This tool is used for the generation of trusted artifacts variants of a task.
It will process a set of directions in recipe.yaml file and
based on that and a set of builtin conventions generate the Tekton Task
definition in YAML format.
This tool is used by the hack/generate-ta-tasks.sh script.
The tool uses only one argument - path to the recipe.yaml file.
These recipe.yaml files are stored in the task directories ending with -oci-ta.
Usage (from the task-generator/trusted-artifacts directory)
go run . path/to/recipe.yaml
The generated Trusted Artifacts Task is provided on the standard output.
Recipe defines how to transform a non-Trusted Artifacts Tekton Task definition to a Trusted Artifacts Tekton Task definition.
Basic recipe consists of providing a base path to the non-Trusted Artifacts Task
and declaring that the Task will either create or use Trusted Artifacts by
setting the add to create-source, create-cachi2, use-source and/or
use-cachi2.
For example:
---
base: ../../mytask/0.1/mytask.yaml
add:
- use-source
- create-source
Further options can be added as needed, most commonly removal of workspace
declarations using removeWorkspaces and string replacements using
replacements.
The following is the list of supported options:
| Option | Type | Description |
|---|---|---|
add |
sequence of strings | Task Steps to add, can be one or more of create-source, create-cachi2, use-source or use-cachi2 |
addEnvironment |
sequence of EnvVar | Additional environment variables to add to all existing Task Steps in the non-Trusted Artifact Task |
additionalSteps |
sequence of AdditionalSteps | Additional Tekton Steps to add |
addParams |
sequence of Tekton ParamSpecs | Additional Tekton Task parameters to add to the Task |
addResult |
sequence of Tekton TaskResults | Additional Tekton Task results to add to the Task |
addVolume |
sequence of Volumes | Additional Volumes to add to the Task |
addVolumeMount |
sequence of VolumeMounts | Additional VolumeMount to add to the Task |
base |
string | Relative path from recipe.yaml to the Task definition of the non-Trusted Artifacts Task |
description |
string | Description of the Trusted Artifacts Task |
displaySuffix |
string | Additional text to place to the value of tekton.dev/displayName annotation from the non-Trusted Artifacts Task to the Trusted Artifacts Task (default: " oci trusted artifacts") |
preferStepTemplate |
boolean | When true preference is set to configure common configuration on the Task.spec.stepTemplate rather than on each Task Step |
regexReplacements |
map of strings keys and string values | Perform regular expression-based replacement with keys being the regular expression and the values being the replacement, see Replacements |
removeParams |
sequence of strings | Names of Task parameters to remove |
removeVolumes |
sequence of strings | Names of Task Volumes to remove |
removeWorkspaces |
sequence of strings | Names of Workspaces to remove |
replacements |
map of strings keys and string values | Replacements to perform, keys will be replaced with the values |
suffix |
string | Additional text to place to the Task name from the non-Trusted Artifacts Task to the Trusted Artifacts Task (default: "-oci-ta") |
| Option | Type | Description |
|---|---|---|
| Any key from Tekton Step | Tekton Step | Inline definition of a Tekton Step |
at |
number | Step insertion point as a index of the Task.spec.steps sequence |
Both regular expression (regexReplacements) and string based replacements
(replacements) operate on a fixed set of keys in the Task, these are:
- Task.spec.stepTemplate.env
- Task.spec.stepTemplate.workingDir
- Task.spec.steps.env
- Task.spec.steps.workingDir
- Task.spec.steps.script
There are various included tests in the golden folder.
They use the base.yaml file which gets modified based on the recipe.yaml and is compared to the ta.yaml
go test ./...