Add/forgejo

Makefile

@@ -103,7 +103,7 @@ cluster=https://kubernetes.default.svc
 push-golden: commodore_args += -f tests/$(instance).yml
 push-golden: clean gen-golden ## Push the target instance to the local forgejo instance, so it can be applied by argocd
 	cd tests/golden/$(instance)/appcat/appcat && \
-	git init && \
+	git init --initial-branch=master && \
 	git add . && \
 	git commit -m "update" && \
 	git remote add origin http://gitea_admin:[email protected]:8088/gitea_admin/$(repo).git && \

class/appcat.yml

@@ -72,6 +72,7 @@ parameters:
           - ${_base_directory}/component/billing.jsonnet
           - ${_base_directory}/component/rbac_testing.jsonnet
           - ${_base_directory}/component/vshn_nextcloud.jsonnet
+          - ${_base_directory}/component/vshn_codey.jsonnet
         input_type: jsonnet
         output_path: appcat/
 

class/defaults.yml

@@ -22,6 +22,9 @@ parameters:
       nextcloud:
         source: https://nextcloud.github.io/helm/
         version: 6.2.4
+      forgejo:
+        source: oci://code.forgejo.org/forgejo-helm/forgejo
+        version: 11.0.1
     images:
       provider-kubernetes:
         registry: xpkg.upbound.io
@@ -58,7 +61,7 @@ parameters:
       appcat:
         registry: ghcr.io
         repository: vshn/appcat
-        tag: v4.122.0
+        tag: v4.123.0
       functionAppcat:
         registry: ${appcat:images:appcat:registry}
         repository: ${appcat:images:appcat:repository}
@@ -431,6 +434,8 @@ parameters:
           uptime: ${appcat:slos:uptimeDefaults}
         Nextcloud:
           uptime: ${appcat:slos:uptimeDefaults}
+        Forgejo:
+          uptime: ${appcat:slos:uptimeDefaults}
 
     providers:
       cloudscale:
@@ -551,6 +556,68 @@ parameters:
         e2eTests: false
         quotasEnabled: ${appcat:quotasEnabled}
         secretNamespace: ${appcat:crossplane:namespace}
+        forgejo:
+          billing: true
+          serviceName: VSHNForgejo
+          compFunctionsOnly: true
+          connectionSecretKeys:
+            - FORGEJO_HOST
+            - FORGEJO_PASSWORD
+            - FORGEJO_URL
+            - FORGEJO_USERNAME
+            - ca.crt
+          mode: standalone
+          offered: true
+          enabled: true
+          restoreSA: forgejoserviceaccount
+          restoreRoleRules: ${appcat:defaultRestoreRoleRules}
+          additionalInputs:
+            busybox_image: ${appcat:images:busybox:registry}/${appcat:images:busybox:image}
+            oc_image: ${appcat:images:oc:registry}/${appcat:images:oc:image}:${appcat:images:oc:tag}
+            ingress_annotations: |
+              cert-manager.io/cluster-issuer: letsencrypt-production
+          openshiftTemplate:
+            serviceName: forgejobyvshn
+            description: "Forgejo is a self-hosted lightweight software forge."
+            message: 'Your Forgejo by VSHN instance is being provisioned, please see \${SECRET_NAME} for access.'
+            url: https://vs.hn/vshn-forgejo
+            tags: "codehosting,forgejo"
+            icon: "icon-forgejo"
+            defaultVersion: "22"
+          enableNetworkPolicy: false
+          secretNamespace: ${appcat:services:vshn:secretNamespace}
+          helmChartVersion: ${appcat:charts:forgejo:version}
+          imageRegistry: ""
+          bucket_region: "lpg"
+          grpcEndpoint: ${appcat:grpcEndpoint}
+          proxyFunction: ${appcat:proxyFunction}
+          defaultPlan: small
+          sla: 99.25
+          plans:
+            mini:
+              size:
+                enabled: true
+                cpu: "500m"
+                memory: "2Gi"
+                disk: 10Gi
+            small:
+              size:
+                enabled: true
+                cpu: "1"
+                memory: "4Gi"
+                disk: 50Gi
+            medium:
+              size:
+                enabled: true
+                cpu: "2"
+                memory: "8Gi"
+                disk: 200Gi
+            large:
+              size:
+                enabled: true
+                cpu: "4"
+                memory: "16Gi"
+                disk: 500Gi
         postgres:
           billing: true
           # bucket_region: 'lpg' || 'ch-gva-2'
@@ -951,7 +1018,47 @@ parameters:
                 cpu: "2"
                 memory: "8Gi"
                 disk: 16Gi
-
+        codey:
+          billing: false
+          serviceName: Codey
+          connectionSecretKeys:
+            - CODEY_HOST
+            - CODEY_PASSWORD
+            - CODEY_URL
+            - CODEY_USERNAME
+            - ca.crt
+          mode: standalone
+          offered: true
+          enabled: true
+          restoreSA: codeyserviceaccount
+          restoreRoleRules: ${appcat:defaultRestoreRoleRules}
+          openshiftTemplate:
+            serviceName: codey
+            description: "Codey is a secure, fast and reliable code collaboration platform made and hosted in Europe, with 100% free software."
+            message: 'Your Codey instance is being provisioned, please see \${SECRET_NAME} for access.'
+            url: https://www.codey.ch/
+            tags: "codehosting,codey,fogejo"
+            icon: "icon-codey"
+            defaultVersion: "22"
+          enableNetworkPolicy: false
+          secretNamespace: ${appcat:services:vshn:secretNamespace}
+          imageRegistry: ""
+          bucket_region: "lpg"
+          defaultPlan: mini
+          sla: 99.25
+          plans:
+            mini:
+              size:
+                enabled: true
+                cpu: "500m"
+                memory: "2Gi"
+                disk: 10Gi
+            small:
+              size:
+                enabled: true
+                cpu: "1"
+                memory: "4Gi"
+                disk: 50Gi
       # Config for exoscale composites
       exoscale:
         enabled: false

component/appcat_controller.jsonnet

@@ -94,6 +94,7 @@ local controller = loadManifest('deployment.yaml') {
           if c.name == 'manager' then
             c {
               image: common.GetAppCatImageString(),
+              imagePullPolicy: 'IfNotPresent',
               args+: mergedArgs,
               env+: mergedEnv,
               resources: controllersParams.resources,

component/functions.jsonnet

@@ -20,6 +20,7 @@ local getFunction(name, package, runtimeConfigName) = {
   },
   spec: {
     package: package,
+    packagePullPolicy: 'IfNotPresent',
     runtimeConfigRef: {
       name: runtimeConfigName,
     },

component/provider.jsonnet

@@ -88,6 +88,11 @@ local providerRBAC = {
         resources: [ 'xobjectbuckets' ],
         verbs: [ 'get', 'list', 'watch', 'update', 'patch', 'create', 'delete' ],
       },
+      {
+        apiGroups: [ 'vshn.appcat.vshn.io' ],
+        resources: [ 'xvshnforgejoes', 'vshnforgejoes' ],
+        verbs: [ 'get', 'list', 'watch', 'update', 'patch', 'create', 'delete' ],
+      },
       {
         apiGroups: [ 'cert-manager.io' ],
         resources: [ 'issuers', 'certificates' ],

component/vshn_appcat_services.jsonnet

@@ -24,12 +24,13 @@ local getServiceNamePlural(serviceName) =
   local serviceNameLower = std.asciiLower(serviceName);
   if std.endsWith(serviceName, 's') then
     serviceNameLower
+  else if std.endsWith(serviceName, 'jo') then
+    serviceNameLower + 'es'
   else
     serviceNameLower + 's';
 
 local vshn_appcat_service(name, serviceParams) =
   local isOpenshift = std.startsWith(inv.parameters.facts.distribution, 'openshift') || inv.parameters.facts.distribution == 'oke';
-
   local isBestEffort = !std.member([ 'guaranteed_availability', 'premium' ], inv.parameters.facts.service_level);
 
   local connectionSecretKeys = serviceParams.connectionSecretKeys;

component/vshn_codey.jsonnet

@@ -0,0 +1,135 @@
+local com = import 'lib/commodore.libjsonnet';
+local kap = import 'lib/kapitan.libjsonnet';
+local kube = import 'lib/kube.libjsonnet';
+
+local comp = import 'lib/appcat-compositions.libsonnet';
+local crossplane = import 'lib/appcat-crossplane.libsonnet';
+
+local common = import 'common.libsonnet';
+local vars = import 'config/vars.jsonnet';
+local prom = import 'prometheus.libsonnet';
+local slos = import 'slos.libsonnet';
+local opsgenieRules = import 'vshn_alerting.jsonnet';
+local xrds = import 'xrds.libsonnet';
+
+local inv = kap.inventory();
+local params = inv.parameters.appcat;
+local codeyParams = params.services.vshn.codey;
+local appuioManaged = inv.parameters.appcat.appuioManaged;
+
+local serviceNameLabelKey = 'appcat.vshn.io/servicename';
+local serviceNamespaceLabelKey = 'appcat.vshn.io/claim-namespace';
+local serviceCLaimNameLabelKey = 'appcat.vshn.io/claim-name';
+
+local connectionSecretKeys = [
+  'CODEY_USERNAME',
+  'CODEY_PASSWORD',
+  'CODEY_URL',
+];
+
+local isOpenshift = std.startsWith(inv.parameters.facts.distribution, 'openshift') || inv.parameters.facts.distribution == 'oke';
+
+local securityContext = if isOpenshift then false else true;
+
+local codeyPlans = common.FilterDisabledParams(codeyParams.plans);
+
+local xrd = xrds.XRDFromCRD(
+  'xcodeyinstances.codey.io',
+  xrds.LoadCRD('codey.io_codeyinstances.yaml', params.images.appcat.tag),
+  defaultComposition='codey.io',
+  connectionSecretKeys=connectionSecretKeys,
+);
+
+local composition =
+  local vshnforgejo = {
+    apiVersion: 'vshn.appcat.vshn.io/v1',
+    kind: 'XVSHNForgejo',
+    metadata: {
+      name: 'vshnforgejo',
+    },
+    spec: {
+      parameters: {
+        service: {
+          adminEmail: '[email protected]',
+          majorVersion: '10.0.0',
+          fqdn: [ 'myforgejo.127.0.0.1.nip.io' ],
+        },
+        size: {
+          plan: 'mini',
+        },
+        security: {
+          deletionProtection: false,
+        },
+      },
+    },
+  };
+
+
+  kube._Object('apiextensions.crossplane.io/v1', 'Composition', 'codey.io') +
+  common.SyncOptions +
+  common.vshnMetaVshnDBaas('instance', 'standalone', 'true', codeyPlans) +
+  {
+    spec: {
+      compositeTypeRef: comp.CompositeRef(xrd),
+      writeConnectionSecretsToNamespace: codeyParams.secretNamespace,
+      mode: 'Pipeline',
+      pipeline:
+        [
+          {
+            step: 'patch-and-transform',
+            functionRef: {
+              name: 'function-patch-and-transform',
+            },
+            input: {
+              apiVersion: 'pt.fn.crossplane.io/v1beta1',
+              kind: 'Resources',
+              resources: [
+                {
+                  name: 'vshnforgejo',
+                  base: vshnforgejo,
+                  connectionDetails: [
+                    {
+                      name: 'CODEY_PASSWORD',
+                      type: 'FromConnectionSecretKey',
+                      fromConnectionSecretKey: 'FORGEJO_PASSWORD',
+                    },
+                    {
+                      name: 'CODEY_URL',
+                      type: 'FromConnectionSecretKey',
+                      fromConnectionSecretKey: 'FORGEJO_URL',
+                    },
+                    {
+                      name: 'CODEY_USERNAME',
+                      type: 'FromConnectionSecretKey',
+                      fromConnectionSecretKey: 'FORGEJO_USERNAME',
+                    },
+                  ],
+                  patches: [
+                    comp.FromCompositeFieldPath('metadata.labels["crossplane.io/composite"]', 'metadata.name'),
+                    comp.FromCompositeFieldPath('spec.parameters.service.adminEmail', 'spec.parameters.service.adminEmail'),
+                    comp.FromCompositeFieldPath('spec.parameters.service.majorVersion', 'spec.parameters.service.majorVersion'),
+                    comp.FromCompositeFieldPathWithTransform('metadata.name', 'spec.parameters.service.fqdn[0]', '', '.app.codey.ch'),
+                    comp.FromCompositeFieldPath('spec.parameters.size.plan', 'spec.parameters.size.plan'),
+                  ],
+                },
+              ],
+            },
+          },
+        ],
+    },
+  };
+
+local plansCM = kube.ConfigMap('codeyplans') + {
+  metadata+: {
+    namespace: params.namespace,
+  },
+  data: {
+    plans: std.toString(codeyPlans),
+  },
+};
+
+if params.services.vshn.enabled && codeyParams.enabled && vars.isSingleOrControlPlaneCluster then {
+  '20_xrd_vshn_codey': xrd,
+  '20_rbac_vshn_codey': xrds.CompositeClusterRoles(xrd),
+  '21_composition_vshn_codey': composition,
+} else {}

tests/dev.yml

@@ -29,7 +29,7 @@ parameters:
       busybox:
         registry: dockerhub.vshn.net
 
-    grpcEndpoint: 172.19.0.1:9443
+    grpcEndpoint: host.docker.internal:9443
     proxyFunction: false
 
     quotasEnabled: false

tests/e2e/forgejo/00-assert.yaml

@@ -0,0 +1,34 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestAssert
+timeout: 60
+---
+apiVersion: vshn.appcat.vshn.io/v1
+kind: VSHNForgejo
+metadata:
+  finalizers:
+  - finalizer.apiextensions.crossplane.io
+  name: forgejo-e2e
+spec:
+  compositionUpdatePolicy: Automatic
+  parameters:
+    backup: {}
+    security:
+      allowAllNamespaces: false
+      deletionProtection: false
+    service:
+      adminEmail: [email protected]
+      fqdn:
+      - somesuperingressname.apps.lab-cloudscale-rma-0.appuio.cloud
+      serviceLevel: besteffort
+      version: 10.0.0
+    size:
+      plan: small
+  resourceRef:
+    apiVersion: vshn.appcat.vshn.io/v1
+    kind: XVSHNForgejo
+  writeConnectionSecretToRef:
+    name: mysupersecret
+status:
+  conditions:
+  - status: "True"
+  - status: "True"