stack/kustomizations/forgejo/scripts/generate-forgejo-secret.sh

#!/bin/sh

if test -t 1; then
  # This is not foolproof. Can easily be beat by doing |cat. This is just to
  # make it less likely that secrets are output to terminal.
  echo "Error: Not outputting secret to stdout; redirect output to a file or" \
    "pipe output to \`sops\`." >/dev/stderr
  exit 1
fi

FORGEJO_VERSION="1.20.5-0"
FORGEJO_TAG="sha256:d665129e66cc04fa72aa6a284eb98b17c0eee642aeaad7c88edec21f9edbf519"
FORGEJO_SLUG="${FORGEJO_VERSION}@${FORGEJO_TAG}"

forgejo() {
  # TODO: make this extract image tag from kustomization?
  docker run "codeberg.org/forgejo/forgejo:$FORGEJO_SLUG" forgejo "$@"
}

GITEA__SERVER__LFS_JWT_SECRET="$(forgejo generate secret LFS_JWT_SECRET)"
GITEA__SECURITY__SECRET_KEY="$(forgejo generate secret SECRET_KEY)"
GITEA__SECURITY__INTERNAL_TOKEN="$(forgejo generate secret INTERNAL_TOKEN)"

cat <<EOF
apiVersion: v1
kind: Secret
metadata:
  name: forgejo-config
stringData:
  GITEA__SERVER__LFS_JWT_SECRET: ${GITEA__SERVER__LFS_JWT_SECRET}
  GITEA__SECURITY__SECRET_KEY: ${GITEA__SECURITY__SECRET_KEY}
  GITEA__SECURITY__INTERNAL_TOKEN: ${GITEA__SECURITY__INTERNAL_TOKEN}
EOF
k/forgejo: initial WIP commit 2023-05-16 01:51:42 +00:00			`#!/bin/sh`

			`if test -t 1; then`
			`# This is not foolproof. Can easily be beat by doing \|cat. This is just to`
			`# make it less likely that secrets are output to terminal.`
			`echo "Error: Not outputting secret to stdout; redirect output to a file or" \`
			"pipe output to \`sops\`." >/dev/stderr
			`exit 1`
			`fi`

kustomizations/forgejo: bump to 1.20.5-0 2023-11-02 02:55:13 +00:00			`FORGEJO_VERSION="1.20.5-0"`
			`FORGEJO_TAG="sha256:d665129e66cc04fa72aa6a284eb98b17c0eee642aeaad7c88edec21f9edbf519"`
k/forgejo: initial WIP commit 2023-05-16 01:51:42 +00:00			`FORGEJO_SLUG="${FORGEJO_VERSION}@${FORGEJO_TAG}"`

			`forgejo() {`
			`# TODO: make this extract image tag from kustomization?`
			`docker run "codeberg.org/forgejo/forgejo:$FORGEJO_SLUG" forgejo "$@"`
			`}`

			`GITEA__SERVER__LFS_JWT_SECRET="$(forgejo generate secret LFS_JWT_SECRET)"`
			`GITEA__SECURITY__SECRET_KEY="$(forgejo generate secret SECRET_KEY)"`
			`GITEA__SECURITY__INTERNAL_TOKEN="$(forgejo generate secret INTERNAL_TOKEN)"`

			`cat <<EOF`
			`apiVersion: v1`
			`kind: Secret`
			`metadata:`
			`name: forgejo-config`
			`stringData:`
			`GITEA__SERVER__LFS_JWT_SECRET: ${GITEA__SERVER__LFS_JWT_SECRET}`
			`GITEA__SECURITY__SECRET_KEY: ${GITEA__SECURITY__SECRET_KEY}`
			`GITEA__SECURITY__INTERNAL_TOKEN: ${GITEA__SECURITY__INTERNAL_TOKEN}`
			`EOF`