mse-tekton/kustomization/base/tekton/pipeline/imagebuild.yaml

apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
  name: imagebuild
spec:
  description: |
    This pipeline clones a git repo, then echoes the README file to the stout.
  params:
  - name: url
    type: string
    description: The git repo URL to clone from.
  - name: revision
    type: string
    description: The git repo branch to checkout.
  - name: image
    type: string
    description: The image to build.
  - name: apiurl
    type: string
    description: The gitea api url.
  - name: requesttype
    type: string
    description: The gitea request type = pullrequet or release
  - name: requestid
    type: string
    description: The gitea request id.
  - name: access_token
    type: string
    description: The gitea access_token id.
  - name: dockerfile
    type: string
    description: Path to the Dockerfile to build.

  workspaces:
  - name: shared-data
  - name: config
  - name: docker-credentials

  tasks:
  # ⭐ Image Tag Formater
  - name: imageformater
    taskRef:
      name:  imageformater
    params:
    - name: image
      value: $(params.image)

  # 📥 Clone du repo git
  - name: gitclone
    taskRef:
      name: git-clone
    workspaces:
    - name: output
      workspace: shared-data
    params:
    - name: url
      value: $(params.url)
    - name: revision
      value: $(params.revision)
    - name: submodules
      value: 'false'
    - name: depth
      value: '50'

  # 🔨 Build de l'image
  - name: kaniko-build
    taskRef:
      name: kaniko
    runAfter: ["gitclone"]
    params:
      - name: IMAGE
        value: $(tasks.imageformater.results.imagetag)
      - name: BUILDER_IMAGE
        value: gcr.io/kaniko-project/executor:v1.20.0
      - name: DOCKERFILE
        value: $(params.dockerfile)
      - name: EXTRA_ARGS
        value:
          - --skip-tls-verify
          - --insecure
          - --no-push
          - --tarPath=$(workspaces.source.path)/image.tar
          - --destination=$(tasks.imageformater.results.imagetag)
    workspaces:
      - name: source
        workspace: shared-data
      - name: dockerconfig
        workspace: docker-credentials

   # 🔎 Scan de l'image
  - name: trivy-scan
    taskRef:
      name: trivy-scanner
      kind: Task
    params:
      - name: IMAGE_PATH
        value: "$(workspaces.manifest-dir.path)/image.tar"
    workspaces:
      - name: manifest-dir
        workspace: shared-data
    runAfter:
      - kaniko-build

  # 🚀 Publication de l'image
  - name: publish
    taskRef:
      name: crane-task
    workspaces:
      - name: source
        workspace: shared-data
      - name: dockerconfig
        workspace: docker-credentials
    params:
      - name: IMAGE
        value: $(tasks.imageformater.results.imagetag)
    runAfter:
      - trivy-scan

  finally:
  # 🧹 Cleanup
  - name: cleanup-workspace
    taskRef:
      name: cleanup-workspace
      kind: Task
    workspaces:
      - name: source
        workspace: shared-data
mise en place d'un pipeline de build d'image et mse 2024-03-20 13:36:01 +01:00			`apiVersion: tekton.dev/v1beta1`
			`kind: Pipeline`
			`metadata:`
			`name: imagebuild`
			`spec:`
			`description: \|`
			`This pipeline clones a git repo, then echoes the README file to the stout.`
			`params:`
			`- name: url`
			`type: string`
			`description: The git repo URL to clone from.`
			`- name: revision`
			`type: string`
			`description: The git repo branch to checkout.`
			`- name: image`
			`type: string`
			`description: The image to build.`
			`- name: apiurl`
			`type: string`
			`description: The gitea api url.`
			`- name: requesttype`
			`type: string`
			`description: The gitea request type = pullrequet or release`
			`- name: requestid`
			`type: string`
			`description: The gitea request id.`
			`- name: access_token`
			`type: string`
			`description: The gitea access_token id.`
			`- name: dockerfile`
			`type: string`
			`description: Path to the Dockerfile to build.`

			`workspaces:`
			`- name: shared-data`
			`- name: config`
			`- name: docker-credentials`

			`tasks:`
			`# ⭐ Image Tag Formater`
			`- name: imageformater`
			`taskRef:`
			`name: imageformater`
			`params:`
			`- name: image`
			`value: $(params.image)`

			`# 📥 Clone du repo git`
			`- name: gitclone`
			`taskRef:`
			`name: git-clone`
			`workspaces:`
			`- name: output`
			`workspace: shared-data`
			`params:`
			`- name: url`
			`value: $(params.url)`
			`- name: revision`
			`value: $(params.revision)`
			`- name: submodules`
			`value: 'false'`
			`- name: depth`
			`value: '50'`

			`# 🔨 Build de l'image`
			`- name: kaniko-build`
			`taskRef:`
			`name: kaniko`
			`runAfter: ["gitclone"]`
			`params:`
			`- name: IMAGE`
			`value: $(tasks.imageformater.results.imagetag)`
			`- name: BUILDER_IMAGE`
			`value: gcr.io/kaniko-project/executor:v1.20.0`
			`- name: DOCKERFILE`
			`value: $(params.dockerfile)`
			`- name: EXTRA_ARGS`
			`value:`
			`- --skip-tls-verify`
			`- --insecure`
			`- --no-push`
			`- --tarPath=$(workspaces.source.path)/image.tar`
			`- --destination=$(tasks.imageformater.results.imagetag)`
			`workspaces:`
			`- name: source`
			`workspace: shared-data`
			`- name: dockerconfig`
			`workspace: docker-credentials`

			`# 🔎 Scan de l'image`
			`- name: trivy-scan`
			`taskRef:`
			`name: trivy-scanner`
			`kind: Task`
			`params:`
			`- name: IMAGE_PATH`
			`value: "$(workspaces.manifest-dir.path)/image.tar"`
			`workspaces:`
			`- name: manifest-dir`
			`workspace: shared-data`
			`runAfter:`
			`- kaniko-build`

			`# 🚀 Publication de l'image`
			`- name: publish`
			`taskRef:`
			`name: crane-task`
			`workspaces:`
			`- name: source`
			`workspace: shared-data`
			`- name: dockerconfig`
			`workspace: docker-credentials`
			`params:`
			`- name: IMAGE`
			`value: $(tasks.imageformater.results.imagetag)`
			`runAfter:`
			`- trivy-scan`

			`finally:`
			`# 🧹 Cleanup`
			`- name: cleanup-workspace`
			`taskRef:`
			`name: cleanup-workspace`
			`kind: Task`
			`workspaces:`
			`- name: source`
			`workspace: shared-data`