Initial import of RHDH templates

secure-go-service/skeleton/.tekton/pipeline.yaml

@@ -0,0 +1,24 @@
+# Reuses the cluster-wide build-sign-deploy Pipeline in the demo-secure namespace.
+# To run on every push, install OpenShift Pipelines as Code or fire the EventListener
+# in demo-secure with the right git-revision.
+apiVersion: tekton.dev/v1
+kind: PipelineRun
+metadata:
+  generateName: ${{ values.name }}-
+  namespace: ${{ values.name }}
+spec:
+  pipelineRef:
+    name: build-sign-deploy
+    namespace: demo-secure
+  serviceAccountName: pipeline
+  params:
+    - name: image
+      value: image-registry.openshift-image-registry.svc:5000/${{ values.name }}/${{ values.name }}:latest
+  workspaces:
+    - name: source
+      volumeClaimTemplate:
+        spec:
+          accessModes: [ReadWriteOnce]
+          resources:
+            requests:
+              storage: 2Gi

secure-go-service/skeleton/Dockerfile

@@ -0,0 +1,10 @@
+FROM registry.access.redhat.com/ubi9/go-toolset:1.22 AS build
+WORKDIR /opt/app-root/src
+COPY . .
+RUN CGO_ENABLED=0 go build -trimpath -ldflags "-s -w" -o /tmp/app .
+
+FROM registry.access.redhat.com/ubi9-minimal:latest
+COPY --from=build /tmp/app /usr/local/bin/app
+USER 1001
+EXPOSE 8080
+ENTRYPOINT ["/usr/local/bin/app"]

secure-go-service/skeleton/argocd-app.yaml

@@ -0,0 +1,28 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: ${{ values.name }}
+  namespace: openshift-gitops
+  labels:
+    category: app
+spec:
+  project: default
+  source:
+    repoURL: ${{ values.repoUrl }}
+    targetRevision: master
+    path: deploy
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: ${{ values.name }}
+  ignoreDifferences:
+    - group: apps
+      kind: Deployment
+      jsonPointers:
+        - /spec/template/spec/containers/0/image
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true

secure-go-service/skeleton/catalog-info.yaml

@@ -0,0 +1,14 @@
+apiVersion: backstage.io/v1alpha1
+kind: Component
+metadata:
+  name: ${{ values.name }}
+  description: ${{ values.description }}
+  annotations:
+    backstage.io/kubernetes-id: ${{ values.name }}
+    backstage.io/kubernetes-namespace: ${{ values.name }}
+    janus-idp.io/tekton: ${{ values.name }}
+    argocd/app-name: ${{ values.name }}
+spec:
+  type: service
+  lifecycle: experimental
+  owner: ${{ values.owner }}

secure-go-service/skeleton/go.mod

@@ -0,0 +1,3 @@
+module ${{ values.name }}
+
+go 1.22

secure-go-service/skeleton/main.go

@@ -0,0 +1,23 @@
+package main
+
+import (
+	"fmt"
+	"log"
+	"net/http"
+	"os"
+)
+
+func main() {
+	http.HandleFunc("/", func(w http.ResponseWriter, _ *http.Request) {
+		fmt.Fprintf(w, "hello from ${{ values.name }}\n")
+	})
+	http.HandleFunc("/healthz", func(w http.ResponseWriter, _ *http.Request) {
+		w.WriteHeader(http.StatusOK)
+	})
+	port := os.Getenv("PORT")
+	if port == "" {
+		port = "8080"
+	}
+	log.Printf("${{ values.name }} listening on :%s", port)
+	log.Fatal(http.ListenAndServe(":"+port, nil))
+}

secure-go-service/template.yaml

@@ -0,0 +1,77 @@
+apiVersion: scaffolder.backstage.io/v1beta3
+kind: Template
+metadata:
+  name: secure-go-service
+  title: Secure Go Service
+  description: |
+    Scaffold a new Go HTTP service wired to the RHADS supply chain:
+    Tekton pipeline (build → SBOM → cosign sign → bombastic upload),
+    ArgoCD Application for declarative deploy, and a catalog-info.yaml
+    pre-populated with Tekton/ArgoCD/Kubernetes plugin annotations.
+  tags:
+    - golang
+    - secure
+    - rhads
+spec:
+  owner: platform
+  type: service
+  parameters:
+    - title: Service basics
+      required:
+        - name
+        - description
+      properties:
+        name:
+          title: Name
+          type: string
+          description: Lowercase, no spaces; used for the namespace and app name.
+          pattern: '^[a-z][a-z0-9-]{1,30}[a-z0-9]$'
+        description:
+          title: Description
+          type: string
+        owner:
+          title: Owner
+          type: string
+          default: platform
+    - title: Git destination
+      required:
+        - repoUrl
+      properties:
+        repoUrl:
+          title: Repository
+          type: string
+          ui:field: RepoUrlPicker
+          ui:options:
+            allowedHosts:
+              - gitea.apps.lab.hibachi.ninja
+  steps:
+    - id: fetch-base
+      name: Fetch scaffold
+      action: fetch:template
+      input:
+        url: ./skeleton
+        values:
+          name: ${{ parameters.name }}
+          description: ${{ parameters.description }}
+          owner: ${{ parameters.owner }}
+    - id: publish
+      name: Publish to Gitea
+      action: publish:gitea
+      input:
+        repoUrl: ${{ parameters.repoUrl }}
+        defaultBranch: master
+        description: ${{ parameters.description }}
+    - id: register
+      name: Register in catalog
+      action: catalog:register
+      input:
+        repoContentsUrl: ${{ steps.publish.output.repoContentsUrl }}
+        catalogInfoPath: /catalog-info.yaml
+  output:
+    links:
+      - title: Open in catalog
+        icon: catalog
+        entityRef: ${{ steps.register.output.entityRef }}
+      - title: Source
+        icon: git
+        url: ${{ steps.publish.output.remoteUrl }}