diff --git a/git-repo/event-gitea-render-manifests.yaml b/git-repo/event-gitea-render-manifests.yaml new file mode 100644 index 00000000..5d45a475 --- /dev/null +++ b/git-repo/event-gitea-render-manifests.yaml @@ -0,0 +1,156 @@ +apiVersion: argoproj.io/v1alpha1 +kind: WorkflowTemplate +metadata: + name: event-gitea-render-manifests + namespace: argo +spec: + entrypoint: main + arguments: + parameters: + - name: decapod_site_repo + value: "org/cluster_id" + + templates: + - name: main + inputs: + parameters: + - name: decapod_site_repo + steps: + - - name: prepare-rendering + template: prepare-rendering-template + arguments: + parameters: + - name: decapod_site_repo + value: "{{inputs.parameters.decapod_site_repo}}" + + - - name: call-render-manifests + templateRef: + name: render-manifests + template: render-manifests-template + arguments: + parameters: + - name: cluster_id + value: "{{steps.prepare-rendering.outputs.parameters.cluster_id}}" + - name: base_repo_url + value: "{{steps.prepare-rendering.outputs.parameters.base_repo_url}}" + - name: base_repo_branch + value: "{{steps.prepare-rendering.outputs.parameters.base_repo_branch}}" + - name: site_repo_url + value: "{{steps.prepare-rendering.outputs.parameters.site_repo_url}}" + - name: site_repo_branch + value: "{{steps.prepare-rendering.outputs.parameters.site_repo_branch}}" + - name: manifest_repo_url + value: "{{steps.prepare-rendering.outputs.parameters.manifest_repo_url}}" + - name: manifest_repo_branch + value: "{{steps.prepare-rendering.outputs.parameters.manifest_repo_branch}}" + - name: git_repo_type + value: "gitea" + - name: https_enabled + value: "{{steps.prepare-rendering.outputs.parameters.https_enabled}}" + + - name: prepare-rendering-template + volumes: + - name: out + emptyDir: {} + inputs: + parameters: + - name: decapod_site_repo + container: + image: docker.io/library/bash:latest + volumeMounts: + - name: out + mountPath: /mnt/out + command: + - /usr/local/bin/bash + - '-exc' + - | + #!/bin/bash + + function log() { + level=$2 + msg=$3 + date=$(date '+%F %H:%M:%S') + if [ $1 -eq 0 ];then + echo "[$date] $level $msg" + else + level="ERROR" + echo "[$date] $level $msg failed" + exit $1 + fi + } + + function write_output() { + key=$1 + value=$2 + + echo -n $value > /mnt/out/$key.txt + } + + GIT_SVC_HTTP=${GIT_SVC_URL%:*} + GIT_SVC_BASE_URL=${GIT_SVC_URL#*//} + + if [ "$GIT_SVC_HTTP" = "https" ];then + https_enabled="true" + else + https_enabled="false" + fi + + DECAPOD_SITE_REPO={{inputs.parameters.decapod_site_repo}} + + gitea_org=${DECAPOD_SITE_REPO%\/*} + + cluster_id=${DECAPOD_SITE_REPO#*\/} + base_repo_url="$GIT_SVC_BASE_URL/$gitea_org/decapod-base-yaml" + base_repo_branch="main" + site_repo_url="$GIT_SVC_BASE_URL/$gitea_org/$cluster_id" + site_repo_branch="main" + manifest_repo_url="$GIT_SVC_BASE_URL/$gitea_org/$cluster_id-manifests" + manifest_repo_branch="main" + + write_output "cluster_id" $cluster_id + write_output "base_repo_url" $base_repo_url + write_output "base_repo_branch" $base_repo_branch + write_output "site_repo_url" $site_repo_url + write_output "site_repo_branch" $site_repo_branch + write_output "manifest_repo_url" $manifest_repo_url + write_output "manifest_repo_branch" $manifest_repo_branch + write_output "https_enabled" $https_enabled + + envFrom: + - secretRef: + name: "git-svc-token" + + outputs: + parameters: + - name: cluster_id + valueFrom: + default: "Something wrong" + path: /mnt/out/cluster_id.txt + - name: base_repo_url + valueFrom: + default: "Something wrong" + path: /mnt/out/base_repo_url.txt + - name: base_repo_branch + valueFrom: + default: "Something wrong" + path: /mnt/out/base_repo_branch.txt + - name: site_repo_url + valueFrom: + default: "Something wrong" + path: /mnt/out/site_repo_url.txt + - name: site_repo_branch + valueFrom: + default: "Something wrong" + path: /mnt/out/site_repo_branch.txt + - name: manifest_repo_url + valueFrom: + default: "Something wrong" + path: /mnt/out/manifest_repo_url.txt + - name: manifest_repo_branch + valueFrom: + default: "Something wrong" + path: /mnt/out/manifest_repo_branch.txt + - name: https_enabled + valueFrom: + default: "Something wrong" + path: /mnt/out/https_enabled.txt diff --git a/git-repo/gitea-webhook-event-consumer.yaml b/git-repo/gitea-webhook-event-consumer.yaml new file mode 100644 index 00000000..8ee69886 --- /dev/null +++ b/git-repo/gitea-webhook-event-consumer.yaml @@ -0,0 +1,17 @@ +apiVersion: argoproj.io/v1alpha1 +kind: WorkflowEventBinding +metadata: + name: gitea-webhook-event-consumer + namespace: argo +spec: + event: + selector: payload.full_name != "" && metadata["x-github-event"] == ["push"] && discriminator == "gitea-webhook" + submit: + workflowTemplateRef: + name: event-gitea-render-manifests + arguments: + parameters: + - name: decapod_site_repo + valueFrom: + event: payload.full_name + diff --git a/git-repo/gitea_webhook_role.yaml b/git-repo/gitea_webhook_role.yaml new file mode 100644 index 00000000..252ca3fc --- /dev/null +++ b/git-repo/gitea_webhook_role.yaml @@ -0,0 +1,53 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: gitea-webhook + namespace: argo +--- +apiVersion: v1 +kind: Secret +metadata: + name: gitea-webhook.service-account-token + namespace: argo + annotations: + kubernetes.io/service-account.name: gitea-webhook +type: kubernetes.io/service-account-token +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: gitea-webhook + namespace: argo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: submit-workflow-template +subjects: +- kind: ServiceAccount + name: gitea-webhook + namespace: argo +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: submit-workflow-template + namespace: argo +rules: + - apiGroups: + - argoproj.io + resources: + - workfloweventbindings + verbs: + - list + - apiGroups: + - argoproj.io + resources: + - workflowtemplates + verbs: + - get + - apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create diff --git a/git-repo/render-manifests.yaml b/git-repo/render-manifests.yaml index 355bef19..ec4e3052 100644 --- a/git-repo/render-manifests.yaml +++ b/git-repo/render-manifests.yaml @@ -23,6 +23,8 @@ spec: value: main - name: git_repo_type value: github + - name: https_enabled + value: "true" templates: #========================================================= @@ -50,6 +52,8 @@ spec: value: "{{workflow.parameters.manifest_repo_branch}}" - name: git_repo_type value: "{{workflow.parameters.git_repo_type}}" + - name: https_enabled + value: "{{workflow.parameters.https_enabled}}" #========================================================= # Template Definition @@ -65,6 +69,7 @@ spec: - name: manifest_repo_url - name: manifest_repo_branch - name: git_repo_type + - name: https_enabled container: name: render-manifests-template image: sktcloud/decapod-render:v2.1.0 @@ -101,9 +106,14 @@ spec: BASE_DIR="decapod-base-yaml" DOCKER_IMAGE_REPO="docker.io" OUTPUT_DIR="output" + if [ "{{inputs.parameters.https_enabled}}" = "true" ]; then + HTTP_STRING="https" + else + HTTP_STRING="http" + fi # download site-yaml - git clone -b ${SITE_REPO_BRANCH} https://$(echo -n ${GIT_TOKEN})@${SITE_REPO_URL} ${SITE_DIR} + git clone -b ${SITE_REPO_BRANCH} $HTTP_STRING://$(echo -n ${GIT_TOKEN})@${SITE_REPO_URL} ${SITE_DIR} log $? "INFO" "Fetching ${SITE_REPO_URL} with ${SITE_REPO_BRANCH} branch/tag........." cd ${SITE_DIR} site_commit_msg=$(git show -s --format="[%h] %s" HEAD) @@ -113,7 +123,7 @@ spec: site_list=$(ls -d */ | sed 's/\///g' | egrep -v "docs|^template|^deprecated|output|offline") # download base-yaml - git clone -b ${BASE_REPO_BRANCH} https://$(echo -n ${GIT_TOKEN})@${BASE_REPO_URL} ${BASE_DIR} + git clone -b ${BASE_REPO_BRANCH} $HTTP_STRING://$(echo -n ${GIT_TOKEN})@${BASE_REPO_URL} ${BASE_DIR} log $? "INFO" "Fetching ${BASE_REPO_URL} with ${BASE_REPO_BRANCH} branch/tag........." base_commit_msg=$(cd ${BASE_DIR}; git show -s --format="[%h] %s" HEAD) @@ -169,7 +179,7 @@ spec: #----------------------------------------------- # push manifests files #----------------------------------------------- - git clone https://$(echo -n ${GIT_TOKEN})@${MANIFEST_REPO_URL} origin-manifests + git clone $HTTP_STRING://$(echo -n ${GIT_TOKEN})@${MANIFEST_REPO_URL} origin-manifests log 0 "INFO" "git clone ${MANIFEST_REPO_URL}" cd origin-manifests if [ -z "${MANIFEST_REPO_BRANCH}" ]; then @@ -194,7 +204,7 @@ spec: git push origin ${MANIFEST_REPO_BRANCH} if [ "${MANIFEST_REPO_BRANCH}" != "main" ] && [ "${GIT_REPO_TYPE}" == "gitea" ]; then - curl -X POST -H "content-type: application/json" -H "Authorization: token ${GIT_TOKEN}" --data "{ \"base\": \"main\", \"body\": \"rendered from\n - base: ${base_commit_msg}\n - site: ${site_commit_msg}\", \"head\": \"${MANIFEST_REPO_BRANCH}\", \"title\": \"rendered from site: ${site_commit_msg}\"}" https://${MANIFEST_REPO_URL%%/*}/api/v1/repos/${MANIFEST_REPO_URL#*/}/pulls + curl -X POST -H "content-type: application/json" -H "Authorization: token ${GIT_TOKEN}" --data "{ \"base\": \"main\", \"body\": \"rendered from\n - base: ${base_commit_msg}\n - site: ${site_commit_msg}\", \"head\": \"${MANIFEST_REPO_BRANCH}\", \"title\": \"rendered from site: ${site_commit_msg}\"}" $HTTP_STRING://${MANIFEST_REPO_URL%%/*}/api/v1/repos/${MANIFEST_REPO_URL#*/}/pulls fi log 0 "INFO" "pushed all manifests files"