FEAT(tekton): add Tekton Triggers for GitHub webhooks

- Add EventListener for GitHub push events - Add TriggerBinding for payload parsing - Add TriggerTemplates for Next.js and FastAPI - Add RBAC for trigger service account - Add ExternalSecret for webhook secret from Vault - Add Ingress at tekton0213.kro.kr/hooks
2026-01-07 16:30:22 +09:00
parent 892b5dc815
commit a31b2b1a55
8 changed files with 315 additions and 0 deletions
--- a/tekton/ci-cd/manifests/triggers/triggertemplate.yaml
+++ b/tekton/ci-cd/manifests/triggers/triggertemplate.yaml
@@ -0,0 +1,105 @@
+apiVersion: triggers.tekton.dev/v1beta1
+kind: TriggerTemplate
+metadata:
+  name: nextjs-build-template
+  namespace: tekton-pipelines
+spec:
+  params:
+    - name: git-url
+      description: Git repository URL
+    - name: git-revision
+      description: Git commit SHA
+    - name: git-branch
+      description: Git branch name
+    - name: repo-name
+      description: Repository name
+    - name: repo-full-name
+      description: Full repository name (org/repo)
+  resourcetemplates:
+    - apiVersion: tekton.dev/v1
+      kind: PipelineRun
+      metadata:
+        generateName: $(tt.params.repo-name)-build-
+        namespace: tekton-pipelines
+        labels:
+          tekton.dev/pipeline: nextjs-build-deploy
+          app: $(tt.params.repo-name)
+          branch: $(tt.params.git-branch)
+      spec:
+        pipelineRef:
+          name: nextjs-build-deploy
+        params:
+          - name: git-url
+            value: $(tt.params.git-url)
+          - name: git-revision
+            value: $(tt.params.git-branch)
+          - name: app-name
+            value: $(tt.params.repo-name)
+          - name: context-dir
+            value: ./nextjs
+        workspaces:
+          - name: shared-workspace
+            volumeClaimTemplate:
+              spec:
+                accessModes:
+                  - ReadWriteOnce
+                storageClassName: local-path
+                resources:
+                  requests:
+                    storage: 1Gi
+          - name: docker-credentials
+            secret:
+              secretName: zot-registry-credentials
+---
+apiVersion: triggers.tekton.dev/v1beta1
+kind: TriggerTemplate
+metadata:
+  name: fastapi-build-template
+  namespace: tekton-pipelines
+spec:
+  params:
+    - name: git-url
+      description: Git repository URL
+    - name: git-revision
+      description: Git commit SHA
+    - name: git-branch
+      description: Git branch name
+    - name: repo-name
+      description: Repository name
+    - name: repo-full-name
+      description: Full repository name (org/repo)
+  resourcetemplates:
+    - apiVersion: tekton.dev/v1
+      kind: PipelineRun
+      metadata:
+        generateName: $(tt.params.repo-name)-build-
+        namespace: tekton-pipelines
+        labels:
+          tekton.dev/pipeline: fastapi-build-deploy
+          app: $(tt.params.repo-name)
+          branch: $(tt.params.git-branch)
+      spec:
+        pipelineRef:
+          name: fastapi-build-deploy
+        params:
+          - name: git-url
+            value: $(tt.params.git-url)
+          - name: git-revision
+            value: $(tt.params.git-branch)
+          - name: app-name
+            value: $(tt.params.repo-name)
+          - name: context-dir
+            value: ./fastapi
+        workspaces:
+          - name: shared-workspace
+            volumeClaimTemplate:
+              spec:
+                accessModes:
+                  - ReadWriteOnce
+                storageClassName: local-path
+                resources:
+                  requests:
+                    storage: 1Gi
+          - name: docker-credentials
+            secret:
+              secretName: zot-registry-credentials