📚 Sync docs from alaudadevops/tektoncd-operator on 9b67af1066d87606e7c19632060d13f3aa7cb5de

Source: docs: move tep dev docs from sub repos (#721)
Author: yzc
Ref: refs/heads/main
Commit: 9b67af1066d87606e7c19632060d13f3aa7cb5de

This commit automatically syncs documentation changes from the source-docs repository.

🔗 View source commit: https://github.com/alaudadevops/tektoncd-operator/commit/9b67af1066d87606e7c19632060d13f3aa7cb5de
🤖 Synced on 2025-10-31 10:21:32 UTC

Author: edge-katanomi-app2[bot]

.github/SYNC_INFO.md

@@ -1,10 +1,10 @@
 # Documentation Sync Information
 
-- **Last synced**: 2025-10-31 08:06:45 UTC
+- **Last synced**: 2025-10-31 10:21:31 UTC
 - **Source repository**: alaudadevops/tektoncd-operator
-- **Source commit**: [008418e262fa3d4198fa49b2e601f08fa861f54a](https://github.com/alaudadevops/tektoncd-operator/commit/008418e262fa3d4198fa49b2e601f08fa861f54a)
+- **Source commit**: [9b67af1066d87606e7c19632060d13f3aa7cb5de](https://github.com/alaudadevops/tektoncd-operator/commit/9b67af1066d87606e7c19632060d13f3aa7cb5de)
 - **Triggered by**: edge-katanomi-app2[bot]
-- **Workflow run**: [#90](https://github.com/alaudadevops/tektoncd-operator/actions/runs/18966544073)
+- **Workflow run**: [#91](https://github.com/alaudadevops/tektoncd-operator/actions/runs/18969631201)
 
 ## Files synced:
 - docs/

docs/en/development/catalog/convention.md

@@ -0,0 +1,206 @@
+---
+weight: 10
+status: proposed
+title: Catalog Conventions
+creation-date: "2025-02-20"
+category: docs
+authors:
+  - "@qingliu"
+---
+
+# Catalog Conventions
+
+## Task Conventions
+
+### 1. Follow Community [Catalog](https://github.com/tektoncd/catalog) Conventions
+
+Catalog Structure
+
+1. Each resource follows the following structure
+
+    ```
+    ./task/                     👈 the kind of the resource
+
+        /argocd                 👈 definition file must have same name
+           /0.1
+             /OWNERS            👈 owners of this resource
+             /README.md
+             /DEVELOPMENT.md    👈 development guide
+             /argocd.yaml       👈 the file name should match the resource name
+             /samples/deploy-to-k8s.yaml
+           /0.2/...
+
+        /golang-build
+           /OWNERS
+           /README.md
+           /0.1
+             /README.md
+             /golang-build.yaml
+             /samples/golang-build.yaml
+    ```
+
+2. Resource YAML file includes following changes
+  *  Labels include the version of the resource.
+  *  Annotations include `minimum pipeline version` supported by the resource,
+     `tags` associated with the resource and `displayName` of the resource
+
+     ```yaml
+   
+      labels:
+         app.kubernetes.io/version: "0.1"                 👈 Version of the resource, has to equal to the version in the file path, e.g. version == "0.1" in "example-task/0.1/example-task.yaml"
+   
+       annotations:
+         tekton.dev/pipelines.minVersion: "0.12.1"        👈 Min Version of pipeline resource is compatible
+         tekton.dev/categories: CLI                       👈 Comma separated list of categories
+         tekton.dev/tags: "ansible, cli"                  👈 Comma separated list of tags
+         tekton.dev/displayName: "Ansible Tower Cli"      👈 displayName can be optional
+         tekton.dev/platforms: "linux/amd64,linux/s390x"  👈 Comma separated list of platforms, can be optional
+         tekton.dev/icon: data:image/svg+xml;base64,{{ base64 icon data }} 👈 The base64 encoded svg icon, can be optional
+   
+     spec:
+       description: |-
+         ansible-tower-cli task simplifies
+         workflow, jobs, manage users...                  👈 Summary
+   
+         Ansible Tower (formerly 'AWX') is a ...
+   
+     ```
+
+**Note** : Categories are a generalized list and are maintained by Hub. To add new categories, please follow the procedure mentioned [here](https://github.com/tektoncd/hub/blob/main/docs/ADD_NEW_CATEGORY.md).
+
+### 2. Use v1 Version of Task
+
+Currently `tekton.dev/v1` is the default version, and this version does not have the `ClusterTask` resource type, therefore we recommend using the `v1` version of Task.
+
+### 3. Specify Default Resources `computeResources` for Task
+
+It is recommended that `Task` has a default `computeResources`, and users can override it through `TaskRun` if they need to adjust.
+
+```yaml
+apiVersion: tekton.dev/v1
+kind: Task
+metadata:
+  name: foo
+spec:
+  steps:
+    - name: sonar-properties-create
+      computeResources:
+        requests:
+          cpu: "1"
+          memory: "1Gi"
+        limits:
+          cpu: "2"
+          memory: "2Gi"
+```
+
+```yaml
+apiVersion: tekton.dev/v1
+kind: TaskRun
+metadata:
+  name: foo-run
+spec:
+  computeResources:
+    requests:
+      cpu: "2"
+      memory: "2Gi"
+    limits:
+      cpu: "4"
+      memory: "4Gi"
+```
+
+### 4. Building Custom Images with Dependencies
+
+If Tasks in the catalog depend on custom images, we need to provide `Dockerfile` and build pipelines in the catalog.
+
+- Build environments are stored in the `images/{image-name}` directory
+- Image build pipeline orchestration files are stored in `.tekton/images/build-{image-name}.yaml`
+
+#### Image Security
+
+- For security considerations, it is recommended to create a `nonroot` user with ID `65532` as the default user when the image is finally executed.
+- It is also recommended to add `USER 65532` instead of `USER nonroot` in the `Dockerfile` to specify this user.
+  - This is because when a Pod specifies `runAsNonRoot`, it cannot confirm that the user is non-root when using `USER nonroot`, which will result in a `CreateContainerConfigError`.
+
+    ```dockerfile
+    # Add a non-root user
+    
+    # For Alpine images
+    RUN adduser -u 65532 -h /home/nonroot -D nonroot -s /sbin/nologin
+    
+    # For Debian, Ubuntu images
+    RUN adduser --home /home/nonroot --uid 65532 nonroot --shell /usr/sbin/nologin --disabled-password --gecos ""
+    
+    # Set the default user
+    USER 65532
+    ```
+
+#### Image Tags
+
+If the image is custom, you can directly use the version number generated by `git-version` in the pipeline as the Tag.
+
+If the image is customized based on a specific community version, it is recommended to add the community version number as a prefix in the Tag. For example, `v0.56.0-{version}`
+
+In the pipeline, you can specify the image prefix by configuring the `tag-prefix` parameter.
+
+#### Image Path
+
+It is recommended to uniformly use `/devops/tektoncd/hub/` as the image path prefix for convenient image management in the future.
+
+### 5. Not Recommended to Specify `runAsUser` in Task Definitions that Support User Custom Images
+
+```yaml
+apiVersion: tekton.dev/v1
+kind: Task
+metadata:
+  name: foo
+spec:
+  steps:
+    - name: bar
+      securityContext:
+        runAsNonRoot: true
+        # runAsUser: 65532  # Not recommended to specify in Task
+```
+
+This is because after specifying the `runAsUser` configuration in the `step` of a `Task`, it is equivalent to configuring this property for a specific `Container` of the Pod.
+However, the `podTemplate` of `TaskRun` can currently only override this configuration at the `Pod` level and cannot override this configuration for a specific `Container`.
+
+If the user's base image must require a specific user (non-65532) to work properly, then this configuration may prevent users from using this `Task`.
+
+#### Exceptions
+
+For general script execution Tasks like `run-script`, **it is recommended to specify `runAsUser` in the Task** for the following reasons:
+
+1. The main purpose of such Tasks is to execute general scripts, and users usually don't need to customize base images for them
+2. Specifying `runAsUser` allows users to:
+    - Directly use various standard images
+    - Avoid additional configuration in `TaskRun` or `PipelineRun`
+    - Improve ease of use
+
+> **Note**: This recommendation only applies to general script execution Tasks, other types of Tasks should still follow the above conventions.
+
+### 6. Tasks Need Integration Test Coverage
+
+Integration test pipelines can be placed in the `.tekton/integrations/{task-name}.yaml` directory.
+
+### 7. Unified Use of `registry.alauda.cn:60070` for Image Registry Addresses Referenced in Tasks
+
+Although the currently built images are usually `build-harbor.alauda.cn`, considering that this image address is inconvenient for integration testing.
+Therefore, it is temporarily recommended to uniformly use `registry.alauda.cn:60070` as the image registry address in Tasks.
+
+### 8. Task Display Names
+
+Task display names follow PascalCase convention, meaning the first letter is capitalized.
+
+| Description                             | Bad Case          | Good Case         |
+| --------------------------------------- | ----------------- | ----------------- |
+| First letter capitalized                | buildah           | Buildah           |
+| First letter of each word capitalized   | Sonarqube scanner | Sonarqube Scanner |
+| Multiple words separated by spaces, not `-`, `_` | RunScript         | Run Script        |
+
+### 9. Task HTTPS Certificates Handling
+
+When adding a new Task, cover the following cases:
+
+- Allow skipping certificate verification for HTTPS: expose a toggle parameter and clearly document the risks and when to use it.
+- Trust HTTPS via user-provided certificates: expose a workspace for mounting custom CAs/truststores.
+- If the tool uses a “full replacement” trust-store strategy: implement append/merge logic in the Task so user certificates are added to the default trust chain rather than overwriting it, preventing breaks to other HTTPS endpoints and improving UX.

docs/en/development/catalog/quick_start.mdx

@@ -0,0 +1,116 @@
+---
+weight: 5
+status: proposed
+title: Catalog Development Guide
+creation-date: "2025-02-25"
+category: docs
+authors:
+  - "@qingliu"
+---
+
+# Catalog Development Guide
+
+## How to Initialize a New `Task`
+
+Refer to the [catalog convention](./convention.md) and the existing `maven` project to initialize a new `Task`.
+
+### 1. Initialize the Main Directory `task/maven/{version}/`
+
+> The directory name `task` is a convention of `TektonHub` and cannot be modified.
+
+```yaml
+./task/maven/0.5
+├── README.md
+├── maven.yaml
+├── samples
+│   ├── pvc-pod.yaml
+│   └── taskrun-pvc.yaml
+├── features
+│   └── maven.feature
+└── testdata
+    └── taskrun-maven-test-server-creds.yaml
+```
+
+- `README.md` describes the functionality and usage of the `Task`
+- `maven.yaml` describes the specific implementation of the `Task`
+- `samples` directory contains usage examples for the `Task`
+- `features` directory contains test cases for the `Task`
+- `testdata` directory contains test data for the `Task`
+
+### 2. Build Dependent Images
+
+a. Prepare `Dockerfile` and other files for building image dependencies in `images/{taskname}/`.
+
+```yaml
+./images/maven
+└── Dockerfile
+```
+
+b. Prepare the image build pipeline file `build-maven.yaml`.
+
+```yaml
+.tekton/images
+└── build-maven.yaml
+```
+
+Pay special attention to the following areas:
+
+- `pipelinesascode.tekton.dev/on-comment` trigger comment keywords
+- `pipelinesascode.tekton.dev/on-cel-expression` trigger conditions
+- `file-list-for-commit-sha` list of related files for calculating version numbers
+    - Since this code repository contains many components, changes to other components should not affect the version number of the current component.
+- `update-files-based-on-image` used to perform a series of operations based on the built image
+    - Can be used to update the `values.yaml` file in the code root directory
+    - Can be used to automatically update the image version numbers used in the `Task`
+
+:::tip
+Currently, only the `catalog` image build pipeline needs to configure `upstreams` for automatically updating the upstream `tektoncd-hub` repository.
+
+See the [Update catalog to hub process](#update_catalog_to_hub) below for details.
+:::
+
+c. Register new dependent images in `values.yaml`
+
+> The purpose of this file is to record all images that this component depends on in the product.
+>
+> This information will be automatically synchronized to `tektoncd-hub` -> `tektoncd-operator` as needed.
+>
+> This will ultimately ensure that the `spec.relatedImages` field in the `ClusterServiceVersion` of `Tektoncd-Operator` contains this information.
+
+```yaml
+global:
+  registry:
+    address: registry.alauda.cn:60070
+  images:
+    # Add here, subsequent tag and digest will be automatically updated
+    maven:
+      repository: devops/tektoncd/hub/maven
+      digest: sha256:c5df6519e7e45607e78fc72db5dd3ff450b369b24f6ec08d7c2df81256c706c7
+      tag: v0.1.0-beta.45.gce64259
+```
+
+### 3. Write Integration Tests
+
+- Arrange the `task/{taskname}/{version}/features/{taskname}.feature` file as needed.
+- Adjust the BDD code `./godods` as needed
+- Prepare the integration test pipeline file `.tekton/integrations/{taskname}.yaml`
+
+## Workflow Process
+
+- Submit PR
+    - Automatically triggers image build pipeline, automatically updates dependent files like `values.yaml`.
+    - Manually trigger `e2e` integration test pipeline
+- Merge PR
+    - Automatically triggers `catalog` image build pipeline
+    - Automatically triggers `tektoncd-hub` pipeline, automatically updates `values.yaml`
+
+## Update Catalog to Hub Process \{#update_catalog_to_hub}
+
+The `catalog` image will contain all dependent `Task`s. It will automatically trigger the build pipeline when there are changes in the `task` directory.
+
+In its image build pipeline, there is a step called `upstreams` that is used to automatically update the upstream `tektoncd-hub` repository.
+
+It will actively trigger the upstream `tektoncd-hub` pipeline [hub-fetch-catalog-values](https://github.com/AlaudaDevops/tektoncd-hub/blob/main/.tekton/pr-catalog-update.yaml) when there are changes in the `main` and `release` branches to automatically fetch the latest configuration file `values.yaml`.
+
+The purpose of this step is to ensure that the `values.yaml` file in the `tektoncd-hub` repository also contains the latest dependent image information from `catalog`.
+

docs/en/development/run_e2e.mdx

@@ -31,7 +31,7 @@ Before starting, please ensure your environment meets the following requirements
 ### Step 1: Prepare Test Environment
 
 ```bash
-# Check Docker version
+# Check Podman version
 podman version
 
 # Pull the E2E test image