test/fastapi-demo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
fastapi-demo/tekton/pipeline.yaml

104 lines
2.9 KiB
YAML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

apiVersion: tekton.dev/v1
kind: Pipeline
metadata:
name: fastapi-ci
namespace: tekton-ci
spec:
params:
- name: git-url
type: string
- name: git-revision
type: string
- name: image-tag
type: string
workspaces:
- name: source
tasks:
# 1. 拉取代码
- name: git-clone
taskRef:
name: git-clone
params:
- name: url
value: $(params.git-url)
- name: revision
value: $(params.git-revision)
workspaces:
- name: output
workspace: source
# 2. 单元测试
- name: pytest
runAfter: [git-clone]
taskSpec:
steps:
- name: test
image: python:3.10-slim
script: |
cd $(workspaces.source.path)
pip install -r requirements.txt
pytest app/test_main.py -v
workspaces:
- name: source
workspace: source
# 3. 构建并推送镜像 (Docker CLI, 需宿主机 docker socket限 k8smaster)
- name: build-and-push
runAfter: [pytest]
taskSpec:
nodeSelector:
kubernetes.io/hostname: k8smaster
steps:
- name: docker-build-push
image: docker:cli
env:
- name: DOCKER_HOST
value: unix:///var/run/docker.sock
script: |
cd $(workspaces.source.path)
docker build -t registry.plfai.cn/fastapi-demo:$(params.image-tag) .
cat $(workspaces.dockerconfig.path)/.dockerconfigjson | \
docker login registry.plfai.cn -u k3s --password-stdin 2>/dev/null || true
docker push registry.plfai.cn/fastapi-demo:$(params.image-tag)
volumeMounts:
- name: docker-sock
mountPath: /var/run/docker.sock
volumes:
- name: docker-sock
hostPath:
path: /var/run/docker.sock
type: Socket
workspaces:
- name: source
workspace: source
# 4. 镜像漏洞扫描 (可选trivy 镜像可能不可达)
- name: trivy-scan
runAfter: [build-and-push]
taskSpec:
steps:
- name: scan
image: alpine
script: |
echo "Trivy scan skipped (offline). Image: registry.plfai.cn/fastapi-demo:$(params.image-tag)"
echo "Run: trivy image --severity=HIGH,CRITICAL registry.plfai.cn/fastapi-demo:$(params.image-tag)"
# 5. 更新部署清单 (GitOps)
- name: gitops-update
runAfter: [trivy-scan]
taskSpec:
steps:
- name: update-image
image: alpine/git
script: |
git clone $(params.git-url) /workspace/repo
cd /workspace/repo
sed -i "s|image: registry.plfai.cn/fastapi-demo:.*|image: registry.plfai.cn/fastapi-demo:$(params.image-tag)|" \
k8s/deployment.yaml
git config user.email "tekton@plfai.cn"
git config user.name "Tekton CI"
git add k8s/deployment.yaml
git commit -m "ci: update image to $(params.image-tag) [skip ci]"
git push origin main
Reference in New Issue View Git Blame Copy Permalink