demo examples added

examples/v1alpha1/taskruns/stepaction_clone_build_push.yaml

@@ -0,0 +1,110 @@
+apiVersion: tekton.dev/v1alpha1
+kind: StepAction
+metadata:
+  name: git-clone
+spec:
+  params:
+    - name: outputpath
+    - name: url
+    - name: verbose
+      default: "true"
+    - name: gitInitImage
+      default: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.40.2"
+  results:
+    - name: commit
+      description: The precise commit SHA that was fetched by this Task.
+    - name: url
+      description: The precise URL that was fetched by this Task.
+    - name: committer-date
+      description: The epoch timestamp of the commit that was fetched by this Task.
+  image: "$(params.gitInitImage)"
+  script: |
+    #!/usr/bin/env sh
+    set -eu
+
+    if [ "$(params.verbose)" = "true" ] ; then
+      set -x
+    fi
+    git config --global --add safe.directory $(params.outputpath)
+    git config --global init.defaultBranch main
+    git clone $(params.url) $(params.outputpath)
+    cd $(params.outputpath)
+    RESULT_SHA="$(git rev-parse HEAD)"
+    RESULT_COMMITTER_DATE="$(git log -1 --pretty=%ct)"
+    printf "%s" "${RESULT_COMMITTER_DATE}" > "$(step.results.committer-date.path)"
+    printf "%s" "${RESULT_SHA}" > "$(step.results.commit.path)"
+    printf "%s" "$(params.url)" > "$(step.results.url.path)"
+---
+apiVersion: tekton.dev/v1alpha1
+kind: StepAction
+metadata:
+  name: kaniko
+spec:
+  params:
+    - name: IMAGE
+      description: Name (reference) of the image to build.
+    - name: DOCKERFILE
+      description: Path to the Dockerfile to build.
+      default: ./Dockerfile
+    - name: CONTEXT
+      description: The build context used by Kaniko.
+      default: ./
+    - name: EXTRA_ARGS
+      type: array
+      default: []
+    - name: BUILDER_IMAGE
+      description: The image on which builds will run (default is v1.5.1)
+      default: gcr.io/kaniko-project/executor:v1.5.1@sha256:c6166717f7fe0b7da44908c986137ecfeab21f31ec3992f6e128fff8a94be8a5
+    - name: sourcePath
+  results:
+    - name: IMAGE_DIGEST
+      description: Digest of the image just built.
+  workingDir: $(params.sourcePath)
+  image: $(params.BUILDER_IMAGE)
+  args:
+    - $(params.EXTRA_ARGS)
+    - --dockerfile=$(params.DOCKERFILE)
+    - --context=$(params.sourcePath)/$(params.CONTEXT) # The user does not need to care the workspace and the source.
+    - --destination=$(params.IMAGE)
+    - --digest-file=$(step.results.IMAGE_DIGEST.path)
+---
+apiVersion: tekton.dev/v1
+kind: TaskRun
+metadata:
+  name: clone-build-push
+spec:
+  params:
+    - name: url
+      value: https://github.com/chitrangpatel/repo1M
+    - name: IMAGE
+      value: us-central1-docker.pkg.dev/chitrang-tekton/chitrang/ci 
+  workspaces:
+    - name: source
+      emptyDir: {}
+  TaskSpec:
+    results:
+      - name: commit
+        value: $(steps.clone.results.commit)
+      - name: url
+        value: $(steps.clone.results.url)
+      - name: committer-date
+        value: $(steps.clone.results.committer-date)
+      - name: image_digest
+        value: $(steps.build-push.results.IMAGE_DIGEST)
+    steps:
+      - name: clone
+        ref:
+          name: git-clone
+        params:
+          - name: url
+            value: $(params.url)
+          - name: outputpath
+            value: $(workspaces.source.path)
+      - name: build-push
+        ref:
+          name: kaniko
+        params:
+          - name: sourcePath
+            value: $(workspaces.source.path)
+          - name: IMAGE
+            value: $(params.IMAGE)

examples/v1alpha1/taskruns/stepaction_trused_artifacts.yaml

@@ -0,0 +1,195 @@
+apiVersion: tekton.dev/v1alpha1
+kind: StepAction
+metadata:
+  name: upload-artifact-gcs
+spec:
+  params:
+    - name: sourcePath
+    - name: location
+      description: The address (including "gs://") where you'd like to upload files to.
+  results:
+    - name: anArtifact
+      type: object
+      properties:
+        path:
+          type: string
+        url:
+          type: string
+        hash:
+          type: string
+        type:
+          type: string
+  image: gcr.io/google.com/cloudsdktool/cloud-sdk:379.0.0-slim@sha256:d844877c7aaa06a0072979230c68417ddb0f27087277f29747c7169d6ed0d2b9
+  script: |
+    #!/usr/bin/env bash
+    if [ -f $(params.sourcePath) ]; then
+      A_FILE_HASH=$(md5sum "$(params.sourcePath)" | awk '{ print $1 }')
+      gsutil cp $(params.sourcePath) $(params.location)
+      TYPE=file
+    else
+      tar czf $(params.sourcePath).tar.gz $(params.sourcePath)
+      A_FILE_HASH=$(md5sum "$(params.sourcePath).tar.gz" | awk '{ print $1 }')
+      gsutil cp $(params.sourcePath).tar.gz $(params.location)
+      TYPE=folder
+    fi
+    cat <<EOF | tee $(step.results.anArtifact.path)
+    {
+      "path": "$(params.sourcePath)",
+      "url" : "$(params.location)",
+      "hash": "${A_FILE_HASH}",
+      "type": "${TYPE}"
+    }
+    EOF
+---
+apiVersion: tekton.dev/v1alpha1
+kind: StepAction
+metadata:
+  name: download-artifact-gcs
+spec:
+  params:
+    - name: anArtifact
+      type: object
+      properties:
+        path:
+          type: string
+        url:
+          type: string
+        hash:
+          type: string
+        type:
+          type: string
+  image: gcr.io/google.com/cloudsdktool/cloud-sdk:379.0.0-slim@sha256:d844877c7aaa06a0072979230c68417ddb0f27087277f29747c7169d6ed0d2b9
+  script: |
+    #!/usr/bin/env bash
+    set -e
+    # Check the md5sum
+    if [ "$(params.anArtifact.type)" ==  "file" ]; then
+      gsutil cp $(params.anArtifact.url) $(params.anArtifact.path)
+      echo "$(params.anArtifact.hash) $(params.anArtifact.path)" | md5sum -c
+    else
+      gsutil cp $(params.anArtifact.url) download.tgz
+      echo "$(params.anArtifact.hash) download.tgz" | md5sum -c
+      mkdir $(params.anArtifact.path)
+      tar xzf download.tgz
+      ls -lh $(params.anArtifact.path)
+    fi
+---
+apiVersion: tekton.dev/v1
+kind: PipelineRun
+metadata:
+  name: trusted-artifacts
+spec:
+  taskRunTemplate:
+    serviceaccountname: chitrangksa
+  workspaces:
+  - name: artifactStorageProducer
+    emptyDir: {}
+  params:
+    - name: location
+      value: "gs://chitrang-prow"
+  pipelineSpec:
+    tasks:
+      - name: producer
+        workspaces:
+          - name: artifactStorageProducer
+        params:
+          - name: location
+            value: $(params.location)
+        taskSpec:
+          workspaces:
+            - name: artifactStorageProducer
+          results:
+            - name: aFileArtifact
+              type: object
+              properties:
+                path:
+                  type: string
+                url:
+                  type: string
+                hash:
+                  type: string
+                type:
+                  type: string
+              value: $(steps.upload-hash-file.results.anArtifact)
+            - name: aFolderArtifact
+              type: object
+              properties:
+                path:
+                  type: string
+                url:
+                  type: string
+                hash:
+                  type: string
+                type:
+                  type: string
+              value: $(steps.upload-hash-folder.results.anArtifact)
+          steps:
+            - name: produce-file
+              image: bash:latest
+              script: |
+                #!/usr/bin/env bash
+                # Produce some content
+                date +%s | tee "$(workspaces.artifactStorageProducer.path)/afile.txt"
+            - name: upload-hash-file
+              ref:
+                name: upload-artifact-gcs
+              params:
+                - name: sourcePath
+                  value: $(workspaces.artifactStorageProducer.path)/afile.txt
+                - name: location
+                  value: $(params.location)/afile.txt
+            - name: produce-folder
+              image: bash:latest
+              script: |
+                #!/usr/bin/env bash
+                A_FOLDER_PATH=$(workspaces.artifactStorageProducer.path)/afolder
+                mkdir "$A_FOLDER_PATH"
+                date +%s | tee "${A_FOLDER_PATH}/a.txt"
+                date +%s | tee "${A_FOLDER_PATH}/b.txt"
+                date +%s | tee "${A_FOLDER_PATH}/c.txt"
+            - name: upload-hash-folder
+              ref:
+                name: upload-artifact-gcs 
+              params:
+                - name: sourcePath
+                  value: $(workspaces.artifactStorageProducer.path)/afolder
+                - name: location
+                  value: $(params.location)/afolder
+      - name: consumer
+        params:
+          - name: aFileArtifact
+            value: $(tasks.producer.results.aFileArtifact)
+          - name: aFolderArtifact
+            value: $(tasks.producer.results.aFolderArtifact)
+        workspaces:
+          - name: artifactStorageProducer
+        taskSpec:
+          params:
+          workspaces:
+            - name: artifactStorageProducer
+          steps:
+            - name: download-verify-file
+              ref:
+                name: download-artifact-gcs
+              params:
+                - name: anArtifact
+                  value:
+                    path: $(params.aFileArtifact.path)
+                    url: $(params.aFileArtifact.url)
+                    hash: $(params.aFileArtifact.hash)
+                    type: $(params.aFileArtifact.type)
+            - name: download-verify-folder
+              ref:
+                name: download-artifact-gcs
+              params:
+                - name: anArtifact
+                  value:
+                    path: $(params.aFolderArtifact.path)
+                    url: $(params.aFolderArtifact.url)
+                    hash: $(params.aFolderArtifact.hash)
+                    type: $(params.aFolderArtifact.type)
+            - name: consume-content
+              image: bash:latest
+              script: |
+                #!/usr/bin/env bash
+                find $(workspaces.artifactStorageProducer.path) -type f