Compare commits
11 Commits
a9b3cd1961
...
87acad814d
| Author | SHA1 | Date | |
|---|---|---|---|
| 87acad814d | |||
| e8ec5eff63 | |||
| 23d3a00fe0 | |||
| 1684839e60 | |||
| 640ef34fc3 | |||
| a3c65cab2b | |||
| 5e3939549d | |||
| fa2e7dfcf0 | |||
| 0fd61d86b8 | |||
| 735b0dac22 | |||
| 82dbf67b72 |
@ -46,7 +46,7 @@ test:: ## test built artificats
|
||||
|
||||
scan: ## Scan image using trivy
|
||||
echo "Scanning $(IMAGE):$(TAG)-$(_ARCH) using Trivy $(TRIVY_REMOTE)"
|
||||
trivy image $(TRIVY_OPTS) --quiet --no-progress localhost/$(IMAGE):$(TAG)-$(_ARCH)
|
||||
trivy image $(TRIVY_OPTS) --quiet --no-progress --ignorefile ./.trivyignore.yaml localhost/$(IMAGE):$(TAG)-$(_ARCH)
|
||||
|
||||
# first tag and push all actual images
|
||||
# create new manifest for each tag and add all available TAG-ARCH before pushing
|
||||
@ -73,8 +73,10 @@ rm-remote-untagged: ## delete all remote untagged and in-dev images, keep 10 tag
|
||||
clean:: ## clean up source folder
|
||||
|
||||
rm-image:
|
||||
test -z "$$(podman image ls -q $(IMAGE):$(TAG)-$(_ARCH))" || podman image rm -f $(IMAGE):$(TAG)-$(_ARCH) > /dev/null
|
||||
test -z "$$(podman image ls -q $(IMAGE):$(TAG)-$(_ARCH))" || echo "Error: Removing image failed"
|
||||
for t in $(TAG) latest $(EXTRA_TAGS); do \
|
||||
test -z "$$(podman image ls -q $(IMAGE):$${t}-$(_ARCH))" || podman image rm -f $(IMAGE):$${t}-$(_ARCH); \
|
||||
test -z "$$(podman image ls -q $(IMAGE):$${t})" || podman image rm -f $(IMAGE):$${t}; \
|
||||
done
|
||||
|
||||
## some useful tasks during development
|
||||
ci-pull-upstream: ## pull latest shared .ci subtree
|
||||
|
||||
12
Dockerfile
12
Dockerfile
@ -1,9 +1,9 @@
|
||||
ARG ARGOCD_VERSION="v2.11.0"
|
||||
FROM argoproj/argocd:$ARGOCD_VERSION
|
||||
ARG ARGOCD_VERSION="v2.12.4"
|
||||
FROM quay.io/argoproj/argocd:$ARGOCD_VERSION
|
||||
|
||||
ARG SOPS_VERSION="3.8.1"
|
||||
ARG VALS_VERSION="0.37.1"
|
||||
ARG HELM_SECRETS_VERSION="4.6.0"
|
||||
ARG SOPS_VERSION="3.9.1"
|
||||
ARG VALS_VERSION="0.37.6"
|
||||
ARG HELM_SECRETS_VERSION="4.6.2"
|
||||
ARG ARGOCD_USER_ID="999"
|
||||
# vals or sops
|
||||
ENV HELM_SECRETS_BACKEND="vals" \
|
||||
@ -41,4 +41,4 @@ ADD sa2kubeconfig.sh /usr/local/bin/sa2kubeconfig.sh
|
||||
USER ${ARGOCD_USER_ID}
|
||||
|
||||
RUN helm plugin install --version ${HELM_SECRETS_VERSION} https://github.com/jkroepke/helm-secrets
|
||||
RUN sed -i -e 's/secrets/secrets --evaluate-templates/' "$(helm env HELM_PLUGINS)/helm-secrets/scripts/wrapper/helm.sh"
|
||||
RUN mkdir -p /home/argocd/.kube && sed -i -e 's/secrets/secrets --evaluate-templates/' "$(helm env HELM_PLUGINS)/helm-secrets/scripts/wrapper/helm.sh"
|
||||
|
||||
10
renovate.json
Normal file
10
renovate.json
Normal file
@ -0,0 +1,10 @@
|
||||
{
|
||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||
"extends": [
|
||||
"config:recommended",
|
||||
":label(renovate)",
|
||||
":semanticCommits",
|
||||
"group:allNonMajor"
|
||||
],
|
||||
"prHourlyLimit": 0
|
||||
}
|
||||
@ -1,11 +1,12 @@
|
||||
#!/bin/sh -e
|
||||
|
||||
SA_NAME=argocd-repo-server
|
||||
KUBECONFIG=$1
|
||||
SA_NAME=argo-argocd-repo-server
|
||||
|
||||
CA64=$(cat /run/secrets/kubernetes.io/serviceaccount/ca.crt | base64 -w0)
|
||||
TOKEN=$(cat /run/secrets/kubernetes.io/serviceaccount/token)
|
||||
|
||||
cat << EOF
|
||||
cat > $KUBECONFIG << EOF
|
||||
apiVersion: v1
|
||||
kind: Config
|
||||
clusters:
|
||||
@ -24,3 +25,5 @@ contexts:
|
||||
user: $SA_NAME
|
||||
current-context: ${SA_NAME}_context
|
||||
EOF
|
||||
|
||||
chmod 600 $KUBECONFIG
|
||||
|
||||
Loading…
Reference in New Issue
Block a user