FLPATH 1048: Extend software template to offer the CI pipeline (Tekton option)

README.md

@@ -8,4 +8,10 @@ This repository is a collection of software and documentation templates for the
 
 ## documentation-templates
 
-The documentation templates provide recommended structure and integration documentation with the Orchestrator deployment.
+The documentation templates provide recommended structure and integration documentation with the Orchestrator deployment.
+
+## pre-requisites
+In case of `Tekton` CI pipeline, the secrets `K8S_CLUSTER_URL` and `K8S_SECRET` are used by the GitHub action that deploys the Tekton
+resources. Please provide organization-level configuration for these secrets and ensure that they can be managed by the newly created repositories according to the visibility options (currently set to `public`).
+
+The value of the `K8S_SECRET` secret must comply with the specification provided in [Service account approach](https://github.com/Azure/k8s-set-context/tree/releases/v1?tab=readme-ov-file#service-account-approach) for the `azure/k8s-set-context` action.

scaffolder-templates/basic-workflow/.github/workflows/deploy.yaml

@@ -0,0 +1,45 @@
+# Requirement: add a K8S_SECRET secret to your organization with the SA token
+# Bind the SA with a cluster-admin Role
+# oc get secret backstage-k8s-token-4l5xv -n backstage-system -oyaml > secret.yaml
+# gh secret --repo parodos-dev/test-swf set K8S_SECRET <secret.yaml 
+name: Deploy the Pipeline trigger manifests workflow
+
+on:
+  workflow_dispatch:
+jobs:
+  deploy:
+    name: Deploy
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@v3
+
+      - name: Set the Kubernetes context
+        uses: azure/k8s-set-context@v2
+        with:
+          method: service-account
+          k8s-url: ${{ secrets.K8S_CLUSTER_URL }}
+          k8s-secret: ${{ secrets.K8S_SECRET }}
+      - name: Deploy to the Kubernetes cluster
+        uses: azure/k8s-deploy@v1
+        with:
+          namespace: sonataflow-infra
+          manifests: |
+            tekton/eventlistener.yaml
+            tekton/trigger.yaml
+            tekton/route.yaml
+
+      # To be reviewed: needs a private repo to skip the need of a PR 
+      # - name: Commit a change to trigger the webhook
+      #   run: |
+      #     echo $(date) > tekton/trigger
+      #     git config --global user.email "${{ github.actor }}@users.noreply.github.com"
+      #     git config --global user.name "${{ github.actor }}"
+      #     git add tekton/trigger
+      #     git commit --no-verify -m "Webhook trigger"
+      # - name: Push changes
+      #   uses: ad-m/github-push-action@master
+      #   with:
+      #     github_token: ${{ secrets.GITHUB_TOKEN }}
+      #     branch: ${{ github.ref }}
+

scaffolder-templates/basic-workflow/skeleton/catalog-info.yaml

@@ -0,0 +1,16 @@
+apiVersion: backstage.io/v1alpha1
+kind: Component
+metadata:
+  name: ${{ values.workflowId }}
+  description: ${{ values.description }}
+  annotations:
+    backstage.io/kubernetes-namespace: ${{ values.namespace }}
+    backstage.io/kubernetes-id: ${{ values.workflowId }}-ci
+    janus-idp.io/tekton: ${{ values.workflowId }}
+    backstage.io/techdocs-ref: dir:.
+    github.com/project-slug: ${{ values.orgName }}/${{ values.repoName }}
+spec:
+  type: ${{ values.applicationType }}
+  system: ${{ values.system }}
+  lifecycle: ${{ values.lifecycle }}
+  owner: ${{ values.owner }}

scaffolder-templates/basic-workflow/skeleton/src/main/resources/application.properties

@@ -1,2 +1,2 @@
 # This is to enable debugging of HTTP request 
-quarkus.log.category.\"org.apache.http\".level=INFO
+quarkus.log.category.\"org.apache.http\".level=INFO

scaffolder-templates/basic-workflow/tekton/eventlistener.yaml

@@ -0,0 +1,25 @@
+# From https://github.com/parodos-dev/red-hat-developer-hub-software-templates/blob/tekton-demo/skeletons/tekton/tekton/eventlistener.yaml
+---
+apiVersion: triggers.tekton.dev/v1beta1
+kind: EventListener
+metadata:
+  name: ${{ values.workflowId }}-el
+  namespace: ${{ values.namespace }}
+spec:
+  triggers:
+    - bindings:
+        - kind: ClusterTriggerBinding
+          ref: github-push
+      interceptors:
+        - params:
+            - name: eventTypes
+              value: ["push"]
+          ref:
+            name: github
+        - params:
+            - name: filter
+              value: body.ref == 'refs/heads/main'
+          ref:
+            name: cel
+      template:
+        ref: ${{ values.workflowId }}-run-pipeline

scaffolder-templates/basic-workflow/tekton/route.yaml

@@ -0,0 +1,21 @@
+# From https://github.com/parodos-dev/red-hat-developer-hub-software-templates/blob/tekton-demo/skeletons/tekton/tekton/eventlistener.yaml
+---
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: webhook-${{ values.workflowId }}-el
+  namespace: ${{ values.namespace }}
+  labels:
+    app.kubernetes.io/managed-by: EventListener
+    app.kubernetes.io/part-of: Triggers
+    eventlistener: ${{ values.repoName }}-el
+spec:
+  to:
+    kind: Service
+    name: el-${{ values.workflowId }}-el
+    weight: 100
+  port:
+    targetPort: http-listener
+  tls:
+    insecureEdgeTerminationPolicy: Redirect
+    termination: edge

scaffolder-templates/basic-workflow/skeleton/tekton/templates/trigger.yaml → scaffolder-templates/basic-workflow/tekton/trigger.yaml

@@ -3,8 +3,8 @@
 apiVersion: triggers.tekton.dev/v1beta1
 kind: TriggerTemplate
 metadata:
-  name: ${{ values.repoName }}-run-pipeline
-  namespace: ${{ .Values.namespace }}
+  name: ${{ values.workflowId }}-run-pipeline
+  namespace: ${{ values.namespace }}
 spec:
   params:
     - name: git-revision
@@ -16,14 +16,13 @@ spec:
     - apiVersion: tekton.dev/v1
       kind: PipelineRun
       metadata:
-        # TODO: add workflow Id someway
-        name: ${{ values.repoName }}-pipeline-$(uid)
+        name: ${{ values.workflowId }}-pipeline-$(uid)
         labels:
-          backstage.io/kubernetes-id: __PLACEHOLDER__
+          backstage.io/kubernetes-id: ${{ values.workflowId }}-ci
       spec:
         params:
           - name: gitUrl
-            value: ${{ values.repoName }}
+            value: ${{ values.gitUrl }}
           - name: gitConfigUrl
             value: ${{ values.gitConfigUrl }}
           - name: workflowId
@@ -54,48 +53,4 @@ spec:
               secretName: docker-credentials
           - name: ssh-creds
             secret:
-              secretName: git-ssh-credentials
----
-apiVersion: triggers.tekton.dev/v1beta1
-kind: EventListener
-metadata:
-  name: ${{ values.repoName }}-el
-  namespace: ${{ .Values.namespace }}
-spec:
-  triggers:
-    - bindings:
-        - kind: ClusterTriggerBinding
-          ref: github-push
-      interceptors:
-        - params:
-            - name: eventTypes
-              value: ["push"]
-          ref:
-            name: github
-        - params:
-            - name: filter
-              value: body.ref == 'refs/heads/main'
-          ref:
-            name: cel
-      template:
-        ref: ${{ values.repoName }}-run-pipeline
----
-kind: Route
-apiVersion: route.openshift.io/v1
-metadata:
-  name: webhook-${{ values.repoName }}-el
-  namespace: ${{ .Values.namespace }}
-  labels:
-    app.kubernetes.io/managed-by: EventListener
-    app.kubernetes.io/part-of: Triggers
-    eventlistener: ${{ values.repoName }}-el
-spec:
-  to:
-    kind: Service
-    name: el-${{ values.repoName }}-el
-    weight: 100
-  port:
-    targetPort: http-listener
-  tls:
-    insecureEdgeTerminationPolicy: Redirect
-    termination: edge
+              secretName: git-ssh-credentials