Automatically setup a Github webhook URL for the Build

deploy/600-github-trigger.yaml

@@ -0,0 +1,84 @@
+apiVersion: triggers.tekton.dev/v1alpha1
+kind: ClusterTriggerBinding
+metadata:
+  name: shipwright-executor
+spec:
+  params:
+    - name: git-revision
+      value: $(body.head_commit.id)
+    - name: git-tree
+      value: $(body.ref)
+---
+apiVersion: tekton.dev/v1beta1
+kind: ClusterTask
+metadata:
+  name: shipwright-executor
+spec:
+  params:
+    - default: main
+      description: The git revision of the source code
+      name: git_revision
+      type: string
+    - description: The git revision of the source code
+      name: git_tree
+      type: string
+    - default: latest
+      description: The OpenShift Version to use
+      name: VERSION
+      type: string
+  steps:
+    - image: >-
+        image-registry.openshift-image-registry.svc:5000/openshift/cli:$(params.VERSION)
+      name: oc
+      resources: {}
+      script: >
+        #!/usr/bin/env bash
+        [[ "$(workspaces.manifest-dir.bound)" == "true" ]] && \
+        cd $(workspaces.manifest-dir.path)
+        [[ "$(workspaces.kubeconfig-dir.bound)" == "true" ]] && \
+        [[ -f $(workspaces.kubeconfig-dir.path)/kubeconfig ]] && \
+        export KUBECONFIG=$(workspaces.kubeconfig-dir.path)/kubeconfig
+        export realbranch=$(echo $(params.git_tree) | rev | cut -d/ -f1 | rev)
+        echo
+        "{\"apiVersion\":\"shipwright.io\/v1alpha1\",\"kind\":\"Build\",\"metadata\":{\"name\":\"build-webhook-$realbranch\"},\"spec\":{\"builder\":{\"image\":\"docker.io\/centos\/nodejs-10-centos7\"},\"output\":{\"credentials\":{\"name\":\"my-docker-credentials\"},\"image\":\"docker.io\/sbose78\/sample-nodejs\"},\"source\":{\"contextDir\":\"source-build\/\",\"url\":\"https:\/\/github.com\/sbose78\/sample-nodejs\",\"revision\":\"$realbranch\"},\"strategy\":{\"kind\":\"ClusterBuildStrategy\",\"name\":\"source-to-image\"}}}"
+        | kubectl apply -f -
+        echo
+        "{\"apiVersion\":\"shipwright.io\/v1alpha1\",\"kind\":\"BuildRun\",\"metadata\":{\"name\":\"buildrun-webhook-$(params.git_revision)\"},\"spec\":{\"buildRef\":{\"name\":\"build-webhook-$realbranch\"},\"output\":{\"image\":\"docker.io\/sbose78\/sample-nodejs:$realbranch\",\"credentials\":{\"name\":\"my-docker-credentials\"}}}}"
+        | kubectl apply -f -
+  workspaces:
+    - description: >-
+        The workspace which contains kubernetes manifests which we want to apply
+        on the cluster.
+      name: manifest-dir
+      optional: true
+    - description: >-
+        The workspace which contains the the kubeconfig file if in case we want
+        to run the oc command on another cluster.
+      name: kubeconfig-dir
+      optional: true
+---
+# TODO: Add permission objects so that the TaskRun's service account 
+# is able to create Shipwright resources.
+# General RBAC updates, should be merged into 200-role.yaml
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: shipwright-triggers
+rules:
+- apiGroups: ["triggers.tekton.dev"]
+  resources: ["eventlisteners","triggertemplates"]
+  verbs: ["create","list", "get", "patch", "delete"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: shipwright-triggers
+subjects:
+  - kind: ServiceAccount
+    name: shipwright-build-controller
+    namespace: shipwright-build
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: shipwright-triggers
+---

go.mod

@@ -15,6 +15,7 @@ require (
 	github.com/prometheus/client_model v0.2.0
 	github.com/spf13/pflag v1.0.5
 	github.com/tektoncd/pipeline v0.27.3
+	github.com/tektoncd/triggers v0.14.2
 	go.uber.org/zap v1.19.1
 	k8s.io/api v0.20.11
 	k8s.io/apimachinery v0.20.11

pkg/controller/controller.go

@@ -8,9 +8,7 @@ import (
 	"context"
 
 	pipelinev1beta1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1"
-
-	"k8s.io/client-go/rest"
-	"sigs.k8s.io/controller-runtime/pkg/manager"
+	triggersapi "github.com/tektoncd/triggers/pkg/apis/triggers/v1alpha1"
 
 	"github.com/shipwright-io/build/pkg/apis"
 	"github.com/shipwright-io/build/pkg/config"
@@ -19,6 +17,8 @@ import (
 	"github.com/shipwright-io/build/pkg/reconciler/buildrun"
 	"github.com/shipwright-io/build/pkg/reconciler/buildstrategy"
 	"github.com/shipwright-io/build/pkg/reconciler/clusterbuildstrategy"
+	"k8s.io/client-go/rest"
+	"sigs.k8s.io/controller-runtime/pkg/manager"
 )
 
 // NewManager add all the controllers to the manager and register the required schemes
@@ -41,6 +41,10 @@ func NewManager(ctx context.Context, config *config.Config, cfg *rest.Config, op
 		return nil, err
 	}
 
+	if err := triggersapi.AddToScheme(mgr.GetScheme()); err != nil {
+		return nil, err
+	}
+
 	// Setup Scheme for all resources
 	if err := apis.AddToScheme(mgr.GetScheme()); err != nil {
 		return nil, err

pkg/reconciler/build/build.go

@@ -6,9 +6,12 @@ package build
 
 import (
 	"context"
+	"encoding/json"
+	"strings"
 
 	corev1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
@@ -19,6 +22,9 @@ import (
 	"github.com/shipwright-io/build/pkg/ctxlog"
 	buildmetrics "github.com/shipwright-io/build/pkg/metrics"
 	"github.com/shipwright-io/build/pkg/validate"
+
+	taskrunapi "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1"
+	triggersapi "github.com/tektoncd/triggers/pkg/apis/triggers/v1alpha1"
 )
 
 // ReconcileBuild reconciles a Build object
@@ -102,6 +108,113 @@ func (r *ReconcileBuild) Reconcile(request reconcile.Request) (reconcile.Result,
 		}
 	}
 
+	if !strings.Contains(b.Name, "webhook") {
+		// If the name of the Build resource contains the substring
+		// "webhook", it implies that this was created out of a webhook event.
+		// Really, poor man's way of avoiding an infinite loop.
+
+		resourceTemplateTaskRun := taskrunapi.TaskRun{
+			ObjectMeta: v1.ObjectMeta{
+				GenerateName: b.Name + "-",
+				Namespace:    b.Namespace,
+			},
+			TypeMeta: v1.TypeMeta{
+				Kind:       "TaskRun",
+				APIVersion: taskrunapi.SchemeGroupVersion.Group + "/" + taskrunapi.SchemeGroupVersion.Version,
+			},
+			Spec: taskrunapi.TaskRunSpec{
+				Params: []taskrunapi.Param{
+					{
+						Name: "git_revision",
+						Value: taskrunapi.ArrayOrString{
+							Type:      taskrunapi.ParamTypeString,
+							StringVal: "$(tt.params.git-revision)",
+						},
+					},
+					{
+						Name: "git_tree",
+						Value: taskrunapi.ArrayOrString{
+							Type:      taskrunapi.ParamTypeString,
+							StringVal: "$(tt.params.git-tree)",
+						},
+					},
+				},
+
+				// ClusterTask "shipwright-executor" is a ClusterTask which
+				// creates the appropriate BuildRun ( and Build, since embedded buildSpec is not
+				// supported in BuildRuns yet ).
+				TaskRef: &taskrunapi.TaskRef{
+					Name:       "shipwright-executor",
+					Kind:       "ClusterTask",
+					APIVersion: "tekton.dev/v1beta1",
+				},
+			},
+		}
+
+		resourceTemplateTaskRunBytes, err := json.Marshal(resourceTemplateTaskRun)
+		if err != nil {
+			// fail silently for now.
+			ctxlog.Error(ctx, err, "Failed to convert TaskRun resource", namespace, request.Namespace, name, request.Name)
+		}
+
+		triggerTemplate := triggersapi.TriggerTemplate{}
+		triggerTemplate.Name = b.Name
+		triggerTemplate.Namespace = b.Namespace
+		triggerTemplate.Spec = triggersapi.TriggerTemplateSpec{
+			Params: []triggersapi.ParamSpec{
+				{
+					Name: "git-revision",
+				},
+				{
+					Name: "git-tree",
+				},
+			},
+			ResourceTemplates: []triggersapi.TriggerResourceTemplate{
+				{
+					RawExtension: runtime.RawExtension{Raw: resourceTemplateTaskRunBytes},
+				},
+			},
+		}
+
+		err = r.client.Create(ctx, &triggerTemplate)
+		if err != nil {
+			// fail silently for now.
+			ctxlog.Error(ctx, err, "Failed to create TriggerTemplate", namespace, request.Namespace, name, request.Name)
+		}
+
+		eventListener := triggersapi.EventListener{
+			ObjectMeta: v1.ObjectMeta{
+				Name:      b.Name,
+				Namespace: b.Namespace,
+			},
+			Spec: triggersapi.EventListenerSpec{
+				// If left empty, the "default" service account would be used.
+				// Should leave his empty?
+				ServiceAccountName: "pipeline",
+				Triggers: []triggersapi.EventListenerTrigger{
+					{
+						Bindings: []*triggersapi.TriggerSpecBinding{
+							{
+								// ClusterTriggerBinding "shipwright-executor" will need
+								// to be shipped as part of the Shipwright installation.
+								Ref:  "shipwright-executor",
+								Kind: triggersapi.ClusterTriggerBindingKind,
+							},
+						},
+						Template: &triggersapi.TriggerSpecTemplate{
+							Ref: &triggerTemplate.Name,
+						},
+					},
+				},
+			},
+		}
+
+		err = r.client.Create(ctx, &eventListener)
+		if err != nil {
+			ctxlog.Error(ctx, err, "Failed to create EventListener", namespace, request.Namespace, name, request.Name)
+		}
+	}
+
 	b.Status.Registered = corev1.ConditionTrue
 	b.Status.Message = build.AllValidationsSucceeded
 	err = r.client.Status().Update(ctx, b)