mirror/catalog
1
0
Fork 0
mirror of https://github.com/tektoncd/catalog.git synced 2024-11-21 05:55:35 +00:00
Code Issues Releases Activity
main
catalog/task/git-rebase/0.1
History
Billy Lynch baf796b714 Update Git based images to patch CVE-2022-41903, CVE-2022-23521. 
See
https://github.blog/2023-01-17-git-security-vulnerabilities-announced-2/
for more details.

Because this effectively bumps the Git version used from v2.26.2 to
v2.39.0, this change also fixes 59 HIGH and 12 CRITICAL vulnerabilities
reported since this image was last updated.

This changes the default base image for git-cli and git-rebase to match the same base image for
[Pipeline
git-init](9d3942176f/.ko.yaml (L5)).

This does not update:

- git-clone | this is dependent on git-init (which is yet to be updated)
- git-version | this is based on dotnet sdk(?) so I have no idea how to
  safely update this.
2023-01-18 15:48:00 +00:00
..
samples Moved samples to their correct place and modified a few files 2020-11-18 17:55:28 +00:00
git-rebase.yaml Update Git based images to patch CVE-2022-41903, CVE-2022-23521. 2023-01-18 15:48:00 +00:00
README.md Add linux/amd64 platform annotation to the rest of the tasks 2021-10-29 17:08:38 +01:00

README.md

Git Task

This Task is Git task to work with repositories used by other tasks in your Pipeline.

git-rebase

This task will rebase the branch based on the user input. Before rebase, if squashing of the commits is required, then it can be done by providing the squash count i.e number of commits to squash.

Workspaces

  • source: A workspace that contains the fetched git repository.

Parameters

  • SQUASH_COUNT: Number of commits to squash in the branch. (only required if squashing needs to be performed).
  • COMMIT_MSG: Commit message to add in commit after the squashing is done (only required if squashing needs to be performed).
  • GIT_USER_NAME: Git user name to use for rebase (required).
  • GIT_USER_EMAIL: Git user email to use for rebase (required).
  • PULL_REMOTE_NAME: Git remote name from which we have to pull and rebase.(default: origin).
  • PULL_REMOTE_URL: Git remote URL from which we have to pull and rebase (required to set remote).
  • PULL_BRANCH_NAME: Git branch name from which we have to pull and rebase (required).
  • PUSH_REMOTE_NAME: Git remote name to push after rebase(default: origin).
  • PUSH_REMOTE_URL: Git remote URL to push after rebase(required).
  • PUSH_BRANCH_NAME: Git branch name to push after rebase (required).

Results

  • commit: The precise commit SHA after the rebase.

Platforms

The Task can be run on linux/amd64, linux/s390x, linux/arm64, and linux/ppc64le platforms.

Platforms

The Task can be run on linux/amd64 platform.

Usage

This task needs authentication to git in order to push after the rebase. This can be done via secrets and service account. Refer this example to create secret and service account for the git authentication.

Git Rebase pipeline has two tasks, one to clone a git repository in the provided workspace and other to perform rebase operation. Here, git-clone task is used to clone the repository.

A workspace called "shared-workspace" is passed first to the git-clone Task for the code to be checked out on and then to the git-rebase Task to perform the rebase operation.

Remote name, Remote URL and Branch name needs to provided in the input to set the remote in order to perfrom push and pull operations.

Git Rebase pipeline can be referred to create a pipeline and pipelinerun.

NOTE

  • If two factor authentication is enabled in your git account, then access-token for the respective git platform must be provided in the password field while adding secrets.

  • In the params for git-clone task, make sure that param value for depth must be greater than param value for SQUASH_COUNT in git-rebase task.

  • If there are chances for merge conflicts, then that needs to resolved before doing rebase through this task as task will fail, if any merge conflict is found.