From dd246f156b6e215a9e2bedf14a742ebe1d67ac59 Mon Sep 17 00:00:00 2001
From: icurfer <icurfer@gmail.com>
Date: Mon, 4 Aug 2025 17:49:29 +0900
Subject: [PATCH] test update

---
 sample-build/02-task-build.yaml       |   6 +
 sample-build/07-trigger-template.yaml |   4 +
 sample-build/rs.yaml                  | 195 ++++++++++++++++++++++++++
 3 files changed, 205 insertions(+)
 create mode 100644 sample-build/rs.yaml

diff --git a/sample-build/02-task-build.yaml b/sample-build/02-task-build.yaml
index 326476f..e998d57 100644
--- a/sample-build/02-task-build.yaml
+++ b/sample-build/02-task-build.yaml
@@ -5,6 +5,9 @@ metadata:
   name: build-docker-image
   namespace: tekton-demo
 spec:
+  # volumes 미지원으로 인한 마운트위한 정보
+  workspaces:
+    - name: docker-config
   params:
     - name: git-url
       type: string
@@ -27,6 +30,9 @@ spec:
       env:
         - name: DOCKER_CONFIG
           value: /tekton/home/.docker/
+      volumeMounts:
+        - name: harbor-dockerconfig
+          mountPath: /tekton/home/.docker/
       args:
         - --dockerfile=/workspace/source/Dockerfile
         - --context=/workspace/source
diff --git a/sample-build/07-trigger-template.yaml b/sample-build/07-trigger-template.yaml
index 6e5e85e..2bdaa4d 100644
--- a/sample-build/07-trigger-template.yaml
+++ b/sample-build/07-trigger-template.yaml
@@ -24,3 +24,7 @@ spec:
             value: $(tt.params.git-revision)
           - name: image-url
             value: harbor.icurfer.com/open/tekton-demo:latest
+        workspaces:
+          - name: docker-config
+            secret:
+              secretName: harbor-dockerconfig
diff --git a/sample-build/rs.yaml b/sample-build/rs.yaml
new file mode 100644
index 0000000..909252d
--- /dev/null
+++ b/sample-build/rs.yaml
@@ -0,0 +1,195 @@
+# Tekton 빌드 및 트리거 공용 ServiceAccount
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tekton-build-sa
+  namespace: tekton-demo
+secrets:
+  - name: harbor-dockerconfig   # Harbor 인증용 Secret
+imagePullSecrets:
+  - name: harbor-dockerconfig   # Docker 인증 정보 사용
+
+---
+# Tekton 파이프라인 실행 및 리소스 접근 권한(Role)
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: tekton-build-role
+  namespace: tekton-demo
+rules:
+  - apiGroups: ["", "apps", "tekton.dev", "triggers.tekton.dev"]
+    resources: ["pods", "pipelineruns", "tasks", "events"]
+    verbs: ["get", "list", "watch", "create", "update", "delete"]
+
+---
+# RoleBinding - 해당 네임스페이스에서 tekton-build-sa에 Role 부여
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: tekton-build-rolebinding
+  namespace: tekton-demo
+subjects:
+  - kind: ServiceAccount
+    name: tekton-build-sa
+roleRef:
+  kind: Role
+  name: tekton-build-role
+  apiGroup: rbac.authorization.k8s.io
+
+---
+# Tekton Triggers(ClusterScope)용 권한
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: tekton-triggers-role
+rules:
+- apiGroups: [""]
+  resources: ["pods", "services", "endpoints", "configmaps", "secrets"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+- apiGroups: ["apps"]
+  resources: ["deployments"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+- apiGroups: ["triggers.tekton.dev"]
+  resources: ["eventlisteners", "triggerbindings", "triggertemplates", "triggers"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+
+---
+# ClusterRoleBinding - tekton-build-sa에 Triggers ClusterRole 부여
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: tekton-triggers-clusterrolebinding
+subjects:
+  - kind: ServiceAccount
+    name: tekton-build-sa
+    namespace: tekton-demo
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: tekton-triggers-role
+---
+# 02-task-build.yaml
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: build-docker-image
+  namespace: tekton-demo
+spec:
+  params:
+    - name: git-url
+      type: string
+    - name: git-revision
+      type: string
+      default: "main"
+    - name: image-url
+      type: string
+  steps:
+    - name: git-clone
+      image: alpine/git
+      script: |
+        #!/bin/sh
+        set -e
+        git clone $(params.git-url) /workspace/source
+        cd /workspace/source
+        git checkout $(params.git-revision)
+    - name: build-and-push
+      image: gcr.io/kaniko-project/executor:latest
+      env:
+        - name: DOCKER_CONFIG
+          value: /tekton/home/.docker/
+      args:
+        - --dockerfile=/workspace/source/Dockerfile
+        - --context=/workspace/source
+        - --destination=harbor.icurfer.com/open/tekton-demo:latest
+        - --insecure
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: harbor-dockerconfig
+  namespace: tekton-demo
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: ewoJImF1dGhzJoYXJib3IuaWN1cmZlci5jb20iOiB7CgkSIKCQl9Cgl9Cn0=   # harbor 로그인 정보
+---
+# 05-pipeline-build.yaml
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+  name: docker-build-pipeline
+  namespace: tekton-demo
+spec:
+  params:
+    - name: git-url
+      type: string
+    - name: git-revision
+      type: string
+      default: "main"
+    - name: image-url
+      type: string
+  tasks:
+    - name: build
+      taskRef:
+        name: build-docker-image
+      params:
+        - name: git-url
+          value: $(params.git-url)
+        - name: git-revision
+          value: $(params.git-revision)
+        - name: image-url
+          value: $(params.image-url)
+---
+# 06-trigger-binding.yaml
+apiVersion: triggers.tekton.dev/v1beta1
+kind: TriggerBinding
+metadata:
+  name: docker-build-binding
+  namespace: tekton-demo
+spec:
+  params:
+    - name: git-url
+      value: $(body.repository.clone_url)
+    - name: git-revision
+      value: $(body.ref)
+---
+# 07-trigger-template.yaml
+apiVersion: triggers.tekton.dev/v1beta1
+kind: TriggerTemplate
+metadata:
+  name: docker-build-template
+  namespace: tekton-demo
+spec:
+  params:
+    - name: git-url
+    - name: git-revision
+  resourcetemplates:
+    - apiVersion: tekton.dev/v1beta1
+      kind: PipelineRun
+      metadata:
+        generateName: docker-build-run-
+      spec:
+        serviceAccountName: tekton-build-sa
+        pipelineRef:
+          name: docker-build-pipeline
+        params:
+          - name: git-url
+            value: $(tt.params.git-url)
+          - name: git-revision
+            value: $(tt.params.git-revision)
+          - name: image-url
+            value: harbor.icurfer.com/open/tekton-demo:latest
+---
+# 08-event-listener.yaml
+apiVersion: triggers.tekton.dev/v1beta1
+kind: EventListener
+metadata:
+  name: gitea-event-listener
+  namespace: tekton-demo
+spec:
+  serviceAccountName: tekton-build-sa
+  triggers:
+    - name: gitea-trigger
+      bindings:
+        - ref: docker-build-binding     # ✅ 수정
+      template:
+        ref: docker-build-template      # ✅ 수정
\ No newline at end of file