diff --git a/template/stacks/core/argocd-sso/argocd-sso-config.yaml b/template/stacks/core/argocd-sso/argocd-sso-config.yaml index a374afb..2770527 100644 --- a/template/stacks/core/argocd-sso/argocd-sso-config.yaml +++ b/template/stacks/core/argocd-sso/argocd-sso-config.yaml @@ -22,6 +22,16 @@ spec: secretKeyRef: name: auth-generic-oauth-secret key: client_secret + - name: FORGEJO_USER + valueFrom: + secretKeyRef: + name: forgejo-access-token + key: forgejo_username + - name: FORGEJO_TOKEN + valueFrom: + secretKeyRef: + name: forgejo-access-token + key: forgejo_token # envFrom: # - secretRef: # name: auth-generic-oauth-secret # thats the external secret the job should wait for @@ -46,14 +56,14 @@ spec: DOMAIN=192-168-197-2.c-one-infra.de GIT_USERNAME=giteaAdmin - GIT_PASSWORD=a618f97ca89714d894d5bfc7ac47d0b76a7ec35a + GIT_PASSWORD=2d3a114ddfb6059929cc6d97451201e361a524f3 git config --global user.email "bot@bots.de" git config --global user.name "bot" git clone https://${GIT_USERNAME}:${GIT_PASSWORD}@gitea-${DOMAIN}/giteaAdmin/edfbuilder.git cd edfbuilder - yq eval '.configs.cm."oidc.config" = "name: Keycloak\nissuer: https://${DOMAIN}/keycloak/realms/cnoe\nclientID: argocd\nclientSecret: $auth-generic-oauth-secret:client_secret\nrequestedScopes: [\"openid\", \"profile\", \"email\", \"groups\"]"' -i stacks/core/argocd/values.yaml + yq eval '.configs.cm."oidc.config" = "name: Keycloak\nissuer: https://192-168-197-2.c-one-infra.de/keycloak/realms/cnoe\nclientID: argocd\nclientSecret: $auth-generic-oauth-secret:client_secret\nrequestedScopes: [\"openid\", \"profile\", \"email\", \"groups\"]"' -i stacks/core/argocd/values.yaml git add stacks/core/argocd/values.yaml git commit -m "adds Forgejo SSO config" diff --git a/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml b/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml index 3d51b86..cc7e82a 100644 --- a/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml +++ b/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml @@ -16,6 +16,22 @@ spec: containers: - name: push image: docker.io/library/ubuntu:22.04 + env: + - name: FORGEJO_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: auth-generic-oauth-secret + key: client_secret + - name: FORGEJO_USER + valueFrom: + secretKeyRef: + name: forgejo-access-token + key: forgejo_username + - name: FORGEJO_TOKEN + valueFrom: + secretKeyRef: + name: forgejo-access-token + key: forgejo_token # envFrom: # - secretRef: # name: auth-generic-oauth-secret # thats the external secret the job should wait for @@ -45,7 +61,7 @@ spec: DOMAIN=192-168-197-2.c-one-infra.de GIT_USERNAME=giteaAdmin - GIT_PASSWORD=a618f97ca89714d894d5bfc7ac47d0b76a7ec35a + GIT_PASSWORD=2d3a114ddfb6059929cc6d97451201e361a524f3 git config --global user.email "bot@bots.de" git config --global user.name "giteaAdmin" @@ -57,7 +73,7 @@ spec: \"name\": \"Keycloak\", \"provider\": \"openidConnect\", \"existingSecret\": \"auth-generic-oauth-secret\", - \"autoDiscoverUrl\": \"https://${DOMAIN}/keycloak/realms/cnoe/.well-known/openid-configuration\" + \"autoDiscoverUrl\": \"https://192-168-197-2.c-one-infra.de/keycloak/realms/cnoe/.well-known/openid-configuration\" } ] | (.gitea.oauth[] | .name) |= (. style=\"single\")