openinfradev · ktkfree · Feb 22, 2023 · Feb 20, 2023 · Feb 20, 2023
diff --git a/git-repo/event-gitea-render-manifests.yaml b/git-repo/event-gitea-render-manifests.yaml
@@ -0,0 +1,156 @@
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+  name: event-gitea-render-manifests
+  namespace: argo
+spec:
+  entrypoint: main
+  arguments:
+    parameters:
+    - name: decapod_site_repo
+      value: "org/cluster_id"
+
+  templates:
+  - name: main
+    inputs:
+      parameters:
+      - name: decapod_site_repo
+    steps:
+    - - name: prepare-rendering
+        template: prepare-rendering-template
+        arguments:
+          parameters:
+          - name: decapod_site_repo
+            value: "{{inputs.parameters.decapod_site_repo}}"
+
+    - - name: call-render-manifests
+        templateRef:
+          name: render-manifests
+          template: render-manifests-template
+        arguments:
+          parameters:
+          - name: cluster_id
+            value: "{{steps.prepare-rendering.outputs.parameters.cluster_id}}"
+          - name: base_repo_url
+            value: "{{steps.prepare-rendering.outputs.parameters.base_repo_url}}"
+          - name: base_repo_branch
+            value: "{{steps.prepare-rendering.outputs.parameters.base_repo_branch}}"
+          - name: site_repo_url
+            value: "{{steps.prepare-rendering.outputs.parameters.site_repo_url}}"
+          - name: site_repo_branch
+            value: "{{steps.prepare-rendering.outputs.parameters.site_repo_branch}}"
+          - name: manifest_repo_url
+            value: "{{steps.prepare-rendering.outputs.parameters.manifest_repo_url}}"
+          - name: manifest_repo_branch
+            value: "{{steps.prepare-rendering.outputs.parameters.manifest_repo_branch}}"
+          - name: git_repo_type
+            value: "gitea"
+          - name: https_enabled
+            value: "{{steps.prepare-rendering.outputs.parameters.https_enabled}}"
+
+  - name: prepare-rendering-template
+    volumes:
+      - name: out
+        emptyDir: {}
+    inputs:
+      parameters:
+      - name: decapod_site_repo
+    container:
+      image: docker.io/library/bash:latest
+      volumeMounts:
+      - name: out
+        mountPath: /mnt/out
+      command:
+      - /usr/local/bin/bash
+      - '-exc'
+      - |
+        #!/bin/bash
+
+        function log() {
+          level=$2
+          msg=$3
+          date=$(date '+%F %H:%M:%S')
+          if [ $1 -eq 0 ];then
+            echo "[$date] $level     $msg"
+          else
+            level="ERROR"
+            echo "[$date] $level     $msg failed"
+            exit $1
+          fi
+        }
+
+        function write_output() {
+          key=$1
+          value=$2
+
+          echo -n $value > /mnt/out/$key.txt
+        }
+
+        GIT_SVC_HTTP=${GIT_SVC_URL%:*}
+        GIT_SVC_BASE_URL=${GIT_SVC_URL#*//}
+
+        if [ "$GIT_SVC_HTTP" = "https" ];then
+            https_enabled="true"
+        else
+            https_enabled="false"
+        fi
+
+        DECAPOD_SITE_REPO={{inputs.parameters.decapod_site_repo}}
+
+        gitea_org=${DECAPOD_SITE_REPO%\/*}
+
+        cluster_id=${DECAPOD_SITE_REPO#*\/}
+        base_repo_url="$GIT_SVC_BASE_URL/$gitea_org/decapod-base-yaml"
+        base_repo_branch="main"
+        site_repo_url="$GIT_SVC_BASE_URL/$gitea_org/$cluster_id"
+        site_repo_branch="main"
+        manifest_repo_url="$GIT_SVC_BASE_URL/$gitea_org/$cluster_id-manifests"
+        manifest_repo_branch="main"
+
+        write_output "cluster_id" $cluster_id
+        write_output "base_repo_url" $base_repo_url
+        write_output "base_repo_branch" $base_repo_branch
+        write_output "site_repo_url" $site_repo_url
+        write_output "site_repo_branch" $site_repo_branch
+        write_output "manifest_repo_url" $manifest_repo_url
+        write_output "manifest_repo_branch" $manifest_repo_branch
+        write_output "https_enabled" $https_enabled
+
+      envFrom:
+        - secretRef:
+            name: "git-svc-token"
+
+    outputs:
+      parameters:
+      - name: cluster_id
+        valueFrom:
+          default: "Something wrong"
+          path: /mnt/out/cluster_id.txt
+      - name: base_repo_url
+        valueFrom:
+          default: "Something wrong"
+          path: /mnt/out/base_repo_url.txt
+      - name: base_repo_branch
+        valueFrom:
+          default: "Something wrong"
+          path: /mnt/out/base_repo_branch.txt
+      - name: site_repo_url
+        valueFrom:
+          default: "Something wrong"
+          path: /mnt/out/site_repo_url.txt
+      - name: site_repo_branch
+        valueFrom:
+          default: "Something wrong"
+          path: /mnt/out/site_repo_branch.txt
+      - name: manifest_repo_url
+        valueFrom:
+          default: "Something wrong"
+          path: /mnt/out/manifest_repo_url.txt
+      - name: manifest_repo_branch
+        valueFrom:
+          default: "Something wrong"
+          path: /mnt/out/manifest_repo_branch.txt
+      - name: https_enabled
+        valueFrom:
+          default: "Something wrong"
+          path: /mnt/out/https_enabled.txt
diff --git a/git-repo/gitea-webhook-event-consumer.yaml b/git-repo/gitea-webhook-event-consumer.yaml
@@ -0,0 +1,17 @@
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowEventBinding
+metadata:
+  name: gitea-webhook-event-consumer
+  namespace: argo
+spec:
+  event:
+    selector: payload.full_name != "" && metadata["x-github-event"] == ["push"] && discriminator == "gitea-webhook"
+  submit:
+    workflowTemplateRef:
+      name: event-gitea-render-manifests
+    arguments:
+      parameters:
+      - name: decapod_site_repo
+        valueFrom:
+          event: payload.full_name
+
diff --git a/git-repo/gitea_webhook_role.yaml b/git-repo/gitea_webhook_role.yaml
@@ -0,0 +1,53 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: gitea-webhook
+  namespace: argo
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: gitea-webhook.service-account-token
+  namespace: argo
+  annotations:
+    kubernetes.io/service-account.name: gitea-webhook
+type: kubernetes.io/service-account-token
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: gitea-webhook
+  namespace: argo
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: submit-workflow-template
+subjects:
+- kind: ServiceAccount
+  name: gitea-webhook
+  namespace: argo
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: submit-workflow-template
+  namespace: argo
+rules:
+  - apiGroups:
+      - argoproj.io
+    resources:
+      - workfloweventbindings
+    verbs:
+      - list
+  - apiGroups:
+      - argoproj.io
+    resources:
+      - workflowtemplates
+    verbs:
+      - get
+  - apiGroups:
+      - argoproj.io
+    resources:
+      - workflows
+    verbs:
+      - create
diff --git a/git-repo/render-manifests.yaml b/git-repo/render-manifests.yaml
@@ -23,6 +23,8 @@ spec:
       value: main
     - name: git_repo_type
       value: github
+    - name: https_enabled
+      value: "true"
 
   templates:
   #=========================================================
@@ -50,6 +52,8 @@ spec:
             value: "{{workflow.parameters.manifest_repo_branch}}"
           - name: git_repo_type
             value: "{{workflow.parameters.git_repo_type}}"
+          - name: https_enabled
+            value: "{{workflow.parameters.https_enabled}}"
 
   #=========================================================
   # Template Definition
@@ -65,6 +69,7 @@ spec:
       - name: manifest_repo_url
       - name: manifest_repo_branch
       - name: git_repo_type
+      - name: https_enabled
     container:
       name: render-manifests-template
       image: sktcloud/decapod-render:v2.1.0
@@ -101,9 +106,14 @@ spec:
         BASE_DIR="decapod-base-yaml"
         DOCKER_IMAGE_REPO="docker.io"
         OUTPUT_DIR="output"
+        if [ "{{inputs.parameters.https_enabled}}" = "true" ]; then
+          HTTP_STRING="https"
+        else
+          HTTP_STRING="http"
+        fi
 
         # download site-yaml
-        git clone -b ${SITE_REPO_BRANCH} https://$(echo -n ${GIT_TOKEN})@${SITE_REPO_URL} ${SITE_DIR}
+        git clone -b ${SITE_REPO_BRANCH} $HTTP_STRING://$(echo -n ${GIT_TOKEN})@${SITE_REPO_URL} ${SITE_DIR}
         log $? "INFO" "Fetching ${SITE_REPO_URL} with ${SITE_REPO_BRANCH} branch/tag........."
         cd ${SITE_DIR}
         site_commit_msg=$(git show -s --format="[%h] %s" HEAD)
@@ -113,7 +123,7 @@ spec:
         site_list=$(ls -d */ | sed 's/\///g' | egrep -v "docs|^template|^deprecated|output|offline")
 
         # download base-yaml
-        git clone -b ${BASE_REPO_BRANCH} https://$(echo -n ${GIT_TOKEN})@${BASE_REPO_URL} ${BASE_DIR}
+        git clone -b ${BASE_REPO_BRANCH} $HTTP_STRING://$(echo -n ${GIT_TOKEN})@${BASE_REPO_URL} ${BASE_DIR}
         log $? "INFO" "Fetching ${BASE_REPO_URL} with ${BASE_REPO_BRANCH} branch/tag........."
         base_commit_msg=$(cd ${BASE_DIR}; git show -s --format="[%h] %s" HEAD)
 
@@ -169,7 +179,7 @@ spec:
         #-----------------------------------------------
         # push manifests files
         #-----------------------------------------------
-        git clone https://$(echo -n ${GIT_TOKEN})@${MANIFEST_REPO_URL} origin-manifests
+        git clone $HTTP_STRING://$(echo -n ${GIT_TOKEN})@${MANIFEST_REPO_URL} origin-manifests
         log 0 "INFO" "git clone ${MANIFEST_REPO_URL}"
         cd origin-manifests
         if [ -z "${MANIFEST_REPO_BRANCH}" ]; then
@@ -194,7 +204,7 @@ spec:
         git push origin ${MANIFEST_REPO_BRANCH}
 
         if [ "${MANIFEST_REPO_BRANCH}" != "main" ] && [ "${GIT_REPO_TYPE}" == "gitea" ]; then
-          curl -X POST -H "content-type: application/json" -H "Authorization: token ${GIT_TOKEN}" --data "{ \"base\": \"main\", \"body\": \"rendered from\n - base: ${base_commit_msg}\n - site: ${site_commit_msg}\", \"head\": \"${MANIFEST_REPO_BRANCH}\", \"title\": \"rendered from site: ${site_commit_msg}\"}" https://${MANIFEST_REPO_URL%%/*}/api/v1/repos/${MANIFEST_REPO_URL#*/}/pulls
+          curl -X POST -H "content-type: application/json" -H "Authorization: token ${GIT_TOKEN}" --data "{ \"base\": \"main\", \"body\": \"rendered from\n - base: ${base_commit_msg}\n - site: ${site_commit_msg}\", \"head\": \"${MANIFEST_REPO_BRANCH}\", \"title\": \"rendered from site: ${site_commit_msg}\"}" $HTTP_STRING://${MANIFEST_REPO_URL%%/*}/api/v1/repos/${MANIFEST_REPO_URL#*/}/pulls
         fi
 
         log 0 "INFO" "pushed all manifests files"