# MAKE SURE TO SET UP SECRETS.YAML BEFORE EXAMPLE:
#
# this sets up webhooks for github. you can also do this manually in web gui
#
#
#
# apiVersion: v1
# kind: Secret
# metadata:
#   name: webhook-secret
#   #namespace: stage-tekton-pipeline
# stringData:
#   token: GITHUBTOKEN
#   secret: random-string-data
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
  name: create-webhook
  #namespace: stage-tekton-pipeline
spec:
  volumes:
  - name: github-secret
    secret:
      secretName: $(inputs.params.GitHubSecretName)
  inputs:
    params:
    - name: ExternalDomain
      description: "The external domain for the EventListener e.g. `$(inputs.params.EventListenerName).<PROXYIP>.nip.io`"
    - name: GitHubUser
      description: "The GitHub user"
    - name: GitHubRepo
      description: "The GitHub repo where the webhook will be created"
    - name: GitHubOrg
      description: "The GitHub organization where the webhook will be created"
    - name: GitHubSecretName
      description: "The Secret name for GitHub access token. This is always mounted and must exist"
    - name: GitHubAccessTokenKey
      description: "The GitHub access token key name"
    - name: GitHubSecretStringKey
      description: "The GitHub secret string key name"
    - name: GitHubDomain
      description: "The GitHub domain. Override for GitHub Enterprise"
      default: "github.com"
    - name: WebhookEvents
      description: "List of events the webhook will send notifications for"
      default: '[\"push\",\"pull_request\"]'
  steps:
  - name: create-webhook
    image: pstauffer/curl:latest
    volumeMounts:
    - name: github-secret
      mountPath: /var/secret
    command:
    - sh
    args:
    - -ce
    - |
      set -e
      echo "Create Webhook"
      if [ $(inputs.params.GitHubDomain) = "github.com" ];then
        curl -v -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"https://$(inputs.params.ExternalDomain)\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://api.github.com/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks
      else
        curl -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"https://$(inputs.params.ExternalDomain)/\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://$(inputs.params.GitHubDomain)/api/v3/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks
      fi
---
# https://medium.com/@nikhilthomas1/cloud-native-cicd-on-openshift-with-openshift-pipelines-tektoncd-pipelines-part-3-github-1db6dd8e8ca7
apiVersion: tekton.dev/v1alpha1
kind: TaskRun
metadata:
  name: create-repo-webhook
  #namespace: stage-tekton-pipeline
spec:
  taskRef:
    name: create-webhook
  inputs:
    params:
    - name: GitHubOrg
      value: "beppevanrolleghem"
    - name: GitHubUser
      value: "beppevanrolleghem"
    - name: GitHubRepo
      value: "cicdTest"
    - name: GitHubSecretName
      value: webhook-secret
    - name: GitHubAccessTokenKey
      value: token
    - name: GitHubSecretStringKey
      value: secret
    - name: ExternalDomain
      value: "ingress.llocal.host"
  timeout: 1000s
  serviceAccountName: service-acc
---
apiVersion: v1
kind: Service
metadata:
  name: manual-service
spec:
  ports:
  - name: http-listener
    port: 8080
    protocol: TCP
    targetPort: 8080
  selector:
    app.kubernetes.io/managed-by: EventListener
    app.kubernetes.io/part-of: Triggers
    eventlistener: github-event-listener
  type: LoadBalancer



# ---
# apiVersion: tekton.dev/v1alpha1
# kind: Task
# metadata:
#   name: create-ingress
#   #namespace: stage-tekton-pipeline
# spec:
#   volumes:
#   - name: work
#     emptyDir: {}

#   inputs:
#     params:
#     - name: CreateCertificate
#       description: "Enables/disables the creation of a self-signed certificate for $(inputs.params.ExternalDomain)"
#       default: "true"
#     - name: CertificateKeyPassphrase
#       description: "Phrase that protects private key. This must be provided when the self-signed certificate is created"
#     - name: CertificateSecretName
#       description: "Secret name for Ingress certificate. The Secret should not exist if the self-signed certificate creation is enabled"
#     - name: ExternalDomain
#       description: "The external domain for the EventListener e.g. `$(inputs.params.EventListenerName).PROXYIP.nip.io`"
#     - name: Service
#       description: "The name of the Service used in the Ingress. This will also be the name of the Ingress."
#     - name: ServicePort
#       description: "The service port that the ingress is being created on"
#     - name: ServiceUID
#       description: "The uid of the service. If set, this creates an owner reference on the service"
#       default: ""

#   steps:
#   - name: generate-certificate
#     image: frapsoft/openssl
#     volumeMounts:
#     - name: work
#       mountPath: /var/tmp/work
#     command:
#     - sh
#     args:
#     - -ce
#     - |
#       set -e
#       cat <<EOF | sh
#       #!/bin/sh
#       if [ $(inputs.params.CreateCertificate) = "false" ];then
#         exit 0
#       fi
#       mkdir /var/tmp/work/ingress
#       openssl genrsa -des3 -out /var/tmp/work/ingress/key.pem -passout pass:$(inputs.params.CertificateKeyPassphrase) 2048
#       openssl req -x509 -new -nodes -key /var/tmp/work/ingress/key.pem -sha256 -days 1825 -out /var/tmp/work/ingress/certificate.pem -passin pass:$(inputs.params.CertificateKeyPassphrase) -subj /CN=$(inputs.params.ExternalDomain)
#       openssl rsa -in /var/tmp/work/ingress/key.pem -out /var/tmp/work/ingress/key.pem -passin pass:$(inputs.params.CertificateKeyPassphrase)
#       EOF
#   - name: create-certificate-secret
#     image: lachlanevenson/k8s-kubectl:latest
#     volumeMounts:
#     - name: work
#       mountPath: /var/tmp/work
#     command:
#     - sh
#     args:
#     - -ce
#     - |
#       set -e
#       cat <<EOF | sh
#       #!/bin/sh
#       if [ $(inputs.params.CreateCertificate) = "false" ];then
#         exit 0
#       fi
#       kubectl create secret tls $(inputs.params.CertificateSecretName) --cert=/var/tmp/work/ingress/certificate.pem --key=/var/tmp/work/ingress/key.pem || true
#       EOF
#   - name: create-ingress
#     image: lachlanevenson/k8s-kubectl:latest
#     command:
#     - sh
#     args:
#     - -ce
#     - |
#       set -e
#       if [ -n "$(inputs.params.ServiceUID)" ];then
#         cat <<EOF | kubectl create -f - || true
#         apiVersion: extensions/v1beta1
#         kind: Ingress
#         metadata:
#           name: $(inputs.params.Service)
#           #namespace: stage-tekton-pipeline
#           ownerReferences:
#           - name: $(inputs.params.Service)
#             apiVersion: v1
#             kind: Service
#             uid: $(inputs.params.ServiceUID)
#         spec:
#           tls:
#           - secretName: $(inputs.params.CertificateSecretName)
#             hosts:
#             - $(inputs.params.ExternalDomain)
#           rules:
#           - host: $(inputs.params.ExternalDomain)
#             http:
#               paths:
#               - backend:
#                   serviceName: $(inputs.params.Service)
#                   servicePort: $(inputs.params.ServicePort)
#       EOF
#       else
#         cat <<EOF | kubectl create -f - || true
#         apiVersion: extensions/v1beta1
#         kind: Ingress
#         metadata:
#           name: $(inputs.params.Service)
#           #namespace: stage-tekton-pipeline
#         spec:
#           tls:
#           - secretName: $(inputs.params.CertificateSecretName)
#             hosts:
#             - $(inputs.params.ExternalDomain)
#           rules:
#           - host: $(inputs.params.ExternalDomain)
#             http:
#               paths:
#               - backend:
#                   serviceName: $(inputs.params.Service)
#                   servicePort: $(inputs.params.ServicePort)
#       EOF
#       fi
# ---
# apiVersion: tekton.dev/v1alpha1
# kind: TaskRun
# metadata:
#   name: create-ingress-run
#   #namespace: stage-tekton-pipeline
# spec:
#   taskRef:
#     name: create-ingress
#   inputs:
#     params:
#     - name: CreateCertificate
#       value: "true"
#     - name: CertificateKeyPassphrase
#       value: asecretphrase
#     - name: CertificateSecretName
#       value: ingresssecret
#     - name: ExternalDomain
#       value: "ingress.llocal.host:31040"
#     - name: Service
#       value: el-github-event-listener
#     - name: ServicePort
#       value: "8080"
#   timeout: 1000s
#   serviceAccountName: service-acc