diff --git a/cicd/tekton-pipelines/cluster-config/Chart.yaml b/cicd/tekton-pipelines/cluster-config/Chart.yaml new file mode 100644 index 0000000..2fd6255 --- /dev/null +++ b/cicd/tekton-pipelines/cluster-config/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: tekton-pipeline-cluster-config +description: A Helm chart for tekton pipeline + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/cicd/tekton-pipelines/tekton-yamls/cosign-verify.yaml b/cicd/tekton-pipelines/cluster-config/templates/cosign-verify.yaml similarity index 100% rename from cicd/tekton-pipelines/tekton-yamls/cosign-verify.yaml rename to cicd/tekton-pipelines/cluster-config/templates/cosign-verify.yaml diff --git a/cicd/tekton-pipelines/tekton-yamls/cosign.yaml b/cicd/tekton-pipelines/cluster-config/templates/cosign.yaml similarity index 100% rename from cicd/tekton-pipelines/tekton-yamls/cosign.yaml rename to cicd/tekton-pipelines/cluster-config/templates/cosign.yaml diff --git a/cicd/tekton-pipelines/tekton-yamls/gitclone.yaml b/cicd/tekton-pipelines/cluster-config/templates/gitclone.yaml similarity index 100% rename from cicd/tekton-pipelines/tekton-yamls/gitclone.yaml rename to cicd/tekton-pipelines/cluster-config/templates/gitclone.yaml diff --git a/cicd/tekton-pipelines/tekton-yamls/github-set-status.yaml b/cicd/tekton-pipelines/cluster-config/templates/github-set-status.yaml similarity index 100% rename from cicd/tekton-pipelines/tekton-yamls/github-set-status.yaml rename to cicd/tekton-pipelines/cluster-config/templates/github-set-status.yaml diff --git a/cicd/tekton-pipelines/tekton-yamls/gitlab-set-status.yaml b/cicd/tekton-pipelines/cluster-config/templates/gitlab-set-status.yaml similarity index 100% rename from cicd/tekton-pipelines/tekton-yamls/gitlab-set-status.yaml rename to cicd/tekton-pipelines/cluster-config/templates/gitlab-set-status.yaml diff --git a/cicd/tekton-pipelines/tekton-yamls/kaniko.yaml b/cicd/tekton-pipelines/cluster-config/templates/kaniko.yaml similarity index 99% rename from cicd/tekton-pipelines/tekton-yamls/kaniko.yaml rename to cicd/tekton-pipelines/cluster-config/templates/kaniko.yaml index fd98b05..357fcd6 100644 --- a/cicd/tekton-pipelines/tekton-yamls/kaniko.yaml +++ b/cicd/tekton-pipelines/cluster-config/templates/kaniko.yaml @@ -1,7 +1,7 @@ apiVersion: tekton.dev/v1beta1 kind: ClusterTask metadata: - name: kaniko-build + name: kaniko labels: app.kubernetes.io/version: "0.6" annotations: diff --git a/cicd/tekton/argocd-apps/templates/configs/configs.yaml b/cicd/tekton-pipelines/cluster-config/values.yaml similarity index 100% rename from cicd/tekton/argocd-apps/templates/configs/configs.yaml rename to cicd/tekton-pipelines/cluster-config/values.yaml diff --git a/cicd/tekton-pipelines/pipeline-template/Chart.yaml b/cicd/tekton-pipelines/pipeline-template/Chart.yaml new file mode 100644 index 0000000..cceb0e7 --- /dev/null +++ b/cicd/tekton-pipelines/pipeline-template/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: tekton-pipeline-namespace-config +description: A Helm chart for tekton pipeline + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/cicd/tekton-pipelines/pipeline-template/templates/eventlistener.yaml b/cicd/tekton-pipelines/pipeline-template/templates/eventlistener.yaml new file mode 100644 index 0000000..2096319 --- /dev/null +++ b/cicd/tekton-pipelines/pipeline-template/templates/eventlistener.yaml @@ -0,0 +1,93 @@ +apiVersion: triggers.tekton.dev/v1beta1 +kind: EventListener +metadata: + name: {{ $.Values.pipelineName }} + namespace: {{ $.Values.namespace }} +spec: + serviceAccountName: {{ $.Values.pipelineName }} + triggers: + - name: github-push-event + interceptors: + - ref: + name: "cel" + params: + - name: "filter" + value: > + ( + header.match('x-github-event', 'push') && (body.ref == 'refs/heads/main' || body.ref == 'refs/heads/master') + ) + - name: "overlays" + value: + - key: image_tag + expression: "\"latest\"" + - key: event + expression: "\"push\"" + bindings: + - name: revision + value: $(body.head_commit.id) + - name: repo-url + value: $(body.repository.clone_url) + - name: IMAGE + value: ghcr.io/$(body.repository.full_name) + - name: REPONAME + value: $(body.repository.full_name) + - ref: {{ $.Values.pipelineName }} + template: + ref: {{ $.Values.pipelineName }} + + - name: tag-event-github + interceptors: + - ref: + name: "cel" + params: + - name: "filter" + value: > + ( + header.match('x-github-event', 'create') && (body.ref == 'refs/heads/main' || body.ref == 'refs/heads/master' || body.ref_type == 'tag' ) + ) + - name: "overlays" + value: + - key: image_tag + expression: "body.ref" + - key: event + expression: "\"tag\"" + bindings: + - name: revision + value: $(body.master_branch) + - name: repo-url + value: $(body.repository.clone_url) + - name: REPONAME + value: $(body.repository.full_name) + - name: IMAGE + value: ghcr.io/$(body.repository.full_name) + - ref: trigger-binding + template: + ref: {{ $.Values.pipelineName }} + - name: pull-request-github + interceptors: + - ref: + name: "cel" + params: + - name: "filter" + value: > + ( + header.match('x-github-event', 'pull_request') && body.action in ['opened'] && (body.pull_request.base.ref == 'main' || body.pull_request.base.ref == 'master') + ) + - name: "overlays" + value: + - key: image_tag + expression: "['pr', string(body.pull_request.number)].join('-')" + - key: event + expression: "\"pull-request\"" + bindings: + - name: revision + value: $(body.pull_request.head.sha) + - name: repo-url + value: $(body.repository.clone_url) + - name: IMAGE + value: ghcr.io/$(body.repository.full_name) + - name: REPONAME + value: $(body.repository.full_name) + - ref: {{ $.Values.pipelineName }} + template: + ref: {{ $.Values.pipelineName }} \ No newline at end of file diff --git a/cicd/tekton-pipelines/pipeline-template/templates/ingress.yaml b/cicd/tekton-pipelines/pipeline-template/templates/ingress.yaml new file mode 100644 index 0000000..5a490b5 --- /dev/null +++ b/cicd/tekton-pipelines/pipeline-template/templates/ingress.yaml @@ -0,0 +1,20 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $.Values.pipelineName }} + namespace: {{ $.Values.namespace }} + annotations: + traefik.ingress.kubernetes.io/rewrite-target: / +spec: + ingressClassName: traefik + rules: + - host: "tekton.{{ $.Values.ingressDomainName }}" + http: + paths: + - path: "/{{ $.Values.pipelineName }}" + pathType: Prefix + backend: + service: + name: "el-{{ $.Values.pipelineName }}" + port: + number: 8080 diff --git a/cicd/tekton-pipelines/tekton-yamls/pipeline.yaml b/cicd/tekton-pipelines/pipeline-template/templates/pipeline.yaml similarity index 68% rename from cicd/tekton-pipelines/tekton-yamls/pipeline.yaml rename to cicd/tekton-pipelines/pipeline-template/templates/pipeline.yaml index 65d8f5d..1f6f5a9 100644 --- a/cicd/tekton-pipelines/tekton-yamls/pipeline.yaml +++ b/cicd/tekton-pipelines/pipeline-template/templates/pipeline.yaml @@ -1,7 +1,8 @@ apiVersion: tekton.dev/v1beta1 kind: Pipeline metadata: - name: github-tekton-ci + name: {{ $.Values.pipelineName }} + namespace: {{ $.Values.namespace }} spec: description: | This pipeline clones a git repo, then echoes the README file to the stout. @@ -39,9 +40,6 @@ spec: description: basic-auth - name: docker-credentials description: docker cred - - name: cosign - - name: dockerconfig - - name: cosign-pub tasks: - name: fetch-source taskRef: @@ -51,7 +49,6 @@ spec: - name: output workspace: shared-data - name: basic-auth -# - name: ssh-directory workspace: git-credentials params: - name: url @@ -62,7 +59,7 @@ spec: value: $(params.revision) - name: build taskRef: - name: kaniko-build + name: kaniko kind: ClusterTask runAfter: - fetch-source @@ -76,50 +73,6 @@ spec: value: $(params.pathToContext) - name: IMAGE value: $(params.imageUrl):$(params.imageTag) - - - name: cosign-sign - runAfter: ["build"] - taskRef: - name: cosign-sign - kind: ClusterTask - workspaces: - - name: source - workspace: shared-data - - name: dockerconfig - workspace: dockerconfig - - name: cosign - workspace: cosign - params: - - name: image - value: "$(params.imageUrl)@$(tasks.build.results.IMAGE_DIGEST)" - - name: eventname - value: "$(params.eventname)" - when: - - input: "$(params.eventname)" - operator: in - values: [ "push" , "tag" ,"release" ] - - name: cosign-image-verify - runAfter: ["cosign-sign"] - taskRef: - name: cosign-image-verify - kind: ClusterTask - workspaces: - - name: source - workspace: shared-data - - name: dockerconfig - workspace: dockerconfig - - name: cosign - workspace: cosign-pub - params: - - name: image - value: "$(params.imageUrl)@$(tasks.build.results.IMAGE_DIGEST)" - - name: eventname - value: "$(params.eventname)" - when: - - input: "$(params.eventname)" - operator: in - values: [ "push" , "tag" , "release" ] - finally: - name: github-set-status-fail when: @@ -137,13 +90,13 @@ spec: - name: "REPO_FULL_NAME" value: "$(params.reponame)" - name: "GITHUB_TOKEN_SECRET_NAME" - value: "git1" + value: "gitcred-{{ $.Values.pipelineName }}" - name: "GITHUB_TOKEN_SECRET_KEY" - value: "token" + value: "password" - name: "SHA" value: "$(params.revision)" - name: "TARGET_URL" - value: "http://localhost:8001/api/v1/namespaces/tekton-pipelines/services/tekton-dashboard:http/proxy/" + value: "http://tekton.{{ $.Values.ingressDomainName }}" #value: "dashboard.domain.app" - name: "CONTEXT" value: "tekton-pipeline" @@ -166,26 +119,15 @@ spec: - name: "REPO_FULL_NAME" value: "$(params.reponame)" - name: "GITHUB_TOKEN_SECRET_NAME" - value: "git1" + value: "gitcred-{{ $.Values.pipelineName }}" - name: "GITHUB_TOKEN_SECRET_KEY" - value: "token" + value: "password" - name: "SHA" value: "$(params.revision)" - name: "TARGET_URL" - value: "http://localhost:8001/api/v1/namespaces/tekton-pipelines/services/tekton-dashboard:http/proxy/" + value: "http://tekton.{{ $.Values.ingressDomainName }}" #value: "dashboard.domain.app" - name: "CONTEXT" value: "tekton-pipeline" - name: "DESCRIPTION" value: "Finished building your commit in Tekton" - - - - - - - - - - - diff --git a/cicd/tekton-pipelines/pipeline-template/templates/rbac.yaml b/cicd/tekton-pipelines/pipeline-template/templates/rbac.yaml new file mode 100644 index 0000000..4d51ea2 --- /dev/null +++ b/cicd/tekton-pipelines/pipeline-template/templates/rbac.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ $.Values.pipelineName }} + namespace: {{ $.Values.namespace }} +secrets: +{{- with .Values.secretName }} +{{- range . }} +- name: {{ .name}} +{{- end }} +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ $.Values.pipelineName }} +rules: +- apiGroups: ["triggers.tekton.dev"] + resources: ["*"] + verbs: ["get", "list", "watch" , "update" , "create"] +- apiGroups: ["tekton.dev"] + resources: ["*"] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ $.Values.pipelineName }} + namespace: {{ $.Values.namespace }} +subjects: +- kind: ServiceAccount + name: {{ $.Values.pipelineName }} + namespace: {{ $.Values.namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ $.Values.pipelineName }} \ No newline at end of file diff --git a/cicd/tekton-pipelines/pipeline-template/templates/triggers.yaml b/cicd/tekton-pipelines/pipeline-template/templates/triggers.yaml new file mode 100644 index 0000000..1621b90 --- /dev/null +++ b/cicd/tekton-pipelines/pipeline-template/templates/triggers.yaml @@ -0,0 +1,80 @@ +apiVersion: triggers.tekton.dev/v1beta1 +kind: TriggerBinding +metadata: + name: {{ $.Values.pipelineName }} + namespace: {{ $.Values.namespace }} +spec: + params: + - name: PLRNAME + value: github-proj-uuid-pr- + - name: IMAGETAG + value: $(extensions.image_tag) + - name: EVENT + value: $(extensions.event) + - name: rel-tag + value: $(extensions.image_tag) + +--- +apiVersion: triggers.tekton.dev/v1beta1 +kind: TriggerTemplate +metadata: + name: {{ $.Values.pipelineName }} + namespace: {{ $.Values.namespace }} +spec: + params: + - name: repo-url + description: repo url + - name: revision + description: sha,branch + - name: IMAGE + description: image name + - name: IMAGETAG + description: tag of img + - name: EVENT + description: event occured + - name: REPONAME + description: repo name + - name: rel-tag + description: release tag + resourcetemplates: + - apiVersion: tekton.dev/v1beta1 + kind: PipelineRun + metadata: + generateName: trigger-tekton-ci- + spec: + serviceAccountName: {{ $.Values.pipelineName }} + pipelineRef: + name: {{ $.Values.pipelineName }} + podTemplate: + securityContext: + fsGroup: 65532 + workspaces: + - name: shared-data + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 30Gi + - name: git-credentials + secret: + secretName: "gitcred-{{ $.Values.pipelineName }}" + - name: docker-credentials + secret: + secretName: "docker-credentials-{{ $.Values.pipelineName }}" + params: + - name: repo-url + value: $(tt.params.repo-url) + - name: revision + value: $(tt.params.revision) + - name: imageUrl + value: $(tt.params.IMAGE) + - name: imageTag + value: $(tt.params.IMAGETAG) + - name: eventname + value: $(tt.params.EVENT) + - name: reponame + value: $(tt.params.REPONAME) + - name: retag + value: $(tt.params.rel-tag) \ No newline at end of file diff --git a/cicd/tekton-pipelines/pipeline-template/values.yaml b/cicd/tekton-pipelines/pipeline-template/values.yaml new file mode 100644 index 0000000..76ffe09 --- /dev/null +++ b/cicd/tekton-pipelines/pipeline-template/values.yaml @@ -0,0 +1,3 @@ +pipelineName: "replace" +ingressDomainName: "azureagent.optimizor.app" +namespace: "tekton-pipelines" \ No newline at end of file diff --git a/cicd/tekton-pipelines/tekton-yamls/gitlab-pipeline.yaml b/cicd/tekton-pipelines/tekton-yamls/gitlab-pipeline.yaml deleted file mode 100644 index 503ad8b..0000000 --- a/cicd/tekton-pipelines/tekton-yamls/gitlab-pipeline.yaml +++ /dev/null @@ -1,189 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Pipeline -metadata: - name: gitlab-tekton-ci -spec: - description: | - This pipeline clones a git repo, then echoes the README file to the stout. - params: - - name: repo-url - type: string - description: The git repo URL to clone from. - - name: revision - type: string - - name: PARAM_SCM - description: Define the Source code Management URL - type: string - default: "gitlab.com" - - name: pathToContext - description: The path to the build context, used by Kaniko - within the workspace - default: . - - name: imageUrl - description: Image name including repository - - name: imageTag - description: Image tag - default: "latest" - - name: eventname - description: name of event happens - - name: reponame - description: repo name - - name: retag - description: rel tag - workspaces: - - name: shared-data - description: | - This workspace contains the cloned repo files, so they can be read by the - next task. - - name: git-credentials - description: basic-auth - - name: docker-credentials - description: docker cred - - name: cosign - - name: dockerconfig - - name: cosign-pub - tasks: - - name: fetch-source - taskRef: - name: git-clone - kind: ClusterTask - workspaces: - - name: output - workspace: shared-data - - name: basic-auth -# - name: ssh-directory - workspace: git-credentials - params: - - name: url - value: $(params.repo-url) - - name: PARAM_SCM - value: $(params.PARAM_SCM) - - name: revision - value: $(params.revision) - - name: build - taskRef: - name: kaniko-build - kind: ClusterTask - runAfter: - - fetch-source - workspaces: - - name: source - workspace: shared-data - - name: dockerconfig - workspace: docker-credentials - params: - - name: CONTEXT - value: $(params.pathToContext) - - name: IMAGE - value: $(params.imageUrl):$(params.imageTag) - - - name: cosign-sign - runAfter: ["build"] - taskRef: - name: cosign-sign - kind: ClusterTask - workspaces: - - name: source - workspace: shared-data - - name: dockerconfig - workspace: dockerconfig - - name: cosign - workspace: cosign - params: - - name: image - value: "$(params.imageUrl)@$(tasks.build.results.IMAGE_DIGEST)" - - name: eventname - value: "$(params.eventname)" - when: - - input: "$(params.eventname)" - operator: in - values: [ "push" , "tag" ,"release" ] - - name: cosign-image-verify - runAfter: ["cosign-sign"] - taskRef: - name: cosign-image-verify - kind: ClusterTask - workspaces: - - name: source - workspace: shared-data - - name: dockerconfig - workspace: dockerconfig - - name: cosign - workspace: cosign-pub - params: - - name: image - value: "$(params.imageUrl)@$(tasks.build.results.IMAGE_DIGEST)" - - name: eventname - value: "$(params.eventname)" - when: - - input: "$(params.eventname)" - operator: in - values: [ "push" , "tag" , "release" ] - - finally: - - name: gitlab-set-status-fail - when: - - input: $(tasks.status) - operator: in - values: [ "Failed", "None" ] - taskRef: - name: gitlab-set-status - kind: ClusterTask - params: - - name: "STATE" - value: "failed" - - name: "GITLAB_HOST_URL" - value: "api.gitlab.com" - - name: "REPO_FULL_NAME" - value: "$(params.reponame)" - - name: "GITLAB_TOKEN_SECRET_NAME" - value: "gitlab-token" - - name: "GITLAB_TOKEN_SECRET_KEY" - value: "token" - - name: "SHA" - value: "$(params.revision)" - - name: "TARGET_URL" - value: "http://localhost:8001/api/v1/namespaces/tekton-pipelines/services/tekton-dashboard:http/proxy/" - #value: "dashboard.domain.app" - - name: "CONTEXT" - value: "Building your MR" - - name: "DESCRIPTION" - value: "continuous-integration/tekton" - - - name: gitlab-set-status-success - when: - - input: $(tasks.status) - operator: in - values: [ "Succeeded", "Completed" ] - taskRef: - name: gitlab-set-status - kind: ClusterTask - params: - - name: "STATE" - value: "success" - - name: "GITLAB_HOST_URL" - value: "gitlab.com" - - name: "API_PATH_PREFIX" - value: "/api/v4" - - name: "REPO_FULL_NAME" - value: "$(params.reponame)" - - name: "GITLAB_TOKEN_SECRET_NAME" - value: "gitlab-token" - - name: "GITLAB_TOKEN_SECRET_KEY" - value: "token" - - name: "SHA" - value: "$(params.revision)" - - name: "TARGET_URL" - value: "http://localhost:8001/api/v1/namespaces/tekton-pipelines/services/tekton-dashboard:http/proxy/" - #value: "dashboard.domain.app" - - name: "CONTEXT" - value: "tekton-pipeline" - - name: "DESCRIPTION" - value: "Finished building your commit in Tekton" - - - - - - - - diff --git a/cicd/tekton-pipelines/tekton-yamls/ingress.yaml b/cicd/tekton-pipelines/tekton-yamls/ingress.yaml deleted file mode 100644 index 996f6c7..0000000 --- a/cicd/tekton-pipelines/tekton-yamls/ingress.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: tekton-webhook-route -spec: - entryPoints: - - web - - websecure - routes: - - kind: Rule - match: Host(`intelops.local`) - services: - - name: el-github-listener - port: 8080 - diff --git a/cicd/tekton-pipelines/tekton-yamls/rbac.yaml b/cicd/tekton-pipelines/tekton-yamls/rbac.yaml deleted file mode 100644 index 7dc62c9..0000000 --- a/cicd/tekton-pipelines/tekton-yamls/rbac.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: tekton-robot -secrets: -- name: gitcred -- name: ssh-key -- name: docker-credentials -- name: github-webhook-secret -- name: cosign-key -- name: cosign-pub -- name: cosign-docker-secret -- name: docker5 -- name: docker6 -- name: gitlab-token - - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: triggers-example-eventlistener-binding -subjects: -- kind: ServiceAccount - name: tekton-robot -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: tekton-triggers-eventlistener-roles ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: trigger-el-clusterbinding -subjects: -- kind: ServiceAccount - name: tekton-robot -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: tekton-triggers-eventlistener-clusterroles ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: tekton-robot-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: tekton-robot-role -subjects: -- kind: ServiceAccount - name: tekton-robot ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: tekton-robot-role -rules: -- apiGroups: ["triggers.tekton.dev"] - resources: ["clustertriggerbindings"] - verbs: ["get", "list", "watch" , "update" , "create"] - diff --git a/cicd/tekton-pipelines/tekton-yamls/triggers.yaml b/cicd/tekton-pipelines/tekton-yamls/triggers.yaml deleted file mode 100644 index 00d558a..0000000 --- a/cicd/tekton-pipelines/tekton-yamls/triggers.yaml +++ /dev/null @@ -1,368 +0,0 @@ -apiVersion: triggers.tekton.dev/v1beta1 -kind: EventListener -metadata: - name: github-listener -spec: - triggers: - - name: github-push-event - interceptors: - - ref: - name: "cel" - params: - - name: "filter" - value: > - ( - header.match('x-github-event', 'push') && (body.ref == 'refs/heads/main' || body.ref == 'refs/heads/master') - ) - - name: "overlays" - value: - - key: image_tag - expression: "\"latest\"" - - key: event - expression: "\"push\"" - - bindings: - - name: revision - value: $(body.head_commit.id) - - name: repo-url - value: $(body.repository.clone_url) - - name: IMAGE - value: ghcr.io/$(body.repository.full_name) - - name: REPONAME - value: $(body.repository.full_name) - - ref: trigger-binding - template: - ref: trigger-template-github - - - name: gitlab-push-event - interceptors: - - ref: - name: "cel" - params: - - name: "filter" - value: > - ( - header.match('X-Gitlab-Event', 'Push Hook') && (body.ref == 'refs/heads/main' || body.ref == 'refs/heads/master') - ) - - name: "overlays" - value: - - key: image_tag - expression: "\"latest\"" - - key: event - expression: "body.event_name" - - bindings: - - name: revision - value: $(body.checkout_sha) - - name: repo-url - value: $(body.repository.git_http_url) - - name: REPONAME - value: $(body.project.path_with_namespace) - - name: IMAGE - value: registry.gitlab.com/$(body.user_name)/$(body.project.name) - - ref: trigger-binding - template: - ref: trigger-template-gitlab - - - - name: tag-event-github - interceptors: - - ref: - name: "cel" - params: - - name: "filter" - value: > - ( - header.match('x-github-event', 'create') && (body.ref == 'refs/heads/main' || body.ref == 'refs/heads/master' || body.ref_type == 'tag' ) - ) - - name: "overlays" - value: - - key: image_tag - expression: "body.ref" - - key: event - expression: "\"tag\"" - bindings: - - name: revision - value: $(body.master_branch) - - name: repo-url - value: $(body.repository.clone_url) - - name: REPONAME - value: $(body.repository.full_name) - - name: IMAGE - value: ghcr.io/$(body.repository.full_name) - - ref: trigger-binding - template: - ref: trigger-template-github - - name: tag-event-gitlab - interceptors: - - ref: - name: "cel" - params: - - name: "filter" - value: > - ( - header.match('X-Gitlab-Event', 'Tag Push Hook') && (body.ref == 'refs/heads/main' || body.ref == 'refs/heads/master' || body.object_kind == 'tag_push' ) - ) - - name: "overlays" - value: - - key: image_tag - expression: "body.ref.split('/')[2]" - - key: event - expression: "\"tag\"" - bindings: - - name: revision - value: $(body.commits[0].id) - - name: repo-url - value: $(body.repository.git_http_url) - - name: REPONAME - value: $(body.project.path_with_namespace) - - name: IMAGE - value: registry.gitlab.com/$(body.user_name)/$(body.project.name) - - ref: trigger-binding - template: - ref: trigger-template-gitlab - - - name: pull-request-github - interceptors: - - ref: - name: "cel" - params: - - name: "filter" - value: > - ( - header.match('x-github-event', 'pull_request') && body.action in ['opened'] && (body.pull_request.base.ref == 'main' || body.pull_request.base.ref == 'master') - ) - - name: "overlays" - value: - - key: image_tag - expression: "['pr', string(body.pull_request.number)].join('-')" - - key: event - expression: "\"pull-request\"" - bindings: - - name: revision - value: $(body.pull_request.head.sha) - - name: repo-url - value: $(body.repository.clone_url) - - name: IMAGE - value: ghcr.io/$(body.repository.full_name) - - name: REPONAME - value: $(body.repository.full_name) - - ref: trigger-binding - template: - ref: trigger-template-github - - - name: merge-request-gitlab - interceptors: - - ref: - name: "cel" - params: - - name: "filter" - value: > - ( - header.match('X-Gitlab-Event', 'Merge Request Hook') && body.object_attributes.action in ['open'] && ( body.object_attributes.target_branch == 'main' || body.object_attributes.target_branch == 'master' ) - ) - - name: "overlays" - value: - - key: image_tag - expression: "['mr', string(body.object_attributes.iid)].join('-')" - - key: event - expression: "\"merge-request\"" - bindings: - - name: revision - value: $(body.object_attributes.last_commit.id) - - name: repo-url - value: $(body.project.http_url) - #- name: REPONAME - #value: $(body.user.name)/$(body.project.name) - - name: REPONAME - value: $(body.project.path_with_namespace) - - name: IMAGE - value: registry.gitlab.com/$(body.user.name)/$(body.project.name) - - ref: trigger-binding - template: - ref: trigger-template-gitlab - - resources: - kubernetesResource: - spec: - template: - spec: - serviceAccountName: tekton-robot - containers: - - resources: - requests: - memory: "64Mi" - cpu: "250m" - limits: - memory: "128Mi" - cpu: "500m" ---- -apiVersion: triggers.tekton.dev/v1beta1 -kind: TriggerBinding -metadata: - name: trigger-binding -spec: - params: - - name: PLRNAME - value: github-proj-uuid-pr- - - name: IMAGETAG - value: $(extensions.image_tag) - - name: EVENT - value: $(extensions.event) - - name: rel-tag - value: $(extensions.image_tag) - ---- -apiVersion: triggers.tekton.dev/v1beta1 -kind: TriggerTemplate -metadata: - name: trigger-template-github -spec: - params: - - name: repo-url - description: repo url - - name: revision - description: sha,branch - - name: IMAGE - description: image name - - name: IMAGETAG - description: tag of img - - name: EVENT - description: event occured - - name: REPONAME - description: repo name - - name: rel-tag - description: release tag - resourcetemplates: - - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - generateName: trigger-tekton-ci- - spec: - serviceAccountName: tekton-robot - pipelineRef: - name: github-tekton-ci - podTemplate: - securityContext: - fsGroup: 65532 - workspaces: - - name: shared-data - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 30Gi - - name: git-credentials - secret: - secretName: gitcred - - name: docker-credentials - secret: - secretName: docker-credentials #give the credential of the registry like ghcr,docker - - name: dockerconfig - secret: - secretName: cosign-docker-secret # If you need to provide dockerconfig - - name: cosign - secret: - secretName: cosign-key - - name: cosign-pub - secret: - secretName: cosign-pub - params: - - name: repo-url - value: $(tt.params.repo-url) - - name: revision - value: $(tt.params.revision) - - name: imageUrl - value: $(tt.params.IMAGE) - - name: imageTag - value: $(tt.params.IMAGETAG) - - name: eventname - value: $(tt.params.EVENT) - - name: reponame - value: $(tt.params.REPONAME) - - name: retag - value: $(tt.params.rel-tag) - ---- -apiVersion: triggers.tekton.dev/v1beta1 -kind: TriggerTemplate -metadata: - name: trigger-template-gitlab -spec: - params: - - name: repo-url - description: repo url - - name: revision - description: sha,branch - - name: IMAGE - description: image name - - name: IMAGETAG - description: tag of img - - name: EVENT - description: event occured - - name: REPONAME - description: repo name - - name: rel-tag - description: release tag - resourcetemplates: - - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - generateName: trigger-tekton-ci- - spec: - serviceAccountName: tekton-robot - pipelineRef: - name: gitlab-tekton-ci - podTemplate: - securityContext: - fsGroup: 65532 - workspaces: - - name: shared-data - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 30Gi - - name: git-credentials - secret: - secretName: gitlab - - name: docker-credentials - secret: - secretName: docker5 - - name: dockerconfig - secret: - secretName: cosign-docker-secret-gitlab # If you need to provide dockerconfig - - name: cosign - secret: - secretName: cosign-key - - name: cosign-pub - secret: - secretName: cosign-pub - - params: - - name: repo-url - value: $(tt.params.repo-url) - - name: revision - value: $(tt.params.revision) - - name: imageUrl - value: $(tt.params.IMAGE) - - name: imageTag - value: $(tt.params.IMAGETAG) - - name: eventname - value: $(tt.params.EVENT) - - name: reponame - value: $(tt.params.REPONAME) - - name: retag - value: $(tt.params.rel-tag) - - - - - - - - diff --git a/cicd/tekton/argocd-apps/Chart.yaml b/cicd/tekton/argocd-apps/Chart.yaml index 69270c8..5ae9ef9 100644 --- a/cicd/tekton/argocd-apps/Chart.yaml +++ b/cicd/tekton/argocd-apps/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -name: tekton-apps -description: A Helm chart for tekton apps +name: tekton-pipeline +description: A Helm chart for tekton pipeline # A chart can be either an 'application' or a 'library' chart. # diff --git a/cicd/tekton/argocd-apps/templates/pipelines/pipelines.yaml b/cicd/tekton/argocd-apps/templates/pipelines/pipelines.yaml index 3ceb2ed..a36720b 100644 --- a/cicd/tekton/argocd-apps/templates/pipelines/pipelines.yaml +++ b/cicd/tekton/argocd-apps/templates/pipelines/pipelines.yaml @@ -4,20 +4,22 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: {{ .name }} - namespace: {{ $.Release.Namespace }} + namespace: argo-cd spec: project: {{ $.Values.project }} source: repoURL: {{ $.Values.source.repoURL }} targetRevision: {{ $.Values.source.targetRevision }} - path: {{ .path}} + path: "{{ $.Values.tektonPath}}/{{ .name}}" + helm: + valueFiles: + - values.yaml destination: server: {{ $.Values.destination.server }} - namespace: {{ $.Values.destination.namespace }} + namespace: tekton-pipelines syncPolicy: automated: - prune: {{ $.Values.syncPolicy.automated.prune }} - selfHeal: {{ $.Values.syncPolicy.automated.selfHeal }} + prune: true --- {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/cicd/tekton/argocd-apps/templates/tekton-pipeline-cluster-config.yaml b/cicd/tekton/argocd-apps/templates/tekton-pipeline-cluster-config.yaml new file mode 100644 index 0000000..ab55630 --- /dev/null +++ b/cicd/tekton/argocd-apps/templates/tekton-pipeline-cluster-config.yaml @@ -0,0 +1,17 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: tekton-cluster-tasks + namespace: argo-cd +spec: + project: default + source: + repoURL: {{ $.Values.source.repoURL }} + targetRevision: main + path: cicd/tekton-pipelines/cluster-config + helm: + valueFiles: + - values.yaml + destination: + server: https://kubernetes.default.svc + namespace: argo-cd diff --git a/cicd/tekton/argocd-apps/values.yaml b/cicd/tekton/argocd-apps/values.yaml index 1a6f9d1..1c901c4 100644 --- a/cicd/tekton/argocd-apps/values.yaml +++ b/cicd/tekton/argocd-apps/values.yaml @@ -6,7 +6,6 @@ source: destination: server: https://kubernetes.default.svc - namespace: tekton syncPolicy: CreateNamespace: true @@ -14,6 +13,4 @@ syncPolicy: prune: false selfHeal: true -tektonPipelines: - - name: tekton-pipeline-dev-cluster - path: cicd/tekton-pipelines/tekton-yamls \ No newline at end of file +tektonPath: cicd/tekton-pipelines diff --git a/cicd/tekton/tekton-main-app.yaml b/cicd/tekton/tekton-main-app.yaml index cd0652c..eb7e00e 100644 --- a/cicd/tekton/tekton-main-app.yaml +++ b/cicd/tekton/tekton-main-app.yaml @@ -7,11 +7,14 @@ spec: project: default source: repoURL: https://github.com/intelops/capten-templates.git - targetRevision: HEAD + targetRevision: main path: cicd/tekton/argocd-apps helm: valueFiles: - values.yaml destination: server: https://kubernetes.default.svc - namespace: tekton-pipelines + namespace: argo-cd + syncPolicy: + automated: + prune: true