fix
This commit is contained in:
@@ -19,7 +19,7 @@ fn conditions() {
|
||||
let got = http_get_json(`http://gitea-http.${global::DOMAIN}-ci.svc:3000/api/v1/orgs/${org}/repos`, headers);
|
||||
repos += git.map(|p| p.name);
|
||||
repos.sort();
|
||||
log_info(`Found ${repo.len} repos`);
|
||||
log_info(`Found ${repos.len} repos`);
|
||||
}
|
||||
json_encode(#{
|
||||
repos: repos
|
||||
|
||||
@@ -113,6 +113,45 @@ options:
|
||||
examples:
|
||||
- false
|
||||
type: boolean
|
||||
images:
|
||||
default:
|
||||
kubectl:
|
||||
pull_policy: IfNotPresent
|
||||
registry: docker.io
|
||||
repository: sebt3/basic-toolbox-image
|
||||
tag: 1.29.3
|
||||
examples:
|
||||
- kubectl:
|
||||
pull_policy: IfNotPresent
|
||||
registry: docker.io
|
||||
repository: sebt3/basic-toolbox-image
|
||||
tag: 1.29.3
|
||||
properties:
|
||||
kubectl:
|
||||
default:
|
||||
pull_policy: IfNotPresent
|
||||
registry: docker.io
|
||||
repository: sebt3/basic-toolbox-image
|
||||
tag: 1.29.3
|
||||
properties:
|
||||
pull_policy:
|
||||
default: IfNotPresent
|
||||
enum:
|
||||
- Always
|
||||
- Never
|
||||
- IfNotPresent
|
||||
type: string
|
||||
registry:
|
||||
default: docker.io
|
||||
type: string
|
||||
repository:
|
||||
default: sebt3/basic-toolbox-image
|
||||
type: string
|
||||
tag:
|
||||
default: 1.29.3
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
ingress_class:
|
||||
default: traefik
|
||||
examples:
|
||||
|
||||
@@ -1,19 +1,21 @@
|
||||
resource "kubectl_manifest" "post_install_job" {
|
||||
resource "kubectl_manifest" "post_install_job_taiga" {
|
||||
count = var.conditions.have_taiga ? 1:0
|
||||
yaml_body = <<-EOF
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: "${var.instance}-${var.component}-post-config"
|
||||
namespace: "${var.namespace}"
|
||||
labels: ${jsonencode(local.postcfg_all_labels)}
|
||||
name: "${var.instance}-${var.component}-config-taiga"
|
||||
namespace: "${var.domain}-ci"
|
||||
labels: ${jsonencode(local.common_labels)}
|
||||
ownerReferences: ${jsonencode(var.install_owner)}
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
restartPolicy: OnFailure
|
||||
initContainers:
|
||||
- name: wait-for-svc
|
||||
image: "${var.images.sonar.registry}/${var.images.sonar.repository}:${var.images.sonar.tag}"
|
||||
imagePullPolicy: ${var.images.sonar.pull_policy}
|
||||
- name: wait-for-sonar
|
||||
image: "${var.images.kubectl.registry}/${var.images.kubectl.repository}:${var.images.kubectl.tag}"
|
||||
imagePullPolicy: ${var.images.kubectl.pull_policy}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
@@ -24,11 +26,68 @@ resource "kubectl_manifest" "post_install_job" {
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
command: ["/bin/bash", "-c"]
|
||||
args: ["set -o pipefail;for i in {1..200};do (echo > /dev/tcp/${module.service.name}/80) && exit 0; sleep 2;done; exit 1"]
|
||||
args: ["set -o pipefail;for i in {1..200};do (echo > /dev/tcp/taiga-taiga/80) && exit 0; sleep 2;done; exit 1"]
|
||||
containers:
|
||||
- name: post-config
|
||||
image: "${var.images.sonar.registry}/${var.images.sonar.repository}:${var.images.sonar.tag}"
|
||||
imagePullPolicy: ${var.images.sonar.pull_policy}
|
||||
image: "${var.images.kubectl.registry}/${var.images.kubectl.repository}:${var.images.kubectl.tag}"
|
||||
imagePullPolicy: ${var.images.kubectl.pull_policy}
|
||||
command: ["/bin/bash", "-xc"]
|
||||
args:
|
||||
- >-
|
||||
API='http://taiga-taiga.${var.namespace}.svc/api/v1'
|
||||
JSON='-sH "Content-Type: application/json"'
|
||||
TOKEN=$(curl -X POST $JSON -d '{ "type": "normal", "username": "admin", "password": "'"$DJANGO_SUPERUSER_PASSWORD"'" }' "$API/auth" | jq -r '.auth_token')
|
||||
BEAR='-H "Authorization: Bearer '"$TOKEN"'"'
|
||||
if ! curl $JSON $BEAR "$API/projects"|jq -r '.[].name' |grep -E '^${trimprefix(var.instance,"org-")}$'; then
|
||||
curl -X POST $JSON $BEAR "http://taiga-taiga.${var.namespace}.svc/api/v1/projects" -d '{ "creation_template": 1, "description": "Organisation ${trimprefix(var.instance,"org-")} project", "is_backlog_activated": true, "is_issues_activated": true, "is_kanban_activated": true, "is_private": true, "is_wiki_activated": true, "name": "${trimprefix(var.instance,"org-")}", }'
|
||||
fi
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: taiga-taiga
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
EOF
|
||||
}
|
||||
resource "kubectl_manifest" "post_install_job_sonar" {
|
||||
count = var.conditions.have_gitea && var.conditions.have_sonar ? 0:0
|
||||
yaml_body = <<-EOF
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: "${var.instance}-${var.component}-post-config-sonar"
|
||||
namespace: "${var.domain}-ci"
|
||||
labels: ${jsonencode(local.common_labels)}
|
||||
ownerReferences: ${jsonencode(var.install_owner)}
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
restartPolicy: OnFailure
|
||||
initContainers:
|
||||
- name: wait-for-sonar
|
||||
image: "${var.images.kubectl.registry}/${var.images.kubectl.repository}:${var.images.kubectl.tag}"
|
||||
imagePullPolicy: ${var.images.kubectl.pull_policy}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
command: ["/bin/bash", "-c"]
|
||||
args: ["set -o pipefail;for i in {1..200};do (echo > /dev/tcp/sonar-sonar/80) && exit 0; sleep 2;done; exit 1"]
|
||||
containers:
|
||||
- name: post-config
|
||||
image: "${var.images.kubectl.registry}/${var.images.kubectl.repository}:${var.images.kubectl.tag}"
|
||||
imagePullPolicy: ${var.images.kubectl.pull_policy}
|
||||
command: ["/bin/bash", "-c"]
|
||||
args:
|
||||
- >-
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
const DEST=dest;
|
||||
const DOMAIN = config.domain;
|
||||
const NAME = instance;
|
||||
const DEST = dest;
|
||||
fn have_gitea() {
|
||||
have_namespace(`${global::DOMAIN}-ci`) && have_install(`${global::DOMAIN}-ci`, "gitea") && have_service(`${global::DOMAIN}-ci`, "gitea-http") && have_secret(`${global::DOMAIN}-ci`, "gitea-admin-user")
|
||||
}
|
||||
@@ -8,20 +8,19 @@ fn have_sonar() {
|
||||
have_namespace(`${global::DOMAIN}-ci`) && have_install(`${global::DOMAIN}-ci`, "sonar") && have_service(`${global::DOMAIN}-ci`, "sonar-sonar") && have_secret(`${global::DOMAIN}-ci`, "sonar-sonar")
|
||||
}
|
||||
fn have_taiga() {
|
||||
have_namespace(`${global::DOMAIN}-ci`) && have_install(`${global::DOMAIN}-ci`, "taiga") && have_service(`${global::DOMAIN}-ci`, "taiga-taiga") && have_secret(`${global::DOMAIN}-ci`, "sonar-sonar")
|
||||
have_namespace(`${global::DOMAIN}-ci`) && have_install(`${global::DOMAIN}-ci`, "taiga") && have_service(`${global::DOMAIN}-ci`, "taiga-taiga") && have_secret(`${global::DOMAIN}-ci`, "taiga-taiga")
|
||||
}
|
||||
fn gitea_repos() {
|
||||
let repos = [];
|
||||
let org = "org-solidite";
|
||||
let org = global::NAME;
|
||||
org.replace("org-","");
|
||||
if (have_gitea() && have_sonar()) {
|
||||
let gitea = get_secret(`${global::DOMAIN}-ci`, "gitea-admin-user");
|
||||
let username = base64_decode(gitea.data.username);
|
||||
let password = base64_decode(gitea.data.password);
|
||||
let headers = http_header_basic(username,password);
|
||||
let got = http_get_json(`http://gitea-http.${global::DOMAIN}-ci.svc:3000/api/v1/orgs/${org}/repos`, headers);
|
||||
log_warn(got.body);
|
||||
repos += got.json.map(|p| p.name);
|
||||
let response = http_get_json(`http://gitea-http.${global::DOMAIN}-ci.svc:3000/api/v1/orgs/${org}/repos`, headers);
|
||||
repos += response.json.map(|p| p.name);
|
||||
repos.sort();
|
||||
log_info(`Found ${repos.len} repos`);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user