Tekton pipeline build and push - Thu, Dec 3, 2020
Build a docker image using Tekton and pushing it to a registry
Tekton build from source
Recently when getting acquainted with Tekton pipelines
I ran through this
hello world tutorial.
In this tutorial a docker image is build from a git repository and pushed to a docker registry on GitHub using kaniko
.
The only thing I missed was the ability to tag the image with the latest Short SHA-1 from the git repository which I will explain how to do in the following.
Pipeline overview
The pipeline in the tutorial is actually quiet simple:
+---------------+
| |
| git resource | Pipeline resource
| |
+-------+-------+
|
v
+-------+-------+
| |
|build and push | Task
| |
+-------+-------+
|
v
+-------+-------+
| |
|image resource | Pipeline resource
| |
+---------------+
One way of tagging the image would be to modify the build and push task. Follow the Separation of concerns
principle I opted to put the extraction of the tag into another task:
+-----------------+
| |
+----------------->+ get tag and sha |
| | |
+-------+-------+ +-------+---------+
| | |
| git ressource | |
| | v
+-------+-------+ +-------+--------+
| | |
+----------------->+ build and push |
| |
+-------+--------+
|
v
+-------+-------+
| |
|image resource |
| |
+---------------+
Both these task use the git repo as its input. The get tag and sha task extracts the tag which is then used by the build and push task
to tag the image accordingly.
Get tag and sha task
As already explained this task gets the sha and last tag and writes it to the result. The following code excerpt show the relevant lines:
1 steps:
2 - name: get-tag-and-sha
3 image: alpine/git
4 script: |
5 cd git-source
6 git fetch --unshallow
7 git describe --always --tags | tr -d '\040\011\012\015' > $(results.tag.path)
8 git rev-parse --short HEAD | tr -d '\040\011\012\015' > $(results.short-sha.path)
9 results:
10 - name: tag
11 - name: short-sha
The key points here are fetching unshallow (line 6) in order to get the tags and writing the values to the results using the > operator (lines 7 & 8).
Build and push task
This task has been slightly altered to take the tag and sha as parameters. In addition the actual script has been altered to add the tag to the image:
1 steps:
2 - name: build
3 image: gcr.io/kaniko-project/executor:v0.16.0
4 env:
5 - name: "DOCKER_CONFIG"
6 value: "/tekton/home/.docker/"
7 command:
8 - /kaniko/executor
9 args:
10 - --dockerfile=$(params.pathToDockerFile)
11 - --destination=$(resources.outputs.builtImage.url):$(params.tag)
12 - --destination=$(resources.outputs.builtImage.url):$(params.short-sha)
13 - --context=$(params.pathToContext)
The key points here are the destination elements that use the parameter values (lines 11 & 12).
The pipeline
The pipeline is the part where the output of the first task is connected to the parameters of the second tasks:
1 tasks:
2 - name: get-tag-and-sha
3 taskRef:
4 name: get-tag-and-sha
5 resources:
6 inputs:
7 - name: git-source
8 resource: git-source
9 - name: source-to-docker
10 taskRef:
11 name: source-to-docker
12 runAfter:
13 - get-tag-and-sha
14 ...
15 params:
16 - name: tag
17 value: "$(tasks.get-tag-and-sha.results.tag)"
18 - name: short-sha
19 value: "$(tasks.get-tag-and-sha.results.short-sha)"
20 - name: pathToDockerFile
21 value: $(resources.inputs.git-source.path)$(params.pathToDockerFile)
22 - name: pathToContext
23 value: $(resources.inputs.git-source.path)$(params.pathToContext)
The assignment of the output of the tag get-tag-and-sha to the parameters for task source-to-docker happens in line 21 and 22.
Note the runAfter directive in line 12 which tells Tekton to run the tag retrieval task first.