Support Service Account in the PipelineRef

[chanwit]

Problem: A pipeline run requires a specific service account to access some services, like Quay.io. The current Repository CRD does not allow to do so.

This PR implements a way to specify a service account's name for the pipelineRef in Repository.

Here's an example of using serviceAccountName in a Repository:

apiVersion: polling.tekton.dev/v1alpha1
kind: Repository
metadata:
  name: polling-repository
spec:
  url: https://github.com/chanwit/podinfo.git
  ref: master
  type: github
  frequency: 30s
  auth:
    secretRef:
      name: github-token
    key: token
  pipelineRef:
    name: build-podinfo-pipeline
    serviceAccountName: demo-service-account
    params:
    - name: imageTag
      expression: commit.sha
    resources:
    - name: app-git
      resourceSpec:
        type: git
        params:
        - name: revision
          value: $(params.imageTag)
        - name: url
          value: git@github.com:chanwit/podinfo.git # access via ssh
    - name: app-image
      resourceSpec:
        type: image
        params:
          - name: url
            value: quay.io/chanwit/podinfo

[bigkevmcd]

@chanwit Thanks for the contribution, I'll take a look, and I'd like to get this landed.

[bigkevmcd]

I'll get a new release with this change out.

I am working to replace the current PipelineRef mechanism with a TriggerTemplates and TriggerBindings implementation, and it's meant replacing the pipeline creation mechanism, but it's not yet complete.

This would change the requirements around service accounts for pipelines.

[chanwit]

Thank you very much Kevin.

I'm also working on a patch to scan tags and match them with the latest commit. Wdyt about this feature?

[bigkevmcd]

@chanwit It sounds interesting, can you explain a bit more?

Would this find the tag for a commit somehow, something similar to https://github.com/bigkevmcd/gitimages/blob/master/cmd/gitimages/labels.go and https://github.com/bigkevmcd/gitimages/blob/master/cmd/gitimages/tags.go ?

[chanwit]

Same idea, but it's a slightly different implementation. My code is working only for GitHub via its API:

https://github.com/chanwit/tekton-polling-operator/commit/23a9dc8ac99d8d3f1fbb4d08d052210ad94c75e7#diff-cc4b1facf5bfe1c9872e0b56965d1aaf6e287dacad891fe360252f1712ab5f41R88

[bigkevmcd]

Hi @chanwit sorry for taking so long to get back to this, I've been relaxing over the mid-winter break :-)

If I'm understanding the code correctly, the basic idea is that you want to track a tag, and trigger a pipelinerun when the ref for the tag changes?

This sounds like a pretty good addition, if you want some review advice on the current implementation, I'm happy to give you some pointers.

[chanwit]

that's correct. I've been testing it during holidays and it seems to work great for my use cases.

will make a PR for you to review :-)