diff --git a/pipeline/PersistentVolumeCDCI.yaml b/pipeline/PersistentVolumeCDCI.yaml new file mode 100644 index 0000000..2bf41ea --- /dev/null +++ b/pipeline/PersistentVolumeCDCI.yaml @@ -0,0 +1,29 @@ +kind: PersistentVolume +apiVersion: v1 +metadata: + name: cdci-webhook-pipeline-pvc-volume + namespace: cdci-librecloud-services + labels: + type: local +spec: + storageClassName: manual + persistentVolumeReclaimPolicy: Delete + capacity: + storage: 1Gi + accessModes: + - ReadWriteOnce + hostPath: + path: "/mnt/cdci" +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: cdci-webhook-pipeline-pvc + namespace: cdci-librecloud-services +spec: + storageClassName: manual + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi diff --git a/pipeline/down.sh b/pipeline/down.sh new file mode 100755 index 0000000..28f48ff --- /dev/null +++ b/pipeline/down.sh @@ -0,0 +1,6 @@ +#/bin/bash +kubectl delete -f pipeline-run.yaml 2>/dev/null +kubectl delete -f pipeline.yaml 2>/dev/null +kubectl delete -f task.yaml 2>/dev/null +kubectl delete -f PersistentVolumeCDCI.yaml 2>/dev/null +kubectl delete -f pipe-resource.yaml 2>/dev/null diff --git a/pipeline/pipe-resource.yaml b/pipeline/pipe-resource.yaml new file mode 100644 index 0000000..4dd2152 --- /dev/null +++ b/pipeline/pipe-resource.yaml @@ -0,0 +1,24 @@ +apiVersion: tekton.dev/v1alpha1 +kind: PipelineResource +metadata: + name: librecloud-webhook-pipeline-img + namespace: cdci-librecloud-services +spec: + type: image + params: + - name: url + value: termas.librecloud.services/termas_librecloud/webhook-pipeline:2.7.0 +--- +apiVersion: tekton.dev/v1alpha1 +kind: PipelineResource +metadata: + name: librecloud-webhook-pipeline-git + namespace: cdci-librecloud-services +spec: + type: git + params: + - name: revision + value: master + - name: url + value: https://CREDENTIALS@repo.librecloud.services/termas_librecloud/webhook-pipeline.git + diff --git a/pipeline/pipeline-run.yaml b/pipeline/pipeline-run.yaml new file mode 100644 index 0000000..3c2c653 --- /dev/null +++ b/pipeline/pipeline-run.yaml @@ -0,0 +1,22 @@ +apiVersion: tekton.dev/v1alpha1 +kind: PipelineRun +metadata: + name: cdci-webhook-pipeline + namespace: cdci-librecloud-services +spec: + serviceAccountName: build-bot + pipelineRef: + name: cdci-webhook-pipeline + # podTemplate: + #volumes: + #- name: cdci-volume + # #emptyDir: {} + # persistentVolumeClaim: + # claimName: cdci-webhook-pipeline-pvc + resources: + - name: source-repo + resourceRef: + name: librecloud-webhook-pipeline-git + - name: target-image + resourceRef: + name: librecloud-webhook-pipeline-img diff --git a/pipeline/pipeline.yaml b/pipeline/pipeline.yaml new file mode 100644 index 0000000..717d0f5 --- /dev/null +++ b/pipeline/pipeline.yaml @@ -0,0 +1,32 @@ +apiVersion: tekton.dev/v1alpha1 +kind: Pipeline +metadata: + name: cdci-webhook-pipeline + namespace: cdci-librecloud-services +spec: + #serviceAccount: build-bot + resources: + - name: source-repo + type: git + #resourceRef: + # name: librecloud-webhook-pipeline-git + - name: target-image + type: image + #resourceRef: + # name: librecloud-webhook-pipeline-img + tasks: + - name: build-webhook-pipeline-img + taskRef: + name: webhook-pipeline-build-image-from-git-source + params: + - name: pathToDockerFile + value: /workspace/source/src + - name: pathToContext + value: /workspace/source/src #configure: may change according to your source + resources: + inputs: + - name: source + resource: source-repo + outputs: + - name: builtImage + resource: target-image diff --git a/pipeline/task.yaml b/pipeline/task.yaml new file mode 100644 index 0000000..c8e28d0 --- /dev/null +++ b/pipeline/task.yaml @@ -0,0 +1,75 @@ +apiVersion: tekton.dev/v1alpha1 +kind: Task +metadata: + name: webhook-pipeline-build-image-from-git-source + namespace: cdci-librecloud-services +spec: + #serviceAccount: build-bot + inputs: + params: + - name: pathToDockerFile + type: string + description: The path to the dockerfile to build + default: /workspace/source/src/Dockerfile + - name: pathToContext + type: string + description: + The build context used by Kaniko + (https://github.com/GoogleContainerTools/kaniko#kaniko-build-contexts) + default: /workspace/source/src + - name: DOCKERFILE + type: string + description: The name of the Dockerfile + default: "Dockerfile" + - name: BUILDKIT_CLIENT_IMAGE + type: string + description: The name of the BuildKit client (buildctl) image + + default: "moby/buildkit:v0.6.2" + - name: BUILDKIT_DAEMON_ADDRESS + type: string + description: The address of the BuildKit daemon (buildkitd) service + default: "tcp://buildkitd:1234" + resources: + - name: source + type: git + outputs: + resources: + - name: builtImage + type: image + volumes: + + - name: dckr-cfg-volume + secret: + secretName: regcred + - name: ssh-volume + secret: + secretName: ssh-key + + steps: + - name: build-and-push + image: $(inputs.params.BUILDKIT_CLIENT_IMAGE) + + + workingDir: /workspace/source + + command: [ "buildctl" ] + args: + - --debug + - --addr=$(inputs.params.BUILDKIT_DAEMON_ADDRESS) + - build + - --progress=plain + - --frontend=dockerfile.v0 + - --opt + - filename=$(inputs.params.DOCKERFILE) + - --local + - context=$(inputs.params.pathToContext) + - --local + - dockerfile=$(inputs.params.pathToDockerFile) + - --output + - type=image,name=$(outputs.resources.builtImage.url),push=true + - --export-cache + - type=inline + - --import-cache + - type=registry,ref=$(outputs.resources.builtImage.url) + diff --git a/pipeline/up.sh b/pipeline/up.sh new file mode 100755 index 0000000..f158795 --- /dev/null +++ b/pipeline/up.sh @@ -0,0 +1,24 @@ +#/bin/bash +FOLLOW_UP="yes" +NS_DOMAIN="cdci-librecloud-services" +PIPELINE_NAME="cdci-webhook-pipeline" +[ "$1" == "-s" ] && FOLLOW_UP="" +is_running=`kubectl get pods -n $NS_DOMAIN | grep $PIPELINE_NAME 2>/dev/null` +if [ -n "$is_running" ] ; then + kubectl delete -f pipeline-run.yaml 2>/dev/null + kubectl delete -f pipeline.yaml 2>/dev/null + kubectl delete -f task.yaml 2>/dev/null + kubectl delete -f pipe-resource.yaml 2>/dev/null +fi +kubectl delete -f PersistentVolumeCDCI.yaml 2>/dev/null +kubectl create -f PersistentVolumeCDCI.yaml +#. lib_dply.sh +#make_host_alias task +kubectl apply -f pipe-resource.yaml +kubectl apply -f task.yaml +kubectl apply -f pipeline.yaml +kubectl apply -f pipeline-run.yaml +if [ -n "$FOLLOW_UP" ] ; then + has_tkn=`type tkn 2>/dev/null` + [ -n "$has_tkn" ] && tkn pipelinerun logs -f $PIPELINE_NAME -n $NS_DOMAIN +fi diff --git a/repo-config.yaml b/repo-config.yaml new file mode 100644 index 0000000..09c406c --- /dev/null +++ b/repo-config.yaml @@ -0,0 +1,14 @@ +Active: true +# Active: false # to not follow up webhook workflow +isPrivate: true + +# Sources for src file +Repo: https://github.com/almir/docker-webhook.git +Source: docker-webhook + +Name: webhook-pipeline +Version: 2.8.0 + +# To get latest_image +IMAGE_NAME: almir/webhook +IMAGE_MATCH: 2. diff --git a/src/Dockerfile b/src/Dockerfile new file mode 100644 index 0000000..a18400f --- /dev/null +++ b/src/Dockerfile @@ -0,0 +1,35 @@ +# Dockerfile for https://github.com/adnanh/webhook +FROM docker.io/golang:alpine3.13 AS build +MAINTAINER Almir Dzinovic +WORKDIR /go/src/github.com/adnanh/webhook +ENV WEBHOOK_VERSION 2.8.0 +RUN apk add --update -t build-deps curl libc-dev gcc libgcc +RUN curl -L --silent -o webhook.tar.gz https://github.com/adnanh/webhook/archive/${WEBHOOK_VERSION}.tar.gz && \ + tar -xzf webhook.tar.gz --strip 1 && \ + go get -d && \ + go build -o /usr/local/bin/webhook && \ + apk del --purge build-deps && \ + rm -rf /var/cache/apk/* && \ + rm -rf /go + +#iputils-ping \ +# install \ +#jinja2 \ +FROM docker.io/alpine:3.13 +RUN apk add --update \ + bash \ + vim \ + git \ + openssh \ + curl \ + jq \ + python3 \ + cmd:pip3 &&\ + pip3 install jinja2 && \ + curl -fSL https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl && \ + chmod +x /usr/local/bin/kubectl +COPY --from=build /usr/local/bin/webhook /usr/local/bin/webhook +WORKDIR /etc/webhook +VOLUME ["/etc/webhook"] +EXPOSE 9000 +ENTRYPOINT ["/usr/local/bin/webhook"] diff --git a/src/LICENSE b/src/LICENSE new file mode 100644 index 0000000..c66d080 --- /dev/null +++ b/src/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2016 Almir Dzinovic + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/src/README.md b/src/README.md new file mode 100644 index 0000000..e187d66 --- /dev/null +++ b/src/README.md @@ -0,0 +1,32 @@ +[Webhook](https://github.com/adnanh/webhook/) Dockerized +================= + +## Running webhook in Docker +The simplest usage of [almir/webhook](https://hub.docker.com/r/almir/webhook/) image is for one to host the hooks JSON file on their machine and mount the directory in which those are kept as a volume to the Docker container: +```shell +docker run -d -p 9000:9000 -v /dir/to/hooks/on/host:/etc/webhook --name=webhook \ + almir/webhook -verbose -hooks=/etc/webhook/hooks.json -hotreload +``` + +Another method of using this Docker image is to create a simple `Dockerfile`: +```docker +FROM almir/webhook +COPY hooks.json.example /etc/webhook/hooks.json +``` + +This `Dockerfile` and `hooks.json.example` files should be placed inside the same directory. After that run `docker build -t my-webhook-image .` and then start your container: +```shell +docker run -d -p 9000:9000 --name=webhook my-webhook-image -verbose -hooks=/etc/webhook/hooks.json -hotreload +``` + +Additionally, one can specify the parameters to be passed to [webhook](https://github.com/adnanh/webhook/) in `Dockerfile` simply by adding one more line to the previous example: +```docker +FROM almir/webhook +COPY hooks.json.example /etc/webhook/hooks.json +CMD ["-verbose", "-hooks=/etc/webhook/hooks.json", "-hotreload"] +``` + +Now, after building your Docker image with `docker build -t my-webhook-image .`, you can start your container by running just: +```shell +docker run -d -p 9000:9000 --name=webhook my-webhook-image +``` diff --git a/src/_Dockerfile b/src/_Dockerfile new file mode 100644 index 0000000..5d49994 --- /dev/null +++ b/src/_Dockerfile @@ -0,0 +1,34 @@ +# Dockerfile for https://github.com/adnanh/webhook +FROM golang:alpine3.13 AS build +MAINTAINER Almir Dzinovic +WORKDIR /go/src/github.com/adnanh/webhook +ENV WEBHOOK_VERSION 2.8.0 +RUN apk add --update -t build-deps curl libc-dev gcc libgcc +RUN curl -L --silent -o webhook.tar.gz https://github.com/adnanh/webhook/archive/${WEBHOOK_VERSION}.tar.gz && \ + tar -xzf webhook.tar.gz --strip 1 && \ + go get -d && \ + go build -o /usr/local/bin/webhook && \ + apk del --purge build-deps && \ + rm -rf /var/cache/apk/* && \ + rm -rf /go + +#iputils-ping \ +# install \ +#jinja2 \ +FROM alpine:3.13 +RUN apk add --update \ + bash \ + vim \ + git \ + openssh \ + curl \ + jq \ + python3 && \ + pip3 install jinja2 && \ + curl -fSL https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl && \ + chmod +x /usr/local/bin/kubectl +COPY --from=build /usr/local/bin/webhook /usr/local/bin/webhook +WORKDIR /etc/webhook +VOLUME ["/etc/webhook"] +EXPOSE 9000 +ENTRYPOINT ["/usr/local/bin/webhook"] diff --git a/src/auto-update-repo/README.md b/src/auto-update-repo/README.md new file mode 100644 index 0000000..996befb --- /dev/null +++ b/src/auto-update-repo/README.md @@ -0,0 +1,8 @@ +### Using this script + +Add `update-repo.sh` script to your `crontab`, like this: +```shell + ./update-repo.sh --user someuser --password somepassword --write-crontab +``` + +This will add a `crontab` entry for the script to execute every five minutes. In case you're not using `crontab` or you want to change the execution frequency you can always add it manually. diff --git a/src/auto-update-repo/update-repo.sh b/src/auto-update-repo/update-repo.sh new file mode 100755 index 0000000..c5f88e8 --- /dev/null +++ b/src/auto-update-repo/update-repo.sh @@ -0,0 +1,65 @@ +#!/bin/bash +set -o pipefail + +# Set path to this script +SCRIPTPATH=$(readlink -f "$(dirname "$(readlink -f ${0})")") +# Get stript's name +SCRIPTNAME=$(basename ${0}) + +check_and_update() { + # Get inside the git repo directory + cd ${SCRIPTPATH}/.. || exit + # Get the branch currently used + CURBRANCH=$(git rev-parse --abbrev-ref HEAD) + # Get latest updates to the repo + git fetch --all && \ + git reset --hard origin/${CURBRANCH} + + # Get latest release of webhook and release used in this repo + LATEST_RELEASE=$(curl -s https://api.github.com/repos/adnanh/webhook/releases/latest | grep tag_name | awk -F ': "' '{ print $2 }' | awk -F '",' '{ print $1 }') + LOCAL_RELEASE=$(grep "^ENV.*WEBHOOK_VERSION" ${SCRIPTPATH}/../Dockerfile | awk '{ print $NF }') + + # Compare releases and update Dockerfile in case they differ + if [[ "${LOCAL_RELEASE}" != "${LATEST_RELEASE}" ]] && [[ -n ${LATEST_RELEASE} ]]; then + sed -i "s/WEBHOOK_VERSION ${LOCAL_RELEASE}/WEBHOOK_VERSION ${LATEST_RELEASE}/g" ${SCRIPTPATH}/../Dockerfile + git commit -am "- bump webhook version to ${LATEST_RELEASE}" + git push origin ${CURBRANCH} && \ + curl -s -X POST -H "Content-Type: application/json" \ + -d '{"tag_name":"'${LATEST_RELEASE}'","target_commitish":"'${CURBRANCH}'","name":"webhook '${LATEST_RELEASE}'","body":"Release for webhook version '${LATEST_RELEASE}'.","draft":false,"prerelease":false}' \ + https://${GITHUB_USER}:${GITHUB_PASS}@api.github.com/repos/${GITHUB_USER}/docker-webhook/releases + fi +} + +argmissing() { + echo "Usage: $0 --user GITHUB_USERNAME --password GITHUB_PASSWORD [--write-crontab]" + echo + echo "Switches:" + echo -e "\t--user\t\t\tSpecify GitHub username - required." + echo -e "\t--password\t\tSpecify GitHub password - required." + echo -e "\t--write-crontab\t\tAdd crontab entry for this script - optional." + echo + echo "Examples:" + echo -e "\t$0 --user someuser --password somepassword" + echo -e "\t$0 --user someuser --password somepassword --write-crontab" + exit 1 +} + +# Translate script arguments to variables +GITHUB_USER=$(echo "$@" | awk -F "--user " '{ print $2 }' | awk '{ print $1 }') +GITHUB_PASS=$(echo "$@" | awk -F "--password " '{ print $2 }' | awk '{ print $1 }') + +if [[ -z ${GITHUB_USER} ]] || [[ -z ${GITHUB_PASS} ]]; then + argmissing +else + if [[ -n $(echo "$@" | grep "\-\-write-crontab") ]]; then + if [[ -z $(crontab -l | grep ${SCRIPTNAME}) ]]; then + echo "Crontab entry is being created." + crontab -l | { cat; echo -e "# Check for webhook releases every five minutes\n*/5 * * * * ${SCRIPTPATH}/${SCRIPTNAME} --user ${GITHUB_USER} --password ${GITHUB_PASS} > /dev/null"; } | crontab - + else + echo "Crontab entry already exists." + fi + fi + check_and_update +fi + +exit 0 diff --git a/src/create.sh b/src/create.sh new file mode 100755 index 0000000..fafec91 --- /dev/null +++ b/src/create.sh @@ -0,0 +1,2 @@ +#!/bin/bash +podman build -t webhook:2.8.0 .