CD prow config using tekton

Define an event listener that triggers a tekton task that deploys
prow configurations on a target k8s cluster / namespace from a
give git repo / path.

Move cronjobs into a cronjobs folder and add docs for each of them.

Closes #1

prow/extra.yaml

@@ -0,0 +1,25 @@
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: config-map-updater
+rules:
+- apiGroups: ["*"]
+  resources: ["configmaps"]
+  verbs: ["get", "list", "patch", "update"]
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: prow-config-bot
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: prow-config-bot-config-map-updater
+subjects:
+- kind: ServiceAccount
+  name: prow-config-bot
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: config-map-updater

tekton/README.md

@@ -14,3 +14,15 @@ Resources are organised in folders:
   maintaining the GitHub org and more.
 - The [cd](cd/README.md) folder contains kustomize overlays, used to deploy the
   various Tekton projects to the infra clusters.
+
+# Secrets
+
+Some of the resources require secrets to operate.
+- `GitHub` secrets: `bot-token-github` used for syncing label configuration and
+  org configuration requires, `github-token` used to create a draft release
+- `GCP` secrets: `nightly-account` is used by nightly releases to push releases
+  to the nightly bucket. It's a token for service account
+  `release-right-meow@tekton-releases.iam.gserviceaccount.com`.
+  `release-secret` is used by Tekton Pipeline to push pipeline artifacts to a
+  GCS bucket. It's also used to push images built by cron trigger (or Mario)
+  to the image registry on GCP.

tekton/cronjobs/README.md

@@ -0,0 +1,184 @@
+# Tekton Cron Jobs
+
+This folder holds kustomize overlays, that are used to maintain cron job
+configurations. To add a new cron job to be deployed to the `dogfooding`
+cluster, create a folder and add a `kustomization.yaml` into it, along with the
+cronjob overlay.
+
+There are three base cron jobs available:
+* `nightly-image-build-cron-base` which can be used to build container images
+  on a regular basis and push them to a container repo (by default
+  gcr.io/tekton-releases/dogfooding/myimage)
+* `nighyly-release-cron-base` which is used to trigger the pipeline repo nightly
+  builds
+* `resource-cd-cron-base` which is used to trigger deployment of a resource
+
+## Existing cron jobs
+
+### Container Images
+
+The following images are built nightly:
+* [hub](hub-image-nightly-build-cron/README.md)
+* [ko](ko-image-nightly-build-cron/README.md)
+* [ko + gcloud](ko-gcloud-image-nightly-build-cron/README.md)
+* [kubectl](kubectl-image-nightly-build-cron/README.md)
+* [skopeo](skopeo-image-nightly-build-cron/README.md)
+* [tkn](tkn-image-nightly-build-cron/README.md)
+* [testrunner](pipeline-test-runner-build-cron/README.md)
+
+### Nightly Releases
+
+The following projects are released nightly:
+* [pipeline](pipeline-nightly-release-cron/README.md)
+
+### Continuous Deployments
+
+The following resources are deployed continuously:
+* [prow config](prow-config-cd-hourly-cron/README.md)
+
+## Adding a new cron job
+
+To add a new cronjob for an existing base, follow these steps.
+
+Example folders structure:
+```
+cronjobs
+├── README.md
+├── resource-cd-cron-base (existing)
+│   ├── kustomization.yaml
+│   └── trigger.yaml
+└── myresource-cd-daily-cron (added)
+    ├── cronjob.yaml
+    └── kustomization.yaml
+```
+
+Example Kustomization configuration file:
+```
+# kustomization.yaml
+bases:
+- ../../resource-cd-cron-base
+patchesStrategicMerge:
+- cronjob.yaml
+nameSuffix: "-myresource"
+```
+
+Example Cronjob definition file. This file must give enough context for
+`kustomize` to match the correct resource to be patched - in this case to match
+`resource-cd-trigger` defined in `resource-cd-cron-base/trigger.yaml`.
+It allows cron jobs to override relevant parts of the template trigger, like
+schedule or the value of environment variables.
+```
+# cronjob.yaml
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+  name: resource-cd-trigger # <-- This should not be changed!
+spec:
+  schedule: "*/1 * * * *"  # <-- Change the schedule here
+  concurrencyPolicy: Forbid  
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: trigger
+            env:
+              - name: SINK_URL
+                value: "http://el-myconfig-deployer.default.svc.cluster.local:8080"
+              - name: GIT_REPOSITORY
+                value: "github.com/tektoncd/plumbing"
+              - name: GIT_REVISION
+                value: "master"
+              - name: CONFIG_PATH
+                value: "my-great-resource"
+              - name: NAMESPACE
+                value: "default"
+              - name: CLUSTER_RESOURCE
+                value: "prow-cluster-config-bot"
+```
+
+To generate the YAML for the newly defined cron configuration, run the following:
+```
+kustomize build tekton/cronjobs/myresource-cd-daily-cron/
+```
+
+To apply the cron configuration directly, run the following:
+```
+kustomize build tekton/cronjobs/myresource-cd-daily-cron/ | kubectl apply -f -
+# or
+kubectl -k tekton/cronjobs/myresource-cd-daily-cron/
+```
+
+## Adding a daily build for a new image
+
+To build daily a docker image, follow these steps:
+
+1. Create a new context folder with the Dockerfile in it:
+```
+tekton
+├── images
+│   └── myimage
+│       └── Dockerfile
+```
+
+1. Create a new kustomize folder with `kustomization.yaml` and `cronjob.yaml`.
+   Copy the content from an existing one, e.g. `tkn-image-nightly-build-cron`.
+```
+tekton
+├── cronjobs
+│   └── myimage-image-nightly-build-cron
+│       ├── cronjob.yaml
+│       └── kustomization.yaml
+```
+
+1. Edit `cronjob.yaml`. Configure at least CONTEXT_PATH and TARGET_IMAGE.
+```
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+  name: image-build-cron-trigger
+spec:
+  schedule: "0 2 * * *"
+  concurrencyPolicy: Forbid
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: trigger
+            env:
+            - name: SINK_URL
+              value: el-image-builder.default.svc.cluster.local:8080
+            - name: GIT_REPOSITORY
+              value: github.com/tektoncd/plumbing
+            - name: GIT_REVISION
+              value: master
+            - name: TARGET_IMAGE
+              value: gcr.io/tekton-releases/dogfooding/myimage:latest
+            - name: CONTEXT_PATH
+              value: tekton/images/myimage
+```
+
+1. Edit `kustomization.yaml`. Set the nameSuffix to identify the new cron job.
+```
+bases:
+- ../nightly-image-build-cron-base
+patchesStrategicMerge:
+- cronjob.yaml
+nameSuffix: "-myimage"
+```
+
+1. Apply your new job:
+```
+kubectl -k tekton/config/myimage-image-nightly-build-cron/
+```
+
+1. Check the result:
+```
+kubectl get cronjobs
+```
+
+1. Run the build:
+```
+kubectl create job --from=cronjob/image-build-cron-trigger-myimage build-myimage-$(date +"%Y%m%d-%H%M")
+```

tekton/cronjobs/hub-image-nightly-build-cron/README.md

@@ -0,0 +1,2 @@
+Cron Job to build a container image with `hub` installed.
+The image is published daily to [gcr.io/tekton-releases/dogfooding/hub:latest](gcr.io/tekton-releases/dogfooding/hub:latest).

tekton/cronjobs/ko-gcloud-image-nightly-build-cron/README.md

@@ -0,0 +1,2 @@
+Cron Job to build a container image with `ko` and `gcloud` installed.
+The image is published daily to [gcr.io/tekton-releases/dogfooding/ko:gcloud-latest](gcr.io/tekton-releases/dogfooding/ko:gcloud-latest).

tekton/cronjobs/ko-image-nightly-build-cron/README.md

@@ -0,0 +1,2 @@
+Cron Job to build a container image with `ko` installed.
+The image is published daily to [gcr.io/tekton-releases/dogfooding/ko:gcloud-latest](gcr.io/tekton-releases/dogfooding/ko:latest).

tekton/cronjobs/kubectl-image-nightly-build-cron/README.md

@@ -0,0 +1,2 @@
+Cron Job to build a container image with `kubectl` installed.
+The image is published daily to [gcr.io/tekton-releases/dogfooding/kubectl:latest](gcr.io/tekton-releases/dogfooding/kubectl:latest).