vynil/domain-incoming
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2024-06-01 15:08:02 +02:00
parent a55965fe13
commit 8944d1380e
21 changed files with 2086 additions and 2163 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
share/gitea-tekton-org/auto-ci.tf → share/gitea-tekton-org/auto.tf
View File

@@ -84,7 +84,7 @@ resource "kubectl_manifest" "auto-ci-detector" {
- name: detect-stages
image: $(params.toolbox-image)
workingDir: $(workspaces.source.path)
script: ${jsonencode(file("${path.module}/auto-ci-detector.py"))}
script: ${jsonencode(file("${path.module}/auto_ci_detector.py"))}
workspaces:
- name: source
mountPath: /data

661
share/gitea-tekton-org/auto_ConfigMap.tf Normal file
View File

@@ -0,0 +1,661 @@
resource "kubectl_manifest" "ConfigMap_auto-cd-templates" {
yaml_body = <<-EOF
apiVersion: v1
kind: ConfigMap
metadata:
name: auto-cd-templates
namespace: ${var.namespace}
ownerReferences: ${jsonencode(var.install_owner)}
labels: ${jsonencode(local.common_labels)}
data:
functions.sh: ${jsonencode(file("${path.module}/functions.sh"))}
ci-kusto.yaml.tmpl: |-
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namePrefix: $${PROJECT_NAME}-
resources:
- ../../bases/trigger-push
- ../../bases/trigger-tag
patches:
- target:
kind: Trigger
name: push
patch: |-
- op: replace
path: /spec/template/spec/resourcetemplates/0/spec/pipelineRef/name
value: auto-ci-push
- target:
kind: Trigger
name: push
patch: |-
apiVersion: triggers.tekton.dev/v1beta1
kind: Trigger
metadata:
name: "push"
spec:
interceptors:
- name: project-name
ref:
kind: ClusterInterceptor
name: cel
params:
- name: filter
value: body.repository.name == '$${PROJECT_NAME}'
- target:
kind: Trigger
name: tag
patch: |-
- op: replace
path: /spec/template/spec/resourcetemplates/0/spec/pipelineRef/name
value: auto-ci-tag
- target:
kind: Trigger
name: tag
patch: |-
apiVersion: triggers.tekton.dev/v1beta1
kind: Trigger
metadata:
name: "tag"
spec:
interceptors:
- name: project-name
ref:
kind: ClusterInterceptor
name: cel
params:
- name: filter
value: body.repository.name == '$${PROJECT_NAME}'
deploy-project-kusto.yaml.tmpl: |-
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namePrefix: $${PROJECT_NAME}-
commonLabels:
app.kubernetes.io/name: $${ORG_NAME}
app.kubernetes.io/component: $${PROJECT_NAME}
component: $${PROJECT_NAME}
resources:
- ../../../../bases/install
- ../../../../bases/images
- policy.yaml
patches:
- target:
kind: ImageRepository
name: repo
patch: |-
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImageRepository
metadata:
name: repo
spec:
image: $${ARTIFACTORY_URL}/$${PROJECT_PATH}
- target:
kind: Kustomization
name: install
patch: |-
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: install
spec:
path: "./stages/$${STAGE}/$${PROJECT_NAME}"
targetNamespace: "$${DOMAIN}-org-$${ORG_NAME}-$${STAGE}"
- target:
kind: ImageUpdateAutomation
name: update
patch: |-
apiVersion: image.toolkit.fluxcd.io/v1beta1
kind: ImageUpdateAutomation
metadata:
name: update
spec:
update:
path: ./stages/$${STAGE}/$${PROJECT_NAME}
deploy-policy-tag.yaml.tmpl: |-
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImagePolicy
metadata:
name: policy
labels:
app.kubernetes.io/component: $${PROJECT_NAME}
app.kubernetes.io/name: $${ORG_NAME}
component: $${PROJECT_NAME}
spec:
imageRepositoryRef:
name: $${PROJECT_NAME}-repo
filterTags:
pattern: '^v(?P<semver>.*)$'
extract: '$semver'
policy:
semver:
range: '>=0.1.0'
deploy-policy-default.yaml.tmpl: |-
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImagePolicy
metadata:
name: policy
labels:
app.kubernetes.io/component: $${PROJECT_NAME}
app.kubernetes.io/name: $${ORG_NAME}
component: $${PROJECT_NAME}
spec:
imageRepositoryRef:
name: $${PROJECT_NAME}-repo
filterTags:
pattern: '^main-(?P<semver>.*)$'
extract: '$semver'
policy:
semver:
range: '>=0.1.0'
README.md: |-
# Deployment configuration
Only valid if FluxCD is activated in the cluster
## File structure
- `ci/<project_name>`: Configuration for Tekton pipeline for <project_name>. Should contain triggers and pipelines.
- `projects/<project_name>`: Global configuration for <project_name> deployment, affect every stages
- `stages/<stage>/<project_name>`: Configuration for <project_name> deployment in the <stage> plateform
- `stages/<stage>/deploy`: FluxCD configuration for <stage>, should be deployed on that stage namespace as it deploy everything needed to deploy the projects
trigger-kusto.yaml: |-
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- trigger.yaml
trigger-push.yaml: |-
apiVersion: triggers.tekton.dev/v1beta1
kind: Trigger
metadata:
name: "push"
labels:
type: branch-push
spec:
bindings:
- name: artifactory-url
value: "$(extensions.artifactory-url)"
- name: project-name
value: "$(extensions.project-name)"
- name: project-path
value: "$(extensions.project-path)"
- name: git-repository-url
value: "$(extensions.git-repository-url)"
- name: git-revision
value: "$(extensions.git-revision)"
- name: branch-name
value: "$(extensions.branch-name)"
- name: git-default-branch
value: "$(extensions.git-default-branch)"
- name: generate-name
value: "$(extensions.generate-name)"
template:
spec:
params:
- name: artifactory-url
description: The url of the current artifactory
- name: project-name
description: The git repository name
- name: project-path
description: The path of the current project
- name: git-repository-url
description: The git repository url
- name: git-revision
description: The git revision
default: main
- name: git-default-branch
description: The git revision
default: main
- name: branch-name
description: The git branch
default: main
- name: generate-name
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: $(tt.params.generate-name)-
annotations:
"mayfly.cloud.namecheap.com/expire": "336h" # 2 weeks
spec:
pipelineRef:
name: "auto-ci-push"
params:
- name: artifactory-url
value: $(tt.params.artifactory-url)
- name: project-name
value: $(tt.params.project-name)
- name: project-path
value: $(tt.params.project-path)
- name: git-url
value: $(tt.params.git-repository-url)
- name: git-revision
value: $(tt.params.git-revision)
- name: git-default-branch
value: $(tt.params.git-default-branch)
- name: branch-name
value: $(tt.params.branch-name)
workspaces:
- name: source
persistentVolumeClaim:
claimName: source
subPath: $(tt.params.git-revision)
- name: dockerconfig
secret:
secretName: gitea-docker
items:
- key: ".dockerconfigjson"
path: "config.json"
- name: sslcertdir
secret:
secretName: gitea
items:
- key: "ca.crt"
path: "ca.crt"
- name: ssh
secret:
secretName: ssh-credentials
items:
- key: "known_hosts"
path: "known_hosts"
- key: "ssh-privatekey"
path: "id_rsa"
- key: "ssh-publickey"
path: "id_rsa.pub"
trigger-tag.yaml: |-
apiVersion: triggers.tekton.dev/v1beta1
kind: Trigger
metadata:
name: "tag"
labels:
type: tag-push
spec:
bindings:
- name: artifactory-url
value: "$(extensions.artifactory-url)"
- name: project-name
value: "$(extensions.project-name)"
- name: project-path
value: "$(extensions.project-path)"
- name: git-repository-url
value: "$(extensions.git-repository-url)"
- name: git-revision
value: "$(extensions.git-revision)"
- name: tag-name
value: $(extensions.tag-name)
- name: generate-name
value: "$(extensions.generate-name)"
template:
spec:
params:
- name: artifactory-url
description: The url of the current artifactory
- name: project-name
description: The git repository name
- name: project-path
description: The path of the current project
- name: git-repository-url
description: The git repository url
- name: git-revision
description: The git revision
default: main
- name: tag-name
description: The git tag
- name: generate-name
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: $(tt.params.generate-name)-
annotations:
"mayfly.cloud.namecheap.com/expire": "1440h" # 2 months
spec:
pipelineRef:
name: "auto-ci-tag"
params:
- name: artifactory-url
value: $(tt.params.artifactory-url)
- name: project-name
value: $(tt.params.project-name)
- name: project-path
value: $(tt.params.project-path)
- name: git-url
value: $(tt.params.git-repository-url)
- name: git-revision
value: $(tt.params.git-revision)
- name: tag-name
value: $(tt.params.tag-name)
workspaces:
- name: source
persistentVolumeClaim:
claimName: source
subPath: $(tt.params.git-revision)
- name: dockerconfig
secret:
secretName: gitea-docker
items:
- key: ".dockerconfigjson"
path: "config.json"
- name: sslcertdir
secret:
secretName: gitea
items:
- key: "ca.crt"
path: "ca.crt"
- name: ssh
secret:
secretName: ssh-credentials
items:
- key: "known_hosts"
path: "known_hosts"
- key: "ssh-privatekey"
path: "id_rsa"
- key: "ssh-publickey"
path: "id_rsa.pub"
empty-kusto.yaml: |-
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
images-kusto.yaml: |-
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- repo.yaml
- update.yaml
stage-kusto.yaml.tmpl: |-
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../projects/$${PROJECT_NAME}
- ingress.yaml
commonLabels:
app.kubernetes.io/instance: $${STAGE}
images:
- name: appli
newName: $${ARTIFACTORY_URL}/$${ORG_NAME}/$${PROJECT_NAME}
newTag: latest # {"$imagepolicy": "$${DOMAIN}-org-$${ORG_NAME}-$${STAGE}:$${PROJECT_NAME}-policy:tag"}
patches:
- target:
kind: ConfigMap
name: $${PROJECT_NAME}-config
path: config.yaml
- target:
kind: Certificate
name: $${PROJECT_NAME}-web
path: cert.yaml
stage-ingress.yaml.tmpl: |-
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: $${PROJECT_NAME}-web
labels:
app.kubernetes.io/component: $${PROJECT_NAME}
app.kubernetes.io/name: $${ORG_NAME}
component: $${PROJECT_NAME}
spec:
tls:
- hosts:
- $${PROJECT_NAME}.$${STAGE}.$${ORG_NAME}.$${DOMAIN_NAME}
secretName: cert
rules:
- host: $${PROJECT_NAME}.$${STAGE}.$${ORG_NAME}.$${DOMAIN_NAME}
http:
paths:
- backend:
service:
name: svc
port:
number: 80
path: /
pathType: Prefix
stage-cert.yaml.tmpl: |-
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: $${PROJECT_NAME}-web
spec:
secretName: $${PROJECT_NAME}-cert
dnsNames:
- $${PROJECT_NAME}.$${STAGE}.$${ORG_NAME}.$${DOMAIN_NAME}
stage-config.yaml.tmpl: |-
apiVersion: v1
kind: ConfigMap
metadata:
name: $${PROJECT_NAME}-config
data:
ENV_VAR_NAME: env_var_value
yamllint.yaml: |-
---
extends: default
rules:
document-start:
present: true
empty-lines:
max-end: 1
indentation:
spaces: 2
indent-sequences: false
line-length: disable
colons:
max-spaces-after: -1
base-kusto.yaml: |-
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cert.yaml
- deploy.yaml
- service.yaml
- config.yaml
- secret.yaml
base-update.yaml.tmpl: |-
---
apiVersion: image.toolkit.fluxcd.io/v1beta1
kind: ImageUpdateAutomation
metadata:
name: update
spec:
interval: 5m
sourceRef:
kind: GitRepository
name: deploy-git
git:
checkout:
ref:
branch: main
commit:
author:
email: fluxcd.automation@$${ARTIFACTORY_URL}
name: fluxcd
messageTemplate: |
Automated image update: {{ .AutomationObject }}
Files:
{{ range $filename, $_ := .Updated.Files -}}
- {{ $filename }}
{{ end -}}
Objects:
{{ range $resource, $_ := .Updated.Objects -}}
- {{ $resource.Kind }} {{ $resource.Name }}
{{ end -}}
Images:
{{ range .Updated.Images -}}
- {{.}}
{{ end -}}
{{- $ChangeId := .AutomationObject -}}
{{- $ChangeId = printf "%s-%s" $ChangeId ( .Updated.Files | toString ) -}}
{{- $ChangeId = printf "%s-%s" $ChangeId ( .Updated.Objects | toString ) -}}
{{- $ChangeId = printf "%s-%s" $ChangeId ( .Updated.Images | toString ) }}
Change-Name: {{ $ChangeId }}
Change-Id: {{ printf "I%s" ( sha256sum $ChangeId | trunc 40 ) }}
push:
branch: main
update:
strategy: Setters
base-repo.yaml: |-
---
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImageRepository
metadata:
name: repo
spec:
interval: 5m
provider: generic
secretRef:
name: gitea-docker
certSecretRef:
name: ssh-credentials-flux
base-cert.yaml.tmpl: |-
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: web
spec:
issuerRef:
group: cert-manager.io
kind: ClusterIssuer
name: $${ISSUER_NAME}
base-deploy.yaml: |-
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: app
spec:
replicas: 1
selector:
template:
spec:
securityContext:
runAsGroup: 1000
runAsUser: 1000
fsGroup: 1000
containers:
- name: app
image: appli
imagePullPolicy: IfNotPresent
envFrom:
- configMapRef:
name: "config"
- secretRef:
name: "secret"
base-secret.yaml: |-
---
apiVersion: v1
kind: Secret
metadata:
name: "secret"
annotations:
gramo.solidite.fr/no-parent: "true"
labels:
k8up.io/backup: "true"
type: Opaque
base-config.yaml: |-
---
apiVersion: v1
kind: ConfigMap
metadata:
name: "config"
labels:
k8up.io/backup: "true"
data:
base-service.yaml: |-
---
apiVersion: v1
kind: Service
metadata:
name: svc
spec:
ports:
- name: app
port: 80
protocol: TCP
targetPort: app
type: ClusterIP
install-install.yaml: |-
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: install
spec:
interval: 5m
sourceRef:
kind: GitRepository
name: deploy-git
prune: true
timeout: 1m
install-kusto.yaml: |-
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- install.yaml
deploy-repo.yaml.tmpl: |-
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: git
spec:
interval: 5m0s
url: $${DEPLOY_URL}
ref:
branch: main
secretRef:
name: ssh-credentials
deploy-kusto.yaml: |-
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namePrefix: deploy-
resources:
- repo.yaml
- ../install
project-kusto.yaml.tmpl: |-
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namePrefix: $${PROJECT_NAME}-
commonLabels:
app.kubernetes.io/name: $${ORG_NAME}
app.kubernetes.io/component: $${PROJECT_NAME}
component: $${PROJECT_NAME}
resources:
- ../../bases/project
patches:
- target:
kind: Deployment
name: app
patch: |-
apiVersion: apps/v1
kind: Deployment
metadata:
name: app
annotations:
configmap.reloader.stakater.com/reload: "$${PROJECT_NAME}-config"
secret.reloader.stakater.com/reload: "$${PROJECT_NAME}-secret"
spec:
selector:
template:
spec:
securityContext:
runAsGroup: 1000
runAsUser: 1000
fsGroup: 1000
containers:
- name: app
ports:
- name: app
containerPort: 8080
protocol: TCP
EOF
}

461
share/gitea-tekton-org/auto_Pipeline.tf Normal file
View File

@@ -0,0 +1,461 @@
locals {
finally = concat([yamldecode(<<-END
name: cleanup
taskRef:
name: auto-ci-cleanup
workspaces:
- name: source
END
)], var.conditions.have_gitea?yamldecode(<<-END
- name: inform-gitea-success
when:
- cel: '''$(tasks.status)'' in [''Succeeded'',''Completed'']'
params:
- name: REPO_FULL_NAME
value: $(params.project-path)
- name: SHA
value: $(params.git-revision)
- name: TARGET_URL
value: $(params.gramo-url)/workflow/tekton/PipelineRun/$(context.pipelineRun.namespace)/view/$(context.pipelineRun.name)
- name: DESCRIPTION
value: auto-ci-push
- name: STATE
value: success
taskRef:
name: gitea-set-status
- name: inform-gitea-warning
when:
- cel: '''$(tasks.status)'' == ''None'''
params:
- name: REPO_FULL_NAME
value: $(params.project-path)
- name: SHA
value: $(params.git-revision)
- name: TARGET_URL
value: $(params.gramo-url)/workflow/tekton/PipelineRun/$(context.pipelineRun.namespace)/view/$(context.pipelineRun.name)
- name: DESCRIPTION
value: auto-ci-push
- name: STATE
value: warning
taskRef:
name: gitea-set-status
- name: inform-gitea-error
when:
- cel: '''$(tasks.status)'' == ''Failed'''
params:
- name: REPO_FULL_NAME
value: $(params.project-path)
- name: SHA
value: $(params.git-revision)
- name: TARGET_URL
value: $(params.gramo-url)/workflow/tekton/PipelineRun/$(context.pipelineRun.namespace)/view/$(context.pipelineRun.name)
- name: DESCRIPTION
value: auto-ci-push
- name: STATE
value: error
taskRef:
name: gitea-set-status
END
):[])
cfg = {
tag = yamldecode(<<-END
onError: stopAndFail
END
)
push = yamldecode(<<-END
onError: continue
END
)
}
tasks = {
gitea_start = yamldecode(<<-END
name: inform-gitea-start
onError: continue
params:
- name: REPO_FULL_NAME
value: $(params.project-path)
- name: SHA
value: $(params.git-revision)
- name: TARGET_URL
value: $(params.gramo-url)/workflow/tekton/PipelineRun/$(context.pipelineRun.namespace)/view/$(context.pipelineRun.name)
- name: DESCRIPTION
value: auto-ci-push
- name: STATE
value: pending
taskRef:
name: gitea-set-status
END
)
git_clone = yamldecode(<<-END
name: git-clone
params:
- name: url
value: $(params.git-url)
- name: revision
value: $(params.git-revision)
- name: branch
value: $(params.branch-name)
- name: depth
value: 0
taskRef:
name: git-clone
workspaces:
- name: output
workspace: source
- name: ssh-directory
workspace: ssh
END
)
build_id = yamldecode(<<-END
name: generate-build-id
runAfter:
- git-clone
params:
- name: branch
value: $(params.branch-name)
taskRef:
name: generate-build-id
workspaces:
- name: source
END
)
detect_push = yamldecode(<<-END
name: detect-stages
runAfter:
- generate-build-id
params:
- name: pipeline-type
value: push
- name: artifactory-url
value: $(params.artifactory-url)
- name: project-name
value: $(params.project-name)
- name: project-path
value: $(params.project-path)
- name: image-version
value: $(tasks.generate-build-id.results.build-id)
taskRef:
name: auto-ci-detector
workspaces:
- name: source
END
)
detect_tag = yamldecode(<<-END
name: detect-stages
runAfter:
- git-clone
params:
- name: pipeline-type
value: tag
- name: artifactory-url
value: $(params.artifactory-url)
- name: project-name
value: $(params.project-name)
- name: project-path
value: $(params.project-path)
- name: image-version
value: $(params.tag-name)
taskRef:
name: auto-ci-detector
workspaces:
- name: source
END
)
lint_shell = yamldecode(<<-END
name: lint-shell
runAfter:
- detect-stages
when:
- input: lint-shell
operator: in
values:
- $(tasks.detect-stages.results.stages-lint[*])
params:
- name: args
value: $(tasks.detect-stages.results.shellcheck-args)
taskRef:
name: shellcheck
workspaces:
- name: shared-workspace
workspace: source
END
)
lint_docker = yamldecode(<<-END
name: lint-docker
runAfter:
- detect-stages
when:
- input: lint-docker
operator: in
values:
- $(tasks.detect-stages.results.stages-lint[*])
taskRef:
name: hadolint
matrix:
params:
- name: dockerfile-path
value: $(tasks.detect-stages.results.file-docker)
workspaces:
- name: source
END
)
lint_yaml = yamldecode(<<-END
name: lint-yaml
runAfter:
- detect-stages
when:
- input: lint-yaml
operator: in
values:
- $(tasks.detect-stages.results.stages-lint[*])
params:
- name: args
value:
- .
taskRef:
name: yaml-lint
workspaces:
- name: shared-workspace
workspace: source
END
)
lint_black = yamldecode(<<-END
name: lint-black
runAfter:
- detect-stages
when:
- input: lint-black
operator: in
values:
- $(tasks.detect-stages.results.stages-lint[*])
params:
- name: args
value: $(tasks.detect-stages.results.black-args)
taskRef:
name: black
workspaces:
- name: shared-workspace
workspace: source
END
)
lint_python = yamldecode(<<-END
name: lint-python
runAfter:
- detect-stages
when:
- input: lint-python
operator: in
values:
- $(tasks.detect-stages.results.stages-lint[*])
params:
- name: args
value: $(tasks.detect-stages.results.pylint-args)
taskRef:
name: pylint
workspaces:
- name: source
workspace: source
END
)
lint_make = yamldecode(<<-END
name: lint-make
runAfter:
- detect-stages
when:
- input: lint-make
operator: in
values:
- $(tasks.detect-stages.results.stages-lint[*])
params:
- name: args
value: $(tasks.detect-stages.results.checkmake-args)
taskRef:
name: check-make
workspaces:
- name: shared-workspace
workspace: source
END
)
lint_md = yamldecode(<<-END
name: lint-md
runAfter:
- detect-stages
when:
- input: lint-md
operator: in
values:
- $(tasks.detect-stages.results.stages-lint[*])
params:
- name: args
value: $(tasks.detect-stages.results.mdl-args)
taskRef:
name: markdown-lint
workspaces:
- name: shared-workspace
workspace: source
END
)
lint_kube = yamldecode(<<-END
name: lint-kube
runAfter:
- detect-stages
when:
- input: lint-kube
operator: in
values:
- $(tasks.detect-stages.results.stages-lint[*])
params:
- name: args
value: $(tasks.detect-stages.results.kubelinter-args)
- name: manifest
value: k8
- name: default_option
value: do-not-auto-add-defaults
- name: includelist
value: no-extensions-v1beta,default-service-account,no-readiness-probe
taskRef:
name: kube-linter
workspaces:
- name: source
END
)
publish_docker = yamldecode(<<-END
name: publish-docker
runAfter:
- lint-md
- lint-kube
- lint-make
- lint-shell
- lint-docker
- lint-yaml
- lint-black
- lint-python
when:
- input: publish-docker
operator: in
values:
- $(tasks.detect-stages.results.stages-publish[*])
- input: $(params.branch-name)
operator: in
values:
- $(params.git-default-branch)
taskRef:
name: buildah
matrix:
params:
- name: DOCKERFILE
value: $(tasks.detect-stages.results.file-docker)
- name: IMAGE
value: $(tasks.detect-stages.results.images-name)
workspaces:
- name: source
- name: sslcertdir
- name: dockerconfig
END
)
}
push_tasks = concat(
var.conditions.have_gitea?[local.tasks.gitea_start]:[],
[local.tasks.git_clone,local.tasks.build_id,local.tasks.detect_push],
[merge(local.tasks.lint_black,local.cfg.push), merge(local.tasks.lint_python,local.cfg.push)],
[
merge(local.tasks.lint_shell,local.cfg.push), merge(local.tasks.lint_docker,local.cfg.push), merge(local.tasks.lint_yaml,local.cfg.push),
merge(local.tasks.lint_make,local.cfg.push), merge(local.tasks.lint_md,local.cfg.push), merge(local.tasks.lint_kube,local.cfg.push),
],
[local.tasks.publish_docker]
)
tag_tasks = concat(
var.conditions.have_gitea?[local.tasks.gitea_start]:[],
[local.tasks.gitea_start,local.tasks.git_clone,local.tasks.detect_tag],
[merge(local.tasks.lint_black,local.cfg.tag), merge(local.tasks.lint_python,local.cfg.tag)],
[
merge(local.tasks.lint_shell,local.cfg.tag), merge(local.tasks.lint_docker,local.cfg.tag), merge(local.tasks.lint_yaml,local.cfg.tag),
merge(local.tasks.lint_make,local.cfg.tag), merge(local.tasks.lint_md,local.cfg.tag), merge(local.tasks.lint_kube,local.cfg.tag),
],
[local.tasks.publish_docker]
)
}
resource "kubectl_manifest" "Pipeline_auto-ci-push" {
yaml_body = <<-EOF
apiVersion: tekton.dev/v1
kind: Pipeline
metadata:
name: auto-ci-push
namespace: ${var.namespace}
ownerReferences: ${jsonencode(var.install_owner)}
labels: ${jsonencode(local.common_labels)}
spec:
workspaces:
- name: source
- name: dockerconfig
- name: ssh
- name: sslcertdir
params:
- name: artifactory-url
default: docker.io
description: The url of the current artifactory
type: string
- name: gramo-url
default: https://gramo.${var.domain_name}
type: string
- name: project-name
description: The name of the current project
type: string
- name: project-path
description: The path of the current project
type: string
- name: git-default-branch
description: The git revision
default: main
- name: git-url
type: string
- name: git-revision
type: string
- name: branch-name
type: string
finally: ${jsonencode(local.finally)}
tasks: ${jsonencode(local.push_tasks)}
EOF
}
resource "kubectl_manifest" "Pipeline_auto-ci-tag" {
yaml_body = <<-EOF
apiVersion: tekton.dev/v1
kind: Pipeline
metadata:
name: auto-ci-tag
namespace: ${var.namespace}
ownerReferences: ${jsonencode(var.install_owner)}
labels: ${jsonencode(local.common_labels)}
spec:
workspaces:
- name: source
- name: dockerconfig
- name: ssh
- name: sslcertdir
params:
- name: artifactory-url
default: docker.io
description: The url of the current artifactory
type: string
- name: gramo-url
default: https://gramo.${var.domain_name}
type: string
- name: project-name
description: The name of the current project
type: string
- name: project-path
description: The path of the current project
type: string
- name: git-url
type: string
- name: git-revision
type: string
- name: tag-name
type: string
finally: ${jsonencode(local.finally)}
tasks: ${jsonencode(local.tag_tasks)}
EOF
}

310
share/gitea-tekton-org/auto_Task.tf Normal file
View File

@@ -0,0 +1,310 @@
resource "kubectl_manifest" "Task_auto-cd-activate" {
yaml_body = <<-EOF
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: auto-cd-activate
namespace: ${var.namespace}
ownerReferences: ${jsonencode(var.install_owner)}
labels: ${jsonencode(local.common_labels)}
spec:
params:
- name: toolbox-image
default: sebt3/basic-toolbox-image:1.29.4
description: The name of the toolbox image
type: string
- name: issuer-name
default: ${var.issuer}
type: string
- name: domain-name
type: string
default: ${var.domain_name}
- name: domain
type: string
default: ${var.domain}
- name: stages
type: array
default: ${jsonencode(var.stages)}
- name: artifactory-url
description: The url of the current artifactory
- name: project-name
description: The git repository name
- name: project-path
description: The path of the current project
- name: git-repository-url
description: The git repository url
- name: deploy-url
description: The git repository url for the deploy project
steps:
- name: activate
image: $(params.toolbox-image)
workingDir: $(workspaces.source.path)
args:
- $(params.stages)
env:
- name: ARTIFACTORY_URL
value: $(params.artifactory-url)
- name: DOMAIN
value: $(params.domain)
- name: DOMAIN_NAME
value: $(params.domain-name)
- name: ISSUER_NAME
value: $(params.issuer-name)
- name: PROJECT_NAME
value: $(params.project-name)
- name: PROJECT_PATH
value: $(params.project-path)
- name: GIT_REPOSITORY_URL
value: $(params.git-repository-url)
- name: DEPLOY_URL
value: $(params.deploy-url)
- name: TEMPLATE_ROOT
value: /etc/templates
- name: WORKSPACE_SSH_DIRECTORY_PATH
value: $(workspaces.ssh-directory.path)
- name: NAMESPACE
value: $(context.taskRun.namespace)
script: |-
#!/usr/bin/env bash
. $${TEMPLATE_ROOT}/functions.sh
cleanup
git_prepare "$(params.deploy-url)" "Auto CD" "autocd@$(params.domain-name)"
install_base
create_prj "$@"
activate_prj "$@"
git_push "Activating $(params.project-name)"
cleanup
volumeMounts:
- mountPath: /etc/templates
name: templates
volumes:
- name: templates
configMap:
name: auto-cd-templates
workspaces:
- name: source
mountPath: /data
- description: |
A .ssh directory with private key, known_hosts, config, etc. Copied to
the user's home before git commands are executed. Used to authenticate
with the git remote when performing the clone. Binding a Secret to this
Workspace is strongly recommended over other volume types.
name: ssh-directory
EOF
}
resource "kubectl_manifest" "Task_auto-cd-create" {
yaml_body = <<-EOF
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: auto-cd-create
namespace: ${var.namespace}
ownerReferences: ${jsonencode(var.install_owner)}
labels: ${jsonencode(local.common_labels)}
spec:
params:
- name: toolbox-image
default: sebt3/basic-toolbox-image:1.29.4
description: The name of the toolbox image
type: string
- name: issuer-name
default: ${var.issuer}
type: string
- name: domain-name
type: string
default: ${var.domain_name}
- name: domain
type: string
default: ${var.domain}
- name: stages
type: array
default: ${jsonencode(var.stages)}
- name: artifactory-url
description: The url of the current artifactory
- name: project-name
description: The git repository name
- name: project-path
description: The path of the current project
- name: git-repository-url
description: The git repository url
- name: deploy-url
description: The git repository url for the deploy project
steps:
- name: create
image: $(params.toolbox-image)
workingDir: $(workspaces.source.path)
args:
- $(params.stages)
env:
- name: ARTIFACTORY_URL
value: $(params.artifactory-url)
- name: DOMAIN
value: $(params.domain)
- name: DOMAIN_NAME
value: $(params.domain-name)
- name: ISSUER_NAME
value: $(params.issuer-name)
- name: PROJECT_NAME
value: $(params.project-name)
- name: PROJECT_PATH
value: $(params.project-path)
- name: GIT_REPOSITORY_URL
value: $(params.git-repository-url)
- name: DEPLOY_URL
value: $(params.deploy-url)
- name: TEMPLATE_ROOT
value: /etc/templates
- name: WORKSPACE_SSH_DIRECTORY_PATH
value: $(workspaces.ssh-directory.path)
- name: NAMESPACE
value: $(context.taskRun.namespace)
script: |-
#!/usr/bin/env bash
. $${TEMPLATE_ROOT}/functions.sh
cleanup
git_prepare "$(params.deploy-url)" "Auto CD" "autocd@$(params.domain-name)"
install_base
create_prj "$@"
git_push "Adding $(params.project-name)"
cleanup
volumeMounts:
- mountPath: /etc/templates
name: templates
volumes:
- name: templates
configMap:
name: auto-cd-templates
workspaces:
- name: source
mountPath: /data
- description: |
A .ssh directory with private key, known_hosts, config, etc. Copied to
the user's home before git commands are executed. Used to authenticate
with the git remote when performing the clone. Binding a Secret to this
Workspace is strongly recommended over other volume types.
name: ssh-directory
EOF
}
resource "kubectl_manifest" "Task_auto-cd-delete" {
yaml_body = <<-EOF
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: auto-cd-delete
namespace: ${var.namespace}
ownerReferences: ${jsonencode(var.install_owner)}
labels: ${jsonencode(local.common_labels)}
spec:
params:
- name: toolbox-image
default: sebt3/basic-toolbox-image:1.29.4
description: The name of the toolbox image
type: string
- name: issuer-name
default: ${var.issuer}
type: string
- name: domain-name
type: string
default: ${var.domain_name}
- name: domain
type: string
default: ${var.domain}
- name: stages
type: array
default: ${jsonencode(var.stages)}
- name: artifactory-url
description: The url of the current artifactory
- name: project-name
description: The git repository name
- name: project-path
description: The path of the current project
- name: git-repository-url
description: The git repository url
- name: deploy-url
description: The git repository url for the deploy project
steps:
- name: delete
image: $(params.toolbox-image)
workingDir: $(workspaces.source.path)
args:
- $(params.stages)
env:
- name: ARTIFACTORY_URL
value: $(params.artifactory-url)
- name: DOMAIN
value: $(params.domain)
- name: DOMAIN_NAME
value: $(params.domain-name)
- name: ISSUER_NAME
value: $(params.issuer-name)
- name: PROJECT_NAME
value: $(params.project-name)
- name: PROJECT_PATH
value: $(params.project-path)
- name: GIT_REPOSITORY_URL
value: $(params.git-repository-url)
- name: DEPLOY_URL
value: $(params.deploy-url)
- name: TEMPLATE_ROOT
value: /etc/templates
- name: WORKSPACE_SSH_DIRECTORY_PATH
value: $(workspaces.ssh-directory.path)
- name: NAMESPACE
value: $(context.taskRun.namespace)
script: |-
#!/usr/bin/env bash
. $${TEMPLATE_ROOT}/functions.sh
cleanup
git_prepare "$(params.deploy-url)" "Auto CD" "autocd@$(params.domain-name)"
delete_prj "$@"
git_push "Removing $(params.project-name)"
cleanup
volumeMounts:
- mountPath: /etc/templates
name: templates
volumes:
- name: templates
configMap:
name: auto-cd-templates
workspaces:
- name: source
mountPath: /data
- description: |
A .ssh directory with private key, known_hosts, config, etc. Copied to
the user's home before git commands are executed. Used to authenticate
with the git remote when performing the clone. Binding a Secret to this
Workspace is strongly recommended over other volume types.
name: ssh-directory
EOF
}
resource "kubectl_manifest" "Task_auto-ci-cleanup" {
yaml_body = <<-EOF
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: auto-ci-cleanup
namespace: ${var.namespace}
ownerReferences: ${jsonencode(var.install_owner)}
labels: ${jsonencode(local.common_labels)}
spec:
params:
- name: toolbox-image
default: sebt3/basic-toolbox-image:1.29.4
description: The name of the toolbox image
type: string
steps:
- name: cleanup
image: $(params.toolbox-image)
workingDir: $(workspaces.source.path)
script: |-
#!/usr/bin/env bash
rm -rf .* * || true
workspaces:
- name: source
mountPath: /data
EOF
}

0
share/gitea-tekton-org/auto-cd.tf → share/gitea-tekton-org/auto_Trigger.tf
View File

166
share/gitea-tekton-org/auto-ci-detector.py → share/gitea-tekton-org/auto_ci_detector.py
View File

@@ -1,26 +1,27 @@
#!/usr/bin/env python3
"""This script manage files detection for launch linter"""
import os
import re
import json
import yaml
import collections.abc
import argparse
import yaml
root = "."
ci_root = ".tekton"
ROOT = "."
CI_ROOT = ".tekton"
def save_json(filename, data):
"""Save a Json file."""
print("saving to", filename, json.dumps(data))
with open(filename, "w") as file:
with open(filename, "w", encoding="utf-8") as file:
file.write(json.dumps(data))
def load_json(filename):
"""Load a json file."""
data = {}
with open(filename, "r") as file:
with open(filename, "r", encoding="utf-8") as file:
data = json.loads(file.read())
return data
@@ -28,7 +29,7 @@ def load_json(filename):
def load_yaml(filename):
"""Load a file."""
docs = []
with open(filename, "r") as file:
with open(filename, "r", encoding="utf-8") as file:
try:
data = yaml.safe_load_all(file)
for doc in data:
@@ -40,7 +41,7 @@ def load_yaml(filename):
return docs
def load_config(root_dir, ci_root_dir):
def load_config(ci_root_dir):
"""Load the configuration from the configuration directory."""
ret = {
"files": [],
@@ -77,20 +78,22 @@ def load_config(root_dir, ci_root_dir):
}
if not os.path.isdir(ci_root_dir):
return ret
files = [
filtered_files = [
f
for f in os.listdir(ci_root_dir)
if os.path.isfile(os.path.join(ci_root_dir, f)) and re.match(".yaml$", f)
]
if "auto-ci.yaml" in files:
if "auto-ci.yaml" in filtered_files:
for doc in load_yaml(os.path.join(ci_root_dir, "auto-ci.yaml")):
ret = {**ret, **doc}
ret["files"] = files
ret["files"] = filtered_files
return ret
def detect_files(config, root_dir):
"""Detect files based on their extention."""
"""
Detect files based on their extention
"""
ret = {}
supported_extentions = []
supported_filename = []
@@ -100,7 +103,7 @@ def detect_files(config, root_dir):
if "files" in config[lang]:
print("adding files", config[lang])
supported_filename.extend(config[lang]["files"])
for directory, subdir_list, file_list in os.walk(root_dir):
for directory, _, file_list in os.walk(root_dir):
for filename in file_list:
if filename in supported_filename:
if not filename in ret:
@@ -117,42 +120,51 @@ def detect_files(config, root_dir):
def get_images_name(dockerfiles, root_dir):
"""Generate the images names for the detected Dockerfile."""
ret = []
for f in dockerfiles:
dir = os.path.dirname(f)
if dir == root_dir:
for file in dockerfiles:
directory = os.path.dirname(file)
if directory == root_dir:
ret.append(
"$(params.artifactory-url)/$(params.project-path):$(params.image-version)"
)
else:
ret.append(
"$(params.artifactory-url)/$(params.project-path)-{comp}:$(params.image-version)".format(
comp=os.path.basename(dir)
(
"$(params.artifactory-url)/$(params.project-path)"
f"-{os.path.basename(directory)}:$(params.image-version)"
)
)
return ret
def append_key(to, key, val):
"""Append a value in {to}[{key}], create the array if not existing."""
if not key in to:
to[key] = []
to[key].append(val)
def append_key(obj, key, val):
"""
Append a value in {obj}[{key}], create the array if not existing.
"""
if not key in obj:
obj[key] = []
obj[key].append(val)
def append_stage(to, key, val, files):
"""Append a value in {to}[{key}], create the array if not existing. if the key-file is found in the files add a custom suffix"""
if not key in to:
to[key] = []
# def append_stage(to, key, val, files):
def append_stage(obj, key, val):
"""
Append a value in {obj}[{key}], create the array if not existing.
If the key-file is found in the files add a custom suffix
"""
if not key in obj:
obj[key] = []
# Not possible right now
# if "{basename}.yaml".format(basename=val) in files:
# to[key].append("{stage}-custom".format(stage=val))
# obj[key].append("{stage}-custom".format(stage=val))
# else:
to[key].append(val)
obj[key].append(val)
def set_js_stages(stages, config, files, root_dir):
"""Add the stages for javascript code."""
# def set_js_stages(stages, config, files, root_dir):
def set_js_stages(stages, files, root_dir):
"""
Add the stages for javascript code.
"""
if (
"package.json" in files
and os.path.join(root_dir, "package.json") in files["package.json"]
@@ -161,23 +173,28 @@ def set_js_stages(stages, config, files, root_dir):
"yarn.lock" in files
and os.path.join(root_dir, "yarn.lock") in files["yarn.lock"]
):
append_stage(stages, "prepare", "prepare-yarn", config["files"])
# append_stage(stages, "prepare", "prepare-yarn", config["files"])
append_stage(stages, "prepare", "prepare-yarn")
else:
append_stage(stages, "prepare", "prepare-npm", config["files"])
# append_stage(stages, "prepare", "prepare-npm", config["files"])
append_stage(stages, "prepare", "prepare-npm")
if (
"schema.prisma" in files
and os.path.join(root_dir, "prisma", "schema.prisma")
in files["schema.prisma"]
):
append_stage(stages, "prepare", "prepare-prisma", config["files"])
# append_stage(stages, "prepare", "prepare-prisma", config["files"])
append_stage(stages, "prepare", "prepare-prisma")
defs = load_json(os.path.join(root_dir, "package.json"))
if "scripts" in defs and "lint" in defs["scripts"]:
append_stage(stages, "lint", "lint-javascript", config["files"])
# append_stage(stages, "lint", "lint-javascript", config["files"])
append_stage(stages, "lint", "lint-javascript")
if "scripts" in defs and "test" in defs["scripts"]:
append_stage(stages, "test", "test-javascript", config["files"])
# append_stage(stages, "test", "test-javascript", config["files"])
append_stage(stages, "test", "test-javascript")
def set_yaml_stages(stages, config, files, root_dir):
def set_yaml_stages(stages, config, files):
"""Add the stages for yaml files."""
yamls = []
if "yaml" in files:
@@ -197,11 +214,11 @@ def set_yaml_stages(stages, config, files, root_dir):
should_detect = (
"detect" not in config["yaml"] or config["yaml"]["detect"]
) and not (have_k8s and have_ansible)
if should_detect:
if should_detect: # pylint: disable=too-many-nested-blocks
for file in yamls:
objs = load_yaml(file)
for obj in objs:
if obj == None:
if obj is None:
continue
if isinstance(obj, collections.abc.Sequence):
for item in obj:
@@ -214,15 +231,20 @@ def set_yaml_stages(stages, config, files, root_dir):
have_ansible = True
elif "apiVersion" in obj:
have_k8s = True
append_stage(stages, "lint", "lint-yaml", config["files"])
# append_stage(stages, "lint", "lint-yaml", config["files"])
append_stage(stages, "lint", "lint-yaml")
if have_k8s:
append_stage(stages, "lint", "lint-kube", config["files"])
# append_stage(stages, "lint", "lint-kube", config["files"])
append_stage(stages, "lint", "lint-kube")
if have_ansible:
append_stage(stages, "lint", "lint-ansible", config["files"])
# append_stage(stages, "lint", "lint-ansible", config["files"])
append_stage(stages, "lint", "lint-ansible")
def get_results(config, files, root_dir):
"""Generate the stages based on the configuration and detected files."""
def get_results(config, files, root_dir): # pylint: disable=too-many-branches
"""
Generate the stages based on the configuration and detected files.
"""
stages = {
"global": [],
"prepare": [],
@@ -264,32 +286,43 @@ def get_results(config, files, root_dir):
return stages, args
if "Dockerfile" in files:
append_stage(stages, "lint", "lint-docker", config["files"])
append_stage(stages, "publish", "publish-docker", config["files"])
# append_stage(stages, "lint", "lint-docker", config["files"])
# append_stage(stages, "publish", "publish-docker", config["files"])
append_stage(stages, "lint", "lint-docker")
append_stage(stages, "publish", "publish-docker")
if "yaml" in files or "yml" in files:
set_yaml_stages(stages, config, files, root_dir)
set_yaml_stages(stages, config, files)
if "sh" in files:
append_stage(stages, "lint", "lint-shell", config["files"])
# append_stage(stages, "lint", "lint-shell", config["files"])
append_stage(stages, "lint", "lint-shell")
args["shellcheck-args"].extend(files["sh"])
if "sh" in files:
append_stage(stages, "lint", "lint-shell", config["files"])
# append_stage(stages, "lint", "lint-shell", config["files"])
append_stage(stages, "lint", "lint-shell")
args["shellcheck-args"].extend(files["sh"])
if "Makefile" in files:
append_stage(stages, "lint", "lint-make", config["files"])
# append_stage(stages, "lint", "lint-make", config["files"])
append_stage(stages, "lint", "lint-make")
args["checkmake-args"].extend(files["Makefile"])
if "md" in files:
append_stage(stages, "lint", "lint-md", config["files"])
# append_stage(stages, "lint", "lint-md", config["files"])
append_stage(stages, "lint", "lint-md")
if "rs" in files:
append_stage(stages, "lint", "lint-clippy", config["files"])
# append_stage(stages, "lint", "lint-clippy", config["files"])
append_stage(stages, "lint", "lint-clippy")
if "py" in files:
append_stage(stages, "lint", "lint-python", config["files"])
# append_stage(stages, "lint", "lint-python", config["files"])
append_stage(stages, "lint", "lint-python")
args["pylint-args"].extend(files["py"])
append_stage(stages, "lint", "lint-black", config["files"])
# append_stage(stages, "lint", "lint-black", config["files"])
append_stage(stages, "lint", "lint-black")
args["black-args"].extend(files["py"])
if len([t for t in files["py"] if re.match("/test_", t) != None]) > 0:
append_stage(stages, "test", "test-python", config["files"])
if len([t for t in files["py"] if re.match(r"/test_", t) is not None]) > 0:
# append_stage(stages, "test", "test-python", config["files"])
append_stage(stages, "test", "test-python")
if "ts" in files or "js" in files:
set_js_stages(stages, config, files, root_dir)
# set_js_stages(stages, config, files, root_dir)
set_js_stages(stages, files, root_dir)
for stage in ["prepare", "lint", "build", "test", "publish"]:
if "{stage}-custom.yaml" in config["files"]:
stages[stage].append("{stage}-custom")
@@ -299,9 +332,11 @@ def get_results(config, files, root_dir):
return stages, args
config = load_config(root, ci_root)
files = detect_files(config, root)
stages, args = get_results(config, files, root)
def main():
"""Main function"""
config = load_config(CI_ROOT)
files = detect_files(config, ROOT)
stages, args = get_results(config, files, ROOT)
save_json("$(results.stages-global.path)", stages["global"])
save_json("$(results.stages-prepare.path)", stages["prepare"])
save_json("$(results.stages-lint.path)", stages["lint"])
@@ -309,11 +344,12 @@ save_json("$(results.stages-build.path)", stages["build"])
save_json("$(results.stages-test.path)", stages["test"])
save_json("$(results.stages-publish.path)", stages["publish"])
save_json(
"$(results.file-docker.path)", files["Dockerfile"] if "Dockerfile" in files else []
"$(results.file-docker.path)",
files["Dockerfile"] if "Dockerfile" in files else [],
)
save_json(
"$(results.images-name.path)",
get_images_name(files["Dockerfile"] if "Dockerfile" in files else [], root),
get_images_name(files["Dockerfile"] if "Dockerfile" in files else [], ROOT),
)
save_json("$(results.shellcheck-args.path)", args["shellcheck-args"])
save_json("$(results.checkmake-args.path)", args["checkmake-args"])
@@ -321,3 +357,7 @@ save_json("$(results.black-args.path)", args["black-args"])
save_json("$(results.pylint-args.path)", args["pylint-args"])
save_json("$(results.kubelinter-args.path)", args["kubelinter-args"])
save_json("$(results.mdl-args.path)", args["mdl-args"])
if __name__ == "__main__":
main()

11
share/gitea-tekton-org/common.tf Normal file
View File

@@ -0,0 +1,11 @@
locals {
common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
"vynil.solidite.fr/owner-component" = var.component
"app.kubernetes.io/managed-by" = "vynil"
"app.kubernetes.io/name" = var.component
"app.kubernetes.io/instance" = var.instance
}
}

113
share/gitea-tekton-org/datas.tf
View File

@@ -1,113 +0,0 @@
locals {
common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
"vynil.solidite.fr/owner-component" = var.component
"app.kubernetes.io/managed-by" = "vynil"
"app.kubernetes.io/name" = var.component
"app.kubernetes.io/instance" = var.instance
}
}
data "kustomization_overlay" "data" {
namespace = var.namespace
common_labels = local.common_labels
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"]
patches {
target {
kind = "Task"
name = "gitea-set-status"
}
patch = <<-EOF
- op: add
path: /spec/params/0/default
value: gitea-http.${var.domain}-ci.svc:3000
- op: replace
path: /spec/params/1/default
value: http
EOF
}
patches {
target {
kind = "Task"
name = "auto-cd-create"
}
patch = <<-EOF
- op: replace
path: /spec/params/1/default
value: ${var.issuer}
- op: add
path: /spec/params/2/default
value: ${var.domain_name}
- op: add
path: /spec/params/3/default
value: ${var.domain}
- op: add
path: /spec/params/4/default
value: ${jsonencode(var.stages)}
EOF
}
patches {
target {
kind = "Task"
name = "auto-cd-activate"
}
patch = <<-EOF
- op: replace
path: /spec/params/1/default
value: ${var.issuer}
- op: add
path: /spec/params/2/default
value: ${var.domain_name}
- op: add
path: /spec/params/3/default
value: ${var.domain}
- op: add
path: /spec/params/4/default
value: ${jsonencode(var.stages)}
EOF
}
patches {
target {
kind = "Task"
name = "auto-cd-delete"
}
patch = <<-EOF
- op: replace
path: /spec/params/1/default
value: ${var.issuer}
- op: add
path: /spec/params/2/default
value: ${var.domain_name}
- op: add
path: /spec/params/3/default
value: ${var.domain}
- op: add
path: /spec/params/4/default
value: ${jsonencode(var.stages)}
EOF
}
patches {
target {
kind = "Pipeline"
name = "auto-ci-push"
}
patch = <<-EOF
- op: replace
path: /spec/params/1/default
value: https://gramo.${var.domain_name}
EOF
}
patches {
target {
kind = "Pipeline"
name = "auto-ci-tag"
}
patch = <<-EOF
- op: replace
path: /spec/params/1/default
value: https://gramo.${var.domain_name}
EOF
}
}

119
share/gitea-tekton-org/functions.sh Normal file
View File

@@ -0,0 +1,119 @@
#!/bin/bash
added=0
copy() {
local src=${TEMPLATE_ROOT}/$1 dest=$2
if [ ! -f $dest ];then
cp "$src" "$dest"
git add "$dest"
added=$(($added+1))
fi
}
template() {
local src=${TEMPLATE_ROOT}/$1 dest=$2
if [ ! -f $dest ];then
envsubst '$ARTIFACTORY_URL,$DOMAIN,$DOMAIN_NAME,$ISSUER_NAME,$PROJECT_NAME,$PROJECT_PATH,$GIT_REPOSITORY_URL,$DEPLOY_URL,$STAGE,$ORG_NAME,$NAMESPACE' <"$src" >"$dest"
git add "$dest"
added=$(($added+1))
fi
}
git_push() {
local message=$1
if [ $added -ne 0 ];then
git commit -am "$message"
git push
fi
}
cleanup() {
rm -rf .* * || true
}
del_resources() {
local ress="$1" file="$2"
yq -i 'del(.resources[]|select(.=="'"$ress"'"))' "$file"
git add "$file"
added=$(($added+1))
}
add_resources() {
local ress="$1" file="$2"
del_resources "$@"
yq -i '.resources += "'"$ress"'"' "$file"
git add "$file"
added=$(($added+1))
}
git_prepare() {
local url="$1" username="$2" email="$3"
mkdir -p "${HOME}/.ssh"
cp "${WORKSPACE_SSH_DIRECTORY_PATH}"/* "${HOME}/.ssh"
chmod 700 "${HOME}/.ssh"
chmod 400 "${HOME}/.ssh"/*
git config --global user.name "$username"
git config --global user.email "$email"
git clone "$url" --branch main --depth 1 .
}
install_base() {
mkdir -p bases/project bases/install bases/deploy bases/images bases/trigger-push bases/trigger-tag ci
copy empty-kusto.yaml "ci/kustomization.yaml"
copy yamllint.yaml .yamllint.yaml
copy base-repo.yaml bases/images/repo.yaml
copy images-kusto.yaml bases/images/kustomization.yaml
copy base-deploy.yaml bases/project/deploy.yaml
copy base-secret.yaml bases/project/secret.yaml
copy base-config.yaml bases/project/config.yaml
copy base-service.yaml bases/project/service.yaml
copy base-kusto.yaml bases/project/kustomization.yaml
copy install-install.yaml bases/install/install.yaml
copy install-kusto.yaml bases/install/kustomization.yaml
copy deploy-kusto.yaml bases/deploy/kustomization.yaml
copy trigger-kusto.yaml bases/trigger-tag/kustomization.yaml
copy trigger-tag.yaml bases/trigger-tag/trigger.yaml
copy trigger-kusto.yaml bases/trigger-push/kustomization.yaml
copy trigger-push.yaml bases/trigger-push/trigger.yaml
template base-update.yaml.tmpl bases/images/update.yaml
template base-cert.yaml.tmpl bases/project/cert.yaml
template deploy-repo.yaml.tmpl bases/deploy/repo.yaml
if [ -f README.md ] && [ $(wc -l < README.md) -eq 2 ];then
rm README.md
fi
copy README.md README.md
}
create_prj() {
export ORG_NAME=$(echo ${PROJECT_PATH}|sed 's#/.*##')
mkdir -p "projects/${PROJECT_NAME}" "ci/${PROJECT_NAME}"
template ci-kusto.yaml.tmpl "ci/${PROJECT_NAME}/kustomization.yaml"
add_resources "${PROJECT_NAME}" "ci/kustomization.yaml"
template project-kusto.yaml.tmpl "projects/${PROJECT_NAME}/kustomization.yaml"
while [ $# -gt 0 ];do
export STAGE=$1
mkdir -p "stages/${STAGE}/${PROJECT_NAME}" "stages/${STAGE}/deploy/${PROJECT_NAME}"
template deploy-project-kusto.yaml.tmpl "stages/${STAGE}/deploy/${PROJECT_NAME}/kustomization.yaml"
if [ "${STAGE}" == "prod" ] || [ "${STAGE}" == "production" ];then
template deploy-policy-tag.yaml.tmpl "stages/${STAGE}/deploy/${PROJECT_NAME}/policy.yaml"
else
template deploy-policy-default.yaml.tmpl "stages/${STAGE}/deploy/${PROJECT_NAME}/policy.yaml"
fi
copy empty-kusto.yaml "stages/${STAGE}/deploy/kustomization.yaml"
del_resources "../../../bases/deploy" "stages/${STAGE}/deploy/kustomization.yaml"
template stage-kusto.yaml.tmpl "stages/${STAGE}/${PROJECT_NAME}/kustomization.yaml"
template stage-ingress.yaml.tmpl "stages/${STAGE}/${PROJECT_NAME}/ingress.yaml"
template stage-cert.yaml.tmpl "stages/${STAGE}/${PROJECT_NAME}/cert.yaml"
template stage-config.yaml.tmpl "stages/${STAGE}/${PROJECT_NAME}/config.yaml"
shift
done
}
activate_prj() {
export ORG_NAME=$(echo ${PROJECT_PATH}|sed 's#/.*##')
while [ $# -gt 0 ];do
export STAGE=$1
add_resources "${PROJECT_NAME}" "stages/${STAGE}/deploy/kustomization.yaml"
shift
done
}
delete_prj() {
rm -rf "projects/${PROJECT_NAME}"
while [ $# -gt 0 ];do
export STAGE=$1
rm -rf "stages/${STAGE}/${PROJECT_NAME}" "stages/${STAGE}/deploy/${PROJECT_NAME}"
del_resources "${PROJECT_NAME}" "stages/${STAGE}/deploy/kustomization.yaml"
del_resources "${PROJECT_NAME}" "ci/kustomization.yaml"
shift
done
}

363
share/gitea-tekton-org/git_Task.tf Normal file
View File

@@ -0,0 +1,363 @@
resource "kubectl_manifest" "Task_git-version" {
yaml_body = <<-EOF
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: git-version
labels: ${jsonencode(local.common_labels)}
annotations:
tekton.dev/pipelines.minVersion: 0.12.0
tekton.dev/displayName: git version
tekton.dev/categories: Git
tekton.dev/tags: git
tekton.dev/platforms: linux/amd64
namespace: ${var.namespace}
ownerReferences: ${jsonencode(var.install_owner)}
spec:
description: This task can be used to create a version from git history
params:
- name: gitversion-image
default: gittools/gitversion:6.0.0-alpine.3.18-7.0
description: The name of the toolbox image
type: string
- name: branch
type: string
results:
- description: The calculated git version you could use for git tagging e.g. "0.1.0-tektonize.1-188"
name: gitVersion
- description: A normalized version for use in container images e.g. "0.1.0-tektonize.1-188"
name: packageVersion
- name: shortSHA
steps:
- name: set-git-version
image: $(params.gitversion-image)
workingDir: $(workspaces.source.path)
script: |-
#!/usr/bin/env ash
git switch $(params.branch)
ShortSha=$(/tools/dotnet-gitversion . /showvariable ShortSha)
echo -n "ShortSha: "
echo -n "$${ShortSha}" | tee $(results.shortSHA.path)
echo
FullSemVer=$(/tools/dotnet-gitversion . /showvariable FullSemVer)
echo "FullSemVer: "
echo -n "$${FullSemVer}" | tee $(results.gitVersion.path)
echo
# normalize a bit because
# image tags can only contain `abcdefghijklmnopqrstuvwxyz0123456789_-.ABCDEFGHIJKLMNOPQRSTUVWXYZ`
packageVersion=$(echo -n $FullSemVer | sed 's/[^-._0-9A-Za-z]/-/g'|sed 's/-/-beta./')
echo -n "packageVersion: "
echo -n "$${packageVersion}" | tee $(results.packageVersion.path)
workspaces:
- name: source
description: A workspace that contains the fetched git repository to create a version for.
EOF
}
resource "kubectl_manifest" "Task_generate-build-id" {
yaml_body = <<-EOF
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: generate-build-id
labels: ${jsonencode(local.common_labels)}
annotations:
tekton.dev/pipelines.minVersion: 0.12.1
tekton.dev/categories: Build Tools
tekton.dev/tags: build-tool
tekton.dev/displayName: buildid
tekton.dev/platforms: linux/amd64,linux/s390x,linux/ppc64le,linux/arm64
namespace: ${var.namespace}
ownerReferences: ${jsonencode(var.install_owner)}
spec:
description: Given a base version, this task generates a unique build id by appending the base-version to the current timestamp.
params:
- name: toolbox-image
default: sebt3/basic-toolbox-image:1.29.4
description: The name of the toolbox image
type: string
- name: branch
type: string
results:
- name: timestamp
description: Current timestamp
- name: commitcount
description: Current commitcount
- name: build-id
description: Current commitcount
steps:
- name: get-build-id
image: $(params.toolbox-image)
workingDir: $(workspaces.source.path)
script: |
#!/usr/bin/env bash
git config --global --add safe.directory /workspace/source
ts=`date "+%Y%m%d-%H%M%S"`
t2=`date "+%Y%m%d.%H%M%S"`
cc=`git rev-list --count HEAD`
buildId="$(params.branch)-$${cc}.$${t2}"
echo -n "Current Timestamp: "
echo -n $${ts} | tee $(results.timestamp.path)
echo -ne "\nCommit Count: "
echo -n $${cc} | tee $(results.commitcount.path)
echo -ne "\nBuild ID: "
echo -n $${buildId} | tee $(results.build-id.path)
workspaces:
- name: source
description: A workspace that contains the fetched git repository to create a version for.
EOF
}
resource "kubectl_manifest" "Task_git-clone" {
yaml_body = <<-EOF
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: git-clone
labels: ${jsonencode(local.common_labels)}
annotations:
tekton.dev/pipelines.minVersion: 0.38.0
tekton.dev/categories: Git
tekton.dev/tags: git
tekton.dev/displayName: git clone
tekton.dev/platforms: linux/amd64,linux/s390x,linux/ppc64le,linux/arm64
namespace: ${var.namespace}
ownerReferences: ${jsonencode(var.install_owner)}
spec:
description: |-
These Tasks are Git tasks to work with repositories used by other tasks in your Pipeline.
The git-clone Task will clone a repo from the provided url into the output Workspace. By default the repo will be cloned into the root of your Workspace. You can clone into a subdirectory by setting this Task's subdirectory param. This Task also supports sparse checkouts. To perform a sparse checkout, pass a list of comma separated directory patterns to this Task's sparseCheckoutDirectories param.
workspaces:
- name: output
description: The git repo will be cloned onto the volume backing this Workspace.
- name: ssh-directory
optional: true
description: |
A .ssh directory with private key, known_hosts, config, etc. Copied to
the user's home before git commands are executed. Used to authenticate
with the git remote when performing the clone. Binding a Secret to this
Workspace is strongly recommended over other volume types.
- name: basic-auth
optional: true
description: |
A Workspace containing a .gitconfig and .git-credentials file. These
will be copied to the user's home before any git commands are run. Any
other files in this Workspace are ignored. It is strongly recommended
to use ssh-directory over basic-auth whenever possible and to bind a
Secret to this Workspace over other volume types.
- name: ssl-ca-directory
optional: true
description: |
A workspace containing CA certificates, this will be used by Git to
verify the peer with when fetching or pushing over HTTPS.
params:
- name: toolbox-image
default: sebt3/basic-toolbox-image:1.29.4
description: The name of the toolbox image
type: string
- name: url
description: Repository URL to clone from.
type: string
- name: revision
description: Revision to checkout. (branch, tag, sha, ref, etc...)
type: string
default: ''
- name: refspec
description: Refspec to fetch before checking out revision.
default: ''
- name: submodules
description: Initialize and fetch git submodules.
type: string
default: 'true'
- name: depth
description: Perform a shallow clone, fetching only the most recent N commits.
type: string
default: '1'
- name: sslVerify
description: Set the `http.sslVerify` global git config. Setting this to `false` is not advised unless you are sure that you trust your git remote.
type: string
default: 'true'
- name: crtFileName
description: file name of mounted crt using ssl-ca-directory workspace. default value is ca-bundle.crt.
type: string
default: ca-bundle.crt
- name: subdirectory
description: Subdirectory inside the `output` Workspace to clone the repo into.
type: string
default: ''
- name: sparseCheckoutDirectories
description: Define the directory patterns to match or exclude when performing a sparse checkout.
type: string
default: ''
- name: deleteExisting
description: Clean out the contents of the destination directory if it already exists before cloning.
type: string
default: 'true'
- name: httpProxy
description: HTTP proxy server for non-SSL requests.
type: string
default: ''
- name: httpsProxy
description: HTTPS proxy server for SSL requests.
type: string
default: ''
- name: noProxy
description: Opt out of proxying HTTP/HTTPS requests.
type: string
default: ''
- name: verbose
description: Log the commands that are executed during `git-clone`'s operation.
type: string
default: 'true'
- name: userHome
description: |
Absolute path to the user's home directory.
type: string
default: /home/git
results:
- name: commit
description: The precise commit SHA that was fetched by this Task.
- name: url
description: The precise URL that was fetched by this Task.
- name: committer-date
description: The epoch timestamp of the commit that was fetched by this Task.
volumes:
- name: home
emptyDir: {}
steps:
- name: clone
image: $(params.toolbox-image)
env:
- name: HOME
value: $(params.userHome)
- name: PARAM_URL
value: $(params.url)
- name: PARAM_REVISION
value: $(params.revision)
- name: PARAM_REFSPEC
value: $(params.refspec)
- name: PARAM_SUBMODULES
value: $(params.submodules)
- name: PARAM_DEPTH
value: $(params.depth)
- name: PARAM_SSL_VERIFY
value: $(params.sslVerify)
- name: PARAM_CRT_FILENAME
value: $(params.crtFileName)
- name: PARAM_SUBDIRECTORY
value: $(params.subdirectory)
- name: PARAM_DELETE_EXISTING
value: $(params.deleteExisting)
- name: PARAM_HTTP_PROXY
value: $(params.httpProxy)
- name: PARAM_HTTPS_PROXY
value: $(params.httpsProxy)
- name: PARAM_NO_PROXY
value: $(params.noProxy)
- name: PARAM_VERBOSE
value: $(params.verbose)
- name: PARAM_SPARSE_CHECKOUT_DIRECTORIES
value: $(params.sparseCheckoutDirectories)
- name: PARAM_USER_HOME
value: $(params.userHome)
- name: WORKSPACE_OUTPUT_PATH
value: $(workspaces.output.path)
- name: WORKSPACE_SSH_DIRECTORY_BOUND
value: $(workspaces.ssh-directory.bound)
- name: WORKSPACE_SSH_DIRECTORY_PATH
value: $(workspaces.ssh-directory.path)
- name: WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND
value: $(workspaces.basic-auth.bound)
- name: WORKSPACE_BASIC_AUTH_DIRECTORY_PATH
value: $(workspaces.basic-auth.path)
- name: WORKSPACE_SSL_CA_DIRECTORY_BOUND
value: $(workspaces.ssl-ca-directory.bound)
- name: WORKSPACE_SSL_CA_DIRECTORY_PATH
value: $(workspaces.ssl-ca-directory.path)
securityContext:
runAsNonRoot: true
runAsUser: 65532
volumeMounts:
- mountPath: $(params.userHome)
name: home
script: |-
#!/usr/bin/env sh
set -eu
if [ "$${PARAM_VERBOSE}" = "true" ] ; then
set -x
fi
if [ "$${WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND}" = "true" ] ; then
cp "$${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials" "$${PARAM_USER_HOME}/.git-credentials"
cp "$${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig" "$${PARAM_USER_HOME}/.gitconfig"
chmod 400 "$${PARAM_USER_HOME}/.git-credentials"
chmod 400 "$${PARAM_USER_HOME}/.gitconfig"
fi
if [ "$${WORKSPACE_SSH_DIRECTORY_BOUND}" = "true" ] ; then
cp -R "$${WORKSPACE_SSH_DIRECTORY_PATH}" "$${PARAM_USER_HOME}"/.ssh
chmod 700 "$${PARAM_USER_HOME}"/.ssh
chmod -R 400 "$${PARAM_USER_HOME}"/.ssh/*
fi
if [ "$${WORKSPACE_SSL_CA_DIRECTORY_BOUND}" = "true" ] ; then
export GIT_SSL_CAPATH="$${WORKSPACE_SSL_CA_DIRECTORY_PATH}"
if [ "$${PARAM_CRT_FILENAME}" != "" ] ; then
export GIT_SSL_CAINFO="$${WORKSPACE_SSL_CA_DIRECTORY_PATH}/$${PARAM_CRT_FILENAME}"
fi
fi
CHECKOUT_DIR="$${WORKSPACE_OUTPUT_PATH}/$${PARAM_SUBDIRECTORY}"
cleandir() {
# Delete any existing contents of the repo directory if it exists.
#
# We don't just "rm -rf $${CHECKOUT_DIR}" because $${CHECKOUT_DIR} might be "/"
# or the root of a mounted volume.
if [ -d "$${CHECKOUT_DIR}" ] ; then
# Delete non-hidden files and directories
rm -rf "$${CHECKOUT_DIR:?}"/*
# Delete files and directories starting with . but excluding ..
rm -rf "$${CHECKOUT_DIR}"/.[!.]*
# Delete files and directories starting with .. plus any other character
rm -rf "$${CHECKOUT_DIR}"/..?*
fi
}
if [ "$${PARAM_DELETE_EXISTING}" = "true" ] ; then
cleandir || true
fi
test -z "$${PARAM_HTTP_PROXY}" || export HTTP_PROXY="$${PARAM_HTTP_PROXY}"
test -z "$${PARAM_HTTPS_PROXY}" || export HTTPS_PROXY="$${PARAM_HTTPS_PROXY}"
test -z "$${PARAM_NO_PROXY}" || export NO_PROXY="$${PARAM_NO_PROXY}"
FETCH_CMD=""
if [ $PARAM_DEPTH -gt 0 ];then
FETCH_CMD="$${FETCH_CMD} --depth $PARAM_DEPTH"
fi
git config --global --add safe.directory "$${WORKSPACE_OUTPUT_PATH}"
git config --global --add http.sslVerify "$${PARAM_SSL_VERIFY}"
cd "$${CHECKOUT_DIR}"
git init
if [ "$${PARAM_SPARSE_CHECKOUT_DIRECTORIES}" != "" ];then
git config --global --add core.sparsecheckout true
mkdir -p .git/info/
echo "$${PARAM_SPARSE_CHECKOUT_DIRECTORIES}"|sed 's/,/\n/'>.git/info/sparse-checkout
chmod 644 .git/info/sparse-checkout
fi
git remote add origin "$${PARAM_URL}"
git fetch "--recurse-submodules=$${PARAM_SUBMODULES}" $FETCH_CMD origin --update-head-ok --force
git reset --hard "$${PARAM_REVISION}"
cd "$${CHECKOUT_DIR}"
RESULT_SHA="$(git rev-parse HEAD)"
EXIT_CODE="$?"
if [ "$${EXIT_CODE}" != 0 ] ; then
exit "$${EXIT_CODE}"
fi
RESULT_COMMITTER_DATE="$(git log -1 --pretty=%ct)"
printf "%s" "$${RESULT_COMMITTER_DATE}" > "$(results.committer-date.path)"
printf "%s" "$${RESULT_SHA}" > "$(results.commit.path)"
printf "%s" "$${PARAM_URL}" > "$(results.url.path)"
EOF
}

44
share/gitea-tekton-org/index.rhai
View File

@@ -1,13 +1,47 @@
const SRC=src;
const DEST=dest;
const duplicates=["auto-ci-detector.py"];
fn post_pack() {
const duplicates=["auto_ci_detector.py","functions.sh"];
const DOMAIN = config.domain;
const NAME = instance;
fn duplicate_files() {
for file in global::duplicates {
shell(`cp ${global::SRC}/${file} ${global::DEST}/${file}`);
}
}
fn have_gitea() {
have_namespace(`${global::DOMAIN}-ci`) && have_install(`${global::DOMAIN}-ci`, "gitea") && have_service(`${global::DOMAIN}-ci`, "gitea-http") && have_secret(`${global::DOMAIN}-ci`, "gitea-admin-user")
}
fn have_sonar() {
have_namespace(`${global::DOMAIN}-ci`) && have_install(`${global::DOMAIN}-ci`, "sonar") && have_service(`${global::DOMAIN}-ci`, "sonar-sonar") && have_secret(`${global::DOMAIN}-ci`, "sonar-sonar")
}
fn have_taiga() {
have_namespace(`${global::DOMAIN}-ci`) && have_install(`${global::DOMAIN}-ci`, "taiga") && have_service(`${global::DOMAIN}-ci`, "taiga-taiga") && have_secret(`${global::DOMAIN}-ci`, "taiga-taiga")
}
fn gitea_repos() {
let repos = [];
let org = global::NAME;
org.replace("org-","");
if (have_gitea() && have_sonar()) {
let gitea = get_secret(`${global::DOMAIN}-ci`, "gitea-admin-user");
let username = base64_decode(gitea.data.username);
let password = base64_decode(gitea.data.password);
let headers = http_header_basic(username,password);
let response = http_get_json(`http://gitea-http.${global::DOMAIN}-ci.svc:3000/api/v1/orgs/${org}/repos`, headers);
repos += response.json.map(|p| p.name);
repos.sort();
log_info(`Found ${repos.len} repos`);
}
repos
}
fn post_pack() {
duplicate_files();
}
fn post_template() {
for file in global::duplicates {
shell(`cp ${global::SRC}/${file} ${global::DEST}/${file}`);
}
save_to_tf(`${global::DEST}/conditions.tf`, "conditions", #{
have_gitea: have_gitea(),
have_sonar: have_sonar(),
have_taiga: have_taiga(),
repos: gitea_repos()
});
duplicate_files();
}

292
share/gitea-tekton-org/tekton.dev_v1_Pipeline_auto-ci-push.yaml
View File

@@ -1,292 +0,0 @@
apiVersion: tekton.dev/v1
kind: Pipeline
metadata:
name: auto-ci-push
spec:
workspaces:
- name: source
- name: dockerconfig
- name: ssh
- name: sslcertdir
params:
- name: artifactory-url
default: docker.io
description: The url of the current artifactory
type: string
- name: gramo-url
default: https://gramo.media.rennes.home
type: string
- name: project-name
description: The name of the current project
type: string
- name: project-path
description: The path of the current project
type: string
- name: git-default-branch
description: The git revision
default: main
- name: git-url
type: string
- name: git-revision
type: string
- name: branch-name
type: string
finally:
- name: cleanup
taskRef:
name: auto-ci-cleanup
workspaces:
- name: source
- name: inform-gitea-success
when:
- cel: "'$(tasks.status)' in ['Succeeded','Completed']"
params:
- name: REPO_FULL_NAME
value: $(params.project-path)
- name: SHA
value: $(params.git-revision)
- name: TARGET_URL
value: "$(params.gramo-url)/workflow/tekton/PipelineRun/$(context.pipelineRun.namespace)/view/$(context.pipelineRun.name)"
- name: DESCRIPTION
value: "auto-ci-push"
- name: STATE
value: "success"
taskRef:
name: gitea-set-status
- name: inform-gitea-warning
when:
- cel: "'$(tasks.status)' == 'None'"
params:
- name: REPO_FULL_NAME
value: $(params.project-path)
- name: SHA
value: $(params.git-revision)
- name: TARGET_URL
value: "$(params.gramo-url)/workflow/tekton/PipelineRun/$(context.pipelineRun.namespace)/view/$(context.pipelineRun.name)"
- name: DESCRIPTION
value: "auto-ci-push"
- name: STATE
value: "warning"
taskRef:
name: gitea-set-status
- name: inform-gitea-error
when:
- cel: "'$(tasks.status)' == 'Failed'"
params:
- name: REPO_FULL_NAME
value: $(params.project-path)
- name: SHA
value: $(params.git-revision)
- name: TARGET_URL
value: "$(params.gramo-url)/workflow/tekton/PipelineRun/$(context.pipelineRun.namespace)/view/$(context.pipelineRun.name)"
- name: DESCRIPTION
value: "auto-ci-push"
- name: STATE
value: "error"
taskRef:
name: gitea-set-status
tasks:
- name: inform-gitea-start
onError: continue
params:
- name: REPO_FULL_NAME
value: $(params.project-path)
- name: SHA
value: $(params.git-revision)
- name: TARGET_URL
value: "$(params.gramo-url)/workflow/tekton/PipelineRun/$(context.pipelineRun.namespace)/view/$(context.pipelineRun.name)"
- name: DESCRIPTION
value: "auto-ci-push"
- name: STATE
value: "pending"
taskRef:
name: gitea-set-status
- name: git-clone
params:
- name: url
value: $(params.git-url)
- name: revision
value: $(params.git-revision)
- name: branch
value: $(params.branch-name)
- name: depth
value: 0
taskRef:
name: git-clone
workspaces:
- name: output
workspace: source
- name: ssh-directory
workspace: ssh
- name: generate-build-id
runAfter: [git-clone]
params:
- name: branch
value: $(params.branch-name)
taskRef:
name: generate-build-id
workspaces:
- name: source
- name: detect-stages
runAfter: [generate-build-id]
params:
- name: pipeline-type
value: push
- name: artifactory-url
value: $(params.artifactory-url)
- name: project-name
value: $(params.project-name)
- name: project-path
value: $(params.project-path)
- name: image-version
value: "$(tasks.generate-build-id.results.build-id)"
taskRef:
name: auto-ci-detector
workspaces:
- name: source
- name: lint-shell
runAfter: ["detect-stages"]
onError: continue
when:
- input: "lint-shell"
operator: in
values: ["$(tasks.detect-stages.results.stages-lint[*])"]
params:
- name: args
value: $(tasks.detect-stages.results.shellcheck-args)
taskRef:
name: shellcheck
workspaces:
- name: shared-workspace
workspace: source
- name: lint-docker
onError: continue
runAfter: ["detect-stages"]
when:
- input: "lint-docker"
operator: in
values: ["$(tasks.detect-stages.results.stages-lint[*])"]
taskRef:
name: hadolint
matrix:
params:
- name: dockerfile-path
value: $(tasks.detect-stages.results.file-docker)
workspaces:
- name: source
- name: lint-yaml
onError: continue
runAfter: ["detect-stages"]
when:
- input: "lint-yaml"
operator: in
values: ["$(tasks.detect-stages.results.stages-lint[*])"]
params:
- name: args
value: ["."]
taskRef:
name: yaml-lint
workspaces:
- name: shared-workspace
workspace: source
- name: lint-black
onError: continue
runAfter: ["detect-stages"]
when:
- input: "lint-black"
operator: in
values: ["$(tasks.detect-stages.results.stages-lint[*])"]
params:
- name: args
value: $(tasks.detect-stages.results.black-args)
taskRef:
name: black
workspaces:
- name: shared-workspace
workspace: source
- name: lint-python
onError: continue
runAfter: ["detect-stages"]
when:
- input: "lint-python"
operator: in
values: ["$(tasks.detect-stages.results.stages-lint[*])"]
params:
- name: args
value: $(tasks.detect-stages.results.pylint-args)
taskRef:
name: pylint
workspaces:
- name: source
workspace: source
- name: lint-make
onError: continue
runAfter: ["detect-stages"]
when:
- input: "lint-make"
operator: in
values: ["$(tasks.detect-stages.results.stages-lint[*])"]
params:
- name: args
value: $(tasks.detect-stages.results.checkmake-args)
taskRef:
name: check-make
workspaces:
- name: shared-workspace
workspace: source
- name: lint-md
onError: continue
runAfter: ["detect-stages"]
when:
- input: "lint-md"
operator: in
values: ["$(tasks.detect-stages.results.stages-lint[*])"]
params:
- name: args
value: $(tasks.detect-stages.results.mdl-args)
taskRef:
name: markdown-lint
workspaces:
- name: shared-workspace
workspace: source
- name: lint-kube
onError: continue
runAfter: ["detect-stages"]
when:
- input: "lint-kube"
operator: in
values: ["$(tasks.detect-stages.results.stages-lint[*])"]
params:
- name: args
value: $(tasks.detect-stages.results.kubelinter-args)
- name: manifest
value: k8
- name: default_option
value: do-not-auto-add-defaults
- name: includelist
value: "no-extensions-v1beta,default-service-account,no-readiness-probe"
taskRef:
name: kube-linter
workspaces:
- name: source
- name: publish-docker
runAfter: ["lint-md","lint-kube","lint-make","lint-shell","lint-docker","lint-yaml","lint-black","lint-python"]
when:
- input: "publish-docker"
operator: in
values: ["$(tasks.detect-stages.results.stages-publish[*])"]
- input: "$(params.branch-name)"
operator: in
values: ["$(params.git-default-branch)"]
taskRef:
name: buildah
matrix:
params:
- name: DOCKERFILE
value: $(tasks.detect-stages.results.file-docker)
- name: IMAGE
value: $(tasks.detect-stages.results.images-name)
workspaces:
- name: source
- name: sslcertdir
- name: dockerconfig

273
share/gitea-tekton-org/tekton.dev_v1_Pipeline_auto-ci-tag.yaml
View File

@@ -1,273 +0,0 @@
apiVersion: tekton.dev/v1
kind: Pipeline
metadata:
name: auto-ci-tag
spec:
workspaces:
- name: source
- name: dockerconfig
- name: ssh
- name: sslcertdir
params:
- name: artifactory-url
default: docker.io
description: The url of the current artifactory
type: string
- name: gramo-url
default: https://gramo.media.rennes.home
type: string
- name: project-name
description: The name of the current project
type: string
- name: project-path
description: The path of the current project
type: string
- name: git-url
type: string
- name: git-revision
type: string
- name: tag-name
type: string
finally:
- name: cleanup
taskRef:
name: auto-ci-cleanup
workspaces:
- name: source
- name: inform-gitea-success
when:
- cel: "'$(tasks.status)' in ['Succeeded','Completed']"
params:
- name: REPO_FULL_NAME
value: $(params.project-path)
- name: SHA
value: $(params.git-revision)
- name: TARGET_URL
value: "$(params.gramo-url)/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)"
- name: DESCRIPTION
value: "auto-ci-tag"
- name: STATE
value: "success"
taskRef:
name: gitea-set-status
- name: inform-gitea-warning
when:
- cel: "'$(tasks.status)' == 'None'"
params:
- name: REPO_FULL_NAME
value: $(params.project-path)
- name: SHA
value: $(params.git-revision)
- name: TARGET_URL
value: "$(params.gramo-url)/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)"
- name: DESCRIPTION
value: "auto-ci-tag"
- name: STATE
value: "warning"
taskRef:
name: gitea-set-status
- name: inform-gitea-error
when:
- cel: "'$(tasks.status)' == 'Failed'"
params:
- name: REPO_FULL_NAME
value: $(params.project-path)
- name: SHA
value: $(params.git-revision)
- name: TARGET_URL
value: "$(params.gramo-url)/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)"
- name: DESCRIPTION
value: "auto-ci-tag"
- name: STATE
value: "error"
taskRef:
name: gitea-set-status
tasks:
- name: inform-gitea-start
onError: continue
params:
- name: REPO_FULL_NAME
value: $(params.project-path)
- name: SHA
value: $(params.git-revision)
- name: TARGET_URL
value: "$(params.gramo-url)/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)"
- name: DESCRIPTION
value: "auto-ci-tag"
- name: STATE
value: "pending"
taskRef:
name: gitea-set-status
- name: git-clone
params:
- name: url
value: $(params.git-url)
- name: revision
value: $(params.git-revision)
taskRef:
name: git-clone
workspaces:
- name: output
workspace: source
- name: ssh-directory
workspace: ssh
- name: detect-stages
runAfter: [git-clone]
params:
- name: pipeline-type
value: tag
- name: artifactory-url
value: $(params.artifactory-url)
- name: project-name
value: $(params.project-name)
- name: project-path
value: $(params.project-path)
- name: image-version
value: "$(params.tag-name)"
taskRef:
name: auto-ci-detector
workspaces:
- name: source
- name: lint-shell
runAfter: ["detect-stages"]
onError: stopAndFail
when:
- input: "lint-shell"
operator: in
values: ["$(tasks.detect-stages.results.stages-lint[*])"]
params:
- name: args
value: $(tasks.detect-stages.results.shellcheck-args)
taskRef:
name: shellcheck
workspaces:
- name: shared-workspace
workspace: source
- name: lint-docker
runAfter: ["detect-stages"]
onError: stopAndFail
when:
- input: "lint-docker"
operator: in
values: ["$(tasks.detect-stages.results.stages-lint[*])"]
taskRef:
name: hadolint
matrix:
params:
- name: dockerfile-path
value: $(tasks.detect-stages.results.file-docker)
workspaces:
- name: source
- name: lint-yaml
runAfter: ["detect-stages"]
onError: stopAndFail
when:
- input: "lint-yaml"
operator: in
values: ["$(tasks.detect-stages.results.stages-lint[*])"]
params:
- name: args
value: ["."]
taskRef:
name: yaml-lint
workspaces:
- name: shared-workspace
workspace: source
- name: lint-black
runAfter: ["detect-stages"]
onError: stopAndFail
when:
- input: "lint-black"
operator: in
values: ["$(tasks.detect-stages.results.stages-lint[*])"]
params:
- name: args
value: $(tasks.detect-stages.results.black-args)
taskRef:
name: black
workspaces:
- name: shared-workspace
workspace: source
- name: lint-python
runAfter: ["detect-stages"]
onError: stopAndFail
when:
- input: "lint-python"
operator: in
values: ["$(tasks.detect-stages.results.stages-lint[*])"]
params:
- name: args
value: $(tasks.detect-stages.results.pylint-args)
taskRef:
name: pylint
workspaces:
- name: source
workspace: source
- name: lint-make
onError: stopAndFail
runAfter: ["detect-stages"]
when:
- input: "lint-make"
operator: in
values: ["$(tasks.detect-stages.results.stages-lint[*])"]
params:
- name: args
value: $(tasks.detect-stages.results.checkmake-args)
taskRef:
name: check-make
workspaces:
- name: shared-workspace
workspace: source
- name: lint-md
onError: stopAndFail
runAfter: ["detect-stages"]
when:
- input: "lint-md"
operator: in
values: ["$(tasks.detect-stages.results.stages-lint[*])"]
params:
- name: args
value: $(tasks.detect-stages.results.mdl-args)
taskRef:
name: markdown-lint
workspaces:
- name: shared-workspace
workspace: source
- name: lint-kube
onError: stopAndFail
runAfter: ["detect-stages"]
when:
- input: "lint-kube"
operator: in
values: ["$(tasks.detect-stages.results.stages-lint[*])"]
params:
- name: args
value: $(tasks.detect-stages.results.kubelinter-args)
- name: manifest
value: k8
- name: default_option
value: do-not-auto-add-defaults
- name: includelist
value: "no-extensions-v1beta,default-service-account,no-readiness-probe"
taskRef:
name: kube-linter
workspaces:
- name: source
- name: publish-docker
runAfter: ["lint-md","lint-kube","lint-make","lint-shell","lint-docker","lint-yaml","lint-black","lint-python"]
when:
- input: "publish-docker"
operator: in
values: ["$(tasks.detect-stages.results.stages-publish[*])"]
taskRef:
name: buildah
matrix:
params:
- name: DOCKERFILE
value: $(tasks.detect-stages.results.file-docker)
- name: IMAGE
value: $(tasks.detect-stages.results.images-name)
workspaces:
- name: source
- name: sslcertdir
- name: dockerconfig

84
share/gitea-tekton-org/tekton.dev_v1_Task_auto-cd-activate.yaml
View File

@@ -1,84 +0,0 @@
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: auto-cd-activate
spec:
params:
- name: toolbox-image
default: sebt3/basic-toolbox-image:1.29.4
description: The name of the toolbox image
type: string
- name: issuer-name
default: letsencrypt-prod
type: string
- name: domain-name
type: string
- name: domain
type: string
- name: stages
type: array
- name: artifactory-url
description: The url of the current artifactory
- name: project-name
description: The git repository name
- name: project-path
description: The path of the current project
- name: git-repository-url
description: The git repository url
- name: deploy-url
description: The git repository url for the deploy project
steps:
- name: activate
image: $(params.toolbox-image)
workingDir: $(workspaces.source.path)
args:
- $(params.stages)
env:
- name: ARTIFACTORY_URL
value: $(params.artifactory-url)
- name: DOMAIN
value: $(params.domain)
- name: DOMAIN_NAME
value: $(params.domain-name)
- name: ISSUER_NAME
value: $(params.issuer-name)
- name: PROJECT_NAME
value: $(params.project-name)
- name: PROJECT_PATH
value: $(params.project-path)
- name: GIT_REPOSITORY_URL
value: $(params.git-repository-url)
- name: DEPLOY_URL
value: $(params.deploy-url)
- name: TEMPLATE_ROOT
value: /etc/templates
- name: WORKSPACE_SSH_DIRECTORY_PATH
value: $(workspaces.ssh-directory.path)
- name: NAMESPACE
value: $(context.taskRun.namespace)
script: |-
#!/usr/bin/env bash
. ${TEMPLATE_ROOT}/functions.sh
cleanup
git_prepare "$(params.deploy-url)" "Auto CD" "autocd@$(params.domain-name)"
install_base
create_prj "$@"
activate_prj "$@"
git_push "Activating $(params.project-name)"
cleanup
volumeMounts:
- mountPath: /etc/templates
name: templates
volumes:
- name: templates
configMap:
name: auto-cd-templates
workspaces:
- name: source
mountPath: /data
- description: |
A .ssh directory with private key, known_hosts, config, etc. Copied to
the user's home before git commands are executed. Used to authenticate
with the git remote when performing the clone. Binding a Secret to this
Workspace is strongly recommended over other volume types.
name: ssh-directory

83
share/gitea-tekton-org/tekton.dev_v1_Task_auto-cd-create.yaml
View File

@@ -1,83 +0,0 @@
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: auto-cd-create
spec:
params:
- name: toolbox-image
default: sebt3/basic-toolbox-image:1.29.4
description: The name of the toolbox image
type: string
- name: issuer-name
default: letsencrypt-prod
type: string
- name: domain-name
type: string
- name: domain
type: string
- name: stages
type: array
- name: artifactory-url
description: The url of the current artifactory
- name: project-name
description: The git repository name
- name: project-path
description: The path of the current project
- name: git-repository-url
description: The git repository url
- name: deploy-url
description: The git repository url for the deploy project
steps:
- name: create
image: $(params.toolbox-image)
workingDir: $(workspaces.source.path)
args:
- $(params.stages)
env:
- name: ARTIFACTORY_URL
value: $(params.artifactory-url)
- name: DOMAIN
value: $(params.domain)
- name: DOMAIN_NAME
value: $(params.domain-name)
- name: ISSUER_NAME
value: $(params.issuer-name)
- name: PROJECT_NAME
value: $(params.project-name)
- name: PROJECT_PATH
value: $(params.project-path)
- name: GIT_REPOSITORY_URL
value: $(params.git-repository-url)
- name: DEPLOY_URL
value: $(params.deploy-url)
- name: TEMPLATE_ROOT
value: /etc/templates
- name: WORKSPACE_SSH_DIRECTORY_PATH
value: $(workspaces.ssh-directory.path)
- name: NAMESPACE
value: $(context.taskRun.namespace)
script: |-
#!/usr/bin/env bash
. ${TEMPLATE_ROOT}/functions.sh
cleanup
git_prepare "$(params.deploy-url)" "Auto CD" "autocd@$(params.domain-name)"
install_base
create_prj "$@"
git_push "Adding $(params.project-name)"
cleanup
volumeMounts:
- mountPath: /etc/templates
name: templates
volumes:
- name: templates
configMap:
name: auto-cd-templates
workspaces:
- name: source
mountPath: /data
- description: |
A .ssh directory with private key, known_hosts, config, etc. Copied to
the user's home before git commands are executed. Used to authenticate
with the git remote when performing the clone. Binding a Secret to this
Workspace is strongly recommended over other volume types.
name: ssh-directory

82
share/gitea-tekton-org/tekton.dev_v1_Task_auto-cd-delete.yaml
View File

@@ -1,82 +0,0 @@
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: auto-cd-delete
spec:
params:
- name: toolbox-image
default: sebt3/basic-toolbox-image:1.29.4
description: The name of the toolbox image
type: string
- name: issuer-name
default: letsencrypt-prod
type: string
- name: domain-name
type: string
- name: domain
type: string
- name: stages
type: array
- name: artifactory-url
description: The url of the current artifactory
- name: project-name
description: The git repository name
- name: project-path
description: The path of the current project
- name: git-repository-url
description: The git repository url
- name: deploy-url
description: The git repository url for the deploy project
steps:
- name: delete
image: $(params.toolbox-image)
workingDir: $(workspaces.source.path)
args:
- $(params.stages)
env:
- name: ARTIFACTORY_URL
value: $(params.artifactory-url)
- name: DOMAIN
value: $(params.domain)
- name: DOMAIN_NAME
value: $(params.domain-name)
- name: ISSUER_NAME
value: $(params.issuer-name)
- name: PROJECT_NAME
value: $(params.project-name)
- name: PROJECT_PATH
value: $(params.project-path)
- name: GIT_REPOSITORY_URL
value: $(params.git-repository-url)
- name: DEPLOY_URL
value: $(params.deploy-url)
- name: TEMPLATE_ROOT
value: /etc/templates
- name: WORKSPACE_SSH_DIRECTORY_PATH
value: $(workspaces.ssh-directory.path)
- name: NAMESPACE
value: $(context.taskRun.namespace)
script: |-
#!/usr/bin/env bash
. ${TEMPLATE_ROOT}/functions.sh
cleanup
git_prepare "$(params.deploy-url)" "Auto CD" "autocd@$(params.domain-name)"
delete_prj "$@"
git_push "Removing $(params.project-name)"
cleanup
volumeMounts:
- mountPath: /etc/templates
name: templates
volumes:
- name: templates
configMap:
name: auto-cd-templates
workspaces:
- name: source
mountPath: /data
- description: |
A .ssh directory with private key, known_hosts, config, etc. Copied to
the user's home before git commands are executed. Used to authenticate
with the git remote when performing the clone. Binding a Secret to this
Workspace is strongly recommended over other volume types.
name: ssh-directory

20
share/gitea-tekton-org/tekton.dev_v1_Task_auto-ci-cleanup.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: auto-ci-cleanup
spec:
params:
- name: toolbox-image
default: sebt3/basic-toolbox-image:1.29.4
description: The name of the toolbox image
type: string
steps:
- name: cleanup
image: $(params.toolbox-image)
workingDir: $(workspaces.source.path)
script: |-
#!/usr/bin/env bash
rm -rf .* * || true
workspaces:
- name: source
mountPath: /data

51
share/gitea-tekton-org/tekton.dev_v1beta1_Task_generate-build-id.yaml
View File

@@ -1,51 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: generate-build-id
labels:
app.kubernetes.io/version: "0.1"
annotations:
tekton.dev/pipelines.minVersion: "0.12.1"
tekton.dev/categories: Build Tools
tekton.dev/tags: build-tool
tekton.dev/displayName: "buildid"
tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64"
spec:
description: >-
Given a base version, this task generates a unique build id by appending
the base-version to the current timestamp.
params:
- name: toolbox-image
default: sebt3/basic-toolbox-image:1.29.4
description: The name of the toolbox image
type: string
- name: branch
type: string
results:
- name: timestamp
description: Current timestamp
- name: commitcount
description: Current commitcount
- name: build-id
description: Current commitcount
steps:
- name: get-build-id
image: $(params.toolbox-image)
workingDir: $(workspaces.source.path)
script: |
#!/usr/bin/env bash
git config --global --add safe.directory /workspace/source
ts=`date "+%Y%m%d-%H%M%S"`
t2=`date "+%Y%m%d.%H%M%S"`
cc=`git rev-list --count HEAD`
buildId="$(params.branch)-${cc}.${t2}"
echo -n "Current Timestamp: "
echo -n ${ts} | tee $(results.timestamp.path)
echo -ne "\nCommit Count: "
echo -n ${cc} | tee $(results.commitcount.path)
echo -ne "\nBuild ID: "
echo -n ${buildId} | tee $(results.build-id.path)
workspaces:
- name: source
description: A workspace that contains the fetched git repository to create a version for.

255
share/gitea-tekton-org/tekton.dev_v1beta1_Task_git-clone.yaml
View File

@@ -1,255 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: git-clone
labels:
app.kubernetes.io/version: "0.9"
annotations:
tekton.dev/pipelines.minVersion: "0.38.0"
tekton.dev/categories: Git
tekton.dev/tags: git
tekton.dev/displayName: "git clone"
tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64"
spec:
description: >-
These Tasks are Git tasks to work with repositories used by other tasks
in your Pipeline.
The git-clone Task will clone a repo from the provided url into the
output Workspace. By default the repo will be cloned into the root of
your Workspace. You can clone into a subdirectory by setting this Task's
subdirectory param. This Task also supports sparse checkouts. To perform
a sparse checkout, pass a list of comma separated directory patterns to
this Task's sparseCheckoutDirectories param.
workspaces:
- name: output
description: The git repo will be cloned onto the volume backing this Workspace.
- name: ssh-directory
optional: true
description: |
A .ssh directory with private key, known_hosts, config, etc. Copied to
the user's home before git commands are executed. Used to authenticate
with the git remote when performing the clone. Binding a Secret to this
Workspace is strongly recommended over other volume types.
- name: basic-auth
optional: true
description: |
A Workspace containing a .gitconfig and .git-credentials file. These
will be copied to the user's home before any git commands are run. Any
other files in this Workspace are ignored. It is strongly recommended
to use ssh-directory over basic-auth whenever possible and to bind a
Secret to this Workspace over other volume types.
- name: ssl-ca-directory
optional: true
description: |
A workspace containing CA certificates, this will be used by Git to
verify the peer with when fetching or pushing over HTTPS.
params:
- name: toolbox-image
default: sebt3/basic-toolbox-image:1.29.4
description: The name of the toolbox image
type: string
- name: url
description: Repository URL to clone from.
type: string
- name: revision
description: Revision to checkout. (branch, tag, sha, ref, etc...)
type: string
default: ""
- name: refspec
description: Refspec to fetch before checking out revision.
default: ""
- name: submodules
description: Initialize and fetch git submodules.
type: string
default: "true"
- name: depth
description: Perform a shallow clone, fetching only the most recent N commits.
type: string
default: "1"
- name: sslVerify
description: Set the `http.sslVerify` global git config. Setting this to `false` is not advised unless you are sure that you trust your git remote.
type: string
default: "true"
- name: crtFileName
description: file name of mounted crt using ssl-ca-directory workspace. default value is ca-bundle.crt.
type: string
default: "ca-bundle.crt"
- name: subdirectory
description: Subdirectory inside the `output` Workspace to clone the repo into.
type: string
default: ""
- name: sparseCheckoutDirectories
description: Define the directory patterns to match or exclude when performing a sparse checkout.
type: string
default: ""
- name: deleteExisting
description: Clean out the contents of the destination directory if it already exists before cloning.
type: string
default: "true"
- name: httpProxy
description: HTTP proxy server for non-SSL requests.
type: string
default: ""
- name: httpsProxy
description: HTTPS proxy server for SSL requests.
type: string
default: ""
- name: noProxy
description: Opt out of proxying HTTP/HTTPS requests.
type: string
default: ""
- name: verbose
description: Log the commands that are executed during `git-clone`'s operation.
type: string
default: "true"
- name: userHome
description: |
Absolute path to the user's home directory.
type: string
default: "/home/git"
results:
- name: commit
description: The precise commit SHA that was fetched by this Task.
- name: url
description: The precise URL that was fetched by this Task.
- name: committer-date
description: The epoch timestamp of the commit that was fetched by this Task.
volumes:
- name: home
emptyDir: {}
steps:
- name: clone
image: $(params.toolbox-image)
env:
- name: HOME
value: "$(params.userHome)"
- name: PARAM_URL
value: $(params.url)
- name: PARAM_REVISION
value: $(params.revision)
- name: PARAM_REFSPEC
value: $(params.refspec)
- name: PARAM_SUBMODULES
value: $(params.submodules)
- name: PARAM_DEPTH
value: $(params.depth)
- name: PARAM_SSL_VERIFY
value: $(params.sslVerify)
- name: PARAM_CRT_FILENAME
value: $(params.crtFileName)
- name: PARAM_SUBDIRECTORY
value: $(params.subdirectory)
- name: PARAM_DELETE_EXISTING
value: $(params.deleteExisting)
- name: PARAM_HTTP_PROXY
value: $(params.httpProxy)
- name: PARAM_HTTPS_PROXY
value: $(params.httpsProxy)
- name: PARAM_NO_PROXY
value: $(params.noProxy)
- name: PARAM_VERBOSE
value: $(params.verbose)
- name: PARAM_SPARSE_CHECKOUT_DIRECTORIES
value: $(params.sparseCheckoutDirectories)
- name: PARAM_USER_HOME
value: $(params.userHome)
- name: WORKSPACE_OUTPUT_PATH
value: $(workspaces.output.path)
- name: WORKSPACE_SSH_DIRECTORY_BOUND
value: $(workspaces.ssh-directory.bound)
- name: WORKSPACE_SSH_DIRECTORY_PATH
value: $(workspaces.ssh-directory.path)
- name: WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND
value: $(workspaces.basic-auth.bound)
- name: WORKSPACE_BASIC_AUTH_DIRECTORY_PATH
value: $(workspaces.basic-auth.path)
- name: WORKSPACE_SSL_CA_DIRECTORY_BOUND
value: $(workspaces.ssl-ca-directory.bound)
- name: WORKSPACE_SSL_CA_DIRECTORY_PATH
value: $(workspaces.ssl-ca-directory.path)
securityContext:
runAsNonRoot: true
runAsUser: 65532
volumeMounts:
- mountPath: "$(params.userHome)"
name: home
script: |
#!/usr/bin/env sh
set -eu
if [ "${PARAM_VERBOSE}" = "true" ] ; then
set -x
fi
if [ "${WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND}" = "true" ] ; then
cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials" "${PARAM_USER_HOME}/.git-credentials"
cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig" "${PARAM_USER_HOME}/.gitconfig"
chmod 400 "${PARAM_USER_HOME}/.git-credentials"
chmod 400 "${PARAM_USER_HOME}/.gitconfig"
fi
if [ "${WORKSPACE_SSH_DIRECTORY_BOUND}" = "true" ] ; then
cp -R "${WORKSPACE_SSH_DIRECTORY_PATH}" "${PARAM_USER_HOME}"/.ssh
chmod 700 "${PARAM_USER_HOME}"/.ssh
chmod -R 400 "${PARAM_USER_HOME}"/.ssh/*
fi
if [ "${WORKSPACE_SSL_CA_DIRECTORY_BOUND}" = "true" ] ; then
export GIT_SSL_CAPATH="${WORKSPACE_SSL_CA_DIRECTORY_PATH}"
if [ "${PARAM_CRT_FILENAME}" != "" ] ; then
export GIT_SSL_CAINFO="${WORKSPACE_SSL_CA_DIRECTORY_PATH}/${PARAM_CRT_FILENAME}"
fi
fi
CHECKOUT_DIR="${WORKSPACE_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}"
cleandir() {
# Delete any existing contents of the repo directory if it exists.
#
# We don't just "rm -rf ${CHECKOUT_DIR}" because ${CHECKOUT_DIR} might be "/"
# or the root of a mounted volume.
if [ -d "${CHECKOUT_DIR}" ] ; then
# Delete non-hidden files and directories
rm -rf "${CHECKOUT_DIR:?}"/*
# Delete files and directories starting with . but excluding ..
rm -rf "${CHECKOUT_DIR}"/.[!.]*
# Delete files and directories starting with .. plus any other character
rm -rf "${CHECKOUT_DIR}"/..?*
fi
}
if [ "${PARAM_DELETE_EXISTING}" = "true" ] ; then
cleandir || true
fi
test -z "${PARAM_HTTP_PROXY}" || export HTTP_PROXY="${PARAM_HTTP_PROXY}"
test -z "${PARAM_HTTPS_PROXY}" || export HTTPS_PROXY="${PARAM_HTTPS_PROXY}"
test -z "${PARAM_NO_PROXY}" || export NO_PROXY="${PARAM_NO_PROXY}"
FETCH_CMD=""
if [ $PARAM_DEPTH -gt 0 ];then
FETCH_CMD="${FETCH_CMD} --depth $PARAM_DEPTH"
fi
git config --global --add safe.directory "${WORKSPACE_OUTPUT_PATH}"
git config --global --add http.sslVerify "${PARAM_SSL_VERIFY}"
cd "${CHECKOUT_DIR}"
git init
if [ "${PARAM_SPARSE_CHECKOUT_DIRECTORIES}" != "" ];then
git config --global --add core.sparsecheckout true
mkdir -p .git/info/
echo "${PARAM_SPARSE_CHECKOUT_DIRECTORIES}"|sed 's/,/\n/'>.git/info/sparse-checkout
chmod 644 .git/info/sparse-checkout
fi
git remote add origin "${PARAM_URL}"
git fetch "--recurse-submodules=${PARAM_SUBMODULES}" $FETCH_CMD origin --update-head-ok --force
git reset --hard "${PARAM_REVISION}"
cd "${CHECKOUT_DIR}"
RESULT_SHA="$(git rev-parse HEAD)"
EXIT_CODE="$?"
if [ "${EXIT_CODE}" != 0 ] ; then
exit "${EXIT_CODE}"
fi
RESULT_COMMITTER_DATE="$(git log -1 --pretty=%ct)"
printf "%s" "${RESULT_COMMITTER_DATE}" > "$(results.committer-date.path)"
printf "%s" "${RESULT_SHA}" > "$(results.commit.path)"
printf "%s" "${PARAM_URL}" > "$(results.url.path)"

52
share/gitea-tekton-org/tekton.dev_v1beta1_Task_git-version.yaml
View File

@@ -1,52 +0,0 @@
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: git-version
labels:
app.kubernetes.io/version: "0.1"
annotations:
tekton.dev/pipelines.minVersion: "0.12.0"
tekton.dev/displayName: "git version"
tekton.dev/categories: Git
tekton.dev/tags: git
tekton.dev/platforms: "linux/amd64"
spec:
description: >-
This task can be used to create a version from git history
params:
- name: gitversion-image
default: gittools/gitversion:6.0.0-alpine.3.18-7.0
description: The name of the toolbox image
type: string
- name: branch
type: string
results:
- description: The calculated git version you could use for git tagging e.g. "0.1.0-tektonize.1-188"
name: gitVersion
- description: A normalized version for use in container images e.g. "0.1.0-tektonize.1-188"
name: packageVersion
- name: shortSHA
steps:
- name: set-git-version
image: $(params.gitversion-image)
workingDir: $(workspaces.source.path)
script: |
#!/usr/bin/env ash
git switch $(params.branch)
ShortSha=$(/tools/dotnet-gitversion . /showvariable ShortSha)
echo -n "ShortSha: "
echo -n "${ShortSha}" | tee $(results.shortSHA.path)
echo
FullSemVer=$(/tools/dotnet-gitversion . /showvariable FullSemVer)
echo "FullSemVer: "
echo -n "${FullSemVer}" | tee $(results.gitVersion.path)
echo
# normalize a bit because
# image tags can only contain `abcdefghijklmnopqrstuvwxyz0123456789_-.ABCDEFGHIJKLMNOPQRSTUVWXYZ`
packageVersion=$(echo -n $FullSemVer | sed 's/[^-._0-9A-Za-z]/-/g'|sed 's/-/-beta./')
echo -n "packageVersion: "
echo -n "${packageVersion}" | tee $(results.packageVersion.path)
workspaces:
- name: source
description: A workspace that contains the fetched git repository to create a version for.

771
share/gitea-tekton-org/v1_ConfigMap_auto-cd-templates.yaml
View File

@@ -1,771 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: auto-cd-templates
data:
functions.sh: |-
added=0
copy() {
local src=${TEMPLATE_ROOT}/$1 dest=$2
if [ ! -f $dest ];then
cp "$src" "$dest"
git add "$dest"
added=$(($added+1))
fi
}
template() {
local src=${TEMPLATE_ROOT}/$1 dest=$2
if [ ! -f $dest ];then
envsubst '$ARTIFACTORY_URL,$DOMAIN,$DOMAIN_NAME,$ISSUER_NAME,$PROJECT_NAME,$PROJECT_PATH,$GIT_REPOSITORY_URL,$DEPLOY_URL,$STAGE,$ORG_NAME,$NAMESPACE' <"$src" >"$dest"
git add "$dest"
added=$(($added+1))
fi
}
git_push() {
local message=$1
if [ $added -ne 0 ];then
git commit -am "$message"
git push
fi
}
cleanup() {
rm -rf .* * || true
}
del_resources() {
local ress="$1" file="$2"
yq -i 'del(.resources[]|select(.=="'"$ress"'"))' "$file"
git add "$file"
added=$(($added+1))
}
add_resources() {
local ress="$1" file="$2"
del_resources "$@"
yq -i '.resources += "'"$ress"'"' "$file"
git add "$file"
added=$(($added+1))
}
git_prepare() {
local url="$1" username="$2" email="$3"
mkdir -p "${HOME}/.ssh"
cp "${WORKSPACE_SSH_DIRECTORY_PATH}"/* "${HOME}/.ssh"
chmod 700 "${HOME}/.ssh"
chmod 400 "${HOME}/.ssh"/*
git config --global user.name "$username"
git config --global user.email "$email"
git clone "$url" --branch main --depth 1 .
}
install_base() {
mkdir -p bases/project bases/install bases/deploy bases/images bases/trigger-push bases/trigger-tag ci
copy empty-kusto.yaml "ci/kustomization.yaml"
copy yamllint.yaml .yamllint.yaml
copy base-repo.yaml bases/images/repo.yaml
copy images-kusto.yaml bases/images/kustomization.yaml
copy base-deploy.yaml bases/project/deploy.yaml
copy base-secret.yaml bases/project/secret.yaml
copy base-config.yaml bases/project/config.yaml
copy base-service.yaml bases/project/service.yaml
copy base-kusto.yaml bases/project/kustomization.yaml
copy install-install.yaml bases/install/install.yaml
copy install-kusto.yaml bases/install/kustomization.yaml
copy deploy-kusto.yaml bases/deploy/kustomization.yaml
copy trigger-kusto.yaml bases/trigger-tag/kustomization.yaml
copy trigger-tag.yaml bases/trigger-tag/trigger.yaml
copy trigger-kusto.yaml bases/trigger-push/kustomization.yaml
copy trigger-push.yaml bases/trigger-push/trigger.yaml
template base-update.yaml.tmpl bases/images/update.yaml
template base-cert.yaml.tmpl bases/project/cert.yaml
template deploy-repo.yaml.tmpl bases/deploy/repo.yaml
if [ -f README.md ] && [ $(wc -l < README.md) -eq 2 ];then
rm README.md
fi
copy README.md README.md
}
create_prj() {
export ORG_NAME=$(echo ${PROJECT_PATH}|sed 's#/.*##')
mkdir -p "projects/${PROJECT_NAME}" "ci/${PROJECT_NAME}"
template ci-kusto.yaml.tmpl "ci/${PROJECT_NAME}/kustomization.yaml"
add_resources "${PROJECT_NAME}" "ci/kustomization.yaml"
template project-kusto.yaml.tmpl "projects/${PROJECT_NAME}/kustomization.yaml"
while [ $# -gt 0 ];do
export STAGE=$1
mkdir -p "stages/${STAGE}/${PROJECT_NAME}" "stages/${STAGE}/deploy/${PROJECT_NAME}"
template deploy-project-kusto.yaml.tmpl "stages/${STAGE}/deploy/${PROJECT_NAME}/kustomization.yaml"
if [ "${STAGE}" == "prod" ] || [ "${STAGE}" == "production" ];then
template deploy-policy-tag.yaml.tmpl "stages/${STAGE}/deploy/${PROJECT_NAME}/policy.yaml"
else
template deploy-policy-default.yaml.tmpl "stages/${STAGE}/deploy/${PROJECT_NAME}/policy.yaml"
fi
copy empty-kusto.yaml "stages/${STAGE}/deploy/kustomization.yaml"
del_resources "../../../bases/deploy" "stages/${STAGE}/deploy/kustomization.yaml"
template stage-kusto.yaml.tmpl "stages/${STAGE}/${PROJECT_NAME}/kustomization.yaml"
template stage-ingress.yaml.tmpl "stages/${STAGE}/${PROJECT_NAME}/ingress.yaml"
template stage-cert.yaml.tmpl "stages/${STAGE}/${PROJECT_NAME}/cert.yaml"
template stage-config.yaml.tmpl "stages/${STAGE}/${PROJECT_NAME}/config.yaml"
shift
done
}
activate_prj() {
export ORG_NAME=$(echo ${PROJECT_PATH}|sed 's#/.*##')
while [ $# -gt 0 ];do
export STAGE=$1
add_resources "${PROJECT_NAME}" "stages/${STAGE}/deploy/kustomization.yaml"
shift
done
}
delete_prj() {
rm -rf "projects/${PROJECT_NAME}"
while [ $# -gt 0 ];do
export STAGE=$1
rm -rf "stages/${STAGE}/${PROJECT_NAME}" "stages/${STAGE}/deploy/${PROJECT_NAME}"
del_resources "${PROJECT_NAME}" "stages/${STAGE}/deploy/kustomization.yaml"
del_resources "${PROJECT_NAME}" "ci/kustomization.yaml"
shift
done
}
ci-kusto.yaml.tmpl: |-
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namePrefix: ${PROJECT_NAME}-
resources:
- ../../bases/trigger-push
- ../../bases/trigger-tag
patches:
- target:
kind: Trigger
name: push
patch: |-
- op: replace
path: /spec/template/spec/resourcetemplates/0/spec/pipelineRef/name
value: auto-ci-push
- target:
kind: Trigger
name: push
patch: |-
apiVersion: triggers.tekton.dev/v1beta1
kind: Trigger
metadata:
name: "push"
spec:
interceptors:
- name: project-name
ref:
kind: ClusterInterceptor
name: cel
params:
- name: filter
value: body.repository.name == '${PROJECT_NAME}'
- target:
kind: Trigger
name: tag
patch: |-
- op: replace
path: /spec/template/spec/resourcetemplates/0/spec/pipelineRef/name
value: auto-ci-tag
- target:
kind: Trigger
name: tag
patch: |-
apiVersion: triggers.tekton.dev/v1beta1
kind: Trigger
metadata:
name: "tag"
spec:
interceptors:
- name: project-name
ref:
kind: ClusterInterceptor
name: cel
params:
- name: filter
value: body.repository.name == '${PROJECT_NAME}'
deploy-project-kusto.yaml.tmpl: |-
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namePrefix: ${PROJECT_NAME}-
commonLabels:
app.kubernetes.io/name: ${ORG_NAME}
app.kubernetes.io/component: ${PROJECT_NAME}
component: ${PROJECT_NAME}
resources:
- ../../../../bases/install
- ../../../../bases/images
- policy.yaml
patches:
- target:
kind: ImageRepository
name: repo
patch: |-
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImageRepository
metadata:
name: repo
spec:
image: ${ARTIFACTORY_URL}/${PROJECT_PATH}
- target:
kind: Kustomization
name: install
patch: |-
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: install
spec:
path: "./stages/${STAGE}/${PROJECT_NAME}"
targetNamespace: "${DOMAIN}-org-${ORG_NAME}-${STAGE}"
- target:
kind: ImageUpdateAutomation
name: update
patch: |-
apiVersion: image.toolkit.fluxcd.io/v1beta1
kind: ImageUpdateAutomation
metadata:
name: update
spec:
update:
path: ./stages/${STAGE}/${PROJECT_NAME}
deploy-policy-tag.yaml.tmpl: |-
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImagePolicy
metadata:
name: policy
labels:
app.kubernetes.io/component: ${PROJECT_NAME}
app.kubernetes.io/name: ${ORG_NAME}
component: ${PROJECT_NAME}
spec:
imageRepositoryRef:
name: ${PROJECT_NAME}-repo
filterTags:
pattern: '^v(?P<semver>.*)$'
extract: '$semver'
policy:
semver:
range: '>=0.1.0'
deploy-policy-default.yaml.tmpl: |-
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImagePolicy
metadata:
name: policy
labels:
app.kubernetes.io/component: ${PROJECT_NAME}
app.kubernetes.io/name: ${ORG_NAME}
component: ${PROJECT_NAME}
spec:
imageRepositoryRef:
name: ${PROJECT_NAME}-repo
filterTags:
pattern: '^main-(?P<semver>.*)$'
extract: '$semver'
policy:
semver:
range: '>=0.1.0'
README.md: |-
# Deployment configuration
Only valid if FluxCD is activated in the cluster
## File structure
- `ci/<project_name>`: Configuration for Tekton pipeline for <project_name>. Should contain triggers and pipelines.
- `projects/<project_name>`: Global configuration for <project_name> deployment, affect every stages
- `stages/<stage>/<project_name>`: Configuration for <project_name> deployment in the <stage> plateform
- `stages/<stage>/deploy`: FluxCD configuration for <stage>, should be deployed on that stage namespace as it deploy everything needed to deploy the projects
trigger-kusto.yaml: |-
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- trigger.yaml
trigger-push.yaml: |-
apiVersion: triggers.tekton.dev/v1beta1
kind: Trigger
metadata:
name: "push"
labels:
type: branch-push
spec:
bindings:
- name: artifactory-url
value: "$(extensions.artifactory-url)"
- name: project-name
value: "$(extensions.project-name)"
- name: project-path
value: "$(extensions.project-path)"
- name: git-repository-url
value: "$(extensions.git-repository-url)"
- name: git-revision
value: "$(extensions.git-revision)"
- name: branch-name
value: "$(extensions.branch-name)"
- name: git-default-branch
value: "$(extensions.git-default-branch)"
- name: generate-name
value: "$(extensions.generate-name)"
template:
spec:
params:
- name: artifactory-url
description: The url of the current artifactory
- name: project-name
description: The git repository name
- name: project-path
description: The path of the current project
- name: git-repository-url
description: The git repository url
- name: git-revision
description: The git revision
default: main
- name: git-default-branch
description: The git revision
default: main
- name: branch-name
description: The git branch
default: main
- name: generate-name
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: $(tt.params.generate-name)-
annotations:
"mayfly.cloud.namecheap.com/expire": "336h" # 2 weeks
spec:
pipelineRef:
name: "auto-ci-push"
params:
- name: artifactory-url
value: $(tt.params.artifactory-url)
- name: project-name
value: $(tt.params.project-name)
- name: project-path
value: $(tt.params.project-path)
- name: git-url
value: $(tt.params.git-repository-url)
- name: git-revision
value: $(tt.params.git-revision)
- name: git-default-branch
value: $(tt.params.git-default-branch)
- name: branch-name
value: $(tt.params.branch-name)
workspaces:
- name: source
persistentVolumeClaim:
claimName: source
subPath: $(tt.params.git-revision)
- name: dockerconfig
secret:
secretName: gitea-docker
items:
- key: ".dockerconfigjson"
path: "config.json"
- name: sslcertdir
secret:
secretName: gitea
items:
- key: "ca.crt"
path: "ca.crt"
- name: ssh
secret:
secretName: ssh-credentials
items:
- key: "known_hosts"
path: "known_hosts"
- key: "ssh-privatekey"
path: "id_rsa"
- key: "ssh-publickey"
path: "id_rsa.pub"
trigger-tag.yaml: |-
apiVersion: triggers.tekton.dev/v1beta1
kind: Trigger
metadata:
name: "tag"
labels:
type: tag-push
spec:
bindings:
- name: artifactory-url
value: "$(extensions.artifactory-url)"
- name: project-name
value: "$(extensions.project-name)"
- name: project-path
value: "$(extensions.project-path)"
- name: git-repository-url
value: "$(extensions.git-repository-url)"
- name: git-revision
value: "$(extensions.git-revision)"
- name: tag-name
value: $(extensions.tag-name)
- name: generate-name
value: "$(extensions.generate-name)"
template:
spec:
params:
- name: artifactory-url
description: The url of the current artifactory
- name: project-name
description: The git repository name
- name: project-path
description: The path of the current project
- name: git-repository-url
description: The git repository url
- name: git-revision
description: The git revision
default: main
- name: tag-name
description: The git tag
- name: generate-name
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: $(tt.params.generate-name)-
annotations:
"mayfly.cloud.namecheap.com/expire": "1440h" # 2 months
spec:
pipelineRef:
name: "auto-ci-tag"
params:
- name: artifactory-url
value: $(tt.params.artifactory-url)
- name: project-name
value: $(tt.params.project-name)
- name: project-path
value: $(tt.params.project-path)
- name: git-url
value: $(tt.params.git-repository-url)
- name: git-revision
value: $(tt.params.git-revision)
- name: tag-name
value: $(tt.params.tag-name)
workspaces:
- name: source
persistentVolumeClaim:
claimName: source
subPath: $(tt.params.git-revision)
- name: dockerconfig
secret:
secretName: gitea-docker
items:
- key: ".dockerconfigjson"
path: "config.json"
- name: sslcertdir
secret:
secretName: gitea
items:
- key: "ca.crt"
path: "ca.crt"
- name: ssh
secret:
secretName: ssh-credentials
items:
- key: "known_hosts"
path: "known_hosts"
- key: "ssh-privatekey"
path: "id_rsa"
- key: "ssh-publickey"
path: "id_rsa.pub"
empty-kusto.yaml: |-
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
images-kusto.yaml: |-
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- repo.yaml
- update.yaml
stage-kusto.yaml.tmpl: |-
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../projects/${PROJECT_NAME}
- ingress.yaml
commonLabels:
app.kubernetes.io/instance: ${STAGE}
images:
- name: appli
newName: ${ARTIFACTORY_URL}/${ORG_NAME}/${PROJECT_NAME}
newTag: latest # {"$imagepolicy": "${DOMAIN}-org-${ORG_NAME}-${STAGE}:${PROJECT_NAME}-policy:tag"}
patches:
- target:
kind: ConfigMap
name: ${PROJECT_NAME}-config
path: config.yaml
- target:
kind: Certificate
name: ${PROJECT_NAME}-web
path: cert.yaml
stage-ingress.yaml.tmpl: |-
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ${PROJECT_NAME}-web
labels:
app.kubernetes.io/component: ${PROJECT_NAME}
app.kubernetes.io/name: ${ORG_NAME}
component: ${PROJECT_NAME}
spec:
tls:
- hosts:
- ${PROJECT_NAME}.${STAGE}.${ORG_NAME}.${DOMAIN_NAME}
secretName: cert
rules:
- host: ${PROJECT_NAME}.${STAGE}.${ORG_NAME}.${DOMAIN_NAME}
http:
paths:
- backend:
service:
name: svc
port:
number: 80
path: /
pathType: Prefix
stage-cert.yaml.tmpl: |-
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: ${PROJECT_NAME}-web
spec:
secretName: ${PROJECT_NAME}-cert
dnsNames:
- ${PROJECT_NAME}.${STAGE}.${ORG_NAME}.${DOMAIN_NAME}
stage-config.yaml.tmpl: |-
apiVersion: v1
kind: ConfigMap
metadata:
name: ${PROJECT_NAME}-config
data:
ENV_VAR_NAME: env_var_value
yamllint.yaml: |-
---
extends: default
rules:
document-start:
present: true
empty-lines:
max-end: 1
indentation:
spaces: 2
indent-sequences: false
line-length: disable
colons:
max-spaces-after: -1
base-kusto.yaml: |-
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cert.yaml
- deploy.yaml
- service.yaml
- config.yaml
- secret.yaml
base-update.yaml.tmpl: |-
---
apiVersion: image.toolkit.fluxcd.io/v1beta1
kind: ImageUpdateAutomation
metadata:
name: update
spec:
interval: 5m
sourceRef:
kind: GitRepository
name: deploy-git
git:
checkout:
ref:
branch: main
commit:
author:
email: fluxcd.automation@${ARTIFACTORY_URL}
name: fluxcd
messageTemplate: |
Automated image update: {{ .AutomationObject }}
Files:
{{ range $filename, $_ := .Updated.Files -}}
- {{ $filename }}
{{ end -}}
Objects:
{{ range $resource, $_ := .Updated.Objects -}}
- {{ $resource.Kind }} {{ $resource.Name }}
{{ end -}}
Images:
{{ range .Updated.Images -}}
- {{.}}
{{ end -}}
{{- $ChangeId := .AutomationObject -}}
{{- $ChangeId = printf "%s-%s" $ChangeId ( .Updated.Files | toString ) -}}
{{- $ChangeId = printf "%s-%s" $ChangeId ( .Updated.Objects | toString ) -}}
{{- $ChangeId = printf "%s-%s" $ChangeId ( .Updated.Images | toString ) }}
Change-Name: {{ $ChangeId }}
Change-Id: {{ printf "I%s" ( sha256sum $ChangeId | trunc 40 ) }}
push:
branch: main
update:
strategy: Setters
base-repo.yaml: |-
---
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImageRepository
metadata:
name: repo
spec:
interval: 5m
provider: generic
secretRef:
name: gitea-docker
certSecretRef:
name: ssh-credentials-flux
base-cert.yaml.tmpl: |-
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: web
spec:
issuerRef:
group: cert-manager.io
kind: ClusterIssuer
name: ${ISSUER_NAME}
base-deploy.yaml: |-
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: app
spec:
replicas: 1
selector:
template:
spec:
securityContext:
runAsGroup: 1000
runAsUser: 1000
fsGroup: 1000
containers:
- name: app
image: appli
imagePullPolicy: IfNotPresent
envFrom:
- configMapRef:
name: "config"
- secretRef:
name: "secret"
base-secret.yaml: |-
---
apiVersion: v1
kind: Secret
metadata:
name: "secret"
annotations:
gramo.solidite.fr/no-parent: "true"
labels:
k8up.io/backup: "true"
type: Opaque
base-config.yaml: |-
---
apiVersion: v1
kind: ConfigMap
metadata:
name: "config"
labels:
k8up.io/backup: "true"
data:
base-service.yaml: |-
---
apiVersion: v1
kind: Service
metadata:
name: svc
spec:
ports:
- name: app
port: 80
protocol: TCP
targetPort: app
type: ClusterIP
install-install.yaml: |-
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: install
spec:
interval: 5m
sourceRef:
kind: GitRepository
name: deploy-git
prune: true
timeout: 1m
install-kusto.yaml: |-
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- install.yaml
deploy-repo.yaml.tmpl: |-
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: git
spec:
interval: 5m0s
url: ${DEPLOY_URL}
ref:
branch: main
secretRef:
name: ssh-credentials
deploy-kusto.yaml: |-
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namePrefix: deploy-
resources:
- repo.yaml
- ../install
project-kusto.yaml.tmpl: |-
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namePrefix: ${PROJECT_NAME}-
commonLabels:
app.kubernetes.io/name: ${ORG_NAME}
app.kubernetes.io/component: ${PROJECT_NAME}
component: ${PROJECT_NAME}
resources:
- ../../bases/project
patches:
- target:
kind: Deployment
name: app
patch: |-
apiVersion: apps/v1
kind: Deployment
metadata:
name: app
annotations:
configmap.reloader.stakater.com/reload: "${PROJECT_NAME}-config"
secret.reloader.stakater.com/reload: "${PROJECT_NAME}-secret"
spec:
selector:
template:
spec:
securityContext:
runAsGroup: 1000
runAsUser: 1000
fsGroup: 1000
containers:
- name: app
ports:
- name: app
containerPort: 8080
protocol: TCP