From 5a1e9fa22c57348087aa291d48eccbf7437ff900 Mon Sep 17 00:00:00 2001 From: Marcus Noble Date: Sat, 25 Apr 2020 19:18:33 +0100 Subject: [PATCH] Added tekton pipelines --- tekton/1-Install/1-pipeline.yaml | 1104 ++++++++++++++++++++ tekton/1-Install/2-triggers.yaml | 705 +++++++++++++ tekton/1-Install/3-webhooks.yaml | 656 ++++++++++++ tekton/1-Install/4-dashboard.yaml | 409 ++++++++ tekton/2-Setup/docker-creds.yaml | 11 + tekton/2-Setup/eventlistener-rbac.yaml | 39 + tekton/2-Setup/gitea-creds.yaml | 22 + tekton/2-Setup/serviceaccounts.yaml | 19 + tekton/README.md | 32 + tekton/bindings/gitea.yaml | 19 + tekton/conditions/has-makefile.yaml | 12 + tekton/conditions/public-project.yaml | 11 + tekton/eventlisteners/webhook.yaml | 51 + tekton/pipelines/deploy.yaml | 77 ++ tekton/pipelines/pr.yaml | 91 ++ tekton/pipelines/tag.yaml | 53 + tekton/tasks/docker-build-and-publish.yaml | 45 + tekton/tasks/kubectl-apply-files.yaml | 14 + tekton/tasks/kubectl-apply-inline.yaml | 14 + tekton/tasks/kubectl-patch-image.yaml | 25 + tekton/tasks/make.yaml | 19 + tekton/tasks/pr-status.yaml | 27 + tekton/triggertemplates/deploy.yaml | 49 + tekton/triggertemplates/pr.yaml | 42 + tekton/triggertemplates/tag.yaml | 51 + 25 files changed, 3597 insertions(+) create mode 100644 tekton/1-Install/1-pipeline.yaml create mode 100644 tekton/1-Install/2-triggers.yaml create mode 100644 tekton/1-Install/3-webhooks.yaml create mode 100644 tekton/1-Install/4-dashboard.yaml create mode 100644 tekton/2-Setup/docker-creds.yaml create mode 100644 tekton/2-Setup/eventlistener-rbac.yaml create mode 100644 tekton/2-Setup/gitea-creds.yaml create mode 100644 tekton/2-Setup/serviceaccounts.yaml create mode 100644 tekton/README.md create mode 100644 tekton/bindings/gitea.yaml create mode 100644 tekton/conditions/has-makefile.yaml create mode 100644 tekton/conditions/public-project.yaml create mode 100644 tekton/eventlisteners/webhook.yaml create mode 100644 tekton/pipelines/deploy.yaml create mode 100644 tekton/pipelines/pr.yaml create mode 100644 tekton/pipelines/tag.yaml create mode 100644 tekton/tasks/docker-build-and-publish.yaml create mode 100644 tekton/tasks/kubectl-apply-files.yaml create mode 100644 tekton/tasks/kubectl-apply-inline.yaml create mode 100644 tekton/tasks/kubectl-patch-image.yaml create mode 100644 tekton/tasks/make.yaml create mode 100644 tekton/tasks/pr-status.yaml create mode 100644 tekton/triggertemplates/deploy.yaml create mode 100644 tekton/triggertemplates/pr.yaml create mode 100644 tekton/triggertemplates/tag.yaml diff --git a/tekton/1-Install/1-pipeline.yaml b/tekton/1-Install/1-pipeline.yaml new file mode 100644 index 0000000..020a159 --- /dev/null +++ b/tekton/1-Install/1-pipeline.yaml @@ -0,0 +1,1104 @@ +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Namespace +metadata: + name: tekton-pipelines + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: tekton-pipelines +spec: + privileged: false + allowPrivilegeEscalation: false + volumes: + - 'emptyDir' + - 'configMap' + - 'secret' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-admin +rules: +- apiGroups: [""] + resources: ["pods", "pods/log", "namespaces", "secrets", "events", "serviceaccounts", + "configmaps", "persistentvolumeclaims", "limitranges"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +- apiGroups: ["apps"] + resources: ["deployments"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +- apiGroups: ["apps"] + resources: ["deployments/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +- apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +- apiGroups: ["tekton.dev"] + resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "pipelineresources", + "conditions"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +- apiGroups: ["tekton.dev"] + resources: ["taskruns/finalizers", "pipelineruns/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +- apiGroups: ["tekton.dev"] + resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status", + "pipelineruns/status", "pipelineresources/status"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +- apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + resourceNames: ["tekton-pipelines"] + verbs: ["use"] + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-pipelines-controller + namespace: tekton-pipelines + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelines-controller-admin +subjects: +- kind: ServiceAccount + name: tekton-pipelines-controller + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-pipelines-admin + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clustertasks.tekton.dev +spec: + group: tekton.dev + versions: + - name: v1alpha1 + served: true + storage: true + - name: v1beta1 + served: true + storage: false + names: + kind: ClusterTask + plural: clustertasks + categories: + - tekton + - tekton-pipelines + scope: Cluster + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + version: v1alpha1 + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: conditions.tekton.dev +spec: + group: tekton.dev + names: + kind: Condition + plural: conditions + categories: + - tekton + - tekton-pipelines + scope: Namespaced + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + version: v1alpha1 + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: images.caching.internal.knative.dev + labels: + knative.dev/crd-install: "true" +spec: + group: caching.internal.knative.dev + version: v1alpha1 + names: + kind: Image + plural: images + singular: image + categories: + - knative-internal + - caching + shortNames: + - img + scope: Namespaced + subresources: + status: {} + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: pipelines.tekton.dev +spec: + group: tekton.dev + versions: + - name: v1alpha1 + served: true + storage: true + - name: v1beta1 + served: true + storage: false + names: + kind: Pipeline + plural: pipelines + categories: + - tekton + - tekton-pipelines + scope: Namespaced + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + version: v1alpha1 + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: pipelineruns.tekton.dev +spec: + group: tekton.dev + versions: + - name: v1alpha1 + served: true + storage: true + - name: v1beta1 + served: true + storage: false + names: + kind: PipelineRun + plural: pipelineruns + categories: + - tekton + - tekton-pipelines + shortNames: + - pr + - prs + scope: Namespaced + additionalPrinterColumns: + - name: Succeeded + type: string + JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + JSONPath: .status.startTime + - name: CompletionTime + type: date + JSONPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + version: v1alpha1 + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: pipelineresources.tekton.dev +spec: + group: tekton.dev + names: + kind: PipelineResource + plural: pipelineresources + categories: + - tekton + - tekton-pipelines + scope: Namespaced + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + version: v1alpha1 + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: tasks.tekton.dev +spec: + group: tekton.dev + versions: + - name: v1alpha1 + served: true + storage: true + - name: v1beta1 + served: true + storage: false + names: + kind: Task + plural: tasks + categories: + - tekton + - tekton-pipelines + scope: Namespaced + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + version: v1alpha1 + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: taskruns.tekton.dev +spec: + group: tekton.dev + versions: + - name: v1alpha1 + served: true + storage: true + - name: v1beta1 + served: true + storage: false + names: + kind: TaskRun + plural: taskruns + categories: + - tekton + - tekton-pipelines + shortNames: + - tr + - trs + scope: Namespaced + additionalPrinterColumns: + - name: Succeeded + type: string + JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + JSONPath: .status.startTime + - name: CompletionTime + type: date + JSONPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + version: v1alpha1 + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: webhook-certs + namespace: tekton-pipelines + labels: + pipeline.tekton.dev/release: devel +# The data is populated at install time. + +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.webhook.pipeline.tekton.dev + labels: + pipeline.tekton.dev/release: devel +webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: validation.webhook.pipeline.tekton.dev + +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + name: webhook.pipeline.tekton.dev + labels: + pipeline.tekton.dev/release: devel +webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: webhook.pipeline.tekton.dev + +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + name: config.webhook.pipeline.tekton.dev + labels: + pipeline.tekton.dev/release: devel +webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: config.webhook.pipeline.tekton.dev + namespaceSelector: + matchExpressions: + - key: pipeline.tekton.dev/release + operator: Exists + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-aggregate-edit + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: +- apiGroups: + - tekton.dev + resources: + - tasks + - taskruns + - pipelines + - pipelineruns + - pipelineresources + - conditions + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-aggregate-view + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: +- apiGroups: + - tekton.dev + resources: + - tasks + - taskruns + - pipelines + - pipelineruns + - pipelineresources + - conditions + verbs: + - get + - list + - watch + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-artifact-bucket + namespace: tekton-pipelines +# data: +# # location of the gcs bucket to be used for artifact storage +# location: "gs://bucket-name" +# # name of the secret that will contain the credentials for the service account +# # with access to the bucket +# bucket.service.account.secret.name: +# # The key in the secret with the required service account json +# bucket.service.account.secret.key: + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-artifact-pvc + namespace: tekton-pipelines +# data: +# # size of the PVC volume +# size: 5Gi +# +# # storage class of the PVC volume +# storageClassName: storage-class-name + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-defaults + namespace: tekton-pipelines +data: + _example: |- + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # default-timeout-minutes contains the default number of + # minutes to use for TaskRun and PipelineRun, if none is specified. + default-timeout-minutes: "60" # 60 minutes + + # default-service-account contains the default service account name + # to use for TaskRun and PipelineRun, if none is specified. + default-service-account: "default" + + # default-managed-by-label-value contains the default value given to the + # "app.kubernetes.io/managed-by" label applied to all Pods created for + # TaskRuns. If a user's requested TaskRun specifies another value for this + # label, the user's request supercedes. + default-managed-by-label-value: "tekton-pipelines" + + # default-pod-template contains the default pod template to use + # TaskRun and PipelineRun, if none is specified. If a pod template + # is specified, the default pod template is ignored. + # default-pod-template: + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: feature-flags + namespace: tekton-pipelines +data: + # Setting this flag to "true" will prevent Tekton overriding your + # Task container's $HOME environment variable. + # + # The default behaviour currently is for Tekton to override the + # $HOME environment variable but this will change in an upcoming + # release. + # + # See https://github.com/tektoncd/pipeline/issues/2013 for more + # info. + disable-home-env-overwrite: "false" + # Setting this flag to "true" will prevent Tekton overriding your + # Task container's working directory. + # + # The default behaviour currently is for Tekton to override the + # working directory if not set by the user but this will change + # in an upcoming release. + # + # See https://github.com/tektoncd/pipeline/issues/1836 for more + # info. + disable-working-directory-overwrite: "false" + +--- +# Copyright 2019 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-logging + namespace: tekton-pipelines +data: + # Common configuration for all knative codebase + zap-logger-config: | + { + "level": "info", + "development": false, + "sampling": { + "initial": 100, + "thereafter": 100 + }, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "", + "levelKey": "level", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "msg", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "", + "durationEncoder": "", + "callerEncoder": "" + } + } + # Log level overrides + loglevel.controller: "info" + loglevel.webhook: "info" + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-observability + namespace: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # metrics.backend-destination field specifies the system metrics destination. + # It supports either prometheus (the default) or stackdriver. + # Note: Using Stackdriver will incur additional charges. + metrics.backend-destination: prometheus + + # metrics.stackdriver-project-id field specifies the Stackdriver project ID. This + # field is optional. When running on GCE, application default credentials will be + # used and metrics will be sent to the cluster's project if this field is + # not provided. + metrics.stackdriver-project-id: "" + + # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed + # to send metrics to Stackdriver using "global" resource type and custom + # metric type. Setting this flag to "true" could cause extra Stackdriver + # charge. If metrics.backend-destination is not Stackdriver, this is + # ignored. + metrics.allow-stackdriver-custom-metrics: "false" + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-pipelines-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: tekton-pipelines + app.kubernetes.io/component: controller + pipeline.tekton.dev/release: "v0.11.2" + version: "v0.11.2" +spec: + replicas: 1 + selector: + matchLabels: + app: tekton-pipelines-controller + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app: tekton-pipelines-controller + app.kubernetes.io/name: tekton-pipelines + app.kubernetes.io/component: controller + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.11.2" + version: "v0.11.2" + spec: + serviceAccountName: tekton-pipelines-controller + containers: + - name: tekton-pipelines-controller + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.11.2@sha256:0791513ec1176da38c403eb81220406e987f78f3e58608bd57be1adc45bc9aac + args: ["-kubeconfig-writer-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/kubeconfigwriter:v0.11.2@sha256:d01fa1db8abcad318d05e62e35153a91c6c995949e52133520d9e4735e9a486c", + "-creds-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/creds-init:v0.11.2@sha256:ced427e48b143bc821aedd4a0936fa2caef3f208d70efe68ccba786c12b2c943", + "-git-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.11.2@sha256:bee98bfe6807e8f4e0a31b4e786fd1f7f459e653ed1a22b1a25999f33fa9134a", + "-nop-image", "tianon/true", "-shell-image", "busybox", "-gsutil-image", + "google/cloud-sdk", "-entrypoint-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.11.2@sha256:bc5beb48ca4f87013ccb466bf739d6c99ef9f1ddf51899c73ead99f242b4e57d", + "-imagedigest-exporter-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/imagedigestexporter:v0.11.2@sha256:7a03343deaeaa6b2d779df37417f9bf76cb5f67b36dd298e5bb69a0f625a2b38", + "-pr-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/pullrequest-init:v0.11.2@sha256:3a395509e0d75786eafe96f68d22afc7c4d23a2a76ffc77218b25e8c6c81f6ba", + "-build-gcs-fetcher-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/vendor/github.com/googlecloudplatform/cloud-builders/gcs-fetcher/cmd/gcs-fetcher:v0.11.2@sha256:a020c8510b15870a5b059708197ac7c4ef0d1cbd668eb0872105ad658d509f67"] + volumeMounts: + - name: config-logging + mountPath: /etc/config-logging + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: CONFIG_ARTIFACT_BUCKET_NAME + value: config-artifact-bucket + - name: CONFIG_ARTIFACT_PVC_NAME + value: config-artifact-pvc + - name: METRICS_DOMAIN + value: tekton.dev/pipeline + volumes: + - name: config-logging + configMap: + name: config-logging +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: tekton-pipelines-controller + pipeline.tekton.dev/release: "v0.11.2" + version: "v0.11.2" + name: tekton-pipelines-controller + namespace: tekton-pipelines +spec: + ports: + - name: http-metrics + port: 9090 + protocol: TCP + targetPort: 9090 + selector: + app: tekton-pipelines-controller + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + # Note: the Deployment name must be the same as the Service name specified in + # config/400-webhook-service.yaml. If you change this name, you must also + # change the value of WEBHOOK_SERVICE_NAME below. + name: tekton-pipelines-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: tekton-pipelines + app.kubernetes.io/component: webhook-controller + pipeline.tekton.dev/release: "v0.11.2" + version: "v0.11.2" +spec: + replicas: 1 + selector: + matchLabels: + app: tekton-pipelines-webhook + role: webhook + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app: tekton-pipelines-webhook + role: webhook + app.kubernetes.io/name: tekton-pipelines + app.kubernetes.io/component: webhook-controller + pipeline.tekton.dev/release: "v0.11.2" + version: "v0.11.2" + spec: + serviceAccountName: tekton-pipelines-controller + containers: + - name: webhook + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.11.2@sha256:9826548f3bd8cc0c4187ca0ab5ab8114009874625828a23301c1f60be4f294fa + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: WEBHOOK_SERVICE_NAME + value: tekton-pipelines-webhook + - name: METRICS_DOMAIN + value: tekton.dev/pipeline + securityContext: + allowPrivilegeEscalation: false + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: https-webhook + containerPort: 8443 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: tekton-pipelines-webhook + role: webhook + pipeline.tekton.dev/release: v0.11.2 + version: "v0.11.2" + name: tekton-pipelines-webhook + namespace: tekton-pipelines +spec: + ports: + - # Define metrics and profiling for them to be accessible within service meshes. + name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + app: tekton-pipelines-webhook + role: webhook + +--- diff --git a/tekton/1-Install/2-triggers.yaml b/tekton/1-Install/2-triggers.yaml new file mode 100644 index 0000000..758bda3 --- /dev/null +++ b/tekton/1-Install/2-triggers.yaml @@ -0,0 +1,705 @@ +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: tekton-triggers +spec: + privileged: false + allowPrivilegeEscalation: false + volumes: + - 'emptyDir' + - 'configMap' + - 'secret' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-triggers-admin +rules: +- apiGroups: [""] + resources: ["configmaps", "secrets", "services"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +- apiGroups: ["apps"] + resources: ["deployments", "deployments/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +- apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +- apiGroups: ["triggers.tekton.dev"] + resources: ["clustertriggerbindings", "eventlisteners", "triggerbindings", "triggertemplates", + "eventlisteners/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +- apiGroups: ["triggers.tekton.dev"] + resources: ["clustertriggerbindings/status", "eventlisteners/status", "triggerbindings/status", + "triggertemplates/status"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +- apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + resourceNames: ["tekton-triggers"] + verbs: ["use"] + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-triggers-controller + namespace: tekton-pipelines + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: tekton-triggers-controller-admin +subjects: +- kind: ServiceAccount + name: tekton-triggers-controller + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-triggers-admin + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clustertriggerbindings.triggers.tekton.dev +spec: + group: triggers.tekton.dev + scope: Cluster + versions: + - name: v1alpha1 + served: true + storage: true + names: + kind: ClusterTriggerBinding + plural: clustertriggerbindings + singular: clustertriggerbinding + shortNames: + - ctb + categories: + - tekton + - tekton-triggers + subresources: + status: {} + version: v1alpha1 + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: eventlisteners.triggers.tekton.dev +spec: + group: triggers.tekton.dev + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + names: + kind: EventListener + plural: eventlisteners + singular: eventlistener + shortNames: + - el + categories: + - tekton + - tekton-triggers + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + version: v1alpha1 + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: triggerbindings.triggers.tekton.dev +spec: + group: triggers.tekton.dev + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + names: + kind: TriggerBinding + plural: triggerbindings + singular: triggerbinding + shortNames: + - tb + categories: + - tekton + - tekton-triggers + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + version: v1alpha1 + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: triggertemplates.triggers.tekton.dev +spec: + group: triggers.tekton.dev + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + names: + kind: TriggerTemplate + plural: triggertemplates + singular: triggertemplate + shortNames: + - tt + categories: + - tekton + - tekton-triggers + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + version: v1alpha1 + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: triggers-webhook-certs + namespace: tekton-pipelines + labels: + triggers.tekton.dev/release: devel +# The data is populated at install time. +--- +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.webhook.triggers.tekton.dev + labels: + triggers.tekton.dev/release: devel +webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: tekton-triggers-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: validation.webhook.triggers.tekton.dev +--- +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + name: webhook.triggers.tekton.dev + labels: + triggers.tekton.dev/release: devel +webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: tekton-triggers-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: webhook.triggers.tekton.dev +--- +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + name: config.webhook.triggers.tekton.dev + labels: + triggers.tekton.dev/release: devel +webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: tekton-triggers-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: config.webhook.triggers.tekton.dev + namespaceSelector: + matchExpressions: + - key: triggers.tekton.dev/release + operator: Exists + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-triggers-aggregate-edit + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: +- apiGroups: + - tekton.dev + resources: + - clustertriggerbindings + - eventlisteners + - triggerbindings + - triggertemplates + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-triggers-aggregate-view + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: +- apiGroups: + - tekton.dev + resources: + - clustertriggerbindings + - eventlisteners + - triggerbindings + - triggertemplates + verbs: + - get + - list + - watch + +--- +# Copyright 2019 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-logging-triggers + namespace: tekton-pipelines +data: + # Common configuration for all knative codebase + zap-logger-config: | + { + "level": "info", + "development": false, + "sampling": { + "initial": 100, + "thereafter": 100 + }, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "", + "levelKey": "level", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "msg", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "", + "durationEncoder": "", + "callerEncoder": "" + } + } + # Log level overrides + loglevel.controller: "info" + loglevel.webhook: "info" + loglevel.eventlistener: "info" + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-observability-triggers + namespace: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # metrics.backend-destination field specifies the system metrics destination. + # It supports either prometheus (the default) or stackdriver. + # Note: Using stackdriver will incur additional charges + metrics.backend-destination: prometheus + + # metrics.stackdriver-project-id field specifies the stackdriver project ID. This + # field is optional. When running on GCE, application default credentials will be + # used if this field is not provided. + metrics.stackdriver-project-id: "" + + # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to + # Stackdriver using "global" resource type and custom metric type if the + # metrics are not supported by "knative_revision" resource type. Setting this + # flag to "true" could cause extra Stackdriver charge. + # If metrics.backend-destination is not Stackdriver, this is ignored. + metrics.allow-stackdriver-custom-metrics: "false" + +--- +# Copyright 2019 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + labels: + app: tekton-triggers-controller + version: "v0.4.0" + triggers.tekton.dev/release: "v0.4.0" + name: tekton-triggers-controller + namespace: tekton-pipelines +spec: + ports: + - name: http-metrics + port: 9090 + protocol: TCP + targetPort: 9090 + selector: + app: tekton-triggers-controller + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-triggers-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: tekton-triggers + app.kubernetes.io/component: controller + # tekton.dev/release value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml + triggers.tekton.dev/release: "v0.4.0" +spec: + replicas: 1 + selector: + matchLabels: + app: tekton-triggers-controller + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app: tekton-triggers-controller + triggers.tekton.dev/release: "v0.4.0" + # version value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml + version: "v0.4.0" + spec: + serviceAccountName: tekton-triggers-controller + containers: + - name: tekton-triggers-controller + image: gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/controller@sha256:bf3517ddccace756e39cee0f0012bbe879c6b28d962a1c904a415e7c60ce5bc2 + args: ["-logtostderr", "-stderrthreshold", "INFO", "-el-image", "gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/eventlistenersink@sha256:76c208ec1d73d9733dcaf850240e1b3990e5977709a03c2bd98ad5b20fab9867", + "-el-port", "8080", "-period-seconds", "10", "-failure-threshold", "1"] + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging-triggers + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability-triggers + - name: METRICS_DOMAIN + value: tekton.dev/triggers + +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: tekton-triggers-webhook + version: "v0.4.0" + triggers.tekton.dev/release: "v0.4.0" + name: tekton-triggers-webhook + namespace: tekton-pipelines +spec: + ports: + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + app: tekton-triggers-webhook + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-triggers-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: tekton-triggers + app.kubernetes.io/component: webhook-controller + # tekton.dev/release value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml + triggers.tekton.dev/release: "v0.4.0" +spec: + replicas: 1 + selector: + matchLabels: + app: tekton-triggers-webhook + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app: tekton-triggers-webhook + triggers.tekton.dev/release: "v0.4.0" + # version value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml + version: "v0.4.0" + role: webhook + app.kubernetes.io/name: tekton-triggers + app.kubernetes.io/component: webhook-controller + spec: + serviceAccountName: tekton-triggers-controller + containers: + - name: webhook + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/webhook@sha256:d7f1526a9294e671c500f0071b61e050262fb27fb633b54d764a556969855764 + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging-triggers + - name: WEBHOOK_SERVICE_NAME + value: tekton-triggers-webhook + - name: METRICS_DOMAIN + value: tekton.dev/triggers + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: https-webhook + containerPort: 8443 + +--- diff --git a/tekton/1-Install/3-webhooks.yaml b/tekton/1-Install/3-webhooks.yaml new file mode 100644 index 0000000..76358d6 --- /dev/null +++ b/tekton/1-Install/3-webhooks.yaml @@ -0,0 +1,656 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: tekton-webhooks-extension + name: tekton-webhooks-extension + namespace: tekton-pipelines +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: tekton-webhooks-extension + name: tekton-webhooks-extension-eventlistener + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: tekton-webhooks-extension-minimal + namespace: tekton-pipelines +rules: +- apiGroups: + - extensions + resources: + - ingresses + - ingresses/status + verbs: + - delete + - create + - patch + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - pods + - services + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - "" + resources: + - pods/log + - namespaces + - events + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list + - create + - delete + - update + - watch +- apiGroups: + - extensions + - apps + resources: + - deployments + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - tekton.dev + resources: + - tasks + - clustertasks + - taskruns + - pipelines + - pipelineruns + - pipelineresources + - conditions + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - triggers.tekton.dev + resources: + - eventlisteners + - triggerbindings + - triggertemplates + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - tekton.dev + resources: + - taskruns/finalizers + - pipelineruns/finalizers + - tasks/status + - clustertasks/status + - taskruns/status + - pipelines/status + - pipelineruns/status + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-triggers-minimal +rules: +- apiGroups: + - tekton.dev + resources: + - tasks + - taskruns + verbs: + - get +- apiGroups: + - triggers.tekton.dev + resources: + - triggerbindings + - triggertemplates + - eventlisteners + verbs: + - get +- apiGroups: + - tekton.dev + resources: + - pipelineruns + - pipelineresources + - taskruns + verbs: + - create +- apiGroups: + - "" + resources: + - configmaps + verbs: + - list + - get + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-webhooks-extension-minimal-cluster-powers +rules: +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + - watch +- apiGroups: + - tekton.dev + resources: + - pipelines + - pipelineruns + verbs: + - get + - list + - watch +- apiGroups: + - triggers.tekton.dev + resources: + - pipelines + - pipelineruns + - tasks + - taskruns + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-webhooks-extension-minimal + namespace: tekton-pipelines +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: tekton-webhooks-extension-minimal +subjects: +- kind: ServiceAccount + name: tekton-webhooks-extension + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-webhooks-extension-eventlistener-minimal +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-triggers-minimal +subjects: +- kind: ServiceAccount + name: tekton-webhooks-extension-eventlistener + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-webhooks-extension-minimal-cluster-powers +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-webhooks-extension-minimal-cluster-powers +subjects: +- kind: ServiceAccount + name: tekton-webhooks-extension + namespace: tekton-pipelines +--- +apiVersion: v1 +kind: Service +metadata: + name: tekton-webhooks-extension-validator + namespace: tekton-pipelines +spec: + ports: + - port: 80 + protocol: TCP + targetPort: 8080 + selector: + app: tekton-webhooks-extension-validator + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + tekton-dashboard-bundle-location: web/extension.c591f714.js + tekton-dashboard-display-name: Webhooks + tekton-dashboard-endpoints: webhooks.web + labels: + app: webhooks-extension + tekton-dashboard-extension: "true" + name: webhooks-extension + namespace: tekton-pipelines +spec: + ports: + - port: 8080 + targetPort: 8080 + selector: + app: webhooks-extension + type: NodePort +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-webhooks-extension-validator + namespace: tekton-pipelines +spec: + replicas: 1 + selector: + matchLabels: + app: tekton-webhooks-extension-validator + template: + metadata: + labels: + app: tekton-webhooks-extension-validator + spec: + containers: + - env: + - name: INSTALLED_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/tekton-releases/github.com/tektoncd/experimental/webhooks-extension/cmd/interceptor@sha256:657d40a9116ef0b6f886f94fa7980755e3267dd34017f2fd9b713b63ddfc0d55 + name: validate + serviceAccountName: tekton-webhooks-extension +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: webhooks-extension + name: webhooks-extension + namespace: tekton-pipelines +spec: + replicas: 1 + selector: + matchLabels: + app: webhooks-extension + template: + metadata: + labels: + app: webhooks-extension + spec: + containers: + - env: + - name: PORT + value: "8080" + - name: INSTALLED_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: DOCKER_REGISTRY_LOCATION + value: DOCKER_REPO + - name: WEB_RESOURCES_DIR + value: web + - name: WEBHOOK_CALLBACK_URL + value: http://listener.IPADDRESS.nip.io + - name: SSL_VERIFICATION_ENABLED + value: "false" + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + image: gcr.io/tekton-releases/github.com/tektoncd/experimental/webhooks-extension/cmd/extension@sha256:e7bcffbd2db6b874dbb4b4e71fc0c089acf7ccb803df896d9592063b649ac292 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /liveness + port: 8080 + name: webhooks-extension + ports: + - containerPort: 8080 + readinessProbe: + httpGet: + path: /readiness + port: 8080 + serviceAccountName: tekton-webhooks-extension +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: monitor-task + namespace: tekton-pipelines +spec: + params: + - description: The statuses url + name: statusesurl + type: string + - default: Success + description: The text to use in the situation where a PipelineRun has succeeded. + name: commentsuccess + type: string + - default: Failed + description: The text to use in the situation where a PipelineRun has failed. + name: commentfailure + type: string + - default: Unknown + description: The text to use in the situation where a PipelineRun has timed out. + name: commenttimeout + type: string + - default: Missing + description: The text to use in the situation where a PipelineRun cannot be found. + name: commentmissing + type: string + - default: http://localhost:9097/ + description: The URL to the PipelineRuns page of the dashboard + name: dashboard-url + type: string + - default: github + description: The Git provider ("github" or "gitlab") + name: provider + type: string + - description: The Git API URL for the repository + name: apiurl + type: string + - default: "false" + description: Whether or not to verify SSL Certificates from the git server ("true" + or "false") + name: insecure-skip-tls-verify + type: string + - description: The secret containing the access token to access the git server + name: secret + type: string + resources: + inputs: + - name: pull-request + type: pullRequest + outputs: + - name: pull-request + type: pullRequest + steps: + - args: + - -ce + - "set -e\ncat < 0:\n for missingRun + in missingRuns:\n pr = missingRun[\"metadata\"][\"name\"]\n namespace + = missingRun[\"metadata\"][\"namespace\"]\n pipeline = missingRun[\"spec\"][\"pipelineRef\"][\"name\"]\n + \ link = pipelineRunURLPrefix + \"/#/namespaces/\" + namespace + \"/pipelineruns/\"\n + \ data = \"[**$COMMENT_MISSING**](\" + link + \") | \" + pipeline + \" + | \" + pr + \" | \" + namespace\n if data not in runsMissing:\n # + Don't add duplicates. Fear not, once this run is found it'll be removed\n runsMissing.append(data)\n + \ if len(found_runs) > 0:\n for entry in found_runs:\n pr = entry[\"metadata\"][\"name\"]\n + \ namespace = entry[\"metadata\"][\"namespace\"]\n pipeline = entry[\"spec\"][\"pipelineRef\"][\"name\"]\n + \ link = pipelineRunURLPrefix + \"/#/namespaces/\" + namespace + \"/pipelineruns/\" + + pr\n missingLink = pipelineRunURLPrefix + \"/#/namespaces/\" + namespace + + \"/pipelineruns/\"\n missingDataEntry = \"[**$COMMENT_MISSING**](\" + + missingLink + \") | \" + pipeline + \" | \" + pr + \" | \" + namespace\n if + missingDataEntry in runsMissing:\n runsMissing.remove(missingDataEntry)\n + \ print(\"Checking PipelineRun \" + pr + \" in namespace \" + namespace)\n + \ if entry[\"status\"][\"conditions\"][0][\"status\"] == u'True' and entry[\"status\"][\"conditions\"][0][\"type\"] + == u'Succeeded':\n print(\"Success - pipelinerun \" + pr + \" in namespace + \" + namespace)\n runsPassed.append(\"[**$COMMENT_SUCCESS**](\" + link + + \") | \" + pipeline + \" | \" + pr + \" | \" + namespace)\n continue\n + \ if entry[\"status\"][\"conditions\"][0][\"status\"] == u'False' and + entry[\"status\"][\"conditions\"][0][\"type\"] == u'Succeeded':\n failed + =+ 1\n print(\"Failed - PipelineRun \" + pr + \" in namespace \" + + namespace)\n runsFailed.append(\"[**$COMMENT_FAILURE**](\" + link + + \") | \" + pipeline + \" | \" + pr + \" | \" + namespace)\n continue\n + \ link = pipelineRunURLPrefix + \"/#/namespaces/\" + namespace + \"/pipelineruns/\" + + pr\n runsIncomplete.append(\"[**$COMMENT_TIMEOUT**](\" + link + \") + | \" + pipeline + \" | \" + pr + \" | \" + namespace)\n if len(runsIncomplete) + == 0:\n break\n else:\n break\ngitPRdescription = \"All pipelines + succeeded!\"\ngitPRcode = \"success\"\nif failed > 0:\n gitPRdescription = + str(failed) + \" pipeline(s) failed!\"\n gitPRcode = \"failure\"\nif len(runsMissing) + > 0:\n gitPRdescription = \"Pipeline(s) missing!\"\n gitPRcode = \"failure\"\nif + len(runsIncomplete) > 0:\n print(\"Some PipelineRuns had not completed when + the monitor reached its timeout\")\n gitPRdescription = \"timed out monitoring + PipelineRuns\"\n gitPRcode = \"error\"\n\nresults = runsPassed + runsFailed + + runsIncomplete + runsMissing\n\nif (results == []):\n gitPRdescription = + \"No PipelineRuns were ever found for my PullRequest!\"\n gitPRcode = \"error\"\n + \ data = \"**$COMMENT_MISSING** | N/A | No PipelineRuns were ever detected, + failing the build | N/A\"\n runsMissing.append(data) \n \n results + = runsMissing\n\ncomment = (\"## Tekton Status Report \\n\\n\"\n \"Status + | Pipeline | PipelineRun | Namespace\\n\"\n \":----- | :------- | + :--------------- | :--------\\n\"\n ) + \"\\n\".join(results)\n\nshutil.copyfile(\"/workspace/pull-request/pr.json\",\"/workspace/output/pull-request/pr.json\")\n# + Preserve existing comments\nshutil.copytree(\"/workspace/pull-request/comments\",\"/workspace/output/pull-request/comments\")\nhandle + = open(\"/workspace/output/pull-request/comments/newcomment.json\", 'w')\nhandle.write(comment)\nhandle.close()\nif + not \"$URL\".startswith(\"http\"):\n detailsURL = \"http://\" + \"$URL\" + + \"/#/pipelineruns\"\nelse:\n detailsURL = \"$URL\" + \"/#/pipelineruns\"\nprint(\"Set + details url to \" + detailsURL)\nstatus = json.dumps(dict(Label=gitPRcontext,state=gitPRcode,Desc=gitPRdescription,Target=detailsURL))\nprint(\"Setting + status to \" + status)\nif not os.path.exists(\"/workspace/output/pull-request/status\"):\n + \ os.makedirs(\"/workspace/output/pull-request/status\")\nhandle = open(\"/workspace/output/pull-request/status/Tekton.json\", + 'w')\nhandle.write(status)\nhandle.close()\nif not os.path.exists(\"/workspace/output/pull-request/labels\"):\n + \ shutil.copytree(\"/workspace/pull-request/labels\",\"/workspace/output/pull-request/labels\")\nshutil.copyfile(\"/workspace/pull-request/base.json\",\"/workspace/output/pull-request/base.json\") + \nshutil.copyfile(\"/workspace/pull-request/head.json\",\"/workspace/output/pull-request/head.json\")\nEOF\n" + command: + - /bin/bash + env: + - name: EVENTID + valueFrom: + fieldRef: + fieldPath: metadata.labels['triggers.tekton.dev/triggers-eventid'] + - name: COMMENT_SUCCESS + value: $(inputs.params.commentsuccess) + - name: COMMENT_FAILURE + value: $(inputs.params.commentfailure) + - name: COMMENT_TIMEOUT + value: $(inputs.params.commenttimeout) + - name: COMMENT_MISSING + value: $(inputs.params.commentmissing) + - name: URL + value: $(inputs.params.dashboard-url) + - name: STATUSES_URL + value: $(inputs.params.statusesurl) + - name: GITPROVIDER + value: $(inputs.params.provider) + - name: GITAPIURL + value: $(inputs.params.apiurl) + - name: SKIPSSLVERIFY + value: $(inputs.params.insecure-skip-tls-verify) + - name: GITTOKEN + valueFrom: + secretKeyRef: + key: accessToken + name: $(inputs.params.secret) + image: maiwj/kubernetes-python-client@sha256:74a868a0dff5c8ada64472db3efd09d205d4f877d14d2d3226511adbb25cfea3 + name: check +--- +apiVersion: triggers.tekton.dev/v1alpha1 +kind: TriggerBinding +metadata: + name: monitor-task-github-binding + namespace: tekton-pipelines +spec: + params: + - name: pullrequesturl + value: $(body.pull_request.html_url) + - name: statusesurl + value: $(body.pull_request.statuses_url) +--- +apiVersion: triggers.tekton.dev/v1alpha1 +kind: TriggerBinding +metadata: + name: monitor-task-gitlab-binding + namespace: tekton-pipelines +spec: + params: + - name: pullrequesturl + value: $(body.object_attributes.url) + - name: statusesurl + value: projects/$(body.project.id)/statuses/$(body.object_attributes.last_commit.id) +--- +apiVersion: triggers.tekton.dev/v1alpha1 +kind: TriggerTemplate +metadata: + name: monitor-task-template + namespace: tekton-pipelines +spec: + params: + - description: The pull request url + name: pullrequesturl + type: string + - description: The statuses url + name: statusesurl + type: string + - default: github-secrets + description: The git secret name + name: gitsecretname + type: string + - default: token + description: The git secret key name + name: gitsecretkeyname + type: string + - default: Success + description: The text of the success comment + name: commentsuccess + type: string + - default: Failed + description: The text of the failure comment + name: commentfailure + type: string + - default: Unknown + description: The text of the timeout comment + name: commenttimeout + type: string + - default: Missing + description: The text of the missing comment + name: commentmissing + type: string + - default: http://localhost:9097/ + description: The URL to the pipelineruns page of the dashboard + name: dashboardurl + type: string + - default: github + description: The git provider, "github" or "gitlab" + name: provider + type: string + - default: "" + description: The git api URL for the repository + name: apiurl + type: string + - default: "false" + description: Whether or not to skip SSL validation of certificates ("true" or + "false") + name: insecure-skip-tls-verify + type: string + resourcetemplates: + - apiVersion: tekton.dev/v1alpha1 + kind: PipelineResource + metadata: + name: pull-request-$(uid) + namespace: tekton-pipelines + spec: + params: + - name: url + value: $(params.pullrequesturl) + - name: insecure-skip-tls-verify + value: $(params.insecure-skip-tls-verify) + secrets: + - fieldName: authToken + secretKey: $(params.gitsecretkeyname) + secretName: $(params.gitsecretname) + type: pullRequest + - apiVersion: tekton.dev/v1beta1 + kind: TaskRun + metadata: + generateName: monitor-taskrun- + namespace: tekton-pipelines + spec: + params: + - name: commentsuccess + value: $(params.commentsuccess) + - name: commentfailure + value: $(params.commentfailure) + - name: commenttimeout + value: $(params.commenttimeout) + - name: dashboard-url + value: $(params.dashboardurl) + - name: secret + value: $(params.gitsecretname) + - name: statusesurl + value: $(params.statusesurl) + - name: provider + value: $(params.provider) + - name: apiurl + value: $(params.apiurl) + - name: insecure-skip-tls-verify + value: $(params.insecure-skip-tls-verify) + resources: + inputs: + - name: pull-request + resourceRef: + name: pull-request-$(uid) + outputs: + - name: pull-request + resourceRef: + name: pull-request-$(uid) + serviceAccountName: tekton-webhooks-extension + taskRef: + name: monitor-task + +--- diff --git a/tekton/1-Install/4-dashboard.yaml b/tekton/1-Install/4-dashboard.yaml new file mode 100644 index 0000000..4a5e5a0 --- /dev/null +++ b/tekton/1-Install/4-dashboard.yaml @@ -0,0 +1,409 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: extensions.dashboard.tekton.dev +spec: + group: dashboard.tekton.dev + names: + categories: + - tekton + - tekton-dashboard + kind: Extension + plural: extensions + scope: Namespaced + subresources: + status: {} + version: v1alpha1 +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: tekton-dashboard + name: tekton-dashboard + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-dashboard-minimal + namespace: tekton-pipelines +rules: +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - update + - patch +- apiGroups: + - "" + resources: + - pods + - services + verbs: + - create + - update + - delete + - patch +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - create + - update + - delete +- apiGroups: + - extensions + - apps + resources: + - deployments + verbs: + - create + - update + - delete + - patch +- apiGroups: + - tekton.dev + resources: + - tasks + - clustertasks + - taskruns + - pipelines + - pipelineruns + - pipelineresources + - conditions + verbs: + - create + - update + - delete + - patch +- apiGroups: + - tekton.dev + resources: + - taskruns/finalizers + - pipelineruns/finalizers + verbs: + - create + - update + - delete + - patch +- apiGroups: + - tekton.dev + resources: + - tasks/status + - clustertasks/status + - taskruns/status + - pipelines/status + - pipelineruns/status + verbs: + - create + - update + - delete + - patch +- apiGroups: + - dashboard.tekton.dev + resources: + - extensions + verbs: + - create + - update + - delete + - patch +- apiGroups: + - triggers.tekton.dev + resources: + - clustertriggerbindings + - eventlisteners + - triggerbindings + - triggertemplates + verbs: + - create + - update + - delete + - patch + - add +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list +- apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - use +- apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - get + - list +- apiGroups: + - extensions + - apps + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods/log + - namespaces + - events + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - extensions + - apps + resources: + - deployments + verbs: + - get + - list + - watch +- apiGroups: + - tekton.dev + resources: + - tasks + - clustertasks + - taskruns + - pipelines + - pipelineruns + - pipelineresources + - conditions + verbs: + - get + - list + - watch +- apiGroups: + - tekton.dev + resources: + - taskruns/finalizers + - pipelineruns/finalizers + verbs: + - get + - list + - watch +- apiGroups: + - tekton.dev + resources: + - tasks/status + - clustertasks/status + - taskruns/status + - pipelines/status + - pipelineruns/status + verbs: + - get + - list + - watch +- apiGroups: + - dashboard.tekton.dev + resources: + - extensions + verbs: + - get + - list + - watch +- apiGroups: + - triggers.tekton.dev + resources: + - clustertriggerbindings + - eventlisteners + - triggerbindings + - triggertemplates + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-dashboard-minimal +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-dashboard-minimal +subjects: +- kind: ServiceAccount + name: tekton-dashboard + namespace: tekton-pipelines +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: tekton-dashboard + dashboard.tekton.dev/release: v0.6.1 + version: v0.6.1 + name: tekton-dashboard + namespace: tekton-pipelines +spec: + ports: + - name: http + port: 9097 + protocol: TCP + targetPort: 9097 + selector: + app: tekton-dashboard +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: tekton-dashboard + dashboard.tekton.dev/release: v0.6.1 + version: v0.6.1 + name: tekton-dashboard + namespace: tekton-pipelines +spec: + replicas: 1 + selector: + matchLabels: + app: tekton-dashboard + template: + metadata: + labels: + app: tekton-dashboard + name: tekton-dashboard + spec: + containers: + - env: + - name: PORT + value: "9097" + - name: READ_ONLY + value: "false" + - name: WEB_RESOURCES_DIR + value: /var/run/ko/web + - name: PIPELINE_RUN_SERVICE_ACCOUNT + value: "" + - name: INSTALLED_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard@sha256:de969ff4ced12c94701bd039137edf5fc66bbc5ccd19f09324c1d7fcfc47e5f1 + livenessProbe: + httpGet: + path: /health + port: 9097 + name: tekton-dashboard + ports: + - containerPort: 9097 + readinessProbe: + httpGet: + path: /readiness + port: 9097 + serviceAccountName: tekton-dashboard +--- +apiVersion: tekton.dev/v1beta1 +kind: Pipeline +metadata: + name: pipeline0 + namespace: tekton-pipelines +spec: + params: + - default: /workspace/git-source + description: The path to the resource files to apply + name: pathToResourceFiles + type: string + - default: . + description: The directory from which resources are to be applied + name: apply-directory + type: string + - default: tekton-pipelines + description: The namespace in which to create the resources being imported + name: target-namespace + type: string + resources: + - name: git-source + type: git + tasks: + - name: pipeline0-task + params: + - name: pathToResourceFiles + value: $(params.pathToResourceFiles) + - name: apply-directory + value: $(params.apply-directory) + - name: target-namespace + value: $(params.target-namespace) + resources: + inputs: + - name: git-source + resource: git-source + taskRef: + name: pipeline0-task +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: pipeline0-task + namespace: tekton-pipelines +spec: + params: + - default: /workspace/git-source + description: The path to the resource files to apply + name: pathToResourceFiles + type: string + - default: . + description: The directory from which resources are to be applied + name: apply-directory + type: string + - default: tekton-pipelines + description: The namespace where created resources will go + name: target-namespace + type: string + resources: + inputs: + - name: git-source + type: git + steps: + - args: + - apply + - -f + - $(inputs.params.pathToResourceFiles)/$(inputs.params.apply-directory) + - -n + - $(inputs.params.target-namespace) + command: + - kubectl + image: lachlanevenson/k8s-kubectl@sha256:9713d6c1c6d83bdd4b3744d295fd0efce8f6cc149eb3083e86ae0911aa52ee73 + name: kubectl-apply + +--- diff --git a/tekton/2-Setup/docker-creds.yaml b/tekton/2-Setup/docker-creds.yaml new file mode 100644 index 0000000..7d3f712 --- /dev/null +++ b/tekton/2-Setup/docker-creds.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + name: docker-creds + namespace: tekton-pipelines + annotations: + kube-1password: kgpbumszi4stqgyzg4kqrttxam + kube-1password/vault: Kubernetes + tekton.dev/docker-0: https://docker.cloud.cluster.fun/averagemarcus +type: kubernetes.io/basic-auth + diff --git a/tekton/2-Setup/eventlistener-rbac.yaml b/tekton/2-Setup/eventlistener-rbac.yaml new file mode 100644 index 0000000..f60f99a --- /dev/null +++ b/tekton/2-Setup/eventlistener-rbac.yaml @@ -0,0 +1,39 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: eventlistener + namespace: tekton-pipelines + +--- + +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: eventlistener + namespace: tekton-pipelines +rules: +- apiGroups: ["triggers.tekton.dev"] + resources: ["eventlisteners", "triggerbindings", "triggertemplates"] + verbs: ["get"] +- apiGroups: [""] + resources: ["configmaps", "secrets", "serviceaccounts"] + verbs: ["get", "list", "watch"] +- apiGroups: ["tekton.dev"] + resources: ["pipelineruns", "pipelineresources", "taskruns"] + verbs: ["create"] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: eventlistener + namespace: tekton-pipelines +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: eventlistener +subjects: +- kind: ServiceAccount + name: eventlistener + namespace: tekton-pipelines diff --git a/tekton/2-Setup/gitea-creds.yaml b/tekton/2-Setup/gitea-creds.yaml new file mode 100644 index 0000000..e21f62e --- /dev/null +++ b/tekton/2-Setup/gitea-creds.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Secret +metadata: + name: gitea-access-token + namespace: tekton-pipelines + annotations: + kube-1password: u45tpgj33bnxl6iz3kwgaf44va + kube-1password/vault: Kubernetes + kube-1password/password-key: access-token +type: Opaque + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: gitea-creds + annotations: + kube-1password: 3jgo56jlsrdxilf2vdp5zsw6lq + kube-1password/vault: Kubernetes + tekton.dev/git-0: https://git.cloud.cluster.fun +type: kubernetes.io/basic-auth diff --git a/tekton/2-Setup/serviceaccounts.yaml b/tekton/2-Setup/serviceaccounts.yaml new file mode 100644 index 0000000..2975e65 --- /dev/null +++ b/tekton/2-Setup/serviceaccounts.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: deploy-project + namespace: tekton-pipelines +secrets: + - name: docker-creds + - name: gitea-creds + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pr-project + namespace: tekton-pipelines +secrets: + - name: docker-creds + - name: gitea-creds diff --git a/tekton/README.md b/tekton/README.md new file mode 100644 index 0000000..31c4952 --- /dev/null +++ b/tekton/README.md @@ -0,0 +1,32 @@ +# tekton-cicd + +## Features + +- Install Tekton along with Triggers, Webhook support and the dashboard +- Configures an eventlistener for Gitea +- Defines standard PR and Deploy pipelines + +## Install + +```sh +kubectl apply --recursive -f ./ +``` + +## Custom Docker images used + +### gitea-pr-state + +`docker pull docker.cloud.cluster.fun/averagemarcus/gitea-pr-state:latest` + +> Sets the state of a commit in Gitea. This is used to set the CI status to pending or success on the PR. + +### ci-builder + +`docker pull docker.cloud.cluster.fun/averagemarcus/ci-builder:latest` + +> Used as a general-purpose Docker image with many common build tools included. This is used for running `make test` and `make build` without needing specific CI images for each project. + +## Resources + +- [Tekton](https://tekton.dev/) +- [Tekton Docs](https://tekton.dev/docs/) diff --git a/tekton/bindings/gitea.yaml b/tekton/bindings/gitea.yaml new file mode 100644 index 0000000..6666741 --- /dev/null +++ b/tekton/bindings/gitea.yaml @@ -0,0 +1,19 @@ +apiVersion: triggers.tekton.dev/v1alpha1 +kind: TriggerBinding +metadata: + name: gitea-binding + namespace: tekton-pipelines +spec: + params: + - name: gitrevision + value: $(body.commit_sha) + - name: gitref + value: $(body.ref) + - name: gitrepositoryurl + value: $(body.repository.html_url) + - name: gitbranch + value: $(body.branch) + - name: projectname + value: $(body.repository.name) + - name: isprivate + value: $(body.repository.private) diff --git a/tekton/conditions/has-makefile.yaml b/tekton/conditions/has-makefile.yaml new file mode 100644 index 0000000..b3e59b0 --- /dev/null +++ b/tekton/conditions/has-makefile.yaml @@ -0,0 +1,12 @@ +apiVersion: tekton.dev/v1alpha1 +kind: Condition +metadata: + name: has-makefile + namespace: tekton-pipelines +spec: + resources: + - name: src + type: git + check: + image: alpine + script: 'test -f $(resources.src.path)/Makefile' diff --git a/tekton/conditions/public-project.yaml b/tekton/conditions/public-project.yaml new file mode 100644 index 0000000..1b8fc42 --- /dev/null +++ b/tekton/conditions/public-project.yaml @@ -0,0 +1,11 @@ +apiVersion: tekton.dev/v1alpha1 +kind: Condition +metadata: + name: is-public-project + namespace: tekton-pipelines +spec: + params: + - name: isprivate + check: + image: alpine + script: 'test $(params.isprivate) == false' diff --git a/tekton/eventlisteners/webhook.yaml b/tekton/eventlisteners/webhook.yaml new file mode 100644 index 0000000..d482441 --- /dev/null +++ b/tekton/eventlisteners/webhook.yaml @@ -0,0 +1,51 @@ +apiVersion: triggers.tekton.dev/v1alpha1 +kind: EventListener +metadata: + name: webhook-listener + namespace: tekton-pipelines +spec: + serviceAccountName: eventlistener + triggers: + - name: pull-request + interceptors: + - cel: + filter: "header.match('X-GitHub-Event', 'pull_request') && body.action != 'closed'" + overlays: + - key: commit_sha + expression: "body.pull_request.head.sha" + - key: branch + expression: "body.pull_request.head.ref" + - key: ref + expression: "body.pull_request.head.ref" + bindings: + - name: gitea-binding + template: + name: pr-project + - name: deploy-master + interceptors: + - cel: + filter: "header.match('X-GitHub-Event', 'push') && split(body.ref, '/')[2] == body.repository.default_branch" + overlays: + - key: commit_sha + expression: "body.after" + - key: branch + expression: "split(body.ref, '/')[2]" + - key: ref + expression: "body.ref" + bindings: + - name: gitea-binding + template: + name: deploy-project + - name: tag + interceptors: + - cel: + filter: "header.match('X-GitHub-Event', 'create') && body.ref_type == 'tag'" + overlays: + - key: commit_sha + expression: "body.sha" + - key: ref + expression: "body.ref" + bindings: + - name: gitea-binding + template: + name: project-tag diff --git a/tekton/pipelines/deploy.yaml b/tekton/pipelines/deploy.yaml new file mode 100644 index 0000000..31f27d0 --- /dev/null +++ b/tekton/pipelines/deploy.yaml @@ -0,0 +1,77 @@ +apiVersion: tekton.dev/v1beta1 +kind: Pipeline +metadata: + name: deploy-project + namespace: tekton-pipelines +spec: + params: + - name: gitbranch + type: string + - name: gitrevision + type: string + - name: projectname + type: string + - name: isprivate + default: "true" + type: string + - name: dockerregistry + type: string + description: The Docker registry to push images to + default: docker.cloud.cluster.fun/private + - name: publicdockerregistry + type: string + description: The Docker registry to push images to + default: docker.cloud.cluster.fun/averagemarcus + - name: imagetag + type: string + description: The Docker image tag + default: latest + resources: + - name: git-source + type: git + tasks: + - name: build-and-publish-latest + taskRef: + name: docker-build-and-publish + params: + - name: IMAGE + value: $(params.dockerregistry)/$(params.projectname):$(params.imagetag) + resources: + inputs: + - name: src + resource: git-source + - name: build-and-publish-sha + taskRef: + name: docker-build-and-publish + params: + - name: IMAGE + value: $(params.dockerregistry)/$(params.projectname):$(params.gitrevision) + resources: + inputs: + - name: src + resource: git-source + - name: build-and-publish-public + conditions: + - conditionRef: is-public-project + params: + - name: isprivate + value: $(params.isprivate) + taskRef: + name: docker-build-and-publish + params: + - name: IMAGE + value: $(params.publicdockerregistry)/$(params.projectname):$(params.imagetag) + resources: + inputs: + - name: src + resource: git-source + - name: make-release + taskRef: + name: make + params: + - name: TARGET + value: "release" + resources: + inputs: + - name: src + resource: git-source diff --git a/tekton/pipelines/pr.yaml b/tekton/pipelines/pr.yaml new file mode 100644 index 0000000..4ffa23f --- /dev/null +++ b/tekton/pipelines/pr.yaml @@ -0,0 +1,91 @@ +apiVersion: tekton.dev/v1beta1 +kind: Pipeline +metadata: + name: pr-project + namespace: tekton-pipelines +spec: + params: + - name: gitbranch + type: string + - name: gitrevision + type: string + - name: projectname + type: string + resources: + - name: git-source + type: git + tasks: + - name: pr-start + taskRef: + name: pr-status + params: + - name: REPO + value: $(params.projectname) + - name: SHA + value: $(params.gitrevision) + - name: STATE + value: "pending" + - name: make-test + # TODO: Re-enable when conditionals can result in skipped rather than failure + # conditions: + # - conditionRef: has-makefile + # resources: + # - name: src + # resource: git-source + taskRef: + name: make + params: + - name: TARGET + value: "test" + resources: + inputs: + - name: src + resource: git-source + - name: make-build + # TODO: Re-enable when conditionals can result in skipped rather than failure + # conditions: + # - conditionRef: has-makefile + # resources: + # - name: src + # resource: git-source + taskRef: + name: make + params: + - name: TARGET + value: "build" + resources: + inputs: + - name: src + resource: git-source + - name: make-ci + # TODO: Re-enable when conditionals can result in skipped rather than failure + # conditions: + # - conditionRef: has-makefile + # resources: + # - name: src + # resource: git-source + taskRef: + name: make + params: + - name: TARGET + value: "ci" + resources: + inputs: + - name: src + resource: git-source + - name: pr-end + taskRef: + name: pr-status + runAfter: + - pr-start + - make-test + - make-build + - make-ci + params: + - name: REPO + value: $(params.projectname) + - name: SHA + value: $(params.gitrevision) + - name: STATE + value: "success" + diff --git a/tekton/pipelines/tag.yaml b/tekton/pipelines/tag.yaml new file mode 100644 index 0000000..f95728f --- /dev/null +++ b/tekton/pipelines/tag.yaml @@ -0,0 +1,53 @@ +apiVersion: tekton.dev/v1beta1 +kind: Pipeline +metadata: + name: project-tag + namespace: tekton-pipelines +spec: + params: + - name: projectname + type: string + - name: isprivate + default: "true" + type: string + - name: dockerregistry + type: string + description: The Docker registry to push images to + default: docker.cloud.cluster.fun/private + - name: publicdockerregistry + type: string + description: The Docker registry to push images to + default: docker.cloud.cluster.fun/averagemarcus + - name: imagetag + type: string + description: The Docker image tag + default: latest + resources: + - name: git-source + type: git + tasks: + - name: build-and-publish-tag + taskRef: + name: docker-build-and-publish + params: + - name: IMAGE + value: $(params.dockerregistry)/$(params.projectname):$(params.imagetag) + resources: + inputs: + - name: src + resource: git-source + - name: build-and-publish-tag-public + conditions: + - conditionRef: is-public-project + params: + - name: isprivate + value: $(params.isprivate) + taskRef: + name: docker-build-and-publish + params: + - name: IMAGE + value: $(params.publicdockerregistry)/$(params.projectname):$(params.imagetag) + resources: + inputs: + - name: src + resource: git-source diff --git a/tekton/tasks/docker-build-and-publish.yaml b/tekton/tasks/docker-build-and-publish.yaml new file mode 100644 index 0000000..f467243 --- /dev/null +++ b/tekton/tasks/docker-build-and-publish.yaml @@ -0,0 +1,45 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: docker-build-and-publish + namespace: tekton-pipelines +spec: + params: + - name: DOCKERFILE + type: string + description: The path to the dockerfile to build + default: /Dockerfile + - name: CONTEXT + type: string + description: The build context used by Docker. + default: ./ + - name: IMAGE + type: string + description: Name (reference) of the image to build. + - name: EXTRA_ARGS + type: string + default: "" + resources: + inputs: + - name: src + type: git + results: + - name: IMAGE_DIGEST + description: Digest of the image just built. + steps: + - name: build-and-push + workingDir: /workspace/src + image: gcr.io/kaniko-project/executor:latest + env: + - name: DOCKER_CONFIG + value: /tekton/home/.docker + command: + - /kaniko/executor + - $(params.EXTRA_ARGS) + - --dockerfile=/workspace/src/$(params.DOCKERFILE) + - --context=/workspace/src/$(params.CONTEXT) + - --destination=$(params.IMAGE) + - --oci-layout-path=/workspace/src/image-digest + - --digest-file=/tekton/results/IMAGE_DIGEST + securityContext: + runAsUser: 0 diff --git a/tekton/tasks/kubectl-apply-files.yaml b/tekton/tasks/kubectl-apply-files.yaml new file mode 100644 index 0000000..8aea5f1 --- /dev/null +++ b/tekton/tasks/kubectl-apply-files.yaml @@ -0,0 +1,14 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: kubectl-apply-files + namespace: tekton-pipelines +spec: + params: + - name: DIRECTORY + description: Directory of kubernetes manifest files + steps: + - name: kubectl-apply + image: gcr.io/cloud-builders/kubectl + script: | + kubectl apply --recursive -f $(params.DIRECTORY) diff --git a/tekton/tasks/kubectl-apply-inline.yaml b/tekton/tasks/kubectl-apply-inline.yaml new file mode 100644 index 0000000..ff83bee --- /dev/null +++ b/tekton/tasks/kubectl-apply-inline.yaml @@ -0,0 +1,14 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: kubectl-apply-inline + namespace: tekton-pipelines +spec: + params: + - name: MANIFEST + description: Content of the resource to deploy + steps: + - name: kubectl-apply + image: gcr.io/cloud-builders/kubectl + script: | + echo "$(params.MANIFEST)" | kubectl apply -f - diff --git a/tekton/tasks/kubectl-patch-image.yaml b/tekton/tasks/kubectl-patch-image.yaml new file mode 100644 index 0000000..869b919 --- /dev/null +++ b/tekton/tasks/kubectl-patch-image.yaml @@ -0,0 +1,25 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: kubectl-patch-image + namespace: tekton-pipelines +spec: + params: + - name: NAMESPACE + default: "default" + description: The namespace the kubernetes resource is in + - name: RESOURCE_TYPE + default: "deployment" + description: The type of Kubernetes resource + - name: NAME + description: The name of the resource + - name: CONTAINER_NAME + description: The name of the container to patch + default: "*" # defaults to updating _all_ containers + - name: IMAGE + description: The new image to use + steps: + - name: kubectl-patch-image + image: gcr.io/cloud-builders/kubectl + script: | + kubectl --namespace $(params.NAMESPACE) set image $(params.RESOURCE_TYPE) $(params.NAME) $(params.CONTAINER_NAME)=$(params.IMAGE) diff --git a/tekton/tasks/make.yaml b/tekton/tasks/make.yaml new file mode 100644 index 0000000..9fb0550 --- /dev/null +++ b/tekton/tasks/make.yaml @@ -0,0 +1,19 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: make + namespace: tekton-pipelines +spec: + params: + - name: TARGET + description: The make target to run + resources: + inputs: + - name: src + type: git + steps: + - name: make + workingDir: /workspace/src + image: docker.cloud.cluster.fun/averagemarcus/ci-builder:latest + script: | + make --dry-run -t $(params.TARGET) &> /dev/null && make $(params.TARGET) || echo "No '$(params.TARGET)' target found, skipping" diff --git a/tekton/tasks/pr-status.yaml b/tekton/tasks/pr-status.yaml new file mode 100644 index 0000000..ecb35b4 --- /dev/null +++ b/tekton/tasks/pr-status.yaml @@ -0,0 +1,27 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: pr-status + namespace: tekton-pipelines +spec: + params: + - name: REPO + description: The name of the repo + - name: SHA + description: The git SHA to update the status of + - name: STATE + description: The state to set the status to (pending, success, error, failure or warning) + default: "pending" + steps: + - name: pr-status-update + image: docker.cloud.cluster.fun/averagemarcus/gitea-pr-state:latest + env: + - name: ACCESS_TOKEN + valueFrom: + secretKeyRef: + name: gitea-access-token + key: access-token + args: + - "$(params.REPO)" + - "$(params.SHA)" + - "$(params.STATE)" diff --git a/tekton/triggertemplates/deploy.yaml b/tekton/triggertemplates/deploy.yaml new file mode 100644 index 0000000..b679f09 --- /dev/null +++ b/tekton/triggertemplates/deploy.yaml @@ -0,0 +1,49 @@ +apiVersion: triggers.tekton.dev/v1alpha1 +kind: TriggerTemplate +metadata: + name: deploy-project + namespace: tekton-pipelines +spec: + params: + - name: gitrevision + description: The git revision + - name: gitrepositoryurl + description: The git repository url + - name: gitbranch + description: The branch of the PR + - name: gitref + description: The ref of the PR + - name: projectname + description: The name of the git project + - name: isprivate + description: If the git project is set to private + default: "true" + resourcetemplates: + - apiVersion: tekton.dev/v1beta1 + kind: PipelineRun + metadata: + generateName: deploy-project- + spec: + pipelineRef: + name: deploy-project + serviceAccountName: deploy-project + params: + - name: gitbranch + value: $(params.gitbranch) + - name: gitref + value: $(params.gitref) + - name: gitrevision + value: $(params.gitrevision) + - name: projectname + value: $(params.projectname) + - name: isprivate + value: $(params.isprivate) + resources: + - name: git-source + resourceSpec: + type: git + params: + - name: revision + value: $(params.gitrevision) + - name: url + value: $(params.gitrepositoryurl) diff --git a/tekton/triggertemplates/pr.yaml b/tekton/triggertemplates/pr.yaml new file mode 100644 index 0000000..61c5ea3 --- /dev/null +++ b/tekton/triggertemplates/pr.yaml @@ -0,0 +1,42 @@ +apiVersion: triggers.tekton.dev/v1alpha1 +kind: TriggerTemplate +metadata: + name: pr-project + namespace: tekton-pipelines +spec: + params: + - name: gitrevision + description: The git revision + - name: gitrepositoryurl + description: The git repository url + - name: gitbranch + description: The branch of the PR + - name: gitref + description: The ref of the PR + - name: projectname + description: The name of the git project + resourcetemplates: + - apiVersion: tekton.dev/v1beta1 + kind: PipelineRun + metadata: + generateName: pr-project- + spec: + pipelineRef: + name: pr-project + serviceAccountName: pr-project + params: + - name: gitbranch + value: $(params.gitbranch) + - name: gitrevision + value: $(params.gitrevision) + - name: projectname + value: $(params.projectname) + resources: + - name: git-source + resourceSpec: + type: git + params: + - name: revision + value: $(params.gitrevision) + - name: url + value: $(params.gitrepositoryurl) diff --git a/tekton/triggertemplates/tag.yaml b/tekton/triggertemplates/tag.yaml new file mode 100644 index 0000000..b67d35f --- /dev/null +++ b/tekton/triggertemplates/tag.yaml @@ -0,0 +1,51 @@ +apiVersion: triggers.tekton.dev/v1alpha1 +kind: TriggerTemplate +metadata: + name: project-tag + namespace: tekton-pipelines +spec: + params: + - name: gitrevision + description: The git revision + - name: gitrepositoryurl + description: The git repository url + - name: gitbranch + description: The branch of the PR + - name: gitref + description: The ref of the PR + - name: projectname + description: The name of the git project + - name: isprivate + description: If the git project is set to private + default: "true" + resourcetemplates: + - apiVersion: tekton.dev/v1beta1 + kind: PipelineRun + metadata: + generateName: project-tag- + spec: + pipelineRef: + name: project-tag + serviceAccountName: project-tag + params: + - name: gitbranch + value: $(params.gitbranch) + - name: gitref + value: $(params.gitref) + - name: gitrevision + value: $(params.gitrevision) + - name: projectname + value: $(params.projectname) + - name: isprivate + value: $(params.isprivate) + - name: imagetag + value: $(params.gitref) + resources: + - name: git-source + resourceSpec: + type: git + params: + - name: revision + value: $(params.gitrevision) + - name: url + value: $(params.gitrepositoryurl)