first commit

.gitignore

@@ -0,0 +1 @@
+kustomization/base/tekton/secret/secret.yaml

Makefile

@@ -0,0 +1,46 @@
+DESTDIR=./
+
+REG_CRED=$(shell kubectl get secret -n tekton -l type=regcred -o jsonpath='{.items[0].metadata.name}')
+SUBNET=$(shell docker network inspect kind --format '{{ (index .IPAM.Config 0).Subnet }}')
+BASEIP=$(shell docker network inspect kind --format '{{ (index .IPAM.Config 0).Subnet }}' | cut -d "/" -f 1)
+
+.PHONY: help
+help:
+	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
+
+.PHONY: deploy
+create-cluster: ## Créer un cluster kubernetes avec Kind
+	kind create cluster --name tekton --config kind/kind-tekton.yaml
+	make setup-cluster
+	@echo "SubNet Docker :" $(SUBNET)
+	@echo -e " \x1b[32m✓\x1b[0m Cluster Kind déployé"
+
+.PHONY: setup-cluster
+setup-cluster:
+	kubectl apply -k kind/cluster --server-side
+	kubectl --namespace ingress-nginx rollout status --timeout 5m deployment/ingress-nginx-controller
+	kubectl --namespace metallb-system rollout status --timeout 5m deployment controller
+
+	sed -i "/mse.dev.local/ s/.*/            $(BASEIP)\tmse.dev.local/g" kind/cluster/coredns/custom-dns.yaml
+	kubectl apply -f kind/cluster/coredns/custom-dns.yaml
+	kubectl -n kube-system rollout restart deployment/coredns
+	kubectl -n kube-system rollout status --timeout 5m deployment/coredns
+	@yq -y -i ".spec.addresses = [\"$(SUBNET)\"]" kind/cluster/lb/resources/ipaddresspoool.yaml
+	kubectl apply -k kind/cluster/lb --server-side
+
+ssh-secret:
+	cp kustomization/overlays/dev/resources/tekton/secret/secret.yaml.distkustomization/overlays/dev/resources/tekton/secret/secret.yaml
+
+deploy-dev: ## Déploie le projet dans le cluster (nécessite la variable $HARBOR_USER_NAME)
+	skaffold dev -p dev --cleanup=false --default-repo reg.cadoles.com/${HARBOR_USER_NAME}
+
+delete-cluster: ## Supprime le cluster kubernetes Kind
+	kind delete clusters tekton
+
+
+
+.mktools:
+	rm -rf .mktools
+	curl -q https://forge.cadoles.com/Cadoles/mktools/raw/branch/master/install.sh | $(SHELL)
+
+-include .mktools/*.mk

README.md

@@ -0,0 +1,15 @@
+# MSE Tekton
+
+CI du projet MSE
+
+
+[Documentation](doc/tekton.md)
+
+
+### Lancement de l'environnement
+
+```
+make create-cluster
+
+skaffold dev
+```

doc/tekton.md

@@ -0,0 +1,21 @@
+### Accès au Dashboard
+[Doc Tekton](https://tekton.dev/docs/dashboard/install/)
+
+On crée un port-forward pour accéder au dashboard
+
+```
+kubectl --namespace tekton-pipelines port-forward svc/tekton-dashboard 9097:9097
+```
+
+### Lancement du pipeline
+
+```
+kubectl create -f kustomization/base/tekton/pipeline/pipelinerun.yaml
+```
+
+### Lister et voir les logs des pipelines
+
+```
+tkn pipelinerun list
+tkn pipelinerun logs clone-read-run-dqwcx -f
+```

kind/cluster/coredns/custom-dns.yaml

@@ -0,0 +1,31 @@
+apiVersion: v1
+data:
+  Corefile: |
+    .:53 {
+        errors
+        health {
+           lameduck 5s
+        }
+        ready
+        kubernetes cluster.local in-addr.arpa ip6.arpa {
+           pods insecure
+           fallthrough in-addr.arpa ip6.arpa
+           ttl 30
+        }
+        prometheus :9153
+        forward . /etc/resolv.conf
+        cache 30
+        loop
+        reload
+        loadbalance
+        hosts {
+            # Liste des noms de dommaine à résoudre dans le cluster.local
+            172.18.0.0	mse.dev.local
+
+            fallthrough
+        }
+    }
+kind: ConfigMap
+metadata:
+  name: coredns
+  namespace: kube-system

kind/cluster/kustomization.yaml

@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- https://raw.githubusercontent.com/ory/k8s/v0.30.0/helm/charts/hydra-maester/crds/crd-oauth2clients.yaml
+- https://forge.cadoles.com/CadolesKube/c-kustom//base/cloudnative-pg-operator?ref=develop
+- https://forge.cadoles.com/CadolesKube/c-kustom//base/redis?ref=develop
+- https://forge.cadoles.com/CadolesKube/c-kustom//base/minio?ref=develop
+- https://forge.cadoles.com/CadolesKube/c-kustom//base/metallb?ref=develop
+- https://forge.cadoles.com/CadolesKube/c-kustom//base/nginx?ref=develop
+- https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
+- https://storage.googleapis.com/tekton-releases/dashboard/latest/release.yaml
+

kind/cluster/lb/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: metallb-system
+
+resources:
+- ./resources/ipaddresspoool.yaml
+- ./resources/advertise.yaml

kind/cluster/lb/resources/advertise.yaml

@@ -0,0 +1,9 @@
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+  name: l2-ip-pool-ad
+  namespace: metallb-system
+spec:
+  ipAddressPools:
+  - main-pool
+

kind/cluster/lb/resources/ipaddresspoool.yaml

@@ -0,0 +1,8 @@
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: main-pool
+  namespace: metallb-system
+spec:
+  addresses:
+    - 172.18.0.0/16

kind/kind-tekton.yaml

@@ -0,0 +1,45 @@
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+name: tekton
+nodes:
+- role: control-plane
+  image: kindest/node:v1.27.2
+  kubeadmConfigPatches:
+  - |
+    kind: InitConfiguration
+    nodeRegistration:
+      kubeletExtraArgs:
+        node-labels: "ingress-ready=true"
+  extraPortMappings:
+  - containerPort: 31000
+    hostPort: 31000
+    listenAddress: "0.0.0.0" # Optional, defaults to "0.0.0.0"
+  - containerPort: 80
+    hostPort: 8080
+    listenAddress: "0.0.0.0" # Optional, defaults to "0.0.0.0"
+  labels:
+    ingress-ready: true
+- role: worker
+  image: kindest/node:v1.27.2
+  kubeadmConfigPatches:
+  - |
+    kind: JoinConfiguration
+    nodeRegistration:
+      kubeletExtraArgs:
+        system-reserved: memory=2Gi
+- role: worker
+  image: kindest/node:v1.27.2
+  kubeadmConfigPatches:
+  - |
+    kind: JoinConfiguration
+    nodeRegistration:
+      kubeletExtraArgs:
+        system-reserved: memory=2Gi
+- role: worker
+  image: kindest/node:v1.27.2
+  kubeadmConfigPatches:
+  - |
+    kind: JoinConfiguration
+    nodeRegistration:
+      kubeletExtraArgs:
+        system-reserved: memory=2Gi

kind/scripts/init-kind.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+
+
+${ENGINE} create cluster --config kind/kind-mse.yaml
+sleep 5
+kubectl apply -k kind/cluster --server-side
+sleep 5
+docker network inspect kind | jq '.[0].IPAM.Config[0].Subnet' -r
+echo "Si tout est ok :"
+echo "kubectl apply -k kind/cluster/lb --server-side"
+echo "skaffold dev -p dev --cleanup=false "
+

kustomization/base/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- tekton/

kustomization/base/tekton/configmap/configmap-php-cs-fixer.yaml

@@ -0,0 +1,47 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: config-php-cs-fixer
+data:
+  .php-cs-fixer.dist.php: |
+    <?php
+    $finder = PhpCsFixer\Finder::create()
+        ->in(__DIR__.'/src')
+        ->name('*.php');
+    // TODO: Définir les règles de style communes
+    // spécifiques au projet
+    return (new PhpCsFixer\Config())
+        ->setRules([
+            '@Symfony' => true,
+            'concat_space' => ['spacing' => 'none'],
+            'array_syntax' => ['syntax' => 'short'],
+            'combine_consecutive_issets' => true,
+            'explicit_indirect_variable' => true,
+            'no_useless_return' => true,
+            'ordered_imports' => true,
+            'no_unused_imports' => true,
+            'no_spaces_after_function_name' => true,
+            'no_spaces_inside_parenthesis' => true,
+            'ternary_operator_spaces' => true,
+            'class_definition' => ['single_line' => true],
+            'whitespace_after_comma_in_array' => true,
+            // phpdoc
+            'phpdoc_add_missing_param_annotation' => ['only_untyped' => true],
+            'phpdoc_order' => true,
+            'phpdoc_types_order' => [
+                'null_adjustment' => 'always_last',
+                'sort_algorithm' => 'alpha',
+            ],
+            'phpdoc_no_empty_return' => false,
+            'phpdoc_summary' => false,
+            'general_phpdoc_annotation_remove' => [
+                'annotations' => [
+                    'expectedExceptionMessageRegExp',
+                    'expectedException',
+                    'expectedExceptionMessage',
+                    'author',
+                ],
+            ],
+        ])
+        ->setFinder($finder);
+

kustomization/base/tekton/file/.php-cs-fixer.dist.php

@@ -0,0 +1,45 @@
+<?php
+
+$finder = PhpCsFixer\Finder::create()
+    ->in(__DIR__.'/src')
+    ->name('*.php')
+;
+
+// TODO: Définir les règles de style communes
+// spécifiques au projet
+return (new PhpCsFixer\Config())
+    ->setRules([
+        '@Symfony' => true,
+        'concat_space' => ['spacing' => 'none'],
+        'array_syntax' => ['syntax' => 'short'],
+        'combine_consecutive_issets' => true,
+        'explicit_indirect_variable' => true,
+        'no_useless_return' => true,
+        'ordered_imports' => true,
+        'no_unused_imports' => true,
+        'no_spaces_after_function_name' => true,
+        'no_spaces_inside_parenthesis' => true,
+        'ternary_operator_spaces' => true,
+        'class_definition' => ['single_line' => true],
+        'whitespace_after_comma_in_array' => true,
+
+        // phpdoc
+        'phpdoc_add_missing_param_annotation' => ['only_untyped' => true],
+        'phpdoc_order' => true,
+        'phpdoc_types_order' => [
+            'null_adjustment' => 'always_last',
+            'sort_algorithm' => 'alpha',
+        ],
+        'phpdoc_no_empty_return' => false,
+        'phpdoc_summary' => false,
+        'general_phpdoc_annotation_remove' => [
+            'annotations' => [
+                'expectedExceptionMessageRegExp',
+                'expectedException',
+                'expectedExceptionMessage',
+                'author',
+            ],
+        ],
+    ])
+    ->setFinder($finder)
+;

kustomization/base/tekton/kustomization.yaml

@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: tekton
+resources:
+- namespace/namespace.yaml
+- configmap/configmap-php-cs-fixer.yaml
+- pipeline/pipeline.yaml
+- secret/secret.yaml
+- serviceaccount/service-account.yaml
+- https://raw.githubusercontent.com/tektoncd/catalog/main/task/git-clone/0.9/git-clone.yaml
+- task/show-readme.yaml
+- task/php-cs-fixer.yaml
+- task/php-security-check.yaml

kustomization/base/tekton/namespace/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: tekton

kustomization/base/tekton/pipeline/pipeline.yaml

@@ -0,0 +1,50 @@
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+  name: clone-read
+spec:
+  description: | 
+    This pipeline clones a git repo, then echoes the README file to the stout.
+  params:
+  - name: repo-url
+    type: string
+    description: The git repo URL to clone from.
+  workspaces:
+  - name: shared-data
+    description: | 
+      This workspace contains the cloned repo files, so they can be read by the
+      next task.
+  tasks:
+  - name: fetch-source
+    taskRef:
+      name: git-clone
+    workspaces:
+    - name: output
+      workspace: shared-data
+    params:
+    - name: url
+      value: $(params.repo-url)
+
+  - name: show-readme
+    runAfter: ["fetch-source"]
+    taskRef:
+      name: show-readme
+    workspaces:
+    - name: source
+      workspace: shared-data
+
+  - name: php-security-check
+    runAfter: ["fetch-source"]
+    taskRef:
+      name: php-security-check
+    workspaces:
+    - name: source
+      workspace: shared-data
+
+  - name: php-cs-fixer
+    runAfter: ["fetch-source"]
+    taskRef:
+      name: php-cs-fixer
+    workspaces:
+    - name: source
+      workspace: shared-data

kustomization/base/tekton/pipeline/pipelinerun.yaml

@@ -0,0 +1,24 @@
+apiVersion: tekton.dev/v1beta1
+kind: PipelineRun
+metadata:
+  generateName: clone-read-run-
+spec:
+  serviceAccountName: build-bot
+  pipelineRef:
+    name: clone-read
+  podTemplate:
+    securityContext:
+      fsGroup: 65532
+  workspaces:
+  - name: shared-data
+    volumeClaimTemplate:
+      spec:
+        accessModes:
+        - ReadWriteOnce
+        resources:
+          requests:
+            storage: 1Gi
+  params:
+  - name: repo-url
+    value: https://forge.cadoles.com/Cadoles/hydra-dispatcher.git
+  

kustomization/base/tekton/secret/secret.yaml.dist

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: ssh-key
+  annotations:
+    tekton.dev/git-0: forge.cadoles.com # Described below
+type: kubernetes.io/ssh-auth
+stringData:
+  ssh-privatekey: ""
+  # This is non-standard, but its use is encouraged to make this more secure.
+  # If it is not provided then the git server's public key will be requested
+  # when the repo is first fetched.

kustomization/base/tekton/serviceaccount/service-account.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: build-bot
+secrets:
+  - name: basic-auth

kustomization/base/tekton/task/php-cs-fixer.yaml

@@ -0,0 +1,22 @@
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: php-cs-fixer
+spec:
+  description: PHP-CS-Fixer on modified code
+  workspaces:
+  - name: source
+  steps:
+  - name: read
+    image:  ghcr.io/php-cs-fixer/php-cs-fixer:3-php8.3
+    volumeMounts:
+      - name: config-php-cs-fixer
+        mountPath: "/conf/"
+    args:
+    - --dry-run
+    - fix
+  
+  volumes:
+    - name: config-php-cs-fixer
+      configMap:
+        name: config-php-cs-fixer

kustomization/base/tekton/task/php-security-check.yaml

@@ -0,0 +1,19 @@
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: php-security-check
+spec:
+  description: Check PHP security issues
+  workspaces:
+  - name: source
+  steps:
+  - name: check
+    image:  alpine:latest
+    script: | 
+      #!/bin/sh
+      export PHP_SECURITY_CHECKER_VERSION=1.0.0
+      export ARG JQ_VERSION=1.6
+      wget -O /usr/local/bin/local-php-security-checker https://github.com/fabpot/local-php-security-checker/releases/download/v${PHP_SECURITY_CHECKER_VERSION}/local-php-security-checker_${PHP_SECURITY_CHECKER_VERSION}_linux_amd64 \
+      && chmod +x /usr/local/bin/local-php-security-checker
+      cd $(workspaces.source.path)
+      local-php-security-checker --format=markdown || true

kustomization/base/tekton/task/show-readme.yaml

@@ -0,0 +1,14 @@
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: show-readme
+spec:
+  description: Read and display README file.
+  workspaces:
+  - name: source
+  steps:
+  - name: read
+    image: alpine:latest
+    script: | 
+      #!/usr/bin/env sh
+      cat $(workspaces.source.path)/README.md

skaffold.yaml

@@ -0,0 +1,11 @@
+apiVersion: skaffold/v3
+kind: Config
+
+metadata:
+  name: tekton
+
+manifests:
+  kustomize:
+    paths:
+    - kustomization/base
+