Skip to content

Commit 15c4ea5

Browse files
anithapriyanatarajantekton-robot
authored andcommitted
feat: upload release manifests to oracle cloud
1 parent 5b48325 commit 15c4ea5

2 files changed

Lines changed: 275 additions & 62 deletions

File tree

Lines changed: 195 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,195 @@
1+
name: Tekton Nightly Build
2+
3+
"on":
4+
schedule:
5+
# Run at 03:00 UTC daily
6+
- cron: "0 3 * * *"
7+
workflow_dispatch:
8+
inputs:
9+
kubernetes_version:
10+
description: 'Kubernetes version to test with'
11+
required: false
12+
default: 'v1.33.x'
13+
nightly_bucket:
14+
description: 'Oracle Cloud bucket name for builds'
15+
required: false
16+
default: 'tekton-nightly'
17+
type: string
18+
19+
env:
20+
KUBERNETES_VERSION: ${{ inputs.kubernetes_version || 'v1.33.x' }}
21+
REGISTRY: ghcr.io
22+
PACKAGE: github.com/${{ github.repository }}
23+
BUCKET: ${{ inputs.nightly_bucket || 'tekton-nightly' }}
24+
REPO_NAME: ${{ github.event.repository.name }}
25+
IMAGE_REGISTRY_PATH: ${{ github.repository }}
26+
IMAGE_REGISTRY_USER: tekton-robot
27+
28+
jobs:
29+
build:
30+
name: Nightly Build (K8s ${{ inputs.kubernetes_version || 'v1.33.x' }})
31+
runs-on: ubuntu-latest
32+
if: github.repository_owner == 'tektoncd' # do not run this elsewhere
33+
34+
permissions:
35+
contents: read
36+
packages: write
37+
id-token: write
38+
39+
steps:
40+
- name: Checkout repository
41+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
42+
with:
43+
fetch-depth: 0
44+
45+
- name: Generate version info
46+
id: version
47+
run: |
48+
latest_sha=${{ github.sha }}
49+
date_tag=$(date +v%Y%m%d-${latest_sha:0:7})
50+
echo "version_tag=${date_tag}" >> "$GITHUB_OUTPUT"
51+
echo "latest_sha=${latest_sha}" >> "$GITHUB_OUTPUT"
52+
53+
- name: Set up Kind cluster
54+
uses: chainguard-dev/actions/setup-kind@1b32103f5aa389c31ab0be75a8edc38d7e4750d8 # v1.5.7
55+
with:
56+
k8s-version: ${{ env.KUBERNETES_VERSION }}
57+
58+
- name: Set up Tekton
59+
uses: tektoncd/actions/setup-tektoncd@0986bcdfbaf4f83a8a7b19bc2fa360c44ee55929 # main
60+
with:
61+
pipeline_version: latest
62+
setup_registry: "true"
63+
patch_etc_hosts: "true"
64+
65+
- name: Configure Tekton Git Resolver
66+
env:
67+
GITHUB_TOKEN: ${{ secrets.GHCR_TOKEN || github.token }}
68+
run: |
69+
# Create Git authentication secret as basic-auth type for Git resolver
70+
kubectl create secret generic git-resolver-secret \
71+
--type=kubernetes.io/basic-auth \
72+
--from-literal=username=git \
73+
--from-literal=password="${GITHUB_TOKEN}" \
74+
-n tekton-pipelines-resolvers || true
75+
76+
kubectl annotate secret git-resolver-secret \
77+
tekton.dev/git-0=github.com \
78+
-n tekton-pipelines-resolvers --overwrite || true
79+
80+
# Configure Git resolver to use the secret
81+
kubectl patch configmap git-resolver-config -n tekton-pipelines-resolvers --type=merge --patch='
82+
data:
83+
default-url: "https://github.com"
84+
fetch-timeout: "1m"
85+
scm-type: "github"
86+
server-url: "https://api.github.com"
87+
api-secret-name: "git-resolver-secret"
88+
api-secret-key: "password"
89+
api-secret-namespace: "tekton-pipelines-resolvers"
90+
' || true
91+
92+
kubectl patch configmap feature-flags -n tekton-pipelines --patch='
93+
data:
94+
enable-cel-in-whenexpression: "true"
95+
' || true
96+
97+
- name: Install tkn CLI
98+
uses: tektoncd/actions/setup-tektoncd-cli@0986bcdfbaf4f83a8a7b19bc2fa360c44ee55929 # main
99+
with:
100+
version: latest
101+
102+
- name: Apply Build Pipeline Definition
103+
run: |
104+
kustomize build tekton | kubectl apply -f -
105+
106+
- name: Create secrets, service account and PVC template
107+
env:
108+
OCI_API_KEY: ${{ secrets.OCI_API_KEY }}
109+
OCI_FINGERPRINT: ${{ secrets.OCI_FINGERPRINT }}
110+
OCI_TENANCY_OCID: ${{ secrets.OCI_TENANCY_OCID }}
111+
OCI_USER_OCID: ${{ secrets.OCI_USER_OCID }}
112+
OCI_REGION: ${{ secrets.OCI_REGION }}
113+
GHCR_TOKEN: ${{ secrets.GHCR_TOKEN || github.token }}
114+
IMAGE_REGISTRY_USER: ${{ env.IMAGE_REGISTRY_USER }}
115+
run: |
116+
# Create Oracle Cloud credentials secret for release bucket access
117+
echo "${OCI_API_KEY}" > /tmp/oci_api_key.pem
118+
echo "${OCI_FINGERPRINT}" > /tmp/fingerprint
119+
echo "${OCI_TENANCY_OCID}" > /tmp/tenancy_ocid
120+
echo "${OCI_USER_OCID}" > /tmp/user_ocid
121+
echo "${OCI_REGION}" > /tmp/region
122+
123+
kubectl create secret generic release-secret \
124+
--from-file=oci_api_key.pem=/tmp/oci_api_key.pem \
125+
--from-file=fingerprint=/tmp/fingerprint \
126+
--from-file=tenancy_ocid=/tmp/tenancy_ocid \
127+
--from-file=user_ocid=/tmp/user_ocid \
128+
--from-file=region=/tmp/region
129+
130+
rm -f /tmp/oci_api_key.pem /tmp/fingerprint /tmp/tenancy_ocid /tmp/user_ocid /tmp/region
131+
132+
# Create a Kubernetes secret for GHCR authentication.
133+
# This version creates the secret with a custom key name `docker-config.json`
134+
# (instead of the default `.dockerconfigjson`) to match what the publish task expects.
135+
echo "${GHCR_TOKEN}" > /tmp/docker-config.json
136+
kubectl create secret generic release-images-secret \
137+
--from-file=docker-config.json=/tmp/docker-config.json
138+
rm -f /tmp/docker-config.json
139+
140+
# Apply service account configuration with proper RBAC
141+
kubectl apply -f tekton/account.yaml
142+
143+
cat > workspace-template.yaml << EOF
144+
spec:
145+
accessModes:
146+
- ReadWriteOnce
147+
resources:
148+
requests:
149+
storage: 1Gi
150+
EOF
151+
152+
- name: Start Tekton Build Pipeline
153+
run: |
154+
set -euo pipefail # Exit on any error, undefined variables, or pipe failures
155+
156+
echo "Starting Tekton pipeline..."
157+
158+
PIPELINE_RUN=$(tkn pipeline start pipeline-release \
159+
--serviceaccount=release-right-meow \
160+
--param package="${{ env.PACKAGE }}" \
161+
--param repoName="${{ env.REPO_NAME }}" \
162+
--param gitRevision="${{ steps.version.outputs.latest_sha }}" \
163+
--param versionTag="${{ steps.version.outputs.version_tag }}" \
164+
--param releaseBucket="${{ env.BUCKET }}" \
165+
--param imageRegistry=${{ env.REGISTRY }} \
166+
--param imageRegistryPath="${{ env.IMAGE_REGISTRY_PATH }}" \
167+
--param imageRegistryUser="${{ env.IMAGE_REGISTRY_USER }}" \
168+
--param imageRegistryRegions="" \
169+
--param buildPlatforms="linux/amd64,linux/arm64,linux/s390x,linux/ppc64le" \
170+
--param publishPlatforms="linux/amd64,linux/arm64,linux/s390x,linux/ppc64le,windows/amd64" \
171+
--param koExtraArgs="" \
172+
--param serviceAccountImagesPath=docker-config.json \
173+
--param releaseAsLatest="true" \
174+
--param runTests="false" \
175+
--workspace name=workarea,volumeClaimTemplateFile=workspace-template.yaml \
176+
--workspace name=release-secret,secret=release-secret \
177+
--workspace name=release-images-secret,secret=release-images-secret \
178+
--tasks-timeout 2h \
179+
--pipeline-timeout 3h \
180+
--output name) || {
181+
echo "Failed to start Tekton pipeline!"
182+
exit 1
183+
}
184+
185+
echo "Pipeline started: ${PIPELINE_RUN}"
186+
tkn pipelinerun logs "${PIPELINE_RUN}" -f
187+
188+
# Check if pipeline succeeded
189+
tkn pipelinerun describe "${PIPELINE_RUN}" --output jsonpath='{.status.conditions[?(@.type=="Succeeded")].status}' | grep -q "True" || {
190+
echo "Pipeline failed!"
191+
tkn pipelinerun describe "${PIPELINE_RUN}"
192+
exit 1
193+
}
194+
195+
echo "✅ Pipeline Run completed successfully!"

0 commit comments

Comments
 (0)