Commit 6ee349fa authored by PADRAIC EDWARDS's avatar PADRAIC EDWARDS Committed by GitHub Enterprise
Browse files

Run Secure Kube on dev.console (#16)

* chore: update pipeline params

* chore: update listener

* chore: update pipeline

* chore: update toolchain

* chore: update tekton

* chore: add ibmcloud api
parent c0479312
......@@ -55,6 +55,9 @@ triggers:
type: text
value: ${APP_REPO_BRANCH}
properties:
- type: text
name: ibmcloud-api
value: ${IBMCLOUD_API}
- type: secure
name: toolchain-apikey
value: ${API_KEY}
......
......@@ -37,6 +37,9 @@ triggers:
pull_request: true
eventListener: ${GIT_COMMIT_EVENT_LISTENER_NAME}
properties:
- name: ibmcloud-api
value: ${IBMCLOUD_API}
type: text
- name: apikey
value: ${API_KEY}
type: SECURE
......
......@@ -55,6 +55,9 @@ triggers:
type: text
value: ${APP_REPO_BRANCH}
properties:
- type: text
name: ibmcloud-api
value: ${IBMCLOUD_API}
- type: secure
name: toolchain-apikey
value: ${API_KEY}
......
......@@ -37,6 +37,9 @@ triggers:
pull_request: true
eventListener: ${GIT_COMMIT_EVENT_LISTENER_NAME}
properties:
- name: ibmcloud-api
value: ${IBMCLOUD_API}
type: text
- name: apikey
value: ${API_KEY}
type: SECURE
......
......@@ -144,6 +144,12 @@ services:
$env.template.info.hosted_region !== "" ? 'main': 'master'
APP_REPO_BRANCH: >
$env.template.info.hosted_region !== "" ? 'main': 'master'
IBMCLOUD_API: >
if ( $env.env_id === 'ibm:ys1:us-south') {
"https://test.cloud.ibm.com"
} else {
"https://cloud.ibm.com"
}
execute: false
build:
service_id: pipeline
......@@ -196,6 +202,12 @@ services:
$env.template.info.hosted_region !== "" ? 'main': 'master'
APP_REPO_BRANCH: >
$env.template.info.hosted_region !== "" ? 'main': 'master'
IBMCLOUD_API: >
if ( $env.env_id === 'ibm:ys1:us-south') {
"https://test.cloud.ibm.com"
} else {
"https://cloud.ibm.com"
}
execute: >
$env.pipeline_type === 'tekton' ? 'manual-run' : true
devops-insights:
......
......@@ -5,6 +5,9 @@ metadata:
name: trigger-template-secure-kube
spec:
params:
- name: ibmcloud-api
description: the ibmcloud api
default: https://cloud.ibm.com
- name: repository
description: The git repo
- name: branch
......@@ -82,6 +85,8 @@ spec:
pipelineRef:
name: secure-kube-pipeline
params:
- name: ibmcloud-api
value: $(params.ibmcloud-api)
- name: repository
value: $(params.repository)
- name: branch
......
......@@ -5,6 +5,9 @@ metadata:
name: secure-kube-pipeline
spec:
params:
- name: ibmcloud-api
description: the ibmcloud api
default: https://cloud.ibm.com
- name: repository
description: the git repo containing source code. If empty, the repository url will be found from toolchain
default: ""
......@@ -78,6 +81,8 @@ spec:
taskRef:
name: git-clone-repo
params:
- name: ibmcloud-api
value: $(params.ibmcloud-api)
- name: continuous-delivery-context-secret
value: "secure-properties"
- name: ibmcloud-apikey-secret-key
......@@ -111,6 +116,8 @@ spec:
taskRef:
name: doi-publish-buildrecord
params:
- name: ibmcloud-api
value: $(params.ibmcloud-api)
- name: toolchain-apikey-secret-key
value: "toolchain-apikey"
- name: app-name
......@@ -129,6 +136,8 @@ spec:
params:
- name: pipeline-debug
value: $(params.pipeline-debug)
- name: ibmcloud-api
value: $(params.ibmcloud-api)
workspaces:
- name: artifacts
workspace: pipeline-ws
......@@ -186,6 +195,8 @@ spec:
taskRef:
name: doi-publish-testrecord
params:
- name: ibmcloud-api
value: $(params.ibmcloud-api)
- name: toolchain-apikey-secret-key
value: "toolchain-apikey"
- name: build-number
......@@ -206,6 +217,8 @@ spec:
taskRef:
name: icr-execute-in-dind
params:
- name: ibmcloud-api
value: $(params.ibmcloud-api)
- name: continuous-delivery-context-secret
value: "secure-properties"
- name: container-registry-apikey-secret-key
......@@ -253,6 +266,8 @@ spec:
taskRef:
name: icr-check-va-scan
params:
- name: ibmcloud-api
value: $(params.ibmcloud-api)
- name: continuous-delivery-context-secret
value: "secure-properties"
- name: container-registry-apikey-secret-key
......@@ -279,6 +294,8 @@ spec:
taskRef:
name: doi-publish-testrecord
params:
- name: ibmcloud-api
value: $(params.ibmcloud-api)
- name: toolchain-apikey-secret-key
value: "toolchain-apikey"
- name: build-number
......@@ -299,6 +316,8 @@ spec:
name: iks-deploy-to-kubernetes
runAfter: [vulnerability-advisor]
params:
- name: ibmcloud-api
value: $(params.ibmcloud-api)
- name: shuttle-properties-file
value: "build.properties"
- name: cluster-region
......@@ -347,6 +366,8 @@ spec:
taskRef:
name: toolchain-publish-deployable-mapping
params:
- name: ibmcloud-api
value: $(params.ibmcloud-api)
- name: deployable-type
value: "kubernetes_cluster"
- name: deployable-region-id
......@@ -366,6 +387,8 @@ spec:
name: iks-deploy-to-kubernetes
runAfter: [deploy-to-kubernetes]
params:
- name: ibmcloud-api
value: $(params.ibmcloud-api)
- name: shuttle-properties-file
value: "build.properties"
- name: cluster-region
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment