webhooks via webgui config, want dees is veel te ingewikkeld via yamls

2025-08-29 20:12:43 +00:00 · 2020-03-05 14:15:31 +01:00
parent c6cdfba1be
commit 28f5fcb9e1
22 changed files with 360 additions and 429 deletions
--- a/manifests/resources/cluster-role-binding.yaml
+++ b/manifests/resources/cluster-role-binding.yaml
@@ -0,0 +1,13 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: allow-creation-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: allow-creation
+subjects:
+  - kind: ServiceAccount
+    name: service-acc
+    namespace: tekton-pipeline-istio-project-1
--- a/manifests/resources/cluster-role.yaml
+++ b/manifests/resources/cluster-role.yaml
@@ -0,0 +1,29 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: allow-creation
+rules:
+  - apiGroups:
+      - ""
+      - "apps"
+      - "deploy"
+      - "networking.istio.io"
+    resources:
+      - pods
+      - serviceaccounts
+      - namespaces
+      - services
+      - deployments
+      - deployments.apps
+      - destinationrules
+      - gateways
+      - virtualservices
+    verbs:
+      - list
+      - watch
+      - get
+      - create
+      - update
+      - patch
+      - delete
--- a/manifests/resources/create-repo-webhook.yaml
+++ b/manifests/resources/create-repo-webhook.yaml
@@ -0,0 +1,28 @@
+---
+# https://medium.com/@nikhilthomas1/cloud-native-cicd-on-openshift-with-openshift-pipelines-tektoncd-pipelines-part-3-github-1db6dd8e8ca7
+apiVersion: tekton.dev/v1alpha1
+kind: TaskRun
+metadata:
+  name: create-repo-webhook
+  namespace: tekton-pipeline-istio-project-1
+spec:
+  taskRef:
+    name: create-webhook
+  inputs:
+    params:
+    - name: GitHubOrg
+      value: "beppevanrolleghem"
+    - name: GitHubUser
+      value: "beppevanrolleghem"
+    - name: GitHubRepo
+      value: "cicdTest"
+    - name: GitHubSecretName
+      value: webhook-secret
+    - name: GitHubAccessTokenKey
+      value: token
+    - name: GitHubSecretStringKey
+      value: secret
+    - name: ExternalDomain
+      value: 35.233.93.220
+  timeout: 1000s
+  serviceAccount: tekton-triggers-createwebhook
--- a/manifests/resources/create-webhook.yaml
+++ b/manifests/resources/create-webhook.yaml
@@ -0,0 +1,51 @@
+---
+apiVersion: tekton.dev/v1alpha1
+kind: Task
+metadata:
+  name: create-webhook
+  namespace: tekton-pipeline-istio-project-1
+spec:
+  volumes:
+  - name: github-secret
+    secret:
+      secretName: $(inputs.params.GitHubSecretName)
+  inputs:
+    params:
+    - name: ExternalDomain
+      description: "The external domain for the EventListener e.g. `$(inputs.params.EventListenerName).<PROXYIP>.nip.io`"
+    - name: GitHubUser
+      description: "The GitHub user"
+    - name: GitHubRepo
+      description: "The GitHub repo where the webhook will be created"
+    - name: GitHubOrg
+      description: "The GitHub organization where the webhook will be created"
+    - name: GitHubSecretName
+      description: "The Secret name for GitHub access token. This is always mounted and must exist"
+    - name: GitHubAccessTokenKey
+      description: "The GitHub access token key name"
+    - name: GitHubSecretStringKey
+      description: "The GitHub secret string key name"
+    - name: GitHubDomain
+      description: "The GitHub domain. Override for GitHub Enterprise"
+      default: "github.com"
+    - name: WebhookEvents
+      description: "List of events the webhook will send notifications for"
+      default: '[\"push\",\"pull_request\"]'
+  steps:
+  - name: create-webhook
+    image: pstauffer/curl:latest
+    volumeMounts:
+    - name: github-secret
+      mountPath: /var/secret
+    command:
+    - sh
+    args:
+    - -ce
+    - |
+      set -e
+      echo "Create Webhook"
+      if [ $(inputs.params.GitHubDomain) = "github.com" ];then
+        curl -v -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"$(inputs.params.ExternalDomain)\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://api.github.com/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks
+      else
+        curl -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"$(inputs.params.ExternalDomain)/\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://$(inputs.params.GitHubDomain)/api/v3/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks
+      fi
--- a/manifests/resources/git.yaml
+++ b/manifests/resources/git.yaml
@@ -2,12 +2,25 @@
 apiVersion: tekton.dev/v1alpha1
 kind: PipelineResource
 metadata:
-  name: git
+  name: git-master
  namespace: tekton-pipeline-istio-project-1
 spec:
  type: git
  params:
    - name: revision
      value: master
+    - name: url
+      value: git://github.com/beppevanrolleghem/cicdTest
+---
+apiVersion: tekton.dev/v1alpha1
+kind: PipelineResource
+metadata:
+  name: git-experimental
+  namespace: tekton-pipeline-istio-project-1
+spec:
+  type: git
+  params:
+    - name: revision
+      value: experimental
    - name: url
      value: git://github.com/beppevanrolleghem/cicdTest
--- a/manifests/resources/service-account.yaml
+++ b/manifests/resources/service-account.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: service-acc
+  namespace: tekton-pipeline-istio-project-1
+secrets:
+  - name: regcred