Add sidecar variants for tasks

The sidecar variants are the exact same task, with the addition of one
sidecar - the image for this sidecar needs to be specified.

Closes #135.

.github/workflows/check-sidecar-tasks.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+set -eu
+
+make sidecar-tasks
+if ! git diff --quiet deploy/central/tasks-chart/templates; then
+    echo "Sidecar Tasks are not up-to-date! Run 'make sidecar-tasks' to update."
+    exit 1
+else
+    echo "Sidecar Tasks are up-to-date."
+fi

.github/workflows/main.yaml

@@ -157,6 +157,9 @@ jobs:
         uses: actions/setup-go@v2
         with:
           go-version: 1.16
+      -
+        name: Check if sidecar tasks are up-to-date
+        run: ./.github/workflows/check-sidecar-tasks.sh
       -
         name: Check if docs are up-to-date
         run: ./.github/workflows/check-docs.sh

Makefile

@@ -108,6 +108,11 @@ start-local-env:
 	cd scripts && ./start-local-env.sh
 .PHONY: start-local-env
 
+## Render sidecar task variants.
+sidecar-tasks:
+	go run cmd/sidecar-tasks/main.go
+.PHONY: sidecar-tasks
+
 ## Render documentation for tasks.
 docs:
 	go run cmd/docs/main.go

cmd/sidecar-tasks/main.go

@@ -0,0 +1,93 @@
+package main
+
+import (
+	"fmt"
+	"io/ioutil"
+	"log"
+	"strings"
+
+	tekton "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1"
+	corev1 "k8s.io/api/core/v1"
+	"sigs.k8s.io/yaml"
+)
+
+func main() {
+	tasksWithSidecars := []string{
+		"ods-build-go",
+		"ods-build-gradle",
+		"ods-build-python",
+		"ods-build-typescript",
+	}
+	t, err := parseTasks(tasksWithSidecars)
+	if err != nil {
+		log.Fatal(err)
+	}
+	adjustTasks(t)
+	err = writeTasks(t)
+	if err != nil {
+		log.Fatal(err)
+	}
+}
+
+func parseTasks(taskNames []string) (map[string]*tekton.ClusterTask, error) {
+	tasks := map[string]*tekton.ClusterTask{}
+	for _, task := range taskNames {
+		fmt.Printf("Parsing task %s ...\n", task)
+		b, err := ioutil.ReadFile(fmt.Sprintf("deploy/central/tasks-chart/templates/task-%s.yaml", task))
+		if err != nil {
+			return nil, err
+		}
+		var t tekton.ClusterTask
+		err = yaml.Unmarshal(b, &t)
+		if err != nil {
+			return nil, err
+		}
+		tasks[task] = &t
+	}
+	return tasks, nil
+}
+
+func adjustTasks(tasks map[string]*tekton.ClusterTask) {
+	for name, t := range tasks {
+		fmt.Printf("Adding sidecar to task %s ...\n", name)
+		nameParts := strings.Split(t.Name, "{{")
+		t.Name = strings.Replace(t.Name, "{{.Values.taskSuffix}}", "-with-sidecar{{.Values.taskSuffix}}", 1)
+		t.Spec.Description = t.Spec.Description + `
+**Sidecar variant!** Use this task if you need to run a container next to the build task.
+For example, this could be used to run a database to allow for integration tests.
+The sidecar image to must be supplied via ` + "`sidecar-image`" + `.
+Apart from the sidecar, the task is an exact copy of ` + "`" + nameParts[0] + "`" + `.`
+		t.Spec.Params = append(t.Spec.Params, tekton.ParamSpec{
+			Name:        "sidecar-image",
+			Description: "Image to use for sidecar",
+			Type:        tekton.ParamTypeString,
+		})
+		t.Spec.Sidecars = []tekton.Sidecar{
+			{
+				Container: corev1.Container{
+					Name:  "sidecar",
+					Image: "$(params.sidecar-image)",
+				},
+			},
+		}
+	}
+}
+
+func writeTasks(tasks map[string]*tekton.ClusterTask) error {
+	for name, t := range tasks {
+		fmt.Printf("Writing sidecar task %s ...\n", name)
+		out, err := yaml.Marshal(t)
+		if err != nil {
+			return err
+		}
+		out = append([]byte("# Generated by cmd/sidecar-tasks/main.go; DO NOT EDIT.\n"), out...)
+		err = ioutil.WriteFile(
+			fmt.Sprintf("deploy/central/tasks-chart/templates/task-%s-with-sidecar.yaml", name),
+			out, 0644,
+		)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}

deploy/central/tasks-chart/templates/task-ods-build-go-with-sidecar.yaml

@@ -0,0 +1,133 @@
+# Generated by cmd/sidecar-tasks/main.go; DO NOT EDIT.
+apiVersion: tekton.dev/v1beta1
+kind: ClusterTask
+metadata:
+  creationTimestamp: null
+  name: ods-build-go-with-sidecar{{.Values.taskSuffix}}
+spec:
+  description: |-
+    Builds Go (module) applications.
+
+    The following steps are executed:
+
+    - check proper formatting against gofmt
+    - linting using golangci-lint
+    - build (using `go-os` and `go-arch` parameters)
+    - test execution
+
+    Tests exclude the vendor directory. Test results are converted into xUnit format.
+
+    Both xUnit report and coverage report are placed into .ods/artifacts.
+
+    After tests ran successfully, the application source code is scanned by SonarQube.
+    When `sonar-quality-gate` is set to `true`, the task will fail if the quality gate
+    is not passed. If SonarQube is not desired, it can be disabled via `sonar-skip`.
+    The SonarQube scan will include parameters to perform a pull request analysis if
+    there is an open pull request for the branch being built. Pull request decoration
+    in Bitbucket is done automatically by SonarQube provided the ALM integration is setup
+    properly in SonarQube.
+
+    **Sidecar variant!** Use this task if you need to run a container next to the build task.
+    For example, this could be used to run a database to allow for integration tests.
+    The sidecar image to must be supplied via `sidecar-image`.
+    Apart from the sidecar, the task is an exact copy of `ods-build-go`.
+  params:
+  - default: .
+    description: |
+      Working directory. The path must be relative to the root of the repository,
+      without leading `./` and trailing `/`.
+    name: working-dir
+    type: string
+  - default: "false"
+    description: Whether to enable CGO. When not enabled the build will set `CGO_ENABLED=0`.
+    name: enable-cgo
+    type: string
+  - default: linux
+    description: '`GOOS` variable (the execution operating system such as `linux`,
+      `windows`).'
+    name: go-os
+    type: string
+  - default: amd64
+    description: '`GOARCH` variable (the execution architecture such as `arm`, `amd64`).'
+    name: go-arch
+    type: string
+  - default: docker
+    description: Path to the directory into which the resulting Go binary should be
+      copied, relative to `working-dir`. This directory may then later be used as
+      Docker context for example.
+    name: output-dir
+    type: string
+  - default: ""
+    description: Script to execute before running tests, relative to the working directory.
+    name: pre-test-script
+    type: string
+  - default: "false"
+    description: Whether the SonarQube quality gate needs to pass for the task to
+      succeed.
+    name: sonar-quality-gate
+    type: string
+  - default: "false"
+    description: Whether to skip SonarQube analysis or not.
+    name: sonar-skip
+    type: string
+  - description: Image to use for sidecar
+    name: sidecar-image
+    type: string
+  sidecars:
+  - image: $(params.sidecar-image)
+    name: sidecar
+    resources: {}
+  steps:
+  - env:
+    - name: DEBUG
+      valueFrom:
+        configMapKeyRef:
+          key: debug
+          name: ods-pipeline
+    image: '{{.Values.registry}}/{{.Values.namespace}}/ods-go-toolset:{{.Values.imageTag}}'
+    name: build-go-binary
+    resources: {}
+    script: |2
+
+      # build-go is build/package/scripts/build-go.sh.
+      build-go \
+        --working-dir=$(params.working-dir) \
+        --enable-cgo=$(params.enable-cgo) \
+        --go-os=$(params.go-os) \
+        --go-arch=$(params.go-arch) \
+        --pre-test-script=$(params.pre-test-script) \
+        --output-dir=$(params.output-dir) \
+        --debug=${DEBUG}
+    workingDir: $(workspaces.source.path)
+  - env:
+    - name: SONAR_URL
+      valueFrom:
+        configMapKeyRef:
+          key: url
+          name: ods-sonar
+    - name: SONAR_AUTH_TOKEN
+      valueFrom:
+        secretKeyRef:
+          key: password
+          name: ods-sonar-auth
+    - name: DEBUG
+      valueFrom:
+        configMapKeyRef:
+          key: debug
+          name: ods-pipeline
+    image: '{{.Values.registry}}/{{.Values.namespace}}/ods-sonar:{{.Values.imageTag}}'
+    name: scan-with-sonar
+    resources: {}
+    script: |
+      if [ "$(params.sonar-skip)" = "true" ]; then
+        echo "Skipping SonarQube analysis"
+      else
+        mkdir -p .ods/artifacts/sonarqube-analysis
+        # sonar is built from cmd/sonar/main.go.
+        sonar \
+          -working-dir=$(params.working-dir) \
+          -quality-gate=$(params.sonar-quality-gate)
+      fi
+    workingDir: $(workspaces.source.path)
+  workspaces:
+  - name: source