diff --git a/.gitignore b/.gitignore index 4d2d165e..df3182ca 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,7 @@ *.tgz _*/ .direnv/ +.env .pre-commit-config.yaml _*.yaml backup/ diff --git a/attic/nix/atlantis.nix b/attic/nix/atlantis.nix index e1c00a11..bff50005 100644 --- a/attic/nix/atlantis.nix +++ b/attic/nix/atlantis.nix @@ -6,39 +6,46 @@ let values = lib.apps.appValues { inherit env; base = ../values/atlantis; - extraValues = {}; + extraValues = { }; }; - kustomize = r: + kustomize = + r: if r.kind == "Deployment" then lib.attrsets.recursiveUpdate r { - spec.template.spec.containers = - builtins.map (x: - x // { + spec.template.spec.containers = builtins.map ( + x: + x + // { livenessProbe.httpGet.path = "/healthz"; readinessProble.httpGet.path = "/healthz"; - env = x.env ++ [ { name = "INERNAL_PORT"; value = 8000; } ]; - }) r.spec.template.spec.containers; + env = x.env ++ [ + { + name = "INERNAL_PORT"; + value = 8000; + } + ]; + } + ) r.spec.template.spec.containers; } - else if r.kind == "Service" then - {} - else r; + else if r.kind == "Service" then + { } + else + r; in { options.apps.atlantis = lib.apps.appOptions { - revision = lib.mkOption { - type = lib.types.str; - default = "main"; - description = "Revision"; - }; + revision = lib.mkOption { + type = lib.types.str; + default = "main"; + description = "Revision"; + }; - hostname = lib.mkOption { - type = lib.types.str; - default = if env == "prod" - then "maps.oceanbox.io" - else "atlantis.beta.oceanbox.io"; - description = "Revision"; - }; + hostname = lib.mkOption { + type = lib.types.str; + default = if env == "prod" then "maps.oceanbox.io" else "atlantis.beta.oceanbox.io"; + description = "Revision"; + }; }; config = lib.apps.appConfig cfg "${env}-atlantis" { diff --git a/attic/nix/openfga.nix b/attic/nix/openfga.nix index d6592ae9..9145bfc7 100644 --- a/attic/nix/openfga.nix +++ b/attic/nix/openfga.nix @@ -6,34 +6,32 @@ let values = lib.apps.appValues { inherit env; base = ../values/openfga; - extraValues = {}; + extraValues = { }; }; - kustomize = r: - if r.kind == "Job" then - lib.attrsets.recursiveUpdate r { spec.backoffLimit = 2; } - else r; + kustomize = + r: if r.kind == "Job" then lib.attrsets.recursiveUpdate r { spec.backoffLimit = 2; } else r; in - { - options.apps.openfga = lib.apps.appOptions {}; +{ + options.apps.openfga = lib.apps.appOptions { }; - config = lib.apps.appConfig cfg "${env}-openfga" { - helm.releases."${env}-openfga" = { - inherit values; - chart = lib.helm.downloadHelmChart { - repo = "https://openfga.github.io/helm-charts"; - chart = "openfga"; - version = "0.2.12"; - chartHash = "sha256-7yLcw9/oNPvCePrtTJwKAG88t0Ym5Dl/S83Gz+gQdDU="; - }; - transformer = rs: builtins.map (x: kustomize x) rs; - }; - - annotations = {}; - resources = { - services.poop.spec = { - }; - }; + config = lib.apps.appConfig cfg "${env}-openfga" { + helm.releases."${env}-openfga" = { + inherit values; + chart = lib.helm.downloadHelmChart { + repo = "https://openfga.github.io/helm-charts"; + chart = "openfga"; + version = "0.2.12"; + chartHash = "sha256-7yLcw9/oNPvCePrtTJwKAG88t0Ym5Dl/S83Gz+gQdDU="; }; - } + transformer = rs: builtins.map (x: kustomize x) rs; + }; + + annotations = { }; + resources = { + services.poop.spec = { + }; + }; + }; +} diff --git a/attic/templates/kyverno.yaml b/attic/templates/kyverno.yaml index ca1ba2fe..d9ff0aed 100644 --- a/attic/templates/kyverno.yaml +++ b/attic/templates/kyverno.yaml @@ -46,19 +46,19 @@ spec: {{ end }} cleanupController: resources: - limits: + limits: memory: {{ .Values.kyverno.resources.cleanupController.memory }} requests: memory: {{ .Values.kyverno.resources.cleanupController.memory }} reportsController: resources: - limits: + limits: memory: {{ .Values.kyverno.resources.reportsController.memory }} requests: memory: {{ .Values.kyverno.resources.reportsController.memory }} backgroundController: resources: - limits: + limits: memory: {{ .Values.kyverno.resources.backgroundController.memory }} requests: memory: {{ .Values.kyverno.resources.backgroundController.memory }} diff --git a/attic/templates/linkerd.yaml b/attic/templates/linkerd.yaml index 39117348..0883b036 100644 --- a/attic/templates/linkerd.yaml +++ b/attic/templates/linkerd.yaml @@ -27,17 +27,17 @@ spec: scheme: {{ .Values.linkerd.secretScheme }} {{- if .Values.linkerd.identityIssuerPEM }} tls: - crtPEM: {{- .Values.linkerd.identityIssuerPEM | toYaml | indent 14 }} + crtPEM: {{- .Values.linkerd.identityIssuerPEM | toYaml | indent 14 }} {{- end }} policyValidator: externalSecret: true - caBundle: {{- .Values.linkerd.webhookPEM | toYaml | indent 9 }} + caBundle: {{- .Values.linkerd.webhookPEM | toYaml | indent 9 }} proxyInjector: externalSecret: true - caBundle: {{- .Values.linkerd.webhookPEM | toYaml | indent 9 }} + caBundle: {{- .Values.linkerd.webhookPEM | toYaml | indent 9 }} profileValidator: externalSecret: true - caBundle: {{- .Values.linkerd.webhookPEM | toYaml | indent 9 }} + caBundle: {{- .Values.linkerd.webhookPEM | toYaml | indent 9 }} project: sys syncPolicy: diff --git a/attic/templates/metricserver.yaml b/attic/templates/metricserver.yaml index e3068402..6c8e55e5 100644 --- a/attic/templates/metricserver.yaml +++ b/attic/templates/metricserver.yaml @@ -16,7 +16,7 @@ spec: helm: values: | containerPort: 10250 - resources: + resources: requests: cpu: 100m memory: 200Mi diff --git a/attic/templates/otel-collector.yaml b/attic/templates/otel-collector.yaml index c80353d0..a3279bc8 100644 --- a/attic/templates/otel-collector.yaml +++ b/attic/templates/otel-collector.yaml @@ -53,7 +53,7 @@ spec: endpoint: "tempo.tempo.svc:4317" tls: insecure: true - ## + ## otlphttp/metrics: endpoint: http://prom-prometheus.prometheus:9090/api/v1/otlp tls: diff --git a/attic/templates/policies/generate-external-admin-rolebinding.yaml b/attic/templates/policies/generate-external-admin-rolebinding.yaml index ba446a44..347ad848 100644 --- a/attic/templates/policies/generate-external-admin-rolebinding.yaml +++ b/attic/templates/policies/generate-external-admin-rolebinding.yaml @@ -12,8 +12,8 @@ metadata: policies.kyverno.io/minversion: 1.7.0 kyverno.io/kubernetes-version: "1.23" policies.kyverno.io/description: >- - Customers should not have full admin permissions on their own namespaces. - This policy will generate a RoleBinding, binding their group_id to + Customers should not have full admin permissions on their own namespaces. + This policy will generate a RoleBinding, binding their group_id to the Cluster-Admin clusterrole. This will still only apply to the namespace as the resource is a rolebinding, not clusterrolebinding. This policy should not trigger on any namespaces with label component=sys diff --git a/attic/templates/policies/prometheus-add-folder-to-default-dashboards.yaml b/attic/templates/policies/prometheus-add-folder-to-default-dashboards.yaml index 0bb56a35..c2be4190 100644 --- a/attic/templates/policies/prometheus-add-folder-to-default-dashboards.yaml +++ b/attic/templates/policies/prometheus-add-folder-to-default-dashboards.yaml @@ -24,7 +24,7 @@ spec: grafana_folder: Prometheus-stack targets: - apiVersion: v1 - kind: ConfigMap + kind: ConfigMap name: "{{`{{ request.object.metadata.name }}`}}" name: generate-dashboard-folder-annotation skipBackgroundRequests: true diff --git a/attic/templates/policies/sync-regcred.yaml b/attic/templates/policies/sync-regcred.yaml index 2ee8df33..759f0365 100644 --- a/attic/templates/policies/sync-regcred.yaml +++ b/attic/templates/policies/sync-regcred.yaml @@ -13,7 +13,7 @@ metadata: is time consuming and error prone. This policy will copy a Secret called `regcred` which exists in the `default` Namespace to new Namespaces when they are created. It will also push updates to - the copied Secrets should the source Secret be changed. + the copied Secrets should the source Secret be changed. spec: rules: - name: sync-image-pull-secret diff --git a/attic/templates/policies/whitelist-internal-ingresses.yaml b/attic/templates/policies/whitelist-internal-ingresses.yaml index 289f30de..f9a687f9 100644 --- a/attic/templates/policies/whitelist-internal-ingresses.yaml +++ b/attic/templates/policies/whitelist-internal-ingresses.yaml @@ -9,12 +9,12 @@ metadata: policies.kyverno.io/severity: medium policies.kyverno.io/subject: Ingress policies.kyverno.io/description: >- - Ingresses with the label "internal=true" should be whitelisted. - If no whitelist exists, add the default values, otherwise append + Ingresses with the label "internal=true" should be whitelisted. + If no whitelist exists, add the default values, otherwise append whitelist to the already existing ones spec: mutateExistingOnPolicyUpdate: false - #precondition: has whitelist annotation or + #precondition: has whitelist annotation or rules: - name: ensure-nginx-whitelist-exists match: diff --git a/attic/templates/resources/dashboards/rabbitmq.yaml b/attic/templates/resources/dashboards/rabbitmq.yaml index 2eea718c..517da704 100644 --- a/attic/templates/resources/dashboards/rabbitmq.yaml +++ b/attic/templates/resources/dashboards/rabbitmq.yaml @@ -32,7 +32,7 @@ data: } ], "__elements":{ - + }, "__requires":[ { @@ -70,7 +70,7 @@ data: "limit":100, "matchAny":false, "tags":[ - + ], "type":"dashboard" }, @@ -83,7 +83,7 @@ data: "graphTooltip":0, "id":null, "links":[ - + ], "liveNow":false, "panels":[ @@ -130,7 +130,7 @@ data: } }, "mappings":[ - + ], "thresholds":{ "mode":"absolute", @@ -195,7 +195,7 @@ data: "options":{ "legend":{ "calcs":[ - + ], "displayMode":"list", "placement":"bottom", @@ -255,7 +255,7 @@ data: "multi":false, "name":"DS_PROMETHEUS", "options":[ - + ], "query":"prometheus", "refresh":1, @@ -266,7 +266,7 @@ data: }, { "current":{ - + }, "datasource":{ "type":"prometheus", @@ -279,7 +279,7 @@ data: "multi":false, "name":"namespace", "options":[ - + ], "query":{ "query":"label_values(rabbitmq_identity_info, namespace)", @@ -296,7 +296,7 @@ data: }, { "current":{ - + }, "datasource":{ "type":"prometheus", @@ -309,7 +309,7 @@ data: "multi":false, "name":"rabbitmq_cluster", "options":[ - + ], "query":{ "query":"label_values(rabbitmq_identity_info{namespace=\"$namespace\"}, rabbitmq_cluster)", @@ -326,7 +326,7 @@ data: }, { "current":{ - + }, "datasource":{ "type":"prometheus", @@ -339,7 +339,7 @@ data: "multi":false, "name":"queue", "options":[ - + ], "query":{ "query":"query_result(rabbitmq_detailed_queue_messages{namespace=\"$namespace\"} * on (instance, job) group_left(rabbitmq_cluster) rabbitmq_identity_info{namespace=\"$namespace\", rabbitmq_cluster=\"$rabbitmq_cluster\"})", @@ -361,7 +361,7 @@ data: "to":"now" }, "timepicker":{ - + }, "timezone":"", "title":"RabbitMQ-Queue", diff --git a/attic/templates/resources/kube-proxy-rbac.yaml b/attic/templates/resources/kube-proxy-rbac.yaml index 0b53b301..a695d238 100644 --- a/attic/templates/resources/kube-proxy-rbac.yaml +++ b/attic/templates/resources/kube-proxy-rbac.yaml @@ -37,7 +37,7 @@ rules: resources: - events verbs: ["*"] - + - nonResourceURLs: ["*"] verbs: ["*"] - apiGroups: diff --git a/attic/templates/resources/pre-cert-manager.yaml b/attic/templates/resources/pre-cert-manager.yaml index a022015b..e7b7dae8 100644 --- a/attic/templates/resources/pre-cert-manager.yaml +++ b/attic/templates/resources/pre-cert-manager.yaml @@ -139,8 +139,8 @@ spec: resources: {} securityContext: allowPrivilegeEscalation: false - command: - - "/bin/sh" + command: + - "/bin/sh" - -c - /tmp/renew-certs/renew-certs.sh volumeMounts: @@ -216,7 +216,7 @@ metadata: name: default-deny-egress namespace: cert-manager spec: - podSelector: + podSelector: matchLabels: block-egress: "true" policyTypes: diff --git a/attic/templates/resources/pre-gitlab-runner.yaml b/attic/templates/resources/pre-gitlab-runner.yaml index 0a1b22f6..75899d35 100644 --- a/attic/templates/resources/pre-gitlab-runner.yaml +++ b/attic/templates/resources/pre-gitlab-runner.yaml @@ -42,8 +42,8 @@ spec: resources: {} securityContext: allowPrivilegeEscalation: false - command: - - "/bin/sh" + command: + - "/bin/sh" - -c - /tmp/renew-certs/renew-certs.sh volumeMounts: @@ -119,7 +119,7 @@ metadata: name: default-deny-egress namespace: gitlab spec: - podSelector: + podSelector: matchLabels: block-egress: "true" policyTypes: diff --git a/attic/values/dex/templates/.vscode/launch.json b/attic/values/dex/templates/.vscode/launch.json index 36ad4e7b..4a1114bc 100644 --- a/attic/values/dex/templates/.vscode/launch.json +++ b/attic/values/dex/templates/.vscode/launch.json @@ -1,7 +1,4 @@ { - // Use IntelliSense to learn about possible attributes. - // Hover to view descriptions of existing attributes. - // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387 "version": "0.2.0", "configurations": [ { diff --git a/attic/values/dex/templates/README.md b/attic/values/dex/templates/README.md index 677006f1..3b10694d 100644 --- a/attic/values/dex/templates/README.md +++ b/attic/values/dex/templates/README.md @@ -1,4 +1,4 @@ -# Oceanbox IdP +# Oceanbox IdP ``` npm install && npm start diff --git a/attic/values/dex/templates/deploy.sh b/attic/values/dex/templates/deploy.sh index 0a1ea077..0815eba1 100755 --- a/attic/values/dex/templates/deploy.sh +++ b/attic/values/dex/templates/deploy.sh @@ -2,16 +2,16 @@ server="root@fs1-0" path="/vol/brick0/nfs0/k1/pv-oceanbox-dex" -dest="$server:$path" +dest="${server}:${path}" index=$(basename dist/assets/index-*.js) -ssh $server -- rm $path/static/js/*.js -scp dist/assets/*.js $dest/static/js/ +ssh "${server}" -- rm "${path}"/static/js/*.js +scp dist/assets/*.js "${dest}"/static/js/ -sed -r "s/@index@/$index/" ./dex/templates/login.html > login.html.$$ -scp ./dex/templates/* $dest/templates/ -scp ./dex/static/*.* $dest/static/ -scp login.html.$$ $dest/templates/login.html +sed -r "s/@index@/${index}/" ./dex/templates/login.html > login.html.$$ +scp ./dex/templates/* "${dest}"/templates/ +scp ./dex/static/*.* "${dest}"/static/ +scp login.html.$$ "${dest}"/templates/login.html rm login.html.$$ ssh admin@k1-0.itpartner.intern -- kubectl rollout restart -n oceanbox deployment/dex diff --git a/attic/values/dex/templates/dex/static/js/vendor.86e21c29.js b/attic/values/dex/templates/dex/static/js/vendor.86e21c29.js index e7f1cb0f..ad5c81cb 100644 --- a/attic/values/dex/templates/dex/static/js/vendor.86e21c29.js +++ b/attic/values/dex/templates/dex/static/js/vendor.86e21c29.js @@ -1,7 +1,7 @@ -var Xt=Object.defineProperty,Ze=Object.defineProperties,Je=Object.getOwnPropertyDescriptor,Ye=Object.getOwnPropertyDescriptors,Qt=Object.getOwnPropertySymbols,Ge=Object.prototype.hasOwnProperty,Xe=Object.prototype.propertyIsEnumerable,te=(t,e,r)=>e in t?Xt(t,e,{enumerable:!0,configurable:!0,writable:!0,value:r}):t[e]=r,N=(t,e)=>{for(var r in e||(e={}))Ge.call(e,r)&&te(t,r,e[r]);if(Qt)for(var r of Qt(e))Xe.call(e,r)&&te(t,r,e[r]);return t},$t=(t,e)=>Ze(t,Ye(e)),a=(t,e,r,o)=>{for(var i=o>1?void 0:o?Je(e,r):e,s=t.length-1,n;s>=0;s--)(n=t[s])&&(i=(o?n(e,r,i):n(i))||i);return o&&i&&Xt(e,r,i),i},W=new WeakMap,ee=new WeakMap,K=new WeakMap,re=class{constructor(t,e){(this.host=t).addController(this),this.options=N({form:r=>r.closest("form"),name:r=>r.name,value:r=>r.value,defaultValue:r=>r.defaultValue,disabled:r=>{var o;return(o=r.disabled)!=null?o:!1},reportValidity:r=>typeof r.reportValidity=="function"?r.reportValidity():!0,setValue:(r,o)=>r.value=o},e),this.handleFormData=this.handleFormData.bind(this),this.handleFormSubmit=this.handleFormSubmit.bind(this),this.handleFormReset=this.handleFormReset.bind(this),this.reportFormValidity=this.reportFormValidity.bind(this),this.handleUserInput=this.handleUserInput.bind(this)}hostConnected(){this.form=this.options.form(this.host),this.form&&(W.has(this.form)?W.get(this.form).add(this.host):W.set(this.form,new Set([this.host])),this.form.addEventListener("formdata",this.handleFormData),this.form.addEventListener("submit",this.handleFormSubmit),this.form.addEventListener("reset",this.handleFormReset),K.has(this.form)||(K.set(this.form,this.form.reportValidity),this.form.reportValidity=()=>this.reportFormValidity())),this.host.addEventListener("sl-input",this.handleUserInput)}hostDisconnected(){var t;this.form&&((t=W.get(this.form))==null||t.delete(this.host),this.form.removeEventListener("formdata",this.handleFormData),this.form.removeEventListener("submit",this.handleFormSubmit),this.form.removeEventListener("reset",this.handleFormReset),K.has(this.form)&&(this.form.reportValidity=K.get(this.form),K.delete(this.form)),this.form=void 0),this.host.removeEventListener("sl-input",this.handleUserInput)}hostUpdated(){var t;const e=this.host,r=Boolean(ee.get(e)),o=Boolean(e.invalid),i=Boolean(e.required);((t=this.form)==null?void 0:t.noValidate)?(e.removeAttribute("data-required"),e.removeAttribute("data-optional"),e.removeAttribute("data-invalid"),e.removeAttribute("data-valid"),e.removeAttribute("data-user-invalid"),e.removeAttribute("data-user-valid")):(e.toggleAttribute("data-required",i),e.toggleAttribute("data-optional",!i),e.toggleAttribute("data-invalid",o),e.toggleAttribute("data-valid",!o),e.toggleAttribute("data-user-invalid",o&&r),e.toggleAttribute("data-user-valid",!o&&r))}handleFormData(t){const e=this.options.disabled(this.host),r=this.options.name(this.host),o=this.options.value(this.host),i=this.host.tagName.toLowerCase()==="sl-button";!e&&!i&&typeof r=="string"&&r.length>0&&typeof o!="undefined"&&(Array.isArray(o)?o.forEach(s=>{t.formData.append(r,s.toString())}):t.formData.append(r,o.toString()))}handleFormSubmit(t){var e;const r=this.options.disabled(this.host),o=this.options.reportValidity;this.form&&!this.form.noValidate&&((e=W.get(this.form))==null||e.forEach(i=>{this.setUserInteracted(i,!0)})),this.form&&!this.form.noValidate&&!r&&!o(this.host)&&(t.preventDefault(),t.stopImmediatePropagation())}handleFormReset(){this.options.setValue(this.host,this.options.defaultValue(this.host)),this.setUserInteracted(this.host,!1)}async handleUserInput(){await this.host.updateComplete,this.setUserInteracted(this.host,!0)}reportFormValidity(){if(this.form&&!this.form.noValidate){const t=this.form.querySelectorAll("*");for(const e of t)if(typeof e.reportValidity=="function"&&!e.reportValidity())return!1}return!0}setUserInteracted(t,e){ee.set(t,e),t.requestUpdate()}doAction(t,e){if(this.form){const r=document.createElement("button");r.type=t,r.style.position="absolute",r.style.width="0",r.style.height="0",r.style.clipPath="inset(50%)",r.style.overflow="hidden",r.style.whiteSpace="nowrap",e&&(r.name=e.name,r.value=e.value,["formaction","formenctype","formmethod","formnovalidate","formtarget"].forEach(o=>{e.hasAttribute(o)&&r.setAttribute(o,e.getAttribute(o))})),this.form.append(r),r.click(),r.remove()}}reset(t){this.doAction("reset",t)}submit(t){this.doAction("submit",t)}},ut=window,wt=ut.ShadowRoot&&(ut.ShadyCSS===void 0||ut.ShadyCSS.nativeShadow)&&"adoptedStyleSheets"in Document.prototype&&"replace"in CSSStyleSheet.prototype,At=Symbol(),oe=new WeakMap,ie=class{constructor(t,e,r){if(this._$cssResult$=!0,r!==At)throw Error("CSSResult is not constructable. Use `unsafeCSS` or `css` instead.");this.cssText=t,this.t=e}get styleSheet(){let t=this.o;const e=this.t;if(wt&&t===void 0){const r=e!==void 0&&e.length===1;r&&(t=oe.get(e)),t===void 0&&((this.o=t=new CSSStyleSheet).replaceSync(this.cssText),r&&oe.set(e,t))}return t}toString(){return this.cssText}},Qe=t=>new ie(typeof t=="string"?t:t+"",void 0,At),T=(t,...e)=>{const r=t.length===1?t[0]:e.reduce((o,i,s)=>o+(n=>{if(n._$cssResult$===!0)return n.cssText;if(typeof n=="number")return n;throw Error("Value passed to 'css' function must be a 'css' function result: "+n+". Use 'unsafeCSS' to pass non-literal values, but take care to ensure page security.")})(i)+t[s+1],t[0]);return new ie(r,t,At)},tr=(t,e)=>{wt?t.adoptedStyleSheets=e.map(r=>r instanceof CSSStyleSheet?r:r.styleSheet):e.forEach(r=>{const o=document.createElement("style"),i=ut.litNonce;i!==void 0&&o.setAttribute("nonce",i),o.textContent=r.cssText,t.appendChild(o)})},se=wt?t=>t:t=>t instanceof CSSStyleSheet?(e=>{let r="";for(const o of e.cssRules)r+=o.cssText;return Qe(r)})(t):t,xt,dt=window,ne=dt.trustedTypes,er=ne?ne.emptyScript:"",le=dt.reactiveElementPolyfillSupport,Z={toAttribute(t,e){switch(e){case Boolean:t=t?er:null;break;case Object:case Array:t=t==null?t:JSON.stringify(t)}return t},fromAttribute(t,e){let r=t;switch(e){case Boolean:r=t!==null;break;case Number:r=t===null?null:Number(t);break;case Object:case Array:try{r=JSON.parse(t)}catch(o){r=null}}return r}},ae=(t,e)=>e!==t&&(e==e||t==t),Et={attribute:!0,type:String,converter:Z,reflect:!1,hasChanged:ae},O=class extends HTMLElement{constructor(){super(),this._$Ei=new Map,this.isUpdatePending=!1,this.hasUpdated=!1,this._$El=null,this.u()}static addInitializer(t){var e;this.finalize(),((e=this.h)!==null&&e!==void 0?e:this.h=[]).push(t)}static get observedAttributes(){this.finalize();const t=[];return this.elementProperties.forEach((e,r)=>{const o=this._$Ep(r,e);o!==void 0&&(this._$Ev.set(o,r),t.push(o))}),t}static createProperty(t,e=Et){if(e.state&&(e.attribute=!1),this.finalize(),this.elementProperties.set(t,e),!e.noAccessor&&!this.prototype.hasOwnProperty(t)){const r=typeof t=="symbol"?Symbol():"__"+t,o=this.getPropertyDescriptor(t,r,e);o!==void 0&&Object.defineProperty(this.prototype,t,o)}}static getPropertyDescriptor(t,e,r){return{get(){return this[e]},set(o){const i=this[t];this[e]=o,this.requestUpdate(t,i,r)},configurable:!0,enumerable:!0}}static getPropertyOptions(t){return this.elementProperties.get(t)||Et}static finalize(){if(this.hasOwnProperty("finalized"))return!1;this.finalized=!0;const t=Object.getPrototypeOf(this);if(t.finalize(),t.h!==void 0&&(this.h=[...t.h]),this.elementProperties=new Map(t.elementProperties),this._$Ev=new Map,this.hasOwnProperty("properties")){const e=this.properties,r=[...Object.getOwnPropertyNames(e),...Object.getOwnPropertySymbols(e)];for(const o of r)this.createProperty(o,e[o])}return this.elementStyles=this.finalizeStyles(this.styles),!0}static finalizeStyles(t){const e=[];if(Array.isArray(t)){const r=new Set(t.flat(1/0).reverse());for(const o of r)e.unshift(se(o))}else t!==void 0&&e.push(se(t));return e}static _$Ep(t,e){const r=e.attribute;return r===!1?void 0:typeof r=="string"?r:typeof t=="string"?t.toLowerCase():void 0}u(){var t;this._$E_=new Promise(e=>this.enableUpdating=e),this._$AL=new Map,this._$Eg(),this.requestUpdate(),(t=this.constructor.h)===null||t===void 0||t.forEach(e=>e(this))}addController(t){var e,r;((e=this._$ES)!==null&&e!==void 0?e:this._$ES=[]).push(t),this.renderRoot!==void 0&&this.isConnected&&((r=t.hostConnected)===null||r===void 0||r.call(t))}removeController(t){var e;(e=this._$ES)===null||e===void 0||e.splice(this._$ES.indexOf(t)>>>0,1)}_$Eg(){this.constructor.elementProperties.forEach((t,e)=>{this.hasOwnProperty(e)&&(this._$Ei.set(e,this[e]),delete this[e])})}createRenderRoot(){var t;const e=(t=this.shadowRoot)!==null&&t!==void 0?t:this.attachShadow(this.constructor.shadowRootOptions);return tr(e,this.constructor.elementStyles),e}connectedCallback(){var t;this.renderRoot===void 0&&(this.renderRoot=this.createRenderRoot()),this.enableUpdating(!0),(t=this._$ES)===null||t===void 0||t.forEach(e=>{var r;return(r=e.hostConnected)===null||r===void 0?void 0:r.call(e)})}enableUpdating(t){}disconnectedCallback(){var t;(t=this._$ES)===null||t===void 0||t.forEach(e=>{var r;return(r=e.hostDisconnected)===null||r===void 0?void 0:r.call(e)})}attributeChangedCallback(t,e,r){this._$AK(t,r)}_$EO(t,e,r=Et){var o;const i=this.constructor._$Ep(t,r);if(i!==void 0&&r.reflect===!0){const s=(((o=r.converter)===null||o===void 0?void 0:o.toAttribute)!==void 0?r.converter:Z).toAttribute(e,r.type);this._$El=t,s==null?this.removeAttribute(i):this.setAttribute(i,s),this._$El=null}}_$AK(t,e){var r;const o=this.constructor,i=o._$Ev.get(t);if(i!==void 0&&this._$El!==i){const s=o.getPropertyOptions(i),n=typeof s.converter=="function"?{fromAttribute:s.converter}:((r=s.converter)===null||r===void 0?void 0:r.fromAttribute)!==void 0?s.converter:Z;this._$El=i,this[i]=n.fromAttribute(e,s.type),this._$El=null}}requestUpdate(t,e,r){let o=!0;t!==void 0&&(((r=r||this.constructor.getPropertyOptions(t)).hasChanged||ae)(this[t],e)?(this._$AL.has(t)||this._$AL.set(t,e),r.reflect===!0&&this._$El!==t&&(this._$EC===void 0&&(this._$EC=new Map),this._$EC.set(t,r))):o=!1),!this.isUpdatePending&&o&&(this._$E_=this._$Ej())}async _$Ej(){this.isUpdatePending=!0;try{await this._$E_}catch(e){Promise.reject(e)}const t=this.scheduleUpdate();return t!=null&&await t,!this.isUpdatePending}scheduleUpdate(){return this.performUpdate()}performUpdate(){var t;if(!this.isUpdatePending)return;this.hasUpdated,this._$Ei&&(this._$Ei.forEach((o,i)=>this[i]=o),this._$Ei=void 0);let e=!1;const r=this._$AL;try{e=this.shouldUpdate(r),e?(this.willUpdate(r),(t=this._$ES)===null||t===void 0||t.forEach(o=>{var i;return(i=o.hostUpdate)===null||i===void 0?void 0:i.call(o)}),this.update(r)):this._$Ek()}catch(o){throw e=!1,this._$Ek(),o}e&&this._$AE(r)}willUpdate(t){}_$AE(t){var e;(e=this._$ES)===null||e===void 0||e.forEach(r=>{var o;return(o=r.hostUpdated)===null||o===void 0?void 0:o.call(r)}),this.hasUpdated||(this.hasUpdated=!0,this.firstUpdated(t)),this.updated(t)}_$Ek(){this._$AL=new Map,this.isUpdatePending=!1}get updateComplete(){return this.getUpdateComplete()}getUpdateComplete(){return this._$E_}shouldUpdate(t){return!0}update(t){this._$EC!==void 0&&(this._$EC.forEach((e,r)=>this._$EO(r,this[r],e)),this._$EC=void 0),this._$Ek()}updated(t){}firstUpdated(t){}};O.finalized=!0,O.elementProperties=new Map,O.elementStyles=[],O.shadowRootOptions={mode:"open"},le==null||le({ReactiveElement:O}),((xt=dt.reactiveElementVersions)!==null&&xt!==void 0?xt:dt.reactiveElementVersions=[]).push("1.4.2");var St,ct=window,L=ct.trustedTypes,ue=L?L.createPolicy("lit-html",{createHTML:t=>t}):void 0,E=`lit$${(Math.random()+"").slice(9)}$`,de="?"+E,rr=`<${de}>`,M=document,J=(t="")=>M.createComment(t),Y=t=>t===null||typeof t!="object"&&typeof t!="function",ce=Array.isArray,or=t=>ce(t)||typeof(t==null?void 0:t[Symbol.iterator])=="function",G=/<(?:(!--|\/[^a-zA-Z])|(\/?[a-zA-Z][^>\s]*)|(\/?$))/g,he=/-->/g,pe=/>/g,z=RegExp(`>|[ -\f\r](?:([^\\s"'>=/]+)([ -\f\r]*=[ -\f\r]*(?:[^ +var Xt=Object.defineProperty,Ze=Object.defineProperties,Je=Object.getOwnPropertyDescriptor,Ye=Object.getOwnPropertyDescriptors,Qt=Object.getOwnPropertySymbols,Ge=Object.prototype.hasOwnProperty,Xe=Object.prototype.propertyIsEnumerable,te=(t,e,r)=>e in t?Xt(t,e,{enumerable:!0,configurable:!0,writable:!0,value:r}):t[e]=r,N=(t,e)=>{for(var r in e||(e={}))Ge.call(e,r)&&te(t,r,e[r]);if(Qt)for(var r of Qt(e))Xe.call(e,r)&&te(t,r,e[r]);return t},$t=(t,e)=>Ze(t,Ye(e)),a=(t,e,r,o)=>{for(var i=o>1?void 0:o?Je(e,r):e,s=t.length-1,n;s>=0;s--)(n=t[s])&&(i=(o?n(e,r,i):n(i))||i);return o&&i&&Xt(e,r,i),i},W=new WeakMap,ee=new WeakMap,K=new WeakMap,re=class{constructor(t,e){(this.host=t).addController(this),this.options=N({form:r=>r.closest("form"),name:r=>r.name,value:r=>r.value,defaultValue:r=>r.defaultValue,disabled:r=>{var o;return(o=r.disabled)!=null?o:!1},reportValidity:r=>typeof r.reportValidity=="function"?r.reportValidity():!0,setValue:(r,o)=>r.value=o},e),this.handleFormData=this.handleFormData.bind(this),this.handleFormSubmit=this.handleFormSubmit.bind(this),this.handleFormReset=this.handleFormReset.bind(this),this.reportFormValidity=this.reportFormValidity.bind(this),this.handleUserInput=this.handleUserInput.bind(this)}hostConnected(){this.form=this.options.form(this.host),this.form&&(W.has(this.form)?W.get(this.form).add(this.host):W.set(this.form,new Set([this.host])),this.form.addEventListener("formdata",this.handleFormData),this.form.addEventListener("submit",this.handleFormSubmit),this.form.addEventListener("reset",this.handleFormReset),K.has(this.form)||(K.set(this.form,this.form.reportValidity),this.form.reportValidity=()=>this.reportFormValidity())),this.host.addEventListener("sl-input",this.handleUserInput)}hostDisconnected(){var t;this.form&&((t=W.get(this.form))==null||t.delete(this.host),this.form.removeEventListener("formdata",this.handleFormData),this.form.removeEventListener("submit",this.handleFormSubmit),this.form.removeEventListener("reset",this.handleFormReset),K.has(this.form)&&(this.form.reportValidity=K.get(this.form),K.delete(this.form)),this.form=void 0),this.host.removeEventListener("sl-input",this.handleUserInput)}hostUpdated(){var t;const e=this.host,r=Boolean(ee.get(e)),o=Boolean(e.invalid),i=Boolean(e.required);((t=this.form)==null?void 0:t.noValidate)?(e.removeAttribute("data-required"),e.removeAttribute("data-optional"),e.removeAttribute("data-invalid"),e.removeAttribute("data-valid"),e.removeAttribute("data-user-invalid"),e.removeAttribute("data-user-valid")):(e.toggleAttribute("data-required",i),e.toggleAttribute("data-optional",!i),e.toggleAttribute("data-invalid",o),e.toggleAttribute("data-valid",!o),e.toggleAttribute("data-user-invalid",o&&r),e.toggleAttribute("data-user-valid",!o&&r))}handleFormData(t){const e=this.options.disabled(this.host),r=this.options.name(this.host),o=this.options.value(this.host),i=this.host.tagName.toLowerCase()==="sl-button";!e&&!i&&typeof r=="string"&&r.length>0&&typeof o!="undefined"&&(Array.isArray(o)?o.forEach(s=>{t.formData.append(r,s.toString())}):t.formData.append(r,o.toString()))}handleFormSubmit(t){var e;const r=this.options.disabled(this.host),o=this.options.reportValidity;this.form&&!this.form.noValidate&&((e=W.get(this.form))==null||e.forEach(i=>{this.setUserInteracted(i,!0)})),this.form&&!this.form.noValidate&&!r&&!o(this.host)&&(t.preventDefault(),t.stopImmediatePropagation())}handleFormReset(){this.options.setValue(this.host,this.options.defaultValue(this.host)),this.setUserInteracted(this.host,!1)}async handleUserInput(){await this.host.updateComplete,this.setUserInteracted(this.host,!0)}reportFormValidity(){if(this.form&&!this.form.noValidate){const t=this.form.querySelectorAll("*");for(const e of t)if(typeof e.reportValidity=="function"&&!e.reportValidity())return!1}return!0}setUserInteracted(t,e){ee.set(t,e),t.requestUpdate()}doAction(t,e){if(this.form){const r=document.createElement("button");r.type=t,r.style.position="absolute",r.style.width="0",r.style.height="0",r.style.clipPath="inset(50%)",r.style.overflow="hidden",r.style.whiteSpace="nowrap",e&&(r.name=e.name,r.value=e.value,["formaction","formenctype","formmethod","formnovalidate","formtarget"].forEach(o=>{e.hasAttribute(o)&&r.setAttribute(o,e.getAttribute(o))})),this.form.append(r),r.click(),r.remove()}}reset(t){this.doAction("reset",t)}submit(t){this.doAction("submit",t)}},ut=window,wt=ut.ShadowRoot&&(ut.ShadyCSS===void 0||ut.ShadyCSS.nativeShadow)&&"adoptedStyleSheets"in Document.prototype&&"replace"in CSSStyleSheet.prototype,At=Symbol(),oe=new WeakMap,ie=class{constructor(t,e,r){if(this._$cssResult$=!0,r!==At)throw Error("CSSResult is not constructable. Use `unsafeCSS` or `css` instead.");this.cssText=t,this.t=e}get styleSheet(){let t=this.o;const e=this.t;if(wt&&t===void 0){const r=e!==void 0&&e.length===1;r&&(t=oe.get(e)),t===void 0&&((this.o=t=new CSSStyleSheet).replaceSync(this.cssText),r&&oe.set(e,t))}return t}toString(){return this.cssText}},Qe=t=>new ie(typeof t=="string"?t:t+"",void 0,At),T=(t,...e)=>{const r=t.length===1?t[0]:e.reduce((o,i,s)=>o+(n=>{if(n._$cssResult$===!0)return n.cssText;if(typeof n=="number")return n;throw Error("Value passed to 'css' function must be a 'css' function result: "+n+". Use 'unsafeCSS' to pass non-literal values, but take care to ensure page security.")})(i)+t[s+1],t[0]);return new ie(r,t,At)},tr=(t,e)=>{wt?t.adoptedStyleSheets=e.map(r=>r instanceof CSSStyleSheet?r:r.styleSheet):e.forEach(r=>{const o=document.createElement("style"),i=ut.litNonce;i!==void 0&&o.setAttribute("nonce",i),o.textContent=r.cssText,t.appendChild(o)})},se=wt?t=>t:t=>t instanceof CSSStyleSheet?(e=>{let r="";for(const o of e.cssRules)r+=o.cssText;return Qe(r)})(t):t,xt,dt=window,ne=dt.trustedTypes,er=ne?ne.emptyScript:"",le=dt.reactiveElementPolyfillSupport,Z={toAttribute(t,e){switch(e){case Boolean:t=t?er:null;break;case Object:case Array:t=t==null?t:JSON.stringify(t)}return t},fromAttribute(t,e){let r=t;switch(e){case Boolean:r=t!==null;break;case Number:r=t===null?null:Number(t);break;case Object:case Array:try{r=JSON.parse(t)}catch(o){r=null}}return r}},ae=(t,e)=>e!==t&&(e==e||t==t),Et={attribute:!0,type:String,converter:Z,reflect:!1,hasChanged:ae},O=class extends HTMLElement{constructor(){super(),this._$Ei=new Map,this.isUpdatePending=!1,this.hasUpdated=!1,this._$El=null,this.u()}static addInitializer(t){var e;this.finalize(),((e=this.h)!==null&&e!==void 0?e:this.h=[]).push(t)}static get observedAttributes(){this.finalize();const t=[];return this.elementProperties.forEach((e,r)=>{const o=this._$Ep(r,e);o!==void 0&&(this._$Ev.set(o,r),t.push(o))}),t}static createProperty(t,e=Et){if(e.state&&(e.attribute=!1),this.finalize(),this.elementProperties.set(t,e),!e.noAccessor&&!this.prototype.hasOwnProperty(t)){const r=typeof t=="symbol"?Symbol():"__"+t,o=this.getPropertyDescriptor(t,r,e);o!==void 0&&Object.defineProperty(this.prototype,t,o)}}static getPropertyDescriptor(t,e,r){return{get(){return this[e]},set(o){const i=this[t];this[e]=o,this.requestUpdate(t,i,r)},configurable:!0,enumerable:!0}}static getPropertyOptions(t){return this.elementProperties.get(t)||Et}static finalize(){if(this.hasOwnProperty("finalized"))return!1;this.finalized=!0;const t=Object.getPrototypeOf(this);if(t.finalize(),t.h!==void 0&&(this.h=[...t.h]),this.elementProperties=new Map(t.elementProperties),this._$Ev=new Map,this.hasOwnProperty("properties")){const e=this.properties,r=[...Object.getOwnPropertyNames(e),...Object.getOwnPropertySymbols(e)];for(const o of r)this.createProperty(o,e[o])}return this.elementStyles=this.finalizeStyles(this.styles),!0}static finalizeStyles(t){const e=[];if(Array.isArray(t)){const r=new Set(t.flat(1/0).reverse());for(const o of r)e.unshift(se(o))}else t!==void 0&&e.push(se(t));return e}static _$Ep(t,e){const r=e.attribute;return r===!1?void 0:typeof r=="string"?r:typeof t=="string"?t.toLowerCase():void 0}u(){var t;this._$E_=new Promise(e=>this.enableUpdating=e),this._$AL=new Map,this._$Eg(),this.requestUpdate(),(t=this.constructor.h)===null||t===void 0||t.forEach(e=>e(this))}addController(t){var e,r;((e=this._$ES)!==null&&e!==void 0?e:this._$ES=[]).push(t),this.renderRoot!==void 0&&this.isConnected&&((r=t.hostConnected)===null||r===void 0||r.call(t))}removeController(t){var e;(e=this._$ES)===null||e===void 0||e.splice(this._$ES.indexOf(t)>>>0,1)}_$Eg(){this.constructor.elementProperties.forEach((t,e)=>{this.hasOwnProperty(e)&&(this._$Ei.set(e,this[e]),delete this[e])})}createRenderRoot(){var t;const e=(t=this.shadowRoot)!==null&&t!==void 0?t:this.attachShadow(this.constructor.shadowRootOptions);return tr(e,this.constructor.elementStyles),e}connectedCallback(){var t;this.renderRoot===void 0&&(this.renderRoot=this.createRenderRoot()),this.enableUpdating(!0),(t=this._$ES)===null||t===void 0||t.forEach(e=>{var r;return(r=e.hostConnected)===null||r===void 0?void 0:r.call(e)})}enableUpdating(t){}disconnectedCallback(){var t;(t=this._$ES)===null||t===void 0||t.forEach(e=>{var r;return(r=e.hostDisconnected)===null||r===void 0?void 0:r.call(e)})}attributeChangedCallback(t,e,r){this._$AK(t,r)}_$EO(t,e,r=Et){var o;const i=this.constructor._$Ep(t,r);if(i!==void 0&&r.reflect===!0){const s=(((o=r.converter)===null||o===void 0?void 0:o.toAttribute)!==void 0?r.converter:Z).toAttribute(e,r.type);this._$El=t,s==null?this.removeAttribute(i):this.setAttribute(i,s),this._$El=null}}_$AK(t,e){var r;const o=this.constructor,i=o._$Ev.get(t);if(i!==void 0&&this._$El!==i){const s=o.getPropertyOptions(i),n=typeof s.converter=="function"?{fromAttribute:s.converter}:((r=s.converter)===null||r===void 0?void 0:r.fromAttribute)!==void 0?s.converter:Z;this._$El=i,this[i]=n.fromAttribute(e,s.type),this._$El=null}}requestUpdate(t,e,r){let o=!0;t!==void 0&&(((r=r||this.constructor.getPropertyOptions(t)).hasChanged||ae)(this[t],e)?(this._$AL.has(t)||this._$AL.set(t,e),r.reflect===!0&&this._$El!==t&&(this._$EC===void 0&&(this._$EC=new Map),this._$EC.set(t,r))):o=!1),!this.isUpdatePending&&o&&(this._$E_=this._$Ej())}async _$Ej(){this.isUpdatePending=!0;try{await this._$E_}catch(e){Promise.reject(e)}const t=this.scheduleUpdate();return t!=null&&await t,!this.isUpdatePending}scheduleUpdate(){return this.performUpdate()}performUpdate(){var t;if(!this.isUpdatePending)return;this.hasUpdated,this._$Ei&&(this._$Ei.forEach((o,i)=>this[i]=o),this._$Ei=void 0);let e=!1;const r=this._$AL;try{e=this.shouldUpdate(r),e?(this.willUpdate(r),(t=this._$ES)===null||t===void 0||t.forEach(o=>{var i;return(i=o.hostUpdate)===null||i===void 0?void 0:i.call(o)}),this.update(r)):this._$Ek()}catch(o){throw e=!1,this._$Ek(),o}e&&this._$AE(r)}willUpdate(t){}_$AE(t){var e;(e=this._$ES)===null||e===void 0||e.forEach(r=>{var o;return(o=r.hostUpdated)===null||o===void 0?void 0:o.call(r)}),this.hasUpdated||(this.hasUpdated=!0,this.firstUpdated(t)),this.updated(t)}_$Ek(){this._$AL=new Map,this.isUpdatePending=!1}get updateComplete(){return this.getUpdateComplete()}getUpdateComplete(){return this._$E_}shouldUpdate(t){return!0}update(t){this._$EC!==void 0&&(this._$EC.forEach((e,r)=>this._$EO(r,this[r],e)),this._$EC=void 0),this._$Ek()}updated(t){}firstUpdated(t){}};O.finalized=!0,O.elementProperties=new Map,O.elementStyles=[],O.shadowRootOptions={mode:"open"},le==null||le({ReactiveElement:O}),((xt=dt.reactiveElementVersions)!==null&&xt!==void 0?xt:dt.reactiveElementVersions=[]).push("1.4.2");var St,ct=window,L=ct.trustedTypes,ue=L?L.createPolicy("lit-html",{createHTML:t=>t}):void 0,E=`lit$${(Math.random()+"").slice(9)}$`,de="?"+E,rr=`<${de}>`,M=document,J=(t="")=>M.createComment(t),Y=t=>t===null||typeof t!="object"&&typeof t!="function",ce=Array.isArray,or=t=>ce(t)||typeof(t==null?void 0:t[Symbol.iterator])=="function",G=/<(?:(!--|\/[^a-zA-Z])|(\/?[a-zA-Z][^>\s]*)|(\/?$))/g,he=/-->/g,pe=/>/g,z=RegExp(`>|[ +\f\r](?:([^\\s"'>=/]+)([ +\f\r]*=[ +\f\r]*(?:[^ \f\r"'\`<>=]|("|')|))|$)`,"g"),ve=/'/g,be=/"/g,fe=/^(?:script|style|textarea|title)$/i,ir=t=>(e,...r)=>({_$litType$:t,strings:e,values:r}),x=ir(1),w=Symbol.for("lit-noChange"),m=Symbol.for("lit-nothing"),me=new WeakMap,B=M.createTreeWalker(M,129,null,!1),sr=(t,e)=>{const r=t.length-1,o=[];let i,s=e===2?"":"",n=G;for(let l=0;l"?(n=i!=null?i:G,v=-1):c[1]===void 0?v=-2:(v=n.lastIndex-c[2].length,b=c[1],n=c[3]===void 0?z:c[3]==='"'?be:ve):n===be||n===ve?n=z:n===he||n===pe?n=G:(n=z,i=void 0);const $=n===z&&t[l+1].startsWith("/>")?" ":"";s+=n===G?u+rr:v>=0?(o.push(b),u.slice(0,v)+"$lit$"+u.slice(v)+E+$):u+E+(v===-2?(o.push(void 0),l):$)}const d=s+(t[r]||"")+(e===2?"":"");if(!Array.isArray(t)||!t.hasOwnProperty("raw"))throw Error("invalid template strings array");return[ue!==void 0?ue.createHTML(d):d,o]},ht=class{constructor({strings:t,_$litType$:e},r){let o;this.parts=[];let i=0,s=0;const n=t.length-1,d=this.parts,[l,u]=sr(t,e);if(this.el=ht.createElement(l,r),B.currentNode=this.el.content,e===2){const b=this.el.content,c=b.firstChild;c.remove(),b.append(...c.childNodes)}for(;(o=B.nextNode())!==null&&d.length0){o.textContent=L?L.emptyScript:"";for(let v=0;v2||r[0]!==""||r[1]!==""?(this._$AH=Array(r.length-1).fill(new String),this.strings=r):this._$AH=m}get tagName(){return this.element.tagName}get _$AU(){return this._$AM._$AU}_$AI(t,e=this,r,o){const i=this.strings;let s=!1;if(i===void 0)t=H(this,t,e,0),s=!Y(t)||t!==this._$AH&&t!==w,s&&(this._$AH=t);else{const n=t;let d,l;for(t=i[0],d=0;d{var o,i;const s=(o=r==null?void 0:r.renderBefore)!==null&&o!==void 0?o:e;let n=s._$litPart$;if(n===void 0){const d=(i=r==null?void 0:r.renderBefore)!==null&&i!==void 0?i:null;s._$litPart$=n=new pt(e.insertBefore(J(),d),d,void 0,r!=null?r:{})}return n._$AI(t),n},Ct,kt,X=class extends O{constructor(){super(...arguments),this.renderOptions={host:this},this._$Dt=void 0}createRenderRoot(){var t,e;const r=super.createRenderRoot();return(t=(e=this.renderOptions).renderBefore)!==null&&t!==void 0||(e.renderBefore=r.firstChild),r}update(t){const e=this.render();this.hasUpdated||(this.renderOptions.isConnected=this.isConnected),super.update(t),this._$Dt=hr(e,this.renderRoot,this.renderOptions)}connectedCallback(){var t;super.connectedCallback(),(t=this._$Dt)===null||t===void 0||t.setConnected(!0)}disconnectedCallback(){var t;super.disconnectedCallback(),(t=this._$Dt)===null||t===void 0||t.setConnected(!1)}render(){return w}};X.finalized=!0,X._$litElement$=!0,(Ct=globalThis.litElementHydrateSupport)===null||Ct===void 0||Ct.call(globalThis,{LitElement:X});var _e=globalThis.litElementPolyfillSupport;_e==null||_e({LitElement:X});((kt=globalThis.litElementVersions)!==null&&kt!==void 0?kt:globalThis.litElementVersions=[]).push("3.2.0");/** * @license * Copyright 2017 Google LLC @@ -1382,10 +1382,10 @@ var Xt=Object.defineProperty,Ze=Object.defineProperties,Je=Object.getOwnProperty * @license * Copyright 2017 Google LLC * SPDX-License-Identifier: BSD-3-Clause - */var Jt;const gt=window,D=gt.trustedTypes,Be=D?D.createPolicy("lit-html",{createHTML:t=>t}):void 0,k=`lit$${(Math.random()+"").slice(9)}$`,He="?"+k,Jr=`<${He}>`,I=document,ot=(t="")=>I.createComment(t),it=t=>t===null||typeof t!="object"&&typeof t!="function",Re=Array.isArray,Yr=t=>Re(t)||typeof(t==null?void 0:t[Symbol.iterator])=="function",st=/<(?:(!--|\/[^a-zA-Z])|(\/?[a-zA-Z][^>\s]*)|(\/?$))/g,Ve=/-->/g,De=/>/g,U=RegExp(`>|[ -\f\r](?:([^\\s"'>=/]+)([ -\f\r]*=[ -\f\r]*(?:[^ + */var Jt;const gt=window,D=gt.trustedTypes,Be=D?D.createPolicy("lit-html",{createHTML:t=>t}):void 0,k=`lit$${(Math.random()+"").slice(9)}$`,He="?"+k,Jr=`<${He}>`,I=document,ot=(t="")=>I.createComment(t),it=t=>t===null||typeof t!="object"&&typeof t!="function",Re=Array.isArray,Yr=t=>Re(t)||typeof(t==null?void 0:t[Symbol.iterator])=="function",st=/<(?:(!--|\/[^a-zA-Z])|(\/?[a-zA-Z][^>\s]*)|(\/?$))/g,Ve=/-->/g,De=/>/g,U=RegExp(`>|[ +\f\r](?:([^\\s"'>=/]+)([ +\f\r]*=[ +\f\r]*(?:[^ \f\r"'\`<>=]|("|')|))|$)`,"g"),Ie=/'/g,Fe=/"/g,je=/^(?:script|style|textarea|title)$/i,Gr=t=>(e,...r)=>({_$litType$:t,strings:e,values:r}),no=Gr(1),F=Symbol.for("lit-noChange"),y=Symbol.for("lit-nothing"),qe=new WeakMap,j=I.createTreeWalker(I,129,null,!1),Xr=(t,e)=>{const r=t.length-1,o=[];let i,s=e===2?"":"",n=st;for(let l=0;l"?(n=i!=null?i:st,v=-1):c[1]===void 0?v=-2:(v=n.lastIndex-c[2].length,b=c[1],n=c[3]===void 0?U:c[3]==='"'?Fe:Ie):n===Fe||n===Ie?n=U:n===Ve||n===De?n=st:(n=U,i=void 0);const $=n===U&&t[l+1].startsWith("/>")?" ":"";s+=n===st?u+Jr:v>=0?(o.push(b),u.slice(0,v)+"$lit$"+u.slice(v)+k+$):u+k+(v===-2?(o.push(void 0),l):$)}const d=s+(t[r]||"")+(e===2?"":"");if(!Array.isArray(t)||!t.hasOwnProperty("raw"))throw Error("invalid template strings array");return[Be!==void 0?Be.createHTML(d):d,o]};class nt{constructor({strings:e,_$litType$:r},o){let i;this.parts=[];let s=0,n=0;const d=e.length-1,l=this.parts,[u,b]=Xr(e,r);if(this.el=nt.createElement(u,o),j.currentNode=this.el.content,r===2){const c=this.el.content,v=c.firstChild;v.remove(),c.append(...v.childNodes)}for(;(i=j.nextNode())!==null&&l.length0){i.textContent=D?D.emptyScript:"";for(let _=0;_2||o[0]!==""||o[1]!==""?(this._$AH=Array(o.length-1).fill(new String),this.strings=o):this._$AH=y}get tagName(){return this.element.tagName}get _$AU(){return this._$AM._$AU}_$AI(e,r=this,o,i){const s=this.strings;let n=!1;if(s===void 0)e=q(this,e,r,0),n=!it(e)||e!==this._$AH&&e!==F,n&&(this._$AH=e);else{const d=e;let l,u;for(e=s[0],l=0;l{var o,i;const s=(o=r==null?void 0:r.renderBefore)!==null&&o!==void 0?o:e;let n=s._$litPart$;if(n===void 0){const d=(i=r==null?void 0:r.renderBefore)!==null&&i!==void 0?i:null;s._$litPart$=n=new lt(e.insertBefore(ot(),d),d,void 0,r!=null?r:{})}return n._$AI(t),n};/** * @license * Copyright 2017 Google LLC diff --git a/attic/values/dex/templates/src/App.fs b/attic/values/dex/templates/src/App.fs index bebb8f34..7ead68fb 100644 --- a/attic/values/dex/templates/src/App.fs +++ b/attic/values/dex/templates/src/App.fs @@ -66,7 +66,7 @@ let MyApp() = if isNullOrUndefined localStorage["user_id"] then "" else - localStorage["user_id"] + localStorage["user_id"] // Browser.Dom.document.cookie // |> fun s -> s.Split ';' // |> Array.filter (fun s -> s.StartsWith "user_id=") @@ -75,7 +75,7 @@ let MyApp() = // |> Option.defaultValue "" let toggleAmnesia _ = setAmnesia (not amnesia) - + html $"""
diff --git a/bin/generate.sh b/bin/generate.sh index 5c7058f6..f73fffbe 100755 --- a/bin/generate.sh +++ b/bin/generate.sh @@ -1,4 +1,5 @@ #!/usr/bin/env bash +# shellcheck disable=SC2034 # Unused variables left for readability helmfile () { @@ -10,30 +11,30 @@ bases: - ../envs/environments.yaml.gotmpl commonLabels: - tier: $tier + tier: ${tier} releases: -- name: $name - namespace: {{ .Environment.Name }}-$name - chart: ../charts/$name - condition: $name.enabled +- name: ${name} + namespace: {{ .Environment.Name }}-${name} + chart: ../charts/${name} + condition: ${name}.enabled values: - - ../values/$name/values/values.yaml.gotmpl - - ../values/$name/values/values-{{ .Environment.Name }}.yaml + - ../values/${name}/values/values.yaml.gotmpl + - ../values/${name}/values/values-{{ .Environment.Name }}.yaml postRenderer: ../bin/kustomizer postRendererArgs: - - ../values/$name/kustomize/{{ .Environment.Name }} + - ../values/${name}/kustomize/{{ .Environment.Name }} missingFileHandler: Info - name: manifests - namespace: {{ .Environment.Name }}-$name + namespace: {{ .Environment.Name }}-${name} chart: manifests - condition: $name.enabled + condition: ${name}.enabled missingFileHandler: Info values: - ../values/env.yaml - ../values/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml - - ../values/$name/env.yaml.gotmpl - - ../values/$name/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl + - ../values/${name}/env.yaml.gotmpl + - ../values/${name}/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl hooks: - events: [ prepare, cleanup ] showlogs: true @@ -42,7 +43,7 @@ releases: - '{{\`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}\`}}' - '{{\`{{ .Release.Chart }}\`}}' - '{{\`{{ .Environment.Name }}\`}}' - - ../values/$name/manifests + - ../values/${name}/manifests - manifests EOF } @@ -59,10 +60,10 @@ done name=$1 tier=$2 -if [ -n "$ns" ]; then - namespace="namespace: {{ .Environment.Name }}-$name" +if [[ -n "${ns}" ]]; then + namespace="namespace: {{ .Environment.Name }}-${name}" else - namespace="namespace: $name" + namespace="namespace: ${name}" fi -helmfile $1 $2 +helmfile "$1" "$2" diff --git a/bin/helmify b/bin/helmify index 545e88ff..082ea78c 100755 --- a/bin/helmify +++ b/bin/helmify @@ -4,39 +4,38 @@ set -o pipefail cmd=$1 chart=$2 -env=$3 manifests=${4:-manifests} outdir=${5:-_manifests} build() { - mkdir -p $outdir/templates - echo "Creating $outdir/templates" + mkdir -p "${outdir}"/templates + echo "Creating ${outdir}/templates" - echo "generating $outdir/Chart.yaml" 1>&2 + echo "generating ${outdir}/Chart.yaml" 1>&2 - cat < $outdir/Chart.yaml + cat < "${outdir}"/Chart.yaml apiVersion: v1 appVersion: "1.0" # description: A Helm chart for Kubernetes -name: $chart +name: ${chart} version: 0.1.0 EOF -if [ -d $manifests ]; then - cp -r $manifests/* $outdir/templates -elif [ -f $manifests ]; then - cp $manifests $outdir/templates +if [[ -d "${manifests}" ]]; then + cp -r "${manifests}"/* "${outdir}"/templates +elif [[ -f "${manifests}" ]]; then + cp "${manifests}" "${outdir}"/templates fi } clean() { - echo "cleaning $outdir" 1>&2 - rm -rf $outdir + echo "cleaning ${outdir}" 1>&2 + rm -rf "${outdir}" } -case "$cmd" in +case "${cmd}" in "build" ) build ;; "clean" ) clean ;; - * ) echo "unsupported command: $cmd" 1>&2; exit 1 ;; + * ) echo "unsupported command: ${cmd}" 1>&2; exit 1 ;; esac diff --git a/bin/kustomizer b/bin/kustomizer index 99207bf0..0ff19a65 100755 --- a/bin/kustomizer +++ b/bin/kustomizer @@ -1,13 +1,13 @@ #!/usr/bin/env bash -[ $# != 1 ] && exit 1 +[[ $# != 1 ]] && exit 1 dir=$1 -base=$dir/../base +base=${dir}/../base -if [ -f $base/kustomization.yaml -a -f $dir/kustomization.yaml ]; then - cat > $base/_manifest.yaml - kubectl kustomize $dir +if [[ -f "${base}"/kustomization.yaml ]] && [[ -f "${dir}"/kustomization.yaml ]]; then + cat > "${base}"/_manifest.yaml + kubectl kustomize "${dir}" else cat fi diff --git a/bootstrap/helm-kustomize-cmp/deploy.sh b/bootstrap/helm-kustomize-cmp/deploy.sh index aedb1d1e..415fa268 100755 --- a/bootstrap/helm-kustomize-cmp/deploy.sh +++ b/bootstrap/helm-kustomize-cmp/deploy.sh @@ -3,5 +3,5 @@ img=registry.gitlab.com/oceanbox/manifests/helm-kustomize-cmp tag=${1:-latest} -docker build -t $img:$tag . -docker push $img:$tag +docker build -t "${img}":"${tag}" . +docker push "${img}":"${tag}" diff --git a/bootstrap/helm-kustomize-cmp/generate.sh b/bootstrap/helm-kustomize-cmp/generate.sh index c273f723..896d2c08 100644 --- a/bootstrap/helm-kustomize-cmp/generate.sh +++ b/bootstrap/helm-kustomize-cmp/generate.sh @@ -1,14 +1,15 @@ #!/bin/sh +# shellcheck disable=SC2154 export HOME=/plugin -env > /tmp/$ARGOCD_APP_NAME.env +env > /tmp/"${ARGOCD_APP_NAME}".env -echo "$ARGOCD_APP_PARAMETERS" | jq '.[] | select(.name == "helm-parameters") | .map' | yq -P -oy > parameters.yaml -cp parameters.yaml /tmp/$ARGOCD_APP_NAME-parameters.yaml +echo "${ARGOCD_APP_PARAMETERS}" | jq '.[] | select(.name == "helm-parameters") | .map' | yq -P -oy > parameters.yaml +cp parameters.yaml /tmp/"${ARGOCD_APP_NAME}"-parameters.yaml -if [ -n "$PARAM_CHART" -a "$PARAM_CHART" != "." ]; then - CHART=$PARAM_CHART +if [ -n "${PARAM_CHART}" ] && [ "${PARAM_CHART}" != "." ]; then + CHART=${PARAM_CHART} elif [ -d chart ]; then CHART=chart elif [ -f chart ]; then @@ -18,19 +19,19 @@ else fi [ -f chart/values.yaml ] && VALUES="-f chart/values.yaml" -[ -f values-chart.yaml ] && VALUES="$VALUES -f values-chart.yaml" -[ -f values.yaml ] && VALUES="$VALUES -f values.yaml" -[ -f values-$PARAM_ENV.yaml ] && VALUES="$VALUES -f values-$PARAM_ENV.yaml" -VALUES="$VALUES -f parameters.yaml" +[ -f values-chart.yaml ] && VALUES="${VALUES} -f values-chart.yaml" +[ -f values.yaml ] && VALUES="${VALUES} -f values.yaml" +[ -f values-"${PARAM_ENV}".yaml ] && VALUES="${VALUES} -f values-${PARAM_ENV}.yaml" +VALUES="${VALUES} -f parameters.yaml" -helm dependency update $CHART >/tmp/$ARGOCD_APP_NAME-helm-dependency-build.out +helm dependency update "${CHART}" >/tmp/"${ARGOCD_APP_NAME}"-helm-dependency-build.out mkdir -p base -echo "helm template -n $ARGOCD_APP_NAMESPACE $PARAM_FLAGS $VALUES $ARGOCD_APP_NAME $CHART" > /tmp/$ARGOCD_APP_NAME-helm.sh -helm template -n $ARGOCD_APP_NAMESPACE $PARAM_FLAGS $VALUES $ARGOCD_APP_NAME $CHART > ./base/_manifest.yaml +echo "helm template -n ${ARGOCD_APP_NAMESPACE} ${PARAM_FLAGS} ${VALUES} ${ARGOCD_APP_NAME} ${CHART}" > /tmp/"${ARGOCD_APP_NAME}"-helm.sh +helm template -n "${ARGOCD_APP_NAMESPACE}" "${PARAM_FLAGS}" "${VALUES}" "${ARGOCD_APP_NAME}" "${CHART}" > ./base/_manifest.yaml -cp ./base/_manifest.yaml /tmp/$ARGOCD_APP_NAME-manifest.yaml +cp ./base/_manifest.yaml /tmp/"${ARGOCD_APP_NAME}"-manifest.yaml -[ -d "$PARAM_ENV" ] && kubectl kustomize $PARAM_ENV > /tmp/$ARGOCD_APP_NAME-manifest.yaml +[ -d "${PARAM_ENV}" ] && kubectl kustomize "${PARAM_ENV}" > /tmp/"${ARGOCD_APP_NAME}"-manifest.yaml -cat /tmp/$ARGOCD_APP_NAME-manifest.yaml +cat /tmp/"${ARGOCD_APP_NAME}"-manifest.yaml diff --git a/bootstrap/helm-kustomize-cmp/get-values.sh b/bootstrap/helm-kustomize-cmp/get-values.sh index 738905f5..632bb3f3 100644 --- a/bootstrap/helm-kustomize-cmp/get-values.sh +++ b/bootstrap/helm-kustomize-cmp/get-values.sh @@ -18,7 +18,7 @@ EOF exit 0 fi -yq e -o=p $VALUES | jq --slurp --raw-input ' +yq e -o=p "${VALUES}" | jq --slurp --raw-input ' [{ name: "helm-parameters", title: "Helm Parameters", diff --git a/bootstrap/helm-kustomize-cmp/init-helm-repos.sh b/bootstrap/helm-kustomize-cmp/init-helm-repos.sh index 38e85390..f219ca38 100644 --- a/bootstrap/helm-kustomize-cmp/init-helm-repos.sh +++ b/bootstrap/helm-kustomize-cmp/init-helm-repos.sh @@ -1,8 +1,9 @@ #!/bin/sh +# shellcheck disable=SC2154 export HOME=/plugin -helm repo add --username argocd-helm --password "$OCEANBOX_HELM_ACCESS_TOKEN" oceanbox \ +helm repo add --username argocd-helm --password "${OCEANBOX_HELM_ACCESS_TOKEN}" oceanbox \ https://gitlab.com/api/v4/projects/54396343/packages/helm/stable helm repo add bitnami https://charts.bitnami.com/bitnami diff --git a/bootstrap/helm-kustomize-cmp/init.sh b/bootstrap/helm-kustomize-cmp/init.sh index a61d2cfd..4a272d97 100644 --- a/bootstrap/helm-kustomize-cmp/init.sh +++ b/bootstrap/helm-kustomize-cmp/init.sh @@ -4,9 +4,9 @@ export HOME=/plugin helm repo update oceanbox -if [ -n "$PARAM_CHART" -a "$PARAM_CHART" != "." ]; then - helm show values $PARAM_CHART > values-chart.yaml +if [ -n "${PARAM_CHART}" ] && [ "${PARAM_CHART}" != "." ]; then + helm show values "${PARAM_CHART}" > values-chart.yaml elif [ -f chart ]; then CHART=$(cat chart) - helm show values $CHART > values-chart.yaml + helm show values "${CHART}" > values-chart.yaml fi diff --git a/bootstrap/helmfile-cmp/deploy.sh b/bootstrap/helmfile-cmp/deploy.sh index b2319ffc..73dbc751 100755 --- a/bootstrap/helmfile-cmp/deploy.sh +++ b/bootstrap/helmfile-cmp/deploy.sh @@ -3,5 +3,5 @@ img=registry.gitlab.com/oceanbox/manifests/helmfile-cmp tag=${1:-latest} -docker build -t $img:$tag . -docker push $img:$tag +docker build -t "${img}":"${tag}" . +docker push "${img}":"${tag}" diff --git a/bootstrap/helmfile-cmp/generate.sh b/bootstrap/helmfile-cmp/generate.sh index 695f7009..2dc3c9a6 100644 --- a/bootstrap/helmfile-cmp/generate.sh +++ b/bootstrap/helmfile-cmp/generate.sh @@ -1,4 +1,5 @@ #!/bin/sh +# shellcheck disable=SC2154 # NOTE: Ensure errors are part of exitcode # set -o pipefail @@ -10,7 +11,7 @@ export HELM_CONFIG_HOME=/tmp/helm/config export HELMFILE_CACHE_HOME=/tmp/helmfile/cache export HELMFILE_TEMPDIR=/tmp/helmfile/tmp -test -n ARGOCD_ENV_HELMFILE_ENVIRONMENT && export HELMFILE_ENVIRONMENT=$ARGOCD_ENV_HELMFILE_ENVIRONMENT -test -n ARGOCD_ENV_HELMFILE_FILE_PATH && export HELMFILE_FILE_PATH=$ARGOCD_ENV_HELMFILE_FILE_PATH +test -n ARGOCD_ENV_HELMFILE_ENVIRONMENT && export HELMFILE_ENVIRONMENT="${ARGOCD_ENV_HELMFILE_ENVIRONMENT}" +test -n ARGOCD_ENV_HELMFILE_FILE_PATH && export HELMFILE_FILE_PATH="${ARGOCD_ENV_HELMFILE_FILE_PATH}" -helmfile -n "$ARGOCD_APP_NAMESPACE" $ARGS template -q --include-crds +helmfile -n "${ARGOCD_APP_NAMESPACE}" "${ARGS}" template -q --include-crds diff --git a/bootstrap/reset-ekman-cluster.sh b/bootstrap/reset-ekman-cluster.sh index d326eab2..ecc46a08 100755 --- a/bootstrap/reset-ekman-cluster.sh +++ b/bootstrap/reset-ekman-cluster.sh @@ -13,7 +13,7 @@ kubectl --context ekman apply -f cluster-admin-token.yaml # kubectl --context oceanbox apply -f _cluster-ekman.yaml token=$(kubectl --context ekman get secret -n kube-system argocd-manager-token -o yaml | grep ' token:' | cut -d' ' -f4 | base64 -d) -sed "s/@token@/$token/" cluster-ekman.yaml > _cluster-ekman.yaml +sed "s/@token@/${token}/" cluster-ekman.yaml > _cluster-ekman.yaml echo "configure argocd ekman-cluster..." cat _cluster-ekman.yaml kubectl --context oceanbox apply -f _cluster-ekman.yaml diff --git a/nix/checks.nix b/nix/checks.nix new file mode 100644 index 00000000..9a3b2383 --- /dev/null +++ b/nix/checks.nix @@ -0,0 +1,65 @@ +let + sources = import ./default.nix; + pkgs = import sources.nixpkgs { }; + pre-commit = import sources.git-hooks; + + globalExcludes = [ + "nix/default.nix" + ".*vendor" + ".*chart/.*" + ".*schema.json" + ]; + +in +pre-commit.run { + src = pkgs.nix-gitignore.gitignoreSource [ ] ../.; + # Do not run at pre-commit time + default_stages = [ + "pre-push" + ]; + # TODO(mrtz): Remove when default + package = pkgs.prek; + # Linters From https://github.com/cachix/pre-commit-hooks.nix + hooks = { + nixfmt-rfc-style = { + enable = true; + excludes = globalExcludes; + }; + + trim-trailing-whitespace.enable = true; + + shellcheck = { + enable = true; + excludes = [ + "vcluster/" + ]; + args = [ + "-x" + "-o" + "all" + ]; + }; + + yamllint = { + enable = false; + excludes = [ + "attic/" + "charts/templates/" + "charts/charts/" + ]; + settings = { + strict = true; + configData = ''{ extends: default, rules: { document-start: disable, line-length: {max: 165} } }''; + }; + }; + + check-json.enable = true; + + renovate-config-validator = { + enable = true; + files = "renovate.json$"; + entry = "renovate-config-validator"; + }; + + }; +} diff --git a/nix/sources.json b/nix/sources.json index 737b35e8..eb4fb596 100644 --- a/nix/sources.json +++ b/nix/sources.json @@ -1,5 +1,18 @@ { "pins": { + "git-hooks": { + "type": "Git", + "repository": { + "type": "GitHub", + "owner": "cachix", + "repo": "git-hooks.nix" + }, + "branch": "master", + "submodules": false, + "revision": "b68b780b69702a090c8bb1b973bab13756cc7a27", + "url": "https://github.com/cachix/git-hooks.nix/archive/b68b780b69702a090c8bb1b973bab13756cc7a27.tar.gz", + "hash": "1k99smax7zpa5cdw9afa4v4y4155amy21a8z5z8x3cikdz3gyx5p" + }, "nixpkgs": { "type": "Channel", "name": "nixpkgs-unstable", diff --git a/raw/tos/oceanbox/database/upload-img.sh b/raw/tos/oceanbox/database/upload-img.sh index d3f3eb08..ad3b56c1 100755 --- a/raw/tos/oceanbox/database/upload-img.sh +++ b/raw/tos/oceanbox/database/upload-img.sh @@ -3,7 +3,7 @@ # Simple script for uploading a base64 encoded image into our database. For # grafana business image panels. -if [ $# -ne 2 ] +if [[ $# -ne 2 ]] then echo "Usage: $0 .png" exit 1 @@ -12,9 +12,9 @@ fi filename=$1 file=$2 -if [ ! -e $file ] +if [[ ! -e "${file}" ]] then - echo "file $file does not exist" + echo "file ${file} does not exist" exit 1 fi @@ -22,9 +22,9 @@ function create_image() { local filename=$1 local data=$2 cat << EOF -INSERT INTO images VALUES('$filename', '$data'); +INSERT INTO images VALUES('${filename}', '${data}'); EOF } -data=$(cat $file | base64 -w0) -create_image $filename $data +data=$(base64 -w0 < "${file}") +create_image "${filename}" "${data}" diff --git a/renovate.json b/renovate.json index b0a6af6b..b8178855 100644 --- a/renovate.json +++ b/renovate.json @@ -1,4 +1,3 @@ -// -*- mode: jsonc -*- { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": [ diff --git a/shell.nix b/shell.nix index 2fc16656..55bd8ea2 100644 --- a/shell.nix +++ b/shell.nix @@ -6,35 +6,45 @@ let config = { }; overlays = [ ]; }; + checks = import ./nix/checks.nix; in pkgs.mkShellNoCC { name = "clstr"; - packages = with pkgs; [ - just - npins + packages = + with pkgs; + [ + # dev tools + just + npins - # helm - helmfile - kubernetes-helm + # helm + helmfile + kubernetes-helm - # kubectl tools - kubectl-cnpg - kubectl-neat - kubelogin - kubelogin-oidc - kubectl-rook-ceph + # kubectl tools + kubectl-cnpg + kubectl-neat + kubelogin + kubelogin-oidc + kubectl-rook-ceph - # other tools - step-cli - linkerd - velero - cmctl + # other tools + step-cli + linkerd + velero + cmctl + renovate - # dapr - dapr-cli - ]; + # dapr + dapr-cli + ] + ++ checks.enabledPackages; - ARGOCD_ENV_CLUSTER_NAME = "rossby"; + ARGOCD_ENV_CLUSTER_NAME = "hel1"; HELM_GIT_ACCESS_TOKEN = "glpat-xxx"; + + shellHook = builtins.concatStringsSep "\n" [ + checks.shellHook + ]; } diff --git a/values/atlantis/kustomize/prod/appsettings.json b/values/atlantis/kustomize/prod/appsettings.json index ba173e47..d6eebde4 100644 --- a/values/atlantis/kustomize/prod/appsettings.json +++ b/values/atlantis/kustomize/prod/appsettings.json @@ -73,7 +73,7 @@ "connString": "Username=postgres;Password=secret;Host=localhost;Port=5432;Database=app;Pooling=true;", "sorcerer" : "https://sorcerer.data.oceanbox.io", "allowedOrigins": [ - "https://maps.oceanbox.io", + "https://maps.oceanbox.io" ], "appName": "atlantis", "appEnv": "prod", diff --git a/values/linkerd/values/linkerd.yaml.gotmpl b/values/linkerd/values/linkerd.yaml.gotmpl index 47413e35..d743d5f1 100644 --- a/values/linkerd/values/linkerd.yaml.gotmpl +++ b/values/linkerd/values/linkerd.yaml.gotmpl @@ -4,14 +4,14 @@ identity: scheme: {{ .Values.linkerd.secretScheme }} {{- if .Values.linkerd.identityIssuerPEM }} tls: - crtPEM: {{- .Values.linkerd.identityIssuerPEM | toYaml | indent 14 }} + crtPEM: {{- .Values.linkerd.identityIssuerPEM | toYaml | indent 14 }} {{- end }} policyValidator: externalSecret: true - caBundle: {{- .Values.linkerd.webhookPEM | toYaml | indent 9 }} + caBundle: {{- .Values.linkerd.webhookPEM | toYaml | indent 9 }} proxyInjector: externalSecret: true - caBundle: {{- .Values.linkerd.webhookPEM | toYaml | indent 9 }} + caBundle: {{- .Values.linkerd.webhookPEM | toYaml | indent 9 }} profileValidator: externalSecret: true - caBundle: {{- .Values.linkerd.webhookPEM | toYaml | indent 9 }} + caBundle: {{- .Values.linkerd.webhookPEM | toYaml | indent 9 }} diff --git a/values/metrics-server/values/metrics-server.yaml.gotmpl b/values/metrics-server/values/metrics-server.yaml.gotmpl index 21658d31..ac2ece2a 100644 --- a/values/metrics-server/values/metrics-server.yaml.gotmpl +++ b/values/metrics-server/values/metrics-server.yaml.gotmpl @@ -1,5 +1,5 @@ containerPort: 10250 -resources: +resources: requests: cpu: 100m memory: 200Mi diff --git a/values/nfs-provisioner/manifests/nfs-provisioner.yaml b/values/nfs-provisioner/manifests/nfs-provisioner.yaml index 7d6f32cd..9a12bc8f 100644 --- a/values/nfs-provisioner/manifests/nfs-provisioner.yaml +++ b/values/nfs-provisioner/manifests/nfs-provisioner.yaml @@ -6,7 +6,7 @@ metadata: namespace: argocd spec: destination: - namespace: kube-system + namespace: kube-system server: 'https://kubernetes.default.svc' sources: - repoURL: {{ .Values.clusterConfig.manifests }} diff --git a/values/plume/kustomize/prod/appsettings.json b/values/plume/kustomize/prod/appsettings.json index 63e14f4c..06bda9f4 100644 --- a/values/plume/kustomize/prod/appsettings.json +++ b/values/plume/kustomize/prod/appsettings.json @@ -6,5 +6,5 @@ "appVersion": "1.0.0", "cacheDir": "/data/archives/cache/prod", "otelCollector": "http://10.255.241.12:4317", - "sentryUrl": "https://2b68ecf0c4d02e6cc9433c371321ac9d@o4509530141622272.ingest.de.sentry.io/4509910315237456", + "sentryUrl": "https://2b68ecf0c4d02e6cc9433c371321ac9d@o4509530141622272.ingest.de.sentry.io/4509910315237456" } diff --git a/values/prometheus/manifests/policies/prometheus-add-folder-to-default-dashboards.yaml b/values/prometheus/manifests/policies/prometheus-add-folder-to-default-dashboards.yaml index c3505a1d..0fb12eca 100644 --- a/values/prometheus/manifests/policies/prometheus-add-folder-to-default-dashboards.yaml +++ b/values/prometheus/manifests/policies/prometheus-add-folder-to-default-dashboards.yaml @@ -24,7 +24,7 @@ spec: grafana_folder: Prometheus-stack targets: - apiVersion: v1 - kind: ConfigMap + kind: ConfigMap name: "{{`{{ request.object.metadata.name }}`}}" name: generate-dashboard-folder-annotation skipBackgroundRequests: true diff --git a/values/redis/env.yaml.gotmpl b/values/redis/env.yaml.gotmpl index fc71bdd3..1a39fe59 100644 --- a/values/redis/env.yaml.gotmpl +++ b/values/redis/env.yaml.gotmpl @@ -1,5 +1,5 @@ redis: - enabled: true + enabled: true envs: - prod - staging \ No newline at end of file diff --git a/values/redis/manifests/redis.yaml b/values/redis/manifests/redis.yaml index 0d3731dd..e0364c13 100644 --- a/values/redis/manifests/redis.yaml +++ b/values/redis/manifests/redis.yaml @@ -3,7 +3,7 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: {{ . }}-redis + name: {{ . }}-redis namespace: argocd annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true diff --git a/values/sorcerer/kustomize/prod-rossby/appsettings.json b/values/sorcerer/kustomize/prod-rossby/appsettings.json index a8be6dd8..f022a0b5 100644 --- a/values/sorcerer/kustomize/prod-rossby/appsettings.json +++ b/values/sorcerer/kustomize/prod-rossby/appsettings.json @@ -60,7 +60,7 @@ "https://maps.beta.oceanbox.io", "https://atlantis.beta.oceanbox.io", "https://jonas-atlantis.dev.oceanbox.io", - "https://stig-atlantis.dev.oceanbox.io", + "https://stig-atlantis.dev.oceanbox.io" ], "appName": "sorcerer", "appEnv": "prod", diff --git a/values/system/hel1/kyverno/sync-regcred.yaml b/values/system/hel1/kyverno/sync-regcred.yaml index b8c65f3f..9ab9100d 100644 --- a/values/system/hel1/kyverno/sync-regcred.yaml +++ b/values/system/hel1/kyverno/sync-regcred.yaml @@ -13,7 +13,7 @@ metadata: is time consuming and error prone. This policy will copy a Secret called `regcred` which exists in the `default` Namespace to new Namespaces when they are created. It will also push updates to - the copied Secrets should the source Secret be changed. + the copied Secrets should the source Secret be changed. spec: rules: - name: sync-image-pull-secret diff --git a/values/system/manifests/kube-proxy-rbac.yaml b/values/system/manifests/kube-proxy-rbac.yaml index 0b53b301..a695d238 100644 --- a/values/system/manifests/kube-proxy-rbac.yaml +++ b/values/system/manifests/kube-proxy-rbac.yaml @@ -37,7 +37,7 @@ rules: resources: - events verbs: ["*"] - + - nonResourceURLs: ["*"] verbs: ["*"] - apiGroups: diff --git a/values/system/oceanbox/kyverno/sync-regcred.yaml b/values/system/oceanbox/kyverno/sync-regcred.yaml index b8c65f3f..9ab9100d 100644 --- a/values/system/oceanbox/kyverno/sync-regcred.yaml +++ b/values/system/oceanbox/kyverno/sync-regcred.yaml @@ -13,7 +13,7 @@ metadata: is time consuming and error prone. This policy will copy a Secret called `regcred` which exists in the `default` Namespace to new Namespaces when they are created. It will also push updates to - the copied Secrets should the source Secret be changed. + the copied Secrets should the source Secret be changed. spec: rules: - name: sync-image-pull-secret diff --git a/values/umami/queries/query b/values/umami/queries/query index e1513099..9045a597 100755 --- a/values/umami/queries/query +++ b/values/umami/queries/query @@ -1,6 +1,6 @@ #!/usr/bin/env bash -if [ $# -ne 1 ] +if [[ $# -ne 1 ]] then echo "Usage: $0 .sql" exit 1 @@ -8,11 +8,11 @@ fi file=$1 -if [ ! -e $file ] +if [[ ! -e "${file}" ]] then - echo "file $file does not exist" + echo "file ${file} does not exist" exit 1 fi -cat $file | kubectl -n analytics exec -i svc/prod-umami-db-rw -c postgres -- psql app +kubectl -n analytics exec -i svc/prod-umami-db-rw -c postgres -- psql app < "${file}" diff --git a/values/umami/queries/sim_count.sql b/values/umami/queries/sim_count.sql index 9fdd6870..4d98d8ac 100644 --- a/values/umami/queries/sim_count.sql +++ b/values/umami/queries/sim_count.sql @@ -32,7 +32,7 @@ GROUP BY SELECT * -FROM +FROM crosstab_integer_5_cols( 'SELECT * FROM simulations WHERE diff --git a/values/umami/queries/umami-visitors.sql b/values/umami/queries/umami-visitors.sql index 5441b1b3..f370805b 100644 --- a/values/umami/queries/umami-visitors.sql +++ b/values/umami/queries/umami-visitors.sql @@ -1,4 +1,4 @@ -select +select s.distinct_id, count(distinct w.visit_id) from @@ -9,7 +9,7 @@ join where w.website_id = '16e7d807-4db5-45fd-92a9-27393445a153' and w.event_type = 1 - and w.created_at between '2025-10-13' and '2025-10-19' + and w.created_at between '2025-10-13' and '2025-10-19' and s.distinct_id is not null and substring(s.distinct_id similar '%#"@%#"' escape '#') not in ('@oceanbox.io') group by diff --git a/values/umami/queries/umami.sql b/values/umami/queries/umami.sql index 6bb035cc..1fb1dbe6 100644 --- a/values/umami/queries/umami.sql +++ b/values/umami/queries/umami.sql @@ -9,7 +9,7 @@ join where w.website_id = '16e7d807-4db5-45fd-92a9-27393445a153' and w.event_type = 1 - and w.created_at between '2025-10-06' and '2025-10-10' + and w.created_at between '2025-10-06' and '2025-10-10' and s.distinct_id is not null and s.distinct_id like '%@%' group by diff --git a/values/umami/queries/weekly-sim-submit-count-norm.sql b/values/umami/queries/weekly-sim-submit-count-norm.sql index 61859eb5..671a69a2 100644 --- a/values/umami/queries/weekly-sim-submit-count-norm.sql +++ b/values/umami/queries/weekly-sim-submit-count-norm.sql @@ -21,7 +21,7 @@ SELECT * -FROM +FROM crosstab( 'SELECT "group", sim_type, count::text FROM weekly_sim_submit_count_v2 ORDER BY 1, 2', 'SELECT DISTINCT sim_type FROM weekly_sim_submit_count_v2 ORDER BY 1'