Generating Preview Environments with Tekton

On Pipelines as Code we started to get a nice documentation website on : https://pipelinesascode.com The website is statically generated with Hugo and hosted on CloudFares Pages using the markdown files from the repository. So far that’s a pretty standard stack, but what we wanted is to be able to get preview URLS like on Netlify or other CIs There is a nice check box, that says “Generate Preview URL on Pull Request” which seems to do what we want but it doesn’t. So far it seems that Pull Request coming from forks are not processed only the one from branch coming from the same repository where the pull request is. ...

April 7, 2022

vtplug a very dumb and tiny zsh plugin manager

There is a lot of zsh plugin manager around : https://github.com/unixorn/awesome-zsh-plugins#frameworks They all allow you to add cool new features to your shell easily and for authors to easily share their plugin with users and frameworks. While a lot of people are probably using frameworks like oh-my-zsh which does everything for them with minimal setup. But since I have been using zsh since much before than those frameworks existed, I always ran my custom config. ...

March 18, 2022

Show plugins list to a CLI when using go’s cobra library

With the TektonCD CLI we have a system of “plugins”, it’s the same very simple CLI plugin system you have with git or kubectl, if you do a : kubectl blah foo --bar since kubectl knows it doesn’t have the blah command will try to go over the filesystem paths in your $PATH environment and sees if there is a binary called kubectl-blah and if it finds it will pass the arguments to the binary which effectively become : ...

March 18, 2022

Running tasks as non root on OpenShift Pipelines

Expanding on my previous blog post on getting buildah to run with user namespaces or as rootless. There is another important security topic to talk about is how to run everything on OpenShift Pipeline as non root and not just the buildah task. On OpenShift Pipelines we made the conscious decision to run all the TaskRuns and Pipelinerun by default under a custom ServiceAccount called pipelines. That’s it, unless overridden by the user in its pipelinerun or taskrun, it will use the pipelines ServiceAccount which has a few elevated privileges.. ...

March 7, 2022

User namespaces with Buildah and OpenShift Pipelines

In 2022 one of the hottest topic around CI is how to secure it every steps along the way. The so-called supply chain attacks have been more and more an attack vector for bad actor whereas providers need to make sure every piece of the Integration is secure. One area that was identified as something we can improve with Openshift and containers in general is when running as root on the container may expose the host and process in that container may be able to mingle with other resources. ...

January 25, 2022

For the love of centered windows gnome extension edition

Feels weird or great or stupid or pretty smart or whatever to be wrong. Just when I wrote that previous blog post : https://blog.chmouel.com/2021/11/14/for-the-love-of-centered-windows/ that I realize that shell script doesn’t work great on wayland. I didn’t really understood how Wayland works and just assumed that my tiny scripts just works. But experiencing not working on a native Wayland application and understanding how wayland works: https://wayland.freedesktop.org/docs/html/ch05.html it obviously needed a better way to do that if I have to keep up with the modern world of a linux desktop. ...

November 19, 2021

For the love of centered windows

Sometime over a 2020 confinement my work decided to give us some money to buy some work from home office items. I didn’t need much at that time since I was already settled with everything I needed in a work from home office but decided to go for a fancy new screen since well why not and the other one (a standard 24" display) could find some good use for my teenage gamer son. ...

November 14, 2021

How to Make a Release Pipeline with Pipelines as Code

One of the early goals of Pipelines as Code on Tekton was to ensure the project’s CI could run using itself. The common use case of validating pull requests was quickly implemented, and you can find more information about it in this walkthrough video: For slightly more advanced use cases, here is how we created a release pipeline for the project. ...

July 1, 2021

Speed up your tekton pipeline caching the hacky way

There is one thing that can get your wind up when you try to iterate quickly in a PR is to have a slow CI. While working on a go project with a comprehensive test suite it was usually taking over 20 to 30 minutes to run and being as patient as a kid waiting for her candy floss to be ready I am eagerly waiting that my pipeline is Green or not. ...

May 25, 2021

NextDNS + DNSMasq DHCP and local names

Took me a little bit a while to figure out so here is some documentation, My router from my ISP which is generally pretty good, doesn’t support local dns names which is annoying in itself. Combined with NextDNS, I have no way to identify the devices on my network. So there I went configured dnsmasq on my tiny raspbery-pi : port=5353 no-resolv interface=eth0 except-interface=lo listen-address=::1,192.168.0.3 no-dhcp-interface= bind-interfaces cache-size=10000 local-ttl=2 log-async log-queries bogus-priv server=192.168.0.3 add-mac add-subnet=32,128 This would have the dnsmasq service listening on 192.168.0.3:5353 and forward everything to 192.168.0.3. ...

April 19, 2021