Skip to content

Commit

Permalink
Add CI variable management to GitRepo (#285)
Browse files Browse the repository at this point in the history
  • Loading branch information
@bastjan
bastjan authored Jul 17, 2024
1 parent 73804c7 commit 6af245c
Show file tree
Hide file tree
Showing 22 changed files with 2,309 additions and 24 deletions.
56 changes: 56 additions & 0 deletions api/v1alpha1/gitrepo_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,60 @@ type GitRepoTemplate struct {
// Adopt: will create a new external resource or will adopt and manage an already existing resource
// +kubebuilder:validation:Enum=Create;Adopt
CreationPolicy CreationPolicy `json:"creationPolicy,omitempty"`
// AccessToken contains configuration for storing an access token in a secret.
// If set, the Lieutenant operator will store an access token into this secret, which can be used to access the Git repository.
// The token is stored under the key "token".
// In the case of GitLab, this would be a Project Access Token with read-write access to the repository.
AccessToken AccessToken `json:"accessToken,omitempty"`
// CIVariables is a list of key-value pairs that will be set as CI variables in the Git repository.
//
// The variables are not expanded like PodSpec environment variables.
CIVariables []EnvVar `json:"ciVariables,omitempty"`
}

type AccessToken struct {
// SecretRef references the secret the access token is stored in
SecretRef string `json:"secretRef,omitempty"`
}

// EnvVar represents an environment added to the CI system of the Git repository.
type EnvVar struct {
// Name of the environment variable
// +required
Name string `json:"name"`
// Value of the environment variable
// +optional
Value string `json:"value,omitempty"`

// ValueFrom is a reference to an object that contains the value of the environment variable
// +optional
ValueFrom *EnvVarSource `json:"valueFrom,omitempty"`

// GitlabOptions contains additional options for GitLab CI variables
// +optional
GitlabOptions EnvVarGitlabOptions `json:"gitlabOptions,omitempty"`
}

type EnvVarGitlabOptions struct {
// Description is a description of the CI variable.
// +optional
Description string `json:"description,omitempty"`
// Protected will expose the variable only in protected branches and tags.
// +optional
Protected bool `json:"protected,omitempty"`
// Masked will mask the variable in the job logs.
// +optional
Masked bool `json:"masked,omitempty"`
// Raw will prevent the variable from being expanded.
// +optional
Raw bool `json:"raw,omitempty"`
}

// EnvVarSource represents a source for the value of an EnvVar.
type EnvVarSource struct {
// Selects a key of a secret in the pod's namespace
// +optional
SecretKeyRef *corev1.SecretKeySelector `json:"secretKeyRef,omitempty"`
}

// DeployKey defines an SSH key to be used for git operations.
Expand All @@ -110,6 +164,8 @@ type GitRepoStatus struct {
URL string `json:"url,omitempty"`
// SSH HostKeys of the git server
HostKeys string `json:"hostKeys,omitempty"`
// LastAppliedCIVariables contains the last applied CI variables as a json string
LastAppliedCIVariables string `json:"lastAppliedCIVariables,omitempty"`
}

// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
Expand Down
80 changes: 80 additions & 0 deletions api/v1alpha1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

85 changes: 85 additions & 0 deletions config/crd/bases/syn.tools_clusters.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,18 @@ spec:
gitRepoTemplate:
description: GitRepoTemplate template for managing the GitRepo object.
properties:
accessToken:
description: |-
AccessToken contains configuration for storing an access token in a secret.
If set, the Lieutenant operator will store an access token into this secret, which can be used to access the Git repository.
The token is stored under the key "token".
In the case of GitLab, this would be a Project Access Token with read-write access to the repository.
properties:
secretRef:
description: SecretRef references the secret the access token
is stored in
type: string
type: object
apiSecretRef:
description: APISecretRef reference to secret containing connection
information
Expand All @@ -99,6 +111,79 @@ spec:
type: string
type: object
x-kubernetes-map-type: atomic
ciVariables:
description: |-
CIVariables is a list of key-value pairs that will be set as CI variables in the Git repository.
The variables are not expanded like PodSpec environment variables.
items:
description: EnvVar represents an environment added to the CI
system of the Git repository.
properties:
gitlabOptions:
description: GitlabOptions contains additional options for
GitLab CI variables
properties:
description:
description: Description is a description of the CI
variable.
type: string
masked:
description: Masked will mask the variable in the job
logs.
type: boolean
protected:
description: Protected will expose the variable only
in protected branches and tags.
type: boolean
raw:
description: Raw will prevent the variable from being
expanded.
type: boolean
type: object
name:
description: Name of the environment variable
type: string
value:
description: Value of the environment variable
type: string
valueFrom:
description: ValueFrom is a reference to an object that
contains the value of the environment variable
properties:
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
required:
- name
type: object
type: array
creationPolicy:
description: |-
CreationPolicy defines how the external resources should be treated upon CR creation.
Expand Down
85 changes: 85 additions & 0 deletions config/crd/bases/syn.tools_gitrepos.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,18 @@ spec:
spec:
description: GitRepoSpec defines the desired state of GitRepo
properties:
accessToken:
description: |-
AccessToken contains configuration for storing an access token in a secret.
If set, the Lieutenant operator will store an access token into this secret, which can be used to access the Git repository.
The token is stored under the key "token".
In the case of GitLab, this would be a Project Access Token with read-write access to the repository.
properties:
secretRef:
description: SecretRef references the secret the access token
is stored in
type: string
type: object
apiSecretRef:
description: APISecretRef reference to secret containing connection
information
Expand All @@ -67,6 +79,75 @@ spec:
type: string
type: object
x-kubernetes-map-type: atomic
ciVariables:
description: |-
CIVariables is a list of key-value pairs that will be set as CI variables in the Git repository.
The variables are not expanded like PodSpec environment variables.
items:
description: EnvVar represents an environment added to the CI system
of the Git repository.
properties:
gitlabOptions:
description: GitlabOptions contains additional options for GitLab
CI variables
properties:
description:
description: Description is a description of the CI variable.
type: string
masked:
description: Masked will mask the variable in the job logs.
type: boolean
protected:
description: Protected will expose the variable only in
protected branches and tags.
type: boolean
raw:
description: Raw will prevent the variable from being expanded.
type: boolean
type: object
name:
description: Name of the environment variable
type: string
value:
description: Value of the environment variable
type: string
valueFrom:
description: ValueFrom is a reference to an object that contains
the value of the environment variable
properties:
secretKeyRef:
description: Selects a key of a secret in the pod's namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
required:
- name
type: object
type: array
creationPolicy:
description: |-
CreationPolicy defines how the external resources should be treated upon CR creation.
Expand Down Expand Up @@ -152,6 +233,10 @@ spec:
hostKeys:
description: SSH HostKeys of the git server
type: string
lastAppliedCIVariables:
description: LastAppliedCIVariables contains the last applied CI variables
as a json string
type: string
phase:
description: |-
Updated by Operator with current phase. The GitPhase enum will be used for application logic
Expand Down
Loading

0 comments on commit 6af245c

Please sign in to comment.