Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TEP-0048 Pipeline as code #341

Closed
wants to merge 1 commit into from
Closed

Conversation

chmouel
Copy link
Member

@chmouel chmouel commented Feb 4, 2021

We would like to propose a opiniated flow to support the "Pipeline as code"
technique with tekton.

The pipelines as code emphasizes that the configuration of delivering pipelines
that build, test and deploy our applications or infrastructure should be treated
as code; they should be placed under source control and modularized in reusable
components with automated testing and deployment.

This TEP kicks off the initial discussion on the design and the scope of what we
want to achieve.

Signed-off-by: Chmouel Boudjnah chmouel@redhat.com

@tekton-robot tekton-robot requested review from kimsterv and a user February 4, 2021 18:00
@tekton-robot tekton-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Feb 4, 2021
@bobcatfish
Copy link
Contributor

/assign

@wlynch
Copy link
Member

wlynch commented Feb 4, 2021

/cc @wlynch

@tekton-robot tekton-robot requested a review from wlynch February 4, 2021 21:55
@vdemeester
Copy link
Member

/cc @vdemeester

@tekton-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign bobcatfish
You can assign the PR to them by writing /assign @bobcatfish in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@vdemeester vdemeester added the kind/tep Categorizes issue or PR as related to a TEP (or needs a TEP). label Feb 5, 2021
@pritidesai
Copy link
Member

assigning it to @skaegi

@pritidesai
Copy link
Member

/assign skaegi

* We should provide an easy way (single curl command and/or operator flag) to deploy Tekton with "tekton-as-code" support.
* We need assume single tenancy on the pipelines-as-code cluster.
* We assume single tenancy on the tekton-as-code cluster
* We assume the user does not need access to the cluster,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* We assume the user does not need access to the cluster,
* We assume the user does not need access to the cluster.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks 👍🏻

teps/0048-pipeline-as-code.md Show resolved Hide resolved
Copy link
Contributor

@bobcatfish bobcatfish left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@chmouel i think the proposal section needs a lot more details before we can review it - e.g. examples of the templates we'd provide - and we'd want to explore alternatives as well

for other TEPs we've been taking an approach where we merge the the TEP without the proposal initially, so we can all agree about the problem being tackled, and then we update it with design details - what do you think about taking that approach here? from my perspective id be nearly ready to merge the problem statement part of the TEP

teps/0048-pipeline-as-code.md Show resolved Hide resolved
we wish to provide dedicated support for it, by providing an easy way for users to
run pipelines and tasks stored in a specific folder of the repo. The same tool can be used by
pipeline and task authors for quick testing and experimentation of their code.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

something else that might be interesting to mention as motivation is that this is a feature supported by so so many other CI/CD systems

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@chmouel @FogDong I spent a bit of time looking at some other systems and whether or not most of them allow you to express both pipelines + triggering information as "code" (i.e. use version control as the source of truth) and it seems like most of them do

In this doc I took a really quick (and maybe inaccurate, plz add any corrections) look at:

  • Github actions
  • aws codepipeline
  • azure pipeline
  • jenkins (im the least sure i found the right info for this one)
  • circleci
  • travis
  • harness
  • bamboo
  • gitlab

I wanted to look at more, including Openshift pipelines ( + @vdemeester @imjasonh ?) but didnt get a chance!

plz feel free to add to this / expand on it / correct it / use anything useful in this TEP

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for doing this @bobcatfish

Yeah a lot of this has been focused on Pull request CI (pre-merge) and not much on CD and post-merge CI.

I definitively think it's in scope, there is Jenkins-X who supports this too with lighthouse which I find interesting.

We will definitively needs to do a bit of thinking on how to integrate this with triggers.

(and fyi openshift BuildConfig, openshift pipelines doesn't support triggering as code)


### Non-Goals

- GitOps: Pipelines as Code does not take care of the [GitOps primitives](https://www.weave.works/technologies/gitops/), it
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is it possible to be specific about which primitives it doesn't take care of?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In general, all of them, aka the TEP solely focuses on Pipeline def in the code being picked up. If it helps implementing GitOps operation/primites good but ain't a goal so far.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yep, there is quite a lot of definitions and interpretation of GitOPS, maybe PAC (pipelines as code) can help for only a subset of it but that's not the goal

teps/0048-pipeline-as-code.md Show resolved Hide resolved
* We need to be able to test changes inside the `.tekton` folder as part of the PR sent.
* We should provide an easy way (single curl command and/or operator flag) to deploy Tekton with "tekton-as-code" support.
* We need assume single tenancy on the pipelines-as-code cluster.
* We assume single tenancy on the tekton-as-code cluster
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you explain a bit more about what assuming single tenancy means here and why it's a requirement?

(is this a duplicate of the line above?)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's the initial assumption, to simplify the design a bit, @afrittoli @chmouel ?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yep 👍🏻

I wasn't sure about this at first, since multi tenancy is definitively something I would like to have, but there is quite a bit to talk about on multi tenancy support with tekton and it's not necessary a first class citizen on vanilla kubernetes too.

## Requirements

* We need to be able to test changes inside the `.tekton` folder as part of the PR sent.
* We should provide an easy way (single curl command and/or operator flag) to deploy Tekton with "tekton-as-code" support.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i dont exactly disagree with this requirement, but it seems to be specific to a particular solution (e.g. if we solved this by building support into triggers or pipelines, this might not be relevant?)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's true but work on "pipeline as code" can start / take place in parallel of getting this in triggers (or pipeline 😓 ). I think it's a requirement to "bootstrap" the work on the topic (giving time to implement this correctly if need be in tekton components).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree with @vdemeester

I don't think we need to make "triggering as code" a requirement for pipeline as code.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we need to make "triggering as code" a requirement for pipeline as code.

can we expand on this a bit? i DO think that we should aim for this - @chmouel you pointed out some other solutions that do not allow triggering as code, but i strongly feel that this is where we want to get to (solutions that don't currently provide it i'm guessing would if they could - and probably will eventually)

maybe one way to avoid expanding the scope of what you are planning too far is if we could include a requirement that for whatever solutions we look at, we at least consider how they could be expanded to support triggering as code? <-- this depends on whether we want what we explore here to be the tekton recommended way of doing pipelines as code, or whether we want this to be one of many options that tekton provides. if this is "the one tekton way" then i think we need to be a lot more thorough


The Tekton pipeline definitions are currently dissociated from a source code repository.
They may be located in the same repository as they code they should build, test and deploy,
but Tekton is not aware of them. Tekton expects the pipeline definition to be deployed to a
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tekton here is very "generic". The Tekton Pipeline component is not aware of them (and shouldn't, ever, probabl)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rephrases as "Tekton controller"

teps/0048-pipeline-as-code.md Show resolved Hide resolved

### Non-Goals

- GitOps: Pipelines as Code does not take care of the [GitOps primitives](https://www.weave.works/technologies/gitops/), it
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In general, all of them, aka the TEP solely focuses on Pipeline def in the code being picked up. If it helps implementing GitOps operation/primites good but ain't a goal so far.

* We need to be able to test changes inside the `.tekton` folder as part of the PR sent.
* We should provide an easy way (single curl command and/or operator flag) to deploy Tekton with "tekton-as-code" support.
* We need assume single tenancy on the pipelines-as-code cluster.
* We assume single tenancy on the tekton-as-code cluster
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's the initial assumption, to simplify the design a bit, @afrittoli @chmouel ?

## Requirements

* We need to be able to test changes inside the `.tekton` folder as part of the PR sent.
* We should provide an easy way (single curl command and/or operator flag) to deploy Tekton with "tekton-as-code" support.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's true but work on "pipeline as code" can start / take place in parallel of getting this in triggers (or pipeline 😓 ). I think it's a requirement to "bootstrap" the work on the topic (giving time to implement this correctly if need be in tekton components).

Comment on lines +184 to +191
## Alternatives

Instead of having a Tekton as a code task with a binary doing the 'work' we may
want to do this directly in triggers.

This is something that is possible to do currently but from my experience working
on POC and the future
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We will need more detailled alternative approach here at some point

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What kind of details would you like to see ? Alternative implementation or alternative design achieving tekton as code ?

The alternative design is I guess an ad-hoc approach, like the way we do right know which is not really tekton as code i guess.

@bobcatfish
Copy link
Contributor

@vdemeester: I also think it really shouldn't be at the tektoncd/pipeline level 👼🏼

This is something where @vdemeester and I differ BUT I'm wondering if one way we could avoid having to address that difference of opinion head on is to add a requirement to this TEP (which i think might already be implied) that whatever solution we have here, it doesn't preclude other solutions: i.e. say we add a "pipeline as code" top level project, folks can choose whether to use that or not, and there could potentially be other pipeline as code solutions later in addition to that one.

If we do want to make this TEP about the one true Tekton blessed way of doing pipelines as code then maybe Vincent and I will have to discuss this more sooner

@afrittoli
Copy link
Member

/test pull-community-teps-lint

@afrittoli afrittoli closed this Mar 1, 2021
@afrittoli afrittoli reopened this Mar 1, 2021
@afrittoli
Copy link
Member

/test pull-community-teps-lint

1 similar comment
@afrittoli
Copy link
Member

/test pull-community-teps-lint

@afrittoli afrittoli closed this Mar 1, 2021
@afrittoli afrittoli reopened this Mar 1, 2021
* User sends a PR.
* Pipeline as code start applying the template located in the `.tekton`
directory
* User is able to watch the pipeline execution status via `tkn` or `dashboard`.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm curious how the authors visualize this happening on the dashboard. Right now there's not a lot of filters other than namespaces and labels. Are these filters going to be used to find different variants of same pipeline in the same UI or would this involve some restructuring of the UI as well?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We chatted among RHT colleagues on how we wanted to present this if we wanted to expose pipeline as a code on the openshift console, which probably would be a bit the same for dashboard.

I would imagine, there would be a repository first view, where each repository can have a pipeline as a code status, with the different runs and link to logs.

Not so different from what we have on github actions and other CI i guess.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it would be a bit of a leap for the tekton dashboard to become aware of repositories - but it would be nice! reminds me of tektoncd/dashboard#1612 which is suggesting a grouping mechanism that could group triggering info + pipelines - i think @dibyom might be planning to look into proposing a grouping mechanism like this

@chmouel
Copy link
Member Author

chmouel commented Mar 22, 2021

@bobcatfish

for other TEPs we've been taking an approach where we merge the the TEP without the proposal initially, so we can all agree about the problem being tackled, and then we update it with design details - what do you think about taking that approach here? from my perspective id be nearly ready to merge the problem statement part of the TEP

I think that's the approach we wanted to take with @afrittoli, I initially drafter a lot of implementation details in this TEP and andrea convince to let this TEP be more alive so we can agree before on the problem statements and then start to do TEP updates on each implementation details.

Copy link
Member Author

@chmouel chmouel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry taking so much time replying on this but let's take this forward


The Tekton pipeline definitions are currently dissociated from a source code repository.
They may be located in the same repository as they code they should build, test and deploy,
but Tekton is not aware of them. Tekton expects the pipeline definition to be deployed to a
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rephrases as "Tekton controller"

we wish to provide dedicated support for it, by providing an easy way for users to
run pipelines and tasks stored in a specific folder of the repo. The same tool can be used by
pipeline and task authors for quick testing and experimentation of their code.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for doing this @bobcatfish

Yeah a lot of this has been focused on Pull request CI (pre-merge) and not much on CD and post-merge CI.

I definitively think it's in scope, there is Jenkins-X who supports this too with lighthouse which I find interesting.

We will definitively needs to do a bit of thinking on how to integrate this with triggers.

(and fyi openshift BuildConfig, openshift pipelines doesn't support triggering as code)


### Non-Goals

- GitOps: Pipelines as Code does not take care of the [GitOps primitives](https://www.weave.works/technologies/gitops/), it
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yep, there is quite a lot of definitions and interpretation of GitOPS, maybe PAC (pipelines as code) can help for only a subset of it but that's not the goal

## Requirements

* We need to be able to test changes inside the `.tekton` folder as part of the PR sent.
* We should provide an easy way (single curl command and/or operator flag) to deploy Tekton with "tekton-as-code" support.
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree with @vdemeester

I don't think we need to make "triggering as code" a requirement for pipeline as code.

* We need to be able to test changes inside the `.tekton` folder as part of the PR sent.
* We should provide an easy way (single curl command and/or operator flag) to deploy Tekton with "tekton-as-code" support.
* We need assume single tenancy on the pipelines-as-code cluster.
* We assume single tenancy on the tekton-as-code cluster
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yep 👍🏻

I wasn't sure about this at first, since multi tenancy is definitively something I would like to have, but there is quite a bit to talk about on multi tenancy support with tekton and it's not necessary a first class citizen on vanilla kubernetes too.

* We should provide an easy way (single curl command and/or operator flag) to deploy Tekton with "tekton-as-code" support.
* We need assume single tenancy on the pipelines-as-code cluster.
* We assume single tenancy on the tekton-as-code cluster
* We assume the user does not need access to the cluster,
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks 👍🏻

* User sends a PR.
* Pipeline as code start applying the template located in the `.tekton`
directory
* User is able to watch the pipeline execution status via `tkn` or `dashboard`.
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We chatted among RHT colleagues on how we wanted to present this if we wanted to expose pipeline as a code on the openshift console, which probably would be a bit the same for dashboard.

I would imagine, there would be a repository first view, where each repository can have a pipeline as a code status, with the different runs and link to logs.

Not so different from what we have on github actions and other CI i guess.

Comment on lines +184 to +191
## Alternatives

Instead of having a Tekton as a code task with a binary doing the 'work' we may
want to do this directly in triggers.

This is something that is possible to do currently but from my experience working
on POC and the future
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What kind of details would you like to see ? Alternative implementation or alternative design achieving tekton as code ?

The alternative design is I guess an ad-hoc approach, like the way we do right know which is not really tekton as code i guess.

We would like to propose a opiniated flow to support the "Pipeline as code"
technique with tekton.

The pipelines as code emphasizes that the configuration of delivering pipelines
that build, test and deploy our applications or infrastructure should be treated
as code; they should be placed under source control and modularized in reusable
components with automated testing and deployment.

This TEP kicks off the initial discussion on the design and the scope of what we
want to achieve.

Signed-off-by: Chmouel Boudjnah <chmouel@redhat.com>
@bobcatfish
Copy link
Contributor

In addressing the gap around "config as code" in tekton I feel strongly that we don't want to leave triggering configuration out (at least in the long run). If the idea is to automatically pick up the content of .tekton, I'm not sure how we could leave the triggering bit out of it? (e.g. are the contents of .tekton applied on every PR?) (maybe elaborating on the requirements around the .tekton dir will help make this clear)

I wanted to point out the TEP that @sbwsg has opened recently (#389) as potentially a way to let people treat their pipelines and tasks as code - in monday's API working group he demoed a way to allow folks to reference Tasks that are stored in git, or a gcs bucket, or oci or wherever. Another thing that might help me understand the scope of this TEP would be to understand - if we did have the functionality Scott demoed, what would this TEP be adding? (Some automation around the .tekton folder it sounds like?)

@tekton-robot
Copy link
Contributor

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale with a justification.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle stale

Send feedback to tektoncd/plumbing.

@tekton-robot tekton-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jun 24, 2021
@jerop
Copy link
Member

jerop commented Jul 12, 2021

/lifecycle frozen

there's a working group actively making progress on this

@tekton-robot tekton-robot added lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Jul 12, 2021
@chmouel chmouel closed this Jan 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/tep Categorizes issue or PR as related to a TEP (or needs a TEP). lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
Status: Proposed
Development

Successfully merging this pull request may close these issues.