-
Notifications
You must be signed in to change notification settings - Fork 81
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Do buildah push to quay directly in pipeline
We had some failures on quay when using their automatic webhook and imges wasnt pushed properly for 20 days. Let's now do this on pipeline so when it fails we know it fails Fixes issue #113 Signed-off-by: Chmouel Boudjnah <[email protected]>
- Loading branch information
Showing
3 changed files
with
111 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,88 @@ | ||
--- | ||
apiVersion: tekton.dev/v1beta1 | ||
kind: Task | ||
metadata: | ||
name: buildah-user | ||
labels: | ||
app.kubernetes.io/version: "0.4" | ||
annotations: | ||
tekton.dev/categories: Image Build | ||
tekton.dev/pipelines.minVersion: "0.17.0" | ||
tekton.dev/tags: image-build | ||
tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" | ||
spec: | ||
description: >- | ||
Buildah task builds source into a container image and | ||
then pushes it to a container registry. | ||
Buildah Task builds source into a container image using Project Atomic's | ||
Buildah build tool.It uses Buildah's support for building from Dockerfiles, | ||
using its buildah bud command.This command executes the directives in the | ||
Dockerfile to assemble a container image, then pushes that image to a | ||
container registry. | ||
params: | ||
- name: IMAGE | ||
description: Reference of the image buildah will produce. | ||
- name: BUILDER_IMAGE | ||
description: The location of the buildah builder image. | ||
default: "registry.access.redhat.com/ubi8/buildah:8.5-8" | ||
- name: STORAGE_DRIVER | ||
description: Set buildah storage driver | ||
default: vfs | ||
- name: DOCKERFILE | ||
description: Path to the Dockerfile to build. | ||
default: ./Dockerfile | ||
- name: CONTEXT | ||
description: Path to the directory to use as context. | ||
default: . | ||
- name: TLSVERIFY | ||
description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) | ||
default: "true" | ||
- name: FORMAT | ||
description: The format of the built container, oci or docker | ||
default: "oci" | ||
- name: BUILD_EXTRA_ARGS | ||
description: Extra parameters passed for the build command when building images. | ||
default: "" | ||
- name: PUSH_EXTRA_ARGS | ||
description: Extra parameters passed for the push command when pushing images. | ||
type: string | ||
default: "" | ||
- name: SKIP_PUSH | ||
description: Skip pushing the built image | ||
default: "false" | ||
workspaces: | ||
- name: source | ||
- name: sslcertdir | ||
optional: true | ||
- name: imagecache | ||
optional: true | ||
results: | ||
- name: IMAGE_DIGEST | ||
description: Digest of the image just built. | ||
steps: | ||
- name: build | ||
image: $(params.BUILDER_IMAGE) | ||
workingDir: $(workspaces.source.path) | ||
script: | | ||
echo "Running as USER ID `id`" | ||
[[ "$(workspaces.sslcertdir.bound)" == "true" ]] && CERT_DIR_FLAG="--cert-dir $(workspaces.sslcertdir.path)" | ||
buildah ${CERT_DIR_FLAG} --storage-driver=$(params.STORAGE_DRIVER) bud \ | ||
$(params.BUILD_EXTRA_ARGS) --format=$(params.FORMAT) \ | ||
--tls-verify=$(params.TLSVERIFY) --no-cache \ | ||
-f $(params.DOCKERFILE) -t $(params.IMAGE) $(params.CONTEXT) | ||
[[ "$(params.SKIP_PUSH)" == "true" ]] && echo "Push skipped" && exit 0 | ||
[[ "$(workspaces.sslcertdir.bound)" == "true" ]] && CERT_DIR_FLAG="--cert-dir $(workspaces.sslcertdir.path)" | ||
buildah ${CERT_DIR_FLAG} --storage-driver=$(params.STORAGE_DRIVER) push \ | ||
$(params.PUSH_EXTRA_ARGS) --tls-verify=$(params.TLSVERIFY) \ | ||
--digestfile $(workspaces.source.path)/image-digest $(params.IMAGE) \ | ||
docker://$(params.IMAGE) | ||
securityContext: | ||
runAsUser: 1000 | ||
|
||
- name: digest-to-results | ||
image: $(params.BUILDER_IMAGE) | ||
script: cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST |