domain-incoming/share/organisation/ci-space.tf

resource "kubernetes_namespace_v1" "ns-tekton" {
  count = var.haveGitea && var.haveTekton?1:0
  metadata {
    annotations = local.annotations
    labels = merge(local.common-labels, local.annotations)
    name = "${var.domain}-ci-${var.instance}"
  }
}

resource "kubectl_manifest" "tekton" {
  count = var.haveGitea && var.haveTekton?1:0
  depends_on = [kubernetes_namespace_v1.ns-tekton]
  yaml_body  = <<-EOF
    apiVersion: "vynil.solidite.fr/v1"
    kind: "Install"
    metadata:
      name: "tekton-base"
      namespace: "${var.domain}-ci-${var.instance}"
      labels: ${jsonencode(local.common-labels)}
    spec:
      distrib: "${var.distributions.domain}"
      category: "share"
      component: "gitea-tekton-org"
      options:
        domain: "${var.domain}"
        organization: "${trimprefix(var.instance,"org-")}"
  EOF
}

resource "kubectl_manifest" "ci-ssh-creds" {
  depends_on = [kubernetes_namespace_v1.ns-tekton]
  count = var.haveGitea && var.haveTekton?1:0
  yaml_body  = <<-EOF
    apiVersion: "secretgenerator.mittwald.de/v1alpha1"
    kind: "SSHKeyPair"
    metadata:
      name: "ssh-credentials"
      namespace: "${var.domain}-ci-${var.instance}"
      labels: ${jsonencode(local.common-labels)}
    spec:
      length: "2048"
      forceRegenerate: false
      data:
        known_hosts: "${data.local_file.known_host[0].content}"
  EOF
  lifecycle {
    ignore_changes = [
      yaml_body,
    ]
  }
}

data "kubernetes_secret_v1" "ci-ssh-creds-read" {
  depends_on = [kubectl_manifest.ci-ssh-creds]
  count = var.haveGitea && var.haveTekton?1:0
  metadata {
    name = "ssh-credentials"
    namespace = "${var.domain}-ci-${var.instance}"
  }
}
resource "gitea_public_key" "ci-user-keys" {
  count = var.haveGitea && var.haveTekton?1:0
  title = "Tekton token to read repository ${var.instance}"
  username  = gitea_user.user-ci[0].username
  key = data.kubernetes_secret_v1.ci-ssh-creds-read[count.index].data["ssh-publickey"]
}