diff --git a/Makefile b/Makefile index 076af3f..95fad22 100644 --- a/Makefile +++ b/Makefile @@ -37,6 +37,7 @@ docker-secret: docker --config kustomization/base/tekton/secret/dockerconfig login reg.cadoles.com # mv kustomization/base/tekton/secret/dockerconfig/config.json kustomization/base/tekton/secret/dockerconfig/.dockerconfigjson kubectl create secret generic regcred --from-file=config.json=kustomization/base/tekton/secret/dockerconfig/config.json -n tekton + kubectl patch cm feature-flags -n tekton-pipelines -p '{"data":{"enable-api-fields":"alpha"}}' deploy-dev: ## Déploie le projet dans le cluster (nécessite la variable $HARBOR_USER_NAME) skaffold dev -p dev --cleanup=false --default-repo reg.cadoles.com/${HARBOR_USER_NAME} diff --git a/kind/cluster/kustomization.yaml b/kind/cluster/kustomization.yaml index 5883b14..dbf0c07 100644 --- a/kind/cluster/kustomization.yaml +++ b/kind/cluster/kustomization.yaml @@ -8,10 +8,10 @@ resources: - https://forge.cadoles.com/CadolesKube/c-kustom//base/minio?ref=develop - https://forge.cadoles.com/CadolesKube/c-kustom//base/metallb?ref=develop - https://forge.cadoles.com/CadolesKube/c-kustom//base/nginx?ref=develop +- https://storage.googleapis.com/tekton-releases/operator/latest/release.yaml +- https://raw.githubusercontent.com/tektoncd/operator/main/config/crs/kubernetes/config/all/operator_v1alpha1_config_cr.yaml - https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml - https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml - https://storage.googleapis.com/tekton-releases/triggers/latest/interceptors.yaml -- https://storage.googleapis.com/tekton-releases/operator/latest/release.yaml -- https://raw.githubusercontent.com/tektoncd/operator/main/config/crs/kubernetes/config/all/operator_v1alpha1_config_cr.yaml - https://storage.googleapis.com/tekton-releases/dashboard/latest/release.yaml diff --git a/kustomization/base/tekton/event/symfonybuild.yaml b/kustomization/base/tekton/event/symfonybuild.yaml deleted file mode 100644 index cf95257..0000000 --- a/kustomization/base/tekton/event/symfonybuild.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: triggers.tekton.dev/v1beta1 -kind: EventListener -metadata: - name: symfonybuild -spec: - serviceAccountName: tekton-robot - triggers: - - name: symfonybuild-trigger - interceptors: - - ref: - name: "cel" - params: - - name: "filter" - value: "body.action != 'deleted'" - bindings: - - ref: symfonybuild-binding - template: - ref: symfonybuild-template diff --git a/kustomization/base/tekton/event/symfonycheck.yaml b/kustomization/base/tekton/event/symfonycheck.yaml index 8507b9c..6a667b1 100644 --- a/kustomization/base/tekton/event/symfonycheck.yaml +++ b/kustomization/base/tekton/event/symfonycheck.yaml @@ -5,7 +5,7 @@ metadata: spec: serviceAccountName: tekton-robot triggers: - - name: symfonycheck-trigger + - name: symfonycheck-trigger interceptors: - ref: name: "cel" diff --git a/kustomization/base/tekton/kustomization.yaml b/kustomization/base/tekton/kustomization.yaml index 053c2f8..05a5fe9 100644 --- a/kustomization/base/tekton/kustomization.yaml +++ b/kustomization/base/tekton/kustomization.yaml @@ -6,23 +6,36 @@ resources: - secret/secret.yaml - serviceaccount/service-account.yaml - serviceaccount/rbac.yaml +- configmap/configmap-phpcsfixer.yaml + +# Tasks - https://raw.githubusercontent.com/tektoncd/catalog/main/task/git-clone/0.9/git-clone.yaml - https://api.hub.tekton.dev/v1/resource/tekton/task/kaniko/0.6/raw -- https://api.hub.tekton.dev/v1/resource/tekton/task/trivy-scanner/0.2/raw -- configmap/configmap-phpcsfixer.yaml -- task/giteacomment.yaml -- task/imageformater.yaml -- task/phpcsfixer.yaml -- task/phpsecuritycheck.yaml -- task/phpstan.yaml -- task/phpunittest.yaml -- pipeline/symfonybuild.yaml +- task/common/giteacomment.yaml +- task/common/imageformater.yaml +- task/common/cleanup.yaml +- task/common/crane.yaml +- task/common/trivy.yaml +- task/symfonyapp/phpcsfixer.yaml +- task/symfonyapp/phpsecuritycheck.yaml +- task/symfonyapp/phpstan.yaml +- task/symfonyapp/phpunittest.yaml + +# Pipelines +- pipeline/msebuild.yaml +- pipeline/imagebuild.yaml - pipeline/symfonycheck.yaml -- trigger/symfonybuild-binding.yaml -- trigger/symfonybuild-template.yaml + +# Triggers +- trigger/msebuild-binding.yaml +- trigger/msebuild-template.yaml +- trigger/imagebuild-binding.yaml +- trigger/imagebuild-template.yaml - trigger/symfonycheck-binding.yaml - trigger/symfonycheck-template.yaml -- event/symfonybuild.yaml + +# Events +- event/msebuild.yaml +- event/imagebuild.yaml - event/symfonycheck.yaml - diff --git a/kustomization/base/tekton/pipeline/symfonybuild.yaml b/kustomization/base/tekton/pipeline/symfonybuild.yaml deleted file mode 100644 index 81543d4..0000000 --- a/kustomization/base/tekton/pipeline/symfonybuild.yaml +++ /dev/null @@ -1,101 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Pipeline -metadata: - name: symfonybuild -spec: - description: | - This pipeline clones a git repo, then echoes the README file to the stout. - params: - - name: url - type: string - description: The git repo URL to clone from. - - name: revision - type: string - description: The git repo branch to checkout. - - name: image - type: string - description: The image to build. - - name: apiurl - type: string - description: The gitea api url. - - name: requesttype - type: string - description: The gitea request type = pullrequet or release - - name: requestid - type: string - description: The gitea request id. - - name: access_token - type: string - description: The gitea access_token id. - - workspaces: - - name: shared-data - - name: config - - name: docker-credentials - - tasks: - # ⭐ Execution des tests unitaires avec une BDD en sidecar - - name: imageformater - taskRef: - name: imageformater - params: - - name: image - value: $(params.image) - - - - # 📥 Clone du repo git - - name: gitclone - runAfter: [imageformater] - taskRef: - name: git-clone - workspaces: - - name: output - workspace: shared-data - params: - - name: url - value: $(params.url) - - name: revision - value: $(params.revision) - - name: submodules - value: 'false' - - name: depth - value: '50' - - ## ⭐ Execution des tests unitaires avec une BDD en sidecar - #- name: phpunittest - # runAfter: - # - gitclone - # # - phpcsfixer - # # - phpstan - # # - phpsecuritycheck - # taskRef: - # name: phpunittest - # workspaces: - # - name: source - # workspace: shared-data - - - - # 🔨 Build de l'image - - name: kanikobuild - taskRef: - name: kaniko - params: - - name: IMAGE - value: $(tasks.imageformater.results.imagetag) - - name: BUILDER_IMAGE - value: gcr.io/kaniko-project/executor:v1.20.0 - - name: EXTRA_ARGS - value: - - --skip-tls-verify - - --insecure - - --ignore-path=/product_uuid - workspaces: - - name: source - workspace: shared-data - - name: dockerconfig - workspace: docker-credentials - runAfter: - - gitclone - diff --git a/kustomization/base/tekton/pipeline/symfonycheck.yaml b/kustomization/base/tekton/pipeline/symfonycheck.yaml index 9bf738d..39c3836 100644 --- a/kustomization/base/tekton/pipeline/symfonycheck.yaml +++ b/kustomization/base/tekton/pipeline/symfonycheck.yaml @@ -49,7 +49,7 @@ spec: - name: depth value: '50' - # ⭐ Execution des tests phpsecuritycheck + # ⭐ Exécution des tests phpsecuritycheck - name: phpsecuritycheck runAfter: ["gitclone"] taskRef: @@ -58,7 +58,7 @@ spec: - name: source workspace: shared-data - # ⭐ Execution des tests phpstan + # ⭐ Exécution des tests phpstan - name: phpstan runAfter: ["gitclone"] taskRef: @@ -74,7 +74,7 @@ spec: - name: access_token value: $(params.access_token) - # ⭐ Execution des tests php-cs-fixer + # ⭐ Exécution des tests php-cs-fixer - name: phpcsfixer runAfter: ["gitclone"] taskRef: @@ -85,9 +85,17 @@ spec: - name: config workspace: config + # ⭐ Execution des tests unitaires avec une BDD en sidecar + - name: phpunittest + runAfter: ["gitclone"] + taskRef: + name: phpunittest + workspaces: + - name: source + workspace: shared-data finally: - # ⭐ Envoyer le resulat de php-cs-fixer à gitea + # 📨 Envoie du resulat de php-cs-fixer à gitea - name: phpcsfixer-giteacomment taskRef: name: giteacomment @@ -106,7 +114,7 @@ spec: - name: filepath value: "temp_phpcsfixer.txt" - # ⭐ Envoyer le resulat de phpstan à gitea + # 📨 Envoi du resulat de phpstan à gitea - name: phpstan-giteacomment taskRef: name: giteacomment @@ -125,7 +133,7 @@ spec: - name: filepath value: "temp_phpstan.txt" - # ⭐ Envoyer le resulat de phpsecuritychecker à gitea + # 📨 Envoie le resulat de phpsecuritychecker à gitea - name: phpsecuritychecker-giteacomment taskRef: name: giteacomment @@ -140,22 +148,36 @@ spec: - name: access_token value: $(params.access_token) - name: title - value: "" + value: "PHP-SECURITY-CHECK" - name: filepath value: "temp_phpsecuritychecker.txt" - ## ⭐ Execution des tests unitaires avec une BDD en sidecar - #- name: phpunittest - # runAfter: - # - gitclone - # # - phpcsfixer - # # - phpstan - # # - phpsecuritycheck - # taskRef: - # name: phpunittest - # workspaces: - # - name: source - # workspace: shared-data - + # 📨 Envoyer du resulat de trivy à gitea + - name: trivy-giteacomment + taskRef: + name: giteacomment + workspaces: + - name: source + workspace: shared-data + params: + - name: apiurl + value: $(params.apiurl) + - name: requestid + value: $(params.requestid) + - name: access_token + value: $(params.access_token) + - name: title + value: "TRIVY" + - name: filepath + value: "temp_trivy.txt" + + # 🧹 Cleanup + - name: cleanup-workspace + taskRef: + name: cleanup-workspace + kind: Task + workspaces: + - name: source + workspace: shared-data diff --git a/kustomization/base/tekton/task/giteacomment.yaml b/kustomization/base/tekton/task/giteacomment.yaml deleted file mode 100644 index ed7963a..0000000 --- a/kustomization/base/tekton/task/giteacomment.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: giteacomment -spec: - description: Send file content to a comment of the pullrequest gitea - workspaces: - - name: source - params: - - name: apiurl - - name: requestid - - name: access_token - - name: title - - name: filepath - steps: - - name: exec - image: alpine - command: - - /bin/sh - args: - - '-c' - - | - #set -ex - - cd $(workspaces.source.path) - - echo "" - echo "== INSTALL DEPENDANCES ===================================" - apk add jq curl - - echo "" - echo "== SEND COMMENT TO GITEA =================================" - - if [[ -n "$(params.title)" ]]; then - sed -i '1i\# $(params.title)' $(params.filepath) - fi - - RESULT=$(cat $(params.filepath)) - rm -f $(params.filepath) - APIURL=$(params.apiurl)/issues/$(params.requestid)/comments?access_token=$(params.access_token) - RESULT_ESCAPED=$(jq --null-input --arg result "${RESULT}" '$result') - BODY="{\"body\": ${RESULT_ESCAPED}}" - echo ${BODY} - - curl -X 'POST' \ - ${APIURL} \ - -s \ - -H 'accept: application/json' \ - -H 'Content-Type: application/json' \ - -d "${BODY}" - - echo "" - echo "" \ No newline at end of file diff --git a/kustomization/base/tekton/task/imageformater.yaml b/kustomization/base/tekton/task/imageformater.yaml deleted file mode 100644 index 4ebe5f2..0000000 --- a/kustomization/base/tekton/task/imageformater.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: imageformater -spec: - description: transform image name to standart name - params: - - name: image - results: - - name: imagetag - steps: - - name: exec - image: alpine - command: - - /bin/sh - args: - - '-c' - - | - #set -ex - - echo "" - echo "== IMAGE NAME FORMATER ===================================" - - echo "IMAGE TAG BEFORE = $(params.image)" - - temp="$(params.image)" - lowercase=$(echo "$temp" | awk '{print tolower($0)}') - echo "IMAGE TAF AFTER = ${lowercase}" - - echo -n "${lowercase}" > "$(results.imagetag.path)" - - echo "" - echo "" \ No newline at end of file diff --git a/kustomization/base/tekton/task/phpcsfixer.yaml b/kustomization/base/tekton/task/phpcsfixer.yaml deleted file mode 100644 index d947949..0000000 --- a/kustomization/base/tekton/task/phpcsfixer.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: phpcsfixer -spec: - description: PHP-CS-Fixer on modified code - workspaces: - - name: source - - name: config - steps: - - name: exec - image: ghcr.io/php-cs-fixer/php-cs-fixer:3-php8.3 - command: - - /bin/sh - args: - - '-c' - - | - #set -ex - cd $(workspaces.source.path) - - echo "" - echo "== RUN PHP-CS-FIXER ======================================" - EXTRA_ARGS=$(printf -- '--path-mode=intersection -- %s' "${CHANGED_FILES}") - php-cs-fixer fix --dry-run --config=$(workspaces.config.path)/php-cs-fixer.dist.php ${EXTRA_ARGS} > temp_phpcsfixer.txt 2>&1 - cat temp_phpcsfixer.txt - - echo "" - echo "" \ No newline at end of file diff --git a/kustomization/base/tekton/task/phpsecuritycheck.yaml b/kustomization/base/tekton/task/phpsecuritycheck.yaml deleted file mode 100644 index 80ae347..0000000 --- a/kustomization/base/tekton/task/phpsecuritycheck.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: phpsecuritycheck -spec: - description: Check PHP security issues - workspaces: - - name: source - steps: - - name: exec - image: alpine:latest - script: | - #!/bin/sh - #set -ex - - echo "" - echo "== INSTALL PHP-SECURITY-CHECKER ==========================" - export PHP_SECURITY_CHECKER_VERSION=1.0.0 - export ARG JQ_VERSION=1.6 - wget -O /usr/local/bin/local-php-security-checker https://github.com/fabpot/local-php-security-checker/releases/download/v${PHP_SECURITY_CHECKER_VERSION}/local-php-security-checker_${PHP_SECURITY_CHECKER_VERSION}_linux_amd64 \ - && chmod +x /usr/local/bin/local-php-security-checker - - - echo "" - echo "== RUN PHP-SECURITY-CHECKER ==============================" - cd $(workspaces.source.path) - local-php-security-checker --format=markdown > temp_phpsecuritychecker.txt 2>&1 - RESULT=$(cat temp_phpsecuritychecker.txt) - echo "${RESULT}" - - echo "" - echo "" diff --git a/kustomization/base/tekton/task/phpstan.yaml b/kustomization/base/tekton/task/phpstan.yaml deleted file mode 100644 index e0a9949..0000000 --- a/kustomization/base/tekton/task/phpstan.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: phpstan -spec: - description: PHP-CS-Fixer on modified code - workspaces: - - name: source - params: - - name: apiurl - - name: requestid - - name: access_token - steps: - - name: exec - image: ghcr.io/phpstan/phpstan:1 - command: - - /bin/sh - args: - - '-c' - - | - #set -ex - - echo "" - echo "== INSTALL PHPSTAN =======================================" - composer require phpstan/phpstan-symfony - composer require phpstan/phpstan-doctrine - - cat << EOF > /app/phpstan.neon - includes: - - /app/vendor/phpstan/phpstan-symfony/extension.neon - - /app/vendor/phpstan/phpstan-doctrine/extension.neon - - /app/vendor/phpstan/phpstan-doctrine/rules.neon - EOF - - echo "" - echo "== RUN PHPSTAN ===========================================" - cd $(workspaces.source.path) - php $(which phpstan) analyse -l 1 --error-format=table src/ > temp_phpstan.txt - RESULT=$(cat temp_phpstan.txt) - echo "${RESULT}" - - echo "" - echo "" - diff --git a/kustomization/base/tekton/task/phpunittest.yaml b/kustomization/base/tekton/task/phpunittest.yaml deleted file mode 100644 index 672878c..0000000 --- a/kustomization/base/tekton/task/phpunittest.yaml +++ /dev/null @@ -1,68 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: phpunittest -spec: - description: PHP unit test with bdd sidecar - workspaces: - - name: source - sidecars: - - name: database - image: postgres:16 - env: - - name: POSTGRES_PASSWORD - value: not_so_secret - - name: POSTGRES_HOST_AUTH_METHOD - value: trust - - name: redis - image: redis:4.0 - - steps: - - name: exec - image: reg.cadoles.com/cadoles/symfony:alpine-php-7.4-base-20230926 - env: - - name: PHP_FPM_MEMORY_LIMIT - value: 512m - - name: MSE_DATABASE_DRIVER - value: pdo_pgsql - - name: MSE_DATABASE_HOST - value: localhost - - name: MSE_DATABASE_PORT - value: '5432' - - name: MSE_DATABASE_NAME - value: postgres - - name: MSE_DATABASE_USER - value: postgres - - name: MSE_DATABASE_PASSWORD - value: not_so_secret - - name: MSE_REDIS_SERVER - value: localhost - - name: MSE_REDIS_PORT - value: '6379' - command: - - /bin/sh - args: - - '-c' - - | - set -ex - apk add bash=5.1.16-r0 \ - postgresql-client \ - php7-gd=7.4.33-r1 \ - php7-xsl=7.4.33-r1 \ - php7-pdo=7.4.33-r1 \ - php7-pgsql=7.4.33-r1 \ - php7-pdo_pgsql=7.4.33-r1 \ - php7-soap=7.4.33-r1 \ - php7-ldap=7.4.33-r1 \ - php7-pdo_mysql=7.4.33-r1 \ - php7-bcmath=7.4.33-r1 \ - php7-intl=7.4.33-r1 \ - php7-fileinfo=7.4.33-r1 \ - php7-iconv=7.4.33-r1 \ - php7-pecl-amqp=1.11.0-r0 \ - php7-pecl-redis=5.3.6-r0 - cd $(workspaces.source.path) - app/console doctrine:migrations:migrate -n - ./scripts/run-php-tests.sh --group unit --stderr --testdox -d memory_limit=512M - - diff --git a/kustomization/base/tekton/trigger/symfonybuild-binding.yaml b/kustomization/base/tekton/trigger/symfonybuild-binding.yaml deleted file mode 100644 index fd8a715..0000000 --- a/kustomization/base/tekton/trigger/symfonybuild-binding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: triggers.tekton.dev/v1beta1 -kind: TriggerBinding -metadata: - name: symfonybuild-binding -spec: - params: - - name: url - value: $(body.repository.clone_url) - - name: revision - value: $(body.release.target_commitish) - - name: image - value: reg.cadoles.com/$(body.repository.full_name):$(body.release.target_commitish)-$(body.release.tag_name) - - name: apiurl - value: $(body.release.url) - - name: requestid - value: $(body.release.id) diff --git a/kustomization/base/tekton/trigger/symfonybuild-template.yaml b/kustomization/base/tekton/trigger/symfonybuild-template.yaml deleted file mode 100644 index 84f8845..0000000 --- a/kustomization/base/tekton/trigger/symfonybuild-template.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: triggers.tekton.dev/v1beta1 -kind: TriggerTemplate -metadata: - name: symfonybuild-template -spec: - params: - - name: url - - name: revision - - name: image - - name: apiurl - - name: requestid - resourcetemplates: - - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - generateName: symfonybuild-run- - namespace: tekton - spec: - serviceAccountName: build-bot - pipelineRef: - name: symfonybuild - podTemplate: - securityContext: - fsGroup: 65532 - workspaces: - - name: shared-data - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - - name: config - configmap: - name: config-phpcsfixer - - name: docker-credentials - secret: - secretName: regcred - params: - - name: url - value: $(tt.params.url) - - name: revision - value: $(tt.params.revision) - - name: image - value: $(tt.params.image) - - name: apiurl - value: $(tt.params.apiurl) - - name: requesttype - value: "release" - - name: requestid - value: $(tt.params.requestid) - - name: access_token - value: 69f6d1db6cf1e47dc7958ac20a31e76abf1582ee diff --git a/skaffold.yaml b/skaffold.yaml index aff61bf..74531d3 100644 --- a/skaffold.yaml +++ b/skaffold.yaml @@ -2,7 +2,7 @@ apiVersion: skaffold/v3 kind: Config metadata: - name: tekton + name: tekton-pipelines manifests: kustomize: