Add pipeline to use on tag release

Signed-off-by: Chmouel Boudjnah <[email protected]>

Author: chmouel

.goreleaser.yml

@@ -0,0 +1,91 @@
+# This is an example goreleaser.yaml file with some sane defaults.
+# Make sure to check the documentation at http://goreleaser.com
+builds:
+- env:
+  - CGO_ENABLED=0
+  main: ./cmd/tkn-pac
+  binary: tkn-pac
+  goos:
+  - linux
+  - darwin
+  - windows
+  goarch:
+  - amd64
+archives:
+- name_template: "{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
+  replacements:
+    darwin: Darwin
+    linux: Linux
+    windows: Windows
+    386: i386
+    amd64: x86_64
+  format_overrides:
+    - goos: windows
+      format: zip
+checksum:
+  name_template: 'checksums.txt'
+snapshot:
+  name_template: "{{ .Tag }}-next"
+changelog:
+  sort: asc
+  filters:
+    exclude:
+    - '^docs:'
+    - '^test:'
+    - Merge pull request
+    - Merge branch
+release:
+  prerelease: true
+  header: |
+    ## OpenShift Pipelines version $VERSION
+
+    OpenShift Pipelines as Code version  has been released 🥳
+
+    To install this version you can just do :
+
+    ```shell
+    kubectl apply -f https://raw.githubusercontent.com/openshift-pipelines/pipelines-as-code/release-$VERSION/release-$VERSION.yaml
+    ```
+
+    and make sure you follow the setup documentation :
+
+    https://github.com/openshift-pipelines/pipelines-as-code/tree/main/INSTALL.md
+
+brews:
+  - name: tektoncd-pac
+    tap:
+      owner: openshift-pipelines
+      name: homebrew-pipelines-as-code
+    folder: Formula
+    dependencies:
+      - name: tektoncd-cli
+        type: optional
+      - name: git
+    homepage: "https://github.com/openshift-pipelines/pipelines-as-code"
+    description: Tekton PAC - The command line interface for interacting with Pipelines as Code
+    install: |
+      bin.install "tkn-pac" => "tkn-pac"
+      output = Utils.popen_read("SHELL=bash #{bin}/tkn-pac completion bash")
+      (bash_completion/"tkn-pac").write output
+      output = Utils.popen_read("SHELL=zsh #{bin}/tkn-pac completion zsh")
+      (zsh_completion/"_tkn-pac").write output
+      prefix.install_metafiles
+nfpms:
+  - file_name_template: "tektoncd-cli-{{.Version}}_{{.Os}}-{{.Arch}}"
+    homepage: https://github.com/openshift-pipelines/pipelines-as-code
+    description: Command line interface to OpenShift Pipelines as Code
+    maintainer: OpenShift Pipelines Developers <[email protected]>
+    license: BSD
+    vendor: Red Hat
+    formats:
+    - deb
+    - rpm
+    bindir: /usr/bin
+    replacements:
+      amd64: 64bit
+      386: 32bit
+      arm: ARM
+      arm64: ARM64
+      darwin: macOS
+      linux: Linux
+      windows: Windows

.tekton/release-pipeline.yaml

@@ -0,0 +1,97 @@
+---
+apiVersion: tekton.dev/v1beta1
+kind: PipelineRun
+metadata:
+  name: release-pipeline
+  annotations:
+    pipelinesascode.tekton.dev/on-event: "[push]"
+    pipelinesascode.tekton.dev/on-target-branch: "[refs/tags/*]"
+    pipelinesascode.tekton.dev/task: "[git-clone, .tekton/tasks/goreleaser.yaml]"
+    pipelinesascode.tekton.dev/max-keep-runs: "5"
+spec:
+  params:
+    - name: repo_url
+      value: "{{repo_url}}"
+    - name: revision
+      value: "{{revision}}"
+  pipelineSpec:
+    params:
+      - name: repo_url
+      - name: revision
+    workspaces:
+      - name: source
+    tasks:
+      - name: fetch-repository
+        taskRef:
+          name: git-clone
+        workspaces:
+          - name: output
+            workspace: source
+        params:
+          - name: url
+            value: $(params.repo_url)
+          - name: revision
+            value: $(params.revision)
+      - name: release-yaml
+        runAfter:
+          - fetch-repository
+        workspaces:
+          - name: source
+            workspace: source
+        taskSpec:
+          workspaces:
+            - name: source
+          steps:
+            - name: push-release-to-branch
+              image: registry.access.redhat.com/ubi8/python-39:latest
+              workingDir: $(workspaces.source.path)
+              env:
+                - name: HUB_TOKEN
+                  valueFrom:
+                    secretKeyRef:
+                      name: "nightly-ci-github-hub-token"
+                      key: "hub-token"
+              script: |
+                #!/usr/bin/env bash
+                set -euf
+                set -x
+                git fetch --tag -v
+                version=$(git  --no-pager tag --points-at HEAD)
+                [[ -z ${version} ]] && {
+                    echo "No tags detected"
+                    exit
+                }
+                msg="Release version ${version}"
+                echo ${msg}
+                export TARGET_BRANCH=${version}
+                hack/upload-file-to-github.py \
+                    --message "Release yaml generated for Release ${TARGET_BRANCH}" \
+                    --owner-repository openshift-pipelines/pipelines-as-code \
+                    --token ${HUB_TOKEN} \
+                    --from-tag=refs/tags/${TARGET_BRANCH} \
+                    -d release-${TARGET_BRANCH}.yaml -f <(./hack/generate-releaseyaml.sh)
+                exit 0
+      - name: gorelease
+        runAfter:
+          - release-yaml
+        taskRef:
+          name: goreleaser
+        params:
+          - name: package
+            value: github.com/openshift-pipelines/pipelines-as-code
+          - name: github-token-secret
+            value: "nightly-ci-github-hub-token"
+          - name: github-token-secret-key
+            value: "hub-token"
+        workspaces:
+          - name: source
+            workspace: source
+  workspaces:
+  - name: source
+    volumeClaimTemplate:
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        resources:
+          requests:
+            storage: 1Gi

.tekton/tasks/goreleaser.yaml

@@ -0,0 +1,52 @@
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: goreleaser
+  labels:
+    app.kubernetes.io/version: "0.1"
+  annotations:
+    tekton.dev/pipelines.minVersion: "0.12.1"
+    tekton.dev/tags: golang, release-automation, package
+    tekton.dev/displayName: "GoReleaser"
+spec:
+  description: >-
+    GoReleaser builds Go binaries for several platforms.
+
+    It creates a GitHub release and then pushes a Homebrew formula to a tap repository.
+  workspaces:
+    - name: source
+      mountPath: /workspace/src/$(params.package)
+      description: >-
+        The workspace containing the Go source code
+        which needs to be released.
+  params:
+    - name: package
+      description: base package to build in
+    - name: github-token-secret
+      description: name of the secret holding the github-token
+      default: bot-token-github
+    - name: github-token-secret-key
+      description: name of the secret key holding the github-token
+      default: bot-token
+    - name: flags
+      description: flags to pass to `goreleaser release`
+      default: --timeout=30m
+  steps:
+    - name: pull
+      image: docker.io/goreleaser/goreleaser
+      workingDir: $(workspaces.source.path)
+      script: |
+        git status; git fetch -p --all
+    - name: release
+      image: docker.io/goreleaser/goreleaser
+      workingDir: $(workspaces.source.path)
+      script: |
+        goreleaser release $(params.flags)
+      env:
+        - name: GOPATH
+          value: /workspace
+        - name: GITHUB_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: $(params.github-token-secret)
+              key: $(params.github-token-secret-key)

INSTALL.MD

@@ -0,0 +1,127 @@
+# Install
+
+## Pipelines as Code Install
+
+To install Pipelines as Code on your server you simply need to run this command :
+
+```shell
+VERSION=0.1
+kubectl apply -f https://raw.githubusercontent.com/openshift-pipelines/pipelines-as-code/release-$VERSION/release-$VERSION.yaml
+```
+
+If you would like to install the current developement version you can simply install it like this :
+
+```shell
+kubectl apply -f https://raw.githubusercontent.com/openshift-pipelines/pipelines-as-code/nightly/release.yaml
+```
+
+It will apply the release.yaml to your kubernetes cluster, creating the
+admin namespace `pipelines-as-code`, the roles and all other bits needed.
+
+The `pipelines-as-code` namespace is where all the admin pipelinerun are run,
+they are supposed to be accesible only by the admin.
+
+You will need then to have events from github or others coming through to your
+EventListenner so follow the next steps on how to do that.
+
+### Github configuration
+
+To setup Pipelines as Code on Github, you need to have a Github App created.
+
+You need the Webhook of the app pointing to your Ingress endpoint which would
+then go to the triggers enventlistenner/service.
+
+You need to make sure you have those permissions and events checked on the
+GitHub app :
+
+```json
+             "default_permissions": {
+                 "checks": "write",
+                 "contents": "write",
+                 "issues": "write",
+                 "members": "read",
+                 "metadata": "read",
+                 "organization_plan": "read",
+                 "pull_requests": "write"
+             },
+             "default_events": [
+                 "commit_comment",
+                 "issue_comment",
+                 "pull_request",
+                 "pull_request_review",
+                 "pull_request_review_comment",
+                 "push"
+             ]
+```
+
+When you have created the `github-app-secret` Secret, grab the private key the
+`application_id` and the `webhook_secret`  from the interface, place the private
+key in a file named for example `/tmp/github.app.key` and issue those commands :
+
+```bash
+% kubectl -n pipelines-as-code create secret generic github-app-secret \
+        --from-literal private.key="$(cat /tmp/github.app.key)"
+        --from-literal application_id="APPLICATION_ID_NUMBER" \
+        --from-literal webhook.secret="WEBHOOK_SECRET"
+```
+
+This secret is used to generate a token on behalf of the user running the event
+and make sure to validate the webhook via the webhook secret.
+
+You will then need to make sure to expose the `EventListenner` via a
+[Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) or a
+[OpenShift
+Route](https://docs.openshift.com/container-platform/latest/networking/routes/route-configuration.html)
+so GitHub can get send the webhook to it.
+
+### GitHub Enteprise
+
+Pipelines as Code supports Github Enterprise.
+
+You don't need to do anything special to get Pipelines as code working with GHE.
+Pipelines as code will automatically detects the header as set from GHE and use it  the GHE API auth url instead of the public github.
+
+## Configuration
+
+There is a few things you can configure via the configmap `pipelines-as-code` in
+the `pipelines-as-code` namespace.
+
+- **application-name**: The name of the application showing for example in the
+  GitHub Checks labels. Default to `"Pipelines as Code"`
+- **max-keep-days**: The number of the day to keep the PR runs in the
+  `pipelines-as-code` namespace, see below for more details about it..
+
+### PR cleanups in pipelines-as-code admin namespace
+
+We install by default a cron that cleanups the PR generated on events in pipelines-as-code
+namespace. The crons runs every hour and by default cleanups pipelineruns over a
+day. If you would like to change the max number of days to keep you can change the
+key `max-keep-days` in the `pipelines-as-code` configmap. This configmap
+setting doens't affect the cleanups of the user's PR controlled by the
+annotations.
+
+## OpenShift Pipelines CLI
+
+OpenShift Pipelines CLI offer a easy to use CLI to manage your repositories status.
+
+## Binary releases
+
+You can grab the latest binary directly from the
+[releases](https://github.com/openshift-pipelines/pipelines-as-code/releases)
+page.
+
+## Dev release
+
+If you want to install from the git repository you can just do :
+
+```shell
+go install github.com/openshift-pipelines/pipelines-as-code/cmd/tkn-pac
+```
+
+## Brew release
+
+On LinuxBrew or OSX brew you can simply add the tap :
+
+```shell
+brew install openshift-pipelines/pipelines-as-code/tektoncd-pac
+```