commit 7d24fd9c5ea4214d4e1419fb4acf8965c0572485 Author: James Pace Date: Sat Apr 1 17:25:42 2023 -0400 Initial copy and move of initial tasks. diff --git a/generic-tasks/j7s-ansible-build.yaml b/generic-tasks/j7s-ansible-build.yaml new file mode 100644 index 0000000..e486ddd --- /dev/null +++ b/generic-tasks/j7s-ansible-build.yaml @@ -0,0 +1,29 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: j7s-ansible-build + namespace: j7s-ci +spec: + workspaces: + - name: source + - name: ssh-directory + params: + - name: deploy + - name: ansible-file-path + steps: + - image: harbor.internal.jpace121.net/k8s/ansible-podman:latest + securityContext: + privileged: true + script: | + #!/usr/bin/env bash + set -ex + cp -r $(workspaces.ssh-directory.path) ~/.ssh + chmod 700 ~/.ssh + chmod -R 400 ~/.ssh/* + + cd $(workspaces.source.path) + ansible-playbook -vvvv --skip-tags deploy -i $(params.ansible-file-path)/inventory.yaml $(params.ansible-file-path)/build.yaml + + if [[ $(params.deploy) == "true" ]]; then + ansible-playbook -vvvv --tags deploy -i $(params.ansible-file-path)/inventory.yaml $(params.ansible-file-path)/build.yaml + fi \ No newline at end of file diff --git a/generic-tasks/j7s-buildah.yaml b/generic-tasks/j7s-buildah.yaml new file mode 100644 index 0000000..c3ae525 --- /dev/null +++ b/generic-tasks/j7s-buildah.yaml @@ -0,0 +1,71 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: j7s-buildah + namespace: j7s-ci +spec: + description: Build and push a container image. + params: + - name: registry + description: Registry to push to. + - name: name + description: Name of the image. + - name: version + description: Version for the image. + - name: containerfile + description: Path of the Containerfile relative to source. + - name: registry-login-secret-name + description: Name of the secret containing the credentials to push to the registry. + workspaces: + - name: source + - name: cosign-credentials + steps: + - name: build + image: harbor.internal.jpace121.net/buildah:latest + workingDir: $(workspaces.source.path) + script: | + set -x + # Login + buildah login --tls-verify=false --username=$USERNAME --password=$PASSWORD $(params.registry) + mkdir ~/.sigstore + cp $(workspaces.cosign-credentials.path)/* ~/.sigstore + cat < ~/.sigstore/param-file.yaml + privateKeyFile: "$HOME/.sigstore/cosign.key" + privateKeyPassphraseFile: "$HOME/.sigstore/cosign.password" + EOF + mkdir -p /etc/containers/registries.d/ + cat < /etc/containers/registries.d/james-registry.yaml + docker: + $(params.registry): + use-sigstore-attachments: true + EOF + # Build + buildah --storage-driver=overlay bud --tls-verify=false --no-cache \ + -f $(params.containerfile) -t $(params.name):$(params.version) . + # Push + skopeo copy --dest-tls-verify=false --sign-by-sigstore=$HOME/.sigstore/param-file.yaml \ + containers-storage:localhost/$(params.name):$(params.version) \ + docker://$(params.registry)/$(params.name):$(params.version) + skopeo copy --dest-tls-verify=false --sign-by-sigstore=$HOME/.sigstore/param-file.yaml \ + containers-storage:localhost/$(params.name):$(params.version) \ + docker://$(params.registry)/$(params.name):latest + env: + - name: USERNAME + valueFrom: + secretKeyRef: + name: $(params.registry-login-secret-name) + key: username + - name: PASSWORD + valueFrom: + secretKeyRef: + name: $(params.registry-login-secret-name) + key: password + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + securityContext: + privileged: true + volumes: + - name: varlibcontainers + emptyDir: {} \ No newline at end of file diff --git a/generic-tasks/j7s-git-clone-hash.yaml b/generic-tasks/j7s-git-clone-hash.yaml new file mode 100644 index 0000000..cac63d5 --- /dev/null +++ b/generic-tasks/j7s-git-clone-hash.yaml @@ -0,0 +1,23 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: j7s-git-clone-hash + namespace: j7s-ci +spec: + workspaces: + - name: output + - name: ssh-directory + params: + - name: url + - name: hash + steps: + - image: harbor.internal.jpace121.net/gitssh:latest + script: | + set -x + cp -r $(workspaces.ssh-directory.path) ~/.ssh + chmod 700 ~/.ssh + chmod -R 400 ~/.ssh/* + + git clone $(params.url) $(workspaces.output.path) + cd $(workspaces.output.path) + git checkout $(params.hash) \ No newline at end of file diff --git a/generic-tasks/j7s-git-clone.yaml b/generic-tasks/j7s-git-clone.yaml new file mode 100644 index 0000000..18477b3 --- /dev/null +++ b/generic-tasks/j7s-git-clone.yaml @@ -0,0 +1,21 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: j7s-git-clone + namespace: j7s-ci +spec: + workspaces: + - name: output + - name: ssh-directory + params: + - name: url + - name: branch + steps: + - image: harbor.internal.jpace121.net/gitssh:latest + script: | + set -x + cp -r $(workspaces.ssh-directory.path) ~/.ssh + chmod 700 ~/.ssh + chmod -R 400 ~/.ssh/* + + git clone --single-branch --branch $(params.branch) $(params.url) $(workspaces.output.path) \ No newline at end of file diff --git a/generic-tasks/j7s-ros-clone.yaml b/generic-tasks/j7s-ros-clone.yaml new file mode 100644 index 0000000..016fa23 --- /dev/null +++ b/generic-tasks/j7s-ros-clone.yaml @@ -0,0 +1,25 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: j7s-ros-clone + namespace: j7s-ci +spec: + workspaces: + - name: output + - name: ssh-directory + params: + - name: url + - name: branch + - name: repos-file + steps: + - image: harbor.internal.jpace121.net/vcs:latest + script: | + set -x + cp -r $(workspaces.ssh-directory.path) ~/.ssh + chmod 700 ~/.ssh + chmod -R 400 ~/.ssh/* + + git clone --single-branch --branch $(params.branch) $(params.url) $(workspaces.output.path) + cd $(workspaces.output.path) + mkdir src + vcs import src < $(params.repos-file) \ No newline at end of file diff --git a/generic-tasks/kustomization.yaml b/generic-tasks/kustomization.yaml new file mode 100644 index 0000000..25f23c9 --- /dev/null +++ b/generic-tasks/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- j7s-ansible-build.yaml +- j7s-buildah.yaml +- j7s-git-clone-hash.yaml +- j7s-git-clone.yaml +- j7s-ros-clone.yaml \ No newline at end of file diff --git a/images/Dockerfile_ansible-podman b/images/Dockerfile_ansible-podman new file mode 100644 index 0000000..5848b0f --- /dev/null +++ b/images/Dockerfile_ansible-podman @@ -0,0 +1,4 @@ +FROM quay.io/podman/stable:v4.2.1 + +RUN dnf update && \ + dnf install -y ansible git \ No newline at end of file diff --git a/images/Dockerfile_buildah b/images/Dockerfile_buildah new file mode 100644 index 0000000..b557b05 --- /dev/null +++ b/images/Dockerfile_buildah @@ -0,0 +1,6 @@ +FROM quay.io/buildah/upstream:latest + +# Add skopeo. +RUN dnf install -y skopeo \ + --exclude container-selinux \ + --enablerepo=updates-testing \ No newline at end of file diff --git a/images/Dockerfile_gitssh b/images/Dockerfile_gitssh new file mode 100644 index 0000000..95f6341 --- /dev/null +++ b/images/Dockerfile_gitssh @@ -0,0 +1,6 @@ +FROM docker.io/debian:bullseye-slim + +RUN apt update -y && \ + apt install -y \ + git \ + openssh-client \ No newline at end of file diff --git a/images/Dockerfile_j7s-image-build b/images/Dockerfile_j7s-image-build new file mode 100644 index 0000000..019c52a --- /dev/null +++ b/images/Dockerfile_j7s-image-build @@ -0,0 +1,9 @@ +FROM quay.io/centos/centos:stream9 +RUN dnf install -y 'dnf-command(copr)' && \ + dnf copr enable -y @osbuild/osbuild && \ + dnf install -y osbuild osbuild-tools osbuild-ostree make sudo git +RUN useradd -m -G wheel -s /bin/bash -u 1000 j7s && \ + bash -c 'echo "%wheel ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/container' && \ + chmod 0440 /etc/sudoers.d/container +USER j7s +ENTRYPOINT ["bash"] \ No newline at end of file diff --git a/images/Dockerfile_vcs b/images/Dockerfile_vcs new file mode 100644 index 0000000..21a8e2b --- /dev/null +++ b/images/Dockerfile_vcs @@ -0,0 +1,10 @@ +FROM docker.io/debian:bullseye-slim + +RUN apt update -y && \ + apt install -y curl +RUN curl -s https://packagecloud.io/install/repositories/dirk-thomas/vcstool/script.deb.sh | bash +RUN apt update -y && \ + apt install -y \ + git \ + openssh-client \ + python3-vcstool \ No newline at end of file diff --git a/j7s-os/j7s-os-buildah.yaml b/j7s-os/j7s-os-buildah.yaml new file mode 100644 index 0000000..5dda2d6 --- /dev/null +++ b/j7s-os/j7s-os-buildah.yaml @@ -0,0 +1,55 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: j7s-os-buildah + namespace: j7s-ci +spec: + description: Build the deployment container image for j7s-os. + params: + - name: image + description: Reference of the image buildah will produce. + - name: commit + description: Repo directory to put inside the image. + - name: registry + description: Registry to push to. + - name: version + description: Version for the image. + - name: registry-secret-name + description: Name of secret to get credentials for registry from. + workspaces: + - name: source + steps: + - name: build + image: quay.io/buildah/stable:v1.23.3 + workingDir: $(workspaces.source.path) + script: | + set -x + # Login + buildah login --tls-verify=false --username=$USERNAME --password=$PASSWORD $(params.registry) + # Build + buildah --storage-driver=overlay bud --tls-verify=false --no-cache \ + --build-arg commit=./$(params.commit) \ + -f ./hosting/Dockerfile -t $(params.image):$(params.version) . + # Push + buildah --storage-driver=overlay push --tls-verify=false $(params.image) docker://$(params.registry)/$(params.image):$(params.version) + buildah --storage-driver=overlay push --tls-verify=false $(params.image) docker://$(params.registry)/$(params.image):latest + env: + - name: USERNAME + valueFrom: + secretKeyRef: + name: $(params.registry-login-secret-name) + key: username + - name: PASSWORD + valueFrom: + secretKeyRef: + name: $(params.registry-login-secret-name) + key: password + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + securityContext: + privileged: true + volumes: + - name: varlibcontainers + emptyDir: {} \ No newline at end of file diff --git a/j7s-os/j7s-os-image-build.yaml b/j7s-os/j7s-os-image-build.yaml new file mode 100644 index 0000000..d5f3e35 --- /dev/null +++ b/j7s-os/j7s-os-image-build.yaml @@ -0,0 +1,22 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: j7s-os-image-build + namespace: j7s-ci +spec: + workspaces: + - name: source + params: + - name: image-name + results: + - name: version-string + steps: + - image: harbor.internal.jpace121.net/j7s-image-build:latest + securityContext: + privileged: true + script: | + set -x + sudo chown -R j7s:j7s $(workspaces.source.path) + cd $(workspaces.source.path) + make $(params.image-name) + echo -n `date +%Y%m%d%H%M`-`git describe --no-match --always --dirty` | tee $(results.version-string.path) \ No newline at end of file diff --git a/j7s-os/j7s-os-k8s-deploy.yaml b/j7s-os/j7s-os-k8s-deploy.yaml new file mode 100644 index 0000000..bdcc12e --- /dev/null +++ b/j7s-os/j7s-os-k8s-deploy.yaml @@ -0,0 +1,47 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: j7s-os-k8s-deploy + namespace: j7s-ci +spec: + params: + - name: image + description: The image to deploy. + - name: version + description: The version of the image to deploy. + workspaces: + - name: ssh-directory + steps: + - name: update-with-flux + image: harbor.internal.jpace121.net/gitssh:latest + script: | + #!/usr/bin/env bash + set -x + cp -r $(workspaces.ssh-directory.path) ~/.ssh + chmod 700 ~/.ssh + chmod -R 400 ~/.ssh/* + git config --global user.name tekton + git config --global user.email tekton@internal.jpace121.net + + git clone ssh://git@git.jpace121.net:2222/cd/flux-apps.git flux-apps + cd flux-apps + cat < j7s-os-deploy/patch.yaml + --- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: j7s-os-app-deployment + spec: + template: + spec: + containers: + - name: j7s-os-app + image: $(params.image):$(params.version) + EOF + + git add ./j7s-os-deploy + git commit -m "Update j7s-os-deploy to version $(params.version)" + git push origin HEAD:refs/for/master \ + -o title="Update j7s-os-deploy to version $(params.version)" \ + -o topic="j7s-os-deploy-$(params.version)" + diff --git a/j7s-os/kustomization.yaml b/j7s-os/kustomization.yaml new file mode 100644 index 0000000..9dac38d --- /dev/null +++ b/j7s-os/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- j7s-os-buildah.yaml +- j7s-os-image-build.yaml +- j7s-os-k8s-deploy.yaml \ No newline at end of file