无论管道是失败还是成功,都向 GitLab 报告 Tekton 管道状态(使用 gitlab-set-status 任务)
Posted
技术标签:
【中文标题】无论管道是失败还是成功,都向 GitLab 报告 Tekton 管道状态(使用 gitlab-set-status 任务)【英文标题】:Report Tekton pipeline status to GitLab regardless if pipeline failed or succeeded (using gitlab-set-status Task) 【发布时间】:2022-01-06 09:07:18 【问题描述】:我们已经在使用 the gitlab-set-status Task from Tekton Hub 将 Tekton Pipeline 的状态报告回我们的 GitLab 实例(这里是 our EKS setup & Tekton installment 和 a example project on gitlab.com)。我们的 pipeline.yml 看起来像这样,当前每次 Tekton Pipeline 运行时都会报告 STATE 成功:
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: buildpacks-test-pipeline
spec:
params:
- name: IMAGE
type: string
description: image URL to push
- name: SOURCE_URL
type: string
description: A git repo url where the source code resides.
- name: REPO_PATH_ONLY
type: string
description: GitLab group & repo name only (e.g. jonashackt/microservice-api-spring-boot)
- name: SOURCE_REVISION
description: The branch, tag or SHA to checkout.
default: ""
- name: GITLAB_HOST
type: string
description: Your GitLabs host only (e.g. gitlab.com)
- name: TEKTON_DASHBOARD_HOST
type: string
description: The Tekton dashboard host name only
workspaces:
- name: source-workspace # Directory where application source is located. (REQUIRED)
- name: cache-workspace # Directory where cache is stored (OPTIONAL)
tasks:
- name: fetch-repository # This task fetches a repository from github, using the `git-clone` task you installed
taskRef:
name: git-clone
workspaces:
- name: output
workspace: source-workspace
params:
- name: url
value: "$(params.SOURCE_URL)"
- name: revision
value: "$(params.SOURCE_REVISION)"
- name: subdirectory
value: ""
- name: deleteExisting
value: "true"
- name: buildpacks # This task uses the `buildpacks` task to build the application
taskRef:
name: buildpacks
runAfter:
- fetch-repository
workspaces:
- name: source
workspace: source-workspace
- name: cache
workspace: cache-workspace
params:
- name: APP_IMAGE
value: "$(params.IMAGE)"
- name: BUILDER_IMAGE
value: paketobuildpacks/builder:base # This is the builder we want the task to use (REQUIRED)
- name: report-pipeline-end-to-gitlab
taskRef:
name: "gitlab-set-status"
runAfter:
- buildpacks
params:
- name: "STATE"
value: "success"
- name: "GITLAB_HOST_URL"
value: "$(params.GITLAB_HOST)"
- name: "REPO_FULL_NAME"
value: "$(params.REPO_PATH_ONLY)"
- name: "GITLAB_TOKEN_SECRET_NAME"
value: "gitlab-api-secret"
- name: "GITLAB_TOKEN_SECRET_KEY"
value: "token"
- name: "SHA"
value: "$(params.SOURCE_REVISION)"
- name: "TARGET_URL"
value: "$(params.TEKTON_DASHBOARD_HOST)/#/namespaces/default/pipelineruns/$(context.pipelineRun.name)"
- name: "CONTEXT"
value: "tekton-pipeline"
- name: "DESCRIPTION"
value: "Finished building your commit in Tekton"
我们如何增强我们的 Tekton Pipeline 以正确报告状态,而不管 GitLab 的任何失败或成功?
【问题讨论】:
【参考方案1】:In v0.14 Tekton introduced the so called finally Tasks,在每个 Pipeline 的末尾运行 - 无论哪个任务失败或成功。 As the docs state:
finally任务保证在tasks下的所有PipelineTasks都完成后,不管成功与否,并行执行。
一般finally 任务如下所示:
spec:
tasks:
- name: tests
taskRef:
name: integration-test
finally:
- name: cleanup-test
taskRef:
name: cleanup
但是我们如何在我们的gitlab-set-status 任务中创建相应的STATE? 使用using when expressions inside our finally tasks,我们可以基于the overall Pipeline status (or Aggregate Pipeline status) 运行我们的gitlab-set-status 任务:
finally:
- name: notify-any-failure # executed only when one or more tasks fail
when:
- input: $(tasks.status)
operator: in
values: ["Failed"]
taskRef:
name: notify-failure
我们只需使用$(tasks.status) 即可获取Aggregate Execution Status。该变量被声明为具有这 4 种可能的状态:
Succeeded(“所有任务都已成功”)
Completed(“所有任务均已成功完成,包括一项或多项跳过的任务”)
->可以翻译成gitlab-set-statusTasksSTATE值success。
Failed(“一个或多个任务失败”)
None(“没有可用的聚合执行状态(即以上都不是),一个或多个任务可能处于挂起/运行/取消/超时”)
-> 都可以翻译成gitlab-set-status 任务STATE 值failed。对于None,这仅是有效的,因为我们在finally task 中,因为pending/running 也可能意味着管道处于良好状态。
有 4 个状态需要检查 when 表达式,我们是否需要为每个状态实现单独的 finally 任务?不,因为幸运的是when 表达式"values is an array of string values."。所以我们可以做到
when:
- input: $(tasks.status)
operator: in
values: [ "Failed", "None" ]
和
when:
- input: $(tasks.status)
operator: in
values: [ "Succeeded", "Completed" ]
最后这导致我们的 Tekton Pipeline 像这样锁定(并执行 2 个 finally 任务 report-pipeline-failed-to-gitlab 和 report-pipeline-success-to-gitlab):
...
finally:
- name: report-pipeline-failed-to-gitlab
when:
- input: $(tasks.status)
operator: in
values: [ "Failed", "None" ] # see aggregated status https://tekton.dev/docs/pipelines/pipelines/#using-aggregate-execution-status-of-all-tasks
taskRef:
name: "gitlab-set-status"
params:
- name: "STATE"
value: "failed"
- name: "GITLAB_HOST_URL"
value: "$(params.GITLAB_HOST)"
- name: "REPO_FULL_NAME"
value: "$(params.REPO_PATH_ONLY)"
- name: "GITLAB_TOKEN_SECRET_NAME"
value: "gitlab-api-secret"
- name: "GITLAB_TOKEN_SECRET_KEY"
value: "token"
- name: "SHA"
value: "$(params.SOURCE_REVISION)"
- name: "TARGET_URL"
value: "$(params.TEKTON_DASHBOARD_HOST)/#/namespaces/default/pipelineruns/$(context.pipelineRun.name)"
- name: "CONTEXT"
value: "tekton-pipeline"
- name: "DESCRIPTION"
value: "An error occurred building your commit in Tekton"
- name: report-pipeline-success-to-gitlab
when:
- input: $(tasks.status)
operator: in
values: [ "Succeeded", "Completed" ] # see aggregated status https://tekton.dev/docs/pipelines/pipelines/#using-aggregate-execution-status-of-all-tasks
taskRef:
name: "gitlab-set-status"
params:
- name: "STATE"
value: "success"
- name: "GITLAB_HOST_URL"
value: "$(params.GITLAB_HOST)"
- name: "REPO_FULL_NAME"
value: "$(params.REPO_PATH_ONLY)"
- name: "GITLAB_TOKEN_SECRET_NAME"
value: "gitlab-api-secret"
- name: "GITLAB_TOKEN_SECRET_KEY"
value: "token"
- name: "SHA"
value: "$(params.SOURCE_REVISION)"
- name: "TARGET_URL"
value: "$(params.TEKTON_DASHBOARD_HOST)/#/namespaces/default/pipelineruns/$(context.pipelineRun.name)"
- name: "CONTEXT"
value: "tekton-pipeline"
- name: "DESCRIPTION"
value: "Finished building your commit in Tekton"
现在应该正确地向我们的 GitLab 报告执行我们的 Tekton Pipeline。失败如下所示:
成功的管道如下所示:
【讨论】:
以上是关于无论管道是失败还是成功,都向 GitLab 报告 Tekton 管道状态(使用 gitlab-set-status 任务)的主要内容,如果未能解决你的问题,请参考以下文章