🚀

tektonでgithubのpriavaterepositoryをgitcloneできるようにする

2025/02/11に公開

概要

tektonでGithubのPrivateRepositoryからGitCloneして云々ということは必ずやりたいことの一つではある。
README.mdをcatするだけのタスクを実行してCloneできているかを見る。

準備

pipelineを作成

kubectl apply --filename \
https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml

git-cloneのタスクを作成する

kubectl apply -f \
https://raw.githubusercontent.com/tektoncd/catalog/main/task/git-clone/0.6/git-clone.yaml

手順

  1. secret.yamlを作成する

秘密鍵とknown_hostsをセットする。
ちなみに、id_rsaの形式でもOK。その場合は、キーもid_rsaに変更する。

apiVersion: v1
kind: Secret
metadata:
  name: git-credentials
data:
  id_ed25519: # cat ~/.ssh/id_ed25519 | base64 -w 0
  known_hosts: # cat ~/.ssh/known_hosts -w 0
  1. show-readme.yamlを作成する
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: show-readme
spec:
  description: Read and display README file.
  workspaces:
  - name: source
  steps:
  - name: read
    image: alpine:latest
    script: | 
      #!/usr/bin/env sh
      cat $(workspaces.source.path)/README.md
  1. pipeline.yamlを作成する
workspaces:
- name: shared-data
  description: | 
    This workspace contains the cloned repo files, so they can be read by the
    next task.
- name: git-credentials
  description: My ssh credentials
tasks:
- name: fetch-source
  taskRef:
    name: git-clone
  workspaces:
  - name: output
    workspace: shared-data
  - name: ssh-directory
    workspace: git-credentials
  1. pipelinerun.yamlを作成する
workspaces:
- name: shared-data
  volumeClaimTemplate:
    spec:
      accessModes:
      - ReadWriteOnce
      resources:
        requests:
          storage: 1Gi
- name: git-credentials
  secret:
    secretName: git-credentials
params:
- name: repo-url
  value: git@github.com:vampire-yuta/openstack-kindle.git # private repositoryを指定する(ssh形式のgit)
  1. 各種マニフェストをApplyする
kubectl apply -f show-readme.yam
kubectl apply -f pipeline.yaml
kubectl create -f pipelinerun.yaml
  1. Apply後のログ確認
tkn pipelinerun logs  clone-read-run-4kgjr -f

最後に、READMEの内容を読み込んでいるのでちゃんとCloneができているということになる。

❯ tkn pr logs clone-read-run-9mdrn -f
[fetch-source : clone] + '[' false '=' true ]
[fetch-source : clone] + '[' true '=' true ]
[fetch-source : clone] + cp -R /workspace/ssh-directory /tekton/home/.ssh
[fetch-source : clone] + chmod 700 /tekton/home/.ssh
[fetch-source : clone] + chmod -R 400 /tekton/home/.ssh/id_ed25519 /tekton/home/.ssh/known_hosts
[fetch-source : clone] + '[' false '=' true ]
[fetch-source : clone] + CHECKOUT_DIR=/workspace/output/
[fetch-source : clone] + '[' true '=' true ]
[fetch-source : clone] + cleandir
[fetch-source : clone] + '[' -d /workspace/output/ ]
[fetch-source : clone] + rm -rf '/workspace/output//*'
[fetch-source : clone] + rm -rf '/workspace/output//.[!.]*'
[fetch-source : clone] + rm -rf '/workspace/output//..?*'
[fetch-source : clone] + test -z
[fetch-source : clone] + test -z
[fetch-source : clone] + test -z
[fetch-source : clone] + /ko-app/git-init '-url=git@github.com:vampire-yuta/openstack-kindle.git' '-revision=' '-refspec=' '-path=/workspace/output/' '-sslVerify=true' '-submodules=true' '-depth=1' '-sparseCheckoutDirectories='
[fetch-source : clone] {"level":"warn","ts":1739277394.7910533,"caller":"git/git.go:278","msg":"URL(\"git@github.com:vampire-yuta/openstack-kindle.git\") appears to need SSH authentication but no SSH credentials have been provided"}
[fetch-source : clone] {"level":"info","ts":1739277460.453175,"caller":"git/git.go:170","msg":"Successfully cloned git@github.com:vampire-yuta/openstack-kindle.git @ 90ceddfad3d46a6680e21d49c5b3787479f6c2ac (grafted, HEAD) in path /workspace/output/"}
[fetch-source : clone] {"level":"info","ts":1739277460.475869,"caller":"git/git.go:208","msg":"Successfully initialized and updated submodules in path /workspace/output/"}
[fetch-source : clone] + cd /workspace/output/
[fetch-source : clone] + git rev-parse HEAD
[fetch-source : clone] + RESULT_SHA=90ceddfad3d46a6680e21d49c5b3787479f6c2ac
[fetch-source : clone] + EXIT_CODE=0
[fetch-source : clone] + '[' 0 '!=' 0 ]
[fetch-source : clone] + printf '%s' 90ceddfad3d46a6680e21d49c5b3787479f6c2ac
[fetch-source : clone] + printf '%s' git@github.com:vampire-yuta/openstack-kindle.git

[show-readme : read] # openstack-kindle
[show-readme : read]
[show-readme : read] aaa

参考

https://tekton.dev/docs/how-to-guides/clone-repository/#git-authentication
https://inorio.hatenablog.com/entry/2024/02/14/180000
https://zenn.dev/ysmtegsr/articles/f537c9144f1cd103a05b

Discussion