diff --git a/Makefile b/Makefile index 6c3c50ffc..4140b2f0f 100644 --- a/Makefile +++ b/Makefile @@ -64,3 +64,110 @@ osdk-image: $(Q)operator-sdk build \ --go-build-args "-o build/_output/bin/openshift-pipelines-operator" \ $(IMAGE_TAG) + +##########------------------------------------------------------------########## +##########- Operator Release------------------------------------------########## +##########------------------------------------------------------------########## + +.PHONY: opo-test-clean +opo-test-clean: + -oc delete -f deploy/ + -oc delete -f deploy/crds/ + +.PHONY: opo-up-local +opo-test-e2e-up-local: opo-test-clean + operator-sdk test local ./test/e2e/ --up-local --namespace openshift-pipelines --go-test-flags "-v -timeout=10m" --local-operator-flags "--recursive" + +.PHONY: opo-test-e2e +opo-test-e2e: opo-test-clean + operator-sdk test local ./test/e2e/ --namespace openshift-operators --go-test-flags "-v -timeout=10m" --local-operator-flags "--recursive" + +# make targets for release +.PHONY: opo-clean +opo-clean: + rm -rf build/_output + +.PHONY: opo-image +opo-image: opo-clean +ifndef VERSION + @echo VERSION not set + @exit 1 +endif + operator-sdk build quay.io/openshift-pipeline/openshift-pipelines-operator:v${VERSION} + +.PHONY: opo-image-push +opo-image-push: opo-image +ifndef VERSION + @echo VERSION not set + @exit 1 +endif + docker push quay.io/openshift-pipeline/openshift-pipelines-operator:v${VERSION} + +.PHONY: opo-build-push-update +opo-build-push-update: opo-image-push +ifndef VERSION + @echo VERSION not set + @exit 1 +endif + sed -i 's/image:.*/image: quay.io\/openshift-pipeline\/openshift-pipelines-operator:'v${VERSION}'/' deploy/operator.yaml + +.PHONY: opo-new-csv +opo-new-csv: +ifndef VERSION + @echo VERSION not set + @exit 1 +endif +ifndef FROM_VERSION + @echo FROM_VERSION not set + @exit 1 +endif +ifndef CHANNEL + @echo CHANNEL not set + @exit 1 +endif + operator-sdk olm-catalog gen-csv \ + --csv-channel dev-preview \ + --csv-version ${VERSION} \ + --from-version ${FROM_VERSION} \ + --operator-name openshift-pipelines-operator \ + --update-crds + +.PHONY: opo-opr-verify +opo-opr-verify: + operator-courier verify \ + --ui_validate_io \ + deploy/olm-catalog/openshift-pipelines-operator + +.PHONY: opo-push-quay-app +opo-push-quay-app: +ifndef VERSION + @echo VERSION not set + @exit 1 +endif +ifndef QUAY_NAMESPACE + @echo QUAY_NAMESPACE not set + @exit 1 +endif +ifndef TOKEN + @echo TOKEN not set + @exit 1 +endif + operator-courier --verbose push \ + ./deploy/olm-catalog/openshift-pipelines-operator \ + ${QUAY_NAMESPACE} \ + openshift-pipelines-operator \ + ${VERSION} \ + "${TOKEN}" + +.PHONY: opo-test-scorecard +opo-test-scorecard: +ifndef VERSION + @echo VERSION not set + @exit 1 +endif + operator-sdk scorecard \ + --olm-deployed \ + --csv-path deploy/olm-catalog/openshift-pipelines-operator/${VERSION}/openshift-pipelines-operator.v${VERSION}.clusterserviceversion.yaml \ + --namespace openshift-operators \ + --cr-manifest ./deploy/crds/operator_v1alpha1_config_cr.yaml \ + --crds-dir .deploy/olm-catalog/openshift-pipelines-operator/${VERSION} diff --git a/deploy/olm-catalog/openshift-pipelines-operator/0.9.0/openshift-pipelines-operator.v0.9.0.clusterserviceversion.yaml b/deploy/olm-catalog/openshift-pipelines-operator/0.9.0/openshift-pipelines-operator.v0.9.0.clusterserviceversion.yaml index 8679b06ca..ca5cfdb4b 100644 --- a/deploy/olm-catalog/openshift-pipelines-operator/0.9.0/openshift-pipelines-operator.v0.9.0.clusterserviceversion.yaml +++ b/deploy/olm-catalog/openshift-pipelines-operator/0.9.0/openshift-pipelines-operator.v0.9.0.clusterserviceversion.yaml @@ -10,9 +10,9 @@ metadata: createdAt: "2019-03-15T19:44:21Z" description: OpenShift Pipelines is a cloud-native CI/CD solution for building pipelines using Tekton concepts which run natively on OpenShift and Kubernetes. + operators.operatorframework.io/internal-objects: '["config.operator.tekton.dev"]' repository: https://github.com/openshift/tektoncd-pipeline-operator support: Red Hat, Inc. - operators.operatorframework.io/internal-objects: '["config.operator.tekton.dev"]' name: openshift-pipelines-operator.v0.9.0 namespace: placeholder spec: @@ -319,6 +319,12 @@ spec: - '*' verbs: - '*' + - apiGroups: + - console.openshift.io + resources: + - consoleyamlsamples + verbs: + - '*' serviceAccountName: openshift-pipelines-operator deployments: - name: openshift-pipelines-operator @@ -348,7 +354,7 @@ spec: fieldPath: metadata.name - name: OPERATOR_NAME value: openshift-pipelines-operator - image: quay.io/openshift-pipeline/openshift-pipelines-operator:v0.8.1 + image: quay.io/openshift-pipeline/openshift-pipelines-operator:v0.9.0 imagePullPolicy: Always name: openshift-pipelines-operator resources: {} diff --git a/deploy/olm-catalog/openshift-pipelines-operator/openshift-pipelines-operator.package.yaml b/deploy/olm-catalog/openshift-pipelines-operator/openshift-pipelines-operator.package.yaml index 8b17fd144..730fea2a6 100644 --- a/deploy/olm-catalog/openshift-pipelines-operator/openshift-pipelines-operator.package.yaml +++ b/deploy/olm-catalog/openshift-pipelines-operator/openshift-pipelines-operator.package.yaml @@ -1,5 +1,5 @@ channels: -- currentCSV: openshift-pipelines-operator.v0.8.2 +- currentCSV: openshift-pipelines-operator.v0.9.0 name: canary - currentCSV: openshift-pipelines-operator.v0.8.2 name: dev-preview diff --git a/deploy/operator.yaml b/deploy/operator.yaml index 77174cd81..f4be16145 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -16,7 +16,7 @@ spec: serviceAccountName: openshift-pipelines-operator containers: - name: openshift-pipelines-operator - image: quay.io/openshift-pipeline/openshift-pipelines-operator:v0.8.2 + image: quay.io/openshift-pipeline/openshift-pipelines-operator:v0.9.0 command: - openshift-pipelines-operator - --recursive diff --git a/deploy/resources/v0.9.2/addons/clustertasks/buildah/buildah-task.yaml b/deploy/resources/v0.9.2/addons/clustertasks/buildah/buildah-task.yaml new file mode 100644 index 000000000..ecdb2cd95 --- /dev/null +++ b/deploy/resources/v0.9.2/addons/clustertasks/buildah/buildah-task.yaml @@ -0,0 +1,56 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/tektoncd-catalog/release-v0.8/buildah/buildah.yaml +# +--- +--- +apiVersion: tekton.dev/v1alpha1 +kind: ClusterTask +metadata: + name: buildah +spec: + inputs: + params: + - name: BUILDER_IMAGE + description: The location of the buildah builder image. + default: quay.io/buildah/stable:v1.11.0 + - name: DOCKERFILE + description: Path to the Dockerfile to build. + default: ./Dockerfile + - name: TLSVERIFY + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) + default: "true" + + resources: + - name: source + type: git + + outputs: + resources: + - name: image + type: image + + steps: + - name: build + image: $(inputs.params.BUILDER_IMAGE) + workingDir: /workspace/source + command: ['buildah', 'bud', '--tls-verify=$(inputs.params.TLSVERIFY)', '--layers', '-f', '$(inputs.params.DOCKERFILE)', '-t', '$(outputs.resources.image.url)', '.'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + securityContext: + privileged: true + + - name: push + image: $(inputs.params.BUILDER_IMAGE) + workingDir: /workspace/source + command: ['buildah', 'push', '--tls-verify=$(inputs.params.TLSVERIFY)', '$(outputs.resources.image.url)', 'docker://$(outputs.resources.image.url)'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + securityContext: + privileged: true + + volumes: + - name: varlibcontainers + emptyDir: {} diff --git a/deploy/resources/v0.9.2/addons/clustertasks/buildah/buildah-v0-8-0-task.yaml b/deploy/resources/v0.9.2/addons/clustertasks/buildah/buildah-v0-8-0-task.yaml new file mode 100644 index 000000000..4f53fbcc4 --- /dev/null +++ b/deploy/resources/v0.9.2/addons/clustertasks/buildah/buildah-v0-8-0-task.yaml @@ -0,0 +1,56 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/tektoncd-catalog/release-v0.8/buildah/buildah.yaml +# +--- +--- +apiVersion: tekton.dev/v1alpha1 +kind: ClusterTask +metadata: + name: buildah-v0-8-0 +spec: + inputs: + params: + - name: BUILDER_IMAGE + description: The location of the buildah builder image. + default: quay.io/buildah/stable:v1.11.0 + - name: DOCKERFILE + description: Path to the Dockerfile to build. + default: ./Dockerfile + - name: TLSVERIFY + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) + default: "true" + + resources: + - name: source + type: git + + outputs: + resources: + - name: image + type: image + + steps: + - name: build + image: $(inputs.params.BUILDER_IMAGE) + workingDir: /workspace/source + command: ['buildah', 'bud', '--tls-verify=$(inputs.params.TLSVERIFY)', '--layers', '-f', '$(inputs.params.DOCKERFILE)', '-t', '$(outputs.resources.image.url)', '.'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + securityContext: + privileged: true + + - name: push + image: $(inputs.params.BUILDER_IMAGE) + workingDir: /workspace/source + command: ['buildah', 'push', '--tls-verify=$(inputs.params.TLSVERIFY)', '$(outputs.resources.image.url)', 'docker://$(outputs.resources.image.url)'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + securityContext: + privileged: true + + volumes: + - name: varlibcontainers + emptyDir: {} diff --git a/deploy/resources/v0.9.2/addons/clustertasks/cluster-role.yaml b/deploy/resources/v0.9.2/addons/clustertasks/cluster-role.yaml new file mode 100644 index 000000000..c4877aafb --- /dev/null +++ b/deploy/resources/v0.9.2/addons/clustertasks/cluster-role.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: tekton-clustertasks-view +rules: +- apiGroups: + - tekton.dev + resources: + - clustertasks + verbs: + - get + - list + - watch diff --git a/deploy/resources/v0.9.2/addons/clustertasks/cluster-rolebinding.yaml b/deploy/resources/v0.9.2/addons/clustertasks/cluster-rolebinding.yaml new file mode 100644 index 000000000..4f833c9a9 --- /dev/null +++ b/deploy/resources/v0.9.2/addons/clustertasks/cluster-rolebinding.yaml @@ -0,0 +1,12 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-clustertasks-view-auth +roleRef: + kind: ClusterRole + name: tekton-clustertasks-view + apiGroup: rbac.authorization.k8s.io +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: system:authenticated diff --git a/deploy/resources/v0.9.2/addons/clustertasks/openshift-client/openshift-client-task.yaml b/deploy/resources/v0.9.2/addons/clustertasks/openshift-client/openshift-client-task.yaml new file mode 100644 index 000000000..d7ab66044 --- /dev/null +++ b/deploy/resources/v0.9.2/addons/clustertasks/openshift-client/openshift-client-task.yaml @@ -0,0 +1,23 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/tektoncd-catalog/release-v0.8/openshift-client/openshift-client-task.yaml +# +--- +apiVersion: tekton.dev/v1alpha1 +kind: ClusterTask +metadata: + name: openshift-client +spec: + inputs: + params: + - name: ARGS + description: The OpenShift CLI arguments to run + type: array + default: + - "help" + steps: + - name: oc + image: quay.io/openshift/origin-cli:latest + command: ["/usr/bin/oc"] + args: + - "$(inputs.params.ARGS)" diff --git a/deploy/resources/v0.9.2/addons/clustertasks/openshift-client/openshift-client-v0-8-0-task.yaml b/deploy/resources/v0.9.2/addons/clustertasks/openshift-client/openshift-client-v0-8-0-task.yaml new file mode 100644 index 000000000..3f92497e1 --- /dev/null +++ b/deploy/resources/v0.9.2/addons/clustertasks/openshift-client/openshift-client-v0-8-0-task.yaml @@ -0,0 +1,23 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/tektoncd-catalog/release-v0.8/openshift-client/openshift-client-task.yaml +# +--- +apiVersion: tekton.dev/v1alpha1 +kind: ClusterTask +metadata: + name: openshift-client-v0-8-0 +spec: + inputs: + params: + - name: ARGS + description: The OpenShift CLI arguments to run + type: array + default: + - "help" + steps: + - name: oc + image: quay.io/openshift/origin-cli:latest + command: ["/usr/bin/oc"] + args: + - "$(inputs.params.ARGS)" diff --git a/deploy/resources/v0.9.2/addons/clustertasks/s2i-go/s2i-go-task.yaml b/deploy/resources/v0.9.2/addons/clustertasks/s2i-go/s2i-go-task.yaml new file mode 100644 index 000000000..3cf8f6b86 --- /dev/null +++ b/deploy/resources/v0.9.2/addons/clustertasks/s2i-go/s2i-go-task.yaml @@ -0,0 +1,59 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/pipelines-catalog/release-v0.8/s2i-go/s2i-go-task.yaml +# +--- +apiVersion: tekton.dev/v1alpha1 +kind: ClusterTask +metadata: + name: s2i-go +spec: + inputs: + resources: + - name: source + type: git + params: + - name: PATH_CONTEXT + description: The location of the path to run s2i from. + default: . + type: string + - name: TLSVERIFY + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) + default: "true" + type: string + outputs: + resources: + - name: image + type: image + steps: + - name: generate + image: quay.io/openshift-pipeline/s2i:v0.8.0 + workingDir: /workspace/source + command: ['s2i', 'build', '$(inputs.params.PATH_CONTEXT)', 'registry.access.redhat.com/devtools/go-toolset-rhel7', '--as-dockerfile', '/gen-source/Dockerfile.gen'] + volumeMounts: + - name: gen-source + mountPath: /gen-source + - name: build + image: quay.io/buildah/stable + workingDir: /gen-source + command: ['buildah', 'bud', '--tls-verify=$(inputs.params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(outputs.resources.image.url)', '.'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: gen-source + mountPath: /gen-source + securityContext: + privileged: true + - name: push + image: quay.io/buildah/stable + command: ['buildah', 'push', '--tls-verify=$(inputs.params.TLSVERIFY)', '$(outputs.resources.image.url)', 'docker://$(outputs.resources.image.url)'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + securityContext: + privileged: true + volumes: + - name: varlibcontainers + emptyDir: {} + - name: gen-source + emptyDir: {} diff --git a/deploy/resources/v0.9.2/addons/clustertasks/s2i-go/s2i-go-v0-8-0-task.yaml b/deploy/resources/v0.9.2/addons/clustertasks/s2i-go/s2i-go-v0-8-0-task.yaml new file mode 100644 index 000000000..4ba1340ec --- /dev/null +++ b/deploy/resources/v0.9.2/addons/clustertasks/s2i-go/s2i-go-v0-8-0-task.yaml @@ -0,0 +1,59 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/pipelines-catalog/release-v0.8/s2i-go/s2i-go-task.yaml +# +--- +apiVersion: tekton.dev/v1alpha1 +kind: ClusterTask +metadata: + name: s2i-go-v0-8-0 +spec: + inputs: + resources: + - name: source + type: git + params: + - name: PATH_CONTEXT + description: The location of the path to run s2i from. + default: . + type: string + - name: TLSVERIFY + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) + default: "true" + type: string + outputs: + resources: + - name: image + type: image + steps: + - name: generate + image: quay.io/openshift-pipeline/s2i:v0.8.0 + workingDir: /workspace/source + command: ['s2i', 'build', '$(inputs.params.PATH_CONTEXT)', 'registry.access.redhat.com/devtools/go-toolset-rhel7', '--as-dockerfile', '/gen-source/Dockerfile.gen'] + volumeMounts: + - name: gen-source + mountPath: /gen-source + - name: build + image: quay.io/buildah/stable + workingDir: /gen-source + command: ['buildah', 'bud', '--tls-verify=$(inputs.params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(outputs.resources.image.url)', '.'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: gen-source + mountPath: /gen-source + securityContext: + privileged: true + - name: push + image: quay.io/buildah/stable + command: ['buildah', 'push', '--tls-verify=$(inputs.params.TLSVERIFY)', '$(outputs.resources.image.url)', 'docker://$(outputs.resources.image.url)'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + securityContext: + privileged: true + volumes: + - name: varlibcontainers + emptyDir: {} + - name: gen-source + emptyDir: {} diff --git a/deploy/resources/v0.9.2/addons/clustertasks/s2i-java-11/s2i-java-11-task.yaml b/deploy/resources/v0.9.2/addons/clustertasks/s2i-java-11/s2i-java-11-task.yaml new file mode 100644 index 000000000..e59ef813e --- /dev/null +++ b/deploy/resources/v0.9.2/addons/clustertasks/s2i-java-11/s2i-java-11-task.yaml @@ -0,0 +1,108 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/pipelines-catalog/release-v0.8/s2i-java-11/s2i-java-11-task.yaml +# +--- +apiVersion: tekton.dev/v1alpha1 +kind: ClusterTask +metadata: + name: s2i-java-11 +spec: + inputs: + resources: + - name: source + type: git + params: + - name: PATH_CONTEXT + description: The location of the path to run s2i from + default: . + type: string + - name: TLSVERIFY + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) + default: "true" + type: string + - name: MAVEN_ARGS_APPEND + description: Additional Maven arguments + default: "" + type: string + - name: MAVEN_CLEAR_REPO + description: Remove the Maven repository after the artifact is built + default: "false" + type: string + - name: MAVEN_MIRROR_URL + description: The base URL of a mirror used for retrieving artifacts + default: "" + type: string + outputs: + resources: + - name: image + type: image + steps: + - name: gen-env-file + image: quay.io/openshift-pipeline/s2i:v0.8.0 + workingDir: /env-params + command: + - '/bin/sh' + - '-c' + args: + - |- + echo "MAVEN_CLEAR_REPO=$(inputs.params.MAVEN_CLEAR_REPO)" > env-file + + [[ '$(inputs.params.MAVEN_ARGS_APPEND)' != "" ]] && + echo "MAVEN_ARGS_APPEND=$(inputs.params.MAVEN_ARGS_APPEND)" >> env-file + + [[ '$(inputs.params.MAVEN_MIRROR_URL)' != "" ]] && + echo "MAVEN_MIRROR_URL=$(inputs.params.MAVEN_MIRROR_URL)" >> env-file + + echo "Generated Env file" + echo "------------------------------" + cat env-file + echo "------------------------------" + volumeMounts: + - name: envparams + mountPath: /env-params + - name: generate + image: quay.io/openshift-pipeline/s2i + workingDir: /workspace/source + command: + - 's2i' + - 'build' + - '$(inputs.params.PATH_CONTEXT)' + - 'registry.access.redhat.com/openjdk/openjdk-11-rhel7' + - '--image-scripts-url' + - 'image:///usr/local/s2i' + - '--as-dockerfile' + - '/gen-source/Dockerfile.gen' + - '--environment-file' + - '/env-params/env-file' + volumeMounts: + - name: gen-source + mountPath: /gen-source + - name: envparams + mountPath: /env-params + - name: build + image: quay.io/buildah/stable + workingDir: /gen-source + command: ['buildah', 'bud', '--tls-verify=$(inputs.params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(outputs.resources.image.url)', '.'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: gen-source + mountPath: /gen-source + securityContext: + privileged: true + - name: push + image: quay.io/buildah/stable + command: ['buildah', 'push', '--tls-verify=$(inputs.params.TLSVERIFY)', '$(outputs.resources.image.url)', 'docker://$(outputs.resources.image.url)'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + securityContext: + privileged: true + volumes: + - name: varlibcontainers + emptyDir: {} + - name: gen-source + emptyDir: {} + - name: envparams + emptyDir: {} diff --git a/deploy/resources/v0.9.2/addons/clustertasks/s2i-java-11/s2i-java-11-v0-8-0-task.yaml b/deploy/resources/v0.9.2/addons/clustertasks/s2i-java-11/s2i-java-11-v0-8-0-task.yaml new file mode 100644 index 000000000..6e70d6ed5 --- /dev/null +++ b/deploy/resources/v0.9.2/addons/clustertasks/s2i-java-11/s2i-java-11-v0-8-0-task.yaml @@ -0,0 +1,108 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/pipelines-catalog/release-v0.8/s2i-java-11/s2i-java-11-task.yaml +# +--- +apiVersion: tekton.dev/v1alpha1 +kind: ClusterTask +metadata: + name: s2i-java-11-v0-8-0 +spec: + inputs: + resources: + - name: source + type: git + params: + - name: PATH_CONTEXT + description: The location of the path to run s2i from + default: . + type: string + - name: TLSVERIFY + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) + default: "true" + type: string + - name: MAVEN_ARGS_APPEND + description: Additional Maven arguments + default: "" + type: string + - name: MAVEN_CLEAR_REPO + description: Remove the Maven repository after the artifact is built + default: "false" + type: string + - name: MAVEN_MIRROR_URL + description: The base URL of a mirror used for retrieving artifacts + default: "" + type: string + outputs: + resources: + - name: image + type: image + steps: + - name: gen-env-file + image: quay.io/openshift-pipeline/s2i:v0.8.0 + workingDir: /env-params + command: + - '/bin/sh' + - '-c' + args: + - |- + echo "MAVEN_CLEAR_REPO=$(inputs.params.MAVEN_CLEAR_REPO)" > env-file + + [[ '$(inputs.params.MAVEN_ARGS_APPEND)' != "" ]] && + echo "MAVEN_ARGS_APPEND=$(inputs.params.MAVEN_ARGS_APPEND)" >> env-file + + [[ '$(inputs.params.MAVEN_MIRROR_URL)' != "" ]] && + echo "MAVEN_MIRROR_URL=$(inputs.params.MAVEN_MIRROR_URL)" >> env-file + + echo "Generated Env file" + echo "------------------------------" + cat env-file + echo "------------------------------" + volumeMounts: + - name: envparams + mountPath: /env-params + - name: generate + image: quay.io/openshift-pipeline/s2i + workingDir: /workspace/source + command: + - 's2i' + - 'build' + - '$(inputs.params.PATH_CONTEXT)' + - 'registry.access.redhat.com/openjdk/openjdk-11-rhel7' + - '--image-scripts-url' + - 'image:///usr/local/s2i' + - '--as-dockerfile' + - '/gen-source/Dockerfile.gen' + - '--environment-file' + - '/env-params/env-file' + volumeMounts: + - name: gen-source + mountPath: /gen-source + - name: envparams + mountPath: /env-params + - name: build + image: quay.io/buildah/stable + workingDir: /gen-source + command: ['buildah', 'bud', '--tls-verify=$(inputs.params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(outputs.resources.image.url)', '.'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: gen-source + mountPath: /gen-source + securityContext: + privileged: true + - name: push + image: quay.io/buildah/stable + command: ['buildah', 'push', '--tls-verify=$(inputs.params.TLSVERIFY)', '$(outputs.resources.image.url)', 'docker://$(outputs.resources.image.url)'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + securityContext: + privileged: true + volumes: + - name: varlibcontainers + emptyDir: {} + - name: gen-source + emptyDir: {} + - name: envparams + emptyDir: {} diff --git a/deploy/resources/v0.9.2/addons/clustertasks/s2i-java-8/s2i-java-8-task.yaml b/deploy/resources/v0.9.2/addons/clustertasks/s2i-java-8/s2i-java-8-task.yaml new file mode 100644 index 000000000..4791403c2 --- /dev/null +++ b/deploy/resources/v0.9.2/addons/clustertasks/s2i-java-8/s2i-java-8-task.yaml @@ -0,0 +1,108 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/pipelines-catalog/release-v0.8/s2i-java-8/s2i-java-8-task.yaml +# +--- +apiVersion: tekton.dev/v1alpha1 +kind: ClusterTask +metadata: + name: s2i-java-8 +spec: + inputs: + resources: + - name: source + type: git + params: + - name: PATH_CONTEXT + description: The location of the path to run s2i from + default: . + type: string + - name: TLSVERIFY + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) + default: "true" + type: string + - name: MAVEN_ARGS_APPEND + description: Additional Maven arguments + default: "" + type: string + - name: MAVEN_CLEAR_REPO + description: Remove the Maven repository after the artifact is built + default: "false" + type: string + - name: MAVEN_MIRROR_URL + description: The base URL of a mirror used for retrieving artifacts + default: "" + type: string + outputs: + resources: + - name: image + type: image + steps: + - name: gen-env-file + image: quay.io/openshift-pipeline/s2i:v0.8.0 + workingDir: /env-params + command: + - '/bin/sh' + - '-c' + args: + - |- + echo "MAVEN_CLEAR_REPO=$(inputs.params.MAVEN_CLEAR_REPO)" > env-file + + [[ '$(inputs.params.MAVEN_ARGS_APPEND)' != "" ]] && + echo "MAVEN_ARGS_APPEND=$(inputs.params.MAVEN_ARGS_APPEND)" >> env-file + + [[ '$(inputs.params.MAVEN_MIRROR_URL)' != "" ]] && + echo "MAVEN_MIRROR_URL=$(inputs.params.MAVEN_MIRROR_URL)" >> env-file + + echo "Generated Env file" + echo "------------------------------" + cat env-file + echo "------------------------------" + volumeMounts: + - name: envparams + mountPath: /env-params + - name: generate + image: quay.io/openshift-pipeline/s2i + workingDir: /workspace/source + command: + - 's2i' + - 'build' + - '$(inputs.params.PATH_CONTEXT)' + - 'registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift' + - '--image-scripts-url' + - 'image:///usr/local/s2i' + - '--as-dockerfile' + - '/gen-source/Dockerfile.gen' + - '--environment-file' + - '/env-params/env-file' + volumeMounts: + - name: gen-source + mountPath: /gen-source + - name: envparams + mountPath: /env-params + - name: build + image: quay.io/buildah/stable + workingDir: /gen-source + command: ['buildah', 'bud', '--tls-verify=$(inputs.params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(outputs.resources.image.url)', '.'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: gen-source + mountPath: /gen-source + securityContext: + privileged: true + - name: push + image: quay.io/buildah/stable + command: ['buildah', 'push', '--tls-verify=$(inputs.params.TLSVERIFY)', '$(outputs.resources.image.url)', 'docker://$(outputs.resources.image.url)'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + securityContext: + privileged: true + volumes: + - name: varlibcontainers + emptyDir: {} + - name: gen-source + emptyDir: {} + - name: envparams + emptyDir: {} diff --git a/deploy/resources/v0.9.2/addons/clustertasks/s2i-java-8/s2i-java-8-v0-8-0-task.yaml b/deploy/resources/v0.9.2/addons/clustertasks/s2i-java-8/s2i-java-8-v0-8-0-task.yaml new file mode 100644 index 000000000..654f04432 --- /dev/null +++ b/deploy/resources/v0.9.2/addons/clustertasks/s2i-java-8/s2i-java-8-v0-8-0-task.yaml @@ -0,0 +1,108 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/pipelines-catalog/release-v0.8/s2i-java-8/s2i-java-8-task.yaml +# +--- +apiVersion: tekton.dev/v1alpha1 +kind: ClusterTask +metadata: + name: s2i-java-8-v0-8-0 +spec: + inputs: + resources: + - name: source + type: git + params: + - name: PATH_CONTEXT + description: The location of the path to run s2i from + default: . + type: string + - name: TLSVERIFY + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) + default: "true" + type: string + - name: MAVEN_ARGS_APPEND + description: Additional Maven arguments + default: "" + type: string + - name: MAVEN_CLEAR_REPO + description: Remove the Maven repository after the artifact is built + default: "false" + type: string + - name: MAVEN_MIRROR_URL + description: The base URL of a mirror used for retrieving artifacts + default: "" + type: string + outputs: + resources: + - name: image + type: image + steps: + - name: gen-env-file + image: quay.io/openshift-pipeline/s2i:v0.8.0 + workingDir: /env-params + command: + - '/bin/sh' + - '-c' + args: + - |- + echo "MAVEN_CLEAR_REPO=$(inputs.params.MAVEN_CLEAR_REPO)" > env-file + + [[ '$(inputs.params.MAVEN_ARGS_APPEND)' != "" ]] && + echo "MAVEN_ARGS_APPEND=$(inputs.params.MAVEN_ARGS_APPEND)" >> env-file + + [[ '$(inputs.params.MAVEN_MIRROR_URL)' != "" ]] && + echo "MAVEN_MIRROR_URL=$(inputs.params.MAVEN_MIRROR_URL)" >> env-file + + echo "Generated Env file" + echo "------------------------------" + cat env-file + echo "------------------------------" + volumeMounts: + - name: envparams + mountPath: /env-params + - name: generate + image: quay.io/openshift-pipeline/s2i + workingDir: /workspace/source + command: + - 's2i' + - 'build' + - '$(inputs.params.PATH_CONTEXT)' + - 'registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift' + - '--image-scripts-url' + - 'image:///usr/local/s2i' + - '--as-dockerfile' + - '/gen-source/Dockerfile.gen' + - '--environment-file' + - '/env-params/env-file' + volumeMounts: + - name: gen-source + mountPath: /gen-source + - name: envparams + mountPath: /env-params + - name: build + image: quay.io/buildah/stable + workingDir: /gen-source + command: ['buildah', 'bud', '--tls-verify=$(inputs.params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(outputs.resources.image.url)', '.'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: gen-source + mountPath: /gen-source + securityContext: + privileged: true + - name: push + image: quay.io/buildah/stable + command: ['buildah', 'push', '--tls-verify=$(inputs.params.TLSVERIFY)', '$(outputs.resources.image.url)', 'docker://$(outputs.resources.image.url)'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + securityContext: + privileged: true + volumes: + - name: varlibcontainers + emptyDir: {} + - name: gen-source + emptyDir: {} + - name: envparams + emptyDir: {} diff --git a/deploy/resources/v0.9.2/addons/clustertasks/s2i-nodejs/s2i-nodejs-task.yaml b/deploy/resources/v0.9.2/addons/clustertasks/s2i-nodejs/s2i-nodejs-task.yaml new file mode 100644 index 000000000..0be2f5d01 --- /dev/null +++ b/deploy/resources/v0.9.2/addons/clustertasks/s2i-nodejs/s2i-nodejs-task.yaml @@ -0,0 +1,63 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/pipelines-catalog/release-v0.8/s2i-nodejs/s2i-nodejs-task.yaml +# +--- +apiVersion: tekton.dev/v1alpha1 +kind: ClusterTask +metadata: + name: s2i-nodejs +spec: + inputs: + resources: + - name: source + type: git + params: + - name: VERSION + description: The version of the nodejs + default: '8' + type: string + - name: PATH_CONTEXT + description: The location of the path to run s2i from. + default: . + type: string + - name: TLSVERIFY + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) + default: "true" + type: string + outputs: + resources: + - name: image + type: image + steps: + - name: generate + image: quay.io/openshift-pipeline/s2i:v0.8.0 + workingDir: /workspace/source + command: ['s2i', 'build', '$(inputs.params.PATH_CONTEXT)', 'registry.access.redhat.com/rhscl/nodejs-$(inputs.params.VERSION)-rhel7', '--as-dockerfile', '/gen-source/Dockerfile.gen'] + volumeMounts: + - name: gen-source + mountPath: /gen-source + - name: build + image: quay.io/buildah/stable + workingDir: /gen-source + command: ['buildah', 'bud', '--tls-verify=$(inputs.params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(outputs.resources.image.url)', '.'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: gen-source + mountPath: /gen-source + securityContext: + privileged: true + - name: push + image: quay.io/buildah/stable + command: ['buildah', 'push', '--tls-verify=$(inputs.params.TLSVERIFY)', '$(outputs.resources.image.url)', 'docker://$(outputs.resources.image.url)'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + securityContext: + privileged: true + volumes: + - name: varlibcontainers + emptyDir: {} + - name: gen-source + emptyDir: {} diff --git a/deploy/resources/v0.9.2/addons/clustertasks/s2i-nodejs/s2i-nodejs-v0-8-0-task.yaml b/deploy/resources/v0.9.2/addons/clustertasks/s2i-nodejs/s2i-nodejs-v0-8-0-task.yaml new file mode 100644 index 000000000..9e89ab63b --- /dev/null +++ b/deploy/resources/v0.9.2/addons/clustertasks/s2i-nodejs/s2i-nodejs-v0-8-0-task.yaml @@ -0,0 +1,63 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/pipelines-catalog/release-v0.8/s2i-nodejs/s2i-nodejs-task.yaml +# +--- +apiVersion: tekton.dev/v1alpha1 +kind: ClusterTask +metadata: + name: s2i-nodejs-v0-8-0 +spec: + inputs: + resources: + - name: source + type: git + params: + - name: VERSION + description: The version of the nodejs + default: '8' + type: string + - name: PATH_CONTEXT + description: The location of the path to run s2i from. + default: . + type: string + - name: TLSVERIFY + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) + default: "true" + type: string + outputs: + resources: + - name: image + type: image + steps: + - name: generate + image: quay.io/openshift-pipeline/s2i:v0.8.0 + workingDir: /workspace/source + command: ['s2i', 'build', '$(inputs.params.PATH_CONTEXT)', 'registry.access.redhat.com/rhscl/nodejs-$(inputs.params.VERSION)-rhel7', '--as-dockerfile', '/gen-source/Dockerfile.gen'] + volumeMounts: + - name: gen-source + mountPath: /gen-source + - name: build + image: quay.io/buildah/stable + workingDir: /gen-source + command: ['buildah', 'bud', '--tls-verify=$(inputs.params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(outputs.resources.image.url)', '.'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: gen-source + mountPath: /gen-source + securityContext: + privileged: true + - name: push + image: quay.io/buildah/stable + command: ['buildah', 'push', '--tls-verify=$(inputs.params.TLSVERIFY)', '$(outputs.resources.image.url)', 'docker://$(outputs.resources.image.url)'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + securityContext: + privileged: true + volumes: + - name: varlibcontainers + emptyDir: {} + - name: gen-source + emptyDir: {} diff --git a/deploy/resources/v0.9.2/addons/clustertasks/s2i-python-3/s2i-python-3-task.yaml b/deploy/resources/v0.9.2/addons/clustertasks/s2i-python-3/s2i-python-3-task.yaml new file mode 100644 index 000000000..65a57560c --- /dev/null +++ b/deploy/resources/v0.9.2/addons/clustertasks/s2i-python-3/s2i-python-3-task.yaml @@ -0,0 +1,63 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/pipelines-catalog/release-v0.8/s2i-python-3/s2i-python-3-task.yaml +# +--- +apiVersion: tekton.dev/v1alpha1 +kind: ClusterTask +metadata: + name: s2i-python-3 +spec: + inputs: + resources: + - name: source + type: git + params: + - name: MINOR_VERSION + description: The minor version of the python 3 + default: '6' + type: string + - name: PATH_CONTEXT + description: The location of the path to run s2i from. + default: . + type: string + - name: TLSVERIFY + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) + default: "true" + type: string + outputs: + resources: + - name: image + type: image + steps: + - name: generate + image: quay.io/openshift-pipeline/s2i:v0.8.0 + workingDir: /workspace/source + command: ['s2i', 'build', '$(inputs.params.PATH_CONTEXT)', 'registry.access.redhat.com/rhscl/python-3$(inputs.params.MINOR_VERSION)-rhel7', '--as-dockerfile', '/gen-source/Dockerfile.gen'] + volumeMounts: + - name: gen-source + mountPath: /gen-source + - name: build + image: quay.io/buildah/stable + workingDir: /gen-source + command: ['buildah', 'bud', '--tls-verify=$(inputs.params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(outputs.resources.image.url)', '.'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: gen-source + mountPath: /gen-source + securityContext: + privileged: true + - name: push + image: quay.io/buildah/stable + command: ['buildah', 'push', '--tls-verify=$(inputs.params.TLSVERIFY)', '$(outputs.resources.image.url)', 'docker://$(outputs.resources.image.url)'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + securityContext: + privileged: true + volumes: + - name: varlibcontainers + emptyDir: {} + - name: gen-source + emptyDir: {} diff --git a/deploy/resources/v0.9.2/addons/clustertasks/s2i-python-3/s2i-python-3-v0-8-0-task.yaml b/deploy/resources/v0.9.2/addons/clustertasks/s2i-python-3/s2i-python-3-v0-8-0-task.yaml new file mode 100644 index 000000000..5038ff68f --- /dev/null +++ b/deploy/resources/v0.9.2/addons/clustertasks/s2i-python-3/s2i-python-3-v0-8-0-task.yaml @@ -0,0 +1,63 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/pipelines-catalog/release-v0.8/s2i-python-3/s2i-python-3-task.yaml +# +--- +apiVersion: tekton.dev/v1alpha1 +kind: ClusterTask +metadata: + name: s2i-python-3-v0-8-0 +spec: + inputs: + resources: + - name: source + type: git + params: + - name: MINOR_VERSION + description: The minor version of the python 3 + default: '6' + type: string + - name: PATH_CONTEXT + description: The location of the path to run s2i from. + default: . + type: string + - name: TLSVERIFY + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) + default: "true" + type: string + outputs: + resources: + - name: image + type: image + steps: + - name: generate + image: quay.io/openshift-pipeline/s2i:v0.8.0 + workingDir: /workspace/source + command: ['s2i', 'build', '$(inputs.params.PATH_CONTEXT)', 'registry.access.redhat.com/rhscl/python-3$(inputs.params.MINOR_VERSION)-rhel7', '--as-dockerfile', '/gen-source/Dockerfile.gen'] + volumeMounts: + - name: gen-source + mountPath: /gen-source + - name: build + image: quay.io/buildah/stable + workingDir: /gen-source + command: ['buildah', 'bud', '--tls-verify=$(inputs.params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(outputs.resources.image.url)', '.'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - name: gen-source + mountPath: /gen-source + securityContext: + privileged: true + - name: push + image: quay.io/buildah/stable + command: ['buildah', 'push', '--tls-verify=$(inputs.params.TLSVERIFY)', '$(outputs.resources.image.url)', 'docker://$(outputs.resources.image.url)'] + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + securityContext: + privileged: true + volumes: + - name: varlibcontainers + emptyDir: {} + - name: gen-source + emptyDir: {} diff --git a/deploy/resources/v0.9.2/addons/clustertasks/s2i/s2i-task.yaml b/deploy/resources/v0.9.2/addons/clustertasks/s2i/s2i-task.yaml new file mode 100644 index 000000000..3d66b9b4b --- /dev/null +++ b/deploy/resources/v0.9.2/addons/clustertasks/s2i/s2i-task.yaml @@ -0,0 +1,84 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/tektoncd-catalog/release-v0.8/s2i/s2i.yaml +# +--- +apiVersion: tekton.dev/v1alpha1 +kind: ClusterTask +metadata: + name: s2i +spec: + inputs: + params: + - description: The location of the s2i builder image. + name: BUILDER_IMAGE + - default: . + description: The location of the path to run s2i from. + name: PATH_CONTEXT + - default: 'true' + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS + registry) + name: TLSVERIFY + - name: LOGLEVEL + description: Log level when running the S2I binary + default: '0' + resources: + - name: source + type: git + outputs: + resources: + - name: image + type: image + steps: + - command: + - /usr/local/bin/s2i + - --loglevel=$(inputs.params.LOGLEVEL) + - build + - $(inputs.params.PATH_CONTEXT) + - $(inputs.params.BUILDER_IMAGE) + - --as-dockerfile + - /gen-source/Dockerfile.gen + image: quay.io/openshift-pipeline/s2i:nightly + name: generate + volumeMounts: + - mountPath: /gen-source + name: gen-source + workingDir: /workspace/source + - command: + - buildah + - bud + - --tls-verify=$(inputs.params.TLSVERIFY) + - --layers + - -f + - /gen-source/Dockerfile.gen + - -t + - $(outputs.resources.image.url) + - . + image: quay.io/buildah/stable + name: build + securityContext: + privileged: true + volumeMounts: + - mountPath: /var/lib/containers + name: varlibcontainers + - mountPath: /gen-source + name: gen-source + workingDir: /gen-source + - command: + - buildah + - push + - --tls-verify=$(inputs.params.TLSVERIFY) + - $(outputs.resources.image.url) + - docker://$(outputs.resources.image.url) + image: quay.io/buildah/stable + name: push + securityContext: + privileged: true + volumeMounts: + - mountPath: /var/lib/containers + name: varlibcontainers + volumes: + - emptyDir: {} + name: varlibcontainers + - emptyDir: {} + name: gen-source diff --git a/deploy/resources/v0.9.2/addons/clustertasks/s2i/s2i-v0-8-0-task.yaml b/deploy/resources/v0.9.2/addons/clustertasks/s2i/s2i-v0-8-0-task.yaml new file mode 100644 index 000000000..d5473fd17 --- /dev/null +++ b/deploy/resources/v0.9.2/addons/clustertasks/s2i/s2i-v0-8-0-task.yaml @@ -0,0 +1,84 @@ +# auto generated by script/update-tasks.sh +# DO NOT EDIT: use the script instead +# source: https://raw.githubusercontent.com/openshift/tektoncd-catalog/release-v0.8/s2i/s2i.yaml +# +--- +apiVersion: tekton.dev/v1alpha1 +kind: ClusterTask +metadata: + name: s2i-v0-8-0 +spec: + inputs: + params: + - description: The location of the s2i builder image. + name: BUILDER_IMAGE + - default: . + description: The location of the path to run s2i from. + name: PATH_CONTEXT + - default: 'true' + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS + registry) + name: TLSVERIFY + - name: LOGLEVEL + description: Log level when running the S2I binary + default: '0' + resources: + - name: source + type: git + outputs: + resources: + - name: image + type: image + steps: + - command: + - /usr/local/bin/s2i + - --loglevel=$(inputs.params.LOGLEVEL) + - build + - $(inputs.params.PATH_CONTEXT) + - $(inputs.params.BUILDER_IMAGE) + - --as-dockerfile + - /gen-source/Dockerfile.gen + image: quay.io/openshift-pipeline/s2i:nightly + name: generate + volumeMounts: + - mountPath: /gen-source + name: gen-source + workingDir: /workspace/source + - command: + - buildah + - bud + - --tls-verify=$(inputs.params.TLSVERIFY) + - --layers + - -f + - /gen-source/Dockerfile.gen + - -t + - $(outputs.resources.image.url) + - . + image: quay.io/buildah/stable + name: build + securityContext: + privileged: true + volumeMounts: + - mountPath: /var/lib/containers + name: varlibcontainers + - mountPath: /gen-source + name: gen-source + workingDir: /gen-source + - command: + - buildah + - push + - --tls-verify=$(inputs.params.TLSVERIFY) + - $(outputs.resources.image.url) + - docker://$(outputs.resources.image.url) + image: quay.io/buildah/stable + name: push + securityContext: + privileged: true + volumeMounts: + - mountPath: /var/lib/containers + name: varlibcontainers + volumes: + - emptyDir: {} + name: varlibcontainers + - emptyDir: {} + name: gen-source diff --git a/deploy/resources/v0.9.2/addons/triggers/tektoncd-triggers-v0.1.0.yaml b/deploy/resources/v0.9.2/addons/triggers/tektoncd-triggers-v0.1.0.yaml new file mode 100644 index 000000000..1825a2886 --- /dev/null +++ b/deploy/resources/v0.9.2/addons/triggers/tektoncd-triggers-v0.1.0.yaml @@ -0,0 +1,570 @@ +--- +# Copyright 2019 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-logging-triggers + namespace: tekton-pipelines +data: + # Common configuration for all knative codebase + zap-logger-config: | + { + "level": "info", + "development": false, + "sampling": { + "initial": 100, + "thereafter": 100 + }, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "", + "levelKey": "level", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "msg", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "", + "durationEncoder": "", + "callerEncoder": "" + } + } + + # Log level overrides + loglevel.controller: "info" + loglevel.webhook: "info" + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: triggertemplates.tekton.dev +spec: + group: tekton.dev + scope: Namespaced + names: + kind: TriggerTemplate + plural: triggertemplates + singular: triggertemplate + shortNames: + - tt + categories: + - all + - tekton-triggers + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + version: v1alpha1 + +--- +# Copyright 2019 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + labels: + app: tekton-triggers-controller + name: tekton-triggers-controller + namespace: tekton-pipelines +spec: + ports: + - name: metrics + port: 9090 + protocol: TCP + targetPort: 9090 + selector: + app: tekton-triggers-controller + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: tekton-triggers-controller-admin +subjects: + - kind: ServiceAccount + name: tekton-triggers-controller + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-triggers-admin + apiGroup: rbac.authorization.k8s.io + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-triggers-aggregate-view + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: +- apiGroups: + - tekton.dev + resources: + - eventlisteners + - triggerbindings + - triggertemplates + verbs: + - get + - list + - watch + + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-triggers-aggregate-edit + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: +- apiGroups: + - tekton.dev + resources: + - eventlisteners + - triggerbindings + - triggertemplates + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-triggers-controller + namespace: tekton-pipelines + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Namespace +metadata: + name: tekton-pipelines + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-triggers-controller + namespace: tekton-pipelines +spec: + replicas: 1 + selector: + matchLabels: + app: tekton-triggers-controller + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app: tekton-triggers-controller + spec: + serviceAccountName: tekton-triggers-controller + containers: + - name: tekton-triggers-controller + image: quay.io/openshift-pipeline/tektoncd-triggers-controller:v0.1.0 + args: [ + "-logtostderr", + "-stderrthreshold", "INFO", + "-el-image", "quay.io/openshift-pipeline/tektoncd-triggers-eventlistenersink:v0.1.0", + ] + volumeMounts: + - name: config-logging + mountPath: /etc/config-logging + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging-triggers + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability-triggers + - name: METRICS_DOMAIN + value: tekton.dev/triggers + volumes: + - name: config-logging + configMap: + name: config-logging-triggers +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: tekton-triggers +spec: + privileged: false + allowPrivilegeEscalation: false + volumes: + - 'emptyDir' + - 'configMap' + - 'secret' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-observability-triggers + namespace: tekton-pipelines + +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # metrics.backend-destination field specifies the system metrics destination. + # It supports either prometheus (the default) or stackdriver. + # Note: Using stackdriver will incur additional charges + metrics.backend-destination: prometheus + + # metrics.stackdriver-project-id field specifies the stackdriver project ID. This + # field is optional. When running on GCE, application default credentials will be + # used if this field is not provided. + metrics.stackdriver-project-id: "" + + # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to + # Stackdriver using "global" resource type and custom metric type if the + # metrics are not supported by "knative_revision" resource type. Setting this + # flag to "true" could cause extra Stackdriver charge. + # If metrics.backend-destination is not Stackdriver, this is ignored. + metrics.allow-stackdriver-custom-metrics: "false" + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: triggerbindings.tekton.dev +spec: + group: tekton.dev + scope: Namespaced + names: + kind: TriggerBinding + plural: triggerbindings + singular: triggerbinding + shortNames: + - tb + categories: + - all + - tekton-triggers + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + version: v1alpha1 + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-triggers-admin +rules: + - apiGroups: [""] + resources: ["configmaps", "secrets", "services"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["apps"] + resources: ["deployments", "deployments/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["eventlisteners", "triggerbindings", "triggertemplates", "eventlisteners/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["eventlisteners/status", "triggerbindings/status", "triggertemplates/status"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + resourceNames: ["tekton-triggers"] + verbs: ["use"] + +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: tekton-triggers-webhook + name: tekton-triggers-webhook + namespace: tekton-pipelines +spec: + ports: + - port: 443 + targetPort: 8443 + selector: + app: tekton-triggers-webhook + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: eventlisteners.tekton.dev +spec: + group: tekton.dev + scope: Namespaced + names: + kind: EventListener + plural: eventlisteners + singular: eventlistener + shortNames: + - el + categories: + - all + - tekton-triggers + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + version: v1alpha1 + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-triggers-webhook + namespace: tekton-pipelines +spec: + replicas: 1 + selector: + matchLabels: + app: tekton-triggers-webhook + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app: tekton-triggers-webhook + spec: + serviceAccountName: tekton-triggers-controller + containers: + - name: webhook + image: quay.io/openshift-pipeline/tektoncd-triggers-webhook:v0.1.0 + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - name: config-logging + mountPath: /etc/config-logging + volumes: + - name: config-logging + configMap: + name: config-logging-triggers diff --git a/deploy/resources/v0.9.2/optional/pipelinesamples/docker_build_deploy.yaml b/deploy/resources/v0.9.2/optional/pipelinesamples/docker_build_deploy.yaml new file mode 100644 index 000000000..0f73beee3 --- /dev/null +++ b/deploy/resources/v0.9.2/optional/pipelinesamples/docker_build_deploy.yaml @@ -0,0 +1,53 @@ +--- +apiVersion: console.openshift.io/v1 +kind: ConsoleYAMLSample +metadata: + name: docker-build-and-deploy-pipeline +spec: + targetResource: + apiVersion: tekton.dev/v1alpha1 + kind: Pipeline + title: docker-build-and-deploy-pipeline + description: An example of docker build and deploy pipeline + snippet: false + yaml: | + apiVersion: tekton.dev/v1alpha1 + kind: Pipeline + metadata: + name: docker-build-and-deploy + spec: + params: + - name: IMAGE_NAME + type: string + resources: + - name: app-source + type: git + - name: app-image + type: image + + tasks: + - name: build + taskRef: + name: buildah + kind: ClusterTask + resources: + inputs: + - name: source + resource: app-source + outputs: + - name: image + resource: app-image + params: + - name: TLSVERIFY + value: "false" + + - name: deploy + taskRef: + name: openshift-client + kind: ClusterTask + params: + - name: ARGS + value: + - "new-app" + - "--docker-image" + - "$(params.IMAGE_NAME)" diff --git a/deploy/resources/v0.9.2/optional/pipelinesamples/s2i_build_deploy.yaml b/deploy/resources/v0.9.2/optional/pipelinesamples/s2i_build_deploy.yaml new file mode 100644 index 000000000..60925d183 --- /dev/null +++ b/deploy/resources/v0.9.2/optional/pipelinesamples/s2i_build_deploy.yaml @@ -0,0 +1,53 @@ +--- +apiVersion: console.openshift.io/v1 +kind: ConsoleYAMLSample +metadata: + name: s2i-build-and-deploy-pipeline +spec: + targetResource: + apiVersion: tekton.dev/v1alpha1 + kind: Pipeline + title: s2i-build-and-deploy-pipeline + description: An example of s2i build and deploy pipeline + snippet: false + yaml: | + apiVersion: tekton.dev/v1alpha1 + kind: Pipeline + metadata: + name: s2i-build-and-deploy + spec: + params: + - name: IMAGE_NAME + type: string + resources: + - name: app-source + type: git + - name: app-image + type: image + + tasks: + - name: build + taskRef: + name: s2i-java-8 + kind: ClusterTask + resources: + inputs: + - name: source + resource: app-source + outputs: + - name: image + resource: app-image + params: + - name: TLSVERIFY + value: "false" + + - name: deploy + taskRef: + name: openshift-client + kind: ClusterTask + params: + - name: ARGS + value: + - "new-app" + - "--docker-image" + - "$(params.IMAGE_NAME)" diff --git a/deploy/resources/v0.9.2/optional/pipelinesamples/simple_pipeline.yaml b/deploy/resources/v0.9.2/optional/pipelinesamples/simple_pipeline.yaml new file mode 100644 index 000000000..3e842b4b7 --- /dev/null +++ b/deploy/resources/v0.9.2/optional/pipelinesamples/simple_pipeline.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: console.openshift.io/v1 +kind: ConsoleYAMLSample +metadata: + name: simple-pipeline +spec: + targetResource: + apiVersion: tekton.dev/v1alpha1 + kind: Pipeline + title: simple-pipeline + description: An example of simple pipeline + snippet: false + yaml: | + apiVersion: tekton.dev/v1alpha1 + kind: Pipeline + metadata: + name: simple-pipeline + spec: + params: + - name: PARAM_NAME + type: string + default: defaultValue + resources: + - name: app-source + type: git + - name: app-image + type: image + tasks: + - name: first-task + taskRef: + name: task-name + resources: + inputs: + - name: source + resource: app-source + outputs: + - name: image + resource: app-image + params: + - name: PARAM + value: $(params.PARAM_NAME) diff --git a/deploy/resources/v0.9.2/optional/tasksnippets/buildah-task-snippet.yaml b/deploy/resources/v0.9.2/optional/tasksnippets/buildah-task-snippet.yaml new file mode 100644 index 000000000..c787d42c5 --- /dev/null +++ b/deploy/resources/v0.9.2/optional/tasksnippets/buildah-task-snippet.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: console.openshift.io/v1 +kind: ConsoleYAMLSample +metadata: + name: buildah-snippet +spec: + targetResource: + apiVersion: tekton.dev/v1alpha1 + kind: Pipeline + title: Buildah Task + description: | + Buildash task builds the source into a container image Project Atomic's Buildah build tool. + It uses Buildah's support for building from Dockerfiles, using its buildah bud command. + This command executes the directives in the Dockerfile to assemble a container image, then pushes that image to a container registry. + snippet: true + yaml: | + - name: build + taskRef: + name: buildah + kind: ClusterTask + resources: + inputs: + - name: source + resource: app-source + outputs: + - name: image + resource: app-image + params: + - name: BUILDER_IMAGE + value: quay.io/buildah/stable:v1.11.0 + - name: DOCKERFILE + value: ./Dockerfile + - name: TLSVERIFY + value: "true" diff --git a/deploy/resources/v0.9.2/optional/tasksnippets/openshift-client-task-snippet.yaml b/deploy/resources/v0.9.2/optional/tasksnippets/openshift-client-task-snippet.yaml new file mode 100644 index 000000000..2c7b40115 --- /dev/null +++ b/deploy/resources/v0.9.2/optional/tasksnippets/openshift-client-task-snippet.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: console.openshift.io/v1 +kind: ConsoleYAMLSample +metadata: + name: openshift-client-snippet +spec: + targetResource: + apiVersion: tekton.dev/v1alpha1 + kind: Pipeline + title: Openshift-client Task + description: | + OpenShift is a Kubernetes distribution from Red Hat which provides oc, the OpenShift CLI that complements kubectl for simplifying deployment and configuration applications on OpenShift. + snippet: true + yaml: | + - name: deploy + taskRef: + name: openshift-client + kind: ClusterTask + params: + - name: ARGS + value: "help" diff --git a/deploy/resources/v0.9.2/optional/tasksnippets/s2i-go-task-snippet.yaml b/deploy/resources/v0.9.2/optional/tasksnippets/s2i-go-task-snippet.yaml new file mode 100644 index 000000000..246e8e8f1 --- /dev/null +++ b/deploy/resources/v0.9.2/optional/tasksnippets/s2i-go-task-snippet.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: console.openshift.io/v1 +kind: ConsoleYAMLSample +metadata: + name: s2i-go-snippet +spec: + targetResource: + apiVersion: tekton.dev/v1alpha1 + kind: Pipeline + title: S2I-Go Task + description: | + An s2i task to build go based source. + Source-to-Image (S2I) is a toolkit and workflow for building reproducible container images from source code. + S2I produces images by injecting source code into a base S2I container image and letting the container prepare that source code for execution. + The base S2I container images contains the language runtime and build tools needed for building and running the source code. + + snippet: true + yaml: | + - name: build + taskRef: + name: s2i-go + kind: ClusterTask + resources: + inputs: + - name: source + resource: app-source + outputs: + - name: image + resource: app-image + params: + - name: PATH_CONTEXT + value: . + - name: TLSVERIFY + value: "true" diff --git a/deploy/resources/v0.9.2/optional/tasksnippets/s2i-java-11-task-snippet.yaml b/deploy/resources/v0.9.2/optional/tasksnippets/s2i-java-11-task-snippet.yaml new file mode 100644 index 000000000..9a18b8da7 --- /dev/null +++ b/deploy/resources/v0.9.2/optional/tasksnippets/s2i-java-11-task-snippet.yaml @@ -0,0 +1,39 @@ +--- +apiVersion: console.openshift.io/v1 +kind: ConsoleYAMLSample +metadata: + name: s2i-java-11-snippet +spec: + targetResource: + apiVersion: tekton.dev/v1alpha1 + kind: Pipeline + title: S2I-Java-11 Task + description: | + An s2i task to build java 11 based source. + Source-to-Image (S2I) is a toolkit and workflow for building reproducible container images from source code. + S2I produces images by injecting source code into a base S2I container image and letting the container prepare that source code for execution. + The base S2I container images contains the language runtime and build tools needed for building and running the source code. + snippet: true + yaml: | + - name: build + taskRef: + name: s2i-java-11 + kind: ClusterTask + resources: + inputs: + - name: source + resource: app-source + outputs: + - name: image + resource: app-image + params: + - name: PATH_CONTEXT + value: . + - name: TLSVERIFY + value: "true" + - name: MAVEN_ARGS_APPEND + value: "" + - name: MAVEN_CLEAR_REPO + value: "false" + - name: MAVEN_MIRROR_URL + value: "" diff --git a/deploy/resources/v0.9.2/optional/tasksnippets/s2i-java-8-task-snippet.yaml b/deploy/resources/v0.9.2/optional/tasksnippets/s2i-java-8-task-snippet.yaml new file mode 100644 index 000000000..c5a9f4956 --- /dev/null +++ b/deploy/resources/v0.9.2/optional/tasksnippets/s2i-java-8-task-snippet.yaml @@ -0,0 +1,39 @@ +--- +apiVersion: console.openshift.io/v1 +kind: ConsoleYAMLSample +metadata: + name: s2i-java-8-snippet +spec: + targetResource: + apiVersion: tekton.dev/v1alpha1 + kind: Pipeline + title: S2I-Java-8 Task + description: | + An s2i task to build java 8 based source. + Source-to-Image (S2I) is a toolkit and workflow for building reproducible container images from source code. + S2I produces images by injecting source code into a base S2I container image and letting the container prepare that source code for execution. + The base S2I container images contains the language runtime and build tools needed for building and running the source code. + snippet: true + yaml: | + - name: build + taskRef: + name: s2i-java-8 + kind: ClusterTask + resources: + inputs: + - name: source + resource: app-source + outputs: + - name: image + resource: app-image + params: + - name: PATH_CONTEXT + value: . + - name: TLSVERIFY + value: "true" + - name: MAVEN_ARGS_APPEND + value: "" + - name: MAVEN_CLEAR_REPO + value: "false" + - name: MAVEN_MIRROR_URL + value: "" diff --git a/deploy/resources/v0.9.2/optional/tasksnippets/s2i-nodejs-task-snippet.yaml b/deploy/resources/v0.9.2/optional/tasksnippets/s2i-nodejs-task-snippet.yaml new file mode 100644 index 000000000..eca60462d --- /dev/null +++ b/deploy/resources/v0.9.2/optional/tasksnippets/s2i-nodejs-task-snippet.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: console.openshift.io/v1 +kind: ConsoleYAMLSample +metadata: + name: s2i-nodejs-snippet +spec: + targetResource: + apiVersion: tekton.dev/v1alpha1 + kind: Pipeline + title: S2I-Nodejs Task + description: | + An s2i task to build nodejs based source. + Source-to-Image (S2I) is a toolkit and workflow for building reproducible container images from source code. + S2I produces images by injecting source code into a base S2I container image and letting the container prepare that source code for execution. + The base S2I container images contains the language runtime and build tools needed for building and running the source code. + snippet: true + yaml: | + - name: build + taskRef: + name: s2i-nodejs + kind: ClusterTask + resources: + inputs: + - name: source + resource: app-source + outputs: + - name: image + resource: app-image + params: + - name: VERSION + value: "8" + - name: PATH_CONTEXT + value: . + - name: TLSVERIFY + value: "true" diff --git a/deploy/resources/v0.9.2/optional/tasksnippets/s2i-python-3-task-snippet.yaml b/deploy/resources/v0.9.2/optional/tasksnippets/s2i-python-3-task-snippet.yaml new file mode 100644 index 000000000..00e6869db --- /dev/null +++ b/deploy/resources/v0.9.2/optional/tasksnippets/s2i-python-3-task-snippet.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: console.openshift.io/v1 +kind: ConsoleYAMLSample +metadata: + name: s2i-python-3-snippet +spec: + targetResource: + apiVersion: tekton.dev/v1alpha1 + kind: Pipeline + title: S2I-Python-3 Task + description: | + An s2i task to build python 3 based source. + Source-to-Image (S2I) is a toolkit and workflow for building reproducible container images from source code. + S2I produces images by injecting source code into a base S2I container image and letting the container prepare that source code for execution. + The base S2I container images contains the language runtime and build tools needed for building and running the source code. + snippet: true + yaml: | + - name: build + taskRef: + name: s2i-python-3 + kind: ClusterTask + resources: + inputs: + - name: source + resource: app-source + outputs: + - name: image + resource: app-image + params: + - name: MINOR_VERSION + value: "6" + - name: PATH_CONTEXT + value: . + - name: TLSVERIFY + value: "true" diff --git a/deploy/resources/v0.9.2/optional/tasksnippets/s2i-task-snippet.yaml b/deploy/resources/v0.9.2/optional/tasksnippets/s2i-task-snippet.yaml new file mode 100644 index 000000000..ad899bf2a --- /dev/null +++ b/deploy/resources/v0.9.2/optional/tasksnippets/s2i-task-snippet.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: console.openshift.io/v1 +kind: ConsoleYAMLSample +metadata: + name: s2i-snippet +spec: + targetResource: + apiVersion: tekton.dev/v1alpha1 + kind: Pipeline + title: S2I Task + description: | + Source-to-Image (S2I) is a toolkit and workflow for building reproducible container images from source code. + S2I produces images by injecting source code into a base S2I container image and letting the container prepare that source code for execution. + The base S2I container images contains the language runtime and build tools needed for building and running the source code. + snippet: true + yaml: | + - name: build + taskRef: + name: s2i + kind: ClusterTask + resources: + inputs: + - name: source + value: app-source + outputs: + - name: image + value: app-image + params: + - name: PATH_CONTEXT + value: . + - name: TLSVERIFY + value: "true" + - name: LOGLEVEL + value: "0" diff --git a/deploy/resources/v0.9.2/pipelines/release.yaml b/deploy/resources/v0.9.2/pipelines/release.yaml new file mode 100644 index 000000000..d46efdd17 --- /dev/null +++ b/deploy/resources/v0.9.2/pipelines/release.yaml @@ -0,0 +1,954 @@ +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Namespace +metadata: + labels: + openshift.io/cluster-monitoring: "true" + name: tekton-pipelines + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: tekton-pipelines +spec: + privileged: false + allowPrivilegeEscalation: false + volumes: + - 'emptyDir' + - 'configMap' + - 'secret' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-admin +rules: + - apiGroups: [""] + resources: ["pods", "pods/log", "namespaces", "secrets", "events", "serviceaccounts", "configmaps", "persistentvolumeclaims"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["apps"] + resources: ["deployments"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["apps"] + resources: ["deployments/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "pipelineresources", "conditions"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["taskruns/finalizers", "pipelineruns/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status", "pipelineruns/status", "pipelineresources/status"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + resourceNames: ["tekton-pipelines"] + verbs: ["use"] + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-pipelines-controller + namespace: tekton-pipelines + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelines-controller-admin +subjects: + - kind: ServiceAccount + name: tekton-pipelines-controller + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-pipelines-admin + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clustertasks.tekton.dev +spec: + group: tekton.dev + names: + kind: ClusterTask + plural: clustertasks + categories: + - all + - tekton-pipelines + scope: Cluster + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + version: v1alpha1 + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: conditions.tekton.dev +spec: + group: tekton.dev + names: + kind: Condition + plural: conditions + categories: + - all + - tekton-pipelines + scope: Namespaced + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + version: v1alpha1 +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: images.caching.internal.knative.dev + labels: + knative.dev/crd-install: "true" +spec: + group: caching.internal.knative.dev + version: v1alpha1 + names: + kind: Image + plural: images + singular: image + categories: + - knative-internal + - caching + shortNames: + - img + scope: Namespaced + subresources: + status: {} + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: pipelines.tekton.dev +spec: + group: tekton.dev + names: + kind: Pipeline + plural: pipelines + categories: + - all + - tekton-pipelines + scope: Namespaced + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + version: v1alpha1 + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: pipelineruns.tekton.dev +spec: + group: tekton.dev + names: + kind: PipelineRun + plural: pipelineruns + categories: + - all + - tekton-pipelines + shortNames: + - pr + - prs + scope: Namespaced + additionalPrinterColumns: + - name: Succeeded + type: string + JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + JSONPath: .status.startTime + - name: CompletionTime + type: date + JSONPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + version: v1alpha1 + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: pipelineresources.tekton.dev +spec: + group: tekton.dev + names: + kind: PipelineResource + plural: pipelineresources + categories: + - all + - tekton-pipelines + scope: Namespaced + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + version: v1alpha1 + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: tasks.tekton.dev +spec: + group: tekton.dev + names: + kind: Task + plural: tasks + categories: + - all + - tekton-pipelines + scope: Namespaced + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + version: v1alpha1 + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: taskruns.tekton.dev +spec: + group: tekton.dev + names: + kind: TaskRun + plural: taskruns + categories: + - all + - tekton-pipelines + shortNames: + - tr + - trs + scope: Namespaced + additionalPrinterColumns: + - name: Succeeded + type: string + JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + JSONPath: .status.startTime + - name: CompletionTime + type: date + JSONPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + version: v1alpha1 + +--- +# Copyright 2019 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + labels: + app: tekton-pipelines-controller + name: tekton-pipelines-controller + namespace: tekton-pipelines +spec: + ports: + - name: metrics + port: 9090 + protocol: TCP + targetPort: 9090 + selector: + app: tekton-pipelines-controller + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + labels: + app: tekton-pipelines-webhook + name: tekton-pipelines-webhook + namespace: tekton-pipelines +spec: + ports: + - port: 443 + targetPort: 8443 + selector: + app: tekton-pipelines-webhook + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-aggregate-edit + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: +- apiGroups: + - tekton.dev + resources: + - tasks + - taskruns + - pipelines + - pipelineruns + - pipelineresources + - conditions + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-aggregate-view + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: +- apiGroups: + - tekton.dev + resources: + - tasks + - taskruns + - pipelines + - pipelineruns + - pipelineresources + - conditions + verbs: + - get + - list + - watch + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-artifact-bucket + namespace: tekton-pipelines +# data: +# # location of the gcs bucket to be used for artifact storage +# location: "gs://bucket-name" +# # name of the secret that will contain the credentials for the service account +# # with access to the bucket +# bucket.service.account.secret.name: +# # The key in the secret with the required service account json +# bucket.service.account.secret.key: + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-artifact-pvc + namespace: tekton-pipelines +# data: +# # size of the PVC volume +# size: 5Gi +# +# # storage class of the PVC volume +# storageClassName: storage-class-name + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-defaults + namespace: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # default-timeout-minutes contains the default number of + # minutes to use for TaskRun and PipelineRun, if none is specified. + default-timeout-minutes: "60" # 60 minutes + + # default-service-account contains the default service account name + # to use for TaskRun and PipelineRun, if none is specified. + default-service-account: "default" + +--- +# Copyright 2019 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-logging + namespace: tekton-pipelines +data: + # Common configuration for all knative codebase + zap-logger-config: | + { + "level": "info", + "development": false, + "sampling": { + "initial": 100, + "thereafter": 100 + }, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "", + "levelKey": "level", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "msg", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "", + "durationEncoder": "", + "callerEncoder": "" + } + } + + # Log level overrides + loglevel.controller: "info" + loglevel.webhook: "info" + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-observability + namespace: tekton-pipelines + +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # metrics.backend-destination field specifies the system metrics destination. + # It supports either prometheus (the default) or stackdriver. + # Note: Using Stackdriver will incur additional charges. + metrics.backend-destination: prometheus + + # metrics.stackdriver-project-id field specifies the Stackdriver project ID. This + # field is optional. When running on GCE, application default credentials will be + # used and metrics will be sent to the cluster's project if this field is + # not provided. + metrics.stackdriver-project-id: "" + + # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed + # to send metrics to Stackdriver using "global" resource type and custom + # metric type. Setting this flag to "true" could cause extra Stackdriver + # charge. If metrics.backend-destination is not Stackdriver, this is + # ignored. + metrics.allow-stackdriver-custom-metrics: "false" + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-pipelines-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: tekton-pipelines + app.kubernetes.io/component: controller +spec: + replicas: 1 + selector: + matchLabels: + app: tekton-pipelines-controller + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app: tekton-pipelines-controller + app.kubernetes.io/name: tekton-pipelines + app.kubernetes.io/component: controller + spec: + serviceAccountName: tekton-pipelines-controller + containers: + - name: tekton-pipelines-controller + image: quay.io/openshift-pipeline/tektoncd-pipeline-controller:v0.9.2 + args: [ + "-kubeconfig-writer-image", "quay.io/openshift-pipeline/tektoncd-pipeline-kubeconfigwriter:v0.9.2", + "-creds-image", "quay.io/openshift-pipeline/tektoncd-pipeline-creds-init:v0.9.2", + "-git-image", "quay.io/openshift-pipeline/tektoncd-pipeline-git-init:v0.9.2", + "-nop-image", "quay.io/openshift-pipeline/tektoncd-pipeline-nop:v0.9.2", + "-shell-image", "registry.access.redhat.com/ubi8/ubi-minimal:latest", + "-gsutil-image", "google/cloud-sdk", + "-entrypoint-image", "quay.io/openshift-pipeline/tektoncd-pipeline-entrypoint:v0.9.2", + "-imagedigest-exporter-image", "quay.io/openshift-pipeline/tektoncd-pipeline-imagedigestexporter:v0.9.2", + "-pr-image", "quay.io/openshift-pipeline/tektoncd-pipeline-pullrequest-init:v0.9.2", + "-build-gcs-fetcher-image", "quay.io/openshift-pipeline/tektoncd-pipeline-gcs-fetcher:v0.9.2", + ] + volumeMounts: + - name: config-logging + mountPath: /etc/config-logging + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: tekton.dev/pipeline + volumes: + - name: config-logging + configMap: + name: config-logging + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: tekton-pipelines + app.kubernetes.io/component: webhook-controller +spec: + replicas: 1 + selector: + matchLabels: + app: tekton-pipelines-webhook + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app: tekton-pipelines-webhook + app.kubernetes.io/name: tekton-pipelines + app.kubernetes.io/component: webhook-controller + spec: + serviceAccountName: tekton-pipelines-controller + containers: + - name: webhook + # This is the Go import path for the binary that is containerized + # and substituted here. + image: quay.io/openshift-pipeline/tektoncd-pipeline-webhook:v0.9.2 + volumeMounts: + - name: config-logging + mountPath: /etc/config-logging + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumes: + - name: config-logging + configMap: + name: config-logging + +--- +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: openshift-pipelines-read + namespace: tekton-pipelines +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - pods + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: openshift-pipelines-prometheus-k8s-read-binding + namespace: tekton-pipelines +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: openshift-pipelines-read +subjects: + - kind: ServiceAccount + name: prometheus-k8s + namespace: openshift-monitoring +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + app: controller + annotations: + networkoperator.openshift.io/ignore-errors: "" + name: openshift-pipelines-monitor + namespace: tekton-pipelines +spec: + endpoints: + - interval: 10s + port: metrics + namespaceSelector: + matchNames: + - openshift-pipelines + selector: + matchLabels: + app: tekton-pipelines-controller \ No newline at end of file diff --git a/deploy/role.yaml b/deploy/role.yaml index 64f55eb55..e3715500a 100644 --- a/deploy/role.yaml +++ b/deploy/role.yaml @@ -135,3 +135,9 @@ rules: - '*' verbs: - '*' +- apiGroups: + - console.openshift.io + resources: + - consoleyamlsamples + verbs: + - '*' diff --git a/docs/release.md b/docs/release.md index 589dbff9b..86f9ed7ff 100644 --- a/docs/release.md +++ b/docs/release.md @@ -1,109 +1,119 @@ -# steps +## Building Operator Bundle 1. Sync latest master 1. new branch 1. Sync the downstream pipeline repo 1. Checkout release branch + ``` + git checkout -b release-v0.9.0 + ``` 1. Copy the release yaml from the pipelines repo to operator - deploy/resources/ + deploy/resources/ 1. update operator version pkg/flag/flag.go 1. test the operator using `up local` -1. build image (make sure that the project base diretory name is `openshift-pipelines-operator`) - - ``` - operator-sdk build quay.io/openshift-pipeline/openshift-pipelines-operator:v0.7.0 - - ``` - -1. update `deploy/operator.yaml` image: - -1. generate csv - - ``` - operator-sdk olm-catalog gen-csv \ - --csv-channel dev-preview \ - --csv-version 0.7.0 \ - --from-version 0.5.2 \ - --operator-name openshift-pipelines-operator \ - --update-crds - ``` - -You might need to edit the package.yaml to remove any duplicate channels - -e.g. - ``` - channels: - - currentCSV: openshift-pipelines-operator.v0.5.0 - name: dev-preview - - currentCSV: openshift-pipelines-operator.v0.7.0 - name: dev-preview - ``` - -will need to be corrected to: - -``` -channels: -- currentCSV: openshift-pipelines-operator.v0.7.0 - name: dev-preview -``` - -See existing pacakge in community operators for reference - - -1. verify that -``` -operator-courier verify --ui_validate_io \ - deploy/olm-catalog/openshift-pipelines-operator -``` + ``` + make opo-test-e2e-up-local + ``` +1. Build operator image and test operator deployment + build image, push image and update deployment manifest + ``` + make opo-build-push-update VERSION=0.9.0 + ``` + make sure the new image has been updated in deploy/operator.yaml `image: ` + test operator deployment + ``` + make opo-test-e2e + ``` + +1. make CSV (make sure that the project base directory name is `openshift-pipelines-operator`) + + - `VERSION`: version of current release + - `FROM_VERSION`: previous CSV version from which CSV metadata should be copied + - `CHANNEL`: targeted channel + ``` + make opo-new-csv VERSION=0.9.0 FROM_VERSION=0.8.2 CHANNEL=canary + ``` + + You might need to edit the package.yaml to remove any duplicate channels. + Ensure that the currentCSV and channel names are as expected + + e.g. + ``` + channels: + - currentCSV: openshift-pipelines-operator.v0.8.2 + name: dev-preview + - currentCSV: openshift-pipelines-operator.v0.8.2 + name: dev-preview + ``` + + will need to be corrected to: + + ``` + channels: + - currentCSV: openshift-pipelines-operator.v0.8.2 + name: dev-preview + ``` + and + ``` + channels: + - currentCSV: openshift-pipelines-operator.v0.9.0 + name: canary + - currentCSV: openshift-pipelines-operator.v0.8.2 + name: dev-preview + defaultChannel: dev-preview + ``` + (depends on the release plan) + See existing package in community operators for reference + + +1. verify operator bundle (deploy/olm-catalog/openshift-pipelines-operator directory) + ``` + make opo-opr-verify + ``` + +## Test Operator Bundle on OLM 1. operator-courier use that to push the app bundle -NOTE: - -You can obtain quay token by running `./scripts/get-quay-token` in -operator-courier repo. see [Push to quay.io](https://github.com/operator-framework/community-operators/blob/master/docs/testing-operators.md#push-to-quayio) - -``` -export OPERATOR_DIR=deploy/olm-catalog/openshift-pipelines-operator -export QUAY_NAMESPACE= -export PACKAGE_NAME=openshift-pipelines-operator -export PACKAGE_VERSION=0.8.0 -export TOKEN="basic " -``` + NOTE: + + You can obtain quay token by running `./scripts/get-quay-token` in + operator-courier repo. see [Push to quay.io](https://github.com/operator-framework/community-operators/blob/master/docs/testing-operators.md#push-to-quayio) -``` - operator-courier --verbose push \ - $OPERATOR_DIR $QUAY_NAMESPACE \ - $PACKAGE_NAME $PACKAGE_VERSION \ - "$TOKEN" -``` -**NOTE** : special characters in password created issues when courier tried to -push the app bundle. + ``` + make opo-push-quay-app VERSION=0.9.2 TOKEN=$TOKEN QUAY_NAMESPACE=nikhilthomas + ``` + **NOTE** : special characters in password created issues when courier tried to + push the app bundle. -1. Ensure that the application in quay is public +1. Ensure that the application in quay is public (Applications>Settings>Make Public) 1. Create an operator source for the app bundle .e.g ``` +oc apply -f - <-operators + name: -operators namespace: openshift-marketplace spec: type: appregistry endpoint: https://quay.io/cnr - registryNamespace: - displayName: " Operators" + registryNamespace: + displayName: " Operators" publisher: "" +EOF ``` + see: [Testing deployment on OpenShift](https://github.com/operator-framework/community-operators/blob/master/docs/testing-operators.md#testing-operator-deployment-on-openshift) Validate operator source by + ``` -oc get operatorsource -operators -n openshift-marketplace -o yaml -oc get catalogsources -operators -n openshift-marketplace -o yaml +oc get operatorsource -operators -n openshift-marketplace -o yaml +oc get catalogsources -operators -n openshift-marketplace -o yaml ``` @@ -111,41 +121,57 @@ Should see "Success: True" or something like that 1. Create a subscription to install operator in `openshift-operators` ns -``` +``` +oc apply -f - <-pipelines-subsription namespace: openshift-operators spec: - channel: dev-preview + channel: name: openshift-pipelines-operator source: -operators sourceNamespace: openshift-marketplace - +EOF ``` 1. Run scorecard against the generated CSV ``` -operator-sdk scorecard \ - --olm-deployed \ - --csv-path deploy/olm-catalog/openshift-pipelines-operator/0.7.0/openshift-pipelines-operator.v0.7.0.clusterserviceversion.yaml \ - --namespace openshift-operators \ - --cr-manifest ./deploy/crds/operator_v1alpha1_config_cr.yaml \ - --crds-dir ./deploy/crds/ - +make opo-test-scorecard VERSION=0.9.0 ``` see: [testing with scorecard](https://github.com/operator-framework/community-operators/blob/master/docs/testing-operators.md#testing-with-scorecard) -1. Publish to community operators +## Publishing Operator to OperatorHub + +1. clone community-operator repository https://github.com/operator-framework/community-operators.git + +1. checkout openshift-pipelines-operator-0.9.0 branch + +``` +git checkout -b openshift-pipelines-operator-0.9.0 +``` + +1. copy new CSV files and updated package file co community operators repo +``` +cp -r /deploy/olm-catalog/openshift-pipelines-operator/0.9.0 \ + /community-operators/openshift-pipelines-operator/ +``` +and +``` +cp /deploy/olm-catalog/openshift-pipelines-operator/openshift-pipelines-operator.package.yaml \ + /community-operators/openshift-pipelines-operator/ +``` +1. check whether the CSV file, CRD(s) and package file has been added ``` -cp tmp/openshift-pipelines-operator/* \ - /community-operators/openshift-pipelines-operator + new file: community-operators/openshift-pipelines-operator/0.9.0/openshift-pipelines-operator.v0.9.0.clusterserviceversion.yaml + new file: community-operators/openshift-pipelines-operator/0.9.0/operator_v1alpha1_config_crd.yaml + modified: community-operators/openshift-pipelines-operator/openshift-pipelines-operator.package.yaml ``` -1. Submit a PR: e.g: https://github.com/operator-framework/community-operators/pull/756 +1. Make a commit and submit a PR: e.g: https://github.com/operator-framework/community-operators/pull/756 see [Publishing your operator](https://github.com/operator-framework/community-operators/blob/master/docs/contributing.md#package-your-operator) diff --git a/pkg/flag/flag.go b/pkg/flag/flag.go index 393e6d79d..a45dce28b 100644 --- a/pkg/flag/flag.go +++ b/pkg/flag/flag.go @@ -34,7 +34,7 @@ const ( var ( flagSet *pflag.FlagSet - TektonVersion = "v0.8.0" + TektonVersion = "v0.9.2" PipelineSA string IgnorePattern string ResourceWatched string