diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 726a75f2..4c64b59c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -27,7 +27,7 @@ variables: description: "The name of namespaces to deploy to." value: "" CLUSTER: - description: "Define which cluster to use - don't select prototype when you are not explicitly knowing what you are doing!" + description: "Define which cluster to use" value: "develop" options: - "dev" @@ -61,7 +61,7 @@ variables: - "yes" - "no" DEPLOY_UCS: - description: "Enable Univention Corporate Server deployment. Depends on `DEPLOY_KEYCLOAK` and `DEPLOY_VAULT`." + description: "Enable Univention Corporate Server deployment." value: "no" options: - "yes" @@ -79,7 +79,7 @@ variables: - "yes" - "no" DEPLOY_KEYCLOAK: - description: "Enable Keycloak deployment. 'yes' deploys upstream (bitnami) Keycloak, select 'keycloak_univention' to install Univention maintained Keycloak." + description: "Enable Keycloak deployment." value: "no" options: - "yes" @@ -156,14 +156,15 @@ variables: field: "credentials" file: false script: - - cd "${CI_PROJECT_DIR}/helmfile/apps/${COMPONENT}" - # MASTER_PASSWORD_WEB_VAR as precedence for MASTER_PASSWORD + - "cd ${CI_PROJECT_DIR}/helmfile/apps/${COMPONENT}" + # MASTER_PASSWORD_WEB_VAR as precedence for MASTER_PASSWORD - | if ! [ -z "${MASTER_PASSWORD_WEB_VAR}" ]; then export MASTER_PASSWORD="${MASTER_PASSWORD_WEB_VAR}" fi; - - echo "Installing ${COMPONENT} into ${NAMESPACE} namespace as ${HELMFILE_ENVIRONMENT} environment on ${CLUSTER}" - - helmfile --namespace ${NAMESPACE} apply --suppress-diff + - > + echo "Installing ${COMPONENT} into ${NAMESPACE} namespace as ${HELMFILE_ENVIRONMENT} environment on ${CLUSTER}" + - "helmfile --namespace ${NAMESPACE} apply --suppress-diff" tags: - "docker" - "kubernetes" @@ -178,7 +179,10 @@ env-cleanup: action: "stop" needs: [] rules: - - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && $ENV_STOP_BEFORE != "no" + - if: > + $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && + $NAMESPACE =~ /.+/ && + $ENV_STOP_BEFORE != "no" when: "always" script: - "helmfile destroy --namespace ${NAMESPACE}" @@ -193,10 +197,12 @@ env-start: extends: ".deploy-common" image: "${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/alpine/k8s:1.25.6" rules: - - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ + - if: > + $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && + $NAMESPACE =~ /.+/ when: "always" script: - - 'echo "Deploying to Environment ${NAMESPACE} in ${CLUSTER} Cluster"' + - "echo \"Deploying to Environment ${NAMESPACE} in ${CLUSTER} Cluster\"" - "kubectl create namespace ${NAMESPACE} --dry-run=client -o yaml | kubectl apply -f -" - > kubectl create secret @@ -212,8 +218,11 @@ services-deploy: stage: "basic-services-deploy" extends: ".deploy-common" rules: - - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_SERVICES != "no") - when: always + - if: > + $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && + $NAMESPACE =~ /.+/ && + ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_SERVICES != "no") + when: "always" variables: COMPONENT: "services" @@ -221,8 +230,11 @@ ucs-deploy: stage: "component-deploy-stage-1" extends: ".deploy-common" rules: - - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_UCS != "no") - when: always + - if: > + $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && + $NAMESPACE =~ /.+/ && + ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_UCS != "no") + when: "always" variables: COMPONENT: "univention-corporate-container" @@ -230,8 +242,11 @@ provisioning-deploy: stage: "component-deploy-stage-2" extends: ".deploy-common" rules: - - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_UCS != "no" || $DEPLOY_PROVISIONING != "no") - when: always + - if: > + $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && + $NAMESPACE =~ /.+/ && + ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_UCS != "no" || $DEPLOY_PROVISIONING != "no") + when: "always" variables: COMPONENT: "provisioning" @@ -239,18 +254,24 @@ keycloak-deploy: stage: "component-deploy-stage-1" extends: ".deploy-common" rules: - - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_KEYCLOAK != "no") - when: always + - if: > + $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && + $NAMESPACE =~ /.+/ && + ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_KEYCLOAK != "no") + when: "always" variables: COMPONENT: "keycloak" keycloak-bootstrap-deploy: stage: "component-deploy-stage-1" extends: ".deploy-common" - timeout: 30m + timeout: "30m" rules: - - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_KEYCLOAK != "no") - when: always + - if: > + $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && + $NAMESPACE =~ /.+/ && + ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_KEYCLOAK != "no") + when: "always" variables: COMPONENT: "keycloak-bootstrap" @@ -258,8 +279,11 @@ ox-deploy: stage: "component-deploy-stage-1" extends: ".deploy-common" rules: - - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_OX != "no") - when: always + - if: > + $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && + $NAMESPACE =~ /.+/ && + ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_OX != "no") + when: "always" variables: COMPONENT: "open-xchange" @@ -267,8 +291,11 @@ ics-deploy: stage: "component-deploy-stage-1" extends: ".deploy-common" rules: - - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_ICS != "no") - when: always + - if: > + $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && + $NAMESPACE =~ /.+/ && + ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_ICS != "no") + when: "always" variables: COMPONENT: "intercom-service" @@ -276,8 +303,11 @@ xwiki-deploy: stage: "component-deploy-stage-1" extends: ".deploy-common" rules: - - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_XWIKI != "no") - when: always + - if: > + $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && + $NAMESPACE =~ /.+/ && + ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_XWIKI != "no") + when: "always" variables: COMPONENT: "xwiki" @@ -285,8 +315,11 @@ collabora-deploy: stage: "component-deploy-stage-1" extends: ".deploy-common" rules: - - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_NEXTCLOUD != "no" || $DEPLOY_COLLABORA != "no") - when: always + - if: > + $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && + $NAMESPACE =~ /.+/ && + ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_NEXTCLOUD != "no" || $DEPLOY_COLLABORA != "no") + when: "always" variables: COMPONENT: "collabora" @@ -294,8 +327,11 @@ nextcloud-deploy: stage: "component-deploy-stage-1" extends: ".deploy-common" rules: - - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_NEXTCLOUD != "no") - when: always + - if: > + $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && + $NAMESPACE =~ /.+/ && + ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_NEXTCLOUD != "no") + when: "always" variables: COMPONENT: "nextcloud" @@ -303,8 +339,11 @@ openproject-deploy: stage: "component-deploy-stage-1" extends: ".deploy-common" rules: - - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_OPENPROJECT != "no") - when: always + - if: > + $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && + $NAMESPACE =~ /.+/ && + ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_OPENPROJECT != "no") + when: "always" variables: COMPONENT: "openproject" @@ -312,8 +351,11 @@ jitsi-deploy: stage: "component-deploy-stage-1" extends: ".deploy-common" rules: - - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_JITSI != "no") - when: always + - if: > + $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && + $NAMESPACE =~ /.+/ && + ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_JITSI != "no") + when: "always" variables: COMPONENT: "jitsi" @@ -325,10 +367,12 @@ env-stop: image: "${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/alpine/k8s:1.25.6" needs: [] rules: - - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ + - if: > + $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ when: "manual" script: - - "echo 'We do not stop the env (delete the namespace) at the moment in this stage, as deleting a branches also triggers this env-stop stage and we do not want this to happen.'" + - "echo 'We do not stop the env (delete the namespace) at the moment in this stage, as deleting a branches also + triggers this env-stop stage and we do not want this to happen.'" # - kubectl delete namespace "${NAMESPACE}" stage: "env-stop" variables: @@ -344,8 +388,9 @@ run-tests: - "${CLUSTER}" stage: "tests" rules: - - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && $RUN_TESTS == "yes" - when: always + - if: > + $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && $RUN_TESTS == "yes" + when: "always" script: - | COMPONENTS="login or portal or profile or navigation" @@ -383,10 +428,11 @@ run-tests: common-yaml-linter: except: - - tags - - web + - "tags" + - "web" reuse-linter: + allow_failure: false except: - - tags - - web + - "tags" + - "web" diff --git a/helmfile/apps/keycloak/values-keycloak-idp.yaml b/helmfile/apps/keycloak/values-keycloak-idp.yaml index a47ec514..f7879f56 100644 --- a/helmfile/apps/keycloak/values-keycloak-idp.yaml +++ b/helmfile/apps/keycloak/values-keycloak-idp.yaml @@ -3,6 +3,7 @@ --- keycloakConfigCli: configuration: + # yamllint disable rule:line-length idp.json: | { "id": "$(IDENTIFIER)", @@ -1688,4 +1689,5 @@ keycloakConfigCli: ], "browserFlow": "2fa-browser" } + # yamllint enable rule:line-length ... diff --git a/helmfile/apps/keycloak/values-keycloak.yaml b/helmfile/apps/keycloak/values-keycloak.yaml index fc7cfaa6..19f6ca50 100644 --- a/helmfile/apps/keycloak/values-keycloak.yaml +++ b/helmfile/apps/keycloak/values-keycloak.yaml @@ -10,12 +10,14 @@ auth: adminUser: "kcadmin" # not working as expected with older helm chart, check if it works with most recent one. # meanwhile we set the loglevel using the extraEnvVars a bit below. -#logging: -# level: "DEBUG" +# logging: +# level: "DEBUG" extraEnvVars: - name: "KC_LOG_LEVEL" value: "INFO" -extraStartupArgs: "-Dkeycloak.profile.feature.token_exchange=enabled -Dkeycloak.profile.feature.admin_fine_grained_authz=enabled" +extraStartupArgs: > + -Dkeycloak.profile.feature.token_exchange=enabled + -Dkeycloak.profile.feature.admin_fine_grained_authz=enabled service: type: "ClusterIP" @@ -44,8 +46,12 @@ extraVolumeMounts: keycloakConfigCli: enabled: true - command: [ "java", "-jar" ,"/opt/bitnami/keycloak-config-cli/keycloak-config-cli-19.0.3.jar" ] - args: [ "--import.var-substitution.enabled=true" ] + command: + - "java" + - "-jar" + - "/opt/bitnami/keycloak-config-cli/keycloak-config-cli-19.0.3.jar" + args: + - "--import.var-substitution.enabled=true" cache: enabled: false diff --git a/helmfile/apps/nextcloud/values-nextcloud.yaml b/helmfile/apps/nextcloud/values-nextcloud.yaml index 37381039..e9fa9494 100644 --- a/helmfile/apps/nextcloud/values-nextcloud.yaml +++ b/helmfile/apps/nextcloud/values-nextcloud.yaml @@ -17,7 +17,9 @@ cronjob: postStartCommand: - "sh" - "-c" - - 'sed -i "s/\*\/5 \* \* \* \* php -f \/var\/www\/html\/cron.php/\*\/1 \* \* \* \* php -f \/var\/www\/html\/cron.php/g" /var/spool/cron/crontabs/www-data' + - > + sed -i "s/\*\/5 \* \* \* \* php -f \/var\/www\/html\/cron.php/\*\/1 \* \* \* \* php -f + \/var\/www\/html\/cron.php/g" /var/spool/cron/crontabs/www-data internalDatabase: enabled: false diff --git a/helmfile/apps/open-xchange/values-openxchange.yaml b/helmfile/apps/open-xchange/values-openxchange.yaml index 2ea4a7e1..c4ca58e2 100644 --- a/helmfile/apps/open-xchange/values-openxchange.yaml +++ b/helmfile/apps/open-xchange/values-openxchange.yaml @@ -13,13 +13,13 @@ appsuite: status: # enable admin pack # admin: enabled - documents: disabled - guard: enabled + documents: "disabled" + guard: "enabled" packages: status: - open-xchange-oidc: enabled - open-xchange-authentication-database: disabled - open-xchange-authentication-oauth: enabled + open-xchange-oidc: "enabled" + open-xchange-authentication-database: "disabled" + open-xchange-authentication-oauth: "enabled" properties: com.openexchange.UIWebPath: "/appsuite/" # OIDC @@ -50,10 +50,10 @@ appsuite: com.openexchange.mail.transportServer: "postfix" com.openexchange.mail.transportServerSource: "global" # Mailfilter - com.openexchange.mail.filter.loginType: global - com.openexchange.mail.filter.credentialSource: mail - com.openexchange.mail.filter.server: dovecot - com.openexchange.mail.filter.preferredSaslMech: XOAUTH2 + com.openexchange.mail.filter.loginType: "global" + com.openexchange.mail.filter.credentialSource: "mail" + com.openexchange.mail.filter.server: "dovecot" + com.openexchange.mail.filter.preferredSaslMech: "XOAUTH2" # Capabilities com.openexchange.capability.client-onboarding: "true" com.openexchange.capability.dynamic-theme: "true" @@ -64,7 +64,7 @@ appsuite: com.openexchange.capability.public-sector: "true" com.openexchange.capability.smime: "true" # Secondary Accounts - com.openexchange.mail.secondary.authType: XOAUTH2 + com.openexchange.mail.secondary.authType: "XOAUTH2" # Nextcloud integration com.openexchange.file.storage.nextcloud.oauth.url: "http://nextcloud/" com.openexchange.file.storage.nextcloud.oauth.webdav.username.strategy: "user" @@ -97,17 +97,18 @@ appsuite: io.ox/core//features/managedResources: "true" # Categories io.ox/core//features/categories: "true" - io.ox/core//categories/predefined: '[{ "name": "Predefined", "color": "orange", "icon": "bi/exclamation-circle.svg" }]' + io.ox/core//categories/predefined: > + [{ "name": "Predefined", "color": "orange", "icon": "bi/exclamation-circle.svg" }] # Nextcloud integration # io.ox.nextcloud//server: "https://ics./fs/" # Central navigation - io.ox.public-sector//navigation/oxtabname: tab_groupware + io.ox.public-sector//navigation/oxtabname: "tab_groupware" # io.ox.public-sector//ics/url: "https://ics./" io.ox/core//apps/quickLaunchCount: "0" io.ox/core//coloredIcons: "false" # Dynamic theme io.ox/dynamic-theme//mainColor: "#004B76" - io.ox/dynamic-theme//logoURL: io.ox.public-sector/logo.svg + io.ox/dynamic-theme//logoURL: "io.ox.public-sector/logo.svg" io.ox/dynamic-theme//logoWidth: "80" io.ox/dynamic-theme//topbarBackground: "#fff" io.ox/dynamic-theme//topbarColor: "#1f1f1f" @@ -120,10 +121,10 @@ appsuite: asConfig: default: - host: all + host: "all" pageHeaderPrefix: "as8.souvap App Suite" oidcLogin: true - oidcPath: /oidc + oidcPath: "/oidc" core-ui: enabled: true diff --git a/helmfile/apps/openproject/values.yaml b/helmfile/apps/openproject/values.yaml index d45ff7a4..a9336745 100644 --- a/helmfile/apps/openproject/values.yaml +++ b/helmfile/apps/openproject/values.yaml @@ -27,7 +27,8 @@ openproject: # seed will only be executed on initial installation seed_locale: "de" -# For more details and more options see https://www.openproject.org/docs/installation-and-operations/configuration/environment/ +# For more details and more options see +# https://www.openproject.org/docs/installation-and-operations/configuration/environment/ environment: OPENPROJECT_LOG__LEVEL: "info" OPENPROJECT_OPENID__CONNECT_KEYCLOAK_ATTRIBUTE__MAP_LOGIN: "phoenixusername" diff --git a/helmfile/apps/provisioning/values-oxconnector.yaml b/helmfile/apps/provisioning/values-oxconnector.yaml index c4a4f420..c1d59570 100644 --- a/helmfile/apps/provisioning/values-oxconnector.yaml +++ b/helmfile/apps/provisioning/values-oxconnector.yaml @@ -6,7 +6,7 @@ ingress: oxConnector: ldapHost: "univention-corporate-container" - #ldapHostIp: "" + # ldapHostIp: "" ldapBaseDn: "dc=swp-ldap,dc=internal" ldapHostDn: "cn=admin,dc=swp-ldap,dc=internal" notifierServer: "univention-corporate-container" diff --git a/helmfile/apps/xwiki/values.yaml b/helmfile/apps/xwiki/values.yaml index 2cf6525c..5ffc53a4 100644 --- a/helmfile/apps/xwiki/values.yaml +++ b/helmfile/apps/xwiki/values.yaml @@ -39,10 +39,13 @@ properties: "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.btn-primary-bg": "@brand-primary" "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-color": "@brand-primary" "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-color": "@brand-primary" - "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-hover-color": "@brand-primary" - "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-active-color": "@brand-primary" + "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-hover-color": + "@brand-primary" + "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-active-color": + "@brand-primary" "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-bg": "#fff" "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-hover-bg": "#fff" + # yamllint disable-line rule:line-length "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.lessCode": "'@list-group-active-border: @list-group-border; @gray-light: #727272; @text-muted: @gray; @xwiki-drawer-menu-item-hover-bg: @list-group-hover-bg; @xwiki-drawer-menu-item-hover-color: @list-group-link-hover-color; @well-bg: @body-bg; .navbar-default { border-bottom: 3px solid @brand-primary !important; } #menuview .navbar-brand img { padding: 5px; }'" "property:xwiki:XWiki.AuthService.Configuration^XWiki.AuthService.ConfigurationClass.authService": "oidc" @@ -52,8 +55,9 @@ customConfigs: xwiki.properties: oidc.scope: "openid,profile,email,address,phoenix" oidc.endpoint.userinfo.method: "GET" - oidc.user.nameFormater: '${oidc.user.phoenixusername._lowerCase}' - oidc.user.subjectFormater: '${oidc.user.subject}' + oidc.user.nameFormater: "${oidc.user.phoenixusername._lowerCase}" + oidc.user.subjectFormater: "${oidc.user.subject}" + # yamllint disable-line rule:line-length oidc.userinfoclaims: "xwiki_user_accessibility,xwiki_user_company,xwiki_user_displayHiddenDocuments,xwiki_user_editor,xwiki_user_usertype" oidc.clientid: "xwiki" oidc.endpoint.token.auth_method: "client_secret_basic"