From 069edd72f17f5816ce087e7b9966dbbfbf751b57 Mon Sep 17 00:00:00 2001 From: Gabriel Radureau Date: Wed, 6 May 2026 14:37:48 +0200 Subject: [PATCH] chore(cicd): drop temporary commented-out tasks from 03_cicd.yml Removes the commented PACKAGES_TOKEN/HOMELAB_CA_CERT blocks and the legacy "Deploy Argo CD" play that were left behind during the migration to Helm-based ArgoCD. Co-Authored-By: Claude Opus 4.7 (1M context) --- .../arcodange/factory/playbooks/03_cicd.yml | 232 ------------------ 1 file changed, 232 deletions(-) diff --git a/ansible/arcodange/factory/playbooks/03_cicd.yml b/ansible/arcodange/factory/playbooks/03_cicd.yml index bca4a34..6784be6 100644 --- a/ansible/arcodange/factory/playbooks/03_cicd.yml +++ b/ansible/arcodange/factory/playbooks/03_cicd.yml @@ -157,235 +157,3 @@ loop: ["absent", "present"] loop_control: loop_var: docker_compose_down_then_up - -# - name: Set PACKAGES_TOKEN secret to upload packages from CI -# run_once: True -# block: -# - name: Generate cicd PACKAGES_TOKEN -# include_role: -# name: arcodange.factory.gitea_token -# vars: -# gitea_token_name: PACKAGES_TOKEN -# gitea_token_fact_name: cicd_PACKAGES_TOKEN -# gitea_token_scopes: write:package -# gitea_token_replace: true - -# - name: Register cicd PACKAGES_TOKEN secrets -# include_role: -# name: arcodange.factory.gitea_secret -# vars: -# gitea_secret_name: PACKAGES_TOKEN -# gitea_secret_value: "{{ cicd_PACKAGES_TOKEN }}" -# loop: ["organization", "user"] -# loop_control: -# loop_var: gitea_owner_type # Peut ĂȘtre "user" ou "organization" - -# - name: Set HOMELAB_CA_CERT secret to validate self signed ssl -# run_once: True -# block: -# - name: Download homelab CA certificate -# ansible.builtin.uri: -# url: "https://ssl-ca.arcodange.lab:8443/roots.pem" -# return_content: yes -# validate_certs: no -# register: homelab_ca_cert -# - name: Debug cert -# debug: -# msg: "{{ homelab_ca_cert.content }}..." -# - name: Register cicd HOMELAB_CA_CERT secrets -# include_role: -# name: arcodange.factory.gitea_secret -# vars: -# gitea_secret_name: HOMELAB_CA_CERT -# gitea_secret_value: "{{ homelab_ca_cert.content | b64encode }}" -# loop: ["organization", "user"] -# loop_control: -# loop_var: gitea_owner_type # Peut ĂȘtre "user" ou "organization" - -# post_tasks: -# - include_role: -# name: arcodange.factory.gitea_token -# vars: -# gitea_token_delete: true - - -# - name: Deploy Argo CD -# hosts: localhost -# roles: -# - role: arcodange.factory.gitea_token # generate gitea_api_token used to replace generated token with set name if required -# tags: -# - gitea_sync -# tasks: -# - name: Set factory repo -# include_role: -# name: arcodange.factory.gitea_repo -# vars: -# gitea_repo_name: factory -# - name: Sync other repos -# tags: gitea_sync -# include_role: -# name: arcodange.factory.gitea_sync -# apply: -# tags: gitea_sync -# - name: Generate Argo CD token -# include_role: -# name: arcodange.factory.gitea_token -# vars: -# gitea_token_name: ARGOCD_TOKEN -# gitea_token_fact_name: argocd_token -# gitea_token_scopes: read:repository,read:package -# gitea_token_replace: true -# - name: Figure out k3s master node -# shell: -# kubectl get nodes -l node-role.kubernetes.io/control-plane=true -o name | sed s'#node/##' -# register: get_k3s_master_node -# changed_when: false -# - name: Get kubernetes server internal url -# command: >- -# echo https://kubernetes.default.svc -# # {%raw%} -# # kubectl get svc/kubernetes -o template="{{.spec.clusterIP}}:{{(index .spec.ports 0).port}}" -# # {%endraw%} -# register: get_k3s_internal_server_url -# changed_when: false -# - set_fact: -# k3s_master_node: "{{ get_k3s_master_node.stdout }}" -# k3s_internal_server_url: "{{ get_k3s_internal_server_url.stdout }}" -# - name: Read Step CA root certificate from k3s master -# become: true -# delegate_to: "{{ k3s_master_node }}" -# slurp: -# src: /home/step/.step/certs/root_ca.crt -# register: step_ca_root_cert -# - name: Decode Step CA root certificate -# set_fact: -# step_ca_root_cert_pem: "{{ step_ca_root_cert.content | b64decode }}" -# - name: Install Argo CD -# become: true -# delegate_to: "{{ k3s_master_node }}" -# vars: -# gitea_credentials: -# username: arcodange -# password: "{{ argocd_token }}" -# argocd_helm_values: # https://github.com/argoproj/argo-helm/blob/main/charts/argo-cd/values.yaml -# global: -# domain: argocd.arcodange.lab -# configs: -# cm: -# kustomize.buildOptions: "--enable-helm" -# helm.enablePostRenderer: "true" -# exec.enabled: "true" -# params: -# server.insecure: true # let k3s traefik do TLS termination -# ansible.builtin.copy: -# dest: /var/lib/rancher/k3s/server/manifests/argocd.yaml -# content: |- -# apiVersion: v1 -# kind: Namespace -# metadata: -# name: argocd -# --- -# apiVersion: v1 -# kind: ConfigMap -# metadata: -# name: argocd-tls-certs-cm -# namespace: argocd -# data: -# gitea.arcodange.lab: | -# {{ step_ca_root_cert_pem | indent(4) }} -# --- -# apiVersion: helm.cattle.io/v1 -# kind: HelmChart -# metadata: -# name: argocd -# namespace: kube-system -# spec: -# repo: https://argoproj.github.io/argo-helm -# chart: argo-cd -# targetNamespace: argocd -# valuesContent: |- -# {{ argocd_helm_values | to_nice_yaml | indent( width=4 ) }} -# --- -# apiVersion: networking.k8s.io/v1 -# kind: Ingress -# metadata: -# name: argocd-server-ingress -# namespace: argocd -# annotations: -# # For Traefik v2.x -# traefik.ingress.kubernetes.io/router.entrypoints: websecure -# traefik.ingress.kubernetes.io/router.tls: "true" -# traefik.ingress.kubernetes.io/router.tls.certresolver: letsencrypt -# traefik.ingress.kubernetes.io/router.tls.domains.0.main: arcodange.lab -# traefik.ingress.kubernetes.io/router.tls.domains.0.sans: argocd.arcodange.lab -# traefik.ingress.kubernetes.io/router.middlewares: localIp@file -# spec: -# rules: -# - host: argocd.arcodange.lab -# http: -# paths: -# - path: / -# pathType: Prefix -# backend: -# service: -# name: argocd-server -# port: -# number: 80 #TLS is terminated at Traefik -# --- -# apiVersion: v1 -# kind: Secret -# metadata: -# name: gitea-arcodangeorg-factory-repo -# namespace: argocd -# labels: -# argocd.argoproj.io/secret-type: repository -# stringData: -# type: git -# url: https://gitea.arcodange.lab/arcodange-org/factory -# --- -# apiVersion: v1 -# kind: Secret -# metadata: -# name: gitea-arcodangeorg-repo-creds -# namespace: argocd -# labels: -# argocd.argoproj.io/secret-type: repo-creds -# stringData: -# type: git -# url: https://gitea.arcodange.lab/arcodange-org -# password: {{ gitea_credentials.password }} -# username: {{ gitea_credentials.username }} -# --- -# apiVersion: argoproj.io/v1alpha1 -# kind: Application -# metadata: -# name: factory -# namespace: argocd -# spec: -# project: default -# source: -# repoURL: https://gitea.arcodange.lab/arcodange-org/factory -# targetRevision: HEAD -# path: argocd -# destination: -# server: {{ k3s_internal_server_url }} -# namespace: argocd -# syncPolicy: -# automated: -# prune: true -# selfHeal: true -# - name: touch manifests/argocd.yaml to trigger update -# delegate_to: "{{ k3s_master_node }}" -# ansible.builtin.file: -# path: /var/lib/rancher/k3s/server/manifests/argocd.yaml -# state: touch -# become: true -# post_tasks: -# - include_role: -# name: arcodange.factory.gitea_token -# apply: -# tags: gitea_sync -# tags: -# - gitea_sync -# vars: -# gitea_token_delete: true \ No newline at end of file