Skip to content

Commit

Permalink
Add article on tekton pipelines with git clone example (#277)
Browse files Browse the repository at this point in the history
Co-authored-by: Richard Hagen <[email protected]>
  • Loading branch information
Richard87 and Richard87 authored Nov 17, 2023
1 parent 602d498 commit fc969a0
Show file tree
Hide file tree
Showing 2 changed files with 91 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
---
title: "Sub-pipeline example: Pipeline with GitHub deploy keys"
---

# Sub-pipeline example: Pipeline with GitHub deploy keys

* In the Radix application repository create a folder `tekton`. This folder need to be in the configuration branch and in the same folder, where `radixconfig.yaml` file is located (by default it is a root of the repository).
* The sub-pipeline in this example runs one task with two steps.
* Create a file `test-github.yaml` for the task `test-github`. This task has two steps "git-clone" and a step "list-contents".

:::tip
Mount a volume named `$(radix.git-deploy-key)` where you need you ssh credentials.
:::

File `test-github.yaml`

```yaml
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: test-github
spec:
stepTemplate:
image: alpine/git
volumeMounts:
- name: source-volume
mountPath: /var/source
securityContext:
runAsUser: 65534 # nobody

steps:
- name: git-clone
volumeMounts:
- name: $(radix.git-deploy-key) # <-- This volume is created by Radix and available where you mount it.
mountPath: /.ssh
command:
- git
- clone
- [email protected]:Equinor-Playground/rihag-edc23-radix-1.git
- /var/source/branch

- name: list-contents
script: |
#!/usr/bin/env sh
ls -la /var/source/branch
volumes:
- name: source-volume
emptyDir: { }

```

* Create a file `pipeline.yaml`. Add a task in the `tasks` list: give it a name (it can be any name, unique within this sub-pipeline), in the property `taskRef` ("reference to a task") put the value from the property `metadata.name` of the task, created above:

```yaml
apiVersion: tekton.dev/v1
kind: Pipeline
metadata:
name: test-pipeline
spec:
tasks:
- name: test-github
taskRef:
name: test-github

```

* File structure can be like this:

```sh
/
├── tekton/
│ ├── pipeline.yaml
│ └── test-github.yaml
└── radixconfig.yaml
```

## Details:
* The userid `65534` is mapped to the user `nobody` in the image `alpine/git`, with the home folder set to `/`
* The volume referenced by `$(radix.git-deploy-key)` is mounted read-only and both files, `id_rsa` and `known_hosts` have permission level `444`, owned by `root:root`.
```shell
total 4
drwxrwxrwt 3 root root 120 Nov 16 09:06 .
drwxr-sr-x 1 git git 4096 Nov 16 09:06 ..
drwxr-xr-x 2 root root 80 Nov 16 09:06 ..2023_11_16_09_06_55.2062090024
lrwxrwxrwx 1 root root 32 Nov 16 09:06 ..data -> ..2023_11_16_09_06_55.2062090024
lrwxrwxrwx 1 root root 13 Nov 16 09:06 id_rsa -> ..data/id_rsa
lrwxrwxrwx 1 root root 18 Nov 16 09:06 known_hosts -> ..data/known_hosts
```
Note that the permissions listed are wrong, and the underlaying data have limited permissions.
1 change: 1 addition & 0 deletions public-site/docs/src/guides/sub-pipeline/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -137,3 +137,4 @@ In Radix platform, the following limitations are applied to sub-pipelines:
* [Sub-pipeline with build environment variables](./example-pipeline-with-env-vars.md)
* [Sub-pipeline with build environment variables for environments](./example-pipeline-with-env-vars-for-envs.md)
* [Sub-pipeline with build secrets](./example-pipeline-with-build-secrets.md)
* [Sub-pipeline with GitHub deploy keys](./example-pipeline-with-deploy-keys.md)

0 comments on commit fc969a0

Please sign in to comment.