11 Commits

Author SHA1 Message Date
benvin 6b14486e5e Merge pull request 'feat: import forgebot and container-agent repos' (#5) from feat/import-new-repos into main
ci/woodpecker/push/apply Pipeline was successful
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/plan Pipeline was successful
Reviewed-on: #5
2026-06-12 00:35:31 +10:00
unkinben 99e2b124a6 feat: import forgebot and container-agent repos
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/plan Pipeline was successful
2026-06-12 00:33:58 +10:00
unkinben bd60fb3669 Add forgebot and forgebot-skills repos with branch protection
- forgebot: branch protection on main with pre-commit, test, build CI checks
- forgebot-skills: branch protection on main with validate CI check
- Both repos enabled for Woodpecker CI
2026-06-12 00:32:57 +10:00
benvin e5a69ea953 Merge pull request 'feat: only run apply when plan detects changes' (#4) from feat/conditional-apply into main
ci/woodpecker/push/apply Pipeline was successful
Reviewed-on: #4
2026-06-11 23:32:01 +10:00
unkinben dc9f3cd595 fix: remove unused deploy_key variable and duplicate required_providers
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/plan Pipeline was successful
2026-06-11 23:30:23 +10:00
unkinben 883faee35c style: tofu fmt alignment
ci/woodpecker/pr/pre-commit Pipeline failed
ci/woodpecker/pr/plan Pipeline failed
2026-06-11 23:28:02 +10:00
unkinben 8e3eac286c feat: add make pre-commit target
ci/woodpecker/pr/pre-commit Pipeline failed
ci/woodpecker/pr/plan Pipeline failed
2026-06-11 23:26:29 +10:00
unkinben 6203e4d0e2 fix: add terraform.tf for pre-commit validation
ci/woodpecker/pr/pre-commit Pipeline failed
ci/woodpecker/pr/plan Pipeline failed
Required for tofu-validate and tflint to work standalone
without the terragrunt-generated backend.tf.
2026-06-11 23:25:32 +10:00
unkinben 1b127941f8 feat: add terraform-git
ci/woodpecker/pr/pre-commit Pipeline failed
ci/woodpecker/pr/plan Pipeline was successful
- add new repo
- change write -> none
2026-06-11 23:23:29 +10:00
unkinben 1a5921d9b0 feat: only run apply when plan detects changes
ci/woodpecker/pr/pre-commit Pipeline failed
ci/woodpecker/pr/plan Pipeline was successful
2026-06-11 23:21:51 +10:00
benvin 148a9f4962 Merge pull request 'feat: initial terraform-git configuration' (#1) from feat/initial-config into main
ci/woodpecker/push/apply Pipeline was successful
Reviewed-on: #1
2026-06-11 00:23:16 +10:00
18 changed files with 99 additions and 39 deletions
+1 -2
View File
@@ -9,8 +9,7 @@ steps:
VAULT_AUTH_METHOD: kubernetes VAULT_AUTH_METHOD: kubernetes
commands: commands:
- dnf install vault -y - dnf install vault -y
- make plan - make apply-if-changes
- make apply
backend_options: backend_options:
kubernetes: kubernetes:
serviceAccountName: terraform-git serviceAccountName: terraform-git
+17 -1
View File
@@ -1,4 +1,4 @@
.PHONY: init plan apply format .PHONY: init plan apply apply-if-changes format pre-commit
VAULT_AUTH_METHOD ?= approle VAULT_AUTH_METHOD ?= approle
VAULT_K8S_ROLE ?= woodpecker_terraform_git VAULT_K8S_ROLE ?= woodpecker_terraform_git
@@ -25,6 +25,19 @@ plan: init
@$(call vault_env) && \ @$(call vault_env) && \
terragrunt run --all --parallelism 4 --non-interactive plan terragrunt run --all --parallelism 4 --non-interactive plan
apply-if-changes: init
@$(call vault_env) && \
terragrunt run --all --parallelism 4 --non-interactive plan -- -detailed-exitcode -out=tfplan; \
EXIT_CODE=$$?; \
if [ $$EXIT_CODE -eq 2 ]; then \
$(call vault_env) && \
terragrunt run --all --parallelism 2 --non-interactive apply -- tfplan; \
elif [ $$EXIT_CODE -eq 0 ]; then \
echo "No changes detected, skipping apply."; \
else \
exit $$EXIT_CODE; \
fi
apply: init apply: init
@$(call vault_env) && \ @$(call vault_env) && \
terragrunt run --all --parallelism 2 --non-interactive apply terragrunt run --all --parallelism 2 --non-interactive apply
@@ -34,3 +47,6 @@ format:
@tofu fmt -recursive . @tofu fmt -recursive .
@echo "Formatting Terragrunt files..." @echo "Formatting Terragrunt files..."
@terragrunt hcl fmt @terragrunt hcl fmt
pre-commit:
@uvx pre-commit run --all-files
@@ -0,0 +1,2 @@
description: "Base container image for forgebot agents"
private: false
@@ -0,0 +1,2 @@
description: "Dev toolchain container for forgebot agents"
private: false
@@ -0,0 +1,2 @@
description: "Infrastructure toolchain container for forgebot agents"
private: false
@@ -0,0 +1,2 @@
description: "Skill definitions for forgebot agents"
private: false
@@ -0,0 +1,2 @@
description: "K8s operator + API for AI agent dispatch from git forges"
private: false
@@ -0,0 +1,14 @@
description: "Manage Gitea resources, teams, repos, and Woodpecker CI via Terraform"
private: false
default_branch: "main"
woodpecker: true
branch_protection:
- rule_name: "main"
enable_push: false
status_check_contexts:
- "ci/woodpecker/pr/pre-commit"
- "ci/woodpecker/pr/plan"
approval_whitelist_users:
- "unkinben"
approval_whitelist_teams:
- "Owners"
+1 -1
View File
@@ -1,5 +1,5 @@
description: "manage docker related repositories" description: "manage docker related repositories"
permission: write permission: none
include_all_repositories: false include_all_repositories: false
can_create_repos: false can_create_repos: false
repositories: repositories:
+1 -1
View File
@@ -1,5 +1,5 @@
description: "owners of the puppet system" description: "owners of the puppet system"
permission: write permission: none
include_all_repositories: false include_all_repositories: false
can_create_repos: false can_create_repos: false
repositories: repositories:
+1 -1
View File
@@ -1,5 +1,5 @@
description: "Python package builers" description: "Python package builers"
permission: write permission: none
include_all_repositories: false include_all_repositories: false
can_create_repos: false can_create_repos: false
repositories: repositories:
@@ -1,5 +1,5 @@
description: "manage rpmbuild repos" description: "manage rpmbuild repos"
permission: write permission: none
include_all_repositories: false include_all_repositories: false
can_create_repos: false can_create_repos: false
repositories: repositories:
@@ -1,5 +1,5 @@
description: "terraform job maintainers" description: "terraform job maintainers"
permission: write permission: none
include_all_repositories: false include_all_repositories: false
can_create_repos: false can_create_repos: false
repositories: repositories:
-1
View File
@@ -20,6 +20,5 @@ inputs = {
organisation = local.config.organisation organisation = local.config.organisation
repository = local.config.repository repository = local.config.repository
branch_protection = local.config.branch_protection branch_protection = local.config.branch_protection
deploy_key = local.config.deploy_key
team = local.config.team team = local.config.team
} }
-15
View File
@@ -19,21 +19,6 @@ terraform {
lock = true lock = true
ca_file = "/etc/pki/tls/certs/ca-bundle.crt" ca_file = "/etc/pki/tls/certs/ca-bundle.crt"
} }
required_version = ">= 1.10"
required_providers {
gitea = {
source = "go-gitea/gitea"
version = "0.7.0"
}
woodpecker = {
source = "Kichiyaki/woodpecker"
version = "0.5.0"
}
consul = {
source = "hashicorp/consul"
version = "2.23.0"
}
}
} }
EOF EOF
} }
+36
View File
@@ -143,6 +143,31 @@ import {
id = "137" id = "137"
} }
import {
to = module.repository["git.unkin.net/unkin/forgebot"].gitea_repository.this
id = "139"
}
import {
to = module.repository["git.unkin.net/unkin/forgebot-skills"].gitea_repository.this
id = "140"
}
import {
to = module.repository["git.unkin.net/unkin/container-agent-base"].gitea_repository.this
id = "141"
}
import {
to = module.repository["git.unkin.net/unkin/container-agent-dev"].gitea_repository.this
id = "142"
}
import {
to = module.repository["git.unkin.net/unkin/container-agent-infra"].gitea_repository.this
id = "143"
}
import { import {
to = module.team["git.unkin.net/unkin/Owners"].gitea_team.this to = module.team["git.unkin.net/unkin/Owners"].gitea_team.this
id = "3" id = "3"
@@ -217,3 +242,14 @@ import {
to = module.woodpecker_repository["git.unkin.net/unkin/terraform-provider-artifactapi"].woodpecker_repository.this to = module.woodpecker_repository["git.unkin.net/unkin/terraform-provider-artifactapi"].woodpecker_repository.this
id = "unkin/terraform-provider-artifactapi" id = "unkin/terraform-provider-artifactapi"
} }
import {
to = module.repository["git.unkin.net/unkin/terraform-git"].gitea_repository.this
id = "144"
}
import {
to = module.woodpecker_repository["git.unkin.net/unkin/terraform-git"].woodpecker_repository.this
id = "unkin/terraform-git"
}
+13
View File
@@ -0,0 +1,13 @@
terraform {
required_version = ">= 1.10"
required_providers {
gitea = {
source = "go-gitea/gitea"
version = "0.7.0"
}
woodpecker = {
source = "Kichiyaki/woodpecker"
version = "0.5.0"
}
}
}
+3 -15
View File
@@ -15,8 +15,8 @@ variable "organisation" {
variable "repository" { variable "repository" {
description = "Map of repositories to create" description = "Map of repositories to create"
type = map(object({ type = map(object({
name = string name = string
organisation = string organisation = string
description = optional(string) description = optional(string)
private = optional(bool) private = optional(bool)
default_branch = optional(string) default_branch = optional(string)
@@ -32,7 +32,7 @@ variable "repository" {
repo_template = optional(bool) repo_template = optional(bool)
website = optional(string) website = optional(string)
autodetect_manual_merge = optional(bool) autodetect_manual_merge = optional(bool)
woodpecker = optional(bool, false) woodpecker = optional(bool, false)
})) }))
default = {} default = {}
} }
@@ -64,18 +64,6 @@ variable "branch_protection" {
default = {} default = {}
} }
variable "deploy_key" {
description = "Map of deploy keys to create"
type = map(object({
repository = string
organisation = string
gitea_url = string
title = string
key = string
read_only = optional(bool, true)
}))
default = {}
}
variable "team" { variable "team" {
description = "Map of teams to create" description = "Map of teams to create"