-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add article on tekton pipelines with git clone example (#277)
Co-authored-by: Richard Hagen <[email protected]>
- Loading branch information
Showing
2 changed files
with
91 additions
and
0 deletions.
There are no files selected for viewing
90 changes: 90 additions & 0 deletions
90
public-site/docs/src/guides/sub-pipeline/example-pipeline-with-deploy-keys.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,90 @@ | ||
--- | ||
title: "Sub-pipeline example: Pipeline with GitHub deploy keys" | ||
--- | ||
|
||
# Sub-pipeline example: Pipeline with GitHub deploy keys | ||
|
||
* In the Radix application repository create a folder `tekton`. This folder need to be in the configuration branch and in the same folder, where `radixconfig.yaml` file is located (by default it is a root of the repository). | ||
* The sub-pipeline in this example runs one task with two steps. | ||
* Create a file `test-github.yaml` for the task `test-github`. This task has two steps "git-clone" and a step "list-contents". | ||
|
||
:::tip | ||
Mount a volume named `$(radix.git-deploy-key)` where you need you ssh credentials. | ||
::: | ||
|
||
File `test-github.yaml` | ||
|
||
```yaml | ||
apiVersion: tekton.dev/v1 | ||
kind: Task | ||
metadata: | ||
name: test-github | ||
spec: | ||
stepTemplate: | ||
image: alpine/git | ||
volumeMounts: | ||
- name: source-volume | ||
mountPath: /var/source | ||
securityContext: | ||
runAsUser: 65534 # nobody | ||
|
||
steps: | ||
- name: git-clone | ||
volumeMounts: | ||
- name: $(radix.git-deploy-key) # <-- This volume is created by Radix and available where you mount it. | ||
mountPath: /.ssh | ||
command: | ||
- git | ||
- clone | ||
- [email protected]:Equinor-Playground/rihag-edc23-radix-1.git | ||
- /var/source/branch | ||
|
||
- name: list-contents | ||
script: | | ||
#!/usr/bin/env sh | ||
ls -la /var/source/branch | ||
volumes: | ||
- name: source-volume | ||
emptyDir: { } | ||
|
||
``` | ||
|
||
* Create a file `pipeline.yaml`. Add a task in the `tasks` list: give it a name (it can be any name, unique within this sub-pipeline), in the property `taskRef` ("reference to a task") put the value from the property `metadata.name` of the task, created above: | ||
|
||
```yaml | ||
apiVersion: tekton.dev/v1 | ||
kind: Pipeline | ||
metadata: | ||
name: test-pipeline | ||
spec: | ||
tasks: | ||
- name: test-github | ||
taskRef: | ||
name: test-github | ||
|
||
``` | ||
|
||
* File structure can be like this: | ||
|
||
```sh | ||
/ | ||
├── tekton/ | ||
│ ├── pipeline.yaml | ||
│ └── test-github.yaml | ||
└── radixconfig.yaml | ||
``` | ||
|
||
## Details: | ||
* The userid `65534` is mapped to the user `nobody` in the image `alpine/git`, with the home folder set to `/` | ||
* The volume referenced by `$(radix.git-deploy-key)` is mounted read-only and both files, `id_rsa` and `known_hosts` have permission level `444`, owned by `root:root`. | ||
```shell | ||
total 4 | ||
drwxrwxrwt 3 root root 120 Nov 16 09:06 . | ||
drwxr-sr-x 1 git git 4096 Nov 16 09:06 .. | ||
drwxr-xr-x 2 root root 80 Nov 16 09:06 ..2023_11_16_09_06_55.2062090024 | ||
lrwxrwxrwx 1 root root 32 Nov 16 09:06 ..data -> ..2023_11_16_09_06_55.2062090024 | ||
lrwxrwxrwx 1 root root 13 Nov 16 09:06 id_rsa -> ..data/id_rsa | ||
lrwxrwxrwx 1 root root 18 Nov 16 09:06 known_hosts -> ..data/known_hosts | ||
``` | ||
Note that the permissions listed are wrong, and the underlaying data have limited permissions. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters