Unverified Commit a8407238 authored by huayuenh's avatar huayuenh Committed by GitHub
Browse files

add support for running from hosted grit (#159)

parent 62e72ac0
......@@ -4,6 +4,10 @@ properties:
- name: IBM_CLOUD_API_KEY
value: ${API_KEY}
type: secure
- name: COMMONS_HOSTED_REGION
value: ${COMMONS_HOSTED_REGION}
type: text
default: "https://raw.githubusercontent.com/open-toolchain/commons/master"
stages:
- name: BUILD
inputs:
......@@ -92,12 +96,11 @@ stages:
# copy the script below into your app code repo (e.g. ./scripts/check_dockerfile.sh) and 'source' it from your pipeline job
# source ./scripts/check_prebuild.sh
# alternatively, you can source it from online script:
# source <(curl -sSL "https://raw.githubusercontent.com/open-toolchain/commons/master/scripts/check_dockerfile.sh")
# source <(curl -sSL "${COMMONS_HOSTED_REGION}/scripts/check_dockerfile.sh")
# ------------------
# source: https://raw.githubusercontent.com/open-toolchain/commons/master/scripts/check_dockerfile.sh
# This script lints Dockerfile.
source <(curl -sSL "https://raw.githubusercontent.com/open-toolchain/commons/master/scripts/check_dockerfile.sh")
source <(curl -sSL "${COMMONS_HOSTED_REGION}/scripts/check_dockerfile.sh")
- name: Check registry
type: builder
build_type: cr
......@@ -114,12 +117,11 @@ stages:
# copy the script below into your app code repo (e.g. ./scripts/check_registry.sh) and 'source' it from your pipeline job
# source ./scripts/check_registry.sh
# alternatively, you can source it from online script:
# source <(curl -sSL "https://raw.githubusercontent.com/open-toolchain/commons/master/scripts/check_registry.sh")
# source <(curl -sSL "${COMMONS_HOSTED_REGION}/scripts/check_registry.sh")
# ------------------
# source: https://raw.githubusercontent.com/open-toolchain/commons/master/scripts/check_registry.sh
# This script checks presence of registry namespace.
source <(curl -sSL "https://raw.githubusercontent.com/open-toolchain/commons/master/scripts/check_registry.sh")
source <(curl -sSL "${COMMONS_HOSTED_REGION}/scripts/check_registry.sh")
- name: Build container image
type: builder
build_type: cr
......@@ -136,14 +138,14 @@ stages:
# copy the script below into your app code repo (e.g. ./scripts/build_image.sh) and 'source' it from your pipeline job
# source ./scripts/build_image.sh
# alternatively, you can source it from online script:
# source <(curl -sSL "https://raw.githubusercontent.com/open-toolchain/commons/master/scripts/build_image.sh")
# source <(curl -sSL "${COMMONS_HOSTED_REGION}/scripts/build_image_buildkit.sh")
# ------------------
# source: https://raw.githubusercontent.com/open-toolchain/commons/master/scripts/build_image.sh
# This script does build a Docker image into IBM Container Service private image registry.
# Minting image tag using format: BUILD_NUMBER-BRANCH-COMMIT_ID-TIMESTAMP
# Also copies information into a build.properties file, so they can be reused later on by other scripts (e.g. image url, chart name, ...)
source <(curl -sSL "https://raw.githubusercontent.com/open-toolchain/commons/master/scripts/build_image_buildkit.sh")
source <(curl -sSL "${COMMONS_HOSTED_REGION}/scripts/build_image_buildkit.sh")
# extract the image digest
ibmcloud cr image-digests --json --restrict ${REGISTRY_NAMESPACE}/${IMAGE_NAME} | jq -c '.[]' > list
......@@ -169,11 +171,12 @@ stages:
# copy the script below into your app code repo (e.g. ./scripts/check_vulnerabilities.sh) and 'source' it from your pipeline job
# source ./scripts/check_vulnerabilities.sh
# alternatively, you can source it from online script:
# source <(curl -sSL "https://raw.githubusercontent.com/open-toolchain/commons/master/scripts/check_vulnerabilities.sh")
# source <(curl -sSL "${COMMONS_HOSTED_REGION}/scripts/check_vulnerabilities.sh")
# ------------------
# source: https://raw.githubusercontent.com/open-toolchain/commons/master/scripts/check_vulnerabilities.sh
# Check for vulnerabilities of built image using Vulnerability Advisor
source <(curl -sSL "https://raw.githubusercontent.com/open-toolchain/commons/master/scripts/check_vulnerabilities.sh")
source <(curl -sSL "${COMMONS_HOSTED_REGION}/scripts/check_vulnerabilities.sh")
- name: DEPLOY
inputs:
- type: job
......@@ -208,13 +211,12 @@ stages:
# copy the script below into your app code repo (e.g. ./scripts/check_and_deploy_kubectl.sh) and 'source' it from your pipeline job
# source ./scripts/check_and_deploy_kubectl.sh
# alternatively, you can source it from online script:
# source <(curl -sSL "https://raw.githubusercontent.com/open-toolchain/commons/master/scripts/check_and_deploy_kubectl.sh")
# source <(curl -sSL "${COMMONS_HOSTED_REGION}/scripts/check_and_deploy_kubectl.sh")
# ------------------
# source: https://raw.githubusercontent.com/open-toolchain/commons/master/scripts/check_and_deploy_kubectl.sh
# This script checks the IBM Container Service cluster is ready, has a namespace configured with access to the private
# image registry (using an IBM Cloud API Key), perform a kubectl deploy of container image and check on outcome.
source <(curl -sSL "https://raw.githubusercontent.com/open-toolchain/commons/master/scripts/check_and_deploy_kubectl.sh")
source <(curl -sSL "${COMMONS_HOSTED_REGION}/scripts/check_and_deploy_kubectl.sh")
- name: Check health
type: deployer
target:
......@@ -229,8 +231,8 @@ stages:
# copy the script below into your app code repo (e.g. ./scripts/check_health.sh) and 'source' it from your pipeline job
# source ./scripts/check_health.sh
# alternatively, you can source it from online script:
# source <(curl -sSL "https://raw.githubusercontent.com/open-toolchain/commons/master/scripts/check_health.sh")
# source <(curl -sSL "${COMMONS_HOSTED_REGION}/scripts/check_health.sh")
# ------------------
# source: https://raw.githubusercontent.com/open-toolchain/commons/master/scripts/check_health.sh
# Check liveness and readiness probes to confirm application is healthy
source <(curl -sSL "https://raw.githubusercontent.com/open-toolchain/commons/master/scripts/check_health.sh")
source <(curl -sSL "${COMMONS_HOSTED_REGION}/scripts/check_health.sh")
......@@ -5,39 +5,39 @@ inputs:
service: ${PIPELINE_REPO}
path: .pipeline
- type: git
branch: master
branch: ${DEFINITIONS_BRANCH}
service: ${TEKTON_CATALOG_REPO}
path: git
- type: git
branch: master
branch: ${DEFINITIONS_BRANCH}
service: ${TEKTON_CATALOG_REPO}
path: container-registry
- type: git
service: ${TEKTON_CATALOG_REPO}
branch: master
branch: ${DEFINITIONS_BRANCH}
path: kubernetes-service
- type: git
service: ${TEKTON_CATALOG_REPO}
branch: master
branch: ${DEFINITIONS_BRANCH}
path: toolchain
- type: git
branch: master
branch: ${DEFINITIONS_BRANCH}
service: ${TEKTON_CATALOG_REPO}
path: cra
- type: git
service: ${TEKTON_CATALOG_REPO}
branch: master
branch: ${DEFINITIONS_BRANCH}
path: devops-insights
- type: git
branch: master
branch: ${DEFINITIONS_BRANCH}
service: ${TEKTON_CATALOG_REPO}
path: linter
- type: git
branch: master
branch: ${DEFINITIONS_BRANCH}
service: ${TEKTON_CATALOG_REPO}
path: tester
- type: git
branch: master
branch: ${DEFINITIONS_BRANCH}
service: ${TEKTON_CATALOG_REPO}
path: utils
triggers:
......@@ -45,7 +45,7 @@ triggers:
name: commit-push
eventListener: ${GIT_COMMIT_EVENT_LISTENER_NAME}
service: ${APP_REPO}
branch: master
branch: ${APP_REPO_BRANCH}
events: { "push": true }
- type: manual
name: manual-run
......@@ -82,3 +82,6 @@ properties:
- name: dev-resource-group
value: ${PROD_RESOURCE_GROUP}
type: text
- name: commons-hosted-region
value: ${COMMONS_HOSTED_REGION}
type: text
......@@ -5,34 +5,34 @@ inputs:
service: ${PIPELINE_REPO}
path: .pr-pipeline
- type: git
branch: master
branch: ${DEFINITIONS_BRANCH}
service: ${TEKTON_CATALOG_REPO}
path: git
- type: git
service: ${TEKTON_CATALOG_REPO}
branch: master
branch: ${DEFINITIONS_BRANCH}
path: toolchain
- type: git
branch: master
branch: ${DEFINITIONS_BRANCH}
service: ${TEKTON_CATALOG_REPO}
path: cra
- type: git
branch: master
branch: ${DEFINITIONS_BRANCH}
service: ${TEKTON_CATALOG_REPO}
path: linter
- type: git
branch: master
branch: ${DEFINITIONS_BRANCH}
service: ${TEKTON_CATALOG_REPO}
path: tester
- type: git
branch: master
branch: ${DEFINITIONS_BRANCH}
service: ${TEKTON_CATALOG_REPO}
path: utils
triggers:
- type: git
name: Git PR Trigger
service: ${APP_REPO}
branch: master
branch: ${APP_REPO_BRANCH}
events:
pull_request: true
eventListener: ${GIT_COMMIT_EVENT_LISTENER_NAME}
......
......@@ -82,3 +82,6 @@ properties:
- name: dev-resource-group
value: ${PROD_RESOURCE_GROUP}
type: text
- name: commons-hosted-region
value: ${COMMONS_HOSTED_REGION}
type: text
......@@ -26,6 +26,7 @@ template:
"[" + $env.branch + "]" +
"(" + $env.repository +
"/tree/" + $env.branch + ")"
hosted_region: ""
toolchain:
name: "kube-toolchain-{{timestamp}}"
template:
......@@ -38,11 +39,13 @@ services:
parameters:
repo_name: "hello-containers-{{timestamp}}"
repo_url: >
$env.type === 'link' ?
$env.app_repo : 'https://github.com/open-toolchain/hello-containers'
$env.type === 'link' ?
$env.app_repo : $env.template.info.hosted_region !== "" ? 'https://{{template.info.hosted_region}}.git.cloud.ibm.com/open-toolchain/hello-containers':
'https://github.com/open-toolchain/hello-containers'
source_repo_url: >
$env.type === 'fork' || $env.type === 'clone' ?
$env.app_repo : 'https://github.com/open-toolchain/hello-containers'
$env.app_repo : $env.template.info.hosted_region !== "" ? 'https://{{template.info.hosted_region}}.git.cloud.ibm.com/open-toolchain/hello-containers':
'https://github.com/open-toolchain/hello-containers'
type: $env.type || 'clone'
has_issues: true
enable_traceability: true
......@@ -52,8 +55,18 @@ services:
$env.pipeline_type !== 'tekton' ? '' : $env.source_provider ? $env.source_provider : 'hostedgit'
parameters:
repo_name: "secure-kube-toolchain-{{timestamp}}"
repo_url: $env.repository
source_repo_url: "https://github.com/open-toolchain/secure-kube-toolchain"
repo_url: >
if ( $env.template.info.hosted_region !== "" ) {
"https://{{template.info.hosted_region}}.git.cloud.ibm.com/open-toolchain/secure-kube-toolchain"
} else {
"https://github.com/open-toolchain/secure-kube-toolchain"
}
source_repo_url: >
if ( $env.template.info.hosted_region !== "" ) {
"https://{{template.info.hosted_region}}.git.cloud.ibm.com/open-toolchain/secure-kube-toolchain"
} else {
"https://github.com/open-toolchain/secure-kube-toolchain"
}
type: $env.type || 'clone'
has_issues: false
enable_traceability: false
......@@ -64,8 +77,18 @@ services:
$env.pipeline_type !== 'tekton' ? '' : $env.source_provider ? $env.source_provider : 'hostedgit'
parameters:
repo_name: 'tekton-catalog-{{timestamp}}'
repo_url: "https://github.com/open-toolchain/tekton-catalog"
source_repo_url: "https://github.com/open-toolchain/tekton-catalog"
repo_url: >
if ( $env.template.info.hosted_region !== "" ) {
"https://{{template.info.hosted_region}}.git.cloud.ibm.com/open-toolchain/tekton-catalog"
} else {
"https://github.com/open-toolchain/tekton-catalog"
}
source_repo_url: >
if ( $env.template.info.hosted_region !== "" ) {
"https://{{template.info.hosted_region}}.git.cloud.ibm.com/open-toolchain/tekton-catalog"
} else {
"https://github.com/open-toolchain/tekton-catalog"
}
type: 'clone'
has_issues: false
enable_traceability: false
......@@ -101,7 +124,8 @@ services:
ARTIFACTORY_DOCKER_CONFIG_JSON: '{{form.artifactoryComp.parameters.docker_config_json}}'
PRIVATE_WORKER: '{{services.privateWorker.parameters.name}}'
PIPELINE_REPO_BRANCH: >
$env.branch ? $env.branch : "master"
$env.branch ? $env.branch :
$env.template.info.hosted_region !== "" ? 'main': 'master'
TEKTON_CATALOG_REPO: tekton-catalog-repo
REGISTRY_REGION_ID: "{{form.pipeline.parameters.registry-region}}"
REGISTRY_NAMESPACE: "{{form.pipeline.parameters.registry-namespace}}"
......@@ -117,6 +141,13 @@ services:
} else {
'gitlab-pr-listener';
}
COMMONS_HOSTED_REGION: >
$env.template.info.hosted_region !== "" ? 'https://{{template.info.hosted_region}}.git.cloud.ibm.com/open-toolchain/commons/-/raw/main':
'https://raw.githubusercontent.com/open-toolchain/commons/master'
DEFINITIONS_BRANCH: >
$env.template.info.hosted_region !== "" ? 'main': 'master'
APP_REPO_BRANCH: >
$env.template.info.hosted_region !== "" ? 'main': 'master'
execute: false
build:
service_id: pipeline
......@@ -165,7 +196,8 @@ services:
}
PIPELINE_REPO: pipeline-repo
PIPELINE_REPO_BRANCH: >
$env.branch ? $env.branch : "master"
$env.branch ? $env.branch :
$env.template.info.hosted_region !== "" ? 'main': 'master'
TEKTON_CATALOG_REPO: tekton-catalog-repo
GIT_COMMIT_EVENT_LISTENER_NAME: >
if ( $env.source_provider === 'githubconsolidated' ) {
......@@ -179,6 +211,13 @@ services:
} else {
'grit-or-gitlab-commit';
}
COMMONS_HOSTED_REGION: >
$env.template.info.hosted_region !== "" ? 'https://{{template.info.hosted_region}}.git.cloud.ibm.com/open-toolchain/commons/-/raw/main':
'https://raw.githubusercontent.com/open-toolchain/commons/master'
DEFINITIONS_BRANCH: >
$env.template.info.hosted_region !== "" ? 'main': 'master'
APP_REPO_BRANCH: >
$env.template.info.hosted_region !== "" ? 'main': 'master'
execute: >
$env.pipeline_type === 'tekton' ? 'manual-run' : true
devops-insights:
......
......@@ -50,6 +50,8 @@ spec:
- name: dev-resource-group
- name: dev-cluster-namespace
description: namespace dev
- name: commons-hosted-region
default: ""
resourcetemplates:
- apiVersion: v1
kind: PersistentVolumeClaim
......@@ -110,6 +112,8 @@ spec:
value: $(params.dev-cluster-namespace)
- name: pipeline-debug
value: $(params.pipeline-debug)
- name: commons-hosted-region
value: $(params.commons-hosted-region)
workspaces:
- name: pipeline-ws
persistentVolumeClaim:
......
......@@ -54,6 +54,8 @@ spec:
description: the namespace
- name: pipeline-debug
default: "0"
- name: commons-hosted-region
default: "https://raw.githubusercontent.com/open-toolchain/commons/master"
workspaces:
- name: pipeline-ws
tasks:
......@@ -305,13 +307,13 @@ spec:
# copy the script below into your app code repo (e.g. ./scripts/check_and_deploy_kubectl.sh) and 'source' it from your pipeline job
# source ./scripts/check_and_deploy_kubectl.sh
# alternatively, you can source it from online script:
# source <(curl -sSL "https://raw.githubusercontent.com/open-toolchain/commons/master/scripts/check_and_deploy_kubectl.sh")
# source <(curl -sSL "$(params.commons-hosted-region)/scripts/check_and_deploy_kubectl.sh")
# ------------------
# source: https://raw.githubusercontent.com/open-toolchain/commons/master/scripts/check_and_deploy_kubectl.sh
# This script checks the IBM Container Service cluster is ready, has a namespace configured with access to the private
# image registry (using an IBM Cloud API Key), perform a kubectl deploy of container image and check on outcome.
source <(curl -sSL "https://raw.githubusercontent.com/open-toolchain/commons/master/scripts/check_and_deploy_kubectl.sh")
source <(curl -sSL "$(params.commons-hosted-region)/scripts/check_and_deploy_kubectl.sh")
- name: post-execution-script
value: |
# Keep APP_URL in build.properties shuttle file
......@@ -365,11 +367,10 @@ spec:
# copy the script below into your app code repo (e.g. ./scripts/check_health.sh) and 'source' it from your pipeline job
# source ./scripts/check_health.sh
# alternatively, you can source it from online script:
# source <(curl -sSL "https://raw.githubusercontent.com/open-toolchain/commons/master/scripts/check_health.sh")
# source <(curl -sSL "$(params.commons-hosted-region)/scripts/check_health.sh"")
# ------------------
# source: https://raw.githubusercontent.com/open-toolchain/commons/master/scripts/check_health.sh
# Check liveness and readiness probes to confirm application is healthy
source <(curl -sSL "https://raw.githubusercontent.com/open-toolchain/commons/master/scripts/check_health.sh")
source <(curl -sSL "$(params.commons-hosted-region)/scripts/check_health.sh")
- name: pipeline-debug
value: $(params.pipeline-debug)
workspaces:
......
......@@ -60,6 +60,8 @@ spec:
- name: project-id
description: project id
default: ""
- name: commons-hosted-region
default: ""
resourcetemplates:
- apiVersion: v1
kind: PersistentVolumeClaim
......@@ -129,7 +131,9 @@ spec:
- name: scm-type
value: $(params.scm-type)
- name: project-id
value: $(params.project-id)
value: $(params.project-id)
- name: commons-hosted-region
value: $(params.commons-hosted-region)
workspaces:
- name: pipeline-ws
persistentVolumeClaim:
......
......@@ -60,6 +60,8 @@ spec:
- name: registry-create-namespace
description: create container registry namespace if it doesn't already exists
default: "true"
- name: commons-hosted-region
default: "https://raw.githubusercontent.com/open-toolchain/commons/master"
workspaces:
- name: pipeline-ws
tasks:
......@@ -407,13 +409,13 @@ spec:
# copy the script below into your app code repo (e.g. ./scripts/check_and_deploy_kubectl.sh) and 'source' it from your pipeline job
# source ./scripts/check_and_deploy_kubectl.sh
# alternatively, you can source it from online script:
# source <(curl -sSL "https://raw.githubusercontent.com/open-toolchain/commons/master/scripts/check_and_deploy_kubectl.sh")
# source <(curl -sSL "$(params.commons-hosted-region)/scripts/check_and_deploy_helm3.sh")
# ------------------
# source: https://raw.githubusercontent.com/open-toolchain/commons/master/scripts/check_and_deploy_kubectl.sh
# This script checks the IBM Container Service cluster is ready, has a namespace configured with access to the private
# image registry (using an IBM Cloud API Key), perform a kubectl deploy of container image and check on outcome.
source <(curl -sSL "https://raw.githubusercontent.com/open-toolchain/commons/master/scripts/check_and_deploy_kubectl.sh")
source <(curl -sSL "$(params.commons-hosted-region)/scripts/check_and_deploy_kubectl.sh")
- name: post-execution-script
value: |
# Keep APP_URL in build.properties shuttle file
......@@ -467,11 +469,10 @@ spec:
# copy the script below into your app code repo (e.g. ./scripts/check_health.sh) and 'source' it from your pipeline job
# source ./scripts/check_health.sh
# alternatively, you can source it from online script:
# source <(curl -sSL "https://raw.githubusercontent.com/open-toolchain/commons/master/scripts/check_health.sh")
# source <(curl -sSL "$(params.commons-hosted-region)/scripts/check_health.sh")
# ------------------
# source: https://raw.githubusercontent.com/open-toolchain/commons/master/scripts/check_health.sh
# Check liveness and readiness probes to confirm application is healthy
source <(curl -sSL "https://raw.githubusercontent.com/open-toolchain/commons/master/scripts/check_health.sh")
source <(curl -sSL "$(params.commons-hosted-region)/scripts/check_health.sh")
- name: pipeline-debug
value: $(params.pipeline-debug)
workspaces:
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment