testing

template/stacks/core/argocd-sso/argocd-sso-config.yaml

@@ -16,21 +16,22 @@ spec:
       containers:
         - name: push
           image: docker.io/library/ubuntu:22.04
-          envFrom:
+          env:
-            - secretRef: 
+            - name: ARGOCD_CLIENT_SECRET
-                name: auth-generic-oauth-secret # thats the external secret the job should wait for
+              valueFrom:
-            - secretRef:
+                secretKeyRef:
-                name: k8s-job-token # edpbuilder should create this automatically and feed it to this job
+                  name: auth-generic-oauth-secret
+                  key: client_secret
+          # envFrom:
+          #   - secretRef: 
+          #       name: auth-generic-oauth-secret # thats the external secret the job should wait for
+          #   - secretRef:
+          #       name: k8s-job-token # edpbuilder should create this automatically and feed it to this job
           command: ["/bin/bash", "-c"]
           args:
             - |
               #! /bin/bash
 
-              if [[ "$client_secret" == "" ]];
-              then
-                exit 1
-              fi
-
               apt -qq update
               apt -qq install git wget -y
               if [[ "$(uname -m)" == "x86_64" ]]; then
@@ -45,14 +46,14 @@ spec:
 
               DOMAIN=192-168-197-2.c-one-infra.de
               GIT_USERNAME=giteaAdmin
-              GIT_PASSWORD=2e53bfe27b64a5aa4e8bc591e15b33cc92ff95fa
+              GIT_PASSWORD=a618f97ca89714d894d5bfc7ac47d0b76a7ec35a
 
               git config --global user.email "bot@bots.de"
               git config --global user.name "bot"
               
-              git clone https://${GIT_USERNAME}:${GIT_PASSWORD}@gitea-${DOMAIN}/giteaAdmin/edfbuilder.git
+              git clone https://${GIT_USERNAME}:${GIT_PASSWORD}@{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder.git
               cd edfbuilder
-              yq eval '.configs.cm."oidc.config" = "name: Keycloak\nissuer: https://192-168-197-2.c-one-infra.de/keycloak/realms/cnoe\nclientID: argocd\nclientSecret:          $auth-generic-oauth-secret:client_secret\nrequestedScopes: [\"openid\", \"profile\", \"email\", \"groups\"]"' -i stacks/core/argocd/values.yaml
+              yq eval '.configs.cm."oidc.config" = "name: Keycloak\nissuer: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe\nclientID: argocd\nclientSecret: $auth-generic-oauth-secret:client_secret\nrequestedScopes: [\"openid\", \"profile\", \"email\", \"groups\"]"' -i stacks/core/argocd/values.yaml
               
               git add stacks/core/argocd/values.yaml
               git commit -m "adds Forgejo SSO config"

template/stacks/core/forgejo-sso/forgejo-sso-config.yaml

@@ -45,19 +45,19 @@ spec:
 
               DOMAIN=192-168-197-2.c-one-infra.de
               GIT_USERNAME=giteaAdmin
-              GIT_PASSWORD=2e53bfe27b64a5aa4e8bc591e15b33cc92ff95fa
+              GIT_PASSWORD=a618f97ca89714d894d5bfc7ac47d0b76a7ec35a
 
               git config --global user.email "bot@bots.de"
               git config --global user.name "giteaAdmin"
               
-              git clone https://${GIT_USERNAME}:${GIT_PASSWORD}@gitea-${DOMAIN}/giteaAdmin/edfbuilder.git
+              git clone https://${GIT_USERNAME}:${GIT_PASSWORD}@{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder.git
               cd edfbuilder
               yq eval ".gitea.oauth = [
                 {
                   \"name\": \"Keycloak\",
                   \"provider\": \"openidConnect\",
                   \"existingSecret\": \"auth-generic-oauth-secret\",
-                  \"autoDiscoverUrl\": \"https://${DOMAIN}/keycloak/realms/cnoe/.well-known/openid-configuration\"
+                  \"autoDiscoverUrl\": \"https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe/.well-known/openid-configuration\"
                 }
               ] |
                 (.gitea.oauth[] | .name) |= (. style=\"single\")