Merge pull request #166 from tnevrlka/azure-source-repo

Add Azure source-repo pipeline

Author: tnevrlka

Makefile

@@ -6,6 +6,7 @@ FILES=\
   generated/source-repo/jenkins/Jenkinsfile \
   generated/source-repo/githubactions/.github/workflows/build-and-update-gitops.yml \
   generated/source-repo/gitlabci/.gitlab-ci.yml \
+  generated/source-repo/azure/azure-pipelines.yml \
   \
   generated/gitops-template/jenkins/Jenkinsfile \
   generated/gitops-template/githubactions/.github/workflows/gitops-promotion.yml \
@@ -37,7 +38,8 @@ endef
 TARGET_DIRS=\
   jenkins \
   githubactions/.github/workflows \
-  gitlabci
+  gitlabci \
+  azure
 
 define targets_for_ci_type
 generated/source-repo/$(1)/%: templates/source-repo/%.njk templates/data.yaml

generated/source-repo/azure/azure-pipelines.yml

@@ -0,0 +1,91 @@
+# Generated from templates/source-repo/azure-pipelines.yml.njk. Do not edit directly.
+
+trigger:
+- main
+
+pool:
+  name: resourcehub
+
+container:
+  image: quay.io/redhat-appstudio/rhtap-task-runner:latest
+  options: --privileged
+
+steps:
+  - bash: |
+      echo "• init"
+      bash /work/rhtap/init.sh
+    name: Init
+    env:
+      ROX_API_TOKEN: $(ROX_API_TOKEN)
+      GITOPS_AUTH_PASSWORD: $(GITOPS_AUTH_PASSWORD)
+      # Set this password for your specific registry
+      IMAGE_REGISTRY_PASSWORD: $(IMAGE_REGISTRY_PASSWORD)
+      # QUAY_IO_CREDS_PSW: $(QUAY_IO_CREDS_PSW)
+      # ARTIFACTORY_IO_CREDS_PSW: $(ARTIFACTORY_IO_CREDS_PSW)
+      # NEXUS_IO_CREDS_PSW: $(NEXUS_IO_CREDS_PSW)
+      COSIGN_SECRET_PASSWORD: $(COSIGN_SECRET_PASSWORD)
+      COSIGN_SECRET_KEY: $(COSIGN_SECRET_KEY)
+  - bash: |
+      echo "• buildah-rhtap"
+      bash /work/rhtap/buildah-rhtap.sh
+      echo "• cosign-sign-attest"
+      bash /work/rhtap/cosign-sign-attest.sh
+    name: Build
+    env:
+      ROX_API_TOKEN: $(ROX_API_TOKEN)
+      GITOPS_AUTH_PASSWORD: $(GITOPS_AUTH_PASSWORD)
+      # Set this password for your specific registry
+      IMAGE_REGISTRY_PASSWORD: $(IMAGE_REGISTRY_PASSWORD)
+      # QUAY_IO_CREDS_PSW: $(QUAY_IO_CREDS_PSW)
+      # ARTIFACTORY_IO_CREDS_PSW: $(ARTIFACTORY_IO_CREDS_PSW)
+      # NEXUS_IO_CREDS_PSW: $(NEXUS_IO_CREDS_PSW)
+      COSIGN_SECRET_PASSWORD: $(COSIGN_SECRET_PASSWORD)
+      COSIGN_SECRET_KEY: $(COSIGN_SECRET_KEY)
+  - bash: |
+      echo "• update-deployment"
+      bash /work/rhtap/update-deployment.sh
+    name: Deploy
+    env:
+      ROX_API_TOKEN: $(ROX_API_TOKEN)
+      GITOPS_AUTH_PASSWORD: $(GITOPS_AUTH_PASSWORD)
+      # Set this password for your specific registry
+      IMAGE_REGISTRY_PASSWORD: $(IMAGE_REGISTRY_PASSWORD)
+      # QUAY_IO_CREDS_PSW: $(QUAY_IO_CREDS_PSW)
+      # ARTIFACTORY_IO_CREDS_PSW: $(ARTIFACTORY_IO_CREDS_PSW)
+      # NEXUS_IO_CREDS_PSW: $(NEXUS_IO_CREDS_PSW)
+      COSIGN_SECRET_PASSWORD: $(COSIGN_SECRET_PASSWORD)
+      COSIGN_SECRET_KEY: $(COSIGN_SECRET_KEY)
+  - bash: |
+      echo "• acs-deploy-check"
+      bash /work/rhtap/acs-deploy-check.sh
+      echo "• acs-image-check"
+      bash /work/rhtap/acs-image-check.sh
+      echo "• acs-image-scan"
+      bash /work/rhtap/acs-image-scan.sh
+    name: Scan
+    env:
+      ROX_API_TOKEN: $(ROX_API_TOKEN)
+      GITOPS_AUTH_PASSWORD: $(GITOPS_AUTH_PASSWORD)
+      # Set this password for your specific registry
+      IMAGE_REGISTRY_PASSWORD: $(IMAGE_REGISTRY_PASSWORD)
+      # QUAY_IO_CREDS_PSW: $(QUAY_IO_CREDS_PSW)
+      # ARTIFACTORY_IO_CREDS_PSW: $(ARTIFACTORY_IO_CREDS_PSW)
+      # NEXUS_IO_CREDS_PSW: $(NEXUS_IO_CREDS_PSW)
+      COSIGN_SECRET_PASSWORD: $(COSIGN_SECRET_PASSWORD)
+      COSIGN_SECRET_KEY: $(COSIGN_SECRET_KEY)
+  - bash: |
+      echo "• show-sbom-rhdh"
+      bash /work/rhtap/show-sbom-rhdh.sh
+      echo "• summary"
+      bash /work/rhtap/summary.sh
+    name: Summary
+    env:
+      ROX_API_TOKEN: $(ROX_API_TOKEN)
+      GITOPS_AUTH_PASSWORD: $(GITOPS_AUTH_PASSWORD)
+      # Set this password for your specific registry
+      IMAGE_REGISTRY_PASSWORD: $(IMAGE_REGISTRY_PASSWORD)
+      # QUAY_IO_CREDS_PSW: $(QUAY_IO_CREDS_PSW)
+      # ARTIFACTORY_IO_CREDS_PSW: $(ARTIFACTORY_IO_CREDS_PSW)
+      # NEXUS_IO_CREDS_PSW: $(NEXUS_IO_CREDS_PSW)
+      COSIGN_SECRET_PASSWORD: $(COSIGN_SECRET_PASSWORD)
+      COSIGN_SECRET_KEY: $(COSIGN_SECRET_KEY)

templates/data.yaml

@@ -23,10 +23,10 @@ build_variables:
     if: 'isGitLab'
 
   - name: IMAGE_REGISTRY_USER
-    if: 'isGitHub'
+    if: 'isGitHub || isAzure'
     comment: "Set this to the user for your specific registry"
   - name: IMAGE_REGISTRY_USER
-    if: '!isGitHub'
+    if: '!isGitHub && !isAzure'
     commented_out: true
     comment: "Set this to the user for your specific registry"
 
@@ -67,30 +67,30 @@ build_secrets:
   - name: GITOPS_AUTH_PASSWORD
 
   - name: IMAGE_REGISTRY_PASSWORD
-    if: 'isGitHub'
-    comment: "Set this password for your specific registry" 
+    if: 'isGitHub || isAzure'
+    comment: "Set this password for your specific registry"
   - name: IMAGE_REGISTRY_PASSWORD
-    if: '!isGitHub'
+    if: '!isGitHub && !isAzure'
     commented_out: true
     comment: "Set this password for your specific registry" 
 
   - name: QUAY_IO_CREDS
     if: isJenkins
-    comment: "Default registry is set to quay.io" 
+    comment: "Default registry is set to quay.io"
   - name: QUAY_IO_CREDS_PSW
     if: '!isJenkins' 
     commented_out: true
 
   - name: ARTIFACTORY_IO_CREDS
     if: isJenkins
-    commented_out: true 
+    commented_out: true
   - name: ARTIFACTORY_IO_CREDS_PSW
     if: '!isJenkins'  
     commented_out: true
 
   - name: NEXUS_IO_CREDS
     if: isJenkins
-    commented_out: true 
+    commented_out: true
   - name: NEXUS_IO_CREDS_PSW
     if: '!isJenkins'  
     commented_out: true
@@ -176,13 +176,13 @@ gitops_secrets:
     commented_out: true 
   - name: ARTIFACTORY_IO_CREDS
     if: isJenkins
-    commented_out: true 
+    commented_out: true
   - name: ARTIFACTORY_IO_CREDS_PSW
     if: '!isJenkins'  
     commented_out: true 
   - name: NEXUS_IO_CREDS
     if: isJenkins
-    commented_out: true 
+    commented_out: true
   - name: NEXUS_IO_CREDS_PSW
     if: '!isJenkins'  
     commented_out: true

templates/partials/azure-step.njk

@@ -0,0 +1,19 @@
+- bash: |
+{%- filter indent(2) -%}
+{%- for substep in step.substeps %}
+  echo "• {{ substep }}"
+  bash /work/rhtap/{{ substep }}.sh
+{%- endfor %}
+name: {{ step.name | title }}
+env:
+{%- filter indent(2) -%}
+{%- for secret in secrets %}
+{%- if secret | eval_if_condition %}
+{%- if secret.comment %}
+# {{ secret.comment }}
+{%- endif %}
+{% if secret.commented_out %}# {% endif %}{{ secret.name }}: $({{ secret.name}})
+{%- endif %}
+{%- endfor %}
+{%- endfilter -%}
+{%- endfilter -%}

templates/source-repo/azure-pipelines.yml.njk

@@ -0,0 +1,19 @@
+{%- include "do-not-edit.njk" -%}
+{%- set secrets = build_secrets -%}
+
+trigger:
+- main
+
+pool:
+  name: resourcehub
+
+container:
+  image: quay.io/redhat-appstudio/rhtap-task-runner:latest
+  options: --privileged
+
+steps:
+{%- filter indent(2) -%}
+{%- for step in build_steps %}
+{% include "azure-step.njk" %}
+{%- endfor -%}
+{%- endfilter -%}