deploy shipwright triggers via operator

Author: jkhelil

README.md

@@ -36,11 +36,13 @@ Refer to the [ShipwrightBuild documentation](docs/shipwrightbuild.md) for more i
 
 The operator handles differents environment variables to customize Shiprwright controller installation:
 KO_DATA_PATH : defines the shipwright controller manifest to install
+INSTALL_TRIGGERS: if set to true the operator will install Shipwright Triggers
 IMAGE_SHIPWRIGHT_SHIPWRIGHT_BUILD : defines the Shipwright Build Controller Image to use
 IMAGE_SHIPWRIGHT_GIT_CONTAINER_IMAGE: defines the Shipwright Git Container Image to use
 IMAGE_SHIPWRIGHT_MUTATE_IMAGE_CONTAINER_IMAGE:  defines the Shipwright Mutate Image to use
 IMAGE_SHIPWRIGHT_BUNDLE_CONTAINER_IMAGE: defines the Shipwright Bundle Image to use
 IMAGE_SHIPWRIGHT_WAITER_CONTAINER_IMAGE: defines the Shipwright Waiter Image to use
+IMAGE_SHIPWRIGHT_SHIPWRIGHT_TRIGGERS: defines the Shipwright Triggers Image to use
 
 ## Contributing
 

bundle/manifests/shipwright-operator.clusterserviceversion.yaml

@@ -484,6 +484,38 @@ spec:
           - get
           - patch
           - update
+        - apiGroups:
+          - operator.tekton.dev
+          resources:
+          - customruns
+          verbs:
+          - get
+          - list
+          - watch
+        - apiGroups:
+          - operator.tekton.dev
+          resources:
+          - customruns/finalizers
+          verbs:
+          - patch
+          - update
+        - apiGroups:
+          - operator.tekton.dev
+          resources:
+          - customruns/status
+          verbs:
+          - patch
+          - update
+        - apiGroups:
+          - operator.tekton.dev
+          resources:
+          - pipelineruns
+          verbs:
+          - get
+          - list
+          - patch
+          - update
+          - watch
         - apiGroups:
           - operator.tekton.dev
           resources:

config/rbac/role.yaml

@@ -109,6 +109,38 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - operator.tekton.dev
+  resources:
+  - customruns
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - operator.tekton.dev
+  resources:
+  - customruns/finalizers
+  verbs:
+  - patch
+  - update
+- apiGroups:
+  - operator.tekton.dev
+  resources:
+  - customruns/status
+  verbs:
+  - patch
+  - update
+- apiGroups:
+  - operator.tekton.dev
+  resources:
+  - pipelineruns
+  verbs:
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - operator.tekton.dev
   resources:

controllers/shipwrightbuild_controller.go

@@ -219,13 +219,23 @@ func (r *ShipwrightBuildReconciler) setupManifestival(managerLogger logr.Logger)
 	if err != nil {
 		return err
 	}
+
 	buildManifest := filepath.Join(dataPath, "release.yaml")
 
 	r.Manifest, err = manifestival.NewManifest(
 		buildManifest,
 		manifestival.UseClient(client),
 		manifestival.UseLogger(logger),
 	)
+
+	if withTriggers() {
+		triggersManifest := filepath.Join(dataPath, "triggers.yaml")
+		m, err := manifestival.ManifestFrom(manifestival.Recursive(triggersManifest))
+		if err != nil {
+			return err
+		}
+		r.Manifest = r.Manifest.Append(m)
+	}
 	return err
 }
 

controllers/shipwrightbuild_controller_test.go

@@ -146,6 +146,7 @@ func testShipwrightBuildReconcilerReconcile(t *testing.T, targetNamespace string
 		{"IMAGE_SHIPWRIGHT_WAITER_CONTAINER_IMAGE", "ghcr.io/shipwright-io/build/waiter:nightly-2023-05-05-1683263383"},
 		{"IMAGE_SHIPWRIGHT_MUTATE_IMAGE_CONTAINER_IMAGE", "ghcr.io/shipwright-io/build/mutate-image:nightly-2023-04-18-1681794585"},
 		{"IMAGE_SHIPWRIGHT_BUNDLE_CONTAINER_IMAGE", "ghcr.io/shipwright-io/build/bundle:nightly-2023-05-05-1683263383"},
+		{"IMAGE_SHIPWRIGHT_SHIPWRIGHT_TRIGGERS", "quay.io/jkhelil/openshift-builds-triggers"},
 	}
 
 	t.Logf("Deploying Shipwright Controller against '%s' namespace", targetNamespace)

controllers/shipwrightbuild_rbac.go

@@ -26,3 +26,7 @@ package controllers
 // +kubebuilder:rbac:groups=operator.shipwright.io,resources=shipwrightbuilds/finalizers,verbs=update
 // +kubebuilder:rbac:groups=operator.shipwright.io,resources=shipwrightbuilds/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=operator.tekton.dev,resources=tektonconfigs,verbs=get;list;create
+// +kubebuilder:rbac:groups=operator.tekton.dev,resources=customruns,verbs=get;list;watch
+// +kubebuilder:rbac:groups=operator.tekton.dev,resources=customruns/finalizers,verbs=patch;update
+// +kubebuilder:rbac:groups=operator.tekton.dev,resources=customruns/status,verbs=patch;update
+// +kubebuilder:rbac:groups=operator.tekton.dev,resources=pipelineruns,verbs=get;list;patch;update;watch

controllers/util.go

@@ -15,6 +15,7 @@ import (
 // koDataPathEnv ko data-path environment variable.
 const (
 	koDataPathEnv         = "KO_DATA_PATH"
+	InstallTriggers       = "INSTALL_TRIGGERS"
 	ShipwrightImagePrefix = "IMAGE_SHIPWRIGHT_"
 )
 
@@ -117,3 +118,7 @@ func replaceContainersEnvImage(container corev1.Container, images map[string]str
 		}
 	}
 }
+
+func withTriggers() bool {
+	return os.Getenv(InstallTriggers) == "true"
+}

kodata/triggers.yaml

@@ -0,0 +1,214 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: shipwright-build
+  name: shipwright-triggers
+  labels:
+    app.kubernetes.io/name: shipwright-triggers
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: shipwright-triggers
+  name: shipwright-triggers
+rules:
+  - apiGroups:
+    - shipwright.io
+    resources:
+    - buildruns
+    verbs:
+    - create
+    - get
+    - list
+    - update
+    - watch
+  - apiGroups:
+    - shipwright.io
+    resources:
+    - builds
+    verbs:
+    - get
+    - list
+    - watch
+  - apiGroups:
+    - tekton.dev
+    resources:
+    - customruns
+    verbs:
+    - get
+    - list
+    - watch
+  - apiGroups:
+    - tekton.dev
+    resources:
+    - customruns/finalizers
+    verbs:
+    - patch
+    - update
+  - apiGroups:
+    - tekton.dev
+    resources:
+    - customruns/status
+    verbs:
+    - patch
+    - update
+  - apiGroups:
+    - tekton.dev
+    resources:
+    - pipelineruns
+    verbs:
+    - get
+    - list
+    - patch
+    - update
+    - watch
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: shipwright-triggers
+  labels:
+    app.kubernetes.io/name: shipwright-triggers
+subjects:
+  - kind: ServiceAccount
+    namespace: shipwright-build
+    name: shipwright-triggers
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: shipwright-triggers
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: shipwright-build
+  labels:
+    app.kubernetes.io/name: shipwright-triggers
+  name: shipwright-triggers
+rules:
+  - apiGroups:
+    - shipwright.io
+    resources:
+    - buildruns
+    verbs:
+    - create
+    - get
+    - list
+    - update
+    - watch
+  - apiGroups:
+    - shipwright.io
+    resources:
+    - builds
+    verbs:
+    - get
+    - list
+    - watch
+  - apiGroups:
+    - tekton.dev
+    resources:
+    - customruns
+    verbs:
+    - get
+    - list
+    - watch
+  - apiGroups:
+    - tekton.dev
+    resources:
+    - customruns/finalizers
+    verbs:
+    - patch
+    - update
+  - apiGroups:
+    - tekton.dev
+    resources:
+    - customruns/status
+    verbs:
+    - patch
+    - update
+  - apiGroups:
+    - tekton.dev
+    resources:
+    - pipelineruns
+    verbs:
+    - get
+    - list
+    - patch
+    - update
+    - watch
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  namespace: shipwright-build
+  name: shipwright-triggers
+  labels:
+    app.kubernetes.io/name: shipwright-triggers
+subjects:
+  - kind: ServiceAccount
+    namespace: shipwright-build
+    name: shipwright-triggers
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: shipwright-triggers
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: shipwright-build
+  name: shipwright-triggers
+  labels:
+    app.kubernetes.io/name: shipwright-triggers
+spec:
+  type: ClusterIP
+  ports:
+    - port: 80
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: shipwright-triggers
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: shipwright-build
+  name: shipwright-triggers
+  labels:
+    app.kubernetes.io/name: shipwright-triggers
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: shipwright-triggers
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: shipwright-triggers
+    spec:
+      serviceAccountName: shipwright-triggers
+      containers:
+        - name: shipwright-triggers
+          image: "quay.io/jkhelil/openshift-builds-triggers:latest"
+          args:
+            - --health-probe-bind-address
+            - ":8081"
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: webhook
+              containerPort: 80
+              protocol: TCP
+            - name: probe
+              containerPort: 8081
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: probe
+          readinessProbe:
+            httpGet:
+              path: /readyz
+              port: probe