vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2024-05-31 14:00:58 +02:00
parent dc68bd8d10
commit 2a021609b7
4 changed files with 114 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
share/organisation/check.rhai
View File

@@ -19,7 +19,7 @@ fn conditions() {
let got = http_get_json(`http://gitea-http.${global::DOMAIN}-ci.svc:3000/api/v1/orgs/${org}/repos`, headers); let got = http_get_json(`http://gitea-http.${global::DOMAIN}-ci.svc:3000/api/v1/orgs/${org}/repos`, headers);
repos += git.map(|p| p.name); repos += git.map(|p| p.name);
repos.sort(); repos.sort();
log_info(`Found ${repo.len} repos`); log_info(`Found ${repos.len} repos`);
} }
json_encode(#{ json_encode(#{
repos: repos repos: repos

39
share/organisation/index.yaml
View File

@@ -113,6 +113,45 @@ options:
examples: examples:
- false - false
type: boolean type: boolean
images:
default:
kubectl:
pull_policy: IfNotPresent
registry: docker.io
repository: sebt3/basic-toolbox-image
tag: 1.29.3
examples:
- kubectl:
pull_policy: IfNotPresent
registry: docker.io
repository: sebt3/basic-toolbox-image
tag: 1.29.3
properties:
kubectl:
default:
pull_policy: IfNotPresent
registry: docker.io
repository: sebt3/basic-toolbox-image
tag: 1.29.3
properties:
pull_policy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: docker.io
type: string
repository:
default: sebt3/basic-toolbox-image
type: string
tag:
default: 1.29.3
type: string
type: object
type: object
ingress_class: ingress_class:
default: traefik default: traefik
examples: examples:

79
share/organisation/postconfig.tf
View File

@@ -1,19 +1,21 @@
resource "kubectl_manifest" "post_install_job" { resource "kubectl_manifest" "post_install_job_taiga" {
count = var.conditions.have_taiga ? 1:0
yaml_body = <<-EOF yaml_body = <<-EOF
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: "${var.instance}-${var.component}-post-config" name: "${var.instance}-${var.component}-config-taiga"
namespace: "${var.namespace}" namespace: "${var.domain}-ci"
labels: ${jsonencode(local.postcfg_all_labels)} labels: ${jsonencode(local.common_labels)}
ownerReferences: ${jsonencode(var.install_owner)}
spec: spec:
template: template:
spec: spec:
restartPolicy: OnFailure restartPolicy: OnFailure
initContainers: initContainers:
- name: wait-for-svc - name: wait-for-sonar
image: "${var.images.sonar.registry}/${var.images.sonar.repository}:${var.images.sonar.tag}" image: "${var.images.kubectl.registry}/${var.images.kubectl.repository}:${var.images.kubectl.tag}"
imagePullPolicy: ${var.images.sonar.pull_policy} imagePullPolicy: ${var.images.kubectl.pull_policy}
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:
@@ -24,11 +26,68 @@ resource "kubectl_manifest" "post_install_job" {
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
command: ["/bin/bash", "-c"] command: ["/bin/bash", "-c"]
args: ["set -o pipefail;for i in {1..200};do (echo > /dev/tcp/${module.service.name}/80) && exit 0; sleep 2;done; exit 1"] args: ["set -o pipefail;for i in {1..200};do (echo > /dev/tcp/taiga-taiga/80) && exit 0; sleep 2;done; exit 1"]
containers: containers:
- name: post-config - name: post-config
image: "${var.images.sonar.registry}/${var.images.sonar.repository}:${var.images.sonar.tag}" image: "${var.images.kubectl.registry}/${var.images.kubectl.repository}:${var.images.kubectl.tag}"
imagePullPolicy: ${var.images.sonar.pull_policy} imagePullPolicy: ${var.images.kubectl.pull_policy}
command: ["/bin/bash", "-xc"]
args:
- >-
API='http://taiga-taiga.${var.namespace}.svc/api/v1'
JSON='-sH "Content-Type: application/json"'
TOKEN=$(curl -X POST $JSON -d '{ "type": "normal", "username": "admin", "password": "'"$DJANGO_SUPERUSER_PASSWORD"'" }' "$API/auth" | jq -r '.auth_token')
BEAR='-H "Authorization: Bearer '"$TOKEN"'"'
if ! curl $JSON $BEAR "$API/projects"|jq -r '.[].name' |grep -E '^${trimprefix(var.instance,"org-")}$'; then
curl -X POST $JSON $BEAR "http://taiga-taiga.${var.namespace}.svc/api/v1/projects" -d '{ "creation_template": 1, "description": "Organisation ${trimprefix(var.instance,"org-")} project", "is_backlog_activated": true, "is_issues_activated": true, "is_kanban_activated": true, "is_private": true, "is_wiki_activated": true, "name": "${trimprefix(var.instance,"org-")}", }'
fi
envFrom:
- secretRef:
name: taiga-taiga
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
EOF
}
resource "kubectl_manifest" "post_install_job_sonar" {
count = var.conditions.have_gitea && var.conditions.have_sonar ? 0:0
yaml_body = <<-EOF
apiVersion: batch/v1
kind: Job
metadata:
name: "${var.instance}-${var.component}-post-config-sonar"
namespace: "${var.domain}-ci"
labels: ${jsonencode(local.common_labels)}
ownerReferences: ${jsonencode(var.install_owner)}
spec:
template:
spec:
restartPolicy: OnFailure
initContainers:
- name: wait-for-sonar
image: "${var.images.kubectl.registry}/${var.images.kubectl.repository}:${var.images.kubectl.tag}"
imagePullPolicy: ${var.images.kubectl.pull_policy}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
runAsGroup: 0
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
command: ["/bin/bash", "-c"]
args: ["set -o pipefail;for i in {1..200};do (echo > /dev/tcp/sonar-sonar/80) && exit 0; sleep 2;done; exit 1"]
containers:
- name: post-config
image: "${var.images.kubectl.registry}/${var.images.kubectl.repository}:${var.images.kubectl.tag}"
imagePullPolicy: ${var.images.kubectl.pull_policy}
command: ["/bin/bash", "-c"] command: ["/bin/bash", "-c"]
args: args:
- >- - >-

11
share/organisation/template.rhai
View File

@@ -1,6 +1,6 @@
const DEST=dest;
const DOMAIN = config.domain; const DOMAIN = config.domain;
const NAME = instance; const NAME = instance;
const DEST = dest;
fn have_gitea() { fn have_gitea() {
have_namespace(`${global::DOMAIN}-ci`) && have_install(`${global::DOMAIN}-ci`, "gitea") && have_service(`${global::DOMAIN}-ci`, "gitea-http") && have_secret(`${global::DOMAIN}-ci`, "gitea-admin-user") have_namespace(`${global::DOMAIN}-ci`) && have_install(`${global::DOMAIN}-ci`, "gitea") && have_service(`${global::DOMAIN}-ci`, "gitea-http") && have_secret(`${global::DOMAIN}-ci`, "gitea-admin-user")
} }
@@ -8,20 +8,19 @@ fn have_sonar() {
have_namespace(`${global::DOMAIN}-ci`) && have_install(`${global::DOMAIN}-ci`, "sonar") && have_service(`${global::DOMAIN}-ci`, "sonar-sonar") && have_secret(`${global::DOMAIN}-ci`, "sonar-sonar") have_namespace(`${global::DOMAIN}-ci`) && have_install(`${global::DOMAIN}-ci`, "sonar") && have_service(`${global::DOMAIN}-ci`, "sonar-sonar") && have_secret(`${global::DOMAIN}-ci`, "sonar-sonar")
} }
fn have_taiga() { fn have_taiga() {
have_namespace(`${global::DOMAIN}-ci`) && have_install(`${global::DOMAIN}-ci`, "taiga") && have_service(`${global::DOMAIN}-ci`, "taiga-taiga") && have_secret(`${global::DOMAIN}-ci`, "sonar-sonar") have_namespace(`${global::DOMAIN}-ci`) && have_install(`${global::DOMAIN}-ci`, "taiga") && have_service(`${global::DOMAIN}-ci`, "taiga-taiga") && have_secret(`${global::DOMAIN}-ci`, "taiga-taiga")
} }
fn gitea_repos() { fn gitea_repos() {
let repos = []; let repos = [];
let org = "org-solidite"; let org = global::NAME;
org.replace("org-",""); org.replace("org-","");
if (have_gitea() && have_sonar()) { if (have_gitea() && have_sonar()) {
let gitea = get_secret(`${global::DOMAIN}-ci`, "gitea-admin-user"); let gitea = get_secret(`${global::DOMAIN}-ci`, "gitea-admin-user");
let username = base64_decode(gitea.data.username); let username = base64_decode(gitea.data.username);
let password = base64_decode(gitea.data.password); let password = base64_decode(gitea.data.password);
let headers = http_header_basic(username,password); let headers = http_header_basic(username,password);
let got = http_get_json(`http://gitea-http.${global::DOMAIN}-ci.svc:3000/api/v1/orgs/${org}/repos`, headers); let response = http_get_json(`http://gitea-http.${global::DOMAIN}-ci.svc:3000/api/v1/orgs/${org}/repos`, headers);
log_warn(got.body); repos += response.json.map(|p| p.name);
repos += got.json.map(|p| p.name);
repos.sort(); repos.sort();
log_info(`Found ${repos.len} repos`); log_info(`Found ${repos.len} repos`);
} }