mirror of
https://github.com/bvanroll/cicdTest.git
synced 2025-08-29 03:52:44 +00:00
261 lines
8.8 KiB
YAML
261 lines
8.8 KiB
YAML
# MAKE SURE TO SET UP SECRETS.YAML BEFORE EXAMPLE:
|
|
#
|
|
# this sets up webhooks for github. you can also do this manually in web gui
|
|
#
|
|
#
|
|
#
|
|
# apiVersion: v1
|
|
# kind: Secret
|
|
# metadata:
|
|
# name: webhook-secret
|
|
# #namespace: stage-tekton-pipeline
|
|
# stringData:
|
|
# token: GITHUBTOKEN
|
|
# secret: random-string-data
|
|
---
|
|
apiVersion: tekton.dev/v1alpha1
|
|
kind: Task
|
|
metadata:
|
|
name: create-webhook
|
|
#namespace: stage-tekton-pipeline
|
|
spec:
|
|
volumes:
|
|
- name: github-secret
|
|
secret:
|
|
secretName: $(inputs.params.GitHubSecretName)
|
|
inputs:
|
|
params:
|
|
- name: ExternalDomain
|
|
description: "The external domain for the EventListener e.g. `$(inputs.params.EventListenerName).<PROXYIP>.nip.io`"
|
|
- name: GitHubUser
|
|
description: "The GitHub user"
|
|
- name: GitHubRepo
|
|
description: "The GitHub repo where the webhook will be created"
|
|
- name: GitHubOrg
|
|
description: "The GitHub organization where the webhook will be created"
|
|
- name: GitHubSecretName
|
|
description: "The Secret name for GitHub access token. This is always mounted and must exist"
|
|
- name: GitHubAccessTokenKey
|
|
description: "The GitHub access token key name"
|
|
- name: GitHubSecretStringKey
|
|
description: "The GitHub secret string key name"
|
|
- name: GitHubDomain
|
|
description: "The GitHub domain. Override for GitHub Enterprise"
|
|
default: "github.com"
|
|
- name: WebhookEvents
|
|
description: "List of events the webhook will send notifications for"
|
|
default: '[\"push\",\"pull_request\"]'
|
|
steps:
|
|
- name: create-webhook
|
|
image: pstauffer/curl:latest
|
|
volumeMounts:
|
|
- name: github-secret
|
|
mountPath: /var/secret
|
|
command:
|
|
- sh
|
|
args:
|
|
- -ce
|
|
- |
|
|
set -e
|
|
echo "Create Webhook"
|
|
if [ $(inputs.params.GitHubDomain) = "github.com" ];then
|
|
curl -v -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"https://$(inputs.params.ExternalDomain)\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://api.github.com/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks
|
|
else
|
|
curl -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"https://$(inputs.params.ExternalDomain)/\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://$(inputs.params.GitHubDomain)/api/v3/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks
|
|
fi
|
|
---
|
|
# https://medium.com/@nikhilthomas1/cloud-native-cicd-on-openshift-with-openshift-pipelines-tektoncd-pipelines-part-3-github-1db6dd8e8ca7
|
|
apiVersion: tekton.dev/v1alpha1
|
|
kind: TaskRun
|
|
metadata:
|
|
name: create-repo-webhook
|
|
#namespace: stage-tekton-pipeline
|
|
spec:
|
|
taskRef:
|
|
name: create-webhook
|
|
inputs:
|
|
params:
|
|
- name: GitHubOrg
|
|
value: "beppevanrolleghem"
|
|
- name: GitHubUser
|
|
value: "beppevanrolleghem"
|
|
- name: GitHubRepo
|
|
value: "cicdTest"
|
|
- name: GitHubSecretName
|
|
value: webhook-secret
|
|
- name: GitHubAccessTokenKey
|
|
value: token
|
|
- name: GitHubSecretStringKey
|
|
value: secret
|
|
- name: ExternalDomain
|
|
value: "ingress.llocal.host"
|
|
timeout: 1000s
|
|
serviceAccountName: service-acc
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: manual-service
|
|
spec:
|
|
ports:
|
|
- name: http-listener
|
|
port: 8080
|
|
protocol: TCP
|
|
targetPort: 8080
|
|
selector:
|
|
app.kubernetes.io/managed-by: EventListener
|
|
app.kubernetes.io/part-of: Triggers
|
|
eventlistener: github-event-listener
|
|
type: LoadBalancer
|
|
|
|
|
|
|
|
# ---
|
|
# apiVersion: tekton.dev/v1alpha1
|
|
# kind: Task
|
|
# metadata:
|
|
# name: create-ingress
|
|
# #namespace: stage-tekton-pipeline
|
|
# spec:
|
|
# volumes:
|
|
# - name: work
|
|
# emptyDir: {}
|
|
|
|
# inputs:
|
|
# params:
|
|
# - name: CreateCertificate
|
|
# description: "Enables/disables the creation of a self-signed certificate for $(inputs.params.ExternalDomain)"
|
|
# default: "true"
|
|
# - name: CertificateKeyPassphrase
|
|
# description: "Phrase that protects private key. This must be provided when the self-signed certificate is created"
|
|
# - name: CertificateSecretName
|
|
# description: "Secret name for Ingress certificate. The Secret should not exist if the self-signed certificate creation is enabled"
|
|
# - name: ExternalDomain
|
|
# description: "The external domain for the EventListener e.g. `$(inputs.params.EventListenerName).PROXYIP.nip.io`"
|
|
# - name: Service
|
|
# description: "The name of the Service used in the Ingress. This will also be the name of the Ingress."
|
|
# - name: ServicePort
|
|
# description: "The service port that the ingress is being created on"
|
|
# - name: ServiceUID
|
|
# description: "The uid of the service. If set, this creates an owner reference on the service"
|
|
# default: ""
|
|
|
|
# steps:
|
|
# - name: generate-certificate
|
|
# image: frapsoft/openssl
|
|
# volumeMounts:
|
|
# - name: work
|
|
# mountPath: /var/tmp/work
|
|
# command:
|
|
# - sh
|
|
# args:
|
|
# - -ce
|
|
# - |
|
|
# set -e
|
|
# cat <<EOF | sh
|
|
# #!/bin/sh
|
|
# if [ $(inputs.params.CreateCertificate) = "false" ];then
|
|
# exit 0
|
|
# fi
|
|
# mkdir /var/tmp/work/ingress
|
|
# openssl genrsa -des3 -out /var/tmp/work/ingress/key.pem -passout pass:$(inputs.params.CertificateKeyPassphrase) 2048
|
|
# openssl req -x509 -new -nodes -key /var/tmp/work/ingress/key.pem -sha256 -days 1825 -out /var/tmp/work/ingress/certificate.pem -passin pass:$(inputs.params.CertificateKeyPassphrase) -subj /CN=$(inputs.params.ExternalDomain)
|
|
# openssl rsa -in /var/tmp/work/ingress/key.pem -out /var/tmp/work/ingress/key.pem -passin pass:$(inputs.params.CertificateKeyPassphrase)
|
|
# EOF
|
|
# - name: create-certificate-secret
|
|
# image: lachlanevenson/k8s-kubectl:latest
|
|
# volumeMounts:
|
|
# - name: work
|
|
# mountPath: /var/tmp/work
|
|
# command:
|
|
# - sh
|
|
# args:
|
|
# - -ce
|
|
# - |
|
|
# set -e
|
|
# cat <<EOF | sh
|
|
# #!/bin/sh
|
|
# if [ $(inputs.params.CreateCertificate) = "false" ];then
|
|
# exit 0
|
|
# fi
|
|
# kubectl create secret tls $(inputs.params.CertificateSecretName) --cert=/var/tmp/work/ingress/certificate.pem --key=/var/tmp/work/ingress/key.pem || true
|
|
# EOF
|
|
# - name: create-ingress
|
|
# image: lachlanevenson/k8s-kubectl:latest
|
|
# command:
|
|
# - sh
|
|
# args:
|
|
# - -ce
|
|
# - |
|
|
# set -e
|
|
# if [ -n "$(inputs.params.ServiceUID)" ];then
|
|
# cat <<EOF | kubectl create -f - || true
|
|
# apiVersion: extensions/v1beta1
|
|
# kind: Ingress
|
|
# metadata:
|
|
# name: $(inputs.params.Service)
|
|
# #namespace: stage-tekton-pipeline
|
|
# ownerReferences:
|
|
# - name: $(inputs.params.Service)
|
|
# apiVersion: v1
|
|
# kind: Service
|
|
# uid: $(inputs.params.ServiceUID)
|
|
# spec:
|
|
# tls:
|
|
# - secretName: $(inputs.params.CertificateSecretName)
|
|
# hosts:
|
|
# - $(inputs.params.ExternalDomain)
|
|
# rules:
|
|
# - host: $(inputs.params.ExternalDomain)
|
|
# http:
|
|
# paths:
|
|
# - backend:
|
|
# serviceName: $(inputs.params.Service)
|
|
# servicePort: $(inputs.params.ServicePort)
|
|
# EOF
|
|
# else
|
|
# cat <<EOF | kubectl create -f - || true
|
|
# apiVersion: extensions/v1beta1
|
|
# kind: Ingress
|
|
# metadata:
|
|
# name: $(inputs.params.Service)
|
|
# #namespace: stage-tekton-pipeline
|
|
# spec:
|
|
# tls:
|
|
# - secretName: $(inputs.params.CertificateSecretName)
|
|
# hosts:
|
|
# - $(inputs.params.ExternalDomain)
|
|
# rules:
|
|
# - host: $(inputs.params.ExternalDomain)
|
|
# http:
|
|
# paths:
|
|
# - backend:
|
|
# serviceName: $(inputs.params.Service)
|
|
# servicePort: $(inputs.params.ServicePort)
|
|
# EOF
|
|
# fi
|
|
# ---
|
|
# apiVersion: tekton.dev/v1alpha1
|
|
# kind: TaskRun
|
|
# metadata:
|
|
# name: create-ingress-run
|
|
# #namespace: stage-tekton-pipeline
|
|
# spec:
|
|
# taskRef:
|
|
# name: create-ingress
|
|
# inputs:
|
|
# params:
|
|
# - name: CreateCertificate
|
|
# value: "true"
|
|
# - name: CertificateKeyPassphrase
|
|
# value: asecretphrase
|
|
# - name: CertificateSecretName
|
|
# value: ingresssecret
|
|
# - name: ExternalDomain
|
|
# value: "ingress.llocal.host:31040"
|
|
# - name: Service
|
|
# value: el-github-event-listener
|
|
# - name: ServicePort
|
|
# value: "8080"
|
|
# timeout: 1000s
|
|
# serviceAccountName: service-acc |