Add v1beta1 support to tekton-example (#97)

Author: mnuttall

tekton-example/README.md

@@ -1,19 +1,23 @@
 # Tekton Pipeline/Task Example  
 
-An example of using `promote` in a Tekton Pipeline to promote a service's config to a GitOps repository.  Creation of the PipelineRun (using `service-promote-pipeline-run.yaml`) will drive the pipeline to clone, build and push the service and then promote the config from the local clone into your staging/test GitOps repository.
+An example of using `promote` in a Tekton Pipeline to promote a service's config to a GitOps repository.  Creation of the PipelineRun will drive the pipeline to clone, build and push the service and then promote the config from the local clone into your staging/test GitOps repository.
 
-Creation of a TaskRun (using `promote-run.yaml`) will then further promote from one GitOps repo to another, e.g. from staging to production.
+## Tekton APIs: v1alpha1 and v1beta1
+
+Tekton Pipelines introduced new [v1beta1](https://github.com/tektoncd/pipeline/blob/master/docs/migrating-v1alpha1-to-v1beta1.md) APIs with its 0.11.x release. We first developed this sample against v1alpha1 APIs, but now include both v1alpha1 and v1beta1 versions of this sample. The v1beta1 version uses no Tekton PipelineResources, in the spirit of [this](https://github.com/tektoncd/pipeline/blob/master/docs/migrating-v1alpha1-to-v1beta1.md#replacing-pipelineresources-with-tasks) section of the migration document. You should use Tekton Pipelines v0.12.1 or higher and the v1beta1 samples unless you are unable to do so, or wish to use the code in the final section, 'Promote to Next Managed Environment'. This has only been implemented under the v1alpha1 sample. We're still working through how promotion between GitOps repositories should work, so this last section is fairly expermimental.
 
 ## Template Files
 
 - `auth.yaml`: Creates secrets for a GitHub repository and image registry, an access token for the GitHub repository and the ServiceAccount
-- `resources.yaml`: Creates PipelineResources for GitHub and Docker repositories
+- `resources.yaml`: Creates PipelineResources for GitHub and Docker repositories. This file only exists in the v1alpha1 sample.
 
 ## Other Files
+
 - `service-promote.yaml`: This is the Tekton Task used for promoting from one repository to another. It creates a PullRequest and this represents the promotion from one environment to another (for example, from development to production - in this case represented as repositories)
-- `service-promote-pipeline.yaml`: Creates a Pipeline that executes `build-task.yaml` and `service-promote.yaml`
-- `promote.yaml`: Creates a pull request from one repository to another repository
+- `service-promote-pipeline.yaml`: Creates a Pipeline that executes `build-task.yaml` and `service-promote.yaml`.
+- `promote.yaml`: Creates a pull request from one repository to another repository.
 - `build-task.yaml`: This task builds a Git source into a container image image and pushes to an image registry
+- `git-clone.yaml`: A copy of the Tekton Catalog [git-clone](https://github.com/tektoncd/catalog/blob/v1beta1/git/git-clone.yaml) Task, replacing the Git PipelineResource used in v1alpha1.
 
 ## Pre-requisites
 
@@ -26,52 +30,90 @@ Creation of a TaskRun (using `promote-run.yaml`) will then further promote from
 ## Create Tekton Resources
 
 - Create a new namespace:
+
 ```shell
 kubectl create ns <namespace>
 ```
 
 - Modify your Kubernetes context to use this namespace by default:
-```shell 
+
+```shell
 kubectl config set-context --current --namespace=<namespace>
 ```
 
+- Choose whether to use the `v1alpha1` or `v1beta1` resources. As per the introduction, we recommend Tekton 0.12.x+ and the `v1beta1` path unless you have clear reasons to choose `v1alpha1`.
+
+```sh
+cd v1beta1
+# OR
+cd v1alpha1
+```
+
 - Apply the resources folder:
-```shell 
+
+```shell
 kubectl apply -f resources
 ```
 
-- Edit both files in the template folder to contain real values. Entries of the form `REPLACE_ME.x` must be replaced with the value you wish to use, i.e at occurences such as `REPLACE_ME.IMAGE_NAME`, `REPLACE_ME.GITHUB_ORG/REPLACE_ME.GITHUB_REPO` etc... There are eight instances to replace in this folder.
+- Edit the files in the template folder to contain real values. Entries of the form `REPLACE_ME.x` must be replaced with the value you wish to use, i.e at occurences such as `REPLACE_ME.IMAGE_NAME`, `REPLACE_ME.GITHUB_ORG/REPLACE_ME.GITHUB_REPO` etc... There are eight instances to replace in the v1alpha1 templates/ folder and nine in the v1beta1 templates/ folder.
+
+- If you are using v1alpha1 you can apply the templates folder:
 
-- Apply the templates folder:
-```shell 
+```shell
 kubectl apply -f templates
 ```
 
+If you are using v1beta1 then only apply templates/auth.yaml. The templates/ folder also contains a PipelineRun which we don't want to run yet.
+
+```sh
+kubectl apply -f templates/auth.yaml
+```
+
 ## Execute Pipeline
 
 The PipelineRun you will create is designed to build your microservice from its development repository and then promote the new configuration to a GitOps repository (representing a different environment, for example development, staging, test or production).
 
-- To create the PipelineRun, use:
+This example promotes from the `promote-demo` repository, containing a service with the same name.
+
+- This creates a PipelineRun that executes the `service-promote-pipeline`, which will build the code and promote it to a repository you have specified
+- The logs will be outputted to your console, and you can also view its progress in the Tekton Dashboard.
+
+The exact steps to create a PipelineRun depend on whether you are using the v1alpha1 or v1beta1 APIs.
+
+### v1alpha1
+
+To create the PipelineRun using v1alpha1, use:
+
 ```shell
 tkn pipeline start service-promote-pipeline --resource git-source=git-app-repo --resource docker-image=docker-app-image --param commitId=v1 --param github-secret=promote-secret --param commit-name=<yourgitname> --param commit-email=<yourgitemail> --param to=https://github.com/<github username>/<github repo>.git --param service=promote-demo --workspace name=repo-space,claimName=repopvc,subPath=dir -s demo --showlog
 ```
 
-This example promotes from the `promote-demo` repository, containing a service with the same name.
+### v1beta1
 
+One of the main differences between our v1alpha1 and v1beta1 samples is that v1beta1 does not use a Tekton Git PipelineResource. Instead we use Tekton workspaces, which must be backed by persistent storage since they contain more than one task. Persistent storage requires a PersistentVolumeClaim. These can be dynamically generated using the `volumeClaimTemplate` stanza, but this is not supported in `tkn` until https://github.com/tektoncd/cli/issues/1006 is resolved. In the meantime we provide a PipelineRun:
 
-- This creates a PipelineRun that executes the `service-promote-pipeline`, which will build the code and promote it to a repository you have specified
-- The logs will be outputted to your console, and you can also view its progress in the Tekton Dashboard.
+```sh
+kubectl create -f templates/promote-pipelinerun.yaml
+```
+
+You will need to locate and tail the logs of this PipelineRun for yourself. For example you can use, 
+
+```sh
+kubectl get pipelineruns
+tkn pipelinerun logs [pipelinerun] -f
+```
 
 ## Promote to Next Managed Environment
 
 Optionally, you can run a subsequent promote from one GitOps repository to another (e.g staging to prod) after merging the pull request on your first GitOps repository. For this you will need a third repository, and for this you can fork: https://github.com/rhd-gitops-example/gitops-example-staging
 
--  To do this second promote, you will need to create a TaskRun that executes a task promoting from a testing repository to a production repository
+- To do this second promote, you will need to create a TaskRun that executes a task promoting from a testing repository to a production repository
 - To create the TaskRun (again this uses a service called `promote-demo`), use:
+
 ```shell
 tkn task start promote --param github-secret=promote-secret --param from=https://github.com/<yourorg>/<yourdevrepo>.git --param to=https://github.com/<yourorg>/<yourstagingrepo>.git --param commit-name=<yourgitname> --param commit-email=<yourgitemail> --param service=promote-demo -s demo --showlog
 ```
+
 This will start the TaskRun and output its logs, and you can also view its progress in the Tekton Dashboard.
 
 The TaskRun will clone the code from the initial repository locally, build it and promote it to the final repository. This will open a pull request which you will be able to view in the repository you chose to promote to.
-

tekton-example/resources/build-task.yaml …ample/v1alpha1/resources/build-task.yamltekton-example/resources/build-task.yaml renamed to tekton-example/v1alpha1/resources/build-task.yaml tekton-example/resources/build-task.yaml renamed to tekton-example/v1alpha1/resources/build-task.yaml

@@ -0,0 +1,56 @@
+apiVersion: tekton.dev/v1alpha1
+kind: Task
+metadata:
+  name: build-push
+spec:
+  workspaces:
+  - name: repo
+    mountPath: /repo
+  inputs:
+    params:
+    - name: buildahImage
+      description: The location of the buildah builder image.
+      default: quay.io/buildah/stable:v1.11.0
+    - name: pathToDockerfile
+      description: The path to the Dockerfile to build
+      default: /repo/Dockerfile
+    - name: commitId
+      description: commit ID of the source
+      default: v2
+    - name: tlsVerify
+      description: whether we should verify the TLS on the registry endpoint (for push/pull to a non-TLS registry)
+      default: "false"
+    - name: pathToContext
+      description: The build context to use
+      default: /repo
+    - name: destImage
+      description: Built image location
+  steps:
+  - name: build
+    image: $(inputs.params.buildahImage)
+    securityContext:
+      privileged: true
+    script: |
+      #!/bin/sh
+      buildah bud --tls-verify=$(inputs.params.tlsVerify) --layers  -f $(inputs.params.pathToDockerfile) -t $(inputs.params.destImage):$(inputs.params.commitId) $(inputs.params.pathToContext)
+    volumeMounts:                 
+    - name: varlibcontainers
+      mountPath: /var/lib/containers
+  - name: push 
+    image: $(inputs.params.buildahImage)
+    securityContext:
+      privileged: true
+    script: |
+      #!/bin/sh
+      buildah push --tls-verify=$(inputs.params.tlsVerify) $(inputs.params.destImage):$(inputs.params.commitId)
+    volumeMounts:                 
+    - name: varlibcontainers
+      mountPath: /var/lib/containers
+  - name: update 
+    image: alpine
+    script: |
+      #!/bin/sh
+      sed -i -e "s#\$IMAGE#\$(inputs.params.destImage):\$(inputs.params.commitId)#" $(inputs.params.pathToContext)/config/deploy.yaml
+  volumes:
+    - name: varlibcontainers
+      emptyDir: {}

tekton-example/resources/promote.yaml …-example/v1alpha1/resources/promote.yamltekton-example/resources/promote.yaml renamed to tekton-example/v1alpha1/resources/promote.yaml tekton-example/resources/promote.yaml renamed to tekton-example/v1alpha1/resources/promote.yaml

@@ -0,0 +1,100 @@
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: git-clone
+spec:
+  workspaces:
+    - name: output
+      description: The git repo will be cloned onto the volume backing this workspace
+  params:
+    - name: url
+      description: git url to clone
+      type: string
+    - name: revision
+      description: git revision to checkout (branch, tag, sha, ref…)
+      type: string
+      default: master
+    - name: refspec
+      description: (optional) git refspec to fetch before checking out revision
+      default: ""
+    - name: submodules
+      description: defines if the resource should initialize and fetch the submodules
+      type: string
+      default: "true"
+    - name: depth
+      description: performs a shallow clone where only the most recent commit(s) will be fetched
+      type: string
+      default: "1"
+    - name: sslVerify
+      description: defines if http.sslVerify should be set to true or false in the global git config
+      type: string
+      default: "true"
+    - name: subdirectory
+      description: subdirectory inside the "output" workspace to clone the git repo into
+      type: string
+      default: ""
+    - name: deleteExisting
+      description: clean out the contents of the repo's destination directory (if it already exists) before trying to clone the repo there
+      type: string
+      default: "false"
+    - name: httpProxy
+      description: git HTTP proxy server for non-SSL requests
+      type: string
+      default: ""
+    - name: httpsProxy
+      description: git HTTPS proxy server for SSL requests
+      type: string
+      default: ""
+    - name: noProxy
+      description: git no proxy - opt out of proxying HTTP/HTTPS requests
+      type: string
+      default: ""
+  results:
+    - name: commit
+      description: The precise commit SHA that was fetched by this Task
+  steps:
+    - name: clone
+      image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.12.1
+      script: |
+        CHECKOUT_DIR="$(workspaces.output.path)/$(params.subdirectory)"
+
+        cleandir() {
+          # Delete any existing contents of the repo directory if it exists.
+          #
+          # We don't just "rm -rf $CHECKOUT_DIR" because $CHECKOUT_DIR might be "/"
+          # or the root of a mounted volume.
+          if [[ -d "$CHECKOUT_DIR" ]] ; then
+            # Delete non-hidden files and directories
+            rm -rf "$CHECKOUT_DIR"/*
+            # Delete files and directories starting with . but excluding ..
+            rm -rf "$CHECKOUT_DIR"/.[!.]*
+            # Delete files and directories starting with .. plus any other character
+            rm -rf "$CHECKOUT_DIR"/..?*
+          fi
+        }
+
+        if [[ "$(params.deleteExisting)" == "true" ]] ; then
+          cleandir
+        fi
+
+        test -z "$(params.httpProxy)" || export HTTP_PROXY=$(params.httpProxy)
+        test -z "$(params.httpsProxy)" || export HTTPS_PROXY=$(params.httpsProxy)
+        test -z "$(params.noProxy)" || export NO_PROXY=$(params.noProxy)
+
+        /ko-app/git-init \
+          -url "$(params.url)" \
+          -revision "$(params.revision)" \
+          -refspec "$(params.refspec)" \
+          -path "$CHECKOUT_DIR" \
+          -sslVerify="$(params.sslVerify)" \
+          -submodules="$(params.submodules)" \
+          -depth "$(params.depth)"
+        cd "$CHECKOUT_DIR"
+        RESULT_SHA="$(git rev-parse HEAD | tr -d '\n')"
+        EXIT_CODE="$?"
+        if [ "$EXIT_CODE" != 0 ]
+        then
+          exit $EXIT_CODE
+        fi
+        # Make sure we don't add a trailing newline to the result!
+        echo -n "$RESULT_SHA" > $(results.commit.path)

…/resources/service-promote-pipeline.yaml …/resources/service-promote-pipeline.yamltekton-example/resources/service-promote-pipeline.yaml renamed to tekton-example/v1alpha1/resources/service-promote-pipeline.yaml tekton-example/resources/service-promote-pipeline.yaml renamed to tekton-example/v1alpha1/resources/service-promote-pipeline.yaml

@@ -0,0 +1,79 @@
+apiVersion: tekton.dev/v1alpha1
+kind: Pipeline
+metadata:
+  name: service-promote-pipeline
+spec:
+  workspaces:
+  - name: repo-space
+  params:
+  - name: source-repo
+    type: string
+    description: GitHub repository url to be promoted from
+  - name: revision
+    type: string
+    description: The git revision of source-repo to promote
+    default: master
+  - name: github-secret
+    type: string
+    description: name of the secret that contains the GitHub access token, the access token must be in a token key.
+  - name: gitops-repo
+    type: string
+    description: GitOps repository to promote service into
+  - name: service
+    type: string
+    description: service name to be promoted
+  - name: commit-name
+    type: string
+    description: the GitHub name to use on the commit for promotion
+  - name: commit-email
+    type: string
+    description: the GitHub email to use on the commit for promotion
+  - name: dest-image
+    type: string
+    description: Image registry coordinates for the built image
+  tasks:
+  - name: fetch-source
+    taskRef: 
+      name: git-clone
+    workspaces:
+    - name: output
+      workspace: repo-space
+    params:
+    - name: url
+      value: $(params.source-repo)
+    - name: revision
+      value: $(params.revision)
+  - name: build-simple
+    runAfter: [fetch-source]
+    taskRef:
+      name: build-push
+    workspaces:
+    - name: repo
+      workspace: repo-space
+    params:
+    - name: commitId
+      value: $(tasks.fetch-source.results.commit)
+    - name: destImage
+      value: $(params.dest-image)
+  - name: promote
+    runAfter: [build-simple]
+    taskRef:
+      name: service-promote
+    workspaces:
+    - name: repo
+      workspace: repo-space
+    params:
+    - name: github-secret
+      value: $(params.github-secret)
+    - name: gitops-repo
+      value: $(params.gitops-repo)
+    - name: service
+      value: $(params.service)
+    - name: commit-name
+      value: $(params.commit-name)
+    - name: commit-email
+      value: $(params.commit-email)
+
+
+
+