chore: enable Github trigger listener

.github/workflows/deploy_tools_chart.yaml

@@ -21,4 +21,4 @@ jobs:
           openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
           insecure_skip_tls_verify: true
       - run: |
-          helm upgrade ccbc-tools helm/ccbc-tools --install --atomic -n ${{ secrets.NAMESPACE_PREFIX }}-tools --set namespacePrefix=${{ secrets.NAMESPACE_PREFIX }}
+          helm upgrade ccbc-tools helm/ccbc-tools --install --atomic -n ${{ secrets.NAMESPACE_PREFIX }}-tools --set namespacePrefix=${{ secrets.NAMESPACE_PREFIX }} --set deployer.githubToken=${{ secrets.TEKTON_GITHUB}} --set deployer.headerSecret=${{ secrets.JIRA_SECRET }}

helm/ccbc-tools/templates/ci-cd/buildconfig.yaml

@@ -0,0 +1,28 @@
+kind: BuildConfig
+apiVersion: build.openshift.io/v1
+metadata:
+  name: python-3-11-with-requests
+spec:
+  output:
+    to:
+      kind: ImageStreamTag
+      name: 'python-3-11-with-requests:latest'
+  resources:
+    limits:
+      cpu: 1
+      memory: 2Gi
+    requests:
+      cpu: 500m
+      memory: 1Gi
+  successfulBuildsHistoryLimit: 5
+  failedBuildsHistoryLimit: 5
+  strategy:
+    type: Docker
+    dockerStrategy: {}
+  postCommit: {}
+  source:
+    type: Dockerfile
+    dockerfile: |-
+      FROM python:3.11
+      RUN pip install requests
+  runPolicy: Serial

helm/ccbc-tools/templates/ci-cd/eventlistener.yaml

@@ -0,0 +1,23 @@
+apiVersion: triggers.tekton.dev/v1alpha1
+kind: EventListener
+metadata:
+  name: jira-sprint-done-event-listener
+spec:
+  triggers:
+    - bindings:
+        - kind: TriggerBinding
+          name: key
+          value: $(body.key)
+        - kind: TriggerBinding
+          name: signature
+          value: '$(header[''Ccbc-Jira-Header''])'
+      interceptors:
+        - params:
+            - name: filter
+              value: 'header[''Ccbc-Jira-Header''] != null'
+          ref:
+            kind: ClusterInterceptor
+            name: cel
+      name: trigger-github
+      template:
+        ref: trigger-github-merge-and-release

helm/ccbc-tools/templates/ci-cd/imagestream.yaml

@@ -0,0 +1,14 @@
+kind: ImageStream
+apiVersion: image.openshift.io/v1
+metadata:
+  name: python-3-11-with-requests
+spec:
+  lookupPolicy:
+    local: false
+  tags:
+    - name: latest
+      annotations: null
+      importPolicy:
+        importMode: Legacy
+      referencePolicy:
+        type: Source

helm/ccbc-tools/templates/ci-cd/route.yaml

@@ -0,0 +1,16 @@
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: ccbc-jira-sprint-done-el
+spec:
+  host: ccbc-jira-sprint-done-el.apps.silver.devops.gov.bc.ca
+  to:
+    kind: Service
+    name: el-jira-sprint-done-event-listener
+    weight: 100
+  port:
+    targetPort: http-listener
+  tls:
+    termination: edge
+    insecureEdgeTerminationPolicy: Redirect
+  wildcardPolicy: None

helm/ccbc-tools/templates/ci-cd/secret.yaml

@@ -0,0 +1,8 @@
+kind: Secret
+apiVersion: v1
+metadata:
+  name: trigger-deploy-secret
+data:
+  headerSecret: {{ .Values.deployer.headerSecret | b64enc | quote }}
+  githubToken: {{ .Values.deployer.githubToken | b64enc | quote }}
+type: Opaque

helm/ccbc-tools/templates/ci-cd/task.yaml

@@ -0,0 +1,59 @@
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: trigger-github-merge-and-release
+spec:
+  params:
+    - default: bcgov
+      description: Repo owner argument
+      name: arg1
+      type: string
+    - default: CONN-CCBC-portal
+      description: Repo name argument
+      name: arg2
+      type: string
+    - description: Branch name prefix (JIRA Key)
+      name: arg3
+      type: string
+    - description: Received header signature key passed from EL
+      name: arg4
+      type: string
+  steps:
+    - image: alpine/git
+      name: clone-repo
+      resources: {}
+      script: >
+        git clone --single-branch -b
+        main https://github.com/bcgov/CONN-CCBC-portal /workspace/source
+      volumeMounts:
+        - mountPath: /workspace/source
+          name: workspace
+    - args:
+        - /workspace/source/lib/ci_cd/merge_process.py
+        - $(params.arg1)
+        - $(params.arg2)
+        - $(params.arg3)
+        - $(params.arg4)
+      command:
+        - python
+      env:
+        - name: GITHUB_TOKEN
+          valueFrom:
+            secretKeyRef:
+              key: githubToken
+              name: trigger-deploy-secret
+        - name: HEADER_SECRET
+          valueFrom:
+            secretKeyRef:
+              key: headerSecret
+              name: trigger-deploy-secret
+      image: >-
+        image-registry.openshift-image-registry.svc:5000/ff61fb-tools/python-3-11-with-requests
+      name: run-python
+      resources: {}
+      volumeMounts:
+        - mountPath: /workspace/source
+          name: workspace
+  volumes:
+    - emptyDir: {}
+      name: workspace

helm/ccbc-tools/templates/ci-cd/triggertemplate.yaml

@@ -0,0 +1,23 @@
+apiVersion: triggers.tekton.dev/v1alpha1
+kind: TriggerTemplate
+metadata:
+  name: trigger-github-merge-and-release
+spec:
+  params:
+    - description: The issue key
+      name: key
+    - description: The header key
+      name: signature
+  resourcetemplates:
+    - apiVersion: tekton.dev/v1beta1
+      kind: TaskRun
+      metadata:
+        generateName: run-trigger-github-merge-and-release-
+      spec:
+        params:
+          - name: arg3
+            value: $(tt.params.key)
+          - name: arg4
+            value: $(tt.params.signature)
+        taskRef:
+          name: trigger-github-merge-and-release

helm/ccbc-tools/templates/deployer/deployerRole.yaml

@@ -214,5 +214,58 @@ rules:
     - update
     - patch
     - delete
+  - apiGroups:
+      - build.openshift.io
+    resources:
+      - buildconfigs
+    verbs:
+      - get
+      - list
+      - create
+      - update
+      - delete
+      - patch
+  - apiGroups:
+      - image.openshift.io
+    resources:
+      - imagestreams
+    verbs:
+      - get
+      - list
+      - create
+      - update
+      - delete
+      - patch
+  - apiGroups:
+      - tekton.dev
+    resources:
+      - tasks
+      - taskruns
+    verbs:
+      - create
+      - delete
+      - deletecollection
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - triggers.tekton.dev
+    resources:
+      - eventlisteners
+      - interceptors
+      - triggers
+      - triggerbindings
+      - triggertemplates
+    verbs:
+      - create
+      - delete
+      - deletecollection
+      - get
+      - list
+      - patch
+      - update
+      - watch
 
 {{ end }}

helm/ccbc-tools/values.yaml

@@ -3,6 +3,8 @@ namespacePrefix: ~
 deployer:
   serviceAccount:
     enabled: true
+  githubToken: '' # The GitHub token must be passed in via the deploy script
+  headerSecret: '' # The header secret must be passed in via the deploy script
 
 linter:
   serviceAccount: