From 2777e73aa20f0cc7282d93e39f47e3583a8dd9a0 Mon Sep 17 00:00:00 2001 From: Marcin-Ramotowski Date: Sat, 2 Aug 2025 13:16:06 +0200 Subject: [PATCH] Cleanup argo-workflows directory --- .../argo-serviceAccount.yaml} | 0 .../argo-workflow-manager-role.yaml | 0 .../{ => old-account}/role-binding.yaml | 0 argo-workflows/secret-store.yaml | 2 +- argo-workflows/sensor.yaml | 42 ----- .../{ => webhook}/eventbus-default.yaml | 0 argo-workflows/{ => webhook}/permissions.yaml | 0 argo-workflows/webhook/sensor.yaml | 172 ++++++++++++++++++ argo-workflows/{ => webhook}/source.yaml | 0 .../{ => webhook}/webhook-ingress.yaml | 0 .../webhook-service.yaml} | 0 11 files changed, 173 insertions(+), 43 deletions(-) rename argo-workflows/{acr-pusher.yaml => old-account/argo-serviceAccount.yaml} (100%) rename argo-workflows/{ => old-account}/argo-workflow-manager-role.yaml (100%) rename argo-workflows/{ => old-account}/role-binding.yaml (100%) delete mode 100644 argo-workflows/sensor.yaml rename argo-workflows/{ => webhook}/eventbus-default.yaml (100%) rename argo-workflows/{ => webhook}/permissions.yaml (100%) create mode 100644 argo-workflows/webhook/sensor.yaml rename argo-workflows/{ => webhook}/source.yaml (100%) rename argo-workflows/{ => webhook}/webhook-ingress.yaml (100%) rename argo-workflows/{service.yaml => webhook/webhook-service.yaml} (100%) diff --git a/argo-workflows/acr-pusher.yaml b/argo-workflows/old-account/argo-serviceAccount.yaml similarity index 100% rename from argo-workflows/acr-pusher.yaml rename to argo-workflows/old-account/argo-serviceAccount.yaml diff --git a/argo-workflows/argo-workflow-manager-role.yaml b/argo-workflows/old-account/argo-workflow-manager-role.yaml similarity index 100% rename from argo-workflows/argo-workflow-manager-role.yaml rename to argo-workflows/old-account/argo-workflow-manager-role.yaml diff --git a/argo-workflows/role-binding.yaml b/argo-workflows/old-account/role-binding.yaml similarity index 100% rename from argo-workflows/role-binding.yaml rename to argo-workflows/old-account/role-binding.yaml diff --git a/argo-workflows/secret-store.yaml b/argo-workflows/secret-store.yaml index 5989a4c..e181cdc 100644 --- a/argo-workflows/secret-store.yaml +++ b/argo-workflows/secret-store.yaml @@ -2,7 +2,7 @@ apiVersion: secrets-store.csi.x-k8s.io/v1 kind: SecretProviderClass metadata: name: azure-keyvault - namespace: argo + namespace: argo-events spec: provider: azure secretObjects: diff --git a/argo-workflows/sensor.yaml b/argo-workflows/sensor.yaml deleted file mode 100644 index 712c712..0000000 --- a/argo-workflows/sensor.yaml +++ /dev/null @@ -1,42 +0,0 @@ ---- -apiVersion: argoproj.io/v1alpha1 -kind: Sensor -metadata: - name: sensor - namespace: argo-events -spec: - template: - serviceAccountName: operate-workflow-sa - dependencies: - - name: dep - eventSourceName: webhook - eventName: test-hook - triggers: - - template: - name: trigger - k8s: - operation: create - source: - resource: - apiVersion: argoproj.io/v1alpha1 - kind: Workflow - metadata: - generateName: test-workflow- - spec: - serviceAccountName: operate-workflow-sa - entrypoint: entry-wf - templates: - - name: entry-wf - container: - image: docker/whalesay - command: [cowsay] - args: ["{{ workflow.parameters.argName }}"] - arguments: - parameters: - - name: argName - value: "Default_argName" - parameters: - - src: - dependencyName: dep - dataKey: body.argName - dest: spec.arguments.parameters.0.value \ No newline at end of file diff --git a/argo-workflows/eventbus-default.yaml b/argo-workflows/webhook/eventbus-default.yaml similarity index 100% rename from argo-workflows/eventbus-default.yaml rename to argo-workflows/webhook/eventbus-default.yaml diff --git a/argo-workflows/permissions.yaml b/argo-workflows/webhook/permissions.yaml similarity index 100% rename from argo-workflows/permissions.yaml rename to argo-workflows/webhook/permissions.yaml diff --git a/argo-workflows/webhook/sensor.yaml b/argo-workflows/webhook/sensor.yaml new file mode 100644 index 0000000..06f34da --- /dev/null +++ b/argo-workflows/webhook/sensor.yaml @@ -0,0 +1,172 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Sensor +metadata: + name: webhook-build + namespace: argo-events +spec: + template: + serviceAccountName: operate-workflow-sa + dependencies: + - name: gitea-push + eventSourceName: webhook + eventName: test-hook + triggers: + - template: + name: trigger-build-workflow + k8s: + group: argoproj.io + version: v1alpha1 + resource: workflows + operation: create + source: + resource: + apiVersion: argoproj.io/v1alpha1 + kind: Workflow + metadata: + generateName: build-workflow- + namespace: argo-events + spec: + entrypoint: main + serviceAccountName: operate-workflow-sa + volumeClaimTemplates: + - metadata: + name: workspace + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 128Mi + volumes: + - name: secrets-store + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: azure-keyvault + templates: + - name: main + steps: + - - name: checkout + template: checkout + - - name: tests + template: tests + - - name: build-and-push-image + template: build-and-push-image + arguments: + parameters: + - name: git-sha + value: "{{steps.checkout.outputs.parameters.git-sha}}" + - - name: gitops-commit + template: gitops-commit + arguments: + parameters: + - name: git-sha + value: "{{steps.checkout.outputs.parameters.git-sha}}" + - name: checkout + container: + image: alpine/git + command: [sh, -c] + workingDir: /workspace + env: + - name: REPO_URL + value: https://gitea.marcin00.pl/pikram/user-microservice.git + - name: REPO_BRANCH + value: argo-workflow + args: + - | + git clone --depth 1 --branch "${REPO_BRANCH}" --single-branch "${REPO_URL}" repo + cd repo + git rev-parse HEAD > /tmp/gitsha.txt + volumeMounts: + - name: workspace + mountPath: /workspace + outputs: + parameters: + - name: git-sha + valueFrom: + path: /tmp/gitsha.txt + - name: tests + script: + image: python:3.11.7-alpine + command: [sh] + workingDir: /workspace/repo/api + source: | + python3 -m venv env + source env/bin/activate + pip install -r requirements.txt pytest + python3 -m pytest --junit-xml=pytest_junit.xml + volumeMounts: + - name: workspace + mountPath: /workspace + - name: build-and-push-image + inputs: + parameters: + - name: git-sha + podSpecPatch: | + runtimeClassName: sysbox-runc + metadata: + annotations: + io.kubernetes.cri-o.userns-mode: "auto:size=65536" + container: + image: marcin00.azurecr.io/azure-cli-docker:slim-bookworm + command: [sh, -c] + workingDir: /workspace/repo + env: + - name: DOCKER_IMAGE + value: marcin00.azurecr.io/user-microservice:{{inputs.parameters.git-sha}} + - name: CLIENT_ID + value: c302726f-fafb-4143-94c1-67a70975574a + - name: ACR_NAME + value: marcin00 + args: + - | + dockerd & + docker build -t $DOCKER_IMAGE --build-arg APP_VERSION={{inputs.parameters.git-sha}} --build-arg BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") . + az login --identity --client-id ${CLIENT_ID} + az acr login --name ${ACR_NAME} + docker push ${DOCKER_IMAGE} + volumeMounts: + - name: workspace + mountPath: /workspace + - name: gitops-commit + inputs: + parameters: + - name: git-sha + container: + image: alpine/git + command: [sh, -c] + env: + - name: DEPLOY_REPO_URL + value: ssh://git@srv22.mikr.us:20343/pikram/user-microservice-deploy.git + - name: DEPLOY_REPO_BRANCH + value: argo-deploy + - name: CI_COMMIT_SHA + value: "{{inputs.parameters.git-sha}}" + args: + - | + mkdir -p ~/.ssh + cp /mnt/secrets/gitea-known-host ~/.ssh/known_hosts + chmod 644 ~/.ssh/known_hosts + cp /mnt/secrets/gitea-deploy-key ~/.ssh/id_ed25519 + chmod 600 ~/.ssh/id_ed25519 + git config --global user.name "argo[bot]" + git config --global user.email "argo@marcin00.pl" + git clone --depth 1 --branch $DEPLOY_REPO_BRANCH --single-branch $DEPLOY_REPO_URL repo + cd repo + awk -v commit="$CI_COMMIT_SHA" ' + $0 ~ /name:[[:space:]]*api/ { in_api_container = 1; print; next } + in_api_container && $0 ~ /^[[:space:]]*image:[[:space:]]*/ { + sub(/:[^:[:space:]]+$/, ":" commit) + in_api_container = 0 + print + next + } + { print } + ' deploy.yaml > deploy.tmp && mv deploy.tmp deploy.yaml + git add deploy.yaml + git diff-index --quiet HEAD || git commit -m "Argo: Changed deployed version to $CI_COMMIT_SHA" + git push origin $DEPLOY_REPO_BRANCH + volumeMounts: + - name: secrets-store + mountPath: "/mnt/secrets" + readOnly: true diff --git a/argo-workflows/source.yaml b/argo-workflows/webhook/source.yaml similarity index 100% rename from argo-workflows/source.yaml rename to argo-workflows/webhook/source.yaml diff --git a/argo-workflows/webhook-ingress.yaml b/argo-workflows/webhook/webhook-ingress.yaml similarity index 100% rename from argo-workflows/webhook-ingress.yaml rename to argo-workflows/webhook/webhook-ingress.yaml diff --git a/argo-workflows/service.yaml b/argo-workflows/webhook/webhook-service.yaml similarity index 100% rename from argo-workflows/service.yaml rename to argo-workflows/webhook/webhook-service.yaml