146 lines
5.4 KiB
Bash
Executable file
146 lines
5.4 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
ROOT_DIR="$(cd "$(dirname "$0")/../.." && pwd)"
|
|
PLATFORM_REPO_DIR="${PLATFORM_REPO_DIR:-/home/philipp/dev/ae/nuri/unrip3}"
|
|
PLATFORM_ENV_FILE="${PLATFORM_ENV_FILE:-$PLATFORM_REPO_DIR/scripts/hetzner/bootstrap-secrets.env}"
|
|
PLATFORM_RESOLVED_ENV_FILE="${PLATFORM_RESOLVED_ENV_FILE:-$PLATFORM_REPO_DIR/.state/hetzner/bootstrap-secrets.resolved.env}"
|
|
KUBECONFIG_PATH="${KUBECONFIG_PATH:-$PLATFORM_REPO_DIR/.state/hetzner/kubeconfig.yaml}"
|
|
CI_KUBECONFIG_PATH="${CI_KUBECONFIG_PATH:-$PLATFORM_REPO_DIR/.state/hetzner/kubeconfig.incluster.yaml}"
|
|
|
|
PROJECT_NAME="${PROJECT_NAME:-orderbooks}"
|
|
PROJECT_NAMESPACE="${PROJECT_NAMESPACE:-orderbooks}"
|
|
PROJECT_DEPLOYMENTS="${PROJECT_DEPLOYMENTS:-orderbooks-collector}"
|
|
PROJECT_REGISTRY_SECRET_NAME="${PROJECT_REGISTRY_SECRET_NAME:-orderbooks-registry-creds}"
|
|
RCLONE_SECRET_NAME="${RCLONE_SECRET_NAME:-orderbooks-rclone-config}"
|
|
RCLONE_SECRET_KEY="${RCLONE_SECRET_KEY:-rclone.conf}"
|
|
FORGEJO_REPO_OWNER="${FORGEJO_REPO_OWNER:-philipp}"
|
|
FORGEJO_REPO_NAME="${FORGEJO_REPO_NAME:-orderbooks}"
|
|
FORGEJO_REPO_PRIVATE="${FORGEJO_REPO_PRIVATE:-0}"
|
|
|
|
require() {
|
|
command -v "$1" >/dev/null 2>&1 || {
|
|
echo "missing required command: $1" >&2
|
|
exit 1
|
|
}
|
|
}
|
|
|
|
load_env_defaults() {
|
|
local file="$1"
|
|
[[ -f "$file" ]] || return 0
|
|
eval "$(
|
|
python3 - "$file" <<'PY_LOAD_ENV'
|
|
import os
|
|
import shlex
|
|
import sys
|
|
|
|
for raw in open(sys.argv[1], 'r', encoding='utf-8'):
|
|
line = raw.strip()
|
|
if not line or line.startswith('#'):
|
|
continue
|
|
if line.startswith('export '):
|
|
line = line[len('export '):]
|
|
if '=' not in line:
|
|
continue
|
|
key, value = line.split('=', 1)
|
|
key = key.strip()
|
|
value = value.strip()
|
|
if len(value) >= 2 and value[0] == value[-1] and value[0] in {'\"', "'"}:
|
|
value = value[1:-1]
|
|
if key in os.environ:
|
|
continue
|
|
print(f'export {key}={shlex.quote(value)}')
|
|
PY_LOAD_ENV
|
|
)"
|
|
}
|
|
|
|
require kubectl
|
|
require python3
|
|
require base64
|
|
|
|
load_env_defaults "$PLATFORM_ENV_FILE"
|
|
load_env_defaults "$PLATFORM_RESOLVED_ENV_FILE"
|
|
|
|
# Force orderbooks app identity after loading platform defaults. The platform
|
|
# env file may describe the platform repo itself, not this app repo.
|
|
PROJECT_NAME="${ORDERBOOKS_PROJECT_NAME:-orderbooks}"
|
|
PROJECT_NAMESPACE="${ORDERBOOKS_PROJECT_NAMESPACE:-orderbooks}"
|
|
PROJECT_DEPLOYMENTS="${ORDERBOOKS_PROJECT_DEPLOYMENTS:-orderbooks-collector}"
|
|
PROJECT_REGISTRY_SECRET_NAME="${ORDERBOOKS_PROJECT_REGISTRY_SECRET_NAME:-orderbooks-registry-creds}"
|
|
RCLONE_SECRET_NAME="${ORDERBOOKS_RCLONE_SECRET_NAME:-orderbooks-rclone-config}"
|
|
RCLONE_SECRET_KEY="${ORDERBOOKS_RCLONE_SECRET_KEY:-rclone.conf}"
|
|
FORGEJO_REPO_OWNER="${ORDERBOOKS_FORGEJO_REPO_OWNER:-philipp}"
|
|
FORGEJO_REPO_NAME="${ORDERBOOKS_FORGEJO_REPO_NAME:-orderbooks}"
|
|
FORGEJO_REPO_PRIVATE="${ORDERBOOKS_FORGEJO_REPO_PRIVATE:-0}"
|
|
|
|
: "${KUBECONFIG_PATH:?missing kubeconfig path}"
|
|
: "${CI_KUBECONFIG_PATH:?missing CI kubeconfig path}"
|
|
[[ -f "$KUBECONFIG_PATH" ]] || { echo "missing kubeconfig file" >&2; exit 1; }
|
|
[[ -f "$CI_KUBECONFIG_PATH" ]] || { echo "missing in-cluster kubeconfig file" >&2; exit 1; }
|
|
export KUBECONFIG="$KUBECONFIG_PATH"
|
|
|
|
if [[ -z "${FORGEJO_URL:-}" ]]; then
|
|
if [[ -n "${FORGEJO_ROOT_URL:-}" ]]; then
|
|
FORGEJO_URL="$FORGEJO_ROOT_URL"
|
|
elif [[ -n "${FORGEJO_DOMAIN:-}" ]]; then
|
|
FORGEJO_URL="https://${FORGEJO_DOMAIN}"
|
|
else
|
|
echo "missing Forgejo URL" >&2
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
: "${FORGEJO_ADMIN_USERNAME:?missing Forgejo admin username}"
|
|
if [[ -z "${FORGEJO_TOKEN:-}" ]]; then
|
|
: "${FORGEJO_ADMIN_PASSWORD:?missing Forgejo password or token}"
|
|
fi
|
|
|
|
if [[ -z "${REGISTRY_HOST:-}" ]]; then
|
|
if [[ -n "${REGISTRY_DOMAIN:-}" ]]; then
|
|
REGISTRY_HOST="$REGISTRY_DOMAIN"
|
|
else
|
|
echo "missing registry host" >&2
|
|
exit 1
|
|
fi
|
|
fi
|
|
: "${REGISTRY_USERNAME:?missing registry username}"
|
|
: "${REGISTRY_PASSWORD:?missing registry password}"
|
|
|
|
echo "ensuring namespace ${PROJECT_NAMESPACE}"
|
|
kubectl create namespace "$PROJECT_NAMESPACE" --dry-run=client -o yaml | kubectl apply -f -
|
|
|
|
echo "upserting registry secret ${PROJECT_REGISTRY_SECRET_NAME}"
|
|
kubectl -n "$PROJECT_NAMESPACE" create secret docker-registry "$PROJECT_REGISTRY_SECRET_NAME" \
|
|
--docker-server="$REGISTRY_HOST" \
|
|
--docker-username="$REGISTRY_USERNAME" \
|
|
--docker-password="$REGISTRY_PASSWORD" \
|
|
--dry-run=client -o yaml | kubectl apply -f -
|
|
|
|
echo "checking rclone secret key presence"
|
|
kubectl -n "$PROJECT_NAMESPACE" get secret "$RCLONE_SECRET_NAME" \
|
|
-o "go-template={{if index .data \"${RCLONE_SECRET_KEY}\"}}rclone_secret_key_present{{else}}rclone_secret_key_missing{{end}}{{\"\\n\"}}"
|
|
|
|
echo "upserting Forgejo repo and Actions settings"
|
|
forgejo_args=()
|
|
if [[ -n "${FORGEJO_TOKEN:-}" ]]; then
|
|
forgejo_args+=(--token "$FORGEJO_TOKEN")
|
|
else
|
|
forgejo_args+=(--admin-username "$FORGEJO_ADMIN_USERNAME" --admin-password "$FORGEJO_ADMIN_PASSWORD")
|
|
fi
|
|
if [[ "$FORGEJO_REPO_PRIVATE" == "1" || "$FORGEJO_REPO_PRIVATE" == "true" ]]; then
|
|
forgejo_args+=(--repo-private)
|
|
fi
|
|
|
|
python3 "$ROOT_DIR/scripts/deploy/forgejo_repo_bootstrap.py" \
|
|
--forgejo-url "$FORGEJO_URL" \
|
|
--repo-owner "$FORGEJO_REPO_OWNER" \
|
|
--repo-name "$FORGEJO_REPO_NAME" \
|
|
--ci-kubeconfig "$CI_KUBECONFIG_PATH" \
|
|
--registry-host "$REGISTRY_HOST" \
|
|
--project-name "$PROJECT_NAME" \
|
|
--project-namespace "$PROJECT_NAMESPACE" \
|
|
--project-deployments "$PROJECT_DEPLOYMENTS" \
|
|
--project-registry-secret-name "$PROJECT_REGISTRY_SECRET_NAME" \
|
|
"${forgejo_args[@]}"
|
|
|
|
echo "bootstrap complete for ${FORGEJO_REPO_OWNER}/${FORGEJO_REPO_NAME} in namespace ${PROJECT_NAMESPACE}"
|