fix: ⚡ projectsRootDir, gitlab-catalog, fixes

cloud-pi-native · May 15, 2023 · bd1f61b · bd1f61b
1 parent 59b504a
commit bd1f61b
Show file tree

Hide file tree

Showing 10 changed files with 87 additions and 55 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,5 @@
 # Variables
 vars.yaml
 
-roles/cert-manager/filter_plugins/__pycache__/*
+# compiled filter_plugins
+**/__pycache__/*
diff --git a/install.yaml b/install.yaml
@@ -41,6 +41,10 @@
       tags:
         - gitlab
 
+    - name: gitlab-catalog
+      tags:
+        - catalog
+
     - name: gitlab-runner
       tags:
         - gitlab-runner

diff --git a/roles/argocd/tasks/main.yaml b/roles/argocd/tasks/main.yaml
@@ -126,7 +126,7 @@
     definition:
       data:
         password: "{{ ansible_inventory.resources[0].data.GITLAB_TOKEN | b64encode }}"
-        url: "{{ ('https://' + GITLAB_DOMAIN + '/forge-mi/projects') | b64encode }}"
+        url: "{{ ('https://' + ([GITLAB_DOMAIN, projectsRootDir] | flatten | join ('/') )) | b64encode }}"
         username: "{{ 'root' | b64encode }}"
       kind: Secret
       metadata:

diff --git a/roles/console-dso-config/tasks/main.yml b/roles/console-dso-config/tasks/main.yml
@@ -31,3 +31,4 @@
         # SONAR_API_TOKEN: roles/sonarqube/tasks/main.yaml
         # VAULT_TOKEN: roles/vault/tasks/main.yaml
         ARGO_NAMESPACE: "{{ ARGOCD_NAMESPACE }}"
+        PROJECTS_ROOT_DIR: "{{ projectsRootDir | join('/') }}"
diff --git a/roles/gitlab-catalog/tasks/main.yaml b/roles/gitlab-catalog/tasks/main.yaml
@@ -19,7 +19,7 @@
     import_url: https://github.com/hexa-forge/gitlab-ci-catalog.git
     name: Catalog
     path: catalog
-    group: forge-mi/projects
+    group: "{{ projectsRootDir | join('/') }}"
   register: catalog_repo
 
 - name: Get destination catalog branches
@@ -54,37 +54,39 @@
     branches: "{{ source_branches.json | diff_branches(destination_branches.json) }}"
     tags: "{{ source_tags.json | diff_tags(destination_tags.json) }}"
 
-- debug: var=branches
-- debug: var=tags
 - name: update refs
   block:
-  - name: Ensure no repo exist locally
-    shell: rm -rf test
+    - name: Ensure no repo exist locally
+      ansible.builtin.file:
+        path: test
+        state: absent
 
-  - name: synchronize branches
-    when: branches.to_push or branches.to_delete or tags.to_push or tags.to_delete 
-    shell: |
-      set -e
-      git clone https://github.com/hexa-forge/gitlab-ci-catalog.git test && cd test || exit 1
-      git remote add dest https://root:{{ gitlab_token }}@{{ GITLAB_DOMAIN }}/forge-mi/projects/catalog.git
-      for branch in {{ branches.to_delete }}; do
-        echo "delete branch $branch"
-        git push dest --delete $branch -f
-      done
-      for branch in {{ branches.to_push }}; do
-        git switch "$branch"
-        git reset --hard "origin/$branch"
-        git push --set-upstream dest "$branch" -f
-      done
-      for tag in {{ tags.to_delete }}; do
-        echo "delete tag $tag"
-        git push dest --delete $tag -f
-      done
-      for tag in {{ tags.to_push }}; do
-        git checkout 1
-        git push dest $tag -f
-      done
+    - name: synchronize branches
+      when: branches.to_push or branches.to_delete or tags.to_push or tags.to_delete
+      shell: |
+        set -e
+        git clone https://github.com/hexa-forge/gitlab-ci-catalog.git test && cd test || exit 1
+        git remote add dest https://root:{{ gitlab_token }}@{{ GITLAB_DOMAIN }}/{{ projectsRootDir | join('/') }}/catalog.git
+        for branch in {{ branches.to_delete }}; do
+          echo "delete branch $branch"
+          git push dest --delete $branch -f
+        done
+        for branch in {{ branches.to_push }}; do
+          git switch "$branch"
+          git reset --hard "origin/$branch"
+          git push --set-upstream dest "$branch" -f
+        done
+        for tag in {{ tags.to_delete }}; do
+          echo "delete tag $tag"
+          git push dest --delete $tag -f
+        done
+        for tag in {{ tags.to_push }}; do
+          git checkout 1
+          git push dest $tag -f
+        done
 
-  # always:
-  # - name: cleanup repo locally
-  #   shell: rm -rf test
+  always:
+    - name: cleanup repo locally
+      ansible.builtin.file:
+        path: test
+        state: absent
diff --git a/roles/gitlab/tasks/create-group.yaml b/roles/gitlab/tasks/create-group.yaml
@@ -0,0 +1,27 @@
+- name: Set group name
+  set_fact:
+    name: "{{ projectsRootDir[index | int] }}"
+
+- name: "Create group {{ name }}"
+  community.general.gitlab_group:
+    api_url: "https://{{ GITLAB_DOMAIN }}"
+    api_token: "{{ gitlab_token }}"
+    validate_certs: "{{ additionals_ca | ternary(false, true) }}"
+    name: "{{ name }}"
+    parent: "{{ parent }}"
+    subgroup_creation_level: "owner"
+    project_creation_level: "developer"
+    state: present
+
+- name: Update parent group
+  set_fact:
+    index: "{{ index | int + 1 }}"
+
+- name: Update parent group
+  set_fact:
+    parent: "{{ projectsRootDir[0:(index | int)] | join('/') }}"
+
+- name: Include create group
+  include_tasks:
+    file: create-group.yaml
+  when: (index | int) < (projectsRootDir | length)
diff --git a/roles/gitlab/tasks/main.yaml b/roles/gitlab/tasks/main.yaml
@@ -152,35 +152,27 @@
   when: get_settings.json.signup_enabled
   changed_when: true
 
-- name: "Create first level forge-mi directory"
-  community.general.gitlab_group:
-    api_url: "https://{{ GITLAB_DOMAIN }}"
-    api_token: "{{ gitlab_token }}"
-    validate_certs: "{{ additionals_ca | ternary(false, true) }}"
-    name: "forge-mi"
-    subgroup_creation_level: "owner"
-    project_creation_level: "developer"
-    state: present
+- name: Set parent group name
+  set_fact:
+    index: "0"
+    parent: ""
 
-- name: "Create first level forge-mi directory"
-  community.general.gitlab_group:
-    api_url: "https://{{ GITLAB_DOMAIN }}"
-    api_token: "{{ gitlab_token }}"
-    validate_certs: "{{ additionals_ca | ternary(false, true) }}"
-    parent: "forge-mi"
-    name: "projects"
-    subgroup_creation_level: "owner"
-    project_creation_level: "developer"
-    state: present
+- name: Include create group
+  include_tasks:
+    file: create-group.yaml
 
 - name: "Set or update some CI/CD variables"
   community.general.gitlab_group_variable:
     api_url: "https://{{ GITLAB_DOMAIN }}"
     api_token: "{{ gitlab_token }}"
     validate_certs: "{{ additionals_ca | ternary(false, true) }}"
-    group: "forge-mi/projects"
+    group: "{{ projectsRootDir | join('/') }}"
     purge: false
     variables:
+      - name: VAULT_KV
+        value: forge-dso
+      - name: PROJECTS_ROOT_DIR
+        value: "{{ projectsRootDir | join('/') }}"
       - name: "NEXUS_HOST_URL"
         value: "https://{{ NEXUS_DOMAIN }}"
       - name: "NEXUS_HOSTNAME"
@@ -205,7 +197,7 @@
     api_url: "https://{{ GITLAB_DOMAIN }}"
     api_token: "{{ gitlab_token }}"
     validate_certs: "{{ additionals_ca | ternary(false, true) }}"
-    group: "forge-mi/projects"
+    group: "{{ projectsRootDir | join('/') }}"
     purge: false
     state: "{{ USE_PROXY | ternary('present', 'absent') }}"
     variables:

diff --git a/roles/socle-config/files/socle-config.yaml b/roles/socle-config/files/socle-config.yaml
@@ -41,6 +41,9 @@ ingress:
   annotations: {} # map<string>: string
   labels: {} # map<string>: string
 
+projectsRootDir:
+  - forge
+
 # PROXY
 USE_PROXY: false
 PROXY_HOST: "x.x.x.x"

diff --git a/roles/socle-config/tasks/main.yaml b/roles/socle-config/tasks/main.yaml
@@ -54,6 +54,8 @@
 - name: Set GITLAB_DOMAIN fact
   set_fact:
     GITLAB_DOMAIN: "{{ GITLAB_DOMAIN | default('gitlab' + ROOT_DOMAIN) }}"
+  tags:
+    - skip_ansible_lint
 
 - name: Check config model
   assert:

diff --git a/roles/sops/tasks/main.yml b/roles/sops/tasks/main.yml
@@ -19,7 +19,7 @@
   register: age_secret
 
 - name: Generate age keys
-  ansible.builtin.shell:
+  ansible.builtin.command:
     cmd: age-keygen
   register: age_keys
   when: age_secret.resources | length == 0