From 77be2bbe2eab622064fd5fcbff8f688fd81c8b5a Mon Sep 17 00:00:00 2001 From: James Pace Date: Wed, 19 Apr 2023 20:11:32 -0400 Subject: [PATCH] Move a bunch of stuff to the j7s-ci flux setup. --- deployments/mosquitto.yaml | 88 ----------------------------------- deployments/squid.yaml | 42 ----------------- tasks/j7s-ansible-build.yaml | 29 ------------ tasks/j7s-buildah.yaml | 84 --------------------------------- tasks/j7s-git-clone-hash.yaml | 23 --------- tasks/j7s-git-clone.yaml | 21 --------- tasks/j7s-os-buildah.yaml | 53 --------------------- tasks/j7s-os-image-build.yaml | 22 --------- tasks/j7s-os-k8s-deploy.yaml | 45 ------------------ tasks/j7s-ros-clone.yaml | 56 ---------------------- 10 files changed, 463 deletions(-) delete mode 100644 deployments/mosquitto.yaml delete mode 100644 deployments/squid.yaml delete mode 100644 tasks/j7s-ansible-build.yaml delete mode 100644 tasks/j7s-buildah.yaml delete mode 100644 tasks/j7s-git-clone-hash.yaml delete mode 100644 tasks/j7s-git-clone.yaml delete mode 100644 tasks/j7s-os-buildah.yaml delete mode 100644 tasks/j7s-os-image-build.yaml delete mode 100644 tasks/j7s-os-k8s-deploy.yaml delete mode 100644 tasks/j7s-ros-clone.yaml diff --git a/deployments/mosquitto.yaml b/deployments/mosquitto.yaml deleted file mode 100644 index 7dd4698..0000000 --- a/deployments/mosquitto.yaml +++ /dev/null @@ -1,88 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mosquitto-deployment - labels: - app: mosquitto -spec: - replicas: 1 - selector: - matchLabels: - app: mosquitto - template: - metadata: - labels: - app: mosquitto - spec: - containers: - - name: mosquitto - image: 192.168.1.149:8443/mosquitto:0.0.7 - args: ["-v", "-c", "/opt/mqtt/mosquitto.conf"] - volumeMounts: - - mountPath: /opt/mqtt - name: mosquitto-conf - ports: - - containerPort: 9000 - name: websockets-port - - containerPort: 9001 - name: mqtt-port - volumes: - - name: mosquitto-conf - configMap: - name: mosquitto-conf ---- -apiVersion: v1 -kind: Service -metadata: - name: mosquitto-service -spec: - selector: - app: mosquitto - type: LoadBalancer - ports: - - protocol: TCP - port: 9000 - name: websockets-port - - protocol: TCP - port: 9001 - name: mqtt-port ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: mosquitto-conf -data: - acl.yaml: | - default: - can_read: true - can_write: false - jimmy: - can_read: true - can_write: true - keys.yaml: | - default: - - /opt/mqtt/jpace121-key.pem - - /opt/mqtt/service-key.pem - mosquitto.conf: | - per_listener_settings false - allow_anonymous false - log_type all - - auth_plugin /usr/lib/libj7s-plugin.so - auth_opt_key_file /opt/mqtt/keys.yaml - auth_opt_acl_file /opt/mqtt/acl.yaml - - listener 9000 - protocol websockets - - listener 9001 - protocol mqtt - service-key.pem: | - -----BEGIN PUBLIC KEY----- - MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9DBwMe+eHkYLfq076sFq75gepyaL4LQtX8qVlGjJCtLxV308L2d8XGC35VBxrIbx8Bs5sKT4e5s9suzO8FhGMQ== - -----END PUBLIC KEY----- - jpace121-key.pem: | - -----BEGIN PUBLIC KEY----- - MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqdtuaoyDj8jCtgB9qfUMwDe//VLAF1HTXHTQ7OS8i/S3wjOC4YOHxRy9kYQ3LdE44r7kIX6DR8VLJ3srctQ0xw== - -----END PUBLIC KEY----- diff --git a/deployments/squid.yaml b/deployments/squid.yaml deleted file mode 100644 index 1af6b49..0000000 --- a/deployments/squid.yaml +++ /dev/null @@ -1,42 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: squid-deployment - labels: - app: squid -spec: - replicas: 1 - selector: - matchLabels: - app: squid - template: - metadata: - labels: - app: squid - spec: - containers: - - name: squid - image: 192.168.1.149:8443/squid:0.3 - volumeMounts: - - mountPath: /var/spool/squid - name: squid-volume - ports: - - containerPort: 3128 - name: squid-port - volumes: - - name: squid-volume - emptyDir: {} ---- -apiVersion: v1 -kind: Service -metadata: - name: squid-service -spec: - selector: - app: squid - ports: - - protocol: TCP - targetPort: 3128 - port: 3128 - name: squid-port \ No newline at end of file diff --git a/tasks/j7s-ansible-build.yaml b/tasks/j7s-ansible-build.yaml deleted file mode 100644 index 3598854..0000000 --- a/tasks/j7s-ansible-build.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: j7s-ansible-build - namespace: j7s-ci -spec: - workspaces: - - name: source - - name: ssh-directory - params: - - name: deploy - - name: ansible-file-path - steps: - - image: 192.168.1.149:8443/ansible-podman:latest - securityContext: - privileged: true - script: | - #!/usr/bin/env bash - set -ex - cp -r $(workspaces.ssh-directory.path) ~/.ssh - chmod 700 ~/.ssh - chmod -R 400 ~/.ssh/* - - cd $(workspaces.source.path) - ansible-playbook -vvvv --skip-tags deploy -i $(params.ansible-file-path)/inventory.yaml $(params.ansible-file-path)/build.yaml - - if [[ $(params.deploy) == "true" ]]; then - ansible-playbook -vvvv --tags deploy -i $(params.ansible-file-path)/inventory.yaml $(params.ansible-file-path)/build.yaml - fi \ No newline at end of file diff --git a/tasks/j7s-buildah.yaml b/tasks/j7s-buildah.yaml deleted file mode 100644 index 0a784bb..0000000 --- a/tasks/j7s-buildah.yaml +++ /dev/null @@ -1,84 +0,0 @@ ---- -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: j7s-buildah - namespace: j7s-ci -spec: - description: Build and push a container image. - params: - - name: registry - description: Registry to push to. - - name: name - description: Name of the image. - - name: version - description: Version for the image. - - name: containerfile - description: Path of the Containerfile relative to source. - workspaces: - - name: source - - name: cosign-credentials - steps: - - name: build - image: 192.168.1.149:8443/buildah:latest - workingDir: $(workspaces.source.path) - script: | - set -x - # Login - buildah login --tls-verify=false --username=$USERNAME --password=$PASSWORD $(params.registry) - mkdir ~/.sigstore - cp $(workspaces.cosign-credentials.path)/* ~/.sigstore - cat < ~/.sigstore/param-file.yaml - privateKeyFile: "$HOME/.sigstore/cosign.key" - privateKeyPassphraseFile: "$HOME/.sigstore/cosign.password" - EOF - mkdir -p /etc/containers/registries.d/ - cat < /etc/containers/registries.d/james-registry.yaml - docker: - $(params.registry): - use-sigstore-attachments: true - EOF - # Build - buildah --storage-driver=overlay bud --tls-verify=false --no-cache \ - -f $(params.containerfile) -t $(params.name):$(params.version) . - # Push - skopeo copy --dest-tls-verify=false --sign-by-sigstore=$HOME/.sigstore/param-file.yaml \ - containers-storage:localhost/$(params.name):$(params.version) \ - docker://$(params.registry)/$(params.name):$(params.version) - skopeo copy --dest-tls-verify=false --sign-by-sigstore=$HOME/.sigstore/param-file.yaml \ - containers-storage:localhost/$(params.name):$(params.version) \ - docker://$(params.registry)/$(params.name):latest - # Indicate results. - HASH=`skopeo inspect containers-storage:localhost/$(params.name):$(params.version) --format={{.Digest}}` - cat < $(results.image-ARTIFACT_OUTPUTS.path) - { - "uri": "$(params.registry)/$(params.name):$(params.version)", - "digest": "$HASH" - } - env: - - name: USERNAME - valueFrom: - secretKeyRef: - name: registry-login-secret - key: username - - name: PASSWORD - valueFrom: - secretKeyRef: - name: registry-login-secret - key: password - volumeMounts: - - name: varlibcontainers - mountPath: /var/lib/containers - securityContext: - privileged: true - volumes: - - name: varlibcontainers - emptyDir: {} - results: - - name: image-ARTIFACT_OUTPUTS - type: object - properties: - uri: - type: string - digest: - type: string \ No newline at end of file diff --git a/tasks/j7s-git-clone-hash.yaml b/tasks/j7s-git-clone-hash.yaml deleted file mode 100644 index b2521f6..0000000 --- a/tasks/j7s-git-clone-hash.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: j7s-git-clone-hash - namespace: j7s-ci -spec: - workspaces: - - name: output - - name: ssh-directory - params: - - name: url - - name: hash - steps: - - image: 192.168.1.149:8443/gitssh:latest - script: | - set -x - cp -r $(workspaces.ssh-directory.path) ~/.ssh - chmod 700 ~/.ssh - chmod -R 400 ~/.ssh/* - - git clone $(params.url) $(workspaces.output.path) - cd $(workspaces.output.path) - git checkout $(params.hash) \ No newline at end of file diff --git a/tasks/j7s-git-clone.yaml b/tasks/j7s-git-clone.yaml deleted file mode 100644 index fec577f..0000000 --- a/tasks/j7s-git-clone.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: j7s-git-clone - namespace: j7s-ci -spec: - workspaces: - - name: output - - name: ssh-directory - params: - - name: url - - name: branch - steps: - - image: 192.168.1.149:8443/gitssh:latest - script: | - set -x - cp -r $(workspaces.ssh-directory.path) ~/.ssh - chmod 700 ~/.ssh - chmod -R 400 ~/.ssh/* - - git clone --single-branch --branch $(params.branch) $(params.url) $(workspaces.output.path) \ No newline at end of file diff --git a/tasks/j7s-os-buildah.yaml b/tasks/j7s-os-buildah.yaml deleted file mode 100644 index 9fb2e67..0000000 --- a/tasks/j7s-os-buildah.yaml +++ /dev/null @@ -1,53 +0,0 @@ ---- -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: j7s-os-buildah - namespace: j7s-ci -spec: - description: Build the deployment container image for j7s-os. - params: - - name: image - description: Reference of the image buildah will produce. - - name: commit - description: Repo directory to put inside the image. - - name: registry - description: Registry to push to. - - name: version - description: Version for the image. - workspaces: - - name: source - steps: - - name: build - image: quay.io/buildah/stable:v1.23.3 - workingDir: $(workspaces.source.path) - script: | - set -x - # Login - buildah login --tls-verify=false --username=$USERNAME --password=$PASSWORD $(params.registry) - # Build - buildah --storage-driver=overlay bud --tls-verify=false --no-cache \ - --build-arg commit=./$(params.commit) \ - -f ./hosting/Dockerfile -t $(params.image):$(params.version) . - # Push - buildah --storage-driver=overlay push --tls-verify=false $(params.image) docker://$(params.registry)/$(params.image):$(params.version) - buildah --storage-driver=overlay push --tls-verify=false $(params.image) docker://$(params.registry)/$(params.image):latest - env: - - name: USERNAME - valueFrom: - secretKeyRef: - name: registry-login-secret - key: username - - name: PASSWORD - valueFrom: - secretKeyRef: - name: registry-login-secret - key: password - volumeMounts: - - name: varlibcontainers - mountPath: /var/lib/containers - securityContext: - privileged: true - volumes: - - name: varlibcontainers - emptyDir: {} \ No newline at end of file diff --git a/tasks/j7s-os-image-build.yaml b/tasks/j7s-os-image-build.yaml deleted file mode 100644 index 1f806cc..0000000 --- a/tasks/j7s-os-image-build.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: j7s-os-image-build - namespace: j7s-ci -spec: - workspaces: - - name: source - params: - - name: image-name - results: - - name: version-string - steps: - - image: 192.168.1.149:8443/j7s-image-build:latest - securityContext: - privileged: true - script: | - set -x - sudo chown -R j7s:j7s $(workspaces.source.path) - cd $(workspaces.source.path) - make $(params.image-name) - echo -n `date +%Y%m%d%H%M`-`git describe --no-match --always --dirty` | tee $(results.version-string.path) \ No newline at end of file diff --git a/tasks/j7s-os-k8s-deploy.yaml b/tasks/j7s-os-k8s-deploy.yaml deleted file mode 100644 index 0f7ab29..0000000 --- a/tasks/j7s-os-k8s-deploy.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: j7s-os-k8s-deploy - namespace: j7s-ci -spec: - params: - - name: image - description: The image to deploy. - - name: version - description: The version of the image to deploy. - workspaces: - - name: ssh-directory - steps: - - name: update-with-flux - image: 192.168.1.149:8443/gitssh:latest - script: | - #!/usr/bin/env bash - set -x - cp -r $(workspaces.ssh-directory.path) ~/.ssh - chmod 700 ~/.ssh - chmod -R 400 ~/.ssh/* - git config --global user.name tekton - git config --global user.email tekton@internal.jpace121.net - - git clone ssh://git.jpace121.net:2222/cd/flux-apps flux-apps - cd flux-apps - cat < j7s-os-deploy/patch.yaml - --- - apiVersion: apps/v1 - kind: Deployment - metadata: - name: j7s-os-app-deployment - spec: - template: - spec: - containers: - - name: j7s-os-app - image: $(params.image):$(params.version) - EOF - - git add ./j7s-os-deploy - git commit -m "Update j7s-os-deploy to version $(params.version)" - git push origin master - diff --git a/tasks/j7s-ros-clone.yaml b/tasks/j7s-ros-clone.yaml deleted file mode 100644 index 312a591..0000000 --- a/tasks/j7s-ros-clone.yaml +++ /dev/null @@ -1,56 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: j7s-ros-clone - namespace: j7s-ci -spec: - workspaces: - - name: output - - name: ssh-directory - params: - - name: url - - name: branch - - name: repos-file - results: - - name: workspace-git-commit-ARTIFACT_OUTPUTS - type: object - properties: - uri: - type: string - digest: - type: string - - name: vcs-exact-file-ARTIFACT_OUTPUTS - type: object - properties: - uri: - type: string - digest: - type: string - steps: - - image: 192.168.1.149:8443/vcs:latest - script: | - set -x - cp -r $(workspaces.ssh-directory.path) ~/.ssh - chmod 700 ~/.ssh - chmod -R 400 ~/.ssh/* - - git clone --single-branch --branch $(params.branch) $(params.url) $(workspaces.output.path) - cd $(workspaces.output.path) - mkdir src - vcs import src < $(params.repos-file) - - # Git hash is really sha1, rehashing to workaround Tekton bug. - GITHASH=`git rev-parse HEAD | sha256sum | cut -f 1 -d " "` - VCSEXACTHASH=`vcs export --exact ./src | sha256sum | cut -f 1 -d " "` - cat < $(results.workspace-git-commit-ARTIFACT_OUTPUTS.path) - { - "uri": "$(params.url)", - "digest": "sha256:$GITHASH" - } - EOF - cat < $(results.vcs-exact-file-ARTIFACT_OUTPUTS.path) - { - "uri": "vcs-exact-file", - "digest": "sha256:$VCSEXACTHASH" - } - EOF \ No newline at end of file