├── .github ├── CODEOWNERS ├── ISSUE_TEMPLATE │ ├── major-release.md │ ├── minor-release.md │ ├── patch-release.md │ ├── deliver_missing_module.md │ ├── bug_report.md │ ├── feature_request.md │ └── request_sesheta.yaml └── PULL_REQUEST_TEMPLATE.md ├── docs ├── arch.png ├── quay-robots.png ├── multiple-deployments.png ├── gather-metrics-deployments-pipeline.jpg ├── onboarding.md ├── adr │ ├── 0001-use-gpl3-as-license.md │ ├── 0000-use-markdown-architectural-decision-records.md │ └── template.md ├── .aicoe-ci.yaml ├── thoth-bots-setup.md ├── gather-metrics-deployments-pipeline.md └── how-to-contribute.md ├── manifests └── overlays │ ├── moc │ ├── put-into-infra-namespace.yaml │ ├── secret-generator.yaml │ ├── route.yaml │ ├── tekton-dashboard.yaml │ ├── configmap.yaml │ ├── serviceaccount.yaml │ ├── role.yaml │ ├── kustomization.yaml │ ├── binding.yaml │ ├── openshift-pipeline-rolebinding.yaml │ ├── cleanup-cronjob.yaml │ ├── thoth-notification.yaml │ └── tekton-dashboard-release.yaml │ └── ocp │ ├── put-into-infra-namespace.yaml │ ├── secret-generator.yaml │ ├── configmap.yaml │ ├── serviceaccount.yaml │ ├── role.yaml │ ├── kustomization.yaml │ ├── binding.yaml │ ├── ultrahook.yaml │ ├── cleanup-cronjob.yaml │ └── thoth-notification.yaml ├── setup-instance ├── ultrahook-secrets.yaml ├── tekton-setup.sh ├── instance-secrets.yaml ├── ultrahook.yaml └── kustomization.yaml ├── .thoth.yaml ├── .gitmodules ├── .sops.yaml ├── fixtures ├── status.json ├── pr-source-list └── tektonpr.json ├── OWNERS ├── .gitignore ├── .prow.yaml ├── triggertemplate ├── kustomization.yaml ├── git-tag-template.yaml ├── git-model-template.yaml ├── onboarding-issue-template.yaml ├── git-issue-template.yaml ├── git-pr-template.yaml └── z-stream-release-template.yaml ├── trigger ├── kustomization.yaml ├── git-push-binding.yaml ├── webhook-tag-binding.yaml ├── git-tag-binding.yaml ├── git-model-binding.yaml ├── git-pr-binding.yaml ├── git-issue-comment-binding.yaml ├── z-stream-release-binding.yaml ├── onboarding-issue-binding.yaml ├── git-issue-binding.yaml └── eventlistener.yaml ├── pipeline ├── kustomization.yaml ├── z-stream-release-pipeline.yaml ├── z-stream-update-rhods.yaml ├── onboarding-issue-pipeline.yaml ├── overlays-release-pipeline.yaml ├── gather-deployment-metrics-setup-pipeline.yaml └── gather-deployment-metrics-pipeline.yaml ├── tasks ├── github-release-taskrun.yaml ├── tag-check.yaml ├── gather-metrics-clean-task.yaml ├── gather-metrics-discover-route.yaml ├── upload-pypi.yaml ├── kustomization.yaml ├── pr-merge.yaml ├── example-issue.yaml ├── upload-pulp-pypi.yaml ├── gather-metrics-deploy-manifests.yaml ├── example-pr-checks.yaml ├── resource.yaml ├── gather-metrics-configuration.yaml ├── gather-metrics-pipeline-watch-task.yaml ├── tag-sibling.yaml ├── custom-pipeline.yaml ├── github-release.yaml ├── gather-metrics-provide-task.yaml ├── tox-checks.yaml ├── tag-build.yaml ├── status-task.yaml ├── base-image-update.yaml ├── gather-metrics-check-inputs.yaml ├── z-stream-release-task.yaml ├── issue-pypi-release-task.yaml ├── test-thoth-github-action.yaml ├── z-stream-update-rhods-task.yaml ├── pre-commit-check.yaml ├── pre-commit-py38-check.yaml ├── overlay-deploy-task.yaml └── create-github-release.yaml ├── example-taskruns ├── github-release-taskrun.yaml └── create-github-release-taskrun.yaml ├── conditions ├── overlay-deploy.yaml ├── kustomization.yaml ├── action-check.yaml ├── issue-check.yaml ├── sibling-check.yaml ├── custom-pipeline-check.yaml ├── build-check.yaml ├── deployment-check.yaml ├── config-check.yaml ├── upload-pulp-pypi-check.yaml ├── deploy-comment-check.yaml ├── overlays-set.yaml ├── retest-comment-check.yaml ├── overlays-pipeline-check.yaml └── upload-pypi-check.yaml ├── .pre-commit-config.yaml ├── aicoe └── aicoe-ci │ └── __init__.py └── kustomization.yaml /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @goern @harshad16 @fridex 2 | -------------------------------------------------------------------------------- /docs/arch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AICoE/aicoe-ci/HEAD/docs/arch.png -------------------------------------------------------------------------------- /docs/quay-robots.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AICoE/aicoe-ci/HEAD/docs/quay-robots.png -------------------------------------------------------------------------------- /docs/multiple-deployments.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AICoE/aicoe-ci/HEAD/docs/multiple-deployments.png -------------------------------------------------------------------------------- /manifests/overlays/moc/put-into-infra-namespace.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /metadata/namespace 3 | value: "thoth-infra-prod" 4 | -------------------------------------------------------------------------------- /manifests/overlays/ocp/put-into-infra-namespace.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /metadata/namespace 3 | value: "thoth-infra-stage" 4 | -------------------------------------------------------------------------------- /docs/gather-metrics-deployments-pipeline.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AICoE/aicoe-ci/HEAD/docs/gather-metrics-deployments-pipeline.jpg -------------------------------------------------------------------------------- /manifests/overlays/moc/secret-generator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: viaduct.ai/v1 2 | kind: ksops 3 | metadata: 4 | name: thoth-secret-generator 5 | files: 6 | - ./secrets.enc.yaml 7 | -------------------------------------------------------------------------------- /manifests/overlays/ocp/secret-generator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: viaduct.ai/v1 2 | kind: ksops 3 | metadata: 4 | name: thoth-secret-generator 5 | files: 6 | - ./secrets.enc.yaml 7 | -------------------------------------------------------------------------------- /docs/onboarding.md: -------------------------------------------------------------------------------- 1 | # AICoE CI/CD Service Onboarding 2 | 3 | ## Required Team on GitHub 4 | 5 | ### Team's access to your Repository 6 | 7 | ## Add repository to test-infra/ 8 | -------------------------------------------------------------------------------- /setup-instance/ultrahook-secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: ultrahook 6 | type: Opaque 7 | data: 8 | api.key: 9 | -------------------------------------------------------------------------------- /.thoth.yaml: -------------------------------------------------------------------------------- 1 | managers: 2 | - name: info 3 | - name: version 4 | configuration: 5 | assignees: 6 | - sesheta 7 | labels: [bot] 8 | changelog_file: true 9 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "tektoncd-catalog"] 2 | path = catalog 3 | url = https://github.com/tektoncd/catalog.git 4 | branch = v1beta1 5 | [submodule "catalog"] 6 | branch = v1beta1 7 | -------------------------------------------------------------------------------- /manifests/overlays/ocp/configmap.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ConfigMap 3 | apiVersion: v1 4 | metadata: 5 | name: aicoe-ci-ceph 6 | data: 7 | endpoint: "https://s3.upshift.redhat.com/" 8 | bucket: "thoth" 9 | -------------------------------------------------------------------------------- /.sops.yaml: -------------------------------------------------------------------------------- 1 | creation_rules: 2 | - encrypted_regex: '^(tls|data|stringData)$' 3 | pgp: "87FC5D0ACF3AA48FCC029086262A80E41BCEEBF7, EFDB9AFBD18936D9AB6B2EECBD2C73FF891FBC7E, 0508677DD04952D06A943D5B4DC4116D360E3276" 4 | -------------------------------------------------------------------------------- /fixtures/status.json: -------------------------------------------------------------------------------- 1 | cat < /workspace/output/pr/status/check.json 2 | { 3 | "State": "$code", 4 | "Target": "https://example.com/build/status", 5 | "Desc": "$description", 6 | "Label": "aicoe-ci/check" 7 | } 8 | EOF 9 | -------------------------------------------------------------------------------- /OWNERS: -------------------------------------------------------------------------------- 1 | # See the OWNERS docs at https://go.k8s.io/owners 2 | 3 | approvers: 4 | - codificat 5 | - harshad16 6 | - goern 7 | - gregory-pereira 8 | reviewers: 9 | - codificat 10 | - harshad16 11 | - gregory-pereira 12 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/major-release.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Major release 3 | about: Create a new major release 4 | title: New major release 5 | assignees: 'sesheta' 6 | labels: bot 7 | --- 8 | 9 | Hey, Kebechet! 10 | 11 | Create a new major release, please. 12 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/minor-release.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Minor release 3 | about: Create a new minor release 4 | title: New minor release 5 | assignees: 'sesheta' 6 | labels: bot 7 | --- 8 | 9 | Hey, Kebechet! 10 | 11 | Create a new minor release, please. 12 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/patch-release.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Patch release 3 | about: Create a new patch release 4 | title: New patch release 5 | assignees: 'sesheta' 6 | labels: bot 7 | --- 8 | 9 | Hey, Kebechet! 10 | 11 | Create a new patch release, please. 12 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | secrets.yaml 2 | secrets-*.yaml 3 | secrets/ 4 | thoth-ci.2020-04-14.private-key.pem 5 | application_default_credentials.json 6 | custom-role/ 7 | examples/ 8 | setup.sh 9 | teardown.sh 10 | tekton-setup.sh 11 | .env 12 | .vscode 13 | .lock 14 | -------------------------------------------------------------------------------- /manifests/overlays/moc/route.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: route.openshift.io/v1 2 | kind: Route 3 | metadata: 4 | name: el-aicoe-ci-listener 5 | spec: 6 | port: 7 | targetPort: http-listener 8 | to: 9 | kind: Service 10 | name: el-aicoe-ci-listener 11 | weight: 100 12 | wildcardPolicy: None 13 | -------------------------------------------------------------------------------- /manifests/overlays/ocp/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: aicoe-ci 6 | labels: 7 | app: aicoe-ci 8 | secrets: 9 | - name: auth-secret 10 | --- 11 | apiVersion: v1 12 | kind: ServiceAccount 13 | metadata: 14 | name: aicoe-ci-webhook 15 | labels: 16 | app: aicoe-ci 17 | -------------------------------------------------------------------------------- /manifests/overlays/moc/tekton-dashboard.yaml: -------------------------------------------------------------------------------- 1 | kind: Route 2 | apiVersion: route.openshift.io/v1 3 | metadata: 4 | name: tekton-route53 5 | namespace: tekton-pipelines 6 | annotations: 7 | kubernetes.io/tls-acme: "true" 8 | spec: 9 | host: tekton.operate-first.cloud 10 | to: 11 | kind: Service 12 | name: tekton-dashboard 13 | -------------------------------------------------------------------------------- /manifests/overlays/moc/configmap.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ConfigMap 3 | apiVersion: v1 4 | metadata: 5 | name: aicoe-ci-ceph 6 | data: 7 | endpoint: "https://s3-openshift-storage.apps.smaug.na.operate-first.cloud" 8 | bucket: "thoth" 9 | namespace: "opf-ci-pipelines" 10 | thanos-endpoint: "http://thanos-query-frontend-opf-observatorium.apps.smaug.na.operate-first.cloud/" 11 | -------------------------------------------------------------------------------- /.prow.yaml: -------------------------------------------------------------------------------- 1 | presubmits: 2 | - name: pre-commit 3 | decorate: true 4 | skip_report: false 5 | always_run: true 6 | context: aicoe-ci/prow/pre-commit 7 | spec: 8 | containers: 9 | - image: quay.io/thoth-station/thoth-precommit-py38:v0.13.0 10 | command: 11 | - "pre-commit" 12 | - "run" 13 | - "--all-files" 14 | -------------------------------------------------------------------------------- /triggertemplate/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # This templates are to serve the tekton trigger v0.8.1 and above 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - git-issue-template.yaml 6 | - git-model-template.yaml 7 | - git-pr-template.yaml 8 | - git-tag-template.yaml 9 | - onboarding-issue-template.yaml 10 | - z-stream-release-template.yaml 11 | -------------------------------------------------------------------------------- /trigger/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - eventlistener.yaml 5 | - git-issue-binding.yaml 6 | - git-issue-comment-binding.yaml 7 | - git-model-binding.yaml 8 | - git-pr-binding.yaml 9 | - git-tag-binding.yaml 10 | - onboarding-issue-binding.yaml 11 | - webhook-tag-binding.yaml 12 | - z-stream-release-binding.yaml 13 | -------------------------------------------------------------------------------- /trigger/git-push-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: triggers.tekton.dev/v1alpha1 2 | kind: TriggerBinding 3 | metadata: 4 | name: git-push-binding 5 | labels: 6 | app: aicoe-ci 7 | 8 | spec: 9 | params: 10 | - name: head_commit_hash 11 | value: $(body.head) 12 | - name: default_branch 13 | value: $(body.repository.default_branch) 14 | - name: ssh_url 15 | value: $(body.repository.ssh_url) 16 | -------------------------------------------------------------------------------- /manifests/overlays/moc/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: aicoe-ci 6 | labels: 7 | app: aicoe-ci 8 | secrets: 9 | - name: auth-secret 10 | imagePullSecrets: 11 | - name: aicoe-pusher-secret 12 | - name: aicoe-ci-dockercfg-r2v9t 13 | --- 14 | apiVersion: v1 15 | kind: ServiceAccount 16 | metadata: 17 | name: aicoe-ci-webhook 18 | labels: 19 | app: aicoe-ci 20 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | ## Related Issues and Dependencies 2 | 3 | … 4 | 5 | ## This introduces a breaking change 6 | 7 | - [ ] Yes 8 | - [ ] No 9 | 10 | 11 | 12 | ## This Pull Request implements 13 | 14 | … Explain your changes. 15 | 16 | ## Description 17 | 18 | 19 | -------------------------------------------------------------------------------- /pipeline/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - gather-deployment-metrics-pipeline.yaml 5 | - gather-deployment-metrics-setup-pipeline.yaml 6 | - issue-pipeline.yaml 7 | - onboarding-issue-pipeline.yaml 8 | - overlays-release-pipeline.yaml 9 | - pull-request-pipeline.yaml 10 | - tag-release-pipeline.yaml 11 | - z-stream-release-pipeline.yaml 12 | - z-stream-update-rhods.yaml 13 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/deliver_missing_module.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Deliver Missing Module 3 | about: 'Based on a git tag, release the missing module to PyPI' 4 | title: Deliver Missing Module 5 | assignees: sesheta 6 | labels: bot 7 | --- 8 | 9 | Hey, AICoE-CI! 10 | 11 | Please deliver the package module for the following tag, as it missing on PyPI: 12 | 13 | Tag: x.y.z 14 | 15 | 16 | -------------------------------------------------------------------------------- /tasks/github-release-taskrun.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: TaskRun 3 | metadata: 4 | name: build-go-binaries-run 5 | spec: 6 | taskRef: 7 | name: build-go-binaries 8 | params: 9 | - name: git_organization 10 | value: "operate-first" 11 | - name: git_repository 12 | value: "opfcli" 13 | - name: git_tag 14 | value: "v0.2.0" 15 | - name: build_strategy_OS_x_ARCH 16 | value: "linux-arm linux-arm64 linux-amd64 darwin-amd64" 17 | -------------------------------------------------------------------------------- /example-taskruns/github-release-taskrun.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: TaskRun 3 | metadata: 4 | name: build-go-binaries-run 5 | spec: 6 | taskRef: 7 | name: build-go-binaries 8 | params: 9 | - name: git_organization 10 | value: "operate-first" 11 | - name: git_repository 12 | value: "opfcli" 13 | - name: git_tag 14 | value: "v0.2.0" 15 | - name: build_strategy_OS_x_ARCH 16 | value: "linux-arm|linux-arm64|linux-amd64|darwin-amd64" 17 | -------------------------------------------------------------------------------- /setup-instance/tekton-setup.sh: -------------------------------------------------------------------------------- 1 | oc new-project tekton-pipelines 2 | oc adm policy add-scc-to-user anyuid -z tekton-pipelines-controller 3 | oc apply --filename https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.11.3/release.notags.yaml 4 | oc apply --filename https://storage.googleapis.com/tekton-releases/triggers/previous/v0.4.0/release.yaml 5 | oc apply --filename https://github.com/tektoncd/dashboard/releases/download/v0.6.1.5/tekton-dashboard-release.yaml 6 | oc expose svc/tekton-dashboard 7 | -------------------------------------------------------------------------------- /trigger/webhook-tag-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: triggers.tekton.dev/v1alpha1 2 | kind: TriggerBinding 3 | metadata: 4 | name: webhook-tag-binding 5 | labels: 6 | app: aicoe-ci 7 | spec: 8 | params: 9 | - name: git_ref 10 | value: $(body.ref) 11 | - name: git_ref_type 12 | value: $(body.ref_type) 13 | - name: repo_name 14 | value: $(body.repo_name) 15 | - name: repo_url 16 | value: $(body.repo_url) 17 | - name: default_branch 18 | value: $(body.default_branch) 19 | -------------------------------------------------------------------------------- /trigger/git-tag-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: triggers.tekton.dev/v1alpha1 2 | kind: TriggerBinding 3 | metadata: 4 | name: git-tag-binding 5 | labels: 6 | app: aicoe-ci 7 | spec: 8 | params: 9 | - name: git_ref 10 | value: $(body.ref) 11 | - name: git_ref_type 12 | value: $(body.ref_type) 13 | - name: repo_name 14 | value: $(body.repository.name) 15 | - name: repo_url 16 | value: $(body.repository.html_url) 17 | - name: default_branch 18 | value: $(body.repository.default_branch) 19 | -------------------------------------------------------------------------------- /conditions/overlay-deploy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1alpha1 2 | kind: Condition 3 | metadata: 4 | name: overlay-deploy 5 | spec: 6 | params: 7 | - name: deploy 8 | type: string 9 | resources: 10 | - name: repo 11 | type: git 12 | check: 13 | image: quay.io/thoth-station/s2i-thoth-ubi8-py36:latest 14 | workingDir: /workspace/repo 15 | script: | 16 | #!/usr/libexec/platform-python 17 | if "$(params.deploy)" == "deploy": 18 | exit(0) 19 | else: 20 | exit(1) 21 | -------------------------------------------------------------------------------- /conditions/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - action-check.yaml 5 | - build-check.yaml 6 | - config-check.yaml 7 | - custom-pipeline-check.yaml 8 | - deploy-comment-check.yaml 9 | - deployment-check.yaml 10 | - issue-check.yaml 11 | - overlay-deploy.yaml 12 | - overlays-pipeline-check.yaml 13 | - overlays-set.yaml 14 | - retest-comment-check.yaml 15 | - sibling-check.yaml 16 | - upload-pulp-pypi-check.yaml 17 | - upload-pypi-check.yaml 18 | -------------------------------------------------------------------------------- /fixtures/pr-source-list: -------------------------------------------------------------------------------- 1 | 2 | total 8 3 | drwxr-sr-x. 6 1000320000 1000320000 98 Mar 6 16:22 . 4 | drwxrwsrwx. 4 root 1000320000 37 Mar 6 16:22 .. 5 | -rwx------. 1 1000320000 1000320000 115 Mar 6 16:22 base.json 6 | drwxr-sr-x. 2 1000320000 1000320000 23 Mar 6 16:22 comments 7 | drwxr-sr-x. 3 1000320000 1000320000 56 Mar 6 16:22 github 8 | -rwx------. 1 1000320000 1000320000 113 Mar 6 16:22 head.json 9 | drwxr-sr-x. 2 1000320000 1000320000 23 Mar 6 16:22 labels 10 | drwxr-sr-x. 2 1000320000 1000320000 6 Mar 6 16:22 status 11 | -------------------------------------------------------------------------------- /manifests/overlays/moc/role.yaml: -------------------------------------------------------------------------------- 1 | kind: Role 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: aicoe-ci-role 5 | labels: 6 | app: aicoe-ci 7 | rules: 8 | - apiGroups: ["triggers.tekton.dev"] 9 | resources: ["eventlisteners", "triggerbindings", "triggertemplates"] 10 | verbs: ["get"] 11 | - apiGroups: [""] 12 | resources: ["configmaps", "secrets", "serviceaccounts"] 13 | verbs: ["get", "list", "watch"] 14 | - apiGroups: ["tekton.dev"] 15 | resources: ["pipelineruns", "pipelineresources", "taskruns"] 16 | verbs: ["create"] 17 | -------------------------------------------------------------------------------- /manifests/overlays/ocp/role.yaml: -------------------------------------------------------------------------------- 1 | kind: Role 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: aicoe-ci-role 5 | labels: 6 | app: aicoe-ci 7 | rules: 8 | - apiGroups: ["triggers.tekton.dev"] 9 | resources: ["eventlisteners", "triggerbindings", "triggertemplates"] 10 | verbs: ["get"] 11 | - apiGroups: [""] 12 | resources: ["configmaps", "secrets", "serviceaccounts"] 13 | verbs: ["get", "list", "watch"] 14 | - apiGroups: ["tekton.dev"] 15 | resources: ["pipelineruns", "pipelineresources", "taskruns"] 16 | verbs: ["create"] 17 | -------------------------------------------------------------------------------- /trigger/git-model-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: triggers.tekton.dev/v1alpha1 2 | kind: TriggerBinding 3 | metadata: 4 | name: git-model-binding 5 | labels: 6 | app: aicoe-ci 7 | spec: 8 | params: 9 | - name: event_action 10 | value: $(body.action) 11 | - name: pr_number 12 | value: $(body.number) 13 | - name: pr_repo 14 | value: $(body.repository.name) 15 | - name: pr_url 16 | value: $(body.pull_request.html_url) 17 | - name: repo_url 18 | value: $(body.repository.html_url) 19 | - name: default_branch 20 | value: $(body.repository.default_branch) 21 | -------------------------------------------------------------------------------- /tasks/tag-check.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: tag-check 5 | labels: 6 | app: aicoe-ci 7 | spec: 8 | params: 9 | - name: git_ref_type 10 | description: Type of ref Tag or Branch. 11 | - name: pipelinerun_name 12 | description: pipelinerun associated. 13 | steps: 14 | - name: init-ops 15 | image: quay.io/openshift/origin-cli:latest 16 | script: | 17 | if [ "$(params.git_ref_type)" == "tag" ]; then 18 | exit 0 19 | else 20 | oc delete pipelinerun $(params.pipelinerun_name) 21 | fi 22 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | labels: kind/bug 5 | --- 6 | 7 | **Describe the bug** 8 | A clear and concise description of what the bug is. 9 | 10 | **To Reproduce** 11 | Steps to reproduce the behavior: 12 | 1. Go to '...' 13 | 2. Click on '....' 14 | 3. Scroll down to '....' 15 | 4. See error 16 | 17 | **Expected behavior** 18 | A clear and concise description of what you expected to happen. 19 | 20 | **Screenshots** 21 | If applicable, add screenshots to help explain your problem. 22 | 23 | **Additional context** 24 | Add any other context about the problem here. 25 | -------------------------------------------------------------------------------- /conditions/action-check.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1alpha1 2 | kind: Condition 3 | metadata: 4 | name: action-check 5 | spec: 6 | params: 7 | - name: event_action 8 | type: string 9 | - name: required_action 10 | type: string 11 | resources: 12 | - name: ubi 13 | type: image 14 | check: 15 | image: $(resources.inputs.ubi.url) 16 | securityContext: 17 | privileged: true 18 | script: | 19 | ACTION="$(params.required_action)" 20 | echo $(params.event_action) 21 | if echo $ACTION | grep -w $(params.event_action) > /dev/null; then 22 | exit 0 23 | else 24 | exit 1 25 | fi 26 | -------------------------------------------------------------------------------- /conditions/issue-check.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1alpha1 2 | kind: Condition 3 | metadata: 4 | name: issue-check 5 | spec: 6 | params: 7 | - name: issue_title 8 | description: Type of Issue. 9 | - name: issue_pipeline_title 10 | description: Issue to be served by pipeline task. 11 | - name: pipelinerun_name 12 | description: pipelinerun associated. 13 | - name: event_action 14 | type: string 15 | check: 16 | image: quay.io/openshift/origin-cli:latest 17 | script: | 18 | if [ "$(params.issue_title)" == "$(params.issue_pipeline_title)" ]; then 19 | exit 0 20 | else 21 | exit 1 22 | fi 23 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | labels: kind/feature 5 | --- 6 | 7 | **Is your feature request related to a problem? Please describe.** 8 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 9 | 10 | **Describe the solution you'd like** 11 | A clear and concise description of what you want to happen. 12 | 13 | **Describe alternatives you've considered** 14 | A clear and concise description of any alternative solutions or features you've considered. 15 | 16 | **Additional context** 17 | Add any other context or screenshots about the feature request here. 18 | -------------------------------------------------------------------------------- /conditions/sibling-check.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1alpha1 2 | kind: Condition 3 | metadata: 4 | name: sibling-check 5 | spec: 6 | resources: 7 | - name: repo 8 | type: git 9 | check: 10 | image: quay.io/thoth-station/s2i-thoth-ubi8-py36:v0.14.3 11 | workingDir: /workspace/repo 12 | script: | 13 | #!/usr/libexec/platform-python 14 | import yaml 15 | import os 16 | 17 | if os.path.isfile('.aicoe-ci.yaml'): 18 | with open(".aicoe-ci.yaml", "r") as stream: 19 | conf = yaml.safe_load(stream) 20 | 21 | if conf.get("sibling"): 22 | exit(0) 23 | else: 24 | exit(1) 25 | else: 26 | exit(1) 27 | -------------------------------------------------------------------------------- /tasks/gather-metrics-clean-task.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: gather-metrics-clean-task 5 | labels: 6 | app: aicoe-ci 7 | spec: 8 | params: 9 | - name: pr_number 10 | description: Pull request ID. 11 | - name: pr_repo 12 | description: The git repository pr was raised to. 13 | 14 | steps: 15 | - name: oc-remove-all 16 | image: quay.io/openshift/origin-cli:latest 17 | script: | 18 | oc delete dc -l component=$(params.pr_repo)-pr-$(params.pr_number) 19 | oc delete route -l component=$(params.pr_repo)-pr-$(params.pr_number) 20 | oc delete service -l component=$(params.pr_repo)-pr-$(params.pr_number) 21 | -------------------------------------------------------------------------------- /conditions/custom-pipeline-check.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1alpha1 2 | kind: Condition 3 | metadata: 4 | name: custom-pipeline-check 5 | spec: 6 | resources: 7 | - name: repo 8 | type: git 9 | - name: ubi 10 | type: image 11 | check: 12 | image: quay.io/harshad16/yq:latest 13 | workingDir: /workspace/repo 14 | script: | 15 | if [[ ! -f .aicoe-ci.yaml ]]; then 16 | cat < .aicoe-ci.yaml 17 | EOF 18 | fi 19 | check_list=$(yq r -j .aicoe-ci.yaml check) 20 | out=$(echo "$check_list" | grep -w "thoth-custom-build") 21 | exit_code=$? 22 | if [[ $exit_code -ne 0 ]]; then 23 | exit 1 24 | else 25 | exit 0 26 | fi 27 | -------------------------------------------------------------------------------- /trigger/git-pr-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: triggers.tekton.dev/v1alpha1 2 | kind: TriggerBinding 3 | metadata: 4 | name: git-pr-binding 5 | labels: 6 | app: aicoe-ci 7 | spec: 8 | params: 9 | - name: event_action 10 | value: $(body.action) 11 | - name: pr_number 12 | value: $(body.number) 13 | - name: pr_repo 14 | value: $(body.repository.name) 15 | - name: repo_full_name 16 | value: $(body.repository.full_name) 17 | - name: pr_url 18 | value: $(body.pull_request.html_url) 19 | - name: repo_url 20 | value: $(body.repository.html_url) 21 | - name: ssh_url 22 | value: $(body.repository.ssh_url) 23 | - name: default_branch 24 | value: $(body.repository.default_branch) 25 | -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | repos: 3 | - repo: https://github.com/asottile/add-trailing-comma 4 | rev: v2.1.0 5 | hooks: 6 | - id: add-trailing-comma 7 | 8 | - repo: https://github.com/Lucas-C/pre-commit-hooks 9 | rev: v1.1.10 10 | hooks: 11 | - id: remove-tabs 12 | 13 | - repo: https://github.com/pre-commit/pre-commit-hooks 14 | rev: v4.0.1 15 | hooks: 16 | - id: trailing-whitespace 17 | - id: check-merge-conflict 18 | - id: end-of-file-fixer 19 | - id: check-added-large-files 20 | - id: check-byte-order-marker 21 | - id: check-case-conflict 22 | - id: check-yaml 23 | args: [--allow-multiple-documents] 24 | - id: check-symlinks 25 | - id: detect-private-key 26 | -------------------------------------------------------------------------------- /conditions/build-check.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1alpha1 2 | kind: Condition 3 | metadata: 4 | name: build-check 5 | spec: 6 | resources: 7 | - name: repo 8 | type: git 9 | check: 10 | image: quay.io/thoth-station/s2i-thoth-ubi8-py36:v0.14.3 11 | workingDir: /workspace/repo 12 | script: | 13 | #!/usr/libexec/platform-python 14 | import yaml 15 | import os 16 | 17 | if os.path.isfile('.aicoe-ci.yaml'): 18 | with open(".aicoe-ci.yaml", "r") as stream: 19 | conf = yaml.safe_load(stream) 20 | 21 | if conf.get("build"): 22 | exit(0) 23 | else: 24 | exit(1) 25 | else: 26 | print("Configuration file unavailable") 27 | exit(1) 28 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/request_sesheta.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Help with Sesheta invite 3 | description: "Create a request to accept invitation for sesheta." 4 | title: "Help with Sesheta invite" 5 | labels: [area/cyborgs, bot, sig/cyborgs] 6 | assignees: [goern, harshad16] 7 | body: 8 | - type: markdown 9 | attributes: 10 | value: "Sesheta invite are to be manually accepted. Thank you for your patience." 11 | - type: input 12 | id: github-repo-url 13 | attributes: 14 | label: GitHub Repo 15 | description: | 16 | Provide the github repository url where Sesheta was invite as contributor 17 | placeholder: https://github.com/thoth-station/support 18 | validations: 19 | required: true 20 | -------------------------------------------------------------------------------- /conditions/deployment-check.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1alpha1 2 | kind: Condition 3 | metadata: 4 | name: deployment-check 5 | spec: 6 | resources: 7 | - name: repo 8 | type: git 9 | check: 10 | image: quay.io/thoth-station/s2i-thoth-ubi8-py36:v0.14.3 11 | workingDir: /workspace/repo 12 | script: | 13 | #!/usr/libexec/platform-python 14 | import yaml 15 | import os 16 | 17 | if os.path.isfile('.aicoe-ci.yaml'): 18 | with open(".aicoe-ci.yaml", "r") as stream: 19 | conf = yaml.safe_load(stream) 20 | 21 | if conf.get("deploy"): 22 | exit(0) 23 | else: 24 | exit(1) 25 | else: 26 | print("Configuration file unavailable") 27 | exit(1) 28 | -------------------------------------------------------------------------------- /example-taskruns/create-github-release-taskrun.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: TaskRun 3 | metadata: 4 | name: issue-release-run 5 | spec: 6 | taskRef: 7 | name: create-github-release 8 | params: 9 | - name: git_organization 10 | value: "Gregory-Pereira" 11 | - name: git_repository 12 | value: "image-to-text" 13 | - name: git_tag 14 | value: "v1.1" 15 | - name: git_ref 16 | value: "" 17 | - name: git_release_title 18 | value: "sample release title" 19 | - name: git_release_body 20 | value: "this is a sample body" 21 | - name: git_prerelase_boolean 22 | value: "false" 23 | - name: git_draft_release_boolean 24 | value: "false" 25 | - name: git_user 26 | value: "Gregory-Pereira" 27 | -------------------------------------------------------------------------------- /conditions/config-check.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1alpha1 2 | kind: Condition 3 | metadata: 4 | name: config-check 5 | spec: 6 | params: 7 | - name: event 8 | type: string 9 | resources: 10 | - name: repo 11 | type: git 12 | check: 13 | image: quay.io/thoth-station/s2i-thoth-ubi8-py36:v0.14.3 14 | workingDir: /workspace/repo 15 | script: | 16 | #!/usr/libexec/platform-python 17 | import yaml 18 | import os 19 | 20 | if os.path.isfile('.aicoe-ci.yaml'): 21 | with open(".aicoe-ci.yaml", "r") as stream: 22 | conf = yaml.safe_load(stream) 23 | 24 | if "$(params.event)" in conf.get("check"): 25 | exit(0) 26 | else: 27 | exit(1) 28 | else: 29 | print("Configuration file unavailable") 30 | exit(1) 31 | -------------------------------------------------------------------------------- /aicoe/aicoe-ci/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # aicoe-ci 3 | # Copyright(C) 2020 4 | # 5 | # This program is free software: you can redistribute it and / or modify 6 | # it under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation, either version 3 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program. If not, see . 17 | 18 | """AICoE-CI.""" 19 | 20 | 21 | __name__ = "aicoe-ci" 22 | __version__ = "1.1.0" 23 | -------------------------------------------------------------------------------- /conditions/upload-pulp-pypi-check.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1alpha1 2 | kind: Condition 3 | metadata: 4 | name: upload-pulp-pypi-check 5 | spec: 6 | resources: 7 | - name: repo 8 | type: git 9 | - name: ubi 10 | type: image 11 | check: 12 | image: quay.io/thoth-station/s2i-thoth-ubi8-py36:v0.14.3 13 | workingDir: /workspace/repo 14 | script: | 15 | #!/usr/libexec/platform-python 16 | import yaml 17 | import os 18 | 19 | if os.path.isfile('.aicoe-ci.yaml'): 20 | with open(".aicoe-ci.yaml", "r") as stream: 21 | conf = yaml.safe_load(stream) 22 | 23 | for r in conf.get("package-upload", []): 24 | if "pulp" == r["instance"]: 25 | exit(0) 26 | exit(1) 27 | else: 28 | print("Configuration file unavailable") 29 | exit(1) 30 | -------------------------------------------------------------------------------- /manifests/overlays/ocp/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | commonLabels: 4 | app.kubernetes.io/name: aicoe-ci 5 | app.kubernetes.io/component: tekton 6 | app.kubernetes.io/version: v1.0.0 7 | app.kubernetes.io/managed-by: aicoe-thoth-devops 8 | resources: 9 | - ../../../conditions 10 | - ../../../tasks 11 | - ../../../pipeline 12 | - ../../../trigger 13 | - ../../../triggertemplate 14 | - binding.yaml 15 | - role.yaml 16 | - serviceaccount.yaml 17 | - thoth-notification.yaml 18 | - ultrahook.yaml 19 | - cleanup-cronjob.yaml 20 | - configmap.yaml 21 | generators: 22 | - secret-generator.yaml 23 | patches: 24 | - path: put-into-infra-namespace.yaml 25 | target: 26 | group: batch 27 | version: v1 28 | kind: Job 29 | annotationSelector: "operation=chat-notification" 30 | -------------------------------------------------------------------------------- /conditions/deploy-comment-check.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1alpha1 2 | kind: Condition 3 | metadata: 4 | name: deploy-comment-check 5 | spec: 6 | params: 7 | - name: pr_comment 8 | type: string 9 | - name: pr_comment_author_association 10 | type: string 11 | resources: 12 | - name: ubi 13 | type: image 14 | check: 15 | image: $(resources.inputs.ubi.url) 16 | securityContext: 17 | privileged: true 18 | script: | 19 | author_association="$(params.pr_comment_author_association)" 20 | if [[ "$author_association" != "OWNER" ]] && [[ "$author_association" != "MEMBER" ]];then 21 | echo "Skipping PR, author is not an OWNER or MEMBER: $author" 22 | exit 1 23 | fi 24 | 25 | if [[ "$(params.pr_comment)" == "/deploy"* ]];then 26 | exit 0 27 | else 28 | exit 1 29 | fi 30 | -------------------------------------------------------------------------------- /conditions/overlays-set.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1alpha1 2 | kind: Condition 3 | metadata: 4 | name: overlays-set 5 | spec: 6 | resources: 7 | - name: repo 8 | type: git 9 | - name: ubi 10 | type: image 11 | check: 12 | image: quay.io/thoth-station/s2i-thoth-ubi8-py36:v0.14.3 13 | workingDir: /workspace/repo 14 | script: | 15 | #!/usr/libexec/platform-python 16 | import yaml 17 | import os 18 | 19 | if os.path.isfile('.aicoe-ci.yaml'): 20 | print("Configuration file available") 21 | with open(".aicoe-ci.yaml", "r") as stream: 22 | conf = yaml.safe_load(stream) 23 | 24 | if "overlays-build" in conf.get("check"): 25 | exit(1) 26 | else: 27 | exit(0) 28 | else: 29 | print("Configuration file unavailable") 30 | exit(1) 31 | -------------------------------------------------------------------------------- /conditions/retest-comment-check.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1alpha1 2 | kind: Condition 3 | metadata: 4 | name: retest-comment-check 5 | spec: 6 | params: 7 | - name: pr_comment 8 | type: string 9 | - name: pr_comment_author_association 10 | type: string 11 | resources: 12 | - name: ubi 13 | type: image 14 | check: 15 | image: $(resources.inputs.ubi.url) 16 | securityContext: 17 | privileged: true 18 | script: | 19 | author="$(params.pr_comment_author_association)" 20 | if [ "$author" == "NONE" -o "$author" == "FIRST_TIMER" ]; then 21 | echo "Skipping PR, author association is not an valid: $author" 22 | exit 1 23 | fi 24 | 25 | if [ "$(params.pr_comment)" == "/retest" -o "$(params.pr_comment)" == "DEFAULT" ]; then 26 | exit 0 27 | else 28 | exit 1 29 | fi 30 | -------------------------------------------------------------------------------- /docs/adr/0001-use-gpl3-as-license.md: -------------------------------------------------------------------------------- 1 | # Use GNU GPL as license 2 | 3 | Everything needs to be licensed, otherwise the default copyright laws apply. 4 | For instance, in Germany that means users may not alter anything without explicitly asking for permission. 5 | For more information see . 6 | 7 | We want to have all source code related to Project Thoth to be used without any hassle and as free as possible, so that 8 | users can just [execute and enjoy the four freedoms](https://fsfe.org/freesoftware/freesoftware.en.html). 9 | 10 | ## Considered Options 11 | 12 | * No license 13 | * [CC0](https://creativecommons.org/share-your-work/public-domain/cc0/) 14 | * [GNU GPL](http://www.gnu.org/licenses/gpl-3.0.en.html) 15 | 16 | ## Decision Outcome 17 | 18 | Chosen option: "GNU GPL", because this license supports a strong copyleft model. 19 | -------------------------------------------------------------------------------- /conditions/overlays-pipeline-check.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1alpha1 2 | kind: Condition 3 | metadata: 4 | name: overlays-pipeline-check 5 | spec: 6 | resources: 7 | - name: repo 8 | type: git 9 | - name: ubi 10 | type: image 11 | check: 12 | image: quay.io/thoth-station/s2i-thoth-ubi8-py36:v0.14.3 13 | workingDir: /workspace/repo 14 | script: | 15 | #!/usr/libexec/platform-python 16 | import yaml 17 | import os 18 | 19 | if os.path.isfile('.aicoe-ci.yaml'): 20 | print("Configuration file available") 21 | with open(".aicoe-ci.yaml", "r") as stream: 22 | conf = yaml.safe_load(stream) 23 | 24 | if "overlays-build" in conf.get("check"): 25 | exit(0) 26 | else: 27 | exit(1) 28 | else: 29 | print("Configuration file unavailable") 30 | exit(1) 31 | -------------------------------------------------------------------------------- /manifests/overlays/moc/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | commonLabels: 4 | app.kubernetes.io/name: aicoe-ci 5 | app.kubernetes.io/component: tekton 6 | app.kubernetes.io/version: v1.0.0 7 | app.kubernetes.io/managed-by: aicoe-thoth-devops 8 | resources: 9 | - ../../../conditions 10 | - ../../../tasks 11 | - ../../../pipeline 12 | - ../../../trigger 13 | - ../../../triggertemplate 14 | - binding.yaml 15 | - role.yaml 16 | - serviceaccount.yaml 17 | - route.yaml 18 | - cleanup-cronjob.yaml 19 | - tekton-dashboard.yaml 20 | - configmap.yaml 21 | generators: 22 | - secret-generator.yaml 23 | patches: 24 | - path: put-into-infra-namespace.yaml 25 | target: 26 | group: batch 27 | version: v1 28 | kind: Job 29 | annotationSelector: "operation=chat-notification" 30 | patchesStrategicMerge: 31 | - listener.yaml 32 | -------------------------------------------------------------------------------- /setup-instance/instance-secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Secret 3 | apiVersion: v1 4 | metadata: 5 | name: auth-secret 6 | annotations: 7 | tekton.dev/git-0: github.com 8 | data: 9 | ssh-privatekey: 10 | token: 11 | user-email: 12 | user-name: 13 | type: kubernetes.io/ssh-auth 14 | --- 15 | kind: Secret 16 | apiVersion: v1 17 | metadata: 18 | name: github-secret 19 | data: 20 | webhooksecret: 21 | type: Opaque 22 | --- 23 | kind: Secret 24 | apiVersion: v1 25 | metadata: 26 | name: pypi-secret 27 | data: 28 | password: 29 | username: 30 | type: kubernetes.io/basic-auth 31 | --- 32 | apiVersion: v1 33 | kind: Secret 34 | metadata: 35 | name: quay-pusher-secret 36 | data: 37 | .dockerconfigjson: <.dockerconfigjson> 38 | type: kubernetes.io/dockerconfigjson 39 | -------------------------------------------------------------------------------- /tasks/gather-metrics-discover-route.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: discover-route 5 | labels: 6 | app: aicoe-ci 7 | spec: 8 | params: 9 | - name: pr_number 10 | description: Pull request ID. 11 | - name: pr_repo 12 | description: The git repository pr was raised to. 13 | - name: overlay_name 14 | description: Name of the overlay. 15 | results: 16 | - name: route-name 17 | 18 | steps: 19 | - name: store-route-file 20 | image: quay.io/openshift/origin-cli:latest 21 | script: | 22 | oc get route -l discover=$(params.pr_repo)-pr-$(params.pr_number)-$(params.overlay_name) -o json > route.json 23 | cat route.json | python3 -c "import sys, json; print('http://' + str(json.load(sys.stdin)['items'][0]['spec']['host']))" > route_name 24 | cat route_name 25 | echo -n "$(cat route_name)" > $(results.route-name.path) 26 | -------------------------------------------------------------------------------- /conditions/upload-pypi-check.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1alpha1 2 | kind: Condition 3 | metadata: 4 | name: upload-pypi-check 5 | spec: 6 | resources: 7 | - name: repo 8 | type: git 9 | - name: ubi 10 | type: image 11 | check: 12 | image: quay.io/thoth-station/s2i-thoth-ubi8-py36:v0.14.3 13 | workingDir: /workspace/repo 14 | script: | 15 | #!/usr/libexec/platform-python 16 | import yaml 17 | import os 18 | 19 | if os.path.isfile('.aicoe-ci.yaml'): 20 | with open(".aicoe-ci.yaml", "r") as stream: 21 | conf = yaml.safe_load(stream) 22 | 23 | for r in conf.get("package-upload", []): 24 | if "pypi" == r["instance"]: 25 | exit(0) 26 | if "upload-pypi-sesheta" in conf.get("release",[]): 27 | exit(0) 28 | exit(1) 29 | else: 30 | print("Configuration file unavailable") 31 | exit(1) 32 | -------------------------------------------------------------------------------- /trigger/git-issue-comment-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: triggers.tekton.dev/v1alpha1 2 | kind: TriggerBinding 3 | metadata: 4 | name: git-issue-comment-binding 5 | labels: 6 | app: aicoe-ci 7 | spec: 8 | params: 9 | - name: event_action 10 | value: $(body.action) 11 | - name: pr_number 12 | value: $(body.issue.number) 13 | - name: pr_repo 14 | value: $(body.repository.name) 15 | - name: repo_full_name 16 | value: $(body.repository.full_name) 17 | - name: pr_url 18 | value: $(body.issue.html_url) 19 | - name: repo_url 20 | value: $(body.repository.html_url) 21 | - name: ssh_url 22 | value: $(body.repository.ssh_url) 23 | - name: pr_comment 24 | value: $(body.comment.body) 25 | - name: pr_comment_author 26 | value: $(body.comment.user.login) 27 | - name: pr_comment_author_association 28 | value: $(body.comment.author_association) 29 | - name: default_branch 30 | value: $(body.repository.default_branch) 31 | -------------------------------------------------------------------------------- /trigger/z-stream-release-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: triggers.tekton.dev/v1alpha1 2 | kind: TriggerBinding 3 | metadata: 4 | name: z-stream-release-binding 5 | labels: 6 | app: aicoe-ci 7 | spec: 8 | params: 9 | - name: git_ref 10 | value: $(body.ref) 11 | - name: git_ref_type 12 | value: $(body.ref_type) 13 | - name: repo_url 14 | value: $(body.repository.html_url) 15 | - name: default_branch 16 | value: $(body.repository.default_branch) 17 | 18 | - name: opf_repo_url 19 | value: "git@github.com:operate-first/apps.git" 20 | - name: opf_default_branch 21 | value: "master" 22 | - name: opf_repo 23 | value: "apps" 24 | - name: opf_org 25 | value: "operate-first" 26 | 27 | - name: rhods_repo_url 28 | value: "git@github.com:red-hat-data-services/odh-manifests.git" 29 | - name: rhods_default_branch 30 | value: "master" 31 | - name: rhods_repo 32 | value: "odh-manifests" 33 | - name: rhods_org 34 | value: "red-hat-data-services" 35 | -------------------------------------------------------------------------------- /manifests/overlays/moc/binding.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: aicoe-ci-webhook-binding 6 | labels: 7 | app: aicoe-ci 8 | subjects: 9 | - kind: ServiceAccount 10 | name: aicoe-ci-webhook 11 | roleRef: 12 | apiGroup: rbac.authorization.k8s.io 13 | kind: Role 14 | name: aicoe-ci-role 15 | --- 16 | kind: RoleBinding 17 | apiVersion: rbac.authorization.k8s.io/v1 18 | metadata: 19 | name: aicoe-ci-webhook-edit 20 | labels: 21 | app: aicoe-ci 22 | subjects: 23 | - kind: ServiceAccount 24 | name: aicoe-ci-webhook 25 | roleRef: 26 | apiGroup: rbac.authorization.k8s.io 27 | kind: ClusterRole 28 | name: edit 29 | --- 30 | kind: RoleBinding 31 | apiVersion: rbac.authorization.k8s.io/v1 32 | metadata: 33 | name: aicoe-ci-edit 34 | labels: 35 | app: aicoe-ci 36 | subjects: 37 | - kind: ServiceAccount 38 | name: aicoe-ci 39 | roleRef: 40 | apiGroup: rbac.authorization.k8s.io 41 | kind: ClusterRole 42 | name: edit 43 | -------------------------------------------------------------------------------- /manifests/overlays/ocp/binding.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: aicoe-ci-webhook-binding 6 | labels: 7 | app: aicoe-ci 8 | subjects: 9 | - kind: ServiceAccount 10 | name: aicoe-ci-webhook 11 | roleRef: 12 | apiGroup: rbac.authorization.k8s.io 13 | kind: Role 14 | name: aicoe-ci-role 15 | --- 16 | kind: RoleBinding 17 | apiVersion: rbac.authorization.k8s.io/v1 18 | metadata: 19 | name: aicoe-ci-webhook-edit 20 | labels: 21 | app: aicoe-ci 22 | subjects: 23 | - kind: ServiceAccount 24 | name: aicoe-ci-webhook 25 | roleRef: 26 | apiGroup: rbac.authorization.k8s.io 27 | kind: ClusterRole 28 | name: edit 29 | --- 30 | kind: RoleBinding 31 | apiVersion: rbac.authorization.k8s.io/v1 32 | metadata: 33 | name: aicoe-ci-edit 34 | labels: 35 | app: aicoe-ci 36 | subjects: 37 | - kind: ServiceAccount 38 | name: aicoe-ci 39 | roleRef: 40 | apiGroup: rbac.authorization.k8s.io 41 | kind: ClusterRole 42 | name: edit 43 | -------------------------------------------------------------------------------- /trigger/onboarding-issue-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: triggers.tekton.dev/v1alpha1 2 | kind: TriggerBinding 3 | metadata: 4 | name: onboarding-issue-binding 5 | spec: 6 | params: 7 | - name: event_action 8 | value: $(body.action) 9 | - name: issue_number 10 | value: $(body.issue.number) 11 | - name: issue_state 12 | value: $(body.issue.state) 13 | - name: issue_title 14 | value: $(body.issue.title) 15 | - name: issue_body 16 | value: $(body.issue.body) 17 | - name: issue_author_association 18 | value: $(body.issue.author_association) 19 | - name: issue_author 20 | value: $(body.issue.user.login) 21 | - name: repo_name 22 | value: $(body.repository.name) 23 | - name: repo_full_name 24 | value: $(body.repository.full_name) 25 | - name: repo_url 26 | value: $(body.repository.html_url) 27 | - name: ssh_url 28 | value: $(body.repository.ssh_url) 29 | - name: default_branch 30 | value: $(body.repository.default_branch) 31 | -------------------------------------------------------------------------------- /trigger/git-issue-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: triggers.tekton.dev/v1alpha1 2 | kind: TriggerBinding 3 | metadata: 4 | name: git-issue-binding 5 | labels: 6 | app: aicoe-ci 7 | spec: 8 | params: 9 | - name: event_action 10 | value: $(body.action) 11 | - name: issue_number 12 | value: $(body.issue.number) 13 | - name: issue_state 14 | value: $(body.issue.state) 15 | - name: issue_title 16 | value: $(body.issue.title) 17 | - name: issue_body 18 | value: $(body.issue.body) 19 | - name: issue_author_association 20 | value: $(body.issue.author_association) 21 | - name: issue_author 22 | value: $(body.issue.user.login) 23 | - name: repo_name 24 | value: $(body.repository.name) 25 | - name: repo_full_name 26 | value: $(body.repository.full_name) 27 | - name: repo_url 28 | value: $(body.repository.html_url) 29 | - name: ssh_url 30 | value: $(body.repository.ssh_url) 31 | - name: default_branch 32 | value: $(body.repository.default_branch) 33 | -------------------------------------------------------------------------------- /docs/.aicoe-ci.yaml: -------------------------------------------------------------------------------- 1 | # Setup and configuring aicoe-ci with configuration file `.aicoe-ci.yaml` 2 | check: 3 | - thoth-pytest 4 | - thoth-precommit 5 | - thoth-build 6 | - thoth-custom-build 7 | release: 8 | - upload-pypi-sesheta 9 | build: 10 | base-image: registry.access.redhat.com/ubi8/ubi:latest 11 | build-stratergy: Dockerfile # Allowed values: Source, Dockerfile, Containerfile (default: Source) 12 | dockerfile-path: Dockerfile 13 | custom_tag: latest # custom tag to be push to registry 14 | registry: quay.io # Imgage registry to be used. (default: quay.io) 15 | registry-org: thoth-station # Organization to be used in Image Registry. (default: thoth-station) 16 | registry-project: example # Project Repository in Image Registry to be used to push image. 17 | registry-secret: thoth-station-thoth-pusher-secret # pre-exists in ci 18 | deploy: 19 | project-org: thoth-station # Organization on Github contianing the Repository.. 20 | project-name: thoth-application # Repository on Github containing the kustomize manifests. 21 | overlay-contextpath: example/overlays/test/imagestreamtag.yaml # Imagestream manifest where tag is to be updated. 22 | -------------------------------------------------------------------------------- /pipeline/z-stream-release-pipeline.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tekton.dev/v1beta1 3 | kind: Pipeline 4 | metadata: 5 | name: z-stream-release-pipeline 6 | labels: 7 | app: aicoe-ci 8 | spec: 9 | params: 10 | - name: git_ref 11 | type: string 12 | - name: opf_org 13 | type: string 14 | - name: opf_repo 15 | type: string 16 | - name: opf_repo_url 17 | type: string 18 | - name: opf_default_branch 19 | type: string 20 | resources: 21 | - name: s2i-thoth 22 | type: image 23 | - name: ubi 24 | type: image 25 | 26 | tasks: 27 | - name: z-stream-release-run 28 | taskRef: 29 | name: z-stream-release 30 | params: 31 | - name: git_ref 32 | value: $(params.git_ref) 33 | - name: opf_org 34 | value: $(params.opf_org) 35 | - name: opf_repo 36 | value: $(params.opf_repo) 37 | - name: opf_repo_url 38 | value: $(params.opf_repo_url) 39 | - name: opf_default_branch 40 | value: $(params.opf_default_branch) 41 | resources: 42 | inputs: 43 | - name: s2i-thoth 44 | resource: s2i-thoth 45 | -------------------------------------------------------------------------------- /manifests/overlays/moc/openshift-pipeline-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Role 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: aicoe-ci-op-role 6 | rules: 7 | - verbs: 8 | - get 9 | - list 10 | - create 11 | - watch 12 | - patch 13 | apiGroups: 14 | - '' 15 | resources: 16 | - pods 17 | - verbs: 18 | - get 19 | - list 20 | - watch 21 | apiGroups: 22 | - '' 23 | resources: 24 | - secrets 25 | - limitranges 26 | - serviceaccounts 27 | --- 28 | kind: RoleBinding 29 | apiVersion: rbac.authorization.k8s.io/v1 30 | metadata: 31 | name: aicoe-ci-op-rolebinding 32 | roleRef: 33 | apiGroup: rbac.authorization.k8s.io 34 | kind: Role 35 | name: aicoe-ci-op-role 36 | subjects: 37 | - kind: ServiceAccount 38 | name: tekton-pipelines-controller 39 | namespace: openshift-pipelines 40 | --- 41 | kind: RoleBinding 42 | apiVersion: rbac.authorization.k8s.io/v1 43 | metadata: 44 | name: aicoe-ci-tp-rolebinding 45 | roleRef: 46 | apiGroup: rbac.authorization.k8s.io 47 | kind: Role 48 | name: aicoe-ci-op-role 49 | subjects: 50 | - kind: ServiceAccount 51 | name: tekton-pipelines-controller 52 | namespace: tekton-pipelines 53 | -------------------------------------------------------------------------------- /manifests/overlays/moc/cleanup-cronjob.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: batch/v1beta1 3 | kind: CronJob 4 | metadata: 5 | name: cleanup-pipeline 6 | labels: 7 | component: cleanup 8 | spec: 9 | schedule: "0 */3 * * *" 10 | successfulJobsHistoryLimit: 1 11 | failedJobsHistoryLimit: 1 12 | concurrencyPolicy: Forbid 13 | startingDeadlineSeconds: null 14 | jobTemplate: 15 | spec: 16 | template: 17 | metadata: 18 | name: cleanup-pipeline 19 | labels: 20 | component: cleanup 21 | spec: 22 | serviceAccountName: "aicoe-ci" 23 | containers: 24 | - name: cleanup 25 | image: "quay.io/harshad16/cleanup-pipelineruns:latest" 26 | env: 27 | - name: THOTH_LOG_CLEANUP_JOB 28 | value: "INFO" 29 | - name: THOTH_CLEANUP_NAMESPACE 30 | value: "opf-ci-pipelines" 31 | resources: 32 | requests: 33 | memory: "512Mi" 34 | cpu: "500m" 35 | limits: 36 | memory: "512Mi" 37 | cpu: "500m" 38 | livenessProbe: 39 | failureThreshold: 1 40 | initialDelaySeconds: 1800 41 | periodSeconds: 10 42 | tcpSocket: 43 | port: 80 44 | restartPolicy: OnFailure 45 | -------------------------------------------------------------------------------- /tasks/upload-pypi.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: upload-pypi 5 | labels: 6 | app: aicoe-ci 7 | spec: 8 | params: 9 | - name: git_ref 10 | description: Git reference value. 11 | resources: 12 | inputs: 13 | - name: s2i-thoth 14 | type: image 15 | - name: repo 16 | type: git 17 | 18 | steps: 19 | - name: git-init-op 20 | image: $(resources.inputs.s2i-thoth.url) 21 | workingDir: /workspace/repo 22 | securityContext: 23 | privileged: true 24 | script: | 25 | git fetch origin --tags 26 | git checkout tags/$(params.git_ref) -b workbranch 27 | 28 | - name: build-package 29 | image: quay.io/thoth-station/twine:latest 30 | workingDir: /workspace/repo 31 | securityContext: 32 | privileged: true 33 | script: | 34 | python -m build --sdist --wheel 35 | 36 | - name: upload-package 37 | image: quay.io/thoth-station/twine:latest 38 | workingDir: /workspace/repo 39 | env: 40 | - name: TWINE_USERNAME 41 | valueFrom: 42 | secretKeyRef: 43 | name: pypi-secret 44 | key: username 45 | - name: TWINE_PASSWORD 46 | valueFrom: 47 | secretKeyRef: 48 | name: pypi-secret 49 | key: password 50 | script: | 51 | twine upload dist/* 52 | -------------------------------------------------------------------------------- /setup-instance/ultrahook.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: image.openshift.io/v1 3 | kind: ImageStream 4 | metadata: 5 | name: ultrahook 6 | spec: 7 | lookupPolicy: 8 | local: true 9 | tags: 10 | - name: latest 11 | from: 12 | kind: DockerImage 13 | name: quay.io/thoth-station/ultrahook:v0.1.0 14 | importPolicy: {} 15 | referencePolicy: 16 | type: Local 17 | --- 18 | apiVersion: apps.openshift.io/v1 19 | kind: DeploymentConfig 20 | metadata: 21 | name: ultrahook-aicoe-ci 22 | spec: 23 | replicas: 1 24 | selector: 25 | instance: ultrahook-aicoe-ci 26 | strategy: 27 | type: Recreate 28 | template: 29 | metadata: 30 | labels: 31 | instance: ultrahook-aicoe-ci 32 | spec: 33 | containers: 34 | - env: 35 | - name: ULTRAHOOK_API_KEY 36 | valueFrom: 37 | secretKeyRef: 38 | key: api.key 39 | name: ultrahook 40 | - name: ULTRAHOOK_SUBDOMAIN 41 | value: sample-ci-app 42 | - name: ULTRAHOOK_DESTINATION 43 | value: 44 | image: ultrahook 45 | imagePullPolicy: Always 46 | name: ultrahook-aicoe-ci 47 | ports: 48 | - containerPort: 8080 49 | protocol: TCP 50 | resources: 51 | limits: 52 | memory: 50Mi 53 | test: false 54 | -------------------------------------------------------------------------------- /pipeline/z-stream-update-rhods.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tekton.dev/v1beta1 3 | kind: Pipeline 4 | metadata: 5 | name: z-stream-update-rhods 6 | labels: 7 | app: aicoe-ci 8 | spec: 9 | params: 10 | - name: git_ref 11 | type: string 12 | - name: repo_url 13 | type: string 14 | - name: default_branch 15 | type: string 16 | - name: rhods_org 17 | type: string 18 | - name: rhods_repo 19 | type: string 20 | - name: rhods_repo_url 21 | type: string 22 | - name: rhods_default_branch 23 | type: string 24 | resources: 25 | - name: s2i-thoth 26 | type: image 27 | - name: ubi 28 | type: image 29 | 30 | tasks: 31 | - name: z-stream-update-rhods-run 32 | taskRef: 33 | name: z-stream-update-rhods 34 | params: 35 | - name: git_ref 36 | value: $(params.git_ref) 37 | - name: repo_url 38 | value: $(params.repo_url) 39 | - name: default_branch 40 | value: $(params.default_branch) 41 | - name: rhods_org 42 | value: $(params.rhods_org) 43 | - name: rhods_repo 44 | value: $(params.rhods_repo) 45 | - name: rhods_repo_url 46 | value: $(params.rhods_repo_url) 47 | - name: rhods_default_branch 48 | value: $(params.rhods_default_branch) 49 | resources: 50 | inputs: 51 | - name: s2i-thoth 52 | resource: s2i-thoth 53 | -------------------------------------------------------------------------------- /manifests/overlays/ocp/ultrahook.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: image.openshift.io/v1 3 | kind: ImageStream 4 | metadata: 5 | name: ultrahook 6 | spec: 7 | lookupPolicy: 8 | local: true 9 | tags: 10 | - name: latest 11 | from: 12 | kind: DockerImage 13 | name: quay.io/thoth-station/ultrahook:v0.1.0 14 | importPolicy: {} 15 | referencePolicy: 16 | type: Local 17 | --- 18 | apiVersion: apps.openshift.io/v1 19 | kind: DeploymentConfig 20 | metadata: 21 | name: ultrahook-aicoe-ci 22 | spec: 23 | replicas: 1 24 | selector: 25 | instance: ultrahook-aicoe-ci 26 | strategy: 27 | type: Recreate 28 | template: 29 | metadata: 30 | labels: 31 | instance: ultrahook-aicoe-ci 32 | spec: 33 | containers: 34 | - env: 35 | - name: ULTRAHOOK_API_KEY 36 | valueFrom: 37 | secretKeyRef: 38 | key: api.key 39 | name: ultrahook 40 | - name: ULTRAHOOK_SUBDOMAIN 41 | value: aicoe-ci-prod 42 | - name: ULTRAHOOK_DESTINATION 43 | value: http://el-aicoe-ci-listener.aicoe-infra-prod.svc:8080 44 | image: ultrahook 45 | imagePullPolicy: Always 46 | name: ultrahook-aicoe-ci 47 | ports: 48 | - containerPort: 8080 49 | protocol: TCP 50 | resources: 51 | limits: 52 | memory: 50Mi 53 | test: false 54 | -------------------------------------------------------------------------------- /docs/adr/0000-use-markdown-architectural-decision-records.md: -------------------------------------------------------------------------------- 1 | # Use Markdown Architectural Decision Records 2 | 3 | ## Context and Problem Statement 4 | 5 | We want to record architectural decisions made in Project Thoth. Which format and structure should these records follow? 6 | 7 | ## Considered Options 8 | 9 | * [MADR](https://adr.github.io/madr/) 2.1.2 – The Markdown Architectural Decision Records 10 | * [Michael Nygard's template](http://thinkrelevance.com/blog/2011/11/15/documenting-architecture-decisions) – The first incarnation of the term "ADR" 11 | * [Sustainable Architectural Decisions](https://www.infoq.com/articles/sustainable-architectural-design-decisions) – The Y-Statements 12 | * Other templates listed at [https://github.com/joelparkerhenderson/architecture\_decision\_record](https://github.com/joelparkerhenderson/architecture_decision_record) 13 | * Formless – No conventions for file format and structure 14 | 15 | ## Decision Outcome 16 | 17 | Chosen option: "MADR 2.1.2", because 18 | 19 | * Implicit assumptions should be made explicit. 20 | 21 | Design documentation is important to enable people understanding the decisions later on. 22 | 23 | See also [A rational design process: How and why to fake it](https://doi.org/10.1109/TSE.1986.6312940). 24 | 25 | * The MADR format is lean and fits our development style. 26 | * The MADR structure is comprehensible and facilitates usage & maintenance. 27 | * The MADR project is vivid. 28 | * Version 2.1.2 is the latest one available when starting to document ADRs. 29 | -------------------------------------------------------------------------------- /tasks/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - base-image-update.yaml 5 | - configuration-task.yaml 6 | - create-github-release.yaml 7 | - custom-pipeline.yaml 8 | - gather-and-process-metrics.yaml 9 | - gather-metrics-check-inputs.yaml 10 | - gather-metrics-clean-task.yaml 11 | - gather-metrics-configuration.yaml 12 | - gather-metrics-deploy-manifests.yaml 13 | - gather-metrics-discover-route.yaml 14 | - gather-metrics-pipeline-creation-task.yaml 15 | - gather-metrics-pipeline-watch-task.yaml 16 | - gather-metrics-provide-task.yaml 17 | - github-release.yaml 18 | - init-task.yaml 19 | - issue-deploy-task.yaml 20 | - issue-pypi-release-task.yaml 21 | - issue-pulp-pypi-release-task.yaml 22 | - issue-release-task.yaml 23 | - onboarding-issue-task.yaml 24 | - overlay-build-task.yaml 25 | - overlay-deploy-task.yaml 26 | - overlays-pipeline.yaml 27 | - pr-build-release.yaml 28 | - pr-build.yaml 29 | - pr-config.yaml 30 | - pr-merge.yaml 31 | - pre-commit-check.yaml 32 | - pre-commit-py38-check.yaml 33 | - pytest-checks.yaml 34 | - pytest-py38-checks.yaml 35 | - repo-upstream-sync.yaml 36 | - resource.yaml 37 | - status-task.yaml 38 | - tag-build.yaml 39 | - tag-check.yaml 40 | - tag-deploy-task.yaml 41 | - tag-release-task.yaml 42 | - tag-sibling.yaml 43 | - tox-checks.yaml 44 | - upload-pulp-pypi.yaml 45 | - upload-pypi.yaml 46 | - z-stream-release-task.yaml 47 | - z-stream-update-rhods-task.yaml 48 | -------------------------------------------------------------------------------- /tasks/pr-merge.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: pr-merge 5 | spec: 6 | resources: 7 | inputs: 8 | - name: ubi 9 | type: image 10 | - name: pr 11 | type: pullRequest 12 | steps: 13 | - name: merge-pr 14 | env: 15 | - name: GITHUBTOKEN 16 | valueFrom: 17 | secretKeyRef: 18 | name: auth-secret 19 | key: token 20 | image: $(resources.inputs.ubi.url) 21 | script: | 22 | #!/usr/libexec/platform-python 23 | import json 24 | import os 25 | import http.client 26 | 27 | with open("/workspace/pr/pr.json") as f: 28 | PR_INFO = json.load(f) 29 | 30 | status_url = "/repos/{}/pulls/{}/merge".format(PR_INFO["Base"]["Repo"]["FullName"], PR_INFO["Number"]) 31 | data = { 32 | "sha": PR_INFO["Head"]["Sha"], 33 | "merge_method": "merge" 34 | } 35 | 36 | conn = http.client.HTTPSConnection("api.github.com") 37 | r = conn.request( 38 | "PUT", 39 | status_url, 40 | body=json.dumps(data), 41 | headers={ 42 | "User-Agent": "aicoe-ci", 43 | "Authorization": "Bearer " + os.environ["GITHUBTOKEN"], 44 | }) 45 | resp = conn.getresponse() 46 | if not str(resp.status).startswith("2"): 47 | print("Error: %d" % (resp.status)) 48 | print(resp.read()) 49 | else: 50 | print(resp.read()) 51 | -------------------------------------------------------------------------------- /tasks/example-issue.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: example-issue 5 | spec: 6 | params: 7 | # issue params 8 | - name: event_action 9 | description: Action of Issue. 10 | - name: issue_number 11 | description: Issue number. 12 | - name: issue_state 13 | description: State of the Issue. 14 | - name: issue_title 15 | description: Title of the Issue. 16 | - name: issue_body 17 | description: Body of the Issue. 18 | - name: issue_author_association 19 | description: Author association of the Issue. 20 | - name: issue_author 21 | description: Author of the Issue. 22 | - name: repo_name 23 | description: The git repository issue was raised in. 24 | - name: repo_full_name 25 | description: The git repository full name. 26 | - name: repo_url 27 | description: The git repository url 28 | resources: 29 | inputs: 30 | - name: s2i-thoth 31 | type: image 32 | - name: repo 33 | type: git 34 | - name: ubi 35 | type: image 36 | 37 | steps: 38 | - name: check-ops 39 | image: $(resources.inputs.s2i-thoth.url) 40 | securityContext: 41 | privileged: true 42 | script: | 43 | echo "$(params.event_action)" 44 | echo "$(params.issue_number)" 45 | echo "$(params.issue_state)" 46 | echo "$(params.issue_title)" 47 | echo "$(params.issue_body)" 48 | echo "$(params.issue_author_association)" 49 | echo "$(params.issue_author)" 50 | echo "$(params.repo_name)" 51 | echo "$(params.repo_full_name)" 52 | echo "$(params.repo_url)" 53 | -------------------------------------------------------------------------------- /manifests/overlays/ocp/cleanup-cronjob.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: image.openshift.io/v1 3 | kind: ImageStream 4 | metadata: 5 | name: cleanup-pipeline 6 | spec: 7 | lookupPolicy: 8 | local: true 9 | tags: 10 | - name: latest 11 | from: 12 | kind: DockerImage 13 | name: quay.io/harshad16/cleanup-pipelineruns:latest 14 | importPolicy: {} 15 | referencePolicy: 16 | type: Local 17 | --- 18 | apiVersion: batch/v1beta1 19 | kind: CronJob 20 | metadata: 21 | name: cleanup-pipeline 22 | labels: 23 | component: cleanup 24 | spec: 25 | schedule: "0 */1 * * *" 26 | successfulJobsHistoryLimit: 1 27 | failedJobsHistoryLimit: 1 28 | concurrencyPolicy: Forbid 29 | startingDeadlineSeconds: null 30 | jobTemplate: 31 | spec: 32 | template: 33 | metadata: 34 | name: cleanup-pipeline 35 | labels: 36 | component: cleanup 37 | spec: 38 | serviceAccountName: "aicoe-ci" 39 | containers: 40 | - name: cleanup 41 | image: "cleanup-pipeline:latest" 42 | env: 43 | - name: THOTH_LOG_CLEANUP_JOB 44 | value: "INFO" 45 | - name: THOTH_CLEANUP_NAMESPACE 46 | value: "aicoe-infra-prod" 47 | resources: 48 | requests: 49 | memory: "512Mi" 50 | cpu: "500m" 51 | limits: 52 | memory: "512Mi" 53 | cpu: "500m" 54 | livenessProbe: 55 | failureThreshold: 1 56 | initialDelaySeconds: 1800 57 | periodSeconds: 10 58 | tcpSocket: 59 | port: 80 60 | restartPolicy: OnFailure 61 | -------------------------------------------------------------------------------- /kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | commonLabels: 4 | app.kubernetes.io/name: aicoe-ci 5 | app.kubernetes.io/component: tekton 6 | app.kubernetes.io/version: v1.0.0 7 | app.kubernetes.io/managed-by: aicoe-thoth-devops 8 | resources: 9 | - conditions/action-check.yaml 10 | - conditions/config-check.yaml 11 | - conditions/custom-pipeline-check.yaml 12 | - conditions/deploy-comment-check.yaml 13 | - conditions/deployment-check.yaml 14 | - conditions/issue-check.yaml 15 | - conditions/retest-comment-check.yaml 16 | - conditions/sibling-check.yaml 17 | - conditions/upload-pypi-check.yaml 18 | - tasks/configuration-task.yaml 19 | - tasks/custom-pipeline.yaml 20 | - tasks/init-task.yaml 21 | - tasks/issue-pypi-release-task.yaml 22 | - tasks/issue-release-task.yaml 23 | - tasks/pr-build-release.yaml 24 | - tasks/pr-build.yaml 25 | - tasks/pr-config.yaml 26 | - tasks/pr-merge.yaml 27 | - tasks/pre-commit-check.yaml 28 | - tasks/pre-commit-py38-check.yaml 29 | - tasks/pytest-checks.yaml 30 | - tasks/pytest-py38-checks.yaml 31 | - tasks/repo-upstream-sync.yaml 32 | - tasks/resource.yaml 33 | - tasks/status-task.yaml 34 | - tasks/tag-build.yaml 35 | - tasks/tag-check.yaml 36 | - tasks/tag-deploy-task.yaml 37 | - tasks/tag-release-task.yaml 38 | - tasks/tag-sibling.yaml 39 | - tasks/tox-checks.yaml 40 | - tasks/upload-pypi.yaml 41 | - pipeline/issue-pipeline.yaml 42 | - pipeline/pull-request-pipeline.yaml 43 | - pipeline/tag-release-pipeline.yaml 44 | - trigger/eventlistener.yaml 45 | - trigger/git-issue-comment-binding.yaml 46 | - trigger/git-issue-binding.yaml 47 | - trigger/git-pr-binding.yaml 48 | - trigger/git-tag-binding.yaml 49 | - trigger/webhook-tag-binding.yaml 50 | - triggertemplate/git-issue-template.yaml 51 | - triggertemplate/git-pr-template.yaml 52 | - triggertemplate/git-tag-template.yaml 53 | -------------------------------------------------------------------------------- /tasks/upload-pulp-pypi.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: upload-pulp-pypi 5 | labels: 6 | app: aicoe-ci 7 | spec: 8 | params: 9 | - name: git_ref 10 | description: Git reference value. 11 | - name: allow-sdist 12 | description: Allow source distribution to be generated and uploaded. 13 | - name: allow-bdist 14 | description: Allow build wheels to be generated and uploaded. 15 | - name: pulp-index 16 | description: pulp index repository to upload packages. 17 | resources: 18 | inputs: 19 | - name: s2i-thoth 20 | type: image 21 | - name: repo 22 | type: git 23 | 24 | steps: 25 | - name: git-init-op 26 | image: $(resources.inputs.s2i-thoth.url) 27 | workingDir: /workspace/repo 28 | securityContext: 29 | privileged: true 30 | script: | 31 | git fetch origin --tags 32 | git checkout tags/$(params.git_ref) -b workbranch 33 | 34 | - name: build-package 35 | image: quay.io/thoth-station/twine:latest 36 | workingDir: /workspace/repo 37 | securityContext: 38 | privileged: true 39 | script: | 40 | if [ "$(params.allow-sdist)" = "True" ]; then 41 | python setup.py sdist 42 | fi 43 | if [ "$(params.allow-bdist)" = "True" ]; then 44 | python setup.py bdist_wheel 45 | fi 46 | 47 | - name: upload-package 48 | image: quay.io/thoth-station/twine:latest 49 | workingDir: /workspace/repo 50 | env: 51 | - name: TWINE_USERNAME 52 | valueFrom: 53 | secretKeyRef: 54 | name: pulp-pypi-secret 55 | key: username 56 | - name: TWINE_PASSWORD 57 | valueFrom: 58 | secretKeyRef: 59 | name: pulp-pypi-secret 60 | key: password 61 | script: | 62 | twine upload dist/* --repository-url="https://pulp.operate-first.cloud/pypi/$(params.pulp-index)/simple/" 63 | -------------------------------------------------------------------------------- /tasks/gather-metrics-deploy-manifests.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: manifests-deploy 5 | spec: 6 | params: 7 | - name: pr_number 8 | description: Pull Request Number. 9 | - name: deployment_image_url 10 | description: Image to pull for deployment. 11 | - name: overlay_name 12 | description: Overlay name of the deployment. 13 | resources: 14 | inputs: 15 | - name: thoth-ops 16 | type: image 17 | - name: pipeline-helpers 18 | type: image 19 | - name: s2i-thoth 20 | type: image 21 | - name: repo 22 | type: git 23 | - name: pr 24 | type: pullRequest 25 | 26 | steps: 27 | - name: git-checkout-pr-number 28 | image: $(resources.inputs.s2i-thoth.url) 29 | workingDir: /workspace/repo 30 | securityContext: 31 | privileged: true 32 | script: | 33 | git fetch origin pull/$(params.pr_number)/head:workbranch 34 | git checkout workbranch 35 | 36 | - name: customize-manifests 37 | image: $(resources.inputs.pipeline-helpers.url) 38 | workingDir: /workspace/repo 39 | securityContext: 40 | privileged: true 41 | script: | 42 | python3 /opt/app-root/src/customize_object_deployments.py 43 | env: 44 | - name: PIPELINE_HELPERS_IMAGE_URL_DEPLOYMENT 45 | value: $(params.deployment_image_url) 46 | - name: PIPELINE_HELPERS_OVERLAY_NAME 47 | value: $(params.overlay_name) 48 | 49 | - name: deploy-manifests 50 | image: $(resources.inputs.thoth-ops.url) 51 | workingDir: /workspace/repo 52 | securityContext: 53 | privileged: true 54 | script: | 55 | cat customized_service.yaml 56 | oc apply -f customized_service.yaml 57 | cat customized_route.yaml 58 | oc apply -f customized_route.yaml 59 | cat customized_deploymentconfig.yaml 60 | oc apply -f customized_deploymentconfig.yaml 61 | -------------------------------------------------------------------------------- /tasks/example-pr-checks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: example-pr-checks 5 | labels: 6 | app: aicoe-ci 7 | spec: 8 | params: 9 | - name: pr_number 10 | type: string 11 | resources: 12 | inputs: 13 | - name: s2i-thoth 14 | type: image 15 | - name: pr 16 | type: pullRequest 17 | - name: repo 18 | type: git 19 | 20 | steps: 21 | - name: items-check 22 | image: quay.io/thoth-station/s2i-thoth-ubi8-py36:latest # use $(resources.inputs.s2i-thoth.url) in ocp4.x 23 | command: ["/bin/bash"] 24 | args: ['-c', 'ls -al'] 25 | 26 | - name: repo-items-recheck 27 | image: quay.io/thoth-station/s2i-thoth-ubi8-py36:latest # use $(resources.inputs.s2i-thoth.url) in ocp4.x 28 | workingDir: /workspace/repo 29 | command: ["/bin/bash"] 30 | args: ['-c', 'ls -al'] 31 | 32 | - name: output-items-recheck 33 | image: quay.io/thoth-station/s2i-thoth-ubi8-py36:latest # use $(resources.inputs.s2i-thoth.url) in ocp4.x 34 | workingDir: /workspace/output 35 | command: ["/bin/bash"] 36 | args: ['-c', 'ls -al'] 37 | 38 | - name: git-init-op 39 | resources: 40 | limits: 41 | memory: "500Mi" 42 | cpu: "1" 43 | requests: 44 | memory: "500Mi" 45 | cpu: "1" 46 | image: quay.io/thoth-station/s2i-thoth-ubi8-py36:latest # use $(resources.inputs.s2i-thoth.url) in ocp4.x 47 | workingDir: /workspace/repo 48 | securityContext: 49 | privileged: true 50 | command: ["/bin/bash"] 51 | args: 52 | - -c 53 | - | 54 | cp -r /workspace/pr/ /workspace/output/ 55 | git fetch origin pull/$(params.pr_number)/head:workbranch 56 | git checkout workbranch 57 | 58 | - name: repo-items-recheck 59 | image: quay.io/thoth-station/s2i-thoth-ubi8-py36:latest 60 | workingDir: /workspace/repo 61 | command: ["/bin/bash"] 62 | args: 63 | - -c 64 | - ls -al 65 | -------------------------------------------------------------------------------- /pipeline/onboarding-issue-pipeline.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Pipeline 3 | metadata: 4 | name: opf-onboarding-issue-pipeline 5 | spec: 6 | resources: 7 | - name: opf-apps-repo 8 | type: git 9 | - name: opfcli-repo 10 | type: git 11 | params: 12 | - name: issue_body 13 | type: string 14 | - name: pipelinerun_name 15 | type: string 16 | - name: event_action 17 | type: string 18 | - name: issue_number 19 | type: string 20 | - name: issue_state 21 | type: string 22 | - name: issue_title 23 | type: string 24 | - name: issue_author_association 25 | type: string 26 | - name: issue_author 27 | type: string 28 | - name: repo_name 29 | type: string 30 | - name: repo_full_name 31 | type: string 32 | - name: repo_url 33 | type: string 34 | - name: ssh_url 35 | type: string 36 | tasks: 37 | - name: opf-onboarding-issue 38 | taskRef: 39 | name: opf-onboarding-issue 40 | params: 41 | - name: event_action 42 | value: $(params.event_action) 43 | - name: issue_number 44 | value: $(params.issue_number) 45 | - name: issue_state 46 | value: $(params.issue_state) 47 | - name: issue_title 48 | value: $(params.issue_title) 49 | - name: issue_body 50 | value: $(params.issue_body) 51 | - name: issue_author_association 52 | value: $(params.issue_author_association) 53 | - name: issue_author 54 | value: $(params.issue_author) 55 | - name: repo_name 56 | value: $(params.repo_name) 57 | - name: repo_full_name 58 | value: $(params.repo_full_name) 59 | - name: repo_url 60 | value: $(params.repo_url) 61 | - name: ssh_url 62 | value: $(params.ssh_url) 63 | resources: 64 | inputs: 65 | - name: opf-apps 66 | resource: opf-apps-repo 67 | - name: opfcli 68 | resource: opfcli-repo 69 | -------------------------------------------------------------------------------- /tasks/resource.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tekton.dev/v1alpha1 3 | kind: PipelineResource 4 | metadata: 5 | name: thoth-s2i 6 | labels: 7 | app: aicoe-ci 8 | spec: 9 | type: image 10 | params: 11 | - name: url 12 | value: quay.io/thoth-station/s2i-thoth-ubi8-py38:v0.29.0 13 | --- 14 | apiVersion: tekton.dev/v1alpha1 15 | kind: PipelineResource 16 | metadata: 17 | name: ubi8-minimal 18 | spec: 19 | type: image 20 | params: 21 | - name: url 22 | value: registry.access.redhat.com/ubi8/ubi-minimal:latest 23 | --- 24 | apiVersion: tekton.dev/v1alpha1 25 | kind: PipelineResource 26 | metadata: 27 | name: ubi8 28 | spec: 29 | type: image 30 | params: 31 | - name: url 32 | value: registry.access.redhat.com/ubi8/ubi:latest 33 | --- 34 | apiVersion: tekton.dev/v1alpha1 35 | kind: PipelineResource 36 | metadata: 37 | name: thoth-ops 38 | spec: 39 | type: image 40 | params: 41 | - name: url 42 | value: quay.io/thoth-station/thoth-ops:v0.18.0 43 | --- 44 | apiVersion: tekton.dev/v1alpha1 45 | kind: PipelineResource 46 | metadata: 47 | name: pipeline-helpers 48 | spec: 49 | type: image 50 | params: 51 | - name: url 52 | value: quay.io/thoth-station/pipeline-helpers:v0.6.0 53 | --- 54 | apiVersion: tekton.dev/v1alpha1 55 | kind: PipelineResource 56 | metadata: 57 | name: opf-apps-repo 58 | spec: 59 | type: git 60 | params: 61 | - name: url 62 | value: https://github.com/operate-first/apps.git 63 | - name: revision 64 | value: master 65 | --- 66 | apiVersion: tekton.dev/v1alpha1 67 | kind: PipelineResource 68 | metadata: 69 | name: opfcli-repo 70 | spec: 71 | type: git 72 | params: 73 | - name: url 74 | value: https://github.com/operate-first/apps.git 75 | - name: revision 76 | value: automated-releases 77 | --- 78 | apiVersion: tekton.dev/v1alpha1 79 | kind: PipelineResource 80 | metadata: 81 | name: thoth-s2i-py38 82 | labels: 83 | app: aicoe-ci 84 | spec: 85 | type: image 86 | params: 87 | - name: url 88 | value: quay.io/thoth-station/s2i-thoth-ubi8-py38:v0.27.0 89 | -------------------------------------------------------------------------------- /tasks/gather-metrics-configuration.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: gather-metrics-configuration 5 | labels: 6 | app: aicoe-ci 7 | spec: 8 | params: 9 | - name: pr_number 10 | description: Pull request ID. 11 | - name: pr_repo 12 | description: The git repository pr was raised to. 13 | resources: 14 | inputs: 15 | - name: s2i-thoth 16 | type: image 17 | - name: repo 18 | type: git 19 | - name: pr 20 | type: pullRequest 21 | results: 22 | - name: commit-sha 23 | description: Commit SHA-256. 24 | - name: html-repo-url 25 | description: Pull request HTML URL 26 | 27 | steps: 28 | - name: git-checkout-pr-number 29 | image: $(resources.inputs.s2i-thoth.url) 30 | workingDir: /workspace/repo 31 | securityContext: 32 | privileged: true 33 | script: | 34 | git fetch origin pull/$(params.pr_number)/head:workbranch 35 | git checkout workbranch 36 | 37 | - name: prepare-configuration 38 | image: $(resources.inputs.s2i-thoth.url) 39 | workingDir: /workspace/repo 40 | securityContext: 41 | privileged: true 42 | script: | 43 | #!/usr/bin/env python3 44 | import yaml 45 | import json 46 | import subprocess 47 | 48 | with open(".aicoe-ci.yaml", "r") as ci_stream: 49 | ci_conf = yaml.safe_load(ci_stream) 50 | 51 | print(f".aicoe.yaml is: {ci_conf}") 52 | 53 | # Store commit SHA 256 54 | with open("/workspace/pr/pr.json") as f: 55 | pr_info = json.load(f) 56 | 57 | commit_sha = pr_info["Sha"] 58 | with open(f"/tekton/results/commit-sha", 'w') as result: 59 | result.write(commit_sha) 60 | 61 | # Store HTML Repo URL 62 | repo_link = pr_info["Base"]["Repo"]["Link"] 63 | pr_number = pr_info["Number"] 64 | html_repo_url = f"{repo_link}/pulls/{pr_number}" 65 | 66 | with open(f"/tekton/results/html-repo-url", 'w') as result: 67 | result.write(html_repo_url) 68 | -------------------------------------------------------------------------------- /triggertemplate/git-tag-template.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: triggers.tekton.dev/v1alpha1 2 | kind: TriggerTemplate 3 | metadata: 4 | name: git-tag-template 5 | labels: 6 | app: aicoe-ci 7 | spec: 8 | params: 9 | - name: git_ref 10 | description: Git reference value. 11 | - name: git_ref_type 12 | description: Type of ref Tag or Branch. 13 | - name: repo_name 14 | description: The git repository title. 15 | - name: repo_url 16 | description: The git repository url. 17 | - name: default_branch 18 | description: The git repository default branch. 19 | - name: pipelinerun_name 20 | description: pipelinerun associated. 21 | 22 | resourcetemplates: 23 | - apiVersion: tekton.dev/v1beta1 24 | kind: PipelineRun 25 | metadata: 26 | name: tag-release-$(uid) 27 | labels: 28 | app: aicoe-ci 29 | project: $(tt.params.repo_name) 30 | component: tag-$(tt.params.repo_name) 31 | spec: 32 | serviceAccountName: aicoe-ci 33 | timeout: "2h" 34 | pipelineRef: 35 | name: tag-release-pipeline 36 | params: 37 | - name: git_ref 38 | value: $(tt.params.git_ref) 39 | - name: git_ref_type 40 | value: $(tt.params.git_ref_type) 41 | - name: repo_name 42 | value: $(tt.params.repo_name) 43 | - name: repo_url 44 | value: $(tt.params.repo_url) 45 | - name: default_branch 46 | value: $(tt.params.default_branch) 47 | - name: uid 48 | value: $(uid) 49 | - name: pipelinerun_name 50 | value: tag-release-$(uid) 51 | resources: 52 | - name: git-repo 53 | resourceSpec: 54 | type: git 55 | params: 56 | - name: revision 57 | value: $(tt.params.default_branch) 58 | - name: url 59 | value: $(tt.params.repo_url) 60 | - name: s2i-thoth 61 | resourceRef: 62 | name: thoth-s2i 63 | - name: ubi 64 | resourceRef: 65 | name: ubi8 66 | -------------------------------------------------------------------------------- /setup-instance/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | commonLabels: 4 | app.kubernetes.io/name: aicoe-ci 5 | app.kubernetes.io/component: tekton 6 | app.kubernetes.io/version: v1.0.0 7 | resources: 8 | - ../conditions/action-check.yaml 9 | - ../conditions/config-check.yaml 10 | - ../conditions/custom-pipeline-check.yaml 11 | - ../conditions/deploy-comment-check.yaml 12 | - ../conditions/issue-check.yaml 13 | - ../conditions/retest-comment-check.yaml 14 | - ../conditions/upload-pypi-check.yaml 15 | - ../tasks/configuration-task.yaml 16 | - ../tasks/custom-pipeline.yaml 17 | - ../tasks/deploy-manifests.yaml 18 | - ../tasks/discover-route.yaml 19 | - ../tasks/gather-and-provide-metrics.yaml 20 | - ../tasks/gather-metrics-check-inputs.yaml 21 | - ../tasks/gather-metrics-clean-task.yaml 22 | - ../tasks/gather-metrics-configuration.yaml 23 | - ../tasks/init-task.yaml 24 | - ../tasks/issue-check.yaml 25 | - ../tasks/issue-release-task.yaml 26 | - ../tasks/pr-build-release.yaml 27 | - ../tasks/pr-build.yaml 28 | - ../tasks/pr-config.yaml 29 | - ../tasks/pr-merge.yaml 30 | - ../tasks/pre-commit-check.yaml 31 | - ../tasks/pre-commit-py38-check.yaml 32 | - ../tasks/pytest-checks.yaml 33 | - ../tasks/pytest-py38-checks.yaml 34 | - ../tasks/repo-upstream-sync.yaml 35 | - ../tasks/resource.yaml 36 | - ../tasks/status-task.yaml 37 | - ../tasks/tag-build.yaml 38 | - ../tasks/tag-check.yaml 39 | - ../tasks/tag-deploy-task.yaml 40 | - ../tasks/tag-release-task.yaml 41 | - ../tasks/tox-checks.yaml 42 | - ../tasks/upload-pypi.yaml 43 | - ../pipeline/issue-pipeline.yaml 44 | - ../pipeline/pull-request-pipeline.yaml 45 | - ../pipeline/tag-release-pipeline.yaml 46 | - ../pipeline/gather-deployment-metrics-pipeline.yaml 47 | - ../manifests/binding.yaml 48 | - ../manifests/role.yaml 49 | - ../manifests/serviceaccount.yaml 50 | - ../trigger/eventlistener.yaml 51 | - ../trigger/git-issue-comment-binding.yaml 52 | - ../trigger/git-issue-binding.yaml 53 | - ../trigger/git-issue-template.yaml 54 | - ../trigger/git-pr-binding.yaml 55 | - ../trigger/git-pr-template.yaml 56 | - ../trigger/git-tag-binding.yaml 57 | - ../trigger/git-tag-template.yaml 58 | - ../trigger/webhook-tag-binding.yaml 59 | -------------------------------------------------------------------------------- /tasks/gather-metrics-pipeline-watch-task.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: gather-metrics-pipeline-watch 5 | labels: 6 | app: aicoe-ci 7 | spec: 8 | params: 9 | - name: pr_number 10 | description: Pull request ID. 11 | - name: pr_repo 12 | description: The git repository pr was raised to. 13 | resources: 14 | inputs: 15 | - name: pipeline-helpers 16 | type: image 17 | - name: repo 18 | type: git 19 | 20 | steps: 21 | - name: watch-pipelines 22 | image: quay.io/openshift/origin-cli:latest 23 | workingDir: /workspace/repo 24 | securityContext: 25 | privileged: true 26 | script: | 27 | set -x 28 | set -o nounset 29 | set -o errexit 30 | set -o errtrace 31 | set -o pipefail 32 | trap 'echo "Aborting due to errexit on line $LINENO. Exit code: $?" >&2' ERR 33 | 34 | while true 35 | do 36 | pipelines_states=$( 37 | kubectl get pipelineruns --selector component=$(params.pr_repo)-pr-$(params.pr_number) -o json | python3 -c "import sys, json; print(' '.join([str([str(status['reason']) for status in pipeline['status']['conditions']][0]) for pipeline in json.load(sys.stdin)['items'] if pipeline['spec']['pipelineRef']['name'] == 'gather-deployment-metrics-pipeline']))" 38 | ) 39 | echo $pipelines_states 40 | [ $? -eq 0 ] || exit 1 41 | 42 | checks=0 43 | 44 | for i in ${pipelines_states[@]} 45 | do 46 | if [ "$i" == "Running" ] || [ "$i" == "Pending" ]; then 47 | checks=`expr $checks + 1` 48 | fi 49 | if [ "$i" == "Succeeded" ] || [ "$i" == "Failed" ]; then 50 | continue 51 | fi 52 | done 53 | echo $checks 54 | 55 | if [ "$checks" == "0" ]; then 56 | exit 0 57 | else 58 | sleep 10s 59 | continue 60 | fi 61 | echo "Build exited with checks reported: $checks" 1>&2 62 | exit 1 63 | done 64 | -------------------------------------------------------------------------------- /manifests/overlays/moc/thoth-notification.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: batch/v1 3 | kind: Job 4 | metadata: 5 | name: aicoe-ci-chat-notification-succeeded- 6 | annotations: 7 | operation: chat-notification 8 | argocd.argoproj.io/hook: PostSync 9 | argocd.argoproj.io/hook-delete-policy: HookSucceeded 10 | spec: 11 | ttlSecondsAfterFinished: 5 12 | backoffLimit: 2 13 | template: 14 | spec: 15 | containers: 16 | - name: chat-notification 17 | image: registry.access.redhat.com/ubi8/ubi 18 | command: 19 | - "curl" 20 | - "-X" 21 | - "POST" 22 | - "-H" 23 | - "Content-Type: application/json; charset=UTF-8" 24 | - "-d" 25 | - "{'text':'I have successfully synchronized *aicoe-ci* to *PROD*, see 🚀'}" 26 | - "$(THOTH_DEVOPS_WEBHOOK_URL)" 27 | env: 28 | - name: THOTH_DEVOPS_WEBHOOK_URL 29 | valueFrom: 30 | secretKeyRef: 31 | name: chat-notification 32 | key: thoth-devops 33 | restartPolicy: Never 34 | --- 35 | apiVersion: batch/v1 36 | kind: Job 37 | metadata: 38 | name: aicoe-ci-chat-notification-failed- 39 | annotations: 40 | operation: chat-notification 41 | argocd.argoproj.io/hook: SyncFail 42 | argocd.argoproj.io/hook-delete-policy: HookSucceeded 43 | spec: 44 | ttlSecondsAfterFinished: 5 45 | backoffLimit: 2 46 | template: 47 | spec: 48 | containers: 49 | - name: chat-notification 50 | image: registry.access.redhat.com/ubi8/ubi 51 | command: 52 | - "curl" 53 | - "-X" 54 | - "POST" 55 | - "-H" 56 | - "Content-Type: application/json; charset=UTF-8" 57 | - "-d" 58 | - "{'text':'🔥 *FAILED* syncing *AICoE-CI* components to *PROD*, see '}" 59 | - "$(THOTH_DEVOPS_WEBHOOK_URL)" 60 | env: 61 | - name: THOTH_DEVOPS_WEBHOOK_URL 62 | valueFrom: 63 | secretKeyRef: 64 | name: chat-notification 65 | key: thoth-devops 66 | restartPolicy: Never 67 | -------------------------------------------------------------------------------- /tasks/tag-sibling.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: tag-sibling 5 | spec: 6 | params: 7 | # tag params 8 | - name: git_ref 9 | description: Git reference value. 10 | - name: repo_name 11 | description: The git repository title. 12 | - name: sibling_project_org 13 | description: Sibling configuration repository's organization. 14 | - name: sibling_project_name 15 | description: Sibling configuration repository. 16 | resources: 17 | inputs: 18 | - name: s2i-thoth 19 | type: image 20 | - name: repo 21 | type: git 22 | 23 | steps: 24 | - name: git-clone-config-repo 25 | image: $(resources.inputs.s2i-thoth.url) 26 | securityContext: 27 | privileged: true 28 | script: | 29 | export GIT_SSH_COMMAND='ssh -i /tekton/home/.ssh/id_rsa -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' 30 | git clone git@github.com:$(params.sibling_project_org)/$(params.sibling_project_name) /workspace/configrepo 31 | volumeMounts: 32 | - name: ssh-config 33 | mountPath: /tekton/home/.ssh 34 | 35 | - name: git-push 36 | image: $(resources.inputs.s2i-thoth.url) 37 | securityContext: 38 | privileged: true 39 | workingDir: /workspace/configrepo 40 | env: 41 | - name: GITHUB_USERNAME 42 | valueFrom: 43 | secretKeyRef: 44 | name: auth-secret 45 | key: user-name 46 | - name: GITHUB_EMAIL 47 | valueFrom: 48 | secretKeyRef: 49 | name: auth-secret 50 | key: user-email 51 | script: | 52 | git config --local user.email "$GITHUB_EMAIL" 53 | git config --local user.name "$GITHUB_USERNAME" 54 | git remote -v 55 | export GIT_SSH_COMMAND='ssh -i /tekton/home/.ssh/id_rsa -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' 56 | git fetch origin 57 | git tag $(params.git_ref) 58 | git push origin --tags 59 | volumeMounts: 60 | - name: ssh-config 61 | mountPath: /tekton/home/.ssh 62 | 63 | volumes: 64 | - name: ssh-config 65 | secret: 66 | secretName: auth-secret 67 | items: 68 | - key: ssh-privatekey 69 | mode: 0600 70 | path: id_rsa 71 | -------------------------------------------------------------------------------- /manifests/overlays/ocp/thoth-notification.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: batch/v1 3 | kind: Job 4 | metadata: 5 | name: aicoe-ci-chat-notification-succeeded- 6 | annotations: 7 | operation: chat-notification 8 | argocd.argoproj.io/hook: PostSync 9 | argocd.argoproj.io/hook-delete-policy: HookSucceeded 10 | spec: 11 | ttlSecondsAfterFinished: 5 12 | backoffLimit: 2 13 | template: 14 | spec: 15 | containers: 16 | - name: chat-notification 17 | image: registry.access.redhat.com/ubi8/ubi 18 | command: 19 | - "curl" 20 | - "-X" 21 | - "POST" 22 | - "-H" 23 | - "Content-Type: application/json; charset=UTF-8" 24 | - "-d" 25 | - "{'text':'I have successfully synchronized *aicoe-ci* to *OCP*, see 🚀'}" 26 | - "$(THOTH_DEVOPS_WEBHOOK_URL)" 27 | env: 28 | - name: THOTH_DEVOPS_WEBHOOK_URL 29 | valueFrom: 30 | secretKeyRef: 31 | name: chat-notification 32 | key: thoth-devops 33 | restartPolicy: Never 34 | --- 35 | apiVersion: batch/v1 36 | kind: Job 37 | metadata: 38 | name: aicoe-ci-chat-notification-failed- 39 | annotations: 40 | operation: chat-notification 41 | argocd.argoproj.io/hook: SyncFail 42 | argocd.argoproj.io/hook-delete-policy: HookSucceeded 43 | spec: 44 | ttlSecondsAfterFinished: 5 45 | backoffLimit: 2 46 | template: 47 | spec: 48 | containers: 49 | - name: chat-notification 50 | image: registry.access.redhat.com/ubi8/ubi 51 | command: 52 | - "curl" 53 | - "-X" 54 | - "POST" 55 | - "-H" 56 | - "Content-Type: application/json; charset=UTF-8" 57 | - "-d" 58 | - "{'text':'🔥 *FAILED* syncing *AICoE-CI* components to *OCP*, see '}" 59 | - "$(THOTH_DEVOPS_WEBHOOK_URL)" 60 | env: 61 | - name: THOTH_DEVOPS_WEBHOOK_URL 62 | valueFrom: 63 | secretKeyRef: 64 | name: chat-notification 65 | key: thoth-devops 66 | restartPolicy: Never 67 | -------------------------------------------------------------------------------- /docs/adr/template.md: -------------------------------------------------------------------------------- 1 | # [short title of solved problem and solution] 2 | 3 | * Status: [proposed | rejected | accepted | deprecated | … | superseded by [ADR-0005](0005-example.md)] 4 | * Deciders: [list everyone involved in the decision] 5 | * Date: [YYYY-MM-DD when the decision was last updated] 6 | 7 | Technical Story: [description | ticket/issue URL] 8 | 9 | ## Context and Problem Statement 10 | 11 | [Describe the context and problem statement, e.g., in free form using two to three sentences. You may want to articulate the problem in form of a question.] 12 | 13 | ## Decision Drivers 14 | 15 | * [driver 1, e.g., a force, facing concern, …] 16 | * [driver 2, e.g., a force, facing concern, …] 17 | * … 18 | 19 | ## Considered Options 20 | 21 | * [option 1] 22 | * [option 2] 23 | * [option 3] 24 | * … 25 | 26 | ## Decision Outcome 27 | 28 | Chosen option: "[option 1]", because [justification. e.g., only option, which meets k.o. criterion decision driver | which resolves force force | … | comes out best (see below)]. 29 | 30 | ### Positive Consequences 31 | 32 | * [e.g., improvement of quality attribute satisfaction, follow-up decisions required, …] 33 | * … 34 | 35 | ### Negative Consequences 36 | 37 | * [e.g., compromising quality attribute, follow-up decisions required, …] 38 | * … 39 | 40 | ## Pros and Cons of the Options 41 | 42 | ### [option 1] 43 | 44 | [example | description | pointer to more information | …] 45 | 46 | * Good, because [argument a] 47 | * Good, because [argument b] 48 | * Bad, because [argument c] 49 | * … 50 | 51 | ### [option 2] 52 | 53 | [example | description | pointer to more information | …] 54 | 55 | * Good, because [argument a] 56 | * Good, because [argument b] 57 | * Bad, because [argument c] 58 | * … 59 | 60 | ### [option 3] 61 | 62 | [example | description | pointer to more information | …] 63 | 64 | * Good, because [argument a] 65 | * Good, because [argument b] 66 | * Bad, because [argument c] 67 | * … 68 | 69 | ## Links 70 | 71 | * [Link type] [Link to ADR] 72 | * … 73 | 74 | 75 | -------------------------------------------------------------------------------- /docs/thoth-bots-setup.md: -------------------------------------------------------------------------------- 1 | # Instructions to setup Bots and Ci services 2 | 3 | - Requirement: 4 | 5 | - The Bots and CI Services uses authorization credentials of our cyborg team member [sesheta](https://github.com/sesheta).Please extend a invitation for [sesheta](https://github.com/sesheta) to be a member of organization or a collaborator in the repository for which the bots and CI system is being setup. 6 | 7 | - Services: 8 | 9 | - [AICoE-CI](https://github.com/AICoE/aicoe-ci): Continuous integration system is used for running status checks on pull request, build releases, and python module releases.
10 | Setup information: 11 | 12 | - AICoE-CI is available as [GitHub application](https://github.com/apps/aicoe-ci).
13 | It can be configured on an organization or on a single repository. 14 | 15 | - [Kebechet](https://github.com/thoth-station/kebechet#kebechet): Kebechet is a SourceOps bot that automates updating dependencies of your project.
16 | Setup information: 17 | 18 | - Kebechet is available as [GitHub application](https://github.com/apps/khebhut).
19 | It can be configured on an organization or on a single repository. 20 | - Kebechet requires a configuration file ([.thoth.yaml](https://github.com/thoth-station/kebechet/blob/master/.thoth.yaml)) at root level of the project. 21 | 22 | ```yaml 23 | host: khemenu.thoth-station.ninja 24 | tls_verify: false 25 | requirements_format: pipenv 26 | 27 | runtime_environments: 28 | - name: rhel:8 29 | operating_system: 30 | name: rhel 31 | version: "8" 32 | python_version: "3.6" 33 | recommendation_type: latest 34 | 35 | managers: 36 | - name: pipfile-requirements 37 | - name: update 38 | configuration: 39 | labels: [bot] 40 | - name: info 41 | - name: version 42 | configuration: 43 | maintainers: 44 | - goern # Update this list of project maintainers 45 | - fridex 46 | assignees: 47 | - sesheta 48 | labels: [bot] 49 | changelog_file: true 50 | ``` 51 | 52 | - [Sefkhet-Abwy](https://github.com/AICoE/Sefkhet-Abwy#sefkhet-abwy): SourceOps bot functions as review manager, sets up labels in pull request and issues, manage chat notifications, and prometheus chat notification.
53 | Setup information: 54 | 55 | - Sefkhet-Abwy is available as a [GitHub application](https://github.com/apps/sefkhet-abwy). 56 | -------------------------------------------------------------------------------- /triggertemplate/git-model-template.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: triggers.tekton.dev/v1alpha1 2 | kind: TriggerTemplate 3 | metadata: 4 | name: git-model-template 5 | labels: 6 | app: aicoe-ci 7 | spec: 8 | params: 9 | - name: pr_number 10 | description: Pull request ID. 11 | - name: pr_repo 12 | description: The git repository pr was raised to. 13 | - name: pr_url 14 | description: The pr url. 15 | - name: repo_url 16 | description: The git repository url. 17 | - name: default_branch 18 | description: The git repository default branch. 19 | - name: event_action 20 | description: Action performed on Pull request. 21 | default: "DEFAULT" 22 | resourcetemplates: 23 | - apiVersion: tekton.dev/v1beta1 24 | kind: PipelineRun 25 | metadata: 26 | name: aicoe-model-pipelinerun-$(uid) 27 | labels: 28 | app: aicoe-ci 29 | project: $(tt.params.pr_repo) 30 | component: $(tt.params.pr_repo)-pr-$(tt.params.pr_number) 31 | spec: 32 | serviceAccountName: aicoe-ci 33 | pipelineRef: 34 | name: "gather-deployment-metrics-setup-pipeline" 35 | params: 36 | - name: event_action 37 | value: $(tt.params.event_action) 38 | - name: pr_number 39 | value: $(tt.params.pr_number) 40 | - name: pr_repo 41 | value: $(tt.params.pr_repo) 42 | - name: repo_url 43 | value: $(tt.params.repo_url) 44 | - name: default_branch 45 | value: $(tt.params.default_branch) 46 | resources: 47 | - name: git-repo 48 | resourceSpec: 49 | type: git 50 | params: 51 | - name: revision 52 | value: $(tt.params.default_branch) 53 | - name: url 54 | value: $(tt.params.repo_url) 55 | - name: thoth-s2i-py38 56 | resourceRef: 57 | name: thoth-s2i-py38 58 | - name: pipeline-helpers 59 | resourceRef: 60 | name: pipeline-helpers 61 | - name: thoth-ops 62 | resourceRef: 63 | name: thoth-ops 64 | - name: pr-source 65 | resourceSpec: 66 | type: pullRequest 67 | params: 68 | - name: url 69 | value: $(tt.params.pr_url) 70 | secrets: 71 | - fieldName: authToken 72 | secretName: auth-secret 73 | secretKey: token 74 | -------------------------------------------------------------------------------- /tasks/custom-pipeline.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: custom-pipeline 5 | labels: 6 | app: aicoe-ci 7 | spec: 8 | params: 9 | - name: git_ref 10 | description: Git reference value. 11 | - name: git_ref_type 12 | description: Type of ref Tag or Branch. 13 | - name: repo_name 14 | description: The git repository title. 15 | - name: repo_url 16 | description: The git repository url. 17 | - name: default_branch 18 | description: The git repository default branch. 19 | - name: uid 20 | description: uid of the pipeline. 21 | resources: 22 | inputs: 23 | - name: s2i-thoth 24 | type: image 25 | - name: repo 26 | type: git 27 | 28 | steps: 29 | - name: custom-pipeline-setup 30 | image: $(resources.inputs.s2i-thoth.url) 31 | workingDir: /workspace/repo 32 | securityContext: 33 | privileged: true 34 | script: | 35 | cat < pipelinerun.yaml 36 | apiVersion: tekton.dev/v1beta1 37 | kind: PipelineRun 38 | metadata: 39 | name: custom-pipeline-$(params.uid) 40 | labels: 41 | app: aicoe-ci 42 | project: $(params.repo_name) 43 | component: custom-build-pipeline 44 | spec: 45 | serviceAccountName: aicoe-ci 46 | pipelineRef: 47 | name: custom-pipeline 48 | params: 49 | - name: git_ref 50 | value: $(params.git_ref) 51 | - name: git_ref_type 52 | value: $(params.git_ref_type) 53 | - name: repo_name 54 | value: $(params.repo_name) 55 | - name: repo_url 56 | value: $(params.repo_url) 57 | resources: 58 | - name: git-repo 59 | resourceSpec: 60 | type: git 61 | params: 62 | - name: revision 63 | value: $(params.default_branch) 64 | - name: url 65 | value: $(params.repo_url) 66 | - name: s2i-thoth 67 | resourceSpec: 68 | type: image 69 | params: 70 | - name: url 71 | value: $(resources.inputs.s2i-thoth.url) 72 | EOF 73 | 74 | - name: start-pipeline 75 | image: quay.io/openshift/origin-cli:latest 76 | workingDir: /workspace/repo 77 | script: | 78 | oc apply -f pipeline.yaml 79 | oc apply -f pipelinerun.yaml 80 | echo "Checkout the pipeline: custom-pipeline-$(params.uid)" 81 | -------------------------------------------------------------------------------- /triggertemplate/onboarding-issue-template.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: triggers.tekton.dev/v1alpha1 2 | kind: TriggerTemplate 3 | metadata: 4 | name: onboarding-issue-template 5 | spec: 6 | params: 7 | - name: event_action 8 | description: Action of Issue. 9 | - name: issue_number 10 | description: Issue number. 11 | - name: issue_state 12 | description: State of the Issue. 13 | - name: issue_title 14 | description: Title of the Issue. 15 | - name: issue_body 16 | description: Body of the Issue. 17 | - name: issue_author_association 18 | description: Author association of the Issue. 19 | - name: issue_author 20 | description: Author of the Issue. 21 | - name: repo_name 22 | description: The git repository issue was raised in. 23 | - name: repo_full_name 24 | description: The git repository full name. 25 | - name: repo_url 26 | description: The git repository url. 27 | - name: ssh_url 28 | description: The git repository ssh url. 29 | - name: default_branch 30 | description: The git repository default branch. 31 | - name: pipelinerun_name 32 | description: pipelinerun associated. 33 | resourcetemplates: 34 | - apiVersion: tekton.dev/v1beta1 35 | kind: PipelineRun 36 | metadata: 37 | name: onboarding-issue-$(uid) 38 | spec: 39 | serviceAccountName: aicoe-ci 40 | pipelineRef: 41 | name: onboarding-issue-pipeline 42 | params: 43 | - name: event_action 44 | value: $(tt.params.event_action) 45 | - name: issue_number 46 | value: $(tt.params.issue_number) 47 | - name: issue_state 48 | value: $(tt.params.issue_state) 49 | - name: issue_title 50 | value: $(tt.params.issue_title) 51 | - name: issue_body 52 | value: $(tt.params.issue_body) 53 | - name: issue_author_association 54 | value: $(tt.params.issue_author_association) 55 | - name: issue_author 56 | value: $(tt.params.issue_author) 57 | - name: repo_name 58 | value: $(tt.params.repo_name) 59 | - name: repo_full_name 60 | value: $(tt.params.repo_full_name) 61 | - name: repo_url 62 | value: $(tt.params.repo_url) 63 | - name: ssh_url 64 | value: $(tt.params.ssh_url) 65 | - name: pipelinerun_name 66 | value: issue-onboarding-$(uid) 67 | resources: 68 | - name: opf-apps-repo 69 | resourceRef: 70 | name: opf-apps-repo 71 | - name: opfcli-repo 72 | resourceRef: 73 | name: opfcli-repo 74 | -------------------------------------------------------------------------------- /tasks/github-release.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: git-add-release-artifacts 5 | spec: 6 | params: 7 | - default: operate-first 8 | description: the git organization title. 9 | name: git_organization 10 | type: string 11 | - default: opfcli 12 | description: The git repository title. 13 | name: git_repository 14 | type: string 15 | - default: linux-arm linux-arm64 linux-amd64 darwin-amd64 16 | description: >- 17 | OS strategy with which binaries are built. Inputed as string delineated 18 | with spaces, such as "Darwin-amd64 linux-amd64 darwin-amd64" etc. 19 | name: build_strategy_OS_x_ARCH 20 | type: string 21 | - description: The existing or desired tag name. 22 | name: git_tag 23 | type: string 24 | steps: 25 | - image: 'quay.io/larsks/opf-go-precommit:latest' 26 | name: binary-builds 27 | resources: {} 28 | script: | 29 | cd opfcli; 30 | mkdir binaries 31 | for build in $(params.build_strategy_OS_x_ARCH); do 32 | export GOARCH="$(echo $build | cut -d '-' -f2)" 33 | export GOOS="$(echo $build | cut -d '-' -f1)" 34 | env | grep GO; 35 | make 36 | ls -al; 37 | mv opfcli-$build ./binaries; 38 | done 39 | workingDir: /workspace/ 40 | - image: 'quay.io/thoth-station/s2i-thoth-ubi8-py36:latest' 41 | name: push-artifacts 42 | resources: {} 43 | script: > 44 | #!/usr/libexec/platform-python 45 | import requests 46 | import os 47 | import json 48 | binaries_base_path="/workspace/repo/binaries"; 49 | binaries=os.listdir("/workspace/repo/binaries"); 50 | release=requests.get('https://api.github.com/repos/$(params.git_organization)/$(params.git_repository)/releases/tags/$(params.git_tag)').json(); 51 | release_url = release.url 52 | release_id_index = release_info.index("releases/") + 9; 53 | release_id = release_url[(len(release_url)-release_id_index):]; 54 | upload_url = release.upload_url 55 | values={} 56 | headers = {'Authorization': 'token {os.getenv("GITHUBTOKEN")}'} 57 | for binary in binaries: 58 | values['name'] = binary 59 | files={'upload_file': open(f'{binaries_base_path}/{binary}', 'rb'), 'name': f'{binary}'} 60 | content_length = os.path.getsize(f'{binaries_base_path}/{binary}') 61 | headers = {'Content-Type': 'multipart/form-data', 'Content-Length': f'{content_length}'} 62 | requests.post("https://uploads.github.com/repos/$(params.git_organization)/$(params.git_repository)/releases/{release_id}/assets/", headers=headers, files=files, values=values); 63 | print(response.json()); # print the output of json request to confirm binaries were uploaded 64 | env: 65 | - name: GITHUBTOKEN 66 | valueFrom: 67 | secretKeyRef: 68 | key: token 69 | name: auth-secret 70 | workingDir: /workspace/repo 71 | -------------------------------------------------------------------------------- /tasks/gather-metrics-provide-task.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: provide-metrics 5 | spec: 6 | resources: 7 | inputs: 8 | - name: pipeline-helpers 9 | type: image 10 | - name: s2i-thoth 11 | type: image 12 | - name: pr 13 | type: pullRequest 14 | - name: repo 15 | type: git 16 | 17 | steps: 18 | - name: aggregate-data 19 | image: $(resources.inputs.pipeline-helpers.url) 20 | workingDir: /workspace/repo 21 | securityContext: 22 | privileged: true 23 | env: 24 | - name: PIPELINE_HELPERS_DEPLOYMENT_NAMESPACE 25 | valueFrom: 26 | configMapKeyRef: 27 | name: aicoe-ci-config 28 | key: namespace 29 | - name: THOTH_S3_ENDPOINT_URL 30 | valueFrom: 31 | configMapKeyRef: 32 | name: aicoe-ci-config 33 | key: endpoint 34 | - name: THOTH_CEPH_BUCKET 35 | valueFrom: 36 | configMapKeyRef: 37 | name: aicoe-ci-config 38 | key: bucket 39 | - name: THOTH_CEPH_KEY_ID 40 | valueFrom: 41 | secretKeyRef: 42 | name: aicoe-ci-ceph 43 | key: key-id 44 | - name: THOTH_CEPH_SECRET_KEY 45 | valueFrom: 46 | secretKeyRef: 47 | name: aicoe-ci-ceph 48 | key: secret-key 49 | script: | 50 | python3 /opt/app-root/src/aggregate_metrics_results.py 51 | 52 | - name: pr-updates 53 | image: $(resources.inputs.s2i-thoth.url) 54 | workingDir: /workspace/repo 55 | securityContext: 56 | privileged: true 57 | env: 58 | - name: GITHUBTOKEN 59 | valueFrom: 60 | secretKeyRef: 61 | name: auth-secret 62 | key: token 63 | script: | 64 | #!/usr/bin/env python3 65 | import json 66 | import os 67 | import http.client 68 | 69 | def post_comment(comment: str): 70 | with open("/workspace/pr/pr.json") as f: 71 | pr_info = json.load(f) 72 | 73 | comment_url = "/repos/{}/issues/{}/comments".format(pr_info["Base"]["Repo"]["FullName"], pr_info["Number"]) 74 | 75 | data = { 76 | "body": comment, 77 | } 78 | 79 | conn = http.client.HTTPSConnection("api.github.com") 80 | r = conn.request( 81 | "POST", 82 | comment_url, 83 | body=json.dumps(data), 84 | headers={ 85 | "User-Agent": "aicoe-ci", 86 | "Authorization": "Bearer " + os.environ["GITHUBTOKEN"], 87 | }) 88 | 89 | resp = conn.getresponse() 90 | if not str(resp.status).startswith("2"): 91 | print("Error: %d" % (resp.status)) 92 | print(resp.read()) 93 | 94 | if os.path.isfile('pr-comment'): 95 | with open('pr-comment') as comment_data: 96 | comment = comment_data.read() 97 | post_comment(comment) 98 | -------------------------------------------------------------------------------- /fixtures/tektonpr.json: -------------------------------------------------------------------------------- 1 | { 2 | "Number": 54, 3 | "Title": "Remove env files", 4 | "Body": "Signed-off-by: Harshad Reddy Nalla ", 5 | "Labels": [ 6 | { 7 | "ID": 0, 8 | "URL": "https://api.github.com/repos/harshad16/test/labels/accepted", 9 | "Name": "accepted", 10 | "Description": "", 11 | "Color": "66aa00" 12 | }, 13 | { 14 | "ID": 0, 15 | "URL": "https://api.github.com/repos/harshad16/test/labels/good%20first%20issue", 16 | "Name": "good first issue", 17 | "Description": "Good for newcomers", 18 | "Color": "7057ff" 19 | } 20 | ], 21 | "Sha": "279443e8eed786a1b6fc2207adb809a9ac81abb2", 22 | "Ref": "refs/pull/54/head", 23 | "Source": "remove-env", 24 | "Target": "master", 25 | "Base": { 26 | "Ref": "master", 27 | "Sha": "35b396fcdf08a2621c6c0b5bfe3818b1ff4f7aa3", 28 | "Repo": { 29 | "ID": "180859566", 30 | "Namespace": "harshad16", 31 | "Name": "test", 32 | "FullName": "harshad16/test", 33 | "Perm": { 34 | "Pull": false, 35 | "Push": false, 36 | "Admin": false 37 | }, 38 | "Branch": "master", 39 | "Private": false, 40 | "Clone": "https://github.com/harshad16/test.git", 41 | "CloneSSH": "git@github.com:harshad16/test.git", 42 | "Link": "https://github.com/harshad16/test", 43 | "Created": "2019-04-11T19:01:50Z", 44 | "Updated": "2020-05-01T18:07:47Z" 45 | } 46 | }, 47 | "Head": { 48 | "Ref": "remove-env", 49 | "Sha": "279443e8eed786a1b6fc2207adb809a9ac81abb2", 50 | "Repo": { 51 | "ID": "180859566", 52 | "Namespace": "harshad16", 53 | "Name": "test", 54 | "FullName": "harshad16/test", 55 | "Perm": { 56 | "Pull": false, 57 | "Push": false, 58 | "Admin": false 59 | }, 60 | "Branch": "master", 61 | "Private": false, 62 | "Clone": "https://github.com/harshad16/test.git", 63 | "CloneSSH": "git@github.com:harshad16/test.git", 64 | "Link": "https://github.com/harshad16/test", 65 | "Created": "2019-04-11T19:01:50Z", 66 | "Updated": "2020-05-01T18:07:47Z" 67 | } 68 | }, 69 | "Fork": "harshad16/test", 70 | "Link": "https://github.com/harshad16/test/pull/54.diff", 71 | "State": "open", 72 | "Closed": false, 73 | "Draft": false, 74 | "Merged": false, 75 | "Mergeable": true, 76 | "Rebaseable": true, 77 | "MergeableState": "", 78 | "MergeSha": "dc9f26c6115460aa1fa11042bf3bebf22adf4c04", 79 | "Author": { 80 | "Login": "harshad16", 81 | "Name": "", 82 | "Email": "", 83 | "Avatar": "https://avatars0.githubusercontent.com/u/14028058?v=4", 84 | "Link": "https://github.com/harshad16", 85 | "Created": "0001-01-01T00:00:00Z", 86 | "Updated": "0001-01-01T00:00:00Z" 87 | }, 88 | "Assignees": null, 89 | "Milestone": { 90 | "Number": 0, 91 | "ID": 0, 92 | "Title": "", 93 | "Description": "", 94 | "Link": "", 95 | "State": "" 96 | }, 97 | "Created": "2020-05-01T17:01:22Z", 98 | "Updated": "2020-05-01T20:34:56Z" 99 | } 100 | -------------------------------------------------------------------------------- /triggertemplate/git-issue-template.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: triggers.tekton.dev/v1alpha1 2 | kind: TriggerTemplate 3 | metadata: 4 | name: git-issue-template 5 | labels: 6 | app: aicoe-ci 7 | spec: 8 | params: 9 | - name: event_action 10 | description: Action of Issue. 11 | - name: issue_number 12 | description: Issue number. 13 | - name: issue_state 14 | description: State of the Issue. 15 | - name: issue_title 16 | description: Title of the Issue. 17 | - name: issue_body 18 | description: Body of the Issue. 19 | - name: issue_author_association 20 | description: Author association of the Issue. 21 | - name: issue_author 22 | description: Author of the Issue. 23 | - name: repo_name 24 | description: The git repository issue was raised in. 25 | - name: repo_full_name 26 | description: The git repository full name. 27 | - name: repo_url 28 | description: The git repository url. 29 | - name: ssh_url 30 | description: The git repository ssh url. 31 | - name: default_branch 32 | description: The git repository default branch. 33 | - name: pipelinerun_name 34 | description: pipelinerun associated. 35 | 36 | resourcetemplates: 37 | - apiVersion: tekton.dev/v1beta1 38 | kind: PipelineRun 39 | metadata: 40 | name: aicoe-issue-$(uid) 41 | labels: 42 | app: aicoe-ci 43 | project: $(tt.params.repo_name) 44 | component: $(tt.params.repo_name)-issue-$(tt.params.issue_number) 45 | spec: 46 | serviceAccountName: aicoe-ci 47 | pipelineRef: 48 | name: issue-pipeline 49 | params: 50 | - name: event_action 51 | value: $(tt.params.event_action) 52 | - name: issue_number 53 | value: $(tt.params.issue_number) 54 | - name: issue_state 55 | value: $(tt.params.issue_state) 56 | - name: issue_title 57 | value: $(tt.params.issue_title) 58 | - name: issue_body 59 | value: $(tt.params.issue_body) 60 | - name: issue_author_association 61 | value: $(tt.params.issue_author_association) 62 | - name: issue_author 63 | value: $(tt.params.issue_author) 64 | - name: default_branch 65 | value: $(tt.params.default_branch) 66 | - name: repo_name 67 | value: $(tt.params.repo_name) 68 | - name: repo_full_name 69 | value: $(tt.params.repo_full_name) 70 | - name: repo_url 71 | value: $(tt.params.repo_url) 72 | - name: ssh_url 73 | value: $(tt.params.ssh_url) 74 | - name: pipelinerun_name 75 | value: aicoe-issue-$(uid) 76 | resources: 77 | - name: git-repo 78 | resourceSpec: 79 | type: git 80 | params: 81 | - name: revision 82 | value: $(tt.params.default_branch) 83 | - name: url 84 | value: $(tt.params.repo_url) 85 | - name: s2i-thoth 86 | resourceRef: 87 | name: thoth-s2i 88 | - name: ubi 89 | resourceRef: 90 | name: ubi8 91 | -------------------------------------------------------------------------------- /triggertemplate/git-pr-template.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: triggers.tekton.dev/v1alpha1 2 | kind: TriggerTemplate 3 | metadata: 4 | name: git-pr-template 5 | labels: 6 | app: aicoe-ci 7 | spec: 8 | params: 9 | - name: pr_number 10 | description: Pull request ID. 11 | - name: pr_repo 12 | description: The git repository pr was raised to. 13 | - name: repo_full_name 14 | description: The git repository full name. 15 | - name: pr_url 16 | description: The pr url. 17 | - name: repo_url 18 | description: The git repository url. 19 | - name: ssh_url 20 | description: The git repository ssh url. 21 | - name: default_branch 22 | description: The git repository default branch. 23 | - name: event_action 24 | description: Action performed on Pull request. 25 | default: "DEFAULT" 26 | - name: pr_comment 27 | description: comment on the pull request. 28 | default: "DEFAULT" 29 | - name: pr_comment_author 30 | description: author of the comment on the pull request. 31 | default: "DEFAULT" 32 | - name: pr_comment_author_association 33 | description: comment author's association. 34 | default: "DEFAULT" 35 | - name: pipelinerun_name 36 | description: pipelinerun associated. 37 | resourcetemplates: 38 | - apiVersion: tekton.dev/v1beta1 39 | kind: PipelineRun 40 | metadata: 41 | name: aicoe-pipelinerun-$(uid) 42 | labels: 43 | app: aicoe-ci 44 | project: $(tt.params.pr_repo) 45 | component: $(tt.params.pr_repo)-pr-$(tt.params.pr_number) 46 | spec: 47 | serviceAccountName: aicoe-ci 48 | pipelineRef: 49 | name: pull-request-pipeline 50 | params: 51 | - name: event_action 52 | value: $(tt.params.event_action) 53 | - name: pr_number 54 | value: $(tt.params.pr_number) 55 | - name: pr_repo 56 | value: $(tt.params.pr_repo) 57 | - name: repo_url 58 | value: $(tt.params.repo_url) 59 | - name: ssh_url 60 | value: $(tt.params.ssh_url) 61 | - name: default_branch 62 | value: $(tt.params.default_branch) 63 | - name: repo_full_name 64 | value: $(tt.params.repo_full_name) 65 | - name: pr_comment 66 | value: $(tt.params.pr_comment) 67 | - name: pr_comment_author 68 | value: $(tt.params.pr_comment_author) 69 | - name: pr_comment_author_association 70 | value: $(tt.params.pr_comment_author_association) 71 | - name: pipelinerun_name 72 | value: aicoe-pipelinerun-$(uid) 73 | resources: 74 | - name: git-repo 75 | resourceSpec: 76 | type: git 77 | params: 78 | - name: revision 79 | value: $(tt.params.default_branch) 80 | - name: url 81 | value: $(tt.params.repo_url) 82 | - name: s2i-thoth 83 | resourceRef: 84 | name: thoth-s2i 85 | - name: ubi 86 | resourceRef: 87 | name: ubi8 88 | - name: pr-source 89 | resourceSpec: 90 | type: pullRequest 91 | params: 92 | - name: url 93 | value: $(tt.params.pr_url) 94 | secrets: 95 | - fieldName: authToken 96 | secretName: auth-secret 97 | secretKey: token 98 | -------------------------------------------------------------------------------- /triggertemplate/z-stream-release-template.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: triggers.tekton.dev/v1alpha1 2 | kind: TriggerTemplate 3 | metadata: 4 | name: z-stream-release-template 5 | labels: 6 | app: aicoe-ci 7 | spec: 8 | params: 9 | - name: git_ref 10 | description: Git reference value. 11 | - name: git_ref_type 12 | description: Type of ref Tag or Branch. 13 | - name: repo_url 14 | description: The git repository url. 15 | - name: default_branch 16 | description: The git repository default branch. 17 | 18 | - name: opf_repo_url 19 | description: operate-first repository url. 20 | - name: opf_default_branch 21 | description: operate-first repository default branch. 22 | - name: opf_repo 23 | description: operate-first repository. 24 | - name: opf_org 25 | description: operate-first organization. 26 | 27 | - name: rhods_repo_url 28 | description: RHODS repository url. 29 | - name: rhods_default_branch 30 | description: RHODS repository default_branch. 31 | - name: rhods_repo 32 | description: RHODS repository. 33 | - name: rhods_org 34 | description: RHODS organization. 35 | 36 | - name: pipelinerun_name 37 | description: pipelinerun associated. 38 | 39 | resourcetemplates: 40 | - apiVersion: tekton.dev/v1beta1 41 | kind: PipelineRun 42 | metadata: 43 | name: z-stream-release-$(uid) 44 | labels: 45 | app: aicoe-ci 46 | project: "operate-first-apps" 47 | component: "operate-first-apps" 48 | spec: 49 | serviceAccountName: aicoe-ci 50 | timeout: "2h" 51 | pipelineRef: 52 | name: z-stream-release-pipeline 53 | params: 54 | - name: git_ref 55 | value: $(tt.params.git_ref) 56 | - name: opf_org 57 | value: $(tt.params.opf_org) 58 | - name: opf_repo 59 | value: $(tt.params.opf_repo) 60 | - name: opf_repo_url 61 | value: $(tt.params.opf_repo_url) 62 | - name: opf_default_branch 63 | value: $(tt.params.opf_default_branch) 64 | resources: 65 | - name: s2i-thoth 66 | resourceRef: 67 | name: thoth-s2i 68 | - name: ubi 69 | resourceRef: 70 | name: ubi8 71 | 72 | - apiVersion: tekton.dev/v1beta1 73 | kind: PipelineRun 74 | metadata: 75 | name: z-stream-update-rhods-$(uid) 76 | labels: 77 | app: aicoe-ci 78 | project: "rhods-apps" 79 | component: "rhods-apps" 80 | spec: 81 | serviceAccountName: aicoe-ci 82 | timeout: "2h" 83 | pipelineRef: 84 | name: z-stream-update-rhods 85 | params: 86 | - name: git_ref 87 | value: $(tt.params.git_ref) 88 | - name: repo_url 89 | value: $(tt.params.repo_url) 90 | - name: default_branch 91 | value: $(tt.params.default_branch) 92 | - name: rhods_org 93 | value: $(tt.params.rhods_org) 94 | - name: rhods_repo 95 | value: $(tt.params.rhods_repo) 96 | - name: rhods_repo_url 97 | value: $(tt.params.rhods_repo_url) 98 | - name: rhods_default_branch 99 | value: $(tt.params.rhods_default_branch) 100 | resources: 101 | - name: s2i-thoth 102 | resourceRef: 103 | name: thoth-s2i 104 | - name: ubi 105 | resourceRef: 106 | name: ubi8 107 | -------------------------------------------------------------------------------- /tasks/tox-checks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: tox-check 5 | labels: 6 | app: aicoe-ci 7 | spec: 8 | params: 9 | - name: pr_number 10 | description: Pull Request number. 11 | - name: pipelinerun_name 12 | description: pipelinerun associated. 13 | resources: 14 | inputs: 15 | - name: s2i-thoth 16 | type: image 17 | - name: pr 18 | type: pullRequest 19 | - name: repo 20 | type: git 21 | 22 | steps: 23 | - name: git-init-op 24 | image: $(resources.inputs.s2i-thoth.url) 25 | workingDir: /workspace/repo 26 | securityContext: 27 | privileged: true 28 | script: | 29 | git fetch origin pull/$(params.pr_number)/head:workbranch 30 | git checkout workbranch 31 | 32 | - name: run-tox 33 | image: docker.io/fedorapython/fedora-python-tox:latest 34 | workingDir: /workspace/repo 35 | script: | 36 | if [[ -f tox.ini ]]; then 37 | set +ex 38 | out=$(tox 2>&1) 39 | exit_code=$? 40 | set -ex 41 | if [[ $exit_code -ne 0 ]]; then 42 | state="failure" 43 | desc="The tox test failed!" 44 | cat < /workspace/repo/pr-comment 45 |
46 | Tox Test failed! Click here 47 | 48 | \`\`\` 49 | $out 50 | \`\`\` 51 |
52 | EOF 53 | else 54 | state="success" 55 | desc="The tox test succeeded!" 56 | fi 57 | cat < /workspace/repo/pr-status.json 58 | { 59 | "state": "$state", 60 | "desc": "$desc" 61 | } 62 | EOF 63 | fi 64 | 65 | - name: pr-updates 66 | image: $(resources.inputs.s2i-thoth.url) 67 | workingDir: /workspace/repo 68 | securityContext: 69 | privileged: true 70 | env: 71 | - name: GITHUBTOKEN 72 | valueFrom: 73 | secretKeyRef: 74 | name: auth-secret 75 | key: token 76 | script: | 77 | #!/usr/libexec/platform-python 78 | import json 79 | import os 80 | import http.client 81 | 82 | def post_status(state, description): 83 | with open("/workspace/pr/pr.json") as f: 84 | PR_INFO = json.load(f) 85 | status_url = "/repos/{}/statuses/{}".format(PR_INFO["Base"]["Repo"]["FullName"], PR_INFO["Head"]["Sha"]) 86 | data = { 87 | "state": state, 88 | "target_url": "https://tekton.operate-first.cloud/#/namespaces/opf-ci-pipelines/pipelineruns/$(params.pipelinerun_name)", 89 | "description": description, 90 | "context": "aicoe-ci/tox-check" 91 | } 92 | 93 | conn = http.client.HTTPSConnection("api.github.com") 94 | r = conn.request( 95 | "POST", 96 | status_url, 97 | body=json.dumps(data), 98 | headers={ 99 | "User-Agent": "aicoe-ci", 100 | "Authorization": "Bearer " + os.environ["GITHUBTOKEN"], 101 | }) 102 | resp = conn.getresponse() 103 | if not str(resp.status).startswith("2"): 104 | print("Error: %d" % (resp.status)) 105 | print(resp.read()) 106 | 107 | if os.path.isfile('pr-status.json'): 108 | with open('pr-status.json') as json_data: 109 | status_state=json.load(json_data) 110 | post_status(status_state['state'], status_state['desc']) 111 | -------------------------------------------------------------------------------- /tasks/tag-build.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: tag-build 5 | spec: 6 | params: 7 | # buildah params 8 | - name: TLSVERIFY 9 | default: "false" 10 | description: 11 | Verify the TLS on the registry endpoint (for push/pull to a non-TLS 12 | registry) 13 | - name: LOGLEVEL 14 | description: Log level when running the S2I binaryx`x 15 | default: "0" 16 | 17 | # tag params 18 | - name: git_ref 19 | description: Git reference value. 20 | - name: repo_name 21 | description: The git repository title. 22 | - name: registry 23 | description: Container image registry. 24 | default: "quay.io" 25 | - name: registry_org 26 | description: Name of the registry organization. 27 | default: "thoth-station" 28 | - name: registry_project 29 | description: Name of the project repository. 30 | default: "" 31 | - name: registry_secret 32 | description: Registry image push secret. 33 | default: "thoth-station-thoth-pusher-secret" 34 | - name: context_path 35 | description: The location of the path to run s2i from. 36 | default: . 37 | - name: dockerfile 38 | description: Path to the Dockerfile to build. 39 | default: Dockerfile 40 | 41 | resources: 42 | inputs: 43 | - name: s2i-thoth 44 | type: image 45 | - name: repo 46 | type: git 47 | 48 | steps: 49 | - name: check-ops 50 | image: $(resources.inputs.s2i-thoth.url) 51 | securityContext: 52 | privileged: true 53 | script: | 54 | if [ "$(params.registry)" == "quay.io" ]; then 55 | STATUS=$(curl -s -o /dev/null -w '%{http_code}' "https://quay.io/api/v1/repository/$(params.registry_org)/$(params.registry_project)") 56 | if [ $STATUS -eq 200 ]; then 57 | exit 0 58 | else 59 | exit 1 60 | fi 61 | else 62 | exit 0 63 | fi 64 | 65 | - name: git-init-op 66 | image: $(resources.inputs.s2i-thoth.url) 67 | workingDir: /workspace/repo 68 | securityContext: 69 | privileged: true 70 | script: | 71 | git fetch origin --tags 72 | git checkout tags/$(params.git_ref) -b workbranch 73 | 74 | - name: build 75 | image: quay.io/buildah/stable 76 | workingDir: /workspace/repo 77 | securityContext: 78 | privileged: true 79 | resources: 80 | limits: 81 | memory: "8Gi" 82 | cpu: "2" 83 | requests: 84 | memory: "2Gi" 85 | cpu: "2" 86 | script: | 87 | buildah bud \ 88 | --tls-verify=$(params.TLSVERIFY) \ 89 | --storage-driver=overlay \ 90 | --layers \ 91 | -f \ 92 | $(params.dockerfile) \ 93 | -t \ 94 | $(params.repo_name)-$(params.git_ref) \ 95 | $(params.context_path) 96 | volumeMounts: 97 | - mountPath: /var/lib/containers 98 | name: varlibcontainers 99 | 100 | - name: push 101 | image: quay.io/buildah/stable 102 | script: | 103 | buildah push \ 104 | --authfile=/pushsecret/.dockerconfigjson \ 105 | --tls-verify=$(params.TLSVERIFY) \ 106 | $(params.repo_name)-$(params.git_ref) \ 107 | docker://$(params.registry)/$(params.registry_org)/$(params.registry_project):$(params.git_ref) 108 | securityContext: 109 | privileged: true 110 | volumeMounts: 111 | - name: varlibcontainers 112 | mountPath: /var/lib/containers 113 | - name: quay-creds 114 | mountPath: /pushsecret/ 115 | readOnly: true 116 | 117 | volumes: 118 | - name: varlibcontainers 119 | emptyDir: {} 120 | - name: gen-source 121 | emptyDir: {} 122 | - name: quay-creds 123 | secret: 124 | secretName: $(params.registry_secret) 125 | -------------------------------------------------------------------------------- /docs/gather-metrics-deployments-pipeline.md: -------------------------------------------------------------------------------- 1 | # Gather metrics deployment pipeline 2 | 3 | 4 | Gather metrics deployment pipeline provides Data Scientists and AIDevOps Engineers with feedback about the deployed models as soon as possible in order to speed up the ML lifecycle. 5 | 6 | In general, the application lifecycle is not static, there could be a new software stack, a new model version or a new dataset version that could modify the application. In these cases, it would be helpful to provide feedback on the impact of these changes as soon as possible. Different personas could benefit from this early feedback, for example, a Data Scientist could verify that the model created is still performing well in a production environment or an AIDevOps Engineer could receive operational information (latency, memory consumption, CPU usage) to adjust the deployment. 7 | The feedback is provided as a report directly into a Pull Request, so that the different personas can work together and make decisions based on the metrics received. These metrics concern the type of test used to gather metrics, the model metrics collected through the test and the platform metrics gathered from pods monitoring systems (currently Prometheus). 8 | 9 | Check this [presentation](https://github.com/thoth-station/talks/blob/master/2021-09-03-devconf-us/Feedback%20about%20deployment%20of%20an%20intelligent%20app%20-%20DevConfUS.pdf) or this [video](https://www.youtube.com/watch?v=toZzyjB0ReA) if you want to know more about the reasons behind this pipeline and how it is related to MLOps lifecycle 10 | 11 | 12 | ## Configuring gather requirements 13 | 14 | Gather metrics deployment pipeline is part of the aicoe-ci pipelines. .aicoe.yaml is the configuration file for aicoe-ci pipelines, you can find the documentation on the different parameters [here](https://github.com/AICoE/aicoe-ci#aicoe-ci-configuration-file). 15 | 16 | For this pipeline a new requirement section called `gather` has been added to the `.aicoe.yaml`: 17 | 18 | ```yaml 19 | gather: 20 | overlay-name: test # overlay name used for running the test 21 | name: test_name_for_gathering_metrics 22 | ``` 23 | 24 | NOTE: _If you are using [behave](https://github.com/behave/behave) package to run a test in order to collect metrics, the `name` parameter is equivalent to the `feature` concept used in behave when running `behave -i {feature_name}`._ 25 | 26 | 27 | ## Pipeline diagram and description 28 | 29 | The pipeline diagram and behaviour can be seen in the following image: 30 | 31 | ![gather metrics deployment pipeline architecture](./gather-metrics-deployments-pipeline.jpg) 32 | 33 | The pipeline is triggered when a new Pull Request is opened on the users repo. To be more precise this particular pipeline is made of 1 + N pipelines, where N is the number of ML models to be deployed. 34 | 35 | The `main pipeline` will perform the following steps: 36 | - check inputs from `.aicoe.yaml` to verify deployments exist; 37 | - configure all parameters for the following task; 38 | - schedule `N pipelineruns`, where `N` is the number of deployments. 39 | 40 | ![multiple deployments](./multiple-deployments.png) 41 | 42 | - watch the N pipelines monitoring status and wait until those will finish (Failed or Succeeded). 43 | - once the N pipelines finishes, the last task will collect the metrics gathered, post process them and comment on the Pull Request initially opened. 44 | 45 | Each of the `N pipelines` will perform the following steps: 46 | 47 | - build the image and push to a registry (quay, internal or external); 48 | - customize manifests for deployment, service and route and apply them to the cluster; 49 | - discover the route once the application is up and running; 50 | - run the test and collect application metrics and store them on Ceph; once the test is concluded, gather platform metrics from Prometheus and store them together with the application ones on Ceph. 51 | 52 | NOTE: _Currently AICoE CI uses default credentials to store and retrieve data from Ceph bucket._ 53 | 54 | NOTE: _Gathering of platform metrics from AICoE CI requires access to Prometheus endpoint._ 55 | -------------------------------------------------------------------------------- /tasks/status-task.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: status-task 5 | labels: 6 | app: aicoe-ci 7 | spec: 8 | params: 9 | - name: pr_number 10 | description: Pull request ID. 11 | - name: pipelinerun_name 12 | description: pipelinerun associated. 13 | - name: repo_full_name 14 | description: The git repository full name. 15 | resources: 16 | inputs: 17 | - name: pr 18 | type: pullRequest 19 | - name: s2i-thoth 20 | type: image 21 | - name: repo 22 | type: git 23 | steps: 24 | - name: git-init-op 25 | image: $(resources.inputs.s2i-thoth.url) 26 | workingDir: /workspace/repo 27 | securityContext: 28 | privileged: true 29 | script: | 30 | git fetch origin pull/$(params.pr_number)/head:workbranch 31 | git checkout workbranch 32 | 33 | - name: status-setup 34 | image: $(resources.inputs.s2i-thoth.url) 35 | workingDir: /workspace/repo 36 | securityContext: 37 | privileged: true 38 | env: 39 | - name: GITHUBTOKEN 40 | valueFrom: 41 | secretKeyRef: 42 | name: auth-secret 43 | key: token 44 | script: | 45 | #!/usr/bin/env python3 46 | import json 47 | import yaml 48 | import os 49 | import http.client 50 | 51 | def post_status(description, context): 52 | with open("/workspace/pr/pr.json") as f: 53 | PR_INFO = json.load(f) 54 | status_url = "/repos/{}/statuses/{}".format(PR_INFO["Base"]["Repo"]["FullName"], PR_INFO["Head"]["Sha"]) 55 | data = { 56 | "state": "pending", 57 | "target_url": "https://tekton.operate-first.cloud/#/namespaces/opf-ci-pipelines/pipelineruns/$(params.pipelinerun_name)", 58 | "description": description, 59 | "context": context 60 | } 61 | 62 | conn = http.client.HTTPSConnection("api.github.com") 63 | r = conn.request( 64 | "POST", 65 | status_url, 66 | body=json.dumps(data), 67 | headers={ 68 | "User-Agent": "aicoe-ci", 69 | "Authorization": "Bearer " + os.environ["GITHUBTOKEN"], 70 | }) 71 | resp = conn.getresponse() 72 | if not str(resp.status).startswith("2"): 73 | print("Error: %d" % (resp.status)) 74 | print(resp.read()) 75 | else: 76 | print(resp.read()) 77 | 78 | pytest,precommit,build,tox = True,True,True,True 79 | if os.path.isfile('.aicoe-ci.yaml'): 80 | with open(".aicoe-ci.yaml", "r") as stream: 81 | conf = yaml.safe_load(stream) 82 | 83 | pytest = True if "thoth-pytest" in conf.get("check") or "thoth-pytest-py38" in conf.get("check") else False 84 | precommit = True if "thoth-precommit" in conf.get("check") or "thoth-precommit-py38" in conf.get("check") else False 85 | build = True if "thoth-build" in conf.get("check") else False 86 | tox = True if "thoth-tox" in conf.get("check") else False 87 | 88 | if os.path.isfile('setup.py') and pytest: 89 | description="The pytest test pending." 90 | context="aicoe-ci/pytest-check" 91 | post_status(description, context) 92 | if os.path.isfile('.pre-commit-config.yaml') and precommit: 93 | description="The pre-commit test pending." 94 | context="aicoe-ci/pre-commit-check" 95 | post_status(description, context) 96 | if build: 97 | description="The image build test pending." 98 | context="aicoe-ci/build-check" 99 | post_status(description, context) 100 | if os.path.isfile('tox.ini') and tox: 101 | description="The pytest test pending." 102 | context="aicoe-ci/tox-check" 103 | post_status(description, context) 104 | -------------------------------------------------------------------------------- /tasks/base-image-update.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: base-image-update 5 | spec: 6 | params: 7 | - name: repo_full_name 8 | description: The git repository full name. 9 | - name: repo_url 10 | description: The git repository url 11 | - name: ssh_url 12 | description: The git repository ssh url 13 | - name: default_branch 14 | description: The git repository default branch. 15 | resources: 16 | inputs: 17 | - name: s2i-thoth 18 | type: image 19 | - name: repo 20 | type: git 21 | 22 | steps: 23 | - name: run-script 24 | workingDir: /workspace/repo 25 | image: quay.io/thoth-station/pipeline-helpers:v0.7.2 26 | securityContext: 27 | privileged: true 28 | script: | 29 | if [ -f .aicoe-ci.yaml ]; then 30 | python /opt/app-root/src/bump_base_image_version.py 31 | fi 32 | if [ -f .thoth.yaml ]; then 33 | CONFIG_FILE_PATH=".thoth.yaml" BASE_IMAGE_FIELD_YAML="base_image" python /opt/app-root/src/bump_base_image_version.py 34 | fi 35 | 36 | - name: rebase 37 | workingDir: /workspace/repo 38 | env: 39 | - name: GITHUB_USERNAME 40 | valueFrom: 41 | secretKeyRef: 42 | name: auth-secret 43 | key: user-name 44 | - name: GITHUB_EMAIL 45 | valueFrom: 46 | secretKeyRef: 47 | name: auth-secret 48 | key: user-email 49 | image: $(resources.inputs.s2i-thoth.url) 50 | securityContext: 51 | privileged: true 52 | script: | 53 | git config --local user.email "$GITHUB_EMAIL" 54 | git config --local user.name "$GITHUB_USERNAME" 55 | git remote set-url origin $(params.ssh_url) 56 | git checkout -b aicoe-ci-base-image-updater 57 | export GIT_SSH_COMMAND='ssh -i /tekton/home/.ssh/id_rsa -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' 58 | git add . 59 | git commit -m ":ship: Bump up base image initialized in CI." || exit 0 60 | git pull --rebase origin $(params.default_branch) 61 | git push -f origin aicoe-ci-base-image-updater 62 | volumeMounts: 63 | - name: ssh-config 64 | mountPath: /tekton/home/.ssh 65 | 66 | - name: raise-pull-request 67 | workingDir: /workspace/repo 68 | env: 69 | - name: GITHUBTOKEN 70 | valueFrom: 71 | secretKeyRef: 72 | name: auth-secret 73 | key: token 74 | - name: REPOFULLNAME 75 | value: $(params.repo_full_name) 76 | image: $(resources.inputs.s2i-thoth.url) 77 | script: | 78 | #!/usr/libexec/platform-python 79 | import json 80 | import os 81 | import http.client 82 | 83 | status_url = "/repos/{}/pulls".format(os.getenv('REPOFULLNAME')) 84 | issue_body = f"Automatic update of base-image in CI." 85 | head = "aicoe-ci-base-image-updater" 86 | base = "$(params.default_branch)" 87 | data = { 88 | "title":"Automatic update of base-image in CI", 89 | "head": head, 90 | "base": base, 91 | "body": issue_body, 92 | } 93 | 94 | conn = http.client.HTTPSConnection("api.github.com") 95 | r = conn.request( 96 | "POST", 97 | status_url, 98 | body=json.dumps(data), 99 | headers={ 100 | "User-Agent": "aicoe-ci", 101 | "Authorization": "Bearer " + os.environ["GITHUBTOKEN"], 102 | }) 103 | resp = conn.getresponse() 104 | if not str(resp.status).startswith("2"): 105 | print("Error: %d" % (resp.status)) 106 | print(resp.read()) 107 | else: 108 | print("Successful: %d" % (resp.status)) 109 | 110 | volumes: 111 | - name: ssh-config 112 | secret: 113 | secretName: auth-secret 114 | items: 115 | - key: ssh-privatekey 116 | mode: 0600 117 | path: id_rsa 118 | -------------------------------------------------------------------------------- /tasks/gather-metrics-check-inputs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: gather-metrics-check-inputs 5 | labels: 6 | app: aicoe-ci 7 | spec: 8 | params: 9 | - name: pr_number 10 | description: Pull request ID. 11 | - name: pr_repo 12 | description: The git repository pr was raised to. 13 | - name: event_action 14 | description: Action of Issue. 15 | resources: 16 | inputs: 17 | - name: s2i-thoth 18 | type: image 19 | - name: repo 20 | type: git 21 | # - name: pr 22 | # type: pullRequest 23 | results: 24 | - name: check_inputs_failed 25 | description: Check inputs for running pipeline to gather metrics 26 | 27 | steps: 28 | - name: git-checkout-pr-number 29 | image: $(resources.inputs.s2i-thoth.url) 30 | workingDir: /workspace/repo 31 | securityContext: 32 | privileged: true 33 | script: | 34 | git fetch origin pull/$(params.pr_number)/head:workbranch 35 | git checkout workbranch 36 | 37 | - name: check-inputs 38 | image: $(resources.inputs.s2i-thoth.url) 39 | workingDir: /workspace/repo 40 | securityContext: 41 | privileged: true 42 | env: 43 | - name: PIPELINE_EVENT_ACTION 44 | value: $(params.event_action) 45 | script: | 46 | #!/usr/bin/env python3 47 | import yaml 48 | import subprocess 49 | import sys 50 | import os 51 | from pathlib import Path 52 | 53 | path_features = Path.cwd().joinpath("features") 54 | 55 | event_action = os.environ["PIPELINE_EVENT_ACTION"] 56 | 57 | with open(".aicoe-ci.yaml", "r") as ci_stream: 58 | ci_conf = yaml.safe_load(ci_stream) 59 | 60 | print(f".aicoe.yaml is: {ci_conf}") 61 | ci_missing_inputs = False 62 | 63 | overlays_dir = ci_conf.get("overlays_dir", "overlays") 64 | 65 | if not overlays_dir: 66 | print("No overlays in .aicoe.yaml") 67 | 68 | if not ci_conf.get("deploy"): 69 | ci_missing_inputs = True 70 | else: 71 | overlay_deploy_present = False 72 | 73 | for overlay_env in ci_conf["overlays"]: 74 | if overlay_env.get("deploy", []): 75 | overlay_deploy_present = True 76 | break 77 | 78 | if not overlay_deploy_present: 79 | ci_missing_inputs = True 80 | 81 | check_inputs_failed = 0 82 | 83 | # Check if features folder exists for behave test 84 | 85 | if not path_features.exists(): 86 | print(f"features folder with behave tests is not in git repo.") 87 | check_inputs_failed = 1 88 | 89 | # Check if .aicoe.yaml contains deploy key 90 | if ci_missing_inputs: 91 | print(f".aicoe.yaml miss inputs for deployment.") 92 | check_inputs_failed = 1 93 | 94 | # Check if pr has been closed 95 | if event_action == "closed": 96 | print(f"Event action -> closed, pipeline will be deleted.") 97 | check_inputs_failed = 1 98 | 99 | try: 100 | command = f"echo -n {str(check_inputs_failed)} > $(results.check_inputs_failed.path)" 101 | process_output = subprocess.run( 102 | command, 103 | shell=True, 104 | capture_output=True, 105 | ) 106 | 107 | except Exception as pipeline_delete: 108 | print("Error storing variable: %r", pipeline_delete) 109 | sys.exit(1) 110 | 111 | - name: oc-clean-all 112 | image: quay.io/openshift/origin-cli:latest 113 | script: | 114 | PIPELINE_CHECK=$(<$(results.check_inputs_failed.path)) 115 | if [ "$PIPELINE_CHECK" == "1" ]; then 116 | oc delete pipelinerun --selector component=$(params.pr_repo)-pr-$(params.pr_number) 117 | fi 118 | oc delete dc -l component=$(params.pr_repo)-pr-$(params.pr_number) 119 | oc delete route -l component=$(params.pr_repo)-pr-$(params.pr_number) 120 | oc delete service -l component=$(params.pr_repo)-pr-$(params.pr_number) 121 | -------------------------------------------------------------------------------- /pipeline/overlays-release-pipeline.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tekton.dev/v1beta1 3 | kind: Pipeline 4 | metadata: 5 | name: overlays-release-pipeline 6 | labels: 7 | app: aicoe-ci 8 | spec: 9 | params: 10 | - name: git_ref 11 | type: string 12 | - name: git_ref_type 13 | type: string 14 | - name: repo_name 15 | type: string 16 | - name: repo_url 17 | type: string 18 | - name: base_image 19 | type: string 20 | - name: arch 21 | type: string 22 | - name: build_stratergy 23 | type: string 24 | - name: dockerfile_path 25 | type: string 26 | - name: build_source_script 27 | type: string 28 | - name: custom_tag 29 | type: string 30 | - name: registry 31 | type: string 32 | - name: registry_org 33 | type: string 34 | - name: registry_project 35 | type: string 36 | - name: registry_secret 37 | type: string 38 | - name: deploy 39 | type: string 40 | - name: deploy_project_org 41 | type: string 42 | - name: deploy_project_name 43 | type: string 44 | - name: deploy_image_name 45 | type: string 46 | - name: overlay_contextpath 47 | type: string 48 | - name: overlays_name 49 | type: string 50 | - name: overlays_dir 51 | type: string 52 | - name: default_branch 53 | type: string 54 | resources: 55 | - name: git-repo 56 | type: git 57 | - name: s2i-thoth 58 | type: image 59 | 60 | tasks: 61 | - name: overlay-release-run 62 | taskRef: 63 | name: overlay-build 64 | params: 65 | - name: git_ref 66 | value: $(params.git_ref) 67 | - name: repo_name 68 | value: $(params.repo_name) 69 | - name: base_image 70 | value: $(params.base_image) 71 | - name: arch 72 | value: $(params.arch) 73 | - name: build_stratergy 74 | value: $(params.build_stratergy) 75 | - name: dockerfile_path 76 | value: $(params.dockerfile_path) 77 | - name: build_source_script 78 | value: $(params.build_source_script) 79 | - name: custom_tag 80 | value: $(params.custom_tag) 81 | - name: registry 82 | value: $(params.registry) 83 | - name: registry_org 84 | value: $(params.registry_org) 85 | - name: registry_project 86 | value: $(params.registry_project) 87 | - name: registry_secret 88 | value: $(params.registry_secret) 89 | - name: overlays_name 90 | value: $(params.overlays_name) 91 | - name: overlays_dir 92 | value: $(params.overlays_dir) 93 | resources: 94 | inputs: 95 | - name: s2i-thoth 96 | resource: s2i-thoth 97 | - name: repo 98 | resource: git-repo 99 | 100 | - name: overlay-deploy-run 101 | taskRef: 102 | name: overlay-deploy 103 | conditions: 104 | - conditionRef: overlay-deploy 105 | params: 106 | - name: deploy 107 | value: $(params.deploy) 108 | resources: 109 | - name: repo 110 | resource: git-repo 111 | params: 112 | - name: git_ref 113 | value: $(params.git_ref) 114 | - name: repo_name 115 | value: $(params.repo_name) 116 | - name: arch 117 | value: $(params.arch) 118 | - name: registry 119 | value: $(params.registry) 120 | - name: registry_org 121 | value: $(params.registry_org) 122 | - name: registry_project 123 | value: $(params.registry_project) 124 | - name: default_branch 125 | value: $(params.default_branch) 126 | - name: deploy_project_org 127 | value: $(params.deploy_project_org) 128 | - name: deploy_project_name 129 | value: $(params.deploy_project_name) 130 | - name: deploy_image_name 131 | value: $(params.deploy_image_name) 132 | - name: overlay_contextpath 133 | value: $(params.overlay_contextpath) 134 | resources: 135 | inputs: 136 | - name: s2i-thoth 137 | resource: s2i-thoth 138 | runAfter: 139 | - overlay-release-run 140 | -------------------------------------------------------------------------------- /pipeline/gather-deployment-metrics-setup-pipeline.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tekton.dev/v1beta1 3 | kind: Pipeline 4 | metadata: 5 | name: gather-deployment-metrics-setup-pipeline 6 | labels: 7 | app: aicoe-ci 8 | spec: 9 | params: 10 | - name: event_action 11 | type: string 12 | - name: pr_number 13 | type: string 14 | - name: pr_repo 15 | type: string 16 | - name: repo_url 17 | type: string 18 | - name: default_branch 19 | type: string 20 | resources: 21 | - name: git-repo 22 | type: git 23 | - name: pipeline-helpers 24 | type: image 25 | - name: thoth-s2i-py38 26 | type: image 27 | - name: thoth-ops 28 | type: image 29 | - name: pr-source 30 | type: pullRequest 31 | 32 | tasks: 33 | - name: gather-metrics-check-inputs 34 | taskRef: 35 | name: gather-metrics-check-inputs 36 | params: 37 | - name: pr_number 38 | value: $(params.pr_number) 39 | - name: pr_repo 40 | value: $(params.pr_repo) 41 | - name: event_action 42 | value: $(params.event_action) 43 | resources: 44 | inputs: 45 | - name: s2i-thoth 46 | resource: thoth-s2i-py38 47 | - name: repo 48 | resource: git-repo 49 | 50 | - name: gather-metrics-configuration 51 | taskRef: 52 | name: gather-metrics-configuration 53 | params: 54 | - name: pr_number 55 | value: $(params.pr_number) 56 | - name: pr_repo 57 | value: $(params.pr_repo) 58 | resources: 59 | inputs: 60 | - name: s2i-thoth 61 | resource: thoth-s2i-py38 62 | - name: repo 63 | resource: git-repo 64 | - name: pr 65 | resource: pr-source 66 | runAfter: 67 | - gather-metrics-check-inputs 68 | 69 | - name: create-gather-metrics-pipelines 70 | taskRef: 71 | name: gather-metrics-pipeline-creation 72 | params: 73 | - name: pr_number 74 | value: $(params.pr_number) 75 | - name: pr_repo 76 | value: $(params.pr_repo) 77 | - name: repo_url 78 | value: $(params.repo_url) 79 | - name: default_branch 80 | value: $(params.default_branch) 81 | - name: html_repo_url 82 | value: "$(tasks.gather-metrics-configuration.results.html-repo-url)" 83 | - name: commit_sha 84 | value: "$(tasks.gather-metrics-configuration.results.commit-sha)" 85 | resources: 86 | inputs: 87 | - name: s2i-thoth 88 | resource: thoth-s2i-py38 89 | - name: repo 90 | resource: git-repo 91 | - name: pr 92 | resource: pr-source 93 | - name: thoth-ops 94 | resource: thoth-ops 95 | - name: pipeline-helpers 96 | resource: pipeline-helpers 97 | runAfter: 98 | - gather-metrics-configuration 99 | 100 | - name: watch-gather-metrics-pipelines 101 | taskRef: 102 | name: gather-metrics-pipeline-watch 103 | params: 104 | - name: pr_number 105 | value: $(params.pr_number) 106 | - name: pr_repo 107 | value: $(params.pr_repo) 108 | resources: 109 | inputs: 110 | - name: pipeline-helpers 111 | resource: pipeline-helpers 112 | - name: repo 113 | resource: git-repo 114 | runAfter: 115 | - create-gather-metrics-pipelines 116 | 117 | - name: provide-metrics 118 | taskRef: 119 | name: provide-metrics 120 | resources: 121 | inputs: 122 | - name: pipeline-helpers 123 | resource: pipeline-helpers 124 | - name: s2i-thoth 125 | resource: thoth-s2i-py38 126 | - name: repo 127 | resource: git-repo 128 | - name: pr 129 | resource: pr-source 130 | runAfter: 131 | - watch-gather-metrics-pipelines 132 | 133 | finally: 134 | - name: delete-deployments 135 | taskRef: 136 | name: gather-metrics-clean-task 137 | params: 138 | - name: pr_number 139 | value: $(params.pr_number) 140 | - name: pr_repo 141 | value: $(params.pr_repo) 142 | -------------------------------------------------------------------------------- /tasks/z-stream-release-task.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: z-stream-release 5 | spec: 6 | params: 7 | # tag params 8 | - name: git_ref 9 | description: Git reference value. 10 | - name: opf_repo_url 11 | description: operate-first repository url. 12 | - name: opf_default_branch 13 | description: operate-first repository default branch. 14 | - name: opf_repo 15 | description: operate-first repository. 16 | - name: opf_org 17 | description: operate-first organization. 18 | 19 | resources: 20 | inputs: 21 | - name: s2i-thoth 22 | type: image 23 | 24 | steps: 25 | - name: z-stream-update 26 | image: quay.io/operate-first/opf-toolbox:v0.3.2 27 | workingDir: /workspace/ 28 | securityContext: 29 | privileged: true 30 | script: | 31 | export GIT_SSH_COMMAND='ssh -i /tekton/home/.ssh/id_rsa -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' 32 | git clone $(params.opf_repo_url) /workspace/apps 33 | cd /workspace/apps 34 | ./scripts/set-odh-release.sh $(params.git_ref) 35 | volumeMounts: 36 | - name: ssh-config 37 | mountPath: /tekton/home/.ssh 38 | 39 | - name: git-commit 40 | image: $(resources.inputs.s2i-thoth.url) 41 | securityContext: 42 | privileged: true 43 | workingDir: /workspace/apps 44 | env: 45 | - name: GITHUB_USERNAME 46 | valueFrom: 47 | secretKeyRef: 48 | name: auth-secret 49 | key: user-name 50 | - name: GITHUB_EMAIL 51 | valueFrom: 52 | secretKeyRef: 53 | name: auth-secret 54 | key: user-email 55 | script: | 56 | git config --local user.email "$GITHUB_EMAIL" 57 | git config --local user.name "$GITHUB_USERNAME" 58 | git status 59 | git checkout -b z-stream-update-$(params.git_ref) 60 | git add . 61 | git commit -m ":arrow_up: Upgrade ODH to $(params.git_ref)" 62 | export GIT_SSH_COMMAND='ssh -i /tekton/home/.ssh/id_rsa -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' 63 | git push --set-upstream origin z-stream-update-$(params.git_ref) 64 | volumeMounts: 65 | - name: ssh-config 66 | mountPath: /tekton/home/.ssh 67 | 68 | - name: raise-pull-request 69 | workingDir: /workspace/repo 70 | env: 71 | - name: GITHUBTOKEN 72 | valueFrom: 73 | secretKeyRef: 74 | name: auth-secret 75 | key: token 76 | - name: ODH_TAG 77 | value: $(params.git_ref) 78 | - name: OPF_DEFAULT_BRANCH 79 | value: $(params.opf_default_branch) 80 | - name: OPF_ORG 81 | value: $(params.opf_org) 82 | - name: OPF_REPO 83 | value: $(params.opf_repo) 84 | image: $(resources.inputs.s2i-thoth.url) 85 | script: | 86 | #!/usr/libexec/platform-python 87 | import json 88 | import os 89 | import http.client 90 | 91 | status_url = f"/repos/{os.getenv('OPF_ORG')}/{os.getenv('OPF_REPO')}/pulls" 92 | issue_body = f"Syncing repository with ODH release.\n z-stream release version: {os.getenv('ODH_TAG')}\n" 93 | head = f"z-stream-update-{os.getenv('ODH_TAG')}" 94 | base = os.getenv("OPF_DEFAULT_BRANCH","master") 95 | title = f"Upgrade ODH to {os.getenv('ODH_TAG')}" 96 | data = { 97 | "title": title, 98 | "head": head, 99 | "base": base, 100 | "body": issue_body, 101 | } 102 | 103 | conn = http.client.HTTPSConnection("api.github.com") 104 | r = conn.request( 105 | "POST", 106 | status_url, 107 | body=json.dumps(data), 108 | headers={ 109 | "User-Agent": "aicoe-ci", 110 | "Authorization": "Bearer " + os.environ["GITHUBTOKEN"], 111 | }) 112 | resp = conn.getresponse() 113 | if not str(resp.status).startswith("2"): 114 | print("Error: %d" % (resp.status)) 115 | print(resp.read()) 116 | else: 117 | print("Successful: %d" % (resp.status)) 118 | 119 | volumes: 120 | - name: ssh-config 121 | secret: 122 | secretName: auth-secret 123 | items: 124 | - key: ssh-privatekey 125 | mode: 0600 126 | path: id_rsa 127 | -------------------------------------------------------------------------------- /tasks/issue-pypi-release-task.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: issue-pypi-release 5 | spec: 6 | params: 7 | # tag params 8 | - name: event_action 9 | description: Action of Issue. 10 | - name: issue_number 11 | description: Issue number. 12 | - name: issue_state 13 | description: State of the Issue. 14 | - name: issue_title 15 | description: Title of the Issue. 16 | - name: issue_body 17 | description: Body of the Issue. 18 | - name: issue_author_association 19 | description: Author association of the Issue. 20 | - name: issue_author 21 | description: Author of the Issue. 22 | - name: repo_name 23 | description: The git repository issue was raised in. 24 | - name: repo_full_name 25 | description: The git repository full name. 26 | - name: repo_url 27 | description: The git repository url 28 | resources: 29 | inputs: 30 | - name: s2i-thoth 31 | type: image 32 | - name: repo 33 | type: git 34 | - name: ubi 35 | type: image 36 | 37 | steps: 38 | - name: git-init-op 39 | image: $(resources.inputs.s2i-thoth.url) 40 | workingDir: /workspace/repo 41 | securityContext: 42 | privileged: true 43 | script: | 44 | set +ex 45 | TAG=$(echo "$(params.issue_body)" | awk -F ':' '{print $2}') 46 | set -x 47 | git fetch origin --tags 48 | git checkout "${TAG//[[:space:]]/}" -b workbranch 49 | 50 | - name: build-package 51 | image: quay.io/thoth-station/twine:latest 52 | workingDir: /workspace/repo 53 | securityContext: 54 | privileged: true 55 | script: | 56 | python -m build --sdist --wheel 57 | python setup.py --name > package_name.txt 58 | 59 | - name: upload-package 60 | image: quay.io/thoth-station/twine:latest 61 | workingDir: /workspace/repo 62 | env: 63 | - name: TWINE_USERNAME 64 | valueFrom: 65 | secretKeyRef: 66 | name: pypi-secret 67 | key: username 68 | - name: TWINE_PASSWORD 69 | valueFrom: 70 | secretKeyRef: 71 | name: pypi-secret 72 | key: password 73 | script: | 74 | twine upload dist/* 75 | 76 | - name: comment-on-issue 77 | env: 78 | - name: GITHUBTOKEN 79 | valueFrom: 80 | secretKeyRef: 81 | name: auth-secret 82 | key: token 83 | - name: ISSUENUMBER 84 | value: $(params.issue_number) 85 | - name: REPOFULLNAME 86 | value: $(params.repo_full_name) 87 | image: $(resources.inputs.ubi.url) 88 | workingDir: /workspace/repo 89 | script: | 90 | #!/usr/libexec/platform-python 91 | import json 92 | import os 93 | import http.client 94 | 95 | status_url = "/repos/{}/issues/{}/comments".format(os.getenv('REPOFULLNAME'),os.getenv('ISSUENUMBER')) 96 | package_name = open("package_name.txt").read().strip() 97 | issue_body = ( 98 | "Successfully Delivered Package module to Pulp PyPI.\n" 99 | "Package can be found at: " 100 | f"[https://pypi.org/project/{package_name}]" 101 | f"(https://pypi.org/project/{package_name})" 102 | ) 103 | data = { 104 | "body": issue_body 105 | } 106 | 107 | conn = http.client.HTTPSConnection("api.github.com") 108 | r = conn.request( 109 | "POST", 110 | status_url, 111 | body=json.dumps(data), 112 | headers={ 113 | "User-Agent": "aicoe-ci", 114 | "Authorization": "Bearer " + os.environ["GITHUBTOKEN"], 115 | }) 116 | resp = conn.getresponse() 117 | if not str(resp.status).startswith("2"): 118 | print("Error: %d" % (resp.status)) 119 | print(resp.read()) 120 | else: 121 | print(resp.read()) 122 | data = { 123 | "state": "closed" 124 | } 125 | r = conn.request( 126 | "PATCH", 127 | "/repos/{}/issues/{}".format(os.getenv('REPOFULLNAME'),os.getenv('ISSUENUMBER')), 128 | body=json.dumps(data), 129 | headers={ 130 | "User-Agent": "aicoe-ci", 131 | "Authorization": "Bearer " + os.environ["GITHUBTOKEN"], 132 | }) 133 | -------------------------------------------------------------------------------- /docs/how-to-contribute.md: -------------------------------------------------------------------------------- 1 | # How to contribute 2 | 3 | Welcome contributors,
4 | Please free feel to contribute and help us in efforts to make the aicoe-ci application more effective. 5 | 6 | Pre-requisite: 7 | 8 | - Basic understanding of Tekton pipeline and tasks.
9 | Some useful link to get started with learning: 10 | 11 | - [Tekton Pipeline](https://github.com/tektoncd/pipeline) 12 | - [Tekton Triggers](https://github.com/tektoncd/triggers#tekton-triggers) 13 | - [Tekton Dashboard](https://github.com/tektoncd/dashboard) 14 | - [Openshift Pipeline](https://openshift.github.io/pipelines-docs/docs/0.10.5/index.html) 15 | 16 | - OpenShift cluster v4.x or equivalent Kubernetes clusters.
17 | Openshift v3.11 and equivalent can also be used, however based on that some task steps and version of pipeline, triggers are be changed. 18 | 19 | AICoE-CI Components: 20 | 21 | - Tasks: 22 | 23 | - All new tasks are to be added in the tasks directory. 24 | - Use the example-pr-checks.yaml for any new tests to be added for pull request checks 25 | - Any other tasks are welcome too. 26 | - Make sure to add new resource required for the tasks in the resource.yaml 27 | 28 | - Pipeline: 29 | 30 | - New pipeline are to be added in the pipeline directory. 31 | 32 | - Events: 33 | 34 | - Please create new events for eventlistener, along with the triggertemplate and triggerbindings. 35 | 36 | # Want to step up an instance 37 | 38 | AICoE-CI requires both Tekton Pipeline and Trigger to be available in the cluster, which can be installed either manually or via OpenShift-Pipeline-Operator .
39 | Choose based upon your requirements and cluster support. Pipeline and Trigger version is already pinned in the setup instruction. 40 | 41 | - Setup Manually Tekton Pipeline and Tekton Trigger in cluster:
42 | script available for manual setup: [tekton-setup](../setup-instance/tekton-setup.sh) 43 | 44 | ``` 45 | oc new-project tekton-pipelines 46 | oc adm policy add-scc-to-user anyuid -z tekton-pipelines-controller 47 | oc apply --filename https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.11.3/release.notags.yaml 48 | oc apply --filename https://storage.googleapis.com/tekton-releases/triggers/previous/v0.4.0/release.yaml 49 | oc apply --filename https://github.com/tektoncd/dashboard/releases/download/v0.6.1.5/tekton-dashboard-release.yaml 50 | oc expose svc/tekton-dashboard 51 | ``` 52 | 53 | - Use OpenShift-Pipeline controller: 54 | 55 | Please follow: 56 | 57 | - [Installation Guide](https://docs.openshift.com/container-platform/4.5/pipelines/installing-pipelines.html) 58 | - aicoe-ci requires v1.0.1 [openshift-pipeline-operator](https://docs.openshift.com/container-platform/4.5/pipelines/op-release-notes.html#op-release-notes-1-0_op-release-notes) 59 | 60 | ## Setup AICoE-CI instance 61 | 62 | Kustomize can be used for deployment of the whole project:
63 | [instance-kustomization](../setup-instance/kustomization.yaml) can be used for setting up the application.
64 | `kustomize build --enable_alpha_plugins ../setup-instance/ | oc apply -f - -n ` 65 | 66 | Pre-requisite before application deployment: 67 | 68 | - Setting up secrets required by aicoe-ci:
69 | update the secret manifest file [instance-secrets.yaml](../setup-instance/instance-secrets.yaml) with relevant secret keys and deploy all required secrets to the namespace. 70 | 71 | _NOTE_: components can be searched/deleted by label app.
72 | `--selector 'app=aicoe-ci'` 73 | 74 | ### Behind VPN Setup: 75 | 76 | #### Ultrahook 77 | 78 | ultrahook passes the public internet request to services behind VPN 79 | 80 | - ultrahook Deployment instance serves the redirect request to configured endpoint.
81 | Deployment manifest is available, use the [manifest](../setup-instance/ultrahook.yaml), update the relevant field.
82 | ULTRAHOOK_DESTINATION: service endpoint where ultrahook will redirect. 83 | 84 | - Ultrahook secret is a requirement for the ultrahook deployment. secret manifest is available, use the [manifest](../setup-instance/ultrahook-secrets.yaml), update the relevant field.
85 | ULTRAHOOK_API_KEY: Ultrahook api key which will refer to namespace. More Details on creating a ultrahook api key is instructed below. 86 | 87 | #### Ultrahook Webhook Configuration 88 | 89 | Register at .
90 | you will choose webhook namespace and you will get API key. you need to provide your API key to the deployment. Then you need to choose a subdomain - so that you can use your namespace for multiple destinations. The generated webhook URL will then look like 91 | 92 | ``` 93 | http://..ultrahook.com 94 | ``` 95 | 96 | More Details: [AICoE/ultrahook](https://github.com/AICoE/ultrahook) 97 | -------------------------------------------------------------------------------- /manifests/overlays/moc/tekton-dashboard-release.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: dashboard 7 | app.kubernetes.io/part-of: tekton-dashboard 8 | name: tekton-dashboard 9 | namespace: tekton-pipelines 10 | --- 11 | apiVersion: v1 12 | kind: Service 13 | metadata: 14 | labels: 15 | app: tekton-dashboard 16 | app.kubernetes.io/component: dashboard 17 | app.kubernetes.io/name: dashboard 18 | app.kubernetes.io/part-of: tekton-dashboard 19 | app.kubernetes.io/version: v0.8.2 20 | dashboard.tekton.dev/release: v0.8.2 21 | version: v0.8.2 22 | name: tekton-dashboard 23 | namespace: tekton-pipelines 24 | spec: 25 | ports: 26 | - name: http 27 | port: 9097 28 | protocol: TCP 29 | targetPort: 9097 30 | selector: 31 | app.kubernetes.io/component: dashboard 32 | app.kubernetes.io/name: dashboard 33 | app.kubernetes.io/part-of: tekton-dashboard 34 | --- 35 | apiVersion: apps/v1 36 | kind: Deployment 37 | metadata: 38 | labels: 39 | app: tekton-dashboard 40 | app.kubernetes.io/component: dashboard 41 | app.kubernetes.io/name: dashboard 42 | app.kubernetes.io/part-of: tekton-dashboard 43 | app.kubernetes.io/version: v0.8.2 44 | dashboard.tekton.dev/release: v0.8.2 45 | version: v0.8.2 46 | name: tekton-dashboard 47 | namespace: tekton-pipelines 48 | spec: 49 | replicas: 1 50 | selector: 51 | matchLabels: 52 | app.kubernetes.io/component: dashboard 53 | app.kubernetes.io/name: dashboard 54 | app.kubernetes.io/part-of: tekton-dashboard 55 | template: 56 | metadata: 57 | labels: 58 | app: tekton-dashboard 59 | app.kubernetes.io/component: dashboard 60 | app.kubernetes.io/name: dashboard 61 | app.kubernetes.io/part-of: tekton-dashboard 62 | app.kubernetes.io/version: v0.8.2 63 | name: tekton-dashboard 64 | spec: 65 | containers: 66 | - args: 67 | - --port=9097 68 | - --logout-url= 69 | - --pipelines-namespace=tekton-pipelines 70 | - --triggers-namespace=tekton-pipelines 71 | - --read-only=false 72 | - --csrf-secure-cookie=false 73 | - --log-level=info 74 | - --log-format=json 75 | - --namespace= 76 | - --openshift=false 77 | - --stream-logs=false 78 | env: 79 | - name: INSTALLED_NAMESPACE 80 | valueFrom: 81 | fieldRef: 82 | fieldPath: metadata.namespace 83 | image: gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard@sha256:4175d6237de3f85d4cfa2e331e244f0b1c20776455af10dcccdb81a3f9ebb012 84 | livenessProbe: 85 | httpGet: 86 | path: /health 87 | port: 9097 88 | name: tekton-dashboard 89 | ports: 90 | - containerPort: 9097 91 | readinessProbe: 92 | httpGet: 93 | path: /readiness 94 | port: 9097 95 | securityContext: 96 | runAsNonRoot: true 97 | serviceAccountName: tekton-dashboard 98 | volumes: [] 99 | --- 100 | apiVersion: rbac.authorization.k8s.io/v1 101 | kind: RoleBinding 102 | metadata: 103 | labels: 104 | app.kubernetes.io/component: dashboard 105 | app.kubernetes.io/part-of: tekton-dashboard 106 | name: tekton-dashboard-pipelines 107 | namespace: tekton-pipelines 108 | roleRef: 109 | apiGroup: rbac.authorization.k8s.io 110 | kind: ClusterRole 111 | name: tekton-dashboard-pipelines 112 | subjects: 113 | - kind: ServiceAccount 114 | name: tekton-dashboard 115 | namespace: tekton-pipelines 116 | --- 117 | apiVersion: rbac.authorization.k8s.io/v1 118 | kind: RoleBinding 119 | metadata: 120 | labels: 121 | app.kubernetes.io/component: dashboard 122 | app.kubernetes.io/part-of: tekton-dashboard 123 | name: tekton-dashboard-dashboard 124 | namespace: tekton-pipelines 125 | roleRef: 126 | apiGroup: rbac.authorization.k8s.io 127 | kind: ClusterRole 128 | name: tekton-dashboard-dashboard 129 | subjects: 130 | - kind: ServiceAccount 131 | name: tekton-dashboard 132 | namespace: tekton-pipelines 133 | --- 134 | apiVersion: rbac.authorization.k8s.io/v1 135 | kind: RoleBinding 136 | metadata: 137 | labels: 138 | app.kubernetes.io/component: dashboard 139 | app.kubernetes.io/part-of: tekton-dashboard 140 | name: tekton-dashboard-triggers 141 | namespace: tekton-pipelines 142 | roleRef: 143 | apiGroup: rbac.authorization.k8s.io 144 | kind: ClusterRole 145 | name: tekton-dashboard-triggers 146 | subjects: 147 | - kind: ServiceAccount 148 | name: tekton-dashboard 149 | namespace: tekton-pipelines 150 | -------------------------------------------------------------------------------- /tasks/test-thoth-github-action.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: test-thoth-github-action 5 | spec: 6 | params: 7 | - name: head_commit_hash 8 | description: The hash of the last commit from the push event 9 | - name: default_branch 10 | description: The git repository default branch 11 | default: test 12 | - name: ssh_url 13 | description: The git repository ssh url 14 | default: git@github.com:mayaCostantini/test-thoth-github-action.git 15 | 16 | resources: 17 | inputs: 18 | - name: repo 19 | type: git 20 | 21 | steps: 22 | - name: patch-commit-hash 23 | workingDir: /workspace/repo 24 | securityContext: 25 | privileged: true 26 | script: | 27 | sed -i 's/thoth-github-action@.*/thoth-github-action@"$(params.head_commit_hash)"/g' .github/workflows/test_pipfile_cve.yaml 28 | sed -i 's/thoth-github-action@.*/thoth-github-action@"$(params.head_commit_hash)"/g' .github/workflows/test_pipfile_no_cve.yaml 29 | sed -i 's/thoth-github-action@.*/thoth-github-action@"$(params.head_commit_hash)"/g' .github/workflows/test_requirements_txt_cve.yaml 30 | sed -i 's/thoth-github-action@.*/thoth-github-action@"$(params.head_commit_hash)"/g' .github/workflows/test_requirements_txt_no_cve.yaml 31 | sed -i 's/thoth-github-action@.*/thoth-github-action@"$(params.head_commit_hash)"/g' .github/workflows/test_setup_cfg_cve.yaml 32 | sed -i 's/thoth-github-action@.*/thoth-github-action@"$(params.head_commit_hash)"/g' .github/workflows/test_setup_cfg_no_cve.yaml 33 | 34 | echo " " >> overlays/pipfile-cve/Pipfile 35 | echo " " >> overlays/pipfile-no-cve/Pipfile 36 | echo " " >> overlays/requirements-txt-cve/requirements.txt 37 | echo " " >> overlays/requirements-txt-no-cve/requirements.txt 38 | echo " " >> overlays/setup-cfg-cve/setup.cfg 39 | echo " " >> overlays/setup-cfg-no-cve/setup.cfg 40 | - name: rebase 41 | workingDir: /workspace/repo 42 | env: 43 | - name: GITHUB_USERNAME 44 | valueFrom: 45 | secretKeyRef: 46 | name: auth-secret 47 | key: user-name 48 | - name: GITHUB_EMAIL 49 | valueFrom: 50 | secretKeyRef: 51 | name: auth-secret 52 | key: user-email 53 | securityContext: 54 | privileged: true 55 | script: | 56 | git config --local user.email "$GITHUB_EMAIL" 57 | git config --local user.name "$GITHUB_USERNAME" 58 | git remote set-url origin $(params.ssh_url) 59 | git checkout -b github-action-tester 60 | export GIT_SSH_COMMAND='ssh -i /tekton/home/.ssh/id_rsa -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' 61 | git add . 62 | git commit -m ":white_check_mark: Test the Thoth GitHub Action." || exit 0 63 | git pull --rebase origin $(params.default_branch) 64 | git push -f origin github-action-tester 65 | volumeMounts: 66 | - name: ssh-config 67 | mountPath: /tekton/home/.ssh 68 | - name: raise-pull-request 69 | workingDir: /workspace/repo 70 | env: 71 | - name: GITHUBTOKEN 72 | valueFrom: 73 | secretKeyRef: 74 | name: auth-secret 75 | key: token 76 | script: | 77 | #!/usr/libexec/platform-python 78 | import json 79 | import os 80 | import http.client 81 | status_url = "/repos/mayaCostantini/test-thoth-github-action/pulls" 82 | issue_body = f"Test the Thoth GitHub Action." 83 | head = "github-action-tester" 84 | base = "$(params.default_branch)" 85 | data = { 86 | "title":"Test the Thoth GitHub Action", 87 | "head": head, 88 | "base": base, 89 | "body": issue_body, 90 | } 91 | conn = http.client.HTTPSConnection("api.github.com") 92 | r = conn.request( 93 | "POST", 94 | status_url, 95 | body=json.dumps(data), 96 | headers={ 97 | "User-Agent": "aicoe-ci", 98 | "Authorization": "Bearer " + os.environ["GITHUBTOKEN"], 99 | }) 100 | resp = conn.getresponse() 101 | if not str(resp.status).startswith("2"): 102 | print("Error: %d" % (resp.status)) 103 | print(resp.read()) 104 | else: 105 | print("Successful: %d" % (resp.status)) 106 | 107 | volumes: 108 | - name: ssh-config 109 | secret: 110 | secretName: auth-secret 111 | items: 112 | - key: ssh-privatekey 113 | mode: 0600 114 | path: id_rsa 115 | -------------------------------------------------------------------------------- /tasks/z-stream-update-rhods-task.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: z-stream-update-rhods 5 | spec: 6 | params: 7 | # tag params 8 | - name: git_ref 9 | description: Git reference value. 10 | - name: repo_url 11 | description: Git url for the repository. 12 | - name: default_branch 13 | description: The git repository default branch. 14 | 15 | - name: rhods_org 16 | description: The rhods organization. 17 | - name: rhods_repo 18 | description: The rhods repository. 19 | - name: rhods_repo_url 20 | description: Git url for the rhods repository. 21 | - name: rhods_default_branch 22 | description: The git repository rhods default branch. 23 | 24 | resources: 25 | inputs: 26 | - name: s2i-thoth 27 | type: image 28 | 29 | steps: 30 | - name: z-stream-update 31 | image: $(resources.inputs.s2i-thoth.url) 32 | workingDir: /workspace/ 33 | securityContext: 34 | privileged: true 35 | env: 36 | - name: GITHUB_USERNAME 37 | valueFrom: 38 | secretKeyRef: 39 | name: auth-secret 40 | key: user-name 41 | - name: GITHUB_EMAIL 42 | valueFrom: 43 | secretKeyRef: 44 | name: auth-secret 45 | key: user-email 46 | script: | 47 | git clone $(params.repo_url) /workspace/app 48 | cd /workspace/app 49 | git config --local user.email "$GITHUB_EMAIL" 50 | git config --local user.name "$GITHUB_USERNAME" 51 | export GIT_SSH_COMMAND='ssh -i /tekton/home/.ssh/id_rsa -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' 52 | git fetch origin 'refs/tags/*:refs/tags/*' 53 | old_tag=$(git describe --abbrev=0 $(params.git_ref)^) 54 | git remote add local $(params.rhods_repo_url) 55 | git fetch local 56 | git checkout -b odh-release-$(params.git_ref) local/$(params.rhods_default_branch) 57 | for commit_hash in $(git rev-list --reverse $old_tag..$(params.git_ref)) 58 | do 59 | git cherry-pick $commit_hash 60 | done 61 | 62 | git log --oneline --reverse $old_tag..$(params.git_ref) > /workspace/rhods-cherry-pick.txt 63 | git push --set-upstream local odh-release-$(params.git_ref) 64 | volumeMounts: 65 | - name: ssh-config 66 | mountPath: /tekton/home/.ssh 67 | 68 | - name: raise-pull-request 69 | workingDir: /workspace/app 70 | env: 71 | - name: GITHUBTOKEN 72 | valueFrom: 73 | secretKeyRef: 74 | name: auth-secret 75 | key: token 76 | - name: ODH_TAG 77 | value: $(params.git_ref) 78 | - name: RHODS_DEFAULT_BRANCH 79 | value: $(params.rhods_default_branch) 80 | - name: RHODS_ORG 81 | value: $(params.rhods_org) 82 | - name: RHODS_REPO 83 | value: $(params.rhods_repo) 84 | image: $(resources.inputs.s2i-thoth.url) 85 | script: | 86 | #!/usr/libexec/platform-python 87 | import json 88 | import os 89 | import http.client 90 | 91 | status_url = f"/repos/{os.getenv('RHODS_ORG')}/{os.getenv('RHODS_REPO')}/pulls" 92 | issue_body = f"The pull request cherry picks commits from latest release.\n z-stream release version: {os.getenv('ODH_TAG')}\n Picked commits details:\n " 93 | issue_body = issue_body + " ".join(open("/workspace/rhods-cherry-pick.txt","r").readlines()) 94 | head = f"odh-release-{os.getenv('ODH_TAG')}" 95 | base = os.getenv("RHODS_DEFAULT_BRANCH","master") 96 | title = f"Sync up with upstream ODH release {os.getenv('ODH_TAG')}" 97 | data = { 98 | "title": title, 99 | "head": head, 100 | "base": base, 101 | "body": issue_body, 102 | } 103 | 104 | conn = http.client.HTTPSConnection("api.github.com") 105 | r = conn.request( 106 | "POST", 107 | status_url, 108 | body=json.dumps(data), 109 | headers={ 110 | "User-Agent": "aicoe-ci", 111 | "Authorization": "Bearer " + os.environ["GITHUBTOKEN"], 112 | }) 113 | resp = conn.getresponse() 114 | if not str(resp.status).startswith("2"): 115 | print("Error: %d" % (resp.status)) 116 | print(resp.read()) 117 | else: 118 | print("Successful: %d" % (resp.status)) 119 | 120 | volumes: 121 | - name: ssh-config 122 | secret: 123 | secretName: auth-secret 124 | items: 125 | - key: ssh-privatekey 126 | mode: 0600 127 | path: id_rsa 128 | -------------------------------------------------------------------------------- /tasks/pre-commit-check.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: pre-commit-check 5 | labels: 6 | app: aicoe-ci 7 | spec: 8 | params: 9 | - name: pr_number 10 | description: Pull Request number. 11 | - name: pipelinerun_name 12 | description: pipelinerun associated. 13 | resources: 14 | inputs: 15 | - name: s2i-thoth 16 | type: image 17 | - name: pr 18 | type: pullRequest 19 | - name: repo 20 | type: git 21 | 22 | steps: 23 | - name: git-init-op 24 | image: $(resources.inputs.s2i-thoth.url) 25 | workingDir: /workspace/repo 26 | securityContext: 27 | privileged: true 28 | script: | 29 | git fetch origin pull/$(params.pr_number)/head:workbranch 30 | git checkout workbranch 31 | 32 | - name: run-pre-commit 33 | image: quay.io/thoth-station/thoth-precommit:v0.12.2 34 | workingDir: /workspace/repo 35 | script: | 36 | if [[ -f .pre-commit-config.yaml ]]; then 37 | pre-commit install 38 | set +e 39 | out=$(pre-commit run --all-files 2>&1) 40 | exit_code=$? 41 | set -e 42 | if [[ $exit_code -ne 0 ]]; then 43 | state="failure" 44 | desc="The pre-commit test failed!" 45 | cat < /workspace/repo/pr-comment 46 |
47 | Pre-Commit Test failed! Click here 48 | 49 | \`\`\` 50 | $out 51 | \`\`\` 52 |
53 | EOF 54 | else 55 | state="success" 56 | desc="The pre-commit test succeeded!" 57 | fi 58 | cat < /workspace/repo/pr-status.json 59 | { 60 | "state": "$state", 61 | "desc": "$desc" 62 | } 63 | EOF 64 | fi 65 | 66 | - name: pr-updates 67 | image: $(resources.inputs.s2i-thoth.url) 68 | workingDir: /workspace/repo 69 | securityContext: 70 | privileged: true 71 | env: 72 | - name: GITHUBTOKEN 73 | valueFrom: 74 | secretKeyRef: 75 | name: auth-secret 76 | key: token 77 | script: | 78 | #!/usr/libexec/platform-python 79 | import json 80 | import os 81 | import http.client 82 | 83 | def post_status(state, description): 84 | with open("/workspace/pr/pr.json") as f: 85 | PR_INFO = json.load(f) 86 | status_url = "/repos/{}/statuses/{}".format(PR_INFO["Base"]["Repo"]["FullName"], PR_INFO["Head"]["Sha"]) 87 | data = { 88 | "state": state, 89 | "target_url": "https://tekton.operate-first.cloud/#/namespaces/opf-ci-pipelines/pipelineruns/$(params.pipelinerun_name)", 90 | "description": description, 91 | "context": "aicoe-ci/pre-commit-check" 92 | } 93 | 94 | conn = http.client.HTTPSConnection("api.github.com") 95 | r = conn.request( 96 | "POST", 97 | status_url, 98 | body=json.dumps(data), 99 | headers={ 100 | "User-Agent": "aicoe-ci", 101 | "Authorization": "Bearer " + os.environ["GITHUBTOKEN"], 102 | }) 103 | resp = conn.getresponse() 104 | if not str(resp.status).startswith("2"): 105 | print("Error: %d" % (resp.status)) 106 | print(resp.read()) 107 | 108 | def post_comment(comment): 109 | with open("/workspace/pr/pr.json") as f: 110 | PR_INFO = json.load(f) 111 | comment_url = "/repos/{}/issues/{}/comments".format(PR_INFO["Base"]["Repo"]["FullName"], PR_INFO["Number"]) 112 | 113 | data = { 114 | "body": comment, 115 | } 116 | conn = http.client.HTTPSConnection("api.github.com") 117 | r = conn.request( 118 | "POST", 119 | comment_url, 120 | body=json.dumps(data), 121 | headers={ 122 | "User-Agent": "aicoe-ci", 123 | "Authorization": "Bearer " + os.environ["GITHUBTOKEN"], 124 | }) 125 | resp = conn.getresponse() 126 | if not str(resp.status).startswith("2"): 127 | print("Error: %d" % (resp.status)) 128 | print(resp.read()) 129 | 130 | if os.path.isfile('pr-status.json'): 131 | with open('pr-status.json') as json_data: 132 | status_state=json.load(json_data) 133 | post_status(status_state['state'], status_state['desc']) 134 | if os.path.isfile('pr-comment'): 135 | with open('pr-comment') as comment_data: 136 | comment = comment_data.read() 137 | post_comment(comment) 138 | -------------------------------------------------------------------------------- /tasks/pre-commit-py38-check.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: pre-commit-py38-check 5 | labels: 6 | app: aicoe-ci 7 | spec: 8 | params: 9 | - name: pr_number 10 | description: Pull Request number. 11 | - name: pipelinerun_name 12 | description: pipelinerun associated. 13 | resources: 14 | inputs: 15 | - name: s2i-thoth 16 | type: image 17 | - name: pr 18 | type: pullRequest 19 | - name: repo 20 | type: git 21 | 22 | steps: 23 | - name: git-init-op 24 | image: $(resources.inputs.s2i-thoth.url) 25 | workingDir: /workspace/repo 26 | securityContext: 27 | privileged: true 28 | script: | 29 | git fetch origin pull/$(params.pr_number)/head:workbranch 30 | git checkout workbranch 31 | 32 | - name: run-pre-commit 33 | image: quay.io/thoth-station/thoth-precommit-py38:v0.12.2 34 | workingDir: /workspace/repo 35 | script: | 36 | if [[ -f .pre-commit-config.yaml ]]; then 37 | pre-commit install 38 | set +e 39 | out=$(pre-commit run --all-files 2>&1) 40 | exit_code=$? 41 | set -e 42 | if [[ $exit_code -ne 0 ]]; then 43 | state="failure" 44 | desc="The pre-commit test failed!" 45 | cat < /workspace/repo/pr-comment 46 |
47 | Pre-Commit Test failed! Click here 48 | 49 | \`\`\` 50 | $out 51 | \`\`\` 52 |
53 | EOF 54 | else 55 | state="success" 56 | desc="The pre-commit test succeeded!" 57 | fi 58 | cat < /workspace/repo/pr-status.json 59 | { 60 | "state": "$state", 61 | "desc": "$desc" 62 | } 63 | EOF 64 | fi 65 | 66 | - name: pr-updates 67 | image: $(resources.inputs.s2i-thoth.url) 68 | workingDir: /workspace/repo 69 | securityContext: 70 | privileged: true 71 | env: 72 | - name: GITHUBTOKEN 73 | valueFrom: 74 | secretKeyRef: 75 | name: auth-secret 76 | key: token 77 | script: | 78 | #!/usr/libexec/platform-python 79 | import json 80 | import os 81 | import http.client 82 | 83 | def post_status(state, description): 84 | with open("/workspace/pr/pr.json") as f: 85 | PR_INFO = json.load(f) 86 | status_url = "/repos/{}/statuses/{}".format(PR_INFO["Base"]["Repo"]["FullName"], PR_INFO["Head"]["Sha"]) 87 | data = { 88 | "state": state, 89 | "target_url": "https://tekton.operate-first.cloud/#/namespaces/opf-ci-pipelines/pipelineruns/$(params.pipelinerun_name)", 90 | "description": description, 91 | "context": "aicoe-ci/pre-commit-check" 92 | } 93 | 94 | conn = http.client.HTTPSConnection("api.github.com") 95 | r = conn.request( 96 | "POST", 97 | status_url, 98 | body=json.dumps(data), 99 | headers={ 100 | "User-Agent": "aicoe-ci", 101 | "Authorization": "Bearer " + os.environ["GITHUBTOKEN"], 102 | }) 103 | resp = conn.getresponse() 104 | if not str(resp.status).startswith("2"): 105 | print("Error: %d" % (resp.status)) 106 | print(resp.read()) 107 | 108 | def post_comment(comment): 109 | with open("/workspace/pr/pr.json") as f: 110 | PR_INFO = json.load(f) 111 | comment_url = "/repos/{}/issues/{}/comments".format(PR_INFO["Base"]["Repo"]["FullName"], PR_INFO["Number"]) 112 | 113 | data = { 114 | "body": comment, 115 | } 116 | conn = http.client.HTTPSConnection("api.github.com") 117 | r = conn.request( 118 | "POST", 119 | comment_url, 120 | body=json.dumps(data), 121 | headers={ 122 | "User-Agent": "aicoe-ci", 123 | "Authorization": "Bearer " + os.environ["GITHUBTOKEN"], 124 | }) 125 | resp = conn.getresponse() 126 | if not str(resp.status).startswith("2"): 127 | print("Error: %d" % (resp.status)) 128 | print(resp.read()) 129 | 130 | if os.path.isfile('pr-status.json'): 131 | with open('pr-status.json') as json_data: 132 | status_state=json.load(json_data) 133 | post_status(status_state['state'], status_state['desc']) 134 | if os.path.isfile('pr-comment'): 135 | with open('pr-comment') as comment_data: 136 | comment = comment_data.read() 137 | post_comment(comment) 138 | -------------------------------------------------------------------------------- /pipeline/gather-deployment-metrics-pipeline.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tekton.dev/v1beta1 3 | kind: Pipeline 4 | metadata: 5 | name: gather-deployment-metrics-pipeline 6 | labels: 7 | app: aicoe-ci 8 | spec: 9 | params: 10 | - name: pr_number 11 | type: string 12 | - name: pr_repo 13 | type: string 14 | - name: repo_url 15 | type: string 16 | - name: base_image 17 | type: string 18 | - name: build_stratergy 19 | type: string 20 | - name: build_source_script 21 | type: string 22 | - name: dockerfile_path 23 | type: string 24 | - name: registry 25 | type: string 26 | - name: registry_org 27 | type: string 28 | - name: registry_project 29 | type: string 30 | - name: registry_secret 31 | type: string 32 | - name: overlay_name 33 | type: string 34 | - name: test_name 35 | type: string 36 | - name: runtime_environment_test_name 37 | type: string 38 | - name: commit_sha 39 | type: string 40 | resources: 41 | - name: git-repo 42 | type: git 43 | - name: pipeline-helpers 44 | type: image 45 | - name: thoth-s2i-py38 46 | type: image 47 | - name: thoth-ops 48 | type: image 49 | - name: pr-source 50 | type: pullRequest 51 | 52 | tasks: 53 | - name: pr-build-release-run 54 | taskRef: 55 | name: pr-build-release 56 | params: 57 | - name: pr_number 58 | value: $(params.pr_number) 59 | - name: pr_repo 60 | value: $(params.pr_repo) 61 | - name: base_image 62 | value: $(params.base_image) 63 | - name: overlay_name 64 | value: $(params.overlay_name) 65 | - name: build_stratergy 66 | value: $(params.build_stratergy) 67 | - name: build_source_script 68 | value: $(params.build_source_script) 69 | - name: dockerfile_path 70 | value: $(params.dockerfile_path) 71 | - name: registry 72 | value: $(params.registry) 73 | - name: registry_org 74 | value: $(params.registry_org) 75 | - name: registry_project 76 | value: $(params.registry_project) 77 | - name: registry_secret 78 | value: $(params.registry_secret) 79 | resources: 80 | inputs: 81 | - name: s2i-thoth 82 | resource: thoth-s2i-py38 83 | - name: repo 84 | resource: git-repo 85 | - name: pr 86 | resource: pr-source 87 | 88 | - name: manifests-deploy 89 | taskRef: 90 | name: manifests-deploy 91 | params: 92 | - name: pr_number 93 | value: $(params.pr_number) 94 | - name: deployment_image_url 95 | value: "$(params.registry)/$(params.registry_org)/$(params.registry_project):pr-$(params.pr_number)" 96 | - name: overlay_name 97 | value: $(params.overlay_name) 98 | resources: 99 | inputs: 100 | - name: pipeline-helpers 101 | resource: pipeline-helpers 102 | - name: s2i-thoth 103 | resource: thoth-s2i-py38 104 | - name: thoth-ops 105 | resource: thoth-ops 106 | - name: repo 107 | resource: git-repo 108 | - name: pr 109 | resource: pr-source 110 | runAfter: 111 | - pr-build-release-run 112 | 113 | - name: discover-route 114 | taskRef: 115 | name: discover-route 116 | params: 117 | - name: pr_number 118 | value: $(params.pr_number) 119 | - name: pr_repo 120 | value: $(params.pr_repo) 121 | - name: overlay_name 122 | value: $(params.overlay_name) 123 | runAfter: 124 | - manifests-deploy 125 | 126 | - name: gather-and-process-metrics 127 | taskRef: 128 | name: gather-and-process-metrics 129 | params: 130 | - name: runtime_environment_test_name 131 | value: $(params.runtime_environment_test_name) 132 | - name: test_name 133 | value: $(params.test_name) 134 | - name: route_deployment 135 | value: "$(tasks.discover-route.results.route-name)" 136 | - name: repo_url 137 | value: $(params.repo_url) 138 | - name: pr_number 139 | value: $(params.pr_number) 140 | - name: pr_repo 141 | value: $(params.pr_repo) 142 | - name: overlay_name 143 | value: $(params.overlay_name) 144 | - name: commit_sha 145 | value: $(params.commit_sha) 146 | resources: 147 | inputs: 148 | - name: pipeline-helpers 149 | resource: pipeline-helpers 150 | - name: s2i-thoth 151 | resource: thoth-s2i-py38 152 | - name: repo 153 | resource: git-repo 154 | - name: pr 155 | resource: pr-source 156 | runAfter: 157 | - discover-route 158 | -------------------------------------------------------------------------------- /tasks/overlay-deploy-task.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: overlay-deploy 5 | spec: 6 | params: 7 | # tag params 8 | - name: git_ref 9 | description: Git reference value. 10 | - name: repo_name 11 | description: The git repository title. 12 | - name: arch 13 | description: ARCH of the image to be built. 14 | default: "" 15 | - name: registry 16 | description: Container image registry. 17 | default: "quay.io" 18 | - name: registry_org 19 | description: Name of the registry organization. 20 | default: "thoth-station" 21 | - name: registry_project 22 | description: Name of the project repository. 23 | default: "" 24 | - name: default_branch 25 | default: master 26 | description: Default branch used by the repo. 27 | - name: deploy_project_org 28 | description: Deployment configuration repository's organization. 29 | default: "thoth-station" 30 | - name: deploy_project_name 31 | description: Deployment configuration repository. 32 | default: "thoth-application" 33 | - name: deploy_image_name 34 | description: Deployment imagestream name to be used by the application. 35 | default: "" 36 | - name: overlay_contextpath 37 | type: string 38 | description: imagestreamtag yaml which is to be updated. 39 | default: "" 40 | resources: 41 | inputs: 42 | - name: s2i-thoth 43 | type: image 44 | 45 | steps: 46 | - name: git-clone-config-repo 47 | image: $(resources.inputs.s2i-thoth.url) 48 | securityContext: 49 | privileged: true 50 | script: | 51 | export GIT_SSH_COMMAND='ssh -i /tekton/home/.ssh/id_rsa -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' 52 | git clone git@github.com:$(params.deploy_project_org)/$(params.deploy_project_name) /workspace/configrepo 53 | volumeMounts: 54 | - name: ssh-config 55 | mountPath: /tekton/home/.ssh 56 | 57 | - name: patch-imagetag 58 | image: $(resources.inputs.s2i-thoth.url) 59 | workingDir: /workspace/configrepo 60 | script: | 61 | #!/opt/app-root/bin/python 62 | import yaml 63 | 64 | registry_repo = "$(params.registry_project)" if "$(params.registry_project)" else "$(params.repo_name)" 65 | contextpath = ( 66 | "$(params.overlay_contextpath)" 67 | if "$(params.overlay_contextpath)" 68 | else "$(params.repo_name)/overlays/test/imagestreamtag.yaml" 69 | ) 70 | if "$(params.arch)": 71 | image = f"$(params.registry)/$(params.registry_org)/{registry_repo}:$(params.git_ref)-$(params.arch)" 72 | else: 73 | image = f"$(params.registry)/$(params.registry_org)/{registry_repo}:$(params.git_ref)" 74 | 75 | with open(contextpath, "r") as stream: 76 | conf = list(yaml.safe_load_all(stream)) 77 | 78 | for doc in conf: 79 | if doc["kind"] == "ImageStream": 80 | if doc["metadata"]["name"] == "$(params.deploy_image_name)": 81 | for _i, tags in enumerate(doc["spec"]["tags"]): 82 | doc["spec"]["tags"][_i]["from"]["name"] = image 83 | if doc["kind"] == "Job": 84 | if "$(params.deploy_image_name)" in doc["metadata"]["name"]: 85 | doc["metadata"]["name"] = "$(params.deploy_image_name)-$(params.git_ref)" 86 | for _i, tags in enumerate(doc["spec"]["template"]["spec"]["containers"]): 87 | doc["spec"]["template"]["spec"]["containers"][_i]["image"] = image 88 | 89 | with open(contextpath, "w") as output_yaml: 90 | yaml.dump_all(conf, output_yaml, default_flow_style=False) 91 | print("Image update completed") 92 | 93 | - name: git-push 94 | image: $(resources.inputs.s2i-thoth.url) 95 | securityContext: 96 | privileged: true 97 | workingDir: /workspace/configrepo 98 | env: 99 | - name: GITHUB_USERNAME 100 | valueFrom: 101 | secretKeyRef: 102 | name: auth-secret 103 | key: user-name 104 | - name: GITHUB_EMAIL 105 | valueFrom: 106 | secretKeyRef: 107 | name: auth-secret 108 | key: user-email 109 | script: | 110 | git config --local user.email "$GITHUB_EMAIL" 111 | git config --local user.name "$GITHUB_USERNAME" 112 | git status 113 | git add . 114 | git commit -m ":ship: Deploy the Tag $(params.git_ref) for $(params.repo_name)" 115 | export GIT_SSH_COMMAND='ssh -i /tekton/home/.ssh/id_rsa -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' 116 | git push --set-upstream origin $(params.default_branch) 117 | volumeMounts: 118 | - name: ssh-config 119 | mountPath: /tekton/home/.ssh 120 | 121 | volumes: 122 | - name: ssh-config 123 | secret: 124 | secretName: auth-secret 125 | items: 126 | - key: ssh-privatekey 127 | mode: 0600 128 | path: id_rsa 129 | -------------------------------------------------------------------------------- /tasks/create-github-release.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: create-github-release 5 | labels: 6 | app.kubernetes.io/version: "0.1" 7 | annotations: 8 | tekton.dev/pipelines.minVersion: "0.12.1" 9 | tekton.dev/tags: github 10 | tekton.dev/displayName: "create github release" 11 | spec: 12 | params: 13 | - default: sekhet 14 | description: >- 15 | The github user or bot that you would like to be automated to make the 16 | release. 17 | name: git_user 18 | type: string 19 | - default: operate-first 20 | description: >- 21 | The organization that owns the repository of which you would like to 22 | create a relase. 23 | name: git_organization 24 | type: string 25 | - default: opfcli 26 | description: The repository that you want to create a release of. 27 | name: git_repository 28 | type: string 29 | - description: An existing or desired git tag. 30 | name: git_tag 31 | type: string 32 | - default: master 33 | description: >- 34 | Git revision to create a release from if tag does tag does not exist 35 | (branch, sha, ref…). 36 | name: git_ref 37 | type: string 38 | - default: 'release ${params.git_tag}' 39 | description: The title of the release. 40 | name: git_release_title 41 | type: string 42 | - description: The desired body text of the release. 43 | name: git_release_body 44 | type: string 45 | - default: 'false' 46 | description: The boolean that determines if you would like this to be a pre-release. 47 | name: git_prerelase_boolean 48 | type: string 49 | - default: 'false' 50 | description: >- 51 | The boolean that determines if you would like to save this as a draft 52 | instead of publishing. Typical workflow could be having a bot draft 53 | release for review by owners/contributors before publishing. 54 | name: git_draft_release_boolean 55 | type: string 56 | steps: 57 | - image: 'quay.io/thoth-station/s2i-thoth-ubi8-py36:latest' 58 | name: git-config 59 | resources: 60 | limits: 61 | cpu: 70m 62 | memory: 250Mi 63 | requests: 64 | cpu: 50m 65 | memory: 200Mi 66 | workingDir: /workspace 67 | script: > 68 | git clone 69 | https://github.com/$(params.git_organization)/$(params.git_repository).git 70 | cd $(params.git_repository); 71 | existing_tags= git tag 72 | if [[ "${existing_tags}" -ne *"$(params.git_tag)"* ]]; then 73 | git checkout $(params.git_tag)-build 74 | else 75 | git checkout tags/$(params.git_tag) -b $(params.git_tag)-build 76 | fi 77 | - image: 'quay.io/thoth-station/s2i-thoth-ubi8-py36:latest' 78 | name: git-check-release-exists 79 | resources: 80 | limits: 81 | cpu: 50m 82 | memory: 250Mi 83 | requests: 84 | cpu: 70m 85 | memory: 200Mi 86 | script: > 87 | release_check_status="$(curl -s -o /dev/null -w "%{http_code}" 88 | https://api.github.com/repos/$(params.git_organization)/$(params.git_repository)/releases/tags/$(params.git_tag))" 89 | if [[ $release_check_status -eq 200 ]]; then 90 | echo "release already exists." 91 | exit 1; 92 | else 93 | exit 0; 94 | fi; 95 | - env: 96 | - name: GITHUBTOKEN 97 | valueFrom: 98 | secretKeyRef: 99 | key: token 100 | name: auth-secret 101 | image: 'quay.io/thoth-station/s2i-thoth-ubi8-py36:latest' 102 | name: create-release 103 | resources: 104 | limits: 105 | cpu: 170m 106 | memory: 250Mi 107 | requests: 108 | cpu: 150m 109 | memory: 200Mi 110 | script: | 111 | #!/usr/libexec/platform-python 112 | import json 113 | import os 114 | import http.client 115 | 116 | status_url = 117 | "repos/$(params.git_organization)/$(params.git_repository)/releases" 118 | data = { 119 | "prerelease"=false, 120 | 'draft':false, 121 | 'body':"$(params.git_release_body)", 122 | 'name':"$(params.git_release_title)", 123 | 'tag_name':"$(params.git_tag)", 124 | } 125 | 126 | conn = http.client.HTTPSConnection("api.github.com") r = conn.request( 127 | "POST", 128 | status_url, 129 | body=json.dumps(data), 130 | headers={ 131 | "Accept": "application/vnd.github.v3+json" 132 | "User-Agent": "$(params.git_user)", 133 | "Authorization": "Bearer " + os.environ["GITHUBTOKEN"], 134 | }) 135 | resp = conn.getresponse() if not str(resp.status).startswith("2"): 136 | print("Error: %d" % (resp.status)) 137 | print(resp.read()) 138 | else: 139 | print("Successful: %d" % (resp.status)) 140 | print(resp.read()) 141 | -------------------------------------------------------------------------------- /trigger/eventlistener.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: triggers.tekton.dev/v1alpha1 2 | kind: EventListener 3 | metadata: 4 | name: aicoe-ci-listener 5 | labels: 6 | app: aicoe-ci 7 | spec: 8 | serviceAccountName: aicoe-ci-webhook 9 | triggers: 10 | - name: github-pull-request-model 11 | interceptors: 12 | - github: 13 | secretRef: 14 | secretName: github-secret 15 | secretKey: webhooksecret 16 | eventTypes: 17 | - pull_request 18 | - cel: 19 | filter: "(body.action in ['opened', 'closed', 'synchronize', 'reopened', 'created']) && (body.repository.name == 'elyra-aidevsecops-tutorial')" 20 | bindings: 21 | - kind: TriggerBinding 22 | ref: git-model-binding 23 | template: 24 | ref: git-model-template 25 | 26 | - name: github-pull-request 27 | interceptors: 28 | - github: 29 | secretRef: 30 | secretName: github-secret 31 | secretKey: webhooksecret 32 | eventTypes: 33 | - pull_request 34 | - cel: 35 | filter: "(body.action in ['opened', 'closed', 'synchronize', 'reopened', 'created']) && (body.repository.name != 'prescriptions') && (body.repository.name != 'solver')" 36 | bindings: 37 | - kind: TriggerBinding 38 | ref: git-pr-binding 39 | template: 40 | ref: git-pr-template 41 | 42 | - name: github-pull-request-comment 43 | interceptors: 44 | - github: 45 | secretRef: 46 | secretName: github-secret 47 | secretKey: webhooksecret 48 | eventTypes: 49 | - issue_comment 50 | - cel: 51 | filter: "(body.comment.body.startsWith('/retest') || body.comment.body.startsWith('/deploy')) && (body.repository.name != 'prescriptions') && (body.repository.name != 'solver')" 52 | bindings: 53 | - kind: TriggerBinding 54 | ref: git-issue-comment-binding 55 | template: 56 | ref: git-pr-template 57 | 58 | - name: github-tag-release 59 | interceptors: 60 | - github: 61 | secretRef: 62 | secretName: github-secret 63 | secretKey: webhooksecret 64 | eventTypes: 65 | - create 66 | - cel: 67 | filter: "body.ref_type == 'tag'" 68 | bindings: 69 | - kind: TriggerBinding 70 | ref: git-tag-binding 71 | template: 72 | ref: git-tag-template 73 | 74 | - name: github-issue-release 75 | interceptors: 76 | - github: 77 | secretRef: 78 | secretName: github-secret 79 | secretKey: webhooksecret 80 | eventTypes: 81 | - issues 82 | - cel: 83 | filter: "(body.issue.title in ['Deliver Container Image','Deliver Missing Module','Upstream Sync Up']) && (body.action in ['opened', 'reopened'])" 84 | bindings: 85 | - kind: TriggerBinding 86 | ref: git-issue-binding 87 | template: 88 | ref: git-issue-template 89 | 90 | # custom onboarding pipeline for operate-first 91 | - name: opf-issue-release 92 | interceptors: 93 | - github: 94 | secretRef: 95 | secretName: github-secret 96 | secretKey: webhooksecret 97 | eventTypes: 98 | - issues 99 | - cel: 100 | filter: "(body.issue.title.startsWith('NEW PROJECT')) && (body.action in ['opened']) && (body.repository.full_name == 'operate-first/support')" 101 | bindings: 102 | - kind: TriggerBinding 103 | ref: onboarding-issue-binding 104 | template: 105 | ref: onboarding-issue-template 106 | 107 | # custom pipeline for rhods 108 | - name: rhods-issue-pipeline 109 | interceptors: 110 | - github: 111 | secretRef: 112 | secretName: github-secret 113 | secretKey: webhooksecret 114 | eventTypes: 115 | - issues 116 | - cel: 117 | filter: "(body.issue.title in ['Upstream Sync Up']) && (body.action in ['opened', 'reopened']) && (body.organization.login == 'red-hat-data-services')" 118 | bindings: 119 | - kind: TriggerBinding 120 | ref: git-issue-binding 121 | template: 122 | ref: git-issue-template 123 | 124 | # z-stream release pipeline for operate-first 125 | - name: odh-z-stream-release 126 | interceptors: 127 | - github: 128 | secretRef: 129 | secretName: github-secret 130 | secretKey: webhooksecret 131 | eventTypes: 132 | - create 133 | - cel: 134 | filter: "(body.ref_type == 'tag') && (body.repository.full_name == 'opendatahub-io/odh-manifests')" 135 | bindings: 136 | - kind: TriggerBinding 137 | ref: z-stream-release-binding 138 | template: 139 | ref: z-stream-release-template 140 | 141 | - name: webhook-tag-release 142 | bindings: 143 | - kind: TriggerBinding 144 | ref: webhook-tag-binding 145 | template: 146 | ref: git-tag-template 147 | --------------------------------------------------------------------------------