{"id":5819,"date":"2024-03-18T11:01:20","date_gmt":"2024-03-18T10:01:20","guid":{"rendered":"https:\/\/onlu.ch\/tekton-cicd-example-project-pipeline-design-implementation-part-2-3\/"},"modified":"2025-07-18T12:02:05","modified_gmt":"2025-07-18T10:02:05","slug":"tekton-cicd-example-project-pipeline-design-implementation-part-2-3","status":"publish","type":"post","link":"https:\/\/onlu.ch\/en\/tekton-cicd-example-project-pipeline-design-implementation-part-2-3\/","title":{"rendered":"Tekton CICD example project – Pipeline design & implementation (part 2\/3)"},"content":{"rendered":"\n
\n
\n
\n

In this second part of the Tekton CICD example project, we’ll delve into the design and implementation of the CI\/CD pipeline. We’ll walk through an example project, demonstrating how to structure and orchestrate the various stages of the pipeline to streamline the software delivery lifecycle. <\/p>\n\n\n\n

Our example project focuses on a simple application built with Go, a popular programming language for building scalable and efficient software. We’ll explore how Tekton pipelines can be leveraged to automate tasks such as linting, uni- and integration testing, building container images, packaging helm charts, and deploying to desired environments. <\/p>\n<\/div>\n\n\n\n

\n
\"\"<\/figure>\n<\/div>\n<\/div>\n\n\n\n

1 Pipeline overview<\/h3>\n\n\n\n

Let us have a look at a common pattern of a pipeline strategy you can face.<\/p>\n\n\n\n

Feature branch<\/h4>\n\n\n\n

When committing changes to a feature branch, the pipeline initiates with the following stages:1. Notify GitHub<\/strong>: This very first step will notify github via status-api the beginning of a build.2. Lint and test<\/strong>: The code changes are linted and subjected to unit or integration tests.3. Go build<\/strong>: If the linting and tests pass successfully, the code is built using the Go compiler.4. Notify GitHub<\/strong>: This last step will notify github via status-api the status of the build.<\/p>\n\n\n\n

Main branch<\/h4>\n\n\n\n

Commits to the main branch initiate the following stages:<\/p>\n\n\n\n

1. Notify GitHub<\/strong>: This very first step will notify github via status-api the beginning of a build.2. Lint and test<\/strong>: The code changes are lined and subjected to unit or integration tests.3. Go build<\/strong>: If the linting and tests pass successfully, the code is built using the Go compiler.4. Container image build<\/strong>: The built code is containerized into a container image tagged as the latest<\/strong> version and pushed to a container registry.5. Helm chart package<\/strong>: The helmet chart is packaged and published as latest<\/strong> to a central location.6. Deploy to dev stage<\/strong>: This step is used to deploy the latest<\/strong> version into the dev<\/strong> namespace on the current kubernetes cluster.7. Notify GitHub<\/strong>: This last step will notify github via status-api the status of the build.<\/p>\n\n\n\n

Git tag created<\/h4>\n\n\n\n

When a Git tag is created, indicating a release version, the following stages are executed:1. Notify GitHub<\/strong>: This very first step will notify github via status-api the beginning of a build2. Lint and test<\/strong>: The code changes are lined and subjected to unit or integration tests. 3. Go build<\/strong>: If the linting and tests pass successfully, the code is built using the Go compiler.4. Container image build<\/strong>: The built code is containerized into a container image tagged as the latest<\/strong> version and pushed to a container registry.5. Helm chart package<\/strong>: The helm chart versioned based on the created git-tag<\/strong> is packaged and published to a central location.6. Deploy to qa stage<\/strong>: This step is used to deploy the git-tag<\/strong> version into the qa<\/strong> namespace on the current kubernetes cluster.7. Notify GitHub<\/strong>: This last step will notify github via status-api the status of the build.<\/p>\n<\/div><\/div>\n\n

<\/div>\n\n
\n
\"\"<\/figure>\n\n\n\n

2 Pipeline implementation<\/h3>\n\n\n\n

Now that we have designed our CI\/CD pipeline using Tekton, let’s dive into its implementation details. Our pipeline is structured to automate the build, test, and deployment processes for a Go-based application. Below, we’ll explore each component and configuration file involved in our pipeline setup. <\/p>\n\n\n\n

Directory structure<\/h4>\n\n\n\n
\n.\n|-- pipelines\n|   `-- 7.02-go-pipeline.yaml\n|-- rbac\n|   |-- 7.02-rbac-deployer.yaml\n|   `-- 7.02-rbac-trigger.yaml\n|-- secrets\n|   |-- 7.02-github-interceptor-secret.yaml\n|   |-- 7.02-github-repo-secret.yaml\n|   |-- 7.02-github-status-api-secret.yaml\n|   `-- 7.02-quay-secret.yaml\n|-- tasks\n|   `-- 7.02-helm-build-push.yaml\n`-- trigger\n    |-- 7.02-eventlistener.yaml\n    |-- 7.02-tb.yaml\n    |-- 7.02-trigger.yaml\n    `-- 7.02-tt.yaml\n<\/pre>\n\n\n\n
.\/pipelines<\/strong>: Contains the Tekton pipeline configuration file. .\/rbac<\/strong>: Contains the rbac for the trigger and the deployer service-account .\/secrets<\/strong>: Includes secrets such as for quay & github. .\/tasks<\/strong>: Holds self-maintained task definitions used within the pipeline. .\/trigger<\/strong>: Contains configuration files for triggering pipeline execution.<\/p>\n\n\n\n
3 Pipeline definition<\/h3>\n\n\n\n
Our pipeline configuration is defined in the 7.02-go-pipeline.yaml<\/code> file. This file outlines the workflow of our CI\/CD pipeline. <\/p>\n\n\n\n
7.02-go-pipeline.yaml<\/code><\/summary>\n
\napiVersion: tekton.dev\/v1beta1\nkind: Pipeline\nmetadata:\n  name: 7-02-go-pipeline\n  namespace: default\nspec:\n  workspaces:\n    - name: shared-workspace\n    - name: helm-workspace\n    - name: dockerconfig-ws\n  params:\n    - name: git-url\n      description: Git Repo to checkout the desired git repository\n      type: string\n    - name: git-revision\n      description: Revision to be used from repo of the code for building and testing\n      type: string\n      default: main\n    - name: git-repo-full-name\n      description: Used to leverage git status api\n      type: string\n    - name: is-main-branch\n      description: Flag to be used for conditional pipeline executing (CI CD up to dev namespace)\n      type: string\n      default: false\n    - name: is-git-tag\n      description: Flag to be used for conditional pipeline executing (CI CD up to qa namespace)\n      type: string\n      default: false\n    - name: image-repository\n      description: Image registry where images are going to be pushed\n      type: string\n      default: quay.io\/christoph_linse\n    - name: app-name\n      description: App name to be used for container-image and helm-chart build\n      type: string\n    - name: image-tag\n      description: Container-image tag to be used\n      type: string\n      default: latest\n    - name: chart-tag\n      description: Default helm-chart tag to be used\n      type: string\n      default: 1.0.0\n    - name: golang-version\n      description: Version of golang to be used\n      type: string\n      default: \"1.22\"\n  tasks:\n    - name: notify-github\n      taskRef:\n        name: github-set-status\n      params:\n        - name: REPO_FULL_NAME\n          value: \"$(params.git-repo-full-name)\"\n        - name: SHA\n          value: \"$(params.git-revision)\"\n        - name: DESCRIPTION\n          value: \"Build has started\"\n        - name: STATE\n          value: pending\n        - name: TARGET_URL\n          value: \"http:\/\/localhost:9097\/#\/pipelineruns\"\n    - name: fetch-source\n      taskRef:\n        name: git-clone\n      params:\n        - name: url\n          value: $(params.git-url)\n        - name: deleteExisting\n          value: \"true\"\n        - name: revision\n          value: $(params.git-revision)\n      workspaces:\n        - name: output\n          workspace: shared-workspace\n    - name: test-code\n      taskRef:\n        name: golang-test\n      params:\n        - name: package\n          value: \"$(params.app-name)\"\n        - name: version\n          value: \"$(params.golang-version)\"\n      workspaces:\n        - name: source\n          workspace: shared-workspace\n      runAfter:\n        - fetch-source\n    - name: lint-code\n      taskRef:\n        name: golangci-lint\n      params:\n        - name: package\n          value: \"$(params.app-name)\"\n        - name: flags\n          value: --verbose\n        - name: version\n          value: \"v$(params.golang-version)\"\n      workspaces:\n        - name: source\n          workspace: shared-workspace\n      runAfter:\n        - fetch-source\n    - name: build-image\n      taskRef:\n        name: buildah\n      params:\n        - name: IMAGE\n          value: $(params.image-repository)\/$(params.app-name):$(params.image-tag)\n      workspaces:\n        - name: source\n          workspace: shared-workspace\n        - name: dockerconfig\n          workspace: dockerconfig-ws\n      runAfter:\n        - lint-code\n        - test-code\n      when:\n        - input: \"true\"\n          operator: in\n          values: [ \"$(params.is-main-branch)\", \"$(params.is-git-tag)\" ]\n    - name: build-helm\n      taskRef:\n        name: 7-02-helm-build-push\n      params:\n        - name: HELM_CHART_NAME\n          value: \"$(params.app-name)\"\n        - name: HELM_CHART_TAG\n          value: \"$(params.chart-tag)\"\n      workspaces:\n        - name: source\n          workspace: shared-workspace\n        - name: helm-repo\n          workspace: helm-workspace\n      runAfter:\n        - build-image\n      when:\n        - input: \"true\"\n          operator: in\n          values: [ \"$(params.is-main-branch)\", \"$(params.is-git-tag)\" ]\n    - name: deploy-dev\n      taskRef:\n        name: helm-upgrade-from-repo\n      params:\n        - name: helm_repo\n          value: https:\/\/c-linse.github.io\/tekton-course-charts\n        - name: chart_name\n          value: \"tekton-course-charts\/$(params.app-name)\"\n        - name: release_version\n          value: \"$(params.chart-tag)\"\n        - name: release_name\n          value: \"$(params.app-name)\"\n        - name: release_namespace\n          value: dev\n      runAfter:\n        - build-helm\n      when:\n        - input: \"true\"\n          operator: in\n          values: [ \"$(params.is-main-branch)\" ]\n    - name: deploy-qa\n      taskRef:\n        name: helm-upgrade-from-repo\n      params:\n        - name: helm_repo\n          value: https:\/\/c-linse.github.io\/tekton-course-charts\n        - name: chart_name\n          value: \"tekton-course-charts\/$(params.app-name)\"\n        - name: release_version\n          value: \"$(params.chart-tag)\"\n        - name: release_name\n          value: \"$(params.app-name)\"\n        - name: release_namespace\n          value: qa\n      runAfter:\n        - build-helm\n      when:\n        - input: \"true\"\n          operator: in\n          values: [ \"$(params.is-git-tag)\" ]\n  finally:\n    - name: notify-git-state-success\n      taskRef:\n        name: github-set-status\n      when:\n        - input: \"$(tasks.status)\"\n          operator: notin\n          values: [ \"Failed\" ]\n      params:\n        - name: REPO_FULL_NAME\n          value: \"$(params.git-repo-full-name)\"\n        - name: SHA\n          value: \"$(params.git-revision)\"\n        - name: DESCRIPTION\n          value: \"Build has been successful\"\n        - name: STATE\n          value: success\n        - name: TARGET_URL\n          value: \"http:\/\/localhost:9097\/#\/pipelineruns\"\n<\/pre>\n<\/details>\n\n\n\n
Key features of go-pipeline:<\/h4>\n\n\n\n