Add dev_contain job.

images/Dockerfile_ansible-podman

@@ -0,0 +1,4 @@
+FROM quay.io/podman/stable:v4.2.1
+
+RUN dnf update && \
+    dnf install -y ansible git

notes.md

@@ -44,6 +44,22 @@ Restart k3s.
 
 Apply rest of the CRDs.
 
+# SSH Secrets
+
+1. `ssh-keygen -t ecdsa -f ./deploy_key`
+2. `ssh-keyscan packages.jpace121.net > ./deploy_known_hosts`
+3. `cat deploy-credentials.yaml`
+   ```
+    apiVersion: v1
+    kind: Secret
+    metadata:
+        name: deploy-credentials
+    type: Opaque
+    data:
+        id_ecdsa: <base64 -w 0 .. >
+        known_hosts: <base64 -w 0 ..>
+  ```
+
 
 # Bad Ideas
 

pipelines/dev-contain-pipeline.yaml

@@ -0,0 +1,52 @@
+# A pipeline to build and deploy dev_contain packages.
+# Steps:
+#   Clone the dev_contain repo from gitea and checkout packaging branch.
+#   Call ansible play to build.
+#   Optionally, call play to deploy
+---
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+  name: dev-contain-pipeline
+spec:
+  description: "Build and deploy dev_contain packages."
+  params:
+  - name: branch
+    type: string
+    description: The branch in the repo to call the build script in.
+  - name: deploy
+    type: string
+    description: "'true' if we should deploy the image using ansible."
+  workspaces:
+  - name: shared-data
+    description: Shared data.
+  - name: git-credentials
+    description: tekton git credentials
+  - name: deploy-credentials
+    description: tekton credentials to deployment server
+  tasks:
+  - name: fetch-repo
+    workspaces:
+    - name: output
+      workspace: shared-data
+    - name: ssh-directory
+      workspace: git-credentials
+    params:
+    - name: url
+      value: ssh://git@git.jpace121.net:2222/packaging/dev_contain.git
+    - name: branch
+      value: $(params.branch)
+    taskRef:
+      name: j7s-git-clone
+  - name: build
+    runAfter: ["fetch-repo"]
+    workspaces:
+    - name: source
+      workspace: shared-data
+    - name: ssh-directory
+      workspace: deploy-credentials
+    params:
+    - name: deploy
+      value: $(params.deploy)
+    taskRef:
+      name: j7s-ansible-build

runs/dev-contain-debian.yaml

@@ -0,0 +1,27 @@
+apiVersion: tekton.dev/v1beta1
+kind: PipelineRun
+metadata:
+  name: dev-contain-debian
+spec:
+  pipelineRef:
+    name: dev-contain-pipeline
+  workspaces:
+  - name: shared-data
+    volumeClaimTemplate:
+      spec:
+        accessModes:
+        - ReadWriteOnce
+        resources:
+          requests:
+            storage: 1Gi
+  - name: git-credentials
+    secret:
+      secretName: git-credentials
+  - name: deploy-credentials
+    secret:
+      secretName: deploy-credentials
+  params:
+  - name: branch
+    value: "packaging/debian"
+  - name: deploy
+    value: "true"

runs/dev-contain-rpm.yaml

@@ -0,0 +1,27 @@
+apiVersion: tekton.dev/v1beta1
+kind: PipelineRun
+metadata:
+  name: dev-contain-rpm
+spec:
+  pipelineRef:
+    name: dev-contain-pipeline
+  workspaces:
+  - name: shared-data
+    volumeClaimTemplate:
+      spec:
+        accessModes:
+        - ReadWriteOnce
+        resources:
+          requests:
+            storage: 1Gi
+  - name: git-credentials
+    secret:
+      secretName: git-credentials
+  - name: deploy-credentials
+    secret:
+      secretName: deploy-credentials
+  params:
+  - name: branch
+    value: "packaging/fedora"
+  - name: deploy
+    value: "true"

tasks/j7s-ansible-build.yaml

@@ -0,0 +1,27 @@
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: j7s-ansible-build
+spec:
+  workspaces:
+  - name: source
+  - name: ssh-directory
+  params:
+  - name: deploy
+  steps:
+  - image: 192.168.1.128:8443/ansible-podman:latest
+    securityContext:
+      privileged: true
+    script: |
+      #!/usr/bin/env bash
+      set -ex
+      cp -r $(workspaces.ssh-directory.path) ~/.ssh
+      chmod 700 ~/.ssh
+      chmod -R 400 ~/.ssh/*
+
+      cd $(workspaces.source.path)
+      ansible-playbook -vvvv --skip-tags deploy -i inventory.yaml build.yaml
+
+      if [[ $(params.deploy) == "true" ]]; then
+        ansible-playbook -vvvv --tags deploy -i inventory.yaml build.yaml
+      fi