From 1bd773d4097804aa7fd8eb9ab56115354b14559a Mon Sep 17 00:00:00 2001 From: Matthieu Lamalle Date: Wed, 20 Mar 2024 13:36:01 +0100 Subject: [PATCH] mise en place d'un pipeline de build d'image et mse --- .../base/tekton/event/imagebuild.yaml | 18 +++ kustomization/base/tekton/event/msebuild.yaml | 18 +++ .../base/tekton/pipeline/imagebuild.yaml | 127 ++++++++++++++++++ .../base/tekton/pipeline/msebuild.yaml | 102 ++++++++++++++ .../base/tekton/pipelinerun/pipelinerun.yaml | 39 ++++++ .../base/tekton/task/common/cleanup.yaml | 24 ++++ .../base/tekton/task/common/crane.yaml | 32 +++++ .../base/tekton/task/common/giteacomment.yaml | 53 ++++++++ .../tekton/task/common/imageformater.yaml | 34 +++++ .../base/tekton/task/common/trivy.yaml | 72 ++++++++++ .../tekton/task/symfonyapp/phpcsfixer.yaml | 28 ++++ .../task/symfonyapp/phpsecuritycheck.yaml | 32 +++++ .../base/tekton/task/symfonyapp/phpstan.yaml | 44 ++++++ .../tekton/task/symfonyapp/phpunittest.yaml | 68 ++++++++++ .../tekton/trigger/imagebuild-binding.yaml | 19 +++ .../tekton/trigger/imagebuild-template.yaml | 56 ++++++++ .../base/tekton/trigger/msebuild-binding.yaml | 17 +++ .../tekton/trigger/msebuild-template.yaml | 58 ++++++++ 18 files changed, 841 insertions(+) create mode 100644 kustomization/base/tekton/event/imagebuild.yaml create mode 100644 kustomization/base/tekton/event/msebuild.yaml create mode 100644 kustomization/base/tekton/pipeline/imagebuild.yaml create mode 100644 kustomization/base/tekton/pipeline/msebuild.yaml create mode 100644 kustomization/base/tekton/pipelinerun/pipelinerun.yaml create mode 100644 kustomization/base/tekton/task/common/cleanup.yaml create mode 100644 kustomization/base/tekton/task/common/crane.yaml create mode 100644 kustomization/base/tekton/task/common/giteacomment.yaml create mode 100644 kustomization/base/tekton/task/common/imageformater.yaml create mode 100644 kustomization/base/tekton/task/common/trivy.yaml create mode 100644 kustomization/base/tekton/task/symfonyapp/phpcsfixer.yaml create mode 100644 kustomization/base/tekton/task/symfonyapp/phpsecuritycheck.yaml create mode 100644 kustomization/base/tekton/task/symfonyapp/phpstan.yaml create mode 100644 kustomization/base/tekton/task/symfonyapp/phpunittest.yaml create mode 100644 kustomization/base/tekton/trigger/imagebuild-binding.yaml create mode 100644 kustomization/base/tekton/trigger/imagebuild-template.yaml create mode 100644 kustomization/base/tekton/trigger/msebuild-binding.yaml create mode 100644 kustomization/base/tekton/trigger/msebuild-template.yaml diff --git a/kustomization/base/tekton/event/imagebuild.yaml b/kustomization/base/tekton/event/imagebuild.yaml new file mode 100644 index 0000000..609dfce --- /dev/null +++ b/kustomization/base/tekton/event/imagebuild.yaml @@ -0,0 +1,18 @@ +apiVersion: triggers.tekton.dev/v1beta1 +kind: EventListener +metadata: + name: imagebuild +spec: + serviceAccountName: tekton-robot + triggers: + - name: imagebuild-trigger + interceptors: + - ref: + name: "cel" + params: + - name: "filter" + value: "body.action != 'deleted'" + bindings: + - ref: imagebuild-binding + template: + ref: imagebuild-template diff --git a/kustomization/base/tekton/event/msebuild.yaml b/kustomization/base/tekton/event/msebuild.yaml new file mode 100644 index 0000000..0d4c1c0 --- /dev/null +++ b/kustomization/base/tekton/event/msebuild.yaml @@ -0,0 +1,18 @@ +apiVersion: triggers.tekton.dev/v1beta1 +kind: EventListener +metadata: + name: msebuild +spec: + serviceAccountName: tekton-robot + triggers: + - name: msebuild-trigger + interceptors: + - ref: + name: "cel" + params: + - name: "filter" + value: "body.action != 'deleted'" + bindings: + - ref: msebuild-binding + template: + ref: msebuild-template diff --git a/kustomization/base/tekton/pipeline/imagebuild.yaml b/kustomization/base/tekton/pipeline/imagebuild.yaml new file mode 100644 index 0000000..005c499 --- /dev/null +++ b/kustomization/base/tekton/pipeline/imagebuild.yaml @@ -0,0 +1,127 @@ +apiVersion: tekton.dev/v1beta1 +kind: Pipeline +metadata: + name: imagebuild +spec: + description: | + This pipeline clones a git repo, then echoes the README file to the stout. + params: + - name: url + type: string + description: The git repo URL to clone from. + - name: revision + type: string + description: The git repo branch to checkout. + - name: image + type: string + description: The image to build. + - name: apiurl + type: string + description: The gitea api url. + - name: requesttype + type: string + description: The gitea request type = pullrequet or release + - name: requestid + type: string + description: The gitea request id. + - name: access_token + type: string + description: The gitea access_token id. + - name: dockerfile + type: string + description: Path to the Dockerfile to build. + + workspaces: + - name: shared-data + - name: config + - name: docker-credentials + + tasks: + # โญ Image Tag Formater + - name: imageformater + taskRef: + name: imageformater + params: + - name: image + value: $(params.image) + + # ๐Ÿ“ฅ Clone du repo git + - name: gitclone + taskRef: + name: git-clone + workspaces: + - name: output + workspace: shared-data + params: + - name: url + value: $(params.url) + - name: revision + value: $(params.revision) + - name: submodules + value: 'false' + - name: depth + value: '50' + + # ๐Ÿ”จ Build de l'image + - name: kaniko-build + taskRef: + name: kaniko + runAfter: ["gitclone"] + params: + - name: IMAGE + value: $(tasks.imageformater.results.imagetag) + - name: BUILDER_IMAGE + value: gcr.io/kaniko-project/executor:v1.20.0 + - name: DOCKERFILE + value: $(params.dockerfile) + - name: EXTRA_ARGS + value: + - --skip-tls-verify + - --insecure + - --no-push + - --tarPath=$(workspaces.source.path)/image.tar + - --destination=$(tasks.imageformater.results.imagetag) + workspaces: + - name: source + workspace: shared-data + - name: dockerconfig + workspace: docker-credentials + + # ๐Ÿ”Ž Scan de l'image + - name: trivy-scan + taskRef: + name: trivy-scanner + kind: Task + params: + - name: IMAGE_PATH + value: "$(workspaces.manifest-dir.path)/image.tar" + workspaces: + - name: manifest-dir + workspace: shared-data + runAfter: + - kaniko-build + + # ๐Ÿš€ Publication de l'image + - name: publish + taskRef: + name: crane-task + workspaces: + - name: source + workspace: shared-data + - name: dockerconfig + workspace: docker-credentials + params: + - name: IMAGE + value: $(tasks.imageformater.results.imagetag) + runAfter: + - trivy-scan + + finally: + # ๐Ÿงน Cleanup + - name: cleanup-workspace + taskRef: + name: cleanup-workspace + kind: Task + workspaces: + - name: source + workspace: shared-data diff --git a/kustomization/base/tekton/pipeline/msebuild.yaml b/kustomization/base/tekton/pipeline/msebuild.yaml new file mode 100644 index 0000000..add8bac --- /dev/null +++ b/kustomization/base/tekton/pipeline/msebuild.yaml @@ -0,0 +1,102 @@ +apiVersion: tekton.dev/v1beta1 +kind: Pipeline +metadata: + name: imagebuild +spec: + description: | + This pipeline clones a git repo, then echoes the README file to the stout. + params: + - name: url + type: string + description: The git repo URL to clone from. + - name: revision + type: string + description: The git repo branch to checkout. + - name: image + type: string + description: The image to build. + - name: apiurl + type: string + description: The gitea api url. + - name: requesttype + type: string + description: The gitea request type = pullrequet or release + - name: requestid + type: string + description: The gitea request id. + - name: access_token + type: string + description: The gitea access_token id. + - name: dockerfile + type: string + description: Path to the Dockerfile to build. + + workspaces: + - name: shared-data + - name: config + - name: docker-credentials + + tasks: + - name: portal + pipelineRef: + name: imagebuild + params: + - name: dockerfile + value: misc/k8s/images/portal + - name: image + value: reg.cadoles.com/portal + + - name: job-base + pipelineRef: + name: imagebuild + params: + - name: dockerfile + value: misc/k8s/images/job-base + - name: image + value: reg.cadoles.com/job-base + + - name: mock + pipelineRef: + name: imagebuild + params: + - name: dockerfile + value: misc/k8s/images/mock + - name: image + value: reg.cadoles.com/mock + + - name: ines + pipelineRef: + name: imagebuild + params: + - name: dockerfile + value: misc/k8s/images/ines + - name: image + value: reg.cadoles.com/ines + + - name: shibboleth-sp + pipelineRef: + name: imagebuild + params: + - name: dockerfile + value: misc/k8s/images/sp + - name: image + value: reg.cadoles.com/shibboleth-sp + + - name: hydra-dispatcher-mse-theme + pipelineRef: + name: imagebuild + params: + - name: dockerfile + value: misc/k8s/images/hydra-dispatcher-mse-theme + - name: image + value: reg.cadoles.com/hydra-dispatcher-mse-theme + + - name: hydra-sql-mse-theme + pipelineRef: + name: imagebuild + params: + - name: dockerfile + value: misc/k8s/images/hydra-sql-mse-theme + - name: image + value: reg.cadoles.com/hydra-sql-mse-theme + diff --git a/kustomization/base/tekton/pipelinerun/pipelinerun.yaml b/kustomization/base/tekton/pipelinerun/pipelinerun.yaml new file mode 100644 index 0000000..96b177a --- /dev/null +++ b/kustomization/base/tekton/pipelinerun/pipelinerun.yaml @@ -0,0 +1,39 @@ +apiVersion: tekton.dev/v1beta1 +kind: PipelineRun +metadata: + generateName: symfonyapp-run- + namespace: tekton +spec: + serviceAccountName: build-bot + pipelineRef: + name: symfonyapp + podTemplate: + securityContext: + fsGroup: 65532 + workspaces: + - name: shared-data + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + - name: config + configmap: + name: config-php-cs-fixer + - name: docker-credentials + secret: + secretName: regcred + params: + - name: repo-url + value: https://forge.cadoles.com/CNOUS/mse.git + - name: revision + value: sprint-6 + - name: destination + value: k8s + - name: image + value: reg.cadoles.com/mlamalle/testtekton + - name: dockerfile + value: ./misc/k8s/images/job-base/Dockerfile + diff --git a/kustomization/base/tekton/task/common/cleanup.yaml b/kustomization/base/tekton/task/common/cleanup.yaml new file mode 100644 index 0000000..92f8398 --- /dev/null +++ b/kustomization/base/tekton/task/common/cleanup.yaml @@ -0,0 +1,24 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: cleanup-workspace +spec: + workspaces: + - name: source + steps: + - name: cleanup + image: alpine:latest + command: + - /bin/sh + args: + - '-c' + - | + #set -e + + echo "" + echo "== CLEAN UP WORKSPACES ===================================" + rm -rf /workspace/* + + echo "" + echo "" + diff --git a/kustomization/base/tekton/task/common/crane.yaml b/kustomization/base/tekton/task/common/crane.yaml new file mode 100644 index 0000000..5217415 --- /dev/null +++ b/kustomization/base/tekton/task/common/crane.yaml @@ -0,0 +1,32 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: crane-task +spec: + workspaces: + - name: source + - name: dockerconfig + params: + - name: IMAGE + type: string + description: "The image to push." + steps: + - name: push-image-tar + image: gcr.io/go-containerregistry/crane:debug + script: | + #!/busybox/sh + set -eu -o pipefail + + echo "" + echo "== CONFIGURE CREDENTIALS ===================================" + + mkdir ~/.docker + cp $(workspaces.dockerconfig.path)/config.json ~/.docker/config.json + echo "" + echo "== PUSH IMAGE ===================================" + + crane push $(workspaces.source.path)/image.tar $(params.IMAGE) + + echo "" + echo "" + diff --git a/kustomization/base/tekton/task/common/giteacomment.yaml b/kustomization/base/tekton/task/common/giteacomment.yaml new file mode 100644 index 0000000..d11f8d9 --- /dev/null +++ b/kustomization/base/tekton/task/common/giteacomment.yaml @@ -0,0 +1,53 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: giteacomment +spec: + description: Send file content to a comment of the pullrequest gitea + workspaces: + - name: source + params: + - name: apiurl + - name: requestid + - name: access_token + - name: title + - name: filepath + steps: + - name: exec + image: alpine + command: + - /bin/sh + args: + - '-c' + - | + #set -e + + cd $(workspaces.source.path) + + echo "" + echo "== INSTALL DEPENDENCIES ===================================" + apk add jq curl + + echo "" + echo "== SEND COMMENT TO GITEA =================================" + + if [[ -n "$(params.title)" ]]; then + sed -i '1i\# $(params.title)' $(params.filepath) + fi + + RESULT=$(cat $(params.filepath)) + rm -f $(params.filepath) + APIURL=$(params.apiurl)/issues/$(params.requestid)/comments?access_token=$(params.access_token) + RESULT_ESCAPED=$(jq --null-input --arg result "${RESULT}" '$result') + BODY="{\"body\": ${RESULT_ESCAPED}}" + echo ${BODY} + + curl -X 'POST' \ + ${APIURL} \ + -s \ + -H 'accept: application/json' \ + -H 'Content-Type: application/json' \ + -d "${BODY}" + + echo "" + echo "" diff --git a/kustomization/base/tekton/task/common/imageformater.yaml b/kustomization/base/tekton/task/common/imageformater.yaml new file mode 100644 index 0000000..d17a937 --- /dev/null +++ b/kustomization/base/tekton/task/common/imageformater.yaml @@ -0,0 +1,34 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: imageformater +spec: + description: transform image name to standart name + params: + - name: image + - name: tag + results: + - name: imagetag + steps: + - name: exec + image: alpine + command: + - /bin/sh + args: + - '-c' + - | + #set -e + + echo "" + echo "== IMAGE NAME FORMATER ===================================" + + echo "IMAGE TAG BEFORE = $(params.image):$(params.tag)" + + temp="$(params.image):$(params.tag)" + lowercase=$(echo "$temp" | awk '{print tolower($0)}') + echo "IMAGE TAG AFTER = ${lowercase}" + + echo -n "${lowercase}" > "$(results.imagetag.path)" + + echo "" + echo "" diff --git a/kustomization/base/tekton/task/common/trivy.yaml b/kustomization/base/tekton/task/common/trivy.yaml new file mode 100644 index 0000000..099f6fc --- /dev/null +++ b/kustomization/base/tekton/task/common/trivy.yaml @@ -0,0 +1,72 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: trivy-scanner + labels: + app.kubernetes.io/version: "0.2" + annotations: + tekton.dev/pipelines.minVersion: "0.12.1" + tekton.dev/categories: Security + tekton.dev/tags: CLI, trivy + tekton.dev/displayName: "trivy scanner" + tekton.dev/platforms: "linux/amd64,linux/arm64,linux/ppc64le,linux/390x" +spec: + description: >- + Trivy is a simple and comprehensive scanner for + vulnerabilities in container images,file systems + ,and Git repositories, as well as for configuration issues. + + This task can be used to scan for vulnenrabilities on the source code + in stand alone mode. + workspaces: + - name: manifest-dir + params: + - name: TRIVY_IMAGE + default: docker.io/aquasec/trivy@sha256:944a044451791617cc0ed2ee4d1942a4f66b790d527fcd0575a6b399ccbc05a1 # 0.43.1 + description: Trivy scanner image to be used + - name: IMAGE_PATH + description: Image or Path to be scanned by trivy. + type: string + - name: AIR_GAPPED_ENABLED + default: "false" + description: a flag enabling Air-Gapped mode + type: string + steps: + - name: trivy-scan + image: $(params.TRIVY_IMAGE) + workingDir: $(workspaces.manifest-dir.path) + script: | + #!/usr/bin/env sh + + echo "" + echo "== SCAN IMAGE ===================================" + + cmd="trivy $* " + if [ "$(params.AIR_GAPPED_ENABLED)" = "true" ]; then + echo "Air-Gapped mode enabled" + TRIVY_TEMP_DIR=$(mktemp -d) + trivy --cache-dir "$TRIVY_TEMP_DIR" image --download-db-only + tar -cf ./db.tar.gz -C "$TRIVY_TEMP_DIR/db" metadata.json trivy.db + rm -rf "$TRIVY_TEMP_DIR" + mkdir -p "$HOME"/.cache/trivy/db + tar xvf ./db.tar.gz -C "$HOME"/.cache/trivy/db + + cmd="${cmd}--skip-update " + fi + + cmd="${cmd}$(params.IMAGE_PATH)" + echo "Running trivy task with command below" + echo "$cmd" + eval "$cmd" + cat temp_trivy.txt + + args: + - "image" + - "--exit-code" + - "1" + - "--severity" + - "CRITICAL" + - "--no-progress" + - "-o" + - "temp_trivy.json" + - "--input" diff --git a/kustomization/base/tekton/task/symfonyapp/phpcsfixer.yaml b/kustomization/base/tekton/task/symfonyapp/phpcsfixer.yaml new file mode 100644 index 0000000..7327905 --- /dev/null +++ b/kustomization/base/tekton/task/symfonyapp/phpcsfixer.yaml @@ -0,0 +1,28 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: phpcsfixer +spec: + description: PHP-CS-Fixer on modified code + workspaces: + - name: source + - name: config + steps: + - name: exec + image: ghcr.io/php-cs-fixer/php-cs-fixer:3-php8.3 + command: + - /bin/sh + args: + - '-c' + - | + #set -e + cd $(workspaces.source.path) + + echo "" + echo "== RUN PHP-CS-FIXER ======================================" + EXTRA_ARGS=$(printf -- '--path-mode=intersection -- %s' "${CHANGED_FILES}") + php-cs-fixer fix --dry-run --config=$(workspaces.config.path)/php-cs-fixer.dist.php ${EXTRA_ARGS} > temp_phpcsfixer.txt 2>&1 + cat temp_phpcsfixer.txt + + echo "" + echo "" diff --git a/kustomization/base/tekton/task/symfonyapp/phpsecuritycheck.yaml b/kustomization/base/tekton/task/symfonyapp/phpsecuritycheck.yaml new file mode 100644 index 0000000..228350b --- /dev/null +++ b/kustomization/base/tekton/task/symfonyapp/phpsecuritycheck.yaml @@ -0,0 +1,32 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: phpsecuritycheck +spec: + description: Check PHP security issues + workspaces: + - name: source + steps: + - name: exec + image: alpine:latest + script: | + #!/bin/sh + #set -e + + echo "" + echo "== INSTALL PHP-SECURITY-CHECKER ==========================" + export PHP_SECURITY_CHECKER_VERSION=1.0.0 + export ARG JQ_VERSION=1.6 + wget -O /usr/local/bin/local-php-security-checker https://github.com/fabpot/local-php-security-checker/releases/download/v${PHP_SECURITY_CHECKER_VERSION}/local-php-security-checker_${PHP_SECURITY_CHECKER_VERSION}_linux_amd64 \ + && chmod +x /usr/local/bin/local-php-security-checker + + + echo "" + echo "== RUN PHP-SECURITY-CHECKER ==============================" + cd $(workspaces.source.path) + local-php-security-checker --format=markdown > temp_phpsecuritychecker.txt 2>&1 + RESULT=$(cat temp_phpsecuritychecker.txt) + echo "${RESULT}" + + echo "" + echo "" diff --git a/kustomization/base/tekton/task/symfonyapp/phpstan.yaml b/kustomization/base/tekton/task/symfonyapp/phpstan.yaml new file mode 100644 index 0000000..11c2860 --- /dev/null +++ b/kustomization/base/tekton/task/symfonyapp/phpstan.yaml @@ -0,0 +1,44 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: phpstan +spec: + description: PHP-CS-Fixer on modified code + workspaces: + - name: source + params: + - name: apiurl + - name: requestid + - name: access_token + steps: + - name: exec + image: ghcr.io/phpstan/phpstan:1 + command: + - /bin/sh + args: + - '-c' + - | + #set -e + + echo "" + echo "== INSTALL PHPSTAN =======================================" + composer require phpstan/phpstan-symfony + composer require phpstan/phpstan-doctrine + + cat << EOF > /app/phpstan.neon + includes: + - /app/vendor/phpstan/phpstan-symfony/extension.neon + - /app/vendor/phpstan/phpstan-doctrine/extension.neon + - /app/vendor/phpstan/phpstan-doctrine/rules.neon + EOF + + echo "" + echo "== RUN PHPSTAN ===========================================" + cd $(workspaces.source.path) + php $(which phpstan) analyse -l 1 --error-format=table src/ > temp_phpstan.txt + RESULT=$(cat temp_phpstan.txt) + echo "${RESULT}" + + echo "" + echo "" + diff --git a/kustomization/base/tekton/task/symfonyapp/phpunittest.yaml b/kustomization/base/tekton/task/symfonyapp/phpunittest.yaml new file mode 100644 index 0000000..f90a01d --- /dev/null +++ b/kustomization/base/tekton/task/symfonyapp/phpunittest.yaml @@ -0,0 +1,68 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: phpunittest +spec: + description: PHP unit test with bdd sidecar + workspaces: + - name: source + sidecars: + - name: database + image: postgres:16 + env: + - name: POSTGRES_PASSWORD + value: not_so_secret + - name: POSTGRES_HOST_AUTH_METHOD + value: trust + - name: redis + image: redis:4.0 + + steps: + - name: exec + image: reg.cadoles.com/cadoles/symfony:alpine-php-7.4-base-20230926 + env: + - name: PHP_FPM_MEMORY_LIMIT + value: 512m + - name: MSE_DATABASE_DRIVER + value: pdo_pgsql + - name: MSE_DATABASE_HOST + value: localhost + - name: MSE_DATABASE_PORT + value: '5432' + - name: MSE_DATABASE_NAME + value: postgres + - name: MSE_DATABASE_USER + value: postgres + - name: MSE_DATABASE_PASSWORD + value: not_so_secret + - name: MSE_REDIS_SERVER + value: localhost + - name: MSE_REDIS_PORT + value: '6379' + command: + - /bin/sh + args: + - '-c' + - | + set -e + apk add bash=5.1.16-r0 \ + postgresql-client \ + php7-gd=7.4.33-r1 \ + php7-xsl=7.4.33-r1 \ + php7-pdo=7.4.33-r1 \ + php7-pgsql=7.4.33-r1 \ + php7-pdo_pgsql=7.4.33-r1 \ + php7-soap=7.4.33-r1 \ + php7-ldap=7.4.33-r1 \ + php7-pdo_mysql=7.4.33-r1 \ + php7-bcmath=7.4.33-r1 \ + php7-intl=7.4.33-r1 \ + php7-fileinfo=7.4.33-r1 \ + php7-iconv=7.4.33-r1 \ + php7-pecl-amqp=1.11.0-r0 \ + php7-pecl-redis=5.3.6-r0 + cd $(workspaces.source.path) + app/console doctrine:migrations:migrate -n + ./scripts/run-php-tests.sh --group unit --stderr --testdox -d memory_limit=512M + + diff --git a/kustomization/base/tekton/trigger/imagebuild-binding.yaml b/kustomization/base/tekton/trigger/imagebuild-binding.yaml new file mode 100644 index 0000000..23a6e8c --- /dev/null +++ b/kustomization/base/tekton/trigger/imagebuild-binding.yaml @@ -0,0 +1,19 @@ +apiVersion: triggers.tekton.dev/v1beta1 +kind: TriggerBinding +metadata: + name: symfonybuild-binding +spec: + params: + - name: url + value: $(body.repository.clone_url) + - name: revision + value: $(body.release.target_commitish) + - name: image + value: reg.cadoles.com/$(body.repository.full_name) + - name: tag + value: $(body.release.target_commitish)-$(body.release.tag_name) + - name: apiurl + value: $(body.release.url) + - name: requestid + value: $(body.release.id) + diff --git a/kustomization/base/tekton/trigger/imagebuild-template.yaml b/kustomization/base/tekton/trigger/imagebuild-template.yaml new file mode 100644 index 0000000..e2813a8 --- /dev/null +++ b/kustomization/base/tekton/trigger/imagebuild-template.yaml @@ -0,0 +1,56 @@ +apiVersion: triggers.tekton.dev/v1beta1 +kind: TriggerTemplate +metadata: + name: imagebuild-template +spec: + params: + - name: url + - name: revision + - name: image + - name: apiurl + - name: requestid + resourcetemplates: + - apiVersion: tekton.dev/v1beta1 + kind: PipelineRun + metadata: + generateName: imagebuild-run- + namespace: tekton + spec: + serviceAccountName: build-bot + pipelineRef: + name: imagebuild + podTemplate: + securityContext: + fsGroup: 65532 + workspaces: + - name: shared-data + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + - name: config + configmap: + name: config-phpcsfixer + - name: docker-credentials + secret: + secretName: regcred + params: + - name: url + value: $(tt.params.url) + - name: revision + value: $(tt.params.revision) + - name: image + value: $(tt.params.image) + - name: apiurl + value: $(tt.params.apiurl) + - name: requesttype + value: "release" + - name: requestid + value: $(tt.params.requestid) + - name: access_token + value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee + - name: dockerfile + value: misc/k8s/images/portal diff --git a/kustomization/base/tekton/trigger/msebuild-binding.yaml b/kustomization/base/tekton/trigger/msebuild-binding.yaml new file mode 100644 index 0000000..e050b8a --- /dev/null +++ b/kustomization/base/tekton/trigger/msebuild-binding.yaml @@ -0,0 +1,17 @@ +apiVersion: triggers.tekton.dev/v1beta1 +kind: TriggerBinding +metadata: + name: symfonybuild-binding +spec: + params: + - name: url + value: $(body.repository.clone_url) + - name: revision + value: $(body.release.target_commitish) + - name: tag + value: $(body.release.target_commitish)-$(body.release.tag_name) + - name: apiurl + value: $(body.release.url) + - name: requestid + value: $(body.release.id) + diff --git a/kustomization/base/tekton/trigger/msebuild-template.yaml b/kustomization/base/tekton/trigger/msebuild-template.yaml new file mode 100644 index 0000000..ec98e47 --- /dev/null +++ b/kustomization/base/tekton/trigger/msebuild-template.yaml @@ -0,0 +1,58 @@ +apiVersion: triggers.tekton.dev/v1beta1 +kind: TriggerTemplate +metadata: + name: msebuild-template +spec: + params: + - name: url + - name: revision + - name: image + - name: apiurl + - name: requestid + resourcetemplates: + - apiVersion: tekton.dev/v1beta1 + kind: PipelineRun + metadata: + generateName: msebuild-run- + namespace: tekton + spec: + serviceAccountName: build-bot + pipelineRef: + name: msebuild + podTemplate: + securityContext: + fsGroup: 65532 + workspaces: + - name: shared-data + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + - name: config + configmap: + name: config-phpcsfixer + - name: docker-credentials + secret: + secretName: regcred + params: + - name: url + value: $(tt.params.url) + - name: revision + value: $(tt.params.revision) + - name: image + value: portal + - name: tag + value: $(tt.params.tag) + - name: apiurl + value: $(tt.params.apiurl) + - name: requesttype + value: "release" + - name: requestid + value: $(tt.params.requestid) + - name: access_token + value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee + - name: dockerfile + value: misc/k8s/images/portal