ajout secrets, multipipeline, récupération query param, tagging image
This commit is contained in:
parent
1bd773d409
commit
4588441ddb
4
.gitignore
vendored
4
.gitignore
vendored
@ -1,2 +1,4 @@
|
||||
kustomization/base/tekton/secret/secret.yaml
|
||||
kustomization/base/tekton/secret/git-secret.yaml
|
||||
kustomization/base/tekton/secret/ssh-secret.yaml
|
||||
kustomization/base/tekton/secret/dockerconfig/config.json
|
||||
kustomization/base/tekton/secret/gitea-access-token.yaml
|
||||
|
3
Makefile
3
Makefile
@ -28,9 +28,6 @@ setup-cluster:
|
||||
@yq -i ".spec.addresses = [\"$(SUBNET)\"]" kind/cluster/lb/resources/ipaddresspoool.yaml
|
||||
kubectl apply -k kind/cluster/lb --server-side
|
||||
|
||||
ssh-secret:
|
||||
cp kustomization/base/tekton/secret/secret.yaml.dist kustomization/base/tekton/secret/secret.yaml
|
||||
|
||||
docker-secret:
|
||||
docker login reg.cadoles.com
|
||||
mkdir -p kustomization/base/tekton/secret/dockerconfig
|
||||
|
@ -12,10 +12,14 @@ skaffold dev --cleanup=false
|
||||
```
|
||||
|
||||
#### Préparer les secrets
|
||||
Editer le fichier `kustomization/base/tekton/secret/secret.yaml` avec les identifiants git
|
||||
Créer les fichiers :
|
||||
- `kustomization/base/tekton/secret/git-secret.yaml`
|
||||
- `kustomization/base/tekton/secret/ssh-secret.yaml`
|
||||
- `kustomization/base/tekton/secret/gitea-access-token.yaml`
|
||||
en renseignant et en copiant les fichier `.dist` correspondants
|
||||
|
||||
Généré le secret docker
|
||||
```
|
||||
make ssh-secret
|
||||
make docker-secret
|
||||
```
|
||||
|
||||
|
@ -10,9 +10,17 @@ spec:
|
||||
- ref:
|
||||
name: "cel"
|
||||
params:
|
||||
# Filtre par événement
|
||||
- name: "filter"
|
||||
value: "body.action != 'deleted'"
|
||||
# Récupération du queryParam registry
|
||||
- name: "overlays"
|
||||
value:
|
||||
- key: registry
|
||||
expression: "requestURL.parseURL().query['registry']"
|
||||
bindings:
|
||||
- ref: msebuild-binding
|
||||
- name: registry
|
||||
value: $(extensions.registry)
|
||||
template:
|
||||
ref: msebuild-template
|
||||
|
24
kustomization/base/tekton/ingress/dashboard.yaml
Normal file
24
kustomization/base/tekton/ingress/dashboard.yaml
Normal file
@ -0,0 +1,24 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: dashboard
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
rules:
|
||||
- host: tekton.local
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: tekton-dashboard
|
||||
port:
|
||||
number: 9097
|
||||
- path: /msebuild
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: el-msebuild
|
||||
port:
|
||||
number: 9000
|
@ -3,7 +3,9 @@ kind: Kustomization
|
||||
namespace: tekton
|
||||
resources:
|
||||
- namespace/namespace.yaml
|
||||
- secret/secret.yaml
|
||||
- secret/git-secret.yaml
|
||||
- secret/ssh-secret.yaml
|
||||
- secret/gitea-access-token.yaml
|
||||
- serviceaccount/service-account.yaml
|
||||
- serviceaccount/rbac.yaml
|
||||
- configmap/configmap-phpcsfixer.yaml
|
||||
@ -22,7 +24,6 @@ resources:
|
||||
- task/symfonyapp/phpunittest.yaml
|
||||
|
||||
# Pipelines
|
||||
- pipeline/msebuild.yaml
|
||||
- pipeline/imagebuild.yaml
|
||||
- pipeline/symfonycheck.yaml
|
||||
|
||||
@ -39,3 +40,5 @@ resources:
|
||||
- event/imagebuild.yaml
|
||||
- event/symfonycheck.yaml
|
||||
|
||||
# Ingress
|
||||
# - ingress/dashboard.yaml
|
||||
|
@ -15,35 +15,32 @@ spec:
|
||||
- name: image
|
||||
type: string
|
||||
description: The image to build.
|
||||
- name: tag
|
||||
type: string
|
||||
description: The image tag.
|
||||
- name: dockerfile
|
||||
type: string
|
||||
description: Path to the Dockerfile to build.
|
||||
- name: registry
|
||||
description: Registry of the Docker image
|
||||
- name: apiurl
|
||||
type: string
|
||||
description: The gitea api url.
|
||||
- name: requesttype
|
||||
type: string
|
||||
description: The gitea request type = pullrequet or release
|
||||
description: The gitea request type = "pullrequest / release".
|
||||
- name: requestid
|
||||
type: string
|
||||
description: The gitea request id.
|
||||
- name: access_token
|
||||
type: string
|
||||
description: The gitea access_token id.
|
||||
- name: dockerfile
|
||||
type: string
|
||||
description: Path to the Dockerfile to build.
|
||||
|
||||
|
||||
workspaces:
|
||||
- name: shared-data
|
||||
- name: config
|
||||
- name: docker-credentials
|
||||
- name: git-credentials
|
||||
- name: gitea-access-token
|
||||
|
||||
tasks:
|
||||
# ⭐ Image Tag Formater
|
||||
- name: imageformater
|
||||
taskRef:
|
||||
name: imageformater
|
||||
params:
|
||||
- name: image
|
||||
value: $(params.image)
|
||||
|
||||
# 📥 Clone du repo git
|
||||
- name: gitclone
|
||||
@ -52,6 +49,8 @@ spec:
|
||||
workspaces:
|
||||
- name: output
|
||||
workspace: shared-data
|
||||
- name: ssh-directory
|
||||
workspace: git-credentials
|
||||
params:
|
||||
- name: url
|
||||
value: $(params.url)
|
||||
@ -62,14 +61,26 @@ spec:
|
||||
- name: depth
|
||||
value: '50'
|
||||
|
||||
# ⭐ Image Tag Formater
|
||||
- name: imageformater
|
||||
taskRef:
|
||||
name: imageformater
|
||||
runAfter: ["gitclone"]
|
||||
workspaces:
|
||||
- name: source
|
||||
workspace: shared-data
|
||||
params:
|
||||
- name: revision
|
||||
value: $(params.revision)
|
||||
|
||||
# 🔨 Build de l'image
|
||||
- name: kaniko-build
|
||||
taskRef:
|
||||
name: kaniko
|
||||
runAfter: ["gitclone"]
|
||||
runAfter: ["imageformater"]
|
||||
params:
|
||||
- name: IMAGE
|
||||
value: $(tasks.imageformater.results.imagetag)
|
||||
value: $(params.registry)/$(params.image):$(tasks.imageformater.results.imagetag)
|
||||
- name: BUILDER_IMAGE
|
||||
value: gcr.io/kaniko-project/executor:v1.20.0
|
||||
- name: DOCKERFILE
|
||||
@ -80,7 +91,7 @@ spec:
|
||||
- --insecure
|
||||
- --no-push
|
||||
- --tarPath=$(workspaces.source.path)/image.tar
|
||||
- --destination=$(tasks.imageformater.results.imagetag)
|
||||
- --destination=$(params.registry)/$(params.image):$(tasks.imageformater.results.imagetag)
|
||||
workspaces:
|
||||
- name: source
|
||||
workspace: shared-data
|
||||
@ -101,6 +112,27 @@ spec:
|
||||
runAfter:
|
||||
- kaniko-build
|
||||
|
||||
# 📨 Envoyer du resulat de trivy à gitea
|
||||
- name: trivy-giteacomment
|
||||
taskRef:
|
||||
name: giteacomment
|
||||
workspaces:
|
||||
- name: source
|
||||
workspace: shared-data
|
||||
- name: gitea-access-token
|
||||
workspace: gitea-access-token
|
||||
params:
|
||||
- name: apiurl
|
||||
value: $(params.apiurl)
|
||||
- name: requestid
|
||||
value: $(params.requestid)
|
||||
- name: title
|
||||
value: "TRIVY"
|
||||
- name: filepath
|
||||
value: "temp_trivy.txt"
|
||||
runAfter:
|
||||
- trivy-scan
|
||||
|
||||
# 🚀 Publication de l'image
|
||||
- name: publish
|
||||
taskRef:
|
||||
@ -111,11 +143,17 @@ spec:
|
||||
- name: dockerconfig
|
||||
workspace: docker-credentials
|
||||
params:
|
||||
- name: IMAGE
|
||||
- name: IMAGE_TAG
|
||||
value: $(tasks.imageformater.results.imagetag)
|
||||
- name: IMAGE
|
||||
value: $(params.image)
|
||||
- name: REGISTRY
|
||||
value: $(params.registry)
|
||||
runAfter:
|
||||
- trivy-scan
|
||||
|
||||
|
||||
|
||||
finally:
|
||||
# 🧹 Cleanup
|
||||
- name: cleanup-workspace
|
||||
|
@ -1,102 +0,0 @@
|
||||
apiVersion: tekton.dev/v1beta1
|
||||
kind: Pipeline
|
||||
metadata:
|
||||
name: imagebuild
|
||||
spec:
|
||||
description: |
|
||||
This pipeline clones a git repo, then echoes the README file to the stout.
|
||||
params:
|
||||
- name: url
|
||||
type: string
|
||||
description: The git repo URL to clone from.
|
||||
- name: revision
|
||||
type: string
|
||||
description: The git repo branch to checkout.
|
||||
- name: image
|
||||
type: string
|
||||
description: The image to build.
|
||||
- name: apiurl
|
||||
type: string
|
||||
description: The gitea api url.
|
||||
- name: requesttype
|
||||
type: string
|
||||
description: The gitea request type = pullrequet or release
|
||||
- name: requestid
|
||||
type: string
|
||||
description: The gitea request id.
|
||||
- name: access_token
|
||||
type: string
|
||||
description: The gitea access_token id.
|
||||
- name: dockerfile
|
||||
type: string
|
||||
description: Path to the Dockerfile to build.
|
||||
|
||||
workspaces:
|
||||
- name: shared-data
|
||||
- name: config
|
||||
- name: docker-credentials
|
||||
|
||||
tasks:
|
||||
- name: portal
|
||||
pipelineRef:
|
||||
name: imagebuild
|
||||
params:
|
||||
- name: dockerfile
|
||||
value: misc/k8s/images/portal
|
||||
- name: image
|
||||
value: reg.cadoles.com/portal
|
||||
|
||||
- name: job-base
|
||||
pipelineRef:
|
||||
name: imagebuild
|
||||
params:
|
||||
- name: dockerfile
|
||||
value: misc/k8s/images/job-base
|
||||
- name: image
|
||||
value: reg.cadoles.com/job-base
|
||||
|
||||
- name: mock
|
||||
pipelineRef:
|
||||
name: imagebuild
|
||||
params:
|
||||
- name: dockerfile
|
||||
value: misc/k8s/images/mock
|
||||
- name: image
|
||||
value: reg.cadoles.com/mock
|
||||
|
||||
- name: ines
|
||||
pipelineRef:
|
||||
name: imagebuild
|
||||
params:
|
||||
- name: dockerfile
|
||||
value: misc/k8s/images/ines
|
||||
- name: image
|
||||
value: reg.cadoles.com/ines
|
||||
|
||||
- name: shibboleth-sp
|
||||
pipelineRef:
|
||||
name: imagebuild
|
||||
params:
|
||||
- name: dockerfile
|
||||
value: misc/k8s/images/sp
|
||||
- name: image
|
||||
value: reg.cadoles.com/shibboleth-sp
|
||||
|
||||
- name: hydra-dispatcher-mse-theme
|
||||
pipelineRef:
|
||||
name: imagebuild
|
||||
params:
|
||||
- name: dockerfile
|
||||
value: misc/k8s/images/hydra-dispatcher-mse-theme
|
||||
- name: image
|
||||
value: reg.cadoles.com/hydra-dispatcher-mse-theme
|
||||
|
||||
- name: hydra-sql-mse-theme
|
||||
pipelineRef:
|
||||
name: imagebuild
|
||||
params:
|
||||
- name: dockerfile
|
||||
value: misc/k8s/images/hydra-sql-mse-theme
|
||||
- name: image
|
||||
value: reg.cadoles.com/hydra-sql-mse-theme
|
||||
|
@ -12,6 +12,9 @@ spec:
|
||||
- name: revision
|
||||
type: string
|
||||
description: The git repo branch to checkout.
|
||||
- name: destination
|
||||
type: string
|
||||
description: The branch to merge to.
|
||||
- name: apiurl
|
||||
type: string
|
||||
description: The gitea api url.
|
||||
@ -84,6 +87,9 @@ spec:
|
||||
workspace: shared-data
|
||||
- name: config
|
||||
workspace: config
|
||||
params:
|
||||
- name: destination
|
||||
value: $(params.destination)
|
||||
|
||||
# ⭐ Execution des tests unitaires avec une BDD en sidecar
|
||||
- name: phpunittest
|
||||
@ -152,25 +158,6 @@ spec:
|
||||
- name: filepath
|
||||
value: "temp_phpsecuritychecker.txt"
|
||||
|
||||
# 📨 Envoyer du resulat de trivy à gitea
|
||||
- name: trivy-giteacomment
|
||||
taskRef:
|
||||
name: giteacomment
|
||||
workspaces:
|
||||
- name: source
|
||||
workspace: shared-data
|
||||
params:
|
||||
- name: apiurl
|
||||
value: $(params.apiurl)
|
||||
- name: requestid
|
||||
value: $(params.requestid)
|
||||
- name: access_token
|
||||
value: $(params.access_token)
|
||||
- name: title
|
||||
value: "TRIVY"
|
||||
- name: filepath
|
||||
value: "temp_trivy.txt"
|
||||
|
||||
# 🧹 Cleanup
|
||||
- name: cleanup-workspace
|
||||
taskRef:
|
||||
|
@ -1,12 +1,12 @@
|
||||
apiVersion: tekton.dev/v1beta1
|
||||
kind: PipelineRun
|
||||
metadata:
|
||||
generateName: symfonyapp-run-
|
||||
generateName: msebuild-run-
|
||||
namespace: tekton
|
||||
spec:
|
||||
serviceAccountName: build-bot
|
||||
pipelineRef:
|
||||
name: symfonyapp
|
||||
name: msebuild
|
||||
podTemplate:
|
||||
securityContext:
|
||||
fsGroup: 65532
|
||||
@ -26,14 +26,14 @@ spec:
|
||||
secret:
|
||||
secretName: regcred
|
||||
params:
|
||||
- name: repo-url
|
||||
- name: image
|
||||
value: reg.cadoles.com/mlamalle/testtekton
|
||||
- name: tag
|
||||
value: test
|
||||
- name: dockerfile
|
||||
value: ./misc/k8s/images/job-base/Dockerfile
|
||||
- name: url
|
||||
value: https://forge.cadoles.com/CNOUS/mse.git
|
||||
- name: revision
|
||||
value: sprint-6
|
||||
- name: destination
|
||||
value: k8s
|
||||
- name: image
|
||||
value: reg.cadoles.com/mlamalle/testtekton
|
||||
- name: dockerfile
|
||||
value: ./misc/k8s/images/job-base/Dockerfile
|
||||
|
||||
|
@ -0,0 +1,6 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: gitea-access-token
|
||||
data:
|
||||
access_token: <base64 gitea access token>
|
7
kustomization/base/tekton/secret/ssh-secret.yaml.dist
Normal file
7
kustomization/base/tekton/secret/ssh-secret.yaml.dist
Normal file
@ -0,0 +1,7 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: git-credentials
|
||||
data:
|
||||
id_ed25519: <base64 ssh private key>
|
||||
known_hosts: <base64 known_host>
|
@ -7,9 +7,16 @@ spec:
|
||||
- name: source
|
||||
- name: dockerconfig
|
||||
params:
|
||||
- name: IMAGE_TAG
|
||||
type: string
|
||||
description: "The image to push."
|
||||
- name: IMAGE
|
||||
type: string
|
||||
description: "The image to push."
|
||||
- name: REGISTRY
|
||||
description: Docker Registry
|
||||
|
||||
|
||||
steps:
|
||||
- name: push-image-tar
|
||||
image: gcr.io/go-containerregistry/crane:debug
|
||||
@ -25,7 +32,7 @@ spec:
|
||||
echo ""
|
||||
echo "== PUSH IMAGE ==================================="
|
||||
|
||||
crane push $(workspaces.source.path)/image.tar $(params.IMAGE)
|
||||
crane push $(workspaces.source.path)/image.tar $(params.REGISTRY)/$(params.IMAGE):$(params.IMAGE_TAG)
|
||||
|
||||
echo ""
|
||||
echo ""
|
||||
|
@ -6,10 +6,10 @@ spec:
|
||||
description: Send file content to a comment of the pullrequest gitea
|
||||
workspaces:
|
||||
- name: source
|
||||
- name: gitea-access-token
|
||||
params:
|
||||
- name: apiurl
|
||||
- name: requestid
|
||||
- name: access_token
|
||||
- name: title
|
||||
- name: filepath
|
||||
steps:
|
||||
@ -37,7 +37,9 @@ spec:
|
||||
|
||||
RESULT=$(cat $(params.filepath))
|
||||
rm -f $(params.filepath)
|
||||
APIURL=$(params.apiurl)/issues/$(params.requestid)/comments?access_token=$(params.access_token)
|
||||
TOKEN_PATH="$(workspaces.gitea-access-token.path)"
|
||||
GITEA_ACCESS_TOKEN="$(cat ${TOKEN_PATH}/access_token)"
|
||||
APIURL=$(params.apiurl)/issues/$(params.requestid)/comments?access_token=${GITEA_ACCESS_TOKEN}
|
||||
RESULT_ESCAPED=$(jq --null-input --arg result "${RESULT}" '$result')
|
||||
BODY="{\"body\": ${RESULT_ESCAPED}}"
|
||||
echo ${BODY}
|
||||
|
@ -4,31 +4,32 @@ metadata:
|
||||
name: imageformater
|
||||
spec:
|
||||
description: transform image name to standart name
|
||||
workspaces:
|
||||
- name: source
|
||||
params:
|
||||
- name: image
|
||||
- name: tag
|
||||
- name: revision
|
||||
results:
|
||||
- name: imagetag
|
||||
steps:
|
||||
- name: exec
|
||||
image: alpine
|
||||
command:
|
||||
- /bin/sh
|
||||
args:
|
||||
- '-c'
|
||||
- |
|
||||
#set -e
|
||||
image: alpine:3.19
|
||||
script: |
|
||||
#!/usr/bin/env sh
|
||||
set -eu
|
||||
set +x
|
||||
apk add make curl bash git
|
||||
|
||||
cd $(workspaces.source.path)
|
||||
git config --global --add safe.directory /workspace/source
|
||||
git checkout $(params.revision)
|
||||
set -x
|
||||
echo ""
|
||||
echo "== IMAGE NAME FORMATER ==================================="
|
||||
|
||||
echo "IMAGE TAG BEFORE = $(params.image):$(params.tag)"
|
||||
make .mktools
|
||||
version=$(make mkt-project-version)
|
||||
|
||||
temp="$(params.image):$(params.tag)"
|
||||
lowercase=$(echo "$temp" | awk '{print tolower($0)}')
|
||||
echo "IMAGE TAG AFTER = ${lowercase}"
|
||||
|
||||
echo -n "${lowercase}" > "$(results.imagetag.path)"
|
||||
echo -n "${version}" > "$(results.imagetag.path)"
|
||||
|
||||
echo ""
|
||||
echo ""
|
||||
|
@ -41,32 +41,6 @@ spec:
|
||||
echo ""
|
||||
echo "== SCAN IMAGE ==================================="
|
||||
|
||||
cmd="trivy $* "
|
||||
if [ "$(params.AIR_GAPPED_ENABLED)" = "true" ]; then
|
||||
echo "Air-Gapped mode enabled"
|
||||
TRIVY_TEMP_DIR=$(mktemp -d)
|
||||
trivy --cache-dir "$TRIVY_TEMP_DIR" image --download-db-only
|
||||
tar -cf ./db.tar.gz -C "$TRIVY_TEMP_DIR/db" metadata.json trivy.db
|
||||
rm -rf "$TRIVY_TEMP_DIR"
|
||||
mkdir -p "$HOME"/.cache/trivy/db
|
||||
tar xvf ./db.tar.gz -C "$HOME"/.cache/trivy/db
|
||||
|
||||
cmd="${cmd}--skip-update "
|
||||
fi
|
||||
|
||||
cmd="${cmd}$(params.IMAGE_PATH)"
|
||||
echo "Running trivy task with command below"
|
||||
echo "$cmd"
|
||||
eval "$cmd"
|
||||
trivy image --exit-code 1 --severity CRITICAL --no-progress -o temp_trivy.txt --input $(params.IMAGE_PATH)
|
||||
cat temp_trivy.txt
|
||||
|
||||
args:
|
||||
- "image"
|
||||
- "--exit-code"
|
||||
- "1"
|
||||
- "--severity"
|
||||
- "CRITICAL"
|
||||
- "--no-progress"
|
||||
- "-o"
|
||||
- "temp_trivy.json"
|
||||
- "--input"
|
||||
|
@ -7,6 +7,8 @@ spec:
|
||||
workspaces:
|
||||
- name: source
|
||||
- name: config
|
||||
params:
|
||||
- name: destination
|
||||
steps:
|
||||
- name: exec
|
||||
image: ghcr.io/php-cs-fixer/php-cs-fixer:3-php8.3
|
||||
@ -16,11 +18,16 @@ spec:
|
||||
- '-c'
|
||||
- |
|
||||
#set -e
|
||||
apk add git
|
||||
cd $(workspaces.source.path)
|
||||
git config --global --add safe.directory /workspace/source
|
||||
git fetch origin $(params.destination)
|
||||
CHANGED_FILES=$(git diff --name-only --diff-filter=ACMRTUXB origin/$(params.destination) -- | grep -F ".php" | tr "\n" " ")
|
||||
if ! echo "${CHANGED_FILES}" | grep -qE "^(\\.php-cs-fixer(\\.dist)\\.php?|composer\\.lock)$"; then EXTRA_ARGS=$(printf -- '--path-mode=intersection -- %s' "${CHANGED_FILES}"); else EXTRA_ARGS=''; fi
|
||||
|
||||
echo ""
|
||||
echo "== RUN PHP-CS-FIXER ======================================"
|
||||
EXTRA_ARGS=$(printf -- '--path-mode=intersection -- %s' "${CHANGED_FILES}")
|
||||
|
||||
php-cs-fixer fix --dry-run --config=$(workspaces.config.path)/php-cs-fixer.dist.php ${EXTRA_ARGS} > temp_phpcsfixer.txt 2>&1
|
||||
cat temp_phpcsfixer.txt
|
||||
|
||||
|
@ -1,15 +1,15 @@
|
||||
apiVersion: triggers.tekton.dev/v1beta1
|
||||
kind: TriggerBinding
|
||||
metadata:
|
||||
name: symfonybuild-binding
|
||||
name: imagebuild-binding
|
||||
spec:
|
||||
params:
|
||||
- name: url
|
||||
value: $(body.repository.clone_url)
|
||||
- name: revision
|
||||
value: $(body.release.target_commitish)
|
||||
value: $(body.pull_request.head.ref)
|
||||
- name: image
|
||||
value: reg.cadoles.com/$(body.repository.full_name)
|
||||
value: $(body.repository.full_name)
|
||||
- name: tag
|
||||
value: $(body.release.target_commitish)-$(body.release.tag_name)
|
||||
- name: apiurl
|
||||
|
@ -7,8 +7,13 @@ spec:
|
||||
- name: url
|
||||
- name: revision
|
||||
- name: image
|
||||
- name: tag
|
||||
- name: dockerfile
|
||||
- name: registry
|
||||
- name: apiurl
|
||||
- name: requestid
|
||||
- name: requesttype
|
||||
|
||||
resourcetemplates:
|
||||
- apiVersion: tekton.dev/v1beta1
|
||||
kind: PipelineRun
|
||||
@ -31,26 +36,31 @@ spec:
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
- name: config
|
||||
configmap:
|
||||
name: config-phpcsfixer
|
||||
- name: docker-credentials
|
||||
secret:
|
||||
secretName: regcred
|
||||
- name: git-credentials
|
||||
secret:
|
||||
secretName: git-credentials
|
||||
- name: gitea-access-token
|
||||
secret:
|
||||
secretName: gitea-access-token
|
||||
params:
|
||||
- name: url
|
||||
value: $(tt.params.url)
|
||||
- name: revision
|
||||
value: $(tt.params.revision)
|
||||
- name: image
|
||||
value: $(tt.params.image)
|
||||
value: hydra-sql-theme
|
||||
- name: tag
|
||||
value: $(tt.params.tag)
|
||||
- name: dockerfile
|
||||
value: ./misc/k8s/images/hydra-sql-mse-theme/Dockerfile
|
||||
- name: registry
|
||||
value: $(tt.params.registry)
|
||||
- name: apiurl
|
||||
value: $(tt.params.apiurl)
|
||||
- name: requesttype
|
||||
value: "release"
|
||||
- name: requestid
|
||||
value: $(tt.params.requestid)
|
||||
- name: access_token
|
||||
value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee
|
||||
- name: dockerfile
|
||||
value: misc/k8s/images/portal
|
||||
- name: requesttype
|
||||
value: pullrequest
|
||||
|
@ -1,17 +1,18 @@
|
||||
apiVersion: triggers.tekton.dev/v1beta1
|
||||
kind: TriggerBinding
|
||||
metadata:
|
||||
name: symfonybuild-binding
|
||||
name: msebuild-binding
|
||||
spec:
|
||||
params:
|
||||
- name: url
|
||||
value: $(body.repository.clone_url)
|
||||
- name: revision
|
||||
value: $(body.release.target_commitish)
|
||||
- name: tag
|
||||
value: $(body.release.target_commitish)-$(body.release.tag_name)
|
||||
value: $(body.pull_request.head.ref)
|
||||
- name: image
|
||||
value: $(body.repository.full_name)
|
||||
- name: apiurl
|
||||
value: $(body.release.url)
|
||||
value: $(body.pull_request.base.repo.url)
|
||||
- name: requestid
|
||||
value: $(body.release.id)
|
||||
value: $(body.pull_request.number)
|
||||
|
||||
|
||||
|
@ -7,18 +7,124 @@ spec:
|
||||
- name: url
|
||||
- name: revision
|
||||
- name: image
|
||||
- name: tag
|
||||
- name: dockerfile
|
||||
- name: registry
|
||||
- name: apiurl
|
||||
- name: requestid
|
||||
- name: requesttype
|
||||
|
||||
resourcetemplates:
|
||||
# # Portal
|
||||
# - apiVersion: tekton.dev/v1beta1
|
||||
# kind: PipelineRun
|
||||
# metadata:
|
||||
# generateName: msebuild-portal-run-
|
||||
# namespace: tekton
|
||||
# spec:
|
||||
# serviceAccountName: build-bot
|
||||
# pipelineRef:
|
||||
# name: imagebuild
|
||||
# podTemplate:
|
||||
# securityContext:
|
||||
# fsGroup: 65532
|
||||
# workspaces:
|
||||
# - name: shared-data
|
||||
# volumeClaimTemplate:
|
||||
# spec:
|
||||
# accessModes:
|
||||
# - ReadWriteOnce
|
||||
# resources:
|
||||
# requests:
|
||||
# storage: 1Gi
|
||||
# - name: docker-credentials
|
||||
# secret:
|
||||
# secretName: regcred
|
||||
# - name: git-credentials
|
||||
# secret:
|
||||
# secretName: git-credentials
|
||||
# params:
|
||||
# - name: url
|
||||
# value: $(tt.params.url)
|
||||
# - name: revision
|
||||
# value: $(tt.params.revision)
|
||||
# - name: image
|
||||
# value: portal
|
||||
# - name: tag
|
||||
# value: $(tt.params.tag)
|
||||
# - name: dockerfile
|
||||
# value: ./misc/k8s/images/portal/Dockerfile
|
||||
# - name: registry
|
||||
# value: $(tt.params.registry)
|
||||
# - name: apiurl
|
||||
# value: $(tt.params.apiurl)
|
||||
# - name: requestid
|
||||
# value: $(tt.params.requestid)
|
||||
# - name: requesttype
|
||||
# value: pullrequest
|
||||
# - name: access_token
|
||||
# value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee
|
||||
|
||||
# # Hydra Dispatcher Theme
|
||||
# - apiVersion: tekton.dev/v1beta1
|
||||
# kind: PipelineRun
|
||||
# metadata:
|
||||
# generateName: msebuild-hydra-dispatcher-theme-run-
|
||||
# namespace: tekton
|
||||
# spec:
|
||||
# serviceAccountName: build-bot
|
||||
# pipelineRef:
|
||||
# name: imagebuild
|
||||
# podTemplate:
|
||||
# securityContext:
|
||||
# fsGroup: 65532
|
||||
# workspaces:
|
||||
# - name: shared-data
|
||||
# volumeClaimTemplate:
|
||||
# spec:
|
||||
# accessModes:
|
||||
# - ReadWriteOnce
|
||||
# resources:
|
||||
# requests:
|
||||
# storage: 1Gi
|
||||
# - name: docker-credentials
|
||||
# secret:
|
||||
# secretName: regcred
|
||||
# - name: git-credentials
|
||||
# secret:
|
||||
# secretName: git-credentials
|
||||
# params:
|
||||
# - name: url
|
||||
# value: $(tt.params.url)
|
||||
# - name: revision
|
||||
# value: $(tt.params.revision)
|
||||
# - name: image
|
||||
# value: hydra-dispatcher-theme
|
||||
# - name: tag
|
||||
# value: $(tt.params.tag)
|
||||
# - name: dockerfile
|
||||
# value: ./misc/k8s/images/hydra-dispatcher-mse-theme/Dockerfile
|
||||
# - name: registry
|
||||
# value: $(tt.params.registry)
|
||||
# - name: apiurl
|
||||
# value: $(tt.params.apiurl)
|
||||
# - name: requestid
|
||||
# value: $(tt.params.requestid)
|
||||
# - name: requesttype
|
||||
# value: pullrequest
|
||||
# - name: access_token
|
||||
# value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee
|
||||
|
||||
# Hydra SQL Theme
|
||||
- apiVersion: tekton.dev/v1beta1
|
||||
kind: PipelineRun
|
||||
metadata:
|
||||
generateName: msebuild-run-
|
||||
generateName: msebuild-hydra-sql-theme-run-
|
||||
namespace: tekton
|
||||
spec:
|
||||
serviceAccountName: build-bot
|
||||
pipelineRef:
|
||||
name: msebuild
|
||||
name: imagebuild
|
||||
podTemplate:
|
||||
securityContext:
|
||||
fsGroup: 65532
|
||||
@ -31,28 +137,235 @@ spec:
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
- name: config
|
||||
configmap:
|
||||
name: config-phpcsfixer
|
||||
- name: docker-credentials
|
||||
secret:
|
||||
secretName: regcred
|
||||
- name: git-credentials
|
||||
secret:
|
||||
secretName: git-credentials
|
||||
- name: gitea-access-token
|
||||
secret:
|
||||
secretName: gitea-access-token
|
||||
params:
|
||||
- name: url
|
||||
value: $(tt.params.url)
|
||||
- name: revision
|
||||
value: $(tt.params.revision)
|
||||
- name: image
|
||||
value: portal
|
||||
value: hydra-sql-theme
|
||||
- name: tag
|
||||
value: $(tt.params.tag)
|
||||
- name: dockerfile
|
||||
value: ./misc/k8s/images/hydra-sql-mse-theme/Dockerfile
|
||||
- name: registry
|
||||
value: $(tt.params.registry)
|
||||
- name: apiurl
|
||||
value: $(tt.params.apiurl)
|
||||
- name: requesttype
|
||||
value: "release"
|
||||
- name: requestid
|
||||
value: $(tt.params.requestid)
|
||||
- name: access_token
|
||||
value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee
|
||||
- name: dockerfile
|
||||
value: misc/k8s/images/portal
|
||||
- name: requesttype
|
||||
value: pullrequest
|
||||
|
||||
|
||||
|
||||
# # Job Base
|
||||
# - apiVersion: tekton.dev/v1beta1
|
||||
# kind: PipelineRun
|
||||
# metadata:
|
||||
# generateName: msebuild-job-base-run-
|
||||
# namespace: tekton
|
||||
# spec:
|
||||
# serviceAccountName: build-bot
|
||||
# pipelineRef:
|
||||
# name: imagebuild
|
||||
# podTemplate:
|
||||
# securityContext:
|
||||
# fsGroup: 65532
|
||||
# workspaces:
|
||||
# - name: shared-data
|
||||
# volumeClaimTemplate:
|
||||
# spec:
|
||||
# accessModes:
|
||||
# - ReadWriteOnce
|
||||
# resources:
|
||||
# requests:
|
||||
# storage: 1Gi
|
||||
# - name: docker-credentials
|
||||
# secret:
|
||||
# secretName: regcred
|
||||
# - name: git-credentials
|
||||
# secret:
|
||||
# secretName: git-credentials
|
||||
# params:
|
||||
# - name: url
|
||||
# value: $(tt.params.url)
|
||||
# - name: revision
|
||||
# value: $(tt.params.revision)
|
||||
# - name: image
|
||||
# value: job-base
|
||||
# - name: tag
|
||||
# value: $(tt.params.tag)
|
||||
# - name: dockerfile
|
||||
# value: ./misc/k8s/images/job-base/Dockerfile
|
||||
# - name: registry
|
||||
# value: $(tt.params.registry)
|
||||
# - name: apiurl
|
||||
# value: $(tt.params.apiurl)
|
||||
# - name: requestid
|
||||
# value: $(tt.params.requestid)
|
||||
# - name: requesttype
|
||||
# value: pullrequest
|
||||
# - name: access_token
|
||||
# value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee
|
||||
|
||||
# # Mock
|
||||
# - apiVersion: tekton.dev/v1beta1
|
||||
# kind: PipelineRun
|
||||
# metadata:
|
||||
# generateName: msebuild-mock-run-
|
||||
# namespace: tekton
|
||||
# spec:
|
||||
# serviceAccountName: build-bot
|
||||
# pipelineRef:
|
||||
# name: imagebuild
|
||||
# podTemplate:
|
||||
# securityContext:
|
||||
# fsGroup: 65532
|
||||
# workspaces:
|
||||
# - name: shared-data
|
||||
# volumeClaimTemplate:
|
||||
# spec:
|
||||
# accessModes:
|
||||
# - ReadWriteOnce
|
||||
# resources:
|
||||
# requests:
|
||||
# storage: 1Gi
|
||||
# - name: docker-credentials
|
||||
# secret:
|
||||
# secretName: regcred
|
||||
# - name: git-credentials
|
||||
# secret:
|
||||
# secretName: git-credentials
|
||||
# params:
|
||||
# - name: url
|
||||
# value: $(tt.params.url)
|
||||
# - name: revision
|
||||
# value: $(tt.params.revision)
|
||||
# - name: image
|
||||
# value: mock
|
||||
# - name: tag
|
||||
# value: $(tt.params.tag)
|
||||
# - name: dockerfile
|
||||
# value: ./misc/k8s/images/mock/Dockerfile
|
||||
# - name: registry
|
||||
# value: $(tt.params.registry)
|
||||
# - name: apiurl
|
||||
# value: $(tt.params.apiurl)
|
||||
# - name: requestid
|
||||
# value: $(tt.params.requestid)
|
||||
# - name: requesttype
|
||||
# value: pullrequest
|
||||
# - name: access_token
|
||||
# value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee
|
||||
|
||||
# # Ines
|
||||
# - apiVersion: tekton.dev/v1beta1
|
||||
# kind: PipelineRun
|
||||
# metadata:
|
||||
# generateName: msebuild-ines-run-
|
||||
# namespace: tekton
|
||||
# spec:
|
||||
# serviceAccountName: build-bot
|
||||
# pipelineRef:
|
||||
# name: imagebuild
|
||||
# podTemplate:
|
||||
# securityContext:
|
||||
# fsGroup: 65532
|
||||
# workspaces:
|
||||
# - name: shared-data
|
||||
# volumeClaimTemplate:
|
||||
# spec:
|
||||
# accessModes:
|
||||
# - ReadWriteOnce
|
||||
# resources:
|
||||
# requests:
|
||||
# storage: 1Gi
|
||||
# - name: docker-credentials
|
||||
# secret:
|
||||
# secretName: regcred
|
||||
# - name: git-credentials
|
||||
# secret:
|
||||
# secretName: git-credentials
|
||||
# params:
|
||||
# - name: url
|
||||
# value: $(tt.params.url)
|
||||
# - name: revision
|
||||
# value: $(tt.params.revision)
|
||||
# - name: image
|
||||
# value: ines
|
||||
# - name: tag
|
||||
# value: $(tt.params.tag)
|
||||
# - name: dockerfile
|
||||
# value: ./misc/k8s/images/ines/Dockerfile
|
||||
# - name: registry
|
||||
# value: $(tt.params.registry)
|
||||
# - name: apiurl
|
||||
# value: $(tt.params.apiurl)
|
||||
# - name: requestid
|
||||
# value: $(tt.params.requestid)
|
||||
# - name: requesttype
|
||||
# value: pullrequest
|
||||
# - name: access_token
|
||||
# value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee
|
||||
|
||||
# # Shibboleth-sp
|
||||
# - apiVersion: tekton.dev/v1beta1
|
||||
# kind: PipelineRun
|
||||
# metadata:
|
||||
# generateName: msebuild-shibboleth-sp-run-
|
||||
# namespace: tekton
|
||||
# spec:
|
||||
# serviceAccountName: build-bot
|
||||
# pipelineRef:
|
||||
# name: imagebuild
|
||||
# podTemplate:
|
||||
# securityContext:
|
||||
# fsGroup: 65532
|
||||
# workspaces:
|
||||
# - name: shared-data
|
||||
# volumeClaimTemplate:
|
||||
# spec:
|
||||
# accessModes:
|
||||
# - ReadWriteOnce
|
||||
# resources:
|
||||
# requests:
|
||||
# storage: 1Gi
|
||||
# - name: docker-credentials
|
||||
# secret:
|
||||
# secretName: regcred
|
||||
# - name: git-credentials
|
||||
# secret:
|
||||
# secretName: git-credentials
|
||||
# params:
|
||||
# - name: url
|
||||
# value: $(tt.params.url)
|
||||
# - name: revision
|
||||
# value: $(tt.params.revision)
|
||||
# - name: image
|
||||
# value: shibboleth-sp
|
||||
# - name: tag
|
||||
# value: $(tt.params.tag)
|
||||
# - name: dockerfile
|
||||
# value: ./misc/k8s/images/sp/Dockerfile
|
||||
# - name: registry
|
||||
# value: $(tt.params.registry)
|
||||
# - name: apiurl
|
||||
# value: $(tt.params.apiurl)
|
||||
# - name: requestid
|
||||
# value: $(tt.params.requestid)
|
||||
# - name: requesttype
|
||||
# value: pullrequest
|
||||
# - name: access_token
|
||||
# value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee
|
||||
|
||||
|
||||
|
@ -2,7 +2,7 @@ apiVersion: triggers.tekton.dev/v1beta1
|
||||
kind: TriggerBinding
|
||||
metadata:
|
||||
name: symfonycheck-binding
|
||||
spec:
|
||||
spec:
|
||||
params:
|
||||
- name: url
|
||||
value: $(body.pull_request.head.repo.clone_url)
|
||||
@ -12,3 +12,5 @@ spec:
|
||||
value: $(body.pull_request.head.repo.url)
|
||||
- name: requestid
|
||||
value: $(body.pull_request.number)
|
||||
- name: destination
|
||||
value: $(body.pull_request.base.ref)
|
||||
|
@ -6,8 +6,11 @@ spec:
|
||||
params:
|
||||
- name: url
|
||||
- name: revision
|
||||
- name: apiurl
|
||||
- name: requestid
|
||||
- name: destination
|
||||
- name: apiurl
|
||||
- name: requesttype
|
||||
- name: access_token
|
||||
resourcetemplates:
|
||||
- apiVersion: tekton.dev/v1beta1
|
||||
kind: PipelineRun
|
||||
@ -41,11 +44,13 @@ spec:
|
||||
value: $(tt.params.url)
|
||||
- name: revision
|
||||
value: $(tt.params.revision)
|
||||
- name: destination
|
||||
value: $(tt.params.destination)
|
||||
- name: apiurl
|
||||
value: $(tt.params.apiurl)
|
||||
- name: requesttype
|
||||
value: "pullrequest"
|
||||
- name: requestid
|
||||
value: $(tt.params.requestid)
|
||||
- name: requesttype
|
||||
value: pullrequest
|
||||
- name: access_token
|
||||
value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee
|
||||
|
@ -2,7 +2,7 @@ apiVersion: skaffold/v3
|
||||
kind: Config
|
||||
|
||||
metadata:
|
||||
name: tekton-pipelines
|
||||
name: tekton
|
||||
|
||||
manifests:
|
||||
kustomize:
|
||||
|
Loading…
x
Reference in New Issue
Block a user