From ac00529b71612b9d67f50f4bbefca88a4cf42a53 Mon Sep 17 00:00:00 2001 From: Chmouel Boudjnah Date: Thu, 4 Jun 2026 17:12:46 +0200 Subject: [PATCH 1/2] fix: use %w instead of %s for error wrapping in DetectPacInstallation Preserves the error chain for errors.Is/errors.As callers. Co-Authored-By: Claude --- pkg/cmd/tknpac/bootstrap/bootstrap.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/cmd/tknpac/bootstrap/bootstrap.go b/pkg/cmd/tknpac/bootstrap/bootstrap.go index 81757cdfe..35cc43eec 100644 --- a/pkg/cmd/tknpac/bootstrap/bootstrap.go +++ b/pkg/cmd/tknpac/bootstrap/bootstrap.go @@ -271,7 +271,7 @@ func DetectPacInstallation(ctx context.Context, wantedNS string, run *params.Run if err == nil { return installed, cm.Namespace, nil } - return installed, "", fmt.Errorf("could not detect Pipelines as Code configmap on the cluster, please specify the namespace in which pac is installed: %s", err.Error()) + return installed, "", fmt.Errorf("could not detect Pipelines as Code configmap on the cluster, please specify the namespace in which pac is installed: %w", err) } func getConfigMap(ctx context.Context, run *params.Run) (*corev1.ConfigMap, error) { From 590fa5c446d927d71b41418138cb895eb7ea4261 Mon Sep 17 00:00:00 2001 From: Chmouel Boudjnah Date: Fri, 5 Jun 2026 10:33:14 +0200 Subject: [PATCH 2/2] chore: Use git-clone artifacthub stepactions Replaced the local HTTP-based git-clone stepaction with the official Tekton Hub resolver across Tekton workflows. Removed the redundant local stepaction definition file to keep configuration centralized. Signed-off-by: Chmouel Boudjnah --- .tekton/doc.yaml | 14 +- .tekton/generate-coverage-release.yaml | 14 +- .tekton/go.yaml | 14 +- .tekton/linter.yaml | 14 +- .tekton/stepactions/git-clone.yaml | 223 --------------------- test/testdata/pipelinerun-stepactions.yaml | 14 +- 6 files changed, 55 insertions(+), 238 deletions(-) delete mode 100644 .tekton/stepactions/git-clone.yaml diff --git a/.tekton/doc.yaml b/.tekton/doc.yaml index 434b9ddce..a935542f9 100644 --- a/.tekton/doc.yaml +++ b/.tekton/doc.yaml @@ -36,10 +36,18 @@ spec: steps: - name: fetch-repo ref: - resolver: http + resolver: hub params: - - name: url - value: https://raw.githubusercontent.com/tektoncd/pipelines-as-code/refs/heads/main/.tekton/stepactions/git-clone.yaml + - name: catalog + value: git-clone-stepaction + - name: type + value: artifact + - name: kind + value: stepaction + - name: name + value: git-clone + - name: version + value: "1.6.0" params: - name: output-path value: $(workspaces.source.path) diff --git a/.tekton/generate-coverage-release.yaml b/.tekton/generate-coverage-release.yaml index 3be1d04c6..9c9316f39 100644 --- a/.tekton/generate-coverage-release.yaml +++ b/.tekton/generate-coverage-release.yaml @@ -30,10 +30,18 @@ spec: steps: - name: fetch-repo ref: - resolver: http + resolver: hub params: - - name: url - value: https://raw.githubusercontent.com/tektoncd/pipelines-as-code/refs/heads/main/.tekton/stepactions/git-clone.yaml + - name: catalog + value: git-clone-stepaction + - name: type + value: artifact + - name: kind + value: stepaction + - name: name + value: git-clone + - name: version + value: "1.6.0" params: - name: output-path value: $(workspaces.source.path) diff --git a/.tekton/go.yaml b/.tekton/go.yaml index e861364ad..723e8dab7 100644 --- a/.tekton/go.yaml +++ b/.tekton/go.yaml @@ -27,10 +27,18 @@ spec: steps: - name: fetch-repo ref: - resolver: http + resolver: hub params: - - name: url - value: https://raw.githubusercontent.com/tektoncd/pipelines-as-code/refs/heads/main/.tekton/stepactions/git-clone.yaml + - name: catalog + value: git-clone-stepaction + - name: type + value: artifact + - name: kind + value: stepaction + - name: name + value: git-clone + - name: version + value: "1.6.0" params: - name: output-path value: $(workspaces.source.path) diff --git a/.tekton/linter.yaml b/.tekton/linter.yaml index 58b39cf70..cb998fe25 100644 --- a/.tekton/linter.yaml +++ b/.tekton/linter.yaml @@ -26,10 +26,18 @@ spec: steps: - name: fetch-repo ref: - resolver: http + resolver: hub params: - - name: url - value: https://raw.githubusercontent.com/tektoncd/pipelines-as-code/refs/heads/main/.tekton/stepactions/git-clone.yaml + - name: catalog + value: git-clone-stepaction + - name: type + value: artifact + - name: kind + value: stepaction + - name: name + value: git-clone + - name: version + value: "1.6.0" params: - name: output-path value: $(workspaces.source.path) diff --git a/.tekton/stepactions/git-clone.yaml b/.tekton/stepactions/git-clone.yaml deleted file mode 100644 index 549da437f..000000000 --- a/.tekton/stepactions/git-clone.yaml +++ /dev/null @@ -1,223 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: StepAction -metadata: - name: git-clone - labels: - app.kubernetes.io/version: "0.1" - annotations: - tekton.dev/pipelines.minVersion: "0.54.0" - tekton.dev/categories: Git - tekton.dev/tags: git - tekton.dev/displayName: "git clone" - tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" -spec: - params: - - name: output-path - description: The git repo will be cloned onto this path - - name: ssh-directory-path - description: | - A .ssh directory with private key, known_hosts, config, etc. Copied to - the user's home before git commands are executed. Used to authenticate - with the git remote when performing the clone. We recommend providing this - path from a workspace that is bound by a Secret over other volume types. - default: "no-path" - - name: basic-auth-path - description: | - A directory path containing a .gitconfig and .git-credentials file. These - will be copied to the user's home before any git commands are run. Any - other files in this directory are ignored. It is strongly recommended - to use ssh-directory over basic-auth whenever possible and to bind a - Secret to the Workspace providing this path over other volume types. - default: "no-path" - - name: ssl-ca-directory-path - description: | - A directory containing CA certificates, this will be used by Git to - verify the peer with when fetching or pushing over HTTPS. - default: "no-path" - - name: url - description: Repository URL to clone from. - type: string - - name: revision - description: Revision to checkout. (branch, tag, sha, ref, etc...) - type: string - default: "" - - name: refspec - description: Refspec to fetch before checking out revision. - default: "" - - name: submodules - description: Initialize and fetch git submodules. - type: string - default: "true" - - name: depth - description: Perform a shallow clone, fetching only the most recent N commits. - type: string - default: "1" - - name: sslVerify - description: Set the `http.sslVerify` global git config. Setting this to `false` is not advised unless you are sure that you trust your git remote. - type: string - default: "true" - - name: crtFileName - description: file name of mounted crt using ssl-ca-directory workspace. default value is ca-bundle.crt. - type: string - default: "ca-bundle.crt" - - name: subdirectory - description: Subdirectory inside the `output` Workspace to clone the repo into. - type: string - default: "" - - name: sparseCheckoutDirectories - description: Define the directory patterns to match or exclude when performing a sparse checkout. - type: string - default: "" - - name: deleteExisting - description: Clean out the contents of the destination directory if it already exists before cloning. - type: string - default: "true" - - name: httpProxy - description: HTTP proxy server for non-SSL requests. - type: string - default: "" - - name: httpsProxy - description: HTTPS proxy server for SSL requests. - type: string - default: "" - - name: noProxy - description: Opt out of proxying HTTP/HTTPS requests. - type: string - default: "" - - name: verbose - description: Log the commands that are executed during `git-clone`'s operation. - type: string - default: "true" - - name: gitInitImage - description: The image providing the git-init binary that this StepAction runs. - type: string - default: "ghcr.io/tektoncd/github.com/tektoncd/pipeline/cmd/git-init:v0.40.2" - - name: userHome - description: | - Absolute path to the user's home directory. - type: string - default: "/home/git" - results: - - name: commit - description: The precise commit SHA that was fetched by this StepAction. - - name: url - description: The precise URL that was fetched by this StepAction. - - name: committer-date - description: The epoch timestamp of the commit that was fetched by this StepAction. - image: "$(params.gitInitImage)" - env: - - name: HOME - value: "$(params.userHome)" - - name: PARAM_URL - value: $(params.url) - - name: PARAM_REVISION - value: $(params.revision) - - name: PARAM_REFSPEC - value: $(params.refspec) - - name: PARAM_SUBMODULES - value: $(params.submodules) - - name: PARAM_DEPTH - value: $(params.depth) - - name: PARAM_SSL_VERIFY - value: $(params.sslVerify) - - name: PARAM_CRT_FILENAME - value: $(params.crtFileName) - - name: PARAM_SUBDIRECTORY - value: $(params.subdirectory) - - name: PARAM_DELETE_EXISTING - value: $(params.deleteExisting) - - name: PARAM_HTTP_PROXY - value: $(params.httpProxy) - - name: PARAM_HTTPS_PROXY - value: $(params.httpsProxy) - - name: PARAM_NO_PROXY - value: $(params.noProxy) - - name: PARAM_VERBOSE - value: $(params.verbose) - - name: PARAM_SPARSE_CHECKOUT_DIRECTORIES - value: $(params.sparseCheckoutDirectories) - - name: PARAM_USER_HOME - value: $(params.userHome) - - name: PARAM_OUTPUT_PATH - value: $(params.output-path) - - name: PARAM_SSH_DIRECTORY_PATH - value: $(params.ssh-directory-path) - - name: PARAM_BASIC_AUTH_DIRECTORY_PATH - value: $(params.basic-auth-path) - - name: PARAM_SSL_CA_DIRECTORY_PATH - value: $(params.ssl-ca-directory-path) - securityContext: - runAsNonRoot: true - runAsUser: 65532 - script: | - #!/usr/bin/env sh - set -eu - - if [ "${PARAM_VERBOSE}" = "true" ] ; then - set -x - fi - - if [ "${PARAM_BASIC_AUTH_DIRECTORY_PATH}" != "no-path" ] ; then - cp "${PARAM_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials" "${PARAM_USER_HOME}/.git-credentials" - cp "${PARAM_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig" "${PARAM_USER_HOME}/.gitconfig" - chmod 400 "${PARAM_USER_HOME}/.git-credentials" - chmod 400 "${PARAM_USER_HOME}/.gitconfig" - fi - - if [ "${PARAM_SSH_DIRECTORY_PATH}" != "no-path" ] ; then - cp -R "${PARAM_SSH_DIRECTORY_PATH}" "${PARAM_USER_HOME}"/.ssh - chmod 700 "${PARAM_USER_HOME}"/.ssh - chmod -R 400 "${PARAM_USER_HOME}"/.ssh/* - fi - - if [ "${PARAM_SSL_CA_DIRECTORY_PATH}" != "no-path" ] ; then - export GIT_SSL_CAPATH="${PARAM_SSL_CA_DIRECTORY_PATH}" - if [ "${PARAM_CRT_FILENAME}" != "" ] ; then - export GIT_SSL_CAINFO="${PARAM_SSL_CA_DIRECTORY_PATH}/${PARAM_CRT_FILENAME}" - fi - fi - CHECKOUT_DIR="${PARAM_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}" - - cleandir() { - # Delete any existing contents of the repo directory if it exists. - # - # We don't just "rm -rf ${CHECKOUT_DIR}" because ${CHECKOUT_DIR} might be "/" - # or the root of a mounted volume. - if [ -d "${CHECKOUT_DIR}" ] ; then - # Delete non-hidden files and directories - rm -rf "${CHECKOUT_DIR:?}"/* - # Delete files and directories starting with . but excluding .. - rm -rf "${CHECKOUT_DIR}"/.[!.]* - # Delete files and directories starting with .. plus any other character - rm -rf "${CHECKOUT_DIR}"/..?* - fi - } - - if [ "${PARAM_DELETE_EXISTING}" = "true" ] ; then - cleandir || true - fi - - test -z "${PARAM_HTTP_PROXY}" || export HTTP_PROXY="${PARAM_HTTP_PROXY}" - test -z "${PARAM_HTTPS_PROXY}" || export HTTPS_PROXY="${PARAM_HTTPS_PROXY}" - test -z "${PARAM_NO_PROXY}" || export NO_PROXY="${PARAM_NO_PROXY}" - - git config --global --add safe.directory "${PARAM_OUTPUT_PATH}" - /ko-app/git-init \ - -url="${PARAM_URL}" \ - -revision="${PARAM_REVISION}" \ - -refspec="${PARAM_REFSPEC}" \ - -path="${CHECKOUT_DIR}" \ - -sslVerify="${PARAM_SSL_VERIFY}" \ - -submodules="${PARAM_SUBMODULES}" \ - -depth="${PARAM_DEPTH}" \ - -sparseCheckoutDirectories="${PARAM_SPARSE_CHECKOUT_DIRECTORIES}" - cd "${CHECKOUT_DIR}" - RESULT_SHA="$(git rev-parse HEAD)" - EXIT_CODE="$?" - if [ "${EXIT_CODE}" != 0 ] ; then - exit "${EXIT_CODE}" - fi - RESULT_COMMITTER_DATE="$(git log -1 --pretty=%ct)" - printf "%s" "${RESULT_COMMITTER_DATE}" > "$(step.results.committer-date.path)" - printf "%s" "${RESULT_SHA}" > "$(step.results.commit.path)" - printf "%s" "${PARAM_URL}" > "$(step.results.url.path)" diff --git a/test/testdata/pipelinerun-stepactions.yaml b/test/testdata/pipelinerun-stepactions.yaml index a55ffd1f7..27daca9e9 100644 --- a/test/testdata/pipelinerun-stepactions.yaml +++ b/test/testdata/pipelinerun-stepactions.yaml @@ -15,10 +15,18 @@ spec: steps: - name: fetch-repo-with-stepaction ref: - resolver: http + resolver: hub params: - - name: url - value: https://raw.githubusercontent.com/tektoncd/pipelines-as-code/refs/heads/main/.tekton/stepactions/git-clone.yaml + - name: catalog + value: git-clone-stepaction + - name: type + value: artifact + - name: kind + value: stepaction + - name: name + value: git-clone + - name: version + value: "1.6.0" params: - name: output-path value: "/tmp/output"