From 2a23236c3e4696d0f1c13d4839181cc6d3ab59cf Mon Sep 17 00:00:00 2001 From: Max batleforc Date: Sat, 24 Aug 2024 00:04:46 +0200 Subject: [PATCH] feat: mise en place basic cicd (build and deploy only) [HOOK FAIL OK] --- cicd/templates/eventListener.yaml | 87 ++++++++ .../pull_request/triggerBindingPr.yaml | 13 ++ cicd/templates/push/pipelinePush.yaml | 186 ++++++++++++++++++ cicd/templates/push/triggerBindingPush.yaml | 12 ++ cicd/templates/push/triggerTemplatePush.yaml | 57 ++++++ .../tag_created/triggerBindingTagCreated.yaml | 13 ++ cicd/values.yaml | 33 ++++ libs/front/api-client/.eslintrc.json | 2 +- 8 files changed, 402 insertions(+), 1 deletion(-) create mode 100644 cicd/templates/eventListener.yaml create mode 100644 cicd/templates/pull_request/triggerBindingPr.yaml create mode 100644 cicd/templates/push/pipelinePush.yaml create mode 100644 cicd/templates/push/triggerBindingPush.yaml create mode 100644 cicd/templates/push/triggerTemplatePush.yaml create mode 100644 cicd/templates/tag_created/triggerBindingTagCreated.yaml diff --git a/cicd/templates/eventListener.yaml b/cicd/templates/eventListener.yaml new file mode 100644 index 0000000..b014431 --- /dev/null +++ b/cicd/templates/eventListener.yaml @@ -0,0 +1,87 @@ +apiVersion: triggers.tekton.dev/v1alpha1 +kind: EventListener +metadata: + name: {{.Values.prefix}}-event-listener +spec: + serviceAccountName: {{.Values.prefix}}-sa + triggers: + {{- range $key, $val := .Values.build }} + - name: {{$.Values.prefix}}-trigger-push-{{- $key }} + interceptors: + - ref: + name: "github" + params: + - name: secretRef + value: + secretName: {{$.Values.secrets.githubTokenWebhook}} + secretKey: secretToken + - name: eventTypes + value: + - push + - name: "addChangedFiles" + value: + enabled: true + - ref: + name: "cel" + params: + - name: filter + value: "body.ref.startsWith('refs/heads/') && ({{- range $index, $folder := $val.folder }} extensions.changed_files.matches('{{$folder}}') {{- if ne $index (sub ($val.folder | len) 1) }} || {{- end }} {{- end }})" + - name: overlays + value: + - key: branch_name + expression: "body.ref.split('/')[2]" + bindings: + - ref: {{$.Values.prefix}}-trigger-binding-push + template: + ref: {{$.Values.prefix}}-pipeline-template-push-{{- $key -}} + {{- end }} + # - name: {{.Values.prefix}}-trigger-pr + # interceptors: + # - ref: + # name: "github" + # params: + # - name: secretRef + # value: + # secretName: {{.Values.secrets.githubTokenWebhook}} + # secretKey: secretToken + # - name: eventTypes + # value: + # - pull_request + # - ref: + # name: "cel" + # params: + # - name: filter + # value: "body.action == 'synchronize'" + # - name: overlays + # value: + # - key: branch_name + # expression: "body.pull_request.head.ref" + # bindings: + # - ref: {{.Values.prefix}}-trigger-binding-pr + # template: + # ref: {{.Values.prefix}}-pipeline-template-pr + # - name: {{.Values.prefix}}-trigger-tag-created + # interceptors: + # - ref: + # name: "github" + # params: + # - name: secretRef + # value: + # secretName: {{.Values.secrets.githubTokenWebhook}} + # secretKey: secretToken + # - name: eventTypes + # value: + # - create + # - ref: + # name: "cel" + # params: + # - name: filter + # value: "body.ref_type == 'tag'" + # - name: overlays + # value: + # - key: tag_name + # expression: "body.ref.split('/')[2]" + # bindings: + # - ref: {{.Values.prefix}}-trigger-binding-tag-created + # template: + # ref: {{.Values.prefix}}-pipeline-template-tag-created diff --git a/cicd/templates/pull_request/triggerBindingPr.yaml b/cicd/templates/pull_request/triggerBindingPr.yaml new file mode 100644 index 0000000..d834026 --- /dev/null +++ b/cicd/templates/pull_request/triggerBindingPr.yaml @@ -0,0 +1,13 @@ +# https://docs.github.com/en/webhooks/webhook-events-and-payloads?actionType=synchronize#pull_request +apiVersion: triggers.tekton.dev/v1alpha1 +kind: TriggerBinding +metadata: + name: {{.Values.prefix}}-trigger-binding-pr +spec: + params: + - name: gitrepositoryurl + value: $(body.repository.clone_url) + - name: gitrevision + value: $(body.head_commit.id) + - name: gitbranch + value: $(extensions.branch_name) diff --git a/cicd/templates/push/pipelinePush.yaml b/cicd/templates/push/pipelinePush.yaml new file mode 100644 index 0000000..4094e53 --- /dev/null +++ b/cicd/templates/push/pipelinePush.yaml @@ -0,0 +1,186 @@ +apiVersion: tekton.dev/v1beta1 +kind: Pipeline +metadata: + name: {{.Values.prefix}}-pipeline-push +spec: + ## TODO https://tekton.dev/docs/pipelines/pipelines/#using-execution-status-of-pipelinetask + description: | + This pipeline builds batleforc template-rust. + params: + - name: repo-url + type: string + description: The git repo URL to clone from. + - name: repo-branch + type: string + default: main + description: The git repo branch to clone from. + - name: repo-revision + type: string + default: main + description: The git repo revision to clone from. + - name: conteneurfile-path + type: string + default: . + description: The path to the conteneurfile to build. + - name: image-name + type: string + default: "docker.io/batleforc/back" + description: The name of the image to build. + - name: helm-path + type: string + default: "deploy/back" + description: The path to the helm chart to deploy. + - name: githubSecretName + type: string + default: "github-token" + description: The name of the secret containing the github token. + workspaces: + - name: shared-data + description: | + This workspace contains the cloned repo files, so they can be read by the + next task. + - name: dockerAuthConfig + description: | + This workspace contains the docker config.json file, so it can be used by + the next task. + - name: kubeconfig + description: | + This workspace contains the kubeconfig file, it define the namespace to rollout. + - name: githubTokenApi + description: | + This workspace contains the github token to use the github api. + - name: discordWebhook + description: | + This workspace contains the discord webhook to send messages. + tasks: + - name: github-status-pending + taskRef: + name: github-set-status + params: + - name: REPO_FULL_NAME + value: $(params.repo-url) + - name: SHA + value: $(params.repo-revision) + - name: DESCRIPTION + value: Monofolio build and push $(params.image-name) + - name: STATE + value: pending + - name: CONTEXT + value: monofolio-ci + - name: GITHUB_TOKEN_SECRET_NAME + value: $(params.githubSecretName) + - name: fetch-source + runAfter: ["github-status-pending"] + taskRef: + name: git-clone + workspaces: + - name: output + workspace: shared-data + params: + - name: url + value: $(params.repo-url) + - name: revision + value: $(params.repo-revision) + - name: build-docker + runAfter: ["fetch-source"] + taskRef: + name: build + workspaces: + - name: shared-data + workspace: shared-data + - name: dockerconfig + workspace: dockerAuthConfig + params: + - name: path-dockerfile + value: $(params.conteneurfile-path) + - name: context-dockerfile + value: . + - name: IMAGE + value: $(params.image-name) + - name: repo-branch + value: $(params.repo-branch) + # Directly upgrade the helm chart from the source code + # When argocd is ready, we will use it to deploy and upgrade the helm chart + - name: helm-upgrade + runAfter: ["build-docker"] + taskRef: + name: helm-upgrade-from-source + workspaces: + - name: source + workspace: shared-data + - name: kubeconfig-dir + workspace: kubeconfig + params: + - name: charts_dir + value: $(params.helm-path) + - name: release_name + value: $(params.repo-branch) + - name: release_namespace + value: {{.Release.Namespace}} + - name: overwrite_values + value: "image.tag=$(params.repo-branch),ingress.host={{.Values.config.domain}}" + finally: + - name: github-status-finally-succeeded + when: + - input: $(tasks.status) + operator: in + values: + - Succeeded + - Completed + taskRef: + name: github-set-status + params: + - name: REPO_FULL_NAME + value: $(params.repo-url) + - name: SHA + value: $(params.repo-revision) + - name: DESCRIPTION + value: Monofolio build and push $(params.image-name) + - name: CONTEXT + value: monofolio-ci + - name: GITHUB_TOKEN_SECRET_NAME + value: $(params.githubSecretName) + - name: STATE + value: success + - name: github-status-finally-failed + when: + - input: $(tasks.status) + operator: in + values: + - Failed + taskRef: + name: github-set-status + params: + - name: REPO_FULL_NAME + value: $(params.repo-url) + - name: SHA + value: $(params.repo-revision) + - name: DESCRIPTION + value: Monofolio build and push $(params.image-name) + - name: CONTEXT + value: monofolio-ci + - name: GITHUB_TOKEN_SECRET_NAME + value: $(params.githubSecretName) + - name: STATE + value: failure + - name: github-status-finally-error + when: + - input: $(tasks.status) + operator: in + values: + - None + taskRef: + name: github-set-status + params: + - name: REPO_FULL_NAME + value: $(params.repo-url) + - name: SHA + value: $(params.repo-revision) + - name: DESCRIPTION + value: Monofolio build and push $(params.image-name) + - name: CONTEXT + value: monofolio-ci + - name: GITHUB_TOKEN_SECRET_NAME + value: $(params.githubSecretName) + - name: STATE + value: error \ No newline at end of file diff --git a/cicd/templates/push/triggerBindingPush.yaml b/cicd/templates/push/triggerBindingPush.yaml new file mode 100644 index 0000000..b65ba29 --- /dev/null +++ b/cicd/templates/push/triggerBindingPush.yaml @@ -0,0 +1,12 @@ +apiVersion: triggers.tekton.dev/v1alpha1 +kind: TriggerBinding +metadata: + name: {{.Values.prefix}}-trigger-binding-push +spec: + params: + - name: gitrepositoryurl + value: $(body.repository.clone_url) + - name: gitrevision + value: $(body.head_commit.id) + - name: gitbranch + value: $(extensions.branch_name) diff --git a/cicd/templates/push/triggerTemplatePush.yaml b/cicd/templates/push/triggerTemplatePush.yaml new file mode 100644 index 0000000..c151b00 --- /dev/null +++ b/cicd/templates/push/triggerTemplatePush.yaml @@ -0,0 +1,57 @@ +{{- range $key, $val := .Values.build}} +--- +apiVersion: triggers.tekton.dev/v1alpha1 +kind: TriggerTemplate +metadata: + name: "{{$.Values.prefix}}-pipeline-template-push-{{- $key -}}" +spec: + params: + - name: gitrevision + description: The git revision (SHA) + default: master + - name: gitbranch + description: The git branch + default: master + - name: gitrepositoryurl + description: The git repository url ("https://github.com/batleforc/rust-template") + resourcetemplates: + - apiVersion: tekton.dev/v1beta1 + kind: PipelineRun + metadata: + generateName: {{$.Values.prefix}}-pipeline-push-{{- $key -}}-run- + spec: + pipelineRef: + name: {{$.Values.prefix}}-pipeline-push + workspaces: + - name: shared-data + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: local-path + {{- range $key, $value := $.Values.secrets }} + {{- if ne $key "githubTokenWebhook" }} + - name: {{ $key }} + secret: + secretName: {{ $value }} + {{- end }} + {{- end }} + params: + - name: repo-revision + value: $(tt.params.gitrevision) + - name: repo-branch + value: $(tt.params.gitbranch) + - name: repo-url + value: $(tt.params.gitrepositoryurl) + - name: conteneurfile-path + value: "{{ $val.file_path }}" + - name: image-name + value: "{{ $.Values.image.registry }}/{{ $val.imageName }}" + - name: helm-path + value: "{{ $val.helm }}" + - name: githubSecretName + value: "{{ $.Values.secrets.githubTokenApi }}" +{{- end}} \ No newline at end of file diff --git a/cicd/templates/tag_created/triggerBindingTagCreated.yaml b/cicd/templates/tag_created/triggerBindingTagCreated.yaml new file mode 100644 index 0000000..b889f5b --- /dev/null +++ b/cicd/templates/tag_created/triggerBindingTagCreated.yaml @@ -0,0 +1,13 @@ +# https://docs.github.com/en/webhooks/webhook-events-and-payloads?actionType=synchronize#pull_request +apiVersion: triggers.tekton.dev/v1alpha1 +kind: TriggerBinding +metadata: + name: {{.Values.prefix}}-trigger-binding-tag-created +spec: + params: + - name: gitrepositoryurl + value: $(body.repository.clone_url) + - name: gitrevision + value: $(body.head_commit.id) + - name: gittag + value: $(extensions.tag_name) diff --git a/cicd/values.yaml b/cicd/values.yaml index be7fa99..56497b5 100644 --- a/cicd/values.yaml +++ b/cicd/values.yaml @@ -3,3 +3,36 @@ task: baseImage: moby/buildkit:v0.15.2 helmUpgrade: baseImage: alpine/helm:3.15.4 + +prefix: "cicd-monofolio" + +secrets: + dockerAuthConfig: "docker-auth-config" + kubeconfig: "kubeconfig" + githubTokenApi: "github-token" + discordWebhook: "discord-webhook" + githubTokenWebhook: "github" + +build: + back: + folder: + - "apps/back/" + - "libs/back/" + - "folio_content/" + file_path: "build/back/Containerfile" + helm: "deploy/back" + imageName: "back" + front: + folder: + - "apps/front/" + - "libs/front/" + file_path: "build/front/Containerfile" + helm: "deploy/front" + imageName: "front" + + +image: + registry: "docker.io/batleforc" + +config: + domain: '{{- template "mychart.name" . }}.dev.mono-folio.com' diff --git a/libs/front/api-client/.eslintrc.json b/libs/front/api-client/.eslintrc.json index adbe7ae..3230caf 100644 --- a/libs/front/api-client/.eslintrc.json +++ b/libs/front/api-client/.eslintrc.json @@ -1,5 +1,5 @@ { - "extends": ["../../.eslintrc.json"], + "extends": ["../../../.eslintrc.json"], "ignorePatterns": ["!**/*"], "overrides": [ {