refactor!: remove Tekton

Replaced by Woodpecker CI. It turns out I don't need that much power
from Tekton's flexibility, so it's not worth the maintenance overhead
for my specific use case at home.

.ci/master.yaml

@@ -1,69 +0,0 @@
-apiVersion: tekton.dev/v1beta1
-kind: Pipeline
-metadata:
-  name: master
-spec:
-  workspaces:
-    - name: shared-data
-  tasks:
-    - name: clone
-      taskRef:
-        resolver: hub
-        params:
-          - name: kind
-            value: task
-          - name: name
-            value: git-clone
-          - name: version
-            value: "0.7"
-      workspaces:
-        - name: output
-          workspace: shared-data
-      params:
-        - name: url
-          value: $(params.git_url)
-        - name: revision
-          value: $(params.git_revision)
-    - name: tools
-      runAfter:
-        - clone
-      taskRef:
-        resolver: hub
-        params:
-          - name: kind
-            value: task
-          - name: name
-            value: kaniko
-          - name: version
-            value: "0.6"
-      params:
-        - name: DOCKERFILE
-          value: ./Dockerfile.tools
-        - name: IMAGE
-          value: &toolsImage registry.khuedoan.com/homelab-tools:$(params.git_revision)
-        - name: EXTRA_ARGS
-          value:
-            - --cache=true
-      workspaces:
-        - name: source
-          workspace: shared-data
-    - name: test
-      runAfter:
-        - clone
-        - tools
-      workspaces:
-        - name: source
-          workspace: shared-data
-      taskSpec:
-        workspaces:
-          - name: source
-        stepTemplate:
-          image: *toolsImage
-          workingDir: $(workspaces.source.path)
-        steps:
-          - name: pre-commit
-            command:
-              - nix-shell
-              - --command
-            args:
-              - "pre-commit run --color=always"

.ci/pull-request.yaml

@@ -1,69 +0,0 @@
-apiVersion: tekton.dev/v1beta1
-kind: Pipeline
-metadata:
-  name: pull-request
-spec:
-  workspaces:
-    - name: shared-data
-  tasks:
-    - name: clone
-      taskRef:
-        resolver: hub
-        params:
-          - name: kind
-            value: task
-          - name: name
-            value: git-clone
-          - name: version
-            value: "0.7"
-      workspaces:
-        - name: output
-          workspace: shared-data
-      params:
-        - name: url
-          value: $(params.git_url)
-        - name: revision
-          value: $(params.git_revision)
-    - name: tools
-      runAfter:
-        - clone
-      taskRef:
-        resolver: hub
-        params:
-          - name: kind
-            value: task
-          - name: name
-            value: kaniko
-          - name: version
-            value: "0.6"
-      params:
-        - name: DOCKERFILE
-          value: ./Dockerfile.tools
-        - name: IMAGE
-          value: &toolsImage registry.khuedoan.com/homelab-tools:$(params.git_revision)
-        - name: EXTRA_ARGS
-          value:
-            - --cache=true
-      workspaces:
-        - name: source
-          workspace: shared-data
-    - name: test
-      runAfter:
-        - clone
-        - tools
-      workspaces:
-        - name: source
-          workspace: shared-data
-      taskSpec:
-        workspaces:
-          - name: source
-        stepTemplate:
-          image: *toolsImage
-          workingDir: $(workspaces.source.path)
-        steps:
-          - name: pre-commit
-            command:
-              - nix-shell
-              - --command
-            args:
-              - "pre-commit run --color=always"

README.md

@@ -70,17 +70,17 @@ They can't capture all the project's features, but they are sufficient to get a
 | [![][homepage-demo]][homepage-demo]                                                         |
 | Homepage with Ingress discovery powered by [Hajimari](https://github.com/toboshii/hajimari) |
 | [![][grafana-demo]][grafana-demo]                                                           |
-| Monitoring dashboard powered by [Grafana](https://grafana.com/)                             |
+| Monitoring dashboard powered by [Grafana](https://grafana.com)                              |
 | [![][gitea-demo]][gitea-demo]                                                               |
-| Git server powered by [Gitea](https://gitea.io/en-us/)                                      |
+| Git server powered by [Gitea](https://gitea.io/en-us)                                       |
 | [![][matrix-demo]][matrix-demo]                                                             |
 | [Matrix](https://matrix.org/) chat server                                                   |
-| [![][tekton-demo]][tekton-demo]                                                             |
-| Continuous integration with [Tekton](https://tekton.dev/)                                   |
+| [![][woodpecker-demo]][woodpecker-demo]                                                     |
+| Continuous integration with [Woodpecker CI](https://woodpecker-ci.org)                      |
 | [![][argocd-demo]][argocd-demo]                                                             |
-| Continuous deployment with [ArgoCD](https://argoproj.github.io/cd/)                         |
+| Continuous deployment with [ArgoCD](https://argoproj.github.io/cd)                          |
 | [![][lens-demo]][lens-demo]                                                                 |
-| Cluster management using [Lens](https://k8slens.dev/)                                       |
+| Cluster management using [Lens](https://k8slens.dev)                                        |
 
 [deploy-demo]: https://asciinema.org/a/xkBRkwC6e9RAzVuMDXH3nGHp7.svg
 [pxe-demo]: https://user-images.githubusercontent.com/27996771/157303477-df2e7410-8f02-4648-a86c-71e6b7e89e35.png
@@ -88,7 +88,7 @@ They can't capture all the project's features, but they are sufficient to get a
 [grafana-demo]: https://user-images.githubusercontent.com/27996771/149446631-1c5d056b-1fdc-48e6-96ba-e1abe1762be0.png
 [gitea-demo]: https://user-images.githubusercontent.com/27996771/149444871-38889c9d-862f-41ff-8c05-8ece21da3e9c.png
 [matrix-demo]: https://user-images.githubusercontent.com/27996771/149448510-7163310c-2049-4ccd-901d-f11f605bfc32.png
-[tekton-demo]: https://user-images.githubusercontent.com/27996771/149445374-58fd0605-bb9a-46e4-81d6-5e584d2b94a9.png
+[woodpecker-demo]: https://github.com/khuedoan/homelab/assets/27996771/5d887688-d20a-44c8-8f77-0c625527dfe4
 [argocd-demo]: https://user-images.githubusercontent.com/27996771/149444716-fc0d7282-4cf7-4ddb-97a4-1a3fb47ff2b8.png
 [lens-demo]: https://user-images.githubusercontent.com/27996771/149448896-9d79947d-468c-45c6-a81d-b43654e8ab6b.png
 
@@ -201,9 +201,9 @@ They can't capture all the project's features, but they are sufficient to get a
         <td>Automatically update dependencies</td>
     </tr>
     <tr>
-        <td><img width="32" src="https://avatars.githubusercontent.com/u/47602533?s=200&v=4"></td>
-        <td><a href="https://tekton.dev">Tekton</a></td>
-        <td>Cloud native solution for building CI/CD systems</td>
+        <td><img width="32" src="https://avatars.githubusercontent.com/u/84780935?s=200&v=4"></td>
+        <td><a href="https://woodpecker-ci.org">Woodpecker CI</a></td>
+        <td>Simple yet powerful CI/CD engine with great extensibility</td>
     </tr>
     <tr>
         <td><img width="32" src="https://docs.zerotier.com/img/ZeroTierIcon.png"></td>

docs/reference/architecture/overview.md

@@ -81,7 +81,7 @@ flowchart TD
 
   subgraph platform
     Gitea
-    Tekton
+    Woodpecker
     Grafana
   end
 

docs/reference/roadmap.md

@@ -36,7 +36,7 @@ Good enough for tinkering and personal usage, and reasonably secure.
     - [ ] 70% availability (might break in the weekend due to new experimentation)
 - [x] Core applications
     - [x] Gitea
-    - [x] Tekton
+    - [x] Woodpecker
     - [x] Private container registry
     - [x] Homepage
 

external/namespaces.yml

@@ -11,5 +11,4 @@
         - cloudflared
         - external-dns
         - k8up-operator
-        - tekton-pipelines
         - zerotier

platform/gitea/files/config/config.yaml

@@ -18,13 +18,11 @@ repositories:
     migrate:
       source: https://github.com/khuedoan/homelab
       mirror: false
-    hook: true
   - name: blog
     owner: khuedoan
     migrate:
       source: https://github.com/khuedoan/blog
       mirror: true
-    hook: true
   - name: backstage
     owner: khuedoan
     migrate:

platform/gitea/files/config/main.go

@@ -23,7 +23,6 @@ type Repository struct {
 		Source string
 		Mirror bool
 	}
-	Hook bool
 }
 
 type Config struct {
@@ -49,7 +48,6 @@ func main() {
 	gitea_host := os.Getenv("GITEA_HOST")
 	gitea_user := os.Getenv("GITEA_USER")
 	gitea_password := os.Getenv("GITEA_PASSWORD")
-	webhook_token := os.Getenv("WEBHOOK_TOKEN")
 
 	options := (gitea.SetBasicAuth(gitea_user, gitea_password))
 	client, err := gitea.NewClient(gitea_host, options)
@@ -91,32 +89,5 @@ func main() {
 				Private: repo.Private,
 			})
 		}
-
-		if repo.Hook {
-			hooks, _, _ := client.ListRepoHooks(repo.Owner, repo.Name, gitea.ListHooksOptions{})
-			if len(hooks) == 0 {
-				_, _, err = client.CreateRepoHook(repo.Owner, repo.Name, gitea.CreateHookOption{
-					Type: gitea.HookTypeGitea,
-					Config: map[string]string{
-						"url": "http://el-workflows-listener.tekton-workflows:8080",
-						"http_method": "post",
-						"content_type": "json",
-						"secret": webhook_token,
-					},
-					Events: []string{
-						"create",
-						"delete",
-						"push",
-						"pull_request",
-					},
-					BranchFilter: "*",
-					Active: true,
-				})
-
-				if err != nil {
-					log.Printf("Create hook %s/%s: %v", repo.Owner, repo.Name, err)
-				}
-			}
-		}
 	}
 }

platform/gitea/templates/config-job.yaml

@@ -26,11 +26,6 @@ spec:
                 secretKeyRef:
                   name: gitea-admin-secret
                   key: password
-            - name: WEBHOOK_TOKEN
-              valueFrom:
-                secretKeyRef:
-                  name: gitea-webhook-secret
-                  key: token
           workingDir: /go/src/gitea-config
           command:
             - sh

platform/gitea/templates/webhook-secret.yaml

@@ -1,14 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: gitea-webhook-secret
-  namespace: {{ .Release.Namespace }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: global-secrets
-  data:
-    - secretKey: token
-      remoteRef:
-        key: tekton.webhook
-        property: token

platform/global-secrets/files/secret-generator/config.yaml

@@ -19,13 +19,6 @@
       length: 32
       special: true
 
-# Tekton
-- name: tekton.webhook
-  data:
-    - key: token
-      length: 32
-      special: false
-
 # Woodpecker
 - name: woodpecker.agent
   data:

platform/tekton-pipelines/clusterrolebinding.yaml

@@ -1,12 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: terraform-admin
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: cluster-admin # TODO reduce tekton permission
-subjects:
-  - kind: ServiceAccount
-    name: tekton-admin
-    namespace: tekton-pipelines

platform/tekton-pipelines/ingress.yaml

@@ -1,25 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: tekton-dashboard
-  namespace: tekton-pipelines
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-prod
-    hajimari.io/appName: Tekton
-    hajimari.io/icon: robot-industrial
-spec:
-  ingressClassName: nginx
-  rules:
-    - host: &host tekton.khuedoan.com
-      http:
-        paths:
-          - pathType: ImplementationSpecific
-            backend:
-              service:
-                name: tekton-dashboard
-                port:
-                  name: http
-  tls:
-    - hosts:
-        - *host
-      secretName: tekton-tls-certificate

platform/tekton-pipelines/kustomization.yaml

@@ -1,21 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
-  # Pipeline
-  - https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
-  # Triggers
-  - https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml
-  - https://storage.googleapis.com/tekton-releases/triggers/latest/interceptors.yaml
-  # Dashboard
-  - https://storage.googleapis.com/tekton-releases/dashboard/latest/release-full.yaml
-  - ingress.yaml
-  # Service account
-  - serviceaccount.yaml
-  - clusterrolebinding.yaml
-  # Workflow
-  - https://storage.googleapis.com/tekton-releases-nightly/workflows/latest/release.yaml
-  # Pre-defined workflows
-  - workflows/webhook-secret.yaml
-  - workflows/master.yaml
-  - workflows/pull-request.yaml

platform/tekton-pipelines/serviceaccount.yaml

@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: tekton-admin

platform/tekton-pipelines/workflows/master.yaml

@@ -1,50 +0,0 @@
-apiVersion: workflows.tekton.dev/v1alpha1
-kind: Workflow
-metadata:
-  name: master
-  namespace: tekton-workflows
-spec:
-  triggers:
-    - event:
-        type: push
-        secret:
-          secretName: webhook-secret
-          secretKey: token
-      filters:
-        # TODO Gitea doesn't have refs/head/ prefix, use gitRef after this is fixed
-        # https://github.com/tektoncd/experimental/blob/3644c43377239bb639ec4191acc04fcf3aafb3f2/workflows/pkg/filters/filters.go#L44-L46
-        gitRef:
-          regex: '^master$'
-        # custom:
-        #   - cel: "body.ref.matches('^master$')"
-      bindings:
-        - name: git_url
-          value: $(body.repository.clone_url)
-        - name: git_revision
-          value: $(body.after)
-  params:
-    - name: git_url
-      # TODO don't need default, but invalid mem address if remove this
-      default: https://git.khuedoan.com/foo/bar
-    - name: git_revision
-      default: master
-  pipelineRef:
-    resolver: git
-    params:
-      # TODO ???
-      # supposed to be param. or body., looks like it's not working in v1alpha1 yet
-      - name: url
-        value: $(tt.params.git_url)
-      - name: revision
-        value: $(tt.params.git_revision)
-      - name: pathInRepo
-        value: .ci/master.yaml
-  workspaces:
-    - name: shared-data
-      volumeClaimTemplate:
-        spec:
-          accessModes:
-            - ReadWriteOnce
-          resources:
-            requests:
-              storage: 128Mi

platform/tekton-pipelines/workflows/pull-request.yaml

@@ -1,43 +0,0 @@
-apiVersion: workflows.tekton.dev/v1alpha1
-kind: Workflow
-metadata:
-  name: pull-request
-  namespace: tekton-workflows
-spec:
-  triggers:
-    - event:
-        type: pull_request
-        secret:
-          secretName: webhook-secret
-          secretKey: token
-      bindings:
-        - name: git_url
-          value: $(body.repository.clone_url)
-        - name: git_revision
-          value: $(body.pull_request.head.sha)
-  params:
-    - name: git_url
-      # TODO don't need default, but invalid mem address if remove this
-      default: https://git.khuedoan.com/foo/bar
-    - name: git_revision
-      default: master
-  pipelineRef:
-    resolver: git
-    params:
-      # TODO ???
-      # supposed to be param. or body., looks like it's not working in v1alpha1 yet
-      - name: url
-        value: $(tt.params.git_url)
-      - name: revision
-        value: $(tt.params.git_revision)
-      - name: pathInRepo
-        value: .ci/pull-request.yaml
-  workspaces:
-    - name: shared-data
-      volumeClaimTemplate:
-        spec:
-          accessModes:
-            - ReadWriteOnce
-          resources:
-            requests:
-              storage: 128Mi

platform/tekton-pipelines/workflows/webhook-secret.yaml

@@ -1,14 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: webhook-secret
-  namespace: tekton-workflows
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: global-secrets
-  data:
-    - secretKey: token
-      remoteRef:
-        key: tekton.webhook
-        property: token

scripts/take-screenshots

@@ -25,10 +25,6 @@ apps = [
         'name': 'argocd',
         'url': 'https://argocd.khuedoan.com/applications/root'
     },
-    {
-        'name': 'tekton',
-        'url': 'https://tekton.khuedoan.com/#/namespaces/tekton-pipelines/pipelineruns/homelab?pipelineTask=external&step=plan'
-    },
     {
         'name': 'matrix',
         'url': 'https://chat.khuedoan.com/#/room/#random:matrix.khuedoan.com'

test/smoke_test.go

@@ -23,7 +23,6 @@ func TestSmoke(t *testing.T) {
 		{"hajimari", "hajimari"},
 		{"kanidm", "kanidm"},
 		{"registry-docker-registry", "registry"},
-		{"tekton-dashboard", "tekton-pipelines"},
 	}
 
 	for _, app := range mainApps {