diff --git a/workflows/codefresh-classic/CHANGELOG.md b/workflows/codefresh-classic/CHANGELOG.md index 49644694..2151c7bd 100644 --- a/workflows/codefresh-classic/CHANGELOG.md +++ b/workflows/codefresh-classic/CHANGELOG.md @@ -1,5 +1,12 @@ # Changelog +## v0.0.2 (26.4.2022) + +### sync-teams + +A wrapper on top of Codefresh cli synchronize teams operation. + + ## v0.0.1 (1.12.2021) ### run-pipeline diff --git a/workflows/codefresh-classic/versions/0.0.2/README.md b/workflows/codefresh-classic/versions/0.0.2/README.md new file mode 100644 index 00000000..2082c751 --- /dev/null +++ b/workflows/codefresh-classic/versions/0.0.2/README.md @@ -0,0 +1,16 @@ +# Codefresh Classic + +## Summary + +A wrapper on top of the Codefresh CLI run operation. The template provides the easy ability to trigger pipelines or do other Codefresh Classic actions. + +## Templates + +1. [run-pipeline](https://github.com/codefresh-io/argo-hub/blob/main/workflows/codefresh-classic/versions/0.0.2/docs/run-pipeline.md) +1. [run-pipeline](https://github.com/codefresh-io/argo-hub/blob/main/workflows/codefresh-classic/versions/0.0.2/docs/sync-team.md) + +## Security + +Minimal required permissions + +[Full rbac permissions list](https://github.com/codefresh-io/argo-hub/blob/main/workflows/codefresh-classic/versions/0.0.2/rbac.yaml) diff --git a/workflows/codefresh-classic/versions/0.0.2/docs/run-pipeline.md b/workflows/codefresh-classic/versions/0.0.2/docs/run-pipeline.md new file mode 100644 index 00000000..aa87ea4f --- /dev/null +++ b/workflows/codefresh-classic/versions/0.0.2/docs/run-pipeline.md @@ -0,0 +1,49 @@ +# run-pipeline + +## Summary +A wrapper on top of Codefresh cli run operation. + +The template provides the easy ability to trigger pipelines. + +## Inputs/Outputs + +### Inputs +* CF_API_KEY_SECRET (required) - K8s secret name that contains a key named `token` with codefresh [api key](https://codefresh.io/docs/docs/integrations/codefresh-api/#authentication-instructions). +* PIPELINE_NAME (required) - Pipeline name +* TRIGGER_NAME (required) - Trigger name +* CF_BRANCH (required) - Branch name +* EXTRA_OPTIONS (optional) - Additional cli flags +* VARIABLES (optional) - Variables to pass to the build + +### Outputs +no outputs + +## Examples + +### Submit a basic workflow +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: Workflow +metadata: + generateName: codefresh-classic-run-pipeline- +spec: + entrypoint: main + templates: + - name: main + dag: + tasks: + - name: hello-world + templateRef: + name: argo-hub.codefresh-classic.0.0.2 + template: run-pipeline + arguments: + parameters: + - name: CF_API_KEY_SECRET + value: codefresh-v1-api-token + - name: PIPELINE_NAME + value: pipeline-name + - name: TRIGGER_NAME + value: trigger-name + - name: CF_BRANCH + value: main +``` diff --git a/workflows/codefresh-classic/versions/0.0.2/docs/sync-team.md b/workflows/codefresh-classic/versions/0.0.2/docs/sync-team.md new file mode 100644 index 00000000..2c7345d0 --- /dev/null +++ b/workflows/codefresh-classic/versions/0.0.2/docs/sync-team.md @@ -0,0 +1,63 @@ +# run-pipeline + +## Summary +A wrapper on top of Codefresh cli [synchronize teams](https://codefresh-io.github.io/cli/teams/synchronize-teams/) operation. + +The template provides the easy ability to sync teams and can be run in a scheduled job. + +## Inputs/Outputs + +### Inputs +* CF_API_KEY_SECRET (required) - K8s secret name that contains a key named `token` with codefresh [api key](https://codefresh.io/docs/docs/integrations/codefresh-api/#authentication-instructions). +* PIPELINE_NAME (required) - Pipeline name +* TRIGGER_NAME (required) - Trigger name +* CF_BRANCH (required) - Branch name +* EXTRA_OPTIONS (optional) - Additional cli flags +* VARIABLES (optional) - Variables to pass to the build + +* GIT_TOKEN_SECRET (optional) - The secret with the token to synchronize a GitHub team with. value is `autopilot-secret` +* GIT_TOKEN_SECRET_KEY (optional) - They key in the `GIT_TOKEN_SECRET` secret that has the GitHub token. value is `git_token`. +* CF_V1_TOKEN_SECRET (required) - The secret with the codefresh token for API communication. value is `codefresh-v1-token` +* CF_V1_TOKEN_SECRET_KEY (required) - They key in the `CF_V1_TOKEN_SECRET` secret with the codefresh token for API communication. value is `token` +* CLIENT_NAME (required) - The name of the team in codefresh that we are syncing .value is `my-team` +* CLIENT_TYPE (required) - The type of team to sync (github, okta, or azure) value is `github` +* OPTIONAL_PARAMS (optional) - Any optional parameters for the sync command (i.e. `--disable-notifications`). value is empty + +### Outputs +no outputs + +## Examples + +### Submit a basic workflow +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: Workflow +metadata: + generateName: codefresh-classic-synchronize-teams- +spec: + entrypoint: main + templates: + - name: main + dag: + tasks: + - name: sync-my-team + templateRef: + name: argo-hub.codefresh-classic.0.0.2 + template: sync-team + arguments: + parameters: + - name: GIT_TOKEN_SECRET + value: 'autopilot-secret' + - name: GIT_TOKEN_SECRET_KEY + value: 'git_token' + - name: CF_V1_TOKEN_SECRET + value: 'codefresh-v1-token' + - name: CF_V1_TOKEN_SECRET_KEY + value: 'token' + - name: CLIENT_NAME + value: my-team + - name: CLIENT_TYPE + value: github # github, okta, azure + - name: OPTIONAL_PARAMS + value: "--disable-notifications" +``` diff --git a/workflows/codefresh-classic/versions/0.0.2/rbac.yaml b/workflows/codefresh-classic/versions/0.0.2/rbac.yaml new file mode 100644 index 00000000..051cf251 --- /dev/null +++ b/workflows/codefresh-classic/versions/0.0.2/rbac.yaml @@ -0,0 +1,49 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argo-hub.codefresh-classic.0.0.2 + annotations: + argo-hub/version: '0.0.2' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argo-hub.codefresh-classic.0.0.2 + annotations: + argo-hub/version: '0.0.2' +rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - watch + - patch + - apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argo-hub.codefresh-classic.0.0.2 + annotations: + argo-hub/version: '0.0.2' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-hub.codefresh-classic.0.0.2 +subjects: + - kind: ServiceAccount + name: argo-hub.codefresh-classic.0.0.2 diff --git a/workflows/codefresh-classic/versions/0.0.2/workflowTemplate.yaml b/workflows/codefresh-classic/versions/0.0.2/workflowTemplate.yaml new file mode 100644 index 00000000..2407f3dd --- /dev/null +++ b/workflows/codefresh-classic/versions/0.0.2/workflowTemplate.yaml @@ -0,0 +1,109 @@ +apiVersion: argoproj.io/v1alpha1 +kind: WorkflowTemplate +metadata: + name: argo-hub.codefresh-classic.0.0.2 + annotations: + argo-hub/version: '0.0.2' + argo-hub/description: 'Templates that execute operations against the Codefresh classic platform' + argo-hub/license: 'MIT' + argo-hub/owner_name: 'Itai Gendler' + argo-hub/owner_email: 'itai@codefresh.io' + argo-hub/owner_avatar: 'https://avatars.githubusercontent.com/u/10414627?s=120&v=4' + argo-hub/owner_url: 'https://github.com/itai-codefresh' + argo-hub/categories: 'codefresh' + argo-hub/icon_url: "https://cdn.jsdelivr.net/gh/codefresh-io/argo-hub@main/workflows/codefresh-classic/assets/icon.svg" + argo-hub/icon_background: "#f4f4f4" +spec: + templates: + - name: run-pipeline + serviceAccountName: argo-hub.codefresh-classic.0.0.2 + metadata: + annotations: + argo-hub-template/description: 'A wrapper on top of Codefresh cli run operation' + argo-hub-template/icon_url: "https://cdn.jsdelivr.net/gh/codefresh-io/argo-hub@main/workflows/codefresh-classic/assets/icon.svg" + argo-hub-template/icon_background: "#f4f4f4" + inputs: + parameters: + - name: CF_API_KEY_SECRET + - name: PIPELINE_NAME + - name: TRIGGER_NAME + - name: CF_BRANCH + - name: EXTRA_OPTIONS + default: '' + - name: VARIABLES + default: '' + script: + name: main + imagePullPolicy: Always + image: codefresh/cli + env: + - name: VARIABLES + value: '{{ inputs.parameters.VARIABLES }}' + - name: CF_API_KEY + valueFrom: + secretKeyRef: + name: '{{ inputs.parameters.CF_API_KEY_SECRET }}' + key: token + command: [sh] + source: | + codefresh \ + run \ + '{{ inputs.parameters.PIPELINE_NAME }}' \ + '-b={{ inputs.parameters.CF_BRANCH }}' \ + '-t={{ inputs.parameters.TRIGGER_NAME }}' \ + $(echo $VARIABLES | sed 's/,/ /g' | sed -E 's/(^|[ ])/ -v /g') \ + '{{ inputs.parameters.EXTRA_OPTIONS }}' + + - name: sync-team + serviceAccountName: argo-hub.codefresh-classic.0.0.2 + metadata: + annotations: + argo-hub-template/description: 'A wrapper on top of Codefresh cli synchronize teams operation' + argo-hub-template/icon_url: "https://cdn.jsdelivr.net/gh/codefresh-io/argo-hub@main/workflows/codefresh-classic/assets/icon.svg" + argo-hub-template/icon_background: "#f4f4f4" + inputs: + parameters: + - name: GIT_TOKEN_SECRET + default: 'autopilot-secret' + - name: GIT_TOKEN_SECRET_KEY + default: 'git_token' + - name: CF_V1_TOKEN_SECRET + default: 'codefresh-v1-token' + - name: CF_V1_TOKEN_SECRET_KEY + default: 'token' + - name: CLIENT_NAME + default: my-team + - name: CLIENT_TYPE + default: github # github, okta, azure + - name: OPTIONAL_PARAMS + default: " " + # --disable-notifications + script: + image: codefresh/cli + imagePullPolicy: Always + command: [ bash ] + env: + - name: CLIENT_NAME + value: '{{ inputs.parameters.CLIENT_NAME }}' + - name: CLIENT_TYPE + value: '{{ inputs.parameters.CLIENT_TYPE }}' + - name: CF_API_KEY + valueFrom: + secretKeyRef: + name: '{{ inputs.parameters.CF_V1_TOKEN_SECRET }}' + key: '{{ inputs.parameters.CF_V1_TOKEN_SECRET_KEY }}' + - name: OPTIONAL_PARAMS + value: '{{ inputs.parameters.OPTIONAL_PARAMS }}' + - name: GIT_TOKEN + valueFrom: + secretKeyRef: + name: '{{ inputs.parameters.GIT_TOKEN_SECRET }}' + key: '{{ inputs.parameters.GIT_TOKEN_SECRET_KEY }}' + optional: true + # https://codefresh-io.github.io/cli/teams/synchronize-teams/ + source: | + # If we are using github and the token exists/is non-empty + if [ ${CLIENT_TYPE} == 'github' ] && [ ! -z ${GIT_TOKEN} ] ; then + OPTIONAL_PARAMS="${OPTIONAL_PARAMS} --access-token ${GIT_TOKEN}" + fi + codefresh synchronize teams ${CLIENT_NAME} --client-type ${CLIENT_TYPE} ${OPTIONAL_PARAMS} \ No newline at end of file