Skip to content

Instantly share code, notes, and snippets.

@vikram-raj

vikram-raj/func-buildpacks.yaml

Created February 9, 2023 09:25
Show Gist options
  • Save vikram-raj/386b4eca5193036b0ca29471f6e513a5 to your computer and use it in GitHub Desktop.
Save vikram-raj/386b4eca5193036b0ca29471f6e513a5 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
func-buildpacks.yaml
apiVersion: tekton.dev/v1beta1
kind: ClusterTask
metadata:
name: func-buildpacks
labels:
app.kubernetes.io/version: "0.1"
annotations:
tekton.dev/categories: Image Build
tekton.dev/pipelines.minVersion: "0.17.0"
tekton.dev/tags: image-build
tekton.dev/displayName: "Knative Functions Buildpacks"
tekton.dev/platforms: "linux/amd64"
spec:
description: >-
The Knative Functions Buildpacks task builds source into a container image and pushes it to a registry,
using Cloud Native Buildpacks. This task is based on the Buildpacks Tekton task v 0.4.
workspaces:
- name: source
description: Directory where application source is located.
- name: cache
description: Directory where cache is stored (when no cache image is provided).
optional: true
- name: dockerconfig
description: >-
An optional workspace that allows providing a .docker/config.json file
for Buildpacks lifecycle binary to access the container registry.
The file should be placed at the root of the Workspace with name config.json.
optional: true
params:
- name: APP_IMAGE
description: The name of where to store the app image.
- name: BUILDER_IMAGE
description: The image on which builds will run (must include lifecycle and compatible buildpacks).
- name: SOURCE_SUBPATH
description: A subpath within the `source` input where the source to build is located.
default: ""
- name: ENV_VARS
type: array
description: Environment variables to set during _build-time_.
default: []
- name: PROCESS_TYPE
description: The default process type to set on the image.
default: "web"
- name: RUN_IMAGE
description: Reference to a run image to use.
default: ""
- name: CACHE_IMAGE
description: The name of the persistent app cache image (if no cache workspace is provided).
default: ""
- name: SKIP_RESTORE
description: Do not write layer metadata or restore cached layers.
default: "false"
- name: USER_ID
description: The user ID of the builder image user.
default: "1000"
- name: GROUP_ID
description: The group ID of the builder image user.
default: "0"
##############################################################
##### "default" has been changed to "0" for Knative Functions
- name: PLATFORM_DIR
description: The name of the platform directory.
default: empty-dir
results:
- name: APP_IMAGE_DIGEST
description: The digest of the built `APP_IMAGE`.
stepTemplate:
env:
- name: CNB_PLATFORM_API
value: "0.4"
steps:
- name: prepare
image: docker.io/library/bash:5.1.4@sha256:b208215a4655538be652b2769d82e576bc4d0a2bb132144c060efc5be8c3f5d6
args:
- "--env-vars"
- "$(params.ENV_VARS[*])"
script: |
#!/usr/bin/env bash
set -e
if [[ "$(workspaces.cache.bound)" == "true" ]]; then
echo "> Setting permissions on '$(workspaces.cache.path)'..."
chown -R "$(params.USER_ID):$(params.GROUP_ID)" "$(workspaces.cache.path)"
fi
#######################################################
##### "/emptyDir" has been added for Knative Functions
for path in "/tekton/home" "/layers" "/emptyDir" "$(workspaces.source.path)"; do
echo "> Setting permissions on '$path'..."
chown -R "$(params.USER_ID):$(params.GROUP_ID)" "$path"
if [[ "$path" == "$(workspaces.source.path)" ]]; then
chmod 775 "$(workspaces.source.path)"
fi
done
echo "> Parsing additional configuration..."
parsing_flag=""
envs=()
for arg in "$@"; do
if [[ "$arg" == "--env-vars" ]]; then
echo "-> Parsing env variables..."
parsing_flag="env-vars"
elif [[ "$parsing_flag" == "env-vars" ]]; then
envs+=("$arg")
fi
done
echo "> Processing any environment variables..."
ENV_DIR="/platform/env"
echo "--> Creating 'env' directory: $ENV_DIR"
mkdir -p "$ENV_DIR"
for env in "${envs[@]}"; do
IFS='=' read -r key value <<< "$env"
if [[ "$key" != "" && "$value" != "" ]]; then
path="${ENV_DIR}/${key}"
echo "--> Writing ${path}..."
echo -n "$value" > "$path"
fi
done
############################################
##### Added part for Knative Functions #####
############################################
func_file="$(workspaces.source.path)/func.yaml"
if [ "$(params.SOURCE_SUBPATH)" != "" ]; then
func_file="$(workspaces.source.path)/$(params.SOURCE_SUBPATH)/func.yaml"
fi
echo "--> Saving 'func.yaml'"
cp $func_file /emptyDir/func.yaml
############################################
volumeMounts:
- name: layers-dir
mountPath: /layers
- name: $(params.PLATFORM_DIR)
mountPath: /platform
########################################################
##### "/emptyDir" has been added for Knative Functions
- name: empty-dir
mountPath: /emptyDir
- name: create
image: $(params.BUILDER_IMAGE)
imagePullPolicy: Always
command: ["/cnb/lifecycle/creator"]
env:
- name: DOCKER_CONFIG
value: $(workspaces.dockerconfig.path)
args:
- "-app=$(workspaces.source.path)/$(params.SOURCE_SUBPATH)"
- "-cache-dir=$(workspaces.cache.path)"
- "-cache-image=$(params.CACHE_IMAGE)"
- "-uid=$(params.USER_ID)"
- "-gid=$(params.GROUP_ID)"
- "-layers=/layers"
- "-platform=/platform"
- "-report=/layers/report.toml"
- "-process-type=$(params.PROCESS_TYPE)"
- "-skip-restore=$(params.SKIP_RESTORE)"
- "-previous-image=$(params.APP_IMAGE)"
- "-run-image=$(params.RUN_IMAGE)"
- "$(params.APP_IMAGE)"
volumeMounts:
- name: layers-dir
mountPath: /layers
- name: $(params.PLATFORM_DIR)
mountPath: /platform
securityContext:
runAsUser: 1000
#################################################################
##### "runAsGroup" has been changed to "0" for Knative Functions
runAsGroup: 0
- name: results
image: docker.io/library/bash:5.1.4@sha256:b208215a4655538be652b2769d82e576bc4d0a2bb132144c060efc5be8c3f5d6
script: |
#!/usr/bin/env bash
set -e
cat /layers/report.toml | grep "digest" | cut -d'"' -f2 | cut -d'"' -f2 | tr -d '\n' | tee $(results.APP_IMAGE_DIGEST.path)
############################################
##### Added part for Knative Functions #####
############################################
digest=$(cat $(results.APP_IMAGE_DIGEST.path))
func_file="$(workspaces.source.path)/func.yaml"
if [ "$(params.SOURCE_SUBPATH)" != "" ]; then
func_file="$(workspaces.source.path)/$(params.SOURCE_SUBPATH)/func.yaml"
fi
if [[ ! -f "$func_file" ]]; then
echo "--> Restoring 'func.yaml'"
mkdir -p "$(workspaces.source.path)/$(params.SOURCE_SUBPATH)"
cp /emptyDir/func.yaml $func_file
fi
echo ""
sed -i "s|^image:.*$|image: $(params.APP_IMAGE)|" "$func_file"
echo "Function image name: $(params.APP_IMAGE)"
sed -i "s/^imageDigest:.*$/imageDigest: $digest/" "$func_file"
echo "Function image digest: $digest"
############################################
volumeMounts:
- name: layers-dir
mountPath: /layers
########################################################
##### "/emptyDir" has been added for Knative Functions
- name: empty-dir
mountPath: /emptyDir
volumes:
- name: empty-dir
emptyDir: {}
- name: layers-dir
emptyDir: {}
Raw
func-deploy.yaml
apiVersion: tekton.dev/v1beta1
kind: ClusterTask
metadata:
name: func-deploy
labels:
app.kubernetes.io/version: "0.1"
annotations:
tekton.dev/pipelines.minVersion: "0.12.1"
tekton.dev/categories: CLI
tekton.dev/tags: cli
tekton.dev/platforms: "linux/amd64"
spec:
description: >-
This Task performs a deploy operation using the Knative `func` CLI
params:
- name: path
description: Path to the function project
default: ""
- name: image
description: Container image to be deployed
default: ""
workspaces:
- name: source
description: The workspace containing the function project
steps:
- name: func-deploy
image: "ghcr.io/knative/func/func:latest"
script: |
export FUNC_IMAGE="$(params.image)"
func deploy --verbose --build=false --push=false --path=$(params.path) --remote=false
Raw
func-s2i.yaml
apiVersion: tekton.dev/v1beta1
kind: ClusterTask
metadata:
name: func-s2i
labels:
app.kubernetes.io/version: "0.1"
annotations:
tekton.dev/pipelines.minVersion: "0.17.0"
tekton.dev/categories: Image Build
tekton.dev/tags: image-build
tekton.dev/platforms: "linux/amd64"
spec:
description: >-
Knative Functions Source-to-Image (S2I) is a toolkit and workflow for building reproducible
container images from source code
S2I produces images by injecting source code into a base S2I container image
and letting the container prepare that source code for execution. The base
S2I container images contains the language runtime and build tools needed for
building and running the source code.
params:
- name: BUILDER_IMAGE
description: The location of the s2i builder image.
- name: IMAGE
description: Reference of the image S2I will produce.
- name: PATH_CONTEXT
description: The location of the path to run s2i from.
default: .
- name: TLSVERIFY
description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry)
default: "true"
- name: LOGLEVEL
description: Log level when running the S2I binary
default: "0"
- name: ENV_VARS
type: array
description: Environment variables to set during _build-time_.
default: []
- name: S2I_IMAGE_SCRIPTS_URL
description: The URL containing the default assemble and run scripts for the builder image.
default: "image:///usr/libexec/s2i"
workspaces:
- name: source
- name: cache
description: Directory where cache is stored (e.g. local mvn repo).
optional: true
- name: sslcertdir
optional: true
- name: dockerconfig
description: >-
An optional workspace that allows providing a .docker/config.json file
for Buildah to access the container registry.
The file should be placed at the root of the Workspace with name config.json.
optional: true
results:
- name: IMAGE_DIGEST
description: Digest of the image just built.
steps:
- name: generate
image: quay.io/openshift-pipeline/s2i:nightly
workingDir: $(workspaces.source.path)
args: ["$(params.ENV_VARS[*])"]
script: |
echo "Processing Build Environment Variables"
echo "" > /env-vars/env-file
for var in "$@"
do
if [[ "$var" != "=" ]]; then
echo "$var" >> /env-vars/env-file
fi
done
echo "Generated Build Env Var file"
echo "------------------------------"
cat /env-vars/env-file
echo "------------------------------"
/usr/local/bin/s2i --loglevel=$(params.LOGLEVEL) build $(params.PATH_CONTEXT) $(params.BUILDER_IMAGE) \
--image-scripts-url $(params.S2I_IMAGE_SCRIPTS_URL) \
--as-dockerfile /gen-source/Dockerfile.gen --environment-file /env-vars/env-file
volumeMounts:
- mountPath: /gen-source
name: gen-source
- mountPath: /env-vars
name: env-vars
- name: build
image: quay.io/buildah/stable:v1.27.0
workingDir: /gen-source
script: |
[[ "$(workspaces.sslcertdir.bound)" == "true" ]] && CERT_DIR_FLAG="--cert-dir $(workspaces.sslcertdir.path)"
ARTIFACTS_CACHE_PATH="$(workspaces.cache.path)/mvn-artifacts"
[ -d "${ARTIFACTS_CACHE_PATH}" ] || mkdir "${ARTIFACTS_CACHE_PATH}"
buildah ${CERT_DIR_FLAG} bud --storage-driver=vfs --tls-verify=$(params.TLSVERIFY) --layers \
-v "${ARTIFACTS_CACHE_PATH}:/tmp/artifacts/:rw,z,U" \
-f /gen-source/Dockerfile.gen -t $(params.IMAGE) .
[[ "$(workspaces.dockerconfig.bound)" == "true" ]] && export DOCKER_CONFIG="$(workspaces.dockerconfig.path)"
buildah ${CERT_DIR_FLAG} push --storage-driver=vfs --tls-verify=$(params.TLSVERIFY) --digestfile $(workspaces.source.path)/image-digest \
$(params.IMAGE) docker://$(params.IMAGE)
cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST
volumeMounts:
- name: varlibcontainers
mountPath: /var/lib/containers
- mountPath: /gen-source
name: gen-source
securityContext:
capabilities:
add: ["SETFCAP"]
volumes:
- emptyDir: {}
name: varlibcontainers
- emptyDir: {}
name: gen-source
- emptyDir: {}
name: env-vars
Raw
viewer-s2i-node-git-pipeline.yaml
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: viewer-s2i-git-pipeline
namespace: openshift
labels:
boson.dev/function: "true"
boson.dev/runtime: node
function.knative.dev: "true"
function.knative.dev/name: viewer
function.knative.dev/runtime: nodejs
spec:
params:
- description: Git repository that hosts the function project
name: GIT_REPO
type: string
- description: Git revision to build
name: GIT_REVISION
type: string
- description: Path where the function project is
name: PATH_CONTEXT
type: string
default: .
- description: Function image name
name: IMAGE_NAME
type: string
- description: Builder image to be used
name: BUILDER_IMAGE
type: string
default: image-registry.openshift-image-registry.svc:5000/openshift/nodejs:16-ubi8
- description: Environment variables to set during build time
name: BUILD_ENVS
type: array
default: []
- default: 'image:///usr/libexec/s2i'
description: >-
URL containing the default assemble and run scripts for the builder
image.
name: s2iImageScriptsUrl
type: string
resources: []
workspaces:
- description: Directory where function source is located.
name: source-workspace
tasks:
- name: fetch-sources
params:
- name: url
value: $(params.GIT_REPO)
- name: revision
value: $(params.GIT_REVISION)
taskRef:
kind: ClusterTask
name: git-clone
workspaces:
- name: output
workspace: source-workspace
- name: build
params:
- name: IMAGE
value: $(params.IMAGE_NAME)
- name: PATH_CONTEXT
value: $(params.PATH_CONTEXT)
- name: BUILDER_IMAGE
value: $(params.BUILDER_IMAGE)
- name: ENV_VARS
value:
- '$(params.BUILD_ENVS[*])'
- name: S2I_IMAGE_SCRIPTS_URL
value: $(params.s2iImageScriptsUrl)
runAfter:
- fetch-sources
taskRef:
kind: ClusterTask
name: func-s2i
workspaces:
- name: source
workspace: source-workspace
- name: deploy
params:
- name: path
value: $(workspaces.source.path)/$(params.PATH_CONTEXT)
- name: image
value: $(params.IMAGE_NAME)@$(tasks.build.results.IMAGE_DIGEST)
runAfter:
- build
taskRef:
kind: ClusterTask
name: func-deploy
workspaces:
- name: source
workspace: source-workspace
finally: []
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment