Fancy ci/cd system / task runner with a hard dependency on k8s.
Why would you want to run it?
You want to declaritvely manage your entire setup so
kustomize build | kubectl apply -f - will have your entire build system setup.
taskruns and pipelineruns are implemented as pods which are left in exited state after completion. keep them to keep the logs, but they clutter up your namespace
array params are mostly useless, a lot of the time you need to pass them into a bash script / inline json and it's easier to just use a string
secrets can only be mounted as files so you have to invoke a shell and do $(cat path/to/secret)
persistent volumes (for volumes) are finicky, they keep state between executions and is shared between all of them, no clean slate. not even sure is readwriteonce is respected
the interceptors (including cel) are super limited and you will almost immediately want to run your own deployment for a webhook interceptor. (ex you can't do replaceall, split-join...)
it's supposed to be reuseable, but i seriously doubt it
el-<name of event listener> 1apiVersion: traefik.containo.us/v1alpha1
2kind: IngressRoute
3metadata:
4 name: simple-el
5spec:
6 entryPoints:
7 - https
8 routes:
9 - kind: Rule
10 match: Host(`build.seankhliao.com`)
11 services:
12 - kind: Service
13 name: el-simple-el
14 namespace: build
15 port: 8080
16 tls: {}
17---
18apiVersion: triggers.tekton.dev/v1alpha1
19kind: EventListener
20metadata:
21 name: simple-el
22spec:
23 serviceAccountName: tekton-triggers-admin
24 triggers:
25 - name: simple-container
26 interceptors:
27 - github:
28 secretRef:
29 secretName: github-webhook-token
30 secretKey: shared
31 eventTypes:
32 - cel:
33 filter: "header.match('X-GitHub-Event', 'push') && (split(body.ref, '/')[1] == 'tags') && (body.repository.name in ['calproxy', 'goproxy', 'http-server', 'statslogger', 'vanity', 'webstyle'])"
34 overlays:
35 - key: extensions.tag_name
36 expression: "split(body.ref, '/')[2]"
37 - key: extensions.mangledtag
38 expression: "split(split(body.ref, '/')[2], '.')[0]+'-'+split(split(body.ref, '/')[2], '.')[1]+'-'+split(split(body.ref, '/')[2], '.')[2]"
39 bindings:
40 - name: simple-container
41 template:
42 name: simple-container
map of json to params
1apiVersion: triggers.tekton.dev/v1alpha1
2kind: TriggerBinding
3metadata:
4 name: simple-container
5spec:
6 params:
7 # https://developer.github.com/v3/activity/events/types/#pushevent
8 - name: url
9 value: $(body.repository.clone_url)
10 - name: revision
11 value: $(body.extensions.tag_name)
12 - name: image
13 value: $(body.repository.name)
14 - name: mangledtag
15 value: $(body.extensions.mangledtag)
1apiVersion: triggers.tekton.dev/v1alpha1
2kind: TriggerTemplate
3metadata:
4 name: simple-container
5spec:
6 params:
7 - name: url
8 description: The git repository url
9 - name: revision
10 description: The git revision
11 - name: image
12 description: container image name
13 - name: mangledtag
14 description: used in naming
15 default: $(uid)
16 resourcetemplates:
17 - apiVersion: tekton.dev/v1beta1
18 kind: PipelineRun
19 metadata:
20 name: z-$(params.image)-$(params.mangledtag)
21 spec:
22 serviceAccountName: build-bot
23 pipelineSpec:
24 workspaces:
25 - name: src
26 tasks:
27 - name: clone
28 taskRef:
29 name: git-clone
30 params:
31 - name: url
32 value: $(params.url)
33 - name: revision
34 value: $(params.revision)
35 workspaces:
36 - name: src
37 workspace: src
38 - name: build
39 taskRef:
40 name: kaniko
41 runAfter:
42 - clone
43 params:
44 - name: image
45 value: seankhliao/$(params.image)
46 - name: tag
47 value: $(params.revision)
48 workspaces:
49 - name: src
50 workspace: src
51 workspaces:
52 - name: src
53 persistentVolumeClaim:
54 claimName: simple-container
55---
56apiVersion: v1
57kind: PersistentVolumeClaim
58metadata:
59 name: simple-container
60spec:
61 accessModes:
62 - ReadWriteOnce
63 resources:
64 requests:
65 storage: 1Gi