As part of the push to deploy project, once a git server has triggered a webhook, we need something to invoke the CNB lifecycle to build the image and then push it to the registry. A separate problem is to schedule a new deployment in k8s (equivalent to what webservice would normally do).
Projects under consideration:
- Tekton pipelines
Tekton has a much more community-focused governance model so far. Red Hat and VMware are primary contributors, but kpack is very much a VMWare project, it seems and is a bit less flexible about who-creates-what, which makes the security model trickier for controlled pipelines.
Inputs the CI system will need:
- Git repo URL and commit (or branch or tag)
- Tool name and image name and deployment name
- Any buildpack-specific information (which could be in the source repo)
Actions the CI system will do:
- Clone the git repo and checkout the correct commit
- Execute the buildpacks lifecycle steps https://buildpacks.io/docs/concepts/components/lifecycle/
- This step also needs push access to the docker repo
Users should be able to:
- View current build progress and status
- Look at failure logs (well and successful ones too)
- See what git commit/sha1 is currently deployed in the image
- Retrigger jobs that failed for flakiness reasons aka "recheck" (I suppose this is optional but really nice to have)
- Maybe: T267062: Allow Toolforge users to manually start/restart/stop buildpack based web servers
Most of this last set is provided by a read-only tekton pipelines dashboard in testing.