Add support for secured projects.
This commit is contained in:
William Young
parent
df238cd895
commit
8a487bc2a4
|
|
@ -1,5 +1,5 @@
|
|||
FROM codycode/okd-tools:4.10.0
|
||||
RUN apk --no-cache add zsh jq git
|
||||
COPY check_all.sh .
|
||||
RUN chmod +x check_all.sh
|
||||
COPY check_all.sh git_askpass.sh .
|
||||
RUN chmod +x check_all.sh git_askpass.sh
|
||||
CMD ./check_all.sh
|
||||
|
|
|
|||
56
check_all.sh
56
check_all.sh
|
|
@ -2,6 +2,10 @@
|
|||
|
||||
echo "Git Poll Check All v1.2"
|
||||
|
||||
echo
|
||||
echo "Checking \"basic\" type projects"
|
||||
echo
|
||||
|
||||
buildconfigs=$( oc get buildconfigs -A -l gitpoller.unstable.tech/type=basic -o json )
|
||||
|
||||
jq ".items[]" -c <<< $buildconfigs | while read -r line; do;
|
||||
|
|
@ -21,4 +25,56 @@ jq ".items[]" -c <<< $buildconfigs | while read -r line; do;
|
|||
fi
|
||||
done
|
||||
|
||||
echo
|
||||
echo "Checking \"secure\" type projects"
|
||||
echo
|
||||
|
||||
buildconfigs=$( oc get buildconfigs -A -l gitpoller.unstable.tech/type=secure -o json )
|
||||
|
||||
jq ".items[]" -c <<< $buildconfigs | while read -r line; do;
|
||||
# jq <<< $line
|
||||
name=$(jq -r ".metadata.name" <<< $line)
|
||||
namespace=$(jq -r '.metadata.namespace' <<< $line)
|
||||
gituri=$(jq -r ".spec.source.git.uri" <<< $line)
|
||||
gitref=$(jq -r ".spec.source.git.ref // \"main\"" <<< $line)
|
||||
GIT_TOKEN=""
|
||||
sourceSecretName=$(jq -r ".spec.source.sourceSecret.name" <<< $line)
|
||||
sourceSecret=$(oc get -n "$namespace" secret "$sourceSecretName" -o json)
|
||||
# echo $sourceSecret
|
||||
sourceSecretType=$(jq -r ".type" <<< $sourceSecret)
|
||||
case $sourceSecretType in
|
||||
"kubernetes.io/basic-auth")
|
||||
GIT_TOKEN=$(jq -r '.data.password' <<< $sourceSecret | base64 -D)
|
||||
gitUsername=$(jq -r '.data.username' <<< $sourceSecret)
|
||||
if [[ "$gitUsername" != "" ]]; then
|
||||
IFS=":" read -r gitProtocol gitUriFragment <<< $gituri
|
||||
gituri="$gitProtocol://$gitUsername@${gitUriFragment:2}"
|
||||
echo $gituri
|
||||
fi
|
||||
;;
|
||||
"kubernetes.io/ssh-auth")
|
||||
keyfile=$(mktemp)
|
||||
jq -r ".data.\"ssh-privatekey\"" <<< $sourceSecret | base64 -D > $keyfile
|
||||
;;
|
||||
*)
|
||||
echo "UNSUPPORTED buildConfig sourceSecret TYPE"
|
||||
;;
|
||||
esac
|
||||
echo $GIT_TOKEN
|
||||
echo "$name = $gituri:$gitref"
|
||||
ref=$(GIT_ASKPASS=$(pwd)/git_askpass.sh GIT_SSH_COMMAND="ssh -i $keyfile -o IdentitiesOnly=yes" GIT_TOKEN="$GIT_TOKEN" git ls-remote -h "$gituri" "refs/heads/$gitref" | cut -f1)
|
||||
if [[ -v keyfile && -f $keyfile ]]; then
|
||||
rm -f $keyfile #cleanup
|
||||
fi
|
||||
checkref=$(jq -r ".metadata.annotations.\"gitpoller.unstable.tech/lastref\"" <<< $line)
|
||||
if [[ "$ref" != "$checkref" ]]; then
|
||||
echo "Update needed for $namespace / $name"
|
||||
oc start-build -n "$namespace" "$name" -w && oc annotate -n "$namespace" --overwrite buildconfig "$name" "gitpoller.unstable.tech/lastref=$ref"
|
||||
else
|
||||
echo "$namespace / $name is up to date"
|
||||
fi
|
||||
done
|
||||
|
||||
# echo $buildconfigs
|
||||
|
||||
echo done
|
||||
|
|
|
|||
|
|
@ -0,0 +1,2 @@
|
|||
#!/usr/bin/env zsh
|
||||
echo $GIT_TOKEN
|
||||
Loading…
Reference in New Issue