platform/manifests
1
1
Fork 0
Code Issues 7 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

fix: remove explicit access token from helm-git urls (take 2)

Browse Source
This commit is contained in:
Jonas Juselius
2025-06-22 09:47:42 +02:00
parent dc9e2f3ae0
commit 490e8d373f
5 changed files with 68 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
helmfile.d/atlantis.yaml.gotmpl
+5 -1
View File
@@ -3,7 +3,11 @@ bases:
repositories: repositories:
- name: oceanbox - name: oceanbox
url: "git+https://gitlab-ci:{{ requiredEnv "CI_JOB_TOKEN" }}@gitlab.com/oceanbox/manifests@charts?ref=main" {{- if env "MANIFESTS_ACCESS_TOKEN" }}
url: "git+https://git:{{ requiredEnv "MANIFESTS_ACCESS_TOKEN" }}@gitlab.com/oceanbox/manifests@charts?ref=main"
{{- else }}
url: "git+https://gitlab.com/oceanbox/manifests@charts?ref=main"
{{- end }}
commonLabels: commonLabels:
tier: system tier: system
helmfile.d/manifests/Chart.yaml
+5
View File
@@ -0,0 +1,5 @@
apiVersion: v1
appVersion: "1.0"
# description: A Helm chart for Kubernetes
name: manifests
version: 0.1.0
helmfile.d/manifests/templates/sorcerer.yaml
+52
View File
@@ -0,0 +1,52 @@
{{ if .Values.clusterConfig.argo.enabled }}
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: {{ .Values.sorcerer.env }}-sorcerer
namespace: argocd
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
namespace: {{ .Values.sorcerer.env }}-sorcerer
server: https://10.255.241.99:4443
project: atlantis
sources:
- repoURL: {{ .Values.clusterConfig.manifests }}
targetRevision: HEAD
path: helmfile.d
plugin:
name: helmfile-cmp
env:
- name: CLUSTER_NAME
value: {{ .Values.clusterConfig.cluster }}
- name: HELMFILE_ENVIRONMENT
value: {{ .Values.sorcerer.env }}
- name: HELMFILE_FILE_PATH
value: sorcerer.yaml.gotmpl
- repoURL: https://charts.bitnami.com/bitnami
targetRevision: 20.1.7
chart: redis
helm:
valueFiles:
- $values/values/sorcerer/values/redis-{{ .Values.sorcerer.env }}.yaml
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
ref: values
ignoreDifferences:
- kind: Secret
name: azure-keyvault
jqPathExpressions:
- '.data'
- '.metadata.labels'
- '.metadata.annotations'
syncPolicy:
syncOptions:
- CreateNamespace=true
- ApplyOutOfSyncOnly=true
# automated:
# prune: true
# selfHeal: false
{{- end }}
helmfile.d/sorcerer.yaml.gotmpl
+5 -1
View File
@@ -3,7 +3,11 @@ bases:
repositories: repositories:
- name: oceanbox - name: oceanbox
url: "git+https://gitlab-ci:{{ requiredEnv "CI_JOB_TOKEN" }}@gitlab.com/oceanbox/manifests@charts?ref=main" {{- if env "MANIFESTS_ACCESS_TOKEN" }}
url: "git+https://git:{{ requiredEnv "MANIFESTS_ACCESS_TOKEN" }}@gitlab.com/oceanbox/manifests@charts?ref=main"
{{- else }}
url: "git+https://gitlab.com/oceanbox/manifests@charts?ref=main"
{{- end }}
commonLabels: commonLabels:
tier: system tier: system
shell.nix
+1 -1
View File
@@ -37,5 +37,5 @@ pkgs.mkShellNoCC {
]; ];
ARGOCD_ENV_CLUSTER_NAME = "oceanbox"; ARGOCD_ENV_CLUSTER_NAME = "oceanbox";
CI_JOB_TOKEN = "glpat-xxx"; MANIFESTS_ACCESS_TOKEN = "glpat-xxx";
} }