGV9KSIKCltbIC16ICIke2RpZ2VzdF9zdW19IiBdXSAmJgogICAgZmFpbCAiRGlnZXN0IGZpbGUgJyR7ZGlnZXN0X2ZpbGV9JyBpcyBlbXB0eSEiCgpwaGFzZSAiU3VjY2Vzc2Z1bHkgYnVpbHQgY29udGFpbmVyIGltYWdlICcke1BBUkFNU19JTUFHRX0nICgnJHtkaWdlc3Rfc3VtfScpIgplY2hvIC1uICIke1BBUkFNU19JTUFHRX0iIHwgdGVlICR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSH0KZWNobyAtbiAiJHtkaWdlc3Rfc3VtfSIgfCB0ZWUgJHtSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIfQo=" |base64 -d >"/scripts/buildah-bud.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKZGVjbGFyZSAtcnggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKZGVjbGFyZSAtcnggUEFSQU1TX0RPQ0tFUkZJTEU9IiR7UEFSQU1TX0RPQ0tFUkZJTEU6LX0iCmRlY2xhcmUgLXggUEFSQU1TX0NPTlRFWFQ9IiR7UEFSQU1TX0NPTlRFWFQ6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TVE9SQUdFX0RSSVZFUj0iJHtQQVJBTVNfU1RPUkFHRV9EUklWRVI6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19CVUlMRF9FWFRSQV9BUkdTPSIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTOi19IgpkZWNsYXJlIC1yeCBQQVJBTVNfUFVTSF9FWFRSQV9BUkdTPSIke1BBUkFNU19QVVNIX0VYVFJBX0FSR1M6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TS0lQX1BVU0g9IiR7UEFSQU1TX1NLSVBfUFVTSDotfSIKZGVjbGFyZSAtcnggUEFSQU1TX1RMU19WRVJJRlk9IiR7UEFSQU1TX1RMU19WRVJJRlk6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19WRVJCT1NFPSIke1BBUkFNU19WRVJCT1NFOi19IgoKZGVjbGFyZSAtcnggV09SS1NQQUNFU19TT1VSQ0VfUEFUSD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg9IiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFdPUktTUEFDRVNfUkhFTF9FTlRJVExFTUVOVF9CT1VORD0iJHtXT1JLU1BBQ0VTX1JIRUxfRU5USVRMRU1FTlRfQk9VTkQ6LX0iCgpkZWNsYXJlIC1yeCBSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIPSIke1JFU1VMVFNfSU1BR0VfRElHRVNUX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFJFU1VMVFNfSU1BR0VfVVJMX1BBVEg9IiR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSDotfSIKCiMKIyBEb2NrZXJmaWxlCiMKCiMgZXhwb3NpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUsIHdoaWNoIGJ5IGRlZmF1bHQgc2hvdWxkIGJlIHJlbGF0aXZlIHRvIHRoZSBwcmltYXJ5CiMgd29ya3NwYWNlLCB0byByZWNlaXZlIGEgZGlmZmVyZW50IGNvbnRhaW5lci1maWxlIGxvY2F0aW9uCmRlY2xhcmUgLXIgZG9ja2VyZmlsZV9vbl93cz0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19ET0NLRVJGSUxFfSIKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7RE9DS0VSRklMRV9GVUxMOi0ke2RvY2tlcmZpbGVfb25fd3N9fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKW1sgLXogIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgInVuYWJsZSB0byBmaW5kIHRoZSBEb2NrZXJmaWxlLCBET0NLRVJGSUxFIG1heSBoYXZlIGFuIGluY29ycmVjdCBsb2NhdGlvbiIKCmV4cG9ydGVkX29yX2ZhaWwgXAogICAgV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBcCiAgICBQQVJBTVNfSU1BR0UKCiMKIyBWZXJib3NlIE91dHB1dAojCgppZiBbWyAiJHtQQVJBTVNfVkVSQk9TRX0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgc2V0IC14CmZpCg==" |base64 -d >"/scripts/buildah-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + ls /scripts/buildah-*.sh; + chmod +x /scripts/buildah-*.sh; + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVXNlcyB0aGUgRG9ja2VyZmlsZSBnZW5lcmF0ZWQgYnkgczJpIHRvIGFzc2VtYmxlIGEgbmV3IGNvbnRhaW5lciBpbWFnZSB1c2luZyBidWlsZGFoLgojCgpzaG9wdCAtcyBpbmhlcml0X2VycmV4aXQKc2V0IC1ldSAtbyBwaXBlZmFpbAoKZGVjbGFyZSAtciBjdXJfZGlyPSIkKGRpcm5hbWUgJHtCQVNIX1NPVVJDRVswXX0pIgoKc291cmNlICIke2N1cl9kaXJ9L2NvbW1vbi5zaCIKc291cmNlICIke2N1cl9kaXJ9L3MyaS1jb21tb24uc2giCgojIGxvYWRpbmcgYnVpbGRhaCBzZXR0aW5ncyBvdmVyd3JpdHRpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7UzJJX0RPQ0tFUkZJTEV9Igpzb3VyY2UgIiR7Y3VyX2Rpcn0vYnVpbGRhaC1jb21tb24uc2giCgpwaGFzZSAiQ2hhbmdpbmcgJFBBUkFNU19DT05URVhUIHRvIHBvaW50IHRvIHByZXNlbnQgd29ya2luZyBkaXJlY3RvcnkiCltbICIkUEFSQU1TX0NPTlRFWFQiICE9ICIuIiBdXSAmJiAKICAgIFBBUkFNU19DT05URVhUPSIuIgoKcGhhc2UgIkluc3BlY3RpbmcgY29udGV4dCAnJHtQQVJBTVNfQ09OVEVYVH0nIgpbWyAhIC1kICIke1BBUkFNU19DT05URVhUfSIgXV0gJiYKICAgIGZhaWwgIkFwcGxpY2F0aW9uIHNvdXJjZSBjb2RlIGRpcmVjdG9yeSBub3QgZm91bmQgYXQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKCnBoYXNlICJCdWlsZGluZyB0aGUgRG9ja2VyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyB3aXRoIGJ1aWxkYWgiCmV4ZWMgJHtjdXJfZGlyfS9idWlsZGFoLWJ1ZC5zaAo=" |base64 -d >"/scripts/s2i-build.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0YXJnZXQgaW1hZ2UgbmFtZSAoZnVsbHkgcXVhbGlmaWVkKSB0byBiZSBidWlsZCB3aXRoIHMyaSwgcmVkZWNsYXJpbmcgdGhlIHNhbWUgcGFyYW1ldGVyIG5hbWUgdGhhbgojIGJ1aWxkYWggdGFzayB1c2VzCmRlY2xhcmUgLXggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKIyBTcGVjaWZ5IGEgVVJMIGNvbnRhaW5pbmcgdGhlIGRlZmF1bHQgYXNzZW1ibGUgYW5kIHJ1biBzY3JpcHRzIGZvciB0aGUgYnVpbGRlciBpbWFnZQpkZWNsYXJlIC1yeCBQQVJBTVNfSU1BR0VfU0NSSVBUU19VUkw9IiR7UEFSQU1TX0lNQUdFX1NDUklQVFNfVVJMOi19IgoKIyB2b2x1bWUgbW91bnQgb3IgZGlyZWN0b3J5IHJlc3BvbnNpYmxlIGZvciBob2xkaW5nIGZpbGVzIAojIGxpa2UgZW52LCBEb2NrZXJmaWxlIGFuZCBhbnkgb3RoZXJzIG5lZWRlZCB0byBzdXBwb3J0IHMyaQpkZWNsYXJlIC1yeCBTMklfR0VORVJBVEVfRElSRUNUT1JZPSIke1MySV9HRU5FUkFURV9ESVJFQ1RPUlk6LS9zMmktZ2VuZXJhdGV9IgoKIyBmdWxsIHBhdGggdG8gdGhlIGNvbnRhaW5lciBmaWxlIGdlbmVyYXRlZCBieSBzMmkKZGVjbGFyZSAtcnggUzJJX0RPQ0tFUkZJTEU9IiR7UzJJX0RPQ0tFUkZJTEU6LSR7UzJJX0dFTkVSQVRFX0RJUkVDVE9SWX0vRG9ja2VyZmlsZS5nZW59IgoKIyBmdWxsIHBhdGggdG8gdGhlIGVudiBmaWxlIHVzZWQgd2l0aCB0aGUgLS1lbnZpcm9ubWVudC1maWxlIHBhcmFtZXRlciBvZiBzMmkKZGVjbGFyZSAtcnggUzJJX0VOVklST05NRU5UX0ZJTEU9IiR7UzJJX0VOVklST05NRU5UX0ZJTEU6LSR7UzJJX0dFTkVSQVRFX0RJUkVDVE9SWX0vZW52fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKZXhwb3J0ZWRfb3JfZmFpbCBcCiAgICBXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIIFwKICAgIFBBUkFNU19JTUFHRQoKIwojIFZlcmJvc2UgT3V0cHV0CiMKCmRlY2xhcmUgLXggUzJJX0xPR0xFVkVMPSIwIgoKaWYgW1sgIiR7UEFSQU1TX1ZFUkJPU0V9IiA9PSAidHJ1ZSIgXV07IHRoZW4KICAgIFMySV9MT0dMRVZFTD0iMiIKICAgIHNldCAteApmaQo=" |base64 -d >"/scripts/s2i-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVXNlcyBzMmkgdG8gZ2VuZXJhdGUgdGhlIHJlcGVzY3RpdmUgQ29udGFpbmVyZmlsZSBiYXNlZCBvbiB0aGUgaW5mb21yZWQgYnVpbGRlci4gVGhlIENvbnRhaW5lcmZpbGUKIyBpcyBzdG9yZWQgb24gYSB0ZW1wb3JhcnkgbG9jYXRpb24uCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvczJpLWNvbW1vbi5zaCIKCiMgczJpIGJ1aWxkZXIgaW1hZ2UgbmFtZSAoZnVsbHkgcXVhbGlmaWVkKQpkZWNsYXJlIC1yeCBTMklfQlVJTERFUl9JTUFHRT0iJHtTMklfQlVJTERFUl9JTUFHRTotfSIKCiMgdGFrZXMgdGhlIHZhbHVlcyBpbiBhcmd1bWVudCBFTlZfVkFSUyBhbmQgY3JlYXRlcyBhbiBhcnJheSB1c2luZyB0aG9zZSB2YWx1ZXMKZGVjbGFyZSAtcmEgRU5WX1ZBUlM9KCR7QH0pCgojIHJlLXVzaW5nIHRoZSBzYW1lIHBhcmFtZXRlcnMgdGhhbiBidWlsZGFoLCBzMmkgbmVlZHMgYnVpbGRhaCBhYmlsaXRpZXMgdG8gY3JlYXRlIHRoZSBmaW5hbAojIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiB3aGF0IHMyaSBnZW5lcmF0ZXMKc291cmNlICIkKGRpcm5hbWUgJHtCQVNIX1NPVVJDRVswXX0pL2J1aWxkYWgtY29tbW9uLnNoIgoKIwojIFByZXBhcmUKIwoKIyBtYWtpbmcgc3VyZSB0aGUgcmVxdWlyZWQgd29ya3NwYWNlICJzb3VyY2UiIGlzIGJvdW5kZWQsIHdoaWNoIG1lYW5zIGl0cyB2b2x1bWUgaXMgY3VycmVudGx5IG1vdW50ZWQKIyBhbmQgcmVhZHkgdG8gdXNlCnBoYXNlICJJbnNwZWN0aW5nIHNvdXJjZSB3b3Jrc3BhY2UgJyR7V09SS1NQQUNFU19TT1VSQ0VfUEFUSH0nIChQV0Q9JyR7UFdEfScpIgpbWyAiJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORH0iICE9ICJ0cnVlIiBdXSAmJgogICAgZmFpbCAiV29ya3NwYWNlICdzb3VyY2UnIGlzIG5vdCBib3VuZGVkIgoKcGhhc2UgIkFwcGVuZGluZyAkUEFSQU1TX0NPTlRFWFQgd2l0aCAkV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBpZiBpdCdzIHJlbGF0aXZlIgpbWyAiJFBBUkFNU19DT05URVhUIiAhPSAiLiIgJiYgIiRQQVJBTVNfQ09OVEVYVCIgIT0gLyogXV0gJiYgCiAgICBQQVJBTVNfQ09OVEVYVD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19DT05URVhUfSIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJBcHBsaWNhdGlvbiBzb3VyY2UgY29kZSBkaXJlY3Rvcnkgbm90IGZvdW5kIGF0ICcke1BBUkFNU19DT05URVhUfSciCgpwaGFzZSAiQWRkaW5nIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdG8gJyR7UzJJX0VOVklST05NRU5UX0ZJTEV9JyIKCiMgYWRkIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdGhhdCBhcmUgc2VudCBhcyBjb21tYW5kIGxpbmUgYXJndW1lbnRzIGZyb20gRU5WX1ZBUlMgcGFyYW1ldGVyCnRvdWNoICIke1MySV9FTlZJUk9OTUVOVF9GSUxFfSIKaWYgWyAkeyNFTlZfVkFSU1tAXX0gLWd0IDAgXTsgdGhlbgogICAgZm9yIGVudl92YXIgaW4gIiR7RU5WX1ZBUlNbQF19IjsgZG8KICAgICAgICBlY2hvICIke2Vudl92YXJ9IiA+PiAiJHtTMklfRU5WSVJPTk1FTlRfRklMRX0iCiAgICBkb25lCmZpCgojCiMgUzJJIEdlbmVyYXRlCiMKCnBoYXNlICJHZW5lcmF0aW5nIHRoZSBEb2NrZXJmaWxlIGZvciBTMkkgYnVpbGRlciBpbWFnZSAnJHtTMklfQlVJTERFUl9JTUFHRX0nIgpzMmkgLS1sb2dsZXZlbCAiJHtTMklfTE9HTEVWRUx9IiBcCiAgICBidWlsZCAiJHtQQVJBTVNfQ09OVEVYVH0iICIke1MySV9CVUlMREVSX0lNQUdFfSIgXAogICAgICAgIC0taW1hZ2Utc2NyaXB0cy11cmwgIiR7UEFSQU1TX0lNQUdFX1NDUklQVFNfVVJMfSIgXAogICAgICAgIC0tYXMtZG9ja2VyZmlsZSAiJHtTMklfRE9DS0VSRklMRX0iIFwKICAgICAgICAtLWVudmlyb25tZW50LWZpbGUgIiR7UzJJX0VOVklST05NRU5UX0ZJTEV9IgoKcGhhc2UgIkluc3BlY3RpbmcgdGhlIERvY2tlcmZpbGUgZ2VuZXJhdGVkIGF0ICcke1MySV9ET0NLRVJGSUxFfSciCltbICEgLWYgIiR7UzJJX0RPQ0tFUkZJTEV9IiBdXSAmJgogICAgZmFpbCAiR2VuZXJhdGVkIERvY2tlcmZpbGUgaXMgbm90IGZvdW5kISIKCnNldCAreApwaGFzZSAiR2VuZXJhdGVkIERvY2tlcmZpbGUgcGF5bG9hZCIKZWNobyAtZW4gIj4+PiAke1MySV9ET0NLRVJGSUxFfVxuJChjYXQgJHtTMklfRE9DS0VSRklMRX0pXG48PDwgRU9GXG4iCg==" |base64 -d >"/scripts/s2i-generate.sh" + ls /scripts/s2i-*.sh; + chmod +x /scripts/s2i-*.sh;echo "Running Script /scripts/s2i-generate.sh"; + /scripts/s2i-generate.sh; + args: + - "$(params.ENV_VARS[*])" + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: s2i-generate-dir + mountPath: /s2i-generate + + - name: s2i-build + image: registry.access.redhat.com/ubi8/buildah:8.10-5 + workingDir: /s2i-generate + command: + - /scripts/s2i-build.sh + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: s2i-generate-dir + mountPath: /s2i-generate + + volumes: + - name: scripts-dir + emptyDir: {} + - name: s2i-generate-dir + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-s2i-perl/task-s2i-perl-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-s2i-perl/task-s2i-perl-task.yaml new file mode 100644 index 0000000000..3f48071c72 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-s2i-perl/task-s2i-perl-task.yaml @@ -0,0 +1,197 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-s2i-perl/0.4.1/task-s2i-perl.yaml +# +--- +--- +# Source: task-containers/templates/task-s2i-perl.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: s2i-perl + labels: + app.kubernetes.io/version: 0.4.1 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-containers" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/categories: containers + tekton.dev/pipelines.minVersion: 0.41.0 + tekton.dev/tags: containers +spec: + description: | + Builds the source code using the s2i's Perl builder-image + "image-registry.openshift-image-registry.svc:5000/openshift/perl". + + + workspaces: + - name: source + optional: false + description: | + Application source code, the build context for S2I workflow. + - name: dockerconfig + optional: true + description: >- + An optional workspace that allows providing a .docker/config.json file for Buildah to access the container registry. + The file should be placed at the root of the Workspace with name config.json. + + params: + - name: IMAGE + type: string + description: | + Fully qualified container image name to be built by s2i. + - name: VERSION + description: The tag of the imagestream for the corresponding language version + default: latest + type: string + - name: IMAGE_SCRIPTS_URL + type: string + default: image:///usr/libexec/s2i + description: | + Specify a URL containing the default assemble and run scripts for the builder image + - name: ENV_VARS + type: array + default: [] + description: | + Array containing string of Environment Variables as "KEY=VALUE" + - name: CONTEXT + type: string + default: "." + description: | + Path to the directory to use as context. + - name: STORAGE_DRIVER + type: string + default: vfs + description: | + Set buildah storage driver to reflect the currrent cluster node's + settings. + - name: FORMAT + description: The format of the built container, oci or docker + default: "oci" + - name: BUILD_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the build command when building images. + - name: PUSH_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the push command when pushing images. + - name: SKIP_PUSH + default: "false" + description: | + Skip pushing the image to the container registry. + - name: TLS_VERIFY + type: string + default: "true" + description: | + Sets the TLS verification flag, `true` is recommended. + - name: VERBOSE + type: string + default: "false" + description: | + Turns on verbose logging, all commands executed will be printed out. + + results: + - name: IMAGE_URL + description: | + Fully qualified image name. + - name: IMAGE_DIGEST + description: | + Digest of the image just built. + + stepTemplate: + env: + + - name: PARAMS_IMAGE + value: "$(params.IMAGE)" + - name: PARAMS_VERSION + value: "$(params.VERSION)" + - name: PARAMS_IMAGE_SCRIPTS_URL + value: "$(params.IMAGE_SCRIPTS_URL)" + - name: PARAMS_CONTEXT + value: "$(params.CONTEXT)" + - name: PARAMS_FORMAT + value: "$(params.FORMAT)" + - name: PARAMS_STORAGE_DRIVER + value: "$(params.STORAGE_DRIVER)" + - name: PARAMS_BUILD_EXTRA_ARGS + value: "$(params.BUILD_EXTRA_ARGS)" + - name: PARAMS_PUSH_EXTRA_ARGS + value: "$(params.PUSH_EXTRA_ARGS)" + - name: PARAMS_SKIP_PUSH + value: "$(params.SKIP_PUSH)" + - name: PARAMS_TLS_VERIFY + value: "$(params.TLS_VERIFY)" + - name: PARAMS_VERBOSE + value: "$(params.VERBOSE)" + - name: WORKSPACES_SOURCE_BOUND + value: "$(workspaces.source.bound)" + - name: WORKSPACES_SOURCE_PATH + value: "$(workspaces.source.path)" + - name: WORKSPACES_DOCKERCONFIG_BOUND + value: "$(workspaces.dockerconfig.bound)" + - name: WORKSPACES_DOCKERCONFIG_PATH + value: "$(workspaces.dockerconfig.path)" + - name: RESULTS_IMAGE_URL_PATH + value: "$(results.IMAGE_URL.path)" + - name: RESULTS_IMAGE_DIGEST_PATH + value: "$(results.IMAGE_DIGEST.path)" + + steps: + - name: s2i-generate + image: registry.access.redhat.com/source-to-image/source-to-image-rhel8:v1.3.9-6 + workingDir: $(workspaces.source.path) + env: + - name: S2I_BUILDER_IMAGE + value: "image-registry.openshift-image-registry.svc:5000/openshift/perl:$(params.VERSION)" + script: | + set -e + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgV3JhcHBlciBhcm91bmQgImJ1aWxkYWggYnVkIiB0byBidWlsZCBhbmQgcHVzaCBhIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiBhIERvY2tlcmZpbGUuCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvYnVpbGRhaC1jb21tb24uc2giCgpmdW5jdGlvbiBfYnVpbGRhaCgpIHsKICAgIGJ1aWxkYWggXAogICAgICAgIC0tc3RvcmFnZS1kcml2ZXI9IiR7UEFSQU1TX1NUT1JBR0VfRFJJVkVSfSIgXAogICAgICAgIC0tdGxzLXZlcmlmeT0iJHtQQVJBTVNfVExTX1ZFUklGWX0iIFwKICAgICAgICAkeyp9Cn0KCiMKIyBQcmVwYXJlCiMKCiMgbWFraW5nIHN1cmUgdGhlIHJlcXVpcmVkIHdvcmtzcGFjZSAic291cmNlIiBpcyBib3VuZGVkLCB3aGljaCBtZWFucyBpdHMgdm9sdW1lIGlzIGN1cnJlbnRseSBtb3VudGVkCiMgYW5kIHJlYWR5IHRvIHVzZQpwaGFzZSAiSW5zcGVjdGluZyBzb3VyY2Ugd29ya3NwYWNlICcke1dPUktTUEFDRVNfU09VUkNFX1BBVEh9JyAoUFdEPScke1BXRH0nKSIKW1sgIiR7V09SS1NQQUNFU19TT1VSQ0VfQk9VTkR9IiAhPSAidHJ1ZSIgXV0gJiYKICAgIGZhaWwgIldvcmtzcGFjZSAnc291cmNlJyBpcyBub3QgYm91bmRlZCIKCnBoYXNlICJBc3NlcnRpbmcgdGhlIGRvY2tlcmZpbGUvY29udGFpbmVyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyBleGlzdHMiCltbICEgLWYgIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgIkRvY2tlcmZpbGUgbm90IGZvdW5kIGF0OiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJDT05URVhUIHBhcmFtIGlzIG5vdCBmb3VuZCBhdCAnJHtQQVJBTVNfQ09OVEVYVH0nLCBvbiBzb3VyY2Ugd29ya3NwYWNlIgoKcGhhc2UgIkJ1aWxkaW5nIGJ1aWxkIGFyZ3MiCkJVSUxEX0FSR1M9KCkKZm9yIGJ1aWxkYXJnIGluICIkQCI7IGRvCiAgICBCVUlMRF9BUkdTKz0oIi0tYnVpbGQtYXJnPSRidWlsZGFyZyIpCmRvbmUKCiMgSGFuZGxlIG9wdGlvbmFsIGRvY2tlcmNvbmZpZyBzZWNyZXQKaWYgW1sgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfQk9VTkR9IiA9PSAidHJ1ZSIgXV07IHRoZW4KCiAgICAjIGlmIGNvbmZpZy5qc29uIGV4aXN0cyBhdCB3b3Jrc3BhY2Ugcm9vdCwgd2UgdXNlIHRoYXQKICAgIGlmIHRlc3QgLWYgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0vY29uZmlnLmpzb24iOyB0aGVuCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0iCgogICAgICAgICMgZWxzZSB3ZSBsb29rIGZvciAuZG9ja2VyY29uZmlnanNvbiBhdCB0aGUgcm9vdAogICAgZWxpZiB0ZXN0IC1mICIke1dPUktTUEFDRVNfRE9DS0VSQ09ORklHX1BBVEh9Ly5kb2NrZXJjb25maWdqc29uIjsgdGhlbgogICAgICAgICMgZW5zdXJlIC5kb2NrZXIgZXhpc3QgYmVmb3JlIHRoZSBjb3B5aW5nIHRoZSBjb250ZW50CiAgICAgICAgaWYgWyAhIC1kICIkSE9NRS8uZG9ja2VyIiBdOyB0aGVuCiAgICAgICAgICAgbWtkaXIgLXAgIiRIT01FLy5kb2NrZXIiCiAgICAgICAgZmkKICAgICAgICBjcCAiJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIfS8uZG9ja2VyY29uZmlnanNvbiIgIiRIT01FLy5kb2NrZXIvY29uZmlnLmpzb24iCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiRIT01FLy5kb2NrZXIiCgogICAgICAgICMgbmVlZCB0byBlcnJvciBvdXQgaWYgbmVpdGhlciBmaWxlcyBhcmUgcHJlc2VudAogICAgZWxzZQogICAgICAgIGVjaG8gIm5laXRoZXIgJ2NvbmZpZy5qc29uJyBub3IgJy5kb2NrZXJjb25maWdqc29uJyBmb3VuZCBhdCB3b3Jrc3BhY2Ugcm9vdCIKICAgICAgICBleGl0IDEKICAgIGZpCmZpCgpFTlRJVExFTUVOVF9WT0xVTUU9IiIKaWYgW1sgIiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX0JPVU5EfSIgPT0gInRydWUiIF1dOyB0aGVuCiAgICBFTlRJVExFTUVOVF9WT0xVTUU9Ii0tdm9sdW1lICR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEh9Oi9ldGMvcGtpL2VudGl0bGVtZW50IgpmaQoKIwojIEJ1aWxkCiMKCnBoYXNlICJCdWlsZGluZyAnJHtQQVJBTVNfSU1BR0V9JyBiYXNlZCBvbiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCltbIC1uICIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX0JVSUxEX0VYVFJBX0FSR1N9JyIKCl9idWlsZGFoIGJ1ZCAke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSBcCiAgICAkRU5USVRMRU1FTlRfVk9MVU1FIFwKICAgICIke0JVSUxEX0FSR1NbQF19IiBcCiAgICAtLWZpbGU9IiR7RE9DS0VSRklMRV9GVUxMfSIgXAogICAgLS10YWc9IiR7UEFSQU1TX0lNQUdFfSIgXAogICAgIiR7UEFSQU1TX0NPTlRFWFR9IgoKaWYgW1sgIiR7UEFSQU1TX1NLSVBfUFVTSH0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgcGhhc2UgIlNraXBwaW5nIHB1c2hpbmcgJyR7UEFSQU1TX0lNQUdFfScgdG8gdGhlIGNvbnRhaW5lciByZWdpc3RyeSEiCiAgICBleGl0IDAKZmkKCiMKIyBQdXNoCiMKCnBoYXNlICJQdXNoaW5nICcke1BBUkFNU19JTUFHRX0nIHRvIHRoZSBjb250YWluZXIgcmVnaXN0cnkiCgpbWyAtbiAiJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX1BVU0hfRVhUUkFfQVJHU30nIgoKIyB0ZW1wb3JhcnkgZmlsZSB0byBzdG9yZSB0aGUgaW1hZ2UgZGlnZXN0LCBpbmZvcm1hdGlvbiBvbmx5IG9idGFpbmVkIGFmdGVyIHB1c2hpbmcgdGhlIGltYWdlIHRvIHRoZQojIGNvbnRhaW5lciByZWdpc3RyeQpkZWNsYXJlIC1yIGRpZ2VzdF9maWxlPSIvdG1wL2J1aWxkYWgtZGlnZXN0LnR4dCIKCl9idWlsZGFoIHB1c2ggJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSBcCiAgICAtLWRpZ2VzdGZpbGU9IiR7ZGlnZXN0X2ZpbGV9IiBcCiAgICAiJHtQQVJBTVNfSU1BR0V9IiBcCiAgICAiZG9ja2VyOi8vJHtQQVJBTVNfSU1BR0V9IgoKIwojIFJlc3VsdHMKIwoKcGhhc2UgIkluc3BlY3RpbmcgZGlnZXN0IHJlcG9ydCAoJyR7ZGlnZXN0X2ZpbGV9JykiCgpbWyAhIC1yICIke2RpZ2VzdF9maWxlfSIgXV0gJiYKICAgIGZhaWwgIlVuYWJsZSB0byBmaW5kIGRpZ2VzdC1maWxlIGF0ICcke2RpZ2VzdF9maWxlfSciCgpkZWNsYXJlIC1yIGRpZ2VzdF9zdW09IiQoY2F0ICR7ZGlnZXN0X2ZpbGV9KSIKCltbIC16ICIke2RpZ2VzdF9zdW19IiBdXSAmJgogICAgZmFpbCAiRGlnZXN0IGZpbGUgJyR7ZGlnZXN0X2ZpbGV9JyBpcyBlbXB0eSEiCgpwaGFzZSAiU3VjY2Vzc2Z1bHkgYnVpbHQgY29udGFpbmVyIGltYWdlICcke1BBUkFNU19JTUFHRX0nICgnJHtkaWdlc3Rfc3VtfScpIgplY2hvIC1uICIke1BBUkFNU19JTUFHRX0iIHwgdGVlICR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSH0KZWNobyAtbiAiJHtkaWdlc3Rfc3VtfSIgfCB0ZWUgJHtSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIfQo=" |base64 -d >"/scripts/buildah-bud.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKZGVjbGFyZSAtcnggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKZGVjbGFyZSAtcnggUEFSQU1TX0RPQ0tFUkZJTEU9IiR7UEFSQU1TX0RPQ0tFUkZJTEU6LX0iCmRlY2xhcmUgLXggUEFSQU1TX0NPTlRFWFQ9IiR7UEFSQU1TX0NPTlRFWFQ6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TVE9SQUdFX0RSSVZFUj0iJHtQQVJBTVNfU1RPUkFHRV9EUklWRVI6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19CVUlMRF9FWFRSQV9BUkdTPSIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTOi19IgpkZWNsYXJlIC1yeCBQQVJBTVNfUFVTSF9FWFRSQV9BUkdTPSIke1BBUkFNU19QVVNIX0VYVFJBX0FSR1M6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TS0lQX1BVU0g9IiR7UEFSQU1TX1NLSVBfUFVTSDotfSIKZGVjbGFyZSAtcnggUEFSQU1TX1RMU19WRVJJRlk9IiR7UEFSQU1TX1RMU19WRVJJRlk6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19WRVJCT1NFPSIke1BBUkFNU19WRVJCT1NFOi19IgoKZGVjbGFyZSAtcnggV09SS1NQQUNFU19TT1VSQ0VfUEFUSD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg9IiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFdPUktTUEFDRVNfUkhFTF9FTlRJVExFTUVOVF9CT1VORD0iJHtXT1JLU1BBQ0VTX1JIRUxfRU5USVRMRU1FTlRfQk9VTkQ6LX0iCgpkZWNsYXJlIC1yeCBSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIPSIke1JFU1VMVFNfSU1BR0VfRElHRVNUX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFJFU1VMVFNfSU1BR0VfVVJMX1BBVEg9IiR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSDotfSIKCiMKIyBEb2NrZXJmaWxlCiMKCiMgZXhwb3NpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUsIHdoaWNoIGJ5IGRlZmF1bHQgc2hvdWxkIGJlIHJlbGF0aXZlIHRvIHRoZSBwcmltYXJ5CiMgd29ya3NwYWNlLCB0byByZWNlaXZlIGEgZGlmZmVyZW50IGNvbnRhaW5lci1maWxlIGxvY2F0aW9uCmRlY2xhcmUgLXIgZG9ja2VyZmlsZV9vbl93cz0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19ET0NLRVJGSUxFfSIKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7RE9DS0VSRklMRV9GVUxMOi0ke2RvY2tlcmZpbGVfb25fd3N9fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKW1sgLXogIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgInVuYWJsZSB0byBmaW5kIHRoZSBEb2NrZXJmaWxlLCBET0NLRVJGSUxFIG1heSBoYXZlIGFuIGluY29ycmVjdCBsb2NhdGlvbiIKCmV4cG9ydGVkX29yX2ZhaWwgXAogICAgV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBcCiAgICBQQVJBTVNfSU1BR0UKCiMKIyBWZXJib3NlIE91dHB1dAojCgppZiBbWyAiJHtQQVJBTVNfVkVSQk9TRX0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgc2V0IC14CmZpCg==" |base64 -d >"/scripts/buildah-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + ls /scripts/buildah-*.sh; + chmod +x /scripts/buildah-*.sh; + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVXNlcyB0aGUgRG9ja2VyZmlsZSBnZW5lcmF0ZWQgYnkgczJpIHRvIGFzc2VtYmxlIGEgbmV3IGNvbnRhaW5lciBpbWFnZSB1c2luZyBidWlsZGFoLgojCgpzaG9wdCAtcyBpbmhlcml0X2VycmV4aXQKc2V0IC1ldSAtbyBwaXBlZmFpbAoKZGVjbGFyZSAtciBjdXJfZGlyPSIkKGRpcm5hbWUgJHtCQVNIX1NPVVJDRVswXX0pIgoKc291cmNlICIke2N1cl9kaXJ9L2NvbW1vbi5zaCIKc291cmNlICIke2N1cl9kaXJ9L3MyaS1jb21tb24uc2giCgojIGxvYWRpbmcgYnVpbGRhaCBzZXR0aW5ncyBvdmVyd3JpdHRpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7UzJJX0RPQ0tFUkZJTEV9Igpzb3VyY2UgIiR7Y3VyX2Rpcn0vYnVpbGRhaC1jb21tb24uc2giCgpwaGFzZSAiQ2hhbmdpbmcgJFBBUkFNU19DT05URVhUIHRvIHBvaW50IHRvIHByZXNlbnQgd29ya2luZyBkaXJlY3RvcnkiCltbICIkUEFSQU1TX0NPTlRFWFQiICE9ICIuIiBdXSAmJiAKICAgIFBBUkFNU19DT05URVhUPSIuIgoKcGhhc2UgIkluc3BlY3RpbmcgY29udGV4dCAnJHtQQVJBTVNfQ09OVEVYVH0nIgpbWyAhIC1kICIke1BBUkFNU19DT05URVhUfSIgXV0gJiYKICAgIGZhaWwgIkFwcGxpY2F0aW9uIHNvdXJjZSBjb2RlIGRpcmVjdG9yeSBub3QgZm91bmQgYXQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKCnBoYXNlICJCdWlsZGluZyB0aGUgRG9ja2VyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyB3aXRoIGJ1aWxkYWgiCmV4ZWMgJHtjdXJfZGlyfS9idWlsZGFoLWJ1ZC5zaAo=" |base64 -d >"/scripts/s2i-build.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0YXJnZXQgaW1hZ2UgbmFtZSAoZnVsbHkgcXVhbGlmaWVkKSB0byBiZSBidWlsZCB3aXRoIHMyaSwgcmVkZWNsYXJpbmcgdGhlIHNhbWUgcGFyYW1ldGVyIG5hbWUgdGhhbgojIGJ1aWxkYWggdGFzayB1c2VzCmRlY2xhcmUgLXggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKIyBTcGVjaWZ5IGEgVVJMIGNvbnRhaW5pbmcgdGhlIGRlZmF1bHQgYXNzZW1ibGUgYW5kIHJ1biBzY3JpcHRzIGZvciB0aGUgYnVpbGRlciBpbWFnZQpkZWNsYXJlIC1yeCBQQVJBTVNfSU1BR0VfU0NSSVBUU19VUkw9IiR7UEFSQU1TX0lNQUdFX1NDUklQVFNfVVJMOi19IgoKIyB2b2x1bWUgbW91bnQgb3IgZGlyZWN0b3J5IHJlc3BvbnNpYmxlIGZvciBob2xkaW5nIGZpbGVzIAojIGxpa2UgZW52LCBEb2NrZXJmaWxlIGFuZCBhbnkgb3RoZXJzIG5lZWRlZCB0byBzdXBwb3J0IHMyaQpkZWNsYXJlIC1yeCBTMklfR0VORVJBVEVfRElSRUNUT1JZPSIke1MySV9HRU5FUkFURV9ESVJFQ1RPUlk6LS9zMmktZ2VuZXJhdGV9IgoKIyBmdWxsIHBhdGggdG8gdGhlIGNvbnRhaW5lciBmaWxlIGdlbmVyYXRlZCBieSBzMmkKZGVjbGFyZSAtcnggUzJJX0RPQ0tFUkZJTEU9IiR7UzJJX0RPQ0tFUkZJTEU6LSR7UzJJX0dFTkVSQVRFX0RJUkVDVE9SWX0vRG9ja2VyZmlsZS5nZW59IgoKIyBmdWxsIHBhdGggdG8gdGhlIGVudiBmaWxlIHVzZWQgd2l0aCB0aGUgLS1lbnZpcm9ubWVudC1maWxlIHBhcmFtZXRlciBvZiBzMmkKZGVjbGFyZSAtcnggUzJJX0VOVklST05NRU5UX0ZJTEU9IiR7UzJJX0VOVklST05NRU5UX0ZJTEU6LSR7UzJJX0dFTkVSQVRFX0RJUkVDVE9SWX0vZW52fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKZXhwb3J0ZWRfb3JfZmFpbCBcCiAgICBXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIIFwKICAgIFBBUkFNU19JTUFHRQoKIwojIFZlcmJvc2UgT3V0cHV0CiMKCmRlY2xhcmUgLXggUzJJX0xPR0xFVkVMPSIwIgoKaWYgW1sgIiR7UEFSQU1TX1ZFUkJPU0V9IiA9PSAidHJ1ZSIgXV07IHRoZW4KICAgIFMySV9MT0dMRVZFTD0iMiIKICAgIHNldCAteApmaQo=" |base64 -d >"/scripts/s2i-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVXNlcyBzMmkgdG8gZ2VuZXJhdGUgdGhlIHJlcGVzY3RpdmUgQ29udGFpbmVyZmlsZSBiYXNlZCBvbiB0aGUgaW5mb21yZWQgYnVpbGRlci4gVGhlIENvbnRhaW5lcmZpbGUKIyBpcyBzdG9yZWQgb24gYSB0ZW1wb3JhcnkgbG9jYXRpb24uCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvczJpLWNvbW1vbi5zaCIKCiMgczJpIGJ1aWxkZXIgaW1hZ2UgbmFtZSAoZnVsbHkgcXVhbGlmaWVkKQpkZWNsYXJlIC1yeCBTMklfQlVJTERFUl9JTUFHRT0iJHtTMklfQlVJTERFUl9JTUFHRTotfSIKCiMgdGFrZXMgdGhlIHZhbHVlcyBpbiBhcmd1bWVudCBFTlZfVkFSUyBhbmQgY3JlYXRlcyBhbiBhcnJheSB1c2luZyB0aG9zZSB2YWx1ZXMKZGVjbGFyZSAtcmEgRU5WX1ZBUlM9KCR7QH0pCgojIHJlLXVzaW5nIHRoZSBzYW1lIHBhcmFtZXRlcnMgdGhhbiBidWlsZGFoLCBzMmkgbmVlZHMgYnVpbGRhaCBhYmlsaXRpZXMgdG8gY3JlYXRlIHRoZSBmaW5hbAojIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiB3aGF0IHMyaSBnZW5lcmF0ZXMKc291cmNlICIkKGRpcm5hbWUgJHtCQVNIX1NPVVJDRVswXX0pL2J1aWxkYWgtY29tbW9uLnNoIgoKIwojIFByZXBhcmUKIwoKIyBtYWtpbmcgc3VyZSB0aGUgcmVxdWlyZWQgd29ya3NwYWNlICJzb3VyY2UiIGlzIGJvdW5kZWQsIHdoaWNoIG1lYW5zIGl0cyB2b2x1bWUgaXMgY3VycmVudGx5IG1vdW50ZWQKIyBhbmQgcmVhZHkgdG8gdXNlCnBoYXNlICJJbnNwZWN0aW5nIHNvdXJjZSB3b3Jrc3BhY2UgJyR7V09SS1NQQUNFU19TT1VSQ0VfUEFUSH0nIChQV0Q9JyR7UFdEfScpIgpbWyAiJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORH0iICE9ICJ0cnVlIiBdXSAmJgogICAgZmFpbCAiV29ya3NwYWNlICdzb3VyY2UnIGlzIG5vdCBib3VuZGVkIgoKcGhhc2UgIkFwcGVuZGluZyAkUEFSQU1TX0NPTlRFWFQgd2l0aCAkV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBpZiBpdCdzIHJlbGF0aXZlIgpbWyAiJFBBUkFNU19DT05URVhUIiAhPSAiLiIgJiYgIiRQQVJBTVNfQ09OVEVYVCIgIT0gLyogXV0gJiYgCiAgICBQQVJBTVNfQ09OVEVYVD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19DT05URVhUfSIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJBcHBsaWNhdGlvbiBzb3VyY2UgY29kZSBkaXJlY3Rvcnkgbm90IGZvdW5kIGF0ICcke1BBUkFNU19DT05URVhUfSciCgpwaGFzZSAiQWRkaW5nIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdG8gJyR7UzJJX0VOVklST05NRU5UX0ZJTEV9JyIKCiMgYWRkIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdGhhdCBhcmUgc2VudCBhcyBjb21tYW5kIGxpbmUgYXJndW1lbnRzIGZyb20gRU5WX1ZBUlMgcGFyYW1ldGVyCnRvdWNoICIke1MySV9FTlZJUk9OTUVOVF9GSUxFfSIKaWYgWyAkeyNFTlZfVkFSU1tAXX0gLWd0IDAgXTsgdGhlbgogICAgZm9yIGVudl92YXIgaW4gIiR7RU5WX1ZBUlNbQF19IjsgZG8KICAgICAgICBlY2hvICIke2Vudl92YXJ9IiA+PiAiJHtTMklfRU5WSVJPTk1FTlRfRklMRX0iCiAgICBkb25lCmZpCgojCiMgUzJJIEdlbmVyYXRlCiMKCnBoYXNlICJHZW5lcmF0aW5nIHRoZSBEb2NrZXJmaWxlIGZvciBTMkkgYnVpbGRlciBpbWFnZSAnJHtTMklfQlVJTERFUl9JTUFHRX0nIgpzMmkgLS1sb2dsZXZlbCAiJHtTMklfTE9HTEVWRUx9IiBcCiAgICBidWlsZCAiJHtQQVJBTVNfQ09OVEVYVH0iICIke1MySV9CVUlMREVSX0lNQUdFfSIgXAogICAgICAgIC0taW1hZ2Utc2NyaXB0cy11cmwgIiR7UEFSQU1TX0lNQUdFX1NDUklQVFNfVVJMfSIgXAogICAgICAgIC0tYXMtZG9ja2VyZmlsZSAiJHtTMklfRE9DS0VSRklMRX0iIFwKICAgICAgICAtLWVudmlyb25tZW50LWZpbGUgIiR7UzJJX0VOVklST05NRU5UX0ZJTEV9IgoKcGhhc2UgIkluc3BlY3RpbmcgdGhlIERvY2tlcmZpbGUgZ2VuZXJhdGVkIGF0ICcke1MySV9ET0NLRVJGSUxFfSciCltbICEgLWYgIiR7UzJJX0RPQ0tFUkZJTEV9IiBdXSAmJgogICAgZmFpbCAiR2VuZXJhdGVkIERvY2tlcmZpbGUgaXMgbm90IGZvdW5kISIKCnNldCAreApwaGFzZSAiR2VuZXJhdGVkIERvY2tlcmZpbGUgcGF5bG9hZCIKZWNobyAtZW4gIj4+PiAke1MySV9ET0NLRVJGSUxFfVxuJChjYXQgJHtTMklfRE9DS0VSRklMRX0pXG48PDwgRU9GXG4iCg==" |base64 -d >"/scripts/s2i-generate.sh" + ls /scripts/s2i-*.sh; + chmod +x /scripts/s2i-*.sh;echo "Running Script /scripts/s2i-generate.sh"; + /scripts/s2i-generate.sh; + args: + - "$(params.ENV_VARS[*])" + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: s2i-generate-dir + mountPath: /s2i-generate + + - name: s2i-build + image: registry.access.redhat.com/ubi8/buildah:8.10-5 + workingDir: /s2i-generate + command: + - /scripts/s2i-build.sh + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: s2i-generate-dir + mountPath: /s2i-generate + + volumes: + - name: scripts-dir + emptyDir: {} + - name: s2i-generate-dir + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-s2i-php/task-s2i-php-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-s2i-php/task-s2i-php-task.yaml new file mode 100644 index 0000000000..8bf8c9e38b --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-s2i-php/task-s2i-php-task.yaml @@ -0,0 +1,197 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-s2i-php/0.4.1/task-s2i-php.yaml +# +--- +--- +# Source: task-containers/templates/task-s2i-php.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: s2i-php + labels: + app.kubernetes.io/version: 0.4.1 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-containers" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/categories: containers + tekton.dev/pipelines.minVersion: 0.41.0 + tekton.dev/tags: containers +spec: + description: | + Builds the source code using the s2i's php builder-image + "image-registry.openshift-image-registry.svc:5000/openshift/php". + + + workspaces: + - name: source + optional: false + description: | + Application source code, the build context for S2I workflow. + - name: dockerconfig + optional: true + description: >- + An optional workspace that allows providing a .docker/config.json file for Buildah to access the container registry. + The file should be placed at the root of the Workspace with name config.json. + + params: + - name: IMAGE + type: string + description: | + Fully qualified container image name to be built by s2i. + - name: VERSION + description: The tag of the imagestream for the corresponding language version + default: latest + type: string + - name: IMAGE_SCRIPTS_URL + type: string + default: image:///usr/libexec/s2i + description: | + Specify a URL containing the default assemble and run scripts for the builder image + - name: ENV_VARS + type: array + default: [] + description: | + Array containing string of Environment Variables as "KEY=VALUE" + - name: CONTEXT + type: string + default: "." + description: | + Path to the directory to use as context. + - name: STORAGE_DRIVER + type: string + default: vfs + description: | + Set buildah storage driver to reflect the currrent cluster node's + settings. + - name: FORMAT + description: The format of the built container, oci or docker + default: "oci" + - name: BUILD_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the build command when building images. + - name: PUSH_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the push command when pushing images. + - name: SKIP_PUSH + default: "false" + description: | + Skip pushing the image to the container registry. + - name: TLS_VERIFY + type: string + default: "true" + description: | + Sets the TLS verification flag, `true` is recommended. + - name: VERBOSE + type: string + default: "false" + description: | + Turns on verbose logging, all commands executed will be printed out. + + results: + - name: IMAGE_URL + description: | + Fully qualified image name. + - name: IMAGE_DIGEST + description: | + Digest of the image just built. + + stepTemplate: + env: + + - name: PARAMS_IMAGE + value: "$(params.IMAGE)" + - name: PARAMS_VERSION + value: "$(params.VERSION)" + - name: PARAMS_IMAGE_SCRIPTS_URL + value: "$(params.IMAGE_SCRIPTS_URL)" + - name: PARAMS_CONTEXT + value: "$(params.CONTEXT)" + - name: PARAMS_FORMAT + value: "$(params.FORMAT)" + - name: PARAMS_STORAGE_DRIVER + value: "$(params.STORAGE_DRIVER)" + - name: PARAMS_BUILD_EXTRA_ARGS + value: "$(params.BUILD_EXTRA_ARGS)" + - name: PARAMS_PUSH_EXTRA_ARGS + value: "$(params.PUSH_EXTRA_ARGS)" + - name: PARAMS_SKIP_PUSH + value: "$(params.SKIP_PUSH)" + - name: PARAMS_TLS_VERIFY + value: "$(params.TLS_VERIFY)" + - name: PARAMS_VERBOSE + value: "$(params.VERBOSE)" + - name: WORKSPACES_SOURCE_BOUND + value: "$(workspaces.source.bound)" + - name: WORKSPACES_SOURCE_PATH + value: "$(workspaces.source.path)" + - name: WORKSPACES_DOCKERCONFIG_BOUND + value: "$(workspaces.dockerconfig.bound)" + - name: WORKSPACES_DOCKERCONFIG_PATH + value: "$(workspaces.dockerconfig.path)" + - name: RESULTS_IMAGE_URL_PATH + value: "$(results.IMAGE_URL.path)" + - name: RESULTS_IMAGE_DIGEST_PATH + value: "$(results.IMAGE_DIGEST.path)" + + steps: + - name: s2i-generate + image: registry.access.redhat.com/source-to-image/source-to-image-rhel8:v1.3.9-6 + workingDir: $(workspaces.source.path) + env: + - name: S2I_BUILDER_IMAGE + value: "image-registry.openshift-image-registry.svc:5000/openshift/php:$(params.VERSION)" + script: | + set -e + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgV3JhcHBlciBhcm91bmQgImJ1aWxkYWggYnVkIiB0byBidWlsZCBhbmQgcHVzaCBhIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiBhIERvY2tlcmZpbGUuCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvYnVpbGRhaC1jb21tb24uc2giCgpmdW5jdGlvbiBfYnVpbGRhaCgpIHsKICAgIGJ1aWxkYWggXAogICAgICAgIC0tc3RvcmFnZS1kcml2ZXI9IiR7UEFSQU1TX1NUT1JBR0VfRFJJVkVSfSIgXAogICAgICAgIC0tdGxzLXZlcmlmeT0iJHtQQVJBTVNfVExTX1ZFUklGWX0iIFwKICAgICAgICAkeyp9Cn0KCiMKIyBQcmVwYXJlCiMKCiMgbWFraW5nIHN1cmUgdGhlIHJlcXVpcmVkIHdvcmtzcGFjZSAic291cmNlIiBpcyBib3VuZGVkLCB3aGljaCBtZWFucyBpdHMgdm9sdW1lIGlzIGN1cnJlbnRseSBtb3VudGVkCiMgYW5kIHJlYWR5IHRvIHVzZQpwaGFzZSAiSW5zcGVjdGluZyBzb3VyY2Ugd29ya3NwYWNlICcke1dPUktTUEFDRVNfU09VUkNFX1BBVEh9JyAoUFdEPScke1BXRH0nKSIKW1sgIiR7V09SS1NQQUNFU19TT1VSQ0VfQk9VTkR9IiAhPSAidHJ1ZSIgXV0gJiYKICAgIGZhaWwgIldvcmtzcGFjZSAnc291cmNlJyBpcyBub3QgYm91bmRlZCIKCnBoYXNlICJBc3NlcnRpbmcgdGhlIGRvY2tlcmZpbGUvY29udGFpbmVyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyBleGlzdHMiCltbICEgLWYgIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgIkRvY2tlcmZpbGUgbm90IGZvdW5kIGF0OiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJDT05URVhUIHBhcmFtIGlzIG5vdCBmb3VuZCBhdCAnJHtQQVJBTVNfQ09OVEVYVH0nLCBvbiBzb3VyY2Ugd29ya3NwYWNlIgoKcGhhc2UgIkJ1aWxkaW5nIGJ1aWxkIGFyZ3MiCkJVSUxEX0FSR1M9KCkKZm9yIGJ1aWxkYXJnIGluICIkQCI7IGRvCiAgICBCVUlMRF9BUkdTKz0oIi0tYnVpbGQtYXJnPSRidWlsZGFyZyIpCmRvbmUKCiMgSGFuZGxlIG9wdGlvbmFsIGRvY2tlcmNvbmZpZyBzZWNyZXQKaWYgW1sgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfQk9VTkR9IiA9PSAidHJ1ZSIgXV07IHRoZW4KCiAgICAjIGlmIGNvbmZpZy5qc29uIGV4aXN0cyBhdCB3b3Jrc3BhY2Ugcm9vdCwgd2UgdXNlIHRoYXQKICAgIGlmIHRlc3QgLWYgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0vY29uZmlnLmpzb24iOyB0aGVuCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0iCgogICAgICAgICMgZWxzZSB3ZSBsb29rIGZvciAuZG9ja2VyY29uZmlnanNvbiBhdCB0aGUgcm9vdAogICAgZWxpZiB0ZXN0IC1mICIke1dPUktTUEFDRVNfRE9DS0VSQ09ORklHX1BBVEh9Ly5kb2NrZXJjb25maWdqc29uIjsgdGhlbgogICAgICAgICMgZW5zdXJlIC5kb2NrZXIgZXhpc3QgYmVmb3JlIHRoZSBjb3B5aW5nIHRoZSBjb250ZW50CiAgICAgICAgaWYgWyAhIC1kICIkSE9NRS8uZG9ja2VyIiBdOyB0aGVuCiAgICAgICAgICAgbWtkaXIgLXAgIiRIT01FLy5kb2NrZXIiCiAgICAgICAgZmkKICAgICAgICBjcCAiJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIfS8uZG9ja2VyY29uZmlnanNvbiIgIiRIT01FLy5kb2NrZXIvY29uZmlnLmpzb24iCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiRIT01FLy5kb2NrZXIiCgogICAgICAgICMgbmVlZCB0byBlcnJvciBvdXQgaWYgbmVpdGhlciBmaWxlcyBhcmUgcHJlc2VudAogICAgZWxzZQogICAgICAgIGVjaG8gIm5laXRoZXIgJ2NvbmZpZy5qc29uJyBub3IgJy5kb2NrZXJjb25maWdqc29uJyBmb3VuZCBhdCB3b3Jrc3BhY2Ugcm9vdCIKICAgICAgICBleGl0IDEKICAgIGZpCmZpCgpFTlRJVExFTUVOVF9WT0xVTUU9IiIKaWYgW1sgIiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX0JPVU5EfSIgPT0gInRydWUiIF1dOyB0aGVuCiAgICBFTlRJVExFTUVOVF9WT0xVTUU9Ii0tdm9sdW1lICR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEh9Oi9ldGMvcGtpL2VudGl0bGVtZW50IgpmaQoKIwojIEJ1aWxkCiMKCnBoYXNlICJCdWlsZGluZyAnJHtQQVJBTVNfSU1BR0V9JyBiYXNlZCBvbiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCltbIC1uICIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX0JVSUxEX0VYVFJBX0FSR1N9JyIKCl9idWlsZGFoIGJ1ZCAke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSBcCiAgICAkRU5USVRMRU1FTlRfVk9MVU1FIFwKICAgICIke0JVSUxEX0FSR1NbQF19IiBcCiAgICAtLWZpbGU9IiR7RE9DS0VSRklMRV9GVUxMfSIgXAogICAgLS10YWc9IiR7UEFSQU1TX0lNQUdFfSIgXAogICAgIiR7UEFSQU1TX0NPTlRFWFR9IgoKaWYgW1sgIiR7UEFSQU1TX1NLSVBfUFVTSH0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgcGhhc2UgIlNraXBwaW5nIHB1c2hpbmcgJyR7UEFSQU1TX0lNQUdFfScgdG8gdGhlIGNvbnRhaW5lciByZWdpc3RyeSEiCiAgICBleGl0IDAKZmkKCiMKIyBQdXNoCiMKCnBoYXNlICJQdXNoaW5nICcke1BBUkFNU19JTUFHRX0nIHRvIHRoZSBjb250YWluZXIgcmVnaXN0cnkiCgpbWyAtbiAiJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX1BVU0hfRVhUUkFfQVJHU30nIgoKIyB0ZW1wb3JhcnkgZmlsZSB0byBzdG9yZSB0aGUgaW1hZ2UgZGlnZXN0LCBpbmZvcm1hdGlvbiBvbmx5IG9idGFpbmVkIGFmdGVyIHB1c2hpbmcgdGhlIGltYWdlIHRvIHRoZQojIGNvbnRhaW5lciByZWdpc3RyeQpkZWNsYXJlIC1yIGRpZ2VzdF9maWxlPSIvdG1wL2J1aWxkYWgtZGlnZXN0LnR4dCIKCl9idWlsZGFoIHB1c2ggJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSBcCiAgICAtLWRpZ2VzdGZpbGU9IiR7ZGlnZXN0X2ZpbGV9IiBcCiAgICAiJHtQQVJBTVNfSU1BR0V9IiBcCiAgICAiZG9ja2VyOi8vJHtQQVJBTVNfSU1BR0V9IgoKIwojIFJlc3VsdHMKIwoKcGhhc2UgIkluc3BlY3RpbmcgZGlnZXN0IHJlcG9ydCAoJyR7ZGlnZXN0X2ZpbGV9JykiCgpbWyAhIC1yICIke2RpZ2VzdF9maWxlfSIgXV0gJiYKICAgIGZhaWwgIlVuYWJsZSB0byBmaW5kIGRpZ2VzdC1maWxlIGF0ICcke2RpZ2VzdF9maWxlfSciCgpkZWNsYXJlIC1yIGRpZ2VzdF9zdW09IiQoY2F0ICR7ZGlnZXN0X2ZpbGV9KSIKCltbIC16ICIke2RpZ2VzdF9zdW19IiBdXSAmJgogICAgZmFpbCAiRGlnZXN0IGZpbGUgJyR7ZGlnZXN0X2ZpbGV9JyBpcyBlbXB0eSEiCgpwaGFzZSAiU3VjY2Vzc2Z1bHkgYnVpbHQgY29udGFpbmVyIGltYWdlICcke1BBUkFNU19JTUFHRX0nICgnJHtkaWdlc3Rfc3VtfScpIgplY2hvIC1uICIke1BBUkFNU19JTUFHRX0iIHwgdGVlICR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSH0KZWNobyAtbiAiJHtkaWdlc3Rfc3VtfSIgfCB0ZWUgJHtSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIfQo=" |base64 -d >"/scripts/buildah-bud.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKZGVjbGFyZSAtcnggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKZGVjbGFyZSAtcnggUEFSQU1TX0RPQ0tFUkZJTEU9IiR7UEFSQU1TX0RPQ0tFUkZJTEU6LX0iCmRlY2xhcmUgLXggUEFSQU1TX0NPTlRFWFQ9IiR7UEFSQU1TX0NPTlRFWFQ6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TVE9SQUdFX0RSSVZFUj0iJHtQQVJBTVNfU1RPUkFHRV9EUklWRVI6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19CVUlMRF9FWFRSQV9BUkdTPSIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTOi19IgpkZWNsYXJlIC1yeCBQQVJBTVNfUFVTSF9FWFRSQV9BUkdTPSIke1BBUkFNU19QVVNIX0VYVFJBX0FSR1M6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TS0lQX1BVU0g9IiR7UEFSQU1TX1NLSVBfUFVTSDotfSIKZGVjbGFyZSAtcnggUEFSQU1TX1RMU19WRVJJRlk9IiR7UEFSQU1TX1RMU19WRVJJRlk6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19WRVJCT1NFPSIke1BBUkFNU19WRVJCT1NFOi19IgoKZGVjbGFyZSAtcnggV09SS1NQQUNFU19TT1VSQ0VfUEFUSD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg9IiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFdPUktTUEFDRVNfUkhFTF9FTlRJVExFTUVOVF9CT1VORD0iJHtXT1JLU1BBQ0VTX1JIRUxfRU5USVRMRU1FTlRfQk9VTkQ6LX0iCgpkZWNsYXJlIC1yeCBSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIPSIke1JFU1VMVFNfSU1BR0VfRElHRVNUX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFJFU1VMVFNfSU1BR0VfVVJMX1BBVEg9IiR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSDotfSIKCiMKIyBEb2NrZXJmaWxlCiMKCiMgZXhwb3NpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUsIHdoaWNoIGJ5IGRlZmF1bHQgc2hvdWxkIGJlIHJlbGF0aXZlIHRvIHRoZSBwcmltYXJ5CiMgd29ya3NwYWNlLCB0byByZWNlaXZlIGEgZGlmZmVyZW50IGNvbnRhaW5lci1maWxlIGxvY2F0aW9uCmRlY2xhcmUgLXIgZG9ja2VyZmlsZV9vbl93cz0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19ET0NLRVJGSUxFfSIKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7RE9DS0VSRklMRV9GVUxMOi0ke2RvY2tlcmZpbGVfb25fd3N9fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKW1sgLXogIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgInVuYWJsZSB0byBmaW5kIHRoZSBEb2NrZXJmaWxlLCBET0NLRVJGSUxFIG1heSBoYXZlIGFuIGluY29ycmVjdCBsb2NhdGlvbiIKCmV4cG9ydGVkX29yX2ZhaWwgXAogICAgV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBcCiAgICBQQVJBTVNfSU1BR0UKCiMKIyBWZXJib3NlIE91dHB1dAojCgppZiBbWyAiJHtQQVJBTVNfVkVSQk9TRX0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgc2V0IC14CmZpCg==" |base64 -d >"/scripts/buildah-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + ls /scripts/buildah-*.sh; + chmod +x /scripts/buildah-*.sh; + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVXNlcyB0aGUgRG9ja2VyZmlsZSBnZW5lcmF0ZWQgYnkgczJpIHRvIGFzc2VtYmxlIGEgbmV3IGNvbnRhaW5lciBpbWFnZSB1c2luZyBidWlsZGFoLgojCgpzaG9wdCAtcyBpbmhlcml0X2VycmV4aXQKc2V0IC1ldSAtbyBwaXBlZmFpbAoKZGVjbGFyZSAtciBjdXJfZGlyPSIkKGRpcm5hbWUgJHtCQVNIX1NPVVJDRVswXX0pIgoKc291cmNlICIke2N1cl9kaXJ9L2NvbW1vbi5zaCIKc291cmNlICIke2N1cl9kaXJ9L3MyaS1jb21tb24uc2giCgojIGxvYWRpbmcgYnVpbGRhaCBzZXR0aW5ncyBvdmVyd3JpdHRpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7UzJJX0RPQ0tFUkZJTEV9Igpzb3VyY2UgIiR7Y3VyX2Rpcn0vYnVpbGRhaC1jb21tb24uc2giCgpwaGFzZSAiQ2hhbmdpbmcgJFBBUkFNU19DT05URVhUIHRvIHBvaW50IHRvIHByZXNlbnQgd29ya2luZyBkaXJlY3RvcnkiCltbICIkUEFSQU1TX0NPTlRFWFQiICE9ICIuIiBdXSAmJiAKICAgIFBBUkFNU19DT05URVhUPSIuIgoKcGhhc2UgIkluc3BlY3RpbmcgY29udGV4dCAnJHtQQVJBTVNfQ09OVEVYVH0nIgpbWyAhIC1kICIke1BBUkFNU19DT05URVhUfSIgXV0gJiYKICAgIGZhaWwgIkFwcGxpY2F0aW9uIHNvdXJjZSBjb2RlIGRpcmVjdG9yeSBub3QgZm91bmQgYXQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKCnBoYXNlICJCdWlsZGluZyB0aGUgRG9ja2VyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyB3aXRoIGJ1aWxkYWgiCmV4ZWMgJHtjdXJfZGlyfS9idWlsZGFoLWJ1ZC5zaAo=" |base64 -d >"/scripts/s2i-build.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0YXJnZXQgaW1hZ2UgbmFtZSAoZnVsbHkgcXVhbGlmaWVkKSB0byBiZSBidWlsZCB3aXRoIHMyaSwgcmVkZWNsYXJpbmcgdGhlIHNhbWUgcGFyYW1ldGVyIG5hbWUgdGhhbgojIGJ1aWxkYWggdGFzayB1c2VzCmRlY2xhcmUgLXggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKIyBTcGVjaWZ5IGEgVVJMIGNvbnRhaW5pbmcgdGhlIGRlZmF1bHQgYXNzZW1ibGUgYW5kIHJ1biBzY3JpcHRzIGZvciB0aGUgYnVpbGRlciBpbWFnZQpkZWNsYXJlIC1yeCBQQVJBTVNfSU1BR0VfU0NSSVBUU19VUkw9IiR7UEFSQU1TX0lNQUdFX1NDUklQVFNfVVJMOi19IgoKIyB2b2x1bWUgbW91bnQgb3IgZGlyZWN0b3J5IHJlc3BvbnNpYmxlIGZvciBob2xkaW5nIGZpbGVzIAojIGxpa2UgZW52LCBEb2NrZXJmaWxlIGFuZCBhbnkgb3RoZXJzIG5lZWRlZCB0byBzdXBwb3J0IHMyaQpkZWNsYXJlIC1yeCBTMklfR0VORVJBVEVfRElSRUNUT1JZPSIke1MySV9HRU5FUkFURV9ESVJFQ1RPUlk6LS9zMmktZ2VuZXJhdGV9IgoKIyBmdWxsIHBhdGggdG8gdGhlIGNvbnRhaW5lciBmaWxlIGdlbmVyYXRlZCBieSBzMmkKZGVjbGFyZSAtcnggUzJJX0RPQ0tFUkZJTEU9IiR7UzJJX0RPQ0tFUkZJTEU6LSR7UzJJX0dFTkVSQVRFX0RJUkVDVE9SWX0vRG9ja2VyZmlsZS5nZW59IgoKIyBmdWxsIHBhdGggdG8gdGhlIGVudiBmaWxlIHVzZWQgd2l0aCB0aGUgLS1lbnZpcm9ubWVudC1maWxlIHBhcmFtZXRlciBvZiBzMmkKZGVjbGFyZSAtcnggUzJJX0VOVklST05NRU5UX0ZJTEU9IiR7UzJJX0VOVklST05NRU5UX0ZJTEU6LSR7UzJJX0dFTkVSQVRFX0RJUkVDVE9SWX0vZW52fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKZXhwb3J0ZWRfb3JfZmFpbCBcCiAgICBXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIIFwKICAgIFBBUkFNU19JTUFHRQoKIwojIFZlcmJvc2UgT3V0cHV0CiMKCmRlY2xhcmUgLXggUzJJX0xPR0xFVkVMPSIwIgoKaWYgW1sgIiR7UEFSQU1TX1ZFUkJPU0V9IiA9PSAidHJ1ZSIgXV07IHRoZW4KICAgIFMySV9MT0dMRVZFTD0iMiIKICAgIHNldCAteApmaQo=" |base64 -d >"/scripts/s2i-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVXNlcyBzMmkgdG8gZ2VuZXJhdGUgdGhlIHJlcGVzY3RpdmUgQ29udGFpbmVyZmlsZSBiYXNlZCBvbiB0aGUgaW5mb21yZWQgYnVpbGRlci4gVGhlIENvbnRhaW5lcmZpbGUKIyBpcyBzdG9yZWQgb24gYSB0ZW1wb3JhcnkgbG9jYXRpb24uCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvczJpLWNvbW1vbi5zaCIKCiMgczJpIGJ1aWxkZXIgaW1hZ2UgbmFtZSAoZnVsbHkgcXVhbGlmaWVkKQpkZWNsYXJlIC1yeCBTMklfQlVJTERFUl9JTUFHRT0iJHtTMklfQlVJTERFUl9JTUFHRTotfSIKCiMgdGFrZXMgdGhlIHZhbHVlcyBpbiBhcmd1bWVudCBFTlZfVkFSUyBhbmQgY3JlYXRlcyBhbiBhcnJheSB1c2luZyB0aG9zZSB2YWx1ZXMKZGVjbGFyZSAtcmEgRU5WX1ZBUlM9KCR7QH0pCgojIHJlLXVzaW5nIHRoZSBzYW1lIHBhcmFtZXRlcnMgdGhhbiBidWlsZGFoLCBzMmkgbmVlZHMgYnVpbGRhaCBhYmlsaXRpZXMgdG8gY3JlYXRlIHRoZSBmaW5hbAojIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiB3aGF0IHMyaSBnZW5lcmF0ZXMKc291cmNlICIkKGRpcm5hbWUgJHtCQVNIX1NPVVJDRVswXX0pL2J1aWxkYWgtY29tbW9uLnNoIgoKIwojIFByZXBhcmUKIwoKIyBtYWtpbmcgc3VyZSB0aGUgcmVxdWlyZWQgd29ya3NwYWNlICJzb3VyY2UiIGlzIGJvdW5kZWQsIHdoaWNoIG1lYW5zIGl0cyB2b2x1bWUgaXMgY3VycmVudGx5IG1vdW50ZWQKIyBhbmQgcmVhZHkgdG8gdXNlCnBoYXNlICJJbnNwZWN0aW5nIHNvdXJjZSB3b3Jrc3BhY2UgJyR7V09SS1NQQUNFU19TT1VSQ0VfUEFUSH0nIChQV0Q9JyR7UFdEfScpIgpbWyAiJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORH0iICE9ICJ0cnVlIiBdXSAmJgogICAgZmFpbCAiV29ya3NwYWNlICdzb3VyY2UnIGlzIG5vdCBib3VuZGVkIgoKcGhhc2UgIkFwcGVuZGluZyAkUEFSQU1TX0NPTlRFWFQgd2l0aCAkV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBpZiBpdCdzIHJlbGF0aXZlIgpbWyAiJFBBUkFNU19DT05URVhUIiAhPSAiLiIgJiYgIiRQQVJBTVNfQ09OVEVYVCIgIT0gLyogXV0gJiYgCiAgICBQQVJBTVNfQ09OVEVYVD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19DT05URVhUfSIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJBcHBsaWNhdGlvbiBzb3VyY2UgY29kZSBkaXJlY3Rvcnkgbm90IGZvdW5kIGF0ICcke1BBUkFNU19DT05URVhUfSciCgpwaGFzZSAiQWRkaW5nIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdG8gJyR7UzJJX0VOVklST05NRU5UX0ZJTEV9JyIKCiMgYWRkIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdGhhdCBhcmUgc2VudCBhcyBjb21tYW5kIGxpbmUgYXJndW1lbnRzIGZyb20gRU5WX1ZBUlMgcGFyYW1ldGVyCnRvdWNoICIke1MySV9FTlZJUk9OTUVOVF9GSUxFfSIKaWYgWyAkeyNFTlZfVkFSU1tAXX0gLWd0IDAgXTsgdGhlbgogICAgZm9yIGVudl92YXIgaW4gIiR7RU5WX1ZBUlNbQF19IjsgZG8KICAgICAgICBlY2hvICIke2Vudl92YXJ9IiA+PiAiJHtTMklfRU5WSVJPTk1FTlRfRklMRX0iCiAgICBkb25lCmZpCgojCiMgUzJJIEdlbmVyYXRlCiMKCnBoYXNlICJHZW5lcmF0aW5nIHRoZSBEb2NrZXJmaWxlIGZvciBTMkkgYnVpbGRlciBpbWFnZSAnJHtTMklfQlVJTERFUl9JTUFHRX0nIgpzMmkgLS1sb2dsZXZlbCAiJHtTMklfTE9HTEVWRUx9IiBcCiAgICBidWlsZCAiJHtQQVJBTVNfQ09OVEVYVH0iICIke1MySV9CVUlMREVSX0lNQUdFfSIgXAogICAgICAgIC0taW1hZ2Utc2NyaXB0cy11cmwgIiR7UEFSQU1TX0lNQUdFX1NDUklQVFNfVVJMfSIgXAogICAgICAgIC0tYXMtZG9ja2VyZmlsZSAiJHtTMklfRE9DS0VSRklMRX0iIFwKICAgICAgICAtLWVudmlyb25tZW50LWZpbGUgIiR7UzJJX0VOVklST05NRU5UX0ZJTEV9IgoKcGhhc2UgIkluc3BlY3RpbmcgdGhlIERvY2tlcmZpbGUgZ2VuZXJhdGVkIGF0ICcke1MySV9ET0NLRVJGSUxFfSciCltbICEgLWYgIiR7UzJJX0RPQ0tFUkZJTEV9IiBdXSAmJgogICAgZmFpbCAiR2VuZXJhdGVkIERvY2tlcmZpbGUgaXMgbm90IGZvdW5kISIKCnNldCAreApwaGFzZSAiR2VuZXJhdGVkIERvY2tlcmZpbGUgcGF5bG9hZCIKZWNobyAtZW4gIj4+PiAke1MySV9ET0NLRVJGSUxFfVxuJChjYXQgJHtTMklfRE9DS0VSRklMRX0pXG48PDwgRU9GXG4iCg==" |base64 -d >"/scripts/s2i-generate.sh" + ls /scripts/s2i-*.sh; + chmod +x /scripts/s2i-*.sh;echo "Running Script /scripts/s2i-generate.sh"; + /scripts/s2i-generate.sh; + args: + - "$(params.ENV_VARS[*])" + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: s2i-generate-dir + mountPath: /s2i-generate + + - name: s2i-build + image: registry.access.redhat.com/ubi8/buildah:8.10-5 + workingDir: /s2i-generate + command: + - /scripts/s2i-build.sh + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: s2i-generate-dir + mountPath: /s2i-generate + + volumes: + - name: scripts-dir + emptyDir: {} + - name: s2i-generate-dir + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-s2i-python/task-s2i-python-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-s2i-python/task-s2i-python-task.yaml new file mode 100644 index 0000000000..d582427204 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-s2i-python/task-s2i-python-task.yaml @@ -0,0 +1,197 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-s2i-python/0.4.1/task-s2i-python.yaml +# +--- +--- +# Source: task-containers/templates/task-s2i-python.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: s2i-python + labels: + app.kubernetes.io/version: 0.4.1 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-containers" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/categories: containers + tekton.dev/pipelines.minVersion: 0.41.0 + tekton.dev/tags: containers +spec: + description: | + Builds the source code using the s2i's Python builder-image + "image-registry.openshift-image-registry.svc:5000/openshift/python". + + + workspaces: + - name: source + optional: false + description: | + Application source code, the build context for S2I workflow. + - name: dockerconfig + optional: true + description: >- + An optional workspace that allows providing a .docker/config.json file for Buildah to access the container registry. + The file should be placed at the root of the Workspace with name config.json. + + params: + - name: IMAGE + type: string + description: | + Fully qualified container image name to be built by s2i. + - name: VERSION + description: The tag of the imagestream for the corresponding language version + default: latest + type: string + - name: IMAGE_SCRIPTS_URL + type: string + default: image:///usr/libexec/s2i + description: | + Specify a URL containing the default assemble and run scripts for the builder image + - name: ENV_VARS + type: array + default: [] + description: | + Array containing string of Environment Variables as "KEY=VALUE" + - name: CONTEXT + type: string + default: "." + description: | + Path to the directory to use as context. + - name: STORAGE_DRIVER + type: string + default: vfs + description: | + Set buildah storage driver to reflect the currrent cluster node's + settings. + - name: FORMAT + description: The format of the built container, oci or docker + default: "oci" + - name: BUILD_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the build command when building images. + - name: PUSH_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the push command when pushing images. + - name: SKIP_PUSH + default: "false" + description: | + Skip pushing the image to the container registry. + - name: TLS_VERIFY + type: string + default: "true" + description: | + Sets the TLS verification flag, `true` is recommended. + - name: VERBOSE + type: string + default: "false" + description: | + Turns on verbose logging, all commands executed will be printed out. + + results: + - name: IMAGE_URL + description: | + Fully qualified image name. + - name: IMAGE_DIGEST + description: | + Digest of the image just built. + + stepTemplate: + env: + + - name: PARAMS_IMAGE + value: "$(params.IMAGE)" + - name: PARAMS_VERSION + value: "$(params.VERSION)" + - name: PARAMS_IMAGE_SCRIPTS_URL + value: "$(params.IMAGE_SCRIPTS_URL)" + - name: PARAMS_CONTEXT + value: "$(params.CONTEXT)" + - name: PARAMS_FORMAT + value: "$(params.FORMAT)" + - name: PARAMS_STORAGE_DRIVER + value: "$(params.STORAGE_DRIVER)" + - name: PARAMS_BUILD_EXTRA_ARGS + value: "$(params.BUILD_EXTRA_ARGS)" + - name: PARAMS_PUSH_EXTRA_ARGS + value: "$(params.PUSH_EXTRA_ARGS)" + - name: PARAMS_SKIP_PUSH + value: "$(params.SKIP_PUSH)" + - name: PARAMS_TLS_VERIFY + value: "$(params.TLS_VERIFY)" + - name: PARAMS_VERBOSE + value: "$(params.VERBOSE)" + - name: WORKSPACES_SOURCE_BOUND + value: "$(workspaces.source.bound)" + - name: WORKSPACES_SOURCE_PATH + value: "$(workspaces.source.path)" + - name: WORKSPACES_DOCKERCONFIG_BOUND + value: "$(workspaces.dockerconfig.bound)" + - name: WORKSPACES_DOCKERCONFIG_PATH + value: "$(workspaces.dockerconfig.path)" + - name: RESULTS_IMAGE_URL_PATH + value: "$(results.IMAGE_URL.path)" + - name: RESULTS_IMAGE_DIGEST_PATH + value: "$(results.IMAGE_DIGEST.path)" + + steps: + - name: s2i-generate + image: registry.access.redhat.com/source-to-image/source-to-image-rhel8:v1.3.9-6 + workingDir: $(workspaces.source.path) + env: + - name: S2I_BUILDER_IMAGE + value: "image-registry.openshift-image-registry.svc:5000/openshift/python:$(params.VERSION)" + script: | + set -e + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgV3JhcHBlciBhcm91bmQgImJ1aWxkYWggYnVkIiB0byBidWlsZCBhbmQgcHVzaCBhIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiBhIERvY2tlcmZpbGUuCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvYnVpbGRhaC1jb21tb24uc2giCgpmdW5jdGlvbiBfYnVpbGRhaCgpIHsKICAgIGJ1aWxkYWggXAogICAgICAgIC0tc3RvcmFnZS1kcml2ZXI9IiR7UEFSQU1TX1NUT1JBR0VfRFJJVkVSfSIgXAogICAgICAgIC0tdGxzLXZlcmlmeT0iJHtQQVJBTVNfVExTX1ZFUklGWX0iIFwKICAgICAgICAkeyp9Cn0KCiMKIyBQcmVwYXJlCiMKCiMgbWFraW5nIHN1cmUgdGhlIHJlcXVpcmVkIHdvcmtzcGFjZSAic291cmNlIiBpcyBib3VuZGVkLCB3aGljaCBtZWFucyBpdHMgdm9sdW1lIGlzIGN1cnJlbnRseSBtb3VudGVkCiMgYW5kIHJlYWR5IHRvIHVzZQpwaGFzZSAiSW5zcGVjdGluZyBzb3VyY2Ugd29ya3NwYWNlICcke1dPUktTUEFDRVNfU09VUkNFX1BBVEh9JyAoUFdEPScke1BXRH0nKSIKW1sgIiR7V09SS1NQQUNFU19TT1VSQ0VfQk9VTkR9IiAhPSAidHJ1ZSIgXV0gJiYKICAgIGZhaWwgIldvcmtzcGFjZSAnc291cmNlJyBpcyBub3QgYm91bmRlZCIKCnBoYXNlICJBc3NlcnRpbmcgdGhlIGRvY2tlcmZpbGUvY29udGFpbmVyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyBleGlzdHMiCltbICEgLWYgIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgIkRvY2tlcmZpbGUgbm90IGZvdW5kIGF0OiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJDT05URVhUIHBhcmFtIGlzIG5vdCBmb3VuZCBhdCAnJHtQQVJBTVNfQ09OVEVYVH0nLCBvbiBzb3VyY2Ugd29ya3NwYWNlIgoKcGhhc2UgIkJ1aWxkaW5nIGJ1aWxkIGFyZ3MiCkJVSUxEX0FSR1M9KCkKZm9yIGJ1aWxkYXJnIGluICIkQCI7IGRvCiAgICBCVUlMRF9BUkdTKz0oIi0tYnVpbGQtYXJnPSRidWlsZGFyZyIpCmRvbmUKCiMgSGFuZGxlIG9wdGlvbmFsIGRvY2tlcmNvbmZpZyBzZWNyZXQKaWYgW1sgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfQk9VTkR9IiA9PSAidHJ1ZSIgXV07IHRoZW4KCiAgICAjIGlmIGNvbmZpZy5qc29uIGV4aXN0cyBhdCB3b3Jrc3BhY2Ugcm9vdCwgd2UgdXNlIHRoYXQKICAgIGlmIHRlc3QgLWYgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0vY29uZmlnLmpzb24iOyB0aGVuCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0iCgogICAgICAgICMgZWxzZSB3ZSBsb29rIGZvciAuZG9ja2VyY29uZmlnanNvbiBhdCB0aGUgcm9vdAogICAgZWxpZiB0ZXN0IC1mICIke1dPUktTUEFDRVNfRE9DS0VSQ09ORklHX1BBVEh9Ly5kb2NrZXJjb25maWdqc29uIjsgdGhlbgogICAgICAgICMgZW5zdXJlIC5kb2NrZXIgZXhpc3QgYmVmb3JlIHRoZSBjb3B5aW5nIHRoZSBjb250ZW50CiAgICAgICAgaWYgWyAhIC1kICIkSE9NRS8uZG9ja2VyIiBdOyB0aGVuCiAgICAgICAgICAgbWtkaXIgLXAgIiRIT01FLy5kb2NrZXIiCiAgICAgICAgZmkKICAgICAgICBjcCAiJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIfS8uZG9ja2VyY29uZmlnanNvbiIgIiRIT01FLy5kb2NrZXIvY29uZmlnLmpzb24iCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiRIT01FLy5kb2NrZXIiCgogICAgICAgICMgbmVlZCB0byBlcnJvciBvdXQgaWYgbmVpdGhlciBmaWxlcyBhcmUgcHJlc2VudAogICAgZWxzZQogICAgICAgIGVjaG8gIm5laXRoZXIgJ2NvbmZpZy5qc29uJyBub3IgJy5kb2NrZXJjb25maWdqc29uJyBmb3VuZCBhdCB3b3Jrc3BhY2Ugcm9vdCIKICAgICAgICBleGl0IDEKICAgIGZpCmZpCgpFTlRJVExFTUVOVF9WT0xVTUU9IiIKaWYgW1sgIiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX0JPVU5EfSIgPT0gInRydWUiIF1dOyB0aGVuCiAgICBFTlRJVExFTUVOVF9WT0xVTUU9Ii0tdm9sdW1lICR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEh9Oi9ldGMvcGtpL2VudGl0bGVtZW50IgpmaQoKIwojIEJ1aWxkCiMKCnBoYXNlICJCdWlsZGluZyAnJHtQQVJBTVNfSU1BR0V9JyBiYXNlZCBvbiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCltbIC1uICIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX0JVSUxEX0VYVFJBX0FSR1N9JyIKCl9idWlsZGFoIGJ1ZCAke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSBcCiAgICAkRU5USVRMRU1FTlRfVk9MVU1FIFwKICAgICIke0JVSUxEX0FSR1NbQF19IiBcCiAgICAtLWZpbGU9IiR7RE9DS0VSRklMRV9GVUxMfSIgXAogICAgLS10YWc9IiR7UEFSQU1TX0lNQUdFfSIgXAogICAgIiR7UEFSQU1TX0NPTlRFWFR9IgoKaWYgW1sgIiR7UEFSQU1TX1NLSVBfUFVTSH0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgcGhhc2UgIlNraXBwaW5nIHB1c2hpbmcgJyR7UEFSQU1TX0lNQUdFfScgdG8gdGhlIGNvbnRhaW5lciByZWdpc3RyeSEiCiAgICBleGl0IDAKZmkKCiMKIyBQdXNoCiMKCnBoYXNlICJQdXNoaW5nICcke1BBUkFNU19JTUFHRX0nIHRvIHRoZSBjb250YWluZXIgcmVnaXN0cnkiCgpbWyAtbiAiJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX1BVU0hfRVhUUkFfQVJHU30nIgoKIyB0ZW1wb3JhcnkgZmlsZSB0byBzdG9yZSB0aGUgaW1hZ2UgZGlnZXN0LCBpbmZvcm1hdGlvbiBvbmx5IG9idGFpbmVkIGFmdGVyIHB1c2hpbmcgdGhlIGltYWdlIHRvIHRoZQojIGNvbnRhaW5lciByZWdpc3RyeQpkZWNsYXJlIC1yIGRpZ2VzdF9maWxlPSIvdG1wL2J1aWxkYWgtZGlnZXN0LnR4dCIKCl9idWlsZGFoIHB1c2ggJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSBcCiAgICAtLWRpZ2VzdGZpbGU9IiR7ZGlnZXN0X2ZpbGV9IiBcCiAgICAiJHtQQVJBTVNfSU1BR0V9IiBcCiAgICAiZG9ja2VyOi8vJHtQQVJBTVNfSU1BR0V9IgoKIwojIFJlc3VsdHMKIwoKcGhhc2UgIkluc3BlY3RpbmcgZGlnZXN0IHJlcG9ydCAoJyR7ZGlnZXN0X2ZpbGV9JykiCgpbWyAhIC1yICIke2RpZ2VzdF9maWxlfSIgXV0gJiYKICAgIGZhaWwgIlVuYWJsZSB0byBmaW5kIGRpZ2VzdC1maWxlIGF0ICcke2RpZ2VzdF9maWxlfSciCgpkZWNsYXJlIC1yIGRpZ2VzdF9zdW09IiQoY2F0ICR7ZGlnZXN0X2ZpbGV9KSIKCltbIC16ICIke2RpZ2VzdF9zdW19IiBdXSAmJgogICAgZmFpbCAiRGlnZXN0IGZpbGUgJyR7ZGlnZXN0X2ZpbGV9JyBpcyBlbXB0eSEiCgpwaGFzZSAiU3VjY2Vzc2Z1bHkgYnVpbHQgY29udGFpbmVyIGltYWdlICcke1BBUkFNU19JTUFHRX0nICgnJHtkaWdlc3Rfc3VtfScpIgplY2hvIC1uICIke1BBUkFNU19JTUFHRX0iIHwgdGVlICR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSH0KZWNobyAtbiAiJHtkaWdlc3Rfc3VtfSIgfCB0ZWUgJHtSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIfQo=" |base64 -d >"/scripts/buildah-bud.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKZGVjbGFyZSAtcnggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKZGVjbGFyZSAtcnggUEFSQU1TX0RPQ0tFUkZJTEU9IiR7UEFSQU1TX0RPQ0tFUkZJTEU6LX0iCmRlY2xhcmUgLXggUEFSQU1TX0NPTlRFWFQ9IiR7UEFSQU1TX0NPTlRFWFQ6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TVE9SQUdFX0RSSVZFUj0iJHtQQVJBTVNfU1RPUkFHRV9EUklWRVI6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19CVUlMRF9FWFRSQV9BUkdTPSIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTOi19IgpkZWNsYXJlIC1yeCBQQVJBTVNfUFVTSF9FWFRSQV9BUkdTPSIke1BBUkFNU19QVVNIX0VYVFJBX0FSR1M6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TS0lQX1BVU0g9IiR7UEFSQU1TX1NLSVBfUFVTSDotfSIKZGVjbGFyZSAtcnggUEFSQU1TX1RMU19WRVJJRlk9IiR7UEFSQU1TX1RMU19WRVJJRlk6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19WRVJCT1NFPSIke1BBUkFNU19WRVJCT1NFOi19IgoKZGVjbGFyZSAtcnggV09SS1NQQUNFU19TT1VSQ0VfUEFUSD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg9IiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFdPUktTUEFDRVNfUkhFTF9FTlRJVExFTUVOVF9CT1VORD0iJHtXT1JLU1BBQ0VTX1JIRUxfRU5USVRMRU1FTlRfQk9VTkQ6LX0iCgpkZWNsYXJlIC1yeCBSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIPSIke1JFU1VMVFNfSU1BR0VfRElHRVNUX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFJFU1VMVFNfSU1BR0VfVVJMX1BBVEg9IiR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSDotfSIKCiMKIyBEb2NrZXJmaWxlCiMKCiMgZXhwb3NpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUsIHdoaWNoIGJ5IGRlZmF1bHQgc2hvdWxkIGJlIHJlbGF0aXZlIHRvIHRoZSBwcmltYXJ5CiMgd29ya3NwYWNlLCB0byByZWNlaXZlIGEgZGlmZmVyZW50IGNvbnRhaW5lci1maWxlIGxvY2F0aW9uCmRlY2xhcmUgLXIgZG9ja2VyZmlsZV9vbl93cz0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19ET0NLRVJGSUxFfSIKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7RE9DS0VSRklMRV9GVUxMOi0ke2RvY2tlcmZpbGVfb25fd3N9fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKW1sgLXogIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgInVuYWJsZSB0byBmaW5kIHRoZSBEb2NrZXJmaWxlLCBET0NLRVJGSUxFIG1heSBoYXZlIGFuIGluY29ycmVjdCBsb2NhdGlvbiIKCmV4cG9ydGVkX29yX2ZhaWwgXAogICAgV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBcCiAgICBQQVJBTVNfSU1BR0UKCiMKIyBWZXJib3NlIE91dHB1dAojCgppZiBbWyAiJHtQQVJBTVNfVkVSQk9TRX0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgc2V0IC14CmZpCg==" |base64 -d >"/scripts/buildah-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + ls /scripts/buildah-*.sh; + chmod +x /scripts/buildah-*.sh; + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVXNlcyB0aGUgRG9ja2VyZmlsZSBnZW5lcmF0ZWQgYnkgczJpIHRvIGFzc2VtYmxlIGEgbmV3IGNvbnRhaW5lciBpbWFnZSB1c2luZyBidWlsZGFoLgojCgpzaG9wdCAtcyBpbmhlcml0X2VycmV4aXQKc2V0IC1ldSAtbyBwaXBlZmFpbAoKZGVjbGFyZSAtciBjdXJfZGlyPSIkKGRpcm5hbWUgJHtCQVNIX1NPVVJDRVswXX0pIgoKc291cmNlICIke2N1cl9kaXJ9L2NvbW1vbi5zaCIKc291cmNlICIke2N1cl9kaXJ9L3MyaS1jb21tb24uc2giCgojIGxvYWRpbmcgYnVpbGRhaCBzZXR0aW5ncyBvdmVyd3JpdHRpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7UzJJX0RPQ0tFUkZJTEV9Igpzb3VyY2UgIiR7Y3VyX2Rpcn0vYnVpbGRhaC1jb21tb24uc2giCgpwaGFzZSAiQ2hhbmdpbmcgJFBBUkFNU19DT05URVhUIHRvIHBvaW50IHRvIHByZXNlbnQgd29ya2luZyBkaXJlY3RvcnkiCltbICIkUEFSQU1TX0NPTlRFWFQiICE9ICIuIiBdXSAmJiAKICAgIFBBUkFNU19DT05URVhUPSIuIgoKcGhhc2UgIkluc3BlY3RpbmcgY29udGV4dCAnJHtQQVJBTVNfQ09OVEVYVH0nIgpbWyAhIC1kICIke1BBUkFNU19DT05URVhUfSIgXV0gJiYKICAgIGZhaWwgIkFwcGxpY2F0aW9uIHNvdXJjZSBjb2RlIGRpcmVjdG9yeSBub3QgZm91bmQgYXQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKCnBoYXNlICJCdWlsZGluZyB0aGUgRG9ja2VyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyB3aXRoIGJ1aWxkYWgiCmV4ZWMgJHtjdXJfZGlyfS9idWlsZGFoLWJ1ZC5zaAo=" |base64 -d >"/scripts/s2i-build.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0YXJnZXQgaW1hZ2UgbmFtZSAoZnVsbHkgcXVhbGlmaWVkKSB0byBiZSBidWlsZCB3aXRoIHMyaSwgcmVkZWNsYXJpbmcgdGhlIHNhbWUgcGFyYW1ldGVyIG5hbWUgdGhhbgojIGJ1aWxkYWggdGFzayB1c2VzCmRlY2xhcmUgLXggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKIyBTcGVjaWZ5IGEgVVJMIGNvbnRhaW5pbmcgdGhlIGRlZmF1bHQgYXNzZW1ibGUgYW5kIHJ1biBzY3JpcHRzIGZvciB0aGUgYnVpbGRlciBpbWFnZQpkZWNsYXJlIC1yeCBQQVJBTVNfSU1BR0VfU0NSSVBUU19VUkw9IiR7UEFSQU1TX0lNQUdFX1NDUklQVFNfVVJMOi19IgoKIyB2b2x1bWUgbW91bnQgb3IgZGlyZWN0b3J5IHJlc3BvbnNpYmxlIGZvciBob2xkaW5nIGZpbGVzIAojIGxpa2UgZW52LCBEb2NrZXJmaWxlIGFuZCBhbnkgb3RoZXJzIG5lZWRlZCB0byBzdXBwb3J0IHMyaQpkZWNsYXJlIC1yeCBTMklfR0VORVJBVEVfRElSRUNUT1JZPSIke1MySV9HRU5FUkFURV9ESVJFQ1RPUlk6LS9zMmktZ2VuZXJhdGV9IgoKIyBmdWxsIHBhdGggdG8gdGhlIGNvbnRhaW5lciBmaWxlIGdlbmVyYXRlZCBieSBzMmkKZGVjbGFyZSAtcnggUzJJX0RPQ0tFUkZJTEU9IiR7UzJJX0RPQ0tFUkZJTEU6LSR7UzJJX0dFTkVSQVRFX0RJUkVDVE9SWX0vRG9ja2VyZmlsZS5nZW59IgoKIyBmdWxsIHBhdGggdG8gdGhlIGVudiBmaWxlIHVzZWQgd2l0aCB0aGUgLS1lbnZpcm9ubWVudC1maWxlIHBhcmFtZXRlciBvZiBzMmkKZGVjbGFyZSAtcnggUzJJX0VOVklST05NRU5UX0ZJTEU9IiR7UzJJX0VOVklST05NRU5UX0ZJTEU6LSR7UzJJX0dFTkVSQVRFX0RJUkVDVE9SWX0vZW52fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKZXhwb3J0ZWRfb3JfZmFpbCBcCiAgICBXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIIFwKICAgIFBBUkFNU19JTUFHRQoKIwojIFZlcmJvc2UgT3V0cHV0CiMKCmRlY2xhcmUgLXggUzJJX0xPR0xFVkVMPSIwIgoKaWYgW1sgIiR7UEFSQU1TX1ZFUkJPU0V9IiA9PSAidHJ1ZSIgXV07IHRoZW4KICAgIFMySV9MT0dMRVZFTD0iMiIKICAgIHNldCAteApmaQo=" |base64 -d >"/scripts/s2i-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVXNlcyBzMmkgdG8gZ2VuZXJhdGUgdGhlIHJlcGVzY3RpdmUgQ29udGFpbmVyZmlsZSBiYXNlZCBvbiB0aGUgaW5mb21yZWQgYnVpbGRlci4gVGhlIENvbnRhaW5lcmZpbGUKIyBpcyBzdG9yZWQgb24gYSB0ZW1wb3JhcnkgbG9jYXRpb24uCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvczJpLWNvbW1vbi5zaCIKCiMgczJpIGJ1aWxkZXIgaW1hZ2UgbmFtZSAoZnVsbHkgcXVhbGlmaWVkKQpkZWNsYXJlIC1yeCBTMklfQlVJTERFUl9JTUFHRT0iJHtTMklfQlVJTERFUl9JTUFHRTotfSIKCiMgdGFrZXMgdGhlIHZhbHVlcyBpbiBhcmd1bWVudCBFTlZfVkFSUyBhbmQgY3JlYXRlcyBhbiBhcnJheSB1c2luZyB0aG9zZSB2YWx1ZXMKZGVjbGFyZSAtcmEgRU5WX1ZBUlM9KCR7QH0pCgojIHJlLXVzaW5nIHRoZSBzYW1lIHBhcmFtZXRlcnMgdGhhbiBidWlsZGFoLCBzMmkgbmVlZHMgYnVpbGRhaCBhYmlsaXRpZXMgdG8gY3JlYXRlIHRoZSBmaW5hbAojIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiB3aGF0IHMyaSBnZW5lcmF0ZXMKc291cmNlICIkKGRpcm5hbWUgJHtCQVNIX1NPVVJDRVswXX0pL2J1aWxkYWgtY29tbW9uLnNoIgoKIwojIFByZXBhcmUKIwoKIyBtYWtpbmcgc3VyZSB0aGUgcmVxdWlyZWQgd29ya3NwYWNlICJzb3VyY2UiIGlzIGJvdW5kZWQsIHdoaWNoIG1lYW5zIGl0cyB2b2x1bWUgaXMgY3VycmVudGx5IG1vdW50ZWQKIyBhbmQgcmVhZHkgdG8gdXNlCnBoYXNlICJJbnNwZWN0aW5nIHNvdXJjZSB3b3Jrc3BhY2UgJyR7V09SS1NQQUNFU19TT1VSQ0VfUEFUSH0nIChQV0Q9JyR7UFdEfScpIgpbWyAiJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORH0iICE9ICJ0cnVlIiBdXSAmJgogICAgZmFpbCAiV29ya3NwYWNlICdzb3VyY2UnIGlzIG5vdCBib3VuZGVkIgoKcGhhc2UgIkFwcGVuZGluZyAkUEFSQU1TX0NPTlRFWFQgd2l0aCAkV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBpZiBpdCdzIHJlbGF0aXZlIgpbWyAiJFBBUkFNU19DT05URVhUIiAhPSAiLiIgJiYgIiRQQVJBTVNfQ09OVEVYVCIgIT0gLyogXV0gJiYgCiAgICBQQVJBTVNfQ09OVEVYVD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19DT05URVhUfSIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJBcHBsaWNhdGlvbiBzb3VyY2UgY29kZSBkaXJlY3Rvcnkgbm90IGZvdW5kIGF0ICcke1BBUkFNU19DT05URVhUfSciCgpwaGFzZSAiQWRkaW5nIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdG8gJyR7UzJJX0VOVklST05NRU5UX0ZJTEV9JyIKCiMgYWRkIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdGhhdCBhcmUgc2VudCBhcyBjb21tYW5kIGxpbmUgYXJndW1lbnRzIGZyb20gRU5WX1ZBUlMgcGFyYW1ldGVyCnRvdWNoICIke1MySV9FTlZJUk9OTUVOVF9GSUxFfSIKaWYgWyAkeyNFTlZfVkFSU1tAXX0gLWd0IDAgXTsgdGhlbgogICAgZm9yIGVudl92YXIgaW4gIiR7RU5WX1ZBUlNbQF19IjsgZG8KICAgICAgICBlY2hvICIke2Vudl92YXJ9IiA+PiAiJHtTMklfRU5WSVJPTk1FTlRfRklMRX0iCiAgICBkb25lCmZpCgojCiMgUzJJIEdlbmVyYXRlCiMKCnBoYXNlICJHZW5lcmF0aW5nIHRoZSBEb2NrZXJmaWxlIGZvciBTMkkgYnVpbGRlciBpbWFnZSAnJHtTMklfQlVJTERFUl9JTUFHRX0nIgpzMmkgLS1sb2dsZXZlbCAiJHtTMklfTE9HTEVWRUx9IiBcCiAgICBidWlsZCAiJHtQQVJBTVNfQ09OVEVYVH0iICIke1MySV9CVUlMREVSX0lNQUdFfSIgXAogICAgICAgIC0taW1hZ2Utc2NyaXB0cy11cmwgIiR7UEFSQU1TX0lNQUdFX1NDUklQVFNfVVJMfSIgXAogICAgICAgIC0tYXMtZG9ja2VyZmlsZSAiJHtTMklfRE9DS0VSRklMRX0iIFwKICAgICAgICAtLWVudmlyb25tZW50LWZpbGUgIiR7UzJJX0VOVklST05NRU5UX0ZJTEV9IgoKcGhhc2UgIkluc3BlY3RpbmcgdGhlIERvY2tlcmZpbGUgZ2VuZXJhdGVkIGF0ICcke1MySV9ET0NLRVJGSUxFfSciCltbICEgLWYgIiR7UzJJX0RPQ0tFUkZJTEV9IiBdXSAmJgogICAgZmFpbCAiR2VuZXJhdGVkIERvY2tlcmZpbGUgaXMgbm90IGZvdW5kISIKCnNldCAreApwaGFzZSAiR2VuZXJhdGVkIERvY2tlcmZpbGUgcGF5bG9hZCIKZWNobyAtZW4gIj4+PiAke1MySV9ET0NLRVJGSUxFfVxuJChjYXQgJHtTMklfRE9DS0VSRklMRX0pXG48PDwgRU9GXG4iCg==" |base64 -d >"/scripts/s2i-generate.sh" + ls /scripts/s2i-*.sh; + chmod +x /scripts/s2i-*.sh;echo "Running Script /scripts/s2i-generate.sh"; + /scripts/s2i-generate.sh; + args: + - "$(params.ENV_VARS[*])" + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: s2i-generate-dir + mountPath: /s2i-generate + + - name: s2i-build + image: registry.access.redhat.com/ubi8/buildah:8.10-5 + workingDir: /s2i-generate + command: + - /scripts/s2i-build.sh + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: s2i-generate-dir + mountPath: /s2i-generate + + volumes: + - name: scripts-dir + emptyDir: {} + - name: s2i-generate-dir + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-s2i-ruby/task-s2i-ruby-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-s2i-ruby/task-s2i-ruby-task.yaml new file mode 100644 index 0000000000..82cebba7b5 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-s2i-ruby/task-s2i-ruby-task.yaml @@ -0,0 +1,197 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-s2i-ruby/0.4.1/task-s2i-ruby.yaml +# +--- +--- +# Source: task-containers/templates/task-s2i-ruby.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: s2i-ruby + labels: + app.kubernetes.io/version: 0.4.1 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-containers" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/categories: containers + tekton.dev/pipelines.minVersion: 0.41.0 + tekton.dev/tags: containers +spec: + description: | + Builds the source code using the s2i's Ruby builder-image + "image-registry.openshift-image-registry.svc:5000/openshift/ruby". + + + workspaces: + - name: source + optional: false + description: | + Application source code, the build context for S2I workflow. + - name: dockerconfig + optional: true + description: >- + An optional workspace that allows providing a .docker/config.json file for Buildah to access the container registry. + The file should be placed at the root of the Workspace with name config.json. + + params: + - name: IMAGE + type: string + description: | + Fully qualified container image name to be built by s2i. + - name: VERSION + description: The tag of the imagestream for the corresponding language version + default: latest + type: string + - name: IMAGE_SCRIPTS_URL + type: string + default: image:///usr/libexec/s2i + description: | + Specify a URL containing the default assemble and run scripts for the builder image + - name: ENV_VARS + type: array + default: [] + description: | + Array containing string of Environment Variables as "KEY=VALUE" + - name: CONTEXT + type: string + default: "." + description: | + Path to the directory to use as context. + - name: STORAGE_DRIVER + type: string + default: vfs + description: | + Set buildah storage driver to reflect the currrent cluster node's + settings. + - name: FORMAT + description: The format of the built container, oci or docker + default: "oci" + - name: BUILD_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the build command when building images. + - name: PUSH_EXTRA_ARGS + type: string + default: "" + description: | + Extra parameters passed for the push command when pushing images. + - name: SKIP_PUSH + default: "false" + description: | + Skip pushing the image to the container registry. + - name: TLS_VERIFY + type: string + default: "true" + description: | + Sets the TLS verification flag, `true` is recommended. + - name: VERBOSE + type: string + default: "false" + description: | + Turns on verbose logging, all commands executed will be printed out. + + results: + - name: IMAGE_URL + description: | + Fully qualified image name. + - name: IMAGE_DIGEST + description: | + Digest of the image just built. + + stepTemplate: + env: + + - name: PARAMS_IMAGE + value: "$(params.IMAGE)" + - name: PARAMS_VERSION + value: "$(params.VERSION)" + - name: PARAMS_IMAGE_SCRIPTS_URL + value: "$(params.IMAGE_SCRIPTS_URL)" + - name: PARAMS_CONTEXT + value: "$(params.CONTEXT)" + - name: PARAMS_FORMAT + value: "$(params.FORMAT)" + - name: PARAMS_STORAGE_DRIVER + value: "$(params.STORAGE_DRIVER)" + - name: PARAMS_BUILD_EXTRA_ARGS + value: "$(params.BUILD_EXTRA_ARGS)" + - name: PARAMS_PUSH_EXTRA_ARGS + value: "$(params.PUSH_EXTRA_ARGS)" + - name: PARAMS_SKIP_PUSH + value: "$(params.SKIP_PUSH)" + - name: PARAMS_TLS_VERIFY + value: "$(params.TLS_VERIFY)" + - name: PARAMS_VERBOSE + value: "$(params.VERBOSE)" + - name: WORKSPACES_SOURCE_BOUND + value: "$(workspaces.source.bound)" + - name: WORKSPACES_SOURCE_PATH + value: "$(workspaces.source.path)" + - name: WORKSPACES_DOCKERCONFIG_BOUND + value: "$(workspaces.dockerconfig.bound)" + - name: WORKSPACES_DOCKERCONFIG_PATH + value: "$(workspaces.dockerconfig.path)" + - name: RESULTS_IMAGE_URL_PATH + value: "$(results.IMAGE_URL.path)" + - name: RESULTS_IMAGE_DIGEST_PATH + value: "$(results.IMAGE_DIGEST.path)" + + steps: + - name: s2i-generate + image: registry.access.redhat.com/source-to-image/source-to-image-rhel8:v1.3.9-6 + workingDir: $(workspaces.source.path) + env: + - name: S2I_BUILDER_IMAGE + value: "image-registry.openshift-image-registry.svc:5000/openshift/ruby:$(params.VERSION)" + script: | + set -e + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgV3JhcHBlciBhcm91bmQgImJ1aWxkYWggYnVkIiB0byBidWlsZCBhbmQgcHVzaCBhIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiBhIERvY2tlcmZpbGUuCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvYnVpbGRhaC1jb21tb24uc2giCgpmdW5jdGlvbiBfYnVpbGRhaCgpIHsKICAgIGJ1aWxkYWggXAogICAgICAgIC0tc3RvcmFnZS1kcml2ZXI9IiR7UEFSQU1TX1NUT1JBR0VfRFJJVkVSfSIgXAogICAgICAgIC0tdGxzLXZlcmlmeT0iJHtQQVJBTVNfVExTX1ZFUklGWX0iIFwKICAgICAgICAkeyp9Cn0KCiMKIyBQcmVwYXJlCiMKCiMgbWFraW5nIHN1cmUgdGhlIHJlcXVpcmVkIHdvcmtzcGFjZSAic291cmNlIiBpcyBib3VuZGVkLCB3aGljaCBtZWFucyBpdHMgdm9sdW1lIGlzIGN1cnJlbnRseSBtb3VudGVkCiMgYW5kIHJlYWR5IHRvIHVzZQpwaGFzZSAiSW5zcGVjdGluZyBzb3VyY2Ugd29ya3NwYWNlICcke1dPUktTUEFDRVNfU09VUkNFX1BBVEh9JyAoUFdEPScke1BXRH0nKSIKW1sgIiR7V09SS1NQQUNFU19TT1VSQ0VfQk9VTkR9IiAhPSAidHJ1ZSIgXV0gJiYKICAgIGZhaWwgIldvcmtzcGFjZSAnc291cmNlJyBpcyBub3QgYm91bmRlZCIKCnBoYXNlICJBc3NlcnRpbmcgdGhlIGRvY2tlcmZpbGUvY29udGFpbmVyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyBleGlzdHMiCltbICEgLWYgIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgIkRvY2tlcmZpbGUgbm90IGZvdW5kIGF0OiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJDT05URVhUIHBhcmFtIGlzIG5vdCBmb3VuZCBhdCAnJHtQQVJBTVNfQ09OVEVYVH0nLCBvbiBzb3VyY2Ugd29ya3NwYWNlIgoKcGhhc2UgIkJ1aWxkaW5nIGJ1aWxkIGFyZ3MiCkJVSUxEX0FSR1M9KCkKZm9yIGJ1aWxkYXJnIGluICIkQCI7IGRvCiAgICBCVUlMRF9BUkdTKz0oIi0tYnVpbGQtYXJnPSRidWlsZGFyZyIpCmRvbmUKCiMgSGFuZGxlIG9wdGlvbmFsIGRvY2tlcmNvbmZpZyBzZWNyZXQKaWYgW1sgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfQk9VTkR9IiA9PSAidHJ1ZSIgXV07IHRoZW4KCiAgICAjIGlmIGNvbmZpZy5qc29uIGV4aXN0cyBhdCB3b3Jrc3BhY2Ugcm9vdCwgd2UgdXNlIHRoYXQKICAgIGlmIHRlc3QgLWYgIiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0vY29uZmlnLmpzb24iOyB0aGVuCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiR7V09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSH0iCgogICAgICAgICMgZWxzZSB3ZSBsb29rIGZvciAuZG9ja2VyY29uZmlnanNvbiBhdCB0aGUgcm9vdAogICAgZWxpZiB0ZXN0IC1mICIke1dPUktTUEFDRVNfRE9DS0VSQ09ORklHX1BBVEh9Ly5kb2NrZXJjb25maWdqc29uIjsgdGhlbgogICAgICAgICMgZW5zdXJlIC5kb2NrZXIgZXhpc3QgYmVmb3JlIHRoZSBjb3B5aW5nIHRoZSBjb250ZW50CiAgICAgICAgaWYgWyAhIC1kICIkSE9NRS8uZG9ja2VyIiBdOyB0aGVuCiAgICAgICAgICAgbWtkaXIgLXAgIiRIT01FLy5kb2NrZXIiCiAgICAgICAgZmkKICAgICAgICBjcCAiJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIfS8uZG9ja2VyY29uZmlnanNvbiIgIiRIT01FLy5kb2NrZXIvY29uZmlnLmpzb24iCiAgICAgICAgZXhwb3J0IERPQ0tFUl9DT05GSUc9IiRIT01FLy5kb2NrZXIiCgogICAgICAgICMgbmVlZCB0byBlcnJvciBvdXQgaWYgbmVpdGhlciBmaWxlcyBhcmUgcHJlc2VudAogICAgZWxzZQogICAgICAgIGVjaG8gIm5laXRoZXIgJ2NvbmZpZy5qc29uJyBub3IgJy5kb2NrZXJjb25maWdqc29uJyBmb3VuZCBhdCB3b3Jrc3BhY2Ugcm9vdCIKICAgICAgICBleGl0IDEKICAgIGZpCmZpCgpFTlRJVExFTUVOVF9WT0xVTUU9IiIKaWYgW1sgIiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX0JPVU5EfSIgPT0gInRydWUiIF1dOyB0aGVuCiAgICBFTlRJVExFTUVOVF9WT0xVTUU9Ii0tdm9sdW1lICR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEh9Oi9ldGMvcGtpL2VudGl0bGVtZW50IgpmaQoKIwojIEJ1aWxkCiMKCnBoYXNlICJCdWlsZGluZyAnJHtQQVJBTVNfSU1BR0V9JyBiYXNlZCBvbiAnJHtET0NLRVJGSUxFX0ZVTEx9JyIKCltbIC1uICIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX0JVSUxEX0VYVFJBX0FSR1N9JyIKCl9idWlsZGFoIGJ1ZCAke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTfSBcCiAgICAkRU5USVRMRU1FTlRfVk9MVU1FIFwKICAgICIke0JVSUxEX0FSR1NbQF19IiBcCiAgICAtLWZpbGU9IiR7RE9DS0VSRklMRV9GVUxMfSIgXAogICAgLS10YWc9IiR7UEFSQU1TX0lNQUdFfSIgXAogICAgIiR7UEFSQU1TX0NPTlRFWFR9IgoKaWYgW1sgIiR7UEFSQU1TX1NLSVBfUFVTSH0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgcGhhc2UgIlNraXBwaW5nIHB1c2hpbmcgJyR7UEFSQU1TX0lNQUdFfScgdG8gdGhlIGNvbnRhaW5lciByZWdpc3RyeSEiCiAgICBleGl0IDAKZmkKCiMKIyBQdXNoCiMKCnBoYXNlICJQdXNoaW5nICcke1BBUkFNU19JTUFHRX0nIHRvIHRoZSBjb250YWluZXIgcmVnaXN0cnkiCgpbWyAtbiAiJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSIgXV0gJiYKICAgIHBoYXNlICJFeHRyYSAnYnVpbGRhaCBidWQnIGFyZ3VtZW50cyBpbmZvcm1lZDogJyR7UEFSQU1TX1BVU0hfRVhUUkFfQVJHU30nIgoKIyB0ZW1wb3JhcnkgZmlsZSB0byBzdG9yZSB0aGUgaW1hZ2UgZGlnZXN0LCBpbmZvcm1hdGlvbiBvbmx5IG9idGFpbmVkIGFmdGVyIHB1c2hpbmcgdGhlIGltYWdlIHRvIHRoZQojIGNvbnRhaW5lciByZWdpc3RyeQpkZWNsYXJlIC1yIGRpZ2VzdF9maWxlPSIvdG1wL2J1aWxkYWgtZGlnZXN0LnR4dCIKCl9idWlsZGFoIHB1c2ggJHtQQVJBTVNfUFVTSF9FWFRSQV9BUkdTfSBcCiAgICAtLWRpZ2VzdGZpbGU9IiR7ZGlnZXN0X2ZpbGV9IiBcCiAgICAiJHtQQVJBTVNfSU1BR0V9IiBcCiAgICAiZG9ja2VyOi8vJHtQQVJBTVNfSU1BR0V9IgoKIwojIFJlc3VsdHMKIwoKcGhhc2UgIkluc3BlY3RpbmcgZGlnZXN0IHJlcG9ydCAoJyR7ZGlnZXN0X2ZpbGV9JykiCgpbWyAhIC1yICIke2RpZ2VzdF9maWxlfSIgXV0gJiYKICAgIGZhaWwgIlVuYWJsZSB0byBmaW5kIGRpZ2VzdC1maWxlIGF0ICcke2RpZ2VzdF9maWxlfSciCgpkZWNsYXJlIC1yIGRpZ2VzdF9zdW09IiQoY2F0ICR7ZGlnZXN0X2ZpbGV9KSIKCltbIC16ICIke2RpZ2VzdF9zdW19IiBdXSAmJgogICAgZmFpbCAiRGlnZXN0IGZpbGUgJyR7ZGlnZXN0X2ZpbGV9JyBpcyBlbXB0eSEiCgpwaGFzZSAiU3VjY2Vzc2Z1bHkgYnVpbHQgY29udGFpbmVyIGltYWdlICcke1BBUkFNU19JTUFHRX0nICgnJHtkaWdlc3Rfc3VtfScpIgplY2hvIC1uICIke1BBUkFNU19JTUFHRX0iIHwgdGVlICR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSH0KZWNobyAtbiAiJHtkaWdlc3Rfc3VtfSIgfCB0ZWUgJHtSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIfQo=" |base64 -d >"/scripts/buildah-bud.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKZGVjbGFyZSAtcnggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKZGVjbGFyZSAtcnggUEFSQU1TX0RPQ0tFUkZJTEU9IiR7UEFSQU1TX0RPQ0tFUkZJTEU6LX0iCmRlY2xhcmUgLXggUEFSQU1TX0NPTlRFWFQ9IiR7UEFSQU1TX0NPTlRFWFQ6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TVE9SQUdFX0RSSVZFUj0iJHtQQVJBTVNfU1RPUkFHRV9EUklWRVI6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19CVUlMRF9FWFRSQV9BUkdTPSIke1BBUkFNU19CVUlMRF9FWFRSQV9BUkdTOi19IgpkZWNsYXJlIC1yeCBQQVJBTVNfUFVTSF9FWFRSQV9BUkdTPSIke1BBUkFNU19QVVNIX0VYVFJBX0FSR1M6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19TS0lQX1BVU0g9IiR7UEFSQU1TX1NLSVBfUFVTSDotfSIKZGVjbGFyZSAtcnggUEFSQU1TX1RMU19WRVJJRlk9IiR7UEFSQU1TX1RMU19WRVJJRlk6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19WRVJCT1NFPSIke1BBUkFNU19WRVJCT1NFOi19IgoKZGVjbGFyZSAtcnggV09SS1NQQUNFU19TT1VSQ0VfUEFUSD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19ET0NLRVJDT05GSUdfUEFUSD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORD0iJHtXT1JLU1BBQ0VTX0RPQ0tFUkNPTkZJR19CT1VORDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg9IiR7V09SS1NQQUNFU19SSEVMX0VOVElUTEVNRU5UX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFdPUktTUEFDRVNfUkhFTF9FTlRJVExFTUVOVF9CT1VORD0iJHtXT1JLU1BBQ0VTX1JIRUxfRU5USVRMRU1FTlRfQk9VTkQ6LX0iCgpkZWNsYXJlIC1yeCBSRVNVTFRTX0lNQUdFX0RJR0VTVF9QQVRIPSIke1JFU1VMVFNfSU1BR0VfRElHRVNUX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFJFU1VMVFNfSU1BR0VfVVJMX1BBVEg9IiR7UkVTVUxUU19JTUFHRV9VUkxfUEFUSDotfSIKCiMKIyBEb2NrZXJmaWxlCiMKCiMgZXhwb3NpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUsIHdoaWNoIGJ5IGRlZmF1bHQgc2hvdWxkIGJlIHJlbGF0aXZlIHRvIHRoZSBwcmltYXJ5CiMgd29ya3NwYWNlLCB0byByZWNlaXZlIGEgZGlmZmVyZW50IGNvbnRhaW5lci1maWxlIGxvY2F0aW9uCmRlY2xhcmUgLXIgZG9ja2VyZmlsZV9vbl93cz0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19ET0NLRVJGSUxFfSIKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7RE9DS0VSRklMRV9GVUxMOi0ke2RvY2tlcmZpbGVfb25fd3N9fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKW1sgLXogIiR7RE9DS0VSRklMRV9GVUxMfSIgXV0gJiYKICAgIGZhaWwgInVuYWJsZSB0byBmaW5kIHRoZSBEb2NrZXJmaWxlLCBET0NLRVJGSUxFIG1heSBoYXZlIGFuIGluY29ycmVjdCBsb2NhdGlvbiIKCmV4cG9ydGVkX29yX2ZhaWwgXAogICAgV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBcCiAgICBQQVJBTVNfSU1BR0UKCiMKIyBWZXJib3NlIE91dHB1dAojCgppZiBbWyAiJHtQQVJBTVNfVkVSQk9TRX0iID09ICJ0cnVlIiBdXTsgdGhlbgogICAgc2V0IC14CmZpCg==" |base64 -d >"/scripts/buildah-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + ls /scripts/buildah-*.sh; + chmod +x /scripts/buildah-*.sh; + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVXNlcyB0aGUgRG9ja2VyZmlsZSBnZW5lcmF0ZWQgYnkgczJpIHRvIGFzc2VtYmxlIGEgbmV3IGNvbnRhaW5lciBpbWFnZSB1c2luZyBidWlsZGFoLgojCgpzaG9wdCAtcyBpbmhlcml0X2VycmV4aXQKc2V0IC1ldSAtbyBwaXBlZmFpbAoKZGVjbGFyZSAtciBjdXJfZGlyPSIkKGRpcm5hbWUgJHtCQVNIX1NPVVJDRVswXX0pIgoKc291cmNlICIke2N1cl9kaXJ9L2NvbW1vbi5zaCIKc291cmNlICIke2N1cl9kaXJ9L3MyaS1jb21tb24uc2giCgojIGxvYWRpbmcgYnVpbGRhaCBzZXR0aW5ncyBvdmVyd3JpdHRpbmcgdGhlIGZ1bGwgcGF0aCB0byB0aGUgY29udGFpbmVyIGZpbGUKZGVjbGFyZSAteCBET0NLRVJGSUxFX0ZVTEw9IiR7UzJJX0RPQ0tFUkZJTEV9Igpzb3VyY2UgIiR7Y3VyX2Rpcn0vYnVpbGRhaC1jb21tb24uc2giCgpwaGFzZSAiQ2hhbmdpbmcgJFBBUkFNU19DT05URVhUIHRvIHBvaW50IHRvIHByZXNlbnQgd29ya2luZyBkaXJlY3RvcnkiCltbICIkUEFSQU1TX0NPTlRFWFQiICE9ICIuIiBdXSAmJiAKICAgIFBBUkFNU19DT05URVhUPSIuIgoKcGhhc2UgIkluc3BlY3RpbmcgY29udGV4dCAnJHtQQVJBTVNfQ09OVEVYVH0nIgpbWyAhIC1kICIke1BBUkFNU19DT05URVhUfSIgXV0gJiYKICAgIGZhaWwgIkFwcGxpY2F0aW9uIHNvdXJjZSBjb2RlIGRpcmVjdG9yeSBub3QgZm91bmQgYXQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKCnBoYXNlICJCdWlsZGluZyB0aGUgRG9ja2VyZmlsZSAnJHtET0NLRVJGSUxFX0ZVTEx9JyB3aXRoIGJ1aWxkYWgiCmV4ZWMgJHtjdXJfZGlyfS9idWlsZGFoLWJ1ZC5zaAo=" |base64 -d >"/scripts/s2i-build.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0YXJnZXQgaW1hZ2UgbmFtZSAoZnVsbHkgcXVhbGlmaWVkKSB0byBiZSBidWlsZCB3aXRoIHMyaSwgcmVkZWNsYXJpbmcgdGhlIHNhbWUgcGFyYW1ldGVyIG5hbWUgdGhhbgojIGJ1aWxkYWggdGFzayB1c2VzCmRlY2xhcmUgLXggUEFSQU1TX0lNQUdFPSIke1BBUkFNU19JTUFHRTotfSIKIyBTcGVjaWZ5IGEgVVJMIGNvbnRhaW5pbmcgdGhlIGRlZmF1bHQgYXNzZW1ibGUgYW5kIHJ1biBzY3JpcHRzIGZvciB0aGUgYnVpbGRlciBpbWFnZQpkZWNsYXJlIC1yeCBQQVJBTVNfSU1BR0VfU0NSSVBUU19VUkw9IiR7UEFSQU1TX0lNQUdFX1NDUklQVFNfVVJMOi19IgoKIyB2b2x1bWUgbW91bnQgb3IgZGlyZWN0b3J5IHJlc3BvbnNpYmxlIGZvciBob2xkaW5nIGZpbGVzIAojIGxpa2UgZW52LCBEb2NrZXJmaWxlIGFuZCBhbnkgb3RoZXJzIG5lZWRlZCB0byBzdXBwb3J0IHMyaQpkZWNsYXJlIC1yeCBTMklfR0VORVJBVEVfRElSRUNUT1JZPSIke1MySV9HRU5FUkFURV9ESVJFQ1RPUlk6LS9zMmktZ2VuZXJhdGV9IgoKIyBmdWxsIHBhdGggdG8gdGhlIGNvbnRhaW5lciBmaWxlIGdlbmVyYXRlZCBieSBzMmkKZGVjbGFyZSAtcnggUzJJX0RPQ0tFUkZJTEU9IiR7UzJJX0RPQ0tFUkZJTEU6LSR7UzJJX0dFTkVSQVRFX0RJUkVDVE9SWX0vRG9ja2VyZmlsZS5nZW59IgoKIyBmdWxsIHBhdGggdG8gdGhlIGVudiBmaWxlIHVzZWQgd2l0aCB0aGUgLS1lbnZpcm9ubWVudC1maWxlIHBhcmFtZXRlciBvZiBzMmkKZGVjbGFyZSAtcnggUzJJX0VOVklST05NRU5UX0ZJTEU9IiR7UzJJX0VOVklST05NRU5UX0ZJTEU6LSR7UzJJX0dFTkVSQVRFX0RJUkVDVE9SWX0vZW52fSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKZXhwb3J0ZWRfb3JfZmFpbCBcCiAgICBXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIIFwKICAgIFBBUkFNU19JTUFHRQoKIwojIFZlcmJvc2UgT3V0cHV0CiMKCmRlY2xhcmUgLXggUzJJX0xPR0xFVkVMPSIwIgoKaWYgW1sgIiR7UEFSQU1TX1ZFUkJPU0V9IiA9PSAidHJ1ZSIgXV07IHRoZW4KICAgIFMySV9MT0dMRVZFTD0iMiIKICAgIHNldCAteApmaQo=" |base64 -d >"/scripts/s2i-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVXNlcyBzMmkgdG8gZ2VuZXJhdGUgdGhlIHJlcGVzY3RpdmUgQ29udGFpbmVyZmlsZSBiYXNlZCBvbiB0aGUgaW5mb21yZWQgYnVpbGRlci4gVGhlIENvbnRhaW5lcmZpbGUKIyBpcyBzdG9yZWQgb24gYSB0ZW1wb3JhcnkgbG9jYXRpb24uCiMKCnNob3B0IC1zIGluaGVyaXRfZXJyZXhpdApzZXQgLWV1IC1vIHBpcGVmYWlsCgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvY29tbW9uLnNoIgpzb3VyY2UgIiQoZGlybmFtZSAke0JBU0hfU09VUkNFWzBdfSkvczJpLWNvbW1vbi5zaCIKCiMgczJpIGJ1aWxkZXIgaW1hZ2UgbmFtZSAoZnVsbHkgcXVhbGlmaWVkKQpkZWNsYXJlIC1yeCBTMklfQlVJTERFUl9JTUFHRT0iJHtTMklfQlVJTERFUl9JTUFHRTotfSIKCiMgdGFrZXMgdGhlIHZhbHVlcyBpbiBhcmd1bWVudCBFTlZfVkFSUyBhbmQgY3JlYXRlcyBhbiBhcnJheSB1c2luZyB0aG9zZSB2YWx1ZXMKZGVjbGFyZSAtcmEgRU5WX1ZBUlM9KCR7QH0pCgojIHJlLXVzaW5nIHRoZSBzYW1lIHBhcmFtZXRlcnMgdGhhbiBidWlsZGFoLCBzMmkgbmVlZHMgYnVpbGRhaCBhYmlsaXRpZXMgdG8gY3JlYXRlIHRoZSBmaW5hbAojIGNvbnRhaW5lciBpbWFnZSBiYXNlZCBvbiB3aGF0IHMyaSBnZW5lcmF0ZXMKc291cmNlICIkKGRpcm5hbWUgJHtCQVNIX1NPVVJDRVswXX0pL2J1aWxkYWgtY29tbW9uLnNoIgoKIwojIFByZXBhcmUKIwoKIyBtYWtpbmcgc3VyZSB0aGUgcmVxdWlyZWQgd29ya3NwYWNlICJzb3VyY2UiIGlzIGJvdW5kZWQsIHdoaWNoIG1lYW5zIGl0cyB2b2x1bWUgaXMgY3VycmVudGx5IG1vdW50ZWQKIyBhbmQgcmVhZHkgdG8gdXNlCnBoYXNlICJJbnNwZWN0aW5nIHNvdXJjZSB3b3Jrc3BhY2UgJyR7V09SS1NQQUNFU19TT1VSQ0VfUEFUSH0nIChQV0Q9JyR7UFdEfScpIgpbWyAiJHtXT1JLU1BBQ0VTX1NPVVJDRV9CT1VORH0iICE9ICJ0cnVlIiBdXSAmJgogICAgZmFpbCAiV29ya3NwYWNlICdzb3VyY2UnIGlzIG5vdCBib3VuZGVkIgoKcGhhc2UgIkFwcGVuZGluZyAkUEFSQU1TX0NPTlRFWFQgd2l0aCAkV09SS1NQQUNFU19TT1VSQ0VfUEFUSCBpZiBpdCdzIHJlbGF0aXZlIgpbWyAiJFBBUkFNU19DT05URVhUIiAhPSAiLiIgJiYgIiRQQVJBTVNfQ09OVEVYVCIgIT0gLyogXV0gJiYgCiAgICBQQVJBTVNfQ09OVEVYVD0iJHtXT1JLU1BBQ0VTX1NPVVJDRV9QQVRIfS8ke1BBUkFNU19DT05URVhUfSIKCnBoYXNlICJJbnNwZWN0aW5nIGNvbnRleHQgJyR7UEFSQU1TX0NPTlRFWFR9JyIKW1sgISAtZCAiJHtQQVJBTVNfQ09OVEVYVH0iIF1dICYmCiAgICBmYWlsICJBcHBsaWNhdGlvbiBzb3VyY2UgY29kZSBkaXJlY3Rvcnkgbm90IGZvdW5kIGF0ICcke1BBUkFNU19DT05URVhUfSciCgpwaGFzZSAiQWRkaW5nIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdG8gJyR7UzJJX0VOVklST05NRU5UX0ZJTEV9JyIKCiMgYWRkIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdGhhdCBhcmUgc2VudCBhcyBjb21tYW5kIGxpbmUgYXJndW1lbnRzIGZyb20gRU5WX1ZBUlMgcGFyYW1ldGVyCnRvdWNoICIke1MySV9FTlZJUk9OTUVOVF9GSUxFfSIKaWYgWyAkeyNFTlZfVkFSU1tAXX0gLWd0IDAgXTsgdGhlbgogICAgZm9yIGVudl92YXIgaW4gIiR7RU5WX1ZBUlNbQF19IjsgZG8KICAgICAgICBlY2hvICIke2Vudl92YXJ9IiA+PiAiJHtTMklfRU5WSVJPTk1FTlRfRklMRX0iCiAgICBkb25lCmZpCgojCiMgUzJJIEdlbmVyYXRlCiMKCnBoYXNlICJHZW5lcmF0aW5nIHRoZSBEb2NrZXJmaWxlIGZvciBTMkkgYnVpbGRlciBpbWFnZSAnJHtTMklfQlVJTERFUl9JTUFHRX0nIgpzMmkgLS1sb2dsZXZlbCAiJHtTMklfTE9HTEVWRUx9IiBcCiAgICBidWlsZCAiJHtQQVJBTVNfQ09OVEVYVH0iICIke1MySV9CVUlMREVSX0lNQUdFfSIgXAogICAgICAgIC0taW1hZ2Utc2NyaXB0cy11cmwgIiR7UEFSQU1TX0lNQUdFX1NDUklQVFNfVVJMfSIgXAogICAgICAgIC0tYXMtZG9ja2VyZmlsZSAiJHtTMklfRE9DS0VSRklMRX0iIFwKICAgICAgICAtLWVudmlyb25tZW50LWZpbGUgIiR7UzJJX0VOVklST05NRU5UX0ZJTEV9IgoKcGhhc2UgIkluc3BlY3RpbmcgdGhlIERvY2tlcmZpbGUgZ2VuZXJhdGVkIGF0ICcke1MySV9ET0NLRVJGSUxFfSciCltbICEgLWYgIiR7UzJJX0RPQ0tFUkZJTEV9IiBdXSAmJgogICAgZmFpbCAiR2VuZXJhdGVkIERvY2tlcmZpbGUgaXMgbm90IGZvdW5kISIKCnNldCAreApwaGFzZSAiR2VuZXJhdGVkIERvY2tlcmZpbGUgcGF5bG9hZCIKZWNobyAtZW4gIj4+PiAke1MySV9ET0NLRVJGSUxFfVxuJChjYXQgJHtTMklfRE9DS0VSRklMRX0pXG48PDwgRU9GXG4iCg==" |base64 -d >"/scripts/s2i-generate.sh" + ls /scripts/s2i-*.sh; + chmod +x /scripts/s2i-*.sh;echo "Running Script /scripts/s2i-generate.sh"; + /scripts/s2i-generate.sh; + args: + - "$(params.ENV_VARS[*])" + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: s2i-generate-dir + mountPath: /s2i-generate + + - name: s2i-build + image: registry.access.redhat.com/ubi8/buildah:8.10-5 + workingDir: /s2i-generate + command: + - /scripts/s2i-build.sh + securityContext: + capabilities: + add: ["SETFCAP"] + volumeMounts: + - name: scripts-dir + mountPath: /scripts + - name: s2i-generate-dir + mountPath: /s2i-generate + + volumes: + - name: scripts-dir + emptyDir: {} + - name: s2i-generate-dir + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-skopeo-copy/task-skopeo-copy-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-skopeo-copy/task-skopeo-copy-task.yaml new file mode 100644 index 0000000000..38f1f58320 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-skopeo-copy/task-skopeo-copy-task.yaml @@ -0,0 +1,119 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-skopeo-copy/0.4.1/task-skopeo-copy.yaml +# +--- +--- +# Source: task-containers/templates/task-skopeo-copy.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: skopeo-copy + labels: + app.kubernetes.io/version: 0.4.1 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-containers" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/categories: containers + tekton.dev/pipelines.minVersion: 0.41.0 + tekton.dev/tags: containers +spec: + description: | + Skopeo is a command line tool for working with remote image registries. + Skopeo doesn’t require a daemon to be running while performing its operations. In particular, + the handy skopeo command called copy will ease the whole image copy operation. + The copy command will take care of copying the image from internal.registry to production.registry. + If your production registry requires credentials to login in order to push the image, skopeo can handle that as well. + After copying the source and destination images SHA256 digest is stored as results. + workspaces: + - name: images_url + optional: true + description: | + For storing image urls in case we have more than one image to copy. + params: + - name: SOURCE_IMAGE_URL + type: string + description: | + Fully qualified source container image name, including tag, to be copied + into `DESTINATION_IMAGE_URL` param. + - name: DESTINATION_IMAGE_URL + type: string + description: | + Fully qualified destination container image name, including tag. + - name: SRC_TLS_VERIFY + type: string + default: "true" + description: | + Sets the TLS verification flags for the source registry, `true` is recommended. + - name: DEST_TLS_VERIFY + type: string + default: "true" + description: | + Sets the TLS verification flags for the destination registry, `true` is recommended. + - name: VERBOSE + type: string + default: "false" + description: | + Shows a more verbose (debug) output. + + results: + - name: SOURCE_DIGEST + type: string + description: | + Source image SHA256 digest. + - name: DESTINATION_DIGEST + type: string + description: | + Destination image SHA256 digest. + + volumes: + - name: scripts-dir + emptyDir: {} + + stepTemplate: + env: + + - name: PARAMS_SOURCE_IMAGE_URL + value: "$(params.SOURCE_IMAGE_URL)" + - name: PARAMS_DESTINATION_IMAGE_URL + value: "$(params.DESTINATION_IMAGE_URL)" + - name: PARAMS_SRC_TLS_VERIFY + value: "$(params.SRC_TLS_VERIFY)" + - name: PARAMS_DEST_TLS_VERIFY + value: "$(params.DEST_TLS_VERIFY)" + - name: PARAMS_VERBOSE + value: "$(params.VERBOSE)" + - name: WORKSPACES_IMAGES_URL_BOUND + value: "$(workspaces.images_url.bound)" + - name: WORKSPACES_IMAGES_URL_PATH + value: "$(workspaces.images_url.path)" + - name: RESULTS_SOURCE_DIGEST_PATH + value: "$(results.SOURCE_DIGEST.path)" + - name: RESULTS_DESTINATION_DIGEST_PATH + value: "$(results.DESTINATION_DIGEST.path)" + + steps: + - name: skopeo-copy + env: + - name: HOME + value: /workspace/home + image: registry.access.redhat.com/ubi8/skopeo:8.10-5 + script: | + set -e + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQo=" |base64 -d >"/scripts/common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKZGVjbGFyZSAtcnggUEFSQU1TX1NPVVJDRV9JTUFHRV9VUkw9IiR7UEFSQU1TX1NPVVJDRV9JTUFHRV9VUkw6LX0iCmRlY2xhcmUgLXJ4IFBBUkFNU19ERVNUSU5BVElPTl9JTUFHRV9VUkw9IiR7UEFSQU1TX0RFU1RJTkFUSU9OX0lNQUdFX1VSTDotfSIKZGVjbGFyZSAtcnggUEFSQU1TX1NSQ19UTFNfVkVSSUZZPSIke1BBUkFNU19TUkNfVExTX1ZFUklGWTotfSIKZGVjbGFyZSAtcnggUEFSQU1TX0RFU1RfVExTX1ZFUklGWT0iJHtQQVJBTVNfREVTVF9UTFNfVkVSSUZZOi19IgpkZWNsYXJlIC1yeCBQQVJBTVNfVkVSQk9TRT0iJHtQQVJBTVNfVkVSQk9TRTotfSIKCmRlY2xhcmUgLXJ4IFdPUktTUEFDRVNfSU1BR0VTX1VSTF9QQVRIPSIke1dPUktTUEFDRVNfSU1BR0VTX1VSTF9QQVRIOi19IgpkZWNsYXJlIC1yeCBXT1JLU1BBQ0VTX0lNQUdFU19VUkxfQk9VTkQ9IiR7V09SS1NQQUNFU19JTUFHRVNfVVJMX0JPVU5EOi19IgoKZGVjbGFyZSAtcnggUkVTVUxUU19TT1VSQ0VfRElHRVNUX1BBVEg9IiR7UkVTVUxUU19TT1VSQ0VfRElHRVNUX1BBVEg6LX0iCmRlY2xhcmUgLXJ4IFJFU1VMVFNfREVTVElOQVRJT05fRElHRVNUX1BBVEg9IiR7UkVTVUxUU19ERVNUSU5BVElPTl9ESUdFU1RfUEFUSDotfSIKCiMKIyBBc3NlcnRpbmcgRW52aXJvbm1lbnQKIwoKZXhwb3J0ZWRfb3JfZmFpbCBcCiAgICBQQVJBTVNfU09VUkNFX0lNQUdFX1VSTCBcCiAgICBQQVJBTVNfREVTVElOQVRJT05fSU1BR0VfVVJMIFwKICAgIFJFU1VMVFNfU09VUkNFX0RJR0VTVF9QQVRIIFwKICAgIFJFU1VMVFNfREVTVElOQVRJT05fRElHRVNUX1BBVEgKICAgICAKCiMKIyBTa29wZW8gQXV0aGVudGljYXRpb24KIwoKZGVjbGFyZSAteCBSRUdJU1RSWV9BVVRIX0ZJTEU9IiIKCmRvY2tlcl9jb25maWc9Ii93b3Jrc3BhY2UvaG9tZS8uZG9ja2VyL2NvbmZpZy5qc29uIgppZiBbWyAtZiAiJHtkb2NrZXJfY29uZmlnfSIgXV07IHRoZW4KICAgIHBoYXNlICJTZXR0aW5nIFJFR0lTVFJZX0FVVEhfRklMRSB0byAnJHtkb2NrZXJfY29uZmlnfSciCiAgICBSRUdJU1RSWV9BVVRIX0ZJTEU9JHtkb2NrZXJfY29uZmlnfQpmaQoKIwojIFZlcmJvc2UgT3V0cHV0CiMKCmRlY2xhcmUgLXggU0tPUEVPX0RFQlVHX0ZMQUc9IiIKCmlmIFtbICIke1BBUkFNU19WRVJCT1NFfSIgPT0gInRydWUiIF1dOyB0aGVuCiAgICBTS09QRU9fREVCVUdfRkxBRz0iLS1kZWJ1ZyIKICAgIHNldCAteApmaQo=" |base64 -d >"/scripts/skopeo-common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKc2hvcHQgLXMgaW5oZXJpdF9lcnJleGl0CnNldCAtZXUgLW8gcGlwZWZhaWwKCnNvdXJjZSAiJChkaXJuYW1lICIke0JBU0hfU09VUkNFWzBdfSIpL2NvbW1vbi5zaCIKc291cmNlICIkKGRpcm5hbWUgIiR7QkFTSF9TT1VSQ0VbMF19Iikvc2tvcGVvLWNvbW1vbi5zaCIKCiMgRW5zdXJlIHRoZSAvdGVrdG9uL2hvbWUvLmRvY2tlciBkaXJlY3RvcnkgZXhpc3RzCm1rZGlyIC1wIC93b3Jrc3BhY2UvaG9tZS8uZG9ja2VyCgpwaGFzZSAiQ29weWluZyAnJHtQQVJBTVNfU09VUkNFX0lNQUdFX1VSTH0nIGludG8gJyR7UEFSQU1TX0RFU1RJTkFUSU9OX0lNQUdFX1VSTH0nIgoKc2V0IC14CgppZiBbIC1uICIke1BBUkFNU19TT1VSQ0VfSU1BR0VfVVJMfSIgXSAmJiBbIC1uICIke1BBUkFNU19ERVNUSU5BVElPTl9JTUFHRV9VUkx9IiBdOyB0aGVuCiAgICBza29wZW8gY29weSAke1NLT1BFT19ERUJVR19GTEFHfSBcCiAgICAgICAgLS1zcmMtdGxzLXZlcmlmeT0iJHtQQVJBTVNfU1JDX1RMU19WRVJJRll9IiBcCiAgICAgICAgLS1kZXN0LXRscy12ZXJpZnk9IiR7UEFSQU1TX0RFU1RfVExTX1ZFUklGWX0iIFwKICAgICAgICAiJHtQQVJBTVNfU09VUkNFX0lNQUdFX1VSTH0iIFwKICAgICAgICAiJHtQQVJBTVNfREVTVElOQVRJT05fSU1BR0VfVVJMfSIKZWxzZQogICAgIyBGdW5jdGlvbiB0byBjb3B5IG11bHRpcGxlIGltYWdlcy4KICAgIGNvcHlpbWFnZXMoKSB7CiAgICAgICAgZmlsZW5hbWU9IiR7V09SS1NQQUNFU19JTUFHRVNfVVJMX1BBVEh9L3VybC50eHQiCiAgICAgICAgd2hpbGUgSUZTPSByZWFkIC1yIGxpbmUgfHwgWyAtbiAiJGxpbmUiIF0KICAgICAgICBkbwogICAgICAgICAgICBjbWQ9IiIKICAgICAgICAgICAgZm9yIHVybCBpbiAkbGluZQogICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgY21kPSIkY21kICR1cmwiCiAgICAgICAgICAgIGRvbmUKICAgICAgICAgICAgcmVhZCAtcmEgU09VUkNFIDw8PCIke2NtZH0iCiAgICAgICAgICAgIHNrb3BlbyBjb3B5ICIke1NPVVJDRVtAXX0iIC0tc3JjLXRscy12ZXJpZnk9IiR7UEFSQU1TX1NSQ19UTFNfVkVSSUZZfSIgLS1kZXN0LXRscy12ZXJpZnk9IiR7UEFSQU1TX0RFU1RfVExTX1ZFUklGWX0iCiAgICAgICAgICAgIGVjaG8gIiRjbWQiCiAgICAgICAgZG9uZSA8ICIkZmlsZW5hbWUiCiAgICB9CgogICAgY29weWltYWdlcwpmaQo=" |base64 -d >"/scripts/skopeo-copy.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKc2hvcHQgLXMgaW5oZXJpdF9lcnJleGl0CnNldCAtZXUgLW8gcGlwZWZhaWwKCnNvdXJjZSAiJChkaXJuYW1lICR7QkFTSF9TT1VSQ0VbMF19KS9jb21tb24uc2giCnNvdXJjZSAiJChkaXJuYW1lICR7QkFTSF9TT1VSQ0VbMF19KS9za29wZW8tY29tbW9uLnNoIgoKZnVuY3Rpb24gc2tvcGVvX2luc3BlY3QoKSB7CiAgICBsb2NhbCBpbWFnZT0iJDEiCiAgICBsb2NhbCB0bHNfdmVyaWZ5PSIkMiIKICAgIHNrb3BlbyBpbnNwZWN0ICR7U0tPUEVPX0RFQlVHX0ZMQUd9IFwKICAgICAgICAtLXRscy12ZXJpZnk9IiR7dGxzX3ZlcmlmeX0iIFwKICAgICAgICAtLWZvcm1hdD0ne3sgLkRpZ2VzdCB9fScgXAogICAgICAgICIke2ltYWdlfSIKfQoKcGhhc2UgIkV4dHJhY3RpbmcgJyR7UEFSQU1TX1NPVVJDRV9JTUFHRV9VUkx9JyBzb3VyY2UgaW1hZ2UgZGlnZXN0Igpzb3VyY2VfZGlnZXN0PSIkKHNrb3Blb19pbnNwZWN0ICIke1BBUkFNU19TT1VSQ0VfSU1BR0VfVVJMfSIgIiR7UEFSQU1TX1NSQ19UTFNfVkVSSUZZfSIpIgpwaGFzZSAiU291cmNlIGltYWdlIGRpZ2VzdCAnJHtzb3VyY2VfZGlnZXN0fSciCgpwaGFzZSAiRXh0cmFjdGluZyAnJHtQQVJBTVNfREVTVElOQVRJT05fSU1BR0VfVVJMfScgZGVzdGluYXRpb24gaW1hZ2UgZGlnZXN0IgpkZXN0aW5hdGlvbl9kaWdlc3Q9IiQoc2tvcGVvX2luc3BlY3QgIiR7UEFSQU1TX0RFU1RJTkFUSU9OX0lNQUdFX1VSTH0iICIke1BBUkFNU19ERVNUX1RMU19WRVJJRll9IikiCnBoYXNlICJEZXN0aW5hdGlvbiBpbWFnZSBkaWdlc3QgJyR7ZGVzdGluYXRpb25fZGlnZXN0fSciCgpwcmludGYgIiVzIiAiJHtzb3VyY2VfZGlnZXN0fSIgPiAiJHtSRVNVTFRTX1NPVVJDRV9ESUdFU1RfUEFUSH0iCnByaW50ZiAiJXMiICIke2Rlc3RpbmF0aW9uX2RpZ2VzdH0iID4gIiR7UkVTVUxUU19ERVNUSU5BVElPTl9ESUdFU1RfUEFUSH0iCg==" |base64 -d >"/scripts/skopeo-results.sh" + ls /scripts/skopeo-*.sh; + chmod +x /scripts/skopeo-*.sh;echo "Running Script /scripts/skopeo-copy.sh"; + /scripts/skopeo-copy.sh;echo "Running Script /scripts/skopeo-results.sh"; + /scripts/skopeo-results.sh; + volumeMounts: + - name: scripts-dir + mountPath: /scripts diff --git a/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-tkn/task-tkn-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-tkn/task-tkn-task.yaml new file mode 100644 index 0000000000..679ca31592 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/addons/07-ecosystem/tasks/task-tkn/task-tkn-task.yaml @@ -0,0 +1,81 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-tkn/0.2.2/task-tkn.yaml +# +--- +--- +# Source: task-openshift/templates/task-tkn.yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: tkn + labels: + app.kubernetes.io/version: 0.2.2 + annotations: + tekton.dev/source: "https://github.com/openshift-pipelines/task-openshift" + artifacthub.io/category: integration-delivery + artifacthub.io/maintainers: | + - name: OpenShift Pipeline task maintainers + email: pipelines-extcomm@redhat.com + artifacthub.io/provider: Red Hat + artifacthub.io/recommendations: | + - url: https://tekton.dev/ + tekton.dev/displayName: CLI + tekton.dev/pipelines.minVersion: 0.17.0 + tekton.dev/tags: cli +spec: + description: >- + This task performs operations on Tekton resources using tkn. + + workspaces: + - name: kubeconfig_dir + optional: true + description: >- + An optional workspace that allows you to provide a .kube/config + file for tkn to access the cluster. The file should be placed at + the root of the Workspace with name kubeconfig. + + params: + - name: SCRIPT + description: tkn CLI script to execute + type: string + default: "tkn $@" + - name: ARGS + type: array + description: tkn CLI arguments to run + default: ["--help"] + + stepTemplate: + env: + + - name: PARAMS_SCRIPT + value: "$(params.SCRIPT)" + - name: WORKSPACES_KUBECONFIG_DIR_BOUND + value: "$(workspaces.kubeconfig_dir.bound)" + - name: WORKSPACES_KUBECONFIG_DIR_PATH + value: "$(workspaces.kubeconfig_dir.path)" + + steps: + - name: tkn + image: registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:72394dfaed68c4b6b490c3c971fb1d9f0139f8656f6672b55b8e02ea98d1298d + env: + - name: HOME + value: /tekton/home + script: | + set -e + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyB0ZWt0b24ncyBob21lIGRpcmVjdG9yeQpkZWNsYXJlIC1yeCBURUtUT05fSE9NRT0iJHtURUtUT05fSE9NRTotL3Rla3Rvbi9ob21lfSIKCiMKIyBGdW5jdGlvbnMKIwoKZnVuY3Rpb24gZmFpbCgpIHsKICAgIGVjaG8gIkVSUk9SOiAkeyp9IiAyPiYxCiAgICBleGl0IDEKfQoKZnVuY3Rpb24gcGhhc2UoKSB7CiAgICBlY2hvICItLS0+IFBoYXNlOiAkeyp9Li4uIgp9CgojIGFzc2VydCBsb2NhbCB2YXJpYWJsZXMgYXJlIGV4cG9yZXRlZCBvbiB0aGUgZW52aXJvbm1lbnQKZnVuY3Rpb24gZXhwb3J0ZWRfb3JfZmFpbCgpIHsKICAgIGRlY2xhcmUgLWEgX3JlcXVpcmVkX3ZhcnM9IiR7QH0iCgogICAgZm9yIHYgaW4gJHtfcmVxdWlyZWRfdmFyc1tAXX07IGRvCiAgICAgICAgW1sgLXogIiR7IXZ9IiBdXSAmJgogICAgICAgICAgICBmYWlsICInJHt2fScgZW52aXJvbm1lbnQgdmFyaWFibGUgaXMgbm90IHNldCEiCiAgICBkb25lCgogICAgcmV0dXJuIDAKfQoK" |base64 -d >"/scripts/common.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKc2hvcHQgLXMgaW5oZXJpdF9lcnJleGl0CnNldCAtZXUgLW8gcGlwZWZhaWwKCnNvdXJjZSAiJChkaXJuYW1lICR7QkFTSF9TT1VSQ0VbMF19KS9jb21tb24uc2giCnNvdXJjZSAiJChkaXJuYW1lICR7QkFTSF9TT1VSQ0VbMF19KS90a24tY29tbW9uLnNoIgoKW1sgIiR7V09SS1NQQUNFU19LVUJFQ09ORklHX0RJUl9CT1VORH0iID09ICJ0cnVlIiBdXSAmJiBcCltbIC1mICR7V09SS1NQQUNFU19LVUJFQ09ORklHX0RJUl9QQVRIfS9rdWJlY29uZmlnIF1dICYmIFwKZXhwb3J0IEtVQkVDT05GSUc9JHtXT1JLU1BBQ0VTX0tVQkVDT05GSUdfRElSX1BBVEh9L2t1YmVjb25maWcKCmV2YWwgJHtQQVJBTVNfU0NSSVBUfQo=" |base64 -d >"/scripts/tkn-client.sh" + printf '%s' "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKZGVjbGFyZSAtcnggUEFSQU1TX1NDUklQVD0iJHtQQVJBTVNfU0NSSVBUOi19IgoKZGVjbGFyZSAtcnggV09SS1NQQUNFU19LVUJFQ09ORklHX0RJUl9QQVRIPSIke1dPUktTUEFDRVNfS1VCRUNPTkZJR19ESVJfUEFUSDotfSIKZGVjbGFyZSAtcnggV09SS1NQQUNFU19LVUJFQ09ORklHX0RJUl9CT1VORD0iJHtXT1JLU1BBQ0VTX0tVQkVDT05GSUdfRElSX0JPVU5EOi19IgoKIwojIEFzc2VydGluZyBFbnZpcm9ubWVudAojCgpleHBvcnRlZF9vcl9mYWlsIFwKICAgIFdPUktTUEFDRVNfS1VCRUNPTkZJR19ESVJfQk9VTkQgXAogICAgUEFSQU1TX1NDUklQVCBcCiAgIAo=" |base64 -d >"/scripts/tkn-common.sh" + chmod +x /scripts/tkn-*.sh;echo "Running Script /scripts/tkn-client.sh"; + /scripts/tkn-client.sh $@; + args: ["$(params.ARGS)"] + securityContext: + runAsNonRoot: true + runAsUser: 65532 + volumeMounts: + - name: scripts-dir + mountPath: /scripts + + volumes: + - name: scripts-dir + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/pipelines-as-code-templates/generic.yaml b/cmd/openshift/operator/kodata/tekton-addon/pipelines-as-code-templates/generic.yaml new file mode 100644 index 0000000000..2216dea445 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/pipelines-as-code-templates/generic.yaml @@ -0,0 +1,89 @@ +--- +apiVersion: tekton.dev/v1 +kind: PipelineRun +metadata: + name: pipelinerun-generic + annotations: + # The event we are targeting as seen from the webhook payload + # this can be an array too, i.e: [pull_request, push] + pipelinesascode.tekton.dev/on-event: "pull_request" + + # The branch or tag we are targeting (ie: main, refs/tags/*) + pipelinesascode.tekton.dev/on-target-branch: "main" + + # Fetch the git-clone task from hub, we are able to reference later on it + # with taskRef and it will automatically be embedded into our pipeline. + pipelinesascode.tekton.dev/task: "git-clone" + + # Use maven task from hub + # + # pipelinesascode.tekton.dev/task-1: "maven" + + # You can add more tasks by increasing the suffix number, you can specify them as array to have multiple of them. + # browse the tasks you want to include from hub on https://hub.tekton.dev/ + # + # pipelinesascode.tekton.dev/task-2: "[curl, buildah]" + + # How many runs we want to keep. + pipelinesascode.tekton.dev/max-keep-runs: "5" +spec: + params: + # The variable with brackets are special to Pipelines as Code + # They will automatically be expanded with the events from Github. + - name: repo_url + value: "{{ repo_url }}" + - name: revision + value: "{{ revision }}" + pipelineSpec: + params: + - name: repo_url + - name: revision + workspaces: + - name: source + - name: basic-auth + tasks: + - name: fetch-repository + taskRef: + name: git-clone + workspaces: + - name: output + workspace: source + - name: basic-auth + workspace: basic-auth + params: + - name: url + value: $(params.repo_url) + - name: revision + value: $(params.revision) + # Customize this task if you like, or just do a taskRef + # to one of the hub task. + - name: noop-task + displayName: Task with no effect + runAfter: + - fetch-repository + workspaces: + - name: source + workspace: source + taskSpec: + workspaces: + - name: source + steps: + - name: noop-task + image: registry.access.redhat.com/ubi9/ubi-micro + workingDir: $(workspaces.source.path) + script: | + exit 0 + workspaces: + - name: source + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + # This workspace will inject secret to help the git-clone task to be able to + # checkout the private repositories + - name: basic-auth + secret: + secretName: "{{ git_auth_secret }}" diff --git a/cmd/openshift/operator/kodata/tekton-addon/pipelines-as-code-templates/go.yaml b/cmd/openshift/operator/kodata/tekton-addon/pipelines-as-code-templates/go.yaml new file mode 100644 index 0000000000..ef28943ea3 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/pipelines-as-code-templates/go.yaml @@ -0,0 +1,83 @@ +--- +apiVersion: tekton.dev/v1 +kind: PipelineRun +metadata: + name: pipelinerun-go + annotations: + # The event we are targeting as seen from the webhook payload + # this can be an array too, i.e: [pull_request, push] + pipelinesascode.tekton.dev/on-event: "pull_request" + + # The branch or tag we are targeting (ie: main, refs/tags/*) + pipelinesascode.tekton.dev/on-target-branch: "main" + + # Fetch the git-clone task from hub, we are able to reference later on it + # with taskRef and it will automatically be embedded into our pipeline. + pipelinesascode.tekton.dev/task: "git-clone" + + # Use golangci-lint from the hub to test our Golang project + pipelinesascode.tekton.dev/task-1: "golangci-lint" + + # You can add more tasks by increasing the suffix number, you can specify + # them as array to have multiple of them. + # browse the tasks you want to include from hub on https://hub.tekton.dev/ + # + # pipelinesascode.tekton.dev/task-2: "[curl, buildah]" + + # how many runs we want to keep attached to this event + pipelinesascode.tekton.dev/max-keep-runs: "5" +spec: + params: + # The variable with brackets are special to Pipelines as Code + # They will automatically be expanded with the events from Github. + - name: repo_url + value: "{{ repo_url }}" + - name: revision + value: "{{ revision }}" + pipelineSpec: + params: + - name: repo_url + - name: revision + workspaces: + - name: source + - name: basic-auth + tasks: + - name: fetch-repository + taskRef: + name: git-clone + workspaces: + - name: output + workspace: source + - name: basic-auth + workspace: basic-auth + params: + - name: url + value: $(params.repo_url) + - name: revision + value: $(params.revision) + - name: golangci-lint + taskRef: + name: golangci-lint + runAfter: + - fetch-repository + params: + - name: package + value: . + workspaces: + - name: source + workspace: source + + workspaces: + - name: source + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + # This workspace will inject secret to help the git-clone task to be able to + # checkout the private repositories + - name: basic-auth + secret: + secretName: "{{ git_auth_secret }}" diff --git a/cmd/openshift/operator/kodata/tekton-addon/pipelines-as-code-templates/java.yaml b/cmd/openshift/operator/kodata/tekton-addon/pipelines-as-code-templates/java.yaml new file mode 100644 index 0000000000..b8cf872666 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/pipelines-as-code-templates/java.yaml @@ -0,0 +1,88 @@ +--- +apiVersion: tekton.dev/v1 +kind: PipelineRun +metadata: + name: pipelinerun-java + annotations: + # The event we are targeting as seen from the webhook payload + # this can be an array too, i.e: [pull_request, push] + pipelinesascode.tekton.dev/on-event: "pull_request" + + # The branch or tag we are targeting (ie: main, refs/tags/*) + pipelinesascode.tekton.dev/on-target-branch: "main" + + # Fetch the git-clone task from hub, we are able to reference later on it + # with taskRef and it will automatically be embedded into our pipeline. + pipelinesascode.tekton.dev/task: "git-clone" + + # Use maven task from the hub to test our Java project + pipelinesascode.tekton.dev/task-1: "maven" + + # You can add more tasks by increasing the suffix number, you can specify + # them as array to have multiple of them. + # browse the tasks you want to include from hub on https://hub.tekton.dev/ + # + # pipelinesascode.tekton.dev/task-2: "[curl, buildah]" + + # How many runs we want to keep attached to this event + pipelinesascode.tekton.dev/max-keep-runs: "5" +spec: + params: + # The variable with brackets are special to Pipelines as Code + # They will automatically be expanded with the events from Github. + - name: repo_url + value: "{{ repo_url }}" + - name: revision + value: "{{ revision }}" + pipelineSpec: + params: + - name: repo_url + - name: revision + workspaces: + - name: source + - name: basic-auth + - name: maven-settings + tasks: + - name: fetch-repository + taskRef: + name: git-clone + workspaces: + - name: output + workspace: source + - name: basic-auth + workspace: basic-auth + params: + - name: url + value: $(params.repo_url) + - name: revision + value: $(params.revision) + - name: maven-test + taskRef: + name: maven + runAfter: + - fetch-repository + params: + - name: GOALS + value: + - test + workspaces: + - name: source + workspace: source + - name: maven-settings + workspace: maven-settings + workspaces: + - name: maven-settings + emptyDir: {} + - name: source + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + # This workspace will inject secret to help the git-clone task to be able to + # checkout the private repositories + - name: basic-auth + secret: + secretName: "{{ git_auth_secret }}" diff --git a/cmd/openshift/operator/kodata/tekton-addon/pipelines-as-code-templates/nodejs.yaml b/cmd/openshift/operator/kodata/tekton-addon/pipelines-as-code-templates/nodejs.yaml new file mode 100644 index 0000000000..79204477fa --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/pipelines-as-code-templates/nodejs.yaml @@ -0,0 +1,82 @@ +--- +apiVersion: tekton.dev/v1 +kind: PipelineRun +metadata: + name: pipelinerun-nodejs + annotations: + # The event we are targeting as seen from the webhook payload + # this can be an array too, i.e: [pull_request, push] + pipelinesascode.tekton.dev/on-event: "pull_request" + + # The branch or tag we are targeting (ie: main, refs/tags/*) + pipelinesascode.tekton.dev/on-target-branch: "main" + + # Fetch the git-clone task from hub, we are able to reference later on it + # with taskRef and it will automatically be embedded into our pipeline. + pipelinesascode.tekton.dev/task: "git-clone" + + # Task for Nodejs + pipelinesascode.tekton.dev/task-1: "[npm]" + + # You can add more tasks by increasing the suffix number, you can specify them as array to have multiple of them. + # browse the tasks you want to include from hub on https://hub.tekton.dev/ + # + # pipelinesascode.tekton.dev/task-2: "[curl, buildah]" + + # How many runs we want to keep attached to this event + pipelinesascode.tekton.dev/max-keep-runs: "5" +spec: + params: + # The variable with brackets are special to Pipelines as Code + # They will automatically be expanded with the events from Github. + - name: repo_url + value: "{{ repo_url }}" + - name: revision + value: "{{ revision }}" + pipelineSpec: + params: + - name: repo_url + - name: revision + workspaces: + - name: source + - name: basic-auth + tasks: + - name: fetch-repository + taskRef: + name: git-clone + workspaces: + - name: output + workspace: source + - name: basic-auth + workspace: basic-auth + params: + - name: url + value: $(params.repo_url) + - name: revision + value: $(params.revision) + - name: run-test + taskRef: + name: npm + workspaces: + - name: source + workspace: source + params: + - name: ARGS + value: + - test + runAfter: + - fetch-repository + workspaces: + - name: source + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + # This workspace will inject secret to help the git-clone task to be able to + # checkout the private repositories + - name: basic-auth + secret: + secretName: "{{ git_auth_secret }}" diff --git a/cmd/openshift/operator/kodata/tekton-addon/pipelines-as-code-templates/python.yaml b/cmd/openshift/operator/kodata/tekton-addon/pipelines-as-code-templates/python.yaml new file mode 100644 index 0000000000..2d00835188 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/pipelines-as-code-templates/python.yaml @@ -0,0 +1,80 @@ +--- +apiVersion: tekton.dev/v1 +kind: PipelineRun +metadata: + name: pipelinerun-python + annotations: + # The event we are targeting as seen from the webhook payload + # this can be an array too, i.e: [pull_request, push] + pipelinesascode.tekton.dev/on-event: "pull_request" + + # The branch or tag we are targeting (ie: main, refs/tags/*) + pipelinesascode.tekton.dev/on-target-branch: "main" + + # Fetch the git-clone task from hub, we are able to reference later on it + # with taskRef and it will automatically be embedded into our pipeline. + pipelinesascode.tekton.dev/task: "git-clone" + + # Use pylint from the hub to test our Python project + pipelinesascode.tekton.dev/task-1: "pylint" + + # You can add more tasks by increasing the suffix number, you can specify + # them as array to have multiple of them. + # browse the tasks you want to include from hub on https://hub.tekton.dev/ + # + # pipelinesascode.tekton.dev/task-2: "[curl, buildah]" + + # how many runs we want to keep attached to this event + pipelinesascode.tekton.dev/max-keep-runs: "5" +spec: + params: + # The variable with brackets are special to Pipelines as Code + # They will automatically be expanded with the events from Github. + - name: repo_url + value: "{{ repo_url }}" + - name: revision + value: "{{ revision }}" + pipelineSpec: + params: + - name: repo_url + - name: revision + workspaces: + - name: source + - name: basic-auth + tasks: + - name: fetch-repository + taskRef: + name: git-clone + workspaces: + - name: output + workspace: source + - name: basic-auth + workspace: basic-auth + params: + - name: url + value: $(params.repo_url) + - name: revision + value: $(params.revision) + - name: pylint + taskRef: + name: pylint + runAfter: + - fetch-repository + workspaces: + - name: source + workspace: source + + workspaces: + - name: source + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + # This workspace will inject secret to help the git-clone task to be able to + # checkout the private repositories + - name: basic-auth + secret: + secretName: "{{ git_auth_secret }}" diff --git a/cmd/openshift/operator/kodata/tekton-addon/pipelines-as-code/v0.28.0/release.yaml b/cmd/openshift/operator/kodata/tekton-addon/pipelines-as-code/v0.28.0/release.yaml new file mode 100644 index 0000000000..392e2cf51a --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/pipelines-as-code/v0.28.0/release.yaml @@ -0,0 +1,1574 @@ +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: v1 +kind: Namespace +metadata: + name: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + openshift.io/cluster-monitoring: "true" +--- + +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: pipelines-as-code-info + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +rules: + # All system:authenticated users needs to have access + # of the pipelines-as-code-info ConfigMap even if they don't + # have access to the other resources present in the + # installed namespace. + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["pipelines-as-code-info"] + verbs: ["get"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pipelines-as-code-info + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +subjects: + - kind: Group + name: system:authenticated + apiGroup: rbac.authorization.k8s.io +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipelines-as-code-info +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: pipelines-as-code-aggregate + labels: + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - pipelinesascode.tekton.dev + resources: + - repositories + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- + +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pipelines-as-code-controller + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: pipelines-as-code-controller-role + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pipelines-as-code-controller-binding + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +subjects: + - kind: ServiceAccount + name: pipelines-as-code-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipelines-as-code-controller-role +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: pipeline-as-code-controller-clusterrole + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +rules: + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["create"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "create", "update", "delete"] + - apiGroups: ["pipelinesascode.tekton.dev"] + resources: ["repositories"] + verbs: ["get", "create", "list"] + - apiGroups: ["tekton.dev"] + resources: ["pipelineruns"] + verbs: ["get", "list", "create", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create"] + - apiGroups: ["route.openshift.io"] + resources: ["routes"] + verbs: ["get"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: pipelines-as-code-controller-clusterbinding + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +subjects: + - kind: ServiceAccount + name: pipelines-as-code-controller + namespace: pipelines-as-code +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pipeline-as-code-controller-clusterrole +--- + +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pipelines-as-code-watcher + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: pipelines-as-code-watcher-role + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pipelines-as-code-watcher-binding + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +subjects: + - kind: ServiceAccount + name: pipelines-as-code-watcher +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipelines-as-code-watcher-role +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: pipeline-as-code-watcher-clusterrole + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "delete"] + - apiGroups: ["pipelinesascode.tekton.dev"] + resources: ["repositories"] + verbs: ["get", "list", "update", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["pipelineruns"] + verbs: ["get", "delete", "list", "watch", "update", "patch"] + - apiGroups: ["tekton.dev"] + resources: ["taskruns"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "update", "patch"] + - apiGroups: ["route.openshift.io"] + resources: ["routes"] + verbs: ["get"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: pipelines-as-code-watcher-clusterbinding + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +subjects: +- kind: ServiceAccount + name: pipelines-as-code-watcher + namespace: pipelines-as-code +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pipeline-as-code-watcher-clusterrole +--- + +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pipelines-as-code-webhook + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: pipelines-as-code-webhook-role + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "update"] + resourceNames: ["pipelines-as-code-webhook-certs"] + # The webhook daemon makes a reconciliation loop on webhook-certs. Whenever + # the secret changes it updates the webhook configurations with the certificates + # stored in the secret. + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + # webhook uses leases for leader election +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pipelines-as-code-webhook-binding + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +subjects: + - kind: ServiceAccount + name: pipelines-as-code-webhook +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipelines-as-code-webhook-role +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: pipeline-as-code-webhook-clusterrole + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +rules: + - apiGroups: ["pipelinesascode.tekton.dev"] + resources: ["repositories"] + verbs: ["get", "list", "watch"] + # The webhook performs a reconciliation on this resource and continuously + # updates configuration. + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + verbs: ["list", "watch"] + # When there are changes to the configs or secrets, knative updates the validating webhook config + # with the updated certificates or the refreshed set of rules. + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + verbs: ["get", "update", "delete"] + resourceNames: ["validation.pipelinesascode.tekton.dev"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: pipelines-as-code-webhook-clusterbinding + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +subjects: +- kind: ServiceAccount + name: pipelines-as-code-webhook + namespace: pipelines-as-code +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pipeline-as-code-webhook-clusterrole +--- + +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: repositories.pipelinesascode.tekton.dev + labels: + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +spec: + group: pipelinesascode.tekton.dev + versions: + - name: v1alpha1 + subresources: + status: {} + additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - name: Succeeded + type: string + jsonPath: '.pipelinerun_status[-1].conditions[?(@.type=="Succeeded")].status' + - name: Reason + type: string + jsonPath: '.pipelinerun_status[-1].conditions[?(@.type=="Succeeded")].reason' + - name: StartTime + type: date + jsonPath: ".pipelinerun_status[-1].startTime" + - name: CompletionTime + type: date + jsonPath: ".pipelinerun_status[-1].completionTime" + served: true + storage: true + schema: + openAPIV3Schema: + x-kubernetes-preserve-unknown-fields: true + description: Schema for the repository API + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/ api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of Repository + properties: + settings: + description: Settings relative to the Repository + type: object + properties: + policy: + type: object + description: Set policy on actions allowing only some teams + properties: + ok_to_test: + type: array + items: + description: list of teams allowed to run /ok-to-test + type: string + pull_request: + type: array + items: + description: list of teams allowed to have ci run on pull/merge requests. + type: string + github_app_token_scope_repos: + type: array + items: + description: list of repositories where Github token can be scoped + type: string + pipelinerun_provenance: + description: From where the PipelineRun definitions will be coming from + type: string + enum: + - source + - default_branch + concurrency_limit: + description: Number of maximum pipelinerun running at any moment + type: integer + url: + description: Repository URL + type: string + type: + description: Git repository provider + type: string + enum: + - github + - gitea + - bitbucket + - gitlab + - bitbucket-enteprise + params: + type: array + items: + type: object + required: + - name + properties: + name: + description: The name of the params for the pipelinerun variable + type: string + value: + description: The value of the params as injected into pipelinerun + type: string + filter: + description: A CEL filter to set condition on param + type: string + secret_ref: + description: The value as coming from secret + type: object + required: + - name + - key + properties: + key: + description: Key of the secret + type: string + default: "secret" + name: + description: Name of the secret + type: string + incoming: + type: array + items: + type: object + properties: + type: + description: Type of webhook + type: string + enum: + - webhook-url + params: + description: Parameters accepted to be overwritten when posting to the webhook + type: array + items: + description: Parameter + type: string + targets: + description: List of target branches or ref to trigger webhooks on + type: array + items: + description: Branch name + type: string + secret: + description: Secret to use for the webhook + type: object + properties: + key: + description: Key of the secret + type: string + default: "secret" + name: + description: Name of the secret + type: string + git_provider: + type: object + properties: + url: + description: The Git provider api url + type: string + user: + description: The Git provider api user + type: string + type: + description: The Git provider type + type: string + secret: + type: object + properties: + key: + type: string + description: "Key inside the secret" + default: "provider.token" + name: + type: string + description: "The secret name" + webhook_secret: + type: object + properties: + key: + type: string + description: "Key inside the secret" + default: "webhook.secret" + name: + type: string + description: "The secret name" + type: object + type: object + scope: Namespaced + names: + plural: repositories + singular: repository + kind: Repository + shortNames: + - repo +--- + +apiVersion: v1 +kind: ConfigMap +metadata: + name: pac-config-logging + namespace: pipelines-as-code + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +data: + zap-logger-config: | + { + "level": "info", + "development": false, + "sampling": { + "initial": 100, + "thereafter": 100 + }, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "ts", + "levelKey": "level", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "msg", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "iso8601", + "durationEncoder": "", + "callerEncoder": "" + } + } + # Log level overrides + loglevel.pipelinesascode: "info" + loglevel.pac-watcher: "info" + loglevel.pipelines-as-code-webhook: "info" +--- + +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# See https://pipelinesascode.com/docs/install/settings/ for the complete +# documentation of all settings. + +apiVersion: v1 +data: + # The application name, you can customize this label. If using the Github App you will need to customize the label on the github app setting as well. + application-name: "Pipelines as Code CI" + + # Whether to automatically create a secret with the token to be use by git-clone + secret-auto-create: "true" + + # By default we only generate token scoped to the repository from where the + # payload come from. + # We do this because if the github apps is installed on an github organisation + # + # and there is a mix of public and private repositories in there + # where some users on that org does not have access. + # + # If you trust every users on your organisations to access any repos there or + # not planning to install your github application globally on a Github Organisation + # then you can safely set this option to false. + secret-github-app-token-scoped: "true" + + # If you don't want to completely disable the scoping of the token, but still + # wants some other repos (on the same installation id) available from the + # token, then you can add an extra owner/repo here. + # + # You can have multiple owner/repositories separated by commas: + # i.e: "owner/private-repo1, org/repo2" + secret-github-app-scope-extra-repos: "" + + # Tekton HUB API urls + hub-url: "https://api.hub.tekton.dev/v1" + + # Tekton HUB catalog name + hub-catalog-name: "tekton" + + # Additional Hub Catalogs is supported, for example: + # + # catalog-1-id: anotherhub + # catalog-1-name: tekton + # catalog-1-url: https://api.other.com/v1 + # + # this configuration will have a new catalog named anotherhub on https://api.other.com/v1 endpoint and catalog name tekton + # to be used by a user in their templates like this: + # pipelinesascode.tekton.dev/task: "anotherhub://task" + # + # Increase the number of the catalog to add more of them + + # Allow fetching remote tasks + remote-tasks: "true" + + # Using the URL of the Tekton dashboard, Pipelines-as-Code generates a URL to the + # PipelineRun on the Tekton dashboard + tekton-dashboard-url: "" + + # Enable or disable the feature to show a log snippet of the failed task when there is + # an error in a Pipeline + # + # It will show the last 3 lines of the first container of the first task + # that has error in the pipeline. + # + # you may want to disable this if you think your pipeline may leak some value + error-log-snippet: "true" + + # Enable or disable the inspection of container logs to detect error message + # and expose them as annotations on Pull Request. Only Github apps is supported + error-detection-from-container-logs: "true" + + # How many lines to grab from the container when inspecting the + # logs for error-detection. Increasing this value may increase the watcher + # memory usage. Use -1 for unlimited lines. + error-detection-max-number-of-lines: "50" + + # The default regexp used when we use the simple error detection + error-detection-simple-regexp: |- + ^(?P[^:]*):(?P[0-9]+):(?P[0-9]+)?([ ]*)?(?P.*) + + # Since public bitbucket doesn't have the concept of Secret, we need to be + # able to secure the request by querying https://ip-ranges.atlassian.com/, + # this only happen for public bitbucket (ie: when provider.url is not set in + # repository spec). If you want to override this, you need to bear in mind + # this could be a security issue, a malicious user can send a PR to your repo + # with a modification to your PipelineRun that would grab secrets, tunnel or + # others and then send a malicious webhook payload to the controller which + # look like a authorized owner has send the PR to run it.. + bitbucket-cloud-check-source-ip: "true" + + # Add extra IPS (ie: 127.0.0.1) or networks (127.0.0.0/16) separated by commas. + bitbucket-cloud-additional-source-ip: "" + + # max-keep-run-upper-limit defines the upper limit for max-keep-run annotation + # value which a user can set on pipelineRun. the value set on annotation + # should be less than or equal to the upper limit otherwise the upper limit + # will be used while cleaning up + max-keep-run-upper-limit: "" + + # if defined then applies to all pipelineRun who doesn't have max-keep-runs annotation + default-max-keep-runs: "" + + # Whether to auto configure newly created repositories, this will create a new + # namespace and repository CR, supported only with GitHub App + auto-configure-new-github-repo: "false" + + # add a template to generate name for namespace for your auto configured + # github repo supported fields are repo_owner, repo_name eg. if defined as + # `{{repo_owner}}-{{repo_name}}-ci`, then namespace generated for repository + # https://github.com/owner/repo will be `owner-repo-ci` + auto-configure-repo-namespace-template: "" + + # Enable or disable the feature to rerun the CI if push event happens on + # a pull request + # + # By default it is true and CI will be re-run in case of push/amend on the + # pull request if ok-to-test is done once + # + # you may want to disable this if ok-to-test should be done on each iteration + remember-ok-to-test: "true" + + # Configure a custom console here, the driver support custom parameters from + # Repo CR along a few other template variable, see documentation for more + # details + # + # custom-console-name: Console Name + # custom-console-url: https://url + # custom-console-url-pr-details: https://url/ns/{{ namespace }}/{{ pr }} + # custom-console-url-pr-tasklog: https://url/ns/{{ namespace }}/{{ pr }}/logs/{{ task }} + +kind: ConfigMap +metadata: + name: pipelines-as-code + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/part-of: pipelines-as-code +--- + +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This configmap is filled by bootstrap command +# GitHub App is added as provider and later this is checked +# before configuring a new GitHub App so that we don't +# configure more than one App + +apiVersion: v1 +data: + # pipelines as code controller version + version: "v0.28.0" + + # controller url to be used for configuring webhook using cli + controller-url: "" + + # display the configured provider on the platform + # only one provider type to be configured at a time + # eg. if GitHub App is configured, then webhooks should not be configured + provider: "" + +kind: ConfigMap +metadata: + name: pipelines-as-code-info + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/part-of: pipelines-as-code +--- + +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Secret +metadata: + name: pipelines-as-code-webhook-certs + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/part-of: pipelines-as-code +# The data is populated at install time +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.pipelinesascode.tekton.dev + labels: + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/part-of: pipelines-as-code +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: pipelines-as-code-webhook + namespace: pipelines-as-code + failurePolicy: Fail + sideEffects: None + name: validation.pipelinesascode.tekton.dev +--- + +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: pipelines-as-code-config-observability + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/part-of: pipelines-as-code +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # metrics.backend-destination field specifies the system metrics destination. + # It supports either prometheus (the default) or stackdriver. + # Note: Using Stackdriver will incur additional charges. + metrics.backend-destination: prometheus + # metrics.stackdriver-project-id field specifies the Stackdriver project ID. This + # field is optional. When running on GCE, application default credentials will be + # used and metrics will be sent to the cluster's project if this field is + # not provided. + metrics.stackdriver-project-id: "" + # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed + # to send metrics to Stackdriver using "global" resource type and custom + # metric type. Setting this flag to "true" could cause extra Stackdriver + # charge. If metrics.backend-destination is not Stackdriver, this is + # ignored. + metrics.allow-stackdriver-custom-metrics: "false" +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: pac-watcher-config-leader-election + namespace: pipelines-as-code + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: pac-webhook-config-leader-election + namespace: pipelines-as-code + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: pipelines-as-code-controller + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/part-of: pipelines-as-code +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + template: + metadata: + labels: + app: pipelines-as-code-controller + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + app.kubernetes.io/version: "v0.28.0" + spec: + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: pipelines-as-code-controller + containers: + - name: pac-controller + image: "ghcr.io/openshift-pipelines/pipelines-as-code-controller:v0.28.0" + imagePullPolicy: Always + ports: + - name: api + containerPort: 8080 + - name: metrics + containerPort: 9090 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + readinessProbe: + failureThreshold: 3 + httpGet: + path: /live + port: api + scheme: HTTP + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /live + port: api + scheme: HTTP + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 1 + env: + - name: CONFIG_LOGGING_NAME + value: pac-config-logging + - name: TLS_KEY + value: "key" + - name: TLS_CERT + value: "cert" + - name: TLS_SECRET_NAME + value: "pipelines-as-code-tls-secret" + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: K_METRICS_CONFIG + value: '{"Domain":"pipelinesascode.tekton.dev/controller","Component":"pac_controller","PrometheusPort":9090,"ConfigMap":{"name":"pipelines-as-code-config-observability"}}' + - name: K_TRACING_CONFIG + value: '{"backend":"prometheus","debug":"false","sample-rate":"0"}' + - name: K_SINK_TIMEOUT + value: "30" + - name: PAC_CONTROLLER_LABEL + value: "default" + - name: PAC_CONTROLLER_SECRET + value: "pipelines-as-code-secret" + - name: PAC_CONTROLLER_CONFIGMAP + value: "pipelines-as-code" + volumeMounts: + - mountPath: "/etc/pipelines-as-code/tls" + readOnly: true + name: tls + volumes: + - name: tls + secret: + secretName: pipelines-as-code-tls-secret + optional: true +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: v1 +kind: Service +metadata: + name: pipelines-as-code-controller + namespace: pipelines-as-code + labels: + app: pipelines-as-code-controller + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/part-of: pipelines-as-code +spec: + ports: + - name: http-listener + port: 8080 + protocol: TCP + targetPort: 8080 + - name: http-metrics + port: 9090 + protocol: TCP + targetPort: 9090 + selector: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: pipelines-as-code-watcher + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/part-of: pipelines-as-code +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: watcher + app.kubernetes.io/component: watcher + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + template: + metadata: + labels: + app.kubernetes.io/name: watcher + app.kubernetes.io/component: watcher + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + app.kubernetes.io/version: "v0.28.0" + app: pipelines-as-code-watcher + spec: + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: pipelines-as-code-watcher + containers: + - name: pac-watcher + image: "ghcr.io/openshift-pipelines/pipelines-as-code-watcher:v0.28.0" + imagePullPolicy: Always + env: + - name: CONFIG_LOGGING_NAME + value: pac-config-logging + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: METRICS_DOMAIN + value: tekton.dev/pipelinesascode + - name: CONFIG_OBSERVABILITY_NAME + value: pipelines-as-code-config-observability + - name: CONFIG_LEADERELECTION_NAME + value: pac-watcher-config-leader-election + ports: + - name: probes + containerPort: 8080 + - name: metrics + containerPort: 9090 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + readinessProbe: + httpGet: + path: /live + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + livenessProbe: + httpGet: + path: /live + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: v1 +kind: Service +metadata: + name: pipelines-as-code-watcher + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/part-of: pipelines-as-code + app: pipelines-as-code-watcher +spec: + ports: + - name: http-metrics + port: 9090 + protocol: TCP + targetPort: 9090 + selector: + app.kubernetes.io/name: watcher + app.kubernetes.io/component: watcher + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: pipelines-as-code-webhook + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/part-of: pipelines-as-code +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + template: + metadata: + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + app.kubernetes.io/version: "v0.28.0" + spec: + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: pipelines-as-code-webhook + containers: + - name: pac-webhook + image: "ghcr.io/openshift-pipelines/pipelines-as-code-webhook:v0.28.0" + env: + - name: CONFIG_LOGGING_NAME + value: pac-config-logging + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: WEBHOOK_SERVICE_NAME + value: pipelines-as-code-webhook + - name: WEBHOOK_SECRET_NAME + value: pipelines-as-code-webhook-certs + - name: METRICS_DOMAIN + value: tekton.dev/pipelinesascode + - name: CONFIG_LEADERELECTION_NAME + value: pac-webhook-config-leader-election + ports: + - name: https-webhook + containerPort: 8443 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: v1 +kind: Service +metadata: + name: pipelines-as-code-webhook + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/part-of: pipelines-as-code +spec: + ports: + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + annotations: + haproxy.router.openshift.io/timeout: 600s + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + app.kubernetes.io/version: "v0.28.0" + pipelines-as-code/route: controller + name: pipelines-as-code-controller + namespace: pipelines-as-code +spec: + port: + targetPort: http-listener + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + to: + kind: Service + name: pipelines-as-code-controller + weight: 100 + wildcardPolicy: None +--- + +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: pipelines-as-code-monitoring + namespace: pipelines-as-code +rules: +- apiGroups: + - "" + resources: + - services + - endpoints + - pods + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pipelines-as-code-monitoring + namespace: pipelines-as-code +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipelines-as-code-monitoring +subjects: + - kind: ServiceAccount + name: prometheus-k8s + namespace: pipelines-as-code +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: pipelines-as-code-monitor + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/part-of: pipelines-as-code + annotations: + networkoperator.openshift.io/ignore-errors: "" +spec: + endpoints: + - interval: 10s + port: http-metrics + jobLabel: app + namespaceSelector: + matchNames: + - pipelines-as-code + selector: + matchLabels: + app: pipelines-as-code-watcher +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: pipelines-as-code-controller-monitor + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.0" + app.kubernetes.io/part-of: pipelines-as-code + annotations: + networkoperator.openshift.io/ignore-errors: "" +spec: + endpoints: + - interval: 10s + port: http-metrics + jobLabel: app + namespaceSelector: + matchNames: + - pipelines-as-code + selector: + matchLabels: + app: pipelines-as-code-controller diff --git a/cmd/openshift/operator/kodata/tekton-addon/pipelines-as-code/v0.28.1/release.yaml b/cmd/openshift/operator/kodata/tekton-addon/pipelines-as-code/v0.28.1/release.yaml new file mode 100644 index 0000000000..25b09fdcc4 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/pipelines-as-code/v0.28.1/release.yaml @@ -0,0 +1,1574 @@ +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: v1 +kind: Namespace +metadata: + name: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + openshift.io/cluster-monitoring: "true" +--- + +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: pipelines-as-code-info + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +rules: + # All system:authenticated users needs to have access + # of the pipelines-as-code-info ConfigMap even if they don't + # have access to the other resources present in the + # installed namespace. + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["pipelines-as-code-info"] + verbs: ["get"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pipelines-as-code-info + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +subjects: + - kind: Group + name: system:authenticated + apiGroup: rbac.authorization.k8s.io +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipelines-as-code-info +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: pipelines-as-code-aggregate + labels: + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - pipelinesascode.tekton.dev + resources: + - repositories + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- + +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pipelines-as-code-controller + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: pipelines-as-code-controller-role + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pipelines-as-code-controller-binding + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +subjects: + - kind: ServiceAccount + name: pipelines-as-code-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipelines-as-code-controller-role +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: pipeline-as-code-controller-clusterrole + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +rules: + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["create"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "create", "update", "delete"] + - apiGroups: ["pipelinesascode.tekton.dev"] + resources: ["repositories"] + verbs: ["get", "create", "list"] + - apiGroups: ["tekton.dev"] + resources: ["pipelineruns"] + verbs: ["get", "list", "create", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create"] + - apiGroups: ["route.openshift.io"] + resources: ["routes"] + verbs: ["get"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: pipelines-as-code-controller-clusterbinding + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +subjects: + - kind: ServiceAccount + name: pipelines-as-code-controller + namespace: pipelines-as-code +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pipeline-as-code-controller-clusterrole +--- + +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pipelines-as-code-watcher + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: pipelines-as-code-watcher-role + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pipelines-as-code-watcher-binding + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +subjects: + - kind: ServiceAccount + name: pipelines-as-code-watcher +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipelines-as-code-watcher-role +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: pipeline-as-code-watcher-clusterrole + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "delete"] + - apiGroups: ["pipelinesascode.tekton.dev"] + resources: ["repositories"] + verbs: ["get", "list", "update", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["pipelineruns"] + verbs: ["get", "delete", "list", "watch", "update", "patch"] + - apiGroups: ["tekton.dev"] + resources: ["taskruns"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "update", "patch"] + - apiGroups: ["route.openshift.io"] + resources: ["routes"] + verbs: ["get"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: pipelines-as-code-watcher-clusterbinding + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +subjects: +- kind: ServiceAccount + name: pipelines-as-code-watcher + namespace: pipelines-as-code +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pipeline-as-code-watcher-clusterrole +--- + +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pipelines-as-code-webhook + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: pipelines-as-code-webhook-role + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "update"] + resourceNames: ["pipelines-as-code-webhook-certs"] + # The webhook daemon makes a reconciliation loop on webhook-certs. Whenever + # the secret changes it updates the webhook configurations with the certificates + # stored in the secret. + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + # webhook uses leases for leader election +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pipelines-as-code-webhook-binding + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +subjects: + - kind: ServiceAccount + name: pipelines-as-code-webhook +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipelines-as-code-webhook-role +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: pipeline-as-code-webhook-clusterrole + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +rules: + - apiGroups: ["pipelinesascode.tekton.dev"] + resources: ["repositories"] + verbs: ["get", "list", "watch"] + # The webhook performs a reconciliation on this resource and continuously + # updates configuration. + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + verbs: ["list", "watch"] + # When there are changes to the configs or secrets, knative updates the validating webhook config + # with the updated certificates or the refreshed set of rules. + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + verbs: ["get", "update", "delete"] + resourceNames: ["validation.pipelinesascode.tekton.dev"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: pipelines-as-code-webhook-clusterbinding + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +subjects: +- kind: ServiceAccount + name: pipelines-as-code-webhook + namespace: pipelines-as-code +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pipeline-as-code-webhook-clusterrole +--- + +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: repositories.pipelinesascode.tekton.dev + labels: + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +spec: + group: pipelinesascode.tekton.dev + versions: + - name: v1alpha1 + subresources: + status: {} + additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - name: Succeeded + type: string + jsonPath: '.pipelinerun_status[-1].conditions[?(@.type=="Succeeded")].status' + - name: Reason + type: string + jsonPath: '.pipelinerun_status[-1].conditions[?(@.type=="Succeeded")].reason' + - name: StartTime + type: date + jsonPath: ".pipelinerun_status[-1].startTime" + - name: CompletionTime + type: date + jsonPath: ".pipelinerun_status[-1].completionTime" + served: true + storage: true + schema: + openAPIV3Schema: + x-kubernetes-preserve-unknown-fields: true + description: Schema for the repository API + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/ api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of Repository + properties: + settings: + description: Settings relative to the Repository + type: object + properties: + policy: + type: object + description: Set policy on actions allowing only some teams + properties: + ok_to_test: + type: array + items: + description: list of teams allowed to run /ok-to-test + type: string + pull_request: + type: array + items: + description: list of teams allowed to have ci run on pull/merge requests. + type: string + github_app_token_scope_repos: + type: array + items: + description: list of repositories where Github token can be scoped + type: string + pipelinerun_provenance: + description: From where the PipelineRun definitions will be coming from + type: string + enum: + - source + - default_branch + concurrency_limit: + description: Number of maximum pipelinerun running at any moment + type: integer + url: + description: Repository URL + type: string + type: + description: Git repository provider + type: string + enum: + - github + - gitea + - bitbucket + - gitlab + - bitbucket-enteprise + params: + type: array + items: + type: object + required: + - name + properties: + name: + description: The name of the params for the pipelinerun variable + type: string + value: + description: The value of the params as injected into pipelinerun + type: string + filter: + description: A CEL filter to set condition on param + type: string + secret_ref: + description: The value as coming from secret + type: object + required: + - name + - key + properties: + key: + description: Key of the secret + type: string + default: "secret" + name: + description: Name of the secret + type: string + incoming: + type: array + items: + type: object + properties: + type: + description: Type of webhook + type: string + enum: + - webhook-url + params: + description: Parameters accepted to be overwritten when posting to the webhook + type: array + items: + description: Parameter + type: string + targets: + description: List of target branches or ref to trigger webhooks on + type: array + items: + description: Branch name + type: string + secret: + description: Secret to use for the webhook + type: object + properties: + key: + description: Key of the secret + type: string + default: "secret" + name: + description: Name of the secret + type: string + git_provider: + type: object + properties: + url: + description: The Git provider api url + type: string + user: + description: The Git provider api user + type: string + type: + description: The Git provider type + type: string + secret: + type: object + properties: + key: + type: string + description: "Key inside the secret" + default: "provider.token" + name: + type: string + description: "The secret name" + webhook_secret: + type: object + properties: + key: + type: string + description: "Key inside the secret" + default: "webhook.secret" + name: + type: string + description: "The secret name" + type: object + type: object + scope: Namespaced + names: + plural: repositories + singular: repository + kind: Repository + shortNames: + - repo +--- + +apiVersion: v1 +kind: ConfigMap +metadata: + name: pac-config-logging + namespace: pipelines-as-code + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +data: + zap-logger-config: | + { + "level": "info", + "development": false, + "sampling": { + "initial": 100, + "thereafter": 100 + }, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "ts", + "levelKey": "level", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "msg", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "iso8601", + "durationEncoder": "", + "callerEncoder": "" + } + } + # Log level overrides + loglevel.pipelinesascode: "info" + loglevel.pac-watcher: "info" + loglevel.pipelines-as-code-webhook: "info" +--- + +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# See https://pipelinesascode.com/docs/install/settings/ for the complete +# documentation of all settings. + +apiVersion: v1 +data: + # The application name, you can customize this label. If using the Github App you will need to customize the label on the github app setting as well. + application-name: "Pipelines as Code CI" + + # Whether to automatically create a secret with the token to be use by git-clone + secret-auto-create: "true" + + # By default we only generate token scoped to the repository from where the + # payload come from. + # We do this because if the github apps is installed on an github organisation + # + # and there is a mix of public and private repositories in there + # where some users on that org does not have access. + # + # If you trust every users on your organisations to access any repos there or + # not planning to install your github application globally on a Github Organisation + # then you can safely set this option to false. + secret-github-app-token-scoped: "true" + + # If you don't want to completely disable the scoping of the token, but still + # wants some other repos (on the same installation id) available from the + # token, then you can add an extra owner/repo here. + # + # You can have multiple owner/repositories separated by commas: + # i.e: "owner/private-repo1, org/repo2" + secret-github-app-scope-extra-repos: "" + + # Tekton HUB API urls + hub-url: "https://api.hub.tekton.dev/v1" + + # Tekton HUB catalog name + hub-catalog-name: "tekton" + + # Additional Hub Catalogs is supported, for example: + # + # catalog-1-id: anotherhub + # catalog-1-name: tekton + # catalog-1-url: https://api.other.com/v1 + # + # this configuration will have a new catalog named anotherhub on https://api.other.com/v1 endpoint and catalog name tekton + # to be used by a user in their templates like this: + # pipelinesascode.tekton.dev/task: "anotherhub://task" + # + # Increase the number of the catalog to add more of them + + # Allow fetching remote tasks + remote-tasks: "true" + + # Using the URL of the Tekton dashboard, Pipelines-as-Code generates a URL to the + # PipelineRun on the Tekton dashboard + tekton-dashboard-url: "" + + # Enable or disable the feature to show a log snippet of the failed task when there is + # an error in a Pipeline + # + # It will show the last 3 lines of the first container of the first task + # that has error in the pipeline. + # + # you may want to disable this if you think your pipeline may leak some value + error-log-snippet: "true" + + # Enable or disable the inspection of container logs to detect error message + # and expose them as annotations on Pull Request. Only Github apps is supported + error-detection-from-container-logs: "true" + + # How many lines to grab from the container when inspecting the + # logs for error-detection. Increasing this value may increase the watcher + # memory usage. Use -1 for unlimited lines. + error-detection-max-number-of-lines: "50" + + # The default regexp used when we use the simple error detection + error-detection-simple-regexp: |- + ^(?P[^:]*):(?P[0-9]+):(?P[0-9]+)?([ ]*)?(?P.*) + + # Since public bitbucket doesn't have the concept of Secret, we need to be + # able to secure the request by querying https://ip-ranges.atlassian.com/, + # this only happen for public bitbucket (ie: when provider.url is not set in + # repository spec). If you want to override this, you need to bear in mind + # this could be a security issue, a malicious user can send a PR to your repo + # with a modification to your PipelineRun that would grab secrets, tunnel or + # others and then send a malicious webhook payload to the controller which + # look like a authorized owner has send the PR to run it.. + bitbucket-cloud-check-source-ip: "true" + + # Add extra IPS (ie: 127.0.0.1) or networks (127.0.0.0/16) separated by commas. + bitbucket-cloud-additional-source-ip: "" + + # max-keep-run-upper-limit defines the upper limit for max-keep-run annotation + # value which a user can set on pipelineRun. the value set on annotation + # should be less than or equal to the upper limit otherwise the upper limit + # will be used while cleaning up + max-keep-run-upper-limit: "" + + # if defined then applies to all pipelineRun who doesn't have max-keep-runs annotation + default-max-keep-runs: "" + + # Whether to auto configure newly created repositories, this will create a new + # namespace and repository CR, supported only with GitHub App + auto-configure-new-github-repo: "false" + + # add a template to generate name for namespace for your auto configured + # github repo supported fields are repo_owner, repo_name eg. if defined as + # `{{repo_owner}}-{{repo_name}}-ci`, then namespace generated for repository + # https://github.com/owner/repo will be `owner-repo-ci` + auto-configure-repo-namespace-template: "" + + # Enable or disable the feature to rerun the CI if push event happens on + # a pull request + # + # By default it is true and CI will be re-run in case of push/amend on the + # pull request if ok-to-test is done once + # + # you may want to disable this if ok-to-test should be done on each iteration + remember-ok-to-test: "true" + + # Configure a custom console here, the driver support custom parameters from + # Repo CR along a few other template variable, see documentation for more + # details + # + # custom-console-name: Console Name + # custom-console-url: https://url + # custom-console-url-pr-details: https://url/ns/{{ namespace }}/{{ pr }} + # custom-console-url-pr-tasklog: https://url/ns/{{ namespace }}/{{ pr }}/logs/{{ task }} + +kind: ConfigMap +metadata: + name: pipelines-as-code + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/part-of: pipelines-as-code +--- + +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This configmap is filled by bootstrap command +# GitHub App is added as provider and later this is checked +# before configuring a new GitHub App so that we don't +# configure more than one App + +apiVersion: v1 +data: + # pipelines as code controller version + version: "v0.28.1" + + # controller url to be used for configuring webhook using cli + controller-url: "" + + # display the configured provider on the platform + # only one provider type to be configured at a time + # eg. if GitHub App is configured, then webhooks should not be configured + provider: "" + +kind: ConfigMap +metadata: + name: pipelines-as-code-info + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/part-of: pipelines-as-code +--- + +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Secret +metadata: + name: pipelines-as-code-webhook-certs + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/part-of: pipelines-as-code +# The data is populated at install time +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.pipelinesascode.tekton.dev + labels: + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/part-of: pipelines-as-code +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: pipelines-as-code-webhook + namespace: pipelines-as-code + failurePolicy: Fail + sideEffects: None + name: validation.pipelinesascode.tekton.dev +--- + +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: pipelines-as-code-config-observability + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/part-of: pipelines-as-code +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # metrics.backend-destination field specifies the system metrics destination. + # It supports either prometheus (the default) or stackdriver. + # Note: Using Stackdriver will incur additional charges. + metrics.backend-destination: prometheus + # metrics.stackdriver-project-id field specifies the Stackdriver project ID. This + # field is optional. When running on GCE, application default credentials will be + # used and metrics will be sent to the cluster's project if this field is + # not provided. + metrics.stackdriver-project-id: "" + # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed + # to send metrics to Stackdriver using "global" resource type and custom + # metric type. Setting this flag to "true" could cause extra Stackdriver + # charge. If metrics.backend-destination is not Stackdriver, this is + # ignored. + metrics.allow-stackdriver-custom-metrics: "false" +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: pac-watcher-config-leader-election + namespace: pipelines-as-code + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: pac-webhook-config-leader-election + namespace: pipelines-as-code + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: pipelines-as-code-controller + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/part-of: pipelines-as-code +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + template: + metadata: + labels: + app: pipelines-as-code-controller + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + app.kubernetes.io/version: "v0.28.1" + spec: + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: pipelines-as-code-controller + containers: + - name: pac-controller + image: "ghcr.io/openshift-pipelines/pipelines-as-code-controller:v0.28.1" + imagePullPolicy: Always + ports: + - name: api + containerPort: 8080 + - name: metrics + containerPort: 9090 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + readinessProbe: + failureThreshold: 3 + httpGet: + path: /live + port: api + scheme: HTTP + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /live + port: api + scheme: HTTP + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 1 + env: + - name: CONFIG_LOGGING_NAME + value: pac-config-logging + - name: TLS_KEY + value: "key" + - name: TLS_CERT + value: "cert" + - name: TLS_SECRET_NAME + value: "pipelines-as-code-tls-secret" + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: K_METRICS_CONFIG + value: '{"Domain":"pipelinesascode.tekton.dev/controller","Component":"pac_controller","PrometheusPort":9090,"ConfigMap":{"name":"pipelines-as-code-config-observability"}}' + - name: K_TRACING_CONFIG + value: '{"backend":"prometheus","debug":"false","sample-rate":"0"}' + - name: K_SINK_TIMEOUT + value: "30" + - name: PAC_CONTROLLER_LABEL + value: "default" + - name: PAC_CONTROLLER_SECRET + value: "pipelines-as-code-secret" + - name: PAC_CONTROLLER_CONFIGMAP + value: "pipelines-as-code" + volumeMounts: + - mountPath: "/etc/pipelines-as-code/tls" + readOnly: true + name: tls + volumes: + - name: tls + secret: + secretName: pipelines-as-code-tls-secret + optional: true +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: v1 +kind: Service +metadata: + name: pipelines-as-code-controller + namespace: pipelines-as-code + labels: + app: pipelines-as-code-controller + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/part-of: pipelines-as-code +spec: + ports: + - name: http-listener + port: 8080 + protocol: TCP + targetPort: 8080 + - name: http-metrics + port: 9090 + protocol: TCP + targetPort: 9090 + selector: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: pipelines-as-code-watcher + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/part-of: pipelines-as-code +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: watcher + app.kubernetes.io/component: watcher + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + template: + metadata: + labels: + app.kubernetes.io/name: watcher + app.kubernetes.io/component: watcher + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + app.kubernetes.io/version: "v0.28.1" + app: pipelines-as-code-watcher + spec: + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: pipelines-as-code-watcher + containers: + - name: pac-watcher + image: "ghcr.io/openshift-pipelines/pipelines-as-code-watcher:v0.28.1" + imagePullPolicy: Always + env: + - name: CONFIG_LOGGING_NAME + value: pac-config-logging + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: METRICS_DOMAIN + value: tekton.dev/pipelinesascode + - name: CONFIG_OBSERVABILITY_NAME + value: pipelines-as-code-config-observability + - name: CONFIG_LEADERELECTION_NAME + value: pac-watcher-config-leader-election + ports: + - name: probes + containerPort: 8080 + - name: metrics + containerPort: 9090 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + readinessProbe: + httpGet: + path: /live + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + livenessProbe: + httpGet: + path: /live + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: v1 +kind: Service +metadata: + name: pipelines-as-code-watcher + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/part-of: pipelines-as-code + app: pipelines-as-code-watcher +spec: + ports: + - name: http-metrics + port: 9090 + protocol: TCP + targetPort: 9090 + selector: + app.kubernetes.io/name: watcher + app.kubernetes.io/component: watcher + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: pipelines-as-code-webhook + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/part-of: pipelines-as-code +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + template: + metadata: + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + app.kubernetes.io/version: "v0.28.1" + spec: + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: pipelines-as-code-webhook + containers: + - name: pac-webhook + image: "ghcr.io/openshift-pipelines/pipelines-as-code-webhook:v0.28.1" + env: + - name: CONFIG_LOGGING_NAME + value: pac-config-logging + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: WEBHOOK_SERVICE_NAME + value: pipelines-as-code-webhook + - name: WEBHOOK_SECRET_NAME + value: pipelines-as-code-webhook-certs + - name: METRICS_DOMAIN + value: tekton.dev/pipelinesascode + - name: CONFIG_LEADERELECTION_NAME + value: pac-webhook-config-leader-election + ports: + - name: https-webhook + containerPort: 8443 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: v1 +kind: Service +metadata: + name: pipelines-as-code-webhook + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/part-of: pipelines-as-code +spec: + ports: + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + annotations: + haproxy.router.openshift.io/timeout: 600s + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + app.kubernetes.io/version: "v0.28.1" + pipelines-as-code/route: controller + name: pipelines-as-code-controller + namespace: pipelines-as-code +spec: + port: + targetPort: http-listener + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + to: + kind: Service + name: pipelines-as-code-controller + weight: 100 + wildcardPolicy: None +--- + +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: pipelines-as-code-monitoring + namespace: pipelines-as-code +rules: +- apiGroups: + - "" + resources: + - services + - endpoints + - pods + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pipelines-as-code-monitoring + namespace: pipelines-as-code +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipelines-as-code-monitoring +subjects: + - kind: ServiceAccount + name: prometheus-k8s + namespace: pipelines-as-code +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: pipelines-as-code-monitor + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/part-of: pipelines-as-code + annotations: + networkoperator.openshift.io/ignore-errors: "" +spec: + endpoints: + - interval: 10s + port: http-metrics + jobLabel: app + namespaceSelector: + matchNames: + - pipelines-as-code + selector: + matchLabels: + app: pipelines-as-code-watcher +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: pipelines-as-code-controller-monitor + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.28.1" + app.kubernetes.io/part-of: pipelines-as-code + annotations: + networkoperator.openshift.io/ignore-errors: "" +spec: + endpoints: + - interval: 10s + port: http-metrics + jobLabel: app + namespaceSelector: + matchNames: + - pipelines-as-code + selector: + matchLabels: + app: pipelines-as-code-controller diff --git a/cmd/openshift/operator/kodata/tekton-addon/pipelines-as-code/v0.29.0/release.yaml b/cmd/openshift/operator/kodata/tekton-addon/pipelines-as-code/v0.29.0/release.yaml new file mode 100644 index 0000000000..df13cedd88 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/pipelines-as-code/v0.29.0/release.yaml @@ -0,0 +1,1574 @@ +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: v1 +kind: Namespace +metadata: + name: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + openshift.io/cluster-monitoring: "true" +--- + +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: pipelines-as-code-info + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +rules: + # All system:authenticated users needs to have access + # of the pipelines-as-code-info ConfigMap even if they don't + # have access to the other resources present in the + # installed namespace. + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["pipelines-as-code-info"] + verbs: ["get"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pipelines-as-code-info + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +subjects: + - kind: Group + name: system:authenticated + apiGroup: rbac.authorization.k8s.io +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipelines-as-code-info +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: pipelines-as-code-aggregate + labels: + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - pipelinesascode.tekton.dev + resources: + - repositories + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- + +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pipelines-as-code-controller + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: pipelines-as-code-controller-role + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pipelines-as-code-controller-binding + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +subjects: + - kind: ServiceAccount + name: pipelines-as-code-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipelines-as-code-controller-role +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: pipeline-as-code-controller-clusterrole + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +rules: + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["create"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "create", "update", "delete"] + - apiGroups: ["pipelinesascode.tekton.dev"] + resources: ["repositories"] + verbs: ["get", "create", "list"] + - apiGroups: ["tekton.dev"] + resources: ["pipelineruns"] + verbs: ["get", "list", "create", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create"] + - apiGroups: ["route.openshift.io"] + resources: ["routes"] + verbs: ["get"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: pipelines-as-code-controller-clusterbinding + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +subjects: + - kind: ServiceAccount + name: pipelines-as-code-controller + namespace: pipelines-as-code +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pipeline-as-code-controller-clusterrole +--- + +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pipelines-as-code-watcher + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: pipelines-as-code-watcher-role + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pipelines-as-code-watcher-binding + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +subjects: + - kind: ServiceAccount + name: pipelines-as-code-watcher +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipelines-as-code-watcher-role +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: pipeline-as-code-watcher-clusterrole + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "delete"] + - apiGroups: ["pipelinesascode.tekton.dev"] + resources: ["repositories"] + verbs: ["get", "list", "update", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["pipelineruns"] + verbs: ["get", "delete", "list", "watch", "update", "patch"] + - apiGroups: ["tekton.dev"] + resources: ["taskruns"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "update", "patch"] + - apiGroups: ["route.openshift.io"] + resources: ["routes"] + verbs: ["get"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: pipelines-as-code-watcher-clusterbinding + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +subjects: +- kind: ServiceAccount + name: pipelines-as-code-watcher + namespace: pipelines-as-code +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pipeline-as-code-watcher-clusterrole +--- + +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pipelines-as-code-webhook + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: pipelines-as-code-webhook-role + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "update"] + resourceNames: ["pipelines-as-code-webhook-certs"] + # The webhook daemon makes a reconciliation loop on webhook-certs. Whenever + # the secret changes it updates the webhook configurations with the certificates + # stored in the secret. + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + # webhook uses leases for leader election +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pipelines-as-code-webhook-binding + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +subjects: + - kind: ServiceAccount + name: pipelines-as-code-webhook +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipelines-as-code-webhook-role +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: pipeline-as-code-webhook-clusterrole + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +rules: + - apiGroups: ["pipelinesascode.tekton.dev"] + resources: ["repositories"] + verbs: ["get", "list", "watch"] + # The webhook performs a reconciliation on this resource and continuously + # updates configuration. + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + verbs: ["list", "watch"] + # When there are changes to the configs or secrets, knative updates the validating webhook config + # with the updated certificates or the refreshed set of rules. + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + verbs: ["get", "update", "delete"] + resourceNames: ["validation.pipelinesascode.tekton.dev"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: pipelines-as-code-webhook-clusterbinding + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +subjects: +- kind: ServiceAccount + name: pipelines-as-code-webhook + namespace: pipelines-as-code +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pipeline-as-code-webhook-clusterrole +--- + +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: repositories.pipelinesascode.tekton.dev + labels: + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +spec: + group: pipelinesascode.tekton.dev + versions: + - name: v1alpha1 + subresources: + status: {} + additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - name: Succeeded + type: string + jsonPath: '.pipelinerun_status[-1].conditions[?(@.type=="Succeeded")].status' + - name: Reason + type: string + jsonPath: '.pipelinerun_status[-1].conditions[?(@.type=="Succeeded")].reason' + - name: StartTime + type: date + jsonPath: ".pipelinerun_status[-1].startTime" + - name: CompletionTime + type: date + jsonPath: ".pipelinerun_status[-1].completionTime" + served: true + storage: true + schema: + openAPIV3Schema: + x-kubernetes-preserve-unknown-fields: true + description: Schema for the repository API + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/ api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of Repository + properties: + settings: + description: Settings relative to the Repository + type: object + properties: + policy: + type: object + description: Set policy on actions allowing only some teams + properties: + ok_to_test: + type: array + items: + description: list of teams allowed to run /ok-to-test + type: string + pull_request: + type: array + items: + description: list of teams allowed to have ci run on pull/merge requests. + type: string + github_app_token_scope_repos: + type: array + items: + description: list of repositories where Github token can be scoped + type: string + pipelinerun_provenance: + description: From where the PipelineRun definitions will be coming from + type: string + enum: + - source + - default_branch + concurrency_limit: + description: Number of maximum pipelinerun running at any moment + type: integer + url: + description: Repository URL + type: string + type: + description: Git repository provider + type: string + enum: + - github + - gitea + - bitbucket + - gitlab + - bitbucket-enteprise + params: + type: array + items: + type: object + required: + - name + properties: + name: + description: The name of the params for the pipelinerun variable + type: string + value: + description: The value of the params as injected into pipelinerun + type: string + filter: + description: A CEL filter to set condition on param + type: string + secret_ref: + description: The value as coming from secret + type: object + required: + - name + - key + properties: + key: + description: Key of the secret + type: string + default: "secret" + name: + description: Name of the secret + type: string + incoming: + type: array + items: + type: object + properties: + type: + description: Type of webhook + type: string + enum: + - webhook-url + params: + description: Parameters accepted to be overwritten when posting to the webhook + type: array + items: + description: Parameter + type: string + targets: + description: List of target branches or ref to trigger webhooks on + type: array + items: + description: Branch name + type: string + secret: + description: Secret to use for the webhook + type: object + properties: + key: + description: Key of the secret + type: string + default: "secret" + name: + description: Name of the secret + type: string + git_provider: + type: object + properties: + url: + description: The Git provider api url + type: string + user: + description: The Git provider api user + type: string + type: + description: The Git provider type + type: string + secret: + type: object + properties: + key: + type: string + description: "Key inside the secret" + default: "provider.token" + name: + type: string + description: "The secret name" + webhook_secret: + type: object + properties: + key: + type: string + description: "Key inside the secret" + default: "webhook.secret" + name: + type: string + description: "The secret name" + type: object + type: object + scope: Namespaced + names: + plural: repositories + singular: repository + kind: Repository + shortNames: + - repo +--- + +apiVersion: v1 +kind: ConfigMap +metadata: + name: pac-config-logging + namespace: pipelines-as-code + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +data: + zap-logger-config: | + { + "level": "info", + "development": false, + "sampling": { + "initial": 100, + "thereafter": 100 + }, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "ts", + "levelKey": "level", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "msg", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "iso8601", + "durationEncoder": "", + "callerEncoder": "" + } + } + # Log level overrides + loglevel.pipelinesascode: "info" + loglevel.pac-watcher: "info" + loglevel.pipelines-as-code-webhook: "info" +--- + +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# See https://pipelinesascode.com/docs/install/settings/ for the complete +# documentation of all settings. + +apiVersion: v1 +data: + # The application name, you can customize this label. If using the Github App you will need to customize the label on the github app setting as well. + application-name: "Pipelines as Code CI" + + # Whether to automatically create a secret with the token to be use by git-clone + secret-auto-create: "true" + + # By default we only generate token scoped to the repository from where the + # payload come from. + # We do this because if the github apps is installed on an github organisation + # + # and there is a mix of public and private repositories in there + # where some users on that org does not have access. + # + # If you trust every users on your organisations to access any repos there or + # not planning to install your github application globally on a Github Organisation + # then you can safely set this option to false. + secret-github-app-token-scoped: "true" + + # If you don't want to completely disable the scoping of the token, but still + # wants some other repos (on the same installation id) available from the + # token, then you can add an extra owner/repo here. + # + # You can have multiple owner/repositories separated by commas: + # i.e: "owner/private-repo1, org/repo2" + secret-github-app-scope-extra-repos: "" + + # Tekton HUB API urls + hub-url: "https://api.hub.tekton.dev/v1" + + # Tekton HUB catalog name + hub-catalog-name: "tekton" + + # Additional Hub Catalogs is supported, for example: + # + # catalog-1-id: anotherhub + # catalog-1-name: tekton + # catalog-1-url: https://api.other.com/v1 + # + # this configuration will have a new catalog named anotherhub on https://api.other.com/v1 endpoint and catalog name tekton + # to be used by a user in their templates like this: + # pipelinesascode.tekton.dev/task: "anotherhub://task" + # + # Increase the number of the catalog to add more of them + + # Allow fetching remote tasks + remote-tasks: "true" + + # Using the URL of the Tekton dashboard, Pipelines-as-Code generates a URL to the + # PipelineRun on the Tekton dashboard + tekton-dashboard-url: "" + + # Enable or disable the feature to show a log snippet of the failed task when there is + # an error in a Pipeline + # + # It will show the last 3 lines of the first container of the first task + # that has error in the pipeline. + # + # you may want to disable this if you think your pipeline may leak some value + error-log-snippet: "true" + + # Enable or disable the inspection of container logs to detect error message + # and expose them as annotations on Pull Request. Only Github apps is supported + error-detection-from-container-logs: "true" + + # How many lines to grab from the container when inspecting the + # logs for error-detection. Increasing this value may increase the watcher + # memory usage. Use -1 for unlimited lines. + error-detection-max-number-of-lines: "50" + + # The default regexp used when we use the simple error detection + error-detection-simple-regexp: |- + ^(?P[^:]*):(?P[0-9]+):(?P[0-9]+)?([ ]*)?(?P.*) + + # Since public bitbucket doesn't have the concept of Secret, we need to be + # able to secure the request by querying https://ip-ranges.atlassian.com/, + # this only happen for public bitbucket (ie: when provider.url is not set in + # repository spec). If you want to override this, you need to bear in mind + # this could be a security issue, a malicious user can send a PR to your repo + # with a modification to your PipelineRun that would grab secrets, tunnel or + # others and then send a malicious webhook payload to the controller which + # look like a authorized owner has send the PR to run it.. + bitbucket-cloud-check-source-ip: "true" + + # Add extra IPS (ie: 127.0.0.1) or networks (127.0.0.0/16) separated by commas. + bitbucket-cloud-additional-source-ip: "" + + # max-keep-run-upper-limit defines the upper limit for max-keep-run annotation + # value which a user can set on pipelineRun. the value set on annotation + # should be less than or equal to the upper limit otherwise the upper limit + # will be used while cleaning up + max-keep-run-upper-limit: "" + + # if defined then applies to all pipelineRun who doesn't have max-keep-runs annotation + default-max-keep-runs: "" + + # Whether to auto configure newly created repositories, this will create a new + # namespace and repository CR, supported only with GitHub App + auto-configure-new-github-repo: "false" + + # add a template to generate name for namespace for your auto configured + # github repo supported fields are repo_owner, repo_name eg. if defined as + # `{{repo_owner}}-{{repo_name}}-ci`, then namespace generated for repository + # https://github.com/owner/repo will be `owner-repo-ci` + auto-configure-repo-namespace-template: "" + + # Enable or disable the feature to rerun the CI if push event happens on + # a pull request + # + # By default it is true and CI will be re-run in case of push/amend on the + # pull request if ok-to-test is done once + # + # you may want to disable this if ok-to-test should be done on each iteration + remember-ok-to-test: "true" + + # Configure a custom console here, the driver support custom parameters from + # Repo CR along a few other template variable, see documentation for more + # details + # + # custom-console-name: Console Name + # custom-console-url: https://url + # custom-console-url-pr-details: https://url/ns/{{ namespace }}/{{ pr }} + # custom-console-url-pr-tasklog: https://url/ns/{{ namespace }}/{{ pr }}/logs/{{ task }} + +kind: ConfigMap +metadata: + name: pipelines-as-code + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/part-of: pipelines-as-code +--- + +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This configmap is filled by bootstrap command +# GitHub App is added as provider and later this is checked +# before configuring a new GitHub App so that we don't +# configure more than one App + +apiVersion: v1 +data: + # pipelines as code controller version + version: "v0.29.0" + + # controller url to be used for configuring webhook using cli + controller-url: "" + + # display the configured provider on the platform + # only one provider type to be configured at a time + # eg. if GitHub App is configured, then webhooks should not be configured + provider: "" + +kind: ConfigMap +metadata: + name: pipelines-as-code-info + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/part-of: pipelines-as-code +--- + +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Secret +metadata: + name: pipelines-as-code-webhook-certs + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/part-of: pipelines-as-code +# The data is populated at install time +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.pipelinesascode.tekton.dev + labels: + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/part-of: pipelines-as-code +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: pipelines-as-code-webhook + namespace: pipelines-as-code + failurePolicy: Fail + sideEffects: None + name: validation.pipelinesascode.tekton.dev +--- + +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: pipelines-as-code-config-observability + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/part-of: pipelines-as-code +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # metrics.backend-destination field specifies the system metrics destination. + # It supports either prometheus (the default) or stackdriver. + # Note: Using Stackdriver will incur additional charges. + metrics.backend-destination: prometheus + # metrics.stackdriver-project-id field specifies the Stackdriver project ID. This + # field is optional. When running on GCE, application default credentials will be + # used and metrics will be sent to the cluster's project if this field is + # not provided. + metrics.stackdriver-project-id: "" + # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed + # to send metrics to Stackdriver using "global" resource type and custom + # metric type. Setting this flag to "true" could cause extra Stackdriver + # charge. If metrics.backend-destination is not Stackdriver, this is + # ignored. + metrics.allow-stackdriver-custom-metrics: "false" +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: pac-watcher-config-leader-election + namespace: pipelines-as-code + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: pac-webhook-config-leader-election + namespace: pipelines-as-code + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: pipelines-as-code-controller + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/part-of: pipelines-as-code +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + template: + metadata: + labels: + app: pipelines-as-code-controller + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + app.kubernetes.io/version: "v0.29.0" + spec: + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: pipelines-as-code-controller + containers: + - name: pac-controller + image: "ghcr.io/openshift-pipelines/pipelines-as-code-controller:v0.29.0" + imagePullPolicy: Always + ports: + - name: api + containerPort: 8080 + - name: metrics + containerPort: 9090 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + readinessProbe: + failureThreshold: 3 + httpGet: + path: /live + port: api + scheme: HTTP + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /live + port: api + scheme: HTTP + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 1 + env: + - name: CONFIG_LOGGING_NAME + value: pac-config-logging + - name: TLS_KEY + value: "key" + - name: TLS_CERT + value: "cert" + - name: TLS_SECRET_NAME + value: "pipelines-as-code-tls-secret" + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: K_METRICS_CONFIG + value: '{"Domain":"pipelinesascode.tekton.dev/controller","Component":"pac_controller","PrometheusPort":9090,"ConfigMap":{"name":"pipelines-as-code-config-observability"}}' + - name: K_TRACING_CONFIG + value: '{"backend":"prometheus","debug":"false","sample-rate":"0"}' + - name: K_SINK_TIMEOUT + value: "30" + - name: PAC_CONTROLLER_LABEL + value: "default" + - name: PAC_CONTROLLER_SECRET + value: "pipelines-as-code-secret" + - name: PAC_CONTROLLER_CONFIGMAP + value: "pipelines-as-code" + volumeMounts: + - mountPath: "/etc/pipelines-as-code/tls" + readOnly: true + name: tls + volumes: + - name: tls + secret: + secretName: pipelines-as-code-tls-secret + optional: true +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: v1 +kind: Service +metadata: + name: pipelines-as-code-controller + namespace: pipelines-as-code + labels: + app: pipelines-as-code-controller + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/part-of: pipelines-as-code +spec: + ports: + - name: http-listener + port: 8080 + protocol: TCP + targetPort: 8080 + - name: http-metrics + port: 9090 + protocol: TCP + targetPort: 9090 + selector: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: pipelines-as-code-watcher + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/part-of: pipelines-as-code +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: watcher + app.kubernetes.io/component: watcher + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + template: + metadata: + labels: + app.kubernetes.io/name: watcher + app.kubernetes.io/component: watcher + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + app.kubernetes.io/version: "v0.29.0" + app: pipelines-as-code-watcher + spec: + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: pipelines-as-code-watcher + containers: + - name: pac-watcher + image: "ghcr.io/openshift-pipelines/pipelines-as-code-watcher:v0.29.0" + imagePullPolicy: Always + env: + - name: CONFIG_LOGGING_NAME + value: pac-config-logging + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: METRICS_DOMAIN + value: tekton.dev/pipelinesascode + - name: CONFIG_OBSERVABILITY_NAME + value: pipelines-as-code-config-observability + - name: CONFIG_LEADERELECTION_NAME + value: pac-watcher-config-leader-election + ports: + - name: probes + containerPort: 8080 + - name: metrics + containerPort: 9090 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + readinessProbe: + httpGet: + path: /live + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + livenessProbe: + httpGet: + path: /live + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: v1 +kind: Service +metadata: + name: pipelines-as-code-watcher + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/part-of: pipelines-as-code + app: pipelines-as-code-watcher +spec: + ports: + - name: http-metrics + port: 9090 + protocol: TCP + targetPort: 9090 + selector: + app.kubernetes.io/name: watcher + app.kubernetes.io/component: watcher + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: pipelines-as-code-webhook + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/part-of: pipelines-as-code +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + template: + metadata: + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + app.kubernetes.io/version: "v0.29.0" + spec: + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: pipelines-as-code-webhook + containers: + - name: pac-webhook + image: "ghcr.io/openshift-pipelines/pipelines-as-code-webhook:v0.29.0" + env: + - name: CONFIG_LOGGING_NAME + value: pac-config-logging + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: WEBHOOK_SERVICE_NAME + value: pipelines-as-code-webhook + - name: WEBHOOK_SECRET_NAME + value: pipelines-as-code-webhook-certs + - name: METRICS_DOMAIN + value: tekton.dev/pipelinesascode + - name: CONFIG_LEADERELECTION_NAME + value: pac-webhook-config-leader-election + ports: + - name: https-webhook + containerPort: 8443 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: v1 +kind: Service +metadata: + name: pipelines-as-code-webhook + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/part-of: pipelines-as-code +spec: + ports: + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + annotations: + haproxy.router.openshift.io/timeout: 600s + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + app.kubernetes.io/version: "v0.29.0" + pipelines-as-code/route: controller + name: pipelines-as-code-controller + namespace: pipelines-as-code +spec: + port: + targetPort: http-listener + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + to: + kind: Service + name: pipelines-as-code-controller + weight: 100 + wildcardPolicy: None +--- + +# Copyright 2024 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: pipelines-as-code-monitoring + namespace: pipelines-as-code +rules: +- apiGroups: + - "" + resources: + - services + - endpoints + - pods + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pipelines-as-code-monitoring + namespace: pipelines-as-code +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipelines-as-code-monitoring +subjects: + - kind: ServiceAccount + name: prometheus-k8s + namespace: pipelines-as-code +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: pipelines-as-code-monitor + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/part-of: pipelines-as-code + annotations: + networkoperator.openshift.io/ignore-errors: "" +spec: + endpoints: + - interval: 10s + port: http-metrics + jobLabel: app + namespaceSelector: + matchNames: + - pipelines-as-code + selector: + matchLabels: + app: pipelines-as-code-watcher +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: pipelines-as-code-controller-monitor + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.29.0" + app.kubernetes.io/part-of: pipelines-as-code + annotations: + networkoperator.openshift.io/ignore-errors: "" +spec: + endpoints: + - interval: 10s + port: http-metrics + jobLabel: app + namespaceSelector: + matchNames: + - pipelines-as-code + selector: + matchLabels: + app: pipelines-as-code-controller diff --git a/cmd/openshift/operator/kodata/tekton-chains/0.23.0/00-chains.yaml b/cmd/openshift/operator/kodata/tekton-chains/0.23.0/00-chains.yaml new file mode 100644 index 0000000000..0b8a602c74 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-chains/0.23.0/00-chains.yaml @@ -0,0 +1,551 @@ +# Copyright 2021 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: Namespace +apiVersion: v1 +metadata: + name: tekton-chains + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains +--- +apiVersion: v1 +kind: Secret +metadata: + name: signing-secrets + namespace: tekton-chains + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains + +# The data is populated at install time. +# data: +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: chains-config + namespace: tekton-chains + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains + +# The data can be tweaked at install time, it is commented out +# because these are the default settings. +# data: +# artifacts.taskrun.format: tekton +# artifacts.taskrun.storage: tekton +# artifacts.taskrun.signer: x509 +# artifacts.oci.storage: oci +# artifacts.oci.format: simplesigning +# artifacts.oci.signer: x509 +# transparency.enabled: false +# transparency.url: https://rekor.sigstore.dev +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-chains-controller + namespace: tekton-chains + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains + pipeline.tekton.dev/release: "v0.23.0" + version: "v0.23.0" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app: tekton-chains-controller + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains + # # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.23.0" + version: "v0.23.0" + spec: + serviceAccountName: tekton-chains-controller + containers: + - name: tekton-chains-controller + image: ghcr.io/tektoncd/chains/controller-92006fd957c0afd31de6a40b3e33b39f:v0.23.0@sha256:7abab31684e1e6afe070145883c3d4bd4e673a55eee48d156675ee22b9cd2c8b + volumeMounts: + - name: signing-secrets + mountPath: /etc/signing-secrets + - name: oidc-info + mountPath: /var/run/sigstore/cosign + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: METRICS_DOMAIN + value: tekton.dev/chains + - name: CONFIG_OBSERVABILITY_NAME + value: tekton-chains-config-observability + - name: CONFIG_LEADERELECTION_NAME + value: tekton-chains-config-leader-election + ports: + - name: metrics + containerPort: 9090 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + # User 65532 is the distroless nonroot user ID + runAsUser: 65532 + runAsGroup: 65532 + volumes: + - name: signing-secrets + secret: + secretName: signing-secrets + - name: oidc-info + projected: + sources: + # The "public good" instance supports tokens from EKS and GKE by default. + # The fulcio URL can also be redirected to an instance that has been + # configured to accept other issuers as well. Removing this volume + # completely will direct chains to use alternate ambient credentials + # (e.g. GKE workload identity, SPIFFE) + - serviceAccountToken: + path: oidc-token + expirationSeconds: 600 # Use as short-lived as possible. + audience: sigstore + +--- +# Copyright 2021 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-chains-controller-cluster-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains +subjects: + - kind: ServiceAccount + name: tekton-chains-controller + namespace: tekton-chains +roleRef: + kind: ClusterRole + name: tekton-chains-controller-cluster-access + apiGroup: rbac.authorization.k8s.io +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-chains-controller-cluster-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains +rules: + - apiGroups: [""] + # Controller needs to watch Pods created by TaskRuns to see them progress. + resources: ["pods"] + verbs: ["list", "watch"] + # Controller needs cluster access to all of the CRDs that it is responsible for + # managing. + - apiGroups: ["tekton.dev"] + resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "pipelineresources", "conditions", "runs"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["taskruns/finalizers", "pipelineruns/finalizers", "runs/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status", "pipelineruns/status", "pipelineresources/status", "runs/status"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + # This is the access that the controller needs on a per-namespace basis. + name: tekton-chains-controller-tenant-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains +rules: + # Read-write access to create Pods, K8s Events and PVCs (for Workspaces) + - apiGroups: [""] + resources: ["pods", "pods/log", "events", "persistentvolumeclaims"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + # Read-only access to these. + - apiGroups: [""] + resources: ["configmaps", "limitranges", "secrets", "serviceaccounts"] + verbs: ["get", "list", "watch"] + # Read-write access to StatefulSets for Affinity Assistant. + - apiGroups: ["apps"] + resources: ["statefulsets"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +# If this ClusterRoleBinding is replaced with a RoleBinding +# then the ClusterRole would be namespaced. The access described by +# the tekton-pipelines-controller-tenant-access ClusterRole would +# be scoped to individual tenant namespaces. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-chains-controller-tenant-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains +subjects: + - kind: ServiceAccount + name: tekton-chains-controller + namespace: tekton-chains +roleRef: + kind: ClusterRole + name: tekton-chains-controller-tenant-access + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-chains-controller + namespace: tekton-chains + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-chains-leader-election + namespace: tekton-chains + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains +rules: + # We uses leases for leaderelection + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-chains-controller-leaderelection + namespace: tekton-chains + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains +subjects: + - kind: ServiceAccount + name: tekton-chains-controller + namespace: tekton-chains +roleRef: + kind: Role + name: tekton-chains-leader-election + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: tekton-chains-info + namespace: tekton-chains + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains +rules: + # All system:authenticated users need to have access + # to the chains-info ConfigMap even if they don't + # have access to other resources present in the + # installed namespace + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["chains-info"] + verbs: ["get"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-chains-info + namespace: tekton-chains + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains +subjects: + # Giving all system:authenticated users the access to the + # ConfigMap which contains version information + - kind: Group + name: system:authenticated + apiGroup: rbac.authorization.k8s.io +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: tekton-chains-info + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: chains-info + namespace: tekton-chains + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains +data: + # Contains chains version which can be queried by external + # tools such as CLI. Elevated permissions are given to + # this ConfigMap such that even if we don't have access to + # other resources in the namespace, we can still access + # this ConfigMap. + version: "v0.23.0" + +--- +# Copyright 2023 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: tekton-chains-config-leader-election + namespace: tekton-chains + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" + +--- +# Copyright 2019 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-logging + namespace: tekton-chains + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains +data: + # Common configuration for all knative codebase + zap-logger-config: | + { + "level": "info", + "development": false, + "sampling": { + "initial": 100, + "thereafter": 100 + }, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "ts", + "levelKey": "level", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "msg", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "iso8601", + "durationEncoder": "", + "callerEncoder": "" + } + } + # Log level overrides + loglevel.controller: "info" + loglevel.webhook: "info" + +--- +# Copyright 2023 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: tekton-chains-config-observability + namespace: tekton-chains + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # + # metrics.backend-destination field specifies the system metrics destination. + # It supports either prometheus (the default) or stackdriver. + # Note: Using Stackdriver will incur additional charges. + # + metrics.backend-destination: prometheus + # + # metrics.stackdriver-project-id field specifies the Stackdriver project ID. This + # field is optional. When running on GCE, application default credentials will be + # used and metrics will be sent to the cluster's project if this field is + # not provided. + # + metrics.stackdriver-project-id: "" + # + # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed + # to send metrics to Stackdriver using "global" resource type and custom + # metric type. Setting this flag to "true" could cause extra Stackdriver + # charge. If metrics.backend-destination is not Stackdriver, this is + # ignored. + # + metrics.allow-stackdriver-custom-metrics: "false" + +--- +# Copyright 2023 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: tekton-chains-metrics + namespace: tekton-chains + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains + app: tekton-chains-controller +spec: + ports: + - name: http-metrics + port: 9090 + protocol: TCP + targetPort: 9090 + selector: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains + +--- diff --git a/cmd/openshift/operator/kodata/tekton-hub/v1.18.0/api/api.yaml b/cmd/openshift/operator/kodata/tekton-hub/v1.18.0/api/api.yaml new file mode 100644 index 0000000000..6f10b6d7f9 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-hub/v1.18.0/api/api.yaml @@ -0,0 +1,401 @@ +# Copyright © 2022 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: tekton-hub-api + labels: + app: tekton-hub-api +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + +--- +apiVersion: v1 +kind: Secret +metadata: + name: tekton-hub-api +type: Opaque +stringData: + GH_CLIENT_ID: '' + GH_CLIENT_SECRET: '' + GHE_URL: '' + GL_CLIENT_ID: '' + GL_CLIENT_SECRET: '' + GLE_URL: '' + BB_CLIENT_ID: '' + BB_CLIENT_SECRET: '' + JWT_SIGNING_KEY: '' + ACCESS_JWT_EXPIRES_IN: '' + REFRESH_JWT_EXPIRES_IN: '' + AUTH_BASE_URL: '' + +--- +# Copyright © 2020 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http:www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: tekton-hub-api + labels: + app: tekton-hub-api +data: + CATEGORIES: | + - Automation + - Build Tools + - CLI + - Cloud + - Code Quality + - Continuous Integration + - Deployment + - Developer Tools + - Image Build + - Integration & Delivery + - Git + - Kubernetes + - Messaging + - Monitoring + - Networking + - Openshift + - Publishing + - Security + - Storage + - Testing + CATALOGS: | + - name: tekton + org: tektoncd + type: community + provider: github + url: https://github.com/tektoncd/catalog + revision: main + SCOPES: | + - name: agent:create + users: [vinamra28, piyush-garg, pratap0007, puneetpunamiya, sm43, sthaha, vdemeester] + - name: catalog:refresh + users: [vinamra28, piyush-garg, pratap0007, puneetpunamiya, sm43, sthaha, vdemeester] + - name: config:refresh + users: [vinamra28, piyush-garg, pratap0007, puneetpunamiya, sm43, sthaha, vdemeester] + DEFAULT: | + scopes: + - rating:read + - rating:write + CATALOG_REFRESH_INTERVAL: 30m + +--- +# Copyright © 2020 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-hub-api + labels: + app: tekton-hub-api +spec: + selector: + matchLabels: + app: tekton-hub-api + replicas: 1 + template: + metadata: + labels: + app: tekton-hub-api + spec: + volumes: + - name: catalog-source + persistentVolumeClaim: + claimName: tekton-hub-api + - name: tekton-hub-config + configMap: + name: tekton-hub-api + items: + - key: CATEGORIES + path: 'categories' + - key: CATALOGS + path: 'catalogs' + - key: SCOPES + path: 'scopes' + - key: CATALOG_REFRESH_INTERVAL + path: 'catalog_refresh_interval' + - key: DEFAULT + path: 'default' + - name: ssh-creds + secret: + secretName: tekton-hub-api-ssh-crds + optional: true + securityContext: + fsGroup: 65532 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + containers: + - name: tekton-hub-api + image: quay.io/tekton-hub/api:v1.18.0 + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 500m + memory: 500Mi + volumeMounts: + - name: catalog-source + mountPath: '/tmp/catalog' + - name: ssh-creds + mountPath: '/home/hub/.ssh' + - name: tekton-hub-config + mountPath: '/tmp/config' + ports: + - containerPort: 8000 + - containerPort: 4200 + readinessProbe: + failureThreshold: 3 + httpGet: + path: / + port: 8000 + scheme: HTTP + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + httpGet: + path: / + port: 8000 + scheme: HTTP + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 1 + securityContext: + allowPrivilegeEscalation: false + runAsUser: 65532 + capabilities: + drop: + - ALL + env: + - name: HOME + value: /home/hub + - name: POSTGRES_HOST + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_HOST + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_PORT + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_DB + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_USER + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_PASSWORD + - name: CATALOG_REFRESH_INTERVAL + valueFrom: + configMapKeyRef: + name: tekton-hub-api + key: CATALOG_REFRESH_INTERVAL + - name: GH_CLIENT_ID + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: GH_CLIENT_ID + - name: GH_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: GH_CLIENT_SECRET + - name: GHE_URL + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: GHE_URL + - name: GL_CLIENT_ID + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: GL_CLIENT_ID + - name: GL_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: GL_CLIENT_SECRET + - name: GLE_URL + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: GLE_URL + - name: BB_CLIENT_ID + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: BB_CLIENT_ID + - name: BB_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: BB_CLIENT_SECRET + - name: JWT_SIGNING_KEY + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: JWT_SIGNING_KEY + - name: ACCESS_JWT_EXPIRES_IN + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: ACCESS_JWT_EXPIRES_IN + - name: REFRESH_JWT_EXPIRES_IN + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: REFRESH_JWT_EXPIRES_IN + - name: AUTH_BASE_URL + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: AUTH_BASE_URL + +--- +# Copyright © 2020 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Service +metadata: + name: tekton-hub-api + labels: + app: tekton-hub-api +spec: + selector: + app: tekton-hub-api + ports: + - name: tekton-hub-api + port: 8000 + targetPort: 8000 + - name: tekton-hub-auth + port: 4200 + targetPort: 4200 + type: NodePort + +--- +# Copyright © 2020 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: tekton-hub-api + labels: + app: tekton-hub-api +spec: + port: + targetPort: 8000 + to: + kind: Service + name: tekton-hub-api + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + +--- +# Copyright © 2022 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: tekton-hub-auth + labels: + app: tekton-hub-api +spec: + port: + targetPort: 4200 + to: + kind: Service + name: tekton-hub-api + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + +--- diff --git a/cmd/openshift/operator/kodata/tekton-hub/v1.18.0/db-migration/db-migration.yaml b/cmd/openshift/operator/kodata/tekton-hub/v1.18.0/db-migration/db-migration.yaml new file mode 100644 index 0000000000..f5b4f7a32b --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-hub/v1.18.0/db-migration/db-migration.yaml @@ -0,0 +1,67 @@ +# Copyright © 2020 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: batch/v1 +kind: Job +metadata: + name: tekton-hub-db-migration + labels: + app: tekton-hub-db +spec: + template: + spec: + securityContext: + fsGroup: 65532 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + containers: + - name: tekton-hub-db-migration + image: quay.io/tekton-hub/db-migration:v1.18.0 + securityContext: + allowPrivilegeEscalation: false + runAsUser: 65532 + capabilities: + drop: + - ALL + env: + - name: POSTGRES_HOST + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_HOST + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_PORT + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_DB + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_USER + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_PASSWORD + restartPolicy: Never + backoffLimit: 3 + +--- diff --git a/cmd/openshift/operator/kodata/tekton-hub/v1.18.0/db/db.yaml b/cmd/openshift/operator/kodata/tekton-hub/v1.18.0/db/db.yaml new file mode 100644 index 0000000000..3adb610ec9 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-hub/v1.18.0/db/db.yaml @@ -0,0 +1,204 @@ +# Copyright © 2020 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Namespace +metadata: + name: tekton-hub +spec: {} + +--- +# Copyright © 2020 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: tekton-hub-db + labels: + app: tekton-hub-db +type: Opaque +stringData: + POSTGRES_HOST: tekton-hub-db + POSTGRES_DB: hub + POSTGRES_USER: postgres + POSTGRES_PASSWORD: postgres + POSTGRES_PORT: "5432" + +--- +# Copyright © 2020 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: tekton-hub-db + labels: + app: tekton-hub-db +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + +--- +# Copyright © 2020 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-hub-db + labels: + app: tekton-hub-db +spec: + replicas: 1 + selector: + matchLabels: + app: tekton-hub-db + template: + metadata: + labels: + app: tekton-hub-db + spec: + securityContext: + fsGroup: 65532 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + containers: + - name: tekton-hub-db + image: postgres:13 + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 500m + memory: 500Mi + imagePullPolicy: IfNotPresent + ports: + - containerPort: 5432 + protocol: TCP + securityContext: + allowPrivilegeEscalation: false + runAsUser: 65532 + capabilities: + drop: + - ALL + env: + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_DB + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_USER + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_PASSWORD + - name: PGDATA + value: /var/lib/postgresql/data/pgdata + volumeMounts: + - name: tekton-hub-db + mountPath: /var/lib/postgresql/data + readinessProbe: + exec: + command: [bash, -c, "psql -w -U ${POSTGRES_USER} -d ${POSTGRES_DB} -c 'SELECT 1'"] + initialDelaySeconds: 15 + timeoutSeconds: 2 + periodSeconds: 15 + livenessProbe: + exec: + command: [bash, -c, "psql -w -U ${POSTGRES_USER} -d ${POSTGRES_DB} -c 'SELECT 1'"] + initialDelaySeconds: 45 + timeoutSeconds: 2 + periodSeconds: 15 + volumes: + - name: tekton-hub-db + persistentVolumeClaim: + claimName: tekton-hub-db + restartPolicy: Always + +--- +# Copyright © 2020 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: tekton-hub-db + labels: + app: tekton-hub-db +spec: + type: ClusterIP + selector: + app: tekton-hub-db + ports: + - name: postgresql + port: 5432 + protocol: TCP + targetPort: 5432 + +--- diff --git a/cmd/openshift/operator/kodata/tekton-hub/v1.18.0/hub-info/hub-info.yaml b/cmd/openshift/operator/kodata/tekton-hub/v1.18.0/hub-info/hub-info.yaml new file mode 100644 index 0000000000..07bc7513c5 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-hub/v1.18.0/hub-info/hub-info.yaml @@ -0,0 +1,74 @@ +# Copyright 2024 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: hub-info + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-hub +data: + version: v1.18.0 + +--- +# Copyright 2024 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: tekton-hub-info + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-hub +rules: + # All system:authenticated users need to have access + # to the hub-info ConfigMap even if they don't + # have access to other resources present in the + # installed namespace + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["hub-info"] + verbs: ["get"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-hub-info + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-hub +subjects: + # Giving all system:authenticated users the access to the + # ConfigMap which contains version information + - kind: Group + name: system:authenticated + apiGroup: rbac.authorization.k8s.io +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: tekton-hub-info + +--- diff --git a/cmd/openshift/operator/kodata/tekton-hub/v1.18.0/ui/ui.yaml b/cmd/openshift/operator/kodata/tekton-hub/v1.18.0/ui/ui.yaml new file mode 100644 index 0000000000..8a6df1f1b7 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-hub/v1.18.0/ui/ui.yaml @@ -0,0 +1,133 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: tekton-hub-ui +data: + API_URL: 'https://api.hub.tekton.dev' + API_VERSION: '' + AUTH_BASE_URL: '' + REDIRECT_URI: '' + CUSTOM_LOGO_MEDIA_TYPE: 'image/png' + CUSTOM_LOGO_BASE64_DATA: '' + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-hub-ui + labels: + app: tekton-hub-ui +spec: + selector: + matchLabels: + app: tekton-hub-ui + template: + metadata: + name: tekton-hub-ui + labels: + app: tekton-hub-ui + spec: + securityContext: + fsGroup: 65532 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + containers: + - name: tekton-hub-ui + image: quay.io/tekton-hub/ui:v1.18.0 + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 500m + memory: 500Mi + securityContext: + allowPrivilegeEscalation: false + runAsUser: 65532 + capabilities: + drop: + - ALL + env: + - name: API_URL + valueFrom: + configMapKeyRef: + name: tekton-hub-ui + key: API_URL + - name: API_VERSION + valueFrom: + configMapKeyRef: + name: tekton-hub-ui + key: API_VERSION + - name: AUTH_BASE_URL + valueFrom: + configMapKeyRef: + name: tekton-hub-ui + key: AUTH_BASE_URL + - name: REDIRECT_URI + valueFrom: + configMapKeyRef: + name: tekton-hub-ui + key: REDIRECT_URI + - name: CUSTOM_LOGO_MEDIA_TYPE + valueFrom: + configMapKeyRef: + name: tekton-hub-ui + key: CUSTOM_LOGO_MEDIA_TYPE + - name: CUSTOM_LOGO_BASE64_DATA + valueFrom: + configMapKeyRef: + name: tekton-hub-ui + key: CUSTOM_LOGO_BASE64_DATA + ports: + - containerPort: 8080 + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: / + port: 8080 + scheme: HTTP + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + httpGet: + path: / + port: 8080 + scheme: HTTP + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 1 + +--- +apiVersion: v1 +kind: Service +metadata: + name: tekton-hub-ui + labels: + app: tekton-hub-ui +spec: + type: NodePort + selector: + app: tekton-hub-ui + ports: + - port: 8080 + targetPort: 8080 + protocol: TCP + +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: tekton-hub-ui +spec: + to: + kind: Service + name: tekton-hub-ui + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + +--- diff --git a/cmd/openshift/operator/kodata/tekton-hub/v1.19.0/api/api.yaml b/cmd/openshift/operator/kodata/tekton-hub/v1.19.0/api/api.yaml new file mode 100644 index 0000000000..5dc0753c66 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-hub/v1.19.0/api/api.yaml @@ -0,0 +1,401 @@ +# Copyright © 2022 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: tekton-hub-api + labels: + app: tekton-hub-api +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + +--- +apiVersion: v1 +kind: Secret +metadata: + name: tekton-hub-api +type: Opaque +stringData: + GH_CLIENT_ID: '' + GH_CLIENT_SECRET: '' + GHE_URL: '' + GL_CLIENT_ID: '' + GL_CLIENT_SECRET: '' + GLE_URL: '' + BB_CLIENT_ID: '' + BB_CLIENT_SECRET: '' + JWT_SIGNING_KEY: '' + ACCESS_JWT_EXPIRES_IN: '' + REFRESH_JWT_EXPIRES_IN: '' + AUTH_BASE_URL: '' + +--- +# Copyright © 2020 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http:www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: tekton-hub-api + labels: + app: tekton-hub-api +data: + CATEGORIES: | + - Automation + - Build Tools + - CLI + - Cloud + - Code Quality + - Continuous Integration + - Deployment + - Developer Tools + - Image Build + - Integration & Delivery + - Git + - Kubernetes + - Messaging + - Monitoring + - Networking + - Openshift + - Publishing + - Security + - Storage + - Testing + CATALOGS: | + - name: tekton + org: tektoncd + type: community + provider: github + url: https://github.com/tektoncd/catalog + revision: main + SCOPES: | + - name: agent:create + users: [vinamra28, piyush-garg, pratap0007, puneetpunamiya, sm43, sthaha, vdemeester] + - name: catalog:refresh + users: [vinamra28, piyush-garg, pratap0007, puneetpunamiya, sm43, sthaha, vdemeester] + - name: config:refresh + users: [vinamra28, piyush-garg, pratap0007, puneetpunamiya, sm43, sthaha, vdemeester] + DEFAULT: | + scopes: + - rating:read + - rating:write + CATALOG_REFRESH_INTERVAL: 30m + +--- +# Copyright © 2020 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-hub-api + labels: + app: tekton-hub-api +spec: + selector: + matchLabels: + app: tekton-hub-api + replicas: 1 + template: + metadata: + labels: + app: tekton-hub-api + spec: + volumes: + - name: catalog-source + persistentVolumeClaim: + claimName: tekton-hub-api + - name: tekton-hub-config + configMap: + name: tekton-hub-api + items: + - key: CATEGORIES + path: 'categories' + - key: CATALOGS + path: 'catalogs' + - key: SCOPES + path: 'scopes' + - key: CATALOG_REFRESH_INTERVAL + path: 'catalog_refresh_interval' + - key: DEFAULT + path: 'default' + - name: ssh-creds + secret: + secretName: tekton-hub-api-ssh-crds + optional: true + securityContext: + fsGroup: 65532 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + containers: + - name: tekton-hub-api + image: quay.io/tekton-hub/api:v1.19.0 + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 500m + memory: 500Mi + volumeMounts: + - name: catalog-source + mountPath: '/tmp/catalog' + - name: ssh-creds + mountPath: '/home/hub/.ssh' + - name: tekton-hub-config + mountPath: '/tmp/config' + ports: + - containerPort: 8000 + - containerPort: 4200 + readinessProbe: + failureThreshold: 3 + httpGet: + path: / + port: 8000 + scheme: HTTP + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + httpGet: + path: / + port: 8000 + scheme: HTTP + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 1 + securityContext: + allowPrivilegeEscalation: false + runAsUser: 65532 + capabilities: + drop: + - ALL + env: + - name: HOME + value: /home/hub + - name: POSTGRES_HOST + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_HOST + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_PORT + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_DB + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_USER + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_PASSWORD + - name: CATALOG_REFRESH_INTERVAL + valueFrom: + configMapKeyRef: + name: tekton-hub-api + key: CATALOG_REFRESH_INTERVAL + - name: GH_CLIENT_ID + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: GH_CLIENT_ID + - name: GH_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: GH_CLIENT_SECRET + - name: GHE_URL + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: GHE_URL + - name: GL_CLIENT_ID + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: GL_CLIENT_ID + - name: GL_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: GL_CLIENT_SECRET + - name: GLE_URL + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: GLE_URL + - name: BB_CLIENT_ID + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: BB_CLIENT_ID + - name: BB_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: BB_CLIENT_SECRET + - name: JWT_SIGNING_KEY + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: JWT_SIGNING_KEY + - name: ACCESS_JWT_EXPIRES_IN + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: ACCESS_JWT_EXPIRES_IN + - name: REFRESH_JWT_EXPIRES_IN + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: REFRESH_JWT_EXPIRES_IN + - name: AUTH_BASE_URL + valueFrom: + secretKeyRef: + name: tekton-hub-api + key: AUTH_BASE_URL + +--- +# Copyright © 2020 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Service +metadata: + name: tekton-hub-api + labels: + app: tekton-hub-api +spec: + selector: + app: tekton-hub-api + ports: + - name: tekton-hub-api + port: 8000 + targetPort: 8000 + - name: tekton-hub-auth + port: 4200 + targetPort: 4200 + type: NodePort + +--- +# Copyright © 2020 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: tekton-hub-api + labels: + app: tekton-hub-api +spec: + port: + targetPort: 8000 + to: + kind: Service + name: tekton-hub-api + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + +--- +# Copyright © 2022 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: tekton-hub-auth + labels: + app: tekton-hub-api +spec: + port: + targetPort: 4200 + to: + kind: Service + name: tekton-hub-api + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + +--- diff --git a/cmd/openshift/operator/kodata/tekton-hub/v1.19.0/db-migration/db-migration.yaml b/cmd/openshift/operator/kodata/tekton-hub/v1.19.0/db-migration/db-migration.yaml new file mode 100644 index 0000000000..e894dbe04c --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-hub/v1.19.0/db-migration/db-migration.yaml @@ -0,0 +1,67 @@ +# Copyright © 2020 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: batch/v1 +kind: Job +metadata: + name: tekton-hub-db-migration + labels: + app: tekton-hub-db +spec: + template: + spec: + securityContext: + fsGroup: 65532 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + containers: + - name: tekton-hub-db-migration + image: quay.io/tekton-hub/db-migration:v1.19.0 + securityContext: + allowPrivilegeEscalation: false + runAsUser: 65532 + capabilities: + drop: + - ALL + env: + - name: POSTGRES_HOST + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_HOST + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_PORT + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_DB + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_USER + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_PASSWORD + restartPolicy: Never + backoffLimit: 3 + +--- diff --git a/cmd/openshift/operator/kodata/tekton-hub/v1.19.0/db/db.yaml b/cmd/openshift/operator/kodata/tekton-hub/v1.19.0/db/db.yaml new file mode 100644 index 0000000000..3adb610ec9 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-hub/v1.19.0/db/db.yaml @@ -0,0 +1,204 @@ +# Copyright © 2020 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Namespace +metadata: + name: tekton-hub +spec: {} + +--- +# Copyright © 2020 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: tekton-hub-db + labels: + app: tekton-hub-db +type: Opaque +stringData: + POSTGRES_HOST: tekton-hub-db + POSTGRES_DB: hub + POSTGRES_USER: postgres + POSTGRES_PASSWORD: postgres + POSTGRES_PORT: "5432" + +--- +# Copyright © 2020 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: tekton-hub-db + labels: + app: tekton-hub-db +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + +--- +# Copyright © 2020 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-hub-db + labels: + app: tekton-hub-db +spec: + replicas: 1 + selector: + matchLabels: + app: tekton-hub-db + template: + metadata: + labels: + app: tekton-hub-db + spec: + securityContext: + fsGroup: 65532 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + containers: + - name: tekton-hub-db + image: postgres:13 + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 500m + memory: 500Mi + imagePullPolicy: IfNotPresent + ports: + - containerPort: 5432 + protocol: TCP + securityContext: + allowPrivilegeEscalation: false + runAsUser: 65532 + capabilities: + drop: + - ALL + env: + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_DB + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_USER + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: tekton-hub-db + key: POSTGRES_PASSWORD + - name: PGDATA + value: /var/lib/postgresql/data/pgdata + volumeMounts: + - name: tekton-hub-db + mountPath: /var/lib/postgresql/data + readinessProbe: + exec: + command: [bash, -c, "psql -w -U ${POSTGRES_USER} -d ${POSTGRES_DB} -c 'SELECT 1'"] + initialDelaySeconds: 15 + timeoutSeconds: 2 + periodSeconds: 15 + livenessProbe: + exec: + command: [bash, -c, "psql -w -U ${POSTGRES_USER} -d ${POSTGRES_DB} -c 'SELECT 1'"] + initialDelaySeconds: 45 + timeoutSeconds: 2 + periodSeconds: 15 + volumes: + - name: tekton-hub-db + persistentVolumeClaim: + claimName: tekton-hub-db + restartPolicy: Always + +--- +# Copyright © 2020 The Tekton Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: tekton-hub-db + labels: + app: tekton-hub-db +spec: + type: ClusterIP + selector: + app: tekton-hub-db + ports: + - name: postgresql + port: 5432 + protocol: TCP + targetPort: 5432 + +--- diff --git a/cmd/openshift/operator/kodata/tekton-hub/v1.19.0/hub-info/hub-info.yaml b/cmd/openshift/operator/kodata/tekton-hub/v1.19.0/hub-info/hub-info.yaml new file mode 100644 index 0000000000..80d52a9840 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-hub/v1.19.0/hub-info/hub-info.yaml @@ -0,0 +1,74 @@ +# Copyright 2024 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: hub-info + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-hub +data: + version: v1.19.0 + +--- +# Copyright 2024 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: tekton-hub-info + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-hub +rules: + # All system:authenticated users need to have access + # to the hub-info ConfigMap even if they don't + # have access to other resources present in the + # installed namespace + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["hub-info"] + verbs: ["get"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-hub-info + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-hub +subjects: + # Giving all system:authenticated users the access to the + # ConfigMap which contains version information + - kind: Group + name: system:authenticated + apiGroup: rbac.authorization.k8s.io +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: tekton-hub-info + +--- diff --git a/cmd/openshift/operator/kodata/tekton-hub/v1.19.0/ui/ui.yaml b/cmd/openshift/operator/kodata/tekton-hub/v1.19.0/ui/ui.yaml new file mode 100644 index 0000000000..1111aa7395 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-hub/v1.19.0/ui/ui.yaml @@ -0,0 +1,133 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: tekton-hub-ui +data: + API_URL: 'https://api.hub.tekton.dev' + API_VERSION: '' + AUTH_BASE_URL: '' + REDIRECT_URI: '' + CUSTOM_LOGO_MEDIA_TYPE: 'image/png' + CUSTOM_LOGO_BASE64_DATA: '' + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-hub-ui + labels: + app: tekton-hub-ui +spec: + selector: + matchLabels: + app: tekton-hub-ui + template: + metadata: + name: tekton-hub-ui + labels: + app: tekton-hub-ui + spec: + securityContext: + fsGroup: 65532 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + containers: + - name: tekton-hub-ui + image: quay.io/tekton-hub/ui:v1.19.0 + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 500m + memory: 500Mi + securityContext: + allowPrivilegeEscalation: false + runAsUser: 65532 + capabilities: + drop: + - ALL + env: + - name: API_URL + valueFrom: + configMapKeyRef: + name: tekton-hub-ui + key: API_URL + - name: API_VERSION + valueFrom: + configMapKeyRef: + name: tekton-hub-ui + key: API_VERSION + - name: AUTH_BASE_URL + valueFrom: + configMapKeyRef: + name: tekton-hub-ui + key: AUTH_BASE_URL + - name: REDIRECT_URI + valueFrom: + configMapKeyRef: + name: tekton-hub-ui + key: REDIRECT_URI + - name: CUSTOM_LOGO_MEDIA_TYPE + valueFrom: + configMapKeyRef: + name: tekton-hub-ui + key: CUSTOM_LOGO_MEDIA_TYPE + - name: CUSTOM_LOGO_BASE64_DATA + valueFrom: + configMapKeyRef: + name: tekton-hub-ui + key: CUSTOM_LOGO_BASE64_DATA + ports: + - containerPort: 8080 + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: / + port: 8080 + scheme: HTTP + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + httpGet: + path: / + port: 8080 + scheme: HTTP + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 1 + +--- +apiVersion: v1 +kind: Service +metadata: + name: tekton-hub-ui + labels: + app: tekton-hub-ui +spec: + type: NodePort + selector: + app: tekton-hub-ui + ports: + - port: 8080 + targetPort: 8080 + protocol: TCP + +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: tekton-hub-ui +spec: + to: + kind: Service + name: tekton-hub-ui + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + +--- diff --git a/cmd/openshift/operator/kodata/tekton-pipeline/0.65.2/00-pipelines.yaml b/cmd/openshift/operator/kodata/tekton-pipeline/0.65.2/00-pipelines.yaml new file mode 100644 index 0000000000..c683023890 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-pipeline/0.65.2/00-pipelines.yaml @@ -0,0 +1,3572 @@ +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Namespace +metadata: + name: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pod-security.kubernetes.io/enforce: restricted + +--- +# Copyright 2020-2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-controller-cluster-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + - apiGroups: [""] + # Controller needs to watch Pods created by TaskRuns to see them progress. + resources: ["pods"] + verbs: ["list", "watch"] + - apiGroups: [""] + # Controller needs to get the list of cordoned nodes over the course of a single run + resources: ["nodes"] + verbs: ["list"] + # Controller needs cluster access to all of the CRDs that it is responsible for + # managing. + - apiGroups: ["tekton.dev"] + resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "customruns", "stepactions"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["verificationpolicies"] + verbs: ["get", "list", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["taskruns/finalizers", "pipelineruns/finalizers", "customruns/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status", "pipelineruns/status", "customruns/status", "verificationpolicies/status", "stepactions/status"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + # resolution.tekton.dev + - apiGroups: ["resolution.tekton.dev"] + resources: ["resolutionrequests", "resolutionrequests/status"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + # This is the access that the controller needs on a per-namespace basis. + name: tekton-pipelines-controller-tenant-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + # Read-write access to create Pods and PVCs (for Workspaces) + - apiGroups: [""] + resources: ["pods", "persistentvolumeclaims"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + # Write permissions to publish events. + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "update", "patch"] + # Read-only access to these. + - apiGroups: [""] + resources: ["configmaps", "limitranges", "secrets", "serviceaccounts"] + verbs: ["get", "list", "watch"] + # Read-write access to StatefulSets for Affinity Assistant. + - apiGroups: ["apps"] + resources: ["statefulsets"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-webhook-cluster-access + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + # The webhook needs to be able to get and update customresourcedefinitions, + # mainly to update the webhook certificates. + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions", "customresourcedefinitions/status"] + verbs: ["get", "update", "patch"] + resourceNames: + - pipelines.tekton.dev + - pipelineruns.tekton.dev + - tasks.tekton.dev + - clustertasks.tekton.dev + - taskruns.tekton.dev + - resolutionrequests.resolution.tekton.dev + - customruns.tekton.dev + - verificationpolicies.tekton.dev + - stepactions.tekton.dev + # knative.dev/pkg needs list/watch permissions to set up informers for the webhook. + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["list", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + # The webhook performs a reconciliation on these two resources and continuously + # updates configuration. + resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] + # knative starts informers on these things, which is why we need get, list and watch. + verbs: ["list", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations"] + # This mutating webhook is responsible for applying defaults to tekton objects + # as they are received. + resourceNames: ["webhook.pipeline.tekton.dev"] + # When there are changes to the configs or secrets, knative updates the mutatingwebhook config + # with the updated certificates or the refreshed set of rules. + verbs: ["get", "update", "delete"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + # validation.webhook.pipeline.tekton.dev performs schema validation when you, for example, create TaskRuns. + # config.webhook.pipeline.tekton.dev validates the logging configuration against knative's logging structure + resourceNames: ["validation.webhook.pipeline.tekton.dev", "config.webhook.pipeline.tekton.dev"] + # When there are changes to the configs or secrets, knative updates the validatingwebhook config + # with the updated certificates or the refreshed set of rules. + verbs: ["get", "update", "delete"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get"] + # The webhook configured the namespace as the OwnerRef on various cluster-scoped resources, + # which requires we can Get the system namespace. + resourceNames: ["tekton-pipelines"] + - apiGroups: [""] + resources: ["namespaces/finalizers"] + verbs: ["update"] + # The webhook configured the namespace as the OwnerRef on various cluster-scoped resources, + # which requires we can update the system namespace finalizers. + resourceNames: ["tekton-pipelines"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-events-controller-cluster-access + labels: + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + - apiGroups: ["tekton.dev"] + resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "customruns"] + verbs: ["get", "list", "watch"] + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["list", "watch"] + # The controller needs access to these configmaps for logging information and runtime configuration. + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + resourceNames: ["config-logging", "config-observability", "feature-flags", "config-leader-election-controller", "config-registry-cert"] +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["list", "watch"] + # The webhook needs access to these configmaps for logging information. + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + resourceNames: ["config-logging", "config-observability", "config-leader-election-webhook", "feature-flags"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["list", "watch"] + # The webhook daemon makes a reconciliation loop on webhook-certs. Whenever + # the secret changes it updates the webhook configurations with the certificates + # stored in the secret. + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "update"] + resourceNames: ["webhook-certs"] +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-events-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["list", "watch"] + # The controller needs access to these configmaps for logging information and runtime configuration. + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + resourceNames: ["config-logging", "config-observability", "feature-flags", "config-leader-election-events", "config-registry-cert"] +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-leader-election + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + # We uses leases for leaderelection + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: tekton-pipelines-info + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + # All system:authenticated users needs to have access + # of the pipelines-info ConfigMap even if they don't + # have access to the other resources present in the + # installed namespace. + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["pipelines-info"] + verbs: ["get"] + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-pipelines-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-events-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelines-controller-cluster-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-controller + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-pipelines-controller-cluster-access + apiGroup: rbac.authorization.k8s.io +--- +# If this ClusterRoleBinding is replaced with a RoleBinding +# then the ClusterRole would be namespaced. The access described by +# the tekton-pipelines-controller-tenant-access ClusterRole would +# be scoped to individual tenant namespaces. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelines-controller-tenant-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-controller + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-pipelines-controller-tenant-access + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelines-webhook-cluster-access + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-webhook + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-pipelines-webhook-cluster-access + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-events-controller-cluster-access + labels: + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-events-controller + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-events-controller-cluster-access + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-pipelines-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-controller + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-pipelines-controller + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-webhook + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-pipelines-webhook + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-pipelines-controller-leaderelection + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-controller + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-pipelines-leader-election + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-pipelines-webhook-leaderelection + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-webhook + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-pipelines-leader-election + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-pipelines-info + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + # Giving all system:authenticated users the access of the + # ConfigMap which contains version information. + - kind: Group + name: system:authenticated + apiGroup: rbac.authorization.k8s.io +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: tekton-pipelines-info +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-pipelines-events-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-events-controller + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-pipelines-events-controller + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-events-controller-leaderelection + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-events-controller + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-pipelines-leader-election + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clustertasks.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.65.2" + version: "v0.65.2" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: ClusterTask + plural: clustertasks + singular: clustertask + categories: + - tekton + - tekton-pipelines + scope: Cluster + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: customruns.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.65.2" + version: "v0.65.2" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: CustomRun + plural: customruns + singular: customrun + categories: + - tekton + - tekton-pipelines + scope: Namespaced + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: pipelines.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.65.2" + version: "v0.65.2" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - name: v1beta1 + served: true + storage: false + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # OpenAPIV3 schema allows Kubernetes to perform validation on the schema fields + # and use the schema in tooling such as `kubectl explain`. + # Using "x-kubernetes-preserve-unknown-fields: true" + # at the root of the schema (or within it) allows arbitrary fields. + # We currently perform our own validation separately. + # See https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#specifying-a-structural-schema + # for more info. + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: Pipeline + plural: pipelines + singular: pipeline + categories: + - tekton + - tekton-pipelines + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1beta1", "v1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: pipelineruns.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.65.2" + version: "v0.65.2" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - name: v1beta1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: PipelineRun + plural: pipelineruns + singular: pipelinerun + categories: + - tekton + - tekton-pipelines + shortNames: + - pr + - prs + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1beta1", "v1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: resolutionrequests.resolution.tekton.dev + labels: + resolution.tekton.dev/release: devel +spec: + group: resolution.tekton.dev + scope: Namespaced + names: + kind: ResolutionRequest + plural: resolutionrequests + singular: resolutionrequest + categories: + - tekton + - tekton-pipelines + shortNames: + - resolutionrequest + - resolutionrequests + versions: + - name: v1alpha1 + served: true + deprecated: true + storage: false + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type=='Succeeded')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Succeeded')].reason" + - name: v1beta1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: OwnerKind + type: string + jsonPath: ".metadata.ownerReferences[0].kind" + - name: Owner + type: string + jsonPath: ".metadata.ownerReferences[0].name" + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type=='Succeeded')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Succeeded')].reason" + - name: StartTime + type: string + jsonPath: .metadata.creationTimestamp + - name: EndTime + type: string + jsonPath: .status.conditions[?(@.type=='Succeeded')].lastTransitionTime + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1alpha1", "v1beta1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + +--- +# Copyright 2023 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: stepactions.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.65.2" + version: "v0.65.2" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: StepAction + plural: stepactions + singular: stepaction + categories: + - tekton + - tekton-pipelines + scope: Namespaced + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: tasks.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.65.2" + version: "v0.65.2" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - name: v1beta1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # TODO(#1461): Add OpenAPIV3 schema + # OpenAPIV3 schema allows Kubernetes to perform validation on the schema fields + # and use the schema in tooling such as `kubectl explain`. + # Using "x-kubernetes-preserve-unknown-fields: true" + # at the root of the schema (or within it) allows arbitrary fields. + # We currently perform our own validation separately. + # See https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#specifying-a-structural-schema + # for more info. + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: Task + plural: tasks + singular: task + categories: + - tekton + - tekton-pipelines + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1beta1", "v1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: taskruns.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.65.2" + version: "v0.65.2" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - name: v1beta1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: TaskRun + plural: taskruns + singular: taskrun + categories: + - tekton + - tekton-pipelines + shortNames: + - tr + - trs + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1beta1", "v1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: verificationpolicies.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.65.2" + version: "v0.65.2" +spec: + group: tekton.dev + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + names: + kind: VerificationPolicy + plural: verificationpolicies + singular: verificationpolicy + categories: + - tekton + - tekton-pipelines + scope: Namespaced + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: webhook-certs + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.65.2" +# The data is populated at install time. +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.webhook.pipeline.tekton.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.65.2" +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: validation.webhook.pipeline.tekton.dev +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: webhook.pipeline.tekton.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.65.2" +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: webhook.pipeline.tekton.dev +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: config.webhook.pipeline.tekton.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.65.2" +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: config.webhook.pipeline.tekton.dev + objectSelector: + matchLabels: + app.kubernetes.io/part-of: tekton-pipelines + +--- +# Copyright 2019-2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-aggregate-edit + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - tekton.dev + resources: + - tasks + - taskruns + - pipelines + - pipelineruns + - runs + - customruns + - stepactions + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + +--- +# Copyright 2019-2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-aggregate-view + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: + - apiGroups: + - tekton.dev + resources: + - tasks + - taskruns + - pipelines + - pipelineruns + - runs + - customruns + - stepactions + verbs: + - get + - list + - watch + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-defaults + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # default-timeout-minutes contains the default number of + # minutes to use for TaskRun and PipelineRun, if none is specified. + default-timeout-minutes: "60" # 60 minutes + + # default-service-account contains the default service account name + # to use for TaskRun and PipelineRun, if none is specified. + default-service-account: "default" + + # default-managed-by-label-value contains the default value given to the + # "app.kubernetes.io/managed-by" label applied to all Pods created for + # TaskRuns. If a user's requested TaskRun specifies another value for this + # label, the user's request supercedes. + default-managed-by-label-value: "tekton-pipelines" + + # default-pod-template contains the default pod template to use for + # TaskRun and PipelineRun. If a pod template is specified on the + # PipelineRun, the default-pod-template is merged with that one. + # default-pod-template: + + # default-affinity-assistant-pod-template contains the default pod template + # to use for affinity assistant pods. If a pod template is specified on the + # PipelineRun, the default-affinity-assistant-pod-template is merged with + # that one. + # default-affinity-assistant-pod-template: + + # default-cloud-events-sink contains the default CloudEvents sink to be + # used for TaskRun and PipelineRun, when no sink is specified. + # Note that right now it is still not possible to set a PipelineRun or + # TaskRun specific sink, so the default is the only option available. + # If no sink is specified, no CloudEvent is generated + # default-cloud-events-sink: + + # default-task-run-workspace-binding contains the default workspace + # configuration provided for any Workspaces that a Task declares + # but that a TaskRun does not explicitly provide. + # default-task-run-workspace-binding: | + # emptyDir: {} + + # default-max-matrix-combinations-count contains the default maximum number + # of combinations from a Matrix, if none is specified. + default-max-matrix-combinations-count: "256" + + # default-forbidden-env contains comma seperated environment variables that cannot be + # overridden by podTemplate. + default-forbidden-env: + + # default-resolver-type contains the default resolver type to be used in the cluster, + # no default-resolver-type is specified by default + default-resolver-type: + + # default-imagepullbackoff-timeout contains the default duration to wait + # before requeuing the TaskRun to retry, specifying 0 here is equivalent to fail fast + # possible values could be 1m, 5m, 10s, 1h, etc + # default-imagepullbackoff-timeout: "5m" + + # default-container-resource-requirements allow users to update default resource requirements + # to a init-containers and containers of a pods create by the controller + # Onet: All the resource requirements are applied to init-containers and containers + # only if the existing resource requirements are empty. + # default-container-resource-requirements: | + # place-scripts: # updates resource requirements of a 'place-scripts' container + # requests: + # memory: "64Mi" + # cpu: "250m" + # limits: + # memory: "128Mi" + # cpu: "500m" + # + # prepare: # updates resource requirements of a 'prepare' container + # requests: + # memory: "64Mi" + # cpu: "250m" + # limits: + # memory: "256Mi" + # cpu: "500m" + # + # working-dir-initializer: # updates resource requirements of a 'working-dir-initializer' container + # requests: + # memory: "64Mi" + # cpu: "250m" + # limits: + # memory: "512Mi" + # cpu: "500m" + # + # prefix-scripts: # updates resource requirements of containers which starts with 'scripts-' + # requests: + # memory: "64Mi" + # cpu: "250m" + # limits: + # memory: "128Mi" + # cpu: "500m" + # + # prefix-sidecar-scripts: # updates resource requirements of containers which starts with 'sidecar-scripts-' + # requests: + # memory: "64Mi" + # cpu: "250m" + # limits: + # memory: "128Mi" + # cpu: "500m" + # + # default: # updates resource requirements of init-containers and containers which has empty resource resource requirements + # requests: + # memory: "64Mi" + # cpu: "250m" + # limits: + # memory: "256Mi" + # cpu: "500m" + +--- +# Copyright 2023 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-events + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # formats contains a comma seperated list of event formats to be used + # the only format supported today is "tektonv1". An empty string is not + # a valid configuration. To disable events, do not specify the sink. + formats: "tektonv1" + + # sink contains the event sink to be used for TaskRun, PipelineRun and + # CustomRun. If no sink is specified, no CloudEvent is generated. + # This setting supercedes the "default-cloud-events-sink" from the + # "config-defaults" config map + sink: "https://events.sink/cdevents" + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: feature-flags + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # Setting this flag to "true" will prevent Tekton to create an + # Affinity Assistant for every TaskRun sharing a PVC workspace + # + # The default behaviour is for Tekton to create Affinity Assistants + # + # See more in the Affinity Assistant documentation + # https://github.com/tektoncd/pipeline/blob/main/docs/affinityassistants.md + # or https://github.com/tektoncd/pipeline/pull/2630 for more info. + # + # Note: This feature flag is deprecated and will be removed in release v0.60. Consider using `coschedule` feature flag to configure Affinity Assistant behavior. + disable-affinity-assistant: "false" + # Setting this flag will determine how PipelineRun Pods are scheduled with Affinity Assistant. + # Acceptable values are "workspaces" (default), "pipelineruns", "isolate-pipelinerun", or "disabled". + # + # Setting it to "workspaces" will schedule all the taskruns sharing the same PVC-based workspace in a pipelinerun to the same node. + # Setting it to "pipelineruns" will schedule all the taskruns in a pipelinerun to the same node. + # Setting it to "isolate-pipelinerun" will schedule all the taskruns in a pipelinerun to the same node, + # and only allows one pipelinerun to run on a node at a time. + # Setting it to "disabled" will not apply any coschedule policy. + # + # See more in the Affinity Assistant documentation + # https://github.com/tektoncd/pipeline/blob/main/docs/affinityassistants.md + coschedule: "workspaces" + # Setting this flag to "true" will prevent Tekton scanning attached + # service accounts and injecting any credentials it finds into your + # Steps. + # + # The default behaviour currently is for Tekton to search service + # accounts for secrets matching a specified format and automatically + # mount those into your Steps. + # + # Note: setting this to "true" will prevent PipelineResources from + # working. + # + # See https://github.com/tektoncd/pipeline/issues/2791 for more + # info. + disable-creds-init: "false" + # Setting this flag to "false" will stop Tekton from waiting for a + # TaskRun's sidecar containers to be running before starting the first + # step. This will allow Tasks to be run in environments that don't + # support the DownwardAPI volume type, but may lead to unintended + # behaviour if sidecars are used. + # + # See https://github.com/tektoncd/pipeline/issues/4937 for more info. + await-sidecar-readiness: "true" + # This option should be set to false when Pipelines is running in a + # cluster that does not use injected sidecars such as Istio. Setting + # it to false should decrease the time it takes for a TaskRun to start + # running. For clusters that use injected sidecars, setting this + # option to false can lead to unexpected behavior. + # + # See https://github.com/tektoncd/pipeline/issues/2080 for more info. + running-in-environment-with-injected-sidecars: "true" + # Setting this flag to "true" will require that any Git SSH Secret + # offered to Tekton must have known_hosts included. + # + # See https://github.com/tektoncd/pipeline/issues/2981 for more + # info. + require-git-ssh-secret-known-hosts: "false" + # Setting this flag to "true" enables the use of Tekton OCI bundle. + # This is an experimental feature and thus should still be considered + # an alpha feature. + enable-tekton-oci-bundles: "false" + # Setting this flag will determine which gated features are enabled. + # Acceptable values are "stable", "beta", or "alpha". + enable-api-fields: "beta" + # Setting this flag to "true" enables CloudEvents for CustomRuns and Runs, as long as a + # CloudEvents sink is configured in the config-defaults config map + send-cloudevents-for-runs: "false" + # This flag affects the behavior of taskruns and pipelineruns in cases where no VerificationPolicies match them. + # If it is set to "fail", TaskRuns and PipelineRuns will fail verification if no matching policies are found. + # If it is set to "warn", TaskRuns and PipelineRuns will run to completion if no matching policies are found, and an error will be logged. + # If it is set to "ignore", TaskRuns and PipelineRuns will run to completion if no matching policies are found, and no error will be logged. + trusted-resources-verification-no-match-policy: "ignore" + # Setting this flag to "true" enables populating the "provenance" field in TaskRun + # and PipelineRun status. This field contains metadata about resources used + # in the TaskRun/PipelineRun such as the source from where a remote Task/Pipeline + # definition was fetched. + enable-provenance-in-status: "true" + # Setting this flag will determine how Tekton pipelines will handle non-falsifiable provenance. + # If set to "spire", then SPIRE will be used to ensure non-falsifiable provenance. + # If set to "none", then Tekton will not have non-falsifiable provenance. + # This is an experimental feature and thus should still be considered an alpha feature. + enforce-nonfalsifiability: "none" + # Setting this flag will determine how Tekton pipelines will handle extracting results from the task. + # Acceptable values are "termination-message" or "sidecar-logs". + # "sidecar-logs" is now a beta feature. + results-from: "termination-message" + # Setting this flag will determine the upper limit of each task result + # This flag is optional and only associated with the previous flag, results-from + # When results-from is set to "sidecar-logs", this flag can be used to configure the upper limit of a task result + # max-result-size: "4096" + # Setting this flag to "true" will limit privileges for containers injected by Tekton into TaskRuns. + # This allows TaskRuns to run in namespaces with "restricted" pod security standards. + # Not all Kubernetes implementations support this option. + set-security-context: "false" + # Setting this flag to "true" will keep pod on cancellation + # allowing examination of the logs on the pods from cancelled taskruns + keep-pod-on-cancel: "false" + # Setting this flag to "true" will enable the CEL evaluation in WhenExpression + enable-cel-in-whenexpression: "false" + # Setting this flag to "true" will enable the use of StepActions in Steps + # This feature is in preview mode and not implemented yet. Please check #7259 for updates. + enable-step-actions: "false" + # Setting this flag to "true" will enable the use of Artifacts in Steps + # This feature is in preview mode and not implemented yet. Please check #7693 for updates. + enable-artifacts: "false" + # Setting this flag to "true" will enable the built-in param input validation via param enum. + enable-param-enum: "false" + # Setting this flag to "pipeline,pipelinerun,taskrun" will prevent users from creating + # embedded spec Taskruns or Pipelineruns for Pipeline, Pipelinerun and taskrun + # respectively. We can specify "pipeline" to disable for Pipeline resource only. + # "pipelinerun" for Pipelinerun and "taskrun" for Taskrun. Or a combination of + # these. + disable-inline-spec: "" + # Setting this flag to "true" will enable the use of concise resolver syntax + enable-concise-resolver-syntax: "false" + # Setthing this flag to "true" will enable native Kubernetes Sidecar support + enable-kubernetes-sidecar: "false" + +--- +# Copyright 2021 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: pipelines-info + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # Contains pipelines version which can be queried by external + # tools such as CLI. Elevated permissions are already given to + # this ConfigMap such that even if we don't have access to + # other resources in the namespace we still can have access to + # this ConfigMap. + version: "v0.65.2" + +--- +# Copyright 2020 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-leader-election-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" + +--- +# Copyright 2023 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-leader-election-events + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" + +--- +# Copyright 2023 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-leader-election-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" + +--- +# Copyright 2019 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-logging + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + zap-logger-config: | + { + "level": "info", + "development": false, + "sampling": { + "initial": 100, + "thereafter": 100 + }, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "timestamp", + "levelKey": "severity", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "message", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "iso8601", + "durationEncoder": "", + "callerEncoder": "" + } + } + # Log level overrides + loglevel.controller: "info" + loglevel.webhook: "info" + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-observability + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # metrics.backend-destination field specifies the system metrics destination. + # It supports either prometheus (the default) or stackdriver. + # Note: Using Stackdriver will incur additional charges. + metrics.backend-destination: prometheus + + # metrics.stackdriver-project-id field specifies the Stackdriver project ID. This + # field is optional. When running on GCE, application default credentials will be + # used and metrics will be sent to the cluster's project if this field is + # not provided. + metrics.stackdriver-project-id: "" + + # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed + # to send metrics to Stackdriver using "global" resource type and custom + # metric type. Setting this flag to "true" could cause extra Stackdriver + # charge. If metrics.backend-destination is not Stackdriver, this is + # ignored. + metrics.allow-stackdriver-custom-metrics: "false" + metrics.taskrun.level: "task" + metrics.taskrun.duration-type: "histogram" + metrics.pipelinerun.level: "pipeline" + metrics.pipelinerun.duration-type: "histogram" + metrics.count.enable-reason: "false" + metrics.running-pipelinerun.level: "" + +--- +# Copyright 2020 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-registry-cert + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +# data: +# # Registry's self-signed certificate +# cert: | + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-spire + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # + # spire-trust-domain specifies the SPIRE trust domain to use. + # spire-trust-domain: "example.org" + # + # spire-socket-path specifies the SPIRE agent socket for SPIFFE workload API. + # spire-socket-path: "unix:///spiffe-workload-api/spire-agent.sock" + # + # spire-server-addr specifies the SPIRE server address for workload/node registration. + # spire-server-addr: "spire-server.spire.svc.cluster.local:8081" + # + # spire-node-alias-prefix specifies the SPIRE node alias prefix to use. + # spire-node-alias-prefix: "/tekton-node/" + +--- +# Copyright 2023 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-tracing + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # + # Enable sending traces to defined endpoint by setting this to true + enabled: "true" + # + # API endpoint to send the traces to + # (optional): The default value is given below + endpoint: "http://jaeger-collector.jaeger.svc.cluster.local:14268/api/traces" + # (optional) Name of the k8s secret which contains basic auth credentials + credentialsSecret: "jaeger-creds" + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-pipelines-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.65.2" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.65.2" + # labels below are related to istio and should not be used for resource lookup + version: "v0.65.2" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + template: + metadata: + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.65.2" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.65.2" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelines-controller + version: "v0.65.2" + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: NotIn + values: + - windows + serviceAccountName: tekton-pipelines-controller + containers: + - name: tekton-pipelines-controller + image: ghcr.io/tektoncd/pipeline/controller-10a3e32792f33651396d02b6855a6e36:v0.65.2@sha256:099747541c95d5806a37a51201fc600034dcddba3c14fac0760914b76b51a1f4 + args: [ + # These images are built on-demand by `ko resolve` and are replaced + # by image references by digest. + "-entrypoint-image", "ghcr.io/tektoncd/pipeline/entrypoint-bff0a22da108bc2f16c818c97641a296:v0.65.2@sha256:854bda25e588b84405a0693c7a4f5995fc62d8a3f32f277364e1bc8acd50b5c5", "-nop-image", "ghcr.io/tektoncd/pipeline/nop-8eac7c133edad5df719dc37b36b62482:v0.65.2@sha256:433028be86d6817ad7f24e988a2cd2facf09895cc13c0140e304db37220ed71e", "-sidecarlogresults-image", "ghcr.io/tektoncd/pipeline/sidecarlogresults-7501c6a20d741631510a448b48ab098f:v0.65.2@sha256:fb7900f99dcc25210c1cb2b9b38941e949a6cc2a1b66e93afb04f6622a1a04f9", "-workingdirinit-image", "ghcr.io/tektoncd/pipeline/workingdirinit-0c558922ec6a1b739e550e349f2d5fc1:v0.65.2@sha256:1d5cb618fb87149cb80f69f9388d8a76829bd9a12f0f6a476d3c7bf7aab00335", + # The shell image must allow root in order to create directories and copy files to PVCs. + # cgr.dev/chainguard/busybox as of April 14 2022 + # image shall not contains tag, so it will be supported on a runtime like cri-o + "-shell-image", "cgr.dev/chainguard/busybox@sha256:19f02276bf8dbdd62f069b922f10c65262cc34b710eea26ff928129a736be791", + # for script mode to work with windows we need a powershell image + # pinning to nanoserver tag as of July 15 2021 + "-shell-image-win", "mcr.microsoft.com/powershell:nanoserver@sha256:b6d5ff841b78bdf2dfed7550000fd4f3437385b8fa686ec0f010be24777654d6"] + volumeMounts: + - name: config-logging + mountPath: /etc/config-logging + - name: config-registry-cert + mountPath: /etc/config-registry-cert + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + # If you are changing these names, you will also need to update + # the controller's Role in 200-role.yaml to include the new + # values in the "configmaps" "get" rule. + - name: CONFIG_DEFAULTS_NAME + value: config-defaults + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: CONFIG_FEATURE_FLAGS_NAME + value: feature-flags + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election-controller + - name: CONFIG_SPIRE + value: config-spire + - name: SSL_CERT_FILE + value: /etc/config-registry-cert/cert + - name: SSL_CERT_DIR + value: /etc/ssl/certs + - name: METRICS_DOMAIN + value: tekton.dev/pipeline + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - "ALL" + # User 65532 is the nonroot user ID + runAsUser: 65532 + runAsGroup: 65532 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: probes + containerPort: 8080 + livenessProbe: + httpGet: + path: /health + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /readiness + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + volumes: + - name: config-logging + configMap: + name: config-logging + - name: config-registry-cert + configMap: + name: config-registry-cert +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.65.2" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.65.2" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelines-controller + version: "v0.65.2" + name: tekton-pipelines-controller + namespace: tekton-pipelines +spec: + ports: + - name: http-metrics + port: 9090 + protocol: TCP + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: probes + port: 8080 + selector: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + +--- +# Copyright 2023 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-events-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: events + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.65.2" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.65.2" + # labels below are related to istio and should not be used for resource lookup + version: "v0.65.2" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: events + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + template: + metadata: + labels: + app.kubernetes.io/name: events + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.65.2" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.65.2" + # labels below are related to istio and should not be used for resource lookup + app: tekton-events-controller + version: "v0.65.2" + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: NotIn + values: + - windows + serviceAccountName: tekton-events-controller + containers: + - name: tekton-events-controller + image: ghcr.io/tektoncd/pipeline/events-a9042f7efb0cbade2a868a1ee5ddd52c:v0.65.2@sha256:35d011c27209ec90277d70e7bd250377673f5b24c7b645e315ee8b4fe2a95725 + args: [] + volumeMounts: + - name: config-logging + mountPath: /etc/config-logging + - name: config-registry-cert + mountPath: /etc/config-registry-cert + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + # If you are changing these names, you will also need to update + # the controller's Role in 200-role.yaml to include the new + # values in the "configmaps" "get" rule. + - name: CONFIG_DEFAULTS_NAME + value: config-defaults + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election-events + - name: SSL_CERT_FILE + value: /etc/config-registry-cert/cert + - name: SSL_CERT_DIR + value: /etc/ssl/certs + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - "ALL" + # User 65532 is the nonroot user ID + runAsUser: 65532 + runAsGroup: 65532 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: probes + containerPort: 8080 + livenessProbe: + httpGet: + path: /health + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /readiness + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + volumes: + - name: config-logging + configMap: + name: config-logging + - name: config-registry-cert + configMap: + name: config-registry-cert +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: events + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.65.2" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.65.2" + # labels below are related to istio and should not be used for resource lookup + app: tekton-events-controller + version: "v0.65.2" + name: tekton-events-controller + namespace: tekton-pipelines +spec: + ports: + - name: http-metrics + port: 9090 + protocol: TCP + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: probes + port: 8080 + selector: + app.kubernetes.io/name: events + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Namespace +metadata: + name: tekton-pipelines-resolvers + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pod-security.kubernetes.io/enforce: restricted + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + # ClusterRole for resolvers to monitor and update resolutionrequests. + name: tekton-pipelines-resolvers-resolution-request-updates + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + - apiGroups: ["resolution.tekton.dev"] + resources: ["resolutionrequests", "resolutionrequests/status"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["tekton.dev"] + resources: ["tasks", "pipelines"] + verbs: ["get", "list"] + # Read-only access to these. + - apiGroups: [""] + resources: ["secrets", "serviceaccounts"] + verbs: ["get", "list", "watch"] + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-resolvers-namespace-rbac + namespace: tekton-pipelines-resolvers + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + # Needed to watch and load configuration and secret data. + - apiGroups: [""] + resources: ["configmaps", "secrets"] + verbs: ["get", "list", "update", "watch"] + # This is needed by leader election to run the controller in HA. + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-pipelines-resolvers + namespace: tekton-pipelines-resolvers + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + +--- +# Copyright 2021 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelines-resolvers + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-resolvers + namespace: tekton-pipelines-resolvers +roleRef: + kind: ClusterRole + name: tekton-pipelines-resolvers-resolution-request-updates + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2021 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-pipelines-resolvers-namespace-rbac + namespace: tekton-pipelines-resolvers + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-resolvers + namespace: tekton-pipelines-resolvers +roleRef: + kind: Role + name: tekton-pipelines-resolvers-namespace-rbac + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: bundleresolver-config + namespace: tekton-pipelines-resolvers + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # the default service account name to use for bundle requests. + default-service-account: "default" + # The default layer kind in the bundle image. + default-kind: "task" + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: cluster-resolver-config + namespace: tekton-pipelines-resolvers + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # The default kind to fetch. + default-kind: "task" + # The default namespace to look for resources in. + default-namespace: "" + # An optional comma-separated list of namespaces which the resolver is allowed to access. Defaults to empty, meaning all namespaces are allowed. + allowed-namespaces: "" + # An optional comma-separated list of namespaces which the resolver is blocked from accessing. Defaults to empty, meaning all namespaces are allowed. + blocked-namespaces: "" + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: resolvers-feature-flags + namespace: tekton-pipelines-resolvers + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # Setting this flag to "true" enables remote resolution of Tekton OCI bundles. + enable-bundles-resolver: "true" + # Setting this flag to "true" enables remote resolution of tasks and pipelines via the Tekton Hub. + enable-hub-resolver: "true" + # Setting this flag to "true" enables remote resolution of tasks and pipelines from Git repositories. + enable-git-resolver: "true" + # Setting this flag to "true" enables remote resolution of tasks and pipelines from other namespaces within the cluster. + enable-cluster-resolver: "true" + +--- +# Copyright 2020 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-leader-election-resolvers + namespace: tekton-pipelines-resolvers + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" + +--- +# Copyright 2019 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-logging + namespace: tekton-pipelines-resolvers + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + zap-logger-config: | + { + "level": "info", + "development": false, + "sampling": { + "initial": 100, + "thereafter": 100 + }, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "timestamp", + "levelKey": "severity", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "message", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "iso8601", + "durationEncoder": "", + "callerEncoder": "" + } + } + # Log level overrides + loglevel.controller: "info" + loglevel.webhook: "info" + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-observability + namespace: tekton-pipelines-resolvers + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # metrics.backend-destination field specifies the system metrics destination. + # It supports either prometheus (the default) or stackdriver. + # Note: Using stackdriver will incur additional charges + metrics.backend-destination: prometheus + + # metrics.request-metrics-backend-destination specifies the request metrics + # destination. If non-empty, it enables queue proxy to send request metrics. + # Currently supported values: prometheus, stackdriver. + metrics.request-metrics-backend-destination: prometheus + + # metrics.stackdriver-project-id field specifies the stackdriver project ID. This + # field is optional. When running on GCE, application default credentials will be + # used if this field is not provided. + metrics.stackdriver-project-id: "" + + # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to + # Stackdriver using "global" resource type and custom metric type if the + # metrics are not supported by "knative_revision" resource type. Setting this + # flag to "true" could cause extra Stackdriver charge. + # If metrics.backend-destination is not Stackdriver, this is ignored. + metrics.allow-stackdriver-custom-metrics: "false" + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: git-resolver-config + namespace: tekton-pipelines-resolvers + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # The maximum amount of time a single anonymous cloning resolution may take. + fetch-timeout: "1m" + # The git url to fetch the remote resource from when using anonymous cloning. + default-url: "https://github.com/tektoncd/catalog.git" + # The git revision to fetch the remote resource from with either anonymous cloning or the authenticated API. + default-revision: "main" + # The SCM type to use with the authenticated API. Can be github, gitlab, gitea, bitbucketserver, bitbucketcloud + scm-type: "github" + # The SCM server URL to use with the authenticated API. Not needed when using github.com, gitlab.com, or BitBucket Cloud + server-url: "" + # The Kubernetes secret containing the API token for the SCM provider. Required when using the authenticated API. + api-token-secret-name: "" + # The key in the API token secret containing the actual token. Required when using the authenticated API. + api-token-secret-key: "" + # The namespace containing the API token secret. Defaults to "default". + api-token-secret-namespace: "default" + # The default organization to look for repositories under when using the authenticated API, + # if not specified in the resolver parameters. Optional. + default-org: "" + +--- +# Copyright 2023 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: http-resolver-config + namespace: tekton-pipelines-resolvers + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # The maximum amount of time the http resolver will wait for a response from the server. + fetch-timeout: "1m" + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: hubresolver-config + namespace: tekton-pipelines-resolvers + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # the default Tekton Hub catalog from where to pull the resource. + default-tekton-hub-catalog: "Tekton" + # the default Artifact Hub Task catalog from where to pull the resource. + default-artifact-hub-task-catalog: "tekton-catalog-tasks" + # the default Artifact Hub Pipeline catalog from where to pull the resource. + default-artifact-hub-pipeline-catalog: "tekton-catalog-pipelines" + # the default layer kind in the hub image. + default-kind: "task" + # the default hub source to pull the resource from. + default-type: "artifact" + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-pipelines-remote-resolvers + namespace: tekton-pipelines-resolvers + labels: + app.kubernetes.io/name: resolvers + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.65.2" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.65.2" + # labels below are related to istio and should not be used for resource lookup + version: "v0.65.2" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: resolvers + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + template: + metadata: + labels: + app.kubernetes.io/name: resolvers + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.65.2" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.65.2" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelines-resolvers + version: "v0.65.2" + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: resolvers + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: tekton-pipelines-resolvers + containers: + - name: controller + image: ghcr.io/tektoncd/pipeline/resolvers-ff86b24f130c42b88983d3c13993056d:v0.65.2@sha256:02a8c277174284468d17be2f79fa7d1a2fb5abfcfb262e7fcd8fadebe64efd7c + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 1000m + memory: 4Gi + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + # This must match the value of the environment variable PROBES_PORT. + - name: probes + containerPort: 8080 + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + # If you are changing these names, you will also need to update + # the controller's Role in 200-role.yaml to include the new + # values in the "configmaps" "get" rule. + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: CONFIG_FEATURE_FLAGS_NAME + value: feature-flags + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election-resolvers + - name: METRICS_DOMAIN + value: tekton.dev/resolution + - name: PROBES_PORT + value: "8080" + # Override this env var to set a private hub api endpoint + - name: ARTIFACT_HUB_API + value: "https://artifacthub.io/" + - name: TEKTON_HUB_API + value: "https://api.hub.tekton.dev/" + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - "ALL" + seccompProfile: + type: RuntimeDefault + +--- +# Copyright 2023 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: resolvers + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.65.2" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.65.2" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelines-remote-resolvers + version: "v0.65.2" + name: tekton-pipelines-remote-resolvers + namespace: tekton-pipelines-resolvers +spec: + ports: + - name: http-metrics + port: 9090 + protocol: TCP + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: probes + port: 8080 + selector: + app.kubernetes.io/name: resolvers + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.65.2" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.65.2" + # labels below are related to istio and should not be used for resource lookup + version: "v0.65.2" +spec: + minReplicas: 1 + maxReplicas: 5 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: tekton-pipelines-webhook + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 100 + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + # Note: the Deployment name must be the same as the Service name specified in + # config/400-webhook-service.yaml. If you change this name, you must also + # change the value of WEBHOOK_SERVICE_NAME below. + name: tekton-pipelines-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.65.2" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.65.2" + # labels below are related to istio and should not be used for resource lookup + version: "v0.65.2" +spec: + selector: + matchLabels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + template: + metadata: + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.65.2" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.65.2" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelines-webhook + version: "v0.65.2" + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: NotIn + values: + - windows + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: tekton-pipelines-webhook + containers: + - name: webhook + # This is the Go import path for the binary that is containerized + # and substituted here. + image: ghcr.io/tektoncd/pipeline/webhook-d4749e605405422fd87700164e31b2d1:v0.65.2@sha256:8379b21b994f115d2b5a656ca2c387578f2201621fd4f638fa05f0b95ba3ad8c + # Resource request required for autoscaler to take any action for a metric + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 500m + memory: 500Mi + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + # If you are changing these names, you will also need to update + # the webhook's Role in 200-role.yaml to include the new + # values in the "configmaps" "get" rule. + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election-webhook + - name: CONFIG_FEATURE_FLAGS_NAME + value: feature-flags + # If you change PROBES_PORT, you will also need to change the + # containerPort "probes" to the same value. + - name: PROBES_PORT + value: "8080" + # If you change WEBHOOK_PORT, you will also need to change the + # containerPort "https-webhook" to the same value. + - name: WEBHOOK_PORT + value: "8443" + # if you change WEBHOOK_ADMISSION_CONTROLLER_NAME, you will also need to update + # the webhooks.name in 500-webhooks.yaml to include the new names of admission webhooks. + # Additionally, you will also need to change the resource names (metadata.name) of + # "MutatingWebhookConfiguration" and "ValidatingWebhookConfiguration" in 500-webhooks.yaml + # to reflect the change in the name of the admission webhook. + # Followed by changing the webhook's Role in 200-clusterrole.yaml to update the "resourceNames" of + # "mutatingwebhookconfigurations" and "validatingwebhookconfigurations" resources. + - name: WEBHOOK_ADMISSION_CONTROLLER_NAME + value: webhook.pipeline.tekton.dev + - name: WEBHOOK_SERVICE_NAME + value: tekton-pipelines-webhook + - name: WEBHOOK_SECRET_NAME + value: webhook-certs + - name: METRICS_DOMAIN + value: tekton.dev/pipeline + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - "ALL" + # User 65532 is the distroless nonroot user ID + runAsUser: 65532 + runAsGroup: 65532 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + # This must match the value of the environment variable WEBHOOK_PORT. + - name: https-webhook + containerPort: 8443 + # This must match the value of the environment variable PROBES_PORT. + - name: probes + containerPort: 8080 + livenessProbe: + httpGet: + path: /health + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /readiness + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.65.2" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.65.2" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelines-webhook + version: "v0.65.2" + name: tekton-pipelines-webhook + namespace: tekton-pipelines +spec: + ports: + # Define metrics and profiling for them to be accessible within service meshes. + - name: http-metrics + port: 9090 + targetPort: metrics + - name: http-profiling + port: 8008 + targetPort: profiling + - name: https-webhook + port: 443 + targetPort: https-webhook + - name: probes + port: 8080 + targetPort: probes + selector: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + +--- diff --git a/cmd/openshift/operator/kodata/tekton-pipeline/0.65.2/01-clusterrole.yaml b/cmd/openshift/operator/kodata/tekton-pipeline/0.65.2/01-clusterrole.yaml new file mode 100644 index 0000000000..df751a62fc --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-pipeline/0.65.2/01-clusterrole.yaml @@ -0,0 +1,9 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: pipelines-scc-role +rules: +- apiGroups: [security.openshift.io] + resourceNames: [nonroot] + resources: [securitycontextconstraints] + verbs: [use] diff --git a/cmd/openshift/operator/kodata/tekton-pipeline/0.65.2/02-rolebinding.yaml b/cmd/openshift/operator/kodata/tekton-pipeline/0.65.2/02-rolebinding.yaml new file mode 100644 index 0000000000..116e79a6a6 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-pipeline/0.65.2/02-rolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: openshift-pipelines-permission +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pipelines-scc-role +subjects: +- kind: ServiceAccount + name: tekton-pipelines-controller + namespace: openshift-pipelines diff --git a/cmd/openshift/operator/kodata/tekton-pipeline/0.65.2/03-clustertasks-view-permission.yaml b/cmd/openshift/operator/kodata/tekton-pipeline/0.65.2/03-clustertasks-view-permission.yaml new file mode 100644 index 0000000000..f08994df93 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-pipeline/0.65.2/03-clustertasks-view-permission.yaml @@ -0,0 +1,28 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: tekton-clustertasks-view-role +rules: + - apiGroups: + - tekton.dev + resources: + - clustertasks + verbs: + - get + - list + - watch +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-clustertasks-view-rolebinding-all-users +roleRef: + kind: ClusterRole + name: tekton-clustertasks-view-role + apiGroup: rbac.authorization.k8s.io +subjects: + - apiGroup: rbac.authorization.k8s.io + kind: Group + name: system:authenticated diff --git a/cmd/openshift/operator/kodata/tekton-pipeline/00-prereconcile/openshift-pipelines-scc.yaml b/cmd/openshift/operator/kodata/tekton-pipeline/00-prereconcile/openshift-pipelines-scc.yaml new file mode 100644 index 0000000000..b2015a0a9b --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-pipeline/00-prereconcile/openshift-pipelines-scc.yaml @@ -0,0 +1,43 @@ +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints +metadata: + annotations: + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + kubernetes.io/description: pipelines-scc is a close replica of anyuid scc. pipelines-scc has fsGroup - MustRunAs. + release.openshift.io/create-only: "true" + name: pipelines-scc +allowHostDirVolumePlugin: false +allowHostIPC: false +allowHostNetwork: false +allowHostPID: false +allowHostPorts: false +allowPrivilegeEscalation: false +allowPrivilegedContainer: false +allowedCapabilities: +- SETFCAP +defaultAddCapabilities: null +fsGroup: + type: MustRunAs +groups: +- system:cluster-admins +priority: 10 +readOnlyRootFilesystem: false +requiredDropCapabilities: +- MKNOD +runAsUser: + type: RunAsAny +seLinuxContext: + type: MustRunAs +supplementalGroups: + type: RunAsAny +volumes: +- configMap +- csi +- downwardAPI +- emptyDir +- ephemeral +- persistentVolumeClaim +- projected +- secret diff --git a/cmd/openshift/operator/kodata/tekton-pruner/00-pruner.yaml b/cmd/openshift/operator/kodata/tekton-pruner/00-pruner.yaml new file mode 100644 index 0000000000..07902d83d1 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-pruner/00-pruner.yaml @@ -0,0 +1,69 @@ +# Copyright 2023 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-resource-pruner + labels: + app.kubernetes.io/part-of: tekton-config +rules: + # allow tkn command to delete pipelinerun and taskrun + - apiGroups: + - tekton.dev + resources: + - taskruns + - pipelineruns + verbs: + - list + - get + - delete + - deletecollection + # allow tkn command to list pipelines and tasks + # if individual resource selection enabled, + # tkn cmd has to get pipelinerun and taskrun parent resource names + # ie, pipelines, tasks + - apiGroups: + - tekton.dev + resources: + - tasks + - pipelines + verbs: + - list + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-resource-pruner + namespace: tekton-pipelines + labels: + app.kubernetes.io/part-of: tekton-config + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-resource-pruner + labels: + app.kubernetes.io/part-of: tekton-config +subjects: + - kind: ServiceAccount + name: tekton-resource-pruner + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-resource-pruner + apiGroup: rbac.authorization.k8s.io diff --git a/cmd/openshift/operator/kodata/tekton-results/0.13.0/00-results.yaml b/cmd/openshift/operator/kodata/tekton-results/0.13.0/00-results.yaml new file mode 100644 index 0000000000..f07fee0ae6 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-results/0.13.0/00-results.yaml @@ -0,0 +1,723 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.13.0 + name: tekton-results-api + namespace: tekton-pipelines +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.13.0 + name: tekton-results-watcher + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/name: tekton-results-info + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.13.0 + name: tekton-results-info + namespace: tekton-pipelines +rules: + - apiGroups: + - "" + resourceNames: + - tekton-results-info + resources: + - configmaps + verbs: + - get + - describe +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.13.0 + rbac.authorization.k8s.io/aggregate-to-admin: "true" + name: tekton-results-admin +rules: + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - create + - update + - get + - list + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.13.0 + name: tekton-results-api +rules: + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.13.0 + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: tekton-results-readonly +rules: + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + - summary + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.13.0 + name: tekton-results-readwrite +rules: + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - create + - update + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.13.0 + name: tekton-results-watcher +rules: + - apiGroups: + - results.tekton.dev + resources: + - logs + - results + - records + verbs: + - create + - get + - update + - apiGroups: + - tekton.dev + resources: + - pipelineruns + - taskruns + verbs: + - get + - list + - patch + - update + - watch + - delete + - apiGroups: + - "" + resources: + - configmaps + - pods + - events + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - create + - update + - delete + - patch + - watch + - apiGroups: + - tekton.dev + resources: + - pipelines + verbs: + - get + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: tekton-results-info + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.13.0 + name: tekton-results-info + namespace: tekton-pipelines +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: tekton-results-info +subjects: + - apiGroup: rbac.authorization.k8s.io + kind: Group + name: system:authenticated +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.13.0 + name: tekton-results-api +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-results-api +subjects: + - kind: ServiceAccount + name: tekton-results-api + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.13.0 + name: tekton-results-watcher +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-results-watcher +subjects: + - kind: ServiceAccount + name: tekton-results-watcher + namespace: tekton-pipelines +--- +apiVersion: v1 +data: + config: |- + DB_USER= + DB_PASSWORD= + DB_HOST=tekton-results-postgres-service.tekton-pipelines.svc.cluster.local + DB_PORT=5432 + DB_NAME=tekton-results + DB_SSLMODE=disable + DB_SSLROOTCERT= + DB_ENABLE_AUTO_MIGRATION=true + DB_MAX_IDLE_CONNECTIONS=10 + DB_MAX_OPEN_CONNECTIONS=10 + GRPC_WORKER_POOL=2 + K8S_QPS=5 + K8S_BURST=10 + PROFILING=false + PROFILING_PORT=6060 + SERVER_PORT=8080 + PROMETHEUS_PORT=9090 + PROMETHEUS_HISTOGRAM=false + TLS_PATH=/etc/tls + AUTH_DISABLE=false + AUTH_IMPERSONATE=true + LOG_LEVEL=info + LOGS_API=false + LOGS_TYPE=File + LOGS_BUFFER_SIZE=32768 + LOGS_PATH=/logs + LOGS_TIMESTAMPS=false + S3_BUCKET_NAME= + S3_ENDPOINT= + S3_HOSTNAME_IMMUTABLE=false + S3_REGION= + S3_ACCESS_KEY_ID= + S3_SECRET_ACCESS_KEY= + S3_MULTI_PART_SIZE=5242880 + GCS_BUCKET_NAME= + STORAGE_EMULATOR_HOST= + CONVERTER_ENABLE=false + CONVERTER_DB_LIMIT=50 + MAX_RETENTION= + LOGGING_PLUGIN_PROXY_PATH=/api/logs/v1/application + LOGGING_PLUGIN_API_URL= + LOGGING_PLUGIN_TOKEN_PATH=/var/run/secrets/kubernetes.io/serviceaccount/token + LOGGING_PLUGIN_NAMESPACE_KEY=kubernetes_namespace_name + LOGGING_PLUGIN_STATIC_LABELS='log_type=application' + LOGGING_PLUGIN_CA_CERT= + LOGGING_PLUGIN_QUERY_LIMIT=1700 + LOGGING_PLUGIN_TLS_VERIFICATION_DISABLE= + LOGGING_PLUGIN_FORWARDER_DELAY_DURATION=10 + LOGGING_PLUGIN_QUERY_PARAMS='direction=forward' +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.13.0 + name: tekton-results-api-config + namespace: tekton-pipelines +--- +apiVersion: v1 +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: tekton-results-leader-election + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.13.0 + name: tekton-results-config-leader-election + namespace: tekton-pipelines +--- +apiVersion: v1 +data: + loglevel.watcher: info + zap-logger-config: | + { + "level": "info", + "development": false, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "time", + "levelKey": "level", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "msg", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "iso8601", + "durationEncoder": "string", + "callerEncoder": "" + } + } +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: tekton-results-logging + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.13.0 + name: tekton-results-config-logging + namespace: tekton-pipelines +--- +apiVersion: v1 +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # metrics.backend-destination field specifies the system metrics destination. + # It supports either prometheus (the default) or stackdriver. + # Note: Using Stackdriver will incur additional charges. + metrics.backend-destination: prometheus + + # metrics.stackdriver-project-id field specifies the Stackdriver project ID. This + # field is optional. When running on GCE, application default credentials will be + # used and metrics will be sent to the cluster's project if this field is + # not provided. + metrics.stackdriver-project-id: "" + + # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed + # to send metrics to Stackdriver using "global" resource type and custom + # metric type. Setting this flag to "true" could cause extra Stackdriver + # charge. If metrics.backend-destination is not Stackdriver, this is + # ignored. + metrics.allow-stackdriver-custom-metrics: "false" + metrics.taskrun.level: "task" + metrics.taskrun.duration-type: "histogram" + metrics.pipelinerun.level: "pipeline" + metrics.pipelinerun.duration-type: "histogram" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: tekton-results-observability + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.13.0 + name: tekton-results-config-observability + namespace: tekton-pipelines +--- +apiVersion: v1 +data: + maxRetention: "30" + runAt: 5 5 * * 0 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: tekton-results-retention-policy + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.13.0 + name: tekton-results-config-results-retention-policy + namespace: tekton-pipelines +--- +apiVersion: v1 +data: + version: v0.13.0 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: tekton-results-info + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.13.0 + name: tekton-results-info + namespace: tekton-pipelines +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: tekton-results-api + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.13.0 + name: tekton-results-api-service + namespace: tekton-pipelines +spec: + ports: + - name: server + port: 8080 + protocol: TCP + targetPort: 8080 + - name: prometheus + port: 9090 + protocol: TCP + targetPort: 9090 + - name: profiling + port: 6060 + protocol: TCP + targetPort: 6060 + selector: + app.kubernetes.io/name: tekton-results-api + app.kubernetes.io/version: v0.13.0 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: tekton-results-watcher + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.13.0 + name: tekton-results-watcher + namespace: tekton-pipelines +spec: + ports: + - name: metrics + port: 9090 + - name: profiling + port: 8008 + selector: + app.kubernetes.io/name: tekton-results-watcher + app.kubernetes.io/version: v0.13.0 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: tekton-results-api + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.13.0 + name: tekton-results-api + namespace: tekton-pipelines +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: tekton-results-api + app.kubernetes.io/version: v0.13.0 + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app.kubernetes.io/name: tekton-results-api + app.kubernetes.io/version: v0.13.0 + spec: + containers: + - env: + - name: DB_USER + valueFrom: + secretKeyRef: + key: POSTGRES_USER + name: tekton-results-postgres + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: POSTGRES_PASSWORD + name: tekton-results-postgres + image: gcr.io/tekton-releases/github.com/tektoncd/results/cmd/api:v0.13.0@sha256:c44782697d5f1df9943c611b4333c90d43cafc19aa7ef876c1355acbcc604b16 + livenessProbe: + httpGet: + path: /healthz + port: 8080 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 + name: api + readinessProbe: + httpGet: + path: /healthz + port: 8080 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + startupProbe: + failureThreshold: 10 + httpGet: + path: /healthz + port: 8080 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/tekton/results + name: config + readOnly: true + - mountPath: /etc/tls + name: tls + readOnly: true + serviceAccountName: tekton-results-api + volumes: + - configMap: + name: tekton-results-api-config + name: config + - name: tls + secret: + secretName: tekton-results-tls +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: tekton-results-retention-policy-agent + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.13.0 + name: tekton-results-retention-policy-agent + namespace: tekton-pipelines +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: tekton-results-retention-policy-agent + app.kubernetes.io/version: v0.13.0 + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app.kubernetes.io/name: tekton-results-retention-policy-agent + app.kubernetes.io/version: v0.13.0 + spec: + containers: + - env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: tekton-results-config-logging + - name: DB_USER + valueFrom: + secretKeyRef: + key: POSTGRES_USER + name: tekton-results-postgres + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: POSTGRES_PASSWORD + name: tekton-results-postgres + image: gcr.io/tekton-releases/github.com/tektoncd/results/cmd/retention-policy-agent:v0.13.0@sha256:fddf96fe6eaba31c1e4ec52544fecfe31865982334e8d09a2cff70fa9ecb1c7e + name: retention-policy-agent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/tekton/results + name: config + readOnly: true + - mountPath: /etc/tls + name: tls + readOnly: true + serviceAccountName: tekton-results-watcher + volumes: + - configMap: + name: tekton-results-api-config + name: config + - name: tls + secret: + secretName: tekton-results-tls +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: tekton-results-watcher + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: v0.13.0 + name: tekton-results-watcher + namespace: tekton-pipelines +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: tekton-results-watcher + app.kubernetes.io/version: v0.13.0 + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app.kubernetes.io/name: tekton-results-watcher + app.kubernetes.io/version: v0.13.0 + spec: + containers: + - args: + - -api_addr + - $(TEKTON_RESULTS_API_SERVICE) + - -auth_mode + - $(AUTH_MODE) + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: tekton-results-config-logging + - name: CONFIG_LEADERELECTION_NAME + value: tekton-results-config-leader-election + - name: CONFIG_OBSERVABILITY_NAME + value: tekton-results-config-observability + - name: METRICS_DOMAIN + value: tekton.dev/results + - name: TEKTON_RESULTS_API_SERVICE + value: tekton-results-api-service.tekton-pipelines.svc.cluster.local:8080 + - name: AUTH_MODE + value: token + image: gcr.io/tekton-releases/github.com/tektoncd/results/cmd/watcher:v0.13.0@sha256:d06cea9856390e42f48a301902e5907909a7342c4317a25971282504b8261f5a + name: watcher + ports: + - containerPort: 9090 + name: metrics + - containerPort: 8008 + name: profiling + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/tls + name: tls + readOnly: true + serviceAccountName: tekton-results-watcher + volumes: + - name: tls + secret: + secretName: tekton-results-tls + +--- diff --git a/cmd/openshift/operator/kodata/tekton-trigger/0.30.0/00-triggers.yaml b/cmd/openshift/operator/kodata/tekton-trigger/0.30.0/00-triggers.yaml new file mode 100644 index 0000000000..977c4809e7 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-trigger/0.30.0/00-triggers.yaml @@ -0,0 +1,1648 @@ +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-triggers-admin + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +rules: + - apiGroups: [""] + resources: ["configmaps", "services", "events"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["apps"] + resources: ["deployments", "deployments/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["triggers.tekton.dev"] + resources: ["clustertriggerbindings", "clusterinterceptors", "interceptors", "eventlisteners", "triggerbindings", "triggertemplates", "triggers", "eventlisteners/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["triggers.tekton.dev"] + resources: ["clustertriggerbindings/status", "clusterinterceptors/status", "interceptors/status", "eventlisteners/status", "triggerbindings/status", "triggertemplates/status", "triggers/status"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + # We uses leases for leaderelection + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["serving.knative.dev"] + resources: ["*", "*/status", "*/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "deletecollection", "patch", "watch"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get"] + # The webhook configured the namespace as the OwnerRef on various cluster-scoped resources, + # which requires we can Get the system namespace. + resourceNames: ["tekton-pipelines"] + - apiGroups: [""] + resources: ["namespaces/finalizers"] + verbs: ["update"] + # The webhook configured the namespace as the OwnerRef on various cluster-scoped resources, + # which requires we can update the system namespace finalizers. + resourceNames: ["tekton-pipelines"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-triggers-core-interceptors + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-triggers-core-interceptors-secrets + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +rules: + - apiGroups: ["triggers.tekton.dev"] + resources: ["clusterinterceptors"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch", "update"] + resourceNames: ["tekton-triggers-core-interceptors-certs"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-triggers-eventlistener-roles + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +rules: + - apiGroups: ["triggers.tekton.dev"] + resources: ["eventlisteners", "triggerbindings", "interceptors", "triggertemplates", "triggers"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["pipelineruns", "pipelineresources", "taskruns"] + verbs: ["create"] + - apiGroups: [""] + resources: ["serviceaccounts"] + verbs: ["impersonate"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-triggers-eventlistener-clusterroles + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +rules: + - apiGroups: ["triggers.tekton.dev"] + resources: ["clustertriggerbindings", "clusterinterceptors"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: when multi-tenant EventListener progresses, moving this Role +# to a ClusterRole is not the advisable path. Additional Roles that +# adds access to Secrets to the Namespaces managed by the multi-tenant +# EventListener is what should be done. While not as simple, it avoids +# giving access to K8S system level, cluster admin privileged level Secrets + +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-triggers-admin-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: tekton-triggers-info + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +rules: + # All system:authenticated users needs to have access + # of the triggers-info ConfigMap even if they don't + # have access to the other resources present in the + # installed namespace. + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["triggers-info"] + verbs: ["get"] + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-triggers-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-triggers-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-triggers-controller-admin + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +subjects: + - kind: ServiceAccount + name: tekton-triggers-controller + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-triggers-admin + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-triggers-webhook-admin + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +subjects: + - kind: ServiceAccount + name: tekton-triggers-webhook + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-triggers-admin + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-triggers-core-interceptors + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +subjects: + - kind: ServiceAccount + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-triggers-core-interceptors + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-triggers-core-interceptors-secrets + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +subjects: + - kind: ServiceAccount + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-triggers-core-interceptors-secrets + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-triggers-webhook-admin + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +subjects: + - kind: ServiceAccount + name: tekton-triggers-webhook + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-triggers-admin-webhook + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +subjects: + - kind: ServiceAccount + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-triggers-core-interceptors + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-triggers-info + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +subjects: + # Giving all system:authenticated users the access of the + # ConfigMap which contains version information. + - kind: Group + name: system:authenticated + apiGroup: rbac.authorization.k8s.io +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: tekton-triggers-info + +--- +# Copyright 2021 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterinterceptors.triggers.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.30.0" + version: "v0.30.0" +spec: + group: triggers.tekton.dev + scope: Cluster + names: + kind: ClusterInterceptor + plural: clusterinterceptors + singular: clusterinterceptor + shortNames: + - ci + categories: + - tekton + - tekton-triggers + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clustertriggerbindings.triggers.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.30.0" + version: "v0.30.0" +spec: + group: triggers.tekton.dev + scope: Cluster + names: + kind: ClusterTriggerBinding + plural: clustertriggerbindings + singular: clustertriggerbinding + shortNames: + - ctb + categories: + - tekton + - tekton-triggers + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + - name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: eventlisteners.triggers.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.30.0" + version: "v0.30.0" +spec: + group: triggers.tekton.dev + scope: Namespaced + names: + kind: EventListener + plural: eventlisteners + singular: eventlistener + shortNames: + - el + categories: + - tekton + - tekton-triggers + versions: + - name: v1beta1 + served: true + storage: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Address + type: string + jsonPath: .status.address.url + - name: Available + type: string + jsonPath: ".status.conditions[?(@.type=='Available')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Available')].reason" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + - name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + additionalPrinterColumns: + - name: Address + type: string + jsonPath: .status.address.url + - name: Available + type: string + jsonPath: ".status.conditions[?(@.type=='Available')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Available')].reason" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: interceptors.triggers.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.30.0" + version: "v0.30.0" +spec: + group: triggers.tekton.dev + scope: Namespaced + names: + kind: Interceptor + plural: interceptors + singular: interceptor + shortNames: + - ni + categories: + - tekton + - tekton-triggers + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: triggers.triggers.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.30.0" + version: "v0.30.0" +spec: + group: triggers.tekton.dev + scope: Namespaced + names: + kind: Trigger + plural: triggers + singular: trigger + shortNames: + - tri + categories: + - tekton + - tekton-triggers + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + - name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: triggerbindings.triggers.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.30.0" + version: "v0.30.0" +spec: + group: triggers.tekton.dev + scope: Namespaced + names: + kind: TriggerBinding + plural: triggerbindings + singular: triggerbinding + shortNames: + - tb + categories: + - tekton + - tekton-triggers + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: triggertemplates.triggers.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.30.0" + version: "v0.30.0" +spec: + group: triggers.tekton.dev + scope: Namespaced + names: + kind: TriggerTemplate + plural: triggertemplates + singular: triggertemplate + shortNames: + - tt + categories: + - tekton + - tekton-triggers + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: triggers-webhook-certs + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.30.0" +# The data is populated at install time. +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.webhook.triggers.tekton.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.30.0" +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: tekton-triggers-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: validation.webhook.triggers.tekton.dev +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: webhook.triggers.tekton.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.30.0" +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: tekton-triggers-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: webhook.triggers.tekton.dev +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: config.webhook.triggers.tekton.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.30.0" +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: tekton-triggers-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: config.webhook.triggers.tekton.dev + namespaceSelector: + matchExpressions: + - key: triggers.tekton.dev/release + operator: Exists + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-triggers-aggregate-edit + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - triggers.tekton.dev + resources: + - clustertriggerbindings + - clusterinterceptors + - eventlisteners + - interceptors + - triggers + - triggerbindings + - triggertemplates + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-triggers-aggregate-view + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: + - apiGroups: + - triggers.tekton.dev + resources: + - clustertriggerbindings + - clusterinterceptors + - eventlisteners + - interceptors + - triggers + - triggerbindings + - triggertemplates + verbs: + - get + - list + - watch + +--- +# Copyright 2021 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-defaults-triggers + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # default-service-account contains the default service account name + # to use for TaskRun and PipelineRun, if none is specified. + default-service-account: "default" + default-run-as-user: "65532" + default-run-as-group: "65532" + default-fs-group: "65532" + default-run-as-non-root: "true" # allowed values are true and false + +--- +# Copyright 2021 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: feature-flags-triggers + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # Setting this flag will determine which gated features are enabled. + # Acceptable values are "stable" or "alpha". + enable-api-fields: "stable" + # Setting this field with valid regex pattern matching the pattern will exclude labels from + # getting added to resources created by the EventListener such as the deployment + labels-exclusion-pattern: "" + +--- +# Copyright 2021 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: triggers-info + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +data: + # Contains triggers version which can be queried by external + # tools such as CLI. Elevated permissions are already given to + # this ConfigMap such that even if we don't have access to + # other resources in the namespace we still can have access to + # this ConfigMap. + version: "v0.30.0" + +--- +# Copyright 2023 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-leader-election-triggers-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" + +--- +# Copyright 2023 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-leader-election-triggers-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" + +--- +# Copyright 2019 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-logging-triggers + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +data: + # Common configuration for all knative codebase + zap-logger-config: | + { + "level": "info", + "development": false, + "disableStacktrace": true, + "sampling": { + "initial": 100, + "thereafter": 100 + }, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "timestamp", + "levelKey": "severity", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "message", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "iso8601", + "durationEncoder": "", + "callerEncoder": "" + } + } + # Log level overrides + loglevel.controller: "info" + loglevel.webhook: "info" + loglevel.eventlistener: "info" + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-observability-triggers + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # metrics.backend-destination field specifies the system metrics destination. + # It supports either prometheus (the default) or stackdriver. + # Note: Using stackdriver will incur additional charges + metrics.backend-destination: prometheus + + # metrics.stackdriver-project-id field specifies the stackdriver project ID. This + # field is optional. When running on GCE, application default credentials will be + # used if this field is not provided. + metrics.stackdriver-project-id: "" + + # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to + # Stackdriver using "global" resource type and custom metric type if the + # metrics are not supported by "knative_revision" resource type. Setting this + # flag to "true" could cause extra Stackdriver charge. + # If metrics.backend-destination is not Stackdriver, this is ignored. + metrics.allow-stackdriver-custom-metrics: "false" + +--- +# Copyright 2019 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.30.0" + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.30.0" + app: tekton-triggers-controller + version: "v0.30.0" + name: tekton-triggers-controller + namespace: tekton-pipelines +spec: + ports: + - name: http-metrics + port: 9000 + protocol: TCP + targetPort: 9000 + selector: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-triggers-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.30.0" + app.kubernetes.io/part-of: tekton-triggers + # tekton.dev/release value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml + triggers.tekton.dev/release: "v0.30.0" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + template: + metadata: + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.30.0" + app.kubernetes.io/part-of: tekton-triggers + app: tekton-triggers-controller + triggers.tekton.dev/release: "v0.30.0" + # version value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml + version: "v0.30.0" + spec: + serviceAccountName: tekton-triggers-controller + containers: + - name: tekton-triggers-controller + image: "ghcr.io/tektoncd/triggers/controller-f656ca31de179ab913fa76abc255c315:v0.30.0@sha256:522304c51a07c8d27a2d9df746fa88400a87e2269fbeec6ea8abdeb6f957c93f" + args: ["-logtostderr", "-stderrthreshold", "INFO", "-el-image", "ghcr.io/tektoncd/triggers/eventlistenersink-7ad1faa98cddbcb0c24990303b220bb8:v0.30.0@sha256:ba22b87166bcc29e20f4a7dc11be3ff063d6e1276e7e0db7819b381f4e13d7a3", "-el-port", "8080", "-el-security-context=true", "-el-read-only-root-filesystem=true", "-el-events", "disable", "-el-readtimeout", "5", "-el-writetimeout", "40", "-el-idletimeout", "120", "-el-timeouthandler", "30", "-el-httpclient-readtimeout", "30", "-el-httpclient-keep-alive", "30", "-el-httpclient-tlshandshaketimeout", "10", "-el-httpclient-responseheadertimeout", "10", "-el-httpclient-expectcontinuetimeout", "1", "-period-seconds", "10", "-failure-threshold", "3"] + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging-triggers + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability-triggers + - name: CONFIG_DEFAULTS_NAME + value: config-defaults-triggers + - name: METRICS_DOMAIN + value: tekton.dev/triggers + - name: METRICS_PROMETHEUS_PORT + value: "9000" + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election-triggers-controllers + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - "ALL" + # User 65532 is the distroless nonroot user ID + runAsUser: 65532 + runAsGroup: 65532 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: tekton-triggers-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.30.0" + app.kubernetes.io/part-of: tekton-triggers + app: tekton-triggers-webhook + version: "v0.30.0" + triggers.tekton.dev/release: "v0.30.0" +spec: + ports: + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-triggers-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.30.0" + app.kubernetes.io/part-of: tekton-triggers + # tekton.dev/release value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml + triggers.tekton.dev/release: "v0.30.0" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + template: + metadata: + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.30.0" + app.kubernetes.io/part-of: tekton-triggers + app: tekton-triggers-webhook + triggers.tekton.dev/release: "v0.30.0" + # version value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml + version: "v0.30.0" + spec: + serviceAccountName: tekton-triggers-webhook + containers: + - name: webhook + # This is the Go import path for the binary that is containerized + # and substituted here. + image: "ghcr.io/tektoncd/triggers/webhook-dd1edc925ee1772a9f76e2c1bc291ef6:v0.30.0@sha256:fc72ca984313ce59f19537afb1ca4b1b3b0a593c7ec111386f96fed415550293" + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging-triggers + - name: WEBHOOK_SERVICE_NAME + value: tekton-triggers-webhook + - name: WEBHOOK_SECRET_NAME + value: triggers-webhook-certs + - name: METRICS_DOMAIN + value: tekton.dev/triggers + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election-triggers-webhook + ports: + - name: metrics + containerPort: 9000 + - name: profiling + containerPort: 8008 + - name: https-webhook + containerPort: 8443 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + # User 65532 is the distroless nonroot user ID + runAsUser: 65532 + runAsGroup: 65532 + runAsNonRoot: true + capabilities: + drop: + - "ALL" + seccompProfile: + type: RuntimeDefault + +--- diff --git a/cmd/openshift/operator/kodata/tekton-trigger/0.30.0/01-clustertriggerbindings-view-permission.yaml b/cmd/openshift/operator/kodata/tekton-trigger/0.30.0/01-clustertriggerbindings-view-permission.yaml new file mode 100644 index 0000000000..1d4370009f --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-trigger/0.30.0/01-clustertriggerbindings-view-permission.yaml @@ -0,0 +1,28 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: tekton-clustertriggerbindings-view-role +rules: + - apiGroups: + - triggers.tekton.dev + resources: + - clustertriggerbindings + verbs: + - get + - list + - watch +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-clustertriggerbindings-view-rolebinding-all-users +roleRef: + kind: ClusterRole + name: tekton-clustertriggerbindings-view-role + apiGroup: rbac.authorization.k8s.io +subjects: + - apiGroup: rbac.authorization.k8s.io + kind: Group + name: system:authenticated diff --git a/cmd/openshift/operator/kodata/tekton-trigger/0.30.0/01-interceptors.yaml b/cmd/openshift/operator/kodata/tekton-trigger/0.30.0/01-interceptors.yaml new file mode 100644 index 0000000000..ceecddb4f4 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-trigger/0.30.0/01-interceptors.yaml @@ -0,0 +1,230 @@ +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: tekton-triggers-core-interceptors-certs + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: core-interceptors + app.kubernetes.io/component: interceptors + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.30.0" +# The data is populated at install time. + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: core-interceptors + app.kubernetes.io/component: interceptors + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.30.0" + app.kubernetes.io/part-of: tekton-triggers + # tekton.dev/release value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml + triggers.tekton.dev/release: "v0.30.0" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: core-interceptors + app.kubernetes.io/component: interceptors + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + template: + metadata: + labels: + app.kubernetes.io/name: core-interceptors + app.kubernetes.io/component: interceptors + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.30.0" + app.kubernetes.io/part-of: tekton-triggers + app: tekton-triggers-core-interceptors + triggers.tekton.dev/release: "v0.30.0" + # version value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml + version: "v0.30.0" + spec: + serviceAccountName: tekton-triggers-core-interceptors + containers: + - name: tekton-triggers-core-interceptors + image: "ghcr.io/tektoncd/triggers/interceptors-3176d6a3f314c3655b30bfd36e421dd5:v0.30.0@sha256:d2898b90afce06e10773af96e150f49c4d63db0ccb6ca93a466c38fa5c1ebb01" + ports: + - containerPort: 8443 + args: ["-logtostderr", "-stderrthreshold", "INFO"] + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging-triggers + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability-triggers + - name: METRICS_DOMAIN + value: tekton.dev/triggers + # assuming service and deployment names are same always for consistency + - name: INTERCEPTOR_TLS_SVC_NAME + value: tekton-triggers-core-interceptors + - name: INTERCEPTOR_TLS_SECRET_NAME + value: tekton-triggers-core-interceptors-certs + readinessProbe: + httpGet: + path: /ready + port: 8443 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + # User 65532 is the distroless nonroot user ID + runAsUser: 65532 + runAsGroup: 65532 + runAsNonRoot: true + capabilities: + drop: + - "ALL" + seccompProfile: + type: RuntimeDefault +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: tekton-triggers-core-interceptors + app.kubernetes.io/component: interceptors + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.30.0" + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.30.0" + app: tekton-triggers-core-interceptors + version: "v0.30.0" + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines +spec: + ports: + - name: "https" + port: 8443 + selector: + app.kubernetes.io/name: core-interceptors + app.kubernetes.io/component: interceptors + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + +--- +# Copyright 2021 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: triggers.tekton.dev/v1alpha1 +kind: ClusterInterceptor +metadata: + name: cel + labels: + server/type: https +spec: + clientConfig: + service: + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines + path: "cel" + port: 8443 +--- +apiVersion: triggers.tekton.dev/v1alpha1 +kind: ClusterInterceptor +metadata: + name: bitbucket + labels: + server/type: https +spec: + clientConfig: + service: + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines + path: "bitbucket" + port: 8443 +--- +apiVersion: triggers.tekton.dev/v1alpha1 +kind: ClusterInterceptor +metadata: + name: slack + labels: + server/type: https +spec: + clientConfig: + service: + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines + path: "slack" + port: 8443 +--- +apiVersion: triggers.tekton.dev/v1alpha1 +kind: ClusterInterceptor +metadata: + name: github + labels: + server/type: https +spec: + clientConfig: + service: + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines + path: "github" + port: 8443 +--- +apiVersion: triggers.tekton.dev/v1alpha1 +kind: ClusterInterceptor +metadata: + name: gitlab + labels: + server/type: https +spec: + clientConfig: + service: + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines + path: "gitlab" + port: 8443 + +--- diff --git a/key.pem b/key.pem new file mode 100644 index 0000000000..288eccbf6d --- /dev/null +++ b/key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQD11JE/Lr0rImOG +KoteI7a35R/UFrn8tlkyozFAVNBAkQ4C5xbLEaS7nG2mhe9WrG1Rx1NpISI7EpSq +8rd3+cIIGqe6MKXj4Pks/ETeUdydWH8ZWMRLNwmWXqAJ94ksQDYtGvttrz8uf8tu +qH1re2TpUH/wZYB/irJ0HkFD2z/jXVdkBSPLMB/jGZyJtBpEt5Te25HC47QtgOor +95fdHZfq21CXqqriR2ITXAyu04EUisebt5tvnbuGCXuUb8WL9YjPBgHtAsw2lprN +ssaqtjm2DN6gvfIZIRY0DS/ZhKLRNhuas5VoTCnX6xZgtZcmyf8Mx549OnfY1WhU +girmbI3QYsQpssKbB1c4lbum3EIPXrWFFxzGd0f26sCe0/gd04BHZLW+RC2Yj97V +r+CwT+qWyXiJl/8E39IbHvL9YXeyibNMHEl2ONFeGHWw8Cajpd5Yh6uM1QNSKHgw +p7sxKZEHrcURxKugd3iddE/4qaUdtoIhr/kykPNMKefG/P+FiywjBu91k2Sua9tR +YYJmefyVafRwuDvS4CAs8Iuf6svfWkRQP5sHdTSBD4lKncGjSVBB8zDUdvSTFShB +Bvv0xLGF9t6RjC42i/HywQJ6u4adMSQKnZ2eoyeZ2BDTYTIUW4WKcmv5kXQnYki5 +27nGO6qD6E18v3FXv86tEuAD1uKsrQIDAQABAoIB/yq7SIQzG67jy2kG/DLhAmH0 +8hNr3+iNyfODaoxEMe8HR+g5Qz0JVBlIl8bagUAPuPD+NQGRQOID2NPeXQX95DyE +ZaN30V5LPQUU1OPQVwkC2RUO2RA6APCigi85WB7ZCpHMnufyDomGrVYO8747NM9Z +ruOawTtqYJrOp4mkEvbywr4gJpirRN+1FADbzbUkNDyI7k1yR1+hiRMbdsp42m94 +sAmtIQc0YVf8KDg7i7SGaywmPl6ojHBANbsXsr8hbyaNZMhONDFI/J/E88O46U87 +7XcDjZHQrotdv3OQGr1DKok5rj7y/lMKClnFNwEHG86c5GTARRTsA7as6cgkFoJL +b0VhJg+IMdTSRpM8QOcxl5vs1NgL6jY8O5Wdjvy0IenKkUlYJYIuv/q1aIB5GbP3 +ncgzbusFToWgb4cgQvjbYmHTnvYGyMYUfpjWTQ7RzjGsBLrRPUCtK7HKs6UqjySN +u3Zvf6HwvXynolxbYc8Y83gBwoqx3h1Dz1V6Sp5mW8gwdBk+IW1Yl6gOLeWOKemC +czk9NPBKc7eWO4qPV94QnChKuGhxhibqYvsYQ0ZnwxApoxrVXDfEok5KLpC9Z5OI +cZBC/iR/WoLMYh46uru9yHH/e0wSqJ7dYh+1/WrxbbnYCmlNaehz6UiUR7LZqA1n +DdHDmL+OzIPNnsSArgECggEBAP7FwWV1w97NhJr1oLPGwnjWUcqwu2cE1poidO04 +vX+FKnDOnJBZPe+d5bRswbFU70IyiagFzYoL2/hhwkiFPOOVtBHeRLXmNf4ZELYy +RD7V2B8+g2So/qoIWiZpYLCxKWMRW6Ms2bQ2enWIRhD7lwp23XpCTfzeW2mgwupf +hnN8DM9HA5sGhZqoaF2aS55eQATQf87sH1wTcsCH8To+tFMy1/lpBaV9vkJ6eS5H +CffSxQmkBcsHJTcGMF2oM0/b/001Qg7irJh2uNqAU/tMzZE7zcoTbLtrt1RBxQHe +YOjMbVjBBepRzjNh7U3USXRAftcYKPyfedxC+vbkkMjCTQECggEBAPcDyEriwfvs +SXXX4LOI4sZCIfC4KIeVDjFLyPoPU1BqntRffkEoncQo/ppNU/oKkwEfLCKCmWW9 +XyyQV4G1fZiPRkmuknYAcMsn1PhiR7KbHr1+3Fxlbd3MoBG8mpR2ijopjOVQXK/b +ARUYJbQHfikcJM+5fUnRAT9GcpkYQCYzWvnmEeuLNHUKoEFBjJB8APuBhWVlsKcy +EyHr7yoGZRWUgXfMLuQ9Zxp/mAOmfnarsR8MtPQJ5fA+Z2RdN9bN9FNBNGu2hEEq +o3QPk2fvPRifQPZ6HXTujBZ7tKl1ek42s/tesmX7vqAe98FOUOIiq48oi3Wjxf0p +et7NBQuNo60CggEAfKy7mnIJ2xNJrCc9cBx4+Hcw6XaZDq3gcucfvyLAIRJClZeW +KFFzrLnhOezq0GPW/dcLZC0Ky15IVAFK+QAyrtCIoSHbEATLMUCE3BQ3L2SocYm+ +9Nh6XyzdKOTyiyT3MuLArFZ7ZuQuAywf1Zm47UcD1RtzXKZXp5YjLFx4yDTRc/G1 +gvyrDucQw5WJIcPPokuB7/m+0uk1g6BC3RToW7qK1COfvr+NBq02df4Pk7YR9EjP +CO7DOG0P6BUynwbypY7Fd9FXUvjuNwcLkfOguUzBxPzCfekVeucAiIyRcfrwG7nB +skw8Ewr9/NNA6uHQ8GODUzSbhr1EYOOzMntbAQKCAQAJYpFnlvn70lxwJ8WXzKmh +Er4rYTPZAubJJLH8HjzyHzrtorsvSpXD8DLMNgfsxh4TutV4cjHV1b4Z+Vn5yaV9 ++GOZRRK3fQjMDzVeQo2q0Y33cSx6LjhgZvfl9J6C6YYS86UwyT7cR5vg60vzbR1z +/me/pLKH7XL4rnqIKo21ZdodCIrBwkY59C9mi1EF5FA9PgyNb7GoiJSFg2tQ03Ff +woawwIc/kL2sGhDygo7nf1p5bYgqhX3BBP30qD4I4UZZK28McKDRwQb4z+av2j0e +BF75fmZEHRQhfo28qoP9GML51/07NrdlagfLxmf4T4zpIYc67wAEwGC0umFosPb5 +AoIBAQD6ju6AmwSvf4l/hrB88r6rEJaO7KA/NHa2wDOLD/KHMVXKSRn+zqgWCWiL +GoEjuH9XQnt9QGyIVAO9/BXbWgIqDf0tpmjogosriZe1FlQ9tgfC1kYraXIFJX7n +IHS5nsB1pWL+bJ7vvByxBQJn+mgOp0KvQJqPg4mpY0oZifM+uZ0fK1H06XNJ0zdJ +cpf7sF74ey0YJmug3m2fYcPyJ9v/83rXPzq4wumubwlcdi1PvwcBQZQ5jc4cbaVJ +5/nWscm2zF92EVKwPcbFV1f9qGorTaug+qmx3l3kw++xp6qKkM0sAmHJmO4bU9ZA +si3GyqFMoOcL9UqbMvIQde2Bnox9 +-----END PRIVATE KEY----- diff --git a/pkg/apis/operator/v1alpha1/tektonconfig_defaults.go b/pkg/apis/operator/v1alpha1/tektonconfig_defaults.go index 98f4320381..2ef549203b 100644 --- a/pkg/apis/operator/v1alpha1/tektonconfig_defaults.go +++ b/pkg/apis/operator/v1alpha1/tektonconfig_defaults.go @@ -32,6 +32,7 @@ func (tc *TektonConfig) SetDefaults(ctx context.Context) { tc.Spec.Pipeline.setDefaults() tc.Spec.Trigger.setDefaults() tc.Spec.Chain.setDefaults() + tc.Spec.Result.setDefaults() if IsOpenShiftPlatform() { if tc.Spec.Platforms.OpenShift.PipelinesAsCode == nil { diff --git a/pkg/apis/operator/v1alpha1/tektonconfig_types.go b/pkg/apis/operator/v1alpha1/tektonconfig_types.go index fca58a33f3..ab1822b878 100644 --- a/pkg/apis/operator/v1alpha1/tektonconfig_types.go +++ b/pkg/apis/operator/v1alpha1/tektonconfig_types.go @@ -105,6 +105,9 @@ type TektonConfigSpec struct { // Chain holds the customizable option for chains component // +optional Chain Chain `json:"chain,omitempty"` + // Result holds the customize option for results component + // +optional + Result Result `json:"result,omitempty"` // Dashboard holds the customizable options for dashboards component // +optional Dashboard Dashboard `json:"dashboard,omitempty"` diff --git a/pkg/apis/operator/v1alpha1/tektonconfig_validation.go b/pkg/apis/operator/v1alpha1/tektonconfig_validation.go index d78162d8f7..da867405b6 100644 --- a/pkg/apis/operator/v1alpha1/tektonconfig_validation.go +++ b/pkg/apis/operator/v1alpha1/tektonconfig_validation.go @@ -120,6 +120,7 @@ func (tc *TektonConfig) Validate(ctx context.Context) (errs *apis.FieldError) { errs = errs.Also(tc.Spec.Dashboard.Options.validate("spec.dashboard.options")) errs = errs.Also(tc.Spec.Chain.Options.validate("spec.chain.options")) errs = errs.Also(tc.Spec.Trigger.Options.validate("spec.trigger.options")) + errs = errs.Also(tc.Spec.Result.Options.validate("spec.result.options")) return errs.Also(tc.Spec.Trigger.TriggersProperties.validate("spec.trigger")) } diff --git a/pkg/apis/operator/v1alpha1/tektonresult_defaults.go b/pkg/apis/operator/v1alpha1/tektonresult_defaults.go index 1699a54a21..b621d87350 100644 --- a/pkg/apis/operator/v1alpha1/tektonresult_defaults.go +++ b/pkg/apis/operator/v1alpha1/tektonresult_defaults.go @@ -26,3 +26,8 @@ func (tp *TektonResult) SetDefaults(ctx context.Context) { tp.Spec.TLSHostnameOverride = "" } } + +// Sets default values of Result +func (c *Result) setDefaults() { + // TODO: Set the other default values for Result +} diff --git a/pkg/apis/operator/v1alpha1/tektonresult_types.go b/pkg/apis/operator/v1alpha1/tektonresult_types.go index 67878ae3a8..f2620c53c6 100644 --- a/pkg/apis/operator/v1alpha1/tektonresult_types.go +++ b/pkg/apis/operator/v1alpha1/tektonresult_types.go @@ -61,6 +61,15 @@ type LokiStackProperties struct { LokiStackNamespace string `json:"loki_stack_namespace,omitempty"` } +// Result defines the field to customize Result component +type Result struct { + // enable or disable Result Component + Disabled bool `json:"disabled"` + TektonResultSpec `json:",inline"` + // Options holds additions fields and these fields will be updated on the manifests + Options AdditionalOptions `json:"options"` +} + // ResultsAPIProperties defines the fields which are configurable for // Results API server config type ResultsAPIProperties struct { diff --git a/pkg/apis/operator/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/operator/v1alpha1/zz_generated.deepcopy.go index 95a95c2e10..c627eb2158 100644 --- a/pkg/apis/operator/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/operator/v1alpha1/zz_generated.deepcopy.go @@ -1251,7 +1251,6 @@ func (in *ResultsAPIProperties) DeepCopyInto(out *ResultsAPIProperties) { *out = new(uint) **out = **in } - in.Options.DeepCopyInto(&out.Options) return } diff --git a/pkg/reconciler/kubernetes/tektoninstallerset/client/list.go b/pkg/reconciler/kubernetes/tektoninstallerset/client/list.go index 79ab9536b8..94df1b70a0 100644 --- a/pkg/reconciler/kubernetes/tektoninstallerset/client/list.go +++ b/pkg/reconciler/kubernetes/tektoninstallerset/client/list.go @@ -37,3 +37,18 @@ func (i *InstallerSetClient) ListCustomSet(ctx context.Context, labelSelector st } return is, nil } + +// ListPreSet return the lists of Pre sets with the provided labelSelector +func (i *InstallerSetClient) ListPreSet(ctx context.Context, labelSelector string) (*v1alpha1.TektonInstallerSetList, error) { + logger := logging.FromContext(ctx) + logger.Debugf("%v: checking installer sets with labels: %v", i.resourceKind, labelSelector) + + is, err := i.clientSet.List(ctx, v1.ListOptions{LabelSelector: labelSelector}) + if err != nil { + return nil, err + } + if len(is.Items) == 0 { + logger.Debugf("%v: no installer sets found with labels: %v", i.resourceKind, labelSelector) + } + return is, nil +} diff --git a/pkg/reconciler/kubernetes/tektonresult/tektonresult.go b/pkg/reconciler/kubernetes/tektonresult/tektonresult.go index 759b1535c4..1dcb2686b5 100644 --- a/pkg/reconciler/kubernetes/tektonresult/tektonresult.go +++ b/pkg/reconciler/kubernetes/tektonresult/tektonresult.go @@ -18,6 +18,8 @@ package tektonresult import ( "context" + "crypto/rand" + "encoding/base64" "errors" "fmt" @@ -145,12 +147,24 @@ func (r *Reconciler) ReconcileKind(ctx context.Context, tr *v1alpha1.TektonResul return errors.New(errMsg) } - // check if the secrets are created - // TODO: Create secret automatically if they don't exist - // TODO: And remove this check in future release. - if err := r.validateSecretsAreCreated(ctx, tr); err != nil { - return err + // If external database is not set then create default DB otherwise validate it + if !tr.Spec.IsExternalDB { + if err := r.createDBSecret(ctx, tr); err != nil { + return err + } + } else { + if err := r.validateSecretsAreCreated(ctx, tr, DbSecretName); err != nil { + return err + } + } + + // Validated TLS Secret for kubernetes platform + if !v1alpha1.IsOpenShiftPlatform() { + if err := r.validateSecretsAreCreated(ctx, tr, TlsSecretName); err != nil { + return err + } } + tr.Status.MarkDependenciesInstalled() if err := r.extension.PreReconcile(ctx, tr); err != nil { @@ -314,13 +328,13 @@ func (r *Reconciler) updateTektonResultsStatus(ctx context.Context, tr *v1alpha1 } // TektonResults expects secrets to be created before installing -func (r *Reconciler) validateSecretsAreCreated(ctx context.Context, tr *v1alpha1.TektonResult) error { +func (r *Reconciler) validateSecretsAreCreated(ctx context.Context, tr *v1alpha1.TektonResult, secretName string) error { logger := logging.FromContext(ctx) - _, err := r.kubeClientSet.CoreV1().Secrets(tr.Spec.TargetNamespace).Get(ctx, DbSecretName, metav1.GetOptions{}) + _, err := r.kubeClientSet.CoreV1().Secrets(tr.Spec.TargetNamespace).Get(ctx, secretName, metav1.GetOptions{}) if err != nil { if apierrors.IsNotFound(err) { logger.Error(err) - tr.Status.MarkDependencyMissing(fmt.Sprintf("%s secret is missing", DbSecretName)) + tr.Status.MarkDependencyMissing(fmt.Sprintf("%s secret is missing", secretName)) return err } logger.Error(err) @@ -328,3 +342,60 @@ func (r *Reconciler) validateSecretsAreCreated(ctx context.Context, tr *v1alpha1 } return nil } + +// Generate the DB secret +func (r *Reconciler) getDBSecret(name string, namespace string, tr *v1alpha1.TektonResult) *corev1.Secret { + s := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + Namespace: namespace, + OwnerReferences: []metav1.OwnerReference{getOwnerRef(tr)}, + }, + Type: corev1.SecretTypeOpaque, + StringData: map[string]string{}, + } + password, _ := generateRandomBaseString(20) + s.StringData["POSTGRES_PASSWORD"] = password + s.StringData["POSTGRES_USER"] = "result" + return s +} + +// Create Result default database +func (r *Reconciler) createDBSecret(ctx context.Context, tr *v1alpha1.TektonResult) error { + logger := logging.FromContext(ctx) + + // Get the DB secret, if not found then create the DB secret + _, err := r.kubeClientSet.CoreV1().Secrets(tr.Spec.TargetNamespace).Get(ctx, DbSecretName, metav1.GetOptions{}) + if err != nil { + if apierrors.IsNotFound(err) { + // If not found then create DB secret with default data + newDBSecret := r.getDBSecret(DbSecretName, tr.Spec.TargetNamespace, tr) + _, err := r.kubeClientSet.CoreV1().Secrets(tr.Spec.TargetNamespace).Create(ctx, newDBSecret, metav1.CreateOptions{}) + if err != nil { + logger.Error(err) + tr.Status.MarkDependencyMissing(fmt.Sprintf("Default db %s creation is failing", DbSecretName)) + return err + } + } + } + return nil +} + +// Get an owner reference of Tekton Result +func getOwnerRef(tr *v1alpha1.TektonResult) metav1.OwnerReference { + return *metav1.NewControllerRef(tr, tr.GroupVersionKind()) +} + +func generateRandomBaseString(size int) (string, error) { + bytes := make([]byte, size) + + // Generate random bytes + _, err := rand.Read(bytes) + if err != nil { + return "", err + } + // Encode the random bytes into a Base64 string + base64String := base64.StdEncoding.EncodeToString(bytes) + + return base64String, nil +} diff --git a/pkg/reconciler/openshift/tektonresult/extension.go b/pkg/reconciler/openshift/tektonresult/extension.go index e1ea295ebb..2cc619c7f9 100644 --- a/pkg/reconciler/openshift/tektonresult/extension.go +++ b/pkg/reconciler/openshift/tektonresult/extension.go @@ -28,8 +28,10 @@ import ( "github.com/tektoncd/operator/pkg/reconciler/common" "github.com/tektoncd/operator/pkg/reconciler/kubernetes/tektoninstallerset/client" occommon "github.com/tektoncd/operator/pkg/reconciler/openshift/common" + "github.com/tektoncd/operator/pkg/reconciler/shared/hash" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" k8sruntime "k8s.io/apimachinery/pkg/runtime" "knative.dev/pkg/logging" @@ -110,6 +112,36 @@ func (oe openshiftExtension) PreReconcile(ctx context.Context, tc v1alpha1.Tekto mf = *oe.internalDBManifest } + preSetLabel := metav1.LabelSelector{ + MatchLabels: map[string]string{ + v1alpha1.CreatedByKey: "TektonResult", + v1alpha1.InstallerSetType: "pre", + }, + } + preSetLabelSelector, err := common.LabelSelector(preSetLabel) + if err != nil { + return err + } + preSetList, err := oe.installerSetClient.ListPreSet(ctx, preSetLabelSelector) + if err != nil { + return err + } + for _, is := range preSetList.Items { + // compute TektonResult Spec + expectedSpecHash, err := hash.Compute(result.Spec) + if err != nil { + return err + } + // delete the preset installersets if spec hash been changed + if expectedSpecHash != is.Annotations[v1alpha1.LastAppliedHashKey] { + if err := oe.installerSetClient.CleanupPreSet(ctx); err != nil { + return err + } + + } + + } + if (result.Spec.LokiStackName != "" && result.Spec.LokiStackNamespace != "") || strings.EqualFold(result.Spec.LogsType, "LOKI") { mf = mf.Append(*oe.logsRBACManifest) diff --git a/pkg/reconciler/shared/tektonconfig/controller.go b/pkg/reconciler/shared/tektonconfig/controller.go index 0f7247dace..450f92d150 100644 --- a/pkg/reconciler/shared/tektonconfig/controller.go +++ b/pkg/reconciler/shared/tektonconfig/controller.go @@ -30,6 +30,7 @@ import ( tektonConfiginformer "github.com/tektoncd/operator/pkg/client/injection/informers/operator/v1alpha1/tektonconfig" tektonInstallerinformer "github.com/tektoncd/operator/pkg/client/injection/informers/operator/v1alpha1/tektoninstallerset" tektonPipelineinformer "github.com/tektoncd/operator/pkg/client/injection/informers/operator/v1alpha1/tektonpipeline" + tektonResultinformer "github.com/tektoncd/operator/pkg/client/injection/informers/operator/v1alpha1/tektonresult" tektonTriggerinformer "github.com/tektoncd/operator/pkg/client/injection/informers/operator/v1alpha1/tektontrigger" tektonConfigreconciler "github.com/tektoncd/operator/pkg/client/injection/reconciler/operator/v1alpha1/tektonconfig" "github.com/tektoncd/operator/pkg/reconciler/common" @@ -105,6 +106,13 @@ func NewExtensibleController(generator common.ExtensionGenerator) injection.Cont logger.Panicf("Couldn't register TektonChain informer event handler: %w", err) } + if _, err := tektonResultinformer.Get(ctx).Informer().AddEventHandler(cache.FilteringResourceEventHandler{ + FilterFunc: controller.FilterController(&v1alpha1.TektonConfig{}), + Handler: controller.HandleAll(impl.EnqueueControllerOf), + }); err != nil { + logger.Panicf("Couldn't register TektonResult informer event handler: %w", err) + } + if _, err := tektonInstallerinformer.Get(ctx).Informer().AddEventHandler(cache.FilteringResourceEventHandler{ FilterFunc: controller.FilterController(&v1alpha1.TektonConfig{}), Handler: controller.HandleAll(impl.EnqueueControllerOf), diff --git a/pkg/reconciler/shared/tektonconfig/result/result.go b/pkg/reconciler/shared/tektonconfig/result/result.go new file mode 100644 index 0000000000..dc52eba958 --- /dev/null +++ b/pkg/reconciler/shared/tektonconfig/result/result.go @@ -0,0 +1,172 @@ +/* +Copyright 2024 The Tekton Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package result + +import ( + "context" + "fmt" + "reflect" + "strings" + + "github.com/tektoncd/operator/pkg/apis/operator/v1alpha1" + op "github.com/tektoncd/operator/pkg/client/clientset/versioned/typed/operator/v1alpha1" + apierrs "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "knative.dev/pkg/apis" +) + +func EnsureTektonResultExists(ctx context.Context, clients op.TektonResultInterface, tr *v1alpha1.TektonResult) (*v1alpha1.TektonResult, error) { + trCR, err := GetResult(ctx, clients, v1alpha1.ResultResourceName) + if err != nil { + if !apierrs.IsNotFound(err) { + return nil, err + } + if err := CreateResult(ctx, clients, tr); err != nil { + return nil, err + } + return nil, v1alpha1.RECONCILE_AGAIN_ERR + } + + trCR, err = UpdateResult(ctx, trCR, tr, clients) + if err != nil { + return nil, err + } + + ready, err := isTektonResultReady(trCR) + if err != nil { + return nil, err + } + if !ready { + return nil, v1alpha1.RECONCILE_AGAIN_ERR + } + + return trCR, err +} + +func EnsureTektonResultCRNotExists(ctx context.Context, clients op.TektonResultInterface) error { + if _, err := GetResult(ctx, clients, v1alpha1.ResultResourceName); err != nil { + if apierrs.IsNotFound(err) { + // TektonResult CR is gone, hence return nil + return nil + } + return err + } + // if the Get was successful, try deleting the CR + if err := clients.Delete(ctx, v1alpha1.ResultResourceName, metav1.DeleteOptions{}); err != nil { + if apierrs.IsNotFound(err) { + // TektonResult CR is gone, hence return nil + return nil + } + return fmt.Errorf("TektonResult %q failed to delete: %v", v1alpha1.ResultResourceName, err) + } + // if the Delete API call was success, + // then return requeue_event + // so that in a subsequent reconcile call the absence of the CR is verified by one of the 2 checks above + return v1alpha1.RECONCILE_AGAIN_ERR +} + +// Get the result +func GetResult(ctx context.Context, clients op.TektonResultInterface, name string) (*v1alpha1.TektonResult, error) { + return clients.Get(ctx, name, metav1.GetOptions{}) +} + +// Create the Result + +func CreateResult(ctx context.Context, clients op.TektonResultInterface, tr *v1alpha1.TektonResult) error { + _, err := clients.Create(ctx, tr, metav1.CreateOptions{}) + return err +} + +func isTektonResultReady(s *v1alpha1.TektonResult) (bool, error) { + if s.GetStatus() != nil && s.GetStatus().GetCondition(apis.ConditionReady) != nil { + if strings.Contains(s.GetStatus().GetCondition(apis.ConditionReady).Message, v1alpha1.UpgradePending) { + return false, v1alpha1.DEPENDENCY_UPGRADE_PENDING_ERR + } + } + return s.Status.IsReady(), nil +} + +func UpdateResult(ctx context.Context, old *v1alpha1.TektonResult, new *v1alpha1.TektonResult, clients op.TektonResultInterface) (*v1alpha1.TektonResult, error) { + // if the result spec is changed then update the instance + updated := false + + // initialize labels(map) object + if old.ObjectMeta.Labels == nil { + old.ObjectMeta.Labels = map[string]string{} + } + + if new.Spec.TargetNamespace != old.Spec.TargetNamespace { + old.Spec.TargetNamespace = new.Spec.TargetNamespace + updated = true + } + + if !reflect.DeepEqual(old.Spec.ResultsAPIProperties, new.Spec.ResultsAPIProperties) { + old.Spec.ResultsAPIProperties = new.Spec.ResultsAPIProperties + updated = true + } + + if !reflect.DeepEqual(old.Spec.LokiStackProperties, new.Spec.LokiStackProperties) { + old.Spec.LokiStackProperties = new.Spec.LokiStackProperties + updated = true + } + + if !reflect.DeepEqual(old.Spec.ResultsAPIProperties.Options, new.Spec.ResultsAPIProperties.Options) { + old.Spec.ResultsAPIProperties.Options = new.Spec.ResultsAPIProperties.Options + updated = true + } + + if old.ObjectMeta.OwnerReferences == nil { + old.ObjectMeta.OwnerReferences = new.ObjectMeta.OwnerReferences + updated = true + } + + oldLabels, oldHasLabels := old.ObjectMeta.Labels[v1alpha1.ReleaseVersionKey] + newLabels, newHasLabels := new.ObjectMeta.Labels[v1alpha1.ReleaseVersionKey] + if !oldHasLabels || (newHasLabels && oldLabels != newLabels) { + old.ObjectMeta.Labels[v1alpha1.ReleaseVersionKey] = newLabels + updated = true + } + + if updated { + _, err := clients.Update(ctx, old, metav1.UpdateOptions{}) + if err != nil { + return nil, err + } + return nil, v1alpha1.RECONCILE_AGAIN_ERR + } + return old, nil +} + +func GetTektonResultCR(config *v1alpha1.TektonConfig, operatorVersion string) *v1alpha1.TektonResult { + ownerRef := *metav1.NewControllerRef(config, config.GroupVersionKind()) + return &v1alpha1.TektonResult{ + ObjectMeta: metav1.ObjectMeta{ + Name: v1alpha1.ResultResourceName, + OwnerReferences: []metav1.OwnerReference{ownerRef}, + Labels: map[string]string{ + v1alpha1.ReleaseVersionKey: operatorVersion, + }, + }, + Spec: v1alpha1.TektonResultSpec{ + CommonSpec: v1alpha1.CommonSpec{ + TargetNamespace: config.Spec.TargetNamespace, + }, + ResultsAPIProperties: config.Spec.Result.ResultsAPIProperties, + LokiStackProperties: config.Spec.Result.LokiStackProperties, + }, + } +} diff --git a/pkg/reconciler/shared/tektonconfig/result/result_test.go b/pkg/reconciler/shared/tektonconfig/result/result_test.go new file mode 100644 index 0000000000..0cb3a5ab6e --- /dev/null +++ b/pkg/reconciler/shared/tektonconfig/result/result_test.go @@ -0,0 +1,141 @@ +/* +Copyright 2023 The Tekton Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +package result + +import ( + "context" + "testing" + + op "github.com/tektoncd/operator/pkg/client/clientset/versioned/typed/operator/v1alpha1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/tektoncd/operator/pkg/apis/operator/v1alpha1" + + "github.com/tektoncd/operator/pkg/client/injection/client/fake" + util "github.com/tektoncd/operator/pkg/reconciler/common/testing" + ts "knative.dev/pkg/reconciler/testing" +) + +func TestEnsureTektonResultExists(t *testing.T) { + ctx, _, _ := ts.SetupFakeContextWithCancel(t) + c := fake.Get(ctx) + tt := GetTektonResultCR(getTektonConfig(), "v0.70.0") + + // first invocation should create instance as it is non-existent and return RECONCILE_AGAIN_ERR + _, err := EnsureTektonResultExists(ctx, c.OperatorV1alpha1().TektonResults(), tt) + util.AssertEqual(t, err, v1alpha1.RECONCILE_AGAIN_ERR) + + // during second invocation instance exists but waiting on dependencies (pipeline, results) + // hence returns RECONCILE_AGAIN_ERR + _, err = EnsureTektonResultExists(ctx, c.OperatorV1alpha1().TektonResults(), tt) + util.AssertEqual(t, err, v1alpha1.RECONCILE_AGAIN_ERR) + + // make upgrade checks pass + makeUpgradeCheckPass(t, ctx, c.OperatorV1alpha1().TektonResults()) + + // next invocation should return RECONCILE_AGAIN_ERR as Dashboard is waiting for installation (prereconcile, postreconcile, installersets...) + _, err = EnsureTektonResultExists(ctx, c.OperatorV1alpha1().TektonResults(), tt) + util.AssertEqual(t, err, v1alpha1.RECONCILE_AGAIN_ERR) + + // mark the instance ready + markResultReady(t, ctx, c.OperatorV1alpha1().TektonResults()) + + // next invocation should return nil error as the instance is ready + _, err = EnsureTektonResultExists(ctx, c.OperatorV1alpha1().TektonResults(), tt) + util.AssertEqual(t, err, nil) + + // test update propagation from tektonConfig + tt.Spec.TargetNamespace = "foobar" + _, err = EnsureTektonResultExists(ctx, c.OperatorV1alpha1().TektonResults(), tt) + util.AssertEqual(t, err, v1alpha1.RECONCILE_AGAIN_ERR) + + _, err = EnsureTektonResultExists(ctx, c.OperatorV1alpha1().TektonResults(), tt) + util.AssertEqual(t, err, nil) +} + +func TestEnsureTektonResultCRNotExists(t *testing.T) { + ctx, _, _ := ts.SetupFakeContextWithCancel(t) + c := fake.Get(ctx) + + // when no instance exists, nil error is returned immediately + err := EnsureTektonResultCRNotExists(ctx, c.OperatorV1alpha1().TektonResults()) + util.AssertEqual(t, err, nil) + + // create an instance for testing other cases + tt := GetTektonResultCR(getTektonConfig(), "v0.70.0") + _, err = EnsureTektonResultExists(ctx, c.OperatorV1alpha1().TektonResults(), tt) + util.AssertEqual(t, err, v1alpha1.RECONCILE_AGAIN_ERR) + + // when an instance exists the first invocation should make the delete API call and + // return RECONCILE_AGAIN_ERROR. So that the deletion can be confirmed in a subsequent invocation + err = EnsureTektonResultCRNotExists(ctx, c.OperatorV1alpha1().TektonResults()) + util.AssertEqual(t, err, v1alpha1.RECONCILE_AGAIN_ERR) + + // when the instance is completely removed from a cluster, the function should return nil error + err = EnsureTektonResultCRNotExists(ctx, c.OperatorV1alpha1().TektonResults()) + util.AssertEqual(t, err, nil) +} + +func markResultReady(t *testing.T, ctx context.Context, c op.TektonResultInterface) { + t.Helper() + tr, err := c.Get(ctx, v1alpha1.ResultResourceName, metav1.GetOptions{}) + util.AssertEqual(t, err, nil) + tr.Status.MarkDependenciesInstalled() + tr.Status.MarkPreReconcilerComplete() + tr.Status.MarkInstallerSetAvailable() + tr.Status.MarkInstallerSetReady() + tr.Status.MarkPostReconcilerComplete() + _, err = c.UpdateStatus(ctx, tr, metav1.UpdateOptions{}) + util.AssertEqual(t, err, nil) +} + +func makeUpgradeCheckPass(t *testing.T, ctx context.Context, c op.TektonResultInterface) { + t.Helper() + // set necessary version labels to make upgrade check pass + result, err := c.Get(ctx, v1alpha1.ResultResourceName, metav1.GetOptions{}) + util.AssertEqual(t, err, nil) + setDummyVersionLabel(t, result) + _, err = c.Update(ctx, result, metav1.UpdateOptions{}) + util.AssertEqual(t, err, nil) +} + +func setDummyVersionLabel(t *testing.T, tr *v1alpha1.TektonResult) { + t.Helper() + + oprVersion := "v1.2.3" + t.Setenv(v1alpha1.VersionEnvKey, oprVersion) + + labels := tr.GetLabels() + if labels == nil { + labels = map[string]string{} + } + labels[v1alpha1.ReleaseVersionKey] = oprVersion + tr.SetLabels(labels) +} + +func getTektonConfig() *v1alpha1.TektonConfig { + return &v1alpha1.TektonConfig{ + ObjectMeta: metav1.ObjectMeta{ + Name: v1alpha1.ConfigResourceName, + }, + Spec: v1alpha1.TektonConfigSpec{ + Profile: v1alpha1.ProfileAll, + CommonSpec: v1alpha1.CommonSpec{ + TargetNamespace: "tekton-pipelines", + }, + }, + } +} diff --git a/pkg/reconciler/shared/tektonconfig/tektonconfig.go b/pkg/reconciler/shared/tektonconfig/tektonconfig.go index fb7d2e43bf..e125afc498 100644 --- a/pkg/reconciler/shared/tektonconfig/tektonconfig.go +++ b/pkg/reconciler/shared/tektonconfig/tektonconfig.go @@ -27,6 +27,7 @@ import ( "github.com/tektoncd/operator/pkg/reconciler/common" "github.com/tektoncd/operator/pkg/reconciler/shared/tektonconfig/chain" "github.com/tektoncd/operator/pkg/reconciler/shared/tektonconfig/pipeline" + "github.com/tektoncd/operator/pkg/reconciler/shared/tektonconfig/result" "github.com/tektoncd/operator/pkg/reconciler/shared/tektonconfig/trigger" "github.com/tektoncd/operator/pkg/reconciler/shared/tektonconfig/upgrade" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -73,6 +74,9 @@ func (r *Reconciler) FinalizeKind(ctx context.Context, original *v1alpha1.Tekton if err := chain.EnsureTektonChainCRNotExists(ctx, r.operatorClientSet.OperatorV1alpha1().TektonChains()); err != nil { return err } + if err := result.EnsureTektonResultCRNotExists(ctx, r.operatorClientSet.OperatorV1alpha1().TektonResults()); err != nil { + return err + } if err := pipeline.EnsureTektonPipelineCRNotExists(ctx, r.operatorClientSet.OperatorV1alpha1().TektonPipelines()); err != nil { return err } @@ -185,6 +189,20 @@ func (r *Reconciler) ReconcileKind(ctx context.Context, tc *v1alpha1.TektonConfi } } + // Create Results CR if it's enable + if !tc.Spec.Result.Disabled { + tektonresult := result.GetTektonResultCR(tc, r.operatorVersion) + if _, err = result.EnsureTektonResultExists(ctx, r.operatorClientSet.OperatorV1alpha1().TektonResults(), tektonresult); err != nil { + tc.Status.MarkComponentNotReady(fmt.Sprintf("TektonResult %s", err.Error())) + return v1alpha1.REQUEUE_EVENT_AFTER + } + } else { + if err := result.EnsureTektonResultCRNotExists(ctx, r.operatorClientSet.OperatorV1alpha1().TektonResults()); err != nil { + tc.Status.MarkComponentNotReady(fmt.Sprintf("TektonResult: %s", err.Error())) + return v1alpha1.REQUEUE_EVENT_AFTER + } + } + // reconcile pruner installerSet if !tc.Spec.Pruner.Disabled { err := r.reconcilePrunerInstallerSet(ctx, tc)