nicolas
/
eShopOnWeb-gitops
mirror of https://github.com/nmasse-itix/eShopOnWeb-gitops.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
48 Commits
2 Branches
0 Tags
109 KiB
 
 
Tree: 46d4faf775
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '46d4faf775'
${ noResults }
eShopOnWeb-gitops/infrastructure/templates/eshop-dev.yaml

274 lines
7.5 KiB
Raw Blame History

apiVersion: v1
kind: Namespace
metadata:
annotations:
argocd.argoproj.io/sync-wave: "0"
openshift.io/description: ""
openshift.io/display-name: ""
labels:
kubernetes.io/metadata.name: eshop-dev
name: eshop-dev
spec:
finalizers:
- kubernetes
---
apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
argocd.argoproj.io/sync-wave: "20"
name: eshop-web
namespace: eshop-dev
spec:
lookupPolicy:
local: false
---
apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
argocd.argoproj.io/sync-wave: "20"
name: eshop-api
namespace: eshop-dev
spec:
lookupPolicy:
local: false
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
annotations:
argocd.argoproj.io/sync-wave: "20"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
name: cosign-sign
namespace: eshop-dev
spec:
params:
- name: cosignKeyRef
type: string
- name: cosignKeyPassword
type: string
- name: image
type: string
steps:
- name: cosign
image: gcr.io/projectsigstore/cosign:v2.0.2
args:
- sign
- -y
- --tlog-upload=false
- --key=$(params.cosignKeyRef)
- $(params.image)
env:
- name: COSIGN_PASSWORD
value: "$(params.cosignKeyPassword)"
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
annotations:
argocd.argoproj.io/sync-wave: "20"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
name: roxctl-image-check
namespace: eshop-dev
spec:
params:
- description: >-
Secret containing the StackRox API token with CI permissions and the
address:port tuple for StackRox Central (example: rox.stackrox.io:443)
name: roxctlSecret
type: string
- description: Bypass Central's cache for the image and force a new pull from the Scanner
name: forcePull
type: string
default: "false"
- description: Image name (registry hostname + port + path)
name: imageName
type: string
- description: Image digest
name: imageDigest
type: string
results:
- description: Output of `roxctl image check`
name: check_output
steps:
- env:
- name: FORCE_PULL
value: $(params.forcePull)
- name: DIGEST
value: $(params.imageDigest)
- name: NAME
value: $(params.imageName)
- name: FORCE_PULL
value: $(params.forcePull)
- name: ROX_API_TOKEN
valueFrom:
secretKeyRef:
key: token
name: $(params.roxctlSecret)
- name: ROX_CENTRAL_ENDPOINT
valueFrom:
secretKeyRef:
key: endpoint
name: $(params.roxctlSecret)
image: quay.io/skopeo/stable:v1.5.2
name: roxctl-image-check
resources: {}
script: |
#!/bin/bash
set -Eeuo pipefail
curl -s -k -L -H "Authorization: Bearer $ROX_API_TOKEN" "https://$ROX_CENTRAL_ENDPOINT/api/cli/download/roxctl-linux" --output /tmp/roxctl > /dev/null
chmod +x /tmp/roxctl
extra_args=""
if [ "${FORCE_PULL:-}" == "true" ]; then
extra_args="$extra_args --force"
fi
/tmp/roxctl image check --insecure-skip-tls-verify -e "$ROX_CENTRAL_ENDPOINT" --image "$NAME@$DIGEST" --send-notifications $extra_args
---
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
annotations:
argocd.argoproj.io/sync-wave: "20"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
name: eshoponweb-ci
namespace: eshop-dev
spec:
params:
- default: 'https://github.com/eShopOnWeb-OpenShift/eShopOnWeb.git'
name: GIT_REPO
type: string
- default: main
name: GIT_REVISION
type: string
- name: IMAGE_NAME
type: string
- name: DOTNET_STARTUP_PROJECT
type: string
tasks:
- name: git-clone
params:
- name: url
value: $(params.GIT_REPO)
- name: revision
value: $(params.GIT_REVISION)
- name: subdirectory
value: ''
- name: deleteExisting
value: 'true'
taskRef:
kind: ClusterTask
name: git-clone
workspaces:
- name: output
workspace: workspace
- name: build
params:
- name: IMAGE
value: $(params.IMAGE_NAME)
- name: TLSVERIFY
value: 'false'
- name: PATH_CONTEXT
value: .
- name: VERSION
value: 7.0-ubi8
- name: ENV_VARS
value:
- DOTNET_STARTUP_PROJECT=$(params.DOTNET_STARTUP_PROJECT)
runAfter:
- git-clone
taskRef:
kind: ClusterTask
name: s2i-dotnet
workspaces:
- name: source
workspace: workspace
- name: roxctl-image-check
taskRef:
name: roxctl-image-check
runAfter:
- build
params:
- name: roxctlSecret
value: stackrox-cicd-token
- name: imageName
value: $(params.IMAGE_NAME)
- name: imageDigest
value: $(tasks.build.results.IMAGE_DIGEST)
- name: cosign-sign
params:
- name: cosignKeyRef
value: k8s://eshop-dev/code-signature
- name: cosignKeyPassword
value: dummy
- name: image
value: $(params.IMAGE_NAME)@$(tasks.build.results.IMAGE_DIGEST)
runAfter:
- roxctl-image-check
taskRef:
kind: Task
name: cosign-sign
workspaces:
- name: workspace
---
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
annotations:
argocd.argoproj.io/sync-wave: "20"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
name: eshoponweb-cd
namespace: eshop-dev
spec:
params:
- name: IMAGESTREAM_NAME
type: string
- name: DEV_NAMESPACE
type: string
default: eshop-dev
- name: TEST_NAMESPACE
type: string
default: eshop-test
- name: PROD_NAMESPACE
type: string
default: eshop-prod
- name: APPLICATION_NAME
type: string
- name: IMAGE_DIGEST
type: string
tasks:
- name: roxctl-image-check
taskRef:
name: roxctl-image-check
params:
- name: roxctlSecret
value: stackrox-cicd-token
- name: imageName
value: image-registry.openshift-image-registry.svc:5000/$(params.DEV_NAMESPACE)/$(params.IMAGESTREAM_NAME)
- name: imageDigest
value: $(params.IMAGE_DIGEST)
- name: forcePull
value: "true"
- name: deploy-in-test
params:
- name: SCRIPT
value: |
oc tag $(params.DEV_NAMESPACE)/$(params.IMAGESTREAM_NAME)@$(params.IMAGE_DIGEST) $(params.TEST_NAMESPACE)/$(params.IMAGESTREAM_NAME):latest
oc set image deploy/$(params.APPLICATION_NAME) -n $(params.TEST_NAMESPACE) $(params.APPLICATION_NAME)=image-registry.openshift-image-registry.svc:5000/$(params.TEST_NAMESPACE)/$(params.IMAGESTREAM_NAME)@$(params.IMAGE_DIGEST)
runAfter:
- roxctl-image-check
taskRef:
kind: ClusterTask
name: openshift-client
- name: deploy-in-prod
params:
- name: SCRIPT
value: |
oc tag $(params.DEV_NAMESPACE)/$(params.IMAGESTREAM_NAME)@$(params.IMAGE_DIGEST) $(params.PROD_NAMESPACE)/$(params.IMAGESTREAM_NAME):latest
oc set image deploy/$(params.APPLICATION_NAME) -n $(params.PROD_NAMESPACE) $(params.APPLICATION_NAME)=image-registry.openshift-image-registry.svc:5000/$(params.PROD_NAMESPACE)/$(params.IMAGESTREAM_NAME)@$(params.IMAGE_DIGEST)
runAfter:
- deploy-in-test
taskRef:
kind: ClusterTask
name: openshift-client
---