Ce contenu n'est pas disponible dans la langue sélectionnée.
Chapter 3. Specifying remote pipelines, tasks, and step actions using resolvers
Pipelines and tasks are reusable blocks for your CI/CD processes. You can reuse pipelines or tasks that you previously developed, or that were developed by others, without having to copy and paste their definitions. These pipelines or tasks can be available from several types of sources, from other namespaces on your cluster to public catalogs.
In a pipeline run resource, you can specify a pipeline from an existing source. In a pipeline resource or a task run resource, you can specify a task from an existing source.
			Step actions, defined in StepAction custom resources (CRs), are reusable actions that a single step within a task completes. When specifying a step, you can reference a StepAction definition from an existing source.
		
			In these cases, the resolvers in Red Hat OpenShift Pipelines retrieve the pipeline, task, or StepAction definition from the specified source at run time.
		
The following resolvers are available in a default installaton of Red Hat OpenShift Pipelines:
- Hub resolver
- 
						Retrieves a task, pipeline, or StepActiondefinition from the Pipelines Catalog available on Artifact Hub or Tekton Hub.
- Bundles resolver
- 
						Retrieves a task, pipeline, or StepActiondefinition from a Tekton bundle, which is an OCI image available from any OCI repository, such as an OpenShift container repository.
- Git resolver
- 
						Retrieves a task, pipeline, or StepActiondefinition from a Git repository. You must specify the repository, the branch, and the path.
- HTTP resolver
- 
						Retrieves a task, pipeline, or StepActiondefinition from a remote HTTP or HTTPS URL. You must specify the URL for authentication.
- Cluster resolver
- 
						Retrieves a task, pipeline, or StepActiondefinition that is already created on the same OpenShift Container Platform cluster in a specific namespace.
			An OpenShift Pipelines installation includes a set of standard tasks that you can use in your pipelines. These tasks are located in the OpenShift Pipelines installation namespace, which is normally the openshift-pipelines namespace. You can use the cluster resolver to access the tasks.
		
			OpenShift Pipelines also provides a standard StepAction definition. You can use the cluster resolver to access this definition.
		
3.1. Specifying a remote pipeline, task, or step action from a Tekton catalog
				You can use the hub resolver to specify a remote pipeline, task, or StepAction definition that is defined either in a public Tekton catalog of Artifact Hub or in an instance of Tekton Hub.
			
The Artifact Hub project is not supported with Red Hat OpenShift Pipelines. Only the configuration of Artifact Hub is supported.
3.1.1. Configuring the hub resolver
You can change the default hub for pulling a resource, and the default catalog settings, by configuring the hub resolver.
Procedure
- To edit the - TektonConfigcustom resource, enter the following command:- oc edit TektonConfig config - $ oc edit TektonConfig config- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- In the - TektonConfigcustom resource, edit the- pipeline.hub-resolver-configspec:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 1
- The default Tekton Hub catalog for pulling a resource.
- 2
- The default Artifact Hub catalog for pulling a task resource.
- 3
- The default Artifact Hub catalog for pulling a pipeline resource.
- 4
- The default object kind for references.
- 5
- The default hub for pulling a resource, eitherartifactfor Artifact Hub ortektonfor Tekton Hub.
- 6
- The Tekton Hub API used, if thedefault-typeoption is set totekton.
- 7
- Optional: The Artifact Hub API used, if thedefault-typeoption is set toartifact.
 Important- If you set the - default-typeoption to- tekton, you must configure your own instance of the Tekton Hub by setting the- tekton-hub-apivalue.- If you set the - default-typeoption to- artifactthen the resolver uses the public hub API at https://artifacthub.io/ by default. You can configure your own Artifact Hub API by setting the- artifact-hub-apivalue.
3.1.2. Specifying a remote pipeline, task, or step action using the hub resolver
					When creating a pipeline run, you can specify a remote pipeline from Artifact Hub or Tekton Hub. When creating a pipeline or a task run, you can specify a remote task from Artifact Hub or Tekton Hub. When creating a step within a task, you can reference a remote StepAction definition from Artifact Hub or Tekton Hub.
				
Procedure
- To specify a remote pipeline, task, or - StepActiondefinition from Artifact Hub or Tekton Hub, use the following reference format in the- pipelineRef,- taskRef, or- step.refspec:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - Expand - Table 3.1. Supported parameters for the hub resolver - Parameter - Description - Example value - catalog- The catalog for pulling the resource. - Default: - tekton-catalog-tasks(for the- taskkind);- tekton-catalog-pipelines(for the- pipelinekind).- type- The type of the catalog for pulling the resource. Either - artifactfor Artifact Hub or- tektonfor Tekton Hub.- Default: - artifact- kind- Either - taskor- pipeline.- Default: - task- name- The name of the task or pipeline to fetch from the hub. - golang-build- version- The version of the task or pipeline to fetch from the hub. You must use quotes ( - ") around the number.- "0.5.0"- If the pipeline or task requires additional parameters, specify values for these parameters in the - paramssection of the specification of the pipeline, pipeline run, or task run. The- paramssection of the- pipelineRefor- taskRefspecification must contain only the parameters that the resolver supports.
Examples
The following example pipeline run references a remote pipeline from a catalog:
The following example pipeline references a remote task from a catalog:
The following example task run references a remote task from a catalog:
					The following example task includes a step that references a StepAction definition from a catalog:
				
3.2. Specifying a remote pipeline, task, or step action from a Tekton bundle
				You can use the bundles resolver to specify a remote pipeline, task, or StepAction definition from a Tekton bundle. A Tekton bundle is an OCI image available from any OCI repository, such as an OpenShift container repository.
			
3.2.1. Configuring the bundles resolver
You can change the default service account name and the default kind for pulling resources from a Tekton bundle by configuring the bundles resolver.
Procedure
- To edit the - TektonConfigcustom resource, enter the following command:- oc edit TektonConfig config - $ oc edit TektonConfig config- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- In the - TektonConfigcustom resource, edit the- pipeline.bundles-resolver-configspec:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
3.2.2. Specifying a remote pipeline, task, or step action using the bundles resolver
					When creating a pipeline run, you can specify a remote pipeline from a Tekton bundle. When creating a pipeline or a task run, you can specify a remote task from a Tekton bundle. When creating a step within a task, you can reference a remote StepAction definition from a Tekton bundle.
				
Procedure
- To specify a remote pipeline, task, or - StepActiondefinition from a Tekton bundle, use the following reference format in the- pipelineRef,- taskRef, or- step.refspec:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - Expand - Table 3.2. Supported parameters for the bundles resolver - Parameter - Description - Example value - serviceAccount- The name of the service account to use when constructing registry credentials. - default- bundle- The bundle URL pointing at the image to fetch. - gcr.io/tekton-releases/catalog/upstream/golang-build:0.1- name- The name of the resource to pull out of the bundle. - golang-build- kind- The kind of the resource to pull out of the bundle. - task- If the pipeline or task requires additional parameters, specify values for these parameters in the - paramssection of the specification of the pipeline, pipeline run, or task run. The- paramssection of the- pipelineRefor- taskRefspecification must contain only the parameters that the resolver supports.
Examples
The following example pipeline run references a remote pipeline from a Tekton bundle:
The following example pipeline references a remote task from a Tekton bundle:
The following example task run references a remote task from a Tekton bundle:
					The following example task includes a step that references a StepAction definition from a Tekton bundle:
				
3.3. Specifying a remote pipeline, task, or step action with anonymous Git cloning
				You can use the Git resolver to access a remote pipeline, task, or StepAction definition from a Git repository. The repository must include a YAML file that defines the pipeline or task. For anonymous access, you can clone repositories with the resolver without needing authentication credentials.
			
3.3.1. Configuring the Git resolver for anonymous Git cloning
If you want to use anonymous Git cloning, you can configure the default Git revision, fetch timeout, and default repository URL for pulling remote pipelines and tasks from a Git repository.
Procedure
- To edit the - TektonConfigcustom resource, enter the following command:- oc edit TektonConfig config - $ oc edit TektonConfig config- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- In the - TektonConfigcustom resource, edit the- pipeline.git-resolver-configspec:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 1
- The default Git revision to use if none is specified.
- 2
- The maximum time any single Git clone resolution may take, for example,1m,2s,700ms. Red Hat OpenShift Pipelines also enforces a global maximum timeout of 1 minute on all resolution requests.
- 3
- The default Git repository URL for anonymous cloning if none is specified.
 
3.3.2. Specifying a remote pipeline, task, or step action by using the Git resolver for anonymous cloning
					When creating a pipeline run, you can specify a remote pipeline from a Git repository by using anonymous cloning. When creating a pipeline or a task run, you can specify a remote task from a Git repository. When creating a step within a task, you can reference a remote StepAction definition from a Git repository.
				
Procedure
- To specify a remote pipeline, task, or - StepActiondefinition from a Git repository, use the following reference format in the- pipelineRef,- taskRef, or- step.refspec:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - Expand - Table 3.3. Supported parameters for the Git resolver - Parameter - Description - Example value - url- The URL of the repository, when using anonymous cloning. - https://github.com/tektoncd/catalog.git- revision- The Git revision in the repository. You can specify a branch name, a tag name, or a commit SHA hash. - aeb957601cf41c012be462827053a21a420befca- main- v0.38.2- pathInRepo- The path name of the YAML file in the repository. - task/golang-build/0.3/golang-build.yamlNote- To clone and fetch the repository anonymously, use the - urlparameter. Do not specify the- urlparameter and the- repoparameter together.- If the pipeline or task requires additional parameters, provide these parameters in - params.
Examples
The following example pipeline run references a remote pipeline from a Git repository:
The following example pipeline references a remote task from a Git repository:
The following example task run references a remote task from a Git repository:
					The following example task includes a step that references a StepAction definition from a Git repository:
				
3.4. Specifying a remote pipeline, task, or step action with an authenticated Git API
				You can specify a remote pipeline, task, or StepAction definition from a Git repository by using the Git resolver. The repository must contain a YAML file that defines the pipeline or task. You can securely access repositories by using an authenticated API, which supports user authentication.
			
3.4.1. Configuring the Git resolver for an authenticated API
For an authenticated Source Control Management (SCM) API, you must set the configuration for the authenticated Git connection.
					You can use Git repository providers that are supported by the go-scm library. Not all go-scm implementations have been tested with the Git resolver, but the following providers are known to work:
				
- 
							github.comand GitHub Enterprise
- 
							gitlab.comand self-hosted Gitlab
- Gitea
- Bitbucket Data Center
- Bitbucket Cloud
- You can configure Git connections by using the authenticated SCM API. You can provide a security token that enables all users on your cluster to access one repository. Additionally, you can specify different SCM providers and tokens for specific pipelines or tasks.
- If you configure the Git resolver to use the authenticated SCM API, you can also use anonymous Git clone references to retrieve pipelines and tasks.
Procedure
- To edit the - TektonConfigcustom resource, enter the following command:- oc edit TektonConfig config - $ oc edit TektonConfig config- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- In the - TektonConfigcustom resource, edit the- pipeline.git-resolver-configspec:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 1
- The default Git revision to use if none is specified.
- 2
- The maximum time any single Git clone resolution may take, for example,1m,2s,700ms. Red Hat OpenShift Pipelines also enforces a global maximum timeout of 1 minute on all resolution requests.
- 3
- The SCM provider type.
- 4
- The base URL for use with the authenticated SCM API. This setting is not required if you are usinggithub.com,gitlab.com, or Bitbucket Cloud.
- 5
- The name of the secret that contains the SCM provider API token.
- 6
- The key within the token secret that contains the token.
- 7
- The namespace containing the token secret, if notdefault.
- 8
- Optional: The default organization for the repository, when using the authenticated API. This organization is used if you do not specify an organization in the resolver parameters.
 
						The scm-type, api-token-secret-name, and api-token-secret-key settings are required to use the authenticated SCM API.
					
3.4.2. Configuring multiple Git providers
You can configure multiple Git providers, or you can add multiple configurations for the same Git provider, to use in different task runs and pipeline runs.
					Add details in the TektonConfig custom resource (CR) with your unique identifier key prefix.
				
Procedure
- Edit the - TektonConfigCR by running the following command:- oc edit TektonConfig config - $ oc edit TektonConfig config- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- In the - TektonConfigCR, edit the- pipeline.git-resolver-configspec:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow Warning- configKeyvalues with the- .symbol are not supported. If you try to pass a- configKeyvalue that contains the- .symbol, the- TaskRunor- PipelineRunresource where you passed the value fails to run.
3.4.3. Specifying a remote pipeline, task, or step action using the Git resolver with the authenticated SCM API
					When creating a pipeline run, you can specify a remote pipeline from a Git repository using the authenticated SCM API. When creating a pipeline or a task run, you can specify a remote task from a Git repository. When creating a step within a task, you can reference a remote StepAction definition from a Git repository.
				
Prerequisites
- If you want to use the authenticated SCM API, you must configure the authenticated Git connection for the Git resolver.
Procedure
- To specify a remote pipeline, task, or - StepActiondefinition from a Git repository, use the following reference format in the- pipelineRef,- taskRef, or- step.refspec:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - Expand - Table 3.4. Supported parameters for the Git resolver - Parameter - Description - Example value - org- The organization for the repository, when using the authenticated SCM API. - tektoncd- repo- The repository name, when using the authenticated SCM API. - test-infra- revision- The Git revision in the repository. You can specify a branch name, a tag name, or a commit SHA hash. - aeb957601cf41c012be462827053a21a420befca- main- v0.38.2- pathInRepo- The path name of the YAML file in the repository. - task/golang-build/0.3/golang-build.yamlNote- To clone and fetch the repository anonymously, use the - urlparameter. To use the authenticated SCM API, use the- repoparameter. Do not specify the- urlparameter and the- repoparameter together.- If the pipeline or task requires additional parameters, specify values for these parameters in the - paramssection of the specification of the pipeline, pipeline run, or task run. The- paramssection of the- pipelineRefor- taskRefspecification must contain only the parameters that the resolver supports.
Examples
The following example pipeline run references a remote pipeline from a Git repository:
The following example pipeline references a remote task from a Git repository:
The following example task run references a remote task from a Git repository:
					The following example task includes a step that references a StepAction definition from a Git repository:
				
3.4.4. Specifying multiple Git providers
					You can specify multiple Git providers by passing the unique configKey parameter when creating TaskRun and PipelineRun resources.
				
					If no configKey parameter is passed, the default configuration is used. You can also specify default configuration by setting the configKey value to default.
				
						configKey values with the . symbol are not supported. If you try to pass a configKey value that contains the . symbol, the TaskRun or PipelineRun resource where you passed the value fails to run.
					
Prerequisites
- 
							Configure multiple Git providers through the Tektonconfigcustom resource. For more information, see "Configuring multiple Git providers".
Procedure
- To specify a Git provider, use the following reference format in the - pipelineRefand- taskRefspec:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 1
- Your unique key that matches one of the configuration keys, for example,test1.
 
3.4.5. Specifying a remote pipeline or task by using the Git resolver with the authenticated SCM API overriding the Git resolver configuration
					You can override the initial configuration settings in specific pipeline runs or tasks to customize the behavior according to different use cases. You can use this method to access an authenticated provider that is not configured in the TektonConfig custom resource (CR).
				
The following example task run references a remote task from a Git repository that overrides the previous resolver configuration:
| Parameter | Description | Example value | 
|---|---|---|
| 
									 | The organization for the repository. | 
									 | 
| repo | The repository name. | catalog | 
| revision | The Git revision in the repository. You can specify a branch name, a tag name, or a commit SHA hash. | main | 
| pathInRepo | The path name of the YAML file in the repository. | task/git-clone/0.6/git-clone.yaml | 
| token | The secret name used for authentication. | my-secret-token | 
| tokenKey | The key name for the token. | token | 
| scmType | The type of SCM (Source Control Management) system. | github | 
| serverURL | The URL of the server hosting the repository. | 
									 | 
3.5. Specifying a remote pipeline, task, or step action by using the HTTP resolver
				You can specify a remote pipeline, task, or StepAction definition from an HTTP or HTTPS URL by using the HTTP resolver. The URL must point to a YAML file that defines the pipeline, task, or step action.
			
3.5.1. Configuring the HTTP resolver
					You can use the HTTP resolver to fetch pipelines or tasks from an HTTP or HTTPS URL. You can configure the default values for the HTTP resolver by editing the TektonConfig custom resource (CR).
				
Procedure
- Edit the - TektonConfigCR by entering the following command:- oc edit TektonConfig config - $ oc edit TektonConfig config- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- In the - TektonConfigCR, edit the- pipeline.http-resolver-configspec:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 1
- The maximum amount of time the HTTP resolver waits for a response from the server.
 
3.5.2. Specifying a remote pipeline, task, or step action with the HTTP Resolver
					When creating a pipeline run, you can specify a remote pipeline from an HTTP or HTTPS URL. When creating a pipeline or a task run, you can specify a remote task from an HTTP or HTTPS URL. When creating a step within a task, you can reference a remote StepAction definition from an HTTP or HTTPS URL.
				
Procedure
- Specify a remote pipeline, task, or - StepActiondefinition from an HTTP or HTTPS URL, using the following format in the- pipelineRef,- taskRef, or- step.refspec:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - Expand - Table 3.6. Supported parameters for the HTTP Resolver - Parameter - Description - Example Value - url- The HTTP URL pointing to the Tekton resource to fetch. - https://raw.githubusercontent.com/openshift-pipelines/tektoncd-catalog/p/tasks/task-git-clone/0.4.1/task-git-clone.yaml
Examples
The following example pipeline run references a remote pipeline from the same cluster:
The following example pipeline defines a task that references a remote task from an HTTPS URL:
The following example task run references a remote task from an HTTPS URL:
					The following example task includes a step that references a StepAction definition from an HTTPS URL:
				
3.6. Specifying a pipeline, task, or step action from the same cluster
				You can use the cluster resolver to specify a pipeline, task, or StepAction definition that is defined in a namespace on the OpenShift Container Platform cluster where Red Hat OpenShift Pipelines is running.
			
				In particular, you can use the cluster resolver to access tasks that OpenShift Pipelines provides in its installation namespace, which is normally the openshift-pipelines namespace.
			
3.6.1. Configuring the cluster resolver
You can change the default kind and namespace for the cluster resolver, or limit the namespaces that the cluster resolver can use.
Procedure
- To edit the - TektonConfigcustom resource, enter the following command:- oc edit TektonConfig config - $ oc edit TektonConfig config- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- In the - TektonConfigcustom resource, edit the- pipeline.cluster-resolver-configspec:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 1
- The default resource kind to fetch, if not specified in parameters.
- 2
- The default namespace for fetching resources, if not specified in parameters.
- 3
- A comma-separated list of namespaces that the resolver is allowed to access. If this key is not defined, all namespaces are allowed.
- 4
- An optional comma-separated list of namespaces which the resolver is blocked from accessing. If this key is not defined, all namespaces are allowed.
 
3.6.2. Specifying a pipeline, task, or step action from the same cluster using the cluster resolver
					When creating a pipeline run, you can specify a pipeline that exists on the same cluster. When creating a pipeline or a task run, you can specify a task that exists on the the same cluster. When creating a step within a task, you can specify a StepAction definition that exists on the the same cluster.
				
Procedure
- To specify a pipeline, task, or - StepActiondefinition from the same cluster, use the following reference format in the- pipelineRef,- taskRef, or- step.refspec:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - Expand - Table 3.7. Supported parameters for the cluster resolver - Parameter - Description - Example value - name- The name of the resource to fetch. - some-pipeline- namespace- The namespace in the cluster containing the resource. - other-namespace- kind- The kind of the resource to fetch. - pipeline- If the pipeline or task requires additional parameters, provide these parameters in - params.
Examples
The following example pipeline run references a pipeline from the same cluster:
The following example pipeline references a task from the same cluster:
The following example task run references a task from the same cluster:
					The following example task includes a step that references a StepAction definition from the same cluster:
				
3.7. Tasks provided in the OpenShift Pipelines namespace
				An OpenShift Pipelines installation includes a set of standard tasks that you can use in your pipelines. These tasks are located in the OpenShift Pipelines installation namespace, which is normally the openshift-pipelines namespace. You can use the cluster resolver to access the tasks.
			
				Until version 1.16, OpenShift Pipelines included ClusterTask functionality. Versions 1.17 and later no longer include this functionality. If your pipelines use ClusterTask references, you can re-create them with the tasks that are available from the OpenShift Pipelines installation namespace by using the cluster resolver. However, certain changes are made in these tasks compared to the previously existing ClusterTask definitions.
			
				You cannot specify a custom execution image in any of the tasks available in the OpenShift Pipelines installation namespace. These tasks do not support parameters such as BUILDER_IMAGE, gitInitImage, or KN_IMAGE. If you want to use a custom execution image, create a copy of the task and replace the image by editing the copy.
			
buildah
				The buildah task builds a source code tree into a container image and then pushes the image to a container registry.
			
Example usage of the buildah task
| Parameter | Description | Type | Default value | 
|---|---|---|---|
| 
								 | Fully qualified container image name to be built by Buildah. | 
								 | |
| 
								 | 
								Path to the  | 
								 | 
								 | 
| 
								 | Path to the directory to use as the context. | 
								 | 
								 | 
| 
								 | Set the Buildah storage driver to reflect the settings of the current cluster node settings. | 
								 | 
								 | 
| 
								 | 
								The format of the container to build, either  | 
								 | 
								 | 
| 
								 | 
								Extra parameters for the  | 
								 | |
| 
								 | 
								Extra parameters for the  | 
								 | |
| 
								 | Skip pushing the image to the container registry. | 
								 | 
								 | 
| 
								 | 
								The TLS verification flag, normally  | 
								 | 
								 | 
| 
								 | Turn on verbose logging; all commands executed are added to the log. | 
								 | 
								 | 
| Workspace | Description | 
|---|---|
| 
								 | 
								Container build context, usually the application source code that includes a  | 
| 
								 | 
								An optional workspace for providing a  | 
| 
								 | 
								An optional workspace for providing the entitlement keys that Buildah uses to access a Red Hat Enterprise Linux (RHEL) subscription. The mounted workspace must contains the  | 
| Result | Type | Description | 
|---|---|---|
| 
								 | 
								 | The fully qualified name of the image that was built. | 
| 
								 | 
								 | Digest of the image that was built. | 
Changes from the buildah ClusterTask
- 
						The VERBOSEparameter was added.
- 
						The BUILDER_IMAGEparameter was removed.
git-cli
				The git-cli task runs the git command-line utility. You can pass the full Git command or several commands to run using the GIT_SCRIPT parameter. If the commands need authentication to a Git repository, for example, in order to complete a push, you must supply the authentication credentials.
			
Example usage of the git-cli task
- 1
- In this example,ssh-workspacemust contain the contents of the.sshdirectory with a valid key for authorization to the Git repository.
| Parameter | Description | Type | Default value | 
|---|---|---|---|
| 
								 | 
								Certificate Authority (CA) bundle filename in the  | 
								 | 
								 | 
| 
								 | HTTP proxy server (non-TLS requests). | 
								 | |
| 
								 | HTTPS proxy server (TLS requests). | 
								 | |
| 
								 | Opt out of proxying HTTP/HTTPS requests. | 
								 | |
| 
								 | 
								Relative path to the  | 
								 | |
| 
								 | Absolute path to the Git user home directory in the pod. | 
								 | 
								 | 
| 
								 | 
								Erase any existing contents of the  | 
								 | 
								 | 
| 
								 | Log all the executed commands. | 
								 | 
								 | 
| 
								 | 
								The global  | 
								 | 
								 | 
| 
								 | Git user name for performing Git operations. | 
								 | |
| 
								 | Git user email for performing Git operations. | 
								 | |
| 
								 | The Git script to run. | 
								 | 
								 | 
| Workspace | Description | 
|---|---|
| 
								 | 
								A  | 
| 
								 | 
								A workspace containing a  | 
| 
								 | A workspace containing CA certificates. If you provide this workspace, Git uses these certificates to verify the peer when interacting with remote repositories using HTTPS. | 
| 
								 | A workspace that contains the fetched Git repository. | 
| 
								 | 
								An optional workspace that contains the files that need to be added to the Git repository. You can access the workspace from your script using  
								 | 
| Result | Type | Description | 
|---|---|---|
| 
								 | 
								 | The SHA digest of the commit that is at the HEAD of the current branch in the cloned Git repository. | 
Changes from the git-cli ClusterTask
- Several new parameters were added.
- 
						The BASE_IMAGEparameter was removed.
- 
						The ssl-ca-directoryworkspace was added.
- 
						The default values for the USER_HOMEandVERBOSEparameters were changed.
- 
						The name of the result was changed from committoCOMMIT.
git-clone
				The git-clone task uses Git to initialize and clone a remote repository on a workspace. You can use this task at the start of a pipeline that builds or otherwise processes this source code.
			
Example usage of the git-clone task
| Parameter | Description | Type | Default value | 
|---|---|---|---|
| 
								 | 
								Certificate Authority (CA) bundle filename in the  | 
								 | 
								 | 
| 
								 | HTTP proxy server (non-TLS requests). | 
								 | |
| 
								 | HTTPS proxy server (TLS requests). | 
								 | |
| 
								 | Opt out of proxying HTTP/HTTPS requests. | 
								 | |
| 
								 | 
								Relative path in the  | 
								 | |
| 
								 | Absolute path to the Git user home directory in the pod. | 
								 | 
								 | 
| 
								 | Delete the contents of the default workspace, if they exist, before running the Git operations. | 
								 | 
								 | 
| 
								 | Log the executed commands. | 
								 | 
								 | 
| 
								 | 
								The global  | 
								 | 
								 | 
| 
								 | Git repository URL. | 
								 | |
| 
								 | The revision to check out, for example, a branch or tag. | 
								 | 
								 | 
| 
								 | 
								The  | 
								 | |
| 
								 | Initialize and fetch Git submodules. | 
								 | 
								 | 
| 
								 | Number of commits to fetch, a "shallow clone" is a single commit. | 
								 | 
								 | 
| 
								 | List of directory patterns, separated by commas, for performing a "sparse checkout". | 
								 | 
| Workspace | Description | 
|---|---|
| 
								 | 
								A  | 
| 
								 | 
								A workspace containing a  | 
| 
								 | A workspace containing CA certificates. If you provide this workspace, Git uses these certificates to verify the peer when interacting with remote repositories using HTTPS. | 
| 
								 | 
								A workspace that contains the fetched git repository, data will be placed on the root of the workspace or on the relative path defined by the  | 
| Result | Type | Description | 
|---|---|---|
| 
								 | 
								 | The SHA digest of the commit that is at the HEAD of the current branch in the cloned Git repository. | 
| 
								 | 
								 | The URL of the repository that was cloned. | 
| 
								 | 
								 | The epoch timestamp of the commit that is at the HEAD of the current branch in the cloned Git repository. | 
Changes from the git-clone ClusterTask
- All parameter names were changed to uppercase.
- All result names were changed to uppercase.
- 
						The gitInitImageparameter was removed.
kn
				The kn task uses the kn command-line utility to complete operations on Knative resources, such as services, revisions, or routes.
			
Example usage of the kn task
| Parameter | Description | Type | Default value | 
|---|---|---|---|
| 
								 | 
								The arguments for the  | 
								 | 
								 | 
Changes from the kn ClusterTask
- 
						The KN_IMAGEparameter was removed.
kn-apply
				The kn-apply task deploys a specified image to a Knative Service. This task uses the kn service apply command to create or update the specified Knative service.
			
Example usage of the kn-apply task
| Parameter | Description | Type | Default value | 
|---|---|---|---|
| 
								 | The Knative service name. | 
								 | |
| 
								 | The fully qualified name of the image to deploy. | 
								 | 
Changes from the kn-apply ClusterTask
- 
						The KN_IMAGEparameter was removed.
maven
				The maven task runs a Maven build.
			
Example usage of the maven task
| Parameter | Description | Type | Default value | 
|---|---|---|---|
| 
								 | The Maven goals to run. | 
								 | 
								 | 
| 
								 | The Maven repository mirror URL. | 
								 | |
| 
								 | 
								The subdirectory within the  | 
								 | 
								 | 
| Workspace | Description | 
|---|---|
| 
								 | The workspace that contains the Maven project. | 
| 
								 | The workspace that contains the secrets for connecting to the Maven server, such as the user name and password. | 
| 
								 | The workspace that contains the credentials for connecting to the proxy server, such as the user name and password. | 
| 
								 | 
								The workspace that contains proxy configuration values, such as  | 
| 
								 | The workspace that contains custom Maven settings. | 
Changes from the maven ClusterTask
- 
						The parameter name CONTEXT_DIRwas changed toSUBDIRECTORY.
- 
						The workspace name maven-settingswas changed tomaven_settings.
openshift-client
				The openshift-client task runs commands using the oc command-line interface. You can use this task to manage an OpenShift Container Platform cluster.
			
Example usage of the openshift-client task
| Parameter | Description | Type | Default value | 
|---|---|---|---|
| 
								 | 
								The  | 
								 | 
								 | 
| 
								 | The OpenShift Container Platform version to use. | 
								 | 
								 | 
| Workspace | Description | 
|---|---|
| 
								 | 
								The workspace containing manifest files that you want to apply using the  | 
| 
								 | 
								An optional workspace in which you can provide a  | 
Changes from the openshift-client ClusterTask
- 
						The workspace name manifest-dirwas changed tomanifest_dir.
- 
						The workspace name kubeconfig-dirwas changed tokubeconfig_dir.
s2i-dotnet
				The s2i-dotnet task builds the source code using the Source to Image (S2I) dotnet builder image, which is available from the OpenShift Container Platform registry as image-registry.openshift-image-registry.svc:5000/openshift/dotnet.
			
Example usage of the s2i-dotnet task
| Parameter | Description | Type | Default value | 
|---|---|---|---|
| 
								 | The fully qualified name for the container image that the S2I process builds. | 
								 | |
| 
								 | The URL containing the default assemble and run scripts for the builder image. | 
								 | 
								 | 
| 
								 | 
								An array of values for environment variables to set in the build process, listed in the  | 
								 | |
| 
								 | 
								Path to the directory within the  | 
								 | 
								 | 
| 
								 | Set the Buildah storage driver to reflect the settings of the current cluster node settings. | 
								 | 
								 | 
| 
								 | 
								The format of the container to build, either  | 
								 | 
								 | 
| 
								 | 
								Extra parameters for the  | 
								 | |
| 
								 | 
								Extra parameters for the  | 
								 | |
| 
								 | Skip pushing the image to the container registry. | 
								 | 
								 | 
| 
								 | 
								The TLS verification flag, normally  | 
								 | 
								 | 
| 
								 | Turn on verbose logging; all commands executed are added to the log. | 
								 | 
								 | 
| 
								 | The tag of the image stream, which corresponds to the language version. | 
								 | 
								 | 
| Workspace | Description | 
|---|---|
| 
								 | The application source code, which is the build context for the S2I workflow. | 
| 
								 | 
								An optional workspace for providing a  | 
| Result | Type | Description | 
|---|---|---|
| 
								 | 
								 | The fully qualified name of the image that was built. | 
| 
								 | 
								 | Digest of the image that was built. | 
s2i-go
				The s2i-go task builds the source code using the S2I Golang builder image, which is available from the OpenShift Container Platform registry as image-registry.openshift-image-registry.svc:5000/openshift/golang.
			
Example usage of the s2i-go task
| Parameter | Description | Type | Default value | 
|---|---|---|---|
| 
								 | The fully qualified name for the container image that the S2I process builds. | 
								 | |
| 
								 | The URL containing the default assemble and run scripts for the builder image. | 
								 | 
								 | 
| 
								 | 
								An array of values for environment variables to set in the build process, listed in the  | 
								 | |
| 
								 | 
								Path to the directory within the  | 
								 | 
								 | 
| 
								 | Set the Buildah storage driver to reflect the settings of the current cluster node settings. | 
								 | 
								 | 
| 
								 | 
								The format of the container to build, either  | 
								 | 
								 | 
| 
								 | 
								Extra parameters for the  | 
								 | |
| 
								 | 
								Extra parameters for the  | 
								 | |
| 
								 | Skip pushing the image to the container registry. | 
								 | 
								 | 
| 
								 | 
								The TLS verification flag, normally  | 
								 | 
								 | 
| 
								 | Turn on verbose logging; all commands executed are added to the log. | 
								 | 
								 | 
| 
								 | The tag of the image stream, which corresponds to the language version. | 
								 | 
								 | 
| Workspace | Description | 
|---|---|
| 
								 | The application source code, which is the build context for the S2I workflow. | 
| 
								 | 
								An optional workspace for providing a  | 
| Result | Type | Description | 
|---|---|---|
| 
								 | 
								 | The fully qualified name of the image that was built. | 
| 
								 | 
								 | Digest of the image that was built. | 
s2i-java
				The s2i-java task builds the source code using the S2I Java builder image, which is available from the OpenShift Container Platform registry as image-registry.openshift-image-registry.svc:5000/openshift/java.
			
| Parameter | Description | Type | Default value | 
|---|---|---|---|
| 
								 | The fully qualified name for the container image that the S2I process builds. | 
								 | |
| 
								 | The URL containing the default assemble and run scripts for the builder image. | 
								 | 
								 | 
| 
								 | 
								An array of values for environment variables to set in the build process, listed in the  | 
								 | |
| 
								 | 
								Path to the directory within the  | 
								 | 
								 | 
| 
								 | Set the Buildah storage driver to reflect the settings of the current cluster node settings. | 
								 | 
								 | 
| 
								 | 
								The format of the container to build, either  | 
								 | 
								 | 
| 
								 | 
								Extra parameters for the  | 
								 | |
| 
								 | 
								Extra parameters for the  | 
								 | |
| 
								 | Skip pushing the image to the container registry. | 
								 | 
								 | 
| 
								 | 
								The TLS verification flag, normally  | 
								 | 
								 | 
| 
								 | Turn on verbose logging; all commands executed are added to the log. | 
								 | 
								 | 
| 
								 | The tag of the image stream, which corresponds to the language version. | 
								 | 
								 | 
| Workspace | Description | 
|---|---|
| 
								 | The application source code, which is the build context for the S2I workflow. | 
| 
								 | 
								An optional workspace for providing a  | 
| Result | Type | Description | 
|---|---|---|
| 
								 | 
								 | The fully qualified name of the image that was built. | 
| 
								 | 
								 | Digest of the image that was built. | 
Changes from the s2i-java ClusterTask
- Several new parameters were added.
- 
						The BUILDER_IMAGE,MAVEN_ARGS_APPEND,MAVEN_CLEAR_REPO, andMAVEN_MIRROR_URLparameters were removed. You can pass theMAVEN_ARGS_APPEND,MAVEN_CLEAR_REPO, andMAVEN_MIRROR_URLvalues as environment variables.
- 
						The parameter name PATH_CONTEXTwas changed toCONTEXT.
- 
						The parameter name TLS_VERIFYwas changed toTLSVERIFY.
- 
						The IMAGE_URLresult was added.
s2i-nodejs
				The s2i-nodejs task builds the source code using the S2I NodeJS builder image, which is available from the OpenShift Container Platform registry as image-registry.openshift-image-registry.svc:5000/openshift/nodejs.
			
Example usage of the s2i-nodejs task
| Parameter | Description | Type | Default value | 
|---|---|---|---|
| 
								 | The fully qualified name for the container image that the S2I process builds. | 
								 | |
| 
								 | The URL containing the default assemble and run scripts for the builder image. | 
								 | 
								 | 
| 
								 | 
								An array of values for environment variables to set in the build process, listed in the  | 
								 | |
| 
								 | 
								Path to the directory within the  | 
								 | 
								 | 
| 
								 | Set the Buildah storage driver to reflect the settings of the current cluster node settings. | 
								 | 
								 | 
| 
								 | 
								The format of the container to build, either  | 
								 | 
								 | 
| 
								 | 
								Extra parameters for the  | 
								 | |
| 
								 | 
								Extra parameters for the  | 
								 | |
| 
								 | Skip pushing the image to the container registry. | 
								 | 
								 | 
| 
								 | 
								The TLS verification flag, normally  | 
								 | 
								 | 
| 
								 | Turn on verbose logging; all commands executed are added to the log. | 
								 | 
								 | 
| 
								 | The tag of the image stream, which corresponds to the language version. | 
								 | 
								 | 
| Workspace | Description | 
|---|---|
| 
								 | The application source code, which is the build context for the S2I workflow. | 
| 
								 | 
								An optional workspace for providing a  | 
| Result | Type | Description | 
|---|---|---|
| 
								 | 
								 | The fully qualified name of the image that was built. | 
| 
								 | 
								 | Digest of the image that was built. | 
s2i-perl
				The s2i-perl task builds the source code using the S2I Perl builder image, which is available from the OpenShift Container Platform registry as image-registry.openshift-image-registry.svc:5000/openshift/perl.
			
Example usage of the s2i-perl task
| Parameter | Description | Type | Default value | 
|---|---|---|---|
| 
								 | The fully qualified name for the container image that the S2I process builds. | 
								 | |
| 
								 | The URL containing the default assemble and run scripts for the builder image. | 
								 | 
								 | 
| 
								 | 
								An array of values for environment variables to set in the build process, listed in the  | 
								 | |
| 
								 | 
								Path to the directory within the  | 
								 | 
								 | 
| 
								 | Set the Buildah storage driver to reflect the settings of the current cluster node settings. | 
								 | 
								 | 
| 
								 | 
								The format of the container to build, either  | 
								 | 
								 | 
| 
								 | 
								Extra parameters for the  | 
								 | |
| 
								 | 
								Extra parameters for the  | 
								 | |
| 
								 | Skip pushing the image to the container registry. | 
								 | 
								 | 
| 
								 | 
								The TLS verification flag, normally  | 
								 | 
								 | 
| 
								 | Turn on verbose logging; all commands executed are added to the log. | 
								 | 
								 | 
| 
								 | The tag of the image stream, which corresponds to the language version. | 
								 | 
								 | 
| Workspace | Description | 
|---|---|
| 
								 | The application source code, which is the build context for the S2I workflow. | 
| 
								 | 
								An optional workspace for providing a  | 
| Result | Type | Description | 
|---|---|---|
| 
								 | 
								 | The fully qualified name of the image that was built. | 
| 
								 | 
								 | Digest of the image that was built. | 
s2i-php
				The s2i-php task builds the source code using the S2I PHP builder image, which is available from the OpenShift Container Platform registry as image-registry.openshift-image-registry.svc:5000/openshift/php.
			
Example usage of the s2i-php task
| Parameter | Description | Type | Default value | 
|---|---|---|---|
| 
								 | The fully qualified name for the container image that the S2I process builds. | 
								 | |
| 
								 | The URL containing the default assemble and run scripts for the builder image. | 
								 | 
								 | 
| 
								 | 
								An array of values for environment variables to set in the build process, listed in the  | 
								 | |
| 
								 | 
								Path to the directory within the  | 
								 | 
								 | 
| 
								 | Set the Buildah storage driver to reflect the settings of the current cluster node settings. | 
								 | 
								 | 
| 
								 | 
								The format of the container to build, either  | 
								 | 
								 | 
| 
								 | 
								Extra parameters for the  | 
								 | |
| 
								 | 
								Extra parameters for the  | 
								 | |
| 
								 | Skip pushing the image to the container registry. | 
								 | 
								 | 
| 
								 | 
								The TLS verification flag, normally  | 
								 | 
								 | 
| 
								 | Turn on verbose logging; all commands executed are added to the log. | 
								 | 
								 | 
| 
								 | The tag of the image stream, which corresponds to the language version. | 
								 | 
								 | 
| Workspace | Description | 
|---|---|
| 
								 | The application source code, which is the build context for the S2I workflow. | 
| 
								 | 
								An optional workspace for providing a  | 
| Result | Type | Description | 
|---|---|---|
| 
								 | 
								 | The fully qualified name of the image that was built. | 
| 
								 | 
								 | Digest of the image that was built. | 
s2i-python
				The s2i-python task builds the source code using the S2I Python builder image, which is available from the OpenShift Container Platform registry as image-registry.openshift-image-registry.svc:5000/openshift/python.
			
Example usage of the s2i-python task
| Parameter | Description | Type | Default value | 
|---|---|---|---|
| 
								 | The fully qualified name for the container image that the S2I process builds. | 
								 | |
| 
								 | The URL containing the default assemble and run scripts for the builder image. | 
								 | 
								 | 
| 
								 | 
								An array of values for environment variables to set in the build process, listed in the  | 
								 | |
| 
								 | 
								Path to the directory within the  | 
								 | 
								 | 
| 
								 | Set the Buildah storage driver to reflect the settings of the current cluster node settings. | 
								 | 
								 | 
| 
								 | 
								The format of the container to build, either  | 
								 | 
								 | 
| 
								 | 
								Extra parameters for the  | 
								 | |
| 
								 | 
								Extra parameters for the  | 
								 | |
| 
								 | Skip pushing the image to the container registry. | 
								 | 
								 | 
| 
								 | 
								The TLS verification flag, normally  | 
								 | 
								 | 
| 
								 | Turn on verbose logging; all commands executed are added to the log. | 
								 | 
								 | 
| 
								 | The tag of the image stream, which corresponds to the language version. | 
								 | 
								 | 
| Workspace | Description | 
|---|---|
| 
								 | The application source code, which is the build context for the S2I workflow. | 
| 
								 | 
								An optional workspace for providing a  | 
| Result | Type | Description | 
|---|---|---|
| 
								 | 
								 | The fully qualified name of the image that was built. | 
| 
								 | 
								 | Digest of the image that was built. | 
s2i-ruby
				The s2i-ruby task builds the source code using the S2I Ruby builder image, which is available from the OpenShift Container Platform registry as image-registry.openshift-image-registry.svc:5000/openshift/ruby.
			
Example usage of the s2i-ruby task
| Parameter | Description | Type | Default value | 
|---|---|---|---|
| 
								 | The fully qualified name for the container image that the S2I process builds. | 
								 | |
| 
								 | The URL containing the default assemble and run scripts for the builder image. | 
								 | 
								 | 
| 
								 | 
								An array of values for environment variables to set in the build process, listed in the  | 
								 | |
| 
								 | 
								Path to the directory within the  | 
								 | 
								 | 
| 
								 | Set the Buildah storage driver to reflect the settings of the current cluster node settings. | 
								 | 
								 | 
| 
								 | 
								The format of the container to build, either  | 
								 | 
								 | 
| 
								 | 
								Extra parameters for the  | 
								 | |
| 
								 | 
								Extra parameters for the  | 
								 | |
| 
								 | Skip pushing the image to the container registry. | 
								 | 
								 | 
| 
								 | 
								The TLS verification flag, normally  | 
								 | 
								 | 
| 
								 | Turn on verbose logging; all commands executed are added to the log. | 
								 | 
								 | 
| 
								 | The tag of the image stream, which corresponds to the language version. | 
								 | 
								 | 
| Workspace | Description | 
|---|---|
| 
								 | The application source code, which is the build context for the S2I workflow. | 
| 
								 | 
								An optional workspace for providing a  | 
| Result | Type | Description | 
|---|---|---|
| 
								 | 
								 | The fully qualified name of the image that was built. | 
| 
								 | 
								 | Digest of the image that was built. | 
skopeo-copy
				The skopeo-copy task executes the skopeo copy command.
			
				Skopeo is a command-line tool for working with remote container image registries, which does not require a daemon or other infrastructure to load and run the images. The skopeo copy command copies an image from one remote registry to another, for example, from an internal registry to a production registry. Skopeo supports authorization on image registries using credentials that you provide.
			
Example usage of the skopeo-copy task
| Parameter | Description | Type | Default value | 
|---|---|---|---|
| 
								 | Fully qualified name, including tag, of the source container image. | 
								 | |
| 
								 | Fully qualified name, including tag, of the destination image to which Skopeo copies the source image. | 
								 | |
| 
								 | 
								The TLS verification flag for the source registry, normally  | 
								 | 
								 | 
| 
								 | 
								The TLS verification flag for the destination registry, normally  | 
								 | 
								 | 
| 
								 | Output debug information to the log. | 
								 | 
								 | 
| Workspace | Description | 
|---|---|
| 
								 | If you want to copy more than one image, use this workspace to provide the image URLs. | 
| Result | Type | Description | 
|---|---|---|
| 
								 | 
								 | The SHA256 digest of the source image. | 
| 
								 | 
								 | The SHA256 digest of the destination image. | 
Changes from the skopeo-copy ClusterTask
- All parameter names were changed to uppercase.
- 
						The VERBOSEparameter was added.
- 
						The workspace name was changed from images-urltoimages_url.
- 
						The SOURCE_DIGESTandDESTINATION_DIGESTresults were added.
tkn
				The tkn task performs operations on Tekton resources using tkn.
			
Example usage of the tkn task
| Parameter | Description | Type | Default value | 
|---|---|---|---|
| 
								 | 
								The  | 
								 | 
								 | 
| 
								 | 
								The  | 
								 | 
								 | 
| Workspace | Description | 
|---|---|
| 
								 | 
								An optional workspace in which you can provide a  | 
Changes from the tkn ClusterTask
- 
						The TKN_IMAGEparameter was removed.
- 
						The workspace name was changed from kubeconfigtokubeconfig_dir.
3.8. Community tasks provided in the OpenShift Pipelines namespace
				By default, an OpenShift Pipelines installation includes a set of community tasks that you can use in your pipelines. These tasks are located in the OpenShift Pipelines installation namespace, which is normally the openshift-pipelines namespace.
			
argocd-task-sync-and-wait
				The argocd-task-sync-and-wait community task deploys an Argo CD application and waits for it to be healthy.
			
				To do so, it requires the following configurations: * The address of the Argo CD server configured in the argocd-env-configmap config map. * The authentication information configured in the argocd-env-secret secret.
			
Example config map with the address information
Example secret with the authentication information
- 1
- Configure either a username and password or an authentication token.
Example usage of the argocd-task-sync-and-wait community task
| Parameter | Description | Default value | 
|---|---|---|
| 
								 | Name of the application to deploy. | |
| 
								 | Revision to deploy. | 
								 | 
| 
								 | 
								 | |
| 
								 | Version of Argo CD. | 
								 | 
helm-upgrade-from-repo
				The helm-upgrade-from-repo community task installs or upgrades a Helm chart in your OpenShift Container Platform cluster based on the given Helm repository and chart.
			
Example usage of the helm-upgrade-from-repo community task
| Parameter | Description | Default value | 
|---|---|---|
| 
								 | Helm repository. | |
| 
								 | Helm chart name to be deployed. | |
| 
								 | Helm release version in semantic versioning format. | 
								 | 
| 
								 | Helm release name. | 
								 | 
| 
								 | Helm release namespace. | 
								 | 
| 
								 | 
								Configuration parameters to overwrite, comma separated. For example:  | 
								 | 
| 
								 | Helm image to be used. | 
								 | 
helm-upgrade-from-source
				The helm-upgrade-from-source community task installs and upgrades a Helm chart in your OpenShift Container Platform cluster based on the given chart and source workspace.
			
Example usage of the helm-upgrade-from-source community task
| Parameter | Description | Default value | 
|---|---|---|
| 
								 | Directory in the source workspace that contains the Helm chart. | |
| 
								 | Helm release version in semantic versioning format. | 
								 | 
| 
								 | Helm release name. | 
								 | 
| 
								 | Helm release namespace. | 
								 | 
| 
								 | 
								Configuration parameters to overwrite, comma separated. For example:  | 
								 | 
| 
								 | File with configuration parameters for Helm. | 
								 | 
| 
								 | Helm image to be used. | 
								 | 
| 
								 | Extra parameters passed for the Helm upgrade command. | 
								 | 
| Workspace | Description | 
|---|---|
| 
								 | The workspace that contains the Helm chart. | 
jib-maven
				The jib-maven community task builds Java, Kotlin, Groovy, and Scala sources into a container image by using the Jib tool for Maven projects.
			
Example usage of the jib-maven community task
| Parameter | Description | Default value | 
|---|---|---|
| 
								 | Name of the image to build. | |
| 
								 | Maven base image. | 
								 | 
| 
								 | Directory containing the app, relative to the source repository root. | 
								 | 
| 
								 | Name of the volume for caching Maven artifacts and base image layers. | 
								 | 
| 
								 | Allow an insecure registry. | 
								 | 
| 
								 | Certificate authority (CA) bundle file name for an insecure registry service. | 
								 | 
| Workspace | Description | 
|---|---|
| 
								 | Workspace that contains the Maven project. | 
| 
								 | Optional workspace that contains SSL certificates. | 
| Result | Type | Description | 
|---|---|---|
| 
								 | 
								 | Digest of the image that was built. | 
Changes from the jib-maven community cluster task
- 
						The default values for the IMAGEandMAVEN_IMAGEparameters were changed.
kubeconfig-creator
				The kubeconfig-creator community task creates a kubeconfig file that other tasks in the pipeline can use for accessing different clusters.
			
Example usage of the kubeconfig-creator community task
| Parameter | Description | Default value | 
|---|---|---|
| 
								 | Name of the cluster to access. | |
| 
								 | Address of the cluster to access. | |
| 
								 | Username for basic authentication to the cluster. | |
| 
								 | Password for basic authentication to the cluster. | 
								 | 
| 
								 | PEM-encoded certificate authority (CA) certificates. | 
								 | 
| 
								 | PEM-encoded data from a client key file for TLS. | 
								 | 
| 
								 | PEM-encoded data from a client certification file for TLS. | 
								 | 
| 
								 | Default namespace to use on unspecified requests. | 
								 | 
| 
								 | Bearer token for authentication to the cluster. | 
								 | 
| 
								 | To indicate whether a server should be accessed without verifying the TLS certificate. | 
								 | 
| Workspace | Description | 
|---|---|
| 
								 | 
								The workspace where the  | 
pull-request
				You can use the pull-request community task to interact with a source control management (SCM) system through an abstracted interface.
			
This community task works with both public SCM instances and self-hosted or enterprise GitHub or GitLab instances.
				In download mode, this task populates the pr workspace with the state of the existing pull request, including the .MANIFEST file.
			
				In upload mode, this task compares the contents of the pr workspace, including the .MANIFEST file, with the content of the pull request and, if the content is different, updates the pull request to match the pr workspace.
			
Example usage of the pull-request community task
| Parameter | Description | Default value | 
|---|---|---|
| 
								 | 
								If set to  | |
| 
								 | URL of the pull request. | |
| 
								 | 
								Type of the SCM system. The supported values are  | |
| 
								 | 
								Name of a  | |
| 
								 | 
								If set to  | 
								 | 
| Workspace | Description | 
|---|---|
| 
								 | The workspace that contains the state of the pull request. | 
trigger-jenkins-job
				You can use the trigger-jenkins-job community task to trigger a Jenkins job by using a curl request.
			
Example usage of the trigger-jenkins-job community task
| Parameter | Description | Default value | 
|---|---|---|
| 
								 | Server URL on which Jenkins is running. | |
| 
								 | Jenkins Job which needs to be triggered. | |
| 
								 | Jenkins secret containing credentials. | 
								 | 
| 
								 | 
								Extra arguments to append as a part of the  | 
								 | 
| Workspace | Description | 
|---|---|
| 
								 | 
								The workspace which can be used to mount files which can be sent through the  | 
3.9. Step action definitions provided with OpenShift Pipelines
				OpenShift Pipelines provides standard StepAction definitions that you can use in your tasks. Use the cluster resolver to reference these definitions.
			
git-clone
				The git-clone step action uses Git to initialize and clone a remote repository on a workspace. You can use this step action to define a task that clones a repository at the start of a pipeline that builds or otherwise processes this source code.
			
Example usage of the git-clone step action in a task
| Parameter | Description | Type | Default value | 
|---|---|---|---|
| 
								 | 
								A directory for the fetched Git repository. Cloned repo data is placed in the root of the directory or in the relative path defined by the  | 
								 | |
| 
								 | 
								A  | 
								 | |
| 
								 | 
								A directory containing a  | 
								 | |
| 
								 | A workspace containing CA certificates. If you provide this workspace, Git uses these certificates to verify the peer when interacting with remote repositories using HTTPS. | 
								 | |
| 
								 | 
								Certificate authority (CA) bundle filename in the  | 
								 | 
								 | 
| 
								 | HTTP proxy server (non-TLS requests). | 
								 | |
| 
								 | HTTPS proxy server (TLS requests). | 
								 | |
| 
								 | Opt out of proxying HTTP/HTTPS requests. | 
								 | |
| 
								 | 
								Relative path in the  | 
								 | |
| 
								 | Absolute path to the Git user home directory in the pod. | 
								 | 
								 | 
| 
								 | Delete the contents of the default workspace, if they exist, before running the Git operations. | 
								 | 
								 | 
| 
								 | Log the executed commands. | 
								 | 
								 | 
| 
								 | 
								The global  | 
								 | 
								 | 
| 
								 | Git repository URL. | 
								 | |
| 
								 | The revision to check out, for example, a branch or tag. | 
								 | 
								 | 
| 
								 | 
								The  | 
								 | |
| 
								 | Initialize and fetch Git submodules. | 
								 | 
								 | 
| 
								 | Number of commits to fetch, a "shallow clone" is a single commit. | 
								 | 
								 | 
| 
								 | List of directory patterns, separated by commas, for performing a "sparse checkout". | 
								 | 
| Result | Type | Description | 
|---|---|---|
| 
								 | 
								 | The SHA digest of the commit that is at the HEAD of the current branch in the cloned Git repository. | 
| 
								 | 
								 | The URL of the repository that was cloned. | 
| 
								 | 
								 | The epoch timestamp of the commit that is at the HEAD of the current branch in the cloned Git repository. | 
cache-upload and cache-fetch
					Using the cache-upload and cache-fetch step actions is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
				
For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.
				Use the cache-upload and cache-fetch step actions to preserve the cache directory where a build process keeps its dependencies, storing it in an Amazon Simple Storage Service (S3) bucket, Google Cloud Services (GCS) bucket, or an Open Container Initiative (OCI) repository.
			
				When you use the cache-upload step action, the step action calculates a hash based on certain files in your build. You must provide a regular expression to select these files. The cache-upload step action stores an image that contains the content of your cache directory, indexed with the hash.
			
				When you use the cache-fetch step action, the step action calculates the same hash. Then it checks whether a cached image for this hash is already available. If the image is available, the step action populates your cache directory with the cached content. If the image is not available, the directory remains as it was.
			
				After using the cache-fetch step action, you can run the build process. If the cache is successfully fetched, it includes the dependencies that the build process downloaded previously. If the cache was not fetched, the build process downloads dependencies through its normal procedure.
			
				The result of cache-fetch indicates whether a cached image was fetched. The subsequent cache-upload step action can use the result and skip uploading a new cache image if the cache for the current hash was already available.
			
The following example task retrieves the source from a repository, fetches the cache (if available), runs a Maven build, and then, if the cache was not fetched, uploads the new cached image of the build directory.
Example usage of the cache-fetch and cache-upload step actions in a task
| Parameter | Description | Type | Default value | 
|---|---|---|---|
| 
								 | 
								Regular expression for selecting files to compute the hash. For example, for a Go project, you can use  | 
								 | |
| 
								 | 
								Source URI for fetching the cache; use  | 
								 | |
| 
								 | Path for extracting the cache content. Normally this path is in a workspace. | 
								 | |
| 
								 | Path where the files for calculating the hash are located. | 
								 | |
| 
								 | 
								If  | 
								 | 
								 | 
| 
								 | The path where Google credentials are located. Ignored if empty. | 
								 | |
| 
								 | Path to the AWS configuration file. Ignored if empty. | 
								 | |
| 
								 | Path to the AWS credentials file. Ignored if empty. | 
								 | |
| 
								 | Blob query parameters for configuring S3, GCS, or Azure. Use these optional parameters for additional features such as S3 acceleration, FIPS, or path-style addressing. | 
								 | 
| Result | Type | Description | 
|---|---|---|
| 
								 | 
								 | 
								 | 
| Parameter | Description | Type | Default value | 
|---|---|---|---|
| 
								 | 
								Regular expression for selecting files to compute the hash. For example, for a Go project, you can use  | 
								 | |
| 
								 | 
								Target URI for uploading the cache; use  | 
								 | |
| 
								 | Path for cache content, which the step packs into the image. Normally this path is in a workspace. | 
								 | |
| 
								 | Path where the files for calculating the hash are located. | 
								 | |
| 
								 | 
								If  | 
								 | 
								 | 
| 
								 | 
								If  | 
								 | 
								 | 
| 
								 | 
								If  | 
								 | 
								 | 
| 
								 | The path where Google credentials are located. Ignored if empty. | 
								 | |
| 
								 | Path to the AWS configuration file. Ignored if empty. | 
								 | |
| 
								 | Path to the AWS credentials file. Ignored if empty. | 
								 | |
| 
								 | Blob query parameters for configuring S3, GCS, or Azure. Use these optional parameters for additional features such as S3 acceleration, FIPS, or path-style addressing. | 
								 | 
				The cache-upload step action returns no results.
			
3.10. About non-versioned and versioned tasks and step actions
				The openshift-pipelines namespace includes versioned tasks and step actions alongside standard non-versioned tasks and step actions. For example, installing the Red Hat OpenShift Pipelines Operator version 1.18 creates the following items:
			
- 
						buildah-1-18-0versioned task
- 
						buildahnon-versioned task
- 
						git-clone-1-18-0versionedStepActiondefinition
- 
						git-clonenon-versionedStepActiondefinition
				Non-versioned and versioned tasks and step actions have the same metadata, behavior, and specifications, including params, workspaces, and steps. However, they behave differently when you disable them or upgrade the Operator.
			
Before adopting non-versioned or versioned tasks and step actions as a standard in production environments, cluster administrators might consider their advantages and disadvantages.
| Advantages | Disadvantages | |
|---|---|---|
| Non-versioned tasks and step actions | 
 | 
 | 
| Versioned tasks and step actions | 
 | 
 | 
Non-versioned and versioned tasks and step actions have different naming conventions, and the Red Hat OpenShift Pipelines Operator upgrades them differently.
| Nomenclature | Upgrade | |
|---|---|---|
| Non-versioned tasks and step actions | 
								Non-versioned tasks and step actions only contain the name of the task or step action. For example, the name of the non-versioned task of Buildah installed with Operator v1.18 is  | When you upgrade the Operator, it updates the non-versioned tasks and step actions with the latest changes. The name remains unchanged. | 
| Versioned tasks and step actions | 
								Versioned tasks and step actions contain the name, followed by the version as a suffix. For example, the name of the versioned task of Buildah installed with Operator v1.18 is  | 
								Upgrading the Operator installs the latest version of versioned tasks and step actions, retains the immediate previous version, and deletes the earlier versions. The latest version corresponds to the upgraded Operator. For example, installing Operator 1.18 installs the  |