203 lines
5.8 KiB
YAML
203 lines
5.8 KiB
YAML
apiVersion: triggers.tekton.dev/v1beta1
|
|
kind: EventListener
|
|
metadata:
|
|
name: gitea-listener
|
|
spec:
|
|
namespaceSelector: {}
|
|
resources: {}
|
|
serviceAccountName: tekton-robot
|
|
triggers:
|
|
- bindings:
|
|
- kind: TriggerBinding
|
|
ref: gitea-binding
|
|
interceptors:
|
|
- params:
|
|
- name: overlays
|
|
value:
|
|
- key: version
|
|
expression: body.ref.split('/')[2]
|
|
ref:
|
|
kind: ClusterInterceptor
|
|
name: cel
|
|
name: gitea-trigger
|
|
template:
|
|
ref: gitea-pipeline-template
|
|
---
|
|
apiVersion: triggers.tekton.dev/v1beta1
|
|
kind: TriggerBinding
|
|
metadata:
|
|
name: gitea-binding
|
|
spec:
|
|
params:
|
|
- name: repo-url
|
|
value: $(body.repository.clone_url)
|
|
- name: git-revision
|
|
value: $(extensions.version)
|
|
- name: image-reference
|
|
value: harbor-dev.allarddcs.nl/$(body.repository.full_name):$(extensions.version)
|
|
# value: harbor-dev.allarddcs.nl/$(body.repository.full_name)
|
|
---
|
|
apiVersion: triggers.tekton.dev/v1beta1
|
|
kind: TriggerTemplate
|
|
metadata:
|
|
name: gitea-pipeline-template
|
|
spec:
|
|
params:
|
|
- name: git-revision
|
|
description: The git revision
|
|
#geen default waarde, komt uit trigger-binding.
|
|
- name: repo-url
|
|
description: The git repository url
|
|
#geen default waarde, komt uit trigger-binding.
|
|
- name: maven-mirror-url
|
|
description: url van de nexus-server die als proxy dient voor java-libraries
|
|
default: 'http://nexus.nexus.svc.cluster.local:8081/repository/maven-public/'
|
|
- name: sonar-host-url
|
|
description: url van de sonarqube-server
|
|
default: "https://sonarqube-dev.allarddcs.nl"
|
|
- name: sonar-organization
|
|
description: Organisatienaam in sonar waar vulnerabilities onder vallen
|
|
default: "allarddcs"
|
|
- name: sonar-token
|
|
description: authenticatiemiddel voor sonar (komt uit sonar)
|
|
default: sqp_214ee7c92e1b82b0d43dd9b1d9462eac8f50434c
|
|
- name: sonar-project-key
|
|
default: olproperties
|
|
description: sonar project key
|
|
- name: source-to-scan
|
|
description: location of the source that sonarqube should scan
|
|
default: ./src
|
|
#- name: image-reference
|
|
#description: imagename
|
|
#geen default waarde, komt uit trigger-binding.
|
|
- name: image
|
|
description: image
|
|
- name: registry
|
|
default: harbor-dev.allarddcs.nl
|
|
- name: project
|
|
default: allard
|
|
- name: image-name
|
|
default: olproperties
|
|
- name: cosign-image-url
|
|
default:
|
|
- name: tlsverify
|
|
description: wel of geen tls gebruiken bij push
|
|
default: "true"
|
|
- name: deptrack-url
|
|
description: url of deptrack api-server
|
|
default: https://deptracka-dev.allarddcs.nl
|
|
- name: deptrack-apiKey
|
|
description: key to upload sbom to dependency-track
|
|
default: odt_BRpq4el8T0XqdeunYMnefniaS0n8Yxd8
|
|
- name: deptrack-projectName
|
|
description: projectname in dependency-track
|
|
default: olproperties
|
|
- name: deptrack-projectVersion
|
|
description: projectversion in dependency-track
|
|
default: "1.1"
|
|
resourcetemplates:
|
|
- apiVersion: tekton.dev/v1beta1
|
|
kind: PipelineRun
|
|
metadata:
|
|
generateName: openliberty-pipeline-run-
|
|
spec:
|
|
params:
|
|
- name: repo-url
|
|
value: $(tt.params.repo-url)
|
|
- name: git-revision
|
|
value: $(tt.params.git-revision)
|
|
- name: maven-mirror-url
|
|
value: $(tt.params.maven-mirror-url)
|
|
- name: sonar-host-url
|
|
value: $(tt.params.sonar-host-url)
|
|
- name: sonar-organization
|
|
value: $(tt.params.sonar-organization)
|
|
- name: sonar-token
|
|
value: $(tt.params.sonar-token)
|
|
- name: sonar-project-key
|
|
value: $(tt.params.sonar-project-key)
|
|
- name: source-to-scan
|
|
value: $(tt.params.source-to-scan)
|
|
# - name: image-reference
|
|
# value: $(tt.params.image-reference)
|
|
# - name: image
|
|
# value: $(tt.params.registry)/$(tt.params.project)/$(tt.params.image-name):$(tt.params.git-revision)
|
|
- name: registry
|
|
value: $(tt.params.registry)
|
|
- name: project
|
|
value: $(tt.params.project)
|
|
- name: image-name
|
|
value: $(tt.params.image-name)
|
|
- name: cosign-image-url
|
|
value: $(tt.params.cosign-image-url)
|
|
- name: deptrack-url
|
|
value: $(tt.params.deptrack-url)
|
|
- name: tlsverify
|
|
value: $(tt.params.tlsverify)
|
|
- name: deptrack-apiKey
|
|
value: $(tt.params.deptrack-apiKey)
|
|
- name: deptrack-projectName
|
|
value: $(tt.params.deptrack-projectName)
|
|
- name: deptrack-projectVersion
|
|
value: $(tt.params.deptrack-projectVersion)
|
|
pipelineRef:
|
|
name: openliberty-pipeline
|
|
workspaces:
|
|
- name: shared-data
|
|
volumeClaimTemplate:
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 1Gi
|
|
- name: maven-settings
|
|
volumeClaimTemplate:
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 1Gi
|
|
- configmap:
|
|
name: sonar-properties
|
|
name: sonar-settings
|
|
- name: registry-credentials
|
|
secret:
|
|
items:
|
|
- key: .dockerconfigjson
|
|
path: config.json
|
|
secretName: registry-credentials
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: tekton-robot
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: triggers-example-eventlistener-binding
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: tekton-robot
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: tekton-triggers-eventlistener-roles
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: triggers-example-eventlistener-clusterbinding
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: tekton-robot
|
|
namespace: default
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: tekton-triggers-eventlistener-clusterroles
|
|
---
|
|
|