apiVersion: tekton.dev/v1beta1 kind: Task metadata: name: promote namespace: {{ $.Release.Namespace }} spec: description: >- This task will promote images and chart into a non-test repository workspaces: - name: k8s_cluster_data - name: development_pipeline_data steps: - name: promote-artifacts image: {{ $.Values.tasks.promote.promoteImage }} env: # Connect to the sidecar over TCP, with TLS. - name: DOCKER_HOST value: tcp://localhost:2376 # Verify TLS. - name: DOCKER_TLS_VERIFY value: '1' # Use the certs generated by the sidecar daemon. - name: DOCKER_CERT_PATH value: /certs/client # specify HELM_DATA_HOME since tekton defines HOME as /home/tekton, which is used by Helm by default meaning # Helm won't find any plugins installed during image build time - name: HELM_DATA_HOME value: /root/.local/share/helm volumeMounts: - mountPath: /tekton/home/.docker/config.json name: image-push-creds subPath: .dockerconfigjson - mountPath: /certs/client name: dind-certs - mountPath: /usr/local/share/ca-certificates/harbor-ca.crt name: harbor-ca subPath: harbor-ca - mountPath: /workspace/helm-creds name: helm-publish-creds script: | /jarvis/promote_artifacts.sh sidecars: - image: {{ $.Values.tasks.image.sidecarServer }} name: server args: - --storage-driver=vfs - --userland-proxy=false - --debug - --insecure-registry={{ $.Values.tasks.image.insecureRegistry }} ##TODO: Get rid of privileged true securityContext: privileged: true env: # Write generated certs to the path shared with the client. - name: DOCKER_TLS_CERTDIR value: /certs volumeMounts: - mountPath: /certs/client name: dind-certs # Wait for the dind daemon to generate the certs it will share with the # client. readinessProbe: periodSeconds: 1 exec: command: ['ls', '/certs/client/ca.pem'] volumes: - name: dind-certs emptyDir: {} - name: image-push-creds secret: secretName: harbor-docker-auth - name: helm-publish-creds secret: secretName: harbor-basic-auth - name: harbor-ca secret: secretName: harbor-ca