Tekton 克隆 git仓库
介绍如何使用 Tektonhub 官方 git-clone task 克隆 github 上的源码到本地。
git-clone task yaml文件下载地址:https://hub.tekton.dev/tekton/task/git-clone
查看git-clone task yaml内容:
点击Install,选择一种方式创建 task
这里使用kubectl命令创建官方git-clone task
kubectl apply -f \
https://raw.githubusercontent.com/tektoncd/catalog/main/task/git-clone/0.9/git-clone.yaml
查看创建的task
$ kubectl get task
NAME AGE
git-clone 4h32m
git-clone task创建后,可以通过taskRun或pipelineRun进行调用。
非认证方式克隆
公开仓库无需配置认证即可直接克隆,这里以克隆 tekton pipeline 官方仓库为例。
创建一个简单的 taskRun 调用 git-clone task 来执行克隆任务,并向git-clone task传递一些自定义参数:
$ cat git-clone-taskrun.yaml
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
generateName: git-clone-taskrun-
spec:
taskRef:
name: git-clone
podTemplate:
hostNetwork: true
workspaces:
- name: output
emptyDir: {}
params:
- name: url
value: https://github.com/tektoncd/pipeline.git
- name: revision
value: main
- name: subdirectory
value: pipeline
- name: httpProxy
value: http://192.168.72.1:7890/
- name: httpsProxy
value: http://192.168.72.1:7890/
- name: deleteExisting
value: "true"
- name: gitInitImage
#value: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:latest
value: dyrnq/tektoncd-pipeline-cmd-git-init:latest
所有的参数都是在git-clone task中已经预定义的,这里只需传参即可,参数说明:
- workspaces:必选,为克隆的代码指定一个卷,这里作为演示,使用
emptyDir类型的卷 - url:指定克隆的git仓库地址
- revision:指定克隆的git仓库分支
- httpProxy:克隆github很有可能由于众所周知的原因失败,这里使用本地代理,可选
- subdirectory:配置代码克隆到指定子目录下
- gitInitImage:指定执行克隆任务的docker镜像,由于官方镜像无法访问,可以在dockerhub搜索可用镜像
应用yaml文件
kubectl create -f git-clone-taskrun.yaml
登录tekton dashboard 确认 taskRun 任务成功,说明已经成功克隆远程仓库到本地:
basic-auth 认证方式克隆
前置要求:
- 已准备远程私有 GitHub 仓库
- 用于访问远程存储库的 GitHub 个人访问令牌 (PAT)。
以basic-auth认证方式为例,注意该pipeline依然调用官方git-clone task执行克隆任务。
1. 创建secret和serviceaccount账号
设置创建 github-pat-secret 时使用的所需环境变量
export GITHUB_USERNAME='<your github.com username>'
export TEKTON_GITHUB_PAT='<your github.com username personal accesstoken>'
创建可以保存您的 GitHub.com 凭据的 Kubernetes secret:
cat >git-clone-sa.yaml<<EOF
apiVersion: v1
kind: Secret
metadata:
name: basic-user-pass
annotations:
tekton.dev/git-0: https://github.com
type: kubernetes.io/basic-auth
stringData:
username: $GITHUB_USERNAME
password: $TEKTON_GITHUB_PAT
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: github-bot
secrets:
- name: basic-user-pass
EOF
应用yaml文件
kubectl apply -f git-clone-sa.yaml
2. 创建Pipeline和PipelineRun
官方参考:
https://github.com/tektoncd/catalog/blob/main/task/git-clone/0.9/samples/git-clone-checking-out-a-branch.yaml
创建 git 克隆Pipeline和PipelineRun,该管道将从私有 GitHub 存储库克隆并查看代码中README文件内容:
$ cat git-clone-pipelinerun.yaml
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: cat-branch-readme
spec:
params:
- name: repo-url
type: string
description: The git repository URL to clone from.
- name: branch-name
type: string
description: The git branch to clone.
- name: httpProxy
type: string
description: The httpProxy params.
- name: httpsProxy
type: string
description: The httpsProxy params.
- name: gitInitImage
type: string
description: The gitInitImage params.
workspaces:
- name: shared-data
tasks:
- name: fetch-repo
taskRef:
name: git-clone
workspaces:
- name: output
workspace: shared-data
params:
- name: url
value: $(params.repo-url)
- name: revision
value: $(params.branch-name)
- name: httpProxy
value: $(params.httpProxy)
- name: httpsProxy
value: $(params.httpsProxy)
- name: gitInitImage
value: $(params.gitInitImage)
- name: cat-readme
runAfter: ["fetch-repo"]
workspaces:
- name: source
workspace: shared-data
taskSpec:
workspaces:
- name: source
steps:
- image: zshusers/zsh:4.3.15
script: |
#!/usr/bin/env zsh
cat $(workspaces.source.path)/README.md
---
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: git-clone-checking-out-a-branch-
spec:
serviceAccountName: github-bot
pipelineRef:
name: cat-branch-readme
podTemplate:
securityContext:
fsGroup: 65532
workspaces:
- name: shared-data
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
params:
- name: repo-url
value: https://github.com/willzhang/test.git
- name: branch-name
value: main
- name: httpProxy
value: http://192.168.72.1:7890/
- name: httpsProxy
value: http://192.168.72.1:7890/
- name: gitInitImage
value: registry.cn-shenzhen.aliyuncs.com/cnmirror/git-init:latest
参数说明:
- workspaces:必选,
PipelineRun中定义了volumeClaimTemplate类型的workspaces,能够动态申请所需的持久卷,使用kubectl get storageclass命令,确认k8s集群有默认可用的storageclass资源可用,本示例输出为openebs-hostpath (default) - serviceAccountName:必选,注意
PipelineRun中定义了serviceAccountName: github-bot参数,用于执行任务 - url:指定克隆的私有github仓库地址
- revision:指定克隆的git仓库分支
- gitInitImage:指定执行克隆任务的docker镜像,由于官方镜像无法访问,可以在dockerhub搜索可用镜像
应用yaml文件
kubectl create -f git-clone-pipelinerun.yaml
登录dashbord确认克隆任务是否成功
ssh-auth认证方式
1. 创建secret和serviceaccount账号
任意一台linux机器,生成 SSH 密钥对
ssh-keygen -t rsa -b 4096 -f id_rsa -q -N ""
将公钥id_rsa.pub上传至github
root@kube001:~# cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCXygldZ3tt0ovNLk44pQlJkFzglT71sAh2OcjfpbbloLtQ7JlPwakzW0jBqsK/dOIuqLmMm176diQauX32JrGL8BcOEj0Mp5OGWIwB+lmpMVqd2UMVaPhsfu0q4hmXYUdFiqm2MB68sUJ1/P5FsFYb6N1ZJ/Gi4oXwL9F6BTEzE0eDE6PVHwQRp+2NM7zBkHVx1XJCOzfX4+Xzu93xMid/Zp5Lfsafxx89PDznk6fUtqd53TjoMpxxxxxxx5SLAPVbE0lh8SzHEGXbNGzmQeN2waWLUAw6VaXhgDPApFZ2Id43Ug3+v9dEY79mvK4DZm81Kzsqb7bffWLB5uPr3P5r9bkh8rcajmkd44QU642XFmuGWiQ4MMz0SMerjLEoKn8kEBY6C17qPEcb4kpBWF3hLfGI2XYnxhtvjDSuYbzIvsGzG/lW4AdHyEQcjm4YyVTLPfvwO9mQeZqdsxdYHOrxkjEgGwpVFbe5cRt/1b0IZrBDAfX5+cZsViHWVmtdisbbPkTSQTngBphIhTp1LIVvDNmgYYGQ2I/jlwSHfSLuGi0pbgIdbV8RKmipmAkTNj/4aTLOnqnYyCc7BMTEJZzeIiFu1tkjZULlhwnILTpsYaQe9NDKEHl1Q== root@kube001
配置示例:https://github.com/settings/keys
获取私钥内容,复制到Secret中ssh-privatekey字段。
root@kube001:~# cat /root/.ssh/id_rsa
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn
NhAAAAAwEAAQAAAgEAl8oJXWd7bdKLzS5OOKUJSZBc4JU+9bAIdjnI36W25aC7UOyZT8Gp
M1tIwarCv3TiLqi5jJte+nYkGrl99iaxi/AXDhI9DKeThliMAfpZqTFandlDFWj4bH7tKu
IZl2FHRYqptjAevLFCdfz+RbBWG+jdWSfxouKF8C/RegUxMxNHgxOj1R8EEaftjTO8wZB1
cdVyQjs31+Pl87vd8TInf2aeS3wrxzSSr40OwuxUeFIKwLQgoMdjmHnXzznThxcE0DdPPT
w855On1Laned046DKUDMMnpDSYgZuZ2WQFgV0zf96+UiwD1WxNJYfEsxxBl2zRs5kHjdsG
li1AMOlWl4YAzwKRWdiHeN1IN/r/XRGO/ZryuA2ZvNSs7Km+2331iwebj69z+a/W5IfK3G
o5pHeOEFOuNlxZrhlokODDM9EjHq4yxKCp/JBAWOgte6jxHG+JKQVhd4S3xiNl2J8Ybb4w
0rmG8yL7Bsdfxxx5uGMlUyz378DvxxxxxasfsafsfxxxWBzqsdfwxIBsKVRW3uXEbf9W9C
GawQwH1+fnGbFYh1lZrXYrG2z5E0kE54AaYSIU6dSyFbwzZoGGBkNiP45cEh30i7hotKW4
CHW1fESpoqZgJEzY/+Gkyzp6p2MgnOwTExCWc3iIhbtbZI2VC5YcJyC06bGGkHvTQyhB5d
UAAAdIcAUlZ3AFJWcAAAAHc3NoLXJzYQAAAgEAl8oJXWd7bdKLzS5OOKUJSZBc4JU+9bAI
djnI36W25aC7UOyZT8GpM1tIwarCv3TiLqi5jJte+nYkGrl99iaxi/AXDhI9DKeThliMAf
pZqTFandlDFWj4bH7tKuIZl2FHRYqptjAevLFCdfz+RbBWG+jdWSfxouKF8C/RegUxMxNH
gxOj1R8EEaftjTO8wZB1cdVyQjs31+Pl87vd8TInf2aeS3wrxzSSr40OwuxUeFIKwLQgoM
djmHnXzznThxcE0DdPPTw855On1Laned046DKUDMMnpDSYgZuZ2WQFgV0zf96+UiwD1WxN
JYfEsxxBl2zRs5kHjdsGli1AMOlWl4YAzwKRWdiHeN1IN/r/XRGO/ZryuA2ZvNSs7Km+23
31iwebj69z+a/W5IfK3Go5pHeOEFOuNlxZrhlokODDM9EjHq4yxKCp/JBAWOgte6jxHG+J
KQVhd4S3xiNl2J8Ybb4w0rmG8yL7Bsxv5VuAHR8hEHI5uGMlUyz378DvZkHmanbMXWBzq8
ZIxIBsKVRW3uXEbf9W9CGawQwH1+fnGbFYh1lZrXYrG2z5E0kE54AaYSIU6dSyFbwzZoGG
BkNiP45cEh30i7hotKW4CHW1fESpoqZgJEzY/+Gkyzp6p2MgnOwTExCWc3iIhbtbZI2VC5
YcJyC06bGGkHvTQyhB5dUAAAADAQABAAACABisDdahVeY1dWTd9Hfvl3FeJkKY77lmqhFx
dg2oNXDgreHK+2aD33lKCqr0EyCkookcAsDwlkEWx+qSIP/MLUrGNTEj1MmESY3qQaOmqk
E+lPCYWneV7t9PyEQSqT86YCfVEJ3c93oLQ/bCrx/ruCtkL+pofDXSJRwz4ZQ4WNVo+lQ7
coNXPcWS6qFrefBqhzSAEcjjMEIGuJ9j94DXeqUSLIOvhLwl9vvS7UXQvTArgbTt8mm/zx
f/Ig18ZD4Oh0lC3D3jVzD7BqokIFfGFhRj+D2U0RI3PFzAyoKT5/Mtj4vmzD+2CM99gZKq
nVXRr3WqCfHr21b69XielVL98oWBZO421N45QOaL0gdnr0458x9sujKEbqogj2dvew9R6p
YrcrFC4a6Xbi+WIeLwqTIZhNInXvT7eqDAPnjejutD2P2RwYUMSuAGAlmL2Vphwg03sSGa
kf2UXTLIZzSIwzU4AOSaS3puxT2jKAWPeoGE7+wykb2ZxlMMLyRGdr6W+C0E0KESE7az7S
ZfO6Fkv4UR4/sXb4U8pr7rtWFw9vfyzXUpruNyMNwFitzT6YFwmewHCmIu9kiiWBx92oy7
Xg61v3GelHYhqMIsVmLnem0SKbjVyO6OrIIY7phsK/9c5dHM60KtQgD2xPUt1qy0biezYQ
EaCPiAjBeUd+oH1IJnAAABAHkNdRkkzMMNwlJL/JprD8HR296BzSfQ0TOoVin7csdBoQIA
Z/+ZeTR4JtuAGWuZlDr7coyuTb7a9HzDW75C9Ldt1nnT1eSrN+CymA3GGHoz3gkn3lmc2F
wJowOYg0GZMO4ynG2pltzeC9Ktzn+j+RascJ8VXarknB4xfyggqRvi/oyr5/Q6SzXxLy2V
0lQDXvgjTL8Vug39GGLDYgLT5K7fxM6Tzyh7CJjYOJPm1MATR635xhaYuQxscR7/+1nIBg
2sUk9LFoVI/DRiKvWaPWazNPQG0ylHbZY1gcDB8xBzWOSGt9A7K/ypXKnnlWy9NGXnMG+V
Zir05NNs2nzGvrUAAAEBALrEooyYqrXZtksRhMoGQBUoKg3V7z4FceGVLhwe0zuP18KLA3
6IPHkSwuP5radGpaB4qXGj/X5lZIwo1FaVy8mYfhh2rApvhbedo3i+e+ngWwP1kNSETlor
l3a3Oy3onowTW08YuRGcBtGTv4Hwj0LoRvt+Ts4cx8GNV/dZFWnNVJEvCR9BvVoeiATHA3
0igzO6c69/+K5RRumifMg4xmg5YOvuW8RnCZ7vUmBhKSEFRW3e/6u2UftHgEhQ2tAS+AeH
RnJdY3AWGL3eXd5UzDYEt5DQBnTOHVUlM7bOH3o2GhW814Tha7SdS4EYUNY/4tTml5N+r3
aDVw0IJuOxAF8AAAEBANAOE+4RpubP8DDAG+rRoYQNrtiYAI/Rdu9CR+wkjI4+hrOmnCJu
VEae24TmlNLtWo2GGG0ZE8+zXx+cKRdYj1baS4rDFP+iW9AnxaoAdWp8mW/xJMXSz7wjZk
5VRA5ivtZDLpgyicBwf1PYqHOIGrNedCmmtHDzhV0ERyt7D/Prql3IWVgvz09RdhD3pXcO
DkE4TLs5RMSA2Erh6OddRIwsSM07tXLwalQpuyuoGNMyK/ZidugfQesIEZPwb7cPi35eSQ
5lT2EpjfPsxBSWisUA3U1AIVBhejpK58ZHw6TH/AZEXNFGdENKNwAMV+FR3Rn3V7NTH/y7
SzPzjmCldksAAAAMcm9vdEBrdWJlMDAxAQIDBAUGBw==
-----END OPENSSH PRIVATE KEY-----
创建secret和serviceaccount
$ cat git-clone-sa.yaml
apiVersion: v1
kind: Secret
metadata:
name: ssh-key
annotations:
tekton.dev/git-0: github.com
type: kubernetes.io/ssh-auth
stringData:
ssh-privatekey: |
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn
NhAAAAAwEAAQAAAgEAl8oJXWd7bdKLzS5OOKUJSZBc4JU+9bAIdjnI36W25aC7UOyZT8Gp
M1tIwarCv3TiLqi5jJte+nYkGrl99iaxi/AXDhI9DKeThliMAfpZqTFandlDFWj4bH7tKu
IZl2FHRYqptjAevLFCdfz+RbBWG+jdWSfxouKF8C/RegUxMxNHgxOj1R8EEaftjTO8wZB1
cdVyQjs31+Pl87vd8TInf2aeS3wrxzSSr40OwuxUeFIKwLQgoMdjmHnXzznThxcE0DdPPT
w855On1Laned046DKUDMMnpDSYgZuZ2WQFgV0zf96+UiwD1WxNJYfEsxxBl2zRs5kHjdsG
li1AMOlWl4YAzwKRWdiHeN1IN/r/XRGO/ZryuA2ZvNSs7Km+2331iwebj69z+a/W5IfK3G
o5pHeOEFOuNlxZrhlokODDM9EjHq4yxKCp/JBAWOgte6jxHG+JKQVhd4S3xiNl2J8Ybb4w
0rmG8yL7Bsdfxxx5uGMlUyz378DvxxxxxasfsafsfxxxWBzqsdfwxIBsKVRW3uXEbf9W9C
GawQwH1+fnGbFYh1lZrXYrG2z5E0kE54AaYSIU6dSyFbwzZoGGBkNiP45cEh30i7hotKW4
CHW1fESpoqZgJEzY/+Gkyzp6p2MgnOwTExCWc3iIhbtbZI2VC5YcJyC06bGGkHvTQyhB5d
UAAAdIcAUlZ3AFJWcAAAAHc3NoLXJzYQAAAgEAl8oJXWd7bdKLzS5OOKUJSZBc4JU+9bAI
djnI36W25aC7UOyZT8GpM1tIwarCv3TiLqi5jJte+nYkGrl99iaxi/AXDhI9DKeThliMAf
pZqTFandlDFWj4bH7tKuIZl2FHRYqptjAevLFCdfz+RbBWG+jdWSfxouKF8C/RegUxMxNH
gxOj1R8EEaftjTO8wZB1cdVyQjs31+Pl87vd8TInf2aeS3wrxzSSr40OwuxUeFIKwLQgoM
djmHnXzznThxcE0DdPPTw855On1Laned046DKUDMMnpDSYgZuZ2WQFgV0zf96+UiwD1WxN
JYfEsxxBl2zRs5kHjdsGli1AMOlWl4YAzwKRWdiHeN1IN/r/XRGO/ZryuA2ZvNSs7Km+23
31iwebj69z+a/W5IfK3Go5pHeOEFOuNlxZrhlokODDM9EjHq4yxKCp/JBAWOgte6jxHG+J
KQVhd4S3xiNl2J8Ybb4w0rmG8yL7Bsxv5VuAHR8hEHI5uGMlUyz378DvZkHmanbMXWBzq8
ZIxIBsKVRW3uXEbf9W9CGawQwH1+fnGbFYh1lZrXYrG2z5E0kE54AaYSIU6dSyFbwzZoGG
BkNiP45cEh30i7hotKW4CHW1fESpoqZgJEzY/+Gkyzp6p2MgnOwTExCWc3iIhbtbZI2VC5
YcJyC06bGGkHvTQyhB5dUAAAADAQABAAACABisDdahVeY1dWTd9Hfvl3FeJkKY77lmqhFx
dg2oNXDgreHK+2aD33lKCqr0EyCkookcAsDwlkEWx+qSIP/MLUrGNTEj1MmESY3qQaOmqk
E+lPCYWneV7t9PyEQSqT86YCfVEJ3c93oLQ/bCrx/ruCtkL+pofDXSJRwz4ZQ4WNVo+lQ7
coNXPcWS6qFrefBqhzSAEcjjMEIGuJ9j94DXeqUSLIOvhLwl9vvS7UXQvTArgbTt8mm/zx
f/Ig18ZD4Oh0lC3D3jVzD7BqokIFfGFhRj+D2U0RI3PFzAyoKT5/Mtj4vmzD+2CM99gZKq
nVXRr3WqCfHr21b69XielVL98oWBZO421N45QOaL0gdnr0458x9sujKEbqogj2dvew9R6p
YrcrFC4a6Xbi+WIeLwqTIZhNInXvT7eqDAPnjejutD2P2RwYUMSuAGAlmL2Vphwg03sSGa
kf2UXTLIZzSIwzU4AOSaS3puxT2jKAWPeoGE7+wykb2ZxlMMLyRGdr6W+C0E0KESE7az7S
ZfO6Fkv4UR4/sXb4U8pr7rtWFw9vfyzXUpruNyMNwFitzT6YFwmewHCmIu9kiiWBx92oy7
Xg61v3GelHYhqMIsVmLnem0SKbjVyO6OrIIY7phsK/9c5dHM60KtQgD2xPUt1qy0biezYQ
EaCPiAjBeUd+oH1IJnAAABAHkNdRkkzMMNwlJL/JprD8HR296BzSfQ0TOoVin7csdBoQIA
Z/+ZeTR4JtuAGWuZlDr7coyuTb7a9HzDW75C9Ldt1nnT1eSrN+CymA3GGHoz3gkn3lmc2F
wJowOYg0GZMO4ynG2pltzeC9Ktzn+j+RascJ8VXarknB4xfyggqRvi/oyr5/Q6SzXxLy2V
0lQDXvgjTL8Vug39GGLDYgLT5K7fxM6Tzyh7CJjYOJPm1MATR635xhaYuQxscR7/+1nIBg
2sUk9LFoVI/DRiKvWaPWazNPQG0ylHbZY1gcDB8xBzWOSGt9A7K/ypXKnnlWy9NGXnMG+V
Zir05NNs2nzGvrUAAAEBALrEooyYqrXZtksRhMoGQBUoKg3V7z4FceGVLhwe0zuP18KLA3
6IPHkSwuP5radGpaB4qXGj/X5lZIwo1FaVy8mYfhh2rApvhbedo3i+e+ngWwP1kNSETlor
l3a3Oy3onowTW08YuRGcBtGTv4Hwj0LoRvt+Ts4cx8GNV/dZFWnNVJEvCR9BvVoeiATHA3
0igzO6c69/+K5RRumifMg4xmg5YOvuW8RnCZ7vUmBhKSEFRW3e/6u2UftHgEhQ2tAS+AeH
RnJdY3AWGL3eXd5UzDYEt5DQBnTOHVUlM7bOH3o2GhW814Tha7SdS4EYUNY/4tTml5N+r3
aDVw0IJuOxAF8AAAEBANAOE+4RpubP8DDAG+rRoYQNrtiYAI/Rdu9CR+wkjI4+hrOmnCJu
VEae24TmlNLtWo2GGG0ZE8+zXx+cKRdYj1baS4rDFP+iW9AnxaoAdWp8mW/xJMXSz7wjZk
5VRA5ivtZDLpgyicBwf1PYqHOIGrNedCmmtHDzhV0ERyt7D/Prql3IWVgvz09RdhD3pXcO
DkE4TLs5RMSA2Erh6OddRIwsSM07tXLwalQpuyuoGNMyK/ZidugfQesIEZPwb7cPi35eSQ
5lT2EpjfPsxBSWisUA3U1AIVBhejpK58ZHw6TH/AZEXNFGdENKNwAMV+FR3Rn3V7NTH/y7
SzPzjmCldksAAAAMcm9vdEBrdWJlMDAxAQIDBAUGBw==
-----END OPENSSH PRIVATE KEY-----
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: github-bot
secrets:
- name: ssh-key
应用yaml文件
kubectl apply -f git-clone-sa.yaml
2.创建Pipeline和PipelineRun
创建 git 克隆PipelineRun,该管道将从私有 GitHub 存储库克隆并简单列出内容:
$ cat git-clone-pipelinerun.yaml
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: cat-branch-readme
spec:
params:
- name: repo-url
type: string
description: The git repository URL to clone from.
- name: branch-name
type: string
description: The git branch to clone.
- name: gitInitImage
type: string
description: The gitInitImage params.
workspaces:
- name: shared-data
tasks:
- name: fetch-repo
taskRef:
name: git-clone
workspaces:
- name: output
workspace: shared-data
params:
- name: url
value: $(params.repo-url)
- name: revision
value: $(params.branch-name)
- name: gitInitImage
value: $(params.gitInitImage)
- name: cat-readme
runAfter: ["fetch-repo"]
workspaces:
- name: source
workspace: shared-data
taskSpec:
workspaces:
- name: source
steps:
- image: zshusers/zsh:4.3.15
script: |
#!/usr/bin/env zsh
cat $(workspaces.source.path)/README.md
---
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: git-clone-checking-out-a-branch-
spec:
serviceAccountName: github-bot
pipelineRef:
name: cat-branch-readme
podTemplate:
securityContext:
fsGroup: 65532
workspaces:
- name: shared-data
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
params:
- name: repo-url
value: git@github.com:willzhang/test.git
- name: branch-name
value: main
- name: gitInitImage
value: registry.cn-shenzhen.aliyuncs.com/cnmirror/git-init:latest
参数说明:
- 注意修改克隆URL地址格式为:
git@github.com:willzhang/test.git - 去除httproxy部分,以免影响ssh认证
应用yaml文件
kubectl create -f git-clone-pipelinerun.yaml
登录dashbord 查看参数信息,确认克隆任务是否成功
显示 git 仓库 README 信息
参考:https://redhat-scholars.github.io/tekton-tutorial/tekton-tutorial/private_reg_repos.html
![[HCTF 2018]WarmUp (代码审计)](https://img-blog.csdnimg.cn/direct/0b65bd422efb4eef8123a5e568344deb.png)
