Add tekton pipelines

charts/tekton-pipelines/templates/tasks/bootstrap-k3s.yml

@@ -0,0 +1,97 @@
+---
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: bootstrap-k3s
+  namespace: {{ .Values.pipelineNamespace }}
+  labels:
+    {{- include "tekton-pipelines.labels" . | nindent 4 }}
+spec:
+  params:
+    - name: namespace
+      type: string
+    - name: environment
+      type: string
+  steps:
+    - name: get-ssh-key-and-inventory
+      image: alpine/k8s:1.29.2
+      script: |-
+        #!/bin/sh
+        kubectl get secret "$(params.environment)"-ssh \
+          --namespace "$(params.namespace)" -o yaml \
+          | yq '.data.ssh_key' \
+          | base64 -d > /tmp/outputs/ssh_key
+        kubectl get secret "$(params.environment)"-ssh \
+          --namespace "$(params.namespace)" -o yaml \
+          | yq '.data."ssh_key.pub"' \
+          | base64 -d > /tmp/outputs/ssh_key.pub
+        kubectl get secret "$(params.environment)"-inventory \
+          --namespace "$(params.namespace)" -o yaml \
+          | yq '.data."inventory.yaml"' \
+          | base64 -d > /tmp/outputs/inventory.yaml
+        chmod 0600 /tmp/outputs/ssh_key
+        chmod 0600 /tmp/outputs/ssh_key.pub
+    - name: prepare-servers
+      image: git.badhouseplants.net/softplayer/softplayer-coskgne:latest
+      env:
+        - name: SP_ENV
+          value: $(params.environment)
+        - name: SP_CUSTOMER
+          value: $(params.namespace)
+        - name: ANSIBLE_INVENTORY
+          value: /tmp/outputs/inventory.yaml
+        - name: ANSIBE_PRIVATE_KEY_FILE
+          value: /tmp/outputs/ssh_key
+        - name: ANSIBLE_HOST_KEY_CHECKING
+          value: "false"
+      script: |
+        #!/bin/sh
+        ansible-playbook /src/playbooks/systems/system-bootstrap/playbook.yml
+    - name: prepare-k3s
+      env:
+        - name: SP_ENV
+          value: $(params.environment)
+        - name: SP_CUSTOMER
+          value: $(params.namespace)
+        - name: ANSIBLE_INVENTORY
+          value: /tmp/outputs/inventory.yaml
+        - name: ANSIBE_PRIVATE_KEY_FILE
+          value: /tmp/outputs/ssh_key
+        - name: ANSIBLE_HOST_KEY_CHECKING
+          value: "false"
+      image: git.badhouseplants.net/softplayer/softplayer-coskgne:latest
+      script: |-
+        #!/bin/sh
+        ansible-playbook /src/playbooks/systems/k3s-bootstrap/playbook.yml
+    - name: prepare-kubeconfig
+      env:
+        - name: SP_ENV
+          value: $(params.environment)
+        - name: SP_CUSTOMER
+          value: $(params.namespace)
+        - name: ANSIBLE_INVENTORY
+          value: /tmp/outputs/inventory.yaml
+        - name: ANSIBE_PRIVATE_KEY_FILE
+          value: /tmp/outputs/ssh_key
+        - name: ANSIBLE_HOST_KEY_CHECKING
+          value: "false"
+      image: git.badhouseplants.net/softplayer/softplayer-coskgne:latest
+      script: |-
+        #!/bin/sh
+        ansible-playbook /src/playbooks/other/k8s-create-user/playbook.yml
+    - name: save-kubeconfig
+      image: alpine/k8s:1.29.2
+      script: |-
+        #!/bin/sh
+        kubectl delete secret \
+          "$(params.environment)"-config \
+          --namespace "$(params.namespace)"
+        kubectl create secret generic \
+          "$(params.environment)"-config \
+          --namespace "$(params.namespace)" \
+          --from-file=kubeconfig=/tmp/outputs/admin-default-config
+  workspaces:
+    - name: outputs
+      description: A folder to store outputs
+      optional: false
+      mountPath: /tmp/outputs

charts/tekton-pipelines/templates/tasks/cleanup-hetzner-infra.yml

@@ -0,0 +1,44 @@
+---
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: cleanup-hetzner-infra
+  namespace: {{ .Values.pipelineNamespace }}
+  labels:
+    {{- include "tekton-pipelines.labels" . | nindent 4 }}
+spec:
+  params:
+    - name: namespace
+      type: string
+    - name: environment
+      type: string
+  steps:
+    - name: create-hetzner-infra
+      image: git.badhouseplants.net/softplayer/softplayer-coskgne:latest
+      env:
+        - name: SP_STATE
+          value: absent
+        - name: SP_ENV
+          value: $(params.environment)
+        - name: SP_CUSTOMER
+          value: $(params.namespace)
+        - name: SOPS_AGE_KEY
+          value: AGE-SECRET-KEY-1VXYUK7MAGR6KMZJ6ZMPD35EQ9LVXXKQ2HHE6Z8T828WWT03EH8LS6G9AS8
+      script: |-
+        #!/bin/sh
+        mkdir -p /tmp/outputs
+        ssh-keygen -t rsa -f /tmp/outputs/ssh_key -N ""
+        ansible-playbook /src/playbooks/providers/hetzner/playbook.yml || true
+    - name: remove-secrets
+      image: alpine/k8s:1.29.2
+      script: |-
+        #!/bin/sh
+        kubectl delete secret \
+          "$(params.environment)-inventory" \
+          --namespace "$(params.namespace)"
+        kubectl delete secret \
+          "$(params.environment)-ssh" \
+          --namespace "$(params.namespace)"
+        kubectl delete secret \
+          "$(params.environment)-config" \
+          --namespace "$(params.namespace)"

charts/tekton-pipelines/templates/tasks/deploy-helmfile-base.yml

@@ -0,0 +1,39 @@
+---
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: deploy-helmfile-base
+  namespace: {{ .Values.pipelineNamespace }}
+  labels:
+    {{- include "tekton-pipelines.labels" . | nindent 4 }}
+spec:
+  params:
+    - name: namespace
+      type: string
+    - name: environment
+      type: string
+  steps:
+    - name: get-ssh-key
+      image: alpine/k8s:1.29.2
+      script: |-
+        #!/bin/sh
+        kubectl get secret "$(params.environment)"-config \
+          --namespace "$(params.namespace)" -o yaml \
+          | yq '.data.kubeconfig' \
+          | base64 -d > /tmp/outputs/config
+        chmod 0600 /tmp/outputs/config
+    - name: deploy-helmfile
+      image: ghcr.io/helmfile/helmfile:v0.163.1
+      env:
+        - name: KUBECONFIG
+          value: /tmp/outputs/config
+      script: |-
+        #!/bin/sh
+        mkdir -p /src
+        git clone https://git.badhouseplants.net/softplayer/softplayer-helmfile.git /src/helmfile
+        cd /src/helmfile/workload && helmfile sync
+  workspaces:
+    - name: outputs
+      description: A folder to store outputs
+      optional: false
+      mountPath: /tmp/outputs

charts/tekton-pipelines/templates/tasks/generate-ssh-keys.yml

@@ -0,0 +1,49 @@
+---
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: generate-ssh-keys
+  namespace: tekton-pipelines
+  namespace: {{ .Values.pipelineNamespace }}
+  labels:
+    {{- include "tekton-pipelines.labels" . | nindent 4 }}
+spec:
+  description: |-
+    This task should prepare a ssh key that will be used for
+    bootstrapping wotkload nodes. If ssh-key secret already
+    exists, should not run
+  params:
+    - name: namespace
+      type: string
+    - name: environment
+      type: string
+  steps:
+    - name: check-whether-a-key-exists
+      image: alpine/k8s:1.29.2
+      script: |-
+        #!/bin/bash
+        if kubectl get secret "$(params.environment)-ssh"; then
+          echo 1 > /tmp/outputs/ready
+        fi
+    - name: prepare-ssh-key
+      image: git.badhouseplants.net/softplayer/softplayer-coskgne:latest
+      script: |-
+        #!/bin/bash
+        if ! [ -f /tmp/outputs/ready ]; then
+          ansible-playbook /src/playbooks/other/ssh-key-gen/playbook.yml
+        fi
+    - name: save-ssh-keys
+      image: alpine/k8s:1.29.2
+      script: |-
+        #!/bin/sh
+        if ! [ -f /tmp/outputs/ready ]; then
+          kubectl create secret generic \
+            "$(params.environment)"-ssh \
+            --namespace "$(params.namespace)" \
+            --from-file /tmp/outputs
+        fi
+  workspaces:
+    - name: ssh-keys
+      description: A folder to store ssh keys
+      optional: false
+      mountPath: /tmp/outputs

charts/tekton-pipelines/templates/tasks/prepare-hetzner-infra.yml

@@ -0,0 +1,54 @@
+---
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: prepare-hetzner-infra
+  namespace: {{ .Values.pipelineNamespace }}
+  labels:
+    {{- include "tekton-pipelines.labels" . | nindent 4 }}
+spec:
+  params:
+    - name: namespace
+      type: string
+    - name: environment
+      type: string
+  steps:
+    - name: get-ssh-key
+      image: alpine/k8s:1.29.2
+      script: |-
+        #!/bin/sh
+        kubectl get secret "$(params.environment)"-ssh \
+          --namespace "$(params.namespace)" -o yaml \
+          | yq '.data."ssh_key.pub"' \
+          | base64 -d > /tmp/outputs/ssh_key.pub
+        chmod 0600 /tmp/outputs/ssh_key.pub
+    - name: create-hetzner-infra
+      image: git.badhouseplants.net/softplayer/softplayer-coskgne:latest
+      env:
+        - name: SP_STATE
+          value: present
+        - name: SP_ENV
+          value: $(params.environment)
+        - name: SP_CUSTOMER
+          value: $(params.namespace)
+        - name: SOPS_AGE_KEY
+          value: {{ .Values.providers.hetzner.ageKey }}
+      script: |-
+        #!/bin/sh
+        ansible-playbook /src/playbooks/providers/hetzner/playbook.yml
+    - name: save-inventory
+      image: alpine/k8s:1.29.2
+      script: |-
+        #!/bin/sh
+        kubectl delete secret \
+          "$(params.environment)"-inventory \
+          --namespace "$(params.namespace)"
+        kubectl create secret generic \
+          "$(params.environment)"-inventory \
+          --namespace "$(params.namespace)" \
+          --from-file /tmp/outputs/inventory.yaml
+  workspaces:
+    - name: outputs
+      description: A folder to store outputs
+      optional: false
+      mountPath: /tmp/outputs