mitchellh.com / tack
Stitch any CI into Tangled
151
fork

Configure Feed

Select the types of activity you want to include in your feed.

provider/tekton: add tangled metadata as params and workspace config #12

open opened by
xeiaso.net targeting main from xeiaso.net/tack: main

Hey, thanks for making this! It's helping me move off of GitHub. I'm not totally sure how to best upstream this, your input in how I should amend these commits for productionalization would be very appreciated.

This changeset adds workspace config and passing CI metadata to tekton pipelines including the commit, actor, and branch.

This allows you to do tests against the individual commit being operated against instead of just the most recent commit on HEAD. These are a no-op when pipelines do not use these parameters.

Example usage:

steps:
- name: git-clone
  image: reg.xeiaso.net/xe/x/git:latest
  script: |
    set -euo pipefail
    git clone $(params.url) /workspace/repo-data/repo
    cd /workspace/repo-data/repo
    git checkout $(params.commit)

This also adds pipeline configuration for workspaces:

tack:
  tekton:
    pipeline: kefka-build-test
    workspaces:
      - name: repo-data
        access_modes: ["ReadWriteOnce"]
        storage: 1Gi
      - name: go-mod-cache
        pvc: go-mod-cache
Labels

None yet.

assignee

None yet.

Participants 1
AT URI
at://did:plc:e5nncb3dr5thdkjir5cfaqfe/sh.tangled.repo.pull/3ml36zh2epx22
+99 -22
Diff #0
+73 -7
provider_tekton.go
··· 54 54 55 55 56 56 57 + // runner and pass a small amount of routing data, not mirror Tekton's 58 + // entire PipelineRun API. 59 + type tektonWorkflowConfig struct { 60 + Pipeline string `yaml:"pipeline"` 61 + ServiceAccount string `yaml:"service_account"` 62 + Params map[string]string `yaml:"params"` 63 + Workspaces []tektonWorkspaceConfig `yaml:"workspaces"` 64 + } 65 + 66 + type tektonWorkspaceConfig struct { 67 + Name string `yaml:"name"` 68 + AccessModes []string `yaml:"access_modes"` 69 + Storage *string `yaml:"storage"` 70 + PVC *string `yaml:"pvc"` 71 + } 57 72 73 + type tektonWorkflowDoc struct { 58 74 59 75 60 76 ··· 234 250 235 251 236 252 253 + "pipelineRef": map[string]any{ 254 + "name": cfg.Pipeline, 255 + }, 256 + "params": []any{ 257 + map[string]any{ 258 + "name": "commit", 259 + "value": commit, 260 + }, 261 + map[string]any{ 262 + "name": "branch", 263 + "value": branch, 264 + }, 265 + map[string]any{ 266 + "name": "actor", 267 + "value": actor, 268 + }, 269 + }, 270 + }, 271 + } 237 272 273 + spec := obj["spec"].(map[string]any) 238 274 275 + if len(cfg.Workspaces) != 0 { 276 + spec["podTemplate"] = map[string]any{ 277 + "securityContext": map[string]any{ 278 + "fsGroup": 65532, 279 + }, 280 + } 239 281 282 + workspaces := []any{} 240 283 284 + for _, ws := range cfg.Workspaces { 285 + switch { 286 + case ws.Storage != nil: 287 + workspaces = append(workspaces, map[string]any{ 288 + "name": ws.Name, 289 + "volumeClaimTemplate": map[string]any{ 290 + "spec": map[string]any{ 291 + "accessModes": ws.AccessModes, 292 + "resources": map[string]any{ 293 + "requests": map[string]any{ 294 + "storage": *ws.Storage, 295 + }, 296 + }, 297 + }, 298 + }, 299 + }) 300 + 301 + case ws.PVC != nil: 302 + workspaces = append(workspaces, map[string]any{ 303 + "name": ws.Name, 304 + "persistentVolumeClaim": map[string]any{ 305 + "claimName": *ws.PVC, 306 + }, 307 + }) 308 + } 309 + } 241 310 311 + spec["workspaces"] = workspaces 312 + } 242 313 243 - 244 - 245 - "pipelineRef": map[string]any{ 246 - "name": cfg.Pipeline, 247 - }, 248 - }, 314 + if cfg.ServiceAccount != "" { 315 + spec["serviceAccountName"] = cfg.ServiceAccount 249 316 } 250 - spec := obj["spec"].(map[string]any)
+26 -15
docs/tekton.md
··· 18 18 19 19 ## Required cluster setup 20 20 21 - * Tekton Pipelines is installed in the cluster. 22 - * Tack is deployed inside the same cluster. 23 - * The target Tekton `Pipeline` objects already exist in the namespace 21 + - Tekton Pipelines is installed in the cluster. 22 + - Tack is deployed inside the same cluster. 23 + - The target Tekton `Pipeline` objects already exist in the namespace 24 24 tack is configured to use. 25 - * Tack's Kubernetes service account has RBAC to: 26 - * create, get, list, and watch `tekton.dev` `pipelineruns` 27 - * get, list, and watch `tekton.dev` `taskruns` 28 - * get and list pods 29 - * get pod logs via `pods/log` 25 + - Tack's Kubernetes service account has RBAC to: 26 + - create, get, list, and watch `tekton.dev` `pipelineruns` 27 + - get, list, and watch `tekton.dev` `taskruns` 28 + - get and list pods 29 + - get pod logs via `pods/log` 30 30 31 31 Example RBAC: 32 32 ··· 53 53 54 54 ## Configure Tack 55 55 56 - | Env var | Description | 57 - | ------------------------ | --------------------------------------------------------- | 58 - | `TACK_TEKTON_ENABLED` | Set to `1` to enable the Tekton provider | 59 - | `TACK_TEKTON_NAMESPACE` | Namespace for created `PipelineRun`s (default `default`) | 56 + | Env var | Description | 57 + | ----------------------- | -------------------------------------------------------- | 58 + | `TACK_TEKTON_ENABLED` | Set to `1` to enable the Tekton provider | 59 + | `TACK_TEKTON_NAMESPACE` | Namespace for created `PipelineRun`s (default `default`) | 60 60 61 61 The provider uses Kubernetes in-cluster service account credentials. 62 62 It will not run from a local kubeconfig. ··· 65 65 66 66 There are three separate names: 67 67 68 - * Tack workflow name: the Tangled workflow filename/name, e.g. `ci.yml`. 68 + - Tack workflow name: the Tangled workflow filename/name, e.g. `ci.yml`. 69 69 This remains the Tangled-facing workflow identity in status records. 70 - * Tekton `Pipeline` name: the existing in-cluster pipeline definition, 70 + - Tekton `Pipeline` name: the existing in-cluster pipeline definition, 71 71 e.g. `repo-ci`. This is written to `spec.pipelineRef.name`. 72 - * Tekton `PipelineRun` name: generated by tack per trigger/workflow, 72 + - Tekton `PipelineRun` name: generated by tack per trigger/workflow, 73 73 e.g. `tack-ci-yml-<short-hash>`. This is the concrete execution 74 74 object tack watches and stores. 75 75 ··· 92 92 service_account: pipeline-runner 93 93 params: 94 94 image: example/app 95 + workspaces: 96 + - name: repo-data 97 + access_modes: ["ReadWriteOnce"] 98 + storage: 1Gi 99 + - name: go-mod-cache 100 + pvc: go-mod-cache 95 101 ``` 96 102 97 103 `params` are forwarded as string Tekton params. Tack also stores the ··· 99 105 `PipelineRun` annotations, so operators can inspect the Kubernetes 100 106 object and connect it back to the Tangled trigger. 101 107 108 + Workspaces correlate to 109 + [Tekton workspaces](https://tekton.dev/docs/pipelines/workspaces/) and 110 + are useful for creating a temporary PVC with git clones, intermediate 111 + build products, or other build artifacts. 112 + 102 113 ## Example Pipeline 103 114 104 115 ```yaml

History

1 round 0 comments
sign up or login to add to the discussion
xeiaso.net submitted #0
3 commits
expand
17f9a2dc
provider/tekton: add tangled metadata as params
4b5988eb
provider/tekton: add workspace config to tangled config
69ed7296
docs/tekton: update tekton docs with workspace config
merge conflicts detected
expand
  • provider_tekton.go:245
expand 0 comments