From 86940d4f0b55221b7fbb9ea0f36a3e88430036fe Mon Sep 17 00:00:00 2001 From: appiepollo14 Date: Sun, 25 Feb 2024 18:43:21 +0100 Subject: [PATCH] Tekton example improvement (#74) * Disable test netwerkalias * Fix missing import * Fix wrong disabled test * Adds git-clone task and example pipelinerun yaml. * Adds git-clone task and example pipelinerun yaml. --- examples/tekton/README.md | 12 + examples/tekton/kustomization.yaml | 3 +- .../resources/example/pplr_kubedock.yaml | 23 ++ examples/tekton/resources/git-clone.yaml | 242 ++++++++++++++++++ examples/tekton/resources/pipeline.yaml | 5 - examples/testcontainers-java/pom.xml | 14 +- .../testcontainers/NetworkAliasesTest.java | 9 +- .../examples/testcontainers/NginxTest.java | 5 +- 8 files changed, 292 insertions(+), 21 deletions(-) create mode 100644 examples/tekton/resources/example/pplr_kubedock.yaml create mode 100644 examples/tekton/resources/git-clone.yaml diff --git a/examples/tekton/README.md b/examples/tekton/README.md index 78658b8..1a32310 100644 --- a/examples/tekton/README.md +++ b/examples/tekton/README.md @@ -2,12 +2,24 @@ This folder contains an example tekton task (and a pipeline using this task) that will use kubedock to run the tests of the testcontainers-java example. +Apply the resources: + ```bash kustomize build . | kubectl apply -f - +``` +Start a pipelinerun via cmd: + +```bash tkn pipeline start kubedock-example -p git-url=https://github.com/joyrex2001/kubedock.git \ -p context-dir=examples/testcontainers-java \ -p git-revision=master ``` +Or start a pipelinerun via the provided yaml-file: + +```bash +kubectl create -f ./resources/example/pplr_kubedock.yaml +``` + The task is using a sidecar container in which kubedock is running. Note that this sidecar container is also mounting the workspace volume. This is required when volumemounts or file copies are used in the tests. If the sidecar is not able to access the workspace, kubedock will not be able to access these files. \ No newline at end of file diff --git a/examples/tekton/kustomization.yaml b/examples/tekton/kustomization.yaml index cf79ad1..9719cd6 100644 --- a/examples/tekton/kustomization.yaml +++ b/examples/tekton/kustomization.yaml @@ -3,4 +3,5 @@ kind: Kustomization resources: - ./resources/mvn-test.yaml -- ./resources/pipeline.yaml \ No newline at end of file +- ./resources/pipeline.yaml +- ./resources/git-clone.yaml \ No newline at end of file diff --git a/examples/tekton/resources/example/pplr_kubedock.yaml b/examples/tekton/resources/example/pplr_kubedock.yaml new file mode 100644 index 0000000..e8e94c6 --- /dev/null +++ b/examples/tekton/resources/example/pplr_kubedock.yaml @@ -0,0 +1,23 @@ +apiVersion: tekton.dev/v1beta1 +kind: PipelineRun +metadata: + generateName: kubedock-example +spec: + params: + - name: git-url + value: "https://github.com/joyrex2001/kubedock.git" + - name: git-revision + value: "master" + - name: context-dir + value: "examples/testcontainers-java" + pipelineRef: + name: kubedock-example + workspaces: + - name: source + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi \ No newline at end of file diff --git a/examples/tekton/resources/git-clone.yaml b/examples/tekton/resources/git-clone.yaml new file mode 100644 index 0000000..7859c58 --- /dev/null +++ b/examples/tekton/resources/git-clone.yaml @@ -0,0 +1,242 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: git-clone + labels: + app.kubernetes.io/version: "0.9" + annotations: + tekton.dev/pipelines.minVersion: "0.38.0" + tekton.dev/categories: Git + tekton.dev/tags: git + tekton.dev/displayName: "git clone" + tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" +spec: + description: >- + These Tasks are Git tasks to work with repositories used by other tasks + in your Pipeline. + + The git-clone Task will clone a repo from the provided url into the + output Workspace. By default the repo will be cloned into the root of + your Workspace. You can clone into a subdirectory by setting this Task's + subdirectory param. This Task also supports sparse checkouts. To perform + a sparse checkout, pass a list of comma separated directory patterns to + this Task's sparseCheckoutDirectories param. + workspaces: + - name: output + description: The git repo will be cloned onto the volume backing this Workspace. + - name: ssh-directory + optional: true + description: | + A .ssh directory with private key, known_hosts, config, etc. Copied to + the user's home before git commands are executed. Used to authenticate + with the git remote when performing the clone. Binding a Secret to this + Workspace is strongly recommended over other volume types. + - name: basic-auth + optional: true + description: | + A Workspace containing a .gitconfig and .git-credentials file. These + will be copied to the user's home before any git commands are run. Any + other files in this Workspace are ignored. It is strongly recommended + to use ssh-directory over basic-auth whenever possible and to bind a + Secret to this Workspace over other volume types. + - name: ssl-ca-directory + optional: true + description: | + A workspace containing CA certificates, this will be used by Git to + verify the peer with when fetching or pushing over HTTPS. + params: + - name: url + description: Repository URL to clone from. + type: string + - name: revision + description: Revision to checkout. (branch, tag, sha, ref, etc...) + type: string + default: "" + - name: refspec + description: Refspec to fetch before checking out revision. + default: "" + - name: submodules + description: Initialize and fetch git submodules. + type: string + default: "true" + - name: depth + description: Perform a shallow clone, fetching only the most recent N commits. + type: string + default: "1" + - name: sslVerify + description: Set the `http.sslVerify` global git config. Setting this to `false` is not advised unless you are sure that you trust your git remote. + type: string + default: "true" + - name: crtFileName + description: file name of mounted crt using ssl-ca-directory workspace. default value is ca-bundle.crt. + type: string + default: "ca-bundle.crt" + - name: subdirectory + description: Subdirectory inside the `output` Workspace to clone the repo into. + type: string + default: "" + - name: sparseCheckoutDirectories + description: Define the directory patterns to match or exclude when performing a sparse checkout. + type: string + default: "" + - name: deleteExisting + description: Clean out the contents of the destination directory if it already exists before cloning. + type: string + default: "true" + - name: httpProxy + description: HTTP proxy server for non-SSL requests. + type: string + default: "" + - name: httpsProxy + description: HTTPS proxy server for SSL requests. + type: string + default: "" + - name: noProxy + description: Opt out of proxying HTTP/HTTPS requests. + type: string + default: "" + - name: verbose + description: Log the commands that are executed during `git-clone`'s operation. + type: string + default: "true" + - name: gitInitImage + description: The image providing the git-init binary that this Task runs. + type: string + default: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.40.2" + - name: userHome + description: | + Absolute path to the user's home directory. + type: string + default: "/home/git" + results: + - name: commit + description: The precise commit SHA that was fetched by this Task. + - name: url + description: The precise URL that was fetched by this Task. + - name: committer-date + description: The epoch timestamp of the commit that was fetched by this Task. + steps: + - name: clone + image: "$(params.gitInitImage)" + env: + - name: HOME + value: "$(params.userHome)" + - name: PARAM_URL + value: $(params.url) + - name: PARAM_REVISION + value: $(params.revision) + - name: PARAM_REFSPEC + value: $(params.refspec) + - name: PARAM_SUBMODULES + value: $(params.submodules) + - name: PARAM_DEPTH + value: $(params.depth) + - name: PARAM_SSL_VERIFY + value: $(params.sslVerify) + - name: PARAM_CRT_FILENAME + value: $(params.crtFileName) + - name: PARAM_SUBDIRECTORY + value: $(params.subdirectory) + - name: PARAM_DELETE_EXISTING + value: $(params.deleteExisting) + - name: PARAM_HTTP_PROXY + value: $(params.httpProxy) + - name: PARAM_HTTPS_PROXY + value: $(params.httpsProxy) + - name: PARAM_NO_PROXY + value: $(params.noProxy) + - name: PARAM_VERBOSE + value: $(params.verbose) + - name: PARAM_SPARSE_CHECKOUT_DIRECTORIES + value: $(params.sparseCheckoutDirectories) + - name: PARAM_USER_HOME + value: $(params.userHome) + - name: WORKSPACE_OUTPUT_PATH + value: $(workspaces.output.path) + - name: WORKSPACE_SSH_DIRECTORY_BOUND + value: $(workspaces.ssh-directory.bound) + - name: WORKSPACE_SSH_DIRECTORY_PATH + value: $(workspaces.ssh-directory.path) + - name: WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND + value: $(workspaces.basic-auth.bound) + - name: WORKSPACE_BASIC_AUTH_DIRECTORY_PATH + value: $(workspaces.basic-auth.path) + - name: WORKSPACE_SSL_CA_DIRECTORY_BOUND + value: $(workspaces.ssl-ca-directory.bound) + - name: WORKSPACE_SSL_CA_DIRECTORY_PATH + value: $(workspaces.ssl-ca-directory.path) + securityContext: + runAsNonRoot: true + runAsUser: 65532 + script: | + #!/usr/bin/env sh + set -eu + + if [ "${PARAM_VERBOSE}" = "true" ] ; then + set -x + fi + + if [ "${WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND}" = "true" ] ; then + cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials" "${PARAM_USER_HOME}/.git-credentials" + cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig" "${PARAM_USER_HOME}/.gitconfig" + chmod 400 "${PARAM_USER_HOME}/.git-credentials" + chmod 400 "${PARAM_USER_HOME}/.gitconfig" + fi + + if [ "${WORKSPACE_SSH_DIRECTORY_BOUND}" = "true" ] ; then + cp -R "${WORKSPACE_SSH_DIRECTORY_PATH}" "${PARAM_USER_HOME}"/.ssh + chmod 700 "${PARAM_USER_HOME}"/.ssh + chmod -R 400 "${PARAM_USER_HOME}"/.ssh/* + fi + + if [ "${WORKSPACE_SSL_CA_DIRECTORY_BOUND}" = "true" ] ; then + export GIT_SSL_CAPATH="${WORKSPACE_SSL_CA_DIRECTORY_PATH}" + if [ "${PARAM_CRT_FILENAME}" != "" ] ; then + export GIT_SSL_CAINFO="${WORKSPACE_SSL_CA_DIRECTORY_PATH}/${PARAM_CRT_FILENAME}" + fi + fi + CHECKOUT_DIR="${WORKSPACE_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}" + + cleandir() { + # Delete any existing contents of the repo directory if it exists. + # + # We don't just "rm -rf ${CHECKOUT_DIR}" because ${CHECKOUT_DIR} might be "/" + # or the root of a mounted volume. + if [ -d "${CHECKOUT_DIR}" ] ; then + # Delete non-hidden files and directories + rm -rf "${CHECKOUT_DIR:?}"/* + # Delete files and directories starting with . but excluding .. + rm -rf "${CHECKOUT_DIR}"/.[!.]* + # Delete files and directories starting with .. plus any other character + rm -rf "${CHECKOUT_DIR}"/..?* + fi + } + + if [ "${PARAM_DELETE_EXISTING}" = "true" ] ; then + cleandir || true + fi + + test -z "${PARAM_HTTP_PROXY}" || export HTTP_PROXY="${PARAM_HTTP_PROXY}" + test -z "${PARAM_HTTPS_PROXY}" || export HTTPS_PROXY="${PARAM_HTTPS_PROXY}" + test -z "${PARAM_NO_PROXY}" || export NO_PROXY="${PARAM_NO_PROXY}" + + git config --global --add safe.directory "${WORKSPACE_OUTPUT_PATH}" + /ko-app/git-init \ + -url="${PARAM_URL}" \ + -revision="${PARAM_REVISION}" \ + -refspec="${PARAM_REFSPEC}" \ + -path="${CHECKOUT_DIR}" \ + -sslVerify="${PARAM_SSL_VERIFY}" \ + -submodules="${PARAM_SUBMODULES}" \ + -depth="${PARAM_DEPTH}" \ + -sparseCheckoutDirectories="${PARAM_SPARSE_CHECKOUT_DIRECTORIES}" + cd "${CHECKOUT_DIR}" + RESULT_SHA="$(git rev-parse HEAD)" + EXIT_CODE="$?" + if [ "${EXIT_CODE}" != 0 ] ; then + exit "${EXIT_CODE}" + fi + RESULT_COMMITTER_DATE="$(git log -1 --pretty=%ct)" + printf "%s" "${RESULT_COMMITTER_DATE}" > "$(results.committer-date.path)" + printf "%s" "${RESULT_SHA}" > "$(results.commit.path)" + printf "%s" "${PARAM_URL}" > "$(results.url.path)" diff --git a/examples/tekton/resources/pipeline.yaml b/examples/tekton/resources/pipeline.yaml index f3e91a0..213e869 100644 --- a/examples/tekton/resources/pipeline.yaml +++ b/examples/tekton/resources/pipeline.yaml @@ -13,17 +13,12 @@ spec: - name: clone taskRef: name: git-clone - kind: ClusterTask workspaces: - name: output workspace: shared-workspace params: - name: url value: $(params.git-url) - - name: subdirectory - value: "" - - name: deleteExisting - value: "true" - name: revision value: $(params.git-revision) - name: test diff --git a/examples/testcontainers-java/pom.xml b/examples/testcontainers-java/pom.xml index e5a7e04..ffb691d 100644 --- a/examples/testcontainers-java/pom.xml +++ b/examples/testcontainers-java/pom.xml @@ -12,8 +12,8 @@ UTF-8 17 17 - 1.19.3 - 5.10.1 + 1.19.6 + 5.10.2 @@ -21,12 +21,12 @@ org.apache.maven.plugins maven-compiler-plugin - 3.8.1 + 3.12.1 org.apache.maven.plugins maven-surefire-plugin - 3.0.0-M5 + 3.2.5 @@ -35,7 +35,7 @@ org.assertj assertj-core - 3.24.2 + 3.25.3 test @@ -53,13 +53,13 @@ org.slf4j slf4j-api - 2.0.9 + 2.0.12 test ch.qos.logback logback-classic - 1.4.14 + 1.5.0 test diff --git a/examples/testcontainers-java/src/test/java/com/joyrex2001/kubedock/examples/testcontainers/NetworkAliasesTest.java b/examples/testcontainers-java/src/test/java/com/joyrex2001/kubedock/examples/testcontainers/NetworkAliasesTest.java index 8896125..5767362 100644 --- a/examples/testcontainers-java/src/test/java/com/joyrex2001/kubedock/examples/testcontainers/NetworkAliasesTest.java +++ b/examples/testcontainers-java/src/test/java/com/joyrex2001/kubedock/examples/testcontainers/NetworkAliasesTest.java @@ -1,16 +1,13 @@ package com.joyrex2001.kubedock.examples.testcontainers; import org.junit.jupiter.api.Test; - import org.testcontainers.containers.GenericContainer; import org.testcontainers.containers.Network; - import org.testcontainers.junit.jupiter.Testcontainers; -import static org.assertj.core.api.Assertions.assertThat; - import java.io.IOException; -import java.lang.InterruptedException; + +import static org.assertj.core.api.Assertions.assertThat; @Testcontainers public class NetworkAliasesTest { @@ -36,7 +33,7 @@ void testNetworkAliases() throws IOException, InterruptedException { foo.start(); bar.start(); - + String response = bar.execInContainer("wget", "-O", "-", "http://foo:8080").getStdout(); assertThat(response).contains("yay"); diff --git a/examples/testcontainers-java/src/test/java/com/joyrex2001/kubedock/examples/testcontainers/NginxTest.java b/examples/testcontainers-java/src/test/java/com/joyrex2001/kubedock/examples/testcontainers/NginxTest.java index 332c82d..049814f 100644 --- a/examples/testcontainers-java/src/test/java/com/joyrex2001/kubedock/examples/testcontainers/NginxTest.java +++ b/examples/testcontainers-java/src/test/java/com/joyrex2001/kubedock/examples/testcontainers/NginxTest.java @@ -1,5 +1,6 @@ package com.joyrex2001.kubedock.examples.testcontainers; +import org.junit.jupiter.api.Disabled; import org.junit.jupiter.api.Test; import org.testcontainers.containers.BindMode; @@ -39,8 +40,8 @@ void testNginx() throws IOException { nginx.start(); - URL serviceUrl = URI.create(String.format("http://%s:%d/", - nginx.getContainerIpAddress(), + URL serviceUrl = URI.create(String.format("http://%s:%d/", + nginx.getContainerIpAddress(), nginx.getMappedPort(NGINX_PORT))).toURL(); assertThat(Util.readFromUrl(serviceUrl))