diff --git a/README.md b/README.md index 8c25e8f..10d0321 100644 --- a/README.md +++ b/README.md @@ -6,25 +6,62 @@ ## Purpose -Delivering cryogen generated static sites with the push of a few buttons. +**GitOps for static generated Websites.** -c4k-website generates configuration files for multiple nginx webservers, and -corresponding cryogen static site generator build containers. This automatically downloads a `.zip` from a specified gitea API url. You need an authorization token to access the specified gitea user account. The build container is based on clojure:lein. +c4k-website generates k8s-manifest for a webserver serving static html. -Following the example in valid-config.edn and valid-auth.edn you can add as many websites as you like (provided you have the DNS Routes set up). One set of configmaps, deployment, services etc will be created for each element in the :websites and :auth list. +c4k-website is an example how to create k8s manifests for OneShotDeployments with https://repo.prod.meissa.de/meissa/c4k-common. -Configs generated by c4k-website consists of the following parts: +## Features -* nginx deployment + configmap + service + ingress + certificate definitions -* nginx deployment has init container, building the website at startup time -* cron job for building and build secret for storing auth data -* respective volume claims +- [convention 4 kubernetes: c4k-website](#convention-4-kubernetes-c4k-website) + - [Purpose](#purpose) + - [Features](#features) + - [Serving multiple websites](#serving-multiple-websites) + - [https \& Letsencrypt Certificates](#https--letsencrypt-certificates) + - [Ratelimiting](#ratelimiting) + - [Monitoring](#monitoring) + - [GitOps your Websites](#gitops-your-websites) + - [Support Hugo and Cryogene](#support-hugo-and-cryogene) + - [Try out](#try-out) + - [Usage](#usage) + - [Development \& mirrors](#development--mirrors) + - [License](#license) -c4k-website is an example how to create efficient k8s one shot deployments with https://repo.prod.meissa.de/meissa/c4k-common. +### Serving multiple websites -## Status +You can serve many websites, each of can listen to a list of domain names. E.g. -Stable - we use this setup on production. +```yaml +# Config example +websites: +- unique-name: "test.io" + fqdns: ["test.de", "test.org", "www.test.de", "www.test.org"] +- unique-name: "example.io" + fqdns: ["example.org", "www.example.com"] +``` + +### https & Letsencrypt Certificates + +The domain names listed will get their certificates from letsencrypt out of the box. + +### Ratelimiting + +There is a Ratelimit included for each website. This makes it harder to DOS one or all websites served. + +### Monitoring + +Monitoring on GrafanaCloud (or any other grafana) is included out of the box. + +### GitOps your Websites + +If your repository is on a frogejo or gitea repo, we included GitOps. We ask every ten minutes the repo api for new pushed content. + +If there is new content we generate the new static html & serve it. + +### Support Hugo and Cryogene + +For static html generation we support cryogen & hugo. ## Try out @@ -36,48 +73,18 @@ Your input will stay in your browser. No server interaction is required. You will also be able to try out on cli: ``` -target/graalvm/c4k-website src/test/resources/website-test/valid-config.yaml src/test/resources/website-test/valid-auth.yaml | kubeval - -target/graalvm/c4k-website src/test/resources/website-test/valid-config.yaml src/test/resources/website-test/valid-auth.yaml | kubectl apply -f - +c4k-website src/test/resources/valid-config.yaml src/test/resources/valid-auth.yaml ``` - ## Usage -You need: +Prerequisites: +* DNS routes pointing to your k8s cluster. +* frogejo or gitea instance for your website repo. In doubt use https://codeberg.org +* A git repository with your hugo / cryogene website + * the project provides a `generate.sh` (maybe your generatoin needs some preprocessing) + * `generate.sh` deliver its static generated html to `target/html` -* DNS routes matching the fqdns in the lists -* cryogen as a static site generator -* a cryogen project ready to build -* a gitea account which holds the buildable project -* an authorization token for that account -* and a kubernetes cluster provisioned by [provs] - -Add a unique identifier for each website to config.edn and auth.edn (e.g. domain-name). -Add the list of fqdns, your gitea host, name of the website repo and the respective branch name (usually "main") to config.edn. -Add auth token and gitea user with access to the website repo to auth.edn. -Let c4k-website generate your .yaml file. -Apply this file on your cluster with `kubectl apply -f yourApp.yaml`. -Done. - -### Script Execution - -Optionally you can specify a trusted script in your config.edn. - -1. `sha256sum` "/path/to/your/script/file" -2. copy the output of this command -3. add the :sha256-output "hash-of-file file.name" :key value pair to the respective collection in :websites. - -Also, see the example in valid-config.edn. The script file needs to exist in the `.zip` and path specification to the script file should be relative to the root of the unzipped folder. Scripts can be of any type - as long as an according shebang exists in the first line. - -```bash -sha256sum your-script-file # use output of this call -sha256sum scripts/your-script-file # or this -sha256sum scripts/foo/bar/your-script-file # or this -``` - -### resource requests and limits - -You may want to adjust the resource requests and limits of the build and init containers to your specific scenario. ## Development & mirrors diff --git a/build.py b/build.py index 6b4cb14..2b31e6f 100644 --- a/build.py +++ b/build.py @@ -121,8 +121,9 @@ def package_native(project): "--no-fallback " + "--features=clj_easy.graal_build_time.InitClojureClasses " + "-jar target/uberjar/" + project.name + "-standalone.jar " + + "-march=compatibility " + "-H:IncludeResources=.*.yaml " + - "-H:IncludeResources=.*.xml " + + "-H:IncludeResources=logback.xml " + "-H:Log=registerResource:verbose " + "-H:Name=target/graalvm/" + project.name + "", shell=True, diff --git a/doc/Releasing.md b/doc/Releasing.md deleted file mode 100644 index bce2d2e..0000000 --- a/doc/Releasing.md +++ /dev/null @@ -1,77 +0,0 @@ -# Release process - -## ... for testing (snapshots) - -Make sure your clojars.org credentials are correctly set in your ~/.lein/profiles.clj file. - -``` bash -git add . -git commit -``` - -``` bash -lein deploy # or lein deploy clojars -``` - -## ... for stable release patch version - -Make sure tags are protected in gitlab: -Repository Settings -> Protected Tags -> set \*.\*.\* as tag and save. - -Make sure all your changes are committed: -``` bash -git checkout main # for old projects replace main with master -git add . -git commit -``` - -Open package.json, find "version" keyword and remove "-SNAPSHOT" from version number. - -``` bash -git add . -# REPLACE x.x.x with the correct version -git commit -m "Release vx.x.x" -lein release -git push --follow-tags -``` - -Open package.json again, increase version increment by one and add "-SNAPSHOT". - -``` bash -git commit -am "[Skip-CI] version bump" -git push -``` - -## ... for stable release minor version - -Make sure tags are protected in gitlab: -Repository Settings -> Protected Tags -> set \*.\*.\* as tag and save. - -``` bash -git checkout main # for old projects replace main with master -git add . -git commit -``` - -In package.json, find "version" keyword and remove "-SNAPSHOT" from version number. -Increment minor version by one, set patch version to zero. - -Open project.clj, find ":version" keyword, increment minor version by one, set patch version to zero. -Leave "-SNAPSHOT" be. - -``` bash -git add . -# REPLACE x.x.x with the correct version -git commit -m "Release vx.x.x" -lein release -git push --follow-tags -``` - -Open package.json again, increase version increment by one and add "-SNAPSHOT". - -``` bash -git commit -am "[Skip-CI] version bump" -git push -``` - -Done. diff --git a/doc/architecture.md b/doc/architecture.md index f36a207..741b82e 100644 --- a/doc/architecture.md +++ b/doc/architecture.md @@ -1,26 +1,19 @@ +# GitOps for Websites ```mermaid -C4Context - title c4k-webserver - Boundary(website, "website") { - System(website_ing1, "ingress f. host meissa-gmbh.de") - System(website_ing2, "ingress f. host meissa.de") - Boundary(website_pod, "website pod"){ - Boundary(aaa, "website container") { - System(ws, "webserver") - SystemDb(file_html, "static html") - Rel(ws, file_html, "file ro") - } - Boundary(aab, "cron build website") { - System(git_clone, "git clone/pull & lein ring server & copy to static html") - SystemDb(file_git, "git repo") - Rel(git_clone, file_git, "file rw") - Rel(git_clone, file_html, "file rw") - } - } - Rel(website_ing1, ws, "http") - Rel(website_ing2, ws, "http") - } +sequenceDiagram + Actor a as Website Author + participant j as Job triggerd by Cron + participant f as Forgejo Instance + participant g as Your Git Repo for Website + a ->> g: commit & push some new content + j ->> f: check repo hash for new commits + activate j + f ->> g: get lates commit hash + f -->> j: + j ->> f: download repo + j ->> j: generate.sh + j ->> j: cp /target/html to website + deactivate j ``` -[![](https://mermaid.ink/img/pako:eNqNU8tugzAQ_JWVD1UqJaka5cSxSX-guSIhgxewamxkL01RxL_XQFExSdr6gtee2ccMvrDMCGQRO-wPRhN-UqzBL5KkELL9--aMqUP7gXa8eDGNFty2q_5cEq4hZt_bmD3CZUT169Q6wmrCJVIXzz3Yfy06B_kWSuMIKpTO8U1RpeVW9Dl-y7C7n2FJXjaa1EbMmgUfevys34DEOZ-DM68Nl9qLEM647NRNpFGxeT8h9JiucqkwKalSPccRJ5lBH95kvaEasgekPgBrrgjd3aHSnpZZoyFtpBJw27nFVIWkJFNGD177AIbgqW6UggdQKDVY7wmMQ_ujzNQtkIG_hgql8JmnAhZrc1eGWTtz3ijG-d-0UMRrXjfb_9zMpB0sCX7u0f6SqA6yLYC7BTAs4guwNavQVlwK_y4HW2JGJVbepshvBea8URSzWHce2tSCE74KScayKOfK4Zrxhsyp1RmLyDY4gY6SF5ZX42H3BTITMPU)](https://mermaid.live/edit#pako:eNqNU8tugzAQ_JWVD1UqJaka5cSxSX-guSIhgxewamxkL01RxL_XQFExSdr6gtee2ccMvrDMCGQRO-wPRhN-UqzBL5KkELL9--aMqUP7gXa8eDGNFty2q_5cEq4hZt_bmD3CZUT169Q6wmrCJVIXzz3Yfy06B_kWSuMIKpTO8U1RpeVW9Dl-y7C7n2FJXjaa1EbMmgUfevys34DEOZ-DM68Nl9qLEM647NRNpFGxeT8h9JiucqkwKalSPccRJ5lBH95kvaEasgekPgBrrgjd3aHSnpZZoyFtpBJw27nFVIWkJFNGD177AIbgqW6UggdQKDVY7wmMQ_ujzNQtkIG_hgql8JmnAhZrc1eGWTtz3ijG-d-0UMRrXjfb_9zMpB0sCX7u0f6SqA6yLYC7BTAs4guwNavQVlwK_y4HW2JGJVbepshvBea8URSzWHce2tSCE74KScayKOfK4Zrxhsyp1RmLyDY4gY6SF5ZX42H3BTITMPU) \ No newline at end of file diff --git a/doc/architekturbild-c4k-website.graphml b/doc/architekturbild-c4k-website.graphml deleted file mode 100644 index e6d4fec..0000000 --- a/doc/architekturbild-c4k-website.graphml +++ /dev/null @@ -1,632 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - Client - - - - - - - - - - - Hetzner-Server - - - - - - - - - - - - - - - - - - - Node - - - - - - - - - - - Webserver 1 - - - - - - - - - - - Ingress1 - - - - - - - - - - - Ingress2 - - - - - - - - - - - Webserver 2 - - - - - - - - - - - Metallb - - - - - - - - - - - pybuilder - - - - - - - - - - - provs - - - - - - - - - - - c4k - - - - - - - - - - - terraform - - - - - - - - - - - AWS - - - - - - - - - - - Hetzner - - - - - - - - - - - local build - - - - - - - - - - - Mount - Holds website data - - - - - - - - - - - - Mount - Holds website data - - - - - - - - - - - - ... - - - - - - - - - - - ... - - - - - - - - - - - ... - Holds website data - - - - - - - - - - - - Folder in /var/www/fqdn-folder-name - - - - - - - - - - - Folder in /var/www/fqdn-folder-name - - - - - - - - - - - Folder in /var/www/fqdn-folder-name - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - out_conf.edn -out_auth.edn - - - - - - - - - - - IP -FQDN - - - - - - - - - - - - - DNS Entry - - - - - - - - - - - - - ssh keys -server size - - - - - - - - - - - spin up server -of requested size -with ssh keys - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - k3s and -c4k application - - - - - - - - - - - - - out_conf.edn -out_auth.edn - - - - - - - - - - - - - application yaml files - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - copy to -via scp/rsync - - - - - - - - - - - - - IPv4 -IPv6 - - - - - - - - - - - - - ssh keys - - - - - - - - - diff --git a/doc/architekturbild-c4k-website.jpg b/doc/architekturbild-c4k-website.jpg deleted file mode 100644 index 38e7b9e..0000000 Binary files a/doc/architekturbild-c4k-website.jpg and /dev/null differ diff --git a/doc/meissa-website-arch.png b/doc/meissa-website-arch.png deleted file mode 100644 index c89662f..0000000 Binary files a/doc/meissa-website-arch.png and /dev/null differ diff --git a/doc/requirements.md b/doc/requirements.md index badcbd8..6088fcb 100644 --- a/doc/requirements.md +++ b/doc/requirements.md @@ -1,4 +1,4 @@ - Aktoren +# Aktoren ## A1: Der Website-Konsument ## A2: Der Website-Pfleger diff --git a/infrastructure/build/image/resources/entrypoint.sh b/infrastructure/build/image/resources/entrypoint.sh index f18d5bd..05c3610 100755 --- a/infrastructure/build/image/resources/entrypoint.sh +++ b/infrastructure/build/image/resources/entrypoint.sh @@ -23,14 +23,8 @@ if [[ $currentHash == $newHash ]] echo "Downloading website data" get-website-data $filename unzip-website-data $filename - echo "Executing Custom Scripts, if applicable" - execute-scripts-when-existing echo "Building website" build-website echo "Moving files" move-website-files-to-target fi - - - - diff --git a/infrastructure/build/image/resources/functions.sh b/infrastructure/build/image/resources/functions.sh index 7ab68db..d105f6a 100644 --- a/infrastructure/build/image/resources/functions.sh +++ b/infrastructure/build/image/resources/functions.sh @@ -16,30 +16,10 @@ function unzip-website-data() { unzip $SOURCEDIR/$1 -d $BUILDDIR } -function execute-scripts-when-existing() { - websitedir=$(ls $BUILDDIR) - if [[ -f $BUILDDIR/$websitedir/$SCRIPTFILE ]] - then - checksum="$(sha256sum $BUILDDIR/$websitedir/$SCRIPTFILE | grep -oE "^[a-z0-9]+")" - if [[ "$SHA256SUM" == "$checksum" ]] - then - chmod +x $BUILDDIR/$websitedir/$SCRIPTFILE - (cd $BUILDDIR; dir=$(ls); cd $dir; ./$SCRIPTFILE) #make sure paths defined in scriptfile are relative to $dir - else - printf "Provided SHA256 Sum does not match calculated sum. Exiting." - printf "Calculated SHA256: $checksum" - printf "Given SHA256: $SHA256SUM" - exit 1 - fi - else - printf "No script file provided." - fi -} - function build-website() { - (cd $BUILDDIR; dir=$(ls); cd $dir; lein run;) + (cd $BUILDDIR; dir=$(ls); cd $dir; ./generate.sh;) } function move-website-files-to-target() { - (cd $BUILDDIR; dir=$(ls); cd $dir; rsync -ru --exclude-from "/etc/exclude.pattern" --delete resources/public/* $WEBSITEROOT;) + (cd $BUILDDIR; dir=$(ls); cd $dir; rsync -ru --exclude-from "/etc/exclude.pattern" --delete target/html/* $WEBSITEROOT;) } diff --git a/project.clj b/project.clj index 6596f86..18553f2 100644 --- a/project.clj +++ b/project.clj @@ -25,7 +25,8 @@ :dependencies [[org.clojure/tools.cli "1.1.230"] [ch.qos.logback/logback-classic "1.5.0" :exclusions [com.sun.mail/javax.mail]] - [org.slf4j/jcl-over-slf4j "2.0.12"]]}} + [org.slf4j/jcl-over-slf4j "2.0.12"] + [com.github.clj-easy/graal-build-time "1.0.5"]]}} :release-tasks [["test"] ["vcs" "assert-committed"] ["change" "version" "leiningen.release/bump-version" "release"] diff --git a/src/main/cljc/dda/c4k_website/website.cljc b/src/main/cljc/dda/c4k_website/website.cljc index 26de837..baaaae1 100644 --- a/src/main/cljc/dda/c4k_website/website.cljc +++ b/src/main/cljc/dda/c4k_website/website.cljc @@ -21,8 +21,8 @@ (s/def ::volume-size pred/integer-string?) (s/def ::authtoken pred/bash-env-string?) (s/def ::fqdns (s/coll-of pred/fqdn-string?)) -(s/def ::gitea-host pred/fqdn-string?) -(s/def ::gitea-repo string?) +(s/def ::forgejo-host pred/fqdn-string?) +(s/def ::forgejo-repo string?) (s/def ::branchname string?) (s/def ::username string?) (s/def ::build-cpu-request string?) @@ -32,12 +32,11 @@ (def websiteconfig? (s/keys :req-un [::unique-name ::fqdns - ::gitea-host - ::gitea-repo + ::forgejo-host + ::forgejo-repo ::branchname] :opt-un [::issuer ::volume-size - ::sha256sum-output ::build-cpu-request ::build-cpu-limit ::build-memory-request @@ -121,12 +120,10 @@ (defn-spec replace-build-data pred/map-or-seq? [resource-file string? config websiteconfig?] - (let [{:keys [sha256sum-output build-cpu-request build-cpu-limit build-memory-request build-memory-limit] + (let [{:keys [build-cpu-request build-cpu-limit build-memory-request build-memory-limit] :or {build-cpu-request "500m" build-cpu-limit "1700m" build-memory-request "256Mi" build-memory-limit "512Mi"}} config] (-> (replace-common-data resource-file config) - (cm/replace-all-matching-values-by-new-value "CHECK_SUM" (get-hash-from-sha256sum-output sha256sum-output)) - (cm/replace-all-matching-values-by-new-value "SCRIPT_FILE" (get-file-name-from-sha256sum-output sha256sum-output)) (cm/replace-all-matching-values-by-new-value "BUILD_CPU_REQUEST" build-cpu-request) (cm/replace-all-matching-values-by-new-value "BUILD_CPU_LIMIT" build-cpu-limit) (cm/replace-all-matching-values-by-new-value "BUILD_MEMORY_REQUEST" build-memory-request) @@ -166,7 +163,7 @@ [config websiteconfig?] (replace-common-data "website/hashfile-volume.yaml" config)) - +; using simple ingress instead removes the need of cert handling (defn-spec generate-website-ingress pred/map-or-seq? [config websiteconfig?] (let [{:keys [unique-name fqdns]} config] @@ -189,11 +186,12 @@ [config websiteconfig?] (replace-build-data "website/website-build-cron.yaml" config)) +; TODO: repo & commit-url sounds more like config map? (defn-spec generate-website-build-secret pred/map-or-seq? [config websiteconfig? auth websiteauth?] - (let [{:keys [gitea-host - gitea-repo + (let [{:keys [forgejo-host + forgejo-repo branchname]} config {:keys [authtoken username]} auth] @@ -202,13 +200,13 @@ (cm/replace-all-matching-values-by-new-value "TOKEN" (b64/encode authtoken)) (cm/replace-all-matching-values-by-new-value "REPOURL" (b64/encode (generate-gitrepourl - gitea-host - gitea-repo + forgejo-host + forgejo-repo username branchname))) (cm/replace-all-matching-values-by-new-value "COMMITURL" (b64/encode (generate-gitcommiturl - gitea-host - gitea-repo + forgejo-host + forgejo-repo username)))))) diff --git a/src/main/resources/website/nginx-deployment.yaml b/src/main/resources/website/nginx-deployment.yaml index 9133cd2..1e2a66b 100644 --- a/src/main/resources/website/nginx-deployment.yaml +++ b/src/main/resources/website/nginx-deployment.yaml @@ -44,11 +44,6 @@ spec: envFrom: - secretRef: name: NAME-secret - env: - - name: SHA256SUM - value: CHECK_SUM - - name: SCRIPTFILE - value: SCRIPT_FILE volumeMounts: - name: content-volume mountPath: /var/www/html/website diff --git a/src/main/resources/website/website-build-cron.yaml b/src/main/resources/website/website-build-cron.yaml index 1c79d09..a811e19 100644 --- a/src/main/resources/website/website-build-cron.yaml +++ b/src/main/resources/website/website-build-cron.yaml @@ -27,11 +27,6 @@ spec: envFrom: - secretRef: name: NAME-secret - env: - - name: SHA256SUM - value: CHECK_SUM - - name: SCRIPTFILE - value: SCRIPT_FILE volumeMounts: - name: content-volume mountPath: /var/www/html/website diff --git a/src/test/cljc/dda/c4k_website/core_test.cljc b/src/test/cljc/dda/c4k_website/core_test.cljc index d51d28b..8cf4ad3 100644 --- a/src/test/cljc/dda/c4k_website/core_test.cljc +++ b/src/test/cljc/dda/c4k_website/core_test.cljc @@ -5,8 +5,7 @@ :cljs [cljs.test :refer-macros [deftest is are testing run-tests]]) [clojure.spec.alpha :as s] [dda.c4k-common.yaml :as yaml] - [dda.c4k-website.core :as cut] - [clojure.spec.alpha :as s])) + [dda.c4k-website.core :as cut])) #?(:cljs (defmethod yaml/load-resource :website-test [resource-name] @@ -23,26 +22,26 @@ {:websites [{:unique-name "example.io" :fqdns ["example.org", "www.example.com"] - :gitea-host "finegitehost.net" - :gitea-repo "repo" + :forgejo-host "finegitehost.net" + :forgejo-repo "repo" :branchname "main"} {:unique-name "test.io" :fqdns ["test.de" "test.org" "www.test.de" "www.test.org"] - :gitea-host "gitlab.de" - :gitea-repo "repo" + :forgejo-host "gitlab.de" + :forgejo-repo "repo" :branchname "main"}]}) (def websites2 {:websites [{:unique-name "test.io" :fqdns ["test.de" "test.org" "www.test.de" "www.test.org"] - :gitea-host "gitlab.de" - :gitea-repo "repo" + :forgejo-host "gitlab.de" + :forgejo-repo "repo" :branchname "main"} {:unique-name "example.io" :fqdns ["example.org", "www.example.com"] - :gitea-host "finegitehost.net" - :gitea-repo "repo" + :forgejo-host "finegitehost.net" + :forgejo-repo "repo" :branchname "main"}]}) (def auth1 @@ -66,8 +65,8 @@ (def flattened-and-reduced-config {:unique-name "example.io", :fqdns ["example.org" "www.example.com"], - :gitea-host "finegitehost.net", - :gitea-repo "repo", + :forgejo-host "finegitehost.net", + :forgejo-repo "repo", :branchname "main"}) (def flattened-and-reduced-auth @@ -80,13 +79,13 @@ :websites [{:unique-name "example.io", :fqdns ["example.org" "www.example.com"], - :gitea-host "finegitehost.net", - :gitea-repo "repo", + :forgejo-host "finegitehost.net", + :forgejo-repo "repo", :branchname "main"}, {:unique-name "test.io", :fqdns ["test.de" "test.org" "www.test.de" "www.test.org"], - :gitea-host "gitlab.de", - :gitea-repo "repo", + :forgejo-host "gitlab.de", + :forgejo-repo "repo", :branchname "main", :sha256sum-output "123456789ab123cd345de script-file-name.sh"}], :mon-cfg {:grafana-cloud-url "url-for-your-prom-remote-write-endpoint", :cluster-name "jitsi", :cluster-stage "test"}} @@ -95,14 +94,14 @@ :websites [{:unique-name "test.io", :fqdns ["test.de" "test.org" "www.test.de" "www.test.org"], - :gitea-host "gitlab.de", - :gitea-repo "repo", + :forgejo-host "gitlab.de", + :forgejo-repo "repo", :branchname "main", :sha256sum-output "123456789ab123cd345de script-file-name.sh"} {:unique-name "example.io", :fqdns ["example.org" "www.example.com"], - :gitea-host "finegitehost.net", - :gitea-repo "repo", + :forgejo-host "finegitehost.net", + :forgejo-repo "repo", :branchname "main"}], :mon-cfg {:grafana-cloud-url "url-for-your-prom-remote-write-endpoint", :cluster-name "jitsi", :cluster-stage "test"}})))) diff --git a/src/test/cljc/dda/c4k_website/website_test.cljc b/src/test/cljc/dda/c4k_website/website_test.cljc index 8f19da8..797cab7 100644 --- a/src/test/cljc/dda/c4k_website/website_test.cljc +++ b/src/test/cljc/dda/c4k_website/website_test.cljc @@ -4,9 +4,7 @@ :cljs [cljs.test :refer-macros [deftest is are testing run-tests]]) [clojure.spec.test.alpha :as st] [dda.c4k-common.test-helper :as th] - [dda.c4k-common.base64 :as b64] - [dda.c4k-website.website :as cut] - [clojure.spec.alpha :as s])) + [dda.c4k-website.website :as cut])) (st/instrument `cut/generate-nginx-configmap) (st/instrument `cut/generate-nginx-deployment) @@ -21,20 +19,20 @@ (deftest should-generate-nginx-configmap-website (is (= "server {\n listen 80 default_server;\n listen [::]:80 default_server;\n server_name test.de www.test.de test-it.de www.test-it.de;\n add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'; \n add_header X-Frame-Options \"SAMEORIGIN\";\n add_header X-Content-Type-Options nosniff;\n add_header Referrer-Policy \"strict-origin\";\n # add_header Permissions-Policy \"permissions here\";\n root /var/www/html/website/;\n index index.html;\n location / {\n try_files $uri $uri/ /index.html =404;\n }\n}\n" (:website.conf (:data (cut/generate-nginx-configmap {:unique-name "test.io", - :gitea-host "gitea.evilorg", - :gitea-repo "none", + :forgejo-host "gitea.evilorg", + :forgejo-repo "none", :branchname "mablain", :fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))) (is (= "types {\n text/html html htm shtml;\n text/css css;\n text/xml xml rss;\n image/gif gif;\n image/jpeg jpeg jpg;\n application/x-javascript js;\n text/plain txt;\n text/x-component htc;\n text/mathml mml;\n image/svg+xml svg svgz;\n image/png png;\n image/x-icon ico;\n image/x-jng jng;\n image/vnd.wap.wbmp wbmp;\n application/java-archive jar war ear;\n application/mac-binhex40 hqx;\n application/pdf pdf;\n application/x-cocoa cco;\n application/x-java-archive-diff jardiff;\n application/x-java-jnlp-file jnlp;\n application/x-makeself run;\n application/x-perl pl pm;\n application/x-pilot prc pdb;\n application/x-rar-compressed rar;\n application/x-redhat-package-manager rpm;\n application/x-sea sea;\n application/x-shockwave-flash swf;\n application/x-stuffit sit;\n application/x-tcl tcl tk;\n application/x-x509-ca-cert der pem crt;\n application/x-xpinstall xpi;\n application/zip zip;\n application/octet-stream deb;\n application/octet-stream bin exe dll;\n application/octet-stream dmg;\n application/octet-stream eot;\n application/octet-stream iso img;\n application/octet-stream msi msp msm;\n audio/mpeg mp3;\n audio/x-realaudio ra;\n video/mpeg mpeg mpg;\n video/quicktime mov;\n video/x-flv flv;\n video/x-msvideo avi;\n video/x-ms-wmv wmv;\n video/x-ms-asf asx asf;\n video/x-mng mng;\n}\n" (:mime.types (:data (cut/generate-nginx-configmap {:unique-name "test.io", - :gitea-host "gitea.evilorg", - :gitea-repo "none", + :forgejo-host "gitea.evilorg", + :forgejo-repo "none", :branchname "mablain", :fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))) (is (= "user nginx;\nworker_processes 3;\nerror_log /var/log/nginx/error.log;\npid /var/log/nginx/nginx.pid;\nworker_rlimit_nofile 8192;\nevents {\n worker_connections 4096;\n}\nhttp {\n include /etc/nginx/mime.types;\n default_type application/octet-stream;\n log_format main '$remote_addr - $remote_user [$time_local] $status'\n '\"$request\" $body_bytes_sent \"$http_referer\"'\n '\"$http_user_agent\" \"$http_x_forwarded_for\"';\n access_log /var/log/nginx/access.log main;\n sendfile on;\n tcp_nopush on;\n keepalive_timeout 65;\n server_names_hash_bucket_size 128;\n include /etc/nginx/conf.d/website.conf;\n}\n" (:nginx.conf (:data (cut/generate-nginx-configmap {:unique-name "test.io", - :gitea-host "gitea.evilorg", - :gitea-repo "none", + :forgejo-host "gitea.evilorg", + :forgejo-repo "none", :branchname "mablain", :fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))) (is (= {:apiVersion "v1", @@ -43,8 +41,8 @@ :labels {:app.kubernetes.part-of "test-io-website"}, :namespace "default"}} (dissoc (cut/generate-nginx-configmap {:unique-name "test.io", - :gitea-host "gitea.evilorg", - :gitea-repo "none", + :forgejo-host "gitea.evilorg", + :forgejo-repo "none", :branchname "mablain", :fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}) :data)))) @@ -74,7 +72,6 @@ :resources {:requests {:cpu "500m", :memory "256Mi"}, :limits {:cpu "1700m", :memory "512Mi"}}, :command ["/entrypoint.sh"], :envFrom [{:secretRef {:name "test-io-secret"}}], - :env [{:name "SHA256SUM", :value "123456789ab123cd345de"} {:name "SCRIPTFILE", :value "script-file-name.sh"}], :volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"} {:name "hashfile-volume", :mountPath "/var/hashfile.d"}]}], :volumes @@ -88,9 +85,9 @@ {:name "log", :emptyDir {}} {:name "content-volume", :persistentVolumeClaim {:claimName "test-io-content-volume"}} {:name "hashfile-volume", :persistentVolumeClaim {:claimName "test-io-hashfile-volume"}}]}}}} - (cut/generate-nginx-deployment {:gitea-host "gitlab.de", + (cut/generate-nginx-deployment {:forgejo-host "gitlab.de", :fqdns ["test.de" "test.org" "www.test.de" "www.test.org"], - :gitea-repo "repo", + :forgejo-repo "repo", :sha256sum-output "123456789ab123cd345de script-file-name.sh", :issuer "staging", :branchname "main", @@ -98,18 +95,18 @@ (deftest should-generate-resource-requests (is (= {:requests {:cpu "500m", :memory "256Mi"}, :limits {:cpu "1700m", :memory "512Mi"}} - (-> (cut/generate-nginx-deployment {:gitea-host "gitlab.de", + (-> (cut/generate-nginx-deployment {:forgejo-host "gitlab.de", :fqdns ["test.de" "test.org" "www.test.de" "www.test.org"], - :gitea-repo "repo", + :forgejo-repo "repo", :sha256sum-output "123456789ab123cd345de script-file-name.sh", :issuer "staging", :branchname "main", :unique-name "test.io"}) :spec :template :spec :initContainers first :resources ))) (is (= {:requests {:cpu "1500m", :memory "512Mi"}, :limits {:cpu "3000m", :memory "1024Mi"}} - (-> (cut/generate-nginx-deployment {:gitea-host "gitlab.de", + (-> (cut/generate-nginx-deployment {:forgejo-host "gitlab.de", :fqdns ["test.de" "test.org" "www.test.de" "www.test.org"], - :gitea-repo "repo", + :forgejo-repo "repo", :sha256sum-output "123456789ab123cd345de script-file-name.sh", :issuer "staging", :branchname "main", @@ -128,13 +125,13 @@ :app.kubernetes.part-of-c1 "test-io-website", :app.kubernetes.part-of-c2 "test-org-website"} (th/map-diff (cut/generate-nginx-service {:unique-name "test.io", - :gitea-host "gitea.evilorg", - :gitea-repo "none", + :forgejo-host "gitea.evilorg", + :forgejo-repo "none", :branchname "mablain", :fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}) (cut/generate-nginx-service {:unique-name "test.org", - :gitea-host "gitea.evilorg", - :gitea-repo "none", + :forgejo-host "gitea.evilorg", + :forgejo-repo "none", :branchname "mablain", :fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))) @@ -157,16 +154,14 @@ :resources {:requests {:cpu "500m", :memory "256Mi"}, :limits {:cpu "1700m", :memory "512Mi"}}, :command ["/entrypoint.sh"], :envFrom [{:secretRef {:name "test-io-secret"}}], - :env [{:name "SHA256SUM", :value "123456789ab123cd345de"} {:name "SCRIPTFILE", :value "script-file-name.sh"}], :volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"} {:name "hashfile-volume", :mountPath "/var/hashfile.d"}]}], :volumes [{:name "content-volume", :persistentVolumeClaim {:claimName "test-io-content-volume"}} {:name "hashfile-volume", :persistentVolumeClaim {:claimName "test-io-hashfile-volume"}}], :restartPolicy "OnFailure"}}}}}} - (cut/generate-website-build-cron {:gitea-host "gitlab.de", + (cut/generate-website-build-cron {:forgejo-host "gitlab.de", :fqdns ["test.de" "test.org" "www.test.de" "www.test.org"], - :gitea-repo "repo", - :sha256sum-output "123456789ab123cd345de script-file-name.sh", + :forgejo-repo "repo", :issuer "staging", :branchname "main", :unique-name "test.io"})))) @@ -180,12 +175,11 @@ :GITREPOURL "aHR0cHM6Ly9naXRsYWIuZGUvYXBpL3YxL3JlcG9zL3NvbWV1c2VyL3JlcG8vYXJjaGl2ZS9tYWluLnppcA==", :GITCOMMITURL "aHR0cHM6Ly9naXRsYWIuZGUvYXBpL3YxL3JlcG9zL3NvbWV1c2VyL3JlcG8vZ2l0L2NvbW1pdHMvSEVBRA=="}} (cut/generate-website-build-secret {:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"], - :gitea-repo "repo", - :sha256sum-output "123456789ab123cd345de script-file-name.sh", + :forgejo-repo "repo", :issuer "staging", :branchname "main", :unique-name "test.io", - :gitea-host "gitlab.de"} + :forgejo-host "gitlab.de"} {:unique-name "test.io", :authtoken "abedjgbasdodj", :username "someuser"})))) @@ -198,13 +192,13 @@ :app.kubernetes.part-of-c1 "test-io-website", :app.kubernetes.part-of-c2 "test-org-website"} (th/map-diff (cut/generate-website-content-volume {:unique-name "test.io", - :gitea-host "gitea.evilorg", - :gitea-repo "none", + :forgejo-host "gitea.evilorg", + :forgejo-repo "none", :branchname "mablain", :fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}) (cut/generate-website-content-volume {:unique-name "test.org", - :gitea-host "gitea.evilorg", - :gitea-repo "none", + :forgejo-host "gitea.evilorg", + :forgejo-repo "none", :branchname "mablain", :fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))) @@ -217,7 +211,7 @@ :labels {:app "test-io-nginx", :app.kubernetes.part-of "test-io-website"}}, :spec {:storageClassName "local-path", :accessModes ["ReadWriteOnce"], :resources {:requests {:storage "16Mi"}}}} (cut/generate-hashfile-volume {:unique-name "test.io", - :gitea-host "gitea.evilorg", - :gitea-repo "none", + :forgejo-host "gitea.evilorg", + :forgejo-repo "none", :branchname "mablain", :fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))) diff --git a/src/test/resources/website-test/valid-config.yaml b/src/test/resources/website-test/valid-config.yaml index ae670cf..0d2c1a4 100644 --- a/src/test/resources/website-test/valid-config.yaml +++ b/src/test/resources/website-test/valid-config.yaml @@ -2,16 +2,15 @@ issuer: "staging" websites: - unique-name: "test.io" fqdns: ["test.de", "test.org", "www.test.de", "www.test.org"] - gitea-host: "gitlab.de" - gitea-repo: "repo" + forgejo-host: "codeberg.org" + forgejo-repo: "repo" branchname: "main" - sha256sum-output: "123456789ab123cd345de script-file-name.sh" - unique-name: "example.io" fqdns: ["example.org", "www.example.com"] - gitea-host: "finegitehost.net" - gitea-repo: "repo" + forgejo-host: "fineForgejoHost.net" + forgejo-repo: "repo" branchname: "main" mon-cfg: grafana-cloud-url: "url-for-your-prom-remote-write-endpoint" - cluster-name: "jitsi" + cluster-name: "website" cluster-stage: "test"