goghvideo/cicd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial submission

Browse Source
This commit is contained in:
Randal Harisch
2023-09-24 17:05:37 -06:00
commit 716573548c
17 changed files with 1498 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored Normal file
View File

@@ -0,0 +1,2 @@
.ssh/
custom-scc.yaml

1
README.md Normal file
View File

@@ -0,0 +1 @@
# CI/CD Pipeline for Goghvideo application

34
eventlistener/conversionengine-webhook-listener.yaml Normal file
View File

@@ -0,0 +1,34 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
name: conversionengine-webhook-listener
name: gighvideo-cicd-pipeline
spec:
serviceAccountName: pipeline
triggers:
- name: conversionengine-greeter-webhook
interceptors:
- name: gitea
ref:
name: gitea
kind: ClusterInterceptor
apiVersion: triggers.tekton.dev
params:
- name: secretRef
value:
secretName: webhook-secret
secretKey: sharedSecret
- name: eventTypes
value: ["pull_request", "pull_request_sync"]
- name: allow-create-and-update-only
ref:
name: cel
kind: ClusterInterceptor
params:
- name: filter
value: >
body.action in ['opened', 'synchronized']
bindings:
- ref: gitea-binding
template:
ref: conversionengine-template

34
eventlistener/upload-to-nextcloud-webhook-listener.yaml Normal file
View File

@@ -0,0 +1,34 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
name: upload-to-nextcloud-webhook-listener
name: gighvideo-cicd-pipeline
spec:
serviceAccountName: pipeline
triggers:
- name: upload2nc-greeter-webhook
interceptors:
- name: gitea
ref:
name: gitea
kind: ClusterInterceptor
apiVersion: triggers.tekton.dev
params:
- name: secretRef
value:
secretName: webhook-secret
secretKey: sharedSecret
- name: eventTypes
value: ["pull_request", "pull_request_sync"]
- name: allow-create-and-update-only
ref:
name: cel
kind: ClusterInterceptor
params:
- name: filter
value: >
body.action in ['opened', 'synchronized']
bindings:
- ref: gitea-binding
template:
ref: upload2nc-template

326
pipeline/conversion-engine.yaml Normal file
View File

@@ -0,0 +1,326 @@
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: ce-buildtest
namespace: learntekton
spec:
workspaces:
- name: source
- name: gitauth
- name: dockerconfig
- name: helm
- name: gitsshauth
params:
- name: git-repo-full-name
type: string
- name: git-token-secret-name
type: string
- name: git-token-secret-key
type: string
- name: git-commit-sha
type: string
- name: git-repo-url
type: string
description: Git URL to retrieve
- name: git-branch
type: string
description: branch to checkout
- name: git-pr-index
description: PR number to merge
- name: git-merge-type
description: What type of merge to do
- name: git-merge-delete-branch
description: delete the branch after merge
- name: verbose
type: string
default: "false"
- name: lint-package
type: string
- name: lint-context
type: string
description: Path to where the modules are stored
- name: lint-version
type: string
default: latest
- name: image
type: string
- name: s2i-builder-image
type: string
- name: git-helm-url
type: string
tasks:
- name: set-check-pending
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Build started
- name: STATE
value: pending
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines/all-namespaces
- name: git-semver
runAfter:
- set-check-pending
taskRef:
name: git-semver
params:
- name: gitrepositoryurl
value: $(params.git-repo-url)
- name: gitbranch
value: $(params.git-branch)
workspaces:
- name: repo
workspace: source
- name: gitauth
workspace: gitauth
- name: golangci-lint
runAfter:
- git-semver
taskRef:
name: golangci-lint
params:
- name: package
value: $(params.lint-package)
- name: context
value: $(params.lint-context)
- name: version
value: $(params.lint-version)
workspaces:
- name: source
workspace: source
- name: generate-imagetag
runAfter:
- golangci-lint
taskRef:
name: generate-image-tag
params:
- name: version
value: $(tasks.git-semver.results.version)
- name: image
value: $(params.image)
- name: s2i-build
runAfter:
- generate-imagetag
taskRef:
name: s2i-go-debug
params:
- name: TLSVERIFY
value: false
- name: BUILDER_IMAGE
value: $(params.s2i-builder-image)
- name: PATH_CONTEXT
value: $(params.lint-context)
- name: verbose
value: true
- name: IMAGE
value: $(tasks.generate-imagetag.results.imagetag)
- name: ENV_VARS
value:
- semver=$(tasks.git-semver.results.version)
workspaces:
- name: source
workspace: source
- name: dockerconfig
workspace: dockerconfig
- name: ephemeral-ns
runAfter:
- s2i-build
taskref:
name: openshift-ephemeral-namespace-client
kind: Task
params:
- name: VERSION
value: 4.11
- name: SCRIPT
value: |
echo "${SHELL}"
RANDOMID=$(openssl rand -hex 4)
oc new-project goghvideo-test-${RANDOMID} >/dev/null
oc label namespace goghvideo-test-${RANDOMID} app=goghvideo-test
x=0; until [[ -n $(oc -n goghvideo-test-${RANDOMID} get secret/goghvideo-openshift-builder-pull-secret 2>/dev/null) || $x -eq 10 ]]; do echo "Waiting for secret replication" && sleep 10 && ((x++)); done
if [[ "${x}" -eq 10 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} secrets link default goghvideo-openshift-builder-pull-secret --for=pull
oc apply -f - <<EOF
apiVersion: rabbitmq.com/v1beta1
kind: RabbitmqCluster
metadata:
name: rabbitmq
namespace: goghvideo-test-${RANDOMID}
spec:
delayStartSeconds: 10
image: quay01.ipa.endofday.com/goghvideo/bitnami-rabbitmq
imagePullSecrets:
- name: goghvideo-openshift-builder-pull-secret
persistence:
storage: 10Gi
replicas: 1
resources:
limits:
cpu: "2"
memory: 2Gi
requests:
cpu: "1"
memory: 2Gi
service:
type: ClusterIP
terminationGracePeriodSeconds: 30
EOF
x=0; until [[ -n $(oc -n goghvideo-test-${RANDOMID} get sa/rabbitmq-server 2>/dev/null ) || $x -eq 10 ]]; do echo "Waiting for operator to deploy rabbit" && sleep 5 && ((x++)); done
if [[ "${x}" -eq 10 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} adm policy add-scc-to-user anyuid -z rabbitmq-server
x=0; until [[ $(oc -n goghvideo-test-${RANDOMID} get sts rabbitmq-server -o jsonpath="{.status.readyReplicas}") -gt 0 || $x -eq 20 ]]; do echo "Waiting for Rabbit MQ to startup" && sleep 15 && ((x++)); done
if [[ "${x}" -eq 20 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} create route edge --service=rabbitmq --port=15672
oc -n goghvideo-test-${RANDOMID} get pods
RABBITHOST=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.host | base64decode }}')
RABBITUSER=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.username | base64decode }}')
RABBITPASS=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.password | base64decode }}')
oc -n goghvideo-test-${RANDOMID} create secret generic amqp --from-literal=url=amqp://${RABBITUSER}:${RABBITPASS}@${RABBITHOST}/
curl -O http://${RABBITHOST}:15672/cli/rabbitmqadmin
chmod +x rabbitmqadmin
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare exchange name=conversion type=topic
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=transcode durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=notification durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=upload-nextcloud durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="transcode" routing_key="transcode"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="notification" routing_key="notification"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="upload-nextcloud" routing_key="upload-nextcloud"
echo -n "goghvideo-test-${RANDOMID}" > $(results.namespace.path)
workspaces:
- name: kubeconfig-dir
workspace: dockerconfig
- name: clone-helm-charts
runAfter: ["ephemeral-ns"]
taskRef:
name: git-clone
params:
- name: url
value: $(params.git-helm-url)
workspaces:
- name: output
workspace: helm
- name: ssh-directory
workspace: gitsshauth
- name: deploy-testver
runAfter: ["clone-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: conversion-engine
- name: release_namespace
value: $(tasks.ephemeral-ns.results.namespace)
- name: release_name
value: conversion-engine
- name: overwrite_values
value: "image.tag=$(tasks.git-semver.results.version)"
workspaces:
- name: source
workspace: helm
- name: deploy-upload-to-nextcloud
runAfter: ["clone-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: upload-to-nextcloud
- name: release_namespace
value: $(tasks.ephemeral-ns.results.namespace)
- name: release_name
value: upload-to-nextcloud
workspaces:
- name: source
workspace: helm
- name: pass-pr-check
runAfter: ["deploy-testver"]
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Tekton CI Pipeline
- name: STATE
value: success
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines
- name: perform-merge
runAfter: ["pass-pr-check"]
taskRef:
name: gitea-merge-pr
params:
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Automatically merged by CI pipeline
- name: INDEX
value: $(params.git-pr-index)
- name: MERGETYPE
value: $(params.git-merge-type)
- name: DELETEBRANCH
value: $(params.git-merge-delete-branch)
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines
finally:
- name: fail-pr-check
when:
- input: $(tasks.status)
operator: in
values:
- Failed
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Tekton CI Pipeline
- name: STATE
value: failure
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines

327
pipeline/upload-to-nextcloud.yaml Normal file
View File

@@ -0,0 +1,327 @@
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: upload-to-nextcloud
namespace: goghvideo-cicd-pipeline
spec:
workspaces:
- name: source
- name: gitauth
- name: dockerconfig
- name: helm
- name: gitsshauth
params:
- name: git-repo-full-name
type: string
- name: git-token-secret-name
type: string
- name: git-token-secret-key
type: string
- name: git-commit-sha
type: string
- name: git-repo-url
type: string
description: Git URL to retrieve
- name: git-branch
type: string
description: branch to checkout
- name: git-pr-index
description: PR number to merge
- name: git-merge-type
description: What type of merge to do
- name: git-merge-delete-branch
description: delete the branch after merge
- name: verbose
type: string
default: "false"
- name: lint-package
type: string
- name: lint-context
type: string
description: Path to where the modules are stored
- name: lint-version
type: string
default: latest
- name: image
type: string
- name: s2i-builder-image
type: string
- name: git-helm-url
type: string
tasks:
- name: set-check-pending
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Build started
- name: STATE
value: pending
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines/all-namespaces
- name: git-semver
runAfter:
- set-check-pending
taskRef:
name: git-semver
params:
- name: gitrepositoryurl
value: $(params.git-repo-url)
- name: gitbranch
value: $(params.git-branch)
workspaces:
- name: repo
workspace: source
- name: gitauth
workspace: gitauth
- name: golangci-lint
runAfter:
- git-semver
taskRef:
name: golangci-lint
params:
- name: package
value: $(params.lint-package)
- name: context
value: $(params.lint-context)
- name: version
value: $(params.lint-version)
workspaces:
- name: source
workspace: source
- name: generate-imagetag
runAfter:
- golangci-lint
taskRef:
name: generate-image-tag
params:
- name: version
value: $(tasks.git-semver.results.version)
- name: image
value: $(params.image)
- name: s2i-build
runAfter:
- generate-imagetag
taskRef:
name: s2i-go-debug
kind: Task
params:
- name: TLSVERIFY
value: false
- name: BUILDER_IMAGE
value: $(params.s2i-builder-image)
- name: PATH_CONTEXT
value: $(params.lint-context)
- name: verbose
value: true
- name: IMAGE
value: $(tasks.generate-imagetag.results.imagetag)
- name: ENV_VARS
value:
- semver=$(tasks.git-semver.results.version)
workspaces:
- name: source
workspace: source
- name: dockerconfig
workspace: dockerconfig
- name: ephemeral-ns
runAfter:
- s2i-build
taskref:
name: openshift-ephemeral-namespace-client
kind: Task
params:
- name: VERSION
value: 4.11
- name: SCRIPT
value: |
echo "${SHELL}"
RANDOMID=$(openssl rand -hex 4)
oc new-project goghvideo-test-${RANDOMID} >/dev/null
oc label namespace goghvideo-test-${RANDOMID} app=goghvideo-test
x=0; until [[ -n $(oc -n goghvideo-test-${RANDOMID} get secret/goghvideo-openshift-builder-pull-secret 2>/dev/null) || $x -eq 10 ]]; do echo "Waiting for secret replication" && sleep 10 && ((x++)); done
if [[ "${x}" -eq 10 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} secrets link default goghvideo-openshift-builder-pull-secret --for=pull
oc apply -f - <<EOF
apiVersion: rabbitmq.com/v1beta1
kind: RabbitmqCluster
metadata:
name: rabbitmq
namespace: goghvideo-test-${RANDOMID}
spec:
delayStartSeconds: 10
image: quay01.ipa.endofday.com/goghvideo/bitnami-rabbitmq
imagePullSecrets:
- name: goghvideo-openshift-builder-pull-secret
persistence:
storage: 10Gi
replicas: 1
resources:
limits:
cpu: "2"
memory: 2Gi
requests:
cpu: "1"
memory: 2Gi
service:
type: ClusterIP
terminationGracePeriodSeconds: 30
EOF
x=0; until [[ -n $(oc -n goghvideo-test-${RANDOMID} get sa/rabbitmq-server 2>/dev/null ) || $x -eq 10 ]]; do echo "Waiting for operator to deploy rabbit" && sleep 5 && ((x++)); done
if [[ "${x}" -eq 10 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} adm policy add-scc-to-user anyuid -z rabbitmq-server
x=0; until [[ $(oc -n goghvideo-test-${RANDOMID} get sts rabbitmq-server -o jsonpath="{.status.readyReplicas}") -gt 0 || $x -eq 20 ]]; do echo "Waiting for Rabbit MQ to startup" && sleep 15 && ((x++)); done
if [[ "${x}" -eq 20 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} create route edge --service=rabbitmq --port=15672
oc -n goghvideo-test-${RANDOMID} get pods
RABBITHOST=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.host | base64decode }}')
RABBITUSER=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.username | base64decode }}')
RABBITPASS=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.password | base64decode }}')
oc -n goghvideo-test-${RANDOMID} create secret generic amqp --from-literal=url=amqp://${RABBITUSER}:${RABBITPASS}@${RABBITHOST}/
curl -O http://${RABBITHOST}:15672/cli/rabbitmqadmin
chmod +x rabbitmqadmin
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare exchange name=conversion type=topic
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=transcode durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=notification durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=upload-nextcloud durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="transcode" routing_key="transcode"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="notification" routing_key="notification"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="upload-nextcloud" routing_key="upload-nextcloud"
echo -n "goghvideo-test-${RANDOMID}" > $(results.namespace.path)
workspaces:
- name: kubeconfig-dir
workspace: dockerconfig
- name: clone-helm-charts
runAfter: ["ephemeral-ns"]
taskRef:
name: git-clone
params:
- name: url
value: $(params.git-helm-url)
workspaces:
- name: output
workspace: helm
- name: ssh-directory
workspace: gitsshauth
- name: deploy-testver
runAfter: ["clone-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: conversion-engine
- name: release_namespace
value: $(tasks.ephemeral-ns.results.namespace)
- name: release_name
value: conversion-engine
- name: overwrite_values
value: "image.tag=$(tasks.git-semver.results.version)"
workspaces:
- name: source
workspace: helm
- name: deploy-upload-to-nextcloud
runAfter: ["clone-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: upload-to-nextcloud
- name: release_namespace
value: $(tasks.ephemeral-ns.results.namespace)
- name: release_name
value: upload-to-nextcloud
workspaces:
- name: source
workspace: helm
- name: pass-pr-check
runAfter: ["deploy-testver"]
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Tekton CI Pipeline
- name: STATE
value: success
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines
- name: perform-merge
runAfter: ["pass-pr-check"]
taskRef:
name: gitea-merge-pr
params:
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Automatically merged by CI pipeline
- name: INDEX
value: $(params.git-pr-index)
- name: MERGETYPE
value: $(params.git-merge-type)
- name: DELETEBRANCH
value: $(params.git-merge-delete-branch)
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines
finally:
- name: fail-pr-check
when:
- input: $(tasks.status)
operator: in
values:
- Failed
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Tekton CI Pipeline
- name: STATE
value: failure
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines

116
secrets/git-secret.yaml Normal file
View File

@@ -0,0 +1,116 @@
apiVersion: v1
kind: Secret
metadata:
name: git-credentials
annotations:
tekton.dev/git-0: git-ssh.ipa.endofday.com
namespace: goghvideo-cicd-pipeline
type: kubernetes.io/ssh-auth
stringData:
known_hosts: ENC[AES256_GCM,data:jpopgIOwhOAjehFTsc85kVSdW/0qJZbgMlShlPM0hXd+GF7vZ4CxPHiRtwqPh67lwblhGoYIEC7Cwk8qnJbQtQXNUBrHjSjsxi048Dm/W5onHZfDI6UkA6trJQj3tJLBcJ/EMEfqJ6lSyE0m3l1E7o7cNFAvTZCJP8MSWY0XuB9hPfclP1k/wf7/EURV68rJVxkCAgdIUlGu2a+OVFxDgEMaVp4Y5OqZFDgAuDTWci5nwX5638Zgjeuiak7gjL/Z+HFSAUacxJAC98GX0KiBGPKCWSkhgjMQ/kA/PHE4l/iiZBCQau4JTPM5fH3zqrEhvQ/k2vND9vS72FUBXFmaQBVbca/It8SW0EEkufeCchnO33yYPPW9dMqL8BQmmF+AAKQz51hm4l3I0BH1BSym1+1NeZi6qd+9GygbVdLelbRgQnS/w+xmbPlWXgDsxP8wY6xYZJrRT1gaKBfodxjThvNZI9s1n8MED+LO9Pos7rXvMSE2VySalJ0nllJdhQ0Kfn18jCkA/Fg6lf1FMJtss9cbeAcjGYpevJI/thLuOdUSbsY2oQyiJ/NWhdRtbDmIvfZdUiGJBPxz6RDwZowXpeVb10FChBYKugpmLLKzVkKxF9Z/WhHWBQdNTAicpy/c1fPYIiCowViaImHiSAArm8uxIn56TJTvLrcBP+QltXbESroseV7IEjFBymQM0AO7oDcJDsn/NUDLUvuzRAf2yYe7o1mEueR5MOWc7V0UUKTIVRme3LJ0rXnREyDAgnSBPod1DIDv3yg1lmgZbwA/DYR/IdidszDKMIfbWgEeDb8swgxE5iVvBISG5n1FmnlWQl8pOjy/zHPQnLfpqUCpO/QJFovYsP6rCRvJJeZ4GnSuRNYPKm1NeTf4um+Ct1oncL+xGH2rofpHl7oOoCGi0jAzWEt0UXiy+9sPDlzlO1MDGjeRcQxYtllYzrUbVIJuYjAOwd2TzcHtRGrpzranic+uFs7/UqfM4cGabHeoTxatCcMi39riKZ0WqK74RFbItmN0sShfddEOUMv5bx+ntAj5MKF6E10jSsG4X8LMPpe06bXPwosXEQbB/MUCxKhODPTb3NCqbthBN5tP0OnU48GO5nkTQptbeH8jIyr0UY1TG9jgIDsyqYbe5uCM7+RJzQaCVqLGydA/mZHrZP/Tcez+HGK7KazxEj8vaF0k/Iy/ne2F2vVirCyWhmqE0TgKprshRXdXC4R0tiDUIoCrJ4MxucDJOqjO6WirgxCBbNvMtyTjYsyt5ovDNMcqBLBSRtZpo/ToYb3k0BNC0Zx1Fn9OwxuUNwJUObfUEt6fwm40zJm7lxfsHUwcVSTtXd4Y1xGfKxDeOmnnXMxNTE6d8ppYQg2g5HXaA0ewFHlccV/n8XGX72A5Hrno5k5+iA1VLSGecaEylPJO3dE1RbqRMyeDY7gpNsujOZ3uiG90xYPaDn87GtdEAzsws5TgvuCax+EFbpfbS1Gwi2RHSwPtlJwGEIRVYejbJBdGQBCdHyY1Gm5PiY4U7neNTe6bJv27nciz0YnNaniKeF/9v0qI7gI9Rpf3saRTGVBzbAK6T9OPIhI+6BNH6AF42la2miNQO0RPV7/tPeJNX4Y96XrarlH7f+sPIW9l2GVYxwaG/WOm0maLp0PmHCAZpW1CCT3ENJsgvdcPcZtExZSIOUC9k0WHtg6mVKMOWfFM6vmcgqX6o7Jp4skQKhtSuHzz7aJ0nFYEHOyGIU+ukFIceTFs++h2NLmePT8lXeLhiqOfGhwmvb/q+FYCYQr+16u4JlzIQ/hpZhyUvsw/WyzrQPe8SA==,iv:jkxx1XewwWkgMzMgaxn/LaEW/UFm8AvTw/VuRd9S5YU=,tag:ZiqGazl7Fyfb0aYOE+WcQg==,type:str]
data:
ssh-privatekey: ENC[AES256_GCM,data:k9cF7KgB1ERbI9mfqLk+w1FuE8cstq1PeMSh+Q57nxa4FGTRFzStIFyhpDN1beve+FDHuESQNgcftTCFVIvDv2YdiS4oKwudJ0qYIsHxRqFViuoXaBrdFlZgNnKpLlm2q7ZeFQHg2h2SdxUCsO21jN6KL8xfs0F1cpMbONkWb3RRikztZDfswAbtTLnUCS4uyCoeI44WtESx1qLbvlNf05eyUgUMPWe8/qKOMZKwCLYDkO+Fx0Z6GwUiBTgVeg2ggVZQwHsStNvWoKjUGCaqeaPD2peBAgnAiCPqg+R0e3RE37PnHczFf4ISe9743Nfem49app8AGS6NXqGt1YEuesbHGS4wlAhLsju/s2LuU5KCWFvCBNUCLtbklauUfMl4S6zwpoz1G7sSW9InG7cPJVyW0kWTZS85Ff1Ns7DUvxcV8//xNSTOhNuSAVGB3PyIxazZoKW1Li8e7uaiOFunDWr650hF/cJwT7U3QntX4vmJ4LU3NYda+wcCvkaiO8YxbbZueKclays2bO8QMa45CKwYmazUX4+hH7TPcO7RDap8fykFMoDtDNoCcnPDpno/byROYedAjmLFMzt+u4zj4QQhN3/npK4o7VB74RNkM5ZXlEX+PXhUXma/aHzA5d1SDMcOlGPQoyi+tj28jv20EhpF8gIvservLMW8O1hbpCIH88q99LKA0zUB1HdTvWBpHjQzGr4C2bXY7AGxyOQX1+IyC9YAOcWYNy1KAeNql3m17iV4exNVR4JwLPa7R1HDKXgMFDHkWvaMdXbPEJiV6CPkGf68pkZyciRuvzu7v6umXHWSwHprLW2pnOhYTuz2mBlFVqJ55tm/3Y0mYAk6UQ61AYylyIiFdSdFMd35mO+jvqmMjcIL37+6y787678u4OZ/wFAuDB7tqWAXpX6YQ6Rk/W1nAzy5NC+w1d9P2HX+UwcmmyFzrXy88T4QkbZWDT5mYNJ1D+7YiFDWHL4usr9ECy5tjn8iiaDgccq9rGcVkjcIFblBd1hOXXJERaDpEm6XgODYj+kAP/XjtpVJDrxn5xoUfGvaQr8WbP38ph1QtUZkg0avmGojhv5TU9AsShcp5mgg8yQ1JO3zvvwOafiIbaLLNJoh3yOisQgKR/y4k0YGypVEiA9RgCcIppkzPg2Cx+YULBrm31sa4pcmOtMD6cioW+zYJGM7LEYPSWTDB4meKQ3gLLBLwx/2msTeOOqqmQGduPnrbBmPrkxMHygkKQ44++0oK7BTOIV9Y40YDmq0zyjj56wIVP1VPkM6XzEDoAQyYvUv7Te9EkUPGryeM4X1mBsjyqB4PXxBNnk9rB8ACR1V/YsC7xxZXO6bFqwJABh6TfxPkIgEbvvUE34PHQsVKC5wtFlGDcBnt2twiACtktTS5LX2pMLwNrDJtjxmQYumr8YWaYiv/6ITw5HjNLD32S9ilKUFXW1/bxJe5hJhsuO4Uoo+J4YbXMUlZyUOgajP8BJvR/zWmT+aVXayP4Ifb7zwMdjlE7GCQ8UBIHrjRh+KzE4TUataPv+PhKQl7QkOxQeVbKeDRwxLRVs5lpqjX5xTtUunqNe74WdY1gHRqAgZxRMFgWk0Ec3wBRLQBLplTr/n7/soKaXoDGOQ5cwvwuNxF+rZWraUTM6LezpzpvZxX9RAjCXvFc4o9l8HrGiOMZw4wDh378p6RtevYnYD2pNnjeHHZ7Ao5lULsr9VLHWuP1q2t94muGKTPhLYxH7TFcI9FL+/lq9yUT+fhzXPXcGCDTHsw2nObkYd0vbafEkjLhE6BDFQDX5FjygfOVdnCHg4yJS1chwL5pqmtXwpmr8SwQAUikUmBzPUf+9waLQLCEBtujpH5LjyOeLpbYOA6nyE2k2gSwott7h5GeMsGCeLWNnFzOYG/njdmQ3XOyG9kbuFb9TrSmvCdg/jy6WmpAYOMdCCvp/4rQbL48uoWd04IXM6PLE5lAQ/bdGRCMEsZ55ruvCMF3RfiUg4enQcuw0SF69weOyc58j9Q6GN2GUX8VwQj+pA2r1CKDGNK97WeBtydGc65DcXKD7VFl090sfluR1UAYOYFKE2u7rzcJC4t198o4NWkcdnCjoimDLfs8knHnu0BJdhyf4kJsfYmIFKQU0NM0vTfWi+VEbxtd+82U4IyMSaAzylIs9uf3foiuwKZdK/dIZTg1D2SQcF5dgzP2iFH5qdZMb8uQ4WZH6cRgNIS82ULyVZoGv+si6kzj2qzJUeFLTwMmFlbNm6umZLK2/nuNUHrIYJ0aNZV/kDszWQQZ08IJ0ZVGD/HI9UBKa7ULITf89pWYylL5EZ1UgMTeHBlcVEwnWTJMNEEGQTF6dxRuAk2ksDTppDhkHiZVslxaB41FxZDewRtBu6ZohKnQgEUf1CS/9x239mSzvtQZbu3CcdQPkWFKjJUjdiN8TrirRPdbB3AmbpYITPFuaABEqi6JQLkPi9QtugaTy6QrPS1XZaafkDEm0f0QI4WQyag4D4lkiqgWZ+pmpjf8HmgFWk0IqJJljnMGwKDLCJ3Yaone5C6wSIN2Pb1KC28ZYZeXEiUeVGAuhlGZ8uR9Ziho1FdWlAx4fzsF7XiClHQFNaXhtcGtxTsodmYsYjZXlrFx9guZgqJJGmfVcK5Tc3b2FB67y33WAWzXug1Z8zbsEZvXQtbFCJ+ph5uZc1fnermZx9yp4Xhxq+mvs6n5J1GsW/uiksjo1+TGQ5lLFdp7HqH5HawCcAhFqm5vv8o9VQwcYcw1jQXRLo2s0R5iwpuqc52uu0gZnT2qs5i8a51oEBPazZH7AIQEQJUUcWuoYkFuM75Dd7jW4dPkP9t4bsO9LnerKGTNCzGk1ph9FadOsulfqJlEF3TQpZz6PvcPP7NFcSkak6gOxu1S71weNrRepCQuKR2n9Y451OLl0bUwyVSxeBUDg9IpKuA3gTtK9fu6fYvCVnZa4QNKiIIfChdFHpHkcCFXVBBSN3x+Hd3d8oEK5SCAmNKbkZ6KpRRKwagQYh69uCwhyybxv+xXkIpiUAQLzqxTXBpHaD/NzU9Er5zEFX9azYLXyUi/VQsKT+HQAv5lIgbuimesm1Y3nJtUxrAdkC/Tz/OHITISJknC0LUOo2Xb8OH7k9hZO85Yiy/Dw3+tyjaYabG4JrwCNjRkzE+yLiUHUbenKzqhIfiShhh+naQh83R5IDrtmQ+2hWAsHARu9BIp1MU4VyVW88CbZFfcjH4sikU3uPO29r/iA95t/UHcA4Od5b02CHAjJqoe2BsJMP88Tpy1HhI/l8cVki/RwongtR2ARwod/nocuJl/2U9B1qvsp5mKrV5b94aJVq7T8vJSbewGBG903DNGBa5n3LMm4IBjqQcmvNNXiK+1Jrg4TYwej+VDdXToQ3lEgUT0CZdw8nJDN5hT0o8zQ1X0ciZ+3w8185Bj0p7UVp2ncZX6qTRfnyghKzHH4WZs/388gY119Q47F9uJEjmRmPEsR9zmMdjtEXucl/cgO9TlgI71ywTEr7ovwjQLgTvSbZ/o17JQLtm7sGcgU+tm4bKlffWGRKgQpqBTCD1/yqLl61AM16NK/9NMp7SUqQdIkfrkd+qxAmNPXWPC0kmeSaYLENV4DuHXZIvTiEf1bI4ZPp1EL+DeY4KSjOPEJ3CR1R5NIeUMwua/o6y5qvWHftvlMTfbaEbJu17vpWSqTl785bFj9VfCSlbgaDj60zYCEYboD2ljV8MCec88+lW/+Be+iuRPWvvFcg08EpHURJznTeKa2NerFoynJfSxqUxYZS26TyQGNiVCsrbqCEOw59Tp+lZ05JpdzwR+zB0NRPXNH4sKyFnLBDw39Cs/Xsaa1kau8GKGmwgJRfq3lTq5HfYtyqsF3Gs38g2SLIuG/UYKLQK4S7AxkLyexbveqr74HRcyvhv5RBUEmLf6AXm1aIJhsXnAn7lSoPRPmbSEnnFQkgijYR1TfL9EWxAMG9HSo5sCerVhnBeFKj3ARHS95yMVa3sUhfiTy11/PkQs9I5K0zkmnA94En7E1kwsKVVJajP+lEXSgabXy5H1tBCpWaJs5gARacouY3j24GbvvbJMqqepcbjRwfeFJXhNeb/1XVAVnA2dsXE2j1ld6LphD79QILwJ6H0Al5eg4WmlZ80kO2kK98s+BhoTVVxpojRXfwkurOW/s5TkAgC7RmINJBD69g1atgpV4tEap2PzVKMgdD2ELhiCYe86qQHBd9Q0JkiaSerH3Sal17iJWj/9UMyN0HOPA4YxIAkr5GbupUGe5a98u6lsBVL6kJT59Sq1hIGnofZTlw9vN4HoGqQtmkvfLB4b0n4F6umBQjUKWHlrddwel1qRMep283Ft+fdCtsE8ki7ktcNte6N7k9Q6YTfbFnb0yi/17VyVn/33onMFTJwv0wIUnyIjMwObUrcG8BeVTSL9BGybShwhxt6bgxp+RRueLG4guyRh5pavMe0D+XsiNDCyXW+kFUjQBN3UwIlbXh2arhhd8wfEps5qrQzI0A8g2PnJR2afArHmrxzG6GCFmiNXsefi4TZepOg9ImBIKFI/EzJ+tx9Eub4JDD+i3YihaXL3K0SsUTBkHBGLOPS9JH8/fXHM2G/gYvKNtLrsVFzhF1WpNTOfQufAnJoCqYETlyg/TJ6BCJoz/uTylhCbuE7MT4WXDIsg==,iv:JKjKDMEYtyMZ0/H0OAob6fJfrE+v3c90nVehxV1D5vw=,tag:q30FrYBCop5tW112yNgkrA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2023-09-24T22:56:50Z"
mac: ENC[AES256_GCM,data:UqYcmRw0z3sMW8TkdUIdhFjHJ34B0k3XdN/LvAna6KhLvxta/BQZ9im97MJqeLgwgKHhFsG6zwYkgsjPi8B7nMb5esxc+A7R8ipzKjVLWNtjyEtJV3X+o++C4I98Jtd6QedHU4RHiQBB3PTwi70ObmqQrscvwUp6F7tsiMyxRhw=,iv:A+3heWAoGPVuMA85tFYVx32QqdZ2yKkYI1MvVXtD/jQ=,tag:HP9kPLUYjXnt5dcy77oxGQ==,type:str]
pgp:
- created_at: "2023-09-24T22:56:50Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcDMA0gtINCTAeZuAQwAqvrlHhNnorSO6wqiMfJMNto4VO26yIRktyA4B1S3eeGR
5sZgX/xaVuGD2swf3FwRYLt/nUWIYKmiG7ktbFqx3+lN92xMq31gaT9JROQV1Bbi
RNe5Sbc8Dr6VeZVqnHGcsQU5T094PCbDaWEXkE4TyoRwDyJCEI2fsB374Q4pWfnq
W0rj4nUcdW86Q5XTgsrhsbNNIaQ6bcrb60LmZvFB3d834KTB7eOaBcjnm8VIvWEa
uT+AVR+mH2mBEJWiogSYFwdd/sOHJBJjZdVrH+AUamFewlG+CpU5+bPSDtxAQCDQ
talrZ2pNOU4M01xc3DrhjqFYvFTEN0n68E9WAFR6HwO6WkHNIetUT30lyV11s1w0
jekndMYPJAJJDnFu+kMBLNyUh343HTBp3a2UhE80Sgflbc6mDnj9RQosKgOSBmyo
fJLHGb891ZVu3PaClPQEbjG6fSmjhjTUjh2PTB3+KIPKqr2r7EfRF5sH4rFafrL3
ygAcqRzbGMUljJM+ECT00lEBBg7daWSQbf8oFTuLrblJmm55Vj/3zPLzifQLxDRe
52LSnREJWBwDZO3Pgcdo4WCXCRSkr9h+jh4sacaYm+nDrPtAtUKlWmFwJboUhiWY
owo=
=d61F
-----END PGP MESSAGE-----
fp: 72E72623346EA4589F9348C8DD8DF053BEDF14D1
encrypted_regex: ^(user.*|pass.*|.*[Bb]earer.*|.*[Kk]ey|.*[Kk]eys|salt|sentry.*|.*[Tt]oken|data.*|stringData.*)$
version: 3.7.3
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: pipeline
namespace: goghvideo-cicd-pipeline
secrets:
- name: git-credentials
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2023-09-24T22:56:50Z"
mac: ENC[AES256_GCM,data:UqYcmRw0z3sMW8TkdUIdhFjHJ34B0k3XdN/LvAna6KhLvxta/BQZ9im97MJqeLgwgKHhFsG6zwYkgsjPi8B7nMb5esxc+A7R8ipzKjVLWNtjyEtJV3X+o++C4I98Jtd6QedHU4RHiQBB3PTwi70ObmqQrscvwUp6F7tsiMyxRhw=,iv:A+3heWAoGPVuMA85tFYVx32QqdZ2yKkYI1MvVXtD/jQ=,tag:HP9kPLUYjXnt5dcy77oxGQ==,type:str]
pgp:
- created_at: "2023-09-24T22:56:50Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcDMA0gtINCTAeZuAQwAqvrlHhNnorSO6wqiMfJMNto4VO26yIRktyA4B1S3eeGR
5sZgX/xaVuGD2swf3FwRYLt/nUWIYKmiG7ktbFqx3+lN92xMq31gaT9JROQV1Bbi
RNe5Sbc8Dr6VeZVqnHGcsQU5T094PCbDaWEXkE4TyoRwDyJCEI2fsB374Q4pWfnq
W0rj4nUcdW86Q5XTgsrhsbNNIaQ6bcrb60LmZvFB3d834KTB7eOaBcjnm8VIvWEa
uT+AVR+mH2mBEJWiogSYFwdd/sOHJBJjZdVrH+AUamFewlG+CpU5+bPSDtxAQCDQ
talrZ2pNOU4M01xc3DrhjqFYvFTEN0n68E9WAFR6HwO6WkHNIetUT30lyV11s1w0
jekndMYPJAJJDnFu+kMBLNyUh343HTBp3a2UhE80Sgflbc6mDnj9RQosKgOSBmyo
fJLHGb891ZVu3PaClPQEbjG6fSmjhjTUjh2PTB3+KIPKqr2r7EfRF5sH4rFafrL3
ygAcqRzbGMUljJM+ECT00lEBBg7daWSQbf8oFTuLrblJmm55Vj/3zPLzifQLxDRe
52LSnREJWBwDZO3Pgcdo4WCXCRSkr9h+jh4sacaYm+nDrPtAtUKlWmFwJboUhiWY
owo=
=d61F
-----END PGP MESSAGE-----
fp: 72E72623346EA4589F9348C8DD8DF053BEDF14D1
encrypted_regex: ^(user.*|pass.*|.*[Bb]earer.*|.*[Kk]ey|.*[Kk]eys|salt|sentry.*|.*[Tt]oken|data.*|stringData.*)$
version: 3.7.3
---
apiVersion: v1
kind: Secret
metadata:
name: goghvideo-registry-pusher
namespace: gighvideo-cicd-pipeline
type: Opaque
data:
config.json: ENC[AES256_GCM,data:LlNGwsCcdlbsHz9OubLSFOgO0E3JG/6QY5gIz1STB7fbMspjs1q8DJMsSnMRz+DjyDR0Z7Q0V1tHjEjtimXDLWltAoV31xaEmcW8kun9YdegSuSylaxjZ+lpGwcMjNkQgx3um3Ao/fd3U50WJTy8LlN7C4WS+7AmjupXUVHVxGmf9cLKV9OZOMhdriAjkrk5S/hCh4UjFFW1tFVfbC/JnGme9jT5vW9JVrxiC9HW5i97DvvzPdKuvc4/d6Ai1n7CXj0lBnEesYxJ+FHyz+VJQPpFKhkM/8evUhdbXoQamgLoXkD/21wY2jJFRzcLqDcC1RnZtYic63zoRrehf80d0RVOFeG0YF4Ir1tsMLrhRB5SGGhT8RctYyrCl1dGuMmIo8IM0T49HBM=,iv:GqKqO70KwCFFq4120d7p1oPGu9NAaOwrBjrSzO2TQ9I=,tag:Z1K8kPFInWrhxCFXFiFCKA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2023-09-24T22:56:50Z"
mac: ENC[AES256_GCM,data:UqYcmRw0z3sMW8TkdUIdhFjHJ34B0k3XdN/LvAna6KhLvxta/BQZ9im97MJqeLgwgKHhFsG6zwYkgsjPi8B7nMb5esxc+A7R8ipzKjVLWNtjyEtJV3X+o++C4I98Jtd6QedHU4RHiQBB3PTwi70ObmqQrscvwUp6F7tsiMyxRhw=,iv:A+3heWAoGPVuMA85tFYVx32QqdZ2yKkYI1MvVXtD/jQ=,tag:HP9kPLUYjXnt5dcy77oxGQ==,type:str]
pgp:
- created_at: "2023-09-24T22:56:50Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcDMA0gtINCTAeZuAQwAqvrlHhNnorSO6wqiMfJMNto4VO26yIRktyA4B1S3eeGR
5sZgX/xaVuGD2swf3FwRYLt/nUWIYKmiG7ktbFqx3+lN92xMq31gaT9JROQV1Bbi
RNe5Sbc8Dr6VeZVqnHGcsQU5T094PCbDaWEXkE4TyoRwDyJCEI2fsB374Q4pWfnq
W0rj4nUcdW86Q5XTgsrhsbNNIaQ6bcrb60LmZvFB3d834KTB7eOaBcjnm8VIvWEa
uT+AVR+mH2mBEJWiogSYFwdd/sOHJBJjZdVrH+AUamFewlG+CpU5+bPSDtxAQCDQ
talrZ2pNOU4M01xc3DrhjqFYvFTEN0n68E9WAFR6HwO6WkHNIetUT30lyV11s1w0
jekndMYPJAJJDnFu+kMBLNyUh343HTBp3a2UhE80Sgflbc6mDnj9RQosKgOSBmyo
fJLHGb891ZVu3PaClPQEbjG6fSmjhjTUjh2PTB3+KIPKqr2r7EfRF5sH4rFafrL3
ygAcqRzbGMUljJM+ECT00lEBBg7daWSQbf8oFTuLrblJmm55Vj/3zPLzifQLxDRe
52LSnREJWBwDZO3Pgcdo4WCXCRSkr9h+jh4sacaYm+nDrPtAtUKlWmFwJboUhiWY
owo=
=d61F
-----END PGP MESSAGE-----
fp: 72E72623346EA4589F9348C8DD8DF053BEDF14D1
encrypted_regex: ^(user.*|pass.*|.*[Bb]earer.*|.*[Kk]ey|.*[Kk]eys|salt|sentry.*|.*[Tt]oken|data.*|stringData.*)$
version: 3.7.3

36
secrets/webhook-secret.yaml Normal file
View File

@@ -0,0 +1,36 @@
apiVersion: v1
kind: Secret
metadata:
name: webhook-secret
type: Opaque
stringData:
sharedSecret: ENC[AES256_GCM,data:9gMFnwgpnT5zWzGvSDqlm5ngxzFGyEMuGnr81sV934I=,iv:0nw+g3kPA46NFOMLFjstt8lNvsIBpM5rjgjTVYJdTjo=,tag:hAu5FtiLG4JMOab2hM/9BQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2023-09-24T22:48:50Z"
mac: ENC[AES256_GCM,data:cRp/c6CS+oUGVDFaHR9uYHKKr3bA78zoGQmVTVTxjMNNk+Pd7M4Wj8FfrEMe0IQoQlLr9HQijL9LlANbcr4o0+drxSD9iXUN1qUcnkM9L8qaHoDtWilor7HwZf6ySl238/wkNLVoT6UKMpKZXFhI5EF7MScDR7c7SNVgoYAjaic=,iv:Palg6zpKOjqgMaCMva05FkAffTaq3VIaQVVyxPS5/YU=,tag:rZ5zk3KeNQL2H8opeH+kHA==,type:str]
pgp:
- created_at: "2023-09-24T22:48:50Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcDMA0gtINCTAeZuAQv/S89/a9NbXrCcw/s1Slf/jWahFi7IEcgPIA+o2axUJJJN
GiJ/fI219MHktgGmXbw8ZOUAkYA5undRh8ew5XY0JlNuu0OUHfKta+LjkeNlMByR
kFWNXTj7okObJmGieB/+awpmtQi0GNNg3K7SpMThcMBMPsvXFYR3hRMgIM08w7FL
Q4AzxbOfI5fexpWVW7CdBtKZbbfK9+SH7mKPBuDyFAOchFD+TIh1BvcZmitqVUNy
MlUE/twwxCQFGE65zgY/N568ML/cRDmmahISemVTOxkXs9Jo8xhqKh7ebFWmfLHX
dlxip+b652rvt/dIIFOyDiXka7w20zkhBSMPMDxQn7Ckc5ttstbCyhQJpdyK0YhM
d3BPqIwxtLKUTnkiKLXysMjoqxSC4kJHtpsHKQU/FNZzewEo/6LEoQ7RyBwVM71H
aymijKx9X57BHx+YX6eNLQQFSctN/+7Z3Xi05UK9VHzlBM6weDezHrDN0Ue8THRA
WykySzbolV3pBriRk5Dx0lEBS1rV4HjpNfS8fZPX05l+j8bJgjy81UZKxAo/R9QM
nmpmgJ/+Ub+RudD/d/YEkiirgG2OnsFRBU+u/u9Qi14YZilQYAB5dFTvIB4OTus1
L8w=
=Keic
-----END PGP MESSAGE-----
fp: 72E72623346EA4589F9348C8DD8DF053BEDF14D1
encrypted_regex: ^(user.*|pass.*|.*[Bb]earer.*|.*[Kk]ey|.*[Kk]eys|salt|sentry.*|.*[Tt]oken|data.*|stringData.*)$
version: 3.7.3

29
tasks/generate-image-tag-task.yaml Normal file
View File

@@ -0,0 +1,29 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: generate-image-tag
namespace: goghvideo-cicd-pipeline
spec:
params:
- name: image
type: string
- name: version
type: string
results:
- name: imagetag
type: string
steps:
- name: concatenate-strings
image: quay01.ipa.endofday.com/goghvideo/rockylinux:9-ubi
env:
- name: IMAGE
value: $(params.image)
- name: TAG
value: $(params.version)
script: |
#!/usr/bin/env bash
IMAGE=$(echo -n ${IMAGE})
TAG=$(echo -n ${TAG})
echo -n "${IMAGE}:v${TAG}" > "$(results.imagetag.path)"

34
tasks/git-semver.yaml Normal file
View File

@@ -0,0 +1,34 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: git-semver
namespace: goghvideo-cicd-pipeline
spec:
params:
- name: gitrepositoryurl
type: string
- name: gitbranch
type: string
default: master
results:
- name: version
type: string
steps:
- name: clone-and-calculate-semver
image: quay01.ipa.endofday.com/goghvideo/gitversion:latest
env:
- name: PARAM_REPO
value: $(params.gitrepositoryurl)
- name: PARAM_BRANCH
value: $(params.gitbranch)
script: |
#!/usr/bin/env bash
USERNAME=$(cat /workspace/gitauth/username)
PASSWORD=$(cat /workspace/gitauth/password)
/tools/dotnet-gitversion /url ${PARAM_REPO} /b ${PARAM_BRANCH} /u ${USERNAME} /p ${PASSWORD} /dynamicRepoLocation /workspace/repo /overrideconfig mode=Mainline /showvariable MajorMinorPatch /verbosity quiet > $(results.version.path)
securityContext:
runAsNonRoot: true
runAsUser: 65532
workspaces:
- name: repo
- name: gitauth

132
tasks/gitea-merge-pr.yaml Normal file
View File

@@ -0,0 +1,132 @@
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: gitea-merge-pr
namespace: goghvideo-cicd-pipeline
spec:
description: |-
This task will merge a PR and delete the branch.
params:
- description: |
The Gitea host, e.g: git.yourcompany.com. Can include port.
name: GITEA_HOST_URL
type: string
- default: https
description: |
If we should connect with HTTP or HTTPS. Use "http" or "https" here.
name: GITEA_HTTPS_OR_HTTP
type: string
- default: /api/v1
description: |
The API path prefix of Gitea, default: /api/v1
name: API_PATH_PREFIX
type: string
- description: |
The Gitea repository full name, e.g.: tektoncd/catalog
name: REPO_FULL_NAME
type: string
- default: gitea
description: |
The name of the kubernetes secret that contains the Gitea token, default: gitea
name: GITEA_TOKEN_SECRET_NAME
type: string
- default: token
description: |
The key within the kubernetes secret that contains the Gitea token, default: token
name: GITEA_TOKEN_SECRET_KEY
type: string
- description: |
Merge Index Number
name: INDEX
type: string
- description: |
The target URL to associate with this status. This URL will be linked
from the Gitea UI to allow users to easily see the source of the
status.
name: TARGET_URL
type: string
- description: |
A short description of the status.
name: DESCRIPTION
type: string
- default: continuous-integration/tekton
description: |
The Gitea context, A string label to differentiate this status from
the status of other systems. ie: "continuous-integration/tekton"
name: CONTEXT
type: string
- description: |
The merge message field
name: MERGETYPE
type: string
- default: python:3.10.1-alpine3.15@sha256:affe0faa14e7553fc570beec3864e74b5e36f8c19b2bb49ae8ba79c0e9e7236e
description: |
Image providing the python binary which this task uses.
name: IMAGE
type: string
- default: true
description: |
Delete the branch after merge
name: DELETEBRANCH
type: string
- default: /usr/bin/env python
description: |
Python path. Depends on the image.
name: SHEBANG
type: string
steps:
- image: $(params.IMAGE)
name: merge-pull-request
script: |
#!$(params.SHEBANG)
"""This script will set the CI status on a Gitea commit"""
import json
import sys
import http.client
gitea_token = open("/etc/gitea-set-status/$(params.GITEA_TOKEN_SECRET_KEY)", "r").read()
merge_url = "$(params.API_PATH_PREFIX)" + "/repos/$(params.REPO_FULL_NAME)/" + \
"pulls/$(params.INDEX)/merge"
data = {
"Do": "$(params.MERGETYPE)",
"MergeMessageField": "$(params.DESCRIPTION)",
"MergeTitleField": "$(params.CONTEXT)"
}
print("Sending this data to Gitea: ")
print(data)
authHeader = "token " + gitea_token
if "$(params.GITEA_HTTPS_OR_HTTP)" == "https":
conn = http.client.HTTPSConnection("$(params.GITEA_HOST_URL)")
else:
conn = http.client.HTTPConnection("$(params.GITEA_HOST_URL)")
conn.request(
"POST",
merge_url,
body=json.dumps(data),
headers={
"User-Agent": "TektonCD, the peaceful cat",
"Authorization": authHeader,
"Accept": "application/json",
"Content-Type": "application/json",
})
resp = conn.getresponse()
if not str(resp.status).startswith("2"):
print("Error: %d" % (resp.status))
print(resp.read())
sys.exit(1)
else:
print("Gitea merge completed on $(params.REPO_FULL_NAME)")
volumeMounts:
- mountPath: /etc/gitea-set-status
name: giteatoken
volumes:
- name: giteatoken
secret:
secretName: $(params.GITEA_TOKEN_SECRET_NAME)

81
tasks/golangci-lint.yaml Normal file
View File

@@ -0,0 +1,81 @@
apiVersion: tekton.dev/v1
kind: Task
metadata:
annotations:
tekton.dev/categories: Code Quality
tekton.dev/displayName: golangci lint
tekton.dev/pipelines.minVersion: 0.12.1
tekton.dev/platforms: linux/amd64
tekton.dev/tags: lint
labels:
app.kubernetes.io/version: "0.2"
name: golangci-lint
namespace: goghvideo-cicd-pipeline
spec:
description: This Task is Golang task to validate Go projects.
params:
- description: base package (and its children) under validation
name: package
type: string
- default: .
description: path to the directory to use as context.
name: context
type: string
- default: --verbose
description: flags to use for the test command
name: flags
type: string
- default: v1.39
description: golangci-lint version to use
name: version
type: string
- default: linux
description: running operating system target
name: GOOS
type: string
- default: amd64
description: running architecture target
name: GOARCH
type: string
- default: auto
description: value of module support
name: GO111MODULE
type: string
- default: ""
description: Go caching directory path
name: GOCACHE
type: string
- default: ""
description: Go mod caching directory path
name: GOMODCACHE
type: string
- default: ""
description: golangci-lint cache path
name: GOLANGCI_LINT_CACHE
type: string
steps:
- env:
- name: GOPATH
value: /workspace
- name: GOOS
value: $(params.GOOS)
- name: GOARCH
value: $(params.GOARCH)
- name: GO111MODULE
value: $(params.GO111MODULE)
- name: GOCACHE
value: $(params.GOCACHE)
- name: GOMODCACHE
value: $(params.GOMODCACHE)
- name: GOLANGCI_LINT_CACHE
value: $(params.GOLANGCI_LINT_CACHE)
image: quay01.ipa.endofday.com/goghvideo/golang-lint:$(params.version)
name: lint
script: |
golangci-lint run $(params.flags)
workingDir: $(workspaces.source.path)/$(params.context)
workspaces:
# - mountPath: /workspace/src/$(params.package)
# name: source
- name: source

45
tasks/openshift-ephemeral-namespace-client.yaml Normal file
View File

@@ -0,0 +1,45 @@
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: openshift-ephemeral-namespace-client
namespace: goghvideo-cicd-pipeline
spec:
description: |-
This task runs commands against the cluster provided by user and if not provided then where the Task is being executed.
OpenShift is a Kubernetes distribution from Red Hat which provides oc, the OpenShift CLI that complements kubectl for simplifying deployment and configuration applications on OpenShift.
params:
- default: oc help
description: The OpenShift CLI arguments to run
name: SCRIPT
type: string
- default: "4.7"
description: The OpenShift Version to use
name: VERSION
type: string
results:
- name: namespace
type: string
description: The namespace which was created
steps:
- image: quay.io/openshift/origin-cli:$(params.VERSION)
name: oc
script: |
#!/usr/bin/env bash
[[ "$(workspaces.manifest-dir.bound)" == "true" ]] && \
cd $(workspaces.manifest-dir.path)
[[ "$(workspaces.kubeconfig-dir.bound)" == "true" ]] && \
[[ -f $(workspaces.kubeconfig-dir.path)/kubeconfig ]] && \
export KUBECONFIG=$(workspaces.kubeconfig-dir.path)/kubeconfig
$(params.SCRIPT)
workspaces:
- description: The workspace which contains kubernetes manifests which we want to
apply on the cluster.
name: manifest-dir
optional: true
- description: The workspace which contains the the kubeconfig file if in case we
want to run the oc command on another cluster.
name: kubeconfig-dir
optional: true

107
tasks/s2i-go-debug.yaml Normal file
View File

@@ -0,0 +1,107 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: s2i-go-debug
namespace: goghvideo-cicd-pipeline
spec:
description: s2i-go task clones a Git repository and builds and pushes a container
image using S2I and a Go builder image.
params:
- default: latest
description: The tag of go imagestream for go version
name: VERSION
type: string
- default: .
description: The location of the path to run s2i from.
name: PATH_CONTEXT
type: string
- default: "true"
description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS
registry)
name: TLSVERIFY
type: string
- description: Location of the repo where image has to be pushed
name: IMAGE
type: string
- default: registry.redhat.io/rhel8/buildah@sha256:00795fafdab9bbaa22cd29d1faa1a01e604e4884a2c935c1bf8e3d1f0ad1c084
description: The location of the buildah builder image.
name: BUILDER_IMAGE
type: string
- default: "false"
description: Skip pushing the built image
name: SKIP_PUSH
type: string
- description: Environment variables to set during _build-time_.
name: ENV_VARS
type: array
results:
- description: Digest of the image just built.
name: IMAGE_DIGEST
type: string
steps:
- args:
- $(params.ENV_VARS[*])
env:
- name: HOME
value: /tekton/home
image: registry.redhat.io/ocp-tools-4-tech-preview/source-to-image-rhel8@sha256:98d8cb3a255641ca6a1bce854e5e2460c20de9fb9b28e3cc67eb459f122873dd
name: generate
script: |
echo "Processing Build Environment Variables"
echo "" > /env-vars/env-file
for var in "$@"
do
echo "$var" >> /env-vars/env-file
done
echo "Outputting Generated /env-vars/env-file"
cat /env-vars/env-file
s2i build $(params.PATH_CONTEXT) image-registry.openshift-image-registry.svc:5000/openshift/golang:$(params.VERSION) \
--as-dockerfile /gen-source/Dockerfile.gen --environment-file /env-vars/env-file
echo "Outputting Generated /gen-source/Dockerfile.gen file"
cat /gen-source/Dockerfile.gen
volumeMounts:
- mountPath: /gen-source
name: gen-source
- mountPath: /env-vars
name: env-vars
workingDir: $(workspaces.source.path)
- image: $(params.BUILDER_IMAGE)
name: build-and-push
script: |
find . -type f -ls
buildah --log-level=info bud --storage-driver=vfs --tls-verify=$(params.TLSVERIFY) \
--layers -f /gen-source/Dockerfile.gen -t $(params.IMAGE) .
[[ "$(params.SKIP_PUSH)" == "true" ]] && echo "Push skipped" && exit 0
[[ "$(workspaces.dockerconfig.bound)" == "true" ]] && export DOCKER_CONFIG="$(workspaces.dockerconfig.path)"
buildah push --storage-driver=vfs --tls-verify=$(params.TLSVERIFY) \
--digestfile $(workspaces.source.path)/image-digest $(params.IMAGE) \
docker://$(params.IMAGE)
cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST
securityContext:
capabilities:
add:
- SETFCAP
volumeMounts:
- mountPath: /var/lib/containers
name: varlibcontainers
- mountPath: /gen-source
name: gen-source
workingDir: /gen-source
volumes:
- name: varlibcontainers
- name: gen-source
- name: env-vars
workspaces:
- mountPath: /workspace/source
name: source
- description: An optional workspace that allows providing a .docker/config.json
file for Buildah to access the container registry. The file should be placed
at the root of the Workspace with name config.json.
name: dockerconfig
optional: true

18
triggerbinding/gitea-webhook-binding.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerBinding
metadata:
name: gitea-binding
spec:
params:
- name: gitrepositoryurl
value: $(body.repository.clone_url)
- name: gitcommitsha
value: $(body.pull_request.head.sha)
- name: gitfullreponame
value: $(body.pull_request.base.repo.full_name)
- name: gitbranch
value: $(body.pull_request.head.ref)
- name: gitreponame
value: $(body.pull_request.base.repo.name)
- name: gitprindex
value: $(body.pull_request.number)

88
triggertemplate/conversionengine-template.yaml Normal file
View File

@@ -0,0 +1,88 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerTemplate
metadata:
name: conversionengine-template
namespace: goghvideo-cicd-pipeline
spec:
params:
- name: gitrepositoryurl
description: The git repository url
- name: gitfullreponame
description: The org and repo name
- name: gitreponame
description: The name of the repo
- name: gitbranch
description: Branch to act on
- name: gitcommitsha
description: The SHA head
- name: gitprindex
description: The pull request reference
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: goghvideo-conversionengine-
spec:
pipelineRef:
name: ce-buildtest
serviceAccountName: pipeline
params:
- name: git-repo-url
value: $(tt.params.gitrepositoryurl)
- name: git-repo-full-name
value: $(tt.params.gitfullreponame)
- name: git-branch
value: $(tt.params.gitbranch)
- name: git-commit-sha
value: $(tt.params.gitcommitsha)
- name: git-pr-index
value: $(tt.params.gitprindex)
- name: verbose
value: true
- name: lint-package
value: git.endofday.com/goghvideo/conversion-engine
- name: lint-context
value: $(tt.params.gitreponame)/src
- name: image
value: quay01.ipa.endofday.com/goghvideo/conversion-engine
- name: s2i-builder-image
value: quay01.ipa.endofday.com/goghvideo/golang-s2i-buildah:v1
- name: git-token-secret-name
value: git-http-credentials
- name: git-token-secret-key
value: password
- name: git-merge-type
value: squash
- name: git-merge-delete-branch
value: True
- name: git-helm-url
value: git@git-ssh.ipa.endofday.com:goghvideo/helm.git
workspaces:
- name: source
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: nfs-client
- name: gitauth
secret:
secretName: git-http-credentials
- name: gitsshauth
secret:
secretName: git-credentials
- name: dockerconfig
secret:
secretName: goghvideo-registry-pusher
- name: helm
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: nfs-client

88
triggertemplate/upload-to-nextcloud.yaml Normal file
View File

@@ -0,0 +1,88 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerTemplate
metadata:
name: upload2nc-template
namespace: goghvideo-cicd-pipeline
spec:
params:
- name: gitrepositoryurl
description: The git repository url
- name: gitfullreponame
description: The org and repo name
- name: gitreponame
description: The name of the repo
- name: gitbranch
description: Branch to act on
- name: gitcommitsha
description: The SHA head
- name: gitprindex
description: The pull request reference
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: goghvideo-upload2nc-
spec:
pipelineRef:
name: upload-to-nextcloud
serviceAccountName: build-bot
params:
- name: git-repo-url
value: $(tt.params.gitrepositoryurl)
- name: git-repo-full-name
value: $(tt.params.gitfullreponame)
- name: git-branch
value: $(tt.params.gitbranch)
- name: git-commit-sha
value: $(tt.params.gitcommitsha)
- name: git-pr-index
value: $(tt.params.gitprindex)
- name: verbose
value: true
- name: lint-package
value: git.endofday.com/goghvideo/upload-to-nextcloud
- name: lint-context
value: $(tt.params.gitreponame)/src
- name: image
value: quay01.ipa.endofday.com/goghvideo/upload-to-nextcloud
- name: s2i-builder-image
value: quay01.ipa.endofday.com/goghvideo/golang-s2i-buildah:v1
- name: git-token-secret-name
value: git-http-credentials
- name: git-token-secret-key
value: password
- name: git-merge-type
value: squash
- name: git-merge-delete-branch
value: True
- name: git-helm-url
value: git@git-ssh.ipa.endofday.com:goghvideo/helm.git
workspaces:
- name: source
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: nfs-client
- name: gitauth
secret:
secretName: git-http-credentials
- name: gitsshauth
secret:
secretName: git-credentials
- name: dockerconfig
secret:
secretName: goghvideo-registry-pusher
- name: helm
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: nfs-client