goghvideo/cicd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial submission

Browse Source
This commit is contained in:
Randal Harisch
2023-09-24 17:05:37 -06:00
commit 716573548c
17 changed files with 1498 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
tasks/generate-image-tag-task.yaml Normal file
View File

@@ -0,0 +1,29 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: generate-image-tag
namespace: goghvideo-cicd-pipeline
spec:
params:
- name: image
type: string
- name: version
type: string
results:
- name: imagetag
type: string
steps:
- name: concatenate-strings
image: quay01.ipa.endofday.com/goghvideo/rockylinux:9-ubi
env:
- name: IMAGE
value: $(params.image)
- name: TAG
value: $(params.version)
script: |
#!/usr/bin/env bash
IMAGE=$(echo -n ${IMAGE})
TAG=$(echo -n ${TAG})
echo -n "${IMAGE}:v${TAG}" > "$(results.imagetag.path)"

34
tasks/git-semver.yaml Normal file
View File

@@ -0,0 +1,34 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: git-semver
namespace: goghvideo-cicd-pipeline
spec:
params:
- name: gitrepositoryurl
type: string
- name: gitbranch
type: string
default: master
results:
- name: version
type: string
steps:
- name: clone-and-calculate-semver
image: quay01.ipa.endofday.com/goghvideo/gitversion:latest
env:
- name: PARAM_REPO
value: $(params.gitrepositoryurl)
- name: PARAM_BRANCH
value: $(params.gitbranch)
script: |
#!/usr/bin/env bash
USERNAME=$(cat /workspace/gitauth/username)
PASSWORD=$(cat /workspace/gitauth/password)
/tools/dotnet-gitversion /url ${PARAM_REPO} /b ${PARAM_BRANCH} /u ${USERNAME} /p ${PASSWORD} /dynamicRepoLocation /workspace/repo /overrideconfig mode=Mainline /showvariable MajorMinorPatch /verbosity quiet > $(results.version.path)
securityContext:
runAsNonRoot: true
runAsUser: 65532
workspaces:
- name: repo
- name: gitauth

132
tasks/gitea-merge-pr.yaml Normal file
View File

@@ -0,0 +1,132 @@
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: gitea-merge-pr
namespace: goghvideo-cicd-pipeline
spec:
description: |-
This task will merge a PR and delete the branch.
params:
- description: |
The Gitea host, e.g: git.yourcompany.com. Can include port.
name: GITEA_HOST_URL
type: string
- default: https
description: |
If we should connect with HTTP or HTTPS. Use "http" or "https" here.
name: GITEA_HTTPS_OR_HTTP
type: string
- default: /api/v1
description: |
The API path prefix of Gitea, default: /api/v1
name: API_PATH_PREFIX
type: string
- description: |
The Gitea repository full name, e.g.: tektoncd/catalog
name: REPO_FULL_NAME
type: string
- default: gitea
description: |
The name of the kubernetes secret that contains the Gitea token, default: gitea
name: GITEA_TOKEN_SECRET_NAME
type: string
- default: token
description: |
The key within the kubernetes secret that contains the Gitea token, default: token
name: GITEA_TOKEN_SECRET_KEY
type: string
- description: |
Merge Index Number
name: INDEX
type: string
- description: |
The target URL to associate with this status. This URL will be linked
from the Gitea UI to allow users to easily see the source of the
status.
name: TARGET_URL
type: string
- description: |
A short description of the status.
name: DESCRIPTION
type: string
- default: continuous-integration/tekton
description: |
The Gitea context, A string label to differentiate this status from
the status of other systems. ie: "continuous-integration/tekton"
name: CONTEXT
type: string
- description: |
The merge message field
name: MERGETYPE
type: string
- default: python:3.10.1-alpine3.15@sha256:affe0faa14e7553fc570beec3864e74b5e36f8c19b2bb49ae8ba79c0e9e7236e
description: |
Image providing the python binary which this task uses.
name: IMAGE
type: string
- default: true
description: |
Delete the branch after merge
name: DELETEBRANCH
type: string
- default: /usr/bin/env python
description: |
Python path. Depends on the image.
name: SHEBANG
type: string
steps:
- image: $(params.IMAGE)
name: merge-pull-request
script: |
#!$(params.SHEBANG)
"""This script will set the CI status on a Gitea commit"""
import json
import sys
import http.client
gitea_token = open("/etc/gitea-set-status/$(params.GITEA_TOKEN_SECRET_KEY)", "r").read()
merge_url = "$(params.API_PATH_PREFIX)" + "/repos/$(params.REPO_FULL_NAME)/" + \
"pulls/$(params.INDEX)/merge"
data = {
"Do": "$(params.MERGETYPE)",
"MergeMessageField": "$(params.DESCRIPTION)",
"MergeTitleField": "$(params.CONTEXT)"
}
print("Sending this data to Gitea: ")
print(data)
authHeader = "token " + gitea_token
if "$(params.GITEA_HTTPS_OR_HTTP)" == "https":
conn = http.client.HTTPSConnection("$(params.GITEA_HOST_URL)")
else:
conn = http.client.HTTPConnection("$(params.GITEA_HOST_URL)")
conn.request(
"POST",
merge_url,
body=json.dumps(data),
headers={
"User-Agent": "TektonCD, the peaceful cat",
"Authorization": authHeader,
"Accept": "application/json",
"Content-Type": "application/json",
})
resp = conn.getresponse()
if not str(resp.status).startswith("2"):
print("Error: %d" % (resp.status))
print(resp.read())
sys.exit(1)
else:
print("Gitea merge completed on $(params.REPO_FULL_NAME)")
volumeMounts:
- mountPath: /etc/gitea-set-status
name: giteatoken
volumes:
- name: giteatoken
secret:
secretName: $(params.GITEA_TOKEN_SECRET_NAME)

81
tasks/golangci-lint.yaml Normal file
View File

@@ -0,0 +1,81 @@
apiVersion: tekton.dev/v1
kind: Task
metadata:
annotations:
tekton.dev/categories: Code Quality
tekton.dev/displayName: golangci lint
tekton.dev/pipelines.minVersion: 0.12.1
tekton.dev/platforms: linux/amd64
tekton.dev/tags: lint
labels:
app.kubernetes.io/version: "0.2"
name: golangci-lint
namespace: goghvideo-cicd-pipeline
spec:
description: This Task is Golang task to validate Go projects.
params:
- description: base package (and its children) under validation
name: package
type: string
- default: .
description: path to the directory to use as context.
name: context
type: string
- default: --verbose
description: flags to use for the test command
name: flags
type: string
- default: v1.39
description: golangci-lint version to use
name: version
type: string
- default: linux
description: running operating system target
name: GOOS
type: string
- default: amd64
description: running architecture target
name: GOARCH
type: string
- default: auto
description: value of module support
name: GO111MODULE
type: string
- default: ""
description: Go caching directory path
name: GOCACHE
type: string
- default: ""
description: Go mod caching directory path
name: GOMODCACHE
type: string
- default: ""
description: golangci-lint cache path
name: GOLANGCI_LINT_CACHE
type: string
steps:
- env:
- name: GOPATH
value: /workspace
- name: GOOS
value: $(params.GOOS)
- name: GOARCH
value: $(params.GOARCH)
- name: GO111MODULE
value: $(params.GO111MODULE)
- name: GOCACHE
value: $(params.GOCACHE)
- name: GOMODCACHE
value: $(params.GOMODCACHE)
- name: GOLANGCI_LINT_CACHE
value: $(params.GOLANGCI_LINT_CACHE)
image: quay01.ipa.endofday.com/goghvideo/golang-lint:$(params.version)
name: lint
script: |
golangci-lint run $(params.flags)
workingDir: $(workspaces.source.path)/$(params.context)
workspaces:
# - mountPath: /workspace/src/$(params.package)
# name: source
- name: source

45
tasks/openshift-ephemeral-namespace-client.yaml Normal file
View File

@@ -0,0 +1,45 @@
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: openshift-ephemeral-namespace-client
namespace: goghvideo-cicd-pipeline
spec:
description: |-
This task runs commands against the cluster provided by user and if not provided then where the Task is being executed.
OpenShift is a Kubernetes distribution from Red Hat which provides oc, the OpenShift CLI that complements kubectl for simplifying deployment and configuration applications on OpenShift.
params:
- default: oc help
description: The OpenShift CLI arguments to run
name: SCRIPT
type: string
- default: "4.7"
description: The OpenShift Version to use
name: VERSION
type: string
results:
- name: namespace
type: string
description: The namespace which was created
steps:
- image: quay.io/openshift/origin-cli:$(params.VERSION)
name: oc
script: |
#!/usr/bin/env bash
[[ "$(workspaces.manifest-dir.bound)" == "true" ]] && \
cd $(workspaces.manifest-dir.path)
[[ "$(workspaces.kubeconfig-dir.bound)" == "true" ]] && \
[[ -f $(workspaces.kubeconfig-dir.path)/kubeconfig ]] && \
export KUBECONFIG=$(workspaces.kubeconfig-dir.path)/kubeconfig
$(params.SCRIPT)
workspaces:
- description: The workspace which contains kubernetes manifests which we want to
apply on the cluster.
name: manifest-dir
optional: true
- description: The workspace which contains the the kubeconfig file if in case we
want to run the oc command on another cluster.
name: kubeconfig-dir
optional: true

107
tasks/s2i-go-debug.yaml Normal file
View File

@@ -0,0 +1,107 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: s2i-go-debug
namespace: goghvideo-cicd-pipeline
spec:
description: s2i-go task clones a Git repository and builds and pushes a container
image using S2I and a Go builder image.
params:
- default: latest
description: The tag of go imagestream for go version
name: VERSION
type: string
- default: .
description: The location of the path to run s2i from.
name: PATH_CONTEXT
type: string
- default: "true"
description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS
registry)
name: TLSVERIFY
type: string
- description: Location of the repo where image has to be pushed
name: IMAGE
type: string
- default: registry.redhat.io/rhel8/buildah@sha256:00795fafdab9bbaa22cd29d1faa1a01e604e4884a2c935c1bf8e3d1f0ad1c084
description: The location of the buildah builder image.
name: BUILDER_IMAGE
type: string
- default: "false"
description: Skip pushing the built image
name: SKIP_PUSH
type: string
- description: Environment variables to set during _build-time_.
name: ENV_VARS
type: array
results:
- description: Digest of the image just built.
name: IMAGE_DIGEST
type: string
steps:
- args:
- $(params.ENV_VARS[*])
env:
- name: HOME
value: /tekton/home
image: registry.redhat.io/ocp-tools-4-tech-preview/source-to-image-rhel8@sha256:98d8cb3a255641ca6a1bce854e5e2460c20de9fb9b28e3cc67eb459f122873dd
name: generate
script: |
echo "Processing Build Environment Variables"
echo "" > /env-vars/env-file
for var in "$@"
do
echo "$var" >> /env-vars/env-file
done
echo "Outputting Generated /env-vars/env-file"
cat /env-vars/env-file
s2i build $(params.PATH_CONTEXT) image-registry.openshift-image-registry.svc:5000/openshift/golang:$(params.VERSION) \
--as-dockerfile /gen-source/Dockerfile.gen --environment-file /env-vars/env-file
echo "Outputting Generated /gen-source/Dockerfile.gen file"
cat /gen-source/Dockerfile.gen
volumeMounts:
- mountPath: /gen-source
name: gen-source
- mountPath: /env-vars
name: env-vars
workingDir: $(workspaces.source.path)
- image: $(params.BUILDER_IMAGE)
name: build-and-push
script: |
find . -type f -ls
buildah --log-level=info bud --storage-driver=vfs --tls-verify=$(params.TLSVERIFY) \
--layers -f /gen-source/Dockerfile.gen -t $(params.IMAGE) .
[[ "$(params.SKIP_PUSH)" == "true" ]] && echo "Push skipped" && exit 0
[[ "$(workspaces.dockerconfig.bound)" == "true" ]] && export DOCKER_CONFIG="$(workspaces.dockerconfig.path)"
buildah push --storage-driver=vfs --tls-verify=$(params.TLSVERIFY) \
--digestfile $(workspaces.source.path)/image-digest $(params.IMAGE) \
docker://$(params.IMAGE)
cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST
securityContext:
capabilities:
add:
- SETFCAP
volumeMounts:
- mountPath: /var/lib/containers
name: varlibcontainers
- mountPath: /gen-source
name: gen-source
workingDir: /gen-source
volumes:
- name: varlibcontainers
- name: gen-source
- name: env-vars
workspaces:
- mountPath: /workspace/source
name: source
- description: An optional workspace that allows providing a .docker/config.json
file for Buildah to access the container registry. The file should be placed
at the root of the Workspace with name config.json.
name: dockerconfig
optional: true