gerrit: add ref-updated hook to poke forgejo
This has been deployed already.
Technically depends on I26531818a395de2a8bb6054d2583881fd1d5b806 as this
has been deployed on top of that.
Change-Id: I1b8d453d04f3a9a5435ae0dd6575f82d9ca10db7
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1681
Reviewed-by: informatic <informatic@hackerspace.pl>
diff --git a/devtools/gerrit/entrypoint.sh b/devtools/gerrit/entrypoint.sh
index f303263..fe903a0 100755
--- a/devtools/gerrit/entrypoint.sh
+++ b/devtools/gerrit/entrypoint.sh
@@ -18,6 +18,8 @@
cp /var/gerrit-secure/secure.config /var/gerrit/etc/secure.config
cp /var/gerrit-plugins/* /var/gerrit/plugins/
+mkdir -p /var/gerrit/hooks/
+cp /var/gerrit-hooks/* /var/gerrit/hooks/
mkdir -p /var/gerrit/static
cp -r /var/gerrit-theme/*png /var/gerrit/static/
diff --git a/devtools/gerrit/hooks/ref-updated b/devtools/gerrit/hooks/ref-updated
new file mode 100755
index 0000000..943aec8
--- /dev/null
+++ b/devtools/gerrit/hooks/ref-updated
@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+set -e
+
+# This will be ran by Gerrit any time a new Git commit is pushed, and will make
+# Forgejo pull our changes.
+
+if [ -z "$FORGEJO_TOKEN" ]; then
+ echo "FORGEJO_TOKEN must be set" > /dev/stderr
+ exit 1
+fi
+
+# The gerrit image has no curl. But where we're going, we don't need curl.
+auth="$(echo -ne "gerrit:$FORGEJO_TOKEN" | base64)"
+openssl s_client -quiet -crlf -connect git.hackerspace.pl:443 <<EOF
+POST /api/v1/repos/hswaw/hscloud/mirror-sync HTTP/1.1
+Host: git.hackerspace.pl
+Authorization: Basic $auth
+Content-length: 0
+Connection: Close
+
+EOF
diff --git a/devtools/gerrit/kube/gerrit.libsonnet b/devtools/gerrit/kube/gerrit.libsonnet
index 35b4cc5..b5850a5 100644
--- a/devtools/gerrit/kube/gerrit.libsonnet
+++ b/devtools/gerrit/kube/gerrit.libsonnet
@@ -38,7 +38,7 @@
address: "gerrit@hackerspace.pl",
},
- tag: "3.3.2-r4",
+ tag: "3.7.5-r7",
image: "registry.k0.hswaw.net/q3k/gerrit:" + cfg.tag,
resources: {
requests: {
@@ -159,6 +159,12 @@
// SecureSecret gets mounted here
secure: { mountPath: "/var/gerrit-secure" },
},
+ keys: kube.Secret(gerrit.name("keys")) {
+ metadata+: gerrit.metadata("deployment"),
+ //data_: {
+ // FORGEJO_TOKEN: "fill me when deploying, TODO(q3k): god damn secrets",
+ //},
+ },
deployment: kube.Deployment(gerrit.name("gerrit")) {
metadata+: gerrit.metadata("deployment"),
spec+: {
@@ -182,6 +188,9 @@
http: { containerPort: 8080 },
ssh: { containerPort: 29418 },
},
+ env_: {
+ FORGEJO_TOKEN: { secretKeyRef: { name: gerrit.keys.metadata.name, key: "FORGEJO_TOKEN" }},
+ },
resources: cfg.resources,
volumeMounts_: volumeMounts,