wip

infrastructure.yaml.sample

@@ -21,6 +21,10 @@ spec:
         value: redacted
       - name: githubClientSecret
         value: redacted
+      - name: slackBotToken
+        value: redacted
+      - name: slackAppToken
+        value: redacted
   project: default
   syncPolicy:
     automated:

infrastructure/templates/fruits-dev.yaml

@@ -113,6 +113,51 @@ spec:
           defaultMode: 0755
 ---
 apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "20"
+  name: slack-approval
+spec:
+  params:
+  - name: slackChannel
+    type: string
+  - name: slackSecretName
+    type: string
+  - name: pipelineId
+    type: string
+  steps:
+  - name: slack-approval
+    image: quay.io/madroadshowfrance2023/tekton-pipeline-slack-bot:latest
+    env:
+    - name: SLACK_CHANNEL
+      value: "$(params.slackChannel)"
+    - name: TEKTON_PIPELINE_ID
+      value: "$(params.pipelineId)"
+    - name: SLACK_BOT_TOKEN
+      valueFrom:
+        secretKeyRef:
+          name: $(params.slackSecretName)
+          key: "bot-token"
+    - name: SLACK_APP_TOKEN
+      valueFrom:
+        secretKeyRef:
+          name: $(params.slackSecretName)
+          key: "app-token"
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "20"
+  name: tekton-tokens
+  namespace: fruits-dev
+type: Opaque
+data:
+  bot-token: {{ .Values.slackBotToken | b64enc | quote }}
+  app-token: {{ .Values.slackAppToken | b64enc | quote }}
+---
+apiVersion: tekton.dev/v1beta1
 kind: Pipeline
 metadata:
   annotations:
@@ -182,14 +227,36 @@ spec:
       workspaces:
         - name: source
           workspace: workspace
-    - name: deploy
+    - name: deploy-in-test
       params:
         - name: SCRIPT
-          value: oc rollout status deploy/$(params.APP_NAME)
+          value: oc rollout status deploy/$(params.APP_NAME) -n test
       runAfter:
         - build
       taskRef:
         kind: ClusterTask
         name: openshift-client
+    - name: slack-approval
+      params:
+      - name: slackChannel
+        value: "#mad-roadshow-france-2023"
+      - name: slackSecretName
+        value: "tekton-tokens"
+      - name: pipelineId
+        value: "$(context.pipelineRun.name)"
+      runAfter:
+      - deploy-in-test
+      taskRef:
+        name: slack-approval
+    - name: deploy-in-prod
+      params:
+        - name: SCRIPT
+          value: oc rollout status deploy/$(params.APP_NAME) -n prod
+      runAfter:
+        - slack-approval
+      taskRef:
+        kind: ClusterTask
+        name: openshift-client
+
   workspaces:
     - name: workspace

infrastructure/templates/fruits-prod.yaml

@@ -0,0 +1,29 @@
+apiVersion: project.openshift.io/v1
+kind: Project
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+    openshift.io/description: ""
+    openshift.io/display-name: ""
+  labels:
+    kubernetes.io/metadata.name: fruits-prod
+  name: fruits-prod
+spec:
+  finalizers:
+  - kubernetes
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "20"
+  name: tekton-is-admin
+  namespace: fruits-prod
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: admin
+subjects:
+- kind: ServiceAccount
+  name: pipeline
+  namespace: fruits-dev

infrastructure/templates/fruits-test.yaml

@@ -0,0 +1,29 @@
+apiVersion: project.openshift.io/v1
+kind: Project
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+    openshift.io/description: ""
+    openshift.io/display-name: ""
+  labels:
+    kubernetes.io/metadata.name: fruits-test
+  name: fruits-test
+spec:
+  finalizers:
+  - kubernetes
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "20"
+  name: tekton-is-admin
+  namespace: fruits-test
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: admin
+subjects:
+- kind: ServiceAccount
+  name: pipeline
+  namespace: fruits-dev