diff --git a/.tekton/pull-request.yaml b/.tekton/pull-request.yaml new file mode 100644 index 0000000000..ce81bf51da --- /dev/null +++ b/.tekton/pull-request.yaml @@ -0,0 +1,83 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: PipelineRun +metadata: + name: tektoncd-operator-run-on-pr + annotations: + pipelinesascode.tekton.dev/on-event: "[pull_request]" + pipelinesascode.tekton.dev/on-target-branch: "[release-next]" + pipelinesascode.tekton.dev/task: "[git-clone, golang-test]" +spec: + params: + - name: repo_url + value: {{repo_url}} + - name: revision + value: {{revision}} + pipelineSpec: + params: + - name: repo_url + - name: revision + tasks: + - name: fetch + taskRef: + name: git-clone + params: + - name: url + value: $(params.repo_url) + - name: revision + value: $(params.revision) + workspaces: + - name: output + workspace: source + - name: test + runAfter: [fetch] + taskRef: + name: golang-test + params: + - name: package + value: "github.com/openshift/tektoncd-operator" + workspaces: + - name: source + workspace: source + finally: + - name: finally + taskSpec: + steps: + - name: send-to-slack + env: + - name: SLACK_WEBHOOK_URL + valueFrom: + secretKeyRef: + name: slack-tektoncd-operator-ci-webhook + key: hook_url + - name: PIPELINERUN + valueFrom: + fieldRef: + fieldPath: metadata.labels['tekton.dev/pipelineRun'] + - name: GITHUB_PULL_LABEL + value: "{{pull_request.labels}}" + - name: LABEL_TO_CHECK + value: "nightly-ci" + - name: SUCCESS_URL_ICON + value: "https://github.com/tektoncd.png" + - name: FAILURE_URL_ICON + value: "https://user-images.githubusercontent.com/4288561/114842214-eecf6c80-9dd8-11eb-8924-86288b1a501c.jpeg" + - name: SUCCESS_SUBJECT + value: "Tektoncd Operator CI ran successfull on {{pull_request.html_url}} :pipelines: :dance_cat: :yay2:" + - name: FAILURE_SUBJECT + value: "Tektoncd Operator CI has failed on {{pull_request.html_url}} :pipeline: :sadparrot: :failed:" + - name: LOG_URL + value: "{{openshift_console_pipelinerun_href}}" + + image: quay.io/chmouel/tekton-asa-code:latest + command: ["/code/misc/send-slack-notifications.py"] + + workspaces: + - name: source + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi diff --git a/OWNERS b/OWNERS index 75b64a964c..5a29c7d8a1 100644 --- a/OWNERS +++ b/OWNERS @@ -1,13 +1,7 @@ # The OWNERS file is used by prow to automatically merge approved PRs. approvers: -- vdemeester -- sthaha -- nikhil-thomas -- savitaashture -- houshengbo -- vincent-pli +- tektoncd-approvers + reviewers: -- pradeepitm12 -- piyush-garg -- sm43 \ No newline at end of file +- tektoncd-reviewers diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES new file mode 100644 index 0000000000..cd4e88d143 --- /dev/null +++ b/OWNERS_ALIASES @@ -0,0 +1,20 @@ +aliases: + tektoncd-approvers: + - vdemeester + - sthaha + - hrishin + - chmouel + - nikhil-thomas + tektoncd-reviewers: + - mgencur + - jcrossley3 + - markusthoemmes + - vdemeester + - arilivigni + - chmouel + - sthaha + - hrishin + - piyush-garg + - pradeepitm12 + - rupalibehera + - sm43 diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/01-clustertriggerbindings/bitbucket.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/01-clustertriggerbindings/bitbucket.yaml new file mode 100644 index 0000000000..b45d196c76 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/01-clustertriggerbindings/bitbucket.yaml @@ -0,0 +1,50 @@ +apiVersion: triggers.tekton.dev/v1alpha1 +kind: ClusterTriggerBinding +metadata: + name: bitbucket-pullreq +spec: + params: + - name: gitrepo-url + value: $(body.pullRequest.fromRef.repository.links.clone[0].href) + - name: pullreq-sha + value: $(body.pullRequest.fromRef.latestCommit) + - name: pullreq-state + value: $(body.pullRequest.state) + - name: pullreq-number + value: $(body.pullRequest.id) + - name: pullreq-repo-name + value: $(body.pullRequest.toRef.repository.name) + - name: pullreq-html-url + value: $(body.pullRequest.links.self[0].href) + - name: pullreq-title + value: $(body.pullRequest.title) + - name: user-type + value: $(body.pullRequest.author.user.type) + +--- +apiVersion: triggers.tekton.dev/v1alpha1 +kind: ClusterTriggerBinding +metadata: + name: bitbucket-push +spec: + params: + - name: git-revision + value: $(body.changes[0].ref.displayId) + - name: gitrepo-url + value: $(body.repository.links.clone[0].href) + - name: git-repo-name + value: $(body.repository.name) + - name: pusher-name + value: $(body.actor.name) + +--- +apiVersion: triggers.tekton.dev/v1alpha1 +kind: ClusterTriggerBinding +metadata: + name: bitbucket-pullreq-add-comment +spec: + params: + - name: comment + value: $(body.comment.text) + - name: comment-user-login + value: $(body.comment.author.name) diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/01-clustertriggerbindings/cluster-role.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/01-clustertriggerbindings/cluster-role.yaml new file mode 100644 index 0000000000..41c7d4e22e --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/01-clustertriggerbindings/cluster-role.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: tekton-clustertriggerbindings-view +rules: +- apiGroups: + - triggers.tekton.dev + resources: + - clustertriggerbindings + verbs: + - get + - list + - watch diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/01-clustertriggerbindings/cluster-rolebinding.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/01-clustertriggerbindings/cluster-rolebinding.yaml new file mode 100644 index 0000000000..09c9d9d0be --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/01-clustertriggerbindings/cluster-rolebinding.yaml @@ -0,0 +1,12 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-clustertriggerbindings-view-auth +roleRef: + kind: ClusterRole + name: tekton-clustertriggerbindings-view + apiGroup: rbac.authorization.k8s.io +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: system:authenticated diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/01-clustertriggerbindings/github.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/01-clustertriggerbindings/github.yaml new file mode 100644 index 0000000000..e3924ae382 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/01-clustertriggerbindings/github.yaml @@ -0,0 +1,61 @@ +apiVersion: triggers.tekton.dev/v1alpha1 +kind: ClusterTriggerBinding +metadata: + name: github-pullreq +spec: + params: + - name: git-repo-url + value: $(body.repository.html_url) + - name: pullreq-sha + value: $(body.pull_request.head.sha) + - name: pullreq-action + value: $(body.action) + - name: pullreq-number + value: $(body.number) + - name: pullreq-repo-full_name + value: $(body.repository.full_name) + - name: pullreq-html-url + value: $(body.pull_request.html_url) + - name: pullreq-title + value: $(body.pull_request.title) + - name: pullreq-issue-url + value: $(body.pull_request.issue_url) + - name: organisations-url + value: $(body.pull_request.user.organizations_url) + - name: user-type + value: $(body.pull_request.user.type) + + +--- +apiVersion: triggers.tekton.dev/v1alpha1 +kind: ClusterTriggerBinding +metadata: + name: github-push +spec: + params: + - name: git-revision + value: $(body.head_commit.id) + - name: git-commit-message + value: $(body.head_commit.message) + - name: git-repo-url + value: $(body.repository.url) + - name: git-repo-name + value: $(body.repository.name) + - name: content-type + value: $(header.Content-Type) + - name: pusher-name + value: $(body.pusher.name) + +--- +apiVersion: triggers.tekton.dev/v1alpha1 +kind: ClusterTriggerBinding +metadata: + name: github-pullreq-review-comment +spec: + params: + - name: comment + value: $(body.comment.body) + - name: comment-user-login + value: $(body.comment.user.login) + - name: merge-commit-sha + value: $(body.pull_request.merge_commit_sha) diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/01-clustertriggerbindings/gitlab.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/01-clustertriggerbindings/gitlab.yaml new file mode 100644 index 0000000000..8339bc8a09 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/01-clustertriggerbindings/gitlab.yaml @@ -0,0 +1,107 @@ +# pull/merge_request event https://docs.gitlab.com/ee/user/project/integrations/webhooks.html#merge-request-events +apiVersion: triggers.tekton.dev/v1alpha1 +kind: ClusterTriggerBinding +metadata: + name: gitlab-mergereq +spec: + params: + - name: git-repo-url + value: $(body.project.git_http_url) + - name: mergereq-sha + value: $(body.object_attributes.last_commit.id) + - name: mergereq-action + value: $(body.object_attributes.action) + - name: mergereq-number + value: $(body.object_attributes.iid) + - name: mergereq-repo-name + value: $(body.repository.name) + - name: mergereq-url + value: $(body.object_attributes.url) + - name: mergereq-title + value: $(body.object_attributes.title) + +# push events https://docs.gitlab.com/ee/user/project/integrations/webhooks.html#push-events +--- +apiVersion: triggers.tekton.dev/v1alpha1 +kind: ClusterTriggerBinding +metadata: + name: gitlab-push +spec: + params: + - name: git-revision + value: $(body.checkout_sha) + - name: git-commit-message + value: $(body.commits[0].message) + - name: git-repo-url + value: $(body.repository.git_http_url) + - name: git-repo-name + value: $(body.repository.name) + - name: pusher-name + value: $(body.user_name) + +# comment events are done at commit, merge_request, issue and code snippet for more info https://docs.gitlab.com/ee/user/project/integrations/webhooks.html#comment-events +--- +apiVersion: triggers.tekton.dev/v1alpha1 +kind: ClusterTriggerBinding +metadata: + name: gitlab-review-comment-on-issues +spec: + params: + - name: issue-url + value: $(body.issue.url) + - name: issue-title + value: $(body.issue.title) + - name: issue-comment-link + value: $(body.object_attributes.url) + - name: issue-owner + value: $(body.user.name) + +--- +apiVersion: triggers.tekton.dev/v1alpha1 +kind: ClusterTriggerBinding +metadata: + name: gitlab-review-comment-on-mergerequest +spec: + params: + - name: mergereq-url + value: $(body.merge_request.url) + - name: comment-description + value: $(body.object_attributes.description) + - name: comment-url + value: $(body.object_attributes.url) + - name: mr-owner + value: $(body.user.name) + +--- +apiVersion: triggers.tekton.dev/v1alpha1 +kind: ClusterTriggerBinding +metadata: + name: gitlab-review-comment-on-commit +spec: + params: + - name: commit-url + value: $(body.commit.url) + - name: comment-description + value: $(body.object_attributes.description) + - name: comment-url + value: $(body.object_attributes.url) + - name: commit-owner + value: $(body.user.name) + +--- +apiVersion: triggers.tekton.dev/v1alpha1 +kind: ClusterTriggerBinding +metadata: + name: gitlab-review-comment-on-snippet +spec: + params: + - name: snippet-comment-description + value: $(body.object_attributes.description) + - name: snippet-comment-url + value: $(body.object_attributes.url) + - name: snippet-title + value: $(body.snippet.title) + - name: snippet-type + value: $(body.snippet.type) + - name: snippet-owner + value: $(body.user.name) diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/buildah/buildah-1-6-0-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/buildah/buildah-1-6-0-task.yaml new file mode 100644 index 0000000000..00f16301b4 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/buildah/buildah-1-6-0-task.yaml @@ -0,0 +1,93 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/tektoncd-catalog/release-v0.24/task/buildah/0.1/buildah.yaml +# +--- +--- +apiVersion: tekton.dev/v1beta1 +kind: ClusterTask +metadata: + name: buildah-1-6-0 + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.12.1" + tekton.dev/tags: image-build +spec: + description: >- + Buildah task builds source into a container image and + then pushes it to a container registry. + + Buildah Task builds source into a container image using Project Atomic's + Buildah build tool.It uses Buildah's support for building from Dockerfiles, + using its buildah bud command.This command executes the directives in the + Dockerfile to assemble a container image, then pushes that image to a + container registry. + + params: + - name: IMAGE + description: Reference of the image buildah will produce. + - name: BUILDER_IMAGE + description: The location of the buildah builder image. + default: registry.redhat.io/rhel8/buildah@sha256:99cae35f40c7ec050fed3765b2b27e0b8bbea2aa2da7c16408e2ca13c60ff8ee + - name: STORAGE_DRIVER + description: Set buildah storage driver + default: vfs + - name: DOCKERFILE + description: Path to the Dockerfile to build. + default: ./Dockerfile + - name: CONTEXT + description: Path to the directory to use as context. + default: . + - name: TLSVERIFY + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) + default: "true" + - name: FORMAT + description: The format of the built container, oci or docker + default: "oci" + - name: BUILD_EXTRA_ARGS + description: Extra parameters passed for the build command when building images. + default: "" + - name: PUSH_EXTRA_ARGS + description: Extra parameters passed for the push command when pushing images. + type: string + default: "" + workspaces: + - name: source + + results: + - name: IMAGE_DIGEST + description: Digest of the image just built. + + steps: + - name: build + image: $(params.BUILDER_IMAGE) + workingDir: $(workspaces.source.path) + script: | + buildah --storage-driver=$(params.STORAGE_DRIVER) bud \ + $(params.BUILD_EXTRA_ARGS) --format=$(params.FORMAT) \ + --tls-verify=$(params.TLSVERIFY) --no-cache \ + -f $(params.DOCKERFILE) -t $(params.IMAGE) $(params.CONTEXT) + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + + - name: push + image: $(params.BUILDER_IMAGE) + workingDir: $(workspaces.source.path) + script: | + buildah --storage-driver=$(params.STORAGE_DRIVER) push \ + $(params.PUSH_EXTRA_ARGS) --tls-verify=$(params.TLSVERIFY) \ + --digestfile $(workspaces.source.path)/image-digest $(params.IMAGE) \ + docker://$(params.IMAGE) + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + + - name: digest-to-results + image: $(params.BUILDER_IMAGE) + script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST + + volumes: + - name: varlibcontainers + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/buildah/buildah-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/buildah/buildah-task.yaml new file mode 100644 index 0000000000..67ab577e54 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/buildah/buildah-task.yaml @@ -0,0 +1,93 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/tektoncd-catalog/release-v0.24/task/buildah/0.1/buildah.yaml +# +--- +--- +apiVersion: tekton.dev/v1beta1 +kind: ClusterTask +metadata: + name: buildah + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.12.1" + tekton.dev/tags: image-build +spec: + description: >- + Buildah task builds source into a container image and + then pushes it to a container registry. + + Buildah Task builds source into a container image using Project Atomic's + Buildah build tool.It uses Buildah's support for building from Dockerfiles, + using its buildah bud command.This command executes the directives in the + Dockerfile to assemble a container image, then pushes that image to a + container registry. + + params: + - name: IMAGE + description: Reference of the image buildah will produce. + - name: BUILDER_IMAGE + description: The location of the buildah builder image. + default: registry.redhat.io/rhel8/buildah@sha256:99cae35f40c7ec050fed3765b2b27e0b8bbea2aa2da7c16408e2ca13c60ff8ee + - name: STORAGE_DRIVER + description: Set buildah storage driver + default: vfs + - name: DOCKERFILE + description: Path to the Dockerfile to build. + default: ./Dockerfile + - name: CONTEXT + description: Path to the directory to use as context. + default: . + - name: TLSVERIFY + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) + default: "true" + - name: FORMAT + description: The format of the built container, oci or docker + default: "oci" + - name: BUILD_EXTRA_ARGS + description: Extra parameters passed for the build command when building images. + default: "" + - name: PUSH_EXTRA_ARGS + description: Extra parameters passed for the push command when pushing images. + type: string + default: "" + workspaces: + - name: source + + results: + - name: IMAGE_DIGEST + description: Digest of the image just built. + + steps: + - name: build + image: $(params.BUILDER_IMAGE) + workingDir: $(workspaces.source.path) + script: | + buildah --storage-driver=$(params.STORAGE_DRIVER) bud \ + $(params.BUILD_EXTRA_ARGS) --format=$(params.FORMAT) \ + --tls-verify=$(params.TLSVERIFY) --no-cache \ + -f $(params.DOCKERFILE) -t $(params.IMAGE) $(params.CONTEXT) + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + + - name: push + image: $(params.BUILDER_IMAGE) + workingDir: $(workspaces.source.path) + script: | + buildah --storage-driver=$(params.STORAGE_DRIVER) push \ + $(params.PUSH_EXTRA_ARGS) --tls-verify=$(params.TLSVERIFY) \ + --digestfile $(workspaces.source.path)/image-digest $(params.IMAGE) \ + docker://$(params.IMAGE) + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + + - name: digest-to-results + image: $(params.BUILDER_IMAGE) + script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST + + volumes: + - name: varlibcontainers + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/cluster-role.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/cluster-role.yaml new file mode 100644 index 0000000000..b1a30e33cf --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/cluster-role.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: tekton-clustertasks-view +rules: +- apiGroups: + - tekton.dev + resources: + - clustertasks + verbs: + - get + - list + - watch diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/cluster-rolebinding.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/cluster-rolebinding.yaml new file mode 100644 index 0000000000..4f833c9a93 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/cluster-rolebinding.yaml @@ -0,0 +1,12 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-clustertasks-view-auth +roleRef: + kind: ClusterRole + name: tekton-clustertasks-view + apiGroup: rbac.authorization.k8s.io +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: system:authenticated diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/git-clone/git-clone-1-6-0-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/git-clone/git-clone-1-6-0-task.yaml new file mode 100644 index 0000000000..850959e867 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/git-clone/git-clone-1-6-0-task.yaml @@ -0,0 +1,219 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/tektoncd-catalog/release-v0.28/task/git-clone/0.4/git-clone.yaml +# +--- +apiVersion: tekton.dev/v1beta1 +kind: ClusterTask +metadata: + name: git-clone-1-6-0 + labels: + app.kubernetes.io/version: "0.4" + annotations: + tekton.dev/pipelines.minVersion: "0.21.0" + tekton.dev/categories: Git + tekton.dev/tags: git + tekton.dev/displayName: "git clone" + tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" +spec: + description: >- + These Tasks are Git tasks to work with repositories used by other tasks + in your Pipeline. + + The git-clone Task will clone a repo from the provided url into the + output Workspace. By default the repo will be cloned into the root of + your Workspace. You can clone into a subdirectory by setting this Task's + subdirectory param. This Task also supports sparse checkouts. To perform + a sparse checkout, pass a list of comma separated directory patterns to + this Task's sparseCheckoutDirectories param. + workspaces: + - name: output + description: The git repo will be cloned onto the volume backing this Workspace. + - name: ssh-directory + optional: true + description: | + A .ssh directory with private key, known_hosts, config, etc. Copied to + the user's home before git commands are executed. Used to authenticate + with the git remote when performing the clone. Binding a Secret to this + Workspace is strongly recommended over other volume types. + - name: basic-auth + optional: true + description: | + A Workspace containing a .gitconfig and .git-credentials file. These + will be copied to the user's home before any git commands are run. Any + other files in this Workspace are ignored. It is strongly recommended + to use ssh-directory over basic-auth whenever possible and to bind a + Secret to this Workspace over other volume types. + params: + - name: url + description: Repository URL to clone from. + type: string + - name: revision + description: Revision to checkout. (branch, tag, sha, ref, etc...) + type: string + default: "" + - name: refspec + description: Refspec to fetch before checking out revision. + default: "" + - name: submodules + description: Initialize and fetch git submodules. + type: string + default: "true" + - name: depth + description: Perform a shallow clone, fetching only the most recent N commits. + type: string + default: "1" + - name: sslVerify + description: Set the `http.sslVerify` global git config. Setting this to `false` is not advised unless you are sure that you trust your git remote. + type: string + default: "true" + - name: subdirectory + description: Subdirectory inside the `output` Workspace to clone the repo into. + type: string + default: "" + - name: sparseCheckoutDirectories + description: Define the directory patterns to match or exclude when performing a sparse checkout. + type: string + default: "" + - name: deleteExisting + description: Clean out the contents of the destination directory if it already exists before cloning. + type: string + default: "true" + - name: httpProxy + description: HTTP proxy server for non-SSL requests. + type: string + default: "" + - name: httpsProxy + description: HTTPS proxy server for SSL requests. + type: string + default: "" + - name: noProxy + description: Opt out of proxying HTTP/HTTPS requests. + type: string + default: "" + - name: verbose + description: Log the commands that are executed during `git-clone`'s operation. + type: string + default: "true" + - name: gitInitImage + description: The image providing the git-init binary that this Task runs. + type: string + default: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.21.0" + - name: userHome + description: | + Absolute path to the user's home directory. Set this explicitly if you are running the image as a non-root user or have overridden + the gitInitImage param with an image containing custom user configuration. + type: string + default: "/tekton/home" + results: + - name: commit + description: The precise commit SHA that was fetched by this Task. + - name: url + description: The precise URL that was fetched by this Task. + steps: + - name: clone + image: "$(params.gitInitImage)" + env: + - name: HOME + value: "$(params.userHome)" + - name: PARAM_URL + value: $(params.url) + - name: PARAM_REVISION + value: $(params.revision) + - name: PARAM_REFSPEC + value: $(params.refspec) + - name: PARAM_SUBMODULES + value: $(params.submodules) + - name: PARAM_DEPTH + value: $(params.depth) + - name: PARAM_SSL_VERIFY + value: $(params.sslVerify) + - name: PARAM_SUBDIRECTORY + value: $(params.subdirectory) + - name: PARAM_DELETE_EXISTING + value: $(params.deleteExisting) + - name: PARAM_HTTP_PROXY + value: $(params.httpProxy) + - name: PARAM_HTTPS_PROXY + value: $(params.httpsProxy) + - name: PARAM_NO_PROXY + value: $(params.noProxy) + - name: PARAM_VERBOSE + value: $(params.verbose) + - name: PARAM_SPARSE_CHECKOUT_DIRECTORIES + value: $(params.sparseCheckoutDirectories) + - name: PARAM_USER_HOME + value: $(params.userHome) + - name: WORKSPACE_OUTPUT_PATH + value: $(workspaces.output.path) + - name: WORKSPACE_SSH_DIRECTORY_BOUND + value: $(workspaces.ssh-directory.bound) + - name: WORKSPACE_SSH_DIRECTORY_PATH + value: $(workspaces.ssh-directory.path) + - name: WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND + value: $(workspaces.basic-auth.bound) + - name: WORKSPACE_BASIC_AUTH_DIRECTORY_PATH + value: $(workspaces.basic-auth.path) + script: | + #!/usr/bin/env sh + set -eu + + if [ "${PARAM_VERBOSE}" = "true" ] ; then + set -x + fi + + if [ "${WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND}" = "true" ] ; then + cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials" "${PARAM_USER_HOME}/.git-credentials" + cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig" "${PARAM_USER_HOME}/.gitconfig" + chmod 400 "${PARAM_USER_HOME}/.git-credentials" + chmod 400 "${PARAM_USER_HOME}/.gitconfig" + fi + + if [ "${WORKSPACE_SSH_DIRECTORY_BOUND}" = "true" ] ; then + cp -R "${WORKSPACE_SSH_DIRECTORY_PATH}" "${PARAM_USER_HOME}"/.ssh + chmod 700 "${PARAM_USER_HOME}"/.ssh + chmod -R 400 "${PARAM_USER_HOME}"/.ssh/* + fi + + CHECKOUT_DIR="${WORKSPACE_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}" + + cleandir() { + # Delete any existing contents of the repo directory if it exists. + # + # We don't just "rm -rf ${CHECKOUT_DIR}" because ${CHECKOUT_DIR} might be "/" + # or the root of a mounted volume. + if [ -d "${CHECKOUT_DIR}" ] ; then + # Delete non-hidden files and directories + rm -rf "${CHECKOUT_DIR:?}"/* + # Delete files and directories starting with . but excluding .. + rm -rf "${CHECKOUT_DIR}"/.[!.]* + # Delete files and directories starting with .. plus any other character + rm -rf "${CHECKOUT_DIR}"/..?* + fi + } + + if [ "${PARAM_DELETE_EXISTING}" = "true" ] ; then + cleandir + fi + + test -z "${PARAM_HTTP_PROXY}" || export HTTP_PROXY="${PARAM_HTTP_PROXY}" + test -z "${PARAM_HTTPS_PROXY}" || export HTTPS_PROXY="${PARAM_HTTPS_PROXY}" + test -z "${PARAM_NO_PROXY}" || export NO_PROXY="${PARAM_NO_PROXY}" + + /ko-app/git-init \ + -url="${PARAM_URL}" \ + -revision="${PARAM_REVISION}" \ + -refspec="${PARAM_REFSPEC}" \ + -path="${CHECKOUT_DIR}" \ + -sslVerify="${PARAM_SSL_VERIFY}" \ + -submodules="${PARAM_SUBMODULES}" \ + -depth="${PARAM_DEPTH}" \ + -sparseCheckoutDirectories="${PARAM_SPARSE_CHECKOUT_DIRECTORIES}" + cd "${CHECKOUT_DIR}" + RESULT_SHA="$(git rev-parse HEAD)" + EXIT_CODE="$?" + if [ "${EXIT_CODE}" != 0 ] ; then + exit "${EXIT_CODE}" + fi + printf "%s" "${RESULT_SHA}" > "$(results.commit.path)" + printf "%s" "${PARAM_URL}" > "$(results.url.path)" diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/git-clone/git-clone-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/git-clone/git-clone-task.yaml new file mode 100644 index 0000000000..e5ace49c5a --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/git-clone/git-clone-task.yaml @@ -0,0 +1,219 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/tektoncd-catalog/release-v0.28/task/git-clone/0.4/git-clone.yaml +# +--- +apiVersion: tekton.dev/v1beta1 +kind: ClusterTask +metadata: + name: git-clone + labels: + app.kubernetes.io/version: "0.4" + annotations: + tekton.dev/pipelines.minVersion: "0.21.0" + tekton.dev/categories: Git + tekton.dev/tags: git + tekton.dev/displayName: "git clone" + tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" +spec: + description: >- + These Tasks are Git tasks to work with repositories used by other tasks + in your Pipeline. + + The git-clone Task will clone a repo from the provided url into the + output Workspace. By default the repo will be cloned into the root of + your Workspace. You can clone into a subdirectory by setting this Task's + subdirectory param. This Task also supports sparse checkouts. To perform + a sparse checkout, pass a list of comma separated directory patterns to + this Task's sparseCheckoutDirectories param. + workspaces: + - name: output + description: The git repo will be cloned onto the volume backing this Workspace. + - name: ssh-directory + optional: true + description: | + A .ssh directory with private key, known_hosts, config, etc. Copied to + the user's home before git commands are executed. Used to authenticate + with the git remote when performing the clone. Binding a Secret to this + Workspace is strongly recommended over other volume types. + - name: basic-auth + optional: true + description: | + A Workspace containing a .gitconfig and .git-credentials file. These + will be copied to the user's home before any git commands are run. Any + other files in this Workspace are ignored. It is strongly recommended + to use ssh-directory over basic-auth whenever possible and to bind a + Secret to this Workspace over other volume types. + params: + - name: url + description: Repository URL to clone from. + type: string + - name: revision + description: Revision to checkout. (branch, tag, sha, ref, etc...) + type: string + default: "" + - name: refspec + description: Refspec to fetch before checking out revision. + default: "" + - name: submodules + description: Initialize and fetch git submodules. + type: string + default: "true" + - name: depth + description: Perform a shallow clone, fetching only the most recent N commits. + type: string + default: "1" + - name: sslVerify + description: Set the `http.sslVerify` global git config. Setting this to `false` is not advised unless you are sure that you trust your git remote. + type: string + default: "true" + - name: subdirectory + description: Subdirectory inside the `output` Workspace to clone the repo into. + type: string + default: "" + - name: sparseCheckoutDirectories + description: Define the directory patterns to match or exclude when performing a sparse checkout. + type: string + default: "" + - name: deleteExisting + description: Clean out the contents of the destination directory if it already exists before cloning. + type: string + default: "true" + - name: httpProxy + description: HTTP proxy server for non-SSL requests. + type: string + default: "" + - name: httpsProxy + description: HTTPS proxy server for SSL requests. + type: string + default: "" + - name: noProxy + description: Opt out of proxying HTTP/HTTPS requests. + type: string + default: "" + - name: verbose + description: Log the commands that are executed during `git-clone`'s operation. + type: string + default: "true" + - name: gitInitImage + description: The image providing the git-init binary that this Task runs. + type: string + default: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.21.0" + - name: userHome + description: | + Absolute path to the user's home directory. Set this explicitly if you are running the image as a non-root user or have overridden + the gitInitImage param with an image containing custom user configuration. + type: string + default: "/tekton/home" + results: + - name: commit + description: The precise commit SHA that was fetched by this Task. + - name: url + description: The precise URL that was fetched by this Task. + steps: + - name: clone + image: "$(params.gitInitImage)" + env: + - name: HOME + value: "$(params.userHome)" + - name: PARAM_URL + value: $(params.url) + - name: PARAM_REVISION + value: $(params.revision) + - name: PARAM_REFSPEC + value: $(params.refspec) + - name: PARAM_SUBMODULES + value: $(params.submodules) + - name: PARAM_DEPTH + value: $(params.depth) + - name: PARAM_SSL_VERIFY + value: $(params.sslVerify) + - name: PARAM_SUBDIRECTORY + value: $(params.subdirectory) + - name: PARAM_DELETE_EXISTING + value: $(params.deleteExisting) + - name: PARAM_HTTP_PROXY + value: $(params.httpProxy) + - name: PARAM_HTTPS_PROXY + value: $(params.httpsProxy) + - name: PARAM_NO_PROXY + value: $(params.noProxy) + - name: PARAM_VERBOSE + value: $(params.verbose) + - name: PARAM_SPARSE_CHECKOUT_DIRECTORIES + value: $(params.sparseCheckoutDirectories) + - name: PARAM_USER_HOME + value: $(params.userHome) + - name: WORKSPACE_OUTPUT_PATH + value: $(workspaces.output.path) + - name: WORKSPACE_SSH_DIRECTORY_BOUND + value: $(workspaces.ssh-directory.bound) + - name: WORKSPACE_SSH_DIRECTORY_PATH + value: $(workspaces.ssh-directory.path) + - name: WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND + value: $(workspaces.basic-auth.bound) + - name: WORKSPACE_BASIC_AUTH_DIRECTORY_PATH + value: $(workspaces.basic-auth.path) + script: | + #!/usr/bin/env sh + set -eu + + if [ "${PARAM_VERBOSE}" = "true" ] ; then + set -x + fi + + if [ "${WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND}" = "true" ] ; then + cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials" "${PARAM_USER_HOME}/.git-credentials" + cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig" "${PARAM_USER_HOME}/.gitconfig" + chmod 400 "${PARAM_USER_HOME}/.git-credentials" + chmod 400 "${PARAM_USER_HOME}/.gitconfig" + fi + + if [ "${WORKSPACE_SSH_DIRECTORY_BOUND}" = "true" ] ; then + cp -R "${WORKSPACE_SSH_DIRECTORY_PATH}" "${PARAM_USER_HOME}"/.ssh + chmod 700 "${PARAM_USER_HOME}"/.ssh + chmod -R 400 "${PARAM_USER_HOME}"/.ssh/* + fi + + CHECKOUT_DIR="${WORKSPACE_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}" + + cleandir() { + # Delete any existing contents of the repo directory if it exists. + # + # We don't just "rm -rf ${CHECKOUT_DIR}" because ${CHECKOUT_DIR} might be "/" + # or the root of a mounted volume. + if [ -d "${CHECKOUT_DIR}" ] ; then + # Delete non-hidden files and directories + rm -rf "${CHECKOUT_DIR:?}"/* + # Delete files and directories starting with . but excluding .. + rm -rf "${CHECKOUT_DIR}"/.[!.]* + # Delete files and directories starting with .. plus any other character + rm -rf "${CHECKOUT_DIR}"/..?* + fi + } + + if [ "${PARAM_DELETE_EXISTING}" = "true" ] ; then + cleandir + fi + + test -z "${PARAM_HTTP_PROXY}" || export HTTP_PROXY="${PARAM_HTTP_PROXY}" + test -z "${PARAM_HTTPS_PROXY}" || export HTTPS_PROXY="${PARAM_HTTPS_PROXY}" + test -z "${PARAM_NO_PROXY}" || export NO_PROXY="${PARAM_NO_PROXY}" + + /ko-app/git-init \ + -url="${PARAM_URL}" \ + -revision="${PARAM_REVISION}" \ + -refspec="${PARAM_REFSPEC}" \ + -path="${CHECKOUT_DIR}" \ + -sslVerify="${PARAM_SSL_VERIFY}" \ + -submodules="${PARAM_SUBMODULES}" \ + -depth="${PARAM_DEPTH}" \ + -sparseCheckoutDirectories="${PARAM_SPARSE_CHECKOUT_DIRECTORIES}" + cd "${CHECKOUT_DIR}" + RESULT_SHA="$(git rev-parse HEAD)" + EXIT_CODE="$?" + if [ "${EXIT_CODE}" != 0 ] ; then + exit "${EXIT_CODE}" + fi + printf "%s" "${RESULT_SHA}" > "$(results.commit.path)" + printf "%s" "${PARAM_URL}" > "$(results.url.path)" diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/kn-apply/kn-apply-1-6-0-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/kn-apply/kn-apply-1-6-0-task.yaml new file mode 100644 index 0000000000..4d1ac26f32 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/kn-apply/kn-apply-1-6-0-task.yaml @@ -0,0 +1,37 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/tektoncd-catalog/release-v0.28/task/kn-apply/0.1/kn-apply.yaml +# +--- +apiVersion: tekton.dev/v1beta1 +kind: ClusterTask +metadata: + name: kn-apply-1-6-0 + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.12.1" + tekton.dev/categories: Deployment + tekton.dev/tags: cli + tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" +spec: + description: >- + This task deploys a given image to a Knative Service. + + It uses `kn service apply` to create or update given knative service. + params: + - name: KN_IMAGE + description: kn CLI container image to run this task + default: registry.redhat.io/openshift-serverless-1/client-kn-rhel8@sha256:286f6b4c008307df1bc369891ef9e806050d3a5f5e77ee0c9313ffdb350abbcb + - name: SERVICE + description: Knative service name + - name: IMAGE + description: Image to deploy + steps: + - name: kn + image: "$(params.KN_IMAGE)" + command: ["/ko-app/kn"] + args: ["service", "apply", "$(params.SERVICE)", "--image", "$(params.IMAGE)"] + env: + - name: HOME + value: /tekton/home diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/kn-apply/kn-apply-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/kn-apply/kn-apply-task.yaml new file mode 100644 index 0000000000..a44e2ea7f1 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/kn-apply/kn-apply-task.yaml @@ -0,0 +1,37 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/tektoncd-catalog/release-v0.28/task/kn-apply/0.1/kn-apply.yaml +# +--- +apiVersion: tekton.dev/v1beta1 +kind: ClusterTask +metadata: + name: kn-apply + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.12.1" + tekton.dev/categories: Deployment + tekton.dev/tags: cli + tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" +spec: + description: >- + This task deploys a given image to a Knative Service. + + It uses `kn service apply` to create or update given knative service. + params: + - name: KN_IMAGE + description: kn CLI container image to run this task + default: registry.redhat.io/openshift-serverless-1/client-kn-rhel8@sha256:286f6b4c008307df1bc369891ef9e806050d3a5f5e77ee0c9313ffdb350abbcb + - name: SERVICE + description: Knative service name + - name: IMAGE + description: Image to deploy + steps: + - name: kn + image: "$(params.KN_IMAGE)" + command: ["/ko-app/kn"] + args: ["service", "apply", "$(params.SERVICE)", "--image", "$(params.IMAGE)"] + env: + - name: HOME + value: /tekton/home diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/kn/kn-1-6-0-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/kn/kn-1-6-0-task.yaml new file mode 100644 index 0000000000..31a62efe9e --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/kn/kn-1-6-0-task.yaml @@ -0,0 +1,35 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/tektoncd-catalog/release-v0.28/task/kn/0.1/kn.yaml +# +--- +apiVersion: tekton.dev/v1beta1 +kind: ClusterTask +metadata: + name: kn-1-6-0 + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.12.1" + tekton.dev/categories: CLI + tekton.dev/tags: cli + tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" +spec: + description: >- + This Task performs operations on Knative resources + (services, revisions, routes) using kn CLI + + params: + - name: kn-image + description: kn CLI container image to run this task + default: registry.redhat.io/openshift-serverless-1/client-kn-rhel8@sha256:286f6b4c008307df1bc369891ef9e806050d3a5f5e77ee0c9313ffdb350abbcb + - name: ARGS + type: array + description: kn CLI arguments to run + default: + - "help" + steps: + - name: kn + image: "$(params.kn-image)" + command: ["/ko-app/kn"] + args: ["$(params.ARGS)"] diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/kn/kn-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/kn/kn-task.yaml new file mode 100644 index 0000000000..998d8c0662 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/kn/kn-task.yaml @@ -0,0 +1,35 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/tektoncd-catalog/release-v0.28/task/kn/0.1/kn.yaml +# +--- +apiVersion: tekton.dev/v1beta1 +kind: ClusterTask +metadata: + name: kn + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.12.1" + tekton.dev/categories: CLI + tekton.dev/tags: cli + tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" +spec: + description: >- + This Task performs operations on Knative resources + (services, revisions, routes) using kn CLI + + params: + - name: kn-image + description: kn CLI container image to run this task + default: registry.redhat.io/openshift-serverless-1/client-kn-rhel8@sha256:286f6b4c008307df1bc369891ef9e806050d3a5f5e77ee0c9313ffdb350abbcb + - name: ARGS + type: array + description: kn CLI arguments to run + default: + - "help" + steps: + - name: kn + image: "$(params.kn-image)" + command: ["/ko-app/kn"] + args: ["$(params.ARGS)"] diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/openshift-client/openshift-client-1-6-0-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/openshift-client/openshift-client-1-6-0-task.yaml new file mode 100644 index 0000000000..7650addea3 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/openshift-client/openshift-client-1-6-0-task.yaml @@ -0,0 +1,57 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/tektoncd-catalog/release-v0.24/task/openshift-client/0.2/openshift-client.yaml +# +--- +--- +apiVersion: tekton.dev/v1beta1 +kind: ClusterTask +metadata: + name: openshift-client-1-6-0 + labels: + app.kubernetes.io/version: "0.2" + annotations: + tekton.dev/pipelines.minVersion: "0.17.0" + tekton.dev/tags: cli + tekton.dev/displayName: "openshift client" +spec: + workspaces: + - name: manifest-dir + optional: true + description: >- + The workspace which contains kubernetes manifests which we want to apply on the cluster. + - name: kubeconfig-dir + optional: true + description: >- + The workspace which contains the the kubeconfig file if in case we want to run the oc command on another cluster. + description: >- + This task runs commands against the cluster provided by user + and if not provided then where the Task is being executed. + + OpenShift is a Kubernetes distribution from Red Hat which provides oc, + the OpenShift CLI that complements kubectl for simplifying deployment + and configuration applications on OpenShift. + + params: + - name: SCRIPT + description: The OpenShift CLI arguments to run + type: string + default: "oc help" + - name: VERSION + description: The OpenShift Version to use + type: string + default: "latest" + steps: + - name: oc + image: image-registry.openshift-image-registry.svc:5000/openshift/cli:$(params.VERSION) + script: | + #!/usr/bin/env bash + + [[ "$(workspaces.manifest-dir.bound)" == "true" ]] && \ + cd $(workspaces.manifest-dir.path) + + [[ "$(workspaces.kubeconfig-dir.bound)" == "true" ]] && \ + [[ -f $(workspaces.kubeconfig-dir.path)/kubeconfig ]] && \ + export KUBECONFIG=$(workspaces.kubeconfig-dir.path)/kubeconfig + + $(params.SCRIPT) diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/openshift-client/openshift-client-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/openshift-client/openshift-client-task.yaml new file mode 100644 index 0000000000..6c1fbb8080 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/openshift-client/openshift-client-task.yaml @@ -0,0 +1,57 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/tektoncd-catalog/release-v0.24/task/openshift-client/0.2/openshift-client.yaml +# +--- +--- +apiVersion: tekton.dev/v1beta1 +kind: ClusterTask +metadata: + name: openshift-client + labels: + app.kubernetes.io/version: "0.2" + annotations: + tekton.dev/pipelines.minVersion: "0.17.0" + tekton.dev/tags: cli + tekton.dev/displayName: "openshift client" +spec: + workspaces: + - name: manifest-dir + optional: true + description: >- + The workspace which contains kubernetes manifests which we want to apply on the cluster. + - name: kubeconfig-dir + optional: true + description: >- + The workspace which contains the the kubeconfig file if in case we want to run the oc command on another cluster. + description: >- + This task runs commands against the cluster provided by user + and if not provided then where the Task is being executed. + + OpenShift is a Kubernetes distribution from Red Hat which provides oc, + the OpenShift CLI that complements kubectl for simplifying deployment + and configuration applications on OpenShift. + + params: + - name: SCRIPT + description: The OpenShift CLI arguments to run + type: string + default: "oc help" + - name: VERSION + description: The OpenShift Version to use + type: string + default: "latest" + steps: + - name: oc + image: image-registry.openshift-image-registry.svc:5000/openshift/cli:$(params.VERSION) + script: | + #!/usr/bin/env bash + + [[ "$(workspaces.manifest-dir.bound)" == "true" ]] && \ + cd $(workspaces.manifest-dir.path) + + [[ "$(workspaces.kubeconfig-dir.bound)" == "true" ]] && \ + [[ -f $(workspaces.kubeconfig-dir.path)/kubeconfig ]] && \ + export KUBECONFIG=$(workspaces.kubeconfig-dir.path)/kubeconfig + + $(params.SCRIPT) diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-dotnet/s2i-dotnet-1-6-0-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-dotnet/s2i-dotnet-1-6-0-task.yaml new file mode 100644 index 0000000000..07342dc2ce --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-dotnet/s2i-dotnet-1-6-0-task.yaml @@ -0,0 +1,80 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/pipelines-catalog/release-v0.28/task/s2i-dotnet/0.1/s2i-dotnet.yaml +# +--- +apiVersion: tekton.dev/v1beta1 +kind: ClusterTask +metadata: + name: s2i-dotnet-1-6-0 + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.19" + tekton.dev/tags: s2i, dotnet, workspace + tekton.dev/displayName: "s2i dotnet" +spec: + description: >- + s2i-dotnet task fetches a Git repository and builds and + pushes a container image using S2I and a .NET Core builder image. + + results: + - name: IMAGE_DIGEST + description: Digest of the image just built. + params: + - name: BUILDER_IMAGE + description: The location of the buildah builder image. + default: registry.redhat.io/rhel8/buildah@sha256:99cae35f40c7ec050fed3765b2b27e0b8bbea2aa2da7c16408e2ca13c60ff8ee + - name: VERSION + description: The tag of .NET imagestream for .NET version + default: '3.1-ubi8' + type: string + - name: PATH_CONTEXT + description: The location of the path to run s2i from. + default: . + type: string + - name: TLSVERIFY + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) + default: "true" + type: string + - name: IMAGE + description: Location of the repo where image has to be pushed + type: string + workspaces: + - name: source + mountPath: /workspace/source + steps: + - name: generate + image: registry.redhat.io/ocp-tools-4-tech-preview/source-to-image-rhel8@sha256:637c15600359cb45bc01445b5e811b6240ca239f0ebfe406b50146e34f68f631 + workingDir: $(workspaces.source.path) + command: ['s2i', 'build', '$(params.PATH_CONTEXT)', 'image-registry.openshift-image-registry.svc:5000/openshift/dotnet:$(params.VERSION)', '--as-dockerfile', '/gen-source/Dockerfile.gen'] + volumeMounts: + - name: gen-source + mountPath: /gen-source + env: + - name: HOME + value: /tekton/home + - name: build + image: $(params.BUILDER_IMAGE) + workingDir: /gen-source + command: ['buildah', 'bud', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(params.IMAGE)', '.'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: gen-source + mountPath: /gen-source + - name: push + workingDir: $(workspaces.source.path) + image: $(params.BUILDER_IMAGE) + command: ['buildah', 'push', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--digestfile=$(workspaces.source.path)/image-digest', '$(params.IMAGE)', 'docker://$(params.IMAGE)'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: digest-to-results + image: $(params.BUILDER_IMAGE) + script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST + volumes: + - name: varlibcontainers + emptyDir: {} + - name: gen-source + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-dotnet/s2i-dotnet-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-dotnet/s2i-dotnet-task.yaml new file mode 100644 index 0000000000..40b017519f --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-dotnet/s2i-dotnet-task.yaml @@ -0,0 +1,80 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/pipelines-catalog/release-v0.28/task/s2i-dotnet/0.1/s2i-dotnet.yaml +# +--- +apiVersion: tekton.dev/v1beta1 +kind: ClusterTask +metadata: + name: s2i-dotnet + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.19" + tekton.dev/tags: s2i, dotnet, workspace + tekton.dev/displayName: "s2i dotnet" +spec: + description: >- + s2i-dotnet task fetches a Git repository and builds and + pushes a container image using S2I and a .NET Core builder image. + + results: + - name: IMAGE_DIGEST + description: Digest of the image just built. + params: + - name: BUILDER_IMAGE + description: The location of the buildah builder image. + default: registry.redhat.io/rhel8/buildah@sha256:99cae35f40c7ec050fed3765b2b27e0b8bbea2aa2da7c16408e2ca13c60ff8ee + - name: VERSION + description: The tag of .NET imagestream for .NET version + default: '3.1-ubi8' + type: string + - name: PATH_CONTEXT + description: The location of the path to run s2i from. + default: . + type: string + - name: TLSVERIFY + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) + default: "true" + type: string + - name: IMAGE + description: Location of the repo where image has to be pushed + type: string + workspaces: + - name: source + mountPath: /workspace/source + steps: + - name: generate + image: registry.redhat.io/ocp-tools-4-tech-preview/source-to-image-rhel8@sha256:637c15600359cb45bc01445b5e811b6240ca239f0ebfe406b50146e34f68f631 + workingDir: $(workspaces.source.path) + command: ['s2i', 'build', '$(params.PATH_CONTEXT)', 'image-registry.openshift-image-registry.svc:5000/openshift/dotnet:$(params.VERSION)', '--as-dockerfile', '/gen-source/Dockerfile.gen'] + volumeMounts: + - name: gen-source + mountPath: /gen-source + env: + - name: HOME + value: /tekton/home + - name: build + image: $(params.BUILDER_IMAGE) + workingDir: /gen-source + command: ['buildah', 'bud', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(params.IMAGE)', '.'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: gen-source + mountPath: /gen-source + - name: push + workingDir: $(workspaces.source.path) + image: $(params.BUILDER_IMAGE) + command: ['buildah', 'push', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--digestfile=$(workspaces.source.path)/image-digest', '$(params.IMAGE)', 'docker://$(params.IMAGE)'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: digest-to-results + image: $(params.BUILDER_IMAGE) + script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST + volumes: + - name: varlibcontainers + emptyDir: {} + - name: gen-source + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-go/s2i-go-1-6-0-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-go/s2i-go-1-6-0-task.yaml new file mode 100644 index 0000000000..5bb043ced5 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-go/s2i-go-1-6-0-task.yaml @@ -0,0 +1,80 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/pipelines-catalog/release-v0.28/task/s2i-go/0.1/s2i-go.yaml +# +--- +apiVersion: tekton.dev/v1beta1 +kind: ClusterTask +metadata: + name: s2i-go-1-6-0 + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.19" + tekton.dev/tags: s2i, go, workspace + tekton.dev/displayName: "s2i go" +spec: + description: >- + s2i-go task clones a Git repository and builds and + pushes a container image using S2I and a Go builder image. + + results: + - name: IMAGE_DIGEST + description: Digest of the image just built. + params: + - name: VERSION + description: The tag of go imagestream for go version + default: '1.14.7-ubi8' + type: string + - name: PATH_CONTEXT + description: The location of the path to run s2i from. + default: . + type: string + - name: TLSVERIFY + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) + default: "true" + type: string + - name: IMAGE + description: Location of the repo where image has to be pushed + type: string + - name: BUILDER_IMAGE + description: The location of the buildah builder image. + default: registry.redhat.io/rhel8/buildah@sha256:99cae35f40c7ec050fed3765b2b27e0b8bbea2aa2da7c16408e2ca13c60ff8ee + workspaces: + - name: source + mountPath: /workspace/source + steps: + - name: generate + image: registry.redhat.io/ocp-tools-4-tech-preview/source-to-image-rhel8@sha256:637c15600359cb45bc01445b5e811b6240ca239f0ebfe406b50146e34f68f631 + workingDir: $(workspaces.source.path) + command: ['s2i', 'build', '$(params.PATH_CONTEXT)', 'image-registry.openshift-image-registry.svc:5000/openshift/golang:$(params.VERSION)', '--as-dockerfile', '/gen-source/Dockerfile.gen'] + env: + - name: HOME + value: /tekton/home + volumeMounts: + - name: gen-source + mountPath: /gen-source + - name: build + image: $(params.BUILDER_IMAGE) + workingDir: /gen-source + command: ['buildah', 'bud', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(params.IMAGE)', '.'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: gen-source + mountPath: /gen-source + - name: push + workingDir: $(workspaces.source.path) + image: $(params.BUILDER_IMAGE) + command: ['buildah', 'push', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--digestfile=$(workspaces.source.path)/image-digest', '$(params.IMAGE)', 'docker://$(params.IMAGE)'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: digest-to-results + image: $(params.BUILDER_IMAGE) + script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST + volumes: + - name: varlibcontainers + emptyDir: {} + - name: gen-source + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-go/s2i-go-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-go/s2i-go-task.yaml new file mode 100644 index 0000000000..b19f994392 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-go/s2i-go-task.yaml @@ -0,0 +1,80 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/pipelines-catalog/release-v0.28/task/s2i-go/0.1/s2i-go.yaml +# +--- +apiVersion: tekton.dev/v1beta1 +kind: ClusterTask +metadata: + name: s2i-go + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.19" + tekton.dev/tags: s2i, go, workspace + tekton.dev/displayName: "s2i go" +spec: + description: >- + s2i-go task clones a Git repository and builds and + pushes a container image using S2I and a Go builder image. + + results: + - name: IMAGE_DIGEST + description: Digest of the image just built. + params: + - name: VERSION + description: The tag of go imagestream for go version + default: '1.14.7-ubi8' + type: string + - name: PATH_CONTEXT + description: The location of the path to run s2i from. + default: . + type: string + - name: TLSVERIFY + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) + default: "true" + type: string + - name: IMAGE + description: Location of the repo where image has to be pushed + type: string + - name: BUILDER_IMAGE + description: The location of the buildah builder image. + default: registry.redhat.io/rhel8/buildah@sha256:99cae35f40c7ec050fed3765b2b27e0b8bbea2aa2da7c16408e2ca13c60ff8ee + workspaces: + - name: source + mountPath: /workspace/source + steps: + - name: generate + image: registry.redhat.io/ocp-tools-4-tech-preview/source-to-image-rhel8@sha256:637c15600359cb45bc01445b5e811b6240ca239f0ebfe406b50146e34f68f631 + workingDir: $(workspaces.source.path) + command: ['s2i', 'build', '$(params.PATH_CONTEXT)', 'image-registry.openshift-image-registry.svc:5000/openshift/golang:$(params.VERSION)', '--as-dockerfile', '/gen-source/Dockerfile.gen'] + env: + - name: HOME + value: /tekton/home + volumeMounts: + - name: gen-source + mountPath: /gen-source + - name: build + image: $(params.BUILDER_IMAGE) + workingDir: /gen-source + command: ['buildah', 'bud', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(params.IMAGE)', '.'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: gen-source + mountPath: /gen-source + - name: push + workingDir: $(workspaces.source.path) + image: $(params.BUILDER_IMAGE) + command: ['buildah', 'push', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--digestfile=$(workspaces.source.path)/image-digest', '$(params.IMAGE)', 'docker://$(params.IMAGE)'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: digest-to-results + image: $(params.BUILDER_IMAGE) + script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST + volumes: + - name: varlibcontainers + emptyDir: {} + - name: gen-source + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-java/s2i-java-1-6-0-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-java/s2i-java-1-6-0-task.yaml new file mode 100644 index 0000000000..2363462ac0 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-java/s2i-java-1-6-0-task.yaml @@ -0,0 +1,132 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/pipelines-catalog/release-v0.28/task/s2i-java/0.1/s2i-java.yaml +# +--- +apiVersion: tekton.dev/v1beta1 +kind: ClusterTask +metadata: + name: s2i-java-1-6-0 + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.19" + tekton.dev/tags: s2i, java, workspace + tekton.dev/displayName: "s2i java" +spec: + description: >- + s2i-java task clones a Git repository and builds and + pushes a container image using S2I and a Java builder image. + + results: + - name: IMAGE_DIGEST + description: Digest of the image just built. + params: + - name: VERSION + description: The tag of java imagestream for java version + default: 'openjdk-11-ubi8' + type: string + - name: PATH_CONTEXT + description: The location of the path to run s2i from + default: . + type: string + - name: TLSVERIFY + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) + default: "true" + type: string + - name: MAVEN_ARGS_APPEND + description: Additional Maven arguments + default: "" + type: string + - name: MAVEN_CLEAR_REPO + description: Remove the Maven repository after the artifact is built + default: "false" + type: string + - name: MAVEN_MIRROR_URL + description: The base URL of a mirror used for retrieving artifacts + default: "" + type: string + - name: IMAGE + description: Location of the repo where image has to be pushed + type: string + - name: BUILDER_IMAGE + description: The location of the buildah builder image. + default: registry.redhat.io/rhel8/buildah@sha256:99cae35f40c7ec050fed3765b2b27e0b8bbea2aa2da7c16408e2ca13c60ff8ee + workspaces: + - name: source + mountPath: /workspace/source + steps: + - name: gen-env-file + image: registry.redhat.io/ocp-tools-4-tech-preview/source-to-image-rhel8@sha256:637c15600359cb45bc01445b5e811b6240ca239f0ebfe406b50146e34f68f631 + workingDir: /env-params + command: + - '/bin/sh' + - '-c' + args: + - |- + echo "MAVEN_CLEAR_REPO=$(params.MAVEN_CLEAR_REPO)" > env-file + + [[ '$(params.MAVEN_ARGS_APPEND)' != "" ]] && + echo "MAVEN_ARGS_APPEND=$(params.MAVEN_ARGS_APPEND)" >> env-file + + [[ '$(params.MAVEN_MIRROR_URL)' != "" ]] && + echo "MAVEN_MIRROR_URL=$(params.MAVEN_MIRROR_URL)" >> env-file + + echo "Generated Env file" + echo "------------------------------" + cat env-file + echo "------------------------------" + volumeMounts: + - name: envparams + mountPath: /env-params + env: + - name: HOME + value: /tekton/home + - name: generate + image: registry.redhat.io/ocp-tools-4-tech-preview/source-to-image-rhel8@sha256:637c15600359cb45bc01445b5e811b6240ca239f0ebfe406b50146e34f68f631 + workingDir: $(workspaces.source.path) + command: + - 's2i' + - 'build' + - '$(params.PATH_CONTEXT)' + - 'image-registry.openshift-image-registry.svc:5000/openshift/java:$(params.VERSION)' + - '--image-scripts-url' + - 'image:///usr/local/s2i' + - '--as-dockerfile' + - '/gen-source/Dockerfile.gen' + - '--environment-file' + - '/env-params/env-file' + volumeMounts: + - name: gen-source + mountPath: /gen-source + - name: envparams + mountPath: /env-params + env: + - name: HOME + value: /tekton/home + - name: build + image: $(params.BUILDER_IMAGE) + workingDir: /gen-source + command: ['buildah', 'bud', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(params.IMAGE)', '.'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: gen-source + mountPath: /gen-source + - name: push + image: $(params.BUILDER_IMAGE) + workingDir: $(workspaces.source.path) + command: ['buildah', 'push', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--digestfile=$(workspaces.source.path)/image-digest', '$(params.IMAGE)', 'docker://$(params.IMAGE)'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: digest-to-results + image: $(params.BUILDER_IMAGE) + script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST + volumes: + - name: varlibcontainers + emptyDir: {} + - name: gen-source + emptyDir: {} + - name: envparams + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-java/s2i-java-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-java/s2i-java-task.yaml new file mode 100644 index 0000000000..344c2ae0ff --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-java/s2i-java-task.yaml @@ -0,0 +1,132 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/pipelines-catalog/release-v0.28/task/s2i-java/0.1/s2i-java.yaml +# +--- +apiVersion: tekton.dev/v1beta1 +kind: ClusterTask +metadata: + name: s2i-java + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.19" + tekton.dev/tags: s2i, java, workspace + tekton.dev/displayName: "s2i java" +spec: + description: >- + s2i-java task clones a Git repository and builds and + pushes a container image using S2I and a Java builder image. + + results: + - name: IMAGE_DIGEST + description: Digest of the image just built. + params: + - name: VERSION + description: The tag of java imagestream for java version + default: 'openjdk-11-ubi8' + type: string + - name: PATH_CONTEXT + description: The location of the path to run s2i from + default: . + type: string + - name: TLSVERIFY + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) + default: "true" + type: string + - name: MAVEN_ARGS_APPEND + description: Additional Maven arguments + default: "" + type: string + - name: MAVEN_CLEAR_REPO + description: Remove the Maven repository after the artifact is built + default: "false" + type: string + - name: MAVEN_MIRROR_URL + description: The base URL of a mirror used for retrieving artifacts + default: "" + type: string + - name: IMAGE + description: Location of the repo where image has to be pushed + type: string + - name: BUILDER_IMAGE + description: The location of the buildah builder image. + default: registry.redhat.io/rhel8/buildah@sha256:99cae35f40c7ec050fed3765b2b27e0b8bbea2aa2da7c16408e2ca13c60ff8ee + workspaces: + - name: source + mountPath: /workspace/source + steps: + - name: gen-env-file + image: registry.redhat.io/ocp-tools-4-tech-preview/source-to-image-rhel8@sha256:637c15600359cb45bc01445b5e811b6240ca239f0ebfe406b50146e34f68f631 + workingDir: /env-params + command: + - '/bin/sh' + - '-c' + args: + - |- + echo "MAVEN_CLEAR_REPO=$(params.MAVEN_CLEAR_REPO)" > env-file + + [[ '$(params.MAVEN_ARGS_APPEND)' != "" ]] && + echo "MAVEN_ARGS_APPEND=$(params.MAVEN_ARGS_APPEND)" >> env-file + + [[ '$(params.MAVEN_MIRROR_URL)' != "" ]] && + echo "MAVEN_MIRROR_URL=$(params.MAVEN_MIRROR_URL)" >> env-file + + echo "Generated Env file" + echo "------------------------------" + cat env-file + echo "------------------------------" + volumeMounts: + - name: envparams + mountPath: /env-params + env: + - name: HOME + value: /tekton/home + - name: generate + image: registry.redhat.io/ocp-tools-4-tech-preview/source-to-image-rhel8@sha256:637c15600359cb45bc01445b5e811b6240ca239f0ebfe406b50146e34f68f631 + workingDir: $(workspaces.source.path) + command: + - 's2i' + - 'build' + - '$(params.PATH_CONTEXT)' + - 'image-registry.openshift-image-registry.svc:5000/openshift/java:$(params.VERSION)' + - '--image-scripts-url' + - 'image:///usr/local/s2i' + - '--as-dockerfile' + - '/gen-source/Dockerfile.gen' + - '--environment-file' + - '/env-params/env-file' + volumeMounts: + - name: gen-source + mountPath: /gen-source + - name: envparams + mountPath: /env-params + env: + - name: HOME + value: /tekton/home + - name: build + image: $(params.BUILDER_IMAGE) + workingDir: /gen-source + command: ['buildah', 'bud', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(params.IMAGE)', '.'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: gen-source + mountPath: /gen-source + - name: push + image: $(params.BUILDER_IMAGE) + workingDir: $(workspaces.source.path) + command: ['buildah', 'push', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--digestfile=$(workspaces.source.path)/image-digest', '$(params.IMAGE)', 'docker://$(params.IMAGE)'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: digest-to-results + image: $(params.BUILDER_IMAGE) + script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST + volumes: + - name: varlibcontainers + emptyDir: {} + - name: gen-source + emptyDir: {} + - name: envparams + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-nodejs/s2i-nodejs-1-6-0-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-nodejs/s2i-nodejs-1-6-0-task.yaml new file mode 100644 index 0000000000..2a124ddb80 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-nodejs/s2i-nodejs-1-6-0-task.yaml @@ -0,0 +1,80 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/pipelines-catalog/release-v0.28/task/s2i-nodejs/0.1/s2i-nodejs.yaml +# +--- +apiVersion: tekton.dev/v1beta1 +kind: ClusterTask +metadata: + name: s2i-nodejs-1-6-0 + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.19" + tekton.dev/tags: s2i, nodejs, workspace + tekton.dev/displayName: "s2i nodejs" +spec: + description: >- + s2i-nodejs task clones a Git repository and builds and + pushes a container image using S2I and a nodejs builder image. + + results: + - name: IMAGE_DIGEST + description: Digest of the image just built. + params: + - name: VERSION + description: The tag of nodejs imagestream for nodejs version + default: '14-ubi8' + type: string + - name: PATH_CONTEXT + description: The location of the path to run s2i from. + default: . + type: string + - name: TLSVERIFY + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) + default: "true" + type: string + - name: IMAGE + description: Location of the repo where image has to be pushed + type: string + - name: BUILDER_IMAGE + description: The location of the buildah builder image. + default: registry.redhat.io/rhel8/buildah@sha256:99cae35f40c7ec050fed3765b2b27e0b8bbea2aa2da7c16408e2ca13c60ff8ee + workspaces: + - name: source + mountPath: /workspace/source + steps: + - name: generate + image: registry.redhat.io/ocp-tools-4-tech-preview/source-to-image-rhel8@sha256:637c15600359cb45bc01445b5e811b6240ca239f0ebfe406b50146e34f68f631 + workingDir: $(workspaces.source.path) + command: ['s2i', 'build', '$(params.PATH_CONTEXT)', 'image-registry.openshift-image-registry.svc:5000/openshift/nodejs:$(params.VERSION)', '--as-dockerfile', '/gen-source/Dockerfile.gen'] + volumeMounts: + - name: gen-source + mountPath: /gen-source + env: + - name: HOME + value: /tekton/home + - name: build + image: $(params.BUILDER_IMAGE) + workingDir: /gen-source + command: ['buildah', 'bud', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(params.IMAGE)', '.'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: gen-source + mountPath: /gen-source + - name: push + image: $(params.BUILDER_IMAGE) + workingDir: $(workspaces.source.path) + command: ['buildah', 'push', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--digestfile=$(workspaces.source.path)/image-digest', '$(params.IMAGE)', 'docker://$(params.IMAGE)'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: digest-to-results + image: $(params.BUILDER_IMAGE) + script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST + volumes: + - name: varlibcontainers + emptyDir: {} + - name: gen-source + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-nodejs/s2i-nodejs-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-nodejs/s2i-nodejs-task.yaml new file mode 100644 index 0000000000..355a259dfd --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-nodejs/s2i-nodejs-task.yaml @@ -0,0 +1,80 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/pipelines-catalog/release-v0.28/task/s2i-nodejs/0.1/s2i-nodejs.yaml +# +--- +apiVersion: tekton.dev/v1beta1 +kind: ClusterTask +metadata: + name: s2i-nodejs + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.19" + tekton.dev/tags: s2i, nodejs, workspace + tekton.dev/displayName: "s2i nodejs" +spec: + description: >- + s2i-nodejs task clones a Git repository and builds and + pushes a container image using S2I and a nodejs builder image. + + results: + - name: IMAGE_DIGEST + description: Digest of the image just built. + params: + - name: VERSION + description: The tag of nodejs imagestream for nodejs version + default: '14-ubi8' + type: string + - name: PATH_CONTEXT + description: The location of the path to run s2i from. + default: . + type: string + - name: TLSVERIFY + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) + default: "true" + type: string + - name: IMAGE + description: Location of the repo where image has to be pushed + type: string + - name: BUILDER_IMAGE + description: The location of the buildah builder image. + default: registry.redhat.io/rhel8/buildah@sha256:99cae35f40c7ec050fed3765b2b27e0b8bbea2aa2da7c16408e2ca13c60ff8ee + workspaces: + - name: source + mountPath: /workspace/source + steps: + - name: generate + image: registry.redhat.io/ocp-tools-4-tech-preview/source-to-image-rhel8@sha256:637c15600359cb45bc01445b5e811b6240ca239f0ebfe406b50146e34f68f631 + workingDir: $(workspaces.source.path) + command: ['s2i', 'build', '$(params.PATH_CONTEXT)', 'image-registry.openshift-image-registry.svc:5000/openshift/nodejs:$(params.VERSION)', '--as-dockerfile', '/gen-source/Dockerfile.gen'] + volumeMounts: + - name: gen-source + mountPath: /gen-source + env: + - name: HOME + value: /tekton/home + - name: build + image: $(params.BUILDER_IMAGE) + workingDir: /gen-source + command: ['buildah', 'bud', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(params.IMAGE)', '.'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: gen-source + mountPath: /gen-source + - name: push + image: $(params.BUILDER_IMAGE) + workingDir: $(workspaces.source.path) + command: ['buildah', 'push', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--digestfile=$(workspaces.source.path)/image-digest', '$(params.IMAGE)', 'docker://$(params.IMAGE)'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: digest-to-results + image: $(params.BUILDER_IMAGE) + script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST + volumes: + - name: varlibcontainers + emptyDir: {} + - name: gen-source + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-perl/s2i-perl-1-6-0-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-perl/s2i-perl-1-6-0-task.yaml new file mode 100644 index 0000000000..1092be7230 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-perl/s2i-perl-1-6-0-task.yaml @@ -0,0 +1,80 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/pipelines-catalog/release-v0.28/task/s2i-perl/0.1/s2i-perl.yaml +# +--- +apiVersion: tekton.dev/v1beta1 +kind: ClusterTask +metadata: + name: s2i-perl-1-6-0 + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.19" + tekton.dev/tags: s2i, perl, workspace + tekton.dev/displayName: "s2i perl" +spec: + description: >- + s2i-perl task clones a Git repository and builds and + pushes a container image using S2I and a Perl builder image. + + results: + - name: IMAGE_DIGEST + description: Digest of the image just built. + params: + - name: VERSION + description: The tag of perl imagestream for perl version + default: '5.30-ubi8' + type: string + - name: PATH_CONTEXT + description: The location of the path to run s2i from. + default: . + type: string + - name: TLSVERIFY + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) + default: "true" + type: string + - name: IMAGE + description: Location of the repo where image has to be pushed + type: string + - name: BUILDER_IMAGE + description: The location of the buildah builder image. + default: registry.redhat.io/rhel8/buildah@sha256:99cae35f40c7ec050fed3765b2b27e0b8bbea2aa2da7c16408e2ca13c60ff8ee + workspaces: + - name: source + mountPath: /workspace/source + steps: + - name: generate + image: registry.redhat.io/ocp-tools-4-tech-preview/source-to-image-rhel8@sha256:637c15600359cb45bc01445b5e811b6240ca239f0ebfe406b50146e34f68f631 + workingDir: $(workspaces.source.path) + command: ['s2i', 'build', '$(params.PATH_CONTEXT)', 'image-registry.openshift-image-registry.svc:5000/openshift/perl:$(params.VERSION)', '--as-dockerfile', '/gen-source/Dockerfile.gen'] + volumeMounts: + - name: gen-source + mountPath: /gen-source + env: + - name: HOME + value: /tekton/home + - name: build + image: $(params.BUILDER_IMAGE) + workingDir: /gen-source + command: ['buildah', 'bud', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(params.IMAGE)', '.'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: gen-source + mountPath: /gen-source + - name: push + workingDir: $(workspaces.source.path) + image: $(params.BUILDER_IMAGE) + command: ['buildah', 'push', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--digestfile=$(workspaces.source.path)/image-digest', '$(params.IMAGE)', 'docker://$(params.IMAGE)'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: digest-to-results + image: $(params.BUILDER_IMAGE) + script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST + volumes: + - name: varlibcontainers + emptyDir: {} + - name: gen-source + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-perl/s2i-perl-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-perl/s2i-perl-task.yaml new file mode 100644 index 0000000000..03ec76214b --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-perl/s2i-perl-task.yaml @@ -0,0 +1,80 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/pipelines-catalog/release-v0.28/task/s2i-perl/0.1/s2i-perl.yaml +# +--- +apiVersion: tekton.dev/v1beta1 +kind: ClusterTask +metadata: + name: s2i-perl + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.19" + tekton.dev/tags: s2i, perl, workspace + tekton.dev/displayName: "s2i perl" +spec: + description: >- + s2i-perl task clones a Git repository and builds and + pushes a container image using S2I and a Perl builder image. + + results: + - name: IMAGE_DIGEST + description: Digest of the image just built. + params: + - name: VERSION + description: The tag of perl imagestream for perl version + default: '5.30-ubi8' + type: string + - name: PATH_CONTEXT + description: The location of the path to run s2i from. + default: . + type: string + - name: TLSVERIFY + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) + default: "true" + type: string + - name: IMAGE + description: Location of the repo where image has to be pushed + type: string + - name: BUILDER_IMAGE + description: The location of the buildah builder image. + default: registry.redhat.io/rhel8/buildah@sha256:99cae35f40c7ec050fed3765b2b27e0b8bbea2aa2da7c16408e2ca13c60ff8ee + workspaces: + - name: source + mountPath: /workspace/source + steps: + - name: generate + image: registry.redhat.io/ocp-tools-4-tech-preview/source-to-image-rhel8@sha256:637c15600359cb45bc01445b5e811b6240ca239f0ebfe406b50146e34f68f631 + workingDir: $(workspaces.source.path) + command: ['s2i', 'build', '$(params.PATH_CONTEXT)', 'image-registry.openshift-image-registry.svc:5000/openshift/perl:$(params.VERSION)', '--as-dockerfile', '/gen-source/Dockerfile.gen'] + volumeMounts: + - name: gen-source + mountPath: /gen-source + env: + - name: HOME + value: /tekton/home + - name: build + image: $(params.BUILDER_IMAGE) + workingDir: /gen-source + command: ['buildah', 'bud', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(params.IMAGE)', '.'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: gen-source + mountPath: /gen-source + - name: push + workingDir: $(workspaces.source.path) + image: $(params.BUILDER_IMAGE) + command: ['buildah', 'push', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--digestfile=$(workspaces.source.path)/image-digest', '$(params.IMAGE)', 'docker://$(params.IMAGE)'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: digest-to-results + image: $(params.BUILDER_IMAGE) + script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST + volumes: + - name: varlibcontainers + emptyDir: {} + - name: gen-source + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-php/s2i-php-1-6-0-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-php/s2i-php-1-6-0-task.yaml new file mode 100644 index 0000000000..14408e6422 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-php/s2i-php-1-6-0-task.yaml @@ -0,0 +1,79 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/pipelines-catalog/release-v0.28/task/s2i-php/0.1/s2i-php.yaml +# +--- +apiVersion: tekton.dev/v1beta1 +kind: ClusterTask +metadata: + name: s2i-php-1-6-0 + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.19" + tekton.dev/tags: s2i, php, workspace + tekton.dev/displayName: "s2i php" +spec: + description: >- + s2i-php task clones a Git repository and builds and + pushes a container image using S2I and a PHP builder image. + + results: + - name: IMAGE_DIGEST + description: Digest of the image just built. + params: + - name: VERSION + description: The tag of php imagestream for php version + default: '7.4-ubi8' + type: string + - name: PATH_CONTEXT + description: The location of the path to run s2i from. + default: . + type: string + - name: TLSVERIFY + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) + default: "true" + type: string + - name: IMAGE + description: Location of the repo where image has to be pushed + type: string + - name: BUILDER_IMAGE + description: The location of the buildah builder image. + default: registry.redhat.io/rhel8/buildah@sha256:99cae35f40c7ec050fed3765b2b27e0b8bbea2aa2da7c16408e2ca13c60ff8ee + workspaces: + - name: source + mountPath: /workspace/source + steps: + - name: generate + image: registry.redhat.io/ocp-tools-4-tech-preview/source-to-image-rhel8@sha256:637c15600359cb45bc01445b5e811b6240ca239f0ebfe406b50146e34f68f631 + workingDir: $(workspaces.source.path) + command: ['s2i', 'build', '$(params.PATH_CONTEXT)', 'image-registry.openshift-image-registry.svc:5000/openshift/php:$(params.VERSION)', '--as-dockerfile', '/gen-source/Dockerfile.gen'] + volumeMounts: + - name: gen-source + mountPath: /gen-source + env: + - name: HOME + value: /tekton/home + - name: build + image: $(params.BUILDER_IMAGE) + workingDir: /gen-source + command: ['buildah', 'bud', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(params.IMAGE)', '.'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: gen-source + mountPath: /gen-source + - name: push + image: $(params.BUILDER_IMAGE) + command: ['buildah', 'push', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--digestfile=$(workspaces.source.path)/image-digest', '$(params.IMAGE)', 'docker://$(params.IMAGE)'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: digest-to-results + image: $(params.BUILDER_IMAGE) + script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST + volumes: + - name: varlibcontainers + emptyDir: {} + - name: gen-source + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-php/s2i-php-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-php/s2i-php-task.yaml new file mode 100644 index 0000000000..3bca4d67b8 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-php/s2i-php-task.yaml @@ -0,0 +1,79 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/pipelines-catalog/release-v0.28/task/s2i-php/0.1/s2i-php.yaml +# +--- +apiVersion: tekton.dev/v1beta1 +kind: ClusterTask +metadata: + name: s2i-php + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.19" + tekton.dev/tags: s2i, php, workspace + tekton.dev/displayName: "s2i php" +spec: + description: >- + s2i-php task clones a Git repository and builds and + pushes a container image using S2I and a PHP builder image. + + results: + - name: IMAGE_DIGEST + description: Digest of the image just built. + params: + - name: VERSION + description: The tag of php imagestream for php version + default: '7.4-ubi8' + type: string + - name: PATH_CONTEXT + description: The location of the path to run s2i from. + default: . + type: string + - name: TLSVERIFY + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) + default: "true" + type: string + - name: IMAGE + description: Location of the repo where image has to be pushed + type: string + - name: BUILDER_IMAGE + description: The location of the buildah builder image. + default: registry.redhat.io/rhel8/buildah@sha256:99cae35f40c7ec050fed3765b2b27e0b8bbea2aa2da7c16408e2ca13c60ff8ee + workspaces: + - name: source + mountPath: /workspace/source + steps: + - name: generate + image: registry.redhat.io/ocp-tools-4-tech-preview/source-to-image-rhel8@sha256:637c15600359cb45bc01445b5e811b6240ca239f0ebfe406b50146e34f68f631 + workingDir: $(workspaces.source.path) + command: ['s2i', 'build', '$(params.PATH_CONTEXT)', 'image-registry.openshift-image-registry.svc:5000/openshift/php:$(params.VERSION)', '--as-dockerfile', '/gen-source/Dockerfile.gen'] + volumeMounts: + - name: gen-source + mountPath: /gen-source + env: + - name: HOME + value: /tekton/home + - name: build + image: $(params.BUILDER_IMAGE) + workingDir: /gen-source + command: ['buildah', 'bud', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(params.IMAGE)', '.'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: gen-source + mountPath: /gen-source + - name: push + image: $(params.BUILDER_IMAGE) + command: ['buildah', 'push', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--digestfile=$(workspaces.source.path)/image-digest', '$(params.IMAGE)', 'docker://$(params.IMAGE)'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: digest-to-results + image: $(params.BUILDER_IMAGE) + script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST + volumes: + - name: varlibcontainers + emptyDir: {} + - name: gen-source + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-python/s2i-python-1-6-0-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-python/s2i-python-1-6-0-task.yaml new file mode 100644 index 0000000000..d1f6faf884 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-python/s2i-python-1-6-0-task.yaml @@ -0,0 +1,81 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/pipelines-catalog/release-v0.28/task/s2i-python/0.1/s2i-python.yaml +# +--- +apiVersion: tekton.dev/v1beta1 +kind: ClusterTask +metadata: + name: s2i-python-1-6-0 + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.19" + tekton.dev/tags: s2i, python, workspace + tekton.dev/displayName: "s2i python" +spec: + description: >- + s2i-python task clones a Git repository and builds and + pushes a container image using S2I and a Python builder image. + + results: + - name: IMAGE_DIGEST + description: Digest of the image just built. + params: + - name: VERSION + description: The tag of python imagestream for python version + default: '3.8-ubi8' + type: string + - name: PATH_CONTEXT + description: The location of the path to run s2i from. + default: . + type: string + - name: TLSVERIFY + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) + default: "true" + type: string + - name: IMAGE + description: Location of the repo where image has to be pushed + type: string + - name: BUILDER_IMAGE + description: The location of the buildah builder image. + default: registry.redhat.io/rhel8/buildah@sha256:99cae35f40c7ec050fed3765b2b27e0b8bbea2aa2da7c16408e2ca13c60ff8ee + workspaces: + - name: source + mountPath: /workspace/source + steps: + - name: generate + image: registry.redhat.io/ocp-tools-4-tech-preview/source-to-image-rhel8@sha256:637c15600359cb45bc01445b5e811b6240ca239f0ebfe406b50146e34f68f631 + workingDir: $(workspaces.source.path) + command: ['s2i', 'build', '$(params.PATH_CONTEXT)', 'image-registry.openshift-image-registry.svc:5000/openshift/python:$(params.VERSION)', '--as-dockerfile', '/gen-source/Dockerfile.gen'] + volumeMounts: + - name: gen-source + mountPath: /gen-source + env: + - name: HOME + value: /tekton/home + - name: build + image: $(params.BUILDER_IMAGE) + workingDir: /gen-source + command: ['buildah', 'bud', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(params.IMAGE)', '.'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: gen-source + mountPath: /gen-source + - name: push + + workingDir: $(workspaces.source.path) + image: $(params.BUILDER_IMAGE) + command: ['buildah', 'push', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--digestfile=$(workspaces.source.path)/image-digest', '$(params.IMAGE)', 'docker://$(params.IMAGE)'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: digest-to-results + image: $(params.BUILDER_IMAGE) + script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST + volumes: + - name: varlibcontainers + emptyDir: {} + - name: gen-source + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-python/s2i-python-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-python/s2i-python-task.yaml new file mode 100644 index 0000000000..069ec63506 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-python/s2i-python-task.yaml @@ -0,0 +1,81 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/pipelines-catalog/release-v0.28/task/s2i-python/0.1/s2i-python.yaml +# +--- +apiVersion: tekton.dev/v1beta1 +kind: ClusterTask +metadata: + name: s2i-python + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.19" + tekton.dev/tags: s2i, python, workspace + tekton.dev/displayName: "s2i python" +spec: + description: >- + s2i-python task clones a Git repository and builds and + pushes a container image using S2I and a Python builder image. + + results: + - name: IMAGE_DIGEST + description: Digest of the image just built. + params: + - name: VERSION + description: The tag of python imagestream for python version + default: '3.8-ubi8' + type: string + - name: PATH_CONTEXT + description: The location of the path to run s2i from. + default: . + type: string + - name: TLSVERIFY + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) + default: "true" + type: string + - name: IMAGE + description: Location of the repo where image has to be pushed + type: string + - name: BUILDER_IMAGE + description: The location of the buildah builder image. + default: registry.redhat.io/rhel8/buildah@sha256:99cae35f40c7ec050fed3765b2b27e0b8bbea2aa2da7c16408e2ca13c60ff8ee + workspaces: + - name: source + mountPath: /workspace/source + steps: + - name: generate + image: registry.redhat.io/ocp-tools-4-tech-preview/source-to-image-rhel8@sha256:637c15600359cb45bc01445b5e811b6240ca239f0ebfe406b50146e34f68f631 + workingDir: $(workspaces.source.path) + command: ['s2i', 'build', '$(params.PATH_CONTEXT)', 'image-registry.openshift-image-registry.svc:5000/openshift/python:$(params.VERSION)', '--as-dockerfile', '/gen-source/Dockerfile.gen'] + volumeMounts: + - name: gen-source + mountPath: /gen-source + env: + - name: HOME + value: /tekton/home + - name: build + image: $(params.BUILDER_IMAGE) + workingDir: /gen-source + command: ['buildah', 'bud', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(params.IMAGE)', '.'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: gen-source + mountPath: /gen-source + - name: push + + workingDir: $(workspaces.source.path) + image: $(params.BUILDER_IMAGE) + command: ['buildah', 'push', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--digestfile=$(workspaces.source.path)/image-digest', '$(params.IMAGE)', 'docker://$(params.IMAGE)'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: digest-to-results + image: $(params.BUILDER_IMAGE) + script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST + volumes: + - name: varlibcontainers + emptyDir: {} + - name: gen-source + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-ruby/s2i-ruby-1-6-0-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-ruby/s2i-ruby-1-6-0-task.yaml new file mode 100644 index 0000000000..1d10e4919b --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-ruby/s2i-ruby-1-6-0-task.yaml @@ -0,0 +1,80 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/pipelines-catalog/release-v0.28/task/s2i-ruby/0.1/s2i-ruby.yaml +# +--- +apiVersion: tekton.dev/v1beta1 +kind: ClusterTask +metadata: + name: s2i-ruby-1-6-0 + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.19" + tekton.dev/tags: s2i, ruby, workspace + tekton.dev/displayName: "s2i ruby" +spec: + description: >- + s2i-ruby task clones a Git repository and builds and + pushes a container image using S2I and a Ruby builder image. + + results: + - name: IMAGE_DIGEST + description: Digest of the image just built. + params: + - name: VERSION + description: The tag of ruby imagestream for ruby version + default: '2.7-ubi8' + type: string + - name: PATH_CONTEXT + description: The location of the path to run s2i from. + default: . + type: string + - name: TLSVERIFY + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) + default: "true" + type: string + - name: IMAGE + description: Location of the repo where image has to be pushed + type: string + - name: BUILDER_IMAGE + description: The location of the buildah builder image. + default: registry.redhat.io/rhel8/buildah@sha256:99cae35f40c7ec050fed3765b2b27e0b8bbea2aa2da7c16408e2ca13c60ff8ee + workspaces: + - name: source + mountPath: /workspace/source + steps: + - name: generate + image: registry.redhat.io/ocp-tools-4-tech-preview/source-to-image-rhel8@sha256:637c15600359cb45bc01445b5e811b6240ca239f0ebfe406b50146e34f68f631 + workingDir: $(workspaces.source.path) + command: ['s2i', 'build', '$(params.PATH_CONTEXT)', 'image-registry.openshift-image-registry.svc:5000/openshift/ruby:$(params.VERSION)', '--as-dockerfile', '/gen-source/Dockerfile.gen'] + volumeMounts: + - name: gen-source + mountPath: /gen-source + env: + - name: HOME + value: /tekton/home + - name: build + image: $(params.BUILDER_IMAGE) + workingDir: /gen-source + command: ['buildah', 'bud', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(params.IMAGE)', '.'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: gen-source + mountPath: /gen-source + - name: push + image: $(params.BUILDER_IMAGE) + workingDir: $(workspaces.source.path) + command: ['buildah', 'push', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--digestfile=$(workspaces.source.path)/image-digest', '$(params.IMAGE)', 'docker://$(params.IMAGE)'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: digest-to-results + image: $(params.BUILDER_IMAGE) + script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST + volumes: + - name: varlibcontainers + emptyDir: {} + - name: gen-source + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-ruby/s2i-ruby-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-ruby/s2i-ruby-task.yaml new file mode 100644 index 0000000000..b41baf9535 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/s2i-ruby/s2i-ruby-task.yaml @@ -0,0 +1,80 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/pipelines-catalog/release-v0.28/task/s2i-ruby/0.1/s2i-ruby.yaml +# +--- +apiVersion: tekton.dev/v1beta1 +kind: ClusterTask +metadata: + name: s2i-ruby + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.19" + tekton.dev/tags: s2i, ruby, workspace + tekton.dev/displayName: "s2i ruby" +spec: + description: >- + s2i-ruby task clones a Git repository and builds and + pushes a container image using S2I and a Ruby builder image. + + results: + - name: IMAGE_DIGEST + description: Digest of the image just built. + params: + - name: VERSION + description: The tag of ruby imagestream for ruby version + default: '2.7-ubi8' + type: string + - name: PATH_CONTEXT + description: The location of the path to run s2i from. + default: . + type: string + - name: TLSVERIFY + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) + default: "true" + type: string + - name: IMAGE + description: Location of the repo where image has to be pushed + type: string + - name: BUILDER_IMAGE + description: The location of the buildah builder image. + default: registry.redhat.io/rhel8/buildah@sha256:99cae35f40c7ec050fed3765b2b27e0b8bbea2aa2da7c16408e2ca13c60ff8ee + workspaces: + - name: source + mountPath: /workspace/source + steps: + - name: generate + image: registry.redhat.io/ocp-tools-4-tech-preview/source-to-image-rhel8@sha256:637c15600359cb45bc01445b5e811b6240ca239f0ebfe406b50146e34f68f631 + workingDir: $(workspaces.source.path) + command: ['s2i', 'build', '$(params.PATH_CONTEXT)', 'image-registry.openshift-image-registry.svc:5000/openshift/ruby:$(params.VERSION)', '--as-dockerfile', '/gen-source/Dockerfile.gen'] + volumeMounts: + - name: gen-source + mountPath: /gen-source + env: + - name: HOME + value: /tekton/home + - name: build + image: $(params.BUILDER_IMAGE) + workingDir: /gen-source + command: ['buildah', 'bud', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(params.IMAGE)', '.'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: gen-source + mountPath: /gen-source + - name: push + image: $(params.BUILDER_IMAGE) + workingDir: $(workspaces.source.path) + command: ['buildah', 'push', '--storage-driver=vfs', '--tls-verify=$(params.TLSVERIFY)', '--digestfile=$(workspaces.source.path)/image-digest', '$(params.IMAGE)', 'docker://$(params.IMAGE)'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: digest-to-results + image: $(params.BUILDER_IMAGE) + script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST + volumes: + - name: varlibcontainers + emptyDir: {} + - name: gen-source + emptyDir: {} diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/skopeo-copy/skopeo-copy-1-6-0-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/skopeo-copy/skopeo-copy-1-6-0-task.yaml new file mode 100644 index 0000000000..ad80e018a3 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/skopeo-copy/skopeo-copy-1-6-0-task.yaml @@ -0,0 +1,77 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/tektoncd-catalog/release-v0.28/task/skopeo-copy/0.1/skopeo-copy.yaml +# +--- +apiVersion: tekton.dev/v1beta1 +kind: ClusterTask +metadata: + name: skopeo-copy-1-6-0 + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.12.1" + tekton.dev/categories: CLI + tekton.dev/tags: cli + tekton.dev/displayName: "skopeo copy" + tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" +spec: + description: >- + Skopeo is a command line tool for working with remote image registries. + + Skopeo doesn’t require a daemon to be running while performing its operations. + In particular, the handy skopeo command called copy will ease the whole image + copy operation. The copy command will take care of copying the image from + internal.registry to production.registry. If your production registry requires + credentials to login in order to push the image, skopeo can handle that as well. + + workspaces: + - name: images-url + params: + - name: srcImageURL + description: URL of the image to be copied to the destination registry + type: string + default: "" + - name: destImageURL + description: URL of the image where the image from source should be copied to + type: string + default: "" + - name: srcTLSverify + description: Verify the TLS on the src registry endpoint + type: string + default: "true" + - name: destTLSverify + description: Verify the TLS on the dest registry endpoint + type: string + default: "true" + steps: + - name: skopeo-copy + image: registry.redhat.io/rhel8/skopeo@sha256:7297e3b42ef1d56a5bc1d64a979d05c157bf31b476cc526386c873a89459610a + script: | + # Function to copy multiple images. + # + copyimages() { + filename='$(workspaces.images-url.path)/url.txt' + while IFS= read line || [ -n "$line" ] + do + cmd="" + for url in $line + do + # echo $url + cmd="$cmd \ + $url" + done + skopeo copy $cmd --src-tls-verify=$(params.srcTLSverify) --dest-tls-verify=$(params.destTLSverify) + echo $cmd + done < "$filename" + } + # + # If single image is to be copied then, it can be passed through + # params in the taskrun. + if [ "$(params.srcImageURL)" != "" ] && [ "$(params.destImageURL)" != "" ] ; then + skopeo copy "$(params.srcImageURL)" "$(params.destImageURL)" --src-tls-verify=$(params.srcTLSverify) --dest-tls-verify=$(params.destTLSverify) + else + # If file is provided as a configmap in the workspace then multiple images can be copied. + # + copyimages + fi diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/skopeo-copy/skopeo-copy-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/skopeo-copy/skopeo-copy-task.yaml new file mode 100644 index 0000000000..5c48afac35 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/skopeo-copy/skopeo-copy-task.yaml @@ -0,0 +1,77 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/tektoncd-catalog/release-v0.28/task/skopeo-copy/0.1/skopeo-copy.yaml +# +--- +apiVersion: tekton.dev/v1beta1 +kind: ClusterTask +metadata: + name: skopeo-copy + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.12.1" + tekton.dev/categories: CLI + tekton.dev/tags: cli + tekton.dev/displayName: "skopeo copy" + tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" +spec: + description: >- + Skopeo is a command line tool for working with remote image registries. + + Skopeo doesn’t require a daemon to be running while performing its operations. + In particular, the handy skopeo command called copy will ease the whole image + copy operation. The copy command will take care of copying the image from + internal.registry to production.registry. If your production registry requires + credentials to login in order to push the image, skopeo can handle that as well. + + workspaces: + - name: images-url + params: + - name: srcImageURL + description: URL of the image to be copied to the destination registry + type: string + default: "" + - name: destImageURL + description: URL of the image where the image from source should be copied to + type: string + default: "" + - name: srcTLSverify + description: Verify the TLS on the src registry endpoint + type: string + default: "true" + - name: destTLSverify + description: Verify the TLS on the dest registry endpoint + type: string + default: "true" + steps: + - name: skopeo-copy + image: registry.redhat.io/rhel8/skopeo@sha256:7297e3b42ef1d56a5bc1d64a979d05c157bf31b476cc526386c873a89459610a + script: | + # Function to copy multiple images. + # + copyimages() { + filename='$(workspaces.images-url.path)/url.txt' + while IFS= read line || [ -n "$line" ] + do + cmd="" + for url in $line + do + # echo $url + cmd="$cmd \ + $url" + done + skopeo copy $cmd --src-tls-verify=$(params.srcTLSverify) --dest-tls-verify=$(params.destTLSverify) + echo $cmd + done < "$filename" + } + # + # If single image is to be copied then, it can be passed through + # params in the taskrun. + if [ "$(params.srcImageURL)" != "" ] && [ "$(params.destImageURL)" != "" ] ; then + skopeo copy "$(params.srcImageURL)" "$(params.destImageURL)" --src-tls-verify=$(params.srcTLSverify) --dest-tls-verify=$(params.destTLSverify) + else + # If file is provided as a configmap in the workspace then multiple images can be copied. + # + copyimages + fi diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/tkn/tkn-1-6-0-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/tkn/tkn-1-6-0-task.yaml new file mode 100644 index 0000000000..d6d1906a09 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/tkn/tkn-1-6-0-task.yaml @@ -0,0 +1,51 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/tektoncd-catalog/release-v0.28/task/tkn/0.2/tkn.yaml +# +--- +--- +apiVersion: tekton.dev/v1beta1 +kind: ClusterTask +metadata: + name: tkn-1-6-0 + labels: + app.kubernetes.io/version: "0.2" + annotations: + tekton.dev/pipelines.minVersion: "0.17.0" + tekton.dev/categories: CLI + tekton.dev/tags: cli + tekton.dev/displayName: "Tekton CLI" + tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le" +spec: + workspaces: + - name: kubeconfig + description: >- + An optional workspace that allows you to provide a .kube/config + file for tkn to access the cluster. The file should be placed at + the root of the Workspace with name kubeconfig. + optional: true + description: >- + This task performs operations on Tekton resources using tkn + + params: + - name: TKN_IMAGE + description: tkn CLI container image to run this task + default: gcr.io/tekton-releases/dogfooding/tkn@sha256:f69a02ef099d8915e9e4ea1b74e43b7a9309fc97cf23cb457ebf191e73491677 + - name: SCRIPT + description: tkn CLI script to execute + type: string + default: "tkn $@" + - name: ARGS + type: array + description: tkn CLI arguments to run + default: ["--help"] + steps: + - name: tkn + image: "$(params.TKN_IMAGE)" + script: | + if [ "$(workspaces.kubeconfig.bound)" == "true" ] && [[ -e $(workspaces.kubeconfig.path)/kubeconfig ]]; then + export KUBECONFIG=$(workspaces.kubeconfig.path)/kubeconfig + fi + + $(params.SCRIPT) + args: ["$(params.ARGS)"] diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/tkn/tkn-task.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/tkn/tkn-task.yaml new file mode 100644 index 0000000000..ebae9826f3 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/02-clustertasks/tkn/tkn-task.yaml @@ -0,0 +1,51 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/tektoncd-catalog/release-v0.28/task/tkn/0.2/tkn.yaml +# +--- +--- +apiVersion: tekton.dev/v1beta1 +kind: ClusterTask +metadata: + name: tkn + labels: + app.kubernetes.io/version: "0.2" + annotations: + tekton.dev/pipelines.minVersion: "0.17.0" + tekton.dev/categories: CLI + tekton.dev/tags: cli + tekton.dev/displayName: "Tekton CLI" + tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le" +spec: + workspaces: + - name: kubeconfig + description: >- + An optional workspace that allows you to provide a .kube/config + file for tkn to access the cluster. The file should be placed at + the root of the Workspace with name kubeconfig. + optional: true + description: >- + This task performs operations on Tekton resources using tkn + + params: + - name: TKN_IMAGE + description: tkn CLI container image to run this task + default: gcr.io/tekton-releases/dogfooding/tkn@sha256:f69a02ef099d8915e9e4ea1b74e43b7a9309fc97cf23cb457ebf191e73491677 + - name: SCRIPT + description: tkn CLI script to execute + type: string + default: "tkn $@" + - name: ARGS + type: array + description: tkn CLI arguments to run + default: ["--help"] + steps: + - name: tkn + image: "$(params.TKN_IMAGE)" + script: | + if [ "$(workspaces.kubeconfig.bound)" == "true" ] && [[ -e $(workspaces.kubeconfig.path)/kubeconfig ]]; then + export KUBECONFIG=$(workspaces.kubeconfig.path)/kubeconfig + fi + + $(params.SCRIPT) + args: ["$(params.ARGS)"] diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/03-pipelines/cluster-role.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/03-pipelines/cluster-role.yaml new file mode 100644 index 0000000000..3f6c40c902 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/03-pipelines/cluster-role.yaml @@ -0,0 +1,8 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-default-pipelines-view +rules: + - apiGroups: ["tekton.dev"] + resources: ["tasks", "clustertasks", "pipelines", "conditions"] + verbs: ["get", "list"] diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/03-pipelines/role.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/03-pipelines/role.yaml new file mode 100644 index 0000000000..fa6d478dc0 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/03-pipelines/role.yaml @@ -0,0 +1,9 @@ +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-default-openshift-pipelines-view + namespace: openshift-pipelines +rules: + - apiGroups: ["apps"] + resources: ["deployments"] + verbs: ["get", "list"] diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/03-pipelines/rolebinding.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/03-pipelines/rolebinding.yaml new file mode 100644 index 0000000000..eed3f57ee9 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/03-pipelines/rolebinding.yaml @@ -0,0 +1,30 @@ +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-default-pipelines-view + namespace: openshift + annotations: + operator.tekton.dev/preserve-namespace: "true" +roleRef: + kind: ClusterRole + name: tekton-default-pipelines-view + apiGroup: rbac.authorization.k8s.io +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: system:authenticated + +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-default-openshift-pipelines-view + namespace: openshift-pipelines +roleRef: + kind: Role + name: tekton-default-openshift-pipelines-view + apiGroup: rbac.authorization.k8s.io +subjects: + - apiGroup: rbac.authorization.k8s.io + kind: Group + name: system:authenticated diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/04-consolecli/console_cli_download_tkn.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/04-consolecli/console_cli_download_tkn.yaml new file mode 100644 index 0000000000..dc7372a29c --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/04-consolecli/console_cli_download_tkn.yaml @@ -0,0 +1,18 @@ +apiVersion: console.openshift.io/v1 +kind: ConsoleCLIDownload +metadata: + name: tkn +spec: + description: The OpenShift Pipeline client `tkn` is a CLI tool that allows you to manage OpenShift Pipeline resources. + displayName: tkn - OpenShift Pipeline Command Line Interface (CLI) + links: + - href: https://mirror.openshift.com/pub/openshift-v4/clients/pipeline/0.17.2/tkn-linux-amd64-0.17.2.tar.gz + text: Download tkn for Linux + - href: https://mirror.openshift.com/pub/openshift-v4/clients/pipeline/0.17.2/tkn-macos-amd64-0.17.2.tar.gz + text: Download tkn for Mac + - href: https://mirror.openshift.com/pub/openshift-v4/clients/pipeline/0.17.2/tkn-windows-amd64-0.17.2.zip + text: Download tkn for Windows + - href: https://mirror.openshift.com/pub/openshift-v4/clients/pipeline/0.17.2/tkn-linux-ppc64le-0.17.2.tar.gz + text: Download tkn for IBM Power + - href: https://mirror.openshift.com/pub/openshift-v4/clients/pipeline/0.17.2/tkn-linux-s390x-0.17.2.tar.gz + text: Download tkn for IBM Z diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/05-tkncliserve/tkn_cli_serve.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/05-tkncliserve/tkn_cli_serve.yaml new file mode 100644 index 0000000000..fcc8752e03 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/addons/05-tkncliserve/tkn_cli_serve.yaml @@ -0,0 +1,56 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tkn-cli-serve + namespace: openshift-pipelines + labels: + app.kubernetes.io/component: tkncliserve +spec: + replicas: 1 + selector: + matchLabels: + app: tkn-cli-serve + template: + metadata: + labels: + app: tkn-cli-serve + spec: + containers: + - name: tkn-cli-serve + image: docker.io/rupali/serve-tkn:v2 + ports: + - containerPort: 8080 +--- +apiVersion: v1 +kind: Service +metadata: + name: tkn-cli-serve + namespace: openshift-pipelines + labels: + app.kubernetes.io/component: tkncliserve +spec: + selector: + app: tkn-cli-serve + ports: + - protocol: TCP + port: 8080 + targetPort: 8080 +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: tkn-cli-serve + namespace: openshift-pipelines + labels: + app.kubernetes.io/component: tkncliserve +spec: + path: /tkn + to: + kind: Service + name: tkn-cli-serve + port: + targetPort: 8080 + tls: + termination: edge + insecureEdgeTerminationPolicy: Redirect diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/optional/quickstarts/install-associate-pipeline-quickstart.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/optional/quickstarts/install-associate-pipeline-quickstart.yaml new file mode 100644 index 0000000000..b157eaa84c --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/optional/quickstarts/install-associate-pipeline-quickstart.yaml @@ -0,0 +1,80 @@ +--- +apiVersion: console.openshift.io/v1 +kind: ConsoleQuickStart +metadata: + name: install-app-and-associate-pipeline +spec: + version: 4.7 + displayName: Deploying an application with a pipeline + durationMinutes: 10 + icon: data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGUAAABlCAYAAABUfC3PAAAQrElEQVR4Xu2dd3wU1RbHfymkQBomkAYEiICCSFDkw3uACaIi0mJBKT4JRgSehSAoyEMMykMUpfgBBaSEjw8BfX4oL4ogQmjqB5CignQSSgrpZdOTeZ8zYdbdzczO3dm5uxtx/oLMnXvPOd97bj33rhuawFOTeVmoPnsC1edOoC4rHbWZ6aLU9P/6smJZDTzDo+AZ3l58531vHNz9g+DVOQa+vQa4ubrKLilg1dnjQnnaVlT9nGbV8FqNS8AIEMFqHhePZhEdXMoOLiOMYe8WoWLfVhAMpdqvFYLadwTJNzYefsMS4N2lp9Nt4lQBqFkq+XwJDKkpDgehBIoA+Y9OQuCYqU6zjVMKrji6VyhelYzKY/vUKrFT3/sNHYfAF5Id3rw5FEpTgWFZExwNxyFQqOMu/DDJ5T1DzS39R01B8PSl3G3GvYD8D6YIpZuWqunbZN67+wWKTRrPPocbFGqq8ucmoDYro8kY3BZBfe6JRXByCpf+hguUP5t3KMEir2k5bQn8h43X1Y66ZkZD3Nxp8ag+f9KWStfk09JAICR5vW621C0jaq5yp8e7zHzD0aS9OvVAxMaTuthTl0xK/7dOyJ873tF2cLnyaOLZ6oOtdq8K2A3lLyDmdYP6mdCVaXaBsQvKX0DkndWtRQCC522EX/8hmuyr6SMSxVWA0PK8z71x8IxoWKan5fzKn9NQX1rklOZNAFBSA9TDDR3f34jAQaNstrHNH7gKEFp6p+EozRfkHpqwFq1KdigcCUgd/QOAm5s2MDZDoSX23Ncec0otlAr1G5qA4LfWqcpQdeFX5E4dirrsK6pp7U1gCUTKz8PTEz2O1dpkZ5sS0xpWzsQ4pw57yUPCNxxXtaEgCCgpKYFQVYniIWGq6e1JoAREyrOZjy+6H65gtjVzQiogc3QPwdkTQxrZKDVZkhEkIHV1dQ3NyO+HUZI02B67K36rBkT6sEW7aHRJvchkb6ZElPGNaSOE8n3buCjGmimLl1gCobzdhXoUP9KKtRjmdKxApAwjE2cidMoCVZurJnCVjp3kCBidhJavLlautTebLMlDTBNWTh+Gml9/YDa4WkJbgUgdf+eU/WjRs79Vu6tCofWsrDExTu1HJAMF0ZL5hLdk7SXnIaYJa1fPQcWXy9VszfReCxApY++AIHQ7WGQfFGc3W7R0EZj4Jnz7DoFHiHyHrQaEDOLv1wJuN66h9ItlKNm4hMn4consASLlF/p4IiKT1yiCsUrMmcNf7x79EJKcAs/IjhCqK1Hx407UXD6NwPGzzGzFAkRsOjYvRouBT8Ar+i7x+/IDqShclGTTfo8eQKRmrOdJQRuUa8OiBEdvUpFnhH78PTzbRKP22kUUfPAKKg59IxqSZu+R2y8bobACsezoW770LvyemAT3FoGgwQvLvEsvIJLwAXfG4PbNJ2TBKNIq/nyxULhoqmY31/Jhq4Vb0Dx2BGpvXEPev8ag6uTBRtkEv5UC2r9gBUIZCLs3oWzhi43yooFD0Ivzxb8XLZ9l1qzRBNWrSwwKPkyC3kAkQbqsPyDb6StCuRIXKDgqKI68IzzlMNwDb0Ph0testvkUfhqxPR1ldYDcKMvS8u6VBhSPaGe1joR+9C18/jYIVcf2IXtiHKQVA5qTZY6JEdeypKUTLZVN6RuluYssFN5eIi0iUk30+ftgNGvXGbWZl5EzaQBTG+/9wJPwnrFSrMHWHvfaGpQl9mZaZmnx0NM3l24EuHk3N2b7S4wbFyDWvEUWCo++hEBQFIi4ohse1ciW1K5TyCrr4xHWDn4Lt0No3bYRHFEpDbP4215dLEZHmj7nEweg7Ggaq1g2p5PzlkZQeC7JS/2BnOQZ96lOmRQV9h35IjzadxXf16Wf1jQfUZIte8VcZH2SbLOxWT+glWTLkVgjS2S/ECvwDCeVU14cAU2PZ9VD93TWVp0NJw7h3Lh+updpmmHwwHhELd5qZGEGhWbv14d34CoAzT/CVh8wK4P298tSU7iWq5Y5DSAo8t4rNh4BcSOMyYW6Wpy4p5na53a9t1xFNoPCu4MnydsdLBcP/dQV3jCu9lJFqM1qOAjkrMdy2Bv4QDxaPvwUgh58AqU/7MTFV4ZzFS164SbjLqUZFN5L82Er0+DVrTeu9GsunqyiZXh6aG3NmY+1eUhAv0cRvfxrpL8+CoU7N3MT03QyaYTCu+ny7fsoWi/5GnmzRsHwXYNy0pE32lN31sMyMey0Jg3Nu/fGyd5/DJX1lte0CTNC4d10td1biJpzJ8XJmas8LEAkWWOOVqEg9TNcSX6em/jSDN8IhedqsLgPMnURro+gvsM1Ar5tAUIUWo1NQpvXFuHU4A6o5qSDtHpshMJzWcXVvMRWIJJr3H2wEEW7v+LmLdJEUoRCARFZY3tycUtxCPzpfpfxEq1AyDhtZn6EkKcmcxsiS5EvIhSes3iKPHFv7o/rj93OBbotmdoDxNi3HKtBxhvPcBuJ3fML3EQohSvfEoo/nWuLfsxpo36qQf6CySjbupr5Gx4J9QBCct2xuSG86czTfFqWqBmLIULRe2mFFh8pjNSn1wBxKzejtzsPOzPnqRcQKjD0uRkIf/nfuDDhQbF8vRcraclFhKLXpJFub6CVYDqrYfmUpa4HHdN29MxdLyB+veIQPjkZfr0ah8kWbF8vLlpW37yehLm2yCRseV9sA5T0XqpbE6rlWFsBlj6mTbOcpKGoltlRVC1AQwK9gLR5fQlajZ1iVYK6smJkrngbeZ8t0iDpH59QtIsuUFiAULFVVVUoNxhQ9d5EVO35r13Cq32sFxDyjrBJ8mFNpjKQbgaDASUr5qBws/ZQJhEKHYujHT+tD21aha7Yq/q5JDQlpB1BnvG9egHximiPbjv+CNRQUtJUNzehHukPaI/G1AUKHSejYAdrj6nQUjo9g+NMy9YLCOUZ9U4Kbhs+zmbdKndtQs67jQM1VGvuzQR2e0rUEes75XJAqGweQdd6AiEZu32bDi+ZrWvJuEq64cZVZDytfeWbKxRFoakJY4gyYa1ZlE5vIJRnz5PKFc6abm6VBqQPth5BY003blCsCS32KzpC4QHEGhQ13VwSiprQIpQrZ1A8oa8tziCblhcQpeaLRTe34nykx3fWrJvdnmLZ0bMILTY3ClGLtmjCE4hcR8+qW81Pu5D5xmhbVDFLazcUmsVTuCk9rELrcYiHNxDSh2bxndY0DPdZdaOJ3/XRPVGj8Zwl7UDqMnkkb/Ho84g4eWJ56r9aBsMq9QmZUl6OACKVTbP5gCcnMetmr5foNqOnvXb/TWdQ76keimNvs+VIIBKYqA1HgIiO6vXNzqEwFWCEoleYasCSHcCdvWUX0qjJql6TrCl6UbKGM4AYPWbZDnh2k9eNZvFlX36MvE+0e79UDkW16L50TzG+vv+YAffIjvBs3UY89FO67HW7YPCah6hXffMUzcLaofXL8+E/8HGUHW24lLTy1GFdYEglGVeJeV6aFnW4HtkT7pc9a8JqFGd6iKWMHRdvgU+n7jg9lM9OqnGTi2d4UeSWC6gvykPW+D6sDMzSuRIQEqzH4XLkbliKzKVvaNJH7SMKMxKbL3tXiq0VJIYXTVmIjD7qgwDLfFwNSPDjz6PdnFU4HsNnJ1WKwDeGGOmx0aUEh/bpaecxfx57IJurASHduqZeQE3ONZxP5BNQ6NMqDF2/z24InKBH7316U0DBs1eL5xRZvcUVgbTo2Q+dUw7gXEJ/GI43Poup1iyxvJeORBih8IxoIYFYvcUVgZD83fflovLCKW5eQmVIkfdGKDwD8qhAltBVVwFCO46mQRBhL8xG+D/f5hqyanoFldlRCL0mkUqu2mZHlvjq2uDwRklcBYiHfxAoPPXS1MdQvGeruMnVbccl5Kx7n9uIi4xhevbRDArP+QoVTAdQI7ZcQNXRvSheN1+8VpAeVwFCstBhIZqLUHTK+efiEP3xDlHG3wY2rkgs/QRrGtMbjsyg8G7CRKUTZyNo0juirBRyRCeCCw+noXDPVtQ56d5HU8OZ7svT0ToKIj39aDS3SHsq2/L2vEYHUXk3YbR42XZPoWwFKt67DdfeT9IlqI21hlqmu/tQETz8Ao1/rq8sx7ln+6Li7AmtWap+Z3klSCMoPGf3knSR29Nlz9JTpGHGmwmqSvBKYLp/YloGNWVnRsZwqyyW14HIHl7neVaFlJUL3suYMx4F22w7IUydcvCIBHEziv5ND9Xo0qNpYidt62MtEpJXhZEmjKayykLh2eFTp+4xOAFt3za/LTV/yxqbDuO0fiYJYZOTzZoaU8XotNWlKfHMzQ5Bveu7q3D39ROzoVVgCt4uP3sCZUfSuPV3tAAZPNb8979kofA6lCqNsuguyDu+aDhSQB7i4RckHl2ryc/BuWf6qHaqLEFyoteUFCFn2WzVMFJa02o7azlqC/Nw9Z2JKN6faquTaUqvdEueLBQqQW9vsRz2UqAbdepSM0Pzgc7/+QnNgkNR+O0mpM8cI6uoNGRVs4K0p25tz5zK7LhkK3y79EDpj7twYfIjatnq+l7OS6gARSj0Uq++RW4eQs2F3BCYDnxGTlsoKk/tuOVpXLWoRfquUZCDxTYtwYiatx5+994veufl6SO5rWcpUbR2l6RVKHqsh2mdGLZLXm2M4608/xty1i4QDShFlygpKxd1QkqmDwhGxJR3EfTQSHi3jUZNXjZy1r6H3A3a75O0x22ULmBT9RRKYM+BIq1ATJUlz2k1+iV4t6HABQFwU97LsBYGFBgQAHc3wHD8EDKXzXa4Z5jqRFu+HdbsU3QIq54idpYaj0roAcSyJnb8aDsCY4fJVlC1uKyq1BRkfzjNnsqty7csd9+rQtHS6fMAQnIoHeBRA0Lf2nuYRxcitIUhMwS2zJsJii3NGC8gJIPcyIsFSIP82qMW9QKi1mxJ5TBDYflFCJ5ASGAasdHoS1qbYgVib8C1HlBs+WUIZigkmLXLo3kDkQwjNWGsQFyh6ZK7ktAaaJugUEZyw2RHAZEU6bTtLKoDQpgqsJB+BlfG23/kgqkwmURafm3IZihUbl7yOIGiU+hxNBAqkyIVI1fshhAYbNVWdacO49pLfH43hRWS2r32cvlogiKBKU1dz+0iZRalQybPhd+g0WZwSCHhxlUUfDoPpbv5HgtXk1ELEMpTMxT6+OJTPYTiM7fWT9KqgZDeawViNxTK4OzQaMFw5SKrrLdEOnuA6ALlLzDm9cxeILpBoYwuJ8YKhUcajgfcio+WUZaSnezqUywzzVk6U8hc+574Mxq30kMTw44rd6n+1harTXSFQoUajh8QLk18GDWVFawyNOl0tvxUIKuiukORCv6zN2fUXEU8N4PpJwJZYUjpuEGhAop3bhKuvDn+T+c1chEothreWnquUKSCM6bGCwV7tjX5vob6jogp8xtFn+gJRNfRF4tg1KQVHd3f5ODQxlTI8HFWfwaQRX/WNA7xFEthmgocR8NwSJ+iVjOuJycKBd987nJ9DvUZwcMTuHTiajZxePOlJBANCHLXLoDh/G+oq61lkVv3NNRfBPQdhJBnp+k239AqpFOaL2vCEqCCLz5B+dmTqCop0qqX6nc0pPUOCUVg/yEIGpHgdBCmArscFEtrEqSyH79Dxe8/o+p6OmrLy2z2JvG+E28f+LbvguZ3/w1+9w9xKQiWOrs8FDWvqs1rOLJn+fh07eXShrem1/8BWjy0OmdfIfEAAAAASUVORK5CYII= + description: Import an application from Git, add a pipeline to it, and run the Pipeline. + prerequisites: [''] + introduction: 'This quick start guides you through creating an application and associating + it with a CI/CD pipeline. + +' + tasks: + - title: Importing an application and associate it with a pipeline + description: |- + ### Follow these steps to create an application. + 1. From the **Developer** perspective, in the navigation menu, click **+Add**. + 2. At the top of the page, in the Projects list, select a project or create a new project to put the application in. + 3. Click **From Git**. + 4. In the **Git Repo URL** field, enter `https://github.com/sclorg/django-ex.git`. + 4. In the **Pipelines** section, click the checkbox to add a pipeline to your application. + 5. Click **Create** when you’re done. + review: + instructions: |- + #### To verify that your application was successfully created: + Momentarily, you should be brought to the **Topology** view. + + Is there an Application and Deployment name `django-ex?` + failedTaskHelp: This task isn’t verified yet. Try the task again. + summary: + success: You just installed a deployment with an associated pipeline! Next, + we'll explore your application in topology. + failed: Check your work to make sure that the application and deployment are + successfully created. + - title: Exploring your application + description: |- + ### Let's explore your application in topology: + 1. Click on the deployment to see associated details in the side panel. + 2. Click on the Resources tab in the side panel to view related resources. + review: + instructions: |- + #### To verify that the application has been created and a pipeline was associated: + 1. The **Resources** tab of the side panel shows many associated resources, including **Pods**, **Pipeline Runs**, and **Routes**. + 2. The **Pipeline Runs** section displays the associated pipeline. + + Is there a Pipeline named django-ex-git? + failedTaskHelp: This task isn’t verified yet. Try the task again. + summary: + success: You just located the associated Pipeline! Next, we'll start and explore + your Pipeline. + failed: Check your work to locate the associated pipeline. + - title: Exploring your pipeline run + description: |- + ### You’ve just explored the topology of your application and seen it’s related resources. Now let’s explore your pipeline run. + Notice the Pipeline Runs section of the Side Panel + 1. The first row shows the Pipeline associated with the application. + 2. The second row shows the recently created Pipeline Run, its status and a link to view its logs. + 3. Click on the Pipeline Run link to view the **Pipeline Runs details** page. + review: + instructions: |- + #### Momentarily, you should be brought to the **Pipeline Run details** page. + 1. Note that the **Pipeline Runs details** section shows a visualization of the pipeline run status and the tasks in the pipeline. + 2. Hovering over a task shows a tooltip with the details of the associated steps. + 3. Click on the **Task Runs** tab to view all the task runs associated with the pipeline run. + 4. Click on the **Logs** tab to watch the progress of your pipeline run. + 5. Click on the **Events** tab to watch the event streams of your pipeline run. + 6. When the Pipeline Run is complete, the **Running** badge on the page title will change to **Succeeded**. + + Is the status Succeeded? + failedTaskHelp: This task isn’t verified yet. Try the task again. + summary: + success: You have explored your pipeline successfully + failed: This task is not verified yet. Try the task again, + conclusion: You just created an application and associated a pipeline with it, and + successfully explored the pipeline. + nextQuickStart: [''] diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/optional/samples/pipelinesamples/docker_build_deploy.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/optional/samples/pipelinesamples/docker_build_deploy.yaml new file mode 100644 index 0000000000..1f44b46011 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/optional/samples/pipelinesamples/docker_build_deploy.yaml @@ -0,0 +1,70 @@ +--- +apiVersion: console.openshift.io/v1 +kind: ConsoleYAMLSample +metadata: + name: docker-build-and-deploy-pipeline +spec: + targetResource: + apiVersion: tekton.dev/v1beta1 + kind: Pipeline + title: docker-build-and-deploy-pipeline + description: An example of docker build and deploy pipeline + snippet: false + yaml: | + apiVersion: tekton.dev/v1beta1 + kind: Pipeline + metadata: + name: docker-build-and-deploy-pr + spec: + params: + - name: IMAGE_NAME + type: string + - name: GIT_REPO + type: string + - name: GIT_REVISION + type: string + workspaces: + - name: workspace + tasks: + - name: fetch-repository + taskRef: + name: git-clone + kind: ClusterTask + workspaces: + - name: output + workspace: workspace + params: + - name: url + value: $(params.GIT_REPO) + - name: revision + value: $(params.GIT_REVISION) + - name: subdirectory + value: "" + - name: deleteExisting + value: "true" + + - name: build + taskRef: + name: buildah + kind: ClusterTask + runAfter: + - fetch-repository + workspaces: + - name: source + workspace: workspace + params: + - name: IMAGE + value: $(params.IMAGE_NAME) + - name: TLSVERIFY + value: "false" + + - name: deploy + taskRef: + name: openshift-client + kind: ClusterTask + runAfter: + - build + params: + - name: SCRIPT + value: | + oc new-app --docker-image $(params.IMAGE_NAME) diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/optional/samples/pipelinesamples/s2i_build_deploy.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/optional/samples/pipelinesamples/s2i_build_deploy.yaml new file mode 100644 index 0000000000..2321fc39a1 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/optional/samples/pipelinesamples/s2i_build_deploy.yaml @@ -0,0 +1,70 @@ +--- +apiVersion: console.openshift.io/v1 +kind: ConsoleYAMLSample +metadata: + name: s2i-build-and-deploy-pipeline +spec: + targetResource: + apiVersion: tekton.dev/v1beta1 + kind: Pipeline + title: s2i-build-and-deploy-pipeline-using-workspace + description: An example of s2i build and deploy pipeline using workspace + snippet: false + yaml: | + apiVersion: tekton.dev/v1beta1 + kind: Pipeline + metadata: + name: s2i-build-and-deploy + spec: + params: + - name: IMAGE_NAME + type: string + - name: GIT_REPO + type: string + - name: GIT_REVISION + type: string + workspaces: + - name: workspace + tasks: + - name: fetch-repository + taskRef: + name: git-clone + kind: ClusterTask + workspaces: + - name: output + workspace: workspace + params: + - name: url + value: $(params.GIT_REPO) + - name: revision + value: $(params.GIT_REVISION) + - name: subdirectory + value: "" + - name: deleteExisting + value: "true" + + - name: build + taskRef: + name: s2i-java + kind: ClusterTask + runAfter: + - fetch-repository + workspaces: + - name: source + workspace: workspace + params: + - name: IMAGE + value: $(params.IMAGE_NAME) + - name: TLSVERIFY + value: "false" + + - name: deploy + taskRef: + name: openshift-client + kind: ClusterTask + runAfter: + - build + params: + - name: SCRIPT + value: | + oc new-app --docker-image $(params.IMAGE_NAME) diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/optional/samples/pipelinesamples/simple_pipeline.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/optional/samples/pipelinesamples/simple_pipeline.yaml new file mode 100644 index 0000000000..ae75010e9e --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/optional/samples/pipelinesamples/simple_pipeline.yaml @@ -0,0 +1,70 @@ +--- +apiVersion: console.openshift.io/v1 +kind: ConsoleYAMLSample +metadata: + name: simple-pipeline +spec: + targetResource: + apiVersion: tekton.dev/v1beta1 + kind: Pipeline + title: simple-pipeline + description: An example of simple pipeline to build and deploy + snippet: false + yaml: | + apiVersion: tekton.dev/v1beta1 + kind: Pipeline + metadata: + name: build-and-deploy + spec: + params: + - name: IMAGE_NAME + type: string + - name: GIT_REPO + type: string + - name: GIT_REVISION + type: string + workspaces: + - name: workspace + tasks: + - name: fetch-repository + taskRef: + name: git-clone + kind: ClusterTask + workspaces: + - name: output + workspace: workspace + params: + - name: url + value: $(params.GIT_REPO) + - name: revision + value: $(params.GIT_REVISION) + - name: subdirectory + value: "" + - name: deleteExisting + value: "true" + + - name: build + taskRef: + name: s2i-nodejs + kind: ClusterTask + runAfter: + - fetch-repository + workspaces: + - name: source + workspace: workspace + params: + - name: IMAGE + value: $(params.IMAGE_NAME) + - name: TLSVERIFY + value: "false" + + - name: deploy + taskRef: + name: openshift-client + kind: ClusterTask + runAfter: + - build + params: + - name: SCRIPT + value: | + oc new-app --docker-image $(params.IMAGE_NAME) diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/optional/samples/tasksnippets/buildah-task-snippet.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/optional/samples/tasksnippets/buildah-task-snippet.yaml new file mode 100644 index 0000000000..e68ef92474 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/optional/samples/tasksnippets/buildah-task-snippet.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: console.openshift.io/v1 +kind: ConsoleYAMLSample +metadata: + name: buildah-snippet +spec: + targetResource: + apiVersion: tekton.dev/v1beta1 + kind: Pipeline + title: Buildah Task + description: | + Buildash task builds the source into a container image Project Atomic's Buildah build tool. + It uses Buildah's support for building from Dockerfiles, using its buildah bud command. + This command executes the directives in the Dockerfile to assemble a container image, then pushes that image to a container registry. + snippet: true + yaml: | + - name: build + taskRef: + name: buildah + kind: ClusterTask + workspaces: + - name: source + workspace: workspace + params: + - name: IMAGE + value: $(params.IMAGE_NAME) + - name: BUILDER_IMAGE + value: registry.redhat.io/rhel8/buildah + - name: DOCKERFILE + value: ./Dockerfile + - name: TLSVERIFY + value: "true" diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/optional/samples/tasksnippets/openshift-client-task-snippet.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/optional/samples/tasksnippets/openshift-client-task-snippet.yaml new file mode 100644 index 0000000000..fc1d485ded --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/optional/samples/tasksnippets/openshift-client-task-snippet.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: console.openshift.io/v1 +kind: ConsoleYAMLSample +metadata: + name: openshift-client-snippet +spec: + targetResource: + apiVersion: tekton.dev/v1beta1 + kind: Pipeline + title: Openshift-client Task + description: | + OpenShift is a Kubernetes distribution from Red Hat which provides oc, the OpenShift CLI that complements kubectl for simplifying deployment and configuration applications on OpenShift. + snippet: true + yaml: | + - name: deploy + taskRef: + name: openshift-client + kind: ClusterTask + params: + - name: ARGS + value: "help" diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/optional/samples/tasksnippets/s2i-go-task-snippet.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/optional/samples/tasksnippets/s2i-go-task-snippet.yaml new file mode 100644 index 0000000000..66ae7b5a3c --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/optional/samples/tasksnippets/s2i-go-task-snippet.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: console.openshift.io/v1 +kind: ConsoleYAMLSample +metadata: + name: s2i-go-snippet +spec: + targetResource: + apiVersion: tekton.dev/v1beta1 + kind: Pipeline + title: S2I-Go Workspace based Task + description: | + An s2i task to build go based source. + Source-to-Image (S2I) is a toolkit and workflow for building reproducible container images from source code. + S2I produces images by injecting source code into a base S2I container image and letting the container prepare that source code for execution. + The base S2I container images contains the language runtime and build tools needed for building and running the source code. + + snippet: true + yaml: | + - name: build + taskRef: + name: s2i-go + kind: ClusterTask + workspaces: + - name: source + workspace: workspace + params: + - name: IMAGE + value: $(params.IMAGE_NAME) + - name: PATH_CONTEXT + value: . + - name: TLSVERIFY + value: "true" diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/optional/samples/tasksnippets/s2i-java-task-snippet.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/optional/samples/tasksnippets/s2i-java-task-snippet.yaml new file mode 100644 index 0000000000..b4b5d06760 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/optional/samples/tasksnippets/s2i-java-task-snippet.yaml @@ -0,0 +1,37 @@ +--- +apiVersion: console.openshift.io/v1 +kind: ConsoleYAMLSample +metadata: + name: s2i-java-snippet +spec: + targetResource: + apiVersion: tekton.dev/v1beta1 + kind: Pipeline + title: S2I-Java Workspace based Task + description: | + An s2i task to build java based source. + Source-to-Image (S2I) is a toolkit and workflow for building reproducible container images from source code. + S2I produces images by injecting source code into a base S2I container image and letting the container prepare that source code for execution. + The base S2I container images contains the language runtime and build tools needed for building and running the source code. + snippet: true + yaml: | + - name: build + taskRef: + name: s2i-java + kind: ClusterTask + workspaces: + - name: source + workspace: workspace + params: + - name: IMAGE + value: $(params.IMAGE_NAME) + - name: PATH_CONTEXT + value: . + - name: TLSVERIFY + value: "true" + - name: MAVEN_ARGS_APPEND + value: "" + - name: MAVEN_CLEAR_REPO + value: "false" + - name: MAVEN_MIRROR_URL + value: "" diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/optional/samples/tasksnippets/s2i-nodejs-task-snippet.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/optional/samples/tasksnippets/s2i-nodejs-task-snippet.yaml new file mode 100644 index 0000000000..fe1ca66390 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/optional/samples/tasksnippets/s2i-nodejs-task-snippet.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: console.openshift.io/v1 +kind: ConsoleYAMLSample +metadata: + name: s2i-nodejs-snippet +spec: + targetResource: + apiVersion: tekton.dev/v1beta1 + kind: Pipeline + title: S2I-Nodejs Workspace based Task + description: | + An s2i task to build nodejs based source. + Source-to-Image (S2I) is a toolkit and workflow for building reproducible container images from source code. + S2I produces images by injecting source code into a base S2I container image and letting the container prepare that source code for execution. + The base S2I container images contains the language runtime and build tools needed for building and running the source code. + snippet: true + yaml: | + - name: build + taskRef: + name: s2i-nodejs + kind: ClusterTask + workspaces: + - name: source + workspace: workspace + params: + - name: IMAGE + value: $(params.IMAGE_NAME) + - name: VERSION + value: "14-ubi8" + - name: PATH_CONTEXT + value: . + - name: TLSVERIFY + value: "true" diff --git a/cmd/openshift/operator/kodata/tekton-addon/1.6.0/optional/samples/tasksnippets/s2i-python-task-snippet.yaml b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/optional/samples/tasksnippets/s2i-python-task-snippet.yaml new file mode 100644 index 0000000000..2a66f24c58 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-addon/1.6.0/optional/samples/tasksnippets/s2i-python-task-snippet.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: console.openshift.io/v1 +kind: ConsoleYAMLSample +metadata: + name: s2i-python-snippet +spec: + targetResource: + apiVersion: tekton.dev/v1beta1 + kind: Pipeline + title: S2I-Python Workspace based Task + description: | + An s2i task to build python based source. + Source-to-Image (S2I) is a toolkit and workflow for building reproducible container images from source code. + S2I produces images by injecting source code into a base S2I container image and letting the container prepare that source code for execution. + The base S2I container images contains the language runtime and build tools needed for building and running the source code. + snippet: true + yaml: | + - name: build + taskRef: + name: s2i-python + kind: ClusterTask + workspaces: + - name: source + workspace: workspace + params: + - name: IMAGE + value: $(params.IMAGE_NAME) + - name: VERSION + value: "3.8-ubi8" + - name: PATH_CONTEXT + value: . + - name: TLSVERIFY + value: "true" diff --git a/cmd/openshift/operator/kodata/tekton-pipeline/0.28.2/00-pipelines.yaml b/cmd/openshift/operator/kodata/tekton-pipeline/0.28.2/00-pipelines.yaml new file mode 100644 index 0000000000..206ea5d873 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-pipeline/0.28.2/00-pipelines.yaml @@ -0,0 +1,2136 @@ +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Namespace +metadata: + name: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +spec: + privileged: false + allowPrivilegeEscalation: false + volumes: + - 'emptyDir' + - 'configMap' + - 'secret' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-controller-cluster-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + - apiGroups: [""] + # Controller needs to watch Pods created by TaskRuns to see them progress. + resources: ["pods"] + verbs: ["list", "watch"] + # Controller needs cluster access to all of the CRDs that it is responsible for + # managing. + - apiGroups: ["tekton.dev"] + resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "pipelineresources", "conditions", "runs"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["taskruns/finalizers", "pipelineruns/finalizers", "runs/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status", "pipelineruns/status", "pipelineresources/status", "runs/status"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + # This is the access that the controller needs on a per-namespace basis. + name: tekton-pipelines-controller-tenant-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + # Read-write access to create Pods, K8s Events and PVCs (for Workspaces) + - apiGroups: [""] + resources: ["pods", "pods/log", "events", "persistentvolumeclaims"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + # Read-only access to these. + - apiGroups: [""] + resources: ["configmaps", "limitranges", "secrets", "serviceaccounts"] + verbs: ["get", "list", "watch"] + # Read-write access to StatefulSets for Affinity Assistant. + - apiGroups: ["apps"] + resources: ["statefulsets"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-webhook-cluster-access + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + # The webhook needs to be able to list and update customresourcedefinitions, + # mainly to update the webhook certificates. + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions", "customresourcedefinitions/status"] + verbs: ["get", "list", "update", "patch", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + # The webhook performs a reconciliation on these two resources and continuously + # updates configuration. + resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] + # knative starts informers on these things, which is why we need get, list and watch. + verbs: ["list", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations"] + # This mutating webhook is responsible for applying defaults to tekton objects + # as they are received. + resourceNames: ["webhook.pipeline.tekton.dev"] + # When there are changes to the configs or secrets, knative updates the mutatingwebhook config + # with the updated certificates or the refreshed set of rules. + verbs: ["get", "update"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + # validation.webhook.pipeline.tekton.dev performs schema validation when you, for example, create TaskRuns. + # config.webhook.pipeline.tekton.dev validates the logging configuration against knative's logging structure + resourceNames: ["validation.webhook.pipeline.tekton.dev", "config.webhook.pipeline.tekton.dev"] + # When there are changes to the configs or secrets, knative updates the validatingwebhook config + # with the updated certificates or the refreshed set of rules. + verbs: ["get", "update"] + - apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + resourceNames: ["tekton-pipelines"] + verbs: ["use"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get"] + # The webhook configured the namespace as the OwnerRef on various cluster-scoped resources, + # which requires we can Get the system namespace. + resourceNames: ["tekton-pipelines"] + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["list", "watch"] + # The controller needs access to these configmaps for logging information and runtime configuration. + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + resourceNames: ["config-logging", "config-observability", "config-artifact-bucket", "config-artifact-pvc", "feature-flags", "config-leader-election", "config-registry-cert"] + - apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + resourceNames: ["tekton-pipelines"] + verbs: ["use"] +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["list", "watch"] + # The webhook needs access to these configmaps for logging information. + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + resourceNames: ["config-logging", "config-observability", "config-leader-election", "feature-flags"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["list", "watch"] + # The webhook daemon makes a reconciliation loop on webhook-certs. Whenever + # the secret changes it updates the webhook configurations with the certificates + # stored in the secret. + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "update"] + resourceNames: ["webhook-certs"] + - apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + resourceNames: ["tekton-pipelines"] + verbs: ["use"] +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-leader-election + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + # We uses leases for leaderelection + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: tekton-pipelines-info + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + # All system:authenticated users needs to have access + # of the pipelines-info ConfigMap even if they don't + # have access to the other resources present in the + # installed namespace. + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["pipelines-info"] + verbs: ["get"] + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-pipelines-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelines-controller-cluster-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-controller + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-pipelines-controller-cluster-access + apiGroup: rbac.authorization.k8s.io +--- +# If this ClusterRoleBinding is replaced with a RoleBinding +# then the ClusterRole would be namespaced. The access described by +# the tekton-pipelines-controller-tenant-access ClusterRole would +# be scoped to individual tenant namespaces. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelines-controller-tenant-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-controller + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-pipelines-controller-tenant-access + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelines-webhook-cluster-access + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-webhook + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-pipelines-webhook-cluster-access + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-pipelines-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-controller + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-pipelines-controller + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-webhook + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-pipelines-webhook + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-pipelines-controller-leaderelection + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-controller + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-pipelines-leader-election + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-pipelines-webhook-leaderelection + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-webhook + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-pipelines-leader-election + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-pipelines-info + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + # Giving all system:authenticated users the access of the + # ConfigMap which contains version information. + - kind: Group + name: system:authenticated + apiGroup: rbac.authorization.k8s.io +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: tekton-pipelines-info + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clustertasks.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.28.2" + version: "v0.28.2" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: ClusterTask + plural: clustertasks + categories: + - tekton + - tekton-pipelines + scope: Cluster + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1beta1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: conditions.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.28.2" + version: "v0.28.2" +spec: + group: tekton.dev + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: Condition + plural: conditions + categories: + - tekton + - tekton-pipelines + scope: Namespaced + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: pipelines.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.28.2" + version: "v0.28.2" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - name: v1alpha1 + served: true + storage: false + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + - name: v1beta1 + served: true + storage: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + names: + kind: Pipeline + plural: pipelines + categories: + - tekton + - tekton-pipelines + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1beta1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: pipelineruns.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.28.2" + version: "v0.28.2" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: PipelineRun + plural: pipelineruns + categories: + - tekton + - tekton-pipelines + shortNames: + - pr + - prs + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1beta1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: pipelineresources.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.28.2" + version: "v0.28.2" +spec: + group: tekton.dev + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: PipelineResource + plural: pipelineresources + categories: + - tekton + - tekton-pipelines + scope: Namespaced + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: runs.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.28.2" + version: "v0.28.2" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: Run + plural: runs + categories: + - tekton + - tekton-pipelines + scope: Namespaced + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: tasks.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.28.2" + version: "v0.28.2" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: Task + plural: tasks + categories: + - tekton + - tekton-pipelines + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1beta1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: taskruns.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.28.2" + version: "v0.28.2" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: TaskRun + plural: taskruns + categories: + - tekton + - tekton-pipelines + shortNames: + - tr + - trs + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1beta1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: webhook-certs + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.28.2" +# The data is populated at install time. +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.webhook.pipeline.tekton.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.28.2" +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: validation.webhook.pipeline.tekton.dev +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: webhook.pipeline.tekton.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.28.2" +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: webhook.pipeline.tekton.dev +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: config.webhook.pipeline.tekton.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.28.2" +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: config.webhook.pipeline.tekton.dev + objectSelector: + matchLabels: + app.kubernetes.io/part-of: tekton-pipelines + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-aggregate-edit + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - tekton.dev + resources: + - tasks + - taskruns + - pipelines + - pipelineruns + - pipelineresources + - conditions + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-aggregate-view + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: + - apiGroups: + - tekton.dev + resources: + - tasks + - taskruns + - pipelines + - pipelineruns + - pipelineresources + - conditions + verbs: + - get + - list + - watch + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-artifact-bucket + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +# data: +# # location of the gcs bucket to be used for artifact storage +# location: "gs://bucket-name" +# # name of the secret that will contain the credentials for the service account +# # with access to the bucket +# bucket.service.account.secret.name: +# # The key in the secret with the required service account json +# bucket.service.account.secret.key: +# # The field name that should be used for the service account +# # Valid values: GOOGLE_APPLICATION_CREDENTIALS, BOTO_CONFIG. +# bucket.service.account.field.name: GOOGLE_APPLICATION_CREDENTIALS + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-artifact-pvc + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +# data: +# # size of the PVC volume +# size: 5Gi +# +# # storage class of the PVC volume +# storageClassName: storage-class-name + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-defaults + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # default-timeout-minutes contains the default number of + # minutes to use for TaskRun and PipelineRun, if none is specified. + default-timeout-minutes: "60" # 60 minutes + + # default-service-account contains the default service account name + # to use for TaskRun and PipelineRun, if none is specified. + default-service-account: "default" + + # default-managed-by-label-value contains the default value given to the + # "app.kubernetes.io/managed-by" label applied to all Pods created for + # TaskRuns. If a user's requested TaskRun specifies another value for this + # label, the user's request supercedes. + default-managed-by-label-value: "tekton-pipelines" + + # default-pod-template contains the default pod template to use + # TaskRun and PipelineRun, if none is specified. If a pod template + # is specified, the default pod template is ignored. + # default-pod-template: + + # default-cloud-events-sink contains the default CloudEvents sink to be + # used for TaskRun and PipelineRun, when no sink is specified. + # Note that right now it is still not possible to set a PipelineRun or + # TaskRun specific sink, so the default is the only option available. + # If no sink is specified, no CloudEvent is generated + # default-cloud-events-sink: + + # default-task-run-workspace-binding contains the default workspace + # configuration provided for any Workspaces that a Task declares + # but that a TaskRun does not explicitly provide. + # default-task-run-workspace-binding: | + # emptyDir: {} + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: feature-flags + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # Setting this flag to "true" will prevent Tekton to create an + # Affinity Assistant for every TaskRun sharing a PVC workspace + # + # The default behaviour is for Tekton to create Affinity Assistants + # + # See more in the workspace documentation about Affinity Assistant + # https://github.com/tektoncd/pipeline/blob/main/docs/workspaces.md#affinity-assistant-and-specifying-workspace-order-in-a-pipeline + # or https://github.com/tektoncd/pipeline/pull/2630 for more info. + disable-affinity-assistant: "false" + # Setting this flag to "false" will allow Tekton to override your + # Task container's $HOME environment variable. + # + # See https://github.com/tektoncd/pipeline/issues/2013 for more + # info. + disable-home-env-overwrite: "true" + # Setting this flag to "false" will allow Tekton to override your + # Task container's working directory. + # + # See https://github.com/tektoncd/pipeline/issues/1836 for more + # info. + disable-working-directory-overwrite: "true" + # Setting this flag to "true" will prevent Tekton scanning attached + # service accounts and injecting any credentials it finds into your + # Steps. + # + # The default behaviour currently is for Tekton to search service + # accounts for secrets matching a specified format and automatically + # mount those into your Steps. + # + # Note: setting this to "true" will prevent PipelineResources from + # working. + # + # See https://github.com/tektoncd/pipeline/issues/2791 for more + # info. + disable-creds-init: "false" + # This option should be set to false when Pipelines is running in a + # cluster that does not use injected sidecars such as Istio. Setting + # it to false should decrease the time it takes for a TaskRun to start + # running. For clusters that use injected sidecars, setting this + # option to false can lead to unexpected behavior. + # + # See https://github.com/tektoncd/pipeline/issues/2080 for more info. + running-in-environment-with-injected-sidecars: "true" + # Setting this flag to "true" will require that any Git SSH Secret + # offered to Tekton must have known_hosts included. + # + # See https://github.com/tektoncd/pipeline/issues/2981 for more + # info. + require-git-ssh-secret-known-hosts: "false" + # Setting this flag to "true" enables the use of Tekton OCI bundle. + # This is an experimental feature and thus should still be considered + # an alpha feature. + enable-tekton-oci-bundles: "false" + # Setting this flag to "true" enables the use of custom tasks from + # within pipelines. + # This is an experimental feature and thus should still be considered + # an alpha feature. + enable-custom-tasks: "false" + # Setting this flag will determine which gated features are enabled. + # Acceptable values are "stable" or "alpha". + enable-api-fields: "stable" + # Setting this flag to "true" scopes when expressions to guard a Task only + # instead of a Task and its dependent Tasks. + scope-when-expressions-to-task: "false" + +--- +# Copyright 2021 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: pipelines-info + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # Contains pipelines version which can be queried by external + # tools such as CLI. Elevated permissions are already given to + # this ConfigMap such that even if we don't have access to + # other resources in the namespace we still can have access to + # this ConfigMap. + version: "v0.28.2" + +--- +# Copyright 2020 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-leader-election + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # An inactive but valid configuration follows; see example. + leaseDuration: "15s" + renewDeadline: "10s" + retryPeriod: "2s" + +--- +# Copyright 2019 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-logging + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # Common configuration for all knative codebase + zap-logger-config: | + { + "level": "info", + "development": false, + "sampling": { + "initial": 100, + "thereafter": 100 + }, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "ts", + "levelKey": "level", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "msg", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "iso8601", + "durationEncoder": "", + "callerEncoder": "" + } + } + # Log level overrides + loglevel.controller: "info" + loglevel.webhook: "info" + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-observability + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # metrics.backend-destination field specifies the system metrics destination. + # It supports either prometheus (the default) or stackdriver. + # Note: Using Stackdriver will incur additional charges. + metrics.backend-destination: prometheus + + # metrics.stackdriver-project-id field specifies the Stackdriver project ID. This + # field is optional. When running on GCE, application default credentials will be + # used and metrics will be sent to the cluster's project if this field is + # not provided. + metrics.stackdriver-project-id: "" + + # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed + # to send metrics to Stackdriver using "global" resource type and custom + # metric type. Setting this flag to "true" could cause extra Stackdriver + # charge. If metrics.backend-destination is not Stackdriver, this is + # ignored. + metrics.allow-stackdriver-custom-metrics: "false" + metrics.taskrun.level: "taskrun" + metrics.taskrun.duration-type: "histogram" + metrics.pipelinerun.level: "pipelinerun" + metrics.pipelinerun.duration-type: "histogram" + +--- +# Copyright 2020 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-registry-cert + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +# data: +# # Registry's self-signed certificate +# cert: | + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-pipelines-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.28.2" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.28.2" + # labels below are related to istio and should not be used for resource lookup + version: "v0.28.2" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + template: + metadata: + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.28.2" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.28.2" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelines-controller + version: "v0.28.2" + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: NotIn + values: + - windows + serviceAccountName: tekton-pipelines-controller + containers: + - name: tekton-pipelines-controller + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.28.2@sha256:f804c19b511f11fb631eb9070d446ebbc7cd707065a6c967bd300c2fa349eb9d + args: [ + # These images are built on-demand by `ko resolve` and are replaced + # by image references by digest. + "-kubeconfig-writer-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/kubeconfigwriter:v0.28.2@sha256:b7da7634d80be7691d933e3e34310f2c293c6c54bc099aeccdafd334821a5403", "-git-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.28.2@sha256:bf23fb1a386e9e287855895b7118c1432ff9051285314a0e815d0a172edcb5c3", "-entrypoint-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.28.2@sha256:eaa38d36350f866501dde2195392576d31fe6d288915c518ae5c10d97d86e3e6", "-nop-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop:v0.28.2@sha256:6de527d28e42192e786127fdbb246e55c0eff3d95bc04beaa6f9e2ddce1f2d44", "-imagedigest-exporter-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/imagedigestexporter:v0.28.2@sha256:932ea823d0eaba8f2a4ebf803bb7a3043dece2770c047956a06225365a1f7b30", "-pr-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/pullrequest-init:v0.28.2@sha256:73129ae146a4fb8be5d6ee6d183b524081a437ee3c7159be069855f0259badb2", + # This is gcr.io/google.com/cloudsdktool/cloud-sdk:302.0.0-slim + "-gsutil-image", "gcr.io/google.com/cloudsdktool/cloud-sdk@sha256:27b2c22bf259d9bc1a291e99c63791ba0c27a04d2db0a43241ba0f1f20f4067f", + # The shell image must be root in order to create directories and copy files to PVCs. + # gcr.io/distroless/base:debug as of Apirl 17, 2021 + # image shall not contains tag, so it will be supported on a runtime like cri-o + "-shell-image", "gcr.io/distroless/base@sha256:aa4fd987555ea10e1a4ec8765da8158b5ffdfef1e72da512c7ede509bc9966c4", + # for script mode to work with windows we need a powershell image + # pinning to nanoserver tag as of July 15 2021 + "-shell-image-win", "mcr.microsoft.com/powershell:nanoserver@sha256:b6d5ff841b78bdf2dfed7550000fd4f3437385b8fa686ec0f010be24777654d6", + # Experimental. Uncomment below to disable TaskRun and PipelineRun + # reconcilers' built-in taskRef and pipelineRef resolution procedures. + # "-experimental-disable-in-tree-resolution", + ] + volumeMounts: + - name: config-logging + mountPath: /etc/config-logging + - name: config-registry-cert + mountPath: /etc/config-registry-cert + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + # These phony AWS credentials are here to work around a bug in the aws go sdk + # that causes extremely long delays in the execution of tasks after the initial + # deployment of the Tekton Pipelines controller. See issue https://github.com/tektoncd/pipeline/issues/4087 + # for more information. + - name: AWS_ACCESS_KEY_ID + value: foobarbaz + - name: AWS_SECRET_ACCESS_KEY + value: foobarbaz + - name: AWS_DEFAULT_REGION + value: foobarbaz + # If you are changing these names, you will also need to update + # the controller's Role in 200-role.yaml to include the new + # values in the "configmaps" "get" rule. + - name: CONFIG_DEFAULTS_NAME + value: config-defaults + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: CONFIG_ARTIFACT_BUCKET_NAME + value: config-artifact-bucket + - name: CONFIG_ARTIFACT_PVC_NAME + value: config-artifact-pvc + - name: CONFIG_FEATURE_FLAGS_NAME + value: feature-flags + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election + - name: SSL_CERT_FILE + value: /etc/config-registry-cert/cert + - name: SSL_CERT_DIR + value: /etc/ssl/certs + - name: METRICS_DOMAIN + value: tekton.dev/pipeline + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + # User 65532 is the distroless nonroot user ID + runAsUser: 65532 + runAsGroup: 65532 + ports: + - name: probes + containerPort: 8080 + livenessProbe: + httpGet: + path: /health + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /readiness + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + volumes: + - name: config-logging + configMap: + name: config-logging + - name: config-registry-cert + configMap: + name: config-registry-cert +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.28.2" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.28.2" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelines-controller + version: "v0.28.2" + name: tekton-pipelines-controller + namespace: tekton-pipelines +spec: + ports: + - name: http-metrics + port: 9090 + protocol: TCP + targetPort: 9090 + - name: probes + port: 8080 + selector: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.28.2" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.28.2" + # labels below are related to istio and should not be used for resource lookup + version: "v0.28.2" +spec: + minReplicas: 1 + maxReplicas: 5 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: tekton-pipelines-webhook + metrics: + - type: Resource + resource: + name: cpu + targetAverageUtilization: 100 + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + # Note: the Deployment name must be the same as the Service name specified in + # config/400-webhook-service.yaml. If you change this name, you must also + # change the value of WEBHOOK_SERVICE_NAME below. + name: tekton-pipelines-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.28.2" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.28.2" + # labels below are related to istio and should not be used for resource lookup + version: "v0.28.2" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + template: + metadata: + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.28.2" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.28.2" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelines-webhook + version: "v0.28.2" + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: NotIn + values: + - windows + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: tekton-pipelines-webhook + containers: + - name: webhook + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.28.2@sha256:f74cde6b3d7c904b76beadc787d0ae59934bd1978928ff8812fb96fbb07c2d27 + # Resource request required for autoscaler to take any action for a metric + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 500m + memory: 500Mi + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + # If you are changing these names, you will also need to update + # the webhook's Role in 200-role.yaml to include the new + # values in the "configmaps" "get" rule. + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election + - name: CONFIG_FEATURE_FLAGS_NAME + value: feature-flags + - name: WEBHOOK_SERVICE_NAME + value: tekton-pipelines-webhook + - name: WEBHOOK_SECRET_NAME + value: webhook-certs + - name: METRICS_DOMAIN + value: tekton.dev/pipeline + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + # User 65532 is the distroless nonroot user ID + runAsUser: 65532 + runAsGroup: 65532 + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: https-webhook + containerPort: 8443 + - name: probes + containerPort: 8080 + livenessProbe: + httpGet: + path: /health + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /readiness + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.28.2" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.28.2" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelines-webhook + version: "v0.28.2" + name: tekton-pipelines-webhook + namespace: tekton-pipelines +spec: + ports: + # Define metrics and profiling for them to be accessible within service meshes. + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: https-webhook + port: 443 + targetPort: 8443 + - name: probes + port: 8080 + selector: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + +--- diff --git a/cmd/openshift/operator/kodata/tekton-pipeline/0.28.2/01-clusterrole.yaml b/cmd/openshift/operator/kodata/tekton-pipeline/0.28.2/01-clusterrole.yaml new file mode 100644 index 0000000000..df751a62fc --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-pipeline/0.28.2/01-clusterrole.yaml @@ -0,0 +1,9 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: pipelines-scc-role +rules: +- apiGroups: [security.openshift.io] + resourceNames: [nonroot] + resources: [securitycontextconstraints] + verbs: [use] diff --git a/cmd/openshift/operator/kodata/tekton-pipeline/0.28.2/02-rolebinding.yaml b/cmd/openshift/operator/kodata/tekton-pipeline/0.28.2/02-rolebinding.yaml new file mode 100644 index 0000000000..116e79a6a6 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-pipeline/0.28.2/02-rolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: openshift-pipelines-permission +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pipelines-scc-role +subjects: +- kind: ServiceAccount + name: tekton-pipelines-controller + namespace: openshift-pipelines diff --git a/cmd/openshift/operator/kodata/tekton-pipeline/00-prereconcile/openshift-pipelines-scc.yaml b/cmd/openshift/operator/kodata/tekton-pipeline/00-prereconcile/openshift-pipelines-scc.yaml new file mode 100644 index 0000000000..fe60ded292 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-pipeline/00-prereconcile/openshift-pipelines-scc.yaml @@ -0,0 +1,40 @@ +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints +metadata: + annotations: + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + kubernetes.io/description: pipelines-scc is a close replica of anyuid scc. pipelines-scc has fsGroup - MustRunAs. + release.openshift.io/create-only: "true" + name: pipelines-scc +allowHostDirVolumePlugin: false +allowHostIPC: false +allowHostNetwork: false +allowHostPID: false +allowHostPorts: false +allowPrivilegeEscalation: true +allowPrivilegedContainer: false +allowedCapabilities: null +defaultAddCapabilities: null +fsGroup: + type: MustRunAs +groups: +- system:cluster-admins +priority: 10 +readOnlyRootFilesystem: false +requiredDropCapabilities: +- MKNOD +runAsUser: + type: RunAsAny +seLinuxContext: + type: MustRunAs +supplementalGroups: + type: RunAsAny +volumes: +- configMap +- downwardAPI +- emptyDir +- persistentVolumeClaim +- projected +- secret diff --git a/cmd/openshift/operator/kodata/tekton-trigger/0.16.1/00-triggers.yaml b/cmd/openshift/operator/kodata/tekton-trigger/0.16.1/00-triggers.yaml new file mode 100644 index 0000000000..0ad6934e58 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-trigger/0.16.1/00-triggers.yaml @@ -0,0 +1,1503 @@ +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: tekton-triggers + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +spec: + privileged: false + allowPrivilegeEscalation: false + volumes: + - 'emptyDir' + - 'configMap' + - 'secret' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-triggers-admin + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +rules: + - apiGroups: [""] + resources: ["configmaps", "services", "events"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["apps"] + resources: ["deployments", "deployments/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["triggers.tekton.dev"] + resources: ["clustertriggerbindings", "clusterinterceptors", "eventlisteners", "triggerbindings", "triggertemplates", "triggers", "eventlisteners/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["triggers.tekton.dev"] + resources: ["clustertriggerbindings/status", "clusterinterceptors/status", "eventlisteners/status", "triggerbindings/status", "triggertemplates/status", "triggers/status"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + # We uses leases for leaderelection + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["serving.knative.dev"] + resources: ["*", "*/status", "*/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "deletecollection", "patch", "watch"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get"] + # The webhook configured the namespace as the OwnerRef on various cluster-scoped resources, + # which requires we can Get the system namespace. + resourceNames: ["tekton-pipelines"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-triggers-core-interceptors + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-triggers-eventlistener-roles + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +rules: + - apiGroups: ["triggers.tekton.dev"] + resources: ["eventlisteners", "triggerbindings", "triggertemplates", "triggers"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["pipelineruns", "pipelineresources", "taskruns"] + verbs: ["create"] + - apiGroups: [""] + resources: ["serviceaccounts"] + verbs: ["impersonate"] + - apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + resourceNames: ["tekton-triggers"] + verbs: ["use"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-triggers-eventlistener-clusterroles + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +rules: + - apiGroups: ["triggers.tekton.dev"] + resources: ["clustertriggerbindings", "clusterinterceptors"] + verbs: ["get", "list", "watch"] + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: when multi-tenant EventListener progresses, moving this Role +# to a ClusterRole is not the advisable path. Additional Roles that +# adds access to Secrets to the Namespaces managed by the multi-tenant +# EventListener is what should be done. While not as simple, it avoids +# giving access to K8S system level, cluster admin privileged level Secrets + +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-triggers-admin + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +rules: + - apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + resourceNames: ["tekton-triggers"] + verbs: ["use"] +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-triggers-admin-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +rules: + - apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + resourceNames: ["tekton-triggers"] + verbs: ["use"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +rules: + - apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + resourceNames: ["tekton-triggers"] + verbs: ["use"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: tekton-triggers-info + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +rules: + # All system:authenticated users needs to have access + # of the triggers-info ConfigMap even if they don't + # have access to the other resources present in the + # installed namespace. + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["triggers-info"] + verbs: ["get"] + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-triggers-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-triggers-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-triggers-controller-admin + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +subjects: + - kind: ServiceAccount + name: tekton-triggers-controller + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-triggers-admin + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-triggers-webhook-admin + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +subjects: + - kind: ServiceAccount + name: tekton-triggers-webhook + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-triggers-admin + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-triggers-core-interceptors + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +subjects: + - kind: ServiceAccount + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-triggers-core-interceptors + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-triggers-controller-admin + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +subjects: + - kind: ServiceAccount + name: tekton-triggers-controller + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-triggers-admin + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-triggers-webhook-admin + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +subjects: + - kind: ServiceAccount + name: tekton-triggers-webhook + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-triggers-admin-webhook + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +subjects: + - kind: ServiceAccount + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-triggers-core-interceptors + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-triggers-info + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +subjects: + # Giving all system:authenticated users the access of the + # ConfigMap which contains version information. + - kind: Group + name: system:authenticated + apiGroup: rbac.authorization.k8s.io +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: tekton-triggers-info + +--- +# Copyright 2021 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterinterceptors.triggers.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.16.1" + version: "v0.16.1" +spec: + group: triggers.tekton.dev + scope: Cluster + names: + kind: ClusterInterceptor + plural: clusterinterceptors + singular: clusterinterceptor + shortNames: + - ci + categories: + - tekton + - tekton-triggers + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clustertriggerbindings.triggers.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.16.1" + version: "v0.16.1" +spec: + group: triggers.tekton.dev + scope: Cluster + names: + kind: ClusterTriggerBinding + plural: clustertriggerbindings + singular: clustertriggerbinding + shortNames: + - ctb + categories: + - tekton + - tekton-triggers + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + - name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: eventlisteners.triggers.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.16.1" + version: "v0.16.1" +spec: + group: triggers.tekton.dev + scope: Namespaced + names: + kind: EventListener + plural: eventlisteners + singular: eventlistener + shortNames: + - el + categories: + - tekton + - tekton-triggers + versions: + - name: v1beta1 + served: true + storage: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Address + type: string + jsonPath: .status.address.url + - name: Available + type: string + jsonPath: ".status.conditions[?(@.type=='Available')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Available')].reason" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + - name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + additionalPrinterColumns: + - name: Address + type: string + jsonPath: .status.address.url + - name: Available + type: string + jsonPath: ".status.conditions[?(@.type=='Available')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Available')].reason" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: triggers.triggers.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.16.1" + version: "v0.16.1" +spec: + group: triggers.tekton.dev + scope: Namespaced + names: + kind: Trigger + plural: triggers + singular: trigger + shortNames: + - tri + categories: + - tekton + - tekton-triggers + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + - name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: triggerbindings.triggers.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.16.1" + version: "v0.16.1" +spec: + group: triggers.tekton.dev + scope: Namespaced + names: + kind: TriggerBinding + plural: triggerbindings + singular: triggerbinding + shortNames: + - tb + categories: + - tekton + - tekton-triggers + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: triggertemplates.triggers.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.16.1" + version: "v0.16.1" +spec: + group: triggers.tekton.dev + scope: Namespaced + names: + kind: TriggerTemplate + plural: triggertemplates + singular: triggertemplate + shortNames: + - tt + categories: + - tekton + - tekton-triggers + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: triggers-webhook-certs + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.16.1" +# The data is populated at install time. +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.webhook.triggers.tekton.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.16.1" +webhooks: + - admissionReviewVersions: + - v1beta1 + - v1 + clientConfig: + service: + name: tekton-triggers-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: validation.webhook.triggers.tekton.dev +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: webhook.triggers.tekton.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.16.1" +webhooks: + - admissionReviewVersions: + - v1beta1 + - v1 + clientConfig: + service: + name: tekton-triggers-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: webhook.triggers.tekton.dev +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: config.webhook.triggers.tekton.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.16.1" +webhooks: + - admissionReviewVersions: + - v1beta1 + - v1 + clientConfig: + service: + name: tekton-triggers-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: config.webhook.triggers.tekton.dev + namespaceSelector: + matchExpressions: + - key: triggers.tekton.dev/release + operator: Exists + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-triggers-aggregate-edit + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - triggers.tekton.dev + resources: + - clustertriggerbindings + - clusterinterceptors + - eventlisteners + - triggers + - triggerbindings + - triggertemplates + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-triggers-aggregate-view + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: + - apiGroups: + - triggers.tekton.dev + resources: + - clustertriggerbindings + - clusterinterceptors + - eventlisteners + - triggers + - triggerbindings + - triggertemplates + verbs: + - get + - list + - watch + +--- +# Copyright 2021 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-defaults-triggers + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # default-service-account contains the default service account name + # to use for TaskRun and PipelineRun, if none is specified. + default-service-account: "default" + +--- +# Copyright 2021 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: feature-flags-triggers + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # Setting this flag will determine which gated features are enabled. + # Acceptable values are "stable" or "alpha". + enable-api-fields: "stable" + +--- +# Copyright 2021 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: triggers-info + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +data: + # Contains triggers version which can be queried by external + # tools such as CLI. Elevated permissions are already given to + # this ConfigMap such that even if we don't have access to + # other resources in the namespace we still can have access to + # this ConfigMap. + version: "v0.16.1" + +--- +# Copyright 2019 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-logging-triggers + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +data: + # Common configuration for all knative codebase + zap-logger-config: | + { + "level": "info", + "development": false, + "sampling": { + "initial": 100, + "thereafter": 100 + }, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "ts", + "levelKey": "level", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "msg", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "iso8601", + "durationEncoder": "", + "callerEncoder": "" + } + } + # Log level overrides + loglevel.controller: "info" + loglevel.webhook: "info" + loglevel.eventlistener: "info" + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-observability-triggers + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # metrics.backend-destination field specifies the system metrics destination. + # It supports either prometheus (the default) or stackdriver. + # Note: Using stackdriver will incur additional charges + metrics.backend-destination: prometheus + + # metrics.stackdriver-project-id field specifies the stackdriver project ID. This + # field is optional. When running on GCE, application default credentials will be + # used if this field is not provided. + metrics.stackdriver-project-id: "" + + # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to + # Stackdriver using "global" resource type and custom metric type if the + # metrics are not supported by "knative_revision" resource type. Setting this + # flag to "true" could cause extra Stackdriver charge. + # If metrics.backend-destination is not Stackdriver, this is ignored. + metrics.allow-stackdriver-custom-metrics: "false" + +--- +# Copyright 2019 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.16.1" + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.16.1" + app: tekton-triggers-controller + version: "v0.16.1" + name: tekton-triggers-controller + namespace: tekton-pipelines +spec: + ports: + - name: http-metrics + port: 9000 + protocol: TCP + targetPort: 9000 + selector: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-triggers-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.16.1" + app.kubernetes.io/part-of: tekton-triggers + # tekton.dev/release value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml + triggers.tekton.dev/release: "v0.16.1" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + template: + metadata: + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.16.1" + app.kubernetes.io/part-of: tekton-triggers + app: tekton-triggers-controller + triggers.tekton.dev/release: "v0.16.1" + # version value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml + version: "v0.16.1" + spec: + serviceAccountName: tekton-triggers-controller + containers: + - name: tekton-triggers-controller + image: "gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/controller:v0.16.1@sha256:ef5f79dcc8c1962279b95857d34e27d44670990dfb71ac3c481e277f376d9c78" + args: ["-logtostderr", "-stderrthreshold", "INFO", "-el-image", "gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/eventlistenersink:v0.16.1@sha256:6e553c9067301509f6d4f71e5d173b42438741c82db524b0b00db994e92c87d0", "-el-port", "8080", "-el-security-context=true", "-el-readtimeout", "5", "-el-writetimeout", "40", "-el-idletimeout", "120", "-el-timeouthandler", "30", "-period-seconds", "10", "-failure-threshold", "1"] + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging-triggers + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability-triggers + - name: CONFIG_DEFAULTS_NAME + value: config-defaults-triggers + - name: METRICS_DOMAIN + value: tekton.dev/triggers + - name: METRICS_PROMETHEUS_PORT + value: "9000" + securityContext: + allowPrivilegeEscalation: false + # User 65532 is the distroless nonroot user ID + runAsUser: 65532 + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: tekton-triggers-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.16.1" + app.kubernetes.io/part-of: tekton-triggers + app: tekton-triggers-webhook + version: "v0.16.1" + triggers.tekton.dev/release: "v0.16.1" +spec: + ports: + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-triggers-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.16.1" + app.kubernetes.io/part-of: tekton-triggers + # tekton.dev/release value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml + triggers.tekton.dev/release: "v0.16.1" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + template: + metadata: + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.16.1" + app.kubernetes.io/part-of: tekton-triggers + app: tekton-triggers-webhook + triggers.tekton.dev/release: "v0.16.1" + # version value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml + version: "v0.16.1" + spec: + serviceAccountName: tekton-triggers-webhook + containers: + - name: webhook + # This is the Go import path for the binary that is containerized + # and substituted here. + image: "gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/webhook:v0.16.1@sha256:f5efe079ea186338587d180019ac79d1933ddfefb46438c12c567845f6fd6059" + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging-triggers + - name: WEBHOOK_SERVICE_NAME + value: tekton-triggers-webhook + - name: WEBHOOK_SECRET_NAME + value: triggers-webhook-certs + - name: METRICS_DOMAIN + value: tekton.dev/triggers + ports: + - name: metrics + containerPort: 9000 + - name: profiling + containerPort: 8008 + - name: https-webhook + containerPort: 8443 + securityContext: + allowPrivilegeEscalation: false + # User 65532 is the distroless nonroot user ID + runAsUser: 65532 + +--- diff --git a/cmd/openshift/operator/kodata/tekton-trigger/0.16.1/01-interceptors.yaml b/cmd/openshift/operator/kodata/tekton-trigger/0.16.1/01-interceptors.yaml new file mode 100644 index 0000000000..82967eccc5 --- /dev/null +++ b/cmd/openshift/operator/kodata/tekton-trigger/0.16.1/01-interceptors.yaml @@ -0,0 +1,166 @@ +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: core-interceptors + app.kubernetes.io/component: interceptors + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.16.1" + app.kubernetes.io/part-of: tekton-triggers + # tekton.dev/release value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml + triggers.tekton.dev/release: "v0.16.1" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: core-interceptors + app.kubernetes.io/component: interceptors + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + template: + metadata: + labels: + app.kubernetes.io/name: core-interceptors + app.kubernetes.io/component: interceptors + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.16.1" + app.kubernetes.io/part-of: tekton-triggers + app: tekton-triggers-core-interceptors + triggers.tekton.dev/release: "v0.16.1" + # version value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml + version: "v0.16.1" + spec: + serviceAccountName: tekton-triggers-core-interceptors + containers: + - name: tekton-triggers-core-interceptors + image: "gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/interceptors:v0.16.1@sha256:d9086af68aaadd35359c516f8effa40f2d1e59bf96c31056feacd6a687a7f569" + args: ["-logtostderr", "-stderrthreshold", "INFO"] + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging-triggers + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability-triggers + - name: METRICS_DOMAIN + value: tekton.dev/triggers + readinessProbe: + httpGet: + path: /ready + port: 8082 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + # User 65532 is the distroless nonroot user ID + runAsUser: 65532 + runAsGroup: 65532 + capabilities: + drop: + - all +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: tekton-triggers-core-interceptors + app.kubernetes.io/component: interceptors + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.16.1" + app.kubernetes.io/part-of: tekton-triggers + triggers.tekton.dev/release: "v0.16.1" + app: tekton-triggers-core-interceptors + version: "v0.16.1" + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines +spec: + ports: + - name: "http" + port: 80 + targetPort: 8082 + selector: + app.kubernetes.io/name: core-interceptors + app.kubernetes.io/component: interceptors + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-triggers + +--- +# Copyright 2021 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: triggers.tekton.dev/v1alpha1 +kind: ClusterInterceptor +metadata: + name: cel +spec: + clientConfig: + service: + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines + path: "cel" +--- +apiVersion: triggers.tekton.dev/v1alpha1 +kind: ClusterInterceptor +metadata: + name: bitbucket +spec: + clientConfig: + service: + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines + path: "bitbucket" +--- +apiVersion: triggers.tekton.dev/v1alpha1 +kind: ClusterInterceptor +metadata: + name: github +spec: + clientConfig: + service: + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines + path: "github" +--- +apiVersion: triggers.tekton.dev/v1alpha1 +kind: ClusterInterceptor +metadata: + name: gitlab +spec: + clientConfig: + service: + name: tekton-triggers-core-interceptors + namespace: tekton-pipelines + path: "gitlab" + +--- diff --git a/config/base/300-operator_v1alpha1_config_crd.yaml b/config/base/300-operator_v1alpha1_config_crd.yaml index ab988ce4e8..d5b5a8e0ea 100644 --- a/config/base/300-operator_v1alpha1_config_crd.yaml +++ b/config/base/300-operator_v1alpha1_config_crd.yaml @@ -17,8 +17,8 @@ kind: CustomResourceDefinition metadata: name: tektonconfigs.operator.tekton.dev labels: - version: "devel" - operator.tekton.dev/release: "devel" + version: v1.6.0 + operator.tekton.dev/release: v1.6.0 spec: group: operator.tekton.dev names: diff --git a/config/base/300-operator_v1alpha1_installer_set_crd.yaml b/config/base/300-operator_v1alpha1_installer_set_crd.yaml index e7d9fd8a65..9d517d1293 100644 --- a/config/base/300-operator_v1alpha1_installer_set_crd.yaml +++ b/config/base/300-operator_v1alpha1_installer_set_crd.yaml @@ -17,8 +17,8 @@ kind: CustomResourceDefinition metadata: name: tektoninstallersets.operator.tekton.dev labels: - version: "devel" - operator.tekton.dev/release: "devel" + version: v1.6.0 + operator.tekton.dev/release: v1.6.0 spec: group: operator.tekton.dev names: diff --git a/config/base/300-operator_v1alpha1_pipeline_crd.yaml b/config/base/300-operator_v1alpha1_pipeline_crd.yaml index e696ae4912..9af2b6f0f5 100644 --- a/config/base/300-operator_v1alpha1_pipeline_crd.yaml +++ b/config/base/300-operator_v1alpha1_pipeline_crd.yaml @@ -17,8 +17,8 @@ kind: CustomResourceDefinition metadata: name: tektonpipelines.operator.tekton.dev labels: - version: "devel" - operator.tekton.dev/release: "devel" + version: v1.6.0 + operator.tekton.dev/release: v1.6.0 spec: group: operator.tekton.dev names: diff --git a/config/base/300-operator_v1alpha1_trigger_crd.yaml b/config/base/300-operator_v1alpha1_trigger_crd.yaml index 73361619e5..2cb5041417 100644 --- a/config/base/300-operator_v1alpha1_trigger_crd.yaml +++ b/config/base/300-operator_v1alpha1_trigger_crd.yaml @@ -17,8 +17,8 @@ kind: CustomResourceDefinition metadata: name: tektontriggers.operator.tekton.dev labels: - version: "devel" - operator.tekton.dev/release: "devel" + version: v1.6.0 + operator.tekton.dev/release: v1.6.0 spec: group: operator.tekton.dev names: diff --git a/config/base/operator.yaml b/config/base/operator.yaml index 4b3a474846..850be3964f 100644 --- a/config/base/operator.yaml +++ b/config/base/operator.yaml @@ -17,6 +17,6 @@ kind: Deployment metadata: name: tekton-operator labels: - version: "devel" - operator.tekton.dev/release: "devel" + version: v1.6.0 + operator.tekton.dev/release: v1.6.0 spec: {} diff --git a/config/openshift/base/300-operator_v1alpha1_addon_crd.yaml b/config/openshift/base/300-operator_v1alpha1_addon_crd.yaml index 9309979be2..a20f1bbf75 100644 --- a/config/openshift/base/300-operator_v1alpha1_addon_crd.yaml +++ b/config/openshift/base/300-operator_v1alpha1_addon_crd.yaml @@ -17,8 +17,8 @@ kind: CustomResourceDefinition metadata: name: tektonaddons.operator.tekton.dev labels: - version: "devel" - operator.tekton.dev/release: "devel" + version: v1.6.0 + operator.tekton.dev/release: v1.6.0 spec: group: operator.tekton.dev names: diff --git a/config/openshift/base/operator_service.yaml b/config/openshift/base/operator_service.yaml index e265000e99..3155fbac31 100644 --- a/config/openshift/base/operator_service.yaml +++ b/config/openshift/base/operator_service.yaml @@ -16,7 +16,7 @@ apiVersion: v1 kind: Service metadata: labels: - version: "devel" + version: v1.6.0 name: openshift-pipelines-operator name: tekton-operator spec: diff --git a/config/openshift/overlays/default/webhook.yaml b/config/openshift/overlays/default/webhook.yaml index f4b7a16b5e..3c84597749 100644 --- a/config/openshift/overlays/default/webhook.yaml +++ b/config/openshift/overlays/default/webhook.yaml @@ -17,8 +17,8 @@ kind: Deployment metadata: name: tekton-operator-webhook labels: - version: "devel" - operator.tekton.dev/release: "devel" + version: v1.6.0 + operator.tekton.dev/release: v1.6.0 spec: replicas: 1 selector: diff --git a/openshift/Dockerfile b/openshift/Dockerfile new file mode 100644 index 0000000000..3a46255412 --- /dev/null +++ b/openshift/Dockerfile @@ -0,0 +1,18 @@ +FROM openshift/origin-release:golang-1.12 + +# download, verify and install openshift client tools (oc and kubectl) +WORKDIR /tmp +RUN OPENSHIFT_CLIENT_VERSION=$(curl -s https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/release.txt|sed -n '/Version:/ { s/[ ]*Version:[ ]*// ;p}') \ + && curl -L -O -s https://mirror.openshift.com/pub/openshift-v4/clients/ocp/$OPENSHIFT_CLIENT_VERSION/openshift-client-linux-$OPENSHIFT_CLIENT_VERSION.tar.gz \ + && curl -L -s https://mirror.openshift.com/pub/openshift-v4/clients/ocp/$OPENSHIFT_CLIENT_VERSION/sha256sum.txt | \ + grep openshift-client-linux-$OPENSHIFT_CLIENT_VERSION.tar.gz > openshift-origin-client-tools.sha256 \ + && sha256sum -c openshift-origin-client-tools.sha256 \ + && mkdir openshift-origin-client-tools \ + && tar xzf openshift-client-linux-$OPENSHIFT_CLIENT_VERSION.tar.gz --directory openshift-origin-client-tools \ + && mv /tmp/openshift-origin-client-tools/oc /usr/bin/oc \ + && mv /tmp/openshift-origin-client-tools/kubectl /usr/bin/kubectl \ + && rm -rf ./openshift* \ + && oc version + +# Allow runtime users to add entries to /etc/passwd +RUN chmod g+rw /etc/passwd diff --git a/openshift/Makefile b/openshift/Makefile new file mode 100644 index 0000000000..a8613d8053 --- /dev/null +++ b/openshift/Makefile @@ -0,0 +1,17 @@ +NIGHTLY_YAML=https://raw.githubusercontent.com/openshift/tektoncd-pipeline/release-next/openshift/release/tektoncd-pipeline-nightly.yaml +STABLE_VERSION=$(shell curl -s https://api.github.com/repos/tektoncd/pipeline/releases | python -c "import sys, json;x=json.load(sys.stdin);print(x[0]['tag_name'])") +RELEASE_YAML= + +test-e2e-downstream-nightly: + @make test-e2e-downstream RELEASE_YAML=$(NIGHTLY_YAML) +.PHONY: test-e2e-downstream-nightly + +test-e2e-downstream-stable: + @make test-e2e-downstream \ + RELEASE_YAML=https://raw.githubusercontent.com/openshift/tektoncd-pipeline/release-$(STABLE_VERSION)/openshift/release/tektoncd-pipeline-$(STABLE_VERSION).yaml +.PHONY: test-e2e-downstream-stable + +test-e2e-downstream: + @make -C ../ bin/tkn + @env RELEASE_YAML=$(RELEASE_YAML) LOCAL_CI_RUN=true ../test/e2e-tests.sh +.PHONY: test-e2e-downstream diff --git a/openshift/patches/0001-Updates-webhook-cluster-role-to-work-with-Owner-Refe.patch b/openshift/patches/0001-Updates-webhook-cluster-role-to-work-with-Owner-Refe.patch new file mode 100644 index 0000000000..537afa96c3 --- /dev/null +++ b/openshift/patches/0001-Updates-webhook-cluster-role-to-work-with-Owner-Refe.patch @@ -0,0 +1,51 @@ +From 81db17ac41b0cf424e8567b37d69fba84c7d6e6c Mon Sep 17 00:00:00 2001 +From: Vincent Demeester +Date: Fri, 29 Oct 2021 08:35:52 +0200 +Subject: [PATCH] Updates webhook cluster role to work with Owner References + +Backport tektoncd/pipeline#4269 to fix deployment of the +webhook on OpenShift. + +Signed-off-by: Vincent Demeester +--- + .../kodata/tekton-pipeline/0.28.2/00-pipelines.yaml | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/cmd/openshift/operator/kodata/tekton-pipeline/0.28.2/00-pipelines.yaml b/cmd/openshift/operator/kodata/tekton-pipeline/0.28.2/00-pipelines.yaml +index 206ea5d8..1b7aa759 100644 +--- a/cmd/openshift/operator/kodata/tekton-pipeline/0.28.2/00-pipelines.yaml ++++ b/cmd/openshift/operator/kodata/tekton-pipeline/0.28.2/00-pipelines.yaml +@@ -157,7 +157,7 @@ rules: + resourceNames: ["webhook.pipeline.tekton.dev"] + # When there are changes to the configs or secrets, knative updates the mutatingwebhook config + # with the updated certificates or the refreshed set of rules. +- verbs: ["get", "update"] ++ verbs: ["get", "update", "delete"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + # validation.webhook.pipeline.tekton.dev performs schema validation when you, for example, create TaskRuns. +@@ -165,7 +165,7 @@ rules: + resourceNames: ["validation.webhook.pipeline.tekton.dev", "config.webhook.pipeline.tekton.dev"] + # When there are changes to the configs or secrets, knative updates the validatingwebhook config + # with the updated certificates or the refreshed set of rules. +- verbs: ["get", "update"] ++ verbs: ["get", "update", "delete"] + - apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + resourceNames: ["tekton-pipelines"] +@@ -176,6 +176,12 @@ rules: + # The webhook configured the namespace as the OwnerRef on various cluster-scoped resources, + # which requires we can Get the system namespace. + resourceNames: ["tekton-pipelines"] ++ - apiGroups: [""] ++ resources: ["namespaces/finalizers"] ++ verbs: ["update"] ++ # The webhook configured the namespace as the OwnerRef on various cluster-scoped resources, ++ # which requires we can update the system namespace finalizers. ++ resourceNames: ["tekton-pipelines"] + + --- + # Copyright 2020 The Tekton Authors +-- +2.31.1 + diff --git a/openshift/patches/0002-update-el-security-context-flag-to-false.patch b/openshift/patches/0002-update-el-security-context-flag-to-false.patch new file mode 100644 index 0000000000..fe01247cd4 --- /dev/null +++ b/openshift/patches/0002-update-el-security-context-flag-to-false.patch @@ -0,0 +1,25 @@ +From 76b6e63339a3f336d65e219983d2d8f1b5be97c8 Mon Sep 17 00:00:00 2001 +From: savitaashture +Date: Fri, 12 Nov 2021 12:41:40 +0530 +Subject: [PATCH] update el-security-context flag to false + +--- + .../operator/kodata/tekton-trigger/0.16.1/00-triggers.yaml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/cmd/openshift/operator/kodata/tekton-trigger/0.16.1/00-triggers.yaml b/cmd/openshift/operator/kodata/tekton-trigger/0.16.1/00-triggers.yaml +index 0ad6934e..1f21195e 100644 +--- a/cmd/openshift/operator/kodata/tekton-trigger/0.16.1/00-triggers.yaml ++++ b/cmd/openshift/operator/kodata/tekton-trigger/0.16.1/00-triggers.yaml +@@ -1359,7 +1359,7 @@ spec: + containers: + - name: tekton-triggers-controller + image: "gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/controller:v0.16.1@sha256:ef5f79dcc8c1962279b95857d34e27d44670990dfb71ac3c481e277f376d9c78" +- args: ["-logtostderr", "-stderrthreshold", "INFO", "-el-image", "gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/eventlistenersink:v0.16.1@sha256:6e553c9067301509f6d4f71e5d173b42438741c82db524b0b00db994e92c87d0", "-el-port", "8080", "-el-security-context=true", "-el-readtimeout", "5", "-el-writetimeout", "40", "-el-idletimeout", "120", "-el-timeouthandler", "30", "-period-seconds", "10", "-failure-threshold", "1"] ++ args: ["-logtostderr", "-stderrthreshold", "INFO", "-el-image", "gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/eventlistenersink:v0.16.1@sha256:6e553c9067301509f6d4f71e5d173b42438741c82db524b0b00db994e92c87d0", "-el-port", "8080", "-el-security-context=false", "-el-readtimeout", "5", "-el-writetimeout", "40", "-el-idletimeout", "120", "-el-timeouthandler", "30", "-period-seconds", "10", "-failure-threshold", "1"] + env: + - name: SYSTEM_NAMESPACE + valueFrom: +-- +2.31.1 + diff --git a/openshift/release/README.md b/openshift/release/README.md new file mode 100644 index 0000000000..2d7a668fc1 --- /dev/null +++ b/openshift/release/README.md @@ -0,0 +1,35 @@ +# Release creation + +## Branching + +As far as branching goes, we have two use-cases: + +1. Creating a branch based off an upstream release tag. +2. Having a branch that follow upstream's HEAD and serves as a vehicle for continuous integration. + +A prerequisite for both scripts is that your local clone of the repository has a remote "upstream" +that points to the upstream repository and a remote "openshift" that points to the openshift fork. + +Run the scripts from the root of the repository. + +### Creating a branch based off an upstream release tag + +To create a clean branch from an upstream release tag, use the `create-release-branch.sh` script: + +```bash +$ ./openshift/release/create-release-branch.sh v0.4.1 release-0.4 +``` + +This will create a new branch "release-0.4" based off the tag "v0.4.1" and add all OpenShift specific +files that we need to run CI on top of it. + +### Updating the release-next branch that follow upstream's HEAD + +To update a branch to the latest HEAD of upstream use the `update-to-head.sh` script: + +```bash +$ ./openshift/release/update-to-head.sh +``` + +That will pull the latest master from upstream, rebase the current fixes on the release-next branch +on top of it, update the Openshift specific files if necessary, and then trigger CI. \ No newline at end of file diff --git a/openshift/release/create-release-branch.sh b/openshift/release/create-release-branch.sh new file mode 100755 index 0000000000..73bb4a41da --- /dev/null +++ b/openshift/release/create-release-branch.sh @@ -0,0 +1,136 @@ +#!/usr/bin/env bash + +# Synchs the OPERATOR_MIDSTREAM_BRANCH branch to master and then triggers CI +# Usage: update-to-head.sh + +set -ex +OPENSHIFT_REMOTE=${OPENSHIFT_REMOTE:-openshift} +OPERATOR_UPSTREAM_BRANCH=${OPERATOR_UPSTREAM_BRANCH:-main} +OPERATOR_MIDSTREAM_BRANCH=${OPERATOR_MIDSTREAM_BRANCH:-release-next} +PIPELINE_VERSION=${PIPELINE_VERSION:-nightly} #0.28.2 +TRIGGERS_VERSION=${TRIGGERS_VERSION:-nightly} #0.16.0 +CATALOG_RELEASE_BRANCH=${CATALOG_RELEASE_BRANCH:-release-next} #release-v0.24 +# RHOSP (Red Hat OpenShift Pipelines) +# RHOSP_VERSION=${RHOSP_VERSION:-$(date +"%Y.%-m.%-d")-nightly} +RHOSP_VERSION=${RHOSP_VERSION:-1.6.0} # we need to keep this constant for now as, we cannot push generated csv on a daily basis (NT) +RHOSP_PREVIOUS_VERSION=${RHOSP_PREVIOUS_VERSION:-1.5.2} +OLM_SKIP_RANGE=${OLM_SKIP_RANGE:-\'>=1.5.0 <1.6.0\'} +LOCALLY_MANAGED_CLUSTERTASKS=(buildah openshift-client) + +function get_locally_managed_tasks() { + # The fetch task script will not pull LOCALLY_MANAGED_CLUSTERTASKS tasks task from github repository + # as we have have made modifications in these tasks in operator repository + # This function will preserve these tasks from the previous release (clusterTask payload) + + src_dir="cmd/openshift/operator/kodata/tekton-addon/1.5.0/addons/02-clustertasks" + dest_dir="cmd/openshift/operator/kodata/tekton-addon/${RHOSP_VERSION}/addons/02-clustertasks" + echo $dest_dir + for ct in ${LOCALLY_MANAGED_CLUSTERTASKS[*]}; do + echo "copying clustertask: $ct" + + ct_src_dir=${src_dir}/${ct} + ct_dest_dir=${dest_dir}/${ct} + mkdir -p ${ct_dest_dir} || true + + ct_filename=${ct}-task.yaml + ct_src_filepath=${ct_src_dir}/${ct_filename} + ct_dest_filepath=${ct_dest_dir}/${ct_filename} + + cp ${ct_src_filepath} ${ct_dest_filepath} + + version_suffix="${RHOSP_VERSION//./-}" + ct_versioned_filename=${ct}-${version_suffix}-task.yaml + ct_versioned_dest_filepath=${ct_dest_dir}/${ct_versioned_filename} + + # create clustertask copy with versioned clustertask name (eg: name: buildah-1-6-0 from name: buildah) + sed \ + -e "s|^\(\s\+name:\)\s\+\("${ct}"\)|\1 \2-${version_suffix}|g" \ + ${ct_dest_filepath} > "${ct_versioned_dest_filepath}" + done +} + +# copy all addon other than clustertasks into the nightly addon payload directory +function copy_static_addon_resources() { + src_version=${1} + dest_version=${2} + src_dir="cmd/openshift/operator/kodata/tekton-addon/${src_version}" + dest_dir="cmd/openshift/operator/kodata/tekton-addon/${dest_version}" + + cp -r ${src_dir}/optional ${dest_dir}/optional + + addons_dir_src=${src_dir}/addons + addons_dir_dest=${dest_dir}/addons + + for item in $(ls ${addons_dir_src} | grep -v 02-clustertasks); do + cp -r ${addons_dir_src}/${item} ${addons_dir_dest}/${item} + done + # copy rbac for clustertasks + cp ${addons_dir_src}/02-clustertasks/*.yaml ${addons_dir_dest}/02-clustertasks/ +} + +function set_version_label() { + operator_version=v${1} + sed -i -e 's/\(operator.tekton.dev\/release\): "devel"/\1: '${operator_version}'/g' -e 's/\(app.kubernetes.io\/version\): "devel"/\1: '${operator_version}'/g' -e 's/\(version\): "devel"/\1: '${operator_version}'/g' -e 's/\("-version"\), "devel"/\1, '${operator_version}'/g' config/base/*.yaml + sed -i -e 's/\(operator.tekton.dev\/release\): "devel"/\1: '${operator_version}'/g' -e 's/\(app.kubernetes.io\/version\): "devel"/\1: '${operator_version}'/g' -e 's/\(version\): "devel"/\1: '${operator_version}'/g' -e 's/\("-version"\), "devel"/\1, '${operator_version}'/g' config/openshift/base/*.yaml + sed -i -e 's/\(operator.tekton.dev\/release\): "devel"/\1: '${operator_version}'/g' -e 's/\(app.kubernetes.io\/version\): "devel"/\1: '${operator_version}'/g' -e 's/\(version\): "devel"/\1: '${operator_version}'/g' -e 's/\("-version"\), "devel"/\1, '${operator_version}'/g' config/openshift/overlays/default/*.yaml +} + +# add release specific patches +function apply_patches() { + mkdir -p openshift/patches || true + if [[ -d openshift/patches ]];then + for f in openshift/patches/*.patch;do + [[ -f ${f} ]] || continue + git am ${f} + done + fi +} + +# Reset ${OPERATOR_MIDSTREAM_BRANCH} to upstream/${OPERATOR_UPSTREAM_BRANCH}. +git fetch upstream ${OPERATOR_UPSTREAM_BRANCH} +git checkout upstream/${OPERATOR_UPSTREAM_BRANCH} --no-track -B ${OPERATOR_MIDSTREAM_BRANCH} + +# Update openshift's master and take all needed files from there. +git fetch ${OPENSHIFT_REMOTE} master +git checkout FETCH_HEAD openshift OWNERS_ALIASES OWNERS .tekton + +# Add payload +make get-releases TARGET='openshift' \ + PIPELINES=${PIPELINE_VERSION} \ + TRIGGERS=${TRIGGERS_VERSION} + +# copy locally managed tasks (eg: buildah, openshift-client) +get_locally_managed_tasks + +# pull tasks +./hack/openshift/update-tasks.sh ${CATALOG_RELEASE_BRANCH} cmd/openshift/operator/kodata/tekton-addon/${RHOSP_VERSION} ${RHOSP_VERSION} + +# add all other addons resources (clustertriggerbindings, consoleclidownload ...) +# from 1.5.0 dir (https://github.com/tektoncd/operator/tree/f2113b6092a4cb24ad2efd3c005fe97480070a00/cmd/openshift/operator/kodata/tekton-addon/1.5.0) +# TODO: move all addons into tekton-addon witout the version subdirectory +copy_static_addon_resources 1.5.0 ${RHOSP_VERSION} + +# set operator version in operator resources +set_version_label ${RHOSP_VERSION} + +git add openshift OWNERS_ALIASES OWNERS cmd/openshift/operator/kodata config operatorhub/openshift +git commit -m ":open_file_folder: Update openshift specific files." + +apply_patches + +# generate csv +export BUNDLE_ARGS="--workspace operatorhub/openshift \ + --operator-release-version ${RHOSP_VERSION} \ + --channels stable,preview \ + --default-channel stable \ + --fetch-strategy-local \ + --upgrade-strategy-replaces \ + --operator-release-previous-version ${RHOSP_PREVIOUS_VERSION} \ + --olm-skip-range ${OLM_SKIP_RANGE}" +rm -rf operatorhub/openshift/release-artifacts/bundle || true +make operator-bundle + +git add openshift OWNERS_ALIASES OWNERS cmd/openshift/operator/kodata config operatorhub/openshift +git commit -m ":open_file_folder: Update openshift operator bundle." + +git push -f ${OPENSHIFT_REMOTE} ${OPERATOR_MIDSTREAM_BRANCH} diff --git a/openshift/release/cron-nightly-ci-run.yaml b/openshift/release/cron-nightly-ci-run.yaml new file mode 100644 index 0000000000..663e11d5e9 --- /dev/null +++ b/openshift/release/cron-nightly-ci-run.yaml @@ -0,0 +1,20 @@ +apiVersion: batch/v1beta1 +kind: CronJob +metadata: + name: pipelines-operator-nightly-ci-run +spec: + failedJobsHistoryLimit: 1 + successfulJobsHistoryLimit: 1 + concurrencyPolicy: Replace + schedule: "0 0 * * *" + startingDeadlineSeconds: 200 + jobTemplate: + spec: + template: + spec: + serviceAccountName: tkn-aac-sa + containers: + - name: cleanup + image: quay.io/openshift/origin-cli:4.6 + command: ["/bin/bash", "-c", "kubectl delete pipelinerun pipelines-operator-nightly || true;kubectl create -f https://raw.githubusercontent.com/openshift/tektoncd-operator/master/openshift/release/nightly-ci-run.yaml"] + restartPolicy: Never diff --git a/openshift/release/nightly-ci-run.yaml b/openshift/release/nightly-ci-run.yaml new file mode 100644 index 0000000000..dd1d8fd3d9 --- /dev/null +++ b/openshift/release/nightly-ci-run.yaml @@ -0,0 +1,107 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: PipelineRun +metadata: + name: pipelines-operator-nightly +spec: + pipelineSpec: + workspaces: + - name: source + tasks: + - name: fetch-repository + taskRef: + name: git-clone + workspaces: + - name: output + workspace: source + params: + - name: url + value: https://github.com/openshift/tektoncd-operator + - name: revision + value: master + - name: subdirectory + value: "" + - name: deleteExisting + value: "true" + - name: create-pr + runAfter: + - fetch-repository + workspaces: + - workspace: source + name: source + taskSpec: + workspaces: + - name: source + steps: + - name: create-pr + workingDir: $(workspaces.source.path) + env: + - name: HUB_VERSION + value: "true" + - name: GITHUB_TOKEN + valueFrom: + secretKeyRef: + name: nightly-ci-github-hub-token + key: hub-token + image: gcr.io/tekton-releases/dogfooding/hub:latest + script: | + #!/usr/bin/env bash + set -xe + + # TODO: oct 04, 2021 | NT: separate make steps and hub steps into separate tasks + apk add make || true # add this true or remove -x from this script + apk add curl || true # add this true or remove -x from this script + apk add --no-cache python3 py3-pip || true + pip3 install pyyaml + + # Configure git email and name + git config user.email "pipelines-dev@redhat.com" + git config user.name "OpenShift Pipelines" + + ## Make sure we can push to the branch with our GITHUB_TOKEN (disable logging to not leak) + set +x + git remote add upstream $(echo "https://github.com/tektoncd/operator.git"|sed "s,https://github.com/,https://${GITHUB_TOKEN}@github.com/,") + git remote add openshift $(echo "https://github.com/openshift/tektoncd-operator.git"|sed "s,https://github.com/,https://${GITHUB_TOKEN}@github.com/,") + set -x + # Launch script + [ -d .bin ] || mkdir .bin + openshift/release/update-to-head.sh + finally: + - name: finally + taskSpec: + steps: + - name: send-to-slack + env: + - name: SLACK_WEBHOOK_URL + valueFrom: + secretKeyRef: + name: slack-tektoncd-operator-ci-webhook + key: hook_url + - name: PIPELINERUN + valueFrom: + fieldRef: + fieldPath: metadata.labels['tekton.dev/pipelineRun'] + - name: LABEL_TO_CHECK + value: "nightly-ci" + - name: SUCCESS_URL_ICON + value: "https://github.com/tektoncd.png" + - name: FAILURE_URL_ICON + value: "https://user-images.githubusercontent.com/4288561/114842214-eecf6c80-9dd8-11eb-8924-86288b1a501c.jpeg" + - name: SUCCESS_SUBJECT + value: "Tektoncd Operator CI nightly sync with upstream ran successfully :pipelines: :dance_cat: :yay2:" + - name: FAILURE_SUBJECT + value: "Tektoncd Operator CI nightly sync with upstream has failed :pipeline: :sadparrot: :failed:" + - name: LOG_URL + value: "https://console-openshift-console.apps.cicd.tekton.codereadyqe.com/k8s/ns/nightly-ci/tekton.dev~v1beta1~PipelineRun/pipelines-operator-nightly" + + image: quay.io/chmouel/tekton-asa-code:latest + command: [ "/code/misc/send-slack-notifications.py" ] + workspaces: + - name: source + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 500Mi diff --git a/openshift/release/update-to-head.sh b/openshift/release/update-to-head.sh new file mode 100755 index 0000000000..ddf367a58c --- /dev/null +++ b/openshift/release/update-to-head.sh @@ -0,0 +1,111 @@ +#!/usr/bin/env bash + +# Synchs the release-next branch to master and then triggers CI +# Usage: update-to-head.sh + +set -ex +OPENSHIFT_REMOTE=${OPENSHIFT_REMOTE:-openshift} +PIPELINE_VERSION=${PIPELINE_VERSION:-nightly} +TRIGGERS_VERSION=${TRIGGERS_VERSION:-nightly} +CATALOG_RELEASE_BRANCH=${CATALOG_RELEASE_BRANCH:-release-next} +# RHOSP (Red Hat OpenShift Pipelines) +# RHOSP_VERSION=${RHOSP_VERSION:-$(date +"%Y.%-m.%-d")-nightly} +RHOSP_VERSION=${RHOSP_VERSION:-1.6.0} # we need to keep this constant for now as, we cannot push generated csv on a daily basis (NT) +RHOSP_PREVIOUS_VERSION=${RHOSP_PREVIOUS_VERSION:-1.5.2} +OLM_SKIP_RANGE=${OLM_SKIP_RANGE:-\'>=1.5.0 <1.6.0\'} +LABEL=nightly-ci + +function get_buildah_task() { +# The fetch task script will not pull buildah task from github repository +# as we have have made modifications in the buildah task in operator repository +# This function will preserve the buildah task from the previous release (clusterTask payload) + buildah_dest_dir="cmd/openshift/operator/kodata/tekton-addon/${RHOSP_VERSION}/addons/02-clustertasks/buildah" + mkdir -p ${buildah_dest_dir} || true + task_path=${buildah_dest_dir}/buildah-task.yaml + version_suffix="${RHOSP_VERSION//./-}" + task_version_path=${buildah_dest_dir}/buildah-${version_suffix}-task.yaml + + cp -r cmd/openshift/operator/kodata/tekton-addon/1.5.0/addons/02-clustertasks/buildah/buildah-task.yaml ${buildah_dest_dir} + sed \ + -e "s|^\(\s\+name:\)\s\+\(buildah\)|\1 \2-$RHOSP_VERSION|g" \ + $task_path > "$task_version_path" +} + +# copy all addon other than clustertasks into the nightly addon payload directory +function copy_static_addon_resources() { + src_version=${1} + dest_version=${2} + src_dir="cmd/openshift/operator/kodata/tekton-addon/${src_version}" + dest_dir="cmd/openshift/operator/kodata/tekton-addon/${dest_version}" + + cp -r ${src_dir}/optional ${dest_dir}/optional + + addons_dir_src=${src_dir}/addons + addons_dir_dest=${dest_dir}/addons + + for item in $(ls ${addons_dir_src} | grep -v 02-clustertasks); do + cp -r ${addons_dir_src}/${item} ${addons_dir_dest}/${item} + done +} + +# Reset release-next to upstream/main. +git fetch upstream main +git checkout upstream/main --no-track -B release-next + +# Update openshift's master and take all needed files from there. +git fetch ${OPENSHIFT_REMOTE} master +git checkout FETCH_HEAD openshift OWNERS_ALIASES OWNERS .tekton + +# Add payload +make get-releases TARGET='openshift' \ + PIPELINES=${PIPELINE_VERSION} \ + TRIGGERS=${TRIGGERS_VERSION} + +# handle buildah task separately +get_buildah_task +# pull tasks +./hack/openshift/update-tasks.sh ${CATALOG_RELEASE_BRANCH} cmd/openshift/operator/kodata/tekton-addon/${RHOSP_VERSION} ${RHOSP_VERSION} + +# add all other addons resources (clustertriggerbindings, consoleclidownload ...) +# from 1.5.0 dir (https://github.com/tektoncd/operator/tree/f2113b6092a4cb24ad2efd3c005fe97480070a00/cmd/openshift/operator/kodata/tekton-addon/1.5.0) +# TODO: move all addons into tekton-addon witout the version subdirectory +copy_static_addon_resources 1.5.0 ${RHOSP_VERSION} + +# generate csv +BUNDLE_ARGS="--workspace operatorhub/openshift \ + --operator-release-version ${RHOSP_VERSION} \ + --channels stable,preview \ + --default-channel stable \ + --fetch-strategy-local \ + --upgrade-strategy-replaces \ + --operator-release-previous-version ${RHOSP_PREVIOUS_VERSION} \ + --olm-skip-range ${OLM_SKIP_RANGE}" + +make operator-bundle + +git add openshift OWNERS_ALIASES OWNERS cmd/openshift/operator/kodata operatorhub/openshift +git commit -m ":open_file_folder: Update openshift specific files." + +git push -f ${OPENSHIFT_REMOTE} release-next + +# Trigger CI +git checkout release-next -B release-next-ci +date > ci +git add ci +git commit -m ":robot: Triggering CI on branch 'release-next' after synching to upstream/master" +git push -f ${OPENSHIFT_REMOTE} release-next-ci + +# removing upstream remote so that hub points origin for hub pr list command due to this issue https://github.com/github/hub/issues/1973 +git remote remove upstream +already_open_github_issue_id=$(hub pr list -s open -f "%I %l%n"|grep ${LABEL}| awk '{print $1}'|head -1) +[[ -n ${already_open_github_issue_id} ]] && { + echo "PR for nightly is already open on #${already_open_github_issue_id}" + #hub api repos/${OPENSHIFT_ORG}/${REPO_NAME}/issues/${already_open_github_issue_id}/comments -f body='/retest' + exit +} + +hub pull-request -m "🛑🔥 Triggering Nightly CI for ${REPO_NAME} 🔥🛑" -m "/hold" -m "Nightly CI do not merge :stop_sign:" \ + --no-edit -l "${LABEL}" -b ${OPENSHIFT_ORG}/${REPO_NAME}:release-next -h ${OPENSHIFT_ORG}/${REPO_NAME}:release-next-ci + +# This fix is required while running locally, otherwise your upstream remote is removed +git remote add upstream git@github.com:tektoncd/operator.git