Skip to content

Commit

Permalink
Infra for PR checks / Add Pipelines As Code for internal use (#115)
Browse files Browse the repository at this point in the history
* install pac

* add to kustomization.yaml

* create sa

* create sa

* create sa

* create sa

* create sa

* create sa

* add auth memberships for devs to debug

* add Repository CR for HAS

* add Repository CR for HAS

* reference to release yaml
  • Loading branch information
sbose78 authored Feb 16, 2022
1 parent e5d1323 commit ac7139b
Show file tree
Hide file tree
Showing 11 changed files with 110 additions and 1 deletion.
22 changes: 22 additions & 0 deletions components/authentication/build-ci.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: pipelines-as-code-maintainers
namespace: pipelines-as-code
subjects:
- kind: User
apiGroup: rbac.authorization.k8s.io
name: sbose78
- kind: User
apiGroup: rbac.authorization.k8s.io
name: jduimovich
- kind: User
apiGroup: rbac.authorization.k8s.io
name: chmouel
- kind: User
apiGroup: rbac.authorization.k8s.io
name: Michkov
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: pipeline-maintainer
1 change: 1 addition & 0 deletions components/authentication/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ resources:
- user-ci-maintainer.yaml
- gitops-ci.yaml
- has-ci.yaml
- build-ci.yaml
- prune-has.yaml
- argocd-permissions.yaml
- tenants/
Expand Down
15 changes: 15 additions & 0 deletions components/authentication/view-build-service.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,21 @@ subjects:
name: jduimovich
- kind: User
name: sbose78
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: view
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: read-pac
namespace: pipelines-as-code
subjects:
- kind: User
name: chmouel
- kind: User
name: sbose78
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
Expand Down
1 change: 1 addition & 0 deletions components/build/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
resources:
- openshift-pipelines/
- build-templates/
- pipelines-as-code/

generatorOptions:
disableNameSuffixHash: true
Expand Down
13 changes: 13 additions & 0 deletions components/build/openshift-pipelines/allow-argocd-create-sa.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: allow-argo-cd-sa
namespace: openshift-operators
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin
subjects:
- kind: ServiceAccount
name: openshift-gitops-argocd-application-controller
namespace: openshift-gitops
1 change: 1 addition & 0 deletions components/build/openshift-pipelines/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ resources:
- patch-tekton-config-rb.yaml
- patch-tekton-config-sa.yaml
- pruner-configuration-job.yaml
- allow-argocd-create-sa.yaml

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
42 changes: 42 additions & 0 deletions components/build/pipelines-as-code/allow-argocd.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: allow-argo-cd-rolebinding
namespace: pipelines-as-code
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin
subjects:
- kind: ServiceAccount
name: openshift-gitops-argocd-application-controller
namespace: openshift-gitops
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: crd-manager-for-build
rules:
- verbs:
- patch
- get
- list
- create
- get
apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: grant-argocd-crd-permissions-for-build
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: crd-manager-for-build
subjects:
- kind: ServiceAccount
name: openshift-gitops-argocd-application-controller
namespace: openshift-gitops
7 changes: 7 additions & 0 deletions components/build/pipelines-as-code/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
resources:
- allow-argocd.yaml
- https://raw.githubusercontent.com/openshift-pipelines/pipelines-as-code/release-0.5.2/release-0.5.2.yaml


apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
1 change: 0 additions & 1 deletion components/gitops/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ resources:
- backend/
- .tekton/


apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

Expand Down
1 change: 1 addition & 0 deletions components/has/.tekton/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ resources:
- event-listener.yaml
- webhook-route.yaml
- serviceaccount.yaml
- pipelines-as-code.yaml
- pvc.yaml

# Skip applying the Tekton operands while the Tekton operator is being installed.
Expand Down
7 changes: 7 additions & 0 deletions components/has/.tekton/pipelines-as-code.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
apiVersion: pipelinesascode.tekton.dev/v1alpha1
kind: Repository
metadata:
name: application-service-pac
namespace: application-service
spec:
url: "https://github.com/redhat-appstudio/application-service"

0 comments on commit ac7139b

Please sign in to comment.