You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/modules/SDDs/pages/0032-compile-pipeline.adoc
+12-24Lines changed: 12 additions & 24 deletions
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@
2
2
3
3
:sdd_author: Aline Abler
4
4
:sdd_owner: Project Syn IG
5
-
:sdd_reviewers: Simon Gerber
5
+
:sdd_reviewers: Simon Gerber, Tobias Brunner
6
6
:sdd_date: 2024-06-13
7
7
:sdd_status: draft
8
8
@@ -62,8 +62,10 @@ The `accessTokenSecretName` field contains a reference to a secret.
62
62
If it is set, the Lieutenant operator will store an access token into this secret, which can be used to access the Git repository.
63
63
In the case of GitLab, this would be a Project Access Token with read-write access to the repository.
64
64
65
-
The `ciVariables` field contains a dictionary describing variable names and corresponding values.
66
-
These variables are added to the git repository as CI/CD variables.
65
+
The `ciVariables` field contains a list of objects describing variable names and corresponding values.
66
+
Each object in the list has a type that's modeled after a Kubernetes container's `env` field.
67
+
In contrast to container environment variables, our variables only support specifying values directly (via field `value`) or by referencing a `Secret` resource (via field `valueFrom.secretKeyRef`).
68
+
These variables are added to the Git repository as CI/CD variables.
67
69
68
70
[source,yaml]
69
71
----
@@ -113,6 +115,9 @@ The `compilePipeline` field contains a dict with the following fields:
113
115
114
116
* `clusters`: List of cluster IDs of clusters for which the compile pipeline should be executed.
115
117
This field is managed by the operator.
118
+
* `pipelineFiles`: Dictionary containing file paths as keys, and file contents as values.
119
+
These files will be added to the tenant's `gitRepoTemplate.templateFiles` by the Lieutenant operator.
120
+
This field is optional; if absent, no new template files are added to the `gitRepoTemplate`.
116
121
117
122
[source,yaml]
118
123
----
@@ -124,35 +129,17 @@ spec:
124
129
compilePipeline:
125
130
clusters:
126
131
- c-my-cluster
127
-
----
128
-
129
-
=== In-Repo CI/CD pipeline configuration
130
-
131
-
Configuring the CI pipeline usually happens through files committed to the corresponding repository.
132
-
For a Lieutenant-managed pipeline configuration, these files should be managed by Lieutenant.
133
-
To achieve this, we can leverage the existing mechanism to commit template files to git repositories:
134
-
135
-
[source,yaml]
136
-
----
137
-
apiVersion: syn.tools/v1alpha1
138
-
kind: Tenant
139
-
metadata:
140
-
name: t-my-tenant
141
-
spec:
142
-
gitRepoTemplate:
143
-
templateFiles:
132
+
pipelineFiles:
144
133
.gitlab-ci.yml: |
145
134
include:
146
135
- project: syn/commodore-compile-pipeline
147
136
ref: master
148
137
file: /.gitlab/commodore-common.yml
149
-
150
138
----
151
139
152
-
153
140
=== Operator
154
141
155
-
The Lieutenant Operator will be extended to automatically manage the compile pipeline for repositories where this is enabled (by way of configuring the `compilePipeline` field on the tenant and the `enableCompilePipeline` field on the cluster).
142
+
The Lieutenant Operator will be extended to automatically manage the compile pipeline for repositories where this is enabled (by way of deploying the CI config file in the tenant and the `enableCompilePipeline` field on the cluster).
156
143
157
144
Since the compile pipeline has to interact with both the tenant repository as well as the cluster catalog repositories, it must be enabled on both corresponding resources for the configuration to be functional.
158
145
This way, it is possible to enable auto-compilation for some, but not all clusters on a tenant.
@@ -162,7 +149,7 @@ The operator will reconcile *GitRepos* as follows:
162
149
* When `spec.accessTokenSecretName` is set, the operator generates an access token for the corresponding repository (via the repository host's API, using the API secret in `.spec.apiSecretRef`), and writes this token into a secret with the given name.
163
150
In the case of GitLab, this is a Project Access Token.
164
151
The operator also runs a scheduled job which refreshes these tokens when they are close to expiring, or when they no longer exist on the repository host.
165
-
* The content of `.spec.ciVariables` is written to the repository's configuration on the git host.
152
+
* The content of `.spec.ciVariables` is written to the repository's configuration on the Git host.
166
153
In the case of GitLab, it is written as CI/CD variables.
167
154
168
155
NOTE: If the GitRepo is of type `unmanaged`, none of these steps will be executed.
@@ -181,6 +168,7 @@ The operator will reconcile *Tenants* as follows:
181
168
* For each entry in `.spec.compilePipeline.clusters`, another entry is added to the tenant repository GitRepo's `spec.ciVariabes`.
182
169
The key is `ACCESS_TOKEN_CLUSTERNAME`, where `CLUSTERNAME` is the ID of a specific cluster, with `-` replaced by `_`.
183
170
The value is a reference to the secret containing the access token to access that cluster's catalog repository, taken from the secret specified in the catalog GitRepo configuration under `.spec.accessTokenSecretName`.
171
+
* For each entry in `.spec.compilePipeline.pipelineFiles`, a new corresponding entry is added to the tenant's `.spec.gitRepoTemplate.templateFiles`.
0 commit comments