Reorg manifests

.gitignore

@@ -1,2 +1,3 @@
 pipeline/*secret*.yaml
-listener/*secret*.yaml
+listener/*secret*.yaml
+.history/

README.md

@@ -3,7 +3,7 @@
 First create secrets manually for your private registries (pull and push images) and for the Tekton Trigger webhook.
 
 ## Private Registry Secret
-For example, for your private registries. In this case I am pushing to `quay.io` and also pulling from `registry.redhat.io`.
+For example, for your private registries. In this case we am pushing to `quay.io` and also pulling from `registry.redhat.io`.
 ```yaml
 apiVersion: v1
 data:
@@ -13,21 +13,13 @@ metadata:
  annotations:
  tekton.dev/docker-0: quay.io
  tekton.dev/docker-1: registry.redhat.io
- name: quay
+ name: pull-and-push
 type: kubernetes.io/dockerconfigjson
 ```
 
-Then you need to patch `pipeline` SA with it.
+Then you need to link the secret `pull-and-push` to the `pipeline` SA so it can be used for pulling and pushing images.
 ```bash
-oc edit sa pipeline
-
-kind: ServiceAccount
-metadata:
- name: pipeline
-secrets:
-- name: pipeline-token-n27h8
-- name: pipeline-dockercfg-smhwn
-- name: quay
+oc secret link pipeline pull-and-push --for=pull,mount
 ```
 
 ## Webhook Secret Token
@@ -40,8 +32,4 @@ metadata:
 type: Generic
 stringData:
  secretToken: "123"
-```
-
-
-
-
+```

listener/0-pvc.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: ansible-builder-pvc
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 1Gi
+ volumeMode: Filesystem

listener/2-task-ansible-builder-create.yaml

@@ -0,0 +1,50 @@
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+ name: ansible-builder
+ labels:
+ app.kubernetes.io/version: "0.1"
+ annotations:
+ tekton.dev/pipelines.minVersion: "0.12.0"
+ tekton.dev/displayName: ansible-builder
+ tekton.dev/categories: Build Tools
+ tekton.dev/tags: ansible, ansible-builder, build-tool, automation
+ tekton.dev/platforms: "linux/amd64"
+spec:
+ description: >-
+ Creates a build context (including a Containerfile) from an execution environment spec.
+ This build context is populated with dependencies including requirements files.
+ workspaces:
+ - name: source
+ description: The source workspace where the execution environment code is cloned.
+ params:
+ - description: Execution environment file definition.
+ name: FILENAME
+ type: string
+ default: execution-environment.yml
+ - description: Execution environment build context.
+ name: BUILD_CONTEXT
+ type: string
+ default: context
+ - name: OUTPUT_FILENAME
+ description: Name of file to write image definition to. Either Dockerfile or Containerfile.
+ type: string
+ default: Containerfile
+ - description: ansible-builder output verbosity.
+ name: VERBOSITY
+ type: string
+ default: "2"
+ - name: BUILDER_IMAGE
+ description: The location of the ansible-builder image.
+ type: string
+ default: quay.io/ansible/ansible-builder:latest
+ steps:
+
+ - name: ansible-builder-create
+ workingDir: $(workspaces.source.path)
+ image: $(params.BUILDER_IMAGE)
+ script: |
+ #!/bin/sh
+ set -eux -o
+
+ ansible-builder create -f "$(params.FILENAME)" -c "$(params.BUILD_CONTEXT)" --output-filename "$(params.OUTPUT_FILENAME)" -v "$(params.VERBOSITY)"

listener/3-pipeline-ansible-builder.yaml

@@ -0,0 +1,125 @@
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+ name: ansible-builder
+spec:
+ workspaces:
+ - name: ee-repo
+ params:
+ # Fetch Task
+ - name: git-url
+ type: string
+ description: url of the git repo for the code of deployment
+ default: https://github.com/jtudelag/ansible-execution-environments.git
+ - name: git-revision
+ type: string
+ description: revision to be used from repo of the code for deployment (Commit id)
+ default: main
+ # ansible-builder task
+ - name: ANSIBLE_BUILDER_IMAGE
+ description: The location of the ansible-builder image.
+ type: string
+ default: registry.redhat.io/ansible-automation-platform-21/ansible-builder-rhel8:1.0.1-47
+ - description: Name of the container image to be built
+ name: NAME
+ type: string
+ - description: Tag of the container image to be built
+ name: TAG
+ type: string
+ default: "latest"
+ # Buildah task
+ - description: Path to the directory to use as context for buildah.
+ name: CONTEXT
+ type: string
+ default: "context/"
+ - description: The path to the Dockerfile to execute.
+ name: DOCKERFILE
+ type: string
+ default: "Containerfile"
+ - description: buildah build Args
+ name: BUILD_ARGS
+ type: string
+ default: ""
+ - description: buildah push Args
+ name: PUSH_ARGS
+ type: string
+ default: ""
+ - description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry)
+ name: TLSVERIFY
+ type: string
+ default: "false"
+ tasks:
+
+ - name: fetch-repository
+ taskRef:
+ name: git-clone-1-6-0
+ kind: ClusterTask
+ workspaces:
+ - name: output
+ workspace: ee-repo
+ params:
+ - name: url
+ value: $(params.git-url)
+ - name: deleteExisting
+ value: "true"
+ - name: revision
+ value: $(params.git-revision)
+
+ - name: ansible-builder-create
+ taskRef:
+ name: ansible-builder
+ kind: Task
+ workspaces:
+ - name: source
+ workspace: ee-repo
+ runAfter:
+ - fetch-repository
+ params:
+ - name: BUILDER_IMAGE
+ value: $(params.ANSIBLE_BUILDER_IMAGE)
+
+ - name: build-image-tag
+ taskRef:
+ name: buildah
+ kind: ClusterTask
+ workspaces:
+ - name: source
+ workspace: ee-repo
+ runAfter:
+ - ansible-builder-create
+ params:
+ - name: TLSVERIFY
+ value: "false"
+ - name: IMAGE
+ value: $(params.NAME):$(params.TAG)
+ - name: CONTEXT
+ value: "$(params.CONTEXT)"
+ - name: DOCKERFILE
+ value: "$(params.DOCKERFILE)"
+ - name: BUILD_EXTRA_ARGS
+ value: "$(params.BUILD_ARGS)"
+ - name: PUSH_EXTRA_ARGS
+ value: "$(params.PUSH_ARGS)"
+
+ - name: build-image-latest
+ taskRef:
+ name: buildah
+ kind: ClusterTask
+ workspaces:
+ - name: source
+ workspace: ee-repo
+ runAfter:
+ - ansible-builder-create
+ params:
+ - name: TLSVERIFY
+ value: "false"
+ - name: IMAGE
+ value: $(params.NAME):latest
+ - name: CONTEXT
+ value: "$(params.CONTEXT)"
+ - name: DOCKERFILE
+ value: "$(params.DOCKERFILE)"
+ - name: BUILD_EXTRA_ARGS
+ value: "$(params.BUILD_ARGS)"
+ - name: PUSH_EXTRA_ARGS
+ value: "$(params.PUSH_ARGS)"

listener/1-trigger-template.yaml → listener/5-trigger-template.yaml

@@ -28,14 +28,6 @@ spec:
  value: quay.io/jtudelag/ansible-ee-test
  - name: TAG
  value: $(tt.params.short-id)
- # - name: CONTEXT
- # value: context/
- # - name: DOCKERFILE
- # value: Containerfile
- # - name: BUILD_ARGS
- # value: ''
- # - name: PUSH_ARGS
- # value: ''
  - name: TLSVERIFY
  value: 'false'
  - name: git-url

pipeline/1-task-ansible-builder-create.yaml

@@ -1,27 +1,28 @@
 apiVersion: tekton.dev/v1beta1
 kind: Task
 metadata:
- name: ansible-builder-create
+ name: ansible-builder
  labels:
  app.kubernetes.io/version: "0.1"
  annotations:
- tekton.dev/pipelines.minVersion: "0.21.0"
+ tekton.dev/pipelines.minVersion: "0.12.0"
+ tekton.dev/displayName: ansible-builder
  tekton.dev/categories: Build Tools
- tekton.dev/tags: build-tool
- tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64"
+ tekton.dev/tags: ansible, ansible-builder, build-tool, automation
+ tekton.dev/platforms: "linux/amd64"
 spec:
  description: >-
  Creates a build context (including a Containerfile) from an execution environment spec.
  This build context is populated with dependencies including requirements files.
  workspaces:
  - name: source
- description: The source workspace where the Execution Environment code is cloned.
+ description: The source workspace where the execution environment code is cloned.
  params:
- - description: Execution Environment file definition.
+ - description: Execution environment file definition.
  name: FILENAME
  type: string
  default: execution-environment.yml
- - description: Execution Environment build context.
+ - description: Execution environment build context.
  name: BUILD_CONTEXT
  type: string
  default: context
@@ -44,8 +45,6 @@ spec:
  image: $(params.BUILDER_IMAGE)
  script: |
  #!/bin/sh
- set -eux -o pipefail
-
- env
+ set -eux -o
 
  ansible-builder create -f "$(params.FILENAME)" -c "$(params.BUILD_CONTEXT)" --output-filename "$(params.OUTPUT_FILENAME)" -v "$(params.VERBOSITY)"

pipeline/2-pipeline-ansible-builder.yaml

@@ -35,22 +35,22 @@ spec:
  name: TAG
  type: string
  default: "latest"
- - description: Path to the directory to use as context for buildah.
- name: CONTEXT
- type: string
- default: "context/"
- - description: The path to the Dockerfile to execute.
- name: DOCKERFILE
- type: string
- default: "Containerfile"
- - description: buildah build Args
- name: BUILD_ARGS
- type: string
- default: ""
- - description: buildah push Args
- name: PUSH_ARGS
- type: string
- default: ""
+ # - description: Path to the directory to use as context for buildah.
+ #  name: CONTEXT
+ #  type: string
+ #  default: "context/"
+ # - description: The path to the Dockerfile to execute.
+ #  name: DOCKERFILE
+ #  type: string
+ #  default: "Containerfile"
+ # - description: buildah build Args
+ #  name: BUILD_ARGS
+ #  type: string
+ #  default: ""
+ # - description: buildah push Args
+ #  name: PUSH_ARGS
+ #  type: string
+ #  default: ""
  - description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry)
  name: TLSVERIFY
  type: string
@@ -72,7 +72,7 @@ spec:
  - name: revision
  value: $(params.git-revision)
 
- - name: ansible-builder-create
+ - name: ansible-builder
  taskRef:
  name: ansible-builder-create
  kind: Task