Something is going on

badhouseplants/helmfile.yaml

@@ -12,6 +12,11 @@ releases:
     namespace: drone-service
     createNamespace: false
 
+  - <<: *tekton-pipeline
+    installed: true
+    namespace: tekton-service
+    createNamespace: true
+
   - <<: *longhorn
     installed: true
     namespace: longhorn-system

badhouseplants/values/secrets.tekton-pipeline.yaml

@@ -0,0 +1,23 @@
+auth:
+    git:
+        password: ENC[AES256_GCM,data:X1wVDcAeDP9IY/Kry+pP3BayBFJJ4o4NxA==,iv:qVG9R033GKeQxaVpCpN3hUV9d6dGULceEPt70U5psX0=,tag:jgmc/T42T9/JH3PgN6v2qA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEdmJzcTFKd1M2dUZyTmxZ
+            Mnljc1FCRk9tQUFyWUk4U21kYWR0MVMzSms4CjdCNTFONTJGU1B4bDBOQnp3NEtW
+            UDZpTkU4bWFrYVhiV0tUbGRmaTlPTUEKLS0tIHJmTkhGbTZiQkQzR2VHckRoVFVF
+            eUtWMXpDWlBwVE1zM1FOMklQd3BhZk0KvJBAxTdAQCHGDd7W2qv/31OblHrX7o0X
+            0GCL/z1dw+sG4GS0zwgxVu8jlGzWK8PCZjq5k8bMMzbbKtUNKiShuA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-09-27T04:26:20Z"
+    mac: ENC[AES256_GCM,data:Hknt7Td7Tyx/c98Xf7dbsaGRLKO1zzZR34ZarkZtFVyvTcB0kxb5VWeJv+O215UAXEjPE7LUB2gHvhAtgLsAnek55stjZ84ifz923gMKB2ul18TeX4s0oqXyKvKZyv7SKPsVduSA4EutbrOnxLiZCmL8b/u0Y6scUH5pOe7aydg=,iv:vXvdvPE4n6ZYb0CXZZppWuvFFOlDEM2dMiiUwVTTTvE=,tag:gfNWefDG3cC1QzNGwgs5mQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.0

badhouseplants/values/values.tekton-pipeline.yaml

@@ -0,0 +1,4 @@
+auth:
+  git:
+    username: tekton
+    url: https://git.badhouseplants.net

manifests/debug/istio-stuff.yaml

@@ -1,17 +0,0 @@
-apiVersion: networking.istio.io/v1alpha3
-kind: EnvoyFilter
-metadata:
-  name: proxy-protocol
-  namespace: istio-system
-spec:
-  workloadSelector:
-    labels:
-      istio: ingressgateway
-  configPatches:
-  - applyTo: LISTENER
-    patch:
-      operation: MERGE
-      value:
-        listener_filters:
-        - name: envoy.listener.proxy_protocol
-

manifests/debug/proxy-prot.yaml

@@ -1,17 +0,0 @@
-apiVersion: networking.istio.io/v1alpha3
-kind: EnvoyFilter
-metadata:
-  name: proxy-protocol
-  namespace: istio-system
-spec:
-  configPatches:
-  - applyTo: LISTENER
-    patch:
-      operation: MERGE
-      value:
-        listener_filters:
-        - name: envoy.listener.proxy_protocol
-        - name: envoy.listener.tls_inspector
-  workloadSelector:
-    labels:
-      istio: ingressgateway

manifests/debug/test.yaml

@@ -1,83 +0,0 @@
-apiVersion: networking.istio.io/v1alpha3
-kind: Gateway
-metadata:
-  name: httpbin-gateway
-spec:
-  selector:
-    istio: ingressgateway
-  servers:
-  - port:
-      number: 80
-      name: http
-      protocol: HTTP2
-    hosts:
-    - "test.badhouseplants.net"
-  - hosts:
-    - "test.badhouseplants.net"
-    port:
-      name: https
-      number: 443
-      protocol: HTTPS
-    tls:
-      credentialName: badhouseplants-wildcard-tls
-      mode: SIMPLE
----
-apiVersion: networking.istio.io/v1alpha3
-kind: VirtualService
-metadata:
-  name: httpbin
-spec:
-  hosts:
-  - "test.badhouseplants.net"
-  gateways:
-  - httpbin-gateway
-  http:
-  - route:
-    - destination:
-        host: httpbin
-        port:
-          number: 8000
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: httpbin
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: httpbin
-  labels:
-    app: httpbin
-    service: httpbin
-spec:
-  ports:
-  - name: http
-    port: 8000
-    targetPort: 80
-  selector:
-    app: httpbin
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: httpbin
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: httpbin
-      version: v1
-  template:
-    metadata:
-      labels:
-        app: httpbin
-        version: v1
-    spec:
-      serviceAccountName: httpbin
-      containers:
-      - image: docker.io/kong/httpbin
-        imagePullPolicy: IfNotPresent
-        name: httpbin
-        ports:
-        - containerPort: 80

manifests/git_clone.yaml

@@ -0,0 +1,80 @@
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: git-clone-repo
+  namespace: tekton-jobs
+spec:
+  workspaces:
+    - name: src
+      mountPath: /src
+  params:
+    - name: url
+
+  steps:
+    - name: Git Clone
+      image: alpine/git
+      script: |
+        #!/bin/bash
+        
+---
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: write
+  namespace: tekton-jobs
+spec:
+  workspaces:
+    - name: src
+      mountPath: /custom/path/relative/to/root
+  steps:
+    - name: goodbye
+      image: ubuntu
+      script: |
+        #!/bin/bash
+        cat $(workspaces.src.path)/check
+---
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+  name: hello-goodbye
+  namespace: tekton-jobs
+spec:
+  tasks:
+    - name: read
+      taskRef:
+        name: read
+      workspaces:
+        - name: src
+          workspace: src
+    - name: write
+      runAfter:
+        - read
+      taskRef:
+        name: read
+      workspaces:
+        - name: src
+          workspace: src
+  workspaces:
+    - name: src
+---
+apiVersion: tekton.dev/v1beta1
+kind: PipelineRun
+metadata:
+  name: hello-goodbye-run
+  namespace: tekton-jobs
+spec:
+  pipelineRef:
+    name: hello-goodbye
+    namespace: tekton-jobs
+  params:
+    - name: username
+      value: "Tekton"
+  workspaces:
+    - name: src
+      volumeClaimTemplate:
+        spec:
+          accessModes:
+            - ReadWriteOnce # access mode may affect how you can use this volume in parallel tasks
+          resources:
+            requests:
+              storage: 1Gi

manifests/metallb/badhouseplants-ip.yaml

@@ -1,10 +1,9 @@
 # addresspool.yaml
----
 apiVersion: metallb.io/v1beta1
 kind: IPAddressPool
 metadata:
   name: custom-addresspool
   namespace: metallb-system
-spec: 
+spec:
   addresses:
-  - 195.201.250.50-195.201.250.50
+    - 195.201.250.50-195.201.250.50

manifests/metallb/etersoft-ip.yaml

@@ -1,10 +1,9 @@
 # addresspool.yaml
----
 apiVersion: metallb.io/v1beta1
 kind: IPAddressPool
 metadata:
   name: custom-addresspool
   namespace: metallb-system
-spec: 
+spec:
   addresses:
-  - 91.232.225.63-91.232.225.63
+    - 91.232.225.63-91.232.225.63

manifests/tekton/cdh.yaml

@@ -0,0 +1,13 @@
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: check-da-helm
+  namespace: tekton-pipelines
+spec:
+  params:
+    - name: environment
+      type: string
+  steps:
+    - name: check-da-helm
+      image: ghcr.io/allanger/check-da-helm-helmfile-secrets:stable
+      script: "cdh --kind helmfile -p helmfile.yaml --helmfile-environment  \n"

manifests/tekton/gitea-event-listener.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: triggers.tekton.dev/v1beta1
+kind: EventListener
+metadata:
+  name: gitea-webhook
+spec:
+  serviceAccountName: pipeline
+  triggers:
+    - name: tekton-greeter-webhook
+      bindings:
+        - ref: gitea-triggerbinding
+      template:
+        ref: tekton-greeter-trigger-template

releases.yaml

@@ -26,6 +26,33 @@ templates:
         args:
           - -c
           - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f - || true"
+  tekton-triggers-hook:
+    hooks:
+      - events: ["preapply"]
+        showlogs: true
+        command: "sh"
+        args:
+          - -c
+          - |
+            kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.25.0/release.yaml \
+              && kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.25.0/interceptors.yaml
+      - events: ["prepare"]
+        showlogs: true
+        command: "sh"
+        args:
+          - -c
+          - |
+            kubectl diff  -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.25.0/release.yaml || true \
+              && kubectl diff -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.25.0/interceptors.yaml || true
+      - events: ["postuninstall"]
+        showlogs: true
+        command: "sh"
+        args:
+          - -c
+          - |
+            kubectl delete  -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.25.0/release.yaml \
+              && kubectl delete -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.25.0/interceptors.yaml
+
   # ----------------------------
   # -- Configs
   # ----------------------------
@@ -213,6 +240,15 @@ templates:
       - template: default-env-secrets
       - template: drone-common
 
+  tekton-pipeline: &tekton-pipeline
+    name: tekton-pipeline
+    chart: cdf/tekton-pipeline
+    version: 1.0.2
+    inherit:
+      - template: default-env-values
+      - template: default-env-secrets
+      - template: tekton-triggers-hook
+
   nrodionov: &nrodionov
     name: nrodionov
     chart: bitnami/wordpress

repositories.yaml

@@ -35,4 +35,6 @@ repositories:
   - name: db-operator
     url: https://db-operator.github.io/charts
   - name: allanger-gitea
-    url:  https://git.badhouseplants.net/api/packages/allanger/helm
+    url: https://git.badhouseplants.net/api/packages/allanger/helm
+  - name: cdf
+    url: https://cdfoundation.github.io/tekton-helm-chart/