Removed unused secret store

argo-workflows/acr-pusher.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: argo-workflows-user
+  namespace: argo

argo-workflows/argo-workflow-manager-role.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: argo
+  name: argo-workflow-manager
+rules:
+  - apiGroups: ["argoproj.io"]
+    resources: ["workflowtaskresults"]
+    verbs: ["create", "get", "list", "update", "patch", "delete"]
+  - apiGroups: ["argoproj.io"]
+    resources: ["workflows"]
+    verbs: ["create", "get", "list", "update", "patch", "delete"]

argo-workflows/build.yaml

@@ -0,0 +1,122 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Workflow
+metadata:
+  generateName: build-workflow-
+spec:
+  entrypoint: main
+  arguments:
+    parameters:
+      - name: repo
+        value: https://gitea.marcin00.pl/pikram/user-microservice.git
+      - name: branch
+        value: dev
+      - name: image
+        value: marcin00.azurecr.io/user-microservice
+      - name: acr-name
+        value: marcin00
+      - name: client-id # client-id of the user-assigned managed identity used by cluster
+        value: c302726f-fafb-4143-94c1-67a70975574a
+  serviceAccountName: argo-workflows-user
+  volumeClaimTemplates:
+  - metadata:
+      name: workspace
+    spec:
+      accessModes: [ "ReadWriteOnce" ]
+      resources:
+        requests:
+          storage: 128Mi
+  volumes:
+  - name: secrets-store
+    csi:
+      driver: secrets-store.csi.k8s.io
+      readOnly: true
+      volumeAttributes:
+        secretProviderClass: azure-keyvault
+  templates:
+
+  # Main steps sequence
+  - name: main
+    steps:
+      - - name: checkout
+          template: checkout
+          arguments:
+            parameters:
+              - name: repo
+                value: "{{workflow.parameters.repo}}"
+              - name: branch
+                value: "{{workflow.parameters.branch}}"
+      - - name: tests
+          template: tests
+      - - name: build-and-push-image
+          template: build-and-push-image
+          arguments:
+            parameters:
+              - name: git-sha
+                value: "{{steps.checkout.outputs.parameters.git-sha}}"
+
+  # GIT CHECKOUT
+  - name: checkout
+    inputs:
+      parameters:
+        - name: repo
+        - name: branch
+    container:
+      image: alpine/git
+      command: [sh,-c]
+      workingDir: /workspace
+      args:
+        - |
+          git clone --depth 1 --branch "{{inputs.parameters.branch}}" --single-branch "{{inputs.parameters.repo}}" repo
+          cd repo
+          git rev-parse HEAD > /tmp/gitsha.txt
+      volumeMounts:
+        - name: workspace
+          mountPath: /workspace
+    outputs:
+      parameters:
+        - name: git-sha
+          valueFrom:
+            path: /tmp/gitsha.txt
+
+  # PYTHON TESTS
+  - name: tests
+    script:
+      image: python:3.11.7-alpine
+      command: [sh]
+      workingDir: /workspace/repo/api
+      source: |
+        python3 -m venv env
+        source env/bin/activate
+        pip install -r requirements.txt pytest
+        python3 -m pytest --junit-xml=pytest_junit.xml
+      volumeMounts:
+        - name: workspace
+          mountPath: /workspace
+
+  # BUILD AND PUSH DOCKER IMAGE
+  - name: build-and-push-image
+    inputs:
+      parameters:
+        - name: git-sha
+    podSpecPatch: |
+      runtimeClassName: sysbox-runc
+    metadata:
+      annotations:
+        io.kubernetes.cri-o.userns-mode: "auto:size=65536"
+    container:
+      image: marcin00.azurecr.io/azure-cli-docker:slim-bookworm
+      command: [sh, -c]
+      workingDir: /workspace/repo
+      args:
+        - |
+          dockerd &
+          CI_COMMIT_SHA={{inputs.parameters.git-sha}}
+          DOCKER_IMAGE={{workflow.parameters.image}}:${CI_COMMIT_SHA}
+          docker build -t $DOCKER_IMAGE --build-arg APP_VERSION=${CI_COMMIT_SHA} --build-arg BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") .
+          
+          az login --identity --client-id {{workflow.parameters.client-id}}
+          az acr login --name {{workflow.parameters.acr-name}}
+          docker push ${DOCKER_IMAGE}
+      volumeMounts:
+        - name: workspace
+          mountPath: /workspace

argo-workflows/role-binding.yaml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: argo-workflows-role-binding
+  namespace: argo
+subjects:
+  - kind: ServiceAccount
+    name: argo-workflows-user
+    namespace: argo
+roleRef:
+  kind: Role
+  name: argo-workflow-manager
+  apiGroup: rbac.authorization.k8s.io