mitchellh.com / tack
Stitch any CI into Tangled
151
fork

Configure Feed

Select the types of activity you want to include in your feed.

provider/tekton: support secret backed workspaces #14

open opened by
dsx.sh targeting main from dsx.sh/tack: main

Workspaces can be volumes in the case of 'data' or scratch space, or they can be secrets in the case of being able to access K8s secrets within the CI path. These workspaces do need to be defined during PipelineRun, so secrets should be available too.

Also added tests for the pipeline run with workspaces. Just basic unit tests, but it was straight forward enough to copy the others.

Labels

None yet.

assignee

None yet.

Participants 1
AT URI
at://did:plc:6so2rykrnjmzebbr2zbwbqbx/sh.tangled.repo.pull/3ml5643n4mh22
+72
Diff #0
+9
provider_tekton.go
··· 68 68 AccessModes []string `yaml:"access_modes"` 69 69 Storage *string `yaml:"storage"` 70 70 PVC *string `yaml:"pvc"` 71 + Secret *string `yaml:"secret"` 71 72 } 72 73 73 74 type tektonWorkflowDoc struct { ··· 305 306 "claimName": *ws.PVC, 306 307 }, 307 308 }) 309 + 310 + case ws.Secret != nil: 311 + workspaces = append(workspaces, map[string]any{ 312 + "name": ws.Name, 313 + "secret": map[string]any{ 314 + "secretName": *ws.Secret, 315 + }, 316 + }) 308 317 } 309 318 } 310 319
+63
provider_tekton_test.go
··· 78 78 } 79 79 } 80 80 81 + func TestTektonBuildPipelineRunWorkspaces(t *testing.T) { 82 + storage := "5Gi" 83 + pvc := "shared-cache" 84 + secret := "git-credentials" 85 + cfg := &tektonWorkflowConfig{ 86 + Pipeline: "repo-ci", 87 + Workspaces: []tektonWorkspaceConfig{ 88 + {Name: "scratch", AccessModes: []string{"ReadWriteOnce"}, Storage: &storage}, 89 + {Name: "cache", PVC: &pvc}, 90 + {Name: "git-auth", Secret: &secret}, 91 + }, 92 + } 93 + 94 + obj := buildTektonPipelineRun("ci", "run-1", cfg, 95 + "knot.example.com", "rkey-1", "did:plc:actor", "abcdef", "main", 96 + &tangled.Pipeline_Workflow{Name: "ci.yml"}, 97 + ) 98 + 99 + podTemplate, ok := obj.NestedMap("spec", "podTemplate") 100 + if !ok { 101 + t.Fatal("podTemplate missing for workspace-backed PipelineRun") 102 + } 103 + fsGroup, ok := k8s.NestedMap(podTemplate, "securityContext") 104 + if !ok || fsGroup["fsGroup"] != 65532 { 105 + t.Fatalf("podTemplate.securityContext = %+v", podTemplate) 106 + } 107 + 108 + workspaces, ok := obj.NestedSlice("spec", "workspaces") 109 + if !ok || len(workspaces) != 3 { 110 + t.Fatalf("workspaces = %+v", workspaces) 111 + } 112 + 113 + scratch, ok := workspaces[0].(map[string]any) 114 + if !ok { 115 + t.Fatalf("scratch workspace = %#v", workspaces[0]) 116 + } 117 + if scratch["name"] != "scratch" { 118 + t.Fatalf("scratch.name = %#v", scratch["name"]) 119 + } 120 + storageSpec, ok := k8s.NestedMap(scratch, "volumeClaimTemplate", "spec", "resources", "requests") 121 + if !ok || storageSpec["storage"] != "5Gi" { 122 + t.Fatalf("scratch volumeClaimTemplate = %+v", scratch) 123 + } 124 + 125 + cache, ok := workspaces[1].(map[string]any) 126 + if !ok { 127 + t.Fatalf("cache workspace = %#v", workspaces[1]) 128 + } 129 + claim, ok := k8s.NestedMap(cache, "persistentVolumeClaim") 130 + if !ok || claim["claimName"] != "shared-cache" { 131 + t.Fatalf("cache persistentVolumeClaim = %+v", cache) 132 + } 133 + 134 + gitAuth, ok := workspaces[2].(map[string]any) 135 + if !ok { 136 + t.Fatalf("git-auth workspace = %#v", workspaces[2]) 137 + } 138 + secretRef, ok := k8s.NestedMap(gitAuth, "secret") 139 + if !ok || secretRef["secretName"] != "git-credentials" { 140 + t.Fatalf("git-auth secret = %+v", gitAuth) 141 + } 142 + } 143 + 81 144 func TestTektonStatusMapping(t *testing.T) { 82 145 tests := []struct { 83 146 name string

History

1 round 0 comments
sign up or login to add to the discussion
dsx.sh submitted #0
1 commit
expand
96f6332a
provider/tekton: support secret backed workspaces
merge conflicts detected
expand
  • provider_tekton.go:68
expand 0 comments