From af75cbd198eb8bda2a026c7ba8c6e94c43c6bcb4 Mon Sep 17 00:00:00 2001 From: "Randal S. Harisch" Date: Tue, 26 Sep 2023 13:22:07 -0600 Subject: [PATCH] chore: added notification app --- .../notification-webhook-listener.yaml | 34 ++ pipeline/notification.yaml | 377 ++++++++++++++++++ triggertemplate/notification.yaml | 88 ++++ 3 files changed, 499 insertions(+) create mode 100644 eventlistener/notification-webhook-listener.yaml create mode 100644 pipeline/notification.yaml create mode 100644 triggertemplate/notification.yaml diff --git a/eventlistener/notification-webhook-listener.yaml b/eventlistener/notification-webhook-listener.yaml new file mode 100644 index 0000000..b8b2148 --- /dev/null +++ b/eventlistener/notification-webhook-listener.yaml @@ -0,0 +1,34 @@ +apiVersion: triggers.tekton.dev/v1beta1 +kind: EventListener +metadata: + name: notification-webhook-listener + namespace: goghvideo-cicd-pipeline +spec: + serviceAccountName: pipeline + triggers: + - name: notification-greeter-webhook + interceptors: + - name: gitea + ref: + name: gitea + kind: ClusterInterceptor + apiVersion: triggers.tekton.dev + params: + - name: secretRef + value: + secretName: webhook-secret + secretKey: sharedSecret + - name: eventTypes + value: ["pull_request", "pull_request_sync"] + - name: allow-create-and-update-only + ref: + name: cel + kind: ClusterInterceptor + params: + - name: filter + value: > + body.action in ['opened', 'synchronized'] + bindings: + - ref: gitea-binding + template: + ref: nextcloud-template diff --git a/pipeline/notification.yaml b/pipeline/notification.yaml new file mode 100644 index 0000000..adaf360 --- /dev/null +++ b/pipeline/notification.yaml @@ -0,0 +1,377 @@ +apiVersion: tekton.dev/v1beta1 +kind: Pipeline +metadata: + name: notification-buildtest + namespace: goghvideo-cicd-pipeline +spec: + workspaces: + - name: source + - name: gitauth + - name: dockerconfig + - name: helm + - name: gitsshauth + params: + - name: git-repo-full-name + type: string + - name: git-token-secret-name + type: string + - name: git-token-secret-key + type: string + - name: git-commit-sha + type: string + - name: git-repo-url + type: string + description: Git URL to retrieve + - name: git-branch + type: string + description: branch to checkout + - name: git-pr-index + description: PR number to merge + - name: git-merge-type + description: What type of merge to do + - name: git-merge-delete-branch + description: delete the branch after merge + - name: verbose + type: string + default: "false" + - name: lint-package + type: string + - name: lint-context + type: string + description: Path to where the modules are stored + - name: lint-version + type: string + default: latest + - name: image + type: string + - name: s2i-builder-image + type: string + - name: git-helm-url + type: string + tasks: + - name: set-check-pending + taskRef: + name: gitea-set-status + params: + - name: SHA + value: $(params.git-commit-sha) + - name: GITEA_HOST_URL + value: git.endofday.com + - name: REPO_FULL_NAME + value: $(params.git-repo-full-name) + - name: GITEA_TOKEN_SECRET_NAME + value: $(params.git-token-secret-name) + - name: GITEA_TOKEN_SECRET_KEY + value: $(params.git-token-secret-key) + - name: DESCRIPTION + value: Build started + - name: STATE + value: pending + - name: TARGET_URL + value: https://console-openshift-console.apps.ocp.endofday.com/pipelines/all-namespaces + - name: git-semver + runAfter: + - set-check-pending + taskRef: + name: git-semver + params: + - name: gitrepositoryurl + value: $(params.git-repo-url) + - name: gitbranch + value: $(params.git-branch) + workspaces: + - name: repo + workspace: source + - name: gitauth + workspace: gitauth + - name: golangci-lint + runAfter: + - git-semver + taskRef: + name: golangci-lint + params: + - name: package + value: $(params.lint-package) + - name: context + value: $(params.lint-context) + - name: version + value: $(params.lint-version) + workspaces: + - name: source + workspace: source + - name: generate-imagetag + runAfter: + - golangci-lint + taskRef: + name: generate-image-tag + params: + - name: version + value: $(tasks.git-semver.results.version) + - name: image + value: $(params.image) + - name: s2i-build + runAfter: + - generate-imagetag + taskRef: + name: s2i-go-debug + kind: Task + params: + - name: TLSVERIFY + value: false + - name: BUILDER_IMAGE + value: $(params.s2i-builder-image) + - name: PATH_CONTEXT + value: $(params.lint-context) + - name: verbose + value: true + - name: IMAGE + value: $(tasks.generate-imagetag.results.imagetag) + - name: ENV_VARS + value: + - semver=$(tasks.git-semver.results.version) + workspaces: + - name: source + workspace: source + - name: dockerconfig + workspace: dockerconfig + - name: ephemeral-ns + runAfter: + - s2i-build + taskref: + name: openshift-ephemeral-namespace-client + kind: Task + params: + - name: VERSION + value: 4.11 + - name: SCRIPT + value: | + echo "${SHELL}" + RANDOMID=$(openssl rand -hex 4) + oc new-project goghvideo-test-${RANDOMID} >/dev/null + oc label namespace goghvideo-test-${RANDOMID} app=goghvideo-test + + x=0; until [[ -n $(oc -n goghvideo-test-${RANDOMID} get secret/goghvideo-openshift-builder-pull-secret 2>/dev/null) || $x -eq 10 ]]; do echo "Waiting for secret replication" && sleep 10 && ((x++)); done + if [[ "${x}" -eq 10 ]]; then exit 1; fi + + oc -n goghvideo-test-${RANDOMID} secrets link default goghvideo-openshift-builder-pull-secret --for=pull + + oc apply -f - </dev/null ) || $x -eq 10 ]]; do echo "Waiting for operator to deploy rabbit" && sleep 5 && ((x++)); done + if [[ "${x}" -eq 10 ]]; then exit 1; fi + + oc -n goghvideo-test-${RANDOMID} adm policy add-scc-to-user anyuid -z rabbitmq-server + + x=0; until [[ $(oc -n goghvideo-test-${RANDOMID} get sts rabbitmq-server -o jsonpath="{.status.readyReplicas}") -gt 0 || $x -eq 20 ]]; do echo "Waiting for Rabbit MQ to startup" && sleep 15 && ((x++)); done + if [[ "${x}" -eq 20 ]]; then exit 1; fi + oc -n goghvideo-test-${RANDOMID} create route edge --service=rabbitmq --port=15672 + + oc -n goghvideo-test-${RANDOMID} get pods + + RABBITHOST=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.host | base64decode }}') + RABBITUSER=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.username | base64decode }}') + RABBITPASS=$(oc -n goghvideo-test-${RANDOMID} get secret/rabbitmq-default-user -o template='{{ .data.password | base64decode }}') + oc -n goghvideo-test-${RANDOMID} create secret generic amqp --from-literal=url=amqp://${RABBITUSER}:${RABBITPASS}@${RABBITHOST}/ + + curl -O http://${RABBITHOST}:15672/cli/rabbitmqadmin + chmod +x rabbitmqadmin + + ./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare exchange name=conversion type=topic + ./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=transcode durable=true queue_type=quorum + ./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=notification durable=true queue_type=quorum + ./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare queue name=upload-nextcloud durable=true queue_type=quorum + + ./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="transcode" routing_key="transcode" + ./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="notification" routing_key="notification" + ./rabbitmqadmin -H ${RABBITHOST} -u ${RABBITUSER} -p ${RABBITPASS} declare binding source="conversion" destination_type="queue" destination="upload-nextcloud" routing_key="upload-nextcloud" + + echo -n "goghvideo-test-${RANDOMID}" > $(results.namespace.path) + workspaces: + - name: kubeconfig-dir + workspace: dockerconfig + - name: clone-helm-charts + runAfter: ["ephemeral-ns"] + taskRef: + name: git-clone + params: + - name: url + value: $(params.git-helm-url) + workspaces: + - name: output + workspace: helm + - name: ssh-directory + workspace: gitsshauth + - name: deploy-notification + runAfter: ["clone-helm-charts"] + taskRef: + name: helm-upgrade-from-source + params: + - name: charts_dir + value: notification + - name: release_namespace + value: $(tasks.ephemeral-ns.results.namespace) + - name: overwrite_values + value: "image.tag=v$(tasks.git-semver.results.version)" + workspaces: + - name: source + workspace: helm + - name: deploy-upload-to-nextcloud + runAfter: ["clone-helm-charts"] + taskRef: + name: helm-upgrade-from-source + params: + - name: charts_dir + value: upload-to-nextcloud + - name: release_namespace + value: $(tasks.ephemeral-ns.results.namespace) + - name: release_name + value: upload-to-nextcloud + workspaces: + - name: source + workspace: helm + - name: deploy-conversion-engine + runAfter: ["clone-helm-charts"] + taskRef: + name: helm-upgrade-from-source + params: + - name: charts_dir + value: conversion-engine + - name: release_namespace + value: $(tasks.ephemeral-ns.results.namespace) + - name: release_name + value: conversion-engine + workspaces: + - name: source + workspace: helm + - name: get-filedrop-name + runAfter: ["deploy-conversion-engine", "deploy-upload-to-nextcloud", "deploy-notification"] + taskref: + name: openshift-ephemeral-namespace-client + kind: Task + params: + - name: VERSION + value: 4.11 + - name: SCRIPT + value: | + #!/usr/bin/env bash + wget "https://github.com/jqlang/jq/releases/download/jq-1.7/jq-linux-amd64" -O /usr/local/bin/jq + chmod +x /usr/local/bin/jq + INPUTSRC=$(oc -n $(tasks.ephemeral-ns.results.namespace) get scaledjob/conversion-engine -o json | /usr/local/bin/jq -r '.spec.jobTargetRef.template.spec.initContainers[0].env[] | select(.name == "sourcefile").value') + if [[ -z "${INPUTSRC}" ]]; then exit 1; fi + echo -n "${INPUTSRC}" > $(results.filedrop.path) + workspaces: + - name: kubeconfig-dir + workspace: dockerconfig + - name: pass-pr-check + runAfter: ["get-filedrop-name"] + taskRef: + name: gitea-set-status + params: + - name: SHA + value: $(params.git-commit-sha) + - name: GITEA_HOST_URL + value: git.endofday.com + - name: REPO_FULL_NAME + value: $(params.git-repo-full-name) + - name: GITEA_TOKEN_SECRET_NAME + value: $(params.git-token-secret-name) + - name: GITEA_TOKEN_SECRET_KEY + value: $(params.git-token-secret-key) + - name: DESCRIPTION + value: Tekton CI Pipeline + - name: STATE + value: success + - name: TARGET_URL + value: https://console-openshift-console.apps.ocp.endofday.com/pipelines + - name: create-git-release + runAfter: ["pass-pr-check"] + taskRef: + name: gitea-create-release + params: + - name: SHA + value: $(params.git-commit-sha) + - name: GITEA_HOST_URL + value: git.endofday.com + - name: REPO_FULL_NAME + value: $(params.git-repo-full-name) + - name: GITEA_TOKEN_SECRET_NAME + value: $(params.git-token-secret-name) + - name: GITEA_TOKEN_SECRET_KEY + value: $(params.git-token-secret-key) + - name: TAG + value: $(tasks.git-semver.results.version) + - name: TITLE + value: $(params.git-repo-full-name)-$(tasks.git-semver.results.version) + - name: perform-merge + runAfter: ["create-git-release"] + taskRef: + name: gitea-merge-pr + params: + - name: GITEA_HOST_URL + value: git.endofday.com + - name: REPO_FULL_NAME + value: $(params.git-repo-full-name) + - name: GITEA_TOKEN_SECRET_NAME + value: $(params.git-token-secret-name) + - name: GITEA_TOKEN_SECRET_KEY + value: $(params.git-token-secret-key) + - name: DESCRIPTION + value: Automatically merged by CI pipeline + - name: INDEX + value: $(params.git-pr-index) + - name: MERGETYPE + value: $(params.git-merge-type) + - name: DELETEBRANCH + value: $(params.git-merge-delete-branch) + - name: TARGET_URL + value: https://console-openshift-console.apps.ocp.endofday.com/pipelines + finally: + - name: fail-pr-check + when: + - input: $(tasks.status) + operator: in + values: + - Failed + taskRef: + name: gitea-set-status + params: + - name: SHA + value: $(params.git-commit-sha) + - name: GITEA_HOST_URL + value: git.endofday.com + - name: REPO_FULL_NAME + value: $(params.git-repo-full-name) + - name: GITEA_TOKEN_SECRET_NAME + value: $(params.git-token-secret-name) + - name: GITEA_TOKEN_SECRET_KEY + value: $(params.git-token-secret-key) + - name: DESCRIPTION + value: Tekton CI Pipeline + - name: STATE + value: failure + - name: TARGET_URL + value: https://console-openshift-console.apps.ocp.endofday.com/pipelines diff --git a/triggertemplate/notification.yaml b/triggertemplate/notification.yaml new file mode 100644 index 0000000..bb20db2 --- /dev/null +++ b/triggertemplate/notification.yaml @@ -0,0 +1,88 @@ +apiVersion: triggers.tekton.dev/v1beta1 +kind: TriggerTemplate +metadata: + name: notification-template + namespace: goghvideo-cicd-pipeline +spec: + params: + - name: gitrepositoryurl + description: The git repository url + - name: gitfullreponame + description: The org and repo name + - name: gitreponame + description: The name of the repo + - name: gitbranch + description: Branch to act on + - name: gitcommitsha + description: The SHA head + - name: gitprindex + description: The pull request reference + resourcetemplates: + - apiVersion: tekton.dev/v1beta1 + kind: PipelineRun + metadata: + generateName: goghvideo-notification- + spec: + pipelineRef: + name: notification-buildtest + serviceAccountName: pipeline + params: + - name: git-repo-url + value: $(tt.params.gitrepositoryurl) + - name: git-repo-full-name + value: $(tt.params.gitfullreponame) + - name: git-branch + value: $(tt.params.gitbranch) + - name: git-commit-sha + value: $(tt.params.gitcommitsha) + - name: git-pr-index + value: $(tt.params.gitprindex) + - name: verbose + value: true + - name: lint-package + value: git.endofday.com/goghvideo/notification + - name: lint-context + value: $(tt.params.gitreponame)/src + - name: image + value: quay01.ipa.endofday.com/goghvideo/notification + - name: s2i-builder-image + value: quay01.ipa.endofday.com/goghvideo/golang-s2i-buildah:v1 + - name: git-token-secret-name + value: git-http-credentials + - name: git-token-secret-key + value: password + - name: git-merge-type + value: merge + - name: git-merge-delete-branch + value: True + - name: git-helm-url + value: git@git-ssh.ipa.endofday.com:goghvideo/helm.git + workspaces: + - name: source + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi + storageClassName: nfs-client + - name: gitauth + secret: + secretName: git-http-credentials + - name: gitsshauth + secret: + secretName: git-credentials + - name: dockerconfig + secret: + secretName: goghvideo-container-registry-push + - name: helm + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi + storageClassName: nfs-client +