goghvideo/cicd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore: refactored for helm management of pipeline objects

Browse Source
This commit is contained in:
Randal Harisch
2023-10-07 18:51:05 -06:00
parent f052787a36
commit 976bc8b1db
75 changed files with 270 additions and 4044 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
common/templates/_task-copy-shared-utilities.yaml
View File

@@ -8,7 +8,7 @@ apiVersion: tekton.dev/v1
kind: Task
metadata:
name: copy-shared-utilities
namespace: {{ include "common.name" . }}
namespace: {{ .Release.Namespace }}
spec:
steps:
- image: {{ .Values.quayHostname }}/goghvideo/rockylinux:9-ubi

244
common/templates/_task-git-clone.yaml Normal file
View File

@@ -0,0 +1,244 @@
{{- define "common.task-git-clone" }}
{{- $common := dict "Values" .Values.common -}}
{{- $noCommon := omit .Values "common" -}}
{{- $overrides := dict "Values" $noCommon -}}
{{- $noValues := omit . "Values" -}}
{{- with merge $noValues $overrides $common -}}
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: git-clone
namespace: {{ .Release.Namespace }}
spec:
description: |-
These Tasks are Git tasks to work with repositories used by other tasks in your Pipeline.
The git-clone Task will clone a repo from the provided url into the output Workspace. By default the repo will be cloned into the root of your Workspace. You can clone into a subdirectory by setting this Task's subdirectory param. This Task also supports sparse checkouts. To perform a sparse checkout, pass a list of comma separated directory patterns to this Task's sparseCheckoutDirectories param.
params:
- description: Repository URL to clone from.
name: url
type: string
- default: ""
description: Revision to checkout. (branch, tag, sha, ref, etc...)
name: revision
type: string
- default: ""
description: Refspec to fetch before checking out revision.
name: refspec
type: string
- default: "true"
description: Initialize and fetch git submodules.
name: submodules
type: string
- default: "1"
description: Perform a shallow clone, fetching only the most recent N commits.
name: depth
type: string
- default: "true"
description: Set the `http.sslVerify` global git config. Setting this to `false`
is not advised unless you are sure that you trust your git remote.
name: sslVerify
type: string
- default: ca-bundle.crt
description: file name of mounted crt using ssl-ca-directory workspace. default
value is ca-bundle.crt.
name: crtFileName
type: string
- default: ""
description: Subdirectory inside the `output` Workspace to clone the repo into.
name: subdirectory
type: string
- default: ""
description: Define the directory patterns to match or exclude when performing
a sparse checkout.
name: sparseCheckoutDirectories
type: string
- default: "true"
description: Clean out the contents of the destination directory if it already
exists before cloning.
name: deleteExisting
type: string
- default: ""
description: HTTP proxy server for non-SSL requests.
name: httpProxy
type: string
- default: ""
description: HTTPS proxy server for SSL requests.
name: httpsProxy
type: string
- default: ""
description: Opt out of proxying HTTP/HTTPS requests.
name: noProxy
type: string
- default: "true"
description: Log the commands that are executed during `git-clone`'s operation.
name: verbose
type: string
- default: registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8@sha256:1a50511583fc02a27012d17d942e247813404104ddd282d7e26f99765174392c
description: The image providing the git-init binary that this Task runs.
name: gitInitImage
type: string
- default: /home/git
description: |
Absolute path to the user's home directory.
name: userHome
type: string
results:
- description: The precise commit SHA that was fetched by this Task.
name: commit
type: string
- description: The precise URL that was fetched by this Task.
name: url
type: string
- description: The epoch timestamp of the commit that was fetched by this Task.
name: committer-date
type: string
steps:
- env:
- name: HOME
value: $(params.userHome)
- name: PARAM_URL
value: $(params.url)
- name: PARAM_REVISION
value: $(params.revision)
- name: PARAM_REFSPEC
value: $(params.refspec)
- name: PARAM_SUBMODULES
value: $(params.submodules)
- name: PARAM_DEPTH
value: $(params.depth)
- name: PARAM_SSL_VERIFY
value: $(params.sslVerify)
- name: PARAM_CRT_FILENAME
value: $(params.crtFileName)
- name: PARAM_SUBDIRECTORY
value: $(params.subdirectory)
- name: PARAM_DELETE_EXISTING
value: $(params.deleteExisting)
- name: PARAM_HTTP_PROXY
value: $(params.httpProxy)
- name: PARAM_HTTPS_PROXY
value: $(params.httpsProxy)
- name: PARAM_NO_PROXY
value: $(params.noProxy)
- name: PARAM_VERBOSE
value: $(params.verbose)
- name: PARAM_SPARSE_CHECKOUT_DIRECTORIES
value: $(params.sparseCheckoutDirectories)
- name: PARAM_USER_HOME
value: $(params.userHome)
- name: WORKSPACE_OUTPUT_PATH
value: $(workspaces.output.path)
- name: WORKSPACE_SSH_DIRECTORY_BOUND
value: $(workspaces.ssh-directory.bound)
- name: WORKSPACE_SSH_DIRECTORY_PATH
value: $(workspaces.ssh-directory.path)
- name: WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND
value: $(workspaces.basic-auth.bound)
- name: WORKSPACE_BASIC_AUTH_DIRECTORY_PATH
value: $(workspaces.basic-auth.path)
- name: WORKSPACE_SSL_CA_DIRECTORY_BOUND
value: $(workspaces.ssl-ca-directory.bound)
- name: WORKSPACE_SSL_CA_DIRECTORY_PATH
value: $(workspaces.ssl-ca-directory.path)
image: $(params.gitInitImage)
name: clone
script: |
#!/usr/bin/env sh
set -eu
if [ "${PARAM_VERBOSE}" = "true" ] ; then
set -x
fi
if [ "${WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND}" = "true" ] ; then
cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials" "${PARAM_USER_HOME}/.git-credentials"
cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig" "${PARAM_USER_HOME}/.gitconfig"
chmod 400 "${PARAM_USER_HOME}/.git-credentials"
chmod 400 "${PARAM_USER_HOME}/.gitconfig"
fi
if [ "${WORKSPACE_SSH_DIRECTORY_BOUND}" = "true" ] ; then
cp -LR "${WORKSPACE_SSH_DIRECTORY_PATH}"/* "${PARAM_USER_HOME}"/.ssh
chmod 700 "${PARAM_USER_HOME}"/.ssh
chmod -R 400 "${PARAM_USER_HOME}"/.ssh/*
fi
if [ "${WORKSPACE_SSL_CA_DIRECTORY_BOUND}" = "true" ] ; then
export GIT_SSL_CAPATH="${WORKSPACE_SSL_CA_DIRECTORY_PATH}"
if [ "${PARAM_CRT_FILENAME}" != "" ] ; then
export GIT_SSL_CAINFO="${WORKSPACE_SSL_CA_DIRECTORY_PATH}/${PARAM_CRT_FILENAME}"
fi
fi
CHECKOUT_DIR="${WORKSPACE_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}"
cleandir() {
# Delete any existing contents of the repo directory if it exists.
#
# We don't just "rm -rf ${CHECKOUT_DIR}" because ${CHECKOUT_DIR} might be "/"
# or the root of a mounted volume.
if [ -d "${CHECKOUT_DIR}" ] ; then
# Delete non-hidden files and directories
rm -rf "${CHECKOUT_DIR:?}"/*
# Delete files and directories starting with . but excluding ..
rm -rf "${CHECKOUT_DIR}"/.[!.]*
# Delete files and directories starting with .. plus any other character
rm -rf "${CHECKOUT_DIR}"/..?*
fi
}
if [ "${PARAM_DELETE_EXISTING}" = "true" ] ; then
cleandir || true
fi
test -z "${PARAM_HTTP_PROXY}" || export HTTP_PROXY="${PARAM_HTTP_PROXY}"
test -z "${PARAM_HTTPS_PROXY}" || export HTTPS_PROXY="${PARAM_HTTPS_PROXY}"
test -z "${PARAM_NO_PROXY}" || export NO_PROXY="${PARAM_NO_PROXY}"
git config --global --add safe.directory "${WORKSPACE_OUTPUT_PATH}"
/ko-app/git-init \
-url="${PARAM_URL}" \
-revision="${PARAM_REVISION}" \
-refspec="${PARAM_REFSPEC}" \
-path="${CHECKOUT_DIR}" \
-sslVerify="${PARAM_SSL_VERIFY}" \
-submodules="${PARAM_SUBMODULES}" \
-depth="${PARAM_DEPTH}" \
-sparseCheckoutDirectories="${PARAM_SPARSE_CHECKOUT_DIRECTORIES}"
cd "${CHECKOUT_DIR}"
RESULT_SHA="$(git rev-parse HEAD)"
EXIT_CODE="$?"
if [ "${EXIT_CODE}" != 0 ] ; then
exit "${EXIT_CODE}"
fi
RESULT_COMMITTER_DATE="$(git log -1 --pretty=%ct)"
printf "%s" "${RESULT_COMMITTER_DATE}" > "$(results.committer-date.path)"
printf "%s" "${RESULT_SHA}" > "$(results.commit.path)"
printf "%s" "${PARAM_URL}" > "$(results.url.path)"
securityContext:
runAsNonRoot: true
runAsUser: 65532
workspaces:
- description: The git repo will be cloned onto the volume backing this Workspace.
name: output
- description: |
A .ssh directory with private key, known_hosts, config, etc. Copied to
the user's home before git commands are executed. Used to authenticate
with the git remote when performing the clone. Binding a Secret to this
Workspace is strongly recommended over other volume types.
name: ssh-directory
optional: true
- description: |
A Workspace containing a .gitconfig and .git-credentials file. These
will be copied to the user's home before any git commands are run. Any
other files in this Workspace are ignored. It is strongly recommended
to use ssh-directory over basic-auth whenever possible and to bind a
Secret to this Workspace over other volume types.
name: basic-auth
optional: true
- description: |
A workspace containing CA certificates, this will be used by Git to
verify the peer with when fetching or pushing over HTTPS.
name: ssl-ca-directory
optional: true
{{- end }}
{{- end }}

2
common/templates/_task-golangci-lint.yaml
View File

@@ -67,7 +67,7 @@ spec:
value: $(params.GOMODCACHE)
- name: GOLANGCI_LINT_CACHE
value: $(params.GOLANGCI_LINT_CACHE)
image: {{ .Values.quayHost }}/goghvideo/golang-lint:$(params.version)
image: {{ .Values.quayHostname }}/{{ .Values.organizationName}}/golang-lint:$(params.version)
name: lint
script: |
golangci-lint run $(params.flags)

2
common/templates/_task-helm-upgrade-from-source.yaml
View File

@@ -36,7 +36,7 @@ spec:
description: The values file to be used
name: values_file
type: string
- default: docker.io/lachlanevenson/k8s-helm@sha256:5c792f29950b388de24e7448d378881f68b3df73a7b30769a6aa861061fd08ae
- default: {{ .Values.quayHostname }}/{{ .Values.organizationName }}/k8s-helm:latest
description: helm image to be used
name: helm_image
type: string

88
common/templates/_triggertemplate.yaml
View File

@@ -11,18 +11,24 @@ metadata:
namespace: {{ .Release.Namespace }}
spec:
params:
- description: The git repository url
name: gitrepositoryurl
- description: The org and repo name
name: gitfullreponame
- description: The name of the repo
name: gitreponame
- description: Branch to act on
name: gitbranch
- description: The SHA head
name: gitcommitsha
- description: The pull request reference
name: gitprindex
- name: ref
description: Reference to the git repository source branch
- name: revision
description: Reference to the pull request SHA
- name: repourl
description: Reference to the git repository clone url
- name: reponame
description: Reference to repo to which the PR is for
- name: repofullname
description: The repo name including the organization
- name: message
description: The title of the pull request
- name: author
description: Who submitted the pull request
- name: email
description: Email of the pull request author
- name: index
description: The index number associated with the pull request
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
@@ -30,26 +36,34 @@ spec:
generateName: {{ include "common.name" . }}-
spec:
params:
- name: git-repo-url
value: $(tt.params.gitrepositoryurl)
- name: git-repo-full-name
value: $(tt.params.gitfullreponame)
- name: git-branch
value: $(tt.params.gitbranch)
- name: git-commit-sha
value: $(tt.params.gitcommitsha)
- name: git-pr-index
value: $(tt.params.gitprindex)
- name: ref
value: $(tt.params.ref)
- name: revision
value: $(tt.params.revision)
- name: repourl
value: $(tt.params.repourl)
- name: reponame
value: $(tt.params.reponame)
- name: repofullname
value: $(tt.params.repofullname)
- name: message
value: $(tt.params.message)
- name: author
value: $(tt.params.author)
- name: email
value: $(tt.params.email)
- name: index
value: $(tt.params.index)
- name: verbose
value: true
- name: lint-package
value: git.endofday.com/goghvideo/{{ include "common.name" . }}
value: git.endofday.com/{{ .Values.organizationName }}/{{ include "common.name" . }}
- name: lint-context
value: $(tt.params.gitreponame)/src
value: $(tt.params.reponame)/src
- name: image
value: {{ .Values.quayHostname }}/goghvideo/{{ include "common.name" . }}
value: {{ .Values.quayHostname }}/{{ .Values.organizationName }}/{{ include "common.name" . }}
- name: s2i-builder-image
value: {{ .Values.quayHostname }}/goghvideo/golang-s2i-buildah:v1
value: {{ .Values.quayHostname }}/{{ .Values.organizationName }}/golang-s2i-buildah:v1
- name: git-token-secret-name
value: git-http-credentials
- name: git-token-secret-key
@@ -59,7 +73,11 @@ spec:
- name: git-merge-delete-branch
value: true
- name: git-helm-url
value: https://git.endofday.com/goghvideo/helm.git
value: {{ .Values.helmRepoUrl }}
- name: githost
value: {{ .Values.gitHostname }}
- name: quayhost
value: {{ .Values.quayHostname }}
pipelineRef:
name: {{ include "common.name" . }}
serviceAccountName: pipeline
@@ -72,7 +90,10 @@ spec:
resources:
requests:
storage: 1Gi
storageClassName: nfs-client
storageClassName: {{ .Values.storageClassName }}
- name: quayauth
secret:
secretName: quay-credentials
- name: gitauth
secret:
secretName: git-http-credentials
@@ -90,6 +111,15 @@ spec:
resources:
requests:
storage: 1Gi
storageClassName: nfs-client
storageClassName: {{ .Values.storageClassName }}
- name: utilities
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: {{ .Values.storageClassName }}
{{- end }}
{{- end }}