This topic tells you how to use Tanzu Supply Chain to create a workflow in Tanzu Platform for developing software.

Tanzu Supply Chain is a tool that provides a golden path to production for development teams. It enables developers to deliver software following team and organization standards.

Tanzu Supply Chain is currently in preview and is not intended for production use. It is intended for evaluation purposes only.

Before you begin

Before you can create a build workflow, you must have:

• Tanzu CLI v1.5.3 or later.

• The latest Tanzu plug-ins that have the workflow CLI plug-in v0.1.5 or later. Install the plug-in by running:

  tanzu plugin install --group vmware-tanzu/app-developer
  

Overview of steps

The following provides an overview of the steps to create a workflow:

1. Create a Space for your workflows.
2. Configure the egress point for your Space.
3. Create a build workflow in your Space.

Create a Space for your workflows

Tanzu Platform UI

To create a Space that allows you to create the BuildWorkflow and DeployWorkflow resources:

1. In the Tanzu Platform UI, go to Spaces > Overview.

2. Click Create Space > Step by Step.

3. Provide a name and description for the Space.

4. In the Profiles section, select the common.supply-chains.tanzu.vmware.com Profile.

   

5. Select an Availability Target that has a cluster with the required Capabilities for the Profile.

   Ensure that you select only one replica. Providing multiple replicas has unnecessary consequences when you create a workflow.

6. Click Create Space.

Tanzu CLI

To create a Space that allows you to create the BuildWorkflow and DeployWorkflow resources:

1. Create a Space using the Tanzu CLI by running:

   tanzu space create SPACE-NAME --profile common.supply-chains.tanzu.vmware.com --availability-target AVAILABILITY-TARGET -y
   

   Where:

   • SPACE-NAME is the name you want for your Space.
   • AVAILABILITY-TARGET is the Availability Target you want to use that has a cluster with the required Capabilities for the Profile.

   For example:

   $ tanzu space create sc-workflows-space \
       --profile common.supply-chains.tanzu.vmware.com \
       --availability-target sc-preview-at -y
   
   Creating space:
       1 + |---
       2 + |apiVersion: spaces.tanzu.vmware.com/v1alpha1
       3 + |kind: Space
   
       ...
   
   Successfully created space sc-workflows-space
   

2. Confirm your Space is available and healthy by running:

   tanzu space list
   

Configure the egress point for the Space

1. In the Tanzu Platform UI, go to your Spaces > Overview > YOUR-SPACE > Egress.
2. Click Create Egress Point.
3. Give your egress point a name, for example, supply-chain-egress.

4. Under Target info, add the following three targets:

   	Host	Port	Protocol
   Target 1	*.tanzu.broadcom.com	443	HTTPS
   Target 2	github.com	443	HTTPS (for fetching the Git source repo)
   Target 3	api.github.com	443	HTTPS (for creating PRs in the GitOps repo)

Create a build workflow in your Space

The Tanzu Provided Build Supply chain Capability allows users to create a build workflow in a Space that does the following:

1. Fetches the application source code from a Git repository.
2. Fetches the GitOps repository for an organization or team.
3. Runs on-platform tanzu build on the application source code.
4. Runs tanzu promote on the build output, and promotes the built app to the Space specified in the build workflow.
5. Creates a pull request to the GitOps repository from the output of the tanzu promote command.

Creating a build workflow for your application sets up continuous integration for your application.

Procedure

To create a build workflow in your Space:

1. Create a directory to store all the generated manifests for your Space in one place, for example:

   mkdir -p workflows
   cd workflows
   

2. Navigate to the Space with the common supply chain Profile by running:

   tanzu project use YOUR-PROJECT
   tanzu space use YOUR-SPACE
   

3. View the workflow types that are available in your Space by running:

   tanzu workflow type list
   

   Example output:

   Listing workflow types from the my-space space
   
     TYPE            DESCRIPTION
     BuildWorkflow   Workflow that pulls source from a Git Repository, Run tanzu build, promote on
                     it, and store the output in GitOps repo.
     DeployWorkflow  Workflow that pulls and deploys the GitOps repo on Tanzu Platform.
   
   🔎 To see a API specification for a workflow, use tanzu workflow type doc [type].
   

   The Space in this example is set up to create the build workflow among others. Supply chain authors are encouraged to create components with detailed descriptions of each item in the workflow that a user can provide. This is used by the tanzu workflow type command, which generates a scaffold of the build workflow object. The Tanzu CLI also shows a hint about the next command to use in the process.

4. Generate the workflow scaffold for the provided type by running:

   tanzu workflow type doc BuildWorkflow
   

   Example output:

   apiVersion: supply-chains.tanzu.vmware.com/v1alpha1
   kind: BuildWorkflow
   ...
   

   The tanzu workflow type doc command generates the workflow scaffold for the provided type. You can get the specification and documentation about the workflow using the Tanzu CLI without visiting external sources for documentation about the supported fields. Because this documentation is generated for the version of the supply chain that is installed in the specified Space, you also get versioned documentation by design.

5. You can pipe the output of the tanzu workflow type doc command into a file to create the workflow manifest. Ensure that you save this file in the directory you created earlier.

   By default, the tanzu workflow type doc command only generates the required fields in the workflow and not the whole specification. To generate the full specification, use the --full flag in the command while piping as follows:

   tanzu workflow type doc BuildWorkflow --full > build-workflow.yaml
   

6. As you go through the generated workflow, the build workflow requires secrets to be present in the Space for the Git repository and GitOps repository operations.

   1. Retrieve the shape of the secret from the output of the tanzu workflow type doc command.
   2. Create secrets for the Git repository and GitOps repository operations in the directory that you created earlier.

   3. Reference the name of the created secrets in the workflow YAML file in the spec.source.git.credential.secretRef and spec.gitops.git.credentials.secretRef fields.

      The following is an example build workflow YAML file:

      apiVersion: supply-chains.tanzu.vmware.com/v1alpha1
      kind: BuildWorkflow
      metadata:
        name: "wfd-dev-crawler"
      spec:
        #! Tanzu Build configuration options.
        build:
          appName: "crawler-python"
          from: "where-for-dinner"
        #! Platform GitOps Git repository configuration.
        gitops:
          git:
            credentials:
              secretRef: "gitops-creds"
            ref: "main"
            url: "https://github.com/org/tanzu-platform-gitops.git"
        #! Tanzu Promote configuration options.
        promote:
          to: "dev-space-a"
        pr:
          baseBranch: "main"
        #! Application source code Git repository configuration.
        source:
          git:
            credentials:
              secretRef: "git-creds"
            ref: "main"
            url: "https://github.com/vmware-tanzu/tanzu-build-samples.git"
      

7. Ensure that the secrets gitops-creds and git-creds referred to in the workflow are in the same directory as your workflow YAML file.

   ls -l
   ..
   -rw-r--r--  1 user  staff  5230 Jan 11 21:11 build-workflow.yaml
   -rw-r--r--  1 user  staff   248 Jan  4 11:49 git-creds.yaml
   -rw-r--r--  1 user  staff   143 Jan  4 11:50 gitops-creds.yaml
   

8. Deploy the build workflow to the Space by running:

   tanzu deploy --only . -y
   

To view the progress and logs for your workflow, see View workflow details and logs.