Skip to content

Commit e35ff2c

Browse files
vdemeesterclaude
andcommitted
feat: publish Tekton Bundle on release
- Install tkn CLI via tektoncd/actions/setup-tektoncd-cli - Push task as Tekton Bundle to ghcr.io, tagged with version and latest - Sign bundle with cosign - Add bundle e2e test: push to ttl.sh, run TaskRun via bundle resolver - Document bundle resolver usage in README Closes #113 Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Vincent Demeester <vdemeest@redhat.com>
1 parent 54d4b67 commit e35ff2c

4 files changed

Lines changed: 180 additions & 2 deletions

File tree

.github/workflows/build.yaml

Lines changed: 39 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -73,9 +73,45 @@ jobs:
7373
TIMEOUT: 180s
7474
run: ./test/e2e-tests.sh
7575

76+
e2e-bundle:
77+
name: E2E Bundle
78+
needs: [build]
79+
runs-on: ubuntu-latest
80+
steps:
81+
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
82+
83+
- uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
84+
with:
85+
go-version-file: "image/git-init/go.mod"
86+
cache-dependency-path: "image/git-init/go.sum"
87+
88+
- uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9
89+
90+
- uses: tektoncd/actions/setup-tektoncd-cli@dd92514472167b361de1c95fd31fc2ef83c282ec # main
91+
92+
- name: Create Kind cluster
93+
uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
94+
with:
95+
cluster_name: kind
96+
wait: 120s
97+
98+
- name: Build and load image into Kind
99+
env:
100+
KO_DOCKER_REPO: kind.local
101+
run: |
102+
cd image/git-init
103+
ko build --sbom=none -B -t e2e .
104+
echo "GIT_INIT_IMAGE=kind.local/git-init:e2e" >> "$GITHUB_ENV"
105+
106+
- name: Run bundle e2e test
107+
env:
108+
PIPELINE_VERSION: v1.12.0
109+
TIMEOUT: 180s
110+
run: ./test/e2e-bundle-test.sh
111+
76112
ci-summary:
77113
name: CI summary
78-
needs: [build, e2e]
114+
needs: [build, e2e, e2e-bundle]
79115
runs-on: ubuntu-latest
80116
if: always()
81117
steps:
@@ -84,6 +120,7 @@ jobs:
84120
results=(
85121
"build=${NEEDS_BUILD_RESULT}"
86122
"e2e=${NEEDS_E2E_RESULT}"
123+
"e2e-bundle=${NEEDS_E2E_BUNDLE_RESULT}"
87124
)
88125
failed=0
89126
for r in "${results[@]}"; do
@@ -104,3 +141,4 @@ jobs:
104141
env:
105142
NEEDS_BUILD_RESULT: ${{ needs.build.result }}
106143
NEEDS_E2E_RESULT: ${{ needs.e2e.result }}
144+
NEEDS_E2E_BUNDLE_RESULT: ${{ needs.e2e-bundle.result }}

.github/workflows/release.yaml

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,32 @@ jobs:
5555
env:
5656
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
5757

58+
- name: Push Tekton Bundle
59+
uses: tektoncd/actions/setup-tektoncd-cli@dd92514472167b361de1c95fd31fc2ef83c282ec # main
60+
61+
- name: Publish Tekton Bundle
62+
working-directory: .
63+
env:
64+
GIT_TAG: ${{ steps.tag.outputs.tag_name }}
65+
REGISTRY: "ghcr.io/${{ github.repository }}"
66+
run: |
67+
tkn bundle push "${REGISTRY}/bundle:${GIT_TAG}" \
68+
-f task/git-clone/git-clone.yaml
69+
tkn bundle push "${REGISTRY}/bundle:latest" \
70+
-f task/git-clone/git-clone.yaml
71+
72+
- name: Sign Tekton Bundle
73+
env:
74+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
75+
GIT_TAG: ${{ steps.tag.outputs.tag_name }}
76+
REGISTRY: "ghcr.io/${{ github.repository }}"
77+
run: |
78+
digest=$(crane digest "${REGISTRY}/bundle:${GIT_TAG}")
79+
cosign sign --yes \
80+
-a GIT_HASH="${{ github.sha }}" \
81+
-a GIT_TAG="${GIT_TAG}" \
82+
"${REGISTRY}/bundle@${digest}"
83+
5884
- name: sign ko-image
5985
run: |
6086
digest=$(crane digest "${REGISTRY}":"${GIT_TAG}")

README.md

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,12 +11,26 @@ checkouts via the `sparseCheckoutDirectories` param.
1111

1212
## Installation
1313

14-
Install the Task:
14+
Install the Task directly:
1515

1616
```bash
1717
kubectl apply -f https://raw.githubusercontent.com/tektoncd-catalog/git-clone/main/task/git-clone/git-clone.yaml
1818
```
1919

20+
Or use the [Tekton Bundle](https://tekton.dev/docs/pipelines/tekton-bundle-contracts/) with the bundle resolver:
21+
22+
```yaml
23+
taskRef:
24+
resolver: bundles
25+
params:
26+
- name: bundle
27+
value: ghcr.io/tektoncd-catalog/git-clone/bundle:v1.4.0
28+
- name: name
29+
value: git-clone
30+
- name: kind
31+
value: task
32+
```
33+
2034
## Usage
2135
2236
### Basic clone

test/e2e-bundle-test.sh

Lines changed: 100 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,100 @@
1+
#!/usr/bin/env bash
2+
3+
# Copyright 2024 The Tekton Authors
4+
#
5+
# Licensed under the Apache License, Version 2.0 (the "License");
6+
# you may not use this file except in compliance with the License.
7+
# You may obtain a copy of the License at
8+
#
9+
# http://www.apache.org/licenses/LICENSE-2.0
10+
#
11+
# Unless required by applicable law or agreed to in writing, software
12+
# distributed under the License is distributed on an "AS IS" BASIS,
13+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14+
# See the License for the specific language governing permissions and
15+
# limitations under the License.
16+
17+
# E2e test for Tekton Bundle publishing.
18+
# Pushes the task as a bundle to ttl.sh, then runs a TaskRun that
19+
# references it via the bundle resolver.
20+
#
21+
# Environment variables:
22+
# PIPELINE_VERSION - Tekton Pipelines version to install (default: v1.12.0)
23+
# TIMEOUT - Timeout for TaskRun (default: 120s)
24+
# GIT_INIT_IMAGE - Override the gitInitImage in the task (optional)
25+
# BUNDLE_REGISTRY - Registry to push bundles to (default: ttl.sh)
26+
27+
set -euo pipefail
28+
29+
PIPELINE_VERSION="${PIPELINE_VERSION:-v1.12.0}"
30+
TIMEOUT="${TIMEOUT:-120s}"
31+
BUNDLE_REGISTRY="${BUNDLE_REGISTRY:-ttl.sh}"
32+
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
33+
ROOT_DIR="$(cd "${SCRIPT_DIR}/.." && pwd)"
34+
35+
# Generate a unique bundle reference
36+
BUNDLE_REF="${BUNDLE_REGISTRY}/git-clone-e2e-$(head -c 8 /proc/sys/kernel/random/uuid):1h"
37+
38+
echo "--- Installing Tekton Pipelines ${PIPELINE_VERSION}"
39+
kubectl apply --filename "https://github.com/tektoncd/pipeline/releases/download/${PIPELINE_VERSION}/release.yaml"
40+
echo "--- Waiting for Tekton Pipelines to be ready"
41+
kubectl wait --for=condition=available --timeout=120s deployment/tekton-pipelines-controller -n tekton-pipelines
42+
kubectl wait --for=condition=available --timeout=120s deployment/tekton-pipelines-webhook -n tekton-pipelines
43+
44+
# Prepare the task YAML (with optional image override)
45+
TASK_YAML=$(mktemp)
46+
if [[ -n "${GIT_INIT_IMAGE:-}" ]]; then
47+
echo " Using locally built image: ${GIT_INIT_IMAGE}"
48+
sed "s|ghcr.io/tektoncd-catalog/git-clone:[^ \"]*|${GIT_INIT_IMAGE}|g" \
49+
"${ROOT_DIR}/task/git-clone/git-clone.yaml" > "${TASK_YAML}"
50+
else
51+
cp "${ROOT_DIR}/task/git-clone/git-clone.yaml" "${TASK_YAML}"
52+
fi
53+
54+
echo "--- Pushing Tekton Bundle to ${BUNDLE_REF}"
55+
tkn bundle push "${BUNDLE_REF}" -f "${TASK_YAML}"
56+
57+
echo "--- Creating TaskRun using bundle resolver"
58+
cat <<EOF | kubectl apply -f -
59+
apiVersion: tekton.dev/v1
60+
kind: TaskRun
61+
metadata:
62+
name: git-clone-bundle-test
63+
spec:
64+
taskRef:
65+
resolver: bundles
66+
params:
67+
- name: bundle
68+
value: ${BUNDLE_REF}
69+
- name: name
70+
value: git-clone
71+
- name: kind
72+
value: task
73+
workspaces:
74+
- name: output
75+
emptyDir: {}
76+
podTemplate:
77+
securityContext:
78+
fsGroup: 65532
79+
params:
80+
- name: url
81+
value: https://github.com/kelseyhightower/nocode
82+
EOF
83+
84+
echo "--- Waiting for TaskRun to complete (timeout: ${TIMEOUT})"
85+
if kubectl wait --for=condition=Succeeded --timeout="${TIMEOUT}" taskrun/git-clone-bundle-test 2>/dev/null; then
86+
echo ""
87+
echo "=== Bundle test PASSED ==="
88+
else
89+
echo ""
90+
echo "=== Bundle test FAILED ==="
91+
kubectl get taskrun/git-clone-bundle-test -o jsonpath='{.status.conditions[*].message}' 2>/dev/null || true
92+
echo ""
93+
pod=$(kubectl get taskrun/git-clone-bundle-test -o jsonpath='{.status.podName}' 2>/dev/null)
94+
if [[ -n "${pod}" ]]; then
95+
kubectl logs "${pod}" --all-containers 2>/dev/null || true
96+
fi
97+
exit 1
98+
fi
99+
100+
rm -f "${TASK_YAML}"

0 commit comments

Comments
 (0)