Merge pull request #104 from mbaldessari/common-automatic-update

common automatic update
validatedpatterns · Jan 15, 2024 · 99f8742 · 99f8742
2 parents 132dea2 + b6f1242
commit 99f8742
Show file tree

Hide file tree

Showing 28 changed files with 1,984 additions and 530 deletions.
diff --git a/common/Makefile b/common/Makefile
@@ -28,7 +28,18 @@ ifneq ("$(wildcard $(UUID_FILE))","")
 	UUID_HELM_OPTS := --set main.analyticsUUID=$(UUID)
 endif
 
-HELM_OPTS=-f values-global.yaml --set main.git.repoURL="$(TARGET_REPO)" --set main.git.revision=$(TARGET_BRANCH) $(TARGET_SITE_OPT) $(UUID_HELM_OPTS) $(EXTRA_HELM_OPTS)
+# Set the secret name *and* its namespace when deploying from private repositories
+# The format of said secret is documented here: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories
+TOKEN_SECRET ?=
+TOKEN_NAMESPACE ?=
+
+ifeq ($(TOKEN_SECRET),)
+  HELM_OPTS=-f values-global.yaml --set main.git.repoURL="$(TARGET_REPO)" --set main.git.revision=$(TARGET_BRANCH) $(TARGET_SITE_OPT) $(UUID_HELM_OPTS) $(EXTRA_HELM_OPTS)
+else
+  # When we are working with a private repository we do not escape the git URL as it might be using an ssh secret which does not use https://
+  TARGET_CLEAN_REPO=$(shell git ls-remote --get-url --symref $(TARGET_ORIGIN))
+  HELM_OPTS=-f values-global.yaml --set main.tokenSecret=$(TOKEN_SECRET) --set main.tokenSecretNamespace=$(TOKEN_NAMESPACE) --set main.git.repoURL="$(TARGET_CLEAN_REPO)" --set main.git.revision=$(TARGET_BRANCH) $(TARGET_SITE_OPT) $(UUID_HELM_OPTS) $(EXTRA_HELM_OPTS)
+endif
 
 
 ##@ Pattern Common Tasks

diff --git a/common/golang-external-secrets/Chart.yaml b/common/golang-external-secrets/Chart.yaml
@@ -6,6 +6,6 @@ name: golang-external-secrets
 version: 0.0.3
 dependencies:
   - name: external-secrets
-    version: "0.9.9"
+    version: "0.9.11"
     repository: "https://charts.external-secrets.io"
     #"https://external-secrets.github.io/kubernetes-external-secrets"
diff --git a/common/golang-external-secrets/charts/external-secrets-0.9.11.tgz b/common/golang-external-secrets/charts/external-secrets-0.9.11.tgz
diff --git a/common/golang-external-secrets/charts/external-secrets-0.9.9.tgz b/common/golang-external-secrets/charts/external-secrets-0.9.9.tgz
diff --git a/common/golang-external-secrets/values.yaml b/common/golang-external-secrets/values.yaml
@@ -27,10 +27,10 @@ clusterGroup:
 
 external-secrets:
   image:
-    tag: v0.9.9-ubi
+    tag: v0.9.11-ubi
   webhook:
     image:
-      tag: v0.9.9-ubi
+      tag: v0.9.11-ubi
   certController:
     image:
-      tag: v0.9.9-ubi
+      tag: v0.9.11-ubi
diff --git a/common/operator-install/templates/pattern.yaml b/common/operator-install/templates/pattern.yaml
@@ -8,6 +8,10 @@ spec:
   gitSpec:
     targetRepo: {{ .Values.main.git.repoURL }}
     targetRevision: {{ .Values.main.git.revision }}
+{{- if and .Values.main.tokenSecret .Values.main.tokenSecretNamespace }}
+    tokenSecret: {{ .Values.main.tokenSecret }}
+    tokenSecretNamespace: {{ .Values.main.tokenSecretNamespace }}
+{{- end }} {{/* if and .Values.main.tokenSecret .Values.main.tokenSecretNamespace */}}
   gitOpsSpec:
     operatorChannel: {{ default "gitops-1.8" .Values.main.gitops.channel }}
     operatorSource: {{ default "redhat-operators" .Values.main.gitops.operatorSource }}

diff --git a/common/operator-install/values.yaml b/common/operator-install/values.yaml
@@ -18,3 +18,8 @@ main:
     source: community-operators
 
   clusterGroupName: default
+
+  # If you are using a private repository define the secret where
+  # credentials to access the private repository are
+  # tokenSecret:
+  # tokenSecretNamespace:
diff --git a/common/scripts/pattern-util.sh b/common/scripts/pattern-util.sh
@@ -1,19 +1,45 @@
 #!/bin/bash
 
+function is_available {
+  command -v $1 >/dev/null 2>&1 || { echo >&2 "$1 is required but it's not installed. Aborting."; exit 1; }
+}
+
+function version {
+    echo "$@" | awk -F. '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }'
+}
+
 if [ -z "$PATTERN_UTILITY_CONTAINER" ]; then
 	PATTERN_UTILITY_CONTAINER="quay.io/hybridcloudpatterns/utility-container"
 fi
 
+readonly commands=(podman)
+for cmd in ${commands[@]}; do is_available "$cmd"; done
+
 UNSUPPORTED_PODMAN_VERSIONS="1.6 1.5"
+PODMAN_VERSION_STR=$(podman --version)
 for i in ${UNSUPPORTED_PODMAN_VERSIONS}; do
 	# We add a space
-	if podman --version | grep -q -E "\b${i}"; then
-		echo "Unsupported podman version. We recommend >= 4.2.0"
+	if echo "${PODMAN_VERSION_STR}" | grep -q -E "\b${i}"; then
+		echo "Unsupported podman version. We recommend > 4.3.0"
 		podman --version
 		exit 1
 	fi
 done
 
+# podman --version outputs:
+# podman version 4.8.2
+PODMAN_VERSION=$(echo "${PODMAN_VERSION_STR}" | awk '{ print $NF }')
+
+# podman < 4.3.0 do not support keep-id:uid=...
+if [ $(version "${PODMAN_VERSION}") -lt $(version "4.3.0") ]; then
+    PODMAN_ARGS="-v ${HOME}:/root"
+else
+    # We do not rely on bash's $UID and $GID because on MacOSX $GID is not set
+    MYUID=$(id -u)
+    MYGID=$(id -g)
+    PODMAN_ARGS="--user ${MYUID}:${MYGID} --userns keep-id:uid=${MYUID},gid=${MYGID}"
+fi
+
 if [ -n "$KUBECONFIG" ]; then
     if [[ ! "${KUBECONFIG}" =~ ^$HOME* ]]; then
         echo "${KUBECONFIG} is pointing outside of the HOME folder, this will make it unavailable from the container."
@@ -25,15 +51,13 @@ fi
 # $HOME is mounted as itself for any files that are referenced with absolute paths
 # $HOME is mounted to /root because the UID in the container is 0 and that's where SSH looks for credentials
 
-# Do not quote the ${KUBECONF_ENV} below, otherwise we will pass '' to podman
-# which will be confused
 podman run -it --rm --pull=newer \
 	--security-opt label=disable \
 	-e EXTRA_HELM_OPTS \
 	-e KUBECONFIG \
 	-v "${HOME}":"${HOME}" \
 	-v "${HOME}":/pattern-home \
-	-v "${HOME}":/root \
+	${PODMAN_ARGS} \
 	-w "$(pwd)" \
 	"$PATTERN_UTILITY_CONTAINER" \
 	$@