arcodange-org/factory
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

provide PACKAGES_TOKEN secret

Browse Source
This commit is contained in:
Gabriel Radureau
2024-08-20 11:25:19 +02:00
parent 80fa4ca92f
commit 95f365dbb5
6 changed files with 116 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
ansible/arcodange/factory/playbooks/03_cicd.yml
View File

@@ -3,6 +3,9 @@
- name: Deploy Gitea Action - name: Deploy Gitea Action
hosts: raspberries:&local:!gitea # do not deploy on machine with gitea instance hosts: raspberries:&local:!gitea # do not deploy on machine with gitea instance
roles:
- arcodange.factory.gitea_token # generate gitea_api_token used to replace generated token with set name if required
tasks: tasks:
- name: Fetch Gitea Token for Action Runner registration - name: Fetch Gitea Token for Action Runner registration
@@ -39,9 +42,9 @@
# You don't have to copy this file to your instance, # You don't have to copy this file to your instance,
# just run `./act_runner generate-config > config.yaml` to generate a config file. # just run `./act_runner generate-config > config.yaml` to generate a config file.
log: #log:
# The level of logging, can be trace, debug, info, warn, error, fatal # # The level of logging, can be trace, debug, info, warn, error, fatal
level: info # level: info
runner: runner:
# Where to store the registration result. # Where to store the registration result.
@@ -132,13 +135,35 @@
# The parent directory of a job's working directory. # The parent directory of a job's working directory.
# If it's empty, $HOME/.cache/act/ will be used. # If it's empty, $HOME/.cache/act/ will be used.
workdir_parent: workdir_parent:
- name: Deploy Gitea with Docker Compose - name: Deploy Gitea Action with Docker Compose
community.docker.docker_compose_v2: community.docker.docker_compose_v2:
project_src: "/home/pi/arcodange/docker_composes/arcodange_factory_gitea_action" project_src: "/home/pi/arcodange/docker_composes/arcodange_factory_gitea_action"
pull: missing pull: missing
state: present state: present
register: deploy_result register: deploy_result
- name: Set PACKAGES_TOKEN secret to upload packages from CI
run_once: True
block:
- name: Generate cicd PACKAGES_TOKEN
include_role:
name: arcodange.factory.gitea_token
vars:
gitea_token_name: PACKAGES_TOKEN
gitea_token_fact_name: cicd_PACKAGES_TOKEN
gitea_token_scopes: write:package
gitea_token_replace: true
- name: Register cicd PACKAGES_TOKEN secrets
include_role:
name: arcodange.factory.gitea_secret
vars:
gitea_secret_name: PACKAGES_TOKEN
gitea_secret_value: "{{ cicd_PACKAGES_TOKEN }}"
loop: ["organization", "user"]
loop_control:
loop_var: gitea_owner_type # Peut être "user" ou "organization"
- name: Deploy Argo CD - name: Deploy Argo CD
run_once: true run_once: true
block: block:
@@ -150,3 +175,9 @@
- name: Sync other repos - name: Sync other repos
include_role: include_role:
name: arcodange.factory.gitea_sync name: arcodange.factory.gitea_sync
post_tasks:
- include_role:
name: arcodange.factory.gitea_token
vars:
gitea_token_delete: true

2
ansible/arcodange/factory/playbooks/setup/gitea.yml
View File

@@ -169,7 +169,7 @@
username: "{{ gitea_org_name }}" username: "{{ gitea_org_name }}"
full_name: "{{ gitea_org_full_name }}" full_name: "{{ gitea_org_full_name }}"
description: "{{ gitea_org_description }}" description: "{{ gitea_org_description }}"
visibility: private visibility: public
website: "{{ gitea_org_website }}" website: "{{ gitea_org_website }}"
location: "{{ gitea_org_location }}" location: "{{ gitea_org_location }}"
status_code: 201 status_code: 201

11
ansible/arcodange/factory/roles/gitea_secret/defaults/main.yml Normal file
View File

@@ -0,0 +1,11 @@
gitea_username: arcodange
gitea_organization: arcodange-org
# URL de base du serveur Gitea
gitea_base_url: http://{{ groups.gitea[0] }}:3000
gitea_secret_name: "my_secret" # The name of the secret to put
gitea_secret_value: "super_secret_value" # The value of the secret
gitea_owner_type: "user" # Can be "user" or "organization"
gitea_owner_name: >- # Username or organization name
{{ (gitea_owner_type == 'user') | ternary(gitea_username, gitea_organization) }}

37
ansible/arcodange/factory/roles/gitea_secret/tasks/main.yml Normal file
View File

@@ -0,0 +1,37 @@
- name: Generate Gitea Token
include_role:
name: arcodange.factory.gitea_token
- name: Préparer l'URL de l'API pour mettre à jour ou ajouter un secret
set_fact:
gitea_api_url: |
{{
gitea_base_url ~ "/api/v1/"
~ ((gitea_owner_type == 'user') | ternary('user', 'orgs/' ~ gitea_owner_name))
~ "/actions/secrets/" ~ gitea_secret_name
}}
- name: Ajouter ou mettre à jour le secret
uri:
url: "{{ gitea_api_url }}"
method: PUT
headers:
Authorization: "token {{ gitea_api_token }}"
Content-Type: "application/json"
body_format: json
body: |
{
"name": "{{ gitea_secret_name }}",
"data": "{{ gitea_secret_value }}"
}
status_code:
- 201
- 204
register: gitea_secret_update
- name: Afficher la réponse après l'ajout ou la mise à jour du secret
debug:
msg: >-
Secret {{ gitea_secret_name }}
{{ (gitea_secret_update.status == 204) | ternary('mis à jour','créé') }}
pour {{ gitea_owner_type }} {{ gitea_owner_name }}.

6
ansible/arcodange/factory/roles/gitea_token/defaults/main.yml
View File

@@ -1,4 +1,8 @@
gitea_user_name: arcodange gitea_user_name: arcodange
gitea_container_name: gitea gitea_container_name: gitea
gitea_token_scopes: write:admin,write:organization,write:package,write:repository,write:user gitea_token_scopes: write:admin,write:organization,write:package,write:repository,write:user
# gitea_base_url: 'http://{{ groups.gitea[0] }}:3000' gitea_token_fact_name: gitea_api_token
gitea_base_url: 'http://{{ groups.gitea[0] }}:3000'
gitea_token_replace: false
gitea_token_name: ansible-{{ ansible_date_time.iso8601 }} # require gathering facts
gitea_token_delete: false # only delete token

32
ansible/arcodange/factory/roles/gitea_token/tasks/main.yml
View File

@@ -1,10 +1,12 @@
# to see generated tokens # to see generated tokens
# go to https://gitea.arcodange.duckdns.org/user/settings/applications # go to https://gitea.arcodange.duckdns.org/user/settings/applications
- when: gitea_api_token is undefined - when: lookup('ansible.builtin.varnames', '^' ~ gitea_token_fact_name ~ '$') | length == 0 or gitea_token_delete
block: block:
- name: Create new token for ansible - &createTokenTask
name: Create new token for ansible
when: not gitea_token_delete
delegate_to: "{{ groups.gitea[0] }}" delegate_to: "{{ groups.gitea[0] }}"
delegate_facts: true delegate_facts: true
ansible.builtin.command: >- ansible.builtin.command: >-
@@ -15,9 +17,27 @@
--raw --raw
--scopes {{ gitea_token_scopes }} --scopes {{ gitea_token_scopes }}
register: gitea_api_token_cmd register: gitea_api_token_cmd
vars: ignore_errors: '{{ gitea_token_replace }}'
# ansible_date_time requires having gathered facts
gitea_token_name: ansible-{{ ansible_date_time.iso8601 }} - name: replace token
when:
- gitea_token_delete or gitea_api_token_cmd.rc != 0
- gitea_token_delete or "'access token name has been used already' in gitea_api_token_cmd.stderr"
- gitea_token_delete or gitea_token_replace
- gitea_api_token is defined
block:
- name: "delete token{{ gitea_token_replace | ternary(' to replace','') }}"
uri:
url: "{{ gitea_base_url }}/api/v1/users/{{ gitea_user_name }}/tokens/{{ gitea_token_name }}"
method: DELETE
headers:
Authorization: "Basic {{ (gitea_user_name ~ ':' ~ gitea_api_token) | b64encode }}"
Accept: application/json'
status_code: 204
- <<: *createTokenTask
ignore_errors: false
register: gitea_api_token_cmd_bis
- ansible.builtin.set_fact: - ansible.builtin.set_fact:
gitea_api_token: '{{ gitea_api_token_cmd.stdout }}' '{{ gitea_token_fact_name }}': '{{ (gitea_api_token_cmd.rc == 0) | ternary(gitea_api_token_cmd.stdout, gitea_api_token_cmd_bis.stdout) }}'
when: not gitea_token_delete