{"id":18579226,"url":"https://github.com/faust64/tekton-demo","last_synced_at":"2026-01-29T10:02:50.272Z","repository":{"id":76091596,"uuid":"381316741","full_name":"faust64/tekton-demo","owner":"faust64","description":null,"archived":false,"fork":false,"pushed_at":"2021-07-27T04:58:46.000Z","size":22,"stargazers_count":0,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-06-05T13:49:55.288Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Makefile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/faust64.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-06-29T09:54:48.000Z","updated_at":"2021-07-27T04:58:49.000Z","dependencies_parsed_at":"2023-05-22T11:00:16.552Z","dependency_job_id":null,"html_url":"https://github.com/faust64/tekton-demo","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/faust64/tekton-demo","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/faust64%2Ftekton-demo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/faust64%2Ftekton-demo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/faust64%2Ftekton-demo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/faust64%2Ftekton-demo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/faust64","download_url":"https://codeload.github.com/faust64/tekton-demo/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/faust64%2Ftekton-demo/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28875446,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-29T09:47:23.353Z","status":"ssl_error","status_checked_at":"2026-01-29T09:47:19.357Z","response_time":59,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-06T23:39:31.870Z","updated_at":"2026-01-29T10:02:50.247Z","avatar_url":"https://github.com/faust64.png","language":"Makefile","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Tekton Demo\n\nDemo Tekton capabilities building, deploying, testing, ... container images.\n\nThis repository is part of a training, that would cover Kubernetes cluster\ndeployment, CSI integration, then some integrated registry deployment. At\nthat stage, you need your own Kubernetes cluster running, and a registry\nallowing for anonymous pull and pushes. Configurations in this repository\nwould assume that registry does not use TLS - though you may change some\nparams in the main Tekton Pipeline, integrating with an https registry.\n\n## Requirements\n\n- your own fork of this repository\n- a working Docker registry (WARNING: samples would not handle registry authentication! default uses http, though https can be enabled)\n- k8s nodes able to pull images from that registry\n- cert-manager operator (generating certificate for Tekton EventListener Ingress / not mandatory, could be done in many different ways ...)\n\n## Deploy Tekton\n\n```sh\n$ kubectl apply -f https://github.com/tektoncd/pipeline/releases/download/v0.25.0/release.yaml\n$ kubectl apply -f https://github.com/tektoncd/triggers/releases/download/v0.14.2/release.yaml\n$ kubectl apply -f https://github.com/tektoncd/triggers/releases/download/v0.14.2/interceptors.yaml\n$ kubectl apply -f https://github.com/tektoncd/dashboard/releases/download/v0.17.0/tekton-dashboard-release.yaml\n$ kubectl apply -f https://github.com/tektoncd/chains/releases/download/v0.2.0/release.yaml\n```\n\n## Patch Assets\n\n- using a namespace other than `test-tekton`, there would be some changes to\n make on YAML files, make sure to replace `test-tekton` with your own namespace\n name\n- make sure to replace `github-ci-el.example.com` occurences by the FQDN your\n Ingress Controllers would use, routing requests to Tekton EventListener\n- similarily, replace `tekton-dashboard.example.com` with the FQDN your Ingress\n Controllers would use serving your Tekton Dashboard\n- there's also a Secret in the `triggers-github` file that should be changed, to\n whatever token would be configured, on GitHub side, sending webhooks to your\n Tekton EventListener\n- replace mentions of `registry.registry.svc.cluster.local:5000` by the address\n of your container images registry. it is assumed your kubernetes nodes would\n be able to pull images from it, without authenticating. and that Tekton jobs\n may push images, without authenticating.\n- generate your own key pair (`cosign generate-key-pair`) then paste your\n passphrase, public and private keys into `tekton/secret-cosign.yaml`.\n\n## Install Assets\n\n```sh\n$ kubectl apply -f tekton/dashboard-certificate.yaml\n$ kubectl apply -f tekton/dashboard-ingress.yaml\n$ kubectl create ns test-tekton\n$ kubectl apply -n test-tekton -f tekton/rbac-pipelines.yaml\n$ kubectl apply -n test-tekton -f tekton/rbac-triggers.yaml\n$ kubectl apply -n test-tekton -f tekton/task-build.yaml\n$ kubectl apply -n test-tekton -f tekton/task-deploy.yaml\n$ kubectl apply -n test-tekton -f tekton/task-test.yaml\n$ kubectl apply -n test-tekton -f tekton/task-retag.yaml\n$ kubectl apply -n test-tekton -f tekton/task-scanimage.yaml\n$ kubectl apply -n test-tekton -f tekton/task-scanrepo.yaml\n$ kubectl apply -n test-tekton -f tekton/task-sign.yaml\n$ kubectl apply -n test-tekton -f tekton/secret-cosign.yaml\n$ kubectl apply -n test-tekton -f tekton/pipeline-ci.yaml\n$ kubectl apply -n test-tekton -f tekton/triggers-certificate.yaml\n$ kubectl apply -n test-tekton -f tekton/triggers-github.yaml\n$ kubectl apply -n test-tekton -f tekton/triggers-ingress.yaml\n```\n\n## Start Jobs Manually\n\nTest build some random docker image (old Nexus3):\n\n```sh\n$ kubectl apply -n test-tekton -f tekton/taskrun-buildah.yaml\n```\n\nTest full pipeline building your own fork (make sure to set proper git repo\nand container images registry URL using your own fork and registry):\n\n```sh\n$ kubectl create -n test-tekton tekton/pipelinerun-docker.yaml\n```\n\nIf all goes well, we should see the various steps completing without returning\nany error, and the PipelineRun acknowledge job was successful:\n\n```sh\n$ kubectl get pods -n test-tekton\nNAME READY STATUS RESTARTS AGE\nbuild-pipeline-6wnb8-build-6bpn6-pod-f4svw 0/6 Completed 0 114s\nbuild-pipeline-6wnb8-codescan-wskc7-pod-5bwk8 0/2 Completed 0 114s\nbuild-pipeline-6wnb8-deploy-pz9gq-pod-sjpnw 0/2 Completed 0 77s\nbuild-pipeline-6wnb8-imagescan-vf5zr-pod-cb2w5 0/1 Completed 0 77s\nbuild-pipeline-6wnb8-retag-4r6cz-pod-f8zft 0/3 Completed 0 36s\nbuild-pipeline-6wnb8-sign-9f8gn-pod-n9b5q 0/1 Completed 0 26s\nbuild-pipeline-6wnb8-teardown-ccr4t-pod-spxds 0/2 Completed 0 21s\nbuild-pipeline-6wnb8-test-nnp6p-pod-vv5px 0/2 Completed 0 52s\ndemo-151d066ee4cdfa1eabb527d09e2e112317de7acf-5984487669-tjsnh 0/1 Terminating 0 55s\nel-github-listener-64d656fccf-p55xv 1/1 Running 0 68m\n$ kubectl get pipelinerun -n test-tekton\nNAME SUCCEEDED REASON STARTTIME COMPLETIONTIME\nbuild-pipeline-6wnb8 True Succeeded 2m28s 44s\n```\n\n## Start Jobs Automatically\n\nConfigure GitHub Webhook on your fork of this repository. Make sure your hook\nsecret matches the one defined in your `tekton/triggers-github.yaml`, webhook\nendpoint should be the one defined in `tekton/triggers-ingress.yaml`, payload\ncontent type should be `application/json`. Disable TLS certificate verification\nif you are using self-signed certificates (as the defaults would, applying\n`tekton/triggers-certificate.yaml`).\n\nCommit and push some changes to your repository. Your Tekton EventListener\nshould receive a notification, triggering creation for some PipelineResources\nand a PipelineRun, that would scan your code, build an image, deploy a copy\nlocally and run integration tests, scanning the image, re-tag it if all went\nwell then terminate the demo deployment. Hopefully.\n\n## Going Further\n\nThe step running CI tests could submit its results to some SonarQube server (or\nequivalent), having such a deployment available.\n\nThe step scanning image downloads its database for each job. One may want to\ndeploy a Trivy server, caching that database locally and serving it to tekton\nscan-image jobs pod.\n\nWe could include some additional tasks sample, building binaries and pushing\nthem to some artifactory (eg: Nexus, jFrog Artifactory, ...). While give an\nexample of building container images based on such assets (?)\n\nWe may implement continuous deliveries for a given application, granted that\nthe YAML describing its deployment is part of our repository - or eventually\nanother repository - using something like ArgoCD\n\nAmong various ways of verifying images authenticity in Kubernetes, we could\nlook into Connaisseur - https://devopstales.github.io/home/k8s-connaisseur/.\n\nFix Tekton Tasks authenticating against container image registries.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffaust64%2Ftekton-demo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffaust64%2Ftekton-demo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffaust64%2Ftekton-demo/lists"}