From 83a5ed34b1878ef61ccd6afc5b6ce0bae660f770 Mon Sep 17 00:00:00 2001 From: Senjuti De Date: Thu, 31 Aug 2023 16:32:49 +0530 Subject: [PATCH 1/4] Created doc folder with documentation for 2 tasks --- doc/buildah.md | 68 ++++++++++++++++++++++++++++++++++++++++++++++ doc/skopeo-copy.md | 53 ++++++++++++++++++++++++++++++++++++ 2 files changed, 121 insertions(+) create mode 100644 doc/buildah.md create mode 100644 doc/skopeo-copy.md diff --git a/doc/buildah.md b/doc/buildah.md new file mode 100644 index 0000000..87a179e --- /dev/null +++ b/doc/buildah.md @@ -0,0 +1,68 @@ +Containers Tekton Tasks +----------------------- + +# `Buildah` Tekton Task + +The `buildah` Task is meant to build [OCI][OCI] container images without the requirement of container runtime daemon like Docker daemon using [Buildah][containersBuildah], the Task results contain the image name and the SHA256 image digest. + +Please, consider the usage example below: + +```yaml +--- +apiVersion: tekton.dev/v1beta1 +kind: PipelineRun +metadata: + generateName: task-buildah-run- +spec: + pipelineRef: + name: task-buildah + params: + - name: IMAGE + value: your-image-name + - name: TLS_VERIFY + value: true + - name: VERBOSE + value: false + workspaces: + - name: source + persistentVolumeClaim: + claimName: your-pvc-name +``` +You'll need to replace `your-image-name` with the actual name of the image you want to build, and `your-pvc-name` with the name of the PersistentVolumeClaim where your source code is stored. +In case the Container Registry requires authentication, please consider the [Tekton Pipelines documentation][tektonPipelineAuth]. In a nutshell, you need to create a Kubernetes Secret describing the following attributes: + +```bash +kubectl create secret docker-registry imagestreams \ + --docker-server="image-registry.openshift-image-registry.svc:5000" \ + --docker-username="${REGISTRY_USERNAME}" \ + --docker-password="${REGISTRY_TOKEN}" +``` + +Then make sure the Secret is linked with the Service-Account running the `TaskRun`/`PipelineRun`. + +## Params + +| Param | Type | Default | Description | +| :------------ | :------------------------: | :--------------------------- | :------------------------- | +| `IMAGE` | `string` | (required) | Fully qualified source container image name, including tag, to be built by buildah. | +| `CONTAINERFILE_PATH` | `string` | `Containerfile` | Path to the `Containerfile` (or `Dockerfile`) relative to the `source` workspace. | +| `TLS_VERIFY` | `string` | `true` | Sets the TLS verification flags, `true` is recommended. | +| `VERBOSE` | `string` | `false` | Shows a more verbose (debug) output. | +| `SUBDIRECTORY` | `string` | `.` | Relative subdirectory to the `source` Workspace for the build-context. | +| `STORAGE_DRIVER` | `string` | `overlay` | Set buildah storage driver to reflect the currrent cluster node's settings. | +| `BUILD_EXTRA_ARGS` | `string` | `""` | Extra parameters passed for the build command when building images. | +| `PUSH_EXTRA_ARGS` | `string` | `""` | Extra parameters passed for the push command when pushing images. | +| `SKIP_PUSH` | `string` | `false` | Skip pushing the image to the container registry. | + + +## Results + +| Result | Description | +| :------------ | :------------------------- | +| `IMAGE_URL` | Fully qualified image name. | +| `IMAGE_DIGEST` | SHA256 digest of the image just built. | + +[tektonPipelineAuth]: https://tekton.dev/docs/pipelines/auth/#configuring-docker-authentication-for-docker +[containersBuildah]: https://github.com/containers/buildah +[OCI]: https://opencontainers.org/ + diff --git a/doc/skopeo-copy.md b/doc/skopeo-copy.md new file mode 100644 index 0000000..371bba3 --- /dev/null +++ b/doc/skopeo-copy.md @@ -0,0 +1,53 @@ +Containers Tekton Tasks +----------------------- + +# `skopeo-copy` Tekton Task + +The `skopeo-copy` Task is meant to replicate a container image from the `SOURCE` registry to the `DESTINATION` using [Skopeo][containersSkopeo], the Task results contain the SHA256 digests. + +Please, consider the usage example below: + +```yaml +--- +apiVersion: tekton.dev/v1beta1 +kind: TaskRun +metadata: {} +spec: + taskRef: + name: skopeo-copy + params: + - name: SOURCE + value: docker://docker.io/busybox:latest + - name: DESTINATION + value: docker://image-registry.openshift-image-registry.svc:5000/task-containers/busybox:latest +``` + +In case the Container Registry requires authentication, please consider the [Tekton Pipelines documentation][tektonPipelineAuth]. In a nutshell, you need to create a Kubernetes Secret describing the following attributes: + +```bash +kubectl create secret docker-registry imagestreams \ + --docker-server="image-registry.openshift-image-registry.svc:5000" \ + --docker-username="${REGISTRY_USERNAME}" \ + --docker-password="${REGISTRY_TOKEN}" +``` + +Then make sure the Secret is linked with the Service-Account running the `TaskRun`/`PipelineRun`. + +## Params + +| Param | Type | Default | Description | +| :------------ | :------------------------: | :--------------------------- | :------------------------- | +| `SOURCE` | `string` | (required) | Fully qualified source container image name, including tag, to be copied into `DESTINATION` param. | +| `DESTINATION` | `string` | (required) | Fully qualified destination container image name, including tag. | +| `TLS_VERIFY` | `string` | `true` | Sets the TLS verification flags, `true` is recommended. | +| `VERBOSE` | `string` | `false` | Shows a more verbose (debug) output. | + +## Results + +| Result | Description | +| :------------ | :------------------------- | +| `SOURCE_DIGEST` | Source image SHA256 digest. | +| `DESTINATION_DIGEST` | Destination image SHA256 digest. | + +[tektonPipelineAuth]: https://tekton.dev/docs/pipelines/auth/#configuring-docker-authentication-for-docker +[containersSkopeo]: https://github.com/containers/skopeo \ No newline at end of file From 422c14acd96bec0f0b5c24b8fba6efee9e102358 Mon Sep 17 00:00:00 2001 From: Senjuti De Date: Tue, 5 Sep 2023 18:22:53 +0530 Subject: [PATCH 2/4] Updated doc --- doc/buildah.md | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/doc/buildah.md b/doc/buildah.md index 87a179e..33eb1a8 100644 --- a/doc/buildah.md +++ b/doc/buildah.md @@ -1,9 +1,9 @@ -Containers Tekton Tasks +`Buildah` Tekton Task ----------------------- -# `Buildah` Tekton Task +# The `buildah` Task is meant to build [OCI][OCI] container images without the requirement of container runtime daemon like Docker daemon using [Buildah][containersBuildah], the Task results contain the image name and the SHA256 image digest. -The `buildah` Task is meant to build [OCI][OCI] container images without the requirement of container runtime daemon like Docker daemon using [Buildah][containersBuildah], the Task results contain the image name and the SHA256 image digest. +## Usage Please, consider the usage example below: @@ -50,8 +50,8 @@ Then make sure the Secret is linked with the Service-Account running the `TaskRu | `VERBOSE` | `string` | `false` | Shows a more verbose (debug) output. | | `SUBDIRECTORY` | `string` | `.` | Relative subdirectory to the `source` Workspace for the build-context. | | `STORAGE_DRIVER` | `string` | `overlay` | Set buildah storage driver to reflect the currrent cluster node's settings. | -| `BUILD_EXTRA_ARGS` | `string` | `""` | Extra parameters passed for the build command when building images. | -| `PUSH_EXTRA_ARGS` | `string` | `""` | Extra parameters passed for the push command when pushing images. | +| `BUILD_EXTRA_ARGS` | `string` | `` | Extra parameters passed for the build command when building images. | +| `PUSH_EXTRA_ARGS` | `string` | `` | Extra parameters passed for the push command when pushing images. | | `SKIP_PUSH` | `string` | `false` | Skip pushing the image to the container registry. | @@ -66,3 +66,8 @@ Then make sure the Secret is linked with the Service-Account running the `TaskRu [containersBuildah]: https://github.com/containers/buildah [OCI]: https://opencontainers.org/ +## Workspace + +| Name | Optional | Description | +| :------------ | :------------------------: | :--------------------------- | +| `source` | `false` | Container build context, like for instnace a application source code followed by a `Containerfile`. | \ No newline at end of file From dd6874e8411a59bb857061a2e7cb35ded6b0468d Mon Sep 17 00:00:00 2001 From: Senjuti De Date: Tue, 5 Sep 2023 18:24:11 +0530 Subject: [PATCH 3/4] Updated task description --- doc/buildah.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/buildah.md b/doc/buildah.md index 33eb1a8..cc3248b 100644 --- a/doc/buildah.md +++ b/doc/buildah.md @@ -1,7 +1,7 @@ `Buildah` Tekton Task ----------------------- -# The `buildah` Task is meant to build [OCI][OCI] container images without the requirement of container runtime daemon like Docker daemon using [Buildah][containersBuildah], the Task results contain the image name and the SHA256 image digest. +### The `buildah` Task is meant to build [OCI][OCI] container images without the requirement of container runtime daemon like Docker daemon using [Buildah][containersBuildah], the Task results contain the image name and the SHA256 image digest. ## Usage From b92a8dff6fa0df9a85604af757eedcf343de3490 Mon Sep 17 00:00:00 2001 From: Senjuti De Date: Wed, 6 Sep 2023 14:20:12 +0530 Subject: [PATCH 4/4] Updated task description and removed skopeo-copy --- README.md | 53 ---------------------------------------- doc/skopeo-copy.md | 53 ---------------------------------------- {doc => docs}/buildah.md | 6 +++-- 3 files changed, 4 insertions(+), 108 deletions(-) delete mode 100644 README.md delete mode 100644 doc/skopeo-copy.md rename {doc => docs}/buildah.md (92%) diff --git a/README.md b/README.md deleted file mode 100644 index e54d8b9..0000000 --- a/README.md +++ /dev/null @@ -1,53 +0,0 @@ -Containers Tekton Tasks ------------------------ - -# `skopeo-copy` Tekton Task - -The `skopeo-copy` Task is meant to replicate a container image from the `SOURCE` registry to the `DESTINATION` using [Skopeo][containersSkopeo], the Task results contain the SHA256 digests. - -Please, consider the usage example below: - -```yaml ---- -apiVersion: tekton.dev/v1beta1 -kind: TaskRun -metadata: {} -spec: - taskRef: - name: skopeo-copy - params: - - name: SOURCE - value: docker://docker.io/busybox:latest - - name: DESTINATION - value: docker://image-registry.openshift-image-registry.svc:5000/task-containers/busybox:latest -``` - -In case the Container Registry requires authentication, please consider the [Tekton Pipelines documentation][tektonPipelineAuth]. In a nutshell, you need to create a Kubernetes Secret describing the following attributes: - -```bash -kubectl create secret docker-registry imagestreams \ - --docker-server="image-registry.openshift-image-registry.svc:5000" \ - --docker-username="${REGISTRY_USERNAME}" \ - --docker-password="${REGISTRY_TOKEN}" -``` - -Then make sure the Secret is linked with the Service-Account running the `TaskRun`/`PipelineRun`. - -## Params - -| Param | Type | Default | Description | -| :------------ | :------------------------: | :--------------------------- | :------------------------- | -| `SOURCE` | `string` | (required) | Fully qualified source container image name, including tag, to be copied into `DESTINATION` param. | -| `DESTINATION` | `string` | (required) | Fully qualified destination container image name, including tag. | -| `TLS_VERIFY` | `string` | `true` | Sets the TLS verification flags, `true` is recommended. | -| `VERBOSE` | `string` | `false` | Shows a more verbose (debug) output. | - -## Results - -| Result | Description | -| :------------ | :------------------------- | -| `SOURCE_DIGEST` | Source image SHA256 digest. | -| `DESTINATION_DIGEST` | Destination image SHA256 digest. | - -[tektonPipelineAuth]: https://tekton.dev/docs/pipelines/auth/#configuring-docker-authentication-for-docker -[containersSkopeo]: https://github.com/containers/skopeo diff --git a/doc/skopeo-copy.md b/doc/skopeo-copy.md deleted file mode 100644 index 371bba3..0000000 --- a/doc/skopeo-copy.md +++ /dev/null @@ -1,53 +0,0 @@ -Containers Tekton Tasks ------------------------ - -# `skopeo-copy` Tekton Task - -The `skopeo-copy` Task is meant to replicate a container image from the `SOURCE` registry to the `DESTINATION` using [Skopeo][containersSkopeo], the Task results contain the SHA256 digests. - -Please, consider the usage example below: - -```yaml ---- -apiVersion: tekton.dev/v1beta1 -kind: TaskRun -metadata: {} -spec: - taskRef: - name: skopeo-copy - params: - - name: SOURCE - value: docker://docker.io/busybox:latest - - name: DESTINATION - value: docker://image-registry.openshift-image-registry.svc:5000/task-containers/busybox:latest -``` - -In case the Container Registry requires authentication, please consider the [Tekton Pipelines documentation][tektonPipelineAuth]. In a nutshell, you need to create a Kubernetes Secret describing the following attributes: - -```bash -kubectl create secret docker-registry imagestreams \ - --docker-server="image-registry.openshift-image-registry.svc:5000" \ - --docker-username="${REGISTRY_USERNAME}" \ - --docker-password="${REGISTRY_TOKEN}" -``` - -Then make sure the Secret is linked with the Service-Account running the `TaskRun`/`PipelineRun`. - -## Params - -| Param | Type | Default | Description | -| :------------ | :------------------------: | :--------------------------- | :------------------------- | -| `SOURCE` | `string` | (required) | Fully qualified source container image name, including tag, to be copied into `DESTINATION` param. | -| `DESTINATION` | `string` | (required) | Fully qualified destination container image name, including tag. | -| `TLS_VERIFY` | `string` | `true` | Sets the TLS verification flags, `true` is recommended. | -| `VERBOSE` | `string` | `false` | Shows a more verbose (debug) output. | - -## Results - -| Result | Description | -| :------------ | :------------------------- | -| `SOURCE_DIGEST` | Source image SHA256 digest. | -| `DESTINATION_DIGEST` | Destination image SHA256 digest. | - -[tektonPipelineAuth]: https://tekton.dev/docs/pipelines/auth/#configuring-docker-authentication-for-docker -[containersSkopeo]: https://github.com/containers/skopeo \ No newline at end of file diff --git a/doc/buildah.md b/docs/buildah.md similarity index 92% rename from doc/buildah.md rename to docs/buildah.md index cc3248b..1e7cfc7 100644 --- a/doc/buildah.md +++ b/docs/buildah.md @@ -1,9 +1,11 @@ `Buildah` Tekton Task ----------------------- -### The `buildah` Task is meant to build [OCI][OCI] container images without the requirement of container runtime daemon like Docker daemon using [Buildah][containersBuildah], the Task results contain the image name and the SHA256 image digest. +# Abstract -## Usage +The `buildah` Task is meant to build [OCI][OCI] container images without the requirement of container runtime daemon like Docker daemon using [Buildah[containersBuildah], the Task results contain the image name and the SHA256 image digest. + +# Usage Please, consider the usage example below: