From edcfb0349f70a9a4bac11c33504c220a0e75c713 Mon Sep 17 00:00:00 2001 From: Nicolas Bigler Date: Thu, 29 Jan 2026 15:01:13 +0100 Subject: [PATCH] Update devcontainer to latest distro release, add just support Signed-off-by: Nicolas Bigler --- .devcontainer/Dockerfile | 8 +- .devcontainer/devcontainer.json | 2 +- .gitignore | 1 + Makefile | 2 +- justfile | 183 ++++++++++++++++++++++++++++++++ 5 files changed, 192 insertions(+), 4 deletions(-) create mode 100644 justfile diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index f1a0689..b1a2658 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -1,4 +1,4 @@ -FROM mcr.microsoft.com/devcontainers/go:dev-1.25-bookworm +FROM mcr.microsoft.com/devcontainers/go:dev-1.25-trixie ARG TARGETOS ARG TARGETARCH @@ -9,4 +9,8 @@ ENV KUBECOLORVERSION="0.4.0" RUN curl -L -o kubecolor.tar.gz https://github.com/kubecolor/kubecolor/releases/download/v${KUBECOLORVERSION}/kubecolor_${KUBECOLORVERSION}_linux_${TARGETARCH}.tar.gz && tar -xvzf kubecolor.tar.gz && install -c -m 0755 kubecolor /usr/local/bin # Install bash-complete to make kubectl autocomplete work -RUN apt-get update && apt-get install bash-completion make vim -y && rm -rf /var/lib/apt/lists/* +# Remove yarn repo to avoid GPG verification issues with Debian Trixie's sqv +RUN rm -f /etc/apt/sources.list.d/yarn.list && \ + apt-get update && \ + apt-get install bash-completion make vim just -y && \ + rm -rf /var/lib/apt/lists/* diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index b7db56d..a9b1947 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -12,7 +12,7 @@ "features": { "ghcr.io/devcontainers/features/docker-in-docker:2": { "version": "latest", - "moby": true + "moby": false }, "ghcr.io/mikaello/devcontainer-features/modern-shell-utils:2.0.0": {}, "ghcr.io/devcontainers/features/kubectl-helm-minikube:1": { diff --git a/.gitignore b/.gitignore index 21074e3..561594f 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ !Makefile !README.md !renovate.json +!justfile diff --git a/Makefile b/Makefile index bc3aafe..12cead1 100644 --- a/Makefile +++ b/Makefile @@ -166,7 +166,7 @@ check-docker-creds: echo "ERROR: Docker credentials file '$(DOCKER_CREDS_FILE)' not found!"; \ echo ""; \ echo "Create it with:"; \ - echo " cat > .docker-credentials << EOF"; \ + echo " cat > $(DOCKER_CREDS_FILE) << EOF"; \ echo " inventage_registry_username=your-username"; \ echo " inventage_registry_password=your-password"; \ echo " EOF"; \ diff --git a/justfile b/justfile new file mode 100644 index 0000000..468a6f9 --- /dev/null +++ b/justfile @@ -0,0 +1,183 @@ +# Default recipe to display help +default: + @just --list + +# Initialize all git submodules +clone-all: + git -C appcat pull || git clone git@github.com:vshn/appcat || true + git -C component-appcat pull || git clone git@github.com:vshn/component-appcat || true + git -C component-spks-crossplane pull || git clone git@git.vshn.net:swisscompks/component-spks-crossplane.git || true + git -C component-exporter-filterproxy pull || git clone git@github.com:vshn/component-exporter-filterproxy.git || true + git -C kindev pull || git clone git@github.com:vshn/kindev || true + git -C appcat-charts pull || git clone git@github.com:vshn/appcat-charts || true + +# Delete all submodules +clean-container: + rm -rf appcat component-appcat component-spks-crossplane kindev + +# Setup spks kindev environment +setup-spks: + cd kindev && just spks + cp kindev/.kind/kind-config ~/.kube/config + +# Setup kindev environment +setup-kindev: + cd kindev && just vshnall + cp kindev/.kind/kind-config ~/.kube/config + +# Clean kindev +clean-kindev: + cd kindev && just clean + +# Push AppCat configuration converged mode to local forgejo. By default it will try to connect to AppCat running in debug mode. Use `DEBUG=false just push-golden` to run against containers in the cluster +push-golden DEBUG="true": + #!/usr/bin/env bash + set -euxo pipefail + HOST=$(docker inspect kindev-control-plane | jq '.[0].NetworkSettings.Networks.kind.Gateway') + yq '.parameters.appcat.proxyFunction |= {{DEBUG}}' component-appcat/tests/dev.yml | diff -B component-appcat/tests/dev.yml - | patch component-appcat/tests/dev.yml - + yq '.parameters.appcat.grpcEndpoint |= '"$HOST"'+":9443"' component-appcat/tests/dev.yml | diff -B component-appcat/tests/dev.yml - | patch component-appcat/tests/dev.yml - + cd component-appcat && just push-golden + cd .. + just export-cluster-env-single + just patch-keycloak-composition gitea_admin/appcat + +# Push AppCat configuration non-converged mode to local forgejo. By default it will try to connect to AppCat running in debug mode. Use `DEBUG=false just push-non-converged` to run against containers in the cluster +push-non-converged DEBUG="true": + #!/usr/bin/env bash + set -euo pipefail + HOST=$(docker inspect kindev-control-plane | jq '.[0].NetworkSettings.Networks.kind.Gateway') + yq '.parameters.appcat.proxyFunction |= {{DEBUG}}' component-appcat/tests/control-plane.yml | diff -B component-appcat/tests/control-plane.yml - | patch component-appcat/tests/control-plane.yml - + yq '.parameters.appcat.grpcEndpoint |= '"$HOST"'+":9443"' component-appcat/tests/control-plane.yml | diff -B component-appcat/tests/control-plane.yml - | patch component-appcat/tests/control-plane.yml - + cd component-appcat && just push-non-converged + cd ../kindev + export serviceCluster=$(just vcluster-host-kubeconfig) + export controlCluster=$(just vcluster-in-cluster-kubeconfig) + cd .. + yq '.parameters.appcat.clusterManagementSystem.serviceClusterKubeconfigs[0].config |= strenv(serviceCluster)' component-appcat/tests/control-plane.yml | diff -B component-appcat/tests/control-plane.yml - | patch component-appcat/tests/control-plane.yml - + yq '.parameters.appcat.clusterManagementSystem.controlPlaneKubeconfig |= strenv(controlCluster)' component-appcat/tests/service-cluster.yml | diff -B component-appcat/tests/service-cluster.yml - | patch component-appcat/tests/service-cluster.yml - + cd component-appcat && just push-non-converged + cd .. + just export-cluster-env-multi + cp kindev/.kind/vcluster-config ~/.kube/config + just patch-keycloak-composition gitea_admin/control-plane + +# Push SPKS configuration +push-spks DEBUG="true": + #!/usr/bin/env bash + set -euo pipefail + yq '.parameters.spks_crossplane.proxyFunction |= {{DEBUG}}' component-spks-crossplane/tests/control-plane.yml | diff -B component-spks-crossplane/tests/control-plane.yml - | patch component-spks-crossplane/tests/control-plane.yml - + cd component-spks-crossplane && just push-non-converged + cd ../kindev + export appcat_namespace=spks-crossplane + export serviceCluster=$(just vcluster-host-kubeconfig) + export controlCluster=$(just vcluster-in-cluster-kubeconfig) + cd .. + yq '.parameters.spks_crossplane.clusterManagementSystem.serviceClusterKubeconfigs[0].config |= strenv(serviceCluster)' component-spks-crossplane/tests/control-plane.yml | diff -B component-spks-crossplane/tests/control-plane.yml - | patch component-spks-crossplane/tests/control-plane.yml - + yq '.parameters.spks_crossplane.clusterManagementSystem.controlPlaneKubeconfig |= strenv(controlCluster)' component-spks-crossplane/tests/service-cluster.yml | diff -B component-spks-crossplane/tests/service-cluster.yml - | patch component-spks-crossplane/tests/service-cluster.yml - + cd component-spks-crossplane && just push-non-converged + cd ../component-exporter-filterproxy && just push-non-converged + cd ../appcat-charts && just push-local + +# Export environment variables for e2e tests in single cluster mode (converged) +export-cluster-env-single: + #!/usr/bin/env bash + set -euo pipefail + rm -f component-appcat/.env || true + cp kindev/.kind/kind-config kindev/.kind/in-cluster-kind-config + yq -i '.clusters[0].cluster.server = "https://kubernetes.default.svc:443"' kindev/.kind/in-cluster-kind-config + echo "export IN_CLUSTER_CONTROL_PLANE_KUBECONFIG=../kindev/.kind/in-cluster-kind-config" >> component-appcat/.env + echo "export IN_CLUSTER_SERVICE_CLUSTER_KUBECONFIG=../kindev/.kind/in-cluster-kind-config" >> component-appcat/.env + echo "export CONTROL_PLANE_KUBECONFIG_CONTENT='$(cat kindev/.kind/kind-config | base64 -w 0)'" >> component-appcat/.env + echo "export SERVICE_CLUSTER_KUBECONFIG_CONTENT='$(cat kindev/.kind/kind-config | base64 -w 0)'" >> component-appcat/.env + +# Export environment variables for e2e tests in multi cluster mode (non-converged) +export-cluster-env-multi: + #!/usr/bin/env bash + set -euo pipefail + cd kindev && just vcluster-host-kubeconfig > .kind/from-control-to-service-kubeconfig + cd kindev && just vcluster-in-cluster-kubeconfig > .kind/from-service-to-control-kubeconfig + rm -f component-appcat/.env || true + echo "export IN_CLUSTER_SERVICE_CLUSTER_KUBECONFIG=../kindev/.kind/from-control-to-service-kubeconfig" >> component-appcat/.env + echo "export SERVICE_CLUSTER_KUBECONFIG_CONTENT='$(cat kindev/.kind/kind-config | base64 -w 0)'" >> component-appcat/.env + echo "export IN_CLUSTER_CONTROL_PLANE_KUBECONFIG=../kindev/.kind/from-service-to-control-kubeconfig" >> component-appcat/.env + echo "export CONTROL_PLANE_KUBECONFIG_CONTENT='$(cat kindev/.kind/vcluster-config | base64 -w 0)'" >> component-appcat/.env + +# Run e2e tests +e2e-tests: + cd component-appcat && just e2e-test + +# Run single e2e test (use: just run-single-e2e test=TestName) +run-single-e2e test="": + cd component-appcat && just run-single-e2e {{test}} + +# Inject inventage docker credentials in the keycloak composition of forgejo repository +patch-keycloak-composition FORGEJO_REPO="gitea_admin/control-plane": + #!/usr/bin/env bash + set -euo pipefail + DOCKER_CREDS_FILE=".inventage-credentials" + FORGEJO_URL="http://forgejo.127.0.0.1.nip.io:8088" + FORGEJO_USERNAME="gitea_admin" + FORGEJO_PASSWORD="adminadmin" + FILE_PATH="21_composition_vshn_keycloak.yaml" + BRANCH="master" + + if [ ! -f "$DOCKER_CREDS_FILE" ]; then + echo "ERROR: Docker credentials file '$DOCKER_CREDS_FILE' not found!" + echo "" + echo "Create it with:" + echo " cat > $DOCKER_CREDS_FILE << EOF" + echo " inventage_registry_username=your-username" + echo " inventage_registry_password=your-password" + echo " EOF" + echo "" + exit 1 + fi + + echo "Patching Keycloak composition in Forgejo..." + set -a && . ./$DOCKER_CREDS_FILE && set +a + + if [ -z "$inventage_registry_username" ] || [ -z "$inventage_registry_password" ]; then + echo "ERROR: inventage_registry_username and inventage_registry_password must be set in $DOCKER_CREDS_FILE" + exit 1 + fi + + echo "Fetching current file content..." + CURRENT_CONTENT=$(curl -s \ + -u "$FORGEJO_USERNAME:$FORGEJO_PASSWORD" \ + "$FORGEJO_URL/api/v1/repos/{{FORGEJO_REPO}}/contents/$FILE_PATH?ref=$BRANCH" | \ + jq -r '.content' | base64 -d) + + if [ -z "$CURRENT_CONTENT" ]; then + echo "ERROR: Failed to fetch file from Forgejo" + exit 1 + fi + + echo "Updating inventage docker registry credentials..." + NEW_CONTENT=$(echo "$CURRENT_CONTENT" | \ + sed "s|registry_password:.*|registry_password: $inventage_registry_password|" | \ + sed "s|registry_username:.*|registry_username: $inventage_registry_username|") + + CONTENT_BASE64=$(echo "$NEW_CONTENT" | base64 -w 0) + SHA=$(curl -s \ + -u "$FORGEJO_USERNAME:$FORGEJO_PASSWORD" \ + "$FORGEJO_URL/api/v1/repos/{{FORGEJO_REPO}}/contents/$FILE_PATH?ref=$BRANCH" | \ + jq -r '.sha') + + echo "Committing changes to Forgejo (SHA: $SHA)..." + RESPONSE=$(curl -s -w "\n%{http_code}" -X PUT \ + -u "$FORGEJO_USERNAME:$FORGEJO_PASSWORD" \ + -H "Content-Type: application/json" \ + "$FORGEJO_URL/api/v1/repos/{{FORGEJO_REPO}}/contents/$FILE_PATH" \ + -d "{\"content\":\"$CONTENT_BASE64\",\"sha\":\"$SHA\",\"branch\":\"$BRANCH\",\"message\":\"Update registry credentials\"}") + + HTTP_CODE=$(echo "$RESPONSE" | tail -n1) + BODY=$(echo "$RESPONSE" | head -n-1) + + if [ "$HTTP_CODE" = "200" ] || [ "$HTTP_CODE" = "201" ]; then + echo "✓ Keycloak composition updated successfully" + echo "View changes: $FORGEJO_URL/{{FORGEJO_REPO}}/src/branch/$BRANCH/$FILE_PATH" + else + echo "ERROR: Failed to update file (HTTP $HTTP_CODE)" + echo "$BODY" | jq . + exit 1 + fi