diff --git a/manifests/full-pipeline.yaml b/manifests/full-pipeline.yaml index 902888d..c71f631 100644 --- a/manifests/full-pipeline.yaml +++ b/manifests/full-pipeline.yaml @@ -164,13 +164,13 @@ spec: - name: git-experimental type: git tasks: - - name: destroy-application #@TODO make it so that the delete can be skipped if error - taskRef: - name: destroy-application - resources: - inputs: - - name: git-source - resource: git-master + # - name: destroy-application #@TODO make it so that the delete can be skipped if error + # taskRef: + # name: destroy-application + # resources: + # inputs: + # - name: git-source + # resource: git-master - name: build-and-push-a taskRef: name: build-and-push @@ -235,7 +235,7 @@ spec: - build-and-push-b-experimental - build-and-push-a - build-and-push-b-stable - - destroy-application + #- destroy-application resources: inputs: - name: git-source diff --git a/manifests/github-event-listener.yaml b/manifests/github-event-listener.yaml new file mode 100644 index 0000000..5d3a9af --- /dev/null +++ b/manifests/github-event-listener.yaml @@ -0,0 +1,136 @@ +--- +apiVersion: tekton.dev/v1alpha1 +kind: TriggerBinding +metadata: + name: github-trigger-binding + namespace: tekton-pipeline-istio-project-1 +spec: + params: + - name: gitrevision + value: $(body.pull_request.head.sha) + - name: gitrepositoryurl + value: $(body.pull_request.head.repo.clone_url) + - name: prurl + value: $(body.pull_request.html_url) + - name: repo + value: $(body.pull_request.base.repo.full_name) + - name: source + value: github +--- +apiVersion: tekton.dev/v1alpha1 +kind: TriggerTemplate +metadata: + name: github-trigger-template + namespace: tekton-pipeline-istio-project-1 +spec: + params: + - name: gitrevision + description: The git revision + default: master + - name: gitrepositoryurl + description: The git repository url + resourcetemplates: + - apiVersion: tekton.dev/v1alpha1 + kind: PipelineRun + metadata: + name: application-pipeline-run + namespace: tekton-pipeline-istio-project-1 + spec: + serviceAccountName: service-acc + pipelineRef: + name: application-pipeline + resources: + - name: git-master + resourceRef: + name: git-master + - name: git-experimental + resourceRef: + name: git-experimental +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-trigger-role + namespace: tekton-pipeline-istio-project-1 +rules: +# Permissions for every EventListener deployment to function +- apiGroups: ["tekton.dev"] + resources: ["eventlisteners", "triggerbindings", "triggertemplates"] + verbs: ["get"] +- apiGroups: [""] + resources: ["configmaps", "secrets"] # secrets are only needed for Github/Gitlab interceptors + verbs: ["get", "list", "watch"] +# Permissions to create resources in associated TriggerTemplates +- apiGroups: ["tekton.dev"] + resources: ["pipelineruns", "pipelineresources", "taskruns"] + verbs: ["create"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: tekton-trigger-role-binding + namespace: tekton-pipeline-istio-project-1 +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-trigger-role +subjects: + - kind: ServiceAccount + name: service-acc + namespace: tekton-pipeline-istio-project-1 +--- +apiVersion: tekton.dev/v1alpha1 +kind: EventListener +metadata: + name: github-event-listener + namespace: tekton-pipeline-istio-project-1 +spec: + serviceAccountName: service-acc + triggers: + - binding: + name: github-trigger-binding + template: + name: github-trigger-template +--- +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: expose-event-listener + namespace: tekton-pipeline-istio-project-1 +spec: + selector: + istio: ingressgateway + servers: + - port: + number: 443 + name: http + protocol: HTTP + hosts: + - "*" + - port: + number: 80 + name: http2 + protocol: HTTP + hosts: + - "*" + - port: + number: 8080 + name: http3 + protocol: HTTP + hosts: + - "*" +--- +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: link-gateway-listener + namespace: tekton-pipeline-istio-project-1 +spec: + hosts: + - "*" + gateways: + - expose-event-listener + http: + - route: + - destination: + host: el-github-event-listener \ No newline at end of file diff --git a/manifests/github-trigger-setup.yaml b/manifests/github-trigger-setup.yaml deleted file mode 100644 index 9cb0342..0000000 --- a/manifests/github-trigger-setup.yaml +++ /dev/null @@ -1,60 +0,0 @@ ---- -apiVersion: tekton.dev/v1alpha1 -kind: TriggerBinding -metadata: - name: github-trigger-binding - namespace: tekton-pipeline-istio-project-1 -spec: - params: - - name: gitrevision - value: $(body.pull_request.head.sha) - - name: gitrepositoryurl - value: $(body.pull_request.head.repo.clone_url) - - name: prurl - value: $(body.pull_request.html_url) - - name: repo - value: $(body.pull_request.base.repo.full_name) - - name: source - value: github ---- -apiVersion: tekton.dev/v1alpha1 -kind: TriggerTemplate -metadata: - name: github-trigger-template - namespace: tekton-pipeline-istio-project-1 -spec: - params: - - name: gitrevision - description: The git revision - default: master - - name: gitrepositoryurl - description: The git repository url - resourcetemplates: - - apiVersion: tekton.dev/v1alpha1 - kind: PipelineRun - metadata: - name: application-pipeline-run - namespace: tekton-pipeline-istio-project-1 - spec: - serviceAccountName: service-acc - pipelineRef: - name: application-pipeline - resources: - - name: git-master - resourceRef: - name: git-master - - name: git-experimental - resourceRef: - name: git-experimental ---- -apiVersion: tekton.dev/v1alpha1 -kind: EventListener -metadata: - name: github-event-listener -spec: - serviceAccountName: service-acc - triggers: - - binding: - name: github-trigger-binding - template: - name: github-trigger-template \ No newline at end of file diff --git a/manifests/github-webhook-setup.yaml b/manifests/github-webhook-setup.yaml index 4a3e783..6feed67 100644 --- a/manifests/github-webhook-setup.yaml +++ b/manifests/github-webhook-setup.yaml @@ -59,9 +59,9 @@ spec: set -e echo "Create Webhook" if [ $(inputs.params.GitHubDomain) = "github.com" ];then - curl -v -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"$(inputs.params.ExternalDomain)\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://api.github.com/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks + curl -v -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"https://$(inputs.params.ExternalDomain)\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://api.github.com/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks else - curl -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"$(inputs.params.ExternalDomain)/\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://$(inputs.params.GitHubDomain)/api/v3/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks + curl -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"https://$(inputs.params.ExternalDomain)/\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://$(inputs.params.GitHubDomain)/api/v3/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks fi --- # https://medium.com/@nikhilthomas1/cloud-native-cicd-on-openshift-with-openshift-pipelines-tektoncd-pipelines-part-3-github-1db6dd8e8ca7