Skip to content

Latest commit

 

History

History
 
 

trusted-artifacts

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Trusted Artifacts variants generator

Description

This tool is used for the generation of trusted artifacts variants of a task. It will process a set of directions in recipe.yaml file and based on that and a set of builtin conventions generate the Tekton Task definition in YAML format.

This tool is used by the hack/generate-ta-tasks.sh script.

Usage

The tool uses only one argument - path to the recipe.yaml file. These recipe.yaml files are stored in the task directories ending with -oci-ta.

Usage (from the task-generator/trusted-artifacts directory)

go run . path/to/recipe.yaml

The generated Trusted Artifacts Task is provided on the standard output.

Recipe defines how to transform a non-Trusted Artifacts Tekton Task definition to a Trusted Artifacts Tekton Task definition.

Basic recipe consists of providing a base path to the non-Trusted Artifacts Task and declaring that the Task will either create or use Trusted Artifacts by setting the add to create-source, create-cachi2, use-source and/or use-cachi2.

For example:

---
base: ../../mytask/0.1/mytask.yaml
add:
  - use-source
  - create-source

Further options can be added as needed, most commonly removal of workspace declarations using removeWorkspaces and string replacements using replacements.

Configuration in recipe.yaml

The following is the list of supported options:

Option Type Description
add sequence of strings Task Steps to add, can be one or more of create-source, create-cachi2, use-source or use-cachi2
addEnvironment sequence of EnvVar Additional environment variables to add to all existing Task Steps in the non-Trusted Artifact Task
additionalSteps sequence of AdditionalSteps Additional Tekton Steps to add
addParams sequence of Tekton ParamSpecs Additional Tekton Task parameters to add to the Task
addResult sequence of Tekton TaskResults Additional Tekton Task results to add to the Task
addVolume sequence of Volumes Additional Volumes to add to the Task
addVolumeMount sequence of VolumeMounts Additional VolumeMount to add to the Task
base string Relative path from recipe.yaml to the Task definition of the non-Trusted Artifacts Task
description string Description of the Trusted Artifacts Task
displaySuffix string Additional text to place to the value of tekton.dev/displayName annotation from the non-Trusted Artifacts Task to the Trusted Artifacts Task (default: " oci trusted artifacts")
preferStepTemplate boolean When true preference is set to configure common configuration on the Task.spec.stepTemplate rather than on each Task Step
regexReplacements map of strings keys and string values Perform regular expression-based replacement with keys being the regular expression and the values being the replacement, see Replacements
removeParams sequence of strings Names of Task parameters to remove
removeVolumes sequence of strings Names of Task Volumes to remove
removeWorkspaces sequence of strings Names of Workspaces to remove
replacements map of strings keys and string values Replacements to perform, keys will be replaced with the values
suffix string Additional text to place to the Task name from the non-Trusted Artifacts Task to the Trusted Artifacts Task (default: "-oci-ta")

Additional steps

Option Type Description
Any key from Tekton Step Tekton Step Inline definition of a Tekton Step
at number Step insertion point as a index of the Task.spec.steps sequence

Replacements

Both regular expression (regexReplacements) and string based replacements (replacements) operate on a fixed set of keys in the Task, these are:

  • Task.spec.stepTemplate.env
  • Task.spec.stepTemplate.workingDir
  • Task.spec.steps.env
  • Task.spec.steps.workingDir
  • Task.spec.steps.script

Testing

There are various included tests in the golden folder. They use the base.yaml file which gets modified based on the recipe.yaml and is compared to the ta.yaml

go test ./...