From e2d93a591d45b10c651f69682e6e7ca21873dfb2 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Thu, 16 Nov 2023 13:55:04 +0100 Subject: [PATCH] Add article on tekton pipelines with git clone example --- .../example-pipeline-with-deploy-keys.md | 90 +++++++++++++++++++ .../docs/src/guides/sub-pipeline/index.md | 1 + 2 files changed, 91 insertions(+) create mode 100644 public-site/docs/src/guides/sub-pipeline/example-pipeline-with-deploy-keys.md diff --git a/public-site/docs/src/guides/sub-pipeline/example-pipeline-with-deploy-keys.md b/public-site/docs/src/guides/sub-pipeline/example-pipeline-with-deploy-keys.md new file mode 100644 index 00000000..9380b2f2 --- /dev/null +++ b/public-site/docs/src/guides/sub-pipeline/example-pipeline-with-deploy-keys.md @@ -0,0 +1,90 @@ +--- +title: "Sub-pipeline example: Pipeline with GitHub deploy keys" +--- + +# Sub-pipeline example: Pipeline with GitHub deploy keys + +* In the Radix application repository create a folder `tekton`. This folder need to be in the configuration branch and in the same folder, where `radixconfig.yaml` file is located (by default it is a root of the repository). +* The sub-pipeline in this example runs one task with two steps. +* Create a file `test-github.yaml` for the task `test-github`. This task has two steps "git-clone" and a step "list-contents". + +:::tip +Mount a volume named `$(radix.git-deploy-key)` where you need you ssh credentials. +::: + +File `test-github.yaml` + +```yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: test-github +spec: + stepTemplate: + image: alpine/git + volumeMounts: + - name: source-volume + mountPath: /var/source + securityContext: + runAsUser: 65534 # nobody + + steps: + - name: git-clone + volumeMounts: + - name: $(radix.git-deploy-key) # <-- This volume is created by Radix and available where you mount it. + mountPath: /.ssh + command: + - git + - clone + - git@github.com:Equinor-Playground/rihag-edc23-radix-1.git + - /var/source/branch + + - name: list-contents + script: | + #!/usr/bin/env sh + ls -la /var/source/branch + + volumes: + - name: source-volume + emptyDir: { } + +``` + +* Create a file `pipeline.yaml`. Add a task in the `tasks` list: give it a name (it can be any name, unique within this sub-pipeline), in the property `taskRef` ("reference to a task") put the value from the property `metadata.name` of the task, created above: + +```yaml +apiVersion: tekton.dev/v1 +kind: Pipeline +metadata: + name: test-pipeline +spec: + tasks: + - name: test-github + taskRef: + name: test-github + +``` + +* File structure can be like this: + +```sh +/ +├── tekton/ +│ ├── pipeline.yaml +│ └── test-github.yaml +└── radixconfig.yaml +``` + +## Details: + * The userid `65534` is mapped to the user `nobody` in the image `alpine/git`, with the home folder set to `/` + * The volume referenced by `$(radix.git-deploy-key)` is mounted read-only and both files, `id_rsa` and `known_hosts` have permission level `444`, owned by `root:root`. + ```shell + total 4 + drwxrwxrwt 3 root root 120 Nov 16 09:06 . + drwxr-sr-x 1 git git 4096 Nov 16 09:06 .. + drwxr-xr-x 2 root root 80 Nov 16 09:06 ..2023_11_16_09_06_55.2062090024 + lrwxrwxrwx 1 root root 32 Nov 16 09:06 ..data -> ..2023_11_16_09_06_55.2062090024 + lrwxrwxrwx 1 root root 13 Nov 16 09:06 id_rsa -> ..data/id_rsa + lrwxrwxrwx 1 root root 18 Nov 16 09:06 known_hosts -> ..data/known_hosts + ``` + Note that the permissions listed are wrong, and the underlaying data have limited permissions. diff --git a/public-site/docs/src/guides/sub-pipeline/index.md b/public-site/docs/src/guides/sub-pipeline/index.md index 9f4e1597..63733df9 100644 --- a/public-site/docs/src/guides/sub-pipeline/index.md +++ b/public-site/docs/src/guides/sub-pipeline/index.md @@ -137,3 +137,4 @@ In Radix platform, the following limitations are applied to sub-pipelines: * [Sub-pipeline with build environment variables](./example-pipeline-with-env-vars.md) * [Sub-pipeline with build environment variables for environments](./example-pipeline-with-env-vars-for-envs.md) * [Sub-pipeline with build secrets](./example-pipeline-with-build-secrets.md) +* [Sub-pipeline with GitHub deploy keys](./example-pipeline-with-deploy-keys.md)