AverageMarcus/cluster.fun
1
0
Fork 0
Code Issues 1 Pull Requests 2 Releases Activity

Removed Tekton

Browse Source 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
This commit is contained in:
Marcus Noble 2021-12-23 18:47:00 +00:00
parent 88f3132326
commit 513625074a
Signed by: AverageMarcus
GPG Key ID: B8F2DB8A7AEBAF78
27 changed files with 0 additions and 3994 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1456
tekton/1-Install/1-pipeline.yaml
View File

File diff suppressed because it is too large Load Diff

838
tekton/1-Install/2-triggers.yaml
View File

@ -1,838 +0,0 @@
# Copyright 2019 The Tekton Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: tekton-triggers
labels:
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-triggers
spec:
privileged: false
allowPrivilegeEscalation: false
volumes:
- 'emptyDir'
- 'configMap'
- 'secret'
hostNetwork: false
hostIPC: false
hostPID: false
runAsUser:
rule: 'RunAsAny'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
---
# Copyright 2019 The Tekton Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tekton-triggers-admin
labels:
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-triggers
rules:
- apiGroups: [""]
resources: ["configmaps", "secrets", "services"]
verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
- apiGroups: ["apps"]
resources: ["deployments", "deployments/finalizers"]
verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
- apiGroups: ["admissionregistration.k8s.io"]
resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"]
verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
- apiGroups: ["triggers.tekton.dev"]
resources: ["clustertriggerbindings", "eventlisteners", "triggerbindings", "triggertemplates",
"eventlisteners/finalizers"]
verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
- apiGroups: ["triggers.tekton.dev"]
resources: ["clustertriggerbindings/status", "eventlisteners/status", "triggerbindings/status",
"triggertemplates/status"]
verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
- apiGroups: ["policy"]
resources: ["podsecuritypolicies"]
resourceNames: ["tekton-triggers"]
verbs: ["use"]
---
# Copyright 2019 The Tekton Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ServiceAccount
metadata:
name: tekton-triggers-controller
namespace: tekton-pipelines
labels:
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-triggers
---
# Copyright 2019 The Tekton Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tekton-triggers-controller-admin
labels:
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-triggers
subjects:
- kind: ServiceAccount
name: tekton-triggers-controller
namespace: tekton-pipelines
roleRef:
kind: ClusterRole
name: tekton-triggers-admin
apiGroup: rbac.authorization.k8s.io
---
# Copyright 2019 The Tekton Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: clustertriggerbindings.triggers.tekton.dev
labels:
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-triggers
triggers.tekton.dev/release: "devel"
version: "devel"
spec:
group: triggers.tekton.dev
scope: Cluster
versions:
- name: v1alpha1
served: true
storage: true
names:
kind: ClusterTriggerBinding
plural: clustertriggerbindings
singular: clustertriggerbinding
shortNames:
- ctb
categories:
- tekton
- tekton-triggers
subresources:
status: {}
version: v1alpha1
---
# Copyright 2019 The Tekton Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: eventlisteners.triggers.tekton.dev
labels:
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-triggers
triggers.tekton.dev/release: "devel"
version: "devel"
spec:
group: triggers.tekton.dev
scope: Namespaced
versions:
- name: v1alpha1
served: true
storage: true
names:
kind: EventListener
plural: eventlisteners
singular: eventlistener
shortNames:
- el
categories:
- tekton
- tekton-triggers
# Opt into the status subresource so metadata.generation
# starts to increment
subresources:
status: {}
version: v1alpha1
---
# Copyright 2019 The Tekton Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: triggerbindings.triggers.tekton.dev
labels:
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-triggers
triggers.tekton.dev/release: "devel"
version: "devel"
spec:
group: triggers.tekton.dev
scope: Namespaced
versions:
- name: v1alpha1
served: true
storage: true
names:
kind: TriggerBinding
plural: triggerbindings
singular: triggerbinding
shortNames:
- tb
categories:
- tekton
- tekton-triggers
# Opt into the status subresource so metadata.generation
# starts to increment
subresources:
status: {}
version: v1alpha1
---
# Copyright 2019 The Tekton Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: triggertemplates.triggers.tekton.dev
labels:
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-triggers
triggers.tekton.dev/release: "devel"
version: "devel"
spec:
group: triggers.tekton.dev
scope: Namespaced
versions:
- name: v1alpha1
served: true
storage: true
names:
kind: TriggerTemplate
plural: triggertemplates
singular: triggertemplate
shortNames:
- tt
categories:
- tekton
- tekton-triggers
# Opt into the status subresource so metadata.generation
# starts to increment
subresources:
status: {}
version: v1alpha1
---
# Copyright 2020 The Tekton Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Secret
metadata:
name: triggers-webhook-certs
namespace: tekton-pipelines
labels:
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-triggers
triggers.tekton.dev/release: devel
# The data is populated at install time.
---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
name: validation.webhook.triggers.tekton.dev
labels:
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-triggers
triggers.tekton.dev/release: devel
webhooks:
- admissionReviewVersions:
- v1beta1
clientConfig:
service:
name: tekton-triggers-webhook
namespace: tekton-pipelines
failurePolicy: Fail
sideEffects: None
name: validation.webhook.triggers.tekton.dev
---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
metadata:
name: webhook.triggers.tekton.dev
labels:
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-triggers
triggers.tekton.dev/release: devel
webhooks:
- admissionReviewVersions:
- v1beta1
clientConfig:
service:
name: tekton-triggers-webhook
namespace: tekton-pipelines
failurePolicy: Fail
sideEffects: None
name: webhook.triggers.tekton.dev
---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
name: config.webhook.triggers.tekton.dev
labels:
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-triggers
triggers.tekton.dev/release: devel
webhooks:
- admissionReviewVersions:
- v1beta1
clientConfig:
service:
name: tekton-triggers-webhook
namespace: tekton-pipelines
failurePolicy: Fail
sideEffects: None
name: config.webhook.triggers.tekton.dev
namespaceSelector:
matchExpressions:
- key: triggers.tekton.dev/release
operator: Exists
---
# Copyright 2019 The Tekton Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: tekton-triggers-aggregate-edit
labels:
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-triggers
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
- apiGroups:
- triggers.tekton.dev
resources:
- clustertriggerbindings
- eventlisteners
- triggerbindings
- triggertemplates
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
---
# Copyright 2019 The Tekton Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: tekton-triggers-aggregate-view
labels:
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-triggers
rbac.authorization.k8s.io/aggregate-to-view: "true"
rules:
- apiGroups:
- triggers.tekton.dev
resources:
- clustertriggerbindings
- eventlisteners
- triggerbindings
- triggertemplates
verbs:
- get
- list
- watch
---
# Copyright 2019 Tekton Authors LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ConfigMap
metadata:
name: config-logging-triggers
namespace: tekton-pipelines
labels:
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-triggers
data:
# Common configuration for all knative codebase
zap-logger-config: |
{
"level": "info",
"development": false,
"sampling": {
"initial": 100,
"thereafter": 100
},
"outputPaths": ["stdout"],
"errorOutputPaths": ["stderr"],
"encoding": "json",
"encoderConfig": {
"timeKey": "",
"levelKey": "level",
"nameKey": "logger",
"callerKey": "caller",
"messageKey": "msg",
"stacktraceKey": "stacktrace",
"lineEnding": "",
"levelEncoder": "",
"timeEncoder": "",
"durationEncoder": "",
"callerEncoder": ""
}
}
# Log level overrides
loglevel.controller: "info"
loglevel.webhook: "info"
loglevel.eventlistener: "info"
---
# Copyright 2019 The Tekton Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ConfigMap
metadata:
name: config-observability-triggers
namespace: tekton-pipelines
labels:
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-triggers
data:
_example: |
################################
# #
# EXAMPLE CONFIGURATION #
# #
################################
# This block is not actually functional configuration,
# but serves to illustrate the available configuration
# options and document them in a way that is accessible
# to users that `kubectl edit` this config map.
#
# These sample configuration options may be copied out of
# this example block and unindented to be in the data block
# to actually change the configuration.
# metrics.backend-destination field specifies the system metrics destination.
# It supports either prometheus (the default) or stackdriver.
# Note: Using stackdriver will incur additional charges
metrics.backend-destination: prometheus
# metrics.stackdriver-project-id field specifies the stackdriver project ID. This
# field is optional. When running on GCE, application default credentials will be
# used if this field is not provided.
metrics.stackdriver-project-id: "<your stackdriver project id>"
# metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to
# Stackdriver using "global" resource type and custom metric type if the
# metrics are not supported by "knative_revision" resource type. Setting this
# flag to "true" could cause extra Stackdriver charge.
# If metrics.backend-destination is not Stackdriver, this is ignored.
metrics.allow-stackdriver-custom-metrics: "false"
---
# Copyright 2019 Tekton Authors LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/name: controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: default
app.kubernetes.io/version: v0.5.0
app.kubernetes.io/part-of: tekton-triggers
triggers.tekton.dev/release: "v0.5.0"
app: tekton-triggers-controller
version: "v0.5.0"
name: tekton-triggers-controller
namespace: tekton-pipelines
spec:
ports:
- name: http-metrics
port: 9090
protocol: TCP
targetPort: 9090
selector:
app.kubernetes.io/name: controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-triggers
---
# Copyright 2019 The Tekton Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
name: tekton-triggers-controller
namespace: tekton-pipelines
labels:
app.kubernetes.io/name: controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: default
app.kubernetes.io/version: v0.5.0
app.kubernetes.io/part-of: tekton-triggers
# tekton.dev/release value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml
triggers.tekton.dev/release: "v0.5.0"
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-triggers
template:
metadata:
annotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
labels:
app.kubernetes.io/name: controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: default
app.kubernetes.io/version: v0.5.0
app.kubernetes.io/part-of: tekton-triggers
app: tekton-triggers-controller
triggers.tekton.dev/release: "v0.5.0"
# version value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml
version: "v0.5.0"
spec:
serviceAccountName: tekton-triggers-controller
containers:
- name: tekton-triggers-controller
image: gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/controller@sha256:5d71b1706da0e1a1673e3bdb1e230b28534698e1cb5b8604540083024fd7d58d
args: ["-logtostderr", "-stderrthreshold", "INFO", "-el-image", "gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/eventlistenersink@sha256:ddb43420d5e51065aeb730dc06ce555822590ebfd5b820835f875e3159d99901",
"-el-port", "8080", "-period-seconds", "10", "-failure-threshold", "1"]
env:
- name: SYSTEM_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: CONFIG_LOGGING_NAME
value: config-logging-triggers
- name: CONFIG_OBSERVABILITY_NAME
value: config-observability-triggers
- name: METRICS_DOMAIN
value: tekton.dev/triggers
---
# Copyright 2019 The Tekton Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Service
metadata:
name: tekton-triggers-webhook
namespace: tekton-pipelines
labels:
app.kubernetes.io/name: webhook
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: default
app.kubernetes.io/version: v0.5.0
app.kubernetes.io/part-of: tekton-triggers
app: tekton-triggers-webhook
version: "v0.5.0"
triggers.tekton.dev/release: "v0.5.0"
spec:
ports:
- name: https-webhook
port: 443
targetPort: 8443
selector:
app.kubernetes.io/name: webhook
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-triggers
---
# Copyright 2019 The Tekton Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
name: tekton-triggers-webhook
namespace: tekton-pipelines
labels:
app.kubernetes.io/name: webhook
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: default
app.kubernetes.io/version: v0.5.0
app.kubernetes.io/part-of: tekton-triggers
# tekton.dev/release value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml
triggers.tekton.dev/release: "v0.5.0"
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: webhook
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-triggers
template:
metadata:
annotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
labels:
app.kubernetes.io/name: webhook
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: default
app.kubernetes.io/version: v0.5.0
app.kubernetes.io/part-of: tekton-triggers
app: tekton-triggers-webhook
triggers.tekton.dev/release: "v0.5.0"
# version value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml
version: "v0.5.0"
spec:
serviceAccountName: tekton-triggers-controller
containers:
- name: webhook
# This is the Go import path for the binary that is containerized
# and substituted here.
image: gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/webhook@sha256:c6986c68804ce3832bd1894249a39d37a0a46b3458a1cb29697a17b37df674ef
env:
- name: SYSTEM_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: CONFIG_LOGGING_NAME
value: config-logging-triggers
- name: WEBHOOK_SERVICE_NAME
value: tekton-triggers-webhook
- name: WEBHOOK_SECRET_NAME
value: triggers-webhook-certs
- name: METRICS_DOMAIN
value: tekton.dev/triggers
ports:
- name: metrics
containerPort: 9090
- name: profiling
containerPort: 8008
- name: https-webhook
containerPort: 8443
---

356
tekton/1-Install/3-webhooks.yaml
View File

@ -1,356 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: tekton-webhooks-extension
name: tekton-webhooks-extension
namespace: tekton-pipelines
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: tekton-webhooks-extension
name: tekton-webhooks-extension-eventlistener
namespace: tekton-pipelines
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: tekton-webhooks-extension-minimal
namespace: tekton-pipelines
rules:
- apiGroups:
- extensions
resources:
- ingresses
- ingresses/status
verbs:
- delete
- create
- patch
- get
- list
- update
- watch
- apiGroups:
- ""
resources:
- pods
- services
verbs:
- get
- list
- create
- update
- delete
- patch
- watch
- apiGroups:
- ""
resources:
- pods/log
- namespaces
- events
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs:
- get
- list
- create
- delete
- update
- watch
- apiGroups:
- extensions
- apps
resources:
- deployments
verbs:
- get
- list
- create
- update
- delete
- patch
- watch
- apiGroups:
- tekton.dev
resources:
- tasks
- clustertasks
- taskruns
- pipelines
- pipelineruns
- pipelineresources
- conditions
verbs:
- get
- list
- create
- update
- delete
- patch
- watch
- apiGroups:
- triggers.tekton.dev
resources:
- eventlisteners
- triggerbindings
- triggertemplates
verbs:
- get
- list
- create
- update
- delete
- patch
- watch
- apiGroups:
- tekton.dev
resources:
- taskruns/finalizers
- pipelineruns/finalizers
- tasks/status
- clustertasks/status
- taskruns/status
- pipelines/status
- pipelineruns/status
verbs:
- get
- list
- create
- update
- delete
- patch
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: tekton-triggers-minimal
rules:
- apiGroups:
- tekton.dev
resources:
- tasks
- taskruns
verbs:
- get
- apiGroups:
- triggers.tekton.dev
resources:
- triggerbindings
- triggertemplates
- eventlisteners
verbs:
- get
- apiGroups:
- tekton.dev
resources:
- pipelineruns
- pipelineresources
- taskruns
verbs:
- create
- apiGroups:
- ""
resources:
- configmaps
verbs:
- list
- get
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: tekton-webhooks-extension-minimal-cluster-powers
rules:
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- get
- list
- watch
- apiGroups:
- tekton.dev
resources:
- pipelines
- pipelineruns
verbs:
- get
- list
- watch
- apiGroups:
- triggers.tekton.dev
resources:
- pipelines
- pipelineruns
- tasks
- taskruns
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: tekton-webhooks-extension-minimal
namespace: tekton-pipelines
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: tekton-webhooks-extension-minimal
subjects:
- kind: ServiceAccount
name: tekton-webhooks-extension
namespace: tekton-pipelines
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tekton-webhooks-extension-eventlistener-minimal
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: tekton-triggers-minimal
subjects:
- kind: ServiceAccount
name: tekton-webhooks-extension-eventlistener
namespace: tekton-pipelines
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tekton-webhooks-extension-minimal-cluster-powers
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: tekton-webhooks-extension-minimal-cluster-powers
subjects:
- kind: ServiceAccount
name: tekton-webhooks-extension
namespace: tekton-pipelines
---
apiVersion: v1
kind: Service
metadata:
name: tekton-webhooks-extension-validator
namespace: tekton-pipelines
spec:
ports:
- port: 80
protocol: TCP
targetPort: 8080
selector:
app: tekton-webhooks-extension-validator
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
annotations:
tekton-dashboard-bundle-location: web/extension.33e1ae7b.js
tekton-dashboard-display-name: Webhooks
tekton-dashboard-endpoints: webhooks.web
labels:
app: webhooks-extension
tekton-dashboard-extension: "true"
name: webhooks-extension
namespace: tekton-pipelines
spec:
ports:
- port: 8080
targetPort: 8080
selector:
app: webhooks-extension
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tekton-webhooks-extension-validator
namespace: tekton-pipelines
spec:
replicas: 1
selector:
matchLabels:
app: tekton-webhooks-extension-validator
template:
metadata:
labels:
app: tekton-webhooks-extension-validator
spec:
containers:
- env:
- name: INSTALLED_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: gcr.io/tekton-releases/github.com/tektoncd/experimental/webhooks-extension/cmd/interceptor@sha256:f029e6b5bbeae6efaff1ebd4db6d8bce17cfed3ed93ed8999428c6fb1e09a946
name: validate
serviceAccountName: tekton-webhooks-extension
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: webhooks-extension
name: webhooks-extension
namespace: tekton-pipelines
spec:
replicas: 1
selector:
matchLabels:
app: webhooks-extension
template:
metadata:
labels:
app: webhooks-extension
spec:
containers:
- env:
- name: PORT
value: "8080"
- name: INSTALLED_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: DOCKER_REGISTRY_LOCATION
value: DOCKER_REPO
- name: WEB_RESOURCES_DIR
value: web
- name: WEBHOOK_CALLBACK_URL
value: http://listener.IPADDRESS.nip.io
- name: SSL_VERIFICATION_ENABLED
value: "false"
- name: SERVICE_ACCOUNT
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
image: gcr.io/tekton-releases/github.com/tektoncd/experimental/webhooks-extension/cmd/extension@sha256:b76dedeb9dae1a88fe359fab3ac6cac058d7bf9d41906b9b22a20f67e671dd7c
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /liveness
port: 8080
name: webhooks-extension
ports:
- containerPort: 8080
readinessProbe:
httpGet:
path: /readiness
port: 8080
serviceAccountName: tekton-webhooks-extension
---

349
tekton/1-Install/4-dashboard.yaml
View File

@ -1,349 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: extensions.dashboard.tekton.dev
spec:
group: dashboard.tekton.dev
names:
categories:
- tekton
- tekton-dashboard
kind: Extension
plural: extensions
scope: Namespaced
subresources:
status: {}
version: v1alpha1
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: tekton-dashboard
name: tekton-dashboard
namespace: tekton-pipelines
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: tekton-dashboard-minimal
namespace: tekton-pipelines
rules:
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- update
- patch
- apiGroups:
- ""
resources:
- pods
- services
verbs:
- create
- update
- delete
- patch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- update
- delete
- apiGroups:
- extensions
- apps
resources:
- deployments
verbs:
- create
- update
- delete
- patch
- apiGroups:
- tekton.dev
resources:
- tasks
- clustertasks
- taskruns
- pipelines
- pipelineruns
- pipelineresources
- conditions
verbs:
- create
- update
- delete
- patch
- apiGroups:
- tekton.dev
resources:
- taskruns/finalizers
- pipelineruns/finalizers
verbs:
- create
- update
- delete
- patch
- apiGroups:
- tekton.dev
resources:
- tasks/status
- clustertasks/status
- taskruns/status
- pipelines/status
- pipelineruns/status
verbs:
- create
- update
- delete
- patch
- apiGroups:
- dashboard.tekton.dev
resources:
- extensions
verbs:
- create
- update
- delete
- patch
- apiGroups:
- triggers.tekton.dev
resources:
- clustertriggerbindings
- eventlisteners
- triggerbindings
- triggertemplates
verbs:
- create
- update
- delete
- patch
- add
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- apiGroups:
- security.openshift.io
resources:
- securitycontextconstraints
verbs:
- use
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- get
- list
- apiGroups:
- extensions
- apps
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods
- services
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods/log
- namespaces
- events
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- apps
resources:
- deployments
verbs:
- get
- list
- watch
- apiGroups:
- tekton.dev
resources:
- tasks
- clustertasks
- taskruns
- pipelines
- pipelineruns
- pipelineresources
- conditions
verbs:
- get
- list
- watch
- apiGroups:
- tekton.dev
resources:
- taskruns/finalizers
- pipelineruns/finalizers
verbs:
- get
- list
- watch
- apiGroups:
- tekton.dev
resources:
- tasks/status
- clustertasks/status
- taskruns/status
- pipelines/status
- pipelineruns/status
verbs:
- get
- list
- watch
- apiGroups:
- dashboard.tekton.dev
resources:
- extensions
verbs:
- get
- list
- watch
- apiGroups:
- triggers.tekton.dev
resources:
- clustertriggerbindings
- eventlisteners
- triggerbindings
- triggertemplates
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tekton-dashboard-minimal
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: tekton-dashboard-minimal
subjects:
- kind: ServiceAccount
name: tekton-dashboard
namespace: tekton-pipelines
---
apiVersion: v1
kind: Service
metadata:
labels:
app: tekton-dashboard
dashboard.tekton.dev/release: v0.6.1.5
version: v0.6.1.5
name: tekton-dashboard
namespace: tekton-pipelines
spec:
ports:
- name: http
port: 9097
protocol: TCP
targetPort: 9097
selector:
app: tekton-dashboard
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: tekton-dashboard
dashboard.tekton.dev/release: v0.6.1.5
version: v0.6.1.5
name: tekton-dashboard
namespace: tekton-pipelines
spec:
replicas: 1
selector:
matchLabels:
app: tekton-dashboard
template:
metadata:
labels:
app: tekton-dashboard
name: tekton-dashboard
spec:
containers:
- env:
- name: PORT
value: "9097"
- name: READ_ONLY
value: "false"
- name: WEB_RESOURCES_DIR
value: /var/run/ko/web
- name: CSRF_SECURE_COOKIE
value: "false"
- name: TRIGGERS_NAMESPACE
value: tekton-pipelines
- name: PIPELINE_NAMESPACE
value: tekton-pipelines
- name: INSTALLED_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard@sha256:ca22f87e8bec86cf91833aa3996cf9d316313628870eb74c1ea9a73bea77c83d
livenessProbe:
httpGet:
path: /health
port: 9097
name: tekton-dashboard
ports:
- containerPort: 9097
readinessProbe:
httpGet:
path: /readiness
port: 9097
serviceAccountName: tekton-dashboard
---

105
tekton/1-Install/5-dashboard-ingress.yaml
View File

@ -1,105 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: tekton-dashboard-auth
namespace: tekton-pipelines
annotations:
kube-1password: mr6spkkx7n3memkbute6ojaarm
kube-1password/vault: Kubernetes
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tekton-dashboard-auth
namespace: tekton-pipelines
labels:
app: tekton-dashboard-auth
spec:
replicas: 1
selector:
matchLabels:
app: tekton-dashboard-auth
template:
metadata:
labels:
app: tekton-dashboard-auth
spec:
containers:
- args:
- --cookie-secure=false
- --provider=oidc
- --provider-display-name=Auth0
- --upstream=http://tekton-dashboard.tekton-pipelines.svc.cluster.local:9097
- --http-address=$(HOST_IP):8080
- --redirect-url=https://tekton.cluster.fun/oauth2/callback
- --email-domain=marcusnoble.co.uk
- --pass-basic-auth=false
- --pass-access-token=false
- --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
- --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN
env:
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: OAUTH2_PROXY_CLIENT_ID
valueFrom:
secretKeyRef:
key: username
name: tekton-dashboard-auth
- name: OAUTH2_PROXY_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: password
name: tekton-dashboard-auth
image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1
name: oauth-proxy
ports:
- containerPort: 8080
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
name: tekton-dashboard-auth
namespace: tekton-pipelines
labels:
app: tekton-dashboard-auth
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
selector:
app: tekton-dashboard-auth
type: ClusterIP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tekton-dashboard-auth
namespace: tekton-pipelines
labels:
app: tekton-dashboard-auth
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
tls:
- hosts:
- tekton.cluster.fun
secretName: tekton-dashboard-ingress
rules:
- host: tekton.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: tekton-dashboard-auth
port:
number: 80

23
tekton/2-Setup/docker-creds.yaml
View File

@ -1,23 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: docker-creds
namespace: tekton-pipelines
annotations:
kube-1password: kgpbumszi4stqgyzg4kqrttxam
kube-1password/vault: Kubernetes
tekton.dev/docker-0: https://docker.cluster.fun/averagemarcus
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
name: docker-config
namespace: tekton-pipelines
annotations:
kube-1password: i6ngbk5zf4k52xgwdwnfup5bby
kube-1password/vault: Kubernetes
kube-1password/secret-text-key: config.json
type: Opaque

39
tekton/2-Setup/eventlistener-rbac.yaml
View File

@ -1,39 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: eventlistener
namespace: tekton-pipelines
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: eventlistener
namespace: tekton-pipelines
rules:
- apiGroups: ["triggers.tekton.dev"]
resources: ["eventlisteners", "triggerbindings", "triggertemplates"]
verbs: ["get"]
- apiGroups: [""]
resources: ["configmaps", "secrets", "serviceaccounts"]
verbs: ["get", "list", "watch"]
- apiGroups: ["tekton.dev"]
resources: ["pipelineruns", "pipelineresources", "taskruns"]
verbs: ["create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: eventlistener
namespace: tekton-pipelines
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: eventlistener
subjects:
- kind: ServiceAccount
name: eventlistener
namespace: tekton-pipelines

26
tekton/2-Setup/gitea-creds.yaml
View File

@ -1,26 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: gitea-access-token
namespace: tekton-pipelines
annotations:
kube-1password: u45tpgj33bnxl6iz3kwgaf44va
kube-1password/vault: Kubernetes
kube-1password/password-key: access-token
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
name: gitea-creds
namespace: tekton-pipelines
annotations:
kube-1password: 3jgo56jlsrdxilf2vdp5zsw6lq
kube-1password/vault: Kubernetes
tekton.dev/git-0: https://git.cluster.fun
type: kubernetes.io/basic-auth
data:
username: ""
password: ""

10
tekton/2-Setup/kubeconfig-creds.yaml
View File

@ -1,10 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: kubeconfig
namespace: tekton-pipelines
annotations:
kube-1password: ppvndbst3pdqpvfaavgy7mkluq
kube-1password/vault: Kubernetes
kube-1password/secret-text-key: config
type: Opaque

19
tekton/2-Setup/serviceaccounts.yaml
View File

@ -1,19 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: deploy-project
namespace: tekton-pipelines
secrets:
- name: docker-creds
- name: gitea-creds
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: pr-project
namespace: tekton-pipelines
secrets:
- name: docker-creds
- name: gitea-creds

32
tekton/README.md
View File

@ -1,32 +0,0 @@
# tekton-cicd
## Features
- Install Tekton along with Triggers, Webhook support and the dashboard
- Configures an eventlistener for Gitea
- Defines standard PR and Deploy pipelines
## Install
```sh
kubectl apply --recursive -f ./
```
## Custom Docker images used
### gitea-pr-state
`docker pull docker.cluster.fun/averagemarcus/gitea-pr-state:latest`
> Sets the state of a commit in Gitea. This is used to set the CI status to pending or success on the PR.
### ci-builder
`docker pull docker.cluster.fun/averagemarcus/ci-builder:latest`
> Used as a general-purpose Docker image with many common build tools included. This is used for running `make test` and `make build` without needing specific CI images for each project.
## Resources
- [Tekton](https://tekton.dev/)
- [Tekton Docs](https://tekton.dev/docs/)

21
tekton/bindings/gitea.yaml
View File

@ -1,21 +0,0 @@
apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerBinding
metadata:
name: gitea-binding
namespace: tekton-pipelines
spec:
params:
- name: gitrevision
value: $(body.commit_sha)
- name: gitref
value: $(body.ref)
- name: gitrepositoryurl
value: $(body.repository.html_url)
- name: gitbranch
value: $(body.branch)
- name: projectname
value: $(body.repository.name)
- name: isprivate
value: $(body.repository.private)
- name: prid
value: $(body.number)

12
tekton/conditions/has-makefile.yaml
View File

@ -1,12 +0,0 @@
apiVersion: tekton.dev/v1alpha1
kind: Condition
metadata:
name: has-makefile
namespace: tekton-pipelines
spec:
resources:
- name: src
type: git
check:
image: alpine
script: 'test -f $(resources.src.path)/Makefile'

23
tekton/conditions/public-project.yaml
View File

@ -1,23 +0,0 @@
apiVersion: tekton.dev/v1alpha1
kind: Condition
metadata:
name: is-public-project
namespace: tekton-pipelines
spec:
params:
- name: isprivate
check:
image: alpine
script: 'test $(params.isprivate) == false'
---
apiVersion: tekton.dev/v1alpha1
kind: Condition
metadata:
name: is-private-project
namespace: tekton-pipelines
spec:
params:
- name: isprivate
check:
image: alpine
script: 'test $(params.isprivate) == true'

55
tekton/eventlisteners/webhook.yaml
View File

@ -1,55 +0,0 @@
apiVersion: triggers.tekton.dev/v1alpha1
kind: EventListener
metadata:
name: webhook-listener
namespace: tekton-pipelines
spec:
serviceAccountName: eventlistener
triggers:
- name: pull-request
interceptors:
- cel:
filter: "header.match('X-GitHub-Event', 'pull_request') && body.action != 'closed'"
overlays:
- key: commit_sha
expression: "body.pull_request.head.sha"
- key: branch
expression: "body.pull_request.head.ref"
- key: ref
expression: "body.pull_request.head.ref"
bindings:
- name: gitea-binding
template:
name: pr-project
- name: deploy-master
interceptors:
- cel:
filter: "header.match('X-GitHub-Event', 'push') && body.ref.split('/')[2] == body.repository.default_branch"
overlays:
- key: commit_sha
expression: "body.after"
- key: branch
expression: "body.ref.split('/')[2]"
- key: ref
expression: "body.ref"
- key: number
expression: "0"
bindings:
- name: gitea-binding
template:
name: deploy-project
- name: tag
interceptors:
- cel:
filter: "header.match('X-GitHub-Event', 'create') && body.ref_type == 'tag'"
overlays:
- key: commit_sha
expression: "body.sha"
- key: ref
expression: "body.ref"
- key: number
expression: "0"
bindings:
- name: gitea-binding
template:
name: project-tag

128
tekton/pipelines/deploy.yaml
View File

@ -1,128 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: deploy-project
namespace: tekton-pipelines
spec:
params:
- name: gitbranch
type: string
- name: gitrevision
type: string
- name: projectname
type: string
- name: isprivate
default: "true"
type: string
- name: dockerregistry
type: string
description: The Docker registry to push images to
default: docker.cluster.fun/private
- name: publicdockerregistry
type: string
description: The Docker registry to push images to
default: docker.cluster.fun/averagemarcus
- name: imagetag
type: string
description: The Docker image tag
default: latest
resources:
- name: git-source
type: git
tasks:
- name: build-and-publish-latest
taskRef:
name: docker-build-and-publish
params:
- name: IMAGE
value: $(params.dockerregistry)/$(params.projectname):$(params.imagetag)
resources:
inputs:
- name: src
resource: git-source
- name: build-and-publish-sha
taskRef:
name: docker-build-and-publish
params:
- name: IMAGE
value: $(params.dockerregistry)/$(params.projectname):$(params.gitrevision)
resources:
inputs:
- name: src
resource: git-source
- name: build-and-publish-public
conditions:
- conditionRef: is-public-project
params:
- name: isprivate
value: $(params.isprivate)
taskRef:
name: docker-build-and-publish
params:
- name: IMAGE
value: $(params.publicdockerregistry)/$(params.projectname):$(params.imagetag)
resources:
inputs:
- name: src
resource: git-source
- name: build-and-publish-sha-public
conditions:
- conditionRef: is-public-project
params:
- name: isprivate
value: $(params.isprivate)
taskRef:
name: docker-build-and-publish
params:
- name: IMAGE
value: $(params.publicdockerregistry)/$(params.projectname):$(params.gitrevision)
resources:
inputs:
- name: src
resource: git-source
- name: make-release-public
conditions:
- conditionRef: is-public-project
params:
- name: isprivate
value: $(params.isprivate)
taskRef:
name: make
runAfter:
- build-and-publish-sha-public
params:
- name: TARGET
value: "release"
- name: REPO
value: $(params.projectname)
- name: PR_ID
value: ""
- name: SHA
value: $(params.gitrevision)
resources:
inputs:
- name: src
resource: git-source
- name: make-release-private
conditions:
- conditionRef: is-private-project
params:
- name: isprivate
value: $(params.isprivate)
taskRef:
name: make
runAfter:
- build-and-publish-sha
params:
- name: TARGET
value: "release"
- name: REPO
value: $(params.projectname)
- name: PR_ID
value: ""
- name: SHA
value: $(params.gitrevision)
resources:
inputs:
- name: src
resource: git-source

111
tekton/pipelines/pr.yaml
View File

@ -1,111 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: pr-project
namespace: tekton-pipelines
spec:
params:
- name: gitbranch
type: string
- name: gitrevision
type: string
- name: projectname
type: string
- name: prid
type: string
resources:
- name: git-source
type: git
tasks:
- name: pr-start
taskRef:
name: pr-status
params:
- name: REPO
value: $(params.projectname)
- name: SHA
value: $(params.gitrevision)
- name: STATE
value: "pending"
- name: make-test
# TODO: Re-enable when conditionals can result in skipped rather than failure
# conditions:
# - conditionRef: has-makefile
# resources:
# - name: src
# resource: git-source
taskRef:
name: make
params:
- name: TARGET
value: "test"
- name: REPO
value: $(params.projectname)
- name: PR_ID
value: $(params.prid)
- name: SHA
value: $(params.gitrevision)
resources:
inputs:
- name: src
resource: git-source
- name: make-build
# TODO: Re-enable when conditionals can result in skipped rather than failure
# conditions:
# - conditionRef: has-makefile
# resources:
# - name: src
# resource: git-source
taskRef:
name: make
params:
- name: TARGET
value: "build"
- name: REPO
value: $(params.projectname)
- name: PR_ID
value: $(params.prid)
- name: SHA
value: $(params.gitrevision)
resources:
inputs:
- name: src
resource: git-source
- name: make-ci
# TODO: Re-enable when conditionals can result in skipped rather than failure
# conditions:
# - conditionRef: has-makefile
# resources:
# - name: src
# resource: git-source
taskRef:
name: make
params:
- name: TARGET
value: "ci"
- name: REPO
value: $(params.projectname)
- name: PR_ID
value: $(params.prid)
- name: SHA
value: $(params.gitrevision)
resources:
inputs:
- name: src
resource: git-source
- name: pr-end
taskRef:
name: pr-status
runAfter:
- pr-start
- make-test
- make-build
- make-ci
params:
- name: REPO
value: $(params.projectname)
- name: SHA
value: $(params.gitrevision)
- name: STATE
value: "success"

53
tekton/pipelines/tag.yaml
View File

@ -1,53 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: project-tag
namespace: tekton-pipelines
spec:
params:
- name: projectname
type: string
- name: isprivate
default: "true"
type: string
- name: dockerregistry
type: string
description: The Docker registry to push images to
default: docker.cluster.fun/private
- name: publicdockerregistry
type: string
description: The Docker registry to push images to
default: docker.cluster.fun/averagemarcus
- name: imagetag
type: string
description: The Docker image tag
default: latest
resources:
- name: git-source
type: git
tasks:
- name: build-and-publish-tag
taskRef:
name: docker-build-and-publish
params:
- name: IMAGE
value: $(params.dockerregistry)/$(params.projectname):$(params.imagetag)
resources:
inputs:
- name: src
resource: git-source
- name: build-and-publish-tag-public
conditions:
- conditionRef: is-public-project
params:
- name: isprivate
value: $(params.isprivate)
taskRef:
name: docker-build-and-publish
params:
- name: IMAGE
value: $(params.publicdockerregistry)/$(params.projectname):$(params.imagetag)
resources:
inputs:
- name: src
resource: git-source

64
tekton/tasks/docker-build-and-publish.yaml
View File

@ -1,64 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: docker-build-and-publish
namespace: tekton-pipelines
spec:
params:
- name: DOCKERFILE
type: string
description: The path to the dockerfile to build
default: Dockerfile
- name: CONTEXT
type: string
description: The build context used by Docker.
default: .
- name: IMAGE
type: string
resources:
inputs:
- name: src
type: git
results:
- name: IMAGE_DIGEST
description: Digest of the image just built.
steps:
- name: build-and-push
workingDir: /workspace/src
image: moby/buildkit:latest
env:
- name: DOCKER_CONFIG
value: /root/.docker
command:
- sh
- -c
- |
PLATFORMS=$(grep 'PLATFORMS ?= ' Makefile | sed -E 's/^PLATFORMS \?= (.+)$/\1/')
if [ -z $PLATFORMS ]; then
PLATFORMS=linux/amd64
fi
buildctl-daemonless.sh --debug \
build \
--progress=plain \
--frontend=dockerfile.v0 \
--opt filename=$(params.DOCKERFILE) \
--opt platform=${PLATFORMS} \
--local context=$(params.CONTEXT) \
--local dockerfile=. \
--output type=image,name=$(params.IMAGE),push=true \
--export-cache type=inline \
--import-cache type=registry,ref=$(params.IMAGE)
securityContext:
privileged: true
volumeMounts:
- name: docker-config
mountPath: /root/.docker/config.json
subPath: config.json
volumes:
- name: docker-config
secret:
secretName: docker-config

14
tekton/tasks/kubectl-apply-files.yaml
View File

@ -1,14 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: kubectl-apply-files
namespace: tekton-pipelines
spec:
params:
- name: DIRECTORY
description: Directory of kubernetes manifest files
steps:
- name: kubectl-apply
image: gcr.io/cloud-builders/kubectl
script: |
kubectl apply --recursive -f $(params.DIRECTORY)

14
tekton/tasks/kubectl-apply-inline.yaml
View File

@ -1,14 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: kubectl-apply-inline
namespace: tekton-pipelines
spec:
params:
- name: MANIFEST
description: Content of the resource to deploy
steps:
- name: kubectl-apply
image: gcr.io/cloud-builders/kubectl
script: |
echo "$(params.MANIFEST)" | kubectl apply -f -

25
tekton/tasks/kubectl-patch-image.yaml
View File

@ -1,25 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: kubectl-patch-image
namespace: tekton-pipelines
spec:
params:
- name: NAMESPACE
default: "default"
description: The namespace the kubernetes resource is in
- name: RESOURCE_TYPE
default: "deployment"
description: The type of Kubernetes resource
- name: NAME
description: The name of the resource
- name: CONTAINER_NAME
description: The name of the container to patch
default: "*" # defaults to updating _all_ containers
- name: IMAGE
description: The new image to use
steps:
- name: kubectl-patch-image
image: gcr.io/cloud-builders/kubectl
script: |
kubectl --namespace $(params.NAMESPACE) set image $(params.RESOURCE_TYPE) $(params.NAME) $(params.CONTAINER_NAME)=$(params.IMAGE)

48
tekton/tasks/make.yaml
View File

@ -1,48 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: make
namespace: tekton-pipelines
spec:
params:
- name: TARGET
description: The make target to run
- name: REPO
description: The name of the repo
- name: PR_ID
description: The ID of the pull request
- name: SHA
description: The commit sha
resources:
inputs:
- name: src
type: git
steps:
- name: make
workingDir: /workspace/src
image: docker.cluster.fun/averagemarcus/ci-builder:latest
script: |
make --dry-run $(params.TARGET) &> /dev/null || (echo "No '$(params.TARGET)' target found, skipping" && exit 0)
make $(params.TARGET)
env:
- name: REPO
value: $(params.REPO)
- name: PR_ID
value: $(params.PR_ID)
- name: SHA
value: $(params.SHA)
- name: ACCESS_TOKEN
valueFrom:
secretKeyRef:
name: gitea-access-token
key: access-token
- name: KUBECONFIG
value: /root/.kube/config
volumeMounts:
- name: kubeconfig
mountPath: /root/.kube/config
subPath: config
volumes:
- name: kubeconfig
secret:
secretName: kubeconfig

27
tekton/tasks/pr-status.yaml
View File

@ -1,27 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: pr-status
namespace: tekton-pipelines
spec:
params:
- name: REPO
description: The name of the repo
- name: SHA
description: The git SHA to update the status of
- name: STATE
description: The state to set the status to (pending, success, error, failure or warning)
default: "pending"
steps:
- name: pr-status-update
image: docker.cluster.fun/averagemarcus/gitea-pr-status:latest
env:
- name: ACCESS_TOKEN
valueFrom:
secretKeyRef:
name: gitea-access-token
key: access-token
args:
- "AverageMarcus/$(params.REPO)"
- "$(params.SHA)"
- "$(params.STATE)"

49
tekton/triggertemplates/deploy.yaml
View File

@ -1,49 +0,0 @@
apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
name: deploy-project
namespace: tekton-pipelines
spec:
params:
- name: gitrevision
description: The git revision
- name: gitrepositoryurl
description: The git repository url
- name: gitbranch
description: The branch of the PR
- name: gitref
description: The ref of the PR
- name: projectname
description: The name of the git project
- name: isprivate
description: If the git project is set to private
default: "true"
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: deploy-$(params.projectname)-
spec:
pipelineRef:
name: deploy-project
serviceAccountName: deploy-project
params:
- name: gitbranch
value: $(params.gitbranch)
- name: gitref
value: $(params.gitref)
- name: gitrevision
value: $(params.gitrevision)
- name: projectname
value: $(params.projectname)
- name: isprivate
value: $(params.isprivate)
resources:
- name: git-source
resourceSpec:
type: git
params:
- name: revision
value: $(params.gitrevision)
- name: url
value: $(params.gitrepositoryurl)

46
tekton/triggertemplates/pr.yaml
View File

@ -1,46 +0,0 @@
apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
name: pr-project
namespace: tekton-pipelines
spec:
params:
- name: gitrevision
description: The git revision
- name: gitrepositoryurl
description: The git repository url
- name: gitbranch
description: The branch of the PR
- name: gitref
description: The ref of the PR
- name: projectname
description: The name of the git project
- name: prid
description: The number of the PR
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: pr-$(params.projectname)-
spec:
pipelineRef:
name: pr-project
serviceAccountName: pr-project
params:
- name: gitbranch
value: $(params.gitbranch)
- name: gitrevision
value: $(params.gitrevision)
- name: projectname
value: $(params.projectname)
- name: prid
value: $(params.prid)
resources:
- name: git-source
resourceSpec:
type: git
params:
- name: revision
value: $(params.gitrevision)
- name: url
value: $(params.gitrepositoryurl)

51
tekton/triggertemplates/tag.yaml
View File

@ -1,51 +0,0 @@
apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
name: project-tag
namespace: tekton-pipelines
spec:
params:
- name: gitrevision
description: The git revision
- name: gitrepositoryurl
description: The git repository url
- name: gitbranch
description: The branch of the PR
- name: gitref
description: The ref of the PR
- name: projectname
description: The name of the git project
- name: isprivate
description: If the git project is set to private
default: "true"
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: tag-$(params.projectname)-
spec:
pipelineRef:
name: project-tag
serviceAccountName: project-tag
params:
- name: gitbranch
value: $(params.gitbranch)
- name: gitref
value: $(params.gitref)
- name: gitrevision
value: $(params.gitrevision)
- name: projectname
value: $(params.projectname)
- name: isprivate
value: $(params.isprivate)
- name: imagetag
value: $(params.gitref)
resources:
- name: git-source
resourceSpec:
type: git
params:
- name: revision
value: $(params.gitrevision)
- name: url
value: $(params.gitrepositoryurl)