diff --git a/README.md b/README.md index 9754c8c..63ff4e5 100644 --- a/README.md +++ b/README.md @@ -8,4 +8,10 @@ This repository is a collection of software and documentation templates for the ## documentation-templates -The documentation templates provide recommended structure and integration documentation with the Orchestrator deployment. \ No newline at end of file +The documentation templates provide recommended structure and integration documentation with the Orchestrator deployment. + +## pre-requisites +In case of `Tekton` CI pipeline, the secrets `K8S_CLUSTER_URL` and `K8S_SECRET` are used by the GitHub action that deploys the Tekton +resources. Please provide organization-level configuration for these secrets and ensure that they can be managed by the newly created repositories according to the visibility options (currently set to `public`). + +The value of the `K8S_SECRET` secret must comply with the specification provided in [Service account approach](https://github.com/Azure/k8s-set-context/tree/releases/v1?tab=readme-ov-file#service-account-approach) for the `azure/k8s-set-context` action. \ No newline at end of file diff --git a/scaffolder-templates/basic-workflow/.github/workflows/deploy.yaml b/scaffolder-templates/basic-workflow/.github/workflows/deploy.yaml new file mode 100644 index 0000000..8750298 --- /dev/null +++ b/scaffolder-templates/basic-workflow/.github/workflows/deploy.yaml @@ -0,0 +1,45 @@ +# Requirement: add a K8S_SECRET secret to your organization with the SA token +# Bind the SA with a cluster-admin Role +# oc get secret backstage-k8s-token-4l5xv -n backstage-system -oyaml > secret.yaml +# gh secret --repo parodos-dev/test-swf set K8S_SECRET tekton/trigger + # git config --global user.email "${{ github.actor }}@users.noreply.github.com" + # git config --global user.name "${{ github.actor }}" + # git add tekton/trigger + # git commit --no-verify -m "Webhook trigger" + # - name: Push changes + # uses: ad-m/github-push-action@master + # with: + # github_token: ${{ secrets.GITHUB_TOKEN }} + # branch: ${{ github.ref }} + \ No newline at end of file diff --git a/scaffolder-templates/basic-workflow/skeleton/catalog-info.yaml b/scaffolder-templates/basic-workflow/skeleton/catalog-info.yaml new file mode 100644 index 0000000..207a9a2 --- /dev/null +++ b/scaffolder-templates/basic-workflow/skeleton/catalog-info.yaml @@ -0,0 +1,16 @@ +apiVersion: backstage.io/v1alpha1 +kind: Component +metadata: + name: ${{ values.workflowId }} + description: ${{ values.description }} + annotations: + backstage.io/kubernetes-namespace: ${{ values.namespace }} + backstage.io/kubernetes-id: ${{ values.workflowId }}-ci + janus-idp.io/tekton: ${{ values.workflowId }} + backstage.io/techdocs-ref: dir:. + github.com/project-slug: ${{ values.orgName }}/${{ values.repoName }} +spec: + type: ${{ values.applicationType }} + system: ${{ values.system }} + lifecycle: ${{ values.lifecycle }} + owner: ${{ values.owner }} \ No newline at end of file diff --git a/scaffolder-templates/basic-workflow/skeleton/src/main/resources/application.properties b/scaffolder-templates/basic-workflow/skeleton/src/main/resources/application.properties index b8c9746..475ec34 100644 --- a/scaffolder-templates/basic-workflow/skeleton/src/main/resources/application.properties +++ b/scaffolder-templates/basic-workflow/skeleton/src/main/resources/application.properties @@ -1,2 +1,2 @@ # This is to enable debugging of HTTP request -quarkus.log.category.\"org.apache.http\".level=INFO \ No newline at end of file +quarkus.log.category.\"org.apache.http\".level=INFO diff --git a/scaffolder-templates/basic-workflow/skeleton/tekton/.helmignore b/scaffolder-templates/basic-workflow/skeleton/tekton/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/scaffolder-templates/basic-workflow/skeleton/tekton/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/scaffolder-templates/basic-workflow/skeleton/tekton/Chart.yaml b/scaffolder-templates/basic-workflow/skeleton/tekton/Chart.yaml deleted file mode 100644 index c5fd0b4..0000000 --- a/scaffolder-templates/basic-workflow/skeleton/tekton/Chart.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v2 -name: ${{ values.workflowId }} -description: A Helm chart to install the Tekton pipeline for workflow ${{ values.workflowId }} - -type: application - -version: ${{ values.version }} -appVersion: ${{ values.version }} diff --git a/scaffolder-templates/basic-workflow/skeleton/tekton/values.yaml b/scaffolder-templates/basic-workflow/skeleton/tekton/values.yaml deleted file mode 100644 index b4e2426..0000000 --- a/scaffolder-templates/basic-workflow/skeleton/tekton/values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -namespace: sonataflow-infra -workflowId: ${{ values.workflowId }} -gitUrl: ${{ values.workflowId }} -gitConfigUrl: ${{ values.workflowId }} -convertToFlat: 'true' \ No newline at end of file diff --git a/scaffolder-templates/basic-workflow/tekton/eventlistener.yaml b/scaffolder-templates/basic-workflow/tekton/eventlistener.yaml new file mode 100644 index 0000000..16e67f8 --- /dev/null +++ b/scaffolder-templates/basic-workflow/tekton/eventlistener.yaml @@ -0,0 +1,25 @@ +# From https://github.com/parodos-dev/red-hat-developer-hub-software-templates/blob/tekton-demo/skeletons/tekton/tekton/eventlistener.yaml +--- +apiVersion: triggers.tekton.dev/v1beta1 +kind: EventListener +metadata: + name: ${{ values.workflowId }}-el + namespace: ${{ values.namespace }} +spec: + triggers: + - bindings: + - kind: ClusterTriggerBinding + ref: github-push + interceptors: + - params: + - name: eventTypes + value: ["push"] + ref: + name: github + - params: + - name: filter + value: body.ref == 'refs/heads/main' + ref: + name: cel + template: + ref: ${{ values.workflowId }}-run-pipeline \ No newline at end of file diff --git a/scaffolder-templates/basic-workflow/tekton/route.yaml b/scaffolder-templates/basic-workflow/tekton/route.yaml new file mode 100644 index 0000000..24616c3 --- /dev/null +++ b/scaffolder-templates/basic-workflow/tekton/route.yaml @@ -0,0 +1,21 @@ +# From https://github.com/parodos-dev/red-hat-developer-hub-software-templates/blob/tekton-demo/skeletons/tekton/tekton/eventlistener.yaml +--- +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: webhook-${{ values.workflowId }}-el + namespace: ${{ values.namespace }} + labels: + app.kubernetes.io/managed-by: EventListener + app.kubernetes.io/part-of: Triggers + eventlistener: ${{ values.repoName }}-el +spec: + to: + kind: Service + name: el-${{ values.workflowId }}-el + weight: 100 + port: + targetPort: http-listener + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge diff --git a/scaffolder-templates/basic-workflow/skeleton/tekton/templates/trigger.yaml b/scaffolder-templates/basic-workflow/tekton/trigger.yaml similarity index 51% rename from scaffolder-templates/basic-workflow/skeleton/tekton/templates/trigger.yaml rename to scaffolder-templates/basic-workflow/tekton/trigger.yaml index 3be396f..bcf7fb7 100644 --- a/scaffolder-templates/basic-workflow/skeleton/tekton/templates/trigger.yaml +++ b/scaffolder-templates/basic-workflow/tekton/trigger.yaml @@ -3,8 +3,8 @@ apiVersion: triggers.tekton.dev/v1beta1 kind: TriggerTemplate metadata: - name: ${{ values.repoName }}-run-pipeline - namespace: ${{ .Values.namespace }} + name: ${{ values.workflowId }}-run-pipeline + namespace: ${{ values.namespace }} spec: params: - name: git-revision @@ -16,14 +16,13 @@ spec: - apiVersion: tekton.dev/v1 kind: PipelineRun metadata: - # TODO: add workflow Id someway - name: ${{ values.repoName }}-pipeline-$(uid) + name: ${{ values.workflowId }}-pipeline-$(uid) labels: - backstage.io/kubernetes-id: __PLACEHOLDER__ + backstage.io/kubernetes-id: ${{ values.workflowId }}-ci spec: params: - name: gitUrl - value: ${{ values.repoName }} + value: ${{ values.gitUrl }} - name: gitConfigUrl value: ${{ values.gitConfigUrl }} - name: workflowId @@ -54,48 +53,4 @@ spec: secretName: docker-credentials - name: ssh-creds secret: - secretName: git-ssh-credentials ---- -apiVersion: triggers.tekton.dev/v1beta1 -kind: EventListener -metadata: - name: ${{ values.repoName }}-el - namespace: ${{ .Values.namespace }} -spec: - triggers: - - bindings: - - kind: ClusterTriggerBinding - ref: github-push - interceptors: - - params: - - name: eventTypes - value: ["push"] - ref: - name: github - - params: - - name: filter - value: body.ref == 'refs/heads/main' - ref: - name: cel - template: - ref: ${{ values.repoName }}-run-pipeline ---- -kind: Route -apiVersion: route.openshift.io/v1 -metadata: - name: webhook-${{ values.repoName }}-el - namespace: ${{ .Values.namespace }} - labels: - app.kubernetes.io/managed-by: EventListener - app.kubernetes.io/part-of: Triggers - eventlistener: ${{ values.repoName }}-el -spec: - to: - kind: Service - name: el-${{ values.repoName }}-el - weight: 100 - port: - targetPort: http-listener - tls: - insecureEdgeTerminationPolicy: Redirect - termination: edge + secretName: git-ssh-credentials \ No newline at end of file diff --git a/scaffolder-templates/basic-workflow/template.yaml b/scaffolder-templates/basic-workflow/template.yaml index 04ccc63..8a8a2f4 100644 --- a/scaffolder-templates/basic-workflow/template.yaml +++ b/scaffolder-templates/basic-workflow/template.yaml @@ -33,20 +33,23 @@ spec: title: Organization Name type: string ui:autofocus: true - description: Github organization Name + description: Github Organization Name repoName: title: Repository Name type: string description: Github repository name + default: onboarding description: title: Description type: string description: Description added to the README file + default: A workflow for onboarding applications to OCP cluster workflowId: title: Workflow ID type: string - pattern: '^([a-zA-Z][a-zA-Z0-9]*)([.][a-zA-Z0-9]+)*$' + pattern: '^([a-zA-Z][a-zA-Z0-9]*)([-.]?[a-zA-Z0-9]+)*$' description: Unique identifier of the workflow in SonataFlow + default: onboarding workflowType: title: Workflow Type type: string @@ -54,6 +57,7 @@ spec: enum: - assessment - infrastructure + default: infrastructure owner: title: Owner type: string @@ -63,6 +67,7 @@ spec: kind: - Group - User + default: user:guest system: title: System type: string @@ -89,20 +94,47 @@ spec: type: string pattern: '^([a-zA-Z][a-zA-Z0-9]*)([-._][a-zA-Z0-9]+)*$' description: Maven Artifact ID + default: onboarding version: title: Project version type: string default: 1.0.0-SNAPSHOT description: Maven version, also used to tag the generated artifacts - + - title: Provide information about the Deployment environment + required: + - ci + - clusterDomain + - namespace + properties: + ci: + title: Select a CI method + type: string + description: This action will create a CI pipeline for your application based on chosen method + default: tekton + enum: + - none + - tekton + enumNames: + - None + - Tekton + clusterDomain: + title: Cluster domain + type: string + description: Host domain of the cluster to deploy the Tekton trigger + namespace: + title: Namespace + type: string + default: sonataflow-infra + description: Deployment namespace steps: - id: sourceCodeTemplate - name: Generating the Source Code Component + name: Generating the Source Code and Catalog Info Component action: fetch:template input: # "Relative path is not allowed to refer to a directory outside its parent" url: ./skeleton/ values: + namespace: ${{ parameters.namespace }} orgName: ${{ parameters.orgName }} repoName: ${{ parameters.repoName }} owner: ${{ parameters.owner }} @@ -114,6 +146,10 @@ spec: workflowId: ${{ parameters.workflowId }} workflowType: ${{ parameters.workflowType }} sourceControl: github.com + gitUrl: git@github.com:${{ parameters.orgName }}/${{ parameters.repoName }}.git + gitConfigUrl: git@github.com:${{ parameters.orgName }}/${{ parameters.repoName }}-config.git + applicationType: workflow-project + lifecycle: development targetPath: workflow - id: renameFiles action: fs:rename @@ -136,35 +172,42 @@ spec: files: - workflow/src/main/resources/assessment-template.sw.yaml - workflow/src/main/resources/infrastructure-template.sw.yaml - - id: catalogTemplate - name: Generating the Catalog Info Component + - id: tektonTemplate + if: ${{ parameters.ci == 'tekton' }} + name: Generating the manifests of Tekton trigger action: fetch:template input: - url: https://github.com/redhat-developer/red-hat-developer-hub-software-templates/tree/main/skeletons/catalog-info/ + url: ./tekton/ values: - orgName: ${{ parameters.orgName }} + namespace: ${{ parameters.namespace }} repoName: ${{ parameters.repoName }} - owner: ${{ parameters.owner }} - system: ${{ parameters.system }} - applicationType: workflow-project - description: ${{ parameters.description }} - sourceControl: github.com - lifecycle: development - targetPath: workflow + workflowId: ${{ parameters.workflowId }} + gitUrl: git@github.com:${{ parameters.orgName }}/${{ parameters.repoName }}.git + gitConfigUrl: git@github.com:${{ parameters.orgName }}/${{ parameters.repoName }}-config.git + targetPath: workflow/tekton + - id: gitHubTektonTemplate + if: ${{ parameters.ci == 'tekton' }} + name: Generating the GitHub action to deploy the Tekton trigger + action: fetch:template + input: + # "Relative path is not allowed to refer to a directory outside its parent" + url: ./.github/ + copyWithoutTemplating: + - .github/workflows/deploy.yaml + values: {} + targetPath: workflow/.github - id: publish name: Publishing to the Source Code Repository action: publish:github input: + repoVisibility: public allowedHosts: ['github.com'] description: ${{ parameters.description }} repoUrl: github.com?owner=${{ parameters.orgName }}&repo=${{ parameters.repoName }} defaultBranch: main sourcePath: workflow - secrets: { - K8S_CLUSTER_TOKEN: sha256~tXQGi5DD4ZXuAltohOEP2utzW1uNw99eyToG27kFWjk, - K8S_CLUSTER_URL: https://api.cluster-jkrpp.dynamic.redhatworkshops.io:6443 - } - id: create-webhook + if: ${{ parameters.ci == 'tekton' }} name: Create webhook to trigger the pipeline action: github:webhook # https://github.com/backstage/backstage/blob/master/plugins/scaffolder-backend-module-github/src/actions/githubWebhook.ts @@ -172,8 +215,16 @@ spec: # See https://docs.github.com/en/rest/repos/webhooks?apiVersion=2022-11-28#create-a-repository-webhook input: repoUrl: github.com?owner=${{ parameters.orgName }}&repo=${{ parameters.repoName }} - webhookUrl: https://${{ parameters.workflowId }}-sonataflow-infra.apps.cluster-jkrpp.dynamic.redhatworkshops.io/ + webhookUrl: https://webhook-${{ parameters.workflowId }}-el-${{ parameters.namespace }}.apps.${{ parameters.clusterDomain }}/ contentType: json + - id: deployTrigger + if: ${{ parameters.ci == 'tekton' }} + name: Deploy pipeline triggers + action: github:actions:dispatch + input: + repoUrl: github.com?owner=${{ parameters.orgName }}&repo=${{ parameters.repoName }} + workflowId: deploy.yaml + branchOrTagName: main - id: register name: Registering the Catalog Info Component action: catalog:register @@ -181,27 +232,13 @@ spec: repoContentsUrl: ${{ steps.publish.output.repoContentsUrl }} catalogInfoPath: /catalog-info.yaml - id: configCodeTemplate - name: Generating the Config Code Component + name: Generating the Config Code Component and Catalog Info Component action: fetch:template input: url: https://github.com/parodos-dev/workflow-kustomize-template.git - # TBD: what can we replace at this time? - values: - orgName: ${{ parameters.orgName }} - repoName: ${{ parameters.repoName }} - owner: ${{ parameters.owner }} - system: ${{ parameters.system }} - applicationType: workflow-project - description: ${{ parameters.description }} - sourceControl: github.com - lifecycle: development - targetPath: config - - id: catalogConfigTemplate - name: Generating the Config Catalog Info Component - action: fetch:template - input: - url: https://github.com/redhat-developer/red-hat-developer-hub-software-templates/tree/main/skeletons/catalog-info/ values: + workflowId: ${{ parameters.workflowId }} + namespace: ${{ parameters.namespace }} orgName: ${{ parameters.orgName }} repoName: ${{ parameters.repoName }}-config owner: ${{ parameters.owner }} @@ -210,7 +247,6 @@ spec: description: ${{ parameters.description }} sourceControl: github.com lifecycle: development - dependsOn: "component:${{ parameters.repoName }}" targetPath: config - id: publishConfig name: Publishing to the Config Code Repository @@ -227,8 +263,6 @@ spec: input: repoContentsUrl: ${{ steps.publishConfig.output.repoContentsUrl }} catalogInfoPath: /catalog-info.yaml - - output: links: - title: Open the Source Code Repository