From 78f60982bf590239fd1696e29e77a983a6d9bc2c Mon Sep 17 00:00:00 2001 From: beppe Date: Fri, 6 Mar 2020 16:53:11 +0100 Subject: [PATCH 1/6] trigger test From a847a5e5a17f54013311d0cb1c97247e78273af6 Mon Sep 17 00:00:00 2001 From: beppe Date: Fri, 6 Mar 2020 17:14:35 +0100 Subject: [PATCH 2/6] HELP --- ...-setup.yaml => github-event-listener.yaml} | 36 ++++++++++++++++++- manifests/github-webhook-setup.yaml | 4 +-- 2 files changed, 37 insertions(+), 3 deletions(-) rename manifests/{github-trigger-setup.yaml => github-event-listener.yaml} (66%) diff --git a/manifests/github-trigger-setup.yaml b/manifests/github-event-listener.yaml similarity index 66% rename from manifests/github-trigger-setup.yaml rename to manifests/github-event-listener.yaml index 9cb0342..8779a00 100644 --- a/manifests/github-trigger-setup.yaml +++ b/manifests/github-event-listener.yaml @@ -51,10 +51,44 @@ apiVersion: tekton.dev/v1alpha1 kind: EventListener metadata: name: github-event-listener + namespace: tekton-pipeline-istio-project-1 spec: serviceAccountName: service-acc triggers: - binding: name: github-trigger-binding template: - name: github-trigger-template \ No newline at end of file + name: github-trigger-template +--- +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: expose-event-listener + namespace: tekton-pipeline-istio-project-1 +spec: + selector: + istio: ingressgateway + servers: + - port: + number: 443 + name: http + protocol: HTTP + hosts: + - "*" +--- +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: link-gateway-listener + namespace: tekton-pipeline-istio-project-1 +spec: + hosts: + - "*" + gateways: + - expose-event-listener + http: + - route: + - destination: + port: + number: 8080 + host: el-github-event-listener \ No newline at end of file diff --git a/manifests/github-webhook-setup.yaml b/manifests/github-webhook-setup.yaml index 4a3e783..6feed67 100644 --- a/manifests/github-webhook-setup.yaml +++ b/manifests/github-webhook-setup.yaml @@ -59,9 +59,9 @@ spec: set -e echo "Create Webhook" if [ $(inputs.params.GitHubDomain) = "github.com" ];then - curl -v -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"$(inputs.params.ExternalDomain)\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://api.github.com/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks + curl -v -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"https://$(inputs.params.ExternalDomain)\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://api.github.com/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks else - curl -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"$(inputs.params.ExternalDomain)/\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://$(inputs.params.GitHubDomain)/api/v3/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks + curl -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"https://$(inputs.params.ExternalDomain)/\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://$(inputs.params.GitHubDomain)/api/v3/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks fi --- # https://medium.com/@nikhilthomas1/cloud-native-cicd-on-openshift-with-openshift-pipelines-tektoncd-pipelines-part-3-github-1db6dd8e8ca7 From 1b3889627b4b58c9257a075ff348b03923964496 Mon Sep 17 00:00:00 2001 From: beppe Date: Fri, 6 Mar 2020 17:15:19 +0100 Subject: [PATCH 3/6] trigger test From 9832da1fa2baaeaaa3da7c3a35f3d5f2c4da441e Mon Sep 17 00:00:00 2001 From: beppe Date: Sun, 8 Mar 2020 16:00:42 +0100 Subject: [PATCH 4/6] pls werk event listener --- manifests/full-pipeline.yaml | 16 ++++++++-------- manifests/github-event-listener.yaml | 14 ++++++++++++-- 2 files changed, 20 insertions(+), 10 deletions(-) diff --git a/manifests/full-pipeline.yaml b/manifests/full-pipeline.yaml index 902888d..c71f631 100644 --- a/manifests/full-pipeline.yaml +++ b/manifests/full-pipeline.yaml @@ -164,13 +164,13 @@ spec: - name: git-experimental type: git tasks: - - name: destroy-application #@TODO make it so that the delete can be skipped if error - taskRef: - name: destroy-application - resources: - inputs: - - name: git-source - resource: git-master + # - name: destroy-application #@TODO make it so that the delete can be skipped if error + # taskRef: + # name: destroy-application + # resources: + # inputs: + # - name: git-source + # resource: git-master - name: build-and-push-a taskRef: name: build-and-push @@ -235,7 +235,7 @@ spec: - build-and-push-b-experimental - build-and-push-a - build-and-push-b-stable - - destroy-application + #- destroy-application resources: inputs: - name: git-source diff --git a/manifests/github-event-listener.yaml b/manifests/github-event-listener.yaml index 8779a00..1cf0c2b 100644 --- a/manifests/github-event-listener.yaml +++ b/manifests/github-event-listener.yaml @@ -73,6 +73,18 @@ spec: number: 443 name: http protocol: HTTP + hosts: + - "*" + - port: + number: 80 + name: http2 + protocol: HTTP + hosts: + - "*" + - port: + number: 8080 + name: http3 + protocol: HTTP hosts: - "*" --- @@ -89,6 +101,4 @@ spec: http: - route: - destination: - port: - number: 8080 host: el-github-event-listener \ No newline at end of file From 89be6bb093d6331253e781f1acd4a5c039e13494 Mon Sep 17 00:00:00 2001 From: beppe Date: Sun, 8 Mar 2020 16:01:38 +0100 Subject: [PATCH 5/6] trigger test From 491a45099466d09eace81f49e5d60582bdb096cf Mon Sep 17 00:00:00 2001 From: beppe Date: Sun, 8 Mar 2020 18:59:33 +0100 Subject: [PATCH 6/6] github event listener service account role permissions :/ --- manifests/github-event-listener.yaml | 32 ++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/manifests/github-event-listener.yaml b/manifests/github-event-listener.yaml index 1cf0c2b..5d3a9af 100644 --- a/manifests/github-event-listener.yaml +++ b/manifests/github-event-listener.yaml @@ -47,6 +47,38 @@ spec: resourceRef: name: git-experimental --- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-trigger-role + namespace: tekton-pipeline-istio-project-1 +rules: +# Permissions for every EventListener deployment to function +- apiGroups: ["tekton.dev"] + resources: ["eventlisteners", "triggerbindings", "triggertemplates"] + verbs: ["get"] +- apiGroups: [""] + resources: ["configmaps", "secrets"] # secrets are only needed for Github/Gitlab interceptors + verbs: ["get", "list", "watch"] +# Permissions to create resources in associated TriggerTemplates +- apiGroups: ["tekton.dev"] + resources: ["pipelineruns", "pipelineresources", "taskruns"] + verbs: ["create"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: tekton-trigger-role-binding + namespace: tekton-pipeline-istio-project-1 +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-trigger-role +subjects: + - kind: ServiceAccount + name: service-acc + namespace: tekton-pipeline-istio-project-1 +--- apiVersion: tekton.dev/v1alpha1 kind: EventListener metadata: