1  # Copyright 2024 Defense Unicorns
  2  # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
  3  
  4  variables:
  5    - name: BASE_REPO
  6      default: "ghcr.io/defenseunicorns/packages"
  7    - name: FLAVOR
  8      default: "upstream"
  9    - name: SNAPSHOT
 10      description: Whether this is a snapshot release
 11      default: "false"
 12  
 13  tasks:
 14    - name: determine-repo
 15      actions:
 16        - description: "Determine repository for the given flavor/type of release"
 17          cmd: |
 18            repo="${BASE_REPO}"
 19            # unicorn flavor = private repository
 20            if [ "${FLAVOR}" = "unicorn" ]; then
 21              repo="${repo}/private"
 22            fi
 23            repo="${repo}/uds"
 24            # snapshots = snapshot repository
 25            if [ "${SNAPSHOT}" = "true" ]; then
 26              repo="${repo}/snapshots"
 27            fi
 28            echo "${repo}"
 29          mute: true
 30          setVariables:
 31            - name: TARGET_REPO
 32  
 33    - name: aks-coredns-setup
 34      actions:
 35        - description: Setup Custom ConfigMap for Core DNS
 36          cmd: |
 37            uds zarf tools kubectl apply -f - <<EOF
 38            apiVersion: v1
 39            data:
 40              uds.override: |
 41                rewrite stop {
 42                  name regex (.*\.admin\.uds\.dev) admin-ingressgateway.istio-admin-gateway.svc.cluster.local answer auto
 43                }
 44                rewrite stop {
 45                  name regex (.*\.uds\.dev) tenant-ingressgateway.istio-tenant-gateway.svc.cluster.local answer auto
 46                }
 47            kind: ConfigMap
 48            metadata:
 49              name: coredns-custom
 50              namespace: kube-system
 51            EOF
 52            uds zarf tools kubectl -n kube-system rollout restart deployment coredns
 53  
 54    - name: eks-storageclass-setup
 55      actions:
 56        - description: Setup GP3 Storage Class
 57          cmd: |
 58            uds zarf tools kubectl apply -f - <<EOF
 59              apiVersion: storage.k8s.io/v1
 60              kind: StorageClass
 61              metadata:
 62                name: gp3
 63                annotations:
 64                  storageclass.kubernetes.io/is-default-class: "true"
 65              provisioner: ebs.csi.aws.com
 66              allowVolumeExpansion: true
 67              reclaimPolicy: Delete
 68              volumeBindingMode: WaitForFirstConsumer
 69              parameters:
 70                encrypted: "true"
 71                fsType: ext4
 72                type: gp3
 73            EOF
 74  
 75    - name: admin-gw-ip
 76      actions:
 77        - description: Fetch Admin Gateway IP Address
 78          cmd: |
 79            IP_ADDR=$(uds zarf tools kubectl get service -n istio-admin-gateway admin-ingressgateway -o=jsonpath='{.status.loadBalancer.ingress[0].ip}' 2>/dev/null)
 80            if [ -z $IP_ADDR ]; then
 81              HOSTNAME=$(uds zarf tools kubectl get service -n istio-admin-gateway admin-ingressgateway -o=jsonpath='{.status.loadBalancer.ingress[0].hostname}' 2>/dev/null)
 82              IP_ADDR=$(dig +short $HOSTNAME | head -n1)
 83            fi; echo $IP_ADDR
 84          mute: true
 85          setVariables:
 86            - name: ADMIN_GW_IP
 87  
 88    - name: tenant-gw-ip
 89      actions:
 90        - description: Fetch Tenant Gateway IP Address
 91          cmd: |
 92            IP_ADDR=$(uds zarf tools kubectl get service -n istio-tenant-gateway tenant-ingressgateway -o=jsonpath='{.status.loadBalancer.ingress[0].ip}' 2>/dev/null)
 93            if [ -z $IP_ADDR ]; then
 94              HOSTNAME=$(uds zarf tools kubectl get service -n istio-tenant-gateway tenant-ingressgateway -o=jsonpath='{.status.loadBalancer.ingress[0].hostname}' 2>/dev/null)
 95              IP_ADDR=$(dig +short $HOSTNAME | head -n1)
 96            fi; echo $IP_ADDR
 97          mute: true
 98          setVariables:
 99            - name: TENANT_GW_IP
100  
101    - name: setup-hosts
102      actions:
103        - task: admin-gw-ip
104        - task: tenant-gw-ip
105        - description: Adds Cluster LoadBalancer IP Addresses to match appropriate hosts names in /etc/hosts
106          mute: true
107          cmd: |
108            echo "$ADMIN_GW_IP keycloak.admin.uds.dev grafana.admin.uds.dev demo.admin.uds.dev\n$TENANT_GW_IP sso.uds.dev demo-8080.uds.dev demo-8081.uds.dev protected.uds.dev ambient-protected.uds.dev ambient2-protected.uds.dev podinfo.uds.dev" | sudo tee -a /etc/hosts
109  
110    - name: rename-flavored-packages
111      description: "Rename flavored package files by removing the flavor suffix"
112      actions:
113        - description: Rename flavored package files
114          cmd: |
115            for FLAVORED_PACKAGE in $(find build/ -maxdepth 1 -name "zarf-package-*${FLAVOR}.tar.zst" 2>/dev/null || echo ""); do
116              BASE_NAME=$(echo "${FLAVORED_PACKAGE}" | sed "s/-${FLAVOR}\.tar\.zst/.tar.zst/")
117              mv -v "${FLAVORED_PACKAGE}" "${BASE_NAME}"
118            done
119  
120    - name: check-multiarch-images
121      description: "Script to check if/what Unicorn and Registry1 images are missing from registry."
122      actions:
123        - description: Check Unicorn and Registry1 Multi-Arch images
124          cmd: ./scripts/check-multiarch.sh