Tekton - Github integration

Question

I'm looking for a way, if existing, of linking Tekton tasks running in Kubernetes cluster to GitHub steps, so that I can mark required steps in GitHub and allow PR merge only if they are passing.

I know about Tekton triggers, which solve the other part of the problem, i.e. reacting to events in GitHub, such as the creation of a new pull request, or a merge on master branch. But would Tekton be able to call the GitHub API in the way I expect?

Answer 1

What you are looking for is something that can report back the status from the PipelineRun to GitHub.

This can be done in a few different ways. One way to do it is by using the commit--status-tracker, however it seem to use the "older" concept with PipelineResources, so I would recommend to use e.g. GitHub App Notifier instead, although it seem to be pretty new.

Answer 2

Another way is to use the github-set-status Task from Tekton Hub, which is quite easy to use IMHO. Integrating GitLab we have had good experience with the counterpart gitlab-set-status. Here's a comprehensive answer on how to set the STATE of the github-set-status Task according to the Tekton Pipeline aggregated status and when expression guarded finally Tasks.

I also outlined an example pipeline.yaml and derived it from the mentioned answer (untested!). It leverages the git-clone and Cloud Native buildpacks Tasks (also from Tekton Hub) to provide a full example:

apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
  name: buildpacks-test-pipeline
spec:
  params:
    - name: IMAGE
      type: string
      description: image URL to push
    - name: SOURCE_URL
      type: string
      description: A git repo url where the source code resides.
    - name: REPO_PATH_ONLY
      type: string
      description: GitHub group & repo name only (e.g. jonashackt/microservice-api-spring-boot)
    - name: SOURCE_REVISION
      description: The branch, tag or SHA to checkout.
      default: ""
    - name: GITHUB_HOST
      type: string
      description: Your GitHub host only (e.g. api.github.com)
    - name: TEKTON_DASHBOARD_HOST
      type: string
      description: The Tekton dashboard host name only

  workspaces:
    - name: source-workspace # Directory where application source is located. (REQUIRED)
    - name: cache-workspace # Directory where cache is stored (OPTIONAL)
  tasks:
    - name: fetch-repository # This task fetches a repository from github, using the `git-clone` task you installed
      taskRef:
        name: git-clone
      workspaces:
        - name: output
          workspace: source-workspace
      params:
        - name: url
          value: "$(params.SOURCE_URL)"
        - name: revision
          value: "$(params.SOURCE_REVISION)"
        - name: subdirectory
          value: ""
        - name: deleteExisting
          value: "true"
    - name: buildpacks # This task uses the `buildpacks` task to build the application
      taskRef:
        name: buildpacks
      runAfter:
        - fetch-repository
      workspaces:
        - name: source
          workspace: source-workspace
        - name: cache
          workspace: cache-workspace
      params:
        - name: APP_IMAGE
          value: "$(params.IMAGE)"
        - name: BUILDER_IMAGE
          value: paketobuildpacks/builder:base # This is the builder we want the task to use (REQUIRED)
  finally:
    - name: report-pipeline-failed-to-github
      when:
        - input: $(tasks.status)
          operator: in
          values: [ "Failed", "None" ] # see aggregated status https://tekton.dev/docs/pipelines/pipelines/#using-aggregate-execution-status-of-all-tasks
      taskRef:
        name: "github-set-status"
      params:
        - name: "STATE"
          value: "failed"
        - name: "GITHUB_HOST_URL"
          value: "$(params.GITHUB_HOST)"
        - name: "REPO_FULL_NAME"
          value: "$(params.REPO_PATH_ONLY)"
        - name: "GITHUB_TOKEN_SECRET_NAME"
          value: "github-api-secret"
        - name: "GITHUB_TOKEN_SECRET_KEY"
          value: "token"
        - name: "SHA"
          value: "$(params.SOURCE_REVISION)"
        - name: "TARGET_URL"
          value: "$(params.TEKTON_DASHBOARD_HOST)/#/namespaces/default/pipelineruns/$(context.pipelineRun.name)"
        - name: "CONTEXT"
          value: "tekton-pipeline"
        - name: "DESCRIPTION"
          value: "An error occurred building your commit in Tekton"
    - name: report-pipeline-success-to-github
      when:
          - input: $(tasks.status)
            operator: in
            values: [ "Succeeded", "Completed" ] # see aggregated status https://tekton.dev/docs/pipelines/pipelines/#using-aggregate-execution-status-of-all-tasks
      taskRef:
        name: "github-set-status"
      params:
        - name: "STATE"
          value: "success"
        - name: "GITHUB_HOST_URL"
          value: "$(params.GITHUB_HOST)"
        - name: "REPO_FULL_NAME"
          value: "$(params.REPO_PATH_ONLY)"
        - name: "GITHUB_TOKEN_SECRET_NAME"
          value: "github-api-secret"
        - name: "GITHUB_TOKEN_SECRET_KEY"
          value: "token"
        - name: "SHA"
          value: "$(params.SOURCE_REVISION)"
        - name: "TARGET_URL"
          value: "$(params.TEKTON_DASHBOARD_HOST)/#/namespaces/default/pipelineruns/$(context.pipelineRun.name)"
        - name: "CONTEXT"
          value: "tekton-pipeline"
        - name: "DESCRIPTION"
          value: "Finished building your commit in Tekton"

Answer 3

I am not sure about TaskRuns, but you could use at least a single PipelineRun via lighthouse.

If you have a PR open, it will refelect the status of the corresponding PipelineRun in the PR and inform you of the pipeline and approval status:

screenshot