# Tekton Kaniko Build Task for Bakery-IA CI/CD # This task builds and pushes container images using Kaniko # Supports building multiple services from a comma-separated list apiVersion: tekton.dev/v1beta1 kind: Task metadata: name: kaniko-build namespace: tekton-pipelines labels: app.kubernetes.io/name: bakery-ia-cicd app.kubernetes.io/component: build spec: workspaces: - name: source description: Source code workspace - name: docker-credentials description: Docker registry credentials params: - name: services type: string description: Comma-separated list of services to build - name: registry type: string description: Container registry URL - name: git-revision type: string description: Git revision for image tag default: "latest" results: - name: built-images description: List of successfully built images - name: build-status description: Overall build status (success/failure) steps: # Step 1: Setup docker credentials - name: setup-docker-config image: alpine:3.18 script: | #!/bin/sh set -e echo "Setting up Docker credentials..." mkdir -p /kaniko/.docker # Check if credentials secret is mounted if [ -f "$(workspaces.docker-credentials.path)/config.json" ]; then cp "$(workspaces.docker-credentials.path)/config.json" /kaniko/.docker/config.json echo "Docker config copied from secret" elif [ -f "$(workspaces.docker-credentials.path)/.dockerconfigjson" ]; then cp "$(workspaces.docker-credentials.path)/.dockerconfigjson" /kaniko/.docker/config.json echo "Docker config copied from .dockerconfigjson" else echo "Warning: No docker credentials found, builds may fail for private registries" echo '{}' > /kaniko/.docker/config.json fi volumeMounts: - name: docker-config mountPath: /kaniko/.docker resources: limits: cpu: 100m memory: 64Mi requests: cpu: 50m memory: 32Mi # Step 2: Build each service iteratively - name: build-services image: gcr.io/kaniko-project/executor:v1.23.0 script: | #!/busybox/sh set -e SERVICES="$(params.services)" REGISTRY="$(params.registry)" REVISION="$(params.git-revision)" SOURCE_PATH="$(workspaces.source.path)" BUILT_IMAGES="" FAILED_SERVICES="" echo "============================================" echo "Starting build for services: $SERVICES" echo "Registry: $REGISTRY" echo "Tag: $REVISION" echo "============================================" # Skip if no services to build if [ "$SERVICES" = "none" ] || [ -z "$SERVICES" ]; then echo "No services to build, skipping..." echo "none" > $(results.built-images.path) echo "skipped" > $(results.build-status.path) exit 0 fi # Convert comma-separated list to space-separated SERVICES_LIST=$(echo "$SERVICES" | tr ',' ' ') for SERVICE in $SERVICES_LIST; do # Trim whitespace SERVICE=$(echo "$SERVICE" | tr -d ' ') # Skip infrastructure changes (not buildable) if [ "$SERVICE" = "infrastructure" ]; then echo "Skipping infrastructure (not a buildable service)" continue fi echo "" echo "--------------------------------------------" echo "Building service: $SERVICE" echo "--------------------------------------------" # Determine Dockerfile path based on service type if [ "$SERVICE" = "frontend" ]; then DOCKERFILE_PATH="$SOURCE_PATH/frontend/Dockerfile" CONTEXT_PATH="$SOURCE_PATH/frontend" elif [ "$SERVICE" = "gateway" ]; then DOCKERFILE_PATH="$SOURCE_PATH/gateway/Dockerfile" CONTEXT_PATH="$SOURCE_PATH/gateway" else DOCKERFILE_PATH="$SOURCE_PATH/services/$SERVICE/Dockerfile" CONTEXT_PATH="$SOURCE_PATH" fi # Check if Dockerfile exists if [ ! -f "$DOCKERFILE_PATH" ]; then echo "Warning: Dockerfile not found at $DOCKERFILE_PATH, skipping $SERVICE" FAILED_SERVICES="$FAILED_SERVICES $SERVICE" continue fi IMAGE_NAME="$REGISTRY/bakery/$SERVICE:$REVISION" IMAGE_NAME_LATEST="$REGISTRY/bakery/$SERVICE:latest" echo "Dockerfile: $DOCKERFILE_PATH" echo "Context: $CONTEXT_PATH" echo "Image: $IMAGE_NAME" # Run Kaniko build /kaniko/executor \ --dockerfile="$DOCKERFILE_PATH" \ --context="$CONTEXT_PATH" \ --destination="$IMAGE_NAME" \ --destination="$IMAGE_NAME_LATEST" \ --cache=true \ --cache-ttl=24h \ --verbosity=info \ --snapshot-mode=redo \ --use-new-run BUILD_EXIT_CODE=$? if [ $BUILD_EXIT_CODE -eq 0 ]; then echo "Successfully built and pushed: $IMAGE_NAME" if [ -z "$BUILT_IMAGES" ]; then BUILT_IMAGES="$IMAGE_NAME" else BUILT_IMAGES="$BUILT_IMAGES,$IMAGE_NAME" fi else echo "Failed to build: $SERVICE (exit code: $BUILD_EXIT_CODE)" FAILED_SERVICES="$FAILED_SERVICES $SERVICE" fi done echo "" echo "============================================" echo "Build Summary" echo "============================================" echo "Built images: $BUILT_IMAGES" echo "Failed services: $FAILED_SERVICES" # Write results if [ -z "$BUILT_IMAGES" ]; then echo "none" > $(results.built-images.path) else echo "$BUILT_IMAGES" > $(results.built-images.path) fi if [ -n "$FAILED_SERVICES" ]; then echo "partial" > $(results.build-status.path) echo "Warning: Some services failed to build: $FAILED_SERVICES" else echo "success" > $(results.build-status.path) fi volumeMounts: - name: docker-config mountPath: /kaniko/.docker securityContext: runAsUser: 0 resources: limits: cpu: 2000m memory: 4Gi requests: cpu: 500m memory: 1Gi volumes: - name: docker-config emptyDir: {}