mlamalle/mse-tekton
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

ajout secrets, multipipeline, récupération query param, tagging image

Browse Source
This commit is contained in:
Matthieu Lamalle 2024-03-22 11:41:42 +01:00
parent 1bd773d409
commit 4588441ddb
25 changed files with 535 additions and 239 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@ -1,2 +1,4 @@
kustomization/base/tekton/secret/secret.yaml
kustomization/base/tekton/secret/git-secret.yaml
kustomization/base/tekton/secret/ssh-secret.yaml
kustomization/base/tekton/secret/dockerconfig/config.json
kustomization/base/tekton/secret/gitea-access-token.yaml

3
Makefile
View File

@ -28,9 +28,6 @@ setup-cluster:
@yq -i ".spec.addresses = [\"$(SUBNET)\"]" kind/cluster/lb/resources/ipaddresspoool.yaml
kubectl apply -k kind/cluster/lb --server-side
ssh-secret:
cp kustomization/base/tekton/secret/secret.yaml.dist kustomization/base/tekton/secret/secret.yaml
docker-secret:
docker login reg.cadoles.com
mkdir -p kustomization/base/tekton/secret/dockerconfig

8
README.md
View File

@ -12,10 +12,14 @@ skaffold dev --cleanup=false
```
#### Préparer les secrets
Editer le fichier `kustomization/base/tekton/secret/secret.yaml` avec les identifiants git
Créer les fichiers :
- `kustomization/base/tekton/secret/git-secret.yaml`
- `kustomization/base/tekton/secret/ssh-secret.yaml`
- `kustomization/base/tekton/secret/gitea-access-token.yaml`
en renseignant et en copiant les fichier `.dist` correspondants
Généré le secret docker
```
make ssh-secret
make docker-secret
```

8
kustomization/base/tekton/event/msebuild.yaml
View File

@ -10,9 +10,17 @@ spec:
- ref:
name: "cel"
params:
# Filtre par événement
- name: "filter"
value: "body.action != 'deleted'"
# Récupération du queryParam registry
- name: "overlays"
value:
- key: registry
expression: "requestURL.parseURL().query['registry']"
bindings:
- ref: msebuild-binding
- name: registry
value: $(extensions.registry)
template:
ref: msebuild-template

24
kustomization/base/tekton/ingress/dashboard.yaml Normal file
View File

@ -0,0 +1,24 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dashboard
spec:
ingressClassName: nginx
rules:
- host: tekton.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: tekton-dashboard
port:
number: 9097
- path: /msebuild
pathType: Prefix
backend:
service:
name: el-msebuild
port:
number: 9000

7
kustomization/base/tekton/kustomization.yaml
View File

@ -3,7 +3,9 @@ kind: Kustomization
namespace: tekton
resources:
- namespace/namespace.yaml
- secret/secret.yaml
- secret/git-secret.yaml
- secret/ssh-secret.yaml
- secret/gitea-access-token.yaml
- serviceaccount/service-account.yaml
- serviceaccount/rbac.yaml
- configmap/configmap-phpcsfixer.yaml
@ -22,7 +24,6 @@ resources:
- task/symfonyapp/phpunittest.yaml
# Pipelines
- pipeline/msebuild.yaml
- pipeline/imagebuild.yaml
- pipeline/symfonycheck.yaml
@ -39,3 +40,5 @@ resources:
- event/imagebuild.yaml
- event/symfonycheck.yaml
# Ingress
# - ingress/dashboard.yaml

76
kustomization/base/tekton/pipeline/imagebuild.yaml
View File

@ -15,35 +15,32 @@ spec:
- name: image
type: string
description: The image to build.
- name: tag
type: string
description: The image tag.
- name: dockerfile
type: string
description: Path to the Dockerfile to build.
- name: registry
description: Registry of the Docker image
- name: apiurl
type: string
description: The gitea api url.
- name: requesttype
type: string
description: The gitea request type = pullrequet or release
description: The gitea request type = "pullrequest / release".
- name: requestid
type: string
description: The gitea request id.
- name: access_token
type: string
description: The gitea access_token id.
- name: dockerfile
type: string
description: Path to the Dockerfile to build.
workspaces:
- name: shared-data
- name: config
- name: docker-credentials
- name: git-credentials
- name: gitea-access-token
tasks:
# ⭐ Image Tag Formater
- name: imageformater
taskRef:
name: imageformater
params:
- name: image
value: $(params.image)
# 📥 Clone du repo git
- name: gitclone
@ -52,6 +49,8 @@ spec:
workspaces:
- name: output
workspace: shared-data
- name: ssh-directory
workspace: git-credentials
params:
- name: url
value: $(params.url)
@ -62,14 +61,26 @@ spec:
- name: depth
value: '50'
# ⭐ Image Tag Formater
- name: imageformater
taskRef:
name: imageformater
runAfter: ["gitclone"]
workspaces:
- name: source
workspace: shared-data
params:
- name: revision
value: $(params.revision)
# 🔨 Build de l'image
- name: kaniko-build
taskRef:
name: kaniko
runAfter: ["gitclone"]
runAfter: ["imageformater"]
params:
- name: IMAGE
value: $(tasks.imageformater.results.imagetag)
value: $(params.registry)/$(params.image):$(tasks.imageformater.results.imagetag)
- name: BUILDER_IMAGE
value: gcr.io/kaniko-project/executor:v1.20.0
- name: DOCKERFILE
@ -80,7 +91,7 @@ spec:
- --insecure
- --no-push
- --tarPath=$(workspaces.source.path)/image.tar
- --destination=$(tasks.imageformater.results.imagetag)
- --destination=$(params.registry)/$(params.image):$(tasks.imageformater.results.imagetag)
workspaces:
- name: source
workspace: shared-data
@ -101,6 +112,27 @@ spec:
runAfter:
- kaniko-build
# 📨 Envoyer du resulat de trivy à gitea
- name: trivy-giteacomment
taskRef:
name: giteacomment
workspaces:
- name: source
workspace: shared-data
- name: gitea-access-token
workspace: gitea-access-token
params:
- name: apiurl
value: $(params.apiurl)
- name: requestid
value: $(params.requestid)
- name: title
value: "TRIVY"
- name: filepath
value: "temp_trivy.txt"
runAfter:
- trivy-scan
# 🚀 Publication de l'image
- name: publish
taskRef:
@ -111,11 +143,17 @@ spec:
- name: dockerconfig
workspace: docker-credentials
params:
- name: IMAGE
- name: IMAGE_TAG
value: $(tasks.imageformater.results.imagetag)
- name: IMAGE
value: $(params.image)
- name: REGISTRY
value: $(params.registry)
runAfter:
- trivy-scan
finally:
# 🧹 Cleanup
- name: cleanup-workspace

102
kustomization/base/tekton/pipeline/msebuild.yaml
View File

@ -1,102 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: imagebuild
spec:
description: |
This pipeline clones a git repo, then echoes the README file to the stout.
params:
- name: url
type: string
description: The git repo URL to clone from.
- name: revision
type: string
description: The git repo branch to checkout.
- name: image
type: string
description: The image to build.
- name: apiurl
type: string
description: The gitea api url.
- name: requesttype
type: string
description: The gitea request type = pullrequet or release
- name: requestid
type: string
description: The gitea request id.
- name: access_token
type: string
description: The gitea access_token id.
- name: dockerfile
type: string
description: Path to the Dockerfile to build.
workspaces:
- name: shared-data
- name: config
- name: docker-credentials
tasks:
- name: portal
pipelineRef:
name: imagebuild
params:
- name: dockerfile
value: misc/k8s/images/portal
- name: image
value: reg.cadoles.com/portal
- name: job-base
pipelineRef:
name: imagebuild
params:
- name: dockerfile
value: misc/k8s/images/job-base
- name: image
value: reg.cadoles.com/job-base
- name: mock
pipelineRef:
name: imagebuild
params:
- name: dockerfile
value: misc/k8s/images/mock
- name: image
value: reg.cadoles.com/mock
- name: ines
pipelineRef:
name: imagebuild
params:
- name: dockerfile
value: misc/k8s/images/ines
- name: image
value: reg.cadoles.com/ines
- name: shibboleth-sp
pipelineRef:
name: imagebuild
params:
- name: dockerfile
value: misc/k8s/images/sp
- name: image
value: reg.cadoles.com/shibboleth-sp
- name: hydra-dispatcher-mse-theme
pipelineRef:
name: imagebuild
params:
- name: dockerfile
value: misc/k8s/images/hydra-dispatcher-mse-theme
- name: image
value: reg.cadoles.com/hydra-dispatcher-mse-theme
- name: hydra-sql-mse-theme
pipelineRef:
name: imagebuild
params:
- name: dockerfile
value: misc/k8s/images/hydra-sql-mse-theme
- name: image
value: reg.cadoles.com/hydra-sql-mse-theme

25
kustomization/base/tekton/pipeline/symfonycheck.yaml
View File

@ -12,6 +12,9 @@ spec:
- name: revision
type: string
description: The git repo branch to checkout.
- name: destination
type: string
description: The branch to merge to.
- name: apiurl
type: string
description: The gitea api url.
@ -84,6 +87,9 @@ spec:
workspace: shared-data
- name: config
workspace: config
params:
- name: destination
value: $(params.destination)
# ⭐ Execution des tests unitaires avec une BDD en sidecar
- name: phpunittest
@ -152,25 +158,6 @@ spec:
- name: filepath
value: "temp_phpsecuritychecker.txt"
# 📨 Envoyer du resulat de trivy à gitea
- name: trivy-giteacomment
taskRef:
name: giteacomment
workspaces:
- name: source
workspace: shared-data
params:
- name: apiurl
value: $(params.apiurl)
- name: requestid
value: $(params.requestid)
- name: access_token
value: $(params.access_token)
- name: title
value: "TRIVY"
- name: filepath
value: "temp_trivy.txt"
# 🧹 Cleanup
- name: cleanup-workspace
taskRef:

18
kustomization/base/tekton/pipelinerun/pipelinerun.yaml
View File

@ -1,12 +1,12 @@
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: symfonyapp-run-
generateName: msebuild-run-
namespace: tekton
spec:
serviceAccountName: build-bot
pipelineRef:
name: symfonyapp
name: msebuild
podTemplate:
securityContext:
fsGroup: 65532
@ -26,14 +26,14 @@ spec:
secret:
secretName: regcred
params:
- name: repo-url
- name: image
value: reg.cadoles.com/mlamalle/testtekton
- name: tag
value: test
- name: dockerfile
value: ./misc/k8s/images/job-base/Dockerfile
- name: url
value: https://forge.cadoles.com/CNOUS/mse.git
- name: revision
value: sprint-6
- name: destination
value: k8s
- name: image
value: reg.cadoles.com/mlamalle/testtekton
- name: dockerfile
value: ./misc/k8s/images/job-base/Dockerfile

0
kustomization/base/tekton/secret/secret.yaml.dist → kustomization/base/tekton/secret/git-secret.yaml.dist
View File

6
kustomization/base/tekton/secret/gitea-access-token.yaml.dist Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Secret
metadata:
name: gitea-access-token
data:
access_token: <base64 gitea access token>

7
kustomization/base/tekton/secret/ssh-secret.yaml.dist Normal file
View File

@ -0,0 +1,7 @@
apiVersion: v1
kind: Secret
metadata:
name: git-credentials
data:
id_ed25519: <base64 ssh private key>
known_hosts: <base64 known_host>

9
kustomization/base/tekton/task/common/crane.yaml
View File

@ -7,9 +7,16 @@ spec:
- name: source
- name: dockerconfig
params:
- name: IMAGE_TAG
type: string
description: "The image to push."
- name: IMAGE
type: string
description: "The image to push."
- name: REGISTRY
description: Docker Registry
steps:
- name: push-image-tar
image: gcr.io/go-containerregistry/crane:debug
@ -25,7 +32,7 @@ spec:
echo ""
echo "== PUSH IMAGE ==================================="
crane push $(workspaces.source.path)/image.tar $(params.IMAGE)
crane push $(workspaces.source.path)/image.tar $(params.REGISTRY)/$(params.IMAGE):$(params.IMAGE_TAG)
echo ""
echo ""

6
kustomization/base/tekton/task/common/giteacomment.yaml
View File

@ -6,10 +6,10 @@ spec:
description: Send file content to a comment of the pullrequest gitea
workspaces:
- name: source
- name: gitea-access-token
params:
- name: apiurl
- name: requestid
- name: access_token
- name: title
- name: filepath
steps:
@ -37,7 +37,9 @@ spec:
RESULT=$(cat $(params.filepath))
rm -f $(params.filepath)
APIURL=$(params.apiurl)/issues/$(params.requestid)/comments?access_token=$(params.access_token)
TOKEN_PATH="$(workspaces.gitea-access-token.path)"
GITEA_ACCESS_TOKEN="$(cat ${TOKEN_PATH}/access_token)"
APIURL=$(params.apiurl)/issues/$(params.requestid)/comments?access_token=${GITEA_ACCESS_TOKEN}
RESULT_ESCAPED=$(jq --null-input --arg result "${RESULT}" '$result')
BODY="{\"body\": ${RESULT_ESCAPED}}"
echo ${BODY}

31
kustomization/base/tekton/task/common/imageformater.yaml
View File

@ -4,31 +4,32 @@ metadata:
name: imageformater
spec:
description: transform image name to standart name
workspaces:
- name: source
params:
- name: image
- name: tag
- name: revision
results:
- name: imagetag
steps:
- name: exec
image: alpine
command:
- /bin/sh
args:
- '-c'
- |
#set -e
image: alpine:3.19
script: |
#!/usr/bin/env sh
set -eu
set +x
apk add make curl bash git
cd $(workspaces.source.path)
git config --global --add safe.directory /workspace/source
git checkout $(params.revision)
set -x
echo ""
echo "== IMAGE NAME FORMATER ==================================="
echo "IMAGE TAG BEFORE = $(params.image):$(params.tag)"
make .mktools
version=$(make mkt-project-version)
temp="$(params.image):$(params.tag)"
lowercase=$(echo "$temp" | awk '{print tolower($0)}')
echo "IMAGE TAG AFTER = ${lowercase}"
echo -n "${lowercase}" > "$(results.imagetag.path)"
echo -n "${version}" > "$(results.imagetag.path)"
echo ""
echo ""

28
kustomization/base/tekton/task/common/trivy.yaml
View File

@ -41,32 +41,6 @@ spec:
echo ""
echo "== SCAN IMAGE ==================================="
cmd="trivy $* "
if [ "$(params.AIR_GAPPED_ENABLED)" = "true" ]; then
echo "Air-Gapped mode enabled"
TRIVY_TEMP_DIR=$(mktemp -d)
trivy --cache-dir "$TRIVY_TEMP_DIR" image --download-db-only
tar -cf ./db.tar.gz -C "$TRIVY_TEMP_DIR/db" metadata.json trivy.db
rm -rf "$TRIVY_TEMP_DIR"
mkdir -p "$HOME"/.cache/trivy/db
tar xvf ./db.tar.gz -C "$HOME"/.cache/trivy/db
cmd="${cmd}--skip-update "
fi
cmd="${cmd}$(params.IMAGE_PATH)"
echo "Running trivy task with command below"
echo "$cmd"
eval "$cmd"
trivy image --exit-code 1 --severity CRITICAL --no-progress -o temp_trivy.txt --input $(params.IMAGE_PATH)
cat temp_trivy.txt
args:
- "image"
- "--exit-code"
- "1"
- "--severity"
- "CRITICAL"
- "--no-progress"
- "-o"
- "temp_trivy.json"
- "--input"

9
kustomization/base/tekton/task/symfonyapp/phpcsfixer.yaml
View File

@ -7,6 +7,8 @@ spec:
workspaces:
- name: source
- name: config
params:
- name: destination
steps:
- name: exec
image: ghcr.io/php-cs-fixer/php-cs-fixer:3-php8.3
@ -16,11 +18,16 @@ spec:
- '-c'
- |
#set -e
apk add git
cd $(workspaces.source.path)
git config --global --add safe.directory /workspace/source
git fetch origin $(params.destination)
CHANGED_FILES=$(git diff --name-only --diff-filter=ACMRTUXB origin/$(params.destination) -- | grep -F ".php" | tr "\n" " ")
if ! echo "${CHANGED_FILES}" | grep -qE "^(\\.php-cs-fixer(\\.dist)\\.php?|composer\\.lock)$"; then EXTRA_ARGS=$(printf -- '--path-mode=intersection -- %s' "${CHANGED_FILES}"); else EXTRA_ARGS=''; fi
echo ""
echo "== RUN PHP-CS-FIXER ======================================"
EXTRA_ARGS=$(printf -- '--path-mode=intersection -- %s' "${CHANGED_FILES}")
php-cs-fixer fix --dry-run --config=$(workspaces.config.path)/php-cs-fixer.dist.php ${EXTRA_ARGS} > temp_phpcsfixer.txt 2>&1
cat temp_phpcsfixer.txt

6
kustomization/base/tekton/trigger/imagebuild-binding.yaml
View File

@ -1,15 +1,15 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerBinding
metadata:
name: symfonybuild-binding
name: imagebuild-binding
spec:
params:
- name: url
value: $(body.repository.clone_url)
- name: revision
value: $(body.release.target_commitish)
value: $(body.pull_request.head.ref)
- name: image
value: reg.cadoles.com/$(body.repository.full_name)
value: $(body.repository.full_name)
- name: tag
value: $(body.release.target_commitish)-$(body.release.tag_name)
- name: apiurl

30
kustomization/base/tekton/trigger/imagebuild-template.yaml
View File

@ -7,8 +7,13 @@ spec:
- name: url
- name: revision
- name: image
- name: tag
- name: dockerfile
- name: registry
- name: apiurl
- name: requestid
- name: requesttype
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
@ -31,26 +36,31 @@ spec:
resources:
requests:
storage: 1Gi
- name: config
configmap:
name: config-phpcsfixer
- name: docker-credentials
secret:
secretName: regcred
- name: git-credentials
secret:
secretName: git-credentials
- name: gitea-access-token
secret:
secretName: gitea-access-token
params:
- name: url
value: $(tt.params.url)
- name: revision
value: $(tt.params.revision)
- name: image
value: $(tt.params.image)
value: hydra-sql-theme
- name: tag
value: $(tt.params.tag)
- name: dockerfile
value: ./misc/k8s/images/hydra-sql-mse-theme/Dockerfile
- name: registry
value: $(tt.params.registry)
- name: apiurl
value: $(tt.params.apiurl)
- name: requesttype
value: "release"
- name: requestid
value: $(tt.params.requestid)
- name: access_token
value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee
- name: dockerfile
value: misc/k8s/images/portal
- name: requesttype
value: pullrequest

13
kustomization/base/tekton/trigger/msebuild-binding.yaml
View File

@ -1,17 +1,18 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerBinding
metadata:
name: symfonybuild-binding
name: msebuild-binding
spec:
params:
- name: url
value: $(body.repository.clone_url)
- name: revision
value: $(body.release.target_commitish)
- name: tag
value: $(body.release.target_commitish)-$(body.release.tag_name)
value: $(body.pull_request.head.ref)
- name: image
value: $(body.repository.full_name)
- name: apiurl
value: $(body.release.url)
value: $(body.pull_request.base.repo.url)
- name: requestid
value: $(body.release.id)
value: $(body.pull_request.number)

337
kustomization/base/tekton/trigger/msebuild-template.yaml
View File

@ -7,18 +7,124 @@ spec:
- name: url
- name: revision
- name: image
- name: tag
- name: dockerfile
- name: registry
- name: apiurl
- name: requestid
- name: requesttype
resourcetemplates:
# # Portal
# - apiVersion: tekton.dev/v1beta1
# kind: PipelineRun
# metadata:
# generateName: msebuild-portal-run-
# namespace: tekton
# spec:
# serviceAccountName: build-bot
# pipelineRef:
# name: imagebuild
# podTemplate:
# securityContext:
# fsGroup: 65532
# workspaces:
# - name: shared-data
# volumeClaimTemplate:
# spec:
# accessModes:
# - ReadWriteOnce
# resources:
# requests:
# storage: 1Gi
# - name: docker-credentials
# secret:
# secretName: regcred
# - name: git-credentials
# secret:
# secretName: git-credentials
# params:
# - name: url
# value: $(tt.params.url)
# - name: revision
# value: $(tt.params.revision)
# - name: image
# value: portal
# - name: tag
# value: $(tt.params.tag)
# - name: dockerfile
# value: ./misc/k8s/images/portal/Dockerfile
# - name: registry
# value: $(tt.params.registry)
# - name: apiurl
# value: $(tt.params.apiurl)
# - name: requestid
# value: $(tt.params.requestid)
# - name: requesttype
# value: pullrequest
# - name: access_token
# value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee
# # Hydra Dispatcher Theme
# - apiVersion: tekton.dev/v1beta1
# kind: PipelineRun
# metadata:
# generateName: msebuild-hydra-dispatcher-theme-run-
# namespace: tekton
# spec:
# serviceAccountName: build-bot
# pipelineRef:
# name: imagebuild
# podTemplate:
# securityContext:
# fsGroup: 65532
# workspaces:
# - name: shared-data
# volumeClaimTemplate:
# spec:
# accessModes:
# - ReadWriteOnce
# resources:
# requests:
# storage: 1Gi
# - name: docker-credentials
# secret:
# secretName: regcred
# - name: git-credentials
# secret:
# secretName: git-credentials
# params:
# - name: url
# value: $(tt.params.url)
# - name: revision
# value: $(tt.params.revision)
# - name: image
# value: hydra-dispatcher-theme
# - name: tag
# value: $(tt.params.tag)
# - name: dockerfile
# value: ./misc/k8s/images/hydra-dispatcher-mse-theme/Dockerfile
# - name: registry
# value: $(tt.params.registry)
# - name: apiurl
# value: $(tt.params.apiurl)
# - name: requestid
# value: $(tt.params.requestid)
# - name: requesttype
# value: pullrequest
# - name: access_token
# value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee
# Hydra SQL Theme
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: msebuild-run-
generateName: msebuild-hydra-sql-theme-run-
namespace: tekton
spec:
serviceAccountName: build-bot
pipelineRef:
name: msebuild
name: imagebuild
podTemplate:
securityContext:
fsGroup: 65532
@ -31,28 +137,235 @@ spec:
resources:
requests:
storage: 1Gi
- name: config
configmap:
name: config-phpcsfixer
- name: docker-credentials
secret:
secretName: regcred
- name: git-credentials
secret:
secretName: git-credentials
- name: gitea-access-token
secret:
secretName: gitea-access-token
params:
- name: url
value: $(tt.params.url)
- name: revision
value: $(tt.params.revision)
- name: image
value: portal
value: hydra-sql-theme
- name: tag
value: $(tt.params.tag)
- name: dockerfile
value: ./misc/k8s/images/hydra-sql-mse-theme/Dockerfile
- name: registry
value: $(tt.params.registry)
- name: apiurl
value: $(tt.params.apiurl)
- name: requesttype
value: "release"
- name: requestid
value: $(tt.params.requestid)
- name: access_token
value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee
- name: dockerfile
value: misc/k8s/images/portal
- name: requesttype
value: pullrequest
# # Job Base
# - apiVersion: tekton.dev/v1beta1
# kind: PipelineRun
# metadata:
# generateName: msebuild-job-base-run-
# namespace: tekton
# spec:
# serviceAccountName: build-bot
# pipelineRef:
# name: imagebuild
# podTemplate:
# securityContext:
# fsGroup: 65532
# workspaces:
# - name: shared-data
# volumeClaimTemplate:
# spec:
# accessModes:
# - ReadWriteOnce
# resources:
# requests:
# storage: 1Gi
# - name: docker-credentials
# secret:
# secretName: regcred
# - name: git-credentials
# secret:
# secretName: git-credentials
# params:
# - name: url
# value: $(tt.params.url)
# - name: revision
# value: $(tt.params.revision)
# - name: image
# value: job-base
# - name: tag
# value: $(tt.params.tag)
# - name: dockerfile
# value: ./misc/k8s/images/job-base/Dockerfile
# - name: registry
# value: $(tt.params.registry)
# - name: apiurl
# value: $(tt.params.apiurl)
# - name: requestid
# value: $(tt.params.requestid)
# - name: requesttype
# value: pullrequest
# - name: access_token
# value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee
# # Mock
# - apiVersion: tekton.dev/v1beta1
# kind: PipelineRun
# metadata:
# generateName: msebuild-mock-run-
# namespace: tekton
# spec:
# serviceAccountName: build-bot
# pipelineRef:
# name: imagebuild
# podTemplate:
# securityContext:
# fsGroup: 65532
# workspaces:
# - name: shared-data
# volumeClaimTemplate:
# spec:
# accessModes:
# - ReadWriteOnce
# resources:
# requests:
# storage: 1Gi
# - name: docker-credentials
# secret:
# secretName: regcred
# - name: git-credentials
# secret:
# secretName: git-credentials
# params:
# - name: url
# value: $(tt.params.url)
# - name: revision
# value: $(tt.params.revision)
# - name: image
# value: mock
# - name: tag
# value: $(tt.params.tag)
# - name: dockerfile
# value: ./misc/k8s/images/mock/Dockerfile
# - name: registry
# value: $(tt.params.registry)
# - name: apiurl
# value: $(tt.params.apiurl)
# - name: requestid
# value: $(tt.params.requestid)
# - name: requesttype
# value: pullrequest
# - name: access_token
# value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee
# # Ines
# - apiVersion: tekton.dev/v1beta1
# kind: PipelineRun
# metadata:
# generateName: msebuild-ines-run-
# namespace: tekton
# spec:
# serviceAccountName: build-bot
# pipelineRef:
# name: imagebuild
# podTemplate:
# securityContext:
# fsGroup: 65532
# workspaces:
# - name: shared-data
# volumeClaimTemplate:
# spec:
# accessModes:
# - ReadWriteOnce
# resources:
# requests:
# storage: 1Gi
# - name: docker-credentials
# secret:
# secretName: regcred
# - name: git-credentials
# secret:
# secretName: git-credentials
# params:
# - name: url
# value: $(tt.params.url)
# - name: revision
# value: $(tt.params.revision)
# - name: image
# value: ines
# - name: tag
# value: $(tt.params.tag)
# - name: dockerfile
# value: ./misc/k8s/images/ines/Dockerfile
# - name: registry
# value: $(tt.params.registry)
# - name: apiurl
# value: $(tt.params.apiurl)
# - name: requestid
# value: $(tt.params.requestid)
# - name: requesttype
# value: pullrequest
# - name: access_token
# value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee
# # Shibboleth-sp
# - apiVersion: tekton.dev/v1beta1
# kind: PipelineRun
# metadata:
# generateName: msebuild-shibboleth-sp-run-
# namespace: tekton
# spec:
# serviceAccountName: build-bot
# pipelineRef:
# name: imagebuild
# podTemplate:
# securityContext:
# fsGroup: 65532
# workspaces:
# - name: shared-data
# volumeClaimTemplate:
# spec:
# accessModes:
# - ReadWriteOnce
# resources:
# requests:
# storage: 1Gi
# - name: docker-credentials
# secret:
# secretName: regcred
# - name: git-credentials
# secret:
# secretName: git-credentials
# params:
# - name: url
# value: $(tt.params.url)
# - name: revision
# value: $(tt.params.revision)
# - name: image
# value: shibboleth-sp
# - name: tag
# value: $(tt.params.tag)
# - name: dockerfile
# value: ./misc/k8s/images/sp/Dockerfile
# - name: registry
# value: $(tt.params.registry)
# - name: apiurl
# value: $(tt.params.apiurl)
# - name: requestid
# value: $(tt.params.requestid)
# - name: requesttype
# value: pullrequest
# - name: access_token
# value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee

4
kustomization/base/tekton/trigger/symfonycheck-binding.yaml
View File

@ -2,7 +2,7 @@ apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerBinding
metadata:
name: symfonycheck-binding
spec:
spec:
params:
- name: url
value: $(body.pull_request.head.repo.clone_url)
@ -12,3 +12,5 @@ spec:
value: $(body.pull_request.head.repo.url)
- name: requestid
value: $(body.pull_request.number)
- name: destination
value: $(body.pull_request.base.ref)

11
kustomization/base/tekton/trigger/symfonycheck-template.yaml
View File

@ -6,8 +6,11 @@ spec:
params:
- name: url
- name: revision
- name: apiurl
- name: requestid
- name: destination
- name: apiurl
- name: requesttype
- name: access_token
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
@ -41,11 +44,13 @@ spec:
value: $(tt.params.url)
- name: revision
value: $(tt.params.revision)
- name: destination
value: $(tt.params.destination)
- name: apiurl
value: $(tt.params.apiurl)
- name: requesttype
value: "pullrequest"
- name: requestid
value: $(tt.params.requestid)
- name: requesttype
value: pullrequest
- name: access_token
value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee

2
skaffold.yaml
View File

@ -2,7 +2,7 @@ apiVersion: skaffold/v3
kind: Config
metadata:
name: tekton-pipelines
name: tekton
manifests:
kustomize: