2 Commits

Author SHA1 Message Date
benvin 5c784eff19 Merge branch 'main' into benvin/update1
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/plan Pipeline was successful
2026-06-11 23:32:17 +10:00
unkinben cee451f741 feat: add terraform-git
ci/woodpecker/pr/pre-commit Pipeline failed
ci/woodpecker/pr/plan Pipeline was successful
- add new repo
- change write -> none
2026-06-11 00:52:50 +10:00
26 changed files with 94 additions and 155 deletions
+1 -1
View File
@@ -9,7 +9,7 @@ steps:
VAULT_AUTH_METHOD: kubernetes VAULT_AUTH_METHOD: kubernetes
commands: commands:
- dnf install vault -y - dnf install vault -y
- make apply - make apply-if-changes
backend_options: backend_options:
kubernetes: kubernetes:
serviceAccountName: terraform-git serviceAccountName: terraform-git
@@ -1,16 +0,0 @@
description: "Simple API for showing a users age"
private: false
default_branch: "main"
default_delete_branch_after_merge: true
default_merge_style: "squash"
branch_protection:
- rule_name: "main"
enable_push: false
status_check_contexts:
- "ci/woodpecker/pr/pre-commit"
- "ci/woodpecker/pr/test"
- "ci/woodpecker/pr/build"
approval_whitelist_teams:
- "Owners"
merge_whitelist_teams:
- "Owners"
@@ -10,3 +10,4 @@ branch_protection:
- "ci/woodpecker/pr/kubeconform" - "ci/woodpecker/pr/kubeconform"
approval_whitelist_users: approval_whitelist_users:
- "unkinben" - "unkinben"
woodpecker: true
@@ -12,3 +12,4 @@ branch_protection:
- "ci/woodpecker/pr/build" - "ci/woodpecker/pr/build"
approval_whitelist_users: approval_whitelist_users:
- "unkinben" - "unkinben"
woodpecker: true
@@ -9,3 +9,4 @@ branch_protection:
- "unkinben" - "unkinben"
approval_whitelist_users: approval_whitelist_users:
- "unkinben" - "unkinben"
woodpecker: true
@@ -1,13 +0,0 @@
description: "Base container image for forgebot agents"
private: false
default_branch: "main"
default_delete_branch_after_merge: true
default_merge_style: "squash"
branch_protection:
- rule_name: "main"
enable_push: false
status_check_contexts:
- "ci/woodpecker/pr/build"
approval_whitelist_teams:
- "docker"
- "forgebot"
@@ -1,13 +0,0 @@
description: "Dev toolchain container for forgebot agents"
private: false
default_branch: "main"
default_delete_branch_after_merge: true
default_merge_style: "squash"
branch_protection:
- rule_name: "main"
enable_push: false
status_check_contexts:
- "ci/woodpecker/pr/build"
approval_whitelist_teams:
- "docker"
- "forgebot"
@@ -1,13 +0,0 @@
description: "Infrastructure toolchain container for forgebot agents"
private: false
default_branch: "main"
default_delete_branch_after_merge: true
default_merge_style: "squash"
branch_protection:
- rule_name: "main"
enable_push: false
status_check_contexts:
- "ci/woodpecker/pr/build"
approval_whitelist_teams:
- "docker"
- "forgebot"
@@ -1,14 +0,0 @@
description: "Skill definitions for forgebot agents"
private: false
default_branch: "main"
default_delete_branch_after_merge: true
default_merge_style: "squash"
branch_protection:
- rule_name: "main"
enable_push: false
status_check_contexts:
- "ci/woodpecker/pr/validate"
approval_whitelist_teams:
- "forgebot"
merge_whitelist_teams:
- "forgebot"
@@ -1,16 +0,0 @@
description: "K8s operator + API for AI agent dispatch from git forges"
private: false
default_branch: "main"
default_delete_branch_after_merge: true
default_merge_style: "squash"
branch_protection:
- rule_name: "main"
enable_push: false
status_check_contexts:
- "ci/woodpecker/pr/pre-commit"
- "ci/woodpecker/pr/test"
- "ci/woodpecker/pr/build"
approval_whitelist_teams:
- "forgebot"
merge_whitelist_teams:
- "forgebot"
@@ -12,3 +12,4 @@ branch_protection:
- "ci/woodpecker/pr/unit-tests" - "ci/woodpecker/pr/unit-tests"
approval_whitelist_users: approval_whitelist_users:
- "unkinben" - "unkinben"
woodpecker: true
@@ -35,3 +35,4 @@ branch_protection:
- "ci/woodpecker/pr/yamllint" - "ci/woodpecker/pr/yamllint"
approval_whitelist_teams: approval_whitelist_teams:
- "puppet" - "puppet"
woodpecker: true
@@ -13,3 +13,4 @@ branch_protection:
approval_whitelist_teams: approval_whitelist_teams:
- "puppet" - "puppet"
block_on_rejected_reviews: true block_on_rejected_reviews: true
woodpecker: true
@@ -18,3 +18,4 @@ branch_protection:
approval_whitelist_teams: approval_whitelist_teams:
- "rpmbuild" - "rpmbuild"
block_on_rejected_reviews: true block_on_rejected_reviews: true
woodpecker: true
@@ -1,18 +0,0 @@
description: "Terraform configuration for managing ArtifactAPI remote and virtual repositories"
private: false
default_branch: "main"
default_delete_branch_after_merge: true
default_merge_style: "squash"
branch_protection:
- rule_name: "main"
enable_push: false
merge_whitelist_users:
- "benvin"
- "unkinben"
status_check_contexts:
- "ci/woodpecker/pr/pre-commit"
- "ci/woodpecker/pr/plan"
approval_whitelist_users:
- "unkinben"
approval_whitelist_teams:
- "Owners"
@@ -1,6 +1,7 @@
description: "Manage Gitea resources, teams, repos, and Woodpecker CI via Terraform" description: "Manage Gitea resources, teams, repos, and Woodpecker CI via Terraform"
private: false private: false
default_branch: "main" default_branch: "main"
woodpecker: true
branch_protection: branch_protection:
- rule_name: "main" - rule_name: "main"
enable_push: false enable_push: false
@@ -4,9 +4,6 @@ default_delete_branch_after_merge: false
branch_protection: branch_protection:
- rule_name: "main" - rule_name: "main"
enable_push: false enable_push: false
status_check_contexts:
- "ci/woodpecker/pr/pre-commit"
- "ci/woodpecker/pr/build"
- "ci/woodpecker/pr/test"
approval_whitelist_teams: approval_whitelist_teams:
- "Owners" - "Owners"
woodpecker: true
@@ -16,3 +16,4 @@ branch_protection:
- "unkinben" - "unkinben"
approval_whitelist_teams: approval_whitelist_teams:
- "Owners" - "Owners"
woodpecker: true
@@ -1,13 +0,0 @@
description: "forgebot maintainers"
permission: none
include_all_repositories: false
can_create_repos: false
repositories:
- forgebot
- forgebot-skills
- container-agent-base
- container-agent-dev
- container-agent-infra
members:
- unkinben
- benvin
+50 -25
View File
@@ -143,31 +143,6 @@ import {
id = "137" id = "137"
} }
import {
to = module.repository["git.unkin.net/unkin/forgebot"].gitea_repository.this
id = "139"
}
import {
to = module.repository["git.unkin.net/unkin/forgebot-skills"].gitea_repository.this
id = "140"
}
import {
to = module.repository["git.unkin.net/unkin/container-agent-base"].gitea_repository.this
id = "141"
}
import {
to = module.repository["git.unkin.net/unkin/container-agent-dev"].gitea_repository.this
id = "142"
}
import {
to = module.repository["git.unkin.net/unkin/container-agent-infra"].gitea_repository.this
id = "143"
}
import { import {
to = module.team["git.unkin.net/unkin/Owners"].gitea_team.this to = module.team["git.unkin.net/unkin/Owners"].gitea_team.this
id = "3" id = "3"
@@ -198,8 +173,58 @@ import {
id = "12" id = "12"
} }
import {
to = module.woodpecker_repository["git.unkin.net/unkin/puppet-prod"].woodpecker_repository.this
id = "unkin/puppet-prod"
}
import {
to = module.woodpecker_repository["git.unkin.net/unkin/puppet-r10k"].woodpecker_repository.this
id = "unkin/puppet-r10k"
}
import {
to = module.woodpecker_repository["git.unkin.net/unkin/terraform-vault"].woodpecker_repository.this
id = "unkin/terraform-vault"
}
import {
to = module.woodpecker_repository["git.unkin.net/unkin/rpmbuilder"].woodpecker_repository.this
id = "unkin/rpmbuilder"
}
import {
to = module.woodpecker_repository["git.unkin.net/unkin/artifactapi"].woodpecker_repository.this
id = "unkin/artifactapi"
}
import {
to = module.woodpecker_repository["git.unkin.net/unkin/argocd-apps"].woodpecker_repository.this
id = "unkin/argocd-apps"
}
import {
to = module.woodpecker_repository["git.unkin.net/unkin/certmanager"].woodpecker_repository.this
id = "unkin/certmanager"
}
import {
to = module.woodpecker_repository["git.unkin.net/unkin/node-lookup"].woodpecker_repository.this
id = "unkin/node-lookup"
}
import {
to = module.woodpecker_repository["git.unkin.net/unkin/terraform-provider-artifactapi"].woodpecker_repository.this
id = "unkin/terraform-provider-artifactapi"
}
import { import {
to = module.repository["git.unkin.net/unkin/terraform-git"].gitea_repository.this to = module.repository["git.unkin.net/unkin/terraform-git"].gitea_repository.this
id = "144" id = "144"
} }
import {
to = module.woodpecker_repository["git.unkin.net/unkin/terraform-git"].woodpecker_repository.this
id = "unkin/terraform-git"
}
+11 -5
View File
@@ -55,12 +55,18 @@ module "team" {
depends_on = [module.organisation, module.repository] depends_on = [module.organisation, module.repository]
} }
removed { module "woodpecker_repository" {
from = module.woodpecker_repository source = "./modules/woodpecker_repository"
lifecycle { for_each = {
destroy = false for k, v in var.repository : k => v
if try(v.woodpecker, false)
} }
full_name = "${each.value.organisation}/${each.value.name}"
visibility = each.value.private ? "private" : "public"
depends_on = [module.repository]
} }
module "branch_protection" { module "branch_protection" {
@@ -89,7 +95,7 @@ module "branch_protection" {
protected_file_patterns = each.value.protected_file_patterns protected_file_patterns = each.value.protected_file_patterns
unprotected_file_patterns = each.value.unprotected_file_patterns unprotected_file_patterns = each.value.unprotected_file_patterns
depends_on = [module.repository, module.team] depends_on = [module.repository]
} }
# TODO: enable when deploy keys are needed # TODO: enable when deploy keys are needed
@@ -6,10 +6,6 @@ resource "gitea_team" "this" {
include_all_repositories = var.include_all_repositories include_all_repositories = var.include_all_repositories
can_create_repos = var.can_create_repos can_create_repos = var.can_create_repos
repositories = var.repositories repositories = var.repositories
lifecycle {
ignore_changes = [permission]
}
} }
resource "gitea_team_members" "this" { resource "gitea_team_members" "this" {
@@ -0,0 +1,4 @@
resource "woodpecker_repository" "this" {
full_name = var.full_name
visibility = var.visibility
}
@@ -0,0 +1,9 @@
terraform {
required_version = ">= 1.10"
required_providers {
woodpecker = {
source = "Kichiyaki/woodpecker"
version = "0.5.0"
}
}
}
@@ -0,0 +1,8 @@
variable "full_name" {
type = string
}
variable "visibility" {
type = string
default = "internal"
}
+1
View File
@@ -32,6 +32,7 @@ variable "repository" {
repo_template = optional(bool) repo_template = optional(bool)
website = optional(string) website = optional(string)
autodetect_manual_merge = optional(bool) autodetect_manual_merge = optional(bool)
woodpecker = optional(bool, false)
})) }))
default = {} default = {}
} }