diff --git a/.github/workflows/clean_workflow.yml b/.github/workflows/clean_workflow.yml index cdffa1004..d0c132e5c 100644 --- a/.github/workflows/clean_workflow.yml +++ b/.github/workflows/clean_workflow.yml @@ -55,7 +55,7 @@ jobs: - run: | echo "git_ref_name=${{ inputs.branch }}" >> $GITHUB_ENV echo git_ref_name ${{ inputs.branch }} - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: repository: hpi-schul-cloud/${{ matrix.repo }} token: ${{ secrets.token }} @@ -72,7 +72,7 @@ jobs: echo "branch_exists=false" >> $GITHUB_ENV fi ## Write for matrix outputs workaround https://github.com/orgs/community/discussions/17245 - - uses: cloudposse/github-action-matrix-outputs-write@0.4.2 + - uses: cloudposse/github-action-matrix-outputs-write@0.5.0 id: out with: matrix-step-name: ${{ github.job }} @@ -88,7 +88,7 @@ jobs: are_all_branches_deleted: ${{ steps.are_all_branches_deleted.outputs.are_all_branches_deleted }} steps: ## read for matrix outputs workaround https://github.com/orgs/community/discussions/17245 - - uses: cloudposse/github-action-matrix-outputs-read@0.1.1 + - uses: cloudposse/github-action-matrix-outputs-read@0.1.2 id: read with: matrix-step-name: gather_branch_exists diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index ed755e8a2..5a99e254f 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -61,7 +61,7 @@ jobs: - run: | echo "git_ref_name=${{ inputs.branch }}" >> $GITHUB_ENV echo git_ref_name ${{ inputs.branch }} - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: repository: hpi-schul-cloud/${{ matrix.repos }} token: ${{ secrets.token }} @@ -85,7 +85,7 @@ jobs: done - run: tar -cf ${{ matrix.repos }}.tar ansible working-directory: ${{github.workspace }}/${{ matrix.repos }} - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: name: ${{ matrix.repos }} path: ${{github.workspace }}/${{ matrix.repos }}/${{ matrix.repos }}.tar @@ -107,7 +107,7 @@ jobs: echo "NAMESPACE: ${{ needs.create_branch_identifier.outputs.id_branch }}" > cfg_host.yml echo "DOMAIN: ${{ needs.create_branch_identifier.outputs.id_branch }}.${{ matrix.tenants }}.dbildungscloud.dev" >> cfg_host.yml - run: tar -cf ${{ matrix.tenants }}.tar ansible - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: name: ${{ matrix.tenants }} path: ${{github.workspace }}/${{ matrix.tenants }}.tar @@ -163,7 +163,7 @@ jobs: uses: hpi-schul-cloud/dof_app_deploy/.github/workflows/deploy_dev.yml@main with: host_name: dbc_host - tenannt: dbc + tenant: dbc secrets: ONEPASSWORD_VAULT: ${{ secrets.DEV_VAULT_DBC }} KUBECONFIG: ${{ secrets.DEV_KUBE_CONFIG_DBC }} @@ -175,7 +175,7 @@ jobs: uses: hpi-schul-cloud/dof_app_deploy/.github/workflows/deploy_dev.yml@main with: host_name: nbc_host - tenannt: nbc + tenant: nbc secrets: ONEPASSWORD_VAULT: ${{ secrets.DEV_VAULT_NBC }} KUBECONFIG: ${{ secrets.DEV_KUBE_CONFIG_NBC }} @@ -187,7 +187,7 @@ jobs: uses: hpi-schul-cloud/dof_app_deploy/.github/workflows/deploy_dev.yml@main with: host_name: brb_host - tenannt: brb + tenant: brb secrets: ONEPASSWORD_VAULT: ${{ secrets.DEV_VAULT_BRB }} KUBECONFIG: ${{ secrets.DEV_KUBE_CONFIG_BRB }} @@ -199,7 +199,7 @@ jobs: uses: hpi-schul-cloud/dof_app_deploy/.github/workflows/deploy_dev.yml@main with: host_name: thr_host - tenannt: thr + tenant: thr secrets: ONEPASSWORD_VAULT: ${{ secrets.DEV_VAULT_THR }} KUBECONFIG: ${{ secrets.DEV_KUBE_CONFIG_THR }} diff --git a/.github/workflows/deploy_dev.yml b/.github/workflows/deploy_dev.yml index aa99d2e0c..87a4db595 100644 --- a/.github/workflows/deploy_dev.yml +++ b/.github/workflows/deploy_dev.yml @@ -7,7 +7,7 @@ on: host_name: required: true type: string - tenannt: + tenant: required: true type: string secrets: @@ -22,16 +22,18 @@ permissions: jobs: deploy: runs-on: ubuntu-latest - name: deploy ${{ inputs.tenannt }} + name: deploy ${{ inputs.tenant }} steps: - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@v4 + - run: ls -R - run: mv */*.tar ./ - run: find -name "*.tar" -exec tar -xf {} \; - - run: tar -cf ansible.tar ansible - - uses: actions/upload-artifact@v3 + - run: tar -cf ${{ inputs.tenant }}-ansible.tar ansible + - uses: actions/upload-artifact@v4 with: - name: ansible - path: ${{github.workspace }}/ansible.tar + name: debug-${{ inputs.tenant }}-ansible + path: ${{github.workspace }}/${{ inputs.tenant }}-ansible.tar + overwrite: true - shell: bash run: | python3 -m pip install kubernetes 'urllib3>=1.26.16' @@ -41,7 +43,7 @@ jobs: run: | echo "VAULT: ${{ secrets.ONEPASSWORD_VAULT }}" >> develop/dof_deploy.yml echo "ONEPASSWORD_OPERATOR_VAULT: ${{ secrets.ONEPASSWORD_VAULT }}" >> develop/dof_deploy.yml - echo "TLS_ENABELD: \"true\"" >> develop/dof_deploy.yml + echo "TLS_ENABLED: \"true\"" >> develop/dof_deploy.yml - run: ansible-galaxy install -r ansible/collections/requirements.yml - working-directory: ${{github.workspace }}/ansible/roles/sys run: | diff --git a/.github/workflows/host.yml b/.github/workflows/host.yml index d3b0e1d9e..bac53bc2f 100644 --- a/.github/workflows/host.yml +++ b/.github/workflows/host.yml @@ -46,7 +46,7 @@ jobs: environment: ${{ inputs.host_name }} steps: - run: mkdir repo - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: repository: hpi-schul-cloud/dof_app_deploy path: repo/dof_app_deploy @@ -61,55 +61,55 @@ jobs: sed -e "s/IMAGE_TAG: /VERSION=/g" version.yml >> $GITHUB_ENV sed -e "s/IMAGE_TAG: /BRANCH_NAME: /g" version.yml >> branch_name.yml echo "DOF_APP_DEPLOY_BRANCH_NAME: ${{ inputs.cfg_version }}" >> branch_name.yml - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: repository: hpi-schul-cloud/schulcloud-server path: repo/schulcloud-server token: ${{ secrets.token }} ref: ${{ env.SCHULCLOUD_SERVER_VERSION }} - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: repository: hpi-schul-cloud/schulcloud-client path: repo/schulcloud-client token: ${{ secrets.token }} ref: ${{ env.SCHULCLOUD_CLIENT_VERSION }} - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: repository: hpi-schul-cloud/nuxt-client path: repo/nuxt-client token: ${{ secrets.token }} ref: ${{ env.NUXT_CLIENT_VERSION }} - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: repository: hpi-schul-cloud/superhero-dashboard path: repo/superhero-dashboard token: ${{ secrets.token }} ref: ${{ env.SUPERHERO_DASHBOARD_VERSION }} - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: repository: hpi-schul-cloud/h5p-staticfiles-server path: repo/h5p-staticfiles-server token: ${{ secrets.token }} ref: ${{ env.H5P_STATICFILES_SERVER_VERSION }} - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: repository: hpi-schul-cloud/schulcloud-calendar path: repo/schulcloud-calendar token: ${{ secrets.token }} ref: ${{ env.SCHULCLOUD_CALENDAR_VERSION }} - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: repository: hpi-schul-cloud/antivirus_check_service path: repo/antivirus_check_service token: ${{ secrets.token }} ref: ${{ env.ANTIVIRUS_CHECK_SERVICE_VERSION }} - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: repository: hpi-schul-cloud/version-aggregator path: repo/version-aggregator token: ${{ secrets.token }} ref: ${{ env.VERSION_AGGREGATOR_VERSION }} - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: repository: hpi-schul-cloud/tldraw-client path: repo/tldraw-client @@ -133,7 +133,7 @@ jobs: cp dof_app_deploy/ansible/collections/requirements.yml ../ansible/collections/requirements.yml cd .. - run: tar -cf ${{ inputs.host_name }}.tar ansible - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: name: ${{ inputs.host_name }} path: ${{github.workspace }}/${{ inputs.host_name }}.tar diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 609298231..ce3bac9c1 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -11,7 +11,7 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install Python 3 uses: actions/setup-python@v4 with: diff --git a/ansible/roles/erwin-idm/templates/ingress.yml.j2 b/ansible/roles/erwin-idm/templates/ingress.yml.j2 index d6675bbe9..59da0ec9c 100644 --- a/ansible/roles/erwin-idm/templates/ingress.yml.j2 +++ b/ansible/roles/erwin-idm/templates/ingress.yml.j2 @@ -8,7 +8,7 @@ metadata: nginx.ingress.kubernetes.io/proxy-body-size: "50m" nginx.ingress.kubernetes.io/proxy-buffers-number: "4" nginx.ingress.kubernetes.io/proxy-buffer-size: "256k" - nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABELD|default("false") }}" + nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABLED|default("false") }}" nginx.ingress.kubernetes.io/configuration-snippet: | more_set_headers "Host $host"; more_set_headers "X-Real-IP $remote_addr"; @@ -21,7 +21,7 @@ metadata: spec: ingressClassName: {{ INGRESS_CLASS }} -{% if CLUSTER_ISSUER is defined or (TLS_ENABELD is defined and TLS_ENABELD|bool) %} +{% if CLUSTER_ISSUER is defined or (TLS_ENABLED is defined and TLS_ENABLED|bool) %} tls: - hosts: - {{ ERWINIDM_PREFIX }}{{ DOMAIN }} diff --git a/ansible/roles/hydra/templates/ingress.yml.j2 b/ansible/roles/hydra/templates/ingress.yml.j2 index 292f5b2db..5c6ca8e87 100644 --- a/ansible/roles/hydra/templates/ingress.yml.j2 +++ b/ansible/roles/hydra/templates/ingress.yml.j2 @@ -5,14 +5,14 @@ metadata: name: {{ NAMESPACE }}-hydra-ingress namespace: {{ NAMESPACE }} annotations: - nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABELD|default("false") }}" + nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABLED|default("false") }}" {% if CLUSTER_ISSUER is defined %} cert-manager.io/cluster-issuer: {{ CLUSTER_ISSUER }} {% endif %} spec: ingressClassName: {{ INGRESS_CLASS }} -{% if CLUSTER_ISSUER is defined or (TLS_ENABELD is defined and TLS_ENABELD|bool) %} +{% if CLUSTER_ISSUER is defined or (TLS_ENABLED is defined and TLS_ENABLED|bool) %} tls: - hosts: - {{ HYDRA_DNS_PREFIX }}{{ DOMAIN }} diff --git a/ansible/roles/ingress/templates/ingress.yml.j2 b/ansible/roles/ingress/templates/ingress.yml.j2 index fb9a9897b..4b5fa405e 100644 --- a/ansible/roles/ingress/templates/ingress.yml.j2 +++ b/ansible/roles/ingress/templates/ingress.yml.j2 @@ -14,7 +14,7 @@ metadata: name: {{ NAMESPACE }}-ingress namespace: {{ NAMESPACE }} annotations: - nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABELD|default("false") }}" + nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABLED|default("false") }}" nginx.ingress.kubernetes.io/proxy-body-size: "{{ INGRESS_MAX_BODY_SIZE|default("2560") }}m" nginx.org/client-max-body-size: "{{ INGRESS_MAX_BODY_SIZE|default("2560") }}m" # The following properties added with BC-3606. @@ -41,7 +41,7 @@ metadata: spec: ingressClassName: {{ INGRESS_CLASS }} -{% if CLUSTER_ISSUER is defined or (TLS_ENABELD is defined and TLS_ENABELD|bool) %} +{% if CLUSTER_ISSUER is defined or (TLS_ENABLED is defined and TLS_ENABLED|bool) %} tls: - hosts: - {{ DOMAIN }} diff --git a/ansible/roles/libreoffice/templates/ingress.yml.j2 b/ansible/roles/libreoffice/templates/ingress.yml.j2 index 45f213939..494a20b50 100644 --- a/ansible/roles/libreoffice/templates/ingress.yml.j2 +++ b/ansible/roles/libreoffice/templates/ingress.yml.j2 @@ -5,14 +5,14 @@ metadata: name: {{ NAMESPACE }}-libreoffice-ingress namespace: {{ NAMESPACE }} annotations: - nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABELD|default("false") }}" + nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABLED|default("false") }}" {% if CLUSTER_ISSUER is defined %} cert-manager.io/cluster-issuer: {{ CLUSTER_ISSUER }} {% endif %} spec: ingressClassName: {{ INGRESS_CLASS }} -{% if CLUSTER_ISSUER is defined or (TLS_ENABELD is defined and TLS_ENABELD|bool) %} +{% if CLUSTER_ISSUER is defined or (TLS_ENABLED is defined and TLS_ENABLED|bool) %} tls: - hosts: - {{ LIBREOFFICE_PREFIX }}{{ DOMAIN }} diff --git a/ansible/roles/oidcmock/templates/ingress.yml.j2 b/ansible/roles/oidcmock/templates/ingress.yml.j2 index 1b5fbc8a5..2cd5dd85e 100644 --- a/ansible/roles/oidcmock/templates/ingress.yml.j2 +++ b/ansible/roles/oidcmock/templates/ingress.yml.j2 @@ -5,14 +5,14 @@ metadata: name: {{ NAMESPACE }}-oidcmock-ingress namespace: {{ NAMESPACE }} annotations: - nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABELD|default("false") }}" + nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABLED|default("false") }}" {% if CLUSTER_ISSUER is defined %} cert-manager.io/cluster-issuer: {{ CLUSTER_ISSUER }} {% endif %} spec: ingressClassName: {{ INGRESS_CLASS }} -{% if CLUSTER_ISSUER is defined or (TLS_ENABELD is defined and TLS_ENABELD|bool) %} +{% if CLUSTER_ISSUER is defined or (TLS_ENABLED is defined and TLS_ENABLED|bool) %} tls: - hosts: - {{ OIDCMOCK_PREFIX }}{{ DOMAIN }} diff --git a/ansible/roles/rocketchat/templates/ingress.yml.j2 b/ansible/roles/rocketchat/templates/ingress.yml.j2 index 9f23aebd1..0e3a9e6e5 100644 --- a/ansible/roles/rocketchat/templates/ingress.yml.j2 +++ b/ansible/roles/rocketchat/templates/ingress.yml.j2 @@ -5,14 +5,14 @@ metadata: name: rocketchat-ingress namespace: {{ NAMESPACE }} annotations: - nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABELD|default("false") }}" + nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABLED|default("false") }}" {% if CLUSTER_ISSUER is defined %} cert-manager.io/cluster-issuer: {{ CLUSTER_ISSUER }} {% endif %} spec: ingressClassName: {{ INGRESS_CLASS }} -{% if CLUSTER_ISSUER is defined or (TLS_ENABELD is defined and TLS_ENABELD|bool) %} +{% if CLUSTER_ISSUER is defined or (TLS_ENABLED is defined and TLS_ENABLED|bool) %} tls: - hosts: - {{ ROCKETCHAT_DNS_PREFIX }}{{ DOMAIN }} diff --git a/ansible/roles/storage/templates/ingress.yml.j2 b/ansible/roles/storage/templates/ingress.yml.j2 index 6d7d8672c..ff6efe9f0 100644 --- a/ansible/roles/storage/templates/ingress.yml.j2 +++ b/ansible/roles/storage/templates/ingress.yml.j2 @@ -7,14 +7,14 @@ metadata: annotations: nginx.ingress.kubernetes.io/proxy-body-size: 2560m nginx.ingress.kubernetes.io/client_max_body_size: 2560m - nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABELD|default("false") }}" + nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABLED|default("false") }}" {% if CLUSTER_ISSUER is defined %} cert-manager.io/cluster-issuer: {{ CLUSTER_ISSUER }} {% endif %} spec: ingressClassName: {{ INGRESS_CLASS }} -{% if CLUSTER_ISSUER is defined or (TLS_ENABELD is defined and TLS_ENABELD|bool) %} +{% if CLUSTER_ISSUER is defined or (TLS_ENABLED is defined and TLS_ENABLED|bool) %} tls: - hosts: - {{ STORAGE_PREFIX }}{{ DOMAIN }}