.ci/pipeline.yaml

apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
  name: homelab
spec:
  workspaces:
    - name: shared-data
  tasks:

    - name: git-clone
      taskRef:
        name: git-clone
      workspaces:
        - name: output
          workspace: shared-data
      params:
        - name: url
          value: http://gitea-http.gitea:3000/ops/homelab
        - name: revision
          value: master

    - name: tools
      runAfter:
        - git-clone
      workspaces:
        - name: source
          workspace: shared-data
        # TODO secure registry
        # - name: dockerconfig
        #   workspace: dockerconfig
      taskRef:
        name: kaniko
      params:
        - name: CONTEXT
          value: ./tools
        - name: IMAGE
          value: registry.jupiter.mein.nl/tools:latest
        - name: EXTRA_ARGS
          value:
            - --cache=true

    - name: pre-commit
      runAfter:
        - tools
      workspaces:
        - name: source
          workspace: shared-data
      taskSpec:
        workspaces:
          - name: source
        stepTemplate:
          image: registry.jupiter.mein.nl/tools:latest
          workingDir: /workspace/source
        steps:
          - name: run
            command:
              - pre-commit
            args:
              - run
              # - --all-files
              - --color=always

    - name: external
      runAfter:
        - pre-commit
      workspaces:
        - name: source
          workspace: shared-data
      taskSpec:
        workspaces:
          - name: source
        volumes:
          - name: terraform-secrets
            secret:
              secretName: terraform-secrets
        stepTemplate:
          image: registry.jupiter.mein.nl/tools:latest
          workingDir: /workspace/source/external
          volumeMounts:
            - name: terraform-secrets
              mountPath: /root/.terraform.d/credentials.tfrc.json
              subPath: credentials.tfrc.json
            - name: terraform-secrets
              mountPath: /workspace/source/external/terraform.tfvars
              subPath: terraform.tfvars
          command:
            - make
        steps:
          - name: plan
            args:
              - plan
          - name: apply
            args:
              - apply
---
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
  name: homelab
spec:
  serviceAccountName: tekton-admin
  pipelineRef:
    name: homelab
  workspaces:
    - name: shared-data
      volumeClaimTemplate:
        spec:
          storageClassName: longhorn
          accessModes:
            - ReadWriteOnce
          resources:
            requests:
              storage: 1Gi