mitchellh.com / tack
Stitch any CI into Tangled
151
fork

Configure Feed

Select the types of activity you want to include in your feed.

provider/tekton: support secret backed workspaces

authored by

Dylan Shepard and committed by
Tangled e230c45f 76936a20

+72
+9
provider_tekton.go
··· 68 68 AccessModes []string `yaml:"access_modes"` 69 69 Storage *string `yaml:"storage"` 70 70 PVC *string `yaml:"pvc"` 71 + Secret *string `yaml:"secret"` 71 72 } 72 73 73 74 type tektonWorkflowDoc struct { ··· 303 304 "name": ws.Name, 304 305 "persistentVolumeClaim": map[string]any{ 305 306 "claimName": *ws.PVC, 307 + }, 308 + }) 309 + 310 + case ws.Secret != nil: 311 + workspaces = append(workspaces, map[string]any{ 312 + "name": ws.Name, 313 + "secret": map[string]any{ 314 + "secretName": *ws.Secret, 306 315 }, 307 316 }) 308 317 }
+63
provider_tekton_test.go
··· 78 78 } 79 79 } 80 80 81 + func TestTektonBuildPipelineRunWorkspaces(t *testing.T) { 82 + storage := "5Gi" 83 + pvc := "shared-cache" 84 + secret := "git-credentials" 85 + cfg := &tektonWorkflowConfig{ 86 + Pipeline: "repo-ci", 87 + Workspaces: []tektonWorkspaceConfig{ 88 + {Name: "scratch", AccessModes: []string{"ReadWriteOnce"}, Storage: &storage}, 89 + {Name: "cache", PVC: &pvc}, 90 + {Name: "git-auth", Secret: &secret}, 91 + }, 92 + } 93 + 94 + obj := buildTektonPipelineRun("ci", "run-1", cfg, 95 + "knot.example.com", "rkey-1", "did:plc:actor", "abcdef", "main", 96 + &tangled.Pipeline_Workflow{Name: "ci.yml"}, 97 + ) 98 + 99 + podTemplate, ok := obj.NestedMap("spec", "podTemplate") 100 + if !ok { 101 + t.Fatal("podTemplate missing for workspace-backed PipelineRun") 102 + } 103 + fsGroup, ok := k8s.NestedMap(podTemplate, "securityContext") 104 + if !ok || fsGroup["fsGroup"] != 65532 { 105 + t.Fatalf("podTemplate.securityContext = %+v", podTemplate) 106 + } 107 + 108 + workspaces, ok := obj.NestedSlice("spec", "workspaces") 109 + if !ok || len(workspaces) != 3 { 110 + t.Fatalf("workspaces = %+v", workspaces) 111 + } 112 + 113 + scratch, ok := workspaces[0].(map[string]any) 114 + if !ok { 115 + t.Fatalf("scratch workspace = %#v", workspaces[0]) 116 + } 117 + if scratch["name"] != "scratch" { 118 + t.Fatalf("scratch.name = %#v", scratch["name"]) 119 + } 120 + storageSpec, ok := k8s.NestedMap(scratch, "volumeClaimTemplate", "spec", "resources", "requests") 121 + if !ok || storageSpec["storage"] != "5Gi" { 122 + t.Fatalf("scratch volumeClaimTemplate = %+v", scratch) 123 + } 124 + 125 + cache, ok := workspaces[1].(map[string]any) 126 + if !ok { 127 + t.Fatalf("cache workspace = %#v", workspaces[1]) 128 + } 129 + claim, ok := k8s.NestedMap(cache, "persistentVolumeClaim") 130 + if !ok || claim["claimName"] != "shared-cache" { 131 + t.Fatalf("cache persistentVolumeClaim = %+v", cache) 132 + } 133 + 134 + gitAuth, ok := workspaces[2].(map[string]any) 135 + if !ok { 136 + t.Fatalf("git-auth workspace = %#v", workspaces[2]) 137 + } 138 + secretRef, ok := k8s.NestedMap(gitAuth, "secret") 139 + if !ok || secretRef["secretName"] != "git-credentials" { 140 + t.Fatalf("git-auth secret = %+v", gitAuth) 141 + } 142 + } 143 + 81 144 func TestTektonStatusMapping(t *testing.T) { 82 145 tests := []struct { 83 146 name string