Skip to content

Collapse simple 2-task pipelines into single Tasks to eliminate PVC usage#3480

Open
vdemeester wants to merge 5 commits into
tektoncd:mainfrom
vdemeester:collapse-pipelines-3379
Open

Collapse simple 2-task pipelines into single Tasks to eliminate PVC usage#3480
vdemeester wants to merge 5 commits into
tektoncd:mainfrom
vdemeester:collapse-pipelines-3379

Conversation

@vdemeester

Copy link
Copy Markdown
Member

Changes

Collapses the 7 "clearly collapsible" 2-task pipelines from #3379 into single Tasks. Each followed a git-clone → do-something pattern with two tasks sharing a workspace via a volumeClaimTemplate (PVC). On OCI/OKE every volumeClaimTemplate provisions a 50 GiB block volume regardless of the requested size, so eliminating cross-task workspaces removes that PVC churn for the most frequent workloads.

For each pipeline:

  • The git-clone task becomes the first step of a single Task, using the git-clone StepAction from tektoncd-catalog/git-clone (pinned to v1.7.0) via the git resolver.
  • The TriggerTemplate (and manual run, where present) now creates a TaskRun instead of a PipelineRun.
  • The shared workspace becomes an emptyDir volume, so no PVC is created; the tekton.dev/auto-cleanup-pvc annotation is dropped.

Pipelines collapsed:

Pipeline Namespace
peribolos-sync default
terraform-branch-protection-sync default
deploy-from-folder default
deploy-configmap default
single-arch-build-and-push default
docker-multi-arch-build-and-push default
ko-multi-arch-build-and-push default

Now-inlined standalone Task files (peribolos.yaml, terraform.yaml) were removed and the relevant kustomizations updated. kubectl kustomize builds cleanly for all touched directories.

The 4 tekton-ci pipelines (request-pr-docs-reviewer, teps-linter, org-validation, diff-task-job) are left for a follow-up.

Part of #3379

/kind cleanup

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

See the contribution guide
for more details.

Collapse the peribolos-sync Pipeline (git-clone -> peribolos) into a
single Task where git-clone is a step using the git-clone StepAction
from tektoncd-catalog/git-clone (via the git resolver). The shared
workspace becomes an emptyDir, eliminating PVC creation.

Part of tektoncd#3379
…asks

Collapse single-arch-build-and-push, docker-multi-arch-build-and-push and
ko-multi-arch-build-and-push Pipelines into single Tasks with git-clone as
a step (git-clone StepAction from tektoncd-catalog/git-clone). Source
workspace becomes an emptyDir, eliminating PVC creation.

Part of tektoncd#3379
@tekton-robot tekton-robot added the kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. label Jul 2, 2026
@tekton-robot

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please ask for approval from vdemeester after the PR has been reviewed.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. label Jul 2, 2026
@vdemeester vdemeester requested a review from Copilot July 3, 2026 07:43

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR reduces PVC churn in the dogfooding Tekton workloads by collapsing several simple 2-Task Pipelines (git-clone → action) into single Tasks that run in one pod, switching triggers/runs to TaskRun, and replacing cross-task PVC-backed workspaces with emptyDir volumes.

Changes:

  • Converted selected Pipelines into single Task definitions by inlining the clone phase as a git-clone StepAction resolved via the git resolver (pinned to v1.7.0).
  • Updated TriggerTemplates (and the manual peribolos run) to create TaskRun instead of PipelineRun, and dropped tekton.dev/auto-cleanup-pvc where PVCs are no longer created.
  • Removed now-redundant standalone Tasks (peribolos.yaml, terraform.yaml) and updated kustomizations accordingly.

Reviewed changes

Copilot reviewed 15 out of 15 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
tekton/resources/org-permissions/peribolos.yaml Removed standalone peribolos Task now inlined into peribolos-sync as a step.
tekton/resources/org-permissions/peribolos-trigger.yaml TriggerTemplate updated to create a TaskRun and bind source as emptyDir.
tekton/resources/org-permissions/peribolos-sync.yaml Collapsed Pipeline into a single Task using git-clone StepAction + peribolos step.
tekton/resources/org-permissions/peribolos-run.yaml Manual run updated from PipelineRun to TaskRun with emptyDir workspace.
tekton/resources/org-permissions/kustomization.yaml Dropped removed peribolos.yaml from resources list.
tekton/resources/images/single-arch-template.yaml Collapsed Pipeline into Task; TriggerTemplate now creates TaskRun with emptyDir source.
tekton/resources/images/ko-multi-arch-template.yaml Collapsed Pipeline into Task; TriggerTemplate now creates TaskRun with emptyDir source.
tekton/resources/images/docker-multi-arch-template.yaml Collapsed Pipeline into Task; moved buildx step + dind sidecar/volume into Task; TriggerTemplate now creates TaskRun.
tekton/resources/cd/terraform-branch-protection-template.yaml TriggerTemplate updated to create TaskRun, bind source as emptyDir, and map command param.
tekton/resources/cd/peribolos-template.yaml TriggerTemplate updated to create TaskRun with emptyDir source workspace.
tekton/resources/cd/folder-template.yaml Removed Pipeline section and inlined clone as a first Task step; TriggerTemplate now creates TaskRun with emptyDir.
tekton/resources/cd/configmap-template.yaml Removed Pipeline section and inlined clone as a first Task step; TriggerTemplate now creates TaskRun with emptyDir.
tekton/resources/branch-protection/terraform.yaml Removed standalone terraform Task now inlined into terraform-sync as steps.
tekton/resources/branch-protection/terraform-sync.yaml Collapsed Pipeline into a single Task using git-clone StepAction + terraform steps.
tekton/resources/branch-protection/kustomization.yaml Dropped removed terraform.yaml from resources list.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread tekton/resources/images/single-arch-template.yaml Outdated
…s.*)

Using $(params.*) inside script: blocks is vulnerable to injection since
Tekton substitutes the value directly into the script text before the
shell runs. Environment variables are safe because values go through the
env, not inline into the shell script.

- terraform-sync.yaml: $(params.command) → ${COMMAND} env var
- single-arch-template.yaml: $(params.contextPath) → ${CONTEXT_PATH} env var

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 15 out of 15 changed files in this pull request and generated 1 comment.

Comment thread tekton/resources/branch-protection/terraform-sync.yaml
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants