Refactored examples and added github example with README

docs/eventlisteners.md

@@ -348,28 +348,28 @@ accept to the `eventTypes` field. Valid values can be found in GitHub
 The body/header of the incoming request will be preserved in this Interceptor's
 response.
 
-<!-- FILE: examples/eventlisteners/github-eventlistener-interceptor.yaml -->
+<!-- FILE: examples/github/github-eventlistener-interceptor.yaml -->
 ```YAML
 ---
 apiVersion: triggers.tekton.dev/v1alpha1
 kind: EventListener
 metadata:
   name: github-listener-interceptor
 spec:
-  serviceAccountName: tekton-triggers-example-sa
+  serviceAccountName: tekton-triggers-github-sa
   triggers:
-    - name: foo-trig
+    - name: github-listener
       interceptors:
         - github:
             secretRef:
-              secretName: foo
-              secretKey: bar
+              secretName: github-secret
+              secretKey: secretToken
             eventTypes:
               - pull_request
       bindings:
-        - ref: pipeline-binding
+        - ref: github-binding
       template:
-        name: pipeline-template
+        name: github-template
 ```
 
 

examples/cron/binding.yaml

@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: tekton-triggers-cron-binding
+subjects:
+  - kind: ServiceAccount
+    name: tekton-triggers-cron-sa
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: tekton-triggers-cron-minimal

examples/cron/eventlistener.yaml

@@ -3,7 +3,7 @@ kind: EventListener
 metadata:
   name: cron-listener
 spec:
-  serviceAccountName: tekton-triggers-example-sa
+  serviceAccountName: tekton-triggers-cron-sa
   triggers:
     - name: cron-trig
       bindings:

examples/cron/role.yaml

@@ -0,0 +1,17 @@
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: tekton-triggers-cron-minimal
+rules:
+  # Permissions for every EventListener deployment to function
+  - apiGroups: ["triggers.tekton.dev"]
+    resources: ["eventlisteners", "triggerbindings", "triggertemplates"]
+    verbs: ["get"]
+  - apiGroups: [""]
+    # secrets are only needed for Github/Gitlab interceptors, serviceaccounts only for per trigger authorization
+    resources: ["configmaps", "secrets", "serviceaccounts"]
+    verbs: ["get", "list", "watch"]
+  # Permissions to create resources in associated TriggerTemplates
+  - apiGroups: ["tekton.dev"]
+    resources: ["pipelineruns", "pipelineresources", "taskruns"]
+    verbs: ["create"]

examples/cron/secret.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: githubsecret
+  name: cron-secret
 type: Opaque
 stringData:
   secretToken: "1234567"

examples/cron/serviceaccount.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tekton-triggers-cron-sa
+secrets:
+  - name: cron-secret

examples/github/README.md

@@ -0,0 +1,46 @@
+## GitHub EventListener
+
+Creates an EventListener that listens for GitHub webhook events.
+
+### Try it out locally:
+
+1. To create the GitHub trigger and all related resources, run:
+
+   ```bash
+   kubectl apply -f examples/github/
+   ```
+
+1. Port forward:
+
+   ```bash
+   kubectl port-forward \
+    "$(kubectl get pod --selector=eventlistener=github-listener-interceptor -oname)" \
+     8080
+   ```
+
+   **Note**: Instead of port forwarding, you can set the
+   [`serviceType`](https://github.com/tektoncd/triggers/blob/master/docs/eventlisteners.md#serviceType)
+   to `LoadBalancer` to expose the EventListener with a public IP.
+
+1. Test by sending the sample payload.
+
+   ```bash
+   curl -v \
+   -H 'X-GitHub-Event: pull_request' \
+   -H 'X-Hub-Signature: sha1=0835c8c5dc317870c4e48659df5f3c53213cd348' \
+   -H 'Content-Type: application/json' \
+   -d '{"head_commit":{"id":"master"},"repository":{"url": "https://github.com/tektoncd/triggers"}}' \
+   http://localhost:8080
+   ```
+
+   The response status code should be `201 Created`
+
+   [`HMAC`](https://www.freeformatter.com/hmac-generator.html) tool used to create X-Hub-Signature. 
+
+   In [`HMAC`](https://www.freeformatter.com/hmac-generator.html) `string` is the *body payload* and `secretKey` is the *given secretToken*.
+
+1. You should see a new TaskRun that got created:
+
+   ```bash
+   kubectl get taskruns | grep github-run-
+   ```

examples/eventlisteners/github-eventlistener-interceptor.yaml → examples/github/github-eventlistener-interceptor.yaml

@@ -4,17 +4,17 @@ kind: EventListener
 metadata:
   name: github-listener-interceptor
 spec:
-  serviceAccountName: tekton-triggers-example-sa
+  serviceAccountName: tekton-triggers-github-sa
   triggers:
-    - name: foo-trig
+    - name: github-listener
       interceptors:
         - github:
             secretRef:
-              secretName: foo
-              secretKey: bar
+              secretName: github-secret
+              secretKey: secretToken
             eventTypes:
               - pull_request
       bindings:
-        - ref: pipeline-binding
+        - ref: github-binding
       template:
-        name: pipeline-template
+        name: github-template

examples/github/role.yaml

@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tekton-triggers-github-sa
+secrets:
+  - name: github-secret
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: tekton-triggers-github-binding
+subjects:
+  - kind: ServiceAccount
+    name: tekton-triggers-github-sa
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: tekton-triggers-github-minimal
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: tekton-triggers-github-minimal
+rules:
+  # Permissions for every EventListener deployment to function
+  - apiGroups: ["triggers.tekton.dev"]
+    resources: ["eventlisteners", "triggerbindings", "triggertemplates"]
+    verbs: ["get"]
+  - apiGroups: [""]
+    # secrets are only needed for Github/Gitlab interceptors, serviceaccounts only for per trigger authorization
+    resources: ["configmaps", "secrets", "serviceaccounts"]
+    verbs: ["get", "list", "watch"]
+  # Permissions to create resources in associated TriggerTemplates
+  - apiGroups: ["tekton.dev"]
+    resources: ["pipelineruns", "pipelineresources", "taskruns"]
+    verbs: ["create"]

examples/github/secret.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: github-secret
+type: Opaque
+stringData:
+  secretToken: "1234567"

examples/github/triggerbinding.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: triggers.tekton.dev/v1alpha1
+kind: TriggerBinding
+metadata:
+  name: github-binding
+spec:
+  params:
+    - name: gitrevision
+      value: $(body.head_commit.id)
+    - name: gitrepositoryurl
+      value: $(body.repository.url)

examples/github/triggertemplate.yaml

@@ -0,0 +1,35 @@
+---
+apiVersion: triggers.tekton.dev/v1alpha1
+kind: TriggerTemplate
+metadata:
+  name: github-template
+spec:
+  params:
+    - name: gitrevision
+    - name: gitrepositoryurl
+  resourcetemplates:
+    - apiVersion: tekton.dev/v1alpha1
+      kind: TaskRun
+      metadata:
+        generateName: github-run-
+      spec:
+        taskSpec:
+          inputs:
+            resources:
+              - name: source
+                type: git
+          steps:
+            - image: ubuntu
+              script: |
+                #! /bin/bash
+                ls -al $(inputs.resources.source.path)
+        inputs:
+          resources:
+            - name: source
+              resourceSpec:
+                type: git
+                params:
+                  - name: revision
+                    value: $(params.gitrevision)
+                  - name: url
+                    value: $(params.gitrepositoryurl)

examples/gitlab/README.md

@@ -4,22 +4,15 @@ Creates an EventListener that listens for Gitlab webhook events.
 
 ### Try it out locally:
 
-1. Create the service account:
+1. To create the GitLab trigger and all related resources, run:
 
-   ```shell script
-   kubectl apply -f examples/role-resources/triggerbinding-roles
-   kubectl apply -f examples/role-resources/
-   ```
-
-1. Create the Gitlab EventListener:
-
-   ```shell script
-   kubectl apply -f examples/gitlab/gitlab-push-listener.yaml
+   ```bash
+   kubectl apply -f examples/gitlab/
    ```
 
 1. Port forward:
 
-   ```shell script
+   ```bash
    kubectl port-forward \
     "$(kubectl get pod --selector=eventlistener=gitlab-listener -oname)" \
      8080
@@ -31,7 +24,7 @@ Creates an EventListener that listens for Gitlab webhook events.
 
 1. Test by sending the sample payload.
 
-   ```shell script
+   ```bash
    curl -v \
    -H 'X-GitLab-Token: abcde' \
    -H 'X-Gitlab-Event: Push Hook' \
@@ -44,6 +37,6 @@ Creates an EventListener that listens for Gitlab webhook events.
 
 1. You should see a new TaskRun that got created:
 
-   ```shell script
+   ```bash
    kubectl get taskruns | grep gitlab-run-
    ```

examples/gitlab/binding.yaml

@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: tekton-triggers-gitlab-binding
+subjects:
+  - kind: ServiceAccount
+    name: tekton-triggers-gitlab-sa
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: tekton-triggers-gitlab-minimal

examples/gitlab/gitlab-push-listener.yaml

@@ -44,28 +44,19 @@ spec:
     - name: gitrepositoryurl
       value: $(body.repository.git_http_url)
 ---
-apiVersion: v1
-kind: Secret
-metadata:
-  name: gitlab-secret
-type: Opaque
-stringData:
-  gitlabToken: abcde
----
 apiVersion: triggers.tekton.dev/v1alpha1
 kind: EventListener
 metadata:
   name: gitlab-listener
 spec:
-  # from examples/role-resources/servicaccount.yaml
-  serviceAccountName: tekton-triggers-example-sa
+  serviceAccountName: tekton-triggers-gitlab-sa
   triggers:
     - name: gitlab-push-events-trigger
       interceptors:
         - gitlab:
             secretRef:
               secretName: gitlab-secret
-              secretKey: gitlabToken
+              secretKey: secretToken
             eventTypes:
               - Push Hook  # Only push events
       bindings:

examples/gitlab/role.yaml

@@ -0,0 +1,17 @@
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: tekton-triggers-gitlab-minimal
+rules:
+  # Permissions for every EventListener deployment to function
+  - apiGroups: ["triggers.tekton.dev"]
+    resources: ["eventlisteners", "triggerbindings", "triggertemplates"]
+    verbs: ["get"]
+  - apiGroups: [""]
+    # secrets are only needed for Github/Gitlab interceptors, serviceaccounts only for per trigger authorization
+    resources: ["configmaps", "secrets", "serviceaccounts"]
+    verbs: ["get", "list", "watch"]
+  # Permissions to create resources in associated TriggerTemplates
+  - apiGroups: ["tekton.dev"]
+    resources: ["pipelineruns", "pipelineresources", "taskruns"]
+    verbs: ["create"]

examples/gitlab/secret.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: gitlab-secret
+type: Opaque
+stringData:
+  secretToken: "1234567"

examples/gitlab/serviceaccount.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tekton-triggers-gitlab-sa
+secrets:
+  - name: gitlab-secret

examples/role-resources/secret.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: githubsecret
+  name: tekton-triggers-example-secret
 type: Opaque
 stringData:
   secretToken: "1234567"