cd
/
j7s-ci
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial copy and move of initial tasks.

This commit is contained in:
James Pace 2023-04-01 17:25:42 -04:00
commit 7d24fd9c5e
15 changed files with 342 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
generic-tasks/j7s-ansible-build.yaml Normal file
View File

@ -0,0 +1,29 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: j7s-ansible-build
namespace: j7s-ci
spec:
workspaces:
- name: source
- name: ssh-directory
params:
- name: deploy
- name: ansible-file-path
steps:
- image: harbor.internal.jpace121.net/k8s/ansible-podman:latest
securityContext:
privileged: true
script: |
#!/usr/bin/env bash
set -ex
cp -r $(workspaces.ssh-directory.path) ~/.ssh
chmod 700 ~/.ssh
chmod -R 400 ~/.ssh/*
cd $(workspaces.source.path)
ansible-playbook -vvvv --skip-tags deploy -i $(params.ansible-file-path)/inventory.yaml $(params.ansible-file-path)/build.yaml
if [[ $(params.deploy) == "true" ]]; then
ansible-playbook -vvvv --tags deploy -i $(params.ansible-file-path)/inventory.yaml $(params.ansible-file-path)/build.yaml
fi

71
generic-tasks/j7s-buildah.yaml Normal file
View File

@ -0,0 +1,71 @@
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: j7s-buildah
namespace: j7s-ci
spec:
description: Build and push a container image.
params:
- name: registry
description: Registry to push to.
- name: name
description: Name of the image.
- name: version
description: Version for the image.
- name: containerfile
description: Path of the Containerfile relative to source.
- name: registry-login-secret-name
description: Name of the secret containing the credentials to push to the registry.
workspaces:
- name: source
- name: cosign-credentials
steps:
- name: build
image: harbor.internal.jpace121.net/buildah:latest
workingDir: $(workspaces.source.path)
script: |
set -x
# Login
buildah login --tls-verify=false --username=$USERNAME --password=$PASSWORD $(params.registry)
mkdir ~/.sigstore
cp $(workspaces.cosign-credentials.path)/* ~/.sigstore
cat <<EOF > ~/.sigstore/param-file.yaml
privateKeyFile: "$HOME/.sigstore/cosign.key"
privateKeyPassphraseFile: "$HOME/.sigstore/cosign.password"
EOF
mkdir -p /etc/containers/registries.d/
cat <<EOF > /etc/containers/registries.d/james-registry.yaml
docker:
$(params.registry):
use-sigstore-attachments: true
EOF
# Build
buildah --storage-driver=overlay bud --tls-verify=false --no-cache \
-f $(params.containerfile) -t $(params.name):$(params.version) .
# Push
skopeo copy --dest-tls-verify=false --sign-by-sigstore=$HOME/.sigstore/param-file.yaml \
containers-storage:localhost/$(params.name):$(params.version) \
docker://$(params.registry)/$(params.name):$(params.version)
skopeo copy --dest-tls-verify=false --sign-by-sigstore=$HOME/.sigstore/param-file.yaml \
containers-storage:localhost/$(params.name):$(params.version) \
docker://$(params.registry)/$(params.name):latest
env:
- name: USERNAME
valueFrom:
secretKeyRef:
name: $(params.registry-login-secret-name)
key: username
- name: PASSWORD
valueFrom:
secretKeyRef:
name: $(params.registry-login-secret-name)
key: password
volumeMounts:
- name: varlibcontainers
mountPath: /var/lib/containers
securityContext:
privileged: true
volumes:
- name: varlibcontainers
emptyDir: {}

23
generic-tasks/j7s-git-clone-hash.yaml Normal file
View File

@ -0,0 +1,23 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: j7s-git-clone-hash
namespace: j7s-ci
spec:
workspaces:
- name: output
- name: ssh-directory
params:
- name: url
- name: hash
steps:
- image: harbor.internal.jpace121.net/gitssh:latest
script: |
set -x
cp -r $(workspaces.ssh-directory.path) ~/.ssh
chmod 700 ~/.ssh
chmod -R 400 ~/.ssh/*
git clone $(params.url) $(workspaces.output.path)
cd $(workspaces.output.path)
git checkout $(params.hash)

21
generic-tasks/j7s-git-clone.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: j7s-git-clone
namespace: j7s-ci
spec:
workspaces:
- name: output
- name: ssh-directory
params:
- name: url
- name: branch
steps:
- image: harbor.internal.jpace121.net/gitssh:latest
script: |
set -x
cp -r $(workspaces.ssh-directory.path) ~/.ssh
chmod 700 ~/.ssh
chmod -R 400 ~/.ssh/*
git clone --single-branch --branch $(params.branch) $(params.url) $(workspaces.output.path)

25
generic-tasks/j7s-ros-clone.yaml Normal file
View File

@ -0,0 +1,25 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: j7s-ros-clone
namespace: j7s-ci
spec:
workspaces:
- name: output
- name: ssh-directory
params:
- name: url
- name: branch
- name: repos-file
steps:
- image: harbor.internal.jpace121.net/vcs:latest
script: |
set -x
cp -r $(workspaces.ssh-directory.path) ~/.ssh
chmod 700 ~/.ssh
chmod -R 400 ~/.ssh/*
git clone --single-branch --branch $(params.branch) $(params.url) $(workspaces.output.path)
cd $(workspaces.output.path)
mkdir src
vcs import src < $(params.repos-file)

8
generic-tasks/kustomization.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- j7s-ansible-build.yaml
- j7s-buildah.yaml
- j7s-git-clone-hash.yaml
- j7s-git-clone.yaml
- j7s-ros-clone.yaml

4
images/Dockerfile_ansible-podman Normal file
View File

@ -0,0 +1,4 @@
FROM quay.io/podman/stable:v4.2.1
RUN dnf update && \
dnf install -y ansible git

6
images/Dockerfile_buildah Normal file
View File

@ -0,0 +1,6 @@
FROM quay.io/buildah/upstream:latest
# Add skopeo.
RUN dnf install -y skopeo \
--exclude container-selinux \
--enablerepo=updates-testing

6
images/Dockerfile_gitssh Normal file
View File

@ -0,0 +1,6 @@
FROM docker.io/debian:bullseye-slim
RUN apt update -y && \
apt install -y \
git \
openssh-client

9
images/Dockerfile_j7s-image-build Normal file
View File

@ -0,0 +1,9 @@
FROM quay.io/centos/centos:stream9
RUN dnf install -y 'dnf-command(copr)' && \
dnf copr enable -y @osbuild/osbuild && \
dnf install -y osbuild osbuild-tools osbuild-ostree make sudo git
RUN useradd -m -G wheel -s /bin/bash -u 1000 j7s && \
bash -c 'echo "%wheel ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/container' && \
chmod 0440 /etc/sudoers.d/container
USER j7s
ENTRYPOINT ["bash"]

10
images/Dockerfile_vcs Normal file
View File

@ -0,0 +1,10 @@
FROM docker.io/debian:bullseye-slim
RUN apt update -y && \
apt install -y curl
RUN curl -s https://packagecloud.io/install/repositories/dirk-thomas/vcstool/script.deb.sh | bash
RUN apt update -y && \
apt install -y \
git \
openssh-client \
python3-vcstool

55
j7s-os/j7s-os-buildah.yaml Normal file
View File

@ -0,0 +1,55 @@
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: j7s-os-buildah
namespace: j7s-ci
spec:
description: Build the deployment container image for j7s-os.
params:
- name: image
description: Reference of the image buildah will produce.
- name: commit
description: Repo directory to put inside the image.
- name: registry
description: Registry to push to.
- name: version
description: Version for the image.
- name: registry-secret-name
description: Name of secret to get credentials for registry from.
workspaces:
- name: source
steps:
- name: build
image: quay.io/buildah/stable:v1.23.3
workingDir: $(workspaces.source.path)
script: |
set -x
# Login
buildah login --tls-verify=false --username=$USERNAME --password=$PASSWORD $(params.registry)
# Build
buildah --storage-driver=overlay bud --tls-verify=false --no-cache \
--build-arg commit=./$(params.commit) \
-f ./hosting/Dockerfile -t $(params.image):$(params.version) .
# Push
buildah --storage-driver=overlay push --tls-verify=false $(params.image) docker://$(params.registry)/$(params.image):$(params.version)
buildah --storage-driver=overlay push --tls-verify=false $(params.image) docker://$(params.registry)/$(params.image):latest
env:
- name: USERNAME
valueFrom:
secretKeyRef:
name: $(params.registry-login-secret-name)
key: username
- name: PASSWORD
valueFrom:
secretKeyRef:
name: $(params.registry-login-secret-name)
key: password
volumeMounts:
- name: varlibcontainers
mountPath: /var/lib/containers
securityContext:
privileged: true
volumes:
- name: varlibcontainers
emptyDir: {}

22
j7s-os/j7s-os-image-build.yaml Normal file
View File

@ -0,0 +1,22 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: j7s-os-image-build
namespace: j7s-ci
spec:
workspaces:
- name: source
params:
- name: image-name
results:
- name: version-string
steps:
- image: harbor.internal.jpace121.net/j7s-image-build:latest
securityContext:
privileged: true
script: |
set -x
sudo chown -R j7s:j7s $(workspaces.source.path)
cd $(workspaces.source.path)
make $(params.image-name)
echo -n `date +%Y%m%d%H%M`-`git describe --no-match --always --dirty` | tee $(results.version-string.path)

47
j7s-os/j7s-os-k8s-deploy.yaml Normal file
View File

@ -0,0 +1,47 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: j7s-os-k8s-deploy
namespace: j7s-ci
spec:
params:
- name: image
description: The image to deploy.
- name: version
description: The version of the image to deploy.
workspaces:
- name: ssh-directory
steps:
- name: update-with-flux
image: harbor.internal.jpace121.net/gitssh:latest
script: |
#!/usr/bin/env bash
set -x
cp -r $(workspaces.ssh-directory.path) ~/.ssh
chmod 700 ~/.ssh
chmod -R 400 ~/.ssh/*
git config --global user.name tekton
git config --global user.email tekton@internal.jpace121.net
git clone ssh://git@git.jpace121.net:2222/cd/flux-apps.git flux-apps
cd flux-apps
cat <<EOF > j7s-os-deploy/patch.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: j7s-os-app-deployment
spec:
template:
spec:
containers:
- name: j7s-os-app
image: $(params.image):$(params.version)
EOF
git add ./j7s-os-deploy
git commit -m "Update j7s-os-deploy to version $(params.version)"
git push origin HEAD:refs/for/master \
-o title="Update j7s-os-deploy to version $(params.version)" \
-o topic="j7s-os-deploy-$(params.version)"

6
j7s-os/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- j7s-os-buildah.yaml
- j7s-os-image-build.yaml
- j7s-os-k8s-deploy.yaml