prepare additional deployment

2026-03-04 11:07:31 +01:00
parent 6ef80f8438
commit 691ebdeadd
11 changed files with 5 additions and 123 deletions
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@@ -12,40 +12,6 @@ steps:
      - go build -a -installsuffix nocgo -o udi main.go
      - cp udi ../..

-  scan:
-    image: quay.io/wollud1969/woodpecker-helper:0.5.1
-    environment:
-      TRIVY_TOKEN:
-        from_secret: trivy_token
-      TRIVY_URL:
-        from_secret: trivy_url
-      DTRACK_API_KEY:
-        from_secret: dtrack_api_key
-      DTRACK_API_URL:
-        from_secret: dtrack_api_url
-    commands:
-      - export GOPATH=/woodpecker/go   # the export is required, otherwise trivy will not consider the variable
-      - HOME=/home/`id -nu`
-      - TAG="${CI_COMMIT_TAG:-$CI_COMMIT_SHA}"
-      - |
-        trivy fs \
-              --server $TRIVY_URL \
-              --token $TRIVY_TOKEN \
-              --format cyclonedx \
-              --scanners license \
-              --output /tmp/sbom.xml \
-              .        
-      - cat /tmp/sbom.xml
-      - |
-        curl -X "POST" \
-             -H "Content-Type: multipart/form-data" \
-             -H "X-Api-Key: $DTRACK_API_KEY" \
-             -F "autoCreate=true" \
-             -F "projectName=$CI_REPO" \
-             -F "projectVersion=$TAG" \
-             -F "bom=@/tmp/sbom.xml"\
-             "$DTRACK_API_URL/api/v1/bom"        
-
  dockerize:
    image: plugins/kaniko
    settings:
--- a/deployment/decrypt-secrets.sh
+++ b/deployment/decrypt-secrets.sh
@@ -1,44 +0,0 @@
-#!/bin/bash
-
-if [ "$ENCRYPTION_KEY" = "" ]; then
-  echo "ENCRYPTION_KEY not set"
-  exit 1
-fi
-
-if [ "$MD5_CHECKSUM" = "" ]; then
-  echo "No checksum given"
-  exit 1
-fi
-
-
-SECRETS_CIPHERTEXT_FILE=secrets.enc
-SECRETS_PLAINTEXT_FILE=/tmp/secrets
-TMP_FILE=`mktemp`
-POD_NAME_SUFFIX=`date +%s`
-
-cat $SECRETS_CIPHERTEXT_FILE | \
-  kubectl run openssl-$POD_NAME_SUFFIX \
-    --rm \
-    --image bitnami/debian-base-buildpack:latest \
-    --env KEY=$ENCRYPTION_KEY \
-    -i \
-    -q \
-    -- \
-    /bin/sh -c "openssl enc -aes-256-cbc -salt -pass env:KEY -a -d" > \
-    $TMP_FILE
-
-if [ `uname` = "Darwin" ]; then
-  CALCULATED_CHECKSUM=`cat $TMP_FILE | md5`
-elif [ `uname` = "Linux" ]; then
-  CALCULATED_CHECKSUM=`cat $TMP_FILE | md5sum - | awk '{print $1}'`
-fi
-
-if [ "$MD5_CHECKSUM" != "$CALCULATED_CHECKSUM" ]; then
-  echo "Invalid checksum"
-  exit 1
-fi
-
-#cat $TMP_FILE
-mv $TMP_FILE $SECRETS_PLAINTEXT_FILE
-
-
--- a/deployment/disabled-instances/udi-berresheim/default/config.json
+++ b/deployment/disabled-instances/udi-berresheim/default/config.json
--- a/deployment/disabled-instances/udi-pg/default/config.json
+++ b/deployment/disabled-instances/udi-pg/default/config.json
--- a/deployment/disabled-instances/udi-saerbeck/default/config.json
+++ b/deployment/disabled-instances/udi-saerbeck/default/config.json
--- a/deployment/disabled-instances/udi-saerbeck/level/config.json
+++ b/deployment/disabled-instances/udi-saerbeck/level/config.json
--- a/deployment/disabled-instances/udi-saerbeck/soil/config.json
+++ b/deployment/disabled-instances/udi-saerbeck/soil/config.json
--- a/deployment/disabled-instances/udi-soil/config.json
+++ b/deployment/disabled-instances/udi-soil/config.json
--- a/deployment/encrypt-secrets.sh
+++ b/deployment/encrypt-secrets.sh
@@ -1,27 +0,0 @@
-#!/bin/bash
-
-ENCRYPTION_KEY=`openssl rand -hex 32`
-echo $ENCRYPTION_KEY
-
-SECRETS_PLAINTEXT_FILE=secrets.txt
-SECRETS_CIPHERTEXT_FILE=secrets.enc
-
-if [ `uname` = "Darwin" ]; then
-  cat $SECRETS_PLAINTEXT_FILE | md5
-elif [ `uname` = "Linux" ]; then
-  cat $SECRETS_PLAINTEXT_FILE | md5sum - | awk '{print $1}'
-fi
-
-POD_NAME_SUFFIX=`date +%s`
-
-cat $SECRETS_PLAINTEXT_FILE | \
-  kubectl run openssl-$POD_NAME_SUFFIX \
-    --rm \
-    --image bitnami/debian-base-buildpack:latest \
-    --env KEY=$ENCRYPTION_KEY \
-    -i \
-    -q \
-    -- \
-    /bin/sh -c "openssl enc -aes-256-cbc -salt -pass env:KEY -a" > \
-    $SECRETS_CIPHERTEXT_FILE
-
--- a/deployment/instances/udi-influx/default/config.json
+++ b/deployment/instances/udi-influx/default/config.json
@@ -1,6 +1,6 @@
 {
  "mqtt": {
-    "broker": "mqtt://emqx01-anonymous-cluster-internal.broker.svc.cluster.local:1883",
+    "broker": "mqtt://mosquitto-broker-mqtt-anon-cluster.mosquitto.svc.cluster.local:1883",
    "tlsEnable": "false"
  },
  "topicMappings": [
--- a/deployment/secrets.asc
+++ b/deployment/secrets.asc
@@ -1,20 +1,7 @@
 -----BEGIN PGP MESSAGE-----

-jA0ECQMIetkwUzO5q5z+0ukB9IS9Z6rRbXzGHS4dOfwLMbyx2auDu7PYaAgHLHkI
-25aul+Q2RMUc1WtWgtyIPyVrq84ctjx4AmnXU3Gbsqte6QJIk0RX8w886gTI+NeF
-RJahlDNeL9LLltQInkFPDXgLC0u/8a+az0aVZUnfAHVhcYkkgQ0JZasc0VQjLqHV
-dQ3sHmGj1sUC712AujE1f+T5J9CImBdK4r4sZeFq0c3km7hIpOJNkg8LX+0fj9Un
-/LPPg0Qjq15dnb44UB6g+gsCUCJqTylGAMH4HLvsgRLbs4T4Za0O9lUKZ7UzuvlZ
-MnbJLIyJt2zxBVQ6NeuchvTmb8Ppkrk2qrO2mXC4hB0YyGtmT3Dy178pNdy7mYR6
-zLPx7wO+x4MOJOY8uzclHLucAfBhLTgTFCrje+268e99bXuFhAXOA2zqYSyhBI5M
-XnHUr14XsTACy8CwZRoIpvy9Roe0N3pJq/kdkx/zJ3ieBUWazR5HYFtBeixcELHa
-EIH9vZCqGi4NfatsZGYyGofVQhV9TnV5yyAruBDsdb0JIYIz1rznzW4megwR6O0K
-I7W4cTtzT6XdUZQGyWHZO+FSEQ3zoFxLPWeVWj4MJSj0qvd/G2Z07tAw8MJueGRK
-DsQJOwhrZVH79zuQE+zF+TR3K7A9O3pq0C618gXzXYnVIRoxYqAGo5RyPGlswxRS
-3sAf8spYQ3iSvo2whpRJ1c7ytmGKPbA3+4YXmJLemCCxiJK3yNJya6xg/hVTeJlL
-w76+IPGx+VwfURNt+JDf3Xfq2pnppDjW59a69FMraiWCovSl6cUGHr9X+mgQ+C39
-7OUhKLHQP4s+Yeak5St8/MKKG57bC1k4j07sh9pCXiAPPST3gVhSDmAGPGUDdISd
-ieOw/ofwzATB+qgEyhPWcRcR/RU0fYwz2q0AxdI6brLgxgGPO6gvQiulY0+MKtuZ
-kYUnBJiOQ4PBqnPDhtUjGvjT8YAbadWj+pH44bCGd7Q0Kg==
-=KCiQ
+jA0ECQMIOpibMyX5/pH90mMBMdpIUJC/lR3BeUddyWJjwixQcePZIAQ/QEV6VO71
+2cleQWnw8Ll5/bKtDv94UMLDZy86YdcNyeUXDP5cYPrGAFqWLaBmkLbpAJf7LRtb
+nckgwR1+++GPvn5vNYcqGt92pB0=
+=xy3G
 -----END PGP MESSAGE-----