From 66f67ddff4d9203e0ad71ba0f77842d85a8270da Mon Sep 17 00:00:00 2001 From: SorsOps <80043879+sorsOps@users.noreply.github.com> Date: Thu, 23 May 2024 15:13:43 +0200 Subject: [PATCH 1/3] Test PR deploys --- .gimlet/.penpot-pr.yaml | 25 + .gimlet/k8s/preview-frontend/chart.yaml | 17 + .../preview-frontend/templates/_helpers.tpl | 72 +++ .../preview-frontend/templates/frontend.yaml | 375 ++++++++++++++ .../preview-frontend/templates/ingress.yaml | 53 ++ .../preview-frontend/templates/namespace.yaml | 6 + .../preview-frontend/templates/service.yaml | 16 + .gimlet/k8s/preview-frontend/values.yaml | 489 ++++++++++++++++++ .github/workflows/pr.yaml | 69 +++ 9 files changed, 1122 insertions(+) create mode 100644 .gimlet/.penpot-pr.yaml create mode 100644 .gimlet/k8s/preview-frontend/chart.yaml create mode 100644 .gimlet/k8s/preview-frontend/templates/_helpers.tpl create mode 100644 .gimlet/k8s/preview-frontend/templates/frontend.yaml create mode 100644 .gimlet/k8s/preview-frontend/templates/ingress.yaml create mode 100644 .gimlet/k8s/preview-frontend/templates/namespace.yaml create mode 100644 .gimlet/k8s/preview-frontend/templates/service.yaml create mode 100644 .gimlet/k8s/preview-frontend/values.yaml create mode 100644 .github/workflows/pr.yaml diff --git a/.gimlet/.penpot-pr.yaml b/.gimlet/.penpot-pr.yaml new file mode 100644 index 000000000..64e7d2fb0 --- /dev/null +++ b/.gimlet/.penpot-pr.yaml @@ -0,0 +1,25 @@ +app: penpot-pr-{{ .BRANCH | sanitizeDNSName }} +# TODO move to staging cluster when ready +env: prod +deploy: + event: pr +cleanup: + event: branchDeleted + app: penpot-pr-{{ .BRANCH | sanitizeDNSName }} +chart: + name: https://github.com/tokens-studio/tokens-studio-for-penpot.git?branch={{ .BRANCH }}&path=/.gimlet/k8s/preview-frontend/ +values: + namespace: {{ .BRANCH | sanitizeDNSName }} + frontend: + image: + pullPolicy: IfNotPresent + repository: ghcr.io/tokens-studio/tokens-studio-for-penpot + tag: 'frontend-{{ .SHA }}' + ingress: + hosts: + - host: "{{ .BRANCH | sanitizeDNSName }}.penpot.staging.tokens.studio" + tls: + - secretName: tls-penpot + hosts: + - "{{ .BRANCH | sanitizeDNSName }}.penpot.staging.tokens.studio" + \ No newline at end of file diff --git a/.gimlet/k8s/preview-frontend/chart.yaml b/.gimlet/k8s/preview-frontend/chart.yaml new file mode 100644 index 000000000..41d354629 --- /dev/null +++ b/.gimlet/k8s/preview-frontend/chart.yaml @@ -0,0 +1,17 @@ +name: penpot-frontend-preview +maintainers: + - name: Tokens Studio + url: https://tokens.studio +apiVersion: v2 +appVersion: 1.16.0-beta +version: 1.0.0 +description: Penpot Preview chart +home: https://github.com/tokens-studio/tokens-studio-for-penpot +icon: https://avatars.githubusercontent.com/u/30179644?s=200&v=4 +keywords: + - kubernetes + - penpot + - penpotapp + - design +sources: + - https://github.com/penpot/penpot diff --git a/.gimlet/k8s/preview-frontend/templates/_helpers.tpl b/.gimlet/k8s/preview-frontend/templates/_helpers.tpl new file mode 100644 index 000000000..0cf66bf0c --- /dev/null +++ b/.gimlet/k8s/preview-frontend/templates/_helpers.tpl @@ -0,0 +1,72 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "penpot.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "penpot.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "penpot.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels. +*/}} +{{- define "penpot.labels" -}} +helm.sh/chart: {{ include "penpot.chart" . }} +app.kubernetes.io/name: {{ include "penpot.name" . }}-frontend +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels. +*/}} +{{- define "penpot.frontendSelectorLabels" -}} +app.kubernetes.io/name: {{ include "penpot.name" . }}-frontend +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} +{{- define "penpot.backendSelectorLabels" -}} +app.kubernetes.io/name: {{ include "penpot.name" . }}-backend +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} +{{- define "penpot.exporterSelectorLabels" -}} +app.kubernetes.io/name: {{ include "penpot.name" . }}-exporter +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the service account to use. +*/}} +{{- define "penpot.serviceAccountName" -}} +{{- if .Values.serviceAccount.enabled -}} + {{ default (include "penpot.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/.gimlet/k8s/preview-frontend/templates/frontend.yaml b/.gimlet/k8s/preview-frontend/templates/frontend.yaml new file mode 100644 index 000000000..c9b928463 --- /dev/null +++ b/.gimlet/k8s/preview-frontend/templates/frontend.yaml @@ -0,0 +1,375 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "penpot.fullname" . }}-frontend + namespace: {{ .Values.namespace }} + labels: + {{- include "penpot.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.frontend.replicaCount }} + selector: + matchLabels: + {{- include "penpot.frontendSelectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "penpot.frontendSelectorLabels" . | nindent 8 }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "penpot.serviceAccountName" . }} + affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - {{ .Release.Name }} + topologyKey: "kubernetes.io/hostname" + containers: + - name: {{ .Chart.Name }}-frontend + image: "{{ .Values.frontend.image.repository }}:{{ .Values.frontend.image.tag }}" + imagePullPolicy: {{ .Values.frontend.image.imagePullPolicy }} + env: + - name: PENPOT_PUBLIC_URI + value: {{ .Values.config.publicURI | quote }} + - name: PENPOT_FLAGS + value: "$PENPOT_FLAGS {{ .Values.config.flags }}" + - name: PENPOT_SECRET_KEY + value: {{ .Values.config.apiSecretKey | quote }} + - name: PENPOT_DATABASE_URI + value: "postgresql://{{ .Values.config.postgresql.host }}:{{ .Values.config.postgresql.port }}/{{ .Values.config.postgresql.database }}" + - name: PENPOT_DATABASE_USERNAME + {{- if not .Values.config.postgresql.secretKeys.usernameKey }} + value: {{ .Values.config.postgresql.username | quote }} + {{- else }} + valueFrom: + secretKeyRef: + name: {{ .Values.config.postgresql.existingSecret }} + key: {{ .Values.config.postgresql.secretKeys.usernameKey }} + {{- end }} + - name: PENPOT_DATABASE_PASSWORD + {{- if not .Values.config.postgresql.secretKeys.passwordKey }} + value: {{ .Values.config.postgresql.password | quote }} + {{- else }} + valueFrom: + secretKeyRef: + name: {{ .Values.config.postgresql.existingSecret }} + key: {{ .Values.config.postgresql.secretKeys.passwordKey }} + {{- end }} + - name: PENPOT_REDIS_URI + value: "redis://{{ .Values.config.redis.host }}:{{ .Values.config.redis.port }}/{{ .Values.config.redis.database }}" + - name: PENPOT_ASSETS_STORAGE_BACKEND + value: {{ .Values.config.assets.storageBackend | quote }} + {{- if eq .Values.config.assets.storageBackend "assets-fs" }} + - name: PENPOT_STORAGE_ASSETS_FS_DIRECTORY + value: {{ .Values.config.assets.filesystem.directory | quote }} + {{- else if eq .Values.config.assets.storageBackend "assets-s3" }} + - name: PENPOT_STORAGE_ASSETS_S3_REGION + value: {{ .Values.config.assets.s3.region | quote }} + - name: PENPOT_STORAGE_ASSETS_S3_BUCKET + value: {{ .Values.config.assets.s3.bucket | quote }} + - name: AWS_ACCESS_KEY_ID + {{- if not .Values.config.assets.s3.secretKeys.accessKeyIDKey }} + value: {{ .Values.config.assets.s3.accessKeyID | quote }} + {{- else }} + valueFrom: + secretKeyRef: + name: {{ .Values.config.assets.s3.existingSecret }} + key: {{ .Values.config.assets.s3.secretKeys.accessKeyIDKey }} + {{- end }} + - name: AWS_SECRET_ACCESS_KEY + {{- if not .Values.config.assets.s3.secretKeys.secretAccessKey }} + value: {{ .Values.config.assets.s3.secretAccessKey | quote }} + {{- else }} + valueFrom: + secretKeyRef: + name: {{ .Values.config.assets.s3.existingSecret }} + key: {{ .Values.config.assets.s3.secretKeys.secretAccessKey }} + {{- end }} + - name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT + {{- if not .Values.config.assets.s3.secretKeys.endpointURIKey }} + value: {{ .Values.config.assets.s3.endpointURI | quote }} + {{- else }} + valueFrom: + secretKeyRef: + name: {{ .Values.config.assets.s3.existingSecret }} + key: {{ .Values.config.assets.s3.secretKeys.endpointURIKey }} + {{- end }} + {{- end }} + - name: PENPOT_TELEMETRY_ENABLED + value: {{ .Values.config.telemetryEnabled | quote }} + + {{- if .Values.config.smtp.enabled }} + {{- if .Values.config.smtp.defaultFrom }} + - name: PENPOT_SMTP_DEFAULT_FROM + value: {{ .Values.config.smtp.defaultFrom | quote }} + {{- end }} + {{- if .Values.config.smtp.defaultReplyTo }} + - name: PENPOT_SMTP_DEFAULT_REPLY_TO + value: {{ .Values.config.smtp.defaultReplyTo | quote }} + {{- end }} + {{- if .Values.config.smtp.host }} + - name: PENPOT_SMTP_HOST + value: {{ .Values.config.smtp.host | quote }} + {{- end }} + {{- if .Values.config.smtp.port }} + - name: PENPOT_SMTP_PORT + value: {{ .Values.config.smtp.port | quote }} + {{- end }} + {{- if not .Values.config.smtp.secretKeys.usernameKey }} + - name: PENPOT_SMTP_USERNAME + value: {{ .Values.config.smtp.username | quote }} + {{- else }} + - name: PENPOT_SMTP_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.config.smtp.existingSecret }} + key: {{ .Values.config.smtp.secretKeys.usernameKey }} + {{- end }} + {{- if not .Values.config.smtp.secretKeys.passwordKey }} + - name: PENPOT_SMTP_PASSWORD + value: {{ .Values.config.smtp.password | quote }} + {{- else }} + - name: PENPOT_SMTP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.config.smtp.existingSecret }} + key: {{ .Values.config.smtp.secretKeys.passwordKey }} + {{- end }} + {{- if .Values.config.smtp.tls }} + - name: PENPOT_SMTP_TLS + value: {{ .Values.config.smtp.tls | quote }} + {{- end }} + {{- if .Values.config.smtp.ssl }} + - name: PENPOT_SMTP_SSL + value: {{ .Values.config.smtp.ssl | quote }} + {{- end }} + {{- end }} + + + {{- if .Values.config.registrationDomainWhitelist }} + - name: PENPOT_REGISTRATION_DOMAIN_WHITELIST + value: {{ .Values.config.registrationDomainWhitelist | quote }} + {{- end }} + + {{- if .Values.config.providers.google.enabled }} + {{- if not .Values.config.providers.secretKeys.googleClientIDKey }} + - name: PENPOT_GOOGLE_CLIENT_ID + value: {{ .Values.config.providers.google.clientID | quote }} + {{- else }} + - name: PENPOT_GOOGLE_CLIENT_ID + valueFrom: + secretKeyRef: + name: {{ .Values.config.providers.existingSecret }} + key: {{ .Values.config.providers.secretKeys.googleClientIDKey }} + {{- end }} + {{- if not .Values.config.providers.secretKeys.googleClientSecretKey}} + - name: PENPOT_GOOGLE_CLIENT_SECRET + value: {{ .Values.config.providers.google.clientSecret | quote }} + {{- else }} + - name: PENPOT_GOOGLE_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.config.providers.existingSecret }} + key: {{ .Values.config.providers.secretKeys.googleClientSecretKey }} + {{- end }} + {{- end }} + + {{- if .Values.config.providers.github.enabled }} + {{- if not .Values.config.providers.secretKeys.githubClientIDKey }} + - name: PENPOT_GITHUB_CLIENT_ID + value: {{ .Values.config.providers.github.clientID | quote }} + {{- else }} + - name: PENPOT_GITHUB_CLIENT_ID + valueFrom: + secretKeyRef: + name: {{ .Values.config.providers.existingSecret }} + key: {{ .Values.config.providers.secretKeys.githubClientIDKey }} + {{- end }} + {{- if not .Values.config.providers.secretKeys.githubClientSecretKey }} + - name: PENPOT_GITHUB_CLIENT_SECRET + value: {{ .Values.config.providers.github.clientSecret | quote }} + {{- else }} + - name: PENPOT_GITHUB_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.config.providers.existingSecret }} + key: {{ .Values.config.providers.secretKeys.githubClientSecretKey }} + {{- end }} + {{- end }} + + {{- if .Values.config.providers.gitlab.enabled }} + {{- if .Values.config.providers.gitlab.baseURI }} + - name: PENPOT_GITLAB_BASE_URI + value: {{ .Values.config.providers.gitlab.baseURI | quote }} + {{- end }} + {{- if not .Values.config.providers.secretKeys.gitlabClientIDKey }} + - name: PENPOT_GITLAB_CLIENT_ID + value: {{ .Values.config.providers.gitlab.clientID | quote }} + {{- else }} + - name: PENPOT_GITLAB_CLIENT_ID + valueFrom: + secretKeyRef: + name: {{ .Values.config.providers.existingSecret }} + key: {{ .Values.config.providers.secretKeys.gitlabClientIDKey }} + {{- end }} + {{- if not .Values.config.providers.secretKeys.gitlabClientSecretKey }} + - name: PENPOT_GITLAB_CLIENT_SECRET + value: {{ .Values.config.providers.gitlab.clientSecret | quote }} + {{- else }} + - name: PENPOT_GITLAB_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.config.providers.existingSecret }} + key: {{ .Values.config.providers.secretKeys.gitlabClientSecretKey }} + {{- end }} + {{- end }} + + {{- if .Values.config.providers.oidc.enabled }} + {{- if .Values.config.providers.oidc.baseURI }} + - name: PENPOT_OIDC_BASE_URI + value: {{ .Values.config.providers.oidc.baseURI | quote }} + {{- end }} + {{- if not .Values.config.providers.secretKeys.oidcClientIDKey }} + - name: PENPOT_OIDC_CLIENT_ID + value: {{ .Values.config.providers.oidc.clientID | quote}} + {{- else }} + - name: PENPOT_OIDC_CLIENT_ID + valueFrom: + secretKeyRef: + name: {{ .Values.config.providers.existingSecret }} + key: {{ .Values.config.providers.secretKeys.oidcClientIDKey }} + {{- end }} + {{- if not .Values.config.providers.secretKeys.oidcClientSecretKey}} + - name: PENPOT_OIDC_CLIENT_SECRET + value: {{ .Values.config.providers.oidc.clientSecret | quote }} + {{- else }} + - name: PENPOT_OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.config.providers.existingSecret }} + key: {{ .Values.config.providers.secretKeys.oidcClientSecretKey }} + {{- end }} + {{- if .Values.config.providers.oidc.authURI }} + - name: PENPOT_OIDC_AUTH_URI + value: {{ .Values.config.providers.oidc.authURI | quote }} + {{- end }} + {{- if .Values.config.providers.oidc.tokenURI }} + - name: PENPOT_OIDC_TOKEN_URI + value: {{ .Values.config.providers.oidc.tokenURI | quote }} + {{- end }} + {{- if .Values.config.providers.oidc.userURI }} + - name: PENPOT_OIDC_USER_URI + value: {{ .Values.config.providers.oidc.userURI | quote }} + {{- end }} + {{- if .Values.config.providers.oidc.roles }} + - name: PENPOT_OIDC_ROLES + value: {{ .Values.config.providers.oidc.roles | quote }} + {{- end }} + {{- if .Values.config.providers.oidc.rolesAttribute }} + - name: PENPOT_OIDC_ROLES_ATTR + value: {{ .Values.config.providers.oidc.rolesAttribute | quote }} + {{- end }} + {{- if .Values.config.providers.oidc.scopes }} + - name: PENPOT_OIDC_SCOPES + value: {{ .Values.config.providers.oidc.scopes | quote }} + {{- end }} + {{- if .Values.config.providers.oidc.nameAttribute }} + - name: PENPOT_OIDC_NAME_ATTR + value: {{ .Values.config.providers.oidc.nameAttribute | quote }} + {{- end }} + {{- if .Values.config.providers.oidc.emailAttribute }} + - name: PENPOT_OIDC_EMAIL_ATTR + value: {{ .Values.config.providers.oidc.emailAttribute | quote }} + {{- end }} + {{- end }} + + {{- if .Values.config.providers.ldap.enabled }} + {{- if .Values.config.providers.ldap.host }} + - name: PENPOT_LDAP_HOST + value: {{ .Values.config.providers.ldap.host | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.port }} + - name: PENPOT_LDAP_PORT + value: {{ .Values.config.providers.ldap.port | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.ssl }} + - name: PENPOT_LDAP_SSL + value: {{ .Values.config.providers.ldap.ssl | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.startTLS }} + - name: PENPOT_LDAP_STARTTLS + value: {{ .Values.config.providers.ldap.startTLS | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.baseDN }} + - name: PENPOT_LDAP_BASE_DN + value: {{ .Values.config.providers.ldap.baseDN | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.bindDN }} + - name: PENPOT_LDAP_BIND_DN + value: {{ .Values.config.providers.ldap.bindDN | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.bindPassword }} + - name: PENPOT_LDAP_BIND_PASSWORD + value: {{ .Values.config.providers.ldap.bindPassword | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.attributesUsername }} + - name: PENPOT_LDAP_ATTRS_USERNAME + value: {{ .Values.config.providers.ldap.attributesUsername | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.attributesEmail }} + - name: PENPOT_LDAP_ATTRS_EMAIL + value: {{ .Values.config.providers.ldap.attributesEmail | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.attributesFullname }} + - name: PENPOT_LDAP_ATTRS_FULLNAME + value: {{ .Values.config.providers.ldap.attributesFullname | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.attributesPhoto }} + - name: PENPOT_LDAP_ATTRS_PHOTO + value: {{ .Values.config.providers.ldap.attributesPhoto | quote }} + {{- end }} + {{- end }} + volumeMounts: + - mountPath: /opt/data + name: app-data + readOnly: false + - mountPath: /etc/nginx/nginx.conf + name: "{{ include "penpot.fullname" . }}-frontend-nginx" + readOnly: true + subPath: nginx.conf + ports: + - name: http + containerPort: {{ .Values.frontend.service.port }} + protocol: TCP + resources: + {{- toYaml .Values.frontend.resources | nindent 12 }} + {{- with .Values.frontend.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.frontend.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.frontend.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: app-data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default ( include "penpot.fullname" . ) }} + {{- else }} + emptyDir: {} + {{- end }} + - configMap: + defaultMode: 420 + name: "{{ include "penpot.fullname" . }}-frontend-nginx" + name: "{{ include "penpot.fullname" . }}-frontend-nginx" diff --git a/.gimlet/k8s/preview-frontend/templates/ingress.yaml b/.gimlet/k8s/preview-frontend/templates/ingress.yaml new file mode 100644 index 000000000..56155b571 --- /dev/null +++ b/.gimlet/k8s/preview-frontend/templates/ingress.yaml @@ -0,0 +1,53 @@ +{{- if .Values.frontend.ingress.enabled -}} +{{- $gitVersion := .Capabilities.KubeVersion.GitVersion -}} +{{- $fullName := include "penpot.fullname" . -}} +{{- $svcPort := .Values.frontend.service.port -}} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Values.namespace }} + labels: + {{- include "penpot.labels" . | nindent 4 }} + {{- with .Values.frontend.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if .Values.frontend.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.frontend.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: +{{ if semverCompare ">=1.19-0" $gitVersion }} + - path: / + pathType: Prefix + backend: + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} +{{ else }} + - path: / + backend: + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} +{{- end }} + {{- end }} +{{- end }} diff --git a/.gimlet/k8s/preview-frontend/templates/namespace.yaml b/.gimlet/k8s/preview-frontend/templates/namespace.yaml new file mode 100644 index 000000000..562f206fc --- /dev/null +++ b/.gimlet/k8s/preview-frontend/templates/namespace.yaml @@ -0,0 +1,6 @@ + apiVersion: v1 + kind: Namespace + metadata: + name: {{ .Values.namespace }} + labels: + toolkit.fluxcd.io/tenant: penpot-team \ No newline at end of file diff --git a/.gimlet/k8s/preview-frontend/templates/service.yaml b/.gimlet/k8s/preview-frontend/templates/service.yaml new file mode 100644 index 000000000..12ef09b33 --- /dev/null +++ b/.gimlet/k8s/preview-frontend/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "penpot.fullname" . }} + namespace: {{ .Values.namespace }} + labels: + {{- include "penpot.labels" . | nindent 4 }} +spec: + type: {{ .Values.frontend.service.type }} + ports: + - port: {{ .Values.frontend.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "penpot.frontendSelectorLabels" . | nindent 4 }} diff --git a/.gimlet/k8s/preview-frontend/values.yaml b/.gimlet/k8s/preview-frontend/values.yaml new file mode 100644 index 000000000..8427aa116 --- /dev/null +++ b/.gimlet/k8s/preview-frontend/values.yaml @@ -0,0 +1,489 @@ +## Default values for Penpot + +## @section Global parameters + +## @param global.postgresqlEnabled Whether to deploy the Bitnami PostgreSQL chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/postgresql) for configuration. +## @param global.redisEnabled Whether to deploy the Bitnami Redis chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/redis) for configuration. +## @param global.imagePullSecrets Global Docker registry secret names as an array. +## +global: + postgresqlEnabled: false + redisEnabled: false + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + +## @section Common parameters + +## @param nameOverride String to partially override common.names.fullname +## +nameOverride: "" +## @param fullnameOverride String to fully override common.names.fullname +## +fullnameOverride: "" +## @param serviceAccount.enabled Specifies whether a ServiceAccount should be created. +## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`. +## @param serviceAccount.name The name of the ServiceAccount to use. If not set and enabled is true, a name is generated using the fullname template. +## +serviceAccount: + enabled: true + annotations: {} + name: "" + +## @section Backend parameters + +## Penpot Backend +## +backend: + ## @param backend.image.repository The Docker repository to pull the image from. + ## @param backend.image.tag The image tag to use. + ## @param backend.image.imagePullPolicy The image pull policy to use. + ## + image: + repository: penpotapp/backend + tag: 1.16.0-beta + imagePullPolicy: IfNotPresent + ## @param backend.replicaCount The number of replicas to deploy. + ## + replicaCount: 1 + ## @param backend.service.type The service type to create. + ## @param backend.service.port The service port to use. + ## + service: + type: ClusterIP + port: 6060 + ## Configure Pods Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param backend.podSecurityContext.enabled Enabled Penpot pods' security context + ## @param backend.podSecurityContext.fsGroup Set Penpot pod's security context fsGroup + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param backend.containerSecurityContext.enabled Enabled Penpot containers' security context + ## @param backend.containerSecurityContext.runAsUser Set Penpot containers' security context runAsUser + ## @param backend.containerSecurityContext.allowPrivilegeEscalation Set Penpot containers' security context allowPrivilegeEscalation + ## @param backend.containerSecurityContext.capabilities.drop Set Penpot containers' security context capabilities to be dropped + ## @param backend.containerSecurityContext.readOnlyRootFilesystem Set Penpot containers' security context readOnlyRootFilesystem + ## @param backend.containerSecurityContext.runAsNonRoot Set Penpot container's security context runAsNonRoot + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + allowPrivilegeEscalation: false + capabilities: + drop: + - all + readOnlyRootFilesystem: false + runAsNonRoot: true + ## @param backend.affinity Affinity for Penpot pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + ## @param backend.nodeSelector Node labels for Penpot pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param backend.tolerations Tolerations for Penpot pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## Penpot backend resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param backend.resources.limits The resources limits for the Penpot backend containers + ## @param backend.resources.requests The requested resources for the Penpot backend containers + ## + resources: + limits: {} + requests: {} + +## @section Frontend parameters + +## Penpot Frontend +## +frontend: + ## @param frontend.image.repository The Docker repository to pull the image from. + ## @param frontend.image.tag The image tag to use. + ## @param frontend.image.imagePullPolicy The image pull policy to use. + ## + image: + repository: penpotapp/frontend + tag: 1.16.0-beta + imagePullPolicy: IfNotPresent + ## @param frontend.replicaCount The number of replicas to deploy. + ## + replicaCount: 1 + ## @param frontend.service.type The service type to create. + ## @param frontend.service.port The service port to use. + ## + service: + type: ClusterIP + port: 80 + ## @param frontend.ingress.enabled Enable ingress record generation for Penpot frontend. + ## @param frontend.ingress.annotations Mapped annotations for the frontend ingress. + ## @param frontend.ingress.hosts Array style hosts for the frontend ingress. + ## @param frontend.ingress.tls Array style TLS secrets for the frontend ingress. + ## + ingress: + enabled: false + ## E.g. + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## kubernetes.io/tls-acme: "true" + ## + annotations: + {} + ## E.g. + ## hosts: + ## - host: penpot-example.local + hosts: [] + ## E.g. + ## - secretName: chart-example-tls + ## hosts: + ## - chart-example.local + tls: [] + ## @param frontend.affinity Affinity for Penpot pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + ## @param frontend.nodeSelector Node labels for Penpot pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param frontend.tolerations Tolerations for Penpot pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## Penpot frontend resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param frontend.resources.limits The resources limits for the Penpot frontend containers + ## @param frontend.resources.requests The requested resources for the Penpot frontend containers + ## + resources: + limits: {} + requests: {} + +## @section Exporter parameters + +## Penpot Exporter +## +exporter: + ## @param exporter.image.repository The Docker repository to pull the image from. + ## @param exporter.image.tag The image tag to use. + ## @param exporter.image.imagePullPolicy The image pull policy to use. + ## + image: + repository: penpotapp/exporter + tag: 1.16.0-beta + imagePullPolicy: IfNotPresent + ## @param exporter.replicaCount The number of replicas to deploy. + ## + replicaCount: 1 + ## @param exporter.service.type The service type to create. + ## @param exporter.service.port The service port to use. + ## + service: + type: ClusterIP + port: 6061 + ## Configure Pods Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param exporter.podSecurityContext.enabled Enabled Penpot pods' security context + ## @param exporter.podSecurityContext.fsGroup Set Penpot pod's security context fsGroup + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param exporter.containerSecurityContext.enabled Enabled Penpot containers' security context + ## @param exporter.containerSecurityContext.runAsUser Set Penpot containers' security context runAsUser + ## @param exporter.containerSecurityContext.allowPrivilegeEscalation Set Penpot containers' security context allowPrivilegeEscalation + ## @param exporter.containerSecurityContext.capabilities.drop Set Penpot containers' security context capabilities to be dropped + ## @param exporter.containerSecurityContext.readOnlyRootFilesystem Set Penpot containers' security context readOnlyRootFilesystem + ## @param exporter.containerSecurityContext.runAsNonRoot Set Penpot container's security context runAsNonRoot + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + allowPrivilegeEscalation: false + capabilities: + drop: + - all + readOnlyRootFilesystem: false + runAsNonRoot: true + ## @param exporter.affinity Affinity for Penpot pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + ## @param exporter.nodeSelector Node labels for Penpot pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param exporter.tolerations Tolerations for Penpot pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## Penpot exporter resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param exporter.resources.limits The resources limits for the Penpot exporter containers + ## @param exporter.resources.requests The requested resources for the Penpot exporter containers + ## + resources: + limits: {} + requests: {} + +## @section Persistence parameters + +## Penpot persistence +## +persistence: + ## @param persistence.enabled Enable persistence using Persistent Volume Claims. + ## + enabled: false + ## @param persistence.storageClass Persistent Volume storage class. + ## If defined, storageClassName: . + ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. + ## + storageClass: "" + ## @param persistence.size Persistent Volume size. + ## + size: 8Gi + ## @param persistence.existingClaim The name of an existing PVC to use for persistence. + ## + existingClaim: "" + ## @param persistence.accessModes Persistent Volume access modes. + ## + accessModes: + - ReadWriteOnce + ## @param persistence.annotations Persistent Volume Claim annotations. + ## + annotations: {} + +## @section Configuration parameters + +## Penpot configuration +## +config: + ## @param config.publicURI The public domain to serve Penpot on. Set `disable-secure-session-cookies` in the flags if you plan on serving it on a non HTTPS domain. + ## @param config.flags The feature flags to enable. Check [the official docs](https://help.penpot.app/technical-guide/configuration/) for more info. + ## @param config.apiSecretKey A random secret key needed for persistent user sessions. Generate with `openssl rand -hex 16` for example. + ## + publicURI: "http://localhost:8080" + flags: "enable-registration enable-login disable-demo-users disable-demo-warning" + apiSecretKey: "b46a12cb4bedc6b9df8cb3f18c708b65" + ## @param config.postgresql.host The PostgreSQL host to connect to. + ## @param config.postgresql.port The PostgreSQL host port to use. + ## @param config.postgresql.database The PostgreSQL database to use. + ## @param config.postgresql.username The database username to use. + ## @param config.postgresql.password The database username to use. + ## @param config.postgresql.existingSecret The name of an existing secret. + ## @param config.postgresql.secretKeys.usernameKey The username key to use from an existing secret. + ## @param config.postgresql.secretKeys.passwordKey The password key to use from an existing secret. + ## + postgresql: + host: "postgresql.penpot.svc.cluster.local" + port: 5432 + username: "" + password: "" + database: "" + existingSecret: "" + secretKeys: + usernameKey: "" + passwordKey: "" + ## @param config.redis.host The Redis host to connect to. + ## @param config.redis.port The Redis host port to use. + ## @param config.redis.database The Redis database to connect to. + ## + redis: + host: "redis-headless.penpot.svc.cluster.local" + port: 6379 + database: "0" + ## @param config.assets.storageBackend The storage backend for assets to use. Use `assets-fs` for filesystem, and `assets-s3` for S3. + ## @param config.assets.filesystem.directory The storage directory to use if you chose the filesystem storage backend. + ## @param config.assets.s3.accessKeyID The S3 access key ID to use if you chose the S3 storage backend. + ## @param config.assets.s3.secretAccessKey The S3 secret access key to use if you chose the S3 storage backend. + ## @param config.assets.s3.region The S3 region to use if you chose the S3 storage backend. + ## @param config.assets.s3.bucket The name of the S3 bucket to use if you chose the S3 storage backend. + ## @param config.assets.s3.endpointURI The S3 endpoint URI to use if you chose the S3 storage backend. + ## @param config.assets.s3.existingSecret The name of an existing secret. + ## @param config.assets.s3.secretKeys.accessKeyIDKey The S3 access key ID to use from an existing secret. + ## @param config.assets.s3.secretKeys.secretAccessKey The S3 secret access key to use from an existing secret. + ## @param config.assets.s3.secretKeys.endpointURIKey The S3 endpoint URI to use from an existing secret. + ## + assets: + storageBackend: "assets-fs" + filesystem: + directory: "/opt/data/assets" + s3: + accessKeyID: "" + secretAccessKey: "" + region: "" + bucket: "" + endpointURI: "" + existingSecret: "" + secretKeys: + accessKeyIDKey: "" + secretAccessKey: "" + endpointURIKey: "" + ## @param config.telemetryEnabled Whether to enable sending of anonymous telemetry data. + ## + telemetryEnabled: true + ## @param config.smtp.enabled Whether to enable SMTP configuration. You also need to add the 'enable-smtp' flag to the PENPOT_FLAGS variable. + ## @param config.smtp.defaultFrom The SMTP default email to send from. + ## @param config.smtp.defaultReplyTo The SMTP default email to reply to. + ## @param config.smtp.host The SMTP host to use. + ## @param config.smtp.port The SMTP host port to use. + ## @param config.smtp.username The SMTP username to use. + ## @param config.smtp.password The SMTP password to use. + ## @param config.smtp.tls Whether to use TLS for the SMTP connection. + ## @param config.smtp.ssl Whether to use SSL for the SMTP connection. + ## @param config.smtp.existingSecret The name of an existing secret. + ## @param config.smtp.secretKeys.usernameKey The SMTP username to use from an existing secret. + ## @param config.smtp.secretKeys.passwordKey The SMTP password to use from an existing secret. + ## + smtp: + enabled: false + defaultFrom: "" + defaultReplyTo: "" + host: "" + port: "" + username: "" + password: "" + tls: true + ssl: false + existingSecret: "" + secretKeys: + usernameKey: "" + passwordKey: "" + ## @param config.registrationDomainWhitelist Comma separated list of allowed domains to register. Empty to allow all domains. + ## + registrationDomainWhitelist: "" + ## Penpot Authentication providers parameters + ## + providers: + ## @param config.providers.google.enabled Whether to enable Google configuration. To enable Google auth, add `enable-login-with-google` to the flags. + ## @param config.providers.google.clientID The Google client ID to use. To enable Google auth, add `enable-login-with-google` to the flags. + ## @param config.providers.google.clientSecret The Google client secret to use. To enable Google auth, add `enable-login-with-google` to the flags. + ## + google: + enabled: false + clientID: "" + clientSecret: "" + ## @param config.providers.github.enabled Whether to enable GitHub configuration. To enable GitHub auth, also add `enable-login-with-github` to the flags. + ## @param config.providers.github.clientID The GitHub client ID to use. + ## @param config.providers.github.clientSecret The GitHub client secret to use. + ## + github: + enabled: false + clientID: "" + clientSecret: "" + ## @param config.providers.gitlab.enabled Whether to enable GitLab configuration. To enable GitLab auth, also add `enable-login-with-gitlab` to the flags. + ## @param config.providers.gitlab.baseURI The GitLab base URI to use. + ## @param config.providers.gitlab.clientID The GitLab client ID to use. + ## @param config.providers.gitlab.clientSecret The GitLab client secret to use. + ## + gitlab: + enabled: false + baseURI: "https://gitlab.com" + clientID: "" + clientSecret: "" + ## @param config.providers.oidc.enabled Whether to enable OIDC configuration. To enable OpenID Connect auth, also add `enable-login-with-oidc` to the flags. + ## @param config.providers.oidc.baseURI The OpenID Connect base URI to use. + ## @param config.providers.oidc.clientID The OpenID Connect client ID to use. + ## @param config.providers.oidc.clientSecret The OpenID Connect client secret to use. + ## @param config.providers.oidc.authURI Optional OpenID Connect auth URI to use. Auto discovered if not provided. + ## @param config.providers.oidc.tokenURI Optional OpenID Connect token URI to use. Auto discovered if not provided. + ## @param config.providers.oidc.userURI Optional OpenID Connect user URI to use. Auto discovered if not provided. + ## @param config.providers.oidc.roles Optional OpenID Connect roles to use. If no role is provided, roles checking disabled. + ## @param config.providers.oidc.rolesAttribute Optional OpenID Connect roles attribute to use. If not provided, the roles checking will be disabled. + ## @param config.providers.oidc.scopes Optional OpenID Connect scopes to use. This settings allow overwrite the required scopes, use with caution because penpot requres at least `name` and `email` attrs found on the user info. Optional, defaults to `openid profile`. + ## @param config.providers.oidc.nameAttribute Optional OpenID Connect name attribute to use. If not provided, the `name` prop will be used. + ## @param config.providers.oidc.emailAttribute Optional OpenID Connect email attribute to use. If not provided, the `email` prop will be used. + ## + oidc: + enabled: false + baseURI: "" + clientID: "" + clientSecret: "" + authURI: "" + tokenURI: "" + userURI: "" + roles: "role1 role2" + rolesAttribute: "" + scopes: "scope1 scope2" + nameAttribute: "" + emailAttribute: "" + ## @param config.providers.ldap.enabled Whether to enable LDAP configuration. To enable LDAP, also add `enable-login-with-ldap` to the flags. + ## @param config.providers.ldap.host The LDAP host to use. + ## @param config.providers.ldap.port The LDAP port to use. + ## @param config.providers.ldap.ssl Whether to use SSL for the LDAP connection. + ## @param config.providers.ldap.startTLS Whether to utilize StartTLS for the LDAP connection. + ## @param config.providers.ldap.baseDN The LDAP base DN to use. + ## @param config.providers.ldap.bindDN The LDAP bind DN to use. + ## @param config.providers.ldap.bindPassword The LDAP bind password to use. + ## @param config.providers.ldap.attributesUsername The LDAP attributes username to use. + ## @param config.providers.ldap.attributesEmail The LDAP attributes email to use. + ## @param config.providers.ldap.attributesFullname The LDAP attributes fullname to use. + ## @param config.providers.ldap.attributesPhoto The LDAP attributes photo format to use. + ## + ldap: + enabled: false + host: "ldap" + port: 10389 + ssl: false + startTLS: false + baseDN: "ou=people,dc=planetexpress,dc=com" + bindDN: "cn=admin,dc=planetexpress,dc=com" + bindPassword: "GoodNewsEveryone" + attributesUsername: "uid" + attributesEmail: "mail" + attributesFullname: "cn" + attributesPhoto: "jpegPhoto" + ## @param config.providers.existingSecret The name of an existing secret to use. + ## @param config.providers.secretKeys.googleClientIDKey The Google client ID key to use from an existing secret. + ## @param config.providers.secretKeys.googleClientSecretKey The Google client secret key to use from an existing secret. + ## @param config.providers.secretKeys.githubClientIDKey The GitHub client ID key to use from an existing secret. + ## @param config.providers.secretKeys.githubClientSecretKey The GitHub client secret key to use from an existing secret. + ## @param config.providers.secretKeys.gitlabClientIDKey The GitLab client ID key to use from an existing secret. + ## @param config.providers.secretKeys.gitlabClientSecretKey The GitLab client secret key to use from an existing secret. + ## @param config.providers.secretKeys.oidcClientIDKey The OpenID Connect client ID key to use from an existing secret. + ## @param config.providers.secretKeys.oidcClientSecretKey The OpenID Connect client secret key to use from an existing secret. + ## + existingSecret: "" + secretKeys: + googleClientIDKey: "" + googleClientSecretKey: "" + githubClientIDKey: "" + githubClientSecretKey: "" + gitlabClientIDKey: "" + gitlabClientSecretKey: "" + oidcClientIDKey: "" + oidcClientSecretKey: "" + + +frontend: + image: + pullPolicy: IfNotPresent + repository: ghcr.io/tokens-studio/tokens-studio-for-penpot + tag: latest + ingress: + enabled: true + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + networking.gke.io/v1beta1.FrontendConfig: default-frontend-config + +config: + publicURI: https://penpot.tokens.studio + redis: + host: penpot-redis-master.penpot.svc.cluster.local + postgresql: + host: penpot-db-rw + database: penpot + existingSecret: db-penpot-secrets + secretKeys: + usernameKey: username + passwordKey: password \ No newline at end of file diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml new file mode 100644 index 000000000..fdbaa0c15 --- /dev/null +++ b/.github/workflows/pr.yaml @@ -0,0 +1,69 @@ +name: Publish docker image + +on: + pull_request: + branches: + - "*" + +jobs: + build: + runs-on: ubuntu-latest + strategy: + matrix: + include: + - dockerfile: Dockerfile.frontend + type: frontend + permissions: + contents: read + packages: write + steps: + - uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GHCR_TOKEN }} + + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + tags: | + type=sha,format=long,prefix=${{matrix.type}}- + images: | + ghcr.io/tokens-studio/tokens-studio-for-penpot + - name: prebuild + run: | + echo "Building ${{ matrix.type }} image" + ./manage.sh build-${{matrix.type}}-bundle + mv ./bundles/${{matrix.type}} ./docker/images/bundle-${{matrix.type}}/ + + - name: Publish Docker images + uses: docker/build-push-action@v5 + with: + context: ./docker/images + file: ./docker/images/${{ matrix.dockerfile }} + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + + deploy: + runs-on: ubuntu-latest + needs: + - "build" + steps: + - uses: actions/checkout@v4 + - name: 🍍 Deploy with Gimlet + uses: gimlet-io/gimlet-artifact-shipper-action@v0.8.3 + env: + GIMLET_SERVER: ${{ secrets.GIMLET_SERVER }} + GIMLET_TOKEN: ${{ secrets.GIMLET_TOKEN }} \ No newline at end of file From f9e1a6563139ae6286eab3fd031b0b18d9eb9bb0 Mon Sep 17 00:00:00 2001 From: SorsOps <80043879+sorsOps@users.noreply.github.com> Date: Thu, 23 May 2024 15:23:27 +0200 Subject: [PATCH 2/3] Trigger cleanup as well --- .gimlet/{.penpot-pr.yaml => penpot-pr.yaml} | 0 .github/workflows/cleanup.yaml | 17 +++++++++++++++++ 2 files changed, 17 insertions(+) rename .gimlet/{.penpot-pr.yaml => penpot-pr.yaml} (100%) create mode 100644 .github/workflows/cleanup.yaml diff --git a/.gimlet/.penpot-pr.yaml b/.gimlet/penpot-pr.yaml similarity index 100% rename from .gimlet/.penpot-pr.yaml rename to .gimlet/penpot-pr.yaml diff --git a/.github/workflows/cleanup.yaml b/.github/workflows/cleanup.yaml new file mode 100644 index 000000000..77facd090 --- /dev/null +++ b/.github/workflows/cleanup.yaml @@ -0,0 +1,17 @@ +name: Cleanup branches + +on: + delete: + branches: + - "*" + +jobs: + trigger: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: 🍍 Deploy with Gimlet + uses: gimlet-io/gimlet-artifact-shipper-action@v0.8.3 + env: + GIMLET_SERVER: ${{ secrets.GIMLET_SERVER }} + GIMLET_TOKEN: ${{ secrets.GIMLET_TOKEN }} \ No newline at end of file From 84ad8a6be68c27a8eb971e70382dfa2ac0b98f7d Mon Sep 17 00:00:00 2001 From: SorsOps <80043879+sorsOps@users.noreply.github.com> Date: Thu, 23 May 2024 15:39:21 +0200 Subject: [PATCH 3/3] Escape interpolation --- .gimlet/penpot-pr.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gimlet/penpot-pr.yaml b/.gimlet/penpot-pr.yaml index 64e7d2fb0..e53344369 100644 --- a/.gimlet/penpot-pr.yaml +++ b/.gimlet/penpot-pr.yaml @@ -9,7 +9,7 @@ cleanup: chart: name: https://github.com/tokens-studio/tokens-studio-for-penpot.git?branch={{ .BRANCH }}&path=/.gimlet/k8s/preview-frontend/ values: - namespace: {{ .BRANCH | sanitizeDNSName }} + namespace: "{{ .BRANCH | sanitizeDNSName }}" frontend: image: pullPolicy: IfNotPresent