feat: 开发测试接口

2026-05-01 09:29:08 +08:00
parent 0994da75fe
commit 5828b6c268
13 changed files with 303 additions and 0 deletions
--- a/tekton/pipeline.yaml
+++ b/tekton/pipeline.yaml
@@ -0,0 +1,90 @@
+apiVersion: tekton.dev/v1
+kind: Pipeline
+metadata:
+  name: fastapi-ci
+  namespace: tekton-ci
+spec:
+  params:
+  - name: git-url
+    type: string
+  - name: git-revision
+    type: string
+  - name: image-tag
+    type: string
+  workspaces:
+  - name: source
+  - name: dockerconfig
+  tasks:
+
+  # 1. 拉取代码
+  - name: git-clone
+    taskRef:
+      name: git-clone
+    params:
+    - name: url
+      value: $(params.git-url)
+    - name: revision
+      value: $(params.git-revision)
+    workspaces:
+    - name: output
+      workspace: source
+
+  # 2. 单元测试
+  - name: pytest
+    runAfter: [git-clone]
+    taskSpec:
+      steps:
+      - name: test
+        image: python:3.10-slim
+        script: |
+          cd $(workspaces.source.path)
+          pip install -r requirements.txt
+          pytest app/test_main.py -v
+    workspaces:
+    - name: source
+      workspace: source
+
+  # 3. 构建并推送镜像 (Kaniko)
+  - name: build-and-push
+    runAfter: [pytest]
+    taskRef:
+      name: kaniko
+    params:
+    - name: IMAGE
+      value: "registry.plfai.cn/fastapi-demo:$(params.image-tag)"
+    workspaces:
+    - name: source
+      workspace: source
+    - name: dockerconfig
+      workspace: dockerconfig
+
+  # 4. 镜像漏洞扫描
+  - name: trivy-scan
+    runAfter: [build-and-push]
+    taskSpec:
+      steps:
+      - name: scan
+        image: aquasec/trivy:latest
+        args:
+        - image
+        - --severity=HIGH,CRITICAL
+        - --exit-code=1
+        - "registry.plfai.cn/fastapi-demo:$(params.image-tag)"
+
+  # 5. 更新部署清单 (GitOps)
+  - name: gitops-update
+    runAfter: [trivy-scan]
+    taskSpec:
+      steps:
+      - name: update-image
+        image: alpine/git
+        script: |
+          git clone $(params.git-url) /workspace/repo
+          cd /workspace/repo
+          sed -i "s|image: registry.plfai.cn/fastapi-demo:.*|image: registry.plfai.cn/fastapi-demo:$(params.image-tag)|" \
+            k8s/deployment.yaml
+          git config user.email "tekton@plfai.cn"
+          git config user.name "Tekton CI"
+          git add k8s/deployment.yaml
+          git commit -m "ci: update image to $(params.image-tag) [skip ci]"
+          git push origin main