ci: Add Tekton GH PR pipeline

.tekton/github-interceptor-secret.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: github-interceptor-secret
+type: Opaque
+stringData:
+  # Always use a long, strong and random generated token
+  secretToken: "<--- TOKEN GOES HERE --->"

.tekton/github-pr-eventlistener.yaml

@@ -0,0 +1,102 @@
+apiVersion: triggers.tekton.dev/v1beta1
+kind: TriggerTemplate
+metadata:
+  name: github-pr-ruby-tracer-pipeline-template
+spec:
+  params:
+    - description: The git branch name
+      name: git-branch
+    - description: The git branch name shortened and converted to RFC 1123 subdomain names
+      name: git-branch-normalized
+    - description: The full sha of the git commit
+      name: git-commit-sha
+    - description: The short 7 digit sha of the git commit
+      name: git-commit-short-sha
+  resourcetemplates:
+    - apiVersion: tekton.dev/v1
+      kind: PipelineRun
+      metadata:
+        # After variable resolution, this has to be maximum 63 character long,
+        # lower case, RFC 1123 subdomain name. The regex used for validation is
+        # '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'
+        name: ruby-tracer-pr-$(tt.params.git-branch-normalized)-$(tt.params.git-commit-short-sha)
+      spec:
+        params:
+        - name: revision
+          value: $(tt.params.git-branch)
+        - name: git-commit-sha
+          value: $(tt.params.git-commit-sha)
+        pipelineRef:
+          name: github-pr-ruby-tracer-ci-pipeline
+        workspaces:
+        - name: ruby-tracer-ci-pipeline-pvc
+          volumeClaimTemplate:
+            spec:
+              accessModes:
+                - ReadWriteOnce
+              resources:
+                requests:
+                  storage: 100Mi
+---
+apiVersion: triggers.tekton.dev/v1beta1
+kind: TriggerBinding
+metadata:
+  name: github-pr-ruby-tracer-binding
+spec:
+  params:
+    - name: git-branch
+      value: $(body.pull_request.head.ref)
+    - name: git-branch-normalized
+      value: $(extensions.git_branch_normalized)
+    - name: git-commit-sha
+      value: $(body.pull_request.head.sha)
+    - name: git-commit-short-sha
+      value: $(extensions.truncated_sha)
+---
+apiVersion: triggers.tekton.dev/v1beta1
+kind: EventListener
+metadata:
+  name: github-pr-ruby-eventlistener
+spec:
+  serviceAccountName: tekton-triggers-eventlistener-serviceaccount
+  triggers:
+    - name: github-pr-trigger
+      interceptors:
+        - name: receive-github-event
+          ref:
+            name: "github"
+          params:
+            - name: "secretRef"
+              value:
+                secretName: github-interceptor-secret
+                secretKey: secretToken
+            - name: "eventTypes"
+              value: ["pull_request"]
+        - name: filter-irrelevant-events
+          ref:
+            name: "cel"
+          params:
+            - name: "filter"
+              # We should not trigger on 'closed', 'assigned', 'unassigned', 'converted_to_draft'
+              value: "body.action in ['opened', 'synchronize', 'reopened']"
+        - name: add-truncated-sha
+          ref:
+            name: "cel"
+          params:
+            - name: "overlays"
+              value:
+              - key: truncated_sha
+                expression: "body.pull_request.head.sha.truncate(7)"
+        - name: add-normalized-branch-name
+          ref:
+            name: "cel"
+          params:
+            - name: "overlays"
+              value:
+              - key: git_branch_normalized
+                # The git branch name shortened and converted to RFC 1123 subdomain names
+                expression: 'body.pull_request.head.ref.truncate(38).lowerAscii().translate("_", "-")'
+      bindings:
+        - ref: github-pr-ruby-tracer-binding
+      template:
+        ref: github-pr-ruby-tracer-pipeline-template

.tekton/github-pr-pipeline.yaml.part

@@ -0,0 +1,38 @@
+apiVersion: tekton.dev/v1
+kind: Pipeline
+metadata:
+  name: github-pr-ruby-tracer-ci-pipeline
+spec:
+  params:
+  - name: revision
+    type: string
+  - name: git-commit-sha
+    type: string
+  workspaces:
+    - name: ruby-tracer-ci-pipeline-pvc
+  tasks:
+    - name: github-set-check-status-to-pending
+      taskRef:
+        kind: Task
+        name: github-set-status
+      params:
+      - name: SHA
+        value: $(params.git-commit-sha)
+      - name: STATE
+        value: pending
+      - name: REPO
+        value: instana/ruby-sensor
+    - name: github-set-check-status-to-success-or-failure
+      runAfter:
+      - github-set-check-status-to-pending
+      - unittest-rails-postgres
+      taskRef:
+        kind: Task
+        name: github-set-status
+      params:
+      - name: SHA
+        value: $(params.git-commit-sha)
+      - name: STATE
+        value: success
+      - name: REPO
+        value: instana/ruby-sensor

.tekton/github-set-status-task.yaml

@@ -0,0 +1,43 @@
+---
+apiVersion: tekton.dev/v1
+kind: Task
+metadata:
+  name: github-set-status
+spec:
+  params:
+  - name: SHA
+  - name: STATE
+  - name: REPO
+  volumes:
+  - name: githubtoken
+    secret:
+      secretName: githubtoken
+  steps:
+    - name: set-status
+      # curlimages/curl:8.6.0
+      image: curlimages/curl@sha256:f2237028bed58de91f62aea74260bb2a299cf12fbcabc23cfaf125fef276c884
+      env:
+      - name: SHA
+        value: $(params.SHA)
+      - name: STATE
+        value: $(params.STATE)
+      - name: REPO
+        value: $(params.REPO)
+      volumeMounts:
+        - name: githubtoken
+          mountPath: /etc/github-set-status
+      script: |
+        #!/bin/sh
+        curl -L \
+             -X POST \
+             -H "Accept: application/vnd.github+json" \
+             -H "Authorization: Bearer $(cat /etc/github-set-status/token)" \
+             -H "Content-Type: application/json" \
+             -H "X-GitHub-Api-Version: 2022-11-28" \
+             "https://api.github.com/repos/${REPO}/statuses/${SHA}" \
+             -d '{
+                   "state":"'${STATE}'",
+                   "target_url":"http://localhost:8001/api/v1/namespaces/tekton-pipelines/services/tekton-dashboard:http/proxy/#/namespaces/default/pipelineruns/",
+                   "description":"Tekton build is in state: '${STATE}'",
+                   "context":"Tekton"
+                 }'

.tekton/github-webhook-ingress.yaml

@@ -0,0 +1,20 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: github-pr-ruby-webhook-ingress
+spec:
+  ingressClassName: public-iks-k8s-nginx
+  tls:
+  - hosts:
+    - <ENTER_YOUR_DOMAIN_NAME_HERE>
+  rules:
+    - host: <ENTER_YOUR_DOMAIN_NAME_HERE>
+      http:
+        paths:
+          - path: /github-pr-ruby-hooks
+            pathType: Exact
+            backend:
+              service:
+                name: el-github-pr-ruby-eventlistener
+                port:
+                  number: 8080

.tekton/tekton-triggers-eventlistener-serviceaccount.yaml

@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tekton-triggers-eventlistener-serviceaccount
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: tekton-triggers-eventlistener-serviceaccount-binding
+subjects:
+- kind: ServiceAccount
+  name: tekton-triggers-eventlistener-serviceaccount
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: tekton-triggers-eventlistener-roles
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: tekton-triggers-eventlistener-serviceaccount-clusterbinding
+subjects:
+- kind: ServiceAccount
+  name: tekton-triggers-eventlistener-serviceaccount
+  namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: tekton-triggers-eventlistener-clusterroles