fix
This commit is contained in:
@@ -51,7 +51,7 @@ resource "kubectl_manifest" "cm_env_front" {
|
||||
ENABLE_JIRA_IMPORTER: "false"
|
||||
ENABLE_TRELLO_IMPORTER: "false"
|
||||
ENABLE_OIDC_AUTH: "false"
|
||||
ENABLE_OPENID_AUTH: "true"
|
||||
ENABLE_OPENID: "true"
|
||||
OPENID_URL: "${module.oauth2.sso_authorize_url}"
|
||||
OPENID_SCOPE: "openid email profile"
|
||||
OPENID_NAME: "${var.domain_name}"
|
||||
@@ -85,8 +85,6 @@ resource "kubectl_manifest" "cm_scripts" {
|
||||
fi
|
||||
if [ $(python manage.py dumpdata projects.projecttemplate|wc -c) -lt 1000 ];then
|
||||
python manage.py loaddata initial_project_templates
|
||||
else
|
||||
echo "skipping loading initial templates : already here"
|
||||
fi
|
||||
EOF
|
||||
}
|
||||
|
||||
27
share/organisation/check.rhai
Normal file
27
share/organisation/check.rhai
Normal file
@@ -0,0 +1,27 @@
|
||||
const DOMAIN = config.domain;
|
||||
const NAME = instance;
|
||||
fn check_domain() {
|
||||
assert(have_namespace(`${global::DOMAIN}`), `There is no ${global::DOMAIN} namespace`);
|
||||
}
|
||||
fn pre_check() {
|
||||
check_domain();
|
||||
}
|
||||
fn conditions() {
|
||||
let org = global::NAME;
|
||||
org.replace("org-","");
|
||||
let insts = list_install(`${global::DOMAIN}-ci`).items;
|
||||
let repos = [];
|
||||
if (insts.some(|i| i.metadata.name=="gitea") && insts.some(|i| i.metadata.name=="sonar")) {
|
||||
let gitea = get_secret(`${global::DOMAIN}-ci`, "gitea-admin-user");
|
||||
let username = base64_decode(gitea.data.username);
|
||||
let password = base64_decode(gitea.data.password);
|
||||
let headers = http_header_basic(username,password);
|
||||
let got = http_get_json(`http://gitea-http.${global::DOMAIN}-ci.svc:3000/api/v1/orgs/${org}/repos`, headers);
|
||||
repos += git.map(|p| p.name);
|
||||
repos.sort();
|
||||
log_info(`Found ${repo.len} repos`);
|
||||
}
|
||||
json_encode(#{
|
||||
repos: repos
|
||||
})
|
||||
}
|
||||
@@ -74,9 +74,9 @@ options:
|
||||
type: string
|
||||
type: object
|
||||
domain:
|
||||
default: your-company
|
||||
default: media
|
||||
examples:
|
||||
- your-company
|
||||
- media
|
||||
type: string
|
||||
domain_name:
|
||||
default: your_company.com
|
||||
|
||||
49
share/organisation/postconfig.tf
Normal file
49
share/organisation/postconfig.tf
Normal file
@@ -0,0 +1,49 @@
|
||||
resource "kubectl_manifest" "post_install_job" {
|
||||
yaml_body = <<-EOF
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: "${var.instance}-${var.component}-post-config"
|
||||
namespace: "${var.namespace}"
|
||||
labels: ${jsonencode(local.postcfg_all_labels)}
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
restartPolicy: OnFailure
|
||||
initContainers:
|
||||
- name: wait-for-svc
|
||||
image: "${var.images.sonar.registry}/${var.images.sonar.repository}:${var.images.sonar.tag}"
|
||||
imagePullPolicy: ${var.images.sonar.pull_policy}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
command: ["/bin/bash", "-c"]
|
||||
args: ["set -o pipefail;for i in {1..200};do (echo > /dev/tcp/${module.service.name}/80) && exit 0; sleep 2;done; exit 1"]
|
||||
containers:
|
||||
- name: post-config
|
||||
image: "${var.images.sonar.registry}/${var.images.sonar.repository}:${var.images.sonar.tag}"
|
||||
imagePullPolicy: ${var.images.sonar.pull_policy}
|
||||
command: ["/bin/bash", "-c"]
|
||||
args:
|
||||
- >-
|
||||
curl -o /dev/null -s -w "%%{http_code}\n" -u admin:admin -X POST "http://${module.service.name}.${var.namespace}.svc/api/users/change_password?login=admin&previousPassword=admin&password=$ADMIN_PASSWORD"
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: ${kubectl_manifest.secret.name}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
EOF
|
||||
}
|
||||
37
share/organisation/template.rhai
Normal file
37
share/organisation/template.rhai
Normal file
@@ -0,0 +1,37 @@
|
||||
const DEST=dest;
|
||||
const DOMAIN = config.domain;
|
||||
const NAME = instance;
|
||||
fn have_gitea() {
|
||||
have_namespace(`${global::DOMAIN}-ci`) && have_install(`${global::DOMAIN}-ci`, "gitea") && have_service(`${global::DOMAIN}-ci`, "gitea-http") && have_secret(`${global::DOMAIN}-ci`, "gitea-admin-user")
|
||||
}
|
||||
fn have_sonar() {
|
||||
have_namespace(`${global::DOMAIN}-ci`) && have_install(`${global::DOMAIN}-ci`, "sonar") && have_service(`${global::DOMAIN}-ci`, "sonar-sonar") && have_secret(`${global::DOMAIN}-ci`, "sonar-sonar")
|
||||
}
|
||||
fn have_taiga() {
|
||||
have_namespace(`${global::DOMAIN}-ci`) && have_install(`${global::DOMAIN}-ci`, "taiga") && have_service(`${global::DOMAIN}-ci`, "taiga-taiga") && have_secret(`${global::DOMAIN}-ci`, "sonar-sonar")
|
||||
}
|
||||
fn gitea_repos() {
|
||||
let repos = [];
|
||||
let org = "org-solidite";
|
||||
org.replace("org-","");
|
||||
if (have_gitea() && have_sonar()) {
|
||||
let gitea = get_secret(`${global::DOMAIN}-ci`, "gitea-admin-user");
|
||||
let username = base64_decode(gitea.data.username);
|
||||
let password = base64_decode(gitea.data.password);
|
||||
let headers = http_header_basic(username,password);
|
||||
let got = http_get_json(`http://gitea-http.${global::DOMAIN}-ci.svc:3000/api/v1/orgs/${org}/repos`, headers);
|
||||
log_warn(got.body);
|
||||
repos += got.json.map(|p| p.name);
|
||||
repos.sort();
|
||||
log_info(`Found ${repos.len} repos`);
|
||||
}
|
||||
repos
|
||||
}
|
||||
fn post_template() {
|
||||
save_to_tf(`${global::DEST}/conditions.tf`, "conditions", #{
|
||||
have_gitea: have_gitea(),
|
||||
have_sonar: have_sonar(),
|
||||
have_taiga: have_taiga(),
|
||||
repos: gitea_repos()
|
||||
});
|
||||
}
|
||||
Reference in New Issue
Block a user