diff --git a/cmd/entrypoint/README.md b/cmd/entrypoint/README.md index 0df4be613c7..6f6b298aae8 100644 --- a/cmd/entrypoint/README.md +++ b/cmd/entrypoint/README.md @@ -5,6 +5,7 @@ wrapping it. In `tektoncd/pipeline` this is used to make sure `Task`'s steps are executed in order, or for sidecars. The following flags are available : + - `-entrypoint`: "original" command to be executed (as entrypoint). This will be executed as a sub-process on `entrypoint` - `-post_file`: file path to write once the sub-process has @@ -22,13 +23,13 @@ The following flags are available : The following example of usage for `entrypoint`, wait's for `/tekton/downward/ready` file to exists and have some content before executing `/ko-app/bash -- -args mkdir -p /workspace/git-resource`, -and will write to `/tekton/tools/0` in casse of succes, or +and will write to `/tekton/tools/0` in case of succes, or `/tekton/tools/0.err` in case of failure. -``` +```shell entrypoint \ - -wait_file /tekton/downward/ready \ - -post_file /tekton/tools/0" \ - -wait_file_content \ - -entrypoint /ko-app/bash -- -args mkdir -p /workspace/git-resource + -wait_file /tekton/downward/ready \ + -post_file /tekton/tools/0" \ + -wait_file_content \ + -entrypoint /ko-app/bash -- -args mkdir -p /workspace/git-resource ``` diff --git a/cmd/entrypoint/main.go b/cmd/entrypoint/main.go index ad13aaee3ff..33e6e9b151f 100644 --- a/cmd/entrypoint/main.go +++ b/cmd/entrypoint/main.go @@ -25,7 +25,6 @@ import ( "syscall" "time" - "github.com/tektoncd/pipeline/pkg/apis/pipeline" "github.com/tektoncd/pipeline/pkg/entrypoint" ) @@ -54,13 +53,6 @@ func main() { PostWriter: &realPostWriter{}, Results: strings.Split(*results, ","), } - // strings.Split(..) with an empty string returns an array that contains one element, an empty string. - // The result folder should only be created if there are actual results to defined for the entrypoint. - if len(e.Results) >= 1 && e.Results[0] != "" { - if err := os.MkdirAll(pipeline.DefaultResultPath, 0755); err != nil { - log.Fatalf("Error creating the results directory: %v", err) - } - } if err := e.Go(); err != nil { switch t := err.(type) { case skipError: diff --git a/examples/pipelineruns/task_results_example_user.yaml b/examples/pipelineruns/task_results_example_user.yaml new file mode 100644 index 00000000000..9d20e3ae648 --- /dev/null +++ b/examples/pipelineruns/task_results_example_user.yaml @@ -0,0 +1,97 @@ +apiVersion: tekton.dev/v1alpha1 +kind: Pipeline +metadata: + name: sum-and-multiply-pipeline-user +spec: + params: + - name: a + type: string + default: "1" + - name: b + type: string + default: "1" + tasks: + - name: sum-inputs + taskRef: + name: sum-user + params: + - name: a + value: "$(params.a)" + - name: b + value: "$(params.b)" + - name: multiply-inputs + taskRef: + name: multiply-user + params: + - name: a + value: "$(params.a)" + - name: b + value: "$(params.b)" + - name: sum-and-multiply + taskRef: + name: sum-user + params: + - name: a + value: "$(tasks.multiply-inputs.results.product)$(tasks.sum-inputs.results.sum)" + - name: b + value: "$(tasks.multiply-inputs.results.product)$(tasks.sum-inputs.results.sum)" +--- +apiVersion: tekton.dev/v1alpha1 +kind: Task +metadata: + name: sum-user + annotations: + description: | + A simple task that sums the two provided integers +spec: + inputs: + params: + - name: a + type: string + default: "1" + description: The first integer + - name: b + type: string + default: "1" + description: The second integer + results: + - name: sum + description: The sum of the two provided integers + steps: + - name: sum + image: bash:latest + script: | + #!/usr/bin/env bash + echo -n $(( "$(inputs.params.a)" + "$(inputs.params.b)" )) | tee $(results.sum.path) + securityContext: + runAsUser: 1000 +--- +apiVersion: tekton.dev/v1alpha1 +kind: Task +metadata: + name: multiply-user + annotations: + description: | + A simple task that multiplies the two provided integers +spec: + inputs: + params: + - name: a + type: string + default: "1" + description: The first integer + - name: b + type: string + default: "1" + description: The second integer + results: + - name: product + description: The product of the two provided integers + steps: + - name: product + image: bash:latest + script: | + #!/usr/bin/env bash + echo -n $(( "$(inputs.params.a)" * "$(inputs.params.b)" )) | tee $(results.product.path) + securityContext: + runAsUser: 1000 diff --git a/pkg/pod/pod.go b/pkg/pod/pod.go index 1cb6ca15d35..417e7aca534 100644 --- a/pkg/pod/pod.go +++ b/pkg/pod/pod.go @@ -34,6 +34,9 @@ import ( const ( homeDir = "/tekton/home" + // ResultsDir is the folder used by default to create the results file + ResultsDir = "/tekton/results" + featureFlagConfigMapName = "feature-flags" featureFlagDisableHomeEnvKey = "disable-home-env-overwrite" featureFlagDisableWorkingDirKey = "disable-working-directory-overwrite" @@ -58,6 +61,9 @@ var ( }, { Name: "tekton-internal-home", MountPath: homeDir, + }, { + Name: "tekton-internal-results", + MountPath: ResultsDir, }} implicitVolumes = []corev1.Volume{{ Name: "tekton-internal-workspace", @@ -65,6 +71,9 @@ var ( }, { Name: "tekton-internal-home", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{}}, + }, { + Name: "tekton-internal-results", + VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{}}, }} ) @@ -94,6 +103,11 @@ func MakePod(images pipeline.Images, taskRun *v1alpha1.TaskRun, taskSpec v1alpha volumes = append(volumes, secretsVolumes...) } + // make tekton results folder writable by any user + if makeTektonFolderWritableInit := makeTektonResultsFolderWritable(images.ShellImage, implicitVolumeMounts); makeTektonFolderWritableInit != nil { + initContainers = append(initContainers, *makeTektonFolderWritableInit) + } + // Merge step template with steps. // TODO(#1605): Move MergeSteps to pkg/pod steps, err := v1alpha1.MergeStepsWithStepTemplate(taskSpec.StepTemplate, taskSpec.Steps) @@ -253,7 +267,7 @@ func MakePod(images pipeline.Images, taskRun *v1alpha1.TaskRun, taskSpec v1alpha }, nil } -// makeLabels constructs the labels we will propagate from TaskRuns to Pods. +// MakeLabels constructs the labels we will propagate from TaskRuns to Pods. func MakeLabels(s *v1alpha1.TaskRun) map[string]string { labels := make(map[string]string, len(s.ObjectMeta.Labels)+1) // NB: Set this *before* passing through TaskRun labels. If the TaskRun diff --git a/pkg/pod/tekton_folder_writable.go b/pkg/pod/tekton_folder_writable.go new file mode 100644 index 00000000000..054a64e13ca --- /dev/null +++ b/pkg/pod/tekton_folder_writable.go @@ -0,0 +1,32 @@ +/* +Copyright 2019 The Tekton Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package pod + +import ( + corev1 "k8s.io/api/core/v1" +) + +// makeTektonResultsFolderWritable returns a Container that make the tekton folder writable by any user. +func makeTektonResultsFolderWritable(shellImage string, volumeMounts []corev1.VolumeMount) *corev1.Container { + return &corev1.Container{ + Name: "tekton-results-folder-writable", + Image: shellImage, + Command: []string{"sh"}, + Args: []string{"-c", "chmod 777 " + ResultsDir}, + VolumeMounts: volumeMounts, + } +}