catalog/task/orka-full/0.2/orka-full.yaml

---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: orka-full
  labels:
    app.kubernetes.io/version: "0.2"
  annotations:
    tekton.dev/deprecated: "true"
    tekton.dev/categories: Cloud, Kubernetes
    tekton.dev/pipelines.minVersion: "0.16.0"
    tekton.dev/platforms: "linux/amd64"
    tekton.dev/tags: orka
    tekton.dev/displayName: "orka full"
spec:
  description: >-
    With this Task, you can use your Orka environment
    to run macOS builds and macOS-related testing from your Tekton pipelines.

    This Task creates a VM template with the specified configuration,
    deploys a VM instance from it, and then cleans up the environment.
    All operations in this `Task` are performed against an Orka environment.
  params:
    - name: base-image
      type: string
      description: The Orka base image to use for the VM config.
    - name: orka-tekton-runner-image
      type: string
      description: |
        The name of the docker image which runs the task step.
      default: ghcr.io/macstadium/orka-tekton-runner:2022-06-29-ec3440a7@sha256:d7cfb75ea082a927e36c131aa96e96bfcacd23f62fdaf33f5b37320b86baf50e
    - name: cpu-count
      type: string
      description: |
        The number of CPU cores to dedicate for the VM. Must be 3, 4, 6, 8, 12, or 24.
      default: "3"
    - name: vcpu-count
      type: string
      description: |
        The number of vCPUs for the VM. Must equal the number of CPUs, when CPU is less than or equal to 3.
        Otherwise, must equal half of or exactly the number of CPUs specified.
      default: "3"
    - name: vnc-console
      type: string
      description: Enables or disables VNC for the VM.
      default: "false"
    - name: vm-metadata
      type: string
      description: |
        "Inject custom metadata to the VM (on Intel nodes only). You need to provide the metadata in format:
        [
          { key: firstKey, value: firstValue },
          { key: secondKey, value: secondsValue }
        ]"
      default: ""
    - name: system-serial
      type: string
      description: "Assign an owned macOS system serial number to the VM (on Intel nodes only)."
      default: ""
    - name: gpu-passthrough
      type: string
      description: Enables or disables GPU passthrough for the VM (on Intel nodes only).
      default: "false"
    - name: tag
      type: string
      description: When specified, the VM is preferred to be deployed to a node marked with this tag.
      default: ""
    - name: tag-required
      type: string
      description: VM is required to be deployed to a node marked with tag specified above.
      default: "false"
    - name: scheduler
      type: string
      description: "When set to 'most-allocated', the deployed VM will be scheduled to nodes having most of their resources allocated."
      default: "default"
    - name: script
      type: string
      description: |
        The script to run inside of the VM. The script will be prepended with the following
        if no shebang is present:

        #!/bin/sh
        set -ex

        You can set your shebang instead (e.g., to run a script with your preferred shell or a scripting language like Python or Ruby).
    - name: copy-build
      type: string
      description: |
        Specifies whether to copy build artifacts from the Orka VM back to the workspace.
        Disable when there is no need to copy build artifacts (e.g., when running tests or linting code).
      default: "true"
    - name: verbose
      type: string
      description: Enables verbose logging for all connection activity to the VM.
      default: "false"
    - name: orka-creds-secret
      type: string
      description: The name of the secret holding your Orka credentials.
      default: orka-creds
    - name: orka-creds-email-key
      type: string
      description: |
        The name of the key in the Orka user credentials secret for the email address associated with the Orka user.
      default: email
    - name: orka-creds-password-key
      type: string
      description: |
        The name of the key in the Orka credentials secret for the password associated with the Orka user.
      default: password
    - name: ssh-key
      type: string
      description: |
        Specifies whether the SSH credentials secret contains an SSH key, as opposed to a password.
      default: "false"
    - name: ssh-secret
      type: string
      description: The name of the secret holding your VM SSH credentials.
      default: orka-ssh-creds
    - name: ssh-username-key
      type: string
      description: |
        The name of the key in the VM SSH credentials secret for the username associated with the macOS VM.
      default: username
    - name: ssh-password-key
      type: string
      description: |
        The name of the key in the VM SSH credentials secret for the password
        associated with the macOS VM.

        If ssh-key is true, this parameter should specify the name of the key in
        the VM SSH credentials secret that holds the private SSH key.
      default: password
    - name: user-home
      type: string
      default: /tekton/home
      description: Absolute path to the user's home directory.
  stepTemplate:
    env:
      - name: HOME
        value: $(params.user-home)
    workingDir: /workspace
  steps:
    - name: copy-script
      image: $(params.orka-tekton-runner-image)
      script: |
        #!/bin/sh
        SCRIPT=$(mktemp)
        # Safeguard against having to escape quotes / vars in script
        cat > "$SCRIPT" << 'EOF'
        $(params.script)
        EOF
        copy-script "$SCRIPT"
    - name: build
      image: $(params.orka-tekton-runner-image)
      securityContext:
        privileged: true
      env:
        - name: ORKA_API
          valueFrom:
            configMapKeyRef:
              name: orka-tekton-config
              key: ORKA_API
        - name: BASE_IMAGE
          value: $(params.base-image)
        - name: CPU_COUNT
          value: $(params.cpu-count)
        - name: VCPU_COUNT
          value: $(params.vcpu-count)
        - name: VNC_CONSOLE
          value: $(params.vnc-console)
        - name: VM_METADATA
          value: $(params.vm-metadata)
        - name: SYSTEM_SERIAL
          value: $(params.system-serial)
        - name: GPU_PASSTHROUGH
          value: $(params.gpu-passthrough)
        - name: TAG
          value: $(params.tag)
        - name: TAG_REQUIRED
          value: $(params.tag-required)
        - name: SCHEDULER
          value: $(params.scheduler)
        - name: VERBOSE
          value: $(params.verbose)
        - name: COPY_BUILD
          value: $(params.copy-build)
        - name: SSH_USERNAME
          valueFrom:
            secretKeyRef:
              name: $(params.ssh-secret)
              key: $(params.ssh-username-key)
        - name: SSH_PASSFILE
          value: /etc/$(params.ssh-secret)/$(params.ssh-password-key)
        - name: SSH_KEY
          value: $(params.ssh-key)
        - name: SVC_EMAIL
          valueFrom:
            secretKeyRef:
              name: $(params.orka-creds-secret)
              key: $(params.orka-creds-email-key)
        - name: SVC_PASSWORD
          valueFrom:
            secretKeyRef:
              name: $(params.orka-creds-secret)
              key: $(params.orka-creds-password-key)
      volumeMounts:
        - name: ssh-creds
          readOnly: true
          mountPath: /etc/$(params.ssh-secret)
      command:
        - orka-full
  volumes:
    - name: ssh-creds
      secret:
        secretName: $(params.ssh-secret)
        items:
          - key: $(params.ssh-password-key)
            path: $(params.ssh-password-key)
            mode: 256
  workspaces:
    - name: orka