goghvideo/cicd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore: refactored for helm management of pipeline objects

Browse Source
This commit is contained in:
Randal Harisch
2023-10-07 18:51:05 -06:00
parent f052787a36
commit 976bc8b1db
75 changed files with 270 additions and 4044 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
charts/conversion-engine/.helmignore Normal file
View File

@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
charts/conversion-engine/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: common
repository: file://../../common
version: 0.1.0
digest: sha256:dd0c1a55ae9ff1f26b9173be4e954796ab5aafd5aed0828b443dc68684e8d592
generated: "2023-10-06T22:08:04.524035034-06:00"

28
charts/conversion-engine/Chart.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: v2
name: conversion-engine
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"
dependencies:
- name: common
version: 0.1.0
repository: file://../../common

BIN
charts/conversion-engine/charts/common-0.1.0.tgz Normal file
View File

Binary file not shown.

1
charts/conversion-engine/templates/eventlistener.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.eventlistener" . -}}

1
charts/conversion-engine/templates/pipeline.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.pipeline" . -}}

2
charts/conversion-engine/templates/task-copy-shared-utilities.yaml Normal file
View File

@@ -0,0 +1,2 @@
{{- template "common.task-copy-shared-utilities" . -}}

1
charts/conversion-engine/templates/task-git-clone.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.task-git-clone" . -}}

2
charts/conversion-engine/templates/task-git-semver.yaml Normal file
View File

@@ -0,0 +1,2 @@
{{- template "common.task-git-semver" . -}}

1
charts/conversion-engine/templates/task-gitea-set-status.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.task-gitea-set-status" . -}}

1
charts/conversion-engine/templates/task-golangci-lint.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.golangci-lint" . -}}

1
charts/conversion-engine/templates/task-helm-upgrade-from-source.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.task-helm-upgrade-from-source" . -}}

1
charts/conversion-engine/templates/task-openshift-client.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.task-openshift-client" . -}}

1
charts/conversion-engine/templates/task-promote.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.promote" . -}}

1
charts/conversion-engine/templates/task-s2i-go.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.s2i-go" . -}}

1
charts/conversion-engine/templates/triggerbinding.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.triggerbinding" . -}}

1
charts/conversion-engine/templates/triggertemplate.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.triggertemplate" . -}}

25
charts/conversion-engine/values.yaml Normal file
View File

@@ -0,0 +1,25 @@
# Default values for notification.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
nameOverride: ""
fullnameOverride: ""
serviceAccount: pipeline
storageClassName: nfs-client
gitHostname: git.endofday.com
quayHostname: quay01.ipa.endofday.com
organizationName: goghvideo
helmRepoUrl: https://git.endofday.com/goghvideo/helm.git
eventlistener:
triggerBinding: gitea
interceptors:
secretKey: sharedSecret
secretName: webhook-secret
eventTypes:
- pull_request
additionalFilter:
- name: filter
value: |
body.action in ["opened"]

1
charts/notification/Chart.yaml
View File

@@ -1,6 +1,5 @@
apiVersion: v2 apiVersion: v2
name: notification name: notification
Name: notification
description: A Helm chart for Kubernetes description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart. # A chart can be either an 'application' or a 'library' chart.

BIN
charts/notification/charts/common-0.1.0.tgz
View File

Binary file not shown.

1
charts/notification/templates/task-git-clone.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.task-git-clone" . -}}

4
charts/notification/values.yaml
View File

@@ -6,7 +6,11 @@ nameOverride: ""
fullnameOverride: "" fullnameOverride: ""
serviceAccount: pipeline serviceAccount: pipeline
storageClassName: nfs-client
gitHostname: git.endofday.com
quayHostname: quay01.ipa.endofday.com quayHostname: quay01.ipa.endofday.com
organizationName: goghvideo
helmRepoUrl: https://git.endofday.com/goghvideo/helm.git
eventlistener: eventlistener:
triggerBinding: gitea triggerBinding: gitea
interceptors: interceptors:

23
charts/upload-to-nextcloud/.helmignore Normal file
View File

@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
charts/upload-to-nextcloud/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: common
repository: file://../../common
version: 0.1.0
digest: sha256:dd0c1a55ae9ff1f26b9173be4e954796ab5aafd5aed0828b443dc68684e8d592
generated: "2023-10-06T22:08:04.524035034-06:00"

28
charts/upload-to-nextcloud/Chart.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: v2
name: upload-to-nextcloud
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"
dependencies:
- name: common
version: 0.1.0
repository: file://../../common

BIN
charts/upload-to-nextcloud/charts/common-0.1.0.tgz Normal file
View File

Binary file not shown.

1
charts/upload-to-nextcloud/templates/eventlistener.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.eventlistener" . -}}

1
charts/upload-to-nextcloud/templates/pipeline.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.pipeline" . -}}

2
charts/upload-to-nextcloud/templates/task-copy-shared-utilities.yaml Normal file
View File

@@ -0,0 +1,2 @@
{{- template "common.task-copy-shared-utilities" . -}}

1
charts/upload-to-nextcloud/templates/task-git-clone.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.task-git-clone" . -}}

2
charts/upload-to-nextcloud/templates/task-git-semver.yaml Normal file
View File

@@ -0,0 +1,2 @@
{{- template "common.task-git-semver" . -}}

1
charts/upload-to-nextcloud/templates/task-gitea-set-status.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.task-gitea-set-status" . -}}

1
charts/upload-to-nextcloud/templates/task-golangci-lint.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.golangci-lint" . -}}

1
charts/upload-to-nextcloud/templates/task-helm-upgrade-from-source.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.task-helm-upgrade-from-source" . -}}

1
charts/upload-to-nextcloud/templates/task-openshift-client.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.task-openshift-client" . -}}

1
charts/upload-to-nextcloud/templates/task-promote.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.promote" . -}}

1
charts/upload-to-nextcloud/templates/task-s2i-go.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.s2i-go" . -}}

1
charts/upload-to-nextcloud/templates/triggerbinding.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.triggerbinding" . -}}

1
charts/upload-to-nextcloud/templates/triggertemplate.yaml Normal file
View File

@@ -0,0 +1 @@
{{- template "common.triggertemplate" . -}}

25
charts/upload-to-nextcloud/values.yaml Normal file
View File

@@ -0,0 +1,25 @@
# Default values for notification.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
nameOverride: ""
fullnameOverride: ""
serviceAccount: pipeline
storageClassName: nfs-client
gitHostname: git.endofday.com
quayHostname: quay01.ipa.endofday.com
organizationName: goghvideo
helmRepoUrl: https://git.endofday.com/goghvideo/helm.git
eventlistener:
triggerBinding: gitea
interceptors:
secretKey: sharedSecret
secretName: webhook-secret
eventTypes:
- pull_request
additionalFilter:
- name: filter
value: |
body.action in ["opened"]

2
common/templates/_task-copy-shared-utilities.yaml
View File

@@ -8,7 +8,7 @@ apiVersion: tekton.dev/v1
kind: Task kind: Task
metadata: metadata:
name: copy-shared-utilities name: copy-shared-utilities
namespace: {{ include "common.name" . }} namespace: {{ .Release.Namespace }}
spec: spec:
steps: steps:
- image: {{ .Values.quayHostname }}/goghvideo/rockylinux:9-ubi - image: {{ .Values.quayHostname }}/goghvideo/rockylinux:9-ubi

20
tasks/git-clone.yaml → common/templates/_task-git-clone.yaml
View File

@@ -1,18 +1,14 @@
{{- define "common.task-git-clone" }}
{{- $common := dict "Values" .Values.common -}}
{{- $noCommon := omit .Values "common" -}}
{{- $overrides := dict "Values" $noCommon -}}
{{- $noValues := omit . "Values" -}}
{{- with merge $noValues $overrides $common -}}
apiVersion: tekton.dev/v1 apiVersion: tekton.dev/v1
kind: Task kind: Task
metadata: metadata:
annotations:
tekton.dev/categories: Git
tekton.dev/displayName: git clone
tekton.dev/pipelines.minVersion: 0.38.0
tekton.dev/platforms: linux/amd64,linux/s390x,linux/ppc64le,linux/arm64
tekton.dev/tags: git
labels:
app.kubernetes.io/version: "0.9"
operator.tekton.dev/operand-name: openshift-pipelines-addons
operator.tekton.dev/provider-type: redhat
name: git-clone name: git-clone
namespace: goghvideo-cicd-pipeline namespace: {{ .Release.Namespace }}
spec: spec:
description: |- description: |-
These Tasks are Git tasks to work with repositories used by other tasks in your Pipeline. These Tasks are Git tasks to work with repositories used by other tasks in your Pipeline.
@@ -244,3 +240,5 @@ spec:
verify the peer with when fetching or pushing over HTTPS. verify the peer with when fetching or pushing over HTTPS.
name: ssl-ca-directory name: ssl-ca-directory
optional: true optional: true
{{- end }}
{{- end }}

2
common/templates/_task-golangci-lint.yaml
View File

@@ -67,7 +67,7 @@ spec:
value: $(params.GOMODCACHE) value: $(params.GOMODCACHE)
- name: GOLANGCI_LINT_CACHE - name: GOLANGCI_LINT_CACHE
value: $(params.GOLANGCI_LINT_CACHE) value: $(params.GOLANGCI_LINT_CACHE)
image: {{ .Values.quayHost }}/goghvideo/golang-lint:$(params.version) image: {{ .Values.quayHostname }}/{{ .Values.organizationName}}/golang-lint:$(params.version)
name: lint name: lint
script: | script: |
golangci-lint run $(params.flags) golangci-lint run $(params.flags)

2
common/templates/_task-helm-upgrade-from-source.yaml
View File

@@ -36,7 +36,7 @@ spec:
description: The values file to be used description: The values file to be used
name: values_file name: values_file
type: string type: string
- default: docker.io/lachlanevenson/k8s-helm@sha256:5c792f29950b388de24e7448d378881f68b3df73a7b30769a6aa861061fd08ae - default: {{ .Values.quayHostname }}/{{ .Values.organizationName }}/k8s-helm:latest
description: helm image to be used description: helm image to be used
name: helm_image name: helm_image
type: string type: string

88
common/templates/_triggertemplate.yaml
View File

@@ -11,18 +11,24 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
spec: spec:
params: params:
- description: The git repository url - name: ref
name: gitrepositoryurl description: Reference to the git repository source branch
- description: The org and repo name - name: revision
name: gitfullreponame description: Reference to the pull request SHA
- description: The name of the repo - name: repourl
name: gitreponame description: Reference to the git repository clone url
- description: Branch to act on - name: reponame
name: gitbranch description: Reference to repo to which the PR is for
- description: The SHA head - name: repofullname
name: gitcommitsha description: The repo name including the organization
- description: The pull request reference - name: message
name: gitprindex description: The title of the pull request
- name: author
description: Who submitted the pull request
- name: email
description: Email of the pull request author
- name: index
description: The index number associated with the pull request
resourcetemplates: resourcetemplates:
- apiVersion: tekton.dev/v1beta1 - apiVersion: tekton.dev/v1beta1
kind: PipelineRun kind: PipelineRun
@@ -30,26 +36,34 @@ spec:
generateName: {{ include "common.name" . }}- generateName: {{ include "common.name" . }}-
spec: spec:
params: params:
- name: git-repo-url - name: ref
value: $(tt.params.gitrepositoryurl) value: $(tt.params.ref)
- name: git-repo-full-name - name: revision
value: $(tt.params.gitfullreponame) value: $(tt.params.revision)
- name: git-branch - name: repourl
value: $(tt.params.gitbranch) value: $(tt.params.repourl)
- name: git-commit-sha - name: reponame
value: $(tt.params.gitcommitsha) value: $(tt.params.reponame)
- name: git-pr-index - name: repofullname
value: $(tt.params.gitprindex) value: $(tt.params.repofullname)
- name: message
value: $(tt.params.message)
- name: author
value: $(tt.params.author)
- name: email
value: $(tt.params.email)
- name: index
value: $(tt.params.index)
- name: verbose - name: verbose
value: true value: true
- name: lint-package - name: lint-package
value: git.endofday.com/goghvideo/{{ include "common.name" . }} value: git.endofday.com/{{ .Values.organizationName }}/{{ include "common.name" . }}
- name: lint-context - name: lint-context
value: $(tt.params.gitreponame)/src value: $(tt.params.reponame)/src
- name: image - name: image
value: {{ .Values.quayHostname }}/goghvideo/{{ include "common.name" . }} value: {{ .Values.quayHostname }}/{{ .Values.organizationName }}/{{ include "common.name" . }}
- name: s2i-builder-image - name: s2i-builder-image
value: {{ .Values.quayHostname }}/goghvideo/golang-s2i-buildah:v1 value: {{ .Values.quayHostname }}/{{ .Values.organizationName }}/golang-s2i-buildah:v1
- name: git-token-secret-name - name: git-token-secret-name
value: git-http-credentials value: git-http-credentials
- name: git-token-secret-key - name: git-token-secret-key
@@ -59,7 +73,11 @@ spec:
- name: git-merge-delete-branch - name: git-merge-delete-branch
value: true value: true
- name: git-helm-url - name: git-helm-url
value: https://git.endofday.com/goghvideo/helm.git value: {{ .Values.helmRepoUrl }}
- name: githost
value: {{ .Values.gitHostname }}
- name: quayhost
value: {{ .Values.quayHostname }}
pipelineRef: pipelineRef:
name: {{ include "common.name" . }} name: {{ include "common.name" . }}
serviceAccountName: pipeline serviceAccountName: pipeline
@@ -72,7 +90,10 @@ spec:
resources: resources:
requests: requests:
storage: 1Gi storage: 1Gi
storageClassName: nfs-client storageClassName: {{ .Values.storageClassName }}
- name: quayauth
secret:
secretName: quay-credentials
- name: gitauth - name: gitauth
secret: secret:
secretName: git-http-credentials secretName: git-http-credentials
@@ -90,6 +111,15 @@ spec:
resources: resources:
requests: requests:
storage: 1Gi storage: 1Gi
storageClassName: nfs-client storageClassName: {{ .Values.storageClassName }}
- name: utilities
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: {{ .Values.storageClassName }}
{{- end }} {{- end }}
{{- end }} {{- end }}

34
eventlistener/conversionengine-webhook-listener.yaml
View File

@@ -1,34 +0,0 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
name: conversionengine-webhook-listener
namespace: goghvideo-cicd-pipeline
spec:
serviceAccountName: pipeline
triggers:
- name: conversionengine-greeter-webhook
interceptors:
- name: gitea
ref:
name: gitea
kind: ClusterInterceptor
apiVersion: triggers.tekton.dev
params:
- name: secretRef
value:
secretName: webhook-secret
secretKey: sharedSecret
- name: eventTypes
value: ["pull_request", "pull_request_sync"]
- name: allow-create-and-update-only
ref:
name: cel
kind: ClusterInterceptor
params:
- name: filter
value: >
body.action in ['opened', 'synchronized']
bindings:
- ref: gitea-binding
template:
ref: conversionengine-template

34
eventlistener/e2e-test-webhook-listener.yaml
View File

@@ -1,34 +0,0 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
name: e2e-test-webhook-listener
namespace: goghvideo-cicd-pipeline
spec:
serviceAccountName: pipeline
triggers:
- name: e2etest-greeter-webhook
interceptors:
- name: gitea
ref:
name: gitea
kind: ClusterInterceptor
apiVersion: triggers.tekton.dev
params:
- name: secretRef
value:
secretName: webhook-secret
secretKey: sharedSecret
- name: eventTypes
value: ["pull_request", "pull_request_sync"]
- name: allow-create-and-update-only
ref:
name: cel
kind: ClusterInterceptor
params:
- name: filter
value: >
body.action in ['opened', 'synchronized']
bindings:
- ref: gitea-binding
template:
ref: e2etest-template

34
eventlistener/notification-webhook-listener-orig.yaml
View File

@@ -1,34 +0,0 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
name: notification-webhook-listener
namespace: goghvideo-cicd-pipeline
spec:
serviceAccountName: pipeline
triggers:
- name: notification-greeter-webhook
interceptors:
- name: gitea
ref:
name: gitea
kind: ClusterInterceptor
apiVersion: triggers.tekton.dev
params:
- name: secretRef
value:
secretName: webhook-secret
secretKey: sharedSecret
- name: eventTypes
value: ["pull_request", "pull_request_sync"]
- name: allow-create-and-update-only
ref:
name: cel
kind: ClusterInterceptor
params:
- name: filter
value: >
body.action in ['opened', 'synchronized']
bindings:
- ref: gitea-binding
template:
ref: notification-template

34
eventlistener/notification-webhook-listener-push.yaml
View File

@@ -1,34 +0,0 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
name: notification
namespace: goghvideo-cicd-pipeline
spec:
serviceAccountName: pipeline
triggers:
- name: notification-push-webhook
interceptors:
- name: gitea
ref:
name: gitea
kind: ClusterInterceptor
apiVersion: triggers.tekton.dev
params:
- name: secretRef
value:
secretName: webhook-secret
secretKey: sharedSecret
- name: eventTypes
value: ["push"]
# - name: allow-create-and-update-only
# ref:
# name: cel
# kind: ClusterInterceptor
# params:
# - name: filter
# value: >
# body.ref in ["feature"]
bindings:
- ref: gitea-push-binding
template:
ref: notification-trigger-template

34
eventlistener/notification-webhook.yaml
View File

@@ -1,34 +0,0 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
name: notification
namespace: goghvideo-cicd-pipeline
spec:
serviceAccountName: pipeline
triggers:
- name: notification-pullrequest-webhook
interceptors:
- name: gitea
ref:
name: gitea
kind: ClusterInterceptor
apiVersion: triggers.tekton.dev
params:
- name: secretRef
value:
secretName: webhook-secret
secretKey: sharedSecret
- name: eventTypes
value: ["pull_request"]
- name: run-if-new-pr
ref:
name: cel
kind: ClusterInterceptor
params:
- name: filter
value: >
body.action in ["opened"]
bindings:
- ref: gitea-pullrequest-binding
template:
ref: notification-trigger-template

34
eventlistener/upload-to-nextcloud-webhook-listener.yaml
View File

@@ -1,34 +0,0 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
name: upload-to-nextcloud-webhook-listener
namespace: goghvideo-cicd-pipeline
spec:
serviceAccountName: pipeline
triggers:
- name: upload2nc-greeter-webhook
interceptors:
- name: gitea
ref:
name: gitea
kind: ClusterInterceptor
apiVersion: triggers.tekton.dev
params:
- name: secretRef
value:
secretName: webhook-secret
secretKey: sharedSecret
- name: eventTypes
value: ["pull_request", "pull_request_sync"]
- name: allow-create-and-update-only
ref:
name: cel
kind: ClusterInterceptor
params:
- name: filter
value: >
body.action in ['opened', 'synchronized']
bindings:
- ref: gitea-binding
template:
ref: upload2nc-template

437
pipeline/cd-notification.yaml
View File

@@ -1,437 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: notification-deploy
namespace: goghvideo-cicd-pipeline
spec:
workspaces:
- name: source
- name: gitauth
- name: dockerconfig
- name: helm
- name: gitsshauth
params:
- name: git-repo-full-name
type: string
- name: git-token-secret-name
type: string
- name: git-token-secret-key
type: string
- name: git-commit-sha
type: string
- name: git-repo-url
type: string
description: Git URL to retrieve
- name: git-branch
type: string
description: branch to checkout
- name: git-pr-index
description: PR number to merge
- name: git-merge-type
description: What type of merge to do
- name: git-merge-delete-branch
description: delete the branch after merge
- name: verbose
type: string
default: "false"
- name: lint-package
type: string
- name: lint-context
type: string
description: Path to where the modules are stored
- name: lint-version
type: string
default: latest
- name: image
type: string
- name: s2i-builder-image
type: string
- name: git-helm-url
type: string
tasks:
- name: set-check-pending
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Build started
- name: STATE
value: pending
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines/all-namespaces
- name: git-semver
runAfter:
- set-check-pending
taskRef:
name: git-semver
params:
- name: gitrepositoryurl
value: $(params.git-repo-url)
- name: gitbranch
value: $(params.git-branch)
workspaces:
- name: repo
workspace: source
- name: gitauth
workspace: gitauth
- name: golangci-lint
runAfter:
- git-semver
taskRef:
name: golangci-lint
params:
- name: package
value: $(params.lint-package)
- name: context
value: $(params.lint-context)
- name: version
value: $(params.lint-version)
workspaces:
- name: source
workspace: source
- name: generate-imagetag
runAfter:
- golangci-lint
taskRef:
name: generate-image-tag
params:
- name: version
value: $(tasks.git-semver.results.version)
- name: image
value: $(params.image)
- name: s2i-build
runAfter:
- generate-imagetag
taskRef:
name: s2i-go-debug
params:
- name: TLSVERIFY
value: false
- name: BUILDER_IMAGE
value: $(params.s2i-builder-image)
- name: PATH_CONTEXT
value: $(params.lint-context)
- name: verbose
value: true
- name: IMAGE
value: $(tasks.generate-imagetag.results.imagetag)
- name: ENV_VARS
value:
- semver=$(tasks.git-semver.results.version)
workspaces:
- name: source
workspace: source
- name: dockerconfig
workspace: dockerconfig
- name: ephemeral-ns
runAfter:
- s2i-build
taskref:
name: openshift-ephemeral-namespace-client
kind: Task
params:
- name: VERSION
value: 4.11
- name: SCRIPT
value: |
echo "${SHELL}"
RANDOMID=$(openssl rand -hex 4)
oc new-project goghvideo-test-${RANDOMID} >/dev/null
oc label namespace goghvideo-test-${RANDOMID} app=goghvideo-test
x=0; until [[ -n $(oc -n goghvideo-test-${RANDOMID} get secret/goghvideo-openshift-builder-pull-secret 2>/dev/null) || $x -eq 10 ]]; do echo "Waiting for secret replication" && sleep 10 && ((x++)); done
if [[ "${x}" -eq 10 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} secrets link default goghvideo-openshift-builder-pull-secret --for=pull
oc apply -f - <<EOF
apiVersion: rabbitmq.com/v1beta1
kind: RabbitmqCluster
metadata:
name: rabbitmq
namespace: goghvideo-test-${RANDOMID}
spec:
delayStartSeconds: 10
image: quay01.ipa.endofday.com/goghvideo/bitnami-rabbitmq
imagePullSecrets:
- name: goghvideo-openshift-builder-pull-secret
persistence:
storage: 10Gi
replicas: 1
resources:
limits:
cpu: "2"
memory: 2Gi
requests:
cpu: "1"
memory: 2Gi
service:
type: ClusterIP
terminationGracePeriodSeconds: 30
EOF
x=0; until [[ -n $(oc -n goghvideo-test-${RANDOMID} get sa/rabbitmq-server 2>/dev/null ) || $x -eq 10 ]]; do echo "Waiting for operator to deploy rabbit" && sleep 5 && ((x++)); done
if [[ "${x}" -eq 10 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} adm policy add-scc-to-user anyuid -z rabbitmq-server
x=0; until [[ $(oc -n goghvideo-test-${RANDOMID} get sts rabbitmq-server -o jsonpath="{.status.readyReplicas}") -gt 0 || $x -eq 20 ]]; do echo "Waiting for Rabbit MQ to startup" && sleep 15 && ((x++)); done
if [[ "${x}" -eq 20 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} create route edge --service=rabbitmq --port=15672
oc -n goghvideo-test-${RANDOMID} get pods
RABBITHOST=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.host | base64decode }}')
RABBITUSER=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.username | base64decode }}')
RABBITPASS=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.password | base64decode }}')
oc -n goghvideo-test-${RANDOMID} create secret generic amqp --from-literal=url=amqp://${RABBITUSER}:${RABBITPASS}@${RABBITHOST}/
curl -O http://${RABBITHOST}:15672/cli/rabbitmqadmin
chmod +x rabbitmqadmin
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare exchange name=conversion type=topic
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=transcode durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=notification durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=upload-nextcloud durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=complete durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="transcode" routing_key="transcode"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="notification" routing_key="notification"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="upload-nextcloud" routing_key="upload-nextcloud"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="complete" routing_key="complete"
echo -n "goghvideo-test-${RANDOMID}" > $(results.namespace.path)
workspaces:
- name: kubeconfig-dir
workspace: dockerconfig
- name: clone-helm-charts
runAfter: ["ephemeral-ns"]
taskRef:
name: git-clone
params:
- name: url
value: $(params.git-helm-url)
workspaces:
- name: output
workspace: helm
- name: ssh-directory
workspace: gitsshauth
- name: deploy-notification
runAfter: ["clone-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: notification
- name: release_namespace
value: $(tasks.ephemeral-ns.results.namespace)
- name: release_name
value: notification
- name: overwrite_values
value: "image.tag=v$(tasks.git-semver.results.version)"
workspaces:
- name: source
workspace: helm
- name: deploy-upload-to-nextcloud
runAfter: ["clone-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: upload-to-nextcloud
- name: release_namespace
value: $(tasks.ephemeral-ns.results.namespace)
- name: release_name
value: upload-to-nextcloud
workspaces:
- name: source
workspace: helm
- name: deploy-conversion-engine
runAfter: ["clone-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: conversion-engine
- name: release_namespace
value: $(tasks.ephemeral-ns.results.namespace)
- name: release_name
value: conversion-engine
workspaces:
- name: source
workspace: helm
- name: get-filedrop-name
runAfter: ["deploy-conversion-engine", "deploy-upload-to-nextcloud", "deploy-notification"]
taskref:
name: openshift-ephemeral-namespace-client
kind: Task
params:
- name: VERSION
value: 4.11
- name: SCRIPT
value: |
#!/usr/bin/env bash
wget "https://github.com/jqlang/jq/releases/download/jq-1.7/jq-linux-amd64" -O /usr/local/bin/jq
chmod +x /usr/local/bin/jq
INPUTSRC=$(oc -n $(tasks.ephemeral-ns.results.namespace) get scaledjob/conversion-engine -o json | /usr/local/bin/jq -r '.spec.jobTargetRef.template.spec.initContainers[0].env[] | select(.name == "sourcefile").value')
if [[ -z "${INPUTSRC}" ]]; then exit 1; fi
echo -n "${INPUTSRC}" > $(results.filedrop.path)
workspaces:
- name: kubeconfig-dir
workspace: dockerconfig
- name: perform-e2e-test
runAfter: ["get-filedrop-name"]
taskref:
name: openshift-ephemeral-namespace-client
kind: Task
params:
- name: VERSION
value: 4.11
- name: SCRIPT
value: |
#!/usr/bin/env bash
oc create -f - <<EOF && sleep 2
apiVersion: batch/v1
kind: Job
metadata:
generateName: e2e-test-
namespace: $(tasks.ephemeral-ns.results.namespace)
labels:
app: e2e-test
spec:
completions: 1
parallelism: 1
template:
metadata:
creationTimestamp: null
spec:
restartPolicy: Never
containers:
- env:
- name: amqp
valueFrom:
secretKeyRef:
key: url
name: amqp
- name: dropfile
value: $(tasks.get-filedrop-name.results.filedrop)
image: quay01.ipa.endofday.com/goghvideo/e2e-test:v0.1.5
imagePullPolicy: Always
name: transcode-job
volumeMounts:
- mountPath: "/conversion"
name: "pvc-conversion"
volumes:
- name: "pvc-conversion"
persistentVolumeClaim:
claimName: "pvc-conversion"
EOF
MYJOB=$(oc -n $(tasks.ephemeral-ns.results.namespace) get jobs -l app=e2e-test -o name)
echo "Job Reference: ${MYJOB}"
x=0; until [[ $(oc -n $(tasks.ephemeral-ns.results.namespace) get ${MYJOB} -o go-template="{{if .status.active}}{{.status.active}}{{else}}0{{end}}") -gt 0 || $x -eq 60 ]]; do echo "Waiting for e2e job to start" && sleep 2 && ((x++)); done
if [[ "${x}" -eq 60 ]]; then exit 1; fi
x=0; until [[ $(oc -n $(tasks.ephemeral-ns.results.namespace) get ${MYJOB} -o go-template="{{if .status.succeeded}}{{.status.succeeded}}{{else}}0{{end}}" ) -gt 0 || $x -eq 20 ]]; do echo "Waiting for test to complete" && sleep 15 && ((x++)); done
if [[ "${x}" -eq 20 ]]; then exit 1; fi
workspaces:
- name: kubeconfig-dir
workspace: dockerconfig
- name: pass-pr-check
runAfter: ["perform-e2e-test"]
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Tekton CI Pipeline
- name: STATE
value: success
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines
- name: create-git-release
runAfter: ["pass-pr-check"]
taskRef:
name: gitea-create-release
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: TAG
value: $(tasks.git-semver.results.version)
- name: TITLE
value: $(params.git-repo-full-name)-$(tasks.git-semver.results.version)
- name: perform-merge
runAfter: ["create-git-release"]
taskRef:
name: gitea-merge-pr
params:
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Automatically merged by CI pipeline
- name: INDEX
value: $(params.git-pr-index)
- name: MERGETYPE
value: $(params.git-merge-type)
- name: DELETEBRANCH
value: $(params.git-merge-delete-branch)
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines
finally:
- name: fail-pr-check
when:
- input: $(tasks.status)
operator: in
values:
- Failed
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Tekton CI Pipeline
- name: STATE
value: failure
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines

430
pipeline/conversion-engine.yaml
View File

@@ -1,430 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: ce-buildtest
namespace: goghvideo-cicd-pipeline
spec:
workspaces:
- name: source
- name: gitauth
- name: dockerconfig
- name: helm
- name: gitsshauth
params:
- name: git-repo-full-name
type: string
- name: git-token-secret-name
type: string
- name: git-token-secret-key
type: string
- name: git-commit-sha
type: string
- name: git-repo-url
type: string
description: Git URL to retrieve
- name: git-branch
type: string
description: branch to checkout
- name: git-pr-index
description: PR number to merge
- name: git-merge-type
description: What type of merge to do
- name: git-merge-delete-branch
description: delete the branch after merge
- name: verbose
type: string
default: "false"
- name: lint-package
type: string
- name: lint-context
type: string
description: Path to where the modules are stored
- name: lint-version
type: string
default: latest
- name: image
type: string
- name: s2i-builder-image
type: string
- name: git-helm-url
type: string
tasks:
- name: set-check-pending
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Build started
- name: STATE
value: pending
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines/all-namespaces
- name: git-semver
runAfter:
- set-check-pending
taskRef:
name: git-semver
params:
- name: gitrepositoryurl
value: $(params.git-repo-url)
- name: gitbranch
value: $(params.git-branch)
workspaces:
- name: repo
workspace: source
- name: gitauth
workspace: gitauth
- name: golangci-lint
runAfter:
- git-semver
taskRef:
name: golangci-lint
params:
- name: package
value: $(params.lint-package)
- name: context
value: $(params.lint-context)
- name: version
value: $(params.lint-version)
workspaces:
- name: source
workspace: source
- name: generate-imagetag
runAfter:
- golangci-lint
taskRef:
name: generate-image-tag
params:
- name: version
value: $(tasks.git-semver.results.version)
- name: image
value: $(params.image)
- name: s2i-build
runAfter:
- generate-imagetag
taskRef:
name: s2i-go-debug
params:
- name: TLSVERIFY
value: false
- name: BUILDER_IMAGE
value: $(params.s2i-builder-image)
- name: PATH_CONTEXT
value: $(params.lint-context)
- name: verbose
value: true
- name: IMAGE
value: $(tasks.generate-imagetag.results.imagetag)
- name: ENV_VARS
value:
- semver=$(tasks.git-semver.results.version)
workspaces:
- name: source
workspace: source
- name: dockerconfig
workspace: dockerconfig
- name: ephemeral-ns
runAfter:
- s2i-build
taskref:
name: openshift-ephemeral-namespace-client
kind: Task
params:
- name: VERSION
value: 4.11
- name: SCRIPT
value: |
echo "${SHELL}"
RANDOMID=$(openssl rand -hex 4)
oc new-project goghvideo-test-${RANDOMID} >/dev/null
oc label namespace goghvideo-test-${RANDOMID} app=goghvideo-test
x=0; until [[ -n $(oc -n goghvideo-test-${RANDOMID} get secret/goghvideo-openshift-builder-pull-secret 2>/dev/null) || $x -eq 10 ]]; do echo "Waiting for secret replication" && sleep 10 && ((x++)); done
if [[ "${x}" -eq 10 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} secrets link default goghvideo-openshift-builder-pull-secret --for=pull
oc apply -f - <<EOF
apiVersion: rabbitmq.com/v1beta1
kind: RabbitmqCluster
metadata:
name: rabbitmq
namespace: goghvideo-test-${RANDOMID}
spec:
delayStartSeconds: 10
image: quay01.ipa.endofday.com/goghvideo/bitnami-rabbitmq
imagePullSecrets:
- name: goghvideo-openshift-builder-pull-secret
persistence:
storage: 10Gi
replicas: 1
resources:
limits:
cpu: "2"
memory: 2Gi
requests:
cpu: "1"
memory: 2Gi
service:
type: ClusterIP
terminationGracePeriodSeconds: 30
EOF
x=0; until [[ -n $(oc -n goghvideo-test-${RANDOMID} get sa/rabbitmq-server 2>/dev/null ) || $x -eq 10 ]]; do echo "Waiting for operator to deploy rabbit" && sleep 5 && ((x++)); done
if [[ "${x}" -eq 10 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} adm policy add-scc-to-user anyuid -z rabbitmq-server
x=0; until [[ $(oc -n goghvideo-test-${RANDOMID} get sts rabbitmq-server -o jsonpath="{.status.readyReplicas}") -gt 0 || $x -eq 20 ]]; do echo "Waiting for Rabbit MQ to startup" && sleep 15 && ((x++)); done
if [[ "${x}" -eq 20 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} create route edge --service=rabbitmq --port=15672
oc -n goghvideo-test-${RANDOMID} get pods
RABBITHOST=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.host | base64decode }}')
RABBITUSER=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.username | base64decode }}')
RABBITPASS=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.password | base64decode }}')
oc -n goghvideo-test-${RANDOMID} create secret generic amqp --from-literal=url=amqp://${RABBITUSER}:${RABBITPASS}@${RABBITHOST}/
curl -O http://${RABBITHOST}:15672/cli/rabbitmqadmin
chmod +x rabbitmqadmin
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare exchange name=conversion type=topic
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=transcode durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=notification durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=upload-nextcloud durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=complete durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="transcode" routing_key="transcode"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="notification" routing_key="notification"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="upload-nextcloud" routing_key="upload-nextcloud"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="complete" routing_key="complete"
echo -n "goghvideo-test-${RANDOMID}" > $(results.namespace.path)
workspaces:
- name: kubeconfig-dir
workspace: dockerconfig
- name: clone-helm-charts
runAfter: ["ephemeral-ns"]
taskRef:
name: git-clone
params:
- name: url
value: $(params.git-helm-url)
workspaces:
- name: output
workspace: helm
- name: ssh-directory
workspace: gitsshauth
- name: deploy-ce-testver
runAfter: ["clone-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: conversion-engine
- name: release_namespace
value: $(tasks.ephemeral-ns.results.namespace)
- name: release_name
value: conversion-engine
- name: overwrite_values
value: "image.tag=v$(tasks.git-semver.results.version)"
workspaces:
- name: source
workspace: helm
- name: deploy-upload-to-nextcloud
runAfter: ["clone-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: upload-to-nextcloud
- name: release_namespace
value: $(tasks.ephemeral-ns.results.namespace)
- name: release_name
value: upload-to-nextcloud
workspaces:
- name: source
workspace: helm
- name: deploy-notification
runAfter: ["clone-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: notification
- name: release_namespace
value: $(tasks.ephemeral-ns.results.namespace)
- name: release_name
value: notification
workspaces:
- name: source
workspace: helm
- name: get-filedrop-name
runAfter: ["deploy-ce-testver", "deploy-upload-to-nextcloud", "deploy-notification"]
taskref:
name: openshift-ephemeral-namespace-client
kind: Task
params:
- name: VERSION
value: 4.11
- name: SCRIPT
value: |
#!/usr/bin/env bash
wget "https://github.com/jqlang/jq/releases/download/jq-1.7/jq-linux-amd64" -O /usr/local/bin/jq
chmod +x /usr/local/bin/jq
INPUTSRC=$(oc -n $(tasks.ephemeral-ns.results.namespace) get scaledjob/conversion-engine -o json | /usr/local/bin/jq -r '.spec.jobTargetRef.template.spec.initContainers[0].env[] | select(.name == "sourcefile").value')
if [[ -z "${INPUTSRC}" ]]; then exit 1; fi
echo -n "${INPUTSRC}" > $(results.filedrop.path)
workspaces:
- name: kubeconfig-dir
workspace: dockerconfig
- name: perform-e2e-test
runAfter: ["get-filedrop-name"]
taskref:
name: openshift-ephemeral-namespace-client
kind: Task
params:
- name: VERSION
value: 4.11
- name: SCRIPT
value: |
#!/usr/bin/env bash
oc create -f - <<EOF
apiVersion: batch/v1
kind: Job
metadata:
generateName: e2e-test-
namespace: $(tasks.ephemeral-ns.results.namespace)
labels:
app: e2e-test
spec:
completions: 1
parallelism: 1
template:
metadata:
creationTimestamp: null
spec:
restartPolicy: Never
containers:
- env:
- name: amqp
valueFrom:
secretKeyRef:
key: url
name: amqp
- name: dropfile
value: $(tasks.get-filedrop-name.results.filedrop)
image: quay01.ipa.endofday.com/goghvideo/e2e-test:v0.1.5
imagePullPolicy: Always
name: transcode-job
volumeMounts:
- mountPath: "/conversion"
name: "pvc-conversion"
volumes:
- name: "pvc-conversion"
persistentVolumeClaim:
claimName: "pvc-conversion"
EOF
workspaces:
- name: kubeconfig-dir
workspace: dockerconfig
- name: pass-pr-check
runAfter: ["perform-e2e-test"]
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Tekton CI Pipeline
- name: STATE
value: success
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines
- name: create-git-release
runAfter: ["pass-pr-check"]
taskRef:
name: gitea-create-release
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: TAG
value: $(tasks.git-semver.results.version)
- name: TITLE
value: $(params.git-repo-full-name)-$(tasks.git-semver.results.version)
- name: perform-merge
runAfter: ["create-git-release"]
taskRef:
name: gitea-merge-pr
params:
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Automatically merged by CI pipeline
- name: INDEX
value: $(params.git-pr-index)
- name: MERGETYPE
value: $(params.git-merge-type)
- name: DELETEBRANCH
value: $(params.git-merge-delete-branch)
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines
finally:
- name: fail-pr-check
when:
- input: $(tasks.status)
operator: in
values:
- Failed
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Tekton CI Pipeline
- name: STATE
value: failure
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines

225
pipeline/e2e-test.yaml
View File

@@ -1,225 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: e2etest-buildtest
namespace: goghvideo-cicd-pipeline
spec:
workspaces:
- name: source
- name: gitauth
- name: dockerconfig
- name: helm
- name: gitsshauth
params:
- name: git-repo-full-name
type: string
- name: git-token-secret-name
type: string
- name: git-token-secret-key
type: string
- name: git-commit-sha
type: string
- name: git-repo-url
type: string
description: Git URL to retrieve
- name: git-branch
type: string
description: branch to checkout
- name: git-pr-index
description: PR number to merge
- name: git-merge-type
description: What type of merge to do
- name: git-merge-delete-branch
description: delete the branch after merge
- name: verbose
type: string
default: "false"
- name: lint-package
type: string
- name: lint-context
type: string
description: Path to where the modules are stored
- name: lint-version
type: string
default: latest
- name: image
type: string
- name: s2i-builder-image
type: string
- name: git-helm-url
type: string
tasks:
- name: set-check-pending
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Build started
- name: STATE
value: pending
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines/all-namespaces
- name: git-semver
runAfter:
- set-check-pending
taskRef:
name: git-semver
params:
- name: gitrepositoryurl
value: $(params.git-repo-url)
- name: gitbranch
value: $(params.git-branch)
workspaces:
- name: repo
workspace: source
- name: gitauth
workspace: gitauth
- name: golangci-lint
runAfter:
- git-semver
taskRef:
name: golangci-lint
params:
- name: package
value: $(params.lint-package)
- name: context
value: $(params.lint-context)
- name: version
value: $(params.lint-version)
workspaces:
- name: source
workspace: source
- name: generate-imagetag
runAfter:
- golangci-lint
taskRef:
name: generate-image-tag
params:
- name: version
value: $(tasks.git-semver.results.version)
- name: image
value: $(params.image)
- name: s2i-build
runAfter:
- generate-imagetag
taskRef:
name: s2i-go-debug
kind: Task
params:
- name: TLSVERIFY
value: false
- name: BUILDER_IMAGE
value: $(params.s2i-builder-image)
- name: PATH_CONTEXT
value: $(params.lint-context)
- name: verbose
value: true
- name: IMAGE
value: $(tasks.generate-imagetag.results.imagetag)
- name: ENV_VARS
value:
- semver=$(tasks.git-semver.results.version)
workspaces:
- name: source
workspace: source
- name: dockerconfig
workspace: dockerconfig
- name: pass-pr-check
runAfter: ["s2i-build"]
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Tekton CI Pipeline
- name: STATE
value: success
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines
- name: create-git-release
runAfter: ["pass-pr-check"]
taskRef:
name: gitea-create-release
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: TAG
value: $(tasks.git-semver.results.version)
- name: TITLE
value: $(params.git-repo-full-name)-$(tasks.git-semver.results.version)
- name: perform-merge
runAfter: ["create-git-release"]
taskRef:
name: gitea-merge-pr
params:
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Automatically merged by CI pipeline
- name: INDEX
value: $(params.git-pr-index)
- name: MERGETYPE
value: $(params.git-merge-type)
- name: DELETEBRANCH
value: $(params.git-merge-delete-branch)
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines
finally:
- name: fail-pr-check
when:
- input: $(tasks.status)
operator: in
values:
- Failed
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Tekton CI Pipeline
- name: STATE
value: failure
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines

437
pipeline/notification-pr.yaml
View File

@@ -1,437 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: notification-buildtest
namespace: goghvideo-cicd-pipeline
spec:
workspaces:
- name: source
- name: gitauth
- name: dockerconfig
- name: helm
- name: gitsshauth
params:
- name: git-repo-full-name
type: string
- name: git-token-secret-name
type: string
- name: git-token-secret-key
type: string
- name: git-commit-sha
type: string
- name: git-repo-url
type: string
description: Git URL to retrieve
- name: git-branch
type: string
description: branch to checkout
- name: git-pr-index
description: PR number to merge
- name: git-merge-type
description: What type of merge to do
- name: git-merge-delete-branch
description: delete the branch after merge
- name: verbose
type: string
default: "false"
- name: lint-package
type: string
- name: lint-context
type: string
description: Path to where the modules are stored
- name: lint-version
type: string
default: latest
- name: image
type: string
- name: s2i-builder-image
type: string
- name: git-helm-url
type: string
tasks:
- name: set-check-pending
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Build started
- name: STATE
value: pending
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines/all-namespaces
- name: git-semver
runAfter:
- set-check-pending
taskRef:
name: git-semver
params:
- name: gitrepositoryurl
value: $(params.git-repo-url)
- name: gitbranch
value: $(params.git-branch)
workspaces:
- name: repo
workspace: source
- name: gitauth
workspace: gitauth
- name: golangci-lint
runAfter:
- git-semver
taskRef:
name: golangci-lint
params:
- name: package
value: $(params.lint-package)
- name: context
value: $(params.lint-context)
- name: version
value: $(params.lint-version)
workspaces:
- name: source
workspace: source
- name: generate-imagetag
runAfter:
- golangci-lint
taskRef:
name: generate-image-tag
params:
- name: version
value: $(tasks.git-semver.results.version)
- name: image
value: $(params.image)
- name: s2i-build
runAfter:
- generate-imagetag
taskRef:
name: s2i-go-debug
params:
- name: TLSVERIFY
value: false
- name: BUILDER_IMAGE
value: $(params.s2i-builder-image)
- name: PATH_CONTEXT
value: $(params.lint-context)
- name: verbose
value: true
- name: IMAGE
value: $(tasks.generate-imagetag.results.imagetag)
- name: ENV_VARS
value:
- semver=$(tasks.git-semver.results.version)
workspaces:
- name: source
workspace: source
- name: dockerconfig
workspace: dockerconfig
- name: ephemeral-ns
runAfter:
- s2i-build
taskref:
name: openshift-ephemeral-namespace-client
kind: Task
params:
- name: VERSION
value: 4.11
- name: SCRIPT
value: |
echo "${SHELL}"
RANDOMID=$(openssl rand -hex 4)
oc new-project goghvideo-test-${RANDOMID} >/dev/null
oc label namespace goghvideo-test-${RANDOMID} app=goghvideo-test
x=0; until [[ -n $(oc -n goghvideo-test-${RANDOMID} get secret/goghvideo-openshift-builder-pull-secret 2>/dev/null) || $x -eq 10 ]]; do echo "Waiting for secret replication" && sleep 10 && ((x++)); done
if [[ "${x}" -eq 10 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} secrets link default goghvideo-openshift-builder-pull-secret --for=pull
oc apply -f - <<EOF
apiVersion: rabbitmq.com/v1beta1
kind: RabbitmqCluster
metadata:
name: rabbitmq
namespace: goghvideo-test-${RANDOMID}
spec:
delayStartSeconds: 10
image: quay01.ipa.endofday.com/goghvideo/bitnami-rabbitmq
imagePullSecrets:
- name: goghvideo-openshift-builder-pull-secret
persistence:
storage: 10Gi
replicas: 1
resources:
limits:
cpu: "2"
memory: 2Gi
requests:
cpu: "1"
memory: 2Gi
service:
type: ClusterIP
terminationGracePeriodSeconds: 30
EOF
x=0; until [[ -n $(oc -n goghvideo-test-${RANDOMID} get sa/rabbitmq-server 2>/dev/null ) || $x -eq 10 ]]; do echo "Waiting for operator to deploy rabbit" && sleep 5 && ((x++)); done
if [[ "${x}" -eq 10 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} adm policy add-scc-to-user anyuid -z rabbitmq-server
x=0; until [[ $(oc -n goghvideo-test-${RANDOMID} get sts rabbitmq-server -o jsonpath="{.status.readyReplicas}") -gt 0 || $x -eq 20 ]]; do echo "Waiting for Rabbit MQ to startup" && sleep 15 && ((x++)); done
if [[ "${x}" -eq 20 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} create route edge --service=rabbitmq --port=15672
oc -n goghvideo-test-${RANDOMID} get pods
RABBITHOST=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.host | base64decode }}')
RABBITUSER=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.username | base64decode }}')
RABBITPASS=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.password | base64decode }}')
oc -n goghvideo-test-${RANDOMID} create secret generic amqp --from-literal=url=amqp://${RABBITUSER}:${RABBITPASS}@${RABBITHOST}/
curl -O http://${RABBITHOST}:15672/cli/rabbitmqadmin
chmod +x rabbitmqadmin
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare exchange name=conversion type=topic
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=transcode durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=notification durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=upload-nextcloud durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=complete durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="transcode" routing_key="transcode"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="notification" routing_key="notification"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="upload-nextcloud" routing_key="upload-nextcloud"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="complete" routing_key="complete"
echo -n "goghvideo-test-${RANDOMID}" > $(results.namespace.path)
workspaces:
- name: kubeconfig-dir
workspace: dockerconfig
- name: clone-helm-charts
runAfter: ["ephemeral-ns"]
taskRef:
name: git-clone
params:
- name: url
value: $(params.git-helm-url)
workspaces:
- name: output
workspace: helm
- name: ssh-directory
workspace: gitsshauth
- name: deploy-notification
runAfter: ["clone-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: notification
- name: release_namespace
value: $(tasks.ephemeral-ns.results.namespace)
- name: release_name
value: notification
- name: overwrite_values
value: "image.tag=v$(tasks.git-semver.results.version)"
workspaces:
- name: source
workspace: helm
- name: deploy-upload-to-nextcloud
runAfter: ["clone-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: upload-to-nextcloud
- name: release_namespace
value: $(tasks.ephemeral-ns.results.namespace)
- name: release_name
value: upload-to-nextcloud
workspaces:
- name: source
workspace: helm
- name: deploy-conversion-engine
runAfter: ["clone-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: conversion-engine
- name: release_namespace
value: $(tasks.ephemeral-ns.results.namespace)
- name: release_name
value: conversion-engine
workspaces:
- name: source
workspace: helm
- name: get-filedrop-name
runAfter: ["deploy-conversion-engine", "deploy-upload-to-nextcloud", "deploy-notification"]
taskref:
name: openshift-ephemeral-namespace-client
kind: Task
params:
- name: VERSION
value: 4.11
- name: SCRIPT
value: |
#!/usr/bin/env bash
wget "https://github.com/jqlang/jq/releases/download/jq-1.7/jq-linux-amd64" -O /usr/local/bin/jq
chmod +x /usr/local/bin/jq
INPUTSRC=$(oc -n $(tasks.ephemeral-ns.results.namespace) get scaledjob/conversion-engine -o json | /usr/local/bin/jq -r '.spec.jobTargetRef.template.spec.initContainers[0].env[] | select(.name == "sourcefile").value')
if [[ -z "${INPUTSRC}" ]]; then exit 1; fi
echo -n "${INPUTSRC}" > $(results.filedrop.path)
workspaces:
- name: kubeconfig-dir
workspace: dockerconfig
- name: perform-e2e-test
runAfter: ["get-filedrop-name"]
taskref:
name: openshift-ephemeral-namespace-client
kind: Task
params:
- name: VERSION
value: 4.11
- name: SCRIPT
value: |
#!/usr/bin/env bash
oc create -f - <<EOF && sleep 2
apiVersion: batch/v1
kind: Job
metadata:
generateName: e2e-test-
namespace: $(tasks.ephemeral-ns.results.namespace)
labels:
app: e2e-test
spec:
completions: 1
parallelism: 1
template:
metadata:
creationTimestamp: null
spec:
restartPolicy: Never
containers:
- env:
- name: amqp
valueFrom:
secretKeyRef:
key: url
name: amqp
- name: dropfile
value: $(tasks.get-filedrop-name.results.filedrop)
image: quay01.ipa.endofday.com/goghvideo/e2e-test:v0.1.5
imagePullPolicy: Always
name: transcode-job
volumeMounts:
- mountPath: "/conversion"
name: "pvc-conversion"
volumes:
- name: "pvc-conversion"
persistentVolumeClaim:
claimName: "pvc-conversion"
EOF
MYJOB=$(oc -n $(tasks.ephemeral-ns.results.namespace) get jobs -l app=e2e-test -o name)
echo "Job Reference: ${MYJOB}"
x=0; until [[ $(oc -n $(tasks.ephemeral-ns.results.namespace) get ${MYJOB} -o go-template="{{if .status.active}}{{.status.active}}{{else}}0{{end}}") -gt 0 || $x -eq 60 ]]; do echo "Waiting for e2e job to start" && sleep 2 && ((x++)); done
if [[ "${x}" -eq 60 ]]; then exit 1; fi
x=0; until [[ $(oc -n $(tasks.ephemeral-ns.results.namespace) get ${MYJOB} -o go-template="{{if .status.succeeded}}{{.status.succeeded}}{{else}}0{{end}}" ) -gt 0 || $x -eq 20 ]]; do echo "Waiting for test to complete" && sleep 15 && ((x++)); done
if [[ "${x}" -eq 20 ]]; then exit 1; fi
workspaces:
- name: kubeconfig-dir
workspace: dockerconfig
- name: pass-pr-check
runAfter: ["perform-e2e-test"]
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Tekton CI Pipeline
- name: STATE
value: success
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines
- name: create-git-release
runAfter: ["pass-pr-check"]
taskRef:
name: gitea-create-release
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: TAG
value: $(tasks.git-semver.results.version)
- name: TITLE
value: $(params.git-repo-full-name)-$(tasks.git-semver.results.version)
- name: perform-merge
runAfter: ["create-git-release"]
taskRef:
name: gitea-merge-pr
params:
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Automatically merged by CI pipeline
- name: INDEX
value: $(params.git-pr-index)
- name: MERGETYPE
value: $(params.git-merge-type)
- name: DELETEBRANCH
value: $(params.git-merge-delete-branch)
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines
finally:
- name: fail-pr-check
when:
- input: $(tasks.status)
operator: in
values:
- Failed
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Tekton CI Pipeline
- name: STATE
value: failure
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines

393
pipeline/notification.yaml
View File

@@ -1,393 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: notification
namespace: goghvideo-cicd-pipeline
labels:
app: notification
spec:
workspaces:
- name: source
- name: gitauth
- name: dockerconfig
- name: helm
- name: gitsshauth
- name: quayauth
- name: utilities
params:
- name: ref
description: Ref of the application
- name: revision
description: git unique head commit id
- name: repourl
description: repository name
- name: repofullname
description: repository full name
- name: author
description: commit author username
- name: email
description: commit author email
- name: message
description: commit message
- name: index
description: pull request index number
- name: git-helm-url
description: The URL of the repo containing the helm charts
- name: githost
description: the base git server hostname
- name: quayhost
description: the base quay server hostname
tasks:
- name: set-pending-status
taskRef:
name: gitea-set-status
params:
- name: githost
value: $(params.githost)
- name: quayhost
value: $(params.quayhost)
- name: statusurl
value: "https://console-openshift-console.apps.ocp.endofday.com/pipelines/ns/goghvideo-cicd-pipeline/pipeline-runs"
- name: revision
value: $(params.revision)
- name: repofullname
value: $(params.repofullname)
- name: description
value: "CI Pipeline"
- name: state
value: "pending"
workspaces:
- name: gitauth
workspace: gitauth
- name: copy-shared-utilities
runAfter: ["set-pending-status"]
taskRef:
name: copy-shared-utilities
workspaces:
- name: utilities
- name: prepare
runAfter: ["set-pending-status"]
taskRef:
name: git-semver
params:
- name: gitrepositoryurl
value: $(params.repourl)
- name: gitbranch
value: $(params.ref)
workspaces:
- name: repo
workspace: source
- name: gitauth
workspace: gitauth
- name: standards
runAfter:
- prepare
taskRef:
name: golangci-lint
params:
- name: package
value: $(params.githost)/goghvideo/notification
- name: context
value: ./notification/src
- name: version
value: latest
workspaces:
- name: source
workspace: source
- name: build
runAfter:
- standards
taskRef:
name: s2i-go-debug
params:
- name: TLSVERIFY
value: false
- name: BUILDER_IMAGE
value: $(params.quayhost)/goghvideo/golang-s2i-buildah:v1
- name: PATH_CONTEXT
value: notification/src
- name: verbose
value: true
- name: IMAGE
value: $(params.quayhost)/goghvideo/notification:$(params.revision)
- name: ENV_VARS
value:
- semver=$(tasks.prepare.results.version)
workspaces:
- name: source
workspace: source
- name: dockerconfig
workspace: dockerconfig
- name: ephemeral-namespace
runAfter:
- build
taskref:
name: openshift-ephemeral-namespace-client
kind: Task
params:
- name: VERSION
value: 4.11
- name: SCRIPT
value: |
echo "${SHELL}"
RANDOMID=$(openssl rand -hex 4)
oc new-project goghvideo-test-${RANDOMID} >/dev/null
oc label namespace goghvideo-test-${RANDOMID} app=goghvideo-test
x=0; until [[ -n $(oc -n goghvideo-test-${RANDOMID} get secret/goghvideo-openshift-builder-pull-secret 2>/dev/null) || $x -eq 10 ]]; do echo "Waiting for secret replication" && sleep 10 && ((x++)); done
if [[ "${x}" -eq 10 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} secrets link default goghvideo-openshift-builder-pull-secret --for=pull
oc apply -f - <<EOF
apiVersion: rabbitmq.com/v1beta1
kind: RabbitmqCluster
metadata:
name: rabbitmq
namespace: goghvideo-test-${RANDOMID}
spec:
delayStartSeconds: 10
image: $(params.quayhost)/goghvideo/bitnami-rabbitmq
imagePullSecrets:
- name: goghvideo-openshift-builder-pull-secret
persistence:
storage: 10Gi
replicas: 1
resources:
limits:
cpu: "2"
memory: 2Gi
requests:
cpu: "1"
memory: 2Gi
service:
type: ClusterIP
terminationGracePeriodSeconds: 30
EOF
x=0; until [[ -n $(oc -n goghvideo-test-${RANDOMID} get sa/rabbitmq-server 2>/dev/null ) || $x -eq 10 ]]; do echo "Waiting for operator to deploy rabbit" && sleep 5 && ((x++)); done
if [[ "${x}" -eq 10 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} adm policy add-scc-to-user anyuid -z rabbitmq-server
x=0; until [[ $(oc -n goghvideo-test-${RANDOMID} get sts rabbitmq-server -o jsonpath="{.status.readyReplicas}") -gt 0 || $x -eq 20 ]]; do echo "Waiting for Rabbit MQ to startup" && sleep 15 && ((x++)); done
if [[ "${x}" -eq 20 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} create route edge --service=rabbitmq --port=15672
oc -n goghvideo-test-${RANDOMID} get pods
RABBITHOST=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.host | base64decode }}')
RABBITUSER=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.username | base64decode }}')
RABBITPASS=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.password | base64decode }}')
oc -n goghvideo-test-${RANDOMID} create secret generic amqp --from-literal=url=amqp://${RABBITUSER}:${RABBITPASS}@${RABBITHOST}/
curl -O http://${RABBITHOST}:15672/cli/rabbitmqadmin
chmod +x rabbitmqadmin
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare exchange name=conversion type=topic
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=transcode durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=notification durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=upload-nextcloud durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=complete durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="transcode" routing_key="transcode"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="notification" routing_key="notification"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="upload-nextcloud" routing_key="upload-nextcloud"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="complete" routing_key="complete"
echo -n "goghvideo-test-${RANDOMID}" > $(results.namespace.path)
workspaces:
- name: kubeconfig-dir
workspace: dockerconfig
- name: prepare-helm-charts
runAfter: ["ephemeral-namespace"]
taskRef:
name: git-clone
params:
- name: url
value: $(params.git-helm-url)
workspaces:
- name: output
workspace: helm
- name: basic-auth
workspace: gitauth
- name: deploy-notification-app
runAfter: ["prepare-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: notification
- name: release_namespace
value: $(tasks.ephemeral-namespace.results.namespace)
- name: release_name
value: notification
- name: overwrite_values
value: "image.tag=$(params.revision)"
workspaces:
- name: source
workspace: helm
- name: deploy-upload-to-nextcloud-app
runAfter: ["prepare-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: upload-to-nextcloud
- name: release_namespace
value: $(tasks.ephemeral-namespace.results.namespace)
- name: release_name
value: upload-to-nextcloud
workspaces:
- name: source
workspace: helm
- name: deploy-conversion-engine-job
runAfter: ["prepare-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: conversion-engine
- name: release_namespace
value: $(tasks.ephemeral-namespace.results.namespace)
- name: release_name
value: conversion-engine
workspaces:
- name: source
workspace: helm
- name: get-filedrop-name
runAfter: ["deploy-conversion-engine-job", "deploy-upload-to-nextcloud-app", "deploy-notification-app"]
taskref:
name: openshift-ephemeral-namespace-client
kind: Task
params:
- name: VERSION
value: 4.11
- name: SCRIPT
value: |
#!/usr/bin/env bash
wget "https://github.com/jqlang/jq/releases/download/jq-1.7/jq-linux-amd64" -O /usr/local/bin/jq
chmod +x /usr/local/bin/jq
INPUTSRC=$(oc -n $(tasks.ephemeral-namespace.results.namespace) get scaledjob/conversion-engine -o json | /usr/local/bin/jq -r '.spec.jobTargetRef.template.spec.initContainers[0].env[] | select(.name == "sourcefile").value')
if [[ -z "${INPUTSRC}" ]]; then exit 1; fi
echo -n "${INPUTSRC}" > $(results.filedrop.path)
workspaces:
- name: kubeconfig-dir
workspace: dockerconfig
- name: perform-e2e-test
runAfter: ["get-filedrop-name"]
taskref:
name: openshift-ephemeral-namespace-client
kind: Task
params:
- name: VERSION
value: 4.11
- name: SCRIPT
value: |
#!/usr/bin/env bash
oc create -f - <<EOF && sleep 2
apiVersion: batch/v1
kind: Job
metadata:
generateName: e2e-test-
namespace: $(tasks.ephemeral-namespace.results.namespace)
labels:
app: e2e-test
spec:
completions: 1
parallelism: 1
template:
metadata:
creationTimestamp: null
spec:
restartPolicy: Never
containers:
- env:
- name: amqp
valueFrom:
secretKeyRef:
key: url
name: amqp
- name: dropfile
value: $(tasks.get-filedrop-name.results.filedrop)
image: $(params.quayhost)/goghvideo/e2e-test:v0.1.5
imagePullPolicy: Always
name: transcode-job
volumeMounts:
- mountPath: "/conversion"
name: "pvc-conversion"
volumes:
- name: "pvc-conversion"
persistentVolumeClaim:
claimName: "pvc-conversion"
EOF
MYJOB=$(oc -n $(tasks.ephemeral-namespace.results.namespace) get jobs -l app=e2e-test -o name)
echo "Job Reference: ${MYJOB}"
x=0; until [[ $(oc -n $(tasks.ephemeral-namespace.results.namespace) get ${MYJOB} -o go-template="{{if .status.active}}{{.status.active}}{{else}}0{{end}}") -gt 0 || $x -eq 60 ]]; do echo "Waiting for e2e job to start" && sleep 2 && ((x++)); done
if [[ "${x}" -eq 60 ]]; then exit 1; fi
x=0; until [[ $(oc -n $(tasks.ephemeral-namespace.results.namespace) get ${MYJOB} -o go-template="{{if .status.succeeded}}{{.status.succeeded}}{{else}}0{{end}}" ) -gt 0 || $x -eq 20 ]]; do echo "Waiting for test to complete" && sleep 15 && ((x++)); done
if [[ "${x}" -eq 20 ]]; then exit 1; fi
workspaces:
- name: kubeconfig-dir
workspace: dockerconfig
- name: set-success-status
runAfter: ["perform-e2e-test"]
taskRef:
name: gitea-set-status
params:
- name: githost
value: $(params.githost)
- name: quayhost
value: $(params.quayhost)
- name: statusurl
value: "https://console-openshift-console.apps.ocp.endofday.com/pipelines/ns/goghvideo-cicd-pipeline/pipeline-runs"
- name: revision
value: $(params.revision)
- name: repofullname
value: $(params.repofullname)
- name: description
value: "CI Pipeline"
- name: state
value: "success"
workspaces:
- name: gitauth
workspace: gitauth
- name: promote
runAfter: ["set-success-status"]
taskref:
name: promote
kind: Task
params:
- name: ref
value: $(params.ref)
- name: repofullname
value: $(params.repofullname)
- name: revision
value: $(params.revision)
- name: semver
value: $(tasks.prepare.results.version)
- name: author
value: $(params.author)
- name: email
value: $(params.email)
- name: appname
value: notification
- name: quayhost
value: $(params.quayhost)
- name: githost
value: $(params.githost)
- name: index
value: $(params.index)
workspaces:
- name: source
workspace: source
- name: gitauth
workspace: gitauth
- name: quayauth
workspace: quayauth
- name: utilities
workspace: utilities
- name: helm
workspace: helm

430
pipeline/upload-to-nextcloud.yaml
View File

@@ -1,430 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: upload2nc-buildtest
namespace: goghvideo-cicd-pipeline
spec:
workspaces:
- name: source
- name: gitauth
- name: dockerconfig
- name: helm
- name: gitsshauth
params:
- name: git-repo-full-name
type: string
- name: git-token-secret-name
type: string
- name: git-token-secret-key
type: string
- name: git-commit-sha
type: string
- name: git-repo-url
type: string
description: Git URL to retrieve
- name: git-branch
type: string
description: branch to checkout
- name: git-pr-index
description: PR number to merge
- name: git-merge-type
description: What type of merge to do
- name: git-merge-delete-branch
description: delete the branch after merge
- name: verbose
type: string
default: "false"
- name: lint-package
type: string
- name: lint-context
type: string
description: Path to where the modules are stored
- name: lint-version
type: string
default: latest
- name: image
type: string
- name: s2i-builder-image
type: string
- name: git-helm-url
type: string
tasks:
- name: set-check-pending
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Build started
- name: STATE
value: pending
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines/all-namespaces
- name: git-semver
runAfter:
- set-check-pending
taskRef:
name: git-semver
params:
- name: gitrepositoryurl
value: $(params.git-repo-url)
- name: gitbranch
value: $(params.git-branch)
workspaces:
- name: repo
workspace: source
- name: gitauth
workspace: gitauth
- name: golangci-lint
runAfter:
- git-semver
taskRef:
name: golangci-lint
params:
- name: package
value: $(params.lint-package)
- name: context
value: $(params.lint-context)
- name: version
value: $(params.lint-version)
workspaces:
- name: source
workspace: source
- name: generate-imagetag
runAfter:
- golangci-lint
taskRef:
name: generate-image-tag
params:
- name: version
value: $(tasks.git-semver.results.version)
- name: image
value: $(params.image)
- name: s2i-build
runAfter:
- generate-imagetag
taskRef:
name: s2i-go-debug
params:
- name: TLSVERIFY
value: false
- name: BUILDER_IMAGE
value: $(params.s2i-builder-image)
- name: PATH_CONTEXT
value: $(params.lint-context)
- name: verbose
value: true
- name: IMAGE
value: $(tasks.generate-imagetag.results.imagetag)
- name: ENV_VARS
value:
- semver=$(tasks.git-semver.results.version)
workspaces:
- name: source
workspace: source
- name: dockerconfig
workspace: dockerconfig
- name: ephemeral-ns
runAfter:
- s2i-build
taskref:
name: openshift-ephemeral-namespace-client
kind: Task
params:
- name: VERSION
value: 4.11
- name: SCRIPT
value: |
echo "${SHELL}"
RANDOMID=$(openssl rand -hex 4)
oc new-project goghvideo-test-${RANDOMID} >/dev/null
oc label namespace goghvideo-test-${RANDOMID} app=goghvideo-test
x=0; until [[ -n $(oc -n goghvideo-test-${RANDOMID} get secret/goghvideo-openshift-builder-pull-secret 2>/dev/null) || $x -eq 10 ]]; do echo "Waiting for secret replication" && sleep 10 && ((x++)); done
if [[ "${x}" -eq 10 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} secrets link default goghvideo-openshift-builder-pull-secret --for=pull
oc apply -f - <<EOF
apiVersion: rabbitmq.com/v1beta1
kind: RabbitmqCluster
metadata:
name: rabbitmq
namespace: goghvideo-test-${RANDOMID}
spec:
delayStartSeconds: 10
image: quay01.ipa.endofday.com/goghvideo/bitnami-rabbitmq
imagePullSecrets:
- name: goghvideo-openshift-builder-pull-secret
persistence:
storage: 10Gi
replicas: 1
resources:
limits:
cpu: "2"
memory: 2Gi
requests:
cpu: "1"
memory: 2Gi
service:
type: ClusterIP
terminationGracePeriodSeconds: 30
EOF
x=0; until [[ -n $(oc -n goghvideo-test-${RANDOMID} get sa/rabbitmq-server 2>/dev/null ) || $x -eq 10 ]]; do echo "Waiting for operator to deploy rabbit" && sleep 5 && ((x++)); done
if [[ "${x}" -eq 10 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} adm policy add-scc-to-user anyuid -z rabbitmq-server
x=0; until [[ $(oc -n goghvideo-test-${RANDOMID} get sts rabbitmq-server -o jsonpath="{.status.readyReplicas}") -gt 0 || $x -eq 20 ]]; do echo "Waiting for Rabbit MQ to startup" && sleep 15 && ((x++)); done
if [[ "${x}" -eq 20 ]]; then exit 1; fi
oc -n goghvideo-test-${RANDOMID} create route edge --service=rabbitmq --port=15672
oc -n goghvideo-test-${RANDOMID} get pods
RABBITHOST=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.host | base64decode }}')
RABBITUSER=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.username | base64decode }}')
RABBITPASS=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.password | base64decode }}')
oc -n goghvideo-test-${RANDOMID} create secret generic amqp --from-literal=url=amqp://${RABBITUSER}:${RABBITPASS}@${RABBITHOST}/
curl -O http://${RABBITHOST}:15672/cli/rabbitmqadmin
chmod +x rabbitmqadmin
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare exchange name=conversion type=topic
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=transcode durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=notification durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=upload-nextcloud durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=complete durable=true queue_type=quorum
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="transcode" routing_key="transcode"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="notification" routing_key="notification"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="upload-nextcloud" routing_key="upload-nextcloud"
./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="complete" routing_key="complete"
echo -n "goghvideo-test-${RANDOMID}" > $(results.namespace.path)
workspaces:
- name: kubeconfig-dir
workspace: dockerconfig
- name: clone-helm-charts
runAfter: ["ephemeral-ns"]
taskRef:
name: git-clone
params:
- name: url
value: $(params.git-helm-url)
workspaces:
- name: output
workspace: helm
- name: ssh-directory
workspace: gitsshauth
- name: deploy-upload-to-nextcloud-testver
runAfter: ["clone-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: upload-to-nextcloud
- name: release_namespace
value: $(tasks.ephemeral-ns.results.namespace)
- name: release_name
value: upload-to-nextcloud
- name: overwrite_values
value: "image.tag=v$(tasks.git-semver.results.version)"
workspaces:
- name: source
workspace: helm
- name: deploy-notification
runAfter: ["clone-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: notification
- name: release_namespace
value: $(tasks.ephemeral-ns.results.namespace)
- name: release_name
value: notification
workspaces:
- name: source
workspace: helm
- name: deploy-conversion-engine
runAfter: ["clone-helm-charts"]
taskRef:
name: helm-upgrade-from-source
params:
- name: charts_dir
value: conversion-engine
- name: release_namespace
value: $(tasks.ephemeral-ns.results.namespace)
- name: release_name
value: conversion-engine
workspaces:
- name: source
workspace: helm
- name: get-filedrop-name
runAfter: ["deploy-upload-to-nextcloud-testver", "deploy-conversion-engine", "deploy-notification"]
taskref:
name: openshift-ephemeral-namespace-client
kind: Task
params:
- name: VERSION
value: 4.11
- name: SCRIPT
value: |
#!/usr/bin/env bash
wget "https://github.com/jqlang/jq/releases/download/jq-1.7/jq-linux-amd64" -O /usr/local/bin/jq
chmod +x /usr/local/bin/jq
INPUTSRC=$(oc -n $(tasks.ephemeral-ns.results.namespace) get scaledjob/conversion-engine -o json | /usr/local/bin/jq -r '.spec.jobTargetRef.template.spec.initContainers[0].env[] | select(.name == "sourcefile").value')
if [[ -z "${INPUTSRC}" ]]; then exit 1; fi
echo -n "${INPUTSRC}" > $(results.filedrop.path)
workspaces:
- name: kubeconfig-dir
workspace: dockerconfig
- name: perform-e2e-test
runAfter: ["get-filedrop-name"]
taskref:
name: openshift-ephemeral-namespace-client
kind: Task
params:
- name: VERSION
value: 4.11
- name: SCRIPT
value: |
#!/usr/bin/env bash
oc create -f - <<EOF
apiVersion: batch/v1
kind: Job
metadata:
generateName: e2e-test-
namespace: $(tasks.ephemeral-ns.results.namespace)
labels:
app: e2e-test
spec:
completions: 1
parallelism: 1
template:
metadata:
creationTimestamp: null
spec:
restartPolicy: Never
containers:
- env:
- name: amqp
valueFrom:
secretKeyRef:
key: url
name: amqp
- name: dropfile
value: $(tasks.get-filedrop-name.results.filedrop)
image: quay01.ipa.endofday.com/goghvideo/e2e-test:v0.1.5
imagePullPolicy: Always
name: transcode-job
volumeMounts:
- mountPath: "/conversion"
name: "pvc-conversion"
volumes:
- name: "pvc-conversion"
persistentVolumeClaim:
claimName: "pvc-conversion"
EOF
workspaces:
- name: kubeconfig-dir
workspace: dockerconfig
- name: pass-pr-check
runAfter: ["perform-e2e-test"]
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Tekton CI Pipeline
- name: STATE
value: success
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines
- name: create-git-release
runAfter: ["pass-pr-check"]
taskRef:
name: gitea-create-release
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: TAG
value: $(tasks.git-semver.results.version)
- name: TITLE
value: $(params.git-repo-full-name)-$(tasks.git-semver.results.version)
- name: perform-merge
runAfter: ["create-git-release"]
taskRef:
name: gitea-merge-pr
params:
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Automatically merged by CI pipeline
- name: INDEX
value: $(params.git-pr-index)
- name: MERGETYPE
value: $(params.git-merge-type)
- name: DELETEBRANCH
value: $(params.git-merge-delete-branch)
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines
finally:
- name: fail-pr-check
when:
- input: $(tasks.status)
operator: in
values:
- Failed
taskRef:
name: gitea-set-status
params:
- name: SHA
value: $(params.git-commit-sha)
- name: GITEA_HOST_URL
value: git.endofday.com
- name: REPO_FULL_NAME
value: $(params.git-repo-full-name)
- name: GITEA_TOKEN_SECRET_NAME
value: $(params.git-token-secret-name)
- name: GITEA_TOKEN_SECRET_KEY
value: $(params.git-token-secret-key)
- name: DESCRIPTION
value: Tekton CI Pipeline
- name: STATE
value: failure
- name: TARGET_URL
value: https://console-openshift-console.apps.ocp.endofday.com/pipelines

17
tasks/copy-shared-utilities.yaml
View File

@@ -1,17 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: copy-shared-utilities
namespace: goghvideo-cicd-pipeline
spec:
steps:
- name: copy-shared-utilities
image: quay01.ipa.endofday.com/goghvideo/rockylinux:9-ubi
workingDir: $(workspaces.utilities.path)
script: |
#!/usr/bin/env bash
curl -O https://nextcloud.endofday.com/s/TXMc8z3Xjxci5fY/download/yq
chmod +x yq
workspaces:
- name: utilities

29
tasks/generate-image-tag-task.yaml
View File

@@ -1,29 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: generate-image-tag
namespace: goghvideo-cicd-pipeline
spec:
params:
- name: image
type: string
- name: version
type: string
results:
- name: imagetag
type: string
steps:
- name: concatenate-strings
image: quay01.ipa.endofday.com/goghvideo/rockylinux:9-ubi
env:
- name: IMAGE
value: $(params.image)
- name: TAG
value: $(params.version)
script: |
#!/usr/bin/env bash
IMAGE=$(echo -n ${IMAGE})
TAG=$(echo -n ${TAG})
echo -n "${IMAGE}:v${TAG}" > "$(results.imagetag.path)"

36
tasks/git-semver.yaml
View File

@@ -1,36 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: git-semver
namespace: goghvideo-cicd-pipeline
spec:
params:
- name: gitrepositoryurl
type: string
- name: gitbranch
type: string
default: master
results:
- name: version
type: string
steps:
- name: clone-and-calculate-semver
image: quay01.ipa.endofday.com/goghvideo/gitversion:latest
env:
- name: PARAM_REPO
value: $(params.gitrepositoryurl)
- name: PARAM_BRANCH
value: $(params.gitbranch)
script: |
#!/usr/bin/env bash
USERNAME=$(cat /workspace/gitauth/username)
PASSWORD=$(cat /workspace/gitauth/password)
SEMVER=$(/tools/dotnet-gitversion /url ${PARAM_REPO} /b ${PARAM_BRANCH} /u ${USERNAME} /p ${PASSWORD} /dynamicRepoLocation /workspace/repo /overrideconfig mode=Mainline /overrideconfig commit-message-incrementing=MergeMessageOnly /showvariable MajorMinorPatch /verbosity quiet)
echo -n ${SEMVER} > $(results.version.path)
exit 0
securityContext:
runAsNonRoot: true
runAsUser: 65532
workspaces:
- name: repo
- name: gitauth

125
tasks/gitea-create-release.yaml
View File

@@ -1,125 +0,0 @@
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: gitea-create-release
namespace: goghvideo-cicd-pipeline
spec:
description: |-
This task will merge a PR and delete the branch.
params:
- name: GITEA_HOST_URL
description: |
The Gitea host, e.g: git.yourcompany.com. Can include port.
type: string
- name: GITEA_HTTPS_OR_HTTP
default: https
description: |
If we should connect with HTTP or HTTPS. Use "http" or "https" here.
type: string
- name: API_PATH_PREFIX
default: /api/v1
description: |
The API path prefix of Gitea, default: /api/v1
type: string
- name: REPO_FULL_NAME
description: |
The Gitea repository full name, e.g.: tektoncd/catalog
type: string
- name: GITEA_TOKEN_SECRET_NAME
default: gitea
description: |
The name of the kubernetes secret that contains the Gitea token, default: gitea
type: string
- name: GITEA_TOKEN_SECRET_KEY
default: token
description: |
The key within the kubernetes secret that contains the Gitea token, default: token
type: string
- name: IMAGE
default: python:3.10.1-alpine3.15@sha256:affe0faa14e7553fc570beec3864e74b5e36f8c19b2bb49ae8ba79c0e9e7236e
description: |
Image providing the python binary which this task uses.
type: string
- name: TITLE
description: Main title of release
type: string
- name: TAG
description: Version tag
type: string
- name: SHEBANG
default: /usr/bin/env python
description: |
Python path. Depends on the image.
type: string
- name: SHA
description: |
The SHA of the merge commit
type: string
steps:
- image: $(params.IMAGE)
name: create-git-release
script: |
#!$(params.SHEBANG)
"""This script will create a git release tag"""
import json
import sys
import http.client
gitea_token = open("/etc/gitea-set-status/$(params.GITEA_TOKEN_SECRET_KEY)", "r").read()
merge_url = "$(params.API_PATH_PREFIX)" + "/repos/$(params.REPO_FULL_NAME)/" + \
"releases"
data = {
"name": "$(params.TITLE)",
"tag_name": "$(params.TAG)",
"target_commitish": "$(params.SHA)"
}
print("Sending this data to Gitea: ")
print(data)
authHeader = "token " + gitea_token
if "$(params.GITEA_HTTPS_OR_HTTP)" == "https":
conn = http.client.HTTPSConnection("$(params.GITEA_HOST_URL)")
else:
conn = http.client.HTTPConnection("$(params.GITEA_HOST_URL)")
conn.request(
"POST",
merge_url,
body=json.dumps(data),
headers={
"User-Agent": "TektonCD, the peaceful cat",
"Authorization": authHeader,
"Accept": "application/json",
"Content-Type": "application/json",
})
resp = conn.getresponse()
if not str(resp.status).startswith("2"):
print("Error: %d" % (resp.status))
print(resp.read())
sys.exit(1)
else:
print("Create release completed on $(params.REPO_FULL_NAME)")
volumeMounts:
- mountPath: /etc/gitea-set-status
name: giteatoken
volumes:
- name: giteatoken
secret:
secretName: $(params.GITEA_TOKEN_SECRET_NAME)

132
tasks/gitea-merge-pr.yaml
View File

@@ -1,132 +0,0 @@
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: gitea-merge-pr
namespace: goghvideo-cicd-pipeline
spec:
description: |-
This task will merge a PR and delete the branch.
params:
- description: |
The Gitea host, e.g: git.yourcompany.com. Can include port.
name: GITEA_HOST_URL
type: string
- default: https
description: |
If we should connect with HTTP or HTTPS. Use "http" or "https" here.
name: GITEA_HTTPS_OR_HTTP
type: string
- default: /api/v1
description: |
The API path prefix of Gitea, default: /api/v1
name: API_PATH_PREFIX
type: string
- description: |
The Gitea repository full name, e.g.: tektoncd/catalog
name: REPO_FULL_NAME
type: string
- default: gitea
description: |
The name of the kubernetes secret that contains the Gitea token, default: gitea
name: GITEA_TOKEN_SECRET_NAME
type: string
- default: token
description: |
The key within the kubernetes secret that contains the Gitea token, default: token
name: GITEA_TOKEN_SECRET_KEY
type: string
- description: |
Merge Index Number
name: INDEX
type: string
- description: |
The target URL to associate with this status. This URL will be linked
from the Gitea UI to allow users to easily see the source of the
status.
name: TARGET_URL
type: string
- description: |
A short description of the status.
name: DESCRIPTION
type: string
- default: continuous-integration/tekton
description: |
The Gitea context, A string label to differentiate this status from
the status of other systems. ie: "continuous-integration/tekton"
name: CONTEXT
type: string
- description: |
The merge message field
name: MERGETYPE
type: string
- default: python:3.10.1-alpine3.15@sha256:affe0faa14e7553fc570beec3864e74b5e36f8c19b2bb49ae8ba79c0e9e7236e
description: |
Image providing the python binary which this task uses.
name: IMAGE
type: string
- default: true
description: |
Delete the branch after merge
name: DELETEBRANCH
type: string
- default: /usr/bin/env python
description: |
Python path. Depends on the image.
name: SHEBANG
type: string
steps:
- image: $(params.IMAGE)
name: merge-pull-request
script: |
#!$(params.SHEBANG)
"""This script will set the CI status on a Gitea commit"""
import json
import sys
import http.client
gitea_token = open("/etc/gitea-set-status/$(params.GITEA_TOKEN_SECRET_KEY)", "r").read()
merge_url = "$(params.API_PATH_PREFIX)" + "/repos/$(params.REPO_FULL_NAME)/" + \
"pulls/$(params.INDEX)/merge"
data = {
"Do": "$(params.MERGETYPE)",
"MergeMessageField": "$(params.DESCRIPTION)",
"MergeTitleField": "$(params.CONTEXT)"
}
print("Sending this data to Gitea: ")
print(data)
authHeader = "token " + gitea_token
if "$(params.GITEA_HTTPS_OR_HTTP)" == "https":
conn = http.client.HTTPSConnection("$(params.GITEA_HOST_URL)")
else:
conn = http.client.HTTPConnection("$(params.GITEA_HOST_URL)")
conn.request(
"POST",
merge_url,
body=json.dumps(data),
headers={
"User-Agent": "TektonCD, the peaceful cat",
"Authorization": authHeader,
"Accept": "application/json",
"Content-Type": "application/json",
})
resp = conn.getresponse()
if not str(resp.status).startswith("2"):
print("Error: %d" % (resp.status))
print(resp.read())
sys.exit(1)
else:
print("Gitea merge completed on $(params.REPO_FULL_NAME)")
volumeMounts:
- mountPath: /etc/gitea-set-status
name: giteatoken
volumes:
- name: giteatoken
secret:
secretName: $(params.GITEA_TOKEN_SECRET_NAME)

76
tasks/gitea-set-status.yaml
View File

@@ -1,76 +0,0 @@
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: gitea-set-status
namespace: goghvideo-cicd-pipeline
spec:
description: |-
This task will set the status of the CI job to the specified value along with a link to the specified target URL where developers can follow the progress of the CI job.
The `gitea-set-status` task allows external services to mark Gitea commits with an `error`, `failure`, `pending`, or `success` state, which is then reflected in pull requests involving those commits. Statuses include as well a `description` and a `target_url`, to give the user informations about the CI statuses or a direct link to the full log.
params:
- name: githost
type: string
- name: quayhost
type: string
- name: repofullname
type: string
- name: revision
type: string
- name: statusurl
type: string
- name: description
type: string
- name: context
type: string
default: continuous-integration/tekton
- name: state
type: string
steps:
- image: $(params.quayhost)/goghvideo/python:3-alpine
name: set-status
script: |
#!/usr/bin/env python
"""This script will set the CI status on a Gitea commit"""
import json
import sys
import http.client
gitea_token = open("$(workspaces.gitauth.path)/password", "r").read()
status_url = "/api/v1/repos/$(params.repofullname)/statuses/$(params.revision)"
data = {
"state": "$(params.state)",
"target_url": "$(params.statusurl)",
"description": "$(params.description)",
"context": "$(params.context)"
}
print("Sending this data to Gitea: ")
print(data)
authHeader = "token " + gitea_token
conn = http.client.HTTPSConnection("$(params.githost)")
conn.request(
"POST",
status_url,
body=json.dumps(data),
headers={
"User-Agent": "TektonCD, the peaceful cat",
"Authorization": authHeader,
"Accept": "application/json",
"Content-Type": "application/json",
})
resp = conn.getresponse()
if not str(resp.status).startswith("2"):
print("Error: %d" % (resp.status))
print(resp.read())
sys.exit(1)
else:
print("Gitea status has been set")
workspaces:
- name: gitauth

81
tasks/golangci-lint.yaml
View File

@@ -1,81 +0,0 @@
apiVersion: tekton.dev/v1
kind: Task
metadata:
annotations:
tekton.dev/categories: Code Quality
tekton.dev/displayName: golangci lint
tekton.dev/pipelines.minVersion: 0.12.1
tekton.dev/platforms: linux/amd64
tekton.dev/tags: lint
labels:
app.kubernetes.io/version: "0.2"
name: golangci-lint
namespace: goghvideo-cicd-pipeline
spec:
description: This Task is Golang task to validate Go projects.
params:
- description: base package (and its children) under validation
name: package
type: string
- default: .
description: path to the directory to use as context.
name: context
type: string
- default: --verbose
description: flags to use for the test command
name: flags
type: string
- default: v1.39
description: golangci-lint version to use
name: version
type: string
- default: linux
description: running operating system target
name: GOOS
type: string
- default: amd64
description: running architecture target
name: GOARCH
type: string
- default: auto
description: value of module support
name: GO111MODULE
type: string
- default: ""
description: Go caching directory path
name: GOCACHE
type: string
- default: ""
description: Go mod caching directory path
name: GOMODCACHE
type: string
- default: ""
description: golangci-lint cache path
name: GOLANGCI_LINT_CACHE
type: string
steps:
- env:
- name: GOPATH
value: /workspace
- name: GOOS
value: $(params.GOOS)
- name: GOARCH
value: $(params.GOARCH)
- name: GO111MODULE
value: $(params.GO111MODULE)
- name: GOCACHE
value: $(params.GOCACHE)
- name: GOMODCACHE
value: $(params.GOMODCACHE)
- name: GOLANGCI_LINT_CACHE
value: $(params.GOLANGCI_LINT_CACHE)
image: quay01.ipa.endofday.com/goghvideo/golang-lint:$(params.version)
name: lint
script: |
golangci-lint run $(params.flags)
workingDir: $(workspaces.source.path)/$(params.context)
workspaces:
# - mountPath: /workspace/src/$(params.package)
# name: source
- name: source

60
tasks/helm-upgrade-from-source.yaml
View File

@@ -1,60 +0,0 @@
apiVersion: tekton.dev/v1
kind: Task
metadata:
annotations:
tekton.dev/categories: Deployment
tekton.dev/pipelines.minVersion: 0.12.1
tekton.dev/platforms: linux/amd64,linux/s390x,linux/ppc64le,linux/arm64
tekton.dev/tags: helm
labels:
app.kubernetes.io/version: "0.3"
hub.tekton.dev/catalog: tekton
name: helm-upgrade-from-source
namespace: goghvideo-cicd-pipeline
spec:
description: These tasks will install / upgrade a helm chart into your Kubernetes
/ OpenShift Cluster using Helm
params:
- description: The directory in source that contains the helm chart
name: charts_dir
type: string
- default: v1.0.0
description: The helm release version in semantic versioning format
name: release_version
type: string
- default: helm-release
description: The helm release name
name: release_name
type: string
- default: ""
description: The helm release namespace
name: release_namespace
type: string
- default: ""
description: 'Specify the values you want to overwrite, comma separated: autoscaling.enabled=true,replicas=1'
name: overwrite_values
type: string
- default: values.yaml
description: The values file to be used
name: values_file
type: string
- default: docker.io/lachlanevenson/k8s-helm@sha256:5c792f29950b388de24e7448d378881f68b3df73a7b30769a6aa861061fd08ae
description: helm image to be used
name: helm_image
type: string
- default: ""
description: Extra parameters passed for the helm upgrade command
name: upgrade_extra_params
type: string
steps:
- image: $(params.helm_image)
name: upgrade
script: |
echo current installed helm releases
helm list --namespace "$(params.release_namespace)"
echo installing helm chart...
helm upgrade --install --wait --values "$(params.charts_dir)/$(params.values_file)" --namespace "$(params.release_namespace)" --version "$(params.release_version)" "$(params.release_name)" "$(params.charts_dir)" --debug --set "$(params.overwrite_values)" $(params.upgrade_extra_params)
workingDir: /workspace/source
workspaces:
- name: source

48
tasks/openshift-ephemeral-namespace-client.yaml
View File

@@ -1,48 +0,0 @@
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: openshift-ephemeral-namespace-client
namespace: goghvideo-cicd-pipeline
spec:
description: |-
This task runs commands against the cluster provided by user and if not provided then where the Task is being executed.
OpenShift is a Kubernetes distribution from Red Hat which provides oc, the OpenShift CLI that complements kubectl for simplifying deployment and configuration applications on OpenShift.
params:
- default: oc help
description: The OpenShift CLI arguments to run
name: SCRIPT
type: string
- default: "4.7"
description: The OpenShift Version to use
name: VERSION
type: string
results:
- name: namespace
type: string
description: The namespace which was created
- name: filedrop
type: string
description: The name of the filedrop for testing
steps:
- image: quay.io/openshift/origin-cli:$(params.VERSION)
name: oc
script: |
#!/usr/bin/env bash
[[ "$(workspaces.manifest-dir.bound)" == "true" ]] && \
cd $(workspaces.manifest-dir.path)
[[ "$(workspaces.kubeconfig-dir.bound)" == "true" ]] && \
[[ -f $(workspaces.kubeconfig-dir.path)/kubeconfig ]] && \
export KUBECONFIG=$(workspaces.kubeconfig-dir.path)/kubeconfig
$(params.SCRIPT)
workspaces:
- description: The workspace which contains kubernetes manifests which we want to
apply on the cluster.
name: manifest-dir
optional: true
- description: The workspace which contains the the kubeconfig file if in case we
want to run the oc command on another cluster.
name: kubeconfig-dir
optional: true

234
tasks/promote-version.yaml
View File

@@ -1,234 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: promote
namespace: goghvideo-cicd-pipeline
spec:
params:
- name: ref
description: The git branch reference
type: string
- name: repofullname
type: string
- name: revision
description: git unique head commit id
type: string
- name: semver
description: Symantic version number
type: string
- name: author
type: string
- name: email
type: string
- name: appname
type: string
- name: index
type: string
- name: githost
type: string
- name: quayhost
type: string
steps:
- name: tag-image-with-release-ver
image: $(params.quayhost)/goghvideo/python:3-alpine
script: |
#!/usr/bin/env python
"""This script will set tag the image with the release version"""
import json
import sys
import http.client
import ssl
quay_token = open("$(workspaces.quayauth.path)/apikey", "r").read()
authHeader = "Bearer " + quay_token
conn = http.client.HTTPSConnection(
"$(params.quayhost)",
context = ssl._create_unverified_context()
)
existing_tag = "/api/v1/repository/$(params.repofullname)/tag/?specificTag=$(params.revision)"
print("Getting existing tag information from Quay")
print("URL: %s" % (existing_tag))
conn.request(
"GET",
existing_tag,
headers={
"User-Agent": "TektonCD, the peaceful cat",
"Authorization": authHeader,
"Accept": "application/json",
"Content-Type": "application/json",
}
)
resp = conn.getresponse()
if not str(resp.status).startswith("2"):
print("Error: %d" % (resp.status))
print(resp.read())
sys.exit(1)
else:
print("Successfully Retrieved quay information for tag")
tag_info = json.loads(resp.read().decode('utf-8'))
for item in tag_info['tags']:
manifest_digest = item['manifest_digest']
print("Tagging image with semver")
tag_url = "/api/v1/repository/$(params.repofullname)/tag/v$(params.semver)"
print("URL: %s" % (tag_url))
print("Manifest SHA: %s" % (manifest_digest))
data = {
"manifest_digest": manifest_digest
}
conn.request(
"PUT",
tag_url,
body=json.dumps(data),
headers={
"User-Agent": "TektonCD, the peaceful cat",
"Authorization": authHeader,
"Accept": "application/json",
"Content-Type": "application/json",
}
)
resp = conn.getresponse()
if not str(resp.status).startswith("2"):
print("Error: %d" % (resp.status))
print(resp.read())
sys.exit(1)
else:
print("Successfully tagged image")
- name: release-notes
image: $(params.quayhost)/goghvideo/bitnami-git:latest
workingDir: $(workspaces.source.path)/$(params.appname)
script: |
#!/bin/sh
export USERNAME=$(cat $(workspaces.gitauth.path)/username)
export PASSWORD=$(cat $(workspaces.gitauth.path)/password)
git config --global --add safe.directory $(workspaces.source.path)/$(params.appname)
git config --global user.name "$(params.author)"
git config --global user.email "$(params.email)"
HOSTPATH=$(git remote get-url origin | sed 's_https://__')
git remote set-url origin https://${USERNAME}:${PASSWORD}@${HOSTPATH}
git fetch --all --tags >/dev/null 2>&1
#git log main..$(params.ref) --oneline --no-merges --decorate > release-v$(params.semver).md 2>/dev/null
#git add release-v$(params.semver).md
#git commit -m "Including release notes"
git tag -a v$(params.semver) -m "Upgrade to v$(params.semver)"
git push origin $(params.ref) --tags
- name: get-tag-data
image: $(params.quayhost)/goghvideo/python:3-alpine
script: |
#!/usr/bin/env python
"""This script will get the Gitea tag status"""
import json
import sys
import http.client
gitea_token = open("$(workspaces.gitauth.path)/password", "r").read()
merge_url = "https://$(params.githost)/api/v1" + "/repos/$(params.repofullname)/" + \
"commits/v$(params.semver)/status"
authHeader = "token " + gitea_token
conn = http.client.HTTPSConnection("$(params.githost)")
conn.request(
"GET",
merge_url,
headers={
"User-Agent": "TektonCD, the peaceful cat",
"Authorization": authHeader,
"Accept": "application/json",
"Content-Type": "application/json",
})
resp = conn.getresponse()
if not str(resp.status).startswith("2"):
print("Error: %d" % (resp.status))
print(resp.read())
sys.exit(1)
else:
print("Gitea tag verification completed on $(params.githost)")
- name: merge-pull-request
image: $(params.quayhost)/goghvideo/python:3-alpine
script: |
#!/usr/bin/env python
"""This script will set the CI status on a Gitea commit"""
import json
import sys
import http.client
gitea_token = open("$(workspaces.gitauth.path)/password", "r").read()
merge_url = "https://$(params.githost)/api/v1" + "/repos/$(params.repofullname)/" + \
"pulls/$(params.index)/merge"
data = {
"Do": "merge"
}
print("Sending this data to Gitea: ")
print(data)
authHeader = "token " + gitea_token
conn = http.client.HTTPSConnection("$(params.githost)")
conn.request(
"POST",
merge_url,
body=json.dumps(data),
headers={
"User-Agent": "TektonCD, the peaceful cat",
"Authorization": authHeader,
"Accept": "application/json",
"Content-Type": "application/json",
})
resp = conn.getresponse()
if not str(resp.status).startswith("2"):
print("Error: %d" % (resp.status))
print(resp.read())
sys.exit(1)
else:
print("Gitea merge completed on $(params.githost)")
- name: update-helm-chart
image: $(params.quayhost)/goghvideo/bitnami-git:latest
workingDir: $(workspaces.helm.path)
script: |
#!/bin/sh
export USERNAME=$(cat $(workspaces.gitauth.path)/username)
export PASSWORD=$(cat $(workspaces.gitauth.path)/password)
git config --global --add safe.directory $(workspaces.helm.path)
git config --global user.name "$(params.author)"
git config --global user.email "$(params.email)"
HOSTPATH=$(git remote get-url origin | sed 's_https://__')
git remote set-url origin https://${USERNAME}:${PASSWORD}@${HOSTPATH}
git fetch
git checkout main && git pull
$(workspaces.utilities.path)/yq -i '.version |= (split(".") | .[-1] |= ((. tag = "!!int") + 1) | join("."))' $(params.appname)/Chart.yaml
$(workspaces.utilities.path)/yq -i '.appVersion="v$(params.semver)"' $(params.appname)/Chart.yaml
git add $(params.appname)/Chart.yaml
git commit -m "Updating chart version"
git push
workspaces:
- name: source
- name: gitauth
- name: quayauth
- name: utilities
- name: helm

107
tasks/s2i-go-debug.yaml
View File

@@ -1,107 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: s2i-go-debug
namespace: goghvideo-cicd-pipeline
spec:
description: s2i-go task clones a Git repository and builds and pushes a container
image using S2I and a Go builder image.
params:
- default: latest
description: The tag of go imagestream for go version
name: VERSION
type: string
- default: .
description: The location of the path to run s2i from.
name: PATH_CONTEXT
type: string
- default: "true"
description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS
registry)
name: TLSVERIFY
type: string
- description: Location of the repo where image has to be pushed
name: IMAGE
type: string
- default: registry.redhat.io/rhel8/buildah@sha256:00795fafdab9bbaa22cd29d1faa1a01e604e4884a2c935c1bf8e3d1f0ad1c084
description: The location of the buildah builder image.
name: BUILDER_IMAGE
type: string
- default: "false"
description: Skip pushing the built image
name: SKIP_PUSH
type: string
- description: Environment variables to set during _build-time_.
name: ENV_VARS
type: array
results:
- description: Digest of the image just built.
name: IMAGE_DIGEST
type: string
steps:
- args:
- $(params.ENV_VARS[*])
env:
- name: HOME
value: /tekton/home
image: registry.redhat.io/ocp-tools-4-tech-preview/source-to-image-rhel8@sha256:98d8cb3a255641ca6a1bce854e5e2460c20de9fb9b28e3cc67eb459f122873dd
name: generate
script: |
echo "Processing Build Environment Variables"
echo "" > /env-vars/env-file
for var in "$@"
do
echo "$var" >> /env-vars/env-file
done
echo "Outputting Generated /env-vars/env-file"
cat /env-vars/env-file
s2i build $(params.PATH_CONTEXT) image-registry.openshift-image-registry.svc:5000/openshift/golang:$(params.VERSION) \
--as-dockerfile /gen-source/Dockerfile.gen --environment-file /env-vars/env-file
echo "Outputting Generated /gen-source/Dockerfile.gen file"
cat /gen-source/Dockerfile.gen
volumeMounts:
- mountPath: /gen-source
name: gen-source
- mountPath: /env-vars
name: env-vars
workingDir: $(workspaces.source.path)
- image: $(params.BUILDER_IMAGE)
name: build-and-push
script: |
find . -type f -ls
buildah --log-level=info bud --storage-driver=vfs --tls-verify=$(params.TLSVERIFY) \
--layers -f /gen-source/Dockerfile.gen -t $(params.IMAGE) .
[[ "$(params.SKIP_PUSH)" == "true" ]] && echo "Push skipped" && exit 0
[[ "$(workspaces.dockerconfig.bound)" == "true" ]] && export DOCKER_CONFIG="$(workspaces.dockerconfig.path)"
buildah push --storage-driver=vfs --tls-verify=$(params.TLSVERIFY) \
--digestfile $(workspaces.source.path)/image-digest $(params.IMAGE) \
docker://$(params.IMAGE)
cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST
securityContext:
capabilities:
add:
- SETFCAP
volumeMounts:
- mountPath: /var/lib/containers
name: varlibcontainers
- mountPath: /gen-source
name: gen-source
workingDir: /gen-source
volumes:
- name: varlibcontainers
- name: gen-source
- name: env-vars
workspaces:
- mountPath: /workspace/source
name: source
- description: An optional workspace that allows providing a .docker/config.json
file for Buildah to access the container registry. The file should be placed
at the root of the Workspace with name config.json.
name: dockerconfig
optional: true

19
triggerbinding/gitea-oriig-binding.yaml
View File

@@ -1,19 +0,0 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerBinding
metadata:
name: gitea-binding
namespace: goghvideo-cicd-pipeline
spec:
params:
- name: gitrepositoryurl
value: $(body.repository.clone_url)
- name: gitcommitsha
value: $(body.pull_request.head.sha)
- name: gitfullreponame
value: $(body.pull_request.base.repo.full_name)
- name: gitbranch
value: $(body.pull_request.head.ref)
- name: gitreponame
value: $(body.pull_request.base.repo.name)
- name: gitprindex
value: $(body.pull_request.number)

25
triggerbinding/gitea-pr-webhook.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerBinding
metadata:
name: gitea-pullrequest-binding
namespace: goghvideo-cicd-pipeline
spec:
params:
- name: ref
value: $(body.pull_request.head.ref)
- name: revision
value: $(body.pull_request.head.sha)
- name: repourl
value: $(body.pull_request.head.repo.clone_url)
- name: reponame
value: $(body.pull_request.head.repo.name)
- name: repofullname
value: $(body.pull_request.head.repo.full_name)
- name: message
value: $(body.pull_request.title)
- name: author
value: $(body.pull_request.user.login)
- name: email
value: $(body.pull_request.user.email)
- name: index
value: $(body.pull_request.number)

88
triggertemplate/conversionengine-template.yaml
View File

@@ -1,88 +0,0 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerTemplate
metadata:
name: conversionengine-template
namespace: goghvideo-cicd-pipeline
spec:
params:
- name: gitrepositoryurl
description: The git repository url
- name: gitfullreponame
description: The org and repo name
- name: gitreponame
description: The name of the repo
- name: gitbranch
description: Branch to act on
- name: gitcommitsha
description: The SHA head
- name: gitprindex
description: The pull request reference
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: goghvideo-conversionengine-
spec:
pipelineRef:
name: ce-buildtest
serviceAccountName: pipeline
params:
- name: git-repo-url
value: $(tt.params.gitrepositoryurl)
- name: git-repo-full-name
value: $(tt.params.gitfullreponame)
- name: git-branch
value: $(tt.params.gitbranch)
- name: git-commit-sha
value: $(tt.params.gitcommitsha)
- name: git-pr-index
value: $(tt.params.gitprindex)
- name: verbose
value: true
- name: lint-package
value: git.endofday.com/goghvideo/conversion-engine
- name: lint-context
value: $(tt.params.gitreponame)/src
- name: image
value: quay01.ipa.endofday.com/goghvideo/conversion-engine
- name: s2i-builder-image
value: quay01.ipa.endofday.com/goghvideo/golang-s2i-buildah:v1
- name: git-token-secret-name
value: git-http-credentials
- name: git-token-secret-key
value: password
- name: git-merge-type
value: merge
- name: git-merge-delete-branch
value: True
- name: git-helm-url
value: git@git-ssh.ipa.endofday.com:goghvideo/helm.git
workspaces:
- name: source
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: nfs-client
- name: gitauth
secret:
secretName: git-http-credentials
- name: gitsshauth
secret:
secretName: git-credentials
- name: dockerconfig
secret:
secretName: goghvideo-container-registry-push
- name: helm
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: nfs-client

88
triggertemplate/e2e-test.yaml
View File

@@ -1,88 +0,0 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerTemplate
metadata:
name: e2etest-template
namespace: goghvideo-cicd-pipeline
spec:
params:
- name: gitrepositoryurl
description: The git repository url
- name: gitfullreponame
description: The org and repo name
- name: gitreponame
description: The name of the repo
- name: gitbranch
description: Branch to act on
- name: gitcommitsha
description: The SHA head
- name: gitprindex
description: The pull request reference
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: goghvideo-e2etest-
spec:
pipelineRef:
name: e2etest-buildtest
serviceAccountName: pipeline
params:
- name: git-repo-url
value: $(tt.params.gitrepositoryurl)
- name: git-repo-full-name
value: $(tt.params.gitfullreponame)
- name: git-branch
value: $(tt.params.gitbranch)
- name: git-commit-sha
value: $(tt.params.gitcommitsha)
- name: git-pr-index
value: $(tt.params.gitprindex)
- name: verbose
value: true
- name: lint-package
value: git.endofday.com/goghvideo/e2e-test
- name: lint-context
value: $(tt.params.gitreponame)/src
- name: image
value: quay01.ipa.endofday.com/goghvideo/e2e-test
- name: s2i-builder-image
value: quay01.ipa.endofday.com/goghvideo/golang-s2i-buildah:v1
- name: git-token-secret-name
value: git-http-credentials
- name: git-token-secret-key
value: password
- name: git-merge-type
value: merge
- name: git-merge-delete-branch
value: True
- name: git-helm-url
value: git@git-ssh.ipa.endofday.com:goghvideo/helm.git
workspaces:
- name: source
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: nfs-client
- name: gitauth
secret:
secretName: git-http-credentials
- name: gitsshauth
secret:
secretName: git-credentials
- name: dockerconfig
secret:
secretName: goghvideo-container-registry-push
- name: helm
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: nfs-client

103
triggertemplate/notification-featurebranch.yaml
View File

@@ -1,103 +0,0 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerTemplate
metadata:
name: notification-trigger-template
namespace: goghvideo-cicd-pipeline
spec:
params:
- name: ref
description: git reference or branch name
- name: revision
description: The revision of your git repository
- name: repourl
description: The url of your git repository
- name: reponame
description: the name if your git repository
- name: repofullname
description: The full name of your git repository
- name: message
description: commit message
- name: author
description: commit author username
- name: email
description: commit author email
- name: index
description: pull request index number
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: $(tt.params.reponame)-$(tt.params.author)-
namespace: goghvideo-cicd-pipeline
labels:
webhooks.tekton.dev/repo: $(tt.params.reponame)
webhooks.tekton.dev/author: $(tt.params.author)
# annotations:
# argocd.argoproj.io/compare-options: IgnoreExtraneous
spec:
serviceAccountName: pipeline
workspaces:
- name: source
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: nfs-client
- name: gitauth
secret:
secretName: git-http-credentials
- name: gitsshauth
secret:
secretName: git-credentials
- name: dockerconfig
secret:
secretName: goghvideo-container-registry-push
- name: quayauth
secret:
secretName: quay-credentials
- name: helm
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: nfs-client
- name: utilities
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: nfs-client
params:
- name: ref
value: $(tt.params.ref)
- name: revision
value: $(tt.params.revision)
- name: author
value: $(tt.params.author)
- name: email
value: $(tt.params.email)
- name: message
value: $(tt.params.message)
- name: repourl
value: $(tt.params.repourl)
- name: repofullname
value: $(tt.params.repofullname)
- name: git-helm-url
value: https://git.endofday.com/goghvideo/helm.git
- name: index
value: $(tt.params.index)
- name: githost
value: "git.endofday.com"
- name: quayhost
value: "quay01.ipa.endofday.com"
pipelineRef:
name: notification

88
triggertemplate/notification.yaml
View File

@@ -1,88 +0,0 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerTemplate
metadata:
name: notification-template
namespace: goghvideo-cicd-pipeline
spec:
params:
- name: gitrepositoryurl
description: The git repository url
- name: gitfullreponame
description: The org and repo name
- name: gitreponame
description: The name of the repo
- name: gitbranch
description: Branch to act on
- name: gitcommitsha
description: The SHA head
- name: gitprindex
description: The pull request reference
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: goghvideo-notification-
spec:
pipelineRef:
name: notification-buildtest
serviceAccountName: pipeline
params:
- name: git-repo-url
value: $(tt.params.gitrepositoryurl)
- name: git-repo-full-name
value: $(tt.params.gitfullreponame)
- name: git-branch
value: $(tt.params.gitbranch)
- name: git-commit-sha
value: $(tt.params.gitcommitsha)
- name: git-pr-index
value: $(tt.params.gitprindex)
- name: verbose
value: true
- name: lint-package
value: git.endofday.com/goghvideo/notification
- name: lint-context
value: $(tt.params.gitreponame)/src
- name: image
value: quay01.ipa.endofday.com/goghvideo/notification
- name: s2i-builder-image
value: quay01.ipa.endofday.com/goghvideo/golang-s2i-buildah:v1
- name: git-token-secret-name
value: git-http-credentials
- name: git-token-secret-key
value: password
- name: git-merge-type
value: merge
- name: git-merge-delete-branch
value: True
- name: git-helm-url
value: https://git.endofday.com/goghvideo/helm.git
workspaces:
- name: source
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: nfs-client
- name: gitauth
secret:
secretName: git-http-credentials
- name: gitsshauth
secret:
secretName: git-credentials
- name: dockerconfig
secret:
secretName: goghvideo-container-registry-push
- name: helm
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: nfs-client

88
triggertemplate/upload-to-nextcloud.yaml
View File

@@ -1,88 +0,0 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerTemplate
metadata:
name: upload2nc-template
namespace: goghvideo-cicd-pipeline
spec:
params:
- name: gitrepositoryurl
description: The git repository url
- name: gitfullreponame
description: The org and repo name
- name: gitreponame
description: The name of the repo
- name: gitbranch
description: Branch to act on
- name: gitcommitsha
description: The SHA head
- name: gitprindex
description: The pull request reference
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: goghvideo-upload2nc-
spec:
pipelineRef:
name: upload2nc-buildtest
serviceAccountName: pipeline
params:
- name: git-repo-url
value: $(tt.params.gitrepositoryurl)
- name: git-repo-full-name
value: $(tt.params.gitfullreponame)
- name: git-branch
value: $(tt.params.gitbranch)
- name: git-commit-sha
value: $(tt.params.gitcommitsha)
- name: git-pr-index
value: $(tt.params.gitprindex)
- name: verbose
value: true
- name: lint-package
value: git.endofday.com/goghvideo/upload-to-nextcloud
- name: lint-context
value: $(tt.params.gitreponame)/src
- name: image
value: quay01.ipa.endofday.com/goghvideo/upload-to-nextcloud
- name: s2i-builder-image
value: quay01.ipa.endofday.com/goghvideo/golang-s2i-buildah:v1
- name: git-token-secret-name
value: git-http-credentials
- name: git-token-secret-key
value: password
- name: git-merge-type
value: merge
- name: git-merge-delete-branch
value: True
- name: git-helm-url
value: git@git-ssh.ipa.endofday.com:goghvideo/helm.git
workspaces:
- name: source
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: nfs-client
- name: gitauth
secret:
secretName: git-http-credentials
- name: gitsshauth
secret:
secretName: git-credentials
- name: dockerconfig
secret:
secretName: goghvideo-container-registry-push
- name: helm
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: nfs-client