From 2dab74898be628de5bfb23ae35939d8783138f94 Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Sat, 16 Jan 2021 16:05:49 -0600 Subject: [PATCH] feat: Tekton/Gerrit interaction This PS adds the basic gerrit<->tekton interaction, which consists of two charts: * Jarvis-System: which launches a utility to scrape pending gerrit checks and rechecks, before forwarding requests to a tekton event- listener. This event listener then launches a pipeline that sets up the environment for the pipeline in the project repo to make use of. * Jarvis-Project: which launches a job, which sets up a repo in gerrit, configures the checks upon it, and addtionally sets up appropriate repos in harbor for oci images and helm charts. Note: This change makes use of the Jarvis-Connector, which is hosted here: * https://github.com/att-comdev/jarvis-connector Change-Id: I0ca023e357fb562b4f65e081a06ac6581471b4bc Signed-off-by: Pete Birley --- .../values_overrides/default-default.yaml | 5 +- charts/jarvis-project/.helmignore | 1 + charts/jarvis-project/Chart.yaml | 21 ++++ .../templates/Certificate-project.yaml | 24 ++++ .../jarvis-project/templates/Job-project.yaml | 80 +++++++++++++ .../templates/Secret-project.yaml | 14 +++ .../templates/helpers/_config.tpl | 28 +++++ .../templates/helpers/_labels.tpl | 49 ++++++++ .../jarvis-project/templates/helpers/_pod.tpl | 22 ++++ .../templates/helpers/_template.tpl | 107 ++++++++++++++++++ charts/jarvis-project/values.schema.json | 93 +++++++++++++++ charts/jarvis-project/values.yaml | 34 ++++++ charts/jarvis-system/.helmignore | 1 + charts/jarvis-system/Chart.yaml | 21 ++++ .../templates/Certificate-el.yaml | 24 ++++ .../templates/ClusterRole-el.yaml | 12 +- .../templates/ClusterRoleBinding-el.yaml | 17 +++ .../templates/Deployment-connector.yaml | 66 +++++++++++ .../templates/EventListener-system.yaml | 41 +++++++ .../templates/Pipeline-create.yaml | 48 ++++++++ .../templates/Pipeline-createFailure.yaml | 31 +++++ .../templates/Pipeline-createSuccess.yaml | 31 +++++ .../templates/Secret-gerrit.yaml | 13 +++ .../templates/ServiceAccount-el.yaml | 9 ++ .../templates/Task-createCheckoutRepo.yaml | 69 +++++++++++ .../templates/Task-createFailure.yaml | 60 ++++++++++ .../Task-createRegisterScheduled.yaml | 59 ++++++++++ .../templates/Task-createSuccess.yaml | 59 ++++++++++ .../templates/TriggerBinding-create.yaml | 21 ++++ .../TriggerBinding-createResult.yaml | 21 ++++ .../templates/TriggerTemplate-create.yaml | 38 +++++++ .../TriggerTemplate-createFailure.yaml | 35 ++++++ .../TriggerTemplate-createSuccess.yaml | 35 ++++++ .../templates/helpers/_config.tpl | 28 +++++ .../templates/helpers/_labels.tpl | 49 ++++++++ .../jarvis-system/templates/helpers/_pod.tpl | 22 ++++ .../templates/helpers/_template.tpl | 107 ++++++++++++++++++ charts/jarvis-system/values.schema.json | 93 +++++++++++++++ charts/jarvis-system/values.yaml | 43 +++++++ .../values_overrides/default.yaml | 4 + charts/tekton-triggers/values.yaml | 6 +- tools/deployment/vagrant/Vagrantfile | 2 + tools/gate/jarvis/500-deploy-gerrit.sh | 26 +++++ tools/gate/jarvis/600-deploy-tekton.sh | 96 +--------------- tools/gate/jarvis/700-deploy-jarvis-system.sh | 13 +++ .../gate/jarvis/800-deploy-jarvis-projects.sh | 67 +++++++++++ .../yaml/eventlisteners/eventlistener.yaml | 14 --- .../tekton/yaml/example-pipeline.yaml | 43 ------- .../clusterbinding.yaml | 12 -- .../tekton/yaml/role-resources/secret.yaml | 7 -- .../yaml/role-resources/serviceaccount.yaml | 6 - .../triggerbinding-roles/binding.yaml | 11 -- .../triggerbinding-roles/role.yaml | 20 ---- .../triggerbinding-message.yaml | 8 -- .../yaml/triggerbindings/triggerbinding.yaml | 10 -- .../triggertemplates/triggertemplate.yaml | 33 ------ zuul.d/jobs.yaml | 2 + 57 files changed, 1645 insertions(+), 266 deletions(-) create mode 100644 charts/jarvis-project/.helmignore create mode 100644 charts/jarvis-project/Chart.yaml create mode 100644 charts/jarvis-project/templates/Certificate-project.yaml create mode 100644 charts/jarvis-project/templates/Job-project.yaml create mode 100644 charts/jarvis-project/templates/Secret-project.yaml create mode 100644 charts/jarvis-project/templates/helpers/_config.tpl create mode 100644 charts/jarvis-project/templates/helpers/_labels.tpl create mode 100644 charts/jarvis-project/templates/helpers/_pod.tpl create mode 100644 charts/jarvis-project/templates/helpers/_template.tpl create mode 100644 charts/jarvis-project/values.schema.json create mode 100644 charts/jarvis-project/values.yaml create mode 100644 charts/jarvis-system/.helmignore create mode 100644 charts/jarvis-system/Chart.yaml create mode 100644 charts/jarvis-system/templates/Certificate-el.yaml rename tools/gate/jarvis/resources/tekton/yaml/role-resources/clustertriggerbinding-roles/clusterrole.yaml => charts/jarvis-system/templates/ClusterRole-el.yaml (66%) create mode 100644 charts/jarvis-system/templates/ClusterRoleBinding-el.yaml create mode 100644 charts/jarvis-system/templates/Deployment-connector.yaml create mode 100644 charts/jarvis-system/templates/EventListener-system.yaml create mode 100644 charts/jarvis-system/templates/Pipeline-create.yaml create mode 100644 charts/jarvis-system/templates/Pipeline-createFailure.yaml create mode 100644 charts/jarvis-system/templates/Pipeline-createSuccess.yaml create mode 100644 charts/jarvis-system/templates/Secret-gerrit.yaml create mode 100644 charts/jarvis-system/templates/ServiceAccount-el.yaml create mode 100644 charts/jarvis-system/templates/Task-createCheckoutRepo.yaml create mode 100644 charts/jarvis-system/templates/Task-createFailure.yaml create mode 100644 charts/jarvis-system/templates/Task-createRegisterScheduled.yaml create mode 100644 charts/jarvis-system/templates/Task-createSuccess.yaml create mode 100644 charts/jarvis-system/templates/TriggerBinding-create.yaml create mode 100644 charts/jarvis-system/templates/TriggerBinding-createResult.yaml create mode 100644 charts/jarvis-system/templates/TriggerTemplate-create.yaml create mode 100644 charts/jarvis-system/templates/TriggerTemplate-createFailure.yaml create mode 100644 charts/jarvis-system/templates/TriggerTemplate-createSuccess.yaml create mode 100644 charts/jarvis-system/templates/helpers/_config.tpl create mode 100644 charts/jarvis-system/templates/helpers/_labels.tpl create mode 100644 charts/jarvis-system/templates/helpers/_pod.tpl create mode 100644 charts/jarvis-system/templates/helpers/_template.tpl create mode 100644 charts/jarvis-system/values.schema.json create mode 100644 charts/jarvis-system/values.yaml create mode 100644 charts/tekton-pipelines/values_overrides/default.yaml create mode 100755 tools/gate/jarvis/700-deploy-jarvis-system.sh create mode 100755 tools/gate/jarvis/800-deploy-jarvis-projects.sh delete mode 100644 tools/gate/jarvis/resources/tekton/yaml/eventlisteners/eventlistener.yaml delete mode 100644 tools/gate/jarvis/resources/tekton/yaml/example-pipeline.yaml delete mode 100644 tools/gate/jarvis/resources/tekton/yaml/role-resources/clustertriggerbinding-roles/clusterbinding.yaml delete mode 100644 tools/gate/jarvis/resources/tekton/yaml/role-resources/secret.yaml delete mode 100644 tools/gate/jarvis/resources/tekton/yaml/role-resources/serviceaccount.yaml delete mode 100644 tools/gate/jarvis/resources/tekton/yaml/role-resources/triggerbinding-roles/binding.yaml delete mode 100644 tools/gate/jarvis/resources/tekton/yaml/role-resources/triggerbinding-roles/role.yaml delete mode 100644 tools/gate/jarvis/resources/tekton/yaml/triggerbindings/triggerbinding-message.yaml delete mode 100644 tools/gate/jarvis/resources/tekton/yaml/triggerbindings/triggerbinding.yaml delete mode 100644 tools/gate/jarvis/resources/tekton/yaml/triggertemplates/triggertemplate.yaml diff --git a/charts/gerrit/values_overrides/default-default.yaml b/charts/gerrit/values_overrides/default-default.yaml index 36978a30..e46152ba 100644 --- a/charts/gerrit/values_overrides/default-default.yaml +++ b/charts/gerrit/values_overrides/default-default.yaml @@ -1,8 +1,9 @@ -#NOTE(portdirect): we use the following images, untill https://gerrit-review.googlesource.com/c/k8s-gerrit/+/230465 is resolved. +# NOTE(portdirect): images from rebuilt on ubuntu, and have the checks plugin pre-installed +# https://github.com/portdirect/gerrit-k8s/commit/cbbe103d552af84885289aeb81dd09b1195c5e8b images: registry: name: quay.io - version: v0.1-191-g251041b-dirty-3.3.0 + version: v0.1-194-gcbbe103-3.3.1 gerrit: images: gerritInit: port/gerrit-init diff --git a/charts/jarvis-project/.helmignore b/charts/jarvis-project/.helmignore new file mode 100644 index 00000000..51ccab8d --- /dev/null +++ b/charts/jarvis-project/.helmignore @@ -0,0 +1 @@ +values_overrides \ No newline at end of file diff --git a/charts/jarvis-project/Chart.yaml b/charts/jarvis-project/Chart.yaml new file mode 100644 index 00000000..2877c8ad --- /dev/null +++ b/charts/jarvis-project/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +name: jarvis-project +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. +appVersion: 2.20.0 diff --git a/charts/jarvis-project/templates/Certificate-project.yaml b/charts/jarvis-project/templates/Certificate-project.yaml new file mode 100644 index 00000000..25bc5ff8 --- /dev/null +++ b/charts/jarvis-project/templates/Certificate-project.yaml @@ -0,0 +1,24 @@ +{{- define "Certificate-project" -}} +--- +apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + name: {{ template "helpers.labels.fullname" . }}-project + labels: {{- include "helpers.labels.labels" . | nindent 4 }} +spec: + secretName: {{ template "helpers.labels.fullname" . }}-project-tls + issuerRef: + name: {{ .Values.params.endpoints.tls.issuer.name }} + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: {{ .Values.params.endpoints.tls.issuer.kind }} + commonName: {{ .Values.params.endpoints.hostname }} + organization: + - Kubernetes API + dnsNames: + - {{ .Values.params.endpoints.hostname }} +... +{{- end -}} +{{- if .Values.params.endpoints.tls.cert_manager -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Certificate-project" ) }} +{{- end -}} \ No newline at end of file diff --git a/charts/jarvis-project/templates/Job-project.yaml b/charts/jarvis-project/templates/Job-project.yaml new file mode 100644 index 00000000..5687854e --- /dev/null +++ b/charts/jarvis-project/templates/Job-project.yaml @@ -0,0 +1,80 @@ +{{- define "Job-project" -}} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "helpers.labels.fullname" . }} + labels: {{- include "helpers.labels.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation +spec: + template: + metadata: + labels: {{- include "helpers.labels.labels" . | nindent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: +{{ include "helpers.pod.node_selector" ( dict "Global" $ "Application" "project" ) | nindent 8 }} + containers: + - name: project + image: {{ include "helpers.pod.container.image" ( dict "Global" $ "Application" "project" ) }} + imagePullPolicy: {{ .Values.images.pull.policy | quote }} + env: + - name: SSL_CERT_FILE + value: /usr/local/share/ca-certificates/ca.crt + - name: JARVIS_PROJECT_NAME + value: {{ .Release.Name }} + - name: GERRIT_USERNAME + valueFrom: + secretKeyRef: + name: {{ template "helpers.labels.fullname" . }} + key: gerrit-username + - name: GERRIT_HOST + value: {{ .Values.params.gerrit.host }} + - name: GERRIT_URL + value: "https://{{ .Values.params.gerrit.host }}" + command: + - sh + - -cex + - | + + # Create gerrit repo + ssh -oStrictHostKeyChecking=accept-new -oUserKnownHostsFile=/dev/null -p 29418 -i /run/jarvis/secret/gerrit-ssh-key "${GERRIT_USERNAME}@${GERRIT_HOST}" gerrit ls-projects -r "^$JARVIS_PROJECT_NAME\$" | grep -q "^${JARVIS_PROJECT_NAME}\$" || \ + ssh -oStrictHostKeyChecking=accept-new -oUserKnownHostsFile=/dev/null -p 29418 -i /run/jarvis/secret/gerrit-ssh-key ${GERRIT_USERNAME}@${GERRIT_HOST} gerrit create-project "${JARVIS_PROJECT_NAME}" --submit-type MERGE_IF_NECESSARY --owner Administrators --empty-commit + + # Set up checks on the repo + jarvis-connector --auth_file /run/jarvis/gerrit-authfile --gerrit $GERRIT_URL --update --repo "${JARVIS_PROJECT_NAME}" --prefix jarvispipeline || \ + jarvis-connector --auth_file /run/jarvis/gerrit-authfile --gerrit $GERRIT_URL --register --repo "${JARVIS_PROJECT_NAME}" --prefix jarvispipeline + + # TODO: Add setup for harbor repo. + volumeMounts: + - name: gerrit-creds + mountPath: /run/jarvis/gerrit-authfile + subPath: gerrit-authfile + - name: gerrit-creds + mountPath: /run/jarvis/secret/gerrit-ssh-key + subPath: gerrit-ssh-key + - name: jarvis-ca-crt + mountPath: /usr/local/share/ca-certificates/ca.crt + subPath: ca.crt + volumes: + - name: gerrit-creds + secret: + secretName: {{ template "helpers.labels.fullname" . }} + defaultMode: 0400 + items: + - key: gerrit-ssh-key + path: gerrit-ssh-key + - key: gerrit-authfile + path: gerrit-authfile + # NOTE: We are making the assumption that the ca for gerrit is the same as that for the tekton eventlistener + - name: jarvis-ca-crt + secret: + secretName: {{ template "helpers.labels.fullname" . }}-project-tls + items: + - key: ca.crt + path: ca.crt +... +{{- end -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Job-project" ) }} diff --git a/charts/jarvis-project/templates/Secret-project.yaml b/charts/jarvis-project/templates/Secret-project.yaml new file mode 100644 index 00000000..7221b119 --- /dev/null +++ b/charts/jarvis-project/templates/Secret-project.yaml @@ -0,0 +1,14 @@ +{{- define "Secret-project" -}} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "helpers.labels.fullname" . }} + labels: {{- include "helpers.labels.labels" . | nindent 4 }} +data: + gerrit-username: "{{ b64enc .Values.params.gerrit.user }}" + gerrit-authfile: "{{ b64enc ( printf "%s:%s" .Values.params.gerrit.user .Values.params.gerrit.password ) }}" + gerrit-ssh-key: "{{ b64enc ( .Values.params.gerrit.ssh_key ) }}" +... +{{- end -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Secret-project" ) }} \ No newline at end of file diff --git a/charts/jarvis-project/templates/helpers/_config.tpl b/charts/jarvis-project/templates/helpers/_config.tpl new file mode 100644 index 00000000..f2cf3426 --- /dev/null +++ b/charts/jarvis-project/templates/helpers/_config.tpl @@ -0,0 +1,28 @@ +{{- define "helpers.config.renderer" -}} + {{- $Global := index . "Global" -}} + {{- $key := index . "key" -}} + + {{- $local := dict -}} + {{- $_ := set $local "templateRaw" ( index $Global.Values.config $key ) -}} + + {{- with $Global -}} + {{- if not (kindIs "string" $local.templateRaw) -}} + {{- $_ := set $local "template" ( toString ( toPrettyJson ( $local.templateRaw ) ) ) -}} + {{- $_ := set $local "render" ( toString ( toYaml ( fromJson ( tpl $local.template . ) ) ) ) -}} + {{- else -}} + {{- $_ := set $local "template" $local.templateRaw -}} + {{- $_ := set $local "render" ( tpl $local.template . ) -}} + {{- end }} +{{ printf "%s: |" $key }} +{{ $local.render | indent 2 }} + {{- end -}} +{{- end -}} + + +{{- define "helpers.config.hash" -}} + {{- $name := index . "TemplateName" -}} + {{- $context := index . "Global" -}} + {{- $last := base $context.Template.Name }} + {{- $wtf := $context.Template.Name | replace $last $name -}} + {{- include $wtf $context | sha256sum | quote -}} +{{- end -}} \ No newline at end of file diff --git a/charts/jarvis-project/templates/helpers/_labels.tpl b/charts/jarvis-project/templates/helpers/_labels.tpl new file mode 100644 index 00000000..9c97373e --- /dev/null +++ b/charts/jarvis-project/templates/helpers/_labels.tpl @@ -0,0 +1,49 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "helpers.labels.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "helpers.labels.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "helpers.labels.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Labels to use on {deploy|sts}.spec.selector.matchLabels and svc.spec.selector +*/}} +{{- define "helpers.labels.matchLabels" -}} +app.kubernetes.io/name: {{ include "helpers.labels.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "helpers.labels.labels" -}} +{{ include "helpers.labels.matchLabels" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +helm.sh/chart: {{ include "helpers.labels.chart" . }} +{{- end -}} + diff --git a/charts/jarvis-project/templates/helpers/_pod.tpl b/charts/jarvis-project/templates/helpers/_pod.tpl new file mode 100644 index 00000000..e10d3b11 --- /dev/null +++ b/charts/jarvis-project/templates/helpers/_pod.tpl @@ -0,0 +1,22 @@ + +{{- define "helpers.pod.container.image" -}} + {{- $Global := index . "Global" -}} + {{- $Application := index . "Application" -}} + {{- with index $.Global.Values.images.applications $Application -}} + {{- printf "%s/%s:%s" .repo .name ( .tag | toString ) | quote -}} + {{- end -}} +{{- end -}} + +{{- define "helpers.pod.node_selector" -}} + {{- $Global := index . "Global" -}} + {{- $Application := index . "Application" -}} + {{- with index $.Global.Values.node_labels $Application -}} + {{ if kindIs "slice" . }} + {{ range $k, $item := . }} +{{ $item.key }}: {{ $item.value | quote }} + {{ end }} + {{ else }} +{{ .key }}: {{ .value | quote }} + {{ end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/jarvis-project/templates/helpers/_template.tpl b/charts/jarvis-project/templates/helpers/_template.tpl new file mode 100644 index 00000000..b54f54e3 --- /dev/null +++ b/charts/jarvis-project/templates/helpers/_template.tpl @@ -0,0 +1,107 @@ +{{- define "helpers.template.overlay" -}} + {{- $local := dict -}} + {{/* + By default we merge lists with a 'name' key's values + */}} + {{- $_ := set $local "merge_same_named" true -}} + {{- if kindIs "map" $ -}} + {{- if hasKey $ "merge_same_named" -}} + {{- $_ := set $local "merge_same_named" $.merge_same_named -}} + {{- end -}} + {{- end -}} + {{- $_ := set $local "input" ( fromYaml ( toString ( include $.template_definition $.Global ) ) ) -}} + {{- $target := dict -}} + {{- $overlay_keys := regexSplit "-+" ( trimSuffix ".yaml" ( lower ( base $.Global.Template.Name ) ) ) 2 }} + {{- $_ := set $local "overlay" dict -}} + {{- if hasKey $.Global.Values.over_rides ( index $overlay_keys 0 ) -}} + {{- if hasKey ( index $.Global.Values.over_rides ( index $overlay_keys 0 ) ) ( index $overlay_keys 1 ) -}} + {{- $_ := set $local "overlay" ( index $.Global.Values.over_rides ( index $overlay_keys 0 ) ( index $overlay_keys 1 ) ) -}} + {{- end }} + {{- end }} + {{- range $item := tuple $local.input $local.overlay -}} + {{- $call := dict "target" $target "source" . "merge_same_named" $local.merge_same_named -}} + {{- $_ := include "helpers._merge" $call -}} + {{- $_ := set $local "result" $call.result -}} + {{- end -}} + {{- if kindIs "map" $ -}} + {{- $_ := set $ "result" $local.result -}} + {{- end -}} + {{ $target | toYaml }} +{{- end -}} + +{{- define "helpers._merge" -}} + {{- $local := dict -}} + {{- $_ := set $ "result" $.source -}} + {{/* + TODO: Should we `fail` when trying to merge a collection (map or slice) with + either a different kind of collection or a scalar? + */}} + {{- if and (kindIs "map" $.target) (kindIs "map" $.source) -}} + {{- range $key, $sourceValue := $.source -}} + {{- if not (hasKey $.target $key) -}} + {{- $_ := set $local "newTargetValue" $sourceValue -}} + {{- if kindIs "map" $sourceValue -}} + {{- $copy := dict -}} + {{- $call := dict "target" $copy "source" $sourceValue -}} + {{- $_ := include "helpers._merge.shallow" $call -}} + {{- $_ := set $local "newTargetValue" $copy -}} + {{- end -}} + {{- else -}} + {{- $targetValue := index $.target $key -}} + {{- $call := dict "target" $targetValue "source" $sourceValue "merge_same_named" $.merge_same_named -}} + {{- $_ := include "helpers._merge" $call -}} + {{- $_ := set $local "newTargetValue" $call.result -}} + {{- end -}} + {{- $_ := set $.target $key $local.newTargetValue -}} + {{- end -}} + {{- $_ := set $ "result" $.target -}} + {{- else if and (kindIs "slice" $.target) (kindIs "slice" $.source) -}} + {{- $call := dict "target" $.target "source" $.source -}} + {{- $_ := include "helpers._merge.append_slice" $call -}} + {{- if $.merge_same_named -}} + {{- $_ := set $local "result" list -}} + {{- $_ := set $local "named_items" dict -}} + {{- range $item := $call.result -}} + {{- $_ := set $local "has_name_key" false -}} + {{- if kindIs "map" $item -}} + {{- if hasKey $item "name" -}} + {{- $_ := set $local "has_name_key" true -}} + {{- end -}} + {{- end -}} + {{- if $local.has_name_key -}} + {{- if hasKey $local.named_items $item.name -}} + {{- $named_item := index $local.named_items $item.name -}} + {{- $call := dict "target" $named_item "source" $item "merge_same_named" $.merge_same_named -}} + {{- $_ := include "helpers._merge" $call -}} + {{- else -}} + {{- $copy := dict -}} + {{- $copy_call := dict "target" $copy "source" $item -}} + {{- $_ := include "helpers._merge.shallow" $copy_call -}} + {{- $_ := set $local.named_items $item.name $copy -}} + {{- $_ := set $local "result" (append $local.result $copy) -}} + {{- end -}} + {{- else -}} + {{- $_ := set $local "result" (append $local.result $item) -}} + {{- end -}} + {{- end -}} + {{- else -}} + {{- $_ := set $local "result" $call.result -}} + {{- end -}} + {{- $_ := set $ "result" (uniq $local.result) -}} + {{- end -}} +{{- end -}} + +{{- define "helpers._merge.shallow" -}} + {{- range $key, $value := $.source -}} + {{- $_ := set $.target $key $value -}} + {{- end -}} +{{- end -}} + +{{- define "helpers._merge.append_slice" -}} + {{- $local := dict -}} + {{- $_ := set $local "result" $.target -}} + {{- range $value := $.source -}} + {{- $_ := set $local "result" (append $local.result $value) -}} + {{- end -}} + {{- $_ := set $ "result" $local.result -}} +{{- end -}} diff --git a/charts/jarvis-project/values.schema.json b/charts/jarvis-project/values.schema.json new file mode 100644 index 00000000..6bbee4ef --- /dev/null +++ b/charts/jarvis-project/values.schema.json @@ -0,0 +1,93 @@ +{ + "$id": "https://example.com/arrays.schema.json", + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "A helm charts image references", + "type": "object", + "properties": { + "images": { + "type": "object", + "additionalProperties": false, + "required": [ + "applications", + "pull" + ], + "properties": { + "applications": { + "type": "object", + "additionalProperties": { + "type": "object", + "required": [ + "tag", + "name", + "repo" + ], + "additionalProperties": false, + "properties": { + "tag": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ], + "description": "The image tag." + }, + "name": { + "type": "string", + "description": "The image name." + }, + "repo": { + "type": "string", + "description": "The image repo." + } + } + } + }, + "pull": { + "type": "object", + "additionalProperties": false, + "required": [ + "policy" + ], + "properties": { + "policy": { + "type": "string", + "enum": [ + "Always", + "IfNotPresent", + "Never" + ] + } + } + } + } + }, + "config": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "params": { + "type": "object", + "additionalProperties": { + "type": "object" + } + }, + "over_rides": { + "type": "object", + "additionalProperties": { + "type": "object" + } + } + } +} \ No newline at end of file diff --git a/charts/jarvis-project/values.yaml b/charts/jarvis-project/values.yaml new file mode 100644 index 00000000..b82db7c2 --- /dev/null +++ b/charts/jarvis-project/values.yaml @@ -0,0 +1,34 @@ +# Default values for project-aio. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +images: + applications: + project: + tag: latest + name: attcomdev/jarvis-connector + repo: quay.io + pull: + policy: Always + +node_labels: + project: + key: kubernetes.io/os + value: linux + +over_rides: {} + +params: + gerrit: + user: "" + password: "" + ssh_key: "" + host: gerrit.jarvis.local + endpoints: + hostname: localhost + tls: + cert_manager: true + issuer: + name: jarvis-ca-issuer + kind: ClusterIssuer + diff --git a/charts/jarvis-system/.helmignore b/charts/jarvis-system/.helmignore new file mode 100644 index 00000000..51ccab8d --- /dev/null +++ b/charts/jarvis-system/.helmignore @@ -0,0 +1 @@ +values_overrides \ No newline at end of file diff --git a/charts/jarvis-system/Chart.yaml b/charts/jarvis-system/Chart.yaml new file mode 100644 index 00000000..43d4499f --- /dev/null +++ b/charts/jarvis-system/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +name: jarvis-system +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. +appVersion: 2.20.0 diff --git a/charts/jarvis-system/templates/Certificate-el.yaml b/charts/jarvis-system/templates/Certificate-el.yaml new file mode 100644 index 00000000..66a99619 --- /dev/null +++ b/charts/jarvis-system/templates/Certificate-el.yaml @@ -0,0 +1,24 @@ +{{- define "Certificate-el" -}} +--- +apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + name: {{ template "helpers.labels.fullname" . }}-el + labels: {{- include "helpers.labels.labels" . | nindent 4 }} +spec: + secretName: {{ template "helpers.labels.fullname" . }}-el-tls + issuerRef: + name: {{ .Values.params.endpoints.tls.issuer.name }} + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: {{ .Values.params.endpoints.tls.issuer.kind }} + commonName: {{ .Values.params.endpoints.hostname }} + organization: + - Kubernetes API + dnsNames: + - {{ .Values.params.endpoints.hostname }} +... +{{- end -}} +{{- if .Values.params.endpoints.tls.cert_manager -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Certificate-el" ) }} +{{- end -}} \ No newline at end of file diff --git a/tools/gate/jarvis/resources/tekton/yaml/role-resources/clustertriggerbinding-roles/clusterrole.yaml b/charts/jarvis-system/templates/ClusterRole-el.yaml similarity index 66% rename from tools/gate/jarvis/resources/tekton/yaml/role-resources/clustertriggerbinding-roles/clusterrole.yaml rename to charts/jarvis-system/templates/ClusterRole-el.yaml index 9e1a23a3..ea3b9428 100644 --- a/tools/gate/jarvis/resources/tekton/yaml/role-resources/clustertriggerbinding-roles/clusterrole.yaml +++ b/charts/jarvis-system/templates/ClusterRole-el.yaml @@ -1,7 +1,9 @@ +{{- define "ClusterRole-el" -}} +--- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: tekton-triggers-example-clusterrole + name: {{ template "helpers.labels.fullname" . }}-el rules: # Permissions for every EventListener deployment to function - apiGroups: ["triggers.tekton.dev"] @@ -9,9 +11,15 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: [""] # secrets are only needed for GitHub/GitLab interceptors - resources: ["configmaps", "secrets"] + resources: ["configmaps"] verbs: ["get", "list", "watch"] # Permissions to create resources in associated TriggerTemplates - apiGroups: ["tekton.dev"] resources: ["pipelineruns", "pipelineresources", "taskruns"] verbs: ["create"] +- apiGroups: [""] + resources: ["serviceaccounts"] + verbs: ["impersonate"] +... +{{- end -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "ClusterRole-el" ) }} \ No newline at end of file diff --git a/charts/jarvis-system/templates/ClusterRoleBinding-el.yaml b/charts/jarvis-system/templates/ClusterRoleBinding-el.yaml new file mode 100644 index 00000000..70713249 --- /dev/null +++ b/charts/jarvis-system/templates/ClusterRoleBinding-el.yaml @@ -0,0 +1,17 @@ +{{- define "ClusterRoleBinding-el" -}} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "helpers.labels.fullname" . }}-el +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "helpers.labels.fullname" . }}-el +subjects: + - kind: ServiceAccount + name: {{ template "helpers.labels.fullname" . }}-el + namespace: {{ $.Release.Namespace }} +... +{{- end -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "ClusterRoleBinding-el" ) }} \ No newline at end of file diff --git a/charts/jarvis-system/templates/Deployment-connector.yaml b/charts/jarvis-system/templates/Deployment-connector.yaml new file mode 100644 index 00000000..3972f670 --- /dev/null +++ b/charts/jarvis-system/templates/Deployment-connector.yaml @@ -0,0 +1,66 @@ +{{- define "Deployment-connector" -}} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "helpers.labels.fullname" . }} + labels: {{- include "helpers.labels.labels" . | nindent 4 }} +spec: + replicas: 1 + minReadySeconds: 30 + strategy: + rollingUpdate: + maxUnavailable: 0 + selector: + matchLabels: {{- include "helpers.labels.matchLabels" . | nindent 6 }} + template: + metadata: + labels: {{- include "helpers.labels.labels" . | nindent 8 }} + spec: + nodeSelector: +{{ include "helpers.pod.node_selector" ( dict "Global" $ "Application" "connector" ) | nindent 8 }} + containers: + - name: connector + image: {{ include "helpers.pod.container.image" ( dict "Global" $ "Application" "connector" ) }} + imagePullPolicy: {{ .Values.images.pull.policy | quote }} + env: + - name: SSL_CERT_FILE + value: /usr/local/share/ca-certificates/ca.crt + - name: GERRIT_URL + value: "https://{{ .Values.params.gerrit.host }}" + - name: EVENTLISTENER_URL + value: "http://el-{{ template "helpers.labels.fullname" . }}.{{ .Release.Namespace }}.svc:8080" + command: + - /usr/bin/jarvis-connector + args: + - --auth_file + - /run/jarvis/gerrit-authfile + - --gerrit + - "$(GERRIT_URL)" + - --event_listener + - "$(EVENTLISTENER_URL)" + volumeMounts: + - name: gerrit-authfile + mountPath: /run/jarvis/gerrit-authfile + subPath: gerrit-authfile + - name: jarvis-ca-crt + mountPath: /usr/local/share/ca-certificates/ca.crt + subPath: ca.crt + volumes: + - name: gerrit-authfile + secret: + secretName: {{ template "helpers.labels.fullname" . }}-gerrit + defaultMode: 0444 + items: + - key: gerrit-authfile + path: gerrit-authfile + # NOTE: We are making the assumption that the ca for gerrit is the same as that for the tekton eventlistener + - name: jarvis-ca-crt + secret: + secretName: {{ template "helpers.labels.fullname" . }}-el-tls + items: + - key: ca.crt + path: ca.crt +... +{{- end -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Deployment-connector" ) }} diff --git a/charts/jarvis-system/templates/EventListener-system.yaml b/charts/jarvis-system/templates/EventListener-system.yaml new file mode 100644 index 00000000..e7d20e18 --- /dev/null +++ b/charts/jarvis-system/templates/EventListener-system.yaml @@ -0,0 +1,41 @@ +{{- define "EventListener-system" -}} +--- +apiVersion: triggers.tekton.dev/v1alpha1 +kind: EventListener +metadata: + name: {{ template "helpers.labels.fullname" . }} +spec: + serviceAccountName: {{ template "helpers.labels.fullname" . }}-el + triggers: + - name: jarvis-create + interceptors: + - cel: + filter: >- + header.match('X-Jarvis', 'create') + bindings: + - ref: {{ template "helpers.labels.fullname" . }}-create + template: + ref: {{ template "helpers.labels.fullname" . }}-create + - name: jarvis-create-success + interceptors: + - cel: + filter: >- + header.match('Ce-Type', 'dev.tekton.event.pipelinerun.successful.v1') && + body.pipelineRun.metadata.labels['triggers.tekton.dev/trigger'] == 'jarvis-create' + bindings: + - ref: {{ template "helpers.labels.fullname" . }}-createresult + template: + ref: {{ template "helpers.labels.fullname" . }}-createsuccess + - name: jarvis-create-failure + interceptors: + - cel: + filter: >- + header.match('Ce-Type', 'dev.tekton.event.pipelinerun.failed.v1') && + body.pipelineRun.metadata.labels['triggers.tekton.dev/trigger'] == 'jarvis-create' + bindings: + - ref: {{ template "helpers.labels.fullname" . }}-createresult + template: + ref: {{ template "helpers.labels.fullname" . }}-createfailure +... +{{- end -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "EventListener-system" ) }} \ No newline at end of file diff --git a/charts/jarvis-system/templates/Pipeline-create.yaml b/charts/jarvis-system/templates/Pipeline-create.yaml new file mode 100644 index 00000000..b1aba042 --- /dev/null +++ b/charts/jarvis-system/templates/Pipeline-create.yaml @@ -0,0 +1,48 @@ +{{- define "Pipeline-create" -}} +--- +apiVersion: tekton.dev/v1beta1 +kind: Pipeline +metadata: + name: {{ template "helpers.labels.fullname" . }}-create +spec: + params: + - name: repoRoot + - name: project + - name: changeNumber + - name: patchSetNumber + - name: checkerUUID + workspaces: + - name: output + tasks: + - name: createregisterscheduled + taskRef: + name: {{ template "helpers.labels.fullname" . }}-createregisterscheduled + params: + - name: repoRoot + value: $(params.repoRoot) + - name: project + value: $(params.project) + - name: changeNumber + value: $(params.changeNumber) + - name: patchSetNumber + value: $(params.patchSetNumber) + - name: checkerUUID + value: $(params.checkerUUID) + - name: createcheckoutrepo + taskRef: + name: {{ template "helpers.labels.fullname" . }}-createcheckoutrepo + params: + - name: repoRoot + value: $(params.repoRoot) + - name: project + value: $(params.project) + - name: changeNumber + value: $(params.changeNumber) + - name: patchSetNumber + value: $(params.patchSetNumber) + workspaces: + - name: output + workspace: output +... +{{- end -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Pipeline-create" ) }} \ No newline at end of file diff --git a/charts/jarvis-system/templates/Pipeline-createFailure.yaml b/charts/jarvis-system/templates/Pipeline-createFailure.yaml new file mode 100644 index 00000000..c3cc333e --- /dev/null +++ b/charts/jarvis-system/templates/Pipeline-createFailure.yaml @@ -0,0 +1,31 @@ +{{- define "Pipeline-createFailure" -}} +--- +apiVersion: tekton.dev/v1beta1 +kind: Pipeline +metadata: + name: {{ template "helpers.labels.fullname" . }}-createfailure +spec: + params: + - name: repoRoot + - name: project + - name: changeNumber + - name: patchSetNumber + - name: checkerUUID + tasks: + - name: createfailure + taskRef: + name: {{ template "helpers.labels.fullname" . }}-createfailure + params: + - name: repoRoot + value: $(params.repoRoot) + - name: project + value: $(params.project) + - name: changeNumber + value: $(params.changeNumber) + - name: patchSetNumber + value: $(params.patchSetNumber) + - name: checkerUUID + value: $(params.checkerUUID) +... +{{- end -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Pipeline-createFailure" ) }} \ No newline at end of file diff --git a/charts/jarvis-system/templates/Pipeline-createSuccess.yaml b/charts/jarvis-system/templates/Pipeline-createSuccess.yaml new file mode 100644 index 00000000..01c12997 --- /dev/null +++ b/charts/jarvis-system/templates/Pipeline-createSuccess.yaml @@ -0,0 +1,31 @@ +{{- define "Pipeline-createSuccess" -}} +--- +apiVersion: tekton.dev/v1beta1 +kind: Pipeline +metadata: + name: {{ template "helpers.labels.fullname" . }}-createsuccess +spec: + params: + - name: repoRoot + - name: project + - name: changeNumber + - name: patchSetNumber + - name: checkerUUID + tasks: + - name: createsuccess + taskRef: + name: {{ template "helpers.labels.fullname" . }}-createsuccess + params: + - name: repoRoot + value: $(params.repoRoot) + - name: project + value: $(params.project) + - name: changeNumber + value: $(params.changeNumber) + - name: patchSetNumber + value: $(params.patchSetNumber) + - name: checkerUUID + value: $(params.checkerUUID) +... +{{- end -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Pipeline-createSuccess" ) }} \ No newline at end of file diff --git a/charts/jarvis-system/templates/Secret-gerrit.yaml b/charts/jarvis-system/templates/Secret-gerrit.yaml new file mode 100644 index 00000000..4e1c2129 --- /dev/null +++ b/charts/jarvis-system/templates/Secret-gerrit.yaml @@ -0,0 +1,13 @@ +{{- define "Secret-gerrit" -}} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "helpers.labels.fullname" . }}-gerrit + labels: {{- include "helpers.labels.labels" . | nindent 4 }} +data: + gerrit-authfile: "{{ b64enc ( printf "%s:%s" .Values.params.gerrit.user .Values.params.gerrit.password ) }}" + gerrit-netrc: "{{ b64enc ( printf "machine %s login %s password %s" "gerrit.jarvis.local" .Values.params.gerrit.user .Values.params.gerrit.password ) }}" +... +{{- end -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Secret-gerrit" ) }} \ No newline at end of file diff --git a/charts/jarvis-system/templates/ServiceAccount-el.yaml b/charts/jarvis-system/templates/ServiceAccount-el.yaml new file mode 100644 index 00000000..0ad6839f --- /dev/null +++ b/charts/jarvis-system/templates/ServiceAccount-el.yaml @@ -0,0 +1,9 @@ +{{- define "ServiceAccount-el" -}} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "helpers.labels.fullname" . }}-el +... +{{- end -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "ServiceAccount-el" ) }} \ No newline at end of file diff --git a/charts/jarvis-system/templates/Task-createCheckoutRepo.yaml b/charts/jarvis-system/templates/Task-createCheckoutRepo.yaml new file mode 100644 index 00000000..658cbde9 --- /dev/null +++ b/charts/jarvis-system/templates/Task-createCheckoutRepo.yaml @@ -0,0 +1,69 @@ +{{- define "Task-createCheckoutRepo" -}} +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: {{ template "helpers.labels.fullname" . }}-createcheckoutrepo +spec: + params: + - name: repoRoot + - name: project + - name: changeNumber + - name: patchSetNumber + workspaces: + - name: output + description: The git repo will be cloned onto the volume backing this workspace + results: + - name: commit + description: The precise commit SHA that was fetched by this Task + steps: + - name: checkout-repo + image: {{ include "helpers.pod.container.image" ( dict "Global" $ "Application" "task_git" ) }} + script: | + #!/bin/sh + set -eu -o pipefail -x + + # A change ref has the format refs/changes/X/Y/Z where X is + # the last two digits of the change number, Y is the entire + # change number, and Z is the patch set. For example, if + # the change number is 263270, the ref would be + # refs/changes/70/263270/2 for the second patch set. + change_ref="refs/changes/$(echo "0$(params.changeNumber)" | awk '{ print substr( $0, length($0) - 1, length($0) ) }')/$(params.changeNumber)/$(params.patchSetNumber)" + echo $change_ref + + + CHECKOUT_DIR="$(workspaces.output.path)" + + cleandir() { + # Delete any existing contents of the repo directory if it exists. + # + # We don't just "rm -rf $CHECKOUT_DIR" because $CHECKOUT_DIR might be "/" + # or the root of a mounted volume. + if [[ -d "$CHECKOUT_DIR" ]] ; then + # Delete non-hidden files and directories + rm -rf "$CHECKOUT_DIR"/* + # Delete files and directories starting with . but excluding .. + rm -rf "$CHECKOUT_DIR"/.[!.]* + # Delete files and directories starting with .. plus any other character + rm -rf "$CHECKOUT_DIR"/..?* + fi + } + cleandir + + cd ${CHECKOUT_DIR} + git init + git config http.sslVerify "false" + git config advice.detachedHead "false" + git fetch $(params.repoRoot)/$(params.project) $change_ref + git checkout FETCH_HEAD + + RESULT_SHA="$(git rev-parse HEAD)" + EXIT_CODE="$?" + if [ "$EXIT_CODE" != 0 ] ; then + exit $EXIT_CODE + fi + + echo -n "$RESULT_SHA" > $(results.commit.path) +... +{{- end -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Task-createCheckoutRepo" ) }} \ No newline at end of file diff --git a/charts/jarvis-system/templates/Task-createFailure.yaml b/charts/jarvis-system/templates/Task-createFailure.yaml new file mode 100644 index 00000000..b4020987 --- /dev/null +++ b/charts/jarvis-system/templates/Task-createFailure.yaml @@ -0,0 +1,60 @@ +{{- define "Task-createFailure" -}} +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: {{ template "helpers.labels.fullname" . }}-createfailure +spec: + params: + - name: repoRoot + - name: project + - name: changeNumber + - name: patchSetNumber + - name: checkerUUID + steps: + - name: createfailure + image: {{ include "helpers.pod.container.image" ( dict "Global" $ "Application" "task_curl" ) }} + env: + - name: "JARVIS_TASKRUN_NAMESPACE" + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: "JARVIS_TASKRUN_NAME" + valueFrom: + fieldRef: + fieldPath: metadata.labels['tekton.dev/taskRun'] + volumeMounts: + - name: gerrit-netrc + mountPath: /run/jarvis/gerrit-netrc + subPath: gerrit-netrc + script: | + #!/bin/sh + set -eu -o pipefail -x + + curl \ + --netrc-file /run/jarvis/gerrit-netrc \ + --fail \ + --insecure \ + -L \ + -H "Content-Type: application/json; charset=UTF-8" \ + $(params.repoRoot)/a/changes/$(params.changeNumber)/revisions/$(params.patchSetNumber)/checks/ \ + --data-binary @- << EOF + { + "checker_uuid": "$(params.checkerUUID)", + "state": "FAILED", + "url": "http://{{ .Values.params.tekton.dashboard.host }}/#/namespaces/${JARVIS_TASKRUN_NAMESPACE}/taskruns/${JARVIS_TASKRUN_NAME}", + "message": "Jarvis failed to process the run for change #$(params.changeNumber) ps #$(params.patchSetNumber) to the $(params.project) repo", + "finished": "$(date --utc '+%F %T.%N')" + } + EOF + volumes: + - name: gerrit-netrc + secret: + secretName: {{ template "helpers.labels.fullname" . }}-gerrit + defaultMode: 0444 + items: + - key: gerrit-netrc + path: gerrit-netrc +... +{{- end -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Task-createFailure" ) }} \ No newline at end of file diff --git a/charts/jarvis-system/templates/Task-createRegisterScheduled.yaml b/charts/jarvis-system/templates/Task-createRegisterScheduled.yaml new file mode 100644 index 00000000..42fe7fec --- /dev/null +++ b/charts/jarvis-system/templates/Task-createRegisterScheduled.yaml @@ -0,0 +1,59 @@ +{{- define "Task-createRegisterScheduled" -}} +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: {{ template "helpers.labels.fullname" . }}-createregisterscheduled +spec: + params: + - name: repoRoot + - name: project + - name: changeNumber + - name: patchSetNumber + - name: checkerUUID + steps: + - name: register-scheduled + image: {{ include "helpers.pod.container.image" ( dict "Global" $ "Application" "task_curl" ) }} + env: + - name: "JARVIS_TASKRUN_NAMESPACE" + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: "JARVIS_TASKRUN_NAME" + valueFrom: + fieldRef: + fieldPath: metadata.labels['tekton.dev/taskRun'] + volumeMounts: + - name: gerrit-netrc + mountPath: /run/jarvis/gerrit-netrc + subPath: gerrit-netrc + script: | + #!/bin/sh + set -eu -o pipefail -x + + curl \ + --netrc-file /run/jarvis/gerrit-netrc \ + --fail \ + --insecure \ + -L \ + -H "Content-Type: application/json; charset=UTF-8" \ + $(params.repoRoot)/a/changes/$(params.changeNumber)/revisions/$(params.patchSetNumber)/checks/ \ + --data-binary @- << EOF + { + "checker_uuid": "$(params.checkerUUID)", + "state": "SCHEDULED", + "url": "http://{{ .Values.params.tekton.dashboard.host }}/#/namespaces/${JARVIS_TASKRUN_NAMESPACE}/taskruns/${JARVIS_TASKRUN_NAME}", + "message": "Jarvis has started to process the run for change #$(params.changeNumber) ps #$(params.patchSetNumber) to the $(params.project) repo" + } + EOF + volumes: + - name: gerrit-netrc + secret: + secretName: {{ template "helpers.labels.fullname" . }}-gerrit + defaultMode: 0444 + items: + - key: gerrit-netrc + path: gerrit-netrc +... +{{- end -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Task-createRegisterScheduled" ) }} \ No newline at end of file diff --git a/charts/jarvis-system/templates/Task-createSuccess.yaml b/charts/jarvis-system/templates/Task-createSuccess.yaml new file mode 100644 index 00000000..52a4611f --- /dev/null +++ b/charts/jarvis-system/templates/Task-createSuccess.yaml @@ -0,0 +1,59 @@ +{{- define "Task-createSuccess" -}} +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: {{ template "helpers.labels.fullname" . }}-createsuccess +spec: + params: + - name: repoRoot + - name: project + - name: changeNumber + - name: patchSetNumber + - name: checkerUUID + steps: + - name: createsuccess + image: {{ include "helpers.pod.container.image" ( dict "Global" $ "Application" "task_curl" ) }} + env: + - name: "JARVIS_TASKRUN_NAMESPACE" + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: "JARVIS_TASKRUN_NAME" + valueFrom: + fieldRef: + fieldPath: metadata.labels['tekton.dev/taskRun'] + volumeMounts: + - name: gerrit-netrc + mountPath: /run/jarvis/gerrit-netrc + subPath: gerrit-netrc + script: | + #!/bin/sh + set -eu -o pipefail -x + + curl \ + --netrc-file /run/jarvis/gerrit-netrc \ + --fail \ + --insecure \ + -L \ + -H "Content-Type: application/json; charset=UTF-8" \ + $(params.repoRoot)/a/changes/$(params.changeNumber)/revisions/$(params.patchSetNumber)/checks/ \ + --data-binary @- << EOF + { + "checker_uuid": "$(params.checkerUUID)", + "state": "SUCCESSFUL", + "url": "http://{{ .Values.params.tekton.dashboard.host }}/#/namespaces/${JARVIS_TASKRUN_NAMESPACE}/taskruns/${JARVIS_TASKRUN_NAME}", + "message": "Jarvis has successfully processed the run for change #$(params.changeNumber) ps #$(params.patchSetNumber) to the $(params.project) repo" + } + EOF + volumes: + - name: gerrit-netrc + secret: + secretName: {{ template "helpers.labels.fullname" . }}-gerrit + defaultMode: 0444 + items: + - key: gerrit-netrc + path: gerrit-netrc +... +{{- end -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Task-createSuccess" ) }} \ No newline at end of file diff --git a/charts/jarvis-system/templates/TriggerBinding-create.yaml b/charts/jarvis-system/templates/TriggerBinding-create.yaml new file mode 100644 index 00000000..8263f19e --- /dev/null +++ b/charts/jarvis-system/templates/TriggerBinding-create.yaml @@ -0,0 +1,21 @@ +{{- define "TriggerBinding-create" -}} +--- +apiVersion: triggers.tekton.dev/v1alpha1 +kind: TriggerBinding +metadata: + name: {{ template "helpers.labels.fullname" . }}-create +spec: + params: + - name: repoRoot + value: $(body.repoRoot) + - name: project + value: $(body.project) + - name: changeNumber + value: $(body.changeNumber) + - name: patchSetNumber + value: $(body.patchSetNumber) + - name: checkerUUID + value: $(body.checkerUUID) +... +{{- end -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "TriggerBinding-create" ) }} \ No newline at end of file diff --git a/charts/jarvis-system/templates/TriggerBinding-createResult.yaml b/charts/jarvis-system/templates/TriggerBinding-createResult.yaml new file mode 100644 index 00000000..7945ec4a --- /dev/null +++ b/charts/jarvis-system/templates/TriggerBinding-createResult.yaml @@ -0,0 +1,21 @@ +{{- define "TriggerBinding-createResult" -}} +--- +apiVersion: triggers.tekton.dev/v1alpha1 +kind: TriggerBinding +metadata: + name: {{ template "helpers.labels.fullname" . }}-createresult +spec: + params: + - name: repoRoot + value: $(body.pipelineRun.spec.params[?(@.name=='repoRoot')].value) + - name: project + value: $(body.pipelineRun.spec.params[?(@.name=='project')].value) + - name: changeNumber + value: $(body.pipelineRun.spec.params[?(@.name=='changeNumber')].value) + - name: patchSetNumber + value: $(body.pipelineRun.spec.params[?(@.name=='patchSetNumber')].value) + - name: checkerUUID + value: $(body.pipelineRun.spec.params[?(@.name=='checkerUUID')].value) +... +{{- end -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "TriggerBinding-createResult" ) }} \ No newline at end of file diff --git a/charts/jarvis-system/templates/TriggerTemplate-create.yaml b/charts/jarvis-system/templates/TriggerTemplate-create.yaml new file mode 100644 index 00000000..e7c51ed8 --- /dev/null +++ b/charts/jarvis-system/templates/TriggerTemplate-create.yaml @@ -0,0 +1,38 @@ +{{- define "TriggerTemplate-create" -}} +--- +apiVersion: triggers.tekton.dev/v1alpha1 +kind: TriggerTemplate +metadata: + name: {{ template "helpers.labels.fullname" . }}-create +spec: + params: + - name: repoRoot + - name: project + - name: changeNumber + - name: patchSetNumber + - name: checkerUUID + resourcetemplates: + - apiVersion: tekton.dev/v1beta1 + kind: PipelineRun + metadata: + generateName: {{ template "helpers.labels.fullname" . }}-create- + spec: + pipelineRef: + name: {{ template "helpers.labels.fullname" . }}-create + params: + - name: repoRoot + value: $(tt.params.repoRoot) + - name: project + value: $(tt.params.project) + - name: changeNumber + value: $(tt.params.changeNumber) + - name: patchSetNumber + value: $(tt.params.patchSetNumber) + - name: checkerUUID + value: $(tt.params.checkerUUID) + workspaces: + - name: output + emptyDir: {} +... +{{- end -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "TriggerTemplate-create" ) }} \ No newline at end of file diff --git a/charts/jarvis-system/templates/TriggerTemplate-createFailure.yaml b/charts/jarvis-system/templates/TriggerTemplate-createFailure.yaml new file mode 100644 index 00000000..367ce994 --- /dev/null +++ b/charts/jarvis-system/templates/TriggerTemplate-createFailure.yaml @@ -0,0 +1,35 @@ +{{- define "TriggerTemplate-createFailure" -}} +--- +apiVersion: triggers.tekton.dev/v1alpha1 +kind: TriggerTemplate +metadata: + name: {{ template "helpers.labels.fullname" . }}-createfailure +spec: + params: + - name: repoRoot + - name: project + - name: changeNumber + - name: patchSetNumber + - name: checkerUUID + resourcetemplates: + - apiVersion: tekton.dev/v1beta1 + kind: PipelineRun + metadata: + generateName: {{ template "helpers.labels.fullname" . }}-createfailure- + spec: + pipelineRef: + name: {{ template "helpers.labels.fullname" . }}-createfailure + params: + - name: repoRoot + value: $(tt.params.repoRoot) + - name: project + value: $(tt.params.project) + - name: changeNumber + value: $(tt.params.changeNumber) + - name: patchSetNumber + value: $(tt.params.patchSetNumber) + - name: checkerUUID + value: $(tt.params.checkerUUID) +... +{{- end -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "TriggerTemplate-createFailure" ) }} \ No newline at end of file diff --git a/charts/jarvis-system/templates/TriggerTemplate-createSuccess.yaml b/charts/jarvis-system/templates/TriggerTemplate-createSuccess.yaml new file mode 100644 index 00000000..7476b756 --- /dev/null +++ b/charts/jarvis-system/templates/TriggerTemplate-createSuccess.yaml @@ -0,0 +1,35 @@ +{{- define "TriggerTemplate-createSuccess" -}} +--- +apiVersion: triggers.tekton.dev/v1alpha1 +kind: TriggerTemplate +metadata: + name: {{ template "helpers.labels.fullname" . }}-createsuccess +spec: + params: + - name: repoRoot + - name: project + - name: changeNumber + - name: patchSetNumber + - name: checkerUUID + resourcetemplates: + - apiVersion: tekton.dev/v1beta1 + kind: PipelineRun + metadata: + generateName: {{ template "helpers.labels.fullname" . }}-createsuccess- + spec: + pipelineRef: + name: {{ template "helpers.labels.fullname" . }}-createsuccess + params: + - name: repoRoot + value: $(tt.params.repoRoot) + - name: project + value: $(tt.params.project) + - name: changeNumber + value: $(tt.params.changeNumber) + - name: patchSetNumber + value: $(tt.params.patchSetNumber) + - name: checkerUUID + value: $(tt.params.checkerUUID) +... +{{- end -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "TriggerTemplate-createSuccess" ) }} \ No newline at end of file diff --git a/charts/jarvis-system/templates/helpers/_config.tpl b/charts/jarvis-system/templates/helpers/_config.tpl new file mode 100644 index 00000000..f2cf3426 --- /dev/null +++ b/charts/jarvis-system/templates/helpers/_config.tpl @@ -0,0 +1,28 @@ +{{- define "helpers.config.renderer" -}} + {{- $Global := index . "Global" -}} + {{- $key := index . "key" -}} + + {{- $local := dict -}} + {{- $_ := set $local "templateRaw" ( index $Global.Values.config $key ) -}} + + {{- with $Global -}} + {{- if not (kindIs "string" $local.templateRaw) -}} + {{- $_ := set $local "template" ( toString ( toPrettyJson ( $local.templateRaw ) ) ) -}} + {{- $_ := set $local "render" ( toString ( toYaml ( fromJson ( tpl $local.template . ) ) ) ) -}} + {{- else -}} + {{- $_ := set $local "template" $local.templateRaw -}} + {{- $_ := set $local "render" ( tpl $local.template . ) -}} + {{- end }} +{{ printf "%s: |" $key }} +{{ $local.render | indent 2 }} + {{- end -}} +{{- end -}} + + +{{- define "helpers.config.hash" -}} + {{- $name := index . "TemplateName" -}} + {{- $context := index . "Global" -}} + {{- $last := base $context.Template.Name }} + {{- $wtf := $context.Template.Name | replace $last $name -}} + {{- include $wtf $context | sha256sum | quote -}} +{{- end -}} \ No newline at end of file diff --git a/charts/jarvis-system/templates/helpers/_labels.tpl b/charts/jarvis-system/templates/helpers/_labels.tpl new file mode 100644 index 00000000..9c97373e --- /dev/null +++ b/charts/jarvis-system/templates/helpers/_labels.tpl @@ -0,0 +1,49 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "helpers.labels.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "helpers.labels.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "helpers.labels.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Labels to use on {deploy|sts}.spec.selector.matchLabels and svc.spec.selector +*/}} +{{- define "helpers.labels.matchLabels" -}} +app.kubernetes.io/name: {{ include "helpers.labels.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "helpers.labels.labels" -}} +{{ include "helpers.labels.matchLabels" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +helm.sh/chart: {{ include "helpers.labels.chart" . }} +{{- end -}} + diff --git a/charts/jarvis-system/templates/helpers/_pod.tpl b/charts/jarvis-system/templates/helpers/_pod.tpl new file mode 100644 index 00000000..e10d3b11 --- /dev/null +++ b/charts/jarvis-system/templates/helpers/_pod.tpl @@ -0,0 +1,22 @@ + +{{- define "helpers.pod.container.image" -}} + {{- $Global := index . "Global" -}} + {{- $Application := index . "Application" -}} + {{- with index $.Global.Values.images.applications $Application -}} + {{- printf "%s/%s:%s" .repo .name ( .tag | toString ) | quote -}} + {{- end -}} +{{- end -}} + +{{- define "helpers.pod.node_selector" -}} + {{- $Global := index . "Global" -}} + {{- $Application := index . "Application" -}} + {{- with index $.Global.Values.node_labels $Application -}} + {{ if kindIs "slice" . }} + {{ range $k, $item := . }} +{{ $item.key }}: {{ $item.value | quote }} + {{ end }} + {{ else }} +{{ .key }}: {{ .value | quote }} + {{ end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/jarvis-system/templates/helpers/_template.tpl b/charts/jarvis-system/templates/helpers/_template.tpl new file mode 100644 index 00000000..b54f54e3 --- /dev/null +++ b/charts/jarvis-system/templates/helpers/_template.tpl @@ -0,0 +1,107 @@ +{{- define "helpers.template.overlay" -}} + {{- $local := dict -}} + {{/* + By default we merge lists with a 'name' key's values + */}} + {{- $_ := set $local "merge_same_named" true -}} + {{- if kindIs "map" $ -}} + {{- if hasKey $ "merge_same_named" -}} + {{- $_ := set $local "merge_same_named" $.merge_same_named -}} + {{- end -}} + {{- end -}} + {{- $_ := set $local "input" ( fromYaml ( toString ( include $.template_definition $.Global ) ) ) -}} + {{- $target := dict -}} + {{- $overlay_keys := regexSplit "-+" ( trimSuffix ".yaml" ( lower ( base $.Global.Template.Name ) ) ) 2 }} + {{- $_ := set $local "overlay" dict -}} + {{- if hasKey $.Global.Values.over_rides ( index $overlay_keys 0 ) -}} + {{- if hasKey ( index $.Global.Values.over_rides ( index $overlay_keys 0 ) ) ( index $overlay_keys 1 ) -}} + {{- $_ := set $local "overlay" ( index $.Global.Values.over_rides ( index $overlay_keys 0 ) ( index $overlay_keys 1 ) ) -}} + {{- end }} + {{- end }} + {{- range $item := tuple $local.input $local.overlay -}} + {{- $call := dict "target" $target "source" . "merge_same_named" $local.merge_same_named -}} + {{- $_ := include "helpers._merge" $call -}} + {{- $_ := set $local "result" $call.result -}} + {{- end -}} + {{- if kindIs "map" $ -}} + {{- $_ := set $ "result" $local.result -}} + {{- end -}} + {{ $target | toYaml }} +{{- end -}} + +{{- define "helpers._merge" -}} + {{- $local := dict -}} + {{- $_ := set $ "result" $.source -}} + {{/* + TODO: Should we `fail` when trying to merge a collection (map or slice) with + either a different kind of collection or a scalar? + */}} + {{- if and (kindIs "map" $.target) (kindIs "map" $.source) -}} + {{- range $key, $sourceValue := $.source -}} + {{- if not (hasKey $.target $key) -}} + {{- $_ := set $local "newTargetValue" $sourceValue -}} + {{- if kindIs "map" $sourceValue -}} + {{- $copy := dict -}} + {{- $call := dict "target" $copy "source" $sourceValue -}} + {{- $_ := include "helpers._merge.shallow" $call -}} + {{- $_ := set $local "newTargetValue" $copy -}} + {{- end -}} + {{- else -}} + {{- $targetValue := index $.target $key -}} + {{- $call := dict "target" $targetValue "source" $sourceValue "merge_same_named" $.merge_same_named -}} + {{- $_ := include "helpers._merge" $call -}} + {{- $_ := set $local "newTargetValue" $call.result -}} + {{- end -}} + {{- $_ := set $.target $key $local.newTargetValue -}} + {{- end -}} + {{- $_ := set $ "result" $.target -}} + {{- else if and (kindIs "slice" $.target) (kindIs "slice" $.source) -}} + {{- $call := dict "target" $.target "source" $.source -}} + {{- $_ := include "helpers._merge.append_slice" $call -}} + {{- if $.merge_same_named -}} + {{- $_ := set $local "result" list -}} + {{- $_ := set $local "named_items" dict -}} + {{- range $item := $call.result -}} + {{- $_ := set $local "has_name_key" false -}} + {{- if kindIs "map" $item -}} + {{- if hasKey $item "name" -}} + {{- $_ := set $local "has_name_key" true -}} + {{- end -}} + {{- end -}} + {{- if $local.has_name_key -}} + {{- if hasKey $local.named_items $item.name -}} + {{- $named_item := index $local.named_items $item.name -}} + {{- $call := dict "target" $named_item "source" $item "merge_same_named" $.merge_same_named -}} + {{- $_ := include "helpers._merge" $call -}} + {{- else -}} + {{- $copy := dict -}} + {{- $copy_call := dict "target" $copy "source" $item -}} + {{- $_ := include "helpers._merge.shallow" $copy_call -}} + {{- $_ := set $local.named_items $item.name $copy -}} + {{- $_ := set $local "result" (append $local.result $copy) -}} + {{- end -}} + {{- else -}} + {{- $_ := set $local "result" (append $local.result $item) -}} + {{- end -}} + {{- end -}} + {{- else -}} + {{- $_ := set $local "result" $call.result -}} + {{- end -}} + {{- $_ := set $ "result" (uniq $local.result) -}} + {{- end -}} +{{- end -}} + +{{- define "helpers._merge.shallow" -}} + {{- range $key, $value := $.source -}} + {{- $_ := set $.target $key $value -}} + {{- end -}} +{{- end -}} + +{{- define "helpers._merge.append_slice" -}} + {{- $local := dict -}} + {{- $_ := set $local "result" $.target -}} + {{- range $value := $.source -}} + {{- $_ := set $local "result" (append $local.result $value) -}} + {{- end -}} + {{- $_ := set $ "result" $local.result -}} +{{- end -}} diff --git a/charts/jarvis-system/values.schema.json b/charts/jarvis-system/values.schema.json new file mode 100644 index 00000000..6bbee4ef --- /dev/null +++ b/charts/jarvis-system/values.schema.json @@ -0,0 +1,93 @@ +{ + "$id": "https://example.com/arrays.schema.json", + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "A helm charts image references", + "type": "object", + "properties": { + "images": { + "type": "object", + "additionalProperties": false, + "required": [ + "applications", + "pull" + ], + "properties": { + "applications": { + "type": "object", + "additionalProperties": { + "type": "object", + "required": [ + "tag", + "name", + "repo" + ], + "additionalProperties": false, + "properties": { + "tag": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ], + "description": "The image tag." + }, + "name": { + "type": "string", + "description": "The image name." + }, + "repo": { + "type": "string", + "description": "The image repo." + } + } + } + }, + "pull": { + "type": "object", + "additionalProperties": false, + "required": [ + "policy" + ], + "properties": { + "policy": { + "type": "string", + "enum": [ + "Always", + "IfNotPresent", + "Never" + ] + } + } + } + } + }, + "config": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "params": { + "type": "object", + "additionalProperties": { + "type": "object" + } + }, + "over_rides": { + "type": "object", + "additionalProperties": { + "type": "object" + } + } + } +} \ No newline at end of file diff --git a/charts/jarvis-system/values.yaml b/charts/jarvis-system/values.yaml new file mode 100644 index 00000000..bbfd775c --- /dev/null +++ b/charts/jarvis-system/values.yaml @@ -0,0 +1,43 @@ +# Default values for dex-aio. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +images: + applications: + connector: + tag: latest + name: attcomdev/jarvis-connector + repo: quay.io + task_git: + tag: v0.18.1 + name: tekton-releases/github.com/tektoncd/pipeline/cmd/git-init + repo: gcr.io + task_curl: + tag: "3.8" + name: evl.ms/curl + repo: quay.io + pull: + policy: Always + +node_labels: + connector: + key: kubernetes.io/os + value: linux + +over_rides: {} + +params: + gerrit: + user: jarvis + password: password + host: gerrit.jarvis.local + tekton: + dashboard: + host: tekton.jarvis.local + endpoints: + hostname: el-jarvis-system.jarvis-system.svc.cluster.local + tls: + cert_manager: true + issuer: + name: jarvis-ca-issuer + kind: ClusterIssuer \ No newline at end of file diff --git a/charts/tekton-pipelines/values_overrides/default.yaml b/charts/tekton-pipelines/values_overrides/default.yaml new file mode 100644 index 00000000..fa0753b0 --- /dev/null +++ b/charts/tekton-pipelines/values_overrides/default.yaml @@ -0,0 +1,4 @@ +controller: + conf: + defaults: + default_cloud_events_sink: http://el-jarvis-system.jarvis-system.svc.cluster.local:8080/ \ No newline at end of file diff --git a/charts/tekton-triggers/values.yaml b/charts/tekton-triggers/values.yaml index 9703430a..645e74f6 100644 --- a/charts/tekton-triggers/values.yaml +++ b/charts/tekton-triggers/values.yaml @@ -54,15 +54,15 @@ images: tekton_controller: name: tektoncd/triggers/cmd/controller repo: gcr.io/tekton-releases/github.com - tag: v0.10.1 + tag: v0.10.2 tekton_eventlistener: name: tektoncd/triggers/cmd/eventlistenersink repo: gcr.io/tekton-releases/github.com - tag: v0.10.1 + tag: v0.10.2 tekton_webhook: name: tektoncd/triggers/cmd/webhook repo: gcr.io/tekton-releases/github.com - tag: v0.10.1 + tag: v0.10.2 pull: policy: IfNotPresent diff --git a/tools/deployment/vagrant/Vagrantfile b/tools/deployment/vagrant/Vagrantfile index e85f6543..64b84f0d 100644 --- a/tools/deployment/vagrant/Vagrantfile +++ b/tools/deployment/vagrant/Vagrantfile @@ -40,5 +40,7 @@ Vagrant.configure("2") do |config| ./tools/gate/jarvis/400-deploy-harbor.sh ./tools/gate/jarvis/500-deploy-gerrit.sh ./tools/gate/jarvis/600-deploy-tekton.sh + ./tools/gate/jarvis/700-deploy-jarvis-system.sh + ./tools/gate/jarvis/800-deploy-jarvis-projects.sh SHELL end diff --git a/tools/gate/jarvis/500-deploy-gerrit.sh b/tools/gate/jarvis/500-deploy-gerrit.sh index 4554728a..26a97e06 100755 --- a/tools/gate/jarvis/500-deploy-gerrit.sh +++ b/tools/gate/jarvis/500-deploy-gerrit.sh @@ -15,6 +15,28 @@ function get_repo() { } get_repo "${gerrit_source}" "${repo_remote}" "${repo_sha}" +# TODO: This needs fixed upstream +patch ${gerrit_source}/helm-charts/gerrit/templates/gerrit.stateful-set.yaml <<'EOF' +--- /tmp/tmp.8ZADMTe64b/helm-charts/gerrit/templates/gerrit.stateful-set.yaml 2021-01-16 21:33:32.331105033 +0000 ++++ /tmp/tmp.z8R6CX0Gqg/helm-charts/gerrit/templates/gerrit.stateful-set.yaml 2021-01-16 20:11:36.275929405 +0000 +@@ -57,9 +57,14 @@ + imagePullPolicy: {{ .Values.images.imagePullPolicy }} + command: + - /bin/ash +- - -ce ++ - -cex + args: + - | ++ python3 /var/tools/gerrit-initializer \ ++ -c /var/config/gerrit-init.yaml \ ++ -s /var/gerrit \ ++ init ++ + symlink_config_to_site(){ + for file in /var/mnt/etc/config/* /var/mnt/etc/secret/*; do + ln -sf $file /var/gerrit/etc/$(basename $file) +EOF + function generate_ssh_host_key_override() { local work_dir work_dir="$(mktemp -d)" @@ -59,6 +81,7 @@ kubectl patch -n gerrit svc gerrit-gerrit-service --patch '{ ] } }' +sleep 30 function gerrit_bootstrap() { # Define creds to use for gerrit. @@ -118,6 +141,9 @@ EOF # Give Admins, Service Users and Project Owners voting rights for the Verified Label sed -i '/\[access "refs\/heads\/\*"\]/a\ \ \ \ \ \ \ \ label-Verified = -1..+1 group Administrators\n\ \ \ \ \ \ \ \ label-Verified = -1..+1 group Service Users\n\ \ \ \ \ \ \ \ label-Verified = -1..+1 group Project Owners' project.config + # Give Admins, Service Users and Project Owners voting rights for the Verified Label + sed -i '/\[capability\]/a\ \ \ \ \ \ \ \ checks-administrateCheckers = group Administrators' project.config + # Commit and push config git add . git commit -asm "Create Verified Label" diff --git a/tools/gate/jarvis/600-deploy-tekton.sh b/tools/gate/jarvis/600-deploy-tekton.sh index 4e6941cf..6defe1e9 100755 --- a/tools/gate/jarvis/600-deploy-tekton.sh +++ b/tools/gate/jarvis/600-deploy-tekton.sh @@ -12,98 +12,4 @@ for chart in tekton-pipelines tekton-triggers tekton-dashboard; do $(./tools/deployment/common/get-values-overrides.sh "${chart}") done -function get_yq() { - version=$(curl --silent "https://api.github.com/repos/mikefarah/yq/releases/latest" | grep '"tag_name"' | sed -E 's/.*"([^"]+)".*/\1/') - sudo -E curl -L -o "/usr/local/bin/yq" "https://github.com/mikefarah/yq/releases/download/${version}/yq_linux_amd64" - sudo -E chmod +x "/usr/local/bin/yq" - ls "/usr/local/bin/yq" -} - -./tools/deployment/common/wait-for-pods.sh tekton-pipelines - -function validate() { - - # if we are using the proxy we should place that into the template - if [ -n "${HTTP_PROXY}" ]; then - get_yq - - # Note: This assume syntax of yq >= 4.x - yq eval '(.spec.resourcetemplates[].spec.params[] | select(.name=="httpProxy")).value |= env(HTTP_PROXY)' -i ./tools/gate/jarvis/resources/tekton/yaml/triggertemplates/triggertemplate.yaml - yq eval '(.spec.resourcetemplates[].spec.params[] | select(.name=="httpsProxy")).value |= env(HTTPS_PROXY)' -i ./tools/gate/jarvis/resources/tekton/yaml/triggertemplates/triggertemplate.yaml - yq eval '(.spec.resourcetemplates[].spec.params[] | select(.name=="noProxy")).value |= env(NO_PROXY)' -i ./tools/gate/jarvis/resources/tekton/yaml/triggertemplates/triggertemplate.yaml - fi - - kubectl -n tekton-pipelines apply -f ./tools/gate/jarvis/resources/tekton/yaml/role-resources/secret.yaml - kubectl -n tekton-pipelines apply -f ./tools/gate/jarvis/resources/tekton/yaml/role-resources/serviceaccount.yaml - kubectl -n tekton-pipelines apply -f ./tools/gate/jarvis/resources/tekton/yaml/role-resources/clustertriggerbinding-roles - kubectl -n tekton-pipelines apply -f ./tools/gate/jarvis/resources/tekton/yaml/role-resources/triggerbinding-roles - kubectl -n tekton-pipelines apply -f ./tools/gate/jarvis/resources/tekton/yaml/triggertemplates/triggertemplate.yaml - kubectl -n tekton-pipelines apply -f ./tools/gate/jarvis/resources/tekton/yaml/triggerbindings/triggerbinding.yaml - kubectl -n tekton-pipelines apply -f ./tools/gate/jarvis/resources/tekton/yaml/triggerbindings/triggerbinding-message.yaml - kubectl -n tekton-pipelines apply -f ./tools/gate/jarvis/resources/tekton/yaml/eventlisteners/eventlistener.yaml - kubectl -n tekton-pipelines apply -f ./tools/gate/jarvis/resources/tekton/yaml/example-pipeline.yaml - - # Install the pipeline - kubectl -n tekton-pipelines wait --for=condition=Ready pod --timeout=120s --all - - # Define creds to use for gerrit. - ldap_username="jarvis" - ldap_password="password" - - # Create repo for Jarvis sanity testing - ssh -p 29418 ${ldap_username}@gerrit.jarvis.local gerrit create-project jarvis-sanity --submit-type MERGE_IF_NECESSARY --owner Administrators --empty-commit - - # Configure repo webhook - jarvis_sanity_repo=$(mktemp -d) - pushd "${jarvis_sanity_repo}" - git init - git remote add origin ssh://${ldap_username}@gerrit.jarvis.local:29418/jarvis-sanity.git - git fetch origin refs/meta/config:refs/remotes/origin/meta/config - git checkout meta/config - tee --append project.config <