commit ea262f213bd2c4acfefc47581b73a6250b784402 Author: Nicolas MASSE Date: Tue Oct 18 09:52:51 2022 +0200 initial commit diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..32b0cc9 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "kubespray"] + path = kubespray + url = https://github.com/kubernetes-sigs/kubespray.git diff --git a/ansible/group_vars/all/versions.yaml b/ansible/group_vars/all/versions.yaml new file mode 100644 index 0000000..c8ed5e0 --- /dev/null +++ b/ansible/group_vars/all/versions.yaml @@ -0,0 +1 @@ +argocd_cli_version: "2.3.3" diff --git a/ansible/requirements.yaml b/ansible/requirements.yaml new file mode 100644 index 0000000..05a8c6d --- /dev/null +++ b/ansible/requirements.yaml @@ -0,0 +1,11 @@ +collections: +- name: containers.podman + version: '>=1.4.1' # 1.4.1 is the minimum when working with podman 2.2 +- name: ansible.posix +- name: community.general + version: '>=2.2.0' # fix a bug with nmcli and bridge interfaces +- name: community.libvirt +- name: ansible.netcommon +- name: community.kubernetes +- name: openvswitch.openvswitch + diff --git a/ansible/roles/argocd/tasks/main.yaml b/ansible/roles/argocd/tasks/main.yaml new file mode 100644 index 0000000..536feab --- /dev/null +++ b/ansible/roles/argocd/tasks/main.yaml @@ -0,0 +1,27 @@ +- name: Create the argocd namespace + k8s: + state: present + definition: + apiVersion: v1 + kind: Namespace + metadata: + name: argocd + spec: {} + +- name: Add the ArgoCD Helm repository + kubernetes.core.helm_repository: + name: argo + repo_url: "https://argoproj.github.io/argo-helm" + +- name: Deploy ArgoCD + kubernetes.core.helm: + name: argocd + chart_ref: argo/argo-cd + update_repo_cache: yes + release_namespace: argocd + release_values: + configs: + secret: + argocdServerAdminPassword: '{{ "secret" | password_hash("bcrypt") }}' + release_state: present + chart_version: '4.5.7' diff --git a/ansible/roles/helm/defaults/main.yaml b/ansible/roles/helm/defaults/main.yaml new file mode 100644 index 0000000..ac3f421 --- /dev/null +++ b/ansible/roles/helm/defaults/main.yaml @@ -0,0 +1,2 @@ +helm_version: "3.8.2" +tkn_version: "0.23.1" diff --git a/ansible/roles/helm/tasks/main.yaml b/ansible/roles/helm/tasks/main.yaml new file mode 100644 index 0000000..854bf59 --- /dev/null +++ b/ansible/roles/helm/tasks/main.yaml @@ -0,0 +1,34 @@ +- name: Download Helm + get_url: + url: '{{ helm_download_url }}' + dest: /usr/local/src/{{ helm_download_url | basename }} + +- name: Install Helm + unarchive: + src: /usr/local/src/{{ helm_download_url | basename }} + dest: /usr/local/sbin + remote_src: yes + # In Ansible 2.11, it will be possible to use "include" instead... + exclude: + - linux-amd64/README.md + - linux-amd64/LICENSE + extra_opts: + - --strip-components=1 + owner: root + group: root + mode: 0755 + +- name: Download the Tekton CLI + get_url: + url: '{{ tkn_download_url }}' + dest: /usr/local/src/{{ tkn_download_url | basename }} + +- name: Install the Tekton CLI + unarchive: + src: /usr/local/src/{{ tkn_download_url | basename }} + dest: /usr/local/sbin + remote_src: yes + # In Ansible 2.11, it will be possible to use "include" instead... + owner: root + group: root + mode: 0755 diff --git a/ansible/roles/helm/vars/main.yaml b/ansible/roles/helm/vars/main.yaml new file mode 100644 index 0000000..7a4716e --- /dev/null +++ b/ansible/roles/helm/vars/main.yaml @@ -0,0 +1,2 @@ +helm_download_url: "https://get.helm.sh/helm-v{{ helm_version }}-linux-amd64.tar.gz" +tkn_download_url: "https://github.com/tektoncd/cli/releases/download/v{{ tkn_version }}/tkn_{{ tkn_version }}_Linux_x86_64.tar.gz" diff --git a/ansible/roles/vm/defaults/main.yaml b/ansible/roles/vm/defaults/main.yaml new file mode 100644 index 0000000..4617224 --- /dev/null +++ b/ansible/roles/vm/defaults/main.yaml @@ -0,0 +1 @@ +centos_version: "20221005" diff --git a/ansible/roles/vm/tasks/main.yaml b/ansible/roles/vm/tasks/main.yaml new file mode 100644 index 0000000..27e1c4b --- /dev/null +++ b/ansible/roles/vm/tasks/main.yaml @@ -0,0 +1,9 @@ +- name: Fetch the CentOS Stream 8 ISO image + get_url: + url: '{{ centos_download_url }}' + dest: /var/lib/libvirt/images/{{ centos_download_url | basename }} + +- name: Start the installation + command: + cmd: virt-install --name foo --autostart --noautoconsole --cpu host-passthrough --vcpus 2 --ram 2048 --os-variant centos-stream8 --disk path=/var/lib/libvirt/images/foo.qcow2,size=50 --console pty,target.type=virtio --serial pty --location "/var/lib/libvirt/images/{{ centos_download_url | basename }}" + creates: /var/lib/libvirt/images/foo.qcow2 diff --git a/ansible/roles/vm/vars/main.yaml b/ansible/roles/vm/vars/main.yaml new file mode 100644 index 0000000..1d89204 --- /dev/null +++ b/ansible/roles/vm/vars/main.yaml @@ -0,0 +1 @@ +centos_download_url: http://ftp.pasteur.fr/mirrors/CentOS/8-stream/isos/x86_64/CentOS-Stream-8-x86_64-{{ centos_version }}-boot.iso \ No newline at end of file diff --git a/charts/itix-gitea/Chart.lock b/charts/itix-gitea/Chart.lock new file mode 100644 index 0000000..392783a --- /dev/null +++ b/charts/itix-gitea/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: gitea + repository: https://dl.gitea.io/charts/ + version: 5.0.0 +digest: sha256:fb8e51d5b3ebac99aab6e5190e3a3b46dfbd5f014d5b3019feb825af995bae53 +generated: "2022-10-08T06:22:43.958560969Z" diff --git a/charts/itix-gitea/Chart.yaml b/charts/itix-gitea/Chart.yaml new file mode 100644 index 0000000..8adefa4 --- /dev/null +++ b/charts/itix-gitea/Chart.yaml @@ -0,0 +1,8 @@ +apiVersion: v2 +name: itix-gitea +version: 0.0.1 +description: ITIX Customizations for Gitea +dependencies: +- name: gitea + version: 5.0.0 + repository: https://dl.gitea.io/charts/ diff --git a/charts/itix-gitea/values.yaml b/charts/itix-gitea/values.yaml new file mode 100644 index 0000000..85091d4 --- /dev/null +++ b/charts/itix-gitea/values.yaml @@ -0,0 +1,11 @@ +gitea: + postgresql: + enabled: false + memcached: + enabled: false + service: + ssh: + type: NodePort + nodePort: 32022 + ingress: + enabled: false diff --git a/docker/git/Containerfile b/docker/git/Containerfile new file mode 100644 index 0000000..dfb4f6a --- /dev/null +++ b/docker/git/Containerfile @@ -0,0 +1,12 @@ +FROM quay.io/centos/centos:stream8 + +ARG GH_VERSION=2.3.0 + +RUN dnf install -y git curl tar gzip shadow-utils \ + && curl -sLo /tmp/gh.tgz https://github.com/cli/cli/releases/download/v${GH_VERSION}/gh_${GH_VERSION}_linux_amd64.tar.gz \ + && tar -xf /tmp/gh.tgz -C /tmp \ + && mv /tmp/gh_${GH_VERSION}_linux_amd64/bin/gh /usr/local/bin \ + && rm -rf /tmp/gh_${GH_VERSION}_linux_amd64 /tmp/gh.tgz \ + && dnf clean all + +RUN git config --global advice.detachedHead false diff --git a/docker/mosquitto/Containerfile b/docker/mosquitto/Containerfile new file mode 100644 index 0000000..3f046dd --- /dev/null +++ b/docker/mosquitto/Containerfile @@ -0,0 +1,4 @@ +FROM quay.io/fedora/fedora:35 + +RUN dnf install -y mqttcli \ + && dnf clean all diff --git a/docker/nextcloud/Containerfile b/docker/nextcloud/Containerfile new file mode 100644 index 0000000..b8d4071 --- /dev/null +++ b/docker/nextcloud/Containerfile @@ -0,0 +1,6 @@ +# The following line will be rewritten by the custom builder +FROM docker.io/library/nextcloud +RUN set -ex \ + && apk add --no-cache ffmpeg samba-client \ + && touch /usr/local/etc/php/conf.d/redis-session.ini \ + && chmod 666 /usr/local/etc/php/conf.d/redis-session.ini # Overwritten by entrypoint.sh on startup diff --git a/docker/nginx/Containerfile b/docker/nginx/Containerfile new file mode 100644 index 0000000..7e54311 --- /dev/null +++ b/docker/nginx/Containerfile @@ -0,0 +1,15 @@ +FROM docker.io/nginxinc/nginx-unprivileged:1.20-alpine + +ARG SOURCE_TAG + +USER root + +RUN curl -Lo /tmp/aeneria-app.tgz https://statics.aeneria.com/aeneria-app-${SOURCE_TAG}.tar.gz \ + && mkdir -p /var/www/html \ + && tar -C /var/www/html --strip-components=1 -zxf /tmp/aeneria-app.tgz \ + && chown -R root:root /var/www/html \ + && chmod -R go+rX-w /var/www/html + +ADD nginx.conf /etc/nginx/nginx.conf + +USER nginx diff --git a/docker/php/Containerfile b/docker/php/Containerfile new file mode 100644 index 0000000..2ff9b1c --- /dev/null +++ b/docker/php/Containerfile @@ -0,0 +1,38 @@ +FROM docker.io/library/php:7.3-fpm-alpine + +ARG SOURCE_TAG + +RUN apk add libpq libpq-dev \ + && docker-php-ext-configure pgsql \ + && docker-php-ext-install pdo pdo_pgsql + +RUN curl -Lo /tmp/aeneria-app.tgz https://statics.aeneria.com/aeneria-app-${SOURCE_TAG}.tar.gz \ + && mkdir -p /var/www/html \ + && tar -C /var/www/html --strip-components=1 -zxf /tmp/aeneria-app.tgz \ + && chown -R root:root /var/www/html \ + && chmod -R go+rX-w /var/www/html \ + && mkdir -p /var/www/html/private /var/www/html/var \ + && chmod 777 /var/www/html/private /var/www/html/var + +ADD entrypoint.sh /entrypoint.sh + +ENV APP_ENV=prod \ + AENERIA_USER_MAX_PLACES=-1 \ + AENERIA_USER_CAN_SHARE_PLACE=1 \ + AENERIA_USER_CAN_FETCH=1 \ + AENERIA_USER_CAN_EXPORT=1 \ + AENERIA_USER_CAN_IMPORT=1 \ + AENERIA_PLACE_CAN_BE_PUBLIC=1 \ + AENERIA_DEMO_MODE=0 \ + ENEDIS_CLIENT_ID= \ + ENEDIS_CLIENT_SECRET= \ + ENEDIS_REDIRECT_URI= \ + ENEDIS_ENDPOINT_AUTH=https://proxy.aeneria.com/enedis-data-connect \ + ENEDIS_ENDPOINT_TOKEN=https://proxy.aeneria.com/enedis-data-connect \ + ENEDIS_ENDPOINT_DATA=https://gw.prd.api.enedis.fr \ + AENERIA_WELCOME_MESSAGE="Bienvenue !" + +VOLUME [ "/var/www/html/private", "/var/www/html/var" ] + +ENTRYPOINT [ "/entrypoint.sh" ] +CMD [ ] diff --git a/kubespray b/kubespray new file mode 160000 index 0000000..eeeca4a --- /dev/null +++ b/kubespray @@ -0,0 +1 @@ +Subproject commit eeeca4a1d0334efebcf732d08bffc7e10240fc9c diff --git a/kustomize/minio/daemonset.yaml b/kustomize/minio/daemonset.yaml new file mode 100644 index 0000000..0ccd999 --- /dev/null +++ b/kustomize/minio/daemonset.yaml @@ -0,0 +1,64 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: minio + namespace: minio +spec: + selector: + matchLabels: + name: minio + template: + metadata: + labels: + name: minio + spec: + containers: + - name: minio + image: quay.io/minio/minio:latest + args: + - server + - --console-address + - :8080 + - --address + - :8090 + - /data + env: + - name: MINIO_ROOT_USER + value: admin + - name: MINIO_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: minio-admin + key: password + ports: + - containerPort: 8080 + readinessProbe: + failureThreshold: 1 + httpGet: + path: /minio/health/live + port: 8080 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 20 + volumeMounts: + - name: data + mountPath: /data + - name: config + mountPath: /.minio + securityContext: + runAsGroup: 10000 + runAsUser: 10002 + capabilities: + drop: [ALL] + readOnlyRootFilesystem: true + runAsNonRoot: true + allowPrivilegeEscalation: false + terminationGracePeriodSeconds: 30 + volumes: + - name: data + persistentVolumeClaim: + claimName: minio-data + - name: config + emptyDir: {} diff --git a/kustomize/minio/kustomization.yaml b/kustomize/minio/kustomization.yaml new file mode 100644 index 0000000..5223d7e --- /dev/null +++ b/kustomize/minio/kustomization.yaml @@ -0,0 +1,5 @@ +resources: + - daemonset.yaml +images: + - name: quay.io/minio/minio + newTag: RELEASE.2022-04-29T01-27-09Z diff --git a/kustomize/nextcloud/kustomize.yaml b/kustomize/nextcloud/kustomize.yaml new file mode 100644 index 0000000..359f9dc --- /dev/null +++ b/kustomize/nextcloud/kustomize.yaml @@ -0,0 +1,7 @@ +namespace: nextcloud + +helmCharts: +- releaseName: nextcloud + repo: https://nextcloud.github.io/helm/ + name: nextcloud + version: 3.0.0 diff --git a/kustomize/tekton/kustomization.yaml b/kustomize/tekton/kustomization.yaml new file mode 100644 index 0000000..774e126 --- /dev/null +++ b/kustomize/tekton/kustomization.yaml @@ -0,0 +1,26 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.29.0/release.yaml +- https://storage.googleapis.com/tekton-releases/triggers/previous/v0.17.1/release.yaml +- https://storage.googleapis.com/tekton-releases/triggers/previous/v0.17.1/interceptors.yaml +- https://storage.googleapis.com/tekton-releases/dashboard/previous/v0.21.0/tekton-dashboard-release.yaml + +patchesStrategicMerge: +- | + $patch: delete + apiVersion: autoscaling/v2beta1 + kind: HorizontalPodAutoscaler + metadata: + name: tekton-pipelines-webhook + namespace: tekton-pipelines +- | + apiVersion: v1 + kind: ConfigMap + metadata: + name: config-artifact-pvc + namespace: tekton-pipelines + data: + size: 1Gi + storageClassName: tekton diff --git a/rpms/SPECS/gitea.spec b/rpms/SPECS/gitea.spec new file mode 100644 index 0000000..0dfca52 --- /dev/null +++ b/rpms/SPECS/gitea.spec @@ -0,0 +1,60 @@ +Name: gitea +Version: 1.13.1 +Release: itix1 +Summary: Git with a cup of tea, painless self-hosted git service +License: MIT +Source0: https://github.com/go-gitea/%{name}/releases/download/v%{version}/%{name}-%{version}-linux-amd64.xz +ExclusiveArch: x86_64 +Source1: gitea.service +Requires(pre): shadow-utils +Requires: postgresql-server +BuildRequires: systemd + +%description + +The goal of this project is to make the easiest, fastest, and most painless +way of setting up a self-hosted Git service. Using Go, this can be done with +an independent binary distribution across all platforms which Go supports, +including Linux, macOS, and Windows on x86, amd64, ARM and PowerPC +architectures. + +# Since we don't recompile from source, disable the build_id checking +%global _missing_build_ids_terminate_build 0 +%global _build_id_links none +%global debug_package %{nil} + +%prep +%setup -q -c -T +xz -dc %{S:0} > gitea +cp %{S:1} %{name}.service + +%build + +%install +install -d %{buildroot}/opt/%{name}/etc/ +install -d %{buildroot}/srv/%{name}/custom +install -d %{buildroot}/srv/%{name}/git +install -D gitea %{buildroot}/opt/%{name}/bin/gitea +install -D -m 0644 %{name}.service %{buildroot}/%{_unitdir}/%{name}.service + +%files +%defattr(0644, root, root, 0755) +%dir /opt/%{name}/bin +%dir /opt/%{name}/etc +%dir /srv/%{name} +%dir /srv/%{name}/custom +%dir /srv/%{name}/git +%attr(0755, root, root) /opt/%{name}/bin/gitea +%{_unitdir}/%{name}.service + +%pre +getent group itix-svc >/dev/null || groupadd -r itix-svc +getent passwd git >/dev/null || useradd -r -g itix-svc \ + -d /srv/%{name} -s /sbin/nologin -c "Git with a cup of tea" \ + git + +exit 0 + +%changelog +* Mon Feb 22 2021 Nicolas MASSE - 1.13.1-itix1 +- First release diff --git a/tekton/charts/hugo/Chart.yaml b/tekton/charts/hugo/Chart.yaml new file mode 100644 index 0000000..c1b9041 --- /dev/null +++ b/tekton/charts/hugo/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v2 +name: hugo +type: application +version: 0.0.1 +appVersion: "0.0.1" diff --git a/tekton/charts/hugo/templates/_helpers.tpl b/tekton/charts/hugo/templates/_helpers.tpl new file mode 100644 index 0000000..0db9c0f --- /dev/null +++ b/tekton/charts/hugo/templates/_helpers.tpl @@ -0,0 +1,3 @@ +{{- define "release.name" -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- end }} diff --git a/tekton/charts/hugo/templates/pipeline.yaml b/tekton/charts/hugo/templates/pipeline.yaml new file mode 100644 index 0000000..d77f53b --- /dev/null +++ b/tekton/charts/hugo/templates/pipeline.yaml @@ -0,0 +1,131 @@ +apiVersion: tekton.dev/v1beta1 +kind: Pipeline +metadata: + name: {{ include "release.name" . }} +spec: + workspaces: + - name: scratch + params: + - name: hugoVersion + type: string + default: {{ .Values.hugo.version | quote }} + - name: gitRepositoryURL + type: string + - name: gitBranch + type: string + default: "" + - name: gitRevision + type: string + tasks: + # Clone the git repository + - name: git-clone + params: + - name: gitRepositoryURL + value: "$(params.gitRepositoryURL)" + - name: gitBranch + value: "$(params.gitBranch)" + - name: gitRevision + value: "$(params.gitRevision)" + - name: ciVersion + value: {{ .Values.itixCi.version | quote }} + workspaces: + - name: src + workspace: scratch + subPath: src + taskRef: + name: git-clone + + # Build the Hugo site + - name: hugo + runAfter: + - git-clone + params: + - name: hugoVersion + value: "$(params.hugoVersion)" + workspaces: + - name: src + workspace: scratch + subPath: src + taskRef: + name: hugo + + # Build and push the container images + - name: buildah + runAfter: + - hugo + params: + - name: buildahVersion + value: {{ .Values.buildah.version | quote }} + - name: containerfilePath + value: {{ .Values.buildah.containerfilePath | quote }} + - name: outputContainerImage + value: {{ .Values.buildah.outputContainerImage | quote }} + - name: gitRevision + value: "$(tasks.git-clone.results.gitRevision)" + - name: gitCurrentTag + value: "$(tasks.git-clone.results.gitCurrentTag)" + workspaces: + - name: src + workspace: scratch + subPath: src + - name: containers + workspace: scratch + subPath: containers + taskRef: + name: buildah + +{{ if gt (len (keys .Values.deployment.environments)) 0 }} + - name: git-clone-cd + runAfter: + - buildah + params: + - name: gitRepositoryURL + value: {{ .Values.deployment.git.url | quote }} + - name: gitBranch + value: {{ .Values.deployment.git.branch | quote }} + - name: gitRevision + value: "" + - name: ciVersion + value: {{ .Values.itixCi.version | quote }} + workspaces: + - name: src + workspace: scratch + subPath: k8s + taskRef: + name: git-clone + + - name: kustomize-set-image + runAfter: + - git-clone-cd + params: + - name: gitBranch + value: {{ .Values.deployment.git.branch | quote }} + - name: gitCurrentTag + value: "$(tasks.git-clone.results.gitCurrentTag)" + - name: kustomizeVersion + value: {{ .Values.deployment.kustomizeVersion | quote }} + - name: gitVersion + value: {{ .Values.git.version | quote }} + - name: imageDigest + value: "$(tasks.buildah.results.imageDigest)" + - name: imageName + value: {{ .Values.buildah.outputContainerImage | quote }} + - name: testManifestsDir +{{- if hasKey .Values.deployment.environments "test" }} + value: {{ .Values.deployment.environments.test.path | quote }} +{{- else }} + value: "" +{{- end }} + - name: prodManifestsDir +{{- if hasKey .Values.deployment.environments "prod" }} + value: {{ .Values.deployment.environments.prod.path | quote }} +{{- else }} + value: "" +{{- end }} + workspaces: + - name: src + workspace: scratch + subPath: k8s + taskRef: + name: kustomize-set-image +{{ end }} diff --git a/tekton/charts/hugo/templates/trigger.yaml b/tekton/charts/hugo/templates/trigger.yaml new file mode 100644 index 0000000..1d9a49e --- /dev/null +++ b/tekton/charts/hugo/templates/trigger.yaml @@ -0,0 +1,69 @@ +apiVersion: triggers.tekton.dev/v1beta1 +kind: Trigger +metadata: + name: {{ include "release.name" . }} +spec: + interceptors: + - name: {{ .Values.tekton.interceptor }} interceptor + ref: + name: {{ .Values.tekton.interceptor | quote }} + kind: ClusterInterceptor + apiVersion: triggers.tekton.dev + params: + - name: secretRef + value: + secretName: {{ .Values.tekton.interceptor }}-webhook + secretKey: sharedSecret + - name: eventTypes + value: ["push"] + - name: Filter on repository name + ref: + name: "cel" + kind: ClusterInterceptor + apiVersion: triggers.tekton.dev + params: + - name: filter + value: body.repository.full_name == '{{ .Values.tekton.repositoryName }}' + bindings: +{{ if eq .Values.tekton.interceptor "github" }} + - name: gitRevision + value: $(body.head_commit.id) +{{ else if eq .Values.tekton.interceptor "gitea" }} + - name: gitRevision + value: $(body.after) +{{ end }} + - name: gitRepositoryUrl + value: "$(body.repository.clone_url)" + template: + spec: + params: + - name: gitRevision + description: The git revision + - name: gitRepositoryUrl + description: The git repository url + resourcetemplates: + - apiVersion: tekton.dev/v1beta1 + kind: PipelineRun + metadata: + annotations: + argocd.argoproj.io/sync-options: Prune=false + generateName: {{ include "release.name" . }}- + spec: + pipelineRef: + name: {{ include "release.name" . }} + params: + - name: gitRepositoryURL + value: $(tt.params.gitRepositoryUrl) + - name: gitRevision + value: $(tt.params.gitRevision) + serviceAccountName: itix-push-robot + workspaces: + - name: scratch + volumeClaimTemplate: + spec: + storageClassName: tekton + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/tekton/charts/hugo/values.yaml b/tekton/charts/hugo/values.yaml new file mode 100644 index 0000000..8d5dfcd --- /dev/null +++ b/tekton/charts/hugo/values.yaml @@ -0,0 +1,13 @@ +tekton: + interceptor: gitea # gitea or github + repositoryName: user/repo # github or gitea repo's full_name +hugo: + version: "v0.104.3" +buildah: + containerfilePath: "Containerfile" + outputContainerImage: "" +deployment: + git: + url: "" + branch: "main" + environments: {} diff --git a/tekton/kustomize-set-image.yaml b/tekton/kustomize-set-image.yaml new file mode 100644 index 0000000..a098bdf --- /dev/null +++ b/tekton/kustomize-set-image.yaml @@ -0,0 +1,109 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: kustomize-set-image +spec: + params: + - name: imageDigest + type: string + - name: gitCurrentTag + type: string + - name: gitBranch + type: string + - name: imageName + type: string + - name: testManifestsDir + type: string + - name: prodManifestsDir + type: string + workspaces: + - name: src + mountPath: /src + steps: + - name: kustomize + image: k8s.gcr.io/kustomize/kustomize:v4.5.5 + workingDir: /src + env: + - name: HOME + value: /home/tekton + - name: GIT_CURRENT_TAG + value: "$(params.gitCurrentTag)" + - name: GIT_BRANCH + value: "$(params.gitBranch)" + - name: IMAGE_NAME + value: "$(params.imageName)" + - name: IMAGE_DIGEST + value: "$(params.imageDigest)" + - name: TEST_MANIFESTS_DIR + value: "$(params.testManifestsDir)" + - name: PROD_MANIFESTS_DIR + value: "$(params.prodManifestsDir)" + volumeMounts: + - name: home + mountPath: /home/tekton + script: | + #!/bin/sh + set -euo pipefail + echo "=========================================================" + echo " kustomize edit set image $IMAGE_NAME" + echo "=========================================================" + echo + if [ -n "$TEST_MANIFESTS_DIR" ]; then + echo "Setting image tag to digest $IMAGE_DIGEST for environment test..." + cd "$TEST_MANIFESTS_DIR" + kustomize edit set image "$IMAGE_NAME@$IMAGE_DIGEST" + cd - + echo + fi + if [[ -n "$PROD_MANIFESTS_DIR" && -n "$GIT_CURRENT_TAG" ]]; then + echo "Setting image tag to digest $IMAGE_DIGEST for environment prod..." + cd "$PROD_MANIFESTS_DIR" + kustomize edit set image "$IMAGE_NAME@$IMAGE_DIGEST" + cd - + echo + fi + echo + exit 0 + - name: git-push + image: docker.io/alpine/git:v2.26.2 + workingDir: /src + env: + - name: HOME + value: /home/tekton + - name: GIT_CURRENT_TAG + value: "$(params.gitCurrentTag)" + - name: GIT_BRANCH + value: "$(params.gitBranch)" + - name: IMAGE_NAME + value: "$(params.imageName)" + - name: IMAGE_DIGEST + value: "$(params.imageDigest)" + - name: TEST_MANIFESTS_DIR + value: "$(params.testManifestsDir)" + - name: PROD_MANIFESTS_DIR + value: "$(params.prodManifestsDir)" + volumeMounts: + - name: home + mountPath: /home/tekton + script: | + #!/bin/sh + set -euo pipefail + git config --global user.email "nicolas.masse@itix.fr" + git config --global user.name "GitOps Tekton Bot" + echo "=========================================================" + echo " git add, commit & push" + echo "=========================================================" + echo + if [ -n "$TEST_MANIFESTS_DIR" ]; then + git add "$TEST_MANIFESTS_DIR" + git commit -m "deploy image $IMAGE_NAME@$IMAGE_DIGEST in test" + fi + if [[ -n "$PROD_MANIFESTS_DIR" && -n "$GIT_CURRENT_TAG" ]]; then + git add "$PROD_MANIFESTS_DIR" + git commit -m "deploy image $IMAGE_NAME@$IMAGE_DIGEST in prod" + fi + git push origin "HEAD:$GIT_BRANCH" + exit 0 + volumes: + - name: home + emptyDir: {}