add sample tekton resources and README (#35)

Author: akihikokuroda

docs/README.md

@@ -0,0 +1,36 @@
+# Tekton pipeline / task example
+
+## Files
+
+auth.yaml: (template) create secrets for github and docker registry and create the service account
+gitconfig: (template) data file for the gitconfig configmap.  The config map is created by `kubectl create configmap promoteconfigmap --from-file=gitconfig`
+
+promotesecret.yaml: (template) create an access token secret for the github repository
+resources.yaml: (template) create pipeline resources for github and docker repository
+
+build-task.yaml: create a build push task
+servicepromote.yaml: (template)create a promote from service repo to env repo task
+servicepromotepipeline.yaml: create a pipeline that executes build, push and promote
+servicepromotepipelinerun.yaml: create a pipelinerun that executes the servicepromotepipeline
+
+promote.yaml: (template)create a promote from one env repo to another env repo task
+promoterun.yaml: create a taskrun that execute promote task
+
+## Build docker image with `service promote` command
+
+- clone this repository
+- run `docker build -t <image name> .` in repository root directory
+- run `docker tag <image name> <your docker hub id>/<image name>` toi tag the image
+- run `docker login` to login to the docker hub
+- run `docker push <your docker hub id>/<image name>` to push the image to the docker hub
+
+## Create Tekton resource
+
+- edit all yaml files marked as (template) and gitconfig file.  `<xxx>` must be replaced with the real value
+- create a new namespace e.g. `kubectl create ns promote`
+- apply auth.yaml, promotesecret.yaml, resources.yaml, build-task.yaml, servicepromote.yaml and servicepromotepipelinerun.yaml in the namespace e.g. `kubectl -n <namespace> apply -f <yaml file name>
+- create a configmap by `kubectl create configmap promoteconfigmap --from-file=gitconfig -n <namespace>`
+
+## Execute pipeline
+
+- create the servicepromotepipelinerun by applying servicepromotepipelinerun.yaml e.g. `apply -n <namespace> apply -f servicepromotepipelinerun.yaml`

docs/auth.yaml

@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-github
+  annotations:
+    tekton.dev/git-0: https://github.com
+type: kubernetes.io/basic-auth
+stringData:
+  username: <github user name>
+  password: <github personal access token>
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-dockerhub
+  annotations:
+    tekton.dev/docker-0: https://index.docker.io/v1/
+type: kubernetes.io/basic-auth
+stringData:
+  username: <docker hub user id>
+  password: <docker hub password>
+
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: demo
+secrets:
+  - name: secret-github
+  - name: secret-dockerhub

docs/build-task.yaml

@@ -0,0 +1,55 @@
+apiVersion: tekton.dev/v1alpha1
+kind: Task
+metadata:
+  name: build-push
+spec:
+  workspaces:
+  - name: repo
+  inputs:
+    resources:
+      - name: git-source
+        type: git
+    params:
+    - name: pathToDockerFile
+      description: The path to the dockerfile to build
+      default: ./repo/Dockerfile
+    - name: commitId
+      description: commit ID of the source
+      default: v2
+    - name: pathToContext
+      description: The build context used by Kaniko (https://github.com/GoogleContainerTools/kaniko#kaniko-build-contexts)
+      default: ./repo
+  outputs:
+    resources:
+      - name: builtImage
+        type: image
+  steps:
+  - name: build
+    image: docker
+    script: |
+      #!/bin/sh
+      cp -R git-source/* repo
+      docker build -f $(inputs.params.pathToDockerFile) -t $(outputs.resources.builtImage.url) $(inputs.params.pathToContext)
+    volumeMounts:
+    - name: docker-socket
+      mountPath: /var/run/docker.sock
+  - name: push 
+    image: docker
+    script: |
+      #!/bin/sh
+      docker tag $(outputs.resources.builtImage.url) $(outputs.resources.builtImage.url):$(inputs.params.commitId)
+      docker push $(outputs.resources.builtImage.url):$(inputs.params.commitId)
+    volumeMounts:
+    - name: docker-socket
+      mountPath: /var/run/docker.sock
+  - name: update 
+    image: alpine
+    script: |
+      #!/bin/sh
+      sed -i -e "s#\$IMAGE#\$(outputs.resources.builtImage.url):\$(inputs.params.commitId)#" $(inputs.params.pathToContext)/config/deploy.yaml
+  volumes:
+    - name: docker-socket
+      hostPath:
+        path: /var/run/docker.sock
+        type: Socket
+

docs/gitconfig

@@ -0,0 +1,3 @@
+[user]
+	name = <github user name>
+	email = <github email>

docs/promote.yaml

@@ -0,0 +1,47 @@
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: promote
+spec:
+  params:
+  - name: github-secret
+    type: string
+    description: seret name of the github that has the access token. The key name is token.
+  - name: from
+    type: string
+    description: github repository url to be promoted from
+  - name: to
+    type: string
+    description: github repository url to be promoted to
+  - name: service
+    type: string
+    description: service name to be promoted
+  - name: github-config
+    type: string
+    description: configmap name of the gitconfig file that has user name, user e-mail.  The key name is gitconfig. It can be created by "kubectl create configmap <configmap name> --from-file=gitconfig -n promote"
+  volumes:
+  - name: gitconfig
+    configMap:
+      name: $(params.github-config)
+      items:
+        - key: gitconfig
+          path: gitconfig
+  steps:
+  - name: promote
+    #image: akihikokuroda/promote
+    image: <image name>
+    imagePullPolicy: Always
+    volumeMounts:
+    - name: gitconfig
+      mountPath: /root
+    script: |
+      #!/bin/sh
+      cp /root/gitconfig $HOME/.gitconfig
+      services promote --from $(params.from) --to $(params.to) --service $(params.service) 
+    env:
+    - name: GITHUB_TOKEN
+      valueFrom:
+        secretKeyRef:
+          name: $(params.github-secret)
+          key: token
+

docs/promoterun.yaml

@@ -0,0 +1,19 @@
+apiVersion: tekton.dev/v1beta1
+kind: TaskRun
+metadata:
+  name: promoterun
+spec:
+  params:
+  - name: github-secret
+    value: promotesecret
+  - name: github-config
+    value: promoteconfigmap
+  - name: from
+    value: "https://github.com/akihikokuroda/gitops-test.git"
+  - name: to
+    value: "https://github.com/akihikokuroda/gitops-prod.git"
+  - name: service
+    value: service-a
+  #serviceAccountName: tekton-triggers-controller
+  taskRef:
+    name: promote

docs/promotesecret.yaml

@@ -0,0 +1,6 @@
+kind: Secret
+apiVersion: v1
+metadata:
+  name: promotesecret
+stringData:
+  token: <github personal access token>

docs/resources.yaml

@@ -0,0 +1,39 @@
+apiVersion: tekton.dev/v1alpha1
+kind: PipelineResource
+metadata:
+  name: git-app-repo
+spec:
+  params:
+  - name: revision
+    value: master
+  - name: url
+    #value: https://github.com/akihikokuroda/promote-demo.git
+    value: https://github.com/<github org>/<github repo>.git
+  type: git
+
+---
+
+apiVersion: tekton.dev/v1alpha1
+kind: PipelineResource
+metadata:
+  name: docker-app-image
+spec:
+  params:
+  - name: url
+    #value: akihikokuroda/app-image
+    value: <docker hub image name>
+  type: image
+
+---
+
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: repopvc
+spec:
+  resources:
+    requests:
+      storage: 16Mi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce

docs/servicepromote.yaml

@@ -0,0 +1,49 @@
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: service-promote
+spec:
+  workspaces:
+  - name: repo
+  params:
+  - name: github-secret
+    type: string
+    description: name of the secret that contains the GitHub access token, the access token must be in a token key.
+  - name: from
+    type: string
+    description: github repository url to be promoted from
+    default: /workspace/repo
+  - name: to
+    type: string
+    description: github repository url to be promoted to
+  - name: service
+    type: string
+    description: service name to be promoted
+  - name: github-config
+    type: string
+    description: configmap name of the gitconfig file that has user name and e-mail.  The key name is gitconfig. It can be created by "kubectl create configmap <configmap name> --from-file=$HOME/.gitconfig -n <namespace>"
+  volumes:
+  - name: gitconfig
+    configMap:
+      name: $(params.github-config)
+      items:
+        - key: gitconfig
+          path: gitconfig
+  steps:
+  - name: promote
+    image: <image name>
+    imagePullPolicy: Always
+    volumeMounts:
+    - name: gitconfig
+      mountPath: /root
+    script: |
+      #!/bin/sh
+      cp /root/gitconfig $HOME/.gitconfig
+      services promote --from $(params.from) --to $(params.to) --service $(params.service) 
+    env:
+    - name: GITHUB_TOKEN
+      valueFrom:
+        secretKeyRef:
+          name: $(params.github-secret)
+          key: token
+

docs/servicepromotepipeline.yaml

@@ -0,0 +1,71 @@
+apiVersion: tekton.dev/v1alpha1
+kind: Pipeline
+metadata:
+  name: service-promote-pipeline
+spec:
+  workspaces:
+  - name: repo-space
+  params:
+  - name: commitId
+    type: string
+    description: commit ID of the source repository.
+  - name: github-secret
+    type: string
+    description: name of the secret that contains the GitHub access token, the access token must be in a token key.
+  - name: from
+    type: string
+    description: github repository url to be promoted from
+    default: /workspace/repo
+  - name: to
+    type: string
+    description: github repository url to be promoted to
+  - name: service
+    type: string
+    description: service name to be promoted
+  - name: github-config
+    type: string
+    description: configmap name of the gitconfig file that has user name, user e-mail.  The key name is gitco
+  resources: 
+  - name: git-source
+    type: git
+  - name: docker-image
+    type: image
+  tasks:
+  - name: build-simple
+    taskRef:
+      name: build-push
+    workspaces:
+    - name: repo
+      workspace: repo-space
+    params:
+    - name: commitId
+      value: $(params.commitId)
+    resources:
+      inputs:
+      - name: git-source
+        resource: git-source
+      outputs:
+      - name: builtImage
+        resource: docker-image
+  - name: promote
+    runAfter: [build-simple]
+    taskRef:
+      name: service-promote
+    workspaces:
+    - name: repo
+      workspace: repo-space
+    params:
+    - name: github-secret
+      value: $(params.github-secret)
+    - name: from
+      value: $(params.from)
+    - name: to
+      value: $(params.to)
+    - name: service
+      value: $(params.service)
+    - name: github-config
+      value: $(params.github-config)
+
+
+
+