ISV-3489 and ISV-3490 create community operator pipelines, listener and triggers (#440)

tomasbakk · web-flow · commit c70cfd3c8288 · 2023-05-04T16:24:05.000+02:00
* [ISV-3490] create route event listeners and triggers for comm pipelines

* merge isv3489 and ISV3490 together

* add separate event listener

* rm dev env

* change names
diff --git a/ansible/roles/operator-pipeline/tasks/community-hosted-pipeline-trigger.yml b/ansible/roles/operator-pipeline/tasks/community-hosted-pipeline-trigger.yml
@@ -0,0 +1,108 @@
+---
+- name: Create trigger enabling running Community hosted pipeline via Github webhook
+  tags:
+    - triggers
+  block:
+    - name: Create Community hosted pipeline Trigger Binding
+      k8s:
+        state: present
+        namespace: "{{ oc_namespace }}"
+        definition:
+          apiVersion: triggers.tekton.dev/v1alpha1
+          kind: TriggerBinding
+          metadata:
+            name: community-operator-hosted-pipeline-trigger-binding
+            labels:
+              app: operator-pipeline
+              suffix: "{{ suffix }}"
+              env: "{{ env }}"
+          spec:
+            params:
+              - name: git_repo_url
+                value: $(body.pull_request.base.repo.clone_url)
+              - name: git_pr_branch
+                value: $(body.pull_request.head.ref)
+              - name: git_fork_url
+                value: $(body.pull_request.head.repo.clone_url)
+              - name: git_pr_url
+                value: $(body.pull_request.html_url)
+              - name: git_pr_title
+                value: $(body.pull_request.title)
+              - name: git_username
+                value: $(body.pull_request.user.login)
+              - name: git_commit
+                value: $(body.pull_request.head.sha)
+              - name: env
+                value: "{{ env }}"
+              - name: pipeline_image
+                value: "{{ operator_pipeline_image_pull_spec }}"
+
+    - name: Create Community hosted pipeline Trigger template
+      k8s:
+        state: present
+        namespace: "{{ oc_namespace }}"
+        definition:
+          apiVersion: triggers.tekton.dev/v1alpha1
+          kind: TriggerTemplate
+          metadata:
+            name: community-operator-hosted-pipeline-trigger-template
+            labels:
+              app: operator-pipeline
+              suffix: "{{ suffix }}"
+              env: "{{ env }}"
+          spec:
+            params:
+              - name: git_repo_url
+              - name: git_pr_branch
+              - name: git_fork_url
+              - name: git_pr_url
+              - name: git_pr_title
+              - name: git_username
+              - name: git_commit
+              - name: env
+              - name: pipeline_image
+            resourcetemplates:
+              - apiVersion: tekton.dev/v1beta1
+                kind: PipelineRun
+                metadata:
+                  generateName: community-hosted-pipeline-run
+                  labels:
+                    app: operator-pipeline
+                    suffix: "{{ suffix }}"
+                    env: "{{ env }}"
+                    git_commit: $(tt.params.git_commit)
+                  annotations:
+                    git_pull_request_url: $(tt.params.git_pr_url)
+                    git_pull_request_title: $(tt.params.git_pr_title)
+                spec:
+                  timeout: "2h"
+                  pipelineRef:
+                    name: community-hosted-pipeline
+                  params:
+                    - name: git_repo_url
+                      value: $(tt.params.git_repo_url)
+                    - name: git_pr_branch
+                      value: $(tt.params.git_pr_branch)
+                    - name: git_fork_url
+                      value: $(tt.params.git_fork_url)
+                    - name: git_pr_url
+                      value: $(tt.params.git_pr_url)
+                    - name: git_pr_title
+                      value: $(tt.params.git_pr_title)
+                    - name: git_username
+                      value: $(tt.params.git_username)
+                    - name: git_commit
+                      value: $(tt.params.git_commit)
+                    - name: env
+                      value: $(tt.params.env)
+                    - name: pipeline_image
+                      value: $(tt.params.pipeline_image)
+                  workspaces:
+                    - name: repository
+                      volumeClaimTemplate:
+                        spec:
+                          accessModes:
+                            - ReadWriteOnce
+                          resources:
+                            requests:
+                              storage: 5Gi
diff --git a/ansible/roles/operator-pipeline/tasks/community-pipeline-event-listener.yml b/ansible/roles/operator-pipeline/tasks/community-pipeline-event-listener.yml
@@ -0,0 +1,87 @@
+---
+- name: Create event listener allowing triggering the community pipelines via Github webhook
+  tags:
+    - triggers
+  block:
+    - name: Create event listener
+      k8s:
+        state: present
+        namespace: "{{ oc_namespace }}"
+        definition:
+          apiVersion: triggers.tekton.dev/v1alpha1
+          kind: EventListener
+          metadata:
+            name: community-operator-pipeline-github-listener
+            labels:
+              app: operator-pipeline
+              suffix: "{{ suffix }}"
+              env: "{{ env }}"
+          spec:
+            serviceAccountName: pipeline
+            triggers:
+              # run community hosted pipeline on PR opened, reopened, synchronized
+              - name: github-community-pull-request-listener
+                interceptors:
+                  - github:
+                      secretRef:
+                        secretName: github-webhook-secret
+                        secretKey: webhook-secret
+                      eventTypes:
+                        - pull_request
+                  - cel:
+                      filter: >-
+                        (
+                          header.match("X-GitHub-Event", "pull_request")
+                          && body.action in ["opened", "reopened", "synchronize"]
+                          && body.pull_request.base.ref == "{{ branch }}"
+                        )
+                bindings:
+                  - ref: community-operator-hosted-pipeline-trigger-binding
+                template:
+                  ref: community-operator-hosted-pipeline-trigger-template
+              # run community release pipeline on merged PR
+              - name: github-community-pull-request-listener
+                interceptors:
+                  - github:
+                      secretRef:
+                        secretName: github-webhook-secret
+                        secretKey: webhook-secret
+                      eventTypes:
+                        - pull_request
+                  - cel:
+                      filter: >-
+                        (
+                          header.match("X-GitHub-Event", "pull_request")
+                          && body.action == "closed"
+                          && body.pull_request.base.ref == "{{ branch }}"
+                          && body.pull_request.merged == true
+                          && body.sender.login == "rh-operator-bundle-bot"
+                        )
+                bindings:
+                  - ref: community-operator-release-pipeline-trigger-binding
+                template:
+                  ref: community-operator-release-pipeline-trigger-template
+
+    - name: Create community pipeline trigger route
+      k8s:
+        state: present
+        namespace: "{{ oc_namespace }}"
+        definition:
+          apiVersion: route.openshift.io/v1
+          kind: route
+          metadata:
+            labels:
+              eventlistener: community-operator-pipeline-github-listener
+              app: operator-pipeline
+              suffix: "{{ suffix }}"
+              env: "{{ env }}"
+            name: operator-pipeline
+          spec:
+            port:
+              targetPort: http-listener
+            tls:
+              termination: edge
+            to:
+              kind: Service
+              # el- prefix means, that the service was created by EventListener.
+              name: el-community-operator-pipeline-github-listener
diff --git a/ansible/roles/operator-pipeline/tasks/community-release-pipeline-trigger.yml b/ansible/roles/operator-pipeline/tasks/community-release-pipeline-trigger.yml
@@ -0,0 +1,101 @@
+---
+- name: Create trigger enabling running Community release pipeline via GitHub webhook
+  tags:
+    - triggers
+  block:
+    - name: Create Community release pipeline Trigger Binding
+      k8s:
+        state: present
+        namespace: "{{ oc_namespace }}"
+        definition:
+          apiVersion: triggers.tekton.dev/v1alpha1
+          kind: TriggerBinding
+          metadata:
+            name: community-operator-release-pipeline-trigger-binding
+            labels:
+              app: operator-pipeline
+              suffix: "{{ suffix }}"
+              env: "{{ env }}"
+          spec:
+            params:
+              - name: git_repo_url
+                value: $(body.pull_request.base.repo.clone_url)
+              - name: git_base_branch
+                value: $(body.pull_request.base.ref)
+              - name: git_pr_url
+                value: $(body.pull_request.html_url)
+              - name: git_username
+                value: $(body.pull_request.user.login)
+              - name: git_commit
+                value: $(body.pull_request.merge_commit_sha)
+              - name: env
+                value: "{{ env }}"
+              - name: pipeline_image
+                value: "{{ operator_pipeline_image_pull_spec }}"
+
+    - name: Create Community release pipeline Trigger Binding
+      k8s:
+        state: present
+        namespace: "{{ oc_namespace }}"
+        definition:
+          apiVersion: triggers.tekton.dev/v1alpha1
+          kind: TriggerTemplate
+          metadata:
+            name: community-operator-release-pipeline-trigger-template
+            labels:
+              app: operator-pipeline
+              suffix: "{{ suffix }}"
+              env: "{{ env }}"
+          spec:
+            params:
+              - name: git_repo_url
+              - name: git_base_branch
+              - name: git_pr_url
+              - name: git_pr_title
+              - name: git_username
+              - name: git_commit
+              - name: env
+              - name: pipeline_image
+            resourcetemplates:
+              - apiVersion: tekton.dev/v1beta1
+                kind: PipelineRun
+                metadata:
+                  generateName: community-release-pipeline-run
+                  labels:
+                    app: operator-pipeline
+                    suffix: "{{ suffix }}"
+                    env: "{{ env }}"
+                    git_commit: $(tt.params.git_commit)
+                  annotations:
+                    git_pull_request_url: $(tt.params.git_pr_url)
+                    git_pull_request_title: $(tt.params.git_pr_title)
+                spec:
+                  timeout: "1h30m0s"
+                  pipelineRef:
+                    name: community-release-pipeline
+                  params:
+                    - name: git_repo_url
+                      value: $(tt.params.git_repo_url)
+                    - name: git_base_branch
+                      value: $(tt.params.git_base_branch)
+                    - name: git_pr_url
+                      value: $(tt.params.git_pr_url)
+                    - name: git_pr_title
+                      value: $(tt.params.git_pr_title)
+                    - name: git_username
+                      value: $(tt.params.git_username)
+                    - name: git_commit
+                      value: $(tt.params.git_commit)
+                    - name: env
+                      value: $(tt.params.env)
+                    - name: pipeline_image
+                      value: $(tt.params.pipeline_image)
+                  workspaces:
+                    - name: repository
+                      volumeClaimTemplate:
+                        spec:
+                          accessModes:
+                            - ReadWriteOnce
+                          resources:
+                            requests:
+                              storage: 100Mi
diff --git a/ansible/roles/operator-pipeline/tasks/main.yml b/ansible/roles/operator-pipeline/tasks/main.yml
@@ -68,6 +68,8 @@
       with_items:
         - ../templates/openshift/pipelines/operator-hosted-pipeline.yml
         - ../templates/openshift/pipelines/operator-release-pipeline.yml
+        - ../templates/openshift/pipelines/community-release-pipeline.yml
+        - ../templates/openshift/pipelines/community-hosted-pipeline.yml
 
     - name: Deploy CI pipeline
       tags:
@@ -97,8 +99,11 @@
 
 
     - include_tasks: tasks/operator-pipeline-event-listener.yml
+    - include_tasks: tasks/community-pipeline-event-listener.yml
     - include_tasks: tasks/operator-hosted-pipeline-trigger.yml
     - include_tasks: tasks/operator-release-pipeline-trigger.yml
+    - include_tasks: tasks/community-hosted-pipeline-trigger.yml
+    - include_tasks: tasks/community-release-pipeline-trigger.yml
 
     - include_tasks: tasks/community-signing.yml
 
diff --git a/ansible/roles/operator-pipeline/templates/openshift/pipelines/community-hosted-pipeline.yml b/ansible/roles/operator-pipeline/templates/openshift/pipelines/community-hosted-pipeline.yml
@@ -0,0 +1,39 @@
+---
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+  name: community-hosted-pipeline
+spec:
+  params:
+    - name: git_repo_url
+    - name: git_pr_branch
+    - name: git_fork_url
+    - name: git_pr_url
+    - name: git_pr_title
+    - name: git_username
+    - name: git_commit
+    - name: env
+    - name: pipeline_image
+      default: "quay.io/redhat-isv/operator-pipelines-images:released"
+  workspaces:
+    - name: repository
+    - name: ssh-dir
+      optional: true
+  tasks:
+    - name: clone-repository
+      taskRef:
+        name: git-clone
+        kind: Task
+      params:
+        - name: url
+          value: $(params.git_fork_url)
+        - name: revision
+          value: $(params.git_pr_branch)
+        - name: gitInitImage
+          value: registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8@sha256:bc551c776fb3d0fcc6cfd6d8dc9f0030de012cb9516fac42b1da75e6771001d9
+      workspaces:
+        - name: output
+          workspace: repository
+          subPath: src
+        - name: ssh-directory
+          workspace: ssh-dir
diff --git a/ansible/roles/operator-pipeline/templates/openshift/pipelines/community-release-pipeline.yml b/ansible/roles/operator-pipeline/templates/openshift/pipelines/community-release-pipeline.yml
@@ -0,0 +1,38 @@
+---
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+  name: community-release-pipeline
+spec:
+  params:
+    - name: git_repo_url
+    - name: git_base_branch
+    - name: git_pr_title
+    - name: git_pr_url
+    - name: git_username
+    - name: git_commit
+    - name: env
+    - name: pipeline_image
+      default: "quay.io/redhat-isv/operator-pipelines-images:released"
+  workspaces:
+    - name: repository
+    - name: ssh-dir
+      optional: true
+  tasks:
+    - name: clone-repository
+      taskRef:
+        name: git-clone
+        kind: Task
+      params:
+        - name: url
+          value: $(params.git_repo_url)
+        - name: revision
+          value: $(params.git_base_branch)
+        - name: gitInitImage
+          value: registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8@sha256:bc551c776fb3d0fcc6cfd6d8dc9f0030de012cb9516fac42b1da75e6771001d9
+      workspaces:
+        - name: output
+          workspace: repository
+          subPath: src
+        - name: ssh-directory
+          workspace: ssh-dir
