dashboard/src/api/resources/import-resources-pipelinerun.yaml at 81023547a146e2532ee460c654096a6f828729ae · tektoncd/dashboard · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
# Copyright 2023-2024 The Tekton Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# version may be replaced in the API layer if the user has opted in to v1 resources
apiVersion: tekton.dev/v1
kind: PipelineRun
metadata:
  # name will be replaced in the API layer
  name: import-resources
  labels:
    # additional labels will be added in the API layer
    dashboard.tekton.dev/import: 'true'
spec:
  pipelineSpec:
    params:
      - name: method
        description: Which kubectl command to use to import the resources (apply / create)
        default: 'apply'
        type: string
      - name: path
        description: The path from which resources are to be imported
        default: '.'
        type: string
      - name: repositoryURL
        description: The URL of the git repository from which resources are to be imported
        type: string
      - name: revision
        description: The git revision from which resources are to be imported
        default: ''
        type: string
      - name: target-namespace
        description: The namespace in which to create the resources being imported
        default: tekton-pipelines
        type: string
    tasks:
      - name: fetch-repo
        taskSpec:
          params:
            - name: repositoryURL
              description: The URL of the git repository from which resources are to be imported
              type: string
            - name: revision
              description: The git revision to clone
              type: string
          workspaces:
            - name: repo
          steps:
            - name: clone
              image: ghcr.io/wolfi-dev/git:alpine@sha256:2f0ea4e8c4424ba60dd7419b3fb7cef7ba962f0a43310e8c884b977022e55257
              env:
                - name: PARAM_URL
                  value: $(params.repositoryURL)
                - name: PARAM_REVISION
                  value: $(params.revision)
                - name: WORKSPACE_PATH
                  value: $(workspaces.repo.path)
              securityContext:
                allowPrivilegeEscalation: false
                capabilities:
                  drop:
                  - "ALL"
              script: |
                #!/usr/bin/env sh
                set -eu
                git config --global init.defaultBranch main
                git config --global --add safe.directory "${WORKSPACE_PATH}"
                cd "${WORKSPACE_PATH}"
                git init
                git remote add origin "${PARAM_URL}"
                git fetch --depth=1 --recurse-submodules=yes origin "${PARAM_REVISION}"
                git reset --hard FETCH_HEAD
                git submodule update --init --recursive
        params:
          - name: repositoryURL
            value: $(params.repositoryURL)
          - name: revision
            value: $(params.revision)
        workspaces:
          - name: repo
            workspace: repo
      - name: import-resources
        runAfter: [fetch-repo]
        taskSpec:
          params:
            - name: path
              description: The path from which resources are to be imported
              type: string
            - name: target-namespace
              description: The namespace in which to create the resources being imported
              type: string
            - name: method
              description: Which kubectl command to use to import the resources (apply / create)
              type: string
          workspaces:
            - name: repo
          steps:
            - name: import
              image: docker.io/lachlanevenson/k8s-kubectl:latest
              securityContext:
                allowPrivilegeEscalation: false
                capabilities:
                  drop:
                  - "ALL"
              command: ['kubectl']
              args:
                - '$(params.method)'
                - '-f'
                - '$(workspaces.repo.path)/$(params.path)'
                - '-n'
                - '$(params.target-namespace)'
        params:
          - name: path
            value: '$(params.path)'
          - name: target-namespace
            value: $(params.target-namespace)
          - name: method
            value: $(params.method)
        workspaces:
          - name: repo
            workspace: repo
  params:
    # Values will be replaced in the API layer
    - name: method
      value: ''
    - name: path
      value: ''
    - name: repositoryURL
      value: ''
    - name: revision
      value: ''
    - name: target-namespace
      value: ''
  taskRunTemplate:
    podTemplate:
      securityContext:
        runAsUser: 65532
        runAsGroup: 65532
        runAsNonRoot: true
        seccompProfile:
          type: RuntimeDefault
  workspaces:
    - name: repo
      volumeClaimTemplate:
        spec:
          accessModes:
          - ReadWriteOnce
          resources:
            requests:
              storage: 1Gi