Skip to content

Commit

Permalink
Run all the example pipelines
Browse files Browse the repository at this point in the history
Signed-off-by: Brad Beck <[email protected]>
  • Loading branch information
bradbeck committed Feb 3, 2024
1 parent ef7acc3 commit 100284f
Show file tree
Hide file tree
Showing 3 changed files with 123 additions and 15 deletions.
131 changes: 119 additions & 12 deletions .github/workflows/install-frsca.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -46,15 +46,10 @@ jobs:
- name: Try the cluster !
run: kubectl get pods -A
- name: Initialize FRSCA
env:
REGISTRY: "registry.registry"
run: |
make setup-frsca
- name: Run buildpacks pipeline
env:
REGISTRY: "registry.registry"
run: |
make registry-proxy >/dev/null &
./platform/wait-for-pipelinerun.sh -m example-buildpacks -n example-buildpacks-
# tail PipelineRun logs
tkn pr logs --last -f
Expand Down Expand Up @@ -83,12 +78,9 @@ jobs:
tkn tr describe --last -o json | jq -r '.metadata.annotations["chains.tekton.dev/signed"]'
cosign verify --insecure-ignore-tlog --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
cosign verify-attestation --insecure-ignore-tlog --type slsaprovenance --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
kill %?registry-proxy
kubectl delete pr --all -A
- name: Run sample pipeline to test kyverno
env:
REGISTRY: "registry.registry"
run: |
make registry-proxy >/dev/null &
./platform/wait-for-pipelinerun.sh -m example-sample-pipeline -n example-sample-pipeline-
# tail PipelineRun logs
tkn pr logs --last -f
Expand All @@ -114,9 +106,124 @@ jobs:
echo "TASK_RUN=${TASK_RUN}"
echo "IMAGE_URL=${IMAGE_URL}"
crane ls "$(echo -n ${IMAGE_URL} | sed 's|:[^/]*$||')"
cosign verify --insecure-ignore-tlog --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
cosign verify-attestation --insecure-ignore-tlog --type slsaprovenance --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
kubectl wait --timeout=5m --for=condition=ready pods -l app=picalc -n prod
kill %?registry-proxy
kubectl delete pr --all -A
- name: Run go pipeline
run: |
./platform/wait-for-pipelinerun.sh -m example-golang-pipeline -n example-golang-
tkn pr logs --last -f
if [ "$(tkn pr describe --last -o jsonpath='{.status.conditions[?(@.type == "Succeeded")].status}')" != "True" ]; then
tkn pr describe --last
exit 1
fi
sleep 60
TASK_RUNS=($(tkn pr describe --last -o jsonpath='{.status.childReferences}' | jq -r '.[] | select(.kind | match("TaskRun")) | .name'))
echo "TASK_RUNS=${TASK_RUNS[@]}"
TASK_RUN="none"; IMAGE_URL="none"
for tr in "${TASK_RUNS[@]}"; do
image=$(tkn tr describe "${tr}" -o jsonpath='{.status.results}' | jq -r '.[] | select(.name == "IMAGE_URL") | .value')
if [ -n "${image}" ]; then
TASK_RUN="${tr}"
IMAGE_URL="${image}"
break
fi
done
if [ "${REGISTRY}" = "registry.registry" ]; then
IMAGE_URL="$(echo "${IMAGE_URL}" | sed 's#'${REGISTRY}'#127.0.0.1:5000#')"
fi
crane ls "$(echo -n ${IMAGE_URL} | sed 's|:[^/]*$||')"
cosign verify --insecure-ignore-tlog --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
cosign verify-attestation --insecure-ignore-tlog --type slsaprovenance --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
kubectl delete pr --all -A
- name: Run IBM tutorial pipeline
run: |
./platform/wait-for-pipelinerun.sh -m example-ibm-tutorial -n example-ibm-tutorial-
tkn pr logs --last -f
if [ "$(tkn pr describe --last -o jsonpath='{.status.conditions[?(@.type == "Succeeded")].status}')" != "True" ]; then
tkn pr describe --last
exit 1
fi
sleep 60
TASK_RUNS=($(tkn pr describe --last -o jsonpath='{.status.childReferences}' | jq -r '.[] | select(.kind | match("TaskRun")) | .name'))
echo "TASK_RUNS=${TASK_RUNS[@]}"
TASK_RUN="none"; IMAGE_URL="none"
for tr in "${TASK_RUNS[@]}"; do
image=$(tkn tr describe "${tr}" -o jsonpath='{.status.results}' | jq -r '.[] | select(.name == "IMAGE_URL") | .value')
if [ -n "${image}" ]; then
TASK_RUN="${tr}"
IMAGE_URL="${image}"
break
fi
done
if [ "${REGISTRY}" = "registry.registry" ]; then
IMAGE_URL="$(echo "${IMAGE_URL}" | sed 's#'${REGISTRY}'#127.0.0.1:5000#')"
fi
crane ls "$(echo -n ${IMAGE_URL} | sed 's|:[^/]*$||')"
cosign verify --insecure-ignore-tlog --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
cosign verify-attestation --insecure-ignore-tlog --type slsaprovenance --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
kubectl delete pr --all -A
- name: Run gradle pipeline
run: |
./platform/wait-for-pipelinerun.sh -m example-gradle-pipeline -n example-gradle-
tkn pr logs --last -f
if [ "$(tkn pr describe --last -o jsonpath='{.status.conditions[?(@.type == "Succeeded")].status}')" != "True" ]; then
tkn pr describe --last
exit 1
fi
sleep 60
TASK_RUNS=($(tkn pr describe --last -o jsonpath='{.status.childReferences}' | jq -r '.[] | select(.kind | match("TaskRun")) | .name'))
echo "TASK_RUNS=${TASK_RUNS[@]}"
TASK_RUN="none"; IMAGE_URL="none"
for tr in "${TASK_RUNS[@]}"; do
image=$(tkn tr describe "${tr}" -o jsonpath='{.status.results}' | jq -r '.[] | select(.name == "IMAGE_URL") | .value')
if [ -n "${image}" ]; then
TASK_RUN="${tr}"
IMAGE_URL="${image}"
break
fi
done
if [ "${REGISTRY}" = "registry.registry" ]; then
IMAGE_URL="$(echo "${IMAGE_URL}" | sed 's#'${REGISTRY}'#127.0.0.1:5000#')"
fi
crane ls "$(echo -n ${IMAGE_URL} | sed 's|:[^/]*$||')"
cosign verify --insecure-ignore-tlog --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
cosign verify-attestation --insecure-ignore-tlog --type slsaprovenance --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
kubectl delete pr --all -A
- name: Run maven pipeline
run: |
./platform/wait-for-pipelinerun.sh -m example-maven -n example-maven-
tkn pr logs --last -f
if [ "$(tkn pr describe --last -o jsonpath='{.status.conditions[?(@.type == "Succeeded")].status}')" != "True" ]; then
tkn pr describe --last
exit 1
fi
kubectl delete pr --all -A
- name: Run cosign pipeline
run: |
./platform/wait-for-pipelinerun.sh -m example-cosign -n ko-pipelinerun-
tkn pr logs --last -f
if [ "$(tkn pr describe --last -o jsonpath='{.status.conditions[?(@.type == "Succeeded")].status}')" != "True" ]; then
tkn pr describe --last
exit 1
fi
sleep 60
TASK_RUNS=($(tkn pr describe --last -o jsonpath='{.status.childReferences}' | jq -r '.[] | select(.kind | match("TaskRun")) | .name'))
echo "TASK_RUNS=${TASK_RUNS[@]}"
TASK_RUN="none"; IMAGE_URL="none"
for tr in "${TASK_RUNS[@]}"; do
image=$(tkn tr describe "${tr}" -o jsonpath='{.status.results}' | jq -r '.[] | select(.name == "IMAGE_URL") | .value')
if [ -n "${image}" ]; then
TASK_RUN="${tr}"
IMAGE_URL="${image}"
break
fi
done
if [ "${REGISTRY}" = "registry.registry" ]; then
IMAGE_URL="$(echo "${IMAGE_URL}" | sed 's#'${REGISTRY}'#127.0.0.1:5000#')"
fi
crane ls "$(echo -n ${IMAGE_URL} | sed 's|:[^/]*$||')"
cosign verify --insecure-ignore-tlog --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
cosign verify-attestation --insecure-ignore-tlog --type slsaprovenance --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
kubectl delete pr --all -A
3 changes: 2 additions & 1 deletion examples/cosign/task-ko.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ spec:
default: ""
- name: KO_IMAGE
description: The name of the Ko image
default: "ghcr.io/google/ko:14b4fe1c7c6c3246120f271e163ca00367108c04"
default: "ghcr.io/ko-build/ko:5a95f8abc540475366126d6c34baf7014794315c"
- name: SOURCE_SUBPATH
description: >-
A subpath within checked out source where the source to build is
Expand Down Expand Up @@ -49,6 +49,7 @@ spec:
export LDFLAGS=""
export GIT_HASH="test"
export GIT_VERSION="test"
export GOFLAGS="-buildvcs=false"
KO_IMAGE=$(ko build \
--base-import-paths \
"$(params.SOURCE_SUBPATH)")
Expand Down
4 changes: 2 additions & 2 deletions examples/examples.cue
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ for pr in frsca.pipelineRun {
frsca: persistentVolumeClaim: "\(pr.metadata.generateName)source-ws-pvc": {
spec: {
accessModes: ["ReadWriteOnce"]
resources: requests: storage: "500Mi"
resources: requests: storage: "750Mi"
}
}
}
Expand All @@ -62,7 +62,7 @@ for name, tt in frsca.triggerTemplate {
frsca: persistentVolumeClaim: "\(name)-source-ws-pvc": {
spec: {
accessModes: ["ReadWriteOnce"]
resources: requests: storage: "500Mi"
resources: requests: storage: "750Mi"
}
}
}
Expand Down

0 comments on commit 100284f

Please sign in to comment.