bakery-ia/infrastructure/cicd/tekton-helm/templates/task-kaniko-build.yaml

# Tekton Kaniko Build Task for Bakery-IA CI/CD
# This task builds and pushes container images using Kaniko
# Supports environment-configurable base images via build-args

apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: kaniko-build
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ .Values.labels.app.name }}
    app.kubernetes.io/component: build
spec:
  workspaces:
    - name: source
      description: Workspace containing the source code
    - name: docker-credentials
      description: Docker registry credentials
  params:
    - name: services
      type: string
      description: Comma-separated list of services to build
    - name: registry
      type: string
      description: Container registry URL for pushing built images
    - name: git-revision
      type: string
      description: Git revision to tag images with
    - name: base-registry
      type: string
      description: Base image registry URL (e.g., docker.io, ghcr.io/org)
      default: "registry.bakewise.ai/bakery-admin"
    - name: python-image
      type: string
      description: Python base image name and tag
      default: "python_3.11-slim"
  results:
    - name: build-status
      description: Status of the build operation
  steps:
    - name: build-and-push
      image: gcr.io/kaniko-project/executor:v1.15.0-debug
      # Note: Kaniko requires root to unpack image layers and perform chown operations
      # This is a known requirement for container image building
      securityContext:
        runAsNonRoot: false
        runAsUser: 0
        allowPrivilegeEscalation: false
        seccompProfile:
          type: RuntimeDefault
      env:
        - name: DOCKER_CONFIG
          value: /tekton/home/.docker
      script: |
        #!/busybox/sh
        set -e

        # Set up Docker credentials from workspace
        DOCKER_CREDS_PATH="$(workspaces.docker-credentials.path)"
        echo "Setting up Docker credentials from: $DOCKER_CREDS_PATH"
        mkdir -p /tekton/home/.docker
        if [ -f "$DOCKER_CREDS_PATH/config.json" ]; then
          cp "$DOCKER_CREDS_PATH/config.json" /tekton/home/.docker/config.json
          echo "Docker config.json copied successfully"
        elif [ -f "$DOCKER_CREDS_PATH/.dockerconfigjson" ]; then
          cp "$DOCKER_CREDS_PATH/.dockerconfigjson" /tekton/home/.docker/config.json
          echo "Docker .dockerconfigjson copied successfully"
        else
          echo "Warning: No docker credentials found in workspace"
          ls -la "$DOCKER_CREDS_PATH/" || echo "Cannot list docker-credentials workspace"
        fi

        echo "==================================================================="
        echo "Kaniko Build Configuration"
        echo "==================================================================="
        echo "Target Registry: $(params.registry)"
        echo "Base Registry:   $(params.base-registry)"
        echo "Python Image:    $(params.python-image)"
        echo "Git Revision:    $(params.git-revision)"
        echo "Services param:  $(params.services)"
        echo "==================================================================="

        # Trim whitespace and newlines from services param
        SERVICES_PARAM=$(echo "$(params.services)" | tr -d '\n' | tr -d ' ')
        WORKSPACE="$(workspaces.source.path)"

        echo "Trimmed services param: '$SERVICES_PARAM'"

        # Handle "all" case by discovering services from workspace
        if [ "$SERVICES_PARAM" = "all" ]; then
          echo "Building all services - discovering from workspace..."
          echo "Workspace contents:"
          ls -la "$WORKSPACE/"
          echo "Services directory contents:"
          ls -la "$WORKSPACE/services/" || echo "No services directory"

          SERVICES=""
          # Find all services with Dockerfiles using ls
          if [ -d "$WORKSPACE/services" ]; then
            for svc_name in $(ls "$WORKSPACE/services/"); do
              if [ -f "$WORKSPACE/services/$svc_name/Dockerfile" ]; then
                if [ -z "$SERVICES" ]; then
                  SERVICES="$svc_name"
                else
                  SERVICES="$SERVICES,$svc_name"
                fi
              fi
            done
          fi
          # Add gateway if it has Dockerfile
          if [ -f "$WORKSPACE/gateway/Dockerfile" ]; then
            if [ -z "$SERVICES" ]; then
              SERVICES="gateway"
            else
              SERVICES="$SERVICES,gateway"
            fi
          fi
          # Add frontend if it has Dockerfile.kubernetes
          if [ -f "$WORKSPACE/frontend/Dockerfile.kubernetes" ]; then
            if [ -z "$SERVICES" ]; then
              SERVICES="frontend"
            else
              SERVICES="$SERVICES,frontend"
            fi
          fi
          echo "Discovered services: $SERVICES"
        else
          SERVICES="$SERVICES_PARAM"
        fi

        # Build each service
        echo "$SERVICES" | tr ',' '\n' | while read service; do
          service=$(echo "$service" | tr -d ' ')  # Trim whitespace
          if [ -n "$service" ] && [ "$service" != "none" ] && [ "$service" != "infrastructure" ] && [ "$service" != "shared" ]; then
            echo ""
            echo "Building service: $service"
            echo "-------------------------------------------------------------------"

            # Determine Dockerfile path (services vs gateway vs frontend)
            if [ "$service" = "gateway" ]; then
              DOCKERFILE_PATH="$WORKSPACE/gateway/Dockerfile"
            elif [ "$service" = "frontend" ]; then
              DOCKERFILE_PATH="$WORKSPACE/frontend/Dockerfile.kubernetes"
            else
              DOCKERFILE_PATH="$WORKSPACE/services/$service/Dockerfile"
            fi

            # Check if Dockerfile exists
            if [ ! -f "$DOCKERFILE_PATH" ]; then
              echo "Warning: Dockerfile not found at $DOCKERFILE_PATH, skipping..."
              continue
            fi

            /kaniko/executor \
              --dockerfile="$DOCKERFILE_PATH" \
              --destination="$(params.registry)/$service:$(params.git-revision)" \
              --context="$WORKSPACE" \
              --build-arg="BASE_REGISTRY=$(params.base-registry)" \
              --build-arg="PYTHON_IMAGE=$(params.python-image)" \
              --cache=true \
              --cache-repo="$(params.registry)/cache"

            echo "Successfully built: $(params.registry)/$service:$(params.git-revision)"
          fi
        done

        echo ""
        echo "==================================================================="
        echo "Build completed successfully!"
        echo "==================================================================="
        echo "success" > $(results.build-status.path)
      resources:
        limits:
          cpu: 2000m
          memory: 4Gi
        requests:
          cpu: 500m
          memory: 1Gi
Add new infra architecture 3 2026-01-19 13:57:50 +01:00			`# Tekton Kaniko Build Task for Bakery-IA CI/CD`
			`# This task builds and pushes container images using Kaniko`
Add new infra architecture 6 2026-01-19 16:31:11 +01:00			`# Supports environment-configurable base images via build-args`
Add new infra architecture 3 2026-01-19 13:57:50 +01:00
			`apiVersion: tekton.dev/v1beta1`
			`kind: Task`
			`metadata:`
			`name: kaniko-build`
Add new infra architecture 11 2026-01-20 22:05:10 +01:00			`namespace: {{ .Release.Namespace }}`
Add new infra architecture 3 2026-01-19 13:57:50 +01:00			`labels:`
			`app.kubernetes.io/name: {{ .Values.labels.app.name }}`
			`app.kubernetes.io/component: build`
			`spec:`
			`workspaces:`
			`- name: source`
			`description: Workspace containing the source code`
			`- name: docker-credentials`
			`description: Docker registry credentials`
			`params:`
			`- name: services`
			`type: string`
			`description: Comma-separated list of services to build`
			`- name: registry`
			`type: string`
Add new infra architecture 6 2026-01-19 16:31:11 +01:00			`description: Container registry URL for pushing built images`
Add new infra architecture 3 2026-01-19 13:57:50 +01:00			`- name: git-revision`
			`type: string`
			`description: Git revision to tag images with`
Add new infra architecture 6 2026-01-19 16:31:11 +01:00			`- name: base-registry`
			`type: string`
			`description: Base image registry URL (e.g., docker.io, ghcr.io/org)`
Add new infra architecture 13 2026-01-21 23:16:19 +01:00			`default: "registry.bakewise.ai/bakery-admin"`
Add new infra architecture 6 2026-01-19 16:31:11 +01:00			`- name: python-image`
			`type: string`
			`description: Python base image name and tag`
Add new infra architecture 11 2026-01-20 22:05:10 +01:00			`default: "python_3.11-slim"`
Add new infra architecture 3 2026-01-19 13:57:50 +01:00			`results:`
			`- name: build-status`
			`description: Status of the build operation`
			`steps:`
			`- name: build-and-push`
Fix resources isues 23 2026-01-22 21:10:02 +01:00			`image: gcr.io/kaniko-project/executor:v1.15.0-debug`
Fix resources isues 28 2026-01-22 21:26:00 +01:00			`# Note: Kaniko requires root to unpack image layers and perform chown operations`
			`# This is a known requirement for container image building`
Fix resources isues 11 2026-01-22 17:29:56 +01:00			`securityContext:`
Fix resources isues 28 2026-01-22 21:26:00 +01:00			`runAsNonRoot: false`
			`runAsUser: 0`
Fix resources isues 11 2026-01-22 17:29:56 +01:00			`allowPrivilegeEscalation: false`
			`seccompProfile:`
			`type: RuntimeDefault`
Add new infra architecture 3 2026-01-19 13:57:50 +01:00			`env:`
			`- name: DOCKER_CONFIG`
			`value: /tekton/home/.docker`
Add new infra architecture 4 2026-01-19 14:22:07 +01:00			`script: \|`
Fix resources isues 22 2026-01-22 21:04:26 +01:00			`#!/busybox/sh`
Add new infra architecture 4 2026-01-19 14:22:07 +01:00			`set -e`
Add new infra architecture 6 2026-01-19 16:31:11 +01:00
Fix resources isues 27 2026-01-22 21:23:41 +01:00			`# Set up Docker credentials from workspace`
			`DOCKER_CREDS_PATH="$(workspaces.docker-credentials.path)"`
			`echo "Setting up Docker credentials from: $DOCKER_CREDS_PATH"`
			`mkdir -p /tekton/home/.docker`
			`if [ -f "$DOCKER_CREDS_PATH/config.json" ]; then`
			`cp "$DOCKER_CREDS_PATH/config.json" /tekton/home/.docker/config.json`
			`echo "Docker config.json copied successfully"`
			`elif [ -f "$DOCKER_CREDS_PATH/.dockerconfigjson" ]; then`
			`cp "$DOCKER_CREDS_PATH/.dockerconfigjson" /tekton/home/.docker/config.json`
			`echo "Docker .dockerconfigjson copied successfully"`
			`else`
			`echo "Warning: No docker credentials found in workspace"`
			`ls -la "$DOCKER_CREDS_PATH/" \|\| echo "Cannot list docker-credentials workspace"`
			`fi`

Add new infra architecture 6 2026-01-19 16:31:11 +01:00			`echo "==================================================================="`
			`echo "Kaniko Build Configuration"`
			`echo "==================================================================="`
			`echo "Target Registry: $(params.registry)"`
			`echo "Base Registry: $(params.base-registry)"`
			`echo "Python Image: $(params.python-image)"`
			`echo "Git Revision: $(params.git-revision)"`
Fix resources isues 24 2026-01-22 21:14:50 +01:00			`echo "Services param: $(params.services)"`
Add new infra architecture 6 2026-01-19 16:31:11 +01:00			`echo "==================================================================="`

Fix resources isues 26 2026-01-22 21:20:44 +01:00			`# Trim whitespace and newlines from services param`
			`SERVICES_PARAM=$(echo "$(params.services)" \| tr -d '\n' \| tr -d ' ')`
Fix resources isues 24 2026-01-22 21:14:50 +01:00			`WORKSPACE="$(workspaces.source.path)"`
Add new infra architecture 6 2026-01-19 16:31:11 +01:00
Fix resources isues 26 2026-01-22 21:20:44 +01:00			`echo "Trimmed services param: '$SERVICES_PARAM'"`

Fix resources isues 24 2026-01-22 21:14:50 +01:00			`# Handle "all" case by discovering services from workspace`
			`if [ "$SERVICES_PARAM" = "all" ]; then`
			`echo "Building all services - discovering from workspace..."`
Fix resources isues 25 2026-01-22 21:17:58 +01:00			`echo "Workspace contents:"`
			`ls -la "$WORKSPACE/"`
			`echo "Services directory contents:"`
			`ls -la "$WORKSPACE/services/" \|\| echo "No services directory"`

Fix resources isues 24 2026-01-22 21:14:50 +01:00			`SERVICES=""`
Fix resources isues 25 2026-01-22 21:17:58 +01:00			`# Find all services with Dockerfiles using ls`
			`if [ -d "$WORKSPACE/services" ]; then`
			`for svc_name in $(ls "$WORKSPACE/services/"); do`
			`if [ -f "$WORKSPACE/services/$svc_name/Dockerfile" ]; then`
			`if [ -z "$SERVICES" ]; then`
			`SERVICES="$svc_name"`
			`else`
			`SERVICES="$SERVICES,$svc_name"`
			`fi`
Fix resources isues 24 2026-01-22 21:14:50 +01:00			`fi`
Fix resources isues 25 2026-01-22 21:17:58 +01:00			`done`
			`fi`
Fix resources isues 24 2026-01-22 21:14:50 +01:00			`# Add gateway if it has Dockerfile`
			`if [ -f "$WORKSPACE/gateway/Dockerfile" ]; then`
Fix resources isues 25 2026-01-22 21:17:58 +01:00			`if [ -z "$SERVICES" ]; then`
			`SERVICES="gateway"`
			`else`
			`SERVICES="$SERVICES,gateway"`
			`fi`
Fix resources isues 24 2026-01-22 21:14:50 +01:00			`fi`
			`# Add frontend if it has Dockerfile.kubernetes`
			`if [ -f "$WORKSPACE/frontend/Dockerfile.kubernetes" ]; then`
Fix resources isues 25 2026-01-22 21:17:58 +01:00			`if [ -z "$SERVICES" ]; then`
			`SERVICES="frontend"`
			`else`
			`SERVICES="$SERVICES,frontend"`
			`fi`
Fix resources isues 24 2026-01-22 21:14:50 +01:00			`fi`
			`echo "Discovered services: $SERVICES"`
			`else`
			`SERVICES="$SERVICES_PARAM"`
			`fi`

			`# Build each service`
Fix resources isues 22 2026-01-22 21:04:26 +01:00			`echo "$SERVICES" \| tr ',' '\n' \| while read service; do`
			`service=$(echo "$service" \| tr -d ' ') # Trim whitespace`
			`if [ -n "$service" ] && [ "$service" != "none" ] && [ "$service" != "infrastructure" ] && [ "$service" != "shared" ]; then`
Add new infra architecture 6 2026-01-19 16:31:11 +01:00			`echo ""`
Add new infra architecture 4 2026-01-19 14:22:07 +01:00			`echo "Building service: $service"`
Add new infra architecture 6 2026-01-19 16:31:11 +01:00			`echo "-------------------------------------------------------------------"`

Add new infra architecture 10 2026-01-20 10:39:40 +01:00			`# Determine Dockerfile path (services vs gateway vs frontend)`
Add new infra architecture 6 2026-01-19 16:31:11 +01:00			`if [ "$service" = "gateway" ]; then`
Fix resources isues 24 2026-01-22 21:14:50 +01:00			`DOCKERFILE_PATH="$WORKSPACE/gateway/Dockerfile"`
Add new infra architecture 10 2026-01-20 10:39:40 +01:00			`elif [ "$service" = "frontend" ]; then`
Fix resources isues 24 2026-01-22 21:14:50 +01:00			`DOCKERFILE_PATH="$WORKSPACE/frontend/Dockerfile.kubernetes"`
Add new infra architecture 6 2026-01-19 16:31:11 +01:00			`else`
Fix resources isues 24 2026-01-22 21:14:50 +01:00			`DOCKERFILE_PATH="$WORKSPACE/services/$service/Dockerfile"`
			`fi`

			`# Check if Dockerfile exists`
			`if [ ! -f "$DOCKERFILE_PATH" ]; then`
			`echo "Warning: Dockerfile not found at $DOCKERFILE_PATH, skipping..."`
			`continue`
Add new infra architecture 6 2026-01-19 16:31:11 +01:00			`fi`

Add new infra architecture 4 2026-01-19 14:22:07 +01:00			`/kaniko/executor \`
Add new infra architecture 6 2026-01-19 16:31:11 +01:00			`--dockerfile="$DOCKERFILE_PATH" \`
Add new infra architecture 4 2026-01-19 14:22:07 +01:00			`--destination="$(params.registry)/$service:$(params.git-revision)" \`
Fix resources isues 24 2026-01-22 21:14:50 +01:00			`--context="$WORKSPACE" \`
Add new infra architecture 6 2026-01-19 16:31:11 +01:00			`--build-arg="BASE_REGISTRY=$(params.base-registry)" \`
			`--build-arg="PYTHON_IMAGE=$(params.python-image)" \`
Add new infra architecture 4 2026-01-19 14:22:07 +01:00			`--cache=true \`
			`--cache-repo="$(params.registry)/cache"`
Add new infra architecture 6 2026-01-19 16:31:11 +01:00
			`echo "Successfully built: $(params.registry)/$service:$(params.git-revision)"`
Add new infra architecture 4 2026-01-19 14:22:07 +01:00			`fi`
			`done`
Add new infra architecture 6 2026-01-19 16:31:11 +01:00
			`echo ""`
			`echo "==================================================================="`
			`echo "Build completed successfully!"`
			`echo "==================================================================="`
Add new infra architecture 4 2026-01-19 14:22:07 +01:00			`echo "success" > $(results.build-status.path)`
Add new infra architecture 3 2026-01-19 13:57:50 +01:00			`resources:`
			`limits:`
			`cpu: 2000m`
			`memory: 4Gi`
			`requests:`
			`cpu: 500m`
			`memory: 1Gi`