From 9ac0e05734deae505421539de6212ae094c7c3dc Mon Sep 17 00:00:00 2001 From: "Randal S. Harisch" Date: Sun, 24 Sep 2023 19:10:42 -0600 Subject: [PATCH] chore: added git-clone task --- tasks/git-clone.yaml | 246 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 246 insertions(+) create mode 100644 tasks/git-clone.yaml diff --git a/tasks/git-clone.yaml b/tasks/git-clone.yaml new file mode 100644 index 0000000..101497b --- /dev/null +++ b/tasks/git-clone.yaml @@ -0,0 +1,246 @@ +apiVersion: tekton.dev/v1 +kind: Task +metadata: + annotations: + tekton.dev/categories: Git + tekton.dev/displayName: git clone + tekton.dev/pipelines.minVersion: 0.38.0 + tekton.dev/platforms: linux/amd64,linux/s390x,linux/ppc64le,linux/arm64 + tekton.dev/tags: git + labels: + app.kubernetes.io/version: "0.9" + operator.tekton.dev/operand-name: openshift-pipelines-addons + operator.tekton.dev/provider-type: redhat + name: git-clone + namespace: goghvideo-cicd-pipeline +spec: + description: |- + These Tasks are Git tasks to work with repositories used by other tasks in your Pipeline. + The git-clone Task will clone a repo from the provided url into the output Workspace. By default the repo will be cloned into the root of your Workspace. You can clone into a subdirectory by setting this Task's subdirectory param. This Task also supports sparse checkouts. To perform a sparse checkout, pass a list of comma separated directory patterns to this Task's sparseCheckoutDirectories param. + params: + - description: Repository URL to clone from. + name: url + type: string + - default: "" + description: Revision to checkout. (branch, tag, sha, ref, etc...) + name: revision + type: string + - default: "" + description: Refspec to fetch before checking out revision. + name: refspec + type: string + - default: "true" + description: Initialize and fetch git submodules. + name: submodules + type: string + - default: "1" + description: Perform a shallow clone, fetching only the most recent N commits. + name: depth + type: string + - default: "true" + description: Set the `http.sslVerify` global git config. Setting this to `false` + is not advised unless you are sure that you trust your git remote. + name: sslVerify + type: string + - default: ca-bundle.crt + description: file name of mounted crt using ssl-ca-directory workspace. default + value is ca-bundle.crt. + name: crtFileName + type: string + - default: "" + description: Subdirectory inside the `output` Workspace to clone the repo into. + name: subdirectory + type: string + - default: "" + description: Define the directory patterns to match or exclude when performing + a sparse checkout. + name: sparseCheckoutDirectories + type: string + - default: "true" + description: Clean out the contents of the destination directory if it already + exists before cloning. + name: deleteExisting + type: string + - default: "" + description: HTTP proxy server for non-SSL requests. + name: httpProxy + type: string + - default: "" + description: HTTPS proxy server for SSL requests. + name: httpsProxy + type: string + - default: "" + description: Opt out of proxying HTTP/HTTPS requests. + name: noProxy + type: string + - default: "true" + description: Log the commands that are executed during `git-clone`'s operation. + name: verbose + type: string + - default: registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8@sha256:1a50511583fc02a27012d17d942e247813404104ddd282d7e26f99765174392c + description: The image providing the git-init binary that this Task runs. + name: gitInitImage + type: string + - default: /home/git + description: | + Absolute path to the user's home directory. + name: userHome + type: string + results: + - description: The precise commit SHA that was fetched by this Task. + name: commit + type: string + - description: The precise URL that was fetched by this Task. + name: url + type: string + - description: The epoch timestamp of the commit that was fetched by this Task. + name: committer-date + type: string + steps: + - env: + - name: HOME + value: $(params.userHome) + - name: PARAM_URL + value: $(params.url) + - name: PARAM_REVISION + value: $(params.revision) + - name: PARAM_REFSPEC + value: $(params.refspec) + - name: PARAM_SUBMODULES + value: $(params.submodules) + - name: PARAM_DEPTH + value: $(params.depth) + - name: PARAM_SSL_VERIFY + value: $(params.sslVerify) + - name: PARAM_CRT_FILENAME + value: $(params.crtFileName) + - name: PARAM_SUBDIRECTORY + value: $(params.subdirectory) + - name: PARAM_DELETE_EXISTING + value: $(params.deleteExisting) + - name: PARAM_HTTP_PROXY + value: $(params.httpProxy) + - name: PARAM_HTTPS_PROXY + value: $(params.httpsProxy) + - name: PARAM_NO_PROXY + value: $(params.noProxy) + - name: PARAM_VERBOSE + value: $(params.verbose) + - name: PARAM_SPARSE_CHECKOUT_DIRECTORIES + value: $(params.sparseCheckoutDirectories) + - name: PARAM_USER_HOME + value: $(params.userHome) + - name: WORKSPACE_OUTPUT_PATH + value: $(workspaces.output.path) + - name: WORKSPACE_SSH_DIRECTORY_BOUND + value: $(workspaces.ssh-directory.bound) + - name: WORKSPACE_SSH_DIRECTORY_PATH + value: $(workspaces.ssh-directory.path) + - name: WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND + value: $(workspaces.basic-auth.bound) + - name: WORKSPACE_BASIC_AUTH_DIRECTORY_PATH + value: $(workspaces.basic-auth.path) + - name: WORKSPACE_SSL_CA_DIRECTORY_BOUND + value: $(workspaces.ssl-ca-directory.bound) + - name: WORKSPACE_SSL_CA_DIRECTORY_PATH + value: $(workspaces.ssl-ca-directory.path) + image: $(params.gitInitImage) + name: clone + script: | + #!/usr/bin/env sh + set -eu + + if [ "${PARAM_VERBOSE}" = "true" ] ; then + set -x + fi + + if [ "${WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND}" = "true" ] ; then + cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials" "${PARAM_USER_HOME}/.git-credentials" + cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig" "${PARAM_USER_HOME}/.gitconfig" + chmod 400 "${PARAM_USER_HOME}/.git-credentials" + chmod 400 "${PARAM_USER_HOME}/.gitconfig" + fi + + if [ "${WORKSPACE_SSH_DIRECTORY_BOUND}" = "true" ] ; then + cp -LR "${WORKSPACE_SSH_DIRECTORY_PATH}"/* "${PARAM_USER_HOME}"/.ssh + chmod 700 "${PARAM_USER_HOME}"/.ssh + chmod -R 400 "${PARAM_USER_HOME}"/.ssh/* + fi + + if [ "${WORKSPACE_SSL_CA_DIRECTORY_BOUND}" = "true" ] ; then + export GIT_SSL_CAPATH="${WORKSPACE_SSL_CA_DIRECTORY_PATH}" + if [ "${PARAM_CRT_FILENAME}" != "" ] ; then + export GIT_SSL_CAINFO="${WORKSPACE_SSL_CA_DIRECTORY_PATH}/${PARAM_CRT_FILENAME}" + fi + fi + CHECKOUT_DIR="${WORKSPACE_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}" + + cleandir() { + # Delete any existing contents of the repo directory if it exists. + # + # We don't just "rm -rf ${CHECKOUT_DIR}" because ${CHECKOUT_DIR} might be "/" + # or the root of a mounted volume. + if [ -d "${CHECKOUT_DIR}" ] ; then + # Delete non-hidden files and directories + rm -rf "${CHECKOUT_DIR:?}"/* + # Delete files and directories starting with . but excluding .. + rm -rf "${CHECKOUT_DIR}"/.[!.]* + # Delete files and directories starting with .. plus any other character + rm -rf "${CHECKOUT_DIR}"/..?* + fi + } + + if [ "${PARAM_DELETE_EXISTING}" = "true" ] ; then + cleandir || true + fi + + test -z "${PARAM_HTTP_PROXY}" || export HTTP_PROXY="${PARAM_HTTP_PROXY}" + test -z "${PARAM_HTTPS_PROXY}" || export HTTPS_PROXY="${PARAM_HTTPS_PROXY}" + test -z "${PARAM_NO_PROXY}" || export NO_PROXY="${PARAM_NO_PROXY}" + + git config --global --add safe.directory "${WORKSPACE_OUTPUT_PATH}" + /ko-app/git-init \ + -url="${PARAM_URL}" \ + -revision="${PARAM_REVISION}" \ + -refspec="${PARAM_REFSPEC}" \ + -path="${CHECKOUT_DIR}" \ + -sslVerify="${PARAM_SSL_VERIFY}" \ + -submodules="${PARAM_SUBMODULES}" \ + -depth="${PARAM_DEPTH}" \ + -sparseCheckoutDirectories="${PARAM_SPARSE_CHECKOUT_DIRECTORIES}" + cd "${CHECKOUT_DIR}" + RESULT_SHA="$(git rev-parse HEAD)" + EXIT_CODE="$?" + if [ "${EXIT_CODE}" != 0 ] ; then + exit "${EXIT_CODE}" + fi + RESULT_COMMITTER_DATE="$(git log -1 --pretty=%ct)" + printf "%s" "${RESULT_COMMITTER_DATE}" > "$(results.committer-date.path)" + printf "%s" "${RESULT_SHA}" > "$(results.commit.path)" + printf "%s" "${PARAM_URL}" > "$(results.url.path)" + securityContext: + runAsNonRoot: true + runAsUser: 65532 + workspaces: + - description: The git repo will be cloned onto the volume backing this Workspace. + name: output + - description: | + A .ssh directory with private key, known_hosts, config, etc. Copied to + the user's home before git commands are executed. Used to authenticate + with the git remote when performing the clone. Binding a Secret to this + Workspace is strongly recommended over other volume types. + name: ssh-directory + optional: true + - description: | + A Workspace containing a .gitconfig and .git-credentials file. These + will be copied to the user's home before any git commands are run. Any + other files in this Workspace are ignored. It is strongly recommended + to use ssh-directory over basic-auth whenever possible and to bind a + Secret to this Workspace over other volume types. + name: basic-auth + optional: true + - description: | + A workspace containing CA certificates, this will be used by Git to + verify the peer with when fetching or pushing over HTTPS. + name: ssl-ca-directory + optional: true