cody
/
okd-git-poller
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add support for secured projects.

This commit is contained in:
William Young 2022-09-02 18:53:17 +02:00
parent df238cd895
commit 8a487bc2a4
3 changed files with 60 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Containerfile
View File

@ -1,5 +1,5 @@
FROM codycode/okd-tools:4.10.0 FROM codycode/okd-tools:4.10.0
RUN apk --no-cache add zsh jq git RUN apk --no-cache add zsh jq git
COPY check_all.sh . COPY check_all.sh git_askpass.sh .
RUN chmod +x check_all.sh RUN chmod +x check_all.sh git_askpass.sh
CMD ./check_all.sh CMD ./check_all.sh

56
check_all.sh
View File

@ -2,6 +2,10 @@
echo "Git Poll Check All v1.2" echo "Git Poll Check All v1.2"
echo
echo "Checking \"basic\" type projects"
echo
buildconfigs=$( oc get buildconfigs -A -l gitpoller.unstable.tech/type=basic -o json ) buildconfigs=$( oc get buildconfigs -A -l gitpoller.unstable.tech/type=basic -o json )
jq ".items[]" -c <<< $buildconfigs | while read -r line; do; jq ".items[]" -c <<< $buildconfigs | while read -r line; do;
@ -21,4 +25,56 @@ jq ".items[]" -c <<< $buildconfigs | while read -r line; do;
fi fi
done done
echo
echo "Checking \"secure\" type projects"
echo
buildconfigs=$( oc get buildconfigs -A -l gitpoller.unstable.tech/type=secure -o json )
jq ".items[]" -c <<< $buildconfigs | while read -r line; do;
# jq <<< $line
name=$(jq -r ".metadata.name" <<< $line)
namespace=$(jq -r '.metadata.namespace' <<< $line)
gituri=$(jq -r ".spec.source.git.uri" <<< $line)
gitref=$(jq -r ".spec.source.git.ref // \"main\"" <<< $line)
GIT_TOKEN=""
sourceSecretName=$(jq -r ".spec.source.sourceSecret.name" <<< $line)
sourceSecret=$(oc get -n "$namespace" secret "$sourceSecretName" -o json)
# echo $sourceSecret
sourceSecretType=$(jq -r ".type" <<< $sourceSecret)
case $sourceSecretType in
"kubernetes.io/basic-auth")
GIT_TOKEN=$(jq -r '.data.password' <<< $sourceSecret | base64 -D)
gitUsername=$(jq -r '.data.username' <<< $sourceSecret)
if [[ "$gitUsername" != "" ]]; then
IFS=":" read -r gitProtocol gitUriFragment <<< $gituri
gituri="$gitProtocol://$gitUsername@${gitUriFragment:2}"
echo $gituri
fi
;;
"kubernetes.io/ssh-auth")
keyfile=$(mktemp)
jq -r ".data.\"ssh-privatekey\"" <<< $sourceSecret | base64 -D > $keyfile
;;
*)
echo "UNSUPPORTED buildConfig sourceSecret TYPE"
;;
esac
echo $GIT_TOKEN
echo "$name = $gituri:$gitref"
ref=$(GIT_ASKPASS=$(pwd)/git_askpass.sh GIT_SSH_COMMAND="ssh -i $keyfile -o IdentitiesOnly=yes" GIT_TOKEN="$GIT_TOKEN" git ls-remote -h "$gituri" "refs/heads/$gitref" | cut -f1)
if [[ -v keyfile && -f $keyfile ]]; then
rm -f $keyfile #cleanup
fi
checkref=$(jq -r ".metadata.annotations.\"gitpoller.unstable.tech/lastref\"" <<< $line)
if [[ "$ref" != "$checkref" ]]; then
echo "Update needed for $namespace / $name"
oc start-build -n "$namespace" "$name" -w && oc annotate -n "$namespace" --overwrite buildconfig "$name" "gitpoller.unstable.tech/lastref=$ref"
else
echo "$namespace / $name is up to date"
fi
done
# echo $buildconfigs
echo done echo done

2
git_askpass.sh Executable file
View File

@ -0,0 +1,2 @@
#!/usr/bin/env zsh
echo $GIT_TOKEN