200 lines
6.5 KiB
YAML
200 lines
6.5 KiB
YAML
# Tekton Kaniko Build Task for Bakery-IA CI/CD
|
|
# This task builds and pushes container images using Kaniko
|
|
# Supports building multiple services from a comma-separated list
|
|
|
|
apiVersion: tekton.dev/v1beta1
|
|
kind: Task
|
|
metadata:
|
|
name: kaniko-build
|
|
namespace: tekton-pipelines
|
|
labels:
|
|
app.kubernetes.io/name: bakery-ia-cicd
|
|
app.kubernetes.io/component: build
|
|
spec:
|
|
workspaces:
|
|
- name: source
|
|
description: Source code workspace
|
|
- name: docker-credentials
|
|
description: Docker registry credentials
|
|
params:
|
|
- name: services
|
|
type: string
|
|
description: Comma-separated list of services to build
|
|
- name: registry
|
|
type: string
|
|
description: Container registry URL
|
|
- name: git-revision
|
|
type: string
|
|
description: Git revision for image tag
|
|
default: "latest"
|
|
results:
|
|
- name: built-images
|
|
description: List of successfully built images
|
|
- name: build-status
|
|
description: Overall build status (success/failure)
|
|
steps:
|
|
# Step 1: Setup docker credentials
|
|
- name: setup-docker-config
|
|
image: alpine:3.18
|
|
script: |
|
|
#!/bin/sh
|
|
set -e
|
|
echo "Setting up Docker credentials..."
|
|
mkdir -p /kaniko/.docker
|
|
|
|
# Check if credentials secret is mounted
|
|
if [ -f "$(workspaces.docker-credentials.path)/config.json" ]; then
|
|
cp "$(workspaces.docker-credentials.path)/config.json" /kaniko/.docker/config.json
|
|
echo "Docker config copied from secret"
|
|
elif [ -f "$(workspaces.docker-credentials.path)/.dockerconfigjson" ]; then
|
|
cp "$(workspaces.docker-credentials.path)/.dockerconfigjson" /kaniko/.docker/config.json
|
|
echo "Docker config copied from .dockerconfigjson"
|
|
else
|
|
echo "Warning: No docker credentials found, builds may fail for private registries"
|
|
echo '{}' > /kaniko/.docker/config.json
|
|
fi
|
|
volumeMounts:
|
|
- name: docker-config
|
|
mountPath: /kaniko/.docker
|
|
resources:
|
|
limits:
|
|
cpu: 100m
|
|
memory: 64Mi
|
|
requests:
|
|
cpu: 50m
|
|
memory: 32Mi
|
|
|
|
# Step 2: Build each service iteratively
|
|
- name: build-services
|
|
image: gcr.io/kaniko-project/executor:v1.23.0
|
|
script: |
|
|
#!/busybox/sh
|
|
set -e
|
|
|
|
SERVICES="$(params.services)"
|
|
REGISTRY="$(params.registry)"
|
|
REVISION="$(params.git-revision)"
|
|
SOURCE_PATH="$(workspaces.source.path)"
|
|
BUILT_IMAGES=""
|
|
FAILED_SERVICES=""
|
|
|
|
echo "============================================"
|
|
echo "Starting build for services: $SERVICES"
|
|
echo "Registry: $REGISTRY"
|
|
echo "Tag: $REVISION"
|
|
echo "============================================"
|
|
|
|
# Skip if no services to build
|
|
if [ "$SERVICES" = "none" ] || [ -z "$SERVICES" ]; then
|
|
echo "No services to build, skipping..."
|
|
echo "none" > $(results.built-images.path)
|
|
echo "skipped" > $(results.build-status.path)
|
|
exit 0
|
|
fi
|
|
|
|
# Convert comma-separated list to space-separated
|
|
SERVICES_LIST=$(echo "$SERVICES" | tr ',' ' ')
|
|
|
|
for SERVICE in $SERVICES_LIST; do
|
|
# Trim whitespace
|
|
SERVICE=$(echo "$SERVICE" | tr -d ' ')
|
|
|
|
# Skip infrastructure changes (not buildable)
|
|
if [ "$SERVICE" = "infrastructure" ]; then
|
|
echo "Skipping infrastructure (not a buildable service)"
|
|
continue
|
|
fi
|
|
|
|
echo ""
|
|
echo "--------------------------------------------"
|
|
echo "Building service: $SERVICE"
|
|
echo "--------------------------------------------"
|
|
|
|
# Determine Dockerfile path based on service type
|
|
if [ "$SERVICE" = "frontend" ]; then
|
|
DOCKERFILE_PATH="$SOURCE_PATH/frontend/Dockerfile"
|
|
CONTEXT_PATH="$SOURCE_PATH/frontend"
|
|
elif [ "$SERVICE" = "gateway" ]; then
|
|
DOCKERFILE_PATH="$SOURCE_PATH/gateway/Dockerfile"
|
|
CONTEXT_PATH="$SOURCE_PATH/gateway"
|
|
else
|
|
DOCKERFILE_PATH="$SOURCE_PATH/services/$SERVICE/Dockerfile"
|
|
CONTEXT_PATH="$SOURCE_PATH"
|
|
fi
|
|
|
|
# Check if Dockerfile exists
|
|
if [ ! -f "$DOCKERFILE_PATH" ]; then
|
|
echo "Warning: Dockerfile not found at $DOCKERFILE_PATH, skipping $SERVICE"
|
|
FAILED_SERVICES="$FAILED_SERVICES $SERVICE"
|
|
continue
|
|
fi
|
|
|
|
IMAGE_NAME="$REGISTRY/bakery/$SERVICE:$REVISION"
|
|
IMAGE_NAME_LATEST="$REGISTRY/bakery/$SERVICE:latest"
|
|
|
|
echo "Dockerfile: $DOCKERFILE_PATH"
|
|
echo "Context: $CONTEXT_PATH"
|
|
echo "Image: $IMAGE_NAME"
|
|
|
|
# Run Kaniko build
|
|
/kaniko/executor \
|
|
--dockerfile="$DOCKERFILE_PATH" \
|
|
--context="$CONTEXT_PATH" \
|
|
--destination="$IMAGE_NAME" \
|
|
--destination="$IMAGE_NAME_LATEST" \
|
|
--cache=true \
|
|
--cache-ttl=24h \
|
|
--verbosity=info \
|
|
--snapshot-mode=redo \
|
|
--use-new-run
|
|
|
|
BUILD_EXIT_CODE=$?
|
|
|
|
if [ $BUILD_EXIT_CODE -eq 0 ]; then
|
|
echo "Successfully built and pushed: $IMAGE_NAME"
|
|
if [ -z "$BUILT_IMAGES" ]; then
|
|
BUILT_IMAGES="$IMAGE_NAME"
|
|
else
|
|
BUILT_IMAGES="$BUILT_IMAGES,$IMAGE_NAME"
|
|
fi
|
|
else
|
|
echo "Failed to build: $SERVICE (exit code: $BUILD_EXIT_CODE)"
|
|
FAILED_SERVICES="$FAILED_SERVICES $SERVICE"
|
|
fi
|
|
done
|
|
|
|
echo ""
|
|
echo "============================================"
|
|
echo "Build Summary"
|
|
echo "============================================"
|
|
echo "Built images: $BUILT_IMAGES"
|
|
echo "Failed services: $FAILED_SERVICES"
|
|
|
|
# Write results
|
|
if [ -z "$BUILT_IMAGES" ]; then
|
|
echo "none" > $(results.built-images.path)
|
|
else
|
|
echo "$BUILT_IMAGES" > $(results.built-images.path)
|
|
fi
|
|
|
|
if [ -n "$FAILED_SERVICES" ]; then
|
|
echo "partial" > $(results.build-status.path)
|
|
echo "Warning: Some services failed to build: $FAILED_SERVICES"
|
|
else
|
|
echo "success" > $(results.build-status.path)
|
|
fi
|
|
volumeMounts:
|
|
- name: docker-config
|
|
mountPath: /kaniko/.docker
|
|
securityContext:
|
|
runAsUser: 0
|
|
resources:
|
|
limits:
|
|
cpu: 2000m
|
|
memory: 4Gi
|
|
requests:
|
|
cpu: 500m
|
|
memory: 1Gi
|
|
volumes:
|
|
- name: docker-config
|
|
emptyDir: {} |