docs: update example to use per-type resources
This commit is contained in:
+97
-61
@@ -1,7 +1,8 @@
|
|||||||
terraform {
|
terraform {
|
||||||
required_providers {
|
required_providers {
|
||||||
artifactapi = {
|
artifactapi = {
|
||||||
source = "git.unkin.net/unkin/artifactapi"
|
source = "git.unkin.net/unkin/artifactapi"
|
||||||
|
version = "0.0.1"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -10,101 +11,136 @@ provider "artifactapi" {
|
|||||||
endpoint = "https://artifactapi.k8s.syd1.au.unkin.net"
|
endpoint = "https://artifactapi.k8s.syd1.au.unkin.net"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "artifactapi_remote" "dockerhub" {
|
# Generic — patterns act as allowlist, everything matching is immutable by default
|
||||||
name = "dockerhub"
|
resource "artifactapi_remote_generic" "github" {
|
||||||
package_type = "docker"
|
name = "github"
|
||||||
base_url = "https://registry-1.docker.io"
|
base_url = "https://github.com"
|
||||||
description = "Docker Hub registry"
|
description = "GitHub releases"
|
||||||
|
|
||||||
immutable_ttl = 0
|
|
||||||
mutable_ttl = 300
|
|
||||||
|
|
||||||
immutable_patterns = [
|
|
||||||
"^library/almalinux",
|
|
||||||
"^library/postgres",
|
|
||||||
"^library/redis",
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "artifactapi_remote" "hashicorp_releases" {
|
|
||||||
name = "hashicorp-releases"
|
|
||||||
package_type = "generic"
|
|
||||||
base_url = "https://releases.hashicorp.com"
|
|
||||||
description = "HashiCorp product releases"
|
|
||||||
|
|
||||||
immutable_ttl = 0
|
immutable_ttl = 0
|
||||||
mutable_ttl = 7200
|
mutable_ttl = 7200
|
||||||
|
|
||||||
immutable_patterns = [
|
patterns = [
|
||||||
|
"ducaale/xh/.*/xh-.*-x86_64-unknown-linux-musl.tar.gz$",
|
||||||
|
"mikefarah/yq/.*/yq_linux_amd64$",
|
||||||
|
"neovim/neovim-releases/.*/nvim-linux-x86_64.tar.gz$",
|
||||||
|
]
|
||||||
|
|
||||||
|
# Override: branch archives are mutable
|
||||||
|
mutable_patterns = [
|
||||||
|
".*/archive/refs/heads/.*\\.tar\\.gz$",
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "artifactapi_remote_generic" "hashicorp_releases" {
|
||||||
|
name = "hashicorp-releases"
|
||||||
|
base_url = "https://releases.hashicorp.com"
|
||||||
|
description = "HashiCorp product releases"
|
||||||
|
|
||||||
|
immutable_ttl = 0
|
||||||
|
mutable_ttl = 7200
|
||||||
|
|
||||||
|
patterns = [
|
||||||
"terraform/.*terraform_.*_linux_amd64\\.zip$",
|
"terraform/.*terraform_.*_linux_amd64\\.zip$",
|
||||||
"vault/.*vault_.*_linux_amd64\\.zip$",
|
"vault/.*vault_.*_linux_amd64\\.zip$",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "artifactapi_remote" "terraform_registry" {
|
# Docker — patterns restrict which images are proxied
|
||||||
name = "terraform-registry"
|
# Provider auto-classifies: tag manifests mutable, blobs immutable
|
||||||
package_type = "terraform"
|
resource "artifactapi_remote_docker" "dockerhub" {
|
||||||
base_url = "https://registry.terraform.io"
|
name = "dockerhub"
|
||||||
description = "Terraform provider registry"
|
base_url = "https://registry-1.docker.io"
|
||||||
releases_remote = artifactapi_remote.hashicorp_releases.name
|
description = "Docker Hub registry"
|
||||||
|
|
||||||
immutable_ttl = 0
|
immutable_ttl = 0
|
||||||
mutable_ttl = 300
|
mutable_ttl = 300
|
||||||
|
ban_tags_enabled = true
|
||||||
|
ban_tags = ["latest"]
|
||||||
|
|
||||||
immutable_patterns = [
|
patterns = [
|
||||||
"[^/]+/[^/]+/[^/]+/download/[^/]+/[^/]+$",
|
"^library/almalinux",
|
||||||
|
"^library/postgres",
|
||||||
|
"^library/redis",
|
||||||
|
"^bitnami/",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "artifactapi_remote" "goproxy" {
|
# Helm — no patterns needed, provider knows index.yaml is mutable
|
||||||
name = "goproxy"
|
resource "artifactapi_remote_helm" "jetstack" {
|
||||||
package_type = "goproxy"
|
name = "jetstack"
|
||||||
base_url = "https://proxy.golang.org"
|
base_url = "https://charts.jetstack.io"
|
||||||
description = "Go module proxy"
|
description = "Jetstack Helm charts (cert-manager)"
|
||||||
|
|
||||||
|
immutable_ttl = 0
|
||||||
|
mutable_ttl = 3600
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "artifactapi_remote_helm" "hashicorp_helm" {
|
||||||
|
name = "hashicorp-helm"
|
||||||
|
base_url = "https://helm.releases.hashicorp.com"
|
||||||
|
description = "HashiCorp Helm charts"
|
||||||
|
|
||||||
|
immutable_ttl = 0
|
||||||
|
mutable_ttl = 3600
|
||||||
|
}
|
||||||
|
|
||||||
|
# RPM — no patterns needed, provider knows repodata/* is mutable
|
||||||
|
resource "artifactapi_remote_rpm" "almalinux" {
|
||||||
|
name = "almalinux"
|
||||||
|
base_url = "https://gsl-syd.mm.fcix.net/almalinux"
|
||||||
|
description = "AlmaLinux RPM package repository"
|
||||||
|
|
||||||
|
immutable_ttl = 0
|
||||||
|
mutable_ttl = 7200
|
||||||
|
}
|
||||||
|
|
||||||
|
# Terraform registry — needs releases_remote for URL rewriting
|
||||||
|
resource "artifactapi_remote_terraform" "terraform_registry" {
|
||||||
|
name = "terraform-registry"
|
||||||
|
base_url = "https://registry.terraform.io"
|
||||||
|
description = "Terraform provider registry"
|
||||||
|
releases_remote = artifactapi_remote_generic.hashicorp_releases.name
|
||||||
|
|
||||||
immutable_ttl = 0
|
immutable_ttl = 0
|
||||||
mutable_ttl = 300
|
mutable_ttl = 300
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "artifactapi_remote" "jetstack" {
|
# Go module proxy — provider knows @v/list is mutable, .zip/.mod/.info immutable
|
||||||
name = "jetstack"
|
resource "artifactapi_remote_goproxy" "goproxy" {
|
||||||
package_type = "helm"
|
name = "goproxy"
|
||||||
base_url = "https://charts.jetstack.io"
|
base_url = "https://proxy.golang.org"
|
||||||
description = "Jetstack Helm charts (cert-manager)"
|
description = "Go module proxy"
|
||||||
|
|
||||||
immutable_ttl = 0
|
immutable_ttl = 0
|
||||||
mutable_ttl = 3600
|
mutable_ttl = 300
|
||||||
check_mutable = true
|
|
||||||
|
|
||||||
immutable_patterns = ["\\.tgz$"]
|
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "artifactapi_remote" "hashicorp_helm" {
|
# Alpine — provider knows APKINDEX.tar.gz is mutable
|
||||||
name = "hashicorp-helm"
|
resource "artifactapi_remote_alpine" "alpine" {
|
||||||
package_type = "helm"
|
name = "alpine"
|
||||||
base_url = "https://helm.releases.hashicorp.com"
|
base_url = "https://dl-cdn.alpinelinux.org"
|
||||||
description = "HashiCorp Helm charts"
|
description = "Alpine Linux APK package repository"
|
||||||
|
|
||||||
immutable_ttl = 0
|
immutable_ttl = 0
|
||||||
mutable_ttl = 3600
|
mutable_ttl = 7200
|
||||||
check_mutable = true
|
|
||||||
|
|
||||||
immutable_patterns = ["\\.tgz$"]
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Virtual — merges multiple helm repos into one index
|
||||||
resource "artifactapi_virtual" "helm" {
|
resource "artifactapi_virtual" "helm" {
|
||||||
name = "helm"
|
name = "helm"
|
||||||
package_type = "helm"
|
package_type = "helm"
|
||||||
description = "All helm repos merged"
|
description = "All helm repos merged"
|
||||||
|
|
||||||
members = [
|
members = [
|
||||||
artifactapi_remote.jetstack.name,
|
artifactapi_remote_helm.jetstack.name,
|
||||||
artifactapi_remote.hashicorp_helm.name,
|
artifactapi_remote_helm.hashicorp_helm.name,
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Data source — read a remote's config
|
||||||
data "artifactapi_remote" "dockerhub" {
|
data "artifactapi_remote" "dockerhub" {
|
||||||
name = artifactapi_remote.dockerhub.name
|
name = artifactapi_remote_docker.dockerhub.name
|
||||||
}
|
}
|
||||||
|
|
||||||
output "dockerhub_base_url" {
|
output "dockerhub_base_url" {
|
||||||
|
|||||||
Reference in New Issue
Block a user