apiVersion: argoproj.io/v1alpha1 kind: Sensor metadata: name: webhook-build namespace: argo-events spec: template: serviceAccountName: operate-workflow-sa dependencies: - name: gitea-push eventSourceName: webhook eventName: user-microservice triggers: - template: name: trigger-build-workflow k8s: group: argoproj.io version: v1alpha1 resource: workflows operation: create source: resource: apiVersion: argoproj.io/v1alpha1 kind: Workflow metadata: generateName: build-workflow- namespace: argo-events spec: entrypoint: main serviceAccountName: operate-workflow-sa volumeClaimTemplates: - metadata: name: workspace spec: accessModes: ["ReadWriteOnce"] resources: requests: storage: 128Mi volumes: - name: secrets-store csi: driver: secrets-store.csi.k8s.io readOnly: true volumeAttributes: secretProviderClass: azure-keyvault templates: - name: main steps: - - name: checkout template: checkout - - name: tests template: tests - - name: build-and-push-image template: build-and-push-image arguments: parameters: - name: git-sha value: "{{steps.checkout.outputs.parameters.git-sha}}" - - name: gitops-commit template: gitops-commit arguments: parameters: - name: git-sha value: "{{steps.checkout.outputs.parameters.git-sha}}" - name: checkout container: image: alpine/git command: [sh, -c] workingDir: /workspace env: - name: REPO_URL value: https://gitea.marcin00.pl/pikram/user-microservice.git - name: REPO_BRANCH value: argoworkflow-fluxcd args: - | git clone --depth 1 --branch "${REPO_BRANCH}" --single-branch "${REPO_URL}" repo cd repo git rev-parse HEAD > /tmp/gitsha.txt volumeMounts: - name: workspace mountPath: /workspace outputs: parameters: - name: git-sha valueFrom: path: /tmp/gitsha.txt - name: tests script: image: python:3.11.7-alpine command: [sh] workingDir: /workspace/repo/api source: | python3 -m venv env source env/bin/activate pip install -r requirements.txt pytest python3 -m pytest --junit-xml=pytest_junit.xml volumeMounts: - name: workspace mountPath: /workspace - name: build-and-push-image inputs: parameters: - name: git-sha podSpecPatch: | runtimeClassName: sysbox-runc metadata: annotations: io.kubernetes.cri-o.userns-mode: "auto:size=65536" container: image: marcin00.azurecr.io/azure-cli-docker:slim-bookworm command: [sh, -c] workingDir: /workspace/repo env: - name: DOCKER_IMAGE value: marcin00.azurecr.io/user-microservice:{{inputs.parameters.git-sha}} - name: CLIENT_ID value: c302726f-fafb-4143-94c1-67a70975574a - name: ACR_NAME value: marcin00 args: - | dockerd & docker build -t $DOCKER_IMAGE --build-arg APP_VERSION={{inputs.parameters.git-sha}} --build-arg BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") . az login --identity --client-id ${CLIENT_ID} az acr login --name ${ACR_NAME} docker push ${DOCKER_IMAGE} volumeMounts: - name: workspace mountPath: /workspace - name: gitops-commit inputs: parameters: - name: git-sha container: image: alpine/git command: [sh, -c] env: - name: DEPLOY_REPO_URL value: ssh://git@srv22.mikr.us:20343/pikram/user-microservice-deploy.git - name: DEPLOY_REPO_BRANCH value: argoworkflow-fluxcd - name: CI_COMMIT_SHA value: "{{inputs.parameters.git-sha}}" args: - | mkdir -p ~/.ssh cp /mnt/secrets/gitea-known-host ~/.ssh/known_hosts chmod 644 ~/.ssh/known_hosts cp /mnt/secrets/gitea-deploy-key ~/.ssh/id_ed25519 chmod 600 ~/.ssh/id_ed25519 git config --global user.name "argo[bot]" git config --global user.email "argo@marcin00.pl" git clone --depth 1 --branch $DEPLOY_REPO_BRANCH --single-branch $DEPLOY_REPO_URL repo cd repo/apps/user-microservice awk -v commit="$CI_COMMIT_SHA" ' $0 ~ /name:[[:space:]]*api/ { in_api_container = 1; print; next } in_api_container && $0 ~ /^[[:space:]]*image:[[:space:]]*/ { sub(/:[^:[:space:]]+$/, ":" commit) in_api_container = 0 print next } { print } ' deploy.yaml > deploy.tmp && mv deploy.tmp deploy.yaml git add deploy.yaml git diff-index --quiet HEAD || git commit -m "Argo: Changed deployed version to $CI_COMMIT_SHA" git push origin $DEPLOY_REPO_BRANCH volumeMounts: - name: secrets-store mountPath: "/mnt/secrets" readOnly: true