locals { finally = concat([yamldecode(<<-END name: cleanup taskRef: name: auto-ci-cleanup workspaces: - name: source END )], var.conditions.have_gitea?yamldecode(<<-END - name: inform-gitea-success when: - cel: '''$(tasks.status)'' in [''Succeeded'',''Completed'']' params: - name: REPO_FULL_NAME value: $(params.project-path) - name: SHA value: $(params.git-revision) - name: TARGET_URL value: $(params.gramo-url)/workflow/tekton/PipelineRun/$(context.pipelineRun.namespace)/view/$(context.pipelineRun.name) - name: DESCRIPTION value: auto-ci-push - name: STATE value: success taskRef: name: gitea-set-status - name: inform-gitea-warning when: - cel: '''$(tasks.status)'' == ''None''' params: - name: REPO_FULL_NAME value: $(params.project-path) - name: SHA value: $(params.git-revision) - name: TARGET_URL value: $(params.gramo-url)/workflow/tekton/PipelineRun/$(context.pipelineRun.namespace)/view/$(context.pipelineRun.name) - name: DESCRIPTION value: auto-ci-push - name: STATE value: warning taskRef: name: gitea-set-status - name: inform-gitea-error when: - cel: '''$(tasks.status)'' == ''Failed''' params: - name: REPO_FULL_NAME value: $(params.project-path) - name: SHA value: $(params.git-revision) - name: TARGET_URL value: $(params.gramo-url)/workflow/tekton/PipelineRun/$(context.pipelineRun.namespace)/view/$(context.pipelineRun.name) - name: DESCRIPTION value: auto-ci-push - name: STATE value: error taskRef: name: gitea-set-status END ):[]) cfg = { tag = yamldecode(<<-END onError: stopAndFail END ) push = yamldecode(<<-END onError: continue END ) } tasks = { gitea_start = yamldecode(<<-END name: inform-gitea-start onError: continue params: - name: REPO_FULL_NAME value: $(params.project-path) - name: SHA value: $(params.git-revision) - name: TARGET_URL value: $(params.gramo-url)/workflow/tekton/PipelineRun/$(context.pipelineRun.namespace)/view/$(context.pipelineRun.name) - name: DESCRIPTION value: auto-ci-push - name: STATE value: pending taskRef: name: gitea-set-status END ) git_clone = yamldecode(<<-END name: git-clone params: - name: url value: $(params.git-url) - name: revision value: $(params.git-revision) - name: branch value: $(params.branch-name) - name: depth value: 0 taskRef: name: git-clone workspaces: - name: output workspace: source - name: ssh-directory workspace: ssh END ) build_id = yamldecode(<<-END name: generate-build-id runAfter: - git-clone params: - name: branch value: $(params.branch-name) taskRef: name: generate-build-id workspaces: - name: source END ) detect_push = yamldecode(<<-END name: detect-stages runAfter: - generate-build-id params: - name: pipeline-type value: push - name: artifactory-url value: $(params.artifactory-url) - name: project-name value: $(params.project-name) - name: project-path value: $(params.project-path) - name: image-version value: $(tasks.generate-build-id.results.build-id) taskRef: name: auto-ci-detector workspaces: - name: source END ) detect_tag = yamldecode(<<-END name: detect-stages runAfter: - git-clone params: - name: pipeline-type value: tag - name: artifactory-url value: $(params.artifactory-url) - name: project-name value: $(params.project-name) - name: project-path value: $(params.project-path) - name: image-version value: $(params.tag-name) taskRef: name: auto-ci-detector workspaces: - name: source END ) lint_shell = yamldecode(<<-END name: lint-shell runAfter: - detect-stages when: - input: lint-shell operator: in values: - $(tasks.detect-stages.results.stages-lint[*]) params: - name: args value: $(tasks.detect-stages.results.shellcheck-args) taskRef: name: shellcheck workspaces: - name: shared-workspace workspace: source END ) lint_docker = yamldecode(<<-END name: lint-docker runAfter: - detect-stages when: - input: lint-docker operator: in values: - $(tasks.detect-stages.results.stages-lint[*]) taskRef: name: hadolint matrix: params: - name: dockerfile-path value: $(tasks.detect-stages.results.file-docker) workspaces: - name: source END ) lint_yaml = yamldecode(<<-END name: lint-yaml runAfter: - detect-stages when: - input: lint-yaml operator: in values: - $(tasks.detect-stages.results.stages-lint[*]) params: - name: args value: - . taskRef: name: yaml-lint workspaces: - name: shared-workspace workspace: source END ) lint_black = yamldecode(<<-END name: lint-black runAfter: - detect-stages when: - input: lint-black operator: in values: - $(tasks.detect-stages.results.stages-lint[*]) params: - name: args value: $(tasks.detect-stages.results.black-args) taskRef: name: black workspaces: - name: shared-workspace workspace: source END ) lint_python = yamldecode(<<-END name: lint-python runAfter: - detect-stages when: - input: lint-python operator: in values: - $(tasks.detect-stages.results.stages-lint[*]) params: - name: args value: $(tasks.detect-stages.results.pylint-args) taskRef: name: pylint workspaces: - name: source workspace: source END ) lint_make = yamldecode(<<-END name: lint-make runAfter: - detect-stages when: - input: lint-make operator: in values: - $(tasks.detect-stages.results.stages-lint[*]) params: - name: args value: $(tasks.detect-stages.results.checkmake-args) taskRef: name: check-make workspaces: - name: shared-workspace workspace: source END ) lint_md = yamldecode(<<-END name: lint-md runAfter: - detect-stages when: - input: lint-md operator: in values: - $(tasks.detect-stages.results.stages-lint[*]) params: - name: args value: $(tasks.detect-stages.results.mdl-args) taskRef: name: markdown-lint workspaces: - name: shared-workspace workspace: source END ) lint_kube = yamldecode(<<-END name: lint-kube runAfter: - detect-stages when: - input: lint-kube operator: in values: - $(tasks.detect-stages.results.stages-lint[*]) params: - name: args value: $(tasks.detect-stages.results.kubelinter-args) - name: manifest value: k8 - name: default_option value: do-not-auto-add-defaults - name: includelist value: no-extensions-v1beta,default-service-account,no-readiness-probe taskRef: name: kube-linter workspaces: - name: source END ) publish_docker = yamldecode(<<-END name: publish-docker runAfter: - lint-md - lint-kube - lint-make - lint-shell - lint-docker - lint-yaml - lint-black - lint-python when: - input: publish-docker operator: in values: - $(tasks.detect-stages.results.stages-publish[*]) - input: $(params.branch-name) operator: in values: - $(params.git-default-branch) taskRef: name: buildah matrix: params: - name: DOCKERFILE value: $(tasks.detect-stages.results.file-docker) - name: IMAGE value: $(tasks.detect-stages.results.images-name) workspaces: - name: source - name: sslcertdir - name: dockerconfig END ) } push_tasks = concat( var.conditions.have_gitea?[local.tasks.gitea_start]:[], [local.tasks.git_clone,local.tasks.build_id,local.tasks.detect_push], [merge(local.tasks.lint_black,local.cfg.push), merge(local.tasks.lint_python,local.cfg.push)], [ merge(local.tasks.lint_shell,local.cfg.push), merge(local.tasks.lint_docker,local.cfg.push), merge(local.tasks.lint_yaml,local.cfg.push), merge(local.tasks.lint_make,local.cfg.push), merge(local.tasks.lint_md,local.cfg.push), merge(local.tasks.lint_kube,local.cfg.push), ], [local.tasks.publish_docker] ) tag_tasks = concat( var.conditions.have_gitea?[local.tasks.gitea_start]:[], [local.tasks.gitea_start,local.tasks.git_clone,local.tasks.detect_tag], [merge(local.tasks.lint_black,local.cfg.tag), merge(local.tasks.lint_python,local.cfg.tag)], [ merge(local.tasks.lint_shell,local.cfg.tag), merge(local.tasks.lint_docker,local.cfg.tag), merge(local.tasks.lint_yaml,local.cfg.tag), merge(local.tasks.lint_make,local.cfg.tag), merge(local.tasks.lint_md,local.cfg.tag), merge(local.tasks.lint_kube,local.cfg.tag), ], [local.tasks.publish_docker] ) } resource "kubectl_manifest" "Pipeline_auto-ci-push" { yaml_body = <<-EOF apiVersion: tekton.dev/v1 kind: Pipeline metadata: name: auto-ci-push namespace: ${var.namespace} ownerReferences: ${jsonencode(var.install_owner)} labels: ${jsonencode(local.common_labels)} spec: workspaces: - name: source - name: dockerconfig - name: ssh - name: sslcertdir params: - name: artifactory-url default: docker.io description: The url of the current artifactory type: string - name: gramo-url default: https://gramo.${var.domain_name} type: string - name: project-name description: The name of the current project type: string - name: project-path description: The path of the current project type: string - name: git-default-branch description: The git revision default: main - name: git-url type: string - name: git-revision type: string - name: branch-name type: string finally: ${jsonencode(local.finally)} tasks: ${jsonencode(local.push_tasks)} EOF } resource "kubectl_manifest" "Pipeline_auto-ci-tag" { yaml_body = <<-EOF apiVersion: tekton.dev/v1 kind: Pipeline metadata: name: auto-ci-tag namespace: ${var.namespace} ownerReferences: ${jsonencode(var.install_owner)} labels: ${jsonencode(local.common_labels)} spec: workspaces: - name: source - name: dockerconfig - name: ssh - name: sslcertdir params: - name: artifactory-url default: docker.io description: The url of the current artifactory type: string - name: gramo-url default: https://gramo.${var.domain_name} type: string - name: project-name description: The name of the current project type: string - name: project-path description: The path of the current project type: string - name: git-url type: string - name: git-revision type: string - name: tag-name type: string finally: ${jsonencode(local.finally)} tasks: ${jsonencode(local.tag_tasks)} EOF }