Tekton / OpenShift Pipelines¶

apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  annotations:
    tekton.dev/pipelines.minVersion: "0.19"
    tekton.dev/tags: image-build
  creationTimestamp: "2021-05-11T14:49:48Z"
  labels:
    app.kubernetes.io/version: "0.1-with-secret"
    operator.tekton.dev/provider-type: redhat
  name: buildah-with-secret
spec:
  description: |-
    Buildah task builds source into a container image and then pushes it to a container registry.
    Buildah Task builds source into a container image using Project Atomic's Buildah build tool.It uses Buildah's support for building from Dockerfiles, using its buildah bud command.This command executes the directives in the Dockerfile to assemble a container image, then pushes that image to a container registry.
  params:
  - description: Reference of the image buildah will produce.
    name: IMAGE
    type: string
  - default: registry.redhat.io/rhel8/buildah:latest
    description: The location of the buildah builder image.
    name: BUILDER_IMAGE
    type: string
  - default: vfs
    description: Set buildah storage driver
    name: STORAGE_DRIVER
    type: string
  - default: ./Dockerfile
    description: Path to the Dockerfile to build.
    name: DOCKERFILE
    type: string
  - default: .
    description: Path to the directory to use as context.
    name: CONTEXT
    type: string
  - default: "true"
    description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry)
    name: TLSVERIFY
    type: string
  - default: oci
    description: The format of the built container, oci or docker
    name: FORMAT
    type: string
  - default: ""
    description: Extra parameters passed for the build command when building images.
    name: BUILD_EXTRA_ARGS
    type: string
  - default: ""
    description: Extra parameters passed for the push command when pushing images.
    name: PUSH_EXTRA_ARGS
    type: string
  results:
  - description: Digest of the image just built.
    name: IMAGE_DIGEST
  steps:
  - image: $(params.BUILDER_IMAGE)
    name: build
    resources: {}
    script: |
      buildah --storage-driver=$(params.STORAGE_DRIVER) bud \
        $(params.BUILD_EXTRA_ARGS) --format=$(params.FORMAT) \
        --tls-verify=$(params.TLSVERIFY) --no-cache \
        -f $(params.DOCKERFILE) -t $(params.IMAGE) $(params.CONTEXT)
    volumeMounts:
    - mountPath: /var/lib/containers
      name: varlibcontainers
    workingDir: $(workspaces.source.path)
    envFrom:
      - secretRef:
          name: build-args
  - image: $(params.BUILDER_IMAGE)
    name: push
    resources: {}
    script: |
      buildah --storage-driver=$(params.STORAGE_DRIVER) push \
        $(params.PUSH_EXTRA_ARGS) --tls-verify=$(params.TLSVERIFY) \
        --digestfile $(workspaces.source.path)/image-digest $(params.IMAGE) \
        docker://$(params.IMAGE)
    volumeMounts:
    - mountPath: /var/lib/containers
      name: varlibcontainers
    workingDir: $(workspaces.source.path)
  - image: $(params.BUILDER_IMAGE)
    name: digest-to-results
    resources: {}
    script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST
  volumes:
  - emptyDir: {}
    name: varlibcontainers
  workspaces:
  - name: source

apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
  name: buildah-pipeline
spec:
  params:
  - default: image-registry.openshift-image-registry.svc:5000/$(context.pipelineRun.namespace)/buildargs:latest
    name: IMAGE_NAME
    type: string
  - default: https://github.com/openshift-examples/container-build.git
    name: GIT_REPO
    type: string
  - default: master
    name: GIT_REVISION
    type: string
  - name: DOCKERFILE
    type: string
    default: "./Containerfile"
  - name: CONTEXT
    type: string
    default: "buildArgs"
  - name: BUILD_EXTRA_ARGS
    type: string
    default: "--build-arg USERNAME=$USERNAME --build-arg PASSWORD=$PASSWORD"
  tasks:
  - name: fetch-repository
    params:
    - name: url
      value: $(params.GIT_REPO)
    - name: revision
      value: $(params.GIT_REVISION)
    taskRef:
      kind: ClusterTask
      name: git-clone
    workspaces:
    - name: output
      workspace: workspace
  - name: buildah-with-secret
    params:
    - name: IMAGE
      value: $(params.IMAGE_NAME)
    - name: DOCKERFILE
      value: $(params.DOCKERFILE)
    - name: CONTEXT
      value: $(params.CONTEXT)
    - name: BUILD_EXTRA_ARGS
      value: $(params.BUILD_EXTRA_ARGS)
    runAfter:
    - fetch-repository
    taskRef:
      kind: Task
      name: buildah-with-secret
    workspaces:
    - name: source
      workspace: workspace
  workspaces:
  - name: workspace

apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
  labels:
    tekton.dev/pipeline: buildah-pipeline
  name: buildah-pipeline-1
spec:
  pipelineRef:
    name: buildah-pipeline
  serviceAccountName: pipeline
  timeout: 1h0m0s
  workspaces:
  - name: workspace
    # persistentVolumeClaim:
    #   claimName: workspace
    volumeClaimTemplate:
      spec:
        accessModes:
          - ReadWriteMany # access mode may affect how you can use this volume in parallel tasks
        resources:
          requests:
            storage: 1Gi