AllardDCS/kubernetes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
allard
2025-11-23 18:58:51 +01:00
commit 376a944abc
1553 changed files with 314731 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
dev/tekton/openliberty/openliberty-pipeline-run.yaml Executable file
View File

@@ -0,0 +1,72 @@
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: openliberty-pipeline-run-
spec:
pipelineRef:
name: openliberty-pipeline
#gitea:
params:
- name: repo-url
value: http://gitea.gitea.svc.cluster.local:3000/allard/olproperties.git
- name: git-revision
value: 1.3
#maven:
- name: maven-mirror-url
value: 'http://nexus.nexus.svc.cluster.local:8081/repository/maven-public/'
#sonarqube:
- name: sonar-organization
value: "allarddcs"
- name: sonar-project-key
value: olproperties
- name: sonar-token
value: sqp_214ee7c92e1b82b0d43dd9b1d9462eac8f50434c
- name: sonar-host-url
value: "https://sonarqube-dev.allarddcs.nl"
- name: source-to-scan
value: ./src
#push-to-harbor:
- name: registry
value: harbor-dev.allarddcs.nl
- name: project
value: allard
- name: image-name
value: olproperties
#cosign
- name: cosign-image-url
value: harbor-dev.allarddcs.nl/allard/olproperties
#dependency-track
- name: deptrack-apiKey
value: odt_BRpq4el8T0XqdeunYMnefniaS0n8Yxd8
- name: deptrack-projectName
value: olproperties
- name: deptrack-projectVersion
value: 1.1
- name: deptrack-url
value: https://deptracka-dev.allarddcs.nl
workspaces:
- name: shared-data
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
- name: maven-settings
persistentVolumeClaim:
emptyDir: {}
- name: sonar-settings
configMap:
name: sonar-properties
- name: registry-credentials
secret:
secretName: registry-credentials
items:
- key: .dockerconfigjson
path: config.json

186
dev/tekton/openliberty/openliberty-pipeline.yaml Executable file
View File

@@ -0,0 +1,186 @@
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: openliberty-pipeline
spec:
description: |
This pipeline clones a git repo, builds a Docker image with Kaniko and
pushes it to a registry
params:
- name: repo-url
type: string
- name: git-revision
type: string
- name: maven-mirror-url
type: string
- name: sonar-organization
type: string
- name: sonar-project-key
type: string
- name: sonar-token
type: string
- name: sonar-host-url
type: string
- name: source-to-scan
type: string
- name: registry
type: string
- name: project
type: string
- name: image-name
type: string
- name: cosign-image-url
type: string
- name: deptrack-projectName
type: string
- name: deptrack-projectVersion
type: string
- name: deptrack-apiKey
type: string
- name: deptrack-url
type: string
workspaces:
- name: shared-data
- name: registry-credentials
- name: maven-settings
- name: sonar-settings
tasks:
- name: fetch-source
taskRef:
name: git-clone
workspaces:
- name: output
workspace: shared-data
params:
- name: url
value: $(params.repo-url)
- name: compile-java
runAfter: ["fetch-source"]
taskRef:
name: maven
workspaces:
- name: source
workspace: shared-data
- name: maven-settings
workspace: shared-data
params:
- name: MAVEN_IMAGE
value: maven
- name: CONTEXT_DIR
value: "."
- name: MAVEN_MIRROR_URL
value: $(params.maven-mirror-url)
- name: GOALS
value:
- clean
- package
- name: sonarqube
runAfter: ["compile-java"]
taskRef:
kind: Task
name: sonarqube-scanner
workspaces:
- name: source
workspace: shared-data
- name: sonar-settings
workspace: sonar-settings
params:
- name: SONAR_ORGANIZATION
value: $(params.sonar-organization)
- name: SONAR_PROJECT_KEY
value: $(params.sonar-project-key)
- name: SONAR_TOKEN
value: $(params.sonar-token)
- name: SOURCE_TO_SCAN
value: $(params.source-to-scan)
- name: SONAR_HOST_URL
value: $(params.sonar-host-url)
- name: SONAR_SCANNER_IMAGE
value: noenv/sonar-scanner:7.0.2
- name: build-push
runAfter: ["compile-java"]
taskRef:
name: buildah
workspaces:
- name: source
workspace: shared-data
- name: dockerconfig
workspace: registry-credentials
params:
- name: IMAGE
value: $(params.registry)/$(params.project)/$(params.image-name):$(params.git-revision)
- name: cosign-sign
runAfter: ["build-push"]
taskRef:
name: cosign-sign
params:
- name: cosign-image-url
value: $(params.registry)/$(params.project)/$(params.image-name):$(params.git-revision)
- name: cosign-image-digest
value: $(tasks.build-push.results.IMAGE_DIGEST)
- name: syft
runAfter: ["build-push"]
taskRef:
name: syft
params:
- name: ARGS
value:
- $(params.registry)/$(params.project)/$(params.image-name):$(params.git-revision)
- --output
- cyclonedx-json=./$(params.sonar-project-key).sbom.json
workspaces:
- name: source-dir
workspace: shared-data
- name: push-sbom
runAfter: ["syft"]
taskref:
name: push-sbom
params:
- name: deptrack-url
value: $(params.deptrack-url)
- name: deptrack-apiKey
value: $(params.deptrack-apiKey)
- name: deptrack-projectName
value: $(params.deptrack-projectName)
- name: deptrack-projectVersion
value: $(params.deptrack-projectVersion)
- name: sbom
value: $(params.deptrack-projectName).sbom.json
workspaces:
- name: source-dir
workspace: shared-data
- name: register-change
runAfter: ["build-push"]
taskref:
name: register-change
params:
- name: project
value: $(params.sonar-project-key)
- name: git-revision
value: $(params.git-revision)
workspaces:
- name: source-dir
workspace: shared-data
- name: deploy-with-argocd
runAfter: ["build-push"]
taskref:
name: argocd-task-sync-and-wait
params:
- name: application-name
value: $(params.sonar-project-key)

31
dev/tekton/openliberty/syft-pipeline-run.yaml Executable file
View File

@@ -0,0 +1,31 @@
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: syft-pipeline-run-
spec:
pipelineRef:
name: syft-pipeline
params:
- name: image-reference
value: harbor.alldcs.nl/allard/olproperties:1.1
- name: deptrack-apiKey
value: nUbx5hG6gm09OOdZZh1si4WssmUHy6Np
- name: deptrack-projectName
value: olproperties
- name: deptrack-projectVersion
value: 1.0
workspaces:
- name: shared-data
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
- name: registry-credentials
secret:
secretName: registry-credentials
items:
- key: .dockerconfigjson
path: config.json

65
dev/tekton/openliberty/syft-pipeline.yaml Executable file
View File

@@ -0,0 +1,65 @@
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: syft-pipeline
spec:
description: |
This pipeline clones a git repo, builds a Docker image with Kaniko and
pushes it to a registry
params:
- name: image-reference
type: string
- name: deptrack-projectName
type: string
- name: deptrack-projectVersion
type: string
- name: deptrack-apiKey
type: string
workspaces:
- name: shared-data
- name: registry-credentials
tasks:
- name: syft
taskRef:
name: syft
params:
- name: ARGS
value:
- $(params.image-reference)
- --output
- cyclonedx-json=./$(params.deptrack-projectName).sbom.json
workspaces:
- name: source-dir
workspace: shared-data
- name: grype
runAfter: ["syft"]
taskRef:
name: grype
params:
- name: ARGS
value:
- $(params.image-reference)
- --output
- cyclonedx-json=./vulnerabilities.cyclonedx.json
workspaces:
- name: source-dir
workspace: shared-data
- name: push-sbom
runAfter: ["syft"]
taskref:
name: push-sbom
params:
- name: deptrack-apiKey
value: $(params.deptrack-apiKey)
- name: deptrack-projectName
value: $(params.deptrack-projectName)
- name: deptrack-projectVersion
value: $(params.deptrack-projectVersion)
- name: sbom
value: $(params.deptrack-projectName).sbom.json
workspaces:
- name: source-dir
workspace: shared-data