From 874b62e26278d7b5fd2751dcfec3f6d10edaf47f Mon Sep 17 00:00:00 2001 From: indresh-28 Date: Fri, 22 Dec 2023 14:56:48 +0530 Subject: [PATCH 01/11] Alter the folder for tekton pipelines --- .../cluster-config/Chart.yaml | 24 ++ .../templates}/cosign-verify.yaml | 0 .../templates}/cosign.yaml | 0 .../templates}/gitclone.yaml | 0 .../templates}/github-set-status.yaml | 0 .../templates}/gitlab-set-status.yaml | 0 .../templates}/kaniko.yaml | 2 +- .../cluster-config/values.yaml} | 0 .../pipeline-template/Chart.yaml | 24 ++ .../templates/eventlistener.yaml | 93 +++++ .../pipeline-template/templates/ingress.yaml | 20 + .../templates}/pipeline.yaml | 72 +--- .../pipeline-template/templates/rbac.yaml | 37 ++ .../pipeline-template/templates/triggers.yaml | 80 ++++ .../pipeline-template/values.yaml | 4 + .../tekton-yamls/gitlab-pipeline.yaml | 189 --------- .../tekton-yamls/ingress.yaml | 15 - cicd/tekton-pipelines/tekton-yamls/rbac.yaml | 63 --- .../tekton-yamls/triggers.yaml | 368 ------------------ cicd/tekton/argocd-apps/Chart.yaml | 4 +- .../templates/pipelines/pipelines.yaml | 15 +- .../tekton-pipeline-cluster-config.yaml | 17 + cicd/tekton/argocd-apps/values.yaml | 7 +- cicd/tekton/tekton-main-app.yaml | 6 +- 24 files changed, 321 insertions(+), 719 deletions(-) create mode 100644 cicd/tekton-pipelines/cluster-config/Chart.yaml rename cicd/tekton-pipelines/{tekton-yamls => cluster-config/templates}/cosign-verify.yaml (100%) rename cicd/tekton-pipelines/{tekton-yamls => cluster-config/templates}/cosign.yaml (100%) rename cicd/tekton-pipelines/{tekton-yamls => cluster-config/templates}/gitclone.yaml (100%) rename cicd/tekton-pipelines/{tekton-yamls => cluster-config/templates}/github-set-status.yaml (100%) rename cicd/tekton-pipelines/{tekton-yamls => cluster-config/templates}/gitlab-set-status.yaml (100%) rename cicd/tekton-pipelines/{tekton-yamls => cluster-config/templates}/kaniko.yaml (99%) rename cicd/{tekton/argocd-apps/templates/configs/configs.yaml => tekton-pipelines/cluster-config/values.yaml} (100%) create mode 100644 cicd/tekton-pipelines/pipeline-template/Chart.yaml create mode 100644 cicd/tekton-pipelines/pipeline-template/templates/eventlistener.yaml create mode 100644 cicd/tekton-pipelines/pipeline-template/templates/ingress.yaml rename cicd/tekton-pipelines/{tekton-yamls => pipeline-template/templates}/pipeline.yaml (68%) create mode 100644 cicd/tekton-pipelines/pipeline-template/templates/rbac.yaml create mode 100644 cicd/tekton-pipelines/pipeline-template/templates/triggers.yaml create mode 100644 cicd/tekton-pipelines/pipeline-template/values.yaml delete mode 100644 cicd/tekton-pipelines/tekton-yamls/gitlab-pipeline.yaml delete mode 100644 cicd/tekton-pipelines/tekton-yamls/ingress.yaml delete mode 100644 cicd/tekton-pipelines/tekton-yamls/rbac.yaml delete mode 100644 cicd/tekton-pipelines/tekton-yamls/triggers.yaml create mode 100644 cicd/tekton/argocd-apps/templates/tekton-pipeline-cluster-config.yaml diff --git a/cicd/tekton-pipelines/cluster-config/Chart.yaml b/cicd/tekton-pipelines/cluster-config/Chart.yaml new file mode 100644 index 0000000..2fd6255 --- /dev/null +++ b/cicd/tekton-pipelines/cluster-config/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: tekton-pipeline-cluster-config +description: A Helm chart for tekton pipeline + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/cicd/tekton-pipelines/tekton-yamls/cosign-verify.yaml b/cicd/tekton-pipelines/cluster-config/templates/cosign-verify.yaml similarity index 100% rename from cicd/tekton-pipelines/tekton-yamls/cosign-verify.yaml rename to cicd/tekton-pipelines/cluster-config/templates/cosign-verify.yaml diff --git a/cicd/tekton-pipelines/tekton-yamls/cosign.yaml b/cicd/tekton-pipelines/cluster-config/templates/cosign.yaml similarity index 100% rename from cicd/tekton-pipelines/tekton-yamls/cosign.yaml rename to cicd/tekton-pipelines/cluster-config/templates/cosign.yaml diff --git a/cicd/tekton-pipelines/tekton-yamls/gitclone.yaml b/cicd/tekton-pipelines/cluster-config/templates/gitclone.yaml similarity index 100% rename from cicd/tekton-pipelines/tekton-yamls/gitclone.yaml rename to cicd/tekton-pipelines/cluster-config/templates/gitclone.yaml diff --git a/cicd/tekton-pipelines/tekton-yamls/github-set-status.yaml b/cicd/tekton-pipelines/cluster-config/templates/github-set-status.yaml similarity index 100% rename from cicd/tekton-pipelines/tekton-yamls/github-set-status.yaml rename to cicd/tekton-pipelines/cluster-config/templates/github-set-status.yaml diff --git a/cicd/tekton-pipelines/tekton-yamls/gitlab-set-status.yaml b/cicd/tekton-pipelines/cluster-config/templates/gitlab-set-status.yaml similarity index 100% rename from cicd/tekton-pipelines/tekton-yamls/gitlab-set-status.yaml rename to cicd/tekton-pipelines/cluster-config/templates/gitlab-set-status.yaml diff --git a/cicd/tekton-pipelines/tekton-yamls/kaniko.yaml b/cicd/tekton-pipelines/cluster-config/templates/kaniko.yaml similarity index 99% rename from cicd/tekton-pipelines/tekton-yamls/kaniko.yaml rename to cicd/tekton-pipelines/cluster-config/templates/kaniko.yaml index 78ab799..6963f49 100644 --- a/cicd/tekton-pipelines/tekton-yamls/kaniko.yaml +++ b/cicd/tekton-pipelines/cluster-config/templates/kaniko.yaml @@ -1,5 +1,5 @@ apiVersion: tekton.dev/v1beta1 -kind: Task +kind: ClusterTask metadata: name: kaniko labels: diff --git a/cicd/tekton/argocd-apps/templates/configs/configs.yaml b/cicd/tekton-pipelines/cluster-config/values.yaml similarity index 100% rename from cicd/tekton/argocd-apps/templates/configs/configs.yaml rename to cicd/tekton-pipelines/cluster-config/values.yaml diff --git a/cicd/tekton-pipelines/pipeline-template/Chart.yaml b/cicd/tekton-pipelines/pipeline-template/Chart.yaml new file mode 100644 index 0000000..cceb0e7 --- /dev/null +++ b/cicd/tekton-pipelines/pipeline-template/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: tekton-pipeline-namespace-config +description: A Helm chart for tekton pipeline + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/cicd/tekton-pipelines/pipeline-template/templates/eventlistener.yaml b/cicd/tekton-pipelines/pipeline-template/templates/eventlistener.yaml new file mode 100644 index 0000000..2096319 --- /dev/null +++ b/cicd/tekton-pipelines/pipeline-template/templates/eventlistener.yaml @@ -0,0 +1,93 @@ +apiVersion: triggers.tekton.dev/v1beta1 +kind: EventListener +metadata: + name: {{ $.Values.pipelineName }} + namespace: {{ $.Values.namespace }} +spec: + serviceAccountName: {{ $.Values.pipelineName }} + triggers: + - name: github-push-event + interceptors: + - ref: + name: "cel" + params: + - name: "filter" + value: > + ( + header.match('x-github-event', 'push') && (body.ref == 'refs/heads/main' || body.ref == 'refs/heads/master') + ) + - name: "overlays" + value: + - key: image_tag + expression: "\"latest\"" + - key: event + expression: "\"push\"" + bindings: + - name: revision + value: $(body.head_commit.id) + - name: repo-url + value: $(body.repository.clone_url) + - name: IMAGE + value: ghcr.io/$(body.repository.full_name) + - name: REPONAME + value: $(body.repository.full_name) + - ref: {{ $.Values.pipelineName }} + template: + ref: {{ $.Values.pipelineName }} + + - name: tag-event-github + interceptors: + - ref: + name: "cel" + params: + - name: "filter" + value: > + ( + header.match('x-github-event', 'create') && (body.ref == 'refs/heads/main' || body.ref == 'refs/heads/master' || body.ref_type == 'tag' ) + ) + - name: "overlays" + value: + - key: image_tag + expression: "body.ref" + - key: event + expression: "\"tag\"" + bindings: + - name: revision + value: $(body.master_branch) + - name: repo-url + value: $(body.repository.clone_url) + - name: REPONAME + value: $(body.repository.full_name) + - name: IMAGE + value: ghcr.io/$(body.repository.full_name) + - ref: trigger-binding + template: + ref: {{ $.Values.pipelineName }} + - name: pull-request-github + interceptors: + - ref: + name: "cel" + params: + - name: "filter" + value: > + ( + header.match('x-github-event', 'pull_request') && body.action in ['opened'] && (body.pull_request.base.ref == 'main' || body.pull_request.base.ref == 'master') + ) + - name: "overlays" + value: + - key: image_tag + expression: "['pr', string(body.pull_request.number)].join('-')" + - key: event + expression: "\"pull-request\"" + bindings: + - name: revision + value: $(body.pull_request.head.sha) + - name: repo-url + value: $(body.repository.clone_url) + - name: IMAGE + value: ghcr.io/$(body.repository.full_name) + - name: REPONAME + value: $(body.repository.full_name) + - ref: {{ $.Values.pipelineName }} + template: + ref: {{ $.Values.pipelineName }} \ No newline at end of file diff --git a/cicd/tekton-pipelines/pipeline-template/templates/ingress.yaml b/cicd/tekton-pipelines/pipeline-template/templates/ingress.yaml new file mode 100644 index 0000000..c4da378 --- /dev/null +++ b/cicd/tekton-pipelines/pipeline-template/templates/ingress.yaml @@ -0,0 +1,20 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $.Values.pipelineName }} + namespace: {{ $.Values.namespace }} + annotations: + traefik.ingress.kubernetes.io/rewrite-target: / +spec: + ingressClassName: traefik + rules: + - host: {{ $.Values.ingressDomainName }} + http: + paths: + - path: "/{{ $.Values.pipelineName }}" + pathType: Prefix + backend: + service: + name: "el-{{ $.Values.pipelineName }}" + port: + number: 8080 diff --git a/cicd/tekton-pipelines/tekton-yamls/pipeline.yaml b/cicd/tekton-pipelines/pipeline-template/templates/pipeline.yaml similarity index 68% rename from cicd/tekton-pipelines/tekton-yamls/pipeline.yaml rename to cicd/tekton-pipelines/pipeline-template/templates/pipeline.yaml index 049941b..1d45dc9 100644 --- a/cicd/tekton-pipelines/tekton-yamls/pipeline.yaml +++ b/cicd/tekton-pipelines/pipeline-template/templates/pipeline.yaml @@ -1,7 +1,8 @@ apiVersion: tekton.dev/v1beta1 kind: Pipeline metadata: - name: github-tekton-ci + name: {{ $.Values.pipelineName }} + namespace: {{ $.Values.namespace }} spec: description: | This pipeline clones a git repo, then echoes the README file to the stout. @@ -39,9 +40,6 @@ spec: description: basic-auth - name: docker-credentials description: docker cred - - name: cosign - - name: dockerconfig - - name: cosign-pub tasks: - name: fetch-source taskRef: @@ -51,7 +49,6 @@ spec: - name: output workspace: shared-data - name: basic-auth -# - name: ssh-directory workspace: git-credentials params: - name: url @@ -76,50 +73,6 @@ spec: value: $(params.pathToContext) - name: IMAGE value: $(params.imageUrl):$(params.imageTag) - - - name: cosign-sign - runAfter: ["build"] - taskRef: - name: cosign-sign - kind: ClusterTask - workspaces: - - name: source - workspace: shared-data - - name: dockerconfig - workspace: dockerconfig - - name: cosign - workspace: cosign - params: - - name: image - value: "$(params.imageUrl)@$(tasks.build.results.IMAGE_DIGEST)" - - name: eventname - value: "$(params.eventname)" - when: - - input: "$(params.eventname)" - operator: in - values: [ "push" , "tag" ,"release" ] - - name: cosign-image-verify - runAfter: ["cosign-sign"] - taskRef: - name: cosign-image-verify - kind: ClusterTask - workspaces: - - name: source - workspace: shared-data - - name: dockerconfig - workspace: dockerconfig - - name: cosign - workspace: cosign-pub - params: - - name: image - value: "$(params.imageUrl)@$(tasks.build.results.IMAGE_DIGEST)" - - name: eventname - value: "$(params.eventname)" - when: - - input: "$(params.eventname)" - operator: in - values: [ "push" , "tag" , "release" ] - finally: - name: github-set-status-fail when: @@ -137,13 +90,13 @@ spec: - name: "REPO_FULL_NAME" value: "$(params.reponame)" - name: "GITHUB_TOKEN_SECRET_NAME" - value: "git1" + value: "gitcred" - name: "GITHUB_TOKEN_SECRET_KEY" value: "token" - name: "SHA" value: "$(params.revision)" - name: "TARGET_URL" - value: "http://localhost:8001/api/v1/namespaces/tekton-pipelines/services/tekton-dashboard:http/proxy/" + value: {{ $.Values.tektonDashboard }} #value: "dashboard.domain.app" - name: "CONTEXT" value: "tekton-pipeline" @@ -166,26 +119,15 @@ spec: - name: "REPO_FULL_NAME" value: "$(params.reponame)" - name: "GITHUB_TOKEN_SECRET_NAME" - value: "git1" + value: "gitcred" - name: "GITHUB_TOKEN_SECRET_KEY" value: "token" - name: "SHA" value: "$(params.revision)" - name: "TARGET_URL" - value: "http://localhost:8001/api/v1/namespaces/tekton-pipelines/services/tekton-dashboard:http/proxy/" + value: {{ $.Values.tektonDashboard }} #value: "dashboard.domain.app" - name: "CONTEXT" value: "tekton-pipeline" - name: "DESCRIPTION" - value: "Finished building your commit in Tekton" - - - - - - - - - - - + value: "Finished building your commit in Tekton" \ No newline at end of file diff --git a/cicd/tekton-pipelines/pipeline-template/templates/rbac.yaml b/cicd/tekton-pipelines/pipeline-template/templates/rbac.yaml new file mode 100644 index 0000000..4d51ea2 --- /dev/null +++ b/cicd/tekton-pipelines/pipeline-template/templates/rbac.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ $.Values.pipelineName }} + namespace: {{ $.Values.namespace }} +secrets: +{{- with .Values.secretName }} +{{- range . }} +- name: {{ .name}} +{{- end }} +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ $.Values.pipelineName }} +rules: +- apiGroups: ["triggers.tekton.dev"] + resources: ["*"] + verbs: ["get", "list", "watch" , "update" , "create"] +- apiGroups: ["tekton.dev"] + resources: ["*"] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ $.Values.pipelineName }} + namespace: {{ $.Values.namespace }} +subjects: +- kind: ServiceAccount + name: {{ $.Values.pipelineName }} + namespace: {{ $.Values.namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ $.Values.pipelineName }} \ No newline at end of file diff --git a/cicd/tekton-pipelines/pipeline-template/templates/triggers.yaml b/cicd/tekton-pipelines/pipeline-template/templates/triggers.yaml new file mode 100644 index 0000000..1621b90 --- /dev/null +++ b/cicd/tekton-pipelines/pipeline-template/templates/triggers.yaml @@ -0,0 +1,80 @@ +apiVersion: triggers.tekton.dev/v1beta1 +kind: TriggerBinding +metadata: + name: {{ $.Values.pipelineName }} + namespace: {{ $.Values.namespace }} +spec: + params: + - name: PLRNAME + value: github-proj-uuid-pr- + - name: IMAGETAG + value: $(extensions.image_tag) + - name: EVENT + value: $(extensions.event) + - name: rel-tag + value: $(extensions.image_tag) + +--- +apiVersion: triggers.tekton.dev/v1beta1 +kind: TriggerTemplate +metadata: + name: {{ $.Values.pipelineName }} + namespace: {{ $.Values.namespace }} +spec: + params: + - name: repo-url + description: repo url + - name: revision + description: sha,branch + - name: IMAGE + description: image name + - name: IMAGETAG + description: tag of img + - name: EVENT + description: event occured + - name: REPONAME + description: repo name + - name: rel-tag + description: release tag + resourcetemplates: + - apiVersion: tekton.dev/v1beta1 + kind: PipelineRun + metadata: + generateName: trigger-tekton-ci- + spec: + serviceAccountName: {{ $.Values.pipelineName }} + pipelineRef: + name: {{ $.Values.pipelineName }} + podTemplate: + securityContext: + fsGroup: 65532 + workspaces: + - name: shared-data + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 30Gi + - name: git-credentials + secret: + secretName: "gitcred-{{ $.Values.pipelineName }}" + - name: docker-credentials + secret: + secretName: "docker-credentials-{{ $.Values.pipelineName }}" + params: + - name: repo-url + value: $(tt.params.repo-url) + - name: revision + value: $(tt.params.revision) + - name: imageUrl + value: $(tt.params.IMAGE) + - name: imageTag + value: $(tt.params.IMAGETAG) + - name: eventname + value: $(tt.params.EVENT) + - name: reponame + value: $(tt.params.REPONAME) + - name: retag + value: $(tt.params.rel-tag) \ No newline at end of file diff --git a/cicd/tekton-pipelines/pipeline-template/values.yaml b/cicd/tekton-pipelines/pipeline-template/values.yaml new file mode 100644 index 0000000..9b60b71 --- /dev/null +++ b/cicd/tekton-pipelines/pipeline-template/values.yaml @@ -0,0 +1,4 @@ +pipelineName: "replace" +ingressDomainName: "tekton.azureagent.optimizor.app" +tektonDashboard: "replace" +namespace: "tekton-pipelines" \ No newline at end of file diff --git a/cicd/tekton-pipelines/tekton-yamls/gitlab-pipeline.yaml b/cicd/tekton-pipelines/tekton-yamls/gitlab-pipeline.yaml deleted file mode 100644 index 503ad8b..0000000 --- a/cicd/tekton-pipelines/tekton-yamls/gitlab-pipeline.yaml +++ /dev/null @@ -1,189 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Pipeline -metadata: - name: gitlab-tekton-ci -spec: - description: | - This pipeline clones a git repo, then echoes the README file to the stout. - params: - - name: repo-url - type: string - description: The git repo URL to clone from. - - name: revision - type: string - - name: PARAM_SCM - description: Define the Source code Management URL - type: string - default: "gitlab.com" - - name: pathToContext - description: The path to the build context, used by Kaniko - within the workspace - default: . - - name: imageUrl - description: Image name including repository - - name: imageTag - description: Image tag - default: "latest" - - name: eventname - description: name of event happens - - name: reponame - description: repo name - - name: retag - description: rel tag - workspaces: - - name: shared-data - description: | - This workspace contains the cloned repo files, so they can be read by the - next task. - - name: git-credentials - description: basic-auth - - name: docker-credentials - description: docker cred - - name: cosign - - name: dockerconfig - - name: cosign-pub - tasks: - - name: fetch-source - taskRef: - name: git-clone - kind: ClusterTask - workspaces: - - name: output - workspace: shared-data - - name: basic-auth -# - name: ssh-directory - workspace: git-credentials - params: - - name: url - value: $(params.repo-url) - - name: PARAM_SCM - value: $(params.PARAM_SCM) - - name: revision - value: $(params.revision) - - name: build - taskRef: - name: kaniko-build - kind: ClusterTask - runAfter: - - fetch-source - workspaces: - - name: source - workspace: shared-data - - name: dockerconfig - workspace: docker-credentials - params: - - name: CONTEXT - value: $(params.pathToContext) - - name: IMAGE - value: $(params.imageUrl):$(params.imageTag) - - - name: cosign-sign - runAfter: ["build"] - taskRef: - name: cosign-sign - kind: ClusterTask - workspaces: - - name: source - workspace: shared-data - - name: dockerconfig - workspace: dockerconfig - - name: cosign - workspace: cosign - params: - - name: image - value: "$(params.imageUrl)@$(tasks.build.results.IMAGE_DIGEST)" - - name: eventname - value: "$(params.eventname)" - when: - - input: "$(params.eventname)" - operator: in - values: [ "push" , "tag" ,"release" ] - - name: cosign-image-verify - runAfter: ["cosign-sign"] - taskRef: - name: cosign-image-verify - kind: ClusterTask - workspaces: - - name: source - workspace: shared-data - - name: dockerconfig - workspace: dockerconfig - - name: cosign - workspace: cosign-pub - params: - - name: image - value: "$(params.imageUrl)@$(tasks.build.results.IMAGE_DIGEST)" - - name: eventname - value: "$(params.eventname)" - when: - - input: "$(params.eventname)" - operator: in - values: [ "push" , "tag" , "release" ] - - finally: - - name: gitlab-set-status-fail - when: - - input: $(tasks.status) - operator: in - values: [ "Failed", "None" ] - taskRef: - name: gitlab-set-status - kind: ClusterTask - params: - - name: "STATE" - value: "failed" - - name: "GITLAB_HOST_URL" - value: "api.gitlab.com" - - name: "REPO_FULL_NAME" - value: "$(params.reponame)" - - name: "GITLAB_TOKEN_SECRET_NAME" - value: "gitlab-token" - - name: "GITLAB_TOKEN_SECRET_KEY" - value: "token" - - name: "SHA" - value: "$(params.revision)" - - name: "TARGET_URL" - value: "http://localhost:8001/api/v1/namespaces/tekton-pipelines/services/tekton-dashboard:http/proxy/" - #value: "dashboard.domain.app" - - name: "CONTEXT" - value: "Building your MR" - - name: "DESCRIPTION" - value: "continuous-integration/tekton" - - - name: gitlab-set-status-success - when: - - input: $(tasks.status) - operator: in - values: [ "Succeeded", "Completed" ] - taskRef: - name: gitlab-set-status - kind: ClusterTask - params: - - name: "STATE" - value: "success" - - name: "GITLAB_HOST_URL" - value: "gitlab.com" - - name: "API_PATH_PREFIX" - value: "/api/v4" - - name: "REPO_FULL_NAME" - value: "$(params.reponame)" - - name: "GITLAB_TOKEN_SECRET_NAME" - value: "gitlab-token" - - name: "GITLAB_TOKEN_SECRET_KEY" - value: "token" - - name: "SHA" - value: "$(params.revision)" - - name: "TARGET_URL" - value: "http://localhost:8001/api/v1/namespaces/tekton-pipelines/services/tekton-dashboard:http/proxy/" - #value: "dashboard.domain.app" - - name: "CONTEXT" - value: "tekton-pipeline" - - name: "DESCRIPTION" - value: "Finished building your commit in Tekton" - - - - - - - - diff --git a/cicd/tekton-pipelines/tekton-yamls/ingress.yaml b/cicd/tekton-pipelines/tekton-yamls/ingress.yaml deleted file mode 100644 index 996f6c7..0000000 --- a/cicd/tekton-pipelines/tekton-yamls/ingress.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: tekton-webhook-route -spec: - entryPoints: - - web - - websecure - routes: - - kind: Rule - match: Host(`intelops.local`) - services: - - name: el-github-listener - port: 8080 - diff --git a/cicd/tekton-pipelines/tekton-yamls/rbac.yaml b/cicd/tekton-pipelines/tekton-yamls/rbac.yaml deleted file mode 100644 index 7dc62c9..0000000 --- a/cicd/tekton-pipelines/tekton-yamls/rbac.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: tekton-robot -secrets: -- name: gitcred -- name: ssh-key -- name: docker-credentials -- name: github-webhook-secret -- name: cosign-key -- name: cosign-pub -- name: cosign-docker-secret -- name: docker5 -- name: docker6 -- name: gitlab-token - - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: triggers-example-eventlistener-binding -subjects: -- kind: ServiceAccount - name: tekton-robot -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: tekton-triggers-eventlistener-roles ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: trigger-el-clusterbinding -subjects: -- kind: ServiceAccount - name: tekton-robot -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: tekton-triggers-eventlistener-clusterroles ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: tekton-robot-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: tekton-robot-role -subjects: -- kind: ServiceAccount - name: tekton-robot ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: tekton-robot-role -rules: -- apiGroups: ["triggers.tekton.dev"] - resources: ["clustertriggerbindings"] - verbs: ["get", "list", "watch" , "update" , "create"] - diff --git a/cicd/tekton-pipelines/tekton-yamls/triggers.yaml b/cicd/tekton-pipelines/tekton-yamls/triggers.yaml deleted file mode 100644 index 00d558a..0000000 --- a/cicd/tekton-pipelines/tekton-yamls/triggers.yaml +++ /dev/null @@ -1,368 +0,0 @@ -apiVersion: triggers.tekton.dev/v1beta1 -kind: EventListener -metadata: - name: github-listener -spec: - triggers: - - name: github-push-event - interceptors: - - ref: - name: "cel" - params: - - name: "filter" - value: > - ( - header.match('x-github-event', 'push') && (body.ref == 'refs/heads/main' || body.ref == 'refs/heads/master') - ) - - name: "overlays" - value: - - key: image_tag - expression: "\"latest\"" - - key: event - expression: "\"push\"" - - bindings: - - name: revision - value: $(body.head_commit.id) - - name: repo-url - value: $(body.repository.clone_url) - - name: IMAGE - value: ghcr.io/$(body.repository.full_name) - - name: REPONAME - value: $(body.repository.full_name) - - ref: trigger-binding - template: - ref: trigger-template-github - - - name: gitlab-push-event - interceptors: - - ref: - name: "cel" - params: - - name: "filter" - value: > - ( - header.match('X-Gitlab-Event', 'Push Hook') && (body.ref == 'refs/heads/main' || body.ref == 'refs/heads/master') - ) - - name: "overlays" - value: - - key: image_tag - expression: "\"latest\"" - - key: event - expression: "body.event_name" - - bindings: - - name: revision - value: $(body.checkout_sha) - - name: repo-url - value: $(body.repository.git_http_url) - - name: REPONAME - value: $(body.project.path_with_namespace) - - name: IMAGE - value: registry.gitlab.com/$(body.user_name)/$(body.project.name) - - ref: trigger-binding - template: - ref: trigger-template-gitlab - - - - name: tag-event-github - interceptors: - - ref: - name: "cel" - params: - - name: "filter" - value: > - ( - header.match('x-github-event', 'create') && (body.ref == 'refs/heads/main' || body.ref == 'refs/heads/master' || body.ref_type == 'tag' ) - ) - - name: "overlays" - value: - - key: image_tag - expression: "body.ref" - - key: event - expression: "\"tag\"" - bindings: - - name: revision - value: $(body.master_branch) - - name: repo-url - value: $(body.repository.clone_url) - - name: REPONAME - value: $(body.repository.full_name) - - name: IMAGE - value: ghcr.io/$(body.repository.full_name) - - ref: trigger-binding - template: - ref: trigger-template-github - - name: tag-event-gitlab - interceptors: - - ref: - name: "cel" - params: - - name: "filter" - value: > - ( - header.match('X-Gitlab-Event', 'Tag Push Hook') && (body.ref == 'refs/heads/main' || body.ref == 'refs/heads/master' || body.object_kind == 'tag_push' ) - ) - - name: "overlays" - value: - - key: image_tag - expression: "body.ref.split('/')[2]" - - key: event - expression: "\"tag\"" - bindings: - - name: revision - value: $(body.commits[0].id) - - name: repo-url - value: $(body.repository.git_http_url) - - name: REPONAME - value: $(body.project.path_with_namespace) - - name: IMAGE - value: registry.gitlab.com/$(body.user_name)/$(body.project.name) - - ref: trigger-binding - template: - ref: trigger-template-gitlab - - - name: pull-request-github - interceptors: - - ref: - name: "cel" - params: - - name: "filter" - value: > - ( - header.match('x-github-event', 'pull_request') && body.action in ['opened'] && (body.pull_request.base.ref == 'main' || body.pull_request.base.ref == 'master') - ) - - name: "overlays" - value: - - key: image_tag - expression: "['pr', string(body.pull_request.number)].join('-')" - - key: event - expression: "\"pull-request\"" - bindings: - - name: revision - value: $(body.pull_request.head.sha) - - name: repo-url - value: $(body.repository.clone_url) - - name: IMAGE - value: ghcr.io/$(body.repository.full_name) - - name: REPONAME - value: $(body.repository.full_name) - - ref: trigger-binding - template: - ref: trigger-template-github - - - name: merge-request-gitlab - interceptors: - - ref: - name: "cel" - params: - - name: "filter" - value: > - ( - header.match('X-Gitlab-Event', 'Merge Request Hook') && body.object_attributes.action in ['open'] && ( body.object_attributes.target_branch == 'main' || body.object_attributes.target_branch == 'master' ) - ) - - name: "overlays" - value: - - key: image_tag - expression: "['mr', string(body.object_attributes.iid)].join('-')" - - key: event - expression: "\"merge-request\"" - bindings: - - name: revision - value: $(body.object_attributes.last_commit.id) - - name: repo-url - value: $(body.project.http_url) - #- name: REPONAME - #value: $(body.user.name)/$(body.project.name) - - name: REPONAME - value: $(body.project.path_with_namespace) - - name: IMAGE - value: registry.gitlab.com/$(body.user.name)/$(body.project.name) - - ref: trigger-binding - template: - ref: trigger-template-gitlab - - resources: - kubernetesResource: - spec: - template: - spec: - serviceAccountName: tekton-robot - containers: - - resources: - requests: - memory: "64Mi" - cpu: "250m" - limits: - memory: "128Mi" - cpu: "500m" ---- -apiVersion: triggers.tekton.dev/v1beta1 -kind: TriggerBinding -metadata: - name: trigger-binding -spec: - params: - - name: PLRNAME - value: github-proj-uuid-pr- - - name: IMAGETAG - value: $(extensions.image_tag) - - name: EVENT - value: $(extensions.event) - - name: rel-tag - value: $(extensions.image_tag) - ---- -apiVersion: triggers.tekton.dev/v1beta1 -kind: TriggerTemplate -metadata: - name: trigger-template-github -spec: - params: - - name: repo-url - description: repo url - - name: revision - description: sha,branch - - name: IMAGE - description: image name - - name: IMAGETAG - description: tag of img - - name: EVENT - description: event occured - - name: REPONAME - description: repo name - - name: rel-tag - description: release tag - resourcetemplates: - - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - generateName: trigger-tekton-ci- - spec: - serviceAccountName: tekton-robot - pipelineRef: - name: github-tekton-ci - podTemplate: - securityContext: - fsGroup: 65532 - workspaces: - - name: shared-data - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 30Gi - - name: git-credentials - secret: - secretName: gitcred - - name: docker-credentials - secret: - secretName: docker-credentials #give the credential of the registry like ghcr,docker - - name: dockerconfig - secret: - secretName: cosign-docker-secret # If you need to provide dockerconfig - - name: cosign - secret: - secretName: cosign-key - - name: cosign-pub - secret: - secretName: cosign-pub - params: - - name: repo-url - value: $(tt.params.repo-url) - - name: revision - value: $(tt.params.revision) - - name: imageUrl - value: $(tt.params.IMAGE) - - name: imageTag - value: $(tt.params.IMAGETAG) - - name: eventname - value: $(tt.params.EVENT) - - name: reponame - value: $(tt.params.REPONAME) - - name: retag - value: $(tt.params.rel-tag) - ---- -apiVersion: triggers.tekton.dev/v1beta1 -kind: TriggerTemplate -metadata: - name: trigger-template-gitlab -spec: - params: - - name: repo-url - description: repo url - - name: revision - description: sha,branch - - name: IMAGE - description: image name - - name: IMAGETAG - description: tag of img - - name: EVENT - description: event occured - - name: REPONAME - description: repo name - - name: rel-tag - description: release tag - resourcetemplates: - - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - generateName: trigger-tekton-ci- - spec: - serviceAccountName: tekton-robot - pipelineRef: - name: gitlab-tekton-ci - podTemplate: - securityContext: - fsGroup: 65532 - workspaces: - - name: shared-data - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 30Gi - - name: git-credentials - secret: - secretName: gitlab - - name: docker-credentials - secret: - secretName: docker5 - - name: dockerconfig - secret: - secretName: cosign-docker-secret-gitlab # If you need to provide dockerconfig - - name: cosign - secret: - secretName: cosign-key - - name: cosign-pub - secret: - secretName: cosign-pub - - params: - - name: repo-url - value: $(tt.params.repo-url) - - name: revision - value: $(tt.params.revision) - - name: imageUrl - value: $(tt.params.IMAGE) - - name: imageTag - value: $(tt.params.IMAGETAG) - - name: eventname - value: $(tt.params.EVENT) - - name: reponame - value: $(tt.params.REPONAME) - - name: retag - value: $(tt.params.rel-tag) - - - - - - - - diff --git a/cicd/tekton/argocd-apps/Chart.yaml b/cicd/tekton/argocd-apps/Chart.yaml index 69270c8..5ae9ef9 100644 --- a/cicd/tekton/argocd-apps/Chart.yaml +++ b/cicd/tekton/argocd-apps/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -name: tekton-apps -description: A Helm chart for tekton apps +name: tekton-pipeline +description: A Helm chart for tekton pipeline # A chart can be either an 'application' or a 'library' chart. # diff --git a/cicd/tekton/argocd-apps/templates/pipelines/pipelines.yaml b/cicd/tekton/argocd-apps/templates/pipelines/pipelines.yaml index 3ceb2ed..2b05249 100644 --- a/cicd/tekton/argocd-apps/templates/pipelines/pipelines.yaml +++ b/cicd/tekton/argocd-apps/templates/pipelines/pipelines.yaml @@ -4,20 +4,19 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: {{ .name }} - namespace: {{ $.Release.Namespace }} + namespace: argo-cd spec: project: {{ $.Values.project }} source: repoURL: {{ $.Values.source.repoURL }} targetRevision: {{ $.Values.source.targetRevision }} - path: {{ .path}} + path: "{{ $.Values.tektonPath}}/{{ .name}}" + helm: + valueFiles: + - values.yaml destination: server: {{ $.Values.destination.server }} - namespace: {{ $.Values.destination.namespace }} - syncPolicy: - automated: - prune: {{ $.Values.syncPolicy.automated.prune }} - selfHeal: {{ $.Values.syncPolicy.automated.selfHeal }} + namespace: tekton-pipelines --- {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/cicd/tekton/argocd-apps/templates/tekton-pipeline-cluster-config.yaml b/cicd/tekton/argocd-apps/templates/tekton-pipeline-cluster-config.yaml new file mode 100644 index 0000000..04075ad --- /dev/null +++ b/cicd/tekton/argocd-apps/templates/tekton-pipeline-cluster-config.yaml @@ -0,0 +1,17 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: tekton-apps + namespace: argo-cd +spec: + project: default + source: + repoURL: https://github.com/indresh-28/test-tekton + targetRevision: main + path: cicd/tekton-pipelines/cluster-config + helm: + valueFiles: + - values.yaml + destination: + server: https://kubernetes.default.svc + namespace: argo-cd diff --git a/cicd/tekton/argocd-apps/values.yaml b/cicd/tekton/argocd-apps/values.yaml index 1a6f9d1..4de91ab 100644 --- a/cicd/tekton/argocd-apps/values.yaml +++ b/cicd/tekton/argocd-apps/values.yaml @@ -1,12 +1,11 @@ project: default source: - repoURL: https://github.com/intelops/capten-templates.git + repoURL: https://github.com/intelops/capten-templates targetRevision: main destination: server: https://kubernetes.default.svc - namespace: tekton syncPolicy: CreateNamespace: true @@ -14,6 +13,4 @@ syncPolicy: prune: false selfHeal: true -tektonPipelines: - - name: tekton-pipeline-dev-cluster - path: cicd/tekton-pipelines/tekton-yamls \ No newline at end of file +tektonPath: cicd/tekton-pipelines diff --git a/cicd/tekton/tekton-main-app.yaml b/cicd/tekton/tekton-main-app.yaml index cd0652c..88eb9f0 100644 --- a/cicd/tekton/tekton-main-app.yaml +++ b/cicd/tekton/tekton-main-app.yaml @@ -6,12 +6,12 @@ metadata: spec: project: default source: - repoURL: https://github.com/intelops/capten-templates.git - targetRevision: HEAD + repoURL: https://github.com/intelops/capten-templates + targetRevision: main path: cicd/tekton/argocd-apps helm: valueFiles: - values.yaml destination: server: https://kubernetes.default.svc - namespace: tekton-pipelines + namespace: argo-cd From 18ae768119fb29d370d150cb4ee29a496504b929 Mon Sep 17 00:00:00 2001 From: indresh-28 Date: Fri, 22 Dec 2023 15:08:13 +0530 Subject: [PATCH 02/11] update git cred for pass/fail --- .../pipeline-template/templates/pipeline.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cicd/tekton-pipelines/pipeline-template/templates/pipeline.yaml b/cicd/tekton-pipelines/pipeline-template/templates/pipeline.yaml index 1d45dc9..c9d7bda 100644 --- a/cicd/tekton-pipelines/pipeline-template/templates/pipeline.yaml +++ b/cicd/tekton-pipelines/pipeline-template/templates/pipeline.yaml @@ -90,9 +90,9 @@ spec: - name: "REPO_FULL_NAME" value: "$(params.reponame)" - name: "GITHUB_TOKEN_SECRET_NAME" - value: "gitcred" + value: "gitcred-{{ $.Values.pipelineName }}" - name: "GITHUB_TOKEN_SECRET_KEY" - value: "token" + value: "password" - name: "SHA" value: "$(params.revision)" - name: "TARGET_URL" @@ -119,9 +119,9 @@ spec: - name: "REPO_FULL_NAME" value: "$(params.reponame)" - name: "GITHUB_TOKEN_SECRET_NAME" - value: "gitcred" + value: "gitcred-{{ $.Values.pipelineName }}" - name: "GITHUB_TOKEN_SECRET_KEY" - value: "token" + value: "password" - name: "SHA" value: "$(params.revision)" - name: "TARGET_URL" From a37970147ef1321e3345b2735938a86a8f57263f Mon Sep 17 00:00:00 2001 From: indresh-28 <141343508+indresh-28@users.noreply.github.com> Date: Fri, 22 Dec 2023 17:58:16 +0530 Subject: [PATCH 03/11] update git suffix Signed-off-by: indresh-28 <141343508+indresh-28@users.noreply.github.com> --- cicd/tekton/tekton-main-app.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cicd/tekton/tekton-main-app.yaml b/cicd/tekton/tekton-main-app.yaml index 88eb9f0..06543f8 100644 --- a/cicd/tekton/tekton-main-app.yaml +++ b/cicd/tekton/tekton-main-app.yaml @@ -6,7 +6,7 @@ metadata: spec: project: default source: - repoURL: https://github.com/intelops/capten-templates + repoURL: https://github.com/intelops/capten-templates.git targetRevision: main path: cicd/tekton/argocd-apps helm: From 524af6d3485041a59e51d7710d6308ffd60697ef Mon Sep 17 00:00:00 2001 From: indresh-28 <141343508+indresh-28@users.noreply.github.com> Date: Fri, 22 Dec 2023 17:58:33 +0530 Subject: [PATCH 04/11] update git suffix Signed-off-by: indresh-28 <141343508+indresh-28@users.noreply.github.com> --- cicd/tekton/argocd-apps/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cicd/tekton/argocd-apps/values.yaml b/cicd/tekton/argocd-apps/values.yaml index 4de91ab..1c901c4 100644 --- a/cicd/tekton/argocd-apps/values.yaml +++ b/cicd/tekton/argocd-apps/values.yaml @@ -1,7 +1,7 @@ project: default source: - repoURL: https://github.com/intelops/capten-templates + repoURL: https://github.com/intelops/capten-templates.git targetRevision: main destination: From 7125c96ab46235d7f9c67c9b1bdf67e05c8bf8b1 Mon Sep 17 00:00:00 2001 From: indresh-28 <141343508+indresh-28@users.noreply.github.com> Date: Fri, 22 Dec 2023 17:59:37 +0530 Subject: [PATCH 05/11] Update tekton-pipeline-cluster-config.yaml Signed-off-by: indresh-28 <141343508+indresh-28@users.noreply.github.com> --- .../argocd-apps/templates/tekton-pipeline-cluster-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cicd/tekton/argocd-apps/templates/tekton-pipeline-cluster-config.yaml b/cicd/tekton/argocd-apps/templates/tekton-pipeline-cluster-config.yaml index 04075ad..3987a6e 100644 --- a/cicd/tekton/argocd-apps/templates/tekton-pipeline-cluster-config.yaml +++ b/cicd/tekton/argocd-apps/templates/tekton-pipeline-cluster-config.yaml @@ -6,7 +6,7 @@ metadata: spec: project: default source: - repoURL: https://github.com/indresh-28/test-tekton + repoURL: {{ $.Values.source.repoURL }} targetRevision: main path: cicd/tekton-pipelines/cluster-config helm: From 1793d09a0b7e34923941892d228e8cc073f3e06c Mon Sep 17 00:00:00 2001 From: indresh-28 <141343508+indresh-28@users.noreply.github.com> Date: Fri, 22 Dec 2023 18:10:18 +0530 Subject: [PATCH 06/11] Update tekton-pipeline-cluster-config.yaml Signed-off-by: indresh-28 <141343508+indresh-28@users.noreply.github.com> --- .../argocd-apps/templates/tekton-pipeline-cluster-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cicd/tekton/argocd-apps/templates/tekton-pipeline-cluster-config.yaml b/cicd/tekton/argocd-apps/templates/tekton-pipeline-cluster-config.yaml index 3987a6e..ab55630 100644 --- a/cicd/tekton/argocd-apps/templates/tekton-pipeline-cluster-config.yaml +++ b/cicd/tekton/argocd-apps/templates/tekton-pipeline-cluster-config.yaml @@ -1,7 +1,7 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: tekton-apps + name: tekton-cluster-tasks namespace: argo-cd spec: project: default From 5906b67d45e8f27a56b4405fe8812e641e272e61 Mon Sep 17 00:00:00 2001 From: indresh-28 Date: Wed, 10 Jan 2024 19:21:26 +0530 Subject: [PATCH 07/11] update config files --- .../templates/github-set-status.yaml | 84 +++++++++++++++---- .../pipeline-template/templates/pipeline.yaml | 4 +- 2 files changed, 69 insertions(+), 19 deletions(-) diff --git a/cicd/tekton-pipelines/cluster-config/templates/github-set-status.yaml b/cicd/tekton-pipelines/cluster-config/templates/github-set-status.yaml index 5c388d2..98f597c 100644 --- a/cicd/tekton-pipelines/cluster-config/templates/github-set-status.yaml +++ b/cicd/tekton-pipelines/cluster-config/templates/github-set-status.yaml @@ -4,7 +4,7 @@ kind: ClusterTask metadata: name: github-set-status labels: - app.kubernetes.io/version: "0.2" + app.kubernetes.io/version: "0.4" annotations: tekton.dev/categories: Git tekton.dev/pipelines.minVersion: "0.12.1" @@ -14,7 +14,7 @@ metadata: spec: description: >- This task will set the status of the CI job to the specified value along - witha link to the specified target URL where developers can follow the + with a link to the specified target URL where developers can follow the progress of the CI job. The `github-set-status` task allows external services to mark GitHub commits @@ -89,6 +89,18 @@ spec: type: string default: Bearer + - name: IMAGE + description: | + Image providing the python binary which this task uses. + type: string + default: python:3.10.1-alpine3.15 + + - name: SHEBANG + description: | + Python path. Depends on the image. + type: string + default: /usr/bin/env python + volumes: - name: githubtoken secret: @@ -99,33 +111,68 @@ spec: volumeMounts: - name: githubtoken mountPath: /etc/github-set-status - - image: registry.access.redhat.com/ubi8/python-38:1-34.1599745032 + env: + - name: GITHUB_HOST_URL + value: $(params.GITHUB_HOST_URL) + - name: API_PATH_PREFIX + value: $(params.API_PATH_PREFIX) + - name: REPO_FULL_NAME + value: $(params.REPO_FULL_NAME) + - name: GITHUB_TOKEN_SECRET_NAME + value: $(params.GITHUB_TOKEN_SECRET_NAME) + - name: GITHUB_TOKEN_SECRET_KEY + value: $(params.GITHUB_TOKEN_SECRET_KEY) + - name: SHA + value: $(params.SHA) + - name: TARGET_URL + value: $(params.TARGET_URL) + - name: DESCRIPTION + value: $(params.DESCRIPTION) + - name: CONTEXT + value: $(params.CONTEXT) + - name: STATE + value: $(params.STATE) + - name: AUTH_TYPE + value: $(params.AUTH_TYPE) + - name: SHEBANG + value: $(params.SHEBANG) + + image: $(params.IMAGE) script: | - #!/usr/libexec/platform-python + #!$(params.SHEBANG) """This script will set the CI status on GitHub PR""" import json + import os + import sys import http.client - github_token = open("/etc/github-set-status/$(params.GITHUB_TOKEN_SECRET_KEY)", "r").read() + github_token_filename = "/etc/github-set-status/" + \ + os.getenv("GITHUB_TOKEN_SECRET_KEY") + github_token = open(github_token_filename, "r").read() - status_url = "$(params.API_PATH_PREFIX)" + "/repos/$(params.REPO_FULL_NAME)/" + \ - "statuses/$(params.SHA)" + status_url = os.getenv("API_PATH_PREFIX") + "/repos/" + \ + os.getenv("REPO_FULL_NAME") + "/statuses/" + os.getenv("SHA") data = { - "state": "$(params.STATE)", - "target_url": "$(params.TARGET_URL)", - "description": "$(params.DESCRIPTION)", - "context": "$(params.CONTEXT)" + "state": os.getenv("STATE"), + "target_url": os.getenv("TARGET_URL"), + "description": os.getenv("DESCRIPTION"), + "context": os.getenv("CONTEXT") } - print("Sending this data to GitHub: ") + print("Sending this data to GitHub@{url}: ".format( + url=os.getenv("GITHUB_HOST_URL"))) print(data) - authHeader = "$(params.AUTH_TYPE) " + github_token + authHeader = os.getenv("AUTH_TYPE") + " " + github_token + + # This is for our fake github server + if "$(params.GITHUB_HOST_URL)".startswith("http://"): + conn = http.client.HTTPConnection("$(params.GITHUB_HOST_URL)".replace("http://", "")) + else: + conn = http.client.HTTPSConnection("$(params.GITHUB_HOST_URL)") - conn = http.client.HTTPSConnection("$(params.GITHUB_HOST_URL)") conn.request( "POST", status_url, @@ -139,6 +186,9 @@ spec: if not str(resp.status).startswith("2"): print("Error: %d" % (resp.status)) print(resp.read()) + sys.exit(1) else: - print("GitHub status '$(params.STATE)' has been set on " - "$(params.REPO_FULL_NAME)#$(params.SHA) ") + print("GitHub status '{state}' has been set on {repo}#{sha} ".format( + state=os.getenv("STATE"), + repo=os.getenv("REPO_FULL_NAME"), + sha=os.getenv("SHA"))) diff --git a/cicd/tekton-pipelines/pipeline-template/templates/pipeline.yaml b/cicd/tekton-pipelines/pipeline-template/templates/pipeline.yaml index c9d7bda..d2fd0e5 100644 --- a/cicd/tekton-pipelines/pipeline-template/templates/pipeline.yaml +++ b/cicd/tekton-pipelines/pipeline-template/templates/pipeline.yaml @@ -84,7 +84,7 @@ spec: kind: ClusterTask params: - name: "STATE" - value: "failed" + value: "failure" - name: "GITHUB_HOST_URL" value: "api.github.com" - name: "REPO_FULL_NAME" @@ -130,4 +130,4 @@ spec: - name: "CONTEXT" value: "tekton-pipeline" - name: "DESCRIPTION" - value: "Finished building your commit in Tekton" \ No newline at end of file + value: "Finished building your commit in Tekton" From 01a6fab23a8d53d70912a8195b817eee15c45859 Mon Sep 17 00:00:00 2001 From: indresh-28 <141343508+indresh-28@users.noreply.github.com> Date: Mon, 15 Jan 2024 20:30:36 +0530 Subject: [PATCH 08/11] Update tekton-main-app.yaml Signed-off-by: indresh-28 <141343508+indresh-28@users.noreply.github.com> --- cicd/tekton/tekton-main-app.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cicd/tekton/tekton-main-app.yaml b/cicd/tekton/tekton-main-app.yaml index 06543f8..eb7e00e 100644 --- a/cicd/tekton/tekton-main-app.yaml +++ b/cicd/tekton/tekton-main-app.yaml @@ -15,3 +15,6 @@ spec: destination: server: https://kubernetes.default.svc namespace: argo-cd + syncPolicy: + automated: + prune: true From 60d89429534d20140d9fad17db47fda01b39defb Mon Sep 17 00:00:00 2001 From: indresh-28 <141343508+indresh-28@users.noreply.github.com> Date: Mon, 15 Jan 2024 20:31:14 +0530 Subject: [PATCH 09/11] Update pipelines.yaml Signed-off-by: indresh-28 <141343508+indresh-28@users.noreply.github.com> --- cicd/tekton/argocd-apps/templates/pipelines/pipelines.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cicd/tekton/argocd-apps/templates/pipelines/pipelines.yaml b/cicd/tekton/argocd-apps/templates/pipelines/pipelines.yaml index 2b05249..a36720b 100644 --- a/cicd/tekton/argocd-apps/templates/pipelines/pipelines.yaml +++ b/cicd/tekton/argocd-apps/templates/pipelines/pipelines.yaml @@ -17,6 +17,9 @@ spec: destination: server: {{ $.Values.destination.server }} namespace: tekton-pipelines + syncPolicy: + automated: + prune: true --- {{- end }} {{- end }} From 71a7ca077f1396ec0ef26ee6d6c442f27f6afb2c Mon Sep 17 00:00:00 2001 From: indresh-28 <141343508+indresh-28@users.noreply.github.com> Date: Wed, 17 Jan 2024 20:44:54 +0530 Subject: [PATCH 10/11] Update pipeline.yaml Signed-off-by: indresh-28 <141343508+indresh-28@users.noreply.github.com> --- cicd/tekton-pipelines/pipeline-template/templates/pipeline.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cicd/tekton-pipelines/pipeline-template/templates/pipeline.yaml b/cicd/tekton-pipelines/pipeline-template/templates/pipeline.yaml index d2fd0e5..668b94b 100644 --- a/cicd/tekton-pipelines/pipeline-template/templates/pipeline.yaml +++ b/cicd/tekton-pipelines/pipeline-template/templates/pipeline.yaml @@ -59,7 +59,7 @@ spec: value: $(params.revision) - name: build taskRef: - name: kaniko-build + name: kaniko kind: ClusterTask runAfter: - fetch-source From 07559da9757ad94a138a834d81cceeb5a7e66663 Mon Sep 17 00:00:00 2001 From: indresh-28 Date: Fri, 26 Jan 2024 11:18:34 +0530 Subject: [PATCH 11/11] update template to take ingress domainname --- cicd/tekton-pipelines/cluster-config/templates/kaniko.yaml | 2 +- .../tekton-pipelines/pipeline-template/templates/ingress.yaml | 2 +- .../pipeline-template/templates/pipeline.yaml | 4 ++-- cicd/tekton-pipelines/pipeline-template/values.yaml | 3 +-- 4 files changed, 5 insertions(+), 6 deletions(-) diff --git a/cicd/tekton-pipelines/cluster-config/templates/kaniko.yaml b/cicd/tekton-pipelines/cluster-config/templates/kaniko.yaml index fd98b05..357fcd6 100644 --- a/cicd/tekton-pipelines/cluster-config/templates/kaniko.yaml +++ b/cicd/tekton-pipelines/cluster-config/templates/kaniko.yaml @@ -1,7 +1,7 @@ apiVersion: tekton.dev/v1beta1 kind: ClusterTask metadata: - name: kaniko-build + name: kaniko labels: app.kubernetes.io/version: "0.6" annotations: diff --git a/cicd/tekton-pipelines/pipeline-template/templates/ingress.yaml b/cicd/tekton-pipelines/pipeline-template/templates/ingress.yaml index c4da378..5a490b5 100644 --- a/cicd/tekton-pipelines/pipeline-template/templates/ingress.yaml +++ b/cicd/tekton-pipelines/pipeline-template/templates/ingress.yaml @@ -8,7 +8,7 @@ metadata: spec: ingressClassName: traefik rules: - - host: {{ $.Values.ingressDomainName }} + - host: "tekton.{{ $.Values.ingressDomainName }}" http: paths: - path: "/{{ $.Values.pipelineName }}" diff --git a/cicd/tekton-pipelines/pipeline-template/templates/pipeline.yaml b/cicd/tekton-pipelines/pipeline-template/templates/pipeline.yaml index 668b94b..1f6f5a9 100644 --- a/cicd/tekton-pipelines/pipeline-template/templates/pipeline.yaml +++ b/cicd/tekton-pipelines/pipeline-template/templates/pipeline.yaml @@ -96,7 +96,7 @@ spec: - name: "SHA" value: "$(params.revision)" - name: "TARGET_URL" - value: {{ $.Values.tektonDashboard }} + value: "http://tekton.{{ $.Values.ingressDomainName }}" #value: "dashboard.domain.app" - name: "CONTEXT" value: "tekton-pipeline" @@ -125,7 +125,7 @@ spec: - name: "SHA" value: "$(params.revision)" - name: "TARGET_URL" - value: {{ $.Values.tektonDashboard }} + value: "http://tekton.{{ $.Values.ingressDomainName }}" #value: "dashboard.domain.app" - name: "CONTEXT" value: "tekton-pipeline" diff --git a/cicd/tekton-pipelines/pipeline-template/values.yaml b/cicd/tekton-pipelines/pipeline-template/values.yaml index 9b60b71..76ffe09 100644 --- a/cicd/tekton-pipelines/pipeline-template/values.yaml +++ b/cicd/tekton-pipelines/pipeline-template/values.yaml @@ -1,4 +1,3 @@ pipelineName: "replace" -ingressDomainName: "tekton.azureagent.optimizor.app" -tektonDashboard: "replace" +ingressDomainName: "azureagent.optimizor.app" namespace: "tekton-pipelines" \ No newline at end of file