diff --git a/.github/tekton/README.md b/.github/tekton/README.md index e86b6e1..ec6ddb1 100644 --- a/.github/tekton/README.md +++ b/.github/tekton/README.md @@ -6,13 +6,18 @@ We dogfood our project by using Tekton Pipelines to build and test `ks`. This di ## Tekton manifests -| Manifest | Description | -| ---------------------------------- | ---------------------------------------------------------------------------------- | -| build-bot.yaml | Needed by `PipelineRun`. For more granularity in specifying execution credentials. | -| pull-request-pipeline.yaml | `Pipeline` configuration for ks when pull request event is comming. | -| shared-storage.yaml | Share volume among tasks. Such as source code output from `git-clone` task. | -| pull-request-trigger.yaml | Indicate what happens when the EventListener detects an event. | -| pull-request-trigger-template.yaml | Specifies a blueprint for PipelineRun. | +| Manifest | Description | +| ---------------------------------- | -------------------------------------------------------------------------------------------------- | +| shared-storage.yaml | Share volume among tasks. Such as source code output from `git-clone` task. | +| build-bot.yaml | Needed by `PipelineRun`. For more granularity in specifying execution credentials. | +| pull-request-pipeline.yaml | `Pipeline` configuration for ks when pull request event is comming. | +| pull-request-trigger.yaml | Indicate what happens when the EventListener detects an event. | +| pull-request-trigger-template.yaml | Specifies a blueprint for PipelineRun. | +| release-bot.yaml | Needed by `ks-release-trigger-template`. For more granularity in specifying execution credentials. | +| release-pipeline.yaml | Tasks defined in it when releasing. | +| release-trigger-template.yaml | Specifies a blueprint for releasing. | +| release-trigger.yaml | Indicate what happens when the EventListener detects an event. | +| goreleaser.yaml | For releasing using goreleaser. | ## FAQ diff --git a/.github/tekton/build-bot.yaml b/.github/tekton/build-bot.yaml index 0379f0b..d407d08 100644 --- a/.github/tekton/build-bot.yaml +++ b/.github/tekton/build-bot.yaml @@ -3,4 +3,5 @@ kind: ServiceAccount metadata: name: ks-pipeline-bot secrets: + # For setting commit status - name: github diff --git a/.github/tekton/goreleaser.yaml b/.github/tekton/goreleaser.yaml new file mode 100644 index 0000000..630293b --- /dev/null +++ b/.github/tekton/goreleaser.yaml @@ -0,0 +1,105 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: goreleaser-release + labels: + app.kubernetes.io/version: "0.2" + annotations: + tekton.dev/pipelines.minVersion: "0.12.1" + tekton.dev/categories: Automation, Publishing + tekton.dev/tags: golang, release-automation, package + tekton.dev/displayName: "GoReleaser" + tekton.dev/platforms: "linux/amd64" +spec: + description: |- + GoReleaser builds Go binaries for several platforms. + It creates a GitHub release and then pushes a Homebrew formula to a tap repository. + params: + - description: base package to build in + name: package + type: string + - default: bot-token-github + description: name of the secret holding the github-token + name: github-token-secret + type: string + - default: bot-token + description: name of the secret key holding the github-token + name: github-token-secret-key + type: string + - default: --timeout=30m + description: flags to pass to `goreleaser release` + name: flags + type: string + - default: docker.io/goreleaser/goreleaser@sha256:0e87d0e33840a556d3b9c10a7f71a3a69bcd9c29b86a180cbbf7d7ad1f3fa280 + description: container image location for goreleaser + name: image + type: string + - name: insecure_registry + description: Allows the user to push to an insecure registry that has been specified + default: "" + - name: dind_image + description: The location of the docker-in-docker image. + default: docker:dind + steps: + - image: $(params.image) + name: fetch-all-tags + script: | + git status + git diff + git fetch -p --all + workingDir: $(workspaces.source.path) + - name: release + image: $(params.image) + env: + - name: GOPATH + value: /workspace + - name: GITHUB_TOKEN + valueFrom: + secretKeyRef: + key: $(params.github-token-secret-key) + name: $(params.github-token-secret) + # Connect to the sidecar over TCP, with TLS. + - name: DOCKER_TLS_VERIFY + value: "1" + # Verify TLS. + - name: DOCKER_HOST + value: tcp://localhost:2376 + # Use the certs generated by the sidecard daemon. + - name: DOCKER_CERT_PATH + value: /certs/client + script: | + apk add --no-cache upx + goreleaser release $(params.flags) + volumeMounts: + - mountPath: /certs/client + name: dind-certs + workingDir: $(workspaces.source.path) + sidecars: + - image: $(params.dind_image) + name: server + args: + - --storage-driver=vfs + - --userland-proxy=false + - --debug + securityContext: + privileged: true + env: + # Write generated certs to the path shared with the client. + - name: DOCKER_TLS_CERTDIR + value: /certs + volumeMounts: + - mountPath: /certs/client + name: dind-certs + # Wait for the dind daemon to generate the certs it will share with the + # client. + readinessProbe: + periodSeconds: 1 + exec: + command: ['ls', '/certs/client/ca.pem'] + workspaces: + - description: The workspace containing the Go source code which needs to be released. + mountPath: /workspace/src/$(params.package) + name: source + volumes: + - name: dind-certs + emptyDir: {} diff --git a/.github/tekton/release-bot.yaml b/.github/tekton/release-bot.yaml new file mode 100644 index 0000000..3b2140f --- /dev/null +++ b/.github/tekton/release-bot.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ks-release-bot +secrets: + # For uploading assets to a release + - name: bot-token-github + # For pushing docker image to docker.io + - name: docker-id + # For pushing docker image to ghcr.io + - name: ghcr-id diff --git a/.github/tekton/release-trigger-template.yaml b/.github/tekton/release-trigger-template.yaml new file mode 100644 index 0000000..9cfcc94 --- /dev/null +++ b/.github/tekton/release-trigger-template.yaml @@ -0,0 +1,27 @@ +apiVersion: triggers.tekton.dev/v1beta1 +kind: TriggerTemplate +metadata: + name: ks-release +spec: + params: + - name: revision + - name: clone-url + - name: tag-name + resourcetemplates: + - apiVersion: tekton.dev/v1beta1 + kind: PipelineRun + metadata: + generateName: ks-release-$(tt.params.tag-name)- + spec: + serviceAccountName: ks-release-bot + pipelineRef: + name: ks-release + params: + - name: clone-url + value: $(tt.params.clone-url) + - name: revision + value: $(tt.params.revision) + workspaces: + - name: repo + persistentVolumeClaim: + claimName: shared-ks-storage diff --git a/.github/tekton/release-trigger.yaml b/.github/tekton/release-trigger.yaml new file mode 100644 index 0000000..48bdfba --- /dev/null +++ b/.github/tekton/release-trigger.yaml @@ -0,0 +1,42 @@ +apiVersion: triggers.tekton.dev/v1beta1 +kind: Trigger +metadata: + name: ks-release-trigger +spec: + interceptors: + - ref: + name: github + params: + - name: secretRef + value: + secretName: webhook-secret + secretKey: secret + - name: eventTypes + value: + - push + - ref: + name: cel + params: + - name: filter + value: "body.ref.startsWith('refs/tags/')" + - ref: + name: cel + params: + - name: filter + value: "body.repository.full_name == 'kubesphere-sigs/ks'" + - ref: + name: cel + params: + - name: overlays + value: + - key: tag-name + expression: "body.ref.replace('refs/tags/', '')" + bindings: + - name: clone-url + value: $(body.repository.clone_url) + - name: revision + value: $(extensions.tag-name) + - name: tag-name + value: $(extensions.tag-name) + template: + ref: ks-release diff --git a/.github/tekton/releaser-pipeline.yaml b/.github/tekton/releaser-pipeline.yaml new file mode 100644 index 0000000..918ecab --- /dev/null +++ b/.github/tekton/releaser-pipeline.yaml @@ -0,0 +1,41 @@ +apiVersion: tekton.dev/v1beta1 +kind: Pipeline +metadata: + name: ks-release +spec: + workspaces: + - name: repo + params: + # - name: repo-full-name + # description: "Repository full name. like: kubesphere-sigs/ks" + - name: clone-url + description: Git repository clone URL. + - name: revision + description: Git repository revision to checkout. + # - name: dashboard-url + # description: Tekton dashboard access URL, like http://demo:31962/#/namespaces/ks/pipelineruns. + tasks: + - name: checkout + taskRef: + name: git-clone + params: + - name: url + value: $(params.clone-url) + - name: revision + value: $(params.revision) + workspaces: + - name: output + workspace: repo + - name: release + runAfter: + - checkout + taskRef: + name: goreleaser-release + params: + - name: package + value: github.com/kubesphere-sigs/ks + - name: flags + value: --rm-dist --debug + workspaces: + - name: source + workspace: repo diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml.disable similarity index 100% rename from .github/workflows/release.yaml rename to .github/workflows/release.yaml.disable diff --git a/.goreleaser.yml b/.goreleaser.yml index 3425aa6..229fe8b 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -108,3 +108,9 @@ dockers: - "surenpi/ks:{{.Tag}}" - "ghcr.io/linuxsuren/ks/ks:latest" - "ghcr.io/linuxsuren/ks/ks:{{.Tag}}" + - goos: linux + goarch: amd64 + dockerfile: build/Dockerfile + image_templates: + - "surenpi/ks-tool:v1.17.0-{{.Tag}}" + - "surenpi/ks-tool:v1.17.0:latest"