fix

2024-04-22 12:39:38 +02:00
parent c52743371f
commit 3ca76aaa86
3 changed files with 32 additions and 15 deletions
--- a/share/gitea-tekton-org/auto-ci.tf
+++ b/share/gitea-tekton-org/auto-ci.tf
@@ -19,20 +19,20 @@ resource "kubectl_manifest" "ci-trigger-push" {
      labels: ${jsonencode(local.push-labels)}
    spec:
      bindings:
-        - name: artifactory-url
-          value: "$(extensions.artifactory-url)"
-        - name: project-name
-          value: "$(extensions.project-name)"
-        - name: project-path
-          value: "$(extensions.project-path)"
-        - name: git-repository-url
-          value: "$(extensions.git-repository-url)"
-        - name: git-revision
-          value: "$(extensions.git-revision)"
-        - name: git-default-branch
-          value: "$(extensions.git-default-branch)"
-        - name: branch-name
-          value: $(extensions.branch-name)
+      - name: artifactory-url
+        value: "$(extensions.artifactory-url)"
+      - name: project-name
+        value: "$(extensions.project-name)"
+      - name: project-path
+        value: "$(extensions.project-path)"
+      - name: git-repository-url
+        value: "$(extensions.git-repository-url)"
+      - name: git-revision
+        value: "$(extensions.git-revision)"
+      - name: git-default-branch
+        value: "$(extensions.git-default-branch)"
+      - name: branch-name
+        value: $(extensions.branch-name)
      template:
        spec:
          params:
@@ -90,6 +90,12 @@ resource "kubectl_manifest" "ci-trigger-push" {
                    resources:
                      requests:
                        storage: 1Gi
+              - name: sslcertdir
+                secret:
+                  secretName: gitea
+                  items:
+                  - key: "ca.crt"
+                    path: "ca.crt"
              - name: ssh
                secret:
                  secretName: ssh-credentials
--- a/share/gitea-tekton-org/gitea_hook.tf
+++ b/share/gitea-tekton-org/gitea_hook.tf
@@ -61,12 +61,21 @@ resource "restapi_object" "ci-token" {
  })
 }

+data "kubernetes_secret_v1" "gitea-cert" {
+  metadata {
+    name = "gitea-cert"
+    namespace = "${var.domain}-ci"
+  }
+}
+
+
 resource "kubernetes_secret_v1" "ci-user-token-secret" {
  metadata {
    name = "gitea"
    namespace = "${var.namespace}"
  }
  data = {
+    "ca.crt" = lookup(data.kubernetes_secret_v1.gitea-cert.data, "ca.crt", lookup(data.kubernetes_secret_v1.gitea-cert.data, "tls.crt", ""))
    url = "gitea-http.${var.domain}-ci.svc:3000"
    token = jsondecode(resource.restapi_object.ci-token.create_response).sha1
  }
--- a/share/gitea-tekton-org/tekton.dev_v1_Pipeline_auto-ci-push.yaml
+++ b/share/gitea-tekton-org/tekton.dev_v1_Pipeline_auto-ci-push.yaml
@@ -6,6 +6,7 @@ spec:
  workspaces:
  - name: source
  - name: ssh
+  - name: sslcertdir
  params:
  - name: artifactory-url
    default: docker.io
@@ -220,4 +221,5 @@ spec:
      - name: IMAGE
        value: $(tasks.detect-stages.results.images-name)
    workspaces:
-    - name: source
+    - name: source
+    - name: sslcertdir