diff --git a/.DS_Store b/.DS_Store index 132b9cd..8ba54e7 100644 Binary files a/.DS_Store and b/.DS_Store differ diff --git a/manifests/.DS_Store b/manifests/.DS_Store new file mode 100644 index 0000000..c965ddf Binary files /dev/null and b/manifests/.DS_Store differ diff --git a/manifests/Tekton/.DS_Store b/manifests/Tekton/.DS_Store new file mode 100644 index 0000000..7ca20d2 Binary files /dev/null and b/manifests/Tekton/.DS_Store differ diff --git a/manifests/Tekton/pipeline/.DS_Store b/manifests/Tekton/pipeline/.DS_Store new file mode 100644 index 0000000..5008ddf Binary files /dev/null and b/manifests/Tekton/pipeline/.DS_Store differ diff --git a/manifests/Tekton/pipeline/pipeline.yaml b/manifests/Tekton/pipeline/pipeline.yaml new file mode 100644 index 0000000..9190078 --- /dev/null +++ b/manifests/Tekton/pipeline/pipeline.yaml @@ -0,0 +1,120 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: Pipeline +metadata: + name: application-pipeline + #namespace: stage-tekton-pipeline +spec: + params: + - name: git-url + description: url of the github repository to clone + - name: branch + description: name of the master branch of the repository + workspaces: + - name: workspace-master + - name: workspace-experimental + tasks: + - name: clone-master + taskRef: + name: git-clone + workspaces: + - name: output + workspace: workspace-master + params: + - name: url + value: $(inputs.params.git-url) + - name: revision + value: $(inputs.params.master-branch) + - name: build-and-push-a + taskRef: + name: build-and-push + runAfter: + - clone-master + workspaces: + - name: source + workspace: workspace-master + params: + - name: context + value: "server-a" + - name: image-name + value: "server-a" + - name: version + value: "$(inputs.params.master-branch)" + - name: build-and-push-b-stable + taskRef: + name: build-and-push + runAfter: + - clone-master + workspaces: + - name: source + workspace: workspace-master + params: + - name: context + value: "server-b" + - name: image-name + value: "server-b" + - name: version + value: "$(inputs.params.master-branch)" + - name: build-and-push-d + taskRef: + name: build-and-push + runAfter: + - clone-master + workspaces: + - name: source + workspace: workspace-master + params: + - name: context + value: "server-d" + - name: image-name + value: "server-d" + - name: version + value: "$(inputs.params.master-branch)" + - name: clone-experimental + taskRef: + name: git-clone + workspaces: + - name: output + workspace: workspace-experimental + params: + - name: url + value: $(inputs.params.git-url) + - name: revision + value: $(inputs.params.experimental-branch) + - name: build-and-push-b-experimental + taskRef: + name: build-and-push + workspaces: + - name: source + workspace: workspace-experimental + runAfter: + - clone-experimental + params: + - name: context + value: "server-b" + - name: image-name + value: "server-b" + - name: version + value: "$(inputs.params.experimental-branch)" + - name: deploy-infra + taskRef: + name: execute-yaml + workspaces: + - name: source + workspace: workspace-master + runAfter: + - build-and-push-b-experimental + - build-and-push-d + - build-and-push-a + - build-and-push-b-stable + params: + - name: yaml-location + value: "infra.yaml" + - name: execute-yaml #@TODO make it so that the delete can be skipped if error + taskRef: + name: execute-yaml + workspaces: + - name: source + workspace: workspace-master + runAfter: + - deploy-infra \ No newline at end of file diff --git a/manifests/Tekton/resources/.DS_Store b/manifests/Tekton/resources/.DS_Store new file mode 100644 index 0000000..5008ddf Binary files /dev/null and b/manifests/Tekton/resources/.DS_Store differ diff --git a/manifests/resources/create-repo-webhook.yaml b/manifests/Tekton/resources/create-repo-webhook.yaml similarity index 100% rename from manifests/resources/create-repo-webhook.yaml rename to manifests/Tekton/resources/create-repo-webhook.yaml diff --git a/manifests/resources/create-webhook.yaml b/manifests/Tekton/resources/create-webhook.yaml similarity index 100% rename from manifests/resources/create-webhook.yaml rename to manifests/Tekton/resources/create-webhook.yaml diff --git a/manifests/Tekton/resources/experimental-pvc.yaml b/manifests/Tekton/resources/experimental-pvc.yaml new file mode 100644 index 0000000..172588b --- /dev/null +++ b/manifests/Tekton/resources/experimental-pvc.yaml @@ -0,0 +1,12 @@ + +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: workspace-pvc-experimental +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 500Mi \ No newline at end of file diff --git a/manifests/Tekton/resources/master-pvc.yaml b/manifests/Tekton/resources/master-pvc.yaml new file mode 100644 index 0000000..16c33f5 --- /dev/null +++ b/manifests/Tekton/resources/master-pvc.yaml @@ -0,0 +1,12 @@ + +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: master-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 500Mi \ No newline at end of file diff --git a/manifests/resources/namespace.yaml b/manifests/Tekton/resources/namespace.yaml similarity index 100% rename from manifests/resources/namespace.yaml rename to manifests/Tekton/resources/namespace.yaml diff --git a/manifests/Tekton/resources/secrets.yaml b/manifests/Tekton/resources/secrets.yaml new file mode 100644 index 0000000..01e7b6b --- /dev/null +++ b/manifests/Tekton/resources/secrets.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: github-secret + namespace: tekton-pipeline-istio-project-1 +stringData: + token: GITHUBSECRETTOKEN + secret: random-string-data \ No newline at end of file diff --git a/manifests/Tekton/runs/.DS_Store b/manifests/Tekton/runs/.DS_Store new file mode 100644 index 0000000..eea73ac Binary files /dev/null and b/manifests/Tekton/runs/.DS_Store differ diff --git a/manifests/Tekton/runs/pipeline/.DS_Store b/manifests/Tekton/runs/pipeline/.DS_Store new file mode 100644 index 0000000..5008ddf Binary files /dev/null and b/manifests/Tekton/runs/pipeline/.DS_Store differ diff --git a/manifests/pipeline/pipelineRun.yaml b/manifests/Tekton/runs/pipeline/pipelineRun.yaml similarity index 100% rename from manifests/pipeline/pipelineRun.yaml rename to manifests/Tekton/runs/pipeline/pipelineRun.yaml diff --git a/manifests/Tekton/runs/task/create-repo-webhook.yaml b/manifests/Tekton/runs/task/create-repo-webhook.yaml new file mode 100644 index 0000000..9e4a10a --- /dev/null +++ b/manifests/Tekton/runs/task/create-repo-webhook.yaml @@ -0,0 +1,28 @@ +--- +# https://medium.com/@nikhilthomas1/cloud-native-cicd-on-openshift-with-openshift-pipelines-tektoncd-pipelines-part-3-github-1db6dd8e8ca7 +apiVersion: tekton.dev/v1alpha1 +kind: TaskRun +metadata: + name: create-repo-webhook + #namespace: stage-tekton-pipeline +spec: + taskRef: + name: create-webhook + inputs: + params: + - name: GitHubOrg + value: "beppevanrolleghem" + - name: GitHubUser + value: "beppevanrolleghem" + - name: GitHubRepo + value: "cicdTest" + - name: GitHubSecretName + value: webhook-secret + - name: GitHubAccessTokenKey + value: token + - name: GitHubSecretStringKey + value: secret + - name: ExternalDomain + value: "ingress.llocal.host" + timeout: 1000s + serviceAccountName: service-acc \ No newline at end of file diff --git a/manifests/Tekton/service-accounts/.DS_Store b/manifests/Tekton/service-accounts/.DS_Store new file mode 100644 index 0000000..5008ddf Binary files /dev/null and b/manifests/Tekton/service-accounts/.DS_Store differ diff --git a/manifests/resources/cluster-role-binding.yaml b/manifests/Tekton/service-accounts/cluster-role-binding.yaml similarity index 85% rename from manifests/resources/cluster-role-binding.yaml rename to manifests/Tekton/service-accounts/cluster-role-binding.yaml index 159019c..392c0b7 100644 --- a/manifests/resources/cluster-role-binding.yaml +++ b/manifests/Tekton/service-accounts/cluster-role-binding.yaml @@ -10,4 +10,4 @@ roleRef: subjects: - kind: ServiceAccount name: service-acc - namespace: tekton-pipeline-istio-project-1 \ No newline at end of file + namespace: default \ No newline at end of file diff --git a/manifests/Tekton/service-accounts/cluster-role.yaml b/manifests/Tekton/service-accounts/cluster-role.yaml new file mode 100644 index 0000000..6a6e1fa --- /dev/null +++ b/manifests/Tekton/service-accounts/cluster-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: allow-creation +rules: + - apiGroups: + - "" + - "apps" + - "deploy" + - "rbac.authorization.k8s.io" + - "networking.k8s.io" + - "extensions" + - "tekton.dev" +# deze zullen we ook moeten aanpassen elke pipeline die we maken, maar, deze pipelines zijn nu specifiek per branch, dus dit zou geen probleem leveren. + resources: + - pods + - serviceaccounts + - namespaces + - services + - deployments + - deployments.apps + - clusterroles + - roles + - clusterrolebindings + - rolebindings + - ingresses + - eventlisteners + - triggerbindings + - triggertemplates + - configmaps + - secrets + - pipelineruns + - pipelineresources + - taskruns + verbs: + - list + - watch + - get + - create + - update + - patch + - delete \ No newline at end of file diff --git a/manifests/resources/service-account.yaml b/manifests/Tekton/service-accounts/service-account.yaml similarity index 56% rename from manifests/resources/service-account.yaml rename to manifests/Tekton/service-accounts/service-account.yaml index bb26e12..e2396f8 100644 --- a/manifests/resources/service-account.yaml +++ b/manifests/Tekton/service-accounts/service-account.yaml @@ -3,6 +3,5 @@ apiVersion: v1 kind: ServiceAccount metadata: name: service-acc - namespace: tekton-pipeline-istio-project-1 secrets: - - name: regcred \ No newline at end of file + - name: regcred #docker registry credentials \ No newline at end of file diff --git a/manifests/Tekton/tasks/build-and-push.yaml b/manifests/Tekton/tasks/build-and-push.yaml new file mode 100644 index 0000000..3e9ac51 --- /dev/null +++ b/manifests/Tekton/tasks/build-and-push.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: tekton.dev/v1alpha1 +kind: Task +metadata: + name: build-and-push +spec: + params: + - name: context + description: The path to the build context, used by Kaniko - within the workspace + default: . + type: string + - name: image-name + description: dockerhub url + type: string + - name: version + description: image-version (for instance latest or beta) + type: string + workspaces: + - name: source + mountpath: /source + steps: + - name: build-and-push + image: gcr.io/kaniko-project/executor + env: + - name: "DOCKER_CONFIG" + value: "/tekton/home/.docker/" + command: + - /kaniko/executor + args: + - "--dockerfile=/source/$(params.context)/dockerfile" + - "--destination=beppev/$(params.image-name):$(params.version)" + - "--context=/source/$(params.context)/" \ No newline at end of file diff --git a/manifests/Tekton/tasks/create-webhook.yaml b/manifests/Tekton/tasks/create-webhook.yaml new file mode 100644 index 0000000..0a92f18 --- /dev/null +++ b/manifests/Tekton/tasks/create-webhook.yaml @@ -0,0 +1,51 @@ +--- +apiVersion: tekton.dev/v1alpha1 +kind: Task +metadata: + name: create-webhook + #namespace: stage-tekton-pipeline +spec: + volumes: + - name: github-secret + secret: + secretName: $(inputs.params.GitHubSecretName) + inputs: + params: + - name: ExternalDomain + description: "The external domain for the EventListener e.g. `$(inputs.params.EventListenerName)..nip.io`" + - name: GitHubUser + description: "The GitHub user" + - name: GitHubRepo + description: "The GitHub repo where the webhook will be created" + - name: GitHubOrg + description: "The GitHub organization where the webhook will be created" + - name: GitHubSecretName + description: "The Secret name for GitHub access token. This is always mounted and must exist" + - name: GitHubAccessTokenKey + description: "The GitHub access token key name" + - name: GitHubSecretStringKey + description: "The GitHub secret string key name" + - name: GitHubDomain + description: "The GitHub domain. Override for GitHub Enterprise" + default: "github.com" + - name: WebhookEvents + description: "List of events the webhook will send notifications for" + default: '[\"push\",\"pull_request\"]' + steps: + - name: create-webhook + image: pstauffer/curl:latest + volumeMounts: + - name: github-secret + mountPath: /var/secret + command: + - sh + args: + - -ce + - | + set -e + echo "Create Webhook" + if [ $(inputs.params.GitHubDomain) = "github.com" ];then + curl -v -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"https://$(inputs.params.ExternalDomain)\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://api.github.com/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks + else + curl -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"https://$(inputs.params.ExternalDomain)/\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://$(inputs.params.GitHubDomain)/api/v3/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks + fi \ No newline at end of file diff --git a/manifests/Tekton/tasks/execute-yaml.yaml b/manifests/Tekton/tasks/execute-yaml.yaml new file mode 100644 index 0000000..2fd6950 --- /dev/null +++ b/manifests/Tekton/tasks/execute-yaml.yaml @@ -0,0 +1,24 @@ + +--- +apiVersion: tekton.dev/v1alpha1 +kind: Task +metadata: + name: execute-yaml + #namespace: stage-tekton-pipeline +spec: + params: + - name: yaml-location + default: deploy.yaml + - name: command + default: apply + workspaces: + - name: source + mountpath: /source + steps: + - name: deploy-new-app + image: lachlanevenson/k8s-kubectl + command: ["kubectl"] + args: + - "$(params.command)" + - "-f" + - "/source/$(params.yaml-location)" \ No newline at end of file diff --git a/manifests/Tekton/tasks/git-clone.yaml b/manifests/Tekton/tasks/git-clone.yaml new file mode 100644 index 0000000..b38e1dd --- /dev/null +++ b/manifests/Tekton/tasks/git-clone.yaml @@ -0,0 +1,72 @@ +--- +apiVersion: tekton.dev/v1alpha1 +kind: Task +metadata: + name: git-clone +spec: + workspaces: + - name: output + description: workspace the repo will be cloned into + params: + - name: url + description: git url to clone + type: string + - name: revision + description: git revision to checkout (branch, tag, sha, ref…) + type: string + default: master + - name: submodules + description: defines if the resource should initialize and fetch the submodules + type: string + default: "true" + - name: depth + description: performs a shallow clone where only the most recent commit(s) will be fetched + type: string + default: "1" + - name: sslVerify + description: defines if http.sslVerify should be set to true or false in the global git config + type: string + default: "true" + - name: subdirectory + description: subdirectory inside the "output" workspace to clone the git repo into + type: string + default: "src" + - name: deleteExisting + description: clean out the contents of the repo's destination directory (if it already exists) before trying to clone the repo there + type: string + default: "true" + results: + - name: commit + description: The precise commit SHA that was fetched by this Task + steps: + - name: clone + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:latest + script: | + CHECKOUT_DIR="$(workspaces.output.path)" + cleandir() { + if [[ -d "$CHECKOUT_DIR" ]] ; then + rm -rf "$CHECKOUT_DIR"/* + rm -rf "$CHECKOUT_DIR"/.[!.]* + rm -rf "$CHECKOUT_DIR"/..?* + fi + } + if [[ "$(inputs.params.deleteExisting)" == "true" ]] ; then + cleandir + ls -lah "$CHECKOUT_DIR" + fi + /ko-app/git-init \ + -url "$(inputs.params.url)" \ + -revision "$(inputs.params.revision)" \ + -path "$CHECKOUT_DIR" \ + -sslVerify "$(inputs.params.sslVerify)" \ + -submodules "$(inputs.params.submodules)" \ + -depth "$(inputs.params.depth)" + cd "$CHECKOUT_DIR" + RESULT_SHA="$(git rev-parse HEAD | tr -d '\n')" + EXIT_CODE="$?" + if [ "$EXIT_CODE" != 0 ] + then + exit $EXIT_CODE + fi + # Make sure we don't add a trailing newline to the result! + echo -n "$RESULT_SHA" > $(results.commit.path) \ No newline at end of file diff --git a/manifests/Tekton/triggers/event-listener.yaml b/manifests/Tekton/triggers/event-listener.yaml new file mode 100644 index 0000000..14a2e16 --- /dev/null +++ b/manifests/Tekton/triggers/event-listener.yaml @@ -0,0 +1,36 @@ + +--- +apiVersion: tekton.dev/v1alpha1 +kind: EventListener +metadata: + name: github-event-listener +spec: + serviceAccountName: service-acc + triggers: + - name: github + # interceptors: + # - github: + # eventTypes: + # - pull_request + # - push + bindings: + - name: github-trigger-binding + template: + name: github-trigger-template + +--- +apiVersion: v1 +kind: Service +metadata: + name: manual-service +spec: + ports: + - name: http-listener + port: 8080 + protocol: TCP + targetPort: 8080 + selector: + app.kubernetes.io/managed-by: EventListener + app.kubernetes.io/part-of: Triggers + eventlistener: github-event-listener + type: LoadBalancer \ No newline at end of file diff --git a/manifests/Tekton/triggers/trigger-binding.yaml b/manifests/Tekton/triggers/trigger-binding.yaml new file mode 100644 index 0000000..c1d7952 --- /dev/null +++ b/manifests/Tekton/triggers/trigger-binding.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: tekton.dev/v1alpha1 +kind: TriggerBinding +metadata: + name: github-trigger-binding + #namespace: stage-tekton-pipeline +spec: + params: + - name: gitrevision + value: $(body.repository.default_branch) + - name: gitrepositoryurl + value: $(body.repository.clone_url) + # - name: prurl + # value: $(body.pull_request.html_url) + # - name: repo + # value: $(body.pull_request.base.repo.full_name) + # - name: source + # value: github \ No newline at end of file diff --git a/manifests/Tekton/triggers/trigger-template.yaml b/manifests/Tekton/triggers/trigger-template.yaml new file mode 100644 index 0000000..b3f9a58 --- /dev/null +++ b/manifests/Tekton/triggers/trigger-template.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: tekton.dev/v1alpha1 +kind: TriggerTemplate +metadata: + name: github-trigger-template + #namespace: stage-tekton-pipeline +spec: + params: + - name: gitrevision + description: The git revision + default: master + - name: gitrepositoryurl + description: The git repository url + resourcetemplates: + - apiVersion: tekton.dev/v1alpha1 + kind: PipelineRun + metadata: + name: application-pipeline-run + #namespace: stage-tekton-pipeline + spec: + serviceAccountName: service-acc + pipelineRef: + name: application-pipeline #gebruik dit om de pipeline aan te passen naar andere versies, zolang ze zich in dezelfde #namespace bevinden kunnen we deze pipeline hergebruiken om deployments op de cluster uit te voeren. service-mesh agnostisch. + workspaces: + - name: workspace-master + persistentVolumeClaim: + claimName: workspace-pvc-master + - name: workspace-experimental + persistentVolumeClaim: + claimName: workspace-pvc-experimental + params: + - name: git-url + value: $(inputs.params.gitrepositoryurl) + - name: branch + value: $(inputs.params.gitrevision) \ No newline at end of file diff --git a/manifests/demo.yaml b/manifests/Utilities/event-listener-debug.yaml similarity index 87% rename from manifests/demo.yaml rename to manifests/Utilities/event-listener-debug.yaml index 1e1d6e4..3b5ed7c 100644 --- a/manifests/demo.yaml +++ b/manifests/Utilities/event-listener-debug.yaml @@ -18,8 +18,8 @@ spec: eventlistener: github-event-listener spec: containers: - - name: nginx - image: nginx + - name: network-multitool + image: praqma/network-multitool imagePullPolicy: "Always" ports: - containerPort: 8080 \ No newline at end of file diff --git a/manifests/full-pipeline.yaml b/manifests/full-pipeline.yaml deleted file mode 100644 index 4d431f3..0000000 --- a/manifests/full-pipeline.yaml +++ /dev/null @@ -1,309 +0,0 @@ -# --- -# apiVersion: v1 -# kind: #namespace -# metadata: -# name: stage-tekton-pipeline -# labels: -# istio-injection: enabled #zorgt voor auto sidecar injection ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: service-acc - #namespace: stage-tekton-pipeline -secrets: - - name: regcred ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: allow-creation -rules: - - apiGroups: - - "" - - "apps" - - "deploy" -# deze zullen we ook moeten aanpassen elke pipeline die we maken, maar, deze pipelines zijn nu specifiek per branch, dus dit zou geen probleem leveren. - resources: - - pods - - serviceaccounts - - namespaces - - services - - deployments - - deployments.apps - verbs: - - list - - watch - - get - - create - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: allow-creation-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: allow-creation -subjects: - - kind: ServiceAccount - name: service-acc - namespace: default ---- -# TODO add git clone task -apiVersion: tekton.dev/v1alpha1 -kind: Task -metadata: - name: git-clone -spec: - workspaces: - - name: output - description: The git repo will be cloned onto the volume backing this workspace - params: - - name: url - description: git url to clone - type: string - - name: revision - description: git revision to checkout (branch, tag, sha, ref…) - type: string - default: master - - name: submodules - description: defines if the resource should initialize and fetch the submodules - type: string - default: "true" - - name: depth - description: performs a shallow clone where only the most recent commit(s) will be fetched - type: string - default: "1" - - name: sslVerify - description: defines if http.sslVerify should be set to true or false in the global git config - type: string - default: "true" - - name: subdirectory - description: subdirectory inside the "output" workspace to clone the git repo into - type: string - default: "src" - - name: deleteExisting - description: clean out the contents of the repo's destination directory (if it already exists) before trying to clone the repo there - type: string - default: "true" - results: - - name: commit - description: The precise commit SHA that was fetched by this Task - steps: - - name: clone - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:latest - script: | - CHECKOUT_DIR="$(workspaces.output.path)" - cleandir() { - # Delete any existing contents of the repo directory if it exists. - # - # We don't just "rm -rf $CHECKOUT_DIR" because $CHECKOUT_DIR might be "/" - # or the root of a mounted volume. - if [[ -d "$CHECKOUT_DIR" ]] ; then - # Delete non-hidden files and directories - rm -rf "$CHECKOUT_DIR"/* - # Delete files and directories starting with . but excluding .. - rm -rf "$CHECKOUT_DIR"/.[!.]* - # Delete files and directories starting with .. plus any other character - rm -rf "$CHECKOUT_DIR"/..?* - fi - } - if [[ "$(inputs.params.deleteExisting)" == "true" ]] ; then - cleandir - ls -lah "$CHECKOUT_DIR" - fi - /ko-app/git-init \ - -url "$(inputs.params.url)" \ - -revision "$(inputs.params.revision)" \ - -path "$CHECKOUT_DIR" \ - -sslVerify "$(inputs.params.sslVerify)" \ - -submodules "$(inputs.params.submodules)" \ - -depth "$(inputs.params.depth)" - cd "$CHECKOUT_DIR" - RESULT_SHA="$(git rev-parse HEAD | tr -d '\n')" - EXIT_CODE="$?" - if [ "$EXIT_CODE" != 0 ] - then - exit $EXIT_CODE - fi - # Make sure we don't add a trailing newline to the result! - echo -n "$RESULT_SHA" > $(results.commit.path) ---- -apiVersion: tekton.dev/v1alpha1 -kind: Task -metadata: - name: build-and-push -spec: - params: - - name: context - description: The path to the build context, used by Kaniko - within the workspace - default: . - type: string - - name: image-name - description: dockerhub url - type: string - - name: version - description: image-version (for instance latest or beta) - type: string - workspaces: - - name: source - mountpath: /source - steps: - - name: build-and-push - image: gcr.io/kaniko-project/executor - env: - - name: "DOCKER_CONFIG" - value: "/tekton/home/.docker/" - command: - - /kaniko/executor - args: - - "--dockerfile=/source/$(params.context)/dockerfile" - - "--destination=beppev/$(params.image-name):$(params.version)" - - "--context=/source/$(params.context)/" ---- -apiVersion: tekton.dev/v1alpha1 -kind: Task -metadata: - name: execute-yaml - #namespace: stage-tekton-pipeline -spec: - params: - - name: yaml-location - default: deploy.yaml - - name: command - default: apply - workspaces: - - name: source - mountpath: /source - steps: - - name: deploy-new-app - image: lachlanevenson/k8s-kubectl - command: ["kubectl"] - args: - - "$(params.command)" - - "-f" - - "/source/$(params.yaml-location)" ---- -apiVersion: tekton.dev/v1beta1 -kind: Pipeline -metadata: - name: application-pipeline - #namespace: stage-tekton-pipeline -spec: - params: - - name: git-url - description: url of the github repository to clone - - name: branch - description: name of the master branch of the repository - workspaces: - - name: workspace-master - - name: workspace-experimental - tasks: - - name: clone-master - taskRef: - name: git-clone - workspaces: - - name: output - workspace: workspace-master - params: - - name: url - value: $(inputs.params.git-url) - - name: revision - value: $(inputs.params.master-branch) - - name: build-and-push-a - taskRef: - name: build-and-push - runAfter: - - clone-master - workspaces: - - name: source - workspace: workspace-master - params: - - name: context - value: "server-a" - - name: image-name - value: "server-a" - - name: version - value: "$(inputs.params.master-branch)" - - name: build-and-push-b-stable - taskRef: - name: build-and-push - runAfter: - - clone-master - workspaces: - - name: source - workspace: workspace-master - params: - - name: context - value: "server-b" - - name: image-name - value: "server-b" - - name: version - value: "$(inputs.params.master-branch)" - - name: build-and-push-d - taskRef: - name: build-and-push - runAfter: - - clone-master - workspaces: - - name: source - workspace: workspace-master - params: - - name: context - value: "server-d" - - name: image-name - value: "server-d" - - name: version - value: "$(inputs.params.master-branch)" - - name: clone-experimental - taskRef: - name: git-clone - workspaces: - - name: output - workspace: workspace-experimental - params: - - name: url - value: $(inputs.params.git-url) - - name: revision - value: $(inputs.params.experimental-branch) - - name: build-and-push-b-experimental - taskRef: - name: build-and-push - workspaces: - - name: source - workspace: workspace-experimental - runAfter: - - clone-experimental - params: - - name: context - value: "server-b" - - name: image-name - value: "server-b" - - name: version - value: "$(inputs.params.experimental-branch)" - - name: deploy-infra - taskRef: - name: execute-yaml - workspaces: - - name: source - workspace: workspace-master - runAfter: - - build-and-push-b-experimental - - build-and-push-d - - build-and-push-a - - build-and-push-b-stable - params: - - name: yaml-location - value: "infra.yaml" - - name: execute-yaml #@TODO make it so that the delete can be skipped if error - taskRef: - name: execute-yaml - workspaces: - - name: source - workspace: workspace-master - runAfter: - - deploy-infra diff --git a/manifests/github-event-listener.yaml b/manifests/github-event-listener.yaml deleted file mode 100644 index 6e6b844..0000000 --- a/manifests/github-event-listener.yaml +++ /dev/null @@ -1,141 +0,0 @@ -# 1 trigger binding wordt geconfigureerd, en dan worden meerdere trigger templates aangemaakt -# voor de verschillende service mesh types. Op deze manier moet ik niet elke keer een aparte pipeline aanmaken per service mesh type. Het nadeel hieraan is dat dan elke keer elke pipeline gerunned wordt, maar uiteindelijk maakt dit niet veel uit zolang de deploy.yaml files leeg zijn wanneer de commits door gaan ---- -apiVersion: tekton.dev/v1alpha1 -kind: TriggerBinding -metadata: - name: github-trigger-binding - #namespace: stage-tekton-pipeline -spec: - params: - - name: gitrevision - value: $(body.repository.default_branch) - - name: gitrepositoryurl - value: $(body.repository.clone_url) - # - name: prurl - # value: $(body.pull_request.html_url) - # - name: repo - # value: $(body.pull_request.base.repo.full_name) - # - name: source - # value: github ---- -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: workspace-pvc-master -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 500Mi ---- -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: workspace-pvc-experimental -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 500Mi ---- -apiVersion: tekton.dev/v1alpha1 -kind: TriggerTemplate -metadata: - name: github-trigger-template - #namespace: stage-tekton-pipeline -spec: - params: - - name: gitrevision - description: The git revision - default: master - - name: gitrepositoryurl - description: The git repository url - resourcetemplates: - - apiVersion: tekton.dev/v1alpha1 - kind: PipelineRun - metadata: - name: application-pipeline-run - #namespace: stage-tekton-pipeline - spec: - serviceAccountName: service-acc - pipelineRef: - name: application-pipeline #gebruik dit om de pipeline aan te passen naar andere versies, zolang ze zich in dezelfde #namespace bevinden kunnen we deze pipeline hergebruiken om deployments op de cluster uit te voeren. service-mesh agnostisch. - workspaces: - - name: workspace-master - persistentVolumeClaim: - claimName: workspace-pvc-master - - name: workspace-experimental - persistentVolumeClaim: - claimName: workspace-pvc-experimental - params: - - name: git-url - value: $(inputs.params.gitrepositoryurl) - - name: branch - value: $(inputs.params.gitrevision) ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: tekton-trigger-role -rules: -- apiGroups: - - "extensions" - - "tekton.dev" - - "" - resources: - - ingresses - - eventlisteners - - triggerbindings - - triggertemplates - - configmaps - - secrets - - pipelineruns - - pipelineresources - - taskruns - - pods - - serviceaccounts - - namespaces - - services - - deployments - - deployments.apps - verbs: - - create - - get - - list - - delete - - update - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: tekton-trigger-role-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: tekton-trigger-role -subjects: - - kind: ServiceAccount - name: service-acc - namespace: default ---- -apiVersion: tekton.dev/v1alpha1 -kind: EventListener -metadata: - name: github-event-listener -spec: - serviceAccountName: service-acc - triggers: - - name: github - # interceptors: - # - github: - # eventTypes: - # - pull_request - # - push - bindings: - - name: github-trigger-binding - template: - name: github-trigger-template diff --git a/manifests/github-webhook-setup.yaml b/manifests/github-webhook-setup.yaml deleted file mode 100644 index 9f726a8..0000000 --- a/manifests/github-webhook-setup.yaml +++ /dev/null @@ -1,261 +0,0 @@ -# MAKE SURE TO SET UP SECRETS.YAML BEFORE EXAMPLE: -# -# this sets up webhooks for github. you can also do this manually in web gui -# -# -# -# apiVersion: v1 -# kind: Secret -# metadata: -# name: webhook-secret -# #namespace: stage-tekton-pipeline -# stringData: -# token: GITHUBTOKEN -# secret: random-string-data ---- -apiVersion: tekton.dev/v1alpha1 -kind: Task -metadata: - name: create-webhook - #namespace: stage-tekton-pipeline -spec: - volumes: - - name: github-secret - secret: - secretName: $(inputs.params.GitHubSecretName) - inputs: - params: - - name: ExternalDomain - description: "The external domain for the EventListener e.g. `$(inputs.params.EventListenerName)..nip.io`" - - name: GitHubUser - description: "The GitHub user" - - name: GitHubRepo - description: "The GitHub repo where the webhook will be created" - - name: GitHubOrg - description: "The GitHub organization where the webhook will be created" - - name: GitHubSecretName - description: "The Secret name for GitHub access token. This is always mounted and must exist" - - name: GitHubAccessTokenKey - description: "The GitHub access token key name" - - name: GitHubSecretStringKey - description: "The GitHub secret string key name" - - name: GitHubDomain - description: "The GitHub domain. Override for GitHub Enterprise" - default: "github.com" - - name: WebhookEvents - description: "List of events the webhook will send notifications for" - default: '[\"push\",\"pull_request\"]' - steps: - - name: create-webhook - image: pstauffer/curl:latest - volumeMounts: - - name: github-secret - mountPath: /var/secret - command: - - sh - args: - - -ce - - | - set -e - echo "Create Webhook" - if [ $(inputs.params.GitHubDomain) = "github.com" ];then - curl -v -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"https://$(inputs.params.ExternalDomain)\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://api.github.com/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks - else - curl -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"https://$(inputs.params.ExternalDomain)/\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://$(inputs.params.GitHubDomain)/api/v3/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks - fi ---- -# https://medium.com/@nikhilthomas1/cloud-native-cicd-on-openshift-with-openshift-pipelines-tektoncd-pipelines-part-3-github-1db6dd8e8ca7 -apiVersion: tekton.dev/v1alpha1 -kind: TaskRun -metadata: - name: create-repo-webhook - #namespace: stage-tekton-pipeline -spec: - taskRef: - name: create-webhook - inputs: - params: - - name: GitHubOrg - value: "beppevanrolleghem" - - name: GitHubUser - value: "beppevanrolleghem" - - name: GitHubRepo - value: "cicdTest" - - name: GitHubSecretName - value: webhook-secret - - name: GitHubAccessTokenKey - value: token - - name: GitHubSecretStringKey - value: secret - - name: ExternalDomain - value: "ingress.llocal.host" - timeout: 1000s - serviceAccountName: service-acc ---- -apiVersion: v1 -kind: Service -metadata: - name: manual-service -spec: - ports: - - name: http-listener - port: 8080 - protocol: TCP - targetPort: 8080 - selector: - app.kubernetes.io/managed-by: EventListener - app.kubernetes.io/part-of: Triggers - eventlistener: github-event-listener - type: LoadBalancer - - - -# --- -# apiVersion: tekton.dev/v1alpha1 -# kind: Task -# metadata: -# name: create-ingress -# #namespace: stage-tekton-pipeline -# spec: -# volumes: -# - name: work -# emptyDir: {} - -# inputs: -# params: -# - name: CreateCertificate -# description: "Enables/disables the creation of a self-signed certificate for $(inputs.params.ExternalDomain)" -# default: "true" -# - name: CertificateKeyPassphrase -# description: "Phrase that protects private key. This must be provided when the self-signed certificate is created" -# - name: CertificateSecretName -# description: "Secret name for Ingress certificate. The Secret should not exist if the self-signed certificate creation is enabled" -# - name: ExternalDomain -# description: "The external domain for the EventListener e.g. `$(inputs.params.EventListenerName).PROXYIP.nip.io`" -# - name: Service -# description: "The name of the Service used in the Ingress. This will also be the name of the Ingress." -# - name: ServicePort -# description: "The service port that the ingress is being created on" -# - name: ServiceUID -# description: "The uid of the service. If set, this creates an owner reference on the service" -# default: "" - -# steps: -# - name: generate-certificate -# image: frapsoft/openssl -# volumeMounts: -# - name: work -# mountPath: /var/tmp/work -# command: -# - sh -# args: -# - -ce -# - | -# set -e -# cat <