From b98060294d394be422efb6e4824eacbeb6bcc233 Mon Sep 17 00:00:00 2001 From: Khue Doan Date: Mon, 8 Jan 2024 23:37:12 +0700 Subject: [PATCH] refactor!: remove Tekton Replaced by Woodpecker CI. It turns out I don't need that much power from Tekton's flexibility, so it's not worth the maintenance overhead for my specific use case at home. --- .ci/master.yaml | 69 ------------------- .ci/pull-request.yaml | 69 ------------------- README.md | 20 +++--- docs/reference/architecture/overview.md | 2 +- docs/reference/roadmap.md | 2 +- external/namespaces.yml | 1 - platform/gitea/files/config/config.yaml | 2 - platform/gitea/files/config/main.go | 29 -------- platform/gitea/templates/config-job.yaml | 5 -- platform/gitea/templates/webhook-secret.yaml | 14 ---- .../files/secret-generator/config.yaml | 7 -- .../tekton-pipelines/clusterrolebinding.yaml | 12 ---- platform/tekton-pipelines/ingress.yaml | 25 ------- platform/tekton-pipelines/kustomization.yaml | 21 ------ platform/tekton-pipelines/serviceaccount.yaml | 4 -- .../tekton-pipelines/workflows/master.yaml | 50 -------------- .../workflows/pull-request.yaml | 43 ------------ .../workflows/webhook-secret.yaml | 14 ---- scripts/take-screenshots | 4 -- test/smoke_test.go | 1 - 20 files changed, 12 insertions(+), 382 deletions(-) delete mode 100644 .ci/master.yaml delete mode 100644 .ci/pull-request.yaml delete mode 100644 platform/gitea/templates/webhook-secret.yaml delete mode 100644 platform/tekton-pipelines/clusterrolebinding.yaml delete mode 100644 platform/tekton-pipelines/ingress.yaml delete mode 100644 platform/tekton-pipelines/kustomization.yaml delete mode 100644 platform/tekton-pipelines/serviceaccount.yaml delete mode 100644 platform/tekton-pipelines/workflows/master.yaml delete mode 100644 platform/tekton-pipelines/workflows/pull-request.yaml delete mode 100644 platform/tekton-pipelines/workflows/webhook-secret.yaml diff --git a/.ci/master.yaml b/.ci/master.yaml deleted file mode 100644 index f6380b5b..00000000 --- a/.ci/master.yaml +++ /dev/null @@ -1,69 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Pipeline -metadata: - name: master -spec: - workspaces: - - name: shared-data - tasks: - - name: clone - taskRef: - resolver: hub - params: - - name: kind - value: task - - name: name - value: git-clone - - name: version - value: "0.7" - workspaces: - - name: output - workspace: shared-data - params: - - name: url - value: $(params.git_url) - - name: revision - value: $(params.git_revision) - - name: tools - runAfter: - - clone - taskRef: - resolver: hub - params: - - name: kind - value: task - - name: name - value: kaniko - - name: version - value: "0.6" - params: - - name: DOCKERFILE - value: ./Dockerfile.tools - - name: IMAGE - value: &toolsImage registry.khuedoan.com/homelab-tools:$(params.git_revision) - - name: EXTRA_ARGS - value: - - --cache=true - workspaces: - - name: source - workspace: shared-data - - name: test - runAfter: - - clone - - tools - workspaces: - - name: source - workspace: shared-data - taskSpec: - workspaces: - - name: source - stepTemplate: - image: *toolsImage - workingDir: $(workspaces.source.path) - steps: - - name: pre-commit - command: - - nix-shell - - --command - args: - - "pre-commit run --color=always" diff --git a/.ci/pull-request.yaml b/.ci/pull-request.yaml deleted file mode 100644 index 8e73acc6..00000000 --- a/.ci/pull-request.yaml +++ /dev/null @@ -1,69 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Pipeline -metadata: - name: pull-request -spec: - workspaces: - - name: shared-data - tasks: - - name: clone - taskRef: - resolver: hub - params: - - name: kind - value: task - - name: name - value: git-clone - - name: version - value: "0.7" - workspaces: - - name: output - workspace: shared-data - params: - - name: url - value: $(params.git_url) - - name: revision - value: $(params.git_revision) - - name: tools - runAfter: - - clone - taskRef: - resolver: hub - params: - - name: kind - value: task - - name: name - value: kaniko - - name: version - value: "0.6" - params: - - name: DOCKERFILE - value: ./Dockerfile.tools - - name: IMAGE - value: &toolsImage registry.khuedoan.com/homelab-tools:$(params.git_revision) - - name: EXTRA_ARGS - value: - - --cache=true - workspaces: - - name: source - workspace: shared-data - - name: test - runAfter: - - clone - - tools - workspaces: - - name: source - workspace: shared-data - taskSpec: - workspaces: - - name: source - stepTemplate: - image: *toolsImage - workingDir: $(workspaces.source.path) - steps: - - name: pre-commit - command: - - nix-shell - - --command - args: - - "pre-commit run --color=always" diff --git a/README.md b/README.md index 08c08007..8cf05f66 100644 --- a/README.md +++ b/README.md @@ -70,17 +70,17 @@ They can't capture all the project's features, but they are sufficient to get a | [![][homepage-demo]][homepage-demo] | | Homepage with Ingress discovery powered by [Hajimari](https://github.com/toboshii/hajimari) | | [![][grafana-demo]][grafana-demo] | -| Monitoring dashboard powered by [Grafana](https://grafana.com/) | +| Monitoring dashboard powered by [Grafana](https://grafana.com) | | [![][gitea-demo]][gitea-demo] | -| Git server powered by [Gitea](https://gitea.io/en-us/) | +| Git server powered by [Gitea](https://gitea.io/en-us) | | [![][matrix-demo]][matrix-demo] | | [Matrix](https://matrix.org/) chat server | -| [![][tekton-demo]][tekton-demo] | -| Continuous integration with [Tekton](https://tekton.dev/) | +| [![][woodpecker-demo]][woodpecker-demo] | +| Continuous integration with [Woodpecker CI](https://woodpecker-ci.org) | | [![][argocd-demo]][argocd-demo] | -| Continuous deployment with [ArgoCD](https://argoproj.github.io/cd/) | +| Continuous deployment with [ArgoCD](https://argoproj.github.io/cd) | | [![][lens-demo]][lens-demo] | -| Cluster management using [Lens](https://k8slens.dev/) | +| Cluster management using [Lens](https://k8slens.dev) | [deploy-demo]: https://asciinema.org/a/xkBRkwC6e9RAzVuMDXH3nGHp7.svg [pxe-demo]: https://user-images.githubusercontent.com/27996771/157303477-df2e7410-8f02-4648-a86c-71e6b7e89e35.png @@ -88,7 +88,7 @@ They can't capture all the project's features, but they are sufficient to get a [grafana-demo]: https://user-images.githubusercontent.com/27996771/149446631-1c5d056b-1fdc-48e6-96ba-e1abe1762be0.png [gitea-demo]: https://user-images.githubusercontent.com/27996771/149444871-38889c9d-862f-41ff-8c05-8ece21da3e9c.png [matrix-demo]: https://user-images.githubusercontent.com/27996771/149448510-7163310c-2049-4ccd-901d-f11f605bfc32.png -[tekton-demo]: https://user-images.githubusercontent.com/27996771/149445374-58fd0605-bb9a-46e4-81d6-5e584d2b94a9.png +[woodpecker-demo]: https://github.com/khuedoan/homelab/assets/27996771/5d887688-d20a-44c8-8f77-0c625527dfe4 [argocd-demo]: https://user-images.githubusercontent.com/27996771/149444716-fc0d7282-4cf7-4ddb-97a4-1a3fb47ff2b8.png [lens-demo]: https://user-images.githubusercontent.com/27996771/149448896-9d79947d-468c-45c6-a81d-b43654e8ab6b.png @@ -201,9 +201,9 @@ They can't capture all the project's features, but they are sufficient to get a Automatically update dependencies - - Tekton - Cloud native solution for building CI/CD systems + + Woodpecker CI + Simple yet powerful CI/CD engine with great extensibility diff --git a/docs/reference/architecture/overview.md b/docs/reference/architecture/overview.md index e9fc5341..3043829f 100644 --- a/docs/reference/architecture/overview.md +++ b/docs/reference/architecture/overview.md @@ -81,7 +81,7 @@ flowchart TD subgraph platform Gitea - Tekton + Woodpecker Grafana end diff --git a/docs/reference/roadmap.md b/docs/reference/roadmap.md index 90d6edee..d10cb57e 100644 --- a/docs/reference/roadmap.md +++ b/docs/reference/roadmap.md @@ -36,7 +36,7 @@ Good enough for tinkering and personal usage, and reasonably secure. - [ ] 70% availability (might break in the weekend due to new experimentation) - [x] Core applications - [x] Gitea - - [x] Tekton + - [x] Woodpecker - [x] Private container registry - [x] Homepage diff --git a/external/namespaces.yml b/external/namespaces.yml index 2932ee90..d15edd51 100644 --- a/external/namespaces.yml +++ b/external/namespaces.yml @@ -11,5 +11,4 @@ - cloudflared - external-dns - k8up-operator - - tekton-pipelines - zerotier diff --git a/platform/gitea/files/config/config.yaml b/platform/gitea/files/config/config.yaml index 219725ad..4b033edf 100644 --- a/platform/gitea/files/config/config.yaml +++ b/platform/gitea/files/config/config.yaml @@ -18,13 +18,11 @@ repositories: migrate: source: https://github.com/khuedoan/homelab mirror: false - hook: true - name: blog owner: khuedoan migrate: source: https://github.com/khuedoan/blog mirror: true - hook: true - name: backstage owner: khuedoan migrate: diff --git a/platform/gitea/files/config/main.go b/platform/gitea/files/config/main.go index 384c35bf..2ff804b3 100644 --- a/platform/gitea/files/config/main.go +++ b/platform/gitea/files/config/main.go @@ -23,7 +23,6 @@ type Repository struct { Source string Mirror bool } - Hook bool } type Config struct { @@ -49,7 +48,6 @@ func main() { gitea_host := os.Getenv("GITEA_HOST") gitea_user := os.Getenv("GITEA_USER") gitea_password := os.Getenv("GITEA_PASSWORD") - webhook_token := os.Getenv("WEBHOOK_TOKEN") options := (gitea.SetBasicAuth(gitea_user, gitea_password)) client, err := gitea.NewClient(gitea_host, options) @@ -91,32 +89,5 @@ func main() { Private: repo.Private, }) } - - if repo.Hook { - hooks, _, _ := client.ListRepoHooks(repo.Owner, repo.Name, gitea.ListHooksOptions{}) - if len(hooks) == 0 { - _, _, err = client.CreateRepoHook(repo.Owner, repo.Name, gitea.CreateHookOption{ - Type: gitea.HookTypeGitea, - Config: map[string]string{ - "url": "http://el-workflows-listener.tekton-workflows:8080", - "http_method": "post", - "content_type": "json", - "secret": webhook_token, - }, - Events: []string{ - "create", - "delete", - "push", - "pull_request", - }, - BranchFilter: "*", - Active: true, - }) - - if err != nil { - log.Printf("Create hook %s/%s: %v", repo.Owner, repo.Name, err) - } - } - } } } diff --git a/platform/gitea/templates/config-job.yaml b/platform/gitea/templates/config-job.yaml index 157110a1..becaf122 100644 --- a/platform/gitea/templates/config-job.yaml +++ b/platform/gitea/templates/config-job.yaml @@ -26,11 +26,6 @@ spec: secretKeyRef: name: gitea-admin-secret key: password - - name: WEBHOOK_TOKEN - valueFrom: - secretKeyRef: - name: gitea-webhook-secret - key: token workingDir: /go/src/gitea-config command: - sh diff --git a/platform/gitea/templates/webhook-secret.yaml b/platform/gitea/templates/webhook-secret.yaml deleted file mode 100644 index 7192dce3..00000000 --- a/platform/gitea/templates/webhook-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: gitea-webhook-secret - namespace: {{ .Release.Namespace }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: global-secrets - data: - - secretKey: token - remoteRef: - key: tekton.webhook - property: token diff --git a/platform/global-secrets/files/secret-generator/config.yaml b/platform/global-secrets/files/secret-generator/config.yaml index 93441b1d..afb7c025 100644 --- a/platform/global-secrets/files/secret-generator/config.yaml +++ b/platform/global-secrets/files/secret-generator/config.yaml @@ -19,13 +19,6 @@ length: 32 special: true -# Tekton -- name: tekton.webhook - data: - - key: token - length: 32 - special: false - # Woodpecker - name: woodpecker.agent data: diff --git a/platform/tekton-pipelines/clusterrolebinding.yaml b/platform/tekton-pipelines/clusterrolebinding.yaml deleted file mode 100644 index 6632ee26..00000000 --- a/platform/tekton-pipelines/clusterrolebinding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: terraform-admin -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin # TODO reduce tekton permission -subjects: - - kind: ServiceAccount - name: tekton-admin - namespace: tekton-pipelines diff --git a/platform/tekton-pipelines/ingress.yaml b/platform/tekton-pipelines/ingress.yaml deleted file mode 100644 index c8761ea4..00000000 --- a/platform/tekton-pipelines/ingress.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: tekton-dashboard - namespace: tekton-pipelines - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - hajimari.io/appName: Tekton - hajimari.io/icon: robot-industrial -spec: - ingressClassName: nginx - rules: - - host: &host tekton.khuedoan.com - http: - paths: - - pathType: ImplementationSpecific - backend: - service: - name: tekton-dashboard - port: - name: http - tls: - - hosts: - - *host - secretName: tekton-tls-certificate diff --git a/platform/tekton-pipelines/kustomization.yaml b/platform/tekton-pipelines/kustomization.yaml deleted file mode 100644 index e7b618a9..00000000 --- a/platform/tekton-pipelines/kustomization.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - # Pipeline - - https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml - # Triggers - - https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml - - https://storage.googleapis.com/tekton-releases/triggers/latest/interceptors.yaml - # Dashboard - - https://storage.googleapis.com/tekton-releases/dashboard/latest/release-full.yaml - - ingress.yaml - # Service account - - serviceaccount.yaml - - clusterrolebinding.yaml - # Workflow - - https://storage.googleapis.com/tekton-releases-nightly/workflows/latest/release.yaml - # Pre-defined workflows - - workflows/webhook-secret.yaml - - workflows/master.yaml - - workflows/pull-request.yaml diff --git a/platform/tekton-pipelines/serviceaccount.yaml b/platform/tekton-pipelines/serviceaccount.yaml deleted file mode 100644 index 7b731756..00000000 --- a/platform/tekton-pipelines/serviceaccount.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: tekton-admin diff --git a/platform/tekton-pipelines/workflows/master.yaml b/platform/tekton-pipelines/workflows/master.yaml deleted file mode 100644 index 0ccd0dfc..00000000 --- a/platform/tekton-pipelines/workflows/master.yaml +++ /dev/null @@ -1,50 +0,0 @@ -apiVersion: workflows.tekton.dev/v1alpha1 -kind: Workflow -metadata: - name: master - namespace: tekton-workflows -spec: - triggers: - - event: - type: push - secret: - secretName: webhook-secret - secretKey: token - filters: - # TODO Gitea doesn't have refs/head/ prefix, use gitRef after this is fixed - # https://github.com/tektoncd/experimental/blob/3644c43377239bb639ec4191acc04fcf3aafb3f2/workflows/pkg/filters/filters.go#L44-L46 - gitRef: - regex: '^master$' - # custom: - # - cel: "body.ref.matches('^master$')" - bindings: - - name: git_url - value: $(body.repository.clone_url) - - name: git_revision - value: $(body.after) - params: - - name: git_url - # TODO don't need default, but invalid mem address if remove this - default: https://git.khuedoan.com/foo/bar - - name: git_revision - default: master - pipelineRef: - resolver: git - params: - # TODO ??? - # supposed to be param. or body., looks like it's not working in v1alpha1 yet - - name: url - value: $(tt.params.git_url) - - name: revision - value: $(tt.params.git_revision) - - name: pathInRepo - value: .ci/master.yaml - workspaces: - - name: shared-data - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 128Mi diff --git a/platform/tekton-pipelines/workflows/pull-request.yaml b/platform/tekton-pipelines/workflows/pull-request.yaml deleted file mode 100644 index 1a88e268..00000000 --- a/platform/tekton-pipelines/workflows/pull-request.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: workflows.tekton.dev/v1alpha1 -kind: Workflow -metadata: - name: pull-request - namespace: tekton-workflows -spec: - triggers: - - event: - type: pull_request - secret: - secretName: webhook-secret - secretKey: token - bindings: - - name: git_url - value: $(body.repository.clone_url) - - name: git_revision - value: $(body.pull_request.head.sha) - params: - - name: git_url - # TODO don't need default, but invalid mem address if remove this - default: https://git.khuedoan.com/foo/bar - - name: git_revision - default: master - pipelineRef: - resolver: git - params: - # TODO ??? - # supposed to be param. or body., looks like it's not working in v1alpha1 yet - - name: url - value: $(tt.params.git_url) - - name: revision - value: $(tt.params.git_revision) - - name: pathInRepo - value: .ci/pull-request.yaml - workspaces: - - name: shared-data - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 128Mi diff --git a/platform/tekton-pipelines/workflows/webhook-secret.yaml b/platform/tekton-pipelines/workflows/webhook-secret.yaml deleted file mode 100644 index 92abe41e..00000000 --- a/platform/tekton-pipelines/workflows/webhook-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: webhook-secret - namespace: tekton-workflows -spec: - secretStoreRef: - kind: ClusterSecretStore - name: global-secrets - data: - - secretKey: token - remoteRef: - key: tekton.webhook - property: token diff --git a/scripts/take-screenshots b/scripts/take-screenshots index 055309f8..145af9e6 100755 --- a/scripts/take-screenshots +++ b/scripts/take-screenshots @@ -25,10 +25,6 @@ apps = [ 'name': 'argocd', 'url': 'https://argocd.khuedoan.com/applications/root' }, - { - 'name': 'tekton', - 'url': 'https://tekton.khuedoan.com/#/namespaces/tekton-pipelines/pipelineruns/homelab?pipelineTask=external&step=plan' - }, { 'name': 'matrix', 'url': 'https://chat.khuedoan.com/#/room/#random:matrix.khuedoan.com' diff --git a/test/smoke_test.go b/test/smoke_test.go index 3df657ce..2e89f5cb 100644 --- a/test/smoke_test.go +++ b/test/smoke_test.go @@ -23,7 +23,6 @@ func TestSmoke(t *testing.T) { {"hajimari", "hajimari"}, {"kanidm", "kanidm"}, {"registry-docker-registry", "registry"}, - {"tekton-dashboard", "tekton-pipelines"}, } for _, app := range mainApps {