Specify Command field for internal containers (creds-init, …)

The `entrypoint` package will try to talk to the remotes for
containers that do not specify `Command` (aka `Entrypoint` in
image-spec).

- This should not be required for internal containers as we are the
  one maintaining it. It should remove so registry call that aren't
  required.
- It fails in some development mode (when using
  `KO_DOCKER_REPO=ko.local`), as the registry might not
  exists (`ko.local`) or not available from the
  cluster (`localhost:5000`, …)

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Signed-off-by: Vincent Demeester <vdemeest@redhat.com>

DEVELOPMENT.md

@@ -49,7 +49,12 @@ You must install these tools:
 1. [`dep`](https://github.com/golang/dep): For managing external Go
    dependencies. - Please Install dep v0.5.0 or greater.
 1. [`ko`](https://github.com/google/go-containerregistry/tree/master/cmd/ko):
-   For development.
+   For development. A recent version of `ko` (after the 23th of
+   February, see
+   [google/go-containerregistry#380](https://github.com/google/go-containerregistry/pull/380))
+   is required for `pipeline` to work correctly.
+
+   won't work).
 1. [`kubectl`](https://kubernetes.io/docs/tasks/tools/install-kubectl/): For
    interacting with your kube cluster
 

pkg/apis/pipeline/v1alpha1/artifact_bucket.go

@@ -82,14 +82,16 @@ func (b *ArtifactBucket) GetCopyFromContainerSpec(name, sourcePath, destinationP
 	envVars, secretVolumeMount := getSecretEnvVarsAndVolumeMounts("bucket", secretVolumeMountPath, b.Secrets)
 
 	return []corev1.Container{{
-		Name:  names.SimpleNameGenerator.RestrictLengthWithRandomSuffix(fmt.Sprintf("artifact-dest-mkdir-%s", name)),
-		Image: *bashNoopImage,
+		Name:    names.SimpleNameGenerator.RestrictLengthWithRandomSuffix(fmt.Sprintf("artifact-dest-mkdir-%s", name)),
+		Image:   *bashNoopImage,
+		Command: []string{"/ko-app/nop"},
 		Args: []string{
 			"-args", strings.Join([]string{"mkdir", "-p", destinationPath}, " "),
 		},
 	}, {
 		Name:         names.SimpleNameGenerator.RestrictLengthWithRandomSuffix(fmt.Sprintf("artifact-copy-from-%s", name)),
 		Image:        *gsutilImage,
+		Command:      []string{"/ko-app/gsutil"},
 		Args:         args,
 		Env:          envVars,
 		VolumeMounts: secretVolumeMount,
@@ -105,6 +107,7 @@ func (b *ArtifactBucket) GetCopyToContainerSpec(name, sourcePath, destinationPat
 	return []corev1.Container{{
 		Name:         names.SimpleNameGenerator.RestrictLengthWithRandomSuffix(fmt.Sprintf("artifact-copy-to-%s", name)),
 		Image:        *gsutilImage,
+		Command:      []string{"/ko-app/gsutil"},
 		Args:         args,
 		Env:          envVars,
 		VolumeMounts: secretVolumeMount,

pkg/apis/pipeline/v1alpha1/artifact_bucket_test.go

@@ -35,12 +35,14 @@ func TestBucketGetCopyFromContainerSpec(t *testing.T) {
 		}},
 	}
 	want := []corev1.Container{{
-		Name:  "artifact-dest-mkdir-workspace-9l9zj",
-		Image: "override-with-bash-noop:latest",
-		Args:  []string{"-args", "mkdir -p /workspace/destination"},
+		Name:    "artifact-dest-mkdir-workspace-9l9zj",
+		Image:   "override-with-bash-noop:latest",
+		Command: []string{"/ko-app/nop"},
+		Args:    []string{"-args", "mkdir -p /workspace/destination"},
 	}, {
 		Name:         "artifact-copy-from-workspace-mz4c7",
 		Image:        "override-with-gsutil-image:latest",
+		Command:      []string{"/ko-app/gsutil"},
 		Args:         []string{"-args", "cp -r gs://fake-bucket/src-path/* /workspace/destination"},
 		Env:          []corev1.EnvVar{{Name: "GOOGLE_APPLICATION_CREDENTIALS", Value: "/var/bucketsecret/secret1/serviceaccount"}},
 		VolumeMounts: []corev1.VolumeMount{{Name: "volume-bucket-secret1", MountPath: "/var/bucketsecret/secret1"}},
@@ -65,6 +67,7 @@ func TestBucketGetCopyToContainerSpec(t *testing.T) {
 	want := []corev1.Container{{
 		Name:         "artifact-copy-to-workspace-9l9zj",
 		Image:        "override-with-gsutil-image:latest",
+		Command:      []string{"/ko-app/gsutil"},
 		Args:         []string{"-args", "cp -r src-path gs://fake-bucket/workspace/destination"},
 		Env:          []corev1.EnvVar{{Name: "GOOGLE_APPLICATION_CREDENTIALS", Value: "/var/bucketsecret/secret1/serviceaccount"}},
 		VolumeMounts: []corev1.VolumeMount{{Name: "volume-bucket-secret1", MountPath: "/var/bucketsecret/secret1"}},

pkg/apis/pipeline/v1alpha1/artifact_pvc.go

@@ -49,24 +49,28 @@ func (p *ArtifactPVC) StorageBasePath(pr *PipelineRun) string {
 // GetCopyFromContainerSpec returns a container used to download artifacts from temporary storage
 func (p *ArtifactPVC) GetCopyFromContainerSpec(name, sourcePath, destinationPath string) []corev1.Container {
 	return []corev1.Container{{
-		Name:  names.SimpleNameGenerator.RestrictLengthWithRandomSuffix(fmt.Sprintf("source-copy-%s", name)),
-		Image: *bashNoopImage,
-		Args:  []string{"-args", strings.Join([]string{"cp", "-r", fmt.Sprintf("%s/.", sourcePath), destinationPath}, " ")},
+		Name:    names.SimpleNameGenerator.RestrictLengthWithRandomSuffix(fmt.Sprintf("source-copy-%s", name)),
+		Image:   *bashNoopImage,
+		Command: []string{"/ko-app/nop"},
+		Args:    []string{"-args", strings.Join([]string{"cp", "-r", fmt.Sprintf("%s/.", sourcePath), destinationPath}, " ")},
 	}}
 }
 
 // GetCopyToContainerSpec returns a container used to upload artifacts for temporary storage
 func (p *ArtifactPVC) GetCopyToContainerSpec(name, sourcePath, destinationPath string) []corev1.Container {
 	return []corev1.Container{{
-		Name:  names.SimpleNameGenerator.RestrictLengthWithRandomSuffix(fmt.Sprintf("source-mkdir-%s", name)),
-		Image: *bashNoopImage,
+		Name:    names.SimpleNameGenerator.RestrictLengthWithRandomSuffix(fmt.Sprintf("source-mkdir-%s", name)),
+		Image:   *bashNoopImage,
+		Command: []string{"/ko-app/nop"},
 		Args: []string{
+
 			"-args", strings.Join([]string{"mkdir", "-p", destinationPath}, " "),
 		},
 		VolumeMounts: []corev1.VolumeMount{getPvcMount(p.Name)},
 	}, {
-		Name:  names.SimpleNameGenerator.RestrictLengthWithRandomSuffix(fmt.Sprintf("source-copy-%s", name)),
-		Image: *bashNoopImage,
+		Name:    names.SimpleNameGenerator.RestrictLengthWithRandomSuffix(fmt.Sprintf("source-copy-%s", name)),
+		Image:   *bashNoopImage,
+		Command: []string{"/ko-app/nop"},
 		Args: []string{
 			"-args", strings.Join([]string{"cp", "-r", fmt.Sprintf("%s/.", sourcePath), destinationPath}, " "),
 		},
@@ -84,9 +88,10 @@ func getPvcMount(name string) corev1.VolumeMount {
 // CreateDirContainer returns a container step to create a dir
 func CreateDirContainer(name, destinationPath string) corev1.Container {
 	return corev1.Container{
-		Name:  names.SimpleNameGenerator.RestrictLengthWithRandomSuffix(fmt.Sprintf("create-dir-%s", name)),
-		Image: *bashNoopImage,
-		Args:  []string{"-args", strings.Join([]string{"mkdir", "-p", destinationPath}, " ")},
+		Name:    names.SimpleNameGenerator.RestrictLengthWithRandomSuffix(fmt.Sprintf("create-dir-%s", name)),
+		Image:   *bashNoopImage,
+		Command: []string{"/ko-app/nop"},
+		Args:    []string{"-args", strings.Join([]string{"mkdir", "-p", destinationPath}, " ")},
 	}
 }
 

pkg/apis/pipeline/v1alpha1/artifact_pvc_test.go

@@ -32,9 +32,10 @@ func TestPVCGetCopyFromContainerSpec(t *testing.T) {
 		Name: "pipelinerun-pvc",
 	}
 	want := []corev1.Container{{
-		Name:  "source-copy-workspace-9l9zj",
-		Image: "override-with-bash-noop:latest",
-		Args:  []string{"-args", "cp -r src-path/. /workspace/destination"},
+		Name:    "source-copy-workspace-9l9zj",
+		Image:   "override-with-bash-noop:latest",
+		Command: []string{"/ko-app/nop"},
+		Args:    []string{"-args", "cp -r src-path/. /workspace/destination"},
 	}}
 
 	got := pvc.GetCopyFromContainerSpec("workspace", "src-path", "/workspace/destination")
@@ -52,11 +53,13 @@ func TestPVCGetCopyToContainerSpec(t *testing.T) {
 	want := []corev1.Container{{
 		Name:         "source-mkdir-workspace-9l9zj",
 		Image:        "override-with-bash-noop:latest",
+		Command:      []string{"/ko-app/nop"},
 		Args:         []string{"-args", "mkdir -p /workspace/destination"},
 		VolumeMounts: []corev1.VolumeMount{{MountPath: "/pvc", Name: "pipelinerun-pvc"}},
 	}, {
 		Name:         "source-copy-workspace-mz4c7",
 		Image:        "override-with-bash-noop:latest",
+		Command:      []string{"/ko-app/nop"},
 		Args:         []string{"-args", "cp -r src-path/. /workspace/destination"},
 		VolumeMounts: []corev1.VolumeMount{{MountPath: "/pvc", Name: "pipelinerun-pvc"}},
 	}}
@@ -71,9 +74,10 @@ func TestPVCGetMakeDirContainerSpec(t *testing.T) {
 	names.TestingSeed()
 
 	want := corev1.Container{
-		Name:  "create-dir-workspace-9l9zj",
-		Image: "override-with-bash-noop:latest",
-		Args:  []string{"-args", "mkdir -p /workspace/destination"},
+		Name:    "create-dir-workspace-9l9zj",
+		Image:   "override-with-bash-noop:latest",
+		Command: []string{"/ko-app/nop"},
+		Args:    []string{"-args", "mkdir -p /workspace/destination"},
 	}
 	got := CreateDirContainer("workspace", "/workspace/destination")
 	if d := cmp.Diff(got, want); d != "" {

pkg/apis/pipeline/v1alpha1/build_gcs_resource_test.go

@@ -222,9 +222,10 @@ func Test_BuildGCSGetDownloadContainerSpec(t *testing.T) {
 			ArtifactType:   "Archive",
 		},
 		wantContainers: []corev1.Container{{
-			Name:  "create-dir-gcs-valid-9l9zj",
-			Image: "override-with-bash-noop:latest",
-			Args:  []string{"-args", "mkdir -p /workspace"},
+			Name:    "create-dir-gcs-valid-9l9zj",
+			Image:   "override-with-bash-noop:latest",
+			Command: []string{"/ko-app/nop"},
+			Args:    []string{"-args", "mkdir -p /workspace"},
 		}, {
 			Name:  "storage-fetch-gcs-valid-mz4c7",
 			Image: "gcr.io/cloud-builders/gcs-fetcher:latest",

pkg/apis/pipeline/v1alpha1/cluster_resource.go

@@ -168,8 +168,9 @@ func (s *ClusterResource) GetDownloadContainerSpec() ([]corev1.Container, error)
 	}
 
 	clusterContainer := corev1.Container{
-		Name:  names.SimpleNameGenerator.RestrictLengthWithRandomSuffix("kubeconfig"),
-		Image: *kubeconfigWriterImage,
+		Name:    names.SimpleNameGenerator.RestrictLengthWithRandomSuffix("kubeconfig"),
+		Image:   *kubeconfigWriterImage,
+		Command: []string{"/ko-app/kubeconfigwriter"},
 		Args: []string{
 			"-clusterConfig", s.String(),
 		},

pkg/apis/pipeline/v1alpha1/cluster_resource_test.go

@@ -198,9 +198,10 @@ func Test_ClusterResource_GetDownloadContainerSpec(t *testing.T) {
 			}},
 		},
 		wantContainers: []corev1.Container{{
-			Name:  "kubeconfig-9l9zj",
-			Image: "override-with-kubeconfig-writer:latest",
-			Args:  []string{"-clusterConfig", `{"name":"test-cluster-resource","type":"cluster","url":"http://10.10.10.10","revision":"","username":"","password":"","token":"","Insecure":false,"cadata":null,"secrets":[{"fieldName":"cadata","secretKey":"cadatakey","secretName":"secret1"}]}`},
+			Name:    "kubeconfig-9l9zj",
+			Image:   "override-with-kubeconfig-writer:latest",
+			Command: []string{"/ko-app/kubeconfigwriter"},
+			Args:    []string{"-clusterConfig", `{"name":"test-cluster-resource","type":"cluster","url":"http://10.10.10.10","revision":"","username":"","password":"","token":"","Insecure":false,"cadata":null,"secrets":[{"fieldName":"cadata","secretKey":"cadatakey","secretName":"secret1"}]}`},
 			Env: []corev1.EnvVar{{
 				Name: "CADATA",
 				ValueFrom: &corev1.EnvVarSource{

pkg/apis/pipeline/v1alpha1/gcs_resource.go

@@ -121,6 +121,7 @@ func (s *GCSResource) GetUploadContainerSpec() ([]corev1.Container, error) {
 	return []corev1.Container{{
 		Name:         names.SimpleNameGenerator.RestrictLengthWithRandomSuffix(fmt.Sprintf("upload-%s", s.Name)),
 		Image:        *gsutilImage,
+		Command:      []string{"/ko-app/gsutil"},
 		Args:         args,
 		VolumeMounts: secretVolumeMount,
 		Env:          envVars,
@@ -144,6 +145,7 @@ func (s *GCSResource) GetDownloadContainerSpec() ([]corev1.Container, error) {
 		CreateDirContainer(s.Name, s.DestinationDir), {
 			Name:         names.SimpleNameGenerator.RestrictLengthWithRandomSuffix(fmt.Sprintf("fetch-%s", s.Name)),
 			Image:        *gsutilImage,
+			Command:      []string{"/ko-app/gsutil"},
 			Args:         args,
 			Env:          envVars,
 			VolumeMounts: secretVolumeMount,

pkg/apis/pipeline/v1alpha1/gcs_resource_test.go

@@ -230,13 +230,15 @@ func Test_GetDownloadContainerSpec(t *testing.T) {
 			}},
 		},
 		wantContainers: []corev1.Container{{
-			Name:  "create-dir-gcs-valid-9l9zj",
-			Image: "override-with-bash-noop:latest",
-			Args:  []string{"-args", "mkdir -p /workspace"},
+			Name:    "create-dir-gcs-valid-9l9zj",
+			Image:   "override-with-bash-noop:latest",
+			Command: []string{"/ko-app/nop"},
+			Args:    []string{"-args", "mkdir -p /workspace"},
 		}, {
-			Name:  "fetch-gcs-valid-mz4c7",
-			Image: "override-with-gsutil-image:latest",
-			Args:  []string{"-args", "cp -r gs://some-bucket/* /workspace"},
+			Name:    "fetch-gcs-valid-mz4c7",
+			Image:   "override-with-gsutil-image:latest",
+			Command: []string{"/ko-app/gsutil"},
+			Args:    []string{"-args", "cp -r gs://some-bucket/* /workspace"},
 			Env: []corev1.EnvVar{{
 				Name:  "GOOGLE_APPLICATION_CREDENTIALS",
 				Value: "/var/secret/secretName/key.json",
@@ -263,13 +265,15 @@ func Test_GetDownloadContainerSpec(t *testing.T) {
 			}},
 		},
 		wantContainers: []corev1.Container{{
-			Name:  "create-dir-gcs-valid-mssqb",
-			Image: "override-with-bash-noop:latest",
-			Args:  []string{"-args", "mkdir -p /workspace"},
+			Name:    "create-dir-gcs-valid-mssqb",
+			Image:   "override-with-bash-noop:latest",
+			Command: []string{"/ko-app/nop"},
+			Args:    []string{"-args", "mkdir -p /workspace"},
 		}, {
-			Name:  "fetch-gcs-valid-78c5n",
-			Image: "override-with-gsutil-image:latest",
-			Args:  []string{"-args", "cp gs://some-bucket /workspace"},
+			Name:    "fetch-gcs-valid-78c5n",
+			Image:   "override-with-gsutil-image:latest",
+			Command: []string{"/ko-app/gsutil"},
+			Args:    []string{"-args", "cp gs://some-bucket /workspace"},
 			Env: []corev1.EnvVar{{
 				Name:  "GOOGLE_APPLICATION_CREDENTIALS",
 				Value: "/var/secret/secretName/key.json",
@@ -322,10 +326,11 @@ func Test_GetUploadContainerSpec(t *testing.T) {
 			}},
 		},
 		wantContainers: []corev1.Container{{
-			Name:  "upload-gcs-valid-9l9zj",
-			Image: "override-with-gsutil-image:latest",
-			Args:  []string{"-args", "cp -r /workspace/* gs://some-bucket"},
-			Env:   []corev1.EnvVar{{Name: "GOOGLE_APPLICATION_CREDENTIALS", Value: "/var/secret/secretName/key.json"}},
+			Name:    "upload-gcs-valid-9l9zj",
+			Image:   "override-with-gsutil-image:latest",
+			Command: []string{"/ko-app/gsutil"},
+			Args:    []string{"-args", "cp -r /workspace/* gs://some-bucket"},
+			Env:     []corev1.EnvVar{{Name: "GOOGLE_APPLICATION_CREDENTIALS", Value: "/var/secret/secretName/key.json"}},
 			VolumeMounts: []corev1.VolumeMount{{
 				Name:      "volume-gcs-valid-secretName",
 				MountPath: "/var/secret/secretName",
@@ -348,9 +353,10 @@ func Test_GetUploadContainerSpec(t *testing.T) {
 			}},
 		},
 		wantContainers: []corev1.Container{{
-			Name:  "upload-gcs-valid-mz4c7",
-			Image: "override-with-gsutil-image:latest",
-			Args:  []string{"-args", "cp /workspace/* gs://some-bucket"},
+			Name:    "upload-gcs-valid-mz4c7",
+			Image:   "override-with-gsutil-image:latest",
+			Command: []string{"/ko-app/gsutil"},
+			Args:    []string{"-args", "cp /workspace/* gs://some-bucket"},
 			Env: []corev1.EnvVar{
 				{Name: "GOOGLE_APPLICATION_CREDENTIALS", Value: "/var/secret/secretName/key.json"},
 			},
@@ -368,9 +374,10 @@ func Test_GetUploadContainerSpec(t *testing.T) {
 			TypeDir:        false,
 		},
 		wantContainers: []corev1.Container{{
-			Name:  "upload-gcs-valid-mssqb",
-			Image: "override-with-gsutil-image:latest",
-			Args:  []string{"-args", "cp /workspace/* gs://some-bucket"},
+			Name:    "upload-gcs-valid-mssqb",
+			Image:   "override-with-gsutil-image:latest",
+			Command: []string{"/ko-app/gsutil"},
+			Args:    []string{"-args", "cp /workspace/* gs://some-bucket"},
 		}},
 	}, {
 		name: "invalid upload with no source directory path",

pkg/apis/pipeline/v1alpha1/git_resource.go

@@ -115,6 +115,7 @@ func (s *GitResource) GetDownloadContainerSpec() ([]corev1.Container, error) {
 	return []corev1.Container{{
 		Name:       names.SimpleNameGenerator.RestrictLengthWithRandomSuffix(gitSource + "-" + s.Name),
 		Image:      *gitImage,
+		Command:    []string{"/ko-app/git-init"},
 		Args:       args,
 		WorkingDir: workspaceDir,
 	}}, nil