Files
pikasTech-agentrun/deploy/templates/tekton/pipeline.yaml
T
2026-05-29 11:14:59 +08:00

265 lines
10 KiB
YAML

apiVersion: tekton.dev/v1
kind: Pipeline
metadata:
name: agentrun-v01-ci-image-publish
namespace: agentrun-ci
labels:
app.kubernetes.io/part-of: agentrun
agentrun.pikastech.local/lane: v0.1
spec:
params:
- name: git-url
type: string
default: git@github.com:pikasTech/agentrun.git
- name: source-branch
type: string
default: v0.1
- name: gitops-branch
type: string
default: v0.1-gitops
- name: revision
type: string
- name: registry-prefix
type: string
default: 127.0.0.1:5000/agentrun
- name: tools-image
type: string
default: oven/bun:1.2.15-alpine
workspaces:
- name: source
- name: git-ssh
tasks:
- name: prepare-source
workspaces:
- name: source
workspace: source
- name: git-ssh
workspace: git-ssh
taskSpec:
params:
- name: git-url
- name: source-branch
- name: revision
- name: tools-image
workspaces:
- name: source
- name: git-ssh
steps:
- name: clone-and-check
image: $(params.tools-image)
env:
- name: HTTP_PROXY
value: http://127.0.0.1:10808
- name: HTTPS_PROXY
value: http://127.0.0.1:10808
- name: NO_PROXY
value: hyueapi.com,.hyueapi.com,127.0.0.1,localhost,::1,10.42.0.0/16,10.43.0.0/16,.svc,.cluster.local
- name: http_proxy
value: http://127.0.0.1:10808
- name: https_proxy
value: http://127.0.0.1:10808
- name: no_proxy
value: hyueapi.com,.hyueapi.com,127.0.0.1,localhost,::1,10.42.0.0/16,10.43.0.0/16,.svc,.cluster.local
script: |
#!/bin/sh
set -eu
apk add --no-cache git openssh-client curl
mkdir -p /root/.ssh
cp /workspace/git-ssh/ssh-privatekey /root/.ssh/id_rsa
chmod 600 /root/.ssh/id_rsa
ssh-keyscan github.com >> /root/.ssh/known_hosts 2>/dev/null
rm -rf /workspace/source/repo
git clone --branch "$(params.source-branch)" "$(params.git-url)" /workspace/source/repo
cd /workspace/source/repo
git config --global --add safe.directory /workspace/source/repo
git checkout "$(params.revision)"
test "$(git rev-parse HEAD)" = "$(params.revision)"
bun install
bun run check
bun scripts/agentrun-gitops-render.ts --out /tmp/agentrun-gitops-render-check --source-commit "$(params.revision)" --check
bun run self-test
params:
- name: git-url
value: $(params.git-url)
- name: source-branch
value: $(params.source-branch)
- name: revision
value: $(params.revision)
- name: tools-image
value: $(params.tools-image)
- name: image-publish
runAfter: [prepare-source]
workspaces:
- name: source
workspace: source
taskSpec:
params:
- name: revision
- name: registry-prefix
results:
- name: image
- name: digest
- name: repository-digest
sidecars:
- name: buildkitd
image: moby/buildkit:rootless
args:
- --addr
- unix:///workspace/buildkit-run/buildkitd.sock
- --oci-worker-no-process-sandbox
env:
- name: HTTP_PROXY
value: http://127.0.0.1:10808
- name: HTTPS_PROXY
value: http://127.0.0.1:10808
- name: NO_PROXY
value: hyueapi.com,.hyueapi.com,127.0.0.1,localhost,::1,10.42.0.0/16,10.43.0.0/16,.svc,.cluster.local
- name: http_proxy
value: http://127.0.0.1:10808
- name: https_proxy
value: http://127.0.0.1:10808
- name: no_proxy
value: hyueapi.com,.hyueapi.com,127.0.0.1,localhost,::1,10.42.0.0/16,10.43.0.0/16,.svc,.cluster.local
securityContext:
seccompProfile:
type: Unconfined
runAsUser: 1000
runAsGroup: 1000
volumeMounts:
- name: buildkit-run
mountPath: /workspace/buildkit-run
steps:
- name: prepare-buildctl
image: moby/buildkit:rootless
script: |
#!/bin/sh
set -eu
mkdir -p /workspace/buildkit-bin
cp /usr/bin/buildctl /workspace/buildkit-bin/buildctl
chmod +x /workspace/buildkit-bin/buildctl
volumeMounts:
- name: buildkit-bin
mountPath: /workspace/buildkit-bin
- name: build-and-push
image: oven/bun:1.2.15-alpine
env:
- name: HTTP_PROXY
value: http://127.0.0.1:10808
- name: HTTPS_PROXY
value: http://127.0.0.1:10808
- name: NO_PROXY
value: hyueapi.com,.hyueapi.com,127.0.0.1,localhost,::1,10.42.0.0/16,10.43.0.0/16,.svc,.cluster.local
script: |
#!/bin/sh
set -eu
apk add --no-cache curl
cd /workspace/source/repo
image="$(params.registry-prefix)/agentrun-mgr:$(params.revision)"
buildctl=/workspace/buildkit-bin/buildctl
for attempt in $(seq 1 60); do
if "$buildctl" --addr unix:///workspace/buildkit-run/buildkitd.sock debug workers >/dev/null 2>&1; then break; fi
sleep 1
done
"$buildctl" --addr unix:///workspace/buildkit-run/buildkitd.sock build \
--frontend dockerfile.v0 \
--local context=. \
--local dockerfile=deploy/container \
--opt filename=Containerfile \
--output type=image,name="$image",push=true
digest="$(curl -fsSI "http://127.0.0.1:5000/v2/agentrun/agentrun-mgr/manifests/$(params.revision)" | awk -F': ' 'tolower($1)=="docker-content-digest" {gsub(/\r/,"",$2); print $2; exit}')"
test -n "$digest"
printf '%s' "$image" > /tekton/results/image
printf '%s' "$digest" > /tekton/results/digest
printf '%s' "$(params.registry-prefix)/agentrun-mgr@$digest" > /tekton/results/repository-digest
volumeMounts:
- name: buildkit-bin
mountPath: /workspace/buildkit-bin
- name: buildkit-run
mountPath: /workspace/buildkit-run
volumes:
- name: buildkit-bin
emptyDir: {}
- name: buildkit-run
emptyDir: {}
params:
- name: revision
value: $(params.revision)
- name: registry-prefix
value: $(params.registry-prefix)
- name: gitops-promote
runAfter: [image-publish]
workspaces:
- name: source
workspace: source
- name: git-ssh
workspace: git-ssh
taskSpec:
params:
- name: git-url
- name: gitops-branch
- name: revision
- name: registry-prefix
- name: image
- name: digest
- name: repository-digest
workspaces:
- name: source
- name: git-ssh
steps:
- name: promote
image: oven/bun:1.2.15-alpine
env:
- name: HTTP_PROXY
value: http://127.0.0.1:10808
- name: HTTPS_PROXY
value: http://127.0.0.1:10808
- name: NO_PROXY
value: hyueapi.com,.hyueapi.com,127.0.0.1,localhost,::1,10.42.0.0/16,10.43.0.0/16,.svc,.cluster.local
script: |
#!/bin/sh
set -eu
apk add --no-cache git openssh-client
mkdir -p /root/.ssh
cp /workspace/git-ssh/ssh-privatekey /root/.ssh/id_rsa
chmod 600 /root/.ssh/id_rsa
ssh-keyscan github.com >> /root/.ssh/known_hosts 2>/dev/null
cd /workspace/source/repo
cat > /workspace/source/artifact-catalog.v01.json <<EOF
{"lane":"v0.1","sourceBranch":"v0.1","gitopsBranch":"$(params.gitops-branch)","sourceCommitId":"$(params.revision)","services":[{"serviceId":"agentrun-mgr","image":"$(params.image)","digest":"$(params.digest)","repositoryDigest":"$(params.repository-digest)","imageTag":"$(params.revision)"}]}
EOF
rm -rf /workspace/source/rendered
bun scripts/agentrun-gitops-render.ts --out /workspace/source/rendered --source-commit "$(params.revision)" --registry-prefix "$(params.registry-prefix)" --catalog /workspace/source/artifact-catalog.v01.json --require-catalog
rm -rf /workspace/source/gitops
git clone --branch "$(params.gitops-branch)" "$(params.git-url)" /workspace/source/gitops || {
git clone "$(params.git-url)" /workspace/source/gitops
cd /workspace/source/gitops
git checkout --orphan "$(params.gitops-branch)"
git rm -rf . >/dev/null 2>&1 || true
}
cd /workspace/source/gitops
git config user.email agentrun-ci@g14.local
git config user.name agentrun-ci
mkdir -p deploy/gitops/g14 deploy
rm -rf deploy/gitops/g14/runtime-v01 deploy/gitops/g14/argocd
cp -a /workspace/source/rendered/runtime-v01 deploy/gitops/g14/runtime-v01
cp -a /workspace/source/rendered/argocd deploy/gitops/g14/argocd
cp /workspace/source/rendered/artifact-catalog.v01.json deploy/artifact-catalog.v01.json
git add deploy
git commit -m "gitops: promote agentrun v0.1 $(params.revision)" || true
git push origin "$(params.gitops-branch)"
params:
- name: git-url
value: $(params.git-url)
- name: gitops-branch
value: $(params.gitops-branch)
- name: revision
value: $(params.revision)
- name: registry-prefix
value: $(params.registry-prefix)
- name: image
value: $(tasks.image-publish.results.image)
- name: digest
value: $(tasks.image-publish.results.digest)
- name: repository-digest
value: $(tasks.image-publish.results.repository-digest)