Tekton - Github 集成
Tekton - Github integration
我正在寻找一种方法(如果存在)将 Kubernetes 集群中的 Tekton 任务 运行 链接到 GitHub 个步骤,以便我可以在 GitHub 中标记所需的步骤并且只有通过时才允许 PR 合并。
我知道 Tekton 触发器,它解决了问题的另一部分,即对 GitHub 中的事件做出反应,例如创建新的拉取请求或在 master 分支上合并。
但是 Tekton 是否能够按照我期望的方式调用 GitHub API?
您正在寻找的是可以将状态从 PipelineRun 报告回 GitHub 的东西。
这可以通过几种不同的方式完成。一种方法是改用 commit--status-tracker, however it seem to use the "older" concept with PipelineResources, so I would recommend to use e.g. GitHub App Notifier,尽管它看起来很新。
另一种方法是使用 github-set-status Task from Tekton Hub, which is quite easy to use IMHO. Integrating GitLab we have had good experience with the counterpart gitlab-set-status. on how to set the STATE of the github-set-status Task according to the Tekton Pipeline aggregated status and when expression guarded finally Tasks。
我还概述了一个示例 pipeline.yaml 并从提到的答案中得出(未经测试!)。它利用 git-clone and Cloud Native buildpacks 任务(也来自 Tekton Hub)提供完整示例:
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: buildpacks-test-pipeline
spec:
params:
- name: IMAGE
type: string
description: image URL to push
- name: SOURCE_URL
type: string
description: A git repo url where the source code resides.
- name: REPO_PATH_ONLY
type: string
description: GitHub group & repo name only (e.g. jonashackt/microservice-api-spring-boot)
- name: SOURCE_REVISION
description: The branch, tag or SHA to checkout.
default: ""
- name: GITHUB_HOST
type: string
description: Your GitHub host only (e.g. api.github.com)
- name: TEKTON_DASHBOARD_HOST
type: string
description: The Tekton dashboard host name only
workspaces:
- name: source-workspace # Directory where application source is located. (REQUIRED)
- name: cache-workspace # Directory where cache is stored (OPTIONAL)
tasks:
- name: fetch-repository # This task fetches a repository from github, using the `git-clone` task you installed
taskRef:
name: git-clone
workspaces:
- name: output
workspace: source-workspace
params:
- name: url
value: "$(params.SOURCE_URL)"
- name: revision
value: "$(params.SOURCE_REVISION)"
- name: subdirectory
value: ""
- name: deleteExisting
value: "true"
- name: buildpacks # This task uses the `buildpacks` task to build the application
taskRef:
name: buildpacks
runAfter:
- fetch-repository
workspaces:
- name: source
workspace: source-workspace
- name: cache
workspace: cache-workspace
params:
- name: APP_IMAGE
value: "$(params.IMAGE)"
- name: BUILDER_IMAGE
value: paketobuildpacks/builder:base # This is the builder we want the task to use (REQUIRED)
finally:
- name: report-pipeline-failed-to-github
when:
- input: $(tasks.status)
operator: in
values: [ "Failed", "None" ] # see aggregated status https://tekton.dev/docs/pipelines/pipelines/#using-aggregate-execution-status-of-all-tasks
taskRef:
name: "github-set-status"
params:
- name: "STATE"
value: "failed"
- name: "GITHUB_HOST_URL"
value: "$(params.GITHUB_HOST)"
- name: "REPO_FULL_NAME"
value: "$(params.REPO_PATH_ONLY)"
- name: "GITHUB_TOKEN_SECRET_NAME"
value: "github-api-secret"
- name: "GITHUB_TOKEN_SECRET_KEY"
value: "token"
- name: "SHA"
value: "$(params.SOURCE_REVISION)"
- name: "TARGET_URL"
value: "$(params.TEKTON_DASHBOARD_HOST)/#/namespaces/default/pipelineruns/$(context.pipelineRun.name)"
- name: "CONTEXT"
value: "tekton-pipeline"
- name: "DESCRIPTION"
value: "An error occurred building your commit in Tekton"
- name: report-pipeline-success-to-github
when:
- input: $(tasks.status)
operator: in
values: [ "Succeeded", "Completed" ] # see aggregated status https://tekton.dev/docs/pipelines/pipelines/#using-aggregate-execution-status-of-all-tasks
taskRef:
name: "github-set-status"
params:
- name: "STATE"
value: "success"
- name: "GITHUB_HOST_URL"
value: "$(params.GITHUB_HOST)"
- name: "REPO_FULL_NAME"
value: "$(params.REPO_PATH_ONLY)"
- name: "GITHUB_TOKEN_SECRET_NAME"
value: "github-api-secret"
- name: "GITHUB_TOKEN_SECRET_KEY"
value: "token"
- name: "SHA"
value: "$(params.SOURCE_REVISION)"
- name: "TARGET_URL"
value: "$(params.TEKTON_DASHBOARD_HOST)/#/namespaces/default/pipelineruns/$(context.pipelineRun.name)"
- name: "CONTEXT"
value: "tekton-pipeline"
- name: "DESCRIPTION"
value: "Finished building your commit in Tekton"
我不确定 TaskRuns,但您可以通过 lighthouse.
至少使用一个 PipelineRun
如果你有一个 PR 打开,它会在 PR 中反映相应的 PipelineRun 的状态,并告知你管道和批准状态:
screenshot
我正在寻找一种方法(如果存在)将 Kubernetes 集群中的 Tekton 任务 运行 链接到 GitHub 个步骤,以便我可以在 GitHub 中标记所需的步骤并且只有通过时才允许 PR 合并。
我知道 Tekton 触发器,它解决了问题的另一部分,即对 GitHub 中的事件做出反应,例如创建新的拉取请求或在 master 分支上合并。 但是 Tekton 是否能够按照我期望的方式调用 GitHub API?
您正在寻找的是可以将状态从 PipelineRun 报告回 GitHub 的东西。
这可以通过几种不同的方式完成。一种方法是改用 commit--status-tracker, however it seem to use the "older" concept with PipelineResources, so I would recommend to use e.g. GitHub App Notifier,尽管它看起来很新。
另一种方法是使用 github-set-status Task from Tekton Hub, which is quite easy to use IMHO. Integrating GitLab we have had good experience with the counterpart gitlab-set-status. STATE of the github-set-status Task according to the Tekton Pipeline aggregated status and when expression guarded finally Tasks。
我还概述了一个示例 pipeline.yaml 并从提到的答案中得出(未经测试!)。它利用 git-clone and Cloud Native buildpacks 任务(也来自 Tekton Hub)提供完整示例:
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: buildpacks-test-pipeline
spec:
params:
- name: IMAGE
type: string
description: image URL to push
- name: SOURCE_URL
type: string
description: A git repo url where the source code resides.
- name: REPO_PATH_ONLY
type: string
description: GitHub group & repo name only (e.g. jonashackt/microservice-api-spring-boot)
- name: SOURCE_REVISION
description: The branch, tag or SHA to checkout.
default: ""
- name: GITHUB_HOST
type: string
description: Your GitHub host only (e.g. api.github.com)
- name: TEKTON_DASHBOARD_HOST
type: string
description: The Tekton dashboard host name only
workspaces:
- name: source-workspace # Directory where application source is located. (REQUIRED)
- name: cache-workspace # Directory where cache is stored (OPTIONAL)
tasks:
- name: fetch-repository # This task fetches a repository from github, using the `git-clone` task you installed
taskRef:
name: git-clone
workspaces:
- name: output
workspace: source-workspace
params:
- name: url
value: "$(params.SOURCE_URL)"
- name: revision
value: "$(params.SOURCE_REVISION)"
- name: subdirectory
value: ""
- name: deleteExisting
value: "true"
- name: buildpacks # This task uses the `buildpacks` task to build the application
taskRef:
name: buildpacks
runAfter:
- fetch-repository
workspaces:
- name: source
workspace: source-workspace
- name: cache
workspace: cache-workspace
params:
- name: APP_IMAGE
value: "$(params.IMAGE)"
- name: BUILDER_IMAGE
value: paketobuildpacks/builder:base # This is the builder we want the task to use (REQUIRED)
finally:
- name: report-pipeline-failed-to-github
when:
- input: $(tasks.status)
operator: in
values: [ "Failed", "None" ] # see aggregated status https://tekton.dev/docs/pipelines/pipelines/#using-aggregate-execution-status-of-all-tasks
taskRef:
name: "github-set-status"
params:
- name: "STATE"
value: "failed"
- name: "GITHUB_HOST_URL"
value: "$(params.GITHUB_HOST)"
- name: "REPO_FULL_NAME"
value: "$(params.REPO_PATH_ONLY)"
- name: "GITHUB_TOKEN_SECRET_NAME"
value: "github-api-secret"
- name: "GITHUB_TOKEN_SECRET_KEY"
value: "token"
- name: "SHA"
value: "$(params.SOURCE_REVISION)"
- name: "TARGET_URL"
value: "$(params.TEKTON_DASHBOARD_HOST)/#/namespaces/default/pipelineruns/$(context.pipelineRun.name)"
- name: "CONTEXT"
value: "tekton-pipeline"
- name: "DESCRIPTION"
value: "An error occurred building your commit in Tekton"
- name: report-pipeline-success-to-github
when:
- input: $(tasks.status)
operator: in
values: [ "Succeeded", "Completed" ] # see aggregated status https://tekton.dev/docs/pipelines/pipelines/#using-aggregate-execution-status-of-all-tasks
taskRef:
name: "github-set-status"
params:
- name: "STATE"
value: "success"
- name: "GITHUB_HOST_URL"
value: "$(params.GITHUB_HOST)"
- name: "REPO_FULL_NAME"
value: "$(params.REPO_PATH_ONLY)"
- name: "GITHUB_TOKEN_SECRET_NAME"
value: "github-api-secret"
- name: "GITHUB_TOKEN_SECRET_KEY"
value: "token"
- name: "SHA"
value: "$(params.SOURCE_REVISION)"
- name: "TARGET_URL"
value: "$(params.TEKTON_DASHBOARD_HOST)/#/namespaces/default/pipelineruns/$(context.pipelineRun.name)"
- name: "CONTEXT"
value: "tekton-pipeline"
- name: "DESCRIPTION"
value: "Finished building your commit in Tekton"
我不确定 TaskRuns,但您可以通过 lighthouse.
至少使用一个 PipelineRun如果你有一个 PR 打开,它会在 PR 中反映相应的 PipelineRun 的状态,并告知你管道和批准状态:
screenshot