pipelines.md

CICD

OpenShift Pipelines

OpenShift Pipelines is a built-in tool for automating software delivery within OpenShift, as it was an assembly line for your code. Code gets submitted, triggering a series of automated tests and builds (CI). If all goes well, the pipeline automatically deploys the code to your OpenShift environment (CD).

OpenShift Pipelines runs each step of the pipeline in its own container. This lets you scale the pipeline up or down based on your needs. Plus, it's built on Tekton, a standard for CI/CD tools, so it integrates well with existing tools you might already use.

A pipeline definition is the blueprint for your automated software delivery process in OpenShift Pipelines. It outlines the specific steps your code goes through, from testing to deployment. Here are the key elements:

• Parameters: These allow you to customize pipeline behavior by passing in values during execution. For example, you could have a parameter for the application environment (development, testing, production).
• Workspaces: Workspaces provide shared storage for tasks to exchange data. They are defined within the pipeline and referenced by specific tasks.
• Tasks: These are the individual actions performed within a stage, such as running unit tests, building container images, or deploying your application to OpenShift.

Check the Pipeline definition: 01-pipeline.yaml.

PipelineRun represents a single execution or instance of a pipeline definition. It declares:

• pipelineRef: specifies the exact pipeline configuration that the PipelineRun should follow.
• taskRunTemplate: defines the execution template for each task within the pipeline.
• timeouts: establish a maximum allowed runtime for each task within the PipelineRun. This acts as a safeguard to prevent tasks from hanging indefinitely.
• workspaces: specifies how workspaces are mapped on the Persistent Volume Claims

Check the PipelineRun definition: 03-pipeline-run.yaml.

Since, workspaces relies on Persistent Volume Claim, before lauching the pipeline run we define a PVC.

Deploy everything and run:

oc apply -k k8s/pipeline/

Once the pipeline is executed all termined pods can be cleaned:

oc delete pods --field-selector=status.phase=Succeeded

Automating Pipeline Execution with Triggers

Tekton Triggers provide a powerful mechanism for automating pipeline execution in OpenShift Pipelines. These four components work together to define when and how a pipeline should run based on specific events.

1. EventListener:

This acts as the starting point. The EventListener is a service that listens for external events from various sources like Git (pushes, pull requests), CI systems (build completions), or even custom events generated by other applications.

2. TriggerBinding:

This component acts as a bridge between the EventListener and the pipeline execution. Imagine it as a translator. The TriggerBinding receives the raw event payload from the EventListener and extracts relevant data points specific to your pipeline needs. For instance, from a Git push event, it might extract the branch name or commit message.

3. TriggerTemplate:

This defines the action to be taken when a qualifying event is received. Think of it as the instruction manual. The TriggerTemplate specifies a blueprint for creating a PipelineRun or TaskRun, essentially launching the desired pipeline execution. It also references the extracted data from the TriggerBinding to potentially customize the pipeline execution. For example, it could use the extracted branch name to trigger a different pipeline for development vs. production branches.

4. Trigger:

This component ties everything together. It defines the specific event that will trigger the pipeline execution and references both the TriggerBinding and the TriggerTemplate. The Trigger acts like a filter, specifying which events (e.g., pushes to a specific branch) should activate the pipeline and how it should be run (using the TriggerTemplate and extracted data from the TriggerBinding).

Here's how it works in action:

1. An external event (e.g., Git push) occurs.
2. The EventListener detects the event and sends the payload to the TriggerBinding.
3. The TriggerBinding extracts relevant data from the payload.
4. The Trigger checks if the event matches the defined criteria and, if so, references the TriggerTemplate.
5. The TriggerTemplate uses the extracted data to create a PipelineRun or TaskRun, launching the pipeline execution.

This approach allows for a flexible and event-driven way to automate your pipelines. Pipelines only run when specific events occur, reducing unnecessary executions and streamlining your development workflow.

Webhook Secret

Create a secret to host the webhook secret

oc create secret generic github-webhook-secret --from-literal=secretToken=<webhook-secret>

Configure the trigger and the event listener

oc apply -k k8s/trigger/

Useful information

• CEL Expression lenguage reference

  • https://github.com/google/cel-go
  • https://github.com/tektoncd/triggers/blob/release-v0.26.x/docs/cel_expressions.md

• Increase the log verbosity to debug issues

  Change log level:

  oc edit cm config-logging -n openshift-pipelines

  https://github.com/tektoncd/triggers/blob/main/docs/troubleshooting.md#configuring-debug-logging-for-eventlisteners

• Blog articles:

  • An introduction to GitOps
  • Filtering tekton trigger operations