goghvideo/cicd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore: refactored for helm management of pipeline objects

Browse Source
This commit is contained in:
Randal Harisch
2023-10-07 18:51:05 -06:00
parent f052787a36
commit 976bc8b1db
75 changed files with 270 additions and 4044 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
charts/conversion-engine/.helmignore Normal file
View File

@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
charts/conversion-engine/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: common
repository: file://../../common
version: 0.1.0
digest: sha256:dd0c1a55ae9ff1f26b9173be4e954796ab5aafd5aed0828b443dc68684e8d592
generated: "2023-10-06T22:08:04.524035034-06:00"

28
charts/conversion-engine/Chart.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: v2
name: conversion-engine
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"
dependencies:
- name: common
version: 0.1.0
repository: file://../../common

BIN
charts/conversion-engine/charts/common-0.1.0.tgz Normal file
View File

Binary file not shown.

1
charts/conversion-engine/templates/eventlistener.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.eventlistener" . -}}

1
charts/conversion-engine/templates/pipeline.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.pipeline" . -}}

2
charts/conversion-engine/templates/task-copy-shared-utilities.yaml Normal file
View File

@@ -0,0 +1,2 @@
{{- template "common.task-copy-shared-utilities" . -}}

1
charts/conversion-engine/templates/task-git-clone.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.task-git-clone" . -}}

2
charts/conversion-engine/templates/task-git-semver.yaml Normal file
View File

@@ -0,0 +1,2 @@
{{- template "common.task-git-semver" . -}}

1
charts/conversion-engine/templates/task-gitea-set-status.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.task-gitea-set-status" . -}}

1
charts/conversion-engine/templates/task-golangci-lint.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.golangci-lint" . -}}

1
charts/conversion-engine/templates/task-helm-upgrade-from-source.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.task-helm-upgrade-from-source" . -}}

1
charts/conversion-engine/templates/task-openshift-client.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.task-openshift-client" . -}}

1
charts/conversion-engine/templates/task-promote.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.promote" . -}}

1
charts/conversion-engine/templates/task-s2i-go.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.s2i-go" . -}}

1
charts/conversion-engine/templates/triggerbinding.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.triggerbinding" . -}}

1
charts/conversion-engine/templates/triggertemplate.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.triggertemplate" . -}}

25
charts/conversion-engine/values.yaml Normal file
View File

@@ -0,0 +1,25 @@
# Default values for notification.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
nameOverride: ""
fullnameOverride: ""
serviceAccount: pipeline
storageClassName: nfs-client
gitHostname: git.endofday.com
quayHostname: quay01.ipa.endofday.com
organizationName: goghvideo
helmRepoUrl: https://git.endofday.com/goghvideo/helm.git
eventlistener:
triggerBinding: gitea
interceptors:
secretKey: sharedSecret
secretName: webhook-secret
eventTypes:
- pull_request
additionalFilter:
- name: filter
value: |
body.action in ["opened"]

1
charts/notification/Chart.yaml
View File

@@ -1,6 +1,5 @@
apiVersion: v2
name: notification
Name: notification
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.

BIN
charts/notification/charts/common-0.1.0.tgz
View File

Binary file not shown.

1
charts/notification/templates/task-git-clone.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.task-git-clone" . -}}

4
charts/notification/values.yaml
View File

@@ -6,7 +6,11 @@ nameOverride: ""
fullnameOverride: ""
serviceAccount: pipeline
storageClassName: nfs-client
gitHostname: git.endofday.com
quayHostname: quay01.ipa.endofday.com
organizationName: goghvideo
helmRepoUrl: https://git.endofday.com/goghvideo/helm.git
eventlistener:
triggerBinding: gitea
interceptors:

23
charts/upload-to-nextcloud/.helmignore Normal file
View File

@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
charts/upload-to-nextcloud/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: common
repository: file://../../common
version: 0.1.0
digest: sha256:dd0c1a55ae9ff1f26b9173be4e954796ab5aafd5aed0828b443dc68684e8d592
generated: "2023-10-06T22:08:04.524035034-06:00"

28
charts/upload-to-nextcloud/Chart.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: v2
name: upload-to-nextcloud
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"
dependencies:
- name: common
version: 0.1.0
repository: file://../../common

BIN
charts/upload-to-nextcloud/charts/common-0.1.0.tgz Normal file
View File

Binary file not shown.

1
charts/upload-to-nextcloud/templates/eventlistener.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.eventlistener" . -}}

1
charts/upload-to-nextcloud/templates/pipeline.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.pipeline" . -}}

2
charts/upload-to-nextcloud/templates/task-copy-shared-utilities.yaml Normal file
View File

@@ -0,0 +1,2 @@
{{- template "common.task-copy-shared-utilities" . -}}

1
charts/upload-to-nextcloud/templates/task-git-clone.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.task-git-clone" . -}}

2
charts/upload-to-nextcloud/templates/task-git-semver.yaml Normal file
View File

@@ -0,0 +1,2 @@
{{- template "common.task-git-semver" . -}}

1
charts/upload-to-nextcloud/templates/task-gitea-set-status.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.task-gitea-set-status" . -}}

1
charts/upload-to-nextcloud/templates/task-golangci-lint.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.golangci-lint" . -}}

1
charts/upload-to-nextcloud/templates/task-helm-upgrade-from-source.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.task-helm-upgrade-from-source" . -}}

1
charts/upload-to-nextcloud/templates/task-openshift-client.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.task-openshift-client" . -}}

1
charts/upload-to-nextcloud/templates/task-promote.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.promote" . -}}

1
charts/upload-to-nextcloud/templates/task-s2i-go.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.s2i-go" . -}}

1
charts/upload-to-nextcloud/templates/triggerbinding.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.triggerbinding" . -}}

1
charts/upload-to-nextcloud/templates/triggertemplate.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.triggertemplate" . -}}

25
charts/upload-to-nextcloud/values.yaml Normal file
View File

@@ -0,0 +1,25 @@
# Default values for notification.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
nameOverride: ""
fullnameOverride: ""
serviceAccount: pipeline
storageClassName: nfs-client
gitHostname: git.endofday.com
quayHostname: quay01.ipa.endofday.com
organizationName: goghvideo
helmRepoUrl: https://git.endofday.com/goghvideo/helm.git
eventlistener:
triggerBinding: gitea
interceptors:
secretKey: sharedSecret
secretName: webhook-secret
eventTypes:
- pull_request
additionalFilter:
- name: filter
value: |
body.action in ["opened"]

2
common/templates/_task-copy-shared-utilities.yaml
View File

@@ -8,7 +8,7 @@ apiVersion: tekton.dev/v1
kind: Task
metadata:
name: copy-shared-utilities
namespace: {{ include "common.name" . }}
namespace: {{ .Release.Namespace }}
spec:
steps:
- image: {{ .Values.quayHostname }}/goghvideo/rockylinux:9-ubi

20
tasks/git-clone.yaml → common/templates/_task-git-clone.yaml
View File

@@ -1,18 +1,14 @@
{{- define "common.task-git-clone" }}
{{- $common := dict "Values" .Values.common -}}
{{- $noCommon := omit .Values "common" -}}
{{- $overrides := dict "Values" $noCommon -}}
{{- $noValues := omit . "Values" -}}
{{- with merge $noValues $overrides $common -}}
apiVersion: tekton.dev/v1
kind: Task
metadata:
annotations:
tekton.dev/categories: Git
tekton.dev/displayName: git clone
tekton.dev/pipelines.minVersion: 0.38.0
tekton.dev/platforms: linux/amd64,linux/s390x,linux/ppc64le,linux/arm64
tekton.dev/tags: git
labels:
app.kubernetes.io/version: "0.9"
operator.tekton.dev/operand-name: openshift-pipelines-addons
operator.tekton.dev/provider-type: redhat
name: git-clone
namespace: goghvideo-cicd-pipeline
namespace: {{ .Release.Namespace }}
spec:
description: |-
These Tasks are Git tasks to work with repositories used by other tasks in your Pipeline.
@@ -244,3 +240,5 @@ spec:
verify the peer with when fetching or pushing over HTTPS.
name: ssl-ca-directory
optional: true
{{- end }}
{{- end }}

2
common/templates/_task-golangci-lint.yaml
View File

@@ -67,7 +67,7 @@ spec:
value: $(params.GOMODCACHE)
- name: GOLANGCI_LINT_CACHE
value: $(params.GOLANGCI_LINT_CACHE)
image: {{ .Values.quayHost }}/goghvideo/golang-lint:$(params.version)
image: {{ .Values.quayHostname }}/{{ .Values.organizationName}}/golang-lint:$(params.version)
name: lint
script: |
golangci-lint run $(params.flags)

2
common/templates/_task-helm-upgrade-from-source.yaml
View File

@@ -36,7 +36,7 @@ spec:
description: The values file to be used
name: values_file
type: string
- default: docker.io/lachlanevenson/k8s-helm@sha256:5c792f29950b388de24e7448d378881f68b3df73a7b30769a6aa861061fd08ae
- default: {{ .Values.quayHostname }}/{{ .Values.organizationName }}/k8s-helm:latest
description: helm image to be used
name: helm_image
type: string

88
common/templates/_triggertemplate.yaml
View File

@@ -11,18 +11,24 @@ metadata:
namespace: {{ .Release.Namespace }}
spec:
params:
- description: The git repository url
name: gitrepositoryurl
- description: The org and repo name
name: gitfullreponame
- description: The name of the repo
name: gitreponame
- description: Branch to act on
name: gitbranch
- description: The SHA head
name: gitcommitsha
- description: The pull request reference
name: gitprindex
- name: ref
description: Reference to the git repository source branch
- name: revision
description: Reference to the pull request SHA
- name: repourl
description: Reference to the git repository clone url
- name: reponame
description: Reference to repo to which the PR is for
- name: repofullname
description: The repo name including the organization
- name: message
description: The title of the pull request
- name: author
description: Who submitted the pull request
- name: email
description: Email of the pull request author
- name: index
description: The index number associated with the pull request
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
@@ -30,26 +36,34 @@ spec:
generateName: {{ include "common.name" . }}-
spec:
params:
- name: git-repo-url
value: $(tt.params.gitrepositoryurl)
- name: git-repo-full-name
value: $(tt.params.gitfullreponame)
- name: git-branch
value: $(tt.params.gitbranch)
- name: git-commit-sha
value: $(tt.params.gitcommitsha)
- name: git-pr-index
value: $(tt.params.gitprindex)
- name: ref
value: $(tt.params.ref)
- name: revision
value: $(tt.params.revision)
- name: repourl
value: $(tt.params.repourl)
- name: reponame
value: $(tt.params.reponame)
- name: repofullname
value: $(tt.params.repofullname)
- name: message
value: $(tt.params.message)
- name: author
value: $(tt.params.author)
- name: email
value: $(tt.params.email)
- name: index
value: $(tt.params.index)
- name: verbose
value: true
- name: lint-package
value: git.endofday.com/goghvideo/{{ include "common.name" . }}
value: git.endofday.com/{{ .Values.organizationName }}/{{ include "common.name" . }}
- name: lint-context
value: $(tt.params.gitreponame)/src
value: $(tt.params.reponame)/src
- name: image
value: {{ .Values.quayHostname }}/goghvideo/{{ include "common.name" . }}
value: {{ .Values.quayHostname }}/{{ .Values.organizationName }}/{{ include "common.name" . }}
- name: s2i-builder-image
value: {{ .Values.quayHostname }}/goghvideo/golang-s2i-buildah:v1
value: {{ .Values.quayHostname }}/{{ .Values.organizationName }}/golang-s2i-buildah:v1
- name: git-token-secret-name
value: git-http-credentials
- name: git-token-secret-key
@@ -59,7 +73,11 @@ spec:
- name: git-merge-delete-branch
value: true
- name: git-helm-url
value: https://git.endofday.com/goghvideo/helm.git
value: {{ .Values.helmRepoUrl }}
- name: githost
value: {{ .Values.gitHostname }}
- name: quayhost
value: {{ .Values.quayHostname }}
pipelineRef:
name: {{ include "common.name" . }}
serviceAccountName: pipeline
@@ -72,7 +90,10 @@ spec:
resources:
requests:
storage: 1Gi
storageClassName: nfs-client
storageClassName: {{ .Values.storageClassName }}
- name: quayauth
secret:
secretName: quay-credentials
- name: gitauth
secret:
secretName: git-http-credentials
@@ -90,6 +111,15 @@ spec:
resources:
requests:
storage: 1Gi
storageClassName: nfs-client
storageClassName: {{ .Values.storageClassName }}
- name: utilities
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: {{ .Values.storageClassName }}
{{- end }}
{{- end }}

34
eventlistener/conversionengine-webhook-listener.yaml
View File

@@ -1,34 +0,0 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
name: conversionengine-webhook-listener
namespace: goghvideo-cicd-pipeline
spec:
serviceAccountName: pipeline
triggers:
- name: conversionengine-greeter-webhook
interceptors:
- name: gitea
ref:
name: gitea
kind: ClusterInterceptor
apiVersion: triggers.tekton.dev
params:
- name: secretRef
value:
secretName: webhook-secret
secretKey: sharedSecret
- name: eventTypes
value: ["pull_request", "pull_request_sync"]
- name: allow-create-and-update-only
ref:
name: cel
kind: ClusterInterceptor
params:
- name: filter
value: >
body.action in ['opened', 'synchronized']
bindings:
- ref: gitea-binding
template:
ref: conversionengine-template

34
eventlistener/e2e-test-webhook-listener.yaml
View File

@@ -1,34 +0,0 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
name: e2e-test-webhook-listener
namespace: goghvideo-cicd-pipeline
spec:
serviceAccountName: pipeline
triggers:
- name: e2etest-greeter-webhook
interceptors:
- name: gitea
ref:
name: gitea
kind: ClusterInterceptor
apiVersion: triggers.tekton.dev
params:
- name: secretRef
value:
secretName: webhook-secret
secretKey: sharedSecret
- name: eventTypes
value: ["pull_request", "pull_request_sync"]
- name: allow-create-and-update-only
ref:
name: cel
kind: ClusterInterceptor
params:
- name: filter
value: >
body.action in ['opened', 'synchronized']
bindings:
- ref: gitea-binding
template:
ref: e2etest-template

34
eventlistener/notification-webhook-listener-orig.yaml
View File

@@ -1,34 +0,0 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
name: notification-webhook-listener
namespace: goghvideo-cicd-pipeline
spec:
serviceAccountName: pipeline
triggers:
- name: notification-greeter-webhook
interceptors:
- name: gitea
ref:
name: gitea
kind: ClusterInterceptor
apiVersion: triggers.tekton.dev
params:
- name: secretRef
value:
secretName: webhook-secret
secretKey: sharedSecret
- name: eventTypes
value: ["pull_request", "pull_request_sync"]
- name: allow-create-and-update-only
ref:
name: cel
kind: ClusterInterceptor
params:
- name: filter
value: >
body.action in ['opened', 'synchronized']
bindings:
- ref: gitea-binding
template:
ref: notification-template

34
eventlistener/notification-webhook-listener-push.yaml
View File

@@ -1,34 +0,0 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
name: notification
namespace: goghvideo-cicd-pipeline
spec:
serviceAccountName: pipeline
triggers:
- name: notification-push-webhook
interceptors:
- name: gitea
ref:
name: gitea
kind: ClusterInterceptor
apiVersion: triggers.tekton.dev
params:
- name: secretRef
value:
secretName: webhook-secret
secretKey: sharedSecret
- name: eventTypes
value: ["push"]
# - name: allow-create-and-update-only
# ref:
# name: cel
# kind: ClusterInterceptor
# params:
# - name: filter
# value: >
# body.ref in ["feature"]
bindings:
- ref: gitea-push-binding
template:
ref: notification-trigger-template

34
eventlistener/notification-webhook.yaml
View File

@@ -1,34 +0,0 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
name: notification
namespace: goghvideo-cicd-pipeline
spec:
serviceAccountName: pipeline
triggers:
- name: notification-pullrequest-webhook
interceptors:
- name: gitea
ref:
name: gitea
kind: ClusterInterceptor
apiVersion: triggers.tekton.dev
params:
- name: secretRef
value:
secretName: webhook-secret
secretKey: sharedSecret
- name: eventTypes
value: ["pull_request"]
- name: run-if-new-pr
ref:
name: cel
kind: ClusterInterceptor
params:
- name: filter
value: >
body.action in ["opened"]
bindings:
- ref: gitea-pullrequest-binding
template:
ref: notification-trigger-template

34
eventlistener/upload-to-nextcloud-webhook-listener.yaml
View File

@@ -1,34 +0,0 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
name: upload-to-nextcloud-webhook-listener
namespace: goghvideo-cicd-pipeline
spec:
serviceAccountName: pipeline
triggers:
- name: upload2nc-greeter-webhook
interceptors:
- name: gitea
ref:
name: gitea
kind: ClusterInterceptor
apiVersion: triggers.tekton.dev
params:
- name: secretRef
value:
secretName: webhook-secret
secretKey: sharedSecret
- name: eventTypes
value: ["pull_request", "pull_request_sync"]
- name: allow-create-and-update-only
ref:
name: cel
kind: ClusterInterceptor
params:
- name: filter
value: >
body.action in ['opened', 'synchronized']
bindings:
- ref: gitea-binding
template:
ref: upload2nc-template

437
pipeline/cd-notification.yaml
View File

@@ -1,437 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: notification-deploy
namespace: goghvideo-cicd-pipeline
spec:
workspaces:
- name: source
- name: gitauth
- name: dockerconfig
- name: helm
- name: gitsshauth
params:
- name: git-repo-full-name
type: string
- name: git-token-secret-name
type: string
- name: git-token-secret-key
type: string
- name: git-commit-sha
type: string
- name: git-repo-url
type: string
description: Git URL to retrieve
- name: git-branch
type: string
description: branch to checkout
- name: git-pr-index
description: PR number to merge
- name: git-merge-type
description: What type of merge to do
- name: git-merge-delete-branch
description: delete the branch after merge
- name: verbose
type: string
default: "false"
- name: lint-package
type: string
- name: lint-context
type: string
description: Path to where the modules are stored
- name: lint-version
type: string
default: latest
- name: image
type: string
- name: s2i-builder-image
type: string
- name: git-helm-url
type: string
tasks:
- name: set-check-pending
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Build started
- name: STATE
value: pending
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines/all-namespaces
- name: git-semver
runAfter:
- set-check-pending
taskRef:
name: git-semver
params:
- name: gitrepositoryurl
value: $(params.git-repo-url)
- name: gitbranch
value: $(params.git-branch)
workspaces:
- name: repo
workspace: source
- name: gitauth
workspace: gitauth
- name: golangci-lint
runAfter:
- git-semver
taskRef:
name: golangci-lint
params:
- name: package
value: $(params.lint-package)
- name: context
value: $(params.lint-context)
- name: version
value: $(params.lint-version)
workspaces:
- name: source
workspace: source
- name: generate-imagetag
runAfter:
- golangci-lint
taskRef:
name: generate-image-tag
params:
- name: version
value: $(tasks.git-semver.results.version)
- name: image
value: $(params.image)
- name: s2i-build
runAfter:
- generate-imagetag
taskRef:
name: s2i-go-debug
params:
- name: TLSVERIFY
value: false
- name: BUILDER_IMAGE
value: $(params.s2i-builder-image)
- name: PATH_CONTEXT
value: $(params.lint-context)
- name: verbose
value: true
- name: IMAGE
value: $(tasks.generate-imagetag.results.imagetag)
- name: ENV_VARS
value:
- semver=$(tasks.git-semver.results.version)
workspaces:
- name: source
workspace: source
- name: dockerconfig
workspace: dockerconfig
- name: ephemeral-ns
runAfter:
- s2i-build
taskref:
name: openshift-ephemeral-namespace-client
kind: Task
params:
- name: VERSION
value: 4.11
- name: SCRIPT
value: |
echo "${SHELL}"
RANDOMID=$(openssl rand -hex 4)
oc new-project goghvideo-test-${RANDOMID} >/dev/null
oc label namespace goghvideo-test-${RANDOMID} app=goghvideo-test
x=0; until [[ -n $(oc -n goghvideo-test-${RANDOMID} get secret/goghvideo-openshift-builder-pull-secret 2>/dev/null) || $x -eq 10 ]]; do echo "Waiting for secret replication" && sleep 10 && ((x++)); done
if [[ "${x}" -eq 10 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} secrets link default goghvideo-openshift-builder-pull-secret --for=pull
oc apply -f - <<EOF
apiVersion: rabbitmq.com/v1beta1
kind: RabbitmqCluster
metadata:
name: rabbitmq
namespace: goghvideo-test-${RANDOMID}
spec:
delayStartSeconds: 10
image: quay01.ipa.endofday.com/goghvideo/bitnami-rabbitmq
imagePullSecrets:
- name: goghvideo-openshift-builder-pull-secret
persistence:
storage: 10Gi
replicas: 1
resources:
limits:
cpu: "2"
memory: 2Gi
requests:
cpu: "1"
memory: 2Gi
service:
type: ClusterIP
terminationGracePeriodSeconds: 30
EOF
x=0; until [[ -n $(oc -n goghvideo-test-${RANDOMID} get sa/rabbitmq-server 2>/dev/null ) || $x -eq 10 ]]; do echo "Waiting for operator to deploy rabbit" && sleep 5 && ((x++)); done
if [[ "${x}" -eq 10 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} adm policy add-scc-to-user anyuid -z rabbitmq-server
x=0; until [[ $(oc -n goghvideo-test-${RANDOMID} get sts rabbitmq-server -o jsonpath="{.status.readyReplicas}") -gt 0 || $x -eq 20 ]]; do echo "Waiting for Rabbit MQ to startup" && sleep 15 && ((x++)); done
if [[ "${x}" -eq 20 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} create route edge --service=rabbitmq --port=15672
oc -n goghvideo-test-${RANDOMID} get pods
RABBITHOST=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.host | base64decode }}')
RABBITUSER=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.username | base64decode }}')
RABBITPASS=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.password | base64decode }}')
oc -n goghvideo-test-${RANDOMID} create secret generic amqp --from-literal=url=amqp://${RABBITUSER}:${RABBITPASS}@${RABBITHOST}/
curl -O http://${RABBITHOST}:15672/cli/rabbitmqadmin
chmod +x rabbitmqadmin
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare exchange name=conversion type=topic
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=transcode durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=notification durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=upload-nextcloud durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=complete durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="transcode" routing_key="transcode"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="notification" routing_key="notification"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="upload-nextcloud" routing_key="upload-nextcloud"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="complete" routing_key="complete"
echo -n "goghvideo-test-${RANDOMID}" > $(results.namespace.path)
workspaces:
- name: kubeconfig-dir
workspace: dockerconfig
- name: clone-helm-charts
runAfter: ["ephemeral-ns"]
taskRef:
name: git-clone
params:
- name: url
value: $(params.git-helm-url)
workspaces:
- name: output
workspace: helm
- name: ssh-directory
workspace: gitsshauth
- name: deploy-notification
runAfter: ["clone-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: notification
- name: release_namespace
value: $(tasks.ephemeral-ns.results.namespace)
- name: release_name
value: notification
- name: overwrite_values
value: "image.tag=v$(tasks.git-semver.results.version)"
workspaces:
- name: source
workspace: helm
- name: deploy-upload-to-nextcloud
runAfter: ["clone-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: upload-to-nextcloud
- name: release_namespace
value: $(tasks.ephemeral-ns.results.namespace)
- name: release_name
value: upload-to-nextcloud
workspaces:
- name: source
workspace: helm
- name: deploy-conversion-engine
runAfter: ["clone-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: conversion-engine
- name: release_namespace
value: $(tasks.ephemeral-ns.results.namespace)
- name: release_name
value: conversion-engine
workspaces:
- name: source
workspace: helm
- name: get-filedrop-name
runAfter: ["deploy-conversion-engine", "deploy-upload-to-nextcloud", "deploy-notification"]
taskref:
name: openshift-ephemeral-namespace-client
kind: Task
params:
- name: VERSION
value: 4.11
- name: SCRIPT
value: |
#!/usr/bin/env bash
wget "https://github.com/jqlang/jq/releases/download/jq-1.7/jq-linux-amd64" -O /usr/local/bin/jq
chmod +x /usr/local/bin/jq
INPUTSRC=$(oc -n $(tasks.ephemeral-ns.results.namespace) get scaledjob/conversion-engine -o json | /usr/local/bin/jq -r '.spec.jobTargetRef.template.spec.initContainers[0].env[] | select(.name == "sourcefile").value')
if [[ -z "${INPUTSRC}" ]]; then exit 1; fi
echo -n "${INPUTSRC}" > $(results.filedrop.path)
workspaces:
- name: kubeconfig-dir
workspace: dockerconfig
- name: perform-e2e-test
runAfter: ["get-filedrop-name"]
taskref:
name: openshift-ephemeral-namespace-client
kind: Task
params:
- name: VERSION
value: 4.11
- name: SCRIPT
value: |
#!/usr/bin/env bash
oc create -f - <<EOF && sleep 2
apiVersion: batch/v1
kind: Job
metadata:
generateName: e2e-test-
namespace: $(tasks.ephemeral-ns.results.namespace)
labels:
app: e2e-test
spec:
completions: 1
parallelism: 1
template:
metadata:
creationTimestamp: null
spec:
restartPolicy: Never
containers:
- env:
- name: amqp
valueFrom:
secretKeyRef:
key: url
name: amqp
- name: dropfile
value: $(tasks.get-filedrop-name.results.filedrop)
image: quay01.ipa.endofday.com/goghvideo/e2e-test:v0.1.5
imagePullPolicy: Always
name: transcode-job
volumeMounts:
- mountPath: "/conversion"
name: "pvc-conversion"
volumes:
- name: "pvc-conversion"
persistentVolumeClaim:
claimName: "pvc-conversion"
EOF
MYJOB=$(oc -n $(tasks.ephemeral-ns.results.namespace) get jobs -l app=e2e-test -o name)
echo "Job Reference: ${MYJOB}"
x=0; until [[ $(oc -n $(tasks.ephemeral-ns.results.namespace) get ${MYJOB} -o go-template="{{if .status.active}}{{.status.active}}{{else}}0{{end}}") -gt 0 || $x -eq 60 ]]; do echo "Waiting for e2e job to start" && sleep 2 && ((x++)); done
if [[ "${x}" -eq 60 ]]; then exit 1; fi
x=0; until [[ $(oc -n $(tasks.ephemeral-ns.results.namespace) get ${MYJOB} -o go-template="{{if .status.succeeded}}{{.status.succeeded}}{{else}}0{{end}}" ) -gt 0 || $x -eq 20 ]]; do echo "Waiting for test to complete" && sleep 15 && ((x++)); done
if [[ "${x}" -eq 20 ]]; then exit 1; fi
workspaces:
- name: kubeconfig-dir
workspace: dockerconfig
- name: pass-pr-check
runAfter: ["perform-e2e-test"]
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Tekton CI Pipeline
- name: STATE
value: success
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines
- name: create-git-release
runAfter: ["pass-pr-check"]
taskRef:
name: gitea-create-release
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: TAG
value: $(tasks.git-semver.results.version)
- name: TITLE
value: $(params.git-repo-full-name)-$(tasks.git-semver.results.version)
- name: perform-merge
runAfter: ["create-git-release"]
taskRef:
name: gitea-merge-pr
params:
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Automatically merged by CI pipeline
- name: INDEX
value: $(params.git-pr-index)
- name: MERGETYPE
value: $(params.git-merge-type)
- name: DELETEBRANCH
value: $(params.git-merge-delete-branch)
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines
finally:
- name: fail-pr-check
when:
- input: $(tasks.status)
operator: in
values:
- Failed
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Tekton CI Pipeline
- name: STATE
value: failure
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines

430
pipeline/conversion-engine.yaml
View File

@@ -1,430 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: ce-buildtest
namespace: goghvideo-cicd-pipeline
spec:
workspaces:
- name: source
- name: gitauth
- name: dockerconfig
- name: helm
- name: gitsshauth
params:
- name: git-repo-full-name
type: string
- name: git-token-secret-name
type: string
- name: git-token-secret-key
type: string
- name: git-commit-sha
type: string
- name: git-repo-url
type: string
description: Git URL to retrieve
- name: git-branch
type: string
description: branch to checkout
- name: git-pr-index
description: PR number to merge
- name: git-merge-type
description: What type of merge to do
- name: git-merge-delete-branch
description: delete the branch after merge
- name: verbose
type: string
default: "false"
- name: lint-package
type: string
- name: lint-context
type: string
description: Path to where the modules are stored
- name: lint-version
type: string
default: latest
- name: image
type: string
- name: s2i-builder-image
type: string
- name: git-helm-url
type: string
tasks:
- name: set-check-pending
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Build started
- name: STATE
value: pending
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines/all-namespaces
- name: git-semver
runAfter:
- set-check-pending
taskRef:
name: git-semver
params:
- name: gitrepositoryurl
value: $(params.git-repo-url)
- name: gitbranch
value: $(params.git-branch)
workspaces:
- name: repo
workspace: source
- name: gitauth
workspace: gitauth
- name: golangci-lint
runAfter:
- git-semver
taskRef:
name: golangci-lint
params:
- name: package
value: $(params.lint-package)
- name: context
value: $(params.lint-context)
- name: version
value: $(params.lint-version)
workspaces:
- name: source
workspace: source
- name: generate-imagetag
runAfter:
- golangci-lint
taskRef:
name: generate-image-tag
params:
- name: version
value: $(tasks.git-semver.results.version)
- name: image
value: $(params.image)
- name: s2i-build
runAfter:
- generate-imagetag
taskRef:
name: s2i-go-debug
params:
- name: TLSVERIFY
value: false
- name: BUILDER_IMAGE
value: $(params.s2i-builder-image)
- name: PATH_CONTEXT
value: $(params.lint-context)
- name: verbose
value: true
- name: IMAGE
value: $(tasks.generate-imagetag.results.imagetag)
- name: ENV_VARS
value:
- semver=$(tasks.git-semver.results.version)
workspaces:
- name: source
workspace: source
- name: dockerconfig
workspace: dockerconfig
- name: ephemeral-ns
runAfter:
- s2i-build
taskref:
name: openshift-ephemeral-namespace-client
kind: Task
params:
- name: VERSION
value: 4.11
- name: SCRIPT
value: |
echo "${SHELL}"
RANDOMID=$(openssl rand -hex 4)
oc new-project goghvideo-test-${RANDOMID} >/dev/null
oc label namespace goghvideo-test-${RANDOMID} app=goghvideo-test
x=0; until [[ -n $(oc -n goghvideo-test-${RANDOMID} get secret/goghvideo-openshift-builder-pull-secret 2>/dev/null) || $x -eq 10 ]]; do echo "Waiting for secret replication" && sleep 10 && ((x++)); done
if [[ "${x}" -eq 10 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} secrets link default goghvideo-openshift-builder-pull-secret --for=pull
oc apply -f - <<EOF
apiVersion: rabbitmq.com/v1beta1
kind: RabbitmqCluster
metadata:
name: rabbitmq
namespace: goghvideo-test-${RANDOMID}
spec:
delayStartSeconds: 10
image: quay01.ipa.endofday.com/goghvideo/bitnami-rabbitmq
imagePullSecrets:
- name: goghvideo-openshift-builder-pull-secret
persistence:
storage: 10Gi
replicas: 1
resources:
limits:
cpu: "2"
memory: 2Gi
requests:
cpu: "1"
memory: 2Gi
service:
type: ClusterIP
terminationGracePeriodSeconds: 30
EOF
x=0; until [[ -n $(oc -n goghvideo-test-${RANDOMID} get sa/rabbitmq-server 2>/dev/null ) || $x -eq 10 ]]; do echo "Waiting for operator to deploy rabbit" && sleep 5 && ((x++)); done
if [[ "${x}" -eq 10 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} adm policy add-scc-to-user anyuid -z rabbitmq-server
x=0; until [[ $(oc -n goghvideo-test-${RANDOMID} get sts rabbitmq-server -o jsonpath="{.status.readyReplicas}") -gt 0 || $x -eq 20 ]]; do echo "Waiting for Rabbit MQ to startup" && sleep 15 && ((x++)); done
if [[ "${x}" -eq 20 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} create route edge --service=rabbitmq --port=15672
oc -n goghvideo-test-${RANDOMID} get pods
RABBITHOST=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.host | base64decode }}')
RABBITUSER=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.username | base64decode }}')
RABBITPASS=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.password | base64decode }}')
oc -n goghvideo-test-${RANDOMID} create secret generic amqp --from-literal=url=amqp://${RABBITUSER}:${RABBITPASS}@${RABBITHOST}/
curl -O http://${RABBITHOST}:15672/cli/rabbitmqadmin
chmod +x rabbitmqadmin
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare exchange name=conversion type=topic
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=transcode durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=notification durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=upload-nextcloud durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=complete durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="transcode" routing_key="transcode"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="notification" routing_key="notification"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="upload-nextcloud" routing_key="upload-nextcloud"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="complete" routing_key="complete"
echo -n "goghvideo-test-${RANDOMID}" > $(results.namespace.path)
workspaces:
- name: kubeconfig-dir
workspace: dockerconfig
- name: clone-helm-charts
runAfter: ["ephemeral-ns"]
taskRef:
name: git-clone
params:
- name: url
value: $(params.git-helm-url)
workspaces:
- name: output
workspace: helm
- name: ssh-directory
workspace: gitsshauth
- name: deploy-ce-testver
runAfter: ["clone-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: conversion-engine
- name: release_namespace
value: $(tasks.ephemeral-ns.results.namespace)
- name: release_name
value: conversion-engine
- name: overwrite_values
value: "image.tag=v$(tasks.git-semver.results.version)"
workspaces:
- name: source
workspace: helm
- name: deploy-upload-to-nextcloud
runAfter: ["clone-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: upload-to-nextcloud
- name: release_namespace
value: $(tasks.ephemeral-ns.results.namespace)
- name: release_name
value: upload-to-nextcloud
workspaces:
- name: source
workspace: helm
- name: deploy-notification
runAfter: ["clone-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: notification
- name: release_namespace
value: $(tasks.ephemeral-ns.results.namespace)
- name: release_name
value: notification
workspaces:
- name: source
workspace: helm
- name: get-filedrop-name
runAfter: ["deploy-ce-testver", "deploy-upload-to-nextcloud", "deploy-notification"]
taskref:
name: openshift-ephemeral-namespace-client
kind: Task
params:
- name: VERSION
value: 4.11
- name: SCRIPT
value: |
#!/usr/bin/env bash
wget "https://github.com/jqlang/jq/releases/download/jq-1.7/jq-linux-amd64" -O /usr/local/bin/jq
chmod +x /usr/local/bin/jq
INPUTSRC=$(oc -n $(tasks.ephemeral-ns.results.namespace) get scaledjob/conversion-engine -o json | /usr/local/bin/jq -r '.spec.jobTargetRef.template.spec.initContainers[0].env[] | select(.name == "sourcefile").value')
if [[ -z "${INPUTSRC}" ]]; then exit 1; fi
echo -n "${INPUTSRC}" > $(results.filedrop.path)
workspaces:
- name: kubeconfig-dir
workspace: dockerconfig
- name: perform-e2e-test
runAfter: ["get-filedrop-name"]
taskref:
name: openshift-ephemeral-namespace-client
kind: Task
params:
- name: VERSION
value: 4.11
- name: SCRIPT
value: |
#!/usr/bin/env bash
oc create -f - <<EOF
apiVersion: batch/v1
kind: Job
metadata:
generateName: e2e-test-
namespace: $(tasks.ephemeral-ns.results.namespace)
labels:
app: e2e-test
spec:
completions: 1
parallelism: 1
template:
metadata:
creationTimestamp: null
spec:
restartPolicy: Never
containers:
- env:
- name: amqp
valueFrom:
secretKeyRef:
key: url
name: amqp
- name: dropfile
value: $(tasks.get-filedrop-name.results.filedrop)
image: quay01.ipa.endofday.com/goghvideo/e2e-test:v0.1.5
imagePullPolicy: Always
name: transcode-job
volumeMounts:
- mountPath: "/conversion"
name: "pvc-conversion"
volumes:
- name: "pvc-conversion"
persistentVolumeClaim:
claimName: "pvc-conversion"
EOF
workspaces:
- name: kubeconfig-dir
workspace: dockerconfig
- name: pass-pr-check
runAfter: ["perform-e2e-test"]
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Tekton CI Pipeline
- name: STATE
value: success
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines
- name: create-git-release
runAfter: ["pass-pr-check"]
taskRef:
name: gitea-create-release
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: TAG
value: $(tasks.git-semver.results.version)
- name: TITLE
value: $(params.git-repo-full-name)-$(tasks.git-semver.results.version)
- name: perform-merge
runAfter: ["create-git-release"]
taskRef:
name: gitea-merge-pr
params:
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Automatically merged by CI pipeline
- name: INDEX
value: $(params.git-pr-index)
- name: MERGETYPE
value: $(params.git-merge-type)
- name: DELETEBRANCH
value: $(params.git-merge-delete-branch)
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines
finally:
- name: fail-pr-check
when:
- input: $(tasks.status)
operator: in
values:
- Failed
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Tekton CI Pipeline
- name: STATE
value: failure
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines

225
pipeline/e2e-test.yaml
View File

@@ -1,225 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: e2etest-buildtest
namespace: goghvideo-cicd-pipeline
spec:
workspaces:
- name: source
- name: gitauth
- name: dockerconfig
- name: helm
- name: gitsshauth
params:
- name: git-repo-full-name
type: string
- name: git-token-secret-name
type: string
- name: git-token-secret-key
type: string
- name: git-commit-sha
type: string
- name: git-repo-url
type: string
description: Git URL to retrieve
- name: git-branch
type: string
description: branch to checkout
- name: git-pr-index
description: PR number to merge
- name: git-merge-type
description: What type of merge to do
- name: git-merge-delete-branch
description: delete the branch after merge
- name: verbose
type: string
default: "false"
- name: lint-package
type: string
- name: lint-context
type: string
description: Path to where the modules are stored
- name: lint-version
type: string
default: latest
- name: image
type: string
- name: s2i-builder-image
type: string
- name: git-helm-url
type: string
tasks:
- name: set-check-pending
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Build started
- name: STATE
value: pending
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines/all-namespaces
- name: git-semver
runAfter:
- set-check-pending
taskRef:
name: git-semver
params:
- name: gitrepositoryurl
value: $(params.git-repo-url)
- name: gitbranch
value: $(params.git-branch)
workspaces:
- name: repo
workspace: source
- name: gitauth
workspace: gitauth
- name: golangci-lint
runAfter:
- git-semver
taskRef:
name: golangci-lint
params:
- name: package
value: $(params.lint-package)
- name: context
value: $(params.lint-context)
- name: version
value: $(params.lint-version)
workspaces:
- name: source
workspace: source
- name: generate-imagetag
runAfter:
- golangci-lint
taskRef:
name: generate-image-tag
params:
- name: version
value: $(tasks.git-semver.results.version)
- name: image
value: $(params.image)
- name: s2i-build
runAfter:
- generate-imagetag
taskRef:
name: s2i-go-debug
kind: Task
params:
- name: TLSVERIFY
value: false
- name: BUILDER_IMAGE
value: $(params.s2i-builder-image)
- name: PATH_CONTEXT
value: $(params.lint-context)
- name: verbose
value: true
- name: IMAGE
value: $(tasks.generate-imagetag.results.imagetag)
- name: ENV_VARS
value:
- semver=$(tasks.git-semver.results.version)
workspaces:
- name: source
workspace: source
- name: dockerconfig
workspace: dockerconfig
- name: pass-pr-check
runAfter: ["s2i-build"]
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Tekton CI Pipeline
- name: STATE
value: success
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines
- name: create-git-release
runAfter: ["pass-pr-check"]
taskRef:
name: gitea-create-release
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: TAG
value: $(tasks.git-semver.results.version)
- name: TITLE
value: $(params.git-repo-full-name)-$(tasks.git-semver.results.version)
- name: perform-merge
runAfter: ["create-git-release"]
taskRef:
name: gitea-merge-pr
params:
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Automatically merged by CI pipeline
- name: INDEX
value: $(params.git-pr-index)
- name: MERGETYPE
value: $(params.git-merge-type)
- name: DELETEBRANCH
value: $(params.git-merge-delete-branch)
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines
finally:
- name: fail-pr-check
when:
- input: $(tasks.status)
operator: in
values:
- Failed
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Tekton CI Pipeline
- name: STATE
value: failure
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines

437
pipeline/notification-pr.yaml
View File

@@ -1,437 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: notification-buildtest
namespace: goghvideo-cicd-pipeline
spec:
workspaces:
- name: source
- name: gitauth
- name: dockerconfig
- name: helm
- name: gitsshauth
params:
- name: git-repo-full-name
type: string
- name: git-token-secret-name
type: string
- name: git-token-secret-key
type: string
- name: git-commit-sha
type: string
- name: git-repo-url
type: string
description: Git URL to retrieve
- name: git-branch
type: string
description: branch to checkout
- name: git-pr-index
description: PR number to merge
- name: git-merge-type
description: What type of merge to do
- name: git-merge-delete-branch
description: delete the branch after merge
- name: verbose
type: string
default: "false"
- name: lint-package
type: string
- name: lint-context
type: string
description: Path to where the modules are stored
- name: lint-version
type: string
default: latest
- name: image
type: string
- name: s2i-builder-image
type: string
- name: git-helm-url
type: string
tasks:
- name: set-check-pending
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Build started
- name: STATE
value: pending
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines/all-namespaces
- name: git-semver
runAfter:
- set-check-pending
taskRef:
name: git-semver
params:
- name: gitrepositoryurl
value: $(params.git-repo-url)
- name: gitbranch
value: $(params.git-branch)
workspaces:
- name: repo
workspace: source
- name: gitauth
workspace: gitauth
- name: golangci-lint
runAfter:
- git-semver
taskRef:
name: golangci-lint
params:
- name: package
value: $(params.lint-package)
- name: context
value: $(params.lint-context)
- name: version
value: $(params.lint-version)
workspaces:
- name: source
workspace: source
- name: generate-imagetag
runAfter:
- golangci-lint
taskRef:
name: generate-image-tag
params:
- name: version
value: $(tasks.git-semver.results.version)
- name: image
value: $(params.image)
- name: s2i-build
runAfter:
- generate-imagetag
taskRef:
name: s2i-go-debug
params:
- name: TLSVERIFY
value: false
- name: BUILDER_IMAGE
value: $(params.s2i-builder-image)
- name: PATH_CONTEXT
value: $(params.lint-context)
- name: verbose
value: true
- name: IMAGE
value: $(tasks.generate-imagetag.results.imagetag)
- name: ENV_VARS
value:
- semver=$(tasks.git-semver.results.version)
workspaces:
- name: source
workspace: source
- name: dockerconfig
workspace: dockerconfig
- name: ephemeral-ns
runAfter:
- s2i-build
taskref:
name: openshift-ephemeral-namespace-client
kind: Task
params:
- name: VERSION
value: 4.11
- name: SCRIPT
value: |
echo "${SHELL}"
RANDOMID=$(openssl rand -hex 4)
oc new-project goghvideo-test-${RANDOMID} >/dev/null
oc label namespace goghvideo-test-${RANDOMID} app=goghvideo-test
x=0; until [[ -n $(oc -n goghvideo-test-${RANDOMID} get secret/goghvideo-openshift-builder-pull-secret 2>/dev/null) || $x -eq 10 ]]; do echo "Waiting for secret replication" && sleep 10 && ((x++)); done
if [[ "${x}" -eq 10 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} secrets link default goghvideo-openshift-builder-pull-secret --for=pull
oc apply -f - <<EOF
apiVersion: rabbitmq.com/v1beta1
kind: RabbitmqCluster
metadata:
name: rabbitmq
namespace: goghvideo-test-${RANDOMID}
spec:
delayStartSeconds: 10
image: quay01.ipa.endofday.com/goghvideo/bitnami-rabbitmq
imagePullSecrets:
- name: goghvideo-openshift-builder-pull-secret
persistence:
storage: 10Gi
replicas: 1
resources:
limits:
cpu: "2"
memory: 2Gi
requests:
cpu: "1"
memory: 2Gi
service:
type: ClusterIP
terminationGracePeriodSeconds: 30
EOF
x=0; until [[ -n $(oc -n goghvideo-test-${RANDOMID} get sa/rabbitmq-server 2>/dev/null ) || $x -eq 10 ]]; do echo "Waiting for operator to deploy rabbit" && sleep 5 && ((x++)); done
if [[ "${x}" -eq 10 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} adm policy add-scc-to-user anyuid -z rabbitmq-server
x=0; until [[ $(oc -n goghvideo-test-${RANDOMID} get sts rabbitmq-server -o jsonpath="{.status.readyReplicas}") -gt 0 || $x -eq 20 ]]; do echo "Waiting for Rabbit MQ to startup" && sleep 15 && ((x++)); done
if [[ "${x}" -eq 20 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} create route edge --service=rabbitmq --port=15672
oc -n goghvideo-test-${RANDOMID} get pods
RABBITHOST=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.host | base64decode }}')
RABBITUSER=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.username | base64decode }}')
RABBITPASS=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.password | base64decode }}')
oc -n goghvideo-test-${RANDOMID} create secret generic amqp --from-literal=url=amqp://${RABBITUSER}:${RABBITPASS}@${RABBITHOST}/
curl -O http://${RABBITHOST}:15672/cli/rabbitmqadmin
chmod +x rabbitmqadmin
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare exchange name=conversion type=topic
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=transcode durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=notification durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=upload-nextcloud durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=complete durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="transcode" routing_key="transcode"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="notification" routing_key="notification"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="upload-nextcloud" routing_key="upload-nextcloud"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="complete" routing_key="complete"
echo -n "goghvideo-test-${RANDOMID}" > $(results.namespace.path)
workspaces:
- name: kubeconfig-dir
workspace: dockerconfig
- name: clone-helm-charts
runAfter: ["ephemeral-ns"]
taskRef:
name: git-clone
params:
- name: url
value: $(params.git-helm-url)
workspaces:
- name: output
workspace: helm
- name: ssh-directory
workspace: gitsshauth
- name: deploy-notification
runAfter: ["clone-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: notification
- name: release_namespace
value: $(tasks.ephemeral-ns.results.namespace)
- name: release_name
value: notification
- name: overwrite_values
value: "image.tag=v$(tasks.git-semver.results.version)"
workspaces:
- name: source
workspace: helm
- name: deploy-upload-to-nextcloud
runAfter: ["clone-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: upload-to-nextcloud
- name: release_namespace
value: $(tasks.ephemeral-ns.results.namespace)
- name: release_name
value: upload-to-nextcloud
workspaces:
- name: source
workspace: helm
- name: deploy-conversion-engine
runAfter: ["clone-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: conversion-engine
- name: release_namespace
value: $(tasks.ephemeral-ns.results.namespace)
- name: release_name
value: conversion-engine
workspaces:
- name: source
workspace: helm
- name: get-filedrop-name
runAfter: ["deploy-conversion-engine", "deploy-upload-to-nextcloud", "deploy-notification"]
taskref:
name: openshift-ephemeral-namespace-client
kind: Task
params:
- name: VERSION
value: 4.11
- name: SCRIPT
value: |
#!/usr/bin/env bash
wget "https://github.com/jqlang/jq/releases/download/jq-1.7/jq-linux-amd64" -O /usr/local/bin/jq
chmod +x /usr/local/bin/jq
INPUTSRC=$(oc -n $(tasks.ephemeral-ns.results.namespace) get scaledjob/conversion-engine -o json | /usr/local/bin/jq -r '.spec.jobTargetRef.template.spec.initContainers[0].env[] | select(.name == "sourcefile").value')
if [[ -z "${INPUTSRC}" ]]; then exit 1; fi
echo -n "${INPUTSRC}" > $(results.filedrop.path)
workspaces:
- name: kubeconfig-dir
workspace: dockerconfig
- name: perform-e2e-test
runAfter: ["get-filedrop-name"]
taskref:
name: openshift-ephemeral-namespace-client
kind: Task
params:
- name: VERSION
value: 4.11
- name: SCRIPT
value: |
#!/usr/bin/env bash
oc create -f - <<EOF && sleep 2
apiVersion: batch/v1
kind: Job
metadata:
generateName: e2e-test-
namespace: $(tasks.ephemeral-ns.results.namespace)
labels:
app: e2e-test
spec:
completions: 1
parallelism: 1
template:
metadata:
creationTimestamp: null
spec:
restartPolicy: Never
containers:
- env:
- name: amqp
valueFrom:
secretKeyRef:
key: url
name: amqp
- name: dropfile
value: $(tasks.get-filedrop-name.results.filedrop)
image: quay01.ipa.endofday.com/goghvideo/e2e-test:v0.1.5
imagePullPolicy: Always
name: transcode-job
volumeMounts:
- mountPath: "/conversion"
name: "pvc-conversion"
volumes:
- name: "pvc-conversion"
persistentVolumeClaim:
claimName: "pvc-conversion"
EOF
MYJOB=$(oc -n $(tasks.ephemeral-ns.results.namespace) get jobs -l app=e2e-test -o name)
echo "Job Reference: ${MYJOB}"
x=0; until [[ $(oc -n $(tasks.ephemeral-ns.results.namespace) get ${MYJOB} -o go-template="{{if .status.active}}{{.status.active}}{{else}}0{{end}}") -gt 0 || $x -eq 60 ]]; do echo "Waiting for e2e job to start" && sleep 2 && ((x++)); done
if [[ "${x}" -eq 60 ]]; then exit 1; fi
x=0; until [[ $(oc -n $(tasks.ephemeral-ns.results.namespace) get ${MYJOB} -o go-template="{{if .status.succeeded}}{{.status.succeeded}}{{else}}0{{end}}" ) -gt 0 || $x -eq 20 ]]; do echo "Waiting for test to complete" && sleep 15 && ((x++)); done
if [[ "${x}" -eq 20 ]]; then exit 1; fi
workspaces:
- name: kubeconfig-dir
workspace: dockerconfig
- name: pass-pr-check
runAfter: ["perform-e2e-test"]
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Tekton CI Pipeline
- name: STATE
value: success
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines
- name: create-git-release
runAfter: ["pass-pr-check"]
taskRef:
name: gitea-create-release
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: TAG
value: $(tasks.git-semver.results.version)
- name: TITLE
value: $(params.git-repo-full-name)-$(tasks.git-semver.results.version)
- name: perform-merge
runAfter: ["create-git-release"]
taskRef:
name: gitea-merge-pr
params:
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Automatically merged by CI pipeline
- name: INDEX
value: $(params.git-pr-index)
- name: MERGETYPE
value: $(params.git-merge-type)
- name: DELETEBRANCH
value: $(params.git-merge-delete-branch)
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines
finally:
- name: fail-pr-check
when:
- input: $(tasks.status)
operator: in
values:
- Failed
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Tekton CI Pipeline
- name: STATE
value: failure
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines

393
pipeline/notification.yaml
View File

@@ -1,393 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: notification
namespace: goghvideo-cicd-pipeline
labels:
app: notification
spec:
workspaces:
- name: source
- name: gitauth
- name: dockerconfig
- name: helm
- name: gitsshauth
- name: quayauth
- name: utilities
params:
- name: ref
description: Ref of the application
- name: revision
description: git unique head commit id
- name: repourl
description: repository name
- name: repofullname
description: repository full name
- name: author
description: commit author username
- name: email
description: commit author email
- name: message
description: commit message
- name: index
description: pull request index number
- name: git-helm-url
description: The URL of the repo containing the helm charts
- name: githost
description: the base git server hostname
- name: quayhost
description: the base quay server hostname
tasks:
- name: set-pending-status
taskRef:
name: gitea-set-status
params:
- name: githost
value: $(params.githost)
- name: quayhost
value: $(params.quayhost)
- name: statusurl
value: "https://console-openshift-console.apps.ocp.endofday.com/pipelines/ns/goghvideo-cicd-pipeline/pipeline-runs"
- name: revision
value: $(params.revision)
- name: repofullname
value: $(params.repofullname)
- name: description
value: "CI Pipeline"
- name: state
value: "pending"
workspaces:
- name: gitauth
workspace: gitauth
- name: copy-shared-utilities
runAfter: ["set-pending-status"]
taskRef:
name: copy-shared-utilities
workspaces:
- name: utilities
- name: prepare
runAfter: ["set-pending-status"]
taskRef:
name: git-semver
params:
- name: gitrepositoryurl
value: $(params.repourl)
- name: gitbranch
value: $(params.ref)
workspaces:
- name: repo
workspace: source
- name: gitauth
workspace: gitauth
- name: standards
runAfter:
- prepare
taskRef:
name: golangci-lint
params:
- name: package
value: $(params.githost)/goghvideo/notification
- name: context
value: ./notification/src
- name: version
value: latest
workspaces:
- name: source
workspace: source
- name: build
runAfter:
- standards
taskRef:
name: s2i-go-debug
params:
- name: TLSVERIFY
value: false
- name: BUILDER_IMAGE
value: $(params.quayhost)/goghvideo/golang-s2i-buildah:v1
- name: PATH_CONTEXT
value: notification/src
- name: verbose
value: true
- name: IMAGE
value: $(params.quayhost)/goghvideo/notification:$(params.revision)
- name: ENV_VARS
value:
- semver=$(tasks.prepare.results.version)
workspaces:
- name: source
workspace: source
- name: dockerconfig
workspace: dockerconfig
- name: ephemeral-namespace
runAfter:
- build
taskref:
name: openshift-ephemeral-namespace-client
kind: Task
params:
- name: VERSION
value: 4.11
- name: SCRIPT
value: |
echo "${SHELL}"
RANDOMID=$(openssl rand -hex 4)
oc new-project goghvideo-test-${RANDOMID} >/dev/null
oc label namespace goghvideo-test-${RANDOMID} app=goghvideo-test
x=0; until [[ -n $(oc -n goghvideo-test-${RANDOMID} get secret/goghvideo-openshift-builder-pull-secret 2>/dev/null) || $x -eq 10 ]]; do echo "Waiting for secret replication" && sleep 10 && ((x++)); done
if [[ "${x}" -eq 10 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} secrets link default goghvideo-openshift-builder-pull-secret --for=pull
oc apply -f - <<EOF
apiVersion: rabbitmq.com/v1beta1
kind: RabbitmqCluster
metadata:
name: rabbitmq
namespace: goghvideo-test-${RANDOMID}
spec:
delayStartSeconds: 10
image: $(params.quayhost)/goghvideo/bitnami-rabbitmq
imagePullSecrets:
- name: goghvideo-openshift-builder-pull-secret
persistence:
storage: 10Gi
replicas: 1
resources:
limits:
cpu: "2"
memory: 2Gi
requests:
cpu: "1"
memory: 2Gi
service:
type: ClusterIP
terminationGracePeriodSeconds: 30
EOF
x=0; until [[ -n $(oc -n goghvideo-test-${RANDOMID} get sa/rabbitmq-server 2>/dev/null ) || $x -eq 10 ]]; do echo "Waiting for operator to deploy rabbit" && sleep 5 && ((x++)); done
if [[ "${x}" -eq 10 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} adm policy add-scc-to-user anyuid -z rabbitmq-server
x=0; until [[ $(oc -n goghvideo-test-${RANDOMID} get sts rabbitmq-server -o jsonpath="{.status.readyReplicas}") -gt 0 || $x -eq 20 ]]; do echo "Waiting for Rabbit MQ to startup" && sleep 15 && ((x++)); done
if [[ "${x}" -eq 20 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} create route edge --service=rabbitmq --port=15672
oc -n goghvideo-test-${RANDOMID} get pods
RABBITHOST=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.host | base64decode }}')
RABBITUSER=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.username | base64decode }}')
RABBITPASS=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.password | base64decode }}')
oc -n goghvideo-test-${RANDOMID} create secret generic amqp --from-literal=url=amqp://${RABBITUSER}:${RABBITPASS}@${RABBITHOST}/
curl -O http://${RABBITHOST}:15672/cli/rabbitmqadmin
chmod +x rabbitmqadmin
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare exchange name=conversion type=topic
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=transcode durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=notification durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=upload-nextcloud durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=complete durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="transcode" routing_key="transcode"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="notification" routing_key="notification"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="upload-nextcloud" routing_key="upload-nextcloud"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="complete" routing_key="complete"
echo -n "goghvideo-test-${RANDOMID}" > $(results.namespace.path)
workspaces:
- name: kubeconfig-dir
workspace: dockerconfig
- name: prepare-helm-charts
runAfter: ["ephemeral-namespace"]
taskRef:
name: git-clone
params:
- name: url
value: $(params.git-helm-url)
workspaces:
- name: output
workspace: helm
- name: basic-auth
workspace: gitauth
- name: deploy-notification-app
runAfter: ["prepare-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: notification
- name: release_namespace
value: $(tasks.ephemeral-namespace.results.namespace)
- name: release_name
value: notification
- name: overwrite_values
value: "image.tag=$(params.revision)"
workspaces:
- name: source
workspace: helm
- name: deploy-upload-to-nextcloud-app
runAfter: ["prepare-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: upload-to-nextcloud
- name: release_namespace
value: $(tasks.ephemeral-namespace.results.namespace)
- name: release_name
value: upload-to-nextcloud
workspaces:
- name: source
workspace: helm
- name: deploy-conversion-engine-job
runAfter: ["prepare-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: conversion-engine
- name: release_namespace
value: $(tasks.ephemeral-namespace.results.namespace)
- name: release_name
value: conversion-engine
workspaces:
- name: source
workspace: helm
- name: get-filedrop-name
runAfter: ["deploy-conversion-engine-job", "deploy-upload-to-nextcloud-app", "deploy-notification-app"]
taskref:
name: openshift-ephemeral-namespace-client
kind: Task
params:
- name: VERSION
value: 4.11
- name: SCRIPT
value: |
#!/usr/bin/env bash
wget "https://github.com/jqlang/jq/releases/download/jq-1.7/jq-linux-amd64" -O /usr/local/bin/jq
chmod +x /usr/local/bin/jq
INPUTSRC=$(oc -n $(tasks.ephemeral-namespace.results.namespace) get scaledjob/conversion-engine -o json | /usr/local/bin/jq -r '.spec.jobTargetRef.template.spec.initContainers[0].env[] | select(.name == "sourcefile").value')
if [[ -z "${INPUTSRC}" ]]; then exit 1; fi
echo -n "${INPUTSRC}" > $(results.filedrop.path)
workspaces:
- name: kubeconfig-dir
workspace: dockerconfig
- name: perform-e2e-test
runAfter: ["get-filedrop-name"]
taskref:
name: openshift-ephemeral-namespace-client
kind: Task
params:
- name: VERSION
value: 4.11
- name: SCRIPT
value: |
#!/usr/bin/env bash
oc create -f - <<EOF && sleep 2
apiVersion: batch/v1
kind: Job
metadata:
generateName: e2e-test-
namespace: $(tasks.ephemeral-namespace.results.namespace)
labels:
app: e2e-test
spec:
completions: 1
parallelism: 1
template:
metadata:
creationTimestamp: null
spec:
restartPolicy: Never
containers:
- env:
- name: amqp
valueFrom:
secretKeyRef:
key: url
name: amqp
- name: dropfile
value: $(tasks.get-filedrop-name.results.filedrop)
image: $(params.quayhost)/goghvideo/e2e-test:v0.1.5
imagePullPolicy: Always
name: transcode-job
volumeMounts:
- mountPath: "/conversion"
name: "pvc-conversion"
volumes:
- name: "pvc-conversion"
persistentVolumeClaim:
claimName: "pvc-conversion"
EOF
MYJOB=$(oc -n $(tasks.ephemeral-namespace.results.namespace) get jobs -l app=e2e-test -o name)
echo "Job Reference: ${MYJOB}"
x=0; until [[ $(oc -n $(tasks.ephemeral-namespace.results.namespace) get ${MYJOB} -o go-template="{{if .status.active}}{{.status.active}}{{else}}0{{end}}") -gt 0 || $x -eq 60 ]]; do echo "Waiting for e2e job to start" && sleep 2 && ((x++)); done
if [[ "${x}" -eq 60 ]]; then exit 1; fi
x=0; until [[ $(oc -n $(tasks.ephemeral-namespace.results.namespace) get ${MYJOB} -o go-template="{{if .status.succeeded}}{{.status.succeeded}}{{else}}0{{end}}" ) -gt 0 || $x -eq 20 ]]; do echo "Waiting for test to complete" && sleep 15 && ((x++)); done
if [[ "${x}" -eq 20 ]]; then exit 1; fi
workspaces:
- name: kubeconfig-dir
workspace: dockerconfig
- name: set-success-status
runAfter: ["perform-e2e-test"]
taskRef:
name: gitea-set-status
params:
- name: githost
value: $(params.githost)
- name: quayhost
value: $(params.quayhost)
- name: statusurl
value: "https://console-openshift-console.apps.ocp.endofday.com/pipelines/ns/goghvideo-cicd-pipeline/pipeline-runs"
- name: revision
value: $(params.revision)
- name: repofullname
value: $(params.repofullname)
- name: description
value: "CI Pipeline"
- name: state
value: "success"
workspaces:
- name: gitauth
workspace: gitauth
- name: promote
runAfter: ["set-success-status"]
taskref:
name: promote
kind: Task
params:
- name: ref
value: $(params.ref)
- name: repofullname
value: $(params.repofullname)
- name: revision
value: $(params.revision)
- name: semver
value: $(tasks.prepare.results.version)
- name: author
value: $(params.author)
- name: email
value: $(params.email)
- name: appname
value: notification
- name: quayhost
value: $(params.quayhost)
- name: githost
value: $(params.githost)
- name: index
value: $(params.index)
workspaces:
- name: source
workspace: source
- name: gitauth
workspace: gitauth
- name: quayauth
workspace: quayauth
- name: utilities
workspace: utilities
- name: helm
workspace: helm

430
pipeline/upload-to-nextcloud.yaml
View File

@@ -1,430 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: upload2nc-buildtest
namespace: goghvideo-cicd-pipeline
spec:
workspaces:
- name: source
- name: gitauth
- name: dockerconfig
- name: helm
- name: gitsshauth
params:
- name: git-repo-full-name
type: string
- name: git-token-secret-name
type: string
- name: git-token-secret-key
type: string
- name: git-commit-sha
type: string
- name: git-repo-url
type: string
description: Git URL to retrieve
- name: git-branch
type: string
description: branch to checkout
- name: git-pr-index
description: PR number to merge
- name: git-merge-type
description: What type of merge to do
- name: git-merge-delete-branch
description: delete the branch after merge
- name: verbose
type: string
default: "false"
- name: lint-package
type: string
- name: lint-context
type: string
description: Path to where the modules are stored
- name: lint-version
type: string
default: latest
- name: image
type: string
- name: s2i-builder-image
type: string
- name: git-helm-url
type: string
tasks:
- name: set-check-pending
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Build started
- name: STATE
value: pending
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines/all-namespaces
- name: git-semver
runAfter:
- set-check-pending
taskRef:
name: git-semver
params:
- name: gitrepositoryurl
value: $(params.git-repo-url)
- name: gitbranch
value: $(params.git-branch)
workspaces:
- name: repo
workspace: source
- name: gitauth
workspace: gitauth
- name: golangci-lint
runAfter:
- git-semver
taskRef:
name: golangci-lint
params:
- name: package
value: $(params.lint-package)
- name: context
value: $(params.lint-context)
- name: version
value: $(params.lint-version)
workspaces:
- name: source
workspace: source
- name: generate-imagetag
runAfter:
- golangci-lint
taskRef:
name: generate-image-tag
params:
- name: version
value: $(tasks.git-semver.results.version)
- name: image
value: $(params.image)
- name: s2i-build
runAfter:
- generate-imagetag
taskRef:
name: s2i-go-debug
params:
- name: TLSVERIFY
value: false
- name: BUILDER_IMAGE
value: $(params.s2i-builder-image)
- name: PATH_CONTEXT
value: $(params.lint-context)
- name: verbose
value: true
- name: IMAGE
value: $(tasks.generate-imagetag.results.imagetag)
- name: ENV_VARS
value:
- semver=$(tasks.git-semver.results.version)
workspaces:
- name: source
workspace: source
- name: dockerconfig
workspace: dockerconfig
- name: ephemeral-ns
runAfter:
- s2i-build
taskref:
name: openshift-ephemeral-namespace-client
kind: Task
params:
- name: VERSION
value: 4.11
- name: SCRIPT
value: |
echo "${SHELL}"
RANDOMID=$(openssl rand -hex 4)
oc new-project goghvideo-test-${RANDOMID} >/dev/null
oc label namespace goghvideo-test-${RANDOMID} app=goghvideo-test
x=0; until [[ -n $(oc -n goghvideo-test-${RANDOMID} get secret/goghvideo-openshift-builder-pull-secret 2>/dev/null) || $x -eq 10 ]]; do echo "Waiting for secret replication" && sleep 10 && ((x++)); done
if [[ "${x}" -eq 10 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} secrets link default goghvideo-openshift-builder-pull-secret --for=pull
oc apply -f - <<EOF
apiVersion: rabbitmq.com/v1beta1
kind: RabbitmqCluster
metadata:
name: rabbitmq
namespace: goghvideo-test-${RANDOMID}
spec:
delayStartSeconds: 10
image: quay01.ipa.endofday.com/goghvideo/bitnami-rabbitmq
imagePullSecrets:
- name: goghvideo-openshift-builder-pull-secret
persistence:
storage: 10Gi
replicas: 1
resources:
limits:
cpu: "2"
memory: 2Gi
requests:
cpu: "1"
memory: 2Gi
service:
type: ClusterIP
terminationGracePeriodSeconds: 30
EOF
x=0; until [[ -n $(oc -n goghvideo-test-${RANDOMID} get sa/rabbitmq-server 2>/dev/null ) || $x -eq 10 ]]; do echo "Waiting for operator to deploy rabbit" && sleep 5 && ((x++)); done
if [[ "${x}" -eq 10 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} adm policy add-scc-to-user anyuid -z rabbitmq-server
x=0; until [[ $(oc -n goghvideo-test-${RANDOMID} get sts rabbitmq-server -o jsonpath="{.status.readyReplicas}") -gt 0 || $x -eq 20 ]]; do echo "Waiting for Rabbit MQ to startup" && sleep 15 && ((x++)); done
if [[ "${x}" -eq 20 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} create route edge --service=rabbitmq --port=15672
oc -n goghvideo-test-${RANDOMID} get pods
RABBITHOST=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.host | base64decode }}')
RABBITUSER=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.username | base64decode }}')
RABBITPASS=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.password | base64decode }}')
oc -n goghvideo-test-${RANDOMID} create secret generic amqp --from-literal=url=amqp://${RABBITUSER}:${RABBITPASS}@${RABBITHOST}/
curl -O http://${RABBITHOST}:15672/cli/rabbitmqadmin
chmod +x rabbitmqadmin
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare exchange name=conversion type=topic
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=transcode durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=notification durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=upload-nextcloud durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=complete durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="transcode" routing_key="transcode"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="notification" routing_key="notification"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="upload-nextcloud" routing_key="upload-nextcloud"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="complete" routing_key="complete"
echo -n "goghvideo-test-${RANDOMID}" > $(results.namespace.path)
workspaces:
- name: kubeconfig-dir
workspace: dockerconfig
- name: clone-helm-charts
runAfter: ["ephemeral-ns"]
taskRef:
name: git-clone
params:
- name: url
value: $(params.git-helm-url)
workspaces:
- name: output
workspace: helm
- name: ssh-directory
workspace: gitsshauth
- name: deploy-upload-to-nextcloud-testver
runAfter: ["clone-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: upload-to-nextcloud
- name: release_namespace
value: $(tasks.ephemeral-ns.results.namespace)
- name: release_name
value: upload-to-nextcloud
- name: overwrite_values
value: "image.tag=v$(tasks.git-semver.results.version)"
workspaces:
- name: source
workspace: helm
- name: deploy-notification
runAfter: ["clone-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: notification
- name: release_namespace
value: $(tasks.ephemeral-ns.results.namespace)
- name: release_name
value: notification
workspaces:
- name: source
workspace: helm
- name: deploy-conversion-engine
runAfter: ["clone-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: conversion-engine
- name: release_namespace
value: $(tasks.ephemeral-ns.results.namespace)
- name: release_name
value: conversion-engine
workspaces:
- name: source
workspace: helm
- name: get-filedrop-name
runAfter: ["deploy-upload-to-nextcloud-testver", "deploy-conversion-engine", "deploy-notification"]
taskref:
name: openshift-ephemeral-namespace-client
kind: Task
params:
- name: VERSION
value: 4.11
- name: SCRIPT
value: |
#!/usr/bin/env bash
wget "https://github.com/jqlang/jq/releases/download/jq-1.7/jq-linux-amd64" -O /usr/local/bin/jq
chmod +x /usr/local/bin/jq
INPUTSRC=$(oc -n $(tasks.ephemeral-ns.results.namespace) get scaledjob/conversion-engine -o json | /usr/local/bin/jq -r '.spec.jobTargetRef.template.spec.initContainers[0].env[] | select(.name == "sourcefile").value')
if [[ -z "${INPUTSRC}" ]]; then exit 1; fi
echo -n "${INPUTSRC}" > $(results.filedrop.path)
workspaces:
- name: kubeconfig-dir
workspace: dockerconfig
- name: perform-e2e-test
runAfter: ["get-filedrop-name"]
taskref:
name: openshift-ephemeral-namespace-client
kind: Task
params:
- name: VERSION
value: 4.11
- name: SCRIPT
value: |
#!/usr/bin/env bash
oc create -f - <<EOF
apiVersion: batch/v1
kind: Job
metadata:
generateName: e2e-test-
namespace: $(tasks.ephemeral-ns.results.namespace)
labels:
app: e2e-test
spec:
completions: 1
parallelism: 1
template:
metadata:
creationTimestamp: null
spec:
restartPolicy: Never
containers:
- env:
- name: amqp
valueFrom:
secretKeyRef:
key: url
name: amqp
- name: dropfile
value: $(tasks.get-filedrop-name.results.filedrop)
image: quay01.ipa.endofday.com/goghvideo/e2e-test:v0.1.5
imagePullPolicy: Always
name: transcode-job
volumeMounts:
- mountPath: "/conversion"
name: "pvc-conversion"
volumes:
- name: "pvc-conversion"
persistentVolumeClaim:
claimName: "pvc-conversion"
EOF
workspaces:
- name: kubeconfig-dir
workspace: dockerconfig
- name: pass-pr-check
runAfter: ["perform-e2e-test"]
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Tekton CI Pipeline
- name: STATE
value: success
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines
- name: create-git-release
runAfter: ["pass-pr-check"]
taskRef:
name: gitea-create-release
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: TAG
value: $(tasks.git-semver.results.version)
- name: TITLE
value: $(params.git-repo-full-name)-$(tasks.git-semver.results.version)
- name: perform-merge
runAfter: ["create-git-release"]
taskRef:
name: gitea-merge-pr
params:
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Automatically merged by CI pipeline
- name: INDEX
value: $(params.git-pr-index)
- name: MERGETYPE
value: $(params.git-merge-type)
- name: DELETEBRANCH
value: $(params.git-merge-delete-branch)
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines
finally:
- name: fail-pr-check
when:
- input: $(tasks.status)
operator: in
values:
- Failed
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Tekton CI Pipeline
- name: STATE
value: failure
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines

17
tasks/copy-shared-utilities.yaml
View File

@@ -1,17 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: copy-shared-utilities
namespace: goghvideo-cicd-pipeline
spec:
steps:
- name: copy-shared-utilities
image: quay01.ipa.endofday.com/goghvideo/rockylinux:9-ubi
workingDir: $(workspaces.utilities.path)
script: |
#!/usr/bin/env bash
curl -O https://nextcloud.endofday.com/s/TXMc8z3Xjxci5fY/download/yq
chmod +x yq
workspaces:
- name: utilities

29
tasks/generate-image-tag-task.yaml
View File

@@ -1,29 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: generate-image-tag
namespace: goghvideo-cicd-pipeline
spec:
params:
- name: image
type: string
- name: version
type: string
results:
- name: imagetag
type: string
steps:
- name: concatenate-strings
image: quay01.ipa.endofday.com/goghvideo/rockylinux:9-ubi
env:
- name: IMAGE
value: $(params.image)
- name: TAG
value: $(params.version)
script: |
#!/usr/bin/env bash
IMAGE=$(echo -n ${IMAGE})
TAG=$(echo -n ${TAG})
echo -n "${IMAGE}:v${TAG}" > "$(results.imagetag.path)"

36
tasks/git-semver.yaml
View File

@@ -1,36 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: git-semver
namespace: goghvideo-cicd-pipeline
spec:
params:
- name: gitrepositoryurl
type: string
- name: gitbranch
type: string
default: master
results:
- name: version
type: string
steps:
- name: clone-and-calculate-semver
image: quay01.ipa.endofday.com/goghvideo/gitversion:latest
env:
- name: PARAM_REPO
value: $(params.gitrepositoryurl)
- name: PARAM_BRANCH
value: $(params.gitbranch)
script: |
#!/usr/bin/env bash
USERNAME=$(cat /workspace/gitauth/username)
PASSWORD=$(cat /workspace/gitauth/password)
SEMVER=$(/tools/dotnet-gitversion /url ${PARAM_REPO} /b ${PARAM_BRANCH} /u ${USERNAME} /p ${PASSWORD} /dynamicRepoLocation /workspace/repo /overrideconfig mode=Mainline /overrideconfig commit-message-incrementing=MergeMessageOnly /showvariable MajorMinorPatch /verbosity quiet)
echo -n ${SEMVER} > $(results.version.path)
exit 0
securityContext:
runAsNonRoot: true
runAsUser: 65532
workspaces:
- name: repo
- name: gitauth

125
tasks/gitea-create-release.yaml
View File

@@ -1,125 +0,0 @@
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: gitea-create-release
namespace: goghvideo-cicd-pipeline
spec:
description: |-
This task will merge a PR and delete the branch.
params:
- name: GITEA_HOST_URL
description: |
The Gitea host, e.g: git.yourcompany.com. Can include port.
type: string
- name: GITEA_HTTPS_OR_HTTP
default: https
description: |
If we should connect with HTTP or HTTPS. Use "http" or "https" here.
type: string
- name: API_PATH_PREFIX
default: /api/v1
description: |
The API path prefix of Gitea, default: /api/v1
type: string
- name: REPO_FULL_NAME
description: |
The Gitea repository full name, e.g.: tektoncd/catalog
type: string
- name: GITEA_TOKEN_SECRET_NAME
default: gitea
description: |
The name of the kubernetes secret that contains the Gitea token, default: gitea
type: string
- name: GITEA_TOKEN_SECRET_KEY
default: token
description: |
The key within the kubernetes secret that contains the Gitea token, default: token
type: string
- name: IMAGE
default: python:3.10.1-alpine3.15@sha256:affe0faa14e7553fc570beec3864e74b5e36f8c19b2bb49ae8ba79c0e9e7236e
description: |
Image providing the python binary which this task uses.
type: string
- name: TITLE
description: Main title of release
type: string
- name: TAG
description: Version tag
type: string
- name: SHEBANG
default: /usr/bin/env python
description: |
Python path. Depends on the image.
type: string
- name: SHA
description: |
The SHA of the merge commit
type: string
steps:
- image: $(params.IMAGE)
name: create-git-release
script: |
#!$(params.SHEBANG)
"""This script will create a git release tag"""
import json
import sys
import http.client
gitea_token = open("/etc/gitea-set-status/$(params.GITEA_TOKEN_SECRET_KEY)", "r").read()
merge_url = "$(params.API_PATH_PREFIX)" + "/repos/$(params.REPO_FULL_NAME)/" + \
"releases"
data = {
"name": "$(params.TITLE)",
"tag_name": "$(params.TAG)",
"target_commitish": "$(params.SHA)"
}
print("Sending this data to Gitea: ")
print(data)
authHeader = "token " + gitea_token
if "$(params.GITEA_HTTPS_OR_HTTP)" == "https":
conn = http.client.HTTPSConnection("$(params.GITEA_HOST_URL)")
else:
conn = http.client.HTTPConnection("$(params.GITEA_HOST_URL)")
conn.request(
"POST",
merge_url,
body=json.dumps(data),
headers={
"User-Agent": "TektonCD, the peaceful cat",
"Authorization": authHeader,
"Accept": "application/json",
"Content-Type": "application/json",
})
resp = conn.getresponse()
if not str(resp.status).startswith("2"):
print("Error: %d" % (resp.status))
print(resp.read())
sys.exit(1)
else:
print("Create release completed on $(params.REPO_FULL_NAME)")
volumeMounts:
- mountPath: /etc/gitea-set-status
name: giteatoken
volumes:
- name: giteatoken
secret:
secretName: $(params.GITEA_TOKEN_SECRET_NAME)

132
tasks/gitea-merge-pr.yaml
View File

@@ -1,132 +0,0 @@
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: gitea-merge-pr
namespace: goghvideo-cicd-pipeline
spec:
description: |-
This task will merge a PR and delete the branch.
params:
- description: |
The Gitea host, e.g: git.yourcompany.com. Can include port.
name: GITEA_HOST_URL
type: string
- default: https
description: |
If we should connect with HTTP or HTTPS. Use "http" or "https" here.
name: GITEA_HTTPS_OR_HTTP
type: string
- default: /api/v1
description: |
The API path prefix of Gitea, default: /api/v1
name: API_PATH_PREFIX
type: string
- description: |
The Gitea repository full name, e.g.: tektoncd/catalog
name: REPO_FULL_NAME
type: string
- default: gitea
description: |
The name of the kubernetes secret that contains the Gitea token, default: gitea
name: GITEA_TOKEN_SECRET_NAME
type: string
- default: token
description: |
The key within the kubernetes secret that contains the Gitea token, default: token
name: GITEA_TOKEN_SECRET_KEY
type: string
- description: |
Merge Index Number
name: INDEX
type: string
- description: |
The target URL to associate with this status. This URL will be linked
from the Gitea UI to allow users to easily see the source of the
status.
name: TARGET_URL
type: string
- description: |
A short description of the status.
name: DESCRIPTION
type: string
- default: continuous-integration/tekton
description: |
The Gitea context, A string label to differentiate this status from
the status of other systems. ie: "continuous-integration/tekton"
name: CONTEXT
type: string
- description: |
The merge message field
name: MERGETYPE
type: string
- default: python:3.10.1-alpine3.15@sha256:affe0faa14e7553fc570beec3864e74b5e36f8c19b2bb49ae8ba79c0e9e7236e
description: |
Image providing the python binary which this task uses.
name: IMAGE
type: string
- default: true
description: |
Delete the branch after merge
name: DELETEBRANCH
type: string
- default: /usr/bin/env python
description: |
Python path. Depends on the image.
name: SHEBANG
type: string
steps:
- image: $(params.IMAGE)
name: merge-pull-request
script: |
#!$(params.SHEBANG)
"""This script will set the CI status on a Gitea commit"""
import json
import sys
import http.client
gitea_token = open("/etc/gitea-set-status/$(params.GITEA_TOKEN_SECRET_KEY)", "r").read()
merge_url = "$(params.API_PATH_PREFIX)" + "/repos/$(params.REPO_FULL_NAME)/" + \
"pulls/$(params.INDEX)/merge"
data = {
"Do": "$(params.MERGETYPE)",
"MergeMessageField": "$(params.DESCRIPTION)",
"MergeTitleField": "$(params.CONTEXT)"
}
print("Sending this data to Gitea: ")
print(data)
authHeader = "token " + gitea_token
if "$(params.GITEA_HTTPS_OR_HTTP)" == "https":
conn = http.client.HTTPSConnection("$(params.GITEA_HOST_URL)")
else:
conn = http.client.HTTPConnection("$(params.GITEA_HOST_URL)")
conn.request(
"POST",
merge_url,
body=json.dumps(data),
headers={
"User-Agent": "TektonCD, the peaceful cat",
"Authorization": authHeader,
"Accept": "application/json",
"Content-Type": "application/json",
})
resp = conn.getresponse()
if not str(resp.status).startswith("2"):
print("Error: %d" % (resp.status))
print(resp.read())
sys.exit(1)
else:
print("Gitea merge completed on $(params.REPO_FULL_NAME)")
volumeMounts:
- mountPath: /etc/gitea-set-status
name: giteatoken
volumes:
- name: giteatoken
secret:
secretName: $(params.GITEA_TOKEN_SECRET_NAME)

76
tasks/gitea-set-status.yaml
View File

@@ -1,76 +0,0 @@
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: gitea-set-status
namespace: goghvideo-cicd-pipeline
spec:
description: |-
This task will set the status of the CI job to the specified value along with a link to the specified target URL where developers can follow the progress of the CI job.
The `gitea-set-status` task allows external services to mark Gitea commits with an `error`, `failure`, `pending`, or `success` state, which is then reflected in pull requests involving those commits. Statuses include as well a `description` and a `target_url`, to give the user informations about the CI statuses or a direct link to the full log.
params:
- name: githost
type: string
- name: quayhost
type: string
- name: repofullname
type: string
- name: revision
type: string
- name: statusurl
type: string
- name: description
type: string
- name: context
type: string
default: continuous-integration/tekton
- name: state
type: string
steps:
- image: $(params.quayhost)/goghvideo/python:3-alpine
name: set-status
script: |
#!/usr/bin/env python
"""This script will set the CI status on a Gitea commit"""
import json
import sys
import http.client
gitea_token = open("$(workspaces.gitauth.path)/password", "r").read()
status_url = "/api/v1/repos/$(params.repofullname)/statuses/$(params.revision)"
data = {
"state": "$(params.state)",
"target_url": "$(params.statusurl)",
"description": "$(params.description)",
"context": "$(params.context)"
}
print("Sending this data to Gitea: ")
print(data)
authHeader = "token " + gitea_token
conn = http.client.HTTPSConnection("$(params.githost)")
conn.request(
"POST",
status_url,
body=json.dumps(data),
headers={
"User-Agent": "TektonCD, the peaceful cat",
"Authorization": authHeader,
"Accept": "application/json",
"Content-Type": "application/json",
})
resp = conn.getresponse()
if not str(resp.status).startswith("2"):
print("Error: %d" % (resp.status))
print(resp.read())
sys.exit(1)
else:
print("Gitea status has been set")
workspaces:
- name: gitauth

81
tasks/golangci-lint.yaml
View File

@@ -1,81 +0,0 @@
apiVersion: tekton.dev/v1
kind: Task
metadata:
annotations:
tekton.dev/categories: Code Quality
tekton.dev/displayName: golangci lint
tekton.dev/pipelines.minVersion: 0.12.1
tekton.dev/platforms: linux/amd64
tekton.dev/tags: lint
labels:
app.kubernetes.io/version: "0.2"
name: golangci-lint
namespace: goghvideo-cicd-pipeline
spec:
description: This Task is Golang task to validate Go projects.
params:
- description: base package (and its children) under validation
name: package
type: string
- default: .
description: path to the directory to use as context.
name: context
type: string
- default: --verbose
description: flags to use for the test command
name: flags
type: string
- default: v1.39
description: golangci-lint version to use
name: version
type: string
- default: linux
description: running operating system target
name: GOOS
type: string
- default: amd64
description: running architecture target
name: GOARCH
type: string
- default: auto
description: value of module support
name: GO111MODULE
type: string
- default: ""
description: Go caching directory path
name: GOCACHE
type: string
- default: ""
description: Go mod caching directory path
name: GOMODCACHE
type: string
- default: ""
description: golangci-lint cache path
name: GOLANGCI_LINT_CACHE
type: string
steps:
- env:
- name: GOPATH
value: /workspace
- name: GOOS
value: $(params.GOOS)
- name: GOARCH
value: $(params.GOARCH)
- name: GO111MODULE
value: $(params.GO111MODULE)
- name: GOCACHE
value: $(params.GOCACHE)
- name: GOMODCACHE
value: $(params.GOMODCACHE)
- name: GOLANGCI_LINT_CACHE
value: $(params.GOLANGCI_LINT_CACHE)
image: quay01.ipa.endofday.com/goghvideo/golang-lint:$(params.version)
name: lint
script: |
golangci-lint run $(params.flags)
workingDir: $(workspaces.source.path)/$(params.context)
workspaces:
# - mountPath: /workspace/src/$(params.package)
# name: source
- name: source

60
tasks/helm-upgrade-from-source.yaml
View File

@@ -1,60 +0,0 @@
apiVersion: tekton.dev/v1
kind: Task
metadata:
annotations:
tekton.dev/categories: Deployment
tekton.dev/pipelines.minVersion: 0.12.1
tekton.dev/platforms: linux/amd64,linux/s390x,linux/ppc64le,linux/arm64
tekton.dev/tags: helm
labels:
app.kubernetes.io/version: "0.3"
hub.tekton.dev/catalog: tekton
name: helm-upgrade-from-source
namespace: goghvideo-cicd-pipeline
spec:
description: These tasks will install / upgrade a helm chart into your Kubernetes
/ OpenShift Cluster using Helm
params:
- description: The directory in source that contains the helm chart
name: charts_dir
type: string
- default: v1.0.0
description: The helm release version in semantic versioning format
name: release_version
type: string
- default: helm-release
description: The helm release name
name: release_name
type: string
- default: ""
description: The helm release namespace
name: release_namespace
type: string
- default: ""
description: 'Specify the values you want to overwrite, comma separated: autoscaling.enabled=true,replicas=1'
name: overwrite_values
type: string
- default: values.yaml
description: The values file to be used
name: values_file
type: string
- default: docker.io/lachlanevenson/k8s-helm@sha256:5c792f29950b388de24e7448d378881f68b3df73a7b30769a6aa861061fd08ae
description: helm image to be used
name: helm_image
type: string
- default: ""
description: Extra parameters passed for the helm upgrade command
name: upgrade_extra_params
type: string
steps:
- image: $(params.helm_image)
name: upgrade
script: |
echo current installed helm releases
helm list --namespace "$(params.release_namespace)"
echo installing helm chart...
helm upgrade --install --wait --values "$(params.charts_dir)/$(params.values_file)" --namespace "$(params.release_namespace)" --version "$(params.release_version)" "$(params.release_name)" "$(params.charts_dir)" --debug --set "$(params.overwrite_values)" $(params.upgrade_extra_params)
workingDir: /workspace/source
workspaces:
- name: source

48
tasks/openshift-ephemeral-namespace-client.yaml
View File

@@ -1,48 +0,0 @@
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: openshift-ephemeral-namespace-client
namespace: goghvideo-cicd-pipeline
spec:
description: |-
This task runs commands against the cluster provided by user and if not provided then where the Task is being executed.
OpenShift is a Kubernetes distribution from Red Hat which provides oc, the OpenShift CLI that complements kubectl for simplifying deployment and configuration applications on OpenShift.
params:
- default: oc help
description: The OpenShift CLI arguments to run
name: SCRIPT
type: string
- default: "4.7"
description: The OpenShift Version to use
name: VERSION
type: string
results:
- name: namespace
type: string
description: The namespace which was created
- name: filedrop
type: string
description: The name of the filedrop for testing
steps:
- image: quay.io/openshift/origin-cli:$(params.VERSION)
name: oc
script: |
#!/usr/bin/env bash
[[ "$(workspaces.manifest-dir.bound)" == "true" ]] && \
cd $(workspaces.manifest-dir.path)
[[ "$(workspaces.kubeconfig-dir.bound)" == "true" ]] && \
[[ -f $(workspaces.kubeconfig-dir.path)/kubeconfig ]] && \
export KUBECONFIG=$(workspaces.kubeconfig-dir.path)/kubeconfig
$(params.SCRIPT)
workspaces:
- description: The workspace which contains kubernetes manifests which we want to
apply on the cluster.
name: manifest-dir
optional: true
- description: The workspace which contains the the kubeconfig file if in case we
want to run the oc command on another cluster.
name: kubeconfig-dir
optional: true

234
tasks/promote-version.yaml
View File

@@ -1,234 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: promote
namespace: goghvideo-cicd-pipeline
spec:
params:
- name: ref
description: The git branch reference
type: string
- name: repofullname
type: string
- name: revision
description: git unique head commit id
type: string
- name: semver
description: Symantic version number
type: string
- name: author
type: string
- name: email
type: string
- name: appname
type: string
- name: index
type: string
- name: githost
type: string
- name: quayhost
type: string
steps:
- name: tag-image-with-release-ver
image: $(params.quayhost)/goghvideo/python:3-alpine
script: |
#!/usr/bin/env python
"""This script will set tag the image with the release version"""
import json
import sys
import http.client
import ssl
quay_token = open("$(workspaces.quayauth.path)/apikey", "r").read()
authHeader = "Bearer " + quay_token
conn = http.client.HTTPSConnection(
"$(params.quayhost)",
context = ssl._create_unverified_context()
)
existing_tag = "/api/v1/repository/$(params.repofullname)/tag/?specificTag=$(params.revision)"
print("Getting existing tag information from Quay")
print("URL: %s" % (existing_tag))
conn.request(
"GET",
existing_tag,
headers={
"User-Agent": "TektonCD, the peaceful cat",
"Authorization": authHeader,
"Accept": "application/json",
"Content-Type": "application/json",
}
)
resp = conn.getresponse()
if not str(resp.status).startswith("2"):
print("Error: %d" % (resp.status))
print(resp.read())
sys.exit(1)
else:
print("Successfully Retrieved quay information for tag")
tag_info = json.loads(resp.read().decode('utf-8'))
for item in tag_info['tags']:
manifest_digest = item['manifest_digest']
print("Tagging image with semver")
tag_url = "/api/v1/repository/$(params.repofullname)/tag/v$(params.semver)"
print("URL: %s" % (tag_url))
print("Manifest SHA: %s" % (manifest_digest))
data = {
"manifest_digest": manifest_digest
}
conn.request(
"PUT",
tag_url,
body=json.dumps(data),
headers={
"User-Agent": "TektonCD, the peaceful cat",
"Authorization": authHeader,
"Accept": "application/json",
"Content-Type": "application/json",
}
)
resp = conn.getresponse()
if not str(resp.status).startswith("2"):
print("Error: %d" % (resp.status))
print(resp.read())
sys.exit(1)
else:
print("Successfully tagged image")
- name: release-notes
image: $(params.quayhost)/goghvideo/bitnami-git:latest
workingDir: $(workspaces.source.path)/$(params.appname)
script: |
#!/bin/sh
export USERNAME=$(cat $(workspaces.gitauth.path)/username)
export PASSWORD=$(cat $(workspaces.gitauth.path)/password)
git config --global --add safe.directory $(workspaces.source.path)/$(params.appname)
git config --global user.name "$(params.author)"
git config --global user.email "$(params.email)"
HOSTPATH=$(git remote get-url origin | sed 's_https://__')
git remote set-url origin https://${USERNAME}:${PASSWORD}@${HOSTPATH}
git fetch --all --tags >/dev/null 2>&1
#git log main..$(params.ref) --oneline --no-merges --decorate > release-v$(params.semver).md 2>/dev/null
#git add release-v$(params.semver).md
#git commit -m "Including release notes"
git tag -a v$(params.semver) -m "Upgrade to v$(params.semver)"
git push origin $(params.ref) --tags
- name: get-tag-data
image: $(params.quayhost)/goghvideo/python:3-alpine
script: |
#!/usr/bin/env python
"""This script will get the Gitea tag status"""
import json
import sys
import http.client
gitea_token = open("$(workspaces.gitauth.path)/password", "r").read()
merge_url = "https://$(params.githost)/api/v1" + "/repos/$(params.repofullname)/" + \
"commits/v$(params.semver)/status"
authHeader = "token " + gitea_token
conn = http.client.HTTPSConnection("$(params.githost)")
conn.request(
"GET",
merge_url,
headers={
"User-Agent": "TektonCD, the peaceful cat",
"Authorization": authHeader,
"Accept": "application/json",
"Content-Type": "application/json",
})
resp = conn.getresponse()
if not str(resp.status).startswith("2"):
print("Error: %d" % (resp.status))
print(resp.read())
sys.exit(1)
else:
print("Gitea tag verification completed on $(params.githost)")
- name: merge-pull-request
image: $(params.quayhost)/goghvideo/python:3-alpine
script: |
#!/usr/bin/env python
"""This script will set the CI status on a Gitea commit"""
import json
import sys
import http.client
gitea_token = open("$(workspaces.gitauth.path)/password", "r").read()
merge_url = "https://$(params.githost)/api/v1" + "/repos/$(params.repofullname)/" + \
"pulls/$(params.index)/merge"
data = {
"Do": "merge"
}
print("Sending this data to Gitea: ")
print(data)
authHeader = "token " + gitea_token
conn = http.client.HTTPSConnection("$(params.githost)")
conn.request(
"POST",
merge_url,
body=json.dumps(data),
headers={
"User-Agent": "TektonCD, the peaceful cat",
"Authorization": authHeader,
"Accept": "application/json",
"Content-Type": "application/json",
})
resp = conn.getresponse()
if not str(resp.status).startswith("2"):
print("Error: %d" % (resp.status))
print(resp.read())
sys.exit(1)
else:
print("Gitea merge completed on $(params.githost)")
- name: update-helm-chart
image: $(params.quayhost)/goghvideo/bitnami-git:latest
workingDir: $(workspaces.helm.path)
script: |
#!/bin/sh
export USERNAME=$(cat $(workspaces.gitauth.path)/username)
export PASSWORD=$(cat $(workspaces.gitauth.path)/password)
git config --global --add safe.directory $(workspaces.helm.path)
git config --global user.name "$(params.author)"
git config --global user.email "$(params.email)"
HOSTPATH=$(git remote get-url origin | sed 's_https://__')
git remote set-url origin https://${USERNAME}:${PASSWORD}@${HOSTPATH}
git fetch
git checkout main && git pull
$(workspaces.utilities.path)/yq -i '.version |= (split(".") | .[-1] |= ((. tag = "!!int") + 1) | join("."))' $(params.appname)/Chart.yaml
$(workspaces.utilities.path)/yq -i '.appVersion="v$(params.semver)"' $(params.appname)/Chart.yaml
git add $(params.appname)/Chart.yaml
git commit -m "Updating chart version"
git push
workspaces:
- name: source
- name: gitauth
- name: quayauth
- name: utilities
- name: helm

107
tasks/s2i-go-debug.yaml
View File

@@ -1,107 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: s2i-go-debug
namespace: goghvideo-cicd-pipeline
spec:
description: s2i-go task clones a Git repository and builds and pushes a container
image using S2I and a Go builder image.
params:
- default: latest
description: The tag of go imagestream for go version
name: VERSION
type: string
- default: .
description: The location of the path to run s2i from.
name: PATH_CONTEXT
type: string
- default: "true"
description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS
registry)
name: TLSVERIFY
type: string
- description: Location of the repo where image has to be pushed
name: IMAGE
type: string
- default: registry.redhat.io/rhel8/buildah@sha256:00795fafdab9bbaa22cd29d1faa1a01e604e4884a2c935c1bf8e3d1f0ad1c084
description: The location of the buildah builder image.
name: BUILDER_IMAGE
type: string
- default: "false"
description: Skip pushing the built image
name: SKIP_PUSH
type: string
- description: Environment variables to set during _build-time_.
name: ENV_VARS
type: array
results:
- description: Digest of the image just built.
name: IMAGE_DIGEST
type: string
steps:
- args:
- $(params.ENV_VARS[*])
env:
- name: HOME
value: /tekton/home
image: registry.redhat.io/ocp-tools-4-tech-preview/source-to-image-rhel8@sha256:98d8cb3a255641ca6a1bce854e5e2460c20de9fb9b28e3cc67eb459f122873dd
name: generate
script: |
echo "Processing Build Environment Variables"
echo "" > /env-vars/env-file
for var in "$@"
do
echo "$var" >> /env-vars/env-file
done
echo "Outputting Generated /env-vars/env-file"
cat /env-vars/env-file
s2i build $(params.PATH_CONTEXT) image-registry.openshift-image-registry.svc:5000/openshift/golang:$(params.VERSION) \
--as-dockerfile /gen-source/Dockerfile.gen --environment-file /env-vars/env-file
echo "Outputting Generated /gen-source/Dockerfile.gen file"
cat /gen-source/Dockerfile.gen
volumeMounts:
- mountPath: /gen-source
name: gen-source
- mountPath: /env-vars
name: env-vars
workingDir: $(workspaces.source.path)
- image: $(params.BUILDER_IMAGE)
name: build-and-push
script: |
find . -type f -ls
buildah --log-level=info bud --storage-driver=vfs --tls-verify=$(params.TLSVERIFY) \
--layers -f /gen-source/Dockerfile.gen -t $(params.IMAGE) .
[[ "$(params.SKIP_PUSH)" == "true" ]] && echo "Push skipped" && exit 0
[[ "$(workspaces.dockerconfig.bound)" == "true" ]] && export DOCKER_CONFIG="$(workspaces.dockerconfig.path)"
buildah push --storage-driver=vfs --tls-verify=$(params.TLSVERIFY) \
--digestfile $(workspaces.source.path)/image-digest $(params.IMAGE) \
docker://$(params.IMAGE)
cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST
securityContext:
capabilities:
add:
- SETFCAP
volumeMounts:
- mountPath: /var/lib/containers
name: varlibcontainers
- mountPath: /gen-source
name: gen-source
workingDir: /gen-source
volumes:
- name: varlibcontainers
- name: gen-source
- name: env-vars
workspaces:
- mountPath: /workspace/source
name: source
- description: An optional workspace that allows providing a .docker/config.json
file for Buildah to access the container registry. The file should be placed
at the root of the Workspace with name config.json.
name: dockerconfig
optional: true

19
triggerbinding/gitea-oriig-binding.yaml
View File

@@ -1,19 +0,0 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerBinding
metadata:
name: gitea-binding
namespace: goghvideo-cicd-pipeline
spec:
params:
- name: gitrepositoryurl
value: $(body.repository.clone_url)
- name: gitcommitsha
value: $(body.pull_request.head.sha)
- name: gitfullreponame
value: $(body.pull_request.base.repo.full_name)
- name: gitbranch
value: $(body.pull_request.head.ref)
- name: gitreponame
value: $(body.pull_request.base.repo.name)
- name: gitprindex
value: $(body.pull_request.number)

25
triggerbinding/gitea-pr-webhook.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerBinding
metadata:
name: gitea-pullrequest-binding
namespace: goghvideo-cicd-pipeline
spec:
params:
- name: ref
value: $(body.pull_request.head.ref)
- name: revision
value: $(body.pull_request.head.sha)
- name: repourl
value: $(body.pull_request.head.repo.clone_url)
- name: reponame
value: $(body.pull_request.head.repo.name)
- name: repofullname
value: $(body.pull_request.head.repo.full_name)
- name: message
value: $(body.pull_request.title)
- name: author
value: $(body.pull_request.user.login)
- name: email
value: $(body.pull_request.user.email)
- name: index
value: $(body.pull_request.number)

88
triggertemplate/conversionengine-template.yaml
View File

@@ -1,88 +0,0 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerTemplate
metadata:
name: conversionengine-template
namespace: goghvideo-cicd-pipeline
spec:
params:
- name: gitrepositoryurl
description: The git repository url
- name: gitfullreponame
description: The org and repo name
- name: gitreponame
description: The name of the repo
- name: gitbranch
description: Branch to act on
- name: gitcommitsha
description: The SHA head
- name: gitprindex
description: The pull request reference
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: goghvideo-conversionengine-
spec:
pipelineRef:
name: ce-buildtest
serviceAccountName: pipeline
params:
- name: git-repo-url
value: $(tt.params.gitrepositoryurl)
- name: git-repo-full-name
value: $(tt.params.gitfullreponame)
- name: git-branch
value: $(tt.params.gitbranch)
- name: git-commit-sha
value: $(tt.params.gitcommitsha)
- name: git-pr-index
value: $(tt.params.gitprindex)
- name: verbose
value: true
- name: lint-package
value: git.endofday.com/goghvideo/conversion-engine
- name: lint-context
value: $(tt.params.gitreponame)/src
- name: image
value: quay01.ipa.endofday.com/goghvideo/conversion-engine
- name: s2i-builder-image
value: quay01.ipa.endofday.com/goghvideo/golang-s2i-buildah:v1
- name: git-token-secret-name
value: git-http-credentials
- name: git-token-secret-key
value: password
- name: git-merge-type
value: merge
- name: git-merge-delete-branch
value: True
- name: git-helm-url
value: git@git-ssh.ipa.endofday.com:goghvideo/helm.git
workspaces:
- name: source
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: nfs-client
- name: gitauth
secret:
secretName: git-http-credentials
- name: gitsshauth
secret:
secretName: git-credentials
- name: dockerconfig
secret:
secretName: goghvideo-container-registry-push
- name: helm
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: nfs-client

88
triggertemplate/e2e-test.yaml
View File

@@ -1,88 +0,0 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerTemplate
metadata:
name: e2etest-template
namespace: goghvideo-cicd-pipeline
spec:
params:
- name: gitrepositoryurl
description: The git repository url
- name: gitfullreponame
description: The org and repo name
- name: gitreponame
description: The name of the repo
- name: gitbranch
description: Branch to act on
- name: gitcommitsha
description: The SHA head
- name: gitprindex
description: The pull request reference
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: goghvideo-e2etest-
spec:
pipelineRef:
name: e2etest-buildtest
serviceAccountName: pipeline
params:
- name: git-repo-url
value: $(tt.params.gitrepositoryurl)
- name: git-repo-full-name
value: $(tt.params.gitfullreponame)
- name: git-branch
value: $(tt.params.gitbranch)
- name: git-commit-sha
value: $(tt.params.gitcommitsha)
- name: git-pr-index
value: $(tt.params.gitprindex)
- name: verbose
value: true
- name: lint-package
value: git.endofday.com/goghvideo/e2e-test
- name: lint-context
value: $(tt.params.gitreponame)/src
- name: image
value: quay01.ipa.endofday.com/goghvideo/e2e-test
- name: s2i-builder-image
value: quay01.ipa.endofday.com/goghvideo/golang-s2i-buildah:v1
- name: git-token-secret-name
value: git-http-credentials
- name: git-token-secret-key
value: password
- name: git-merge-type
value: merge
- name: git-merge-delete-branch
value: True
- name: git-helm-url
value: git@git-ssh.ipa.endofday.com:goghvideo/helm.git
workspaces:
- name: source
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: nfs-client
- name: gitauth
secret:
secretName: git-http-credentials
- name: gitsshauth
secret:
secretName: git-credentials
- name: dockerconfig
secret:
secretName: goghvideo-container-registry-push
- name: helm
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: nfs-client

103
triggertemplate/notification-featurebranch.yaml
View File

@@ -1,103 +0,0 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerTemplate
metadata:
name: notification-trigger-template
namespace: goghvideo-cicd-pipeline
spec:
params:
- name: ref
description: git reference or branch name
- name: revision
description: The revision of your git repository
- name: repourl
description: The url of your git repository
- name: reponame
description: the name if your git repository
- name: repofullname
description: The full name of your git repository
- name: message
description: commit message
- name: author
description: commit author username
- name: email
description: commit author email
- name: index
description: pull request index number
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: $(tt.params.reponame)-$(tt.params.author)-
namespace: goghvideo-cicd-pipeline
labels:
webhooks.tekton.dev/repo: $(tt.params.reponame)
webhooks.tekton.dev/author: $(tt.params.author)
# annotations:
# argocd.argoproj.io/compare-options: IgnoreExtraneous
spec:
serviceAccountName: pipeline
workspaces:
- name: source
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: nfs-client
- name: gitauth
secret:
secretName: git-http-credentials
- name: gitsshauth
secret:
secretName: git-credentials
- name: dockerconfig
secret:
secretName: goghvideo-container-registry-push
- name: quayauth
secret:
secretName: quay-credentials
- name: helm
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: nfs-client
- name: utilities
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: nfs-client
params:
- name: ref
value: $(tt.params.ref)
- name: revision
value: $(tt.params.revision)
- name: author
value: $(tt.params.author)
- name: email
value: $(tt.params.email)
- name: message
value: $(tt.params.message)
- name: repourl
value: $(tt.params.repourl)
- name: repofullname
value: $(tt.params.repofullname)
- name: git-helm-url
value: https://git.endofday.com/goghvideo/helm.git
- name: index
value: $(tt.params.index)
- name: githost
value: "git.endofday.com"
- name: quayhost
value: "quay01.ipa.endofday.com"
pipelineRef:
name: notification

88
triggertemplate/notification.yaml
View File

@@ -1,88 +0,0 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerTemplate
metadata:
name: notification-template
namespace: goghvideo-cicd-pipeline
spec:
params:
- name: gitrepositoryurl
description: The git repository url
- name: gitfullreponame
description: The org and repo name
- name: gitreponame
description: The name of the repo
- name: gitbranch
description: Branch to act on
- name: gitcommitsha
description: The SHA head
- name: gitprindex
description: The pull request reference
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: goghvideo-notification-
spec:
pipelineRef:
name: notification-buildtest
serviceAccountName: pipeline
params:
- name: git-repo-url
value: $(tt.params.gitrepositoryurl)
- name: git-repo-full-name
value: $(tt.params.gitfullreponame)
- name: git-branch
value: $(tt.params.gitbranch)
- name: git-commit-sha
value: $(tt.params.gitcommitsha)
- name: git-pr-index
value: $(tt.params.gitprindex)
- name: verbose
value: true
- name: lint-package
value: git.endofday.com/goghvideo/notification
- name: lint-context
value: $(tt.params.gitreponame)/src
- name: image
value: quay01.ipa.endofday.com/goghvideo/notification
- name: s2i-builder-image
value: quay01.ipa.endofday.com/goghvideo/golang-s2i-buildah:v1
- name: git-token-secret-name
value: git-http-credentials
- name: git-token-secret-key
value: password
- name: git-merge-type
value: merge
- name: git-merge-delete-branch
value: True
- name: git-helm-url
value: https://git.endofday.com/goghvideo/helm.git
workspaces:
- name: source
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: nfs-client
- name: gitauth
secret:
secretName: git-http-credentials
- name: gitsshauth
secret:
secretName: git-credentials
- name: dockerconfig
secret:
secretName: goghvideo-container-registry-push
- name: helm
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: nfs-client

88
triggertemplate/upload-to-nextcloud.yaml
View File

@@ -1,88 +0,0 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerTemplate
metadata:
name: upload2nc-template
namespace: goghvideo-cicd-pipeline
spec:
params:
- name: gitrepositoryurl
description: The git repository url
- name: gitfullreponame
description: The org and repo name
- name: gitreponame
description: The name of the repo
- name: gitbranch
description: Branch to act on
- name: gitcommitsha
description: The SHA head
- name: gitprindex
description: The pull request reference
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: goghvideo-upload2nc-
spec:
pipelineRef:
name: upload2nc-buildtest
serviceAccountName: pipeline
params:
- name: git-repo-url
value: $(tt.params.gitrepositoryurl)
- name: git-repo-full-name
value: $(tt.params.gitfullreponame)
- name: git-branch
value: $(tt.params.gitbranch)
- name: git-commit-sha
value: $(tt.params.gitcommitsha)
- name: git-pr-index
value: $(tt.params.gitprindex)
- name: verbose
value: true
- name: lint-package
value: git.endofday.com/goghvideo/upload-to-nextcloud
- name: lint-context
value: $(tt.params.gitreponame)/src
- name: image
value: quay01.ipa.endofday.com/goghvideo/upload-to-nextcloud
- name: s2i-builder-image
value: quay01.ipa.endofday.com/goghvideo/golang-s2i-buildah:v1
- name: git-token-secret-name
value: git-http-credentials
- name: git-token-secret-key
value: password
- name: git-merge-type
value: merge
- name: git-merge-delete-branch
value: True
- name: git-helm-url
value: git@git-ssh.ipa.endofday.com:goghvideo/helm.git
workspaces:
- name: source
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: nfs-client
- name: gitauth
secret:
secretName: git-http-credentials
- name: gitsshauth
secret:
secretName: git-credentials
- name: dockerconfig
secret:
secretName: goghvideo-container-registry-push
- name: helm
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: nfs-client