From 2a021609b7b149ecbc47c217d76b053911c97600 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Huss?= Date: Fri, 31 May 2024 14:00:58 +0200 Subject: [PATCH] fix --- share/organisation/check.rhai | 2 +- share/organisation/index.yaml | 39 ++++++++++++++++ share/organisation/postconfig.tf | 79 ++++++++++++++++++++++++++++---- share/organisation/template.rhai | 11 ++--- 4 files changed, 114 insertions(+), 17 deletions(-) diff --git a/share/organisation/check.rhai b/share/organisation/check.rhai index 75a4164..03fedfe 100644 --- a/share/organisation/check.rhai +++ b/share/organisation/check.rhai @@ -19,7 +19,7 @@ fn conditions() { let got = http_get_json(`http://gitea-http.${global::DOMAIN}-ci.svc:3000/api/v1/orgs/${org}/repos`, headers); repos += git.map(|p| p.name); repos.sort(); - log_info(`Found ${repo.len} repos`); + log_info(`Found ${repos.len} repos`); } json_encode(#{ repos: repos diff --git a/share/organisation/index.yaml b/share/organisation/index.yaml index 35976a8..451f38c 100644 --- a/share/organisation/index.yaml +++ b/share/organisation/index.yaml @@ -113,6 +113,45 @@ options: examples: - false type: boolean + images: + default: + kubectl: + pull_policy: IfNotPresent + registry: docker.io + repository: sebt3/basic-toolbox-image + tag: 1.29.3 + examples: + - kubectl: + pull_policy: IfNotPresent + registry: docker.io + repository: sebt3/basic-toolbox-image + tag: 1.29.3 + properties: + kubectl: + default: + pull_policy: IfNotPresent + registry: docker.io + repository: sebt3/basic-toolbox-image + tag: 1.29.3 + properties: + pull_policy: + default: IfNotPresent + enum: + - Always + - Never + - IfNotPresent + type: string + registry: + default: docker.io + type: string + repository: + default: sebt3/basic-toolbox-image + type: string + tag: + default: 1.29.3 + type: string + type: object + type: object ingress_class: default: traefik examples: diff --git a/share/organisation/postconfig.tf b/share/organisation/postconfig.tf index a270e47..de3be92 100644 --- a/share/organisation/postconfig.tf +++ b/share/organisation/postconfig.tf @@ -1,19 +1,21 @@ -resource "kubectl_manifest" "post_install_job" { +resource "kubectl_manifest" "post_install_job_taiga" { + count = var.conditions.have_taiga ? 1:0 yaml_body = <<-EOF apiVersion: batch/v1 kind: Job metadata: - name: "${var.instance}-${var.component}-post-config" - namespace: "${var.namespace}" - labels: ${jsonencode(local.postcfg_all_labels)} + name: "${var.instance}-${var.component}-config-taiga" + namespace: "${var.domain}-ci" + labels: ${jsonencode(local.common_labels)} + ownerReferences: ${jsonencode(var.install_owner)} spec: template: spec: restartPolicy: OnFailure initContainers: - - name: wait-for-svc - image: "${var.images.sonar.registry}/${var.images.sonar.repository}:${var.images.sonar.tag}" - imagePullPolicy: ${var.images.sonar.pull_policy} + - name: wait-for-sonar + image: "${var.images.kubectl.registry}/${var.images.kubectl.repository}:${var.images.kubectl.tag}" + imagePullPolicy: ${var.images.kubectl.pull_policy} securityContext: allowPrivilegeEscalation: false capabilities: @@ -24,11 +26,68 @@ resource "kubectl_manifest" "post_install_job" { seccompProfile: type: RuntimeDefault command: ["/bin/bash", "-c"] - args: ["set -o pipefail;for i in {1..200};do (echo > /dev/tcp/${module.service.name}/80) && exit 0; sleep 2;done; exit 1"] + args: ["set -o pipefail;for i in {1..200};do (echo > /dev/tcp/taiga-taiga/80) && exit 0; sleep 2;done; exit 1"] containers: - name: post-config - image: "${var.images.sonar.registry}/${var.images.sonar.repository}:${var.images.sonar.tag}" - imagePullPolicy: ${var.images.sonar.pull_policy} + image: "${var.images.kubectl.registry}/${var.images.kubectl.repository}:${var.images.kubectl.tag}" + imagePullPolicy: ${var.images.kubectl.pull_policy} + command: ["/bin/bash", "-xc"] + args: + - >- + API='http://taiga-taiga.${var.namespace}.svc/api/v1' + JSON='-sH "Content-Type: application/json"' + TOKEN=$(curl -X POST $JSON -d '{ "type": "normal", "username": "admin", "password": "'"$DJANGO_SUPERUSER_PASSWORD"'" }' "$API/auth" | jq -r '.auth_token') + BEAR='-H "Authorization: Bearer '"$TOKEN"'"' + if ! curl $JSON $BEAR "$API/projects"|jq -r '.[].name' |grep -E '^${trimprefix(var.instance,"org-")}$'; then + curl -X POST $JSON $BEAR "http://taiga-taiga.${var.namespace}.svc/api/v1/projects" -d '{ "creation_template": 1, "description": "Organisation ${trimprefix(var.instance,"org-")} project", "is_backlog_activated": true, "is_issues_activated": true, "is_kanban_activated": true, "is_private": true, "is_wiki_activated": true, "name": "${trimprefix(var.instance,"org-")}", }' + fi + envFrom: + - secretRef: + name: taiga-taiga + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + EOF +} +resource "kubectl_manifest" "post_install_job_sonar" { + count = var.conditions.have_gitea && var.conditions.have_sonar ? 0:0 + yaml_body = <<-EOF + apiVersion: batch/v1 + kind: Job + metadata: + name: "${var.instance}-${var.component}-post-config-sonar" + namespace: "${var.domain}-ci" + labels: ${jsonencode(local.common_labels)} + ownerReferences: ${jsonencode(var.install_owner)} + spec: + template: + spec: + restartPolicy: OnFailure + initContainers: + - name: wait-for-sonar + image: "${var.images.kubectl.registry}/${var.images.kubectl.repository}:${var.images.kubectl.tag}" + imagePullPolicy: ${var.images.kubectl.pull_policy} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + runAsGroup: 0 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + command: ["/bin/bash", "-c"] + args: ["set -o pipefail;for i in {1..200};do (echo > /dev/tcp/sonar-sonar/80) && exit 0; sleep 2;done; exit 1"] + containers: + - name: post-config + image: "${var.images.kubectl.registry}/${var.images.kubectl.repository}:${var.images.kubectl.tag}" + imagePullPolicy: ${var.images.kubectl.pull_policy} command: ["/bin/bash", "-c"] args: - >- diff --git a/share/organisation/template.rhai b/share/organisation/template.rhai index 205398a..ec4b987 100644 --- a/share/organisation/template.rhai +++ b/share/organisation/template.rhai @@ -1,6 +1,6 @@ -const DEST=dest; const DOMAIN = config.domain; const NAME = instance; +const DEST = dest; fn have_gitea() { have_namespace(`${global::DOMAIN}-ci`) && have_install(`${global::DOMAIN}-ci`, "gitea") && have_service(`${global::DOMAIN}-ci`, "gitea-http") && have_secret(`${global::DOMAIN}-ci`, "gitea-admin-user") } @@ -8,20 +8,19 @@ fn have_sonar() { have_namespace(`${global::DOMAIN}-ci`) && have_install(`${global::DOMAIN}-ci`, "sonar") && have_service(`${global::DOMAIN}-ci`, "sonar-sonar") && have_secret(`${global::DOMAIN}-ci`, "sonar-sonar") } fn have_taiga() { - have_namespace(`${global::DOMAIN}-ci`) && have_install(`${global::DOMAIN}-ci`, "taiga") && have_service(`${global::DOMAIN}-ci`, "taiga-taiga") && have_secret(`${global::DOMAIN}-ci`, "sonar-sonar") + have_namespace(`${global::DOMAIN}-ci`) && have_install(`${global::DOMAIN}-ci`, "taiga") && have_service(`${global::DOMAIN}-ci`, "taiga-taiga") && have_secret(`${global::DOMAIN}-ci`, "taiga-taiga") } fn gitea_repos() { let repos = []; - let org = "org-solidite"; + let org = global::NAME; org.replace("org-",""); if (have_gitea() && have_sonar()) { let gitea = get_secret(`${global::DOMAIN}-ci`, "gitea-admin-user"); let username = base64_decode(gitea.data.username); let password = base64_decode(gitea.data.password); let headers = http_header_basic(username,password); - let got = http_get_json(`http://gitea-http.${global::DOMAIN}-ci.svc:3000/api/v1/orgs/${org}/repos`, headers); - log_warn(got.body); - repos += got.json.map(|p| p.name); + let response = http_get_json(`http://gitea-http.${global::DOMAIN}-ci.svc:3000/api/v1/orgs/${org}/repos`, headers); + repos += response.json.map(|p| p.name); repos.sort(); log_info(`Found ${repos.len} repos`); }