From 311fd47521e80fa6ac371ac0c53dd3b9f42a3fc2 Mon Sep 17 00:00:00 2001 From: stakater-nordmart-bot Date: Mon, 29 Jul 2024 11:17:54 +0200 Subject: [PATCH 1/5] Update buidah docs & Add comment on pr task --- ...ildah.md => 13-add-buildah-image-build.md} | 54 +-- .../13-add-buildah-image-push.md | 239 +++++++++++ .../21-add-validate-environment.md | 155 ++++--- .../add-ci-pipeline/22-add-comment-on-pr-md | 388 ++++++++++++++++++ 4 files changed, 720 insertions(+), 116 deletions(-) rename content/for-developers/tutorials/outer-loop/add-ci-pipeline/{13-add-buildah.md => 13-add-buildah-image-build.md} (84%) create mode 100644 content/for-developers/tutorials/outer-loop/add-ci-pipeline/13-add-buildah-image-push.md create mode 100644 content/for-developers/tutorials/outer-loop/add-ci-pipeline/22-add-comment-on-pr-md diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/13-add-buildah.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/13-add-buildah-image-build.md similarity index 84% rename from content/for-developers/tutorials/outer-loop/add-ci-pipeline/13-add-buildah.md rename to content/for-developers/tutorials/outer-loop/add-ci-pipeline/13-add-buildah-image-build.md index e0f9a469..87d76dc9 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/13-add-buildah.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/13-add-buildah-image-build.md @@ -1,20 +1,20 @@ -# Buildah +# Buildah Image Build ## Objectives -- Add `buildah` task to PipelineRun. +- Add `buildah-image-build` task to PipelineRun. - Define parameters, workspaces, and tasks within the PipelineRun for building and deploying your application. ## Key Results - Successfully create and execute the Tekton PipelineRun using the defined `.tekton/pullrequest.yaml` file, enabling automated CI/CD processes for your application. -- Image is built and pushed to the Nexus Repository. +- Image is built and ready to be push to the repository. ## Tutorial -### Create PipelineRun with Buildah Task +### Create PipelineRun with Buildah Image Build Task -You have already created a PipelineRun in the previous tutorial. Let's now add another task [`buildah`](https://github.com/stakater-tekton-catalog/buildah) to it. +You have already created a PipelineRun in the previous tutorial. Let's now add another task [`image-build`](https://github.com/stakater-tekton-catalog/buildah-image-build) to it. 1. Open up the PipelineRun file you created in the previous tutorial. 1. Now edit the file so the YAML becomes like the one given below. @@ -34,33 +34,30 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a https://raw.githubusercontent.com/stakater-tekton-catalog/kube-linting/0.0.7/task/stakater-kube-linting/stakater-kube-linting.yaml, https://raw.githubusercontent.com/stakater-tekton-catalog/unit-test/0.0.6/task/stakater-unit-test/stakater-unit-test.yaml, https://raw.githubusercontent.com/stakater-tekton-catalog/sonarqube-scan/0.0.13/task/stakater-sonarqube-scan/stakater-sonarqube-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/buildah/0.0.29/task/stakater-buildah/stakater-buildah.yaml]" + https://raw.githubusercontent.com/stakater-tekton-catalog/buildah-image-build/0.0.1/task/stakater-buildah-image-build/stakater-buildah-image-build.yaml]" pipelinesascode.tekton.dev/max-keep-runs: "2" # Only remain 2 latest pipelineRuns on SAAP spec: params: - name: repo_url - value: "git@github.com://" # Place your repo SSH URL + value: {{body.repository.ssh_url}} # Place your repo SSH URL - name: git_revision value: {{revision}} # Dynamic variable to fetch branch name of the push event on your repo + - name: repo_name + value: {{repo_name}} # Dynamic varaible to fetch repo name + - name: repo_path + value: "<-YOUR_APPLICATION-NAME->" # Dynamic varaible to define application name - name: git_branch value: {{source_branch}} - - name: repo_path - value: {{repo_name}} # Dynamic variable to fetch repo name - - name: image_registry - value: "" # Place image registry URL without https:// succeeded by your application name - - name: helm_registry - value: "" # Place helm registry URL with https:// - name: pull_request_number value: {{pull_request_number}} - name: organization - value: {{YOUR_GIT_ORG}} + value: {{body.organization.login}} pipelineSpec: # Define what parameters will be used for pipeline params: - name: repo_url - name: git_revision + - name: repo_name - name: repo_path - - name: image_registry - - name: helm_registry - name: pull_request_number - name: organization - name: git_branch @@ -71,7 +68,7 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a - name: fetch-repository #Name what you want to call the task taskRef: name: git-clone # Name of tasks mentioned in tekton-catalog - kind: Task + kind: ClusterTask workspaces: # Mention what workspaces will be used by this task - name: output workspace: source @@ -119,10 +116,8 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a value: $(params.git_branch) - name: IMAGE_TAG value: $(tasks.create-git-tag.results.GIT_TAG) - - name: IMAGE_REPO - value: $(params.image_registry) - name: PULL_REQUEST_COMMITS_API # Replace when not using Git - value: https://api.github.com/repos/$(params.organization)/$(params.repo_path)/pulls/$(params.pull_request_number)/commits + value: https://api.github.com/repos/$(params.organization)/$(params.repo_name)/pulls/$(params.pull_request_number)/commits workspaces: - name: output workspace: source @@ -165,38 +160,33 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a workspace: source - name: sonarqube-scan runAfter: - - unit-test + - stakater-unit-test-dotnet taskRef: name: stakater-sonarqube-scan kind: Task params: - - name: SONAR_HOST_URL - value: - name: SONAR_PROJECT_KEY value: $(params.repo_path) - - name: SONAR_LOGIN workspaces: - name: source workspace: source - - name: buildah + - name: buildah-image-build runAfter: - unit-test taskRef: - name: stakater-buildah + name: stakater-buildah-image-build kind: Task params: - - name: IMAGE - value: $(params.image_registry):$(tasks.create-git-tag.results.GIT_TAG) + - name: IMAGE_NAME + value: $(params.repo_path):$(tasks.create-git-tag.results.GIT_TAG) - name: TLSVERIFY value: "false" - name: FORMAT value: "docker" - - name: BUILD_IMAGE - value: "true" - - name: IMAGE_REGISTRY - value: $(params.image_registry) - name: CURRENT_GIT_TAG value: $(tasks.create-git-tag.results.CURRENT_GIT_TAG) + - name: REPO_NAME + value: $(params.repo_path) workspaces: - name: source workspace: source diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/13-add-buildah-image-push.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/13-add-buildah-image-push.md new file mode 100644 index 00000000..73e7b077 --- /dev/null +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/13-add-buildah-image-push.md @@ -0,0 +1,239 @@ +# Buildah Image Push + +## Objectives + +- Add `buildah-image-push` task to PipelineRun. +- Define parameters, workspaces, and tasks within the PipelineRun for building and deploying your application. + +## Key Results + +- Successfully create and execute the Tekton PipelineRun using the defined `.tekton/pullrequest.yaml` file, enabling automated CI/CD processes for your application. +- Image is pushed to the Nexus repository. + +## Tutorial + +### Create PipelineRun with Buildah Image Push Task + +You have already created a PipelineRun in the previous tutorial. Let's now add another task [`buildah-image-push`](https://github.com/stakater-tekton-catalog/buildah-image-push) to it. + +1. Open up the PipelineRun file you created in the previous tutorial. +1. Now edit the file so the YAML becomes like the one given below. + + ```yaml + apiVersion: tekton.dev/v1beta1 + kind: PipelineRun + metadata: + name: pullrequest # pipelineRun name + annotations: + pipelinesascode.tekton.dev/on-event: "[pull_request]" # Trigger the pipelineRun on push events on branch main + pipelinesascode.tekton.dev/on-target-branch: "main" + pipelinesascode.tekton.dev/task: "[git-clone, + https://raw.githubusercontent.com/stakater-tekton-catalog/create-git-tag/0.0.12/task/stakater-create-git-tag/stakater-create-git-tag.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/create-environment/0.0.16/task/stakater-create-environment/stakater-create-environment.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/code-linting-mvn/0.0.4/task/stakater-code-linting/stakater-code-linting.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/kube-linting/0.0.7/task/stakater-kube-linting/stakater-kube-linting.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/unit-test/0.0.6/task/stakater-unit-test/stakater-unit-test.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/sonarqube-scan/0.0.13/task/stakater-sonarqube-scan/stakater-sonarqube-scan.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/buildah-image-build/0.0.1/task/stakater-buildah-image-build/stakater-buildah-image-build.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/buildah-image-push/0.0.1/task/stakater-buildah-image-push/stakater-buildah-image-push.yaml]" + pipelinesascode.tekton.dev/max-keep-runs: "2" # Only remain 2 latest pipelineRuns on SAAP + spec: + params: + - name: repo_url + value: {{body.repository.ssh_url}} # Place your repo SSH URL + - name: git_revision + value: {{revision}} # Dynamic variable to fetch branch name of the push event on your repo + - name: repo_name + value: {{repo_name}} # Dynamic varaible to fetch repo name + - name: repo_path + value: "<-YOUR_APPLICATION-NAME->" # Dynamic varaible to define application name + - name: git_branch + value: {{source_branch}} + - name: pull_request_number + value: {{pull_request_number}} + - name: organization + value: {{body.organization.login}} + pipelineSpec: # Define what parameters will be used for pipeline + params: + - name: repo_url + - name: git_revision + - name: repo_name + - name: repo_path + - name: pull_request_number + - name: organization + - name: git_branch + workspaces: # Mention what workspaces will be used by this pipeline to store data and used by data transferring between tasks + - name: source + - name: ssh-directory + tasks: # Mention what tasks will be used by this pipeline + - name: fetch-repository #Name what you want to call the task + taskRef: + name: git-clone # Name of tasks mentioned in tekton-catalog + kind: ClusterTask + workspaces: # Mention what workspaces will be used by this task + - name: output + workspace: source + - name: ssh-directory + workspace: ssh-directory + params: # Parameters will be used by this task + - name: depth + value: "0" + - name: url + value: $(params.repo_url) + - name: revision + value: $(params.git_revision) + - name: create-git-tag + runAfter: + - fetch-repository + taskRef: + name: stakater-create-git-tag + kind: Task + params: + - name: PR_NUMBER + value: $(params.pull_request_number) + - name: GIT_REVISION + value: $(params.git_revision) + workspaces: + - name: source + workspace: source + - name: ssh-directory + workspace: ssh-directory + - name: stakater-create-environment + runAfter: + - create-git-tag + taskRef: + kind: Task + name: stakater-create-environment + params: + - name: CREATE_ON_CLUSTER + value: "true" + - name: REPO_NAME + value: $(params.repo_path) + - name: PR_NUMBER + value: $(params.pull_request_number) + - name: GIT_URL + value: "" #Replace with your application repository Url + - name: GIT_BRANCH + value: $(params.git_branch) + - name: IMAGE_TAG + value: $(tasks.create-git-tag.results.GIT_TAG) + - name: PULL_REQUEST_COMMITS_API # Replace when not using Git + value: https://api.github.com/repos/$(params.organization)/$(params.repo_name)/pulls/$(params.pull_request_number)/commits + workspaces: + - name: output + workspace: source + - name: repo-token + workspace: repo-token + - name: code-linting + runAfter: + - stakater-create-environment + taskRef: + name: stakater-code-linting + kind: Task + workspaces: + - name: source + workspace: source + - name: kube-linting + runAfter: + - stakater-create-environment + taskRef: + name: stakater-kube-linting + kind: Task + params: + - name: FILE + value: manifest.yaml + - name: DEPLOYMENT_FILES_PATH + value: deploy + - name: NAMESPACE + value: arsenal-build + workspaces: + - name: source + workspace: source + - name: unit-test + runAfter: + - code-linting + - kube-linting + taskRef: + name: stakater-unit-test + kind: Task + workspaces: + - name: source + workspace: source + - name: sonarqube-scan + runAfter: + - stakater-unit-test-dotnet + taskRef: + name: stakater-sonarqube-scan + kind: Task + params: + - name: SONAR_PROJECT_KEY + value: $(params.repo_path) + workspaces: + - name: source + workspace: source + - name: buildah-image-build + runAfter: + - unit-test + taskRef: + name: stakater-buildah-image-build + kind: Task + params: + - name: IMAGE_NAME + value: $(params.repo_path):$(tasks.create-git-tag.results.GIT_TAG) + - name: TLSVERIFY + value: "false" + - name: FORMAT + value: "docker" + - name: CURRENT_GIT_TAG + value: $(tasks.create-git-tag.results.CURRENT_GIT_TAG) + - name: REPO_NAME + value: $(params.repo_path) + workspaces: + - name: source + workspace: source + - name: buildah-image-push + runAfter: + - buildah-image-build + taskRef: + name: stakater-buildah-image-push + kind: Task + params: + - name: IMAGE_NAME + value: $(params.repo_path):$(tasks.create-git-tag.results.GIT_TAG) + - name: TLSVERIFY + value: "false" + - name: CURRENT_GIT_TAG + value: $(tasks.create-git-tag.results.CURRENT_GIT_TAG) + - name: REPO_NAME + value: $(params.repo_path) + workspaces: + - name: source + workspace: source + workspaces: # Mention Workspaces configuration + - name: source + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + - name: ssh-directory # Using ssh-directory workspace for our task to have better security + secret: + secretName: git-ssh-creds # Created this secret earlier + - name: repo-token + secret: + secretName: git-pat-creds + ``` + + !!! note + Remember to add the remote task in the annotations + ![buildah](images/buildah.png) + +1. Create a pull request with you changes. This should trigger the pipeline in the build namespace. + + ![buildah](images/buildah.png) + + ![buildah-logs](images/buildah-logs.png) + +Great! Let's add more tasks in our pipelineRun in coming tutorials. diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/21-add-validate-environment.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/21-add-validate-environment.md index 4fd805b0..a9b30b67 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/21-add-validate-environment.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/21-add-validate-environment.md @@ -25,49 +25,48 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a metadata: name: pullrequest # pipelineRun name annotations: - pipelinesascode.tekton.dev/on-event: "[pull_request]" # Trigger the pipelineRun on push events on branch main + pipelinesascode.tekton.dev/on-event: "[pull_request]" # Trigger the pipelineRun on pull_request events on branch main pipelinesascode.tekton.dev/on-target-branch: "main" pipelinesascode.tekton.dev/task: "[git-clone, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-git-tag/0.0.12/task/stakater-create-git-tag/stakater-create-git-tag.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-environment/0.0.16/task/stakater-create-environment/stakater-create-environment.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/code-linting-mvn/0.0.4/task/stakater-code-linting/stakater-code-linting.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/kube-linting/0.0.7/task/stakater-kube-linting/stakater-kube-linting.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/unit-test/0.0.6/task/stakater-unit-test/stakater-unit-test.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/sonarqube-scan/0.0.13/task/stakater-sonarqube-scan/stakater-sonarqube-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/buildah/0.0.29/task/stakater-buildah/stakater-buildah.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/trivy-scan/0.0.3/task/stakater-trivy-scan/stakater-trivy-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/rox-image-scan/0.0.4/task/stakater-rox-image-scan/stakater-rox-image-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/rox-image-check/0.0.7/task/stakater-rox-image-check/stakater-rox-image-check.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/rox-deployment-check/0.0.4/task/stakater-rox-deployment-check/stakater-rox-deployment-check.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/checkov-scan/0.0.4/task/stakater-checkov-scan/stakater-checkov-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/helm-push/0.0.17/task/stakater-helm-push/stakater-helm-push.yaml - https://raw.githubusercontent.com/stakater-tekton-catalog/github-update-cd-repo/0.0.12/task/stakater-github-update-cd-repo/stakater-github-update-cd-repo.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/validate-environment/0.0.7/task/stakater-validate-environment/stakater-validate-environment.yaml]" + https://raw.githubusercontent.com/stakater-tekton-catalog/create-git-tag/0.0.12/task/stakater-create-git-tag/stakater-create-git-tag.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/create-environment/0.0.17/task/stakater-create-environment/stakater-create-environment.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/code-linting-mvn/0.0.4/task/stakater-code-linting/stakater-code-linting.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/kube-linting/0.0.7/task/stakater-kube-linting/stakater-kube-linting.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/unit-test/0.0.6/task/stakater-unit-test/stakater-unit-test.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/sonarqube-scan/0.0.19/task/stakater-sonarqube-scan/stakater-sonarqube-scan.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/buildah-image-build/0.0.1/task/stakater-buildah-image-build/stakater-buildah-image-build.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/buildah-image-push/0.0.1/task/stakater-buildah-image-push/stakater-buildah-image-push.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/trivy-scan/0.0.4/task/stakater-trivy-scan/stakater-trivy-scan.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/rox-image-scan/0.0.5/task/stakater-rox-image-scan/stakater-rox-image-scan.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/rox-deployment-check/0.0.4/task/stakater-rox-deployment-check/stakater-rox-deployment-check.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/rox-image-check/0.0.9/task/stakater-rox-image-check/stakater-rox-image-check.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/checkov-scan/0.0.4/task/stakater-checkov-scan/stakater-checkov-scan.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/github-update-cd-repo/0.0.18/task/stakater-github-update-cd-repo/stakater-github-update-cd-repo.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/cosign/0.0.4/task/stakater-cosign/stakater-cosign.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/validate-environment/0.0.8/task/stakater-validate-environment/stakater-validate-environment.yaml]" # The tasks will be fetched from Tekton Hub. We can also provide direct links to yaml files + pipelinesascode.tekton.dev/max-keep-runs: "2" # Only remain 2 latest pipelineRuns on SAAP spec: params: - name: repo_url - value: "git@github.com://" # Place your repo SSH URL + value: {{body.repository.ssh_url}} # Place your repo SSH URL - name: git_revision value: {{revision}} # Dynamic variable to fetch branch name of the push event on your repo + - name: repo_name + value: {{repo_name}} # Dynamic varaible to fetch repo name + - name: repo_path + value: "usermanagement-writeservice" - name: git_branch value: {{source_branch}} - - name: repo_path - value: {{repo_name}} # Dynamic variable to fetch repo name - - name: image_registry - value: "" # Place image registry URL without https:// succeeded by your application name - - name: helm_registry - value: "" # Place helm registry URL with https:// - name: pull_request_number value: {{pull_request_number}} - name: organization - value: {{YOUR_GIT_ORG}} + value: {{body.organization.login}} pipelineSpec: # Define what parameters will be used for pipeline params: - name: repo_url - name: git_revision + - name: repo_name - name: repo_path - - name: image_registry - - name: helm_registry - name: pull_request_number - name: organization - name: git_branch @@ -78,7 +77,7 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a - name: fetch-repository #Name what you want to call the task taskRef: name: git-clone # Name of tasks mentioned in tekton-catalog - kind: Task + kind: ClusterTask workspaces: # Mention what workspaces will be used by this task - name: output workspace: source @@ -126,10 +125,8 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a value: $(params.git_branch) - name: IMAGE_TAG value: $(tasks.create-git-tag.results.GIT_TAG) - - name: IMAGE_REPO - value: $(params.image_registry) - name: PULL_REQUEST_COMMITS_API # Replace when not using Git - value: https://api.github.com/repos/$(params.organization)/$(params.repo_path)/pulls/$(params.pull_request_number)/commits + value: https://api.github.com/repos/$(params.organization)/$(params.repo_name)/pulls/$(params.pull_request_number)/commits workspaces: - name: output workspace: source @@ -177,59 +174,72 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a name: stakater-sonarqube-scan kind: Task params: - - name: SONAR_HOST_URL - value: - name: SONAR_PROJECT_KEY value: $(params.repo_path) - - name: SONAR_LOGIN workspaces: - name: source workspace: source - - name: buildah + - name: buildah-image-build runAfter: - unit-test taskRef: - name: stakater-buildah + name: stakater-buildah-image-build kind: Task params: - - name: IMAGE - value: $(params.image_registry):$(tasks.create-git-tag.results.GIT_TAG) + - name: IMAGE_NAME + value: $(params.repo_path):$(tasks.create-git-tag.results.GIT_TAG) - name: TLSVERIFY value: "false" - name: FORMAT value: "docker" - - name: BUILD_IMAGE - value: "true" - - name: IMAGE_REGISTRY - value: $(params.image_registry) - name: CURRENT_GIT_TAG value: $(tasks.create-git-tag.results.CURRENT_GIT_TAG) + - name: REPO_NAME + value: $(params.repo_path) + workspaces: + - name: source + workspace: source + - name: buildah-image-push + runAfter: + - buildah-image-build + taskRef: + name: stakater-buildah-image-push + kind: Task + params: + - name: IMAGE_NAME + value: $(params.repo_path):$(tasks.create-git-tag.results.GIT_TAG) + - name: TLSVERIFY + value: "false" + - name: CURRENT_GIT_TAG + value: $(tasks.create-git-tag.results.CURRENT_GIT_TAG) + - name: REPO_NAME + value: $(params.repo_path) workspaces: - name: source workspace: source - name: trivy-scan runAfter: - - buildah + - buildah-image-push - sonarqube-scan taskRef: name: stakater-trivy-scan kind: Task params: - - name: IMAGE - value: $(params.image_registry):$(tasks.create-git-tag.results.GIT_TAG) + - name: IMAGE_NAME + value: $(params.repo_path):$(tasks.create-git-tag.results.GIT_TAG) workspaces: - name: source workspace: source - name: rox-image-scan runAfter: - - buildah + - buildah-image-push - sonarqube-scan taskRef: name: stakater-rox-image-scan kind: Task params: - - name: IMAGE - value: '$(params.image_registry):$(tasks.create-git-tag.results.GIT_TAG)' + - name: IMAGE_NAME + value: '$(params.repo_path):$(tasks.create-git-tag.results.GIT_TAG)' - name: ROX_API_TOKEN value: rox-creds - name: ROX_CENTRAL_ENDPOINT @@ -237,19 +247,19 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a - name: OUTPUT_FORMAT value: csv - name: IMAGE_DIGEST - value: $(tasks.buildah.results.IMAGE_DIGEST) + value: $(tasks.buildah-image-push.results.IMAGE_DIGEST) - name: BUILD_IMAGE value: "true" - name: rox-image-check runAfter: - - buildah + - buildah-image-push - sonarqube-scan taskRef: name: stakater-rox-image-check kind: Task params: - - name: IMAGE - value: '$(params.image_registry):$(tasks.create-git-tag.results.GIT_TAG)' + - name: IMAGE_NAME + value: '$(params.repo_path):$(tasks.create-git-tag.results.GIT_TAG)' - name: ROX_API_TOKEN value: rox-creds - name: ROX_CENTRAL_ENDPOINT @@ -258,7 +268,7 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a value: "true" - name: rox-deployment-check runAfter: - - buildah + - buildah-image-push - sonarqube-scan taskRef: name: stakater-rox-deployment-check @@ -277,7 +287,7 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a workspace: source - name: checkov-scan runAfter: - - buildah + - buildah-image-push - sonarqube-scan taskRef: name: stakater-checkov-scan @@ -285,33 +295,13 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a workspaces: - name: source workspace: source - - name: helm-push + - name: update-cd-repo runAfter: - trivy-scan - rox-deployment-check - rox-image-scan - rox-image-check - checkov-scan - taskRef: - name: stakater-helm-push - kind: Task - params: - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: REPO_PATH - value: $(params.repo_path) - - name: GIT_REVISION - value: $(params.git_revision) - - name: REGISTRY - value: $(params.helm_registry) - - name: SEM_VER - value: $(tasks.create-git-tag.results.GIT_TAG) - workspaces: - - name: source - workspace: source - - name: update-cd-repo - runAfter: - - helm-push taskRef: kind: Task name: stakater-github-update-cd-repo @@ -319,27 +309,21 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a - name: IMAGE_TAG value: $(tasks.create-git-tag.results.GIT_TAG) - name: IMAGE_NAME - value: $(params.image_registry) + value: $(params.repo_path) - name: PR_NUMBER value: $(params.pull_request_number) - name: REPO_PATH value: $(params.repo_path) - name: GIT_REVISION value: $(params.git_revision) - - name: NAMESPACE - value: -dev - name: ENVIRONMENT value: dev - - name: HELM_REGISTRY - value: $(params.helm_registry) - - name: CD_REPO_URL - value: workspaces: - name: source workspace: source - name: ssh-directory - workspace: ssh-directory - - name: stakater-validate-environment + workspace: cd-ssh-creds + - name: validate-environment runAfter: - update-cd-repo taskRef: @@ -361,13 +345,16 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a - ReadWriteOnce resources: requests: - storage: 1Gi + storage: 2Gi - name: ssh-directory # Using ssh-directory workspace for our task to have better security secret: secretName: git-ssh-creds # Created this secret earlier - name: repo-token secret: secretName: git-pat-creds + - name: cd-ssh-creds + secret: + secretName: git-ssh-creds ``` !!! note diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/22-add-comment-on-pr-md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/22-add-comment-on-pr-md new file mode 100644 index 00000000..6d234d8b --- /dev/null +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/22-add-comment-on-pr-md @@ -0,0 +1,388 @@ +# Comment on PR + +## Objectives + +- Add `comment-on-pr` task to PipelineRun. +- Define parameters, workspaces, and tasks within the PipelineRun for building and deploying your application. + +## Key Results + +- Successfully create and execute the Tekton PipelineRun using the defined `.tekton/pullrequest.yaml` file, enabling automated CI/CD processes for your application. +- Dynamic environment application image name and route will be added in the PR comments. + +## Tutorial + +### Create PipelineRun with Validate Environment Task + +You have already created a PipelineRun in the previous tutorial. Let's now add another task [`comment-on-pr`](https://github.com/stakater-tekton-catalog/validate-environment) to it. + +1. Open up the PipelineRun file you created in the previous tutorial. +1. Now edit the file so the YAML becomes like the one given below. + + ```yaml + apiVersion: tekton.dev/v1beta1 + kind: PipelineRun + metadata: + name: pullrequest # pipelineRun name + annotations: + pipelinesascode.tekton.dev/on-event: "[pull_request]" # Trigger the pipelineRun on pull_request events on branch main + pipelinesascode.tekton.dev/on-target-branch: "main" + pipelinesascode.tekton.dev/task: "[git-clone, + https://raw.githubusercontent.com/stakater-tekton-catalog/create-git-tag/0.0.12/task/stakater-create-git-tag/stakater-create-git-tag.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/create-environment/0.0.17/task/stakater-create-environment/stakater-create-environment.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/code-linting-mvn/0.0.4/task/stakater-code-linting/stakater-code-linting.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/kube-linting/0.0.7/task/stakater-kube-linting/stakater-kube-linting.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/unit-test/0.0.6/task/stakater-unit-test/stakater-unit-test.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/sonarqube-scan/0.0.19/task/stakater-sonarqube-scan/stakater-sonarqube-scan.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/buildah-image-build/0.0.1/task/stakater-buildah-image-build/stakater-buildah-image-build.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/buildah-image-push/0.0.1/task/stakater-buildah-image-push/stakater-buildah-image-push.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/trivy-scan/0.0.4/task/stakater-trivy-scan/stakater-trivy-scan.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/rox-image-scan/0.0.5/task/stakater-rox-image-scan/stakater-rox-image-scan.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/rox-deployment-check/0.0.4/task/stakater-rox-deployment-check/stakater-rox-deployment-check.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/rox-image-check/0.0.9/task/stakater-rox-image-check/stakater-rox-image-check.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/checkov-scan/0.0.4/task/stakater-checkov-scan/stakater-checkov-scan.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/github-update-cd-repo/0.0.18/task/stakater-github-update-cd-repo/stakater-github-update-cd-repo.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/cosign/0.0.4/task/stakater-cosign/stakater-cosign.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/comment-on-pr/comment_route/helm/templates/task.yaml, + https://raw.githubusercontent.com/stakater-tekton-catalog/validate-environment/0.0.8/task/stakater-validate-environment/stakater-validate-environment.yaml]" # The tasks will be fetched from Tekton Hub. We can also provide direct links to yaml files + pipelinesascode.tekton.dev/max-keep-runs: "2" # Only remain 2 latest pipelineRuns on SAAP + spec: + params: + - name: repo_url + value: {{body.repository.ssh_url}} # Place your repo SSH URL + - name: git_revision + value: {{revision}} # Dynamic variable to fetch branch name of the push event on your repo + - name: repo_name + value: {{repo_name}} # Dynamic varaible to fetch repo name + - name: repo_path + value: "usermanagement-writeservice" + - name: git_branch + value: {{source_branch}} + - name: pull_request_number + value: {{pull_request_number}} + - name: organization + value: {{body.organization.login}} + pipelineSpec: # Define what parameters will be used for pipeline + params: + - name: repo_url + - name: git_revision + - name: repo_name + - name: repo_path + - name: pull_request_number + - name: organization + - name: git_branch + workspaces: # Mention what workspaces will be used by this pipeline to store data and used by data transferring between tasks + - name: source + - name: ssh-directory + tasks: # Mention what tasks will be used by this pipeline + - name: fetch-repository #Name what you want to call the task + taskRef: + name: git-clone # Name of tasks mentioned in tekton-catalog + kind: ClusterTask + workspaces: # Mention what workspaces will be used by this task + - name: output + workspace: source + - name: ssh-directory + workspace: ssh-directory + params: # Parameters will be used by this task + - name: depth + value: "0" + - name: url + value: $(params.repo_url) + - name: revision + value: $(params.git_revision) + - name: create-git-tag + runAfter: + - fetch-repository + taskRef: + name: stakater-create-git-tag + kind: Task + params: + - name: PR_NUMBER + value: $(params.pull_request_number) + - name: GIT_REVISION + value: $(params.git_revision) + workspaces: + - name: source + workspace: source + - name: ssh-directory + workspace: ssh-directory + - name: stakater-create-environment + runAfter: + - create-git-tag + taskRef: + kind: Task + name: stakater-create-environment + params: + - name: CREATE_ON_CLUSTER + value: "true" + - name: REPO_NAME + value: $(params.repo_path) + - name: PR_NUMBER + value: $(params.pull_request_number) + - name: GIT_URL + value: "" #Replace with your application repository Url + - name: GIT_BRANCH + value: $(params.git_branch) + - name: IMAGE_TAG + value: $(tasks.create-git-tag.results.GIT_TAG) + - name: PULL_REQUEST_COMMITS_API # Replace when not using Git + value: https://api.github.com/repos/$(params.organization)/$(params.repo_name)/pulls/$(params.pull_request_number)/commits + workspaces: + - name: output + workspace: source + - name: repo-token + workspace: repo-token + - name: code-linting + runAfter: + - stakater-create-environment + taskRef: + name: stakater-code-linting + kind: Task + workspaces: + - name: source + workspace: source + - name: kube-linting + runAfter: + - stakater-create-environment + taskRef: + name: stakater-kube-linting + kind: Task + params: + - name: FILE + value: manifest.yaml + - name: DEPLOYMENT_FILES_PATH + value: deploy + - name: NAMESPACE + value: arsenal-build + workspaces: + - name: source + workspace: source + - name: unit-test + runAfter: + - code-linting + - kube-linting + taskRef: + name: stakater-unit-test + kind: Task + workspaces: + - name: source + workspace: source + - name: sonarqube-scan + runAfter: + - unit-test + taskRef: + name: stakater-sonarqube-scan + kind: Task + params: + - name: SONAR_PROJECT_KEY + value: $(params.repo_path) + workspaces: + - name: source + workspace: source + - name: buildah-image-build + runAfter: + - unit-test + taskRef: + name: stakater-buildah-image-build + kind: Task + params: + - name: IMAGE_NAME + value: $(params.repo_path):$(tasks.create-git-tag.results.GIT_TAG) + - name: TLSVERIFY + value: "false" + - name: FORMAT + value: "docker" + - name: CURRENT_GIT_TAG + value: $(tasks.create-git-tag.results.CURRENT_GIT_TAG) + - name: REPO_NAME + value: $(params.repo_path) + workspaces: + - name: source + workspace: source + - name: buildah-image-push + runAfter: + - buildah-image-build + taskRef: + name: stakater-buildah-image-push + kind: Task + params: + - name: IMAGE_NAME + value: $(params.repo_path):$(tasks.create-git-tag.results.GIT_TAG) + - name: TLSVERIFY + value: "false" + - name: CURRENT_GIT_TAG + value: $(tasks.create-git-tag.results.CURRENT_GIT_TAG) + - name: REPO_NAME + value: $(params.repo_path) + workspaces: + - name: source + workspace: source + - name: trivy-scan + runAfter: + - buildah-image-push + - sonarqube-scan + taskRef: + name: stakater-trivy-scan + kind: Task + params: + - name: IMAGE_NAME + value: $(params.repo_path):$(tasks.create-git-tag.results.GIT_TAG) + workspaces: + - name: source + workspace: source + - name: rox-image-scan + runAfter: + - buildah-image-push + - sonarqube-scan + taskRef: + name: stakater-rox-image-scan + kind: Task + params: + - name: IMAGE_NAME + value: '$(params.repo_path):$(tasks.create-git-tag.results.GIT_TAG)' + - name: ROX_API_TOKEN + value: rox-creds + - name: ROX_CENTRAL_ENDPOINT + value: rox-creds + - name: OUTPUT_FORMAT + value: csv + - name: IMAGE_DIGEST + value: $(tasks.buildah-image-push.results.IMAGE_DIGEST) + - name: BUILD_IMAGE + value: "true" + - name: rox-image-check + runAfter: + - buildah-image-push + - sonarqube-scan + taskRef: + name: stakater-rox-image-check + kind: Task + params: + - name: IMAGE_NAME + value: '$(params.repo_path):$(tasks.create-git-tag.results.GIT_TAG)' + - name: ROX_API_TOKEN + value: rox-creds + - name: ROX_CENTRAL_ENDPOINT + value: rox-creds + - name: BUILD_IMAGE + value: "true" + - name: rox-deployment-check + runAfter: + - buildah-image-push + - sonarqube-scan + taskRef: + name: stakater-rox-deployment-check + kind: Task + params: + - name: ROX_API_TOKEN + value: rox-creds + - name: ROX_CENTRAL_ENDPOINT + value: rox-creds + - name: FILE + value: manifest.yaml + - name: DEPLOYMENT_FILES_PATH + value: deploy + workspaces: + - name: source + workspace: source + - name: checkov-scan + runAfter: + - buildah-image-push + - sonarqube-scan + taskRef: + name: stakater-checkov-scan + kind: Task + workspaces: + - name: source + workspace: source + - name: update-cd-repo + runAfter: + - trivy-scan + - rox-deployment-check + - rox-image-scan + - rox-image-check + - checkov-scan + taskRef: + kind: Task + name: stakater-github-update-cd-repo + params: + - name: IMAGE_TAG + value: $(tasks.create-git-tag.results.GIT_TAG) + - name: IMAGE_NAME + value: $(params.repo_path) + - name: PR_NUMBER + value: $(params.pull_request_number) + - name: REPO_PATH + value: $(params.repo_path) + - name: GIT_REVISION + value: $(params.git_revision) + - name: ENVIRONMENT + value: dev + workspaces: + - name: source + workspace: source + - name: ssh-directory + workspace: cd-ssh-creds + - name: validate-environment + runAfter: + - update-cd-repo + taskRef: + kind: Task + name: stakater-validate-environment + params: + - name: TIMEOUT + value: "300" + - name: PR_NUMBER + value: $(params.pull_request_number) + workspaces: + - name: source + workspace: source + - name: comment-on-pr + runAfter: + - validate-environment + taskRef: + kind: Task + name: stakater-comment-on-pr + params: + - name: IMAGE_NAME + value: $(params.repo_path):$(tasks.create-git-tag.results.GIT_TAG) + - name: PR_NUMBER + value: $(params.pull_request_number) + - name: REPO_NAME + value: "$(params.organization)/$(params.repo_name)" + workspaces: + - name: source + workspace: source + - name: repo-token + workspace: repo-token + workspaces: # Mention Workspaces configuration + - name: source + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + - name: ssh-directory # Using ssh-directory workspace for our task to have better security + secret: + secretName: git-ssh-creds # Created this secret earlier + - name: repo-token + secret: + secretName: git-pat-creds + - name: cd-ssh-creds + secret: + secretName: git-ssh-creds + ``` + + !!! note + Remember to add the remote task in the annotations + +1. Create a pull request with you changes. This should trigger the pipeline in the build namespace. + + ![validate-environment](images/validate-environment.png) + + ![validate-environment](images/validate-env-logs.png) + +Great! Let's add more tasks in our pipelineRun in coming tutorials. From 833bdf9ba8d009d26477dfe9c43cfc0e73b539db Mon Sep 17 00:00:00 2001 From: stakater-nordmart-bot Date: Tue, 30 Jul 2024 22:04:36 +0200 Subject: [PATCH 2/5] update code snippets to ref normart review pipeline --- .../add-ci-pipeline/07-add-create-git-tag.md | 81 +--- .../08-add-create-environment.md | 120 +----- .../add-ci-pipeline/09-add-code-linting.md | 130 +----- .../add-ci-pipeline/10-add-kube-linting.md | 147 +------ .../add-ci-pipeline/11-add-unit-test.md | 158 +------- .../add-ci-pipeline/12-add-sonar-scan.md | 174 +------- .../13-add-buildah-image-build.md | 187 +-------- .../13-add-buildah-image-push.md | 239 ----------- .../14-add-buildah-image-push.md | 35 ++ .../add-ci-pipeline/14-add-trivy-scan.md | 244 ------------ .../add-ci-pipeline/15-add-rox-image-scan.md | 265 ------------- .../add-ci-pipeline/15-add-trivy-scan.md | 35 ++ .../add-ci-pipeline/16-add-rox-image-check.md | 281 ------------- .../add-ci-pipeline/16-add-rox-image-scan.md | 35 ++ .../17-add-rox-deployment-check.md | 301 -------------- .../add-ci-pipeline/17-add-rox-image-check.md | 34 ++ .../add-ci-pipeline/18-add-checkov-scan.md | 309 --------------- .../18-add-rox-deployment-check.md | 34 ++ .../add-ci-pipeline/19-add-checkov-scan.md | 31 ++ .../add-ci-pipeline/19-add-helm-push.md | 337 ---------------- .../add-ci-pipeline/20-add-helm-push.md | 34 ++ .../add-ci-pipeline/20-add-update-cd-repo.md | 370 ------------------ .../add-ci-pipeline/21-add-update-cd-repo.md | 36 ++ .../21-add-validate-environment.md | 369 ----------------- .../22-add-validate-environment.md | 34 ++ ...mment-on-pr-md => 23-add-comment-on-pr.md} | 0 26 files changed, 315 insertions(+), 3705 deletions(-) delete mode 100644 content/for-developers/tutorials/outer-loop/add-ci-pipeline/13-add-buildah-image-push.md create mode 100644 content/for-developers/tutorials/outer-loop/add-ci-pipeline/14-add-buildah-image-push.md delete mode 100644 content/for-developers/tutorials/outer-loop/add-ci-pipeline/14-add-trivy-scan.md delete mode 100644 content/for-developers/tutorials/outer-loop/add-ci-pipeline/15-add-rox-image-scan.md create mode 100644 content/for-developers/tutorials/outer-loop/add-ci-pipeline/15-add-trivy-scan.md delete mode 100644 content/for-developers/tutorials/outer-loop/add-ci-pipeline/16-add-rox-image-check.md create mode 100644 content/for-developers/tutorials/outer-loop/add-ci-pipeline/16-add-rox-image-scan.md delete mode 100644 content/for-developers/tutorials/outer-loop/add-ci-pipeline/17-add-rox-deployment-check.md create mode 100644 content/for-developers/tutorials/outer-loop/add-ci-pipeline/17-add-rox-image-check.md delete mode 100644 content/for-developers/tutorials/outer-loop/add-ci-pipeline/18-add-checkov-scan.md create mode 100644 content/for-developers/tutorials/outer-loop/add-ci-pipeline/18-add-rox-deployment-check.md create mode 100644 content/for-developers/tutorials/outer-loop/add-ci-pipeline/19-add-checkov-scan.md delete mode 100644 content/for-developers/tutorials/outer-loop/add-ci-pipeline/19-add-helm-push.md create mode 100644 content/for-developers/tutorials/outer-loop/add-ci-pipeline/20-add-helm-push.md delete mode 100644 content/for-developers/tutorials/outer-loop/add-ci-pipeline/20-add-update-cd-repo.md create mode 100644 content/for-developers/tutorials/outer-loop/add-ci-pipeline/21-add-update-cd-repo.md delete mode 100644 content/for-developers/tutorials/outer-loop/add-ci-pipeline/21-add-validate-environment.md create mode 100644 content/for-developers/tutorials/outer-loop/add-ci-pipeline/22-add-validate-environment.md rename content/for-developers/tutorials/outer-loop/add-ci-pipeline/{22-add-comment-on-pr-md => 23-add-comment-on-pr.md} (100%) diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/07-add-create-git-tag.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/07-add-create-git-tag.md index 0ecbdb70..864c9a65 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/07-add-create-git-tag.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/07-add-create-git-tag.md @@ -19,86 +19,7 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a 1. Now edit the file, so the YAML becomes like the one given below. ```yaml - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - name: pullrequest # pipelineRun name - annotations: - pipelinesascode.tekton.dev/on-event: "[pull_request]" # Trigger the pipelineRun on pullrequest events on branch main - pipelinesascode.tekton.dev/on-target-branch: "main" - pipelinesascode.tekton.dev/task: "[git-clone, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-git-tag/0.0.12/task/stakater-create-git-tag/stakater-create-git-tag.yaml]" - pipelinesascode.tekton.dev/max-keep-runs: "2" # Only remain 2 latest pipelineRuns on SAAP - spec: - params: - - name: repo_url - value: "git@github.com://" # Place your repo SSH URL - - name: git_revision - value: {{revision}} # Dynamic variable to fetch branch name of the push event on your repo - - name: repo_path - value: {{repo_name}} # Dynamic variable to fetch repo name - - name: image_registry - value: "" # Place image registry URL without https:// succeeded by your application name - - name: helm_registry - value: "" # Place helm registry URL with https:// - - name: pull_request_number - value: {{pull_request_number}} - pipelineSpec: # Define what parameters will be used for pipeline - params: - - name: repo_url - - name: git_revision - - name: repo_path - - name: image_registry - - name: helm_registry - - name: pull_request_number - workspaces: # Mention what workspaces will be used by this pipeline to store data and used by data transferring between tasks - - name: source - - name: ssh-directory - tasks: # Mention what tasks will be used by this pipeline - - name: fetch-repository #Name what you want to call the task - taskRef: - name: git-clone # Name of tasks mentioned in tekton-catalog - kind: Task - workspaces: # Mention what workspaces will be used by this task - - name: output - workspace: source - - name: ssh-directory - workspace: ssh-directory - params: # Parameters will be used by this task - - name: depth - value: "0" - - name: url - value: $(params.repo_url) - - name: revision - value: $(params.git_revision) - - name: create-git-tag - runAfter: - - fetch-repository - taskRef: - name: stakater-create-git-tag - kind: Task - params: - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_REVISION - value: $(params.git_revision) - workspaces: - - name: source - workspace: source - - name: ssh-directory - workspace: ssh-directory - workspaces: # Mention Workspaces configuration - - name: source - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - - name: ssh-directory # Using ssh-directory workspace for our task to have better security - secret: - secretName: git-ssh-creds # Created this secret earlier + {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/git_clone.yaml" %} ``` **Notice** that we added another value to the **`pipelinesascode.tekton.dev/task`** annotation. The annotation is used by pipeline as code resolver to fetch tasks defined remotely. To explore stakater's Tekton diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/08-add-create-environment.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/08-add-create-environment.md index 6bee4012..e7438e75 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/08-add-create-environment.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/08-add-create-environment.md @@ -21,126 +21,8 @@ The create environment task utilizes [Tronador](https://docs.stakater.com/tronad 1. Now edit the file so the YAML becomes like the one given below. ```yaml - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - name: pullrequest # pipelineRun name - annotations: - pipelinesascode.tekton.dev/on-event: "[push]" # Trigger the pipelineRun on push events on branch main - pipelinesascode.tekton.dev/on-target-branch: "main" - pipelinesascode.tekton.dev/task: "[git-clone, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-git-tag/0.0.12/task/stakater-create-git-tag/stakater-create-git-tag.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-environment/0.0.16/task/stakater-create-environment/stakater-create-environment.yaml]" - pipelinesascode.tekton.dev/max-keep-runs: "2" # Only remain 2 latest pipelineRuns on SAAP - spec: - params: - - name: repo_url - value: "git@github.com://" # Place your repo SSH URL - - name: git_revision - value: {{revision}} # Dynamic variable to fetch branch name of the push event on your repo - - name: git_branch - value: {{source_branch}} - - name: repo_path - value: {{repo_name}} # Dynamic variable to fetch repo name - - name: image_registry - value: "" # Place image registry URL without https:// succeeded by your application name - - name: helm_registry - value: "" # Place helm registry URL with https:// - - name: pull_request_number - value: {{pull_request_number}} - - name: organization - value: {{YOUR_GIT_ORG}} - pipelineSpec: # Define what parameters will be used for pipeline - params: - - name: repo_url - - name: git_revision - - name: repo_path - - name: image_registry - - name: helm_registry - - name: pull_request_number - - name: organization - - name: git_branch - workspaces: # Mention what workspaces will be used by this pipeline to store data and used by data transferring between tasks - - name: source - - name: ssh-directory - tasks: # Mention what tasks will be used by this pipeline - - name: fetch-repository #Name what you want to call the task - taskRef: - name: git-clone # Name of tasks mentioned in tekton-catalog - kind: Task - workspaces: # Mention what workspaces will be used by this task - - name: output - workspace: source - - name: ssh-directory - workspace: ssh-directory - params: # Parameters will be used by this task - - name: depth - value: "0" - - name: url - value: $(params.repo_url) - - name: revision - value: $(params.git_revision) - - name: create-git-tag - runAfter: - - fetch-repository - taskRef: - name: stakater-create-git-tag-0.0.7 - kind: Task - params: - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_REVISION - value: $(params.git_revision) - workspaces: - - name: source - workspace: source - - name: ssh-directory - workspace: ssh-directory - - name: stakater-create-environment - runAfter: - - create-git-tag - taskRef: - kind: Task - name: stakater-create-environment - params: - - name: CREATE_ON_CLUSTER - value: "true" - - name: REPO_NAME - value: $(params.repo_path) - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_URL - value: "" #Replace with your application repository Url - - name: GIT_BRANCH - value: $(params.git_branch) - - name: IMAGE_TAG - value: $(tasks.create-git-tag.results.GIT_TAG) - - name: IMAGE_REPO - value: $(params.image_registry) - - name: PULL_REQUEST_COMMITS_API # Replace when not using Git - value: https://api.github.com/repos/$(params.organization)/$(params.repo_path)/pulls/$(params.pull_request_number)/commits - workspaces: - - name: output - workspace: source - - name: repo-token - workspace: repo-token - workspaces: # Mention Workspaces configuration - - name: source - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - - name: ssh-directory # Using ssh-directory workspace for our task to have better security - secret: - secretName: git-ssh-creds # Created this secret earlier - - name: repo-token - secret: - secretName: git-pat-creds + {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/code_linting.yaml" %} ``` - **Notice** that we added another **workspace, repo-token** to the pipeline run. This workspace utilizes the git-pat-creds secret that we previously created and mounts it to the create-environment task. !!! note diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/09-add-code-linting.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/09-add-code-linting.md index c5f764e4..b7b9278c 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/09-add-code-linting.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/09-add-code-linting.md @@ -20,136 +20,8 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a 1. Now edit the file so the YAML becomes like the one given below. ```yaml - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - name: pullrequest # pipelineRun name - annotations: - pipelinesascode.tekton.dev/on-event: "[pull_request]" # Trigger the pipelineRun on pullrequest events on branch main - pipelinesascode.tekton.dev/on-target-branch: "main" - pipelinesascode.tekton.dev/task: "[git-clone, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-git-tag/0.0.12/task/stakater-create-git-tag/stakater-create-git-tag.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-environment/0.0.16/task/stakater-create-environment/stakater-create-environment.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/code-linting-mvn/0.0.4/task/stakater-code-linting/stakater-code-linting.yaml]" - pipelinesascode.tekton.dev/max-keep-runs: "2" # Only remain 2 latest pipelineRuns on SAAP - spec: - params: - - name: repo_url - value: "git@github.com://" # Place your repo SSH URL - - name: git_revision - value: {{revision}} # Dynamic variable to fetch branch name of the push event on your repo - - name: git_branch - value: {{source_branch}} - - name: repo_path - value: {{repo_name}} # Dynamic variable to fetch repo name - - name: image_registry - value: "" # Place image registry URL without https:// succeeded by your application name - - name: helm_registry - value: "" # Place helm registry URL with https:// - - name: pull_request_number - value: {{pull_request_number}} - - name: organization - value: {{YOUR_GIT_ORG}} - pipelineSpec: # Define what parameters will be used for pipeline - params: - - name: repo_url - - name: git_revision - - name: repo_path - - name: image_registry - - name: helm_registry - - name: pull_request_number - - name: organization - - name: git_branch - workspaces: # Mention what workspaces will be used by this pipeline to store data and used by data transferring between tasks - - name: source - - name: ssh-directory - tasks: # Mention what tasks will be used by this pipeline - - name: fetch-repository #Name what you want to call the task - taskRef: - name: git-clone # Name of tasks mentioned in tekton-catalog - kind: Task - workspaces: # Mention what workspaces will be used by this task - - name: output - workspace: source - - name: ssh-directory - workspace: ssh-directory - params: # Parameters will be used by this task - - name: depth - value: "0" - - name: url - value: $(params.repo_url) - - name: revision - value: $(params.git_revision) - - name: create-git-tag - runAfter: - - fetch-repository - taskRef: - name: stakater-create-git-tag - kind: Task - params: - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_REVISION - value: $(params.git_revision) - workspaces: - - name: source - workspace: source - - name: ssh-directory - workspace: ssh-directory - - name: stakater-create-environment - runAfter: - - create-git-tag - taskRef: - kind: Task - name: stakater-create-environment - params: - - name: CREATE_ON_CLUSTER - value: "true" - - name: REPO_NAME - value: $(params.repo_path) - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_URL - value: "" #Replace with your application repository Url - - name: GIT_BRANCH - value: $(params.git_branch) - - name: IMAGE_TAG - value: $(tasks.create-git-tag.results.GIT_TAG) - - name: IMAGE_REPO - value: $(params.image_registry) - - name: PULL_REQUEST_COMMITS_API # Replace when not using Git - value: https://api.github.com/repos/$(params.organization)/$(params.repo_path)/pulls/$(params.pull_request_number)/commits - workspaces: - - name: output - workspace: source - - name: repo-token - workspace: repo-token - - name: code-linting - runAfter: - - stakater-create-environment - taskRef: - name: stakater-code-linting - kind: Task - workspaces: - - name: source - workspace: source - workspaces: # Mention Workspaces configuration - - name: source - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - - name: ssh-directory # Using ssh-directory workspace for our task to have better security - secret: - secretName: git-ssh-creds # Created this secret earlier - - name: repo-token - secret: - secretName: git-pat-creds + {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/code_linting.yaml" %} ``` - !!! note Remember to add the remote task in the annotations ![code-lint-annotation](images/code-lint-annotation.png) diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/10-add-kube-linting.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/10-add-kube-linting.md index fd6632e4..d281ad40 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/10-add-kube-linting.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/10-add-kube-linting.md @@ -20,153 +20,8 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a 1. Now edit the file so the YAML becomes like the one given below. ```yaml - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - name: pullrequest # pipelineRun name - annotations: - pipelinesascode.tekton.dev/on-event: "[pull_request]" # Trigger the pipelineRun on push events on branch main - pipelinesascode.tekton.dev/on-target-branch: "main" - pipelinesascode.tekton.dev/task: "[git-clone, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-git-tag/0.0.12/task/stakater-create-git-tag/stakater-create-git-tag.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-environment/0.0.16/task/stakater-create-environment/stakater-create-environment.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/code-linting-mvn/0.0.4/task/stakater-code-linting/stakater-code-linting.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/kube-linting/0.0.7/task/stakater-kube-linting/stakater-kube-linting.yaml]" - pipelinesascode.tekton.dev/max-keep-runs: "2" # Only remain 2 latest pipelineRuns on SAAP - spec: - params: - - name: repo_url - value: "git@github.com://" # Place your repo SSH URL - - name: git_revision - value: {{revision}} # Dynamic variable to fetch branch name of the push event on your repo - - name: git_branch - value: {{source_branch}} - - name: repo_path - value: {{repo_name}} # Dynamic variable to fetch repo name - - name: image_registry - value: "" # Place image registry URL without https:// succeeded by your application name - - name: helm_registry - value: "" # Place helm registry URL with https:// - - name: pull_request_number - value: {{pull_request_number}} - - name: organization - value: {{YOUR_GIT_ORG}} - pipelineSpec: # Define what parameters will be used for pipeline - params: - - name: repo_url - - name: git_revision - - name: repo_path - - name: image_registry - - name: helm_registry - - name: pull_request_number - - name: organization - - name: git_branch - workspaces: # Mention what workspaces will be used by this pipeline to store data and used by data transferring between tasks - - name: source - - name: ssh-directory - tasks: # Mention what tasks will be used by this pipeline - - name: fetch-repository #Name what you want to call the task - taskRef: - name: git-clone # Name of tasks mentioned in tekton-catalog - kind: Task - workspaces: # Mention what workspaces will be used by this task - - name: output - workspace: source - - name: ssh-directory - workspace: ssh-directory - params: # Parameters will be used by this task - - name: depth - value: "0" - - name: url - value: $(params.repo_url) - - name: revision - value: $(params.git_revision) - - name: create-git-tag - runAfter: - - fetch-repository - taskRef: - name: stakater-create-git-tag - kind: Task - params: - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_REVISION - value: $(params.git_revision) - workspaces: - - name: source - workspace: source - - name: ssh-directory - workspace: ssh-directory - - name: stakater-create-environment - runAfter: - - create-git-tag - taskRef: - kind: Task - name: stakater-create-environment - params: - - name: CREATE_ON_CLUSTER - value: "true" - - name: REPO_NAME - value: $(params.repo_path) - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_URL - value: "" #Replace with your application repository Url - - name: GIT_BRANCH - value: $(params.git_branch) - - name: IMAGE_TAG - value: $(tasks.create-git-tag.results.GIT_TAG) - - name: IMAGE_REPO - value: $(params.image_registry) - - name: PULL_REQUEST_COMMITS_API # Replace when not using Git - value: https://api.github.com/repos/$(params.organization)/$(params.repo_path)/pulls/$(params.pull_request_number)/commits - workspaces: - - name: output - workspace: source - - name: repo-token - workspace: repo-token - - name: code-linting - runAfter: - - stakater-create-environment - taskRef: - name: stakater-code-linting - kind: Task - workspaces: - - name: source - workspace: source - - name: kube-linting - runAfter: - - stakater-create-environment - taskRef: - name: stakater-kube-linting - kind: Task - params: - - name: FILE - value: manifest.yaml - - name: DEPLOYMENT_FILES_PATH - value: deploy - - name: NAMESPACE - value: arsenal-build - workspaces: - - name: source - workspace: source - workspaces: # Mention Workspaces configuration - - name: source - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - - name: ssh-directory # Using ssh-directory workspace for our task to have better security - secret: - secretName: git-ssh-creds # Created this secret earlier - - name: repo-token - secret: - secretName: git-pat-creds + {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/kube_linting.yaml" %} ``` - !!! note Remember to add the remote task in the annotations ![Kube-linting](images/kube-linting-annotation.png) diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/11-add-unit-test.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/11-add-unit-test.md index 9ee791bd..fc4e3742 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/11-add-unit-test.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/11-add-unit-test.md @@ -20,164 +20,8 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a 1. Now edit the file so the YAML becomes like the one given below. ```yaml - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - name: pullrequest # pipelineRun name - annotations: - pipelinesascode.tekton.dev/on-event: "[pull_request]" # Trigger the pipelineRun on push events on branch main - pipelinesascode.tekton.dev/on-target-branch: "main" - pipelinesascode.tekton.dev/task: "[git-clone, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-git-tag/0.0.12/task/stakater-create-git-tag/stakater-create-git-tag.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-environment/0.0.16/task/stakater-create-environment/stakater-create-environment.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/code-linting-mvn/0.0.4/task/stakater-code-linting/stakater-code-linting.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/kube-linting/0.0.7/task/stakater-kube-linting/stakater-kube-linting.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/unit-test/0.0.6/task/stakater-unit-test/stakater-unit-test.yaml]" - pipelinesascode.tekton.dev/max-keep-runs: "2" # Only remain 2 latest pipelineRuns on SAAP - spec: - params: - - name: repo_url - value: "git@github.com://" # Place your repo SSH URL - - name: git_revision - value: {{revision}} # Dynamic variable to fetch branch name of the push event on your repo - - name: git_branch - value: {{source_branch}} - - name: repo_path - value: {{repo_name}} # Dynamic variable to fetch repo name - - name: image_registry - value: "" # Place image registry URL without https:// succeeded by your application name - - name: helm_registry - value: "" # Place helm registry URL with https:// - - name: pull_request_number - value: {{pull_request_number}} - - name: organization - value: {{YOUR_GIT_ORG}} - pipelineSpec: # Define what parameters will be used for pipeline - params: - - name: repo_url - - name: git_revision - - name: repo_path - - name: image_registry - - name: helm_registry - - name: pull_request_number - - name: organization - - name: git_branch - workspaces: # Mention what workspaces will be used by this pipeline to store data and used by data transferring between tasks - - name: source - - name: ssh-directory - tasks: # Mention what tasks will be used by this pipeline - - name: fetch-repository #Name what you want to call the task - taskRef: - name: git-clone # Name of tasks mentioned in tekton-catalog - kind: Task - workspaces: # Mention what workspaces will be used by this task - - name: output - workspace: source - - name: ssh-directory - workspace: ssh-directory - params: # Parameters will be used by this task - - name: depth - value: "0" - - name: url - value: $(params.repo_url) - - name: revision - value: $(params.git_revision) - - name: create-git-tag - runAfter: - - fetch-repository - taskRef: - name: stakater-create-git-tag - kind: Task - params: - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_REVISION - value: $(params.git_revision) - workspaces: - - name: source - workspace: source - - name: ssh-directory - workspace: ssh-directory - - name: stakater-create-environment - runAfter: - - create-git-tag - taskRef: - kind: Task - name: stakater-create-environment - params: - - name: CREATE_ON_CLUSTER - value: "true" - - name: REPO_NAME - value: $(params.repo_path) - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_URL - value: "" #Replace with your application repository Url - - name: GIT_BRANCH - value: $(params.git_branch) - - name: IMAGE_TAG - value: $(tasks.create-git-tag.results.GIT_TAG) - - name: IMAGE_REPO - value: $(params.image_registry) - - name: PULL_REQUEST_COMMITS_API # Replace when not using Git - value: https://api.github.com/repos/$(params.organization)/$(params.repo_path)/pulls/$(params.pull_request_number)/commits - workspaces: - - name: output - workspace: source - - name: repo-token - workspace: repo-token - - name: code-linting - runAfter: - - stakater-create-environment - taskRef: - name: stakater-code-linting - kind: Task - workspaces: - - name: source - workspace: source - - name: kube-linting - runAfter: - - stakater-create-environment - taskRef: - name: stakater-kube-linting - kind: Task - params: - - name: FILE - value: manifest.yaml - - name: DEPLOYMENT_FILES_PATH - value: deploy - - name: NAMESPACE - value: arsenal-build - workspaces: - - name: source - workspace: source - - name: unit-test - runAfter: - - code-linting - - kube-linting - taskRef: - name: stakater-unit-test - kind: Task - workspaces: - - name: source - workspace: source - workspaces: # Mention Workspaces configuration - - name: source - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - - name: ssh-directory # Using ssh-directory workspace for our task to have better security - secret: - secretName: git-ssh-creds # Created this secret earlier - - name: repo-token - secret: - secretName: git-pat-creds + {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/unit_test.yaml" %} ``` - !!! note Remember to add the remote task in the annotations ![unit-test](images/unit-test-annotation.png) diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/12-add-sonar-scan.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/12-add-sonar-scan.md index 5c20fc84..ede523ef 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/12-add-sonar-scan.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/12-add-sonar-scan.md @@ -20,180 +20,8 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a 1. Now edit the file so the YAML becomes like the one given below. ```yaml - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - name: pullrequest # pipelineRun name - annotations: - pipelinesascode.tekton.dev/on-event: "[pull_request]" # Trigger the pipelineRun on push events on branch main - pipelinesascode.tekton.dev/on-target-branch: "main" - pipelinesascode.tekton.dev/task: "[git-clone, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-git-tag/0.0.12/task/stakater-create-git-tag/stakater-create-git-tag.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-environment/0.0.16/task/stakater-create-environment/stakater-create-environment.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/code-linting-mvn/0.0.4/task/stakater-code-linting/stakater-code-linting.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/kube-linting/0.0.7/task/stakater-kube-linting/stakater-kube-linting.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/unit-test/0.0.6/task/stakater-unit-test/stakater-unit-test.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/sonarqube-scan/0.0.13/task/stakater-sonarqube-scan/stakater-sonarqube-scan.yaml]" - pipelinesascode.tekton.dev/max-keep-runs: "2" # Only remain 2 latest pipelineRuns on SAAP - spec: - params: - - name: repo_url - value: "git@github.com://" # Place your repo SSH URL - - name: git_revision - value: {{revision}} # Dynamic variable to fetch branch name of the push event on your repo - - name: git_branch - value: {{source_branch}} - - name: repo_path - value: {{repo_name}} # Dynamic variable to fetch repo name - - name: image_registry - value: "" # Place image registry URL without https:// succeeded by your application name - - name: helm_registry - value: "" # Place helm registry URL with https:// - - name: pull_request_number - value: {{pull_request_number}} - - name: organization - value: {{YOUR_GIT_ORG}} - pipelineSpec: # Define what parameters will be used for pipeline - params: - - name: repo_url - - name: git_revision - - name: repo_path - - name: image_registry - - name: helm_registry - - name: pull_request_number - - name: organization - - name: git_branch - workspaces: # Mention what workspaces will be used by this pipeline to store data and used by data transferring between tasks - - name: source - - name: ssh-directory - tasks: # Mention what tasks will be used by this pipeline - - name: fetch-repository #Name what you want to call the task - taskRef: - name: git-clone # Name of tasks mentioned in tekton-catalog - kind: Task - workspaces: # Mention what workspaces will be used by this task - - name: output - workspace: source - - name: ssh-directory - workspace: ssh-directory - params: # Parameters will be used by this task - - name: depth - value: "0" - - name: url - value: $(params.repo_url) - - name: revision - value: $(params.git_revision) - - name: create-git-tag - runAfter: - - fetch-repository - taskRef: - name: stakater-create-git-tag - kind: Task - params: - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_REVISION - value: $(params.git_revision) - workspaces: - - name: source - workspace: source - - name: ssh-directory - workspace: ssh-directory - - name: stakater-create-environment - runAfter: - - create-git-tag - taskRef: - kind: Task - name: stakater-create-environment - params: - - name: CREATE_ON_CLUSTER - value: "true" - - name: REPO_NAME - value: $(params.repo_path) - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_URL - value: "" #Replace with your application repository Url - - name: GIT_BRANCH - value: $(params.git_branch) - - name: IMAGE_TAG - value: $(tasks.create-git-tag.results.GIT_TAG) - - name: IMAGE_REPO - value: $(params.image_registry) - - name: PULL_REQUEST_COMMITS_API # Replace when not using Git - value: https://api.github.com/repos/$(params.organization)/$(params.repo_path)/pulls/$(params.pull_request_number)/commits - workspaces: - - name: output - workspace: source - - name: repo-token - workspace: repo-token - - name: code-linting - runAfter: - - stakater-create-environment - taskRef: - name: stakater-code-linting - kind: Task - workspaces: - - name: source - workspace: source - - name: kube-linting - runAfter: - - stakater-create-environment - taskRef: - name: stakater-kube-linting - kind: Task - params: - - name: FILE - value: manifest.yaml - - name: DEPLOYMENT_FILES_PATH - value: deploy - - name: NAMESPACE - value: arsenal-build - workspaces: - - name: source - workspace: source - - name: unit-test - runAfter: - - code-linting - - kube-linting - taskRef: - name: stakater-unit-test - kind: Task - workspaces: - - name: source - workspace: source - - name: sonarqube-scan - runAfter: - - unit-test - taskRef: - name: stakater-sonarqube-scan - kind: Task - params: - - name: SONAR_HOST_URL - value: - - name: SONAR_PROJECT_KEY - value: $(params.repo_path) - - name: SONAR_LOGIN - workspaces: - - name: source - workspace: source - workspaces: # Mention Workspaces configuration - - name: source - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - - name: ssh-directory # Using ssh-directory workspace for our task to have better security - secret: - secretName: git-ssh-creds # Created this secret earlier - - name: repo-token - secret: - secretName: git-pat-creds + {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/sonarqube_scan.yaml" %} ``` - **Notice** we have provided a parameter **SONAR_HOST_URL** to the sonar-scan task. You need to provide your SonarQube url here. You can get it from Forecastle. !!! note diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/13-add-buildah-image-build.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/13-add-buildah-image-build.md index 87d76dc9..97d8e36a 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/13-add-buildah-image-build.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/13-add-buildah-image-build.md @@ -20,193 +20,8 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a 1. Now edit the file so the YAML becomes like the one given below. ```yaml - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - name: pullrequest # pipelineRun name - annotations: - pipelinesascode.tekton.dev/on-event: "[pull_request]" # Trigger the pipelineRun on push events on branch main - pipelinesascode.tekton.dev/on-target-branch: "main" - pipelinesascode.tekton.dev/task: "[git-clone, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-git-tag/0.0.12/task/stakater-create-git-tag/stakater-create-git-tag.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-environment/0.0.16/task/stakater-create-environment/stakater-create-environment.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/code-linting-mvn/0.0.4/task/stakater-code-linting/stakater-code-linting.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/kube-linting/0.0.7/task/stakater-kube-linting/stakater-kube-linting.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/unit-test/0.0.6/task/stakater-unit-test/stakater-unit-test.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/sonarqube-scan/0.0.13/task/stakater-sonarqube-scan/stakater-sonarqube-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/buildah-image-build/0.0.1/task/stakater-buildah-image-build/stakater-buildah-image-build.yaml]" - pipelinesascode.tekton.dev/max-keep-runs: "2" # Only remain 2 latest pipelineRuns on SAAP - spec: - params: - - name: repo_url - value: {{body.repository.ssh_url}} # Place your repo SSH URL - - name: git_revision - value: {{revision}} # Dynamic variable to fetch branch name of the push event on your repo - - name: repo_name - value: {{repo_name}} # Dynamic varaible to fetch repo name - - name: repo_path - value: "<-YOUR_APPLICATION-NAME->" # Dynamic varaible to define application name - - name: git_branch - value: {{source_branch}} - - name: pull_request_number - value: {{pull_request_number}} - - name: organization - value: {{body.organization.login}} - pipelineSpec: # Define what parameters will be used for pipeline - params: - - name: repo_url - - name: git_revision - - name: repo_name - - name: repo_path - - name: pull_request_number - - name: organization - - name: git_branch - workspaces: # Mention what workspaces will be used by this pipeline to store data and used by data transferring between tasks - - name: source - - name: ssh-directory - tasks: # Mention what tasks will be used by this pipeline - - name: fetch-repository #Name what you want to call the task - taskRef: - name: git-clone # Name of tasks mentioned in tekton-catalog - kind: ClusterTask - workspaces: # Mention what workspaces will be used by this task - - name: output - workspace: source - - name: ssh-directory - workspace: ssh-directory - params: # Parameters will be used by this task - - name: depth - value: "0" - - name: url - value: $(params.repo_url) - - name: revision - value: $(params.git_revision) - - name: create-git-tag - runAfter: - - fetch-repository - taskRef: - name: stakater-create-git-tag - kind: Task - params: - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_REVISION - value: $(params.git_revision) - workspaces: - - name: source - workspace: source - - name: ssh-directory - workspace: ssh-directory - - name: stakater-create-environment - runAfter: - - create-git-tag - taskRef: - kind: Task - name: stakater-create-environment - params: - - name: CREATE_ON_CLUSTER - value: "true" - - name: REPO_NAME - value: $(params.repo_path) - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_URL - value: "" #Replace with your application repository Url - - name: GIT_BRANCH - value: $(params.git_branch) - - name: IMAGE_TAG - value: $(tasks.create-git-tag.results.GIT_TAG) - - name: PULL_REQUEST_COMMITS_API # Replace when not using Git - value: https://api.github.com/repos/$(params.organization)/$(params.repo_name)/pulls/$(params.pull_request_number)/commits - workspaces: - - name: output - workspace: source - - name: repo-token - workspace: repo-token - - name: code-linting - runAfter: - - stakater-create-environment - taskRef: - name: stakater-code-linting - kind: Task - workspaces: - - name: source - workspace: source - - name: kube-linting - runAfter: - - stakater-create-environment - taskRef: - name: stakater-kube-linting - kind: Task - params: - - name: FILE - value: manifest.yaml - - name: DEPLOYMENT_FILES_PATH - value: deploy - - name: NAMESPACE - value: arsenal-build - workspaces: - - name: source - workspace: source - - name: unit-test - runAfter: - - code-linting - - kube-linting - taskRef: - name: stakater-unit-test - kind: Task - workspaces: - - name: source - workspace: source - - name: sonarqube-scan - runAfter: - - stakater-unit-test-dotnet - taskRef: - name: stakater-sonarqube-scan - kind: Task - params: - - name: SONAR_PROJECT_KEY - value: $(params.repo_path) - workspaces: - - name: source - workspace: source - - name: buildah-image-build - runAfter: - - unit-test - taskRef: - name: stakater-buildah-image-build - kind: Task - params: - - name: IMAGE_NAME - value: $(params.repo_path):$(tasks.create-git-tag.results.GIT_TAG) - - name: TLSVERIFY - value: "false" - - name: FORMAT - value: "docker" - - name: CURRENT_GIT_TAG - value: $(tasks.create-git-tag.results.CURRENT_GIT_TAG) - - name: REPO_NAME - value: $(params.repo_path) - workspaces: - - name: source - workspace: source - workspaces: # Mention Workspaces configuration - - name: source - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - - name: ssh-directory # Using ssh-directory workspace for our task to have better security - secret: - secretName: git-ssh-creds # Created this secret earlier - - name: repo-token - secret: - secretName: git-pat-creds + {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/buildah_image_build.yaml" %} ``` - !!! note Remember to add the remote task in the annotations ![buildah](images/buildah.png) diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/13-add-buildah-image-push.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/13-add-buildah-image-push.md deleted file mode 100644 index 73e7b077..00000000 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/13-add-buildah-image-push.md +++ /dev/null @@ -1,239 +0,0 @@ -# Buildah Image Push - -## Objectives - -- Add `buildah-image-push` task to PipelineRun. -- Define parameters, workspaces, and tasks within the PipelineRun for building and deploying your application. - -## Key Results - -- Successfully create and execute the Tekton PipelineRun using the defined `.tekton/pullrequest.yaml` file, enabling automated CI/CD processes for your application. -- Image is pushed to the Nexus repository. - -## Tutorial - -### Create PipelineRun with Buildah Image Push Task - -You have already created a PipelineRun in the previous tutorial. Let's now add another task [`buildah-image-push`](https://github.com/stakater-tekton-catalog/buildah-image-push) to it. - -1. Open up the PipelineRun file you created in the previous tutorial. -1. Now edit the file so the YAML becomes like the one given below. - - ```yaml - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - name: pullrequest # pipelineRun name - annotations: - pipelinesascode.tekton.dev/on-event: "[pull_request]" # Trigger the pipelineRun on push events on branch main - pipelinesascode.tekton.dev/on-target-branch: "main" - pipelinesascode.tekton.dev/task: "[git-clone, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-git-tag/0.0.12/task/stakater-create-git-tag/stakater-create-git-tag.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-environment/0.0.16/task/stakater-create-environment/stakater-create-environment.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/code-linting-mvn/0.0.4/task/stakater-code-linting/stakater-code-linting.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/kube-linting/0.0.7/task/stakater-kube-linting/stakater-kube-linting.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/unit-test/0.0.6/task/stakater-unit-test/stakater-unit-test.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/sonarqube-scan/0.0.13/task/stakater-sonarqube-scan/stakater-sonarqube-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/buildah-image-build/0.0.1/task/stakater-buildah-image-build/stakater-buildah-image-build.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/buildah-image-push/0.0.1/task/stakater-buildah-image-push/stakater-buildah-image-push.yaml]" - pipelinesascode.tekton.dev/max-keep-runs: "2" # Only remain 2 latest pipelineRuns on SAAP - spec: - params: - - name: repo_url - value: {{body.repository.ssh_url}} # Place your repo SSH URL - - name: git_revision - value: {{revision}} # Dynamic variable to fetch branch name of the push event on your repo - - name: repo_name - value: {{repo_name}} # Dynamic varaible to fetch repo name - - name: repo_path - value: "<-YOUR_APPLICATION-NAME->" # Dynamic varaible to define application name - - name: git_branch - value: {{source_branch}} - - name: pull_request_number - value: {{pull_request_number}} - - name: organization - value: {{body.organization.login}} - pipelineSpec: # Define what parameters will be used for pipeline - params: - - name: repo_url - - name: git_revision - - name: repo_name - - name: repo_path - - name: pull_request_number - - name: organization - - name: git_branch - workspaces: # Mention what workspaces will be used by this pipeline to store data and used by data transferring between tasks - - name: source - - name: ssh-directory - tasks: # Mention what tasks will be used by this pipeline - - name: fetch-repository #Name what you want to call the task - taskRef: - name: git-clone # Name of tasks mentioned in tekton-catalog - kind: ClusterTask - workspaces: # Mention what workspaces will be used by this task - - name: output - workspace: source - - name: ssh-directory - workspace: ssh-directory - params: # Parameters will be used by this task - - name: depth - value: "0" - - name: url - value: $(params.repo_url) - - name: revision - value: $(params.git_revision) - - name: create-git-tag - runAfter: - - fetch-repository - taskRef: - name: stakater-create-git-tag - kind: Task - params: - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_REVISION - value: $(params.git_revision) - workspaces: - - name: source - workspace: source - - name: ssh-directory - workspace: ssh-directory - - name: stakater-create-environment - runAfter: - - create-git-tag - taskRef: - kind: Task - name: stakater-create-environment - params: - - name: CREATE_ON_CLUSTER - value: "true" - - name: REPO_NAME - value: $(params.repo_path) - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_URL - value: "" #Replace with your application repository Url - - name: GIT_BRANCH - value: $(params.git_branch) - - name: IMAGE_TAG - value: $(tasks.create-git-tag.results.GIT_TAG) - - name: PULL_REQUEST_COMMITS_API # Replace when not using Git - value: https://api.github.com/repos/$(params.organization)/$(params.repo_name)/pulls/$(params.pull_request_number)/commits - workspaces: - - name: output - workspace: source - - name: repo-token - workspace: repo-token - - name: code-linting - runAfter: - - stakater-create-environment - taskRef: - name: stakater-code-linting - kind: Task - workspaces: - - name: source - workspace: source - - name: kube-linting - runAfter: - - stakater-create-environment - taskRef: - name: stakater-kube-linting - kind: Task - params: - - name: FILE - value: manifest.yaml - - name: DEPLOYMENT_FILES_PATH - value: deploy - - name: NAMESPACE - value: arsenal-build - workspaces: - - name: source - workspace: source - - name: unit-test - runAfter: - - code-linting - - kube-linting - taskRef: - name: stakater-unit-test - kind: Task - workspaces: - - name: source - workspace: source - - name: sonarqube-scan - runAfter: - - stakater-unit-test-dotnet - taskRef: - name: stakater-sonarqube-scan - kind: Task - params: - - name: SONAR_PROJECT_KEY - value: $(params.repo_path) - workspaces: - - name: source - workspace: source - - name: buildah-image-build - runAfter: - - unit-test - taskRef: - name: stakater-buildah-image-build - kind: Task - params: - - name: IMAGE_NAME - value: $(params.repo_path):$(tasks.create-git-tag.results.GIT_TAG) - - name: TLSVERIFY - value: "false" - - name: FORMAT - value: "docker" - - name: CURRENT_GIT_TAG - value: $(tasks.create-git-tag.results.CURRENT_GIT_TAG) - - name: REPO_NAME - value: $(params.repo_path) - workspaces: - - name: source - workspace: source - - name: buildah-image-push - runAfter: - - buildah-image-build - taskRef: - name: stakater-buildah-image-push - kind: Task - params: - - name: IMAGE_NAME - value: $(params.repo_path):$(tasks.create-git-tag.results.GIT_TAG) - - name: TLSVERIFY - value: "false" - - name: CURRENT_GIT_TAG - value: $(tasks.create-git-tag.results.CURRENT_GIT_TAG) - - name: REPO_NAME - value: $(params.repo_path) - workspaces: - - name: source - workspace: source - workspaces: # Mention Workspaces configuration - - name: source - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - - name: ssh-directory # Using ssh-directory workspace for our task to have better security - secret: - secretName: git-ssh-creds # Created this secret earlier - - name: repo-token - secret: - secretName: git-pat-creds - ``` - - !!! note - Remember to add the remote task in the annotations - ![buildah](images/buildah.png) - -1. Create a pull request with you changes. This should trigger the pipeline in the build namespace. - - ![buildah](images/buildah.png) - - ![buildah-logs](images/buildah-logs.png) - -Great! Let's add more tasks in our pipelineRun in coming tutorials. diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/14-add-buildah-image-push.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/14-add-buildah-image-push.md new file mode 100644 index 00000000..67b2eacb --- /dev/null +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/14-add-buildah-image-push.md @@ -0,0 +1,35 @@ +# Buildah Image Push + +## Objectives + +- Add `buildah-image-push` task to PipelineRun. +- Define parameters, workspaces, and tasks within the PipelineRun for building and deploying your application. + +## Key Results + +- Successfully create and execute the Tekton PipelineRun using the defined `.tekton/pullrequest.yaml` file, enabling automated CI/CD processes for your application. +- Image is pushed to the Nexus repository. + +## Tutorial + +### Create PipelineRun with Buildah Image Push Task + +You have already created a PipelineRun in the previous tutorial. Let's now add another task [`buildah-image-push`](https://github.com/stakater-tekton-catalog/buildah-image-push) to it. + +1. Open up the PipelineRun file you created in the previous tutorial. +1. Now edit the file so the YAML becomes like the one given below. + + ```yaml + {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/buildah_image_push.yaml" %} + ``` + !!! note + Remember to add the remote task in the annotations + ![buildah](images/buildah.png) + +1. Create a pull request with you changes. This should trigger the pipeline in the build namespace. + + ![buildah](images/buildah.png) + + ![buildah-logs](images/buildah-logs.png) + +Great! Let's add more tasks in our pipelineRun in coming tutorials. diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/14-add-trivy-scan.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/14-add-trivy-scan.md deleted file mode 100644 index 2012b45f..00000000 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/14-add-trivy-scan.md +++ /dev/null @@ -1,244 +0,0 @@ -# Trivy Scan - -## Objectives - -- Add `trivy-scan` task to PipelineRun. -- Define parameters, workspaces, and tasks within the PipelineRun for building and deploying your application. - -## Key Results - -- Successfully create and execute the Tekton PipelineRun using the defined `.tekton/pullrequest.yaml` file, enabling automated CI/CD processes for your application. -- Trivy scan is run on application code. - -## Tutorial - -### Create PipelineRun with Trivy Scan Task - -You have already created a PipelineRun in the previous tutorial. Let's now add another task [`trivy-scan`](https://github.com/stakater-tekton-catalog/trivy-scan) to it. - -1. Open up the PipelineRun file you created in the previous tutorial. -1. Now edit the file so the YAML becomes like the one given below. - - ```yaml - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - name: pullrequest # pipelineRun name - annotations: - pipelinesascode.tekton.dev/on-event: "[pull_request]" # Trigger the pipelineRun on push events on branch main - pipelinesascode.tekton.dev/on-target-branch: "main" - pipelinesascode.tekton.dev/task: "[git-clone, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-git-tag/0.0.12/task/stakater-create-git-tag/stakater-create-git-tag.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-environment/0.0.16/task/stakater-create-environment/stakater-create-environment.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/code-linting-mvn/0.0.4/task/stakater-code-linting/stakater-code-linting.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/kube-linting/0.0.7/task/stakater-kube-linting/stakater-kube-linting.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/unit-test/0.0.6/task/stakater-unit-test/stakater-unit-test.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/sonarqube-scan/0.0.13/task/stakater-sonarqube-scan/stakater-sonarqube-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/buildah/0.0.29/task/stakater-buildah/stakater-buildah.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/trivy-scan/0.0.3/task/stakater-trivy-scan/stakater-trivy-scan.yaml]" - pipelinesascode.tekton.dev/max-keep-runs: "2" # Only remain 2 latest pipelineRuns on SAAP - spec: - params: - - name: repo_url - value: "git@github.com://" # Place your repo SSH URL - - name: git_revision - value: {{revision}} # Dynamic variable to fetch branch name of the push event on your repo - - name: git_branch - value: {{source_branch}} - - name: repo_path - value: {{repo_name}} # Dynamic variable to fetch repo name - - name: image_registry - value: "" # Place image registry URL without https:// succeeded by your application name - - name: helm_registry - value: "" # Place helm registry URL with https:// - - name: pull_request_number - value: {{pull_request_number}} - - name: organization - value: {{YOUR_GIT_ORG}} - pipelineSpec: # Define what parameters will be used for pipeline - params: - - name: repo_url - - name: git_revision - - name: repo_path - - name: image_registry - - name: helm_registry - - name: pull_request_number - - name: organization - - name: git_branch - workspaces: # Mention what workspaces will be used by this pipeline to store data and used by data transferring between tasks - - name: source - - name: ssh-directory - tasks: # Mention what tasks will be used by this pipeline - - name: fetch-repository #Name what you want to call the task - taskRef: - name: git-clone # Name of tasks mentioned in tekton-catalog - kind: Task - workspaces: # Mention what workspaces will be used by this task - - name: output - workspace: source - - name: ssh-directory - workspace: ssh-directory - params: # Parameters will be used by this task - - name: depth - value: "0" - - name: url - value: $(params.repo_url) - - name: revision - value: $(params.git_revision) - - name: create-git-tag - runAfter: - - fetch-repository - taskRef: - name: stakater-create-git-tag - kind: Task - params: - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_REVISION - value: $(params.git_revision) - workspaces: - - name: source - workspace: source - - name: ssh-directory - workspace: ssh-directory - - name: stakater-create-environment - runAfter: - - create-git-tag - taskRef: - kind: Task - name: stakater-create-environment - params: - - name: CREATE_ON_CLUSTER - value: "true" - - name: REPO_NAME - value: $(params.repo_path) - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_URL - value: "" #Replace with your application repository Url - - name: GIT_BRANCH - value: $(params.git_branch) - - name: IMAGE_TAG - value: $(tasks.create-git-tag.results.GIT_TAG) - - name: IMAGE_REPO - value: $(params.image_registry) - - name: PULL_REQUEST_COMMITS_API # Replace when not using Git - value: https://api.github.com/repos/$(params.organization)/$(params.repo_path)/pulls/$(params.pull_request_number)/commits - workspaces: - - name: output - workspace: source - - name: repo-token - workspace: repo-token - - name: code-linting - runAfter: - - stakater-create-environment - taskRef: - name: stakater-code-linting - kind: Task - workspaces: - - name: source - workspace: source - - name: kube-linting - runAfter: - - stakater-create-environment - taskRef: - name: stakater-kube-linting - kind: Task - params: - - name: FILE - value: manifest.yaml - - name: DEPLOYMENT_FILES_PATH - value: deploy - - name: NAMESPACE - value: arsenal-build - workspaces: - - name: source - workspace: source - - name: unit-test - runAfter: - - code-linting - - kube-linting - taskRef: - name: stakater-unit-test - kind: Task - workspaces: - - name: source - workspace: source - - name: sonarqube-scan - runAfter: - - unit-test - taskRef: - name: stakater-sonarqube-scan - kind: Task - params: - - name: SONAR_HOST_URL - value: - - name: SONAR_PROJECT_KEY - value: $(params.repo_path) - - name: SONAR_LOGIN - workspaces: - - name: source - workspace: source - - name: buildah - runAfter: - - unit-test - taskRef: - name: stakater-buildah - kind: Task - params: - - name: IMAGE - value: $(params.image_registry):$(tasks.create-git-tag.results.GIT_TAG) - - name: TLSVERIFY - value: "false" - - name: FORMAT - value: "docker" - - name: BUILD_IMAGE - value: "true" - - name: IMAGE_REGISTRY - value: $(params.image_registry) - - name: CURRENT_GIT_TAG - value: $(tasks.create-git-tag.results.CURRENT_GIT_TAG) - workspaces: - - name: source - workspace: source - - name: trivy-scan - runAfter: - - buildah - - sonarqube-scan - taskRef: - name: stakater-trivy-scan - kind: Task - params: - - name: IMAGE - value: $(params.image_registry):$(tasks.create-git-tag.results.GIT_TAG) - workspaces: - - name: source - workspace: source - workspaces: # Mention Workspaces configuration - - name: source - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - - name: ssh-directory # Using ssh-directory workspace for our task to have better security - secret: - secretName: git-ssh-creds # Created this secret earlier - - name: repo-token - secret: - secretName: git-pat-creds - ``` - - !!! note - Remember to add the remote task in the annotations - ![Trivy-scan](images/trivy-scan-annotation.png) - -1. Create a pull request with you changes. This should trigger the pipeline in the build namespace. - - ![Trivy-scan](images/Trivy-scan.png) - - ![Trivy-scan-logs](images/Trivy-scan-logs.png) - -Great! Let's add more tasks in our pipelineRun in coming tutorials. diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/15-add-rox-image-scan.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/15-add-rox-image-scan.md deleted file mode 100644 index de8f9574..00000000 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/15-add-rox-image-scan.md +++ /dev/null @@ -1,265 +0,0 @@ -# StackRox Image Scan - -## Objectives - -- Add `rox-image-scan` task to PipelineRun. -- Define parameters, workspaces, and tasks within the PipelineRun for building and deploying your application. - -## Key Results - -- Successfully create and execute the Tekton PipelineRun using the defined `.tekton/pullrequest.yaml` file, enabling automated CI/CD processes for your application. -- Application Image is scanned. - -## Tutorial - -### Create PipelineRun with Rox Image Scan Task - -You have already created a PipelineRun in the previous tutorial. Let's now add another task [`rox-image-scan`](https://github.com/stakater-tekton-catalog/rox-image-scan) to it. - -1. Open up the PipelineRun file you created in the previous tutorial. -1. Now edit the file so the YAML becomes like the one given below. - - ```yaml - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - name: pullrequest # pipelineRun name - annotations: - pipelinesascode.tekton.dev/on-event: "[pull_request]" # Trigger the pipelineRun on push events on branch main - pipelinesascode.tekton.dev/on-target-branch: "main" - pipelinesascode.tekton.dev/task: "[git-clone, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-git-tag/0.0.12/task/stakater-create-git-tag/stakater-create-git-tag.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-environment/0.0.16/task/stakater-create-environment/stakater-create-environment.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/code-linting-mvn/0.0.4/task/stakater-code-linting/stakater-code-linting.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/kube-linting/0.0.7/task/stakater-kube-linting/stakater-kube-linting.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/unit-test/0.0.6/task/stakater-unit-test/stakater-unit-test.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/sonarqube-scan/0.0.13/task/stakater-sonarqube-scan/stakater-sonarqube-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/buildah/0.0.29/task/stakater-buildah/stakater-buildah.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/trivy-scan/0.0.3/task/stakater-trivy-scan/stakater-trivy-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/rox-image-scan/0.0.4/task/stakater-rox-image-scan/stakater-rox-image-scan.yaml]" - pipelinesascode.tekton.dev/max-keep-runs: "2" # Only remain 2 latest pipelineRuns on SAAP - spec: - params: - - name: repo_url - value: "git@github.com://" # Place your repo SSH URL - - name: git_revision - value: {{revision}} # Dynamic variable to fetch branch name of the push event on your repo - - name: git_branch - value: {{source_branch}} - - name: repo_path - value: {{repo_name}} # Dynamic variable to fetch repo name - - name: image_registry - value: "" # Place image registry URL without https:// succeeded by your application name - - name: helm_registry - value: "" # Place helm registry URL with https:// - - name: pull_request_number - value: {{pull_request_number}} - - name: organization - value: {{YOUR_GIT_ORG}} - pipelineSpec: # Define what parameters will be used for pipeline - params: - - name: repo_url - - name: git_revision - - name: repo_path - - name: image_registry - - name: helm_registry - - name: pull_request_number - - name: organization - - name: git_branch - workspaces: # Mention what workspaces will be used by this pipeline to store data and used by data transferring between tasks - - name: source - - name: ssh-directory - tasks: # Mention what tasks will be used by this pipeline - - name: fetch-repository #Name what you want to call the task - taskRef: - name: git-clone # Name of tasks mentioned in tekton-catalog - kind: Task - workspaces: # Mention what workspaces will be used by this task - - name: output - workspace: source - - name: ssh-directory - workspace: ssh-directory - params: # Parameters will be used by this task - - name: depth - value: "0" - - name: url - value: $(params.repo_url) - - name: revision - value: $(params.git_revision) - - name: create-git-tag - runAfter: - - fetch-repository - taskRef: - name: stakater-create-git-tag - kind: Task - params: - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_REVISION - value: $(params.git_revision) - workspaces: - - name: source - workspace: source - - name: ssh-directory - workspace: ssh-directory - - name: stakater-create-environment - runAfter: - - create-git-tag - taskRef: - kind: Task - name: stakater-create-environment - params: - - name: CREATE_ON_CLUSTER - value: "true" - - name: REPO_NAME - value: $(params.repo_path) - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_URL - value: "" #Replace with your application repository Url - - name: GIT_BRANCH - value: $(params.git_branch) - - name: IMAGE_TAG - value: $(tasks.create-git-tag.results.GIT_TAG) - - name: IMAGE_REPO - value: $(params.image_registry) - - name: PULL_REQUEST_COMMITS_API # Replace when not using Git - value: https://api.github.com/repos/$(params.organization)/$(params.repo_path)/pulls/$(params.pull_request_number)/commits - workspaces: - - name: output - workspace: source - - name: repo-token - workspace: repo-token - - name: code-linting - runAfter: - - stakater-create-environment - taskRef: - name: stakater-code-linting - kind: Task - workspaces: - - name: source - workspace: source - - name: kube-linting - runAfter: - - stakater-create-environment - taskRef: - name: stakater-kube-linting - kind: Task - params: - - name: FILE - value: manifest.yaml - - name: DEPLOYMENT_FILES_PATH - value: deploy - - name: NAMESPACE - value: arsenal-build - workspaces: - - name: source - workspace: source - - name: unit-test - runAfter: - - code-linting - - kube-linting - taskRef: - name: stakater-unit-test - kind: Task - workspaces: - - name: source - workspace: source - - name: sonarqube-scan - runAfter: - - unit-test - taskRef: - name: stakater-sonarqube-scan - kind: Task - params: - - name: SONAR_HOST_URL - value: https://sonarqube-stakater-sonarqube.apps.tno2-ams.s9nghh76.lab.kubeapp.cloud - - name: SONAR_PROJECT_KEY - value: $(params.repo_path) - - name: SONAR_LOGIN - workspaces: - - name: source - workspace: source - - name: buildah - runAfter: - - unit-test - taskRef: - name: stakater-buildah - kind: Task - params: - - name: IMAGE - value: $(params.image_registry):$(tasks.create-git-tag.results.GIT_TAG) - - name: TLSVERIFY - value: "false" - - name: FORMAT - value: "docker" - - name: BUILD_IMAGE - value: "true" - - name: IMAGE_REGISTRY - value: $(params.image_registry) - - name: CURRENT_GIT_TAG - value: $(tasks.create-git-tag.results.CURRENT_GIT_TAG) - workspaces: - - name: source - workspace: source - - name: trivy-scan - runAfter: - - buildah - - sonarqube-scan - taskRef: - name: stakater-trivy-scan - kind: Task - params: - - name: IMAGE - value: $(params.image_registry):$(tasks.create-git-tag.results.GIT_TAG) - workspaces: - - name: source - workspace: source - - name: rox-image-scan - runAfter: - - buildah - - sonarqube-scan - taskRef: - name: stakater-rox-image-scan - kind: Task - params: - - name: IMAGE - value: '$(params.image_registry):$(tasks.create-git-tag.results.GIT_TAG)' - - name: ROX_API_TOKEN - value: rox-creds - - name: ROX_CENTRAL_ENDPOINT - value: rox-creds - - name: OUTPUT_FORMAT - value: csv - - name: IMAGE_DIGEST - value: $(tasks.buildah.results.IMAGE_DIGEST) - - name: BUILD_IMAGE - value: "true" - workspaces: # Mention Workspaces configuration - - name: source - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - - name: ssh-directory # Using ssh-directory workspace for our task to have better security - secret: - secretName: git-ssh-creds # Created this secret earlier - - name: repo-token - secret: - secretName: git-pat-creds - ``` - - !!! note - Remember to add the remote task in the annotations - ![rox-image-scan](images/rox-image-scan-annotation.png) - -1. Create a pull request with you changes. This should trigger the pipeline in the build namespace. - - ![rox-image-scan](images/rox-image-scan.png) - - ![rox-image-scan-logs](images/rox-image-scan-logs.png) - -Great! Let's add more tasks in our pipelineRun in coming tutorials. diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/15-add-trivy-scan.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/15-add-trivy-scan.md new file mode 100644 index 00000000..8faf441d --- /dev/null +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/15-add-trivy-scan.md @@ -0,0 +1,35 @@ +# Trivy Scan + +## Objectives + +- Add `trivy-scan` task to PipelineRun. +- Define parameters, workspaces, and tasks within the PipelineRun for building and deploying your application. + +## Key Results + +- Successfully create and execute the Tekton PipelineRun using the defined `.tekton/pullrequest.yaml` file, enabling automated CI/CD processes for your application. +- Trivy scan is run on application code. + +## Tutorial + +### Create PipelineRun with Trivy Scan Task + +You have already created a PipelineRun in the previous tutorial. Let's now add another task [`trivy-scan`](https://github.com/stakater-tekton-catalog/trivy-scan) to it. + +1. Open up the PipelineRun file you created in the previous tutorial. +1. Now edit the file so the YAML becomes like the one given below. + + ```yaml + {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/trivy_scan.yaml" %} + ``` + !!! note + Remember to add the remote task in the annotations + ![Trivy-scan](images/trivy-scan-annotation.png) + +1. Create a pull request with you changes. This should trigger the pipeline in the build namespace. + + ![Trivy-scan](images/Trivy-scan.png) + + ![Trivy-scan-logs](images/Trivy-scan-logs.png) + +Great! Let's add more tasks in our pipelineRun in coming tutorials. diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/16-add-rox-image-check.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/16-add-rox-image-check.md deleted file mode 100644 index 2bc42ac1..00000000 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/16-add-rox-image-check.md +++ /dev/null @@ -1,281 +0,0 @@ -# StackRox Image Check - -## Objectives - -- Add `rox-image-check` task to PipelineRun. -- Define parameters, workspaces, and tasks within the PipelineRun for building and deploying your application. - -## Key Results - -- Successfully create and execute the Tekton PipelineRun using the defined `.tekton/pullrequest.yaml` file, enabling automated CI/CD processes for your application. - -## Tutorial - -### Create PipelineRun with Rox Image Check Task - -You have already created a PipelineRun in the previous tutorial. Let's now add another task [`rox-image-check`](https://github.com/stakater-tekton-catalog/rox-image-check) to it. - -1. Open up the PipelineRun file you created in the previous tutorial. -1. Now edit the file so the YAML becomes like the one given below. - - ```yaml - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - name: pullrequest # pipelineRun name - annotations: - pipelinesascode.tekton.dev/on-event: "[pull_request]" # Trigger the pipelineRun on push events on branch main - pipelinesascode.tekton.dev/on-target-branch: "main" - pipelinesascode.tekton.dev/task: "[git-clone, https://raw.githubusercontent.com/stakater/tekton-catalog/main/stakater-create-git-tag/rendered/stakater-create-git-tag-0.0.7.yaml, https://raw.githubusercontent.com/stakater/tekton-catalog/main/stakater-create-environment/rendered/stakater-create-environment-0.0.16.yaml,https://raw.githubusercontent.com/stakater/tekton-catalog/main/stakater-code-linting/rendered/stakater-code-linting-0.0.3.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-git-tag/0.0.12/task/stakater-create-git-tag/stakater-create-git-tag.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-environment/0.0.16/task/stakater-create-environment/stakater-create-environment.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/code-linting-mvn/0.0.4/task/stakater-code-linting/stakater-code-linting.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/kube-linting/0.0.7/task/stakater-kube-linting/stakater-kube-linting.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/unit-test/0.0.6/task/stakater-unit-test/stakater-unit-test.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/sonarqube-scan/0.0.13/task/stakater-sonarqube-scan/stakater-sonarqube-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/buildah/0.0.29/task/stakater-buildah/stakater-buildah.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/trivy-scan/0.0.3/task/stakater-trivy-scan/stakater-trivy-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/rox-image-scan/0.0.4/task/stakater-rox-image-scan/stakater-rox-image-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/rox-image-check/0.0.7/task/stakater-rox-image-check/stakater-rox-image-check.yaml]" - pipelinesascode.tekton.dev/max-keep-runs: "2" # Only remain 2 latest pipelineRuns on SAAP - spec: - params: - - name: repo_url - value: "git@github.com://" # Place your repo SSH URL - - name: git_revision - value: {{revision}} # Dynamic variable to fetch branch name of the push event on your repo - - name: git_branch - value: {{source_branch}} - - name: repo_path - value: {{repo_name}} # Dynamic variable to fetch repo name - - name: image_registry - value: "" # Place image registry URL without https:// succeeded by your application name - - name: helm_registry - value: "" # Place helm registry URL with https:// - - name: pull_request_number - value: {{pull_request_number}} - - name: organization - value: {{YOUR_GIT_ORG}} - pipelineSpec: # Define what parameters will be used for pipeline - params: - - name: repo_url - - name: git_revision - - name: repo_path - - name: image_registry - - name: helm_registry - - name: pull_request_number - - name: organization - - name: git_branch - workspaces: # Mention what workspaces will be used by this pipeline to store data and used by data transferring between tasks - - name: source - - name: ssh-directory - tasks: # Mention what tasks will be used by this pipeline - - name: fetch-repository #Name what you want to call the task - taskRef: - name: git-clone # Name of tasks mentioned in tekton-catalog - kind: Task - workspaces: # Mention what workspaces will be used by this task - - name: output - workspace: source - - name: ssh-directory - workspace: ssh-directory - params: # Parameters will be used by this task - - name: depth - value: "0" - - name: url - value: $(params.repo_url) - - name: revision - value: $(params.git_revision) - - name: create-git-tag - runAfter: - - fetch-repository - taskRef: - name: stakater-create-git-tag - kind: Task - params: - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_REVISION - value: $(params.git_revision) - workspaces: - - name: source - workspace: source - - name: ssh-directory - workspace: ssh-directory - - name: stakater-create-environment - runAfter: - - create-git-tag - taskRef: - kind: Task - name: stakater-create-environment - params: - - name: CREATE_ON_CLUSTER - value: "true" - - name: REPO_NAME - value: $(params.repo_path) - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_URL - value: "" #Replace with your application repository Url - - name: GIT_BRANCH - value: $(params.git_branch) - - name: IMAGE_TAG - value: $(tasks.create-git-tag.results.GIT_TAG) - - name: IMAGE_REPO - value: $(params.image_registry) - - name: PULL_REQUEST_COMMITS_API # Replace when not using Git - value: https://api.github.com/repos/$(params.organization)/$(params.repo_path)/pulls/$(params.pull_request_number)/commits - workspaces: - - name: output - workspace: source - - name: repo-token - workspace: repo-token - - name: code-linting - runAfter: - - stakater-create-environment - taskRef: - name: stakater-code-linting - kind: Task - workspaces: - - name: source - workspace: source - - name: kube-linting - runAfter: - - stakater-create-environment - taskRef: - name: stakater-kube-linting - kind: Task - params: - - name: FILE - value: manifest.yaml - - name: DEPLOYMENT_FILES_PATH - value: deploy - - name: NAMESPACE - value: arsenal-build - workspaces: - - name: source - workspace: source - - name: unit-test - runAfter: - - code-linting - - kube-linting - taskRef: - name: stakater-unit-test - kind: Task - workspaces: - - name: source - workspace: source - - name: sonarqube-scan - runAfter: - - unit-test - taskRef: - name: stakater-sonarqube-scan - kind: Task - params: - - name: SONAR_HOST_URL - value: https://sonarqube-stakater-sonarqube.apps.tno2-ams.s9nghh76.lab.kubeapp.cloud - - name: SONAR_PROJECT_KEY - value: $(params.repo_path) - - name: SONAR_LOGIN - workspaces: - - name: source - workspace: source - - name: buildah - runAfter: - - unit-test - taskRef: - name: stakater-buildah - kind: Task - params: - - name: IMAGE - value: $(params.image_registry):$(tasks.create-git-tag.results.GIT_TAG) - - name: TLSVERIFY - value: "false" - - name: FORMAT - value: "docker" - - name: BUILD_IMAGE - value: "true" - - name: IMAGE_REGISTRY - value: $(params.image_registry) - - name: CURRENT_GIT_TAG - value: $(tasks.create-git-tag.results.CURRENT_GIT_TAG) - workspaces: - - name: source - workspace: source - - name: trivy-scan - runAfter: - - buildah - - sonarqube-scan - taskRef: - name: stakater-trivy-scan - kind: Task - params: - - name: IMAGE - value: $(params.image_registry):$(tasks.create-git-tag.results.GIT_TAG) - workspaces: - - name: source - workspace: source - - name: rox-image-scan - runAfter: - - buildah - - sonarqube-scan - taskRef: - name: stakater-rox-image-scan - kind: Task - params: - - name: IMAGE - value: '$(params.image_registry):$(tasks.create-git-tag.results.GIT_TAG)' - - name: ROX_API_TOKEN - value: rox-creds - - name: ROX_CENTRAL_ENDPOINT - value: rox-creds - - name: OUTPUT_FORMAT - value: csv - - name: IMAGE_DIGEST - value: $(tasks.buildah.results.IMAGE_DIGEST) - - name: BUILD_IMAGE - value: "true" - - name: rox-image-check - runAfter: - - buildah - - sonarqube-scan - taskRef: - name: stakater-rox-image-check - kind: Task - params: - - name: IMAGE - value: '$(params.image_registry):$(tasks.create-git-tag.results.GIT_TAG)' - - name: ROX_API_TOKEN - value: rox-creds - - name: ROX_CENTRAL_ENDPOINT - value: rox-creds - - name: BUILD_IMAGE - value: "true" - workspaces: # Mention Workspaces configuration - - name: source - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - - name: ssh-directory # Using ssh-directory workspace for our task to have better security - secret: - secretName: git-ssh-creds # Created this secret earlier - - name: repo-token - secret: - secretName: git-pat-creds - ``` - - !!! note - Remember to add the remote task in the annotations - ![rox-image-check](images/rox-image-check-annotation.png) - -1. Create a pull request with you changes. This should trigger the pipeline in the build namespace. - - ![rox-image-check](images/rox-image-check.png) - - ![rox-image-check-logs](images/rox-image-check-logs.png) - -Great! Let's add more tasks in our pipelineRun in coming tutorials. diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/16-add-rox-image-scan.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/16-add-rox-image-scan.md new file mode 100644 index 00000000..558d253a --- /dev/null +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/16-add-rox-image-scan.md @@ -0,0 +1,35 @@ +# StackRox Image Scan + +## Objectives + +- Add `rox-image-scan` task to PipelineRun. +- Define parameters, workspaces, and tasks within the PipelineRun for building and deploying your application. + +## Key Results + +- Successfully create and execute the Tekton PipelineRun using the defined `.tekton/pullrequest.yaml` file, enabling automated CI/CD processes for your application. +- Application Image is scanned. + +## Tutorial + +### Create PipelineRun with Rox Image Scan Task + +You have already created a PipelineRun in the previous tutorial. Let's now add another task [`rox-image-scan`](https://github.com/stakater-tekton-catalog/rox-image-scan) to it. + +1. Open up the PipelineRun file you created in the previous tutorial. +1. Now edit the file so the YAML becomes like the one given below. + + ```yaml + {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/rox_image_scan.yaml" %} + ``` + !!! note + Remember to add the remote task in the annotations + ![rox-image-scan](images/rox-image-scan-annotation.png) + +1. Create a pull request with you changes. This should trigger the pipeline in the build namespace. + + ![rox-image-scan](images/rox-image-scan.png) + + ![rox-image-scan-logs](images/rox-image-scan-logs.png) + +Great! Let's add more tasks in our pipelineRun in coming tutorials. diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/17-add-rox-deployment-check.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/17-add-rox-deployment-check.md deleted file mode 100644 index 718c24df..00000000 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/17-add-rox-deployment-check.md +++ /dev/null @@ -1,301 +0,0 @@ -# StackRox Deployment Check - -## Objectives - -- Add `rox-deployemnt-check` task to PipelineRun. -- Define parameters, workspaces, and tasks within the PipelineRun for building and deploying your application. - -## Key Results - -- Successfully create and execute the Tekton PipelineRun using the defined `.tekton/pullrequest.yaml` file, enabling automated CI/CD processes for your application. - -## Tutorial - -### Create PipelineRun with Rox Deployment Check Task - -You have already created a PipelineRun in the previous tutorial. Let's now add another task `rox-deployment-check` to it. - -1. Open up the PipelineRun file you created in the previous tutorial. -1. Now edit the file so the YAML becomes like the one given below. - - ```yaml - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - name: pullrequest # pipelineRun name - annotations: - pipelinesascode.tekton.dev/on-event: "[pull_request]" # Trigger the pipelineRun on push events on branch main - pipelinesascode.tekton.dev/on-target-branch: "main" - pipelinesascode.tekton.dev/task: "[git-clone, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-git-tag/0.0.12/task/stakater-create-git-tag/stakater-create-git-tag.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-environment/0.0.16/task/stakater-create-environment/stakater-create-environment.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/code-linting-mvn/0.0.4/task/stakater-code-linting/stakater-code-linting.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/kube-linting/0.0.7/task/stakater-kube-linting/stakater-kube-linting.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/unit-test/0.0.6/task/stakater-unit-test/stakater-unit-test.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/sonarqube-scan/0.0.13/task/stakater-sonarqube-scan/stakater-sonarqube-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/buildah/0.0.29/task/stakater-buildah/stakater-buildah.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/trivy-scan/0.0.3/task/stakater-trivy-scan/stakater-trivy-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/rox-image-scan/0.0.4/task/stakater-rox-image-scan/stakater-rox-image-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/rox-image-check/0.0.7/task/stakater-rox-image-check/stakater-rox-image-check.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/rox-deployment-check/0.0.4/task/stakater-rox-deployment-check/stakater-rox-deployment-check.yaml]" - pipelinesascode.tekton.dev/max-keep-runs: "2" # Only remain 2 latest pipelineRuns on SAAP - spec: - params: - - name: repo_url - value: "git@github.com://" # Place your repo SSH URL - - name: git_revision - value: {{revision}} # Dynamic variable to fetch branch name of the push event on your repo - - name: git_branch - value: {{source_branch}} - - name: repo_path - value: {{repo_name}} # Dynamic variable to fetch repo name - - name: image_registry - value: "" # Place image registry URL without https:// succeeded by your application name - - name: helm_registry - value: "" # Place helm registry URL with https:// - - name: pull_request_number - value: {{pull_request_number}} - - name: organization - value: {{YOUR_GIT_ORG}} - pipelineSpec: # Define what parameters will be used for pipeline - params: - - name: repo_url - - name: git_revision - - name: repo_path - - name: image_registry - - name: helm_registry - - name: pull_request_number - - name: organization - - name: git_branch - workspaces: # Mention what workspaces will be used by this pipeline to store data and used by data transferring between tasks - - name: source - - name: ssh-directory - tasks: # Mention what tasks will be used by this pipeline - - name: fetch-repository #Name what you want to call the task - taskRef: - name: git-clone # Name of tasks mentioned in tekton-catalog - kind: Task - workspaces: # Mention what workspaces will be used by this task - - name: output - workspace: source - - name: ssh-directory - workspace: ssh-directory - params: # Parameters will be used by this task - - name: depth - value: "0" - - name: url - value: $(params.repo_url) - - name: revision - value: $(params.git_revision) - - name: create-git-tag - runAfter: - - fetch-repository - taskRef: - name: stakater-create-git-tag - kind: Task - params: - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_REVISION - value: $(params.git_revision) - workspaces: - - name: source - workspace: source - - name: ssh-directory - workspace: ssh-directory - - name: stakater-create-environment - runAfter: - - create-git-tag - taskRef: - kind: Task - name: stakater-create-environment - params: - - name: CREATE_ON_CLUSTER - value: "true" - - name: REPO_NAME - value: $(params.repo_path) - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_URL - value: "" #Replace with your application repository Url - - name: GIT_BRANCH - value: $(params.git_branch) - - name: IMAGE_TAG - value: $(tasks.create-git-tag.results.GIT_TAG) - - name: IMAGE_REPO - value: $(params.image_registry) - - name: PULL_REQUEST_COMMITS_API # Replace when not using Git - value: https://api.github.com/repos/$(params.organization)/$(params.repo_path)/pulls/$(params.pull_request_number)/commits - workspaces: - - name: output - workspace: source - - name: repo-token - workspace: repo-token - - name: code-linting - runAfter: - - stakater-create-environment - taskRef: - name: stakater-code-linting - kind: Task - workspaces: - - name: source - workspace: source - - name: kube-linting - runAfter: - - stakater-create-environment - taskRef: - name: stakater-kube-linting - kind: Task - params: - - name: FILE - value: manifest.yaml - - name: DEPLOYMENT_FILES_PATH - value: deploy - - name: NAMESPACE - value: arsenal-build - workspaces: - - name: source - workspace: source - - name: unit-test - runAfter: - - code-linting - - kube-linting - taskRef: - name: stakater-unit-test - kind: Task - workspaces: - - name: source - workspace: source - - name: sonarqube-scan - runAfter: - - unit-test - taskRef: - name: stakater-sonarqube-scan - kind: Task - params: - - name: SONAR_HOST_URL - value: https://sonarqube-stakater-sonarqube.apps.tno2-ams.s9nghh76.lab.kubeapp.cloud - - name: SONAR_PROJECT_KEY - value: $(params.repo_path) - - name: SONAR_LOGIN - workspaces: - - name: source - workspace: source - - name: buildah - runAfter: - - unit-test - taskRef: - name: stakater-buildah - kind: Task - params: - - name: IMAGE - value: $(params.image_registry):$(tasks.create-git-tag.results.GIT_TAG) - - name: TLSVERIFY - value: "false" - - name: FORMAT - value: "docker" - - name: BUILD_IMAGE - value: "true" - - name: IMAGE_REGISTRY - value: $(params.image_registry) - - name: CURRENT_GIT_TAG - value: $(tasks.create-git-tag.results.CURRENT_GIT_TAG) - workspaces: - - name: source - workspace: source - - name: trivy-scan - runAfter: - - buildah - - sonarqube-scan - taskRef: - name: stakater-trivy-scan - kind: Task - params: - - name: IMAGE - value: $(params.image_registry):$(tasks.create-git-tag.results.GIT_TAG) - workspaces: - - name: source - workspace: source - - name: rox-image-scan - runAfter: - - buildah - - sonarqube-scan - taskRef: - name: stakater-rox-image-scan - kind: Task - params: - - name: IMAGE - value: '$(params.image_registry):$(tasks.create-git-tag.results.GIT_TAG)' - - name: ROX_API_TOKEN - value: rox-creds - - name: ROX_CENTRAL_ENDPOINT - value: rox-creds - - name: OUTPUT_FORMAT - value: csv - - name: IMAGE_DIGEST - value: $(tasks.buildah.results.IMAGE_DIGEST) - - name: BUILD_IMAGE - value: "true" - - name: rox-image-check - runAfter: - - buildah - - sonarqube-scan - taskRef: - name: stakater-rox-image-check - kind: Task - params: - - name: IMAGE - value: '$(params.image_registry):$(tasks.create-git-tag.results.GIT_TAG)' - - name: ROX_API_TOKEN - value: rox-creds - - name: ROX_CENTRAL_ENDPOINT - value: rox-creds - - name: BUILD_IMAGE - value: "true" - - name: rox-deployment-check - runAfter: - - buildah - - sonarqube-scan - taskRef: - name: stakater-rox-deployment-check - kind: Task - params: - - name: ROX_API_TOKEN - value: rox-creds - - name: ROX_CENTRAL_ENDPOINT - value: rox-creds - - name: FILE - value: manifest.yaml - - name: DEPLOYMENT_FILES_PATH - value: deploy - workspaces: - - name: source - workspace: source - workspaces: # Mention Workspaces configuration - - name: source - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - - name: ssh-directory # Using ssh-directory workspace for our task to have better security - secret: - secretName: git-ssh-creds # Created this secret earlier - - name: repo-token - secret: - secretName: git-pat-creds - ``` - - !!! note - Remember to add the remote task in the annotations - ![rox-deployment-check](images/rox-deployment-check-annotation.png) - -1. Create a pull request with you changes. This should trigger the pipeline in the build namespace. - - ![rox-deployment-check](images/rox-deployment-check.png) - - ![rox-deployment-check-logs](images/rox-deployment-check-logs.png) - -Great! Let's add more tasks in our pipelineRun in coming tutorials. diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/17-add-rox-image-check.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/17-add-rox-image-check.md new file mode 100644 index 00000000..55ef9393 --- /dev/null +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/17-add-rox-image-check.md @@ -0,0 +1,34 @@ +# StackRox Image Check + +## Objectives + +- Add `rox-image-check` task to PipelineRun. +- Define parameters, workspaces, and tasks within the PipelineRun for building and deploying your application. + +## Key Results + +- Successfully create and execute the Tekton PipelineRun using the defined `.tekton/pullrequest.yaml` file, enabling automated CI/CD processes for your application. + +## Tutorial + +### Create PipelineRun with Rox Image Check Task + +You have already created a PipelineRun in the previous tutorial. Let's now add another task [`rox-image-check`](https://github.com/stakater-tekton-catalog/rox-image-check) to it. + +1. Open up the PipelineRun file you created in the previous tutorial. +1. Now edit the file so the YAML becomes like the one given below. + + ```yaml + {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/rox_image_check.yaml" %} + ``` + !!! note + Remember to add the remote task in the annotations + ![rox-image-check](images/rox-image-check-annotation.png) + +1. Create a pull request with you changes. This should trigger the pipeline in the build namespace. + + ![rox-image-check](images/rox-image-check.png) + + ![rox-image-check-logs](images/rox-image-check-logs.png) + +Great! Let's add more tasks in our pipelineRun in coming tutorials. diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/18-add-checkov-scan.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/18-add-checkov-scan.md deleted file mode 100644 index 01baa875..00000000 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/18-add-checkov-scan.md +++ /dev/null @@ -1,309 +0,0 @@ -# Checkov Scan - -## Objectives - -- Add `checkov-scan` task to PipelineRun. -- Define parameters, workspaces, and tasks within the PipelineRun for building and deploying your application. - -## Key Results - -- Successfully create and execute the Tekton PipelineRun using the defined `.tekton/pullrequest.yaml` file, enabling automated CI/CD processes for your application. -- Checkov scan is performed - -## Tutorial - -### Create PipelineRun with Checkov Scan Task - -You have already created a PipelineRun in the previous tutorial. Let's now add another task [`checkov-scan`](https://github.com/stakater-tekton-catalog/checkov-scan) to it. - -1. Open up the PipelineRun file you created in the previous tutorial. -1. Now edit the file so the YAML becomes like the one given below. - - ```yaml - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - name: pullrequest # pipelineRun name - annotations: - pipelinesascode.tekton.dev/on-event: "[pull_request]" # Trigger the pipelineRun on push events on branch main - pipelinesascode.tekton.dev/on-target-branch: "main" - pipelinesascode.tekton.dev/task: "[git-clone, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-git-tag/0.0.12/task/stakater-create-git-tag/stakater-create-git-tag.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-environment/0.0.16/task/stakater-create-environment/stakater-create-environment.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/code-linting-mvn/0.0.4/task/stakater-code-linting/stakater-code-linting.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/kube-linting/0.0.7/task/stakater-kube-linting/stakater-kube-linting.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/unit-test/0.0.6/task/stakater-unit-test/stakater-unit-test.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/sonarqube-scan/0.0.13/task/stakater-sonarqube-scan/stakater-sonarqube-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/buildah/0.0.29/task/stakater-buildah/stakater-buildah.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/trivy-scan/0.0.3/task/stakater-trivy-scan/stakater-trivy-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/rox-image-scan/0.0.4/task/stakater-rox-image-scan/stakater-rox-image-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/rox-image-check/0.0.7/task/stakater-rox-image-check/stakater-rox-image-check.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/rox-deployment-check/0.0.4/task/stakater-rox-deployment-check/stakater-rox-deployment-check.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/checkov-scan/0.0.4/task/stakater-checkov-scan/stakater-checkov-scan.yaml]" - pipelinesascode.tekton.dev/max-keep-runs: "2" # Only remain 2 latest pipelineRuns on SAAP - spec: - params - - name: repo_url - value: "git@github.com://" # Place your repo SSH URL - - name: git_revision - value: {{revision}} # Dynamic variable to fetch branch name of the push event on your repo - - name: git_branch - value: {{source_branch}} - - name: repo_path - value: {{repo_name}} # Dynamic variable to fetch repo name - - name: image_registry - value: "" # Place image registry URL without https:// succeeded by your application name - - name: helm_registry - value: "" # Place helm registry URL with https:// - - name: pull_request_number - value: {{pull_request_number}} - - name: organization - value: {{YOUR_GIT_ORG}} - pipelineSpec: # Define what parameters will be used for pipeline - params: - - name: repo_url - - name: git_revision - - name: repo_path - - name: image_registry - - name: helm_registry - - name: pull_request_number - - name: organization - - name: git_branch - workspaces: # Mention what workspaces will be used by this pipeline to store data and used by data transferring between tasks - - name: source - - name: ssh-directory - tasks: # Mention what tasks will be used by this pipeline - - name: fetch-repository #Name what you want to call the task - taskRef: - name: git-clone # Name of tasks mentioned in tekton-catalog - kind: Task - workspaces: # Mention what workspaces will be used by this task - - name: output - workspace: source - - name: ssh-directory - workspace: ssh-directory - params: # Parameters will be used by this task - - name: depth - value: "0" - - name: url - value: $(params.repo_url) - - name: revision - value: $(params.git_revision) - - name: create-git-tag - runAfter: - - fetch-repository - taskRef: - name: stakater-create-git-tag - kind: Task - params: - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_REVISION - value: $(params.git_revision) - workspaces: - - name: source - workspace: source - - name: ssh-directory - workspace: ssh-directory - - name: stakater-create-environment - runAfter: - - create-git-tag - taskRef: - kind: Task - name: stakater-create-environment - params: - - name: CREATE_ON_CLUSTER - value: "true" - - name: REPO_NAME - value: $(params.repo_path) - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_URL - value: "" #Replace with your application repository Url - - name: GIT_BRANCH - value: $(params.git_branch) - - name: IMAGE_TAG - value: $(tasks.create-git-tag.results.GIT_TAG) - - name: IMAGE_REPO - value: $(params.image_registry) - - name: PULL_REQUEST_COMMITS_API # Replace when not using Git - value: https://api.github.com/repos/$(params.organization)/$(params.repo_path)/pulls/$(params.pull_request_number)/commits - workspaces: - - name: output - workspace: source - - name: repo-token - workspace: repo-token - - name: code-linting - runAfter: - - stakater-create-environment - taskRef: - name: stakater-code-linting - kind: Task - workspaces: - - name: source - workspace: source - - name: kube-linting - runAfter: - - stakater-create-environment - taskRef: - name: stakater-kube-linting - kind: Task - params: - - name: FILE - value: manifest.yaml - - name: DEPLOYMENT_FILES_PATH - value: deploy - - name: NAMESPACE - value: arsenal-build - workspaces: - - name: source - workspace: source - - name: unit-test - runAfter: - - code-linting - - kube-linting - taskRef: - name: stakater-unit-test - kind: Task - workspaces: - - name: source - workspace: source - - name: sonarqube-scan - runAfter: - - unit-test - taskRef: - name: stakater-sonarqube-scan - kind: Task - params: - - name: SONAR_HOST_URL - value: https://sonarqube-stakater-sonarqube.apps.tno2-ams.s9nghh76.lab.kubeapp.cloud - - name: SONAR_PROJECT_KEY - value: $(params.repo_path) - - name: SONAR_LOGIN - workspaces: - - name: source - workspace: source - - name: buildah - runAfter: - - unit-test - taskRef: - name: stakater-buildah - kind: Task - params: - - name: IMAGE - value: $(params.image_registry):$(tasks.create-git-tag.results.GIT_TAG) - - name: TLSVERIFY - value: "false" - - name: FORMAT - value: "docker" - - name: BUILD_IMAGE - value: "true" - - name: IMAGE_REGISTRY - value: $(params.image_registry) - - name: CURRENT_GIT_TAG - value: $(tasks.create-git-tag.results.CURRENT_GIT_TAG) - workspaces: - - name: source - workspace: source - - name: trivy-scan - runAfter: - - buildah - - sonarqube-scan - taskRef: - name: stakater-trivy-scan - kind: Task - params: - - name: IMAGE - value: $(params.image_registry):$(tasks.create-git-tag.results.GIT_TAG) - workspaces: - - name: source - workspace: source - - name: rox-image-scan - runAfter: - - buildah - - sonarqube-scan - taskRef: - name: stakater-rox-image-scan - kind: Task - params: - - name: IMAGE - value: '$(params.image_registry):$(tasks.create-git-tag.results.GIT_TAG)' - - name: ROX_API_TOKEN - value: rox-creds - - name: ROX_CENTRAL_ENDPOINT - value: rox-creds - - name: OUTPUT_FORMAT - value: csv - - name: IMAGE_DIGEST - value: $(tasks.buildah.results.IMAGE_DIGEST) - - name: BUILD_IMAGE - value: "true" - - name: rox-image-check - runAfter: - - buildah - - sonarqube-scan - taskRef: - name: stakater-rox-image-check - kind: Task - params: - - name: IMAGE - value: '$(params.image_registry):$(tasks.create-git-tag.results.GIT_TAG)' - - name: ROX_API_TOKEN - value: rox-creds - - name: ROX_CENTRAL_ENDPOINT - value: rox-creds - - name: BUILD_IMAGE - value: "true" - - name: rox-deployment-check - runAfter: - - buildah - - sonarqube-scan - taskRef: - name: stakater-rox-deployment-check - kind: Task - params: - - name: ROX_API_TOKEN - value: rox-creds - - name: ROX_CENTRAL_ENDPOINT - value: rox-creds - - name: FILE - value: manifest.yaml - - name: DEPLOYMENT_FILES_PATH - value: deploy - workspaces: - - name: source - workspace: source - - name: checkov-scan - runAfter: - - buildah - - sonarqube-scan - taskRef: - name: stakater-checkov-scan - kind: Task - workspaces: - - name: source - workspace: source - workspaces: # Mention Workspaces configuration - - name: source - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - - name: ssh-directory # Using ssh-directory workspace for our task to have better security - secret: - secretName: git-ssh-creds # Created this secret earlier - - name: repo-token - secret: - secretName: git-pat-creds - ``` - - !!! note - Remember to add the remote task in the annotations - ![checkov-scan](images/checkov-scan-annotation.png) - -1. Create a pull request with you changes. This should trigger the pipeline in the build namespace. - -Great! Let's add more tasks in our pipelineRun in coming tutorials. diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/18-add-rox-deployment-check.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/18-add-rox-deployment-check.md new file mode 100644 index 00000000..b6edc637 --- /dev/null +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/18-add-rox-deployment-check.md @@ -0,0 +1,34 @@ +# StackRox Deployment Check + +## Objectives + +- Add `rox-deployemnt-check` task to PipelineRun. +- Define parameters, workspaces, and tasks within the PipelineRun for building and deploying your application. + +## Key Results + +- Successfully create and execute the Tekton PipelineRun using the defined `.tekton/pullrequest.yaml` file, enabling automated CI/CD processes for your application. + +## Tutorial + +### Create PipelineRun with Rox Deployment Check Task + +You have already created a PipelineRun in the previous tutorial. Let's now add another task `rox-deployment-check` to it. + +1. Open up the PipelineRun file you created in the previous tutorial. +1. Now edit the file so the YAML becomes like the one given below. + + ```yaml + {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/rox_deployment_check.yaml" %} + ``` + !!! note + Remember to add the remote task in the annotations + ![rox-deployment-check](images/rox-deployment-check-annotation.png) + +1. Create a pull request with you changes. This should trigger the pipeline in the build namespace. + + ![rox-deployment-check](images/rox-deployment-check.png) + + ![rox-deployment-check-logs](images/rox-deployment-check-logs.png) + +Great! Let's add more tasks in our pipelineRun in coming tutorials. diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/19-add-checkov-scan.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/19-add-checkov-scan.md new file mode 100644 index 00000000..7d9ee30a --- /dev/null +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/19-add-checkov-scan.md @@ -0,0 +1,31 @@ +# Checkov Scan + +## Objectives + +- Add `checkov-scan` task to PipelineRun. +- Define parameters, workspaces, and tasks within the PipelineRun for building and deploying your application. + +## Key Results + +- Successfully create and execute the Tekton PipelineRun using the defined `.tekton/pullrequest.yaml` file, enabling automated CI/CD processes for your application. +- Checkov scan is performed + +## Tutorial + +### Create PipelineRun with Checkov Scan Task + +You have already created a PipelineRun in the previous tutorial. Let's now add another task [`checkov-scan`](https://github.com/stakater-tekton-catalog/checkov-scan) to it. + +1. Open up the PipelineRun file you created in the previous tutorial. +1. Now edit the file so the YAML becomes like the one given below. + + ```yaml + {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/checkov_scan.yaml" %} + ``` + !!! note + Remember to add the remote task in the annotations + ![checkov-scan](images/checkov-scan-annotation.png) + +1. Create a pull request with you changes. This should trigger the pipeline in the build namespace. + +Great! Let's add more tasks in our pipelineRun in coming tutorials. diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/19-add-helm-push.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/19-add-helm-push.md deleted file mode 100644 index dc53dc12..00000000 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/19-add-helm-push.md +++ /dev/null @@ -1,337 +0,0 @@ -# Helm Push - -## Objectives - -- Add `helm-push` task to PipelineRun. -- Define parameters, workspaces, and tasks within the PipelineRun for building and deploying your application. - -## Key Results - -- Successfully create and execute the Tekton PipelineRun using the defined `.tekton/pullrequest.yaml` file, enabling automated CI/CD processes for your application. -- Application helm chart os pushed to nexus - -## Tutorial - -### Create PipelineRun with Helm Push Task - -You have already created a PipelineRun in the previous tutorial. Let's now add another task [`helm-push`](https://github.com/stakater-tekton-catalog/helm-push) to it. - -1. Open up the PipelineRun file you created in the previous tutorial. -1. Now edit the file so the YAML becomes like the one given below. - - ```yaml - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - name: pullrequest # pipelineRun name - annotations: - pipelinesascode.tekton.dev/on-event: "[pull_request]" # Trigger the pipelineRun on push events on branch main - pipelinesascode.tekton.dev/on-target-branch: "main" - pipelinesascode.tekton.dev/task: "[git-clone, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-git-tag/0.0.12/task/stakater-create-git-tag/stakater-create-git-tag.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-environment/0.0.16/task/stakater-create-environment/stakater-create-environment.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/code-linting-mvn/0.0.4/task/stakater-code-linting/stakater-code-linting.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/kube-linting/0.0.7/task/stakater-kube-linting/stakater-kube-linting.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/unit-test/0.0.6/task/stakater-unit-test/stakater-unit-test.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/sonarqube-scan/0.0.13/task/stakater-sonarqube-scan/stakater-sonarqube-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/buildah/0.0.29/task/stakater-buildah/stakater-buildah.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/trivy-scan/0.0.3/task/stakater-trivy-scan/stakater-trivy-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/rox-image-scan/0.0.4/task/stakater-rox-image-scan/stakater-rox-image-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/rox-image-check/0.0.7/task/stakater-rox-image-check/stakater-rox-image-check.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/rox-deployment-check/0.0.4/task/stakater-rox-deployment-check/stakater-rox-deployment-check.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/checkov-scan/0.0.4/task/stakater-checkov-scan/stakater-checkov-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/helm-push/0.0.17/task/stakater-helm-push/stakater-helm-push.yaml]" - pipelinesascode.tekton.dev/max-keep-runs: "2" # Only remain 2 latest pipelineRuns on SAAP - spec: - params: - - name: repo_url - value: "git@github.com://" # Place your repo SSH URL - - name: git_revision - value: {{revision}} # Dynamic variable to fetch branch name of the push event on your repo - - name: git_branch - value: {{source_branch}} - - name: repo_path - value: {{repo_name}} # Dynamic variable to fetch repo name - - name: image_registry - value: "" # Place image registry URL without https:// succeeded by your application name - - name: helm_registry - value: "" # Place helm registry URL with https:// - - name: pull_request_number - value: {{pull_request_number}} - - name: organization - value: {{YOUR_GIT_ORG}} - pipelineSpec: # Define what parameters will be used for pipeline - params: - - name: repo_url - - name: git_revision - - name: repo_path - - name: image_registry - - name: helm_registry - - name: pull_request_number - - name: organization - - name: git_branch - workspaces: # Mention what workspaces will be used by this pipeline to store data and used by data transferring between tasks - - name: source - - name: ssh-directory - tasks: # Mention what tasks will be used by this pipeline - - name: fetch-repository #Name what you want to call the task - taskRef: - name: git-clone # Name of tasks mentioned in tekton-catalog - kind: Task - workspaces: # Mention what workspaces will be used by this task - - name: output - workspace: source - - name: ssh-directory - workspace: ssh-directory - params: # Parameters will be used by this task - - name: depth - value: "0" - - name: url - value: $(params.repo_url) - - name: revision - value: $(params.git_revision) - - name: create-git-tag - runAfter: - - fetch-repository - taskRef: - name: stakater-create-git-tag - kind: Task - params: - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_REVISION - value: $(params.git_revision) - workspaces: - - name: source - workspace: source - - name: ssh-directory - workspace: ssh-directory - - name: stakater-create-environment - runAfter: - - create-git-tag - taskRef: - kind: Task - name: stakater-create-environment - params: - - name: CREATE_ON_CLUSTER - value: "true" - - name: REPO_NAME - value: $(params.repo_path) - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_URL - value: "" #Replace with your application repository Url - - name: GIT_BRANCH - value: $(params.git_branch) - - name: IMAGE_TAG - value: $(tasks.create-git-tag.results.GIT_TAG) - - name: IMAGE_REPO - value: $(params.image_registry) - - name: PULL_REQUEST_COMMITS_API # Replace when not using Git - value: https://api.github.com/repos/$(params.organization)/$(params.repo_path)/pulls/$(params.pull_request_number)/commits - workspaces: - - name: output - workspace: source - - name: repo-token - workspace: repo-token - - name: code-linting - runAfter: - - stakater-create-environment - taskRef: - name: stakater-code-linting - kind: Task - workspaces: - - name: source - workspace: source - - name: kube-linting - runAfter: - - stakater-create-environment - taskRef: - name: stakater-kube-linting - kind: Task - params: - - name: FILE - value: manifest.yaml - - name: DEPLOYMENT_FILES_PATH - value: deploy - - name: NAMESPACE - value: arsenal-build - workspaces: - - name: source - workspace: source - - name: unit-test - runAfter: - - code-linting - - kube-linting - taskRef: - name: stakater-unit-test - kind: Task - workspaces: - - name: source - workspace: source - - name: sonarqube-scan - runAfter: - - unit-test - taskRef: - name: stakater-sonarqube-scan - kind: Task - params: - - name: SONAR_HOST_URL - value: < SONARQUBE URL> - - name: SONAR_PROJECT_KEY - value: $(params.repo_path) - - name: SONAR_LOGIN - workspaces: - - name: source - workspace: source - - name: buildah - runAfter: - - unit-test - taskRef: - name: stakater-buildah - kind: Task - params: - - name: IMAGE - value: $(params.image_registry):$(tasks.create-git-tag.results.GIT_TAG) - - name: TLSVERIFY - value: "false" - - name: FORMAT - value: "docker" - - name: BUILD_IMAGE - value: "true" - - name: IMAGE_REGISTRY - value: $(params.image_registry) - - name: CURRENT_GIT_TAG - value: $(tasks.create-git-tag.results.CURRENT_GIT_TAG) - workspaces: - - name: source - workspace: source - - name: trivy-scan - runAfter: - - buildah - - sonarqube-scan - taskRef: - name: stakater-trivy-scan - kind: Task - params: - - name: IMAGE - value: $(params.image_registry):$(tasks.create-git-tag.results.GIT_TAG) - workspaces: - - name: source - workspace: source - - name: rox-image-scan - runAfter: - - buildah - - sonarqube-scan - taskRef: - name: stakater-rox-image-scan - kind: Task - params: - - name: IMAGE - value: '$(params.image_registry):$(tasks.create-git-tag.results.GIT_TAG)' - - name: ROX_API_TOKEN - value: rox-creds - - name: ROX_CENTRAL_ENDPOINT - value: rox-creds - - name: OUTPUT_FORMAT - value: csv - - name: IMAGE_DIGEST - value: $(tasks.buildah.results.IMAGE_DIGEST) - - name: BUILD_IMAGE - value: "true" - - name: rox-image-check - runAfter: - - buildah - - sonarqube-scan - taskRef: - name: stakater-rox-image-check - kind: Task - params: - - name: IMAGE - value: '$(params.image_registry):$(tasks.create-git-tag.results.GIT_TAG)' - - name: ROX_API_TOKEN - value: rox-creds - - name: ROX_CENTRAL_ENDPOINT - value: rox-creds - - name: BUILD_IMAGE - value: "true" - - name: rox-deployment-check - runAfter: - - buildah - - sonarqube-scan - taskRef: - name: stakater-rox-deployment-check - kind: Task - params: - - name: ROX_API_TOKEN - value: rox-creds - - name: ROX_CENTRAL_ENDPOINT - value: rox-creds - - name: FILE - value: manifest.yaml - - name: DEPLOYMENT_FILES_PATH - value: deploy - workspaces: - - name: source - workspace: source - - name: checkov-scan - runAfter: - - buildah - - sonarqube-scan - taskRef: - name: stakater-checkov-scan - kind: Task - workspaces: - - name: source - workspace: source - - name: helm-push - runAfter: - - trivy-scan - - rox-deployment-check - - rox-image-scan - - rox-image-check - - checkov-scan - taskRef: - name: stakater-helm-push - kind: Task - params: - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: REPO_PATH - value: $(params.repo_path) - - name: GIT_REVISION - value: $(params.git_revision) - - name: REGISTRY - value: $(params.helm_registry) - - name: SEM_VER - value: $(tasks.create-git-tag.results.GIT_TAG) - workspaces: - - name: source - workspace: source - workspaces: # Mention Workspaces configuration - - name: source - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - - name: ssh-directory # Using ssh-directory workspace for our task to have better security - secret: - secretName: git-ssh-creds # Created this secret earlier - - name: repo-token - secret: - secretName: git-pat-creds - ``` - - !!! note - Remember to add the remote task in the annotations - -1. Create a pull request with you changes. This should trigger the pipeline in the build namespace. - - ![helm-push](images/helm-push.png) - - ![helm-push](images/helm-push-logs.png) - -Great! Let's add more tasks in our pipelineRun in coming tutorials. diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/20-add-helm-push.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/20-add-helm-push.md new file mode 100644 index 00000000..827d60d7 --- /dev/null +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/20-add-helm-push.md @@ -0,0 +1,34 @@ +# Helm Push + +## Objectives + +- Add `helm-push` task to PipelineRun. +- Define parameters, workspaces, and tasks within the PipelineRun for building and deploying your application. + +## Key Results + +- Successfully create and execute the Tekton PipelineRun using the defined `.tekton/pullrequest.yaml` file, enabling automated CI/CD processes for your application. +- Application helm chart os pushed to nexus + +## Tutorial + +### Create PipelineRun with Helm Push Task + +You have already created a PipelineRun in the previous tutorial. Let's now add another task [`helm-push`](https://github.com/stakater-tekton-catalog/helm-push) to it. + +1. Open up the PipelineRun file you created in the previous tutorial. +1. Now edit the file so the YAML becomes like the one given below. + + ```yaml + {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/helm_push.yaml" %} + ``` + !!! note + Remember to add the remote task in the annotations + +1. Create a pull request with you changes. This should trigger the pipeline in the build namespace. + + ![helm-push](images/helm-push.png) + + ![helm-push](images/helm-push-logs.png) + +Great! Let's add more tasks in our pipelineRun in coming tutorials. diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/20-add-update-cd-repo.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/20-add-update-cd-repo.md deleted file mode 100644 index 831fa703..00000000 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/20-add-update-cd-repo.md +++ /dev/null @@ -1,370 +0,0 @@ -# Update CD Repo - -## Objectives - -- Add `update-cd-repo` task to PipelineRun. -- Define parameters, workspaces, and tasks within the PipelineRun for building and deploying your application. - -## Key Results - -- Successfully create and execute the Tekton PipelineRun using the defined `.tekton/pullrequest.yaml` file, enabling automated CI/CD processes for your application. -- The GitOps Repository is updated - -## Tutorial - -### Create PipelineRun with Update CD Repo Task - -You have already created a PipelineRun in the previous tutorial. Let's now add another task [`update-cd-repo`](https://github.com/stakater-tekton-catalog/github-update-cd-repo) to it. - -1. Open up the PipelineRun file you created in the previous tutorial. -1. Now edit the file so the YAML becomes like the one given below. - - ```yaml - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - name: pullrequest # pipelineRun name - annotations: - pipelinesascode.tekton.dev/on-event: "[pull_request]" # Trigger the pipelineRun on push events on branch main - pipelinesascode.tekton.dev/on-target-branch: "main" - pipelinesascode.tekton.dev/task: "[git-clone, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-git-tag/0.0.12/task/stakater-create-git-tag/stakater-create-git-tag.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-environment/0.0.16/task/stakater-create-environment/stakater-create-environment.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/code-linting-mvn/0.0.4/task/stakater-code-linting/stakater-code-linting.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/kube-linting/0.0.7/task/stakater-kube-linting/stakater-kube-linting.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/unit-test/0.0.6/task/stakater-unit-test/stakater-unit-test.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/sonarqube-scan/0.0.13/task/stakater-sonarqube-scan/stakater-sonarqube-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/buildah/0.0.29/task/stakater-buildah/stakater-buildah.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/trivy-scan/0.0.3/task/stakater-trivy-scan/stakater-trivy-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/rox-image-scan/0.0.4/task/stakater-rox-image-scan/stakater-rox-image-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/rox-image-check/0.0.7/task/stakater-rox-image-check/stakater-rox-image-check.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/rox-deployment-check/0.0.4/task/stakater-rox-deployment-check/stakater-rox-deployment-check.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/checkov-scan/0.0.4/task/stakater-checkov-scan/stakater-checkov-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/helm-push/0.0.17/task/stakater-helm-push/stakater-helm-push.yaml - https://raw.githubusercontent.com/stakater-tekton-catalog/github-update-cd-repo/0.0.12/task/stakater-github-update-cd-repo/stakater-github-update-cd-repo.yaml]" - pipelinesascode.tekton.dev/max-keep-runs: "2" # Only remain 2 latest pipelineRuns on SAAP - spec: - params: - - name: repo_url - value: "git@github.com://" # Place your repo SSH URL - - name: git_revision - value: {{revision}} # Dynamic variable to fetch branch name of the push event on your repo - - name: git_branch - value: {{source_branch}} - - name: repo_path - value: {{repo_name}} # Dynamic variable to fetch repo name - - name: image_registry - value: "" # Place image registry URL without https:// succeeded by your application name - - name: helm_registry - value: "" # Place helm registry URL with https:// - - name: pull_request_number - value: {{pull_request_number}} - - name: organization - value: {{YOUR_GIT_ORG}} - pipelineSpec: # Define what parameters will be used for pipeline - params: - - name: repo_url - - name: git_revision - - name: repo_path - - name: image_registry - - name: helm_registry - - name: pull_request_number - - name: organization - - name: git_branch - workspaces: # Mention what workspaces will be used by this pipeline to store data and used by data transferring between tasks - - name: source - - name: ssh-directory - tasks: # Mention what tasks will be used by this pipeline - - name: fetch-repository #Name what you want to call the task - taskRef: - name: git-clone # Name of tasks mentioned in tekton-catalog - kind: Task - workspaces: # Mention what workspaces will be used by this task - - name: output - workspace: source - - name: ssh-directory - workspace: ssh-directory - params: # Parameters will be used by this task - - name: depth - value: "0" - - name: url - value: $(params.repo_url) - - name: revision - value: $(params.git_revision) - - name: create-git-tag - runAfter: - - fetch-repository - taskRef: - name: stakater-create-git-tag - kind: Task - params: - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_REVISION - value: $(params.git_revision) - workspaces: - - name: source - workspace: source - - name: ssh-directory - workspace: ssh-directory - - name: stakater-create-environment - runAfter: - - create-git-tag - taskRef: - kind: Task - name: stakater-create-environment - params: - - name: CREATE_ON_CLUSTER - value: "true" - - name: REPO_NAME - value: $(params.repo_path) - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_URL - value: "" #Replace with your application repository Url - - name: GIT_BRANCH - value: $(params.git_branch) - - name: IMAGE_TAG - value: $(tasks.create-git-tag.results.GIT_TAG) - - name: IMAGE_REPO - value: $(params.image_registry) - - name: PULL_REQUEST_COMMITS_API # Replace when not using Git - value: https://api.github.com/repos/$(params.organization)/$(params.repo_path)/pulls/$(params.pull_request_number)/commits - workspaces: - - name: output - workspace: source - - name: repo-token - workspace: repo-token - - name: code-linting - runAfter: - - stakater-create-environment - taskRef: - name: stakater-code-linting - kind: Task - workspaces: - - name: source - workspace: source - - name: kube-linting - runAfter: - - stakater-create-environment - taskRef: - name: stakater-kube-linting - kind: Task - params: - - name: FILE - value: manifest.yaml - - name: DEPLOYMENT_FILES_PATH - value: deploy - - name: NAMESPACE - value: arsenal-build - workspaces: - - name: source - workspace: source - - name: unit-test - runAfter: - - code-linting - - kube-linting - taskRef: - name: stakater-unit-test - kind: Task - workspaces: - - name: source - workspace: source - - name: sonarqube-scan - runAfter: - - unit-test - taskRef: - name: stakater-sonarqube-scan - kind: Task - params: - - name: SONAR_HOST_URL - value: https://sonarqube-stakater-sonarqube.apps.tno2-ams.s9nghh76.lab.kubeapp.cloud - - name: SONAR_PROJECT_KEY - value: $(params.repo_path) - - name: SONAR_LOGIN - workspaces: - - name: source - workspace: source - - name: buildah - runAfter: - - unit-test - taskRef: - name: stakater-buildah - kind: Task - params: - - name: IMAGE - value: $(params.image_registry):$(tasks.create-git-tag.results.GIT_TAG) - - name: TLSVERIFY - value: "false" - - name: FORMAT - value: "docker" - - name: BUILD_IMAGE - value: "true" - - name: IMAGE_REGISTRY - value: $(params.image_registry) - - name: CURRENT_GIT_TAG - value: $(tasks.create-git-tag.results.CURRENT_GIT_TAG) - workspaces: - - name: source - workspace: source - - name: trivy-scan - runAfter: - - buildah - - sonarqube-scan - taskRef: - name: stakater-trivy-scan - kind: Task - params: - - name: IMAGE - value: $(params.image_registry):$(tasks.create-git-tag.results.GIT_TAG) - workspaces: - - name: source - workspace: source - - name: rox-image-scan - runAfter: - - buildah - - sonarqube-scan - taskRef: - name: stakater-rox-image-scan - kind: Task - params: - - name: IMAGE - value: '$(params.image_registry):$(tasks.create-git-tag.results.GIT_TAG)' - - name: ROX_API_TOKEN - value: rox-creds - - name: ROX_CENTRAL_ENDPOINT - value: rox-creds - - name: OUTPUT_FORMAT - value: csv - - name: IMAGE_DIGEST - value: $(tasks.buildah.results.IMAGE_DIGEST) - - name: BUILD_IMAGE - value: "true" - - name: rox-image-check - runAfter: - - buildah - - sonarqube-scan - taskRef: - name: stakater-rox-image-check - kind: Task - params: - - name: IMAGE - value: '$(params.image_registry):$(tasks.create-git-tag.results.GIT_TAG)' - - name: ROX_API_TOKEN - value: rox-creds - - name: ROX_CENTRAL_ENDPOINT - value: rox-creds - - name: BUILD_IMAGE - value: "true" - - name: rox-deployment-check - runAfter: - - buildah - - sonarqube-scan - taskRef: - name: stakater-rox-deployment-check - kind: Task - params: - - name: ROX_API_TOKEN - value: rox-creds - - name: ROX_CENTRAL_ENDPOINT - value: rox-creds - - name: FILE - value: manifest.yaml - - name: DEPLOYMENT_FILES_PATH - value: deploy - workspaces: - - name: source - workspace: source - - name: checkov-scan - runAfter: - - buildah - - sonarqube-scan - taskRef: - name: stakater-checkov-scan - kind: Task - workspaces: - - name: source - workspace: source - - name: helm-push - runAfter: - - trivy-scan - - rox-deployment-check - - rox-image-scan - - rox-image-check - - checkov-scan - taskRef: - name: stakater-helm-push - kind: Task - params: - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: REPO_PATH - value: $(params.repo_path) - - name: GIT_REVISION - value: $(params.git_revision) - - name: REGISTRY - value: $(params.helm_registry) - - name: SEM_VER - value: $(tasks.create-git-tag.results.GIT_TAG) - workspaces: - - name: source - workspace: source - - name: update-cd-repo - runAfter: - - helm-push - taskRef: - kind: Task - name: stakater-github-update-cd-repo - params: - - name: IMAGE_TAG - value: $(tasks.create-git-tag.results.GIT_TAG) - - name: IMAGE_NAME - value: $(params.image_registry) - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: REPO_PATH - value: $(params.repo_path) - - name: GIT_REVISION - value: $(params.git_revision) - - name: NAMESPACE - value: -dev - - name: ENVIRONMENT - value: dev - - name: HELM_REGISTRY - value: $(params.helm_registry) - - name: CD_REPO_URL - value: < YOUR CD REPO URL > - workspaces: - - name: source - workspace: source - - name: ssh-directory - workspace: ssh-directory - workspaces: # Mention Workspaces configuration - - name: source - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - - name: ssh-directory # Using ssh-directory workspace for our task to have better security - secret: - secretName: git-ssh-creds # Created this secret earlier - - name: repo-token - secret: - secretName: git-pat-creds - ``` - - !!! note - Remember to add the remote task in the annotations - -1. Remember to update the NAMESPACE and CD_REPO_URL parameter in the newly added task. - -1. Create a pull request with you changes. This should trigger the pipeline in the build namespace. - - ![update-cd-repo](images/update-cd-repo.png) - - ![update-cd-repo](images/update-cd-repo-logs.png) - -Great! Let's add more tasks in our pipelineRun in coming tutorials. diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/21-add-update-cd-repo.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/21-add-update-cd-repo.md new file mode 100644 index 00000000..a3b04bf8 --- /dev/null +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/21-add-update-cd-repo.md @@ -0,0 +1,36 @@ +# Update CD Repo + +## Objectives + +- Add `update-cd-repo` task to PipelineRun. +- Define parameters, workspaces, and tasks within the PipelineRun for building and deploying your application. + +## Key Results + +- Successfully create and execute the Tekton PipelineRun using the defined `.tekton/pullrequest.yaml` file, enabling automated CI/CD processes for your application. +- The GitOps Repository is updated + +## Tutorial + +### Create PipelineRun with Update CD Repo Task + +You have already created a PipelineRun in the previous tutorial. Let's now add another task [`update-cd-repo`](https://github.com/stakater-tekton-catalog/github-update-cd-repo) to it. + +1. Open up the PipelineRun file you created in the previous tutorial. +1. Now edit the file so the YAML becomes like the one given below. + + ```yaml + {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/update_cd_repo.yaml" %} + ``` + !!! note + Remember to add the remote task in the annotations + +1. Remember to update the NAMESPACE and CD_REPO_URL parameter in the newly added task. + +1. Create a pull request with you changes. This should trigger the pipeline in the build namespace. + + ![update-cd-repo](images/update-cd-repo.png) + + ![update-cd-repo](images/update-cd-repo-logs.png) + +Great! Let's add more tasks in our pipelineRun in coming tutorials. diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/21-add-validate-environment.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/21-add-validate-environment.md deleted file mode 100644 index a9b30b67..00000000 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/21-add-validate-environment.md +++ /dev/null @@ -1,369 +0,0 @@ -# Validate Environment - -## Objectives - -- Add `validate-environment` task to PipelineRun. -- Define parameters, workspaces, and tasks within the PipelineRun for building and deploying your application. - -## Key Results - -- Successfully create and execute the Tekton PipelineRun using the defined `.tekton/pullrequest.yaml` file, enabling automated CI/CD processes for your application. -- Tronador Environment deployment is validated. - -## Tutorial - -### Create PipelineRun with Validate Environment Task - -You have already created a PipelineRun in the previous tutorial. Let's now add another task [`validate-environment`](https://github.com/stakater-tekton-catalog/validate-environment) to it. - -1. Open up the PipelineRun file you created in the previous tutorial. -1. Now edit the file so the YAML becomes like the one given below. - - ```yaml - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - name: pullrequest # pipelineRun name - annotations: - pipelinesascode.tekton.dev/on-event: "[pull_request]" # Trigger the pipelineRun on pull_request events on branch main - pipelinesascode.tekton.dev/on-target-branch: "main" - pipelinesascode.tekton.dev/task: "[git-clone, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-git-tag/0.0.12/task/stakater-create-git-tag/stakater-create-git-tag.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-environment/0.0.17/task/stakater-create-environment/stakater-create-environment.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/code-linting-mvn/0.0.4/task/stakater-code-linting/stakater-code-linting.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/kube-linting/0.0.7/task/stakater-kube-linting/stakater-kube-linting.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/unit-test/0.0.6/task/stakater-unit-test/stakater-unit-test.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/sonarqube-scan/0.0.19/task/stakater-sonarqube-scan/stakater-sonarqube-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/buildah-image-build/0.0.1/task/stakater-buildah-image-build/stakater-buildah-image-build.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/buildah-image-push/0.0.1/task/stakater-buildah-image-push/stakater-buildah-image-push.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/trivy-scan/0.0.4/task/stakater-trivy-scan/stakater-trivy-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/rox-image-scan/0.0.5/task/stakater-rox-image-scan/stakater-rox-image-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/rox-deployment-check/0.0.4/task/stakater-rox-deployment-check/stakater-rox-deployment-check.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/rox-image-check/0.0.9/task/stakater-rox-image-check/stakater-rox-image-check.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/checkov-scan/0.0.4/task/stakater-checkov-scan/stakater-checkov-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/github-update-cd-repo/0.0.18/task/stakater-github-update-cd-repo/stakater-github-update-cd-repo.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/cosign/0.0.4/task/stakater-cosign/stakater-cosign.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/validate-environment/0.0.8/task/stakater-validate-environment/stakater-validate-environment.yaml]" # The tasks will be fetched from Tekton Hub. We can also provide direct links to yaml files - pipelinesascode.tekton.dev/max-keep-runs: "2" # Only remain 2 latest pipelineRuns on SAAP - spec: - params: - - name: repo_url - value: {{body.repository.ssh_url}} # Place your repo SSH URL - - name: git_revision - value: {{revision}} # Dynamic variable to fetch branch name of the push event on your repo - - name: repo_name - value: {{repo_name}} # Dynamic varaible to fetch repo name - - name: repo_path - value: "usermanagement-writeservice" - - name: git_branch - value: {{source_branch}} - - name: pull_request_number - value: {{pull_request_number}} - - name: organization - value: {{body.organization.login}} - pipelineSpec: # Define what parameters will be used for pipeline - params: - - name: repo_url - - name: git_revision - - name: repo_name - - name: repo_path - - name: pull_request_number - - name: organization - - name: git_branch - workspaces: # Mention what workspaces will be used by this pipeline to store data and used by data transferring between tasks - - name: source - - name: ssh-directory - tasks: # Mention what tasks will be used by this pipeline - - name: fetch-repository #Name what you want to call the task - taskRef: - name: git-clone # Name of tasks mentioned in tekton-catalog - kind: ClusterTask - workspaces: # Mention what workspaces will be used by this task - - name: output - workspace: source - - name: ssh-directory - workspace: ssh-directory - params: # Parameters will be used by this task - - name: depth - value: "0" - - name: url - value: $(params.repo_url) - - name: revision - value: $(params.git_revision) - - name: create-git-tag - runAfter: - - fetch-repository - taskRef: - name: stakater-create-git-tag - kind: Task - params: - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_REVISION - value: $(params.git_revision) - workspaces: - - name: source - workspace: source - - name: ssh-directory - workspace: ssh-directory - - name: stakater-create-environment - runAfter: - - create-git-tag - taskRef: - kind: Task - name: stakater-create-environment - params: - - name: CREATE_ON_CLUSTER - value: "true" - - name: REPO_NAME - value: $(params.repo_path) - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_URL - value: "" #Replace with your application repository Url - - name: GIT_BRANCH - value: $(params.git_branch) - - name: IMAGE_TAG - value: $(tasks.create-git-tag.results.GIT_TAG) - - name: PULL_REQUEST_COMMITS_API # Replace when not using Git - value: https://api.github.com/repos/$(params.organization)/$(params.repo_name)/pulls/$(params.pull_request_number)/commits - workspaces: - - name: output - workspace: source - - name: repo-token - workspace: repo-token - - name: code-linting - runAfter: - - stakater-create-environment - taskRef: - name: stakater-code-linting - kind: Task - workspaces: - - name: source - workspace: source - - name: kube-linting - runAfter: - - stakater-create-environment - taskRef: - name: stakater-kube-linting - kind: Task - params: - - name: FILE - value: manifest.yaml - - name: DEPLOYMENT_FILES_PATH - value: deploy - - name: NAMESPACE - value: arsenal-build - workspaces: - - name: source - workspace: source - - name: unit-test - runAfter: - - code-linting - - kube-linting - taskRef: - name: stakater-unit-test - kind: Task - workspaces: - - name: source - workspace: source - - name: sonarqube-scan - runAfter: - - unit-test - taskRef: - name: stakater-sonarqube-scan - kind: Task - params: - - name: SONAR_PROJECT_KEY - value: $(params.repo_path) - workspaces: - - name: source - workspace: source - - name: buildah-image-build - runAfter: - - unit-test - taskRef: - name: stakater-buildah-image-build - kind: Task - params: - - name: IMAGE_NAME - value: $(params.repo_path):$(tasks.create-git-tag.results.GIT_TAG) - - name: TLSVERIFY - value: "false" - - name: FORMAT - value: "docker" - - name: CURRENT_GIT_TAG - value: $(tasks.create-git-tag.results.CURRENT_GIT_TAG) - - name: REPO_NAME - value: $(params.repo_path) - workspaces: - - name: source - workspace: source - - name: buildah-image-push - runAfter: - - buildah-image-build - taskRef: - name: stakater-buildah-image-push - kind: Task - params: - - name: IMAGE_NAME - value: $(params.repo_path):$(tasks.create-git-tag.results.GIT_TAG) - - name: TLSVERIFY - value: "false" - - name: CURRENT_GIT_TAG - value: $(tasks.create-git-tag.results.CURRENT_GIT_TAG) - - name: REPO_NAME - value: $(params.repo_path) - workspaces: - - name: source - workspace: source - - name: trivy-scan - runAfter: - - buildah-image-push - - sonarqube-scan - taskRef: - name: stakater-trivy-scan - kind: Task - params: - - name: IMAGE_NAME - value: $(params.repo_path):$(tasks.create-git-tag.results.GIT_TAG) - workspaces: - - name: source - workspace: source - - name: rox-image-scan - runAfter: - - buildah-image-push - - sonarqube-scan - taskRef: - name: stakater-rox-image-scan - kind: Task - params: - - name: IMAGE_NAME - value: '$(params.repo_path):$(tasks.create-git-tag.results.GIT_TAG)' - - name: ROX_API_TOKEN - value: rox-creds - - name: ROX_CENTRAL_ENDPOINT - value: rox-creds - - name: OUTPUT_FORMAT - value: csv - - name: IMAGE_DIGEST - value: $(tasks.buildah-image-push.results.IMAGE_DIGEST) - - name: BUILD_IMAGE - value: "true" - - name: rox-image-check - runAfter: - - buildah-image-push - - sonarqube-scan - taskRef: - name: stakater-rox-image-check - kind: Task - params: - - name: IMAGE_NAME - value: '$(params.repo_path):$(tasks.create-git-tag.results.GIT_TAG)' - - name: ROX_API_TOKEN - value: rox-creds - - name: ROX_CENTRAL_ENDPOINT - value: rox-creds - - name: BUILD_IMAGE - value: "true" - - name: rox-deployment-check - runAfter: - - buildah-image-push - - sonarqube-scan - taskRef: - name: stakater-rox-deployment-check - kind: Task - params: - - name: ROX_API_TOKEN - value: rox-creds - - name: ROX_CENTRAL_ENDPOINT - value: rox-creds - - name: FILE - value: manifest.yaml - - name: DEPLOYMENT_FILES_PATH - value: deploy - workspaces: - - name: source - workspace: source - - name: checkov-scan - runAfter: - - buildah-image-push - - sonarqube-scan - taskRef: - name: stakater-checkov-scan - kind: Task - workspaces: - - name: source - workspace: source - - name: update-cd-repo - runAfter: - - trivy-scan - - rox-deployment-check - - rox-image-scan - - rox-image-check - - checkov-scan - taskRef: - kind: Task - name: stakater-github-update-cd-repo - params: - - name: IMAGE_TAG - value: $(tasks.create-git-tag.results.GIT_TAG) - - name: IMAGE_NAME - value: $(params.repo_path) - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: REPO_PATH - value: $(params.repo_path) - - name: GIT_REVISION - value: $(params.git_revision) - - name: ENVIRONMENT - value: dev - workspaces: - - name: source - workspace: source - - name: ssh-directory - workspace: cd-ssh-creds - - name: validate-environment - runAfter: - - update-cd-repo - taskRef: - kind: Task - name: stakater-validate-environment - params: - - name: TIMEOUT - value: "300" - - name: PR_NUMBER - value: $(params.pull_request_number) - workspaces: - - name: source - workspace: source - workspaces: # Mention Workspaces configuration - - name: source - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi - - name: ssh-directory # Using ssh-directory workspace for our task to have better security - secret: - secretName: git-ssh-creds # Created this secret earlier - - name: repo-token - secret: - secretName: git-pat-creds - - name: cd-ssh-creds - secret: - secretName: git-ssh-creds - ``` - - !!! note - Remember to add the remote task in the annotations - -1. Create a pull request with you changes. This should trigger the pipeline in the build namespace. - - ![validate-environment](images/validate-environment.png) - - ![validate-environment](images/validate-env-logs.png) - -Great! Let's add more tasks in our pipelineRun in coming tutorials. diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/22-add-validate-environment.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/22-add-validate-environment.md new file mode 100644 index 00000000..f5d9f7cc --- /dev/null +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/22-add-validate-environment.md @@ -0,0 +1,34 @@ +# Validate Environment + +## Objectives + +- Add `validate-environment` task to PipelineRun. +- Define parameters, workspaces, and tasks within the PipelineRun for building and deploying your application. + +## Key Results + +- Successfully create and execute the Tekton PipelineRun using the defined `.tekton/pullrequest.yaml` file, enabling automated CI/CD processes for your application. +- Tronador Environment deployment is validated. + +## Tutorial + +### Create PipelineRun with Validate Environment Task + +You have already created a PipelineRun in the previous tutorial. Let's now add another task [`validate-environment`](https://github.com/stakater-tekton-catalog/validate-environment) to it. + +1. Open up the PipelineRun file you created in the previous tutorial. +1. Now edit the file so the YAML becomes like the one given below. + + ```yaml + {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/validate_enviroment.yaml" %} + ``` + !!! note + Remember to add the remote task in the annotations + +1. Create a pull request with you changes. This should trigger the pipeline in the build namespace. + + ![validate-environment](images/validate-environment.png) + + ![validate-environment](images/validate-env-logs.png) + +Great! Let's add more tasks in our pipelineRun in coming tutorials. diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/22-add-comment-on-pr-md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/23-add-comment-on-pr.md similarity index 100% rename from content/for-developers/tutorials/outer-loop/add-ci-pipeline/22-add-comment-on-pr-md rename to content/for-developers/tutorials/outer-loop/add-ci-pipeline/23-add-comment-on-pr.md From ab165fc3cba093b7913f0455194dbde04ff26f8f Mon Sep 17 00:00:00 2001 From: stakater-nordmart-bot Date: Thu, 1 Aug 2024 15:04:35 +0200 Subject: [PATCH 3/5] format fixes --- .../08-add-create-environment.md | 1 + .../add-ci-pipeline/09-add-code-linting.md | 1 + .../add-ci-pipeline/10-add-kube-linting.md | 1 + .../add-ci-pipeline/11-add-unit-test.md | 1 + .../add-ci-pipeline/12-add-sonar-scan.md | 1 + .../13-add-buildah-image-build.md | 1 + .../14-add-buildah-image-push.md | 1 + .../add-ci-pipeline/15-add-trivy-scan.md | 1 + .../add-ci-pipeline/16-add-rox-image-scan.md | 1 + .../add-ci-pipeline/17-add-rox-image-check.md | 1 + .../18-add-rox-deployment-check.md | 1 + .../add-ci-pipeline/19-add-checkov-scan.md | 1 + .../add-ci-pipeline/20-add-helm-push.md | 1 + .../add-ci-pipeline/21-add-update-cd-repo.md | 1 + .../22-add-validate-environment.md | 1 + .../add-ci-pipeline/23-add-comment-on-pr.md | 355 +----------------- 16 files changed, 16 insertions(+), 354 deletions(-) diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/08-add-create-environment.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/08-add-create-environment.md index e7438e75..4ff85171 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/08-add-create-environment.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/08-add-create-environment.md @@ -23,6 +23,7 @@ The create environment task utilizes [Tronador](https://docs.stakater.com/tronad ```yaml {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/code_linting.yaml" %} ``` + **Notice** that we added another **workspace, repo-token** to the pipeline run. This workspace utilizes the git-pat-creds secret that we previously created and mounts it to the create-environment task. !!! note diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/09-add-code-linting.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/09-add-code-linting.md index b7b9278c..f49b2ef2 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/09-add-code-linting.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/09-add-code-linting.md @@ -22,6 +22,7 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a ```yaml {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/code_linting.yaml" %} ``` + !!! note Remember to add the remote task in the annotations ![code-lint-annotation](images/code-lint-annotation.png) diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/10-add-kube-linting.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/10-add-kube-linting.md index d281ad40..bc33675c 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/10-add-kube-linting.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/10-add-kube-linting.md @@ -22,6 +22,7 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a ```yaml {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/kube_linting.yaml" %} ``` + !!! note Remember to add the remote task in the annotations ![Kube-linting](images/kube-linting-annotation.png) diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/11-add-unit-test.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/11-add-unit-test.md index fc4e3742..a8cea1d7 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/11-add-unit-test.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/11-add-unit-test.md @@ -22,6 +22,7 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a ```yaml {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/unit_test.yaml" %} ``` + !!! note Remember to add the remote task in the annotations ![unit-test](images/unit-test-annotation.png) diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/12-add-sonar-scan.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/12-add-sonar-scan.md index ede523ef..16d6d01f 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/12-add-sonar-scan.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/12-add-sonar-scan.md @@ -22,6 +22,7 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a ```yaml {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/sonarqube_scan.yaml" %} ``` + **Notice** we have provided a parameter **SONAR_HOST_URL** to the sonar-scan task. You need to provide your SonarQube url here. You can get it from Forecastle. !!! note diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/13-add-buildah-image-build.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/13-add-buildah-image-build.md index 97d8e36a..4b66bfdd 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/13-add-buildah-image-build.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/13-add-buildah-image-build.md @@ -22,6 +22,7 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a ```yaml {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/buildah_image_build.yaml" %} ``` + !!! note Remember to add the remote task in the annotations ![buildah](images/buildah.png) diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/14-add-buildah-image-push.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/14-add-buildah-image-push.md index 67b2eacb..f4bca18c 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/14-add-buildah-image-push.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/14-add-buildah-image-push.md @@ -22,6 +22,7 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a ```yaml {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/buildah_image_push.yaml" %} ``` + !!! note Remember to add the remote task in the annotations ![buildah](images/buildah.png) diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/15-add-trivy-scan.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/15-add-trivy-scan.md index 8faf441d..55648e4b 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/15-add-trivy-scan.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/15-add-trivy-scan.md @@ -22,6 +22,7 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a ```yaml {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/trivy_scan.yaml" %} ``` + !!! note Remember to add the remote task in the annotations ![Trivy-scan](images/trivy-scan-annotation.png) diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/16-add-rox-image-scan.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/16-add-rox-image-scan.md index 558d253a..402a2c85 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/16-add-rox-image-scan.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/16-add-rox-image-scan.md @@ -22,6 +22,7 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a ```yaml {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/rox_image_scan.yaml" %} ``` + !!! note Remember to add the remote task in the annotations ![rox-image-scan](images/rox-image-scan-annotation.png) diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/17-add-rox-image-check.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/17-add-rox-image-check.md index 55ef9393..58a3d507 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/17-add-rox-image-check.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/17-add-rox-image-check.md @@ -21,6 +21,7 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a ```yaml {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/rox_image_check.yaml" %} ``` + !!! note Remember to add the remote task in the annotations ![rox-image-check](images/rox-image-check-annotation.png) diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/18-add-rox-deployment-check.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/18-add-rox-deployment-check.md index b6edc637..06b8ac42 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/18-add-rox-deployment-check.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/18-add-rox-deployment-check.md @@ -21,6 +21,7 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a ```yaml {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/rox_deployment_check.yaml" %} ``` + !!! note Remember to add the remote task in the annotations ![rox-deployment-check](images/rox-deployment-check-annotation.png) diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/19-add-checkov-scan.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/19-add-checkov-scan.md index 7d9ee30a..8b2e33b3 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/19-add-checkov-scan.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/19-add-checkov-scan.md @@ -22,6 +22,7 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a ```yaml {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/checkov_scan.yaml" %} ``` + !!! note Remember to add the remote task in the annotations ![checkov-scan](images/checkov-scan-annotation.png) diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/20-add-helm-push.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/20-add-helm-push.md index 827d60d7..0308da76 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/20-add-helm-push.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/20-add-helm-push.md @@ -22,6 +22,7 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a ```yaml {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/helm_push.yaml" %} ``` + !!! note Remember to add the remote task in the annotations diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/21-add-update-cd-repo.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/21-add-update-cd-repo.md index a3b04bf8..009b58ff 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/21-add-update-cd-repo.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/21-add-update-cd-repo.md @@ -22,6 +22,7 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a ```yaml {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/update_cd_repo.yaml" %} ``` + !!! note Remember to add the remote task in the annotations diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/22-add-validate-environment.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/22-add-validate-environment.md index f5d9f7cc..a371a06c 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/22-add-validate-environment.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/22-add-validate-environment.md @@ -22,6 +22,7 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a ```yaml {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/validate_enviroment.yaml" %} ``` + !!! note Remember to add the remote task in the annotations diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/23-add-comment-on-pr.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/23-add-comment-on-pr.md index 6d234d8b..011e4543 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/23-add-comment-on-pr.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/23-add-comment-on-pr.md @@ -20,360 +20,7 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a 1. Now edit the file so the YAML becomes like the one given below. ```yaml - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - name: pullrequest # pipelineRun name - annotations: - pipelinesascode.tekton.dev/on-event: "[pull_request]" # Trigger the pipelineRun on pull_request events on branch main - pipelinesascode.tekton.dev/on-target-branch: "main" - pipelinesascode.tekton.dev/task: "[git-clone, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-git-tag/0.0.12/task/stakater-create-git-tag/stakater-create-git-tag.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/create-environment/0.0.17/task/stakater-create-environment/stakater-create-environment.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/code-linting-mvn/0.0.4/task/stakater-code-linting/stakater-code-linting.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/kube-linting/0.0.7/task/stakater-kube-linting/stakater-kube-linting.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/unit-test/0.0.6/task/stakater-unit-test/stakater-unit-test.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/sonarqube-scan/0.0.19/task/stakater-sonarqube-scan/stakater-sonarqube-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/buildah-image-build/0.0.1/task/stakater-buildah-image-build/stakater-buildah-image-build.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/buildah-image-push/0.0.1/task/stakater-buildah-image-push/stakater-buildah-image-push.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/trivy-scan/0.0.4/task/stakater-trivy-scan/stakater-trivy-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/rox-image-scan/0.0.5/task/stakater-rox-image-scan/stakater-rox-image-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/rox-deployment-check/0.0.4/task/stakater-rox-deployment-check/stakater-rox-deployment-check.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/rox-image-check/0.0.9/task/stakater-rox-image-check/stakater-rox-image-check.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/checkov-scan/0.0.4/task/stakater-checkov-scan/stakater-checkov-scan.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/github-update-cd-repo/0.0.18/task/stakater-github-update-cd-repo/stakater-github-update-cd-repo.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/cosign/0.0.4/task/stakater-cosign/stakater-cosign.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/comment-on-pr/comment_route/helm/templates/task.yaml, - https://raw.githubusercontent.com/stakater-tekton-catalog/validate-environment/0.0.8/task/stakater-validate-environment/stakater-validate-environment.yaml]" # The tasks will be fetched from Tekton Hub. We can also provide direct links to yaml files - pipelinesascode.tekton.dev/max-keep-runs: "2" # Only remain 2 latest pipelineRuns on SAAP - spec: - params: - - name: repo_url - value: {{body.repository.ssh_url}} # Place your repo SSH URL - - name: git_revision - value: {{revision}} # Dynamic variable to fetch branch name of the push event on your repo - - name: repo_name - value: {{repo_name}} # Dynamic varaible to fetch repo name - - name: repo_path - value: "usermanagement-writeservice" - - name: git_branch - value: {{source_branch}} - - name: pull_request_number - value: {{pull_request_number}} - - name: organization - value: {{body.organization.login}} - pipelineSpec: # Define what parameters will be used for pipeline - params: - - name: repo_url - - name: git_revision - - name: repo_name - - name: repo_path - - name: pull_request_number - - name: organization - - name: git_branch - workspaces: # Mention what workspaces will be used by this pipeline to store data and used by data transferring between tasks - - name: source - - name: ssh-directory - tasks: # Mention what tasks will be used by this pipeline - - name: fetch-repository #Name what you want to call the task - taskRef: - name: git-clone # Name of tasks mentioned in tekton-catalog - kind: ClusterTask - workspaces: # Mention what workspaces will be used by this task - - name: output - workspace: source - - name: ssh-directory - workspace: ssh-directory - params: # Parameters will be used by this task - - name: depth - value: "0" - - name: url - value: $(params.repo_url) - - name: revision - value: $(params.git_revision) - - name: create-git-tag - runAfter: - - fetch-repository - taskRef: - name: stakater-create-git-tag - kind: Task - params: - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_REVISION - value: $(params.git_revision) - workspaces: - - name: source - workspace: source - - name: ssh-directory - workspace: ssh-directory - - name: stakater-create-environment - runAfter: - - create-git-tag - taskRef: - kind: Task - name: stakater-create-environment - params: - - name: CREATE_ON_CLUSTER - value: "true" - - name: REPO_NAME - value: $(params.repo_path) - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: GIT_URL - value: "" #Replace with your application repository Url - - name: GIT_BRANCH - value: $(params.git_branch) - - name: IMAGE_TAG - value: $(tasks.create-git-tag.results.GIT_TAG) - - name: PULL_REQUEST_COMMITS_API # Replace when not using Git - value: https://api.github.com/repos/$(params.organization)/$(params.repo_name)/pulls/$(params.pull_request_number)/commits - workspaces: - - name: output - workspace: source - - name: repo-token - workspace: repo-token - - name: code-linting - runAfter: - - stakater-create-environment - taskRef: - name: stakater-code-linting - kind: Task - workspaces: - - name: source - workspace: source - - name: kube-linting - runAfter: - - stakater-create-environment - taskRef: - name: stakater-kube-linting - kind: Task - params: - - name: FILE - value: manifest.yaml - - name: DEPLOYMENT_FILES_PATH - value: deploy - - name: NAMESPACE - value: arsenal-build - workspaces: - - name: source - workspace: source - - name: unit-test - runAfter: - - code-linting - - kube-linting - taskRef: - name: stakater-unit-test - kind: Task - workspaces: - - name: source - workspace: source - - name: sonarqube-scan - runAfter: - - unit-test - taskRef: - name: stakater-sonarqube-scan - kind: Task - params: - - name: SONAR_PROJECT_KEY - value: $(params.repo_path) - workspaces: - - name: source - workspace: source - - name: buildah-image-build - runAfter: - - unit-test - taskRef: - name: stakater-buildah-image-build - kind: Task - params: - - name: IMAGE_NAME - value: $(params.repo_path):$(tasks.create-git-tag.results.GIT_TAG) - - name: TLSVERIFY - value: "false" - - name: FORMAT - value: "docker" - - name: CURRENT_GIT_TAG - value: $(tasks.create-git-tag.results.CURRENT_GIT_TAG) - - name: REPO_NAME - value: $(params.repo_path) - workspaces: - - name: source - workspace: source - - name: buildah-image-push - runAfter: - - buildah-image-build - taskRef: - name: stakater-buildah-image-push - kind: Task - params: - - name: IMAGE_NAME - value: $(params.repo_path):$(tasks.create-git-tag.results.GIT_TAG) - - name: TLSVERIFY - value: "false" - - name: CURRENT_GIT_TAG - value: $(tasks.create-git-tag.results.CURRENT_GIT_TAG) - - name: REPO_NAME - value: $(params.repo_path) - workspaces: - - name: source - workspace: source - - name: trivy-scan - runAfter: - - buildah-image-push - - sonarqube-scan - taskRef: - name: stakater-trivy-scan - kind: Task - params: - - name: IMAGE_NAME - value: $(params.repo_path):$(tasks.create-git-tag.results.GIT_TAG) - workspaces: - - name: source - workspace: source - - name: rox-image-scan - runAfter: - - buildah-image-push - - sonarqube-scan - taskRef: - name: stakater-rox-image-scan - kind: Task - params: - - name: IMAGE_NAME - value: '$(params.repo_path):$(tasks.create-git-tag.results.GIT_TAG)' - - name: ROX_API_TOKEN - value: rox-creds - - name: ROX_CENTRAL_ENDPOINT - value: rox-creds - - name: OUTPUT_FORMAT - value: csv - - name: IMAGE_DIGEST - value: $(tasks.buildah-image-push.results.IMAGE_DIGEST) - - name: BUILD_IMAGE - value: "true" - - name: rox-image-check - runAfter: - - buildah-image-push - - sonarqube-scan - taskRef: - name: stakater-rox-image-check - kind: Task - params: - - name: IMAGE_NAME - value: '$(params.repo_path):$(tasks.create-git-tag.results.GIT_TAG)' - - name: ROX_API_TOKEN - value: rox-creds - - name: ROX_CENTRAL_ENDPOINT - value: rox-creds - - name: BUILD_IMAGE - value: "true" - - name: rox-deployment-check - runAfter: - - buildah-image-push - - sonarqube-scan - taskRef: - name: stakater-rox-deployment-check - kind: Task - params: - - name: ROX_API_TOKEN - value: rox-creds - - name: ROX_CENTRAL_ENDPOINT - value: rox-creds - - name: FILE - value: manifest.yaml - - name: DEPLOYMENT_FILES_PATH - value: deploy - workspaces: - - name: source - workspace: source - - name: checkov-scan - runAfter: - - buildah-image-push - - sonarqube-scan - taskRef: - name: stakater-checkov-scan - kind: Task - workspaces: - - name: source - workspace: source - - name: update-cd-repo - runAfter: - - trivy-scan - - rox-deployment-check - - rox-image-scan - - rox-image-check - - checkov-scan - taskRef: - kind: Task - name: stakater-github-update-cd-repo - params: - - name: IMAGE_TAG - value: $(tasks.create-git-tag.results.GIT_TAG) - - name: IMAGE_NAME - value: $(params.repo_path) - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: REPO_PATH - value: $(params.repo_path) - - name: GIT_REVISION - value: $(params.git_revision) - - name: ENVIRONMENT - value: dev - workspaces: - - name: source - workspace: source - - name: ssh-directory - workspace: cd-ssh-creds - - name: validate-environment - runAfter: - - update-cd-repo - taskRef: - kind: Task - name: stakater-validate-environment - params: - - name: TIMEOUT - value: "300" - - name: PR_NUMBER - value: $(params.pull_request_number) - workspaces: - - name: source - workspace: source - - name: comment-on-pr - runAfter: - - validate-environment - taskRef: - kind: Task - name: stakater-comment-on-pr - params: - - name: IMAGE_NAME - value: $(params.repo_path):$(tasks.create-git-tag.results.GIT_TAG) - - name: PR_NUMBER - value: $(params.pull_request_number) - - name: REPO_NAME - value: "$(params.organization)/$(params.repo_name)" - workspaces: - - name: source - workspace: source - - name: repo-token - workspace: repo-token - workspaces: # Mention Workspaces configuration - - name: source - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi - - name: ssh-directory # Using ssh-directory workspace for our task to have better security - secret: - secretName: git-ssh-creds # Created this secret earlier - - name: repo-token - secret: - secretName: git-pat-creds - - name: cd-ssh-creds - secret: - secretName: git-ssh-creds + {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/comment_on_pr.yaml" %} ``` !!! note From 9653ca2eeaa38aff91433a673725424e97e4c66c Mon Sep 17 00:00:00 2001 From: stakater-nordmart-bot Date: Thu, 1 Aug 2024 15:14:20 +0200 Subject: [PATCH 4/5] fix docs nav refrences --- theme_override/mkdocs.yml | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/theme_override/mkdocs.yml b/theme_override/mkdocs.yml index 2fa984ec..d96190ad 100644 --- a/theme_override/mkdocs.yml +++ b/theme_override/mkdocs.yml @@ -144,15 +144,17 @@ nav: - for-developers/tutorials/outer-loop/add-ci-pipeline/10-add-kube-linting.md - for-developers/tutorials/outer-loop/add-ci-pipeline/11-add-unit-test.md - for-developers/tutorials/outer-loop/add-ci-pipeline/12-add-sonar-scan.md - - for-developers/tutorials/outer-loop/add-ci-pipeline/13-add-buildah.md - - for-developers/tutorials/outer-loop/add-ci-pipeline/14-add-trivy-scan.md - - for-developers/tutorials/outer-loop/add-ci-pipeline/15-add-rox-image-scan.md - - for-developers/tutorials/outer-loop/add-ci-pipeline/16-add-rox-image-check.md - - for-developers/tutorials/outer-loop/add-ci-pipeline/17-add-rox-deployment-check.md - - for-developers/tutorials/outer-loop/add-ci-pipeline/18-add-checkov-scan.md - - for-developers/tutorials/outer-loop/add-ci-pipeline/19-add-helm-push.md - - for-developers/tutorials/outer-loop/add-ci-pipeline/20-add-update-cd-repo.md - - for-developers/tutorials/outer-loop/add-ci-pipeline/21-add-validate-environment.md + - for-developers/tutorials/outer-loop/add-ci-pipeline/13-add-buildah-image-build.md + - for-developers/tutorials/outer-loop/add-ci-pipeline/14-add-buildah-image-push.md + - for-developers/tutorials/outer-loop/add-ci-pipeline/15-add-trivy-scan.md + - for-developers/tutorials/outer-loop/add-ci-pipeline/16-add-rox-image-scan.md + - for-developers/tutorials/outer-loop/add-ci-pipeline/17-add-rox-image-check.md + - for-developers/tutorials/outer-loop/add-ci-pipeline/18-add-rox-deployment-check.md + - for-developers/tutorials/outer-loop/add-ci-pipeline/19-add-checkov-scan.md + - for-developers/tutorials/outer-loop/add-ci-pipeline/20-add-helm-push.md + - for-developers/tutorials/outer-loop/add-ci-pipeline/21-add-update-cd-repo.md + - for-developers/tutorials/outer-loop/add-ci-pipeline/22-add-validate-environment.md + - for-developers/tutorials/outer-loop/add-ci-pipeline/23-add-comment-on-pr.md - for-developers/tutorials/outer-loop/promote-application/promote-app.md - How-to guides: - for-developers/how-to-guides/add-a-new-environment-to-apps-gitops/add-a-new-environment-to-application.md From 3d9259732cab086baf1242ee1faf210a9c50045b Mon Sep 17 00:00:00 2001 From: stakater-nordmart-bot Date: Thu, 1 Aug 2024 15:33:58 +0200 Subject: [PATCH 5/5] spell fixes --- .../outer-loop/add-ci-pipeline/22-add-validate-environment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/22-add-validate-environment.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/22-add-validate-environment.md index a371a06c..d0eb7786 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/22-add-validate-environment.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/22-add-validate-environment.md @@ -20,7 +20,7 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a 1. Now edit the file so the YAML becomes like the one given below. ```yaml - {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/validate_enviroment.yaml" %} + {% include "https://raw.githubusercontent.com/NordMart/review-api/main/.tekton/validate_environment.yaml" %} ``` !!! note