🚀
tektonでgithubのpriavaterepositoryをgitcloneできるようにする
概要
tektonでGithubのPrivateRepositoryからGitCloneして云々ということは必ずやりたいことの一つではある。
README.mdをcatするだけのタスクを実行してCloneできているかを見る。
準備
pipelineを作成
kubectl apply --filename \
https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
git-cloneのタスクを作成する
kubectl apply -f \
https://raw.githubusercontent.com/tektoncd/catalog/main/task/git-clone/0.6/git-clone.yaml
手順
- secret.yamlを作成する
秘密鍵とknown_hostsをセットする。
ちなみに、id_rsaの形式でもOK。その場合は、キーもid_rsaに変更する。
apiVersion: v1
kind: Secret
metadata:
name: git-credentials
data:
id_ed25519: # cat ~/.ssh/id_ed25519 | base64 -w 0
known_hosts: # cat ~/.ssh/known_hosts -w 0
- show-readme.yamlを作成する
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: show-readme
spec:
description: Read and display README file.
workspaces:
- name: source
steps:
- name: read
image: alpine:latest
script: |
#!/usr/bin/env sh
cat $(workspaces.source.path)/README.md
- pipeline.yamlを作成する
workspaces:
- name: shared-data
description: |
This workspace contains the cloned repo files, so they can be read by the
next task.
- name: git-credentials
description: My ssh credentials
tasks:
- name: fetch-source
taskRef:
name: git-clone
workspaces:
- name: output
workspace: shared-data
- name: ssh-directory
workspace: git-credentials
- pipelinerun.yamlを作成する
workspaces:
- name: shared-data
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
- name: git-credentials
secret:
secretName: git-credentials
params:
- name: repo-url
value: git@github.com:vampire-yuta/openstack-kindle.git # private repositoryを指定する(ssh形式のgit)
- 各種マニフェストをApplyする
kubectl apply -f show-readme.yam
kubectl apply -f pipeline.yaml
kubectl create -f pipelinerun.yaml
- Apply後のログ確認
tkn pipelinerun logs clone-read-run-4kgjr -f
最後に、READMEの内容を読み込んでいるのでちゃんとCloneができているということになる。
❯ tkn pr logs clone-read-run-9mdrn -f
[fetch-source : clone] + '[' false '=' true ]
[fetch-source : clone] + '[' true '=' true ]
[fetch-source : clone] + cp -R /workspace/ssh-directory /tekton/home/.ssh
[fetch-source : clone] + chmod 700 /tekton/home/.ssh
[fetch-source : clone] + chmod -R 400 /tekton/home/.ssh/id_ed25519 /tekton/home/.ssh/known_hosts
[fetch-source : clone] + '[' false '=' true ]
[fetch-source : clone] + CHECKOUT_DIR=/workspace/output/
[fetch-source : clone] + '[' true '=' true ]
[fetch-source : clone] + cleandir
[fetch-source : clone] + '[' -d /workspace/output/ ]
[fetch-source : clone] + rm -rf '/workspace/output//*'
[fetch-source : clone] + rm -rf '/workspace/output//.[!.]*'
[fetch-source : clone] + rm -rf '/workspace/output//..?*'
[fetch-source : clone] + test -z
[fetch-source : clone] + test -z
[fetch-source : clone] + test -z
[fetch-source : clone] + /ko-app/git-init '-url=git@github.com:vampire-yuta/openstack-kindle.git' '-revision=' '-refspec=' '-path=/workspace/output/' '-sslVerify=true' '-submodules=true' '-depth=1' '-sparseCheckoutDirectories='
[fetch-source : clone] {"level":"warn","ts":1739277394.7910533,"caller":"git/git.go:278","msg":"URL(\"git@github.com:vampire-yuta/openstack-kindle.git\") appears to need SSH authentication but no SSH credentials have been provided"}
[fetch-source : clone] {"level":"info","ts":1739277460.453175,"caller":"git/git.go:170","msg":"Successfully cloned git@github.com:vampire-yuta/openstack-kindle.git @ 90ceddfad3d46a6680e21d49c5b3787479f6c2ac (grafted, HEAD) in path /workspace/output/"}
[fetch-source : clone] {"level":"info","ts":1739277460.475869,"caller":"git/git.go:208","msg":"Successfully initialized and updated submodules in path /workspace/output/"}
[fetch-source : clone] + cd /workspace/output/
[fetch-source : clone] + git rev-parse HEAD
[fetch-source : clone] + RESULT_SHA=90ceddfad3d46a6680e21d49c5b3787479f6c2ac
[fetch-source : clone] + EXIT_CODE=0
[fetch-source : clone] + '[' 0 '!=' 0 ]
[fetch-source : clone] + printf '%s' 90ceddfad3d46a6680e21d49c5b3787479f6c2ac
[fetch-source : clone] + printf '%s' git@github.com:vampire-yuta/openstack-kindle.git
[show-readme : read] # openstack-kindle
[show-readme : read]
[show-readme : read] aaa
参考
Discussion