wn/universal-data-ingest
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

prepare additional deployment
All checks were successful
ci/woodpecker/tag/woodpecker Pipeline was successful
Details

Browse Source
This commit is contained in:
Wolfgang Hottgenroth
2026-03-04 11:07:31 +01:00
parent 6ef80f8438
commit 691ebdeadd
11 changed files with 5 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
.woodpecker.yml
View File

@@ -12,40 +12,6 @@ steps:
- go build -a -installsuffix nocgo -o udi main.go - go build -a -installsuffix nocgo -o udi main.go
- cp udi ../.. - cp udi ../..
scan:
image: quay.io/wollud1969/woodpecker-helper:0.5.1
environment:
TRIVY_TOKEN:
from_secret: trivy_token
TRIVY_URL:
from_secret: trivy_url
DTRACK_API_KEY:
from_secret: dtrack_api_key
DTRACK_API_URL:
from_secret: dtrack_api_url
commands:
- export GOPATH=/woodpecker/go # the export is required, otherwise trivy will not consider the variable
- HOME=/home/`id -nu`
- TAG="${CI_COMMIT_TAG:-$CI_COMMIT_SHA}"
- |
trivy fs \
--server $TRIVY_URL \
--token $TRIVY_TOKEN \
--format cyclonedx \
--scanners license \
--output /tmp/sbom.xml \
.
- cat /tmp/sbom.xml
- |
curl -X "POST" \
-H "Content-Type: multipart/form-data" \
-H "X-Api-Key: $DTRACK_API_KEY" \
-F "autoCreate=true" \
-F "projectName=$CI_REPO" \
-F "projectVersion=$TAG" \
-F "bom=@/tmp/sbom.xml"\
"$DTRACK_API_URL/api/v1/bom"
dockerize: dockerize:
image: plugins/kaniko image: plugins/kaniko
settings: settings:

44
deployment/decrypt-secrets.sh
View File

@@ -1,44 +0,0 @@
#!/bin/bash
if [ "$ENCRYPTION_KEY" = "" ]; then
echo "ENCRYPTION_KEY not set"
exit 1
fi
if [ "$MD5_CHECKSUM" = "" ]; then
echo "No checksum given"
exit 1
fi
SECRETS_CIPHERTEXT_FILE=secrets.enc
SECRETS_PLAINTEXT_FILE=/tmp/secrets
TMP_FILE=`mktemp`
POD_NAME_SUFFIX=`date +%s`
cat $SECRETS_CIPHERTEXT_FILE | \
kubectl run openssl-$POD_NAME_SUFFIX \
--rm \
--image bitnami/debian-base-buildpack:latest \
--env KEY=$ENCRYPTION_KEY \
-i \
-q \
-- \
/bin/sh -c "openssl enc -aes-256-cbc -salt -pass env:KEY -a -d" > \
$TMP_FILE
if [ `uname` = "Darwin" ]; then
CALCULATED_CHECKSUM=`cat $TMP_FILE | md5`
elif [ `uname` = "Linux" ]; then
CALCULATED_CHECKSUM=`cat $TMP_FILE | md5sum - | awk '{print $1}'`
fi
if [ "$MD5_CHECKSUM" != "$CALCULATED_CHECKSUM" ]; then
echo "Invalid checksum"
exit 1
fi
#cat $TMP_FILE
mv $TMP_FILE $SECRETS_PLAINTEXT_FILE

0
deployment/instances/udi-berresheim/default/config.json → deployment/disabled-instances/udi-berresheim/default/config.json
View File

0
deployment/instances/udi-pg/default/config.json → deployment/disabled-instances/udi-pg/default/config.json
View File

0
deployment/instances/udi-saerbeck/default/config.json → deployment/disabled-instances/udi-saerbeck/default/config.json
View File

0
deployment/instances/udi-saerbeck/level/config.json → deployment/disabled-instances/udi-saerbeck/level/config.json
View File

0
deployment/instances/udi-saerbeck/soil/config.json → deployment/disabled-instances/udi-saerbeck/soil/config.json
View File

0
deployment/instances/udi/soil/config.json → deployment/disabled-instances/udi-soil/config.json
View File

27
deployment/encrypt-secrets.sh
View File

@@ -1,27 +0,0 @@
#!/bin/bash
ENCRYPTION_KEY=`openssl rand -hex 32`
echo $ENCRYPTION_KEY
SECRETS_PLAINTEXT_FILE=secrets.txt
SECRETS_CIPHERTEXT_FILE=secrets.enc
if [ `uname` = "Darwin" ]; then
cat $SECRETS_PLAINTEXT_FILE | md5
elif [ `uname` = "Linux" ]; then
cat $SECRETS_PLAINTEXT_FILE | md5sum - | awk '{print $1}'
fi
POD_NAME_SUFFIX=`date +%s`
cat $SECRETS_PLAINTEXT_FILE | \
kubectl run openssl-$POD_NAME_SUFFIX \
--rm \
--image bitnami/debian-base-buildpack:latest \
--env KEY=$ENCRYPTION_KEY \
-i \
-q \
-- \
/bin/sh -c "openssl enc -aes-256-cbc -salt -pass env:KEY -a" > \
$SECRETS_CIPHERTEXT_FILE

2
deployment/instances/udi/default/config.json → deployment/instances/udi-influx/default/config.json
View File

@@ -1,6 +1,6 @@
{ {
"mqtt": { "mqtt": {
"broker": "mqtt://emqx01-anonymous-cluster-internal.broker.svc.cluster.local:1883", "broker": "mqtt://mosquitto-broker-mqtt-anon-cluster.mosquitto.svc.cluster.local:1883",
"tlsEnable": "false" "tlsEnable": "false"
}, },
"topicMappings": [ "topicMappings": [

21
deployment/secrets.asc
View File

@@ -1,20 +1,7 @@
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
jA0ECQMIetkwUzO5q5z+0ukB9IS9Z6rRbXzGHS4dOfwLMbyx2auDu7PYaAgHLHkI jA0ECQMIOpibMyX5/pH90mMBMdpIUJC/lR3BeUddyWJjwixQcePZIAQ/QEV6VO71
25aul+Q2RMUc1WtWgtyIPyVrq84ctjx4AmnXU3Gbsqte6QJIk0RX8w886gTI+NeF 2cleQWnw8Ll5/bKtDv94UMLDZy86YdcNyeUXDP5cYPrGAFqWLaBmkLbpAJf7LRtb
RJahlDNeL9LLltQInkFPDXgLC0u/8a+az0aVZUnfAHVhcYkkgQ0JZasc0VQjLqHV nckgwR1+++GPvn5vNYcqGt92pB0=
dQ3sHmGj1sUC712AujE1f+T5J9CImBdK4r4sZeFq0c3km7hIpOJNkg8LX+0fj9Un =xy3G
/LPPg0Qjq15dnb44UB6g+gsCUCJqTylGAMH4HLvsgRLbs4T4Za0O9lUKZ7UzuvlZ
MnbJLIyJt2zxBVQ6NeuchvTmb8Ppkrk2qrO2mXC4hB0YyGtmT3Dy178pNdy7mYR6
zLPx7wO+x4MOJOY8uzclHLucAfBhLTgTFCrje+268e99bXuFhAXOA2zqYSyhBI5M
XnHUr14XsTACy8CwZRoIpvy9Roe0N3pJq/kdkx/zJ3ieBUWazR5HYFtBeixcELHa
EIH9vZCqGi4NfatsZGYyGofVQhV9TnV5yyAruBDsdb0JIYIz1rznzW4megwR6O0K
I7W4cTtzT6XdUZQGyWHZO+FSEQ3zoFxLPWeVWj4MJSj0qvd/G2Z07tAw8MJueGRK
DsQJOwhrZVH79zuQE+zF+TR3K7A9O3pq0C618gXzXYnVIRoxYqAGo5RyPGlswxRS
3sAf8spYQ3iSvo2whpRJ1c7ytmGKPbA3+4YXmJLemCCxiJK3yNJya6xg/hVTeJlL
w76+IPGx+VwfURNt+JDf3Xfq2pnppDjW59a69FMraiWCovSl6cUGHr9X+mgQ+C39
7OUhKLHQP4s+Yeak5St8/MKKG57bC1k4j07sh9pCXiAPPST3gVhSDmAGPGUDdISd
ieOw/ofwzATB+qgEyhPWcRcR/RU0fYwz2q0AxdI6brLgxgGPO6gvQiulY0+MKtuZ
kYUnBJiOQ4PBqnPDhtUjGvjT8YAbadWj+pH44bCGd7Q0Kg==
=KCiQ
-----END PGP MESSAGE----- -----END PGP MESSAGE-----