diff --git a/.gitignore b/.gitignore index 3e234a3..0b6e071 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,4 @@ -kustomization/base/tekton/secret/secret.yaml +kustomization/base/tekton/secret/git-secret.yaml +kustomization/base/tekton/secret/ssh-secret.yaml kustomization/base/tekton/secret/dockerconfig/config.json +kustomization/base/tekton/secret/gitea-access-token.yaml diff --git a/Makefile b/Makefile index 95fad22..ae16b81 100644 --- a/Makefile +++ b/Makefile @@ -28,9 +28,6 @@ setup-cluster: @yq -i ".spec.addresses = [\"$(SUBNET)\"]" kind/cluster/lb/resources/ipaddresspoool.yaml kubectl apply -k kind/cluster/lb --server-side -ssh-secret: - cp kustomization/base/tekton/secret/secret.yaml.dist kustomization/base/tekton/secret/secret.yaml - docker-secret: docker login reg.cadoles.com mkdir -p kustomization/base/tekton/secret/dockerconfig diff --git a/README.md b/README.md index d262c1a..fd41fea 100644 --- a/README.md +++ b/README.md @@ -12,10 +12,14 @@ skaffold dev --cleanup=false ``` #### Préparer les secrets -Editer le fichier `kustomization/base/tekton/secret/secret.yaml` avec les identifiants git +Créer les fichiers : + - `kustomization/base/tekton/secret/git-secret.yaml` + - `kustomization/base/tekton/secret/ssh-secret.yaml` + - `kustomization/base/tekton/secret/gitea-access-token.yaml` +en renseignant et en copiant les fichier `.dist` correspondants +Généré le secret docker ``` -make ssh-secret make docker-secret ``` diff --git a/kustomization/base/tekton/event/msebuild.yaml b/kustomization/base/tekton/event/msebuild.yaml index 0d4c1c0..882e35f 100644 --- a/kustomization/base/tekton/event/msebuild.yaml +++ b/kustomization/base/tekton/event/msebuild.yaml @@ -10,9 +10,17 @@ spec: - ref: name: "cel" params: + # Filtre par événement - name: "filter" value: "body.action != 'deleted'" + # Récupération du queryParam registry + - name: "overlays" + value: + - key: registry + expression: "requestURL.parseURL().query['registry']" bindings: - ref: msebuild-binding + - name: registry + value: $(extensions.registry) template: ref: msebuild-template diff --git a/kustomization/base/tekton/ingress/dashboard.yaml b/kustomization/base/tekton/ingress/dashboard.yaml new file mode 100644 index 0000000..0602770 --- /dev/null +++ b/kustomization/base/tekton/ingress/dashboard.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: dashboard +spec: + ingressClassName: nginx + rules: + - host: tekton.local + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: tekton-dashboard + port: + number: 9097 + - path: /msebuild + pathType: Prefix + backend: + service: + name: el-msebuild + port: + number: 9000 diff --git a/kustomization/base/tekton/kustomization.yaml b/kustomization/base/tekton/kustomization.yaml index 05a5fe9..f18bf21 100644 --- a/kustomization/base/tekton/kustomization.yaml +++ b/kustomization/base/tekton/kustomization.yaml @@ -3,7 +3,9 @@ kind: Kustomization namespace: tekton resources: - namespace/namespace.yaml -- secret/secret.yaml +- secret/git-secret.yaml +- secret/ssh-secret.yaml +- secret/gitea-access-token.yaml - serviceaccount/service-account.yaml - serviceaccount/rbac.yaml - configmap/configmap-phpcsfixer.yaml @@ -22,7 +24,6 @@ resources: - task/symfonyapp/phpunittest.yaml # Pipelines -- pipeline/msebuild.yaml - pipeline/imagebuild.yaml - pipeline/symfonycheck.yaml @@ -39,3 +40,5 @@ resources: - event/imagebuild.yaml - event/symfonycheck.yaml +# Ingress +# - ingress/dashboard.yaml diff --git a/kustomization/base/tekton/pipeline/imagebuild.yaml b/kustomization/base/tekton/pipeline/imagebuild.yaml index 005c499..0efff40 100644 --- a/kustomization/base/tekton/pipeline/imagebuild.yaml +++ b/kustomization/base/tekton/pipeline/imagebuild.yaml @@ -15,35 +15,32 @@ spec: - name: image type: string description: The image to build. + - name: tag + type: string + description: The image tag. + - name: dockerfile + type: string + description: Path to the Dockerfile to build. + - name: registry + description: Registry of the Docker image - name: apiurl type: string description: The gitea api url. - name: requesttype type: string - description: The gitea request type = pullrequet or release + description: The gitea request type = "pullrequest / release". - name: requestid type: string description: The gitea request id. - - name: access_token - type: string - description: The gitea access_token id. - - name: dockerfile - type: string - description: Path to the Dockerfile to build. + workspaces: - name: shared-data - - name: config - name: docker-credentials + - name: git-credentials + - name: gitea-access-token tasks: - # ⭐ Image Tag Formater - - name: imageformater - taskRef: - name: imageformater - params: - - name: image - value: $(params.image) # 📥 Clone du repo git - name: gitclone @@ -52,6 +49,8 @@ spec: workspaces: - name: output workspace: shared-data + - name: ssh-directory + workspace: git-credentials params: - name: url value: $(params.url) @@ -62,14 +61,26 @@ spec: - name: depth value: '50' + # ⭐ Image Tag Formater + - name: imageformater + taskRef: + name: imageformater + runAfter: ["gitclone"] + workspaces: + - name: source + workspace: shared-data + params: + - name: revision + value: $(params.revision) + # 🔨 Build de l'image - name: kaniko-build taskRef: name: kaniko - runAfter: ["gitclone"] + runAfter: ["imageformater"] params: - name: IMAGE - value: $(tasks.imageformater.results.imagetag) + value: $(params.registry)/$(params.image):$(tasks.imageformater.results.imagetag) - name: BUILDER_IMAGE value: gcr.io/kaniko-project/executor:v1.20.0 - name: DOCKERFILE @@ -80,7 +91,7 @@ spec: - --insecure - --no-push - --tarPath=$(workspaces.source.path)/image.tar - - --destination=$(tasks.imageformater.results.imagetag) + - --destination=$(params.registry)/$(params.image):$(tasks.imageformater.results.imagetag) workspaces: - name: source workspace: shared-data @@ -101,6 +112,27 @@ spec: runAfter: - kaniko-build + # 📨 Envoyer du resulat de trivy à gitea + - name: trivy-giteacomment + taskRef: + name: giteacomment + workspaces: + - name: source + workspace: shared-data + - name: gitea-access-token + workspace: gitea-access-token + params: + - name: apiurl + value: $(params.apiurl) + - name: requestid + value: $(params.requestid) + - name: title + value: "TRIVY" + - name: filepath + value: "temp_trivy.txt" + runAfter: + - trivy-scan + # 🚀 Publication de l'image - name: publish taskRef: @@ -111,11 +143,17 @@ spec: - name: dockerconfig workspace: docker-credentials params: - - name: IMAGE + - name: IMAGE_TAG value: $(tasks.imageformater.results.imagetag) + - name: IMAGE + value: $(params.image) + - name: REGISTRY + value: $(params.registry) runAfter: - trivy-scan + + finally: # 🧹 Cleanup - name: cleanup-workspace diff --git a/kustomization/base/tekton/pipeline/msebuild.yaml b/kustomization/base/tekton/pipeline/msebuild.yaml deleted file mode 100644 index add8bac..0000000 --- a/kustomization/base/tekton/pipeline/msebuild.yaml +++ /dev/null @@ -1,102 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Pipeline -metadata: - name: imagebuild -spec: - description: | - This pipeline clones a git repo, then echoes the README file to the stout. - params: - - name: url - type: string - description: The git repo URL to clone from. - - name: revision - type: string - description: The git repo branch to checkout. - - name: image - type: string - description: The image to build. - - name: apiurl - type: string - description: The gitea api url. - - name: requesttype - type: string - description: The gitea request type = pullrequet or release - - name: requestid - type: string - description: The gitea request id. - - name: access_token - type: string - description: The gitea access_token id. - - name: dockerfile - type: string - description: Path to the Dockerfile to build. - - workspaces: - - name: shared-data - - name: config - - name: docker-credentials - - tasks: - - name: portal - pipelineRef: - name: imagebuild - params: - - name: dockerfile - value: misc/k8s/images/portal - - name: image - value: reg.cadoles.com/portal - - - name: job-base - pipelineRef: - name: imagebuild - params: - - name: dockerfile - value: misc/k8s/images/job-base - - name: image - value: reg.cadoles.com/job-base - - - name: mock - pipelineRef: - name: imagebuild - params: - - name: dockerfile - value: misc/k8s/images/mock - - name: image - value: reg.cadoles.com/mock - - - name: ines - pipelineRef: - name: imagebuild - params: - - name: dockerfile - value: misc/k8s/images/ines - - name: image - value: reg.cadoles.com/ines - - - name: shibboleth-sp - pipelineRef: - name: imagebuild - params: - - name: dockerfile - value: misc/k8s/images/sp - - name: image - value: reg.cadoles.com/shibboleth-sp - - - name: hydra-dispatcher-mse-theme - pipelineRef: - name: imagebuild - params: - - name: dockerfile - value: misc/k8s/images/hydra-dispatcher-mse-theme - - name: image - value: reg.cadoles.com/hydra-dispatcher-mse-theme - - - name: hydra-sql-mse-theme - pipelineRef: - name: imagebuild - params: - - name: dockerfile - value: misc/k8s/images/hydra-sql-mse-theme - - name: image - value: reg.cadoles.com/hydra-sql-mse-theme - diff --git a/kustomization/base/tekton/pipeline/symfonycheck.yaml b/kustomization/base/tekton/pipeline/symfonycheck.yaml index 39c3836..fecaa90 100644 --- a/kustomization/base/tekton/pipeline/symfonycheck.yaml +++ b/kustomization/base/tekton/pipeline/symfonycheck.yaml @@ -12,6 +12,9 @@ spec: - name: revision type: string description: The git repo branch to checkout. + - name: destination + type: string + description: The branch to merge to. - name: apiurl type: string description: The gitea api url. @@ -84,6 +87,9 @@ spec: workspace: shared-data - name: config workspace: config + params: + - name: destination + value: $(params.destination) # ⭐ Execution des tests unitaires avec une BDD en sidecar - name: phpunittest @@ -152,25 +158,6 @@ spec: - name: filepath value: "temp_phpsecuritychecker.txt" - # 📨 Envoyer du resulat de trivy à gitea - - name: trivy-giteacomment - taskRef: - name: giteacomment - workspaces: - - name: source - workspace: shared-data - params: - - name: apiurl - value: $(params.apiurl) - - name: requestid - value: $(params.requestid) - - name: access_token - value: $(params.access_token) - - name: title - value: "TRIVY" - - name: filepath - value: "temp_trivy.txt" - # 🧹 Cleanup - name: cleanup-workspace taskRef: diff --git a/kustomization/base/tekton/pipelinerun/pipelinerun.yaml b/kustomization/base/tekton/pipelinerun/pipelinerun.yaml index 96b177a..a0ffc71 100644 --- a/kustomization/base/tekton/pipelinerun/pipelinerun.yaml +++ b/kustomization/base/tekton/pipelinerun/pipelinerun.yaml @@ -1,12 +1,12 @@ apiVersion: tekton.dev/v1beta1 kind: PipelineRun metadata: - generateName: symfonyapp-run- + generateName: msebuild-run- namespace: tekton spec: serviceAccountName: build-bot pipelineRef: - name: symfonyapp + name: msebuild podTemplate: securityContext: fsGroup: 65532 @@ -26,14 +26,14 @@ spec: secret: secretName: regcred params: - - name: repo-url + - name: image + value: reg.cadoles.com/mlamalle/testtekton + - name: tag + value: test + - name: dockerfile + value: ./misc/k8s/images/job-base/Dockerfile + - name: url value: https://forge.cadoles.com/CNOUS/mse.git - name: revision value: sprint-6 - - name: destination - value: k8s - - name: image - value: reg.cadoles.com/mlamalle/testtekton - - name: dockerfile - value: ./misc/k8s/images/job-base/Dockerfile diff --git a/kustomization/base/tekton/secret/secret.yaml.dist b/kustomization/base/tekton/secret/git-secret.yaml.dist similarity index 100% rename from kustomization/base/tekton/secret/secret.yaml.dist rename to kustomization/base/tekton/secret/git-secret.yaml.dist diff --git a/kustomization/base/tekton/secret/gitea-access-token.yaml.dist b/kustomization/base/tekton/secret/gitea-access-token.yaml.dist new file mode 100644 index 0000000..e8770b0 --- /dev/null +++ b/kustomization/base/tekton/secret/gitea-access-token.yaml.dist @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Secret +metadata: + name: gitea-access-token +data: + access_token: diff --git a/kustomization/base/tekton/secret/ssh-secret.yaml.dist b/kustomization/base/tekton/secret/ssh-secret.yaml.dist new file mode 100644 index 0000000..b9614a2 --- /dev/null +++ b/kustomization/base/tekton/secret/ssh-secret.yaml.dist @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: git-credentials +data: + id_ed25519: + known_hosts: diff --git a/kustomization/base/tekton/task/common/crane.yaml b/kustomization/base/tekton/task/common/crane.yaml index 5217415..676b257 100644 --- a/kustomization/base/tekton/task/common/crane.yaml +++ b/kustomization/base/tekton/task/common/crane.yaml @@ -7,9 +7,16 @@ spec: - name: source - name: dockerconfig params: + - name: IMAGE_TAG + type: string + description: "The image to push." - name: IMAGE type: string description: "The image to push." + - name: REGISTRY + description: Docker Registry + + steps: - name: push-image-tar image: gcr.io/go-containerregistry/crane:debug @@ -25,7 +32,7 @@ spec: echo "" echo "== PUSH IMAGE ===================================" - crane push $(workspaces.source.path)/image.tar $(params.IMAGE) + crane push $(workspaces.source.path)/image.tar $(params.REGISTRY)/$(params.IMAGE):$(params.IMAGE_TAG) echo "" echo "" diff --git a/kustomization/base/tekton/task/common/giteacomment.yaml b/kustomization/base/tekton/task/common/giteacomment.yaml index d11f8d9..52d5731 100644 --- a/kustomization/base/tekton/task/common/giteacomment.yaml +++ b/kustomization/base/tekton/task/common/giteacomment.yaml @@ -6,10 +6,10 @@ spec: description: Send file content to a comment of the pullrequest gitea workspaces: - name: source + - name: gitea-access-token params: - name: apiurl - name: requestid - - name: access_token - name: title - name: filepath steps: @@ -37,7 +37,9 @@ spec: RESULT=$(cat $(params.filepath)) rm -f $(params.filepath) - APIURL=$(params.apiurl)/issues/$(params.requestid)/comments?access_token=$(params.access_token) + TOKEN_PATH="$(workspaces.gitea-access-token.path)" + GITEA_ACCESS_TOKEN="$(cat ${TOKEN_PATH}/access_token)" + APIURL=$(params.apiurl)/issues/$(params.requestid)/comments?access_token=${GITEA_ACCESS_TOKEN} RESULT_ESCAPED=$(jq --null-input --arg result "${RESULT}" '$result') BODY="{\"body\": ${RESULT_ESCAPED}}" echo ${BODY} diff --git a/kustomization/base/tekton/task/common/imageformater.yaml b/kustomization/base/tekton/task/common/imageformater.yaml index d17a937..c6a67fe 100644 --- a/kustomization/base/tekton/task/common/imageformater.yaml +++ b/kustomization/base/tekton/task/common/imageformater.yaml @@ -4,31 +4,32 @@ metadata: name: imageformater spec: description: transform image name to standart name + workspaces: + - name: source params: - - name: image - - name: tag + - name: revision results: - name: imagetag steps: - name: exec - image: alpine - command: - - /bin/sh - args: - - '-c' - - | - #set -e + image: alpine:3.19 + script: | + #!/usr/bin/env sh + set -eu + set +x + apk add make curl bash git + cd $(workspaces.source.path) + git config --global --add safe.directory /workspace/source + git checkout $(params.revision) + set -x echo "" echo "== IMAGE NAME FORMATER ===================================" - echo "IMAGE TAG BEFORE = $(params.image):$(params.tag)" + make .mktools + version=$(make mkt-project-version) - temp="$(params.image):$(params.tag)" - lowercase=$(echo "$temp" | awk '{print tolower($0)}') - echo "IMAGE TAG AFTER = ${lowercase}" - - echo -n "${lowercase}" > "$(results.imagetag.path)" + echo -n "${version}" > "$(results.imagetag.path)" echo "" echo "" diff --git a/kustomization/base/tekton/task/common/trivy.yaml b/kustomization/base/tekton/task/common/trivy.yaml index 099f6fc..7f19043 100644 --- a/kustomization/base/tekton/task/common/trivy.yaml +++ b/kustomization/base/tekton/task/common/trivy.yaml @@ -41,32 +41,6 @@ spec: echo "" echo "== SCAN IMAGE ===================================" - cmd="trivy $* " - if [ "$(params.AIR_GAPPED_ENABLED)" = "true" ]; then - echo "Air-Gapped mode enabled" - TRIVY_TEMP_DIR=$(mktemp -d) - trivy --cache-dir "$TRIVY_TEMP_DIR" image --download-db-only - tar -cf ./db.tar.gz -C "$TRIVY_TEMP_DIR/db" metadata.json trivy.db - rm -rf "$TRIVY_TEMP_DIR" - mkdir -p "$HOME"/.cache/trivy/db - tar xvf ./db.tar.gz -C "$HOME"/.cache/trivy/db - - cmd="${cmd}--skip-update " - fi - - cmd="${cmd}$(params.IMAGE_PATH)" echo "Running trivy task with command below" - echo "$cmd" - eval "$cmd" + trivy image --exit-code 1 --severity CRITICAL --no-progress -o temp_trivy.txt --input $(params.IMAGE_PATH) cat temp_trivy.txt - - args: - - "image" - - "--exit-code" - - "1" - - "--severity" - - "CRITICAL" - - "--no-progress" - - "-o" - - "temp_trivy.json" - - "--input" diff --git a/kustomization/base/tekton/task/symfonyapp/phpcsfixer.yaml b/kustomization/base/tekton/task/symfonyapp/phpcsfixer.yaml index 7327905..78118dd 100644 --- a/kustomization/base/tekton/task/symfonyapp/phpcsfixer.yaml +++ b/kustomization/base/tekton/task/symfonyapp/phpcsfixer.yaml @@ -7,6 +7,8 @@ spec: workspaces: - name: source - name: config + params: + - name: destination steps: - name: exec image: ghcr.io/php-cs-fixer/php-cs-fixer:3-php8.3 @@ -16,11 +18,16 @@ spec: - '-c' - | #set -e + apk add git cd $(workspaces.source.path) + git config --global --add safe.directory /workspace/source + git fetch origin $(params.destination) + CHANGED_FILES=$(git diff --name-only --diff-filter=ACMRTUXB origin/$(params.destination) -- | grep -F ".php" | tr "\n" " ") + if ! echo "${CHANGED_FILES}" | grep -qE "^(\\.php-cs-fixer(\\.dist)\\.php?|composer\\.lock)$"; then EXTRA_ARGS=$(printf -- '--path-mode=intersection -- %s' "${CHANGED_FILES}"); else EXTRA_ARGS=''; fi echo "" echo "== RUN PHP-CS-FIXER ======================================" - EXTRA_ARGS=$(printf -- '--path-mode=intersection -- %s' "${CHANGED_FILES}") + php-cs-fixer fix --dry-run --config=$(workspaces.config.path)/php-cs-fixer.dist.php ${EXTRA_ARGS} > temp_phpcsfixer.txt 2>&1 cat temp_phpcsfixer.txt diff --git a/kustomization/base/tekton/trigger/imagebuild-binding.yaml b/kustomization/base/tekton/trigger/imagebuild-binding.yaml index 23a6e8c..661227a 100644 --- a/kustomization/base/tekton/trigger/imagebuild-binding.yaml +++ b/kustomization/base/tekton/trigger/imagebuild-binding.yaml @@ -1,15 +1,15 @@ apiVersion: triggers.tekton.dev/v1beta1 kind: TriggerBinding metadata: - name: symfonybuild-binding + name: imagebuild-binding spec: params: - name: url value: $(body.repository.clone_url) - name: revision - value: $(body.release.target_commitish) + value: $(body.pull_request.head.ref) - name: image - value: reg.cadoles.com/$(body.repository.full_name) + value: $(body.repository.full_name) - name: tag value: $(body.release.target_commitish)-$(body.release.tag_name) - name: apiurl diff --git a/kustomization/base/tekton/trigger/imagebuild-template.yaml b/kustomization/base/tekton/trigger/imagebuild-template.yaml index e2813a8..73736f5 100644 --- a/kustomization/base/tekton/trigger/imagebuild-template.yaml +++ b/kustomization/base/tekton/trigger/imagebuild-template.yaml @@ -7,8 +7,13 @@ spec: - name: url - name: revision - name: image + - name: tag + - name: dockerfile + - name: registry - name: apiurl - name: requestid + - name: requesttype + resourcetemplates: - apiVersion: tekton.dev/v1beta1 kind: PipelineRun @@ -31,26 +36,31 @@ spec: resources: requests: storage: 1Gi - - name: config - configmap: - name: config-phpcsfixer - name: docker-credentials secret: secretName: regcred + - name: git-credentials + secret: + secretName: git-credentials + - name: gitea-access-token + secret: + secretName: gitea-access-token params: - name: url value: $(tt.params.url) - name: revision value: $(tt.params.revision) - name: image - value: $(tt.params.image) + value: hydra-sql-theme + - name: tag + value: $(tt.params.tag) + - name: dockerfile + value: ./misc/k8s/images/hydra-sql-mse-theme/Dockerfile + - name: registry + value: $(tt.params.registry) - name: apiurl value: $(tt.params.apiurl) - - name: requesttype - value: "release" - name: requestid value: $(tt.params.requestid) - - name: access_token - value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee - - name: dockerfile - value: misc/k8s/images/portal + - name: requesttype + value: pullrequest diff --git a/kustomization/base/tekton/trigger/msebuild-binding.yaml b/kustomization/base/tekton/trigger/msebuild-binding.yaml index e050b8a..698a125 100644 --- a/kustomization/base/tekton/trigger/msebuild-binding.yaml +++ b/kustomization/base/tekton/trigger/msebuild-binding.yaml @@ -1,17 +1,18 @@ apiVersion: triggers.tekton.dev/v1beta1 kind: TriggerBinding metadata: - name: symfonybuild-binding + name: msebuild-binding spec: params: - name: url value: $(body.repository.clone_url) - name: revision - value: $(body.release.target_commitish) - - name: tag - value: $(body.release.target_commitish)-$(body.release.tag_name) + value: $(body.pull_request.head.ref) + - name: image + value: $(body.repository.full_name) - name: apiurl - value: $(body.release.url) + value: $(body.pull_request.base.repo.url) - name: requestid - value: $(body.release.id) + value: $(body.pull_request.number) + diff --git a/kustomization/base/tekton/trigger/msebuild-template.yaml b/kustomization/base/tekton/trigger/msebuild-template.yaml index ec98e47..0f9a317 100644 --- a/kustomization/base/tekton/trigger/msebuild-template.yaml +++ b/kustomization/base/tekton/trigger/msebuild-template.yaml @@ -7,18 +7,124 @@ spec: - name: url - name: revision - name: image + - name: tag + - name: dockerfile + - name: registry - name: apiurl - name: requestid + - name: requesttype + resourcetemplates: + # # Portal + # - apiVersion: tekton.dev/v1beta1 + # kind: PipelineRun + # metadata: + # generateName: msebuild-portal-run- + # namespace: tekton + # spec: + # serviceAccountName: build-bot + # pipelineRef: + # name: imagebuild + # podTemplate: + # securityContext: + # fsGroup: 65532 + # workspaces: + # - name: shared-data + # volumeClaimTemplate: + # spec: + # accessModes: + # - ReadWriteOnce + # resources: + # requests: + # storage: 1Gi + # - name: docker-credentials + # secret: + # secretName: regcred + # - name: git-credentials + # secret: + # secretName: git-credentials + # params: + # - name: url + # value: $(tt.params.url) + # - name: revision + # value: $(tt.params.revision) + # - name: image + # value: portal + # - name: tag + # value: $(tt.params.tag) + # - name: dockerfile + # value: ./misc/k8s/images/portal/Dockerfile + # - name: registry + # value: $(tt.params.registry) + # - name: apiurl + # value: $(tt.params.apiurl) + # - name: requestid + # value: $(tt.params.requestid) + # - name: requesttype + # value: pullrequest + # - name: access_token + # value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee + + # # Hydra Dispatcher Theme + # - apiVersion: tekton.dev/v1beta1 + # kind: PipelineRun + # metadata: + # generateName: msebuild-hydra-dispatcher-theme-run- + # namespace: tekton + # spec: + # serviceAccountName: build-bot + # pipelineRef: + # name: imagebuild + # podTemplate: + # securityContext: + # fsGroup: 65532 + # workspaces: + # - name: shared-data + # volumeClaimTemplate: + # spec: + # accessModes: + # - ReadWriteOnce + # resources: + # requests: + # storage: 1Gi + # - name: docker-credentials + # secret: + # secretName: regcred + # - name: git-credentials + # secret: + # secretName: git-credentials + # params: + # - name: url + # value: $(tt.params.url) + # - name: revision + # value: $(tt.params.revision) + # - name: image + # value: hydra-dispatcher-theme + # - name: tag + # value: $(tt.params.tag) + # - name: dockerfile + # value: ./misc/k8s/images/hydra-dispatcher-mse-theme/Dockerfile + # - name: registry + # value: $(tt.params.registry) + # - name: apiurl + # value: $(tt.params.apiurl) + # - name: requestid + # value: $(tt.params.requestid) + # - name: requesttype + # value: pullrequest + # - name: access_token + # value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee + + # Hydra SQL Theme - apiVersion: tekton.dev/v1beta1 kind: PipelineRun metadata: - generateName: msebuild-run- + generateName: msebuild-hydra-sql-theme-run- namespace: tekton spec: serviceAccountName: build-bot pipelineRef: - name: msebuild + name: imagebuild podTemplate: securityContext: fsGroup: 65532 @@ -31,28 +137,235 @@ spec: resources: requests: storage: 1Gi - - name: config - configmap: - name: config-phpcsfixer - name: docker-credentials secret: secretName: regcred + - name: git-credentials + secret: + secretName: git-credentials + - name: gitea-access-token + secret: + secretName: gitea-access-token params: - name: url value: $(tt.params.url) - name: revision value: $(tt.params.revision) - name: image - value: portal + value: hydra-sql-theme - name: tag value: $(tt.params.tag) + - name: dockerfile + value: ./misc/k8s/images/hydra-sql-mse-theme/Dockerfile + - name: registry + value: $(tt.params.registry) - name: apiurl value: $(tt.params.apiurl) - - name: requesttype - value: "release" - name: requestid value: $(tt.params.requestid) - - name: access_token - value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee - - name: dockerfile - value: misc/k8s/images/portal + - name: requesttype + value: pullrequest + + + + # # Job Base + # - apiVersion: tekton.dev/v1beta1 + # kind: PipelineRun + # metadata: + # generateName: msebuild-job-base-run- + # namespace: tekton + # spec: + # serviceAccountName: build-bot + # pipelineRef: + # name: imagebuild + # podTemplate: + # securityContext: + # fsGroup: 65532 + # workspaces: + # - name: shared-data + # volumeClaimTemplate: + # spec: + # accessModes: + # - ReadWriteOnce + # resources: + # requests: + # storage: 1Gi + # - name: docker-credentials + # secret: + # secretName: regcred + # - name: git-credentials + # secret: + # secretName: git-credentials + # params: + # - name: url + # value: $(tt.params.url) + # - name: revision + # value: $(tt.params.revision) + # - name: image + # value: job-base + # - name: tag + # value: $(tt.params.tag) + # - name: dockerfile + # value: ./misc/k8s/images/job-base/Dockerfile + # - name: registry + # value: $(tt.params.registry) + # - name: apiurl + # value: $(tt.params.apiurl) + # - name: requestid + # value: $(tt.params.requestid) + # - name: requesttype + # value: pullrequest + # - name: access_token + # value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee + + # # Mock + # - apiVersion: tekton.dev/v1beta1 + # kind: PipelineRun + # metadata: + # generateName: msebuild-mock-run- + # namespace: tekton + # spec: + # serviceAccountName: build-bot + # pipelineRef: + # name: imagebuild + # podTemplate: + # securityContext: + # fsGroup: 65532 + # workspaces: + # - name: shared-data + # volumeClaimTemplate: + # spec: + # accessModes: + # - ReadWriteOnce + # resources: + # requests: + # storage: 1Gi + # - name: docker-credentials + # secret: + # secretName: regcred + # - name: git-credentials + # secret: + # secretName: git-credentials + # params: + # - name: url + # value: $(tt.params.url) + # - name: revision + # value: $(tt.params.revision) + # - name: image + # value: mock + # - name: tag + # value: $(tt.params.tag) + # - name: dockerfile + # value: ./misc/k8s/images/mock/Dockerfile + # - name: registry + # value: $(tt.params.registry) + # - name: apiurl + # value: $(tt.params.apiurl) + # - name: requestid + # value: $(tt.params.requestid) + # - name: requesttype + # value: pullrequest + # - name: access_token + # value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee + + # # Ines + # - apiVersion: tekton.dev/v1beta1 + # kind: PipelineRun + # metadata: + # generateName: msebuild-ines-run- + # namespace: tekton + # spec: + # serviceAccountName: build-bot + # pipelineRef: + # name: imagebuild + # podTemplate: + # securityContext: + # fsGroup: 65532 + # workspaces: + # - name: shared-data + # volumeClaimTemplate: + # spec: + # accessModes: + # - ReadWriteOnce + # resources: + # requests: + # storage: 1Gi + # - name: docker-credentials + # secret: + # secretName: regcred + # - name: git-credentials + # secret: + # secretName: git-credentials + # params: + # - name: url + # value: $(tt.params.url) + # - name: revision + # value: $(tt.params.revision) + # - name: image + # value: ines + # - name: tag + # value: $(tt.params.tag) + # - name: dockerfile + # value: ./misc/k8s/images/ines/Dockerfile + # - name: registry + # value: $(tt.params.registry) + # - name: apiurl + # value: $(tt.params.apiurl) + # - name: requestid + # value: $(tt.params.requestid) + # - name: requesttype + # value: pullrequest + # - name: access_token + # value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee + + # # Shibboleth-sp + # - apiVersion: tekton.dev/v1beta1 + # kind: PipelineRun + # metadata: + # generateName: msebuild-shibboleth-sp-run- + # namespace: tekton + # spec: + # serviceAccountName: build-bot + # pipelineRef: + # name: imagebuild + # podTemplate: + # securityContext: + # fsGroup: 65532 + # workspaces: + # - name: shared-data + # volumeClaimTemplate: + # spec: + # accessModes: + # - ReadWriteOnce + # resources: + # requests: + # storage: 1Gi + # - name: docker-credentials + # secret: + # secretName: regcred + # - name: git-credentials + # secret: + # secretName: git-credentials + # params: + # - name: url + # value: $(tt.params.url) + # - name: revision + # value: $(tt.params.revision) + # - name: image + # value: shibboleth-sp + # - name: tag + # value: $(tt.params.tag) + # - name: dockerfile + # value: ./misc/k8s/images/sp/Dockerfile + # - name: registry + # value: $(tt.params.registry) + # - name: apiurl + # value: $(tt.params.apiurl) + # - name: requestid + # value: $(tt.params.requestid) + # - name: requesttype + # value: pullrequest + # - name: access_token + # value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee + + diff --git a/kustomization/base/tekton/trigger/symfonycheck-binding.yaml b/kustomization/base/tekton/trigger/symfonycheck-binding.yaml index 18aca23..cdfc10a 100644 --- a/kustomization/base/tekton/trigger/symfonycheck-binding.yaml +++ b/kustomization/base/tekton/trigger/symfonycheck-binding.yaml @@ -2,7 +2,7 @@ apiVersion: triggers.tekton.dev/v1beta1 kind: TriggerBinding metadata: name: symfonycheck-binding -spec: +spec: params: - name: url value: $(body.pull_request.head.repo.clone_url) @@ -12,3 +12,5 @@ spec: value: $(body.pull_request.head.repo.url) - name: requestid value: $(body.pull_request.number) + - name: destination + value: $(body.pull_request.base.ref) diff --git a/kustomization/base/tekton/trigger/symfonycheck-template.yaml b/kustomization/base/tekton/trigger/symfonycheck-template.yaml index 1122399..3c907c0 100644 --- a/kustomization/base/tekton/trigger/symfonycheck-template.yaml +++ b/kustomization/base/tekton/trigger/symfonycheck-template.yaml @@ -6,8 +6,11 @@ spec: params: - name: url - name: revision - - name: apiurl - name: requestid + - name: destination + - name: apiurl + - name: requesttype + - name: access_token resourcetemplates: - apiVersion: tekton.dev/v1beta1 kind: PipelineRun @@ -41,11 +44,13 @@ spec: value: $(tt.params.url) - name: revision value: $(tt.params.revision) + - name: destination + value: $(tt.params.destination) - name: apiurl value: $(tt.params.apiurl) - - name: requesttype - value: "pullrequest" - name: requestid value: $(tt.params.requestid) + - name: requesttype + value: pullrequest - name: access_token value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee diff --git a/skaffold.yaml b/skaffold.yaml index 74531d3..aff61bf 100644 --- a/skaffold.yaml +++ b/skaffold.yaml @@ -2,7 +2,7 @@ apiVersion: skaffold/v3 kind: Config metadata: - name: tekton-pipelines + name: tekton manifests: kustomize: