resource "kubernetes_namespace_v1" "ns-tekton" { count = var.haveGitea && var.haveTekton?1:0 metadata { annotations = local.annotations labels = merge(local.common-labels, local.annotations) name = "${var.domain}-ci-${var.instance}" } } resource "kubectl_manifest" "tekton" { count = var.haveGitea && var.haveTekton?1:0 depends_on = [kubernetes_namespace_v1.ns-tekton] yaml_body = <<-EOF apiVersion: "vynil.solidite.fr/v1" kind: "Install" metadata: name: "tekton-base" namespace: "${var.domain}-ci-${var.instance}" labels: ${jsonencode(local.common-labels)} spec: distrib: "${var.distributions.domain}" category: "share" component: "gitea-tekton-org" options: domain: "${var.domain}" organization: "${trimprefix(var.instance,"org-")}" autoCI: ${jsonencode(var.haveGitea&&var.haveTekton&& var.autoCI)} autoCD: ${jsonencode(var.haveGitea&&var.haveTekton&& var.autoCD)} EOF } resource "kubectl_manifest" "ci-ssh-creds" { depends_on = [kubernetes_namespace_v1.ns-tekton] count = var.haveGitea && var.haveTekton?1:0 yaml_body = <<-EOF apiVersion: "secretgenerator.mittwald.de/v1alpha1" kind: "SSHKeyPair" metadata: name: "ssh-credentials" namespace: "${var.domain}-ci-${var.instance}" labels: ${jsonencode(local.common-labels)} spec: length: "2048" forceRegenerate: false data: known_hosts: "${data.local_file.known_host[0].content}" EOF lifecycle { ignore_changes = [ yaml_body, ] } } data "kubernetes_secret_v1" "ci-ssh-creds-read" { depends_on = [kubectl_manifest.ci-ssh-creds] count = var.haveGitea && var.haveTekton?1:0 metadata { name = "ssh-credentials" namespace = "${var.domain}-ci-${var.instance}" } } resource "gitea_public_key" "ci-user-keys" { count = var.haveGitea && var.haveTekton?1:0 title = "Tekton token to read repository ${var.instance}" username = gitea_user.user-ci[0].username key = data.kubernetes_secret_v1.ci-ssh-creds-read[count.index].data["ssh-publickey"] }