From 0548571b6bbb44116e9a2577be657e125d6da4d8 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sun, 29 Sep 2024 00:19:22 -0400 Subject: [PATCH] Add a pipeline to build the server image. --- .webhook_bridge/pipeline-build.yaml | 222 ++++++++++++++++++++++++++++ .webhook_bridge/webhook_bridge.toml | 6 + example_tag_webhook_payload.json | 20 +-- example_webhook_payload.json | 30 ++-- src/hook_push.rs | 2 +- src/main.rs | 12 +- src/remote_config.rs | 2 +- 7 files changed, 263 insertions(+), 31 deletions(-) create mode 100644 .webhook_bridge/pipeline-build.yaml diff --git a/.webhook_bridge/pipeline-build.yaml b/.webhook_bridge/pipeline-build.yaml new file mode 100644 index 0000000..330f212 --- /dev/null +++ b/.webhook_bridge/pipeline-build.yaml @@ -0,0 +1,222 @@ +apiVersion: tekton.dev/v1 +kind: PipelineRun +metadata: + name: build +spec: + timeouts: + pipeline: "2h0m0s" + tasks: "1h0m0s" + finally: "0h30m0s" + taskRunTemplate: + serviceAccountName: build-bot + pipelineSpec: + params: + - name: image-name + description: The name for the built image + type: string + - name: path-to-image-context + description: The path to the build context + type: string + - name: path-to-dockerfile + description: The path to the Dockerfile + type: string + tasks: + - name: detect-tag + taskSpec: + metadata: {} + stepTemplate: + image: alpine:3.19 + computeResources: + requests: + cpu: 10m + memory: 600Mi + workingDir: "$(workspaces.repo.path)" + results: + - name: tag + description: The tag to use for the docker container. + steps: + - image: alpine/git:v2.34.2 + name: detect-tag-step + script: | + #!/usr/bin/env sh + set -euo pipefail + git fetch --tags + current_tag=$(git tag --points-at HEAD --list 'v*.*.*') + if [ -z "$current_tag" ]; then + echo "No tag at current commit" + exit 1 + else + echo -n "${current_tag}" | tee $(results.tag.path) + fi + workspaces: + - name: repo + workspace: git-source + runAfter: + - fetch-repository + - name: report-pending + taskRef: + resolver: git + params: + - name: url + value: https://github.com/tektoncd/catalog.git + - name: revision + value: df36b3853a5657fd883015cdbf07ad6466918acf + - name: pathInRepo + value: task/gitea-set-status/0.1/gitea-set-status.yaml + runAfter: + - fetch-repository + params: + - name: CONTEXT + value: "$(params.JOB_NAME)" + - name: REPO_FULL_NAME + value: "$(params.REPO_OWNER)/$(params.REPO_NAME)" + - name: GITEA_HOST_URL + value: code.fizz.buzz + - name: SHA + value: "$(tasks.fetch-repository.results.commit)" + - name: DESCRIPTION + value: "Build $(params.JOB_NAME) has started" + - name: STATE + value: pending + - name: TARGET_URL + value: "https://tekton.fizz.buzz/#/namespaces/$(context.pipelineRun.namespace)/pipelineruns/$(context.pipelineRun.name)" + - name: fetch-repository + taskRef: + resolver: git + params: + - name: url + value: https://github.com/tektoncd/catalog.git + - name: revision + value: df36b3853a5657fd883015cdbf07ad6466918acf + - name: pathInRepo + value: task/git-clone/0.9/git-clone.yaml + workspaces: + - name: output + workspace: git-source + params: + - name: url + value: $(params.REPO_URL) + - name: revision + value: $(params.PULL_BASE_SHA) + - name: deleteExisting + value: "true" + - name: build-image + taskRef: + resolver: git + params: + - name: url + value: https://github.com/tektoncd/catalog.git + - name: revision + value: df36b3853a5657fd883015cdbf07ad6466918acf + - name: pathInRepo + value: task/kaniko/0.6//kaniko.yaml + params: + - name: IMAGE + value: "$(params.image-name):$(tasks.detect-tag.results.tag)" + - name: CONTEXT + value: $(params.path-to-image-context) + - name: DOCKERFILE + value: $(params.path-to-dockerfile) + - name: BUILDER_IMAGE + value: "gcr.io/kaniko-project/executor:v1.12.1" + - name: EXTRA_ARGS + value: + - "--destination=$(params.image-name)" # Also write the :latest image + - --cache=true + - --cache-copy-layers + - --cache-repo=harbor.fizz.buzz/kanikocache/cache + - --use-new-run # Should result in a speed-up + - --reproducible # To remove timestamps so layer caching works. + - --snapshot-mode=redo + - --skip-unused-stages=true + - --registry-mirror=dockerhub.dockerhub.svc.cluster.local + workspaces: + - name: source + workspace: git-source + - name: dockerconfig + workspace: docker-credentials + runAfter: + - detect-tag + finally: + - name: report-success + when: + - input: "$(tasks.status)" + operator: in + values: ["Succeeded", "Completed"] + taskRef: + resolver: git + params: + - name: url + value: https://github.com/tektoncd/catalog.git + - name: revision + value: df36b3853a5657fd883015cdbf07ad6466918acf + - name: pathInRepo + value: task/gitea-set-status/0.1/gitea-set-status.yaml + params: + - name: CONTEXT + value: "$(params.JOB_NAME)" + - name: REPO_FULL_NAME + value: "$(params.REPO_OWNER)/$(params.REPO_NAME)" + - name: GITEA_HOST_URL + value: code.fizz.buzz + - name: SHA + value: "$(tasks.fetch-repository.results.commit)" + - name: DESCRIPTION + value: "Build $(params.JOB_NAME) has succeeded" + - name: STATE + value: success + - name: TARGET_URL + value: "https://tekton.fizz.buzz/#/namespaces/$(context.pipelineRun.namespace)/pipelineruns/$(context.pipelineRun.name)" + - name: report-failure + when: + - input: "$(tasks.status)" + operator: in + values: ["Failed"] + taskRef: + resolver: git + params: + - name: url + value: https://github.com/tektoncd/catalog.git + - name: revision + value: df36b3853a5657fd883015cdbf07ad6466918acf + - name: pathInRepo + value: task/gitea-set-status/0.1/gitea-set-status.yaml + params: + - name: CONTEXT + value: "$(params.JOB_NAME)" + - name: REPO_FULL_NAME + value: "$(params.REPO_OWNER)/$(params.REPO_NAME)" + - name: GITEA_HOST_URL + value: code.fizz.buzz + - name: SHA + value: "$(tasks.fetch-repository.results.commit)" + - name: DESCRIPTION + value: "Build $(params.JOB_NAME) has failed" + - name: STATE + value: failure + - name: TARGET_URL + value: "https://tekton.fizz.buzz/#/namespaces/$(context.pipelineRun.namespace)/pipelineruns/$(context.pipelineRun.name)" + workspaces: + - name: git-source + - name: docker-credentials + workspaces: + - name: git-source + volumeClaimTemplate: + spec: + storageClassName: "nfs-client" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + subPath: rust-source + - name: docker-credentials + secret: + secretName: harbor-plain + params: + - name: image-name + value: "harbor.fizz.buzz/private/webhook-bridge" + - name: path-to-image-context + value: . + - name: path-to-dockerfile + value: docker/webhook_bridge/Dockerfile diff --git a/.webhook_bridge/webhook_bridge.toml b/.webhook_bridge/webhook_bridge.toml index 72734c0..505969f 100644 --- a/.webhook_bridge/webhook_bridge.toml +++ b/.webhook_bridge/webhook_bridge.toml @@ -23,3 +23,9 @@ version = "0.0.1" source = "pipeline-semver.yaml" clone_uri = "git@code.fizz.buzz:talexander/webhook_bridge.git" branches = [ "^main$", "^master$" ] + +[[push]] + name = "build" + source = "pipeline-build.yaml" + clone_uri = "git@code.fizz.buzz:talexander/webhook_bridge.git" + branches = [ "^v[0-9]+\\.[0-9]+\\.[0-9]+$" ] diff --git a/example_tag_webhook_payload.json b/example_tag_webhook_payload.json index b51f63e..8d2cf90 100644 --- a/example_tag_webhook_payload.json +++ b/example_tag_webhook_payload.json @@ -1,14 +1,14 @@ { - "ref": "refs/tags/v0.0.1", + "ref": "refs/tags/v0.0.2", "before": "0000000000000000000000000000000000000000", - "after": "1efd7b1d73b5eb0d9a999e4f4666cda521aa0720", - "compare_url": "https://code.fizz.buzz/talexander/webhook_bridge/compare/0000000000000000000000000000000000000000...1efd7b1d73b5eb0d9a999e4f4666cda521aa0720", + "after": "84fe1ec23ae242cb1bbccbc2ab999c3082f54d45", + "compare_url": "https://code.fizz.buzz/talexander/webhook_bridge/compare/0000000000000000000000000000000000000000...84fe1ec23ae242cb1bbccbc2ab999c3082f54d45", "commits": [], "total_commits": 0, "head_commit": { - "id": "1efd7b1d73b5eb0d9a999e4f4666cda521aa0720", - "message": "Add a semver job to assign an automatically-incrementing version tag to commits to main.\n\nThis automatically increments the patch (3rd) digit, so to update the major or minor version, manually push a tag.\n", - "url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/1efd7b1d73b5eb0d9a999e4f4666cda521aa0720", + "id": "84fe1ec23ae242cb1bbccbc2ab999c3082f54d45", + "message": "Add a pipeline to build the server image.\n", + "url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/84fe1ec23ae242cb1bbccbc2ab999c3082f54d45", "author": { "name": "Tom Alexander", "email": "tom@fizz.buzz", @@ -20,9 +20,9 @@ "username": "" }, "verification": null, - "timestamp": "2024-09-28T23:59:32-04:00", + "timestamp": "2024-09-29T00:19:22-04:00", "added": [ - ".webhook_bridge/pipeline-semver.yaml" + ".webhook_bridge/pipeline-build.yaml" ], "removed": [], "modified": [ @@ -63,7 +63,7 @@ "template": false, "parent": null, "mirror": false, - "size": 334, + "size": 346, "language": "", "languages_url": "https://code.fizz.buzz/api/v1/repos/talexander/webhook_bridge/languages", "html_url": "https://code.fizz.buzz/talexander/webhook_bridge", @@ -82,7 +82,7 @@ "default_branch": "main", "archived": false, "created_at": "2024-07-14T18:48:52Z", - "updated_at": "2024-09-29T03:59:54Z", + "updated_at": "2024-09-29T04:25:36Z", "archived_at": "1970-01-01T00:00:00Z", "permissions": { "admin": true, diff --git a/example_webhook_payload.json b/example_webhook_payload.json index bbdacc9..f502ee8 100644 --- a/example_webhook_payload.json +++ b/example_webhook_payload.json @@ -1,13 +1,13 @@ { "ref": "refs/heads/main", - "before": "b122e6ee992f73be855a9d1cbf8595f6e90418ac", - "after": "1efd7b1d73b5eb0d9a999e4f4666cda521aa0720", - "compare_url": "https://code.fizz.buzz/talexander/webhook_bridge/compare/b122e6ee992f73be855a9d1cbf8595f6e90418ac...1efd7b1d73b5eb0d9a999e4f4666cda521aa0720", + "before": "a2aca6d2f1c85b5d4bef1349230fdaef1683622d", + "after": "84fe1ec23ae242cb1bbccbc2ab999c3082f54d45", + "compare_url": "https://code.fizz.buzz/talexander/webhook_bridge/compare/a2aca6d2f1c85b5d4bef1349230fdaef1683622d...84fe1ec23ae242cb1bbccbc2ab999c3082f54d45", "commits": [ { - "id": "1efd7b1d73b5eb0d9a999e4f4666cda521aa0720", - "message": "Add a semver job to assign an automatically-incrementing version tag to commits to main.\n\nThis automatically increments the patch (3rd) digit, so to update the major or minor version, manually push a tag.\n", - "url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/1efd7b1d73b5eb0d9a999e4f4666cda521aa0720", + "id": "84fe1ec23ae242cb1bbccbc2ab999c3082f54d45", + "message": "Add a pipeline to build the server image.\n", + "url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/84fe1ec23ae242cb1bbccbc2ab999c3082f54d45", "author": { "name": "Tom Alexander", "email": "tom@fizz.buzz", @@ -19,9 +19,9 @@ "username": "" }, "verification": null, - "timestamp": "2024-09-28T23:59:32-04:00", + "timestamp": "2024-09-29T00:19:22-04:00", "added": [ - ".webhook_bridge/pipeline-semver.yaml" + ".webhook_bridge/pipeline-build.yaml" ], "removed": [], "modified": [ @@ -31,9 +31,9 @@ ], "total_commits": 1, "head_commit": { - "id": "1efd7b1d73b5eb0d9a999e4f4666cda521aa0720", - "message": "Add a semver job to assign an automatically-incrementing version tag to commits to main.\n\nThis automatically increments the patch (3rd) digit, so to update the major or minor version, manually push a tag.\n", - "url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/1efd7b1d73b5eb0d9a999e4f4666cda521aa0720", + "id": "84fe1ec23ae242cb1bbccbc2ab999c3082f54d45", + "message": "Add a pipeline to build the server image.\n", + "url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/84fe1ec23ae242cb1bbccbc2ab999c3082f54d45", "author": { "name": "Tom Alexander", "email": "tom@fizz.buzz", @@ -45,9 +45,9 @@ "username": "" }, "verification": null, - "timestamp": "2024-09-28T23:59:32-04:00", + "timestamp": "2024-09-29T00:19:22-04:00", "added": [ - ".webhook_bridge/pipeline-semver.yaml" + ".webhook_bridge/pipeline-build.yaml" ], "removed": [], "modified": [ @@ -88,7 +88,7 @@ "template": false, "parent": null, "mirror": false, - "size": 331, + "size": 343, "language": "", "languages_url": "https://code.fizz.buzz/api/v1/repos/talexander/webhook_bridge/languages", "html_url": "https://code.fizz.buzz/talexander/webhook_bridge", @@ -107,7 +107,7 @@ "default_branch": "main", "archived": false, "created_at": "2024-07-14T18:48:52Z", - "updated_at": "2024-09-29T03:50:36Z", + "updated_at": "2024-09-29T04:14:47Z", "archived_at": "1970-01-01T00:00:00Z", "permissions": { "admin": true, diff --git a/src/hook_push.rs b/src/hook_push.rs index ca3fca9..0399f98 100644 --- a/src/hook_push.rs +++ b/src/hook_push.rs @@ -9,7 +9,7 @@ use serde_json::Value; #[serde(deny_unknown_fields)] pub(crate) struct HookPush { #[serde(rename = "ref")] - ref_field: String, + pub(crate) ref_field: String, before: String, after: String, compare_url: String, diff --git a/src/main.rs b/src/main.rs index e58de93..927336c 100644 --- a/src/main.rs +++ b/src/main.rs @@ -39,7 +39,7 @@ mod kubernetes; mod remote_config; mod webhook; -const EXAMPLE_WEBHOOK_PAYLOAD: &'static str = include_str!("../example_webhook_payload.json"); +const EXAMPLE_WEBHOOK_PAYLOAD: &'static str = include_str!("../example_tag_webhook_payload.json"); #[tokio::main] async fn main() -> Result<(), Box> { @@ -69,9 +69,13 @@ async fn main() -> Result<(), Box> { ) .await?; let remote_config = discover_webhook_bridge_config(&gitea, &repo_tree).await?; - let pipelines = - discover_matching_push_triggers(&gitea, &repo_tree, "refs/heads/main", &remote_config) - .await?; + let pipelines = discover_matching_push_triggers( + &gitea, + &repo_tree, + &webhook_payload.ref_field, + &remote_config, + ) + .await?; run_pipelines(webhook_payload, pipelines, kubernetes_client).await?; diff --git a/src/remote_config.rs b/src/remote_config.rs index d6c7afc..0b50895 100644 --- a/src/remote_config.rs +++ b/src/remote_config.rs @@ -62,7 +62,7 @@ impl RemoteConfig { .iter() .map(|s| Regex::new(s.as_str())) .collect::>()?; - if !push.branches.is_empty() && match_regex.iter().any(|r| r.is_match(branch)) { + if !push.branches.is_empty() && !match_regex.iter().any(|r| r.is_match(branch)) { continue; }