Catalog of Tasks usable in Continuous Delivery Tekton Pipelines
If you want v1alpha1
resources, you need to reference the tekton_pipeline0.10.1
tag (or
tekton_pipeline0.10.1_workspace
tag to have v1alpha1
resources using workspaces).
Note:
- These tasks are usable with Continuous Delivery Tekton Pipeline Worker Agent (Tekton definition with apiVersion: v1beta1). These tasks have been updated following migration path described in https://github.com/tektoncd/pipeline/blob/v0.11.2/docs/migrating-v1alpha1-to-v1beta1.md
-
These tasks are using kebab-case style for EVERY parameters names. So parameter
pathToContext
(in previous versions of the tasks) has been renamed aspath-to-context
, parameterclusterName
has been renamed tocluster-name
and so on... -
communication
folder has been renamed toslack
folder -
Some tasks has been renamed to match the following name format
<category alias>-<task>
where category alias is depending on the folder containing the tasks:Folder/Category Category alias cloudfoundry cf container-registry icr devops-insights doi git git kubernetes-service iks slack slack toolchain toolchain The task new names are listed in the following table:
Folder Old task name New task name container-registry containerize-task icr-containerize container-registry cr-build-task icr-cr-build container-registry execute-in-dind-task icr-execute-in-dind container-registry execute-in-dind-cluster-task icr-execute-in-dind-cluster container-registry vulnerability-advisor-task icr-check-va-scan git clone-repo-task git-clone-repo git set-commit-status git-set-commit-status kubernetes-service fetch-iks-cluster-config iks-fetch-config kubernetes-service kubernetes-contextual-execution iks-contextual-execution slack post-slack slack-post-message -
Tasks that use workspace(s) may have changed the expected workspace name. Here is the list of the breaking changes for the expected workspace name
Folder Task Old workspace name New workspace name Description container-registry icr-containerize workspace source A workspace containing the source (Dockerfile, Docker context) to create the image container-registry icr-cr-build workspace source A workspace containing the source (Dockerfile, Docker context) to create the image container-registry icr-execute-in-dind workspace source A workspace containing the source (Dockerfile, Docker context) to create the image container-registry icr-execute-in-dind-cluster workspace source A workspace containing the source (Dockerfile, Docker context) to create the image container-registry icr-check-va-scan workspace artifacts Workspace that may contain image information and will have the va report from the VA scan after this task exection git git-clone-repo workspace output Workspace where the git repository will be cloned into git git-set-commit-status workspace artifacts Workspace that may contain git repository information (ie build.properties). Should be marked as optional when Tekton will permit it kubernetes-service iks-fetch-config workspace cluster-configuration A workspace where the kubernetes cluster config is exported kubernetes-service iks-contextual-execution workspace cluster-configuration A workspace that contain the kubectl cluster config to be used
-
Tasks that are expecting a secret to retrieve apikey and/or secret values have been updated to use the default secret
secure-properties
injected by Continuous Delivery Tekton Pipeline support. The updated tasks are:- icr-check-va-scan
- icr-containerize
- icr-cr-build
- icr-execute-in-dind
- icr-execute-in-dind-cluster
- git-clone-repo
- git-set-commit-status
- iks-fetch-config
Note: As a reminder, in previous version (before
secure-properties
injection by CD tekton support), the default was set tocd-secret
- cf-deploy-app: This task allows to perform a deployment of a Cloud Foundry application using
ibmcloud cf
commands.
- icr-containerize: This task is building and pushing an image to IBM Cloud Container Registry. This task is relying on Buildkit to perform the build of the image.
- icr-cr-build: This task builds and pushes an image to the IBM Cloud Container Registry. This task relies on IBM Cloud Container Registry
build
command to perform the build of the image. - icr-execute-in-dind: This task runs
docker
commands (build, inspect...) that communicate with a sidecar dind, and push the resulting image to the IBM Cloud Container Registry. - icr-execute-in-dind-cluster: This task runs
docker
commands (build, inspect...) that communicate with a docker dind instance hosted in a kubernetes cluster (eventually deploying the Docker DinD if needed), and pushes the resulting image to the IBM Cloud Container Registry. - icr-check-va-scan: This task is verifying that a Vulnerability Advisor scan has been made for the image and process the outcome of the scan.
- doi-publish-buildrecord: This task publishes build record to DevOps Insights
- doi-publish-testrecord: This task publishes test record(s) to DevOps Insights
- doi-publish-deployrecord: This task publishes deploy record to DevOps Insights
- doi-evaluate-gate: This task evaluates DevOps Insights gate policy
- git-clone-repo: This task fetches the credentials needed to perform a git clone of a repo specified by a Continuous Delivery toolchain and then uses them to clone the repo.
- git-set-commit-status: This task is setting a git commit status for a given git commit (revision) in a git repository repository integrated in a Continuous Delivery toolchain.
- iks-fetch-config: This task is fetching the configuration of a IBM Cloud Kubernetes Service cluster that is required to perform
kubectl
commands. - iks-contextual-execution: This task is executing bash snippet/script in the context of a Kubernetes cluster configuration.
- iks-deploy-to-kubernetes: This task allows to perform scripts typically doing deployment of a Kubernetes application with
ibmcloud ks
cli andkubectl
cli configured for a given cluster.
- linter-docker-lint: This task performs a lint on the given Dockerfile using Hadolint.
- signing-dct-init: This task initialize Docker Content Trust GUN/repository
- signing-dct-sign: This task performs a Docker Content Trust signature on a given image
- signing-dct-enforcement-policy: This task installs Container Image Security Enforcement on a given cluster.
- slack-post-message: This task posts a message to the Slack channel(s) integrated to your Continuous Delivery toolchain.
- tester-run-tests: This task allows to invoke a script to execute test.
- toolchain-publish-deployable-mapping: This task creates or updates a toolchain deployable mapping for a Continuous Delivery toolchain.
- toolchain-extract-value: This task extracts values from the desired config map with a given jq expression.