Provide a design about Pipeline Template

PROJECT

@@ -10,4 +10,7 @@ resources:
 - group: devops
   kind: PipelineRun
   version: v1alpha3
+- group: devops
+  kind: Template
+  version: v1alpha1
 version: "2"

config/crd/bases/devops.kubesphere.io_templates.yaml

@@ -0,0 +1,92 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: templates.devops.kubesphere.io
+spec:
+  group: devops.kubesphere.io
+  names:
+    kind: Template
+    listKind: TemplateList
+    plural: templates
+    singular: template
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: Template is the Schema for the templates API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: TemplateSpec defines the desired state of Template
+            properties:
+              parameters:
+                description: Parameters are used to configure template.
+                items:
+                  description: TemplateParameter is definition of how can we configure
+                    our parameter.
+                  properties:
+                    default:
+                      description: Default is default value of the parameter.
+                      x-kubernetes-preserve-unknown-fields: true
+                    description:
+                      description: Description is description of the parameter.
+                      type: string
+                    name:
+                      description: Name is name of the parameter.
+                      type: string
+                    type:
+                      description: Type is type of the parameter.
+                      type: string
+                    validation:
+                      description: Validation is the validation configuration of the
+                        parameter, including validation expression and message.
+                      properties:
+                        expression:
+                          description: Expression is the expression of the validation.
+                          type: string
+                        message:
+                          description: Message is given when validation failure.
+                          type: string
+                      required:
+                      - expression
+                      - message
+                      type: object
+                  required:
+                  - name
+                  type: object
+                type: array
+              template:
+                description: Template is a string with go-template style.
+                type: string
+            type: object
+          status:
+            description: TemplateStatus defines the observed state of Template
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

config/crd/kustomization.yaml

@@ -10,6 +10,7 @@ resources:
 - bases/devops.kubesphere.io_s2ibuildertemplates.yaml
 - bases/devops.kubesphere.io_s2iruns.yaml
 - bases/devops.kubesphere.io_pipelineruns.yaml
+- bases/devops.kubesphere.io_templates.yaml
 # +kubebuilder:scaffold:crdkustomizeresource
 
 patchesStrategicMerge:
@@ -18,13 +19,15 @@ patchesStrategicMerge:
 #- patches/webhook_in_pipelines.yaml
 #- patches/webhook_in_fakes.yaml
 #- patches/webhook_in_pipelineruns.yaml
+#- patches/webhook_in_templates.yaml
 # +kubebuilder:scaffold:crdkustomizewebhookpatch
 
 # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
 # patches here are for enabling the CA injection for each CRD
 #- patches/cainjection_in_pipelines.yaml
 #- patches/cainjection_in_fakes.yaml
 #- patches/cainjection_in_pipelineruns.yaml
+#- patches/cainjection_in_templates.yaml
 # +kubebuilder:scaffold:crdkustomizecainjectionpatch
 
 # the following config is for teaching kustomize how to do kustomization for CRDs.

config/crd/patches/cainjection_in_templates.yaml

@@ -0,0 +1,8 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: templates.devops.kubesphere.io

config/crd/patches/webhook_in_templates.yaml

@@ -0,0 +1,17 @@
+# The following patch enables conversion webhook for CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: templates.devops.kubesphere.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhookClientConfig:
+      # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
+      # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
+      caBundle: Cg==
+      service:
+        namespace: system
+        name: webhook-service
+        path: /convert

config/rbac/role.yaml

@@ -81,6 +81,26 @@ rules:
   - secrets
   verbs:
   - get
+- apiGroups:
+  - devops.kubesphere.io
+  resources:
+  - templates
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - devops.kubesphere.io
+  resources:
+  - templates/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
   - devops.kubesphere.io
   resources:

config/rbac/template_editor_role.yaml

@@ -0,0 +1,24 @@
+# permissions for end users to edit templates.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: template-editor-role
+rules:
+- apiGroups:
+  - devops.kubesphere.io
+  resources:
+  - templates
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - devops.kubesphere.io
+  resources:
+  - templates/status
+  verbs:
+  - get

config/rbac/template_viewer_role.yaml

@@ -0,0 +1,20 @@
+# permissions for end users to view templates.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: template-viewer-role
+rules:
+- apiGroups:
+  - devops.kubesphere.io
+  resources:
+  - templates
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - devops.kubesphere.io
+  resources:
+  - templates/status
+  verbs:
+  - get

config/samples/devops_v1alpha1_template.yaml

@@ -0,0 +1,63 @@
+apiVersion: devops.kubesphere.io/v1alpha1
+kind: Template
+metadata:
+  name: template-sample
+spec:
+  parameters:
+    - name: gitCloneURL
+      description: What is your repository URL you want to clone?
+      type: string # ignorable
+      validation:
+        expression: "matches()"
+        message: "Please input a correct URL."
+    - name: revision
+      description: Which revision do you want to clone from?
+      default: "main" # Valid JSON value
+    - name: buildOnly
+      description: Do we really need build stage only?
+      default: false # Valid JSON value
+      type: bool
+    - name: matrix
+      description: Matrix versions of gradle
+      type: string-array
+      default: ["6.9.1-jdk11", "7.0.0-jdk11", "7.3.3-jdk11"]
+
+  template: | # Go template
+    pipeline {
+        agent {
+            kubernetes {
+            inheritFrom 'gradle'
+                containerTemplate {
+                    name 'gradle'
+                    image 'gradle:7.3.3-jdk11'
+                }
+            }
+        }
+        stages {
+            stage('Checkout') {
+                steps {
+                    checkout poll: false, scm: [$class: 'GitSCM', branches: [[name: '*/master']], extensions: [[$class: 'CloneOption', depth: 1, noTags: true, reference: '', shallow: true], [$class: 'SubmoduleOption', depth: 1, disableSubmodules: false, parentCredentials: false, recursiveSubmodules: true, reference: '', shallow: true, trackingSubmodules: false]], userRemoteConfigs: [[url: '{{ .params.gitCloneURL }}']]]
+                }
+            }
+            {{if not .buildOnly}}
+            stage('Gradle Check') {
+                steps {
+                    container('gradle') {
+                        sh 'gradle check'
+                    }
+                }
+            }
+            stage('Gradle Build') {
+                steps {
+                    container('gradle') {
+                        sh 'gradle build -x test'
+                    }
+                }
+            }
+            stage('Archive Assets') {
+                steps {
+                    archiveArtifacts '**/build/libs/*.jar'
+                }
+            }
+        }
+    }

controllers/suite_test.go

@@ -30,6 +30,7 @@ import (
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 
+	devopsv1alpha1 "kubesphere.io/devops/pkg/api/devops/v1alpha1"
 	devopsv1alpha3 "kubesphere.io/devops/pkg/api/devops/v1alpha3"
 	// +kubebuilder:scaffold:imports
 )
@@ -72,6 +73,9 @@ var _ = BeforeSuite(func(done Done) {
 	err = devopsv1alpha3.AddToScheme(scheme.Scheme)
 	Expect(err).NotTo(HaveOccurred())
 
+	err = devopsv1alpha1.AddToScheme(scheme.Scheme)
+	Expect(err).NotTo(HaveOccurred())
+
 	// +kubebuilder:scaffold:scheme
 
 	k8sClient, err = client.New(cfg, client.Options{Scheme: scheme.Scheme})

controllers/template_controller.go

@@ -0,0 +1,62 @@
+/*
+Copyright 2022 The KubeSphere Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package controllers
+
+import (
+	"context"
+	devopsv1alpha1 "kubesphere.io/devops/pkg/api/devops/v1alpha1"
+
+	"github.com/go-logr/logr"
+	"k8s.io/apimachinery/pkg/runtime"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+// TemplateReconciler reconciles a Template object
+type TemplateReconciler struct {
+	client.Client
+	Log    logr.Logger
+	Scheme *runtime.Scheme
+}
+
+//+kubebuilder:rbac:groups=devops.kubesphere.io,resources=templates,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=devops.kubesphere.io,resources=templates/status,verbs=get;update;patch
+
+// Reconcile is part of the main kubernetes reconciliation loop which aims to
+// move the current state of the cluster closer to the desired state.
+// TODO(user): Modify the Reconcile function to compare the state specified by
+// the Template object against the actual cluster state, and then
+// perform operations to make the cluster state reflect the state specified by
+// the user.
+//
+// For more details, check Reconcile and its Result here:
+// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.6.4/pkg/reconcile
+func (r *TemplateReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
+	_ = context.Background()
+	_ = r.Log.WithValues("template", req.NamespacedName)
+
+	// TODO(user): your logic here
+
+	return ctrl.Result{}, nil
+}
+
+// SetupWithManager sets up the controller with the Manager.
+func (r *TemplateReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	return ctrl.NewControllerManagedBy(mgr).
+		For(&devopsv1alpha1.Template{}).
+		Complete(r)
+}

docs/README.md

@@ -6,3 +6,4 @@ This is the right place if you want to know more details about `ks-devops`.
 * [projects](projects.md)
 * [e2e](e2e.md)
 * [Swagger Support](swagger.md)
+* [Pipeline Template Design](pipeline-template.md)