From 6fdb1c8e2a25bd01561715bbd0750d7f4ef174dc Mon Sep 17 00:00:00 2001 From: "Randal S. Harisch" Date: Wed, 4 Oct 2023 13:41:48 -0600 Subject: [PATCH] chore: some pipeline cleanup --- ...istener.yaml => notification-webhook.yaml} | 14 +- pipeline/notification.yaml | 285 ++++++------------ secrets/quay-token.yaml | 37 +++ tasks/git-semver.yaml | 1 + tasks/promote-version.yaml | 206 +++++++++++++ triggerbinding/gitea-webhook-binding.yaml | 19 -- .../notification-featurebranch.yaml | 94 ++++++ 7 files changed, 438 insertions(+), 218 deletions(-) rename eventlistener/{notification-webhook-listener.yaml => notification-webhook.yaml} (68%) create mode 100644 secrets/quay-token.yaml create mode 100644 tasks/promote-version.yaml delete mode 100644 triggerbinding/gitea-webhook-binding.yaml create mode 100644 triggertemplate/notification-featurebranch.yaml diff --git a/eventlistener/notification-webhook-listener.yaml b/eventlistener/notification-webhook.yaml similarity index 68% rename from eventlistener/notification-webhook-listener.yaml rename to eventlistener/notification-webhook.yaml index 46f5a6d..43ce877 100644 --- a/eventlistener/notification-webhook-listener.yaml +++ b/eventlistener/notification-webhook.yaml @@ -1,12 +1,12 @@ apiVersion: triggers.tekton.dev/v1beta1 kind: EventListener metadata: - name: notification-webhook-listener + name: notification namespace: goghvideo-cicd-pipeline spec: serviceAccountName: pipeline triggers: - - name: notification-greeter-webhook + - name: notification-pullrequest-webhook interceptors: - name: gitea ref: @@ -19,16 +19,16 @@ spec: secretName: webhook-secret secretKey: sharedSecret - name: eventTypes - value: ["pull_request", "pull_request_sync"] - - name: allow-create-and-update-only + value: ["pull_request"] + - name: run-if-new-pr ref: name: cel kind: ClusterInterceptor params: - name: filter value: > - body.action in ['opened', 'synchronized'] + body.action in ["opened"] bindings: - - ref: gitea-binding + - ref: gitea-pullrequest-binding template: - ref: notification-template + ref: notification-trigger-template diff --git a/pipeline/notification.yaml b/pipeline/notification.yaml index 9fc1ea6..e49cb95 100644 --- a/pipeline/notification.yaml +++ b/pipeline/notification.yaml @@ -1,8 +1,10 @@ apiVersion: tekton.dev/v1beta1 kind: Pipeline metadata: - name: notification-buildtest + name: notification namespace: goghvideo-cicd-pipeline + labels: + app: notification spec: workspaces: - name: source @@ -10,132 +12,87 @@ spec: - name: dockerconfig - name: helm - name: gitsshauth + - name: quayauth params: - - name: git-repo-full-name - type: string - - name: git-token-secret-name - type: string - - name: git-token-secret-key - type: string - - name: git-commit-sha - type: string - - name: git-repo-url - type: string - description: Git URL to retrieve - - name: git-branch - type: string - description: branch to checkout - - name: git-pr-index - description: PR number to merge - - name: git-merge-type - description: What type of merge to do - - name: git-merge-delete-branch - description: delete the branch after merge - - name: verbose - type: string - default: "false" - - name: lint-package - type: string - - name: lint-context - type: string - description: Path to where the modules are stored - - name: lint-version - type: string - default: latest - - name: image - type: string - - name: s2i-builder-image - type: string + - name: ref + description: Ref of the application + - name: revision + description: git unique head commit id + - name: repourl + description: repository name + - name: repofullname + description: repository full name + - name: author + description: commit author username + - name: email + description: commit author email + - name: message + description: commit message + - name: index + description: pull request index number - name: git-helm-url - type: string + description: The URL of the repo containing the helm charts + - name: githost + description: the base git server hostname + - name: quayhost + description: the base quay server hostname tasks: - - name: set-check-pending - taskRef: - name: gitea-set-status - params: - - name: SHA - value: $(params.git-commit-sha) - - name: GITEA_HOST_URL - value: git.endofday.com - - name: REPO_FULL_NAME - value: $(params.git-repo-full-name) - - name: GITEA_TOKEN_SECRET_NAME - value: $(params.git-token-secret-name) - - name: GITEA_TOKEN_SECRET_KEY - value: $(params.git-token-secret-key) - - name: DESCRIPTION - value: Build started - - name: STATE - value: pending - - name: TARGET_URL - value: https://console-openshift-console.apps.ocp.endofday.com/pipelines/all-namespaces - - name: git-semver - runAfter: - - set-check-pending + - name: prepare taskRef: name: git-semver params: - name: gitrepositoryurl - value: $(params.git-repo-url) + value: $(params.repourl) - name: gitbranch - value: $(params.git-branch) + value: $(params.ref) workspaces: - name: repo workspace: source - name: gitauth workspace: gitauth - - name: golangci-lint + - name: standards runAfter: - - git-semver + - prepare taskRef: name: golangci-lint params: - name: package - value: $(params.lint-package) + value: $(params.githost)/goghvideo/notification - name: context - value: $(params.lint-context) + value: ./notification/src - name: version - value: $(params.lint-version) + value: latest workspaces: - name: source workspace: source - - name: generate-imagetag + - name: build runAfter: - - golangci-lint - taskRef: - name: generate-image-tag - params: - - name: version - value: $(tasks.git-semver.results.version) - - name: image - value: $(params.image) - - name: s2i-build - runAfter: - - generate-imagetag + - standards taskRef: name: s2i-go-debug params: - name: TLSVERIFY value: false - name: BUILDER_IMAGE - value: $(params.s2i-builder-image) + value: $(params.quayhost)/goghvideo/golang-s2i-buildah:v1 - name: PATH_CONTEXT - value: $(params.lint-context) + value: notification/src - name: verbose value: true - name: IMAGE - value: $(tasks.generate-imagetag.results.imagetag) + value: $(params.quayhost)/goghvideo/notification:$(params.revision) - name: ENV_VARS value: - - semver=$(tasks.git-semver.results.version) + - semver=$(tasks.prepare.results.version) workspaces: - name: source workspace: source - name: dockerconfig workspace: dockerconfig - - name: ephemeral-ns + + - name: ephemeral-namespace runAfter: - - s2i-build + - build taskref: name: openshift-ephemeral-namespace-client kind: Task @@ -162,7 +119,7 @@ spec: namespace: goghvideo-test-${RANDOMID} spec: delayStartSeconds: 10 - image: quay01.ipa.endofday.com/goghvideo/bitnami-rabbitmq + image: $(params.quayhost)/goghvideo/bitnami-rabbitmq imagePullSecrets: - name: goghvideo-openshift-builder-pull-secret persistence: @@ -214,8 +171,8 @@ spec: workspaces: - name: kubeconfig-dir workspace: dockerconfig - - name: clone-helm-charts - runAfter: ["ephemeral-ns"] + - name: prepare-helm-charts + runAfter: ["ephemeral-namespace"] taskRef: name: git-clone params: @@ -226,52 +183,52 @@ spec: workspace: helm - name: ssh-directory workspace: gitsshauth - - name: deploy-notification - runAfter: ["clone-helm-charts"] + - name: deploy-notification-app + runAfter: ["prepare-helm-charts"] taskRef: name: helm-upgrade-from-source params: - name: charts_dir value: notification - name: release_namespace - value: $(tasks.ephemeral-ns.results.namespace) + value: $(tasks.ephemeral-namespace.results.namespace) - name: release_name value: notification - name: overwrite_values - value: "image.tag=v$(tasks.git-semver.results.version)" + value: "image.tag=$(params.revision)" workspaces: - name: source workspace: helm - - name: deploy-upload-to-nextcloud - runAfter: ["clone-helm-charts"] + - name: deploy-upload-to-nextcloud-app + runAfter: ["prepare-helm-charts"] taskRef: name: helm-upgrade-from-source params: - name: charts_dir value: upload-to-nextcloud - name: release_namespace - value: $(tasks.ephemeral-ns.results.namespace) + value: $(tasks.ephemeral-namespace.results.namespace) - name: release_name value: upload-to-nextcloud workspaces: - name: source workspace: helm - - name: deploy-conversion-engine - runAfter: ["clone-helm-charts"] + - name: deploy-conversion-engine-job + runAfter: ["prepare-helm-charts"] taskRef: name: helm-upgrade-from-source params: - name: charts_dir value: conversion-engine - name: release_namespace - value: $(tasks.ephemeral-ns.results.namespace) + value: $(tasks.ephemeral-namespace.results.namespace) - name: release_name value: conversion-engine workspaces: - name: source workspace: helm - name: get-filedrop-name - runAfter: ["deploy-conversion-engine", "deploy-upload-to-nextcloud", "deploy-notification"] + runAfter: ["deploy-conversion-engine-job", "deploy-upload-to-nextcloud-app", "deploy-notification-app"] taskref: name: openshift-ephemeral-namespace-client kind: Task @@ -283,7 +240,7 @@ spec: #!/usr/bin/env bash wget "https://github.com/jqlang/jq/releases/download/jq-1.7/jq-linux-amd64" -O /usr/local/bin/jq chmod +x /usr/local/bin/jq - INPUTSRC=$(oc -n $(tasks.ephemeral-ns.results.namespace) get scaledjob/conversion-engine -o json | /usr/local/bin/jq -r '.spec.jobTargetRef.template.spec.initContainers[0].env[] | select(.name == "sourcefile").value') + INPUTSRC=$(oc -n $(tasks.ephemeral-namespace.results.namespace) get scaledjob/conversion-engine -o json | /usr/local/bin/jq -r '.spec.jobTargetRef.template.spec.initContainers[0].env[] | select(.name == "sourcefile").value') if [[ -z "${INPUTSRC}" ]]; then exit 1; fi echo -n "${INPUTSRC}" > $(results.filedrop.path) workspaces: @@ -305,7 +262,7 @@ spec: kind: Job metadata: generateName: e2e-test- - namespace: $(tasks.ephemeral-ns.results.namespace) + namespace: $(tasks.ephemeral-namespace.results.namespace) labels: app: e2e-test spec: @@ -325,7 +282,7 @@ spec: name: amqp - name: dropfile value: $(tasks.get-filedrop-name.results.filedrop) - image: quay01.ipa.endofday.com/goghvideo/e2e-test:v0.1.5 + image: $(params.quayhost)/goghvideo/e2e-test:v0.1.5 imagePullPolicy: Always name: transcode-job volumeMounts: @@ -336,102 +293,46 @@ spec: persistentVolumeClaim: claimName: "pvc-conversion" EOF - MYJOB=$(oc -n $(tasks.ephemeral-ns.results.namespace) get jobs -l app=e2e-test -o name) + MYJOB=$(oc -n $(tasks.ephemeral-namespace.results.namespace) get jobs -l app=e2e-test -o name) echo "Job Reference: ${MYJOB}" - x=0; until [[ $(oc -n $(tasks.ephemeral-ns.results.namespace) get ${MYJOB} -o go-template="{{if .status.active}}{{.status.active}}{{else}}0{{end}}") -gt 0 || $x -eq 60 ]]; do echo "Waiting for e2e job to start" && sleep 2 && ((x++)); done + x=0; until [[ $(oc -n $(tasks.ephemeral-namespace.results.namespace) get ${MYJOB} -o go-template="{{if .status.active}}{{.status.active}}{{else}}0{{end}}") -gt 0 || $x -eq 60 ]]; do echo "Waiting for e2e job to start" && sleep 2 && ((x++)); done if [[ "${x}" -eq 60 ]]; then exit 1; fi - x=0; until [[ $(oc -n $(tasks.ephemeral-ns.results.namespace) get ${MYJOB} -o go-template="{{if .status.succeeded}}{{.status.succeeded}}{{else}}0{{end}}" ) -gt 0 || $x -eq 20 ]]; do echo "Waiting for test to complete" && sleep 15 && ((x++)); done + x=0; until [[ $(oc -n $(tasks.ephemeral-namespace.results.namespace) get ${MYJOB} -o go-template="{{if .status.succeeded}}{{.status.succeeded}}{{else}}0{{end}}" ) -gt 0 || $x -eq 20 ]]; do echo "Waiting for test to complete" && sleep 15 && ((x++)); done if [[ "${x}" -eq 20 ]]; then exit 1; fi workspaces: - name: kubeconfig-dir workspace: dockerconfig - - name: pass-pr-check + - name: promote runAfter: ["perform-e2e-test"] - taskRef: - name: gitea-set-status + taskref: + name: promote + kind: Task params: - - name: SHA - value: $(params.git-commit-sha) - - name: GITEA_HOST_URL - value: git.endofday.com - - name: REPO_FULL_NAME - value: $(params.git-repo-full-name) - - name: GITEA_TOKEN_SECRET_NAME - value: $(params.git-token-secret-name) - - name: GITEA_TOKEN_SECRET_KEY - value: $(params.git-token-secret-key) - - name: DESCRIPTION - value: Tekton CI Pipeline - - name: STATE - value: success - - name: TARGET_URL - value: https://console-openshift-console.apps.ocp.endofday.com/pipelines - - name: create-git-release - runAfter: ["pass-pr-check"] - taskRef: - name: gitea-create-release - params: - - name: SHA - value: $(params.git-commit-sha) - - name: GITEA_HOST_URL - value: git.endofday.com - - name: REPO_FULL_NAME - value: $(params.git-repo-full-name) - - name: GITEA_TOKEN_SECRET_NAME - value: $(params.git-token-secret-name) - - name: GITEA_TOKEN_SECRET_KEY - value: $(params.git-token-secret-key) - - name: TAG - value: $(tasks.git-semver.results.version) - - name: TITLE - value: $(params.git-repo-full-name)-$(tasks.git-semver.results.version) - - name: perform-merge - runAfter: ["create-git-release"] - taskRef: - name: gitea-merge-pr - params: - - name: GITEA_HOST_URL - value: git.endofday.com - - name: REPO_FULL_NAME - value: $(params.git-repo-full-name) - - name: GITEA_TOKEN_SECRET_NAME - value: $(params.git-token-secret-name) - - name: GITEA_TOKEN_SECRET_KEY - value: $(params.git-token-secret-key) - - name: DESCRIPTION - value: Automatically merged by CI pipeline - - name: INDEX - value: $(params.git-pr-index) - - name: MERGETYPE - value: $(params.git-merge-type) - - name: DELETEBRANCH - value: $(params.git-merge-delete-branch) - - name: TARGET_URL - value: https://console-openshift-console.apps.ocp.endofday.com/pipelines - finally: - - name: fail-pr-check - when: - - input: $(tasks.status) - operator: in - values: - - Failed - taskRef: - name: gitea-set-status - params: - - name: SHA - value: $(params.git-commit-sha) - - name: GITEA_HOST_URL - value: git.endofday.com - - name: REPO_FULL_NAME - value: $(params.git-repo-full-name) - - name: GITEA_TOKEN_SECRET_NAME - value: $(params.git-token-secret-name) - - name: GITEA_TOKEN_SECRET_KEY - value: $(params.git-token-secret-key) - - name: DESCRIPTION - value: Tekton CI Pipeline - - name: STATE - value: failure - - name: TARGET_URL - value: https://console-openshift-console.apps.ocp.endofday.com/pipelines + - name: ref + value: $(params.ref) + - name: repofullname + value: $(params.repofullname) + - name: revision + value: $(params.revision) + - name: semver + value: $(tasks.prepare.results.version) + - name: author + value: $(params.author) + - name: email + value: $(params.email) + - name: appname + value: notification + - name: quayhost + value: $(params.quayhost) + - name: githost + value: $(params.githost) + - name: index + value: $(params.index) + workspaces: + - name: source + workspace: source + - name: gitauth + workspace: gitauth + - name: quayauth + workspace: quayauth diff --git a/secrets/quay-token.yaml b/secrets/quay-token.yaml new file mode 100644 index 0000000..7e9fef6 --- /dev/null +++ b/secrets/quay-token.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +stringData: + apikey: ENC[AES256_GCM,data:RA15urgJzFCI00HoZ103b948UuQNB10UcM5c/DXMDQ6Qh10oIzfBYA==,iv:cw3x/s1WLUxmRv/x001Q0Zf55VQBr0feuvSThsQXNJg=,tag:EXW14MB76J0T4dcGReBI4A==,type:str] +kind: Secret +metadata: + name: quay-credentials + namespace: goghvideo-cicd-pipeline +type: opaque +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-10-04T04:03:51Z" + mac: ENC[AES256_GCM,data:70kc2yyPoCo42IFtaUs5hXVwHIxe46P2cPLKaN+In1x+mKk7QeTud0duRGuJTTOmrPBLW7c3lPScvYu70CjaTJZ+OyRLTQdd49ATK2DdYlR1ZXV3GIKqJIS4sYlWCxvIjbHKnSKpfHuy1Y5QBEQuc9EnFLQzq75xJfT29tXTJzQ=,iv:Q2iSZL4lCMepQGAjhxnbihxwu23D15FKfhFrKGjuW7w=,tag:ue3XvEMiv+4TgFjU0dTXLA==,type:str] + pgp: + - created_at: "2023-10-04T04:03:51Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcDMA0gtINCTAeZuAQwAhFNVkH51L0DEu2NEbeSLAdufyv5NCi/sWYEWk8JbJIGy + J6LPDFjMNVwqxjqH3hyFMlsPIekW0ck+z1k+AqPu40BQEv4t+EfDEt9YSm9Swmqb + DvOKaAi9BO8fX+IWE42EwEmQGc+VWiJfQcuq63jILIIDk03a6x6MW0J2Rjw06ixK + D4JsdQsRYE2/vAmjtmoqWRTs9rApn7jvTuxPOUiWPZCMrWLobot3lf6xJ+DrxT8h + QmSUaoGTOcFbm3DWpkOq5iC/ha3uTbaskFewpR/k1za7D2dINOjseTsw8FG1JkFE + 808DTeNy9YihRb/pq7phHsafQJVAjHZDTwE+iqQgRRAXX2hXggRC5He2V5AXi++7 + 2/jYrTTPbpFQPDL2Ul/pGmddERr8GxISYgqx4ktxXd6Fh97CMQnjYK18bKi8IbeJ + s1XqQhEy0PG+7bs7NSiRLoOl1J/vXhiKtPbUYRvcnjsS3VJHSe4tMUb9TntOp0pO + rb9jb5YPmmfd9iGDvFhp0lEB2Dl88o/lTnR6n2xqxYrWuPwidi0lTD2b30mTeqid + YbkGPzsrbjsVsoqTO4sozY9YS7NI8TTcTdnjciuCJos+irBrmAMNh1DjIvDc69Bi + FrI= + =9zD2 + -----END PGP MESSAGE----- + fp: 72E72623346EA4589F9348C8DD8DF053BEDF14D1 + encrypted_regex: ^(user.*|pass.*|.*[Bb]earer.*|.*[Kk]ey|.*[Kk]eys|salt|sentry.*|.*[Tt]oken|data.*|stringData.*)$ + version: 3.7.3 diff --git a/tasks/git-semver.yaml b/tasks/git-semver.yaml index d2d7c87..d28a064 100644 --- a/tasks/git-semver.yaml +++ b/tasks/git-semver.yaml @@ -27,6 +27,7 @@ spec: PASSWORD=$(cat /workspace/gitauth/password) SEMVER=$(/tools/dotnet-gitversion /url ${PARAM_REPO} /b ${PARAM_BRANCH} /u ${USERNAME} /p ${PASSWORD} /dynamicRepoLocation /workspace/repo /overrideconfig mode=Mainline /showvariable MajorMinorPatch /verbosity quiet) echo -n ${SEMVER} > $(results.version.path) + exit 0 securityContext: runAsNonRoot: true runAsUser: 65532 diff --git a/tasks/promote-version.yaml b/tasks/promote-version.yaml new file mode 100644 index 0000000..4ec77be --- /dev/null +++ b/tasks/promote-version.yaml @@ -0,0 +1,206 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: promote + namespace: goghvideo-cicd-pipeline +spec: + params: + - name: ref + description: The git branch reference + type: string + - name: repofullname + type: string + - name: revision + description: git unique head commit id + type: string + - name: semver + description: Symantic version number + type: string + - name: author + type: string + - name: email + type: string + - name: appname + type: string + - name: index + type: string + - name: githost + type: string + - name: quayhost + type: string + steps: + - name: release-notes + image: $(params.quayhost)/goghvideo/bitnami-git:latest + workingDir: $(workspaces.source.path)/$(params.appname) + script: | + #!/bin/sh + export USERNAME=$(cat $(workspaces.gitauth.path)/username) + export PASSWORD=$(cat $(workspaces.gitauth.path)/password) + + git config --global --add safe.directory $(workspaces.source.path)/$(params.appname) + git config --global user.name "$(params.author)" + git config --global user.email "$(params.email)" + + HOSTPATH=$(git remote get-url origin | sed 's_https://__') + git remote set-url origin https://${USERNAME}:${PASSWORD}@${HOSTPATH} + + git fetch --all --tags >/dev/null 2>&1 + #git log main..$(params.ref) --oneline --no-merges --decorate > release-v$(params.semver).md 2>/dev/null + #git add release-v$(params.semver).md + #git commit -m "Including release notes" + git tag -a v$(params.semver) -m "Upgrade to v$(params.semver)" + git push origin $(params.ref) --tags + - name: get-tag-data + image: $(params.quayhost)/goghvideo/python:3-alpine + script: | + #!/usr/bin/env python + + """This script will get the Gitea tag status""" + + import json + import sys + import http.client + + gitea_token = open("$(workspaces.gitauth.path)/password", "r").read() + + merge_url = "https://$(params.githost)/api/v1" + "/repos/$(params.repofullname)/" + \ + "commits/v$(params.semver)/status" + + authHeader = "token " + gitea_token + + conn = http.client.HTTPSConnection("$(params.githost)") + + conn.request( + "GET", + merge_url, + headers={ + "User-Agent": "TektonCD, the peaceful cat", + "Authorization": authHeader, + "Accept": "application/json", + "Content-Type": "application/json", + }) + resp = conn.getresponse() + if not str(resp.status).startswith("2"): + print("Error: %d" % (resp.status)) + print(resp.read()) + sys.exit(1) + else: + print("Gitea tag verification completed on $(params.githost)") + + - name: merge-pull-request + image: $(params.quayhost)/goghvideo/python:3-alpine + script: | + #!/usr/bin/env python + + """This script will set the CI status on a Gitea commit""" + + import json + import sys + import http.client + + gitea_token = open("$(workspaces.gitauth.path)/password", "r").read() + + merge_url = "https://$(params.githost)/api/v1" + "/repos/$(params.repofullname)/" + \ + "pulls/$(params.index)/merge" + + data = { + "Do": "merge" + } + print("Sending this data to Gitea: ") + print(data) + + authHeader = "token " + gitea_token + + conn = http.client.HTTPSConnection("$(params.githost)") + + conn.request( + "POST", + merge_url, + body=json.dumps(data), + headers={ + "User-Agent": "TektonCD, the peaceful cat", + "Authorization": authHeader, + "Accept": "application/json", + "Content-Type": "application/json", + }) + resp = conn.getresponse() + if not str(resp.status).startswith("2"): + print("Error: %d" % (resp.status)) + print(resp.read()) + sys.exit(1) + else: + print("Gitea merge completed on $(params.githost)") + - name: tag-image-with-release-ver + image: $(params.quayhost)/goghvideo/python:3-alpine + script: | + #!/usr/bin/env python + + """This script will set tag the image with the release version""" + + import json + import sys + import http.client + import ssl + + quay_token = open("$(workspaces.quayauth.path)/apikey", "r").read() + authHeader = "Bearer " + quay_token + + conn = http.client.HTTPSConnection( + "$(params.quayhost)", + context = ssl._create_unverified_context() + ) + + existing_tag = "/api/v1/repository/$(params.repofullname)/tag/?specificTag=$(params.revision)" + + print("Getting existing tag information from Quay") + + conn.request( + "GET", + existing_tag, + headers={ + "User-Agent": "TektonCD, the peaceful cat", + "Authorization": authHeader, + "Accept": "application/json", + "Content-Type": "application/json", + } + ) + resp = conn.getresponse() + if not str(resp.status).startswith("2"): + print("Error: %d" % (resp.status)) + print(resp.read()) + sys.exit(1) + else: + print("Successfully Retrieved quay infor for tag") + tag_info = json.loads(resp.read().decode('utf-8')) + for item in tag_info['tags']: + manifest_digest = item['manifest_digest'] + + print("Tagging image with semver") + tag_url = "/api/v1/repository/$(params.repofullname)/tag/v$(params.semver)" + + data = { + "manifest_digest": manifest_digest + } + + conn.request( + "PUT", + tag_url, + body=json.dumps(data), + headers={ + "User-Agent": "TektonCD, the peaceful cat", + "Authorization": authHeader, + "Accept": "application/json", + "Content-Type": "application/json", + } + ) + resp = conn.getresponse() + if not str(resp.status).startswith("2"): + print("Error: %d" % (resp.status)) + print(resp.read()) + sys.exit(1) + else: + print("Successfully tagged image") + workspaces: + - name: source + - name: gitauth + - name: quayauth diff --git a/triggerbinding/gitea-webhook-binding.yaml b/triggerbinding/gitea-webhook-binding.yaml deleted file mode 100644 index cec9b3f..0000000 --- a/triggerbinding/gitea-webhook-binding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: triggers.tekton.dev/v1beta1 -kind: TriggerBinding -metadata: - name: gitea-binding - namespace: goghvideo-cicd-pipeline -spec: - params: - - name: gitrepositoryurl - value: $(body.repository.clone_url) - - name: gitcommitsha - value: $(body.pull_request.head.sha) - - name: gitfullreponame - value: $(body.pull_request.base.repo.full_name) - - name: gitbranch - value: $(body.pull_request.head.ref) - - name: gitreponame - value: $(body.pull_request.base.repo.name) - - name: gitprindex - value: $(body.pull_request.number) diff --git a/triggertemplate/notification-featurebranch.yaml b/triggertemplate/notification-featurebranch.yaml new file mode 100644 index 0000000..13b443e --- /dev/null +++ b/triggertemplate/notification-featurebranch.yaml @@ -0,0 +1,94 @@ +apiVersion: triggers.tekton.dev/v1beta1 +kind: TriggerTemplate +metadata: + name: notification-trigger-template + namespace: goghvideo-cicd-pipeline +spec: + params: + - name: ref + description: git reference or branch name + - name: revision + description: The revision of your git repository + - name: repourl + description: The url of your git repository + - name: reponame + description: the name if your git repository + - name: repofullname + description: The full name of your git repository + - name: message + description: commit message + - name: author + description: commit author username + - name: email + description: commit author email + - name: index + description: pull request index number + resourcetemplates: + - apiVersion: tekton.dev/v1beta1 + kind: PipelineRun + metadata: + generateName: $(tt.params.reponame)-$(tt.params.author)- + namespace: goghvideo-cicd-pipeline + labels: + webhooks.tekton.dev/repo: $(tt.params.reponame) + webhooks.tekton.dev/author: $(tt.params.author) +# annotations: +# argocd.argoproj.io/compare-options: IgnoreExtraneous + spec: + serviceAccountName: pipeline + workspaces: + - name: source + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi + storageClassName: nfs-client + - name: gitauth + secret: + secretName: git-http-credentials + - name: gitsshauth + secret: + secretName: git-credentials + - name: dockerconfig + secret: + secretName: goghvideo-container-registry-push + - name: quayauth + secret: + secretName: quay-credentials + - name: helm + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi + storageClassName: nfs-client + params: + - name: ref + value: $(tt.params.ref) + - name: revision + value: $(tt.params.revision) + - name: author + value: $(tt.params.author) + - name: email + value: $(tt.params.email) + - name: message + value: $(tt.params.message) + - name: repourl + value: $(tt.params.repourl) + - name: repofullname + value: $(tt.params.repofullname) + - name: git-helm-url + value: git@git-ssh.ipa.endofday.com:goghvideo/helm.git + - name: index + value: $(tt.params.index) + - name: githost + value: "git.endofday.com" + - name: quayhost + value: "quay01.ipa.endofday.com" + pipelineRef: + name: notification