forked from tektoncd/pipeline
-
Notifications
You must be signed in to change notification settings - Fork 0
/
publish-nightly.yaml
239 lines (212 loc) · 8.84 KB
/
publish-nightly.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: publish-tekton-pipelines-nightly
spec:
inputs:
resources:
- name: source
type: git
targetPath: go/src/github.com/tektoncd/pipeline
- name: bucket
type: storage
params:
# TODO(triggers#87) This Task has no verisonTag parameter (like publish-tekton-pipelines) because Prow does not allow the value to be provided dynamically
- name: imageRegistry
description: TODO(#569) This is a hack to make it easy for folks to switch the registry being used by the many many image outputs
- name: pathToProject
description: The path to the folder in the go/src dir that contains the project, which is used by `ko` to name the resulting images
outputs:
resources:
- name: bucket
type: storage
- name: builtBaseImage
type: image
- name: builtEntrypointImage
type: image
- name: builtKubeconfigWriterImage
type: image
- name: builtCredsInitImage
type: image
- name: builtGitInitImage
type: image
- name: builtNopImage
type: image
- name: builtBashImage
type: image
- name: builtGsutilImage
type: image
- name: builtControllerImage
type: image
- name: builtWebhookImage
type: image
- name: builtDigestExporterImage
type: image
- name: builtPullRequestInitImage
type: image
- name: builtGcsFetcherImage
type: image
steps:
- name: build-push-base-images
image: gcr.io/kaniko-project/executor:v0.9.0
command:
- /kaniko/executor
args:
- --dockerfile=/workspace/go/src/github.com/tektoncd/pipeline/images/Dockerfile
- --destination=${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtBaseImage.url}
- --context=/workspace/go/src/github.com/tektoncd/pipeline
volumeMounts:
- name: gcp-secret
mountPath: /secret
env:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /secret/release.json
- name: create-ko-yaml
image: busybox
command:
- /bin/sh
args:
- -ce
- |
set -e
set -x
cat <<EOF > /workspace/go/src/github.com/tektoncd/pipeline/.ko.yaml
# By default ko will build images on top of distroless
baseImageOverrides:
# Use the images we just built as base images
${inputs.params.pathToProject}/${outputs.resources.builtCredsInitImage.url}: ${inputs.params.imageRegistry}/${inputs.params.pathToProject}/build-base:latest
${inputs.params.pathToProject}/${outputs.resources.builtGitInitImage.url}: ${inputs.params.imageRegistry}/${inputs.params.pathToProject}/build-base:latest
${inputs.params.pathToProject}/${outputs.resources.builtBashImage.url}: busybox # image should have shell in $PATH
${inputs.params.pathToProject}/${outputs.resources.builtEntrypointImage.url}: busybox # image should have shell in $PATH
${inputs.params.pathToProject}/${outputs.resources.builtGsutilImage.url}: google/cloud-sdk:alpine # image should have gsutil in $PATH
EOF
cat /workspace/go/src/github.com/tektoncd/pipeline/.ko.yaml
- name: ensure-release-dirs-exist
image: busybox
command: ["mkdir"]
args:
- "-p"
- "/workspace/bucket/latest/"
- "/workspace/bucket/previous/"
- name: run-ko
# TODO(#639) we should be able to use the image built by an upstream Task here instead of hardcoding
image: gcr.io/tekton-nightly/ko-ci
env:
- name: KO_DOCKER_REPO
value: ${inputs.params.imageRegistry}
- name: GOPATH
value: /workspace/go
- name: CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE
value: /secret/release.json
command:
- /bin/sh
args:
- -ce
- |
set -e
set -x
# Auth with CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE
gcloud auth configure-docker
# ko requires this variable to be set in order to set image creation timestamps correctly https://github.com/google/go-containerregistry/pull/146
export SOURCE_DATE_EPOCH=`date +%s`
# Change to directory with our .ko.yaml
cd /workspace/go/src/github.com/tektoncd/pipeline
# For each cmd/* directory, include a full gzipped tar of all source in
# vendor/. This is overkill. Some deps' licenses require the source to be
# included in the container image when they're used as a dependency.
# Rather than trying to determine which deps have this requirement (and
# probably get it wrong), we'll just targz up the whole vendor tree and
# include it. As of 9/20/2019, this amounts to about 11MB of additional
# data in each image.
TMPDIR=$(mktemp -d)
tar cvfz ${TMPDIR}/source.tar.gz vendor/
for d in cmd/*; do
ln -s ${TMPDIR}/source.tar.gz ${d}/kodata/
done
# Publish images and create release.yaml
ko resolve --preserve-import-paths -f /workspace/go/src/github.com/tektoncd/pipeline/config/ > /workspace/bucket/latest/release.yaml
volumeMounts:
- name: gcp-secret
mountPath: /secret
- name: generate-release-version
image: alpine/git
command:
- /bin/sh
args:
- -ce
- |
set -e
set -x
# Can't use workingDir due to #1267
cd /workspace/go/src/github.com/tektoncd/pipeline
# Nightly releases use vYYYYMMDD-commit
COMMIT=$(git rev-parse HEAD | cut -c 1-10)
DATE=$(date +"%Y%m%d")
VERSION_TAG="$DATE-$COMMIT"
echo $VERSION_TAG > "/builder/home/version"
- name: copy-to-tagged-bucket
image: busybox
command:
- /bin/sh
args:
- -ce
- |
set -e
set -x
# Can't use workingDir due to #1267
cd /workspace/bucket
# TODO(https://github.com/tektoncd/triggers/issues/87) if the versionTag could be generated dynamically, we could use the same Task for nightly + official releases
export VERSION_TAG="$(cat /builder/home/version)"
mkdir -p /workspace/bucket/previous/$VERSION_TAG/
cp /workspace/bucket/latest/release.yaml /workspace/bucket/previous/$VERSION_TAG/release.yaml
- name: tag-images
image: google/cloud-sdk
command:
- /bin/bash
args:
- -ce
- |
set -e
set -x
# TODO(https://github.com/tektoncd/triggers/issues/87) if the versionTag could be generated dynamically, we could use the same Task for nightly + official releases
export VERSION_TAG="$(cat /builder/home/version)"
REGIONS=(us eu asia)
IMAGES=(
${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtEntrypointImage.url}
${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtKubeconfigWriterImage.url}
${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtCredsInitImage.url}
${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtGitInitImage.url}
${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtNopImage.url}
${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtBashImage.url}
${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtGsutilImage.url}
${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtControllerImage.url}
${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtWebhookImage.url}
${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtDigestExporterImage.url}
${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtPullRequestInitImage.url}
${inputs.params.imageRegistry}/${inputs.params.pathToProject}/${outputs.resources.builtGcsFetcherImage.url}
)
# Parse the built images from the release.yaml generated by ko
BUILT_IMAGES=( $(/workspace/go/src/github.com/tektoncd/pipeline/tekton/koparse/koparse.py --path /workspace/bucket/latest/release.yaml --base ${inputs.params.imageRegistry}/${inputs.params.pathToProject} --images ${IMAGES[@]}) )
# Auth with account credentials
gcloud auth activate-service-account --key-file=/secret/release.json
# Tag the images and put them in all the regions
for IMAGE in "${BUILT_IMAGES[@]}"
do
IMAGE_WITHOUT_SHA=${IMAGE%%@*}
gcloud -q container images add-tag ${IMAGE} ${IMAGE_WITHOUT_SHA}:latest
gcloud -q container images add-tag ${IMAGE} ${IMAGE_WITHOUT_SHA}:$VERSION_TAG
for REGION in "${REGIONS[@]}"
do
for TAG in "latest" $VERSION_TAG
do
gcloud -q container images add-tag ${IMAGE} ${REGION}.${IMAGE_WITHOUT_SHA}:$TAG
done
done
done
volumeMounts:
- name: gcp-secret
mountPath: /secret
volumes:
- name: gcp-secret
secret:
secretName: release-secret