Compare commits
39 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 7bf810210f | |||
| a4967d0bbf | |||
| 773f734d8e | |||
| 4495339979 | |||
| d59d1244f3 | |||
| 043e73424c | |||
| 5cfbf60f65 | |||
| dfbb90a7dc | |||
| d1d00e5c47 | |||
| 93175707eb | |||
| a5d4b881a5 | |||
| a8d22b743a | |||
| eedb415419 | |||
| 0a3700db7a | |||
| 5a04fb4b22 | |||
| f4b3f9cd08 | |||
| 1469866329 | |||
| b1684b7cf8 | |||
| 5cd6659f59 | |||
| e000c1132f | |||
| af26cee479 | |||
| 85583a02ad | |||
| 3744ecd09f | |||
| 353d310bc8 | |||
| 571a9b2149 | |||
| dd31dc916c | |||
| 5afa850e45 | |||
| 236a94337a | |||
| 6b14486e5e | |||
| 99e2b124a6 | |||
| bd60fb3669 | |||
| e5a69ea953 | |||
| dc9f3cd595 | |||
| 883faee35c | |||
| 8e3eac286c | |||
| 6203e4d0e2 | |||
| 1b127941f8 | |||
| 1a5921d9b0 | |||
| 148a9f4962 |
@@ -9,7 +9,6 @@ steps:
|
|||||||
VAULT_AUTH_METHOD: kubernetes
|
VAULT_AUTH_METHOD: kubernetes
|
||||||
commands:
|
commands:
|
||||||
- dnf install vault -y
|
- dnf install vault -y
|
||||||
- make plan
|
|
||||||
- make apply
|
- make apply
|
||||||
backend_options:
|
backend_options:
|
||||||
kubernetes:
|
kubernetes:
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
.PHONY: init plan apply format
|
.PHONY: init plan apply apply-if-changes format pre-commit
|
||||||
|
|
||||||
VAULT_AUTH_METHOD ?= approle
|
VAULT_AUTH_METHOD ?= approle
|
||||||
VAULT_K8S_ROLE ?= woodpecker_terraform_git
|
VAULT_K8S_ROLE ?= woodpecker_terraform_git
|
||||||
@@ -25,6 +25,19 @@ plan: init
|
|||||||
@$(call vault_env) && \
|
@$(call vault_env) && \
|
||||||
terragrunt run --all --parallelism 4 --non-interactive plan
|
terragrunt run --all --parallelism 4 --non-interactive plan
|
||||||
|
|
||||||
|
apply-if-changes: init
|
||||||
|
@$(call vault_env) && \
|
||||||
|
terragrunt run --all --parallelism 4 --non-interactive plan -- -detailed-exitcode -out=tfplan; \
|
||||||
|
EXIT_CODE=$$?; \
|
||||||
|
if [ $$EXIT_CODE -eq 2 ]; then \
|
||||||
|
$(call vault_env) && \
|
||||||
|
terragrunt run --all --parallelism 2 --non-interactive apply -- tfplan; \
|
||||||
|
elif [ $$EXIT_CODE -eq 0 ]; then \
|
||||||
|
echo "No changes detected, skipping apply."; \
|
||||||
|
else \
|
||||||
|
exit $$EXIT_CODE; \
|
||||||
|
fi
|
||||||
|
|
||||||
apply: init
|
apply: init
|
||||||
@$(call vault_env) && \
|
@$(call vault_env) && \
|
||||||
terragrunt run --all --parallelism 2 --non-interactive apply
|
terragrunt run --all --parallelism 2 --non-interactive apply
|
||||||
@@ -34,3 +47,6 @@ format:
|
|||||||
@tofu fmt -recursive .
|
@tofu fmt -recursive .
|
||||||
@echo "Formatting Terragrunt files..."
|
@echo "Formatting Terragrunt files..."
|
||||||
@terragrunt hcl fmt
|
@terragrunt hcl fmt
|
||||||
|
|
||||||
|
pre-commit:
|
||||||
|
@uvx pre-commit run --all-files
|
||||||
|
|||||||
@@ -0,0 +1,16 @@
|
|||||||
|
description: "Simple API for showing a users age"
|
||||||
|
private: false
|
||||||
|
default_branch: "main"
|
||||||
|
default_delete_branch_after_merge: true
|
||||||
|
default_merge_style: "squash"
|
||||||
|
branch_protection:
|
||||||
|
- rule_name: "main"
|
||||||
|
enable_push: false
|
||||||
|
status_check_contexts:
|
||||||
|
- "ci/woodpecker/pr/pre-commit"
|
||||||
|
- "ci/woodpecker/pr/test"
|
||||||
|
- "ci/woodpecker/pr/build"
|
||||||
|
approval_whitelist_teams:
|
||||||
|
- "Owners"
|
||||||
|
merge_whitelist_teams:
|
||||||
|
- "Owners"
|
||||||
@@ -10,4 +10,3 @@ branch_protection:
|
|||||||
- "ci/woodpecker/pr/kubeconform"
|
- "ci/woodpecker/pr/kubeconform"
|
||||||
approval_whitelist_users:
|
approval_whitelist_users:
|
||||||
- "unkinben"
|
- "unkinben"
|
||||||
woodpecker: true
|
|
||||||
|
|||||||
@@ -12,4 +12,3 @@ branch_protection:
|
|||||||
- "ci/woodpecker/pr/build"
|
- "ci/woodpecker/pr/build"
|
||||||
approval_whitelist_users:
|
approval_whitelist_users:
|
||||||
- "unkinben"
|
- "unkinben"
|
||||||
woodpecker: true
|
|
||||||
|
|||||||
@@ -0,0 +1,14 @@
|
|||||||
|
description: "Kubernetes operator for managing BIND9 DNS clusters, zones, views, and TSIG keys"
|
||||||
|
private: false
|
||||||
|
default_branch: "main"
|
||||||
|
default_delete_branch_after_merge: true
|
||||||
|
default_merge_style: "squash"
|
||||||
|
branch_protection:
|
||||||
|
- rule_name: "main"
|
||||||
|
enable_push: false
|
||||||
|
status_check_contexts:
|
||||||
|
- "ci/woodpecker/pr/pre-commit"
|
||||||
|
- "ci/woodpecker/pr/test"
|
||||||
|
- "ci/woodpecker/pr/build"
|
||||||
|
approval_whitelist_teams:
|
||||||
|
- "Owners"
|
||||||
@@ -9,4 +9,3 @@ branch_protection:
|
|||||||
- "unkinben"
|
- "unkinben"
|
||||||
approval_whitelist_users:
|
approval_whitelist_users:
|
||||||
- "unkinben"
|
- "unkinben"
|
||||||
woodpecker: true
|
|
||||||
|
|||||||
@@ -0,0 +1,13 @@
|
|||||||
|
description: "Base container image for forgebot agents"
|
||||||
|
private: false
|
||||||
|
default_branch: "main"
|
||||||
|
default_delete_branch_after_merge: true
|
||||||
|
default_merge_style: "squash"
|
||||||
|
branch_protection:
|
||||||
|
- rule_name: "main"
|
||||||
|
enable_push: false
|
||||||
|
status_check_contexts:
|
||||||
|
- "ci/woodpecker/pr/build"
|
||||||
|
approval_whitelist_teams:
|
||||||
|
- "docker"
|
||||||
|
- "forgebot"
|
||||||
@@ -0,0 +1,13 @@
|
|||||||
|
description: "Dev toolchain container for forgebot agents"
|
||||||
|
private: false
|
||||||
|
default_branch: "main"
|
||||||
|
default_delete_branch_after_merge: true
|
||||||
|
default_merge_style: "squash"
|
||||||
|
branch_protection:
|
||||||
|
- rule_name: "main"
|
||||||
|
enable_push: false
|
||||||
|
status_check_contexts:
|
||||||
|
- "ci/woodpecker/pr/build"
|
||||||
|
approval_whitelist_teams:
|
||||||
|
- "docker"
|
||||||
|
- "forgebot"
|
||||||
@@ -0,0 +1,13 @@
|
|||||||
|
description: "Infrastructure toolchain container for forgebot agents"
|
||||||
|
private: false
|
||||||
|
default_branch: "main"
|
||||||
|
default_delete_branch_after_merge: true
|
||||||
|
default_merge_style: "squash"
|
||||||
|
branch_protection:
|
||||||
|
- rule_name: "main"
|
||||||
|
enable_push: false
|
||||||
|
status_check_contexts:
|
||||||
|
- "ci/woodpecker/pr/build"
|
||||||
|
approval_whitelist_teams:
|
||||||
|
- "docker"
|
||||||
|
- "forgebot"
|
||||||
@@ -0,0 +1,14 @@
|
|||||||
|
description: "Skill definitions for forgebot agents"
|
||||||
|
private: false
|
||||||
|
default_branch: "main"
|
||||||
|
default_delete_branch_after_merge: true
|
||||||
|
default_merge_style: "squash"
|
||||||
|
branch_protection:
|
||||||
|
- rule_name: "main"
|
||||||
|
enable_push: false
|
||||||
|
status_check_contexts:
|
||||||
|
- "ci/woodpecker/pr/validate"
|
||||||
|
approval_whitelist_teams:
|
||||||
|
- "forgebot"
|
||||||
|
merge_whitelist_teams:
|
||||||
|
- "forgebot"
|
||||||
@@ -0,0 +1,16 @@
|
|||||||
|
description: "K8s operator + API for AI agent dispatch from git forges"
|
||||||
|
private: false
|
||||||
|
default_branch: "main"
|
||||||
|
default_delete_branch_after_merge: true
|
||||||
|
default_merge_style: "squash"
|
||||||
|
branch_protection:
|
||||||
|
- rule_name: "main"
|
||||||
|
enable_push: false
|
||||||
|
status_check_contexts:
|
||||||
|
- "ci/woodpecker/pr/pre-commit"
|
||||||
|
- "ci/woodpecker/pr/test"
|
||||||
|
- "ci/woodpecker/pr/build"
|
||||||
|
approval_whitelist_teams:
|
||||||
|
- "forgebot"
|
||||||
|
merge_whitelist_teams:
|
||||||
|
- "forgebot"
|
||||||
@@ -12,4 +12,3 @@ branch_protection:
|
|||||||
- "ci/woodpecker/pr/unit-tests"
|
- "ci/woodpecker/pr/unit-tests"
|
||||||
approval_whitelist_users:
|
approval_whitelist_users:
|
||||||
- "unkinben"
|
- "unkinben"
|
||||||
woodpecker: true
|
|
||||||
|
|||||||
@@ -35,4 +35,3 @@ branch_protection:
|
|||||||
- "ci/woodpecker/pr/yamllint"
|
- "ci/woodpecker/pr/yamllint"
|
||||||
approval_whitelist_teams:
|
approval_whitelist_teams:
|
||||||
- "puppet"
|
- "puppet"
|
||||||
woodpecker: true
|
|
||||||
|
|||||||
@@ -13,4 +13,3 @@ branch_protection:
|
|||||||
approval_whitelist_teams:
|
approval_whitelist_teams:
|
||||||
- "puppet"
|
- "puppet"
|
||||||
block_on_rejected_reviews: true
|
block_on_rejected_reviews: true
|
||||||
woodpecker: true
|
|
||||||
|
|||||||
@@ -18,4 +18,3 @@ branch_protection:
|
|||||||
approval_whitelist_teams:
|
approval_whitelist_teams:
|
||||||
- "rpmbuild"
|
- "rpmbuild"
|
||||||
block_on_rejected_reviews: true
|
block_on_rejected_reviews: true
|
||||||
woodpecker: true
|
|
||||||
|
|||||||
@@ -0,0 +1,18 @@
|
|||||||
|
description: "Terraform configuration for managing ArtifactAPI remote and virtual repositories"
|
||||||
|
private: false
|
||||||
|
default_branch: "main"
|
||||||
|
default_delete_branch_after_merge: true
|
||||||
|
default_merge_style: "squash"
|
||||||
|
branch_protection:
|
||||||
|
- rule_name: "main"
|
||||||
|
enable_push: false
|
||||||
|
merge_whitelist_users:
|
||||||
|
- "benvin"
|
||||||
|
- "unkinben"
|
||||||
|
status_check_contexts:
|
||||||
|
- "ci/woodpecker/pr/pre-commit"
|
||||||
|
- "ci/woodpecker/pr/plan"
|
||||||
|
approval_whitelist_users:
|
||||||
|
- "unkinben"
|
||||||
|
approval_whitelist_teams:
|
||||||
|
- "Owners"
|
||||||
@@ -0,0 +1,18 @@
|
|||||||
|
description: "Terraform configuration for managing Authentik identity provider"
|
||||||
|
private: false
|
||||||
|
default_branch: "main"
|
||||||
|
default_delete_branch_after_merge: true
|
||||||
|
default_merge_style: "squash"
|
||||||
|
branch_protection:
|
||||||
|
- rule_name: "main"
|
||||||
|
enable_push: false
|
||||||
|
merge_whitelist_users:
|
||||||
|
- "benvin"
|
||||||
|
- "unkinben"
|
||||||
|
status_check_contexts:
|
||||||
|
- "ci/woodpecker/pr/pre-commit"
|
||||||
|
- "ci/woodpecker/pr/plan"
|
||||||
|
approval_whitelist_users:
|
||||||
|
- "unkinben"
|
||||||
|
approval_whitelist_teams:
|
||||||
|
- "Owners"
|
||||||
@@ -0,0 +1,13 @@
|
|||||||
|
description: "Manage Gitea resources, teams, repos, and Woodpecker CI via Terraform"
|
||||||
|
private: false
|
||||||
|
default_branch: "main"
|
||||||
|
branch_protection:
|
||||||
|
- rule_name: "main"
|
||||||
|
enable_push: false
|
||||||
|
status_check_contexts:
|
||||||
|
- "ci/woodpecker/pr/pre-commit"
|
||||||
|
- "ci/woodpecker/pr/plan"
|
||||||
|
approval_whitelist_users:
|
||||||
|
- "unkinben"
|
||||||
|
approval_whitelist_teams:
|
||||||
|
- "Owners"
|
||||||
@@ -4,6 +4,9 @@ default_delete_branch_after_merge: false
|
|||||||
branch_protection:
|
branch_protection:
|
||||||
- rule_name: "main"
|
- rule_name: "main"
|
||||||
enable_push: false
|
enable_push: false
|
||||||
|
status_check_contexts:
|
||||||
|
- "ci/woodpecker/pr/pre-commit"
|
||||||
|
- "ci/woodpecker/pr/build"
|
||||||
|
- "ci/woodpecker/pr/test"
|
||||||
approval_whitelist_teams:
|
approval_whitelist_teams:
|
||||||
- "Owners"
|
- "Owners"
|
||||||
woodpecker: true
|
|
||||||
|
|||||||
@@ -0,0 +1,18 @@
|
|||||||
|
description: "Terraform provider for the Vault/OpenBao LiteLLM dynamic secrets engine (litellmvaultsecret)"
|
||||||
|
private: false
|
||||||
|
default_branch: "main"
|
||||||
|
# Squash-only: the gitea provider has no "default merge style", so we restrict
|
||||||
|
# the allowed styles to squash to force it.
|
||||||
|
allow_merge_commits: false
|
||||||
|
allow_rebase: false
|
||||||
|
allow_rebase_explicit: false
|
||||||
|
allow_squash_merge: true
|
||||||
|
branch_protection:
|
||||||
|
- rule_name: "main"
|
||||||
|
enable_push: false
|
||||||
|
status_check_contexts:
|
||||||
|
- "ci/woodpecker/pr/pre-commit"
|
||||||
|
- "ci/woodpecker/pr/build"
|
||||||
|
- "ci/woodpecker/pr/test"
|
||||||
|
approval_whitelist_teams:
|
||||||
|
- "Owners"
|
||||||
@@ -0,0 +1,18 @@
|
|||||||
|
description: "Terraform configuration for managing Prowlarr indexer automation"
|
||||||
|
private: false
|
||||||
|
default_branch: "main"
|
||||||
|
default_delete_branch_after_merge: true
|
||||||
|
default_merge_style: "squash"
|
||||||
|
branch_protection:
|
||||||
|
- rule_name: "main"
|
||||||
|
enable_push: false
|
||||||
|
merge_whitelist_users:
|
||||||
|
- "benvin"
|
||||||
|
- "unkinben"
|
||||||
|
status_check_contexts:
|
||||||
|
- "ci/woodpecker/pr/pre-commit"
|
||||||
|
- "ci/woodpecker/pr/plan"
|
||||||
|
approval_whitelist_users:
|
||||||
|
- "unkinben"
|
||||||
|
approval_whitelist_teams:
|
||||||
|
- "Owners"
|
||||||
@@ -0,0 +1,18 @@
|
|||||||
|
description: "Terraform configuration for managing Radarr movie automation"
|
||||||
|
private: false
|
||||||
|
default_branch: "main"
|
||||||
|
default_delete_branch_after_merge: true
|
||||||
|
default_merge_style: "squash"
|
||||||
|
branch_protection:
|
||||||
|
- rule_name: "main"
|
||||||
|
enable_push: false
|
||||||
|
merge_whitelist_users:
|
||||||
|
- "benvin"
|
||||||
|
- "unkinben"
|
||||||
|
status_check_contexts:
|
||||||
|
- "ci/woodpecker/pr/pre-commit"
|
||||||
|
- "ci/woodpecker/pr/plan"
|
||||||
|
approval_whitelist_users:
|
||||||
|
- "unkinben"
|
||||||
|
approval_whitelist_teams:
|
||||||
|
- "Owners"
|
||||||
@@ -0,0 +1,18 @@
|
|||||||
|
description: "Terraform configuration for managing Sonarr TV automation"
|
||||||
|
private: false
|
||||||
|
default_branch: "main"
|
||||||
|
default_delete_branch_after_merge: true
|
||||||
|
default_merge_style: "squash"
|
||||||
|
branch_protection:
|
||||||
|
- rule_name: "main"
|
||||||
|
enable_push: false
|
||||||
|
merge_whitelist_users:
|
||||||
|
- "benvin"
|
||||||
|
- "unkinben"
|
||||||
|
status_check_contexts:
|
||||||
|
- "ci/woodpecker/pr/pre-commit"
|
||||||
|
- "ci/woodpecker/pr/plan"
|
||||||
|
approval_whitelist_users:
|
||||||
|
- "unkinben"
|
||||||
|
approval_whitelist_teams:
|
||||||
|
- "Owners"
|
||||||
@@ -16,4 +16,3 @@ branch_protection:
|
|||||||
- "unkinben"
|
- "unkinben"
|
||||||
approval_whitelist_teams:
|
approval_whitelist_teams:
|
||||||
- "Owners"
|
- "Owners"
|
||||||
woodpecker: true
|
|
||||||
|
|||||||
@@ -0,0 +1,8 @@
|
|||||||
|
description: "Spiritual successor to shorewall — nftables firewall manager using google/nftables"
|
||||||
|
private: false
|
||||||
|
default_branch: "main"
|
||||||
|
default_delete_branch_after_merge: true
|
||||||
|
default_merge_style: "squash"
|
||||||
|
branch_protection:
|
||||||
|
- rule_name: "main"
|
||||||
|
enable_push: false
|
||||||
@@ -0,0 +1,18 @@
|
|||||||
|
description: "HashiCorp Vault / OpenBao dynamic secrets engine for LiteLLM virtual keys"
|
||||||
|
private: false
|
||||||
|
default_branch: "main"
|
||||||
|
# Squash-only: the gitea provider has no "default merge style", so we restrict
|
||||||
|
# the allowed styles to squash to force it.
|
||||||
|
allow_merge_commits: false
|
||||||
|
allow_rebase: false
|
||||||
|
allow_rebase_explicit: false
|
||||||
|
allow_squash_merge: true
|
||||||
|
branch_protection:
|
||||||
|
- rule_name: "main"
|
||||||
|
enable_push: false
|
||||||
|
status_check_contexts:
|
||||||
|
- "ci/woodpecker/pr/pre-commit"
|
||||||
|
- "ci/woodpecker/pr/build"
|
||||||
|
- "ci/woodpecker/pr/test"
|
||||||
|
approval_whitelist_teams:
|
||||||
|
- "Owners"
|
||||||
@@ -1,5 +1,5 @@
|
|||||||
description: "manage docker related repositories"
|
description: "manage docker related repositories"
|
||||||
permission: write
|
permission: none
|
||||||
include_all_repositories: false
|
include_all_repositories: false
|
||||||
can_create_repos: false
|
can_create_repos: false
|
||||||
repositories:
|
repositories:
|
||||||
|
|||||||
@@ -0,0 +1,13 @@
|
|||||||
|
description: "forgebot maintainers"
|
||||||
|
permission: none
|
||||||
|
include_all_repositories: false
|
||||||
|
can_create_repos: false
|
||||||
|
repositories:
|
||||||
|
- forgebot
|
||||||
|
- forgebot-skills
|
||||||
|
- container-agent-base
|
||||||
|
- container-agent-dev
|
||||||
|
- container-agent-infra
|
||||||
|
members:
|
||||||
|
- unkinben
|
||||||
|
- benvin
|
||||||
@@ -1,5 +1,5 @@
|
|||||||
description: "owners of the puppet system"
|
description: "owners of the puppet system"
|
||||||
permission: write
|
permission: none
|
||||||
include_all_repositories: false
|
include_all_repositories: false
|
||||||
can_create_repos: false
|
can_create_repos: false
|
||||||
repositories:
|
repositories:
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
description: "Python package builers"
|
description: "Python package builers"
|
||||||
permission: write
|
permission: none
|
||||||
include_all_repositories: false
|
include_all_repositories: false
|
||||||
can_create_repos: false
|
can_create_repos: false
|
||||||
repositories:
|
repositories:
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
description: "manage rpmbuild repos"
|
description: "manage rpmbuild repos"
|
||||||
permission: write
|
permission: none
|
||||||
include_all_repositories: false
|
include_all_repositories: false
|
||||||
can_create_repos: false
|
can_create_repos: false
|
||||||
repositories:
|
repositories:
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
description: "terraform job maintainers"
|
description: "terraform job maintainers"
|
||||||
permission: write
|
permission: none
|
||||||
include_all_repositories: false
|
include_all_repositories: false
|
||||||
can_create_repos: false
|
can_create_repos: false
|
||||||
repositories:
|
repositories:
|
||||||
|
|||||||
@@ -20,6 +20,5 @@ inputs = {
|
|||||||
organisation = local.config.organisation
|
organisation = local.config.organisation
|
||||||
repository = local.config.repository
|
repository = local.config.repository
|
||||||
branch_protection = local.config.branch_protection
|
branch_protection = local.config.branch_protection
|
||||||
deploy_key = local.config.deploy_key
|
|
||||||
team = local.config.team
|
team = local.config.team
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -19,21 +19,6 @@ terraform {
|
|||||||
lock = true
|
lock = true
|
||||||
ca_file = "/etc/pki/tls/certs/ca-bundle.crt"
|
ca_file = "/etc/pki/tls/certs/ca-bundle.crt"
|
||||||
}
|
}
|
||||||
required_version = ">= 1.10"
|
|
||||||
required_providers {
|
|
||||||
gitea = {
|
|
||||||
source = "go-gitea/gitea"
|
|
||||||
version = "0.7.0"
|
|
||||||
}
|
|
||||||
woodpecker = {
|
|
||||||
source = "Kichiyaki/woodpecker"
|
|
||||||
version = "0.5.0"
|
|
||||||
}
|
|
||||||
consul = {
|
|
||||||
source = "hashicorp/consul"
|
|
||||||
version = "2.23.0"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -143,6 +143,31 @@ import {
|
|||||||
id = "137"
|
id = "137"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
import {
|
||||||
|
to = module.repository["git.unkin.net/unkin/forgebot"].gitea_repository.this
|
||||||
|
id = "139"
|
||||||
|
}
|
||||||
|
|
||||||
|
import {
|
||||||
|
to = module.repository["git.unkin.net/unkin/forgebot-skills"].gitea_repository.this
|
||||||
|
id = "140"
|
||||||
|
}
|
||||||
|
|
||||||
|
import {
|
||||||
|
to = module.repository["git.unkin.net/unkin/container-agent-base"].gitea_repository.this
|
||||||
|
id = "141"
|
||||||
|
}
|
||||||
|
|
||||||
|
import {
|
||||||
|
to = module.repository["git.unkin.net/unkin/container-agent-dev"].gitea_repository.this
|
||||||
|
id = "142"
|
||||||
|
}
|
||||||
|
|
||||||
|
import {
|
||||||
|
to = module.repository["git.unkin.net/unkin/container-agent-infra"].gitea_repository.this
|
||||||
|
id = "143"
|
||||||
|
}
|
||||||
|
|
||||||
import {
|
import {
|
||||||
to = module.team["git.unkin.net/unkin/Owners"].gitea_team.this
|
to = module.team["git.unkin.net/unkin/Owners"].gitea_team.this
|
||||||
id = "3"
|
id = "3"
|
||||||
@@ -174,46 +199,7 @@ import {
|
|||||||
}
|
}
|
||||||
|
|
||||||
import {
|
import {
|
||||||
to = module.woodpecker_repository["git.unkin.net/unkin/puppet-prod"].woodpecker_repository.this
|
to = module.repository["git.unkin.net/unkin/terraform-git"].gitea_repository.this
|
||||||
id = "unkin/puppet-prod"
|
id = "144"
|
||||||
}
|
}
|
||||||
|
|
||||||
import {
|
|
||||||
to = module.woodpecker_repository["git.unkin.net/unkin/puppet-r10k"].woodpecker_repository.this
|
|
||||||
id = "unkin/puppet-r10k"
|
|
||||||
}
|
|
||||||
|
|
||||||
import {
|
|
||||||
to = module.woodpecker_repository["git.unkin.net/unkin/terraform-vault"].woodpecker_repository.this
|
|
||||||
id = "unkin/terraform-vault"
|
|
||||||
}
|
|
||||||
|
|
||||||
import {
|
|
||||||
to = module.woodpecker_repository["git.unkin.net/unkin/rpmbuilder"].woodpecker_repository.this
|
|
||||||
id = "unkin/rpmbuilder"
|
|
||||||
}
|
|
||||||
|
|
||||||
import {
|
|
||||||
to = module.woodpecker_repository["git.unkin.net/unkin/artifactapi"].woodpecker_repository.this
|
|
||||||
id = "unkin/artifactapi"
|
|
||||||
}
|
|
||||||
|
|
||||||
import {
|
|
||||||
to = module.woodpecker_repository["git.unkin.net/unkin/argocd-apps"].woodpecker_repository.this
|
|
||||||
id = "unkin/argocd-apps"
|
|
||||||
}
|
|
||||||
|
|
||||||
import {
|
|
||||||
to = module.woodpecker_repository["git.unkin.net/unkin/certmanager"].woodpecker_repository.this
|
|
||||||
id = "unkin/certmanager"
|
|
||||||
}
|
|
||||||
|
|
||||||
import {
|
|
||||||
to = module.woodpecker_repository["git.unkin.net/unkin/node-lookup"].woodpecker_repository.this
|
|
||||||
id = "unkin/node-lookup"
|
|
||||||
}
|
|
||||||
|
|
||||||
import {
|
|
||||||
to = module.woodpecker_repository["git.unkin.net/unkin/terraform-provider-artifactapi"].woodpecker_repository.this
|
|
||||||
id = "unkin/terraform-provider-artifactapi"
|
|
||||||
}
|
|
||||||
|
|||||||
@@ -55,18 +55,12 @@ module "team" {
|
|||||||
depends_on = [module.organisation, module.repository]
|
depends_on = [module.organisation, module.repository]
|
||||||
}
|
}
|
||||||
|
|
||||||
module "woodpecker_repository" {
|
removed {
|
||||||
source = "./modules/woodpecker_repository"
|
from = module.woodpecker_repository
|
||||||
|
|
||||||
for_each = {
|
lifecycle {
|
||||||
for k, v in var.repository : k => v
|
destroy = false
|
||||||
if try(v.woodpecker, false)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
full_name = "${each.value.organisation}/${each.value.name}"
|
|
||||||
visibility = each.value.private ? "private" : "public"
|
|
||||||
|
|
||||||
depends_on = [module.repository]
|
|
||||||
}
|
}
|
||||||
|
|
||||||
module "branch_protection" {
|
module "branch_protection" {
|
||||||
@@ -95,7 +89,7 @@ module "branch_protection" {
|
|||||||
protected_file_patterns = each.value.protected_file_patterns
|
protected_file_patterns = each.value.protected_file_patterns
|
||||||
unprotected_file_patterns = each.value.unprotected_file_patterns
|
unprotected_file_patterns = each.value.unprotected_file_patterns
|
||||||
|
|
||||||
depends_on = [module.repository]
|
depends_on = [module.repository, module.team]
|
||||||
}
|
}
|
||||||
|
|
||||||
# TODO: enable when deploy keys are needed
|
# TODO: enable when deploy keys are needed
|
||||||
|
|||||||
@@ -6,6 +6,10 @@ resource "gitea_team" "this" {
|
|||||||
include_all_repositories = var.include_all_repositories
|
include_all_repositories = var.include_all_repositories
|
||||||
can_create_repos = var.can_create_repos
|
can_create_repos = var.can_create_repos
|
||||||
repositories = var.repositories
|
repositories = var.repositories
|
||||||
|
|
||||||
|
lifecycle {
|
||||||
|
ignore_changes = [permission]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "gitea_team_members" "this" {
|
resource "gitea_team_members" "this" {
|
||||||
|
|||||||
@@ -1,4 +0,0 @@
|
|||||||
resource "woodpecker_repository" "this" {
|
|
||||||
full_name = var.full_name
|
|
||||||
visibility = var.visibility
|
|
||||||
}
|
|
||||||
@@ -1,8 +0,0 @@
|
|||||||
variable "full_name" {
|
|
||||||
type = string
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "visibility" {
|
|
||||||
type = string
|
|
||||||
default = "internal"
|
|
||||||
}
|
|
||||||
+4
@@ -1,6 +1,10 @@
|
|||||||
terraform {
|
terraform {
|
||||||
required_version = ">= 1.10"
|
required_version = ">= 1.10"
|
||||||
required_providers {
|
required_providers {
|
||||||
|
gitea = {
|
||||||
|
source = "go-gitea/gitea"
|
||||||
|
version = "0.7.0"
|
||||||
|
}
|
||||||
woodpecker = {
|
woodpecker = {
|
||||||
source = "Kichiyaki/woodpecker"
|
source = "Kichiyaki/woodpecker"
|
||||||
version = "0.5.0"
|
version = "0.5.0"
|
||||||
@@ -32,7 +32,6 @@ variable "repository" {
|
|||||||
repo_template = optional(bool)
|
repo_template = optional(bool)
|
||||||
website = optional(string)
|
website = optional(string)
|
||||||
autodetect_manual_merge = optional(bool)
|
autodetect_manual_merge = optional(bool)
|
||||||
woodpecker = optional(bool, false)
|
|
||||||
}))
|
}))
|
||||||
default = {}
|
default = {}
|
||||||
}
|
}
|
||||||
@@ -64,18 +63,6 @@ variable "branch_protection" {
|
|||||||
default = {}
|
default = {}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "deploy_key" {
|
|
||||||
description = "Map of deploy keys to create"
|
|
||||||
type = map(object({
|
|
||||||
repository = string
|
|
||||||
organisation = string
|
|
||||||
gitea_url = string
|
|
||||||
title = string
|
|
||||||
key = string
|
|
||||||
read_only = optional(bool, true)
|
|
||||||
}))
|
|
||||||
default = {}
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "team" {
|
variable "team" {
|
||||||
description = "Map of teams to create"
|
description = "Map of teams to create"
|
||||||
|
|||||||
Reference in New Issue
Block a user