Skip to content
Snippets Groups Projects
Commit 1f14989e authored by Jason Zaman's avatar Jason Zaman
Browse files

Add Tekton pipeline configs

parent 391afdb3
No related branches found
No related tags found
No related merge requests found
---
apiVersion: tekton.dev/v1alpha1
kind: Pipeline
metadata:
name: build-pipeline
namespace: sig-build
spec:
resources:
- name: source-repo
type: git
- name: image-webhook
type: image
- name: image-linuxcpu
type: image
tasks:
- name: build-webhook-validator
taskRef:
name: build-image
params:
- name: dockerfile
value: Dockerfile
- name: context-path
value: /workspace/workspace/webhook
resources:
inputs:
- name: workspace
resource: source-repo
outputs:
- name: built-image
resource: image-webhook
- name: build-image-linux-cpu
taskRef:
name: build-image
params:
- name: dockerfile
value: Dockerfile.linux.cpu
- name: context-path
value: /workspace/workspace/images
resources:
inputs:
- name: workspace
resource: source-repo
outputs:
- name: built-image
resource: image-linuxcpu
---
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kaniko-push
namespace: sig-build
secrets:
- name: kaniko-push
---
# Builds an image via kaniko and pushes it to registry.
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: build-image
namespace: sig-build
spec:
inputs:
resources:
- name: workspace
type: git
params:
- name: dockerfile
description: The path to the Dockerfile to build
default: Dockerfile
- name: context-path
description: The build context used by Kaniko (https://github.com/GoogleContainerTools/kaniko#kaniko-build-contexts)
default: /workspace/workspace/images
outputs:
resources:
- name: built-image
type: image
steps:
- name: build-and-push
image: gcr.io/kaniko-project/executor:v0.15.0
args:
- --dockerfile=$(inputs.params.context-path)/$(inputs.params.dockerfile)
- --destination=$(outputs.resources.built-image.url)
- --context=$(inputs.params.context-path)
- --oci-layout-path=$(inputs.resources.built-image.path)
- --reproducible
env:
- name: DOCKER_CONFIG # specifying DOCKER_CONFIG is required to allow kaniko to detect docker credential
value: /builder/home/.docker/
securityContext:
runAsUser: 0
sidecars:
- image: registry
name: registry
---
---
apiVersion: tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
name: build-triggertemplate
namespace: sig-build
spec:
params:
- name: gitrevision
description: The git revision
default: master
- name: gitrepositoryurl
description: The git repository url
- name: namespace
description: The namespace to create the resources
resourcetemplates:
- apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: source-repo-$(uid)
namespace: $(params.namespace)
spec:
type: git
params:
- name: revision
value: $(params.gitrevision)
- name: url
value: $(params.gitrepositoryurl)
- apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: image-webhook-$(uid)
namespace: $(params.namespace)
spec:
type: image
params:
- name: url
value: gcr.io/perfinion/tensorflow-build/webhook:latest
- apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: image-linuxcpu-$(uid)
namespace: $(params.namespace)
spec:
type: image
params:
- name: url
value: gcr.io/perfinion/tensorflow-build/linux/cpu:latest
- apiVersion: tekton.dev/v1alpha1
kind: PipelineRun
metadata:
name: build-pipeline-run-$(uid)
namespace: $(params.namespace)
spec:
serviceAccountName: kaniko-push
pipelineRef:
name: build-pipeline
resources:
- name: source-repo
resourceRef:
name: source-repo-$(uid)
- name: image-webhook
resourceRef:
name: image-webhook-$(uid)
- name: image-linuxcpu
resourceRef:
name: image-linuxcpu-$(uid)
---
apiVersion: tekton.dev/v1alpha1
kind: TriggerBinding
metadata:
name: build-pipelinebinding
namespace: sig-build
spec:
params:
- name: gitrevision
value: $(body.head_commit.id)
- name: namespace
value: sig-build
- name: gitrepositoryurl
value: "https://github.com/$(body.repository.full_name).git"
---
apiVersion: tekton.dev/v1alpha1
kind: EventListener
metadata:
name: build-listener
namespace: sig-build
spec:
serviceAccountName: tekton-triggers-admin
serviceType: NodePort
triggers:
- name: github-trigger
binding:
name: build-pipelinebinding
template:
name: build-triggertemplate
---
apiVersion: v1
kind: Namespace
metadata:
name: sig-build
spec:
finalizers:
- kubernetes
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tekton-triggers-admin
namespace: sig-build
rules:
- apiGroups:
- tekton.dev
resources:
- eventlisteners
- triggerbindings
- triggertemplates
- pipelineresources
verbs:
- get
- apiGroups:
- tekton.dev
resources:
- pipelineruns
- pipelineresources
verbs:
- create
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: tekton-triggers-admin
namespace: sig-build
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: tekton-triggers-admin-binding
namespace: sig-build
subjects:
- kind: ServiceAccount
name: tekton-triggers-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: tekton-triggers-admin
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tekton-triggers-createwebhook
namespace: sig-build
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- create
- update
- delete
- apiGroups:
- tekton.dev
resources:
- eventlisteners
verbs:
- get
- list
- create
- update
- delete
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- create
- get
- list
- delete
- update
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: tekton-triggers-createwebhook
namespace: sig-build
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: tekton-triggers-createwebhook
namespace: sig-build
subjects:
- kind: ServiceAccount
name: tekton-triggers-createwebhook
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: tekton-triggers-createwebhook
#!/bin/bash
: ${CLUSTER_NAME:=tf-build-dev}
: ${CLUSTER_ZONE:=us-central1-a}
: ${TKN_PIPELINE_VERSION:=v0.9.0}
: ${TKN_TRIGGERS_VERSION:=v0.1.0}
# Create GKE cluster
gcloud container clusters create $CLUSTER_NAME --zone=$CLUSTER_ZONE
# Make current user a cluster admin
kubectl create clusterrolebinding cluster-admin-binding \
--clusterrole=cluster-admin \
--user=$(gcloud config get-value core/account)
# Install tekton pipelines on new cluster
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/${TKN_PIPELINE_VERSION}/release.yaml
# Install tekton triggers on new cluster
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/${TKN_TRIGGERS_VERSION}/release.yaml
kubectl get pods --all-namespaces
# Create sig-build namespace first
kubectl apply -f namespace.yaml
# Permissions
kubectl apply -f role-admin.yaml
kubectl apply -f role-webhook.yaml
# Tasks for tf/build repo
kubectl apply -f build-tasks.yaml
kubectl apply -f build-pipeline.yaml
kubectl apply -f build-triggers.yaml
#!/usr/bin/env python3
import requests
import hashlib
import hmac
import os
import sys
# forward to listener with:
# kubectl port-forward svc/el-build-listener 7070:8080 --namespace=sig-build
HOOKURL = 'http://localhost:7070/'
DATA = {
"head_commit":
{
"id": "master"
},
"repository":
{
"full_name": "perfinion/build",
"branch": "master"
}
}
############################################
secret = os.environ.get('GITHUB_SECRET', '')
if len(secret) < 1:
print('Set env var GITHUB_SECRET')
sys.exit(1)
request = requests.Request('POST', HOOKURL, data=DATA)
prepped = request.prepare()
sig = hmac.new(secret, prepped.body, hashlib.sha1)
prepped.headers['X-Hub-Signature'] = "sha1=%s" % sig.hexdigest()
with requests.Session() as session:
response = session.send(prepped)
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment