From 8944d1380ee9a193aadb4b03bed53f0f94369abe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Huss?= Date: Sat, 1 Jun 2024 15:08:02 +0200 Subject: [PATCH] fix --- .../gitea-tekton-org/{auto-ci.tf => auto.tf} | 2 +- share/gitea-tekton-org/auto_ConfigMap.tf | 661 +++++++++++++++ share/gitea-tekton-org/auto_Pipeline.tf | 461 +++++++++++ share/gitea-tekton-org/auto_Task.tf | 310 +++++++ .../{auto-cd.tf => auto_Trigger.tf} | 0 ...uto-ci-detector.py => auto_ci_detector.py} | 202 +++-- share/gitea-tekton-org/common.tf | 11 + share/gitea-tekton-org/datas.tf | 113 --- share/gitea-tekton-org/functions.sh | 119 +++ share/gitea-tekton-org/git_Task.tf | 363 +++++++++ share/gitea-tekton-org/index.rhai | 44 +- .../tekton.dev_v1_Pipeline_auto-ci-push.yaml | 292 ------- .../tekton.dev_v1_Pipeline_auto-ci-tag.yaml | 273 ------- .../tekton.dev_v1_Task_auto-cd-activate.yaml | 84 -- .../tekton.dev_v1_Task_auto-cd-create.yaml | 83 -- .../tekton.dev_v1_Task_auto-cd-delete.yaml | 82 -- .../tekton.dev_v1_Task_auto-ci-cleanup.yaml | 20 - ...on.dev_v1beta1_Task_generate-build-id.yaml | 51 -- .../tekton.dev_v1beta1_Task_git-clone.yaml | 255 ------ .../tekton.dev_v1beta1_Task_git-version.yaml | 52 -- .../v1_ConfigMap_auto-cd-templates.yaml | 771 ------------------ 21 files changed, 2086 insertions(+), 2163 deletions(-) rename share/gitea-tekton-org/{auto-ci.tf => auto.tf} (99%) create mode 100644 share/gitea-tekton-org/auto_ConfigMap.tf create mode 100644 share/gitea-tekton-org/auto_Pipeline.tf create mode 100644 share/gitea-tekton-org/auto_Task.tf rename share/gitea-tekton-org/{auto-cd.tf => auto_Trigger.tf} (100%) rename share/gitea-tekton-org/{auto-ci-detector.py => auto_ci_detector.py} (57%) create mode 100644 share/gitea-tekton-org/common.tf delete mode 100644 share/gitea-tekton-org/datas.tf create mode 100644 share/gitea-tekton-org/functions.sh create mode 100644 share/gitea-tekton-org/git_Task.tf delete mode 100644 share/gitea-tekton-org/tekton.dev_v1_Pipeline_auto-ci-push.yaml delete mode 100644 share/gitea-tekton-org/tekton.dev_v1_Pipeline_auto-ci-tag.yaml delete mode 100644 share/gitea-tekton-org/tekton.dev_v1_Task_auto-cd-activate.yaml delete mode 100644 share/gitea-tekton-org/tekton.dev_v1_Task_auto-cd-create.yaml delete mode 100644 share/gitea-tekton-org/tekton.dev_v1_Task_auto-cd-delete.yaml delete mode 100644 share/gitea-tekton-org/tekton.dev_v1_Task_auto-ci-cleanup.yaml delete mode 100644 share/gitea-tekton-org/tekton.dev_v1beta1_Task_generate-build-id.yaml delete mode 100644 share/gitea-tekton-org/tekton.dev_v1beta1_Task_git-clone.yaml delete mode 100644 share/gitea-tekton-org/tekton.dev_v1beta1_Task_git-version.yaml delete mode 100644 share/gitea-tekton-org/v1_ConfigMap_auto-cd-templates.yaml diff --git a/share/gitea-tekton-org/auto-ci.tf b/share/gitea-tekton-org/auto.tf similarity index 99% rename from share/gitea-tekton-org/auto-ci.tf rename to share/gitea-tekton-org/auto.tf index 80062de..dd00087 100644 --- a/share/gitea-tekton-org/auto-ci.tf +++ b/share/gitea-tekton-org/auto.tf @@ -84,7 +84,7 @@ resource "kubectl_manifest" "auto-ci-detector" { - name: detect-stages image: $(params.toolbox-image) workingDir: $(workspaces.source.path) - script: ${jsonencode(file("${path.module}/auto-ci-detector.py"))} + script: ${jsonencode(file("${path.module}/auto_ci_detector.py"))} workspaces: - name: source mountPath: /data diff --git a/share/gitea-tekton-org/auto_ConfigMap.tf b/share/gitea-tekton-org/auto_ConfigMap.tf new file mode 100644 index 0000000..6c4aa8f --- /dev/null +++ b/share/gitea-tekton-org/auto_ConfigMap.tf @@ -0,0 +1,661 @@ +resource "kubectl_manifest" "ConfigMap_auto-cd-templates" { + yaml_body = <<-EOF + apiVersion: v1 + kind: ConfigMap + metadata: + name: auto-cd-templates + namespace: ${var.namespace} + ownerReferences: ${jsonencode(var.install_owner)} + labels: ${jsonencode(local.common_labels)} + data: + functions.sh: ${jsonencode(file("${path.module}/functions.sh"))} + ci-kusto.yaml.tmpl: |- + --- + apiVersion: kustomize.config.k8s.io/v1beta1 + kind: Kustomization + namePrefix: $${PROJECT_NAME}- + resources: + - ../../bases/trigger-push + - ../../bases/trigger-tag + patches: + - target: + kind: Trigger + name: push + patch: |- + - op: replace + path: /spec/template/spec/resourcetemplates/0/spec/pipelineRef/name + value: auto-ci-push + - target: + kind: Trigger + name: push + patch: |- + apiVersion: triggers.tekton.dev/v1beta1 + kind: Trigger + metadata: + name: "push" + spec: + interceptors: + - name: project-name + ref: + kind: ClusterInterceptor + name: cel + params: + - name: filter + value: body.repository.name == '$${PROJECT_NAME}' + - target: + kind: Trigger + name: tag + patch: |- + - op: replace + path: /spec/template/spec/resourcetemplates/0/spec/pipelineRef/name + value: auto-ci-tag + - target: + kind: Trigger + name: tag + patch: |- + apiVersion: triggers.tekton.dev/v1beta1 + kind: Trigger + metadata: + name: "tag" + spec: + interceptors: + - name: project-name + ref: + kind: ClusterInterceptor + name: cel + params: + - name: filter + value: body.repository.name == '$${PROJECT_NAME}' + deploy-project-kusto.yaml.tmpl: |- + --- + apiVersion: kustomize.config.k8s.io/v1beta1 + kind: Kustomization + namePrefix: $${PROJECT_NAME}- + commonLabels: + app.kubernetes.io/name: $${ORG_NAME} + app.kubernetes.io/component: $${PROJECT_NAME} + component: $${PROJECT_NAME} + resources: + - ../../../../bases/install + - ../../../../bases/images + - policy.yaml + patches: + - target: + kind: ImageRepository + name: repo + patch: |- + apiVersion: image.toolkit.fluxcd.io/v1beta2 + kind: ImageRepository + metadata: + name: repo + spec: + image: $${ARTIFACTORY_URL}/$${PROJECT_PATH} + - target: + kind: Kustomization + name: install + patch: |- + apiVersion: kustomize.toolkit.fluxcd.io/v1 + kind: Kustomization + metadata: + name: install + spec: + path: "./stages/$${STAGE}/$${PROJECT_NAME}" + targetNamespace: "$${DOMAIN}-org-$${ORG_NAME}-$${STAGE}" + - target: + kind: ImageUpdateAutomation + name: update + patch: |- + apiVersion: image.toolkit.fluxcd.io/v1beta1 + kind: ImageUpdateAutomation + metadata: + name: update + spec: + update: + path: ./stages/$${STAGE}/$${PROJECT_NAME} + deploy-policy-tag.yaml.tmpl: |- + apiVersion: image.toolkit.fluxcd.io/v1beta2 + kind: ImagePolicy + metadata: + name: policy + labels: + app.kubernetes.io/component: $${PROJECT_NAME} + app.kubernetes.io/name: $${ORG_NAME} + component: $${PROJECT_NAME} + spec: + imageRepositoryRef: + name: $${PROJECT_NAME}-repo + filterTags: + pattern: '^v(?P.*)$' + extract: '$semver' + policy: + semver: + range: '>=0.1.0' + deploy-policy-default.yaml.tmpl: |- + apiVersion: image.toolkit.fluxcd.io/v1beta2 + kind: ImagePolicy + metadata: + name: policy + labels: + app.kubernetes.io/component: $${PROJECT_NAME} + app.kubernetes.io/name: $${ORG_NAME} + component: $${PROJECT_NAME} + spec: + imageRepositoryRef: + name: $${PROJECT_NAME}-repo + filterTags: + pattern: '^main-(?P.*)$' + extract: '$semver' + policy: + semver: + range: '>=0.1.0' + README.md: |- + # Deployment configuration + Only valid if FluxCD is activated in the cluster + ## File structure + - `ci/`: Configuration for Tekton pipeline for . Should contain triggers and pipelines. + - `projects/`: Global configuration for deployment, affect every stages + - `stages//`: Configuration for deployment in the plateform + - `stages//deploy`: FluxCD configuration for , should be deployed on that stage namespace as it deploy everything needed to deploy the projects + trigger-kusto.yaml: |- + --- + apiVersion: kustomize.config.k8s.io/v1beta1 + kind: Kustomization + resources: + - trigger.yaml + trigger-push.yaml: |- + apiVersion: triggers.tekton.dev/v1beta1 + kind: Trigger + metadata: + name: "push" + labels: + type: branch-push + spec: + bindings: + - name: artifactory-url + value: "$(extensions.artifactory-url)" + - name: project-name + value: "$(extensions.project-name)" + - name: project-path + value: "$(extensions.project-path)" + - name: git-repository-url + value: "$(extensions.git-repository-url)" + - name: git-revision + value: "$(extensions.git-revision)" + - name: branch-name + value: "$(extensions.branch-name)" + - name: git-default-branch + value: "$(extensions.git-default-branch)" + - name: generate-name + value: "$(extensions.generate-name)" + template: + spec: + params: + - name: artifactory-url + description: The url of the current artifactory + - name: project-name + description: The git repository name + - name: project-path + description: The path of the current project + - name: git-repository-url + description: The git repository url + - name: git-revision + description: The git revision + default: main + - name: git-default-branch + description: The git revision + default: main + - name: branch-name + description: The git branch + default: main + - name: generate-name + resourcetemplates: + - apiVersion: tekton.dev/v1beta1 + kind: PipelineRun + metadata: + generateName: $(tt.params.generate-name)- + annotations: + "mayfly.cloud.namecheap.com/expire": "336h" # 2 weeks + spec: + pipelineRef: + name: "auto-ci-push" + params: + - name: artifactory-url + value: $(tt.params.artifactory-url) + - name: project-name + value: $(tt.params.project-name) + - name: project-path + value: $(tt.params.project-path) + - name: git-url + value: $(tt.params.git-repository-url) + - name: git-revision + value: $(tt.params.git-revision) + - name: git-default-branch + value: $(tt.params.git-default-branch) + - name: branch-name + value: $(tt.params.branch-name) + workspaces: + - name: source + persistentVolumeClaim: + claimName: source + subPath: $(tt.params.git-revision) + - name: dockerconfig + secret: + secretName: gitea-docker + items: + - key: ".dockerconfigjson" + path: "config.json" + - name: sslcertdir + secret: + secretName: gitea + items: + - key: "ca.crt" + path: "ca.crt" + - name: ssh + secret: + secretName: ssh-credentials + items: + - key: "known_hosts" + path: "known_hosts" + - key: "ssh-privatekey" + path: "id_rsa" + - key: "ssh-publickey" + path: "id_rsa.pub" + trigger-tag.yaml: |- + apiVersion: triggers.tekton.dev/v1beta1 + kind: Trigger + metadata: + name: "tag" + labels: + type: tag-push + spec: + bindings: + - name: artifactory-url + value: "$(extensions.artifactory-url)" + - name: project-name + value: "$(extensions.project-name)" + - name: project-path + value: "$(extensions.project-path)" + - name: git-repository-url + value: "$(extensions.git-repository-url)" + - name: git-revision + value: "$(extensions.git-revision)" + - name: tag-name + value: $(extensions.tag-name) + - name: generate-name + value: "$(extensions.generate-name)" + template: + spec: + params: + - name: artifactory-url + description: The url of the current artifactory + - name: project-name + description: The git repository name + - name: project-path + description: The path of the current project + - name: git-repository-url + description: The git repository url + - name: git-revision + description: The git revision + default: main + - name: tag-name + description: The git tag + - name: generate-name + resourcetemplates: + - apiVersion: tekton.dev/v1beta1 + kind: PipelineRun + metadata: + generateName: $(tt.params.generate-name)- + annotations: + "mayfly.cloud.namecheap.com/expire": "1440h" # 2 months + spec: + pipelineRef: + name: "auto-ci-tag" + params: + - name: artifactory-url + value: $(tt.params.artifactory-url) + - name: project-name + value: $(tt.params.project-name) + - name: project-path + value: $(tt.params.project-path) + - name: git-url + value: $(tt.params.git-repository-url) + - name: git-revision + value: $(tt.params.git-revision) + - name: tag-name + value: $(tt.params.tag-name) + workspaces: + - name: source + persistentVolumeClaim: + claimName: source + subPath: $(tt.params.git-revision) + - name: dockerconfig + secret: + secretName: gitea-docker + items: + - key: ".dockerconfigjson" + path: "config.json" + - name: sslcertdir + secret: + secretName: gitea + items: + - key: "ca.crt" + path: "ca.crt" + - name: ssh + secret: + secretName: ssh-credentials + items: + - key: "known_hosts" + path: "known_hosts" + - key: "ssh-privatekey" + path: "id_rsa" + - key: "ssh-publickey" + path: "id_rsa.pub" + empty-kusto.yaml: |- + apiVersion: kustomize.config.k8s.io/v1beta1 + kind: Kustomization + resources: + images-kusto.yaml: |- + apiVersion: kustomize.config.k8s.io/v1beta1 + kind: Kustomization + resources: + - repo.yaml + - update.yaml + stage-kusto.yaml.tmpl: |- + apiVersion: kustomize.config.k8s.io/v1beta1 + kind: Kustomization + resources: + - ../../../projects/$${PROJECT_NAME} + - ingress.yaml + commonLabels: + app.kubernetes.io/instance: $${STAGE} + images: + - name: appli + newName: $${ARTIFACTORY_URL}/$${ORG_NAME}/$${PROJECT_NAME} + newTag: latest # {"$imagepolicy": "$${DOMAIN}-org-$${ORG_NAME}-$${STAGE}:$${PROJECT_NAME}-policy:tag"} + patches: + - target: + kind: ConfigMap + name: $${PROJECT_NAME}-config + path: config.yaml + - target: + kind: Certificate + name: $${PROJECT_NAME}-web + path: cert.yaml + stage-ingress.yaml.tmpl: |- + --- + apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + name: $${PROJECT_NAME}-web + labels: + app.kubernetes.io/component: $${PROJECT_NAME} + app.kubernetes.io/name: $${ORG_NAME} + component: $${PROJECT_NAME} + spec: + tls: + - hosts: + - $${PROJECT_NAME}.$${STAGE}.$${ORG_NAME}.$${DOMAIN_NAME} + secretName: cert + rules: + - host: $${PROJECT_NAME}.$${STAGE}.$${ORG_NAME}.$${DOMAIN_NAME} + http: + paths: + - backend: + service: + name: svc + port: + number: 80 + path: / + pathType: Prefix + stage-cert.yaml.tmpl: |- + apiVersion: cert-manager.io/v1 + kind: Certificate + metadata: + name: $${PROJECT_NAME}-web + spec: + secretName: $${PROJECT_NAME}-cert + dnsNames: + - $${PROJECT_NAME}.$${STAGE}.$${ORG_NAME}.$${DOMAIN_NAME} + stage-config.yaml.tmpl: |- + apiVersion: v1 + kind: ConfigMap + metadata: + name: $${PROJECT_NAME}-config + data: + ENV_VAR_NAME: env_var_value + yamllint.yaml: |- + --- + extends: default + rules: + document-start: + present: true + empty-lines: + max-end: 1 + indentation: + spaces: 2 + indent-sequences: false + line-length: disable + colons: + max-spaces-after: -1 + base-kusto.yaml: |- + --- + apiVersion: kustomize.config.k8s.io/v1beta1 + kind: Kustomization + + resources: + - cert.yaml + - deploy.yaml + - service.yaml + - config.yaml + - secret.yaml + base-update.yaml.tmpl: |- + --- + apiVersion: image.toolkit.fluxcd.io/v1beta1 + kind: ImageUpdateAutomation + metadata: + name: update + spec: + interval: 5m + sourceRef: + kind: GitRepository + name: deploy-git + git: + checkout: + ref: + branch: main + commit: + author: + email: fluxcd.automation@$${ARTIFACTORY_URL} + name: fluxcd + messageTemplate: | + Automated image update: {{ .AutomationObject }} + + Files: + {{ range $filename, $_ := .Updated.Files -}} + - {{ $filename }} + {{ end -}} + + Objects: + {{ range $resource, $_ := .Updated.Objects -}} + - {{ $resource.Kind }} {{ $resource.Name }} + {{ end -}} + + Images: + {{ range .Updated.Images -}} + - {{.}} + {{ end -}} + {{- $ChangeId := .AutomationObject -}} + {{- $ChangeId = printf "%s-%s" $ChangeId ( .Updated.Files | toString ) -}} + {{- $ChangeId = printf "%s-%s" $ChangeId ( .Updated.Objects | toString ) -}} + {{- $ChangeId = printf "%s-%s" $ChangeId ( .Updated.Images | toString ) }} + Change-Name: {{ $ChangeId }} + Change-Id: {{ printf "I%s" ( sha256sum $ChangeId | trunc 40 ) }} + push: + branch: main + update: + strategy: Setters + base-repo.yaml: |- + --- + apiVersion: image.toolkit.fluxcd.io/v1beta2 + kind: ImageRepository + metadata: + name: repo + spec: + interval: 5m + provider: generic + secretRef: + name: gitea-docker + certSecretRef: + name: ssh-credentials-flux + base-cert.yaml.tmpl: |- + --- + apiVersion: cert-manager.io/v1 + kind: Certificate + metadata: + name: web + spec: + issuerRef: + group: cert-manager.io + kind: ClusterIssuer + name: $${ISSUER_NAME} + base-deploy.yaml: |- + --- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: app + spec: + replicas: 1 + selector: + template: + spec: + securityContext: + runAsGroup: 1000 + runAsUser: 1000 + fsGroup: 1000 + containers: + - name: app + image: appli + imagePullPolicy: IfNotPresent + envFrom: + - configMapRef: + name: "config" + - secretRef: + name: "secret" + base-secret.yaml: |- + --- + apiVersion: v1 + kind: Secret + metadata: + name: "secret" + annotations: + gramo.solidite.fr/no-parent: "true" + labels: + k8up.io/backup: "true" + type: Opaque + base-config.yaml: |- + --- + apiVersion: v1 + kind: ConfigMap + metadata: + name: "config" + labels: + k8up.io/backup: "true" + data: + base-service.yaml: |- + --- + apiVersion: v1 + kind: Service + metadata: + name: svc + spec: + ports: + - name: app + port: 80 + protocol: TCP + targetPort: app + type: ClusterIP + install-install.yaml: |- + --- + apiVersion: kustomize.toolkit.fluxcd.io/v1 + kind: Kustomization + metadata: + name: install + spec: + interval: 5m + sourceRef: + kind: GitRepository + name: deploy-git + prune: true + timeout: 1m + install-kusto.yaml: |- + --- + apiVersion: kustomize.config.k8s.io/v1beta1 + kind: Kustomization + + resources: + - install.yaml + deploy-repo.yaml.tmpl: |- + --- + apiVersion: source.toolkit.fluxcd.io/v1 + kind: GitRepository + metadata: + name: git + spec: + interval: 5m0s + url: $${DEPLOY_URL} + ref: + branch: main + secretRef: + name: ssh-credentials + deploy-kusto.yaml: |- + --- + apiVersion: kustomize.config.k8s.io/v1beta1 + kind: Kustomization + namePrefix: deploy- + resources: + - repo.yaml + - ../install + project-kusto.yaml.tmpl: |- + --- + apiVersion: kustomize.config.k8s.io/v1beta1 + kind: Kustomization + + namePrefix: $${PROJECT_NAME}- + commonLabels: + app.kubernetes.io/name: $${ORG_NAME} + app.kubernetes.io/component: $${PROJECT_NAME} + component: $${PROJECT_NAME} + + resources: + - ../../bases/project + + patches: + - target: + kind: Deployment + name: app + patch: |- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: app + annotations: + configmap.reloader.stakater.com/reload: "$${PROJECT_NAME}-config" + secret.reloader.stakater.com/reload: "$${PROJECT_NAME}-secret" + spec: + selector: + template: + spec: + securityContext: + runAsGroup: 1000 + runAsUser: 1000 + fsGroup: 1000 + containers: + - name: app + ports: + - name: app + containerPort: 8080 + protocol: TCP +EOF +} + diff --git a/share/gitea-tekton-org/auto_Pipeline.tf b/share/gitea-tekton-org/auto_Pipeline.tf new file mode 100644 index 0000000..0423080 --- /dev/null +++ b/share/gitea-tekton-org/auto_Pipeline.tf @@ -0,0 +1,461 @@ +locals { + finally = concat([yamldecode(<<-END + name: cleanup + taskRef: + name: auto-ci-cleanup + workspaces: + - name: source +END + )], var.conditions.have_gitea?yamldecode(<<-END +- name: inform-gitea-success + when: + - cel: '''$(tasks.status)'' in [''Succeeded'',''Completed'']' + params: + - name: REPO_FULL_NAME + value: $(params.project-path) + - name: SHA + value: $(params.git-revision) + - name: TARGET_URL + value: $(params.gramo-url)/workflow/tekton/PipelineRun/$(context.pipelineRun.namespace)/view/$(context.pipelineRun.name) + - name: DESCRIPTION + value: auto-ci-push + - name: STATE + value: success + taskRef: + name: gitea-set-status +- name: inform-gitea-warning + when: + - cel: '''$(tasks.status)'' == ''None''' + params: + - name: REPO_FULL_NAME + value: $(params.project-path) + - name: SHA + value: $(params.git-revision) + - name: TARGET_URL + value: $(params.gramo-url)/workflow/tekton/PipelineRun/$(context.pipelineRun.namespace)/view/$(context.pipelineRun.name) + - name: DESCRIPTION + value: auto-ci-push + - name: STATE + value: warning + taskRef: + name: gitea-set-status +- name: inform-gitea-error + when: + - cel: '''$(tasks.status)'' == ''Failed''' + params: + - name: REPO_FULL_NAME + value: $(params.project-path) + - name: SHA + value: $(params.git-revision) + - name: TARGET_URL + value: $(params.gramo-url)/workflow/tekton/PipelineRun/$(context.pipelineRun.namespace)/view/$(context.pipelineRun.name) + - name: DESCRIPTION + value: auto-ci-push + - name: STATE + value: error + taskRef: + name: gitea-set-status +END + ):[]) + cfg = { + tag = yamldecode(<<-END + onError: stopAndFail +END + ) + push = yamldecode(<<-END + onError: continue +END + ) + } + tasks = { + gitea_start = yamldecode(<<-END + name: inform-gitea-start + onError: continue + params: + - name: REPO_FULL_NAME + value: $(params.project-path) + - name: SHA + value: $(params.git-revision) + - name: TARGET_URL + value: $(params.gramo-url)/workflow/tekton/PipelineRun/$(context.pipelineRun.namespace)/view/$(context.pipelineRun.name) + - name: DESCRIPTION + value: auto-ci-push + - name: STATE + value: pending + taskRef: + name: gitea-set-status +END + ) + git_clone = yamldecode(<<-END + name: git-clone + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.git-revision) + - name: branch + value: $(params.branch-name) + - name: depth + value: 0 + taskRef: + name: git-clone + workspaces: + - name: output + workspace: source + - name: ssh-directory + workspace: ssh +END + ) + build_id = yamldecode(<<-END + name: generate-build-id + runAfter: + - git-clone + params: + - name: branch + value: $(params.branch-name) + taskRef: + name: generate-build-id + workspaces: + - name: source +END + ) + detect_push = yamldecode(<<-END + name: detect-stages + runAfter: + - generate-build-id + params: + - name: pipeline-type + value: push + - name: artifactory-url + value: $(params.artifactory-url) + - name: project-name + value: $(params.project-name) + - name: project-path + value: $(params.project-path) + - name: image-version + value: $(tasks.generate-build-id.results.build-id) + taskRef: + name: auto-ci-detector + workspaces: + - name: source +END + ) + detect_tag = yamldecode(<<-END + name: detect-stages + runAfter: + - git-clone + params: + - name: pipeline-type + value: tag + - name: artifactory-url + value: $(params.artifactory-url) + - name: project-name + value: $(params.project-name) + - name: project-path + value: $(params.project-path) + - name: image-version + value: $(params.tag-name) + taskRef: + name: auto-ci-detector + workspaces: + - name: source +END + ) + lint_shell = yamldecode(<<-END + name: lint-shell + runAfter: + - detect-stages + when: + - input: lint-shell + operator: in + values: + - $(tasks.detect-stages.results.stages-lint[*]) + params: + - name: args + value: $(tasks.detect-stages.results.shellcheck-args) + taskRef: + name: shellcheck + workspaces: + - name: shared-workspace + workspace: source +END + ) + lint_docker = yamldecode(<<-END + name: lint-docker + runAfter: + - detect-stages + when: + - input: lint-docker + operator: in + values: + - $(tasks.detect-stages.results.stages-lint[*]) + taskRef: + name: hadolint + matrix: + params: + - name: dockerfile-path + value: $(tasks.detect-stages.results.file-docker) + workspaces: + - name: source +END + ) + lint_yaml = yamldecode(<<-END + name: lint-yaml + runAfter: + - detect-stages + when: + - input: lint-yaml + operator: in + values: + - $(tasks.detect-stages.results.stages-lint[*]) + params: + - name: args + value: + - . + taskRef: + name: yaml-lint + workspaces: + - name: shared-workspace + workspace: source +END + ) + lint_black = yamldecode(<<-END + name: lint-black + runAfter: + - detect-stages + when: + - input: lint-black + operator: in + values: + - $(tasks.detect-stages.results.stages-lint[*]) + params: + - name: args + value: $(tasks.detect-stages.results.black-args) + taskRef: + name: black + workspaces: + - name: shared-workspace + workspace: source +END + ) + lint_python = yamldecode(<<-END + name: lint-python + runAfter: + - detect-stages + when: + - input: lint-python + operator: in + values: + - $(tasks.detect-stages.results.stages-lint[*]) + params: + - name: args + value: $(tasks.detect-stages.results.pylint-args) + taskRef: + name: pylint + workspaces: + - name: source + workspace: source +END + ) + lint_make = yamldecode(<<-END + name: lint-make + runAfter: + - detect-stages + when: + - input: lint-make + operator: in + values: + - $(tasks.detect-stages.results.stages-lint[*]) + params: + - name: args + value: $(tasks.detect-stages.results.checkmake-args) + taskRef: + name: check-make + workspaces: + - name: shared-workspace + workspace: source +END + ) + lint_md = yamldecode(<<-END + name: lint-md + runAfter: + - detect-stages + when: + - input: lint-md + operator: in + values: + - $(tasks.detect-stages.results.stages-lint[*]) + params: + - name: args + value: $(tasks.detect-stages.results.mdl-args) + taskRef: + name: markdown-lint + workspaces: + - name: shared-workspace + workspace: source +END + ) + lint_kube = yamldecode(<<-END + name: lint-kube + runAfter: + - detect-stages + when: + - input: lint-kube + operator: in + values: + - $(tasks.detect-stages.results.stages-lint[*]) + params: + - name: args + value: $(tasks.detect-stages.results.kubelinter-args) + - name: manifest + value: k8 + - name: default_option + value: do-not-auto-add-defaults + - name: includelist + value: no-extensions-v1beta,default-service-account,no-readiness-probe + taskRef: + name: kube-linter + workspaces: + - name: source +END + ) + publish_docker = yamldecode(<<-END + name: publish-docker + runAfter: + - lint-md + - lint-kube + - lint-make + - lint-shell + - lint-docker + - lint-yaml + - lint-black + - lint-python + when: + - input: publish-docker + operator: in + values: + - $(tasks.detect-stages.results.stages-publish[*]) + - input: $(params.branch-name) + operator: in + values: + - $(params.git-default-branch) + taskRef: + name: buildah + matrix: + params: + - name: DOCKERFILE + value: $(tasks.detect-stages.results.file-docker) + - name: IMAGE + value: $(tasks.detect-stages.results.images-name) + workspaces: + - name: source + - name: sslcertdir + - name: dockerconfig +END + ) + } + push_tasks = concat( + var.conditions.have_gitea?[local.tasks.gitea_start]:[], + [local.tasks.git_clone,local.tasks.build_id,local.tasks.detect_push], + [merge(local.tasks.lint_black,local.cfg.push), merge(local.tasks.lint_python,local.cfg.push)], + [ + merge(local.tasks.lint_shell,local.cfg.push), merge(local.tasks.lint_docker,local.cfg.push), merge(local.tasks.lint_yaml,local.cfg.push), + merge(local.tasks.lint_make,local.cfg.push), merge(local.tasks.lint_md,local.cfg.push), merge(local.tasks.lint_kube,local.cfg.push), + ], + [local.tasks.publish_docker] + ) + tag_tasks = concat( + var.conditions.have_gitea?[local.tasks.gitea_start]:[], + [local.tasks.gitea_start,local.tasks.git_clone,local.tasks.detect_tag], + [merge(local.tasks.lint_black,local.cfg.tag), merge(local.tasks.lint_python,local.cfg.tag)], + [ + merge(local.tasks.lint_shell,local.cfg.tag), merge(local.tasks.lint_docker,local.cfg.tag), merge(local.tasks.lint_yaml,local.cfg.tag), + merge(local.tasks.lint_make,local.cfg.tag), merge(local.tasks.lint_md,local.cfg.tag), merge(local.tasks.lint_kube,local.cfg.tag), + ], + [local.tasks.publish_docker] + ) +} + +resource "kubectl_manifest" "Pipeline_auto-ci-push" { + yaml_body = <<-EOF + apiVersion: tekton.dev/v1 + kind: Pipeline + metadata: + name: auto-ci-push + namespace: ${var.namespace} + ownerReferences: ${jsonencode(var.install_owner)} + labels: ${jsonencode(local.common_labels)} + spec: + workspaces: + - name: source + - name: dockerconfig + - name: ssh + - name: sslcertdir + params: + - name: artifactory-url + default: docker.io + description: The url of the current artifactory + type: string + - name: gramo-url + default: https://gramo.${var.domain_name} + type: string + - name: project-name + description: The name of the current project + type: string + - name: project-path + description: The path of the current project + type: string + - name: git-default-branch + description: The git revision + default: main + - name: git-url + type: string + - name: git-revision + type: string + - name: branch-name + type: string + finally: ${jsonencode(local.finally)} + tasks: ${jsonencode(local.push_tasks)} +EOF +} + +resource "kubectl_manifest" "Pipeline_auto-ci-tag" { + yaml_body = <<-EOF + apiVersion: tekton.dev/v1 + kind: Pipeline + metadata: + name: auto-ci-tag + namespace: ${var.namespace} + ownerReferences: ${jsonencode(var.install_owner)} + labels: ${jsonencode(local.common_labels)} + spec: + workspaces: + - name: source + - name: dockerconfig + - name: ssh + - name: sslcertdir + params: + - name: artifactory-url + default: docker.io + description: The url of the current artifactory + type: string + - name: gramo-url + default: https://gramo.${var.domain_name} + type: string + - name: project-name + description: The name of the current project + type: string + - name: project-path + description: The path of the current project + type: string + - name: git-url + type: string + - name: git-revision + type: string + - name: tag-name + type: string + finally: ${jsonencode(local.finally)} + tasks: ${jsonencode(local.tag_tasks)} +EOF +} + diff --git a/share/gitea-tekton-org/auto_Task.tf b/share/gitea-tekton-org/auto_Task.tf new file mode 100644 index 0000000..7a4de9c --- /dev/null +++ b/share/gitea-tekton-org/auto_Task.tf @@ -0,0 +1,310 @@ +resource "kubectl_manifest" "Task_auto-cd-activate" { + yaml_body = <<-EOF + apiVersion: tekton.dev/v1 + kind: Task + metadata: + name: auto-cd-activate + namespace: ${var.namespace} + ownerReferences: ${jsonencode(var.install_owner)} + labels: ${jsonencode(local.common_labels)} + spec: + params: + - name: toolbox-image + default: sebt3/basic-toolbox-image:1.29.4 + description: The name of the toolbox image + type: string + - name: issuer-name + default: ${var.issuer} + type: string + - name: domain-name + type: string + default: ${var.domain_name} + - name: domain + type: string + default: ${var.domain} + - name: stages + type: array + default: ${jsonencode(var.stages)} + - name: artifactory-url + description: The url of the current artifactory + - name: project-name + description: The git repository name + - name: project-path + description: The path of the current project + - name: git-repository-url + description: The git repository url + - name: deploy-url + description: The git repository url for the deploy project + steps: + - name: activate + image: $(params.toolbox-image) + workingDir: $(workspaces.source.path) + args: + - $(params.stages) + env: + - name: ARTIFACTORY_URL + value: $(params.artifactory-url) + - name: DOMAIN + value: $(params.domain) + - name: DOMAIN_NAME + value: $(params.domain-name) + - name: ISSUER_NAME + value: $(params.issuer-name) + - name: PROJECT_NAME + value: $(params.project-name) + - name: PROJECT_PATH + value: $(params.project-path) + - name: GIT_REPOSITORY_URL + value: $(params.git-repository-url) + - name: DEPLOY_URL + value: $(params.deploy-url) + - name: TEMPLATE_ROOT + value: /etc/templates + - name: WORKSPACE_SSH_DIRECTORY_PATH + value: $(workspaces.ssh-directory.path) + - name: NAMESPACE + value: $(context.taskRun.namespace) + script: |- + #!/usr/bin/env bash + . $${TEMPLATE_ROOT}/functions.sh + cleanup + git_prepare "$(params.deploy-url)" "Auto CD" "autocd@$(params.domain-name)" + install_base + create_prj "$@" + activate_prj "$@" + git_push "Activating $(params.project-name)" + cleanup + volumeMounts: + - mountPath: /etc/templates + name: templates + volumes: + - name: templates + configMap: + name: auto-cd-templates + workspaces: + - name: source + mountPath: /data + - description: | + A .ssh directory with private key, known_hosts, config, etc. Copied to + the user's home before git commands are executed. Used to authenticate + with the git remote when performing the clone. Binding a Secret to this + Workspace is strongly recommended over other volume types. + name: ssh-directory +EOF +} + +resource "kubectl_manifest" "Task_auto-cd-create" { + yaml_body = <<-EOF + apiVersion: tekton.dev/v1 + kind: Task + metadata: + name: auto-cd-create + namespace: ${var.namespace} + ownerReferences: ${jsonencode(var.install_owner)} + labels: ${jsonencode(local.common_labels)} + spec: + params: + - name: toolbox-image + default: sebt3/basic-toolbox-image:1.29.4 + description: The name of the toolbox image + type: string + - name: issuer-name + default: ${var.issuer} + type: string + - name: domain-name + type: string + default: ${var.domain_name} + - name: domain + type: string + default: ${var.domain} + - name: stages + type: array + default: ${jsonencode(var.stages)} + - name: artifactory-url + description: The url of the current artifactory + - name: project-name + description: The git repository name + - name: project-path + description: The path of the current project + - name: git-repository-url + description: The git repository url + - name: deploy-url + description: The git repository url for the deploy project + steps: + - name: create + image: $(params.toolbox-image) + workingDir: $(workspaces.source.path) + args: + - $(params.stages) + env: + - name: ARTIFACTORY_URL + value: $(params.artifactory-url) + - name: DOMAIN + value: $(params.domain) + - name: DOMAIN_NAME + value: $(params.domain-name) + - name: ISSUER_NAME + value: $(params.issuer-name) + - name: PROJECT_NAME + value: $(params.project-name) + - name: PROJECT_PATH + value: $(params.project-path) + - name: GIT_REPOSITORY_URL + value: $(params.git-repository-url) + - name: DEPLOY_URL + value: $(params.deploy-url) + - name: TEMPLATE_ROOT + value: /etc/templates + - name: WORKSPACE_SSH_DIRECTORY_PATH + value: $(workspaces.ssh-directory.path) + - name: NAMESPACE + value: $(context.taskRun.namespace) + script: |- + #!/usr/bin/env bash + . $${TEMPLATE_ROOT}/functions.sh + cleanup + git_prepare "$(params.deploy-url)" "Auto CD" "autocd@$(params.domain-name)" + install_base + create_prj "$@" + git_push "Adding $(params.project-name)" + cleanup + volumeMounts: + - mountPath: /etc/templates + name: templates + volumes: + - name: templates + configMap: + name: auto-cd-templates + workspaces: + - name: source + mountPath: /data + - description: | + A .ssh directory with private key, known_hosts, config, etc. Copied to + the user's home before git commands are executed. Used to authenticate + with the git remote when performing the clone. Binding a Secret to this + Workspace is strongly recommended over other volume types. + name: ssh-directory +EOF +} + +resource "kubectl_manifest" "Task_auto-cd-delete" { + yaml_body = <<-EOF + apiVersion: tekton.dev/v1 + kind: Task + metadata: + name: auto-cd-delete + namespace: ${var.namespace} + ownerReferences: ${jsonencode(var.install_owner)} + labels: ${jsonencode(local.common_labels)} + spec: + params: + - name: toolbox-image + default: sebt3/basic-toolbox-image:1.29.4 + description: The name of the toolbox image + type: string + - name: issuer-name + default: ${var.issuer} + type: string + - name: domain-name + type: string + default: ${var.domain_name} + - name: domain + type: string + default: ${var.domain} + - name: stages + type: array + default: ${jsonencode(var.stages)} + - name: artifactory-url + description: The url of the current artifactory + - name: project-name + description: The git repository name + - name: project-path + description: The path of the current project + - name: git-repository-url + description: The git repository url + - name: deploy-url + description: The git repository url for the deploy project + steps: + - name: delete + image: $(params.toolbox-image) + workingDir: $(workspaces.source.path) + args: + - $(params.stages) + env: + - name: ARTIFACTORY_URL + value: $(params.artifactory-url) + - name: DOMAIN + value: $(params.domain) + - name: DOMAIN_NAME + value: $(params.domain-name) + - name: ISSUER_NAME + value: $(params.issuer-name) + - name: PROJECT_NAME + value: $(params.project-name) + - name: PROJECT_PATH + value: $(params.project-path) + - name: GIT_REPOSITORY_URL + value: $(params.git-repository-url) + - name: DEPLOY_URL + value: $(params.deploy-url) + - name: TEMPLATE_ROOT + value: /etc/templates + - name: WORKSPACE_SSH_DIRECTORY_PATH + value: $(workspaces.ssh-directory.path) + - name: NAMESPACE + value: $(context.taskRun.namespace) + script: |- + #!/usr/bin/env bash + . $${TEMPLATE_ROOT}/functions.sh + cleanup + git_prepare "$(params.deploy-url)" "Auto CD" "autocd@$(params.domain-name)" + delete_prj "$@" + git_push "Removing $(params.project-name)" + cleanup + volumeMounts: + - mountPath: /etc/templates + name: templates + volumes: + - name: templates + configMap: + name: auto-cd-templates + workspaces: + - name: source + mountPath: /data + - description: | + A .ssh directory with private key, known_hosts, config, etc. Copied to + the user's home before git commands are executed. Used to authenticate + with the git remote when performing the clone. Binding a Secret to this + Workspace is strongly recommended over other volume types. + name: ssh-directory +EOF +} + +resource "kubectl_manifest" "Task_auto-ci-cleanup" { + yaml_body = <<-EOF + apiVersion: tekton.dev/v1 + kind: Task + metadata: + name: auto-ci-cleanup + namespace: ${var.namespace} + ownerReferences: ${jsonencode(var.install_owner)} + labels: ${jsonencode(local.common_labels)} + spec: + params: + - name: toolbox-image + default: sebt3/basic-toolbox-image:1.29.4 + description: The name of the toolbox image + type: string + steps: + - name: cleanup + image: $(params.toolbox-image) + workingDir: $(workspaces.source.path) + script: |- + #!/usr/bin/env bash + rm -rf .* * || true + workspaces: + - name: source + mountPath: /data +EOF +} + diff --git a/share/gitea-tekton-org/auto-cd.tf b/share/gitea-tekton-org/auto_Trigger.tf similarity index 100% rename from share/gitea-tekton-org/auto-cd.tf rename to share/gitea-tekton-org/auto_Trigger.tf diff --git a/share/gitea-tekton-org/auto-ci-detector.py b/share/gitea-tekton-org/auto_ci_detector.py similarity index 57% rename from share/gitea-tekton-org/auto-ci-detector.py rename to share/gitea-tekton-org/auto_ci_detector.py index 4948dfc..260d20a 100644 --- a/share/gitea-tekton-org/auto-ci-detector.py +++ b/share/gitea-tekton-org/auto_ci_detector.py @@ -1,26 +1,27 @@ #!/usr/bin/env python3 +"""This script manage files detection for launch linter""" + import os import re import json -import yaml import collections.abc -import argparse +import yaml -root = "." -ci_root = ".tekton" +ROOT = "." +CI_ROOT = ".tekton" def save_json(filename, data): """Save a Json file.""" print("saving to", filename, json.dumps(data)) - with open(filename, "w") as file: + with open(filename, "w", encoding="utf-8") as file: file.write(json.dumps(data)) def load_json(filename): """Load a json file.""" data = {} - with open(filename, "r") as file: + with open(filename, "r", encoding="utf-8") as file: data = json.loads(file.read()) return data @@ -28,7 +29,7 @@ def load_json(filename): def load_yaml(filename): """Load a file.""" docs = [] - with open(filename, "r") as file: + with open(filename, "r", encoding="utf-8") as file: try: data = yaml.safe_load_all(file) for doc in data: @@ -40,7 +41,7 @@ def load_yaml(filename): return docs -def load_config(root_dir, ci_root_dir): +def load_config(ci_root_dir): """Load the configuration from the configuration directory.""" ret = { "files": [], @@ -77,20 +78,22 @@ def load_config(root_dir, ci_root_dir): } if not os.path.isdir(ci_root_dir): return ret - files = [ + filtered_files = [ f for f in os.listdir(ci_root_dir) if os.path.isfile(os.path.join(ci_root_dir, f)) and re.match(".yaml$", f) ] - if "auto-ci.yaml" in files: + if "auto-ci.yaml" in filtered_files: for doc in load_yaml(os.path.join(ci_root_dir, "auto-ci.yaml")): ret = {**ret, **doc} - ret["files"] = files + ret["files"] = filtered_files return ret def detect_files(config, root_dir): - """Detect files based on their extention.""" + """ + Detect files based on their extention + """ ret = {} supported_extentions = [] supported_filename = [] @@ -98,9 +101,9 @@ def detect_files(config, root_dir): if "extentions" in config[lang]: supported_extentions.extend(config[lang]["extentions"]) if "files" in config[lang]: - print("adding files",config[lang]) + print("adding files", config[lang]) supported_filename.extend(config[lang]["files"]) - for directory, subdir_list, file_list in os.walk(root_dir): + for directory, _, file_list in os.walk(root_dir): for filename in file_list: if filename in supported_filename: if not filename in ret: @@ -117,42 +120,51 @@ def detect_files(config, root_dir): def get_images_name(dockerfiles, root_dir): """Generate the images names for the detected Dockerfile.""" ret = [] - for f in dockerfiles: - dir = os.path.dirname(f) - if dir == root_dir: + for file in dockerfiles: + directory = os.path.dirname(file) + if directory == root_dir: ret.append( "$(params.artifactory-url)/$(params.project-path):$(params.image-version)" ) else: ret.append( - "$(params.artifactory-url)/$(params.project-path)-{comp}:$(params.image-version)".format( - comp=os.path.basename(dir) + ( + "$(params.artifactory-url)/$(params.project-path)" + f"-{os.path.basename(directory)}:$(params.image-version)" ) ) - return ret -def append_key(to, key, val): - """Append a value in {to}[{key}], create the array if not existing.""" - if not key in to: - to[key] = [] - to[key].append(val) +def append_key(obj, key, val): + """ + Append a value in {obj}[{key}], create the array if not existing. + """ + if not key in obj: + obj[key] = [] + obj[key].append(val) -def append_stage(to, key, val, files): - """Append a value in {to}[{key}], create the array if not existing. if the key-file is found in the files add a custom suffix""" - if not key in to: - to[key] = [] +# def append_stage(to, key, val, files): +def append_stage(obj, key, val): + """ + Append a value in {obj}[{key}], create the array if not existing. + If the key-file is found in the files add a custom suffix + """ + if not key in obj: + obj[key] = [] # Not possible right now # if "{basename}.yaml".format(basename=val) in files: - # to[key].append("{stage}-custom".format(stage=val)) + # obj[key].append("{stage}-custom".format(stage=val)) # else: - to[key].append(val) + obj[key].append(val) -def set_js_stages(stages, config, files, root_dir): - """Add the stages for javascript code.""" +# def set_js_stages(stages, config, files, root_dir): +def set_js_stages(stages, files, root_dir): + """ + Add the stages for javascript code. + """ if ( "package.json" in files and os.path.join(root_dir, "package.json") in files["package.json"] @@ -161,23 +173,28 @@ def set_js_stages(stages, config, files, root_dir): "yarn.lock" in files and os.path.join(root_dir, "yarn.lock") in files["yarn.lock"] ): - append_stage(stages, "prepare", "prepare-yarn", config["files"]) + # append_stage(stages, "prepare", "prepare-yarn", config["files"]) + append_stage(stages, "prepare", "prepare-yarn") else: - append_stage(stages, "prepare", "prepare-npm", config["files"]) + # append_stage(stages, "prepare", "prepare-npm", config["files"]) + append_stage(stages, "prepare", "prepare-npm") if ( "schema.prisma" in files and os.path.join(root_dir, "prisma", "schema.prisma") in files["schema.prisma"] ): - append_stage(stages, "prepare", "prepare-prisma", config["files"]) + # append_stage(stages, "prepare", "prepare-prisma", config["files"]) + append_stage(stages, "prepare", "prepare-prisma") defs = load_json(os.path.join(root_dir, "package.json")) if "scripts" in defs and "lint" in defs["scripts"]: - append_stage(stages, "lint", "lint-javascript", config["files"]) + # append_stage(stages, "lint", "lint-javascript", config["files"]) + append_stage(stages, "lint", "lint-javascript") if "scripts" in defs and "test" in defs["scripts"]: - append_stage(stages, "test", "test-javascript", config["files"]) + # append_stage(stages, "test", "test-javascript", config["files"]) + append_stage(stages, "test", "test-javascript") -def set_yaml_stages(stages, config, files, root_dir): +def set_yaml_stages(stages, config, files): """Add the stages for yaml files.""" yamls = [] if "yaml" in files: @@ -197,11 +214,11 @@ def set_yaml_stages(stages, config, files, root_dir): should_detect = ( "detect" not in config["yaml"] or config["yaml"]["detect"] ) and not (have_k8s and have_ansible) - if should_detect: + if should_detect: # pylint: disable=too-many-nested-blocks for file in yamls: objs = load_yaml(file) for obj in objs: - if obj == None: + if obj is None: continue if isinstance(obj, collections.abc.Sequence): for item in obj: @@ -214,15 +231,20 @@ def set_yaml_stages(stages, config, files, root_dir): have_ansible = True elif "apiVersion" in obj: have_k8s = True - append_stage(stages, "lint", "lint-yaml", config["files"]) + # append_stage(stages, "lint", "lint-yaml", config["files"]) + append_stage(stages, "lint", "lint-yaml") if have_k8s: - append_stage(stages, "lint", "lint-kube", config["files"]) + # append_stage(stages, "lint", "lint-kube", config["files"]) + append_stage(stages, "lint", "lint-kube") if have_ansible: - append_stage(stages, "lint", "lint-ansible", config["files"]) + # append_stage(stages, "lint", "lint-ansible", config["files"]) + append_stage(stages, "lint", "lint-ansible") -def get_results(config, files, root_dir): - """Generate the stages based on the configuration and detected files.""" +def get_results(config, files, root_dir): # pylint: disable=too-many-branches + """ + Generate the stages based on the configuration and detected files. + """ stages = { "global": [], "prepare": [], @@ -264,32 +286,43 @@ def get_results(config, files, root_dir): return stages, args if "Dockerfile" in files: - append_stage(stages, "lint", "lint-docker", config["files"]) - append_stage(stages, "publish", "publish-docker", config["files"]) + # append_stage(stages, "lint", "lint-docker", config["files"]) + # append_stage(stages, "publish", "publish-docker", config["files"]) + append_stage(stages, "lint", "lint-docker") + append_stage(stages, "publish", "publish-docker") if "yaml" in files or "yml" in files: - set_yaml_stages(stages, config, files, root_dir) + set_yaml_stages(stages, config, files) if "sh" in files: - append_stage(stages, "lint", "lint-shell", config["files"]) + # append_stage(stages, "lint", "lint-shell", config["files"]) + append_stage(stages, "lint", "lint-shell") args["shellcheck-args"].extend(files["sh"]) if "sh" in files: - append_stage(stages, "lint", "lint-shell", config["files"]) + # append_stage(stages, "lint", "lint-shell", config["files"]) + append_stage(stages, "lint", "lint-shell") args["shellcheck-args"].extend(files["sh"]) if "Makefile" in files: - append_stage(stages, "lint", "lint-make", config["files"]) + # append_stage(stages, "lint", "lint-make", config["files"]) + append_stage(stages, "lint", "lint-make") args["checkmake-args"].extend(files["Makefile"]) if "md" in files: - append_stage(stages, "lint", "lint-md", config["files"]) + # append_stage(stages, "lint", "lint-md", config["files"]) + append_stage(stages, "lint", "lint-md") if "rs" in files: - append_stage(stages, "lint", "lint-clippy", config["files"]) + # append_stage(stages, "lint", "lint-clippy", config["files"]) + append_stage(stages, "lint", "lint-clippy") if "py" in files: - append_stage(stages, "lint", "lint-python", config["files"]) + # append_stage(stages, "lint", "lint-python", config["files"]) + append_stage(stages, "lint", "lint-python") args["pylint-args"].extend(files["py"]) - append_stage(stages, "lint", "lint-black", config["files"]) + # append_stage(stages, "lint", "lint-black", config["files"]) + append_stage(stages, "lint", "lint-black") args["black-args"].extend(files["py"]) - if len([t for t in files["py"] if re.match("/test_", t) != None]) > 0: - append_stage(stages, "test", "test-python", config["files"]) + if len([t for t in files["py"] if re.match(r"/test_", t) is not None]) > 0: + # append_stage(stages, "test", "test-python", config["files"]) + append_stage(stages, "test", "test-python") if "ts" in files or "js" in files: - set_js_stages(stages, config, files, root_dir) + # set_js_stages(stages, config, files, root_dir) + set_js_stages(stages, files, root_dir) for stage in ["prepare", "lint", "build", "test", "publish"]: if "{stage}-custom.yaml" in config["files"]: stages[stage].append("{stage}-custom") @@ -299,25 +332,32 @@ def get_results(config, files, root_dir): return stages, args -config = load_config(root, ci_root) -files = detect_files(config, root) -stages, args = get_results(config, files, root) -save_json("$(results.stages-global.path)", stages["global"]) -save_json("$(results.stages-prepare.path)", stages["prepare"]) -save_json("$(results.stages-lint.path)", stages["lint"]) -save_json("$(results.stages-build.path)", stages["build"]) -save_json("$(results.stages-test.path)", stages["test"]) -save_json("$(results.stages-publish.path)", stages["publish"]) -save_json( - "$(results.file-docker.path)", files["Dockerfile"] if "Dockerfile" in files else [] -) -save_json( - "$(results.images-name.path)", - get_images_name(files["Dockerfile"] if "Dockerfile" in files else [], root), -) -save_json("$(results.shellcheck-args.path)", args["shellcheck-args"]) -save_json("$(results.checkmake-args.path)", args["checkmake-args"]) -save_json("$(results.black-args.path)", args["black-args"]) -save_json("$(results.pylint-args.path)", args["pylint-args"]) -save_json("$(results.kubelinter-args.path)", args["kubelinter-args"]) -save_json("$(results.mdl-args.path)", args["mdl-args"]) +def main(): + """Main function""" + config = load_config(CI_ROOT) + files = detect_files(config, ROOT) + stages, args = get_results(config, files, ROOT) + save_json("$(results.stages-global.path)", stages["global"]) + save_json("$(results.stages-prepare.path)", stages["prepare"]) + save_json("$(results.stages-lint.path)", stages["lint"]) + save_json("$(results.stages-build.path)", stages["build"]) + save_json("$(results.stages-test.path)", stages["test"]) + save_json("$(results.stages-publish.path)", stages["publish"]) + save_json( + "$(results.file-docker.path)", + files["Dockerfile"] if "Dockerfile" in files else [], + ) + save_json( + "$(results.images-name.path)", + get_images_name(files["Dockerfile"] if "Dockerfile" in files else [], ROOT), + ) + save_json("$(results.shellcheck-args.path)", args["shellcheck-args"]) + save_json("$(results.checkmake-args.path)", args["checkmake-args"]) + save_json("$(results.black-args.path)", args["black-args"]) + save_json("$(results.pylint-args.path)", args["pylint-args"]) + save_json("$(results.kubelinter-args.path)", args["kubelinter-args"]) + save_json("$(results.mdl-args.path)", args["mdl-args"]) + + +if __name__ == "__main__": + main() diff --git a/share/gitea-tekton-org/common.tf b/share/gitea-tekton-org/common.tf new file mode 100644 index 0000000..f300076 --- /dev/null +++ b/share/gitea-tekton-org/common.tf @@ -0,0 +1,11 @@ +locals { + common_labels = { + "vynil.solidite.fr/owner-name" = var.instance + "vynil.solidite.fr/owner-namespace" = var.namespace + "vynil.solidite.fr/owner-category" = var.category + "vynil.solidite.fr/owner-component" = var.component + "app.kubernetes.io/managed-by" = "vynil" + "app.kubernetes.io/name" = var.component + "app.kubernetes.io/instance" = var.instance + } +} diff --git a/share/gitea-tekton-org/datas.tf b/share/gitea-tekton-org/datas.tf deleted file mode 100644 index 644bb98..0000000 --- a/share/gitea-tekton-org/datas.tf +++ /dev/null @@ -1,113 +0,0 @@ -locals { - common_labels = { - "vynil.solidite.fr/owner-name" = var.instance - "vynil.solidite.fr/owner-namespace" = var.namespace - "vynil.solidite.fr/owner-category" = var.category - "vynil.solidite.fr/owner-component" = var.component - "app.kubernetes.io/managed-by" = "vynil" - "app.kubernetes.io/name" = var.component - "app.kubernetes.io/instance" = var.instance - } -} - -data "kustomization_overlay" "data" { - namespace = var.namespace - common_labels = local.common_labels - resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"] - patches { - target { - kind = "Task" - name = "gitea-set-status" - } - patch = <<-EOF - - op: add - path: /spec/params/0/default - value: gitea-http.${var.domain}-ci.svc:3000 - - op: replace - path: /spec/params/1/default - value: http - EOF - } - patches { - target { - kind = "Task" - name = "auto-cd-create" - } - patch = <<-EOF - - op: replace - path: /spec/params/1/default - value: ${var.issuer} - - op: add - path: /spec/params/2/default - value: ${var.domain_name} - - op: add - path: /spec/params/3/default - value: ${var.domain} - - op: add - path: /spec/params/4/default - value: ${jsonencode(var.stages)} - EOF - } - patches { - target { - kind = "Task" - name = "auto-cd-activate" - } - patch = <<-EOF - - op: replace - path: /spec/params/1/default - value: ${var.issuer} - - op: add - path: /spec/params/2/default - value: ${var.domain_name} - - op: add - path: /spec/params/3/default - value: ${var.domain} - - op: add - path: /spec/params/4/default - value: ${jsonencode(var.stages)} - EOF - } - patches { - target { - kind = "Task" - name = "auto-cd-delete" - } - patch = <<-EOF - - op: replace - path: /spec/params/1/default - value: ${var.issuer} - - op: add - path: /spec/params/2/default - value: ${var.domain_name} - - op: add - path: /spec/params/3/default - value: ${var.domain} - - op: add - path: /spec/params/4/default - value: ${jsonencode(var.stages)} - EOF - } - patches { - target { - kind = "Pipeline" - name = "auto-ci-push" - } - patch = <<-EOF - - op: replace - path: /spec/params/1/default - value: https://gramo.${var.domain_name} - EOF - } - patches { - target { - kind = "Pipeline" - name = "auto-ci-tag" - } - patch = <<-EOF - - op: replace - path: /spec/params/1/default - value: https://gramo.${var.domain_name} - EOF - } -} diff --git a/share/gitea-tekton-org/functions.sh b/share/gitea-tekton-org/functions.sh new file mode 100644 index 0000000..3e353ce --- /dev/null +++ b/share/gitea-tekton-org/functions.sh @@ -0,0 +1,119 @@ +#!/bin/bash +added=0 +copy() { + local src=${TEMPLATE_ROOT}/$1 dest=$2 + if [ ! -f $dest ];then + cp "$src" "$dest" + git add "$dest" + added=$(($added+1)) + fi +} +template() { + local src=${TEMPLATE_ROOT}/$1 dest=$2 + if [ ! -f $dest ];then + envsubst '$ARTIFACTORY_URL,$DOMAIN,$DOMAIN_NAME,$ISSUER_NAME,$PROJECT_NAME,$PROJECT_PATH,$GIT_REPOSITORY_URL,$DEPLOY_URL,$STAGE,$ORG_NAME,$NAMESPACE' <"$src" >"$dest" + git add "$dest" + added=$(($added+1)) + fi +} +git_push() { + local message=$1 + if [ $added -ne 0 ];then + git commit -am "$message" + git push + fi +} +cleanup() { + rm -rf .* * || true +} +del_resources() { + local ress="$1" file="$2" + yq -i 'del(.resources[]|select(.=="'"$ress"'"))' "$file" + git add "$file" + added=$(($added+1)) +} +add_resources() { + local ress="$1" file="$2" + del_resources "$@" + yq -i '.resources += "'"$ress"'"' "$file" + git add "$file" + added=$(($added+1)) +} +git_prepare() { + local url="$1" username="$2" email="$3" + mkdir -p "${HOME}/.ssh" + cp "${WORKSPACE_SSH_DIRECTORY_PATH}"/* "${HOME}/.ssh" + chmod 700 "${HOME}/.ssh" + chmod 400 "${HOME}/.ssh"/* + git config --global user.name "$username" + git config --global user.email "$email" + git clone "$url" --branch main --depth 1 . +} +install_base() { + mkdir -p bases/project bases/install bases/deploy bases/images bases/trigger-push bases/trigger-tag ci + copy empty-kusto.yaml "ci/kustomization.yaml" + copy yamllint.yaml .yamllint.yaml + copy base-repo.yaml bases/images/repo.yaml + copy images-kusto.yaml bases/images/kustomization.yaml + copy base-deploy.yaml bases/project/deploy.yaml + copy base-secret.yaml bases/project/secret.yaml + copy base-config.yaml bases/project/config.yaml + copy base-service.yaml bases/project/service.yaml + copy base-kusto.yaml bases/project/kustomization.yaml + copy install-install.yaml bases/install/install.yaml + copy install-kusto.yaml bases/install/kustomization.yaml + copy deploy-kusto.yaml bases/deploy/kustomization.yaml + copy trigger-kusto.yaml bases/trigger-tag/kustomization.yaml + copy trigger-tag.yaml bases/trigger-tag/trigger.yaml + copy trigger-kusto.yaml bases/trigger-push/kustomization.yaml + copy trigger-push.yaml bases/trigger-push/trigger.yaml + template base-update.yaml.tmpl bases/images/update.yaml + template base-cert.yaml.tmpl bases/project/cert.yaml + template deploy-repo.yaml.tmpl bases/deploy/repo.yaml + if [ -f README.md ] && [ $(wc -l < README.md) -eq 2 ];then + rm README.md + fi + copy README.md README.md +} +create_prj() { + export ORG_NAME=$(echo ${PROJECT_PATH}|sed 's#/.*##') + mkdir -p "projects/${PROJECT_NAME}" "ci/${PROJECT_NAME}" + template ci-kusto.yaml.tmpl "ci/${PROJECT_NAME}/kustomization.yaml" + add_resources "${PROJECT_NAME}" "ci/kustomization.yaml" + template project-kusto.yaml.tmpl "projects/${PROJECT_NAME}/kustomization.yaml" + while [ $# -gt 0 ];do + export STAGE=$1 + mkdir -p "stages/${STAGE}/${PROJECT_NAME}" "stages/${STAGE}/deploy/${PROJECT_NAME}" + template deploy-project-kusto.yaml.tmpl "stages/${STAGE}/deploy/${PROJECT_NAME}/kustomization.yaml" + if [ "${STAGE}" == "prod" ] || [ "${STAGE}" == "production" ];then + template deploy-policy-tag.yaml.tmpl "stages/${STAGE}/deploy/${PROJECT_NAME}/policy.yaml" + else + template deploy-policy-default.yaml.tmpl "stages/${STAGE}/deploy/${PROJECT_NAME}/policy.yaml" + fi + copy empty-kusto.yaml "stages/${STAGE}/deploy/kustomization.yaml" + del_resources "../../../bases/deploy" "stages/${STAGE}/deploy/kustomization.yaml" + template stage-kusto.yaml.tmpl "stages/${STAGE}/${PROJECT_NAME}/kustomization.yaml" + template stage-ingress.yaml.tmpl "stages/${STAGE}/${PROJECT_NAME}/ingress.yaml" + template stage-cert.yaml.tmpl "stages/${STAGE}/${PROJECT_NAME}/cert.yaml" + template stage-config.yaml.tmpl "stages/${STAGE}/${PROJECT_NAME}/config.yaml" + shift + done +} +activate_prj() { + export ORG_NAME=$(echo ${PROJECT_PATH}|sed 's#/.*##') + while [ $# -gt 0 ];do + export STAGE=$1 + add_resources "${PROJECT_NAME}" "stages/${STAGE}/deploy/kustomization.yaml" + shift + done +} +delete_prj() { + rm -rf "projects/${PROJECT_NAME}" + while [ $# -gt 0 ];do + export STAGE=$1 + rm -rf "stages/${STAGE}/${PROJECT_NAME}" "stages/${STAGE}/deploy/${PROJECT_NAME}" + del_resources "${PROJECT_NAME}" "stages/${STAGE}/deploy/kustomization.yaml" + del_resources "${PROJECT_NAME}" "ci/kustomization.yaml" + shift + done +} diff --git a/share/gitea-tekton-org/git_Task.tf b/share/gitea-tekton-org/git_Task.tf new file mode 100644 index 0000000..7d71bc7 --- /dev/null +++ b/share/gitea-tekton-org/git_Task.tf @@ -0,0 +1,363 @@ +resource "kubectl_manifest" "Task_git-version" { + yaml_body = <<-EOF + apiVersion: tekton.dev/v1beta1 + kind: Task + metadata: + name: git-version + labels: ${jsonencode(local.common_labels)} + annotations: + tekton.dev/pipelines.minVersion: 0.12.0 + tekton.dev/displayName: git version + tekton.dev/categories: Git + tekton.dev/tags: git + tekton.dev/platforms: linux/amd64 + namespace: ${var.namespace} + ownerReferences: ${jsonencode(var.install_owner)} + spec: + description: This task can be used to create a version from git history + params: + - name: gitversion-image + default: gittools/gitversion:6.0.0-alpine.3.18-7.0 + description: The name of the toolbox image + type: string + - name: branch + type: string + results: + - description: The calculated git version you could use for git tagging e.g. "0.1.0-tektonize.1-188" + name: gitVersion + - description: A normalized version for use in container images e.g. "0.1.0-tektonize.1-188" + name: packageVersion + - name: shortSHA + steps: + - name: set-git-version + image: $(params.gitversion-image) + workingDir: $(workspaces.source.path) + script: |- + #!/usr/bin/env ash + git switch $(params.branch) + ShortSha=$(/tools/dotnet-gitversion . /showvariable ShortSha) + echo -n "ShortSha: " + echo -n "$${ShortSha}" | tee $(results.shortSHA.path) + echo + FullSemVer=$(/tools/dotnet-gitversion . /showvariable FullSemVer) + echo "FullSemVer: " + echo -n "$${FullSemVer}" | tee $(results.gitVersion.path) + echo + # normalize a bit because + # image tags can only contain `abcdefghijklmnopqrstuvwxyz0123456789_-.ABCDEFGHIJKLMNOPQRSTUVWXYZ` + packageVersion=$(echo -n $FullSemVer | sed 's/[^-._0-9A-Za-z]/-/g'|sed 's/-/-beta./') + echo -n "packageVersion: " + echo -n "$${packageVersion}" | tee $(results.packageVersion.path) + workspaces: + - name: source + description: A workspace that contains the fetched git repository to create a version for. +EOF +} + +resource "kubectl_manifest" "Task_generate-build-id" { + yaml_body = <<-EOF + apiVersion: tekton.dev/v1beta1 + kind: Task + metadata: + name: generate-build-id + labels: ${jsonencode(local.common_labels)} + annotations: + tekton.dev/pipelines.minVersion: 0.12.1 + tekton.dev/categories: Build Tools + tekton.dev/tags: build-tool + tekton.dev/displayName: buildid + tekton.dev/platforms: linux/amd64,linux/s390x,linux/ppc64le,linux/arm64 + namespace: ${var.namespace} + ownerReferences: ${jsonencode(var.install_owner)} + spec: + description: Given a base version, this task generates a unique build id by appending the base-version to the current timestamp. + params: + - name: toolbox-image + default: sebt3/basic-toolbox-image:1.29.4 + description: The name of the toolbox image + type: string + - name: branch + type: string + results: + - name: timestamp + description: Current timestamp + - name: commitcount + description: Current commitcount + - name: build-id + description: Current commitcount + steps: + - name: get-build-id + image: $(params.toolbox-image) + workingDir: $(workspaces.source.path) + script: | + #!/usr/bin/env bash + git config --global --add safe.directory /workspace/source + ts=`date "+%Y%m%d-%H%M%S"` + t2=`date "+%Y%m%d.%H%M%S"` + cc=`git rev-list --count HEAD` + buildId="$(params.branch)-$${cc}.$${t2}" + echo -n "Current Timestamp: " + echo -n $${ts} | tee $(results.timestamp.path) + echo -ne "\nCommit Count: " + echo -n $${cc} | tee $(results.commitcount.path) + echo -ne "\nBuild ID: " + echo -n $${buildId} | tee $(results.build-id.path) + workspaces: + - name: source + description: A workspace that contains the fetched git repository to create a version for. +EOF +} + +resource "kubectl_manifest" "Task_git-clone" { + yaml_body = <<-EOF + apiVersion: tekton.dev/v1beta1 + kind: Task + metadata: + name: git-clone + labels: ${jsonencode(local.common_labels)} + annotations: + tekton.dev/pipelines.minVersion: 0.38.0 + tekton.dev/categories: Git + tekton.dev/tags: git + tekton.dev/displayName: git clone + tekton.dev/platforms: linux/amd64,linux/s390x,linux/ppc64le,linux/arm64 + namespace: ${var.namespace} + ownerReferences: ${jsonencode(var.install_owner)} + spec: + description: |- + These Tasks are Git tasks to work with repositories used by other tasks in your Pipeline. + The git-clone Task will clone a repo from the provided url into the output Workspace. By default the repo will be cloned into the root of your Workspace. You can clone into a subdirectory by setting this Task's subdirectory param. This Task also supports sparse checkouts. To perform a sparse checkout, pass a list of comma separated directory patterns to this Task's sparseCheckoutDirectories param. + workspaces: + - name: output + description: The git repo will be cloned onto the volume backing this Workspace. + - name: ssh-directory + optional: true + description: | + A .ssh directory with private key, known_hosts, config, etc. Copied to + the user's home before git commands are executed. Used to authenticate + with the git remote when performing the clone. Binding a Secret to this + Workspace is strongly recommended over other volume types. + - name: basic-auth + optional: true + description: | + A Workspace containing a .gitconfig and .git-credentials file. These + will be copied to the user's home before any git commands are run. Any + other files in this Workspace are ignored. It is strongly recommended + to use ssh-directory over basic-auth whenever possible and to bind a + Secret to this Workspace over other volume types. + - name: ssl-ca-directory + optional: true + description: | + A workspace containing CA certificates, this will be used by Git to + verify the peer with when fetching or pushing over HTTPS. + params: + - name: toolbox-image + default: sebt3/basic-toolbox-image:1.29.4 + description: The name of the toolbox image + type: string + - name: url + description: Repository URL to clone from. + type: string + - name: revision + description: Revision to checkout. (branch, tag, sha, ref, etc...) + type: string + default: '' + - name: refspec + description: Refspec to fetch before checking out revision. + default: '' + - name: submodules + description: Initialize and fetch git submodules. + type: string + default: 'true' + - name: depth + description: Perform a shallow clone, fetching only the most recent N commits. + type: string + default: '1' + - name: sslVerify + description: Set the `http.sslVerify` global git config. Setting this to `false` is not advised unless you are sure that you trust your git remote. + type: string + default: 'true' + - name: crtFileName + description: file name of mounted crt using ssl-ca-directory workspace. default value is ca-bundle.crt. + type: string + default: ca-bundle.crt + - name: subdirectory + description: Subdirectory inside the `output` Workspace to clone the repo into. + type: string + default: '' + - name: sparseCheckoutDirectories + description: Define the directory patterns to match or exclude when performing a sparse checkout. + type: string + default: '' + - name: deleteExisting + description: Clean out the contents of the destination directory if it already exists before cloning. + type: string + default: 'true' + - name: httpProxy + description: HTTP proxy server for non-SSL requests. + type: string + default: '' + - name: httpsProxy + description: HTTPS proxy server for SSL requests. + type: string + default: '' + - name: noProxy + description: Opt out of proxying HTTP/HTTPS requests. + type: string + default: '' + - name: verbose + description: Log the commands that are executed during `git-clone`'s operation. + type: string + default: 'true' + - name: userHome + description: | + Absolute path to the user's home directory. + type: string + default: /home/git + results: + - name: commit + description: The precise commit SHA that was fetched by this Task. + - name: url + description: The precise URL that was fetched by this Task. + - name: committer-date + description: The epoch timestamp of the commit that was fetched by this Task. + volumes: + - name: home + emptyDir: {} + steps: + - name: clone + image: $(params.toolbox-image) + env: + - name: HOME + value: $(params.userHome) + - name: PARAM_URL + value: $(params.url) + - name: PARAM_REVISION + value: $(params.revision) + - name: PARAM_REFSPEC + value: $(params.refspec) + - name: PARAM_SUBMODULES + value: $(params.submodules) + - name: PARAM_DEPTH + value: $(params.depth) + - name: PARAM_SSL_VERIFY + value: $(params.sslVerify) + - name: PARAM_CRT_FILENAME + value: $(params.crtFileName) + - name: PARAM_SUBDIRECTORY + value: $(params.subdirectory) + - name: PARAM_DELETE_EXISTING + value: $(params.deleteExisting) + - name: PARAM_HTTP_PROXY + value: $(params.httpProxy) + - name: PARAM_HTTPS_PROXY + value: $(params.httpsProxy) + - name: PARAM_NO_PROXY + value: $(params.noProxy) + - name: PARAM_VERBOSE + value: $(params.verbose) + - name: PARAM_SPARSE_CHECKOUT_DIRECTORIES + value: $(params.sparseCheckoutDirectories) + - name: PARAM_USER_HOME + value: $(params.userHome) + - name: WORKSPACE_OUTPUT_PATH + value: $(workspaces.output.path) + - name: WORKSPACE_SSH_DIRECTORY_BOUND + value: $(workspaces.ssh-directory.bound) + - name: WORKSPACE_SSH_DIRECTORY_PATH + value: $(workspaces.ssh-directory.path) + - name: WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND + value: $(workspaces.basic-auth.bound) + - name: WORKSPACE_BASIC_AUTH_DIRECTORY_PATH + value: $(workspaces.basic-auth.path) + - name: WORKSPACE_SSL_CA_DIRECTORY_BOUND + value: $(workspaces.ssl-ca-directory.bound) + - name: WORKSPACE_SSL_CA_DIRECTORY_PATH + value: $(workspaces.ssl-ca-directory.path) + securityContext: + runAsNonRoot: true + runAsUser: 65532 + volumeMounts: + - mountPath: $(params.userHome) + name: home + script: |- + #!/usr/bin/env sh + set -eu + + if [ "$${PARAM_VERBOSE}" = "true" ] ; then + set -x + fi + + if [ "$${WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND}" = "true" ] ; then + cp "$${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials" "$${PARAM_USER_HOME}/.git-credentials" + cp "$${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig" "$${PARAM_USER_HOME}/.gitconfig" + chmod 400 "$${PARAM_USER_HOME}/.git-credentials" + chmod 400 "$${PARAM_USER_HOME}/.gitconfig" + fi + + if [ "$${WORKSPACE_SSH_DIRECTORY_BOUND}" = "true" ] ; then + cp -R "$${WORKSPACE_SSH_DIRECTORY_PATH}" "$${PARAM_USER_HOME}"/.ssh + chmod 700 "$${PARAM_USER_HOME}"/.ssh + chmod -R 400 "$${PARAM_USER_HOME}"/.ssh/* + fi + + if [ "$${WORKSPACE_SSL_CA_DIRECTORY_BOUND}" = "true" ] ; then + export GIT_SSL_CAPATH="$${WORKSPACE_SSL_CA_DIRECTORY_PATH}" + if [ "$${PARAM_CRT_FILENAME}" != "" ] ; then + export GIT_SSL_CAINFO="$${WORKSPACE_SSL_CA_DIRECTORY_PATH}/$${PARAM_CRT_FILENAME}" + fi + fi + CHECKOUT_DIR="$${WORKSPACE_OUTPUT_PATH}/$${PARAM_SUBDIRECTORY}" + + cleandir() { + # Delete any existing contents of the repo directory if it exists. + # + # We don't just "rm -rf $${CHECKOUT_DIR}" because $${CHECKOUT_DIR} might be "/" + # or the root of a mounted volume. + if [ -d "$${CHECKOUT_DIR}" ] ; then + # Delete non-hidden files and directories + rm -rf "$${CHECKOUT_DIR:?}"/* + # Delete files and directories starting with . but excluding .. + rm -rf "$${CHECKOUT_DIR}"/.[!.]* + # Delete files and directories starting with .. plus any other character + rm -rf "$${CHECKOUT_DIR}"/..?* + fi + } + + if [ "$${PARAM_DELETE_EXISTING}" = "true" ] ; then + cleandir || true + fi + + test -z "$${PARAM_HTTP_PROXY}" || export HTTP_PROXY="$${PARAM_HTTP_PROXY}" + test -z "$${PARAM_HTTPS_PROXY}" || export HTTPS_PROXY="$${PARAM_HTTPS_PROXY}" + test -z "$${PARAM_NO_PROXY}" || export NO_PROXY="$${PARAM_NO_PROXY}" + + FETCH_CMD="" + if [ $PARAM_DEPTH -gt 0 ];then + FETCH_CMD="$${FETCH_CMD} --depth $PARAM_DEPTH" + fi + git config --global --add safe.directory "$${WORKSPACE_OUTPUT_PATH}" + git config --global --add http.sslVerify "$${PARAM_SSL_VERIFY}" + cd "$${CHECKOUT_DIR}" + git init + if [ "$${PARAM_SPARSE_CHECKOUT_DIRECTORIES}" != "" ];then + git config --global --add core.sparsecheckout true + mkdir -p .git/info/ + echo "$${PARAM_SPARSE_CHECKOUT_DIRECTORIES}"|sed 's/,/\n/'>.git/info/sparse-checkout + chmod 644 .git/info/sparse-checkout + fi + git remote add origin "$${PARAM_URL}" + git fetch "--recurse-submodules=$${PARAM_SUBMODULES}" $FETCH_CMD origin --update-head-ok --force + git reset --hard "$${PARAM_REVISION}" + cd "$${CHECKOUT_DIR}" + RESULT_SHA="$(git rev-parse HEAD)" + EXIT_CODE="$?" + if [ "$${EXIT_CODE}" != 0 ] ; then + exit "$${EXIT_CODE}" + fi + RESULT_COMMITTER_DATE="$(git log -1 --pretty=%ct)" + printf "%s" "$${RESULT_COMMITTER_DATE}" > "$(results.committer-date.path)" + printf "%s" "$${RESULT_SHA}" > "$(results.commit.path)" + printf "%s" "$${PARAM_URL}" > "$(results.url.path)" +EOF +} diff --git a/share/gitea-tekton-org/index.rhai b/share/gitea-tekton-org/index.rhai index cef61d6..66908de 100644 --- a/share/gitea-tekton-org/index.rhai +++ b/share/gitea-tekton-org/index.rhai @@ -1,13 +1,47 @@ const SRC=src; const DEST=dest; -const duplicates=["auto-ci-detector.py"]; -fn post_pack() { +const duplicates=["auto_ci_detector.py","functions.sh"]; +const DOMAIN = config.domain; +const NAME = instance; +fn duplicate_files() { for file in global::duplicates { shell(`cp ${global::SRC}/${file} ${global::DEST}/${file}`); } } +fn have_gitea() { + have_namespace(`${global::DOMAIN}-ci`) && have_install(`${global::DOMAIN}-ci`, "gitea") && have_service(`${global::DOMAIN}-ci`, "gitea-http") && have_secret(`${global::DOMAIN}-ci`, "gitea-admin-user") +} +fn have_sonar() { + have_namespace(`${global::DOMAIN}-ci`) && have_install(`${global::DOMAIN}-ci`, "sonar") && have_service(`${global::DOMAIN}-ci`, "sonar-sonar") && have_secret(`${global::DOMAIN}-ci`, "sonar-sonar") +} +fn have_taiga() { + have_namespace(`${global::DOMAIN}-ci`) && have_install(`${global::DOMAIN}-ci`, "taiga") && have_service(`${global::DOMAIN}-ci`, "taiga-taiga") && have_secret(`${global::DOMAIN}-ci`, "taiga-taiga") +} +fn gitea_repos() { + let repos = []; + let org = global::NAME; + org.replace("org-",""); + if (have_gitea() && have_sonar()) { + let gitea = get_secret(`${global::DOMAIN}-ci`, "gitea-admin-user"); + let username = base64_decode(gitea.data.username); + let password = base64_decode(gitea.data.password); + let headers = http_header_basic(username,password); + let response = http_get_json(`http://gitea-http.${global::DOMAIN}-ci.svc:3000/api/v1/orgs/${org}/repos`, headers); + repos += response.json.map(|p| p.name); + repos.sort(); + log_info(`Found ${repos.len} repos`); + } + repos +} +fn post_pack() { + duplicate_files(); +} fn post_template() { - for file in global::duplicates { - shell(`cp ${global::SRC}/${file} ${global::DEST}/${file}`); - } + save_to_tf(`${global::DEST}/conditions.tf`, "conditions", #{ + have_gitea: have_gitea(), + have_sonar: have_sonar(), + have_taiga: have_taiga(), + repos: gitea_repos() + }); + duplicate_files(); } diff --git a/share/gitea-tekton-org/tekton.dev_v1_Pipeline_auto-ci-push.yaml b/share/gitea-tekton-org/tekton.dev_v1_Pipeline_auto-ci-push.yaml deleted file mode 100644 index 891b4ab..0000000 --- a/share/gitea-tekton-org/tekton.dev_v1_Pipeline_auto-ci-push.yaml +++ /dev/null @@ -1,292 +0,0 @@ -apiVersion: tekton.dev/v1 -kind: Pipeline -metadata: - name: auto-ci-push -spec: - workspaces: - - name: source - - name: dockerconfig - - name: ssh - - name: sslcertdir - params: - - name: artifactory-url - default: docker.io - description: The url of the current artifactory - type: string - - name: gramo-url - default: https://gramo.media.rennes.home - type: string - - name: project-name - description: The name of the current project - type: string - - name: project-path - description: The path of the current project - type: string - - name: git-default-branch - description: The git revision - default: main - - name: git-url - type: string - - name: git-revision - type: string - - name: branch-name - type: string - finally: - - name: cleanup - taskRef: - name: auto-ci-cleanup - workspaces: - - name: source - - name: inform-gitea-success - when: - - cel: "'$(tasks.status)' in ['Succeeded','Completed']" - params: - - name: REPO_FULL_NAME - value: $(params.project-path) - - name: SHA - value: $(params.git-revision) - - name: TARGET_URL - value: "$(params.gramo-url)/workflow/tekton/PipelineRun/$(context.pipelineRun.namespace)/view/$(context.pipelineRun.name)" - - name: DESCRIPTION - value: "auto-ci-push" - - name: STATE - value: "success" - taskRef: - name: gitea-set-status - - name: inform-gitea-warning - when: - - cel: "'$(tasks.status)' == 'None'" - params: - - name: REPO_FULL_NAME - value: $(params.project-path) - - name: SHA - value: $(params.git-revision) - - name: TARGET_URL - value: "$(params.gramo-url)/workflow/tekton/PipelineRun/$(context.pipelineRun.namespace)/view/$(context.pipelineRun.name)" - - name: DESCRIPTION - value: "auto-ci-push" - - name: STATE - value: "warning" - taskRef: - name: gitea-set-status - - name: inform-gitea-error - when: - - cel: "'$(tasks.status)' == 'Failed'" - params: - - name: REPO_FULL_NAME - value: $(params.project-path) - - name: SHA - value: $(params.git-revision) - - name: TARGET_URL - value: "$(params.gramo-url)/workflow/tekton/PipelineRun/$(context.pipelineRun.namespace)/view/$(context.pipelineRun.name)" - - name: DESCRIPTION - value: "auto-ci-push" - - name: STATE - value: "error" - taskRef: - name: gitea-set-status - tasks: - - name: inform-gitea-start - onError: continue - params: - - name: REPO_FULL_NAME - value: $(params.project-path) - - name: SHA - value: $(params.git-revision) - - name: TARGET_URL - value: "$(params.gramo-url)/workflow/tekton/PipelineRun/$(context.pipelineRun.namespace)/view/$(context.pipelineRun.name)" - - name: DESCRIPTION - value: "auto-ci-push" - - name: STATE - value: "pending" - taskRef: - name: gitea-set-status - - name: git-clone - params: - - name: url - value: $(params.git-url) - - name: revision - value: $(params.git-revision) - - name: branch - value: $(params.branch-name) - - name: depth - value: 0 - taskRef: - name: git-clone - workspaces: - - name: output - workspace: source - - name: ssh-directory - workspace: ssh - - name: generate-build-id - runAfter: [git-clone] - params: - - name: branch - value: $(params.branch-name) - taskRef: - name: generate-build-id - workspaces: - - name: source - - name: detect-stages - runAfter: [generate-build-id] - params: - - name: pipeline-type - value: push - - name: artifactory-url - value: $(params.artifactory-url) - - name: project-name - value: $(params.project-name) - - name: project-path - value: $(params.project-path) - - name: image-version - value: "$(tasks.generate-build-id.results.build-id)" - taskRef: - name: auto-ci-detector - workspaces: - - name: source - - name: lint-shell - runAfter: ["detect-stages"] - onError: continue - when: - - input: "lint-shell" - operator: in - values: ["$(tasks.detect-stages.results.stages-lint[*])"] - params: - - name: args - value: $(tasks.detect-stages.results.shellcheck-args) - taskRef: - name: shellcheck - workspaces: - - name: shared-workspace - workspace: source - - name: lint-docker - onError: continue - runAfter: ["detect-stages"] - when: - - input: "lint-docker" - operator: in - values: ["$(tasks.detect-stages.results.stages-lint[*])"] - taskRef: - name: hadolint - matrix: - params: - - name: dockerfile-path - value: $(tasks.detect-stages.results.file-docker) - workspaces: - - name: source - - name: lint-yaml - onError: continue - runAfter: ["detect-stages"] - when: - - input: "lint-yaml" - operator: in - values: ["$(tasks.detect-stages.results.stages-lint[*])"] - params: - - name: args - value: ["."] - taskRef: - name: yaml-lint - workspaces: - - name: shared-workspace - workspace: source - - name: lint-black - onError: continue - runAfter: ["detect-stages"] - when: - - input: "lint-black" - operator: in - values: ["$(tasks.detect-stages.results.stages-lint[*])"] - params: - - name: args - value: $(tasks.detect-stages.results.black-args) - taskRef: - name: black - workspaces: - - name: shared-workspace - workspace: source - - name: lint-python - onError: continue - runAfter: ["detect-stages"] - when: - - input: "lint-python" - operator: in - values: ["$(tasks.detect-stages.results.stages-lint[*])"] - params: - - name: args - value: $(tasks.detect-stages.results.pylint-args) - taskRef: - name: pylint - workspaces: - - name: source - workspace: source - - name: lint-make - onError: continue - runAfter: ["detect-stages"] - when: - - input: "lint-make" - operator: in - values: ["$(tasks.detect-stages.results.stages-lint[*])"] - params: - - name: args - value: $(tasks.detect-stages.results.checkmake-args) - taskRef: - name: check-make - workspaces: - - name: shared-workspace - workspace: source - - name: lint-md - onError: continue - runAfter: ["detect-stages"] - when: - - input: "lint-md" - operator: in - values: ["$(tasks.detect-stages.results.stages-lint[*])"] - params: - - name: args - value: $(tasks.detect-stages.results.mdl-args) - taskRef: - name: markdown-lint - workspaces: - - name: shared-workspace - workspace: source - - name: lint-kube - onError: continue - runAfter: ["detect-stages"] - when: - - input: "lint-kube" - operator: in - values: ["$(tasks.detect-stages.results.stages-lint[*])"] - params: - - name: args - value: $(tasks.detect-stages.results.kubelinter-args) - - name: manifest - value: k8 - - name: default_option - value: do-not-auto-add-defaults - - name: includelist - value: "no-extensions-v1beta,default-service-account,no-readiness-probe" - taskRef: - name: kube-linter - workspaces: - - name: source - - name: publish-docker - runAfter: ["lint-md","lint-kube","lint-make","lint-shell","lint-docker","lint-yaml","lint-black","lint-python"] - when: - - input: "publish-docker" - operator: in - values: ["$(tasks.detect-stages.results.stages-publish[*])"] - - input: "$(params.branch-name)" - operator: in - values: ["$(params.git-default-branch)"] - taskRef: - name: buildah - matrix: - params: - - name: DOCKERFILE - value: $(tasks.detect-stages.results.file-docker) - - name: IMAGE - value: $(tasks.detect-stages.results.images-name) - workspaces: - - name: source - - name: sslcertdir - - name: dockerconfig \ No newline at end of file diff --git a/share/gitea-tekton-org/tekton.dev_v1_Pipeline_auto-ci-tag.yaml b/share/gitea-tekton-org/tekton.dev_v1_Pipeline_auto-ci-tag.yaml deleted file mode 100644 index b7cf2cf..0000000 --- a/share/gitea-tekton-org/tekton.dev_v1_Pipeline_auto-ci-tag.yaml +++ /dev/null @@ -1,273 +0,0 @@ -apiVersion: tekton.dev/v1 -kind: Pipeline -metadata: - name: auto-ci-tag -spec: - workspaces: - - name: source - - name: dockerconfig - - name: ssh - - name: sslcertdir - params: - - name: artifactory-url - default: docker.io - description: The url of the current artifactory - type: string - - name: gramo-url - default: https://gramo.media.rennes.home - type: string - - name: project-name - description: The name of the current project - type: string - - name: project-path - description: The path of the current project - type: string - - name: git-url - type: string - - name: git-revision - type: string - - name: tag-name - type: string - finally: - - name: cleanup - taskRef: - name: auto-ci-cleanup - workspaces: - - name: source - - name: inform-gitea-success - when: - - cel: "'$(tasks.status)' in ['Succeeded','Completed']" - params: - - name: REPO_FULL_NAME - value: $(params.project-path) - - name: SHA - value: $(params.git-revision) - - name: TARGET_URL - value: "$(params.gramo-url)/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)" - - name: DESCRIPTION - value: "auto-ci-tag" - - name: STATE - value: "success" - taskRef: - name: gitea-set-status - - name: inform-gitea-warning - when: - - cel: "'$(tasks.status)' == 'None'" - params: - - name: REPO_FULL_NAME - value: $(params.project-path) - - name: SHA - value: $(params.git-revision) - - name: TARGET_URL - value: "$(params.gramo-url)/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)" - - name: DESCRIPTION - value: "auto-ci-tag" - - name: STATE - value: "warning" - taskRef: - name: gitea-set-status - - name: inform-gitea-error - when: - - cel: "'$(tasks.status)' == 'Failed'" - params: - - name: REPO_FULL_NAME - value: $(params.project-path) - - name: SHA - value: $(params.git-revision) - - name: TARGET_URL - value: "$(params.gramo-url)/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)" - - name: DESCRIPTION - value: "auto-ci-tag" - - name: STATE - value: "error" - taskRef: - name: gitea-set-status - tasks: - - name: inform-gitea-start - onError: continue - params: - - name: REPO_FULL_NAME - value: $(params.project-path) - - name: SHA - value: $(params.git-revision) - - name: TARGET_URL - value: "$(params.gramo-url)/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)" - - name: DESCRIPTION - value: "auto-ci-tag" - - name: STATE - value: "pending" - taskRef: - name: gitea-set-status - - name: git-clone - params: - - name: url - value: $(params.git-url) - - name: revision - value: $(params.git-revision) - taskRef: - name: git-clone - workspaces: - - name: output - workspace: source - - name: ssh-directory - workspace: ssh - - name: detect-stages - runAfter: [git-clone] - params: - - name: pipeline-type - value: tag - - name: artifactory-url - value: $(params.artifactory-url) - - name: project-name - value: $(params.project-name) - - name: project-path - value: $(params.project-path) - - name: image-version - value: "$(params.tag-name)" - taskRef: - name: auto-ci-detector - workspaces: - - name: source - - name: lint-shell - runAfter: ["detect-stages"] - onError: stopAndFail - when: - - input: "lint-shell" - operator: in - values: ["$(tasks.detect-stages.results.stages-lint[*])"] - params: - - name: args - value: $(tasks.detect-stages.results.shellcheck-args) - taskRef: - name: shellcheck - workspaces: - - name: shared-workspace - workspace: source - - name: lint-docker - runAfter: ["detect-stages"] - onError: stopAndFail - when: - - input: "lint-docker" - operator: in - values: ["$(tasks.detect-stages.results.stages-lint[*])"] - taskRef: - name: hadolint - matrix: - params: - - name: dockerfile-path - value: $(tasks.detect-stages.results.file-docker) - workspaces: - - name: source - - name: lint-yaml - runAfter: ["detect-stages"] - onError: stopAndFail - when: - - input: "lint-yaml" - operator: in - values: ["$(tasks.detect-stages.results.stages-lint[*])"] - params: - - name: args - value: ["."] - taskRef: - name: yaml-lint - workspaces: - - name: shared-workspace - workspace: source - - name: lint-black - runAfter: ["detect-stages"] - onError: stopAndFail - when: - - input: "lint-black" - operator: in - values: ["$(tasks.detect-stages.results.stages-lint[*])"] - params: - - name: args - value: $(tasks.detect-stages.results.black-args) - taskRef: - name: black - workspaces: - - name: shared-workspace - workspace: source - - name: lint-python - runAfter: ["detect-stages"] - onError: stopAndFail - when: - - input: "lint-python" - operator: in - values: ["$(tasks.detect-stages.results.stages-lint[*])"] - params: - - name: args - value: $(tasks.detect-stages.results.pylint-args) - taskRef: - name: pylint - workspaces: - - name: source - workspace: source - - name: lint-make - onError: stopAndFail - runAfter: ["detect-stages"] - when: - - input: "lint-make" - operator: in - values: ["$(tasks.detect-stages.results.stages-lint[*])"] - params: - - name: args - value: $(tasks.detect-stages.results.checkmake-args) - taskRef: - name: check-make - workspaces: - - name: shared-workspace - workspace: source - - name: lint-md - onError: stopAndFail - runAfter: ["detect-stages"] - when: - - input: "lint-md" - operator: in - values: ["$(tasks.detect-stages.results.stages-lint[*])"] - params: - - name: args - value: $(tasks.detect-stages.results.mdl-args) - taskRef: - name: markdown-lint - workspaces: - - name: shared-workspace - workspace: source - - name: lint-kube - onError: stopAndFail - runAfter: ["detect-stages"] - when: - - input: "lint-kube" - operator: in - values: ["$(tasks.detect-stages.results.stages-lint[*])"] - params: - - name: args - value: $(tasks.detect-stages.results.kubelinter-args) - - name: manifest - value: k8 - - name: default_option - value: do-not-auto-add-defaults - - name: includelist - value: "no-extensions-v1beta,default-service-account,no-readiness-probe" - taskRef: - name: kube-linter - workspaces: - - name: source - - name: publish-docker - runAfter: ["lint-md","lint-kube","lint-make","lint-shell","lint-docker","lint-yaml","lint-black","lint-python"] - when: - - input: "publish-docker" - operator: in - values: ["$(tasks.detect-stages.results.stages-publish[*])"] - taskRef: - name: buildah - matrix: - params: - - name: DOCKERFILE - value: $(tasks.detect-stages.results.file-docker) - - name: IMAGE - value: $(tasks.detect-stages.results.images-name) - workspaces: - - name: source - - name: sslcertdir - - name: dockerconfig \ No newline at end of file diff --git a/share/gitea-tekton-org/tekton.dev_v1_Task_auto-cd-activate.yaml b/share/gitea-tekton-org/tekton.dev_v1_Task_auto-cd-activate.yaml deleted file mode 100644 index ee521f3..0000000 --- a/share/gitea-tekton-org/tekton.dev_v1_Task_auto-cd-activate.yaml +++ /dev/null @@ -1,84 +0,0 @@ -apiVersion: tekton.dev/v1 -kind: Task -metadata: - name: auto-cd-activate -spec: - params: - - name: toolbox-image - default: sebt3/basic-toolbox-image:1.29.4 - description: The name of the toolbox image - type: string - - name: issuer-name - default: letsencrypt-prod - type: string - - name: domain-name - type: string - - name: domain - type: string - - name: stages - type: array - - name: artifactory-url - description: The url of the current artifactory - - name: project-name - description: The git repository name - - name: project-path - description: The path of the current project - - name: git-repository-url - description: The git repository url - - name: deploy-url - description: The git repository url for the deploy project - steps: - - name: activate - image: $(params.toolbox-image) - workingDir: $(workspaces.source.path) - args: - - $(params.stages) - env: - - name: ARTIFACTORY_URL - value: $(params.artifactory-url) - - name: DOMAIN - value: $(params.domain) - - name: DOMAIN_NAME - value: $(params.domain-name) - - name: ISSUER_NAME - value: $(params.issuer-name) - - name: PROJECT_NAME - value: $(params.project-name) - - name: PROJECT_PATH - value: $(params.project-path) - - name: GIT_REPOSITORY_URL - value: $(params.git-repository-url) - - name: DEPLOY_URL - value: $(params.deploy-url) - - name: TEMPLATE_ROOT - value: /etc/templates - - name: WORKSPACE_SSH_DIRECTORY_PATH - value: $(workspaces.ssh-directory.path) - - name: NAMESPACE - value: $(context.taskRun.namespace) - script: |- - #!/usr/bin/env bash - . ${TEMPLATE_ROOT}/functions.sh - cleanup - git_prepare "$(params.deploy-url)" "Auto CD" "autocd@$(params.domain-name)" - install_base - create_prj "$@" - activate_prj "$@" - git_push "Activating $(params.project-name)" - cleanup - volumeMounts: - - mountPath: /etc/templates - name: templates - volumes: - - name: templates - configMap: - name: auto-cd-templates - workspaces: - - name: source - mountPath: /data - - description: | - A .ssh directory with private key, known_hosts, config, etc. Copied to - the user's home before git commands are executed. Used to authenticate - with the git remote when performing the clone. Binding a Secret to this - Workspace is strongly recommended over other volume types. - name: ssh-directory \ No newline at end of file diff --git a/share/gitea-tekton-org/tekton.dev_v1_Task_auto-cd-create.yaml b/share/gitea-tekton-org/tekton.dev_v1_Task_auto-cd-create.yaml deleted file mode 100644 index c6b079b..0000000 --- a/share/gitea-tekton-org/tekton.dev_v1_Task_auto-cd-create.yaml +++ /dev/null @@ -1,83 +0,0 @@ -apiVersion: tekton.dev/v1 -kind: Task -metadata: - name: auto-cd-create -spec: - params: - - name: toolbox-image - default: sebt3/basic-toolbox-image:1.29.4 - description: The name of the toolbox image - type: string - - name: issuer-name - default: letsencrypt-prod - type: string - - name: domain-name - type: string - - name: domain - type: string - - name: stages - type: array - - name: artifactory-url - description: The url of the current artifactory - - name: project-name - description: The git repository name - - name: project-path - description: The path of the current project - - name: git-repository-url - description: The git repository url - - name: deploy-url - description: The git repository url for the deploy project - steps: - - name: create - image: $(params.toolbox-image) - workingDir: $(workspaces.source.path) - args: - - $(params.stages) - env: - - name: ARTIFACTORY_URL - value: $(params.artifactory-url) - - name: DOMAIN - value: $(params.domain) - - name: DOMAIN_NAME - value: $(params.domain-name) - - name: ISSUER_NAME - value: $(params.issuer-name) - - name: PROJECT_NAME - value: $(params.project-name) - - name: PROJECT_PATH - value: $(params.project-path) - - name: GIT_REPOSITORY_URL - value: $(params.git-repository-url) - - name: DEPLOY_URL - value: $(params.deploy-url) - - name: TEMPLATE_ROOT - value: /etc/templates - - name: WORKSPACE_SSH_DIRECTORY_PATH - value: $(workspaces.ssh-directory.path) - - name: NAMESPACE - value: $(context.taskRun.namespace) - script: |- - #!/usr/bin/env bash - . ${TEMPLATE_ROOT}/functions.sh - cleanup - git_prepare "$(params.deploy-url)" "Auto CD" "autocd@$(params.domain-name)" - install_base - create_prj "$@" - git_push "Adding $(params.project-name)" - cleanup - volumeMounts: - - mountPath: /etc/templates - name: templates - volumes: - - name: templates - configMap: - name: auto-cd-templates - workspaces: - - name: source - mountPath: /data - - description: | - A .ssh directory with private key, known_hosts, config, etc. Copied to - the user's home before git commands are executed. Used to authenticate - with the git remote when performing the clone. Binding a Secret to this - Workspace is strongly recommended over other volume types. - name: ssh-directory \ No newline at end of file diff --git a/share/gitea-tekton-org/tekton.dev_v1_Task_auto-cd-delete.yaml b/share/gitea-tekton-org/tekton.dev_v1_Task_auto-cd-delete.yaml deleted file mode 100644 index 250ffd4..0000000 --- a/share/gitea-tekton-org/tekton.dev_v1_Task_auto-cd-delete.yaml +++ /dev/null @@ -1,82 +0,0 @@ -apiVersion: tekton.dev/v1 -kind: Task -metadata: - name: auto-cd-delete -spec: - params: - - name: toolbox-image - default: sebt3/basic-toolbox-image:1.29.4 - description: The name of the toolbox image - type: string - - name: issuer-name - default: letsencrypt-prod - type: string - - name: domain-name - type: string - - name: domain - type: string - - name: stages - type: array - - name: artifactory-url - description: The url of the current artifactory - - name: project-name - description: The git repository name - - name: project-path - description: The path of the current project - - name: git-repository-url - description: The git repository url - - name: deploy-url - description: The git repository url for the deploy project - steps: - - name: delete - image: $(params.toolbox-image) - workingDir: $(workspaces.source.path) - args: - - $(params.stages) - env: - - name: ARTIFACTORY_URL - value: $(params.artifactory-url) - - name: DOMAIN - value: $(params.domain) - - name: DOMAIN_NAME - value: $(params.domain-name) - - name: ISSUER_NAME - value: $(params.issuer-name) - - name: PROJECT_NAME - value: $(params.project-name) - - name: PROJECT_PATH - value: $(params.project-path) - - name: GIT_REPOSITORY_URL - value: $(params.git-repository-url) - - name: DEPLOY_URL - value: $(params.deploy-url) - - name: TEMPLATE_ROOT - value: /etc/templates - - name: WORKSPACE_SSH_DIRECTORY_PATH - value: $(workspaces.ssh-directory.path) - - name: NAMESPACE - value: $(context.taskRun.namespace) - script: |- - #!/usr/bin/env bash - . ${TEMPLATE_ROOT}/functions.sh - cleanup - git_prepare "$(params.deploy-url)" "Auto CD" "autocd@$(params.domain-name)" - delete_prj "$@" - git_push "Removing $(params.project-name)" - cleanup - volumeMounts: - - mountPath: /etc/templates - name: templates - volumes: - - name: templates - configMap: - name: auto-cd-templates - workspaces: - - name: source - mountPath: /data - - description: | - A .ssh directory with private key, known_hosts, config, etc. Copied to - the user's home before git commands are executed. Used to authenticate - with the git remote when performing the clone. Binding a Secret to this - Workspace is strongly recommended over other volume types. - name: ssh-directory \ No newline at end of file diff --git a/share/gitea-tekton-org/tekton.dev_v1_Task_auto-ci-cleanup.yaml b/share/gitea-tekton-org/tekton.dev_v1_Task_auto-ci-cleanup.yaml deleted file mode 100644 index d34af70..0000000 --- a/share/gitea-tekton-org/tekton.dev_v1_Task_auto-ci-cleanup.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: tekton.dev/v1 -kind: Task -metadata: - name: auto-ci-cleanup -spec: - params: - - name: toolbox-image - default: sebt3/basic-toolbox-image:1.29.4 - description: The name of the toolbox image - type: string - steps: - - name: cleanup - image: $(params.toolbox-image) - workingDir: $(workspaces.source.path) - script: |- - #!/usr/bin/env bash - rm -rf .* * || true - workspaces: - - name: source - mountPath: /data \ No newline at end of file diff --git a/share/gitea-tekton-org/tekton.dev_v1beta1_Task_generate-build-id.yaml b/share/gitea-tekton-org/tekton.dev_v1beta1_Task_generate-build-id.yaml deleted file mode 100644 index 2e05cbf..0000000 --- a/share/gitea-tekton-org/tekton.dev_v1beta1_Task_generate-build-id.yaml +++ /dev/null @@ -1,51 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: generate-build-id - labels: - app.kubernetes.io/version: "0.1" - annotations: - tekton.dev/pipelines.minVersion: "0.12.1" - tekton.dev/categories: Build Tools - tekton.dev/tags: build-tool - tekton.dev/displayName: "buildid" - tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" -spec: - description: >- - Given a base version, this task generates a unique build id by appending - the base-version to the current timestamp. - - params: - - name: toolbox-image - default: sebt3/basic-toolbox-image:1.29.4 - description: The name of the toolbox image - type: string - - name: branch - type: string - results: - - name: timestamp - description: Current timestamp - - name: commitcount - description: Current commitcount - - name: build-id - description: Current commitcount - steps: - - name: get-build-id - image: $(params.toolbox-image) - workingDir: $(workspaces.source.path) - script: | - #!/usr/bin/env bash - git config --global --add safe.directory /workspace/source - ts=`date "+%Y%m%d-%H%M%S"` - t2=`date "+%Y%m%d.%H%M%S"` - cc=`git rev-list --count HEAD` - buildId="$(params.branch)-${cc}.${t2}" - echo -n "Current Timestamp: " - echo -n ${ts} | tee $(results.timestamp.path) - echo -ne "\nCommit Count: " - echo -n ${cc} | tee $(results.commitcount.path) - echo -ne "\nBuild ID: " - echo -n ${buildId} | tee $(results.build-id.path) - workspaces: - - name: source - description: A workspace that contains the fetched git repository to create a version for. \ No newline at end of file diff --git a/share/gitea-tekton-org/tekton.dev_v1beta1_Task_git-clone.yaml b/share/gitea-tekton-org/tekton.dev_v1beta1_Task_git-clone.yaml deleted file mode 100644 index 7a9b4f4..0000000 --- a/share/gitea-tekton-org/tekton.dev_v1beta1_Task_git-clone.yaml +++ /dev/null @@ -1,255 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: git-clone - labels: - app.kubernetes.io/version: "0.9" - annotations: - tekton.dev/pipelines.minVersion: "0.38.0" - tekton.dev/categories: Git - tekton.dev/tags: git - tekton.dev/displayName: "git clone" - tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" -spec: - description: >- - These Tasks are Git tasks to work with repositories used by other tasks - in your Pipeline. - - The git-clone Task will clone a repo from the provided url into the - output Workspace. By default the repo will be cloned into the root of - your Workspace. You can clone into a subdirectory by setting this Task's - subdirectory param. This Task also supports sparse checkouts. To perform - a sparse checkout, pass a list of comma separated directory patterns to - this Task's sparseCheckoutDirectories param. - workspaces: - - name: output - description: The git repo will be cloned onto the volume backing this Workspace. - - name: ssh-directory - optional: true - description: | - A .ssh directory with private key, known_hosts, config, etc. Copied to - the user's home before git commands are executed. Used to authenticate - with the git remote when performing the clone. Binding a Secret to this - Workspace is strongly recommended over other volume types. - - name: basic-auth - optional: true - description: | - A Workspace containing a .gitconfig and .git-credentials file. These - will be copied to the user's home before any git commands are run. Any - other files in this Workspace are ignored. It is strongly recommended - to use ssh-directory over basic-auth whenever possible and to bind a - Secret to this Workspace over other volume types. - - name: ssl-ca-directory - optional: true - description: | - A workspace containing CA certificates, this will be used by Git to - verify the peer with when fetching or pushing over HTTPS. - params: - - name: toolbox-image - default: sebt3/basic-toolbox-image:1.29.4 - description: The name of the toolbox image - type: string - - name: url - description: Repository URL to clone from. - type: string - - name: revision - description: Revision to checkout. (branch, tag, sha, ref, etc...) - type: string - default: "" - - name: refspec - description: Refspec to fetch before checking out revision. - default: "" - - name: submodules - description: Initialize and fetch git submodules. - type: string - default: "true" - - name: depth - description: Perform a shallow clone, fetching only the most recent N commits. - type: string - default: "1" - - name: sslVerify - description: Set the `http.sslVerify` global git config. Setting this to `false` is not advised unless you are sure that you trust your git remote. - type: string - default: "true" - - name: crtFileName - description: file name of mounted crt using ssl-ca-directory workspace. default value is ca-bundle.crt. - type: string - default: "ca-bundle.crt" - - name: subdirectory - description: Subdirectory inside the `output` Workspace to clone the repo into. - type: string - default: "" - - name: sparseCheckoutDirectories - description: Define the directory patterns to match or exclude when performing a sparse checkout. - type: string - default: "" - - name: deleteExisting - description: Clean out the contents of the destination directory if it already exists before cloning. - type: string - default: "true" - - name: httpProxy - description: HTTP proxy server for non-SSL requests. - type: string - default: "" - - name: httpsProxy - description: HTTPS proxy server for SSL requests. - type: string - default: "" - - name: noProxy - description: Opt out of proxying HTTP/HTTPS requests. - type: string - default: "" - - name: verbose - description: Log the commands that are executed during `git-clone`'s operation. - type: string - default: "true" - - name: userHome - description: | - Absolute path to the user's home directory. - type: string - default: "/home/git" - results: - - name: commit - description: The precise commit SHA that was fetched by this Task. - - name: url - description: The precise URL that was fetched by this Task. - - name: committer-date - description: The epoch timestamp of the commit that was fetched by this Task. - volumes: - - name: home - emptyDir: {} - steps: - - name: clone - image: $(params.toolbox-image) - env: - - name: HOME - value: "$(params.userHome)" - - name: PARAM_URL - value: $(params.url) - - name: PARAM_REVISION - value: $(params.revision) - - name: PARAM_REFSPEC - value: $(params.refspec) - - name: PARAM_SUBMODULES - value: $(params.submodules) - - name: PARAM_DEPTH - value: $(params.depth) - - name: PARAM_SSL_VERIFY - value: $(params.sslVerify) - - name: PARAM_CRT_FILENAME - value: $(params.crtFileName) - - name: PARAM_SUBDIRECTORY - value: $(params.subdirectory) - - name: PARAM_DELETE_EXISTING - value: $(params.deleteExisting) - - name: PARAM_HTTP_PROXY - value: $(params.httpProxy) - - name: PARAM_HTTPS_PROXY - value: $(params.httpsProxy) - - name: PARAM_NO_PROXY - value: $(params.noProxy) - - name: PARAM_VERBOSE - value: $(params.verbose) - - name: PARAM_SPARSE_CHECKOUT_DIRECTORIES - value: $(params.sparseCheckoutDirectories) - - name: PARAM_USER_HOME - value: $(params.userHome) - - name: WORKSPACE_OUTPUT_PATH - value: $(workspaces.output.path) - - name: WORKSPACE_SSH_DIRECTORY_BOUND - value: $(workspaces.ssh-directory.bound) - - name: WORKSPACE_SSH_DIRECTORY_PATH - value: $(workspaces.ssh-directory.path) - - name: WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND - value: $(workspaces.basic-auth.bound) - - name: WORKSPACE_BASIC_AUTH_DIRECTORY_PATH - value: $(workspaces.basic-auth.path) - - name: WORKSPACE_SSL_CA_DIRECTORY_BOUND - value: $(workspaces.ssl-ca-directory.bound) - - name: WORKSPACE_SSL_CA_DIRECTORY_PATH - value: $(workspaces.ssl-ca-directory.path) - securityContext: - runAsNonRoot: true - runAsUser: 65532 - volumeMounts: - - mountPath: "$(params.userHome)" - name: home - script: | - #!/usr/bin/env sh - set -eu - - if [ "${PARAM_VERBOSE}" = "true" ] ; then - set -x - fi - - if [ "${WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND}" = "true" ] ; then - cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials" "${PARAM_USER_HOME}/.git-credentials" - cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig" "${PARAM_USER_HOME}/.gitconfig" - chmod 400 "${PARAM_USER_HOME}/.git-credentials" - chmod 400 "${PARAM_USER_HOME}/.gitconfig" - fi - - if [ "${WORKSPACE_SSH_DIRECTORY_BOUND}" = "true" ] ; then - cp -R "${WORKSPACE_SSH_DIRECTORY_PATH}" "${PARAM_USER_HOME}"/.ssh - chmod 700 "${PARAM_USER_HOME}"/.ssh - chmod -R 400 "${PARAM_USER_HOME}"/.ssh/* - fi - - if [ "${WORKSPACE_SSL_CA_DIRECTORY_BOUND}" = "true" ] ; then - export GIT_SSL_CAPATH="${WORKSPACE_SSL_CA_DIRECTORY_PATH}" - if [ "${PARAM_CRT_FILENAME}" != "" ] ; then - export GIT_SSL_CAINFO="${WORKSPACE_SSL_CA_DIRECTORY_PATH}/${PARAM_CRT_FILENAME}" - fi - fi - CHECKOUT_DIR="${WORKSPACE_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}" - - cleandir() { - # Delete any existing contents of the repo directory if it exists. - # - # We don't just "rm -rf ${CHECKOUT_DIR}" because ${CHECKOUT_DIR} might be "/" - # or the root of a mounted volume. - if [ -d "${CHECKOUT_DIR}" ] ; then - # Delete non-hidden files and directories - rm -rf "${CHECKOUT_DIR:?}"/* - # Delete files and directories starting with . but excluding .. - rm -rf "${CHECKOUT_DIR}"/.[!.]* - # Delete files and directories starting with .. plus any other character - rm -rf "${CHECKOUT_DIR}"/..?* - fi - } - - if [ "${PARAM_DELETE_EXISTING}" = "true" ] ; then - cleandir || true - fi - - test -z "${PARAM_HTTP_PROXY}" || export HTTP_PROXY="${PARAM_HTTP_PROXY}" - test -z "${PARAM_HTTPS_PROXY}" || export HTTPS_PROXY="${PARAM_HTTPS_PROXY}" - test -z "${PARAM_NO_PROXY}" || export NO_PROXY="${PARAM_NO_PROXY}" - - FETCH_CMD="" - if [ $PARAM_DEPTH -gt 0 ];then - FETCH_CMD="${FETCH_CMD} --depth $PARAM_DEPTH" - fi - git config --global --add safe.directory "${WORKSPACE_OUTPUT_PATH}" - git config --global --add http.sslVerify "${PARAM_SSL_VERIFY}" - cd "${CHECKOUT_DIR}" - git init - if [ "${PARAM_SPARSE_CHECKOUT_DIRECTORIES}" != "" ];then - git config --global --add core.sparsecheckout true - mkdir -p .git/info/ - echo "${PARAM_SPARSE_CHECKOUT_DIRECTORIES}"|sed 's/,/\n/'>.git/info/sparse-checkout - chmod 644 .git/info/sparse-checkout - fi - git remote add origin "${PARAM_URL}" - git fetch "--recurse-submodules=${PARAM_SUBMODULES}" $FETCH_CMD origin --update-head-ok --force - git reset --hard "${PARAM_REVISION}" - cd "${CHECKOUT_DIR}" - RESULT_SHA="$(git rev-parse HEAD)" - EXIT_CODE="$?" - if [ "${EXIT_CODE}" != 0 ] ; then - exit "${EXIT_CODE}" - fi - RESULT_COMMITTER_DATE="$(git log -1 --pretty=%ct)" - printf "%s" "${RESULT_COMMITTER_DATE}" > "$(results.committer-date.path)" - printf "%s" "${RESULT_SHA}" > "$(results.commit.path)" - printf "%s" "${PARAM_URL}" > "$(results.url.path)" \ No newline at end of file diff --git a/share/gitea-tekton-org/tekton.dev_v1beta1_Task_git-version.yaml b/share/gitea-tekton-org/tekton.dev_v1beta1_Task_git-version.yaml deleted file mode 100644 index 59b7549..0000000 --- a/share/gitea-tekton-org/tekton.dev_v1beta1_Task_git-version.yaml +++ /dev/null @@ -1,52 +0,0 @@ ---- -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: git-version - labels: - app.kubernetes.io/version: "0.1" - annotations: - tekton.dev/pipelines.minVersion: "0.12.0" - tekton.dev/displayName: "git version" - tekton.dev/categories: Git - tekton.dev/tags: git - tekton.dev/platforms: "linux/amd64" -spec: - description: >- - This task can be used to create a version from git history - params: - - name: gitversion-image - default: gittools/gitversion:6.0.0-alpine.3.18-7.0 - description: The name of the toolbox image - type: string - - name: branch - type: string - results: - - description: The calculated git version you could use for git tagging e.g. "0.1.0-tektonize.1-188" - name: gitVersion - - description: A normalized version for use in container images e.g. "0.1.0-tektonize.1-188" - name: packageVersion - - name: shortSHA - steps: - - name: set-git-version - image: $(params.gitversion-image) - workingDir: $(workspaces.source.path) - script: | - #!/usr/bin/env ash - git switch $(params.branch) - ShortSha=$(/tools/dotnet-gitversion . /showvariable ShortSha) - echo -n "ShortSha: " - echo -n "${ShortSha}" | tee $(results.shortSHA.path) - echo - FullSemVer=$(/tools/dotnet-gitversion . /showvariable FullSemVer) - echo "FullSemVer: " - echo -n "${FullSemVer}" | tee $(results.gitVersion.path) - echo - # normalize a bit because - # image tags can only contain `abcdefghijklmnopqrstuvwxyz0123456789_-.ABCDEFGHIJKLMNOPQRSTUVWXYZ` - packageVersion=$(echo -n $FullSemVer | sed 's/[^-._0-9A-Za-z]/-/g'|sed 's/-/-beta./') - echo -n "packageVersion: " - echo -n "${packageVersion}" | tee $(results.packageVersion.path) - workspaces: - - name: source - description: A workspace that contains the fetched git repository to create a version for. \ No newline at end of file diff --git a/share/gitea-tekton-org/v1_ConfigMap_auto-cd-templates.yaml b/share/gitea-tekton-org/v1_ConfigMap_auto-cd-templates.yaml deleted file mode 100644 index 8df0cc7..0000000 --- a/share/gitea-tekton-org/v1_ConfigMap_auto-cd-templates.yaml +++ /dev/null @@ -1,771 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: auto-cd-templates -data: - functions.sh: |- - added=0 - copy() { - local src=${TEMPLATE_ROOT}/$1 dest=$2 - if [ ! -f $dest ];then - cp "$src" "$dest" - git add "$dest" - added=$(($added+1)) - fi - } - template() { - local src=${TEMPLATE_ROOT}/$1 dest=$2 - if [ ! -f $dest ];then - envsubst '$ARTIFACTORY_URL,$DOMAIN,$DOMAIN_NAME,$ISSUER_NAME,$PROJECT_NAME,$PROJECT_PATH,$GIT_REPOSITORY_URL,$DEPLOY_URL,$STAGE,$ORG_NAME,$NAMESPACE' <"$src" >"$dest" - git add "$dest" - added=$(($added+1)) - fi - } - git_push() { - local message=$1 - if [ $added -ne 0 ];then - git commit -am "$message" - git push - fi - } - cleanup() { - rm -rf .* * || true - } - del_resources() { - local ress="$1" file="$2" - yq -i 'del(.resources[]|select(.=="'"$ress"'"))' "$file" - git add "$file" - added=$(($added+1)) - } - add_resources() { - local ress="$1" file="$2" - del_resources "$@" - yq -i '.resources += "'"$ress"'"' "$file" - git add "$file" - added=$(($added+1)) - } - git_prepare() { - local url="$1" username="$2" email="$3" - mkdir -p "${HOME}/.ssh" - cp "${WORKSPACE_SSH_DIRECTORY_PATH}"/* "${HOME}/.ssh" - chmod 700 "${HOME}/.ssh" - chmod 400 "${HOME}/.ssh"/* - git config --global user.name "$username" - git config --global user.email "$email" - git clone "$url" --branch main --depth 1 . - } - install_base() { - mkdir -p bases/project bases/install bases/deploy bases/images bases/trigger-push bases/trigger-tag ci - copy empty-kusto.yaml "ci/kustomization.yaml" - copy yamllint.yaml .yamllint.yaml - copy base-repo.yaml bases/images/repo.yaml - copy images-kusto.yaml bases/images/kustomization.yaml - copy base-deploy.yaml bases/project/deploy.yaml - copy base-secret.yaml bases/project/secret.yaml - copy base-config.yaml bases/project/config.yaml - copy base-service.yaml bases/project/service.yaml - copy base-kusto.yaml bases/project/kustomization.yaml - copy install-install.yaml bases/install/install.yaml - copy install-kusto.yaml bases/install/kustomization.yaml - copy deploy-kusto.yaml bases/deploy/kustomization.yaml - copy trigger-kusto.yaml bases/trigger-tag/kustomization.yaml - copy trigger-tag.yaml bases/trigger-tag/trigger.yaml - copy trigger-kusto.yaml bases/trigger-push/kustomization.yaml - copy trigger-push.yaml bases/trigger-push/trigger.yaml - template base-update.yaml.tmpl bases/images/update.yaml - template base-cert.yaml.tmpl bases/project/cert.yaml - template deploy-repo.yaml.tmpl bases/deploy/repo.yaml - if [ -f README.md ] && [ $(wc -l < README.md) -eq 2 ];then - rm README.md - fi - copy README.md README.md - } - create_prj() { - export ORG_NAME=$(echo ${PROJECT_PATH}|sed 's#/.*##') - mkdir -p "projects/${PROJECT_NAME}" "ci/${PROJECT_NAME}" - template ci-kusto.yaml.tmpl "ci/${PROJECT_NAME}/kustomization.yaml" - add_resources "${PROJECT_NAME}" "ci/kustomization.yaml" - template project-kusto.yaml.tmpl "projects/${PROJECT_NAME}/kustomization.yaml" - while [ $# -gt 0 ];do - export STAGE=$1 - mkdir -p "stages/${STAGE}/${PROJECT_NAME}" "stages/${STAGE}/deploy/${PROJECT_NAME}" - template deploy-project-kusto.yaml.tmpl "stages/${STAGE}/deploy/${PROJECT_NAME}/kustomization.yaml" - if [ "${STAGE}" == "prod" ] || [ "${STAGE}" == "production" ];then - template deploy-policy-tag.yaml.tmpl "stages/${STAGE}/deploy/${PROJECT_NAME}/policy.yaml" - else - template deploy-policy-default.yaml.tmpl "stages/${STAGE}/deploy/${PROJECT_NAME}/policy.yaml" - fi - copy empty-kusto.yaml "stages/${STAGE}/deploy/kustomization.yaml" - del_resources "../../../bases/deploy" "stages/${STAGE}/deploy/kustomization.yaml" - template stage-kusto.yaml.tmpl "stages/${STAGE}/${PROJECT_NAME}/kustomization.yaml" - template stage-ingress.yaml.tmpl "stages/${STAGE}/${PROJECT_NAME}/ingress.yaml" - template stage-cert.yaml.tmpl "stages/${STAGE}/${PROJECT_NAME}/cert.yaml" - template stage-config.yaml.tmpl "stages/${STAGE}/${PROJECT_NAME}/config.yaml" - shift - done - } - activate_prj() { - export ORG_NAME=$(echo ${PROJECT_PATH}|sed 's#/.*##') - while [ $# -gt 0 ];do - export STAGE=$1 - add_resources "${PROJECT_NAME}" "stages/${STAGE}/deploy/kustomization.yaml" - shift - done - } - delete_prj() { - rm -rf "projects/${PROJECT_NAME}" - while [ $# -gt 0 ];do - export STAGE=$1 - rm -rf "stages/${STAGE}/${PROJECT_NAME}" "stages/${STAGE}/deploy/${PROJECT_NAME}" - del_resources "${PROJECT_NAME}" "stages/${STAGE}/deploy/kustomization.yaml" - del_resources "${PROJECT_NAME}" "ci/kustomization.yaml" - shift - done - } - ci-kusto.yaml.tmpl: |- - --- - apiVersion: kustomize.config.k8s.io/v1beta1 - kind: Kustomization - namePrefix: ${PROJECT_NAME}- - resources: - - ../../bases/trigger-push - - ../../bases/trigger-tag - patches: - - target: - kind: Trigger - name: push - patch: |- - - op: replace - path: /spec/template/spec/resourcetemplates/0/spec/pipelineRef/name - value: auto-ci-push - - target: - kind: Trigger - name: push - patch: |- - apiVersion: triggers.tekton.dev/v1beta1 - kind: Trigger - metadata: - name: "push" - spec: - interceptors: - - name: project-name - ref: - kind: ClusterInterceptor - name: cel - params: - - name: filter - value: body.repository.name == '${PROJECT_NAME}' - - target: - kind: Trigger - name: tag - patch: |- - - op: replace - path: /spec/template/spec/resourcetemplates/0/spec/pipelineRef/name - value: auto-ci-tag - - target: - kind: Trigger - name: tag - patch: |- - apiVersion: triggers.tekton.dev/v1beta1 - kind: Trigger - metadata: - name: "tag" - spec: - interceptors: - - name: project-name - ref: - kind: ClusterInterceptor - name: cel - params: - - name: filter - value: body.repository.name == '${PROJECT_NAME}' - deploy-project-kusto.yaml.tmpl: |- - --- - apiVersion: kustomize.config.k8s.io/v1beta1 - kind: Kustomization - namePrefix: ${PROJECT_NAME}- - commonLabels: - app.kubernetes.io/name: ${ORG_NAME} - app.kubernetes.io/component: ${PROJECT_NAME} - component: ${PROJECT_NAME} - resources: - - ../../../../bases/install - - ../../../../bases/images - - policy.yaml - patches: - - target: - kind: ImageRepository - name: repo - patch: |- - apiVersion: image.toolkit.fluxcd.io/v1beta2 - kind: ImageRepository - metadata: - name: repo - spec: - image: ${ARTIFACTORY_URL}/${PROJECT_PATH} - - target: - kind: Kustomization - name: install - patch: |- - apiVersion: kustomize.toolkit.fluxcd.io/v1 - kind: Kustomization - metadata: - name: install - spec: - path: "./stages/${STAGE}/${PROJECT_NAME}" - targetNamespace: "${DOMAIN}-org-${ORG_NAME}-${STAGE}" - - target: - kind: ImageUpdateAutomation - name: update - patch: |- - apiVersion: image.toolkit.fluxcd.io/v1beta1 - kind: ImageUpdateAutomation - metadata: - name: update - spec: - update: - path: ./stages/${STAGE}/${PROJECT_NAME} - deploy-policy-tag.yaml.tmpl: |- - apiVersion: image.toolkit.fluxcd.io/v1beta2 - kind: ImagePolicy - metadata: - name: policy - labels: - app.kubernetes.io/component: ${PROJECT_NAME} - app.kubernetes.io/name: ${ORG_NAME} - component: ${PROJECT_NAME} - spec: - imageRepositoryRef: - name: ${PROJECT_NAME}-repo - filterTags: - pattern: '^v(?P.*)$' - extract: '$semver' - policy: - semver: - range: '>=0.1.0' - deploy-policy-default.yaml.tmpl: |- - apiVersion: image.toolkit.fluxcd.io/v1beta2 - kind: ImagePolicy - metadata: - name: policy - labels: - app.kubernetes.io/component: ${PROJECT_NAME} - app.kubernetes.io/name: ${ORG_NAME} - component: ${PROJECT_NAME} - spec: - imageRepositoryRef: - name: ${PROJECT_NAME}-repo - filterTags: - pattern: '^main-(?P.*)$' - extract: '$semver' - policy: - semver: - range: '>=0.1.0' - README.md: |- - # Deployment configuration - Only valid if FluxCD is activated in the cluster - ## File structure - - `ci/`: Configuration for Tekton pipeline for . Should contain triggers and pipelines. - - `projects/`: Global configuration for deployment, affect every stages - - `stages//`: Configuration for deployment in the plateform - - `stages//deploy`: FluxCD configuration for , should be deployed on that stage namespace as it deploy everything needed to deploy the projects - trigger-kusto.yaml: |- - --- - apiVersion: kustomize.config.k8s.io/v1beta1 - kind: Kustomization - resources: - - trigger.yaml - trigger-push.yaml: |- - apiVersion: triggers.tekton.dev/v1beta1 - kind: Trigger - metadata: - name: "push" - labels: - type: branch-push - spec: - bindings: - - name: artifactory-url - value: "$(extensions.artifactory-url)" - - name: project-name - value: "$(extensions.project-name)" - - name: project-path - value: "$(extensions.project-path)" - - name: git-repository-url - value: "$(extensions.git-repository-url)" - - name: git-revision - value: "$(extensions.git-revision)" - - name: branch-name - value: "$(extensions.branch-name)" - - name: git-default-branch - value: "$(extensions.git-default-branch)" - - name: generate-name - value: "$(extensions.generate-name)" - template: - spec: - params: - - name: artifactory-url - description: The url of the current artifactory - - name: project-name - description: The git repository name - - name: project-path - description: The path of the current project - - name: git-repository-url - description: The git repository url - - name: git-revision - description: The git revision - default: main - - name: git-default-branch - description: The git revision - default: main - - name: branch-name - description: The git branch - default: main - - name: generate-name - resourcetemplates: - - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - generateName: $(tt.params.generate-name)- - annotations: - "mayfly.cloud.namecheap.com/expire": "336h" # 2 weeks - spec: - pipelineRef: - name: "auto-ci-push" - params: - - name: artifactory-url - value: $(tt.params.artifactory-url) - - name: project-name - value: $(tt.params.project-name) - - name: project-path - value: $(tt.params.project-path) - - name: git-url - value: $(tt.params.git-repository-url) - - name: git-revision - value: $(tt.params.git-revision) - - name: git-default-branch - value: $(tt.params.git-default-branch) - - name: branch-name - value: $(tt.params.branch-name) - workspaces: - - name: source - persistentVolumeClaim: - claimName: source - subPath: $(tt.params.git-revision) - - name: dockerconfig - secret: - secretName: gitea-docker - items: - - key: ".dockerconfigjson" - path: "config.json" - - name: sslcertdir - secret: - secretName: gitea - items: - - key: "ca.crt" - path: "ca.crt" - - name: ssh - secret: - secretName: ssh-credentials - items: - - key: "known_hosts" - path: "known_hosts" - - key: "ssh-privatekey" - path: "id_rsa" - - key: "ssh-publickey" - path: "id_rsa.pub" - trigger-tag.yaml: |- - apiVersion: triggers.tekton.dev/v1beta1 - kind: Trigger - metadata: - name: "tag" - labels: - type: tag-push - spec: - bindings: - - name: artifactory-url - value: "$(extensions.artifactory-url)" - - name: project-name - value: "$(extensions.project-name)" - - name: project-path - value: "$(extensions.project-path)" - - name: git-repository-url - value: "$(extensions.git-repository-url)" - - name: git-revision - value: "$(extensions.git-revision)" - - name: tag-name - value: $(extensions.tag-name) - - name: generate-name - value: "$(extensions.generate-name)" - template: - spec: - params: - - name: artifactory-url - description: The url of the current artifactory - - name: project-name - description: The git repository name - - name: project-path - description: The path of the current project - - name: git-repository-url - description: The git repository url - - name: git-revision - description: The git revision - default: main - - name: tag-name - description: The git tag - - name: generate-name - resourcetemplates: - - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - generateName: $(tt.params.generate-name)- - annotations: - "mayfly.cloud.namecheap.com/expire": "1440h" # 2 months - spec: - pipelineRef: - name: "auto-ci-tag" - params: - - name: artifactory-url - value: $(tt.params.artifactory-url) - - name: project-name - value: $(tt.params.project-name) - - name: project-path - value: $(tt.params.project-path) - - name: git-url - value: $(tt.params.git-repository-url) - - name: git-revision - value: $(tt.params.git-revision) - - name: tag-name - value: $(tt.params.tag-name) - workspaces: - - name: source - persistentVolumeClaim: - claimName: source - subPath: $(tt.params.git-revision) - - name: dockerconfig - secret: - secretName: gitea-docker - items: - - key: ".dockerconfigjson" - path: "config.json" - - name: sslcertdir - secret: - secretName: gitea - items: - - key: "ca.crt" - path: "ca.crt" - - name: ssh - secret: - secretName: ssh-credentials - items: - - key: "known_hosts" - path: "known_hosts" - - key: "ssh-privatekey" - path: "id_rsa" - - key: "ssh-publickey" - path: "id_rsa.pub" - empty-kusto.yaml: |- - apiVersion: kustomize.config.k8s.io/v1beta1 - kind: Kustomization - resources: - images-kusto.yaml: |- - apiVersion: kustomize.config.k8s.io/v1beta1 - kind: Kustomization - resources: - - repo.yaml - - update.yaml - stage-kusto.yaml.tmpl: |- - apiVersion: kustomize.config.k8s.io/v1beta1 - kind: Kustomization - resources: - - ../../../projects/${PROJECT_NAME} - - ingress.yaml - commonLabels: - app.kubernetes.io/instance: ${STAGE} - images: - - name: appli - newName: ${ARTIFACTORY_URL}/${ORG_NAME}/${PROJECT_NAME} - newTag: latest # {"$imagepolicy": "${DOMAIN}-org-${ORG_NAME}-${STAGE}:${PROJECT_NAME}-policy:tag"} - patches: - - target: - kind: ConfigMap - name: ${PROJECT_NAME}-config - path: config.yaml - - target: - kind: Certificate - name: ${PROJECT_NAME}-web - path: cert.yaml - stage-ingress.yaml.tmpl: |- - --- - apiVersion: networking.k8s.io/v1 - kind: Ingress - metadata: - name: ${PROJECT_NAME}-web - labels: - app.kubernetes.io/component: ${PROJECT_NAME} - app.kubernetes.io/name: ${ORG_NAME} - component: ${PROJECT_NAME} - spec: - tls: - - hosts: - - ${PROJECT_NAME}.${STAGE}.${ORG_NAME}.${DOMAIN_NAME} - secretName: cert - rules: - - host: ${PROJECT_NAME}.${STAGE}.${ORG_NAME}.${DOMAIN_NAME} - http: - paths: - - backend: - service: - name: svc - port: - number: 80 - path: / - pathType: Prefix - stage-cert.yaml.tmpl: |- - apiVersion: cert-manager.io/v1 - kind: Certificate - metadata: - name: ${PROJECT_NAME}-web - spec: - secretName: ${PROJECT_NAME}-cert - dnsNames: - - ${PROJECT_NAME}.${STAGE}.${ORG_NAME}.${DOMAIN_NAME} - stage-config.yaml.tmpl: |- - apiVersion: v1 - kind: ConfigMap - metadata: - name: ${PROJECT_NAME}-config - data: - ENV_VAR_NAME: env_var_value - yamllint.yaml: |- - --- - extends: default - rules: - document-start: - present: true - empty-lines: - max-end: 1 - indentation: - spaces: 2 - indent-sequences: false - line-length: disable - colons: - max-spaces-after: -1 - base-kusto.yaml: |- - --- - apiVersion: kustomize.config.k8s.io/v1beta1 - kind: Kustomization - - resources: - - cert.yaml - - deploy.yaml - - service.yaml - - config.yaml - - secret.yaml - base-update.yaml.tmpl: |- - --- - apiVersion: image.toolkit.fluxcd.io/v1beta1 - kind: ImageUpdateAutomation - metadata: - name: update - spec: - interval: 5m - sourceRef: - kind: GitRepository - name: deploy-git - git: - checkout: - ref: - branch: main - commit: - author: - email: fluxcd.automation@${ARTIFACTORY_URL} - name: fluxcd - messageTemplate: | - Automated image update: {{ .AutomationObject }} - - Files: - {{ range $filename, $_ := .Updated.Files -}} - - {{ $filename }} - {{ end -}} - - Objects: - {{ range $resource, $_ := .Updated.Objects -}} - - {{ $resource.Kind }} {{ $resource.Name }} - {{ end -}} - - Images: - {{ range .Updated.Images -}} - - {{.}} - {{ end -}} - {{- $ChangeId := .AutomationObject -}} - {{- $ChangeId = printf "%s-%s" $ChangeId ( .Updated.Files | toString ) -}} - {{- $ChangeId = printf "%s-%s" $ChangeId ( .Updated.Objects | toString ) -}} - {{- $ChangeId = printf "%s-%s" $ChangeId ( .Updated.Images | toString ) }} - Change-Name: {{ $ChangeId }} - Change-Id: {{ printf "I%s" ( sha256sum $ChangeId | trunc 40 ) }} - push: - branch: main - update: - strategy: Setters - base-repo.yaml: |- - --- - apiVersion: image.toolkit.fluxcd.io/v1beta2 - kind: ImageRepository - metadata: - name: repo - spec: - interval: 5m - provider: generic - secretRef: - name: gitea-docker - certSecretRef: - name: ssh-credentials-flux - base-cert.yaml.tmpl: |- - --- - apiVersion: cert-manager.io/v1 - kind: Certificate - metadata: - name: web - spec: - issuerRef: - group: cert-manager.io - kind: ClusterIssuer - name: ${ISSUER_NAME} - base-deploy.yaml: |- - --- - apiVersion: apps/v1 - kind: Deployment - metadata: - name: app - spec: - replicas: 1 - selector: - template: - spec: - securityContext: - runAsGroup: 1000 - runAsUser: 1000 - fsGroup: 1000 - containers: - - name: app - image: appli - imagePullPolicy: IfNotPresent - envFrom: - - configMapRef: - name: "config" - - secretRef: - name: "secret" - base-secret.yaml: |- - --- - apiVersion: v1 - kind: Secret - metadata: - name: "secret" - annotations: - gramo.solidite.fr/no-parent: "true" - labels: - k8up.io/backup: "true" - type: Opaque - base-config.yaml: |- - --- - apiVersion: v1 - kind: ConfigMap - metadata: - name: "config" - labels: - k8up.io/backup: "true" - data: - base-service.yaml: |- - --- - apiVersion: v1 - kind: Service - metadata: - name: svc - spec: - ports: - - name: app - port: 80 - protocol: TCP - targetPort: app - type: ClusterIP - install-install.yaml: |- - --- - apiVersion: kustomize.toolkit.fluxcd.io/v1 - kind: Kustomization - metadata: - name: install - spec: - interval: 5m - sourceRef: - kind: GitRepository - name: deploy-git - prune: true - timeout: 1m - install-kusto.yaml: |- - --- - apiVersion: kustomize.config.k8s.io/v1beta1 - kind: Kustomization - - resources: - - install.yaml - deploy-repo.yaml.tmpl: |- - --- - apiVersion: source.toolkit.fluxcd.io/v1 - kind: GitRepository - metadata: - name: git - spec: - interval: 5m0s - url: ${DEPLOY_URL} - ref: - branch: main - secretRef: - name: ssh-credentials - deploy-kusto.yaml: |- - --- - apiVersion: kustomize.config.k8s.io/v1beta1 - kind: Kustomization - namePrefix: deploy- - resources: - - repo.yaml - - ../install - project-kusto.yaml.tmpl: |- - --- - apiVersion: kustomize.config.k8s.io/v1beta1 - kind: Kustomization - - namePrefix: ${PROJECT_NAME}- - commonLabels: - app.kubernetes.io/name: ${ORG_NAME} - app.kubernetes.io/component: ${PROJECT_NAME} - component: ${PROJECT_NAME} - - resources: - - ../../bases/project - - patches: - - target: - kind: Deployment - name: app - patch: |- - apiVersion: apps/v1 - kind: Deployment - metadata: - name: app - annotations: - configmap.reloader.stakater.com/reload: "${PROJECT_NAME}-config" - secret.reloader.stakater.com/reload: "${PROJECT_NAME}-secret" - spec: - selector: - template: - spec: - securityContext: - runAsGroup: 1000 - runAsUser: 1000 - fsGroup: 1000 - containers: - - name: app - ports: - - name: app - containerPort: 8080 - protocol: TCP \ No newline at end of file