fix

apps/taiga/taiga_ConfigMap.tf

@@ -51,7 +51,7 @@ resource "kubectl_manifest" "cm_env_front" {
       ENABLE_JIRA_IMPORTER: "false"
       ENABLE_TRELLO_IMPORTER: "false"
       ENABLE_OIDC_AUTH: "false"
-      ENABLE_OPENID_AUTH: "true"
+      ENABLE_OPENID: "true"
       OPENID_URL: "${module.oauth2.sso_authorize_url}"
       OPENID_SCOPE: "openid email profile"
       OPENID_NAME: "${var.domain_name}"
@@ -85,8 +85,6 @@ resource "kubectl_manifest" "cm_scripts" {
         fi
         if [ $(python manage.py dumpdata projects.projecttemplate|wc -c) -lt 1000 ];then
           python manage.py loaddata initial_project_templates
-        else
-          echo "skipping loading initial templates : already here"
         fi
 EOF
 }

share/organisation/check.rhai

@@ -0,0 +1,27 @@
+const DOMAIN = config.domain;
+const NAME = instance;
+fn check_domain() {
+    assert(have_namespace(`${global::DOMAIN}`),                         `There is no ${global::DOMAIN} namespace`);
+}
+fn pre_check() {
+    check_domain();
+}
+fn conditions() {
+    let org = global::NAME;
+    org.replace("org-","");
+    let insts = list_install(`${global::DOMAIN}-ci`).items;
+    let repos = [];
+    if (insts.some(|i| i.metadata.name=="gitea") && insts.some(|i| i.metadata.name=="sonar")) {
+        let gitea = get_secret(`${global::DOMAIN}-ci`, "gitea-admin-user");
+        let username = base64_decode(gitea.data.username);
+        let password = base64_decode(gitea.data.password);
+        let headers = http_header_basic(username,password);
+        let got = http_get_json(`http://gitea-http.${global::DOMAIN}-ci.svc:3000/api/v1/orgs/${org}/repos`, headers);
+        repos += git.map(|p| p.name);
+        repos.sort();
+        log_info(`Found ${repo.len} repos`);
+    }
+    json_encode(#{
+        repos: repos
+    })
+}

share/organisation/index.yaml

@@ -74,9 +74,9 @@ options:
         type: string
     type: object
   domain:
-    default: your-company
+    default: media
     examples:
-    - your-company
+    - media
     type: string
   domain_name:
     default: your_company.com

share/organisation/postconfig.tf

@@ -0,0 +1,49 @@
+resource "kubectl_manifest" "post_install_job" {
+  yaml_body  = <<-EOF
+    apiVersion: batch/v1
+    kind: Job
+    metadata:
+      name: "${var.instance}-${var.component}-post-config"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.postcfg_all_labels)}
+    spec:
+      template:
+        spec:
+          restartPolicy: OnFailure
+          initContainers:
+          - name: wait-for-svc
+            image: "${var.images.sonar.registry}/${var.images.sonar.repository}:${var.images.sonar.tag}"
+            imagePullPolicy: ${var.images.sonar.pull_policy}
+            securityContext:
+              allowPrivilegeEscalation: false
+              capabilities:
+                drop: ["ALL"]
+              runAsGroup: 0
+              runAsNonRoot: true
+              runAsUser: 1000
+              seccompProfile:
+                type: RuntimeDefault
+            command: ["/bin/bash", "-c"]
+            args: ["set -o pipefail;for i in {1..200};do (echo > /dev/tcp/${module.service.name}/80) && exit 0; sleep 2;done; exit 1"]
+          containers:
+          - name: post-config
+            image: "${var.images.sonar.registry}/${var.images.sonar.repository}:${var.images.sonar.tag}"
+            imagePullPolicy: ${var.images.sonar.pull_policy}
+            command: ["/bin/bash", "-c"]
+            args:
+            - >-
+              curl -o /dev/null -s -w "%%{http_code}\n" -u admin:admin -X POST "http://${module.service.name}.${var.namespace}.svc/api/users/change_password?login=admin&previousPassword=admin&password=$ADMIN_PASSWORD"
+            envFrom:
+            - secretRef:
+                name: ${kubectl_manifest.secret.name}
+            securityContext:
+              allowPrivilegeEscalation: false
+              capabilities:
+                drop: ["ALL"]
+              runAsGroup: 1000
+              runAsNonRoot: true
+              runAsUser: 1000
+              seccompProfile:
+                type: RuntimeDefault
+  EOF
+}

share/organisation/template.rhai

@@ -0,0 +1,37 @@
+const DEST=dest;
+const DOMAIN = config.domain;
+const NAME = instance;
+fn have_gitea() {
+    have_namespace(`${global::DOMAIN}-ci`) && have_install(`${global::DOMAIN}-ci`, "gitea") && have_service(`${global::DOMAIN}-ci`, "gitea-http") && have_secret(`${global::DOMAIN}-ci`, "gitea-admin-user")
+}
+fn have_sonar() {
+    have_namespace(`${global::DOMAIN}-ci`) && have_install(`${global::DOMAIN}-ci`, "sonar") && have_service(`${global::DOMAIN}-ci`, "sonar-sonar") && have_secret(`${global::DOMAIN}-ci`, "sonar-sonar")
+}
+fn have_taiga() {
+    have_namespace(`${global::DOMAIN}-ci`) && have_install(`${global::DOMAIN}-ci`, "taiga") && have_service(`${global::DOMAIN}-ci`, "taiga-taiga") && have_secret(`${global::DOMAIN}-ci`, "sonar-sonar")
+}
+fn gitea_repos() {
+    let repos = [];
+    let org = "org-solidite";
+    org.replace("org-","");
+    if (have_gitea() && have_sonar()) {
+        let gitea = get_secret(`${global::DOMAIN}-ci`, "gitea-admin-user");
+        let username = base64_decode(gitea.data.username);
+        let password = base64_decode(gitea.data.password);
+        let headers = http_header_basic(username,password);
+        let got = http_get_json(`http://gitea-http.${global::DOMAIN}-ci.svc:3000/api/v1/orgs/${org}/repos`, headers);
+        log_warn(got.body);
+        repos += got.json.map(|p| p.name);
+        repos.sort();
+        log_info(`Found ${repos.len} repos`);
+    }
+    repos
+}
+fn post_template() {
+    save_to_tf(`${global::DEST}/conditions.tf`, "conditions", #{
+        have_gitea: have_gitea(),
+        have_sonar: have_sonar(),
+        have_taiga: have_taiga(),
+        repos: gitea_repos()
+    });
+}