diff --git a/.gimlet/k8s/preview-frontend/chart.yaml b/.gimlet/k8s/penpot/Chart.yaml similarity index 72% rename from .gimlet/k8s/preview-frontend/chart.yaml rename to .gimlet/k8s/penpot/Chart.yaml index 41d354629..e8e76bd46 100644 --- a/.gimlet/k8s/preview-frontend/chart.yaml +++ b/.gimlet/k8s/penpot/Chart.yaml @@ -1,4 +1,4 @@ -name: penpot-frontend-preview +name: penpot maintainers: - name: Tokens Studio url: https://tokens.studio @@ -15,3 +15,8 @@ keywords: - design sources: - https://github.com/penpot/penpot +dependencies: + - condition: global.redisEnabled + name: redis + repository: https://charts.bitnami.com/bitnami + version: 17.x.x \ No newline at end of file diff --git a/.gimlet/k8s/preview-frontend/templates/_helpers.tpl b/.gimlet/k8s/penpot/templates/_helpers.tpl similarity index 100% rename from .gimlet/k8s/preview-frontend/templates/_helpers.tpl rename to .gimlet/k8s/penpot/templates/_helpers.tpl diff --git a/.gimlet/k8s/penpot/templates/backend/deployment.yaml b/.gimlet/k8s/penpot/templates/backend/deployment.yaml new file mode 100644 index 000000000..74a333ccd --- /dev/null +++ b/.gimlet/k8s/penpot/templates/backend/deployment.yaml @@ -0,0 +1,370 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "penpot.fullname" . }}-backend + namespace: {{ .Release.Namespace }} + labels: + {{- include "penpot.labels" . | nindent 4 }} + {{- with .Values.backend.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.backend.replicaCount }} + selector: + matchLabels: + {{- include "penpot.backendSelectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "penpot.backendSelectorLabels" . | nindent 8 }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{ if .Values.backend.podSecurityContext.enabled }} + securityContext: + {{- omit .Values.backend.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "penpot.serviceAccountName" . }} + containers: + - name: {{ .Chart.Name }}-backend + {{ if .Values.backend.containerSecurityContext.enabled }} + securityContext: + {{- omit .Values.backend.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag }}" + imagePullPolicy: {{ .Values.backend.image.imagePullPolicy }} + volumeMounts: + - mountPath: /opt/data + name: app-data + readOnly: false + env: + - name: PENPOT_PUBLIC_URI + value: {{ .Values.config.publicURI | quote }} + - name: PENPOT_FLAGS + value: "$PENPOT_FLAGS {{ .Values.config.flags }}" + - name: PENPOT_SECRET_KEY + value: {{ .Values.config.apiSecretKey | quote }} + - name: PENPOT_DATABASE_URI + value: "postgresql://{{ .Values.config.postgresql.host }}:{{ .Values.config.postgresql.port }}/{{ .Values.config.postgresql.database }}" + - name: PENPOT_DATABASE_USERNAME + {{- if not .Values.config.postgresql.secretKeys.usernameKey }} + value: {{ .Values.config.postgresql.username | quote }} + {{- else }} + valueFrom: + secretKeyRef: + name: {{ .Values.config.postgresql.existingSecret }} + key: {{ .Values.config.postgresql.secretKeys.usernameKey }} + {{- end }} + - name: PENPOT_DATABASE_PASSWORD + {{- if not .Values.config.postgresql.secretKeys.passwordKey }} + value: {{ .Values.config.postgresql.password | quote }} + {{- else }} + valueFrom: + secretKeyRef: + name: {{ .Values.config.postgresql.existingSecret }} + key: {{ .Values.config.postgresql.secretKeys.passwordKey }} + {{- end }} + - name: PENPOT_REDIS_URI + value: "redis://{{ .Values.config.redis.host }}:{{ .Values.config.redis.port }}/{{ .Values.config.redis.database }}" + - name: PENPOT_ASSETS_STORAGE_BACKEND + value: {{ .Values.config.assets.storageBackend | quote }} + {{- if eq .Values.config.assets.storageBackend "assets-fs" }} + - name: PENPOT_STORAGE_ASSETS_FS_DIRECTORY + value: {{ .Values.config.assets.filesystem.directory | quote }} + {{- else if eq .Values.config.assets.storageBackend "assets-s3" }} + - name: PENPOT_STORAGE_ASSETS_S3_REGION + value: {{ .Values.config.assets.s3.region | quote }} + - name: PENPOT_STORAGE_ASSETS_S3_BUCKET + value: {{ .Values.config.assets.s3.bucket | quote }} + - name: AWS_ACCESS_KEY_ID + {{- if not .Values.config.assets.s3.secretKeys.accessKeyIDKey }} + value: {{ .Values.config.assets.s3.accessKeyID | quote }} + {{- else }} + valueFrom: + secretKeyRef: + name: {{ .Values.config.assets.s3.existingSecret }} + key: {{ .Values.config.assets.s3.secretKeys.accessKeyIDKey }} + {{- end }} + - name: AWS_SECRET_ACCESS_KEY + {{- if not .Values.config.assets.s3.secretKeys.secretAccessKey }} + value: {{ .Values.config.assets.s3.secretAccessKey | quote }} + {{- else }} + valueFrom: + secretKeyRef: + name: {{ .Values.config.assets.s3.existingSecret }} + key: {{ .Values.config.assets.s3.secretKeys.secretAccessKey }} + {{- end }} + - name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT + {{- if not .Values.config.assets.s3.secretKeys.endpointURIKey }} + value: {{ .Values.config.assets.s3.endpointURI | quote }} + {{- else }} + valueFrom: + secretKeyRef: + name: {{ .Values.config.assets.s3.existingSecret }} + key: {{ .Values.config.assets.s3.secretKeys.endpointURIKey }} + {{- end }} + {{- end }} + - name: PENPOT_TELEMETRY_ENABLED + value: {{ .Values.config.telemetryEnabled | quote }} + + {{- if .Values.config.smtp.enabled }} + - name: PENPOT_SMTP_ENABLED + value: 'true' + {{- if .Values.config.smtp.defaultFrom }} + - name: PENPOT_SMTP_DEFAULT_FROM + value: {{ .Values.config.smtp.defaultFrom | quote }} + {{- end }} + {{- if .Values.config.smtp.defaultReplyTo }} + - name: PENPOT_SMTP_DEFAULT_REPLY_TO + value: {{ .Values.config.smtp.defaultReplyTo | quote }} + {{- end }} + {{- if .Values.config.smtp.host }} + - name: PENPOT_SMTP_HOST + value: {{ .Values.config.smtp.host | quote }} + {{- end }} + {{- if .Values.config.smtp.port }} + - name: PENPOT_SMTP_PORT + value: {{ .Values.config.smtp.port | quote }} + {{- end }} + {{- if not .Values.config.smtp.secretKeys.usernameKey }} + - name: PENPOT_SMTP_USERNAME + value: {{ .Values.config.smtp.username | quote }} + {{- else }} + - name: PENPOT_SMTP_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.config.smtp.existingSecret }} + key: {{ .Values.config.smtp.secretKeys.usernameKey }} + {{- end }} + {{- if not .Values.config.smtp.secretKeys.passwordKey }} + - name: PENPOT_SMTP_PASSWORD + value: {{ .Values.config.smtp.password | quote }} + {{- else }} + - name: PENPOT_SMTP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.config.smtp.existingSecret }} + key: {{ .Values.config.smtp.secretKeys.passwordKey }} + {{- end }} + {{- if .Values.config.smtp.tls }} + - name: PENPOT_SMTP_TLS + value: {{ .Values.config.smtp.tls | quote }} + {{- end }} + {{- if .Values.config.smtp.ssl }} + - name: PENPOT_SMTP_SSL + value: {{ .Values.config.smtp.ssl | quote }} + {{- end }} + {{- end }} + + + {{- if .Values.config.registrationDomainWhitelist }} + - name: PENPOT_REGISTRATION_DOMAIN_WHITELIST + value: {{ .Values.config.registrationDomainWhitelist | quote }} + {{- end }} + + {{- if .Values.config.providers.google.enabled }} + {{- if not .Values.config.providers.secretKeys.googleClientIDKey }} + - name: PENPOT_GOOGLE_CLIENT_ID + value: {{ .Values.config.providers.google.clientID | quote }} + {{- else }} + - name: PENPOT_GOOGLE_CLIENT_ID + valueFrom: + secretKeyRef: + name: {{ .Values.config.providers.existingSecret }} + key: {{ .Values.config.providers.secretKeys.googleClientIDKey }} + {{- end }} + {{- if not .Values.config.providers.secretKeys.googleClientSecretKey}} + - name: PENPOT_GOOGLE_CLIENT_SECRET + value: {{ .Values.config.providers.google.clientSecret | quote }} + {{- else }} + - name: PENPOT_GOOGLE_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.config.providers.existingSecret }} + key: {{ .Values.config.providers.secretKeys.googleClientSecretKey }} + {{- end }} + {{- end }} + + {{- if .Values.config.providers.github.enabled }} + {{- if not .Values.config.providers.secretKeys.githubClientIDKey }} + - name: PENPOT_GITHUB_CLIENT_ID + value: {{ .Values.config.providers.github.clientID | quote }} + {{- else }} + - name: PENPOT_GITHUB_CLIENT_ID + valueFrom: + secretKeyRef: + name: {{ .Values.config.providers.existingSecret }} + key: {{ .Values.config.providers.secretKeys.githubClientIDKey }} + {{- end }} + {{- if not .Values.config.providers.secretKeys.githubClientSecretKey }} + - name: PENPOT_GITHUB_CLIENT_SECRET + value: {{ .Values.config.providers.github.clientSecret | quote }} + {{- else }} + - name: PENPOT_GITHUB_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.config.providers.existingSecret }} + key: {{ .Values.config.providers.secretKeys.githubClientSecretKey }} + {{- end }} + {{- end }} + + {{- if .Values.config.providers.gitlab.enabled }} + {{- if .Values.config.providers.gitlab.baseURI }} + - name: PENPOT_GITLAB_BASE_URI + value: {{ .Values.config.providers.gitlab.baseURI | quote }} + {{- end }} + {{- if not .Values.config.providers.secretKeys.gitlabClientIDKey }} + - name: PENPOT_GITLAB_CLIENT_ID + value: {{ .Values.config.providers.gitlab.clientID | quote }} + {{- else }} + - name: PENPOT_GITLAB_CLIENT_ID + valueFrom: + secretKeyRef: + name: {{ .Values.config.providers.existingSecret }} + key: {{ .Values.config.providers.secretKeys.gitlabClientIDKey }} + {{- end }} + {{- if not .Values.config.providers.secretKeys.gitlabClientSecretKey }} + - name: PENPOT_GITLAB_CLIENT_SECRET + value: {{ .Values.config.providers.gitlab.clientSecret | quote }} + {{- else }} + - name: PENPOT_GITLAB_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.config.providers.existingSecret }} + key: {{ .Values.config.providers.secretKeys.gitlabClientSecretKey }} + {{- end }} + {{- end }} + + {{- if .Values.config.providers.oidc.enabled }} + {{- if .Values.config.providers.oidc.baseURI }} + - name: PENPOT_OIDC_BASE_URI + value: {{ .Values.config.providers.oidc.baseURI | quote }} + {{- end }} + {{- if not .Values.config.providers.secretKeys.oidcClientIDKey }} + - name: PENPOT_OIDC_CLIENT_ID + value: {{ .Values.config.providers.oidc.clientID | quote}} + {{- else }} + - name: PENPOT_OIDC_CLIENT_ID + valueFrom: + secretKeyRef: + name: {{ .Values.config.providers.existingSecret }} + key: {{ .Values.config.providers.secretKeys.oidcClientIDKey }} + {{- end }} + {{- if not .Values.config.providers.secretKeys.oidcClientSecretKey}} + - name: PENPOT_OIDC_CLIENT_SECRET + value: {{ .Values.config.providers.oidc.clientSecret | quote }} + {{- else }} + - name: PENPOT_OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.config.providers.existingSecret }} + key: {{ .Values.config.providers.secretKeys.oidcClientSecretKey }} + {{- end }} + {{- if .Values.config.providers.oidc.authURI }} + - name: PENPOT_OIDC_AUTH_URI + value: {{ .Values.config.providers.oidc.authURI | quote }} + {{- end }} + {{- if .Values.config.providers.oidc.tokenURI }} + - name: PENPOT_OIDC_TOKEN_URI + value: {{ .Values.config.providers.oidc.tokenURI | quote }} + {{- end }} + {{- if .Values.config.providers.oidc.userURI }} + - name: PENPOT_OIDC_USER_URI + value: {{ .Values.config.providers.oidc.userURI | quote }} + {{- end }} + {{- if .Values.config.providers.oidc.roles }} + - name: PENPOT_OIDC_ROLES + value: {{ .Values.config.providers.oidc.roles | quote }} + {{- end }} + {{- if .Values.config.providers.oidc.rolesAttribute }} + - name: PENPOT_OIDC_ROLES_ATTR + value: {{ .Values.config.providers.oidc.rolesAttribute | quote }} + {{- end }} + {{- if .Values.config.providers.oidc.scopes }} + - name: PENPOT_OIDC_SCOPES + value: {{ .Values.config.providers.oidc.scopes | quote }} + {{- end }} + {{- if .Values.config.providers.oidc.nameAttribute }} + - name: PENPOT_OIDC_NAME_ATTR + value: {{ .Values.config.providers.oidc.nameAttribute | quote }} + {{- end }} + {{- if .Values.config.providers.oidc.emailAttribute }} + - name: PENPOT_OIDC_EMAIL_ATTR + value: {{ .Values.config.providers.oidc.emailAttribute | quote }} + {{- end }} + {{- end }} + + {{- if .Values.config.providers.ldap.enabled }} + {{- if .Values.config.providers.ldap.host }} + - name: PENPOT_LDAP_HOST + value: {{ .Values.config.providers.ldap.host | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.port }} + - name: PENPOT_LDAP_PORT + value: {{ .Values.config.providers.ldap.port | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.ssl }} + - name: PENPOT_LDAP_SSL + value: {{ .Values.config.providers.ldap.ssl | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.startTLS }} + - name: PENPOT_LDAP_STARTTLS + value: {{ .Values.config.providers.ldap.startTLS | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.baseDN }} + - name: PENPOT_LDAP_BASE_DN + value: {{ .Values.config.providers.ldap.baseDN | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.bindDN }} + - name: PENPOT_LDAP_BIND_DN + value: {{ .Values.config.providers.ldap.bindDN | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.bindPassword }} + - name: PENPOT_LDAP_BIND_PASSWORD + value: {{ .Values.config.providers.ldap.bindPassword | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.attributesUsername }} + - name: PENPOT_LDAP_ATTRS_USERNAME + value: {{ .Values.config.providers.ldap.attributesUsername | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.attributesEmail }} + - name: PENPOT_LDAP_ATTRS_EMAIL + value: {{ .Values.config.providers.ldap.attributesEmail | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.attributesFullname }} + - name: PENPOT_LDAP_ATTRS_FULLNAME + value: {{ .Values.config.providers.ldap.attributesFullname | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.attributesPhoto }} + - name: PENPOT_LDAP_ATTRS_PHOTO + value: {{ .Values.config.providers.ldap.attributesPhoto | quote }} + {{- end }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.backend.service.port }} + protocol: TCP + resources: + {{- toYaml .Values.backend.resources | nindent 12 }} + {{- with .Values.backend.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.backend.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.backend.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: app-data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default ( include "penpot.fullname" . ) }} + {{- else }} + emptyDir: {} + {{- end }} \ No newline at end of file diff --git a/.gimlet/k8s/penpot/templates/backend/service.yaml b/.gimlet/k8s/penpot/templates/backend/service.yaml new file mode 100644 index 000000000..b9668d15e --- /dev/null +++ b/.gimlet/k8s/penpot/templates/backend/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "penpot.fullname" . }}-backend + namespace: {{ .Release.Namespace }} + labels: + {{- include "penpot.labels" . | nindent 4 }} +spec: + type: {{ .Values.backend.service.type }} + ports: + - port: {{ .Values.backend.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "penpot.backendSelectorLabels" . | nindent 4 }} diff --git a/.gimlet/k8s/penpot/templates/db.yaml b/.gimlet/k8s/penpot/templates/db.yaml new file mode 100644 index 000000000..92d9ab90c --- /dev/null +++ b/.gimlet/k8s/penpot/templates/db.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.postgresql.enabled -}} +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: {{ include "penpot.fullname" . }}-db + namespace: {{ .Release.Namespace }} +spec: + instances: 1 + superuserSecret: + name: {{ .Values.postgresql.superUser | quote }} + bootstrap: + initdb: + database: {{ .Values.postgresql.database | quote }} + owner: {{ .Values.postgresql.owner | quote }} + secret: + name: {{ .Values.postgresql.secret | quote }} + monitoring: + enablePodMonitor: true + storage: + size: 5Gi +{{- end -}} \ No newline at end of file diff --git a/.gimlet/k8s/penpot/templates/exporter/deployment.yaml b/.gimlet/k8s/penpot/templates/exporter/deployment.yaml new file mode 100644 index 000000000..a4640d2b6 --- /dev/null +++ b/.gimlet/k8s/penpot/templates/exporter/deployment.yaml @@ -0,0 +1,355 @@ +{{- if and .Values.exporter.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "penpot.fullname" . }}-exporter + namespace: {{ .Release.Namespace }} + labels: + {{- include "penpot.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.exporter.replicaCount }} + selector: + matchLabels: + {{- include "penpot.exporterSelectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "penpot.exporterSelectorLabels" . | nindent 8 }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "penpot.serviceAccountName" . }} + {{ if .Values.exporter.podSecurityContext.enabled }} + securityContext: + {{- omit .Values.exporter.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }}-exporter + {{ if .Values.exporter.containerSecurityContext.enabled }} + securityContext: + {{- omit .Values.exporter.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + image: "{{ .Values.exporter.image.repository }}:{{ .Values.exporter.image.tag }}" + imagePullPolicy: {{ .Values.exporter.image.imagePullPolicy }} + env: + - name: PENPOT_PUBLIC_URI + value: {{ .Values.config.publicURI | quote }} + - name: PENPOT_FLAGS + value: "$PENPOT_FLAGS {{ .Values.config.flags }}" + - name: PENPOT_SECRET_KEY + value: {{ .Values.config.apiSecretKey | quote }} + - name: PENPOT_DATABASE_URI + value: "postgresql://{{ .Values.config.postgresql.host }}:{{ .Values.config.postgresql.port }}/{{ .Values.config.postgresql.database }}" + - name: PENPOT_DATABASE_USERNAME + {{- if not .Values.config.postgresql.secretKeys.usernameKey }} + value: {{ .Values.config.postgresql.username | quote }} + {{- else }} + valueFrom: + secretKeyRef: + name: {{ .Values.config.postgresql.existingSecret }} + key: {{ .Values.config.postgresql.secretKeys.usernameKey }} + {{- end }} + - name: PENPOT_DATABASE_PASSWORD + {{- if not .Values.config.postgresql.secretKeys.passwordKey }} + value: {{ .Values.config.postgresql.password | quote }} + {{- else }} + valueFrom: + secretKeyRef: + name: {{ .Values.config.postgresql.existingSecret }} + key: {{ .Values.config.postgresql.secretKeys.passwordKey }} + {{- end }} + - name: PENPOT_REDIS_URI + value: "redis://{{ .Values.config.redis.host }}:{{ .Values.config.redis.port }}/{{ .Values.config.redis.database }}" + - name: PENPOT_ASSETS_STORAGE_BACKEND + value: {{ .Values.config.assets.storageBackend | quote }} + {{- if eq .Values.config.assets.storageBackend "assets-fs" }} + - name: PENPOT_STORAGE_ASSETS_FS_DIRECTORY + value: {{ .Values.config.assets.filesystem.directory | quote }} + {{- else if eq .Values.config.assets.storageBackend "assets-s3" }} + - name: PENPOT_STORAGE_ASSETS_S3_REGION + value: {{ .Values.config.assets.s3.region | quote }} + - name: PENPOT_STORAGE_ASSETS_S3_BUCKET + value: {{ .Values.config.assets.s3.bucket | quote }} + - name: AWS_ACCESS_KEY_ID + {{- if not .Values.config.assets.s3.secretKeys.accessKeyIDKey }} + value: {{ .Values.config.assets.s3.accessKeyID | quote }} + {{- else }} + valueFrom: + secretKeyRef: + name: {{ .Values.config.assets.s3.existingSecret }} + key: {{ .Values.config.assets.s3.secretKeys.accessKeyIDKey }} + {{- end }} + - name: AWS_SECRET_ACCESS_KEY + {{- if not .Values.config.assets.s3.secretKeys.secretAccessKey }} + value: {{ .Values.config.assets.s3.secretAccessKey | quote }} + {{- else }} + valueFrom: + secretKeyRef: + name: {{ .Values.config.assets.s3.existingSecret }} + key: {{ .Values.config.assets.s3.secretKeys.secretAccessKey }} + {{- end }} + - name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT + {{- if not .Values.config.assets.s3.secretKeys.endpointURIKey }} + value: {{ .Values.config.assets.s3.endpointURI | quote }} + {{- else }} + valueFrom: + secretKeyRef: + name: {{ .Values.config.assets.s3.existingSecret }} + key: {{ .Values.config.assets.s3.secretKeys.endpointURIKey }} + {{- end }} + {{- end }} + - name: PENPOT_TELEMETRY_ENABLED + value: {{ .Values.config.telemetryEnabled | quote }} + + {{- if .Values.config.smtp.enabled }} + {{- if .Values.config.smtp.defaultFrom }} + - name: PENPOT_SMTP_DEFAULT_FROM + value: {{ .Values.config.smtp.defaultFrom | quote }} + {{- end }} + {{- if .Values.config.smtp.defaultReplyTo }} + - name: PENPOT_SMTP_DEFAULT_REPLY_TO + value: {{ .Values.config.smtp.defaultReplyTo | quote }} + {{- end }} + {{- if .Values.config.smtp.host }} + - name: PENPOT_SMTP_HOST + value: {{ .Values.config.smtp.host | quote }} + {{- end }} + {{- if .Values.config.smtp.port }} + - name: PENPOT_SMTP_PORT + value: {{ .Values.config.smtp.port | quote }} + {{- end }} + {{- if not .Values.config.smtp.secretKeys.usernameKey }} + - name: PENPOT_SMTP_USERNAME + value: {{ .Values.config.smtp.username | quote }} + {{- else }} + - name: PENPOT_SMTP_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.config.smtp.existingSecret }} + key: {{ .Values.config.smtp.secretKeys.usernameKey }} + {{- end }} + {{- if not .Values.config.smtp.secretKeys.passwordKey }} + - name: PENPOT_SMTP_PASSWORD + value: {{ .Values.config.smtp.password | quote }} + {{- else }} + - name: PENPOT_SMTP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.config.smtp.existingSecret }} + key: {{ .Values.config.smtp.secretKeys.passwordKey }} + {{- end }} + {{- if .Values.config.smtp.tls }} + - name: PENPOT_SMTP_TLS + value: {{ .Values.config.smtp.tls | quote }} + {{- end }} + {{- if .Values.config.smtp.ssl }} + - name: PENPOT_SMTP_SSL + value: {{ .Values.config.smtp.ssl | quote }} + {{- end }} + {{- end }} + + + {{- if .Values.config.registrationDomainWhitelist }} + - name: PENPOT_REGISTRATION_DOMAIN_WHITELIST + value: {{ .Values.config.registrationDomainWhitelist | quote }} + {{- end }} + + {{- if .Values.config.providers.google.enabled }} + {{- if not .Values.config.providers.secretKeys.googleClientIDKey }} + - name: PENPOT_GOOGLE_CLIENT_ID + value: {{ .Values.config.providers.google.clientID | quote }} + {{- else }} + - name: PENPOT_GOOGLE_CLIENT_ID + valueFrom: + secretKeyRef: + name: {{ .Values.config.providers.existingSecret }} + key: {{ .Values.config.providers.secretKeys.googleClientIDKey }} + {{- end }} + {{- if not .Values.config.providers.secretKeys.googleClientSecretKey}} + - name: PENPOT_GOOGLE_CLIENT_SECRET + value: {{ .Values.config.providers.google.clientSecret | quote }} + {{- else }} + - name: PENPOT_GOOGLE_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.config.providers.existingSecret }} + key: {{ .Values.config.providers.secretKeys.googleClientSecretKey }} + {{- end }} + {{- end }} + + {{- if .Values.config.providers.github.enabled }} + {{- if not .Values.config.providers.secretKeys.githubClientIDKey }} + - name: PENPOT_GITHUB_CLIENT_ID + value: {{ .Values.config.providers.github.clientID | quote }} + {{- else }} + - name: PENPOT_GITHUB_CLIENT_ID + valueFrom: + secretKeyRef: + name: {{ .Values.config.providers.existingSecret }} + key: {{ .Values.config.providers.secretKeys.githubClientIDKey }} + {{- end }} + {{- if not .Values.config.providers.secretKeys.githubClientSecretKey }} + - name: PENPOT_GITHUB_CLIENT_SECRET + value: {{ .Values.config.providers.github.clientSecret | quote }} + {{- else }} + - name: PENPOT_GITHUB_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.config.providers.existingSecret }} + key: {{ .Values.config.providers.secretKeys.githubClientSecretKey }} + {{- end }} + {{- end }} + + {{- if .Values.config.providers.gitlab.enabled }} + {{- if .Values.config.providers.gitlab.baseURI }} + - name: PENPOT_GITLAB_BASE_URI + value: {{ .Values.config.providers.gitlab.baseURI | quote }} + {{- end }} + {{- if not .Values.config.providers.secretKeys.gitlabClientIDKey }} + - name: PENPOT_GITLAB_CLIENT_ID + value: {{ .Values.config.providers.gitlab.clientID | quote }} + {{- else }} + - name: PENPOT_GITLAB_CLIENT_ID + valueFrom: + secretKeyRef: + name: {{ .Values.config.providers.existingSecret }} + key: {{ .Values.config.providers.secretKeys.gitlabClientIDKey }} + {{- end }} + {{- if not .Values.config.providers.secretKeys.gitlabClientSecretKey }} + - name: PENPOT_GITLAB_CLIENT_SECRET + value: {{ .Values.config.providers.gitlab.clientSecret | quote }} + {{- else }} + - name: PENPOT_GITLAB_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.config.providers.existingSecret }} + key: {{ .Values.config.providers.secretKeys.gitlabClientSecretKey }} + {{- end }} + {{- end }} + + {{- if .Values.config.providers.oidc.enabled }} + {{- if .Values.config.providers.oidc.baseURI }} + - name: PENPOT_OIDC_BASE_URI + value: {{ .Values.config.providers.oidc.baseURI | quote }} + {{- end }} + {{- if not .Values.config.providers.secretKeys.oidcClientIDKey }} + - name: PENPOT_OIDC_CLIENT_ID + value: {{ .Values.config.providers.oidc.clientID | quote}} + {{- else }} + - name: PENPOT_OIDC_CLIENT_ID + valueFrom: + secretKeyRef: + name: {{ .Values.config.providers.existingSecret }} + key: {{ .Values.config.providers.secretKeys.oidcClientIDKey }} + {{- end }} + {{- if not .Values.config.providers.secretKeys.oidcClientSecretKey}} + - name: PENPOT_OIDC_CLIENT_SECRET + value: {{ .Values.config.providers.oidc.clientSecret | quote }} + {{- else }} + - name: PENPOT_OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.config.providers.existingSecret }} + key: {{ .Values.config.providers.secretKeys.oidcClientSecretKey }} + {{- end }} + {{- if .Values.config.providers.oidc.authURI }} + - name: PENPOT_OIDC_AUTH_URI + value: {{ .Values.config.providers.oidc.authURI | quote }} + {{- end }} + {{- if .Values.config.providers.oidc.tokenURI }} + - name: PENPOT_OIDC_TOKEN_URI + value: {{ .Values.config.providers.oidc.tokenURI | quote }} + {{- end }} + {{- if .Values.config.providers.oidc.userURI }} + - name: PENPOT_OIDC_USER_URI + value: {{ .Values.config.providers.oidc.userURI | quote }} + {{- end }} + {{- if .Values.config.providers.oidc.roles }} + - name: PENPOT_OIDC_ROLES + value: {{ .Values.config.providers.oidc.roles | quote }} + {{- end }} + {{- if .Values.config.providers.oidc.rolesAttribute }} + - name: PENPOT_OIDC_ROLES_ATTR + value: {{ .Values.config.providers.oidc.rolesAttribute | quote }} + {{- end }} + {{- if .Values.config.providers.oidc.scopes }} + - name: PENPOT_OIDC_SCOPES + value: {{ .Values.config.providers.oidc.scopes | quote }} + {{- end }} + {{- if .Values.config.providers.oidc.nameAttribute }} + - name: PENPOT_OIDC_NAME_ATTR + value: {{ .Values.config.providers.oidc.nameAttribute | quote }} + {{- end }} + {{- if .Values.config.providers.oidc.emailAttribute }} + - name: PENPOT_OIDC_EMAIL_ATTR + value: {{ .Values.config.providers.oidc.emailAttribute | quote }} + {{- end }} + {{- end }} + + {{- if .Values.config.providers.ldap.enabled }} + {{- if .Values.config.providers.ldap.host }} + - name: PENPOT_LDAP_HOST + value: {{ .Values.config.providers.ldap.host | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.port }} + - name: PENPOT_LDAP_PORT + value: {{ .Values.config.providers.ldap.port | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.ssl }} + - name: PENPOT_LDAP_SSL + value: {{ .Values.config.providers.ldap.ssl | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.startTLS }} + - name: PENPOT_LDAP_STARTTLS + value: {{ .Values.config.providers.ldap.startTLS | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.baseDN }} + - name: PENPOT_LDAP_BASE_DN + value: {{ .Values.config.providers.ldap.baseDN | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.bindDN }} + - name: PENPOT_LDAP_BIND_DN + value: {{ .Values.config.providers.ldap.bindDN | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.bindPassword }} + - name: PENPOT_LDAP_BIND_PASSWORD + value: {{ .Values.config.providers.ldap.bindPassword | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.attributesUsername }} + - name: PENPOT_LDAP_ATTRS_USERNAME + value: {{ .Values.config.providers.ldap.attributesUsername | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.attributesEmail }} + - name: PENPOT_LDAP_ATTRS_EMAIL + value: {{ .Values.config.providers.ldap.attributesEmail | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.attributesFullname }} + - name: PENPOT_LDAP_ATTRS_FULLNAME + value: {{ .Values.config.providers.ldap.attributesFullname | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.attributesPhoto }} + - name: PENPOT_LDAP_ATTRS_PHOTO + value: {{ .Values.config.providers.ldap.attributesPhoto | quote }} + {{- end }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.exporter.service.port }} + protocol: TCP + resources: + {{- toYaml .Values.exporter.resources | nindent 12 }} + {{- with .Values.exporter.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.exporter.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.exporter.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end -}} \ No newline at end of file diff --git a/.gimlet/k8s/penpot/templates/exporter/service.yaml b/.gimlet/k8s/penpot/templates/exporter/service.yaml new file mode 100644 index 000000000..75985e86d --- /dev/null +++ b/.gimlet/k8s/penpot/templates/exporter/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "penpot.fullname" . }}-exporter + namespace: {{ .Release.Namespace }} + labels: + {{- include "penpot.labels" . | nindent 4 }} +spec: + type: {{ .Values.exporter.service.type }} + ports: + - port: {{ .Values.exporter.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "penpot.exporterSelectorLabels" . | nindent 4 }} diff --git a/.gimlet/k8s/penpot/templates/frontend/configmap.yaml b/.gimlet/k8s/penpot/templates/frontend/configmap.yaml new file mode 100644 index 000000000..b31698d6f --- /dev/null +++ b/.gimlet/k8s/penpot/templates/frontend/configmap.yaml @@ -0,0 +1,129 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ include "penpot.fullname" . }}-frontend-nginx" + namespace: {{ .Release.Namespace }} + labels: + {{- include "penpot.labels" . | nindent 4 }} +data: + nginx.conf: | + user www-data; + worker_processes auto; + pid /run/nginx.pid; + include /etc/nginx/modules-enabled/*.conf; + + events { + worker_connections 2048; + # multi_accept on; + } + + http { + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_requests 30; + keepalive_timeout 65; + types_hash_max_size 2048; + + server_tokens off; + + reset_timedout_connection on; + client_body_timeout 30s; + client_header_timeout 30s; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + error_log /dev/stdout; + access_log /dev/stdout; + + gzip on; + gzip_vary on; + gzip_proxied any; + gzip_static on; + gzip_comp_level 4; + gzip_buffers 16 8k; + gzip_http_version 1.1; + + gzip_types text/plain text/css text/javascript application/javascript application/json application/transit+json; + + resolver 127.0.0.11; + + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + + server { + listen 80 default_server; + server_name _; + + client_max_body_size 100M; + charset utf-8; + + proxy_http_version 1.1; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + etag off; + root /var/www/app/; + + location ~* \.(js|css).*$ { + add_header Cache-Control "max-age=86400" always; # 24 hours + } + + location ~* \.(html).*$ { + add_header Cache-Control "no-cache, max-age=0" always; + } + + location /api/export { + proxy_pass http://{{ include "penpot.fullname" . }}-exporter:6061; + } + + location /api { + proxy_pass http://{{ include "penpot.fullname" . }}-backend:6060/api; + } + + location /ws/notifications { + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_pass http://{{ include "penpot.fullname" . }}-backend:6060/ws/notifications; + } + + location @handle_redirect { + set $redirect_uri "$upstream_http_location"; + set $redirect_host "$upstream_http_x_host"; + set $redirect_cache_control "$upstream_http_cache_control"; + + proxy_buffering off; + + proxy_set_header Host "$redirect_host"; + proxy_hide_header etag; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header x-amz-meta-server-side-encryption; + proxy_hide_header x-amz-server-side-encryption; + proxy_pass $redirect_uri; + + add_header x-internal-redirect "$redirect_uri"; + add_header x-cache-control "$redirect_cache_control"; + add_header cache-control "$redirect_cache_control"; + } + + location /assets { + proxy_pass http://{{ include "penpot.fullname" . }}-backend:6060/assets; + recursive_error_pages on; + proxy_intercept_errors on; + error_page 301 302 307 = @handle_redirect; + } + + location /internal/assets { + internal; + alias /opt/data/assets; + add_header x-internal-redirect "$upstream_http_x_accel_redirect"; + } + } + } diff --git a/.gimlet/k8s/preview-frontend/templates/frontend.yaml b/.gimlet/k8s/penpot/templates/frontend/deployment.yaml similarity index 97% rename from .gimlet/k8s/preview-frontend/templates/frontend.yaml rename to .gimlet/k8s/penpot/templates/frontend/deployment.yaml index c9b928463..6e0373fcb 100644 --- a/.gimlet/k8s/preview-frontend/templates/frontend.yaml +++ b/.gimlet/k8s/penpot/templates/frontend/deployment.yaml @@ -2,9 +2,12 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "penpot.fullname" . }}-frontend - namespace: {{ .Values.namespace }} + namespace: {{ .Release.Namespace }} labels: {{- include "penpot.labels" . | nindent 4 }} + {{- with .Values.frontend.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: replicas: {{ .Values.frontend.replicaCount }} selector: @@ -20,16 +23,6 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "penpot.serviceAccountName" . }} - affinity: - podAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/instance - operator: In - values: - - {{ .Release.Name }} - topologyKey: "kubernetes.io/hostname" containers: - name: {{ .Chart.Name }}-frontend image: "{{ .Values.frontend.image.repository }}:{{ .Values.frontend.image.tag }}" diff --git a/.gimlet/k8s/preview-frontend/templates/ingress.yaml b/.gimlet/k8s/penpot/templates/frontend/ingress.yaml similarity index 94% rename from .gimlet/k8s/preview-frontend/templates/ingress.yaml rename to .gimlet/k8s/penpot/templates/frontend/ingress.yaml index 56155b571..eeeaa66cd 100644 --- a/.gimlet/k8s/preview-frontend/templates/ingress.yaml +++ b/.gimlet/k8s/penpot/templates/frontend/ingress.yaml @@ -12,7 +12,7 @@ apiVersion: extensions/v1beta1 kind: Ingress metadata: name: {{ $fullName }} - namespace: {{ .Values.namespace }} + namespace: {{ .Release.Namespace }} labels: {{- include "penpot.labels" . | nindent 4 }} {{- with .Values.frontend.ingress.annotations }} @@ -22,7 +22,7 @@ metadata: spec: {{- if .Values.frontend.ingress.tls }} tls: - {{- range .Values.ingress.tls }} + {{- range .Values.frontend.ingress.tls }} - hosts: {{- range .hosts }} - {{ . | quote }} diff --git a/.gimlet/k8s/preview-frontend/templates/service.yaml b/.gimlet/k8s/penpot/templates/frontend/service.yaml similarity index 90% rename from .gimlet/k8s/preview-frontend/templates/service.yaml rename to .gimlet/k8s/penpot/templates/frontend/service.yaml index 12ef09b33..2ceb04fd7 100644 --- a/.gimlet/k8s/preview-frontend/templates/service.yaml +++ b/.gimlet/k8s/penpot/templates/frontend/service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "penpot.fullname" . }} - namespace: {{ .Values.namespace }} + namespace: {{ .Release.Namespace }} labels: {{- include "penpot.labels" . | nindent 4 }} spec: diff --git a/.gimlet/k8s/penpot/templates/pvac.yaml b/.gimlet/k8s/penpot/templates/pvac.yaml new file mode 100644 index 000000000..d093f367f --- /dev/null +++ b/.gimlet/k8s/penpot/templates/pvac.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "penpot.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: +{{- include "penpot.labels" . | nindent 4 }} +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- if .Values.persistence.storageClass }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end -}} diff --git a/.gimlet/k8s/penpot/templates/serviceaccount.yaml b/.gimlet/k8s/penpot/templates/serviceaccount.yaml new file mode 100644 index 000000000..8c317c454 --- /dev/null +++ b/.gimlet/k8s/penpot/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.enabled -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "penpot.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "penpot.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/.gimlet/k8s/preview-frontend/values.yaml b/.gimlet/k8s/penpot/values.yaml similarity index 96% rename from .gimlet/k8s/preview-frontend/values.yaml rename to .gimlet/k8s/penpot/values.yaml index 31876c330..f3a560fab 100644 --- a/.gimlet/k8s/preview-frontend/values.yaml +++ b/.gimlet/k8s/penpot/values.yaml @@ -2,12 +2,10 @@ ## @section Global parameters -## @param global.postgresqlEnabled Whether to deploy the Bitnami PostgreSQL chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/postgresql) for configuration. ## @param global.redisEnabled Whether to deploy the Bitnami Redis chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/redis) for configuration. ## @param global.imagePullSecrets Global Docker registry secret names as an array. ## global: - postgresqlEnabled: false redisEnabled: false ## E.g. ## imagePullSecrets: @@ -37,6 +35,7 @@ serviceAccount: ## Penpot Backend ## backend: + labels: {} ## @param backend.image.repository The Docker repository to pull the image from. ## @param backend.image.tag The image tag to use. ## @param backend.image.imagePullPolicy The image pull policy to use. @@ -106,6 +105,9 @@ backend: ## Penpot Frontend ## frontend: + + labels: {} + ## @param frontend.image.repository The Docker repository to pull the image from. ## @param frontend.image.tag The image tag to use. ## @param frontend.image.imagePullPolicy The image pull policy to use. @@ -172,6 +174,7 @@ frontend: ## Penpot Exporter ## exporter: + enabled: true ## @param exporter.image.repository The Docker repository to pull the image from. ## @param exporter.image.tag The image tag to use. ## @param exporter.image.imagePullPolicy The image pull policy to use. @@ -243,12 +246,12 @@ exporter: persistence: ## @param persistence.enabled Enable persistence using Persistent Volume Claims. ## - enabled: true + enabled: false ## @param persistence.storageClass Persistent Volume storage class. ## If defined, storageClassName: . ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. ## - storageClass: standard-rwx + storageClass: "" ## @param persistence.size Persistent Volume size. ## size: 8Gi @@ -275,6 +278,7 @@ config: publicURI: "http://localhost:8080" flags: "enable-registration enable-login disable-demo-users disable-demo-warning" apiSecretKey: "b46a12cb4bedc6b9df8cb3f18c708b65" + ## @param config.postgresql.host The PostgreSQL host to connect to. ## @param config.postgresql.port The PostgreSQL host port to use. ## @param config.postgresql.database The PostgreSQL database to use. @@ -294,6 +298,7 @@ config: secretKeys: usernameKey: "" passwordKey: "" + ## @param config.redis.host The Redis host to connect to. ## @param config.redis.port The Redis host port to use. ## @param config.redis.database The Redis database to connect to. @@ -464,26 +469,24 @@ config: oidcClientIDKey: "" oidcClientSecretKey: "" +## @section PostgreSQL configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/postgresql)) -frontend: - image: - pullPolicy: IfNotPresent - repository: ghcr.io/tokens-studio/tokens-studio-for-penpot - tag: latest - ingress: - enabled: true - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - networking.gke.io/v1beta1.FrontendConfig: default-frontend-config +## @param postgresql.secret The secret to reference +## @param postgresql.owner The owner of the database +## @param postgresql.database Name for a custom database to create. +## @param postgresql.superUser The name of the secret for the superuser +## +postgresql: + enabled: false + secret: db-penpot-secrets + owner: penpot + database: penpot + superUser: db-penpot-superuser-secret -config: - publicURI: https://penpot.tokens.studio - redis: - host: penpot-redis-master.penpot.svc.cluster.local - postgresql: - host: penpot-db-rw - database: penpot - existingSecret: db-penpot-secrets - secretKeys: - usernameKey: username - passwordKey: password \ No newline at end of file +## @section Redis configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/redis)) + +## @param redis.auth.enabled Whether to enable password authentication. +## +redis: + auth: + enabled: false \ No newline at end of file diff --git a/.gimlet/k8s/preview-frontend/templates/namespace.yaml b/.gimlet/k8s/preview-frontend/templates/namespace.yaml deleted file mode 100644 index 562f206fc..000000000 --- a/.gimlet/k8s/preview-frontend/templates/namespace.yaml +++ /dev/null @@ -1,6 +0,0 @@ - apiVersion: v1 - kind: Namespace - metadata: - name: {{ .Values.namespace }} - labels: - toolkit.fluxcd.io/tenant: penpot-team \ No newline at end of file diff --git a/.gimlet/penpot-infra.yaml b/.gimlet/penpot-infra.yaml index a8889acc2..335fcdaa7 100644 --- a/.gimlet/penpot-infra.yaml +++ b/.gimlet/penpot-infra.yaml @@ -27,11 +27,10 @@ manifests: | spec: containers: - name: mailslurper - image: oryd/mailslurper:smtps-latest + image: sj26/mailcatcher:latest ports: - containerPort: 1025 - - containerPort: 4436 - - containerPort: 4437 + - containerPort: 1080 --- apiVersion: v1 kind: Service @@ -45,3 +44,37 @@ manifests: | - protocol: TCP port: 1025 targetPort: 1025 + --- + apiVersion: bitnami.com/v1alpha1 + kind: SealedSecret + metadata: + creationTimestamp: null + name: db-penpot-secrets + namespace: penpot + spec: + encryptedData: + password: AgBzAKLzhBGDrga3ojwgBnbaDmzxQkfoIcu90ji4iutq7t2OQCuJ/8NFD1KUw8hmQ6FlwQY3reaGqRnONdzdM2VyHQmXkaoXEzCAiARh9CWiwzwW2PG6KbSmHzo/YAt17Vkux0euc0z4JAceWqbXdm8Tl8FgUktFmJNY0OGIJ8CfLFNX8p6YujSoYpIRwjG0juiGhbPGeSkJguAAR7uwLwtjCNfFRuSqEDYeaRYHvhxGgh6pyJ70+qVzUQClFJEkVzNJu9CyGx48WSPDDpPbp+h84AWIIY25Cphk48DK/oNVikQitgMVOVBU8swcpz7MSVmKxs407vKRAWN4MGV2HkNrFwFjpQsksNAQ0KTfQrVigz1Hf985w4hji1gjifK7GbSgD9Kzz8pMni3gPMj0mr4y6Nhes+hc8AGTD3N+bhpJsAZKMzSZesdamWDiwyLi+ZPuPu+1/LBVLL68DAp6odKaposQfxeTKAkxqt/6s5jvKWPl3kQ9ud2cg/8Mw3B5pqzKK4dUwUdI1pNV4GyLTj9b+M1aDYaqGmYLzZVcYxeBVh27EFC2aon8/3zkXy6Hm/BZK/aZkrmO5sJTQRYRjnlG6rRtHCWcnXI6KKqKjU5GDFk2otqrlxPMQyXyjbwycP3rTHmhAaHWkR+fOETcq+kNbVUcaR3XTCw7T1qFZ4dtaBN02RHbRE3qxs/SjGMPnzfKQs1626gHAayZqxprpfz6mT0u0Hkn2NGg6RlJr36CxfE= + username: AgBw5ALuBj1TpQc5dmyLW927WQO9AXgdyqYeXHwzXbLKIdyAkyihVIkTSD/MS/InTbsiFIYPvZptpAjpWc9p2IN8nvLbEjc8JXS7DA3NDr/SN7J70oDOKS/vT4Vlz4yX/6fmU8pGvjMh22ELBbruxWS+a6Nty/XcZPqJ8gMuj/vAnticq+i4Rmuy1aghEfsYzPVSigS5QfnnFsMBA5lZS7rgiv4voudi5aAh8luIsDx9eCk2WxcN+9f816MYXBxcZL853h4lIQziOfs8LK0jCZm62yOeckmuMt0EznGEwAS1Magrw9PnZdSDOHvTrugRT/sx8JzkpEorJQXTA/6hXT9tqTbZuLnHMcdVGAcU9+1QcJPtlhYH05irbDqMs5IgxqCW7ch3gtiIS1hTRGpaG+LoNGREcZZtiWxkgcVhJG8E+5ailyt0B/NO+RgjYjjK+tH/hcGd2hABvkmS1f9FUHIRdE0uiwvwM/hWU9qTJcSHdN3mJ96/7lQvfnDoDDP8zS09Co0E0zLmLFSAEvOIz7HMvE0Bw2UPzcy4N8J2y+u4m0327FUUN96Y3e2L+o1SrVw/CJO1/haN34j1SMUFh/4q63VvNLDfUD69QbpjMtjNrvhqNWyyET1QNWl4SFsfbMdC7/rXM9Lpg4GEZ6R5G/QcTb27Zo5UuOeFP060XiWJ1/bD8tiZKU1K1QTwJ0Uur3MDcrYRvGw= + template: + metadata: + creationTimestamp: null + name: db-penpot-secrets + namespace: penpot + type: Opaque + --- + apiVersion: bitnami.com/v1alpha1 + kind: SealedSecret + metadata: + creationTimestamp: null + name: db-penpot-superuser-secret + namespace: penpot + spec: + encryptedData: + password: AgBwTdp950SD3x9c1CjlAz4MGEN3tTDQH0iKLW1e4itCEB+W7c6hf+t2nc4VYLAhxCbMfs+sS2onSuoIuzr7/wTLtia3gSaRAgPFu2t91m6s51ewMMrPxoAmIdpHiojCnBXdhuc6XjinOs40MOoS6/qY1WjEXaPyvKBeMdFkKAdDTvMW6WA9xel8Jyf3U6Tz8/Onj1VAAnhgehFvPMZ1uDCEtUfKDPAe+za4S1SRAL81iNwJCVQJrQdetDpcIMnKkMbUvy8RFDmPPKJ6lxZHFk8ztJgCXlj55ViWlEmUC3QHtktnB0QYd+B2rFf6j/66ozgzyiqHd4nXCuRiCxnFSgFMrWYbaDheJEN4rgDNZBITIBiqnlH5HntieQHj9YohsVkr7r0FObtKpePV1t+Sb0RptJ9+LWexkSs6Rvq3HNj7JdOLN/QVsIZbiU4ctRMjxiVsyl7PDZe84tx3Kl6BiUOrClN8QR6huLLnIdVXetMbrPDDQOCI4FiH5UghLRlPdNkvpoeYLfL79Mxy5yOG+xkydM5HR7//NMGDqP7hf+vZFe8/EKuaSExUX6S0AT+hQVkmWcwy7OKq2Ra37XezjmWf6KGiHAL8Idn47E+PQ5axAlkZ1MgkjB+pc/2Lpyo3bfINa7avf03nOKwJl01cChB9O4bDkUfDh7N+26YkqlwMm6aU4dm80fydsPRBikTKTWafpLsQqtimv1ANTYHvbDDEsufK95O/cq8ER/fTAmmrcg== + username: AgAIwqIbS5Ze9e4sefyg77opd801epCHPewxEb+VuuJrxIl4+gFroopQNf/lhRQRFX1unI0PaR/iV5szaIaDmIYz3JQ3OxCyF1zeDYr6YhYNQMtkLgRJRrBr0j7TQPAKwLmgtZok7hDIvTj5bQ2dydibQ1Zg8N1valb03X6Vs/ivvvO3KvQEDckdGgD7UauL8onapU6KAFU5Hu9aEkvMTk4CGNpuLxGhYdA1+HLpLdQYBQPaJyEblGoko4wyv+pF/3m1tRBSQ1L8HsUXfAEn5dAd+0qkS5IvwOM8zXnZcT0ohXmY2mXjvPyv2phOKElQYURPwq9PPI+Sc5Ff7QHcVLjwQ+DYtSMDlRSt5BektWC+peBJfxZQ/X6w2AmICtdkOT03rrMxn0sWKIgQkvmJ0jkERAYlvifcoRmbof0wbFh+ANa0NpGLvxwiG+DsQ6eAsTB0Nu3wPCCBFZOUuTxS+yb4BjE3KPNGgVI6XtArxPnO3z3xglfI/nKDTY1rC2e0ZE72BDnhsLAwQTTgb/R/X2mvS7a0YXJ0gOpAgwP92K9zy1GA9ov2uTVZ2wbb39E69OxMKcbetDWirQrSYMqLYzJ1+W2cBbNdCcYQ2xnSM9cdEd2sPcFJ3NDVQeQRhxSTI6UfKWphUeksqwdW+VN7aODlUzMSxBCwGnxuaS6OVzOdLzQnORdyhyD8zclh5e0AXJpvqs+Z4CuvZA== + template: + metadata: + creationTimestamp: null + name: db-penpot-superuser-secret + namespace: penpot + type: Opaque \ No newline at end of file diff --git a/.gimlet/penpot-pr.yaml b/.gimlet/penpot-pr.yaml index f8cdaaf58..c0bdc8588 100644 --- a/.gimlet/penpot-pr.yaml +++ b/.gimlet/penpot-pr.yaml @@ -1,25 +1,88 @@ app: penpot-pr-{{ .BRANCH | sanitizeDNSName }} # TODO move to staging cluster when ready env: prod +namespace: penpot deploy: event: pr cleanup: event: branchDeleted app: penpot-pr-{{ .BRANCH | sanitizeDNSName }} chart: - name: https://github.com/tokens-studio/tokens-studio-for-penpot.git?branch={{ .BRANCH }}&path=/.gimlet/k8s/preview-frontend/ + name: https://github.com/tokens-studio/tokens-studio-for-penpot.git?branch={{ .BRANCH }}&path=/.gimlet/k8s/penpot/ values: - namespace: "{{ .BRANCH | sanitizeDNSName }}" + redis: + replica: + replicaCount: 0 + global: + # Try use the existing redis + redisEnabled: false + imagePullSecrets: + - name: ghcr-login-secret + postgresql: + # use the existing db + enabled: false + owner: penpot + database: penpot + # Assumed specified in infra + secret: db-penpot-secrets + superUser: db-penpot-superuser-secret + config: + telemetryEnabled: false + assets: + storageBackend: assets-s3 + s3: + region: eu-west + bucket: assets + endpointURI: http://minio.penpot.svc.cluster.local:80 + existingSecret: + penpot-assets-user-0 + secretKeys: + accessKeyIDKey: CONSOLE_ACCESS_KEY + secretAccessKey: CONSOLE_SECRET_KEY + flags: 'enable-smtp' + smtp: + enabled: true + host: mailslurper + defaultFrom: no-reply@penpot.tokens.studio + defaultReplyTo: no-reply@penpot.tokens.studio + username: test + password: test + tls: false + ssl: false + port: 1025 + publicURI: https://{{ .BRANCH | sanitizeDNSName }}.penpot.alpha.tokens.studio + redis: + host: penpot-redis-master.penpot.svc.cluster.local + postgresql: + # note that this is unchanged + host: penpot-db-rw + database: penpot + existingSecret: db-penpot-secrets + secretKeys: + usernameKey: username + passwordKey: password + backend: + image: + pullPolicy: Always + repository: ghcr.io/tokens-studio/tokens-studio-for-penpot + tag: 'pr-backend-{{ .BRANCH | sanitizeDNSName }}' + exporter: + # Unlikely to be used + enabled: false frontend: - image: - pullPolicy: IfNotPresent - repository: ghcr.io/tokens-studio/tokens-studio-for-penpot - tag: 'frontend-pr-{{ .SHA }}' - ingress: - hosts: - - host: "{{ .BRANCH | sanitizeDNSName }}.penpot.staging.tokens.studio" - tls: - - secretName: tls-penpot - hosts: - - "{{ .BRANCH | sanitizeDNSName }}.penpot.staging.tokens.studio" - \ No newline at end of file + labels: + portService: tokens-studio-for-penpot + image: + pullPolicy: Always + repository: ghcr.io/tokens-studio/tokens-studio-for-penpot + tag: 'pr-frontend-{{ .BRANCH | sanitizeDNSName }}' + ingress: + enabled: true + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + hosts: + - host: "{{ .BRANCH | sanitizeDNSName }}.penpot.alpha.tokens.studio" + tls: + - secretName: tls-penpot-{{ .BRANCH | sanitizeDNSName }} + hosts: + - "{{ .BRANCH | sanitizeDNSName }}.penpot.alpha.tokens.studio" diff --git a/.gimlet/penpot-prod.yaml b/.gimlet/penpot-prod.yaml index 07a0d819a..1dff095e4 100644 --- a/.gimlet/penpot-prod.yaml +++ b/.gimlet/penpot-prod.yaml @@ -1,175 +1,78 @@ app: penpot env: prod +namespace: penpot deploy: branch: token-studio-develop event: push -manifests: | - apiVersion: source.toolkit.fluxcd.io/v1beta2 - kind: HelmRepository - metadata: - name: codechem - namespace: penpot - spec: - interval: 5m - url: https://charts.codechem.com - --- - apiVersion: bitnami.com/v1alpha1 - kind: SealedSecret - metadata: - creationTimestamp: null - name: db-penpot-secrets - namespace: penpot - spec: - encryptedData: - password: AgBzAKLzhBGDrga3ojwgBnbaDmzxQkfoIcu90ji4iutq7t2OQCuJ/8NFD1KUw8hmQ6FlwQY3reaGqRnONdzdM2VyHQmXkaoXEzCAiARh9CWiwzwW2PG6KbSmHzo/YAt17Vkux0euc0z4JAceWqbXdm8Tl8FgUktFmJNY0OGIJ8CfLFNX8p6YujSoYpIRwjG0juiGhbPGeSkJguAAR7uwLwtjCNfFRuSqEDYeaRYHvhxGgh6pyJ70+qVzUQClFJEkVzNJu9CyGx48WSPDDpPbp+h84AWIIY25Cphk48DK/oNVikQitgMVOVBU8swcpz7MSVmKxs407vKRAWN4MGV2HkNrFwFjpQsksNAQ0KTfQrVigz1Hf985w4hji1gjifK7GbSgD9Kzz8pMni3gPMj0mr4y6Nhes+hc8AGTD3N+bhpJsAZKMzSZesdamWDiwyLi+ZPuPu+1/LBVLL68DAp6odKaposQfxeTKAkxqt/6s5jvKWPl3kQ9ud2cg/8Mw3B5pqzKK4dUwUdI1pNV4GyLTj9b+M1aDYaqGmYLzZVcYxeBVh27EFC2aon8/3zkXy6Hm/BZK/aZkrmO5sJTQRYRjnlG6rRtHCWcnXI6KKqKjU5GDFk2otqrlxPMQyXyjbwycP3rTHmhAaHWkR+fOETcq+kNbVUcaR3XTCw7T1qFZ4dtaBN02RHbRE3qxs/SjGMPnzfKQs1626gHAayZqxprpfz6mT0u0Hkn2NGg6RlJr36CxfE= - username: AgBw5ALuBj1TpQc5dmyLW927WQO9AXgdyqYeXHwzXbLKIdyAkyihVIkTSD/MS/InTbsiFIYPvZptpAjpWc9p2IN8nvLbEjc8JXS7DA3NDr/SN7J70oDOKS/vT4Vlz4yX/6fmU8pGvjMh22ELBbruxWS+a6Nty/XcZPqJ8gMuj/vAnticq+i4Rmuy1aghEfsYzPVSigS5QfnnFsMBA5lZS7rgiv4voudi5aAh8luIsDx9eCk2WxcN+9f816MYXBxcZL853h4lIQziOfs8LK0jCZm62yOeckmuMt0EznGEwAS1Magrw9PnZdSDOHvTrugRT/sx8JzkpEorJQXTA/6hXT9tqTbZuLnHMcdVGAcU9+1QcJPtlhYH05irbDqMs5IgxqCW7ch3gtiIS1hTRGpaG+LoNGREcZZtiWxkgcVhJG8E+5ailyt0B/NO+RgjYjjK+tH/hcGd2hABvkmS1f9FUHIRdE0uiwvwM/hWU9qTJcSHdN3mJ96/7lQvfnDoDDP8zS09Co0E0zLmLFSAEvOIz7HMvE0Bw2UPzcy4N8J2y+u4m0327FUUN96Y3e2L+o1SrVw/CJO1/haN34j1SMUFh/4q63VvNLDfUD69QbpjMtjNrvhqNWyyET1QNWl4SFsfbMdC7/rXM9Lpg4GEZ6R5G/QcTb27Zo5UuOeFP060XiWJ1/bD8tiZKU1K1QTwJ0Uur3MDcrYRvGw= - template: - metadata: - creationTimestamp: null - name: db-penpot-secrets - namespace: penpot - type: Opaque - --- - apiVersion: bitnami.com/v1alpha1 - kind: SealedSecret - metadata: - creationTimestamp: null - name: db-penpot-superuser-secret - namespace: penpot - spec: - encryptedData: - password: AgBwTdp950SD3x9c1CjlAz4MGEN3tTDQH0iKLW1e4itCEB+W7c6hf+t2nc4VYLAhxCbMfs+sS2onSuoIuzr7/wTLtia3gSaRAgPFu2t91m6s51ewMMrPxoAmIdpHiojCnBXdhuc6XjinOs40MOoS6/qY1WjEXaPyvKBeMdFkKAdDTvMW6WA9xel8Jyf3U6Tz8/Onj1VAAnhgehFvPMZ1uDCEtUfKDPAe+za4S1SRAL81iNwJCVQJrQdetDpcIMnKkMbUvy8RFDmPPKJ6lxZHFk8ztJgCXlj55ViWlEmUC3QHtktnB0QYd+B2rFf6j/66ozgzyiqHd4nXCuRiCxnFSgFMrWYbaDheJEN4rgDNZBITIBiqnlH5HntieQHj9YohsVkr7r0FObtKpePV1t+Sb0RptJ9+LWexkSs6Rvq3HNj7JdOLN/QVsIZbiU4ctRMjxiVsyl7PDZe84tx3Kl6BiUOrClN8QR6huLLnIdVXetMbrPDDQOCI4FiH5UghLRlPdNkvpoeYLfL79Mxy5yOG+xkydM5HR7//NMGDqP7hf+vZFe8/EKuaSExUX6S0AT+hQVkmWcwy7OKq2Ra37XezjmWf6KGiHAL8Idn47E+PQ5axAlkZ1MgkjB+pc/2Lpyo3bfINa7avf03nOKwJl01cChB9O4bDkUfDh7N+26YkqlwMm6aU4dm80fydsPRBikTKTWafpLsQqtimv1ANTYHvbDDEsufK95O/cq8ER/fTAmmrcg== - username: AgAIwqIbS5Ze9e4sefyg77opd801epCHPewxEb+VuuJrxIl4+gFroopQNf/lhRQRFX1unI0PaR/iV5szaIaDmIYz3JQ3OxCyF1zeDYr6YhYNQMtkLgRJRrBr0j7TQPAKwLmgtZok7hDIvTj5bQ2dydibQ1Zg8N1valb03X6Vs/ivvvO3KvQEDckdGgD7UauL8onapU6KAFU5Hu9aEkvMTk4CGNpuLxGhYdA1+HLpLdQYBQPaJyEblGoko4wyv+pF/3m1tRBSQ1L8HsUXfAEn5dAd+0qkS5IvwOM8zXnZcT0ohXmY2mXjvPyv2phOKElQYURPwq9PPI+Sc5Ff7QHcVLjwQ+DYtSMDlRSt5BektWC+peBJfxZQ/X6w2AmICtdkOT03rrMxn0sWKIgQkvmJ0jkERAYlvifcoRmbof0wbFh+ANa0NpGLvxwiG+DsQ6eAsTB0Nu3wPCCBFZOUuTxS+yb4BjE3KPNGgVI6XtArxPnO3z3xglfI/nKDTY1rC2e0ZE72BDnhsLAwQTTgb/R/X2mvS7a0YXJ0gOpAgwP92K9zy1GA9ov2uTVZ2wbb39E69OxMKcbetDWirQrSYMqLYzJ1+W2cBbNdCcYQ2xnSM9cdEd2sPcFJ3NDVQeQRhxSTI6UfKWphUeksqwdW+VN7aODlUzMSxBCwGnxuaS6OVzOdLzQnORdyhyD8zclh5e0AXJpvqs+Z4CuvZA== - template: - metadata: - creationTimestamp: null - name: db-penpot-superuser-secret - namespace: penpot - type: Opaque - --- - apiVersion: postgresql.cnpg.io/v1 - kind: Cluster - metadata: - name: penpot-db - namespace: penpot - spec: - instances: 1 - superuserSecret: - name: db-penpot-superuser-secret - bootstrap: - initdb: - database: penpot - owner: penpot - secret: - name: db-penpot-secrets - monitoring: - enablePodMonitor: true - storage: - size: 5Gi - --- - apiVersion: helm.toolkit.fluxcd.io/v2beta2 - kind: HelmRelease - metadata: - name: penpot - namespace: penpot - spec: - releaseName: penpot - chart: - spec: - version: "1.0.10" - chart: penpot - sourceRef: - kind: HelmRepository - name: codechem - interval: 50m - install: - remediation: - retries: 3 - values: - redis: - replica: - replicaCount: 0 - global: - postgresqlEnabled: false - redisEnabled: true - imagePullSecrets: - - name: ghcr-login-secret - persistence: - enabled: true - storageClass: standard-rwx - backend: - image: - pullPolicy: IfNotPresent - repository: ghcr.io/tokens-studio/tokens-studio-for-penpot - tag: 'backend-{{ .SHA }}' - frontend: - image: - pullPolicy: IfNotPresent - repository: ghcr.io/tokens-studio/tokens-studio-for-penpot - tag: 'frontend-{{ .SHA }}' - ingress: - enabled: true - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod +chart: + name: https://github.com/tokens-studio/tokens-studio-for-penpot.git?branch={{ .BRANCH }}&path=/.gimlet/k8s/penpot/ +values: + redis: + replica: + replicaCount: 0 + global: + redisEnabled: true + imagePullSecrets: + - name: ghcr-login-secret + postgresql: + enabled: true + owner: penpot + database: penpot + # Assumed specified in infra + secret: db-penpot-secrets + superUser: db-penpot-superuser-secret + config: + flags: 'enable-smtp' + assets: + storageBackend: assets-s3 + s3: + region: eu-west + bucket: assets + endpointURI: http://minio.penpot.svc.cluster.local:80 + existingSecret: + penpot-assets-user-0 + secretKeys: + accessKeyIDKey: CONSOLE_ACCESS_KEY + secretAccessKey: CONSOLE_SECRET_KEY + smtp: + enabled: true + host: mailslurper + defaultFrom: no-reply@penpot.tokens.studio + defaultReplyTo: no-reply@penpot.tokens.studio + username: test + password: test + tls: false + ssl: false + port: 1025 + publicURI: https://penpot.tokens.studio + redis: + host: penpot-redis-master.penpot.svc.cluster.local + postgresql: + host: penpot-db-rw + database: penpot + existingSecret: db-penpot-secrets + secretKeys: + usernameKey: username + passwordKey: password + backend: + image: + pullPolicy: IfNotPresent + repository: ghcr.io/tokens-studio/tokens-studio-for-penpot + tag: 'backend-{{ .SHA }}' + frontend: + labels: + portService: tokens-studio-for-penpot + image: + pullPolicy: IfNotPresent + repository: ghcr.io/tokens-studio/tokens-studio-for-penpot + tag: 'frontend-{{ .SHA }}' + ingress: + enabled: true + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + hosts: + - host: "penpot.tokens.studio" + tls: + - secretName: tls-penpot hosts: - - host: penpot.tokens.studio - tls: - - secretName: tls-penpot - hosts: - - penpot.tokens.studio - # https://github.com/codechem/helm/issues/15 - ingress: - tls: - - secretName: tls-penpot - hosts: - - penpot.tokens.studio - config: - publicURI: https://penpot.tokens.studio - smtp: - enabled: true - host: mailslurper - tls: false - port: 1025 - redis: - host: penpot-redis-master.penpot.svc.cluster.local - postgresql: - host: penpot-db-rw - database: penpot - existingSecret: db-penpot-secrets - secretKeys: - usernameKey: username - passwordKey: password -json6902Patches: -- target: - group: "apps" - version: "v1" - kind: "Deployment" - name: "penpot-frontend" - patch: | - --- - - op: add - path: /metadata/labels - value: - portService: tokens-studio-for-penpot -- target: - group: "apps" - version: "v1" - kind: "Deployment" - name: "penpot-exporter" - patch: | - --- - - op: add - path: /metadata/labels - value: - portService: tokens-studio-for-penpot -- target: - group: "apps" - version: "v1" - kind: "Deployment" - name: "penpot-backend" - patch: | - --- - - op: add - path: /metadata/labels - value: - portService: tokens-studio-for-penpot \ No newline at end of file + - penpot.tokens.studio \ No newline at end of file diff --git a/.github/workflows/cleanup.yaml b/.github/workflows/cleanup.yaml index 77facd090..f537e69dd 100644 --- a/.github/workflows/cleanup.yaml +++ b/.github/workflows/cleanup.yaml @@ -10,8 +10,36 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + - name: Determine the branch name + id: determine_branch + run: | + if [ "${{ github.event_name }}" == "pull_request" ]; then + echo "branch_name=${{ github.head_ref }}" >> $GITHUB_ENV + else + echo "branch_name=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV + fi + - name: Replace / with - in branch name + id: replace_slash + run: | + SANITIZED_BRANCH_NAME=$(echo "${{ env.branch_name }}" | tr '/' '-') + echo "sanitized_branch_name=${SANITIZED_BRANCH_NAME}" >> $GITHUB_ENV + - name: 🍍 Deploy with Gimlet uses: gimlet-io/gimlet-artifact-shipper-action@v0.8.3 env: GIMLET_SERVER: ${{ secrets.GIMLET_SERVER }} - GIMLET_TOKEN: ${{ secrets.GIMLET_TOKEN }} \ No newline at end of file + GIMLET_TOKEN: ${{ secrets.GIMLET_TOKEN }} + - name: Delete image + uses: bots-house/ghcr-delete-image-action@v1.1.0 + with: + owner: tokens-studio + name: tokens-studio-for-penpot + token: ${{ secrets.PAT_TOKEN }} + tag: pr-frontend-${{ env.sanitized_branch_name }} + - name: Delete image + uses: bots-house/ghcr-delete-image-action@v1.1.0 + with: + owner: tokens-studio + name: tokens-studio-for-penpot + token: ${{ secrets.PAT_TOKEN }} + tag: pr-backend-${{ env.sanitized_branch_name }} \ No newline at end of file diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index 23f9290ec..e0454b601 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -14,6 +14,9 @@ jobs: - dockerfile: Dockerfile.frontend type: pr-frontend name: frontend + - dockerfile: Dockerfile.backend + type: pr-backend + name: backend permissions: contents: read packages: write @@ -32,13 +35,27 @@ jobs: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.PAT_TOKEN }} + - name: Determine the branch name + id: determine_branch + run: | + if [ "${{ github.event_name }}" == "pull_request" ]; then + echo "branch_name=${{ github.head_ref }}" >> $GITHUB_ENV + else + echo "branch_name=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV + fi + + - name: Replace / with - in branch name + id: replace_slash + run: | + SANITIZED_BRANCH_NAME=$(echo "${{ env.branch_name }}" | tr '/' '-') + echo "sanitized_branch_name=${SANITIZED_BRANCH_NAME}" >> $GITHUB_ENV - name: Docker meta id: meta uses: docker/metadata-action@v5 with: tags: | - type=sha,format=long,prefix=${{matrix.type}}- + type=raw,enable=true,prefix=${{matrix.type}}-,value=${{ env.sanitized_branch_name }} images: | ghcr.io/tokens-studio/tokens-studio-for-penpot - name: prebuild @@ -67,5 +84,4 @@ jobs: uses: gimlet-io/gimlet-artifact-shipper-action@v0.8.3 env: GIMLET_SERVER: ${{ secrets.GIMLET_SERVER }} - GIMLET_TOKEN: ${{ secrets.GIMLET_TOKEN }} - DEPLOY: 'true' \ No newline at end of file + GIMLET_TOKEN: ${{ secrets.GIMLET_TOKEN }} \ No newline at end of file