diff --git a/git/README.md b/git/README.md index 172eb157c3..ff6c489110 100644 --- a/git/README.md +++ b/git/README.md @@ -177,6 +177,17 @@ There are 4 additional parameters in addition to the ones mentioned above for th ### Usage +## `git-clone-ssh` + +This task does `git clone` using SSH with the authentication described in [Git SSH Auth](./git-ssh-auth.md). + +This `Task` has two input parameters: + +1. `url` (**required**) is the url to the git repository +2. `path` (optional) is the path on the workspace volume, `code` is default directory. + +See [example `Pipeline`](./git-ssh-auth.md#example-pipeline) + [git-ref]: https://git-scm.com/book/en/v2/Git-Internals-Git-References [git-merge]: https://git-scm.com/docs/git-merge [git-cherry-pick]: https://git-scm.com/docs/git-cherry-pick diff --git a/git/git-clone-ssh.yaml b/git/git-clone-ssh.yaml new file mode 100644 index 0000000000..19ac453639 --- /dev/null +++ b/git/git-clone-ssh.yaml @@ -0,0 +1,23 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: git-clone-ssh +spec: + workspaces: + - name: output + description: The git repo will be cloned onto the volume backing this workspace + params: + - name: url + type: string + description: git url to clone + - name: path + type: string + default: code + description: path on the workspace to where the files are cloned + steps: + - name: git-clone + image: bitnami/git:2.26.2 + command: ['git', '-c', 'core.sshCommand=ssh -i /etc/ssh/id_rsa', 'clone', '$(params.url)', '$(workspaces.output.path)/$(params.path)'] + volumeMounts: + - mountPath: /etc/ssh + name: ssh-auth \ No newline at end of file diff --git a/git/git-ssh-auth.md b/git/git-ssh-auth.md new file mode 100644 index 0000000000..d402f40fc6 --- /dev/null +++ b/git/git-ssh-auth.md @@ -0,0 +1,107 @@ +# Git SSH Auth + +## Configuration of SSH with GitHub as example + +Prepare secrets for SSH authentication. + +### Prepare `known_hosts` file +Example using github.com + +1. Create file with `known_hosts` (you may also want to verify this further) + + ``` + ssh-keyscan github.com > ssh_known_hosts + ``` + +2. Create secret from file + + ``` + kubectl create secret generic github-known-hosts --from-file=ssh_known_hosts + ``` + +### Generate and distribute SSH key pair +Generate a separate SSH key pair for Tekton + +1. Generate keypair to local file + + ``` + ssh-keygen -t rsa -b 4096 -f id_rsa -q -N "" + ``` + +2. Create a secret from the private key + + ``` + kubectl create secret generic github-private-key --from-file=id_rsa + ``` + +3. Upload the public key `id_rsa.pub` to GitHub + + Start with copying the content of the public key with + + ``` + pbcopy < id_rsa.pub + ``` + + And follow [Adding a new SSH key to your GitHub account](https://help.github.com/en/github/authenticating-to-github/adding-a-new-ssh-key-to-your-github-account) + + +## Example Pipeline + +``` +apiVersion: tekton.dev/v1beta1 +kind: Pipeline +metadata: + name: pipeline-with-git-clone +spec: + params: + - name: git-url + type: string + description: Url to git repo + tasks: + - name: git-clone + taskRef: + name: git-clone-ssh + params: + - name: url + value: "$(params.git-url)" + workspaces: + - name: output + workspace: ws + workspaces: + - name: ws +``` + +An example `PipelineRun` for triggering a `git clone` + +``` +apiVersion: tekton.dev/v1beta1 +kind: PipelineRun +metadata: + generateName: git-clone-ssh- +spec: + params: + - name: git-url + value: git@github.com:jlpettersson/myapp.git # example GitHub repo url + pipelineRef: + name: pipeline-with-git-clone + workspaces: + - name: ws + volumeClaimTemplate: + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 1Gi + taskRunSpecs: + - pipelineTaskName: git-clone # name of task in the Pipeline + taskPodTemplate: + volumes: + - name: ssh-auth # name of volume - matching name in Task + projected: + defaultMode: 0400 + sources: + - secret: + name: github-known-hosts # name of Secret from Auth setup + - secret: + name: github-private-key # name of Secret from Auth setup +``` \ No newline at end of file