diff --git a/.github/scripts/configure-kube.sh b/.github/scripts/configure-kube.sh new file mode 100755 index 0000000..2f17459 --- /dev/null +++ b/.github/scripts/configure-kube.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +echo "Install ingress controller" +helm repo add haproxy-ingress https://haproxy-ingress.github.io/charts +helm install haproxy-ingress haproxy-ingress/haproxy-ingress \ + --create-namespace --namespace=ingress-controller \ + --set controller.hostNetwork=true +kubectl apply -f - <= 0.0.0 || >= 0.0.0-0" +# MANAGED BY: GitHub workflow +version: 0.16.2 diff --git a/charts/ploigos-workflow/everything-tekton-pipeline/charts/ploigos-workflow-tekton-shared-resources b/charts/ploigos-workflow/everything-tekton-pipeline/charts/ploigos-workflow-tekton-shared-resources new file mode 120000 index 0000000..4944054 --- /dev/null +++ b/charts/ploigos-workflow/everything-tekton-pipeline/charts/ploigos-workflow-tekton-shared-resources @@ -0,0 +1 @@ +../../tekton-shared-resources \ No newline at end of file diff --git a/charts/ploigos-workflow-standard-tekton-pipeline/ci/test-values.yaml b/charts/ploigos-workflow/everything-tekton-pipeline/ci/test-values.yaml similarity index 87% rename from charts/ploigos-workflow-standard-tekton-pipeline/ci/test-values.yaml rename to charts/ploigos-workflow/everything-tekton-pipeline/ci/test-values.yaml index 85f6099..8d39e1d 100644 --- a/charts/ploigos-workflow-standard-tekton-pipeline/ci/test-values.yaml +++ b/charts/ploigos-workflow/everything-tekton-pipeline/ci/test-values.yaml @@ -6,11 +6,11 @@ global: stepRunnerConfigDir: cicd/step-runner-config workflowWorkerImageDefault: quay.io/ploigos/ploigos-base:latest - workflowWorkerImageUnitTest: quay.io/ploigos/ploigos-tool-maven:nightly - workflowWorkerImagePackage: quay.io/ploigos/ploigos-tool-maven:nightly - workflowWorkerImageStaticCodeAnalysis: quay.io/ploigos/ploigos-tool-sonar:nightly - workflowWorkerImagePushArtifacts: quay.io/ploigos/ploigos-tool-maven:nightly - workflowWorkerImageUAT: quay.io/ploigos/ploigos-tool-maven:nightly + workflowWorkerImageUnitTest: quay.io/ploigos/ploigos-tool-maven:latest + workflowWorkerImagePackage: quay.io/ploigos/ploigos-tool-maven:latest + workflowWorkerImageStaticCodeAnalysis: quay.io/ploigos/ploigos-tool-sonar:latest + workflowWorkerImagePushArtifacts: quay.io/ploigos/ploigos-tool-maven:latest + workflowWorkerImageUAT: quay.io/ploigos/ploigos-tool-maven:latest # NOTE: # have to test with ingress since GitHub action tests on 'kind' server where routes don't diff --git a/charts/ploigos-workflow-standard-tekton-pipeline/templates/NOTES.txt b/charts/ploigos-workflow/everything-tekton-pipeline/templates/NOTES.txt similarity index 100% rename from charts/ploigos-workflow-standard-tekton-pipeline/templates/NOTES.txt rename to charts/ploigos-workflow/everything-tekton-pipeline/templates/NOTES.txt diff --git a/charts/ploigos-workflow-standard-tekton-pipeline/templates/Pipeline_ploigos-workflow-standard.yml b/charts/ploigos-workflow/everything-tekton-pipeline/templates/Pipeline_ploigos-workflow-everything.yml similarity index 82% rename from charts/ploigos-workflow-standard-tekton-pipeline/templates/Pipeline_ploigos-workflow-standard.yml rename to charts/ploigos-workflow/everything-tekton-pipeline/templates/Pipeline_ploigos-workflow-everything.yml index 090de1f..638bd8d 100644 --- a/charts/ploigos-workflow-standard-tekton-pipeline/templates/Pipeline_ploigos-workflow-standard.yml +++ b/charts/ploigos-workflow/everything-tekton-pipeline/templates/Pipeline_ploigos-workflow-everything.yml @@ -177,13 +177,12 @@ spec: git+https://gitea.internal.example.xyz/tools/ploigos-step-runner.git@main installs from an internal fork of the step runner library from the 'main' branch. default: "" - # NOTE: See https://github.com/tektoncd/pipeline/issues/3423 - #- name: workflowWorkersImagePullPolicy - # type: string - # description: | - # Policy for pulling new versions of the imageTag for the CI worker images - # when running this pipeline. - # default: IfNotPresent + - name: workflowWorkersImagePullPolicy + type: string + description: | + Policy for pulling new versions of the imageTag for the CI worker images + when running this pipeline. + default: IfNotPresent - name: workflowWorkerImageDefault type: string description: | @@ -291,6 +290,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageSourceClone) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: url value: $(params.appRepoUrl) - name: revision @@ -332,6 +333,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: stepRunnerUpdateLibrary @@ -374,6 +377,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: pgpKeysSecretName value: $(params.pgpKeysSecretName) @@ -425,6 +430,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -463,6 +470,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -501,6 +510,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageUnitTest) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -539,6 +550,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImagePackage) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -577,6 +590,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageStaticCodeAnalysis) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -615,6 +630,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImagePushArtifacts) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -653,6 +670,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageContainerOperations) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -691,6 +710,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageContainerImageStaticComplianceScan) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -737,6 +758,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageContainerImageStaticVulnerabilityScan) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -776,6 +799,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageContainerOperations) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -814,6 +839,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageContainerOperations) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -823,12 +850,48 @@ spec: - name: stepRunnerConfigDir value: $(params.stepRunnerConfigDir) + ########################## + # CI: Generate Evidence # + ########################## + - name: ci-generate-evidence + runAfter: + - ci-sign-container-image + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: generate-evidence + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + ####### # DEV # ####### - name: dev-stage-gate runAfter: - - ci-sign-container-image + - ci-generate-evidence taskRef: kind: ClusterTask name: pattern-matcher @@ -869,6 +932,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageDeploy) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -909,6 +974,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageValidateEnvironmentConfiguraiton) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -949,6 +1016,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageUAT) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -960,6 +1029,48 @@ spec: - name: environment value: $(params.envNameDev) + ########################## + # DEV: Generate Evidence # + ########################## + - name: dev-generate-evidence + runAfter: + - dev-run-user-acceptance-tests + when: + - input: "$(tasks.dev-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: generate-evidence + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + - name: environment + value: $(params.envNameDev) + ######## # TEST # ######## @@ -969,10 +1080,10 @@ spec: # We would prefer to say this runs after the DEV stage finishes.... # but....https://github.com/tektoncd/pipeline/issues/2127. Which means # If the DEV stage is skipped then this stage will be skipped too because the - # dev-run-user-acceptance-tests task was skipped so the runAfter makes it so this step + # dev-generate-evidence task was skipped so the runAfter makes it so this step # would never run. - - ci-sign-container-image - #- dev-run-user-acceptance-tests + - ci-generate-evidence + #- dev-generate-evidence taskRef: kind: ClusterTask name: pattern-matcher @@ -1013,6 +1124,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageDeploy) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -1053,6 +1166,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageValidateEnvironmentConfiguraiton) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -1093,6 +1208,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageUAT) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -1104,12 +1221,54 @@ spec: - name: environment value: $(params.envNameTest) + ########################### + # TEST: Generate Evidence # + ########################### + - name: test-generate-evidence + runAfter: + - test-run-user-acceptance-tests + when: + - input: "$(tasks.test-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: generate-evidence + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + - name: environment + value: $(params.envNameTest) + ######## # PROD # ######## - name: prod-stage-gate runAfter: - - test-run-user-acceptance-tests + - test-generate-evidence taskRef: kind: ClusterTask name: pattern-matcher @@ -1150,6 +1309,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageDeploy) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -1190,6 +1351,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageValidateEnvironmentConfiguraiton) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -1200,3 +1363,82 @@ spec: value: $(params.stepRunnerConfigDir) - name: environment value: $(params.envNameProd) + + ########################### + # PROD: Generate Evidence # + ########################### + - name: prod-generate-evidence + runAfter: + - prod-validate-environment-configuration + when: + - input: "$(tasks.prod-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: generate-evidence + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + - name: environment + value: $(params.envNameProd) + + finally: + ########## + # Report # + ########## + - name: report + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: report + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + - name: environment + value: $(params.envNameProd) diff --git a/charts/ploigos-workflow-standard-tekton-pipeline/templates/_helpers.tpl b/charts/ploigos-workflow/everything-tekton-pipeline/templates/_helpers.tpl similarity index 100% rename from charts/ploigos-workflow-standard-tekton-pipeline/templates/_helpers.tpl rename to charts/ploigos-workflow/everything-tekton-pipeline/templates/_helpers.tpl diff --git a/charts/ploigos-workflow-standard-tekton-pipeline/values.yaml b/charts/ploigos-workflow/everything-tekton-pipeline/values.yaml similarity index 100% rename from charts/ploigos-workflow-standard-tekton-pipeline/values.yaml rename to charts/ploigos-workflow/everything-tekton-pipeline/values.yaml diff --git a/charts/ploigos-workflow-shared-resources/.helmignore b/charts/ploigos-workflow/minimal-tekton-pipeline/.helmignore similarity index 100% rename from charts/ploigos-workflow-shared-resources/.helmignore rename to charts/ploigos-workflow/minimal-tekton-pipeline/.helmignore diff --git a/charts/ploigos-workflow-minimal-tekton-pipeline/Chart.yaml b/charts/ploigos-workflow/minimal-tekton-pipeline/Chart.yaml similarity index 100% rename from charts/ploigos-workflow-minimal-tekton-pipeline/Chart.yaml rename to charts/ploigos-workflow/minimal-tekton-pipeline/Chart.yaml diff --git a/charts/ploigos-workflow/minimal-tekton-pipeline/charts/ploigos-workflow-tekton-shared-resources b/charts/ploigos-workflow/minimal-tekton-pipeline/charts/ploigos-workflow-tekton-shared-resources new file mode 120000 index 0000000..4944054 --- /dev/null +++ b/charts/ploigos-workflow/minimal-tekton-pipeline/charts/ploigos-workflow-tekton-shared-resources @@ -0,0 +1 @@ +../../tekton-shared-resources \ No newline at end of file diff --git a/charts/ploigos-workflow-minimal-tekton-pipeline/ci/test-values.yaml b/charts/ploigos-workflow/minimal-tekton-pipeline/ci/test-values.yaml similarity index 96% rename from charts/ploigos-workflow-minimal-tekton-pipeline/ci/test-values.yaml rename to charts/ploigos-workflow/minimal-tekton-pipeline/ci/test-values.yaml index 1ad0d39..cda4110 100644 --- a/charts/ploigos-workflow-minimal-tekton-pipeline/ci/test-values.yaml +++ b/charts/ploigos-workflow/minimal-tekton-pipeline/ci/test-values.yaml @@ -6,8 +6,8 @@ global: stepRunnerConfigDir: cicd/step-runner-config workflowWorkerImageDefault: quay.io/ploigos/ploigos-base:latest - workflowWorkerImagePackage: quay.io/ploigos/ploigos-tool-maven:nightly - workflowWorkerImagePushArtifacts: quay.io/ploigos/ploigos-tool-maven:nightly + workflowWorkerImagePackage: quay.io/ploigos/ploigos-tool-maven:latest + workflowWorkerImagePushArtifacts: quay.io/ploigos/ploigos-tool-maven:latest # NOTE: # have to test with ingress since GitHub action tests on 'kind' server where routes don't diff --git a/charts/ploigos-workflow-minimal-tekton-pipeline/templates/NOTES.txt b/charts/ploigos-workflow/minimal-tekton-pipeline/templates/NOTES.txt similarity index 100% rename from charts/ploigos-workflow-minimal-tekton-pipeline/templates/NOTES.txt rename to charts/ploigos-workflow/minimal-tekton-pipeline/templates/NOTES.txt diff --git a/charts/ploigos-workflow-minimal-tekton-pipeline/templates/Pipeline_ploigos-workflow-minimal.yml b/charts/ploigos-workflow/minimal-tekton-pipeline/templates/Pipeline_ploigos-workflow-minimal.yml similarity index 93% rename from charts/ploigos-workflow-minimal-tekton-pipeline/templates/Pipeline_ploigos-workflow-minimal.yml rename to charts/ploigos-workflow/minimal-tekton-pipeline/templates/Pipeline_ploigos-workflow-minimal.yml index e877fad..b02bf1d 100644 --- a/charts/ploigos-workflow-minimal-tekton-pipeline/templates/Pipeline_ploigos-workflow-minimal.yml +++ b/charts/ploigos-workflow/minimal-tekton-pipeline/templates/Pipeline_ploigos-workflow-minimal.yml @@ -178,13 +178,12 @@ spec: git+https://gitea.internal.example.xyz/tools/ploigos-step-runner.git@main installs from an internal fork of the step runner library from the 'main' branch. default: "" - # NOTE: See https://github.com/tektoncd/pipeline/issues/3423 - #- name: workflowWorkersImagePullPolicy - # type: string - # description: | - # Policy for pulling new versions of the imageTag for the CI worker images - # when running this pipeline. - # default: IfNotPresent + - name: workflowWorkersImagePullPolicy + type: string + description: | + Policy for pulling new versions of the imageTag for the CI worker images + when running this pipeline. + default: IfNotPresent - name: workflowWorkerImageDefault type: string description: | @@ -258,6 +257,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageSourceClone) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: url value: $(params.appRepoUrl) - name: revision @@ -299,6 +300,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: stepRunnerUpdateLibrary @@ -341,6 +344,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: pgpKeysSecretName value: $(params.pgpKeysSecretName) @@ -392,6 +397,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -401,50 +408,12 @@ spec: - name: stepRunnerConfigDir value: $(params.stepRunnerConfigDir) - ####################### - # CI: Tag Source Code # - ####################### - - name: ci-tag-source-code - runAfter: - - ci-generate-metadata - when: - - input: "$(tasks.ci-stage-gate.results.matches)" - operator: in - values: ["true"] - taskRef: - kind: ClusterTask - name: ploigos-step-runner - workspaces: - - name: home - workspace: home - - name: app - workspace: app - {{- if $.Values.global.separatePlatformConfig }} - - name: ploigos-platform-config - workspace: ploigos-platform-config - - name: ploigos-platform-config-secrets - workspace: ploigos-platform-config-secrets - {{- end }} - params: - - name: verbose - value: $(params.verbose) - - name: image - value: $(params.workflowWorkerImageDefault) - - name: stepRunnerPackageName - value: $(params.stepRunnerPackageName) - - name: venvPath - value: $(tasks.setup-workflow-step-runner.results.venvPath) - - name: stepName - value: tag-source - - name: stepRunnerConfigDir - value: $(params.stepRunnerConfigDir) - ########################### # CI: Package Application # ########################### - name: ci-package-application runAfter: - - ci-tag-source-code + - ci-generate-metadata when: - input: "$(tasks.ci-stage-gate.results.matches)" operator: in @@ -468,6 +437,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImagePackage) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -477,50 +448,12 @@ spec: - name: stepRunnerConfigDir value: $(params.stepRunnerConfigDir) - ###################################### - # CI: Push Application to Repository # - ###################################### - - name: ci-push-application-to-repository - runAfter: - - ci-package-application - when: - - input: "$(tasks.ci-stage-gate.results.matches)" - operator: in - values: ["true"] - taskRef: - kind: ClusterTask - name: ploigos-step-runner - workspaces: - - name: home - workspace: home - - name: app - workspace: app - {{- if $.Values.global.separatePlatformConfig }} - - name: ploigos-platform-config - workspace: ploigos-platform-config - - name: ploigos-platform-config-secrets - workspace: ploigos-platform-config-secrets - {{- end }} - params: - - name: verbose - value: $(params.verbose) - - name: image - value: $(params.workflowWorkerImagePushArtifacts) - - name: stepRunnerPackageName - value: $(params.stepRunnerPackageName) - - name: venvPath - value: $(tasks.setup-workflow-step-runner.results.venvPath) - - name: stepName - value: push-artifacts - - name: stepRunnerConfigDir - value: $(params.stepRunnerConfigDir) - ############################## # CI: Create Container Image # ############################## - name: ci-create-container-image runAfter: - - ci-push-application-to-repository + - ci-package-application when: - input: "$(tasks.ci-stage-gate.results.matches)" operator: in @@ -544,6 +477,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageContainerOperations) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -582,6 +517,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageContainerOperations) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -637,6 +574,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageDeploy) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -701,6 +640,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageDeploy) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -758,6 +699,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageDeploy) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -768,3 +711,40 @@ spec: value: $(params.stepRunnerConfigDir) - name: environment value: $(params.envNameProd) + + finally: + ########## + # Report # + ########## + - name: report + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: report + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + - name: environment + value: $(params.envNameProd) diff --git a/charts/ploigos-workflow-minimal-tekton-pipeline/templates/_helpers.tpl b/charts/ploigos-workflow/minimal-tekton-pipeline/templates/_helpers.tpl similarity index 100% rename from charts/ploigos-workflow-minimal-tekton-pipeline/templates/_helpers.tpl rename to charts/ploigos-workflow/minimal-tekton-pipeline/templates/_helpers.tpl diff --git a/charts/ploigos-workflow-minimal-tekton-pipeline/values.yaml b/charts/ploigos-workflow/minimal-tekton-pipeline/values.yaml similarity index 100% rename from charts/ploigos-workflow-minimal-tekton-pipeline/values.yaml rename to charts/ploigos-workflow/minimal-tekton-pipeline/values.yaml diff --git a/charts/ploigos-workflow-standard-tekton-pipeline/.helmignore b/charts/ploigos-workflow/shared-resources/.helmignore similarity index 100% rename from charts/ploigos-workflow-standard-tekton-pipeline/.helmignore rename to charts/ploigos-workflow/shared-resources/.helmignore diff --git a/charts/ploigos-workflow-shared-resources/Chart.yaml b/charts/ploigos-workflow/shared-resources/Chart.yaml similarity index 100% rename from charts/ploigos-workflow-shared-resources/Chart.yaml rename to charts/ploigos-workflow/shared-resources/Chart.yaml diff --git a/charts/ploigos-workflow-shared-resources/ci/test-values.yaml b/charts/ploigos-workflow/shared-resources/ci/test-values.yaml similarity index 100% rename from charts/ploigos-workflow-shared-resources/ci/test-values.yaml rename to charts/ploigos-workflow/shared-resources/ci/test-values.yaml diff --git a/charts/ploigos-workflow-shared-resources/templates/NOTES.txt b/charts/ploigos-workflow/shared-resources/templates/NOTES.txt similarity index 100% rename from charts/ploigos-workflow-shared-resources/templates/NOTES.txt rename to charts/ploigos-workflow/shared-resources/templates/NOTES.txt diff --git a/charts/ploigos-workflow-shared-resources/templates/Secret_pgp-keys.yml b/charts/ploigos-workflow/shared-resources/templates/Secret_pgp-keys.yml similarity index 100% rename from charts/ploigos-workflow-shared-resources/templates/Secret_pgp-keys.yml rename to charts/ploigos-workflow/shared-resources/templates/Secret_pgp-keys.yml diff --git a/charts/ploigos-workflow-shared-resources/templates/ServiceAccount_workflow.yml b/charts/ploigos-workflow/shared-resources/templates/ServiceAccount_workflow.yml similarity index 100% rename from charts/ploigos-workflow-shared-resources/templates/ServiceAccount_workflow.yml rename to charts/ploigos-workflow/shared-resources/templates/ServiceAccount_workflow.yml diff --git a/charts/ploigos-workflow-shared-resources/templates/_helpers.tpl b/charts/ploigos-workflow/shared-resources/templates/_helpers.tpl similarity index 100% rename from charts/ploigos-workflow-shared-resources/templates/_helpers.tpl rename to charts/ploigos-workflow/shared-resources/templates/_helpers.tpl diff --git a/charts/ploigos-workflow-shared-resources/values.yaml b/charts/ploigos-workflow/shared-resources/values.yaml similarity index 100% rename from charts/ploigos-workflow-shared-resources/values.yaml rename to charts/ploigos-workflow/shared-resources/values.yaml diff --git a/charts/ploigos-workflow-tekton-cluster-resources/.helmignore b/charts/ploigos-workflow/tekton-cluster-resources/.helmignore similarity index 100% rename from charts/ploigos-workflow-tekton-cluster-resources/.helmignore rename to charts/ploigos-workflow/tekton-cluster-resources/.helmignore diff --git a/charts/ploigos-workflow-tekton-cluster-resources/Chart.yaml b/charts/ploigos-workflow/tekton-cluster-resources/Chart.yaml similarity index 100% rename from charts/ploigos-workflow-tekton-cluster-resources/Chart.yaml rename to charts/ploigos-workflow/tekton-cluster-resources/Chart.yaml diff --git a/charts/ploigos-workflow-tekton-cluster-resources/ci/test-no-rbac-values.yaml b/charts/ploigos-workflow/tekton-cluster-resources/ci/test-no-rbac-values.yaml similarity index 100% rename from charts/ploigos-workflow-tekton-cluster-resources/ci/test-no-rbac-values.yaml rename to charts/ploigos-workflow/tekton-cluster-resources/ci/test-no-rbac-values.yaml diff --git a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClsuterTask_pattern-matcher.yml b/charts/ploigos-workflow/tekton-cluster-resources/templates/ClsuterTask_pattern-matcher.yml similarity index 87% rename from charts/ploigos-workflow-tekton-cluster-resources/templates/ClsuterTask_pattern-matcher.yml rename to charts/ploigos-workflow/tekton-cluster-resources/templates/ClsuterTask_pattern-matcher.yml index ea04ca6..4de9af0 100644 --- a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClsuterTask_pattern-matcher.yml +++ b/charts/ploigos-workflow/tekton-cluster-resources/templates/ClsuterTask_pattern-matcher.yml @@ -41,12 +41,11 @@ spec: description: | Container image to run the steps of this task in. default: ubi8-minimal - # NOTE: See https://github.com/tektoncd/pipeline/issues/3423 - #- name: imagePullPolicy - # type: string - # description: | - # Policy for pulling new versions of the given image. - # default: IfNotPresent + - name: imagePullPolicy + type: string + description: | + Policy for pulling new versions of the given image. + default: IfNotPresent - name: input type: string description: | @@ -68,10 +67,7 @@ spec: steps: - name: pattern-match image: $(params.image) - # NOTE: - # when https://github.com/tektoncd/pipeline/issues/3423 resolved - # replace with $(params.imagePullPolicy) - imagePullPolicy: {{ $.Values.imagePullPolicy }} + imagePullPolicy: $(params.imagePullPolicy) {{- if $.Values.workflowWorkerRunAsUser }} securityContext: runAsUser: {{ $.Values.workflowWorkerRunAsUser | int }} diff --git a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterRole_run-as-user.yml b/charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterRole_run-as-user.yml similarity index 100% rename from charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterRole_run-as-user.yml rename to charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterRole_run-as-user.yml diff --git a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_import-pgp-keys.yml b/charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTask_import-pgp-keys.yml similarity index 80% rename from charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_import-pgp-keys.yml rename to charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTask_import-pgp-keys.yml index 7a9ff0c..89e902b 100644 --- a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_import-pgp-keys.yml +++ b/charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTask_import-pgp-keys.yml @@ -27,13 +27,11 @@ spec: description: | Container image to run the steps of this task in. default: ploigos/ploigos-base:latest - # NOTE: See https://github.com/tektoncd/pipeline/issues/3423 - #- name: imagePullPolicy - # type: string - # description: | - # Policy for pulling new versions of the given image. - # default: IfNotPresent - + - name: imagePullPolicy + type: string + description: | + Policy for pulling new versions of the given image. + default: IfNotPresent - name: pgpKeysSecretName type: string default: @@ -44,10 +42,7 @@ spec: steps: - name: import-pgp-key image: $(params.image) - # NOTE: - # when https://github.com/tektoncd/pipeline/issues/3423 resolved - # replace with $(params.imagePullPolicy) - imagePullPolicy: {{ $.Values.imagePullPolicy }} + imagePullPolicy: $(params.imagePullPolicy) {{- if $.Values.workflowWorkerRunAsUser }} securityContext: runAsUser: {{ $.Values.workflowWorkerRunAsUser | int }} diff --git a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_ploigos-git-clone.yml b/charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTask_ploigos-git-clone.yml similarity index 92% rename from charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_ploigos-git-clone.yml rename to charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTask_ploigos-git-clone.yml index c05597d..6ec2277 100644 --- a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_ploigos-git-clone.yml +++ b/charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTask_ploigos-git-clone.yml @@ -87,12 +87,11 @@ spec: description: | Container image to run the steps of this task in. default: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.12.1 - # NOTE: See https://github.com/tektoncd/pipeline/issues/3423 - #- name: imagePullPolicy - # type: string - # description: | - # Policy for pulling new versions of the given image. - # default: IfNotPresent + - name: imagePullPolicy + type: string + description: | + Policy for pulling new versions of the given image. + default: IfNotPresent results: - name: commit description: The precise commit SHA that was fetched by this Task @@ -102,10 +101,7 @@ spec: steps: - name: clone image: $(params.image) - # NOTE: - # when https://github.com/tektoncd/pipeline/issues/3423 resolved - # replace with $(params.imagePullPolicy) - imagePullPolicy: {{ $.Values.imagePullPolicy }} + imagePullPolicy: $(params.imagePullPolicy) script: | #!/bin/sh set -eu -o pipefail diff --git a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_ploigos-setup-workflow-step-runner.yml b/charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTask_ploigos-setup-workflow-step-runner.yml similarity index 93% rename from charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_ploigos-setup-workflow-step-runner.yml rename to charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTask_ploigos-setup-workflow-step-runner.yml index c8230ea..d9f8c1c 100644 --- a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_ploigos-setup-workflow-step-runner.yml +++ b/charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTask_ploigos-setup-workflow-step-runner.yml @@ -30,12 +30,11 @@ spec: description: | Container image to run the steps of this task in. default: ploigos/ploigos-base:latest - # NOTE: See https://github.com/tektoncd/pipeline/issues/3423 - #- name: imagePullPolicy - # type: string - # description: | - # Policy for pulling new versions of the given image. - # default: IfNotPresent + - name: imagePullPolicy + type: string + description: | + Policy for pulling new versions of the given image. + default: IfNotPresent - name: stepRunnerPackageName type: string description: | @@ -134,10 +133,7 @@ spec: steps: - name: create-python-venv image: $(params.image) - # NOTE: - # when https://github.com/tektoncd/pipeline/issues/3423 resolved - # replace with $(params.imagePullPolicy) - imagePullPolicy: {{ $.Values.imagePullPolicy }} + imagePullPolicy: $(params.imagePullPolicy) {{- if $.Values.workflowWorkerRunAsUser }} securityContext: runAsUser: {{ $.Values.workflowWorkerRunAsUser | int }} @@ -162,10 +158,7 @@ spec: - name: install-step-runner-python-library image: $(params.image) - # NOTE: - # when https://github.com/tektoncd/pipeline/issues/3423 resolved - # replace with $(params.imagePullPolicy) - imagePullPolicy: {{ $.Values.imagePullPolicy }} + imagePullPolicy: $(params.imagePullPolicy) {{- if $.Values.workflowWorkerRunAsUser }} securityContext: runAsNonRoot: true diff --git a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_ploigos-step-runner.yml b/charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTask_ploigos-step-runner.yml similarity index 92% rename from charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_ploigos-step-runner.yml rename to charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTask_ploigos-step-runner.yml index 1c949fe..8a839a6 100644 --- a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_ploigos-step-runner.yml +++ b/charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTask_ploigos-step-runner.yml @@ -42,12 +42,11 @@ spec: description: | Container image to run the steps of this task in. default: ubi8-minimal - # NOTE: See https://github.com/tektoncd/pipeline/issues/3423 - #- name: imagePullPolicy - # type: string - # description: | - # Policy for pulling new versions of the given image. - # default: IfNotPresent + - name: imagePullPolicy + type: string + description: | + Policy for pulling new versions of the given image. + default: IfNotPresent - name: venvPath type: string description: | @@ -88,10 +87,7 @@ spec: steps: - name: workflow-step image: $(params.image) - # NOTE: - # when https://github.com/tektoncd/pipeline/issues/3423 resolved - # replace with $(params.imagePullPolicy) - imagePullPolicy: {{ $.Values.imagePullPolicy }} + imagePullPolicy: $(params.imagePullPolicy) {{- if $.Values.workflowWorkerRunAsUser }} securityContext: runAsUser: {{ $.Values.workflowWorkerRunAsUser | int }} diff --git a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTriggerBinding_gitea-pullreq.yml b/charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTriggerBinding_gitea-pullreq.yml similarity index 94% rename from charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTriggerBinding_gitea-pullreq.yml rename to charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTriggerBinding_gitea-pullreq.yml index ba9d7a7..a9f7441 100644 --- a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTriggerBinding_gitea-pullreq.yml +++ b/charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTriggerBinding_gitea-pullreq.yml @@ -13,7 +13,7 @@ spec: - name: git-repo-event-target-ref value: $(body.pull_request.head.ref) - name: pipelinerun-name - value: $(body.extensions.pipelinerun_name) + value: $(extensions.pipelinerun_name) - name: pullreq-sha value: $(body.pull_request.head.sha) - name: pullreq-ref diff --git a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTriggerBinding_gitea-push.yml b/charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTriggerBinding_gitea-push.yml similarity index 81% rename from charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTriggerBinding_gitea-push.yml rename to charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTriggerBinding_gitea-push.yml index 563faee..c63cf95 100644 --- a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTriggerBinding_gitea-push.yml +++ b/charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTriggerBinding_gitea-push.yml @@ -11,6 +11,6 @@ spec: - name: git-repo-ssh-url value: $(body.repository.ssh_url) - name: git-repo-event-target-ref - value: $(body.extensions.branch_name) + value: $(extensions.branch_name) - name: pipelinerun-name - value: $(body.extensions.pipelinerun_name) + value: $(extensions.pipelinerun_name) diff --git a/charts/ploigos-workflow-tekton-cluster-resources/templates/NOTES.txt b/charts/ploigos-workflow/tekton-cluster-resources/templates/NOTES.txt similarity index 100% rename from charts/ploigos-workflow-tekton-cluster-resources/templates/NOTES.txt rename to charts/ploigos-workflow/tekton-cluster-resources/templates/NOTES.txt diff --git a/charts/ploigos-workflow-tekton-cluster-resources/templates/SecurityContextConstraints_run-as-user.yml b/charts/ploigos-workflow/tekton-cluster-resources/templates/SecurityContextConstraints_run-as-user.yml similarity index 100% rename from charts/ploigos-workflow-tekton-cluster-resources/templates/SecurityContextConstraints_run-as-user.yml rename to charts/ploigos-workflow/tekton-cluster-resources/templates/SecurityContextConstraints_run-as-user.yml diff --git a/charts/ploigos-workflow-tekton-cluster-resources/templates/_helpers.tpl b/charts/ploigos-workflow/tekton-cluster-resources/templates/_helpers.tpl similarity index 100% rename from charts/ploigos-workflow-tekton-cluster-resources/templates/_helpers.tpl rename to charts/ploigos-workflow/tekton-cluster-resources/templates/_helpers.tpl diff --git a/charts/ploigos-workflow-tekton-cluster-resources/values.yaml b/charts/ploigos-workflow/tekton-cluster-resources/values.yaml similarity index 100% rename from charts/ploigos-workflow-tekton-cluster-resources/values.yaml rename to charts/ploigos-workflow/tekton-cluster-resources/values.yaml diff --git a/charts/ploigos-workflow-tekton-shared-resources/.helmignore b/charts/ploigos-workflow/tekton-shared-resources/.helmignore similarity index 100% rename from charts/ploigos-workflow-tekton-shared-resources/.helmignore rename to charts/ploigos-workflow/tekton-shared-resources/.helmignore diff --git a/charts/ploigos-workflow-tekton-shared-resources/Chart.yaml b/charts/ploigos-workflow/tekton-shared-resources/Chart.yaml similarity index 100% rename from charts/ploigos-workflow-tekton-shared-resources/Chart.yaml rename to charts/ploigos-workflow/tekton-shared-resources/Chart.yaml diff --git a/charts/ploigos-workflow/tekton-shared-resources/charts/ploigos-workflow-shared-resources b/charts/ploigos-workflow/tekton-shared-resources/charts/ploigos-workflow-shared-resources new file mode 120000 index 0000000..0726ceb --- /dev/null +++ b/charts/ploigos-workflow/tekton-shared-resources/charts/ploigos-workflow-shared-resources @@ -0,0 +1 @@ +../../shared-resources \ No newline at end of file diff --git a/charts/ploigos-workflow-tekton-shared-resources/ci/test-values.yaml b/charts/ploigos-workflow/tekton-shared-resources/ci/test-values.yaml similarity index 96% rename from charts/ploigos-workflow-tekton-shared-resources/ci/test-values.yaml rename to charts/ploigos-workflow/tekton-shared-resources/ci/test-values.yaml index 1ad0d39..cda4110 100644 --- a/charts/ploigos-workflow-tekton-shared-resources/ci/test-values.yaml +++ b/charts/ploigos-workflow/tekton-shared-resources/ci/test-values.yaml @@ -6,8 +6,8 @@ global: stepRunnerConfigDir: cicd/step-runner-config workflowWorkerImageDefault: quay.io/ploigos/ploigos-base:latest - workflowWorkerImagePackage: quay.io/ploigos/ploigos-tool-maven:nightly - workflowWorkerImagePushArtifacts: quay.io/ploigos/ploigos-tool-maven:nightly + workflowWorkerImagePackage: quay.io/ploigos/ploigos-tool-maven:latest + workflowWorkerImagePushArtifacts: quay.io/ploigos/ploigos-tool-maven:latest # NOTE: # have to test with ingress since GitHub action tests on 'kind' server where routes don't diff --git a/charts/ploigos-workflow-tekton-shared-resources/templates/CronJob_cleanup.yml b/charts/ploigos-workflow/tekton-shared-resources/templates/CronJob_cleanup.yml similarity index 100% rename from charts/ploigos-workflow-tekton-shared-resources/templates/CronJob_cleanup.yml rename to charts/ploigos-workflow/tekton-shared-resources/templates/CronJob_cleanup.yml diff --git a/charts/ploigos-workflow-tekton-shared-resources/templates/EventListener.yml b/charts/ploigos-workflow/tekton-shared-resources/templates/EventListener.yml similarity index 83% rename from charts/ploigos-workflow-tekton-shared-resources/templates/EventListener.yml rename to charts/ploigos-workflow/tekton-shared-resources/templates/EventListener.yml index f0e67b9..db9c835 100644 --- a/charts/ploigos-workflow-tekton-shared-resources/templates/EventListener.yml +++ b/charts/ploigos-workflow/tekton-shared-resources/templates/EventListener.yml @@ -17,7 +17,7 @@ spec: (body.action == 'opened') || (body.action == 'synchronized') ) overlays: - - key: extensions.pipelinerun_name + - key: pipelinerun_name expression: >- body.repository.name.replace('_','-') + '--' + @@ -26,7 +26,7 @@ spec: - kind: ClusterTriggerBinding ref: gitea-pullreq template: - name: {{ include "ploigos-workflow-tekton.triggerTemplateName" . }} + ref: {{ include "ploigos-workflow-tekton.triggerTemplateName" . }} - name: gitea-push interceptors: - cel: @@ -34,10 +34,10 @@ spec: (header.match('X-Gitea-Event', 'push')) && (body.ref.startsWith('refs/heads/')) overlays: - - key: extensions.branch_name + - key: branch_name expression: >- body.ref.replace('refs/heads/', '') - - key: extensions.pipelinerun_name + - key: pipelinerun_name expression: >- body.repository.name.replace('_','-') + '--' + @@ -46,4 +46,4 @@ spec: - kind: ClusterTriggerBinding ref: gitea-push template: - name: {{ include "ploigos-workflow-tekton.triggerTemplateName" . }} + ref: {{ include "ploigos-workflow-tekton.triggerTemplateName" . }} diff --git a/charts/ploigos-workflow-tekton-shared-resources/templates/Ingress_event-listener.yml b/charts/ploigos-workflow/tekton-shared-resources/templates/Ingress_event-listener.yml similarity index 100% rename from charts/ploigos-workflow-tekton-shared-resources/templates/Ingress_event-listener.yml rename to charts/ploigos-workflow/tekton-shared-resources/templates/Ingress_event-listener.yml diff --git a/charts/ploigos-workflow-tekton-shared-resources/templates/NOTES.txt b/charts/ploigos-workflow/tekton-shared-resources/templates/NOTES.txt similarity index 100% rename from charts/ploigos-workflow-tekton-shared-resources/templates/NOTES.txt rename to charts/ploigos-workflow/tekton-shared-resources/templates/NOTES.txt diff --git a/charts/ploigos-workflow-tekton-shared-resources/templates/Route_event-listener.yml b/charts/ploigos-workflow/tekton-shared-resources/templates/Route_event-listener.yml similarity index 100% rename from charts/ploigos-workflow-tekton-shared-resources/templates/Route_event-listener.yml rename to charts/ploigos-workflow/tekton-shared-resources/templates/Route_event-listener.yml diff --git a/charts/ploigos-workflow-tekton-shared-resources/templates/Secret_tekton-git-ssh-auth.yml b/charts/ploigos-workflow/tekton-shared-resources/templates/Secret_tekton-git-ssh-auth.yml similarity index 100% rename from charts/ploigos-workflow-tekton-shared-resources/templates/Secret_tekton-git-ssh-auth.yml rename to charts/ploigos-workflow/tekton-shared-resources/templates/Secret_tekton-git-ssh-auth.yml diff --git a/charts/ploigos-workflow-tekton-shared-resources/templates/ServiceAccount_event-listener.yml b/charts/ploigos-workflow/tekton-shared-resources/templates/ServiceAccount_event-listener.yml similarity index 60% rename from charts/ploigos-workflow-tekton-shared-resources/templates/ServiceAccount_event-listener.yml rename to charts/ploigos-workflow/tekton-shared-resources/templates/ServiceAccount_event-listener.yml index 0282605..f7cbad2 100644 --- a/charts/ploigos-workflow-tekton-shared-resources/templates/ServiceAccount_event-listener.yml +++ b/charts/ploigos-workflow/tekton-shared-resources/templates/ServiceAccount_event-listener.yml @@ -1,3 +1,5 @@ +# Based on content from: https://github.com/tektoncd/triggers/blob/main/examples/rbac.yaml + --- apiVersion: v1 kind: ServiceAccount @@ -12,13 +14,13 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ include "ploigos-workflow-tekton.eventListenerServiceAccountName" . }} rules: -# Permissions for every EventListener deployment to function +# EventListeners need to be able to fetch all namespaced resources - apiGroups: ["triggers.tekton.dev"] resources: ["eventlisteners", "triggerbindings", "triggertemplates", "triggers"] verbs: ["get", "list", "watch"] - apiGroups: [""] - # secrets are only needed for GitHub/GitLab interceptors - resources: ["configmaps", "secrets"] +# configmaps is needed for updating logging config + resources: ["configmaps"] verbs: ["get", "list", "watch"] # Permissions to create resources in associated TriggerTemplates - apiGroups: ["tekton.dev"] @@ -27,6 +29,18 @@ rules: - apiGroups: [""] resources: ["serviceaccounts"] verbs: ["impersonate"] +- apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + resourceNames: ["tekton-triggers"] + verbs: ["use"] +# EventListeners need to be able to fetch any clustertriggerbindings +# NOTE: in Tekton examples this is put into a ClusterRole and ClusterBinding +# but from testing it works fine for our use case as a namespaced Role +# and RoleBinding and allows us to not require users to have permissions +# to create cluster level resources. +- apiGroups: ["triggers.tekton.dev"] + resources: ["clustertriggerbindings", "clusterinterceptors"] + verbs: ["get", "list", "watch"] --- kind: RoleBinding diff --git a/charts/ploigos-workflow-tekton-shared-resources/templates/TriggerTemplate.yml b/charts/ploigos-workflow/tekton-shared-resources/templates/TriggerTemplate.yml similarity index 100% rename from charts/ploigos-workflow-tekton-shared-resources/templates/TriggerTemplate.yml rename to charts/ploigos-workflow/tekton-shared-resources/templates/TriggerTemplate.yml diff --git a/charts/ploigos-workflow-tekton-shared-resources/templates/_helpers.tpl b/charts/ploigos-workflow/tekton-shared-resources/templates/_helpers.tpl similarity index 100% rename from charts/ploigos-workflow-tekton-shared-resources/templates/_helpers.tpl rename to charts/ploigos-workflow/tekton-shared-resources/templates/_helpers.tpl diff --git a/charts/ploigos-workflow-tekton-shared-resources/templates/tests/test-eventlistener-ingress-admitted.yaml b/charts/ploigos-workflow/tekton-shared-resources/templates/tests/test-eventlistener-ingress-admitted.yaml similarity index 100% rename from charts/ploigos-workflow-tekton-shared-resources/templates/tests/test-eventlistener-ingress-admitted.yaml rename to charts/ploigos-workflow/tekton-shared-resources/templates/tests/test-eventlistener-ingress-admitted.yaml diff --git a/charts/ploigos-workflow-tekton-shared-resources/templates/tests/test-eventlistener-route-admitted.yaml b/charts/ploigos-workflow/tekton-shared-resources/templates/tests/test-eventlistener-route-admitted.yaml similarity index 100% rename from charts/ploigos-workflow-tekton-shared-resources/templates/tests/test-eventlistener-route-admitted.yaml rename to charts/ploigos-workflow/tekton-shared-resources/templates/tests/test-eventlistener-route-admitted.yaml diff --git a/charts/ploigos-workflow-tekton-shared-resources/values.yaml b/charts/ploigos-workflow/tekton-shared-resources/values.yaml similarity index 100% rename from charts/ploigos-workflow-tekton-shared-resources/values.yaml rename to charts/ploigos-workflow/tekton-shared-resources/values.yaml diff --git a/charts/ploigos-workflow/typical-tekton-pipeline/.helmignore b/charts/ploigos-workflow/typical-tekton-pipeline/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/ploigos-workflow/typical-tekton-pipeline/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/ploigos-workflow-standard-tekton-pipeline/Chart.yaml b/charts/ploigos-workflow/typical-tekton-pipeline/Chart.yaml similarity index 67% rename from charts/ploigos-workflow-standard-tekton-pipeline/Chart.yaml rename to charts/ploigos-workflow/typical-tekton-pipeline/Chart.yaml index 658ec4e..944bda3 100644 --- a/charts/ploigos-workflow-standard-tekton-pipeline/Chart.yaml +++ b/charts/ploigos-workflow/typical-tekton-pipeline/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 -name: ploigos-workflow-standard-tekton-pipeline +name: ploigos-workflow-typical-tekton-pipeline description: | - A Helm chart for Kubernetes to install the Ploigos Workflow (Standard) run by Tekton for a + A Helm chart for Kubernetes to install the Ploigos Workflow (Typical) run by Tekton for a given application service. type: application maintainers: diff --git a/charts/ploigos-workflow/typical-tekton-pipeline/charts/ploigos-workflow-tekton-shared-resources b/charts/ploigos-workflow/typical-tekton-pipeline/charts/ploigos-workflow-tekton-shared-resources new file mode 120000 index 0000000..4944054 --- /dev/null +++ b/charts/ploigos-workflow/typical-tekton-pipeline/charts/ploigos-workflow-tekton-shared-resources @@ -0,0 +1 @@ +../../tekton-shared-resources \ No newline at end of file diff --git a/charts/ploigos-workflow/typical-tekton-pipeline/ci/test-values.yaml b/charts/ploigos-workflow/typical-tekton-pipeline/ci/test-values.yaml new file mode 100644 index 0000000..8d39e1d --- /dev/null +++ b/charts/ploigos-workflow/typical-tekton-pipeline/ci/test-values.yaml @@ -0,0 +1,22 @@ +--- +global: + applicationName: test-app + serviceName: test-srv + + stepRunnerConfigDir: cicd/step-runner-config + + workflowWorkerImageDefault: quay.io/ploigos/ploigos-base:latest + workflowWorkerImageUnitTest: quay.io/ploigos/ploigos-tool-maven:latest + workflowWorkerImagePackage: quay.io/ploigos/ploigos-tool-maven:latest + workflowWorkerImageStaticCodeAnalysis: quay.io/ploigos/ploigos-tool-sonar:latest + workflowWorkerImagePushArtifacts: quay.io/ploigos/ploigos-tool-maven:latest + workflowWorkerImageUAT: quay.io/ploigos/ploigos-tool-maven:latest + + # NOTE: + # have to test with ingress since GitHub action tests on 'kind' server where routes don't + # exist. Would much rather not have this hard coded in here and pass in at run time but.... + # https://github.com/helm/chart-testing/issues/301 + eventListenerCreateRoute: false + eventListenerCreateIngress: true + eventListenerRouteHostOverride: el-test.ploigos.xyz + eventListenerIngressHost: el-test.ploigos.xyz diff --git a/charts/ploigos-workflow/typical-tekton-pipeline/templates/NOTES.txt b/charts/ploigos-workflow/typical-tekton-pipeline/templates/NOTES.txt new file mode 100644 index 0000000..4cb0434 --- /dev/null +++ b/charts/ploigos-workflow/typical-tekton-pipeline/templates/NOTES.txt @@ -0,0 +1,8 @@ +********************************************* +* ploigos-workflow-standard-tekton-pipeline * +********************************************* + +Installed Ploigos Workflow (Standard) +* Tekton Pipeline: {{ include "ploigos-workflow-tekton.pipelineName" . }} +* Application: {{ $.Values.global.applicationName }} +* Service: {{ $.Values.global.serviceName }} diff --git a/charts/ploigos-workflow/typical-tekton-pipeline/templates/Pipeline_ploigos-workflow-typical.yml b/charts/ploigos-workflow/typical-tekton-pipeline/templates/Pipeline_ploigos-workflow-typical.yml new file mode 100644 index 0000000..7723ba8 --- /dev/null +++ b/charts/ploigos-workflow/typical-tekton-pipeline/templates/Pipeline_ploigos-workflow-typical.yml @@ -0,0 +1,1055 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: Pipeline +metadata: + name: {{ include "ploigos-workflow-tekton.pipelineName" . | quote }} + labels: + ploigos.dev/workflow: standard + {{- include "ploigos-workflow.labels" . | nindent 4 }} +spec: + workspaces: + - name: home + description: | + Workspace for the container users home directory. + - name: app + description: | + Workspace to checkout the application this workflow is for and set as the working directory + for the step executions. + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + description: | + Workspace containing platform-level config + - name: ploigos-platform-config-secrets + description: | + Workspace containing platform-level secrets + {{- end }} + params: + - name: verbose + description: log any *sh commands used during execution + type: string + default: "false" + - name: appRepoUrl + description: | + URL to the application repository to run the pipeline for. + type: string + - name: appRepoRef + description: | + Git reference (tag, branch) of the application repository to run the pipeline for. + type: string + - name: appCloneSSLVerify + description: | + Passed to git-clone ClusterTask. + Defines if http.sslVerify should be set to true or false in the global git config + type: string + default: "true" + - name: stepRunnerConfigDir + description: | + Path to the Step Runner configuration to pass to the + Workflow Step Runner when running workflow steps. + type: string + default: '' + - name: pgpKeysSecretName + description: | + Name of the Kubernetes Secret containing the PGP private keys to import for use by SOPS + to decrypt encrypted Step Runner config. + type: string + - name: envNameDev + type: string + description: | + Name of the "Development" environment used in the Step Runner configuration + files and to pass to the Workflow Step Runner when running a step targeted to + the "Development" environment. + default: DEV + - name: envNameTest + type: string + description: | + Name of the "Test" environment used in the Step Runner configuration + files and to pass to the Workflow Step Runner when running a step targeted to + the "Test" environment. + default: TEST + - name: envNameProd + type: string + description: | + Name of the "Production" environment used in the Step Runner configuration + files and to pass to the Workflow Step Runner when running a step targeted to + the "Production" environment. + default: PROD + - name: ciOnlyGitRefPatterns + type: string + description: | + Regex pattern for git references that should only go through the + Continues Integration (CI) workflow. + default: "^$" + - name: devGitRefPatterns + type: string + description: | + Regex pattern for git references that should go through the + Continues Integration (CI) workflow and then the deployment to + "Development" environment(s) (IE: "DEV" environment) workflow. + default: "^feature/.+$|^PR-.+$" + - name: releaseGitRefPatterns + type: string + description: | + Regex pattern for git references that should go through the + Continues Integration (CI) workflow and then the deployment to + "Release" environment(s) (IE: "TEST" and then "PROD" environments) workflow. + default: "^main$" + - name: stepRunnerPackageName + type: string + description: | + Name of the python package to use as the Workflow Step Runner. + default: "ploigos-step-runner" + - name: stepRunnerUpdateLibrary + type: string + description: | + If 'true', then pull the Workflow Step Runner library source code and build it. + If 'false', use the version of the Workflow Step Runner library that is pre-installed + in the CI worker images. + + If 'false' then the following parameters are ignored: + - 'stepRunnerLibSourceUrl' + - 'stepRunnerLibIndexUrl' + - 'stepRunnerLibExtraIndexUrl' + - 'stepRunnerLibVersion' + default: "false" + - name: stepRunnerLibIndexUrl + type: string + description: | + If 'stepRunnerUpdateLibrary' is true and 'stepRunnerLibSourceUrl' is not supplied then this + will be passed to pip as '--index-url' for installing the Workflow Step Runner library + and its dependencies. + + NOTE + ---- + PIP is indeterminate whether it will pull packages from '--index-url' or + '--extra-index-url', therefor be sure to specify 'stepRunnerLibVersion' + if trying to pull a specific version from a specific index. + + SEE + --- + - https://pip.pypa.io/en/stable/reference/pip_install/#id48 + default: "https://pypi.org/simple/" + - name: stepRunnerLibExtraIndexUrl + type: string + description: | + If 'stepRunnerUpdateLibrary' is true and 'stepRunnerLibSourceUrl' is not supplied then this + will be passed to pip as '--extra-index-url' for installing the Workflow Step Runner library + and its dependencies. + + NOTE + ---- + PIP is indeterminate whether it will pull packages from '--index-url' or + '--extra-index-url', therefor be sure to specify 'stepRunnerLibVersion' + if trying to pull a specific version from a specific index. + + SEE + --- + - https://pip.pypa.io/en/stable/reference/pip_install/#id48 + default: "https://pypi.org/simple/" + - name: stepRunnerLibVersion + type: string + description: | + If 'stepRunnerUpdateLibrary' is true and 'stepRunnerLibSourceUrl' is not supplied then this + will be passed to pip as as the version of the Workflow Step Runner library to install. + + NOTE + ---- + If not given pip will install the latest from either 'stepRunnerLibIndexUrl' or + 'stepRunnerLibExtraIndexUrl' indeterminately. + default: "" + - name: stepRunnerLibSourceUrl + type: string + description: | + If none empty value given and 'stepRunnerUpdateLibrary' is true this will be used as the source + location to install the Workflow Step Runner library from rather then from a PEP 503 compliant + repository. + + If given then the following parameters are ignored: + - 'stepRunnerLibIndexUrl' + - 'stepRunnerLibExtraIndexUrl' + - 'stepRunnerLibVersion' + + EXAMPLES + -------- + git+https://github.com/ploigos/ploigos-step-runner.git@feature/NAPSSPO-1018 + installs from the public 'ploigos' fork from the 'feature/NAPSSPO-1018' branch. + + git+https://gitea.internal.example.xyz/tools/ploigos-step-runner.git@main + installs from an internal fork of the step runner library from the 'main' branch. + default: "" + - name: workflowWorkersImagePullPolicy + type: string + description: | + Policy for pulling new versions of the imageTag for the CI worker images + when running this pipeline. + default: IfNotPresent + - name: workflowWorkerImageDefault + type: string + description: | + Container image to use when creating a workflow worker + to run pipeline steps when no other specific container image has been + specified for that step. + default: ploigos/ploigos-base:latest + - name: workflowWorkerImageSourceClone + type: string + description: | + Container image to use when creating a workflow worker + to run pipeline steps when performing source clone step(s). + default: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.12.1 + - name: workflowWorkerImageUnitTest + type: string + description: | + Container image to use when creating a workflow worker + to run pipeline steps when performing unit test step(s). + - name: workflowWorkerImagePackage + type: string + description: | + Container image to use when creating a workflow worker + to run pipeline steps when performing package application step(s). + - name: workflowWorkerImageStaticCodeAnalysis + type: string + description: | + Container image to use when creating a workflow worker + to run pipeline steps when performing static code analysis step(s). + default: ploigos/ploigos-tool-sonar:latest + - name: workflowWorkerImagePushArtifacts + type: string + description: | + Container image to use when creating a workflow worker + to run pipeline steps when performing push push packaged artifacts step(s). + - name: workflowWorkerImageContainerOperations + type: string + description: | + Container image to use when creating a workflow worker + to run pipeline steps when performing container operations (build/push/etc) step(s). + default: ploigos/ploigos-tool-containers:latest + - name: workflowWorkerImageContainerImageStaticVulnerabilityScan + type: string + description: | + Container image to use when creating a workflow worker to run pipeline steps + when performing container image static vulnerability scan step(s). + default: ploigos/ploigos-tool-openscap:latest + - name: workflowWorkerImageDeploy + type: string + description: | + Container image to use when creating a workflow worker + to run pipeline steps when performing deploy step(s). + default: ploigos/ploigos-tool-argocd:latest + - name: workflowWorkerImageUAT + type: string + description: | + Container image to use when creating a workflow worker + to run pipeline steps when performing user acceptance tests (UAT) step(s). + + tasks: + ######### + # SETUP # + ######### + - name: setup-stage-gate + taskRef: + kind: ClusterTask + name: pattern-matcher + params: + - name: verbose + value: $(params.verbose) + - name: input + value: $(params.appRepoRef) + - name: pattern + value: "$(params.ciOnlyGitRefPatterns)|$(params.devGitRefPatterns)|$(params.releaseGitRefPatterns)" + + #################### + # Setup: App Clone # + #################### + - name: setup-app-clone + runAfter: + - setup-stage-gate + when: + - input: "$(tasks.setup-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-git-clone + workspaces: + - name: output + workspace: app + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageSourceClone) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: url + value: $(params.appRepoUrl) + - name: revision + value: $(params.appRepoRef) + - name: deleteExisting + value: "true" + - name: sslVerify + value: $(params.appCloneSSLVerify) + # NOTE: this is so that git wont end up in a detached head mode + - name: refspec + value: "+refs/heads/$(params.appRepoRef):$(params.appRepoRef)" + + ##################################### + # Setup: Setup Workflow Step Runner # + ##################################### + - name: setup-workflow-step-runner + runAfter: + - setup-stage-gate + # NOTE: + # this dependency is only here because of read/write once constraints of most PV/PVCs + # if happening to be using storage that supports ReadWriteMany then the following steps + # can run in parallel + # * setup-app-clone + # * setup-workflow-step-runner + # * setup-pgp-keys + - setup-app-clone + when: + - input: "$(tasks.setup-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-setup-workflow-step-runner + workspaces: + - name: home + workspace: home + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: stepRunnerUpdateLibrary + value: $(params.stepRunnerUpdateLibrary) + - name: stepRunnerLibSourceUrl + value: $(params.stepRunnerLibSourceUrl) + - name: stepRunnerLibIndexUrl + value: $(params.stepRunnerLibIndexUrl) + - name: stepRunnerLibExtraIndexUrl + value: $(params.stepRunnerLibExtraIndexUrl) + - name: stepRunnerLibVersion + value: $(params.stepRunnerLibVersion) + + ################### + # Setup: PGP Keys # + ################### + - name: setup-pgp-keys + runAfter: + - setup-stage-gate + # NOTE: + # this dependency is only here because of read/write once constraints of most PV/PVCs + # if happening to be using storage that supports ReadWriteMany then the following steps + # can run in parallel + # * setup-app-clone + # * setup-workflow-step-runner + # * setup-pgp-keys + - setup-workflow-step-runner + when: + - input: "$(tasks.setup-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: import-pgp-keys + workspaces: + - name: home + workspace: home + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: pgpKeysSecretName + value: $(params.pgpKeysSecretName) + + ######################### + # Continues Integration # + ######################### + - name: ci-stage-gate + runAfter: + - setup-app-clone + - setup-workflow-step-runner + - setup-pgp-keys + taskRef: + kind: ClusterTask + name: pattern-matcher + params: + - name: verbose + value: $(params.verbose) + - name: input + value: $(params.appRepoRef) + - name: pattern + value: "$(params.ciOnlyGitRefPatterns)|$(params.devGitRefPatterns)|$(params.releaseGitRefPatterns)" + + ######################### + # CI: Generate Metadata # + ######################### + - name: ci-generate-metadata + runAfter: + - ci-stage-gate + when: + - input: "$(tasks.ci-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: generate-metadata + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + + ####################### + # CI: Tag Source Code # + ####################### + - name: ci-tag-source-code + runAfter: + - ci-generate-metadata + when: + - input: "$(tasks.ci-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: tag-source + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + + ###################### + # CI: Run Unit Tests # + ###################### + - name: ci-run-unit-tests + runAfter: + - ci-tag-source-code + when: + - input: "$(tasks.ci-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageUnitTest) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: unit-test + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + + ########################### + # CI: Package Application # + ########################### + - name: ci-package-application + runAfter: + - ci-run-unit-tests + when: + - input: "$(tasks.ci-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImagePackage) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: package + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + + ############################ + # CI: Static Code Analysis # + ############################ + - name: ci-static-code-analysis + runAfter: + - ci-package-application + when: + - input: "$(tasks.ci-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageStaticCodeAnalysis) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: static-code-analysis + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + + ###################################### + # CI: Push Application to Repository # + ###################################### + - name: ci-push-application-to-repository + runAfter: + - ci-static-code-analysis + when: + - input: "$(tasks.ci-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImagePushArtifacts) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: push-artifacts + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + + ############################## + # CI: Create Container Image # + ############################## + - name: ci-create-container-image + runAfter: + - ci-push-application-to-repository + when: + - input: "$(tasks.ci-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageContainerOperations) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: create-container-image + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + + ######################################## + # CI: Static Image Scan: Vulnerability # + ######################################## + - name: ci-static-image-scan-vulnerability + runAfter: + - ci-create-container-image + when: + - input: "$(tasks.ci-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageContainerImageStaticVulnerabilityScan) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: container-image-static-vulnerability-scan + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + + ########################################## + # CI: Push Container Image to Repository # + ########################################## + - name: ci-push-container-image-to-repository + runAfter: + - ci-static-image-scan-vulnerability + when: + - input: "$(tasks.ci-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageContainerOperations) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: push-container-image + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + + ####### + # DEV # + ####### + - name: dev-stage-gate + runAfter: + - ci-push-container-image-to-repository + taskRef: + kind: ClusterTask + name: pattern-matcher + params: + - name: verbose + value: $(params.verbose) + - name: input + value: $(params.appRepoRef) + - name: pattern + value: $(params.devGitRefPatterns) + + ##################################### + # DEV: Deploy or Update Environment # + ##################################### + - name: dev-deploy-or-update-environment + runAfter: + - dev-stage-gate + when: + - input: "$(tasks.dev-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageDeploy) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: deploy + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + - name: environment + value: $(params.envNameDev) + + ################################## + # DEV: Run User Acceptance Tests # + ################################## + - name: dev-run-user-acceptance-tests + runAfter: + - dev-deploy-or-update-environment + when: + - input: "$(tasks.dev-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageUAT) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: uat + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + - name: environment + value: $(params.envNameDev) + + ######## + # TEST # + ######## + - name: test-stage-gate + runAfter: + # NOTE: + # We would prefer to say this runs after the DEV stage finishes.... + # but....https://github.com/tektoncd/pipeline/issues/2127. Which means + # If the DEV stage is skipped then this stage will be skipped too because the + # dev-run-user-acceptance-tests task was skipped so the runAfter makes it so this step + # would never run. + - ci-push-container-image-to-repository + #- dev-run-user-acceptance-tests + taskRef: + kind: ClusterTask + name: pattern-matcher + params: + - name: verbose + value: $(params.verbose) + - name: input + value: $(params.appRepoRef) + - name: pattern + value: $(params.releaseGitRefPatterns) + + ###################################### + # TEST: Deploy or Update Environment # + ###################################### + - name: test-deploy-or-update-environment + runAfter: + - test-stage-gate + when: + - input: "$(tasks.test-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageDeploy) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: deploy + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + - name: environment + value: $(params.envNameTest) + + ################################### + # TEST: Run User Acceptance Tests # + ################################### + - name: test-run-user-acceptance-tests + runAfter: + - test-deploy-or-update-environment + when: + - input: "$(tasks.test-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageUAT) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: uat + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + - name: environment + value: $(params.envNameTest) + + ######## + # PROD # + ######## + - name: prod-stage-gate + runAfter: + - test-run-user-acceptance-tests + taskRef: + kind: ClusterTask + name: pattern-matcher + params: + - name: verbose + value: $(params.verbose) + - name: input + value: $(params.appRepoRef) + - name: pattern + value: $(params.releaseGitRefPatterns) + + ###################################### + # PROD: Deploy or Update Environment # + ###################################### + - name: prod-deploy-or-update-environment + runAfter: + - prod-stage-gate + when: + - input: "$(tasks.prod-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageDeploy) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: deploy + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + - name: environment + value: $(params.envNameProd) + + finally: + ########## + # Report # + ########## + - name: report + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: report + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + - name: environment + value: $(params.envNameProd) diff --git a/charts/ploigos-workflow/typical-tekton-pipeline/templates/_helpers.tpl b/charts/ploigos-workflow/typical-tekton-pipeline/templates/_helpers.tpl new file mode 100644 index 0000000..a5db226 --- /dev/null +++ b/charts/ploigos-workflow/typical-tekton-pipeline/templates/_helpers.tpl @@ -0,0 +1,53 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "ploigos-workflow-tekton-pipeline.name" -}} +{{- .Values.global.nameOverride | default .Values.nameOverride | default .Chart.Name | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ploigos-workflow-tekton-pipeline.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ploigos-workflow-tekton-pipeline.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "ploigos-workflow.labels" -}} +helm.sh/chart: {{ include "ploigos-workflow-tekton-pipeline.chart" . }} +{{ include "ploigos-workflow.selectorLabels" . }} +{{- if .Chart.AppVersion }} +ploigos/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/component: ploigos-workflow +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "ploigos-workflow.selectorLabels" -}} +app.kubernetes.io/name: {{ (required "Global Value is required: serviceName" .Values.global.serviceName) }} +app.kubernetes.io/part-of: {{ (required "Global Value is required: applicationName" .Values.global.applicationName) }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/ploigos-workflow/typical-tekton-pipeline/values.yaml b/charts/ploigos-workflow/typical-tekton-pipeline/values.yaml new file mode 100644 index 0000000..40dd34e --- /dev/null +++ b/charts/ploigos-workflow/typical-tekton-pipeline/values.yaml @@ -0,0 +1,326 @@ +# NOTE +# These are all global so that user doesn't have to know which child chart actually uses them +# and rather just interacts with the cohesive system. +# +# Would have rather had them be scoped to the parent Chart and then re-pass them to child Chart +# but no way to do that with Helm. +global: + # verbose is whether various Workflow systems are more verbose, + # ie setting 'set -x' in *sh commands. + # Useful for debugging. + # Required + verbose: false + + # serviceName is the name of the the service within a given application (applicationName) + # that this Workflow is being deployed for. + # In many places serviceName and applicationName will be combined to make + # unique names for created resources. + # Required. + serviceName: + + # applicationName is the name of the application that contains the service (serviceName) + # that this Workflow is being deployed for. + # In many places serviceName and applicationName will be combined to make + # unique names for created resources. + # Required. + applicationName: + + # eventListenerCreateRoute is boolean whether to create a Route to the EventListener. + # Routes are specific to OpenShift but are convenient in that they can auto-generate + # a host name for the Route. + # If true then eventListenerRouteHostOverride maybe specified. + # If false then eventListenerRouteHostOverride is ignored. + eventListenerCreateRoute: true + + # eventListenerCreateIngress is boolean whether to create an Ingress to the EventListener. + # If true then eventListenerIngressHost must be specified. + # If false then eventListenerIngressHost is ignored. + eventListenerCreateIngress: false + + # eventListenerRouteHostOverride is an optional override to the Kubernetes Route host + # field. + # If eventListenerCreateRoute is true and eventListenerRouteHostOverride is provided + # eventListenerRouteHostOverride will be used as the Route host + # (https://docs.openshift.com/container-platform/4.6/rest_api/network_apis/route-route-openshift-io-v1.html). + # If eventListenerCreateRoute is false then eventListenerRouteHostOverride is ignored. + # + # This is useful if you want control over what the URI is for the EventListener which will + # ultimately need to be configured in your Source Control projects Webhook settings. + # Optional. + eventListenerRouteHostOverride: + + # eventListenerIngressHost is the value to use for the host filed for the Ingress resource + # directed to the Service created by the EventListener. + # Ignored if eventListenerCreateIngress is false. + # Required if eventListenerCreateIngress is true. + eventListenerIngressHost: + + # cleanupPipelineRunsToKeep is the number of Tekton PipelineRuns to keep when automatically + # deleting old PipelineRuns for a given Pipeline. + # Required. + cleanupPipelineRunsToKeep: 10 + # cleanupPipelineRunsSchedule is the cron schedule for how often the CronJob for deleting + # old PipelineRuns is run. + # Required. + cleanupPipelineRunsSchedule: "*/15 * * * *" + # cleanupPipelineSuccessfulJobHistoryLimit is the number of Job resources to keep created + # by the CronJob for deleting old PipelineRuns. + # Required. + cleanupPipelineSuccessfulJobHistoryLimit: 5 + # cleanupPipelineFailedJobHistoryLimit is the number of failed Job resources to keep created + # by the CronJob for deleting old PipelineRuns. + # Required. + cleanupPipelineFailedJobHistoryLimit: 1 + # cleanupPipelineStartingDeadlineSeconds is the startingDeadlineSeconds for the CronJob + # that deletes old PipelineRuns. + # This is important if your Kubernetes Cluster isn't always on because the CronJob will + # think it failed to run while the Kubernetes Cluster was off and then stop attempting to run + # all together. Therefor this number should be long enough to cover any planned outage periods. + # See https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#cron-job-limitations + # Required. + cleanupPipelineStartingDeadlineSeconds: 600 + # cleanupPipelineCronJobImage is the container image to use when running the CronJob to + # delete old PipelineRuns. + # This image must have the 'kubectl' binary installed compatible with the Kubernetes Cluster + # the CronJob is running on. + # Required. + cleanupPipelineCronJobImage: ploigos/ploigos-base:latest + + # stepRunnerPackageName is the name of the python package to use as the Workflow Step Runner. + stepRunnerPackageName: ploigos-step-runner + # stepRunnerUpdateLibrary is whether or not to update the Workflow Step Runner Python library + # installed in the workflow worker images. + # If 'true', then pull the Workflow Step Runner library source code and build it. + # If 'false', use the version of the Workflow Step Runner library that is pre-installed + # in the CI worker images. + # + # If 'false' then the following parameters are ignored: + # - 'stepRunnerLibSourceUrl' + # - 'stepRunnerLibIndexUrl' + # - 'stepRunnerLibExtraIndexUrl' + # - 'stepRunnerLibVersion' + # Required. + stepRunnerUpdateLibrary: false + # stepRunnerLibSourceUrl is the optional URI for where to install/update the Workflow Step Runner + # from. + # If none empty value given and 'stepRunnerUpdateLibrary' is true this will be used as the source + # location to install the Workflow Step Runner library from rather then from a PEP 503 compliant + # repository. + # + # If given then the following parameters are ignored: + # - 'stepRunnerLibIndexUrl' + # - 'stepRunnerLibExtraIndexUrl' + # - 'stepRunnerLibVersion' + # + # EXAMPLES + # -------- + # git+https://github.com/ploigos/ploigos-step-runner.git@feature/NAPSSPO-1018 + # installs from the public 'ploigos' fork from the 'feature/NAPSSPO-1018' branch. + # + # git+https://gitea.internal.example.xyz/tools/ploigos-step-runner.git@main + # installs from an internal fork of the step runner library from the 'main' branch. + # Optional. + stepRunnerLibSourceUrl: + # stepRunnerLibIndexUrl is the optional Python PIP index url to use when + # installing/updateing the Step Runner python library. + # If 'stepRunnerUpdateLibrary' is true and 'stepRunnerLibSourceUrl' is not supplied then this + # will be passed to pip as '--index-url' for installing the Workflow Step Runner library + # and its dependencies. + # + # NOTE + # ---- + # PIP is indeterminate whether it will pull packages from '--index-url' or + # '--extra-index-url', therefor be sure to specify 'stepRunnerLibVersion' + # if trying to pull a specific version from a specific index. + # + # SEE + # --- + # - https://pip.pypa.io/en/stable/reference/pip_install/#id48 + # Optional. + stepRunnerLibIndexUrl: https://pypi.org/simple/ + # stepRunnerLibExtraIndexUrl is the optional Python PIP extra index url to use when + # installing/updateing the Step Runner python library. + # If 'stepRunnerUpdateLibrary' is true and 'stepRunnerLibSourceUrl' is not supplied then this + # will be passed to pip as '--extra-index-url' for installing the Workflow Step Runner library + # and its dependencies. + # + # NOTE + # ---- + # PIP is indeterminate whether it will pull packages from '--index-url' or + # '--extra-index-url', therefor be sure to specify 'stepRunnerLibVersion' + # if trying to pull a specific version from a specific index. + # + # SEE + # --- + # - https://pip.pypa.io/en/stable/reference/pip_install/#id48 + # Optional. + stepRunnerLibExtraIndexUrl: https://pypi.org/simple/ + # stepRunnerLibVersion is the version of the Workflow Step Runner Python library to install. + # If 'stepRunnerUpdateLibrary' is true and 'stepRunnerLibSourceUrl' is not supplied then this + # will be passed to pip as as the version of the Workflow Step Runner library to install. + # + # NOTE + # ---- + # If not given pip will install the latest from either 'stepRunnerLibIndexUrl' or + # 'stepRunnerLibExtraIndexUrl' indeterminately. + # Optional. + stepRunnerLibVersion: + + # envNameDev is the name of the "Development" environment used in the Step Runner configuration + # files and to pass to the Workflow Step Runner when running a step targeted to + # the "Development" environment. + # Required. + envNameDev: DEV + # envNameTest is the name of the "Test" environment used in the Step Runner configuration + # files and to pass to the Workflow Step Runner when running a step targeted to + # the "Test" environment. + # Required. + envNameTest: TEST + # envNameProd is the name of the "Production" environment used in the Step Runner configuration + # files and to pass to the Workflow Step Runner when running a step targeted to + # the "Production" environment. + # Required. + envNameProd: PROD + + # ciOnlyGitRefPatterns is the regex pattern for git references that should only go through the + # Continues Integration (CI) workflow. + # Required. + ciOnlyGitRefPatterns: "^$" + # devGitRefPatterns is the Regex pattern for git references that should go through the + # Continues Integration (CI) workflow and then the deployment to + # "Development" environment(s) (IE: "DEV" environment) workflow. + # Required. + devGitRefPatterns: "^feature/.+$|^PR-.+$" + # releaseGitRefPatterns is the Regex pattern for git references that should go through the + # Continues Integration (CI) workflow and then the deployment to + # "Release" environment(s) (IE: "TEST" and then "PROD" environments) workflow. + # Required. + releaseGitRefPatterns: "^main$" + + # pgpKeysSecretNameOverride is the optional override for Kubernetes Secret name to + # attach to the workflow worker containers for importing PGP keys, most notably used to + # decrypt SOPS encrypted configuration files. + # + # This is most useful if you don't want to supply your PGP keys via the pgpKeys parameter + # and have a Kubernetes Secret automatically created for you but rather reference an already + # existing Secret. + # Optional. + pgpKeysSecretNameOverride: + # pgpKeys is a dictionary of PGP keys to place into a Kubernetes Secret and then attach to the + # Workflow worker containers to then import for usel most notably used to decrypt SOPS + # encrypted configuration files. + # Optional. + pgpKeys: {} + + # stepRunnerConfigDir is the path to the Step Runner configuration to pass to the + # Workflow Step Runner when running workflow steps. + stepRunnerConfigDir: + + # workflowWorkerHomeDirPVCRequestSize is the size of the PVC to request for the home directory + # of the workflow worker containers. + # The home directory is typically where tools like Buildah will store built container images + # so this needs to be large enough to fit all the layers and dependencies of whatever container + # images are being built. + workflowWorkerHomeDirPVCRequestSize: 10Gi + # workflowWorkerAppDirPVCRequestSize is the size of the PVC to request for the application + # directory of the workflow worker containers. + # The application directory is where the application will be checkedout from source and where + # any building/packaging for the application will take place so it must be large enough to + # fit those resources. + workflowWorkerAppDirPVCRequestSize: 1Gi + + # workflowWorkerRunAsUser is the UID to run the workflow worker containers as. + # + # IMPORTANT: + # From experimentation this NEEDS be a UID that exists in the worker container images + # images. This is due to limitations of how subuid, subgid, and namespaces work + # and their appropriate ranges not being created for random UID is not created + # with `useradd` and how that interacts with `buildah unshare` for rootless + # container builds within a container. + # + # NOTE: + # The quay.io/ploigos/ploigos-base image uses UID 1001 but if you don't like that UID + # then you can use https://github.com/ploigos/ploigos-containers to create custom + # versions of the Ploigos workflow containers and passing in the container ARG + # `PLOIGOS_USER_UID` to change the UID. + workflowWorkerRunAsUser: 1001 + # workflowWorkerRunAsUserRoleName is the name of the Kubernetes Role that has permissions + # to run as the UID specified with workflowWorkerRunAsUser. + # A RoleBinding will be created and attached the ServiceAccount that is used to run + # the workflow Pods. + workflowWorkerRunAsUserRoleName: ploigos-run-as-user-1001 + + # workflowWorkerImageDefault is the container image to use when creating a workflow worker + # to run pipeline steps when no other specific container image has been specified for that step. + workflowWorkerImageDefault: ploigos/ploigos-base:latest + # workflowWorkerImageSourceClone is the container image to use when creating a workflow worker + # to run pipeline steps when performing source clone step(s). + workflowWorkerImageSourceClone: 'gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.12.1' + # workflowWorkerImageUnitTest is the container image to use when creating a workflow worker + # to run pipeline steps when performing unit test step(s). + workflowWorkerImageUnitTest: + # workflowWorkerImagePackage is the container image to use when creating a workflow worker + # to run pipeline steps when performing package application step(s). + workflowWorkerImagePackage: + # workflowWorkerImageStaticCodeAnalysis is the container image to use when creating a workflow worker + # to run pipeline steps when performing static code analysis step(s). + workflowWorkerImageStaticCodeAnalysis: + # workflowWorkerImagePushArtifacts is the container image to use when creating a workflow worker + # to run pipeline steps when performing push push packaged artifacts step(s). + workflowWorkerImagePushArtifacts: + # workflowWorkerImageContainerOperations is the + # container image to use when creating a workflow worker + # to run pipeline steps when performing container operations (build/push/etc) step(s). + workflowWorkerImageContainerOperations: ploigos/ploigos-tool-containers:latest + # workflowWorkerImageContainerImageStaticComplianceScan is the + # container image to use when creating a workflow worker + # to run pipeline steps when performing container image static compliance scan step(s). + workflowWorkerImageContainerImageStaticComplianceScan: ploigos/ploigos-tool-openscap:latest + # workflowWorkerImageContainerImageStaticVulnerabilityScan is the + # container image to use when creating a workflow worker to run pipeline steps + # when performing container image static vulnerability scan step(s). + workflowWorkerImageContainerImageStaticVulnerabilityScan: ploigos/ploigos-tool-openscap:latest + # workflowWorkerImageDeploy is the container image to use when creating a workflow worker + # to run pipeline steps when performing deploy step(s). + workflowWorkerImageDeploy: ploigos/ploigos-tool-argocd:latest + # workflowWorkerImageValidateEnvironmentConfiguraiton is the + # container image to use when creating a workflow worker + # to run pipeline steps when performing validate environment configuration step(s). + workflowWorkerImageValidateEnvironmentConfiguraiton: ploigos/ploigos-tool-config-lint:latest + # workflowWorkerImageUAT is the container image to use when creating a workflow worker + # to run pipeline steps when performing user acceptance tests (UAT) step(s). + workflowWorkerImageUAT: + + # tektonGitSSHKeys is a dictionary of private SSH keys to use with various + # Git source control services. + # + # EXMAPLE + # ------- + # tektonGitSSHKeys + # gitea-external: # this can be arbitrary + # gitURLs: # this should be an array of git URIs to use this SSH key for + # - gitea-ext.gitea:2022 + # - gitea.ploigos.xyz:2022 + # known_hosts: | # values to put in known hosts to trust the the certificates from the Git server + # [gitea.ploigos.xyz]:2022,[gitea-ext.gitea]:2022 ssh-rsa AAAAB3NzaC1yc2EAAAADAQAB... + # ssh-privatekey: | # SSH private key to use for authentication + # + # + # SEE + # --- + # https://github.com/tektoncd/pipeline/blob/master/docs/auth.md#configuring-ssh-auth-authentication-for-git + tektonGitSSHKeys: {} + + # Flag indicating that platform-level configuration is separate from + # app-level configuration, and that the ploigos-step-runner ClusterTask + # should expect to find: + # - Platform config mounted in /opt/ploigos-platform-config + # - Platform config secrets mounted in /opt/ploigos-platform-config-secrets + # + # This flag also adds two workspaces to the pipeline template: + # - ploigos-platform-config: for mounting a ConfigMap + # - ploigos-platform-config-secrets: for mounting a Secret + separatePlatformConfig: false + +ploigos-workflow-tekton-shared-resources: + nameOverride: ploigos-workflow-standard-tekton-pipeline