diff --git a/docs/pipelineruns.md b/docs/pipelineruns.md index ce81253d185..d33a04b61d3 100644 --- a/docs/pipelineruns.md +++ b/docs/pipelineruns.md @@ -24,6 +24,7 @@ Creation of a `PipelineRun` will trigger the creation of - [Params](#params) - [Service Account](#service-account) - [Service Accounts](#service-accounts) + - [TaskRunSpecs](#task-run-specs) - [Pod Template](#pod-template) - [PersistentVolumeClaims](#persistentvolumeclaims) - [Workspaces](#workspaces) @@ -59,6 +60,7 @@ following fields: there is no timeout. `PipelineRun` shares the same default timeout as `TaskRun`. You can follow the instruction [here](taskruns.md#Configuring-default-timeout) to configure the default timeout, the same way as `TaskRun`. + - [`taskSpec`](#task-spec) - Specifies a list of `PipelineRunTaskSpec` which allows for setting `ServiceAccount` and [pod template](./podtemplates.md) for each task. - [`podTemplate`](#pod-template) - Specifies a [pod template](./podtemplates.md) that will be used as the basis for the `Task` pod. [kubernetes-overview]: @@ -356,3 +358,20 @@ Except as otherwise noted, the content of this page is licensed under the [Creative Commons Attribution 4.0 License](https://creativecommons.org/licenses/by/4.0/), and code samples are licensed under the [Apache 2.0 License](https://www.apache.org/licenses/LICENSE-2.0). + +## Task Run Specs + +Specifies a list of ```ServiceAccount``` ,```PodTemplate``` and ```PipelineTask```. A specified PipelineTask will be run with the configured ```ServiceAccount``` and ```PodTemplate``` overwriting the [`serviceAccountName`](#service-account) and [`podTemplate`](#pod-template) configuration, for example: + +```yaml +spec: + podTemplate: + securityContext: + runAsNonRoot: true + taskRunSpecs: + - taskName: build-task + runAsNonRoot: false + serviceAccountName: sa-for-build +``` + +If used with this ```Pipeline```, test-task will use the pipeline scoped ```podTemplate```(```runAsNonRoot``` set to true) while the ```build-task``` will use the task specific pod template (```runAsNonRoot``` set to false). \ No newline at end of file diff --git a/examples/v1beta1/pipelineruns/pipelinerun-taskrunspecs.yaml b/examples/v1beta1/pipelineruns/pipelinerun-taskrunspecs.yaml new file mode 100644 index 00000000000..f9be9b59a3b --- /dev/null +++ b/examples/v1beta1/pipelineruns/pipelinerun-taskrunspecs.yaml @@ -0,0 +1,263 @@ +--- +apiVersion: tekton.dev/v1alpha1 +kind: PipelineResource +metadata: + name: skaffold-image-leeroy-app +spec: + type: image + params: + - name: url + value: gcr.io/christiewilson-catfactory/leeroy-app +--- +# This demo modifies the cluster (deploys to it) you must use a service +# account with permission to admin the cluster (or make your default user an admin +# of the `default` namespace with default-cluster-admin. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + generateName: default-cluster-admin- +subjects: + - kind: ServiceAccount + name: default + namespace: default +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: tekton.dev/v1alpha1 +kind: PipelineResource +metadata: + name: skaffold-image-leeroy-web-pipelinerun +spec: + type: image + params: + - name: url + value: gcr.io/christiewilson-catfactory/leeroy-web +--- +apiVersion: tekton.dev/v1alpha1 +kind: PipelineResource +metadata: + name: skaffold-git-pipelinerun +spec: + type: git + params: + - name: revision + value: v0.32.0 + - name: url + value: https://github.com/GoogleContainerTools/skaffold +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: unit-tests +spec: + resources: + inputs: + - name: workspace + type: git + targetPath: go/src/github.com/GoogleContainerTools/skaffold + steps: + - name: run-tests + image: golang + env: + - name: GOPATH + value: /workspace/go + workingDir: /workspace/go/src/github.com/GoogleContainerTools/skaffold + command: + - echo + args: + - "pass" +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: build-push +spec: + params: + - name: pathToDockerFile + description: The path to the dockerfile to build + default: /workspace/workspace/Dockerfile + - name: pathToContext + description: The build context used by Kaniko (https://github.com/GoogleContainerTools/kaniko#kaniko-build-contexts) + default: /workspace/workspace + resources: + inputs: + - name: workspace + type: git + outputs: + - name: builtImage + type: image + steps: + - name: build-and-push + image: gcr.io/kaniko-project/executor:v0.17.1 + # specifying DOCKER_CONFIG is required to allow kaniko to detect docker credential + env: + - name: "DOCKER_CONFIG" + value: "/tekton/home/.docker/" + command: + - /kaniko/executor + args: + - --dockerfile=$(params.pathToDockerFile) + - --destination=$(resources.outputs.builtImage.url) + - --context=$(params.pathToContext) +--- +# This task deploys with kubectl apply -f +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: demo-deploy-kubectl +spec: + params: + - name: path + description: Path to the manifest to apply + - name: yqArg + description: Okay this is a hack, but I didn't feel right hard-codeing `-d1` down below + - name: yamlPathToImage + description: The path to the image to replace in the yaml manifest (arg to yq) + resources: + inputs: + - name: workspace + type: git + - name: image + type: image + steps: + - name: replace-image + image: mikefarah/yq + command: ['yq'] + args: + - "w" + - "-i" + - "$(params.yqArg)" + - "$(params.path)" + - "$(params.yamlPathToImage)" + - "$(resources.inputs.image.url)" + - name: run-kubectl + image: lachlanevenson/k8s-kubectl + command: ['kubectl'] + args: + - 'apply' + - '-f' + - '$(params.path)' +--- +# This Pipeline Builds two microservice images(https://github.com/GoogleContainerTools/skaffold/tree/master/examples/microservices) +# from the Skaffold repo (https://github.com/GoogleContainerTools/skaffold) and deploys them to the repo currently running Tekton Pipelines. + +# **Note** : It does this using the k8s `Deployment` in the skaffold repos's existing yaml +# files, so at the moment there is no guarantee that the image that are built and +# pushed are the ones that are deployed (that would require using the digest of +# the built image, see https://github.com/tektoncd/pipeline/issues/216). + +apiVersion: tekton.dev/v1beta1 +kind: Pipeline +metadata: + name: demo-pipeline +spec: + resources: + - name: source-repo + type: git + - name: web-image + type: image + - name: app-image + type: image + tasks: + - name: skaffold-unit-tests + taskRef: + name: unit-tests + resources: + inputs: + - name: workspace + resource: source-repo + - name: build-skaffold-web + runAfter: [skaffold-unit-tests] + taskRef: + name: build-push + params: + - name: pathToDockerFile + value: Dockerfile + - name: pathToContext + value: /workspace/workspace/examples/microservices/leeroy-web + resources: + inputs: + - name: workspace + resource: source-repo + outputs: + - name: builtImage + resource: web-image + - name: build-skaffold-app + runAfter: [skaffold-unit-tests] + taskRef: + name: build-push + params: + - name: pathToDockerFile + value: Dockerfile + - name: pathToContext + value: /workspace/workspace/examples/microservices/leeroy-app + resources: + inputs: + - name: workspace + resource: source-repo + outputs: + - name: builtImage + resource: app-image + - name: deploy-app + taskRef: + name: demo-deploy-kubectl + resources: + inputs: + - name: workspace + resource: source-repo + - name: image + resource: app-image + from: + - build-skaffold-app + params: + - name: path + value: /workspace/workspace/examples/microservices/leeroy-app/kubernetes/deployment.yaml + - name: yqArg + value: "-d1" + - name: yamlPathToImage + value: "spec.template.spec.containers[0].image" + - name: deploy-web + taskRef: + name: demo-deploy-kubectl + resources: + inputs: + - name: workspace + resource: source-repo + - name: image + resource: web-image + from: + - build-skaffold-web + params: + - name: path + value: /workspace/workspace/examples/microservices/leeroy-web/kubernetes/deployment.yaml + - name: yqArg + value: "-d1" + - name: yamlPathToImage + value: "spec.template.spec.containers[0].image" +--- +apiVersion: tekton.dev/v1beta1 +kind: PipelineRun +metadata: + name: demo-pipeline-run-1 +spec: + pipelineRef: + name: demo-pipeline + serviceAccountName: 'default' + taskRunSpecs: + - PipelineTaskName: skaffold-unit-tests + TaskServiceAccountName: "TaskOne" + - PipelineTaskName: build-skaffold-web + TaskServiceAccountName: "TaskTwo" + resources: + - name: source-repo + resourceRef: + name: skaffold-git-pipelinerun + - name: web-image + resourceRef: + name: skaffold-image-leeroy-web-pipelinerun + - name: app-image + resourceRef: + name: skaffold-image-leeroy-app diff --git a/go.mod b/go.mod index e2ba05799fa..bca5bcafaab 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,6 @@ go 1.13 require ( cloud.google.com/go v0.47.0 // indirect - cloud.google.com/go/storage v1.0.0 contrib.go.opencensus.io/exporter/stackdriver v0.12.8 // indirect github.com/GoogleCloudPlatform/cloud-builders/gcs-fetcher v0.0.0-20191203181535-308b93ad1f39 github.com/cloudevents/sdk-go/v2 v2.0.0-preview8 @@ -41,7 +40,6 @@ require ( golang.org/x/time v0.0.0-20191024005414-555d28b269f0 // indirect golang.org/x/tools v0.0.0-20200214144324-88be01311a71 // indirect gomodules.xyz/jsonpatch/v2 v2.1.0 - google.golang.org/api v0.15.0 google.golang.org/appengine v1.6.5 // indirect k8s.io/api v0.17.3 k8s.io/apiextensions-apiserver v0.17.3 // indirect diff --git a/pkg/apis/pipeline/v1alpha1/pipelinerun_types.go b/pkg/apis/pipeline/v1alpha1/pipelinerun_types.go index 7dee51a3461..e468c623f82 100644 --- a/pkg/apis/pipeline/v1alpha1/pipelinerun_types.go +++ b/pkg/apis/pipeline/v1alpha1/pipelinerun_types.go @@ -91,6 +91,9 @@ type PipelineRunSpec struct { // with those declared in the pipeline. // +optional Workspaces []WorkspaceBinding `json:"workspaces,omitempty"` + // TaskRunSpecs holds a set of runtime specs + // +optional + TaskRunSpecs []PipelineTaskRunSpec `json:"taskRunSpecs,omitempty"` } // PipelineRunSpecStatus defines the pipelinerun spec status the user can provide @@ -217,3 +220,26 @@ func (pr *PipelineRun) HasVolumeClaimTemplate() bool { } return false } +// PipelineTaskRunSpec can be used to configure specific +// specs for a concrete Task +type PipelineTaskRunSpec struct { + PipelineTaskName string `json:"taskName,omitempty"` + TaskServiceAccountName string `json:"serviceAccountName,omitempty"` + TaskPodTemplate *PodTemplate `json:"podTemplate,omitempty"` +} + +// GetTaskRunSpecs returns the task specific spec for a given +// PipelineTask if configured, otherwise it returns the PipelineRun's default. +func (pr *PipelineRun) GetTaskRunSpecs(pipelineTaskName string) (string, *PodTemplate) { + // To make it backward compatible, until ServiceAccountNames is dispatched. + // serviceAccountName := pr.Spec.ServiceAccountName + serviceAccountName := pr.GetServiceAccountName(pipelineTaskName) + taskPodTemplate := pr.Spec.PodTemplate + for _, task := range pr.Spec.TaskRunSpecs { + if task.PipelineTaskName == pipelineTaskName { + taskPodTemplate = task.TaskPodTemplate + serviceAccountName = task.TaskServiceAccountName + } + } + return serviceAccountName, taskPodTemplate +} diff --git a/pkg/apis/pipeline/v1alpha1/pipelinerun_types_test.go b/pkg/apis/pipeline/v1alpha1/pipelinerun_types_test.go index 30145d577a3..4509c1cbd1e 100644 --- a/pkg/apis/pipeline/v1alpha1/pipelinerun_types_test.go +++ b/pkg/apis/pipeline/v1alpha1/pipelinerun_types_test.go @@ -281,3 +281,106 @@ func TestPipelineRunGetServiceAccountName(t *testing.T) { } } } + +func TestPipelineRunGetPodSpecSABackcompatibility(t *testing.T) { + for _, tt := range []struct { + name string + pr *v1alpha1.PipelineRun + saNames map[string]string + }{ + { + name: "test backward compatibility", + pr: &v1alpha1.PipelineRun{ + ObjectMeta: metav1.ObjectMeta{Name: "pr"}, + Spec: v1alpha1.PipelineRunSpec{ + PipelineRef: &v1alpha1.PipelineRef{Name: "prs"}, + ServiceAccountName: "defaultSA", + ServiceAccountNames: []v1alpha1.PipelineRunSpecServiceAccountName{{ + TaskName: "taskName", ServiceAccountName: "taskSA", + }}, + TaskRunSpecs: []v1alpha1.PipelineTaskRunSpec{{ + PipelineTaskName: "taskName", + TaskServiceAccountName: "newTaskSA", + }}, + }, + }, + saNames: map[string]string{ + "unknown": "defaultSA", + "taskName": "newTaskSA", + }, + }, + { + name: "mixed default SA backward compatibility", + pr: &v1alpha1.PipelineRun{ + ObjectMeta: metav1.ObjectMeta{Name: "pr"}, + Spec: v1alpha1.PipelineRunSpec{ + PipelineRef: &v1alpha1.PipelineRef{Name: "prs"}, + ServiceAccountName: "defaultSA", + TaskRunSpecs: []v1alpha1.PipelineTaskRunSpec{{ + PipelineTaskName: "taskNameOne", + TaskServiceAccountName: "TaskSAOne", + }, { + PipelineTaskName: "taskNameTwo", + TaskServiceAccountName: "newTaskTwo", + }}, + }, + }, + saNames: map[string]string{ + "unknown": "defaultSA", + "taskNameOne": "TaskSAOne", + "taskNameTwo": "newTaskTwo", + }, + }, + } { + for taskName, expected := range tt.saNames { + sa, _ := tt.pr.GetTaskRunSpecs(taskName) + if expected != sa { + t.Errorf("%s: wrong service account: got: %v, want: %v", tt.name, sa, expected) + } + } + } +} + +func TestPipelineRunGetPodSpec(t *testing.T) { + for _, tt := range []struct { + name string + pr *v1alpha1.PipelineRun + podTemplates map[string][]string + }{ + { + name: "mix default and none default", + pr: &v1alpha1.PipelineRun{ + ObjectMeta: metav1.ObjectMeta{Name: "pr"}, + Spec: v1alpha1.PipelineRunSpec{ + PodTemplate: &v1alpha1.PodTemplate{SchedulerName: "scheduleTest"}, + PipelineRef: &v1alpha1.PipelineRef{Name: "prs"}, + ServiceAccountName: "defaultSA", + TaskRunSpecs: []v1alpha1.PipelineTaskRunSpec{{ + PipelineTaskName: "taskNameOne", + TaskServiceAccountName: "TaskSAOne", + TaskPodTemplate: &v1alpha1.PodTemplate{SchedulerName: "scheduleTestOne"}, + }, { + PipelineTaskName: "taskNameTwo", + TaskServiceAccountName: "newTaskTwo", + TaskPodTemplate: &v1alpha1.PodTemplate{SchedulerName: "scheduleTestTwo"}, + }}, + }, + }, + podTemplates: map[string][]string{ + "unknown": []string{"scheduleTest", "defaultSA"}, + "taskNameOne": []string{"scheduleTestOne", "TaskSAOne"}, + "taskNameTwo": []string{"scheduleTestTwo", "newTaskTwo"}, + }, + }, + } { + for taskName, values := range tt.podTemplates { + sa, taskPodTemplate := tt.pr.GetTaskRunSpecs(taskName) + if values[0] != taskPodTemplate.SchedulerName { + t.Errorf("%s: wrong task podtemplate scheduler name: got: %v, want: %v", tt.name, taskPodTemplate.SchedulerName, values[0]) + } + if values[1] != sa { + t.Errorf("%s: wrong service account: got: %v, want: %v", tt.name, sa, values[1]) + } + } + } +} diff --git a/pkg/apis/pipeline/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/pipeline/v1alpha1/zz_generated.deepcopy.go index 0b3fe44bc8b..881a01da0e7 100644 --- a/pkg/apis/pipeline/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/pipeline/v1alpha1/zz_generated.deepcopy.go @@ -426,6 +426,13 @@ func (in *PipelineRunSpec) DeepCopyInto(out *PipelineRunSpec) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.TaskRunSpecs != nil { + in, out := &in.TaskRunSpecs, &out.TaskRunSpecs + *out = make([]PipelineTaskRunSpec, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } return } @@ -582,6 +589,27 @@ func (in PipelineTaskList) DeepCopy() PipelineTaskList { return *out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PipelineTaskRunSpec) DeepCopyInto(out *PipelineTaskRunSpec) { + *out = *in + if in.TaskPodTemplate != nil { + in, out := &in.TaskPodTemplate, &out.TaskPodTemplate + *out = new(pod.Template) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PipelineTaskRunSpec. +func (in *PipelineTaskRunSpec) DeepCopy() *PipelineTaskRunSpec { + if in == nil { + return nil + } + out := new(PipelineTaskRunSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Task) DeepCopyInto(out *Task) { *out = *in diff --git a/pkg/apis/pipeline/v1beta1/pipelinerun_types.go b/pkg/apis/pipeline/v1beta1/pipelinerun_types.go index 62c03d32758..922e8666001 100644 --- a/pkg/apis/pipeline/v1beta1/pipelinerun_types.go +++ b/pkg/apis/pipeline/v1beta1/pipelinerun_types.go @@ -168,6 +168,9 @@ type PipelineRunSpec struct { // with those declared in the pipeline. // +optional Workspaces []WorkspaceBinding `json:"workspaces,omitempty"` + // TaskRunSpecs holds a set of runtime specs + // +optional + TaskRunSpecs []PipelineTaskRunSpec `json:"taskRunSpecs,omitempty"` } // PipelineRunSpecStatus defines the pipelinerun spec status the user can provide @@ -310,3 +313,27 @@ type PipelineRunList struct { type PipelineTaskRun struct { Name string `json:"name,omitempty"` } + +// PipelineTaskRunSpec can be used to configure specific +// specs for a concrete Task +type PipelineTaskRunSpec struct { + PipelineTaskName string `json:"taskName,omitempty"` + TaskServiceAccountName string `json:"serviceAccountName,omitempty"` + TaskPodTemplate *PodTemplate `json:"podTemplate,omitempty"` +} + +// GetTaskRunSpecs returns the task specific spec for a given +// PipelineTask if configured, otherwise it returns the PipelineRun's default. +func (pr *PipelineRun) GetTaskRunSpecs(pipelineTaskName string) (string, *PodTemplate) { + // To make it backward compatible, until ServiceAccountNames is dispatched. + // serviceAccountName := pr.Spec.ServiceAccountName + serviceAccountName := pr.GetServiceAccountName(pipelineTaskName) + taskPodTemplate := pr.Spec.PodTemplate + for _, task := range pr.Spec.TaskRunSpecs { + if task.PipelineTaskName == pipelineTaskName { + taskPodTemplate = task.TaskPodTemplate + serviceAccountName = task.TaskServiceAccountName + } + } + return serviceAccountName, taskPodTemplate +} diff --git a/pkg/apis/pipeline/v1beta1/pipelinerun_types_test.go b/pkg/apis/pipeline/v1beta1/pipelinerun_types_test.go index a060d4e8535..0ce429118dd 100644 --- a/pkg/apis/pipeline/v1beta1/pipelinerun_types_test.go +++ b/pkg/apis/pipeline/v1beta1/pipelinerun_types_test.go @@ -294,3 +294,106 @@ func TestPipelineRunGetServiceAccountName(t *testing.T) { } } } + +func TestPipelineRunGetPodSpecSABackcompatibility(t *testing.T) { + for _, tt := range []struct { + name string + pr *v1beta1.PipelineRun + saNames map[string]string + }{ + { + name: "test backward compatibility", + pr: &v1beta1.PipelineRun{ + ObjectMeta: metav1.ObjectMeta{Name: "pr"}, + Spec: v1beta1.PipelineRunSpec{ + PipelineRef: &v1beta1.PipelineRef{Name: "prs"}, + ServiceAccountName: "defaultSA", + ServiceAccountNames: []v1beta1.PipelineRunSpecServiceAccountName{{ + TaskName: "taskName", ServiceAccountName: "taskSA", + }}, + TaskRunSpecs: []v1beta1.PipelineTaskRunSpec{{ + PipelineTaskName: "taskName", + TaskServiceAccountName: "newTaskSA", + }}, + }, + }, + saNames: map[string]string{ + "unknown": "defaultSA", + "taskName": "newTaskSA", + }, + }, + { + name: "mixed default SA backward compatibility", + pr: &v1beta1.PipelineRun{ + ObjectMeta: metav1.ObjectMeta{Name: "pr"}, + Spec: v1beta1.PipelineRunSpec{ + PipelineRef: &v1beta1.PipelineRef{Name: "prs"}, + ServiceAccountName: "defaultSA", + TaskRunSpecs: []v1beta1.PipelineTaskRunSpec{{ + PipelineTaskName: "taskNameOne", + TaskServiceAccountName: "TaskSAOne", + }, { + PipelineTaskName: "taskNameTwo", + TaskServiceAccountName: "newTaskTwo", + }}, + }, + }, + saNames: map[string]string{ + "unknown": "defaultSA", + "taskNameOne": "TaskSAOne", + "taskNameTwo": "newTaskTwo", + }, + }, + } { + for taskName, expected := range tt.saNames { + sa, _ := tt.pr.GetTaskRunSpecs(taskName) + if expected != sa { + t.Errorf("%s: wrong service account: got: %v, want: %v", tt.name, sa, expected) + } + } + } +} + +func TestPipelineRunGetPodSpec(t *testing.T) { + for _, tt := range []struct { + name string + pr *v1beta1.PipelineRun + podTemplates map[string][]string + }{ + { + name: "mix default and none default", + pr: &v1beta1.PipelineRun{ + ObjectMeta: metav1.ObjectMeta{Name: "pr"}, + Spec: v1beta1.PipelineRunSpec{ + PodTemplate: &v1beta1.PodTemplate{SchedulerName: "scheduleTest"}, + PipelineRef: &v1beta1.PipelineRef{Name: "prs"}, + ServiceAccountName: "defaultSA", + TaskRunSpecs: []v1beta1.PipelineTaskRunSpec{{ + PipelineTaskName: "taskNameOne", + TaskServiceAccountName: "TaskSAOne", + TaskPodTemplate: &v1beta1.PodTemplate{SchedulerName: "scheduleTestOne"}, + }, { + PipelineTaskName: "taskNameTwo", + TaskServiceAccountName: "newTaskTwo", + TaskPodTemplate: &v1beta1.PodTemplate{SchedulerName: "scheduleTestTwo"}, + }}, + }, + }, + podTemplates: map[string][]string{ + "unknown": []string{"scheduleTest", "defaultSA"}, + "taskNameOne": []string{"scheduleTestOne", "TaskSAOne"}, + "taskNameTwo": []string{"scheduleTestTwo", "newTaskTwo"}, + }, + }, + } { + for taskName, values := range tt.podTemplates { + sa, taskPodTemplate := tt.pr.GetTaskRunSpecs(taskName) + if values[0] != taskPodTemplate.SchedulerName { + t.Errorf("%s: wrong task podtemplate scheduler name: got: %v, want: %v", tt.name, taskPodTemplate.SchedulerName, values[0]) + } + if values[1] != sa { + t.Errorf("%s: wrong service account: got: %v, want: %v", tt.name, sa, values[1]) + } + } + } +} diff --git a/pkg/apis/pipeline/v1beta1/zz_generated.deepcopy.go b/pkg/apis/pipeline/v1beta1/zz_generated.deepcopy.go index 1d53fb0f78e..52d39888109 100644 --- a/pkg/apis/pipeline/v1beta1/zz_generated.deepcopy.go +++ b/pkg/apis/pipeline/v1beta1/zz_generated.deepcopy.go @@ -594,6 +594,13 @@ func (in *PipelineRunSpec) DeepCopyInto(out *PipelineRunSpec) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.TaskRunSpecs != nil { + in, out := &in.TaskRunSpecs, &out.TaskRunSpecs + *out = make([]PipelineTaskRunSpec, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } return } @@ -975,6 +982,27 @@ func (in *PipelineTaskRun) DeepCopy() *PipelineTaskRun { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PipelineTaskRunSpec) DeepCopyInto(out *PipelineTaskRunSpec) { + *out = *in + if in.TaskPodTemplate != nil { + in, out := &in.TaskPodTemplate, &out.TaskPodTemplate + *out = new(pod.Template) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PipelineTaskRunSpec. +func (in *PipelineTaskRunSpec) DeepCopy() *PipelineTaskRunSpec { + if in == nil { + return nil + } + out := new(PipelineTaskRunSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ResultRef) DeepCopyInto(out *ResultRef) { *out = *in diff --git a/pkg/reconciler/pipelinerun/pipelinerun.go b/pkg/reconciler/pipelinerun/pipelinerun.go index eaae85c631a..8e8c732608f 100644 --- a/pkg/reconciler/pipelinerun/pipelinerun.go +++ b/pkg/reconciler/pipelinerun/pipelinerun.go @@ -882,7 +882,7 @@ func (c *Reconciler) makeConditionCheckContainer(rprt *resources.ResolvedPipelin if err != nil { return nil, fmt.Errorf("failed to get TaskSpec from Condition: %w", err) } - + serviceAccountName, podtemplate := pr.GetTaskRunSpecs(rprt.PipelineTask.Name) tr := &v1alpha1.TaskRun{ ObjectMeta: metav1.ObjectMeta{ Name: rcc.ConditionCheckName, @@ -893,13 +893,13 @@ func (c *Reconciler) makeConditionCheckContainer(rprt *resources.ResolvedPipelin }, Spec: v1alpha1.TaskRunSpec{ TaskSpec: taskSpec, - ServiceAccountName: pr.GetServiceAccountName(rprt.PipelineTask.Name), + ServiceAccountName: serviceAccountName, Params: rcc.PipelineTaskCondition.Params, Resources: &v1beta1.TaskRunResources{ Inputs: rcc.ToTaskResourceBindings(), }, Timeout: getTaskRunTimeout(pr, rprt), - PodTemplate: pr.Spec.PodTemplate, + PodTemplate: podtemplate, }} cctr, err := c.PipelineClientSet.TektonV1alpha1().TaskRuns(pr.Namespace).Create(tr)