From 6efb2b7078196a71c9f5f567936684a687327f1b Mon Sep 17 00:00:00 2001 From: Ian Tewksbury Date: Mon, 29 Mar 2021 09:13:31 -0400 Subject: [PATCH 1/5] remove hack/workaround for tekton bug that was creating multiple tekton tasks that has been fixed in latest tekton release --- .../Pipeline_ploigos-workflow-minimal.yml | 112 ---------- .../Pipeline_ploigos-workflow-standard.yml | 192 ------------------ .../templates/ClusterTask_import-pgp-keys.yml | 10 - .../ClusterTask_ploigos-git-clone.yml | 10 - ...ask_ploigos-setup-workflow-step-runner.yml | 20 -- .../ClusterTask_ploigos-step-runner.yml | 10 - 6 files changed, 354 deletions(-) diff --git a/charts/ploigos-workflow-minimal-tekton-pipeline/templates/Pipeline_ploigos-workflow-minimal.yml b/charts/ploigos-workflow-minimal-tekton-pipeline/templates/Pipeline_ploigos-workflow-minimal.yml index 9c32ff8..e877fad 100644 --- a/charts/ploigos-workflow-minimal-tekton-pipeline/templates/Pipeline_ploigos-workflow-minimal.yml +++ b/charts/ploigos-workflow-minimal-tekton-pipeline/templates/Pipeline_ploigos-workflow-minimal.yml @@ -241,14 +241,6 @@ spec: # Setup: App Clone # #################### - name: setup-app-clone - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 2 - runAfter: - setup-stage-gate when: @@ -282,14 +274,6 @@ spec: # Setup: Setup Workflow Step Runner # ##################################### - name: setup-workflow-step-runner - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 2 - runAfter: - setup-stage-gate # NOTE: @@ -332,14 +316,6 @@ spec: # Setup: PGP Keys # ################### - name: setup-pgp-keys - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 2 - runAfter: - setup-stage-gate # NOTE: @@ -391,14 +367,6 @@ spec: # CI: Generate Metadata # ######################### - name: ci-generate-metadata - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 0 - runAfter: - ci-stage-gate when: @@ -437,14 +405,6 @@ spec: # CI: Tag Source Code # ####################### - name: ci-tag-source-code - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 0 - runAfter: - ci-generate-metadata when: @@ -483,14 +443,6 @@ spec: # CI: Package Application # ########################### - name: ci-package-application - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 0 - runAfter: - ci-tag-source-code when: @@ -529,14 +481,6 @@ spec: # CI: Push Application to Repository # ###################################### - name: ci-push-application-to-repository - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 0 - runAfter: - ci-package-application when: @@ -575,14 +519,6 @@ spec: # CI: Create Container Image # ############################## - name: ci-create-container-image - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 0 - runAfter: - ci-push-application-to-repository when: @@ -621,14 +557,6 @@ spec: # CI: Push Container Image to Repository # ########################################## - name: ci-push-container-image-to-repository - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 0 - runAfter: - ci-create-container-image when: @@ -684,14 +612,6 @@ spec: # DEV: Deploy or Update Environment # ##################################### - name: dev-deploy-or-update-environment - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 0 - runAfter: - dev-stage-gate when: @@ -732,14 +652,6 @@ spec: # TEST # ######## - name: test-stage-gate - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 0 - runAfter: # NOTE: # We would prefer to say this runs after the DEV stage finishes.... @@ -764,14 +676,6 @@ spec: # TEST: Deploy or Update Environment # ###################################### - name: test-deploy-or-update-environment - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 0 - runAfter: - test-stage-gate when: @@ -812,14 +716,6 @@ spec: # PROD # ######## - name: prod-stage-gate - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 0 - runAfter: - test-deploy-or-update-environment taskRef: @@ -837,14 +733,6 @@ spec: # PROD: Deploy or Update Environment # ###################################### - name: prod-deploy-or-update-environment - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 0 - runAfter: - prod-stage-gate when: diff --git a/charts/ploigos-workflow-standard-tekton-pipeline/templates/Pipeline_ploigos-workflow-standard.yml b/charts/ploigos-workflow-standard-tekton-pipeline/templates/Pipeline_ploigos-workflow-standard.yml index 318cddb..090de1f 100644 --- a/charts/ploigos-workflow-standard-tekton-pipeline/templates/Pipeline_ploigos-workflow-standard.yml +++ b/charts/ploigos-workflow-standard-tekton-pipeline/templates/Pipeline_ploigos-workflow-standard.yml @@ -274,14 +274,6 @@ spec: # Setup: App Clone # #################### - name: setup-app-clone - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 2 - runAfter: - setup-stage-gate when: @@ -315,14 +307,6 @@ spec: # Setup: Setup Workflow Step Runner # ##################################### - name: setup-workflow-step-runner - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 2 - runAfter: - setup-stage-gate # NOTE: @@ -365,14 +349,6 @@ spec: # Setup: PGP Keys # ################### - name: setup-pgp-keys - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 2 - runAfter: - setup-stage-gate # NOTE: @@ -424,14 +400,6 @@ spec: # CI: Generate Metadata # ######################### - name: ci-generate-metadata - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 0 - runAfter: - ci-stage-gate when: @@ -470,14 +438,6 @@ spec: # CI: Tag Source Code # ####################### - name: ci-tag-source-code - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 0 - runAfter: - ci-generate-metadata when: @@ -516,14 +476,6 @@ spec: # CI: Run Unit Tests # ###################### - name: ci-run-unit-tests - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 0 - runAfter: - ci-tag-source-code when: @@ -562,14 +514,6 @@ spec: # CI: Package Application # ########################### - name: ci-package-application - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 0 - runAfter: - ci-run-unit-tests when: @@ -608,14 +552,6 @@ spec: # CI: Static Code Analysis # ############################ - name: ci-static-code-analysis - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 0 - runAfter: - ci-package-application when: @@ -654,14 +590,6 @@ spec: # CI: Push Application to Repository # ###################################### - name: ci-push-application-to-repository - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 0 - runAfter: - ci-static-code-analysis when: @@ -700,14 +628,6 @@ spec: # CI: Create Container Image # ############################## - name: ci-create-container-image - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 0 - runAfter: - ci-push-application-to-repository when: @@ -746,14 +666,6 @@ spec: # CI: Static Image Scan: Compliance # ##################################### - name: ci-static-image-scan-compliance - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 0 - runAfter: - ci-create-container-image when: @@ -792,14 +704,6 @@ spec: # CI: Static Image Scan: Vulnerability # ######################################## - name: ci-static-image-scan-vulnerability - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 0 - runAfter: - ci-create-container-image # NOTE: @@ -846,14 +750,6 @@ spec: # CI: Push Container Image to Repository # ########################################## - name: ci-push-container-image-to-repository - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 0 - runAfter: - ci-static-image-scan-vulnerability - ci-static-image-scan-compliance @@ -893,14 +789,6 @@ spec: # CI: Sign Container Image # ############################ - name: ci-sign-container-image - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 0 - runAfter: - ci-push-container-image-to-repository when: @@ -956,14 +844,6 @@ spec: # DEV: Deploy or Update Environment # ##################################### - name: dev-deploy-or-update-environment - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 0 - runAfter: - dev-stage-gate when: @@ -1004,14 +884,6 @@ spec: # DEV: Validate Environment Configuration # ########################################### - name: dev-validate-environment-configuration - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 0 - runAfter: - dev-deploy-or-update-environment when: @@ -1052,14 +924,6 @@ spec: # DEV: Run User Acceptance Tests # ################################## - name: dev-run-user-acceptance-tests - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 0 - runAfter: - dev-validate-environment-configuration when: @@ -1100,14 +964,6 @@ spec: # TEST # ######## - name: test-stage-gate - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 0 - runAfter: # NOTE: # We would prefer to say this runs after the DEV stage finishes.... @@ -1132,14 +988,6 @@ spec: # TEST: Deploy or Update Environment # ###################################### - name: test-deploy-or-update-environment - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 0 - runAfter: - test-stage-gate when: @@ -1180,14 +1028,6 @@ spec: # TEST: Validate Environment Configuration # ############################################ - name: test-validate-environment-configuration - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 0 - runAfter: - test-deploy-or-update-environment when: @@ -1228,14 +1068,6 @@ spec: # TEST: Run User Acceptance Tests # ################################### - name: test-run-user-acceptance-tests - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 0 - runAfter: - test-validate-environment-configuration when: @@ -1276,14 +1108,6 @@ spec: # PROD # ######## - name: prod-stage-gate - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 0 - runAfter: - test-run-user-acceptance-tests taskRef: @@ -1301,14 +1125,6 @@ spec: # PROD: Deploy or Update Environment # ###################################### - name: prod-deploy-or-update-environment - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 0 - runAfter: - prod-stage-gate when: @@ -1349,14 +1165,6 @@ spec: # PROD: Validate Environment Configuration # ############################################ - name: prod-validate-environment-configuration - # WARNING: EPIC HACK/WORKAROUND - # Duplicate TaskRuns are being created (sometimes) which then cause issues with PVC permissions - # SEE: - # * https://github.com/tektoncd/pipeline/issues/3126 - # * https://github.com/tektoncd/pipeline/issues/2813 - # * https://github.com/tektoncd/pipeline/issues/3510 - retries: 0 - runAfter: - prod-deploy-or-update-environment when: diff --git a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_import-pgp-keys.yml b/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_import-pgp-keys.yml index 9eb38ee..7a9ff0c 100644 --- a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_import-pgp-keys.yml +++ b/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_import-pgp-keys.yml @@ -65,16 +65,6 @@ spec: if [ "${VERBOSE}" == "true" ]; then set -x; else set +x; fi set -eu -o pipefail - echo "***********************************************************************************************************************************" - echo "* EPIC HACK/WORKDAROUND FOR DUPLICATE TaskRun BEING CREATED CAUSING PERMISSIONS ISSUES WITH PVC MOUNTED IN THE DUPLICATE TaskRuns *" - echo "***********************************************************************************************************************************" - echo "SEE:" - echo "* https://github.com/tektoncd/pipeline/issues/3126" - echo "* https://github.com/tektoncd/pipeline/issues/2813" - echo "* https://github.com/tektoncd/pipeline/issues/3510" - echo "Check if can 'ls -al $HOME', if not then will throw error and retry this task" - ls -al $HOME - echo "*******************" echo "* Import PGP Keys *" echo "*******************" diff --git a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_ploigos-git-clone.yml b/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_ploigos-git-clone.yml index 2fd59ce..c05597d 100644 --- a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_ploigos-git-clone.yml +++ b/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_ploigos-git-clone.yml @@ -114,16 +114,6 @@ spec: set -x fi - echo "***********************************************************************************************************************************" - echo "* EPIC HACK/WORKDAROUND FOR DUPLICATE TaskRun BEING CREATED CAUSING PERMISSIONS ISSUES WITH PVC MOUNTED IN THE DUPLICATE TaskRuns *" - echo "***********************************************************************************************************************************" - echo "SEE:" - echo "* https://github.com/tektoncd/pipeline/issues/3126" - echo "* https://github.com/tektoncd/pipeline/issues/2813" - echo "* https://github.com/tektoncd/pipeline/issues/3510" - echo "Check if can 'ls -al $HOME', if not then will throw error and retry this task" - ls -al $HOME - CHECKOUT_DIR="$(workspaces.output.path)/$(params.subdirectory)" cleandir() { diff --git a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_ploigos-setup-workflow-step-runner.yml b/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_ploigos-setup-workflow-step-runner.yml index bc28936..c8230ea 100644 --- a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_ploigos-setup-workflow-step-runner.yml +++ b/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_ploigos-setup-workflow-step-runner.yml @@ -155,16 +155,6 @@ spec: if [ "${VERBOSE}" == "true" ]; then set -x; else set +x; fi set -eu -o pipefail - echo "***********************************************************************************************************************************" - echo "* EPIC HACK/WORKDAROUND FOR DUPLICATE TaskRun BEING CREATED CAUSING PERMISSIONS ISSUES WITH PVC MOUNTED IN THE DUPLICATE TaskRuns *" - echo "***********************************************************************************************************************************" - echo "SEE:" - echo "* https://github.com/tektoncd/pipeline/issues/3126" - echo "* https://github.com/tektoncd/pipeline/issues/2813" - echo "* https://github.com/tektoncd/pipeline/issues/3510" - echo "Check if can 'ls -al $HOME', if not then will throw error and retry this task" - ls -al $HOME - echo "**********************" echo "* Create Python venv *" echo "**********************" @@ -205,16 +195,6 @@ spec: if [ "${VERBOSE}" == "true" ]; then set -x; else set +x; fi set -eu -o pipefail - echo "***********************************************************************************************************************************" - echo "* EPIC HACK/WORKDAROUND FOR DUPLICATE TaskRun BEING CREATED CAUSING PERMISSIONS ISSUES WITH PVC MOUNTED IN THE DUPLICATE TaskRuns *" - echo "***********************************************************************************************************************************" - echo "SEE:" - echo "* https://github.com/tektoncd/pipeline/issues/3126" - echo "* https://github.com/tektoncd/pipeline/issues/2813" - echo "* https://github.com/tektoncd/pipeline/issues/3510" - echo "Check if can 'ls -al $HOME', if not then will throw error and retry this task" - ls -al $HOME - if [[ ${UPDATE_STEP_RUNNER_LIBRARY} =~ true|True ]]; then echo "*********************" echo "* Update Python Pip *" diff --git a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_ploigos-step-runner.yml b/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_ploigos-step-runner.yml index e631a1f..1c949fe 100644 --- a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_ploigos-step-runner.yml +++ b/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_ploigos-step-runner.yml @@ -109,16 +109,6 @@ spec: if [ "${VERBOSE}" == "true" ]; then set -x; else set +x; fi set -eu -o pipefail - echo "***********************************************************************************************************************************" - echo "* EPIC HACK/WORKDAROUND FOR DUPLICATE TaskRun BEING CREATED CAUSING PERMISSIONS ISSUES WITH PVC MOUNTED IN THE DUPLICATE TaskRuns *" - echo "***********************************************************************************************************************************" - echo "SEE:" - echo "* https://github.com/tektoncd/pipeline/issues/3126" - echo "* https://github.com/tektoncd/pipeline/issues/2813" - echo "* https://github.com/tektoncd/pipeline/issues/3510" - echo "Check if can 'ls -al $HOME', if not then will throw error and retry this task" - ls -al $HOME - if [ "${PAUSE_FOR_DEBUG_BEFORE_STEP_RUN}" == "true" ]; then echo "********************" echo "* PAUSED FOR DEBUG *" From 5564dd0cd49709b6144fd607d46bd5f6d6306871 Mon Sep 17 00:00:00 2001 From: Ian Tewksbury Date: Mon, 21 Jun 2021 10:16:44 -0400 Subject: [PATCH 2/5] major tekton cleanup * update minimum workflow to allign with new minimum * add tekton typical workflow * update everything workflow to align with new everything * add reporting to finally * move all charts starting with 'ploigos-workflow-' to 'charts/plogigos-workflow/' and remove the prefix to work around https://github.com/helm/chart-testing/issues/343 * update README to reflect local testing updates * update to use 'ref' instead of 'name' for EventListener TriggerTemplate references due to deprivation of 'name' parameter * .github workflows * in testing kind cluster create default IngressClass * upgrade testing to use helm 3.6.1 * CHARTS_DIR env variable --- .github/scripts/configure-kube.sh | 21 + .../determine-helm-charts-to-release.py | 12 + .github/scripts/lint.sh | 9 + .github/scripts/test.sh | 5 + .../workflows/publish-helm-charts-edge.yml | 59 +- .../workflows/publish-helm-charts-release.yml | 57 +- .github/workflows/pull-request.yml | 36 +- README.md | 20 +- charts/README.md | 15 + .../ploigos-workflow-tekton-shared-resources | 1 - .../ploigos-workflow-tekton-shared-resources | 1 - .../charts/ploigos-workflow-shared-resources | 1 - .../everything-tekton-pipeline}/.helmignore | 0 .../everything-tekton-pipeline/Chart.yaml | 14 + .../ploigos-workflow-tekton-shared-resources | 1 + .../ci/test-values.yaml | 10 +- .../templates/NOTES.txt | 0 .../Pipeline_ploigos-workflow-everything.yml} | 266 ++++- .../templates/_helpers.tpl | 0 .../everything-tekton-pipeline}/values.yaml | 0 .../minimal-tekton-pipeline}/.helmignore | 0 .../minimal-tekton-pipeline}/Chart.yaml | 2 +- .../ploigos-workflow-tekton-shared-resources | 1 + .../ci/test-values.yaml | 4 +- .../templates/NOTES.txt | 0 .../Pipeline_ploigos-workflow-minimal.yml | 150 +-- .../templates/_helpers.tpl | 0 .../minimal-tekton-pipeline}/values.yaml | 0 .../shared-resources}/.helmignore | 0 .../shared-resources}/Chart.yaml | 2 +- .../shared-resources}/ci/test-values.yaml | 0 .../shared-resources}/templates/NOTES.txt | 0 .../templates/Secret_pgp-keys.yml | 0 .../templates/ServiceAccount_workflow.yml | 0 .../shared-resources}/templates/_helpers.tpl | 0 .../shared-resources}/values.yaml | 0 .../tekton-cluster-resources}/.helmignore | 0 .../tekton-cluster-resources}/Chart.yaml | 2 +- .../ci/test-no-rbac-values.yaml | 0 .../templates/ClsuterTask_pattern-matcher.yml | 16 +- .../templates/ClusterRole_run-as-user.yml | 0 .../templates/ClusterTask_import-pgp-keys.yml | 17 +- .../ClusterTask_ploigos-git-clone.yml | 16 +- ...ask_ploigos-setup-workflow-step-runner.yml | 21 +- .../ClusterTask_ploigos-step-runner.yml | 16 +- .../ClusterTriggerBinding_gitea-pullreq.yml | 2 +- .../ClusterTriggerBinding_gitea-push.yml | 4 +- .../templates/NOTES.txt | 0 ...SecurityContextConstraints_run-as-user.yml | 0 .../templates/_helpers.tpl | 0 .../tekton-cluster-resources}/values.yaml | 0 .../tekton-shared-resources}/.helmignore | 0 .../tekton-shared-resources}/Chart.yaml | 2 +- .../charts/ploigos-workflow-shared-resources | 1 + .../ci/test-values.yaml | 4 +- .../templates/CronJob_cleanup.yml | 0 .../templates/EventListener.yml | 10 +- .../templates/Ingress_event-listener.yml | 0 .../templates/NOTES.txt | 0 .../templates/Route_event-listener.yml | 0 .../templates/Secret_tekton-git-ssh-auth.yml | 0 .../ServiceAccount_event-listener.yml | 20 +- .../templates/TriggerTemplate.yml | 0 .../templates/_helpers.tpl | 0 .../test-eventlistener-ingress-admitted.yaml | 0 .../test-eventlistener-route-admitted.yaml | 0 .../tekton-shared-resources}/values.yaml | 0 .../typical-tekton-pipeline/.helmignore | 23 + .../typical-tekton-pipeline}/Chart.yaml | 6 +- .../ploigos-workflow-tekton-shared-resources | 1 + .../ci/test-values.yaml | 22 + .../templates/NOTES.txt | 8 + .../Pipeline_ploigos-workflow-typical.yml | 1055 +++++++++++++++++ .../templates/_helpers.tpl | 53 + .../typical-tekton-pipeline/values.yaml | 326 +++++ 75 files changed, 2032 insertions(+), 280 deletions(-) create mode 100755 .github/scripts/configure-kube.sh create mode 100755 .github/scripts/determine-helm-charts-to-release.py create mode 100755 .github/scripts/lint.sh create mode 100755 .github/scripts/test.sh create mode 100644 charts/README.md delete mode 120000 charts/ploigos-workflow-minimal-tekton-pipeline/charts/ploigos-workflow-tekton-shared-resources delete mode 120000 charts/ploigos-workflow-standard-tekton-pipeline/charts/ploigos-workflow-tekton-shared-resources delete mode 120000 charts/ploigos-workflow-tekton-shared-resources/charts/ploigos-workflow-shared-resources rename charts/{ploigos-workflow-minimal-tekton-pipeline => ploigos-workflow/everything-tekton-pipeline}/.helmignore (100%) create mode 100644 charts/ploigos-workflow/everything-tekton-pipeline/Chart.yaml create mode 120000 charts/ploigos-workflow/everything-tekton-pipeline/charts/ploigos-workflow-tekton-shared-resources rename charts/{ploigos-workflow-standard-tekton-pipeline => ploigos-workflow/everything-tekton-pipeline}/ci/test-values.yaml (87%) rename charts/{ploigos-workflow-standard-tekton-pipeline => ploigos-workflow/everything-tekton-pipeline}/templates/NOTES.txt (100%) rename charts/{ploigos-workflow-standard-tekton-pipeline/templates/Pipeline_ploigos-workflow-standard.yml => ploigos-workflow/everything-tekton-pipeline/templates/Pipeline_ploigos-workflow-everything.yml} (82%) rename charts/{ploigos-workflow-standard-tekton-pipeline => ploigos-workflow/everything-tekton-pipeline}/templates/_helpers.tpl (100%) rename charts/{ploigos-workflow-standard-tekton-pipeline => ploigos-workflow/everything-tekton-pipeline}/values.yaml (100%) rename charts/{ploigos-workflow-shared-resources => ploigos-workflow/minimal-tekton-pipeline}/.helmignore (100%) rename charts/{ploigos-workflow-minimal-tekton-pipeline => ploigos-workflow/minimal-tekton-pipeline}/Chart.yaml (94%) create mode 120000 charts/ploigos-workflow/minimal-tekton-pipeline/charts/ploigos-workflow-tekton-shared-resources rename charts/{ploigos-workflow-tekton-shared-resources => ploigos-workflow/minimal-tekton-pipeline}/ci/test-values.yaml (96%) rename charts/{ploigos-workflow-minimal-tekton-pipeline => ploigos-workflow/minimal-tekton-pipeline}/templates/NOTES.txt (100%) rename charts/{ploigos-workflow-minimal-tekton-pipeline => ploigos-workflow/minimal-tekton-pipeline}/templates/Pipeline_ploigos-workflow-minimal.yml (93%) rename charts/{ploigos-workflow-minimal-tekton-pipeline => ploigos-workflow/minimal-tekton-pipeline}/templates/_helpers.tpl (100%) rename charts/{ploigos-workflow-minimal-tekton-pipeline => ploigos-workflow/minimal-tekton-pipeline}/values.yaml (100%) rename charts/{ploigos-workflow-standard-tekton-pipeline => ploigos-workflow/shared-resources}/.helmignore (100%) rename charts/{ploigos-workflow-shared-resources => ploigos-workflow/shared-resources}/Chart.yaml (95%) rename charts/{ploigos-workflow-shared-resources => ploigos-workflow/shared-resources}/ci/test-values.yaml (100%) rename charts/{ploigos-workflow-shared-resources => ploigos-workflow/shared-resources}/templates/NOTES.txt (100%) rename charts/{ploigos-workflow-shared-resources => ploigos-workflow/shared-resources}/templates/Secret_pgp-keys.yml (100%) rename charts/{ploigos-workflow-shared-resources => ploigos-workflow/shared-resources}/templates/ServiceAccount_workflow.yml (100%) rename charts/{ploigos-workflow-shared-resources => ploigos-workflow/shared-resources}/templates/_helpers.tpl (100%) rename charts/{ploigos-workflow-shared-resources => ploigos-workflow/shared-resources}/values.yaml (100%) rename charts/{ploigos-workflow-tekton-cluster-resources => ploigos-workflow/tekton-cluster-resources}/.helmignore (100%) rename charts/{ploigos-workflow-tekton-cluster-resources => ploigos-workflow/tekton-cluster-resources}/Chart.yaml (93%) rename charts/{ploigos-workflow-tekton-cluster-resources => ploigos-workflow/tekton-cluster-resources}/ci/test-no-rbac-values.yaml (100%) rename charts/{ploigos-workflow-tekton-cluster-resources => ploigos-workflow/tekton-cluster-resources}/templates/ClsuterTask_pattern-matcher.yml (87%) rename charts/{ploigos-workflow-tekton-cluster-resources => ploigos-workflow/tekton-cluster-resources}/templates/ClusterRole_run-as-user.yml (100%) rename charts/{ploigos-workflow-tekton-cluster-resources => ploigos-workflow/tekton-cluster-resources}/templates/ClusterTask_import-pgp-keys.yml (80%) rename charts/{ploigos-workflow-tekton-cluster-resources => ploigos-workflow/tekton-cluster-resources}/templates/ClusterTask_ploigos-git-clone.yml (92%) rename charts/{ploigos-workflow-tekton-cluster-resources => ploigos-workflow/tekton-cluster-resources}/templates/ClusterTask_ploigos-setup-workflow-step-runner.yml (93%) rename charts/{ploigos-workflow-tekton-cluster-resources => ploigos-workflow/tekton-cluster-resources}/templates/ClusterTask_ploigos-step-runner.yml (92%) rename charts/{ploigos-workflow-tekton-cluster-resources => ploigos-workflow/tekton-cluster-resources}/templates/ClusterTriggerBinding_gitea-pullreq.yml (94%) rename charts/{ploigos-workflow-tekton-cluster-resources => ploigos-workflow/tekton-cluster-resources}/templates/ClusterTriggerBinding_gitea-push.yml (81%) rename charts/{ploigos-workflow-tekton-cluster-resources => ploigos-workflow/tekton-cluster-resources}/templates/NOTES.txt (100%) rename charts/{ploigos-workflow-tekton-cluster-resources => ploigos-workflow/tekton-cluster-resources}/templates/SecurityContextConstraints_run-as-user.yml (100%) rename charts/{ploigos-workflow-tekton-cluster-resources => ploigos-workflow/tekton-cluster-resources}/templates/_helpers.tpl (100%) rename charts/{ploigos-workflow-tekton-cluster-resources => ploigos-workflow/tekton-cluster-resources}/values.yaml (100%) rename charts/{ploigos-workflow-tekton-shared-resources => ploigos-workflow/tekton-shared-resources}/.helmignore (100%) rename charts/{ploigos-workflow-tekton-shared-resources => ploigos-workflow/tekton-shared-resources}/Chart.yaml (95%) create mode 120000 charts/ploigos-workflow/tekton-shared-resources/charts/ploigos-workflow-shared-resources rename charts/{ploigos-workflow-minimal-tekton-pipeline => ploigos-workflow/tekton-shared-resources}/ci/test-values.yaml (96%) rename charts/{ploigos-workflow-tekton-shared-resources => ploigos-workflow/tekton-shared-resources}/templates/CronJob_cleanup.yml (100%) rename charts/{ploigos-workflow-tekton-shared-resources => ploigos-workflow/tekton-shared-resources}/templates/EventListener.yml (83%) rename charts/{ploigos-workflow-tekton-shared-resources => ploigos-workflow/tekton-shared-resources}/templates/Ingress_event-listener.yml (100%) rename charts/{ploigos-workflow-tekton-shared-resources => ploigos-workflow/tekton-shared-resources}/templates/NOTES.txt (100%) rename charts/{ploigos-workflow-tekton-shared-resources => ploigos-workflow/tekton-shared-resources}/templates/Route_event-listener.yml (100%) rename charts/{ploigos-workflow-tekton-shared-resources => ploigos-workflow/tekton-shared-resources}/templates/Secret_tekton-git-ssh-auth.yml (100%) rename charts/{ploigos-workflow-tekton-shared-resources => ploigos-workflow/tekton-shared-resources}/templates/ServiceAccount_event-listener.yml (60%) rename charts/{ploigos-workflow-tekton-shared-resources => ploigos-workflow/tekton-shared-resources}/templates/TriggerTemplate.yml (100%) rename charts/{ploigos-workflow-tekton-shared-resources => ploigos-workflow/tekton-shared-resources}/templates/_helpers.tpl (100%) rename charts/{ploigos-workflow-tekton-shared-resources => ploigos-workflow/tekton-shared-resources}/templates/tests/test-eventlistener-ingress-admitted.yaml (100%) rename charts/{ploigos-workflow-tekton-shared-resources => ploigos-workflow/tekton-shared-resources}/templates/tests/test-eventlistener-route-admitted.yaml (100%) rename charts/{ploigos-workflow-tekton-shared-resources => ploigos-workflow/tekton-shared-resources}/values.yaml (100%) create mode 100644 charts/ploigos-workflow/typical-tekton-pipeline/.helmignore rename charts/{ploigos-workflow-standard-tekton-pipeline => ploigos-workflow/typical-tekton-pipeline}/Chart.yaml (63%) create mode 120000 charts/ploigos-workflow/typical-tekton-pipeline/charts/ploigos-workflow-tekton-shared-resources create mode 100644 charts/ploigos-workflow/typical-tekton-pipeline/ci/test-values.yaml create mode 100644 charts/ploigos-workflow/typical-tekton-pipeline/templates/NOTES.txt create mode 100644 charts/ploigos-workflow/typical-tekton-pipeline/templates/Pipeline_ploigos-workflow-typical.yml create mode 100644 charts/ploigos-workflow/typical-tekton-pipeline/templates/_helpers.tpl create mode 100644 charts/ploigos-workflow/typical-tekton-pipeline/values.yaml diff --git a/.github/scripts/configure-kube.sh b/.github/scripts/configure-kube.sh new file mode 100755 index 0000000..7189468 --- /dev/null +++ b/.github/scripts/configure-kube.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +echo "Install ingress controller" +helm repo add haproxy-ingress https://haproxy-ingress.github.io/charts +helm install haproxy-ingress haproxy-ingress/haproxy-ingress \ + --create-namespace --namespace=ingress-controller \ + --set controller.hostNetwork=true +kubectl apply -f - <= 0.0.0 || >= 0.0.0-0" +# MANAGED BY: GitHub workflow +version: 0.16.3-edge.2 diff --git a/charts/ploigos-workflow/everything-tekton-pipeline/charts/ploigos-workflow-tekton-shared-resources b/charts/ploigos-workflow/everything-tekton-pipeline/charts/ploigos-workflow-tekton-shared-resources new file mode 120000 index 0000000..4944054 --- /dev/null +++ b/charts/ploigos-workflow/everything-tekton-pipeline/charts/ploigos-workflow-tekton-shared-resources @@ -0,0 +1 @@ +../../tekton-shared-resources \ No newline at end of file diff --git a/charts/ploigos-workflow-standard-tekton-pipeline/ci/test-values.yaml b/charts/ploigos-workflow/everything-tekton-pipeline/ci/test-values.yaml similarity index 87% rename from charts/ploigos-workflow-standard-tekton-pipeline/ci/test-values.yaml rename to charts/ploigos-workflow/everything-tekton-pipeline/ci/test-values.yaml index 85f6099..8d39e1d 100644 --- a/charts/ploigos-workflow-standard-tekton-pipeline/ci/test-values.yaml +++ b/charts/ploigos-workflow/everything-tekton-pipeline/ci/test-values.yaml @@ -6,11 +6,11 @@ global: stepRunnerConfigDir: cicd/step-runner-config workflowWorkerImageDefault: quay.io/ploigos/ploigos-base:latest - workflowWorkerImageUnitTest: quay.io/ploigos/ploigos-tool-maven:nightly - workflowWorkerImagePackage: quay.io/ploigos/ploigos-tool-maven:nightly - workflowWorkerImageStaticCodeAnalysis: quay.io/ploigos/ploigos-tool-sonar:nightly - workflowWorkerImagePushArtifacts: quay.io/ploigos/ploigos-tool-maven:nightly - workflowWorkerImageUAT: quay.io/ploigos/ploigos-tool-maven:nightly + workflowWorkerImageUnitTest: quay.io/ploigos/ploigos-tool-maven:latest + workflowWorkerImagePackage: quay.io/ploigos/ploigos-tool-maven:latest + workflowWorkerImageStaticCodeAnalysis: quay.io/ploigos/ploigos-tool-sonar:latest + workflowWorkerImagePushArtifacts: quay.io/ploigos/ploigos-tool-maven:latest + workflowWorkerImageUAT: quay.io/ploigos/ploigos-tool-maven:latest # NOTE: # have to test with ingress since GitHub action tests on 'kind' server where routes don't diff --git a/charts/ploigos-workflow-standard-tekton-pipeline/templates/NOTES.txt b/charts/ploigos-workflow/everything-tekton-pipeline/templates/NOTES.txt similarity index 100% rename from charts/ploigos-workflow-standard-tekton-pipeline/templates/NOTES.txt rename to charts/ploigos-workflow/everything-tekton-pipeline/templates/NOTES.txt diff --git a/charts/ploigos-workflow-standard-tekton-pipeline/templates/Pipeline_ploigos-workflow-standard.yml b/charts/ploigos-workflow/everything-tekton-pipeline/templates/Pipeline_ploigos-workflow-everything.yml similarity index 82% rename from charts/ploigos-workflow-standard-tekton-pipeline/templates/Pipeline_ploigos-workflow-standard.yml rename to charts/ploigos-workflow/everything-tekton-pipeline/templates/Pipeline_ploigos-workflow-everything.yml index 090de1f..638bd8d 100644 --- a/charts/ploigos-workflow-standard-tekton-pipeline/templates/Pipeline_ploigos-workflow-standard.yml +++ b/charts/ploigos-workflow/everything-tekton-pipeline/templates/Pipeline_ploigos-workflow-everything.yml @@ -177,13 +177,12 @@ spec: git+https://gitea.internal.example.xyz/tools/ploigos-step-runner.git@main installs from an internal fork of the step runner library from the 'main' branch. default: "" - # NOTE: See https://github.com/tektoncd/pipeline/issues/3423 - #- name: workflowWorkersImagePullPolicy - # type: string - # description: | - # Policy for pulling new versions of the imageTag for the CI worker images - # when running this pipeline. - # default: IfNotPresent + - name: workflowWorkersImagePullPolicy + type: string + description: | + Policy for pulling new versions of the imageTag for the CI worker images + when running this pipeline. + default: IfNotPresent - name: workflowWorkerImageDefault type: string description: | @@ -291,6 +290,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageSourceClone) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: url value: $(params.appRepoUrl) - name: revision @@ -332,6 +333,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: stepRunnerUpdateLibrary @@ -374,6 +377,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: pgpKeysSecretName value: $(params.pgpKeysSecretName) @@ -425,6 +430,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -463,6 +470,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -501,6 +510,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageUnitTest) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -539,6 +550,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImagePackage) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -577,6 +590,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageStaticCodeAnalysis) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -615,6 +630,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImagePushArtifacts) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -653,6 +670,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageContainerOperations) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -691,6 +710,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageContainerImageStaticComplianceScan) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -737,6 +758,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageContainerImageStaticVulnerabilityScan) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -776,6 +799,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageContainerOperations) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -814,6 +839,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageContainerOperations) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -823,12 +850,48 @@ spec: - name: stepRunnerConfigDir value: $(params.stepRunnerConfigDir) + ########################## + # CI: Generate Evidence # + ########################## + - name: ci-generate-evidence + runAfter: + - ci-sign-container-image + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: generate-evidence + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + ####### # DEV # ####### - name: dev-stage-gate runAfter: - - ci-sign-container-image + - ci-generate-evidence taskRef: kind: ClusterTask name: pattern-matcher @@ -869,6 +932,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageDeploy) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -909,6 +974,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageValidateEnvironmentConfiguraiton) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -949,6 +1016,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageUAT) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -960,6 +1029,48 @@ spec: - name: environment value: $(params.envNameDev) + ########################## + # DEV: Generate Evidence # + ########################## + - name: dev-generate-evidence + runAfter: + - dev-run-user-acceptance-tests + when: + - input: "$(tasks.dev-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: generate-evidence + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + - name: environment + value: $(params.envNameDev) + ######## # TEST # ######## @@ -969,10 +1080,10 @@ spec: # We would prefer to say this runs after the DEV stage finishes.... # but....https://github.com/tektoncd/pipeline/issues/2127. Which means # If the DEV stage is skipped then this stage will be skipped too because the - # dev-run-user-acceptance-tests task was skipped so the runAfter makes it so this step + # dev-generate-evidence task was skipped so the runAfter makes it so this step # would never run. - - ci-sign-container-image - #- dev-run-user-acceptance-tests + - ci-generate-evidence + #- dev-generate-evidence taskRef: kind: ClusterTask name: pattern-matcher @@ -1013,6 +1124,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageDeploy) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -1053,6 +1166,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageValidateEnvironmentConfiguraiton) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -1093,6 +1208,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageUAT) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -1104,12 +1221,54 @@ spec: - name: environment value: $(params.envNameTest) + ########################### + # TEST: Generate Evidence # + ########################### + - name: test-generate-evidence + runAfter: + - test-run-user-acceptance-tests + when: + - input: "$(tasks.test-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: generate-evidence + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + - name: environment + value: $(params.envNameTest) + ######## # PROD # ######## - name: prod-stage-gate runAfter: - - test-run-user-acceptance-tests + - test-generate-evidence taskRef: kind: ClusterTask name: pattern-matcher @@ -1150,6 +1309,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageDeploy) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -1190,6 +1351,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageValidateEnvironmentConfiguraiton) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -1200,3 +1363,82 @@ spec: value: $(params.stepRunnerConfigDir) - name: environment value: $(params.envNameProd) + + ########################### + # PROD: Generate Evidence # + ########################### + - name: prod-generate-evidence + runAfter: + - prod-validate-environment-configuration + when: + - input: "$(tasks.prod-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: generate-evidence + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + - name: environment + value: $(params.envNameProd) + + finally: + ########## + # Report # + ########## + - name: report + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: report + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + - name: environment + value: $(params.envNameProd) diff --git a/charts/ploigos-workflow-standard-tekton-pipeline/templates/_helpers.tpl b/charts/ploigos-workflow/everything-tekton-pipeline/templates/_helpers.tpl similarity index 100% rename from charts/ploigos-workflow-standard-tekton-pipeline/templates/_helpers.tpl rename to charts/ploigos-workflow/everything-tekton-pipeline/templates/_helpers.tpl diff --git a/charts/ploigos-workflow-standard-tekton-pipeline/values.yaml b/charts/ploigos-workflow/everything-tekton-pipeline/values.yaml similarity index 100% rename from charts/ploigos-workflow-standard-tekton-pipeline/values.yaml rename to charts/ploigos-workflow/everything-tekton-pipeline/values.yaml diff --git a/charts/ploigos-workflow-shared-resources/.helmignore b/charts/ploigos-workflow/minimal-tekton-pipeline/.helmignore similarity index 100% rename from charts/ploigos-workflow-shared-resources/.helmignore rename to charts/ploigos-workflow/minimal-tekton-pipeline/.helmignore diff --git a/charts/ploigos-workflow-minimal-tekton-pipeline/Chart.yaml b/charts/ploigos-workflow/minimal-tekton-pipeline/Chart.yaml similarity index 94% rename from charts/ploigos-workflow-minimal-tekton-pipeline/Chart.yaml rename to charts/ploigos-workflow/minimal-tekton-pipeline/Chart.yaml index 4ea29c0..1e09d33 100644 --- a/charts/ploigos-workflow-minimal-tekton-pipeline/Chart.yaml +++ b/charts/ploigos-workflow/minimal-tekton-pipeline/Chart.yaml @@ -11,4 +11,4 @@ dependencies: - name: ploigos-workflow-tekton-shared-resources version: ">= 0.0.0 || >= 0.0.0-0" # MANAGED BY: GitHub workflow -version: 0.16.2 +version: 0.16.3-edge.2 diff --git a/charts/ploigos-workflow/minimal-tekton-pipeline/charts/ploigos-workflow-tekton-shared-resources b/charts/ploigos-workflow/minimal-tekton-pipeline/charts/ploigos-workflow-tekton-shared-resources new file mode 120000 index 0000000..4944054 --- /dev/null +++ b/charts/ploigos-workflow/minimal-tekton-pipeline/charts/ploigos-workflow-tekton-shared-resources @@ -0,0 +1 @@ +../../tekton-shared-resources \ No newline at end of file diff --git a/charts/ploigos-workflow-tekton-shared-resources/ci/test-values.yaml b/charts/ploigos-workflow/minimal-tekton-pipeline/ci/test-values.yaml similarity index 96% rename from charts/ploigos-workflow-tekton-shared-resources/ci/test-values.yaml rename to charts/ploigos-workflow/minimal-tekton-pipeline/ci/test-values.yaml index 1ad0d39..cda4110 100644 --- a/charts/ploigos-workflow-tekton-shared-resources/ci/test-values.yaml +++ b/charts/ploigos-workflow/minimal-tekton-pipeline/ci/test-values.yaml @@ -6,8 +6,8 @@ global: stepRunnerConfigDir: cicd/step-runner-config workflowWorkerImageDefault: quay.io/ploigos/ploigos-base:latest - workflowWorkerImagePackage: quay.io/ploigos/ploigos-tool-maven:nightly - workflowWorkerImagePushArtifacts: quay.io/ploigos/ploigos-tool-maven:nightly + workflowWorkerImagePackage: quay.io/ploigos/ploigos-tool-maven:latest + workflowWorkerImagePushArtifacts: quay.io/ploigos/ploigos-tool-maven:latest # NOTE: # have to test with ingress since GitHub action tests on 'kind' server where routes don't diff --git a/charts/ploigos-workflow-minimal-tekton-pipeline/templates/NOTES.txt b/charts/ploigos-workflow/minimal-tekton-pipeline/templates/NOTES.txt similarity index 100% rename from charts/ploigos-workflow-minimal-tekton-pipeline/templates/NOTES.txt rename to charts/ploigos-workflow/minimal-tekton-pipeline/templates/NOTES.txt diff --git a/charts/ploigos-workflow-minimal-tekton-pipeline/templates/Pipeline_ploigos-workflow-minimal.yml b/charts/ploigos-workflow/minimal-tekton-pipeline/templates/Pipeline_ploigos-workflow-minimal.yml similarity index 93% rename from charts/ploigos-workflow-minimal-tekton-pipeline/templates/Pipeline_ploigos-workflow-minimal.yml rename to charts/ploigos-workflow/minimal-tekton-pipeline/templates/Pipeline_ploigos-workflow-minimal.yml index e877fad..b02bf1d 100644 --- a/charts/ploigos-workflow-minimal-tekton-pipeline/templates/Pipeline_ploigos-workflow-minimal.yml +++ b/charts/ploigos-workflow/minimal-tekton-pipeline/templates/Pipeline_ploigos-workflow-minimal.yml @@ -178,13 +178,12 @@ spec: git+https://gitea.internal.example.xyz/tools/ploigos-step-runner.git@main installs from an internal fork of the step runner library from the 'main' branch. default: "" - # NOTE: See https://github.com/tektoncd/pipeline/issues/3423 - #- name: workflowWorkersImagePullPolicy - # type: string - # description: | - # Policy for pulling new versions of the imageTag for the CI worker images - # when running this pipeline. - # default: IfNotPresent + - name: workflowWorkersImagePullPolicy + type: string + description: | + Policy for pulling new versions of the imageTag for the CI worker images + when running this pipeline. + default: IfNotPresent - name: workflowWorkerImageDefault type: string description: | @@ -258,6 +257,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageSourceClone) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: url value: $(params.appRepoUrl) - name: revision @@ -299,6 +300,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: stepRunnerUpdateLibrary @@ -341,6 +344,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: pgpKeysSecretName value: $(params.pgpKeysSecretName) @@ -392,6 +397,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -401,50 +408,12 @@ spec: - name: stepRunnerConfigDir value: $(params.stepRunnerConfigDir) - ####################### - # CI: Tag Source Code # - ####################### - - name: ci-tag-source-code - runAfter: - - ci-generate-metadata - when: - - input: "$(tasks.ci-stage-gate.results.matches)" - operator: in - values: ["true"] - taskRef: - kind: ClusterTask - name: ploigos-step-runner - workspaces: - - name: home - workspace: home - - name: app - workspace: app - {{- if $.Values.global.separatePlatformConfig }} - - name: ploigos-platform-config - workspace: ploigos-platform-config - - name: ploigos-platform-config-secrets - workspace: ploigos-platform-config-secrets - {{- end }} - params: - - name: verbose - value: $(params.verbose) - - name: image - value: $(params.workflowWorkerImageDefault) - - name: stepRunnerPackageName - value: $(params.stepRunnerPackageName) - - name: venvPath - value: $(tasks.setup-workflow-step-runner.results.venvPath) - - name: stepName - value: tag-source - - name: stepRunnerConfigDir - value: $(params.stepRunnerConfigDir) - ########################### # CI: Package Application # ########################### - name: ci-package-application runAfter: - - ci-tag-source-code + - ci-generate-metadata when: - input: "$(tasks.ci-stage-gate.results.matches)" operator: in @@ -468,6 +437,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImagePackage) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -477,50 +448,12 @@ spec: - name: stepRunnerConfigDir value: $(params.stepRunnerConfigDir) - ###################################### - # CI: Push Application to Repository # - ###################################### - - name: ci-push-application-to-repository - runAfter: - - ci-package-application - when: - - input: "$(tasks.ci-stage-gate.results.matches)" - operator: in - values: ["true"] - taskRef: - kind: ClusterTask - name: ploigos-step-runner - workspaces: - - name: home - workspace: home - - name: app - workspace: app - {{- if $.Values.global.separatePlatformConfig }} - - name: ploigos-platform-config - workspace: ploigos-platform-config - - name: ploigos-platform-config-secrets - workspace: ploigos-platform-config-secrets - {{- end }} - params: - - name: verbose - value: $(params.verbose) - - name: image - value: $(params.workflowWorkerImagePushArtifacts) - - name: stepRunnerPackageName - value: $(params.stepRunnerPackageName) - - name: venvPath - value: $(tasks.setup-workflow-step-runner.results.venvPath) - - name: stepName - value: push-artifacts - - name: stepRunnerConfigDir - value: $(params.stepRunnerConfigDir) - ############################## # CI: Create Container Image # ############################## - name: ci-create-container-image runAfter: - - ci-push-application-to-repository + - ci-package-application when: - input: "$(tasks.ci-stage-gate.results.matches)" operator: in @@ -544,6 +477,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageContainerOperations) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -582,6 +517,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageContainerOperations) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -637,6 +574,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageDeploy) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -701,6 +640,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageDeploy) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -758,6 +699,8 @@ spec: value: $(params.verbose) - name: image value: $(params.workflowWorkerImageDeploy) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) - name: stepRunnerPackageName value: $(params.stepRunnerPackageName) - name: venvPath @@ -768,3 +711,40 @@ spec: value: $(params.stepRunnerConfigDir) - name: environment value: $(params.envNameProd) + + finally: + ########## + # Report # + ########## + - name: report + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: report + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + - name: environment + value: $(params.envNameProd) diff --git a/charts/ploigos-workflow-minimal-tekton-pipeline/templates/_helpers.tpl b/charts/ploigos-workflow/minimal-tekton-pipeline/templates/_helpers.tpl similarity index 100% rename from charts/ploigos-workflow-minimal-tekton-pipeline/templates/_helpers.tpl rename to charts/ploigos-workflow/minimal-tekton-pipeline/templates/_helpers.tpl diff --git a/charts/ploigos-workflow-minimal-tekton-pipeline/values.yaml b/charts/ploigos-workflow/minimal-tekton-pipeline/values.yaml similarity index 100% rename from charts/ploigos-workflow-minimal-tekton-pipeline/values.yaml rename to charts/ploigos-workflow/minimal-tekton-pipeline/values.yaml diff --git a/charts/ploigos-workflow-standard-tekton-pipeline/.helmignore b/charts/ploigos-workflow/shared-resources/.helmignore similarity index 100% rename from charts/ploigos-workflow-standard-tekton-pipeline/.helmignore rename to charts/ploigos-workflow/shared-resources/.helmignore diff --git a/charts/ploigos-workflow-shared-resources/Chart.yaml b/charts/ploigos-workflow/shared-resources/Chart.yaml similarity index 95% rename from charts/ploigos-workflow-shared-resources/Chart.yaml rename to charts/ploigos-workflow/shared-resources/Chart.yaml index 0e2b1d5..7930792 100644 --- a/charts/ploigos-workflow-shared-resources/Chart.yaml +++ b/charts/ploigos-workflow/shared-resources/Chart.yaml @@ -11,4 +11,4 @@ maintainers: - name: Red Hat, Inc. email: ploigos@redhat.com # MANAGED BY: GitHub workflow -version: 0.16.2 +version: 0.16.3-edge.2 diff --git a/charts/ploigos-workflow-shared-resources/ci/test-values.yaml b/charts/ploigos-workflow/shared-resources/ci/test-values.yaml similarity index 100% rename from charts/ploigos-workflow-shared-resources/ci/test-values.yaml rename to charts/ploigos-workflow/shared-resources/ci/test-values.yaml diff --git a/charts/ploigos-workflow-shared-resources/templates/NOTES.txt b/charts/ploigos-workflow/shared-resources/templates/NOTES.txt similarity index 100% rename from charts/ploigos-workflow-shared-resources/templates/NOTES.txt rename to charts/ploigos-workflow/shared-resources/templates/NOTES.txt diff --git a/charts/ploigos-workflow-shared-resources/templates/Secret_pgp-keys.yml b/charts/ploigos-workflow/shared-resources/templates/Secret_pgp-keys.yml similarity index 100% rename from charts/ploigos-workflow-shared-resources/templates/Secret_pgp-keys.yml rename to charts/ploigos-workflow/shared-resources/templates/Secret_pgp-keys.yml diff --git a/charts/ploigos-workflow-shared-resources/templates/ServiceAccount_workflow.yml b/charts/ploigos-workflow/shared-resources/templates/ServiceAccount_workflow.yml similarity index 100% rename from charts/ploigos-workflow-shared-resources/templates/ServiceAccount_workflow.yml rename to charts/ploigos-workflow/shared-resources/templates/ServiceAccount_workflow.yml diff --git a/charts/ploigos-workflow-shared-resources/templates/_helpers.tpl b/charts/ploigos-workflow/shared-resources/templates/_helpers.tpl similarity index 100% rename from charts/ploigos-workflow-shared-resources/templates/_helpers.tpl rename to charts/ploigos-workflow/shared-resources/templates/_helpers.tpl diff --git a/charts/ploigos-workflow-shared-resources/values.yaml b/charts/ploigos-workflow/shared-resources/values.yaml similarity index 100% rename from charts/ploigos-workflow-shared-resources/values.yaml rename to charts/ploigos-workflow/shared-resources/values.yaml diff --git a/charts/ploigos-workflow-tekton-cluster-resources/.helmignore b/charts/ploigos-workflow/tekton-cluster-resources/.helmignore similarity index 100% rename from charts/ploigos-workflow-tekton-cluster-resources/.helmignore rename to charts/ploigos-workflow/tekton-cluster-resources/.helmignore diff --git a/charts/ploigos-workflow-tekton-cluster-resources/Chart.yaml b/charts/ploigos-workflow/tekton-cluster-resources/Chart.yaml similarity index 93% rename from charts/ploigos-workflow-tekton-cluster-resources/Chart.yaml rename to charts/ploigos-workflow/tekton-cluster-resources/Chart.yaml index c2d4e4e..39aa390 100644 --- a/charts/ploigos-workflow-tekton-cluster-resources/Chart.yaml +++ b/charts/ploigos-workflow/tekton-cluster-resources/Chart.yaml @@ -8,4 +8,4 @@ maintainers: - name: Red Hat, Inc. email: ploigos@redhat.com # MANAGED BY: GitHub workflow -version: 0.16.2 +version: 0.16.3-edge.2 diff --git a/charts/ploigos-workflow-tekton-cluster-resources/ci/test-no-rbac-values.yaml b/charts/ploigos-workflow/tekton-cluster-resources/ci/test-no-rbac-values.yaml similarity index 100% rename from charts/ploigos-workflow-tekton-cluster-resources/ci/test-no-rbac-values.yaml rename to charts/ploigos-workflow/tekton-cluster-resources/ci/test-no-rbac-values.yaml diff --git a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClsuterTask_pattern-matcher.yml b/charts/ploigos-workflow/tekton-cluster-resources/templates/ClsuterTask_pattern-matcher.yml similarity index 87% rename from charts/ploigos-workflow-tekton-cluster-resources/templates/ClsuterTask_pattern-matcher.yml rename to charts/ploigos-workflow/tekton-cluster-resources/templates/ClsuterTask_pattern-matcher.yml index ea04ca6..4de9af0 100644 --- a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClsuterTask_pattern-matcher.yml +++ b/charts/ploigos-workflow/tekton-cluster-resources/templates/ClsuterTask_pattern-matcher.yml @@ -41,12 +41,11 @@ spec: description: | Container image to run the steps of this task in. default: ubi8-minimal - # NOTE: See https://github.com/tektoncd/pipeline/issues/3423 - #- name: imagePullPolicy - # type: string - # description: | - # Policy for pulling new versions of the given image. - # default: IfNotPresent + - name: imagePullPolicy + type: string + description: | + Policy for pulling new versions of the given image. + default: IfNotPresent - name: input type: string description: | @@ -68,10 +67,7 @@ spec: steps: - name: pattern-match image: $(params.image) - # NOTE: - # when https://github.com/tektoncd/pipeline/issues/3423 resolved - # replace with $(params.imagePullPolicy) - imagePullPolicy: {{ $.Values.imagePullPolicy }} + imagePullPolicy: $(params.imagePullPolicy) {{- if $.Values.workflowWorkerRunAsUser }} securityContext: runAsUser: {{ $.Values.workflowWorkerRunAsUser | int }} diff --git a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterRole_run-as-user.yml b/charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterRole_run-as-user.yml similarity index 100% rename from charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterRole_run-as-user.yml rename to charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterRole_run-as-user.yml diff --git a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_import-pgp-keys.yml b/charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTask_import-pgp-keys.yml similarity index 80% rename from charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_import-pgp-keys.yml rename to charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTask_import-pgp-keys.yml index 7a9ff0c..89e902b 100644 --- a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_import-pgp-keys.yml +++ b/charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTask_import-pgp-keys.yml @@ -27,13 +27,11 @@ spec: description: | Container image to run the steps of this task in. default: ploigos/ploigos-base:latest - # NOTE: See https://github.com/tektoncd/pipeline/issues/3423 - #- name: imagePullPolicy - # type: string - # description: | - # Policy for pulling new versions of the given image. - # default: IfNotPresent - + - name: imagePullPolicy + type: string + description: | + Policy for pulling new versions of the given image. + default: IfNotPresent - name: pgpKeysSecretName type: string default: @@ -44,10 +42,7 @@ spec: steps: - name: import-pgp-key image: $(params.image) - # NOTE: - # when https://github.com/tektoncd/pipeline/issues/3423 resolved - # replace with $(params.imagePullPolicy) - imagePullPolicy: {{ $.Values.imagePullPolicy }} + imagePullPolicy: $(params.imagePullPolicy) {{- if $.Values.workflowWorkerRunAsUser }} securityContext: runAsUser: {{ $.Values.workflowWorkerRunAsUser | int }} diff --git a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_ploigos-git-clone.yml b/charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTask_ploigos-git-clone.yml similarity index 92% rename from charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_ploigos-git-clone.yml rename to charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTask_ploigos-git-clone.yml index c05597d..6ec2277 100644 --- a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_ploigos-git-clone.yml +++ b/charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTask_ploigos-git-clone.yml @@ -87,12 +87,11 @@ spec: description: | Container image to run the steps of this task in. default: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.12.1 - # NOTE: See https://github.com/tektoncd/pipeline/issues/3423 - #- name: imagePullPolicy - # type: string - # description: | - # Policy for pulling new versions of the given image. - # default: IfNotPresent + - name: imagePullPolicy + type: string + description: | + Policy for pulling new versions of the given image. + default: IfNotPresent results: - name: commit description: The precise commit SHA that was fetched by this Task @@ -102,10 +101,7 @@ spec: steps: - name: clone image: $(params.image) - # NOTE: - # when https://github.com/tektoncd/pipeline/issues/3423 resolved - # replace with $(params.imagePullPolicy) - imagePullPolicy: {{ $.Values.imagePullPolicy }} + imagePullPolicy: $(params.imagePullPolicy) script: | #!/bin/sh set -eu -o pipefail diff --git a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_ploigos-setup-workflow-step-runner.yml b/charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTask_ploigos-setup-workflow-step-runner.yml similarity index 93% rename from charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_ploigos-setup-workflow-step-runner.yml rename to charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTask_ploigos-setup-workflow-step-runner.yml index c8230ea..d9f8c1c 100644 --- a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_ploigos-setup-workflow-step-runner.yml +++ b/charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTask_ploigos-setup-workflow-step-runner.yml @@ -30,12 +30,11 @@ spec: description: | Container image to run the steps of this task in. default: ploigos/ploigos-base:latest - # NOTE: See https://github.com/tektoncd/pipeline/issues/3423 - #- name: imagePullPolicy - # type: string - # description: | - # Policy for pulling new versions of the given image. - # default: IfNotPresent + - name: imagePullPolicy + type: string + description: | + Policy for pulling new versions of the given image. + default: IfNotPresent - name: stepRunnerPackageName type: string description: | @@ -134,10 +133,7 @@ spec: steps: - name: create-python-venv image: $(params.image) - # NOTE: - # when https://github.com/tektoncd/pipeline/issues/3423 resolved - # replace with $(params.imagePullPolicy) - imagePullPolicy: {{ $.Values.imagePullPolicy }} + imagePullPolicy: $(params.imagePullPolicy) {{- if $.Values.workflowWorkerRunAsUser }} securityContext: runAsUser: {{ $.Values.workflowWorkerRunAsUser | int }} @@ -162,10 +158,7 @@ spec: - name: install-step-runner-python-library image: $(params.image) - # NOTE: - # when https://github.com/tektoncd/pipeline/issues/3423 resolved - # replace with $(params.imagePullPolicy) - imagePullPolicy: {{ $.Values.imagePullPolicy }} + imagePullPolicy: $(params.imagePullPolicy) {{- if $.Values.workflowWorkerRunAsUser }} securityContext: runAsNonRoot: true diff --git a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_ploigos-step-runner.yml b/charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTask_ploigos-step-runner.yml similarity index 92% rename from charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_ploigos-step-runner.yml rename to charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTask_ploigos-step-runner.yml index 1c949fe..8a839a6 100644 --- a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTask_ploigos-step-runner.yml +++ b/charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTask_ploigos-step-runner.yml @@ -42,12 +42,11 @@ spec: description: | Container image to run the steps of this task in. default: ubi8-minimal - # NOTE: See https://github.com/tektoncd/pipeline/issues/3423 - #- name: imagePullPolicy - # type: string - # description: | - # Policy for pulling new versions of the given image. - # default: IfNotPresent + - name: imagePullPolicy + type: string + description: | + Policy for pulling new versions of the given image. + default: IfNotPresent - name: venvPath type: string description: | @@ -88,10 +87,7 @@ spec: steps: - name: workflow-step image: $(params.image) - # NOTE: - # when https://github.com/tektoncd/pipeline/issues/3423 resolved - # replace with $(params.imagePullPolicy) - imagePullPolicy: {{ $.Values.imagePullPolicy }} + imagePullPolicy: $(params.imagePullPolicy) {{- if $.Values.workflowWorkerRunAsUser }} securityContext: runAsUser: {{ $.Values.workflowWorkerRunAsUser | int }} diff --git a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTriggerBinding_gitea-pullreq.yml b/charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTriggerBinding_gitea-pullreq.yml similarity index 94% rename from charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTriggerBinding_gitea-pullreq.yml rename to charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTriggerBinding_gitea-pullreq.yml index ba9d7a7..a9f7441 100644 --- a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTriggerBinding_gitea-pullreq.yml +++ b/charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTriggerBinding_gitea-pullreq.yml @@ -13,7 +13,7 @@ spec: - name: git-repo-event-target-ref value: $(body.pull_request.head.ref) - name: pipelinerun-name - value: $(body.extensions.pipelinerun_name) + value: $(extensions.pipelinerun_name) - name: pullreq-sha value: $(body.pull_request.head.sha) - name: pullreq-ref diff --git a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTriggerBinding_gitea-push.yml b/charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTriggerBinding_gitea-push.yml similarity index 81% rename from charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTriggerBinding_gitea-push.yml rename to charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTriggerBinding_gitea-push.yml index 563faee..c63cf95 100644 --- a/charts/ploigos-workflow-tekton-cluster-resources/templates/ClusterTriggerBinding_gitea-push.yml +++ b/charts/ploigos-workflow/tekton-cluster-resources/templates/ClusterTriggerBinding_gitea-push.yml @@ -11,6 +11,6 @@ spec: - name: git-repo-ssh-url value: $(body.repository.ssh_url) - name: git-repo-event-target-ref - value: $(body.extensions.branch_name) + value: $(extensions.branch_name) - name: pipelinerun-name - value: $(body.extensions.pipelinerun_name) + value: $(extensions.pipelinerun_name) diff --git a/charts/ploigos-workflow-tekton-cluster-resources/templates/NOTES.txt b/charts/ploigos-workflow/tekton-cluster-resources/templates/NOTES.txt similarity index 100% rename from charts/ploigos-workflow-tekton-cluster-resources/templates/NOTES.txt rename to charts/ploigos-workflow/tekton-cluster-resources/templates/NOTES.txt diff --git a/charts/ploigos-workflow-tekton-cluster-resources/templates/SecurityContextConstraints_run-as-user.yml b/charts/ploigos-workflow/tekton-cluster-resources/templates/SecurityContextConstraints_run-as-user.yml similarity index 100% rename from charts/ploigos-workflow-tekton-cluster-resources/templates/SecurityContextConstraints_run-as-user.yml rename to charts/ploigos-workflow/tekton-cluster-resources/templates/SecurityContextConstraints_run-as-user.yml diff --git a/charts/ploigos-workflow-tekton-cluster-resources/templates/_helpers.tpl b/charts/ploigos-workflow/tekton-cluster-resources/templates/_helpers.tpl similarity index 100% rename from charts/ploigos-workflow-tekton-cluster-resources/templates/_helpers.tpl rename to charts/ploigos-workflow/tekton-cluster-resources/templates/_helpers.tpl diff --git a/charts/ploigos-workflow-tekton-cluster-resources/values.yaml b/charts/ploigos-workflow/tekton-cluster-resources/values.yaml similarity index 100% rename from charts/ploigos-workflow-tekton-cluster-resources/values.yaml rename to charts/ploigos-workflow/tekton-cluster-resources/values.yaml diff --git a/charts/ploigos-workflow-tekton-shared-resources/.helmignore b/charts/ploigos-workflow/tekton-shared-resources/.helmignore similarity index 100% rename from charts/ploigos-workflow-tekton-shared-resources/.helmignore rename to charts/ploigos-workflow/tekton-shared-resources/.helmignore diff --git a/charts/ploigos-workflow-tekton-shared-resources/Chart.yaml b/charts/ploigos-workflow/tekton-shared-resources/Chart.yaml similarity index 95% rename from charts/ploigos-workflow-tekton-shared-resources/Chart.yaml rename to charts/ploigos-workflow/tekton-shared-resources/Chart.yaml index 74ad781..36ad7d3 100644 --- a/charts/ploigos-workflow-tekton-shared-resources/Chart.yaml +++ b/charts/ploigos-workflow/tekton-shared-resources/Chart.yaml @@ -13,4 +13,4 @@ dependencies: - name: ploigos-workflow-shared-resources version: ">= 0.0.0 || >= 0.0.0-0" # MANAGED BY: GitHub workflow -version: 0.16.2 +version: 0.16.3-edge.2 diff --git a/charts/ploigos-workflow/tekton-shared-resources/charts/ploigos-workflow-shared-resources b/charts/ploigos-workflow/tekton-shared-resources/charts/ploigos-workflow-shared-resources new file mode 120000 index 0000000..0726ceb --- /dev/null +++ b/charts/ploigos-workflow/tekton-shared-resources/charts/ploigos-workflow-shared-resources @@ -0,0 +1 @@ +../../shared-resources \ No newline at end of file diff --git a/charts/ploigos-workflow-minimal-tekton-pipeline/ci/test-values.yaml b/charts/ploigos-workflow/tekton-shared-resources/ci/test-values.yaml similarity index 96% rename from charts/ploigos-workflow-minimal-tekton-pipeline/ci/test-values.yaml rename to charts/ploigos-workflow/tekton-shared-resources/ci/test-values.yaml index 1ad0d39..cda4110 100644 --- a/charts/ploigos-workflow-minimal-tekton-pipeline/ci/test-values.yaml +++ b/charts/ploigos-workflow/tekton-shared-resources/ci/test-values.yaml @@ -6,8 +6,8 @@ global: stepRunnerConfigDir: cicd/step-runner-config workflowWorkerImageDefault: quay.io/ploigos/ploigos-base:latest - workflowWorkerImagePackage: quay.io/ploigos/ploigos-tool-maven:nightly - workflowWorkerImagePushArtifacts: quay.io/ploigos/ploigos-tool-maven:nightly + workflowWorkerImagePackage: quay.io/ploigos/ploigos-tool-maven:latest + workflowWorkerImagePushArtifacts: quay.io/ploigos/ploigos-tool-maven:latest # NOTE: # have to test with ingress since GitHub action tests on 'kind' server where routes don't diff --git a/charts/ploigos-workflow-tekton-shared-resources/templates/CronJob_cleanup.yml b/charts/ploigos-workflow/tekton-shared-resources/templates/CronJob_cleanup.yml similarity index 100% rename from charts/ploigos-workflow-tekton-shared-resources/templates/CronJob_cleanup.yml rename to charts/ploigos-workflow/tekton-shared-resources/templates/CronJob_cleanup.yml diff --git a/charts/ploigos-workflow-tekton-shared-resources/templates/EventListener.yml b/charts/ploigos-workflow/tekton-shared-resources/templates/EventListener.yml similarity index 83% rename from charts/ploigos-workflow-tekton-shared-resources/templates/EventListener.yml rename to charts/ploigos-workflow/tekton-shared-resources/templates/EventListener.yml index f0e67b9..db9c835 100644 --- a/charts/ploigos-workflow-tekton-shared-resources/templates/EventListener.yml +++ b/charts/ploigos-workflow/tekton-shared-resources/templates/EventListener.yml @@ -17,7 +17,7 @@ spec: (body.action == 'opened') || (body.action == 'synchronized') ) overlays: - - key: extensions.pipelinerun_name + - key: pipelinerun_name expression: >- body.repository.name.replace('_','-') + '--' + @@ -26,7 +26,7 @@ spec: - kind: ClusterTriggerBinding ref: gitea-pullreq template: - name: {{ include "ploigos-workflow-tekton.triggerTemplateName" . }} + ref: {{ include "ploigos-workflow-tekton.triggerTemplateName" . }} - name: gitea-push interceptors: - cel: @@ -34,10 +34,10 @@ spec: (header.match('X-Gitea-Event', 'push')) && (body.ref.startsWith('refs/heads/')) overlays: - - key: extensions.branch_name + - key: branch_name expression: >- body.ref.replace('refs/heads/', '') - - key: extensions.pipelinerun_name + - key: pipelinerun_name expression: >- body.repository.name.replace('_','-') + '--' + @@ -46,4 +46,4 @@ spec: - kind: ClusterTriggerBinding ref: gitea-push template: - name: {{ include "ploigos-workflow-tekton.triggerTemplateName" . }} + ref: {{ include "ploigos-workflow-tekton.triggerTemplateName" . }} diff --git a/charts/ploigos-workflow-tekton-shared-resources/templates/Ingress_event-listener.yml b/charts/ploigos-workflow/tekton-shared-resources/templates/Ingress_event-listener.yml similarity index 100% rename from charts/ploigos-workflow-tekton-shared-resources/templates/Ingress_event-listener.yml rename to charts/ploigos-workflow/tekton-shared-resources/templates/Ingress_event-listener.yml diff --git a/charts/ploigos-workflow-tekton-shared-resources/templates/NOTES.txt b/charts/ploigos-workflow/tekton-shared-resources/templates/NOTES.txt similarity index 100% rename from charts/ploigos-workflow-tekton-shared-resources/templates/NOTES.txt rename to charts/ploigos-workflow/tekton-shared-resources/templates/NOTES.txt diff --git a/charts/ploigos-workflow-tekton-shared-resources/templates/Route_event-listener.yml b/charts/ploigos-workflow/tekton-shared-resources/templates/Route_event-listener.yml similarity index 100% rename from charts/ploigos-workflow-tekton-shared-resources/templates/Route_event-listener.yml rename to charts/ploigos-workflow/tekton-shared-resources/templates/Route_event-listener.yml diff --git a/charts/ploigos-workflow-tekton-shared-resources/templates/Secret_tekton-git-ssh-auth.yml b/charts/ploigos-workflow/tekton-shared-resources/templates/Secret_tekton-git-ssh-auth.yml similarity index 100% rename from charts/ploigos-workflow-tekton-shared-resources/templates/Secret_tekton-git-ssh-auth.yml rename to charts/ploigos-workflow/tekton-shared-resources/templates/Secret_tekton-git-ssh-auth.yml diff --git a/charts/ploigos-workflow-tekton-shared-resources/templates/ServiceAccount_event-listener.yml b/charts/ploigos-workflow/tekton-shared-resources/templates/ServiceAccount_event-listener.yml similarity index 60% rename from charts/ploigos-workflow-tekton-shared-resources/templates/ServiceAccount_event-listener.yml rename to charts/ploigos-workflow/tekton-shared-resources/templates/ServiceAccount_event-listener.yml index 0282605..f7cbad2 100644 --- a/charts/ploigos-workflow-tekton-shared-resources/templates/ServiceAccount_event-listener.yml +++ b/charts/ploigos-workflow/tekton-shared-resources/templates/ServiceAccount_event-listener.yml @@ -1,3 +1,5 @@ +# Based on content from: https://github.com/tektoncd/triggers/blob/main/examples/rbac.yaml + --- apiVersion: v1 kind: ServiceAccount @@ -12,13 +14,13 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ include "ploigos-workflow-tekton.eventListenerServiceAccountName" . }} rules: -# Permissions for every EventListener deployment to function +# EventListeners need to be able to fetch all namespaced resources - apiGroups: ["triggers.tekton.dev"] resources: ["eventlisteners", "triggerbindings", "triggertemplates", "triggers"] verbs: ["get", "list", "watch"] - apiGroups: [""] - # secrets are only needed for GitHub/GitLab interceptors - resources: ["configmaps", "secrets"] +# configmaps is needed for updating logging config + resources: ["configmaps"] verbs: ["get", "list", "watch"] # Permissions to create resources in associated TriggerTemplates - apiGroups: ["tekton.dev"] @@ -27,6 +29,18 @@ rules: - apiGroups: [""] resources: ["serviceaccounts"] verbs: ["impersonate"] +- apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + resourceNames: ["tekton-triggers"] + verbs: ["use"] +# EventListeners need to be able to fetch any clustertriggerbindings +# NOTE: in Tekton examples this is put into a ClusterRole and ClusterBinding +# but from testing it works fine for our use case as a namespaced Role +# and RoleBinding and allows us to not require users to have permissions +# to create cluster level resources. +- apiGroups: ["triggers.tekton.dev"] + resources: ["clustertriggerbindings", "clusterinterceptors"] + verbs: ["get", "list", "watch"] --- kind: RoleBinding diff --git a/charts/ploigos-workflow-tekton-shared-resources/templates/TriggerTemplate.yml b/charts/ploigos-workflow/tekton-shared-resources/templates/TriggerTemplate.yml similarity index 100% rename from charts/ploigos-workflow-tekton-shared-resources/templates/TriggerTemplate.yml rename to charts/ploigos-workflow/tekton-shared-resources/templates/TriggerTemplate.yml diff --git a/charts/ploigos-workflow-tekton-shared-resources/templates/_helpers.tpl b/charts/ploigos-workflow/tekton-shared-resources/templates/_helpers.tpl similarity index 100% rename from charts/ploigos-workflow-tekton-shared-resources/templates/_helpers.tpl rename to charts/ploigos-workflow/tekton-shared-resources/templates/_helpers.tpl diff --git a/charts/ploigos-workflow-tekton-shared-resources/templates/tests/test-eventlistener-ingress-admitted.yaml b/charts/ploigos-workflow/tekton-shared-resources/templates/tests/test-eventlistener-ingress-admitted.yaml similarity index 100% rename from charts/ploigos-workflow-tekton-shared-resources/templates/tests/test-eventlistener-ingress-admitted.yaml rename to charts/ploigos-workflow/tekton-shared-resources/templates/tests/test-eventlistener-ingress-admitted.yaml diff --git a/charts/ploigos-workflow-tekton-shared-resources/templates/tests/test-eventlistener-route-admitted.yaml b/charts/ploigos-workflow/tekton-shared-resources/templates/tests/test-eventlistener-route-admitted.yaml similarity index 100% rename from charts/ploigos-workflow-tekton-shared-resources/templates/tests/test-eventlistener-route-admitted.yaml rename to charts/ploigos-workflow/tekton-shared-resources/templates/tests/test-eventlistener-route-admitted.yaml diff --git a/charts/ploigos-workflow-tekton-shared-resources/values.yaml b/charts/ploigos-workflow/tekton-shared-resources/values.yaml similarity index 100% rename from charts/ploigos-workflow-tekton-shared-resources/values.yaml rename to charts/ploigos-workflow/tekton-shared-resources/values.yaml diff --git a/charts/ploigos-workflow/typical-tekton-pipeline/.helmignore b/charts/ploigos-workflow/typical-tekton-pipeline/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/ploigos-workflow/typical-tekton-pipeline/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/ploigos-workflow-standard-tekton-pipeline/Chart.yaml b/charts/ploigos-workflow/typical-tekton-pipeline/Chart.yaml similarity index 63% rename from charts/ploigos-workflow-standard-tekton-pipeline/Chart.yaml rename to charts/ploigos-workflow/typical-tekton-pipeline/Chart.yaml index 658ec4e..6240262 100644 --- a/charts/ploigos-workflow-standard-tekton-pipeline/Chart.yaml +++ b/charts/ploigos-workflow/typical-tekton-pipeline/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 -name: ploigos-workflow-standard-tekton-pipeline +name: ploigos-workflow-typical-tekton-pipeline description: | - A Helm chart for Kubernetes to install the Ploigos Workflow (Standard) run by Tekton for a + A Helm chart for Kubernetes to install the Ploigos Workflow (Typical) run by Tekton for a given application service. type: application maintainers: @@ -11,4 +11,4 @@ dependencies: - name: ploigos-workflow-tekton-shared-resources version: ">= 0.0.0 || >= 0.0.0-0" # MANAGED BY: GitHub workflow -version: 0.16.2 +version: 0.16.3-edge.2 diff --git a/charts/ploigos-workflow/typical-tekton-pipeline/charts/ploigos-workflow-tekton-shared-resources b/charts/ploigos-workflow/typical-tekton-pipeline/charts/ploigos-workflow-tekton-shared-resources new file mode 120000 index 0000000..4944054 --- /dev/null +++ b/charts/ploigos-workflow/typical-tekton-pipeline/charts/ploigos-workflow-tekton-shared-resources @@ -0,0 +1 @@ +../../tekton-shared-resources \ No newline at end of file diff --git a/charts/ploigos-workflow/typical-tekton-pipeline/ci/test-values.yaml b/charts/ploigos-workflow/typical-tekton-pipeline/ci/test-values.yaml new file mode 100644 index 0000000..8d39e1d --- /dev/null +++ b/charts/ploigos-workflow/typical-tekton-pipeline/ci/test-values.yaml @@ -0,0 +1,22 @@ +--- +global: + applicationName: test-app + serviceName: test-srv + + stepRunnerConfigDir: cicd/step-runner-config + + workflowWorkerImageDefault: quay.io/ploigos/ploigos-base:latest + workflowWorkerImageUnitTest: quay.io/ploigos/ploigos-tool-maven:latest + workflowWorkerImagePackage: quay.io/ploigos/ploigos-tool-maven:latest + workflowWorkerImageStaticCodeAnalysis: quay.io/ploigos/ploigos-tool-sonar:latest + workflowWorkerImagePushArtifacts: quay.io/ploigos/ploigos-tool-maven:latest + workflowWorkerImageUAT: quay.io/ploigos/ploigos-tool-maven:latest + + # NOTE: + # have to test with ingress since GitHub action tests on 'kind' server where routes don't + # exist. Would much rather not have this hard coded in here and pass in at run time but.... + # https://github.com/helm/chart-testing/issues/301 + eventListenerCreateRoute: false + eventListenerCreateIngress: true + eventListenerRouteHostOverride: el-test.ploigos.xyz + eventListenerIngressHost: el-test.ploigos.xyz diff --git a/charts/ploigos-workflow/typical-tekton-pipeline/templates/NOTES.txt b/charts/ploigos-workflow/typical-tekton-pipeline/templates/NOTES.txt new file mode 100644 index 0000000..4cb0434 --- /dev/null +++ b/charts/ploigos-workflow/typical-tekton-pipeline/templates/NOTES.txt @@ -0,0 +1,8 @@ +********************************************* +* ploigos-workflow-standard-tekton-pipeline * +********************************************* + +Installed Ploigos Workflow (Standard) +* Tekton Pipeline: {{ include "ploigos-workflow-tekton.pipelineName" . }} +* Application: {{ $.Values.global.applicationName }} +* Service: {{ $.Values.global.serviceName }} diff --git a/charts/ploigos-workflow/typical-tekton-pipeline/templates/Pipeline_ploigos-workflow-typical.yml b/charts/ploigos-workflow/typical-tekton-pipeline/templates/Pipeline_ploigos-workflow-typical.yml new file mode 100644 index 0000000..7723ba8 --- /dev/null +++ b/charts/ploigos-workflow/typical-tekton-pipeline/templates/Pipeline_ploigos-workflow-typical.yml @@ -0,0 +1,1055 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: Pipeline +metadata: + name: {{ include "ploigos-workflow-tekton.pipelineName" . | quote }} + labels: + ploigos.dev/workflow: standard + {{- include "ploigos-workflow.labels" . | nindent 4 }} +spec: + workspaces: + - name: home + description: | + Workspace for the container users home directory. + - name: app + description: | + Workspace to checkout the application this workflow is for and set as the working directory + for the step executions. + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + description: | + Workspace containing platform-level config + - name: ploigos-platform-config-secrets + description: | + Workspace containing platform-level secrets + {{- end }} + params: + - name: verbose + description: log any *sh commands used during execution + type: string + default: "false" + - name: appRepoUrl + description: | + URL to the application repository to run the pipeline for. + type: string + - name: appRepoRef + description: | + Git reference (tag, branch) of the application repository to run the pipeline for. + type: string + - name: appCloneSSLVerify + description: | + Passed to git-clone ClusterTask. + Defines if http.sslVerify should be set to true or false in the global git config + type: string + default: "true" + - name: stepRunnerConfigDir + description: | + Path to the Step Runner configuration to pass to the + Workflow Step Runner when running workflow steps. + type: string + default: '' + - name: pgpKeysSecretName + description: | + Name of the Kubernetes Secret containing the PGP private keys to import for use by SOPS + to decrypt encrypted Step Runner config. + type: string + - name: envNameDev + type: string + description: | + Name of the "Development" environment used in the Step Runner configuration + files and to pass to the Workflow Step Runner when running a step targeted to + the "Development" environment. + default: DEV + - name: envNameTest + type: string + description: | + Name of the "Test" environment used in the Step Runner configuration + files and to pass to the Workflow Step Runner when running a step targeted to + the "Test" environment. + default: TEST + - name: envNameProd + type: string + description: | + Name of the "Production" environment used in the Step Runner configuration + files and to pass to the Workflow Step Runner when running a step targeted to + the "Production" environment. + default: PROD + - name: ciOnlyGitRefPatterns + type: string + description: | + Regex pattern for git references that should only go through the + Continues Integration (CI) workflow. + default: "^$" + - name: devGitRefPatterns + type: string + description: | + Regex pattern for git references that should go through the + Continues Integration (CI) workflow and then the deployment to + "Development" environment(s) (IE: "DEV" environment) workflow. + default: "^feature/.+$|^PR-.+$" + - name: releaseGitRefPatterns + type: string + description: | + Regex pattern for git references that should go through the + Continues Integration (CI) workflow and then the deployment to + "Release" environment(s) (IE: "TEST" and then "PROD" environments) workflow. + default: "^main$" + - name: stepRunnerPackageName + type: string + description: | + Name of the python package to use as the Workflow Step Runner. + default: "ploigos-step-runner" + - name: stepRunnerUpdateLibrary + type: string + description: | + If 'true', then pull the Workflow Step Runner library source code and build it. + If 'false', use the version of the Workflow Step Runner library that is pre-installed + in the CI worker images. + + If 'false' then the following parameters are ignored: + - 'stepRunnerLibSourceUrl' + - 'stepRunnerLibIndexUrl' + - 'stepRunnerLibExtraIndexUrl' + - 'stepRunnerLibVersion' + default: "false" + - name: stepRunnerLibIndexUrl + type: string + description: | + If 'stepRunnerUpdateLibrary' is true and 'stepRunnerLibSourceUrl' is not supplied then this + will be passed to pip as '--index-url' for installing the Workflow Step Runner library + and its dependencies. + + NOTE + ---- + PIP is indeterminate whether it will pull packages from '--index-url' or + '--extra-index-url', therefor be sure to specify 'stepRunnerLibVersion' + if trying to pull a specific version from a specific index. + + SEE + --- + - https://pip.pypa.io/en/stable/reference/pip_install/#id48 + default: "https://pypi.org/simple/" + - name: stepRunnerLibExtraIndexUrl + type: string + description: | + If 'stepRunnerUpdateLibrary' is true and 'stepRunnerLibSourceUrl' is not supplied then this + will be passed to pip as '--extra-index-url' for installing the Workflow Step Runner library + and its dependencies. + + NOTE + ---- + PIP is indeterminate whether it will pull packages from '--index-url' or + '--extra-index-url', therefor be sure to specify 'stepRunnerLibVersion' + if trying to pull a specific version from a specific index. + + SEE + --- + - https://pip.pypa.io/en/stable/reference/pip_install/#id48 + default: "https://pypi.org/simple/" + - name: stepRunnerLibVersion + type: string + description: | + If 'stepRunnerUpdateLibrary' is true and 'stepRunnerLibSourceUrl' is not supplied then this + will be passed to pip as as the version of the Workflow Step Runner library to install. + + NOTE + ---- + If not given pip will install the latest from either 'stepRunnerLibIndexUrl' or + 'stepRunnerLibExtraIndexUrl' indeterminately. + default: "" + - name: stepRunnerLibSourceUrl + type: string + description: | + If none empty value given and 'stepRunnerUpdateLibrary' is true this will be used as the source + location to install the Workflow Step Runner library from rather then from a PEP 503 compliant + repository. + + If given then the following parameters are ignored: + - 'stepRunnerLibIndexUrl' + - 'stepRunnerLibExtraIndexUrl' + - 'stepRunnerLibVersion' + + EXAMPLES + -------- + git+https://github.com/ploigos/ploigos-step-runner.git@feature/NAPSSPO-1018 + installs from the public 'ploigos' fork from the 'feature/NAPSSPO-1018' branch. + + git+https://gitea.internal.example.xyz/tools/ploigos-step-runner.git@main + installs from an internal fork of the step runner library from the 'main' branch. + default: "" + - name: workflowWorkersImagePullPolicy + type: string + description: | + Policy for pulling new versions of the imageTag for the CI worker images + when running this pipeline. + default: IfNotPresent + - name: workflowWorkerImageDefault + type: string + description: | + Container image to use when creating a workflow worker + to run pipeline steps when no other specific container image has been + specified for that step. + default: ploigos/ploigos-base:latest + - name: workflowWorkerImageSourceClone + type: string + description: | + Container image to use when creating a workflow worker + to run pipeline steps when performing source clone step(s). + default: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.12.1 + - name: workflowWorkerImageUnitTest + type: string + description: | + Container image to use when creating a workflow worker + to run pipeline steps when performing unit test step(s). + - name: workflowWorkerImagePackage + type: string + description: | + Container image to use when creating a workflow worker + to run pipeline steps when performing package application step(s). + - name: workflowWorkerImageStaticCodeAnalysis + type: string + description: | + Container image to use when creating a workflow worker + to run pipeline steps when performing static code analysis step(s). + default: ploigos/ploigos-tool-sonar:latest + - name: workflowWorkerImagePushArtifacts + type: string + description: | + Container image to use when creating a workflow worker + to run pipeline steps when performing push push packaged artifacts step(s). + - name: workflowWorkerImageContainerOperations + type: string + description: | + Container image to use when creating a workflow worker + to run pipeline steps when performing container operations (build/push/etc) step(s). + default: ploigos/ploigos-tool-containers:latest + - name: workflowWorkerImageContainerImageStaticVulnerabilityScan + type: string + description: | + Container image to use when creating a workflow worker to run pipeline steps + when performing container image static vulnerability scan step(s). + default: ploigos/ploigos-tool-openscap:latest + - name: workflowWorkerImageDeploy + type: string + description: | + Container image to use when creating a workflow worker + to run pipeline steps when performing deploy step(s). + default: ploigos/ploigos-tool-argocd:latest + - name: workflowWorkerImageUAT + type: string + description: | + Container image to use when creating a workflow worker + to run pipeline steps when performing user acceptance tests (UAT) step(s). + + tasks: + ######### + # SETUP # + ######### + - name: setup-stage-gate + taskRef: + kind: ClusterTask + name: pattern-matcher + params: + - name: verbose + value: $(params.verbose) + - name: input + value: $(params.appRepoRef) + - name: pattern + value: "$(params.ciOnlyGitRefPatterns)|$(params.devGitRefPatterns)|$(params.releaseGitRefPatterns)" + + #################### + # Setup: App Clone # + #################### + - name: setup-app-clone + runAfter: + - setup-stage-gate + when: + - input: "$(tasks.setup-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-git-clone + workspaces: + - name: output + workspace: app + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageSourceClone) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: url + value: $(params.appRepoUrl) + - name: revision + value: $(params.appRepoRef) + - name: deleteExisting + value: "true" + - name: sslVerify + value: $(params.appCloneSSLVerify) + # NOTE: this is so that git wont end up in a detached head mode + - name: refspec + value: "+refs/heads/$(params.appRepoRef):$(params.appRepoRef)" + + ##################################### + # Setup: Setup Workflow Step Runner # + ##################################### + - name: setup-workflow-step-runner + runAfter: + - setup-stage-gate + # NOTE: + # this dependency is only here because of read/write once constraints of most PV/PVCs + # if happening to be using storage that supports ReadWriteMany then the following steps + # can run in parallel + # * setup-app-clone + # * setup-workflow-step-runner + # * setup-pgp-keys + - setup-app-clone + when: + - input: "$(tasks.setup-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-setup-workflow-step-runner + workspaces: + - name: home + workspace: home + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: stepRunnerUpdateLibrary + value: $(params.stepRunnerUpdateLibrary) + - name: stepRunnerLibSourceUrl + value: $(params.stepRunnerLibSourceUrl) + - name: stepRunnerLibIndexUrl + value: $(params.stepRunnerLibIndexUrl) + - name: stepRunnerLibExtraIndexUrl + value: $(params.stepRunnerLibExtraIndexUrl) + - name: stepRunnerLibVersion + value: $(params.stepRunnerLibVersion) + + ################### + # Setup: PGP Keys # + ################### + - name: setup-pgp-keys + runAfter: + - setup-stage-gate + # NOTE: + # this dependency is only here because of read/write once constraints of most PV/PVCs + # if happening to be using storage that supports ReadWriteMany then the following steps + # can run in parallel + # * setup-app-clone + # * setup-workflow-step-runner + # * setup-pgp-keys + - setup-workflow-step-runner + when: + - input: "$(tasks.setup-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: import-pgp-keys + workspaces: + - name: home + workspace: home + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: pgpKeysSecretName + value: $(params.pgpKeysSecretName) + + ######################### + # Continues Integration # + ######################### + - name: ci-stage-gate + runAfter: + - setup-app-clone + - setup-workflow-step-runner + - setup-pgp-keys + taskRef: + kind: ClusterTask + name: pattern-matcher + params: + - name: verbose + value: $(params.verbose) + - name: input + value: $(params.appRepoRef) + - name: pattern + value: "$(params.ciOnlyGitRefPatterns)|$(params.devGitRefPatterns)|$(params.releaseGitRefPatterns)" + + ######################### + # CI: Generate Metadata # + ######################### + - name: ci-generate-metadata + runAfter: + - ci-stage-gate + when: + - input: "$(tasks.ci-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: generate-metadata + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + + ####################### + # CI: Tag Source Code # + ####################### + - name: ci-tag-source-code + runAfter: + - ci-generate-metadata + when: + - input: "$(tasks.ci-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: tag-source + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + + ###################### + # CI: Run Unit Tests # + ###################### + - name: ci-run-unit-tests + runAfter: + - ci-tag-source-code + when: + - input: "$(tasks.ci-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageUnitTest) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: unit-test + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + + ########################### + # CI: Package Application # + ########################### + - name: ci-package-application + runAfter: + - ci-run-unit-tests + when: + - input: "$(tasks.ci-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImagePackage) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: package + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + + ############################ + # CI: Static Code Analysis # + ############################ + - name: ci-static-code-analysis + runAfter: + - ci-package-application + when: + - input: "$(tasks.ci-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageStaticCodeAnalysis) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: static-code-analysis + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + + ###################################### + # CI: Push Application to Repository # + ###################################### + - name: ci-push-application-to-repository + runAfter: + - ci-static-code-analysis + when: + - input: "$(tasks.ci-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImagePushArtifacts) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: push-artifacts + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + + ############################## + # CI: Create Container Image # + ############################## + - name: ci-create-container-image + runAfter: + - ci-push-application-to-repository + when: + - input: "$(tasks.ci-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageContainerOperations) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: create-container-image + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + + ######################################## + # CI: Static Image Scan: Vulnerability # + ######################################## + - name: ci-static-image-scan-vulnerability + runAfter: + - ci-create-container-image + when: + - input: "$(tasks.ci-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageContainerImageStaticVulnerabilityScan) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: container-image-static-vulnerability-scan + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + + ########################################## + # CI: Push Container Image to Repository # + ########################################## + - name: ci-push-container-image-to-repository + runAfter: + - ci-static-image-scan-vulnerability + when: + - input: "$(tasks.ci-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageContainerOperations) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: push-container-image + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + + ####### + # DEV # + ####### + - name: dev-stage-gate + runAfter: + - ci-push-container-image-to-repository + taskRef: + kind: ClusterTask + name: pattern-matcher + params: + - name: verbose + value: $(params.verbose) + - name: input + value: $(params.appRepoRef) + - name: pattern + value: $(params.devGitRefPatterns) + + ##################################### + # DEV: Deploy or Update Environment # + ##################################### + - name: dev-deploy-or-update-environment + runAfter: + - dev-stage-gate + when: + - input: "$(tasks.dev-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageDeploy) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: deploy + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + - name: environment + value: $(params.envNameDev) + + ################################## + # DEV: Run User Acceptance Tests # + ################################## + - name: dev-run-user-acceptance-tests + runAfter: + - dev-deploy-or-update-environment + when: + - input: "$(tasks.dev-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageUAT) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: uat + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + - name: environment + value: $(params.envNameDev) + + ######## + # TEST # + ######## + - name: test-stage-gate + runAfter: + # NOTE: + # We would prefer to say this runs after the DEV stage finishes.... + # but....https://github.com/tektoncd/pipeline/issues/2127. Which means + # If the DEV stage is skipped then this stage will be skipped too because the + # dev-run-user-acceptance-tests task was skipped so the runAfter makes it so this step + # would never run. + - ci-push-container-image-to-repository + #- dev-run-user-acceptance-tests + taskRef: + kind: ClusterTask + name: pattern-matcher + params: + - name: verbose + value: $(params.verbose) + - name: input + value: $(params.appRepoRef) + - name: pattern + value: $(params.releaseGitRefPatterns) + + ###################################### + # TEST: Deploy or Update Environment # + ###################################### + - name: test-deploy-or-update-environment + runAfter: + - test-stage-gate + when: + - input: "$(tasks.test-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageDeploy) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: deploy + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + - name: environment + value: $(params.envNameTest) + + ################################### + # TEST: Run User Acceptance Tests # + ################################### + - name: test-run-user-acceptance-tests + runAfter: + - test-deploy-or-update-environment + when: + - input: "$(tasks.test-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageUAT) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: uat + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + - name: environment + value: $(params.envNameTest) + + ######## + # PROD # + ######## + - name: prod-stage-gate + runAfter: + - test-run-user-acceptance-tests + taskRef: + kind: ClusterTask + name: pattern-matcher + params: + - name: verbose + value: $(params.verbose) + - name: input + value: $(params.appRepoRef) + - name: pattern + value: $(params.releaseGitRefPatterns) + + ###################################### + # PROD: Deploy or Update Environment # + ###################################### + - name: prod-deploy-or-update-environment + runAfter: + - prod-stage-gate + when: + - input: "$(tasks.prod-stage-gate.results.matches)" + operator: in + values: ["true"] + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageDeploy) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: deploy + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + - name: environment + value: $(params.envNameProd) + + finally: + ########## + # Report # + ########## + - name: report + taskRef: + kind: ClusterTask + name: ploigos-step-runner + workspaces: + - name: home + workspace: home + - name: app + workspace: app + {{- if $.Values.global.separatePlatformConfig }} + - name: ploigos-platform-config + workspace: ploigos-platform-config + - name: ploigos-platform-config-secrets + workspace: ploigos-platform-config-secrets + {{- end }} + params: + - name: verbose + value: $(params.verbose) + - name: image + value: $(params.workflowWorkerImageDefault) + - name: imagePullPolicy + value: $(params.workflowWorkersImagePullPolicy) + - name: stepRunnerPackageName + value: $(params.stepRunnerPackageName) + - name: venvPath + value: $(tasks.setup-workflow-step-runner.results.venvPath) + - name: stepName + value: report + - name: stepRunnerConfigDir + value: $(params.stepRunnerConfigDir) + - name: environment + value: $(params.envNameProd) diff --git a/charts/ploigos-workflow/typical-tekton-pipeline/templates/_helpers.tpl b/charts/ploigos-workflow/typical-tekton-pipeline/templates/_helpers.tpl new file mode 100644 index 0000000..a5db226 --- /dev/null +++ b/charts/ploigos-workflow/typical-tekton-pipeline/templates/_helpers.tpl @@ -0,0 +1,53 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "ploigos-workflow-tekton-pipeline.name" -}} +{{- .Values.global.nameOverride | default .Values.nameOverride | default .Chart.Name | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ploigos-workflow-tekton-pipeline.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ploigos-workflow-tekton-pipeline.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "ploigos-workflow.labels" -}} +helm.sh/chart: {{ include "ploigos-workflow-tekton-pipeline.chart" . }} +{{ include "ploigos-workflow.selectorLabels" . }} +{{- if .Chart.AppVersion }} +ploigos/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/component: ploigos-workflow +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "ploigos-workflow.selectorLabels" -}} +app.kubernetes.io/name: {{ (required "Global Value is required: serviceName" .Values.global.serviceName) }} +app.kubernetes.io/part-of: {{ (required "Global Value is required: applicationName" .Values.global.applicationName) }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/ploigos-workflow/typical-tekton-pipeline/values.yaml b/charts/ploigos-workflow/typical-tekton-pipeline/values.yaml new file mode 100644 index 0000000..40dd34e --- /dev/null +++ b/charts/ploigos-workflow/typical-tekton-pipeline/values.yaml @@ -0,0 +1,326 @@ +# NOTE +# These are all global so that user doesn't have to know which child chart actually uses them +# and rather just interacts with the cohesive system. +# +# Would have rather had them be scoped to the parent Chart and then re-pass them to child Chart +# but no way to do that with Helm. +global: + # verbose is whether various Workflow systems are more verbose, + # ie setting 'set -x' in *sh commands. + # Useful for debugging. + # Required + verbose: false + + # serviceName is the name of the the service within a given application (applicationName) + # that this Workflow is being deployed for. + # In many places serviceName and applicationName will be combined to make + # unique names for created resources. + # Required. + serviceName: + + # applicationName is the name of the application that contains the service (serviceName) + # that this Workflow is being deployed for. + # In many places serviceName and applicationName will be combined to make + # unique names for created resources. + # Required. + applicationName: + + # eventListenerCreateRoute is boolean whether to create a Route to the EventListener. + # Routes are specific to OpenShift but are convenient in that they can auto-generate + # a host name for the Route. + # If true then eventListenerRouteHostOverride maybe specified. + # If false then eventListenerRouteHostOverride is ignored. + eventListenerCreateRoute: true + + # eventListenerCreateIngress is boolean whether to create an Ingress to the EventListener. + # If true then eventListenerIngressHost must be specified. + # If false then eventListenerIngressHost is ignored. + eventListenerCreateIngress: false + + # eventListenerRouteHostOverride is an optional override to the Kubernetes Route host + # field. + # If eventListenerCreateRoute is true and eventListenerRouteHostOverride is provided + # eventListenerRouteHostOverride will be used as the Route host + # (https://docs.openshift.com/container-platform/4.6/rest_api/network_apis/route-route-openshift-io-v1.html). + # If eventListenerCreateRoute is false then eventListenerRouteHostOverride is ignored. + # + # This is useful if you want control over what the URI is for the EventListener which will + # ultimately need to be configured in your Source Control projects Webhook settings. + # Optional. + eventListenerRouteHostOverride: + + # eventListenerIngressHost is the value to use for the host filed for the Ingress resource + # directed to the Service created by the EventListener. + # Ignored if eventListenerCreateIngress is false. + # Required if eventListenerCreateIngress is true. + eventListenerIngressHost: + + # cleanupPipelineRunsToKeep is the number of Tekton PipelineRuns to keep when automatically + # deleting old PipelineRuns for a given Pipeline. + # Required. + cleanupPipelineRunsToKeep: 10 + # cleanupPipelineRunsSchedule is the cron schedule for how often the CronJob for deleting + # old PipelineRuns is run. + # Required. + cleanupPipelineRunsSchedule: "*/15 * * * *" + # cleanupPipelineSuccessfulJobHistoryLimit is the number of Job resources to keep created + # by the CronJob for deleting old PipelineRuns. + # Required. + cleanupPipelineSuccessfulJobHistoryLimit: 5 + # cleanupPipelineFailedJobHistoryLimit is the number of failed Job resources to keep created + # by the CronJob for deleting old PipelineRuns. + # Required. + cleanupPipelineFailedJobHistoryLimit: 1 + # cleanupPipelineStartingDeadlineSeconds is the startingDeadlineSeconds for the CronJob + # that deletes old PipelineRuns. + # This is important if your Kubernetes Cluster isn't always on because the CronJob will + # think it failed to run while the Kubernetes Cluster was off and then stop attempting to run + # all together. Therefor this number should be long enough to cover any planned outage periods. + # See https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#cron-job-limitations + # Required. + cleanupPipelineStartingDeadlineSeconds: 600 + # cleanupPipelineCronJobImage is the container image to use when running the CronJob to + # delete old PipelineRuns. + # This image must have the 'kubectl' binary installed compatible with the Kubernetes Cluster + # the CronJob is running on. + # Required. + cleanupPipelineCronJobImage: ploigos/ploigos-base:latest + + # stepRunnerPackageName is the name of the python package to use as the Workflow Step Runner. + stepRunnerPackageName: ploigos-step-runner + # stepRunnerUpdateLibrary is whether or not to update the Workflow Step Runner Python library + # installed in the workflow worker images. + # If 'true', then pull the Workflow Step Runner library source code and build it. + # If 'false', use the version of the Workflow Step Runner library that is pre-installed + # in the CI worker images. + # + # If 'false' then the following parameters are ignored: + # - 'stepRunnerLibSourceUrl' + # - 'stepRunnerLibIndexUrl' + # - 'stepRunnerLibExtraIndexUrl' + # - 'stepRunnerLibVersion' + # Required. + stepRunnerUpdateLibrary: false + # stepRunnerLibSourceUrl is the optional URI for where to install/update the Workflow Step Runner + # from. + # If none empty value given and 'stepRunnerUpdateLibrary' is true this will be used as the source + # location to install the Workflow Step Runner library from rather then from a PEP 503 compliant + # repository. + # + # If given then the following parameters are ignored: + # - 'stepRunnerLibIndexUrl' + # - 'stepRunnerLibExtraIndexUrl' + # - 'stepRunnerLibVersion' + # + # EXAMPLES + # -------- + # git+https://github.com/ploigos/ploigos-step-runner.git@feature/NAPSSPO-1018 + # installs from the public 'ploigos' fork from the 'feature/NAPSSPO-1018' branch. + # + # git+https://gitea.internal.example.xyz/tools/ploigos-step-runner.git@main + # installs from an internal fork of the step runner library from the 'main' branch. + # Optional. + stepRunnerLibSourceUrl: + # stepRunnerLibIndexUrl is the optional Python PIP index url to use when + # installing/updateing the Step Runner python library. + # If 'stepRunnerUpdateLibrary' is true and 'stepRunnerLibSourceUrl' is not supplied then this + # will be passed to pip as '--index-url' for installing the Workflow Step Runner library + # and its dependencies. + # + # NOTE + # ---- + # PIP is indeterminate whether it will pull packages from '--index-url' or + # '--extra-index-url', therefor be sure to specify 'stepRunnerLibVersion' + # if trying to pull a specific version from a specific index. + # + # SEE + # --- + # - https://pip.pypa.io/en/stable/reference/pip_install/#id48 + # Optional. + stepRunnerLibIndexUrl: https://pypi.org/simple/ + # stepRunnerLibExtraIndexUrl is the optional Python PIP extra index url to use when + # installing/updateing the Step Runner python library. + # If 'stepRunnerUpdateLibrary' is true and 'stepRunnerLibSourceUrl' is not supplied then this + # will be passed to pip as '--extra-index-url' for installing the Workflow Step Runner library + # and its dependencies. + # + # NOTE + # ---- + # PIP is indeterminate whether it will pull packages from '--index-url' or + # '--extra-index-url', therefor be sure to specify 'stepRunnerLibVersion' + # if trying to pull a specific version from a specific index. + # + # SEE + # --- + # - https://pip.pypa.io/en/stable/reference/pip_install/#id48 + # Optional. + stepRunnerLibExtraIndexUrl: https://pypi.org/simple/ + # stepRunnerLibVersion is the version of the Workflow Step Runner Python library to install. + # If 'stepRunnerUpdateLibrary' is true and 'stepRunnerLibSourceUrl' is not supplied then this + # will be passed to pip as as the version of the Workflow Step Runner library to install. + # + # NOTE + # ---- + # If not given pip will install the latest from either 'stepRunnerLibIndexUrl' or + # 'stepRunnerLibExtraIndexUrl' indeterminately. + # Optional. + stepRunnerLibVersion: + + # envNameDev is the name of the "Development" environment used in the Step Runner configuration + # files and to pass to the Workflow Step Runner when running a step targeted to + # the "Development" environment. + # Required. + envNameDev: DEV + # envNameTest is the name of the "Test" environment used in the Step Runner configuration + # files and to pass to the Workflow Step Runner when running a step targeted to + # the "Test" environment. + # Required. + envNameTest: TEST + # envNameProd is the name of the "Production" environment used in the Step Runner configuration + # files and to pass to the Workflow Step Runner when running a step targeted to + # the "Production" environment. + # Required. + envNameProd: PROD + + # ciOnlyGitRefPatterns is the regex pattern for git references that should only go through the + # Continues Integration (CI) workflow. + # Required. + ciOnlyGitRefPatterns: "^$" + # devGitRefPatterns is the Regex pattern for git references that should go through the + # Continues Integration (CI) workflow and then the deployment to + # "Development" environment(s) (IE: "DEV" environment) workflow. + # Required. + devGitRefPatterns: "^feature/.+$|^PR-.+$" + # releaseGitRefPatterns is the Regex pattern for git references that should go through the + # Continues Integration (CI) workflow and then the deployment to + # "Release" environment(s) (IE: "TEST" and then "PROD" environments) workflow. + # Required. + releaseGitRefPatterns: "^main$" + + # pgpKeysSecretNameOverride is the optional override for Kubernetes Secret name to + # attach to the workflow worker containers for importing PGP keys, most notably used to + # decrypt SOPS encrypted configuration files. + # + # This is most useful if you don't want to supply your PGP keys via the pgpKeys parameter + # and have a Kubernetes Secret automatically created for you but rather reference an already + # existing Secret. + # Optional. + pgpKeysSecretNameOverride: + # pgpKeys is a dictionary of PGP keys to place into a Kubernetes Secret and then attach to the + # Workflow worker containers to then import for usel most notably used to decrypt SOPS + # encrypted configuration files. + # Optional. + pgpKeys: {} + + # stepRunnerConfigDir is the path to the Step Runner configuration to pass to the + # Workflow Step Runner when running workflow steps. + stepRunnerConfigDir: + + # workflowWorkerHomeDirPVCRequestSize is the size of the PVC to request for the home directory + # of the workflow worker containers. + # The home directory is typically where tools like Buildah will store built container images + # so this needs to be large enough to fit all the layers and dependencies of whatever container + # images are being built. + workflowWorkerHomeDirPVCRequestSize: 10Gi + # workflowWorkerAppDirPVCRequestSize is the size of the PVC to request for the application + # directory of the workflow worker containers. + # The application directory is where the application will be checkedout from source and where + # any building/packaging for the application will take place so it must be large enough to + # fit those resources. + workflowWorkerAppDirPVCRequestSize: 1Gi + + # workflowWorkerRunAsUser is the UID to run the workflow worker containers as. + # + # IMPORTANT: + # From experimentation this NEEDS be a UID that exists in the worker container images + # images. This is due to limitations of how subuid, subgid, and namespaces work + # and their appropriate ranges not being created for random UID is not created + # with `useradd` and how that interacts with `buildah unshare` for rootless + # container builds within a container. + # + # NOTE: + # The quay.io/ploigos/ploigos-base image uses UID 1001 but if you don't like that UID + # then you can use https://github.com/ploigos/ploigos-containers to create custom + # versions of the Ploigos workflow containers and passing in the container ARG + # `PLOIGOS_USER_UID` to change the UID. + workflowWorkerRunAsUser: 1001 + # workflowWorkerRunAsUserRoleName is the name of the Kubernetes Role that has permissions + # to run as the UID specified with workflowWorkerRunAsUser. + # A RoleBinding will be created and attached the ServiceAccount that is used to run + # the workflow Pods. + workflowWorkerRunAsUserRoleName: ploigos-run-as-user-1001 + + # workflowWorkerImageDefault is the container image to use when creating a workflow worker + # to run pipeline steps when no other specific container image has been specified for that step. + workflowWorkerImageDefault: ploigos/ploigos-base:latest + # workflowWorkerImageSourceClone is the container image to use when creating a workflow worker + # to run pipeline steps when performing source clone step(s). + workflowWorkerImageSourceClone: 'gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.12.1' + # workflowWorkerImageUnitTest is the container image to use when creating a workflow worker + # to run pipeline steps when performing unit test step(s). + workflowWorkerImageUnitTest: + # workflowWorkerImagePackage is the container image to use when creating a workflow worker + # to run pipeline steps when performing package application step(s). + workflowWorkerImagePackage: + # workflowWorkerImageStaticCodeAnalysis is the container image to use when creating a workflow worker + # to run pipeline steps when performing static code analysis step(s). + workflowWorkerImageStaticCodeAnalysis: + # workflowWorkerImagePushArtifacts is the container image to use when creating a workflow worker + # to run pipeline steps when performing push push packaged artifacts step(s). + workflowWorkerImagePushArtifacts: + # workflowWorkerImageContainerOperations is the + # container image to use when creating a workflow worker + # to run pipeline steps when performing container operations (build/push/etc) step(s). + workflowWorkerImageContainerOperations: ploigos/ploigos-tool-containers:latest + # workflowWorkerImageContainerImageStaticComplianceScan is the + # container image to use when creating a workflow worker + # to run pipeline steps when performing container image static compliance scan step(s). + workflowWorkerImageContainerImageStaticComplianceScan: ploigos/ploigos-tool-openscap:latest + # workflowWorkerImageContainerImageStaticVulnerabilityScan is the + # container image to use when creating a workflow worker to run pipeline steps + # when performing container image static vulnerability scan step(s). + workflowWorkerImageContainerImageStaticVulnerabilityScan: ploigos/ploigos-tool-openscap:latest + # workflowWorkerImageDeploy is the container image to use when creating a workflow worker + # to run pipeline steps when performing deploy step(s). + workflowWorkerImageDeploy: ploigos/ploigos-tool-argocd:latest + # workflowWorkerImageValidateEnvironmentConfiguraiton is the + # container image to use when creating a workflow worker + # to run pipeline steps when performing validate environment configuration step(s). + workflowWorkerImageValidateEnvironmentConfiguraiton: ploigos/ploigos-tool-config-lint:latest + # workflowWorkerImageUAT is the container image to use when creating a workflow worker + # to run pipeline steps when performing user acceptance tests (UAT) step(s). + workflowWorkerImageUAT: + + # tektonGitSSHKeys is a dictionary of private SSH keys to use with various + # Git source control services. + # + # EXMAPLE + # ------- + # tektonGitSSHKeys + # gitea-external: # this can be arbitrary + # gitURLs: # this should be an array of git URIs to use this SSH key for + # - gitea-ext.gitea:2022 + # - gitea.ploigos.xyz:2022 + # known_hosts: | # values to put in known hosts to trust the the certificates from the Git server + # [gitea.ploigos.xyz]:2022,[gitea-ext.gitea]:2022 ssh-rsa AAAAB3NzaC1yc2EAAAADAQAB... + # ssh-privatekey: | # SSH private key to use for authentication + # + # + # SEE + # --- + # https://github.com/tektoncd/pipeline/blob/master/docs/auth.md#configuring-ssh-auth-authentication-for-git + tektonGitSSHKeys: {} + + # Flag indicating that platform-level configuration is separate from + # app-level configuration, and that the ploigos-step-runner ClusterTask + # should expect to find: + # - Platform config mounted in /opt/ploigos-platform-config + # - Platform config secrets mounted in /opt/ploigos-platform-config-secrets + # + # This flag also adds two workspaces to the pipeline template: + # - ploigos-platform-config: for mounting a ConfigMap + # - ploigos-platform-config-secrets: for mounting a Secret + separatePlatformConfig: false + +ploigos-workflow-tekton-shared-resources: + nameOverride: ploigos-workflow-standard-tekton-pipeline From 96ab00c36e13aff4f4e2a8577b1da720a9ee9d1d Mon Sep 17 00:00:00 2001 From: Ian Tewksbury Date: Wed, 23 Jun 2021 07:04:43 -0400 Subject: [PATCH 3/5] increment to 0.17.-edge.0 --- charts/ploigos-workflow/everything-tekton-pipeline/Chart.yaml | 2 +- charts/ploigos-workflow/minimal-tekton-pipeline/Chart.yaml | 2 +- charts/ploigos-workflow/shared-resources/Chart.yaml | 2 +- charts/ploigos-workflow/tekton-cluster-resources/Chart.yaml | 2 +- charts/ploigos-workflow/tekton-shared-resources/Chart.yaml | 2 +- charts/ploigos-workflow/typical-tekton-pipeline/Chart.yaml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/ploigos-workflow/everything-tekton-pipeline/Chart.yaml b/charts/ploigos-workflow/everything-tekton-pipeline/Chart.yaml index cc80042..0df2289 100644 --- a/charts/ploigos-workflow/everything-tekton-pipeline/Chart.yaml +++ b/charts/ploigos-workflow/everything-tekton-pipeline/Chart.yaml @@ -11,4 +11,4 @@ dependencies: - name: ploigos-workflow-tekton-shared-resources version: ">= 0.0.0 || >= 0.0.0-0" # MANAGED BY: GitHub workflow -version: 0.16.3-edge.2 +version: 0.17.0-edge.0 diff --git a/charts/ploigos-workflow/minimal-tekton-pipeline/Chart.yaml b/charts/ploigos-workflow/minimal-tekton-pipeline/Chart.yaml index 1e09d33..19e07ff 100644 --- a/charts/ploigos-workflow/minimal-tekton-pipeline/Chart.yaml +++ b/charts/ploigos-workflow/minimal-tekton-pipeline/Chart.yaml @@ -11,4 +11,4 @@ dependencies: - name: ploigos-workflow-tekton-shared-resources version: ">= 0.0.0 || >= 0.0.0-0" # MANAGED BY: GitHub workflow -version: 0.16.3-edge.2 +version: 0.17.0-edge.0 diff --git a/charts/ploigos-workflow/shared-resources/Chart.yaml b/charts/ploigos-workflow/shared-resources/Chart.yaml index 7930792..7940aca 100644 --- a/charts/ploigos-workflow/shared-resources/Chart.yaml +++ b/charts/ploigos-workflow/shared-resources/Chart.yaml @@ -11,4 +11,4 @@ maintainers: - name: Red Hat, Inc. email: ploigos@redhat.com # MANAGED BY: GitHub workflow -version: 0.16.3-edge.2 +version: 0.17.0-edge.0 diff --git a/charts/ploigos-workflow/tekton-cluster-resources/Chart.yaml b/charts/ploigos-workflow/tekton-cluster-resources/Chart.yaml index 39aa390..8a2ebf2 100644 --- a/charts/ploigos-workflow/tekton-cluster-resources/Chart.yaml +++ b/charts/ploigos-workflow/tekton-cluster-resources/Chart.yaml @@ -8,4 +8,4 @@ maintainers: - name: Red Hat, Inc. email: ploigos@redhat.com # MANAGED BY: GitHub workflow -version: 0.16.3-edge.2 +version: 0.17.0-edge.0 diff --git a/charts/ploigos-workflow/tekton-shared-resources/Chart.yaml b/charts/ploigos-workflow/tekton-shared-resources/Chart.yaml index 36ad7d3..cf2046c 100644 --- a/charts/ploigos-workflow/tekton-shared-resources/Chart.yaml +++ b/charts/ploigos-workflow/tekton-shared-resources/Chart.yaml @@ -13,4 +13,4 @@ dependencies: - name: ploigos-workflow-shared-resources version: ">= 0.0.0 || >= 0.0.0-0" # MANAGED BY: GitHub workflow -version: 0.16.3-edge.2 +version: 0.17.0-edge.0 diff --git a/charts/ploigos-workflow/typical-tekton-pipeline/Chart.yaml b/charts/ploigos-workflow/typical-tekton-pipeline/Chart.yaml index 6240262..c46818a 100644 --- a/charts/ploigos-workflow/typical-tekton-pipeline/Chart.yaml +++ b/charts/ploigos-workflow/typical-tekton-pipeline/Chart.yaml @@ -11,4 +11,4 @@ dependencies: - name: ploigos-workflow-tekton-shared-resources version: ">= 0.0.0 || >= 0.0.0-0" # MANAGED BY: GitHub workflow -version: 0.16.3-edge.2 +version: 0.17.0-edge.0 From f322d7d1d71d3ac0cb9c46cee61037353dc2d916 Mon Sep 17 00:00:00 2001 From: Ian Tewksbury Date: Wed, 23 Jun 2021 07:10:00 -0400 Subject: [PATCH 4/5] fix notes --- .../everything-tekton-pipeline/templates/NOTES.txt | 4 ++-- .../minimal-tekton-pipeline/templates/NOTES.txt | 2 +- .../typical-tekton-pipeline/templates/NOTES.txt | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/ploigos-workflow/everything-tekton-pipeline/templates/NOTES.txt b/charts/ploigos-workflow/everything-tekton-pipeline/templates/NOTES.txt index 4cb0434..5d01702 100644 --- a/charts/ploigos-workflow/everything-tekton-pipeline/templates/NOTES.txt +++ b/charts/ploigos-workflow/everything-tekton-pipeline/templates/NOTES.txt @@ -1,8 +1,8 @@ ********************************************* -* ploigos-workflow-standard-tekton-pipeline * +* ploigos-workflow-everything-tekton-pipeline * ********************************************* -Installed Ploigos Workflow (Standard) +Installed Ploigos Workflow (Everything) * Tekton Pipeline: {{ include "ploigos-workflow-tekton.pipelineName" . }} * Application: {{ $.Values.global.applicationName }} * Service: {{ $.Values.global.serviceName }} diff --git a/charts/ploigos-workflow/minimal-tekton-pipeline/templates/NOTES.txt b/charts/ploigos-workflow/minimal-tekton-pipeline/templates/NOTES.txt index 6d7fb82..9aecc34 100644 --- a/charts/ploigos-workflow/minimal-tekton-pipeline/templates/NOTES.txt +++ b/charts/ploigos-workflow/minimal-tekton-pipeline/templates/NOTES.txt @@ -1,5 +1,5 @@ ********************************************* -* ploigos-workflow-standard-tekton-pipeline * +* ploigos-workflow-minimal-tekton-pipeline * ********************************************* Installed Ploigos Workflow (Minimal) diff --git a/charts/ploigos-workflow/typical-tekton-pipeline/templates/NOTES.txt b/charts/ploigos-workflow/typical-tekton-pipeline/templates/NOTES.txt index 4cb0434..53f636f 100644 --- a/charts/ploigos-workflow/typical-tekton-pipeline/templates/NOTES.txt +++ b/charts/ploigos-workflow/typical-tekton-pipeline/templates/NOTES.txt @@ -1,8 +1,8 @@ ********************************************* -* ploigos-workflow-standard-tekton-pipeline * +* ploigos-workflow-typical-tekton-pipeline * ********************************************* -Installed Ploigos Workflow (Standard) +Installed Ploigos Workflow (Typical) * Tekton Pipeline: {{ include "ploigos-workflow-tekton.pipelineName" . }} * Application: {{ $.Values.global.applicationName }} * Service: {{ $.Values.global.serviceName }} From 9dda7e2f36a81d1c6fef3f74222dfbe60e570f94 Mon Sep 17 00:00:00 2001 From: Ian Tewksbury Date: Wed, 23 Jun 2021 07:15:00 -0400 Subject: [PATCH 5/5] .github pull-request workflow - add cancel previous job --- .github/workflows/pull-request.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index d8800ba..21d73bf 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -13,7 +13,17 @@ env: CHARTS_DIR: 'charts/ploigos-workflow' jobs: + cancel-previous: + runs-on: ubuntu-latest + steps: + - name: Cancel Previous Runs + uses: styfle/cancel-workflow-action@0.5.0 + with: + access_token: ${{ github.token }} + lint: + needs: + - cancel-previous runs-on: ubuntu-latest strategy: fail-fast: false @@ -40,6 +50,8 @@ jobs: run: ${GITHUB_WORKSPACE}/.github/scripts/lint.sh install-test: + needs: + - cancel-previous runs-on: ubuntu-latest steps: - name: Checkout ๐Ÿ›Ž๏ธ