shortbrain
diff --git a/‎.github/dependabot.yaml
Lines changed: 12 additions & 0 deletions b/‎.github/dependabot.yaml
Lines changed: 12 additions & 0 deletions
diff --git a/‎.github/workflows/images.yaml
Lines changed: 70 additions & 0 deletions b/‎.github/workflows/images.yaml
Lines changed: 70 additions & 0 deletions
diff --git a/‎.github/workflows/test-tasks.yaml
Lines changed: 50 additions & 0 deletions b/‎.github/workflows/test-tasks.yaml
Lines changed: 50 additions & 0 deletions
diff --git a/‎go-crane-image/go-crane-image.yaml
Lines changed: 151 additions & 0 deletions b/‎go-crane-image/go-crane-image.yaml
Lines changed: 151 additions & 0 deletions
diff --git a/‎go-crane-image/tests/run.yaml
Lines changed: 65 additions & 0 deletions b/‎go-crane-image/tests/run.yaml
Lines changed: 65 additions & 0 deletions
@@ -0,0 +1,12 @@
+version: 2
+updates:
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      # Disable all pull requests for Docker dependencies
+    open-pull-requests-limit: 0
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
@@ -0,0 +1,70 @@
+on:
+  pull_request:
+    branches: [ main ]
+  push:
+    branches: [ main ]
+  schedule:
+    - cron: '0 0 * * *'
+
+name: build-images
+
+env:
+  REGISTRY: ghcr.io
+  
+jobs:
+  list:
+    runs-on: ubuntu-latest
+    outputs:
+      images: ${{ steps.output-images.outputs.images }}
+    steps:
+      - uses: actions/checkout@v3
+      - name: list images
+        id: output-images
+        run: |
+          echo "images=$(ls images | jq -R -s -c 'split("\n")[:-1]')" >> $GITHUB_OUTPUT
+
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    needs: list
+    strategy:
+      matrix:
+        image: ${{fromJSON(needs.list.outputs.images)}}
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 2
+      - name: Get changed files
+        id: changed-files
+        uses: tj-actions/changed-files@v35
+        with:
+          files: |
+            images/${{ matrix.image }}/**
+      - name: changed files
+        if: steps.changed-files.outputs.any_changed == 'true'
+        run: |
+          echo ${{ steps.changed-files.outputs.any_changed }}
+          echo "List all the files that have changed: ${{ steps.changed-files-specific.outputs.all_changed_files }}"
+      - name: Log in to the Container registry
+        if: steps.changed-files.outputs.any_changed == 'true' || github.event_name != 'pull_request'
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Extract metadata (tags, labels) for Docker
+        if: steps.changed-files.outputs.any_changed == 'true' || github.event_name != 'pull_request'
+        id: meta
+        uses: docker/metadata-action@57396166ad8aefe6098280995947635806a0e6ea
+        with:
+          images: ${{ env.REGISTRY }}/${{ github.repository }}/${{ matrix.image }}
+      - name: Build and push Docker image
+        if: steps.changed-files.outputs.any_changed == 'true' || github.event_name != 'pull_request'
+        uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
+        with:
+          context: images/${{ matrix.image }}
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
@@ -0,0 +1,50 @@
+on:
+  pull_request:
+    branches: [ main ]
+  push:
+    branches: [ main ]
+  schedule:
+    - cron: '0 0 * * *'
+
+name: test-tasks
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+    - uses: actions/checkout@v3
+    - uses: chainguard-dev/actions/setup-kind@main
+      with:
+        k8s-version: v1.23.x
+    - uses: vdemeester/setup-tektoncd@main
+      with:
+        pipeline: v0.44.x
+        pipeline-feature-flags: '{"enable-api-fields": "alpha"}'
+    - name: run-tests
+      run: |        
+        kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/main/task/git-clone/0.7/git-clone.yaml
+        # go-crane-image
+        kubectl create -f ./tasks/go-crane-image/go-crane-image.yaml
+        kubectl create -f ./tasks/go-crane-image/tests/run.yaml
+
+        tkn pipelinerun logs -f go-crane-image-test-run
+        tkn pipelinerun describe go-crane-image-test-run
+
+        kubectl get pipelinerun go-crane-image-test-run
+        #status=$(kubectl get pipelinerun go-crane-image-test-run -o json | jq -r '.items[] | .status.conditions[] | select(.type == "Succeeded") | .status')
+        #if [[ "${status}" != "True" ]]; then
+        #  echo "go-crane-image test failed"
+        #  kubectl get pipelinerun/go-crane-image-test-run -o yaml
+        #fi
+
+        # go-ko-image
+        kubectl create -f ./tasks/go-ko-image/go-ko-image.yaml
+        kubectl create -f ./tasks/go-ko-image/tests/run.yaml
+
+        tkn pipelinerun logs -f go-ko-image-test-run
+        tkn pipelinerun describe go-ko-image-test-run
+
+        kubectl get pipelinerun go-ko-image-test-run
@@ -0,0 +1,151 @@
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: go-crane-image
+  labels:
+    app.kubernetes.io/version: "0.1"
+  annotations:
+    tekton.dev/pipelines.minVersion: "0.40.0"
+    tekton.dev/categories: language
+    tekton.dev/tags: go
+    tekton.dev/displayName: "go crane image"
+    tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64"
+spec:
+  description: >-
+    The go-crane-image Task will build a container image based of off a go
+    project to be compiled, using crane.
+  workspaces:
+  - name: source
+    description: The go source to build
+  - name: dockerconfig
+    description: Includes a docker `config.json` or `.dockerconfigjson`
+    optional: true
+  params:
+  - name: app
+    description: >-
+      The name of the "application" to build. This will have an impact on the binary
+      and possibly the image reference
+  - name: package
+    description: >-
+      The package to build. It needs to be a package `main` that compiles into a binary.
+      The default value is `.`, usual value can be `./cmd/{name}`
+    default: .
+  - name: image
+    description: >-
+      The image specific options such as prefix, labels, env, …
+    type: object
+    properties:
+      base: {type: string}
+      labels: {type: string}
+      envs: {type: string}
+      push: {type: string}
+      prefix: {type: string}
+      tag: {type: string}
+    default:
+      base: ""
+      labels: ""
+      envs: ""
+      push: "true"
+      tag: "latest"
+  - name: go
+    description: >-
+      Golang options, such as flags, version, …
+    type: object
+    properties:
+      version: {type: string}
+      GOFLAGS: {type: string}
+      GOOS: {type: string}
+      GOARCH: {type: string}
+      CGO_ENABLED: {type: string}
+    default:
+      version: "1.18"
+      GOFLAGS: "-v"
+      GOOS: ""
+      GOARCH: ""
+      CGO_ENABLED: "0"
+  results:
+    - name: IMAGE_DIGEST
+      description: Digest of the image just built.
+    - name: IMAGE_URL
+      description: URL of the image just built.
+  steps:
+  - name: build-go
+    image: docker.io/library/golang:$(params.go.version)
+    workingDir: $(workspaces.source.path)
+    script: |
+      #!/usr/bin/env bash
+      set -e
+      go env
+      go build -o $(params.app) $(params.package)
+    env:
+    - name: GOFLAGS
+      value: "$(params.go.GOFLAGS)"
+    - name: GOOS
+      value: "$(params.go.GOOS)"
+    - name: GOARCH
+      value: "$(params.go.GOARCH)"
+    - name: CGO_ENABLED
+      value: "$(params.go.CGO_ENABLED)"
+  - name: publish-image
+    image: ghcr.io/shortbrain/golang-tasks/crane:0.12.0
+    workingDir: $(workspaces.source.path)
+    script: |
+      #!/usr/bin/env bash
+      set -e
+
+      if [[ "$(params.image.push)" == "false" ]]; then
+        echo "Not doing anything as push is disabled"
+        echo -n "" > $(resutls.IMAGE_DIGEST.path)
+        echo -n "" > $(resutls.IMAGE_URL.path)
+        exit 0
+      fi
+
+      # Prepare the layer to add
+      mkdir output
+      cp $(params.app) ./output
+      # FIXME: extra things to copy ?
+      
+      if [[ "$(workspaces.dockerconfig.bound)" == "true" ]]; then
+        # if config.json exists at workspace root, we use that
+        if test -f "$(workspaces.dockerconfig.path)/config.json"; then
+          export DOCKER_CONFIG="$(workspaces.dockerconfig.path)"
+        # else we look for .dockerconfigjson at the root
+        elif test -f "$(workspaces.dockerconfig.path)/.dockerconfigjson"; then
+          cp "$(workspaces.dockerconfig.path)/.dockerconfigjson" "$HOME/.docker/config.json"
+          export DOCKER_CONFIG="$HOME/.docker"
+        # need to error out if neither files are present
+        else
+          echo "neither 'config.json' nor '.dockerconfigjson' found at workspace root"
+          exit 1
+        fi
+      fi
+
+      APPEND_FLAGS="--new_tag $(params.image.prefix)/$(params.app):$(params.image.tag)"
+      if [[ -n "$(params.image.base)" ]]; then
+        APPEND_FLAGS="--base $(params.image.base) ${APPEND_FLAGS}"
+      fi
+
+      MUTATE_FLAGS="--entrypoint=/$(params.app) --tag $(params.image.prefix)/$(params.app):$(params.image.tag)"
+      # envs
+      while IFS=';' read -ra ENVS; do
+      for ENV in "${ENVS[@]}"; do
+        MUTATE_FLAGS="${MUTATE_FLAGS} --env ${ENV}"
+      done
+      done <<< "$(params.image.envs)"
+
+      # labels
+      while IFS=';' read -ra LABELS; do
+      for LABEL in "${LABELS[@]}"; do
+        MUTATE_FLAGS="${MUTATE_FLAGS} --label ${LABEL}"
+      done
+      done <<< "$(params.image.labels)"
+
+      crane mutate $( \
+        crane append ${APPEND_FLAGS} \
+          --new_layer <(cd ./output && tar -f - -c .) \
+        ) \
+        ${MUTATE_FLAGS} > crane_output
+      CRANE_OUTPUT=$(cat crane_output)
+      echo -n ${CRANE_OUTPUT#*@} > $(results.IMAGE_DIGEST.path)
+      echo -n ${CRANE_OUTPUT} > $(results.IMAGE_URL.path)
+      # echo -n ${CRANE_OUTPUT%@*} > $(results.IMAGE_URL.path)
@@ -0,0 +1,65 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: go-crane-image-source-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 500Mi
+---
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+  name: go-crane-image-pipeline
+spec:
+  workspaces:
+    - name: shared-workspace
+  tasks:
+    - name: fetch-repository
+      taskRef:
+        name: git-clone
+      workspaces:
+        - name: output
+          workspace: shared-workspace
+      params:
+        - name: url
+          value: https://github.com/chmouel/go-rest-api-test
+        - name: subdirectory
+          value: ""
+        - name: deleteExisting
+          value: "true"
+    - name: run-build
+      taskRef:
+        name: go-crane-image
+      runAfter:
+        - fetch-repository
+      workspaces:
+        - name: source
+          workspace: shared-workspace
+      params:
+      - name: app
+        value: go-rest-api
+      - name: go
+        value:
+          CGO_ENABLED: "0"
+      - name: image
+        value:
+          base: docker.io/library/alpine
+          prefix: registry.local:5000/go-rest-api-test
+          labels: foo=bar;bar=baz
+          envs: FOO=bar;BAR=baz
+---
+apiVersion: tekton.dev/v1beta1
+kind: PipelineRun
+metadata:
+  name: go-crane-image-test-run
+spec:
+  pipelineRef:
+    name: go-crane-image-pipeline
+  workspaces:
+    - name: shared-workspace
+      persistentvolumeclaim:
+        claimName: go-crane-image-source-pvc