---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: tekton-build-sa
  namespace: default
---
apiVersion: v1
kind: Secret
metadata:
  name: gitea-webhook-secret
  namespace: default
type: Opaque
stringData:
  secretToken: "change-me-to-random-string"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: tekton-build-role
  namespace: default
rules:
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get"]
- apiGroups: ["batch"]
  resources: ["jobs"]
  verbs: ["create", "get", "list", "watch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: tekton-build-binding
  namespace: default
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: tekton-build-role
subjects:
- kind: ServiceAccount
  name: tekton-build-sa
  namespace: default
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: kaniko-build
  namespace: default
spec:
  params:
  - name: IMAGE
    description: Name (reference) of the image to build
  - name: DOCKERFILE
    description: Path to the Dockerfile to build
    default: ./Dockerfile
  - name: CONTEXT
    description: The build context used by Kaniko
    default: ./
  - name: EXTRA_ARGS
    default: ""
  - name: GIT_URL
    description: Git repository URL
  - name: GIT_REVISION
    description: Git revision to checkout
    default: main
  workspaces:
  - name: source
  - name: dockerconfig
    mountPath: /kaniko/.docker
  steps:
  - name: git-clone
    image: alpine/git:latest
    script: |
      #!/bin/sh
      set -e
      cd $(workspaces.source.path)
      git clone $(params.GIT_URL) .
      git checkout $(params.GIT_REVISION)
      echo "Cloned $(params.GIT_URL) at revision $(params.GIT_REVISION)"
  - name: build-and-push
    image: gcr.io/kaniko-project/executor:latest
    args:
    - $(params.EXTRA_ARGS)
    - --dockerfile=$(params.DOCKERFILE)
    - --context=$(workspaces.source.path)/$(params.CONTEXT)
    - --destination=$(params.IMAGE)
    - --cache=true
    - --cache-repo=$(params.IMAGE)/cache
---
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
  name: neon-vortex-build-pipeline
  namespace: default
spec:
  params:
  - name: git-url
    type: string
  - name: git-revision
    type: string
    default: main
  - name: image-name
    type: string
  - name: image-tag
    type: string
  workspaces:
  - name: shared-workspace
  - name: docker-credentials
  tasks:
  - name: build-image
    taskRef:
      name: kaniko-build
    workspaces:
    - name: source
      workspace: shared-workspace
    - name: dockerconfig
      workspace: docker-credentials
    params:
    - name: IMAGE
      value: "$(params.image-name):$(params.image-tag)"
    - name: DOCKERFILE
      value: "./htlm/Dockerfile"
    - name: CONTEXT
      value: "htlm"
    - name: GIT_URL
      value: "$(params.git-url)"
    - name: GIT_REVISION
      value: "$(params.git-revision)"
---
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerTemplate
metadata:
  name: neon-vortex-trigger-template
  namespace: default
spec:
  params:
  - name: git-revision
    description: The git revision
  - name: git-commit-message
    description: The git commit message
  - name: git-repo-url
    description: The git repository url
  resourcetemplates:
  - apiVersion: tekton.dev/v1beta1
    kind: PipelineRun
    metadata:
      generateName: neon-vortex-build-
      namespace: default
    spec:
      serviceAccountName: tekton-build-sa
      pipelineRef:
        name: neon-vortex-build-pipeline
      workspaces:
      - name: shared-workspace
        volumeClaimTemplate:
          spec:
            accessModes:
            - ReadWriteOnce
            resources:
              requests:
                storage: 1Gi
      - name: docker-credentials
        secret:
          secretName: harbor-registry
      params:
      - name: git-url
        value: $(tt.params.git-repo-url)
      - name: git-revision
        value: $(tt.params.git-revision)
      - name: image-name
        value: images.caffeinetux.com/apps/neon-vortex
      - name: image-tag
        value: v1.0.$(tt.params.git-revision)
---
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerBinding
metadata:
  name: neon-vortex-trigger-binding
  namespace: default
spec:
  params:
  - name: git-repo-url
    value: $(body.repository.clone_url)
  - name: git-revision
    value: $(body.after)
  - name: git-commit-message
    value: $(body.head_commit.message)
---
apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
  name: neon-vortex-listener
  namespace: default
spec:
  serviceAccountName: tekton-build-sa
  triggers:
  - name: gitea-push
    interceptors:
    - ref:
        name: "gitea"
      params:
      - name: "secretRef"
        value:
          secretName: gitea-webhook-secret
          secretKey: secretToken
      - name: "eventTypes"
        value: ["push"]
    bindings:
    - ref: neon-vortex-trigger-binding
    template:
      ref: neon-vortex-trigger-template
---
apiVersion: v1
kind: Service
metadata:
  name: el-neon-vortex-listener
  namespace: default
spec:
  type: NodePort
  ports:
  - port: 8080
    targetPort: 8080
    nodePort: 30081
  selector:
    eventlistener: neon-vortex-listener