From 5c9e31b1e6711f820b12cf86b1aa8f96f4934538 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christoph=20G=C3=B6rn?= Date: Fri, 26 May 2023 10:37:44 +0200 Subject: [PATCH 1/8] =?UTF-8?q?=E2=9C=A8=20update=20kustomize=20to=20versi?= =?UTF-8?q?on=20v5.0.3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christoph Görn --- Dockerfile => Containerfile | 9 ++++++--- README.md | 8 +++++--- hooks.yaml | 16 ++++++++-------- 3 files changed, 19 insertions(+), 14 deletions(-) rename Dockerfile => Containerfile (55%) diff --git a/Dockerfile b/Containerfile similarity index 55% rename from Dockerfile rename to Containerfile index 6df052b..9d0ed24 100644 --- a/Dockerfile +++ b/Containerfile @@ -1,12 +1,15 @@ FROM alpine:latest + RUN adduser kustomize -D \ && apk add curl git openssh \ && git config --global url.ssh://git@github.com/.insteadOf https://github.com/ -RUN curl -L --output /tmp/kustomize_v3.3.0_linux_amd64.tar.gz https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv3.3.0/kustomize_v3.3.0_linux_amd64.tar.gz \ - && echo "4b49e1bbdb09851f11bb81081bfffddc7d4ad5f99b4be7ef378f6e3cf98d42b6 /tmp/kustomize_v3.3.0_linux_amd64.tar.gz" | sha256sum -c \ - && tar -xvzf /tmp/kustomize_v3.3.0_linux_amd64.tar.gz -C /usr/local/bin \ +RUN curl -L --output /tmp/kustomize_v5.0.3_linux_amd64.tar.gz https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv5.0.3/kustomize_v5.0.3_linux_amd64.tar.gz \ + && echo "c627b1575c3fecbc7ad1c181c23a7adcacf19732dab627eb57e89a7bc4c1e929 /tmp/kustomize_v5.0.3_linux_amd64.tar.gz" | sha256sum -c \ + && tar -xvzf /tmp/kustomize_v5.0.3_linux_amd64.tar.gz -C /usr/local/bin \ && chmod +x /usr/local/bin/kustomize \ && mkdir ~/.ssh \ && ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts + USER kustomize + WORKDIR /src diff --git a/README.md b/README.md index 68aad5f..5d7290f 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,9 @@ # pre-commit-docker-kustomize -pre-commit hook which runs kustomize docker image. Docker image is based on https://github.com/lyft/kustomizer, but added github.com into known hosts and not running this image as root. This modification allows for remote refs in your kustomize. Other git providers will probably won't work and require further changes. Please raise an issue. + +pre-commit hook which runs kustomize docker image. Container image is based on , but added github.com into known hosts and not running this image as root. This modification allows for remote refs in your kustomize. Other git providers will probably won't work and require further changes. Please raise an issue. ## Example of .pre-commit-config.yaml that verifies that 3 overlays are not broken + ```yaml # See https://pre-commit.com for more information # See https://pre-commit.com/hooks.html for more hooks @@ -12,13 +14,13 @@ repos: - id: check-yaml args: [--allow-multiple-documents] - id: check-added-large-files -- repo: https://github.com/dmitri-lerko/pre-commit-docker-kustomize +- repo: https://github.com/b4mad/pre-commit-kustomize rev: f3a8533 hooks: - id: kustomize name: kustomize-development args: [overlays/development] - verbose: false + verbose: true - id: kustomize name: kustomize-staging args: [overlays/staging] diff --git a/hooks.yaml b/hooks.yaml index a4b96cd..a89bc34 100644 --- a/hooks.yaml +++ b/hooks.yaml @@ -1,8 +1,8 @@ -- id: kustomize - name: kustomize (via docker) - description: kustomize provided by docker - entry: kustomize build - language: docker - args: [overlay/production] - always_run: true - pass_filenames: false +- id: kustomize + name: kustomize (containerized) + description: kustomize provided in a container + entry: kustomize build + language: docker + args: [overlay/production] + always_run: true + pass_filenames: false From 125deb6c34de7748e7848e62308a8bcafd5f9a90 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christoph=20G=C3=B6rn?= Date: Fri, 26 May 2023 11:26:33 +0200 Subject: [PATCH 2/8] =?UTF-8?q?=E2=9C=A8=20add=20a=20release=20pipeline,?= =?UTF-8?q?=20triggered=20on=20push=20to=20a=20tag?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christoph Görn --- .tekton/release.yaml | 55 +++++++++++++++++++++++++++++++++++++++ Containerfile | 2 ++ OWNERS | 8 ++++++ manifests/repository.yaml | 8 ++++++ 4 files changed, 73 insertions(+) create mode 100644 .tekton/release.yaml create mode 100644 OWNERS create mode 100644 manifests/repository.yaml diff --git a/.tekton/release.yaml b/.tekton/release.yaml new file mode 100644 index 0000000..389efc4 --- /dev/null +++ b/.tekton/release.yaml @@ -0,0 +1,55 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: PipelineRun +metadata: + name: release + annotations: + pipelinesascode.tekton.dev/on-event: "[push]" + pipelinesascode.tekton.dev/on-target-branch: "[main, refs/tags/*]" + pipelinesascode.tekton.dev/task: "[git-clone, buildah-as-user]" + pipelinesascode.tekton.dev/max-keep-runs: "5" +spec: + params: + - name: repo_url + value: "{{repo_url}}" + - name: revision + value: "{{revision}}" + pipelineSpec: + params: + - name: repo_url + - name: revision + workspaces: + - name: source + tasks: + - name: fetch-repository + taskRef: + name: git-clone + workspaces: + - name: output + workspace: source + params: + - name: url + value: $(params.repo_url) + - name: revision + value: $(params.revision) + - name: build-release-container-image + taskRef: + name: buildah-as-user + runAfter: + - fetch-repository + workspaces: + - name: source + workspace: source + params: + - name: IMAGE + value: ghcr.io/b4mad/pre-commit-kustomize + + workspaces: + - name: source + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi diff --git a/Containerfile b/Containerfile index 9d0ed24..0179a21 100644 --- a/Containerfile +++ b/Containerfile @@ -1,5 +1,7 @@ FROM alpine:latest +LABEL org.opencontainers.image.source = "https://github.com/b4mad/pre-commit-kustomize" + RUN adduser kustomize -D \ && apk add curl git openssh \ && git config --global url.ssh://git@github.com/.insteadOf https://github.com/ diff --git a/OWNERS b/OWNERS new file mode 100644 index 0000000..96dca6f --- /dev/null +++ b/OWNERS @@ -0,0 +1,8 @@ +# See the OWNERS docs at https://go.k8s.io/owners + +approvers: + - goern + +reviewers: + - durandom + - goern diff --git a/manifests/repository.yaml b/manifests/repository.yaml new file mode 100644 index 0000000..12ce661 --- /dev/null +++ b/manifests/repository.yaml @@ -0,0 +1,8 @@ +apiVersion: pipelinesascode.tekton.dev/v1alpha1 +kind: Repository +metadata: + creationTimestamp: null + name: github-com-b4mad-pre-commit-kustomize + namespace: op1st-pipelines +spec: + url: https://github.com/b4mad/pre-commit-kustomize From 1358558408348a8a4f4eb443245a4820891f0a05 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christoph=20G=C3=B6rn?= Date: Fri, 26 May 2023 13:54:53 +0200 Subject: [PATCH 3/8] build-as-user is a local task, not from tekton hub MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christoph Görn --- .tekton/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.tekton/release.yaml b/.tekton/release.yaml index 389efc4..3c3c475 100644 --- a/.tekton/release.yaml +++ b/.tekton/release.yaml @@ -6,7 +6,7 @@ metadata: annotations: pipelinesascode.tekton.dev/on-event: "[push]" pipelinesascode.tekton.dev/on-target-branch: "[main, refs/tags/*]" - pipelinesascode.tekton.dev/task: "[git-clone, buildah-as-user]" + pipelinesascode.tekton.dev/task: "[git-clone]" pipelinesascode.tekton.dev/max-keep-runs: "5" spec: params: From fb01e41b2186552440c341c36d6244dae26dafe2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christoph=20G=C3=B6rn?= Date: Fri, 26 May 2023 14:04:37 +0200 Subject: [PATCH 4/8] build-as-user is a local task, not from tekton hub MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christoph Görn --- .tekton/release.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.tekton/release.yaml b/.tekton/release.yaml index 3c3c475..b6f2f05 100644 --- a/.tekton/release.yaml +++ b/.tekton/release.yaml @@ -4,10 +4,13 @@ kind: PipelineRun metadata: name: release annotations: + application-name: "op1st tekton release pipeline" pipelinesascode.tekton.dev/on-event: "[push]" pipelinesascode.tekton.dev/on-target-branch: "[main, refs/tags/*]" pipelinesascode.tekton.dev/task: "[git-clone]" pipelinesascode.tekton.dev/max-keep-runs: "5" + operator.tekton.dev/prune.resources: "taskrun, pipelinerun" + operator.tekton.dev/prune.keep-since: 120 spec: params: - name: repo_url From 57ed564c4330eaacc108d26fae26c48c91527853 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christoph=20G=C3=B6rn?= Date: Fri, 26 May 2023 14:09:56 +0200 Subject: [PATCH 5/8] =?UTF-8?q?trigger=20pipeline-as-code=20=F0=9F=AA=A9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From 9c1539e2d21b08aeaf76b6f20bcb0d928b249856 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christoph=20G=C3=B6rn?= Date: Fri, 26 May 2023 14:11:35 +0200 Subject: [PATCH 6/8] add pre-commit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christoph Görn --- .pre-commit-config.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 .pre-commit-config.yaml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..7695d73 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,20 @@ +--- +repos: + - repo: https://github.com/Lucas-C/pre-commit-hooks + rev: v1.5.1 + hooks: + - id: remove-tabs + + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.4.0 + hooks: + - id: trailing-whitespace + - id: check-merge-conflict + - id: end-of-file-fixer + - id: check-added-large-files + args: [--maxkb=750] + - id: check-case-conflict + - id: check-yaml + args: [--allow-multiple-documents] + - id: end-of-file-fixer + - id: trailing-whitespace From a9d79e2434b9267911af198e6829ab7cae6e8dba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christoph=20G=C3=B6rn?= Date: Fri, 26 May 2023 14:12:30 +0200 Subject: [PATCH 7/8] Revert "build-as-user is a local task, not from tekton hub" This reverts commit fb01e41b2186552440c341c36d6244dae26dafe2. --- .tekton/release.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.tekton/release.yaml b/.tekton/release.yaml index b6f2f05..3c3c475 100644 --- a/.tekton/release.yaml +++ b/.tekton/release.yaml @@ -4,13 +4,10 @@ kind: PipelineRun metadata: name: release annotations: - application-name: "op1st tekton release pipeline" pipelinesascode.tekton.dev/on-event: "[push]" pipelinesascode.tekton.dev/on-target-branch: "[main, refs/tags/*]" pipelinesascode.tekton.dev/task: "[git-clone]" pipelinesascode.tekton.dev/max-keep-runs: "5" - operator.tekton.dev/prune.resources: "taskrun, pipelinerun" - operator.tekton.dev/prune.keep-since: 120 spec: params: - name: repo_url From 4c4e224d88987032e0ef74965c9fc503e572cd75 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christoph=20G=C3=B6rn?= Date: Fri, 26 May 2023 14:30:55 +0200 Subject: [PATCH 8/8] add namespace to taskRef MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christoph Görn --- .tekton/release.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.tekton/release.yaml b/.tekton/release.yaml index 3c3c475..1872558 100644 --- a/.tekton/release.yaml +++ b/.tekton/release.yaml @@ -35,6 +35,7 @@ spec: - name: build-release-container-image taskRef: name: buildah-as-user + namespace: op1st-pipelines runAfter: - fetch-repository workspaces: