tekton-demo/sample-build/02-task-build.yaml

apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: build-docker-image
  namespace: tekton-demo
spec:
  workspaces:
    - name: docker-config

  params:
    - name: git-url
      type: string
      description: Git repository URL
    - name: git-revision
      type: string
      default: "main"
      description: Git branch or commit
    - name: image-url
      type: string
      # description: 최종 Docker 이미지 URL (예: harbor.icurfer.com/open/tekton-demo:latest)

  steps:
    # 1. Git Clone
    - name: git-clone
      image: alpine/git
      script: |
        #!/bin/sh
        set -e
        echo "==== [INFO] Git 저장소 클론 ===="
        git clone $(params.git-url) /workspace/source
        cd /workspace/source
        git checkout $(params.git-revision)
        echo "==== [INFO] Git checkout 완료 ===="

    # 2. Secret 파일 config.json 으로 변환
    # - name: prepare-docker-config
    #   image: alpine
    #   script: |
    #     #!/bin/sh
    #     set -e
    #     echo "==== [INFO] Docker config 파일 준비 ===="
    #     ls -al /workspace/docker-config
    #     if [ -f /workspace/docker-config/.dockerconfigjson ]; then
    #       cat /workspace/docker-config/.dockerconfigjson
    #     else
    #       echo "[ERROR] Docker config 파일(.dockerconfigjson) 없음"
    #     fi
    # - name: prepare-docker-config
    #   image: stedolan/jq
    #   script: |
    #     #!/bin/sh
    #     set -e
    #     echo "==== [INFO] Docker config 파일 준비 ===="
    #     ls -al /workspace/docker-config

    #     # 임시 쓰기 가능 경로 생성
    #     mkdir -p /workspace/tmp-config

    #     if [ -f /workspace/docker-config/.dockerconfigjson ]; then
    #       echo "[INFO] dockerconfigjson 내용 읽기"
    #       cat /workspace/docker-config/.dockerconfigjson | jq . > /workspace/tmp-config/config.json
    #       echo "[INFO] config.json 변환 완료"
    #     else
    #       echo "[ERROR] Docker config 파일(.dockerconfigjson) 없음"
    #     fi
        # 3. Debugging - Check mounted secret before build
    - name: debug-check-secret
      image: alpine
      script: |
        #!/bin/sh
        echo "==== [DEBUG] Harbor Dockerconfig 파일 목록 ===="
        ls -al /workspace/docker-config || true
        echo "==== [DEBUG] Volumes 목록 확인 ===="
        ls -al /kaniko || true
        echo "==== [INFO] 3분간 대기 - kubectl exec로 진입 가능 ===="
        sleep 180
        echo "==== [INFO] 대기 종료 ===="

    # 4. Kaniko Build & Push
    - name: build-and-push
      image: gcr.io/kaniko-project/executor:latest
      # volumeMounts:
      # - name: docker-config
      #   mountPath: /kaniko/.docker/
      #   readOnly: true
      env:
        - name: DOCKER_CONFIG
          value: /workspace/docker-config
      args:
        - --dockerfile=/workspace/source/Dockerfile
        - --context=/workspace/source
        - --destination=$(params.image-url)
        - --insecure
  volumes:
  - name: harbor-dockerconfig
    secret:
      secretName: harbor-dockerconfig