fix

2024-06-01 15:08:02 +02:00
parent a55965fe13
commit 8944d1380e
21 changed files with 2086 additions and 2163 deletions
--- a/share/gitea-tekton-org/auto.tf
+++ b/share/gitea-tekton-org/auto.tf
@@ -0,0 +1,351 @@
+locals {
+  push-labels = merge(local.common_labels, {
+    "type" = "branch-push"
+  })
+  tag-labels = merge(local.common_labels, {
+    "type" = "tag-push"
+  })
+}
+
+resource "kubectl_manifest" "auto-ci-detector" {
+  yaml_body  = <<-EOF
+    apiVersion: tekton.dev/v1
+    kind: Task
+    metadata:
+      name: auto-ci-detector
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.push-labels)}
+    spec:
+      results:
+        - name: stages-global
+          description: list of global actions
+          type: array
+        - name: stages-prepare
+          description: list of prepare actions
+          type: array
+        - name: stages-lint
+          description: list of lint actions
+          type: array
+        - name: stages-build
+          description: list of lint actions
+          type: array
+        - name: stages-test
+          description: list of test actions
+          type: array
+        - name: stages-publish
+          description: list of publish actions
+          type: array
+        - name: file-docker
+          description: list of Dockerfiles if any
+          type: array
+        - name: images-name
+          description: list of Dockerfiles image-name
+          type: array
+        - name: shellcheck-args
+          description: Arguments for shellcheck
+          type: array
+        - name: checkmake-args
+          description: Arguments for checkmake
+          type: array
+        - name: black-args
+          description: Arguments for black
+          type: array
+        - name: pylint-args
+          description: Arguments for pylint
+          type: array
+        - name: kubelinter-args
+          description: Arguments for kubelinter
+          type: array
+        - name: mdl-args
+          description: Arguments for mdl (Markdown linter)
+          type: array
+      params:
+        - name: toolbox-image
+          default: sebt3/basic-toolbox-image:1.29.4
+          description: The name of the toolbox image
+          type: string
+        - name: pipeline-type
+          default: push
+          description: Type of the pipeline (push,tag,pr...)
+          type: string
+        - name: artifactory-url
+          default: docker.io
+          description: The url of the current artifactory
+          type: string
+        - name: project-name
+          description: The name of the current project
+          type: string
+        - name: project-path
+          description: The path of the current project
+          type: string
+        - name: image-version
+          type: string
+      steps:
+        - name: detect-stages
+          image: $(params.toolbox-image)
+          workingDir: $(workspaces.source.path)
+          script: ${jsonencode(file("${path.module}/auto_ci_detector.py"))}
+      workspaces:
+        - name: source
+          mountPath: /data
+  EOF
+}
+
+
+data "kubernetes_secret_v1" "ssh-cred" {
+  metadata {
+    name = "ssh-credentials"
+    namespace = "${var.namespace}"
+  }
+}
+resource "kubernetes_secret_v1" "ci-git-secret" {
+  count = var.haveFlux?1:0
+  metadata {
+    name = "${var.component}-${var.instance}-ssh"
+    namespace = var.namespace
+  }
+  data = {
+    "identity" = data.kubernetes_secret_v1.ssh-cred.data["ssh-privatekey"]
+    "known_hosts" = data.kubernetes_secret_v1.ssh-cred.data["known_hosts"]
+  }
+}
+
+resource "kubectl_manifest" "ci-git-repo" {
+  count = var.haveFlux?1:0
+  yaml_body  = <<-EOF
+    apiVersion: source.toolkit.fluxcd.io/v1
+    kind: GitRepository
+    metadata:
+      name: "${var.instance}-${var.component}-ci"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.common_labels)}
+    spec:
+      interval: 5m0s
+      ref:
+        branch: main
+      secretRef:
+        name: ${var.component}-${var.instance}-ssh
+      url: ssh://git@${var.gitea_ssh_prefix}.${var.domain_name}:${var.gitea_ssh_port}/${var.organization}/deploy.git
+  EOF
+}
+
+resource "kubectl_manifest" "ci-kustomization" {
+  count = var.haveFlux?1:0
+  yaml_body  = <<-EOF
+    apiVersion: kustomize.toolkit.fluxcd.io/v1
+    kind: Kustomization
+    metadata:
+      name: "${var.instance}-${var.component}-ci"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.common_labels)}
+    spec:
+      interval: 5m
+      path: ./ci
+      prune: true
+      targetNamespace: "${var.namespace}"
+      sourceRef:
+        kind: GitRepository
+        name: "${var.instance}-${var.component}-ci"
+      timeout: 1m
+  EOF
+}
+
+resource "kubectl_manifest" "ci-trigger-push" {
+  count = var.haveFlux?0:1
+  yaml_body  = <<-EOF
+    apiVersion: triggers.tekton.dev/v1beta1
+    kind: Trigger
+    metadata:
+      name: "${var.instance}-${var.component}-auto-push"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.push-labels)}
+    spec:
+      bindings:
+      - name: artifactory-url
+        value: "$(extensions.artifactory-url)"
+      - name: project-name
+        value: "$(extensions.project-name)"
+      - name: project-path
+        value: "$(extensions.project-path)"
+      - name: git-repository-url
+        value: "$(extensions.git-repository-url)"
+      - name: git-revision
+        value: "$(extensions.git-revision)"
+      - name: branch-name
+        value: "$(extensions.branch-name)"
+      - name: git-default-branch
+        value: "$(extensions.git-default-branch)"
+      - name: generate-name
+        value: "$(extensions.generate-name)"
+      template:
+        spec:
+          params:
+          - name: artifactory-url
+            description: The url of the current artifactory
+          - name: project-name
+            description: The git repository name
+          - name: project-path
+            description: The path of the current project
+          - name: git-repository-url
+            description: The git repository url
+          - name: git-revision
+            description: The git revision
+            default: main
+          - name: git-default-branch
+            description: The git revision
+            default: main
+          - name: branch-name
+            description: The git branch
+            default: main
+          - name: generate-name
+          resourcetemplates:
+          - apiVersion: tekton.dev/v1beta1
+            kind: PipelineRun
+            metadata:
+              generateName: $(tt.params.generate-name)-
+              annotations:
+                "mayfly.cloud.namecheap.com/expire": "336h" # 2 weeks
+            spec:
+              pipelineRef:
+                name: "auto-ci-push"
+              params:
+              - name: artifactory-url
+                value: $(tt.params.artifactory-url)
+              - name: project-name
+                value: $(tt.params.project-name)
+              - name: project-path
+                value: $(tt.params.project-path)
+              - name: git-url
+                value: $(tt.params.git-repository-url)
+              - name: git-revision
+                value: $(tt.params.git-revision)
+              - name: git-default-branch
+                value: $(tt.params.git-default-branch)
+              - name: branch-name
+                value: $(tt.params.branch-name)
+              workspaces:
+              - name: source
+                persistentVolumeClaim:
+                  claimName: source
+                subPath: $(tt.params.git-revision)
+              - name: dockerconfig
+                secret:
+                  secretName: gitea-docker
+                  items:
+                  - key: ".dockerconfigjson"
+                    path: "config.json"
+              - name: sslcertdir
+                secret:
+                  secretName: gitea
+                  items:
+                  - key: "ca.crt"
+                    path: "ca.crt"
+              - name: ssh
+                secret:
+                  secretName: ssh-credentials
+                  items:
+                  - key: "known_hosts"
+                    path: "known_hosts"
+                  - key: "ssh-privatekey"
+                    path: "id_rsa"
+                  - key: "ssh-publickey"
+                    path: "id_rsa.pub"
+  EOF
+}
+resource "kubectl_manifest" "ci-trigger-tag" {
+  count = var.haveFlux?0:1
+  yaml_body  = <<-EOF
+    apiVersion: triggers.tekton.dev/v1beta1
+    kind: Trigger
+    metadata:
+    metadata:
+      name: "${var.instance}-${var.component}-auto-tag"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.tag-labels)}
+    spec:
+      bindings:
+      - name: artifactory-url
+        value: "$(extensions.artifactory-url)"
+      - name: project-name
+        value: "$(extensions.project-name)"
+      - name: project-path
+        value: "$(extensions.project-path)"
+      - name: git-repository-url
+        value: "$(extensions.git-repository-url)"
+      - name: git-revision
+        value: "$(extensions.git-revision)"
+      - name: tag-name
+        value: $(extensions.tag-name)
+      - name: generate-name
+        value: "$(extensions.generate-name)"
+      template:
+        spec:
+          params:
+          - name: artifactory-url
+            description: The url of the current artifactory
+          - name: project-name
+            description: The git repository name
+          - name: project-path
+            description: The path of the current project
+          - name: git-repository-url
+            description: The git repository url
+          - name: git-revision
+            description: The git revision
+            default: main
+          - name: tag-name
+            description: The git tag
+          - name: generate-name
+          resourcetemplates:
+          - apiVersion: tekton.dev/v1beta1
+            kind: PipelineRun
+            metadata:
+              generateName: $(tt.params.generate-name)-
+              annotations:
+                "mayfly.cloud.namecheap.com/expire": "1440h" # 2 months
+            spec:
+              pipelineRef:
+                name: "auto-ci-tag"
+              params:
+              - name: artifactory-url
+                value: $(tt.params.artifactory-url)
+              - name: project-name
+                value: $(tt.params.project-name)
+              - name: project-path
+                value: $(tt.params.project-path)
+              - name: git-url
+                value: $(tt.params.git-repository-url)
+              - name: git-revision
+                value: $(tt.params.git-revision)
+              - name: tag-name
+                value: $(tt.params.tag-name)
+              workspaces:
+              - name: source
+                persistentVolumeClaim:
+                  claimName: source
+                subPath: $(tt.params.git-revision)
+              - name: dockerconfig
+                secret:
+                  secretName: gitea-docker
+                  items:
+                  - key: ".dockerconfigjson"
+                    path: "config.json"
+              - name: sslcertdir
+                secret:
+                  secretName: gitea
+                  items:
+                  - key: "ca.crt"
+                    path: "ca.crt"
+              - name: ssh
+                secret:
+                  secretName: ssh-credentials
+                  items:
+                  - key: "known_hosts"
+                    path: "known_hosts"
+                  - key: "ssh-privatekey"
+                    path: "id_rsa"
+                  - key: "ssh-publickey"
+                    path: "id_rsa.pub"
+  EOF
+}
+
+