[WIP] Add generic git task - with alternative auth #309
Conversation
tekton-robot
added
do-not-merge/work-in-progress
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Hi @jlpettersson. Thanks for your PR. I'm waiting for a tektoncd member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
tekton-robot
added
needs-ok-to-test
| - secret: | ||
| name: github-known-hosts | ||
| - secret: | ||
| name: github-private-key |
There was a problem hiding this comment.
both secret names should be params in a proper implementation.
params:
- name: known-hosts-secret
type: string
description: secret name of the SSH known_hosts file
- name: private-key-secret
type: string
description: secret name of the SSH private key file
and in use
projected:
defaultMode: 0400
sources:
- secret:
name: $(params.known-hosts-secret)
- secret:
name: $(params.private-key-secret)
There was a problem hiding this comment.
Is this a limitation of Tekton at the moment - params can't be used as variables in volumes?
There was a problem hiding this comment.
Yes, it is the Secret Name within a projected volume, were we don't have implemented variable substitution. But as the commit is implemented now, it is working. But for proper support, we should add variable substitution here, so that end-users can name the secrets how they want.
The existing git-clone task is very opinionated and custom. This task use a generic _git image_. The plan is to add tasks for `git-add`, `git-commit` and `git-push` as well. This commit also shows an alternative way to setup authentication. This authentication is independent of [Tekton Pipeline Auth documentation](https://github.com/tektoncd/pipeline/blob/master/docs/auth.md) and does not use _annotations on Secrets_ and no need for custom _credential initialization process_ and does not copy or move any sensitive values, but mount them using a projected volume. /kind feature
Changes
The existing git-clone task is very opinionated and custom. This task use a generic git image. The plan is to add tasks for
git-add,git-commitandgit-pushas well.This commit also shows an alternative way to setup authentication. This authentication is independent of Tekton Pipeline Auth documentation and does not use annotations on Secrets and no need for custom credential initialization process and does not copy or move any sensitive values, but mount them using a projected volume.
Related to tektoncd/pipeline#2343
/kind feature
Submitter Checklist
These are the criteria that every PR should meet, please check them off as you
review them:
See the contribution guide
for more details.