#!/usr/bin/env bash set -euo pipefail ROOT_DIR="$(cd "$(dirname "$0")/../.." && pwd)" PLATFORM_REPO_DIR="${PLATFORM_REPO_DIR:-/home/philipp/dev/ae/nuri/unrip3}" PLATFORM_ENV_FILE="${PLATFORM_ENV_FILE:-$PLATFORM_REPO_DIR/scripts/hetzner/bootstrap-secrets.env}" PLATFORM_RESOLVED_ENV_FILE="${PLATFORM_RESOLVED_ENV_FILE:-$PLATFORM_REPO_DIR/.state/hetzner/bootstrap-secrets.resolved.env}" KUBECONFIG_PATH="${KUBECONFIG_PATH:-$PLATFORM_REPO_DIR/.state/hetzner/kubeconfig.yaml}" CI_KUBECONFIG_PATH="${CI_KUBECONFIG_PATH:-$PLATFORM_REPO_DIR/.state/hetzner/kubeconfig.incluster.yaml}" PROJECT_NAME="${PROJECT_NAME:-orderbooks}" PROJECT_NAMESPACE="${PROJECT_NAMESPACE:-orderbooks}" PROJECT_DEPLOYMENTS="${PROJECT_DEPLOYMENTS:-orderbooks-collector}" PROJECT_REGISTRY_SECRET_NAME="${PROJECT_REGISTRY_SECRET_NAME:-orderbooks-registry-creds}" RCLONE_SECRET_NAME="${RCLONE_SECRET_NAME:-orderbooks-rclone-config}" RCLONE_SECRET_KEY="${RCLONE_SECRET_KEY:-rclone.conf}" FORGEJO_REPO_OWNER="${FORGEJO_REPO_OWNER:-philipp}" FORGEJO_REPO_NAME="${FORGEJO_REPO_NAME:-orderbooks}" FORGEJO_REPO_PRIVATE="${FORGEJO_REPO_PRIVATE:-0}" require() { command -v "$1" >/dev/null 2>&1 || { echo "missing required command: $1" >&2 exit 1 } } load_env_defaults() { local file="$1" [[ -f "$file" ]] || return 0 eval "$( python3 - "$file" <<'PY_LOAD_ENV' import os import shlex import sys for raw in open(sys.argv[1], 'r', encoding='utf-8'): line = raw.strip() if not line or line.startswith('#'): continue if line.startswith('export '): line = line[len('export '):] if '=' not in line: continue key, value = line.split('=', 1) key = key.strip() value = value.strip() if len(value) >= 2 and value[0] == value[-1] and value[0] in {'\"', "'"}: value = value[1:-1] if key in os.environ: continue print(f'export {key}={shlex.quote(value)}') PY_LOAD_ENV )" } require kubectl require python3 require base64 load_env_defaults "$PLATFORM_ENV_FILE" load_env_defaults "$PLATFORM_RESOLVED_ENV_FILE" # Force orderbooks app identity after loading platform defaults. The platform # env file may describe the platform repo itself, not this app repo. PROJECT_NAME="${ORDERBOOKS_PROJECT_NAME:-orderbooks}" PROJECT_NAMESPACE="${ORDERBOOKS_PROJECT_NAMESPACE:-orderbooks}" PROJECT_DEPLOYMENTS="${ORDERBOOKS_PROJECT_DEPLOYMENTS:-orderbooks-collector}" PROJECT_REGISTRY_SECRET_NAME="${ORDERBOOKS_PROJECT_REGISTRY_SECRET_NAME:-orderbooks-registry-creds}" RCLONE_SECRET_NAME="${ORDERBOOKS_RCLONE_SECRET_NAME:-orderbooks-rclone-config}" RCLONE_SECRET_KEY="${ORDERBOOKS_RCLONE_SECRET_KEY:-rclone.conf}" FORGEJO_REPO_OWNER="${ORDERBOOKS_FORGEJO_REPO_OWNER:-philipp}" FORGEJO_REPO_NAME="${ORDERBOOKS_FORGEJO_REPO_NAME:-orderbooks}" FORGEJO_REPO_PRIVATE="${ORDERBOOKS_FORGEJO_REPO_PRIVATE:-0}" : "${KUBECONFIG_PATH:?missing kubeconfig path}" : "${CI_KUBECONFIG_PATH:?missing CI kubeconfig path}" [[ -f "$KUBECONFIG_PATH" ]] || { echo "missing kubeconfig file" >&2; exit 1; } [[ -f "$CI_KUBECONFIG_PATH" ]] || { echo "missing in-cluster kubeconfig file" >&2; exit 1; } export KUBECONFIG="$KUBECONFIG_PATH" if [[ -z "${FORGEJO_URL:-}" ]]; then if [[ -n "${FORGEJO_ROOT_URL:-}" ]]; then FORGEJO_URL="$FORGEJO_ROOT_URL" elif [[ -n "${FORGEJO_DOMAIN:-}" ]]; then FORGEJO_URL="https://${FORGEJO_DOMAIN}" else echo "missing Forgejo URL" >&2 exit 1 fi fi : "${FORGEJO_ADMIN_USERNAME:?missing Forgejo admin username}" if [[ -z "${FORGEJO_TOKEN:-}" ]]; then : "${FORGEJO_ADMIN_PASSWORD:?missing Forgejo password or token}" fi if [[ -z "${REGISTRY_HOST:-}" ]]; then if [[ -n "${REGISTRY_DOMAIN:-}" ]]; then REGISTRY_HOST="$REGISTRY_DOMAIN" else echo "missing registry host" >&2 exit 1 fi fi : "${REGISTRY_USERNAME:?missing registry username}" : "${REGISTRY_PASSWORD:?missing registry password}" echo "ensuring namespace ${PROJECT_NAMESPACE}" kubectl create namespace "$PROJECT_NAMESPACE" --dry-run=client -o yaml | kubectl apply -f - echo "upserting registry secret ${PROJECT_REGISTRY_SECRET_NAME}" kubectl -n "$PROJECT_NAMESPACE" create secret docker-registry "$PROJECT_REGISTRY_SECRET_NAME" \ --docker-server="$REGISTRY_HOST" \ --docker-username="$REGISTRY_USERNAME" \ --docker-password="$REGISTRY_PASSWORD" \ --dry-run=client -o yaml | kubectl apply -f - echo "checking rclone secret key presence" kubectl -n "$PROJECT_NAMESPACE" get secret "$RCLONE_SECRET_NAME" \ -o "go-template={{if index .data \"${RCLONE_SECRET_KEY}\"}}rclone_secret_key_present{{else}}rclone_secret_key_missing{{end}}{{\"\\n\"}}" echo "upserting Forgejo repo and Actions settings" forgejo_args=() if [[ -n "${FORGEJO_TOKEN:-}" ]]; then forgejo_args+=(--token "$FORGEJO_TOKEN") else forgejo_args+=(--admin-username "$FORGEJO_ADMIN_USERNAME" --admin-password "$FORGEJO_ADMIN_PASSWORD") fi if [[ "$FORGEJO_REPO_PRIVATE" == "1" || "$FORGEJO_REPO_PRIVATE" == "true" ]]; then forgejo_args+=(--repo-private) fi python3 "$ROOT_DIR/scripts/deploy/forgejo_repo_bootstrap.py" \ --forgejo-url "$FORGEJO_URL" \ --repo-owner "$FORGEJO_REPO_OWNER" \ --repo-name "$FORGEJO_REPO_NAME" \ --ci-kubeconfig "$CI_KUBECONFIG_PATH" \ --registry-host "$REGISTRY_HOST" \ --project-name "$PROJECT_NAME" \ --project-namespace "$PROJECT_NAMESPACE" \ --project-deployments "$PROJECT_DEPLOYMENTS" \ --project-registry-secret-name "$PROJECT_REGISTRY_SECRET_NAME" \ "${forgejo_args[@]}" echo "bootstrap complete for ${FORGEJO_REPO_OWNER}/${FORGEJO_REPO_NAME} in namespace ${PROJECT_NAMESPACE}"