diff --git a/workflows/heroku/CHANGELOG.md b/workflows/heroku/CHANGELOG.md new file mode 100644 index 00000000..c2ddae34 --- /dev/null +++ b/workflows/heroku/CHANGELOG.md @@ -0,0 +1,9 @@ +# Changelog + +## v0.0.1 8/10/2022 + +Initial Heroku template to deploy + +Template includes: + +* heroku-deployer diff --git a/workflows/heroku/assets/icon.svg b/workflows/heroku/assets/icon.svg new file mode 100644 index 00000000..744f0198 --- /dev/null +++ b/workflows/heroku/assets/icon.svg @@ -0,0 +1,5 @@ + \ No newline at end of file diff --git a/workflows/heroku/versions/0.0.1/README.md b/workflows/heroku/versions/0.0.1/README.md new file mode 100644 index 00000000..5d0028bd --- /dev/null +++ b/workflows/heroku/versions/0.0.1/README.md @@ -0,0 +1,17 @@ +# Starting-Template + +## Summary + +A template that deploys to Heroku via Codefresh GitOps Workflow + +## Templates + + +1. [heroku-deployer](https://github.com/codefresh-io/argo-hub/blob/main/workflows/heroku/versions/0.0.1/docs/heroku-deployer.md) + + +## Security + +Minimal required permissions + +[Full rbac permissions list](https://github.com/codefresh-io/argo-hub/blob/main/workflows/heroku/versions/0.0.1/rbac.yaml) diff --git a/workflows/heroku/versions/0.0.1/docs/heroku-deployer.md b/workflows/heroku/versions/0.0.1/docs/heroku-deployer.md new file mode 100644 index 00000000..e6570428 --- /dev/null +++ b/workflows/heroku/versions/0.0.1/docs/heroku-deployer.md @@ -0,0 +1,87 @@ +# heroku-deployer + +## Summary +Sends a code scan report to codecov + +## Inputs/Outputs + +### Inputs +* HEROKU_SECRET (required) - The Kubernetes secret with the Heroku login details +* HEROKU_API_TOKEN_SECRET_KEY (optional) - The key in the Kubernetes secret with the Heroku api token. Default is 'token' +* HEROKU_EMAIL_SECRET_KEY (optional) - The key in the Kubernetes secret with the Heroku login email. Default is 'email' +* APP_NAME (required) - Name of application +* WORKING_DIRECTORY (optional) - Path to working directory within cloned repository. Default is '.'. +* REPO_URL (required) - Git repo to be run containing sonar-project.properties. Key defaults to token. +* GIT_TOKEN (optional) - the k8s secret name that contains a key named token with the git secret inside it +* REPO (required) - Path to artifact where repository is to be cloned. + +### Secrets +* Heroku Secret - in order for this template to work a secret named `heroku-secret` must exist with heroku login details. +``` + apiVersion: v1 + kind: Secret + metadata: + name: heroku-secret + type: Opaque + data: + token: echo -n 'heroku api token' | base64 + email: echo -n 'heroku email' | base64 +``` + +* Github Secret - in order for this template to work a secret named `github-token` must exist with a github token. +``` + apiVersion: v1 + kind: Secret + metadata: + name: github-token + type: Opaque + data: + token: echo -n 'github token' | base64 +``` + +### Outputs +no outputs + +## Examples + +### task Example +``` +apiVersion: argoproj.io/v1alpha1 +kind: Workflow +metadata: + generateName: heroku-deployer- +spec: + entrypoint: main + templates: + - name: main + dag: + tasks: + - name: clone-step + templateRef: + name: argo-hub.git.0.0.2 + template: clone + arguments: + parameters: + - name: REPO_URL + value: 'https://github.com/codefresh-io/argo-hub' + - name: GIT_TOKEN_SECRET + value: 'git-token-name' + outputs: + artifacts: + - name: REPO + path: '/tmp/repo' + - name: heroku-deployer + depends: clone-step + templateref: + name: argo-hub.heroku.0.0.1 + template: heroku-deployer + arguments: + artifacts: + - name: REPO + from: "{{tasks.clone-step.outputs.artifacts.repo}}" + parameters: + - name: HEROKU_SECRET + value: heroku-secret + - name: APP_NAME + value: codefresh-test +``` diff --git a/workflows/heroku/versions/0.0.1/images/heroku-manager/Dockerfile b/workflows/heroku/versions/0.0.1/images/heroku-manager/Dockerfile new file mode 100644 index 00000000..70a5c0dc --- /dev/null +++ b/workflows/heroku/versions/0.0.1/images/heroku-manager/Dockerfile @@ -0,0 +1,4 @@ +FROM alpine:latest +RUN apk --update add curl bash nodejs npm git +RUN curl https://cli-assets.heroku.com/install.sh | sh +ENTRYPOINT heroku \ No newline at end of file diff --git a/workflows/heroku/versions/0.0.1/rbac.yaml b/workflows/heroku/versions/0.0.1/rbac.yaml new file mode 100644 index 00000000..d1329f27 --- /dev/null +++ b/workflows/heroku/versions/0.0.1/rbac.yaml @@ -0,0 +1,43 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argo-hub.heroku.0.0.1 + annotations: + argo-hub/version: '0.0.1' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argo-hub.heroku.0.0.1 + annotations: + argo-hub/version: '0.0.1' +rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - watch + - patch + - apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argo-hub.heroku.0.0.1 + annotations: + argo-hub/version: '0.0.1' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-hub.heroku.0.0.1 +subjects: + - kind: ServiceAccount + name: argo-hub.heroku.0.0.1 diff --git a/workflows/heroku/versions/0.0.1/workflowTemplate.yaml b/workflows/heroku/versions/0.0.1/workflowTemplate.yaml new file mode 100644 index 00000000..b6784b81 --- /dev/null +++ b/workflows/heroku/versions/0.0.1/workflowTemplate.yaml @@ -0,0 +1,72 @@ +apiVersion: argoproj.io/v1alpha1 +kind: WorkflowTemplate +metadata: + name: argo-hub.heroku.0.0.1 + annotations: + argo-hub/version: '0.0.1' + argo-hub/description: 'Heroku template' + argo-hub/categories: 'argo' + argo-hub/license: 'MIT' + argo-hub/owner_name: 'Matthew Chung' + argo-hub/owner_email: 'matthew.chung@codefresh.io' + argo-hub/owner_avatar: 'https://github.com/matthewchungcodefresh.png' + argo-hub/owner_url: 'https://github.com/matthewchungcodefresh' + argo-hub/icon_url: "https://cdn.jsdelivr.net/gh/codefresh-io/argo-hub@main/workflows/heroku/assets/icon.svg" + argo-hub/icon-background: "#f4f4f4" +spec: + templates: + - name: heroku-deployer + serviceAccountName: argo-hub.heroku.0.0.1 + metadata: + annotations: + argo-hub-template/description: 'Deploy to heroku via codefresh pipeline' + argo-hub-template/icon_url: "https://cdn.jsdelivr.net/gh/codefresh-io/argo-hub@main/workflows/heroku/assets/icon.svg" + argo-hub-template/icon_background: "#f4f4f4" + retryStrategy: + limit: "3" + retryPolicy: "Always" + backoff: + duration: "5s" + inputs: + artifacts: + - name: REPO + path: /tmp/repo + parameters: + # required + - name: HEROKU_SECRET + default: heroku-secret + - name: HEROKU_API_TOKEN_SECRET_KEY + default: token + - name: HEROKU_EMAIL_SECRET_KEY + default: email + - name: APP_NAME + # optional + - name: WORKING_DIRECTORY + default: "." + script: + imagePullPolicy: Always + image: quay.io/codefreshplugins/argo-hub-heroku-heroku-manager:0.0.1-main + + workingDir: /tmp/repo + env: + - name: HEROKU_API_TOKEN + valueFrom: + secretKeyRef: + name: '{{ inputs.parameters.HEROKU_SECRET }}' + key: '{{ inputs.parameters.HEROKU_API_TOKEN_SECRET_KEY }}' + - name: HEROKU_EMAIL + valueFrom: + secretKeyRef: + name: '{{ inputs.parameters.HEROKU_SECRET }}' + key: '{{ inputs.parameters.HEROKU_EMAIL_SECRET_KEY }}' + - name: APP_NAME + value: '{{ inputs.parameters.APP_NAME }}' + - name: WORKING_DIRECTORY + value: '{{ inputs.parameters.WORKING_DIRECTORY }}' + command: [sh] + source: | + printf "machine api.heroku.com\n login $HEROKU_EMAIL\n password $HEROKU_API_TOKEN\nmachine git.heroku.com\n login $HEROKU_EMAIL\n password $HEROKU_API_TOKEN\n" > ~/.netrc + cd $WORKING_DIRECTORY + heroku create $APP_NAME || true + heroku git:remote --app $APP_NAME + git push heroku master --force