From d5a5d861c5ad1cfbdd3853af30a2da709da9ed7d Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Thu, 13 Jul 2023 20:30:25 -0400 Subject: [PATCH] Switch to doing in-repo pipelines for lighthouse. Since the needs of each project will be different, this seems like a better solution than relying on configs defined in my kubernetes repo. --- .lighthouse/pipeline-rust-test.yaml | 192 +++++++++++++++++++++++ .lighthouse/pipeline-rustfmt.yaml | 233 ++++++++++++++++++++++++++++ .lighthouse/triggers.yaml | 94 +---------- 3 files changed, 431 insertions(+), 88 deletions(-) create mode 100644 .lighthouse/pipeline-rust-test.yaml create mode 100644 .lighthouse/pipeline-rustfmt.yaml diff --git a/.lighthouse/pipeline-rust-test.yaml b/.lighthouse/pipeline-rust-test.yaml new file mode 100644 index 0000000..4963e9e --- /dev/null +++ b/.lighthouse/pipeline-rust-test.yaml @@ -0,0 +1,192 @@ +apiVersion: tekton.dev/v1beta1 +kind: PipelineRun +metadata: + name: rust-test +spec: + pipelineSpec: + params: + - name: image-name + description: The name for the built image + type: string + - name: path-to-image-context + description: The path to the build context + type: string + - name: path-to-dockerfile + description: The path to the Dockerfile + type: string + - name: command + type: array + description: Command to run. + default: [] + - name: args + type: array + description: Arguments passed to command. + default: [] + tasks: + - name: do-stuff + taskSpec: + metadata: {} + stepTemplate: + image: alpine:3.18 + name: "" + resources: + requests: + cpu: 10m + memory: 600Mi + workingDir: /workspace/source + steps: + - image: alpine:3.18 + name: do-stuff-step + script: | + #!/usr/bin/env sh + echo "hello world" + - name: report-pending + taskRef: + name: gitea-set-status + params: + - name: CONTEXT + value: "$(params.JOB_NAME)" + - name: REPO_FULL_NAME + value: "$(params.REPO_OWNER)/$(params.REPO_NAME)" + - name: GITEA_HOST_URL + value: code.fizz.buzz + - name: SHA + value: "$(params.PULL_BASE_SHA)" + - name: DESCRIPTION + value: "Build $(params.JOB_NAME) has started" + - name: STATE + value: pending + - name: TARGET_URL + value: "https://tekton.fizz.buzz/#/namespaces/$(context.pipelineRun.namespace)/pipelineruns/$(context.pipelineRun.name)" + - name: fetch-repository + taskRef: + name: git-clone + workspaces: + - name: output + workspace: git-source + params: + - name: url + value: $(params.REPO_URL) + - name: revision + value: $(params.PULL_BASE_SHA) + - name: deleteExisting + value: "true" + - name: build-image + taskRef: + name: kaniko + params: + - name: IMAGE + value: "$(params.image-name):$(params.PULL_BASE_SHA)" + - name: CONTEXT + value: $(params.path-to-image-context) + - name: DOCKERFILE + value: $(params.path-to-dockerfile) + - name: BUILDER_IMAGE + value: "gcr.io/kaniko-project/executor:v1.12.1" + - name: EXTRA_ARGS + value: + - --cache=true + - --cache-copy-layers + - --cache-repo=harbor.fizz.buzz/kanikocache/cache + - --use-new-run # Should result in a speed-up + - --reproducible # To remove timestamps so layer caching works. + - --snapshot-mode=redo + - --skip-unused-stages=true + - --registry-mirror=dockerhub.dockerhub.svc.cluster.local + workspaces: + - name: source + workspace: git-source + - name: dockerconfig + workspace: docker-credentials + runAfter: + - fetch-repository + - name: run-image + taskRef: + name: run-docker-image + workspaces: + - name: source + workspace: git-source + runAfter: + - build-image + params: + - name: command + value: ["$(params.command[*])"] + - name: args + value: ["$(params.args[*])"] + - name: docker-image + value: "$(params.image-name):$(params.PULL_BASE_SHA)" + finally: + - name: report-success + when: + - input: "$(tasks.status)" + operator: in + values: ["Succeeded", "Completed"] + taskRef: + name: gitea-set-status + params: + - name: CONTEXT + value: "$(params.JOB_NAME)" + - name: REPO_FULL_NAME + value: "$(params.REPO_OWNER)/$(params.REPO_NAME)" + - name: GITEA_HOST_URL + value: code.fizz.buzz + - name: SHA + value: "$(params.PULL_BASE_SHA)" + - name: DESCRIPTION + value: "Build $(params.JOB_NAME) has succeeded" + - name: STATE + value: success + - name: TARGET_URL + value: "https://tekton.fizz.buzz/#/namespaces/$(context.pipelineRun.namespace)/pipelineruns/$(context.pipelineRun.name)" + - name: report-failure + when: + - input: "$(tasks.status)" + operator: in + values: ["Failed"] + taskRef: + name: gitea-set-status + params: + - name: CONTEXT + value: "$(params.JOB_NAME)" + - name: REPO_FULL_NAME + value: "$(params.REPO_OWNER)/$(params.REPO_NAME)" + - name: GITEA_HOST_URL + value: code.fizz.buzz + - name: SHA + value: "$(params.PULL_BASE_SHA)" + - name: DESCRIPTION + value: "Build $(params.JOB_NAME) has failed" + - name: STATE + value: failure + - name: TARGET_URL + value: "https://tekton.fizz.buzz/#/namespaces/$(context.pipelineRun.namespace)/pipelineruns/$(context.pipelineRun.name)" + workspaces: + - name: git-source + - name: docker-credentials + workspaces: + - name: git-source + volumeClaimTemplate: + spec: + storageClassName: "nfs-client" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + subPath: rust-source + - name: docker-credentials + secret: + secretName: harbor-plain + serviceAccountName: build-bot + timeout: 240h0m0s + params: + - name: image-name + value: "harbor.fizz.buzz/private/organic-test" + - name: path-to-image-context + value: docker/organic_test/ + - name: path-to-dockerfile + value: docker/organic_test/Dockerfile + - name: command + value: [cargo, test] + - name: args + value: [--lib, --test, test_loader] diff --git a/.lighthouse/pipeline-rustfmt.yaml b/.lighthouse/pipeline-rustfmt.yaml new file mode 100644 index 0000000..5cf736a --- /dev/null +++ b/.lighthouse/pipeline-rustfmt.yaml @@ -0,0 +1,233 @@ +apiVersion: tekton.dev/v1beta1 +kind: PipelineRun +metadata: + name: rustfmt +spec: + pipelineSpec: + params: + - name: image-name + description: The name for the built image + type: string + - name: path-to-image-context + description: The path to the build context + type: string + - name: path-to-dockerfile + description: The path to the Dockerfile + type: string + - name: command + type: array + description: Command to run. + default: [] + - name: args + type: array + description: Arguments passed to command. + default: [] + - name: GIT_USER_NAME + description: The username for git + type: string + default: "fluxcdbot" + - name: GIT_USER_EMAIL + description: The email for git + type: string + default: "fluxcdbot@users.noreply.github.com" + tasks: + - name: do-stuff + taskSpec: + metadata: {} + stepTemplate: + image: alpine:3.18 + name: "" + resources: + requests: + cpu: 10m + memory: 600Mi + workingDir: /workspace/source + steps: + - image: alpine:3.18 + name: do-stuff-step + script: | + #!/usr/bin/env sh + echo "hello world" + - name: report-pending + taskRef: + name: gitea-set-status + params: + - name: CONTEXT + value: "$(params.JOB_NAME)" + - name: REPO_FULL_NAME + value: "$(params.REPO_OWNER)/$(params.REPO_NAME)" + - name: GITEA_HOST_URL + value: code.fizz.buzz + - name: SHA + value: "$(params.PULL_BASE_SHA)" + - name: DESCRIPTION + value: "Build $(params.JOB_NAME) has started" + - name: STATE + value: pending + - name: TARGET_URL + value: "https://tekton.fizz.buzz/#/namespaces/$(context.pipelineRun.namespace)/pipelineruns/$(context.pipelineRun.name)" + - name: fetch-repository + taskRef: + name: git-clone + workspaces: + - name: output + workspace: git-source + params: + - name: url + value: $(params.REPO_URL) + - name: revision + value: $(params.PULL_BASE_SHA) + - name: deleteExisting + value: "true" + - name: detect-tag + taskRef: + name: detect-tag + workspaces: + - name: repo + workspace: git-source + runAfter: + - fetch-repository + - name: build-image + taskRef: + name: kaniko + params: + - name: IMAGE + value: "$(params.image-name):$(params.PULL_BASE_SHA)" + - name: CONTEXT + value: $(params.path-to-image-context) + - name: DOCKERFILE + value: $(params.path-to-dockerfile) + - name: BUILDER_IMAGE + value: "gcr.io/kaniko-project/executor:v1.12.1" + - name: EXTRA_ARGS + value: + - --cache=true + - --cache-copy-layers + - --cache-repo=harbor.fizz.buzz/kanikocache/cache + - --use-new-run # Should result in a speed-up + - --reproducible # To remove timestamps so layer caching works. + - --snapshot-mode=redo + - --skip-unused-stages=true + - --registry-mirror=dockerhub.dockerhub.svc.cluster.local + workspaces: + - name: source + workspace: git-source + - name: dockerconfig + workspace: docker-credentials + runAfter: + - fetch-repository + - detect-tag + - name: run-image + taskRef: + name: run-docker-image + workspaces: + - name: source + workspace: git-source + runAfter: + - build-image + params: + - name: command + value: ["$(params.command[*])"] + - name: args + value: ["$(params.args[*])"] + - name: docker-image + value: "$(params.image-name):$(params.PULL_BASE_SHA)" + - name: commit-changes + taskRef: + name: git-cli + params: + - name: GIT_USER_NAME + value: $(params.GIT_USER_NAME) + - name: GIT_USER_EMAIL + value: $(params.GIT_USER_EMAIL) + - name: GIT_SCRIPT + value: | + pwd + git config --global --add safe.directory /workspace/source + git_status=$(git status --porcelain) + if [ -n "$git_status" ]; then + git commit -a -m "CI: format rust code." + git push origin HEAD:$(params.PULL_BASE_REF) + else + echo "No changes to commit." + fi + workspaces: + - name: source + workspace: git-source + runAfter: + - run-image + finally: + - name: report-success + when: + - input: "$(tasks.status)" + operator: in + values: ["Succeeded", "Completed"] + taskRef: + name: gitea-set-status + params: + - name: CONTEXT + value: "$(params.JOB_NAME)" + - name: REPO_FULL_NAME + value: "$(params.REPO_OWNER)/$(params.REPO_NAME)" + - name: GITEA_HOST_URL + value: code.fizz.buzz + - name: SHA + value: "$(params.PULL_BASE_SHA)" + - name: DESCRIPTION + value: "Build $(params.JOB_NAME) has succeeded" + - name: STATE + value: success + - name: TARGET_URL + value: "https://tekton.fizz.buzz/#/namespaces/$(context.pipelineRun.namespace)/pipelineruns/$(context.pipelineRun.name)" + - name: report-failure + when: + - input: "$(tasks.status)" + operator: in + values: ["Failed"] + taskRef: + name: gitea-set-status + params: + - name: CONTEXT + value: "$(params.JOB_NAME)" + - name: REPO_FULL_NAME + value: "$(params.REPO_OWNER)/$(params.REPO_NAME)" + - name: GITEA_HOST_URL + value: code.fizz.buzz + - name: SHA + value: "$(params.PULL_BASE_SHA)" + - name: DESCRIPTION + value: "Build $(params.JOB_NAME) has failed" + - name: STATE + value: failure + - name: TARGET_URL + value: "https://tekton.fizz.buzz/#/namespaces/$(context.pipelineRun.namespace)/pipelineruns/$(context.pipelineRun.name)" + workspaces: + - name: git-source + - name: docker-credentials + workspaces: + - name: git-source + volumeClaimTemplate: + spec: + storageClassName: "nfs-client" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + subPath: rust-source + - name: docker-credentials + secret: + secretName: harbor-plain + serviceAccountName: build-bot + timeout: 240h0m0s + params: + - name: image-name + value: "harbor.fizz.buzz/private/organic-fmt" + - name: path-to-image-context + value: docker/cargo_fmt/ + - name: path-to-dockerfile + value: docker/cargo_fmt/Dockerfile + - name: command + value: [cargo, fmt] + - name: args + value: [] diff --git a/.lighthouse/triggers.yaml b/.lighthouse/triggers.yaml index 65fec4e..f3d40c4 100644 --- a/.lighthouse/triggers.yaml +++ b/.lighthouse/triggers.yaml @@ -27,98 +27,16 @@ spec: storage: 10Gi subPath: organic-source params: [] - - name: cargo-fmt - agent: tekton-pipeline - branches: - - ^main$ - - ^master$ - max_concurrency: 1 + - name: rustfmt + source: "pipeline-rustfmt.yaml" # Override https-based url from lighthouse events. clone_uri: "git@code.fizz.buzz:talexander/organic.git" - pipeline_run_spec: - serviceAccountName: build-bot - pipelineRef: - name: cargo-fmt-pipeline - namespace: lighthouse - workspaces: - - name: git-source - volumeClaimTemplate: - spec: - storageClassName: "nfs-client" - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 10Gi - subPath: rust-source - params: [] - - name: build-cargo-fmt - agent: tekton-pipeline branches: - "^v[0-9]+\\.[0-9]+\\.[0-9]+$" - max_concurrency: 1 + - name: rust-test + source: "pipeline-rust-test.yaml" # Override https-based url from lighthouse events. clone_uri: "git@code.fizz.buzz:talexander/organic.git" - pipeline_run_spec: - serviceAccountName: build-bot - pipelineRef: - name: build-docker-pipeline - namespace: lighthouse - workspaces: - - name: git-source - volumeClaimTemplate: - spec: - storageClassName: "nfs-client" - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 10Gi - subPath: git-source - - name: docker-credentials - secret: - secretName: harbor-plain - params: - - name: image-name - value: "harbor.fizz.buzz/private/cargo-fmt" - - name: path-to-image-context - value: docker/cargo_fmt/ - - name: path-to-dockerfile - value: docker/cargo_fmt/Dockerfile - - name: organic-test - agent: tekton-pipeline - branches: + skip_branches: + # We already run on every commit, so running when the semver tags get pushed is causing needless double-processing. - "^v[0-9]+\\.[0-9]+\\.[0-9]+$" - max_concurrency: 1 - # Override https-based url from lighthouse events. - clone_uri: "git@code.fizz.buzz:talexander/organic.git" - pipeline_run_spec: - serviceAccountName: build-bot - pipelineRef: - name: build-docker-and-run - namespace: lighthouse - workspaces: - - name: git-source - volumeClaimTemplate: - spec: - storageClassName: "nfs-client" - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 10Gi - subPath: git-source - - name: docker-credentials - secret: - secretName: harbor-plain - params: - - name: image-name - value: "harbor.fizz.buzz/private/organic-test" - - name: path-to-image-context - value: docker/organic_test/ - - name: path-to-dockerfile - value: docker/organic_test/Dockerfile - - name: command - value: [cargo, test] - - name: args - value: [--lib, --test, test_loader]