# Main CI Pipeline for Bakery-IA # This pipeline orchestrates the build, test, and deploy process # Includes: fetch -> detect changes -> test -> build -> update gitops apiVersion: tekton.dev/v1beta1 kind: Pipeline metadata: name: bakery-ia-ci namespace: {{ .Values.namespace }} labels: app.kubernetes.io/name: {{ .Values.labels.app.name }} app.kubernetes.io/component: pipeline spec: workspaces: - name: shared-workspace description: Shared workspace for source code - name: docker-credentials description: Docker registry credentials - name: git-credentials description: Git credentials for pushing GitOps updates optional: true params: - name: git-url type: string description: Repository URL - name: git-revision type: string description: Git revision/commit hash - name: registry type: string description: Container registry URL - name: git-branch type: string description: Target branch for GitOps updates default: "main" - name: skip-tests type: string description: Skip tests if "true" default: "false" - name: dry-run type: string description: Dry run mode - don't push changes default: "false" tasks: # Stage 1: Fetch source code - name: fetch-source taskRef: name: git-clone workspaces: - name: output workspace: shared-workspace params: - name: url value: $(params.git-url) - name: revision value: $(params.git-revision) # Stage 2: Detect which services changed - name: detect-changes runAfter: [fetch-source] taskRef: name: detect-changed-services workspaces: - name: source workspace: shared-workspace # Stage 3: Run tests on changed services - name: run-tests runAfter: [detect-changes] taskRef: name: run-tests when: - input: "$(tasks.detect-changes.results.changed-services)" operator: notin values: ["none", "infrastructure"] - input: "$(params.skip-tests)" operator: notin values: ["true"] workspaces: - name: source workspace: shared-workspace params: - name: services value: $(tasks.detect-changes.results.changed-services) - name: skip-tests value: $(params.skip-tests) # Stage 4: Build and push container images - name: build-and-push runAfter: [run-tests] taskRef: name: kaniko-build when: - input: "$(tasks.detect-changes.results.changed-services)" operator: notin values: ["none", "infrastructure"] workspaces: - name: source workspace: shared-workspace - name: docker-credentials workspace: docker-credentials params: - name: services value: $(tasks.detect-changes.results.changed-services) - name: registry value: $(params.registry) - name: git-revision value: $(params.git-revision) # Stage 5: Update GitOps manifests - name: update-gitops-manifests runAfter: [build-and-push] taskRef: name: update-gitops when: - input: "$(tasks.detect-changes.results.changed-services)" operator: notin values: ["none", "infrastructure"] - input: "$(tasks.build-and-push.results.build-status)" operator: in values: ["success", "partial"] workspaces: - name: source workspace: shared-workspace - name: git-credentials workspace: git-credentials params: - name: services value: $(tasks.detect-changes.results.changed-services) - name: registry value: $(params.registry) - name: git-revision value: $(params.git-revision) - name: git-branch value: $(params.git-branch) - name: dry-run value: $(params.dry-run) # Final tasks that run regardless of pipeline success/failure finally: - name: pipeline-summary taskRef: name: pipeline-summary params: - name: changed-services value: $(tasks.detect-changes.results.changed-services) - name: git-revision value: $(params.git-revision)