locals { push-labels = merge(local.common_labels, { "type" = "branch-push" }) tag-labels = merge(local.common_labels, { "type" = "tag-push" }) } resource "kubectl_manifest" "auto-ci-detector" { yaml_body = <<-EOF apiVersion: tekton.dev/v1 kind: Task metadata: name: auto-ci-detector namespace: "${var.namespace}" labels: ${jsonencode(local.push-labels)} spec: results: - name: stages-global description: list of global actions type: array - name: stages-prepare description: list of prepare actions type: array - name: stages-lint description: list of lint actions type: array - name: stages-build description: list of lint actions type: array - name: stages-test description: list of test actions type: array - name: stages-publish description: list of publish actions type: array - name: file-docker description: list of Dockerfiles if any type: array - name: images-name description: list of Dockerfiles image-name type: array - name: shellcheck-args description: Arguments for shellcheck type: array - name: checkmake-args description: Arguments for checkmake type: array - name: black-args description: Arguments for black type: array - name: pylint-args description: Arguments for pylint type: array - name: kubelinter-args description: Arguments for kubelinter type: array - name: mdl-args description: Arguments for mdl (Markdown linter) type: array params: - name: toolbox-image default: sebt3/basic-toolbox-image:1.29.4 description: The name of the toolbox image type: string - name: pipeline-type default: push description: Type of the pipeline (push,tag,pr...) type: string - name: artifactory-url default: docker.io description: The url of the current artifactory type: string - name: project-name description: The name of the current project type: string - name: project-path description: The path of the current project type: string - name: image-version type: string steps: - name: detect-stages image: $(params.toolbox-image) workingDir: $(workspaces.source.path) script: ${jsonencode(file("${path.module}/auto-ci-detector.py"))} workspaces: - name: source mountPath: /data EOF } data "kubernetes_secret_v1" "ssh-cred" { metadata { name = "ssh-credentials" namespace = "${var.namespace}" } } resource "kubernetes_secret_v1" "ci-git-secret" { count = var.haveFlux?1:0 metadata { name = "${var.component}-${var.instance}-ssh" namespace = var.namespace } data = { "identity" = data.kubernetes_secret_v1.ssh-cred.data["ssh-privatekey"] "known_hosts" = data.kubernetes_secret_v1.ssh-cred.data["known_hosts"] } } resource "kubectl_manifest" "ci-git-repo" { count = var.haveFlux?1:0 yaml_body = <<-EOF apiVersion: source.toolkit.fluxcd.io/v1 kind: GitRepository metadata: name: "${var.instance}-${var.component}-ci" namespace: "${var.namespace}" labels: ${jsonencode(local.common_labels)} spec: interval: 5m0s ref: branch: main secretRef: name: ${var.component}-${var.instance}-ssh url: ssh://git@${var.gitea_ssh_prefix}.${var.domain_name}:${var.gitea_ssh_port}/${var.organization}/deploy.git EOF } resource "kubectl_manifest" "ci-kustomization" { count = var.haveFlux?1:0 yaml_body = <<-EOF apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: "${var.instance}-${var.component}-ci" namespace: "${var.namespace}" labels: ${jsonencode(local.common_labels)} spec: interval: 5m path: ./ci prune: true targetNamespace: "${var.namespace}" sourceRef: kind: GitRepository name: "${var.instance}-${var.component}-ci" timeout: 1m EOF } resource "kubectl_manifest" "ci-trigger-push" { count = var.haveFlux?0:1 yaml_body = <<-EOF apiVersion: triggers.tekton.dev/v1beta1 kind: Trigger metadata: name: "${var.instance}-${var.component}-auto-push" namespace: "${var.namespace}" labels: ${jsonencode(local.push-labels)} spec: bindings: - name: artifactory-url value: "$(extensions.artifactory-url)" - name: project-name value: "$(extensions.project-name)" - name: project-path value: "$(extensions.project-path)" - name: git-repository-url value: "$(extensions.git-repository-url)" - name: git-revision value: "$(extensions.git-revision)" - name: branch-name value: "$(extensions.branch-name)" - name: git-default-branch value: "$(extensions.git-default-branch)" - name: generate-name value: "$(extensions.generate-name)" template: spec: params: - name: artifactory-url description: The url of the current artifactory - name: project-name description: The git repository name - name: project-path description: The path of the current project - name: git-repository-url description: The git repository url - name: git-revision description: The git revision default: main - name: git-default-branch description: The git revision default: main - name: branch-name description: The git branch default: main - name: generate-name resourcetemplates: - apiVersion: tekton.dev/v1beta1 kind: PipelineRun metadata: generateName: $(tt.params.generate-name)- annotations: "mayfly.cloud.namecheap.com/expire": "336h" # 2 weeks spec: pipelineRef: name: "auto-ci-push" params: - name: artifactory-url value: $(tt.params.artifactory-url) - name: project-name value: $(tt.params.project-name) - name: project-path value: $(tt.params.project-path) - name: git-url value: $(tt.params.git-repository-url) - name: git-revision value: $(tt.params.git-revision) - name: git-default-branch value: $(tt.params.git-default-branch) - name: branch-name value: $(tt.params.branch-name) workspaces: - name: source persistentVolumeClaim: claimName: source subPath: $(tt.params.git-revision) - name: dockerconfig secret: secretName: gitea-docker items: - key: ".dockerconfigjson" path: "config.json" - name: sslcertdir secret: secretName: gitea items: - key: "ca.crt" path: "ca.crt" - name: ssh secret: secretName: ssh-credentials items: - key: "known_hosts" path: "known_hosts" - key: "ssh-privatekey" path: "id_rsa" - key: "ssh-publickey" path: "id_rsa.pub" EOF } resource "kubectl_manifest" "ci-trigger-tag" { count = var.haveFlux?0:1 yaml_body = <<-EOF apiVersion: triggers.tekton.dev/v1beta1 kind: Trigger metadata: metadata: name: "${var.instance}-${var.component}-auto-tag" namespace: "${var.namespace}" labels: ${jsonencode(local.tag-labels)} spec: bindings: - name: artifactory-url value: "$(extensions.artifactory-url)" - name: project-name value: "$(extensions.project-name)" - name: project-path value: "$(extensions.project-path)" - name: git-repository-url value: "$(extensions.git-repository-url)" - name: git-revision value: "$(extensions.git-revision)" - name: tag-name value: $(extensions.tag-name) - name: generate-name value: "$(extensions.generate-name)" template: spec: params: - name: artifactory-url description: The url of the current artifactory - name: project-name description: The git repository name - name: project-path description: The path of the current project - name: git-repository-url description: The git repository url - name: git-revision description: The git revision default: main - name: tag-name description: The git tag - name: generate-name resourcetemplates: - apiVersion: tekton.dev/v1beta1 kind: PipelineRun metadata: generateName: $(tt.params.generate-name)- annotations: "mayfly.cloud.namecheap.com/expire": "1440h" # 2 months spec: pipelineRef: name: "auto-ci-tag" params: - name: artifactory-url value: $(tt.params.artifactory-url) - name: project-name value: $(tt.params.project-name) - name: project-path value: $(tt.params.project-path) - name: git-url value: $(tt.params.git-repository-url) - name: git-revision value: $(tt.params.git-revision) - name: tag-name value: $(tt.params.tag-name) workspaces: - name: source persistentVolumeClaim: claimName: source subPath: $(tt.params.git-revision) - name: dockerconfig secret: secretName: gitea-docker items: - key: ".dockerconfigjson" path: "config.json" - name: sslcertdir secret: secretName: gitea items: - key: "ca.crt" path: "ca.crt" - name: ssh secret: secretName: ssh-credentials items: - key: "known_hosts" path: "known_hosts" - key: "ssh-privatekey" path: "id_rsa" - key: "ssh-publickey" path: "id_rsa.pub" EOF }