ajout secrets, multipipeline, récupération query param, tagging image
This commit is contained in:
parent
1bd773d409
commit
4588441ddb
4
.gitignore
vendored
4
.gitignore
vendored
@ -1,2 +1,4 @@
|
|||||||
kustomization/base/tekton/secret/secret.yaml
|
kustomization/base/tekton/secret/git-secret.yaml
|
||||||
|
kustomization/base/tekton/secret/ssh-secret.yaml
|
||||||
kustomization/base/tekton/secret/dockerconfig/config.json
|
kustomization/base/tekton/secret/dockerconfig/config.json
|
||||||
|
kustomization/base/tekton/secret/gitea-access-token.yaml
|
||||||
|
|||||||
3
Makefile
3
Makefile
@ -28,9 +28,6 @@ setup-cluster:
|
|||||||
@yq -i ".spec.addresses = [\"$(SUBNET)\"]" kind/cluster/lb/resources/ipaddresspoool.yaml
|
@yq -i ".spec.addresses = [\"$(SUBNET)\"]" kind/cluster/lb/resources/ipaddresspoool.yaml
|
||||||
kubectl apply -k kind/cluster/lb --server-side
|
kubectl apply -k kind/cluster/lb --server-side
|
||||||
|
|
||||||
ssh-secret:
|
|
||||||
cp kustomization/base/tekton/secret/secret.yaml.dist kustomization/base/tekton/secret/secret.yaml
|
|
||||||
|
|
||||||
docker-secret:
|
docker-secret:
|
||||||
docker login reg.cadoles.com
|
docker login reg.cadoles.com
|
||||||
mkdir -p kustomization/base/tekton/secret/dockerconfig
|
mkdir -p kustomization/base/tekton/secret/dockerconfig
|
||||||
|
|||||||
@ -12,10 +12,14 @@ skaffold dev --cleanup=false
|
|||||||
```
|
```
|
||||||
|
|
||||||
#### Préparer les secrets
|
#### Préparer les secrets
|
||||||
Editer le fichier `kustomization/base/tekton/secret/secret.yaml` avec les identifiants git
|
Créer les fichiers :
|
||||||
|
- `kustomization/base/tekton/secret/git-secret.yaml`
|
||||||
|
- `kustomization/base/tekton/secret/ssh-secret.yaml`
|
||||||
|
- `kustomization/base/tekton/secret/gitea-access-token.yaml`
|
||||||
|
en renseignant et en copiant les fichier `.dist` correspondants
|
||||||
|
|
||||||
|
Généré le secret docker
|
||||||
```
|
```
|
||||||
make ssh-secret
|
|
||||||
make docker-secret
|
make docker-secret
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|||||||
@ -10,9 +10,17 @@ spec:
|
|||||||
- ref:
|
- ref:
|
||||||
name: "cel"
|
name: "cel"
|
||||||
params:
|
params:
|
||||||
|
# Filtre par événement
|
||||||
- name: "filter"
|
- name: "filter"
|
||||||
value: "body.action != 'deleted'"
|
value: "body.action != 'deleted'"
|
||||||
|
# Récupération du queryParam registry
|
||||||
|
- name: "overlays"
|
||||||
|
value:
|
||||||
|
- key: registry
|
||||||
|
expression: "requestURL.parseURL().query['registry']"
|
||||||
bindings:
|
bindings:
|
||||||
- ref: msebuild-binding
|
- ref: msebuild-binding
|
||||||
|
- name: registry
|
||||||
|
value: $(extensions.registry)
|
||||||
template:
|
template:
|
||||||
ref: msebuild-template
|
ref: msebuild-template
|
||||||
|
|||||||
24
kustomization/base/tekton/ingress/dashboard.yaml
Normal file
24
kustomization/base/tekton/ingress/dashboard.yaml
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: dashboard
|
||||||
|
spec:
|
||||||
|
ingressClassName: nginx
|
||||||
|
rules:
|
||||||
|
- host: tekton.local
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: tekton-dashboard
|
||||||
|
port:
|
||||||
|
number: 9097
|
||||||
|
- path: /msebuild
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: el-msebuild
|
||||||
|
port:
|
||||||
|
number: 9000
|
||||||
@ -3,7 +3,9 @@ kind: Kustomization
|
|||||||
namespace: tekton
|
namespace: tekton
|
||||||
resources:
|
resources:
|
||||||
- namespace/namespace.yaml
|
- namespace/namespace.yaml
|
||||||
- secret/secret.yaml
|
- secret/git-secret.yaml
|
||||||
|
- secret/ssh-secret.yaml
|
||||||
|
- secret/gitea-access-token.yaml
|
||||||
- serviceaccount/service-account.yaml
|
- serviceaccount/service-account.yaml
|
||||||
- serviceaccount/rbac.yaml
|
- serviceaccount/rbac.yaml
|
||||||
- configmap/configmap-phpcsfixer.yaml
|
- configmap/configmap-phpcsfixer.yaml
|
||||||
@ -22,7 +24,6 @@ resources:
|
|||||||
- task/symfonyapp/phpunittest.yaml
|
- task/symfonyapp/phpunittest.yaml
|
||||||
|
|
||||||
# Pipelines
|
# Pipelines
|
||||||
- pipeline/msebuild.yaml
|
|
||||||
- pipeline/imagebuild.yaml
|
- pipeline/imagebuild.yaml
|
||||||
- pipeline/symfonycheck.yaml
|
- pipeline/symfonycheck.yaml
|
||||||
|
|
||||||
@ -39,3 +40,5 @@ resources:
|
|||||||
- event/imagebuild.yaml
|
- event/imagebuild.yaml
|
||||||
- event/symfonycheck.yaml
|
- event/symfonycheck.yaml
|
||||||
|
|
||||||
|
# Ingress
|
||||||
|
# - ingress/dashboard.yaml
|
||||||
|
|||||||
@ -15,35 +15,32 @@ spec:
|
|||||||
- name: image
|
- name: image
|
||||||
type: string
|
type: string
|
||||||
description: The image to build.
|
description: The image to build.
|
||||||
|
- name: tag
|
||||||
|
type: string
|
||||||
|
description: The image tag.
|
||||||
|
- name: dockerfile
|
||||||
|
type: string
|
||||||
|
description: Path to the Dockerfile to build.
|
||||||
|
- name: registry
|
||||||
|
description: Registry of the Docker image
|
||||||
- name: apiurl
|
- name: apiurl
|
||||||
type: string
|
type: string
|
||||||
description: The gitea api url.
|
description: The gitea api url.
|
||||||
- name: requesttype
|
- name: requesttype
|
||||||
type: string
|
type: string
|
||||||
description: The gitea request type = pullrequet or release
|
description: The gitea request type = "pullrequest / release".
|
||||||
- name: requestid
|
- name: requestid
|
||||||
type: string
|
type: string
|
||||||
description: The gitea request id.
|
description: The gitea request id.
|
||||||
- name: access_token
|
|
||||||
type: string
|
|
||||||
description: The gitea access_token id.
|
|
||||||
- name: dockerfile
|
|
||||||
type: string
|
|
||||||
description: Path to the Dockerfile to build.
|
|
||||||
|
|
||||||
workspaces:
|
workspaces:
|
||||||
- name: shared-data
|
- name: shared-data
|
||||||
- name: config
|
|
||||||
- name: docker-credentials
|
- name: docker-credentials
|
||||||
|
- name: git-credentials
|
||||||
|
- name: gitea-access-token
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
# ⭐ Image Tag Formater
|
|
||||||
- name: imageformater
|
|
||||||
taskRef:
|
|
||||||
name: imageformater
|
|
||||||
params:
|
|
||||||
- name: image
|
|
||||||
value: $(params.image)
|
|
||||||
|
|
||||||
# 📥 Clone du repo git
|
# 📥 Clone du repo git
|
||||||
- name: gitclone
|
- name: gitclone
|
||||||
@ -52,6 +49,8 @@ spec:
|
|||||||
workspaces:
|
workspaces:
|
||||||
- name: output
|
- name: output
|
||||||
workspace: shared-data
|
workspace: shared-data
|
||||||
|
- name: ssh-directory
|
||||||
|
workspace: git-credentials
|
||||||
params:
|
params:
|
||||||
- name: url
|
- name: url
|
||||||
value: $(params.url)
|
value: $(params.url)
|
||||||
@ -62,14 +61,26 @@ spec:
|
|||||||
- name: depth
|
- name: depth
|
||||||
value: '50'
|
value: '50'
|
||||||
|
|
||||||
|
# ⭐ Image Tag Formater
|
||||||
|
- name: imageformater
|
||||||
|
taskRef:
|
||||||
|
name: imageformater
|
||||||
|
runAfter: ["gitclone"]
|
||||||
|
workspaces:
|
||||||
|
- name: source
|
||||||
|
workspace: shared-data
|
||||||
|
params:
|
||||||
|
- name: revision
|
||||||
|
value: $(params.revision)
|
||||||
|
|
||||||
# 🔨 Build de l'image
|
# 🔨 Build de l'image
|
||||||
- name: kaniko-build
|
- name: kaniko-build
|
||||||
taskRef:
|
taskRef:
|
||||||
name: kaniko
|
name: kaniko
|
||||||
runAfter: ["gitclone"]
|
runAfter: ["imageformater"]
|
||||||
params:
|
params:
|
||||||
- name: IMAGE
|
- name: IMAGE
|
||||||
value: $(tasks.imageformater.results.imagetag)
|
value: $(params.registry)/$(params.image):$(tasks.imageformater.results.imagetag)
|
||||||
- name: BUILDER_IMAGE
|
- name: BUILDER_IMAGE
|
||||||
value: gcr.io/kaniko-project/executor:v1.20.0
|
value: gcr.io/kaniko-project/executor:v1.20.0
|
||||||
- name: DOCKERFILE
|
- name: DOCKERFILE
|
||||||
@ -80,7 +91,7 @@ spec:
|
|||||||
- --insecure
|
- --insecure
|
||||||
- --no-push
|
- --no-push
|
||||||
- --tarPath=$(workspaces.source.path)/image.tar
|
- --tarPath=$(workspaces.source.path)/image.tar
|
||||||
- --destination=$(tasks.imageformater.results.imagetag)
|
- --destination=$(params.registry)/$(params.image):$(tasks.imageformater.results.imagetag)
|
||||||
workspaces:
|
workspaces:
|
||||||
- name: source
|
- name: source
|
||||||
workspace: shared-data
|
workspace: shared-data
|
||||||
@ -101,6 +112,27 @@ spec:
|
|||||||
runAfter:
|
runAfter:
|
||||||
- kaniko-build
|
- kaniko-build
|
||||||
|
|
||||||
|
# 📨 Envoyer du resulat de trivy à gitea
|
||||||
|
- name: trivy-giteacomment
|
||||||
|
taskRef:
|
||||||
|
name: giteacomment
|
||||||
|
workspaces:
|
||||||
|
- name: source
|
||||||
|
workspace: shared-data
|
||||||
|
- name: gitea-access-token
|
||||||
|
workspace: gitea-access-token
|
||||||
|
params:
|
||||||
|
- name: apiurl
|
||||||
|
value: $(params.apiurl)
|
||||||
|
- name: requestid
|
||||||
|
value: $(params.requestid)
|
||||||
|
- name: title
|
||||||
|
value: "TRIVY"
|
||||||
|
- name: filepath
|
||||||
|
value: "temp_trivy.txt"
|
||||||
|
runAfter:
|
||||||
|
- trivy-scan
|
||||||
|
|
||||||
# 🚀 Publication de l'image
|
# 🚀 Publication de l'image
|
||||||
- name: publish
|
- name: publish
|
||||||
taskRef:
|
taskRef:
|
||||||
@ -111,11 +143,17 @@ spec:
|
|||||||
- name: dockerconfig
|
- name: dockerconfig
|
||||||
workspace: docker-credentials
|
workspace: docker-credentials
|
||||||
params:
|
params:
|
||||||
- name: IMAGE
|
- name: IMAGE_TAG
|
||||||
value: $(tasks.imageformater.results.imagetag)
|
value: $(tasks.imageformater.results.imagetag)
|
||||||
|
- name: IMAGE
|
||||||
|
value: $(params.image)
|
||||||
|
- name: REGISTRY
|
||||||
|
value: $(params.registry)
|
||||||
runAfter:
|
runAfter:
|
||||||
- trivy-scan
|
- trivy-scan
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
finally:
|
finally:
|
||||||
# 🧹 Cleanup
|
# 🧹 Cleanup
|
||||||
- name: cleanup-workspace
|
- name: cleanup-workspace
|
||||||
|
|||||||
@ -1,102 +0,0 @@
|
|||||||
apiVersion: tekton.dev/v1beta1
|
|
||||||
kind: Pipeline
|
|
||||||
metadata:
|
|
||||||
name: imagebuild
|
|
||||||
spec:
|
|
||||||
description: |
|
|
||||||
This pipeline clones a git repo, then echoes the README file to the stout.
|
|
||||||
params:
|
|
||||||
- name: url
|
|
||||||
type: string
|
|
||||||
description: The git repo URL to clone from.
|
|
||||||
- name: revision
|
|
||||||
type: string
|
|
||||||
description: The git repo branch to checkout.
|
|
||||||
- name: image
|
|
||||||
type: string
|
|
||||||
description: The image to build.
|
|
||||||
- name: apiurl
|
|
||||||
type: string
|
|
||||||
description: The gitea api url.
|
|
||||||
- name: requesttype
|
|
||||||
type: string
|
|
||||||
description: The gitea request type = pullrequet or release
|
|
||||||
- name: requestid
|
|
||||||
type: string
|
|
||||||
description: The gitea request id.
|
|
||||||
- name: access_token
|
|
||||||
type: string
|
|
||||||
description: The gitea access_token id.
|
|
||||||
- name: dockerfile
|
|
||||||
type: string
|
|
||||||
description: Path to the Dockerfile to build.
|
|
||||||
|
|
||||||
workspaces:
|
|
||||||
- name: shared-data
|
|
||||||
- name: config
|
|
||||||
- name: docker-credentials
|
|
||||||
|
|
||||||
tasks:
|
|
||||||
- name: portal
|
|
||||||
pipelineRef:
|
|
||||||
name: imagebuild
|
|
||||||
params:
|
|
||||||
- name: dockerfile
|
|
||||||
value: misc/k8s/images/portal
|
|
||||||
- name: image
|
|
||||||
value: reg.cadoles.com/portal
|
|
||||||
|
|
||||||
- name: job-base
|
|
||||||
pipelineRef:
|
|
||||||
name: imagebuild
|
|
||||||
params:
|
|
||||||
- name: dockerfile
|
|
||||||
value: misc/k8s/images/job-base
|
|
||||||
- name: image
|
|
||||||
value: reg.cadoles.com/job-base
|
|
||||||
|
|
||||||
- name: mock
|
|
||||||
pipelineRef:
|
|
||||||
name: imagebuild
|
|
||||||
params:
|
|
||||||
- name: dockerfile
|
|
||||||
value: misc/k8s/images/mock
|
|
||||||
- name: image
|
|
||||||
value: reg.cadoles.com/mock
|
|
||||||
|
|
||||||
- name: ines
|
|
||||||
pipelineRef:
|
|
||||||
name: imagebuild
|
|
||||||
params:
|
|
||||||
- name: dockerfile
|
|
||||||
value: misc/k8s/images/ines
|
|
||||||
- name: image
|
|
||||||
value: reg.cadoles.com/ines
|
|
||||||
|
|
||||||
- name: shibboleth-sp
|
|
||||||
pipelineRef:
|
|
||||||
name: imagebuild
|
|
||||||
params:
|
|
||||||
- name: dockerfile
|
|
||||||
value: misc/k8s/images/sp
|
|
||||||
- name: image
|
|
||||||
value: reg.cadoles.com/shibboleth-sp
|
|
||||||
|
|
||||||
- name: hydra-dispatcher-mse-theme
|
|
||||||
pipelineRef:
|
|
||||||
name: imagebuild
|
|
||||||
params:
|
|
||||||
- name: dockerfile
|
|
||||||
value: misc/k8s/images/hydra-dispatcher-mse-theme
|
|
||||||
- name: image
|
|
||||||
value: reg.cadoles.com/hydra-dispatcher-mse-theme
|
|
||||||
|
|
||||||
- name: hydra-sql-mse-theme
|
|
||||||
pipelineRef:
|
|
||||||
name: imagebuild
|
|
||||||
params:
|
|
||||||
- name: dockerfile
|
|
||||||
value: misc/k8s/images/hydra-sql-mse-theme
|
|
||||||
- name: image
|
|
||||||
value: reg.cadoles.com/hydra-sql-mse-theme
|
|
||||||
|
|
||||||
@ -12,6 +12,9 @@ spec:
|
|||||||
- name: revision
|
- name: revision
|
||||||
type: string
|
type: string
|
||||||
description: The git repo branch to checkout.
|
description: The git repo branch to checkout.
|
||||||
|
- name: destination
|
||||||
|
type: string
|
||||||
|
description: The branch to merge to.
|
||||||
- name: apiurl
|
- name: apiurl
|
||||||
type: string
|
type: string
|
||||||
description: The gitea api url.
|
description: The gitea api url.
|
||||||
@ -84,6 +87,9 @@ spec:
|
|||||||
workspace: shared-data
|
workspace: shared-data
|
||||||
- name: config
|
- name: config
|
||||||
workspace: config
|
workspace: config
|
||||||
|
params:
|
||||||
|
- name: destination
|
||||||
|
value: $(params.destination)
|
||||||
|
|
||||||
# ⭐ Execution des tests unitaires avec une BDD en sidecar
|
# ⭐ Execution des tests unitaires avec une BDD en sidecar
|
||||||
- name: phpunittest
|
- name: phpunittest
|
||||||
@ -152,25 +158,6 @@ spec:
|
|||||||
- name: filepath
|
- name: filepath
|
||||||
value: "temp_phpsecuritychecker.txt"
|
value: "temp_phpsecuritychecker.txt"
|
||||||
|
|
||||||
# 📨 Envoyer du resulat de trivy à gitea
|
|
||||||
- name: trivy-giteacomment
|
|
||||||
taskRef:
|
|
||||||
name: giteacomment
|
|
||||||
workspaces:
|
|
||||||
- name: source
|
|
||||||
workspace: shared-data
|
|
||||||
params:
|
|
||||||
- name: apiurl
|
|
||||||
value: $(params.apiurl)
|
|
||||||
- name: requestid
|
|
||||||
value: $(params.requestid)
|
|
||||||
- name: access_token
|
|
||||||
value: $(params.access_token)
|
|
||||||
- name: title
|
|
||||||
value: "TRIVY"
|
|
||||||
- name: filepath
|
|
||||||
value: "temp_trivy.txt"
|
|
||||||
|
|
||||||
# 🧹 Cleanup
|
# 🧹 Cleanup
|
||||||
- name: cleanup-workspace
|
- name: cleanup-workspace
|
||||||
taskRef:
|
taskRef:
|
||||||
|
|||||||
@ -1,12 +1,12 @@
|
|||||||
apiVersion: tekton.dev/v1beta1
|
apiVersion: tekton.dev/v1beta1
|
||||||
kind: PipelineRun
|
kind: PipelineRun
|
||||||
metadata:
|
metadata:
|
||||||
generateName: symfonyapp-run-
|
generateName: msebuild-run-
|
||||||
namespace: tekton
|
namespace: tekton
|
||||||
spec:
|
spec:
|
||||||
serviceAccountName: build-bot
|
serviceAccountName: build-bot
|
||||||
pipelineRef:
|
pipelineRef:
|
||||||
name: symfonyapp
|
name: msebuild
|
||||||
podTemplate:
|
podTemplate:
|
||||||
securityContext:
|
securityContext:
|
||||||
fsGroup: 65532
|
fsGroup: 65532
|
||||||
@ -26,14 +26,14 @@ spec:
|
|||||||
secret:
|
secret:
|
||||||
secretName: regcred
|
secretName: regcred
|
||||||
params:
|
params:
|
||||||
- name: repo-url
|
- name: image
|
||||||
|
value: reg.cadoles.com/mlamalle/testtekton
|
||||||
|
- name: tag
|
||||||
|
value: test
|
||||||
|
- name: dockerfile
|
||||||
|
value: ./misc/k8s/images/job-base/Dockerfile
|
||||||
|
- name: url
|
||||||
value: https://forge.cadoles.com/CNOUS/mse.git
|
value: https://forge.cadoles.com/CNOUS/mse.git
|
||||||
- name: revision
|
- name: revision
|
||||||
value: sprint-6
|
value: sprint-6
|
||||||
- name: destination
|
|
||||||
value: k8s
|
|
||||||
- name: image
|
|
||||||
value: reg.cadoles.com/mlamalle/testtekton
|
|
||||||
- name: dockerfile
|
|
||||||
value: ./misc/k8s/images/job-base/Dockerfile
|
|
||||||
|
|
||||||
|
|||||||
@ -0,0 +1,6 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: gitea-access-token
|
||||||
|
data:
|
||||||
|
access_token: <base64 gitea access token>
|
||||||
7
kustomization/base/tekton/secret/ssh-secret.yaml.dist
Normal file
7
kustomization/base/tekton/secret/ssh-secret.yaml.dist
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: git-credentials
|
||||||
|
data:
|
||||||
|
id_ed25519: <base64 ssh private key>
|
||||||
|
known_hosts: <base64 known_host>
|
||||||
@ -7,9 +7,16 @@ spec:
|
|||||||
- name: source
|
- name: source
|
||||||
- name: dockerconfig
|
- name: dockerconfig
|
||||||
params:
|
params:
|
||||||
|
- name: IMAGE_TAG
|
||||||
|
type: string
|
||||||
|
description: "The image to push."
|
||||||
- name: IMAGE
|
- name: IMAGE
|
||||||
type: string
|
type: string
|
||||||
description: "The image to push."
|
description: "The image to push."
|
||||||
|
- name: REGISTRY
|
||||||
|
description: Docker Registry
|
||||||
|
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: push-image-tar
|
- name: push-image-tar
|
||||||
image: gcr.io/go-containerregistry/crane:debug
|
image: gcr.io/go-containerregistry/crane:debug
|
||||||
@ -25,7 +32,7 @@ spec:
|
|||||||
echo ""
|
echo ""
|
||||||
echo "== PUSH IMAGE ==================================="
|
echo "== PUSH IMAGE ==================================="
|
||||||
|
|
||||||
crane push $(workspaces.source.path)/image.tar $(params.IMAGE)
|
crane push $(workspaces.source.path)/image.tar $(params.REGISTRY)/$(params.IMAGE):$(params.IMAGE_TAG)
|
||||||
|
|
||||||
echo ""
|
echo ""
|
||||||
echo ""
|
echo ""
|
||||||
|
|||||||
@ -6,10 +6,10 @@ spec:
|
|||||||
description: Send file content to a comment of the pullrequest gitea
|
description: Send file content to a comment of the pullrequest gitea
|
||||||
workspaces:
|
workspaces:
|
||||||
- name: source
|
- name: source
|
||||||
|
- name: gitea-access-token
|
||||||
params:
|
params:
|
||||||
- name: apiurl
|
- name: apiurl
|
||||||
- name: requestid
|
- name: requestid
|
||||||
- name: access_token
|
|
||||||
- name: title
|
- name: title
|
||||||
- name: filepath
|
- name: filepath
|
||||||
steps:
|
steps:
|
||||||
@ -37,7 +37,9 @@ spec:
|
|||||||
|
|
||||||
RESULT=$(cat $(params.filepath))
|
RESULT=$(cat $(params.filepath))
|
||||||
rm -f $(params.filepath)
|
rm -f $(params.filepath)
|
||||||
APIURL=$(params.apiurl)/issues/$(params.requestid)/comments?access_token=$(params.access_token)
|
TOKEN_PATH="$(workspaces.gitea-access-token.path)"
|
||||||
|
GITEA_ACCESS_TOKEN="$(cat ${TOKEN_PATH}/access_token)"
|
||||||
|
APIURL=$(params.apiurl)/issues/$(params.requestid)/comments?access_token=${GITEA_ACCESS_TOKEN}
|
||||||
RESULT_ESCAPED=$(jq --null-input --arg result "${RESULT}" '$result')
|
RESULT_ESCAPED=$(jq --null-input --arg result "${RESULT}" '$result')
|
||||||
BODY="{\"body\": ${RESULT_ESCAPED}}"
|
BODY="{\"body\": ${RESULT_ESCAPED}}"
|
||||||
echo ${BODY}
|
echo ${BODY}
|
||||||
|
|||||||
@ -4,31 +4,32 @@ metadata:
|
|||||||
name: imageformater
|
name: imageformater
|
||||||
spec:
|
spec:
|
||||||
description: transform image name to standart name
|
description: transform image name to standart name
|
||||||
|
workspaces:
|
||||||
|
- name: source
|
||||||
params:
|
params:
|
||||||
- name: image
|
- name: revision
|
||||||
- name: tag
|
|
||||||
results:
|
results:
|
||||||
- name: imagetag
|
- name: imagetag
|
||||||
steps:
|
steps:
|
||||||
- name: exec
|
- name: exec
|
||||||
image: alpine
|
image: alpine:3.19
|
||||||
command:
|
script: |
|
||||||
- /bin/sh
|
#!/usr/bin/env sh
|
||||||
args:
|
set -eu
|
||||||
- '-c'
|
set +x
|
||||||
- |
|
apk add make curl bash git
|
||||||
#set -e
|
|
||||||
|
|
||||||
|
cd $(workspaces.source.path)
|
||||||
|
git config --global --add safe.directory /workspace/source
|
||||||
|
git checkout $(params.revision)
|
||||||
|
set -x
|
||||||
echo ""
|
echo ""
|
||||||
echo "== IMAGE NAME FORMATER ==================================="
|
echo "== IMAGE NAME FORMATER ==================================="
|
||||||
|
|
||||||
echo "IMAGE TAG BEFORE = $(params.image):$(params.tag)"
|
make .mktools
|
||||||
|
version=$(make mkt-project-version)
|
||||||
|
|
||||||
temp="$(params.image):$(params.tag)"
|
echo -n "${version}" > "$(results.imagetag.path)"
|
||||||
lowercase=$(echo "$temp" | awk '{print tolower($0)}')
|
|
||||||
echo "IMAGE TAG AFTER = ${lowercase}"
|
|
||||||
|
|
||||||
echo -n "${lowercase}" > "$(results.imagetag.path)"
|
|
||||||
|
|
||||||
echo ""
|
echo ""
|
||||||
echo ""
|
echo ""
|
||||||
|
|||||||
@ -41,32 +41,6 @@ spec:
|
|||||||
echo ""
|
echo ""
|
||||||
echo "== SCAN IMAGE ==================================="
|
echo "== SCAN IMAGE ==================================="
|
||||||
|
|
||||||
cmd="trivy $* "
|
|
||||||
if [ "$(params.AIR_GAPPED_ENABLED)" = "true" ]; then
|
|
||||||
echo "Air-Gapped mode enabled"
|
|
||||||
TRIVY_TEMP_DIR=$(mktemp -d)
|
|
||||||
trivy --cache-dir "$TRIVY_TEMP_DIR" image --download-db-only
|
|
||||||
tar -cf ./db.tar.gz -C "$TRIVY_TEMP_DIR/db" metadata.json trivy.db
|
|
||||||
rm -rf "$TRIVY_TEMP_DIR"
|
|
||||||
mkdir -p "$HOME"/.cache/trivy/db
|
|
||||||
tar xvf ./db.tar.gz -C "$HOME"/.cache/trivy/db
|
|
||||||
|
|
||||||
cmd="${cmd}--skip-update "
|
|
||||||
fi
|
|
||||||
|
|
||||||
cmd="${cmd}$(params.IMAGE_PATH)"
|
|
||||||
echo "Running trivy task with command below"
|
echo "Running trivy task with command below"
|
||||||
echo "$cmd"
|
trivy image --exit-code 1 --severity CRITICAL --no-progress -o temp_trivy.txt --input $(params.IMAGE_PATH)
|
||||||
eval "$cmd"
|
|
||||||
cat temp_trivy.txt
|
cat temp_trivy.txt
|
||||||
|
|
||||||
args:
|
|
||||||
- "image"
|
|
||||||
- "--exit-code"
|
|
||||||
- "1"
|
|
||||||
- "--severity"
|
|
||||||
- "CRITICAL"
|
|
||||||
- "--no-progress"
|
|
||||||
- "-o"
|
|
||||||
- "temp_trivy.json"
|
|
||||||
- "--input"
|
|
||||||
|
|||||||
@ -7,6 +7,8 @@ spec:
|
|||||||
workspaces:
|
workspaces:
|
||||||
- name: source
|
- name: source
|
||||||
- name: config
|
- name: config
|
||||||
|
params:
|
||||||
|
- name: destination
|
||||||
steps:
|
steps:
|
||||||
- name: exec
|
- name: exec
|
||||||
image: ghcr.io/php-cs-fixer/php-cs-fixer:3-php8.3
|
image: ghcr.io/php-cs-fixer/php-cs-fixer:3-php8.3
|
||||||
@ -16,11 +18,16 @@ spec:
|
|||||||
- '-c'
|
- '-c'
|
||||||
- |
|
- |
|
||||||
#set -e
|
#set -e
|
||||||
|
apk add git
|
||||||
cd $(workspaces.source.path)
|
cd $(workspaces.source.path)
|
||||||
|
git config --global --add safe.directory /workspace/source
|
||||||
|
git fetch origin $(params.destination)
|
||||||
|
CHANGED_FILES=$(git diff --name-only --diff-filter=ACMRTUXB origin/$(params.destination) -- | grep -F ".php" | tr "\n" " ")
|
||||||
|
if ! echo "${CHANGED_FILES}" | grep -qE "^(\\.php-cs-fixer(\\.dist)\\.php?|composer\\.lock)$"; then EXTRA_ARGS=$(printf -- '--path-mode=intersection -- %s' "${CHANGED_FILES}"); else EXTRA_ARGS=''; fi
|
||||||
|
|
||||||
echo ""
|
echo ""
|
||||||
echo "== RUN PHP-CS-FIXER ======================================"
|
echo "== RUN PHP-CS-FIXER ======================================"
|
||||||
EXTRA_ARGS=$(printf -- '--path-mode=intersection -- %s' "${CHANGED_FILES}")
|
|
||||||
php-cs-fixer fix --dry-run --config=$(workspaces.config.path)/php-cs-fixer.dist.php ${EXTRA_ARGS} > temp_phpcsfixer.txt 2>&1
|
php-cs-fixer fix --dry-run --config=$(workspaces.config.path)/php-cs-fixer.dist.php ${EXTRA_ARGS} > temp_phpcsfixer.txt 2>&1
|
||||||
cat temp_phpcsfixer.txt
|
cat temp_phpcsfixer.txt
|
||||||
|
|
||||||
|
|||||||
@ -1,15 +1,15 @@
|
|||||||
apiVersion: triggers.tekton.dev/v1beta1
|
apiVersion: triggers.tekton.dev/v1beta1
|
||||||
kind: TriggerBinding
|
kind: TriggerBinding
|
||||||
metadata:
|
metadata:
|
||||||
name: symfonybuild-binding
|
name: imagebuild-binding
|
||||||
spec:
|
spec:
|
||||||
params:
|
params:
|
||||||
- name: url
|
- name: url
|
||||||
value: $(body.repository.clone_url)
|
value: $(body.repository.clone_url)
|
||||||
- name: revision
|
- name: revision
|
||||||
value: $(body.release.target_commitish)
|
value: $(body.pull_request.head.ref)
|
||||||
- name: image
|
- name: image
|
||||||
value: reg.cadoles.com/$(body.repository.full_name)
|
value: $(body.repository.full_name)
|
||||||
- name: tag
|
- name: tag
|
||||||
value: $(body.release.target_commitish)-$(body.release.tag_name)
|
value: $(body.release.target_commitish)-$(body.release.tag_name)
|
||||||
- name: apiurl
|
- name: apiurl
|
||||||
|
|||||||
@ -7,8 +7,13 @@ spec:
|
|||||||
- name: url
|
- name: url
|
||||||
- name: revision
|
- name: revision
|
||||||
- name: image
|
- name: image
|
||||||
|
- name: tag
|
||||||
|
- name: dockerfile
|
||||||
|
- name: registry
|
||||||
- name: apiurl
|
- name: apiurl
|
||||||
- name: requestid
|
- name: requestid
|
||||||
|
- name: requesttype
|
||||||
|
|
||||||
resourcetemplates:
|
resourcetemplates:
|
||||||
- apiVersion: tekton.dev/v1beta1
|
- apiVersion: tekton.dev/v1beta1
|
||||||
kind: PipelineRun
|
kind: PipelineRun
|
||||||
@ -31,26 +36,31 @@ spec:
|
|||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
storage: 1Gi
|
storage: 1Gi
|
||||||
- name: config
|
|
||||||
configmap:
|
|
||||||
name: config-phpcsfixer
|
|
||||||
- name: docker-credentials
|
- name: docker-credentials
|
||||||
secret:
|
secret:
|
||||||
secretName: regcred
|
secretName: regcred
|
||||||
|
- name: git-credentials
|
||||||
|
secret:
|
||||||
|
secretName: git-credentials
|
||||||
|
- name: gitea-access-token
|
||||||
|
secret:
|
||||||
|
secretName: gitea-access-token
|
||||||
params:
|
params:
|
||||||
- name: url
|
- name: url
|
||||||
value: $(tt.params.url)
|
value: $(tt.params.url)
|
||||||
- name: revision
|
- name: revision
|
||||||
value: $(tt.params.revision)
|
value: $(tt.params.revision)
|
||||||
- name: image
|
- name: image
|
||||||
value: $(tt.params.image)
|
value: hydra-sql-theme
|
||||||
|
- name: tag
|
||||||
|
value: $(tt.params.tag)
|
||||||
|
- name: dockerfile
|
||||||
|
value: ./misc/k8s/images/hydra-sql-mse-theme/Dockerfile
|
||||||
|
- name: registry
|
||||||
|
value: $(tt.params.registry)
|
||||||
- name: apiurl
|
- name: apiurl
|
||||||
value: $(tt.params.apiurl)
|
value: $(tt.params.apiurl)
|
||||||
- name: requesttype
|
|
||||||
value: "release"
|
|
||||||
- name: requestid
|
- name: requestid
|
||||||
value: $(tt.params.requestid)
|
value: $(tt.params.requestid)
|
||||||
- name: access_token
|
- name: requesttype
|
||||||
value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee
|
value: pullrequest
|
||||||
- name: dockerfile
|
|
||||||
value: misc/k8s/images/portal
|
|
||||||
|
|||||||
@ -1,17 +1,18 @@
|
|||||||
apiVersion: triggers.tekton.dev/v1beta1
|
apiVersion: triggers.tekton.dev/v1beta1
|
||||||
kind: TriggerBinding
|
kind: TriggerBinding
|
||||||
metadata:
|
metadata:
|
||||||
name: symfonybuild-binding
|
name: msebuild-binding
|
||||||
spec:
|
spec:
|
||||||
params:
|
params:
|
||||||
- name: url
|
- name: url
|
||||||
value: $(body.repository.clone_url)
|
value: $(body.repository.clone_url)
|
||||||
- name: revision
|
- name: revision
|
||||||
value: $(body.release.target_commitish)
|
value: $(body.pull_request.head.ref)
|
||||||
- name: tag
|
- name: image
|
||||||
value: $(body.release.target_commitish)-$(body.release.tag_name)
|
value: $(body.repository.full_name)
|
||||||
- name: apiurl
|
- name: apiurl
|
||||||
value: $(body.release.url)
|
value: $(body.pull_request.base.repo.url)
|
||||||
- name: requestid
|
- name: requestid
|
||||||
value: $(body.release.id)
|
value: $(body.pull_request.number)
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -7,18 +7,124 @@ spec:
|
|||||||
- name: url
|
- name: url
|
||||||
- name: revision
|
- name: revision
|
||||||
- name: image
|
- name: image
|
||||||
|
- name: tag
|
||||||
|
- name: dockerfile
|
||||||
|
- name: registry
|
||||||
- name: apiurl
|
- name: apiurl
|
||||||
- name: requestid
|
- name: requestid
|
||||||
|
- name: requesttype
|
||||||
|
|
||||||
resourcetemplates:
|
resourcetemplates:
|
||||||
|
# # Portal
|
||||||
|
# - apiVersion: tekton.dev/v1beta1
|
||||||
|
# kind: PipelineRun
|
||||||
|
# metadata:
|
||||||
|
# generateName: msebuild-portal-run-
|
||||||
|
# namespace: tekton
|
||||||
|
# spec:
|
||||||
|
# serviceAccountName: build-bot
|
||||||
|
# pipelineRef:
|
||||||
|
# name: imagebuild
|
||||||
|
# podTemplate:
|
||||||
|
# securityContext:
|
||||||
|
# fsGroup: 65532
|
||||||
|
# workspaces:
|
||||||
|
# - name: shared-data
|
||||||
|
# volumeClaimTemplate:
|
||||||
|
# spec:
|
||||||
|
# accessModes:
|
||||||
|
# - ReadWriteOnce
|
||||||
|
# resources:
|
||||||
|
# requests:
|
||||||
|
# storage: 1Gi
|
||||||
|
# - name: docker-credentials
|
||||||
|
# secret:
|
||||||
|
# secretName: regcred
|
||||||
|
# - name: git-credentials
|
||||||
|
# secret:
|
||||||
|
# secretName: git-credentials
|
||||||
|
# params:
|
||||||
|
# - name: url
|
||||||
|
# value: $(tt.params.url)
|
||||||
|
# - name: revision
|
||||||
|
# value: $(tt.params.revision)
|
||||||
|
# - name: image
|
||||||
|
# value: portal
|
||||||
|
# - name: tag
|
||||||
|
# value: $(tt.params.tag)
|
||||||
|
# - name: dockerfile
|
||||||
|
# value: ./misc/k8s/images/portal/Dockerfile
|
||||||
|
# - name: registry
|
||||||
|
# value: $(tt.params.registry)
|
||||||
|
# - name: apiurl
|
||||||
|
# value: $(tt.params.apiurl)
|
||||||
|
# - name: requestid
|
||||||
|
# value: $(tt.params.requestid)
|
||||||
|
# - name: requesttype
|
||||||
|
# value: pullrequest
|
||||||
|
# - name: access_token
|
||||||
|
# value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee
|
||||||
|
|
||||||
|
# # Hydra Dispatcher Theme
|
||||||
|
# - apiVersion: tekton.dev/v1beta1
|
||||||
|
# kind: PipelineRun
|
||||||
|
# metadata:
|
||||||
|
# generateName: msebuild-hydra-dispatcher-theme-run-
|
||||||
|
# namespace: tekton
|
||||||
|
# spec:
|
||||||
|
# serviceAccountName: build-bot
|
||||||
|
# pipelineRef:
|
||||||
|
# name: imagebuild
|
||||||
|
# podTemplate:
|
||||||
|
# securityContext:
|
||||||
|
# fsGroup: 65532
|
||||||
|
# workspaces:
|
||||||
|
# - name: shared-data
|
||||||
|
# volumeClaimTemplate:
|
||||||
|
# spec:
|
||||||
|
# accessModes:
|
||||||
|
# - ReadWriteOnce
|
||||||
|
# resources:
|
||||||
|
# requests:
|
||||||
|
# storage: 1Gi
|
||||||
|
# - name: docker-credentials
|
||||||
|
# secret:
|
||||||
|
# secretName: regcred
|
||||||
|
# - name: git-credentials
|
||||||
|
# secret:
|
||||||
|
# secretName: git-credentials
|
||||||
|
# params:
|
||||||
|
# - name: url
|
||||||
|
# value: $(tt.params.url)
|
||||||
|
# - name: revision
|
||||||
|
# value: $(tt.params.revision)
|
||||||
|
# - name: image
|
||||||
|
# value: hydra-dispatcher-theme
|
||||||
|
# - name: tag
|
||||||
|
# value: $(tt.params.tag)
|
||||||
|
# - name: dockerfile
|
||||||
|
# value: ./misc/k8s/images/hydra-dispatcher-mse-theme/Dockerfile
|
||||||
|
# - name: registry
|
||||||
|
# value: $(tt.params.registry)
|
||||||
|
# - name: apiurl
|
||||||
|
# value: $(tt.params.apiurl)
|
||||||
|
# - name: requestid
|
||||||
|
# value: $(tt.params.requestid)
|
||||||
|
# - name: requesttype
|
||||||
|
# value: pullrequest
|
||||||
|
# - name: access_token
|
||||||
|
# value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee
|
||||||
|
|
||||||
|
# Hydra SQL Theme
|
||||||
- apiVersion: tekton.dev/v1beta1
|
- apiVersion: tekton.dev/v1beta1
|
||||||
kind: PipelineRun
|
kind: PipelineRun
|
||||||
metadata:
|
metadata:
|
||||||
generateName: msebuild-run-
|
generateName: msebuild-hydra-sql-theme-run-
|
||||||
namespace: tekton
|
namespace: tekton
|
||||||
spec:
|
spec:
|
||||||
serviceAccountName: build-bot
|
serviceAccountName: build-bot
|
||||||
pipelineRef:
|
pipelineRef:
|
||||||
name: msebuild
|
name: imagebuild
|
||||||
podTemplate:
|
podTemplate:
|
||||||
securityContext:
|
securityContext:
|
||||||
fsGroup: 65532
|
fsGroup: 65532
|
||||||
@ -31,28 +137,235 @@ spec:
|
|||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
storage: 1Gi
|
storage: 1Gi
|
||||||
- name: config
|
|
||||||
configmap:
|
|
||||||
name: config-phpcsfixer
|
|
||||||
- name: docker-credentials
|
- name: docker-credentials
|
||||||
secret:
|
secret:
|
||||||
secretName: regcred
|
secretName: regcred
|
||||||
|
- name: git-credentials
|
||||||
|
secret:
|
||||||
|
secretName: git-credentials
|
||||||
|
- name: gitea-access-token
|
||||||
|
secret:
|
||||||
|
secretName: gitea-access-token
|
||||||
params:
|
params:
|
||||||
- name: url
|
- name: url
|
||||||
value: $(tt.params.url)
|
value: $(tt.params.url)
|
||||||
- name: revision
|
- name: revision
|
||||||
value: $(tt.params.revision)
|
value: $(tt.params.revision)
|
||||||
- name: image
|
- name: image
|
||||||
value: portal
|
value: hydra-sql-theme
|
||||||
- name: tag
|
- name: tag
|
||||||
value: $(tt.params.tag)
|
value: $(tt.params.tag)
|
||||||
|
- name: dockerfile
|
||||||
|
value: ./misc/k8s/images/hydra-sql-mse-theme/Dockerfile
|
||||||
|
- name: registry
|
||||||
|
value: $(tt.params.registry)
|
||||||
- name: apiurl
|
- name: apiurl
|
||||||
value: $(tt.params.apiurl)
|
value: $(tt.params.apiurl)
|
||||||
- name: requesttype
|
|
||||||
value: "release"
|
|
||||||
- name: requestid
|
- name: requestid
|
||||||
value: $(tt.params.requestid)
|
value: $(tt.params.requestid)
|
||||||
- name: access_token
|
- name: requesttype
|
||||||
value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee
|
value: pullrequest
|
||||||
- name: dockerfile
|
|
||||||
value: misc/k8s/images/portal
|
|
||||||
|
|
||||||
|
# # Job Base
|
||||||
|
# - apiVersion: tekton.dev/v1beta1
|
||||||
|
# kind: PipelineRun
|
||||||
|
# metadata:
|
||||||
|
# generateName: msebuild-job-base-run-
|
||||||
|
# namespace: tekton
|
||||||
|
# spec:
|
||||||
|
# serviceAccountName: build-bot
|
||||||
|
# pipelineRef:
|
||||||
|
# name: imagebuild
|
||||||
|
# podTemplate:
|
||||||
|
# securityContext:
|
||||||
|
# fsGroup: 65532
|
||||||
|
# workspaces:
|
||||||
|
# - name: shared-data
|
||||||
|
# volumeClaimTemplate:
|
||||||
|
# spec:
|
||||||
|
# accessModes:
|
||||||
|
# - ReadWriteOnce
|
||||||
|
# resources:
|
||||||
|
# requests:
|
||||||
|
# storage: 1Gi
|
||||||
|
# - name: docker-credentials
|
||||||
|
# secret:
|
||||||
|
# secretName: regcred
|
||||||
|
# - name: git-credentials
|
||||||
|
# secret:
|
||||||
|
# secretName: git-credentials
|
||||||
|
# params:
|
||||||
|
# - name: url
|
||||||
|
# value: $(tt.params.url)
|
||||||
|
# - name: revision
|
||||||
|
# value: $(tt.params.revision)
|
||||||
|
# - name: image
|
||||||
|
# value: job-base
|
||||||
|
# - name: tag
|
||||||
|
# value: $(tt.params.tag)
|
||||||
|
# - name: dockerfile
|
||||||
|
# value: ./misc/k8s/images/job-base/Dockerfile
|
||||||
|
# - name: registry
|
||||||
|
# value: $(tt.params.registry)
|
||||||
|
# - name: apiurl
|
||||||
|
# value: $(tt.params.apiurl)
|
||||||
|
# - name: requestid
|
||||||
|
# value: $(tt.params.requestid)
|
||||||
|
# - name: requesttype
|
||||||
|
# value: pullrequest
|
||||||
|
# - name: access_token
|
||||||
|
# value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee
|
||||||
|
|
||||||
|
# # Mock
|
||||||
|
# - apiVersion: tekton.dev/v1beta1
|
||||||
|
# kind: PipelineRun
|
||||||
|
# metadata:
|
||||||
|
# generateName: msebuild-mock-run-
|
||||||
|
# namespace: tekton
|
||||||
|
# spec:
|
||||||
|
# serviceAccountName: build-bot
|
||||||
|
# pipelineRef:
|
||||||
|
# name: imagebuild
|
||||||
|
# podTemplate:
|
||||||
|
# securityContext:
|
||||||
|
# fsGroup: 65532
|
||||||
|
# workspaces:
|
||||||
|
# - name: shared-data
|
||||||
|
# volumeClaimTemplate:
|
||||||
|
# spec:
|
||||||
|
# accessModes:
|
||||||
|
# - ReadWriteOnce
|
||||||
|
# resources:
|
||||||
|
# requests:
|
||||||
|
# storage: 1Gi
|
||||||
|
# - name: docker-credentials
|
||||||
|
# secret:
|
||||||
|
# secretName: regcred
|
||||||
|
# - name: git-credentials
|
||||||
|
# secret:
|
||||||
|
# secretName: git-credentials
|
||||||
|
# params:
|
||||||
|
# - name: url
|
||||||
|
# value: $(tt.params.url)
|
||||||
|
# - name: revision
|
||||||
|
# value: $(tt.params.revision)
|
||||||
|
# - name: image
|
||||||
|
# value: mock
|
||||||
|
# - name: tag
|
||||||
|
# value: $(tt.params.tag)
|
||||||
|
# - name: dockerfile
|
||||||
|
# value: ./misc/k8s/images/mock/Dockerfile
|
||||||
|
# - name: registry
|
||||||
|
# value: $(tt.params.registry)
|
||||||
|
# - name: apiurl
|
||||||
|
# value: $(tt.params.apiurl)
|
||||||
|
# - name: requestid
|
||||||
|
# value: $(tt.params.requestid)
|
||||||
|
# - name: requesttype
|
||||||
|
# value: pullrequest
|
||||||
|
# - name: access_token
|
||||||
|
# value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee
|
||||||
|
|
||||||
|
# # Ines
|
||||||
|
# - apiVersion: tekton.dev/v1beta1
|
||||||
|
# kind: PipelineRun
|
||||||
|
# metadata:
|
||||||
|
# generateName: msebuild-ines-run-
|
||||||
|
# namespace: tekton
|
||||||
|
# spec:
|
||||||
|
# serviceAccountName: build-bot
|
||||||
|
# pipelineRef:
|
||||||
|
# name: imagebuild
|
||||||
|
# podTemplate:
|
||||||
|
# securityContext:
|
||||||
|
# fsGroup: 65532
|
||||||
|
# workspaces:
|
||||||
|
# - name: shared-data
|
||||||
|
# volumeClaimTemplate:
|
||||||
|
# spec:
|
||||||
|
# accessModes:
|
||||||
|
# - ReadWriteOnce
|
||||||
|
# resources:
|
||||||
|
# requests:
|
||||||
|
# storage: 1Gi
|
||||||
|
# - name: docker-credentials
|
||||||
|
# secret:
|
||||||
|
# secretName: regcred
|
||||||
|
# - name: git-credentials
|
||||||
|
# secret:
|
||||||
|
# secretName: git-credentials
|
||||||
|
# params:
|
||||||
|
# - name: url
|
||||||
|
# value: $(tt.params.url)
|
||||||
|
# - name: revision
|
||||||
|
# value: $(tt.params.revision)
|
||||||
|
# - name: image
|
||||||
|
# value: ines
|
||||||
|
# - name: tag
|
||||||
|
# value: $(tt.params.tag)
|
||||||
|
# - name: dockerfile
|
||||||
|
# value: ./misc/k8s/images/ines/Dockerfile
|
||||||
|
# - name: registry
|
||||||
|
# value: $(tt.params.registry)
|
||||||
|
# - name: apiurl
|
||||||
|
# value: $(tt.params.apiurl)
|
||||||
|
# - name: requestid
|
||||||
|
# value: $(tt.params.requestid)
|
||||||
|
# - name: requesttype
|
||||||
|
# value: pullrequest
|
||||||
|
# - name: access_token
|
||||||
|
# value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee
|
||||||
|
|
||||||
|
# # Shibboleth-sp
|
||||||
|
# - apiVersion: tekton.dev/v1beta1
|
||||||
|
# kind: PipelineRun
|
||||||
|
# metadata:
|
||||||
|
# generateName: msebuild-shibboleth-sp-run-
|
||||||
|
# namespace: tekton
|
||||||
|
# spec:
|
||||||
|
# serviceAccountName: build-bot
|
||||||
|
# pipelineRef:
|
||||||
|
# name: imagebuild
|
||||||
|
# podTemplate:
|
||||||
|
# securityContext:
|
||||||
|
# fsGroup: 65532
|
||||||
|
# workspaces:
|
||||||
|
# - name: shared-data
|
||||||
|
# volumeClaimTemplate:
|
||||||
|
# spec:
|
||||||
|
# accessModes:
|
||||||
|
# - ReadWriteOnce
|
||||||
|
# resources:
|
||||||
|
# requests:
|
||||||
|
# storage: 1Gi
|
||||||
|
# - name: docker-credentials
|
||||||
|
# secret:
|
||||||
|
# secretName: regcred
|
||||||
|
# - name: git-credentials
|
||||||
|
# secret:
|
||||||
|
# secretName: git-credentials
|
||||||
|
# params:
|
||||||
|
# - name: url
|
||||||
|
# value: $(tt.params.url)
|
||||||
|
# - name: revision
|
||||||
|
# value: $(tt.params.revision)
|
||||||
|
# - name: image
|
||||||
|
# value: shibboleth-sp
|
||||||
|
# - name: tag
|
||||||
|
# value: $(tt.params.tag)
|
||||||
|
# - name: dockerfile
|
||||||
|
# value: ./misc/k8s/images/sp/Dockerfile
|
||||||
|
# - name: registry
|
||||||
|
# value: $(tt.params.registry)
|
||||||
|
# - name: apiurl
|
||||||
|
# value: $(tt.params.apiurl)
|
||||||
|
# - name: requestid
|
||||||
|
# value: $(tt.params.requestid)
|
||||||
|
# - name: requesttype
|
||||||
|
# value: pullrequest
|
||||||
|
# - name: access_token
|
||||||
|
# value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -2,7 +2,7 @@ apiVersion: triggers.tekton.dev/v1beta1
|
|||||||
kind: TriggerBinding
|
kind: TriggerBinding
|
||||||
metadata:
|
metadata:
|
||||||
name: symfonycheck-binding
|
name: symfonycheck-binding
|
||||||
spec:
|
spec:
|
||||||
params:
|
params:
|
||||||
- name: url
|
- name: url
|
||||||
value: $(body.pull_request.head.repo.clone_url)
|
value: $(body.pull_request.head.repo.clone_url)
|
||||||
@ -12,3 +12,5 @@ spec:
|
|||||||
value: $(body.pull_request.head.repo.url)
|
value: $(body.pull_request.head.repo.url)
|
||||||
- name: requestid
|
- name: requestid
|
||||||
value: $(body.pull_request.number)
|
value: $(body.pull_request.number)
|
||||||
|
- name: destination
|
||||||
|
value: $(body.pull_request.base.ref)
|
||||||
|
|||||||
@ -6,8 +6,11 @@ spec:
|
|||||||
params:
|
params:
|
||||||
- name: url
|
- name: url
|
||||||
- name: revision
|
- name: revision
|
||||||
- name: apiurl
|
|
||||||
- name: requestid
|
- name: requestid
|
||||||
|
- name: destination
|
||||||
|
- name: apiurl
|
||||||
|
- name: requesttype
|
||||||
|
- name: access_token
|
||||||
resourcetemplates:
|
resourcetemplates:
|
||||||
- apiVersion: tekton.dev/v1beta1
|
- apiVersion: tekton.dev/v1beta1
|
||||||
kind: PipelineRun
|
kind: PipelineRun
|
||||||
@ -41,11 +44,13 @@ spec:
|
|||||||
value: $(tt.params.url)
|
value: $(tt.params.url)
|
||||||
- name: revision
|
- name: revision
|
||||||
value: $(tt.params.revision)
|
value: $(tt.params.revision)
|
||||||
|
- name: destination
|
||||||
|
value: $(tt.params.destination)
|
||||||
- name: apiurl
|
- name: apiurl
|
||||||
value: $(tt.params.apiurl)
|
value: $(tt.params.apiurl)
|
||||||
- name: requesttype
|
|
||||||
value: "pullrequest"
|
|
||||||
- name: requestid
|
- name: requestid
|
||||||
value: $(tt.params.requestid)
|
value: $(tt.params.requestid)
|
||||||
|
- name: requesttype
|
||||||
|
value: pullrequest
|
||||||
- name: access_token
|
- name: access_token
|
||||||
value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee
|
value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee
|
||||||
|
|||||||
@ -2,7 +2,7 @@ apiVersion: skaffold/v3
|
|||||||
kind: Config
|
kind: Config
|
||||||
|
|
||||||
metadata:
|
metadata:
|
||||||
name: tekton-pipelines
|
name: tekton
|
||||||
|
|
||||||
manifests:
|
manifests:
|
||||||
kustomize:
|
kustomize:
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user