admin/neon-vortex
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add complete CI/CD pipeline with Tekton and Flux image automation
Some checks failed
Build and Push to Harbor / build-and-push (push) Has been cancelled
Details

Browse Source 
- Add Tekton pipeline and triggers for automated builds on git push
- Add Flux ImageRepository to track Harbor registry images
- Add Flux ImagePolicy for semantic versioning strategy
- Add Flux ImageUpdateAutomation to auto-update HelmRelease
- Update HelmRelease with image automation marker
- Add comprehensive CI/CD pipeline setup documentation

This enables automatic build and deployment when pushing to Gitea:
1. Gitea webhook triggers Tekton pipeline
2. Kaniko builds and pushes image to Harbor
3. Flux detects new image and updates deployment
4. Application automatically deploys to cluster

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Neon Vortex
2025-11-22 21:56:12 -05:00
parent 67a6ae146f
commit 473de53cff
6 changed files with 538 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

225
tekton-pipeline.yaml Normal file
View File

@@ -0,0 +1,225 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: tekton-build-sa
namespace: default
---
apiVersion: v1
kind: Secret
metadata:
name: gitea-webhook-secret
namespace: default
type: Opaque
stringData:
secretToken: "change-me-to-random-string"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: tekton-build-role
namespace: default
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
- apiGroups: ["batch"]
resources: ["jobs"]
verbs: ["create", "get", "list", "watch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: tekton-build-binding
namespace: default
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: tekton-build-role
subjects:
- kind: ServiceAccount
name: tekton-build-sa
namespace: default
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: kaniko-build
namespace: default
spec:
params:
- name: IMAGE
description: Name (reference) of the image to build
- name: DOCKERFILE
description: Path to the Dockerfile to build
default: ./Dockerfile
- name: CONTEXT
description: The build context used by Kaniko
default: ./
- name: EXTRA_ARGS
default: ""
- name: GIT_URL
description: Git repository URL
- name: GIT_REVISION
description: Git revision to checkout
default: main
workspaces:
- name: source
- name: dockerconfig
mountPath: /kaniko/.docker
steps:
- name: git-clone
image: alpine/git:latest
script: |
#!/bin/sh
set -e
cd $(workspaces.source.path)
git clone $(params.GIT_URL) .
git checkout $(params.GIT_REVISION)
echo "Cloned $(params.GIT_URL) at revision $(params.GIT_REVISION)"
- name: build-and-push
image: gcr.io/kaniko-project/executor:latest
args:
- $(params.EXTRA_ARGS)
- --dockerfile=$(params.DOCKERFILE)
- --context=$(workspaces.source.path)/$(params.CONTEXT)
- --destination=$(params.IMAGE)
- --cache=true
- --cache-repo=$(params.IMAGE)/cache
---
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: neon-vortex-build-pipeline
namespace: default
spec:
params:
- name: git-url
type: string
- name: git-revision
type: string
default: main
- name: image-name
type: string
- name: image-tag
type: string
workspaces:
- name: shared-workspace
- name: docker-credentials
tasks:
- name: build-image
taskRef:
name: kaniko-build
workspaces:
- name: source
workspace: shared-workspace
- name: dockerconfig
workspace: docker-credentials
params:
- name: IMAGE
value: "$(params.image-name):$(params.image-tag)"
- name: DOCKERFILE
value: "./htlm/Dockerfile"
- name: CONTEXT
value: "htlm"
- name: GIT_URL
value: "$(params.git-url)"
- name: GIT_REVISION
value: "$(params.git-revision)"
---
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerTemplate
metadata:
name: neon-vortex-trigger-template
namespace: default
spec:
params:
- name: git-revision
description: The git revision
- name: git-commit-message
description: The git commit message
- name: git-repo-url
description: The git repository url
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: neon-vortex-build-
namespace: default
spec:
serviceAccountName: tekton-build-sa
pipelineRef:
name: neon-vortex-build-pipeline
workspaces:
- name: shared-workspace
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
- name: docker-credentials
secret:
secretName: harbor-registry
params:
- name: git-url
value: $(tt.params.git-repo-url)
- name: git-revision
value: $(tt.params.git-revision)
- name: image-name
value: images.caffeinetux.com/apps/neon-vortex
- name: image-tag
value: v1.0.$(tt.params.git-revision)
---
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerBinding
metadata:
name: neon-vortex-trigger-binding
namespace: default
spec:
params:
- name: git-repo-url
value: $(body.repository.clone_url)
- name: git-revision
value: $(body.after)
- name: git-commit-message
value: $(body.head_commit.message)
---
apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
name: neon-vortex-listener
namespace: default
spec:
serviceAccountName: tekton-build-sa
triggers:
- name: gitea-push
interceptors:
- ref:
name: "gitea"
params:
- name: "secretRef"
value:
secretName: gitea-webhook-secret
secretKey: secretToken
- name: "eventTypes"
value: ["push"]
bindings:
- ref: neon-vortex-trigger-binding
template:
ref: neon-vortex-trigger-template
---
apiVersion: v1
kind: Service
metadata:
name: el-neon-vortex-listener
namespace: default
spec:
type: NodePort
ports:
- port: 8080
targetPort: 8080
nodePort: 30081
selector:
eventlistener: neon-vortex-listener