vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
domain/share/gitea-tekton-org/auto.tf
Sébastien Huss 8944d1380e fix
2024-06-01 15:08:02 +02:00

352 lines
11 KiB
HCL
Raw Permalink Blame History

locals {
push-labels = merge(local.common_labels, {
"type" = "branch-push"
})
tag-labels = merge(local.common_labels, {
"type" = "tag-push"
})
}
resource "kubectl_manifest" "auto-ci-detector" {
yaml_body = <<-EOF
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: auto-ci-detector
namespace: "${var.namespace}"
labels: ${jsonencode(local.push-labels)}
spec:
results:
- name: stages-global
description: list of global actions
type: array
- name: stages-prepare
description: list of prepare actions
type: array
- name: stages-lint
description: list of lint actions
type: array
- name: stages-build
description: list of lint actions
type: array
- name: stages-test
description: list of test actions
type: array
- name: stages-publish
description: list of publish actions
type: array
- name: file-docker
description: list of Dockerfiles if any
type: array
- name: images-name
description: list of Dockerfiles image-name
type: array
- name: shellcheck-args
description: Arguments for shellcheck
type: array
- name: checkmake-args
description: Arguments for checkmake
type: array
- name: black-args
description: Arguments for black
type: array
- name: pylint-args
description: Arguments for pylint
type: array
- name: kubelinter-args
description: Arguments for kubelinter
type: array
- name: mdl-args
description: Arguments for mdl (Markdown linter)
type: array
params:
- name: toolbox-image
default: sebt3/basic-toolbox-image:1.29.4
description: The name of the toolbox image
type: string
- name: pipeline-type
default: push
description: Type of the pipeline (push,tag,pr...)
type: string
- name: artifactory-url
default: docker.io
description: The url of the current artifactory
type: string
- name: project-name
description: The name of the current project
type: string
- name: project-path
description: The path of the current project
type: string
- name: image-version
type: string
steps:
- name: detect-stages
image: $(params.toolbox-image)
workingDir: $(workspaces.source.path)
script: ${jsonencode(file("${path.module}/auto_ci_detector.py"))}
workspaces:
- name: source
mountPath: /data
EOF
}
data "kubernetes_secret_v1" "ssh-cred" {
metadata {
name = "ssh-credentials"
namespace = "${var.namespace}"
}
}
resource "kubernetes_secret_v1" "ci-git-secret" {
count = var.haveFlux?1:0
metadata {
name = "${var.component}-${var.instance}-ssh"
namespace = var.namespace
}
data = {
"identity" = data.kubernetes_secret_v1.ssh-cred.data["ssh-privatekey"]
"known_hosts" = data.kubernetes_secret_v1.ssh-cred.data["known_hosts"]
}
}
resource "kubectl_manifest" "ci-git-repo" {
count = var.haveFlux?1:0
yaml_body = <<-EOF
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: "${var.instance}-${var.component}-ci"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common_labels)}
spec:
interval: 5m0s
ref:
branch: main
secretRef:
name: ${var.component}-${var.instance}-ssh
url: ssh://git@${var.gitea_ssh_prefix}.${var.domain_name}:${var.gitea_ssh_port}/${var.organization}/deploy.git
EOF
}
resource "kubectl_manifest" "ci-kustomization" {
count = var.haveFlux?1:0
yaml_body = <<-EOF
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: "${var.instance}-${var.component}-ci"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common_labels)}
spec:
interval: 5m
path: ./ci
prune: true
targetNamespace: "${var.namespace}"
sourceRef:
kind: GitRepository
name: "${var.instance}-${var.component}-ci"
timeout: 1m
EOF
}
resource "kubectl_manifest" "ci-trigger-push" {
count = var.haveFlux?0:1
yaml_body = <<-EOF
apiVersion: triggers.tekton.dev/v1beta1
kind: Trigger
metadata:
name: "${var.instance}-${var.component}-auto-push"
namespace: "${var.namespace}"
labels: ${jsonencode(local.push-labels)}
spec:
bindings:
- name: artifactory-url
value: "$(extensions.artifactory-url)"
- name: project-name
value: "$(extensions.project-name)"
- name: project-path
value: "$(extensions.project-path)"
- name: git-repository-url
value: "$(extensions.git-repository-url)"
- name: git-revision
value: "$(extensions.git-revision)"
- name: branch-name
value: "$(extensions.branch-name)"
- name: git-default-branch
value: "$(extensions.git-default-branch)"
- name: generate-name
value: "$(extensions.generate-name)"
template:
spec:
params:
- name: artifactory-url
description: The url of the current artifactory
- name: project-name
description: The git repository name
- name: project-path
description: The path of the current project
- name: git-repository-url
description: The git repository url
- name: git-revision
description: The git revision
default: main
- name: git-default-branch
description: The git revision
default: main
- name: branch-name
description: The git branch
default: main
- name: generate-name
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: $(tt.params.generate-name)-
annotations:
"mayfly.cloud.namecheap.com/expire": "336h" # 2 weeks
spec:
pipelineRef:
name: "auto-ci-push"
params:
- name: artifactory-url
value: $(tt.params.artifactory-url)
- name: project-name
value: $(tt.params.project-name)
- name: project-path
value: $(tt.params.project-path)
- name: git-url
value: $(tt.params.git-repository-url)
- name: git-revision
value: $(tt.params.git-revision)
- name: git-default-branch
value: $(tt.params.git-default-branch)
- name: branch-name
value: $(tt.params.branch-name)
workspaces:
- name: source
persistentVolumeClaim:
claimName: source
subPath: $(tt.params.git-revision)
- name: dockerconfig
secret:
secretName: gitea-docker
items:
- key: ".dockerconfigjson"
path: "config.json"
- name: sslcertdir
secret:
secretName: gitea
items:
- key: "ca.crt"
path: "ca.crt"
- name: ssh
secret:
secretName: ssh-credentials
items:
- key: "known_hosts"
path: "known_hosts"
- key: "ssh-privatekey"
path: "id_rsa"
- key: "ssh-publickey"
path: "id_rsa.pub"
EOF
}
resource "kubectl_manifest" "ci-trigger-tag" {
count = var.haveFlux?0:1
yaml_body = <<-EOF
apiVersion: triggers.tekton.dev/v1beta1
kind: Trigger
metadata:
metadata:
name: "${var.instance}-${var.component}-auto-tag"
namespace: "${var.namespace}"
labels: ${jsonencode(local.tag-labels)}
spec:
bindings:
- name: artifactory-url
value: "$(extensions.artifactory-url)"
- name: project-name
value: "$(extensions.project-name)"
- name: project-path
value: "$(extensions.project-path)"
- name: git-repository-url
value: "$(extensions.git-repository-url)"
- name: git-revision
value: "$(extensions.git-revision)"
- name: tag-name
value: $(extensions.tag-name)
- name: generate-name
value: "$(extensions.generate-name)"
template:
spec:
params:
- name: artifactory-url
description: The url of the current artifactory
- name: project-name
description: The git repository name
- name: project-path
description: The path of the current project
- name: git-repository-url
description: The git repository url
- name: git-revision
description: The git revision
default: main
- name: tag-name
description: The git tag
- name: generate-name
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: $(tt.params.generate-name)-
annotations:
"mayfly.cloud.namecheap.com/expire": "1440h" # 2 months
spec:
pipelineRef:
name: "auto-ci-tag"
params:
- name: artifactory-url
value: $(tt.params.artifactory-url)
- name: project-name
value: $(tt.params.project-name)
- name: project-path
value: $(tt.params.project-path)
- name: git-url
value: $(tt.params.git-repository-url)
- name: git-revision
value: $(tt.params.git-revision)
- name: tag-name
value: $(tt.params.tag-name)
workspaces:
- name: source
persistentVolumeClaim:
claimName: source
subPath: $(tt.params.git-revision)
- name: dockerconfig
secret:
secretName: gitea-docker
items:
- key: ".dockerconfigjson"
path: "config.json"
- name: sslcertdir
secret:
secretName: gitea
items:
- key: "ca.crt"
path: "ca.crt"
- name: ssh
secret:
secretName: ssh-credentials
items:
- key: "known_hosts"
path: "known_hosts"
- key: "ssh-privatekey"
path: "id_rsa"
- key: "ssh-publickey"
path: "id_rsa.pub"
EOF
}
Reference in New Issue View Git Blame Copy Permalink