diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 67be294..0000000 --- a/.gitignore +++ /dev/null @@ -1,5 +0,0 @@ -kustomization/base/tekton/secret/gitea/access_token -kustomization/base/tekton/secret/gitea/basicauth -kustomization/base/tekton/secret/dockerconfig/.dockerconfigjson -kustomization/base/tekton/secret/ssh/id_ed25519 -kustomization/base/tekton/secret/ssh/known_hosts diff --git a/Makefile b/Makefile deleted file mode 100644 index dd0bf10..0000000 --- a/Makefile +++ /dev/null @@ -1,49 +0,0 @@ -DESTDIR=./ - -REG_CRED=$(shell kubectl get secret -n tekton -l type=regcred -o jsonpath='{.items[0].metadata.name}') -SUBNET=$(shell docker network inspect kind --format '{{ (index .IPAM.Config 0).Subnet }}') -BASEIP=$(shell docker network inspect kind --format '{{ (index .IPAM.Config 0).Subnet }}' | cut -d "/" -f 1) - -.PHONY: help -help: - @grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' - -.PHONY: deploy -create-cluster: ## Créer un cluster kubernetes avec Kind - kind create cluster --name tekton --config kind/kind-tekton.yaml - @echo "SubNet Docker :" $(SUBNET) - @echo -e " \x1b[32m✓\x1b[0m Cluster Kind déployé" - -.PHONY: setup-cluster -setup-cluster: create cluster - kubectl apply -k kind/cluster --server-side - kubectl --namespace ingress-nginx rollout status --timeout 5m deployment/ingress-nginx-controller - kubectl --namespace metallb-system rollout status --timeout 5m deployment controller - sed -i "/mse.dev.local/ s/.*/ $(BASEIP)\tmse.dev.local/g" kind/cluster/coredns/custom-dns.yaml - kubectl apply -f kind/cluster/coredns/custom-dns.yaml - kubectl -n kube-system rollout restart deployment/coredns - kubectl -n kube-system rollout status --timeout 5m deployment/coredns - @yq -i ".spec.addresses = [\"$(SUBNET)\"]" kind/cluster/lb/resources/ipaddresspoool.yaml - kubectl apply -k kind/cluster/lb --server-side - -deploy-dev: ## Déploie le projet dans le cluster (nécessite la variable $HARBOR_USER_NAME) - skaffold dev --cleanup=false - -delete-cluster: ## Supprime le cluster kubernetes Kind - kind delete clusters tekton - -docker-secret: - cp kustomization/base/tekton/secret/gitea/access_token.dist kustomization/base/tekton/secret/gitea/access_token - cp kustomization/base/tekton/secret/gitea/basicauth.dist kustomization/base/tekton/secret/gitea/basicauth - cp kustomization/base/tekton/secret/ssh/id_ed25519.dist kustomization/base/tekton/secret/ssh/id_ed25519 - cp kustomization/base/tekton/secret/ssh/known_hosts.dist kustomization/base/tekton/secret/ssh/known_hosts - - docker login reg.cadoles.com - docker --config kustomization/base/tekton/secret/dockerconfig login reg.cadoles.com - mv kustomization/base/tekton/secret/dockerconfig/config.json kustomization/base/tekton/secret/dockerconfig/.dockerconfigjson - -.mktools: - rm -rf .mktools - curl -q https://forge.cadoles.com/Cadoles/mktools/raw/branch/master/install.sh | $(SHELL) - --include .mktools/*.mk diff --git a/README.md b/README.md deleted file mode 100644 index 69cd3ad..0000000 --- a/README.md +++ /dev/null @@ -1,64 +0,0 @@ -# MSE Tekton - -CI du projet MSE - -### Lancement de l'environnement - -#### Lancer l'environnement - -``` -make create-cluster -``` - -Si vous disposez déjà d'un environnement kubernetes, appliquez uniquement les CRDs : - -``` -kubectl apply -k kind/cluster --server-side -``` - -Il se peut qu'il y ait besoin de relancer la commande s'il n'arrive pas a charger `TektonConfig` correctement - -Puis - -``` -make deploy-dev -``` - -#### Préparer les secrets -Créer les fichiers en renseignant et en copiant les fichiers `.dist` correspondants: - - `kustomization/base/tekton/secret/gitea/access_token` - - `kustomization/base/tekton/secret/gitea/basicauth` - - `kustomization/base/tekton/secret/ssh/id_ed25519` - - `kustomization/base/tekton/secret/ssh/known_hosts` - -Générer le secret docker -``` -make docker-secret -``` - -### Lancement d'un pipeline - -``` -kubectl create -f kustomization/base/tekton/pipeline/pipelinerun.yaml -``` - -### Lister et voir les logs des pipelines - -``` -tkn pipelinerun list -tkn pipelinerun logs clone-read-run-dqwcx -f -``` - -Pour installer le cli tekton : [Tekton CLI](https://tekton.dev/docs/cli/#installation) - - -### Accès au Dashboard -[Doc Tekton](https://tekton.dev/docs/dashboard/install/) - -On crée un port-forward pour accéder au dashboard - -``` -kubectl --namespace tekton-pipelines port-forward svc/tekton-dashboard 9097:9097 -``` - -Accéder au dashboard : http://localhost:9097 diff --git a/doc/mesproject.md b/doc/mesproject.md deleted file mode 100644 index 0fa68b5..0000000 --- a/doc/mesproject.md +++ /dev/null @@ -1,10 +0,0 @@ -# Mse Project - -## Evénements et triggers - -Lors de l'émission d'un événement par Gitea, selon la nature de l'événement, les pipelines `symfonycheck` ou `buildimage` seront déclenchés. - - - Pull request créé, ou push sur une pull request : `symfonycheck` - - merge d'une PR : `buildimage` - - diff --git a/doc/tekton.md b/doc/tekton.md deleted file mode 100644 index 1510a30..0000000 --- a/doc/tekton.md +++ /dev/null @@ -1,76 +0,0 @@ -# Tekton CI - -## Webhook, Événements et Triggers - -Un webhook Gitea configuré, envoi des événements sur un endpoint défini par en `EventListener`. - -Cet `EventListener`, selon les filtres et overlays définis, peut alors déclencher des `TriggerTemplates` (configuré selon un `TriggerBinding`), qui alors configurerons a leur tour des `PipelineRun`, qui exécuterons des `Pipelines`, qui configurerons des `TaskRun`, qui alors exécuterons des `Task`. - -```mermaid -flowchart LR - A[Webhook Event] --> B(EventListener - filter et overlays) - B --> D(Pipeline Binding) - B --> E(Pipeline Template) - D --> E - E --> F(PipelineRun) - F --> G(Pipeline) - - -``` - -Les `Webhooks`, événements et triggers dans Tekton CI permettent de déclencher des actions automatisées en réponse à des événements spécifiques dans un système de gestion de code source. - -### Filter et overlay - -Le `filter` permet de déclencher les Triggers pour les événements répondant au critère du filtre - -Les `overlays` permettent de récupérer une valeur de la requête pour la passer en paramètre - -### Workspaces - -Les workspaces sont des volumes qui sont monté à la demande dans les conteneurs des différentes `Task` dans le répertoire `/workspace`. - -### Exemples - - - [EventListener MSE](kustomization/base/tekton/event/mseproject.yaml) - - [TriggerBinding MSE](kustomization/base/tekton/event/msebuild-binding.yaml) - - [TriggerTemplate MSE](kustomization/base/tekton/event/msebuild-template.yaml) - - - -## Pipelines - -Les `Pipeline` dans Tekton CI décrivent une série d'étapes ou de tâches à exécuter pour automatiser un processus de déploiement ou de test logiciel. -Un `PipelineRun` permet d'exécuter un `Pipeline` en lui donnant des paramètres - -L'option `runAfter:` permet de définir si une `Task` doit s'exécuter une fois qu'une autre Task est terminé. Si `runAfter` n'est par défini, la `Task` sera exécuté en parallèle - - - -```mermaid -flowchart LR - G(PipelineRun) --> H(Pipeline) - H --> I(TaskRun) - I --> J(Task) - -``` -### Exemples - -- [SymfonyCheck](../kustomization/base/tekton/pipeline/symfonycheck.yaml) - -## Tasks - -Les `Task` dans Tekton CI représentent des actions individuelles à effectuer dans un pipeline. Elles peuvent inclure des opérations telles que la construction, le déploiement, les tests, etc. -Une `TaskRun` permet d'exécuter une `Task` en lui donnant des paramètres. -Les `Task` vont alors enchainer les différentes steps. -Les `Task` peuvent émettre des résultats, qui seront alors accessible par d'autres `Task` - -L'option `OnError` permet de déclencher un évenement à la suite d'une erreur d'une `step`. -On peut alors s'en servir pour passer à la st`ep suivante, sans bloquer l'exécution de la `Task`. - -### Exemple - - [ImageFormater](kustomization/base/tekton/task/common/imageformater.yaml) - - - diff --git a/kind/cluster/coredns/custom-dns.yaml b/kind/cluster/coredns/custom-dns.yaml deleted file mode 100644 index 6bff592..0000000 --- a/kind/cluster/coredns/custom-dns.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v1 -data: - Corefile: | - .:53 { - errors - health { - lameduck 5s - } - ready - kubernetes cluster.local in-addr.arpa ip6.arpa { - pods insecure - fallthrough in-addr.arpa ip6.arpa - ttl 30 - } - prometheus :9153 - forward . /etc/resolv.conf - cache 30 - loop - reload - loadbalance - hosts { - # Liste des noms de dommaine à résoudre dans le cluster.local - 172.18.0.0 mse.dev.local - - fallthrough - } - } -kind: ConfigMap -metadata: - name: coredns - namespace: kube-system diff --git a/kind/cluster/kustomization.yaml b/kind/cluster/kustomization.yaml deleted file mode 100644 index dbf0c07..0000000 --- a/kind/cluster/kustomization.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: -- https://raw.githubusercontent.com/ory/k8s/v0.30.0/helm/charts/hydra-maester/crds/crd-oauth2clients.yaml -- https://forge.cadoles.com/CadolesKube/c-kustom//base/cloudnative-pg-operator?ref=develop -- https://forge.cadoles.com/CadolesKube/c-kustom//base/redis?ref=develop -- https://forge.cadoles.com/CadolesKube/c-kustom//base/minio?ref=develop -- https://forge.cadoles.com/CadolesKube/c-kustom//base/metallb?ref=develop -- https://forge.cadoles.com/CadolesKube/c-kustom//base/nginx?ref=develop -- https://storage.googleapis.com/tekton-releases/operator/latest/release.yaml -- https://raw.githubusercontent.com/tektoncd/operator/main/config/crs/kubernetes/config/all/operator_v1alpha1_config_cr.yaml -- https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml -- https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml -- https://storage.googleapis.com/tekton-releases/triggers/latest/interceptors.yaml -- https://storage.googleapis.com/tekton-releases/dashboard/latest/release.yaml - diff --git a/kind/cluster/lb/kustomization.yaml b/kind/cluster/lb/kustomization.yaml deleted file mode 100644 index 6446c8b..0000000 --- a/kind/cluster/lb/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: metallb-system - -resources: -- ./resources/ipaddresspoool.yaml -- ./resources/advertise.yaml diff --git a/kind/cluster/lb/resources/advertise.yaml b/kind/cluster/lb/resources/advertise.yaml deleted file mode 100644 index d251dba..0000000 --- a/kind/cluster/lb/resources/advertise.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: metallb.io/v1beta1 -kind: L2Advertisement -metadata: - name: l2-ip-pool-ad - namespace: metallb-system -spec: - ipAddressPools: - - main-pool - diff --git a/kind/cluster/lb/resources/ipaddresspoool.yaml b/kind/cluster/lb/resources/ipaddresspoool.yaml deleted file mode 100644 index 5db3e4a..0000000 --- a/kind/cluster/lb/resources/ipaddresspoool.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: metallb.io/v1beta1 -kind: IPAddressPool -metadata: - name: main-pool - namespace: metallb-system -spec: - addresses: - - 172.18.0.0/16 diff --git a/kind/kind-tekton.yaml b/kind/kind-tekton.yaml deleted file mode 100644 index d51a590..0000000 --- a/kind/kind-tekton.yaml +++ /dev/null @@ -1,45 +0,0 @@ -kind: Cluster -apiVersion: kind.x-k8s.io/v1alpha4 -name: tekton-pipelines -nodes: -- role: control-plane - image: kindest/node:v1.27.2 - kubeadmConfigPatches: - - | - kind: InitConfiguration - nodeRegistration: - kubeletExtraArgs: - node-labels: "ingress-ready=true" - extraPortMappings: - - containerPort: 31000 - hostPort: 31000 - listenAddress: "0.0.0.0" # Optional, defaults to "0.0.0.0" - - containerPort: 80 - hostPort: 8080 - listenAddress: "0.0.0.0" # Optional, defaults to "0.0.0.0" - labels: - ingress-ready: true -- role: worker - image: kindest/node:v1.27.2 - kubeadmConfigPatches: - - | - kind: JoinConfiguration - nodeRegistration: - kubeletExtraArgs: - system-reserved: memory=2Gi -- role: worker - image: kindest/node:v1.27.2 - kubeadmConfigPatches: - - | - kind: JoinConfiguration - nodeRegistration: - kubeletExtraArgs: - system-reserved: memory=2Gi -- role: worker - image: kindest/node:v1.27.2 - kubeadmConfigPatches: - - | - kind: JoinConfiguration - nodeRegistration: - kubeletExtraArgs: - system-reserved: memory=2Gi diff --git a/kind/scripts/init-kind.sh b/kind/scripts/init-kind.sh deleted file mode 100755 index eee8e78..0000000 --- a/kind/scripts/init-kind.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - - - -${ENGINE} create cluster --config kind/kind-mse.yaml -sleep 5 -kubectl apply -k kind/cluster --server-side -sleep 5 -docker network inspect kind | jq '.[0].IPAM.Config[0].Subnet' -r -echo "Si tout est ok :" -echo "kubectl apply -k kind/cluster/lb --server-side" -echo "skaffold dev -p dev --cleanup=false " - diff --git a/kustomization/base/kustomization.yaml b/kustomization/base/kustomization.yaml deleted file mode 100644 index e6a0167..0000000 --- a/kustomization/base/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: -- tekton/ -- tekton-pipelines/ingress/dashboard.yaml diff --git a/kustomization/base/tekton-pipelines/ingress/dashboard.yaml b/kustomization/base/tekton-pipelines/ingress/dashboard.yaml deleted file mode 100644 index e126041..0000000 --- a/kustomization/base/tekton-pipelines/ingress/dashboard.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: dashboard - namespace: tekton-pipelines -spec: - ingressClassName: nginx - rules: - - host: tekton.local - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: tekton-dashboard - port: - number: 9097 - - path: /mseproject - pathType: Prefix - backend: - service: - name: el-mseproject - port: - number: 9000 diff --git a/kustomization/base/tekton/configmap/configmap-phpcsfixer.yaml b/kustomization/base/tekton/configmap/configmap-phpcsfixer.yaml deleted file mode 100644 index 7c79ee4..0000000 --- a/kustomization/base/tekton/configmap/configmap-phpcsfixer.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-phpcsfixer -data: - php-cs-fixer.dist.php: | - ignoreDotFiles(false) - ->ignoreVCSIgnored(true) - ->exclude(['dev-tools/phpstan', 'tests/Fixtures']) - ->in(__DIR__); - // TODO: Définir les règles de style communes - // spécifiques au projet - return (new PhpCsFixer\Config()) - ->setRules([ - '@Symfony' => true, - 'concat_space' => ['spacing' => 'none'], - 'array_syntax' => ['syntax' => 'short'], - 'combine_consecutive_issets' => true, - 'explicit_indirect_variable' => true, - 'no_useless_return' => true, - 'ordered_imports' => true, - 'no_unused_imports' => true, - 'no_spaces_after_function_name' => true, - 'no_spaces_inside_parenthesis' => true, - 'ternary_operator_spaces' => true, - 'class_definition' => ['single_line' => true], - 'whitespace_after_comma_in_array' => true, - // phpdoc - 'phpdoc_add_missing_param_annotation' => ['only_untyped' => true], - 'phpdoc_order' => true, - 'phpdoc_types_order' => [ - 'null_adjustment' => 'always_last', - 'sort_algorithm' => 'alpha', - ], - 'phpdoc_no_empty_return' => false, - 'phpdoc_summary' => false, - 'general_phpdoc_annotation_remove' => [ - 'annotations' => [ - 'expectedExceptionMessageRegExp', - 'expectedException', - 'expectedExceptionMessage', - 'author', - ], - ], - ]) - ->setFinder($finder); - diff --git a/kustomization/base/tekton/event/imagebuild.yaml b/kustomization/base/tekton/event/imagebuild.yaml deleted file mode 100644 index 609dfce..0000000 --- a/kustomization/base/tekton/event/imagebuild.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: triggers.tekton.dev/v1beta1 -kind: EventListener -metadata: - name: imagebuild -spec: - serviceAccountName: tekton-robot - triggers: - - name: imagebuild-trigger - interceptors: - - ref: - name: "cel" - params: - - name: "filter" - value: "body.action != 'deleted'" - bindings: - - ref: imagebuild-binding - template: - ref: imagebuild-template diff --git a/kustomization/base/tekton/event/msebuild.yaml b/kustomization/base/tekton/event/msebuild.yaml deleted file mode 100644 index 882e35f..0000000 --- a/kustomization/base/tekton/event/msebuild.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: triggers.tekton.dev/v1beta1 -kind: EventListener -metadata: - name: msebuild -spec: - serviceAccountName: tekton-robot - triggers: - - name: msebuild-trigger - interceptors: - - ref: - name: "cel" - params: - # Filtre par événement - - name: "filter" - value: "body.action != 'deleted'" - # Récupération du queryParam registry - - name: "overlays" - value: - - key: registry - expression: "requestURL.parseURL().query['registry']" - bindings: - - ref: msebuild-binding - - name: registry - value: $(extensions.registry) - template: - ref: msebuild-template diff --git a/kustomization/base/tekton/event/mseproject.yaml b/kustomization/base/tekton/event/mseproject.yaml deleted file mode 100644 index af67675..0000000 --- a/kustomization/base/tekton/event/mseproject.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: triggers.tekton.dev/v1beta1 -kind: EventListener -metadata: - name: mseproject -spec: - serviceAccountName: tekton-robot - triggers: - - name: mse-symfonycheck-trigger - interceptors: - - ref: - name: "cel" - params: - # Filtre par événement - - name: "filter" - value: "body.action in ['opened', 'synchronized']" - bindings: - - ref: symfonycheck-binding - template: - ref: symfonycheck-template - - - name: mse-build-trigger - interceptors: - - ref: - name: "cel" - params: - # Filtre par événement - - name: "filter" - value: "body.pull_request.merged == true" - # Récupération du queryParam registry - - name: "overlays" - value: - - key: registry - expression: "requestURL.parseURL().query['registry']" - bindings: - - ref: msebuild-binding - - name: registry - value: $(extensions.registry) - template: - ref: msebuild-template diff --git a/kustomization/base/tekton/event/symfonycheck.yaml b/kustomization/base/tekton/event/symfonycheck.yaml deleted file mode 100644 index 6a667b1..0000000 --- a/kustomization/base/tekton/event/symfonycheck.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: triggers.tekton.dev/v1beta1 -kind: EventListener -metadata: - name: symfonycheck -spec: - serviceAccountName: tekton-robot - triggers: - - name: symfonycheck-trigger - interceptors: - - ref: - name: "cel" - params: - - name: "filter" - value: "body.action != 'closed'" - bindings: - - ref: symfonycheck-binding - template: - ref: symfonycheck-template diff --git a/kustomization/base/tekton/kustomization.yaml b/kustomization/base/tekton/kustomization.yaml deleted file mode 100644 index ab0564b..0000000 --- a/kustomization/base/tekton/kustomization.yaml +++ /dev/null @@ -1,68 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: tekton-pipelines -resources: -- namespace/namespace.yaml -- serviceaccount/service-account.yaml -- serviceaccount/rbac.yaml -- configmap/configmap-phpcsfixer.yaml - -- resources/ - -# Tasks -- https://raw.githubusercontent.com/tektoncd/catalog/main/task/git-clone/0.9/git-clone.yaml -- https://api.hub.tekton.dev/v1/resource/tekton/task/kaniko/0.6/raw -- task/common/giteacomment.yaml -- task/common/imageformater.yaml -- task/common/cleanup.yaml -- task/common/crane.yaml -- task/common/trivy.yaml -- task/symfonyapp/phpcsfixer.yaml -- task/symfonyapp/phpsecuritycheck.yaml -- task/symfonyapp/phpstan.yaml -- task/symfonyapp/phpunittest.yaml -- task/symfonyapp/phpfunctionaltest.yaml - -# Pipelines -- pipeline/imagebuild.yaml -- pipeline/symfonycheck.yaml - -# Triggers -- trigger/msebuild-binding.yaml -- trigger/msebuild-template.yaml -- trigger/imagebuild-binding.yaml -- trigger/imagebuild-template.yaml -- trigger/symfonycheck-binding.yaml -- trigger/symfonycheck-template.yaml - -# Events -- event/mseproject.yaml - - -# # Ingress -# - ingress/dashboard.yaml - -generatorOptions: - disableNameSuffixHash: true -secretGenerator: -- name: regcred - type: kubernetes.io/dockerconfigjson - files: - - secret/dockerconfig/.dockerconfigjson - -- name: basic-auth - type: kubernetes.io/basic-auth - options: - annotations: - tekton.dev/git-0: https://forge.cadoles.com - envs: - - secret/gitea/basicauth - -- name: gitea-access-token - files: - - secret/gitea/access_token - -- name: git-credentials - files: - - secret/ssh/id_ed25519 - - secret/ssh/known_hosts diff --git a/kustomization/base/tekton/namespace/namespace.yaml b/kustomization/base/tekton/namespace/namespace.yaml deleted file mode 100644 index 5439a25..0000000 --- a/kustomization/base/tekton/namespace/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: tekton-pipelines diff --git a/kustomization/base/tekton/pipeline/imagebuild.yaml b/kustomization/base/tekton/pipeline/imagebuild.yaml deleted file mode 100644 index c994316..0000000 --- a/kustomization/base/tekton/pipeline/imagebuild.yaml +++ /dev/null @@ -1,170 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Pipeline -metadata: - name: imagebuild -spec: - description: | - This pipeline clones a git repo, then echoes the README file to the stout. - params: - - name: url - type: string - description: The git repo URL to clone from. - - name: revision - type: string - description: The git repo branch to checkout. - - name: image - type: string - description: The image to build. - - name: context - type: string - description: The context of image to build. - - name: tag - type: string - description: The image tag. - - name: dockerfile - type: string - description: Path to the Dockerfile to build. - - name: registry - description: Registry of the Docker image - - name: apiurl - type: string - description: The gitea api url. - - name: requesttype - type: string - description: The gitea request type = "pullrequest / release". - - name: requestid - type: string - description: The gitea request id. - - - workspaces: - - name: shared-data - - name: docker-credentials - - name: git-credentials - - name: gitea-access-token - - tasks: - - # 📥 Clone du repo git - - name: gitclone - taskRef: - name: git-clone - workspaces: - - name: output - workspace: shared-data - - name: ssh-directory - workspace: git-credentials - params: - - name: url - value: $(params.url) - - name: revision - value: $(params.revision) - - name: submodules - value: 'false' - - name: depth - value: '50' - - # ⭐ Image Tag Formater - - name: imageformater - taskRef: - name: imageformater - runAfter: ["gitclone"] - workspaces: - - name: source - workspace: shared-data - params: - - name: revision - value: $(params.revision) - - # 🔨 Build de l'image - - name: kaniko-build - taskRef: - name: kaniko - runAfter: ["imageformater"] - params: - - name: IMAGE - value: $(params.registry)/$(params.image):$(tasks.imageformater.results.imagetag) - - name: BUILDER_IMAGE - value: gcr.io/kaniko-project/executor:v1.20.0 - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.context) - - name: EXTRA_ARGS - value: - - --skip-tls-verify - - --insecure - - --no-push - - --tarPath=$(workspaces.source.path)/image.tar - - --destination=$(params.registry)/$(params.image):$(tasks.imageformater.results.imagetag) - workspaces: - - name: source - workspace: shared-data - - name: dockerconfig - workspace: docker-credentials - - # 🔎 Scan de l'image - - name: trivy-scan - taskRef: - name: trivy-scanner - kind: Task - params: - - name: IMAGE_PATH - value: "$(workspaces.manifest-dir.path)/image.tar" - workspaces: - - name: manifest-dir - workspace: shared-data - runAfter: - - kaniko-build - - # 📨 Envoyer du resulat de trivy à gitea - - name: trivy-giteacomment - taskRef: - name: giteacomment - workspaces: - - name: source - workspace: shared-data - - name: gitea-access-token - workspace: gitea-access-token - params: - - name: apiurl - value: $(params.apiurl) - - name: requestid - value: $(params.requestid) - - name: title - value: "TRIVY" - - name: filepath - value: "temp_trivy.txt" - runAfter: - - trivy-scan - - # 🚀 Publication de l'image - - name: publish - taskRef: - name: crane-task - workspaces: - - name: source - workspace: shared-data - - name: dockerconfig - workspace: docker-credentials - params: - - name: IMAGE_TAG - value: $(tasks.imageformater.results.imagetag) - - name: IMAGE - value: $(params.image) - - name: REGISTRY - value: $(params.registry) - runAfter: - - trivy-scan - - - - finally: - # 🧹 Cleanup - - name: cleanup-workspace - taskRef: - name: cleanup-workspace - kind: Task - workspaces: - - name: source - workspace: shared-data diff --git a/kustomization/base/tekton/pipeline/symfonycheck.yaml b/kustomization/base/tekton/pipeline/symfonycheck.yaml deleted file mode 100644 index 29fa273..0000000 --- a/kustomization/base/tekton/pipeline/symfonycheck.yaml +++ /dev/null @@ -1,166 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Pipeline -metadata: - name: symfonycheck -spec: - description: | - This pipeline clones a git repo, then echoes the README file to the stout. - params: - - name: url - type: string - description: The git repo URL to clone from. - - name: revision - type: string - description: The git repo branch to checkout. - - name: destination - type: string - description: The branch to merge to. - - name: apiurl - type: string - description: The gitea api url. - - name: requesttype - type: string - description: The gitea request type = "pullrequest / release". - - name: requestid - type: string - description: The gitea request id. - - workspaces: - - name: shared-data - description: This workspace contains the cloned repo files, so they can be read by the next task. - - name: config - - name: docker-credentials - - name: gitea-access-token - - tasks: - # 📥 Clone du repo git - - name: gitclone - taskRef: - name: git-clone - workspaces: - - name: output - workspace: shared-data - params: - - name: url - value: $(params.url) - - name: revision - value: $(params.revision) - - name: submodules - value: 'false' - - name: depth - value: '50' - - # ⭐ Exécution des tests phpsecuritycheck - - name: phpsecuritycheck - runAfter: ["gitclone"] - taskRef: - name: phpsecuritycheck - workspaces: - - name: source - workspace: shared-data - - # ⭐ Exécution des tests phpstan - - name: phpstan - runAfter: ["gitclone"] - taskRef: - name: phpstan - workspaces: - - name: source - workspace: shared-data - params: - - name: apiurl - value: $(params.apiurl) - - name: requestid - value: $(params.requestid) - - # ⭐ Exécution des tests php-cs-fixer - - name: phpcsfixer - runAfter: ["gitclone"] - taskRef: - name: phpcsfixer - workspaces: - - name: source - workspace: shared-data - - name: config - workspace: config - params: - - name: destination - value: $(params.destination) - - # ⭐ Execution des tests unitaires et fonctionnels - - name: phpunittest - runAfter: ["gitclone"] - taskRef: - name: phpunittest - workspaces: - - name: source - workspace: shared-data - - finally: - # 📨 Envoie du resulat de php-cs-fixer à gitea - - name: phpcsfixer-giteacomment - taskRef: - name: giteacomment - workspaces: - - name: source - workspace: shared-data - - name: gitea-access-token - workspace: gitea-access-token - params: - - name: apiurl - value: $(params.apiurl) - - name: requestid - value: $(params.requestid) - - name: title - value: "PHP-CS-FIXER" - - name: filepath - value: "temp_phpcsfixer.txt" - - # 📨 Envoi du resulat de phpstan à gitea - - name: phpstan-giteacomment - taskRef: - name: giteacomment - workspaces: - - name: source - workspace: shared-data - - name: gitea-access-token - workspace: gitea-access-token - params: - - name: apiurl - value: $(params.apiurl) - - name: requestid - value: $(params.requestid) - - name: title - value: "PHPSTAN" - - name: filepath - value: "temp_phpstan.txt" - - # 📨 Envoie le resulat de phpsecuritychecker à gitea - - name: phpsecuritychecker-giteacomment - taskRef: - name: giteacomment - workspaces: - - name: source - workspace: shared-data - - name: gitea-access-token - workspace: gitea-access-token - params: - - name: apiurl - value: $(params.apiurl) - - name: requestid - value: $(params.requestid) - - name: title - value: "PHP-SECURITY-CHECK" - - name: filepath - value: "temp_phpsecuritychecker.txt" - - # 🧹 Cleanup - - name: cleanup-workspace - taskRef: - name: cleanup-workspace - kind: Task - workspaces: - - name: source - workspace: shared-data - - diff --git a/kustomization/base/tekton/resources/kustomization.yaml b/kustomization/base/tekton/resources/kustomization.yaml deleted file mode 100644 index 482bf38..0000000 --- a/kustomization/base/tekton/resources/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - ./redis/redis-cluster.yaml diff --git a/kustomization/base/tekton/resources/redis/redis-cluster.yaml b/kustomization/base/tekton/resources/redis/redis-cluster.yaml deleted file mode 100644 index 5660732..0000000 --- a/kustomization/base/tekton/resources/redis/redis-cluster.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: databases.spotahome.com/v1 -kind: RedisFailover -metadata: - name: tekton-redis -spec: - sentinel: - replicas: 3 - resources: - requests: - cpu: 100m - limits: - memory: 100Mi - redis: - image: reg.cadoles.com/proxy_cache/library/redis:6.2.6-alpine - replicas: 3 - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 400m - memory: 500Mi diff --git a/kustomization/base/tekton/secret/gitea/access_token.dist b/kustomization/base/tekton/secret/gitea/access_token.dist deleted file mode 100644 index f161982..0000000 --- a/kustomization/base/tekton/secret/gitea/access_token.dist +++ /dev/null @@ -1 +0,0 @@ -TOKEN_HERE diff --git a/kustomization/base/tekton/secret/gitea/basicauth.dist b/kustomization/base/tekton/secret/gitea/basicauth.dist deleted file mode 100644 index 6c285a8..0000000 --- a/kustomization/base/tekton/secret/gitea/basicauth.dist +++ /dev/null @@ -1,2 +0,0 @@ -username= -password= diff --git a/kustomization/base/tekton/secret/ssh/id_ed25519.dist b/kustomization/base/tekton/secret/ssh/id_ed25519.dist deleted file mode 100644 index 2fc5cd1..0000000 --- a/kustomization/base/tekton/secret/ssh/id_ed25519.dist +++ /dev/null @@ -1 +0,0 @@ -YOUR_PRIVATE_KEY_HERE diff --git a/kustomization/base/tekton/secret/ssh/known_hosts.dist b/kustomization/base/tekton/secret/ssh/known_hosts.dist deleted file mode 100644 index cd55d3b..0000000 --- a/kustomization/base/tekton/secret/ssh/known_hosts.dist +++ /dev/null @@ -1 +0,0 @@ -KNOWN_HOST_HERE diff --git a/kustomization/base/tekton/serviceaccount/rbac.yaml b/kustomization/base/tekton/serviceaccount/rbac.yaml deleted file mode 100644 index 7d861b4..0000000 --- a/kustomization/base/tekton/serviceaccount/rbac.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: tekton-robot ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: triggers-example-eventlistener-binding -subjects: -- kind: ServiceAccount - name: tekton-robot -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: tekton-triggers-eventlistener-roles ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: triggers-example-eventlistener-clusterbinding -subjects: -- kind: ServiceAccount - name: tekton-robot - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: tekton-triggers-eventlistener-clusterroles diff --git a/kustomization/base/tekton/serviceaccount/service-account.yaml b/kustomization/base/tekton/serviceaccount/service-account.yaml deleted file mode 100644 index 9be1e15..0000000 --- a/kustomization/base/tekton/serviceaccount/service-account.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: build-bot -secrets: - - name: basic-auth - - name: regcred diff --git a/kustomization/base/tekton/task/common/cleanup.yaml b/kustomization/base/tekton/task/common/cleanup.yaml deleted file mode 100644 index 92f8398..0000000 --- a/kustomization/base/tekton/task/common/cleanup.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: cleanup-workspace -spec: - workspaces: - - name: source - steps: - - name: cleanup - image: alpine:latest - command: - - /bin/sh - args: - - '-c' - - | - #set -e - - echo "" - echo "== CLEAN UP WORKSPACES ===================================" - rm -rf /workspace/* - - echo "" - echo "" - diff --git a/kustomization/base/tekton/task/common/crane.yaml b/kustomization/base/tekton/task/common/crane.yaml deleted file mode 100644 index 676b257..0000000 --- a/kustomization/base/tekton/task/common/crane.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: crane-task -spec: - workspaces: - - name: source - - name: dockerconfig - params: - - name: IMAGE_TAG - type: string - description: "The image to push." - - name: IMAGE - type: string - description: "The image to push." - - name: REGISTRY - description: Docker Registry - - - steps: - - name: push-image-tar - image: gcr.io/go-containerregistry/crane:debug - script: | - #!/busybox/sh - set -eu -o pipefail - - echo "" - echo "== CONFIGURE CREDENTIALS ===================================" - - mkdir ~/.docker - cp $(workspaces.dockerconfig.path)/config.json ~/.docker/config.json - echo "" - echo "== PUSH IMAGE ===================================" - - crane push $(workspaces.source.path)/image.tar $(params.REGISTRY)/$(params.IMAGE):$(params.IMAGE_TAG) - - echo "" - echo "" - diff --git a/kustomization/base/tekton/task/common/giteacomment.yaml b/kustomization/base/tekton/task/common/giteacomment.yaml deleted file mode 100644 index 52d5731..0000000 --- a/kustomization/base/tekton/task/common/giteacomment.yaml +++ /dev/null @@ -1,55 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: giteacomment -spec: - description: Send file content to a comment of the pullrequest gitea - workspaces: - - name: source - - name: gitea-access-token - params: - - name: apiurl - - name: requestid - - name: title - - name: filepath - steps: - - name: exec - image: alpine - command: - - /bin/sh - args: - - '-c' - - | - #set -e - - cd $(workspaces.source.path) - - echo "" - echo "== INSTALL DEPENDENCIES ===================================" - apk add jq curl - - echo "" - echo "== SEND COMMENT TO GITEA =================================" - - if [[ -n "$(params.title)" ]]; then - sed -i '1i\# $(params.title)' $(params.filepath) - fi - - RESULT=$(cat $(params.filepath)) - rm -f $(params.filepath) - TOKEN_PATH="$(workspaces.gitea-access-token.path)" - GITEA_ACCESS_TOKEN="$(cat ${TOKEN_PATH}/access_token)" - APIURL=$(params.apiurl)/issues/$(params.requestid)/comments?access_token=${GITEA_ACCESS_TOKEN} - RESULT_ESCAPED=$(jq --null-input --arg result "${RESULT}" '$result') - BODY="{\"body\": ${RESULT_ESCAPED}}" - echo ${BODY} - - curl -X 'POST' \ - ${APIURL} \ - -s \ - -H 'accept: application/json' \ - -H 'Content-Type: application/json' \ - -d "${BODY}" - - echo "" - echo "" diff --git a/kustomization/base/tekton/task/common/imageformater.yaml b/kustomization/base/tekton/task/common/imageformater.yaml deleted file mode 100644 index c6a67fe..0000000 --- a/kustomization/base/tekton/task/common/imageformater.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: imageformater -spec: - description: transform image name to standart name - workspaces: - - name: source - params: - - name: revision - results: - - name: imagetag - steps: - - name: exec - image: alpine:3.19 - script: | - #!/usr/bin/env sh - set -eu - set +x - apk add make curl bash git - - cd $(workspaces.source.path) - git config --global --add safe.directory /workspace/source - git checkout $(params.revision) - set -x - echo "" - echo "== IMAGE NAME FORMATER ===================================" - - make .mktools - version=$(make mkt-project-version) - - echo -n "${version}" > "$(results.imagetag.path)" - - echo "" - echo "" diff --git a/kustomization/base/tekton/task/common/trivy.yaml b/kustomization/base/tekton/task/common/trivy.yaml deleted file mode 100644 index 7f19043..0000000 --- a/kustomization/base/tekton/task/common/trivy.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: trivy-scanner - labels: - app.kubernetes.io/version: "0.2" - annotations: - tekton.dev/pipelines.minVersion: "0.12.1" - tekton.dev/categories: Security - tekton.dev/tags: CLI, trivy - tekton.dev/displayName: "trivy scanner" - tekton.dev/platforms: "linux/amd64,linux/arm64,linux/ppc64le,linux/390x" -spec: - description: >- - Trivy is a simple and comprehensive scanner for - vulnerabilities in container images,file systems - ,and Git repositories, as well as for configuration issues. - - This task can be used to scan for vulnenrabilities on the source code - in stand alone mode. - workspaces: - - name: manifest-dir - params: - - name: TRIVY_IMAGE - default: docker.io/aquasec/trivy@sha256:944a044451791617cc0ed2ee4d1942a4f66b790d527fcd0575a6b399ccbc05a1 # 0.43.1 - description: Trivy scanner image to be used - - name: IMAGE_PATH - description: Image or Path to be scanned by trivy. - type: string - - name: AIR_GAPPED_ENABLED - default: "false" - description: a flag enabling Air-Gapped mode - type: string - steps: - - name: trivy-scan - image: $(params.TRIVY_IMAGE) - workingDir: $(workspaces.manifest-dir.path) - script: | - #!/usr/bin/env sh - - echo "" - echo "== SCAN IMAGE ===================================" - - echo "Running trivy task with command below" - trivy image --exit-code 1 --severity CRITICAL --no-progress -o temp_trivy.txt --input $(params.IMAGE_PATH) - cat temp_trivy.txt diff --git a/kustomization/base/tekton/task/symfonyapp/phpcsfixer.yaml b/kustomization/base/tekton/task/symfonyapp/phpcsfixer.yaml deleted file mode 100644 index 78118dd..0000000 --- a/kustomization/base/tekton/task/symfonyapp/phpcsfixer.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: phpcsfixer -spec: - description: PHP-CS-Fixer on modified code - workspaces: - - name: source - - name: config - params: - - name: destination - steps: - - name: exec - image: ghcr.io/php-cs-fixer/php-cs-fixer:3-php8.3 - command: - - /bin/sh - args: - - '-c' - - | - #set -e - apk add git - cd $(workspaces.source.path) - git config --global --add safe.directory /workspace/source - git fetch origin $(params.destination) - CHANGED_FILES=$(git diff --name-only --diff-filter=ACMRTUXB origin/$(params.destination) -- | grep -F ".php" | tr "\n" " ") - if ! echo "${CHANGED_FILES}" | grep -qE "^(\\.php-cs-fixer(\\.dist)\\.php?|composer\\.lock)$"; then EXTRA_ARGS=$(printf -- '--path-mode=intersection -- %s' "${CHANGED_FILES}"); else EXTRA_ARGS=''; fi - - echo "" - echo "== RUN PHP-CS-FIXER ======================================" - - php-cs-fixer fix --dry-run --config=$(workspaces.config.path)/php-cs-fixer.dist.php ${EXTRA_ARGS} > temp_phpcsfixer.txt 2>&1 - cat temp_phpcsfixer.txt - - echo "" - echo "" diff --git a/kustomization/base/tekton/task/symfonyapp/phpfunctionaltest.yaml b/kustomization/base/tekton/task/symfonyapp/phpfunctionaltest.yaml deleted file mode 100644 index d39f32d..0000000 --- a/kustomization/base/tekton/task/symfonyapp/phpfunctionaltest.yaml +++ /dev/null @@ -1,70 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: phpfunctionaltest -spec: - description: PHP functional test with bdd sidecar - workspaces: - - name: source - sidecars: - - name: database - image: postgres:16 - env: - - name: POSTGRES_PASSWORD - value: not_so_secret - - name: POSTGRES_HOST_AUTH_METHOD - value: trust - - name: redis - image: redis:4.0 - - steps: - - name: exec - image: reg.cadoles.com/cadoles/symfony:alpine-php-7.4-base-20230926 - env: - - name: PHP_FPM_MEMORY_LIMIT - value: 512m - - name: MSE_DATABASE_DRIVER - value: pdo_pgsql - - name: MSE_DATABASE_HOST - value: localhost - - name: MSE_DATABASE_PORT - value: '5432' - - name: MSE_DATABASE_NAME - value: postgres - - name: MSE_DATABASE_USER - value: postgres - - name: MSE_DATABASE_PASSWORD - value: not_so_secret - - name: MSE_REDIS_SERVER - value: localhost - - name: MSE_REDIS_PORT - value: '6379' - - name: MSE_REDIS_SERVER - value: rfs-tekton-redis - command: - - /bin/sh - args: - - '-c' - - | - set -e - apk add bash=5.1.16-r0 \ - postgresql-client \ - php7-gd=7.4.33-r1 \ - php7-xsl=7.4.33-r1 \ - php7-pdo=7.4.33-r1 \ - php7-pgsql=7.4.33-r1 \ - php7-pdo_pgsql=7.4.33-r1 \ - php7-soap=7.4.33-r1 \ - php7-ldap=7.4.33-r1 \ - php7-pdo_mysql=7.4.33-r1 \ - php7-bcmath=7.4.33-r1 \ - php7-intl=7.4.33-r1 \ - php7-fileinfo=7.4.33-r1 \ - php7-iconv=7.4.33-r1 \ - php7-pecl-amqp=1.11.0-r0 \ - php7-pecl-redis=5.3.6-r0 - cd $(workspaces.source.path) - app/console doctrine:migrations:migrate -n - ./scripts/run-php-tests.sh --group integration --stderr --testdox -d memory_limit=512M - - diff --git a/kustomization/base/tekton/task/symfonyapp/phpsecuritycheck.yaml b/kustomization/base/tekton/task/symfonyapp/phpsecuritycheck.yaml deleted file mode 100644 index 228350b..0000000 --- a/kustomization/base/tekton/task/symfonyapp/phpsecuritycheck.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: phpsecuritycheck -spec: - description: Check PHP security issues - workspaces: - - name: source - steps: - - name: exec - image: alpine:latest - script: | - #!/bin/sh - #set -e - - echo "" - echo "== INSTALL PHP-SECURITY-CHECKER ==========================" - export PHP_SECURITY_CHECKER_VERSION=1.0.0 - export ARG JQ_VERSION=1.6 - wget -O /usr/local/bin/local-php-security-checker https://github.com/fabpot/local-php-security-checker/releases/download/v${PHP_SECURITY_CHECKER_VERSION}/local-php-security-checker_${PHP_SECURITY_CHECKER_VERSION}_linux_amd64 \ - && chmod +x /usr/local/bin/local-php-security-checker - - - echo "" - echo "== RUN PHP-SECURITY-CHECKER ==============================" - cd $(workspaces.source.path) - local-php-security-checker --format=markdown > temp_phpsecuritychecker.txt 2>&1 - RESULT=$(cat temp_phpsecuritychecker.txt) - echo "${RESULT}" - - echo "" - echo "" diff --git a/kustomization/base/tekton/task/symfonyapp/phpstan.yaml b/kustomization/base/tekton/task/symfonyapp/phpstan.yaml deleted file mode 100644 index 3433b05..0000000 --- a/kustomization/base/tekton/task/symfonyapp/phpstan.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: phpstan -spec: - description: Phpstan on modified code - workspaces: - - name: source - params: - - name: apiurl - - name: requestid - steps: - - name: analyse - image: reg.cadoles.com/cadoles/phpstan - script: | - #!/bin/sh - echo "== RUN PHPSTAN ===========================================" - cd $(workspaces.source.path) - phpstan analyse -l 5 --configuration phpstan-pipeline.neon --error-format table --no-progress > temp_phpstan.txt 2>&1 - cat temp_phpstan.txt diff --git a/kustomization/base/tekton/task/symfonyapp/phpunittest.yaml b/kustomization/base/tekton/task/symfonyapp/phpunittest.yaml deleted file mode 100644 index bfd21e7..0000000 --- a/kustomization/base/tekton/task/symfonyapp/phpunittest.yaml +++ /dev/null @@ -1,119 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: phpunittest -spec: - description: PHP unit test - workspaces: - - name: source - sidecars: - - name: database - image: postgres:16 - env: - - name: POSTGRES_PASSWORD - value: not_so_secret - - name: POSTGRES_HOST_AUTH_METHOD - value: trust - - steps: - - name: php-unit - image: reg.cadoles.com/cadoles/symfony:alpine-php-7.4-base-20230926 - env: - - name: PHP_FPM_MEMORY_LIMIT - value: 512m - - name: MSE_DATABASE_DRIVER - value: pdo_pgsql - - name: MSE_DATABASE_HOST - value: localhost - - name: MSE_DATABASE_PORT - value: '5432' - - name: MSE_DATABASE_NAME - value: postgres - - name: MSE_DATABASE_USER - value: postgres - - name: MSE_DATABASE_PASSWORD - value: not_so_secret - - name: MSE_REDIS_SERVER - value: localhost - - name: MSE_REDIS_PORT - value: '6379' - command: - - /bin/sh - args: - - '-c' - - | - set -e - apk add bash=5.1.16-r0 \ - postgresql-client \ - php7-gd=7.4.33-r1 \ - php7-xsl=7.4.33-r1 \ - php7-pdo=7.4.33-r1 \ - php7-pgsql=7.4.33-r1 \ - php7-pdo_pgsql=7.4.33-r1 \ - php7-soap=7.4.33-r1 \ - php7-ldap=7.4.33-r1 \ - php7-pdo_mysql=7.4.33-r1 \ - php7-bcmath=7.4.33-r1 \ - php7-intl=7.4.33-r1 \ - php7-fileinfo=7.4.33-r1 \ - php7-iconv=7.4.33-r1 \ - php7-pecl-amqp=1.11.0-r0 \ - php7-pecl-redis=5.3.6-r0 - echo "memory_limit = 512M" >> /etc/php7/conf.d/03_base.ini - echo "memory_limit = 512M" >> /etc/php8/conf.d/03_base.ini - cd $(workspaces.source.path) - ./bin/phpunit -c ./app --group unit --stderr --testdox -d memory_limit=1024M $(PHPUNIT_ARGS) - onError: continue - - - name: php-functional - image: reg.cadoles.com/cadoles/symfony:alpine-php-7.4-base-20230926 - env: - - name: PHP_FPM_MEMORY_LIMIT - value: 512m - - name: MSE_DATABASE_DRIVER - value: pdo_pgsql - - name: MSE_DATABASE_HOST - value: localhost - - name: MSE_DATABASE_PORT - value: '5432' - - name: MSE_DATABASE_NAME - value: postgres - - name: MSE_DATABASE_USER - value: postgres - - name: MSE_DATABASE_PASSWORD - value: not_so_secret - - name: MSE_REDIS_SERVER - value: rfs-portal-redis - - name: MSE_REDIS_PORT - value: '26379' - - name: MSE_REDIS_SERVER - value: rfs-tekton-redis - command: - - /bin/sh - args: - - '-c' - - | - set -e - apk add bash=5.1.16-r0 \ - postgresql-client \ - php7-gd=7.4.33-r1 \ - php7-xsl=7.4.33-r1 \ - php7-pdo=7.4.33-r1 \ - php7-pgsql=7.4.33-r1 \ - php7-pdo_pgsql=7.4.33-r1 \ - php7-soap=7.4.33-r1 \ - php7-ldap=7.4.33-r1 \ - php7-pdo_mysql=7.4.33-r1 \ - php7-bcmath=7.4.33-r1 \ - php7-intl=7.4.33-r1 \ - php7-fileinfo=7.4.33-r1 \ - php7-iconv=7.4.33-r1 \ - php7-pecl-amqp=1.11.0-r0 \ - php7-pecl-redis=5.3.6-r0 - echo "memory_limit = 512M" >> /etc/php7/conf.d/03_base.ini - echo "memory_limit = 512M" >> /etc/php8/conf.d/03_base.ini - cd $(workspaces.source.path) - /bin/sh ./sidecar-scripts/init_database.sh - ./bin/phpunit -c ./app --group integration --stderr --testdox -d memory_limit=1024M $(PHPUNIT_ARGS) - - diff --git a/kustomization/base/tekton/trigger/imagebuild-binding.yaml b/kustomization/base/tekton/trigger/imagebuild-binding.yaml deleted file mode 100644 index 9f22434..0000000 --- a/kustomization/base/tekton/trigger/imagebuild-binding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: triggers.tekton.dev/v1beta1 -kind: TriggerBinding -metadata: - name: imagebuild-binding -spec: - params: - - name: url - value: $(body.repository.clone_url) - - name: revision - value: $(body.pull_request.base.ref) - - name: image - value: $(body.repository.full_name) - - name: tag - value: $(body.release.target_commitish)-$(body.release.tag_name) - - name: apiurl - value: $(body.release.url) - - name: requestid - value: $(body.release.id) - diff --git a/kustomization/base/tekton/trigger/imagebuild-template.yaml b/kustomization/base/tekton/trigger/imagebuild-template.yaml deleted file mode 100644 index 84568b1..0000000 --- a/kustomization/base/tekton/trigger/imagebuild-template.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: triggers.tekton.dev/v1beta1 -kind: TriggerTemplate -metadata: - name: imagebuild-template -spec: - params: - - name: url - - name: revision - - name: image - - name: tag - - name: dockerfile - - name: registry - - name: apiurl - - name: requestid - - name: requesttype - - resourcetemplates: - - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - generateName: imagebuild-run- - namespace: tekton-pipelines - spec: - serviceAccountName: build-bot - pipelineRef: - name: imagebuild - podTemplate: - securityContext: - fsGroup: 65532 - workspaces: - - name: shared-data - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - - name: docker-credentials - secret: - secretName: regcred - - name: git-credentials - secret: - secretName: git-credentials - - name: gitea-access-token - secret: - secretName: gitea-access-token - params: - - name: url - value: $(tt.params.url) - - name: revision - value: $(tt.params.revision) - - name: image - value: hydra-sql-theme - - name: tag - value: $(tt.params.tag) - - name: dockerfile - value: ./misc/k8s/images/hydra-sql-mse-theme/Dockerfile - - name: registry - value: $(tt.params.registry) - - name: apiurl - value: $(tt.params.apiurl) - - name: requestid - value: $(tt.params.requestid) - - name: requesttype - value: pullrequest diff --git a/kustomization/base/tekton/trigger/msebuild-binding.yaml b/kustomization/base/tekton/trigger/msebuild-binding.yaml deleted file mode 100644 index 7b66f48..0000000 --- a/kustomization/base/tekton/trigger/msebuild-binding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: triggers.tekton.dev/v1beta1 -kind: TriggerBinding -metadata: - name: msebuild-binding -spec: - params: - - name: url - value: $(body.repository.clone_url) - - name: revision - value: $(body.pull_request.base.ref) - - name: image - value: $(body.repository.full_name) - - name: apiurl - value: $(body.pull_request.base.repo.url) - - name: requestid - value: $(body.pull_request.number) - - diff --git a/kustomization/base/tekton/trigger/msebuild-template.yaml b/kustomization/base/tekton/trigger/msebuild-template.yaml deleted file mode 100644 index 7bde0d8..0000000 --- a/kustomization/base/tekton/trigger/msebuild-template.yaml +++ /dev/null @@ -1,389 +0,0 @@ -apiVersion: triggers.tekton.dev/v1beta1 -kind: TriggerTemplate -metadata: - name: msebuild-template -spec: - params: - - name: url - - name: revision - - name: image - - name: tag - - name: dockerfile - - name: registry - - name: apiurl - - name: requestid - - name: requesttype - - resourcetemplates: - # Portal - - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - generateName: msebuild-portal-run- - namespace: tekton-pipelines - spec: - serviceAccountName: build-bot - pipelineRef: - name: imagebuild - podTemplate: - securityContext: - fsGroup: 65532 - workspaces: - - name: shared-data - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - - name: docker-credentials - secret: - secretName: regcred - - name: git-credentials - secret: - secretName: git-credentials - - name: gitea-access-token - secret: - secretName: gitea-access-token - params: - - name: url - value: $(tt.params.url) - - name: revision - value: $(tt.params.revision) - - name: image - value: portal - - name: tag - value: $(tt.params.tag) - - name: dockerfile - value: ./misc/k8s/images/portal/Dockerfile - - name: context - value: ./ - - name: registry - value: $(tt.params.registry) - - name: apiurl - value: $(tt.params.apiurl) - - name: requestid - value: $(tt.params.requestid) - - name: requesttype - value: pullrequest - - # Hydra Dispatcher Theme - - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - generateName: msebuild-hydra-dispatcher-theme-run- - namespace: tekton-pipelines - spec: - serviceAccountName: build-bot - pipelineRef: - name: imagebuild - podTemplate: - securityContext: - fsGroup: 65532 - workspaces: - - name: shared-data - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - - name: docker-credentials - secret: - secretName: regcred - - name: git-credentials - secret: - secretName: git-credentials - - name: gitea-access-token - secret: - secretName: gitea-access-token - params: - - name: url - value: $(tt.params.url) - - name: revision - value: $(tt.params.revision) - - name: image - value: hydra-dispatcher-theme - - name: context - value: misc/k8s/images/hydra-dispatcher-mse-theme - - name: tag - value: $(tt.params.tag) - - name: dockerfile - value: ./misc/k8s/images/hydra-dispatcher-mse-theme/Dockerfile - - name: registry - value: $(tt.params.registry) - - name: apiurl - value: $(tt.params.apiurl) - - name: requestid - value: $(tt.params.requestid) - - name: requesttype - value: pullrequest - - # Hydra SQL Theme - - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - generateName: msebuild-hydra-sql-theme-run- - namespace: tekton-pipelines - spec: - serviceAccountName: build-bot - pipelineRef: - name: imagebuild - podTemplate: - securityContext: - fsGroup: 65532 - workspaces: - - name: shared-data - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - - name: docker-credentials - secret: - secretName: regcred - - name: git-credentials - secret: - secretName: git-credentials - - name: gitea-access-token - secret: - secretName: gitea-access-token - params: - - name: url - value: $(tt.params.url) - - name: revision - value: $(tt.params.revision) - - name: image - value: hydra-sql-theme - - name: context - value: misc/k8s/images/hydra-sql-mse-theme - - name: tag - value: $(tt.params.tag) - - name: dockerfile - value: ./misc/k8s/images/hydra-sql-mse-theme/Dockerfile - - name: registry - value: $(tt.params.registry) - - name: apiurl - value: $(tt.params.apiurl) - - name: requestid - value: $(tt.params.requestid) - - name: requesttype - value: pullrequest - - # Job Base - - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - generateName: msebuild-job-base-run- - namespace: tekton-pipelines - spec: - serviceAccountName: build-bot - pipelineRef: - name: imagebuild - podTemplate: - securityContext: - fsGroup: 65532 - workspaces: - - name: shared-data - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - - name: docker-credentials - secret: - secretName: regcred - - name: git-credentials - secret: - secretName: git-credentials - - name: gitea-access-token - secret: - secretName: gitea-access-token - params: - - name: url - value: $(tt.params.url) - - name: revision - value: $(tt.params.revision) - - name: image - value: job-base - - name: context - value: misc/k8s/images/job-base - - name: tag - value: $(tt.params.tag) - - name: dockerfile - value: ./misc/k8s/images/job-base/Dockerfile - - name: registry - value: $(tt.params.registry) - - name: apiurl - value: $(tt.params.apiurl) - - name: requestid - value: $(tt.params.requestid) - - name: requesttype - value: pullrequest - - # Mock - - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - generateName: msebuild-mock-run- - namespace: tekton-pipelines - spec: - serviceAccountName: build-bot - pipelineRef: - name: imagebuild - podTemplate: - securityContext: - fsGroup: 65532 - workspaces: - - name: shared-data - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - - name: docker-credentials - secret: - secretName: regcred - - name: git-credentials - secret: - secretName: git-credentials - - name: gitea-access-token - secret: - secretName: gitea-access-token - params: - - name: url - value: $(tt.params.url) - - name: revision - value: $(tt.params.revision) - - name: image - value: mock - - name: context - value: misc/k8s/images/mock - - name: tag - value: $(tt.params.tag) - - name: dockerfile - value: ./misc/k8s/images/mock/Dockerfile - - name: registry - value: $(tt.params.registry) - - name: apiurl - value: $(tt.params.apiurl) - - name: requestid - value: $(tt.params.requestid) - - name: requesttype - value: pullrequest - - # Ines - - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - generateName: msebuild-ines-run- - namespace: tekton-pipelines - spec: - serviceAccountName: build-bot - pipelineRef: - name: imagebuild - podTemplate: - securityContext: - fsGroup: 65532 - workspaces: - - name: shared-data - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - - name: docker-credentials - secret: - secretName: regcred - - name: git-credentials - secret: - secretName: git-credentials - - name: gitea-access-token - secret: - secretName: gitea-access-token - params: - - name: url - value: $(tt.params.url) - - name: revision - value: $(tt.params.revision) - - name: image - value: ines - - name: context - value: misc/k8s/images/ines - - name: tag - value: $(tt.params.tag) - - name: dockerfile - value: ./misc/k8s/images/ines/Dockerfile - - name: registry - value: $(tt.params.registry) - - name: apiurl - value: $(tt.params.apiurl) - - name: requestid - value: $(tt.params.requestid) - - name: requesttype - value: pullrequest - - # Shibboleth-sp - - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - generateName: msebuild-shibboleth-sp-run- - namespace: tekton-pipelines - spec: - serviceAccountName: build-bot - pipelineRef: - name: imagebuild - podTemplate: - securityContext: - fsGroup: 65532 - workspaces: - - name: shared-data - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - - name: docker-credentials - secret: - secretName: regcred - - name: git-credentials - secret: - secretName: git-credentials - - name: gitea-access-token - secret: - secretName: gitea-access-token - params: - - name: url - value: $(tt.params.url) - - name: revision - value: $(tt.params.revision) - - name: image - value: shibboleth-sp - - name: context - value: misc/k8s/images/sp - - name: tag - value: $(tt.params.tag) - - name: dockerfile - value: ./misc/k8s/images/sp/Dockerfile - - name: registry - value: $(tt.params.registry) - - name: apiurl - value: $(tt.params.apiurl) - - name: requestid - value: $(tt.params.requestid) - - name: requesttype - value: pullrequest - - diff --git a/kustomization/base/tekton/trigger/symfonycheck-binding.yaml b/kustomization/base/tekton/trigger/symfonycheck-binding.yaml deleted file mode 100644 index cdfc10a..0000000 --- a/kustomization/base/tekton/trigger/symfonycheck-binding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: triggers.tekton.dev/v1beta1 -kind: TriggerBinding -metadata: - name: symfonycheck-binding -spec: - params: - - name: url - value: $(body.pull_request.head.repo.clone_url) - - name: revision - value: $(body.pull_request.head.ref) - - name: apiurl - value: $(body.pull_request.head.repo.url) - - name: requestid - value: $(body.pull_request.number) - - name: destination - value: $(body.pull_request.base.ref) diff --git a/kustomization/base/tekton/trigger/symfonycheck-template.yaml b/kustomization/base/tekton/trigger/symfonycheck-template.yaml deleted file mode 100644 index 93c291f..0000000 --- a/kustomization/base/tekton/trigger/symfonycheck-template.yaml +++ /dev/null @@ -1,56 +0,0 @@ -apiVersion: triggers.tekton.dev/v1beta1 -kind: TriggerTemplate -metadata: - name: symfonycheck-template -spec: - params: - - name: url - - name: revision - - name: requestid - - name: destination - - name: apiurl - - name: requesttype - resourcetemplates: - - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - generateName: symfonycheck-run- - namespace: tekton-pipelines - spec: - serviceAccountName: build-bot - pipelineRef: - name: symfonycheck - podTemplate: - securityContext: - fsGroup: 65532 - workspaces: - - name: shared-data - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - - name: config - configmap: - name: config-phpcsfixer - - name: docker-credentials - secret: - secretName: regcred - - name: gitea-access-token - secret: - secretName: gitea-access-token - params: - - name: url - value: $(tt.params.url) - - name: revision - value: $(tt.params.revision) - - name: destination - value: $(tt.params.destination) - - name: apiurl - value: $(tt.params.apiurl) - - name: requestid - value: $(tt.params.requestid) - - name: requesttype - value: pullrequest diff --git a/skaffold.yaml b/skaffold.yaml deleted file mode 100644 index 74531d3..0000000 --- a/skaffold.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: skaffold/v3 -kind: Config - -metadata: - name: tekton-pipelines - -manifests: - kustomize: - paths: - - kustomization/base -