DevFW-CICD/stacks
14
0
Fork 2
Code Issues Pull requests 3 Projects Releases Packages Wiki Activity Actions

Merge branch 'development' into modularise_edp

Browse source
This commit is contained in:
Richard Robert Reitz 2025-04-28 10:33:25 +02:00
commit fbfc42cf47
7 changed files with 214 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
template/stacks/core/argocd/manifests/argocd-forgejo-access-token.yaml Normal file
View file

@ -0,0 +1,29 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: forgejo-access-token
namespace: argocd
spec:
secretStoreRef:
name: gitea
kind: ClusterSecretStore
refreshInterval: "0"
target:
name: forgejo-access-token
template:
engineVersion: v2
data:
forgejo_username: "{{.FORGEJO_ACCESS_USERNAME}}"
forgejo_token: "{{.FORGEJO_ACCESS_TOKEN}}"
metadata:
labels:
app.kubernetes.io/part-of: argocd
data:
- secretKey: FORGEJO_ACCESS_USERNAME
remoteRef:
key: forgejo-access-token
property: username
- secretKey: FORGEJO_ACCESS_TOKEN
remoteRef:
key: forgejo-access-token
property: token

54
template/stacks/core/argocd/manifests/argocd-sso-config.yaml Normal file
View file

@ -0,0 +1,54 @@
---
apiVersion: batch/v1
kind: Job
metadata:
name: argocd-config
namespace: argocd
spec:
template:
metadata:
generateName: argocd-config-
spec:
restartPolicy: OnFailure
containers:
- name: push
image: docker.io/library/ubuntu:22.04
env:
- name: FORGEJO_USER
valueFrom:
secretKeyRef:
name: forgejo-access-token
key: forgejo_username
- name: FORGEJO_TOKEN
valueFrom:
secretKeyRef:
name: forgejo-access-token
key: forgejo_token
command: ["/bin/bash", "-c"]
args:
- |
#! /bin/bash
apt -qq update
apt -qq install git wget -y
if [[ "$(uname -m)" == "x86_64" ]]; then
wget https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_amd64
install yq_linux_amd64 /usr/local/bin/yq
rm yq_linux_amd64
else
wget https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_arm64
install yq_linux_arm64 /usr/local/bin/yq
rm yq_linux_arm64
fi
git config --global user.email "bot@bots.de"
git config --global user.name "bot"
git clone https://${FORGEJO_USER}:${FORGEJO_TOKEN}@{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder.git
cd edfbuilder
yq eval '.configs.cm."oidc.config" = "name: Keycloak\nissuer: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe\nclientID: argocd\nclientSecret: $auth-generic-oauth-secret:client_secret\nrequestedScopes: [\"openid\", \"profile\", \"email\", \"groups\"]"' -i stacks/core/argocd/values.yaml
git add stacks/core/argocd/values.yaml
git commit -m "adds Forgejo SSO config"
git push
backoffLimit: 99

2
template/stacks/core/forgejo.yaml
View file

@ -18,7 +18,7 @@ spec:
sources: sources:
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/forgejo-helm.git - repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/forgejo-helm.git
path: . path: .
targetRevision: v11.0.5-depends targetRevision: v12.0.0-depends
helm: helm:
valueFiles: valueFiles:
- $values/{{{ .Env.CLIENT_REPO_ID }}}/{{{ .Env.DOMAIN }}}/stacks/core/forgejo/values.yaml - $values/{{{ .Env.CLIENT_REPO_ID }}}/{{{ .Env.DOMAIN }}}/stacks/core/forgejo/values.yaml

26
template/stacks/core/forgejo/manifests/forgejo-access-token.yaml Normal file
View file

@ -0,0 +1,26 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: forgejo-access-token
namespace: gitea
spec:
secretStoreRef:
name: gitea
kind: ClusterSecretStore
refreshInterval: "0"
target:
name: forgejo-access-token
template:
engineVersion: v2
data:
forgejo_username: "{{.FORGEJO_ACCESS_USERNAME}}"
forgejo_token: "{{.FORGEJO_ACCESS_TOKEN}}"
data:
- secretKey: FORGEJO_ACCESS_USERNAME
remoteRef:
key: forgejo-access-token
property: username
- secretKey: FORGEJO_ACCESS_TOKEN
remoteRef:
key: forgejo-access-token
property: token

26
template/stacks/core/forgejo/manifests/forgejo-secret.yaml Normal file
View file

@ -0,0 +1,26 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: auth-generic-oauth-secret
namespace: gitea
spec:
secretStoreRef:
name: keycloak
kind: ClusterSecretStore
refreshInterval: "0"
target:
name: auth-generic-oauth-secret
template:
engineVersion: v2
data:
key: "{{.FORGEJO_CLIENT_ID}}"
secret: "{{.FORGEJO_CLIENT_SECRET}}"
data:
- secretKey: FORGEJO_CLIENT_ID
remoteRef:
key: keycloak-clients
property: FORGEJO_CLIENT_ID
- secretKey: FORGEJO_CLIENT_SECRET
remoteRef:
key: keycloak-clients
property: FORGEJO_CLIENT_SECRET

76
template/stacks/core/forgejo/manifests/forgejo-sso-config.yaml Normal file
View file

@ -0,0 +1,76 @@
---
apiVersion: batch/v1
kind: Job
metadata:
name: forgejo-config
namespace: gitea
spec:
template:
metadata:
generateName: forgejo-config-
spec:
restartPolicy: OnFailure
containers:
- name: push
image: docker.io/library/ubuntu:22.04
env:
- name: FORGEJO_USER
valueFrom:
secretKeyRef:
name: forgejo-access-token
key: forgejo_username
- name: FORGEJO_TOKEN
valueFrom:
secretKeyRef:
name: forgejo-access-token
key: forgejo_token
command: ["/bin/bash", "-c"]
args:
- |
#! /bin/bash
apt -qq update
apt -qq install git wget -y
if [[ "$(uname -m)" == "x86_64" ]]; then
wget https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_amd64
install yq_linux_amd64 /usr/local/bin/yq
rm yq_linux_amd64
else
wget https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_arm64
install yq_linux_arm64 /usr/local/bin/yq
rm yq_linux_arm64
fi
git config --global user.email "bot@bots.de"
git config --global user.name "giteaAdmin"
git clone https://${FORGEJO_USER}:${FORGEJO_TOKEN}@{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder.git
cd edfbuilder
yq eval ".gitea.oauth = [
{
\"name\": \"Keycloak\",
\"provider\": \"openidConnect\",
\"existingSecret\": \"auth-generic-oauth-secret\",
\"autoDiscoverUrl\": \"https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe/.well-known/openid-configuration\"
}
] |
(.gitea.oauth[] | .name) |= (. style=\"single\")
|
(.gitea.oauth[] | .provider) |= (. style=\"single\")
|
(.gitea.oauth[] | .existingSecret) |= (. style=\"single\")
|
(.gitea.oauth[] | .autoDiscoverUrl) |= (. style=\"single\")
" -i stacks/core/forgejo/values.yaml
yq eval '.gitea.config.oauth2_client =
{
"ENABLE_AUTO_REGISTRATION" : true,
"ACCOUNT_LINKING" : "auto"
}
' -i stacks/core/forgejo/values.yaml
git add stacks/core/forgejo/values.yaml
git commit -m "adds Forgejo SSO config"
git push
backoffLimit: 99

3
template/stacks/ref-implementation/backstage/manifests/install.yaml
View file

@ -264,7 +264,8 @@ spec:
name: gitea-credentials name: gitea-credentials
- secretRef: - secretRef:
name: argocd-credentials name: argocd-credentials
image: forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/devfw-cicd/backstage-edp:development image: forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/devfw-cicd/backstage-edp:1.1.0
imagePullPolicy: Always
name: backstage name: backstage
ports: ports:
- containerPort: 7007 - containerPort: 7007