fix

2024-04-19 12:22:23 +02:00
parent 7dae79cb46
commit b56a7de484
41 changed files with 2911 additions and 12 deletions
--- a/share/organisation/ci-space.tf
+++ b/share/organisation/ci-space.tf
@@ -0,0 +1,66 @@
+resource "kubernetes_namespace_v1" "ns-tekton" {
+  count = var.haveGitea && var.haveTekton?1:0
+  metadata {
+    annotations = local.annotations
+    labels = merge(local.common-labels, local.annotations)
+    name = "${var.domain}-ci-${var.instance}"
+  }
+}
+
+resource "kubectl_manifest" "tekton" {
+  count = var.haveGitea && var.haveTekton?1:0
+  depends_on = [kubernetes_namespace_v1.ns-tekton]
+  yaml_body  = <<-EOF
+    apiVersion: "vynil.solidite.fr/v1"
+    kind: "Install"
+    metadata:
+      name: "tekton-base"
+      namespace: "${var.domain}-ci-${var.instance}"
+      labels: ${jsonencode(local.common-labels)}
+    spec:
+      distrib: "${var.distributions.domain}"
+      category: "share"
+      component: "gitea-tekton-org"
+      options:
+        domain: "${var.domain}"
+        organization: "${trimprefix(var.instance,"org-")}"
+  EOF
+}
+
+resource "kubectl_manifest" "ci-ssh-creds" {
+  depends_on = [kubernetes_namespace_v1.ns-tekton]
+  count = var.haveGitea && var.haveTekton?1:0
+  yaml_body  = <<-EOF
+    apiVersion: "secretgenerator.mittwald.de/v1alpha1"
+    kind: "SSHKeyPair"
+    metadata:
+      name: "ssh-credentials"
+      namespace: "${var.domain}-ci-${var.instance}"
+      labels: ${jsonencode(local.common-labels)}
+    spec:
+      length: "2048"
+      forceRegenerate: false
+      data:
+        known_hosts: "${data.local_file.known_host[0].content}"
+  EOF
+  lifecycle {
+    ignore_changes = [
+      yaml_body,
+    ]
+  }
+}
+
+data "kubernetes_secret_v1" "ci-ssh-creds-read" {
+  depends_on = [kubectl_manifest.ci-ssh-creds]
+  count = var.haveGitea && var.haveTekton?1:0
+  metadata {
+    name = "ssh-credentials"
+    namespace = "${var.domain}-ci-${var.instance}"
+  }
+}
+resource "gitea_public_key" "user-ci-keys" {
+  count = var.haveGitea && var.haveTekton?1:0
+  title = "Tekton token to read repository ${var.instance}"
+  username  = gitea_user.user-ci[0].username
+  key = data.kubernetes_secret_v1.ci-ssh-creds-read[count.index].data["ssh-publickey"]
+}