Compare commits
26 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 773f734d8e | |||
| 4495339979 | |||
| d59d1244f3 | |||
| 043e73424c | |||
| 5cfbf60f65 | |||
| dfbb90a7dc | |||
| d1d00e5c47 | |||
| 93175707eb | |||
| a5d4b881a5 | |||
| a8d22b743a | |||
| eedb415419 | |||
| 0a3700db7a | |||
| 5a04fb4b22 | |||
| f4b3f9cd08 | |||
| 1469866329 | |||
| b1684b7cf8 | |||
| 5cd6659f59 | |||
| e000c1132f | |||
| af26cee479 | |||
| 85583a02ad | |||
| 3744ecd09f | |||
| 353d310bc8 | |||
| 571a9b2149 | |||
| dd31dc916c | |||
| 5afa850e45 | |||
| 236a94337a |
@@ -9,7 +9,7 @@ steps:
|
||||
VAULT_AUTH_METHOD: kubernetes
|
||||
commands:
|
||||
- dnf install vault -y
|
||||
- make apply-if-changes
|
||||
- make apply
|
||||
backend_options:
|
||||
kubernetes:
|
||||
serviceAccountName: terraform-git
|
||||
|
||||
@@ -0,0 +1,16 @@
|
||||
description: "Simple API for showing a users age"
|
||||
private: false
|
||||
default_branch: "main"
|
||||
default_delete_branch_after_merge: true
|
||||
default_merge_style: "squash"
|
||||
branch_protection:
|
||||
- rule_name: "main"
|
||||
enable_push: false
|
||||
status_check_contexts:
|
||||
- "ci/woodpecker/pr/pre-commit"
|
||||
- "ci/woodpecker/pr/test"
|
||||
- "ci/woodpecker/pr/build"
|
||||
approval_whitelist_teams:
|
||||
- "Owners"
|
||||
merge_whitelist_teams:
|
||||
- "Owners"
|
||||
@@ -10,4 +10,3 @@ branch_protection:
|
||||
- "ci/woodpecker/pr/kubeconform"
|
||||
approval_whitelist_users:
|
||||
- "unkinben"
|
||||
woodpecker: true
|
||||
|
||||
@@ -12,4 +12,3 @@ branch_protection:
|
||||
- "ci/woodpecker/pr/build"
|
||||
approval_whitelist_users:
|
||||
- "unkinben"
|
||||
woodpecker: true
|
||||
|
||||
@@ -9,4 +9,3 @@ branch_protection:
|
||||
- "unkinben"
|
||||
approval_whitelist_users:
|
||||
- "unkinben"
|
||||
woodpecker: true
|
||||
|
||||
@@ -1,2 +1,13 @@
|
||||
description: "Base container image for forgebot agents"
|
||||
private: false
|
||||
default_branch: "main"
|
||||
default_delete_branch_after_merge: true
|
||||
default_merge_style: "squash"
|
||||
branch_protection:
|
||||
- rule_name: "main"
|
||||
enable_push: false
|
||||
status_check_contexts:
|
||||
- "ci/woodpecker/pr/build"
|
||||
approval_whitelist_teams:
|
||||
- "docker"
|
||||
- "forgebot"
|
||||
|
||||
@@ -1,2 +1,13 @@
|
||||
description: "Dev toolchain container for forgebot agents"
|
||||
private: false
|
||||
default_branch: "main"
|
||||
default_delete_branch_after_merge: true
|
||||
default_merge_style: "squash"
|
||||
branch_protection:
|
||||
- rule_name: "main"
|
||||
enable_push: false
|
||||
status_check_contexts:
|
||||
- "ci/woodpecker/pr/build"
|
||||
approval_whitelist_teams:
|
||||
- "docker"
|
||||
- "forgebot"
|
||||
|
||||
@@ -1,2 +1,13 @@
|
||||
description: "Infrastructure toolchain container for forgebot agents"
|
||||
private: false
|
||||
default_branch: "main"
|
||||
default_delete_branch_after_merge: true
|
||||
default_merge_style: "squash"
|
||||
branch_protection:
|
||||
- rule_name: "main"
|
||||
enable_push: false
|
||||
status_check_contexts:
|
||||
- "ci/woodpecker/pr/build"
|
||||
approval_whitelist_teams:
|
||||
- "docker"
|
||||
- "forgebot"
|
||||
|
||||
@@ -1,2 +1,14 @@
|
||||
description: "Skill definitions for forgebot agents"
|
||||
private: false
|
||||
default_branch: "main"
|
||||
default_delete_branch_after_merge: true
|
||||
default_merge_style: "squash"
|
||||
branch_protection:
|
||||
- rule_name: "main"
|
||||
enable_push: false
|
||||
status_check_contexts:
|
||||
- "ci/woodpecker/pr/validate"
|
||||
approval_whitelist_teams:
|
||||
- "forgebot"
|
||||
merge_whitelist_teams:
|
||||
- "forgebot"
|
||||
|
||||
@@ -1,2 +1,16 @@
|
||||
description: "K8s operator + API for AI agent dispatch from git forges"
|
||||
private: false
|
||||
default_branch: "main"
|
||||
default_delete_branch_after_merge: true
|
||||
default_merge_style: "squash"
|
||||
branch_protection:
|
||||
- rule_name: "main"
|
||||
enable_push: false
|
||||
status_check_contexts:
|
||||
- "ci/woodpecker/pr/pre-commit"
|
||||
- "ci/woodpecker/pr/test"
|
||||
- "ci/woodpecker/pr/build"
|
||||
approval_whitelist_teams:
|
||||
- "forgebot"
|
||||
merge_whitelist_teams:
|
||||
- "forgebot"
|
||||
|
||||
@@ -12,4 +12,3 @@ branch_protection:
|
||||
- "ci/woodpecker/pr/unit-tests"
|
||||
approval_whitelist_users:
|
||||
- "unkinben"
|
||||
woodpecker: true
|
||||
|
||||
@@ -35,4 +35,3 @@ branch_protection:
|
||||
- "ci/woodpecker/pr/yamllint"
|
||||
approval_whitelist_teams:
|
||||
- "puppet"
|
||||
woodpecker: true
|
||||
|
||||
@@ -13,4 +13,3 @@ branch_protection:
|
||||
approval_whitelist_teams:
|
||||
- "puppet"
|
||||
block_on_rejected_reviews: true
|
||||
woodpecker: true
|
||||
|
||||
@@ -18,4 +18,3 @@ branch_protection:
|
||||
approval_whitelist_teams:
|
||||
- "rpmbuild"
|
||||
block_on_rejected_reviews: true
|
||||
woodpecker: true
|
||||
|
||||
@@ -0,0 +1,18 @@
|
||||
description: "Terraform configuration for managing ArtifactAPI remote and virtual repositories"
|
||||
private: false
|
||||
default_branch: "main"
|
||||
default_delete_branch_after_merge: true
|
||||
default_merge_style: "squash"
|
||||
branch_protection:
|
||||
- rule_name: "main"
|
||||
enable_push: false
|
||||
merge_whitelist_users:
|
||||
- "benvin"
|
||||
- "unkinben"
|
||||
status_check_contexts:
|
||||
- "ci/woodpecker/pr/pre-commit"
|
||||
- "ci/woodpecker/pr/plan"
|
||||
approval_whitelist_users:
|
||||
- "unkinben"
|
||||
approval_whitelist_teams:
|
||||
- "Owners"
|
||||
@@ -0,0 +1,18 @@
|
||||
description: "Terraform configuration for managing Authentik identity provider"
|
||||
private: false
|
||||
default_branch: "main"
|
||||
default_delete_branch_after_merge: true
|
||||
default_merge_style: "squash"
|
||||
branch_protection:
|
||||
- rule_name: "main"
|
||||
enable_push: false
|
||||
merge_whitelist_users:
|
||||
- "benvin"
|
||||
- "unkinben"
|
||||
status_check_contexts:
|
||||
- "ci/woodpecker/pr/pre-commit"
|
||||
- "ci/woodpecker/pr/plan"
|
||||
approval_whitelist_users:
|
||||
- "unkinben"
|
||||
approval_whitelist_teams:
|
||||
- "Owners"
|
||||
@@ -1,7 +1,6 @@
|
||||
description: "Manage Gitea resources, teams, repos, and Woodpecker CI via Terraform"
|
||||
private: false
|
||||
default_branch: "main"
|
||||
woodpecker: true
|
||||
branch_protection:
|
||||
- rule_name: "main"
|
||||
enable_push: false
|
||||
|
||||
@@ -4,6 +4,9 @@ default_delete_branch_after_merge: false
|
||||
branch_protection:
|
||||
- rule_name: "main"
|
||||
enable_push: false
|
||||
status_check_contexts:
|
||||
- "ci/woodpecker/pr/pre-commit"
|
||||
- "ci/woodpecker/pr/build"
|
||||
- "ci/woodpecker/pr/test"
|
||||
approval_whitelist_teams:
|
||||
- "Owners"
|
||||
woodpecker: true
|
||||
|
||||
@@ -0,0 +1,18 @@
|
||||
description: "Terraform provider for the Vault/OpenBao LiteLLM dynamic secrets engine (litellmvaultsecret)"
|
||||
private: false
|
||||
default_branch: "main"
|
||||
# Squash-only: the gitea provider has no "default merge style", so we restrict
|
||||
# the allowed styles to squash to force it.
|
||||
allow_merge_commits: false
|
||||
allow_rebase: false
|
||||
allow_rebase_explicit: false
|
||||
allow_squash_merge: true
|
||||
branch_protection:
|
||||
- rule_name: "main"
|
||||
enable_push: false
|
||||
status_check_contexts:
|
||||
- "ci/woodpecker/pr/pre-commit"
|
||||
- "ci/woodpecker/pr/build"
|
||||
- "ci/woodpecker/pr/test"
|
||||
approval_whitelist_teams:
|
||||
- "Owners"
|
||||
@@ -0,0 +1,18 @@
|
||||
description: "Terraform configuration for managing Prowlarr indexer automation"
|
||||
private: false
|
||||
default_branch: "main"
|
||||
default_delete_branch_after_merge: true
|
||||
default_merge_style: "squash"
|
||||
branch_protection:
|
||||
- rule_name: "main"
|
||||
enable_push: false
|
||||
merge_whitelist_users:
|
||||
- "benvin"
|
||||
- "unkinben"
|
||||
status_check_contexts:
|
||||
- "ci/woodpecker/pr/pre-commit"
|
||||
- "ci/woodpecker/pr/plan"
|
||||
approval_whitelist_users:
|
||||
- "unkinben"
|
||||
approval_whitelist_teams:
|
||||
- "Owners"
|
||||
@@ -0,0 +1,18 @@
|
||||
description: "Terraform configuration for managing Radarr movie automation"
|
||||
private: false
|
||||
default_branch: "main"
|
||||
default_delete_branch_after_merge: true
|
||||
default_merge_style: "squash"
|
||||
branch_protection:
|
||||
- rule_name: "main"
|
||||
enable_push: false
|
||||
merge_whitelist_users:
|
||||
- "benvin"
|
||||
- "unkinben"
|
||||
status_check_contexts:
|
||||
- "ci/woodpecker/pr/pre-commit"
|
||||
- "ci/woodpecker/pr/plan"
|
||||
approval_whitelist_users:
|
||||
- "unkinben"
|
||||
approval_whitelist_teams:
|
||||
- "Owners"
|
||||
@@ -0,0 +1,18 @@
|
||||
description: "Terraform configuration for managing Sonarr TV automation"
|
||||
private: false
|
||||
default_branch: "main"
|
||||
default_delete_branch_after_merge: true
|
||||
default_merge_style: "squash"
|
||||
branch_protection:
|
||||
- rule_name: "main"
|
||||
enable_push: false
|
||||
merge_whitelist_users:
|
||||
- "benvin"
|
||||
- "unkinben"
|
||||
status_check_contexts:
|
||||
- "ci/woodpecker/pr/pre-commit"
|
||||
- "ci/woodpecker/pr/plan"
|
||||
approval_whitelist_users:
|
||||
- "unkinben"
|
||||
approval_whitelist_teams:
|
||||
- "Owners"
|
||||
@@ -16,4 +16,3 @@ branch_protection:
|
||||
- "unkinben"
|
||||
approval_whitelist_teams:
|
||||
- "Owners"
|
||||
woodpecker: true
|
||||
|
||||
@@ -0,0 +1,8 @@
|
||||
description: "Spiritual successor to shorewall — nftables firewall manager using google/nftables"
|
||||
private: false
|
||||
default_branch: "main"
|
||||
default_delete_branch_after_merge: true
|
||||
default_merge_style: "squash"
|
||||
branch_protection:
|
||||
- rule_name: "main"
|
||||
enable_push: false
|
||||
@@ -0,0 +1,18 @@
|
||||
description: "HashiCorp Vault / OpenBao dynamic secrets engine for LiteLLM virtual keys"
|
||||
private: false
|
||||
default_branch: "main"
|
||||
# Squash-only: the gitea provider has no "default merge style", so we restrict
|
||||
# the allowed styles to squash to force it.
|
||||
allow_merge_commits: false
|
||||
allow_rebase: false
|
||||
allow_rebase_explicit: false
|
||||
allow_squash_merge: true
|
||||
branch_protection:
|
||||
- rule_name: "main"
|
||||
enable_push: false
|
||||
status_check_contexts:
|
||||
- "ci/woodpecker/pr/pre-commit"
|
||||
- "ci/woodpecker/pr/build"
|
||||
- "ci/woodpecker/pr/test"
|
||||
approval_whitelist_teams:
|
||||
- "Owners"
|
||||
@@ -0,0 +1,13 @@
|
||||
description: "forgebot maintainers"
|
||||
permission: none
|
||||
include_all_repositories: false
|
||||
can_create_repos: false
|
||||
repositories:
|
||||
- forgebot
|
||||
- forgebot-skills
|
||||
- container-agent-base
|
||||
- container-agent-dev
|
||||
- container-agent-infra
|
||||
members:
|
||||
- unkinben
|
||||
- benvin
|
||||
@@ -198,58 +198,8 @@ import {
|
||||
id = "12"
|
||||
}
|
||||
|
||||
import {
|
||||
to = module.woodpecker_repository["git.unkin.net/unkin/puppet-prod"].woodpecker_repository.this
|
||||
id = "unkin/puppet-prod"
|
||||
}
|
||||
|
||||
import {
|
||||
to = module.woodpecker_repository["git.unkin.net/unkin/puppet-r10k"].woodpecker_repository.this
|
||||
id = "unkin/puppet-r10k"
|
||||
}
|
||||
|
||||
import {
|
||||
to = module.woodpecker_repository["git.unkin.net/unkin/terraform-vault"].woodpecker_repository.this
|
||||
id = "unkin/terraform-vault"
|
||||
}
|
||||
|
||||
import {
|
||||
to = module.woodpecker_repository["git.unkin.net/unkin/rpmbuilder"].woodpecker_repository.this
|
||||
id = "unkin/rpmbuilder"
|
||||
}
|
||||
|
||||
import {
|
||||
to = module.woodpecker_repository["git.unkin.net/unkin/artifactapi"].woodpecker_repository.this
|
||||
id = "unkin/artifactapi"
|
||||
}
|
||||
|
||||
import {
|
||||
to = module.woodpecker_repository["git.unkin.net/unkin/argocd-apps"].woodpecker_repository.this
|
||||
id = "unkin/argocd-apps"
|
||||
}
|
||||
|
||||
import {
|
||||
to = module.woodpecker_repository["git.unkin.net/unkin/certmanager"].woodpecker_repository.this
|
||||
id = "unkin/certmanager"
|
||||
}
|
||||
|
||||
import {
|
||||
to = module.woodpecker_repository["git.unkin.net/unkin/node-lookup"].woodpecker_repository.this
|
||||
id = "unkin/node-lookup"
|
||||
}
|
||||
|
||||
import {
|
||||
to = module.woodpecker_repository["git.unkin.net/unkin/terraform-provider-artifactapi"].woodpecker_repository.this
|
||||
id = "unkin/terraform-provider-artifactapi"
|
||||
}
|
||||
|
||||
import {
|
||||
to = module.repository["git.unkin.net/unkin/terraform-git"].gitea_repository.this
|
||||
id = "144"
|
||||
}
|
||||
|
||||
import {
|
||||
to = module.woodpecker_repository["git.unkin.net/unkin/terraform-git"].woodpecker_repository.this
|
||||
id = "unkin/terraform-git"
|
||||
}
|
||||
|
||||
|
||||
@@ -55,18 +55,12 @@ module "team" {
|
||||
depends_on = [module.organisation, module.repository]
|
||||
}
|
||||
|
||||
module "woodpecker_repository" {
|
||||
source = "./modules/woodpecker_repository"
|
||||
removed {
|
||||
from = module.woodpecker_repository
|
||||
|
||||
for_each = {
|
||||
for k, v in var.repository : k => v
|
||||
if try(v.woodpecker, false)
|
||||
lifecycle {
|
||||
destroy = false
|
||||
}
|
||||
|
||||
full_name = "${each.value.organisation}/${each.value.name}"
|
||||
visibility = each.value.private ? "private" : "public"
|
||||
|
||||
depends_on = [module.repository]
|
||||
}
|
||||
|
||||
module "branch_protection" {
|
||||
@@ -95,7 +89,7 @@ module "branch_protection" {
|
||||
protected_file_patterns = each.value.protected_file_patterns
|
||||
unprotected_file_patterns = each.value.unprotected_file_patterns
|
||||
|
||||
depends_on = [module.repository]
|
||||
depends_on = [module.repository, module.team]
|
||||
}
|
||||
|
||||
# TODO: enable when deploy keys are needed
|
||||
|
||||
@@ -6,6 +6,10 @@ resource "gitea_team" "this" {
|
||||
include_all_repositories = var.include_all_repositories
|
||||
can_create_repos = var.can_create_repos
|
||||
repositories = var.repositories
|
||||
|
||||
lifecycle {
|
||||
ignore_changes = [permission]
|
||||
}
|
||||
}
|
||||
|
||||
resource "gitea_team_members" "this" {
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
resource "woodpecker_repository" "this" {
|
||||
full_name = var.full_name
|
||||
visibility = var.visibility
|
||||
}
|
||||
@@ -1,9 +0,0 @@
|
||||
terraform {
|
||||
required_version = ">= 1.10"
|
||||
required_providers {
|
||||
woodpecker = {
|
||||
source = "Kichiyaki/woodpecker"
|
||||
version = "0.5.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,8 +0,0 @@
|
||||
variable "full_name" {
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "visibility" {
|
||||
type = string
|
||||
default = "internal"
|
||||
}
|
||||
@@ -32,7 +32,6 @@ variable "repository" {
|
||||
repo_template = optional(bool)
|
||||
website = optional(string)
|
||||
autodetect_manual_merge = optional(bool)
|
||||
woodpecker = optional(bool, false)
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user