171 lines
3.9 KiB
YAML
171 lines
3.9 KiB
YAML
apiVersion: tekton.dev/v1beta1
|
|
kind: Pipeline
|
|
metadata:
|
|
name: imagebuild
|
|
spec:
|
|
description: |
|
|
This pipeline clones a git repo, then echoes the README file to the stout.
|
|
params:
|
|
- name: url
|
|
type: string
|
|
description: The git repo URL to clone from.
|
|
- name: revision
|
|
type: string
|
|
description: The git repo branch to checkout.
|
|
- name: image
|
|
type: string
|
|
description: The image to build.
|
|
- name: context
|
|
type: string
|
|
description: The context of image to build.
|
|
- name: tag
|
|
type: string
|
|
description: The image tag.
|
|
- name: dockerfile
|
|
type: string
|
|
description: Path to the Dockerfile to build.
|
|
- name: registry
|
|
description: Registry of the Docker image
|
|
- name: apiurl
|
|
type: string
|
|
description: The gitea api url.
|
|
- name: requesttype
|
|
type: string
|
|
description: The gitea request type = "pullrequest / release".
|
|
- name: requestid
|
|
type: string
|
|
description: The gitea request id.
|
|
|
|
|
|
workspaces:
|
|
- name: shared-data
|
|
- name: docker-credentials
|
|
- name: git-credentials
|
|
- name: gitea-access-token
|
|
|
|
tasks:
|
|
|
|
# 📥 Clone du repo git
|
|
- name: gitclone
|
|
taskRef:
|
|
name: git-clone
|
|
workspaces:
|
|
- name: output
|
|
workspace: shared-data
|
|
- name: ssh-directory
|
|
workspace: git-credentials
|
|
params:
|
|
- name: url
|
|
value: $(params.url)
|
|
- name: revision
|
|
value: $(params.revision)
|
|
- name: submodules
|
|
value: 'false'
|
|
- name: depth
|
|
value: '50'
|
|
|
|
# ⭐ Image Tag Formater
|
|
- name: imageformater
|
|
taskRef:
|
|
name: imageformater
|
|
runAfter: ["gitclone"]
|
|
workspaces:
|
|
- name: source
|
|
workspace: shared-data
|
|
params:
|
|
- name: revision
|
|
value: $(params.revision)
|
|
|
|
# 🔨 Build de l'image
|
|
- name: kaniko-build
|
|
taskRef:
|
|
name: kaniko
|
|
runAfter: ["imageformater"]
|
|
params:
|
|
- name: IMAGE
|
|
value: $(params.registry)/$(params.image):$(tasks.imageformater.results.imagetag)
|
|
- name: BUILDER_IMAGE
|
|
value: gcr.io/kaniko-project/executor:v1.20.0
|
|
- name: DOCKERFILE
|
|
value: $(params.dockerfile)
|
|
- name: CONTEXT
|
|
value: $(params.context)
|
|
- name: EXTRA_ARGS
|
|
value:
|
|
- --skip-tls-verify
|
|
- --insecure
|
|
- --no-push
|
|
- --tarPath=$(workspaces.source.path)/image.tar
|
|
- --destination=$(params.registry)/$(params.image):$(tasks.imageformater.results.imagetag)
|
|
workspaces:
|
|
- name: source
|
|
workspace: shared-data
|
|
- name: dockerconfig
|
|
workspace: docker-credentials
|
|
|
|
# 🔎 Scan de l'image
|
|
- name: trivy-scan
|
|
taskRef:
|
|
name: trivy-scanner
|
|
kind: Task
|
|
params:
|
|
- name: IMAGE_PATH
|
|
value: "$(workspaces.manifest-dir.path)/image.tar"
|
|
workspaces:
|
|
- name: manifest-dir
|
|
workspace: shared-data
|
|
runAfter:
|
|
- kaniko-build
|
|
|
|
# 📨 Envoyer du resulat de trivy à gitea
|
|
- name: trivy-giteacomment
|
|
taskRef:
|
|
name: giteacomment
|
|
workspaces:
|
|
- name: source
|
|
workspace: shared-data
|
|
- name: gitea-access-token
|
|
workspace: gitea-access-token
|
|
params:
|
|
- name: apiurl
|
|
value: $(params.apiurl)
|
|
- name: requestid
|
|
value: $(params.requestid)
|
|
- name: title
|
|
value: "TRIVY"
|
|
- name: filepath
|
|
value: "temp_trivy.txt"
|
|
runAfter:
|
|
- trivy-scan
|
|
|
|
# 🚀 Publication de l'image
|
|
- name: publish
|
|
taskRef:
|
|
name: crane-task
|
|
workspaces:
|
|
- name: source
|
|
workspace: shared-data
|
|
- name: dockerconfig
|
|
workspace: docker-credentials
|
|
params:
|
|
- name: IMAGE_TAG
|
|
value: $(tasks.imageformater.results.imagetag)
|
|
- name: IMAGE
|
|
value: $(params.image)
|
|
- name: REGISTRY
|
|
value: $(params.registry)
|
|
runAfter:
|
|
- trivy-scan
|
|
|
|
|
|
|
|
finally:
|
|
# 🧹 Cleanup
|
|
- name: cleanup-workspace
|
|
taskRef:
|
|
name: cleanup-workspace
|
|
kind: Task
|
|
workspaces:
|
|
- name: source
|
|
workspace: shared-data
|