Merge pull request redhat-scholars#60 from jayfray12/main

Added GitWebHook
ultraJeffOrg · Mar 3, 2023 · fe1e060 · fe1e060
2 parents a328df6 + e2c81ad
commit fe1e060
Show file tree

Hide file tree

Showing 14 changed files with 193 additions and 35 deletions.
diff --git a/scaffolder-templates/quarkus-web-template/manifests/helm/build/templates/git-webhook.yaml b/scaffolder-templates/quarkus-web-template/manifests/helm/build/templates/git-webhook.yaml
@@ -0,0 +1,19 @@
+apiVersion: redhatcop.redhat.io/v1alpha1
+kind: GitWebhook
+metadata:
+  name: {{ .Values.app.name }}
+spec:
+  gitHub:
+    gitServerCredentials:
+      name: {{ .Values.app.name }}-github-pat
+  repositoryOwner: {{ .Values.git.org }}
+  ownerType:  "organization"
+  repositoryName: {{ .Values.git.name }}
+  webhookURL: https://webhook-{{ .Values.app.name }}-el-{{ .Values.app.namespace }}{{ .Values.app.cluster }}
+  insecureSSL: true
+  webhookSecret:
+    name: {{ .Values.app.name }}-webhook
+  events:
+    - push  
+  content: json
+  active: true  
diff --git a/scaffolder-templates/quarkus-web-template/manifests/helm/build/templates/pipelinerun.yaml b/scaffolder-templates/quarkus-web-template/manifests/helm/build/templates/pipelinerun.yaml
diff --git a/...folder-templates/quarkus-web-template/manifests/helm/build/templates/triggertemplate.yaml b/...folder-templates/quarkus-web-template/manifests/helm/build/templates/triggertemplate.yaml
@@ -32,5 +32,12 @@ spec:
         timeout: 1h0m0s
         workspaces:
           - name: source-folder
-            persistentVolumeClaim:
-              claimName: source-folder
+            volumeClaimTemplate:
+              spec:
+                accessModes:
+                  - ReadWriteOnce
+                resources:
+                  requests:
+                    storage: 1Gi
+          - emptyDir: {}
+            name: maven-settings
diff --git a/...es/quarkus-web-template/manifests/helm/build/templates/vault-git-k8-auth-engine-role.yaml b/...es/quarkus-web-template/manifests/helm/build/templates/vault-git-k8-auth-engine-role.yaml
@@ -0,0 +1,21 @@
+apiVersion: redhatcop.redhat.io/v1alpha1
+kind: KubernetesAuthEngineRole
+metadata:
+  name: {{ .Values.app.name }}-vault-role
+  namespace: vault-admin
+spec:
+  # Add fields here
+  authentication: 
+    path: kubernetes
+    role: policy-admin
+  path: kubernetes
+  policies:
+    - {{ .Values.app.name }}-read-token  
+  targetServiceAccounts:
+  - default      
+  targetNamespaces:
+    targetNamespaceSelector:
+      matchExpressions:
+        - key: kubernetes.io/metadata.name
+          operator: In
+          values: [{{ .Values.app.namespace }}]
diff --git a/...older-templates/quarkus-web-template/manifests/helm/build/templates/vault-git-policy.yaml b/...older-templates/quarkus-web-template/manifests/helm/build/templates/vault-git-policy.yaml
@@ -0,0 +1,21 @@
+apiVersion: redhatcop.redhat.io/v1alpha1
+kind: Policy
+metadata:
+  name: {{ .Values.app.name }}-read-token
+  namespace: vault-admin
+spec:
+  # Add fields here
+  authentication: 
+    path: kubernetes
+    role: policy-admin
+  policy: |
+    # create tokens
+    path "/github/token/{{ .Values.app.name }}" {
+      capabilities = ["read"]
+    }
+    path "/quay/creds/{{ .Values.app.name }}" {
+      capabilities = ["read"]
+    }
+    path "/quay/creds/{{ .Values.app.name }}-pusher" {
+      capabilities = ["read"]
+    }
diff --git a/...emplates/quarkus-web-template/manifests/helm/build/templates/vault-git-secret-engine.yaml b/...emplates/quarkus-web-template/manifests/helm/build/templates/vault-git-secret-engine.yaml
@@ -0,0 +1,17 @@
+apiVersion: redhatcop.redhat.io/v1alpha1
+kind: GitHubSecretEngineRole
+metadata:
+    name: {{ .Values.app.name }}
+    namespace: vault-admin
+spec:
+  authentication: 
+    path: kubernetes
+    role: policy-admin
+  path: github
+  organizationName: {{ .Values.git.org }}
+  repositories: []
+  permissions: 
+    pull_requests: write
+    metadata: read
+    contents: write
+    repository_hooks: write
diff --git a/...older-templates/quarkus-web-template/manifests/helm/build/templates/vault-git-secret.yaml b/...older-templates/quarkus-web-template/manifests/helm/build/templates/vault-git-secret.yaml
@@ -0,0 +1,20 @@
+apiVersion: redhatcop.redhat.io/v1alpha1
+kind: VaultSecret
+metadata:
+    name: github-credentials
+spec:
+  vaultSecretDefinitions:
+  - authentication:
+      path: kubernetes
+      role: {{ .Values.app.name }}-vault-role
+    name: githubtoken
+    path: github/token/{{ .Values.app.name }}
+  output:
+    name: {{ .Values.app.name }}-github-pat
+    stringData:
+      token: "{{ "{{" }} .githubtoken.token {{ "}}" }}"
+      .gitconfig: |
+        [credential "https://github.com"]
+          helper = store
+      .git-credentials: |
+        https://git:{{ "{{" }} .githubtoken.token {{ "}}" }}@github.com
diff --git a/...plates/quarkus-web-template/manifests/helm/build/templates/vault-k8-auth-engine-role.yaml b/...plates/quarkus-web-template/manifests/helm/build/templates/vault-k8-auth-engine-role.yaml
@@ -0,0 +1,21 @@
+apiVersion: redhatcop.redhat.io/v1alpha1
+kind: KubernetesAuthEngineRole
+metadata:
+  name: {{ .Values.app.name }}-kv
+  namespace: vault-admin
+spec:
+  # Add fields here
+  authentication: 
+    path: kubernetes
+    role: policy-admin
+  path: kubernetes  
+  policies:
+    - {{ .Values.app.name }}-kv
+  targetServiceAccounts:
+  - default  
+  targetNamespaces:
+    targetNamespaceSelector:
+      matchExpressions:
+        - key: kubernetes.io/metadata.name
+          operator: In
+          values: [{{ .Values.app.namespace }}]   
diff --git a/scaffolder-templates/quarkus-web-template/manifests/helm/build/templates/vault-policy.yaml b/scaffolder-templates/quarkus-web-template/manifests/helm/build/templates/vault-policy.yaml
@@ -0,0 +1,18 @@
+apiVersion: redhatcop.redhat.io/v1alpha1
+kind: Policy
+metadata:
+  name: {{ .Values.app.name }}-kv
+  namespace: vault-admin
+spec:
+  authentication: 
+    path: kubernetes
+    role: policy-admin
+  policy: |
+    # read / write from the kv path
+    path "{{ .Values.git.org }}/{{ .Values.app.name }}-kv/*" {
+      capabilities = [ "create", "read", "update", "delete"]
+    }
+    # read the password policy
+    path "sys/policies/password/+/generate" {
+      capabilities = [ "read" ]
+    }
diff --git a/...er-templates/quarkus-web-template/manifests/helm/build/templates/vault-random-secret.yaml b/...er-templates/quarkus-web-template/manifests/helm/build/templates/vault-random-secret.yaml
@@ -0,0 +1,13 @@
+apiVersion: redhatcop.redhat.io/v1alpha1
+kind: RandomSecret
+metadata:
+  name: {{ .Values.app.name }}-webhook
+spec:
+  authentication: 
+    path: kubernetes
+    role: {{ .Values.app.name }}-kv
+  isKVSecretsEngineV2: false
+  path: {{ .Values.git.org }}/{{ .Values.app.name }}-kv
+  secretKey: webhook_secret
+  secretFormat:
+    passwordPolicyName: webhook
diff --git a/scaffolder-templates/quarkus-web-template/manifests/helm/build/templates/vault-secret.yaml b/scaffolder-templates/quarkus-web-template/manifests/helm/build/templates/vault-secret.yaml
@@ -0,0 +1,16 @@
+apiVersion: redhatcop.redhat.io/v1alpha1
+kind: VaultSecret
+metadata:
+  name: {{ .Values.app.name }}-webhook
+spec:
+  vaultSecretDefinitions:
+    - authentication:
+        path: kubernetes
+        role: {{ .Values.app.name }}-kv
+      name: webhook_secret
+      path: {{ .Values.git.org }}/{{ .Values.app.name }}-kv/{{ .Values.app.name }}-webhook
+  output:
+    name: {{ .Values.app.name }}-webhook
+    stringData:
+      secret: "{{ "{{" }} .webhook_secret.webhook_secret {{ "}}" }}"
+    type: Opaque
diff --git a/...lates/quarkus-web-template/manifests/helm/build/templates/vault-sercret-engine-mount.yaml b/...lates/quarkus-web-template/manifests/helm/build/templates/vault-sercret-engine-mount.yaml
@@ -0,0 +1,11 @@
+apiVersion: redhatcop.redhat.io/v1alpha1
+kind: SecretEngineMount
+metadata:
+  name: {{ .Values.app.name }}-kv
+  namespace: vault-admin
+spec:
+  authentication: 
+    path: kubernetes
+    role: policy-admin
+  type: kv
+  path: {{ .Values.git.org }}
diff --git a/scaffolder-templates/quarkus-web-template/manifests/helm/build/values.yaml b/scaffolder-templates/quarkus-web-template/manifests/helm/build/values.yaml
@@ -1,9 +1,13 @@
 app:
   name: ${{values.component_id}}
+  namespace: ${{ values.namespace }}
+  cluster: ${{ values.cluster }}
 
 git:
   branch: main
   repo: ${{ values.source_repository }}
+  org: ${{ values.git_owner }}
+  name: ${{ values.repository_name }}
 
 image:
   host: ${{ values.image_host }}

diff --git a/scaffolder-templates/quarkus-web-template/template.yaml b/scaffolder-templates/quarkus-web-template/template.yaml
@@ -62,7 +62,6 @@ spec:
           default: image-registry.openshift-image-registry.svc:5000
         image_name:
           title: Image Name
-          default: my-quarkus-dev/my-quarkus-app
           type: string
           description: Build Image Name <NAMESPACE><COMPONENT_ID> to use internal registry
         image_tag:
@@ -132,6 +131,9 @@ spec:
           description: ${{ parameters.description }}
           destination: https://github.com/${{ (parameters.repoUrl | parseRepoUrl).owner }}/${{ (parameters.repoUrl | parseRepoUrl).repo }}-gitops
           source_repository: https://github.com/${{ (parameters.repoUrl | parseRepoUrl).owner }}/${{ (parameters.repoUrl | parseRepoUrl).repo }}
+          repository_name: ${{ (parameters.repoUrl | parseRepoUrl).repo }}
+          git_owner: ${{ (parameters.repoUrl | parseRepoUrl).owner }}
+          cluster: baseurl.cluster-example.com
           namespace: ${{ parameters.component_id }}-dev
           image_host: ${{ parameters.image_host }}
           image_name: ${{ parameters.image_name }}