From 63c1d6ce9465c9c3d9aed35e2910a40fce67e911 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 13 Mar 2023 11:29:27 +0100 Subject: [PATCH 01/89] Initial commit --- LICENSE | 201 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ README.md | 2 + 2 files changed, 203 insertions(+) create mode 100644 LICENSE create mode 100644 README.md diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..261eeb9 --- /dev/null +++ b/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.md b/README.md new file mode 100644 index 0000000..3d0418c --- /dev/null +++ b/README.md @@ -0,0 +1,2 @@ +# stage.ocelot.social +stage.ocelot.social From 5b031fab366351c68b8267b4bb14b93992b63498 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 13 Mar 2023 11:37:35 +0100 Subject: [PATCH 02/89] first commit of encrypted values --- .gitignore | 2 ++ kubeconfig.yaml.enc | Bin 0 -> 1518 bytes kubernetes/dns.values.yaml.enc | 3 +++ kubernetes/values.yaml.enc | Bin 0 -> 1756 bytes 4 files changed, 5 insertions(+) create mode 100644 .gitignore create mode 100644 kubeconfig.yaml.enc create mode 100644 kubernetes/dns.values.yaml.enc create mode 100644 kubernetes/values.yaml.enc diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..9a669da --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +*.yaml +SECRET \ No newline at end of file diff --git a/kubeconfig.yaml.enc b/kubeconfig.yaml.enc new file mode 100644 index 0000000000000000000000000000000000000000..84447362928da6402fb7259fb70f8fcbc5695db6 GIT binary patch literal 1518 zcmVK& ztcDZ%if7og&eu8sx?SohNl{*rdB8q&U%g!b#vaswA}OS^m)x6s!bJ^N2jvf z!=_jc-!d!|$IgtD+InwF!3Kxq@sP)Y#Sz7H&48v|ox#2sQrij$Wh16X7*kO-)5SXC zt?ib6H!{}*gqcgTA1|*r<4dVY#puM-wng2ti1pA+j5P-E{c@<){kTUG98NZ*tkGg& zK${!Sj8;wU=X-|h6c-%Xbb|T4703EBn(XBk2}HK4f5P)c9t*YJXWJwy7Q6o`z|NQ} zV`YE(zI6Q{)O)Cpy0O@T{_xUfeX;E?aS$6Sr}>|fB!_KUlMJJ*VVURe%zbK#rx-9Y zP@o2pjQcqcze`+I&I(cRFxGe-M4?INFD>1V7Qkbfs_71t+cQ-3>m_3@Ge>D)nz0Q7 zmp;hHvXQnP3}fcu7{YoUOSvmIw;H2pXnzF7*kTtw8C~(;3k+4B9G0p2d5@-tVUC3D zTFe`bJc&D`&meI-vUNq!a9Jp=U?KBsnz^;Ah~jFRrZ;3>C~YY6*V=z^5@O=W0#EYt zl#c^5uqU2Os_Y$sCHYnLR|aDrJ>r)xK1x;zwc-F57Whj65sgWrZ7Q(U0cti3 z@D!a%Na|8ygPAE!7dp4~`<2`D^hTUwkLduvzy>;RXEjq37qnB|^|uw2ipI7-g#y!5in%8B>AEa?zBB7ScY+zqD8edPrgbHt8qxSD@KcA zj5X$4K(@8u1vYW6H>I#`tjNfG%Iy=(-dFt1iJ3wp%#**anO94dxmNYt_5c6? literal 0 HcmV?d00001 diff --git a/kubernetes/dns.values.yaml.enc b/kubernetes/dns.values.yaml.enc new file mode 100644 index 0000000..d8065b3 --- /dev/null +++ b/kubernetes/dns.values.yaml.enc @@ -0,0 +1,3 @@ +  K_CGNeOxKռvILϥ: ct8 Q4-ȤmSo_:%XoKL) vc ) +e ^eȜw}-sYM v6P0Vn)9z4p@T0sDYeVMHrmofd!$7@7>e1b3Jy%ZLD0*O*HN zCZ;2W9Na1Q_Rg#o{@rOi)L%eVX8B;q5?G}g7O>e%|@^z%I zQK!)j`sl63X;BIzbns#WjArIO# zfue?@#y&Rgn*~Cx`!1rvouTc_5zEc zqM5i^rXJuR!M*Tv?sd00JzLDjSQImgMgzQjs~reBS@-lb!zK;Yy$g9*Wb2=5Lr|YA zw0+Egm9N&l<*z$pEJn7Meg@h0Hxg*y>G5WUC0AK~HdFte612AVKLMU3M~20di+Oq* zez!&KD4m}S58w|MGS(|Tp_kB$0&YIUet}Q@*hWjwtDv@2r;OhmPg-`zKcH>LLa<$x zqORBmEnM_4pumE#<9hJ74i~k1^7Di@C+AW&?pY2221R&bMTW-G8&>Oc}*W}vFd0oy*Wc2k<6|Es%P&x^DYb2~j z^afQCD%UVMH!8To1v%ehoQ!rXg0^9PglhWidHB*y^Hw)GtW8Z`wieE(&7DwY{NJ7O zpBBHQ)E%`u?CD_}OPAw6SQ*GEQj3|$6^!ZY z_!WLZRu{>x`ut<)FZgU9f#kSCIv#yY$U2kY<#?X(;$lw&)aL%zfhNll5b&C;;-{M4B(jP}L5O{Sb8mIlglY%|0;9{MDT7Gi5Xhjt6bG5#YzZrH z-Be7c5`)iRyu)yk6-Tq+)ftizKOkyz@CCDl%`|!Oh(IoM+s9b=_7qzY8D&bj?h@ph z^xtc)@+rFH>HJoVeU)%kAa*50LykZ#w;AxkXfx_s1dnnI7mnL3zKXYAe%eWYPYq4x z(%n{2mwOst*X$%7Z6xqB0kDb36LmV_NdHg5T^ZVuC6<3vnK!iqCKALZp{VZ2;BnTHp&V zZ-EAeHDsG?sM@}E?9L_U;3V0srjn`4Z28kI^$Z*WauqJ?q^@2ZrAo3qJ_LPM8pBam zU~Bj7Ad@GjD18EZVt9J&3VeyChuX~>mn#p>&6z@4b9sZB2mI!`1dBmxnVse7>yLM{ zJYVU_82JTgwf0#YuxjX3XAhdT#0)luehi$|jt59ntV0-CXUT z6*!ylL|RvD>3?r()P6GfgJ7p@llKcag24PGsWcBtqXxtBE#Mk}sr!u020fO!w#r(- z++9oTqy2cse`?I2Ec04NAii5)WF&x%)zQ3JWOV19>uF!P6jvu5rVG5Jzef!Xx;rOJ zx4;NGPEdeBbUaW3m?SuxzxD?^Q+=u@JlAT!RJ9M_V;zPzqps||vmqB$a)U?+PvKm% zb{gN%_B0}KV2*QEenCktmfn*u2XVp$GG|%;M~sBSxe!>RELs8cA0((7F>@Rnqk9By zs{J&s3dinzGlv4%k=L`p;6_ihna(p60@RR2Ko)%$mYX(CI2ntxg2lFT?SYVHX7@q* ydi?!TuN^H&=V7l=iZcS#N?_DG?*9F#mA4pGg95a3Ub(d_ZJ9X*F&i!Ez?J)PePa^< literal 0 HcmV?d00001 From 283519dab46b74c4322c130410eae9828aadcda8 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 13 Mar 2023 13:05:06 +0100 Subject: [PATCH 03/89] update --- .env.enc | 3 +++ .gitignore | 3 ++- kubeconfig.yaml.enc | Bin 1518 -> 1517 bytes kubernetes/dns.values.yaml.enc | 5 ++--- kubernetes/values.yaml.enc | Bin 1756 -> 1754 bytes 5 files changed, 7 insertions(+), 4 deletions(-) create mode 100644 .env.enc diff --git a/.env.enc b/.env.enc new file mode 100644 index 0000000..810fcb4 --- /dev/null +++ b/.env.enc @@ -0,0 +1,3 @@ +  m~XfRSǹAKhGr,(EKqs=خvsZ~ ꉤ}Fc|s, +@> +Pd \ No newline at end of file diff --git a/.gitignore b/.gitignore index 9a669da..9bd6bcd 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ *.yaml -SECRET \ No newline at end of file +SECRET +.env \ No newline at end of file diff --git a/kubeconfig.yaml.enc b/kubeconfig.yaml.enc index 84447362928da6402fb7259fb70f8fcbc5695db6..91d9d02f8892ba1e634fefcc0cb4a8642b72ca26 100644 GIT binary patch literal 1517 zcmV1n0a5#e-V2E(xZnMalft;NH#=EXzO7oJgQV0^wA8KQMK>#sP4H+XOBVxFU6fikBwSXYLfxWyZUDnjU$ zS4o-xh~+;EAwm4Axx=%zXrmiXSqkOI9IpZ-u6;~D{qG(UtW`n71mitAk}|1c<)ZV& z#y~T&FW=I8y;z}>9;MEz#k_E1@)jXc!3@(nDkb9T3MZ9c?!~JQE16U+JE{ougiv~%Ey*sRPr`%7lGuJ0?F!F-6z5XNGC$GYWh5qG~IZIyY{Zv$*1kZ@+^ z^jtPm=xVjC*s=sY;I~r>FKefcJ%tUn1|n-#$_%|xbQM4~e6PPA=E1kSXN@O8GcOTo zIsBZFAbhtA31h|9O5?Her1Gq%97Q?Ya9szcv3G{cDBEnaS4TvajKmQjNO(!tS4PWP)Cf!e_+ zt$v(Ur_etv8ce}aUgyXYChcqM*GQEPc-LXDwCc#Mi8;50fANZ_uZCysAH%v}AYCN~ zqsMh5?0vfFz4R@t)Eo2mSzH{RO;&ww3481KA>ab9v*2S@(iZJ?0>jIc4Y@(jRI|<- z@8b=~|9*V8nHOYmIqBVdMo4-n!e>xI-=IvBv;`hG?pKiJSdqJ{wW`MOB}XQjyKX$6 zOFbG=Q8mUs^1OEagy014zFp^{L-ivh9(E3?`NEZxs!a-Xs_`Eq;6mR@6(nX|Wkb|p z#sjjiRdM)J-8mYm=LC@|9*Gi#Kqe=UflP{O=ytfk;bHy4e$|y>u0oM6OdD(+?r;c( z9*i2b50E+w9rpR!_CT9lP6&)zdR(m&o@Rpsj(LNX zD)UA|;to3W6(ek0GsW)gPx;DGV^rgxHJ(xNi^$z`)8Kv%Qp!zhuUKcBQ1)Pv};6e{{b6 zX6lDc%WQ=DcebK$S2Z27?&abN&k5k!k=v)N85D$(9JisQi5 zzpv@)d%zsW{|f2q>g15?x=NBlc-03dw3)mGS3ABXj+@XKT_9Zf&Pn|9w9Nhq1$-uw zXimI7#HB=x;*af@D{dR&7&$w%RZO#1Kr6+$sen2!$5+gO_zn(hYmCGndOA(XF+&;y z<)fjf_(o=}9MnNo{E8r1A~N+-9?n`V?;yNAr>%Y4W%K& ztcDZ%if7og&eu8sx?SohNl{*rdB8q&U%g!b#vaswA}OS^m)x6s!bJ^N2jvf z!=_jc-!d!|$IgtD+InwF!3Kxq@sP)Y#Sz7H&48v|ox#2sQrij$Wh16X7*kO-)5SXC zt?ib6H!{}*gqcgTA1|*r<4dVY#puM-wng2ti1pA+j5P-E{c@<){kTUG98NZ*tkGg& zK${!Sj8;wU=X-|h6c-%Xbb|T4703EBn(XBk2}HK4f5P)c9t*YJXWJwy7Q6o`z|NQ} zV`YE(zI6Q{)O)Cpy0O@T{_xUfeX;E?aS$6Sr}>|fB!_KUlMJJ*VVURe%zbK#rx-9Y zP@o2pjQcqcze`+I&I(cRFxGe-M4?INFD>1V7Qkbfs_71t+cQ-3>m_3@Ge>D)nz0Q7 zmp;hHvXQnP3}fcu7{YoUOSvmIw;H2pXnzF7*kTtw8C~(;3k+4B9G0p2d5@-tVUC3D zTFe`bJc&D`&meI-vUNq!a9Jp=U?KBsnz^;Ah~jFRrZ;3>C~YY6*V=z^5@O=W0#EYt zl#c^5uqU2Os_Y$sCHYnLR|aDrJ>r)xK1x;zwc-F57Whj65sgWrZ7Q(U0cti3 z@D!a%Na|8ygPAE!7dp4~`<2`D^hTUwkLduvzy>;RXEjq37qnB|^|uw2ipI7-g#y!5in%8B>AEa?zBB7ScY+zqD8edPrgbHt8qxSD@KcA zj5X$4K(@8u1vYW6H>I#`tjNfG%Iy=(-dFt1iJ3wp%#**anO94dxmNYt_5c6? diff --git a/kubernetes/dns.values.yaml.enc b/kubernetes/dns.values.yaml.enc index d8065b3..1e88a66 100644 --- a/kubernetes/dns.values.yaml.enc +++ b/kubernetes/dns.values.yaml.enc @@ -1,3 +1,2 @@ -  K_CGNeOxKռvILϥ: ct8 Q4-ȤmSo_:%XoKL) vc ) -e ^eȜw}-sYM v6PmU7as;w9<]ɶQAJ f@TKȤ}wJ,L@f \ No newline at end of file diff --git a/kubernetes/values.yaml.enc b/kubernetes/values.yaml.enc index 8944c6792335a23585fccdb508cfa5fae7604e37..388a8c4fd187bcce76b6fe6eac2d0afa1f9947f0 100644 GIT binary patch literal 1754 zcmV<01||874Fm}T0x@uxM#RF*AokMg0YOY|{OrTnr?QT0y-m=o#kd~yl7twHc>vo= z0XqJI!@m0w*FRkE3lCX3NG;4;hCR_~x5`;v^$VQ}IUedBMK9&}*yKh%Pu9eiokdQh ztQ6VoV^uEYIvp~vDLFDvwwxO7e6D-H-UD5a67P>F*F4Fm zLoEQ)k4jvgh-ZaYLYTY!QsZ7R{^($YhW6_TSe5L7c_{&UkXoW+x+~#lw^TK-%n`d1 zh_9LO)<%wjAMZB{{ai+OPPljZMAguwxe}mi73@~+2gt*z1gWk&qS0k)vrY5~Kn2lR zL^dfq&sm@?a|N&)+(qC84|x}N-{>nffJbW?27rJEW)u$m1zL~rh*_5qr0=8&Sx*oz zT5Ipvoc7;&Ot=)T4mTO9OM!uGwU`E&Fm~lP6>;OtU`yM8xmEe!dzrSy=stNS*Hg6F zl=N?b+IF1MZ2|wg*whOb+|{*RVV}g2aTdAM4<>|UR!vaYS@Wjphz!BHm(7*t0f>P1 zN5X+)!#IyzkyTuc_>sGuMTpb4-h>=Sa&fWV1`aGrvft!RDBjyx&?0?b*)$+$hi6XK zq+eEZf%vOk9z(7UfUnUv5}Nf8f6ByXS*fP2Rbb4X$IIrzXI*he9mW3ezTiqF3m(-~ z0ZngkfIav1_S)keaFM>@SDac+Ak0NVZER5KZ6hNnA|B+LZ%;2wDK#FkQM_ocpcN(> za)nJ$x5Jy$OzW*zIJ$PL4>3zfRuv;PfM4=iIBZIITH)1Iy(`fmsma{+*`686$<-ncy$Pls(x zY~F0G?RG`I>9SA_=bMXZmj5PeaPShS>!iOISkt%&4?@oa_v-^H4}J)pTV#!+G_>rq z_&!aNDv*hAxJmaGS0Cw9mivn@ta~ADS56q^5lag?yflcCJYOz0V)9<4bl9J^#+020 zd%{aXqI?@z2np4W>>+P7F1?#RZd42VI`z<8k&)>uL9a*Y7NFrXQzETt(>Z^)mhFQ? z;{v%2{5A;`c)FJdRF2`c)yBJR+lYb60pRdr#K5M=Xt@AH2}{tFk$vfoYMav(#C2NR zR8Fq80jz3+o!w2qxkPXlYT&}ntKLS`TWu18%ms9&y9&nB@B=x7$*HmTNhSj$jtqy^ z_Ig|?whW!VF`u1rrr!xop1EkLu>b`Kd5mJ{wOr)H>_oAA0(tI^g)-$=MYJ%q7l%9%*_E6(wJgH@rQV1Y40@ow} zLrPMueiOeuO@8G?Z5_t{x*uR1*xP-hw-qL#)E>#A~6B>B8<^pY>X*bcV2$u=R3&k9tM&4pOjmt?`$+?=u> zKEMVQIOYQx7k4+MzAnrAdDhnnO^N0U9zlz-(%eLnQ`FId46gpYjYBCk8{7_NitKLa z^ub)6QCXSn?{_rlGx``7b?0|XQMnOTS3Ui?`N(^*fKr@EG8E#@M*z6ikM`t=66m` wObu*(bDoc`i^`OyG}0w`yliu}qDds7$LIurMfb>tsvm2H-#?kpkpsAiPjU=rOaK4? literal 1756 zcmV<21|#{54Fm}T0!{E>0Vn)9z4p@T0sDYeVMHrmofd!$7@7>e1b3Jy%ZLD0*O*HN zCZ;2W9Na1Q_Rg#o{@rOi)L%eVX8B;q5?G}g7O>e%|@^z%I zQK!)j`sl63X;BIzbns#WjArIO# zfue?@#y&Rgn*~Cx`!1rvouTc_5zEc zqM5i^rXJuR!M*Tv?sd00JzLDjSQImgMgzQjs~reBS@-lb!zK;Yy$g9*Wb2=5Lr|YA zw0+Egm9N&l<*z$pEJn7Meg@h0Hxg*y>G5WUC0AK~HdFte612AVKLMU3M~20di+Oq* zez!&KD4m}S58w|MGS(|Tp_kB$0&YIUet}Q@*hWjwtDv@2r;OhmPg-`zKcH>LLa<$x zqORBmEnM_4pumE#<9hJ74i~k1^7Di@C+AW&?pY2221R&bMTW-G8&>Oc}*W}vFd0oy*Wc2k<6|Es%P&x^DYb2~j z^afQCD%UVMH!8To1v%ehoQ!rXg0^9PglhWidHB*y^Hw)GtW8Z`wieE(&7DwY{NJ7O zpBBHQ)E%`u?CD_}OPAw6SQ*GEQj3|$6^!ZY z_!WLZRu{>x`ut<)FZgU9f#kSCIv#yY$U2kY<#?X(;$lw&)aL%zfhNll5b&C;;-{M4B(jP}L5O{Sb8mIlglY%|0;9{MDT7Gi5Xhjt6bG5#YzZrH z-Be7c5`)iRyu)yk6-Tq+)ftizKOkyz@CCDl%`|!Oh(IoM+s9b=_7qzY8D&bj?h@ph z^xtc)@+rFH>HJoVeU)%kAa*50LykZ#w;AxkXfx_s1dnnI7mnL3zKXYAe%eWYPYq4x z(%n{2mwOst*X$%7Z6xqB0kDb36LmV_NdHg5T^ZVuC6<3vnK!iqCKALZp{VZ2;BnTHp&V zZ-EAeHDsG?sM@}E?9L_U;3V0srjn`4Z28kI^$Z*WauqJ?q^@2ZrAo3qJ_LPM8pBam zU~Bj7Ad@GjD18EZVt9J&3VeyChuX~>mn#p>&6z@4b9sZB2mI!`1dBmxnVse7>yLM{ zJYVU_82JTgwf0#YuxjX3XAhdT#0)luehi$|jt59ntV0-CXUT z6*!ylL|RvD>3?r()P6GfgJ7p@llKcag24PGsWcBtqXxtBE#Mk}sr!u020fO!w#r(- z++9oTqy2cse`?I2Ec04NAii5)WF&x%)zQ3JWOV19>uF!P6jvu5rVG5Jzef!Xx;rOJ zx4;NGPEdeBbUaW3m?SuxzxD?^Q+=u@JlAT!RJ9M_V;zPzqps||vmqB$a)U?+PvKm% zb{gN%_B0}KV2*QEenCktmfn*u2XVp$GG|%;M~sBSxe!>RELs8cA0((7F>@Rnqk9By zs{J&s3dinzGlv4%k=L`p;6_ihna(p60@RR2Ko)%$mYX(CI2ntxg2lFT?SYVHX7@q* ydi?!TuN^H&=V7l=iZcS#N?_DG?*9F#mA4pGg95a3Ub(d_ZJ9X*F&i!Ez?J)PePa^< From 0336c79be16e41b021d5f48d06d31cecd36561cc Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Tue, 14 Mar 2023 01:37:30 +0100 Subject: [PATCH 04/89] include .env file --- .env | 2 ++ .env.enc | 3 --- .gitignore | 3 +-- 3 files changed, 3 insertions(+), 5 deletions(-) create mode 100644 .env delete mode 100644 .env.enc diff --git a/.env b/.env new file mode 100644 index 0000000..e39f1ea --- /dev/null +++ b/.env @@ -0,0 +1,2 @@ +OCELOT_SOCIAL_TAG=b2.4.0-337 +DOCKERHUB_OCELOT_TAG=2.4.0-337 \ No newline at end of file diff --git a/.env.enc b/.env.enc deleted file mode 100644 index 810fcb4..0000000 --- a/.env.enc +++ /dev/null @@ -1,3 +0,0 @@ -  m~XfRSǹAKhGr,(EKqs=خvsZ~ ꉤ}Fc|s, -@> -Pd \ No newline at end of file diff --git a/.gitignore b/.gitignore index 9bd6bcd..9a669da 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,2 @@ *.yaml -SECRET -.env \ No newline at end of file +SECRET \ No newline at end of file From 75395fba16397e2d8046a5a79f4926f2fd0b0a65 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Tue, 14 Mar 2023 01:47:24 +0100 Subject: [PATCH 05/89] removed .env --- .env | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 .env diff --git a/.env b/.env deleted file mode 100644 index e39f1ea..0000000 --- a/.env +++ /dev/null @@ -1,2 +0,0 @@ -OCELOT_SOCIAL_TAG=b2.4.0-337 -DOCKERHUB_OCELOT_TAG=2.4.0-337 \ No newline at end of file From 4726942368c62f9e9f0009be3337d9e5f057b248 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Tue, 14 Mar 2023 01:49:42 +0100 Subject: [PATCH 06/89] encrypted .env, gitignore .env --- .env.enc | 2 ++ .gitignore | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 .env.enc diff --git a/.env.enc b/.env.enc new file mode 100644 index 0000000..ffde9c5 --- /dev/null +++ b/.env.enc @@ -0,0 +1,2 @@ +  ѬIMPdf.-] ]-mZGp||gd% OuAqw?߿.!r1#Z@h=:Jb'm,m:f1 u*+® +NR \ No newline at end of file diff --git a/.gitignore b/.gitignore index 9a669da..9bd6bcd 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ *.yaml -SECRET \ No newline at end of file +SECRET +.env \ No newline at end of file From 55f1cddb359fa6980ebfe304ddf573e0cf2c43d6 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Tue, 14 Mar 2023 02:01:41 +0100 Subject: [PATCH 07/89] initial draft of deploy script, newly encrypted secrets --- .github/workflows/deploy.yml | 99 +++++++++++++++++++++++++++++++++ kubeconfig.yaml.enc | Bin 1517 -> 1519 bytes kubernetes/dns.values.yaml.enc | 5 +- kubernetes/values.yaml.enc | Bin 1754 -> 1757 bytes 4 files changed, 102 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/deploy.yml diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 0000000..fda1ef2 --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,99 @@ +name: deploy + +on: + push: + branches: + - master + +jobs: + deploy: + # see example https://github.com/do-community/example-doctl-action + # see example https://github.com/do-community/example-doctl-action/blob/main/.github/workflows/workflow.yaml + name: Deploy defined version to stage.ocelot.social cluster at DigitalOcean + runs-on: ubuntu-latest + env: + SECRET: ${{ secrets.SECRET }} + CONFIGURATION: "this" + steps: + - name: Checkout code + uses: actions/checkout@v3 + - name: Decrypt .env + run: gpg --quiet --batch --yes --decrypt --passphrase="${SECRET}" --output .env .env.enc + - name: Load .env + uses: aarcangeli/load-dotenv@v1.0.0 + with: + quiet: false + - name: Checkout Ocelot code + uses: actions/checkout@v3 + with: + repository: 'Ocelot-Social-Community/Ocelot-Social' + ref: '${OCELOT_SOCIAL_TAG}' + path: 'ocelot/' + - name: Checkout code + uses: actions/checkout@v3 + with: + path: 'ocelot/deployment/configurations/${CONFIGURATION}' + - name: Decrypt all secrets + run: ocelot/deployment/scripts/secrets.decrypt.sh + - name: Upgrade Cluster + run: ocelot/deployment/scripts/cluster.upgrade.sh + + # ########################################################################## + # # SET ENVS ############################################################### + # ########################################################################## + # - name: ENV - VERSION + # run: echo "VERSION=$(node -p -e "require('./package.json').version")" >> $GITHUB_ENV + # - name: ENV - BUILD_VERSION + # run: echo "BUILD_VERSION=${VERSION}-${GITHUB_RUN_NUMBER}" >> $GITHUB_ENV + # ########################################################################## + # # Install DigitalOceans doctl and set kubeconfig ######################### + # ########################################################################## + # - name: Install doctl + # uses: digitalocean/action-doctl@v2 + # with: + # token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }} + # - name: Save DigitalOcean kubeconfig with short-lived credentials + # run: doctl kubernetes cluster kubeconfig save --expiry-seconds 600 cluster-stage-ocelot-social + # ########################################################################## + # # Deploy new Docker images to DigitalOcean Kubernetes cluster ############ + # ########################################################################## + # # - name: Deploy 'latest' to DigitalOcean Kubernetes + # # run: | + # # kubectl -n default set image deployment/ocelot-webapp container-ocelot-webapp=ocelotsocialnetwork/webapp:latest + # # kubectl -n default rollout restart deployment/ocelot-webapp + # # kubectl -n default set image deployment/ocelot-backend container-ocelot-backend=ocelotsocialnetwork/backend:latest + # # kubectl -n default rollout restart deployment/ocelot-backend + # # kubectl -n default set image deployment/ocelot-maintenance container-ocelot-maintenance=ocelotsocialnetwork/maintenance:latest + # # kubectl -n default rollout restart deployment/ocelot-maintenance + # # kubectl -n default set image deployment/ocelot-neo4j container-ocelot-neo4j=ocelotsocialnetwork/neo4j-community:latest + # # kubectl -n default rollout restart deployment/ocelot-neo4j + # - name: Deploy actual version '$BUILD_VERSION' to DigitalOcean Kubernetes + # run: | + # kubectl -n default set image deployment/ocelot-webapp container-ocelot-webapp=ocelotsocialnetwork/webapp:$BUILD_VERSION + # kubectl -n default rollout restart deployment/ocelot-webapp + # kubectl -n default set image deployment/ocelot-backend container-ocelot-backend=ocelotsocialnetwork/backend:$BUILD_VERSION + # kubectl -n default rollout restart deployment/ocelot-backend + # kubectl -n default set image deployment/ocelot-maintenance container-ocelot-maintenance=ocelotsocialnetwork/maintenance:$BUILD_VERSION + # kubectl -n default rollout restart deployment/ocelot-maintenance + # kubectl -n default set image deployment/ocelot-neo4j container-ocelot-neo4j=ocelotsocialnetwork/neo4j-community:$BUILD_VERSION + # kubectl -n default rollout restart deployment/ocelot-neo4j + # # because this step 'kubectl -n default rollout status deployment/* --timeout=600s' does not work as expected + # # and we need the pods to be up again for cleaning and seeding the Neo4j database and the backend. + # # !!! this is not a perfect solution !!! + # # deployments are regularly up again after 3 minutes and 10 seconds + # - name: Sleep for 4 minutes, means 240 seconds + # run: sleep 240s + # shell: bash + # - name: Verify deployment and wait for the pods of each deployment to get ready for cleaning and seeding of the database + # run: | + # kubectl -n default rollout status deployment/ocelot-backend --timeout=600s + # kubectl -n default rollout status deployment/ocelot-neo4j --timeout=600s + # kubectl -n default rollout status deployment/ocelot-maintenance --timeout=600s + # kubectl -n default rollout status deployment/ocelot-webapp --timeout=600s + # - name: Run migrations for Neo4j database via backend for staging + # run: | + # kubectl -n default exec -it $(kubectl -n default get pods | grep ocelot-backend | awk '{ print $1 }') -- /bin/sh -c "yarn prod:migrate up" + # - name: Reset and seed Neo4j database via backend for staging + # # db cleaning and seeding is only possible in production if env 'PRODUCTION_DB_CLEAN_ALLOW=true' is set in deployment + # run: | + # kubectl -n default exec -it $(kubectl -n default get pods | grep ocelot-backend | awk '{ print $1 }') -- /bin/sh -c "node --experimental-repl-await dist/db/clean.js && node --experimental-repl-await dist/db/seed.js" \ No newline at end of file diff --git a/kubeconfig.yaml.enc b/kubeconfig.yaml.enc index 91d9d02f8892ba1e634fefcc0cb4a8642b72ca26..46d3c7ec5cc8577697d3a0d3e59990012f733167 100644 GIT binary patch literal 1519 zcmV%A{KK`b1Lce8l?#f*Ld@(ITNwk z((ayJ)q$c<c0Sw`&g|J zTIMEc%St6nQJzctgM;#ZDvX#uLGkOVq2f`YP;v*zg27%yZlb?|0LA{+x2c@UG8G8Z zn0Td_^rNv|;>QkiCNrsP;jZ$BJY|Q3*vm_-oo076YRS`rM0y$U>M){ik_(@X}iJh$55i{{k`blRR**7o{BZ_fdf9fRaSW_fBvky+VGvw*5eLPJ+29H5uaq6hnb$R-m4mS9_O+ZpRKu7Z&*o0~b0w0W+FykWyV}3n z`AC#D*vcJ-9Hn_GF`_^T1bsHy6&Gm}VpHVa*^;3F za5S-J8XAd%`0B;d{g)Wv+9NvM z2dZ-*sOUwbt+K@H=aHXzqUg9?C9s=*(H9HH0y7WjZDFuL2fhurT~W6#b@LyGu32cn zn=-k};8>!%8pcrQZi#nPqbqf%?6guvHUjY_$Bh2WaiGs7Lb@n?&KeK>A^HmV4#jF} z%(L>27a+H2!5r;cW8NF_y-Hi|IMDBv+?@T=B=XUjnMQEri%a---nEL$sW*FBLl5;; zl{UoRiFJ zo*c`bbrh95f&%I)A09aV{X5;omwzei6HMhm{!&l(*Lw7+{Ju>A2avB{Q7}hJ~ z#IQ@E_Zb^8bD@|O@FghwrV)GK*eX)}l&%v@ss>#i6df!)CeEzPu4}W@IS60;5emj> z(;NPTuizJVr|9f(y^f0ez}7_g!)l-k&~@wv=r)w>2=sy+b?7XUb?iUr@A)^HqnZ4K z?K0(QRxCtm|9gD$DmVQL=Ih5s+v%GW;r6QUlCXC)`Y$g~6YdfK$n!i&3fKA1n0a5#e-V2E(xZnMalft;NH#=EXzO7oJgQV0^wA8KQMK>#sP4H+XOBVxFU6fikBwSXYLfxWyZUDnjU$ zS4o-xh~+;EAwm4Axx=%zXrmiXSqkOI9IpZ-u6;~D{qG(UtW`n71mitAk}|1c<)ZV& z#y~T&FW=I8y;z}>9;MEz#k_E1@)jXc!3@(nDkb9T3MZ9c?!~JQE16U+JE{ougiv~%Ey*sRPr`%7lGuJ0?F!F-6z5XNGC$GYWh5qG~IZIyY{Zv$*1kZ@+^ z^jtPm=xVjC*s=sY;I~r>FKefcJ%tUn1|n-#$_%|xbQM4~e6PPA=E1kSXN@O8GcOTo zIsBZFAbhtA31h|9O5?Her1Gq%97Q?Ya9szcv3G{cDBEnaS4TvajKmQjNO(!tS4PWP)Cf!e_+ zt$v(Ur_etv8ce}aUgyXYChcqM*GQEPc-LXDwCc#Mi8;50fANZ_uZCysAH%v}AYCN~ zqsMh5?0vfFz4R@t)Eo2mSzH{RO;&ww3481KA>ab9v*2S@(iZJ?0>jIc4Y@(jRI|<- z@8b=~|9*V8nHOYmIqBVdMo4-n!e>xI-=IvBv;`hG?pKiJSdqJ{wW`MOB}XQjyKX$6 zOFbG=Q8mUs^1OEagy014zFp^{L-ivh9(E3?`NEZxs!a-Xs_`Eq;6mR@6(nX|Wkb|p z#sjjiRdM)J-8mYm=LC@|9*Gi#Kqe=UflP{O=ytfk;bHy4e$|y>u0oM6OdD(+?r;c( z9*i2b50E+w9rpR!_CT9lP6&)zdR(m&o@Rpsj(LNX zD)UA|;to3W6(ek0GsW)gPx;DGV^rgxHJ(xNi^$z`)8Kv%Qp!zhuUKcBQ1)Pv};6e{{b6 zX6lDc%WQ=DcebK$S2Z27?&abN&k5k!k=v)N85D$(9JisQi5 zzpv@)d%zsW{|f2q>g15?x=NBlc-03dw3)mGS3ABXj+@XKT_9Zf&Pn|9w9Nhq1$-uw zXimI7#HB=x;*af@D{dR&7&$w%RZO#1Kr6+$sen2!$5+gO_zn(hYmCGndOA(XF+&;y z<)fjf_(o=}9MnNo{E8r1A~N+-9?n`V?;yNAr>%Y4W%mU7as;w9<]ɶQAJ f@TKȤ}wJ,L@f \ No newline at end of file +  nTm0e6 Zf2S_2'!ܙ f qm-j{cKvc!mN'=wҽ|J [ɯ,=|?$W == +2pVkH"t5h|*+F*"yɄ)Upi6pϢ8Jkɉ *Zm-;*ezO\.吳3&Vj=!a&'c|Օ&ve^(+"dǛ%: +/Ͳn&yg찪į[ƦQZ \ No newline at end of file diff --git a/kubernetes/values.yaml.enc b/kubernetes/values.yaml.enc index 388a8c4fd187bcce76b6fe6eac2d0afa1f9947f0..384c4e6a97ffb396a25d60eef5f77bc33e4f86a6 100644 GIT binary patch literal 1757 zcmV<31|s>44Fm}T0yv*hz{XAU686&S0mbgDkP05UYP*IH2;~T`W5+N8(c6?-IV)}{ zUFL-+{|{3)cAn4sWw5vlw`%y*`*HY!&L~cW9k6Yuwp#5^i}ArqFm3L@=y!(9!a7mn zDt@)h)|J$$yH82(>l@oWyq019N%;PQ;?Q967eY}mi@?e8Rk)$+#)W)IiwbER(1-~I zQ68A&CEv3f4GZ}(s0mn5sHk)n+MM5HFS%_;lf>W02y}DN{Gh)`zRD~f?_J3zRapbC z1e)}c(@I)hfszhfMn|czo>0=gyoJGLEdMTd6V$bUe}?l_ywiuTi-iBM3d` z`vmi5MAT3Q1jdp7#z(nGs_TGb|=@p`p6(P$&)sNraCwD3zIm@ zKa4D!<2r_!*BkL}4{2LWU&yE+Szmcke&U2erysNih%DTNIDne!|0+RlW5h?tees1p z+Bh5uoRIu+=oP!-OF|7KLP>l2YN>Y$NptWOCW8t&^Na6pMX_18uLI!+a9=2Jx5=39 z_1{pQr3%ee9WsT#%2S}WZ;m1E{d2E}{0OhrwUancM|g-jk7Zu&bt!`WB~c@%7_?3b zWTJXgpP_ziPhv{BTV~*3em}ap5rWX(jYCP)?6cM+oH;?Njz%}fnbBrzxaca>^OYuExGk9M9)#G-wrBesg%LFw=HBaA9f*W zS5fHtXiZI)V{&MhZOMEOr^uSDoOi3oZ&X>k~nvmRg`q& zn$XQv^Y%jPTavhlbAvEP?sj=CRWq+OS5!{Q*k{C@pn<(EZr8nBA~Zs8k2fl#w2j`! zJevbk>u4%dz16zfXT2ytM}**O;X zaV%crH@b1UUHP&5G%|_D-C$erPk8n1Z3WEaCUI6usOMO4ru=(|0Tb znu%adW*EfxvmJ{$mxt2GhgTdXZqdvqjGRl<4Gk`hP3)6q3@W68C0vD@mR}~hlzbE9 zlRaf+z-?^D)T~3jBY+AlX5rgD0`B$mt!@_cLgjSf%iMMrS~f6FQG~lpmeU15EWV5D zRVatN+svt_)0*}YC>VD<0~~N&&CM6LddEi!TsCkF0WTC3JY?%?T;OJL0wE~!E<0z# zcQ>QUw^6rD0Fm{7n=^KdCxd=DNvC;TK``1HHkRN469k zw7>}q-p>t@rWfG5AvKM*Q8j_X>)1zij&ium=p;9!zLt>Ilqx;$#WXOSgN$C+14XL6 zr{*XuDA9+K4PuCe{HCx?uOzK^c{2!$PN%-<_QJ8u-N3Q0Pwv{Ge@!Yhr~UkUV_jx0 zBeTfFEXWtl=&Q-m-&%$IF_P6fq^TfxeT&;La&76nHMIa{o=%Pnd+Lk(@O@vMMVn-C zNF4p%dWJgmt>cG#s`!nT8!`j2Y=%4tHl{i;i)!-{_2ZS~6SNJ$vqdi>o#N%>` literal 1754 zcmV<01||874Fm}T0x@uxM#RF*AokMg0YOY|{OrTnr?QT0y-m=o#kd~yl7twHc>vo= z0XqJI!@m0w*FRkE3lCX3NG;4;hCR_~x5`;v^$VQ}IUedBMK9&}*yKh%Pu9eiokdQh ztQ6VoV^uEYIvp~vDLFDvwwxO7e6D-H-UD5a67P>F*F4Fm zLoEQ)k4jvgh-ZaYLYTY!QsZ7R{^($YhW6_TSe5L7c_{&UkXoW+x+~#lw^TK-%n`d1 zh_9LO)<%wjAMZB{{ai+OPPljZMAguwxe}mi73@~+2gt*z1gWk&qS0k)vrY5~Kn2lR zL^dfq&sm@?a|N&)+(qC84|x}N-{>nffJbW?27rJEW)u$m1zL~rh*_5qr0=8&Sx*oz zT5Ipvoc7;&Ot=)T4mTO9OM!uGwU`E&Fm~lP6>;OtU`yM8xmEe!dzrSy=stNS*Hg6F zl=N?b+IF1MZ2|wg*whOb+|{*RVV}g2aTdAM4<>|UR!vaYS@Wjphz!BHm(7*t0f>P1 zN5X+)!#IyzkyTuc_>sGuMTpb4-h>=Sa&fWV1`aGrvft!RDBjyx&?0?b*)$+$hi6XK zq+eEZf%vOk9z(7UfUnUv5}Nf8f6ByXS*fP2Rbb4X$IIrzXI*he9mW3ezTiqF3m(-~ z0ZngkfIav1_S)keaFM>@SDac+Ak0NVZER5KZ6hNnA|B+LZ%;2wDK#FkQM_ocpcN(> za)nJ$x5Jy$OzW*zIJ$PL4>3zfRuv;PfM4=iIBZIITH)1Iy(`fmsma{+*`686$<-ncy$Pls(x zY~F0G?RG`I>9SA_=bMXZmj5PeaPShS>!iOISkt%&4?@oa_v-^H4}J)pTV#!+G_>rq z_&!aNDv*hAxJmaGS0Cw9mivn@ta~ADS56q^5lag?yflcCJYOz0V)9<4bl9J^#+020 zd%{aXqI?@z2np4W>>+P7F1?#RZd42VI`z<8k&)>uL9a*Y7NFrXQzETt(>Z^)mhFQ? z;{v%2{5A;`c)FJdRF2`c)yBJR+lYb60pRdr#K5M=Xt@AH2}{tFk$vfoYMav(#C2NR zR8Fq80jz3+o!w2qxkPXlYT&}ntKLS`TWu18%ms9&y9&nB@B=x7$*HmTNhSj$jtqy^ z_Ig|?whW!VF`u1rrr!xop1EkLu>b`Kd5mJ{wOr)H>_oAA0(tI^g)-$=MYJ%q7l%9%*_E6(wJgH@rQV1Y40@ow} zLrPMueiOeuO@8G?Z5_t{x*uR1*xP-hw-qL#)E>#A~6B>B8<^pY>X*bcV2$u=R3&k9tM&4pOjmt?`$+?=u> zKEMVQIOYQx7k4+MzAnrAdDhnnO^N0U9zlz-(%eLnQ`FId46gpYjYBCk8{7_NitKLa z^ub)6QCXSn?{_rlGx``7b?0|XQMnOTS3Ui?`N(^*fKr@EG8E#@M*z6ikM`t=66m` wObu*(bDoc`i^`OyG}0w`yliu}qDds7$LIurMfb>tsvm2H-#?kpkpsAiPjU=rOaK4? From 775ae335db4b05a05e9c929eaef64cffc6605970 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Tue, 14 Mar 2023 02:07:01 +0100 Subject: [PATCH 08/89] fetch in dept to get tags --- .github/workflows/deploy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index fda1ef2..79ad881 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -29,6 +29,7 @@ jobs: repository: 'Ocelot-Social-Community/Ocelot-Social' ref: '${OCELOT_SOCIAL_TAG}' path: 'ocelot/' + fetch-depth: 0 - name: Checkout code uses: actions/checkout@v3 with: From 9a284a0f655310b2d9f12f39f4ae4a2aa20edf03 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Tue, 14 Mar 2023 02:10:37 +0100 Subject: [PATCH 09/89] doublequote ref --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 79ad881..08687ee 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -27,7 +27,7 @@ jobs: uses: actions/checkout@v3 with: repository: 'Ocelot-Social-Community/Ocelot-Social' - ref: '${OCELOT_SOCIAL_TAG}' + ref: "${OCELOT_SOCIAL_TAG}" path: 'ocelot/' fetch-depth: 0 - name: Checkout code From d3b7b445b315885111c67eb2ddd21d5c2fa3a2e7 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Tue, 14 Mar 2023 02:18:39 +0100 Subject: [PATCH 10/89] no quotes --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 08687ee..67e6d2a 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -27,7 +27,7 @@ jobs: uses: actions/checkout@v3 with: repository: 'Ocelot-Social-Community/Ocelot-Social' - ref: "${OCELOT_SOCIAL_TAG}" + ref: ${OCELOT_SOCIAL_TAG} path: 'ocelot/' fetch-depth: 0 - name: Checkout code From e81234aa5bf993026718479c7fe3a60ffcc908df Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Tue, 14 Mar 2023 02:20:04 +0100 Subject: [PATCH 11/89] use .env --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 67e6d2a..467c8f1 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -27,7 +27,7 @@ jobs: uses: actions/checkout@v3 with: repository: 'Ocelot-Social-Community/Ocelot-Social' - ref: ${OCELOT_SOCIAL_TAG} + ref: ${{ env.OCELOT_SOCIAL_TAG }} path: 'ocelot/' fetch-depth: 0 - name: Checkout code From 5e7fc098f81d85ecdba0b49857017f51dd31f0f4 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Tue, 14 Mar 2023 02:23:45 +0100 Subject: [PATCH 12/89] reference env in configuration aswell --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 467c8f1..48248d2 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -33,7 +33,7 @@ jobs: - name: Checkout code uses: actions/checkout@v3 with: - path: 'ocelot/deployment/configurations/${CONFIGURATION}' + path: "ocelot/deployment/configurations/${{ env.CONFIGURATION}" - name: Decrypt all secrets run: ocelot/deployment/scripts/secrets.decrypt.sh - name: Upgrade Cluster From 52083f90d370555dab58ec69e4bfe2e39a90b370 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Tue, 14 Mar 2023 02:24:18 +0100 Subject: [PATCH 13/89] missing bracket --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 48248d2..75831b1 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -33,7 +33,7 @@ jobs: - name: Checkout code uses: actions/checkout@v3 with: - path: "ocelot/deployment/configurations/${{ env.CONFIGURATION}" + path: "ocelot/deployment/configurations/${{ env.CONFIGURATION }}" - name: Decrypt all secrets run: ocelot/deployment/scripts/secrets.decrypt.sh - name: Upgrade Cluster From 5be30f393ce12bf0fc66743b41b48eccb6002710 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Tue, 14 Mar 2023 02:29:11 +0100 Subject: [PATCH 14/89] dont expose .env contents, relative paths for scripts --- .github/workflows/deploy.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 75831b1..266bf96 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -22,7 +22,7 @@ jobs: - name: Load .env uses: aarcangeli/load-dotenv@v1.0.0 with: - quiet: false + quiet: true - name: Checkout Ocelot code uses: actions/checkout@v3 with: @@ -35,9 +35,9 @@ jobs: with: path: "ocelot/deployment/configurations/${{ env.CONFIGURATION }}" - name: Decrypt all secrets - run: ocelot/deployment/scripts/secrets.decrypt.sh + run: ./ocelot/deployment/scripts/secrets.decrypt.sh - name: Upgrade Cluster - run: ocelot/deployment/scripts/cluster.upgrade.sh + run: ./ocelot/deployment/scripts/cluster.upgrade.sh # ########################################################################## # # SET ENVS ############################################################### From f4d0fdb2d822211efe2715247e659d99d0264d25 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Tue, 14 Mar 2023 02:31:53 +0100 Subject: [PATCH 15/89] use github workspace variable for path --- .github/workflows/deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 266bf96..f777cc8 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -35,9 +35,9 @@ jobs: with: path: "ocelot/deployment/configurations/${{ env.CONFIGURATION }}" - name: Decrypt all secrets - run: ./ocelot/deployment/scripts/secrets.decrypt.sh + run: "${{ GITHUB_WORKSPACE }}/ocelot/deployment/scripts/secrets.decrypt.sh" - name: Upgrade Cluster - run: ./ocelot/deployment/scripts/cluster.upgrade.sh + run: "${{ GITHUB_WORKSPACE }}/ocelot/deployment/scripts/cluster.upgrade.sh" # ########################################################################## # # SET ENVS ############################################################### From d293f55512eb687ccb0ee4e9e06b221df551fe29 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Tue, 14 Mar 2023 02:38:16 +0100 Subject: [PATCH 16/89] debug ls --- .github/workflows/deploy.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index f777cc8..0b75e44 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -34,10 +34,16 @@ jobs: uses: actions/checkout@v3 with: path: "ocelot/deployment/configurations/${{ env.CONFIGURATION }}" + - run: | + ls ocelot/ + ls ocelot/deployment + ls ocelot/deployment/scripts + ls ocelot/deployment/configurations + ls ocelot/deployment/configurations/this - name: Decrypt all secrets - run: "${{ GITHUB_WORKSPACE }}/ocelot/deployment/scripts/secrets.decrypt.sh" + run: ocelot/deployment/scripts/secrets.decrypt.sh - name: Upgrade Cluster - run: "${{ GITHUB_WORKSPACE }}/ocelot/deployment/scripts/cluster.upgrade.sh" + run: ocelot/deployment/scripts/cluster.upgrade.sh # ########################################################################## # # SET ENVS ############################################################### From 689c2c7476d5e265778d91375fa3a4f9dbb439e4 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Tue, 14 Mar 2023 02:41:06 +0100 Subject: [PATCH 17/89] newly encrypted secrets --- .env.enc | Bin 119 -> 141 bytes .github/workflows/deploy.yml | 6 ------ kubeconfig.yaml.enc | Bin 1519 -> 1520 bytes kubernetes/dns.values.yaml.enc | Bin 311 -> 312 bytes kubernetes/values.yaml.enc | Bin 1757 -> 1761 bytes 5 files changed, 6 deletions(-) diff --git a/.env.enc b/.env.enc index ffde9c57da5c3cf1188cea6e065adcb3dd359604..a8cbdf66d2cbd4b91991f0d3ff221bd0e65ab34e 100644 GIT binary patch literal 141 zcmV;80CN9~4Fm}T0>+Br6j@{|Y4*~50SIJ^(Z+yIcm-wvX(3SroU00r-GKi_8wX8r=` ZF}BYj4$#rvb(V}OE5fb{(@xP+`5(y2HR=EW diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 0b75e44..f4593fa 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -34,12 +34,6 @@ jobs: uses: actions/checkout@v3 with: path: "ocelot/deployment/configurations/${{ env.CONFIGURATION }}" - - run: | - ls ocelot/ - ls ocelot/deployment - ls ocelot/deployment/scripts - ls ocelot/deployment/configurations - ls ocelot/deployment/configurations/this - name: Decrypt all secrets run: ocelot/deployment/scripts/secrets.decrypt.sh - name: Upgrade Cluster diff --git a/kubeconfig.yaml.enc b/kubeconfig.yaml.enc index 46d3c7ec5cc8577697d3a0d3e59990012f733167..6c4b49fcc16fd3e2e9a43cacf907649a3c6ef6a1 100644 GIT binary patch literal 1520 zcmVXq6yzplDU^=4FezlZA& z%ouT2?XvJ)WDL8>_Y3{s?BbYrH_%9GIVDg8Lult=hkVpY8mJ`xgo9~7@@cHW)I-U zQ{5sTjHKS1%>1V9zw+kr20!E1u>=<6kMEY}=p0wICee0>^8mN1AXoyVc_a8Vd%c6zT{867}bn0T;LhOXqgQRPY1M%L$Dz_^8#-r9rsh_#GC z-c2b-dd;?YNkIKCq^9arBrnLyBY_$q$+!b}plii$<3@9utw zGrp2ZI_a9N)1g0zu#8_jokpp465t=kWyEUlzA8r{JY5ZDBinBxVdq>tJ|fqMf?1qh z<{#V2y%U(Xa4;;{5uH*4Ic)Pw<|KJmaE`SBA+mCbLG1Vq3}(hMj{vPFTPERj8a4wH z0iwdqxVW1Ot+%{o+G&Y(nDiCpOZjC)v&x}~(#Rurj-qzgPvVsOb0$i;eT=bAm%mtB zCxT?s$YoZmnCWHY^5P(R!>yMs=!ZH_6$3i~`lkvOeh)8$GLaAERjIK}38qK}6C*si zK<__#%mHt{A#PFr@Dg21!f@I1y7>9|Ku2aGpH5R*>K-m8UF#z}GuERUN9L)VM_#kV zf6aR6+3Yx*<0G1a)Bz%IMa&c89x{I#wZu+({(}n z)mRje$hu98YH9_N`1&=yonj=LM(E6n=qy|FD^B{>Qezchb5y!Bb@+(LR|m4JZ}AYK zfO!4`_h#001#8Q!!~nAu%#>DLBuhJ8@B@wyC@6?QA5&&1g%yrzLMbxT`y&bfw=Gt_ z7{d9e8GERYWm0WJFg;;fdZZ@@b7Nte{7ZvarBS$#WZa_U1?JMK_bN+^A4(N=?Tt?w zF2IQ~I4m9L8|HoQ0*h>W=mi9kt8)aPXy^~{8;=)dEG<$4&ze?zBb$ihNfE+?1o%&c z&zr-x;#32k(@#Ja43Na~0!|3$!$5b~AtVrLC6a*$ACsAM1B3w*vQ_eh!8Nj4`S8}* zM*@MUTKEA+!5t5k4Dt>f1>kBP^nYNXV930bljKk`t(Ji31q|UXMm6)jW`$_675=?9 zfDJwFo3ozH*Byqb;TdqqAuk2B(AMdZCRwh%ns}rx5!!p=;0&@>r3SYzT+AK0u}Vnd@AK{zj34SQZxWi2@}J>k%z(F0EpG{-v$PX%nSXym~O_3R+r#szujQ_%Xh_Z89kXM4tYyJ!>)Xvq~&4{8$h(PR;OHC<1N}*86**d zb96s{7?Fw#*SZf`4#&3NHyRQ~zAKrd8 zT-#BbnkdutYIru~bIN=g8LU^f3tq@4`Xo3CzvC_XMGHH&IWeAjNH!EtumyI)nWr z7}RH_c)fW`EJ1i+)EKI3{H3I$aMh$pc{n6Ijn1+#BFGsq+|)La2N6y)WgwD?2;!=R WRI{?iX_M=uqan{w3NRh_g5aYN2 literal 1519 zcmV%A{KK`b1Lce8l?#f*Ld@(ITNwk z((ayJ)q$c<c0Sw`&g|J zTIMEc%St6nQJzctgM;#ZDvX#uLGkOVq2f`YP;v*zg27%yZlb?|0LA{+x2c@UG8G8Z zn0Td_^rNv|;>QkiCNrsP;jZ$BJY|Q3*vm_-oo076YRS`rM0y$U>M){ik_(@X}iJh$55i{{k`blRR**7o{BZ_fdf9fRaSW_fBvky+VGvw*5eLPJ+29H5uaq6hnb$R-m4mS9_O+ZpRKu7Z&*o0~b0w0W+FykWyV}3n z`AC#D*vcJ-9Hn_GF`_^T1bsHy6&Gm}VpHVa*^;3F za5S-J8XAd%`0B;d{g)Wv+9NvM z2dZ-*sOUwbt+K@H=aHXzqUg9?C9s=*(H9HH0y7WjZDFuL2fhurT~W6#b@LyGu32cn zn=-k};8>!%8pcrQZi#nPqbqf%?6guvHUjY_$Bh2WaiGs7Lb@n?&KeK>A^HmV4#jF} z%(L>27a+H2!5r;cW8NF_y-Hi|IMDBv+?@T=B=XUjnMQEri%a---nEL$sW*FBLl5;; zl{UoRiFJ zo*c`bbrh95f&%I)A09aV{X5;omwzei6HMhm{!&l(*Lw7+{Ju>A2avB{Q7}hJ~ z#IQ@E_Zb^8bD@|O@FghwrV)GK*eX)}l&%v@ss>#i6df!)CeEzPu4}W@IS60;5emj> z(;NPTuizJVr|9f(y^f0ez}7_g!)l-k&~@wv=r)w>2=sy+b?7XUb?iUr@A)^HqnZ4K z?K0(QRxCtm|9gD$DmVQL=Ih5s+v%GW;r6QUlCXC)`Y$g~6YdfK$n!i&3fKAZXZF&-W&!JgHv#kI_!5K6I4ww;Hb!AMy2}UNaP#@Z z%)^V`9xM`yMv_0aj0tLV!i}~w@YNroSkYBT3uvrHaSUpXkvN4gM@;Cr*?;2X^0gnH zXmhl0q%M#``&EYNaEr+*41y@mh$hcLlW)-g604;cB;rv$Nanm)%AMpF6ldv--nyy= zA8Wz$3I*y%;&dedWW;#>LnyOszrJ%WF>*v{T8%RlwbSHzk3h_%z>vv$v#RA*oq1q} zPR%PT2r+Cvc`MdX$>N_F&R*@oyYn%&q KZ24I(8D#MsS(GaP literal 311 zcmV-70m%N04Fm}T0&btFu2kf0F!s{GWdSz$*ah*c3kh0g{IvS$GU)kJ0$;x}pz`}C zAqWuMnf<;R3}y>)ZKW-N8up|ZYI|ee53%@5c4HxbZ2`MZt|vXC+;_R#(!G322n*B^ zTgk70EbEmYJ$wR<^5H)u%~!k$2Z$9t9~?dT3Nmn3s==IVovYADB6Ptu>S%m|Dl104 zrYfBxdC7z+Rk)rVa1@GZHXDGbaFepnqL-Pf5YhW9@v^l_nbOc4fAN zUeVGNkhFlVD8u6`@FM?Y=&Z+^CG0xZ3b-#6&9ZK{CIWdG9%uEir|ht*2!$TRuf$u% JrctP}TDsw*mhb=o diff --git a/kubernetes/values.yaml.enc b/kubernetes/values.yaml.enc index 384c4e6a97ffb396a25d60eef5f77bc33e4f86a6..1f45e426d16f448f54099bad581e468fbff89cd0 100644 GIT binary patch literal 1761 zcmV<71|Ip04Fm}T0w*rHKR{3?@%GZ{0W4>6SaDVOcXxjL{87u^F0@$RuWdX8Ea*f- zGf?AKIDcZ+-(LjN;pJ=AB5PjQzot2rriYPTm4js&S(_ETL%ph#HwpN;70|&M!27Hm zl{7`0<(1K}ZDH2~=H^Isz+#$9>1L&#C@sbh#eazVBUru~?aM63YgzR0a?JcKI>J;T zJiP>pSWxBs>46eAc-&4tt|7Ygkppf}rE zK;3oN_;V)UP4OJ!o*c093q^5ZQpF~P5lV7FxTq@h3;4Mv|HIWzc(W8fMui3U{a4m_ z_lRAOxM02ujRgo%p6 zj&&HEP7ubcR9pY?dV1`vEG#gK`>^~AtPi0@BEBfJfullxv_8!vMm26M!Q44aSU9Vc zU(a7x*HAwRv6CU(|M2M^T2{`FrhIG?}0M#M8n;`PwsJiQc66SGy`Kp{jC!-hw{bT-~t$)_fV z!6v$fdmJpK$A{>T6H}-I$coi18tsTq{dx>Sf?T&>+=U^#xk%^t+x+B&>wI4+Bsvz( z1#c9J`>7NAAFCyeBa$PKi@&$3rrw7POuu7T&XYxK;Dn?|B|h8$f4riDb9LMBcgWk4)G_-?7E^Q}=Z!>cd`+Ab zClHyz$R6xk10?@;ZLd1)E#48{L~mEssp8*bwh6*h0@^;3tzG75I2KGAhPN1C?p|hZ z#H+R$87Vz%bWSGnWkGiR8Oc##1>Y6<>~as0Nuz+D5LWuliMgv@2uS}*}?a9lKHOs=h4aBNgK zc(Zz5`e!Wi!IxiOE;?i6BcB-(h#BK=pvN7rRE(z^-pRdPgm&hK^(8c$#=~$ z@8VlJs*>M;Oe}#La&Yu>-b#$E;6TTO`X$AyY*C#OAe$F>;a^r0iD{02qzt4{1%87es9bU*A#>b=h$O#0^?W zXE(V5A}UmeA3t7OA;VwcCI6~F3|q$v`#eHG0nA`ihxOBP+%((Lk2{aU*LBfT zCb_H?D|`|Y>1?mH4I$$3fsDPQmt~igasYuK&D0=~YxGyJ7F96R!60c6PMN;FQ^9u{ z*?#3_y{)RO8J9SVDvz2DAp}?qy&WlHNC8jn9+UZVe+G?XaLP>bBaz8MAPxq2Pd8%Z zc$>~u*t%rl!Rz>R(<-Ar_*D@)Z_vW#o&#oq{YivQ{c^K`OFT8M6vARsiSEp@O6yE-xJEjLL zwtf`vL!O(jgmLn!m!P_UF-|vtA83AjKl&CgYXT940nHk!QKNnZihlCye~{Br z?|DqU_Xd;$0|(>&CpIw>7OH3WF{|fBl+j;%RpTN~VQ#h#?klW6HPqip^ogC^jzh+O z{329;om-{T4-P-pH;;Zye*p^qt8P}tYqe|e5 z>D@6o;D|@2pv=27zdyY1!sY|PMpD;<`3;}fy}GALH;p0MIfv~wm`ujW#ov=XR7YHn zpTG@YQ@&zs5%I%to$OHTyIG-9W1+Q=?7PqpU^44Fm}T0yv*hz{XAU686&S0mbgDkP05UYP*IH2;~T`W5+N8(c6?-IV)}{ zUFL-+{|{3)cAn4sWw5vlw`%y*`*HY!&L~cW9k6Yuwp#5^i}ArqFm3L@=y!(9!a7mn zDt@)h)|J$$yH82(>l@oWyq019N%;PQ;?Q967eY}mi@?e8Rk)$+#)W)IiwbER(1-~I zQ68A&CEv3f4GZ}(s0mn5sHk)n+MM5HFS%_;lf>W02y}DN{Gh)`zRD~f?_J3zRapbC z1e)}c(@I)hfszhfMn|czo>0=gyoJGLEdMTd6V$bUe}?l_ywiuTi-iBM3d` z`vmi5MAT3Q1jdp7#z(nGs_TGb|=@p`p6(P$&)sNraCwD3zIm@ zKa4D!<2r_!*BkL}4{2LWU&yE+Szmcke&U2erysNih%DTNIDne!|0+RlW5h?tees1p z+Bh5uoRIu+=oP!-OF|7KLP>l2YN>Y$NptWOCW8t&^Na6pMX_18uLI!+a9=2Jx5=39 z_1{pQr3%ee9WsT#%2S}WZ;m1E{d2E}{0OhrwUancM|g-jk7Zu&bt!`WB~c@%7_?3b zWTJXgpP_ziPhv{BTV~*3em}ap5rWX(jYCP)?6cM+oH;?Njz%}fnbBrzxaca>^OYuExGk9M9)#G-wrBesg%LFw=HBaA9f*W zS5fHtXiZI)V{&MhZOMEOr^uSDoOi3oZ&X>k~nvmRg`q& zn$XQv^Y%jPTavhlbAvEP?sj=CRWq+OS5!{Q*k{C@pn<(EZr8nBA~Zs8k2fl#w2j`! zJevbk>u4%dz16zfXT2ytM}**O;X zaV%crH@b1UUHP&5G%|_D-C$erPk8n1Z3WEaCUI6usOMO4ru=(|0Tb znu%adW*EfxvmJ{$mxt2GhgTdXZqdvqjGRl<4Gk`hP3)6q3@W68C0vD@mR}~hlzbE9 zlRaf+z-?^D)T~3jBY+AlX5rgD0`B$mt!@_cLgjSf%iMMrS~f6FQG~lpmeU15EWV5D zRVatN+svt_)0*}YC>VD<0~~N&&CM6LddEi!TsCkF0WTC3JY?%?T;OJL0wE~!E<0z# zcQ>QUw^6rD0Fm{7n=^KdCxd=DNvC;TK``1HHkRN469k zw7>}q-p>t@rWfG5AvKM*Q8j_X>)1zij&ium=p;9!zLt>Ilqx;$#WXOSgN$C+14XL6 zr{*XuDA9+K4PuCe{HCx?uOzK^c{2!$PN%-<_QJ8u-N3Q0Pwv{Ge@!Yhr~UkUV_jx0 zBeTfFEXWtl=&Q-m-&%$IF_P6fq^TfxeT&;La&76nHMIa{o=%Pnd+Lk(@O@vMMVn-C zNF4p%dWJgmt>cG#s`!nT8!`j2Y=%4tHl{i;i)!-{_2ZS~6SNJ$vqdi>o#N%>` From 67500404663a3a87471fa3ed7a5825fca0052f93 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Tue, 14 Mar 2023 02:43:00 +0100 Subject: [PATCH 18/89] more secrets --- .env.enc | Bin 141 -> 141 bytes kubeconfig.yaml.enc | Bin 1520 -> 1520 bytes kubernetes/dns.values.yaml.enc | Bin 312 -> 312 bytes kubernetes/values.yaml.enc | Bin 1761 -> 1761 bytes 4 files changed, 0 insertions(+), 0 deletions(-) diff --git a/.env.enc b/.env.enc index a8cbdf66d2cbd4b91991f0d3ff221bd0e65ab34e..bb1e88dca399249fec7d3c888c31863d1bd48272 100644 GIT binary patch literal 141 zcmV;80CN9~4Fm}T0@x=J!OhNF@AlGs0r+L4Zsq8y$e|3cL&d#?0Y{LG3=e{!ZZXE7 z?7xW&zH~X$ac)+v?r?#OOJIhYCf>JomiWY;WjWhd!W@=FBwxs5zX{$bv95gGONNkC v(9n`^5<%%MiJ@C-ee-l?eryEtXg9m=Z*G=5u5982N9jB(5YcllOjT*mb-G2> literal 141 zcmV;80CN9~4Fm}T0>+Br6j@{|Y4*~50SIJ^(Z+yIcm-wvX(3SroU00r-GKi_8w$T`_?Do>?0bC#d!}aX)KkDT^OKAS}_4A>hk%$^djhZHp zfxP6Cgi}v@l29jB5s!_4#EH7NMl*Yq+{vIyAiwQ3(biSronp8tD`hI*ODgR_=wI2b~DH`(Vw%>=k0Oln!M8}OQ0N30l z`m9PQ*Vf8|CXk@ce#agQ*Wf(x6wu~U{!d_n`0r9T0J}()8jzZ<%5!@bO`F(6ZgkDb zJr-A(#u9eS;MjXRP_Y0zFN>WEF5UXr#48^Jkn5!oIT8dS&Cvb6dM%+wpD;rFd9HIe zA+t4`^qVP0E2v@c)#i!Wr2J-shWB;DQyBs}Nfk8t-kX%5=arIY` zjti0{^jwk*s$u?zAJ7e3XI%>zi<@(?x~1i2){SKewKG*8Q=|rOQKEN(As-SK<B zCA(uWR>pkzHC+z~_9ECN(GEGsz!jz!l|(;S=&OIQMQ?>6Tq7bNtA6X`%mI5rQ^C0G zzzt#l(vK;nf#*J%Z99O$>hKocac5rDI=g{v$F8764Sl&9^l<*?8Ne?0w(>L;>T$&s znl*6$mP3C3YgL=Z!6)+*1nC<8x1nhd@>OQpexW^OSk&;}{RRA|WdmTy7d?#**WoZa zgEVe7X@kvJ9=jHVUcrO6;DK~#m>!4gyeDo@ zo;h+~_45FBw|tVZ1eba1{+Takz(0*Wl`4^Vde3n>(LeU+>y1iG3S}=WxRM9RR529~ zjJCclx1n0=gBe%kHiU^eTD)S6lv|{$<5_?RxQ?}Exhj>{0ApNfo+wZ#oTP$;v;cZq zEN(SrCA3Jd4k^UyV3x10$lmXh<9qIE$Hg`BZKt{m{yWCz?I(6HZt1k2e%4spH&1l- zI>gn#`opYfcY$=03Lo!6|CtR+JWLy16E4ZJt$W*DRC1EJ-t+cJIYO5n&OpB5#7*cB z?3UZ@WkGM`!5#ALhXR&S#uJdZfjG;QjL^*HS-|Tme;#1$qWo(5XPCmv7Yw4-4j2J% zyCtA6Y@B2(rlJ`;n>V|(XQI#H_fh*niqZq~*x3xSh&2>L&W3ENkw2~fUI z)L{bhO6DtisIxq>NJ9~iJn%w!IXchB=`3}MEp)BW{;|$+7c}Oz|LzL!b7{=7Yc77) z_RADL9Ax(XITahKpn!a28{)`nJ@9|ErG1iBK=Ga*5015KllB}wJa`l$j@ph;_D$mP0UY6 zi_FQQq40d4M$^icA|3K|$In2tRZ_I2UF}qkp<5oXBnc8uJS>IC)|HkX=irZ6wCq9V z_6e+kVsP;`5Sm{y<}%~agRuQ9OvE`_G-$ic>q<*O7V(c6O0=!&`CLI^WJfnp21AT-hv(t41Fw<4%uhz~a WN_aSMLCB_~DSQ@VxD`dG9G!MssrexQ literal 1520 zcmVXq6yzplDU^=4FezlZA& z%ouT2?XvJ)WDL8>_Y3{s?BbYrH_%9GIVDg8Lult=hkVpY8mJ`xgo9~7@@cHW)I-U zQ{5sTjHKS1%>1V9zw+kr20!E1u>=<6kMEY}=p0wICee0>^8mN1AXoyVc_a8Vd%c6zT{867}bn0T;LhOXqgQRPY1M%L$Dz_^8#-r9rsh_#GC z-c2b-dd;?YNkIKCq^9arBrnLyBY_$q$+!b}plii$<3@9utw zGrp2ZI_a9N)1g0zu#8_jokpp465t=kWyEUlzA8r{JY5ZDBinBxVdq>tJ|fqMf?1qh z<{#V2y%U(Xa4;;{5uH*4Ic)Pw<|KJmaE`SBA+mCbLG1Vq3}(hMj{vPFTPERj8a4wH z0iwdqxVW1Ot+%{o+G&Y(nDiCpOZjC)v&x}~(#Rurj-qzgPvVsOb0$i;eT=bAm%mtB zCxT?s$YoZmnCWHY^5P(R!>yMs=!ZH_6$3i~`lkvOeh)8$GLaAERjIK}38qK}6C*si zK<__#%mHt{A#PFr@Dg21!f@I1y7>9|Ku2aGpH5R*>K-m8UF#z}GuERUN9L)VM_#kV zf6aR6+3Yx*<0G1a)Bz%IMa&c89x{I#wZu+({(}n z)mRje$hu98YH9_N`1&=yonj=LM(E6n=qy|FD^B{>Qezchb5y!Bb@+(LR|m4JZ}AYK zfO!4`_h#001#8Q!!~nAu%#>DLBuhJ8@B@wyC@6?QA5&&1g%yrzLMbxT`y&bfw=Gt_ z7{d9e8GERYWm0WJFg;;fdZZ@@b7Nte{7ZvarBS$#WZa_U1?JMK_bN+^A4(N=?Tt?w zF2IQ~I4m9L8|HoQ0*h>W=mi9kt8)aPXy^~{8;=)dEG<$4&ze?zBb$ihNfE+?1o%&c z&zr-x;#32k(@#Ja43Na~0!|3$!$5b~AtVrLC6a*$ACsAM1B3w*vQ_eh!8Nj4`S8}* zM*@MUTKEA+!5t5k4Dt>f1>kBP^nYNXV930bljKk`t(Ji31q|UXMm6)jW`$_675=?9 zfDJwFo3ozH*Byqb;TdqqAuk2B(AMdZCRwh%ns}rx5!!p=;0&@>r3SYzT+AK0u}Vnd@AK{zj34SQZxWi2@}J>k%z(F0EpG{-v$PX%nSXym~O_3R+r#szujQ_%Xh_Z89kXM4tYyJ!>)Xvq~&4{8$h(PR;OHC<1N}*86**d zb96s{7?Fw#*SZf`4#&3NHyRQ~zAKrd8 zT-#BbnkdutYIru~bIN=g8LU^f3tq@4`Xo3CzvC_XMGHH&IWeAjNH!EtumyI)nWr z7}RH_c)fW`EJ1i+)EKI3{H3I$aMh$pc{n6Ijn1+#BFGsq+|)La2N6y)WgwD?2;!=R WRI{?iX_M=uqan{w3NRh_g5aYN2 diff --git a/kubernetes/dns.values.yaml.enc b/kubernetes/dns.values.yaml.enc index 5ff1876884e0be094ba080391daa2565fdb76f0b..e9be5680e14ee0f4c9497eb3a329d945255f0fea 100644 GIT binary patch literal 312 zcmV-80muG~4Fm}T0wK?rlRF}nDfZI9W&vXOpg5AK!AuTx0`U%N@W4VE?5?q{44L|s ztyG|IQ-DJ;BbExH*n2422bC>!Fl%2q3&t>y4&XuTz_lM= zkh1PBfE^ar1__z2`~L!@n{UahI_UI)fweq>V1|i|2<>O#uh~?Zi7Onrh1FliQr~!J z?{ogJ2%wy|rThBBcP7^-ZXZF&-W&!JgHv#kI_!5K6I4ww;Hb!AMy2}UNaP#@Z z%)^V`9xM`yMv_0aj0tLV!i}~w@YNroSkYBT3uvrHaSUpXkvN4gM@;Cr*?;2X^0gnH zXmhl0q%M#``&EYNaEr+*41y@mh$hcLlW)-g604;cB;rv$Nanm)%AMpF6ldv--nyy= zA8Wz$3I*y%;&dedWW;#>LnyOszrJ%WF>*v{T8%RlwbSHzk3h_%z>vv$v#RA*oq1q} zPR%PT2r+Cvc`MdX$>N_F&R*@oyYn%&q KZ24I(8D#MsS(GaP diff --git a/kubernetes/values.yaml.enc b/kubernetes/values.yaml.enc index 1f45e426d16f448f54099bad581e468fbff89cd0..aabb07b79f9f0035e1bb483ed20755b324ea1125 100644 GIT binary patch literal 1761 zcmV<71|Ip04Fm}T0?Ecb%(QqIC-&0n0qEoVpV3~{#V$kl*+;6L zKOfjn{JyvT>kCj8V9dkGo`=~#zH}yD(M|z@&_jAHpWTzIS|ZkmS=n)US;hEM6m2x( zFRaHQbGF!NQPhyoK9fqnn9=vV5+tf_Q!|38ZMZx&1S3PpsAQ;k)A>`4o^kXXXo*VY z2+77XCkHmzbf8bneUmT~7*?BNVG=-UJ(9fO4R{wYjsg*ht3Q-!!JVA@4WDhONKd{Z zyAFCOgGslN)yhR;Y~R67N_7J7o~(9yQP{brs-;NDR-L`KJiz-hWc4n&(|F*zs-wt( zr=U(PQuie%L&&m9`p?jwqJKfF&&o=!*9G?Zx3$*#dw{2z_)Vr!*3~-hCG~-V2!o@X z^<6joNDe*N(>(7Hn2IE)Nao!E%1jKT7=6C&4^+>&HRV*^1;ij*btv9Cb@P8?XY;m% zx?>Y^F>~XE34|LKBRG*b`&2N5q3shRx^>55{_#0I$*$J?8bGqR2s#f;bz|Qpi4C%J z7o_+N&g?|3c0}$WTf1G74&j^9RV|uyVjoEomvqTs)!zL}7OWCgBk~Ep>T2gZl583R zEbxX2XA7SLMdO0&ywxgQihqUSfiHwk!Wy?$tMS-M!EI2i{RAq2zA%*#m#rXoC{X-z z5xWUN5?pat&g!a_7GA-TI}4x`-vcCMGRX`rUHtyyZ$I4-Ae|DH{rnXYzOWp#M)z~< zYau39&wd=7`7}_4yk#=JSr&gMz}{0tbme6yc#ALOIvU#MeM!Xr9mvZqA~IE79VuGM z)K1A}C^h3aaoK^kr1hG%Ug6WpH;dL5gu(c5K zfQMHV=g}AY*iFVD`^d{Q=Cj2&F}v}=%)_63HIhnsoP~kCoN{q5?I+m2xi9lI{~y?< zvBBFJw?l_N(hkYByI&Pzp=CD`^8HR@SDx-Hv zg5oWxBsS5<_Spc{DI>j zpACfUWbu`KBH}+qW)=hK-5?%6xc{9cYtt;V=@6Pkb4*8b$EQG=E)txAAy!?sM-b6+ z_{y88gF|Su=}5n|$FUI|t|0h(B$1lvFUuwiJrx^sl)Z5%ncjEf82v3~uSOzewSvKs zV2=x&h4ju@={7O(u^BOSqO%fEGb6cnc{xXxd)HE|gW94yRyn;;ZfSjg0kMf`Fp(YX z+k3i2TN>aCNKIVpy`k*?$XJCUL%*^YO3QIw55&{XE!^4lszUX3L&>IPcbDk^aBh%- zR@72sA+t6m{A)?28W1h8Ly2q|E_7%kZnT8K$m9T87(adRcQ*ug1y7vwBxbF&bmfoF z=M>QysA+mKb1O$2YHOHu-X2^_C{uw0L%Ua8?_Y$9EwFvK2sdV$G|RD>rmY<=05*F` z1J={8q;u?hAg=vA32)l#-YtnQvNVq`7w6{?hPuVz(>&;yx+=!BC7|Ak69$WrBH-(i6-cES>jXiN z2uTeUUHnyG29kcr;P1ITV*o4L`#HWAjl(tYSt81I`KWaFIy0MGKCmXY&{Z(zC+zEK zKK7u=dwbOj%ol-p*-M?YcdxxZ8VU2KZ`uk_&WAD>rJMB# zjqPGbT5gi5fvI;v`)$TM%#lWC@+C4zbBTHWIPT>{rTomalh8LjBDIboA$Jo&U}T{h z%HyOk(R+yo0pgE5@-_pGLjKQYf=p`t=9u!UYkC%biy~1#$`kXPi13)VR71~BuI8$c DE?{f3 literal 1761 zcmV<71|Ip04Fm}T0w*rHKR{3?@%GZ{0W4>6SaDVOcXxjL{87u^F0@$RuWdX8Ea*f- zGf?AKIDcZ+-(LjN;pJ=AB5PjQzot2rriYPTm4js&S(_ETL%ph#HwpN;70|&M!27Hm zl{7`0<(1K}ZDH2~=H^Isz+#$9>1L&#C@sbh#eazVBUru~?aM63YgzR0a?JcKI>J;T zJiP>pSWxBs>46eAc-&4tt|7Ygkppf}rE zK;3oN_;V)UP4OJ!o*c093q^5ZQpF~P5lV7FxTq@h3;4Mv|HIWzc(W8fMui3U{a4m_ z_lRAOxM02ujRgo%p6 zj&&HEP7ubcR9pY?dV1`vEG#gK`>^~AtPi0@BEBfJfullxv_8!vMm26M!Q44aSU9Vc zU(a7x*HAwRv6CU(|M2M^T2{`FrhIG?}0M#M8n;`PwsJiQc66SGy`Kp{jC!-hw{bT-~t$)_fV z!6v$fdmJpK$A{>T6H}-I$coi18tsTq{dx>Sf?T&>+=U^#xk%^t+x+B&>wI4+Bsvz( z1#c9J`>7NAAFCyeBa$PKi@&$3rrw7POuu7T&XYxK;Dn?|B|h8$f4riDb9LMBcgWk4)G_-?7E^Q}=Z!>cd`+Ab zClHyz$R6xk10?@;ZLd1)E#48{L~mEssp8*bwh6*h0@^;3tzG75I2KGAhPN1C?p|hZ z#H+R$87Vz%bWSGnWkGiR8Oc##1>Y6<>~as0Nuz+D5LWuliMgv@2uS}*}?a9lKHOs=h4aBNgK zc(Zz5`e!Wi!IxiOE;?i6BcB-(h#BK=pvN7rRE(z^-pRdPgm&hK^(8c$#=~$ z@8VlJs*>M;Oe}#La&Yu>-b#$E;6TTO`X$AyY*C#OAe$F>;a^r0iD{02qzt4{1%87es9bU*A#>b=h$O#0^?W zXE(V5A}UmeA3t7OA;VwcCI6~F3|q$v`#eHG0nA`ihxOBP+%((Lk2{aU*LBfT zCb_H?D|`|Y>1?mH4I$$3fsDPQmt~igasYuK&D0=~YxGyJ7F96R!60c6PMN;FQ^9u{ z*?#3_y{)RO8J9SVDvz2DAp}?qy&WlHNC8jn9+UZVe+G?XaLP>bBaz8MAPxq2Pd8%Z zc$>~u*t%rl!Rz>R(<-Ar_*D@)Z_vW#o&#oq{YivQ{c^K`OFT8M6vARsiSEp@O6yE-xJEjLL zwtf`vL!O(jgmLn!m!P_UF-|vtA83AjKl&CgYXT940nHk!QKNnZihlCye~{Br z?|DqU_Xd;$0|(>&CpIw>7OH3WF{|fBl+j;%RpTN~VQ#h#?klW6HPqip^ogC^jzh+O z{329;om-{T4-P-pH;;Zye*p^qt8P}tYqe|e5 z>D@6o;D|@2pv=27zdyY1!sY|PMpD;<`3;}fy}GALH;p0MIfv~wm`ujW#ov=XR7YHn zpTG@YQ@&zs5%I%to$OHTyIG-9W1+Q=?7PqpU^ Date: Tue, 14 Mar 2023 02:51:20 +0100 Subject: [PATCH 19/89] new secrets, test reseed --- .env.enc | Bin 141 -> 140 bytes .github/workflows/deploy.yml | 66 ++------------------------------- kubeconfig.yaml.enc | Bin 1520 -> 1520 bytes kubernetes/dns.values.yaml.enc | Bin 312 -> 311 bytes kubernetes/values.yaml.enc | Bin 1761 -> 1760 bytes 5 files changed, 4 insertions(+), 62 deletions(-) diff --git a/.env.enc b/.env.enc index bb1e88dca399249fec7d3c888c31863d1bd48272..d5e6094096f48c94c204455bcf7a3349b1e69c58 100644 GIT binary patch literal 140 zcmV;70CWG04Fm}T0zQAC0D-v{9rn_D0m13~;%Hv;W|t$!ctbkys9<}5*gEc=AKapU zf?T#6%Znc}-g`>4gg+989NZOJomiWY;WjWhd!W@=FBwxs5zX{$bv95gGONNkC v(9n`^5<%%MiJ@C-ee-l?eryEtXg9m=Z*G=5u5982N9jB(5YcllOjT*mb-G2> diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index f4593fa..0349cd6 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -36,65 +36,7 @@ jobs: path: "ocelot/deployment/configurations/${{ env.CONFIGURATION }}" - name: Decrypt all secrets run: ocelot/deployment/scripts/secrets.decrypt.sh - - name: Upgrade Cluster - run: ocelot/deployment/scripts/cluster.upgrade.sh - - # ########################################################################## - # # SET ENVS ############################################################### - # ########################################################################## - # - name: ENV - VERSION - # run: echo "VERSION=$(node -p -e "require('./package.json').version")" >> $GITHUB_ENV - # - name: ENV - BUILD_VERSION - # run: echo "BUILD_VERSION=${VERSION}-${GITHUB_RUN_NUMBER}" >> $GITHUB_ENV - # ########################################################################## - # # Install DigitalOceans doctl and set kubeconfig ######################### - # ########################################################################## - # - name: Install doctl - # uses: digitalocean/action-doctl@v2 - # with: - # token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }} - # - name: Save DigitalOcean kubeconfig with short-lived credentials - # run: doctl kubernetes cluster kubeconfig save --expiry-seconds 600 cluster-stage-ocelot-social - # ########################################################################## - # # Deploy new Docker images to DigitalOcean Kubernetes cluster ############ - # ########################################################################## - # # - name: Deploy 'latest' to DigitalOcean Kubernetes - # # run: | - # # kubectl -n default set image deployment/ocelot-webapp container-ocelot-webapp=ocelotsocialnetwork/webapp:latest - # # kubectl -n default rollout restart deployment/ocelot-webapp - # # kubectl -n default set image deployment/ocelot-backend container-ocelot-backend=ocelotsocialnetwork/backend:latest - # # kubectl -n default rollout restart deployment/ocelot-backend - # # kubectl -n default set image deployment/ocelot-maintenance container-ocelot-maintenance=ocelotsocialnetwork/maintenance:latest - # # kubectl -n default rollout restart deployment/ocelot-maintenance - # # kubectl -n default set image deployment/ocelot-neo4j container-ocelot-neo4j=ocelotsocialnetwork/neo4j-community:latest - # # kubectl -n default rollout restart deployment/ocelot-neo4j - # - name: Deploy actual version '$BUILD_VERSION' to DigitalOcean Kubernetes - # run: | - # kubectl -n default set image deployment/ocelot-webapp container-ocelot-webapp=ocelotsocialnetwork/webapp:$BUILD_VERSION - # kubectl -n default rollout restart deployment/ocelot-webapp - # kubectl -n default set image deployment/ocelot-backend container-ocelot-backend=ocelotsocialnetwork/backend:$BUILD_VERSION - # kubectl -n default rollout restart deployment/ocelot-backend - # kubectl -n default set image deployment/ocelot-maintenance container-ocelot-maintenance=ocelotsocialnetwork/maintenance:$BUILD_VERSION - # kubectl -n default rollout restart deployment/ocelot-maintenance - # kubectl -n default set image deployment/ocelot-neo4j container-ocelot-neo4j=ocelotsocialnetwork/neo4j-community:$BUILD_VERSION - # kubectl -n default rollout restart deployment/ocelot-neo4j - # # because this step 'kubectl -n default rollout status deployment/* --timeout=600s' does not work as expected - # # and we need the pods to be up again for cleaning and seeding the Neo4j database and the backend. - # # !!! this is not a perfect solution !!! - # # deployments are regularly up again after 3 minutes and 10 seconds - # - name: Sleep for 4 minutes, means 240 seconds - # run: sleep 240s - # shell: bash - # - name: Verify deployment and wait for the pods of each deployment to get ready for cleaning and seeding of the database - # run: | - # kubectl -n default rollout status deployment/ocelot-backend --timeout=600s - # kubectl -n default rollout status deployment/ocelot-neo4j --timeout=600s - # kubectl -n default rollout status deployment/ocelot-maintenance --timeout=600s - # kubectl -n default rollout status deployment/ocelot-webapp --timeout=600s - # - name: Run migrations for Neo4j database via backend for staging - # run: | - # kubectl -n default exec -it $(kubectl -n default get pods | grep ocelot-backend | awk '{ print $1 }') -- /bin/sh -c "yarn prod:migrate up" - # - name: Reset and seed Neo4j database via backend for staging - # # db cleaning and seeding is only possible in production if env 'PRODUCTION_DB_CLEAN_ALLOW=true' is set in deployment - # run: | - # kubectl -n default exec -it $(kubectl -n default get pods | grep ocelot-backend | awk '{ print $1 }') -- /bin/sh -c "node --experimental-repl-await dist/db/clean.js && node --experimental-repl-await dist/db/seed.js" \ No newline at end of file + #- name: Upgrade Cluster + # run: ocelot/deployment/scripts/cluster.upgrade.sh + - name: Reset and seed Neo4j database + run: ocelot/deployment/scripts/cluster.reseed.sh \ No newline at end of file diff --git a/kubeconfig.yaml.enc b/kubeconfig.yaml.enc index 1d6dfd0a6df495ddbdc27aa621a39767f8522b32..df0e6dab4512c30e30759b408c8b83f8d1a927e1 100644 GIT binary patch literal 1520 zcmVvt`tH(R`KG}T#;%t5HbxW}>)ho3Tgx-wIEIG7&oN83YStG38%Iq8V6fm4S{yRIy4 z{U@AW#GEo{W%M+@M;X}CbQl4kczAHgWoe!S+WBAk#kbfqo6Jaf2*y~a2>qKgrH3SO zFxk<3R98Mu>otF+6gr$J7CU!_--Pdn@y#{^_0hGv6i~U0y8K%w^yvskA;yH z?@1UO-ph{KH(B6Bsclh^Clvsv^2g|30T+8n#lP0rpTy$zIO|QBK~nqFie1C^_Iva) z$u(>d51oq|fXp|5vJ80u_Owx)m^>`pep9y-Ej0WrwVi~7OaeezM1Z0X#3=wJ%w?KP z&637xMjj4Lw>{*09XB^o4wJYsUeKqB$RU8Fb+C9L=<7sv;7Pf`FS6;OjZ^#7G0Nr^ zKy(}GK&im~zcn~E?M9ACL!aX}KY$;}WGTX!dw&e!6IsR`8elh7*kuYj2day`WN z%DJTogu$L35THkzK=< zN|)CPK#DiNHW>L|z!Co!8eaZziHfh>DUCFk5AyNaZ<5fn;9sNq4PbsfMPkq` zQ}n}WzXmY_LMdhRzsbZXX}vdPV%PP3_l;%WLb~}X!^A2RTFtZckkhNHpp&eI60Z*w zz8T%+t@W1vrOM|ZA6t)z#k@^N5!q!4u^p>clfspC;&h7JHlvUc*11{)+8GqmE>byT6!P!qG0$+T>eqv!^4@Ktbzq)W4K5z4Zi9!Ma)AOS)UCbf%u9s5h%1wP zzvF0zd7I2xOFVKV94B<|C;5Z7-?Jb*Ii?pLc$j-%#~>rRww0jKHy#s4)alQ{as@-l z-^=?udp$!4!5xjPJhXc#f}Ot>(U$l&dvwHizUC6J$*#A4XY`2(vkFkShixCd zP_BLDQBVK|=!0Sbv_HeVzmV`X`SJm4(7D zKpt2KP1k)9G15Cng$ar^D3==tRNNDzg281uI4k8eWC~^pStz)PpP|fU==DqNRv&2B ztEZN%MGY1bM`)x`I6}vE{lg8}$ym6W1_k%-fovCoavX8(65M%20xz3@ZVK@~wegEC ztwn|SslWJ&5B~$8g#T)4C(pva0^_&5!Ms3H1+6_d6V-0safZ@*NK%$Ls2PTMTs zv0>T=bBr#KLIOY4>7!U(l$>bzVEW66vH_=zbCMk1&XFPWYLcLX1)L6PutgS@6T-Qm WC5z$W&5mz$r5PnSDq4Xv*mFiPAoGy` literal 1520 zcmV$T`_?Do>?0bC#d!}aX)KkDT^OKAS}_4A>hk%$^djhZHp zfxP6Cgi}v@l29jB5s!_4#EH7NMl*Yq+{vIyAiwQ3(biSronp8tD`hI*ODgR_=wI2b~DH`(Vw%>=k0Oln!M8}OQ0N30l z`m9PQ*Vf8|CXk@ce#agQ*Wf(x6wu~U{!d_n`0r9T0J}()8jzZ<%5!@bO`F(6ZgkDb zJr-A(#u9eS;MjXRP_Y0zFN>WEF5UXr#48^Jkn5!oIT8dS&Cvb6dM%+wpD;rFd9HIe zA+t4`^qVP0E2v@c)#i!Wr2J-shWB;DQyBs}Nfk8t-kX%5=arIY` zjti0{^jwk*s$u?zAJ7e3XI%>zi<@(?x~1i2){SKewKG*8Q=|rOQKEN(As-SK<B zCA(uWR>pkzHC+z~_9ECN(GEGsz!jz!l|(;S=&OIQMQ?>6Tq7bNtA6X`%mI5rQ^C0G zzzt#l(vK;nf#*J%Z99O$>hKocac5rDI=g{v$F8764Sl&9^l<*?8Ne?0w(>L;>T$&s znl*6$mP3C3YgL=Z!6)+*1nC<8x1nhd@>OQpexW^OSk&;}{RRA|WdmTy7d?#**WoZa zgEVe7X@kvJ9=jHVUcrO6;DK~#m>!4gyeDo@ zo;h+~_45FBw|tVZ1eba1{+Takz(0*Wl`4^Vde3n>(LeU+>y1iG3S}=WxRM9RR529~ zjJCclx1n0=gBe%kHiU^eTD)S6lv|{$<5_?RxQ?}Exhj>{0ApNfo+wZ#oTP$;v;cZq zEN(SrCA3Jd4k^UyV3x10$lmXh<9qIE$Hg`BZKt{m{yWCz?I(6HZt1k2e%4spH&1l- zI>gn#`opYfcY$=03Lo!6|CtR+JWLy16E4ZJt$W*DRC1EJ-t+cJIYO5n&OpB5#7*cB z?3UZ@WkGM`!5#ALhXR&S#uJdZfjG;QjL^*HS-|Tme;#1$qWo(5XPCmv7Yw4-4j2J% zyCtA6Y@B2(rlJ`;n>V|(XQI#H_fh*niqZq~*x3xSh&2>L&W3ENkw2~fUI z)L{bhO6DtisIxq>NJ9~iJn%w!IXchB=`3}MEp)BW{;|$+7c}Oz|LzL!b7{=7Yc77) z_RADL9Ax(XITahKpn!a28{)`nJ@9|ErG1iBK=Ga*5015KllB}wJa`l$j@ph;_D$mP0UY6 zi_FQQq40d4M$^icA|3K|$In2tRZ_I2UF}qkp<5oXBnc8uJS>IC)|HkX=irZ6wCq9V z_6e+kVsP;`5Sm{y<}%~agRuQ9OvE`_G-$ic>q<*O7V(c6O0=!&`CLI^WJfnp21AT-hv(t41Fw<4%uhz~a WN_aSMLCB_~DSQ@VxD`dG9G!MssrexQ diff --git a/kubernetes/dns.values.yaml.enc b/kubernetes/dns.values.yaml.enc index e9be5680e14ee0f4c9497eb3a329d945255f0fea..509e5d045ec9ee50f535184d485b016a619917c8 100644 GIT binary patch literal 311 zcmV-70m%N04Fm}T0&L;-jPfI~Q1;TmWdVMqTA5|XQR3}0%V`^GNCo-hEU0P);X^E^ zjy%=>)%jSqey|-$eOsq*svAt+FJ)L_&sKd5$vRn%GoxeCTbwUFaex%c;n1wyu;l6uI@9y~kO5=54&U}W)cjre z_o7JnFBzFC?S6uKH@DB9zLzOt`t8HUqrf&|NSwlWab+E18!Fl%2q3&t>y4&XuTz_lM= zkh1PBfE^ar1__z2`~L!@n{UahI_UI)fweq>V1|i|2<>O#uh~?Zi7Onrh1FliQr~!J z?{ogJ2%wy|rThBBcP7^-9t5u+}34{v4J4t&%GDS>y_=DMv^(SQ~UJyx6UmkKnnAG{;{9O7)JK} zHZrgQS~@Y%lV?UURf==_rfP~#*_&|g+iN?ru5Z82r73(%+T2=D2t}**Ci;hs!I~fD zVfvKYa!LEOSM0T;8Hs;KPD`>`T~&{liS~QyAU`ExP$f~p2cOVI{9Xz9fbaJ!kOT4~ z3^BRtojD(PD-!{sq_GQik5~47Hkqjw3(kR=)<7#&+Vhws^ii6Z`k#I1mgU~6$JAI7 zg22jdzBF9AUV=S^MdCb-S*uOl>_xA`i5#gK5Y|A?JU&6K-49i^njvkwmSQ_s{U0u(Mpg6%5joS{4Z4mds`1IBBH1AY|U%8}4k`MHE7dgH^1@xx%6ID)I; zU;?^H?H>ak`Bj59RKQ_*nbepno<#|Mj$h8gy|#o2xHOwH@Vv(jJ?0jf3XP^&5W*Jg z*42Ya9J>h8NdXyFFQg^g-Mzw-&ydC9d0o~S$|>z%W>4#){XeqDqjD*e(uIu`#_#g> zy5}+p6GSYtVXRN<$e+G?L%~pugImbk$2BPhWR%P@@cwJYG3OlDc_c z4$5R%*o6&1y@og9PC+xSM;6_BVYJsg2?EZIQxeL)HW5>YpRca6##6tzWF>uRra0Wv zVEU$~pd#_%`6M%3kK)<;iGpbu)`P_+vtk#V5*nV54rF zK?;CTx@rV9vt)8kiMqlht=cL<;o7rc>l-bF$fWUJ|A9d`#5xAQrajn)5h@`Cx#j?W z_*s{m$qER)wcNOdmrqY58;C!CsyLgo{SW{ROlu%3!d4IbkQLNKS*;Kolw2gP@AJkd zndlF|YGQis=~exFqq2FqKdb7;^*_Z#%a<$qdSTD*koQ);FMdvl*~ATQb>Pmm;@suPpr;3VM8UgliBent5%@ zm)b5Up>&A>BY*AMyVnHO=$|cEk2vHufhEOTN0C(ZC>_f*-Ggz>8yEQPq>YRcigl}5 z-`{v^Tc5Ik2e@!dVCF7%vP%s;=I2_+8u1Z_amBTlw@St!Se^@v0X)9VSi~@1D%WPm zSfpBAjYypD3WKJ)6HmJSVai!+9}%#XU^VS+l$z?o&`tlKzChhYyArw3WfoavNzQQI z1Bcaj0nj*Kd0XIp&SBUdpjx&8ak4FFn|5^qzLRt>JX^6bB2CNcc5(HQ_#V^whFjsV z?9@z_r`IQP;}@gfDg5UYO*nZ~GRk|7^NrO1GgdiPX<#9}9F|0nNe-lsq{fOHw`9xj z0&Z8;GGf{aI^HtL)o4D==Y7%Pe_lqa3|)%NWDnU#RLxwayT{0^tu-#0&+kQ85C)+2 z|G*5wP67WroDF&_-^A3o?Bz0@*R$kF}QDMp** zuC@$M-sMcLRz}_|jJ{X2O@|FB6;cfHmFK^nfoQ%!MBheClnpY7~dj|!1B CS!_`N literal 1761 zcmV<71|Ip04Fm}T0?Ecb%(QqIC-&0n0qEoVpV3~{#V$kl*+;6L zKOfjn{JyvT>kCj8V9dkGo`=~#zH}yD(M|z@&_jAHpWTzIS|ZkmS=n)US;hEM6m2x( zFRaHQbGF!NQPhyoK9fqnn9=vV5+tf_Q!|38ZMZx&1S3PpsAQ;k)A>`4o^kXXXo*VY z2+77XCkHmzbf8bneUmT~7*?BNVG=-UJ(9fO4R{wYjsg*ht3Q-!!JVA@4WDhONKd{Z zyAFCOgGslN)yhR;Y~R67N_7J7o~(9yQP{brs-;NDR-L`KJiz-hWc4n&(|F*zs-wt( zr=U(PQuie%L&&m9`p?jwqJKfF&&o=!*9G?Zx3$*#dw{2z_)Vr!*3~-hCG~-V2!o@X z^<6joNDe*N(>(7Hn2IE)Nao!E%1jKT7=6C&4^+>&HRV*^1;ij*btv9Cb@P8?XY;m% zx?>Y^F>~XE34|LKBRG*b`&2N5q3shRx^>55{_#0I$*$J?8bGqR2s#f;bz|Qpi4C%J z7o_+N&g?|3c0}$WTf1G74&j^9RV|uyVjoEomvqTs)!zL}7OWCgBk~Ep>T2gZl583R zEbxX2XA7SLMdO0&ywxgQihqUSfiHwk!Wy?$tMS-M!EI2i{RAq2zA%*#m#rXoC{X-z z5xWUN5?pat&g!a_7GA-TI}4x`-vcCMGRX`rUHtyyZ$I4-Ae|DH{rnXYzOWp#M)z~< zYau39&wd=7`7}_4yk#=JSr&gMz}{0tbme6yc#ALOIvU#MeM!Xr9mvZqA~IE79VuGM z)K1A}C^h3aaoK^kr1hG%Ug6WpH;dL5gu(c5K zfQMHV=g}AY*iFVD`^d{Q=Cj2&F}v}=%)_63HIhnsoP~kCoN{q5?I+m2xi9lI{~y?< zvBBFJw?l_N(hkYByI&Pzp=CD`^8HR@SDx-Hv zg5oWxBsS5<_Spc{DI>j zpACfUWbu`KBH}+qW)=hK-5?%6xc{9cYtt;V=@6Pkb4*8b$EQG=E)txAAy!?sM-b6+ z_{y88gF|Su=}5n|$FUI|t|0h(B$1lvFUuwiJrx^sl)Z5%ncjEf82v3~uSOzewSvKs zV2=x&h4ju@={7O(u^BOSqO%fEGb6cnc{xXxd)HE|gW94yRyn;;ZfSjg0kMf`Fp(YX z+k3i2TN>aCNKIVpy`k*?$XJCUL%*^YO3QIw55&{XE!^4lszUX3L&>IPcbDk^aBh%- zR@72sA+t6m{A)?28W1h8Ly2q|E_7%kZnT8K$m9T87(adRcQ*ug1y7vwBxbF&bmfoF z=M>QysA+mKb1O$2YHOHu-X2^_C{uw0L%Ua8?_Y$9EwFvK2sdV$G|RD>rmY<=05*F` z1J={8q;u?hAg=vA32)l#-YtnQvNVq`7w6{?hPuVz(>&;yx+=!BC7|Ak69$WrBH-(i6-cES>jXiN z2uTeUUHnyG29kcr;P1ITV*o4L`#HWAjl(tYSt81I`KWaFIy0MGKCmXY&{Z(zC+zEK zKK7u=dwbOj%ol-p*-M?YcdxxZ8VU2KZ`uk_&WAD>rJMB# zjqPGbT5gi5fvI;v`)$TM%#lWC@+C4zbBTHWIPT>{rTomalh8LjBDIboA$Jo&U}T{h z%HyOk(R+yo0pgE5@-_pGLjKQYf=p`t=9u!UYkC%biy~1#$`kXPi13)VR71~BuI8$c DE?{f3 From 3a99cf1706f9326efac7c00d5511a6e3c6901acc Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Tue, 14 Mar 2023 02:57:40 +0100 Subject: [PATCH 20/89] new secrets enable cluster upgrade --- .env.enc | Bin 140 -> 140 bytes .github/workflows/deploy.yml | 4 ++-- kubeconfig.yaml.enc | Bin 1520 -> 1518 bytes kubernetes/dns.values.yaml.enc | Bin 311 -> 311 bytes kubernetes/values.yaml.enc | Bin 1760 -> 1759 bytes 5 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.env.enc b/.env.enc index d5e6094096f48c94c204455bcf7a3349b1e69c58..08479d3c9375130e07f6d63de5a1d3bce88f5af5 100644 GIT binary patch literal 140 zcmV;70CWG04Fm}T0+TGESR5!V_4d+x0o)Hs{zCmIQ7KP($*?J3IqrWuORz9(1Q+dS zFO@RQDcNX11A_Zy$zmPzdkv<4qGI6xg@OJ)V(F^3WPI$fs#5myKpfz88-swuk_kgl u;8m-Qv{<%a^SfSp{{;r&N4DiH03BC?fZq{6x-LU5C`fQ|hfXPrj&y2C1wc;# literal 140 zcmV;70CWG04Fm}T0zQAC0D-v{9rn_D0m13~;%Hv;W|t$!ctbkys9<}5*gEc=AKapU zf?T#6%Znc}-g`>4gg+989NZOUceP&zGSrn&wRitr ziIwr|`d{WOHu65tnk*__A*`Y!9!JsS9Z;)OTiTr7(S02FY2-y=#Il|#vC``<`|fRe zV#21gwD2UV%vL#Fa&R2ASiHi-lUio*aT#JXfvVY6q=}K*%(q&U^3+8hM+PlW>k@;P z-*gz1(eu`vK0?6#Pu%*`QS(AW(-XLQ{N1UG%WrfKNF+*_|FDSn%?u;EnU(}H$anJf z)SL?cG&ukgmY~!0-bf0r?-?&~p)YabH?Ww3lOrphez^S=iGbc@g{ZKY(loxpKmEkipo) z7uH%PT)x|0l@nv={6Vj)Kw#2oX6+l~?k!Y$8eYjqVh{^Rzm2i@?X28G z3wg#J&-3BZRbwx5s4MzG%#K(&eRcjMm}1M_r&|aduEkBgFJgL+c8F01Kbc(=Y_}5K z4toA!n8aF8h0(`1ef=}phm;%jIeb(vnI(y6U9;|6v?NS2ak(>Nt|sGP4k}SVli<%A zi5|P1%%us(gzpj=@Z9xKKj8~cA)37I(Bd~(G?gFkZ=>`ry14Q;@=lE?p4Xg7e>PZX z3==9bIJuq}>dYsV!*fTDH27{q=`HH8en}4hqvi1N8wZfmsfLfW zw9lG*)Y8D`b($4o{{G4{x1p`QgMA{SH(XCAA{=chZuyaRY-TX^;7#y8iVjhZ6|8XuwTTt!V=<%=Vk08 zdBD!7uoBkj99?TP*y`25&*k&!dX|}%`33kNhfH|xT-9mc(d(<-}j)XkP^ZqUO z9wn^34LgJz87d0K`WeWV!!(D`Hk_+LuL|Ic3NSUOvhET#=V*gFAIsQ^IR-}hd>RxJ?NRJ UiTGR$=*1cF{@1?6{Gju&F($?Ob^rhX literal 1520 zcmVvt`tH(R`KG}T#;%t5HbxW}>)ho3Tgx-wIEIG7&oN83YStG38%Iq8V6fm4S{yRIy4 z{U@AW#GEo{W%M+@M;X}CbQl4kczAHgWoe!S+WBAk#kbfqo6Jaf2*y~a2>qKgrH3SO zFxk<3R98Mu>otF+6gr$J7CU!_--Pdn@y#{^_0hGv6i~U0y8K%w^yvskA;yH z?@1UO-ph{KH(B6Bsclh^Clvsv^2g|30T+8n#lP0rpTy$zIO|QBK~nqFie1C^_Iva) z$u(>d51oq|fXp|5vJ80u_Owx)m^>`pep9y-Ej0WrwVi~7OaeezM1Z0X#3=wJ%w?KP z&637xMjj4Lw>{*09XB^o4wJYsUeKqB$RU8Fb+C9L=<7sv;7Pf`FS6;OjZ^#7G0Nr^ zKy(}GK&im~zcn~E?M9ACL!aX}KY$;}WGTX!dw&e!6IsR`8elh7*kuYj2day`WN z%DJTogu$L35THkzK=< zN|)CPK#DiNHW>L|z!Co!8eaZziHfh>DUCFk5AyNaZ<5fn;9sNq4PbsfMPkq` zQ}n}WzXmY_LMdhRzsbZXX}vdPV%PP3_l;%WLb~}X!^A2RTFtZckkhNHpp&eI60Z*w zz8T%+t@W1vrOM|ZA6t)z#k@^N5!q!4u^p>clfspC;&h7JHlvUc*11{)+8GqmE>byT6!P!qG0$+T>eqv!^4@Ktbzq)W4K5z4Zi9!Ma)AOS)UCbf%u9s5h%1wP zzvF0zd7I2xOFVKV94B<|C;5Z7-?Jb*Ii?pLc$j-%#~>rRww0jKHy#s4)alQ{as@-l z-^=?udp$!4!5xjPJhXc#f}Ot>(U$l&dvwHizUC6J$*#A4XY`2(vkFkShixCd zP_BLDQBVK|=!0Sbv_HeVzmV`X`SJm4(7D zKpt2KP1k)9G15Cng$ar^D3==tRNNDzg281uI4k8eWC~^pStz)PpP|fU==DqNRv&2B ztEZN%MGY1bM`)x`I6}vE{lg8}$ym6W1_k%-fovCoavX8(65M%20xz3@ZVK@~wegEC ztwn|SslWJ&5B~$8g#T)4C(pva0^_&5!Ms3H1+6_d6V-0safZ@*NK%$Ls2PTMTs zv0>T=bBr#KLIOY4>7!U(l$>bzVEW66vH_=zbCMk1&XFPWYLcLX1)L6PutgS@6T-Qm WC5z$W&5mz$r5PnSDq4Xv*mFiPAoGy` diff --git a/kubernetes/dns.values.yaml.enc b/kubernetes/dns.values.yaml.enc index 509e5d045ec9ee50f535184d485b016a619917c8..bc5e7736c9e092d2383c891424efb9bfd44417bb 100644 GIT binary patch literal 311 zcmV-70m%N04Fm}T0=UQm))?Y@lJ?TTWdS?UM!{G(VLeLo(His!=b^Qa?G)>h8e&%Sa*OVSEbH5z{9cdp zo6iOcH1)y*NBU0@*%%+@VnjlhR%nGL52{^uCbZm?QuI literal 311 zcmV-70m%N04Fm}T0&L;-jPfI~Q1;TmWdVMqTA5|XQR3}0%V`^GNCo-hEU0P);X^E^ zjy%=>)%jSqey|-$eOsq*svAt+FJ)L_&sKd5$vRn%GoxeCTbwUFaex%c;n1wyu;l6uI@9y~kO5=54&U}W)cjre z_o7JnFBzFC?S6uKH@DB9zLzOt`t8HUqrf&|NSwlWab+E18`67aotqsP@w80jPIF=VHLUl%<{whpbb2erEV1W~kdp#bQZ{ zzoLqG1I6#{_}QuZb3KXvT7g&lFs|a}@{5cW5g=R9ZPm+ZJDNJ{hQl-l{);-nfx3a9 zk}m%1U)kK;7$`>s-*JL_`Y&&Go7nd@GgrNEw}n@|`1`SqKH@052b$570D>oZpeKh!w0M}PC?r63bvf8`E+++M$-*m|cfYC?rx@BfdJ*!t8+gtPT z;|HT*ih<kMt?<^YS6NS*c)^N_q@|tivW`_YGi%!*G6A<$Uez81VJkLh4(!+usOnioFP8 z+U*hP?{0HsYdS2-g_!qMK6T6fN6O#C81%93(fuw`Go>9`yvU3R@av?SbG_U^7||-MD_v zjwV;E@=|v^M%blIrfr`QZ#;Kbm^<9im7C94{XNX{(3DjAyWVcEKzV|scACa%j>?yM zPuEBP`VWSsGHsiUxC{j65jdHMi;q_LOg?VR9TS4k+Tu*GKmZ+&ipS@rWmv|bkSJ>h za2^%^EcL`TL=9cE906@(MNSQh7pSima8)d7Mz7S5i%Oac?ZUgxZ0n5W26Du}03`yWfexQ&vY$F@Y)Q1B@LCdDVng&7&A`k~MU=ndSIupas#wL_*N z2)X^k9TeoG6*bDf*P}%cLDeV@3xCt*>yLe|6s=guNmr)C9~bQOLqQ*TdRJ15Yf5rN zbwp0d%jgk;XtcI42MP0_xICJ;{i_VWsT8U1qvxlD_80h?bK&;#@X~LDk86mp`dl|m zva}=!rzk@i-KFv12b0yrRLFTBO79vxzF|rfeC=xT?=D>%40=81bl`V6GUR8$W4?m} z_aTiWv5t|i>1tb!J017*=E^u1CEI4t?x3R~hc9Vm&$3=ex=E^wNM(~>sBv}@L zE9#=Tzwr=6qq2jV5lH21|5bMEV%81P#i|~=6c`*LVL+}MQkj473~RL81 z1ao=0Yhe0;QZwOyP8O10)ZIqHJsb#P-W?0Ay9pGDtnKixZ4Qs%39e`d*6x2HQi~ZB zA8M1sgkPA7%`nJ#14S8o%k2lc9f;hd1-K+`g(^*d%Nt^u)(1+Z|jfSnO1;$IzG zVIk~ZtxsMwymeX8_^6?FarkgMLwOR#v^LIoF@wQEYpZ;AMq+fnOipct0py1})D6&> zlPG5m=?U=1BkTNw5qEJnyxuc-k)s;m*Q;3{k+i=L0U0FBNS3zRWGTiU@)iucI~KX< z(*z0}D@AlpjzqcDd>G{_Xk-H{@ykCbd4^IK%MPwdY)SW!Whg&6GFO-rDZu9U4Kv3G zMpF)&^2Q(NDP6_(UOJu2`L*jy%^eTKo^A78@*RVtsey1#Ay{C~RWUYCtg~a;7=XiV zxWEf`J|Jkf!*vhDco2a%SltY@B$#u@<)HafJ#R~RPM~f1yg`$mc?xc^vI+R`(=qxnn{pznSZ73f(s;!0`Lvq zr1qBbWAa)L(a!;f_#gG@(}D+HTpmnOE9TW_H45wo++KglCl2Jp1SaQca`2M>1`WT1 z?d2N`XfHz=tP2{Wer~-s&o4aIY5z1Lg2Sbj+XhhLYmy}fJU2s5!`LV)->yiwL2j*( BY-s=h literal 1760 zcmV<61|Rv14Fm}T0stb9+D*38cJ|Wh0n4r4k=#byUu?UO)%!^C@iXv3J0T_#%&gLh zDw-E!%j)E8>9t5u+}34{v4J4t&%GDS>y_=DMv^(SQ~UJyx6UmkKnnAG{;{9O7)JK} zHZrgQS~@Y%lV?UURf==_rfP~#*_&|g+iN?ru5Z82r73(%+T2=D2t}**Ci;hs!I~fD zVfvKYa!LEOSM0T;8Hs;KPD`>`T~&{liS~QyAU`ExP$f~p2cOVI{9Xz9fbaJ!kOT4~ z3^BRtojD(PD-!{sq_GQik5~47Hkqjw3(kR=)<7#&+Vhws^ii6Z`k#I1mgU~6$JAI7 zg22jdzBF9AUV=S^MdCb-S*uOl>_xA`i5#gK5Y|A?JU&6K-49i^njvkwmSQ_s{U0u(Mpg6%5joS{4Z4mds`1IBBH1AY|U%8}4k`MHE7dgH^1@xx%6ID)I; zU;?^H?H>ak`Bj59RKQ_*nbepno<#|Mj$h8gy|#o2xHOwH@Vv(jJ?0jf3XP^&5W*Jg z*42Ya9J>h8NdXyFFQg^g-Mzw-&ydC9d0o~S$|>z%W>4#){XeqDqjD*e(uIu`#_#g> zy5}+p6GSYtVXRN<$e+G?L%~pugImbk$2BPhWR%P@@cwJYG3OlDc_c z4$5R%*o6&1y@og9PC+xSM;6_BVYJsg2?EZIQxeL)HW5>YpRca6##6tzWF>uRra0Wv zVEU$~pd#_%`6M%3kK)<;iGpbu)`P_+vtk#V5*nV54rF zK?;CTx@rV9vt)8kiMqlht=cL<;o7rc>l-bF$fWUJ|A9d`#5xAQrajn)5h@`Cx#j?W z_*s{m$qER)wcNOdmrqY58;C!CsyLgo{SW{ROlu%3!d4IbkQLNKS*;Kolw2gP@AJkd zndlF|YGQis=~exFqq2FqKdb7;^*_Z#%a<$qdSTD*koQ);FMdvl*~ATQb>Pmm;@suPpr;3VM8UgliBent5%@ zm)b5Up>&A>BY*AMyVnHO=$|cEk2vHufhEOTN0C(ZC>_f*-Ggz>8yEQPq>YRcigl}5 z-`{v^Tc5Ik2e@!dVCF7%vP%s;=I2_+8u1Z_amBTlw@St!Se^@v0X)9VSi~@1D%WPm zSfpBAjYypD3WKJ)6HmJSVai!+9}%#XU^VS+l$z?o&`tlKzChhYyArw3WfoavNzQQI z1Bcaj0nj*Kd0XIp&SBUdpjx&8ak4FFn|5^qzLRt>JX^6bB2CNcc5(HQ_#V^whFjsV z?9@z_r`IQP;}@gfDg5UYO*nZ~GRk|7^NrO1GgdiPX<#9}9F|0nNe-lsq{fOHw`9xj z0&Z8;GGf{aI^HtL)o4D==Y7%Pe_lqa3|)%NWDnU#RLxwayT{0^tu-#0&+kQ85C)+2 z|G*5wP67WroDF&_-^A3o?Bz0@*R$kF}QDMp** zuC@$M-sMcLRz}_|jJ{X2O@|FB6;cfHmFK^nfoQ%!MBheClnpY7~dj|!1B CS!_`N From 4bc17766ddd156a50b90ce09afd7026c41028342 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Tue, 14 Mar 2023 12:13:28 +0100 Subject: [PATCH 21/89] remove license --- LICENSE | 201 -------------------------------------------------------- 1 file changed, 201 deletions(-) delete mode 100644 LICENSE diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 261eeb9..0000000 --- a/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. From 06c2f4712d139410dd0a34427cbb934fcd3705d8 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Tue, 14 Mar 2023 12:13:53 +0100 Subject: [PATCH 22/89] Create LICENSE --- LICENSE | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..19dda9d --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2023 Ocelot.Social Community + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. From 592f475767f85df4ce4a75e45d2b7c3f7a9230a2 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 15 Mar 2023 13:33:13 +0100 Subject: [PATCH 23/89] newly encrypted values --- .env.enc | Bin 140 -> 139 bytes kubeconfig.yaml.enc | Bin 1518 -> 1522 bytes kubernetes/dns.values.yaml.enc | Bin 311 -> 313 bytes kubernetes/values.yaml.enc | Bin 1759 -> 1749 bytes 4 files changed, 0 insertions(+), 0 deletions(-) diff --git a/.env.enc b/.env.enc index 08479d3c9375130e07f6d63de5a1d3bce88f5af5..7d2472cdc9ca970fb610699168dfab92f1bcff80 100644 GIT binary patch literal 139 zcmV;60CfM14Fm}T0aS03%#;DpLp)eCHt)R`3{>>O2kQW zm1QbUH}IV~wotEZ+xI1loZiLMVq tqCNb8Bx`=Wk{=PSE#P-+BYwsRnVcp>un|pTwso>_`$-RVDFI$BJEy#GLO%ci literal 140 zcmV;70CWG04Fm}T0+TGESR5!V_4d+x0o)Hs{zCmIQ7KP($*?J3IqrWuORz9(1Q+dS zFO@RQDcNX11A_Zy$zmPzdkv<4qGI6xg@OJ)V(F^3WPI$fs#5myKpfz88-swuk_kgl u;8m-Qv{<%a^SfSp{{;r&N4DiH03BC?fZq{6x-LU5C`fQ|hfXPrj&y2C1wc;# diff --git a/kubeconfig.yaml.enc b/kubeconfig.yaml.enc index 8dd94ce7cac98f559f3861bbd41fb11128017deb..1a18680d9a286256bffdcb9b9f7af5abe5e57558 100644 GIT binary patch literal 1522 zcmV68k!;bY6mqW{q{GGpLL3^|Du?>geT)g zhrT{nO`3EIwSJLHb~`VUHF$l_<(8z~j0;$0fcU0S(@gii@A}_V1u)#xMdbH)__U#T z2%q!(s$Puleudv#%bXTTW^zco)^L2B6WPs%PEJAu!-@IF)v}4$ZN~=iI2YT_LYtH2tyf6r*N4aql_n%=7H?{#jcp|NZu!G&MBIWWl zSNphIAsw-wSRQy>J-@4~aul;Ysqvy}CTPGKZjw4)d0R5bGnZW%XgaGWwk1&es0z*& zMcwneq&)RD8(o9Nos_Ptbc}*F5bWZmy{iY)`)w&zXU(vLiYzBXZ(j88_P|z&!0j<} zkc@u4r2XYe32i@iC6wzxgo1!omq?LH6_3F3NIjMK@ymSTGt{c5C%qi`n>DXVy#TLC zVvO)n`JvDfa!N0tPQj=qQUwr=gXp>{SA$eUD~8-t?~xBekX^eZCU5*)9GI#l2^%@N zmcrf*{|{8*myos2BL2Heo8CRbxUM~cYW9oChZMYDUBPr>aC<5=1=L3^h=(QdX4z$r3|eHjdOXMdf@)b8VJ~ z6pTx3WVlX4x|`JQ3`WqI$jz8vzf>aRShVfDa5%_SlGqleV?u_n=zqbq{gZANBpEw= z@KgkRARahlcg7wS(w3%Nf3+Dz{*ZKd0ps9S0rD&3HXBpV0SIk?hy_D$HEqwtK`21b zII*K$9cv=3(dge#NJ|W~vy6N5@l?siB_}OLv6DkCum?M_Zjo$MUtECRbyjCFL_~cM z%q`~$`73-uWqSJ)+r`j$fD#UGKUzfN)~Z3HA_#;Nwcw!Hfc#!a5F{nlbbUKSrk`k{ z!XVt7WqOjBhn5wN8CrQmS|q^}piEEDbuk!`4*N=WlVPRS@pxRja02-!Av`#N&-bQ3 zFC}yejv^3zNq6gye>J?cF9FJyX?pX=AzQrm1WGz99yuj&Fti@D9FD|g`hC7amJAIH zYwF(#OZ*Ms;{R;+$E3anNw+2DvWH76iO)sxn0U2S%mHqVO%p`qe^N0_h2io0f+R9O zH*EfUqQ1=Acs+IeCX}~If{?~SpB#kiXyis9*y)pJmvcM?L+NEEsbCO>D^{EcT+PkQ z1{-hxZRRT>In2jb9dXvUjczh-z0*lV$W13)%L-V2@zDSIXofo;nQrrCY|kP*KDn+2 zIA=u8`Om0fazyKA9rl&M_3-wX4Y8S97cZ0es}yk3yoMW3M1e*#X-$6!)w;YG?bPnk zV`fR81Qx*T!5<_)>BD@?Vm~ZbC!V374u6LO!*6rmaXk5)bh!@C(Vc}oysE3kC}+R_ zY2Z0~@S+u^tSlpjDxr(Dhp8^E!qjWadaD?lI3C6uD%2oBQ4lXldG>bP4Z-ohs~3zn$ugAGwfoIJbF3P5#39J$ksTo z`ndK{(s=18&?k;+wMyTvTk}}Flod~gL+3td)JvaYjYO-amNJztYwhC-K{$^%+RC-W z$rG=xFL1#)?dbPJUW3^X@>XInqf!XUJt{gRM)AF9Hf#uN62HD?HF-Z+SIg1(hLy%N z%D6I4_lff<8945IkGuBJa?g&f2|KI3*IWq$p^{Nrpu-~Ym!*qSETO*Gj_xX?mjE~f zLQ^lwJRS^^F>;O#8XfwAlFkeiw#H8Ei5EP;0V)SDf>A26eqxs;8BJd*-Y@o>gZ#f_ zLDV~yRdayHr6V^Qd8?c^ag-7pD4pb;^DemFdvQ#%?I?aq0yCT;^}T;W5Jl)1%Tl8$ Y+7;+(z~d{V;JC)(UceP&zGSrn&wRitr ziIwr|`d{WOHu65tnk*__A*`Y!9!JsS9Z;)OTiTr7(S02FY2-y=#Il|#vC``<`|fRe zV#21gwD2UV%vL#Fa&R2ASiHi-lUio*aT#JXfvVY6q=}K*%(q&U^3+8hM+PlW>k@;P z-*gz1(eu`vK0?6#Pu%*`QS(AW(-XLQ{N1UG%WrfKNF+*_|FDSn%?u;EnU(}H$anJf z)SL?cG&ukgmY~!0-bf0r?-?&~p)YabH?Ww3lOrphez^S=iGbc@g{ZKY(loxpKmEkipo) z7uH%PT)x|0l@nv={6Vj)Kw#2oX6+l~?k!Y$8eYjqVh{^Rzm2i@?X28G z3wg#J&-3BZRbwx5s4MzG%#K(&eRcjMm}1M_r&|aduEkBgFJgL+c8F01Kbc(=Y_}5K z4toA!n8aF8h0(`1ef=}phm;%jIeb(vnI(y6U9;|6v?NS2ak(>Nt|sGP4k}SVli<%A zi5|P1%%us(gzpj=@Z9xKKj8~cA)37I(Bd~(G?gFkZ=>`ry14Q;@=lE?p4Xg7e>PZX z3==9bIJuq}>dYsV!*fTDH27{q=`HH8en}4hqvi1N8wZfmsfLfW zw9lG*)Y8D`b($4o{{G4{x1p`QgMA{SH(XCAA{=chZuyaRY-TX^;7#y8iVjhZ6|8XuwTTt!V=<%=Vk08 zdBD!7uoBkj99?TP*y`25&*k&!dX|}%`33kNhfH|xT-9mc(d(<-}j)XkP^ZqUO z9wn^34LgJz87d0K`WeWV!!(D`Hk_+LuL|Ic3NSUOvhET#=V*gFAIsQ^IR-}hd>RxJ?NRJ UiTGR$=*1cF{@1?6{Gju&F($?Ob^rhX diff --git a/kubernetes/dns.values.yaml.enc b/kubernetes/dns.values.yaml.enc index bc5e7736c9e092d2383c891424efb9bfd44417bb..af9097cf5aef27d01544fac0da10b8ee40755d01 100644 GIT binary patch literal 313 zcmV-90mlA}4Fm}T0ixA@Y)X8{+aS`Ryaa0l=wvVa=-J1BA82YjN~7@F%x z-6u~zjh35bmzj}b93yT{G7u)KC_U{>jpjdnGNZMhBpvQ>=+KR|VxpwL_$=uXx@!$` zsGKEQWtD*lE2HqU(04k} z5?q(*^}v%@c{^wnzXGhY3ii|M#pG|5!t}Pu=}p_e6CHDBxi&9+6m31=B!aHrhUhuP zNf*SjPFVMd_{{U6Sn1)}y<ZAP LEXKRR?w1KbM17ov literal 311 zcmV-70m%N04Fm}T0=UQm))?Y@lJ?TTWdS?UM!{G(VLeLo(His!=b^Qa?G)>h8e&%Sa*OVSEbH5z{9cdp zo6iOcH1)y*NBU0@*%%+@VnjlhR%nGL52{^uCbZm?QuI diff --git a/kubernetes/values.yaml.enc b/kubernetes/values.yaml.enc index 9bed6b3b94f7d80b39bd4fc2bc3814280b602249..e546d43deda519e9b44742a38591e0b9e5c3f6d7 100644 GIT binary patch literal 1749 zcmV;`1}gcC4Fm}T0vc3BN%SQ4j`-5*0bgMUnbY%@v(9t^!X466QA{7#HW)1WV6rdU zKCEk!QrP!#z3 z&xvAa^L;Dy>455BW5?S1$|r%VT!zC}tN(F196Fnfo8%+zG}RltBCG*e{+xruI2SeUpkY1=Z=*Li773^xPM`q1-D<|4zV%C`W$(MeEM;Ydo-C zRj~WXzAMeGtez*$<{foH_^(Waqy#64$=B!Oe5cLjaimGQSZDchwx$OU$%go-+n2D% z@xb0C|G@b}tzKNvlbnBulig=z5-lDyFd?=SDWbFWp*Yotj{*xqNTMeN6u}n?_YV0f zj+dKxg*c{B@{kqy0zWX<*l3ow^kv2Wych24|A|b-x&|(Z@$Q{(}pr75N$;B=isPlP*0J)Kqm7`0Pz|C239raE4i6>Bl)u{Cd3~Q7fT|@XIL!qj)sdDBI58$~M#0FP z-?R4PAD%2y!B?!bT${C~9jP_%EHW}RJCs7G%Kr?L3*#5fYdG{s1MfLckeucnox=V0d8R3bk*^`z@8f!v3w^O7cO>wO)5o0t>GKclk2Clu1VeA;8zmWh=!z;8$5h477B zPM-T*K67%sC_ZXdQPU_8?R@hB8(%%#=aBcY=C{AmF1Z9HRjC)1r(EZl?`)EA#lth4 zIKRE1(TI)xoIs1miczEkIxO{Bc2n#O9jP}HRQt6Y*B-Uc5pWT<0c<6Y9aF^ul0OWY zZV{KDcqmDd>A8!XAHX*K9uih{HDiBMeS9-6X+a=hCRBd9#@bdtbhEDqXT(0OsnJsW$3Osm5b-I6;4Zaf0XA}r z@hO?^J=7T^GGLRrPtHiO&>|$#JB{!6=j%!+YoiLv!%@#EMAV*TZSS4^6SYH{RO_|m z_kdrA<>3sL*DLFJ8{9agut{wW8O2cy~gtJyG^T@ zZ6?m8_N{Lg?S=ahYO}PyGUe(<${D7UaB+ghLi&3jY}{8;nxfv`5J<9@d6E;0OhD9B zyaQ9{hZ;pDaiK&9h$h02k^`AH>*B`$ez+1x1jgMM2=Roj4qYp-!A@SuyVh@Qeq!a> z7_TKvS&ZCY14SZHRP`dZSK*a; zh`<2}El0G^mw9y%TeH6U=lMAjqm5{b3u0=rvzo^VI9#)iA#uf5036+(ra%QqxT151 zgFD9l!zLXoqJ5mo`89erfXLI%UZdR*3cm;`=(YTi7zlnFo{SGM&NTfSv}q-H0FuOw rP@Lw}Rpgo#T?&aiJ)f$p`@=u4oV!)AFH=8ntv9Un3YXVMDP_10MqzEj literal 1759 zcmV<51|a#24Fm}T0u>`67aotqsP@w80jPIF=VHLUl%<{whpbb2erEV1W~kdp#bQZ{ zzoLqG1I6#{_}QuZb3KXvT7g&lFs|a}@{5cW5g=R9ZPm+ZJDNJ{hQl-l{);-nfx3a9 zk}m%1U)kK;7$`>s-*JL_`Y&&Go7nd@GgrNEw}n@|`1`SqKH@052b$570D>oZpeKh!w0M}PC?r63bvf8`E+++M$-*m|cfYC?rx@BfdJ*!t8+gtPT z;|HT*ih<kMt?<^YS6NS*c)^N_q@|tivW`_YGi%!*G6A<$Uez81VJkLh4(!+usOnioFP8 z+U*hP?{0HsYdS2-g_!qMK6T6fN6O#C81%93(fuw`Go>9`yvU3R@av?SbG_U^7||-MD_v zjwV;E@=|v^M%blIrfr`QZ#;Kbm^<9im7C94{XNX{(3DjAyWVcEKzV|scACa%j>?yM zPuEBP`VWSsGHsiUxC{j65jdHMi;q_LOg?VR9TS4k+Tu*GKmZ+&ipS@rWmv|bkSJ>h za2^%^EcL`TL=9cE906@(MNSQh7pSima8)d7Mz7S5i%Oac?ZUgxZ0n5W26Du}03`yWfexQ&vY$F@Y)Q1B@LCdDVng&7&A`k~MU=ndSIupas#wL_*N z2)X^k9TeoG6*bDf*P}%cLDeV@3xCt*>yLe|6s=guNmr)C9~bQOLqQ*TdRJ15Yf5rN zbwp0d%jgk;XtcI42MP0_xICJ;{i_VWsT8U1qvxlD_80h?bK&;#@X~LDk86mp`dl|m zva}=!rzk@i-KFv12b0yrRLFTBO79vxzF|rfeC=xT?=D>%40=81bl`V6GUR8$W4?m} z_aTiWv5t|i>1tb!J017*=E^u1CEI4t?x3R~hc9Vm&$3=ex=E^wNM(~>sBv}@L zE9#=Tzwr=6qq2jV5lH21|5bMEV%81P#i|~=6c`*LVL+}MQkj473~RL81 z1ao=0Yhe0;QZwOyP8O10)ZIqHJsb#P-W?0Ay9pGDtnKixZ4Qs%39e`d*6x2HQi~ZB zA8M1sgkPA7%`nJ#14S8o%k2lc9f;hd1-K+`g(^*d%Nt^u)(1+Z|jfSnO1;$IzG zVIk~ZtxsMwymeX8_^6?FarkgMLwOR#v^LIoF@wQEYpZ;AMq+fnOipct0py1})D6&> zlPG5m=?U=1BkTNw5qEJnyxuc-k)s;m*Q;3{k+i=L0U0FBNS3zRWGTiU@)iucI~KX< z(*z0}D@AlpjzqcDd>G{_Xk-H{@ykCbd4^IK%MPwdY)SW!Whg&6GFO-rDZu9U4Kv3G zMpF)&^2Q(NDP6_(UOJu2`L*jy%^eTKo^A78@*RVtsey1#Ay{C~RWUYCtg~a;7=XiV zxWEf`J|Jkf!*vhDco2a%SltY@B$#u@<)HafJ#R~RPM~f1yg`$mc?xc^vI+R`(=qxnn{pznSZ73f(s;!0`Lvq zr1qBbWAa)L(a!;f_#gG@(}D+HTpmnOE9TW_H45wo++KglCl2Jp1SaQca`2M>1`WT1 z?d2N`XfHz=tP2{Wer~-s&o4aIY5z1Lg2Sbj+XhhLYmy}fJU2s5!`LV)->yiwL2j*( BY-s=h From f0298469e6ba1ffba85ce42db0b55c9c0ca70449 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 15 Mar 2023 13:40:26 +0100 Subject: [PATCH 24/89] update secrets --- .env.enc | 2 +- kubeconfig.yaml.enc | Bin 1522 -> 1521 bytes kubernetes/dns.values.yaml.enc | Bin 313 -> 313 bytes kubernetes/values.yaml.enc | Bin 1749 -> 1748 bytes 4 files changed, 1 insertion(+), 1 deletion(-) diff --git a/.env.enc b/.env.enc index 7d2472c..1ada4f7 100644 --- a/.env.enc +++ b/.env.enc @@ -1 +1 @@ -  %1=zhG67 ئBӖxQb'-C? i׶R|ݷipLK+M`aD׾[q5UuR߻8%GG=W5u+W=[E51 \ No newline at end of file diff --git a/kubeconfig.yaml.enc b/kubeconfig.yaml.enc index 1a18680d9a286256bffdcb9b9f7af5abe5e57558..67e928c4fedc94b478f51593b082a8b9b2e9ea04 100644 GIT binary patch literal 1521 zcmV7V7uKwtaM)=a|0q!ff`@e=m^L(G`C#N-K zF!uPTFEl}ORz_ZI84VODEMHB|m;RL-yS>t`tthBtI0kp8I&ugYn^!{|!B>>cN-^(@ z#1)fR5sZJ?ebVar7g&mCM55Rzd8v)GSGqbKj1-Kg!BA{bTN$4i$JeVY=P&^sybldX z_$M**9rb>mrmR^^Bqwrh8xTCsQ_sDET7DRnBIb(8xTU;{nPT@Oq%#*?gV&)}!LkbP zW^e2w-oF#TwjG~Ch|Tz2{OO9OaZ@q+&Pp3*0RY5`q5yzR7NTY%zK5~&3wmohP;~CZ zjw2EFWO-xx0`s@%0N+2J9oRcwZN6>j4nRJ$reA7DB8ZBa@_hxKqmZq3W~ni9tM~`c zYEgGx;YE?|g_$+MgkAwV05y&y`6Yn;6BwF3KBhoU*~F3XZ&vmxGGH6Vi!CI41F~!OeWKT?9lH3uk@%2jMfOPr*aR2&N$%Rsr6}4U$?Bjo)KaXRTH`o%JAl%j zB|vQB2`Q6z*qyxJy{`Vl#>VpeFGV7*WW%kB7=~BIi&pX+i6@uiL~2(dIUehaGAwp7n*I4k zvZQi@KWr>-Scd61*+*(y9}<8_-d8=gHj80TVAM9oW~BRrn>cAqCdIVa>6{mjl?nVp zq;|kkaovkS!5*apQ88J+5uZg$p<@$oEA%V0(CFEk3D*|lWuo0mRcdtW`$j7xAN$n@l~Umv8+>l~wHSx!4P8c>!x>~TPOVXPu@1o|W)LK0Fn3A=Ezi30SS=4D zxhb{E)PFJIa{E8&7d4irrDEAh@z@{pB3yPEZ3mBfpk?NX_AtMO*~YzB^F2FV%blnm zC;+~$J-zJ;6f+d8(uD{wdUZsGLyfzv{frono;!{p$F0`~jxb`bqpY&4H1&@wr`~KN9IS9N9M?*ybQDfrNcZ7K(nf8f?o%V2m)UsEQKJU zi-DccU*Qz?I6EryrzAGMdouzaUDU=ADq0J!kMcbJtARcC)zv0)+GU>68k!;bY6mqW{q{GGpLL3^|Du?>geT)g zhrT{nO`3EIwSJLHb~`VUHF$l_<(8z~j0;$0fcU0S(@gii@A}_V1u)#xMdbH)__U#T z2%q!(s$Puleudv#%bXTTW^zco)^L2B6WPs%PEJAu!-@IF)v}4$ZN~=iI2YT_LYtH2tyf6r*N4aql_n%=7H?{#jcp|NZu!G&MBIWWl zSNphIAsw-wSRQy>J-@4~aul;Ysqvy}CTPGKZjw4)d0R5bGnZW%XgaGWwk1&es0z*& zMcwneq&)RD8(o9Nos_Ptbc}*F5bWZmy{iY)`)w&zXU(vLiYzBXZ(j88_P|z&!0j<} zkc@u4r2XYe32i@iC6wzxgo1!omq?LH6_3F3NIjMK@ymSTGt{c5C%qi`n>DXVy#TLC zVvO)n`JvDfa!N0tPQj=qQUwr=gXp>{SA$eUD~8-t?~xBekX^eZCU5*)9GI#l2^%@N zmcrf*{|{8*myos2BL2Heo8CRbxUM~cYW9oChZMYDUBPr>aC<5=1=L3^h=(QdX4z$r3|eHjdOXMdf@)b8VJ~ z6pTx3WVlX4x|`JQ3`WqI$jz8vzf>aRShVfDa5%_SlGqleV?u_n=zqbq{gZANBpEw= z@KgkRARahlcg7wS(w3%Nf3+Dz{*ZKd0ps9S0rD&3HXBpV0SIk?hy_D$HEqwtK`21b zII*K$9cv=3(dge#NJ|W~vy6N5@l?siB_}OLv6DkCum?M_Zjo$MUtECRbyjCFL_~cM z%q`~$`73-uWqSJ)+r`j$fD#UGKUzfN)~Z3HA_#;Nwcw!Hfc#!a5F{nlbbUKSrk`k{ z!XVt7WqOjBhn5wN8CrQmS|q^}piEEDbuk!`4*N=WlVPRS@pxRja02-!Av`#N&-bQ3 zFC}yejv^3zNq6gye>J?cF9FJyX?pX=AzQrm1WGz99yuj&Fti@D9FD|g`hC7amJAIH zYwF(#OZ*Ms;{R;+$E3anNw+2DvWH76iO)sxn0U2S%mHqVO%p`qe^N0_h2io0f+R9O zH*EfUqQ1=Acs+IeCX}~If{?~SpB#kiXyis9*y)pJmvcM?L+NEEsbCO>D^{EcT+PkQ z1{-hxZRRT>In2jb9dXvUjczh-z0*lV$W13)%L-V2@zDSIXofo;nQrrCY|kP*KDn+2 zIA=u8`Om0fazyKA9rl&M_3-wX4Y8S97cZ0es}yk3yoMW3M1e*#X-$6!)w;YG?bPnk zV`fR81Qx*T!5<_)>BD@?Vm~ZbC!V374u6LO!*6rmaXk5)bh!@C(Vc}oysE3kC}+R_ zY2Z0~@S+u^tSlpjDxr(Dhp8^E!qjWadaD?lI3C6uD%2oBQ4lXldG>bP4Z-ohs~3zn$ugAGwfoIJbF3P5#39J$ksTo z`ndK{(s=18&?k;+wMyTvTk}}Flod~gL+3td)JvaYjYO-amNJztYwhC-K{$^%+RC-W z$rG=xFL1#)?dbPJUW3^X@>XInqf!XUJt{gRM)AF9Hf#uN62HD?HF-Z+SIg1(hLy%N z%D6I4_lff<8945IkGuBJa?g&f2|KI3*IWq$p^{Nrpu-~Ym!*qSETO*Gj_xX?mjE~f zLQ^lwJRS^^F>;O#8XfwAlFkeiw#H8Ei5EP;0V)SDf>A26eqxs;8BJd*-Y@o>gZ#f_ zLDV~yRdayHr6V^Qd8?c^ag-7pD4pb;^DemFdvQ#%?I?aq0yCT;^}T;W5Jl)1%Tl8$ Y+7;+(z~d{V;JC)(U|K^Cv=0dBL zKQcaZ*O<7bvl#G~j;%okml1t3DM~D0$GU{n+7ak5c(VkH3@oEZYpk$im;!0UryT<= z-_YVVSGBI0;b&56LME`0@5#3a9~)znps9vIi{^ZqPy+|milegI=ZE4B8x^gr36dKs z{gM^ovD~HIlqk*&q+M%B^$z2;#p{pabc8k!^x#D)o7i^(wNf<~59PBkZj6h?$&&t3 zb0rX?eB|0@dWiUx LUWY{1q=CRY^y8ho literal 313 zcmV-90mlA}4Fm}T0ixA@Y)X8{+aS`Ryaa0l=wvVa=-J1BA82YjN~7@F%x z-6u~zjh35bmzj}b93yT{G7u)KC_U{>jpjdnGNZMhBpvQ>=+KR|VxpwL_$=uXx@!$` zsGKEQWtD*lE2HqU(04k} z5?q(*^}v%@c{^wnzXGhY3ii|M#pG|5!t}Pu=}p_e6CHDBxi&9+6m31=B!aHrhUhuP zNf*SjPFVMd_{{U6Sn1)}y<ZAP LEXKRR?w1KbM17ov diff --git a/kubernetes/values.yaml.enc b/kubernetes/values.yaml.enc index e546d43deda519e9b44742a38591e0b9e5c3f6d7..2d391a664bc933829528dd9d359753e1772d356f 100644 GIT binary patch literal 1748 zcmV;_1}piD4Fm}T0wE1g%7b{o+xXJz0rB(N%pgrGtIw3Ng?6i|c?nabmpq z=er5H*$@HVt~`NpRnYGIPbE)+m-)09e(!*vQfli6LgsR0DN;f4%$HmL4!Hr8lw$_i zESGaNHgZkE@V?jPj z?wGT-N{xRzl|Smemsj1EJs{RAHD3h!;NxhyWu&Wg9ZjXvW%3;tF>o%5X-QZ9g zrL*Wo^bt`;=|$_b-*uLI1f%Ky;Hd?wS}2im&26i&?d87^AxY))n7g@tAfdiP|zh&I;HqjRt%2-oiBVw61aCG?G|HW@3D{@7c=kx2JV)&oAprL1> z6yVS_Q+?v!I3dPn_K@JyD3ZyAZJ$15OTg@)cNU8K=?gaBggkkmH-eq6Hev?N^BehZ~qFaHU_z+~C&!$n8YJ3DY=X~AUZ z9&f#RtxE{0@H5oGZ6`0M0Ee`0#J~Cgqk~!xk5^J0n?)T|opSr)+U(KeZl%U$<&9C~ z86`F(TO1AG>3?_l{pGQbM!d<8Cj3KZ<{I6ilH7EfjupY-8^qOH!Cr@L|4GAhvCV~n zWJ_3;VnrN=JzhyDhyua(GZpa*Vm%W>Od~-8>9sL)52v6I!s*!k#@b|uL(h3&An{-%EZ?>I9GWfipVM&P=YYg{X-kAGy9>g*T zI{`_p6$*GwY)p#cJV_??uAMdGK$(@ay=cj8iqvVC(g*NnvhHD*6nnd4%|kS&s8=ZP zx-@6t4x>932bc~Bk1zf|oo029UQ}RB|HT8kL$?t7?^kDJ&TUwgoMab)@h?bDwdR#{ z%_0tyg3z5IV-qU)poO*b(J`ZN*li^6xJx%Y61S31 z@#hJkgxiaa=cpjLQ@xQOb6IL)SW~>&$Cd0YVr$5kCWQ_rcGLRw^H7wwxO^IGBY22K zl;^#kUFvNW*kynC_%jqZ^bcT|Pa6Eo%5Ja#)@%&X!`e=9lVvR~sg}wSmNDNso?> zQosQ6HB#yu!EuBE7$(W6zj;Zp2+4)<%Lb=yc`ywcjglIk-k#qN#T?OtI*#;>Zz>Yd zEVr@`xlOvS!Os_N!)BIOI2la3!lygNMfF{iH_+o+?TyQ{D`tq?-tBp9_Y=9;BB%Jo zNkS4Y)p0O681)x+h@e_)+`jkk35j$li!+r%AAdArAK`Q5t0Fiy7Oj@cf^N`59?$DY qb+@hCby;)P@-s?~oaq>t$lx4@+izse=yvizmq|-vk@9qTz2aDK=4PP) literal 1749 zcmV;`1}gcC4Fm}T0vc3BN%SQ4j`-5*0bgMUnbY%@v(9t^!X466QA{7#HW)1WV6rdU zKCEk!QrP!#z3 z&xvAa^L;Dy>455BW5?S1$|r%VT!zC}tN(F196Fnfo8%+zG}RltBCG*e{+xruI2SeUpkY1=Z=*Li773^xPM`q1-D<|4zV%C`W$(MeEM;Ydo-C zRj~WXzAMeGtez*$<{foH_^(Waqy#64$=B!Oe5cLjaimGQSZDchwx$OU$%go-+n2D% z@xb0C|G@b}tzKNvlbnBulig=z5-lDyFd?=SDWbFWp*Yotj{*xqNTMeN6u}n?_YV0f zj+dKxg*c{B@{kqy0zWX<*l3ow^kv2Wych24|A|b-x&|(Z@$Q{(}pr75N$;B=isPlP*0J)Kqm7`0Pz|C239raE4i6>Bl)u{Cd3~Q7fT|@XIL!qj)sdDBI58$~M#0FP z-?R4PAD%2y!B?!bT${C~9jP_%EHW}RJCs7G%Kr?L3*#5fYdG{s1MfLckeucnox=V0d8R3bk*^`z@8f!v3w^O7cO>wO)5o0t>GKclk2Clu1VeA;8zmWh=!z;8$5h477B zPM-T*K67%sC_ZXdQPU_8?R@hB8(%%#=aBcY=C{AmF1Z9HRjC)1r(EZl?`)EA#lth4 zIKRE1(TI)xoIs1miczEkIxO{Bc2n#O9jP}HRQt6Y*B-Uc5pWT<0c<6Y9aF^ul0OWY zZV{KDcqmDd>A8!XAHX*K9uih{HDiBMeS9-6X+a=hCRBd9#@bdtbhEDqXT(0OsnJsW$3Osm5b-I6;4Zaf0XA}r z@hO?^J=7T^GGLRrPtHiO&>|$#JB{!6=j%!+YoiLv!%@#EMAV*TZSS4^6SYH{RO_|m z_kdrA<>3sL*DLFJ8{9agut{wW8O2cy~gtJyG^T@ zZ6?m8_N{Lg?S=ahYO}PyGUe(<${D7UaB+ghLi&3jY}{8;nxfv`5J<9@d6E;0OhD9B zyaQ9{hZ;pDaiK&9h$h02k^`AH>*B`$ez+1x1jgMM2=Roj4qYp-!A@SuyVh@Qeq!a> z7_TKvS&ZCY14SZHRP`dZSK*a; zh`<2}El0G^mw9y%TeH6U=lMAjqm5{b3u0=rvzo^VI9#)iA#uf5036+(ra%QqxT151 zgFD9l!zLXoqJ5mo`89erfXLI%UZdR*3cm;`=(YTi7zlnFo{SGM&NTfSv}q-H0FuOw rP@Lw}Rpgo#T?&aiJ)f$p`@=u4oV!)AFH=8ntv9Un3YXVMDP_10MqzEj From 9053fec28b94333d1a58cfa7398b281e2d1e6eb9 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 15 Mar 2023 13:49:49 +0100 Subject: [PATCH 25/89] update deploy script --- .github/workflows/deploy.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 60bd723..5c83d7f 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -1,6 +1,8 @@ name: deploy on: + repository_dispatch: + types: [trigger-build-success] push: branches: - master @@ -27,7 +29,7 @@ jobs: uses: actions/checkout@v3 with: repository: 'Ocelot-Social-Community/Ocelot-Social' - ref: ${{ env.OCELOT_SOCIAL_TAG }} + ref: ${{ env.GITHUB_OCELOT_TAG }} path: 'ocelot/' fetch-depth: 0 - name: Checkout code From 07cafff7f47547befc74a536caad28e73621c4dd Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 20 Mar 2023 11:00:42 +0100 Subject: [PATCH 26/89] moved example brand into stage.ocelot.social --- branding/README.md | 5 + branding/assets/fonts/.gitkeep | 0 branding/assets/styles/imports/_branding.scss | 5 + branding/constants/donation.js | 1 + branding/constants/emails.js | 8 + branding/constants/groups.js | 5 + branding/constants/headerMenu.js | 13 + branding/constants/links.js | 152 +++ branding/constants/logos.js | 24 + branding/constants/metadata.js | 9 + branding/email/.gitkeep | 1 + branding/email/templates/de/.gitkeep | 1 + branding/email/templates/en/.gitkeep | 1 + branding/locales/de.json | 2 + branding/locales/en.json | 2 + branding/locales/html/de/code-of-conduct.html | 60 + branding/locales/html/de/data-privacy.html | 60 + branding/locales/html/de/donate.html | 60 + branding/locales/html/de/faq.html | 67 ++ branding/locales/html/de/imprint.html | 60 + branding/locales/html/de/organization.html | 60 + branding/locales/html/de/support.html | 60 + .../locales/html/de/terms-and-conditions.html | 61 + branding/locales/html/en/code-of-conduct.html | 60 + branding/locales/html/en/data-privacy.html | 60 + branding/locales/html/en/donate.html | 60 + branding/locales/html/en/faq.html | 67 ++ branding/locales/html/en/imprint.html | 60 + branding/locales/html/en/organization.html | 60 + branding/locales/html/en/support.html | 60 + .../locales/html/en/terms-and-conditions.html | 60 + branding/static/favicon.ico | Bin 0 -> 5558 bytes branding/static/icon.png | Bin 0 -> 21631 bytes .../static/img/custom/logo-horizontal.svg | 80 ++ branding/static/img/custom/logo-squared.svg | 82 ++ .../locales/html/general/de/faq.html | 62 + .../locales/html/general/en/faq.html | 62 + .../html/hc-y2020/de/code-of-conduct.html | 163 +++ .../html/hc-y2020/de/data-privacy.html | 1010 +++++++++++++++++ .../hc-y2020/de/terms-and-conditions.html | 136 +++ .../html/hc-y2020/en/code-of-conduct.html | 163 +++ .../hc-y2020/en/terms-and-conditions.html | 135 +++ kubernetes/dns.values.yaml.template | 12 + kubernetes/values.yaml.template | 120 ++ 44 files changed, 3229 insertions(+) create mode 100644 branding/README.md create mode 100644 branding/assets/fonts/.gitkeep create mode 100644 branding/assets/styles/imports/_branding.scss create mode 100644 branding/constants/donation.js create mode 100644 branding/constants/emails.js create mode 100644 branding/constants/groups.js create mode 100644 branding/constants/headerMenu.js create mode 100644 branding/constants/links.js create mode 100644 branding/constants/logos.js create mode 100644 branding/constants/metadata.js create mode 100644 branding/email/.gitkeep create mode 100644 branding/email/templates/de/.gitkeep create mode 100644 branding/email/templates/en/.gitkeep create mode 100644 branding/locales/de.json create mode 100644 branding/locales/en.json create mode 100644 branding/locales/html/de/code-of-conduct.html create mode 100644 branding/locales/html/de/data-privacy.html create mode 100644 branding/locales/html/de/donate.html create mode 100644 branding/locales/html/de/faq.html create mode 100644 branding/locales/html/de/imprint.html create mode 100644 branding/locales/html/de/organization.html create mode 100644 branding/locales/html/de/support.html create mode 100644 branding/locales/html/de/terms-and-conditions.html create mode 100644 branding/locales/html/en/code-of-conduct.html create mode 100644 branding/locales/html/en/data-privacy.html create mode 100644 branding/locales/html/en/donate.html create mode 100644 branding/locales/html/en/faq.html create mode 100644 branding/locales/html/en/imprint.html create mode 100644 branding/locales/html/en/organization.html create mode 100644 branding/locales/html/en/support.html create mode 100644 branding/locales/html/en/terms-and-conditions.html create mode 100644 branding/static/favicon.ico create mode 100644 branding/static/icon.png create mode 100644 branding/static/img/custom/logo-horizontal.svg create mode 100644 branding/static/img/custom/logo-squared.svg create mode 100644 branding/templates/locales/html/general/de/faq.html create mode 100644 branding/templates/locales/html/general/en/faq.html create mode 100644 branding/templates/locales/html/hc-y2020/de/code-of-conduct.html create mode 100644 branding/templates/locales/html/hc-y2020/de/data-privacy.html create mode 100644 branding/templates/locales/html/hc-y2020/de/terms-and-conditions.html create mode 100644 branding/templates/locales/html/hc-y2020/en/code-of-conduct.html create mode 100644 branding/templates/locales/html/hc-y2020/en/terms-and-conditions.html create mode 100644 kubernetes/dns.values.yaml.template create mode 100644 kubernetes/values.yaml.template diff --git a/branding/README.md b/branding/README.md new file mode 100644 index 0000000..dd2a3b1 --- /dev/null +++ b/branding/README.md @@ -0,0 +1,5 @@ +# Configure And Branding + +In this folder you will find all configuration files and logo images to customise the configuration and branding of the [ocelot.social](https://github.com/Ocelot-Social-Community/Ocelot-Social) network code to your own needs. + +Please change these and they will be used automatically as part of the [deployment](/deployment/README.md) process. diff --git a/branding/assets/fonts/.gitkeep b/branding/assets/fonts/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/branding/assets/styles/imports/_branding.scss b/branding/assets/styles/imports/_branding.scss new file mode 100644 index 0000000..7505859 --- /dev/null +++ b/branding/assets/styles/imports/_branding.scss @@ -0,0 +1,5 @@ +/* + * + * Here, all SCSS variables and classes can be adapted to your custom design. + * +*/ \ No newline at end of file diff --git a/branding/constants/donation.js b/branding/constants/donation.js new file mode 100644 index 0000000..3e36ae9 --- /dev/null +++ b/branding/constants/donation.js @@ -0,0 +1 @@ +export const PROGRESS_BAR_COLOR_TYPE = 'gradient' // 'uni' is the other option diff --git a/branding/constants/emails.js b/branding/constants/emails.js new file mode 100644 index 0000000..f5bd9a4 --- /dev/null +++ b/branding/constants/emails.js @@ -0,0 +1,8 @@ +// this file is duplicated in `backend/src/config/` and `webapp/constants/` and replaced on rebranding by https://github.com/Ocelot-Social-Community/Ocelot-Social-Deploy-Rebranding/tree/master/branding/constants/ +export default { + SUPPORT_EMAIL: 'hello@ocelot.social', + MODERATION_EMAIL: 'hello@ocelot.social', + // ATTENTION: the following links have to be defined even for internal pages with full URLs as example like 'https://staging.ocelot.social/support', because they are used in e-mails! + ORGANIZATION_LINK: 'https://ocelot.social', + SUPPORT_LINK: 'https://ocelot.social', +} diff --git a/branding/constants/groups.js b/branding/constants/groups.js new file mode 100644 index 0000000..1c49d3f --- /dev/null +++ b/branding/constants/groups.js @@ -0,0 +1,5 @@ +// this file is duplicated in `backend/src/constants/group.js` and `webapp/constants/group.js` +export const NAME_LENGTH_MIN = 3 +export const NAME_LENGTH_MAX = 50 +export const DESCRIPTION_WITHOUT_HTML_LENGTH_MIN = 100 // with removed HTML tags +export const SHOW_GROUP_BUTTON_IN_HEADER = true diff --git a/branding/constants/headerMenu.js b/branding/constants/headerMenu.js new file mode 100644 index 0000000..aa87a59 --- /dev/null +++ b/branding/constants/headerMenu.js @@ -0,0 +1,13 @@ +export default { + MENU: [ + // { + // nameIdent: 'nameIdent', + // path: '/', + // }, + // { + // nameIdent: 'nameIdent', + // url: 'https://ocelot.social', + // target: '_blank', + // }, + ], +} diff --git a/branding/constants/links.js b/branding/constants/links.js new file mode 100644 index 0000000..7efac15 --- /dev/null +++ b/branding/constants/links.js @@ -0,0 +1,152 @@ +// this file is replaced on rebranding by https://github.com/Ocelot-Social-Community/Ocelot-Social-Deploy-Rebranding/tree/master/branding/constants/ + +import { defaultPageParamsPages } from '~/components/utils/InternalPages.js' + +const ORGANIZATION = defaultPageParamsPages.ORGANIZATION.overwrite({ + // if defined it's dominating + externalLink: { + url: 'https://ocelot.social', + target: '_blank', + }, + + internalPage: { + // footerIdent: 'site.made', // localized string identifier, if undefined default is used + // headTitleIdent: 'site.made', // localized string identifier, if undefined default is used + // headlineIdent: 'site.made', // localized string identifier, on null it's hidden, if undefined default is used + hasContainer: true, + hasBaseCard: true, + hasLoginInHeader: true, + // in case internal page content is here 'branding/locales/html/' + }, +}) +const DONATE = defaultPageParamsPages.DONATE.overwrite({ + // if defined it's dominating + externalLink: { + // we use 'ocelot-social.herokuapp.com' at the moment, because redirections of 'ocelot.social' subpages are not working correctly + url: 'https://ocelot-social.herokuapp.com/donations', + target: '_blank', + }, + + internalPage: { + // footerIdent: 'site.donate', // localized string identifier, if undefined default is used + // headTitleIdent: 'site.donate', // localized string identifier, if undefined default is used + // headlineIdent: 'site.donate', // localized string identifier, on null it's hidden, if undefined default is used + hasContainer: true, + hasBaseCard: true, + hasLoginInHeader: true, + // in case internal page content is here 'branding/locales/html/' + }, +}) +const IMPRINT = defaultPageParamsPages.IMPRINT.overwrite({ + // if defined it's dominating + externalLink: { + // we use 'ocelot-social.herokuapp.com' at the moment, because redirections of 'ocelot.social' subpages are not working correctly + url: 'https://ocelot-social.herokuapp.com/imprint', + target: '_blank', + }, + + internalPage: { + // footerIdent: 'site.imprint', // localized string identifier, if undefined default is used + // headTitleIdent: 'site.imprint', // localized string identifier, if undefined default is used + // headlineIdent: 'site.imprint', // localized string identifier, on null it's hidden, if undefined default is used + hasContainer: true, + hasBaseCard: true, + hasLoginInHeader: true, + // in case internal page content is here 'branding/locales/html/' + }, +}) +const TERMS_AND_CONDITIONS = defaultPageParamsPages.TERMS_AND_CONDITIONS.overwrite({ + // externalLink: null, // if defined it's dominating + + internalPage: { + // footerIdent: 'site.termsAndConditions', // localized string identifier, if undefined default is used + // headTitleIdent: 'site.termsAndConditions', // localized string identifier, if undefined default is used + // headlineIdent: 'site.termsAndConditions', // localized string identifier, on null it's hidden, if undefined default is used + hasContainer: true, + hasBaseCard: true, + hasLoginInHeader: true, + // in case internal page content is here 'branding/locales/html/' + }, +}) +const CODE_OF_CONDUCT = defaultPageParamsPages.CODE_OF_CONDUCT.overwrite({ + // externalLink: null, // if defined it's dominating + + internalPage: { + // footerIdent: 'site.code-of-conduct', // localized string identifier, if undefined default is used + // headTitleIdent: 'site.code-of-conduct', // localized string identifier, if undefined default is used + // headlineIdent: 'site.code-of-conduct', // localized string identifier, on null it's hidden, if undefined default is used + hasContainer: true, + hasBaseCard: true, + hasLoginInHeader: true, + // in case internal page content is here 'branding/locales/html/' + }, +}) +const DATA_PRIVACY = defaultPageParamsPages.DATA_PRIVACY.overwrite({ + // externalLink: null, // if defined it's dominating + + internalPage: { + // footerIdent: 'site.data-privacy', // localized string identifier, if undefined default is used + // headTitleIdent: 'site.data-privacy', // localized string identifier, if undefined default is used + // headlineIdent: 'site.data-privacy', // localized string identifier, on null it's hidden, if undefined default is used + hasContainer: true, + hasBaseCard: true, + hasLoginInHeader: true, + // in case internal page content is here 'branding/locales/html/' + }, +}) +const FAQ = defaultPageParamsPages.FAQ.overwrite({ + // externalLink: null, // if defined it's dominating + + internalPage: { + // footerIdent: 'site.faq', // localized string identifier, if undefined default is used + // headTitleIdent: 'site.faq', // localized string identifier, if undefined default is used + // headlineIdent: 'site.faq', // on null default is used, on empty string it's hidden + hasContainer: true, + hasBaseCard: true, + hasLoginInHeader: true, + // in case internal page content is here 'branding/locales/html/' + }, +}) +const SUPPORT = defaultPageParamsPages.SUPPORT.overwrite({ + // if defined it's dominating + externalLink: { + url: 'https://ocelot.social', + target: '_blank', + }, + + internalPage: { + // footerIdent: 'site.support', // localized string identifier, if undefined default is used + // headTitleIdent: 'site.support', // localized string identifier, if undefined default is used + // headlineIdent: 'site.support', // on null default is used, on empty string it's hidden + hasContainer: true, + hasBaseCard: true, + hasLoginInHeader: true, + // in case internal page content is here 'branding/locales/html/' + }, +}) + +export default { + LANDING_PAGE: '/login', // examples: '/login', '/registration', '/organization', or external 'https://ocelot.social' + + // you can find and store templates for 👇🏼 at https://github.com/Ocelot-Social-Community/Ocelot-Social-Deploy-Rebranding/tree/master/branding/templates/ + + ORGANIZATION, + DONATE, + IMPRINT, + TERMS_AND_CONDITIONS, + CODE_OF_CONDUCT, + DATA_PRIVACY, + FAQ, + SUPPORT, + + FOOTER_LINK_LIST: [ + ORGANIZATION, + TERMS_AND_CONDITIONS, + CODE_OF_CONDUCT, + DATA_PRIVACY, + FAQ, + DONATE, + IMPRINT, + SUPPORT, + ], +} diff --git a/branding/constants/logos.js b/branding/constants/logos.js new file mode 100644 index 0000000..714e78a --- /dev/null +++ b/branding/constants/logos.js @@ -0,0 +1,24 @@ +// this file is duplicated in `backend/src/config/logos.js` and `webapp/constants/logos.js` and replaced on rebranding +// this are the paths in the webapp +export default { + LOGO_HEADER_PATH: '/img/custom/logo-horizontal.svg', + LOGO_HEADER_WIDTH: '130px', + LOGO_HEADER_CLICK: { + // externalLink: { + // url: 'https://ocelot.social', + // target: '_blank', + // }, + externalLink: null, + internalPath: { + to: { + name: 'index', + }, + scrollTo: '.main-navigation', + }, + }, + LOGO_SIGNUP_PATH: '/img/custom/logo-squared.svg', + LOGO_WELCOME_PATH: '/img/custom/logo-squared.svg', + LOGO_LOGOUT_PATH: '/img/custom/logo-squared.svg', + LOGO_PASSWORD_RESET_PATH: '/img/custom/logo-squared.svg', + LOGO_MAINTENACE_RESET_PATH: '/img/custom/logo-squared.svg', +} diff --git a/branding/constants/metadata.js b/branding/constants/metadata.js new file mode 100644 index 0000000..3d09066 --- /dev/null +++ b/branding/constants/metadata.js @@ -0,0 +1,9 @@ +// this file is duplicated in `backend/src/config/metadata.js` and `webapp/constants/metadata.js` and replaced on rebranding +export default { + APPLICATION_NAME: 'ocelot.social', + APPLICATION_SHORT_NAME: 'ocelot.social', + APPLICATION_DESCRIPTION: 'Ocelot Social Community', + COOKIE_NAME: 'ocelot-social-token', + ORGANIZATION_NAME: 'busFaktor e.V.', + ORGANIZATION_JURISDICTION: 'Deutschland', +} diff --git a/branding/email/.gitkeep b/branding/email/.gitkeep new file mode 100644 index 0000000..afe8c26 --- /dev/null +++ b/branding/email/.gitkeep @@ -0,0 +1 @@ +we can put multilanguage e-mails and a layout.html in here \ No newline at end of file diff --git a/branding/email/templates/de/.gitkeep b/branding/email/templates/de/.gitkeep new file mode 100644 index 0000000..5b414a0 --- /dev/null +++ b/branding/email/templates/de/.gitkeep @@ -0,0 +1 @@ +we can put translated e-mails in here \ No newline at end of file diff --git a/branding/email/templates/en/.gitkeep b/branding/email/templates/en/.gitkeep new file mode 100644 index 0000000..5b414a0 --- /dev/null +++ b/branding/email/templates/en/.gitkeep @@ -0,0 +1 @@ +we can put translated e-mails in here \ No newline at end of file diff --git a/branding/locales/de.json b/branding/locales/de.json new file mode 100644 index 0000000..2c63c08 --- /dev/null +++ b/branding/locales/de.json @@ -0,0 +1,2 @@ +{ +} diff --git a/branding/locales/en.json b/branding/locales/en.json new file mode 100644 index 0000000..2c63c08 --- /dev/null +++ b/branding/locales/en.json @@ -0,0 +1,2 @@ +{ +} diff --git a/branding/locales/html/de/code-of-conduct.html b/branding/locales/html/de/code-of-conduct.html new file mode 100644 index 0000000..c4538e3 --- /dev/null +++ b/branding/locales/html/de/code-of-conduct.html @@ -0,0 +1,60 @@ + + + +
+

+ Für das soziale Netzwerk Ocelot.Social Staging +

+

+ Präambel +

+

+ Ich bin der Inhalt vom Verhaltenskodex. +

+
+ + diff --git a/branding/locales/html/de/data-privacy.html b/branding/locales/html/de/data-privacy.html new file mode 100644 index 0000000..104d183 --- /dev/null +++ b/branding/locales/html/de/data-privacy.html @@ -0,0 +1,60 @@ + + + +
+

+ Für das soziale Netzwerk Ocelot.Social Staging +

+

+ Information über die Erhebung personenbezogener Daten +

+

+ Das hier wäre der Inhalt der Datenschutzbestimmungen. +

+
+ + diff --git a/branding/locales/html/de/donate.html b/branding/locales/html/de/donate.html new file mode 100644 index 0000000..71f1027 --- /dev/null +++ b/branding/locales/html/de/donate.html @@ -0,0 +1,60 @@ + + + +
+

+ Für das soziale Netzwerk Ocelot.Social Staging +

+

+ Wohin kann ich spenden? +

+

+ Hier steht was zu den Spenden. +

+
+ + diff --git a/branding/locales/html/de/faq.html b/branding/locales/html/de/faq.html new file mode 100644 index 0000000..15a9d97 --- /dev/null +++ b/branding/locales/html/de/faq.html @@ -0,0 +1,67 @@ + + + +
+

+ Für das soziale Netzwerk Ocelot.Social Staging +

+

+ Wie bediene ich dieses Netzwerk? +

+

+ Hier findest Du die + Bedienungsanleitung.
+

+

+ Betreiberspezifische FAQs +

+

+ Hier steht was zu den betreiberspezifischen FAQs. +

+
+ + diff --git a/branding/locales/html/de/imprint.html b/branding/locales/html/de/imprint.html new file mode 100644 index 0000000..ad3c935 --- /dev/null +++ b/branding/locales/html/de/imprint.html @@ -0,0 +1,60 @@ + + + +
+

+ Für das soziale Netzwerk Ocelot.Social Staging +

+

+ Betreiber +

+

+ Ich bin das Impressum. +

+
+ + diff --git a/branding/locales/html/de/organization.html b/branding/locales/html/de/organization.html new file mode 100644 index 0000000..089d72f --- /dev/null +++ b/branding/locales/html/de/organization.html @@ -0,0 +1,60 @@ + + + +
+

+ Für das soziale Netzwerk Ocelot.Social Staging +

+

+ Das Entwicklernetzwerk +

+

+ Hier wird das Netzwerk beschrieben. +

+
+ + diff --git a/branding/locales/html/de/support.html b/branding/locales/html/de/support.html new file mode 100644 index 0000000..f4dcb53 --- /dev/null +++ b/branding/locales/html/de/support.html @@ -0,0 +1,60 @@ + + + +
+

+ Für das soziale Netzwerk Ocelot.Social Staging +

+

+ Ansprechpartner +

+

+ Ich bin der Inhalt vom Support. +

+
+ + diff --git a/branding/locales/html/de/terms-and-conditions.html b/branding/locales/html/de/terms-and-conditions.html new file mode 100644 index 0000000..74057ad --- /dev/null +++ b/branding/locales/html/de/terms-and-conditions.html @@ -0,0 +1,61 @@ + + + + +
+

+ Für das soziale Netzwerk Ocelot.Social Staging +

+

+ Nutzung und Lizenz +

+

+ Ich bin der Inhalt der Seite "Nutzungsbedingungen". +

+
+ + diff --git a/branding/locales/html/en/code-of-conduct.html b/branding/locales/html/en/code-of-conduct.html new file mode 100644 index 0000000..714cad3 --- /dev/null +++ b/branding/locales/html/en/code-of-conduct.html @@ -0,0 +1,60 @@ + + + +
+

+ For the social network Ocelot.Social Staging +

+

+ Präambel +

+

+ I am the content of the code of conduct. +

+
+ + diff --git a/branding/locales/html/en/data-privacy.html b/branding/locales/html/en/data-privacy.html new file mode 100644 index 0000000..c4b718f --- /dev/null +++ b/branding/locales/html/en/data-privacy.html @@ -0,0 +1,60 @@ + + + +
+

+ For the social network Ocelot.Social Staging +

+

+ Information about the collection of personal data +

+

+ This would be our data privacy section. +

+
+ + diff --git a/branding/locales/html/en/donate.html b/branding/locales/html/en/donate.html new file mode 100644 index 0000000..d25e9f4 --- /dev/null +++ b/branding/locales/html/en/donate.html @@ -0,0 +1,60 @@ + + + +
+

+ For the social network Ocelot.Social Staging +

+

+ Where can I donate? +

+

+ Here's what it says about donations. +

+
+ + diff --git a/branding/locales/html/en/faq.html b/branding/locales/html/en/faq.html new file mode 100644 index 0000000..a5998db --- /dev/null +++ b/branding/locales/html/en/faq.html @@ -0,0 +1,67 @@ + + + +
+

+ For the social network Ocelot.Social Staging +

+

+ How do I operate this network? +

+

+ Here you can find the + user manual.
+

+

+ Operator-Specific FAQs +

+

+ Here are the operator-specific FAQs. +

+
+ + diff --git a/branding/locales/html/en/imprint.html b/branding/locales/html/en/imprint.html new file mode 100644 index 0000000..6a7489a --- /dev/null +++ b/branding/locales/html/en/imprint.html @@ -0,0 +1,60 @@ + + + +
+

+ For the social network Ocelot.Social Staging +

+

+ Operator +

+

+ I am the imprint. +

+
+ + diff --git a/branding/locales/html/en/organization.html b/branding/locales/html/en/organization.html new file mode 100644 index 0000000..e5a6d0f --- /dev/null +++ b/branding/locales/html/en/organization.html @@ -0,0 +1,60 @@ + + + +
+

+ For the social network Ocelot.Social Staging +

+

+ The Developers Network +

+

+ Here the network is described. +

+
+ + diff --git a/branding/locales/html/en/support.html b/branding/locales/html/en/support.html new file mode 100644 index 0000000..118328b --- /dev/null +++ b/branding/locales/html/en/support.html @@ -0,0 +1,60 @@ + + + +
+

+ For the social network Ocelot.Social Staging +

+

+ Contact +

+

+ I am the content of the support. +

+
+ + diff --git a/branding/locales/html/en/terms-and-conditions.html b/branding/locales/html/en/terms-and-conditions.html new file mode 100644 index 0000000..44e3fe3 --- /dev/null +++ b/branding/locales/html/en/terms-and-conditions.html @@ -0,0 +1,60 @@ + + + +
+

+ For the social network Ocelot.Social Staging +

+

+ Use and License +

+

+ I am the content of the page "Terms And Conditions". +

+
+ + diff --git a/branding/static/favicon.ico b/branding/static/favicon.ico new file mode 100644 index 0000000000000000000000000000000000000000..430cef437289d45eaceaa1d096a3674fccbf62cc GIT binary patch literal 5558 zcmeHLc~q5U8vnTWa=rV)UAXtMT^0cqT-a4&Q6K~q7nE>Z*hEnT1;R2>2r;zG934B; zX{P10%t6no>5uA+nbT;EnrkjuIVmogXr?(fPIEfX{GJysvT0NOJKs6a`QG0CHAO{cv_(jj5Lx&#x_~Vb6o_KhE`0(L4&z#>UPo7lXzJ1%N z*XxVzcKg+&q_LEel18biX_T0lL^hl42GDAI@A+TGtS9*W2K**5KJ&r681jtoy`P8_ z8#ivK^fBsxC@U$U`uYZ%S6o8#F|Mm?patdSq*W__G#a%T!1e0A_kQD#KKjT9ycZog zawL=SjvYH@$9OS(kl1@)n4gco)nY!R^ou2ZP&_GQ5+#JjP-0jd$t8(&&InS4q>;B$ zc>?={FL&<_uKb!D z4IO06f0jbRQ^*|rt`hbGTgj*GZC~FL#JTSb9m_O+qZ8h z?3)1yfvp#SccsVP7-wKlH6W%N-&c|=-!kPrLym{flJC-^>Xc}iSdT)x$6 z?VOfBm6YZ{GELqhz*g}$_~0^WMiuq&R|X`JqwaIqE^k_18R)U|E=XfuM&Y64m>@i~;dHVF}%GTD_d0MUhTy^y_Dl1z+!R{dN zk`wD`nZ2FtOOKE;Fp1RBGof#p7+dDNLDtfpqzp(T$xBJWL4h=XehF1qFDIQ&{~cH* zGe78;2YzK2E?iLaocTkZQHVp+C!c(hx_9s1DyP%=X;IM}YHNFv)~#Dljg4!_KQNdK z`OlGS&38h7jzjhX$DDKJ6%m)NH8;sP^HuT-45d}8R*St%W6qp;B$vz2sMTse*th`v z=7OIaazwGcF?St5e%$xcrAzraIXN#UBqY-M^-obt%Q|XpZKIaQ*U{`*vq=S?TFc%e z*Q#seeDte6;97N+tQC7mX>d{D^jXy0w6<$6XfUm$q;V|6R`4hU&&hnw*$*rWa)26s z3CH)6prD{HYHDh+XQPmxb4y@IAlYN|q;bed;fN9Ek7MAj3>ZIhiM;*C1ILSOV|3&U za0uJ8{g{7U-NR%yo3HKIv7;7tP62;^*q+aw$h&9GoEf)e%a+G%Hv65GD;tIHS{`qu z2`QQ6U+hicHF}C}HjyDhBGc5DgzY{2*&gP?9b_CKqo_3|fy;Zw#wSzj+9#;ExD-BY zBE&OQRaO1=`t|FaVttfGiz z2C~FUWXO8D%kSMj;5aZ&d4cT75`|ak$u@on4XsgAL{JC~iyX%1kTNqe#d*oi&E1Z( z5DdNvu=f%^^O(!eojW&UX=TM$g>Mw{mxJU6C*tk*q>U{nU6`2+;Sw2#Nu&xJN50EH z6Y=KJpMBwY_#A0Q=8+*%BK=T_v>|5Xj0!Rqyi5v9D9N-o^7f0PK!5*c@N+}=WYpYX z_`=Kp`;TvISYDwDN&UfEwoBwUj%@~O>2Bz}fsDD^$TI)!uK4d4e|!e4rSHKvF92_= z*yGvH=has60jVPM*anlpU&eZ~-TOUmZ&%E15#PwMJ^Eqn*Ze*CJoGwr2}6$Ur~ji} z@yE5vn7y9-9{*nC=)3!`K#v~*YhsJZCG_rnws6k5wk$b7 zUfyal&-lY2@_{~|f7BtyvCRGR;5h;^=pU$O8$1u_-6I6Z&F<^MuHe;UH;<2z>wK4g ziu^l@e5;QMc?RIH4_2Hf_z%8Djp*&aUUUSGZ`6Olzju9~%k_~pro@4u|B63JK zc4?op=fUS#Gv;gr|1sS(`q|LqC*eC(_G-jBG>oLSu@jIfnn+skM{vSdHJ_{Us-pE^q z%(Y~m{=7J+gViWOYZY?kqzxp=w8|GWFgK;yTfcL9DnAVwKD_Q%2H zy)10ZHkE12M}g}G{M0kdOR4+Jl(!i=af}R%1NPUD(2O5Jh8p z7IEsuHph+fXFoRVcw3jWxXT9J`G|82+Y@Uq_M#Yz8hM9p;A*-h>WezMfN`D$a9#MN zj|Ll`QxD5W{>1%+X+w8!NAw+hkL^cvnYSbA4)^a0>(HxMtL?Y`Yo>K_bI4WAn7N!k znD?@K5aW2r0|eY-{nvbEnoOH{{Qv2;04E?m1a83n{*!dy8$;2zd82pM0$t)h%HiWP z-0gN(xv3LI2vuEAgwr#7($;th)w4{_QBeKbgdpO^Tx%OBWen^(6Tq>SlOzG(p zIua5R;&7kL#@*Y%_YBAsR!~r|tGRhCHLPf$$i&fPdgxE$T)LY6N#@x*C?a7r{;kxD zyH`p|%C1wVPNhKa{1YcmjM~0^ds;$#eCM>uQz<4Zf&z*p^2x|Se&PGrH)PG8PX2`w zjhYxn)2B?Mm@%VoZQi^&8+W@|kYDr88{5+?BQn3zWvwU6j7?-p$tBCoZOC<31z3vy zNT$>&SbK&HIh#looO-#owl*BSxg9p}LLzdTa-O{CYQBwJc?)%RJ8ClSBIu1oe~Eu0 z<{7vfVU2N+Q?J2K{CkccnR@uNcK(OKb=I}IE4N$by(Q{5_iMKDU1Z2;7I|OPV)VS4 zk+a^#Uj7$nHe|J2zMG>v#eLiO;JR-9+=D!g-t)~adfYdlZW^;%Z(=Xkj-eRe=;@u2 z-`U@q(Q`z-cGRCC&QI3Tzlhu~dIhdOlb*UINy4t zNfnmat_sg?M{o8t`ol}2Hv*36n-}j#zv4efQm8USU(CH3Xc#kFIwZAzEad9@C{z#V z(;F{vJ!W04#cz`|#K`}~w3^t`gZ8RJq#Ivz81oT*H};uDYsW4*VqbC)|6&#$v`($D|$U!W%c=Kufz literal 0 HcmV?d00001 diff --git a/branding/static/icon.png b/branding/static/icon.png new file mode 100644 index 0000000000000000000000000000000000000000..1c81fa5fca1a415323627f025eb8a68fbc2a6b79 GIT binary patch literal 21631 zcmagF1AJaj*EV{`Zk$Gq8{1A}+qP{qc4IcS?WD2Mq_OSBZmhHWe_lQ3{l0VVU$isW zGi%mdvvAEf1vzmfcwBf82!tdlA)*BQ-v0Xy3l99On---5fuO7`RWw{QWM#OG?QQ7| zP3(eD1yiO)&+)5&1|IrwD;v=zeadF^gU~qSLr*~(ew|6pUVB+H9 zVqj!uU}mNRYS1}*+PN5d(AhbY{_WyleTbMk8#`G#xLDfT5&iAc(8%7^g^z>;C@1=l z&P|N}t8WKaC!2qIHZf)}wK26dwR3T1V4`PY_@DJnJuLrwGWu$Z z-Nn-E|5E*L$^WYEU}5iK?`&c3@Lz-aw^#gE@&9TFi2MKC#KX|x|5RC4_W!%Ot?j=} z!`VgD4G`RaEW*Ey=|5lKtm5fl%AjQGZ13u1Y%1yoNRRX%!TpsBw}PdIsf~t+B_LF1 zU^Vzin3>uBU!|J=w^Cty8+#{ZKn+d#NSOX<^jCJ=lD3BCrs|d^E*AgY+kY3xnA(~D zuadu`vvK{a4ytyRzWw|9Ron7pmJpac4luaG~eE|RLM3tSt6Q4enK}_s%GtXS zF)|0-dI|2e7u93(Hp|C+|XWbi-01!(uL{{f%{pdZ73!5{GO zUjS-q2cV`C0FR4uqx>KcSb!y<9REuxKp@I^*Z47MAwi6=ZdN8QVLEs%2@M(qmbev2 zDnr5GRKc2Py&Bw7-E&o;6=>U#z*5;7(O0M@BrO<0MaXG-3*EWm9XC5@u|1sMzc{+N z4j7%GZKk6V*sMC^#`kX}D7VtHGTgZc%X$S_vKogmgz=EVD9WttIne0b=FR8J3GQpy z$W(*_(z&-$MQ3mNcKZ@(JjZurx7|K}l7=Nj`0CP{d)ZVpJoaMZSpJI;>ttF2#ipvS zdX6FH-RN_bdC30$kA}3sYiGif&(T(PW?Bn&X}Z`Vu&6zQkj9W#EIqXz0zMCiDW6oY zJ2xMdX{D=4^a{c!(5PniuEMqAj>{`0r&V!qBGlgB@8%^wJdMudL2P+2j;9bf*!7tI zWZk@%y}1FM-aCA+*kicpovJu2iuk<|@|}&7tH$Drj#D=*hKH_rxa)Jfj5ager1%so zjBScSx5D}IBv)7qif(dEoB!FT!{mqWgA9;1=B+S!EegOn2j?K6=?nrPp#S{_1EptT zgFr+eNfAL6kIXY&a|4X|6@Hcmp9Z=RGBOk?aI!yWQWB*B{uo6ckEr2EJTOrO>H0?c_}k3i?99W*Vm03 zwWxf`OAL9`9+ZcD>cwhZ9*@hd+mpr5Xy0VW6Qzon(`c!w%f({}q>5%32(K`}5VGXl zw|W9#kO@-9%_0Yl*fXlstP{y)+uScU3MJ76yg{l^hqq6^e*H>K#cqy7fDD|Qn}b5Y z%H;K&IdW0kZ^$Oe-E!fU&*p74=mpAD0{m5H1_uUA%*>8&pUS<}K66>MtR76})J$7E z2q01?TkVa+FE1~vrkyL#am!`%av2T4CQA*zFNB4LPUHw|+O?>kqto$Y9y zkU$(A9ff`PRKDhtlaJ+ixz)ST`BnX?tE8|H0|P^4$Jyui;oIvoDG3QRpCT@HXy@zQ z>W8obG#1~8^ssfi9KNsYp@ym*7pSPH&-WMix3fOGhj(YIaDk;eBI^>evg4DJ_pU?o ziv1&FV<&5^4c&I!f+(vk_VPLVjQPvc@Ji*Idm=EaQLUaopG6 z@ArJhLFm_5Qp#ns-lkfmc0)`E?JweAM&|K}iyq5i{cD+u*TbdZn{yAP@7;7}W@cj} zYn56gFKz`1d2?d4B^^TY&Ur5ydh30t>%HsAHgEg-;1d;g=y)27d2b*T{%U_osppbS z^KyeZ@T!)zl6iIXb-ajnHjI*?Zz>64?)vrx?E0)V{MKE1$0A+Q1=IN4E~TC~zrD@+ zA`6fScqQcI=qV}vk+-oQ3Tv#qwQ<7cSeMHnT5PrHHQn@E>a!Bl)6U%;f5K6N;4BUSh8&KoUh_)k)Z2(tSSRp}BUYe^9Wov2k-_&*7PfED#R+ zu-SSsfnhNs+aI+JPx^Z)}L0QH6D_#!DFH2t)>)F zM(A8ty31^HZQX!O4EsYJyVnuKo3w0|lxBipkg<1@NlWnrvRUaKq%X)&!yv(X?>GJ4 zcOn_o&PU}HF@NOF%y{o9Gn8Kj{+YNdf ze;5R^@3?}NQ2_P4@Q+HNV}KZ&3cUMMYaMWQX0zlDq!~I{-OqKhGg?b75p3930YLz7 z^4XiD@97QeOpb)9pb=L9eJRD*H${H<7S+rb#v^q`1{L^e4##ZQ-H^8>XejB zQou9xVx)GHIYQbbRx~Q9SfyTP`s&IphOeNd<&pCwpZnej>fSUXPM1kIc~MvCF`>(8 zwa>!}bE<>i%awSIUgy%r;NWypQj+m-3=_1e(COqy(&LI(zHpOl%Ovn2JgONw}SSco#429Upz|Wva0nuk85JT!b9I(Y~~~+^odPH zLH=xZH1s8-1R3ZteD>}w0Fa5(!T*e|6908CQGToULtQ@Ar@iECLOi{5%J(;}Xjs!< zKYX6uQs{Nxo=zCL{SK9BHR}ug-roQv9w|Uy{rMefR)UjHEcr_~to9r-Doe;79uli~ zLqo&;#U^sBUuN~*?sg?4G=&s<44f+uH7~G?@$vC>PWz))k6Z7Oab%A}c=jFFqcn09 zE6A)Z?IbM1gR|hrG+rE7?)H>si07*<3_Lt|p8V+r5=!pYly>NJl{+t-Q)StQi*SZ@ z)B~eC4xHrj*&P5J9zXwi|D;j10IZYu?Y#O(0XV)lp8_At=R&Q6OWflpgpc$h*-=X@ zx?SF_qLEma4-1ZlStpN%&co3pq+Gt}eQ{#OLs2-J-Z!%IK?85*dGl5PPvj?3zfU`J%tfdP?YF*`;PPwfxZ+d z^tLJH`8F>Pgt2gL!(E^LOR5B181j+ee<$oNl z!isQzwz^oMUNbW@lb)%hunW{GD=V{sv?U~caTU^#MZ*C3gIzj_|9+*Tq~!FtBr=Zs zIqiC~(3^s{kbiAAS#IE#z7uJ#0zTJ8&%@Jhy;$vjzE*Z62}Rg!vpmycug{LBya_3} zu*5jovx(d9Z-&N+i)*%p&f?68pTS{omKgwcsiSn}0PNr5CY$|Bg;v-)$u{3tFDa=} zK(JQ6YJ$Ookso96xn|57h+|{yX`ah)qjGssN&37v%&I4WKHNC7mzV^4r}@6#C8eaW zY$W2-L|j#r^s4`{qTP7%*7(G=BgjBYd%94C7lwD{hyQ->_s(HFgqR=#l?ujKl3}FS zeaswqJOML}X9)c$35}eyMS04Cxntm9^hJbVUKzDJ23a~r zbg7#bYYf2q9Pa!z#xxlK6V09lO@wUb!>1IhOxSp+SjoU?NdqJqp^*ul{{Y9Xr>AFB z1J44wrIm1om=N6{M>O20DU7RMQ%1(q`J!wB6<>rUB_$`b`2gb~nirRNxFrUm!jJ}u z<4Ks~&qNl_{rS4{`(vt~#H?KjZr$oln1(+cPQE7-&Zk9YV5K+!Mfc<4QcZFGaH<+I&bojCFDR-21j2_PETLKMd+d6-9{Yw)Q6D1p(%|^}R~mq7 zzzUGWHdoNBF%i>Nn?>h(D~QMRHwZanYBx@^$G2WjxBYnD$8%IEk!g1X{s?>!_}kvY zv4rxnvOo`ZVY}W?K@@h`=tB6#uZ$~5P+tb znQN1*$BdB}rXzR2E=Ce!@<`Ew*H#Sa?)!*CLn@{*GU6z9V=&O&OKztAi!*y)Lr z^EI(}{4_KZ&pi0G0PR(s>J4FRJ;&vb#fwXfPdOad7&fmm7xNDyq|c18|zknVOs z6gHHz{&rRYCv-lhV83Dy&V)HDE?{b1EZDz+d0Y*C+K>0G~(rv(&OVJ5Htd;0Km$s z1kaKySv+y&27WcHp1Fv#;X1YIkSAKQrkjnYe+E9}OrANO)?+h`nMn4=$k2g9jq{~f6SVW`@xiN2+n~RPOqoEPcay0Y7wKDl+ zufW>_DF;W3Vu6^=Mcdc=^Zl_DOQo52wH&O-U5_AWq;wAZ?4%@-_l(q3%EUU{sPD9z z;K%^g^m_9>%dXOcO_GGXimCX#X~t(NOeqnscH z2M13UYc@MPZys+Btex~l6HM&>eyVxI@P@B`{P+Ptf&gHkthc-0|B9PCa=FwafY=&7 zn2T1N-t2`+wRd{#KV;9mYQb}J5xgXV2ngUHww?oyrNbV|hUE^ovlYN_A08O!0FLr7 zWWws(XaUKD7W+-TW*bcaM0R&}eothb$Sr9#m_`3IG0NO*?JC7nNg>Au8&l+;`mP$EWVj+UPH@aI4t4gim<Y@CO_{0M%T;@U$J_4`;5gQg> zD>x2Ll2~&5L#r?9n_=}W;8KNcx;+taCy^gcQEcbb;`T{c6MfhV=g9%3+_+s>6OK;X zt+$z)nlj08J5O#BOl zCb?1i+D(oZ^yd40tc&MvXxyFtjnU}SPD&w#CZ%%l*6?IQP2>LW$g_xYNlpy=mKT^Q)Wo#&T7}<>a52yIAjM_q<>Ub*M`I-W9RBz@u7gRC}+zI$q zn2Fh2J5QHrP}6Xzp$hBvPIL~+i>IN%ySS`am(yrEzvjVY4dZO-4h*%iMx)l?QEFPq!q~bC7M{hSw;>Jcs8(t@L57d4e^;H45$B?LU zSWCC^$F^li1Ksi;?2$ylF1jsgnDW><^r9;U5r1M)>zk3^uN%0XR+f;kN5h$#BwqaJ zTN&lP6ja(e+jMo`{wn?CJFQLzx@r`%gC76%)52<0R#uEea%m_*V^YfAfCE zNjj6K8(fV2a4WM5H?!}1fpoGco+<>^&-jA^X7+{2?Q{un+hMJO9t-aepFuN=H`;C#{(o02OohmJU zI$Lpbkp1}nEMT{M_k~9&PXRy`F%#0Se)(AL2t2OG z!Mr)Q6Ku9C7+eG*UC{#0wsq9Kzw7c)GwVJ^#^Tw^HDZiQ#EGc-#RrU_boik++K!#) zck#t6ZM8EMH=UlHM-XY9-!#U$!)8AmmE-^>SeQ4$$+$5Mq<22(8V-`W`a35_ERyN$ zodrh5NX~LqH-q~hzeG#2Vxg>vHI1(mIwpJdrN5-$($@3{Xvbb1v37sXSEvKtR|N0C z=(NxC9r3Vm(fpj}@_XurkUR-6vt)ZxJ$xw*uI>GjkO|?#Y5k? z7m`qlris;(hR~XgT$MH(>@O{0;SkSpKKjEZ@7Qo@01=|XLP!E}=f>Jv6axHJt-FIr z)ZXmjGqKhX9nW;t@UHmKS`>8-PO|%Qmfy_I3Qvy)CU?qozZBpUKdZ*|O~b_8$$n}4 z3a|I#&^LhPw8>T-ikrtW#iTZX1!m!>Ac5@57}(QO=vI&YIq<9Mz6DA$=`DO#vJTwf zeA|_n6&@1=*GNR_P+26N=%hXJq_f=mOxsBS>e8Bjqad zDXM>8GEdCX^5f@3l<`K1DZe-f!WU(aDXTi~@P&cuNq0U?w>X1StU-Tx%%p;CK7Rp~ zV1htfLbU$T1rCz1Apg(UGI-t&oRe;N`^O-Vi`hqGHs}w6*(I(}@j0=05)G{N5xETb zrptzqpSJcOIjl^1kauP8EFEO{e_SRNR8lgx-3bYDuyPMYa9(d&p;6sxA|X86X>jGs z1j0&iKlV&>yB_xhIb7>88l7<=Xn%^wb)$6*lFe_Yto^Q=_JM?GpHgQJtkw|&=Z{Mj z>tSLlmmOnRMu}R__Mz6->{})TlD&eymiPf-=SIy2v&*ekp#>@U-oRImDw||=PQ=6} zDE8L3o~;#kmQ-*tLkt|jQc@$Bt# zZu8$!5)ld3stO&}%(|$h9H(-Fb_KiU!K{X$ebl(|qKe;bit+4Bk|_9-x7y5Wi&CLC zqT!lXcSLBLMPhG+p?w2zDaeRcr#(+h#y$x&yvs$*%L4kxsBnO=6#0cd%GY&t5 zCT7}T-{Sr4b-TCVbUzN9u)Cm~AI|a8j}N?$d^EImJ$b}mdT$X9J`O|6{&ca1@Y-7~ zrnso6m-?vf<~xz@DZ*`aCdt4BGhiF^@O)&SLfKs*`8BT|@d>IemoL>m*@)u zLbdis!lwLjjMd!131bV0ID6z3~}6M~)FfjDkoM)t3PxLRFjNMr$S zv{_#;T$CUT+(Ltj46Mc;2A4s_G7PO*Ru3d}PuP(RL|PDJih`6|PhepWcT$c$P+MY* z5{ZFk9kAkYM1O%m)|12pAzz@^a0NvS9A2kE;$xJ=nX2l86J%^rK`pkAQ~b#NjOW>B zdYmhjnhjA=h(iWl6HQCnL+)R|nq63^!;^Yr5aKc^~Et3(Vd7K`^v7b}2m4L3HEwb25FZ785Y?XFG)Q>2bx+fc`mlPxFYg zFf(g4Sq)-0wwEq<9|a2Ox+j3n3}AUVtyuhnlkC~THFygsAsz}T<1 zv2`f0^jP;k198Ny-b5(3n3q320li{3-s-dBSR=tR?c$D)zok$(GeQhUkKR zDUSRuOu0DOe$lmBEQ?oTf6(su0K7C<=(pICMajk+-xNZeGb`8o&G$3PuV3qWdV#b1 zEu-@H6DXyi$n3gb0Hr?HcD4DU>zO`>=5pTx2>P4-N(GC3cO1JDHdvh8>Iy-4Lj+fB z+hU-fPunG~bp1hj`MWv-zSJc|f=sK^i!I|O5sVO#5dn)UGPloa!%b(_rX~#Ysx*8lwRv&F+Tl|`#tyy5Qulazpw^C<33`DUq-d(-F zLTWc!T+OTN_wJHG={>6=+y}u!hQn57r=QSg(>2~$4(QUxZw>-X82!TccKft^*?rN^fC=zFXn;M#7)x&)#1S1ZujTsCn(`m3P^b zH(?n$j{MD(&hLoAAlMw9Q4adiaRQO05NTuR`R!gZLvqv7(il4bD1ENhe5Bj5k(Dv*dz{{}oSm z3P>tUX7RK*rBuDB4=|nrYJ?}?%j9dy@m{fL+$NVJr5ZWU4=T6P5hD43DzaJ4g)^NKLC}+) z7MWCs8Vp0k7OdrGJ)g|+`gTS!hPWM083K`;k&T9z?JyW7US98mi7e{m2&S%QF9XNM zzZU8~F=*?>XIN9E`(dT8N$Eh+4M9>Y5HiNSS`@HCx1;M7D0S+Lpzwch)4Vijkdc$i zr7?#vd2mins5y5v*D?wZPWwEbe3{AX<~1=;7E4BZne`1&eL1*4f$f(7P}eVv0_LT7 zs;Bp>+egdqKY{KP@Yz6U5TTi-TRt8idaq`JA zsQ~0p33a6@fH{LDWB^(wttHj6D9=1`~48mei3!TNyA83PV7h^cQ{uXY7I zJR<9uu612hrPWt*JPXKv#o{&huhiKHycfJkG*Z~a8I z^eK^Kl0)4Gm~4D05;WD*o;MGrsgJ>bViStEn7l z>8q(hgA}NfNv8X+zmrKSVThtY3Zh_#F57hM_!)9(!CZ&LVQ9Dxb=;JT()NV5#C@mjn$u6Gs<~xaA;#+HD8sx8 zJuWHUz^@YIi9bzZ`EcCYvtm)fep4Ffxhrmk&}q3d&TY0f>(^*>dx)vtN{w#fvjGUR zm&jr6sNlC&|LQo#e(ye2mwmYFVmem3ReI^sH1Ie}HT#yaKtk&5!@@)9fdWCqFEa&r zE^1m5^NH7Yn~j}K?R~FQ6%(l(Q6FyiOfilFy8YhyB@uuaUCIkv-BP&`|HP!SB;U9x}toQ~Kz4 z{7lcF`E>%(IUWfE#4(z=`H3TDT|+OK!J=N-{-ro0PWAk8dQm!Sm)(*NA~eprbN0yl za!asCU!I+e0tM!I* zbfGOu!|}Q`o-8>akg)cAU(JeRza;Y zXk*o@2jzh@d`IW(MUOByn8blOjMd8u`_Zp{-wor}5*1qvrnLpJukmM^XLPi79II~9 zV{&EdDmPz*&QmP@X~rM(PcCX%nx#NqYX+7e(3h@95OQ?F<79zu2v#zIJh7~@vNAuv z&xBc%7VDohzbtv8TE)ColUYMrp0-y?y!YNAklNVpE#w9V^-Q zCqEc@y1nmCtpf=Bywi||`6*2v8L=8pbLDKe-=xVr++fS<+s$B=R#?uCHegm!*eyiB zR!aLQdUbffnrDCO7xk&t?@kbxo{9cQ%OqvwmJSX=Ar$Mm-=8Z}22xy(??;x*2|$dm zE_EZR-Sfz)^_N-0xS28~hTV?m0b!^ictFq59=u_j!!|hY60ed+)f|^;N+j`$(KZk*6Jg*O)**DV5(H<`%^m0A}olgZ;+UQ%}r-v znL&l~Mh3)|B`q3bx!Ob%8b-2Mi7OT#kKbLES(TnnBu8&W7!d{=WoA?uw@I(OV;e4@iu27!_1HSITFt|{Kx+u17(xp`gNL@O$X7Ue=O^TpEa){UH zwDw_tQ$lh3h}}}Rws@S1$DqN8_#|W9yaber1o-H$~?aji7wli5Z3*wJDYx7#tAL?}Ptq=c!HwW`!Y`K21vsBaVD zkec&`%Dy>{5T?VhXL8J5T~b`1b^1|jrrTaiDF_yz+)~8CNpVr#)W|R4L|NaA!1I7W z>afB?Y_Pg>xQV2`vzR5aP1@x%l7VHbjh6%;kTFAi7syR?Ab4dELA9S~9h3R5GVpwV zfDyb({SYeEoQf#jE#i(`7p>wpKCf#u*(Cis_I@_4D#TE7U?aXxnw|pe0a<{j6O_xk z_S;iFRffEM9iTJlq00*kr4n;d+?=i5BK)Yk3fu=IXJ|ck-6;QJGLmLsq{Gtvx!U6w z*Dw^_xC94f!&v=6-M(OIp^}{Z7hjj(n_k@~?JrlmlB70K{gA0o>%aR3hQT+yYEvC! zZmO5viq~E#2*}ksBPj>qayM%SMC8^geSFMC%hFz+-9DfBlkw51m}V5?+{@M~QWBOdM5G;Oe{~rh(1->&FVG*bK{>Q%>L1kwt}wW7P@jF& zx6y+V2wVqrNw;S4O{#7)Togf?*7PP)#)b_PtSILEJFG(=F@|VF&QkB8KvSiL{dSg? zi1{{c7M8a;BmZqD)qWGZY?^aifPUSg)_Z>U6*7Q|djHs&m0RW56{@u{jNd zLpwTx{FO`O?bo}qCfhAsWaJ2@y5GMgQlvSf8(bUKMF}qYK#FHg<$9a&t;VB0{K}b3 zH+NN?^G-|m;i#;23$6&BG0)Gzc2cTF3+^!nlCDIAikrS-W7r+Ou?+#@L`c(A$XBxx6fVX!W6v0CT6q|X zHlIkH23S(r&eCTqs`QCqAi$5?5)5i{IUYFB9r+Mxvn^$#r~K}~N(@%D>Y1-E1}(gH zeYHnEFg)pf)-)jQGqojQWr!wZ>wg4bQJNJ3(0#2>oJ3kyDp6(Bn>%KcSJeisVUu*DggR_G`?0#sgtPUC&{g-VE z9JVV-&yaN*YhAY5lc??Ma$!1kV8d5YT|N}Dskt7F#1*BbQ+TNnt+}WqL4nNqguJ7_ zUR)vJ4!5SC**0cNP*iWg6468uS-7K&e(H$&TJL?N^}x^xFw|H~O0rZg@tR+N&yjgS zfe-n#(sJO700J$W#LpjSx^j*7&MhrzcvxS2D;y9BRnpN>>dTXoE}D@gFW3@V}JawwfbHh4>M{MIW9>+E8uPHAgy=N>m#A;3h)W#t*6%OtlZb3V-f{1(j>J zoJU#CraM(X4-U#mgXjG5Bokj=@KWQF5?^%oLzBg@8|G`Fw7oAxfhxT?6?0LU1FG-f zahOH*-wezP$pm{mV6VP}1rZB@_CFhw;FHsXzKrWRm827iicS#|vXh{Fa*yP1rQb1W z2r0vqD4K!W9V)s%9wh%JC6$^nrVw51+vzouxc;R+Q0~fqSaY8e1QJzDyyI^K2s-f z6%7NE=oBs36w(O!9}0l^8@@^^Lz3S-!Vtbi8P>{7%>UM;t{-y$42&RH-fli0YDPdL zCVWO8b&VOX#9Fq0SAuH8f(IzSvXN3jytwG8k)|#?mp^-wiAyFPR*TiPtBrLUw17V-pHwbF5-b*Xzk4wBnqx-wB2F|4_;6*v$haqo+KoR*K<%Re% zfTGgdBogvk#OVyF?#a@pgoTCOFd#xAfNo;Gjuc6Ak%A@id$BX-dUaCy=bzgwn~rFw z;!Aiou4=xRw9{k|x z=$0``7Wvk2o!UTvG~Q^PFqyLCh4L7G4%6$cP2nNB6KzIF740y}J(>*pJw!TG6x!*{ zTus=N+y>7bTQAl)>olVsu9cy`u>E=OJa4URC$_49d(F39N-&W`{yk&Hqo#GWEebzh z$EhVar#4FpgfH^7LKN8Rclslnjf>Fum;f6hrQn;7eJ7GB3WqAEL?8R=)$gvNQaa0XZ%JWYq8x>UhHOX{AUFbn} z&Q*Opc92=25hq-~RHY|XJzgxX%snDnx|2}Yt64`>;yuBok=vJ>ndE71I2efk0MpA@ ziSSHcf|g5pJeS6D$?1-2&W=u%uz(CFt_|#u_w18)1xk|wT^Sh}A)!8iinvBfCaKr$ z2+>+o!`fC{m>H&|Oj$8@xsK$#pnKGVZRj1ID+p^lRcu3M>Z(XyvRl64Ti55C*LUk* zkr=EL6>Y7Zp_*_qaFmiB0s~e_l$XasLE0XPhO&JU(iV;0qtp6q@xcb4+@mNl zb~e{vJrEu;(9w8UOkCVK=Qnz#+DTC+zK1u68Y2sgorS-H%I}wA4RzTnXoy&f2jEtA z`}$0xCXmSsNOfF)WJJW{^7ato9bHk^VQ;T~3_meymK;S+IT>dRI%Mx1{#=cIH^A8i!b&&zye@kZ z1))ftdaY>TF)`V!zTO*IJmN6~bU)nXOJ*Ovpz1)+W^rw5_|j{s)1OT?k*q&6gEJy3 zm#N6^?0&sF{dtyN1OMR@7dWyM8JdO!@!!|=N`&xce<<&BrBL3~EF*TNT!{$Dx2UKn;GC&chDqx`7heM+2jJ!Y zGYymc6>1gHFG`PbzvVPyjI!%0AO(paI3yEj85llB4xW#YW{eNjX}4%q0mCvD8DzIw zx)d!fv4}RD+~|b)@F{S(edrr|G!jC1G#bM99Om)Wu-erM)pGR``GXH(rTmpT4ZpcZ zzj*-kqogE^$$BpQFGFZtSrZWv6oHi4GMpygeujy1v`7)fOPEb${>1*(>GP~+M}J>f z0cSpuEsDmfCi-%jNgf9W4@#X8jJQbe6f;=R$J*3&T-Sjq^^?d_|O#vF7gY0~T#3HDRpj2!H z-){f+d0BK$(wVTp(;?{-lza@yyeMKnHgmiu-P_f~TKm^;BFxqcv_l5Ig1tC?t5U6s z)$`T5-2`uRjG#9jjVuicg(%szIM~|cezp;l1mQ4b{SKEhati0WH7*l|Y9K{aJX=us zH5*zmTl=e?6UGJ$7(tUWgK$-qF9}p1{q3?b!Lhy9ikGx(}K_V`=&k3&}AF3V`F=(Wbv|`gd zuHEvqUWgo&Uy78$PTU|5Lm~Bs3F4R6pXL|)qbVQ)pRsQD?s=y5K9oW%s5tk#N;}@i z>@N@bH2y$YG=_O&q5~`JbB-Ww4K)?WU}xalHw8}H^Rrbz;rD%w=dYeOI!6xYvEut` zpo#M7g1`&3Bum^xOx9AYn@-qmO3zHJaKGsy%OPJF~iDImuccEyg^Z-Bt4yPJgCEvp~@6|GUq z>p^lTj?9yWqs2CZ-Fr=|Ysb!)U#S$3shA#sMGjfqZQKl>;7-3R60W2nYo{E7R+^A|&x& zh!{>J*d!D1(%L{;j>ALJgu(98x5_iN0fQ0p<=A>XupBA}xwC)@H-_TSTA`W=$ zdzbr#X(^rLX9pUNdq!$B3ZWPVymGj>Ez|d%D!Yh{Xw>JDG4<+96XNgkKb&rRR3}X=3qLdT}rib|{^8b0t7mj&h91XSdzZ36BujLyjCwXfj23!GLqD zbt#2j#(W?I_^pvS^Q?%X;oo$-Uqk1J9(Mtr99~0xT%cs0!s$|7P`d{QaH68}9Y8}b zoI#Fv?_J^ngCBoNYW1`ac*Q9X6R8zAF(V-tNRPopz zt7PjK_82gF-}fVP^O0=84`1o~KAHj-j`SFm)YOK;uni3j*V=Je0r6NhtvG)&-z|NP zTLe<2kl+DYRs3FmEC3=P>Z|CRag|)dHT`%hUUBzA=P<03i3B@fF+SMKlkJzFs zb#8UrUU!_D=lCpqRE^!5+U_5z2WRy-$9fC`Cu;YXh9(@nkrh(c7*U4eN5KF&gg3O~ zuTeH1_h|SIH5^RTp*8}kx7B9b8!D(l{Z;Y>?TOkwXN#saRbp%h>uS!J8UWJLW`3Hn zs+FmXBuuFe6p>V${xRu#r|RqB>x`_bD_HfaABKb7H5YaKhaF4!(9L@5b96_=R*IUB3$dWdkC7{4V_ z$qw}cPPma`8$x9{hz(j* z-oND6n#fxhECisBnCPVi3>)9#z5`ZZGMmW=%Fr-Q^pNRTN;jja6j{>8A|>i}fb_zJ zCIn6@IVuVU4q?d5OA;I&x9hs+5uB+YNwC5!kHPuYX6njMqTLc|6oZ5wO*~#CoGuLp z0#Xn34`TvN6)Ovv)z}1DVdD1*2dg7*9k&mU!=OVAc?=vOSck3rFLl$dn_qxjS>?vD zRBtue3i4Gd8vd`^ek<9R^N#@>VlKO1cxuRl`AhqC42CpnsUQ9S-iLP-pQ2N-3M zdoCaXY@G)8leZ4j$hh72#r`lYA|R=0(`^$Xz3>c=5261-;RXm_ROq&ObIqtBgHi#K z6+mQO^P6$sEcu-UDR^0zl}Pq858J^pDW5WBY*1OuNj>Be(rE@rs!X5U)^uFM8?Tu# z(`k3Tg#1h_$VQCpfb>juK#a1cNrY#rA^xQZzjF|u_sE^167EP-!1$Jod)B`5Ji3Ar6_xgTDhmwB1ukRgG?*c=)W8mdeGP;`_S{vh%)w7ZyX8|3u87^r=~6w0lW)KcSh`7ve(-JSsh-cu{rf@{=m9LUdU(|!l;FZ6}UW%29k z=->yGA9me`vbC(?l#uVR23nonXa2qjBfPz&X`@2nybDa$tFR`cW{u5o76=6OIHviH;rYZA~}y`qcS;0n7TfIdom(n$We{K!=cM6Fso8e zyPBkK8u`@G$&CsI(APb>b}PUtr^!J6M(CbIi*C(RzQt3HMN8Yt*#7b!z}3CK*EQ1v z@k>x4w_Uh>R#t8dp+pt&$(0sQbIyTPh>QLgi<11qa*|gCBJ}xfH1-U>69Ld z5>DFDF}frqN6GK7>)QYCbq^E}Uee{TEM#}@@YN`tk1oFVgru-h?lNMb?v)~-)r zTA&i+@Lg{2ly^MDg>>|JAP&R67400MFK~$$0m&lp1f|&mBlR8B%(`)=5`p3nAL}lj6gr$K z@{4em&MGYxkyQ=5nv-m&h$m`@#GJo=wi2s0%VR82+YOQ^gq?`WIbcx88F>DD-MP?20TyfQx z(wT*B^NkUSM1aBhZcgBR2I5#L!p5NEp9D<|c$YK;V>(n-?pgD%r1E0Ih$)t0vrXuY zEE$)Xz?B??v7aQQ{ZC%vR285#gR!IZItFAg6L(Hr@B0x16RXwA*4;h^g>t65ilc6g z6sKOVq9@;D*l+87=5G0e)owIv_QY#sPg(_TwJo?`-Rp~bRe5Ld8&O=f=o)R>e7>Y5 z_YVokJ08zuhH$%_jW|o5)e};)_JoHbxym6Y8x>fwmp||MJnvugvRM*n#mw>1cFDAE zfcXcQEi=U(1SxTcLn(7JP4^w#?!YiE;P}dvl#;>{=c$|OX-N@R?w)z8E2a6@B>qsf z3LrEX&4Hu62?;iz4zvH|N{-9G`VdzkoQc3{g=lGjmFs~V9j41%fM}{WZ@Ww5mTRJD zu5^8~4~WxNZDuh*ylr=Bnc)v(Wr9DQ7N=oXBzDlMEUv0`B|lyigRU6Dx! zBfx^^>mR9Sx%|z7;ZB(OoO3*UQ23^_)6U;6 zxD*-MbQc&NU`f`8q2H^TUnw@fR9@aNp$l7@Xj6=*_zE~?!s=jQ_{EKQA@YjjAXm1% zgu-C^T$EsdNf)rMD)_Fpv$Pm520Xnz>+6gq=(8h&ti-(AO+agTtT0-FHEqB3gOTco z|7?gBw%nG|Q(s0NSiBl;-7Edj6&U&gC0vcdg)q7-&_k;LAVDl1^PD-`l(3#2`An0V zGZDyG6>kV}ZPMR#SSNvy!4AGLiAqijNl6X2MpXpmi2D;fmeP@#x}6f_rt<5T79TcEX zLz+%e|B}63Whbn9>b;GAc)jCh{<-GM1*e@F6{Ue2cgZwLc+9jUb8CHDuwg%Zl+FeV zZFaN@%)%!=@zSr@E*&tPjJ0v*izyRU34^N+e0-4Y2&gIh>-~>9_>d*tV5t32#8JxC zfFWwicn;6G7i_3=K15F5QF(b0#tMS1Tj)GGTr067MFUrepWQKVa85C+BzvHa^X+?d zQfCX(W8=&7RWdl^)B*SeMugP$a=VKH+0NQp=EliVR8bKLA5BXbf%!4D@a))l59se{ zpjo~xAtAAokI~Eg=r$_(dB)_bgQNG>cGJECZ`jIiYzE%EC+XjS|3#Jk5!!kLuH0b0 z%(m+@{=k?mUYlp43GD)k#yK@ae&tX?Gq9GmN}04YvP27}As6pp3ItlMw~OBbG%$Xv z_*ZH$8;vj-ky&UV?18eJ&$8|p_i07ZkM7?EUSH6d`j?x1*x_xCv&eEgSuPrUY^Sr( z>6tPg#M1PeIb`h7>pvGgKWq8(W~A^1bAlRr#D-DhwV%sZNfgbZA|yGlB68iyz3 z=^SLiEqtYmt$h+V*qU9ovDN!F%|g5AwDJ2OwV`k%4fuMJcm&**2pj?g{;PAM^|+-1 zOtAZDGU~q``N6)1%KqY%GN z;vTX621p)UFN?~2ePWQq(>A!Dayvf2j5mz9u&T?LX^ts9cBzZo-+f~X*>~Z}%)If< zs`uEhanGjNmwz0mFT@ZFDAgm|VxgaqTYCK=G^#*2kKmxl?scqs=;XB^27i>=zG{5K zzEj~EM$Wlr{2JM|AI5nebPRcU9NgRslArb3V9A`{LBd3M@7s-x8Kjtsn{~R|?z+Hw z)|;lsQ{TP^>Fng=j^(${&$g0rEm@}k#0xFEuRSXFu}PPt^6bsCxmmKfmnOR!>gs=H zTARW82P;!R?isu>Eja+f{n{!@Mxj~_ zs}r0%DF0RliQwLl<8}%3FJP;Rv%ebACn7Hf{A`27%y-y3+uSKE}S7f!0 zDZ&WcS|loIwHES7JK*}2dfKOMnpnj3M$+NEf)IjH)$l!T$vZ`_i7gz$OhG|%wJ0Ta zz95#Xu+E~T+Pm>=_TrzcB~Khb8%>OL#SzlzTF0VyBm4`p4e*nJ!;lcW#W6IZNGnTNtdUmPVkz;L^vFcV@|< z*MFPYgrqG5Cu=jn=u@Zi)#8?W*N*BvM*E!WtlPYoZ1wuUGL;}q6Euev1&bZ_maD3& zYB^l-)ec}z@Ry!n%(CHytLxTl;LwkbjJyt=GlFI1buQH9_BUOF5Vq{8UXEOCbR-o1 z)0Yo$G@jf%taqD~v`|)8SFZ)kv7Wm6^y(_`>m)k-cCKTZ!Gb5n0ge}k17%lFfG@n* z*S6{*SMtCGsAG$|yNkND6aOcvVL%%jyEWD7Qe)u(kiqj4bSEWC^fWNYu!`)`cG`{i zJhdW&>{OJf6)sQT&>r|vyE+PH`$O+_KxLk}LJ1gM$^_VGh0W~72c8=`KtdzAf4k!| zq@!}RsA#na9Mxe^hlo`GLSNieCE+%EuRvtrc&^szt@3P$N0WkECk1xL?X!AqebJmFs9Q@)q)Gzp>1vP!^`PSFc|6r1DGk6%VXc*Sr2b?HuF>6L$3J z;aS8LqCOVHY#eRd>=}JVD;h*~Sw%&VwlNuyC>k5upr??K`rlc-%OH9wxM<295q!31 z*Gc@6#*P}>JUqz06X<8^$<4#V!_Oa+B(&S#LGQXyBW8y9gEti^<|nKm`BFoUmoj!T zW!+~i>usZYG7N=7!)G27y~ZVZK$8uCf{SeERp7`BCFZZpT9@pbev^t`kkk5)J^Bg$ zW+?%H>tY$hYmqPeVbV@{!)tnKZn+0R=YTrLJIhq>gra}#0AW14x*BO-(BGK^$7E)j zlS)zQiVJTAT4e|utde^!^Ap!?4k%qEN^9v}a!|w;XeP0rPkLZEXRT!wn#}rhbzZ;5 zODkpI(Chnaq~x^Kb@?O^-;EKs*|w0ng6B|*w`^!RHrIrHC(qxJ%Mh)iu(}fj7^qq) zra8VpwdwcK?e76^o>(g7 z>RamY)3ES+9CdEqi{n1%T*tIKRLPd8(GB|Czd%txy~s zd00DrcvAHcEDY8Gmp+l(t)>h3+ny9&l6jJ1D-J&u{NH9zdkk4b6db~lhODWso(Vac zo=8Z8LY$ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/branding/static/img/custom/logo-squared.svg b/branding/static/img/custom/logo-squared.svg new file mode 100644 index 0000000..15f420c --- /dev/null +++ b/branding/static/img/custom/logo-squared.svg @@ -0,0 +1,82 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/branding/templates/locales/html/general/de/faq.html b/branding/templates/locales/html/general/de/faq.html new file mode 100644 index 0000000..b06c7e0 --- /dev/null +++ b/branding/templates/locales/html/general/de/faq.html @@ -0,0 +1,62 @@ + + + + +
+

+ Für das soziale Netzwerk {{ organization }} +

+

+ Wie bediene ich dieses Netzwerk? +

+

+ Hier findest Du die + Bedienungsanleitung.
+

+
+ + diff --git a/branding/templates/locales/html/general/en/faq.html b/branding/templates/locales/html/general/en/faq.html new file mode 100644 index 0000000..4a01a45 --- /dev/null +++ b/branding/templates/locales/html/general/en/faq.html @@ -0,0 +1,62 @@ + + + + +
+

+ For the social network of {{ organization }} +

+

+ How do I operate this network? +

+

+ Here you can find the + user manual.
+

+
+ + diff --git a/branding/templates/locales/html/hc-y2020/de/code-of-conduct.html b/branding/templates/locales/html/hc-y2020/de/code-of-conduct.html new file mode 100644 index 0000000..f0fd19a --- /dev/null +++ b/branding/templates/locales/html/hc-y2020/de/code-of-conduct.html @@ -0,0 +1,163 @@ + + + + +
+

+ Für das soziale Netzwerk {{ organization }} +

+

+ Präambel +

+

+ {{ networkName}} ist ein gemeinnütziges soziales Wissens- und Aktionsnetzwerk der nächsten Generation. + Von Menschen – für Menschen. + Free-Software, Open-Source, fair und transparent. + Für positiven lokalen und globalen Wandel in allen Lebensbereichen. + Wir gestalten den öffentlichen Austausch von Wissen, Ideen und Projekten völlig neu. + Die Funktionen von {{ networkName }} bringen die Menschen zusammen – offline und online – so dass wir die Welt zu einem besseren Ort machen können.
+

+

+ Zweck +

+

+ Mit diesen Verhaltensregeln regeln wir die wesentlichen Grundsätze für das Verhalten in unserem Sozialen Netzwerk. + Dabei ist die Menschenrechtscharta der Vereinten Nationen unsere Orientierung und bildet das Herz unseres Werteverständnisses. + Die Verhaltensregeln dienen als Leitsätze für den persönlichen Auftritt und den Umgang untereinander. + Wer als Nutzer im {{ networkName }} Netzwerk aktiv ist, Beiträge verfasst, kommentiert oder mit anderen Nutzern, auch außerhalb des Netzwerkes, Kontakt aufnimmt, erkennt diese Verhaltensregeln als verbindlich an.
+

+

+ Erwartetes Verhalten +

+

+ Die folgenden Verhaltensweisen werden von allen Community-Mitgliedern erwartet und gefordert:
+

+
    +
  • + Sei rücksichtsvoll und respektvoll, bei dem, was Du schreibst und tust. +
    • +
  • + Versuche auf andere zuzugehen, bevor ein Konflikt entsteht. +
    • +
  • + Vermeide erniedrigende, diskriminierende oder belästigende Verhaltensweisen und Ausdrücke. +
    • +
  • + Achte Dein Umfeld und Deine Mitmenschen. Warne die Verantwortlichen der Community, falls Du eine gefährliche Situation, jemanden in Not oder Verstöße gegen diesen Verhaltenskodex bemerkst, auch wenn diese unbedeutend erscheinen. +
    • +
+

+ Nichtakzeptables Verhalten +

+

+ Die folgenden Verhaltensweisen sind in unserer Community inakzeptabel:
+

+
    +
  • + Diskriminierende Beiträge, Kommentare, Äußerungen oder Beleidigungen, insbesondere solche, die sich auf Geschlecht, sexuelle Orientierung, Rasse, Religion, politische oder weltanschauliche Ausrichtung oder Behinderung beziehen +
    • +
  • + Das Senden oder Verlinken eindeutig pornografischen Materials +
    • +
  • + Verherrlichung oder Verharmlosung grausamer oder unmenschlicher Gewalttätigkeiten +
    • +
  • + Das Veröffentlichen von personenbezogenen Daten anderer ohne deren Einverständnis oder das Androhen dessen („Doxing“) +
    • +
  • + Absichtliche Einschüchterung, Stalking oder Verfolgung +
    • +
  • + Bewerben von Produkten und Dienstleistungen mit kommerzieller Absicht +
    • +
  • + Strafbares Verhalten bzw. Verstoß gegen deutsches Recht +
    • +
  • + Befürworten oder Ermutigen zu diesen Verhaltensweisen +
    • +
+

+ Konsequenzen inakzeptablen Verhaltens +

+

+ Wenn ein Gemeinschaftsmitglied inakzeptables Verhalten an den Tag legt, können die verantwortlichen Betreiber, Moderatoren und Administratoren des Netzwerks angemessene Maßnahmen ergreifen, u.a.:
+

+
    +
  • + Auffordern zum sofortigen Abstellen des inakzeptablen Verhaltens +
    • +
  • + Sperren oder Löschen von Kommentaren +
    • +
  • + Vorübergehender Ausschluss aus dem jeweiligen Beitrag +
    • +
  • + Sperren bzw. Löschen von Inhalten +
    • +
  • + Vorübergehender Entzug von Schreibrechten +
    • +
  • + Vorübergehender Ausschluss aus dem Netzwerk +
    • +
  • + Endgültiger Ausschluss aus dem Netzwerk +
    • +
  • + Verstöße gegen deutsches Recht können zur Anzeige gebracht werden. +
    • +
+

+ Wenn Du einem inakzeptablen Verhalten ausgesetzt bist, es miterlebst oder andere Bedenken hast, melde bitte so schnell wie möglich den oder die entsprechenden Inhalte an die Moderatoren. + Bitte klicke beim Beitrag, Kommentar oder Benutzer auf die drei Punkte und melde ihn über das aufgeklappte Menü.
+

+
+ + diff --git a/branding/templates/locales/html/hc-y2020/de/data-privacy.html b/branding/templates/locales/html/hc-y2020/de/data-privacy.html new file mode 100644 index 0000000..9109840 --- /dev/null +++ b/branding/templates/locales/html/hc-y2020/de/data-privacy.html @@ -0,0 +1,1010 @@ + + + + +
+

+ Für das soziale Netzwerk {{ organization }} +

+

+ Information über die Erhebung personenbezogener Daten +

+

+ Wir freuen uns, dass Du unsere Website besuchst und bedanken uns für Dein Interesse. + Im Folgenden informieren wir Dich über den Umgang mit Deinen personenbezogenen Daten bei Nutzung unserer Website, unsere Netzwerkes oder der Uhr des Wandels. + Diese Website nutzt aus Sicherheitsgründen und zum Schutz der Übertragung personenbezogene Daten und anderer vertraulicher Inhalte (z.B. Bestellungen oder Anfragen an den Verantwortlichen) eine SSL-bzw. TLS-Verschlüsselung. + Du kannst eine verschlüsselte Verbindung an der Zeichenfolge „https://“ und dem Schloss-Symbol in Deiner Browserzeile erkennen.
+

+

+ Kontaktdaten des Verantwortlichen +

+

+ Verantwortlich für die Datenverarbeitung auf dieser Website im Sinne der Datenschutz-Grundverordnung (DSGVO) ist
+

+

+ {{ organization }}
+ Musterstraße 11
+ 53487 Musterort
+ Deutschland
+

+

+ Tel.: +49 151 / 43 80 42 22
+ E-Mail: info@example.org
+

+

+ Datenschutzbeauftragter +

+

+ Unser Datenschutzbeauftragter ist erreichbar unter folgender E-Mail-Adresse: datenschutz@@example.org
+

+

+ Diese Website nutzt aus Sicherheitsgründen und zum Schutz der Übertragung personenbezogene Daten und anderer vertraulicher Inhalte (z.B. Bestellungen oder Anfragen an den Verantwortlichen) eine SSL-bzw. TLS-Verschlüsselung. Du kannst eine verschlüsselte Verbindung an der Zeichenfolge „https://“ und dem Schloss-Symbol in Deiner Browserzeile erkennen.
+

+

+ Datenerfassung beim Besuch unserer Website +

+

+ Bei der bloß informatorischen Nutzung unserer Website, also wenn Du Dich nicht registrierst oder uns anderweitig Informationen übermittelst, erheben wir nur solche Daten, die Dein Browser an unseren Server übermittelt (sog. „Server-Logfiles“). Wenn Du unsere Website aufrufst, erheben wir die folgenden Daten, die für uns technisch erforderlich sind, um Dir die Website anzuzeigen:
+

+
    +
  • + unsere besuchte Website +
    • +
  • + Datum und Uhrzeit zum Zeitpunkt des Zugriffes +
    • +
  • + Menge der gesendeten Daten in Byte +
    • +
  • + Quelle/Verweis, von welchem Du auf die Seite gelangst +
    • +
  • + verwendeter Browser +
    • +
  • + verwendetes Betriebssystem +
    • +
  • + verwendete IP-Adresse (ggf.: in anonymisierter Form) +
    • +
+

+ Die Verarbeitung erfolgt gemäß Art. 6 Abs. 1 lit. f DSGVO auf Basis unseres berechtigten Interesses an der Verbesserung der Stabilität und Funktionalität unserer Website. Empfänger dieser Daten sind nur wir und unser Provider Netcup, mit welchem wir einen Auftragsverarbeitungsvertrag haben, um Deine Rechte schützen zu können. + Eine Weitergabe oder anderweitige Verwendung der Daten findet nicht statt. + Wir behalten uns allerdings vor, die Server-Logfiles nachträglich zu überprüfen, sollten konkrete Anhaltspunkte auf eine rechtswidrige Nutzung hinweisen.
+

+

+ Dauer der Speicherung personenbezogener Daten +

+

+ Die Dauer der Speicherung von personenbezogenen Daten bemisst sich anhand der jeweiligen gesetzlichen Aufbewahrungsfrist (z.B. handels- und steuerrechtliche Aufbewahrungsfristen). Nach Ablauf der Frist werden die entsprechenden Daten routinemäßig gelöscht, sofern sie nicht mehr zur Vertragserfüllung oder Vertragsanbahnung erforderlich sind und/oder unsererseits kein berechtigtes Interesse an der Weiterspeicherung fortbesteht.
+

+

+ Cookies +

+

+ Um den Besuch unserer Website attraktiv zu gestalten und die Nutzung bestimmter Funktionen zu ermöglichen, verwenden wir auf verschiedenen Seiten sogenannte Cookies. Hierbei handelt es sich um kleine Textdateien, die auf Deinem Endgerät abgelegt werden. Einige der von uns verwendeten Cookies werden nach dem Ende der Browser-Sitzung, also nach Schließen Deines Browsers, wieder gelöscht (sog. Sitzungs-Cookies). Andere Cookies verbleiben auf Deinem Endgerät und ermöglichen uns oder unseren Partnerunternehmen (Cookies von Drittanbietern), Deinen Browser beim nächsten Besuch wiederzuerkennen (persistente Cookies). Werden Cookies gesetzt, erheben und verarbeiten diese im individuellen Umfang bestimmte Nutzerinformationen wie Browser- und Standortdaten sowie IP-Adresswerte. Persistente Cookies werden automatisiert nach einer vorgegebenen Dauer gelöscht, die sich je nach Cookie unterscheiden kann.
+

+

+ Sofern durch einzelne von uns implementierte Cookies auch personenbezogene Daten verarbeitet werden, erfolgt die Verarbeitung gemäß Art. 6 Abs. 1 lit. f DSGVO zur Wahrung unserer berechtigten Interessen an der bestmöglichen Funktionalität der Website sowie einer kundenfreundlichen und effektiven Ausgestaltung des Seitenbesuchs.
+

+

+ Wir arbeiten unter Umständen mit Werbepartnern zusammen, die uns helfen, unser Internetangebot interessanter zu gestalten. Zu diesem Zweck werden für diesen Fall bei Deinem Besuch unserer Website auch Cookies von Partnerunternehmen in Deinem Browser gespeichert (Cookies von Drittanbietern). Wenn wir mit vorbenannten Werbepartnern zusammenarbeiten, wirst Du über den Einsatz derartiger Cookies und den Umfang der jeweils erhobenen Informationen innerhalb der nachstehenden Absätze individuell und gesondert informiert.
+

+

+ Bitte beachte, dass Du Deinen Browser so einstellen kannst, dass Du über das Setzen von Cookies informiert wirst und einzeln über deren Annahme entscheiden oder die Annahme von Cookies für bestimmte Fälle oder generell ausschließen kannst. Jeder Browser unterscheidet sich in der Art, wie er die Cookie-Einstellungen verwaltet. Diese ist in dem Hilfemenü jedes Browsers beschrieben, welches Dir erläutert, wie Du Deine Cookie-Einstellungen ändern kannst. Diese findest Du für die jeweiligen Browser unter den folgenden Links:
+

+ +

+ Bitte beachte auch, dass bei Nichtannahme von Cookies die Funktionalität unserer Website eingeschränkt sein kann.
+

+

+ Spendenformular +

+

+ Wenn Du unsere Fundraisingbox (Spendenformular) auf unserer Webseite nutzt, dann benötigen wir von Dir folgende personenbezogene Daten: + Deinen Vor- und Nachnamen, Deine E-Mail-Adresse und Deine Bankverbindung mit Kontoinhaber, IBAN und BIC. Solltest Du uns durch eine einfache Überweisung spenden, bekommen wir alle diese Daten auch, bis auf die E-Mail-Adresse. + Wenn Du uns diese in der Überweisung mitteilst, wäre das gut. + Gleichzeitig speichern wir folgende, von Dir eingegebene Daten (Name, E-Mail, Anschrift und Betrag) zur Ausstellung einer Spendenbescheinigung.
+

+

+ Deine E-Mail-Adresse und die Höhe deiner Spende wird ebenfalls von uns gespeichert, um später die Möglichkeit zu schaffen, Deine Unterstützung durch eine Spende über eine sogenannte Badge-Anzeige in unserem Netzwerk öffentlich zu honorieren. + Solltest Du uns nicht nur finanziell unterstützen, sondern auch Nutzer unseres Netzwerkes sein, wirst Du nach dem Go-Live unseres Netzwerkes selber entscheiden können, ob diese Badges angezeigt werden sollen, oder nicht. + Dieser Punkt wird, sobald vollständig implementiert, näher in den Datenschutzbedingungen unseres Netzwerkes beschrieben sein.
+

+

+ Als gemeinnützige Organisation haben wir ein berechtigtes Interesse gem. Art. 6 Abs. 1 lit. f) DSGVO, unseren Spendern eine einfache und sichere Zahlungsmöglichkeit zu bieten, welches die Rechtsgrundlage für diese Verarbeitung ist. + Der Zweck ist die finanzielle Unterstützung unserer gemeinnützigen Organisation.
+

+

+ Die Speicherdauer Deiner Daten beträgt aus steuerrechtlichen Gründen 10 Jahre. + Wir löschen diese Daten spätestens 12 Monate danach.
+

+

+ Für unser Spendenformular auf der Webseite nutzen wir den Finanzdienstleister Fundraisingbox, mit welchem wir einen entsprechenden Auftragsdatenverarbeitungsvertrag abgeschlossen haben, um Deine Rechte, wie unten angegegeben, im Zusammenhang mit Deiner Spende auch durchsetzen zu können. + FundraisingBox und wir sind Empfänger dieser Daten.
+

+

+ Alle weiteren Finanzdienstleister bzw. Banken, die Du angeben kannst, arbeiten nicht im Auftrag von uns bzw. nach unseren Vorgaben, sondern eigenverantwortlich. + Diese sind, je nachdem, auf welchem Weg Du spendest, die GLS Bank, Paypal, VISA, Klarna, Stripe und Deine Bank, von der Du spendest. + FundraisingBox selber liefert dabei keine personenbezogenen Daten in ein Drittland. + Bei von Dir angegebenen bzw. genutzten Finanzdienstleistern kann dies unter Umständen der Fall sein. + Von den oben angegebenen sind hier die Datenschutzinformationen noch einmal gesondert aufgeführt:
+

+ +

+ Das Spendenformular ist auf unserer Webseite über einen sogenannten iFrame eingebunden und die Inhalte werden verschlüsselt zu FundraisingBox übertragen. + Dies bedeutet, dass niemand außer Dir und FundraisingBox bei dieser Übertragung Daten zu sehen bekommt. + Zu Fundraisingbox werden entsprechend Daten übertragen, die Dein Webbrowser liefert, also Deine IP-Adresse und, je nachdem, welchen Browser Du nutzt und wie er eingestellt ist, in der Regel Dein Betriebssystem, die Browserversion und einige andere Daten. + Zum Datenschutz von Fundraisingbox kannst Du hier die Details lesen: https://www.fundraisingbox.com/datensicherheit/.
+

+

+ Support +

+

+ Zweck +

+

+ Wir stellen Dir zum Zweck der Problemlösung einen Support zur Verfügung, wenn Du Probleme mit unserem Netzwerk, unserer Webseite oder der Clock-of-Change hast oder generell etwas von und mit uns geklärt haben willst. + Ebenso kannst Du den Support über das Senden einer E-Mail erreichen. + Optional kannst Du, wenn Du Dich bei uns registriert hast, Deine vergangenen Support-Tickets betrachten.
+

+

+ Personenbezogene Daten: + Um Dir kommunizieren zu können, benötigen wir von Dir Deine E-Mail-Adresse und einen Namen oder ein Pseudonym, damit wir Dich ansprechen können. + Optional kannst Du uns eine Telefonnummer angeben, unter welcher wir Dich erreichen können, wenn Du das möchtest. + Weitere personenbezogene Daten können im Text Deiner Support-Anfrage enthalten sein.
+

+

+ Ebenfalls werden bei Deiner Anfrage, wenn sie über unsere Support-Website stattfindet, Deine IP-Adresse und weitere Daten übertragen, die Dein Browser uns liefert. + Diese Daten werden von uns nicht gespeichert (kein Logging).
+

+

+ Speicherdauer +

+

+ Wir speichern Deine Supportanfragen für Dich, bis Du deinen Account löscht oder uns Bescheid gibst, dass Du sie gelöscht haben möchtest. + Wir löschen allerdings jede Supportanfrage spätestens nach 12 Monaten, nachdem sie geschlossen wurde.
+

+

+ Rechtsgrundlage +

+

+ Als gemeinnützige Organisation haben wir ein berechtigtes Interesse gem. Art. 6 Abs. 1 lit. f) DSGVO, unseren Spendern eine einfache und sichere Support-Möglichkeit für die von uns zur Verfügung gestellten Dienste und damit zusammenhängenden Fragen zu bieten. + Nutzer sind unter Umständen mit Herausforderungen oder Fragestellungen konfrontiert, die sie nicht alleine lösen können. + Mit dem Support bieten wir dafür eine notwendige Kommunikationsschnittstelle, die auch für den Nutzer transparent einsehbar ist.
+

+

+ Empfänger +

+

+ Deine personenbezogenen Daten können nur wir sehen und prinzipiell auch unser Provider, mit welchem wir einen Auftragsdatenverarbeitungsvertrag haben, der unsere Durchgriffsmöglichkeiten und Verantwortlichkeiten regelt.
+

+

+ Drittlandtransfer +

+

+ Unsere Support-Daten werden nicht in einem Drittland gespeichert oder verarbeitet.
+

+

+ Nutzung deiner Daten zur Direktwerbung +

+

+ Anmeldung zu unserem E-Mail-Newsletter +

+

+ Wenn Du Dich zu unserem E-Mail Newsletter anmeldest, übersenden wir Dir regelmäßig Informationen zu unseren Angeboten. + Pflichtangabe für die Übersendung des Newsletters ist allein Deine E-Mail-Adresse. + Die Angabe weiterer evtl. Daten ist freiwillig und wird verwendet, um Dich persönlich ansprechen zu können. + Für den Versand des Newsletters verwenden wir das sog. Double Opt-in Verfahren. + Dies bedeutet, dass wir Dir erst dann einen E-Mail-Newsletter übermitteln werden, wenn Du uns ausdrücklich bestätigt hast, dass Du dem Versand des Newsletters einwilligst. + Wir schicken Dir dann eine Bestätigungsmail, mit der Du gebeten wirst, durch Anklicken eines entsprechenden Links zu bestätigen, dass Du künftig unseren Newsletter erhalten willst.
+

+

+ Mit der Aktivierung des Bestätigungslinks erteilst Du uns Deine Einwilligung für die Nutzung Deiner personenbezogenen Daten gemäß Art. 6 Abs. 1 lit. a DSGVO. + Bei der Anmeldung zum Newsletter speichern wir Deine vom Internet Service-Provider (ISP) eingetragene IP-Adresse sowie das Datum und die Uhrzeit der Anmeldung, um einen möglichen Missbrauch Deiner E-Mailadresse zu einem späteren Zeitpunkt nachvollziehen zu können. + Die von uns bei der Anmeldung zum Newsletter erhobenen Daten werden ausschließlich für Zwecke der werblichen Ansprache im Wege des Newsletters benutzt. + Du kannst den Newsletter jederzeit über den dafür vorgesehenen Link im Newsletter selbst oder durch entsprechende Nachricht an den Support (siehe Formular) abbestellen. + Nach erfolgter Abmeldung wird Deine E-Mailadresse unverzüglich in unserem Newsletter-Verteiler gelöscht, soweit Du nicht ausdrücklich zu einer weiteren Nutzung Deiner Daten eingewilligt hast oder wir uns eine darüberhinausgehende Datenverwendung vorbehalten, die gesetzlich erlaubt ist und über die wir Dich in dieser Erklärung informieren.
+

+

+ Verwendung von Videos +

+

+ Verwendung von Youtube-Videos +

+

+ Diese Website nutzt die Youtube-Einbettungsfunktion zur Anzeige und Wiedergabe von Videos des Anbieters „Youtube“, der zu der Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“) gehört.
+

+

+ Hierbei wird der erweiterte Datenschutzmodus verwendet, der nach Anbieterangaben eine Speicherung von Nutzerinformationen erst bei Wiedergabe des/der Videos in Gang setzt. + Wird die Wiedergabe eingebetteter Youtube-Videos gestartet, setzt der Anbieter „Youtube“ Cookies ein, um Informationen über das Nutzerverhalten zu sammeln. + Hinweisen von „Youtube“ zufolge dienen diese unter anderem dazu, Videostatistiken zu erfassen, die Nutzerfreundlichkeit zu verbessern und missbräuchliche Handlungsweisen zu unterbinden. + Wenn Du bei Google eingeloggt bist, werden Deine Daten direkt Deinem Konto zugeordnet, wenn Du ein Video anklickst. + Wenn Du die Zuordnung zu Deinen Profil bei YouTube nicht wünscht, muss Du Dich vor Aktivierung des Buttons ausloggen. + Google speichert Deine Daten (selbst für nicht eingeloggte Nutzer) als Nutzungsprofile und wertet diese aus. + Eine solche Auswertung erfolgt insbesondere gemäß Art. 6 Abs. 1 lit.f DSGVO auf Basis der berechtigten Interessen von Google an der Einblendung personalisierter Werbung, Marktforschung und/oder bedarfsgerechten Gestaltung seiner Website. + Dir steht ein Widerspruchsrecht gegen die Bildung dieser Nutzerprofile zu, wobei Du Dich zur Ausübung dessen an YouTube richten musst.
+

+

+ Unabhängig von einer Wiedergabe der eingebetteten Videos wird bei jedem Aufruf dieser Website eine Verbindung zum Google-Netzwerk „DoubleClick“ aufgenommen, was ohne unseren Einfluss weitere Datenverarbeitungsvorgänge auslösen kann.
+

+

+ Google LLC mit Sitz in den USA ist für das us-europäische Datenschutzübereinkommen „Privacy Shield“ zertifiziert, welches die Einhaltung des in der EU geltenden Datenschutzniveaus gewährleistet.
+

+

+ Weitere Informationen zum Datenschutz bei „YouTube“ findest Du in der Datenschutzerklärung des Anbieters unter: https://www.google.de/intl/de/policies/privacy.
+

+

+ Netzwerk +

+

+ Wir betreiben ein gemeinnütziges soziales Wissens- und Aktionsnetzwerks, um den Herausforderungen unserer Zeit gemeinsam zu begegnen, die Würde des Menschen zu wahren und eine lebenswerte Zukunft für alle Menschen und zukünftigen Generationen zu schaffen.
+

+

+ Im Folgenden sind die Einzelnen Datenverarbeitungen aufgeführt, die im Rahmen des Betriebs unseres Netzwerkes notwendig sind.
+

+

+ Anmeldedaten +

+

+ Zweck +

+

+ Die Anmeldedaten werden für die Anmeldung am Netzwerk benötigt.
+

+

+ Personenbezogene Daten +

+

+ Im Sinne der Datenminimierung registrierst Du Dich für unser Netzwerk einzig mit Deiner E-Mail-Adresse. + Weitere personenbezogene Daten sind für die Registrierung nicht nötig. + Über diese E-Mail-Adresse stellen wir Deine Identität fest.
+

+

+ In der Kommunikation mit uns spielt die von Dir verwendete E-Mail-Adresse also eine zentrale Rolle. + Daher werden wir alle von Dir ausgeübten Rechte und ggf. Wünsche, die Du an uns richtest, immer über Deine E-Mail-Adresse verifizieren. + Niemals werden wir auf Basis eines Anrufes oder einer sonstigen Information an Deinem Account etwas ändern, ihn z.B. löschen oder stillegen, ohne diese Verifizierung – außer, wir sind durch ein Gesetz dazu gezwungen. + Gesichert ist Dein Account in unserem Netzwerk über ein Passwort, was von Dir selbst vergeben werden muss und jederzeit geändert werden kann.
+

+

+ Speicherdauer +

+

+ Wir speichern Deine Anmeldedaten, bis Du deinen Account löschst oder uns via E-Mail Bescheid gibst, dass Du sie gelöscht haben möchtest.
+

+

+ Rechtsgrundlage +

+

+ Die Einwilligung durch Registrierung am Netzwerk gem. Art. 6 Abs. 1 lit. a) DSGVO. + Die Einwilligung kann jederzeit durch Löschen des Accounts samt aller Daten Widerrufen werden. + Beim Löschen ist da Löschen der Beiträge und Kommentare vorgegeben, aber optional. + Sollen Beiträge und Kommentare nicht gelöscht werden, werden diese anonymisiert. + Dadurch sind sie nicht mehr zuordenbar, weswegen auch anschließend kein Recht auf Löschung mehr geltend gemacht werden kann.
+

+

+ Die E-Mail-Adresse kann jederzeit selber geändert werden. + Durch den Widerruf der Einwilligung wird die Rechtmäßigkeit der aufgrund der Einwilligung bis zum Widerruf erfolgten Verarbeitung nicht berührt.
+

+

+ Empfänger +

+

+ Deine personenbezogenen Daten können nur wir und unser Provider einsehen, mit welchem wir einen Auftragsdatenverarbeitungsvertrag haben, der unsere Durchgriffsmöglichkeiten und Verantwortlichkeiten regelt.
+

+

+ Weitergabe an Dritte +

+

+ Die Anmeldedaten werden nicht an Dritte weitergegeben, außer ein Gesetz zwingt uns dazu.
+

+

+ Drittlandtransfer +

+

+ Die Daten werden nicht in einem Drittland gespeichert.
+

+

+ Profildaten +

+

+ Zweck +

+

+ Die Profildaten ermöglichen es Nutzern, freiwillig weitere Informationen über sich weltweit und frei abrufbar zu veröffentlichen.
+

+

+ Personenbezogene Daten +

+

+ Angaben, wie Dein Pseudonym, ein Avatar-Bildchen oder weitere Angaben, die ggf. auch personenbezogene Daten sein können, vergibst Du selbst.
+

+

+ Speicherdauer +

+

+ Wir speichern Deine Profildaten, bis Du sie löscht. Da die Daten öffentlich sind, können sie von Dritten kopiert worden sein und sind daher ggf. nicht zurückholbar.
+

+

+ Rechtsgrundlage +

+

+ Die Einwilligung gem. Art. 6 Abs. 1 lit. a), diese Profildaten öffentlich zu machen. + Die Veröffentlichung geschieht mit der Eingabe. + Die Einwilligung kann jederzeit durch Löschen der Daten widerrufen werden. + Die Profildaten können jederzeit selber geändert werden.
+

+

+ Empfänger +

+

+ Deine Profildaten sind öffentlich und können weltweit von jedem, der zugreift, gesehen werden.
+

+

+ Dritte +

+

+ Deine Profildaten sind öffentlich und können weltweit von jedem, der zugreift, gesehen werden.
+

+

+ Drittlandtransfer +

+

+ Die Daten werden von uns nicht in einem Drittland gespeichert oder an ein solches übertragen.
+

+

+ Session-Daten +

+

+ Zweck +

+

+ Speicherung der Anmeldung im Browser, damit nicht jeder Seitenaufruf eine neue Anmeldung erfordert.
+

+

+ Personenbezogene Daten +

+

+ Ein Session-Cookie, der in Deinem Webbrowser gespeichert wird.
+

+

+ Speicherdauer +

+

+ Wir speichern Diesen Cookie einen Tag lang.
+

+

+ Cookies +

+

+ Dieser Cookie wird gespeichert:
+

+ + + + + + + + + + + + + + + + + +
+ Name + + Zweck + + Speicherdauer + + Typ +
+ ocelot-social-token + + Merken der Anmeldung am Netzwerk. + Mit diesem Cookie bleibst Du bis zu einem Tag in unserem Netzwerk angemeldet. + + 730 Tage, ca. 2 Jahre + + HTTP-Cookie +
+

+ Rechtsgrundlage +

+

+ Das berechtigtes Interesse gem. Art. 6 Abs. 1 lit. f), unseren Nutzern das Login auf unser Netzwerk technisch zu ermöglichen.
+

+

+ Empfänger +

+

+ Deine personenbezogenen Daten können nur wir und unser Provider, mit welchem wir einen Auftragsdatenverarbeitungsvertrag haben, der unsere Durchgriffsmöglichkeiten und Verantwortlichkeiten regelt.
+

+

+ Drittlandtransfer +

+

+ Die Daten werden nicht in einem Drittland gespeichert.
+

+

+ Browser-Zugriffsdaten +

+

+ Zweck +

+

+ Technische Funktionsfähigkeit der Webanwendung inkl. korrekter Darstellung in der jeweiligen Landessprache.
+

+

+ Personenbezogene Daten +

+

+ Übertragen werden u.a., je nach verwendetem Browser und dessen Einstellungen: + Datum und Uhrzeit des Zugriffes, Menge der gesendeten Daten in Byte, ggf. Quelle/Verweis, von welcher Seite Du auf unsere jeweilige gelangst, verwendeter Browser, verwendetes Betriebssystem, Sprachinformation, Größe des Browserfensters, verwendete IP-Adresse.
+

+

+ Speicherdauer +

+

+ Diese Daten werden von uns nicht gespeichert, sondern nur zur Beantwortung der konkreten Anfrage verwendet.
+

+

+ Rechtsgrundlage +

+

+ Das berechtigtes Interesse gem. Art. 6 Abs. 1 lit. f), unseren Nutzern die Nutzung unseres netzwerkes technisch zu ermöglichen.
+

+

+ Empfänger +

+

+ Deine personenbezogenen Daten können nur wir und unser Provider, mit welchem wir einen Auftragsdatenverarbeitungsvertrag haben, der unsere Durchgriffsmöglichkeiten und Verantwortlichkeiten regelt.
+

+

+ Drittlandtransfer +

+

+ Die Daten werden nicht in einem Drittland gespeichert.
+

+

+ Inhalte +

+

+ Zweck +

+

+ Veröffentlichung von Inhalten in unserem weltweit offenen sozialen Wissens- und Aktionsnetzwerk.
+

+

+ Personenbezogene Daten +

+

+ Alle Beiträge und Kommentare
+

+

+ Speicherdauer +

+

+ Wir speichern Deine Beiträge und Kommentare, bis Du sie löscht. + Da die Daten öffentlich sind, können sie von Dritten kopiert worden sein und sind daher ggf. nicht zurückholbar.
+

+

+ Rechtsgrundlage +

+

+ Die Einwilligung zur Veröffentlichung gem. Art. 6 Abs. 1 lit. a). Die Veröffentlichung geschieht mit der Eingabe. + Die Einwilligung kann jederzeit durch Löschen der Beiträge und Kommentare widerrufen werden. + Die Beiträge und Kommentare können jederzeit selber geändert werden. + Durch den Widerruf der Einwilligung wird die Rechtmäßigkeit der aufgrund der Einwilligung bis zum Widerruf erfolgten Verarbeitung nicht berührt.
+

+

+ Empfänger +

+

+ Deine Beiträge und Kommentare sind öffentlich und können weltweit von jedem, der zugreift, gesehen werden.
+

+

+ Dritte +

+

+ Deine Beiträge und Kommentare sind öffentlich und können weltweit von jedem, der zugreift, gesehen werden.
+

+

+ Drittlandtransfer +

+

+ Die Daten werden von uns nicht in einem Drittland gespeichert oder an ein solches übertragen.
+

+

+ Einbettung von Inhalten von Drittanbietern +

+

+ Der Nutzer kann einwilligen, dass Inhalte von Drittanbietern, wie Facebook, Twitter oder Vimeo nicht als Link dargestellt werden, sondern optional in der Webseite angezeigt bzw. abgespielt werden. + Wir empfehlen, darauf zu verzichten. + Die Grundeinstellung in unserem Netzwerk ist, dass Inhalte von Drittanbietern nicht eingebunden werden.
+

+

+ Zweck +

+

+ Darstellung der Inhalte von Drittanbietern, wie Facebook, Twitter im Kontext des jeweiligen Artikels oder Beitrags im Browser des Nutzers.
+

+

+ Personenbezogene Daten, Speicherdauer, Empfänger und Drittlandtransfer +

+

+ Man kann prinzipiell davon ausgehen, dass Dienste von Drittanbietern durch das Sammeln von Daten über Dich bzw. den damit möglichen Gewinnen finanziert werden. + Daher raten wir davon ab, das Einbinden von Drittanbieterinhalten einzuschalten.
+

+

+ Die von den Drittanbietern gesammelten personenbezogenen Daten und deren Verwendung können wir letztendlich nicht kontrollieren. + Sie sind auch keine Auftragsverarbeiter von uns oder funktionaler Bestandteil unseres Netzwerkes, sondern eigenständig Verantwortliche. + Ein Nutzer kann sich entscheiden, von anderen Nutzern eingestellte Links bzw. deren Inhalte Inhalte eingebettet anzuzeigen. + Die dabei preisgegebenen personenbezogenen daten entsprechen im Großen und Ganzen denen eines Aufrufes des jeweiligen Links. + Dies sind, abhängig vom jeweiligen Browser des Nutzers und seiner Einstellung zum Beispiel:
+

+
    +
  • + unsere besuchte Website +
    • +
  • + Datum und Uhrzeit zum Zeitpunkt des Zugriffes +
    • +
  • + Menge der gesendeten Daten in Byte +
    • +
  • + Quelle/Verweis, von welchem Du auf die Seite gelangst +
    • +
  • + verwendeter Browser +
    • +
  • + verwendetes Betriebssystem +
    • +
  • + verwendete IP-Adresse (ggf.: in anonymisierter Form) +
    • +
+

+ Ebenso können Cookies von Drittanbietern gesetzt und gespeichert werden, wenn Du dies in Deinem Browser zugelassen hast.
+

+

+ Drittanbieter ändern ihre Geschäftsbedingungen in der Regel häufiger. + Daher sind hier die jeweiligen Nutzungsbedingungen und Datenschutzbestimmungen mit genauen und stets aktuellen Details verlinkt:
+

+ +

+ Rechtsgrundlage +

+

+ Einwilligung des Nutzers gem. Art. 6 Abs. 1 lit. a) durch Freischalten der Einbettung in den Benutzereinstellungen. + Die Einwilligung kann jederzeit in den Benutzereinstellungen widerrufen werden. + Durch den Widerruf der Einwilligung wird die Rechtmäßigkeit der aufgrund der Einwilligung bis zum Widerruf erfolgten Verarbeitung nicht berührt.
+

+

+ Youtube-Videos +

+

+ Zweck +

+

+ Freiwillige Einbettung von Youtube-Videos auf unserer Webseite um Videos in der Webseite und nicht in einem neuen Browserfenster darzustellen.
+

+

+ Marketing-Cookies werden von Google genutzt, um Nutzer zu tracken. Der Hintergrund ist die Anzeige von personalisierter Werbung, wofür entsprechende Daten gesammelt werden. + Wir empfehlen das Netzwerk in den Benutzereinstellungen so zu konfigurieren, dass eingebettete Objekte nicht verwendet werden. + Die Inhalte werden dann nicht dargestellt und keine Cookies gespeichert und personenbezogene Daten übertragen.
+

+

+ Hier die aktuellsten mitgeltenden Google-Datenschutzbestimmungen.
+

+

+ Personenbezogene Daten +

+

+ Oben angegebene Daten zum Browserzugriff und die hier folgenden Cookie-Daten mit Details:
+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ Name + + Zweck + + Speicherdauer + + Typ +
+ GPS + + Registriert eine eindeutige ID auf mobilen Geräten, um Tracking basierend auf dem geografischen GPS-Standort zu ermöglichen. + + 30 Minuten + + HTTP-Cookie +
+ PREF + + Registriert eine eindeutige ID, die von Google verwendet wird, um Statistiken dazu, wie der Besucher YouTube-Videos auf verschiedenen Websites nutzt, zu behalten. + + 8 Monate + + HTTP-Cookie +
+ VISITOR_INFO1_LIVE + + Versucht, die Benutzerbandbreite auf Seiten mit integrierten YouTube-Videos zu schätzen. + + 6 Monate + + HTTP-Cookie +
+ YSC + + Registriert eine eindeutige ID, die das Gerät eines wiederkehrenden Benutzers identifiziert. Die ID wird für gezielte Werbung genutzt. + + Sitzungsende + + HTTP-Cookie +
+ yt-player-bandwith + + Wird verwendet, um die optimale Videoqualität basierend auf den Geräte- und Netzwerkeinstellungen des Besuchers zu bestimmen. + + Dauerhaft + + Local Storage +
+ yt-player-headers-readable + + Sammelt Daten zur Besucherinteraktion mit dem Video-Inhalt der Webseite – Diese Daten werden verwendet, um den Video-Inhalt der Webseite für den Besucher relevanter zu machen. + + Dauerhaft + + Local Storage +
+ yt-remote-connected-devices + + Speichert die Benutzereinstellungen beim Abruf eines auf anderen Webseiten integrierten Youtube-Videos. + + Dauerhaft + + Local Storage +
+ yt-remote-device-id + + Speichert die Benutzereinstellungen beim Abruf eines auf anderen Webseiten integrierten Youtube-Videos. + + Dauerhaft + + Local Storage +
+ yt-remote-fast-check-period + + Speichert die Benutzereinstellungen beim Abruf eines auf anderen Webseiten integrierten Youtube-Videos. + + Sitzungsende + + Session Storage +
+ yt-remote-session-app + + Speichert die Benutzereinstellungen beim Abruf eines auf anderen Webseiten integrierten Youtube-Videos. + + Sitzungsende + + Session Storage +
+ yt-remote-session-name + + Speichert die Benutzereinstellungen beim Abruf eines auf anderen Webseiten integrierten Youtube-Videos. + + Sitzungsende + + Session Storage +
+

+ Speicherdauer +

+

+ Datails siehe oben.
+

+

+ Rechtsgrundlage +

+

+ Die Einwilligung gem. Art. 6 Abs. 1 lit. a) durch Freischalten der Einbettung in den Benutzereinstellungen. + Die Einwilligung kann jederzeit in den Benutzereinstellungen widerrufen werden. + Durch den Widerruf der Einwilligung wird die Rechtmäßigkeit der aufgrund der Einwilligung bis zum Widerruf erfolgten Verarbeitung nicht berührt.
+

+

+ Empfänger +

+

+ Der Drittanbieter „Youtube“, der zu der Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“) gehört.
+

+

+ Drittlandtransfer +

+

+ Die Daten werden nicht in einem Drittland gespeichert.
+

+

+ Rechte des Betroffenen +

+

+ Das geltende Datenschutzrecht gewährt Dir gegenüber dem Verantwortlichen hinsichtlich der Verarbeitung Deiner personenbezogenen Daten umfassende Betroffenenrechte (Auskunfts- und Interventionsrechte), über die wir Dich nachstehend informieren:
+

+

+ Auskunftsrecht gemäß Art. 15 DSGVO: +

+

+ Du hast insbesondere ein Recht auf Auskunft über Deine von uns verarbeiteten personenbezogenen Daten, die Verarbeitungszwecke, die Kategorien der verarbeiteten personenbezogenen Daten, die Empfänger oder Kategorien von Empfängern, gegenüber denen Deine Daten offengelegt wurden oder werden, die geplante Speicherdauer bzw. die Kriterien für die Festlegung der Speicherdauer, das Bestehen eines Rechts auf Berichtigung, Löschung, Einschränkung der Verarbeitung, Widerspruch gegen die Verarbeitung, Beschwerde bei einer Aufsichtsbehörde, die Herkunft Deiner Daten, wenn diese nicht durch uns bei Dir erhoben wurden, das Bestehen einer automatisierten Entscheidungsfindung einschließlich Profiling und ggf. aussagekräftige Informationen über die involvierte Logik und die Dich betreffende Tragweite und die angestrebten Auswirkungen einer solchen Verarbeitung, sowie Dein Recht auf Unterrichtung, welche Garantien gemäß Art. 46 DSGVO bei Weiterleitung Deiner Daten in Drittländer bestehen;
+

+

+ Recht auf Berichtigung gemäß Art. 16 DSGVO: +

+

+ Du hast ein Recht auf unverzügliche Berichtigung Dich betreffender unrichtiger Daten und/oder Vervollständigung Deiner bei uns gespeicherten unvollständigen Daten;
+

+

+ Recht auf Löschung gemäß Art. 17 DSGVO: +

+

+ Du hast das Recht, die Löschung Deiner personenbezogenen Daten bei Vorliegen der Voraussetzungen des Art. 17 Abs. 1 DSGVO zu verlangen. + Dieses Recht besteht jedoch insbesondere dann nicht, wenn die Verarbeitung zur Ausübung des Rechts auf freie Meinungsäußerung und Information, zur Erfüllung einer rechtlichen Verpflichtung, aus Gründen des öffentlichen Interesses oder zur Geltendmachung, Ausübung oder Verteidigung von Rechtsansprüchen erforderlich ist.
+

+

+ Recht auf Einschränkung der Verarbeitung gemäß Art. 18 DSGVO: +

+

+ Du hast das Recht, die Einschränkung der Verarbeitung Deiner personenbezogenen Daten zu verlangen, solange die von Dir bestrittene Richtigkeit Deiner Daten überprüft wird, wenn Du eine Löschung Deiner Daten wegen unzulässiger Datenverarbeitung ablehnst und stattdessen die Einschränkung der Verarbeitung Deiner Daten verlangst, wenn Du Deine Daten zur Geltendmachung, Ausübung oder Verteidigung von Rechtsansprüchen benötigst, nachdem wir diese Daten nach Zweckerreichung nicht mehr benötigen oder wenn Du Widerspruch aus Gründen Deiner besonderen Situation eingelegt habst, solange noch nicht feststeht, ob unsere berechtigten Gründe überwiegen.
+

+

+ Recht auf Unterrichtung gemäß Art. 19 DSGVO: +

+

+ Hast Du das Recht auf Berichtigung, Löschung oder Einschränkung der Verarbeitung gegenüber dem Verantwortlichen geltend gemacht, ist dieser verpflichtet, allen Empfängern, denen die Dich betreffenden personenbezogenen Daten offengelegt wurden, diese Berichtigung oder Löschung der Daten oder Einschränkung der Verarbeitung mitzuteilen, es sei denn, dies erweist sich als unmöglich oder ist mit einem unverhältnismäßigen Aufwand verbunden. + Dir steht das Recht zu, über diese Empfänger unterrichtet zu werden.
+

+

+ Recht auf Datenübertragbarkeit gemäß Art. 20 DSGVO: +

+

+ Du hast das Recht, Deine personenbezogenen Daten, die Du uns bereitgestellt habst, in einem strukturierten, gängigen und maschinenlesebaren Format zu erhalten oder die Übermittlung an einen anderen Verantwortlichen zu verlangen, soweit dies technisch machbar is.
+

+

+ Recht auf Widerruf erteilter Einwilligungen gemäß Art. 7 Abs. 3 DSGVO: +

+

+ Du hast das Recht, eine einmal erteilte Einwilligung in die Verarbeitung von Daten jederzeit mit Wirkung für die Zukunft zu widerrufen. + Im Falle des Widerrufs werden wir die betroffenen Daten unverzüglich löschen, sofern eine weitere Verarbeitung nicht auf eine Rechtsgrundlage zur einwilligungslosen Verarbeitung gestützt werden kann. + Durch den Widerruf der Einwilligung wird die Rechtmäßigkeit der aufgrund der Einwilligung bis zum Widerruf erfolgten Verarbeitung nicht berührt.
+

+

+ Recht auf Beschwerde gemäß Art. 77 DSGVO: +

+

+ Wenn Du der Ansicht bist, dass die Verarbeitung der Dich betreffenden personenbezogenen Daten gegen die DSGVO verstößt, hast Du – unbeschadet eines anderweitigen verwaltungsrechtlichen oder gerichtlichen Rechtsbehelfs – das Recht auf Beschwerde bei einer Aufsichtsbehörde, insbesondere in dem Mitgliedstaat Deines Aufenthaltsortes, Deines Arbeitsplatzes oder des Ortes des mutmaßlichen Verstoßes.
+

+

+ WIDERSPRUCHSRECHT +

+

+ WENN WIR IM RAHMEN EINER INTERESSENABWÄGUNG IHRE PERSONENBEZOGENEN DATEN AUFGRUND UNSERES ÜBERWIEGENDEN BERECHTIGTEN INTERESSES VERARBEITEN, HAST DU DAS JEDERZEITIGE RECHT, AUS GRÜNDEN, DIE SICH AUS DEINER BESONDEREN SITUATION ERGEBEN, GEGEN DIESE VERARBEITUNG WIDERSPRUCH MIT WIRKUNG FÜR DIE ZUKUNFT EINZULEGEN.
+ MACHST DU VON DEINEM WIDERSPRUCHSRECHT GEBRAUCH, BEENDEN WIR DIE VERARBEITUNG DER BETROFFENEN DATEN. + EINE WEITERVERARBEITUNG BLEIBT ABER VORBEHALTEN, WENN WIR ZWINGENDE SCHUTZWÜRDIGE GRÜNDE FÜR DIE VERARBEITUNG NACHWEISEN KÖNNEN, DIE DEINE INTERESSEN, GRUNDRECHTE UND GRUNDFREIHEITEN ÜBERWIEGEN, ODER WENN DIE VERARBEITUNG DER GELTENDMACHUNG, AUSÜBUNG ODER VERTEIDIGUNG VON RECHTSANSPRÜCHEN DIENT.
+

+

+ WERDEN DEINE PERSONENBEZOGENEN DATEN VON UNS VERARBEITET, UM DIREKTWERBUNG ZU BETREIBEN, HAST DU DAS RECHT, JEDERZEIT WIDERSPRUCH GEGEN DIE VERARBEITUNG SIE BETREFFENDER PERSONENBEZOGENER DATEN ZUM ZWECKE DERARTIGER WERBUNG EINZULEGEN. + DU KANNST DEN WIDERSPRUCH WIE OBEN BESCHRIEBEN AUSÜBEN.
+

+

+ MACHST DU VON DEINEM WIDERSPRUCHSRECHT GEBRAUCH, BEENDEN WIR DIE VERARBEITUNG DER BETROFFENEN DATEN ZU DIREKTWERBEZWECKEN.
+

+
+ + diff --git a/branding/templates/locales/html/hc-y2020/de/terms-and-conditions.html b/branding/templates/locales/html/hc-y2020/de/terms-and-conditions.html new file mode 100644 index 0000000..fe02cda --- /dev/null +++ b/branding/templates/locales/html/hc-y2020/de/terms-and-conditions.html @@ -0,0 +1,136 @@ + + + + +
+

+ Für das soziale Netzwerk {{ organization }} +

+

+ Nutzungsbedingungen +

+

+ Die folgenden Nutzungsbedingungen sind Basis für die Nutzung unseres {{ networkName }} Netzwerkes. + Beim Registrieren musst Du diese anerkennen und wir werden Dich auch später über ggf. stattfindende Änderungen informieren. + Unser Netzwerk wird in der {{ organizationLocation }} betrieben und unterliegt daher {{ organizationLocation2 }} Recht. + Gerichtsstand ist {{ legacyLocation }}. + Zu Details schau in unser Impressum: https://{{ networkURL }}/imprint/.
+

+

+ Nutzung und Lizenz +

+

+ Sind Inhalte, die Du bei uns einstellst, durch Rechte am geistigen Eigentum geschützt, erteilst Du uns eine nicht-exklusive, übertragbare, unterlizenzierbare und weltweite Lizenz für die Nutzung dieser Inhalte für die Bereitstellung in unserem Netzwerk. + Diese Lizenz endet, sobald Du Deine Inhalte oder Deinen ganzen Account löscht. + Bedenke, dass andere Deine Inhalte weiter teilen können und wir diese nicht löschen können.
+

+

+ Datenschutz +

+

+ Unser Netzwerk ist ein soziales Wissens- und Aktionsnetzwerk. + Daher ist es uns besonders wichtig, dass möglichst viele Inhalte öffentlich zugänglich sind. + Im Laufe der Entwicklung unseres Netzwerkes wird es mehr und mehr die Möglichkeit geben, über die Sichtbarkeit der selbst angegebenen bzw. persönlichen Daten zu entscheiden. + Über diese neuen Funktionen werden wir Euch informieren. + Ansonsten gilt, dass Du immer darüber nachdenken solltest, welche persönlichen Daten Du über Dich (oder andere) preisgibst. + Dies gilt insbesondere für Inhalte von Beiträgen und Kommentaren, da diese einen weitgehend öffentlichen Charakter haben. + Später wird es Möglichkeiten geben, die Sichtbarkeit Deines Profils einzuschränken. + Teil der Nutzungsbedingungen ist unsere Datenschutzerklärung, die Dich über die einzelnen Datenverarbeitungen in unserem Netzwerk informiert: https://{{ networkURL }}/data-privacy. + Unsere Datenschutzerklärung ist an die Gesetzeslage und die Charakteristika unseres Netzwerks angepasst und gilt immer in der aktuellsten Version.
+

+

+ Verhaltenscodex +

+

+ Unser Verhaltenskodex dient als Leitfaden für das persönliche Auftreten und den Umgang miteinander. + Wer als Nutzer im {{ networkName }} Netzwerk aktiv ist, Beiträge verfasst, kommentiert oder mit anderen Nutzern, auch außerhalb des Netzwerkes, Kontakt aufnimmt, erkennt diese Verhaltensregeln als verbindlich an. https://{{ networkURL }}/code-of-conduct
+

+

+ Moderation +

+

+ Bis unsere finanziellen Möglichkeiten uns erlauben, das Community-Moderationssystem zu implementieren, moderieren wir mit einem vereinfachten System und eigenen bzw. ggf. ehrenamtlichen Mitarbeitern. + Wir schulen diese Moderatoren und aus diesem Grund treffen auch nur diese entsprechende Entscheidungen. + Diese Moderatoren führen Ihre Tätigkeit anonym aus. + Du kannst uns Beiträge, Kommentare und auch Nutzer melden (wenn diese zum Beispiel in ihrem Profil Angaben machen oder Bilder haben, die diese Nutzungsbedingungen verletzen). + Wenn Du uns etwas meldest, kannst Du einen Meldegrund angeben und noch eine kurze Erläuterung mitgeben. + Wir schauen uns dann das Gemeldete an und sanktionieren ggf., z.B. indem wir Beiträge, Kommentare oder Nutzer sperren. + Du und auch der Betroffene erhalten derzeitig von uns leider noch keine Rückmeldung, das ist aber in Planung. + Unabhängig davon behalten wir uns prinzipiell Sanktionen vor aus Gründen, die unter Umständen nicht oder noch nicht in unserem Verhaltenscodex oder diesen Nutzungsbedingungen aufgeführt sind.
+

+

+ Fehler und Rückmeldungen +

+

+ Wir sind sehr bemüht, unser Netzwerk und unsere Daten sicher und abrufbar zu erhalten. + Jede neue Version der Software durchläuft sowohl automatisierte als auch manuelle Tests. + Es können jedoch unvorhergesehene Fehler auftreten. + Deshalb sind wir dankbar für jeden gemeldeten Fehler. + Du kannst gerne jeden von Dir entdeckten Fehler dem Support/der Hilfe-Assistenz mitteilen: https://{{ networkURL }}/support.
+

+

+ Keine kommerzielle Nutzung +

+

+ Die Nutzung des {{ networkName }} Netzwerkes ist nicht für kommerzielle Zwecke gestattet. + Darunter fällt unter anderem das Bewerben von Produkten mit kommerzieller Absicht, das Einstellen von Affiliate-Links (Geschäftspartner-Links), direkter Aufruf zu Spenden oder finanzieller Unterstützung für Zwecke, die steuerlich nicht als gemeinnützig anerkannt sind.
+

+

+ Keine politische Nutzung +

+

+ Nutzerkonten von politischen Parteien oder offizielle Nutzerkonten eines politischen Vertreters sind unzulässig.
+

+

+ Hilfe und Fragen +

+

+ Für Hilfe und Fragen haben wir Dir eine umfassende Sammlung an häufig gestellten Fragen und Antworten (FAQ) zusammengestellt; Du findest diese auf https://{{ networkURL }}/faq.
+

+
+ + diff --git a/branding/templates/locales/html/hc-y2020/en/code-of-conduct.html b/branding/templates/locales/html/hc-y2020/en/code-of-conduct.html new file mode 100644 index 0000000..682b8d4 --- /dev/null +++ b/branding/templates/locales/html/hc-y2020/en/code-of-conduct.html @@ -0,0 +1,163 @@ + + + + +
+

+ For the social network of {{ organization }} +

+

+ Präambel +

+

+ {{ networkName }} is a non-profit social knowledge and action network of the next generation. + By people - for people. Free software, open source, fair and transparent. + For positive local and global change in all areas of life. + We completely redesign the public exchange of knowledge, ideas and projects. + The functions of {{ networkName }} bring people together - offline and online - so that we can make the world a better place.
+

+

+ Purpose +

+

+ With these code of conduct we regulate the essential principles for behavior in our social network. + The United Nations Charter of Human Rights is our orientation and forms the heart of our understanding of values. + The code of conduct serves as guiding principles for our personal appearance and interaction with one another. + Anyone who is active as a user in the {{ networkName }} Network, writes articles, comments or contacts other users, including those outside the network,acknowledges these rules of conduct as binding.
+

+

+ Expected Behaviour +

+

+ The following behaviors are expected and requested of all community members:
+

+
    +
  • + Exercise consideration and respect in your speech and actions. +
    • +
  • + Attempt collaboration before conflict. +
    • +
  • + Refrain from demeaning, discriminatory, or harassing behavior and speech. +
    • +
  • + Be mindful of your surroundings and of your fellow participants. + Alert community leaders if you notice a dangerous situation, someone in distress, or violations of this Code of Conduct, even if they seem inconsequential. +
    • +
+

+ Unacceptable Behavior +

+

+ The following behaviors are unacceptable within our community:
+

+
    +
  • + Discriminatory posts, comments, utterances or insults, particularly those relating to gender, sexual orientation, race, religion, political or philosophical orientation or disability. +
    • +
  • + Posting or linking of clearly pornographic material. +
    • +
  • + Glorification or trivialization of cruel or inhuman acts of violence. +
    • +
  • + The disclosure of others' personal information without their consent or threat there of ("doxing"). +
    • +
  • + Intentional intimidation, stalking or persecution. +
    • +
  • + Advertising products and services with commercial intent. +
    • +
  • + Criminal behavior or violation of German law. +
    • +
  • + Endorse or encourage such conduct. +
    • +
+

+ Consequences of Unacceptable Behavior +

+

+ If a community member exhibits unacceptable behaviour, the responsible operators, moderators and administrators of the network may take appropriate measures, including but not limited to:
+

+
    +
  • + Request for immediate cessation of unacceptable conduct +
    • +
  • + Locking or deleting comments +
    • +
  • + Temporary exclusion from the respective post or contribution +
    • +
  • + Blocking or deleting of content +
    • +
  • + Temporary withdrawal of write permissions +
    • +
  • + Temporary exclusion from the network +
    • +
  • + Final exclusion from the network +
    • +
  • + Violations of German law can be reported. +
    • +
+

+ If you are subject to or witness unacceptable behavior, or have any other concerns, please notify a community organizer as soon as possible and link or refer to the corresponding content. + Please click on the three dots on the post, comment or user and report it using the drop-down menu.
+

+
+ + diff --git a/branding/templates/locales/html/hc-y2020/en/terms-and-conditions.html b/branding/templates/locales/html/hc-y2020/en/terms-and-conditions.html new file mode 100644 index 0000000..4687b8c --- /dev/null +++ b/branding/templates/locales/html/hc-y2020/en/terms-and-conditions.html @@ -0,0 +1,135 @@ + + + + +
+

+ For the social network of {{ organization }} +

+

+ Terms of Service +

+

+ The following terms of use form the basis for the use of our network. + When you register, you must accept them and we will inform you later about any changes that may take place. + The {{ networkName }} Network is operated in Germany and is therefore subject to German law. + Place of jurisdiction is {{ organizationLocation }}. + For details see our imprint: https://{{ networkURL }}/imprint/
+

+

+ Use and License +

+

+ If any content you post to us is protected by intellectual property rights, you grant us a non-exclusive, transferable, sublicensable, worldwide license to use such content for posting to our network. + This license expires when you delete your content or your entire account. + Remember that others may share your content and we cannot delete it.
+

+

+ Privacy Statement +

+

+ Our network is a social knowledge and action network. + It is therefore particularly important to us that as much content as possible is publicly accessible. + In the course of the development of our network there will be more and more the possibility to decide about the visibility of the personal data. + We will inform you about these new features. + Otherwise, you should always think about which personal data you disclose about yourself (or others). + This applies in particular to the content of posts and comments, as these have a largely public character. + Later there will be possibilities to limit the visibility of your profile. + Part of the terms of service is our privacy statement, which informs you about the individual data processing operations in our network: https://{{ networkURL }}/data-privacy. + Our privacy statement is adapted to the legal situation and characteristics of our network and is always valid in the most current version.
+

+

+ Code of Conduct +

+

+ Our code of conduct serves as a handbook for personal appearance and interaction with each other. + Whoever is active as a user in the {{ networkName }} network, writes articles, comments or makes contact with other users, even outside the network, acknowledges these rules of conduct as binding. https://{{ networkURL }}/code-of-conduct
+

+

+ Moderation +

+

+ Until our financial possibilities allow us to implement the community moderation system, we moderate with a simplified system and with our own or possibly volunteer staff. + We train these moderators and for this reason only they make the appropriate decisions. + These moderators carry out their work anonymously. + You can report posts, comments and users to us (for example, if they provide information in their profile or have images that violate these Terms of Use). + If you report something to us, you can give us a reason and a short explanation. + We will then take a look at what you have reported and sanction you if necessary, e.g. by blocking contributions, comments or users. + Unfortunately, you and the person concerned will not receive any feedback from us at this time, but this is in the planning stage. + Irrespective of this, we reserve the right to impose sanctions in principle for reasons that may not or not yet be listed in our Code of Conduct or these terms of service.
+

+

+ Errors and Feedback +

+

+ We make every effort to keep our network and data secure and available. + Each new release of the software goes through both automated and manual testing. + However, unforeseen errors may occur. Therefore, we are grateful for any reported bugs. + You are welcome to report any bugs you discover by emailing Support at https://{{ networkURL }}/support
+

+

+ No Commercial Use +

+

+ The use of the {{ networkName }} Network is not permitted for commercial purposes. + This includes, but is not limited to, advertising products with commercial intent, posting affiliate links, directly soliciting donations, or providing financial support for purposes that are not recognized as charitable for tax purposes.
+

+

+ No Political Use +

+

+ User accounts of political parties or official user accounts of a political representative are not permitted.
+

+

+ Help and Questions +

+

+ For help and questions we have compiled a comprehensive collection of frequently asked questions and answers (FAQ) for you. You can find them here: https://{{ networkURL }}/faq
+

+
+ + diff --git a/kubernetes/dns.values.yaml.template b/kubernetes/dns.values.yaml.template new file mode 100644 index 0000000..09539e3 --- /dev/null +++ b/kubernetes/dns.values.yaml.template @@ -0,0 +1,12 @@ +# please duplicate template file and rename to "dns.values.yaml" and fill in your value + +provider: digitalocean +digitalocean: + # create the API token at https://cloud.digitalocean.com/account/api/tokens + # needs read + write + apiToken: "TODO" +domainFilters: + # domains you want external-dns to be able to edit + - TODO.TODO +rbac: + create: true \ No newline at end of file diff --git a/kubernetes/values.yaml.template b/kubernetes/values.yaml.template new file mode 100644 index 0000000..86c0231 --- /dev/null +++ b/kubernetes/values.yaml.template @@ -0,0 +1,120 @@ +# please duplicate template file and rename to "values.yaml" and fill in your value + +# change all the below if needed +MAPBOX_TOKEN: "pk.eyJ1IjoiYnVzZmFrdG9yIiwiYSI6ImNraDNiM3JxcDBhaWQydG1uczhpZWtpOW4ifQ.7TNRTO-o9aK1Y6MyW_Nd4g" +PRODUCTION_DB_CLEAN_ALLOW: false # only true for production environments on staging servers +PUBLIC_REGISTRATION: false +INVITE_REGISTRATION: false +COOKIE_EXPIRE_TIME: 730 # days (730 days, two years is the default in main code) +CATEGORIES_ACTIVE: false + +BACKEND: + # change all the below if needed + # DOCKER_IMAGE_REPO - change that to your branded docker image + # label is appended based on .Chart.appVersion + DOCKER_IMAGE_REPO: "ocelotsocialnetwork/backend-branded" + CLIENT_URI: "https://staging.ocelot.social" + # create a new one for your network + JWT_SECRET: "b/&&7b78BF&fv/Vd" + PRIVATE_KEY_PASSPHRASE: "a7dsf78sadg87ad87sfagsadg78" + # ocelot.social mail dummy + EMAIL_DEFAULT_SENDER: "devops@ocelot.social" + SMTP_HOST: "mail.ocelot.social" + SMTP_USERNAME: "devops@ocelot.social" + SMTP_PASSWORD: "devops@ocelot.social" + SMTP_PORT: "587" + SMTP_IGNORE_TLS: 'false' + SMTP_SECURE: 'false' # true for 465, false for other ports + # or + # SMTP_PORT: "465" + # SMTP_IGNORE_TLS: 'true' + # SMTP_SECURE: 'true' # true for 465, false for other ports + + # most likely you don't need to change this + MIN_READY_SECONDS: "15" + PROGRESS_DEADLINE_SECONDS: "60" + REVISIONS_HISTORY_LIMIT: "25" + CONTAINER_RESTART_POLICY: "Always" + CONTAINER_TERMINATION_GRACE_PERIOD_SECONDS: "30" + DOCKER_IMAGE_PULL_POLICY: "Always" + STORAGE_UPLOADS: "25Gi" + +WEBAPP: + # change all the below if needed + # DOCKER_IMAGE_REPO - change that to your branded docker image + # label is appended based on .Chart.appVersion + DOCKER_IMAGE_REPO: "ocelotsocialnetwork/webapp-branded" + WEBSOCKETS_URI: "wss://staging.ocelot.social/api/graphql" + + # Most likely you don't need to change this + REPLICAS: "2" + MIN_READY_SECONDS: "15" + PROGRESS_DEADLINE_SECONDS: "60" + REVISIONS_HISTORY_LIMIT: "25" + CONTAINER_RESTART_POLICY: "Always" + CONTAINER_TERMINATION_GRACE_PERIOD_SECONDS: "30" + DOCKER_IMAGE_PULL_POLICY: "Always" + +NEO4J: + # most likely you don't need to change this + REVISIONS_HISTORY_LIMIT: "25" + DOCKER_IMAGE_REPO: "ocelotsocialnetwork/neo4j-community-branded" + DOCKER_IMAGE_PULL_POLICY: "Always" + CONTAINER_RESTART_POLICY: "Always" + CONTAINER_TERMINATION_GRACE_PERIOD_SECONDS: "30" + STORAGE: "5Gi" + # RESOURCE_REQUESTS_MEMORY configures the memory available for requests. + RESOURCE_REQUESTS_MEMORY: "2G" + # RESOURCE_LIMITS_MEMORY configures the memory limits available. + RESOURCE_LIMITS_MEMORY: "4G" + # required for Neo4j Enterprice version + #ACCEPT_LICENSE_AGREEMENT: "yes" + ACCEPT_LICENSE_AGREEMENT: "no" + AUTH: "none" + #DBMS_CONNECTOR_BOLT_THREAD_POOL_MAX_SIZE: "10000" # hc value + DBMS_CONNECTOR_BOLT_THREAD_POOL_MAX_SIZE: "400" # default value + #DBMS_MEMORY_HEAP_INITIAL_SIZE: "500MB" # HC value + DBMS_MEMORY_HEAP_INITIAL_SIZE: "" # default + #DBMS_MEMORY_HEAP_MAX_SIZE: "500MB" # HC value + DBMS_MEMORY_HEAP_MAX_SIZE: "" # default + #DBMS_MEMORY_PAGECACHE_SIZE: "490M" # HC value + DBMS_MEMORY_PAGECACHE_SIZE: "" # default + #APOC_IMPORT_FILE_ENABLED: "true" # HC value + APOC_IMPORT_FILE_ENABLED: "false" # default + DBMS_SECURITY_PROCEDURES_UNRESTRICTED: "algo.*,apoc.*" + +MAINTENANCE: + # change all the below if needed + # DOCKER_IMAGE_REPO - change that to your branded docker image + # label is appended based on .Chart.appVersion + DOCKER_IMAGE_REPO: "ocelotsocialnetwork/maintenance-branded" + + # Most likely you don't need to change this + REVISIONS_HISTORY_LIMIT: "25" + CONTAINER_RESTART_POLICY: "Always" + CONTAINER_TERMINATION_GRACE_PERIOD_SECONDS: "30" + DOCKER_IMAGE_PULL_POLICY: "Always" + +LETSENCRYPT: + # change all the below if needed + # ISSUER is used by cert-manager to set up certificates with the given provider. + # change it to "letsencrypt-production" once you are ready to have valid cetrificates. + # Be aware that the is an issuing limit with letsencrypt, so a dry run with staging might be wise + ISSUER: "letsencrypt-staging" + EMAIL: "devops@ocelot.social" + DOMAINS: + - "staging.ocelot.social" + - "www.staging.ocelot.social" + +NGINX: + # most likely you don't need to change this + PROXY_BODY_SIZE: "10m" + +STORAGE: + # change all the below if needed + PROVISIONER: "dobs.csi.digitalocean.com" + + # most likely you don't need to change this + RECLAIM_POLICY: "Retain" + VOLUME_BINDING_MODE: "Immediate" + ALLOW_VOLUME_EXPANSION: true \ No newline at end of file From 7d2297a98ca2d349fd46a365e004a6ca0dbd2114 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 20 Mar 2023 11:35:09 +0100 Subject: [PATCH 27/89] adjusted trigger name and include publish workflow --- .github/workflows/deploy.yml | 7 +- .github/workflows/publish.yml | 131 ++++++++++++++++++++++++++++++++++ 2 files changed, 133 insertions(+), 5 deletions(-) create mode 100644 .github/workflows/publish.yml diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 5c83d7f..013e7f1 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -2,10 +2,7 @@ name: deploy on: repository_dispatch: - types: [trigger-build-success] - push: - branches: - - master + types: [trigger-ocelot-brand-build-success] jobs: deploy: @@ -29,7 +26,7 @@ jobs: uses: actions/checkout@v3 with: repository: 'Ocelot-Social-Community/Ocelot-Social' - ref: ${{ env.GITHUB_OCELOT_TAG }} + ref: ${{ env.GITHUB_OCELOT_REF }} path: 'ocelot/' fetch-depth: 0 - name: Checkout code diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 0000000..256b8e7 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,131 @@ +name: publish-branded +on: + repository_dispatch: + types: [trigger-ocelot-build-success] + push: + branches: + - master + +jobs: + build_branded: + name: Docker Build Branded + runs-on: ubuntu-latest + env: + SECRET: ${{ secrets.SECRET }} + CONFIGURATION: "this" + steps: + - name: Checkout code + uses: actions/checkout@v3 + - name: Decrypt .env + run: gpg --quiet --batch --yes --decrypt --passphrase="${SECRET}" --output .env .env.enc + - name: Load .env + uses: aarcangeli/load-dotenv@v1.0.0 + with: + quiet: true + - name: Checkout Ocelot code + uses: actions/checkout@v3 + with: + repository: 'Ocelot-Social-Community/Ocelot-Social' + ref: ${{ env.GITHUB_OCELOT_REF }} + path: 'ocelot/' + fetch-depth: 0 + - name: Checkout Branded Repo code + uses: actions/checkout@v3 + with: + ref: 'master' + path: "ocelot/deployment/configurations/${{ env.CONFIGURATION }}" + fetch-depth: 0 + - name: Build branded images + run: | + deployment/scripts/branded-images.build.sh + docker save "ocelotsocialnetwork/backend-branded" > /tmp/backend-branded.tar + docker save "ocelotsocialnetwork/webapp-branded" > /tmp/webapp-branded.tar + docker save "ocelotsocialnetwork/maintenance-branded" > /tmp/maintenance-branded.tar + + - name: Upload Artifact (Backend) + uses: actions/upload-artifact@v2 + with: + name: docker-backend-branded + path: /tmp/backend-branded.tar + + - name: Upload Artifact (Webapp) + uses: actions/upload-artifact@v2 + with: + name: docker-webapp-branded + path: /tmp/webapp-branded.tar + + - name: Upload Artifact (Maintenance) + uses: actions/upload-artifact@v2 + with: + name: docker-maintenance-branded + path: /tmp/maintenance-branded.tar + + upload_to_dockerhub: + name: Upload to Dockerhub + runs-on: ubuntu-latest + needs: [build_branded] + env: + DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} + DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} + OCELOT_REF: ${{ github.event.client_payload.ref }} + steps: + - name: Checkout code + uses: actions/checkout@v3 + - name: Decrypt .env + run: gpg --quiet --batch --yes --decrypt --passphrase="${SECRET}" --output .env .env.enc + - name: Load .env + uses: aarcangeli/load-dotenv@v1.0.0 + with: + quiet: true + - name: Checkout Ocelot code + uses: actions/checkout@v3 + with: + repository: 'Ocelot-Social-Community/Ocelot-Social' + ref: ${{ env.GITHUB_OCELOT_REF }} + path: 'ocelot/' + fetch-depth: 0 + + - name: Download Docker Image (Backend) + uses: actions/download-artifact@v2 + with: + name: docker-backend-branded + path: /tmp + - name: Load Docker Image + run: docker load < /tmp/backend-branded.tar + + - name: Download Docker Image (Webapp) + uses: actions/download-artifact@v2 + with: + name: docker-webapp-branded + path: /tmp + - name: Load Docker Image + run: docker load < /tmp/webapp-branded.tar + + - name: Download Docker Image (Maintenance) + uses: actions/download-artifact@v2 + with: + name: docker-maintenance-branded + path: /tmp + - name: Load Docker Image + run: docker load < /tmp/maintenance-branded.tar + + - name: Upload to dockerhub + run: deployment/scripts/branded-images.upload.sh + +# TODO correct version + build_trigger: + name: Trigger successful brand build + runs-on: ubuntu-latest + needs: [github_tag] + steps: + - name: Checkout code + uses: actions/checkout@v3 + with: + fetch-depth: 0 # Fetch full History for changelog + - name: Repository Dispatch + uses: peter-evans/repository-dispatch@v2 + with: + token: ${{ github.token }} + event-type: trigger-ocelot-brand-build-success + repository: ${{ github.repository }} + client-payload: '{"ref": "${{ github.ref }}", "sha": "${{ github.sha }}", "VERSION": "${{ github.event.client_payload.VERSION }}", "BUILD_DATE": "${{ github.event.client_payload.BUILD_DATE }}", "BUILD_COMMIT": "${{ github.event.client_payload.BUILD_COMMIT }}", "BUILD_VERSION": "${{ github.event.client_payload.BUILD_VERSION }}"}' \ No newline at end of file From 2a3538fe1230f617893e0e54dce0b9aa521a8b5d Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 20 Mar 2023 11:48:21 +0100 Subject: [PATCH 28/89] tag version on github --- .github/workflows/publish.yml | 53 ++++++++++++++++++++++++++++++++++- 1 file changed, 52 insertions(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 256b8e7..3dd1427 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -67,7 +67,6 @@ jobs: env: DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} - OCELOT_REF: ${{ github.event.client_payload.ref }} steps: - name: Checkout code uses: actions/checkout@v3 @@ -112,6 +111,58 @@ jobs: - name: Upload to dockerhub run: deployment/scripts/branded-images.upload.sh + github_tag: + name: Tag latest version on Github + runs-on: ubuntu-latest + needs: [upload_to_dockerhub] + steps: + - name: Checkout code + uses: actions/checkout@v3 + - name: Decrypt .env + run: gpg --quiet --batch --yes --decrypt --passphrase="${SECRET}" --output .env .env.enc + - name: Load .env + uses: aarcangeli/load-dotenv@v1.0.0 + with: + quiet: true + - name: Checkout Ocelot code + uses: actions/checkout@v3 + with: + repository: 'Ocelot-Social-Community/Ocelot-Social' + ref: ${{ env.GITHUB_OCELOT_REF }} + path: 'ocelot/' + fetch-depth: 0 + - name: Setup env + run: | + echo "OCELOT_VERSION=$(node -p -e "require('./ocelot/package.json').version")" >> $GITHUB_ENV + echo "BRANDED_VERSION=${GITHUB_RUN_NUMBER}" >> $GITHUB_ENV + echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_ENV + echo "BUILD_COMMIT=${GITHUB_SHA}" >> $GITHUB_ENV + - run: echo "BUILD_VERSION=${BRANDED_VERSION}-ocelot.social${OCELOT_VERSION}" >> $GITHUB_ENV + - name: package-version-to-git-tag + build number + uses: pkgdeps/git-tag-action@v2 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + github_repo: ${{ github.repository }} + version: ${{ env.BUILD_VERSION }} + git_commit_sha: ${{ github.sha }} + git_tag_prefix: "b" + #- name: Generate changelog + # run: | + # yarn install + # yarn auto-changelog --latest-version ${{ env.VERSION }} --unreleased-only + - name: package-version-to-git-release + continue-on-error: true # Will fail if tag exists + id: create_release + uses: actions/create-release@v1 + env: + GITHUB_TOKEN: ${{ github.token }} #${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token + with: + tag_name: ${{ env.BUILD_VERSION }} + release_name: ${{ env.BUILD_VERSION }} + #body_path: ./CHANGELOG.md + draft: false + prerelease: false + # TODO correct version build_trigger: name: Trigger successful brand build From a31104f26fdcd121632d5822f6f6a67f6fba09ca Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 20 Mar 2023 11:50:04 +0100 Subject: [PATCH 29/89] fix publish workflow --- .github/workflows/publish.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 3dd1427..75c5cd9 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -37,7 +37,7 @@ jobs: fetch-depth: 0 - name: Build branded images run: | - deployment/scripts/branded-images.build.sh + ocelot/deployment/scripts/branded-images.build.sh docker save "ocelotsocialnetwork/backend-branded" > /tmp/backend-branded.tar docker save "ocelotsocialnetwork/webapp-branded" > /tmp/webapp-branded.tar docker save "ocelotsocialnetwork/maintenance-branded" > /tmp/maintenance-branded.tar @@ -109,7 +109,7 @@ jobs: run: docker load < /tmp/maintenance-branded.tar - name: Upload to dockerhub - run: deployment/scripts/branded-images.upload.sh + run: ocelot/deployment/scripts/branded-images.upload.sh github_tag: name: Tag latest version on Github From d077256f9fa90f3cbd29948af63f05b2698f3457 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 20 Mar 2023 12:16:52 +0100 Subject: [PATCH 30/89] properly reference SECRET, include secret in upload to dockerhub env --- .github/workflows/deploy.yml | 2 +- .github/workflows/publish.yml | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 013e7f1..8964735 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -17,7 +17,7 @@ jobs: - name: Checkout code uses: actions/checkout@v3 - name: Decrypt .env - run: gpg --quiet --batch --yes --decrypt --passphrase="${SECRET}" --output .env .env.enc + run: gpg --quiet --batch --yes --decrypt --passphrase="${{ env.SECRET }}" --output .env .env.enc - name: Load .env uses: aarcangeli/load-dotenv@v1.0.0 with: diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 75c5cd9..2117f34 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,4 +1,4 @@ -name: publish-branded +name: publish on: repository_dispatch: types: [trigger-ocelot-build-success] @@ -17,7 +17,7 @@ jobs: - name: Checkout code uses: actions/checkout@v3 - name: Decrypt .env - run: gpg --quiet --batch --yes --decrypt --passphrase="${SECRET}" --output .env .env.enc + run: gpg --quiet --batch --yes --decrypt --passphrase="${{ env.SECRET }}" --output .env .env.enc - name: Load .env uses: aarcangeli/load-dotenv@v1.0.0 with: @@ -65,13 +65,14 @@ jobs: runs-on: ubuntu-latest needs: [build_branded] env: + SECRET: ${{ secrets.SECRET }} DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} steps: - name: Checkout code uses: actions/checkout@v3 - name: Decrypt .env - run: gpg --quiet --batch --yes --decrypt --passphrase="${SECRET}" --output .env .env.enc + run: gpg --quiet --batch --yes --decrypt --passphrase="${{ env.SECRET }}" --output .env .env.enc - name: Load .env uses: aarcangeli/load-dotenv@v1.0.0 with: From 4da6c0fda2204cd405443330beeb31a61a627b09 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 20 Mar 2023 12:18:00 +0100 Subject: [PATCH 31/89] use github.token --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 2117f34..3223511 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -142,7 +142,7 @@ jobs: - name: package-version-to-git-tag + build number uses: pkgdeps/git-tag-action@v2 with: - github_token: ${{ secrets.GITHUB_TOKEN }} + github_token: ${{ github.token }} #${{ secrets.GITHUB_TOKEN }} github_repo: ${{ github.repository }} version: ${{ env.BUILD_VERSION }} git_commit_sha: ${{ github.sha }} From b88c0bc48f802d55c6a5c3e88142bf48099de59d Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 20 Mar 2023 12:52:16 +0100 Subject: [PATCH 32/89] tag release secret --- .github/workflows/publish.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 3223511..6fabe56 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -116,11 +116,13 @@ jobs: name: Tag latest version on Github runs-on: ubuntu-latest needs: [upload_to_dockerhub] + env: + SECRET: ${{ secrets.SECRET }} steps: - name: Checkout code uses: actions/checkout@v3 - name: Decrypt .env - run: gpg --quiet --batch --yes --decrypt --passphrase="${SECRET}" --output .env .env.enc + run: gpg --quiet --batch --yes --decrypt --passphrase="${{ env.SECRET }}" --output .env .env.enc - name: Load .env uses: aarcangeli/load-dotenv@v1.0.0 with: From 0167a6a7eead617cfe832fa7f0df731c3759c48a Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 20 Mar 2023 12:53:19 +0100 Subject: [PATCH 33/89] newly encrypted files --- .env.enc | 2 +- kubeconfig.yaml.enc | Bin 1521 -> 1519 bytes kubernetes/dns.values.yaml.enc | Bin 313 -> 311 bytes kubernetes/values.yaml.enc | Bin 1748 -> 1746 bytes 4 files changed, 1 insertion(+), 1 deletion(-) diff --git a/.env.enc b/.env.enc index 1ada4f7..941b0ad 100644 --- a/.env.enc +++ b/.env.enc @@ -1 +1 @@ -  P~Ԙz'}aa>ئBӖxQb'-C? i׶R|ݷipLK+M`aD׾[q5UuR߻8%GG=W5u+W=[E51 \ No newline at end of file +  1"iQwc]ꢵc4;}N@ev~ʭk7J=,ޓAzY-1tR"2ߕsNJ=(Nӓ(Y+"ߠcH@&X}ufk \ No newline at end of file diff --git a/kubeconfig.yaml.enc b/kubeconfig.yaml.enc index 67e928c4fedc94b478f51593b082a8b9b2e9ea04..cba9be00f849efccdb84dea0e7b53a1d7dc3e636 100644 GIT binary patch literal 1519 zcmVHuY#%eQ(8eCElHHrWXQV&CMQ>| z6(2G)9zE)7vJlcw3E%4fAt}nKO0bdT=uBY;CDf8gUphl!J`2ncuFm(W@CvMEz+Y~R z3cuEMtR~wNCXuI<{jG0Y$*wG1H=ckGZ&eSFTq`a&Gt>5HzkH=Jk&vf?rw?S$*BBH2 zlJ(fev1=3_}IK}MQK;@x1)ijBfV>`E!+B& zA1R_=-C zP&0N_nWP<1bFkI6TA4 z92)_KpdZN&y<=CtsJdA#g56)9C^qzKc1Oc29w5C>PkX|HVct3I+lc+^UThtxv2}$j zLPd!oJTqs{>fRo$ozMzR|B^Etnp#+*Jm*SoI#;_^4QdT7gQh7f?VYDBHO_<)U&2UD z!vU$8{QY?4!YT3+V6LyLEyl~-@u0!;JuTo`6gEuZ>oVvi>Wdr&@YVWcWUJ-Ob0152 z6@EfzNkBfZ0r?#$U_t!^=m&Tc%XHp6_LwYz2YBTE(q3EzG~`(J(s1iXk1p&RB(LfB zlQa1xpT4sV!5q>3%h<;YDGE{=2;N=!He`qW#7@Erxg_cEiI+(3Ht5mN5G$4Rt_U|@ zn^b8ao+o01xD@30YDw$I; zi&2im!V_%&_N~Wh-KMoq;&`4QQL?PNss+`$xJ#cdLu*g6m=E|g*F;ym;DH-rP6=4M z#}qVazAOq?r2!hyk6aKEqTD2qcj&)hVWKo51cfdGCEcPX;& z6PxX5Q5p-K)Jg^x4}1a|cw_G0`2k(iF@TV#;7BoO`?AM!YtFy95;Gs;ovK{DpT~nI z-!Fk^L_+|1v8jW^hDu)6%XD323dK7-?LKMZW<5H)txkh2Tqt_<7f|wuXfA8xLVxw& V?~-4;GfI8C>$vS6-Q!f1g(EtI?I8dF literal 1521 zcmV7V7uKwtaM)=a|0q!ff`@e=m^L(G`C#N-K zF!uPTFEl}ORz_ZI84VODEMHB|m;RL-yS>t`tthBtI0kp8I&ugYn^!{|!B>>cN-^(@ z#1)fR5sZJ?ebVar7g&mCM55Rzd8v)GSGqbKj1-Kg!BA{bTN$4i$JeVY=P&^sybldX z_$M**9rb>mrmR^^Bqwrh8xTCsQ_sDET7DRnBIb(8xTU;{nPT@Oq%#*?gV&)}!LkbP zW^e2w-oF#TwjG~Ch|Tz2{OO9OaZ@q+&Pp3*0RY5`q5yzR7NTY%zK5~&3wmohP;~CZ zjw2EFWO-xx0`s@%0N+2J9oRcwZN6>j4nRJ$reA7DB8ZBa@_hxKqmZq3W~ni9tM~`c zYEgGx;YE?|g_$+MgkAwV05y&y`6Yn;6BwF3KBhoU*~F3XZ&vmxGGH6Vi!CI41F~!OeWKT?9lH3uk@%2jMfOPr*aR2&N$%Rsr6}4U$?Bjo)KaXRTH`o%JAl%j zB|vQB2`Q6z*qyxJy{`Vl#>VpeFGV7*WW%kB7=~BIi&pX+i6@uiL~2(dIUehaGAwp7n*I4k zvZQi@KWr>-Scd61*+*(y9}<8_-d8=gHj80TVAM9oW~BRrn>cAqCdIVa>6{mjl?nVp zq;|kkaovkS!5*apQ88J+5uZg$p<@$oEA%V0(CFEk3D*|lWuo0mRcdtW`$j7xAN$n@l~Umv8+>l~wHSx!4P8c>!x>~TPOVXPu@1o|W)LK0Fn3A=Ezi30SS=4D zxhb{E)PFJIa{E8&7d4irrDEAh@z@{pB3yPEZ3mBfpk?NX_AtMO*~YzB^F2FV%blnm zC;+~$J-zJ;6f+d8(uD{wdUZsGLyfzv{frono;!{p$F0`~jxb`bqpY&4H1&@wr`~KN9IS9N9M?*ybQDfrNcZ7K(nf8f?o%V2m)UsEQKJU zi-DccU*Qz?I6EryrzAGMdouzaUDU=ADq0J!kMcbJtARcC)zv0)+GU>B*hd$ z3W-P8l;dj1yZW{?a zvo{Bh*s1pBezk}2=yR!68_1kvU|K^Cv=0dBL zKQcaZ*O<7bvl#G~j;%okml1t3DM~D0$GU{n+7ak5c(VkH3@oEZYpk$im;!0UryT<= z-_YVVSGBI0;b&56LME`0@5#3a9~)znps9vIi{^ZqPy+|milegI=ZE4B8x^gr36dKs z{gM^ovD~HIlqk*&q+M%B^$z2;#p{pabc8k!^x#D)o7i^(wNf<~59PBkZj6h?$&&t3 zb0rX?eB|0@dWiUx LUWY{1q=CRY^y8ho diff --git a/kubernetes/values.yaml.enc b/kubernetes/values.yaml.enc index 2d391a664bc933829528dd9d359753e1772d356f..289799b28c87634811fcaa94a3d5f7f707bf8562 100644 GIT binary patch literal 1746 zcmV;@1}*uF4Fm}T0(}FCjJK*(m-o`@0TSZZLO-2!L09bQ6Orc^4n7l|psC?mnz<{r zM`Xqwr7jdz$(We5lnOh1>PkU3@Rh#=Rqx+x=F(Cy_DtsV+1g%+Pl! zwI>4JzlwEa>dLvP9W|v}j##79){tp8mveZ4P#Y(_h8

JW8P`%*du$)Ky1ib-%8=~Ao_Rcqt@r|wHtD0+W(sTI%@ZQ z@0Ko-_iVB3kLtuePT^2?%jcDp7s@t-qPKVX3^WQ)eXH*i0>-qQ-RzI1KUaV|1CS`g zfUFEdysoSIV+D^8+5rE5p~4*&6JbPuEt3Ozhy-h&45s?mG(uB~Xu#!~;5h0_st{;n zv94uzPi(LM)IsF6KCPvp^HDm{NU%SZs&cGVMvq4mJsN*COj>tvz-t z#q!b&0Mt?~&y02P zLXhOe#4;SLymz33!XQ*eiayl$rj)~qgjW;Hka=J6*64}SxU&#O*;RQerX7M^xXscZ zL{&QlWM`(jmxV!3U&LmmCjRbRZ7G`qNZfFnuk=Ep>-=fYR=d{$1rmI%?IZ^I8TDEm z?d=B$B*_t(!Bi{g;cG@etI=(-czAvf|9EzM_=;BQBO9@8;KN(Q`3X!C zd%Fh2v#V?^iVrZ(+0Hb$ugO75k87$ZnUOeKag{VOij~`KHa*qo_f*B;xZ7I*3Aq5q zBoxf1AjT=T0(*~uF_7xQcvbp04m7kI?DP1(O<8N+0W5Xu?Vra;=tJFG)cRp>!h7{i zv#(qkB7h#uwz_Q1#4c(*fdJ zLS6YU<#@yBx4H>@yOQ(HPDnRI8To98tb$B&pPPH6!SY)0W<~E;&G9j-A%G6 zD=!u6l&Cs<=|YqxVmD84T<0}SKNW%2ZeQ^g-v1!!Ful_xS{ZBpoJNMn^Ev2jh^DZOwE@9~(+<{X z@ZG6R;>T^XuBMKveqq|e`wQNs@HiO@LlXm4th8Ev$lVII#R^gP=K_?OsXWaqs>h2u z-G$8xGG<3*ugXKLO{^E!p-z%Ud2(iOyZtL|3nd2%Cztg{WhKOE+;~ZB%CQLYg5c^= z<6u=U0@5b;`rF({jxh!B&`@bqYt3U?pqmLa>>csYRa;26h9q_{xBe(e1jAIs2JUfa z6})HLtMiNyZO99Zkk_v0a&^V$`44+7Y9LzWI;T@M+O@N-FqF0k7TNGa5gRWJ1M=qS zzS>kic?+bRTJ)OV&OT25hQua3>AGU%@G_V`!8|4jDR2z1rMbTb-#+(gYie%FA)316~&lT|~p#WatYd9FLs?SJc=RhhYK4dOPTsuFqjW{r4_y%X<-Ch{xj zzP}v~mAu7Z?nhPG1hR;_E-pSbv$+cLfe3@NnmMVH#WW<4M%`z@WPM}Aoi%=Py`{hY z%Gq=(HeGe2Wl-aI9Is!f0**TZ`Tna)A$!|VTfGcBuUfJhCDotp~`#<7O o>x=Kos174ll*Zr`B0IwD3Tt?B&?9}bRE}3TZ4Zp?>V`2=G34ZFkN^Mx literal 1748 zcmV;_1}piD4Fm}T0wE1g%7b{o+xXJz0rB(N%pgrGtIw3Ng?6i|c?nabmpq z=er5H*$@HVt~`NpRnYGIPbE)+m-)09e(!*vQfli6LgsR0DN;f4%$HmL4!Hr8lw$_i zESGaNHgZkE@V?jPj z?wGT-N{xRzl|Smemsj1EJs{RAHD3h!;NxhyWu&Wg9ZjXvW%3;tF>o%5X-QZ9g zrL*Wo^bt`;=|$_b-*uLI1f%Ky;Hd?wS}2im&26i&?d87^AxY))n7g@tAfdiP|zh&I;HqjRt%2-oiBVw61aCG?G|HW@3D{@7c=kx2JV)&oAprL1> z6yVS_Q+?v!I3dPn_K@JyD3ZyAZJ$15OTg@)cNU8K=?gaBggkkmH-eq6Hev?N^BehZ~qFaHU_z+~C&!$n8YJ3DY=X~AUZ z9&f#RtxE{0@H5oGZ6`0M0Ee`0#J~Cgqk~!xk5^J0n?)T|opSr)+U(KeZl%U$<&9C~ z86`F(TO1AG>3?_l{pGQbM!d<8Cj3KZ<{I6ilH7EfjupY-8^qOH!Cr@L|4GAhvCV~n zWJ_3;VnrN=JzhyDhyua(GZpa*Vm%W>Od~-8>9sL)52v6I!s*!k#@b|uL(h3&An{-%EZ?>I9GWfipVM&P=YYg{X-kAGy9>g*T zI{`_p6$*GwY)p#cJV_??uAMdGK$(@ay=cj8iqvVC(g*NnvhHD*6nnd4%|kS&s8=ZP zx-@6t4x>932bc~Bk1zf|oo029UQ}RB|HT8kL$?t7?^kDJ&TUwgoMab)@h?bDwdR#{ z%_0tyg3z5IV-qU)poO*b(J`ZN*li^6xJx%Y61S31 z@#hJkgxiaa=cpjLQ@xQOb6IL)SW~>&$Cd0YVr$5kCWQ_rcGLRw^H7wwxO^IGBY22K zl;^#kUFvNW*kynC_%jqZ^bcT|Pa6Eo%5Ja#)@%&X!`e=9lVvR~sg}wSmNDNso?> zQosQ6HB#yu!EuBE7$(W6zj;Zp2+4)<%Lb=yc`ywcjglIk-k#qN#T?OtI*#;>Zz>Yd zEVr@`xlOvS!Os_N!)BIOI2la3!lygNMfF{iH_+o+?TyQ{D`tq?-tBp9_Y=9;BB%Jo zNkS4Y)p0O681)x+h@e_)+`jkk35j$li!+r%AAdArAK`Q5t0Fiy7Oj@cf^N`59?$DY qb+@hCby;)P@-s?~oaq>t$lx4@+izse=yvizmq|-vk@9qTz2aDK=4PP) From dcf018554e6102943488a5ca81f48bb97a62f1c0 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 20 Mar 2023 20:52:30 +0100 Subject: [PATCH 34/89] wait for 4minutes till seeding the database --- .github/workflows/deploy.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 8964735..8fb7fb9 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -37,5 +37,7 @@ jobs: run: ocelot/deployment/scripts/secrets.decrypt.sh - name: Upgrade Cluster run: ocelot/deployment/scripts/cluster.upgrade.sh + - name: Sleep for 4 minutes + run: sleep 240s - name: Reset and seed Neo4j database run: ocelot/deployment/scripts/cluster.reseed.sh \ No newline at end of file From 4b8f3472143efe66c2071ebb4e3f7ac237935186 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 20 Mar 2023 21:38:41 +0100 Subject: [PATCH 35/89] use specific github refs & dockerhub tags --- .github/workflows/deploy.yml | 7 +++++++ .github/workflows/publish.yml | 29 +++++++++++++++++++++++++++-- 2 files changed, 34 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 8fb7fb9..ecb0061 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -13,6 +13,7 @@ jobs: env: SECRET: ${{ secrets.SECRET }} CONFIGURATION: "this" + DOCKERHUB_OCELOT_TAG_JUST_BUILT: ${{ github.event.client_payload.BUILD_VERSION }} steps: - name: Checkout code uses: actions/checkout@v3 @@ -22,6 +23,12 @@ jobs: uses: aarcangeli/load-dotenv@v1.0.0 with: quiet: true + - name: Set DOCKERHUB_OCELOT_TAG + run: | + if [ -z ${DOCKERHUB_OCELOT_TAG} ]; then + echo "DOCKERHUB_OCELOT_TAG=${DOCKERHUB_OCELOT_TAG_JUST_BUILT}" >> $GITHUB_ENV + fi + shell: bash - name: Checkout Ocelot code uses: actions/checkout@v3 with: diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 6fabe56..81c6cca 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -13,6 +13,7 @@ jobs: env: SECRET: ${{ secrets.SECRET }} CONFIGURATION: "this" + GITHUB_OCELOT_REF_JUST_BUILT: ${{ github.event.client_payload.ref }} steps: - name: Checkout code uses: actions/checkout@v3 @@ -22,6 +23,12 @@ jobs: uses: aarcangeli/load-dotenv@v1.0.0 with: quiet: true + - name: Set GITHUB_OCELOT_REF + run: | + if [ -z ${GITHUB_OCELOT_REF} ]; then + echo "GITHUB_OCELOT_REF=${GITHUB_OCELOT_REF_JUST_BUILT}" >> $GITHUB_ENV + fi + shell: bash - name: Checkout Ocelot code uses: actions/checkout@v3 with: @@ -174,12 +181,30 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v3 + - name: Decrypt .env + run: gpg --quiet --batch --yes --decrypt --passphrase="${{ env.SECRET }}" --output .env .env.enc + - name: Load .env + uses: aarcangeli/load-dotenv@v1.0.0 with: - fetch-depth: 0 # Fetch full History for changelog + quiet: true + - name: Checkout Ocelot code + uses: actions/checkout@v3 + with: + repository: 'Ocelot-Social-Community/Ocelot-Social' + ref: ${{ env.GITHUB_OCELOT_REF }} + path: 'ocelot/' + fetch-depth: 0 + - name: Setup env + run: | + echo "OCELOT_VERSION=$(node -p -e "require('./ocelot/package.json').version")" >> $GITHUB_ENV + echo "BRANDED_VERSION=${GITHUB_RUN_NUMBER}" >> $GITHUB_ENV + echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_ENV + echo "BUILD_COMMIT=${GITHUB_SHA}" >> $GITHUB_ENV + - run: echo "BUILD_VERSION=${BRANDED_VERSION}-ocelot.social${OCELOT_VERSION}" >> $GITHUB_ENV - name: Repository Dispatch uses: peter-evans/repository-dispatch@v2 with: token: ${{ github.token }} event-type: trigger-ocelot-brand-build-success repository: ${{ github.repository }} - client-payload: '{"ref": "${{ github.ref }}", "sha": "${{ github.sha }}", "VERSION": "${{ github.event.client_payload.VERSION }}", "BUILD_DATE": "${{ github.event.client_payload.BUILD_DATE }}", "BUILD_COMMIT": "${{ github.event.client_payload.BUILD_COMMIT }}", "BUILD_VERSION": "${{ github.event.client_payload.BUILD_VERSION }}"}' \ No newline at end of file + client-payload: '{"ref": "${{ github.ref }}", "sha": "${{ github.sha }}", "OCELOT_VERSION": "${{ env.OCELOT_VERSION }}", "BRANDED_VERSION": "${{ env.BRANDED_VERSION }}", "BUILD_DATE": "${{ env.BUILD_DATE }}", "BUILD_COMMIT": "${{ env.BUILD_COMMIT }}", "BUILD_VERSION": "${{ env.BUILD_VERSION }}"}' \ No newline at end of file From 2968f894eaa0ac96a368bc82ac86e992fcf163f4 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 20 Mar 2023 21:38:52 +0100 Subject: [PATCH 36/89] newly encrypted values --- .env.enc | Bin 136 -> 520 bytes kubeconfig.yaml.enc | Bin 1519 -> 1519 bytes kubernetes/dns.values.yaml.enc | Bin 311 -> 313 bytes kubernetes/values.yaml.enc | Bin 1746 -> 1757 bytes 4 files changed, 0 insertions(+), 0 deletions(-) diff --git a/.env.enc b/.env.enc index 941b0ade190898bd8d41e7c90fa40bbafa1074fa..a0bca37ddbd0b8c9ecf15ace87153471a1ab4fc0 100644 GIT binary patch literal 520 zcmV+j0{8ul4Fm}T0%WKE?BWSsLHE+ZHUWO-)8Y|iQm^9N$?P^bc`f)^@Z1Dix)#YI zezz{ml&T&qa{^c->1bnCvn+Q>Zaz4WK%0sEiv|ycfKq| zl?6-G3BSaf;)AzIqN;{rO!*>8ZRGDx_Vwq4Yh>cPIv&rb#xx)VX_z;D^Yfm=$e(U`>^<97JqO})e&NMswr`!CseNLP}ie;V3 zc7DpOACPO9Hx#lQz)IgeETrC(L5q6cA6WsWEirVL4^kpBx!;wgr4`O|;@Ib^$BNiJ qDDj$3)05&T(C=B>D~=-Hpo(Mdpz7?E^T$YsKqgpyb=zj2=4%x3>qZ{{ diff --git a/kubeconfig.yaml.enc b/kubeconfig.yaml.enc index cba9be00f849efccdb84dea0e7b53a1d7dc3e636..c1f9eb3326dc2bbd2cb5fe6d9c1c7bb78ff41b04 100644 GIT binary patch literal 1519 zcmV5jME*8_VaiVS{*XcBaG#M+YGR;zXbmkc1L2$R;l-zfZs2ijqr1wY zF{|2RCSPKC845-i^)dtWfGz4fL_;Wdec_mL)PRmIkJP?%N@@z~`7p%u=X;Y7nomv` z#SkZ8vnnaCE`xXrU5^{OvK3AZ)Z`0#_kU0m`cq&1LV6z7+cO*?u`xCbaH}_Orf3xX zv|GvC*}~@T$yk9<1f2Qudeo2AD$5{VO_*~1huaAzIh4ttvMu>-0Cs%&UU!VGi+Hl& zAvtD3|7p(bz8hT(m#k)+D?b#Qvrh;}Fpn&q_dp6P^Mv!7ahV4@(sBxwKN;C)B-)hw z{nMjLD@W1lnyVsTFVn#Ha@Z$ugNI^wDg5*gQ^x+HZKHdj8$*VxpP8G@4nzYj;+O)+ zNW5xjOl&KJI9EX?CT<4ErIefHA;|8jTmE?{H{oRL=Z|q{QYXA)JRR|vCAl(ui8lP%l6vcr0Rk)kI=W3flsYxl~Eh*Yoa$X4nT z8TLAdkgDZKl}qTo;O@1;AxCk%oT!Xbz|&VPvkq7(dQTFM&w*nLj*HlZ@fh!_Fg!`_ zf~XL9+f>SmD*@#oM9p&^<%X#iHA7Qk9^9c*WwZ18iwFU&ChH)*3o4PPcD^OHit z1MbZis+-*w+!-@0tQf^cJ-Vpm&g)zxaB9hA3JERxQ|HT4V;L)FbsT2Z|Y|2ZZ< z?ohe4oJ&ULRdgTndHqUi5yuU#dWlyee&kwC&NKbHS5uKifXC}b~scJ0-z`{!3( zdNWz0WC3o@5;*=7an1P)_6BEpOXBmI0=Nr#>Yxqj=v-$NUM&R$b^&v1JOyGaGMsBi|%nb}rOi73^~cF5Q8uijfsg zmvY}%B*8sN3&~`Vk25l#)UU|*As;pF4kA&OY3+}*tZw^yxRNY%WFg7TO@nW$DYj8G zesXScUeAkTXDn^9|788XdBKoqe<1aNw=x*BJPe|pp&LLF?fU7#an{;<)Qf^47rQ~_ zN8Nb=vVJCE!5p_uQD1*?g&9pQe$>NJ6&Gq3t7$P}_5H^GG>v9?Zs@&DauNMsBDt@g z8Res)orTek~H2u?MDp1!^p4z%p~gp7rsqu+U>urAM)O*_>p8uFxRzdP)h4kxD~KG^yG(6>?MNu@1bbK+74z@o z!;dW2>iU#|LiZ`8_(>+b{EPw**MF;4tV&IoLzX+sOF92{OrrRxz(o4iyscNkfyz~} z`B6@V{d@ue0EV~EJBlu_VXKy)Z}FH>CGI83fRIWESs#W2AC%MHpagubl;0fcQx-Vy zBqDKUJ5!8zNR=jvM{Oq>7yyBWriy%-e$NB+xW!0d!d49k1$|!?b7H&sRy&QketRe* V)DQ*(55zJs3?OVcoY;E@j|H0F-7^3H literal 1519 zcmVHuY#%eQ(8eCElHHrWXQV&CMQ>| z6(2G)9zE)7vJlcw3E%4fAt}nKO0bdT=uBY;CDf8gUphl!J`2ncuFm(W@CvMEz+Y~R z3cuEMtR~wNCXuI<{jG0Y$*wG1H=ckGZ&eSFTq`a&Gt>5HzkH=Jk&vf?rw?S$*BBH2 zlJ(fev1=3_}IK}MQK;@x1)ijBfV>`E!+B& zA1R_=-C zP&0N_nWP<1bFkI6TA4 z92)_KpdZN&y<=CtsJdA#g56)9C^qzKc1Oc29w5C>PkX|HVct3I+lc+^UThtxv2}$j zLPd!oJTqs{>fRo$ozMzR|B^Etnp#+*Jm*SoI#;_^4QdT7gQh7f?VYDBHO_<)U&2UD z!vU$8{QY?4!YT3+V6LyLEyl~-@u0!;JuTo`6gEuZ>oVvi>Wdr&@YVWcWUJ-Ob0152 z6@EfzNkBfZ0r?#$U_t!^=m&Tc%XHp6_LwYz2YBTE(q3EzG~`(J(s1iXk1p&RB(LfB zlQa1xpT4sV!5q>3%h<;YDGE{=2;N=!He`qW#7@Erxg_cEiI+(3Ht5mN5G$4Rt_U|@ zn^b8ao+o01xD@30YDw$I; zi&2im!V_%&_N~Wh-KMoq;&`4QQL?PNss+`$xJ#cdLu*g6m=E|g*F;ym;DH-rP6=4M z#}qVazAOq?r2!hyk6aKEqTD2qcj&)hVWKo51cfdGCEcPX;& z6PxX5Q5p-K)Jg^x4}1a|cw_G0`2k(iF@TV#;7BoO`?AM!YtFy95;Gs;ovK{DpT~nI z-!Fk^L_+|1v8jW^hDu)6%XD323dK7-?LKMZW<5H)txkh2Tqt_<7f|wuXfA8xLVxw& V?~-4;GfI8C>$vS6-Q!f1g(EtI?I8dF diff --git a/kubernetes/dns.values.yaml.enc b/kubernetes/dns.values.yaml.enc index 608b6b5ecd821e3ddba76f121c4600ad99d9f65d..9c1231fb629a96278bdc9d6cdb736c4793e4f331 100644 GIT binary patch literal 313 zcmV-90mlA}4Fm}T0y@YA{={yqjQ7&OX944{(g|zWj_ziLb4CvL)(lu=)A5wqcP?KR zRQt@Cn5)v_aTWzOkC2Bm-Mq_s`S%|ya#w=rvw^_|+Na2>G{pIeLE}{xYcC5BZhta(rFi LAJUV~B4|zTD@CE+ literal 311 zcmV-70m%N04Fm}T0($nxNXw6;sQ1#qWdXCQ_fT5izW*!&w~Z$}mObHcc;WI>B*hd$ z3W-P8l;dj1yZW{?a zvo{Bh*s1pBezk}2=yR!68_1kv44Fm}T0v9;7kU)ZR&iB&l0S$Lus%MNZ5r_3yLIkWp0l)^C?WB;WY2R0z zV>mYcKE^Bw0DExUK1KQ@LhEjDG>ECJX#9{niEtmcAtE#Zq!0+ zL&4QaK5U~rHK1hRg-kN{;3XzswkD^Os#>drX+epq*by>{32P*b%}LrOHqA&ITlybvk-6aE>oCLyoY>WPxJNSk^?f@m{wJWvCp_WaJ zWe8LWr;{0Y3HCRICOGw(%1y!)9{eaj@o$lKTJC*AH`r^>J};sTSRb;V7GZg-aAPXk z&M|GCF+*i3DI`|oJP}>E=|%5@&90-kI(@=pfDNaL?7<<34j?r5hRgh{b_*mrZ0JF0 z=OCy5_?NT=X)HFfzYY}cpj*pd8AjQ$xjq!>_>Qf2GaPlowyujDuMjaXfEWP3(f$CT z5(8!UJVcn>zzt$*&^V2Ne#anAT&-InFoQnWTjAd2^D=Ht^jD-9tLC@9flh0{n5n*1Jw+ckoL*1*gx34rqEDCZh`&E_Ik@M<*fL8A;?oMhQ4OU zW#!3{3$)B)t6&&XMzv$NKOM80mNrC}knDXdE?x<8&J+YK zVBTo(G1un6z&k!LQQ)+@2+mI~Z;)(i9>jV}qlsN!hp#Sqj9``@Y`vRJGmZ>&|xk!Ak{81yEumb-~ z20MmMDlc4(5+k6e3Ls)xlBq*+b(g2-_gTaqh<_yf1W%Pvy!GC!n-0AQa*1z^B|}?z zGBl`>tpjX`bAQuC8dPojTS&@%tb1yWIQ}-QZ7v~W3iiljNJ84XC5YFfL>sdd)_RtA zVOG71;x*sj=27t23@CyRkl?;izI%I}V*)Y5_Lylp<0T~J&;*U*;35Wb4LyboAev)F~{V<=_ zmGSZ@asN!tp>r1#&*aFza88%C%!y@jv!3@2I{h+Us8oA#8v43;910UHO73%$%A}B- zYA*+eDso3I`Ok#hKa&MQ2h%}4$j9NK{8zVOev42hnKf^)UI`~UES#nkoKoDRQ@Sgr z;eD^!ySpBiXd$ZXZ&yDoTiW8Mathu%v8Rvf6qT#??}lUsSuMP0;Cq*Rg;9G@>V^oj zc)hWd_*S1{zwwI{S%K-%^!I4#lB?#Z6&oE;G7S*@Wah*14yeBu@(DO+U_hc!BVkPO zRKV8vpbOc4moQ0GR((hNPu+D=(VKr5w;SuDn#YnQJCU2LR%VkIU%rV~LxqAcBg={s zA!D~VPC(}oDT4+aO53B~kMTAR-JNX$-8TE%MKKLMf(D%->}>Yk~VKnN% zd<3?@ma~H;X|Jh6yitshX}K7x)12%m#x2>o#$J#SX_l!GncF zStdem5q5?Ijmbi(dAyc0g#$X-!8O!#@nTxhltsc-cV zzr^ick$+TpXpB=s-Q#z3v~6Kh$-lpJa(h^Y8EkEYex&T*#=#l!&7W&_N}9Ydbw5DH&m7}2I=n*2T$A2>utdY-MivYE{Wz%?=LV4&v^sF9_B?&&%)2-M=Y+>fN{ z34M~uW3U#yEc}rNaKc;%x<$V;(9Fjai!!ngxKV08*We5lnOh1>PkU3@Rh#=Rqx+x=F(Cy_DtsV+1g%+Pl! zwI>4JzlwEa>dLvP9W|v}j##79){tp8mveZ4P#Y(_h8

JW8P`%*du$)Ky1ib-%8=~Ao_Rcqt@r|wHtD0+W(sTI%@ZQ z@0Ko-_iVB3kLtuePT^2?%jcDp7s@t-qPKVX3^WQ)eXH*i0>-qQ-RzI1KUaV|1CS`g zfUFEdysoSIV+D^8+5rE5p~4*&6JbPuEt3Ozhy-h&45s?mG(uB~Xu#!~;5h0_st{;n zv94uzPi(LM)IsF6KCPvp^HDm{NU%SZs&cGVMvq4mJsN*COj>tvz-t z#q!b&0Mt?~&y02P zLXhOe#4;SLymz33!XQ*eiayl$rj)~qgjW;Hka=J6*64}SxU&#O*;RQerX7M^xXscZ zL{&QlWM`(jmxV!3U&LmmCjRbRZ7G`qNZfFnuk=Ep>-=fYR=d{$1rmI%?IZ^I8TDEm z?d=B$B*_t(!Bi{g;cG@etI=(-czAvf|9EzM_=;BQBO9@8;KN(Q`3X!C zd%Fh2v#V?^iVrZ(+0Hb$ugO75k87$ZnUOeKag{VOij~`KHa*qo_f*B;xZ7I*3Aq5q zBoxf1AjT=T0(*~uF_7xQcvbp04m7kI?DP1(O<8N+0W5Xu?Vra;=tJFG)cRp>!h7{i zv#(qkB7h#uwz_Q1#4c(*fdJ zLS6YU<#@yBx4H>@yOQ(HPDnRI8To98tb$B&pPPH6!SY)0W<~E;&G9j-A%G6 zD=!u6l&Cs<=|YqxVmD84T<0}SKNW%2ZeQ^g-v1!!Ful_xS{ZBpoJNMn^Ev2jh^DZOwE@9~(+<{X z@ZG6R;>T^XuBMKveqq|e`wQNs@HiO@LlXm4th8Ev$lVII#R^gP=K_?OsXWaqs>h2u z-G$8xGG<3*ugXKLO{^E!p-z%Ud2(iOyZtL|3nd2%Cztg{WhKOE+;~ZB%CQLYg5c^= z<6u=U0@5b;`rF({jxh!B&`@bqYt3U?pqmLa>>csYRa;26h9q_{xBe(e1jAIs2JUfa z6})HLtMiNyZO99Zkk_v0a&^V$`44+7Y9LzWI;T@M+O@N-FqF0k7TNGa5gRWJ1M=qS zzS>kic?+bRTJ)OV&OT25hQua3>AGU%@G_V`!8|4jDR2z1rMbTb-#+(gYie%FA)316~&lT|~p#WatYd9FLs?SJc=RhhYK4dOPTsuFqjW{r4_y%X<-Ch{xj zzP}v~mAu7Z?nhPG1hR;_E-pSbv$+cLfe3@NnmMVH#WW<4M%`z@WPM}Aoi%=Py`{hY z%Gq=(HeGe2Wl-aI9Is!f0**TZ`Tna)A$!|VTfGcBuUfJhCDotp~`#<7O o>x=Kos174ll*Zr`B0IwD3Tt?B&?9}bRE}3TZ4Zp?>V`2=G34ZFkN^Mx From 4469edf32b567c33078e6849170198f83a370241 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 20 Mar 2023 21:39:02 +0100 Subject: [PATCH 37/89] provide an .env.dist example --- .env.dist | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 .env.dist diff --git a/.env.dist b/.env.dist new file mode 100644 index 0000000..78fad9e --- /dev/null +++ b/.env.dist @@ -0,0 +1,16 @@ +# GITHUB_OCELOT_REF affects the publish workflow +# GITHUB_OCELOT_REF is a ref (branch, tag, hash) of the ocelot repository +# if this value is not set the github ref just built in the triggering workflow is used. +# if this workflow is triggered by push to master instead of a build-trigger, +# the `master` branch of the ocelot repo is used. +# if you set it to `GITHUB_OCELOT_REF=master` unnessecary builds can occur. +# It is recommended to not set it rather then to set it to `master` +#GITHUB_OCELOT_REF=b2.4.0-351 + +# DOCKERHUB_OCELOT_TAG applies to the deploy workflow +# DOCKERHUB_OCELOT_TAG is a dockerhub tag for the configured (values.yaml) docker images +# if this value is not set the version just built in the triggering workflow is used. +# using `DOCKERHUB_OCELOT_TAG=latest` is the default behaviour of the Kubernetes Chart, +# but its inaccurate if two workflows are running at the same time. +# It is recommended to not set it rather then to set it to `latest` +#DOCKERHUB_OCELOT_TAG=2.4.0-351 \ No newline at end of file From 57519c20116000926beba9c8820683520d0e455f Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 20 Mar 2023 22:21:26 +0100 Subject: [PATCH 38/89] missing secret --- .github/workflows/publish.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 81c6cca..0398e4e 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -178,6 +178,8 @@ jobs: name: Trigger successful brand build runs-on: ubuntu-latest needs: [github_tag] + env: + SECRET: ${{ secrets.SECRET }} steps: - name: Checkout code uses: actions/checkout@v3 From e7ab20db5efec788811605e9104d65f268a78669 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 20 Mar 2023 22:59:56 +0100 Subject: [PATCH 39/89] properly propagate ocelot refs throughat code checkout & workflows --- .github/workflows/deploy.yml | 13 ++++++++++--- .github/workflows/publish.yml | 23 ++++++++++++++++++++++- 2 files changed, 32 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index ecb0061..f093f5a 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -13,6 +13,7 @@ jobs: env: SECRET: ${{ secrets.SECRET }} CONFIGURATION: "this" + GITHUB_OCELOT_REF_JUST_BUILT: ${{ github.event.client_payload.ocelot_ref }} DOCKERHUB_OCELOT_TAG_JUST_BUILT: ${{ github.event.client_payload.BUILD_VERSION }} steps: - name: Checkout code @@ -23,10 +24,10 @@ jobs: uses: aarcangeli/load-dotenv@v1.0.0 with: quiet: true - - name: Set DOCKERHUB_OCELOT_TAG + - name: Set GITHUB_OCELOT_REF run: | - if [ -z ${DOCKERHUB_OCELOT_TAG} ]; then - echo "DOCKERHUB_OCELOT_TAG=${DOCKERHUB_OCELOT_TAG_JUST_BUILT}" >> $GITHUB_ENV + if [ -z ${GITHUB_OCELOT_REF} ]; then + echo "GITHUB_OCELOT_REF=${GITHUB_OCELOT_REF_JUST_BUILT}" >> $GITHUB_ENV fi shell: bash - name: Checkout Ocelot code @@ -40,6 +41,12 @@ jobs: uses: actions/checkout@v3 with: path: "ocelot/deployment/configurations/${{ env.CONFIGURATION }}" + - name: Set DOCKERHUB_OCELOT_TAG + run: | + if [ -z ${DOCKERHUB_OCELOT_TAG} ]; then + echo "DOCKERHUB_OCELOT_TAG=${DOCKERHUB_OCELOT_TAG_JUST_BUILT}" >> $GITHUB_ENV + fi + shell: bash - name: Decrypt all secrets run: ocelot/deployment/scripts/secrets.decrypt.sh - name: Upgrade Cluster diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 0398e4e..5dc9886 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -75,6 +75,7 @@ jobs: SECRET: ${{ secrets.SECRET }} DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} + GITHUB_OCELOT_REF_JUST_BUILT: ${{ github.event.client_payload.ref }} steps: - name: Checkout code uses: actions/checkout@v3 @@ -84,6 +85,12 @@ jobs: uses: aarcangeli/load-dotenv@v1.0.0 with: quiet: true + - name: Set GITHUB_OCELOT_REF + run: | + if [ -z ${GITHUB_OCELOT_REF} ]; then + echo "GITHUB_OCELOT_REF=${GITHUB_OCELOT_REF_JUST_BUILT}" >> $GITHUB_ENV + fi + shell: bash - name: Checkout Ocelot code uses: actions/checkout@v3 with: @@ -125,6 +132,7 @@ jobs: needs: [upload_to_dockerhub] env: SECRET: ${{ secrets.SECRET }} + GITHUB_OCELOT_REF_JUST_BUILT: ${{ github.event.client_payload.ref }} steps: - name: Checkout code uses: actions/checkout@v3 @@ -134,6 +142,12 @@ jobs: uses: aarcangeli/load-dotenv@v1.0.0 with: quiet: true + - name: Set GITHUB_OCELOT_REF + run: | + if [ -z ${GITHUB_OCELOT_REF} ]; then + echo "GITHUB_OCELOT_REF=${GITHUB_OCELOT_REF_JUST_BUILT}" >> $GITHUB_ENV + fi + shell: bash - name: Checkout Ocelot code uses: actions/checkout@v3 with: @@ -180,6 +194,7 @@ jobs: needs: [github_tag] env: SECRET: ${{ secrets.SECRET }} + GITHUB_OCELOT_REF_JUST_BUILT: ${{ github.event.client_payload.ref }} steps: - name: Checkout code uses: actions/checkout@v3 @@ -189,6 +204,12 @@ jobs: uses: aarcangeli/load-dotenv@v1.0.0 with: quiet: true + - name: Set GITHUB_OCELOT_REF + run: | + if [ -z ${GITHUB_OCELOT_REF} ]; then + echo "GITHUB_OCELOT_REF=${GITHUB_OCELOT_REF_JUST_BUILT}" >> $GITHUB_ENV + fi + shell: bash - name: Checkout Ocelot code uses: actions/checkout@v3 with: @@ -209,4 +230,4 @@ jobs: token: ${{ github.token }} event-type: trigger-ocelot-brand-build-success repository: ${{ github.repository }} - client-payload: '{"ref": "${{ github.ref }}", "sha": "${{ github.sha }}", "OCELOT_VERSION": "${{ env.OCELOT_VERSION }}", "BRANDED_VERSION": "${{ env.BRANDED_VERSION }}", "BUILD_DATE": "${{ env.BUILD_DATE }}", "BUILD_COMMIT": "${{ env.BUILD_COMMIT }}", "BUILD_VERSION": "${{ env.BUILD_VERSION }}"}' \ No newline at end of file + client-payload: '{"ref": "${{ github.ref }}", "sha": "${{ github.sha }}", ref_ocelot: "${{ github.event.client_payload.ref }}", sha_ocelot: "${{ github.event.client_payload.sha }}", "OCELOT_VERSION": "${{ env.OCELOT_VERSION }}", "BRANDED_VERSION": "${{ env.BRANDED_VERSION }}", "BUILD_DATE": "${{ env.BUILD_DATE }}", "BUILD_COMMIT": "${{ env.BUILD_COMMIT }}", "BUILD_VERSION": "${{ env.BUILD_VERSION }}"}' \ No newline at end of file From 02bae448b6fc5edb7a1581b2da1da904d0c03817 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 20 Mar 2023 23:29:52 +0100 Subject: [PATCH 40/89] missing quotations on json payload --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 5dc9886..b8a0927 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -230,4 +230,4 @@ jobs: token: ${{ github.token }} event-type: trigger-ocelot-brand-build-success repository: ${{ github.repository }} - client-payload: '{"ref": "${{ github.ref }}", "sha": "${{ github.sha }}", ref_ocelot: "${{ github.event.client_payload.ref }}", sha_ocelot: "${{ github.event.client_payload.sha }}", "OCELOT_VERSION": "${{ env.OCELOT_VERSION }}", "BRANDED_VERSION": "${{ env.BRANDED_VERSION }}", "BUILD_DATE": "${{ env.BUILD_DATE }}", "BUILD_COMMIT": "${{ env.BUILD_COMMIT }}", "BUILD_VERSION": "${{ env.BUILD_VERSION }}"}' \ No newline at end of file + client-payload: '{"ref": "${{ github.ref }}", "sha": "${{ github.sha }}", "ref_ocelot": "${{ github.event.client_payload.ref }}", "sha_ocelot": "${{ github.event.client_payload.sha }}", "OCELOT_VERSION": "${{ env.OCELOT_VERSION }}", "BRANDED_VERSION": "${{ env.BRANDED_VERSION }}", "BUILD_DATE": "${{ env.BUILD_DATE }}", "BUILD_COMMIT": "${{ env.BUILD_COMMIT }}", "BUILD_VERSION": "${{ env.BUILD_VERSION }}"}' \ No newline at end of file From e80a9efd95956425b4669c9bf0e4b09fc89537ea Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 20 Mar 2023 23:39:48 +0100 Subject: [PATCH 41/89] new .env.dist, new secrets --- .env.dist | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.env.dist b/.env.dist index 78fad9e..bf0fe3d 100644 --- a/.env.dist +++ b/.env.dist @@ -13,4 +13,4 @@ # using `DOCKERHUB_OCELOT_TAG=latest` is the default behaviour of the Kubernetes Chart, # but its inaccurate if two workflows are running at the same time. # It is recommended to not set it rather then to set it to `latest` -#DOCKERHUB_OCELOT_TAG=2.4.0-351 \ No newline at end of file +#DOCKERHUB_OCELOT_TAG=12-ocelot.social2.4.0 \ No newline at end of file From 77abadc844a6981654421e9e94dbf7ef118e5ad9 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Tue, 21 Mar 2023 10:54:57 +0100 Subject: [PATCH 42/89] publish workflow include ocelot build run --- .github/workflows/publish.yml | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index b8a0927..deb3130 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -14,6 +14,7 @@ jobs: SECRET: ${{ secrets.SECRET }} CONFIGURATION: "this" GITHUB_OCELOT_REF_JUST_BUILT: ${{ github.event.client_payload.ref }} + OCELOT_GITHUB_RUN_NUMBER: ${{ github.event.client_payload.GITHUB_RUN_NUMBER }} steps: - name: Checkout code uses: actions/checkout@v3 @@ -76,6 +77,7 @@ jobs: DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} GITHUB_OCELOT_REF_JUST_BUILT: ${{ github.event.client_payload.ref }} + OCELOT_GITHUB_RUN_NUMBER: ${{ github.event.client_payload.GITHUB_RUN_NUMBER }} steps: - name: Checkout code uses: actions/checkout@v3 @@ -133,6 +135,7 @@ jobs: env: SECRET: ${{ secrets.SECRET }} GITHUB_OCELOT_REF_JUST_BUILT: ${{ github.event.client_payload.ref }} + OCELOT_GITHUB_RUN_NUMBER: ${{ github.event.client_payload.GITHUB_RUN_NUMBER }} steps: - name: Checkout code uses: actions/checkout@v3 @@ -154,14 +157,20 @@ jobs: repository: 'Ocelot-Social-Community/Ocelot-Social' ref: ${{ env.GITHUB_OCELOT_REF }} path: 'ocelot/' - fetch-depth: 0 + fetch-depth: 0 + - name: Set OCELOT_GITHUB_RUN_NUMBER + run: | + if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then + echo "OCELOT_GITHUB_RUN_NUMBER=master" >> $GITHUB_ENV + fi + shell: bash - name: Setup env run: | echo "OCELOT_VERSION=$(node -p -e "require('./ocelot/package.json').version")" >> $GITHUB_ENV echo "BRANDED_VERSION=${GITHUB_RUN_NUMBER}" >> $GITHUB_ENV echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_ENV echo "BUILD_COMMIT=${GITHUB_SHA}" >> $GITHUB_ENV - - run: echo "BUILD_VERSION=${BRANDED_VERSION}-ocelot.social${OCELOT_VERSION}" >> $GITHUB_ENV + - run: echo "BUILD_VERSION=${BRANDED_VERSION}-ocelot.social${OCELOT_VERSION}-${OCELOT_GITHUB_RUN_NUMBER}" >> $GITHUB_ENV - name: package-version-to-git-tag + build number uses: pkgdeps/git-tag-action@v2 with: @@ -216,14 +225,20 @@ jobs: repository: 'Ocelot-Social-Community/Ocelot-Social' ref: ${{ env.GITHUB_OCELOT_REF }} path: 'ocelot/' - fetch-depth: 0 + fetch-depth: 0 + - name: Set OCELOT_GITHUB_RUN_NUMBER + run: | + if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then + echo "OCELOT_GITHUB_RUN_NUMBER=master" >> $GITHUB_ENV + fi + shell: bash - name: Setup env run: | echo "OCELOT_VERSION=$(node -p -e "require('./ocelot/package.json').version")" >> $GITHUB_ENV echo "BRANDED_VERSION=${GITHUB_RUN_NUMBER}" >> $GITHUB_ENV echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_ENV echo "BUILD_COMMIT=${GITHUB_SHA}" >> $GITHUB_ENV - - run: echo "BUILD_VERSION=${BRANDED_VERSION}-ocelot.social${OCELOT_VERSION}" >> $GITHUB_ENV + - run: echo "BUILD_VERSION=${BRANDED_VERSION}-ocelot.social${OCELOT_VERSION}-${OCELOT_GITHUB_RUN_NUMBER}" >> $GITHUB_ENV - name: Repository Dispatch uses: peter-evans/repository-dispatch@v2 with: From 540bd503b9401c1608ccda77bdd23fe47ba008fb Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Tue, 21 Mar 2023 10:55:04 +0100 Subject: [PATCH 43/89] new secrets --- .env.enc | Bin 520 -> 529 bytes kubeconfig.yaml.enc | Bin 1519 -> 1520 bytes kubernetes/dns.values.yaml.enc | Bin 313 -> 313 bytes kubernetes/values.yaml.enc | Bin 1757 -> 1760 bytes 4 files changed, 0 insertions(+), 0 deletions(-) diff --git a/.env.enc b/.env.enc index a0bca37ddbd0b8c9ecf15ace87153471a1ab4fc0..1a619cfb87aacf4609254dd4c5d37b1a193fac02 100644 GIT binary patch literal 529 zcmV+s0`C2c4Fm}T0yXe#<4u1`KljqXKLM9oCsRzZ#~D)XeAH1JuUY-TArjYuUTHyF zGTFJ8tpYsRM{&&BX5J&Sq0vno0!Q-;^>H7#S-5Xp}(qo&7zAKmVOvl ztPTMZZiu@zj0O+>;D9V`hlURu4NhsKj8v1MBLa4vxC}w0ndnYj(B&?%(P~bV1*2Jg zpSYSL*lk$0THUJS;3y?6WjSMNB6hHPvv6#W7Yn!|&ez(kB2>iO0Rq0pK-iw5inZ7#;wH`R z0;@`pJU~9Q^$<>&M0i1xcC3XTZ5RngH8)=Rjk#wrdsogc6aG09><9j|?ZoAW(wcw> zOE%eQm_S1SxuV;em?5Tx%55CKq=0S6+Mo2o7E}vP(Q3Dw<11f_>`YEd3>g&NjOKa> zQGP6d-n0d<=ApKA-VyugJ)|V7{yb)5^+@{7(L3aTh literal 520 zcmV+j0{8ul4Fm}T0%WKE?BWSsLHE+ZHUWO-)8Y|iQm^9N$?P^bc`f)^@Z1Dix)#YI zezz{ml&T&qa{^c->1bnCvn+Q>Zaz4WK%0sEiv|ycfKq| zl?6-G3BSaf;)AzIqN;{rO!*>8ZRGDx_Vwq4Yh>cPIv&rb#xx)VX_z;D^Yfm=$e(UXR=zU$JMuM-Ot_?8oJ^HjO~YC)M%FPfYLaTO6-6| zDwlB$Cp$Lxf4eLym&DVYtYLL@>IgwXNz3kuMP|~K`oukaajVO3?GU2ZDvQ6W>tyO5 z#1*6#bmw#OUO~yH4McgaTH>&V8GgMFe5+A3%y0Z9gX;5Om)6u-sPzY@^+q;IR=SZO zyqmh=$Z0Hb6A(;_`gKT9D$PfPK^L!F@GDZA>1tD-`v)9l7N{xghao+Eh0s)5)hVZwcef7v;Itjy_Sk0 z((tv53+4Q=ZMoE;yf?^;r;~NE3tFm(PE!@c@}6ybrko@fVhgAEL7pr(4{-P@`z2{7 z!?(w4-*V(T>j3z|RL7ATCO{(Rt}V=Ph1W{~uWbF|09dsX2yJ8*XZY zP0n0;6srj}`zJlU*C{CU+BGD-2c%RrBToDBOeoLWlz~d;JaMLH1v!4`&lqANU41qN zbg=s^Mv24gX``VHx-09I&QGV;;2zw&y>75}^U$Nl78P5=5WyJE4y2;jx~uSNjt)hW zr_+@+J+$M1T*#L9_l@DHW7obIR@n5An2`$T{k*jK6xi(gy~F@|y8FQE&6ia)vt1&e zYUJgRBNP_3aMf=oEHM2ANnM-Y`V}!cFxyWBKELfahT}Dx@PCN;4nKCB9!J`*WA-Dy z!RxW*sp@*BP3KE_X+1KTqSdL2NPMW1{<~C+x)Vo;|5jBd^-PLTl^7=rd2gPamh(!H zk1*Rw^DV!Ka3xG7JD$5Fj@;-Q)J}oXspa5biY=qK)m7EV6N*82Q9&66HBMi_O^?bmGP}2UgC~I&+e*;xr>8lr#ISXhLDnV3vaJ~glAr&=u(&xJ1 zhU3n;uUnEGn{8mnqITCY_aZ&>v%qA6xY z!M19*CmzQw!5tBoF#vsVY)dFJOkx(?zrY3u3-_Dz0Bd}~;v!$#kS!}OFjZEA)5;eg znO|m(YD=H46T|CGnR31uM_X;ap}b3m^Wi}zGzXT(BYy@PU_AC`=LIwQU_fx8|439= zT!{;7q|ZX`f~x6aH*tV8jAQQU8+6&~UO)cfz37FGPlbrsKDNUHM z!zi>oK*>#bZ(KeW$GRpQ-3lfY+xe4uT~vhGJ*+g`aVXX~MK$&jNq&@ueNo)dU&Tb^5r*_;kGeDr(w-Kf%0srq7zgt_il7^#`XhnI!ajMC?iNjsucFOAd=X z%GHW@5H_QR?K}5Sh}w+fT85mIKZta!n;Pe%I3{1X9J6-SF?RM1Z3=@!tMLM>tQs$l WS&kJ+G^cY(7R11chCY>lx%)6fA^}qX literal 1519 zcmV5jME*8_VaiVS{*XcBaG#M+YGR;zXbmkc1L2$R;l-zfZs2ijqr1wY zF{|2RCSPKC845-i^)dtWfGz4fL_;Wdec_mL)PRmIkJP?%N@@z~`7p%u=X;Y7nomv` z#SkZ8vnnaCE`xXrU5^{OvK3AZ)Z`0#_kU0m`cq&1LV6z7+cO*?u`xCbaH}_Orf3xX zv|GvC*}~@T$yk9<1f2Qudeo2AD$5{VO_*~1huaAzIh4ttvMu>-0Cs%&UU!VGi+Hl& zAvtD3|7p(bz8hT(m#k)+D?b#Qvrh;}Fpn&q_dp6P^Mv!7ahV4@(sBxwKN;C)B-)hw z{nMjLD@W1lnyVsTFVn#Ha@Z$ugNI^wDg5*gQ^x+HZKHdj8$*VxpP8G@4nzYj;+O)+ zNW5xjOl&KJI9EX?CT<4ErIefHA;|8jTmE?{H{oRL=Z|q{QYXA)JRR|vCAl(ui8lP%l6vcr0Rk)kI=W3flsYxl~Eh*Yoa$X4nT z8TLAdkgDZKl}qTo;O@1;AxCk%oT!Xbz|&VPvkq7(dQTFM&w*nLj*HlZ@fh!_Fg!`_ zf~XL9+f>SmD*@#oM9p&^<%X#iHA7Qk9^9c*WwZ18iwFU&ChH)*3o4PPcD^OHit z1MbZis+-*w+!-@0tQf^cJ-Vpm&g)zxaB9hA3JERxQ|HT4V;L)FbsT2Z|Y|2ZZ< z?ohe4oJ&ULRdgTndHqUi5yuU#dWlyee&kwC&NKbHS5uKifXC}b~scJ0-z`{!3( zdNWz0WC3o@5;*=7an1P)_6BEpOXBmI0=Nr#>Yxqj=v-$NUM&R$b^&v1JOyGaGMsBi|%nb}rOi73^~cF5Q8uijfsg zmvY}%B*8sN3&~`Vk25l#)UU|*As;pF4kA&OY3+}*tZw^yxRNY%WFg7TO@nW$DYj8G zesXScUeAkTXDn^9|788XdBKoqe<1aNw=x*BJPe|pp&LLF?fU7#an{;<)Qf^47rQ~_ zN8Nb=vVJCE!5p_uQD1*?g&9pQe$>NJ6&Gq3t7$P}_5H^GG>v9?Zs@&DauNMsBDt@g z8Res)orTek~H2u?MDp1!^p4z%p~gp7rsqu+U>urAM)O*_>p8uFxRzdP)h4kxD~KG^yG(6>?MNu@1bbK+74z@o z!;dW2>iU#|LiZ`8_(>+b{EPw**MF;4tV&IoLzX+sOF92{OrrRxz(o4iyscNkfyz~} z`B6@V{d@ue0EV~EJBlu_VXKy)Z}FH>CGI83fRIWESs#W2AC%MHpagubl;0fcQx-Vy zBqDKUJ5!8zNR=jvM{Oq>7yyBWriy%-e$NB+xW!0d!d49k1$|!?b7H&sRy&QketRe* V)DQ*(55zJs3?OVcoY;E@j|H0F-7^3H diff --git a/kubernetes/dns.values.yaml.enc b/kubernetes/dns.values.yaml.enc index 9c1231fb629a96278bdc9d6cdb736c4793e4f331..65f24bf49019fbed6596c4133344d413f7ebcaff 100644 GIT binary patch literal 313 zcmV-90mlA}4Fm}T0s%r4p1SDjo%hnfX8|M5gZom^g8;zULH!ODOv6K$H{*|CqQIi1 z;HF*W>f5a}CL!ctjGL$m`mB-{8QqI~ohubJeI9s6C|m0?LIALL%p^6uqu#;INuAnG zVMkZ}`Ns7fq;CzCm1B2x3=kBPoge?PbNhp2vR1Bw`K(A?$P* zmZ6k{A22pzQX-Z3@wYI-!iCXn0NUSS$?{!6%MEm2+WU)(Rf-%ER~#iQB<^Bwo)xI1 zzX|4Sw28-L8OV1_OkG~3+}pXZhA_}jGgLoFiJ#xYU@Oa51I^2L)mr}ia}`r7R^tdJ L`CRWY`3-GQhme%r literal 313 zcmV-90mlA}4Fm}T0y@YA{={yqjQ7&OX944{(g|zWj_ziLb4CvL)(lu=)A5wqcP?KR zRQt@Cn5)v_aTWzOkC2Bm-Mq_s`S%|ya#w=rvw^_|+Na2>G{pIeLE}{xYcC5BZhta(rFi LAJUV~B4|zTD@CE+ diff --git a/kubernetes/values.yaml.enc b/kubernetes/values.yaml.enc index e7dfdc2062c5766ab3124d29a9bf07c4f1ba99c2..c14b732552dadd829947516dec4144eae9407a68 100644 GIT binary patch literal 1760 zcmV<61|Rv14Fm}T0!GLR+98zt+4s`w0q{TF-h5-rCs(SFEGdp@x`oq72&W!cxSMCx zBL4n33NHiD^1^0C7#_PKHJ2Qx@ziyXK_rGj3yYh8%bw+NM&{QD8Pt;R#j;2JD$a(x z>mp@8kP{iUqP%}<9`-g{yx_)CEBJ(i+3bSaxPPUbKwyp@ytC78UHd38Rf$E!EvIfe z^mJ<{4L$ajKm#FiMAof0?qPy#)1zbru-qs`UjQKmHdh5?HO+1$jl$9L?Q1?oJZw?K z43O^lbXKG}qzgH6yMENY@2H@6yu7aULBDFdYEf9l!tZQ()L&J=)A`4CHs}9lUgdOn1_>?d z2JnJH1Xz*!T5!GEHS)oFmp`(6F{&4lGmu0eWg31ho#UfD60jlV(54^wg~q(b+9#Ot zM8>NOG!JeJ&EU8H2@`Fq?V{)h1AHsCzG&NUC8WBRk7aTh%a1vUL^xO1W;`5!31AM= zNoJ~*Mc%Ev$CRp7s+|j{0bD!{AoWg!i4>KTKcp%X>6*Ny7liRT=*aDawo<_jIj>3_ zTM<+$?ny+PpQV{KqcR1+vJUFv8ZlyM$9r0%zmP#y{&82aL2fRYl%b`|W_~sIGpD^N z54r`GShw0zE7Y35jj9M0cq!qpFj>XZd`MXi*Weox^Oxc{yCFmBITMal#-Zeyv8Vnk z46~z<|LfjOZdOz-IGU47G3w~vJDSGM9n2y#-`4O|in8D8)89vN9nYR+JE%_0G@gWV z?1Ey21m_I7*>Nu2g7X!cv(_-nDB|l6sKMQ|%!R%v5$YW2#93 zimla+!9o76(kfIWQe^q1K;z3;`$Z}WI4Yu5y&IMh^VAedvCH@bQTm9m%F=LQ^694|SHEcTR@U}jW&!&sT7PhP=6mrbvhJ?1w^l{x6h5`A&9AY}7s2d>({c0asOI1NBycxjaMrM)>VK zEXChjH?-b6DqCSkU6uAgr_eDmg`CscjD(8d9#NgYN>%*Q0;_FMv=#ML(3+Vz zan9Zw`Vfw(o7h>oRhu{Q|8oX5uu5OtXCZpcrZvWqH= z&g}k3qh<4%>5d^{*N5i7b^FehNQ>|F-D4)fX7I>T9b=#Wm1+%X=)R)KoF~#_*DOeD z_{BfWjy8z}CU}Ptb(5*QQx#}`flcX+GCDboHfXdIm=aNyOxLfpO>k$u0lG@J)ih<= z#&2IL-g`$a^~n+^%^){#i-6R1XPR~hHV$XA~ zTR0>d#l?4yeM9elYURW!h1I?fu!CXpi&TcPjNG$5geBE1f!OGy`W9T1Q9|dZY#K)* z1v(Q-zk(xFP2i(?-QL#@-)fhg65Co_=P8GwH|XN9ShFR5ZazDU^h0T6yBVngtLbT6 zx<4q95AxlXa&kG)7PWnmAc*hq3mLm8$cU^E8vsde(2DQNEP)YOo72>cUykL6)AS*M zuCqzbk#y<40=)m%23`b^ikgEkspCS{#Y^ET?+==XZ2f!kfFB48^)j(H zw7?99r&&z|Jok%RGsbVhj=VyI3IFBk_NFnhov>u8XcvqmjM4VG?F>Q?ZiW>r%({sZ zwc^hsC<;6@6^?-;!79C{nIs~CltLk#go{<=9jlqpCpN?9#D>jM!L?Apn$4dB9#XB$ zJu3PZ@SbI1iM_G^t(bD5=;$Jd6{9&W(;Zn(QBOoBZ;nKCYLDD;J_=4B?B1EcueNUQ z8&T4*sq$Z|xDnA8{wh>XK@Fu6)LW+wT7Ztt+EE5$51sa?f`WVMO6u3K0{IJ^w1>Q> CV0I$_ literal 1757 zcmV<31|s>44Fm}T0v9;7kU)ZR&iB&l0S$Lus%MNZ5r_3yLIkWp0l)^C?WB;WY2R0z zV>mYcKE^Bw0DExUK1KQ@LhEjDG>ECJX#9{niEtmcAtE#Zq!0+ zL&4QaK5U~rHK1hRg-kN{;3XzswkD^Os#>drX+epq*by>{32P*b%}LrOHqA&ITlybvk-6aE>oCLyoY>WPxJNSk^?f@m{wJWvCp_WaJ zWe8LWr;{0Y3HCRICOGw(%1y!)9{eaj@o$lKTJC*AH`r^>J};sTSRb;V7GZg-aAPXk z&M|GCF+*i3DI`|oJP}>E=|%5@&90-kI(@=pfDNaL?7<<34j?r5hRgh{b_*mrZ0JF0 z=OCy5_?NT=X)HFfzYY}cpj*pd8AjQ$xjq!>_>Qf2GaPlowyujDuMjaXfEWP3(f$CT z5(8!UJVcn>zzt$*&^V2Ne#anAT&-InFoQnWTjAd2^D=Ht^jD-9tLC@9flh0{n5n*1Jw+ckoL*1*gx34rqEDCZh`&E_Ik@M<*fL8A;?oMhQ4OU zW#!3{3$)B)t6&&XMzv$NKOM80mNrC}knDXdE?x<8&J+YK zVBTo(G1un6z&k!LQQ)+@2+mI~Z;)(i9>jV}qlsN!hp#Sqj9``@Y`vRJGmZ>&|xk!Ak{81yEumb-~ z20MmMDlc4(5+k6e3Ls)xlBq*+b(g2-_gTaqh<_yf1W%Pvy!GC!n-0AQa*1z^B|}?z zGBl`>tpjX`bAQuC8dPojTS&@%tb1yWIQ}-QZ7v~W3iiljNJ84XC5YFfL>sdd)_RtA zVOG71;x*sj=27t23@CyRkl?;izI%I}V*)Y5_Lylp<0T~J&;*U*;35Wb4LyboAev)F~{V<=_ zmGSZ@asN!tp>r1#&*aFza88%C%!y@jv!3@2I{h+Us8oA#8v43;910UHO73%$%A}B- zYA*+eDso3I`Ok#hKa&MQ2h%}4$j9NK{8zVOev42hnKf^)UI`~UES#nkoKoDRQ@Sgr z;eD^!ySpBiXd$ZXZ&yDoTiW8Mathu%v8Rvf6qT#??}lUsSuMP0;Cq*Rg;9G@>V^oj zc)hWd_*S1{zwwI{S%K-%^!I4#lB?#Z6&oE;G7S*@Wah*14yeBu@(DO+U_hc!BVkPO zRKV8vpbOc4moQ0GR((hNPu+D=(VKr5w;SuDn#YnQJCU2LR%VkIU%rV~LxqAcBg={s zA!D~VPC(}oDT4+aO53B~kMTAR-JNX$-8TE%MKKLMf(D%->}>Yk~VKnN% zd<3?@ma~H;X|Jh6yitshX}K7x)12%m#x2>o#$J#SX_l!GncF zStdem5q5?Ijmbi(dAyc0g#$X-!8O!#@nTxhltsc-cV zzr^ick$+TpXpB=s-Q#z3v~6Kh$-lpJa(h^Y8EkEYex&T*#=#l!&7W&_N}9Ydbw5DH&m7}2I=n*2T$A2>utdY-MivYE{Wz%?=LV4&v^sF9_B?&&%)2-M=Y+>fN{ z34M~uW3U#yEc}rNaKc;%x<$V;(9Fjai!!ngxKV08* Date: Tue, 21 Mar 2023 12:18:42 +0100 Subject: [PATCH 44/89] set github ref or master as tag suffix --- .github/workflows/publish.yml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index deb3130..537313d 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -37,6 +37,15 @@ jobs: ref: ${{ env.GITHUB_OCELOT_REF }} path: 'ocelot/' fetch-depth: 0 + - name: Set OCELOT_GITHUB_RUN_NUMBER + run: | + if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then + echo "OCELOT_GITHUB_RUN_NUMBER=${GITHUB_OCELOT_REF}"" >> $GITHUB_ENV + fi + if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then + echo "OCELOT_GITHUB_RUN_NUMBER=master" >> $GITHUB_ENV + fi + shell: bash - name: Checkout Branded Repo code uses: actions/checkout@v3 with: @@ -77,7 +86,6 @@ jobs: DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} GITHUB_OCELOT_REF_JUST_BUILT: ${{ github.event.client_payload.ref }} - OCELOT_GITHUB_RUN_NUMBER: ${{ github.event.client_payload.GITHUB_RUN_NUMBER }} steps: - name: Checkout code uses: actions/checkout@v3 @@ -160,6 +168,9 @@ jobs: fetch-depth: 0 - name: Set OCELOT_GITHUB_RUN_NUMBER run: | + if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then + echo "OCELOT_GITHUB_RUN_NUMBER=${GITHUB_OCELOT_REF}"" >> $GITHUB_ENV + fi if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then echo "OCELOT_GITHUB_RUN_NUMBER=master" >> $GITHUB_ENV fi @@ -228,6 +239,9 @@ jobs: fetch-depth: 0 - name: Set OCELOT_GITHUB_RUN_NUMBER run: | + if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then + echo "OCELOT_GITHUB_RUN_NUMBER=${GITHUB_OCELOT_REF}"" >> $GITHUB_ENV + fi if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then echo "OCELOT_GITHUB_RUN_NUMBER=master" >> $GITHUB_ENV fi From 87a8b269912d759b8f85c419229cf210d9c40c97 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Tue, 21 Mar 2023 15:26:32 +0100 Subject: [PATCH 45/89] piublish problem --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 537313d..152d8cb 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -40,7 +40,7 @@ jobs: - name: Set OCELOT_GITHUB_RUN_NUMBER run: | if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then - echo "OCELOT_GITHUB_RUN_NUMBER=${GITHUB_OCELOT_REF}"" >> $GITHUB_ENV + echo "OCELOT_GITHUB_RUN_NUMBER=${GITHUB_OCELOT_REF}" >> $GITHUB_ENV fi if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then echo "OCELOT_GITHUB_RUN_NUMBER=master" >> $GITHUB_ENV From aab17d949f6094702b89407461fd7a32989996ce Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Tue, 21 Mar 2023 17:41:40 +0100 Subject: [PATCH 46/89] fixed few more problems on publish --- .github/workflows/publish.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 152d8cb..3134339 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -169,7 +169,7 @@ jobs: - name: Set OCELOT_GITHUB_RUN_NUMBER run: | if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then - echo "OCELOT_GITHUB_RUN_NUMBER=${GITHUB_OCELOT_REF}"" >> $GITHUB_ENV + echo "OCELOT_GITHUB_RUN_NUMBER=${GITHUB_OCELOT_REF}" >> $GITHUB_ENV fi if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then echo "OCELOT_GITHUB_RUN_NUMBER=master" >> $GITHUB_ENV @@ -240,7 +240,7 @@ jobs: - name: Set OCELOT_GITHUB_RUN_NUMBER run: | if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then - echo "OCELOT_GITHUB_RUN_NUMBER=${GITHUB_OCELOT_REF}"" >> $GITHUB_ENV + echo "OCELOT_GITHUB_RUN_NUMBER=${GITHUB_OCELOT_REF}" >> $GITHUB_ENV fi if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then echo "OCELOT_GITHUB_RUN_NUMBER=master" >> $GITHUB_ENV From b3f7838c2612a81b031c2ab7b372d0c66e8b9466 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Thu, 13 Apr 2023 09:02:20 +0200 Subject: [PATCH 47/89] ressource limits --- kubernetes/values.yaml.template | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/kubernetes/values.yaml.template b/kubernetes/values.yaml.template index 86c0231..4171b2f 100644 --- a/kubernetes/values.yaml.template +++ b/kubernetes/values.yaml.template @@ -38,6 +38,8 @@ BACKEND: CONTAINER_TERMINATION_GRACE_PERIOD_SECONDS: "30" DOCKER_IMAGE_PULL_POLICY: "Always" STORAGE_UPLOADS: "25Gi" + RESOURCE_REQUESTS_MEMORY: "1G" + RESOURCE_LIMITS_MEMORY: "2G" WEBAPP: # change all the below if needed @@ -54,6 +56,8 @@ WEBAPP: CONTAINER_RESTART_POLICY: "Always" CONTAINER_TERMINATION_GRACE_PERIOD_SECONDS: "30" DOCKER_IMAGE_PULL_POLICY: "Always" + RESOURCE_REQUESTS_MEMORY: "1G" + RESOURCE_LIMITS_MEMORY: "2G" NEO4J: # most likely you don't need to change this @@ -63,9 +67,7 @@ NEO4J: CONTAINER_RESTART_POLICY: "Always" CONTAINER_TERMINATION_GRACE_PERIOD_SECONDS: "30" STORAGE: "5Gi" - # RESOURCE_REQUESTS_MEMORY configures the memory available for requests. RESOURCE_REQUESTS_MEMORY: "2G" - # RESOURCE_LIMITS_MEMORY configures the memory limits available. RESOURCE_LIMITS_MEMORY: "4G" # required for Neo4j Enterprice version #ACCEPT_LICENSE_AGREEMENT: "yes" @@ -94,6 +96,8 @@ MAINTENANCE: CONTAINER_RESTART_POLICY: "Always" CONTAINER_TERMINATION_GRACE_PERIOD_SECONDS: "30" DOCKER_IMAGE_PULL_POLICY: "Always" + RESOURCE_REQUESTS_MEMORY: "500M" + RESOURCE_LIMITS_MEMORY: "1G" LETSENCRYPT: # change all the below if needed From a38bb6ffb4e811fa9b5dd35389c5a9b70dc44f48 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 17 Apr 2023 14:56:16 +0200 Subject: [PATCH 48/89] gitignore backup folder --- .gitignore | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 9bd6bcd..f780ba0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ *.yaml SECRET -.env \ No newline at end of file +.env +/backup \ No newline at end of file From 53cf410e3daad69eb14b087f083fbcaec9cbb015 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 17 Apr 2023 14:56:25 +0200 Subject: [PATCH 49/89] new values encrypted --- .env.enc | Bin 529 -> 523 bytes kubeconfig.yaml.enc | Bin 1520 -> 1517 bytes kubernetes/dns.values.yaml.enc | Bin 313 -> 310 bytes kubernetes/values.yaml.enc | Bin 1760 -> 1759 bytes 4 files changed, 0 insertions(+), 0 deletions(-) diff --git a/.env.enc b/.env.enc index 1a619cfb87aacf4609254dd4c5d37b1a193fac02..23bce13b7721069f0b0697c2b5047971edba0f37 100644 GIT binary patch literal 523 zcmV+m0`&ci4Fm}T0(2aE*w9^xUi#9(IRVLfR=n#myTgvlb7uG4E-4Cq+)_4DWyb?+`|ls~*; zNNW+uWDrVx;YQON?Z;4SIN@y?Sx$iu%5-zK#E@x?$*J)m;P01cejRT>wwJ%l zP7kP`^WO-xLUw`vQ+DCVhF^|z-E?q|$3$v}Hg$zft5?a&6>niZLCjJvbhB1T zJf~LKadiGjMT-)hXjJ8c^JEq}C{FDHuGft7ekJK#B9TQ>8zYh~yXnXnPznzSNm$5v zJz8jy)#7%2!V3S#)avv}tVZmjo)L0k>v>^j$ZjZcWW{R`k3i8M_n*Yb;+e(qd>t%0 z%CY&WRSGBG;`h})Q@};mYAlF#`z#D}B25RzZ6P^s5$l1;b)~xi@>D!VDKYGwN**w} zQph6QrN%lC;%y{m1!jl$pNQS^qAY|p%kMM*%8t1r)Gd?9eF=QFRPw^kSvbQ~Ce)5b z*Dm;ow_Wy>moRpY-vj7`VqH$7;w&@S4jezA^ZE^192QW_b%wc+zfM!;CG{d1i%C3n z<#I4#6{7Y6&t&nb->=#wjVH*R%T8w=A;3H7#S-5Xp}(qo&7zAKmVOvl ztPTMZZiu@zj0O+>;D9V`hlURu4NhsKj8v1MBLa4vxC}w0ndnYj(B&?%(P~bV1*2Jg zpSYSL*lk$0THUJS;3y?6WjSMNB6hHPvv6#W7Yn!|&ez(kB2>iO0Rq0pK-iw5inZ7#;wH`R z0;@`pJU~9Q^$<>&M0i1xcC3XTZ5RngH8)=Rjk#wrdsogc6aG09><9j|?ZoAW(wcw> zOE%eQm_S1SxuV;em?5Tx%55CKq=0S6+Mo2o7E}vP(Q3Dw<11f_>`YEd3>g&NjOKa> zQGP6d-n0d<=ApKA-VyugJ)|V7{yb)5^+@{7(L3aTh diff --git a/kubeconfig.yaml.enc b/kubeconfig.yaml.enc index 6101eb91edf6f5cb21a5850bc1ca242b092f559a..363c46c795ea5d33a1f49dadf27e598ba9e25eac 100644 GIT binary patch literal 1517 zcmVHB?QqH)MPZ@0H(B6 z?qd{Kc?NL;+g%akG`=RNUK6nJpizEi%teHJBNEiz5RpQjo{H=cb>9G4)ddj$LHYQ~ zfO{JeQOPttaJ;t^Zyj{Hhk8$9R}yS^Ia*>8F@r*fD(fB!Lf_%R?k98nv{(Yb;hLT1 z_yf?jeJ_B`4D`i!>Rb>tdBuFhwsX!4{HhDVzkg02M%mufNM?iwmlJ7h3`FK3xW( zEg*53#x_g7sPxz#lDa`&w@=;kOdvGlZCN1KNUT~&kOr|ls zv3GD6_piJ1xW|CfNxgs6Ij1-`X2ptP z+3^zGqibHo#w5suS%cV;*fn}i@J)9D=XIX6Rf@Erp=enDbi*;^YIA^!*F7rPqau;J7+6MB(X8N!k(T z-S{cL0s7B#$kb{d(hJiW`wo=cSuJ zLR+0Aw?hxp#j(jBY~UU^_Li3STw*;#jzjL~M)&w=8KrK}LexV|PCDpE+mbGJ$2GKQ zOqRk$#%3PeBFus9qC?;vBvo*(Gi`v6sV+r#Cc}|}Yy+*irGw)aL(RIt%+PVqBkB!(VLIeoFZPH2Z2or)6av+zB!W#hM|uF-+RH{N-WEAV?Kx| zRt%ZeM_5J`SMxD=XF{vOuRsi6y8PqEq1SH)4Vqr7;`p;6bl^vlJ!!rKch-+izgHbn z*NHJry>F;zrysGs2R+(ttl9_hLm79GQr>0)?%holp<;62ZJXy0n}Sv>jIQL74)fgb z;Z)veqph`5Oef#q>yno+=CtlUs9cml5{|!E^`iWEJ?fKBD_}U694N_sekU;V5uLyA zfUWpGG&tMY!5WKy(aek+%TVzs7D$q$mw3dFd!Eck)bir~Wo&~AXG9-u} zqU`Sj3v^36RZ3|~4~~fva$qxri-<0ykAG6JU2EWAen|C{^@~C=%NCYlh;M&>{<&DV zj8Q~NNlB`~m^U+$v}cRG?}1|0fTo!ALeVUhjIx6b`X&9&NcKHXP8CaGLkRAFA{Zoxl|J`1J+Du+gH~2Q#MYKR!aHE_%}Khb#z0*|kWE#d zM;U7SfQYY$X-;c^QsN5x(MUk2NwbG|m7d6g{~T;{CbldjiYv7PuT4dpLyxzRa$~>1 z#2h90FlXWZL$eYBy?Z%~=XlSiDJi1eqckh%K}kvVB)na^Ft3mNf%z&%%l^Hyk}t(#uZhsSM~*)ERW`6Q>hHtn(waj;g7j7<XR=zU$JMuM-Ot_?8oJ^HjO~YC)M%FPfYLaTO6-6| zDwlB$Cp$Lxf4eLym&DVYtYLL@>IgwXNz3kuMP|~K`oukaajVO3?GU2ZDvQ6W>tyO5 z#1*6#bmw#OUO~yH4McgaTH>&V8GgMFe5+A3%y0Z9gX;5Om)6u-sPzY@^+q;IR=SZO zyqmh=$Z0Hb6A(;_`gKT9D$PfPK^L!F@GDZA>1tD-`v)9l7N{xghao+Eh0s)5)hVZwcef7v;Itjy_Sk0 z((tv53+4Q=ZMoE;yf?^;r;~NE3tFm(PE!@c@}6ybrko@fVhgAEL7pr(4{-P@`z2{7 z!?(w4-*V(T>j3z|RL7ATCO{(Rt}V=Ph1W{~uWbF|09dsX2yJ8*XZY zP0n0;6srj}`zJlU*C{CU+BGD-2c%RrBToDBOeoLWlz~d;JaMLH1v!4`&lqANU41qN zbg=s^Mv24gX``VHx-09I&QGV;;2zw&y>75}^U$Nl78P5=5WyJE4y2;jx~uSNjt)hW zr_+@+J+$M1T*#L9_l@DHW7obIR@n5An2`$T{k*jK6xi(gy~F@|y8FQE&6ia)vt1&e zYUJgRBNP_3aMf=oEHM2ANnM-Y`V}!cFxyWBKELfahT}Dx@PCN;4nKCB9!J`*WA-Dy z!RxW*sp@*BP3KE_X+1KTqSdL2NPMW1{<~C+x)Vo;|5jBd^-PLTl^7=rd2gPamh(!H zk1*Rw^DV!Ka3xG7JD$5Fj@;-Q)J}oXspa5biY=qK)m7EV6N*82Q9&66HBMi_O^?bmGP}2UgC~I&+e*;xr>8lr#ISXhLDnV3vaJ~glAr&=u(&xJ1 zhU3n;uUnEGn{8mnqITCY_aZ&>v%qA6xY z!M19*CmzQw!5tBoF#vsVY)dFJOkx(?zrY3u3-_Dz0Bd}~;v!$#kS!}OFjZEA)5;eg znO|m(YD=H46T|CGnR31uM_X;ap}b3m^Wi}zGzXT(BYy@PU_AC`=LIwQU_fx8|439= zT!{;7q|ZX`f~x6aH*tV8jAQQU8+6&~UO)cfz37FGPlbrsKDNUHM z!zi>oK*>#bZ(KeW$GRpQ-3lfY+xe4uT~vhGJ*+g`aVXX~MK$&jNq&@ueNo)dU&Tb^5r*_;kGeDr(w-Kf%0srq7zgt_il7^#`XhnI!ajMC?iNjsucFOAd=X z%GHW@5H_QR?K}5Sh}w+fT85mIKZta!n;Pe%I3{1X9J6-SF?RM1Z3=@!tMLM>tQs$l WS&kJ+G^cY(7R11chCY>lx%)6fA^}qX diff --git a/kubernetes/dns.values.yaml.enc b/kubernetes/dns.values.yaml.enc index 65f24bf49019fbed6596c4133344d413f7ebcaff..0d901b6844ad38fc922012d0cadb96cbe8692a81 100644 GIT binary patch literal 310 zcmV-60m=T14Fm}T0zK0%9VrWSJo?hWWC4@7{6Dr>ATkZ9*omCM1LRJ5JDmxC9|-xA z0P;X6!=Qd+s3!7mTX}w87F|CXJKomP=*wpVri=~FnCU5-LRlhAp(kEVo*tHXz_za) zFY+l;Drz^8>qL{V3AJvK)>M6zk6`$<@Fn2XLnjh?Z4^Bl)ZeESj=OSz1`hZ(boetP z}U5>q2HvgJ>c z{DrplT|D$PiGt1bIW>SBLtW{ZCizEL9x1(%FM{z6vmbgSp&)vXn;JcD|CaElge)AB z;jm6y8BQ9`lLKCNbW@qpf~lOIX(|ANOSe|b){rznW#QNyVjgD$S{p)td9rblg-cx` IY_d`Vf5a}CL!ctjGL$m`mB-{8QqI~ohubJeI9s6C|m0?LIALL%p^6uqu#;INuAnG zVMkZ}`Ns7fq;CzCm1B2x3=kBPoge?PbNhp2vR1Bw`K(A?$P* zmZ6k{A22pzQX-Z3@wYI-!iCXn0NUSS$?{!6%MEm2+WU)(Rf-%ER~#iQB<^Bwo)xI1 zzX|4Sw28-L8OV1_OkG~3+}pXZhA_}jGgLoFiJ#xYU@Oa51I^2L)mr}ia}`r7R^tdJ L`CRWY`3-GQhme%r diff --git a/kubernetes/values.yaml.enc b/kubernetes/values.yaml.enc index c14b732552dadd829947516dec4144eae9407a68..4c78842f52433ffe25463a1ebdc3b20b8f96131f 100644 GIT binary patch literal 1759 zcmV<51|a#24Fm}T0?)hWO0+d>lKRr>0e%+|h+Z5SXDHp|fw0p*t^PsIqvR_fZ?exD z_<+j#s6o~{3Rny`%jJuPtT=pcWi|bgtYK9iA!973RA)c2II%2A2}Ot9`*X?(6H=5W zH{j8$kP6xuJu8ixARTUJ2INhE>zRJOksU~Bu*>Br(CZDq2%IGEB&-BNE*K=K0e{f% zN1BK$`YkF(9;r3uZ4_&y(DIfNE6Q`BEX+`v;9$YRE10+GRcSv&Nvjk+N8(DyH`G1W z=E6VWIGRbXNj4$(U39*$oO!Mt^gD?*19=S9In&UNqz>>H8yEG)!RgBJSJMiBVu4EJ z8Z9hjeZQPhq%u0^2~? z`xhQ-?zWV<*-j!~25)yC7Im|W^x%x}r)NfG^Zg$)(`j_j%wRoqxTF`lOpNc#5iq~A zoIS_#6Nce>`#*54$%68Zbd`TqGM|~5?Ax0z>*_YGixG3-jJ9$_mmuK7o7Va3EyCkE zz$k32I}p14z>wO&2DfG-KrWh(YyM#v&1@hssPn&gx~-*{5ZmzP5w){J@D6%xtPJ;( zWW$B3hQG(mj63@MkR_8xFmco#{)4eEjPwN5OymT(5!$VfYGX+IgPMJHX)ZS>se7v% zX^}Q+oz;2<`w`wo?WwVEJ?h~fpU`?V_XMj!J86$WhLRamkLgN`yl|me3AU+CZjR(F9Bj@>WWEX(y9>Y?%Ul{G2&&pHn>HbjGEXxu4UIDa_pwHb~-Z`Gd1UJQ!2~h4@9&C4vfy(_LQi z-BOZAihm`tR||-jNvJ2@CY-Rksv_1GBQFxFZBu!Pl7ico3%NavUHi6L;GA`k8wW#1 zyeq56XAD^10hwH2qk8>s`JMJjm2cb(T5D`qvvW0Z&Ohaj#lMHCn0KHx|H1OU5Rag} zdX9*ppod(O&uJiAj-eIt*udMiX{2}&Q2X!Y{ed6-*pYXi*4;sE8LRdclmxximAm_X zC_{;bKsd>x4;;7Sq-oe}B$yYphM!ZeB*FE1pR3aMChaKyS1v5lIC>`)nXil#pO6i1 zhm3hZfi8n`S7(C59(8t`f4L@DG%c=Q_+Qf&3q48zOZ6bZnxBPWF-cC>5_nkNbVKJ^ zn9-fVJRgYb*D;ck0~0e)1cT@zoK`3MF(Oeg%P@wSTUM;O< zRh0!FvnvLIG11ITRg7hM?t|U>txBAw(LgohKn53?T!<5RYv&I3>ox(}w{Fwvm<@`) zjs^HH+B**tPK2-f~_C_xzI5j7EUqbQ&C zMjXK9M1Ixo5;+LXpSzB@AYa2F`UX@5r#A;7Mzl?D&jU2*+WG|zD{B{be8q% zJ%<_`BW}O*`s`3d#>x52-qi%As^Tf+|8;=7lF=CoSJ#Qs32>fyt?zqLF&I`c(x(hq BZHfQ@ literal 1760 zcmV<61|Rv14Fm}T0!GLR+98zt+4s`w0q{TF-h5-rCs(SFEGdp@x`oq72&W!cxSMCx zBL4n33NHiD^1^0C7#_PKHJ2Qx@ziyXK_rGj3yYh8%bw+NM&{QD8Pt;R#j;2JD$a(x z>mp@8kP{iUqP%}<9`-g{yx_)CEBJ(i+3bSaxPPUbKwyp@ytC78UHd38Rf$E!EvIfe z^mJ<{4L$ajKm#FiMAof0?qPy#)1zbru-qs`UjQKmHdh5?HO+1$jl$9L?Q1?oJZw?K z43O^lbXKG}qzgH6yMENY@2H@6yu7aULBDFdYEf9l!tZQ()L&J=)A`4CHs}9lUgdOn1_>?d z2JnJH1Xz*!T5!GEHS)oFmp`(6F{&4lGmu0eWg31ho#UfD60jlV(54^wg~q(b+9#Ot zM8>NOG!JeJ&EU8H2@`Fq?V{)h1AHsCzG&NUC8WBRk7aTh%a1vUL^xO1W;`5!31AM= zNoJ~*Mc%Ev$CRp7s+|j{0bD!{AoWg!i4>KTKcp%X>6*Ny7liRT=*aDawo<_jIj>3_ zTM<+$?ny+PpQV{KqcR1+vJUFv8ZlyM$9r0%zmP#y{&82aL2fRYl%b`|W_~sIGpD^N z54r`GShw0zE7Y35jj9M0cq!qpFj>XZd`MXi*Weox^Oxc{yCFmBITMal#-Zeyv8Vnk z46~z<|LfjOZdOz-IGU47G3w~vJDSGM9n2y#-`4O|in8D8)89vN9nYR+JE%_0G@gWV z?1Ey21m_I7*>Nu2g7X!cv(_-nDB|l6sKMQ|%!R%v5$YW2#93 zimla+!9o76(kfIWQe^q1K;z3;`$Z}WI4Yu5y&IMh^VAedvCH@bQTm9m%F=LQ^694|SHEcTR@U}jW&!&sT7PhP=6mrbvhJ?1w^l{x6h5`A&9AY}7s2d>({c0asOI1NBycxjaMrM)>VK zEXChjH?-b6DqCSkU6uAgr_eDmg`CscjD(8d9#NgYN>%*Q0;_FMv=#ML(3+Vz zan9Zw`Vfw(o7h>oRhu{Q|8oX5uu5OtXCZpcrZvWqH= z&g}k3qh<4%>5d^{*N5i7b^FehNQ>|F-D4)fX7I>T9b=#Wm1+%X=)R)KoF~#_*DOeD z_{BfWjy8z}CU}Ptb(5*QQx#}`flcX+GCDboHfXdIm=aNyOxLfpO>k$u0lG@J)ih<= z#&2IL-g`$a^~n+^%^){#i-6R1XPR~hHV$XA~ zTR0>d#l?4yeM9elYURW!h1I?fu!CXpi&TcPjNG$5geBE1f!OGy`W9T1Q9|dZY#K)* z1v(Q-zk(xFP2i(?-QL#@-)fhg65Co_=P8GwH|XN9ShFR5ZazDU^h0T6yBVngtLbT6 zx<4q95AxlXa&kG)7PWnmAc*hq3mLm8$cU^E8vsde(2DQNEP)YOo72>cUykL6)AS*M zuCqzbk#y<40=)m%23`b^ikgEkspCS{#Y^ET?+==XZ2f!kfFB48^)j(H zw7?99r&&z|Jok%RGsbVhj=VyI3IFBk_NFnhov>u8XcvqmjM4VG?F>Q?ZiW>r%({sZ zwc^hsC<;6@6^?-;!79C{nIs~CltLk#go{<=9jlqpCpN?9#D>jM!L?Apn$4dB9#XB$ zJu3PZ@SbI1iM_G^t(bD5=;$Jd6{9&W(;Zn(QBOoBZ;nKCYLDD;J_=4B?B1EcueNUQ z8&T4*sq$Z|xDnA8{wh>XK@Fu6)LW+wT7Ztt+EE5$51sa?f`WVMO6u3K0{IJ^w1>Q> CV0I$_ From 3512403f6fc7e63969ed8ceee9f68ea5febecf6b Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 17 Apr 2023 15:11:55 +0200 Subject: [PATCH 50/89] include DOCKERHUB_BRAND_VARRIANT in env.dist --- .env.dist | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.env.dist b/.env.dist index bf0fe3d..b794cd7 100644 --- a/.env.dist +++ b/.env.dist @@ -13,4 +13,7 @@ # using `DOCKERHUB_OCELOT_TAG=latest` is the default behaviour of the Kubernetes Chart, # but its inaccurate if two workflows are running at the same time. # It is recommended to not set it rather then to set it to `latest` -#DOCKERHUB_OCELOT_TAG=12-ocelot.social2.4.0 \ No newline at end of file +#DOCKERHUB_OCELOT_TAG=12-ocelot.social2.4.0 + +# DOCKERHUB_BRAND_VARRIANT defines the name of the branded image uploaded to dockerhub. +DOCKERHUB_BRAND_VARRIANT=stage-ocelot-social \ No newline at end of file From 69885510ce32dc12f4ce581287e5aecdaa948ecc Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 17 Apr 2023 15:12:01 +0200 Subject: [PATCH 51/89] new secrets --- .env.enc | Bin 523 -> 575 bytes kubeconfig.yaml.enc | Bin 1517 -> 1517 bytes kubernetes/dns.values.yaml.enc | Bin 310 -> 310 bytes kubernetes/values.yaml.enc | Bin 1759 -> 1759 bytes 4 files changed, 0 insertions(+), 0 deletions(-) diff --git a/.env.enc b/.env.enc index 23bce13b7721069f0b0697c2b5047971edba0f37..7e73c082be752f10fcf0a3aea694b207b878ad66 100644 GIT binary patch literal 575 zcmV-F0>J%@4Fm}T0=sd8aGHOEm}4x&ZyfYEsuF(@IG&yTcaWu;{@7 zJxfVQrAcrhV>@Y(G*~7G&Wx?wrEt%;atWkCEZR#`_|G3#rt?U)WUaZ_asY*^LHWt;0z<;;TdcJrrC(f=rL8HI^SnY)jbk_E;g z#^ia`f`F0oX<>#VKRR9}Si|5m)}XC|zx`1sV&eUp=>bLX3fF)kKl4eEw%+sF-$dls z5)&KOHz%a5UiQu@)A}7`5jUaX)8K|pwoSPwXvjBqf{{fOFuN>m^chZj={4d|_)5lw zE%N~!p6$Q0)S>19K@3GeL*+ls3}-qU-yYZXI<;v55)6lcjeizOKBmTFDxU~Dv?m-A zyjpSIx5rBv{3a7(ZoKo}A~CZd3Y@VeF8>@O!3!-9n@a}k3`8~5;V2u#Dd?#%G}Lfx zz1bruwTuu%;-%PQdVWoQEj9zXy9 literal 523 zcmV+m0`&ci4Fm}T0(2aE*w9^xUi#9(IRVLfR=n#myTgvlb7uG4E-4Cq+)_4DWyb?+`|ls~*; zNNW+uWDrVx;YQON?Z;4SIN@y?Sx$iu%5-zK#E@x?$*J)m;P01cejRT>wwJ%l zP7kP`^WO-xLUw`vQ+DCVhF^|z-E?q|$3$v}Hg$zft5?a&6>niZLCjJvbhB1T zJf~LKadiGjMT-)hXjJ8c^JEq}C{FDHuGft7ekJK#B9TQ>8zYh~yXnXnPznzSNm$5v zJz8jy)#7%2!V3S#)avv}tVZmjo)L0k>v>^j$ZjZcWW{R`k3i8M_n*Yb;+e(qd>t%0 z%CY&WRSGBG;`h})Q@};mYAlF#`z#D}B25RzZ6P^s5$l1;b)~xi@>D!VDKYGwN**w} zQph6QrN%lC;%y{m1!jl$pNQS^qAY|p%kMM*%8t1r)Gd?9eF=QFRPw^kSvbQ~Ce)5b z*Dm;ow_Wy>moRpY-vj7`VqH$7;w&@S4jezA^ZE^192QW_b%wc+zfM!;CG{d1i%C3n z<#I4#6{7Y6&t&nb->=#wjVH*R%T8w=A;3Gxx#S;h3_0?Gb-aDl!EKF?1{Y(?8kxG`- zGta@IWmy~o&D}tWk1E z6jA1TJ#m#*bNf}$fTC_?nVT*rm%-GD=6x{Y{Y`&)V0Y13oA~-vj|TjHfCFbYuRT~c z85yw9NDRUPU`wa#AX*%{e%O#OP5V58U8IIyH0*er>vn{`yM~mG5{qh1(uIOjZrp78 zT#P67xxaetkh!RbW<}BQiN;=_Gmq5-C#p3wMNOItP@4q~qqgkmjrG2K1k%&Iv^t8nCHgfgCJ|J}7Baj;#$Zu+_J);88> zF@I9Pd2HhR6PW^q?JIj4J{s?p3=pSV5Y_5#EuWnbXE%uktk;ELwAY>f7h@00;!A_> zhH_3lB?22jM=QoeCO)O90Rs+~IpT|Q zVvok%O@M0wuQ2t#-G_{J?n;#D+kHa7%a}_9IXn%{A5qmGn?L~Zs!Ruq<1}9tRNO zAyPwpGokYl{#) z!m{|48Hun9mdL|CMf6HeS<|$25CJ1FD1Vz@AWi|tEtgkbD+u|nJcJ!Wj9>5Xz zZP%B+v$d)6x*)lyP?Ss(i1}d37bQ5(+FfUGUHL4hh&02?OSl@S6o;7qA>r$Y6P}wK To^?OZiH5REWWdo7P~0KqMHB?QqH)MPZ@0H(B6 z?qd{Kc?NL;+g%akG`=RNUK6nJpizEi%teHJBNEiz5RpQjo{H=cb>9G4)ddj$LHYQ~ zfO{JeQOPttaJ;t^Zyj{Hhk8$9R}yS^Ia*>8F@r*fD(fB!Lf_%R?k98nv{(Yb;hLT1 z_yf?jeJ_B`4D`i!>Rb>tdBuFhwsX!4{HhDVzkg02M%mufNM?iwmlJ7h3`FK3xW( zEg*53#x_g7sPxz#lDa`&w@=;kOdvGlZCN1KNUT~&kOr|ls zv3GD6_piJ1xW|CfNxgs6Ij1-`X2ptP z+3^zGqibHo#w5suS%cV;*fn}i@J)9D=XIX6Rf@Erp=enDbi*;^YIA^!*F7rPqau;J7+6MB(X8N!k(T z-S{cL0s7B#$kb{d(hJiW`wo=cSuJ zLR+0Aw?hxp#j(jBY~UU^_Li3STw*;#jzjL~M)&w=8KrK}LexV|PCDpE+mbGJ$2GKQ zOqRk$#%3PeBFus9qC?;vBvo*(Gi`v6sV+r#Cc}|}Yy+*irGw)aL(RIt%+PVqBkB!(VLIeoFZPH2Z2or)6av+zB!W#hM|uF-+RH{N-WEAV?Kx| zRt%ZeM_5J`SMxD=XF{vOuRsi6y8PqEq1SH)4Vqr7;`p;6bl^vlJ!!rKch-+izgHbn z*NHJry>F;zrysGs2R+(ttl9_hLm79GQr>0)?%holp<;62ZJXy0n}Sv>jIQL74)fgb z;Z)veqph`5Oef#q>yno+=CtlUs9cml5{|!E^`iWEJ?fKBD_}U694N_sekU;V5uLyA zfUWpGG&tMY!5WKy(aek+%TVzs7D$q$mw3dFd!Eck)bir~Wo&~AXG9-u} zqU`Sj3v^36RZ3|~4~~fva$qxri-<0ykAG6JU2EWAen|C{^@~C=%NCYlh;M&>{<&DV zj8Q~NNlB`~m^U+$v}cRG?}1|0fTo!ALeVUhjIx6b`X&9&NcKHXP8CaGLkRAFA{Zoxl|J`1J+Du+gH~2Q#MYKR!aHE_%}Khb#z0*|kWE#d zM;U7SfQYY$X-;c^QsN5x(MUk2NwbG|m7d6g{~T;{CbldjiYv7PuT4dpLyxzRa$~>1 z#2h90FlXWZL$eYBy?Z%~=XlSiDJi1eqckh%K}kvVB)na^Ft3mNf%z&%%l^Hyk}t(#uZhsSM~*)ERW`6Q>hHtn(waj;g7j7<hlANtb3WC2wE4Bsk#uDKdK;Rm-$tkEKL4FVUf5{oQ4 z6ktJrkuRX{elTMM&;;g_u?6ZgtRy}xb-CT|bG5~|DfaVJ% zfnS)oF;yg2${kwaf0m7RT0C};zX|C*WLT5A&R2IH+r%_6bAjpsO!-H%!C?KLB(Pv_ zvXAK$@h%fSht#Q$=>H)D(Zh&MRXwSNCOc63yLYwW#&nutno^UHN-z3PrnrY?)XW|) z8F(<-w5H&zQo@UJ!rbX+k>xX95I+@~{-qFk@*a|_r2b-N;MmDWr5&0>qAPP;H39J2 I+~Y!JtB2o|MgRZ+ literal 310 zcmV-60m=T14Fm}T0zK0%9VrWSJo?hWWC4@7{6Dr>ATkZ9*omCM1LRJ5JDmxC9|-xA z0P;X6!=Qd+s3!7mTX}w87F|CXJKomP=*wpVri=~FnCU5-LRlhAp(kEVo*tHXz_za) zFY+l;Drz^8>qL{V3AJvK)>M6zk6`$<@Fn2XLnjh?Z4^Bl)ZeESj=OSz1`hZ(boetP z}U5>q2HvgJ>c z{DrplT|D$PiGt1bIW>SBLtW{ZCizEL9x1(%FM{z6vmbgSp&)vXn;JcD|CaElge)AB z;jm6y8BQ9`lLKCNbW@qpf~lOIX(|ANOSe|b){rznW#QNyVjgD$S{p)td9rblg-cx` IY_d`V zYB95`uKw~RCywWtg`?hf~~F6a-RUflXQYh?ZjbMT8Qdq>Nw9T^Q_?ki&pEiP(p zW&ycRU#JX!f1Bt=uO)+OJwj~<))_IcYG8m_NBr{Khlb{em|!vbB2n9ve%NRVI{bVXkRV%`B6BuKaO z(M({P<=pDRYB@IqPXXTzVyRE0^=-l(CVZW!Wcd4}z{xc-j`=vUUub>HWu7y1hIbTXvt ztuZd~PW{{R5EeIhKhM#rEYJJ61(H!5QnlKxl2FS1|Qkr^W$j*={h6u1mdc+CU+roC!90_%<^L0lciXS9#Joo z3yzrW-(ft&z`(QzU?sx$Dw#}Md1ws?zZC{A?HE76ZFtFpIc5}%S+74aqoDjLtqkLL zlEp&YN#*y3sK;6alv}~=nB@wHI-`^cB%0&=^@jiJ1bArH6^#1^9JJ1txq5;Or&CNj|oChgxXOP0Fk< z4bs-KaSkM-l9`3IEpvehZ5Zw|>P*yf@Ivse*&KMe!6g~j1(r)rf=^Ag;8ta3VS~P9 zz4iqQ<dnKuqEu3l@y=%_veP#4~ z#H1@RYT#2=Bl*W(Z|i-qVVr%$26FTKjeI;_AmPMm7X;7$(YZ?XDu%kuJd$fB?ut@J}=xQ4kAKm*ArfEI*X;t6f%Vz z6@$ivQHMZbrCg_N$wMr7!46+4`ae#u|LaC+IBO_b<)$jscBAHBSl)FK%8!9MbJ$s1 zPxY6`I+p625dNPUohvnxjEQT!7rJHVA=WnkmdU8V7!|vne=ikq|9*Y&Js$iAI|v8F z!180w@!*;$czkrxcPTi_3RbmF%9TEV5qKn19Af#g7ltQ?{eLU9t!2) zyKLtEnT92SN@lVa-VVRqX%}7FOEAMU!jzS{=CY`u;`~yy^~SAP^n^oR?+PWEyR?p< z!22dr2&vqw;xFPDE%9F&OU!x9B3l57EYNRN(XZ>b6I$s-%zF0y8fFp1EPcqMj0%Hc z`3X0ZeGr7)uXr`}vr3xcWUvyICchgl^f7zX1oD%vCr3^tdVd6W@fQ^qMt^mq5>`t1 zX}}942o-`3y^lbvw4X)UIqe7gU^y;BZ?kKUAb@!Y(N_dOpxsZ)EQCE|P_*@>`{Xef z>8%#!BRX0KDeGAJ-MW?25`BcD0xGkddRqm-l|QX(qBb^t$5&kJM2(cMIUNsMq@oh& zNA=V#qDWzho^ddZm^A^+vif{0MJmH+`@e>{{s&Q*G BWtsp0 literal 1759 zcmV<51|a#24Fm}T0?)hWO0+d>lKRr>0e%+|h+Z5SXDHp|fw0p*t^PsIqvR_fZ?exD z_<+j#s6o~{3Rny`%jJuPtT=pcWi|bgtYK9iA!973RA)c2II%2A2}Ot9`*X?(6H=5W zH{j8$kP6xuJu8ixARTUJ2INhE>zRJOksU~Bu*>Br(CZDq2%IGEB&-BNE*K=K0e{f% zN1BK$`YkF(9;r3uZ4_&y(DIfNE6Q`BEX+`v;9$YRE10+GRcSv&Nvjk+N8(DyH`G1W z=E6VWIGRbXNj4$(U39*$oO!Mt^gD?*19=S9In&UNqz>>H8yEG)!RgBJSJMiBVu4EJ z8Z9hjeZQPhq%u0^2~? z`xhQ-?zWV<*-j!~25)yC7Im|W^x%x}r)NfG^Zg$)(`j_j%wRoqxTF`lOpNc#5iq~A zoIS_#6Nce>`#*54$%68Zbd`TqGM|~5?Ax0z>*_YGixG3-jJ9$_mmuK7o7Va3EyCkE zz$k32I}p14z>wO&2DfG-KrWh(YyM#v&1@hssPn&gx~-*{5ZmzP5w){J@D6%xtPJ;( zWW$B3hQG(mj63@MkR_8xFmco#{)4eEjPwN5OymT(5!$VfYGX+IgPMJHX)ZS>se7v% zX^}Q+oz;2<`w`wo?WwVEJ?h~fpU`?V_XMj!J86$WhLRamkLgN`yl|me3AU+CZjR(F9Bj@>WWEX(y9>Y?%Ul{G2&&pHn>HbjGEXxu4UIDa_pwHb~-Z`Gd1UJQ!2~h4@9&C4vfy(_LQi z-BOZAihm`tR||-jNvJ2@CY-Rksv_1GBQFxFZBu!Pl7ico3%NavUHi6L;GA`k8wW#1 zyeq56XAD^10hwH2qk8>s`JMJjm2cb(T5D`qvvW0Z&Ohaj#lMHCn0KHx|H1OU5Rag} zdX9*ppod(O&uJiAj-eIt*udMiX{2}&Q2X!Y{ed6-*pYXi*4;sE8LRdclmxximAm_X zC_{;bKsd>x4;;7Sq-oe}B$yYphM!ZeB*FE1pR3aMChaKyS1v5lIC>`)nXil#pO6i1 zhm3hZfi8n`S7(C59(8t`f4L@DG%c=Q_+Qf&3q48zOZ6bZnxBPWF-cC>5_nkNbVKJ^ zn9-fVJRgYb*D;ck0~0e)1cT@zoK`3MF(Oeg%P@wSTUM;O< zRh0!FvnvLIG11ITRg7hM?t|U>txBAw(LgohKn53?T!<5RYv&I3>ox(}w{Fwvm<@`) zjs^HH+B**tPK2-f~_C_xzI5j7EUqbQ&C zMjXK9M1Ixo5;+LXpSzB@AYa2F`UX@5r#A;7Mzl?D&jU2*+WG|zD{B{be8q% zJ%<_`BW}O*`s`3d#>x52-qi%As^Tf+|8;=7lF=CoSJ#Qs32>fyt?zqLF&I`c(x(hq BZHfQ@ From bc3e036b95640b0e7ca78a293d8b5a44979d9394 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 17 Apr 2023 16:48:45 +0200 Subject: [PATCH 52/89] corrected publish workflow --- .github/workflows/publish.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 3134339..c337a9b 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -55,9 +55,9 @@ jobs: - name: Build branded images run: | ocelot/deployment/scripts/branded-images.build.sh - docker save "ocelotsocialnetwork/backend-branded" > /tmp/backend-branded.tar - docker save "ocelotsocialnetwork/webapp-branded" > /tmp/webapp-branded.tar - docker save "ocelotsocialnetwork/maintenance-branded" > /tmp/maintenance-branded.tar + docker save "ocelotsocialnetwork/backend-${DOCKERHUB_BRAND_VARRIANT}" > /tmp/backend-branded.tar + docker save "ocelotsocialnetwork/webapp-${DOCKERHUB_BRAND_VARRIANT}" > /tmp/webapp-branded.tar + docker save "ocelotsocialnetwork/maintenance-${DOCKERHUB_BRAND_VARRIANT}" > /tmp/maintenance-branded.tar - name: Upload Artifact (Backend) uses: actions/upload-artifact@v2 From 9af6810cf641e7323a89ba5a686f0a46574f0a3c Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Tue, 18 Apr 2023 00:23:10 +0200 Subject: [PATCH 53/89] properly use DOCKERHUB_ORGANISATION in publish --- .env.dist | 5 ++++- .github/workflows/publish.yml | 11 ++++++++--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.env.dist b/.env.dist index b794cd7..80ef9ad 100644 --- a/.env.dist +++ b/.env.dist @@ -16,4 +16,7 @@ #DOCKERHUB_OCELOT_TAG=12-ocelot.social2.4.0 # DOCKERHUB_BRAND_VARRIANT defines the name of the branded image uploaded to dockerhub. -DOCKERHUB_BRAND_VARRIANT=stage-ocelot-social \ No newline at end of file +DOCKERHUB_BRAND_VARRIANT=stage-ocelot-social + +# DOCKERHUB_ORGANISATION defines which dockerhub organisation images will be uploaded to +# DOCKERHUB_ORGANISATION=ocelotsocialnetwork \ No newline at end of file diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index c337a9b..a8d4865 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -30,6 +30,11 @@ jobs: echo "GITHUB_OCELOT_REF=${GITHUB_OCELOT_REF_JUST_BUILT}" >> $GITHUB_ENV fi shell: bash + - name: Set DOCKERHUB_ORGANISATION + run: | + if [ -z ${DOCKERHUB_ORGANISATION} ]; then + echo "DOCKERHUB_ORGANISATION=ocelotsocialnetwork" >> $GITHUB_ENV + fi - name: Checkout Ocelot code uses: actions/checkout@v3 with: @@ -55,9 +60,9 @@ jobs: - name: Build branded images run: | ocelot/deployment/scripts/branded-images.build.sh - docker save "ocelotsocialnetwork/backend-${DOCKERHUB_BRAND_VARRIANT}" > /tmp/backend-branded.tar - docker save "ocelotsocialnetwork/webapp-${DOCKERHUB_BRAND_VARRIANT}" > /tmp/webapp-branded.tar - docker save "ocelotsocialnetwork/maintenance-${DOCKERHUB_BRAND_VARRIANT}" > /tmp/maintenance-branded.tar + docker save "${DOCKERHUB_ORGANISATION}/backend-${DOCKERHUB_BRAND_VARRIANT}" > /tmp/backend-branded.tar + docker save "${DOCKERHUB_ORGANISATION}/webapp-${DOCKERHUB_BRAND_VARRIANT}" > /tmp/webapp-branded.tar + docker save "${DOCKERHUB_ORGANISATION}/maintenance-${DOCKERHUB_BRAND_VARRIANT}" > /tmp/maintenance-branded.tar - name: Upload Artifact (Backend) uses: actions/upload-artifact@v2 From be3ac7ad29f37d6a00fb3203db302cd91cebb9fa Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Tue, 18 Apr 2023 00:23:17 +0200 Subject: [PATCH 54/89] new secrets --- .env.enc | Bin 575 -> 628 bytes kubeconfig.yaml.enc | Bin 1517 -> 1523 bytes kubernetes/dns.values.yaml.enc | Bin 310 -> 314 bytes kubernetes/values.yaml.enc | Bin 1759 -> 1765 bytes 4 files changed, 0 insertions(+), 0 deletions(-) diff --git a/.env.enc b/.env.enc index 7e73c082be752f10fcf0a3aea694b207b878ad66..3d6a5c4fad60f79fe73c0417b52f938d85ac6496 100644 GIT binary patch literal 628 zcmV-)0*n2O4Fm}T0^l~|-0B5AP5RR50nAGOn-^h!QQ&d!L={a^Vxie3rM+e7AVG1E z2Z5zR2_Y%qss6D41=Wurxm!GXEM`|hU+49M@WQD)J|Rp(?J2!@geQuABC2SxVSO}M zjJ5dM*~U1B6D1p{t>nKz2_7y9+P|NNN(1MGhwGc4Zrf7Asw=381Zr}hHn)%4Ku4lo zGT9{9#OXh7avB(t^w!Wl6mJ)K1!hk<%(+D}f?us#lkI$TODPh!y1abcrn%z4ZwGaH zw7kRQ7D1O}lPvHV&OH=s>N(^2MxY$jsGX@&KE*GkdQG$sJWUmMHbB6R_#pA?MAlTB zYbT^Oa*fm*4!MbK^RKdGf3?$kyVwbj`iGamGA!WecN~!f^B1P0H99$XlOwn9z$MYc zb-tu+F(*2J_Eq!h*Ct3btx^3m*Vv&K@bn4^M}b4S2fUC^Ks9?eK8RjRW+yRTPK+7Z z(`1Z{ULH%v z#GZM1;MqxR$h0u^r0BJwV&KaJFBD=VEsvEXIOGM%G3*lv_F}Wi1p?xkFJ3%`Fonfbp(s}})@wdElr8fqb0wD6uOxB-uo-nN OtHhpqD2H7%fBE2H`!19K literal 575 zcmV-F0>J%@4Fm}T0=sd8aGHOEm}4x&ZyfYEsuF(@IG&yTcaWu;{@7 zJxfVQrAcrhV>@Y(G*~7G&Wx?wrEt%;atWkCEZR#`_|G3#rt?U)WUaZ_asY*^LHWt;0z<;;TdcJrrC(f=rL8HI^SnY)jbk_E;g z#^ia`f`F0oX<>#VKRR9}Si|5m)}XC|zx`1sV&eUp=>bLX3fF)kKl4eEw%+sF-$dls z5)&KOHz%a5UiQu@)A}7`5jUaX)8K|pwoSPwXvjBqf{{fOFuN>m^chZj={4d|_)5lw zE%N~!p6$Q0)S>19K@3GeL*+ls3}-qU-yYZXI<;v55)6lcjeizOKBmTFDxU~Dv?m-A zyjpSIx5rBv{3a7(ZoKo}A~CZd3Y@VeF8>@O!3!-9n@a}k3`8~5;V2u#Dd?#%G}Lfx zz1bruwTuu%;-%PQdVWoQEj9zXy9 diff --git a/kubeconfig.yaml.enc b/kubeconfig.yaml.enc index d921b0e670ea0625f2a8527b7c224933cd9b95b9..0024a7d60f890b2dc4edb03925470d9c4e9759ef 100644 GIT binary patch literal 1523 zcmV-JZEJER-`fZmxGU0T!thp|YWXx+Q z1ug0{nf*u$cX<{CmWN_a=fQ&u2Rp!MFN{f6?bqlN@&(h8?iuKuT*=XgJ2gxseZ<=~ ztbtE5LbI)|%QBJu$UqnVC%@jQSKPX$J)Az>2c&AnK57IO&ATD!9jLet0+{tre;tPzq`?U+~J;Y zleQ8<14;nK8QE!C!w$!-arc^t{2To(;AST0m|*L!kcd@R$}e@7N!q}yAm&zj8lq45 zdo1vdI+?og9Q@!VObR*sj{y<4c|HJP`S4wjJKFFa8=?1&q`j=@iu()609%O4Sw_l! zJYg`>d{5|wjj}hW0!%#U0+DfBSqdcTfWPUcAB5q8fXC*SL9L)Ts-`c=@6C73%9d$a znQgJL&t&VM-N-JhW7ON6FDf8@z|Zx#Lm);z19O!f*!t-n_-$`izj#-!VrzXLF|8%i$ui`AfF zJm5Z&;;2BHh;yJ6T91J)jQ`#T{{NQe*au$62ua zu3)C6p#aGGQ0`!K#sV}dj*e;>M-8$Q%RQ>PlezjL%w@=S5uBin%|X=>QHO_l=^bJ( z+YrbqR+7iJ8g5)#^S?0iy4SM?V|&o}QU%GoeJ>St78i)J?mZ04I)BmMVi=Dm`GpYk zl9cqFi`HsB!627Sh7hUIRKXksEYot*PyBm`;?7Ds9N;BP#iL2xFKFm;(LYl1wBCsF zd#nlwN0o8?|A`&bs<6$wp|M562ELQWfS7-|xGHJ~C#)%n6KRE#zZPr3!04{}gurDx zs{Kd^$CKbS?9$f>=BHc(P7_76p$D^-H{Z;fSL}}kVUZUw!47FCL5+#oHWKB|)u${X zK5YM5(kU4nY@lpH11DDaY2?6!0F%w+@{}>Z!{CelLR*B6oPDBXvMI_?ZqVP&=Ljs~ z)vcCmsE(RbAgx}hoW$YPk@3Y`sZpFfGnj8lAKo_r&{eY=$ z!+k>n<1PAQ?(6Sys(r~hI-1cu;B4&q{DKf%*xop$F;Y;v3L)#`EPhcG07tr6{YA9G z9a240UYviKC3F6{Kag# z``#`S`xodp?p;R4&sQ8bO9hm7c9_`ljSO_NzrAOxt1`!hAE{|1xhSN5P-A>SxD(4* z!&(`{eo3+JgsDC@oN_sdzFQHXb?t7kGGGLkrPlfx!s>C;|5SL!MYA~Vw!G?31m@r+ Z*Aa=S3>|StV8hMY4nF;Howa8XUVgta0aXA1 literal 1517 zcmVGxx#S;h3_0?Gb-aDl!EKF?1{Y(?8kxG`- zGta@IWmy~o&D}tWk1E z6jA1TJ#m#*bNf}$fTC_?nVT*rm%-GD=6x{Y{Y`&)V0Y13oA~-vj|TjHfCFbYuRT~c z85yw9NDRUPU`wa#AX*%{e%O#OP5V58U8IIyH0*er>vn{`yM~mG5{qh1(uIOjZrp78 zT#P67xxaetkh!RbW<}BQiN;=_Gmq5-C#p3wMNOItP@4q~qqgkmjrG2K1k%&Iv^t8nCHgfgCJ|J}7Baj;#$Zu+_J);88> zF@I9Pd2HhR6PW^q?JIj4J{s?p3=pSV5Y_5#EuWnbXE%uktk;ELwAY>f7h@00;!A_> zhH_3lB?22jM=QoeCO)O90Rs+~IpT|Q zVvok%O@M0wuQ2t#-G_{J?n;#D+kHa7%a}_9IXn%{A5qmGn?L~Zs!Ruq<1}9tRNO zAyPwpGokYl{#) z!m{|48Hun9mdL|CMf6HeS<|$25CJ1FD1Vz@AWi|tEtgkbD+u|nJcJ!Wj9>5Xz zZP%B+v$d)6x*)lyP?Ss(i1}d37bQ5(+FfUGUHL4hh&02?OSl@S6o;7qA>r$Y6P}wK To^?OZiH5REWWdo7P~0KqMVEWR)XaTCv=tiF-pq%29)1=0s7yX9Ch?{s6H`*-^ z>bE*t!4)1lF@CK+f)~Fz$91V}N7>6&CT25+&oIQnYs7mlR)<#@X-M+e3s}k+M0<=( zKZc+bvkk;dPOOMz*9pC@wb~XI*NDgYOk$3wh>D|4MBHUGL?{Hlri|t?w{+NGyEDUZ zF+rm_xf_Sd&W+^k!Z$!aU)8pTrl%n{FWT6QX9XM?^$4+3nQsEVEqyynJEKK>3~{2^ zR^iHWq@)=Hl{uoF#9>rVN_fZRdjXP%f;EHhi3Y}=8V~F@BsXB7N^j&ITj*ML?3ir-q MkpvI5MBM^6Khlkrk^lez literal 310 zcmV-60m=T14Fm}T0(9AKaj>hlANtb3WC2wE4Bsk#uDKdK;Rm-$tkEKL4FVUf5{oQ4 z6ktJrkuRX{elTMM&;;g_u?6ZgtRy}xb-CT|bG5~|DfaVJ% zfnS)oF;yg2${kwaf0m7RT0C};zX|C*WLT5A&R2IH+r%_6bAjpsO!-H%!C?KLB(Pv_ zvXAK$@h%fSht#Q$=>H)D(Zh&MRXwSNCOc63yLYwW#&nutno^UHN-z3PrnrY?)XW|) z8F(<-w5H&zQo@UJ!rbX+k>xX95I+@~{-qFk@*a|_r2b-N;MmDWr5&0>qAPP;H39J2 I+~Y!JtB2o|MgRZ+ diff --git a/kubernetes/values.yaml.enc b/kubernetes/values.yaml.enc index 832559b0cd41a67425c9ba81a27b23089c02190d..1e77e0cada3fed32e8a338ad9a114b7266da840a 100644 GIT binary patch literal 1765 zcmV zm2UyGacsZ0jlMZ_SMb)!0)%;v8RT8l0y#}$ShZnU2UewKA}v)*EW(^rPMzg~+-?SJ_WC zfpOVSegB!gSX;rwpI~Oy!U4p=KcOLhOjj7U%#;1Yrjtv&sc(W{55jtGj-Ls)p`QWp zKgx+fC`H^D_RDd*weL6{30h)*hr#BwTNqwC>rek5%ZzkXlg1N!y-?%~a6@b^EB%d$7QT|9ZuLG859Hv; zO@75zNI6xLY5*r=vIQ`8yfrW|j|dDNity+h!nrAUw&YOox_Nt_|G}d|^zU(e0mWe3 zuZ@NBO)!_6MtU{AI8VQ1m!*t{-Z8o&MBoJuqwEjH@&lvAc_&@CHoDK^F3y5X(l+pb z8nUbjVce!U+*ajLJ1NyjJ-uEdTt+tk?!k!IfWJ$gj6C%v%9@NQ%8$mxJ$}bakQMjy zZjFLXPw1>H>&r5mqolYpZU528@vu$=)?63nqM%XSbk>3nJmOB_I**#?-3VR$e{YhQ zr9K=_v|#J9Z=AYEOHxhG(RifzDf~XvKwO3>wilvosTbJP)~=QGw2L*79X_b%jL5&y zIP`f#Yxi!R$I_F~&_}>%5v;+4M0lO@qWjBTd*RqDv7&7M3;?;w1a*a$5C%qqGwy$j z+tnT%IMuHSoVXaCpit%HDKY*XVpL?J)KzwW)^oCMKShdF;Sh+UvHyj0OF{|t9Wc4Tf66pIysVe=C8VI_W|qBhN% zk}GT89`ZEQZVuJQT&1JYmSqUU3PZ+p+(Hrg-mIUQ@kwJIt_2Fe6F3v=%v-IG)!hQ= zOpSb=Hs$4?RrteMa*13g2JI20mAeHSK-uoT0>^l!<8ow{=64W3#gVOA*611~i*W|N)5w=iPGrf`+Tl2k?1I{E|5lTd5b#qzGYxjW2nNh)B4o z4=$dsf7o$zdB4{rC%^W`Qc&-;b{5gngYj@Yqx%+U(O;^&{ry^qe{?JKF6Wpk9Kq6| zM+DrxWG5G3GKehn5Q&B!q-UUMk&PYY%ao{j1|;H=O5(}&Job#P;!(vD8*!zr=@>mA z|G*Kozu9SCVFv=hJ=>hTA_k$?(jDG+OQXdXR009PJb<#kFhuY5={6`a`3kuRtrU>7 zs;i{R;9t$N-4j_G{6FY*d%cp&E*z2awOL@&MCQmC-_NzI``X;NH?2B3d@^P_b7JLK zSpaMHGC01dOoSf}^C{)O*GcmUZs%>2qz)z2izgX?qF1GI9yuLEN^JxxgkEueEZ^U9 z>R8&#rXGb?WDB;sEcZq2r#R4waG*}32@3^R$wfldAv3pfe(u7|H4~M|R^eL)iDCH^ HNqAAa+eC<3 literal 1759 zcmV<51|a#24Fm}T0<02h zYB95`uKw~RCywWtg`?hf~~F6a-RUflXQYh?ZjbMT8Qdq>Nw9T^Q_?ki&pEiP(p zW&ycRU#JX!f1Bt=uO)+OJwj~<))_IcYG8m_NBr{Khlb{em|!vbB2n9ve%NRVI{bVXkRV%`B6BuKaO z(M({P<=pDRYB@IqPXXTzVyRE0^=-l(CVZW!Wcd4}z{xc-j`=vUUub>HWu7y1hIbTXvt ztuZd~PW{{R5EeIhKhM#rEYJJ61(H!5QnlKxl2FS1|Qkr^W$j*={h6u1mdc+CU+roC!90_%<^L0lciXS9#Joo z3yzrW-(ft&z`(QzU?sx$Dw#}Md1ws?zZC{A?HE76ZFtFpIc5}%S+74aqoDjLtqkLL zlEp&YN#*y3sK;6alv}~=nB@wHI-`^cB%0&=^@jiJ1bArH6^#1^9JJ1txq5;Or&CNj|oChgxXOP0Fk< z4bs-KaSkM-l9`3IEpvehZ5Zw|>P*yf@Ivse*&KMe!6g~j1(r)rf=^Ag;8ta3VS~P9 zz4iqQ<dnKuqEu3l@y=%_veP#4~ z#H1@RYT#2=Bl*W(Z|i-qVVr%$26FTKjeI;_AmPMm7X;7$(YZ?XDu%kuJd$fB?ut@J}=xQ4kAKm*ArfEI*X;t6f%Vz z6@$ivQHMZbrCg_N$wMr7!46+4`ae#u|LaC+IBO_b<)$jscBAHBSl)FK%8!9MbJ$s1 zPxY6`I+p625dNPUohvnxjEQT!7rJHVA=WnkmdU8V7!|vne=ikq|9*Y&Js$iAI|v8F z!180w@!*;$czkrxcPTi_3RbmF%9TEV5qKn19Af#g7ltQ?{eLU9t!2) zyKLtEnT92SN@lVa-VVRqX%}7FOEAMU!jzS{=CY`u;`~yy^~SAP^n^oR?+PWEyR?p< z!22dr2&vqw;xFPDE%9F&OU!x9B3l57EYNRN(XZ>b6I$s-%zF0y8fFp1EPcqMj0%Hc z`3X0ZeGr7)uXr`}vr3xcWUvyICchgl^f7zX1oD%vCr3^tdVd6W@fQ^qMt^mq5>`t1 zX}}942o-`3y^lbvw4X)UIqe7gU^y;BZ?kKUAb@!Y(N_dOpxsZ)EQCE|P_*@>`{Xef z>8%#!BRX0KDeGAJ-MW?25`BcD0xGkddRqm-l|QX(qBb^t$5&kJM2(cMIUNsMq@oh& zNA=V#qDWzho^ddZm^A^+vif{0MJmH+`@e>{{s&Q*G BWtsp0 From 3056eec040cf7a052a5d08ab4cac7129355ab652 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Thu, 20 Apr 2023 14:56:12 +0200 Subject: [PATCH 55/89] new secrets --- .env.enc | Bin 628 -> 624 bytes .github/workflows/deploy.yml | 2 +- kubeconfig.yaml.enc | Bin 1523 -> 1515 bytes kubernetes/dns.values.yaml.enc | 6 +++--- kubernetes/values.yaml.enc | Bin 1765 -> 1759 bytes 5 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.env.enc b/.env.enc index 3d6a5c4fad60f79fe73c0417b52f938d85ac6496..02bae169a7fc6896cb041b6a47645241b2dbd883 100644 GIT binary patch literal 624 zcmV-$0+0QS4Fm}T0sspI)l_P5F#6Kz0hlNo`?o|0!=!lvz%c7lC?}0#PEF7`Q?sO= zj_L}>e}_vDo`i|?YmlXKm7X=^{V%j@GU`q8bbo6*Q*1$(;dChDq65P_Hcbwx$3aL8 zEwCZd*f%?28^l@}Y*asbeWh>FFg%Fv6>+FZAsI4xp#4o=G6~-z!D0-9;q9?^ERrqE zL*k{~{TV6C1DW`W4;F`Zsy0<`dCHFeQlI?$bPPMz9gkF)+6h{cRnR>Q9Xs6hKi2u| zX{Q6u))v~to2Jmlx}G!2rW$#yw9bPTTahIK_A{uM zjr&FiN)nVtEuOF*{2}r+E>Bk8dN-MKmwHaPEjW*8rb<*sUP?gWFCW?b@RTcV^iUH4 zo)T?~J^AAU0;!iavG9g?#H>!1|8A8cw=L0wcgMq!+lYn$8TQ4afPwX`rCROaYk~7< zaz~^tQ&HB~MSqdWZi+1kT4yGG5bJ@Eta1WtT{lWKF%W@uy{#=esS-pS%ZDt>$}k*W z*1f`}$akM7Lf(7Uup0?;51K-8@Q3js`Mul`sJqVDt+(U@`JYD8$3WClz*MTy^%s}2_c3(Xl(tyDO0ufP K;1G@U#Y9UhzA^j& literal 628 zcmV-)0*n2O4Fm}T0^l~|-0B5AP5RR50nAGOn-^h!QQ&d!L={a^Vxie3rM+e7AVG1E z2Z5zR2_Y%qss6D41=Wurxm!GXEM`|hU+49M@WQD)J|Rp(?J2!@geQuABC2SxVSO}M zjJ5dM*~U1B6D1p{t>nKz2_7y9+P|NNN(1MGhwGc4Zrf7Asw=381Zr}hHn)%4Ku4lo zGT9{9#OXh7avB(t^w!Wl6mJ)K1!hk<%(+D}f?us#lkI$TODPh!y1abcrn%z4ZwGaH zw7kRQ7D1O}lPvHV&OH=s>N(^2MxY$jsGX@&KE*GkdQG$sJWUmMHbB6R_#pA?MAlTB zYbT^Oa*fm*4!MbK^RKdGf3?$kyVwbj`iGamGA!WecN~!f^B1P0H99$XlOwn9z$MYc zb-tu+F(*2J_Eq!h*Ct3btx^3m*Vv&K@bn4^M}b4S2fUC^Ks9?eK8RjRW+yRTPK+7Z z(`1Z{ULH%v z#GZM1;MqxR$h0u^r0BJwV&KaJFBD=VEsvEXIOGM%G3*lv_F}Wi1p?xkFJ3%`Fonfbp(s}})@wdElr8fqb0wD6uOxB-uo-nN OtHhpqD2H7%fBE2H`!19K diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index f093f5a..bda0ca9 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -8,7 +8,7 @@ jobs: deploy: # see example https://github.com/do-community/example-doctl-action # see example https://github.com/do-community/example-doctl-action/blob/main/.github/workflows/workflow.yaml - name: Deploy defined version to stage.ocelot.social cluster at DigitalOcean + name: Deploy defined version to cluster runs-on: ubuntu-latest env: SECRET: ${{ secrets.SECRET }} diff --git a/kubeconfig.yaml.enc b/kubeconfig.yaml.enc index 0024a7d60f890b2dc4edb03925470d9c4e9759ef..703b8d11068101228c7e372d121df4ab63ed3486 100644 GIT binary patch literal 1515 zcmV4Fm}T0*a!N`9Hu0y!z7W0SJ+P>~wsQ=i9%0Dk*~qOgk6I1vK|e71Brc zn$HDcm${tN2~)ypmvz(Qq{eW}2Tv=>Ebuy`tQ}OCcI1H^nGh)Pg)S zLh>w5pYCHe?^MPV?%HD4jEm?W%;jTNE4R6#-_Y#Y*ssi22etrCkHR(1ad>iCaIjH) z8nsmV|I>p-DVLapHF@h+lYQlKKBjh+5763eO07*~!$JN8%y1DcxE(Jpq4`_jccSXj zZBEd`f>Hy+Xdag}OVV81*%Ma6AnA(Pq<4*{!;M3e)5_3U(-#-{5OHB>8#3@VV%JWr z{BgD0IQn;~s-YP=<-eF%y@dIXJ7- zw22`v$&vP_YJ6@^Mqq$X_qRBz9`?>^E#8h| z6IJ9Z(kbc<2?5ehx-M*P_F==~Vb|QuyA3-Z=4l zUN@npbNoEFYHufSREDy8VQaMfwGT4qVC~a`k_eo$XasA_PcX@r4Rb+XXL~1NG{1n1 zL-|YT@ot+IQP=oV3i|OO7|%c00&=y%K--)kb@qa@a0c-CZ;aG8BY+~TkXrhBhF-w+ zsZMc1O=Y0TY@g}dB5S_WEMw%#@iG5ujv=Z*4Ty81PI>MfLo4LkEH{_Y?qdV~_|K3eKhdzkVpB@f>26B&y6F)x zCr&I*?Z~ELPe6R4hjlL2dp#E^X9dwpS1s0@J`3}MOikJ~iuZ^Kjb%4MFncU8p>*GI zyO*hSxVxL6@eSInNXJB})O3l;s$I4;>vhuiUAVhe6lV}9k=Hjx`t|a$3lyV@GxlVN z>p;9XZ2FCBgxF#eDTc$=!>etpvv>pX(aFsQ?`fIqte zwF85KPwsotf@7#g19kq8?f5kBMR$>?$SE)nl33lUCL>6oYZ8zRf~#!Hig%+*0&5{c zratM~JXSJ|!5FDT%-UyHHpIbv=Oc%{>5jw@T0^zNL=KwvG9l&Ts5`TYf;2z+$5;+r z-aclaH23&UG9Fl8u{y!&e%J-y>qZX$ld2$dvSoF&iV5OLJDcx+3PZ7sd7XnWA7?&S zD%uv{Od;`;AbT_zgbKU_rsqg2K3=UO`?&X(pn~`yJ3&#jMwZc}r&>7wSVhOHn>RyxwEJ_U0!iznG=#nIR0xv-Q& zhU(EpVjsk}jx2&Y9Irc!fYLzkF7ojED1xhjCOLP%8-t-JZEJER-`fZmxGU0T!thp|YWXx+Q z1ug0{nf*u$cX<{CmWN_a=fQ&u2Rp!MFN{f6?bqlN@&(h8?iuKuT*=XgJ2gxseZ<=~ ztbtE5LbI)|%QBJu$UqnVC%@jQSKPX$J)Az>2c&AnK57IO&ATD!9jLet0+{tre;tPzq`?U+~J;Y zleQ8<14;nK8QE!C!w$!-arc^t{2To(;AST0m|*L!kcd@R$}e@7N!q}yAm&zj8lq45 zdo1vdI+?og9Q@!VObR*sj{y<4c|HJP`S4wjJKFFa8=?1&q`j=@iu()609%O4Sw_l! zJYg`>d{5|wjj}hW0!%#U0+DfBSqdcTfWPUcAB5q8fXC*SL9L)Ts-`c=@6C73%9d$a znQgJL&t&VM-N-JhW7ON6FDf8@z|Zx#Lm);z19O!f*!t-n_-$`izj#-!VrzXLF|8%i$ui`AfF zJm5Z&;;2BHh;yJ6T91J)jQ`#T{{NQe*au$62ua zu3)C6p#aGGQ0`!K#sV}dj*e;>M-8$Q%RQ>PlezjL%w@=S5uBin%|X=>QHO_l=^bJ( z+YrbqR+7iJ8g5)#^S?0iy4SM?V|&o}QU%GoeJ>St78i)J?mZ04I)BmMVi=Dm`GpYk zl9cqFi`HsB!627Sh7hUIRKXksEYot*PyBm`;?7Ds9N;BP#iL2xFKFm;(LYl1wBCsF zd#nlwN0o8?|A`&bs<6$wp|M562ELQWfS7-|xGHJ~C#)%n6KRE#zZPr3!04{}gurDx zs{Kd^$CKbS?9$f>=BHc(P7_76p$D^-H{Z;fSL}}kVUZUw!47FCL5+#oHWKB|)u${X zK5YM5(kU4nY@lpH11DDaY2?6!0F%w+@{}>Z!{CelLR*B6oPDBXvMI_?ZqVP&=Ljs~ z)vcCmsE(RbAgx}hoW$YPk@3Y`sZpFfGnj8lAKo_r&{eY=$ z!+k>n<1PAQ?(6Sys(r~hI-1cu;B4&q{DKf%*xop$F;Y;v3L)#`EPhcG07tr6{YA9G z9a240UYviKC3F6{Kag# z``#`S`xodp?p;R4&sQ8bO9hm7c9_`ljSO_NzrAOxt1`!hAE{|1xhSN5P-A>SxD(4* z!&(`{eo3+JgsDC@oN_sdzFQHXb?t7kGGGLkrPlfx!s>C;|5SL!MYA~Vw!G?31m@r+ Z*Aa=S3>|StV8hMY4nF;Howa8XUVgta0aXA1 diff --git a/kubernetes/dns.values.yaml.enc b/kubernetes/dns.values.yaml.enc index 4be2856..712f313 100644 --- a/kubernetes/dns.values.yaml.enc +++ b/kubernetes/dns.values.yaml.enc @@ -1,3 +1,3 @@ -  )~^`hF#Ӥơňx7-:Z:1~>9ulGU&f30k{.VWiH XD{L? LNd ׈LbMDe4D(2t`3p1A9΍7@?_ն!7/،gSo-};K;E| qVr9ו܏'H7n갵[dl V ")u9Խ>#.0"ܯBS[Q };fp -hc&:r]j`]) -cD7? \ No newline at end of file +  {Uyhdm;{@咔KBllYn$qhYedRR$A#,{v0d] +'VQaB|-r#shV&(-I]WYn/K[6r=p5 y +ŽY;8_,\~L*~ODK]pjDj3Rv $dFqdRaX .\+9 <ΑLE}ԱL8EAM:Il Hî7l dWa}FZ|RC@-<cO9QcJ*)߽( \ No newline at end of file diff --git a/kubernetes/values.yaml.enc b/kubernetes/values.yaml.enc index 1e77e0cada3fed32e8a338ad9a114b7266da840a..aa23c38883697aa9954e67670a4843335c8916f0 100644 GIT binary patch literal 1759 zcmV<51|a#24Fm}T0%-#%NdqD_hx*d$0i)LyZlNvs6c?9Y)n&doW*fqDbUAqvBK=Cy z@6mCoab-siBsI7vWY0T>HWD-5X4BtG) zdKYI8IsOX@fUvdr2+hG1pKNr>g6pI9{*B?h6c`W~ln-R6dEy zgCn$L7y4#w<9b7A;=F^s2OO2KyAUncx0>2(1d)4lWxN+F)`c>dPKN1TiZ0}tQN-Ty z08}J<=Ht8W{A`Ur>ZPOWe1?85CQ_M$rJsjI)Yt0ACGEzXt8 zW*L_ydbL=HQW0)n<#Pg<#*_wYr8$No1flqdEBnJA9y6rnnSrJpoujlp+C&oT<7${@ zBv2=m_QZ=)6>>=0%D=A2K1=uHqSd=3R?RD{{NCAg}`$oM&npye!!jm5vHP@BY6# zdPP&>cYuI(gdYIE-Q6OZGGO#x=~xF{G4+vq%YxwUK(?>qI%<{&_apivB2hlVckoZs z<)5zi?9Gy#^rir_4{E$AKa!L7Cb%AB{=QX6gV>B+P3zqft*6H}-H?_v+QXB6lJ(Z6 zXPb|;+1%<ofZp=88HyM*=|SZ^nVqFTO#>mL`lC?(IXGH+435FRt(|;!Ols}s*>&(%^FN> zk^KTgVi0T-<|QDuZ{U-mv>4fX6Dp7auLPP-SY`4~Vns@_>?pNZGwG^G>pi5c~sTN}VFHD2E4yKRT1*|W*=7x*O-1LyI%qY1Nx0oCs zXOis3Q$WN@lSN8|aD%+7pv)rQxk`2BvYh=eexNKDNlUz4n)Pp4q546a;8bHA@XA2M7Yr-o!|vf!TL#$lK4pLAdq?7N(|W zFtyXrXT_1_Sm#-_<=b5qe*2a`;Cbj=YI~Ar#qgyCQM8fe)r(YzK3^0vSz+@I^3EMB zSz7!Q8USp;3`qJ|THI`^sxcVzNf;!g-c+uzI+qb-4k>Z|J^z!L@h2u<#dp7i>`!G6 zIpA{3kj4n@nlT`?p8I!I`?NdS?^Hgm)-GV{BqV0gjXBa!1ONS(%=8l>N>g1LA8T*b z2g=RApo5M{mK_35#g-%e9sFd0HQ~B5Rq#;0_=~x$uBd;nrAzPT{iQ|jYr0Jgj zF2qLjL2E(jjdaZL&81}@jj~ZDbnueA!5VyNSxhTN8UteQVKNf%%a6joqIuJEeozny zv6MyPC`a<_Rc+8kY4vU_)ietDbj#jgsh)4*ev&nxK-xYgjq|@ACQE#zmFJW0mJVp%f4P1YWS8O! BU7Y{` literal 1765 zcmV zm2UyGacsZ0jlMZ_SMb)!0)%;v8RT8l0y#}$ShZnU2UewKA}v)*EW(^rPMzg~+-?SJ_WC zfpOVSegB!gSX;rwpI~Oy!U4p=KcOLhOjj7U%#;1Yrjtv&sc(W{55jtGj-Ls)p`QWp zKgx+fC`H^D_RDd*weL6{30h)*hr#BwTNqwC>rek5%ZzkXlg1N!y-?%~a6@b^EB%d$7QT|9ZuLG859Hv; zO@75zNI6xLY5*r=vIQ`8yfrW|j|dDNity+h!nrAUw&YOox_Nt_|G}d|^zU(e0mWe3 zuZ@NBO)!_6MtU{AI8VQ1m!*t{-Z8o&MBoJuqwEjH@&lvAc_&@CHoDK^F3y5X(l+pb z8nUbjVce!U+*ajLJ1NyjJ-uEdTt+tk?!k!IfWJ$gj6C%v%9@NQ%8$mxJ$}bakQMjy zZjFLXPw1>H>&r5mqolYpZU528@vu$=)?63nqM%XSbk>3nJmOB_I**#?-3VR$e{YhQ zr9K=_v|#J9Z=AYEOHxhG(RifzDf~XvKwO3>wilvosTbJP)~=QGw2L*79X_b%jL5&y zIP`f#Yxi!R$I_F~&_}>%5v;+4M0lO@qWjBTd*RqDv7&7M3;?;w1a*a$5C%qqGwy$j z+tnT%IMuHSoVXaCpit%HDKY*XVpL?J)KzwW)^oCMKShdF;Sh+UvHyj0OF{|t9Wc4Tf66pIysVe=C8VI_W|qBhN% zk}GT89`ZEQZVuJQT&1JYmSqUU3PZ+p+(Hrg-mIUQ@kwJIt_2Fe6F3v=%v-IG)!hQ= zOpSb=Hs$4?RrteMa*13g2JI20mAeHSK-uoT0>^l!<8ow{=64W3#gVOA*611~i*W|N)5w=iPGrf`+Tl2k?1I{E|5lTd5b#qzGYxjW2nNh)B4o z4=$dsf7o$zdB4{rC%^W`Qc&-;b{5gngYj@Yqx%+U(O;^&{ry^qe{?JKF6Wpk9Kq6| zM+DrxWG5G3GKehn5Q&B!q-UUMk&PYY%ao{j1|;H=O5(}&Job#P;!(vD8*!zr=@>mA z|G*Kozu9SCVFv=hJ=>hTA_k$?(jDG+OQXdXR009PJb<#kFhuY5={6`a`3kuRtrU>7 zs;i{R;9t$N-4j_G{6FY*d%cp&E*z2awOL@&MCQmC-_NzI``X;NH?2B3d@^P_b7JLK zSpaMHGC01dOoSf}^C{)O*GcmUZs%>2qz)z2izgX?qF1GI9yuLEN^JxxgkEueEZ^U9 z>R8&#rXGb?WDB;sEcZq2r#R4waG*}32@3^R$wfldAv3pfe(u7|H4~M|R^eL)iDCH^ HNqAAa+eC<3 From 02ccccd38f72d5f0135234d7e77a030a086b7e8c Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Fri, 7 Jul 2023 22:29:22 +0200 Subject: [PATCH 56/89] renamed js files to ts --- branding/constants/{donation.js => donation.ts.old} | 0 branding/constants/{emails.js => emails.ts} | 0 branding/constants/{groups.js => groups.ts.old} | 0 branding/constants/{headerMenu.js => headerMenu.ts.old} | 0 branding/constants/{links.js => links.ts.old} | 0 branding/constants/{logos.js => logos.ts} | 0 branding/constants/{metadata.js => metadata.ts} | 0 7 files changed, 0 insertions(+), 0 deletions(-) rename branding/constants/{donation.js => donation.ts.old} (100%) rename branding/constants/{emails.js => emails.ts} (100%) rename branding/constants/{groups.js => groups.ts.old} (100%) rename branding/constants/{headerMenu.js => headerMenu.ts.old} (100%) rename branding/constants/{links.js => links.ts.old} (100%) rename branding/constants/{logos.js => logos.ts} (100%) rename branding/constants/{metadata.js => metadata.ts} (100%) diff --git a/branding/constants/donation.js b/branding/constants/donation.ts.old similarity index 100% rename from branding/constants/donation.js rename to branding/constants/donation.ts.old diff --git a/branding/constants/emails.js b/branding/constants/emails.ts similarity index 100% rename from branding/constants/emails.js rename to branding/constants/emails.ts diff --git a/branding/constants/groups.js b/branding/constants/groups.ts.old similarity index 100% rename from branding/constants/groups.js rename to branding/constants/groups.ts.old diff --git a/branding/constants/headerMenu.js b/branding/constants/headerMenu.ts.old similarity index 100% rename from branding/constants/headerMenu.js rename to branding/constants/headerMenu.ts.old diff --git a/branding/constants/links.js b/branding/constants/links.ts.old similarity index 100% rename from branding/constants/links.js rename to branding/constants/links.ts.old diff --git a/branding/constants/logos.js b/branding/constants/logos.ts similarity index 100% rename from branding/constants/logos.js rename to branding/constants/logos.ts diff --git a/branding/constants/metadata.js b/branding/constants/metadata.ts similarity index 100% rename from branding/constants/metadata.js rename to branding/constants/metadata.ts From 350237c62dcff1a5c34f1e8d718f89b05ce3d33f Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Sun, 9 Jul 2023 10:42:48 +0200 Subject: [PATCH 57/89] reanme all old files to ts, since they are used in the frontend --- branding/constants/{donation.ts.old => donation.ts} | 0 branding/constants/{groups.ts.old => groups.ts} | 0 branding/constants/{headerMenu.ts.old => headerMenu.ts} | 0 branding/constants/{links.ts.old => links.ts} | 0 4 files changed, 0 insertions(+), 0 deletions(-) rename branding/constants/{donation.ts.old => donation.ts} (100%) rename branding/constants/{groups.ts.old => groups.ts} (100%) rename branding/constants/{headerMenu.ts.old => headerMenu.ts} (100%) rename branding/constants/{links.ts.old => links.ts} (100%) diff --git a/branding/constants/donation.ts.old b/branding/constants/donation.ts similarity index 100% rename from branding/constants/donation.ts.old rename to branding/constants/donation.ts diff --git a/branding/constants/groups.ts.old b/branding/constants/groups.ts similarity index 100% rename from branding/constants/groups.ts.old rename to branding/constants/groups.ts diff --git a/branding/constants/headerMenu.ts.old b/branding/constants/headerMenu.ts similarity index 100% rename from branding/constants/headerMenu.ts.old rename to branding/constants/headerMenu.ts diff --git a/branding/constants/links.ts.old b/branding/constants/links.ts similarity index 100% rename from branding/constants/links.ts.old rename to branding/constants/links.ts From 293de8b2dff2ccacea2106b0fe486225e850762b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wolfgang=20Hu=C3=9F?= Date: Tue, 11 Jul 2023 13:10:44 +0200 Subject: [PATCH 58/89] Add 'OCELOT_VERSION' as comment to '.env.dist' --- .env.dist | 1 + 1 file changed, 1 insertion(+) diff --git a/.env.dist b/.env.dist index 80ef9ad..d35240e 100644 --- a/.env.dist +++ b/.env.dist @@ -6,6 +6,7 @@ # if you set it to `GITHUB_OCELOT_REF=master` unnessecary builds can occur. # It is recommended to not set it rather then to set it to `master` #GITHUB_OCELOT_REF=b2.4.0-351 +#OCELOT_VERSION=2.4.0-351 # DOCKERHUB_OCELOT_TAG applies to the deploy workflow # DOCKERHUB_OCELOT_TAG is a dockerhub tag for the configured (values.yaml) docker images From e87806d1d624220ffc6e241ea7259fb5195fa917 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wolfgang=20Hu=C3=9F?= Date: Tue, 11 Jul 2023 13:11:43 +0200 Subject: [PATCH 59/89] Add 'filter.ts' to constant files --- branding/constants/filter.ts | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 branding/constants/filter.ts diff --git a/branding/constants/filter.ts b/branding/constants/filter.ts new file mode 100644 index 0000000..0033205 --- /dev/null +++ b/branding/constants/filter.ts @@ -0,0 +1,2 @@ +export const SHOW_CONTENT_FILTER_HEADER_MENU = false +export const SHOW_CONTENT_FILTER_MASONRY_GRID = true From fdc2e52fa444b300e1c4736600bc0e9ae3314222 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wolfgang=20Hu=C3=9F?= Date: Tue, 11 Jul 2023 13:14:41 +0200 Subject: [PATCH 60/89] Encrypt secrets --- .env.enc | Bin 624 -> 626 bytes kubeconfig.yaml.enc | Bin 1515 -> 1515 bytes kubernetes/dns.values.yaml.enc | Bin 310 -> 310 bytes kubernetes/values.yaml.enc | Bin 1759 -> 1760 bytes 4 files changed, 0 insertions(+), 0 deletions(-) diff --git a/.env.enc b/.env.enc index 02bae169a7fc6896cb041b6a47645241b2dbd883..c5174166cf350e28dab94902c308bfa313ef7f73 100644 GIT binary patch literal 626 zcmV-&0*(EQ4Fm}T0^h~pLF}RMAMw)Z0hLqKIa6|JJIE*cE~Y16#qz_OC^5{&DtWj9 z@ILbQPC-c%uUPFcK~MqDr}QsJP|vbM)2)bDnObd$D8vs)ZX|D7^zmL&4PD0ejF*Vk zFyIl7AZ-TF%)4OinJtx*1WmU)`FFYm*2_r5?H!gXinVo|!X@t7Fj`y878)6JaI9n^+0n#pX<#f*s zv(Bt>w7f-d%@sd2Fq;86@q@eME;xV^c}xqwz^?}lXk~idh!GURKc2@Dr>$#d4Pg(| zTL6gRWRg?G3m`U;gff2R=Asvz#HGZ0QQzE7;XC9JXYn#g%T5~B#c9YsxoDwo`vlt zt3CBJ{ye)GOeVQoSzy!5aU+eMLcX_yB_0xKTldue`$u_&??l60dYC_0LY#Vbu->>E znVqdjsURgr2F$IN($B<#V5irP7h5A2rAEQ*+e}eb6s2a*BB>v2G5!0OaR+{R@xIGr ze}_vDo`i|?YmlXKm7X=^{V%j@GU`q8bbo6*Q*1$(;dChDq65P_Hcbwx$3aL8 zEwCZd*f%?28^l@}Y*asbeWh>FFg%Fv6>+FZAsI4xp#4o=G6~-z!D0-9;q9?^ERrqE zL*k{~{TV6C1DW`W4;F`Zsy0<`dCHFeQlI?$bPPMz9gkF)+6h{cRnR>Q9Xs6hKi2u| zX{Q6u))v~to2Jmlx}G!2rW$#yw9bPTTahIK_A{uM zjr&FiN)nVtEuOF*{2}r+E>Bk8dN-MKmwHaPEjW*8rb<*sUP?gWFCW?b@RTcV^iUH4 zo)T?~J^AAU0;!iavG9g?#H>!1|8A8cw=L0wcgMq!+lYn$8TQ4afPwX`rCROaYk~7< zaz~^tQ&HB~MSqdWZi+1kT4yGG5bJ@Eta1WtT{lWKF%W@uy{#=esS-pS%ZDt>$}k*W z*1f`}$akM7Lf(7Uup0?;51K-8@Q3js`Mul`sJqVDt+(U@`JYD8$3WClz*MTy^%s}2_c3(Xl(tyDO0ufP K;1G@U#Y9UhzA^j& diff --git a/kubeconfig.yaml.enc b/kubeconfig.yaml.enc index 703b8d11068101228c7e372d121df4ab63ed3486..7f97da7b41524fc57f1a8905ee011ad4a1dbddb0 100644 GIT binary patch literal 1515 zcmV4Fm}T0^qW9WKU$8t?|<80iMIsoomsFPRz}pR=j#TkPoJ+{;{e=0p+2% z5vg3&86I%kX;gAhY$C_n?g~H4ivw*XW@ccSDs452VQhKEsQwlp5L`AF+@hMaRIZ3oOZN}4r?+m~m|E1T;So%@?upAIjD6dSXfQXsQ~!(1qRJ$0=|5JF3J$qwsi zW)xK^_RY=`s1o!{F<9;A{1|y6NPFRX75?022NTpFQhHcJRFVlh?k(3H-hvt+tk1nbWei-kTuJ#1^RoWSpZUYb0WLqK-Ij9+ zjjAJKQsZxHJy7DV8HI%^{JPoD6iOxzcygNDfZl*i&`r>3)YBpf9z?QeohieBkx!6U z%9!HLWze%WmH>Ay)!S{T3GEX#jaqjCM*9IU6z|VVN(E|WjWR)9$GBJ)e=K&`+;20- zkc1MQvQ$bgcIhc%!9ZLV^KqkGRs5N-ZS5d#%o3wX7`sdLN2 zV_udDCJ5c>Dey~KoXk(m54(;gUx(_p4kY_MXhrGZ`W9)-dR#tq8H28j z2+T73jB;>SXB-7fic$NuMw!4NnyyJsrpXKLdX<i1!MZ!m5bZK5( zNFmJPG&3jm3&n`Z$qHRiT0;+ll|_vEmLFUAx}!7{*>1ZF2T+51rI(0@sQUfU{tjTd z@xk?ijj_8cSy9X+%o|`>x!$846a6L#kH)HFU>NSH#400DIBgpM|6=&;Upsk7hrB%4_8X@VW;v=U2hs-(Wj$uoF zayW|FM^!uI$ksKaKqEH-P{0+vp@lD;he%+}b>996CNcT;3;fuB;j{1*= zhQ7gz8<54x)GIAJJr0iruIQZdkFXG$^@?l6YaRi>v=|ZE8RT}o?9P|j8bFvkUME+9 zpMkjWXMg!$&-#RF%Z^>wuJyIi9N#6)3*SF+bot0+(V_N$KMnAyer%v|YMf_>%IEZ- RHvhbtllj^x+UBIR?e;tV?S%jU literal 1515 zcmV4Fm}T0*a!N`9Hu0y!z7W0SJ+P>~wsQ=i9%0Dk*~qOgk6I1vK|e71Brc zn$HDcm${tN2~)ypmvz(Qq{eW}2Tv=>Ebuy`tQ}OCcI1H^nGh)Pg)S zLh>w5pYCHe?^MPV?%HD4jEm?W%;jTNE4R6#-_Y#Y*ssi22etrCkHR(1ad>iCaIjH) z8nsmV|I>p-DVLapHF@h+lYQlKKBjh+5763eO07*~!$JN8%y1DcxE(Jpq4`_jccSXj zZBEd`f>Hy+Xdag}OVV81*%Ma6AnA(Pq<4*{!;M3e)5_3U(-#-{5OHB>8#3@VV%JWr z{BgD0IQn;~s-YP=<-eF%y@dIXJ7- zw22`v$&vP_YJ6@^Mqq$X_qRBz9`?>^E#8h| z6IJ9Z(kbc<2?5ehx-M*P_F==~Vb|QuyA3-Z=4l zUN@npbNoEFYHufSREDy8VQaMfwGT4qVC~a`k_eo$XasA_PcX@r4Rb+XXL~1NG{1n1 zL-|YT@ot+IQP=oV3i|OO7|%c00&=y%K--)kb@qa@a0c-CZ;aG8BY+~TkXrhBhF-w+ zsZMc1O=Y0TY@g}dB5S_WEMw%#@iG5ujv=Z*4Ty81PI>MfLo4LkEH{_Y?qdV~_|K3eKhdzkVpB@f>26B&y6F)x zCr&I*?Z~ELPe6R4hjlL2dp#E^X9dwpS1s0@J`3}MOikJ~iuZ^Kjb%4MFncU8p>*GI zyO*hSxVxL6@eSInNXJB})O3l;s$I4;>vhuiUAVhe6lV}9k=Hjx`t|a$3lyV@GxlVN z>p;9XZ2FCBgxF#eDTc$=!>etpvv>pX(aFsQ?`fIqte zwF85KPwsotf@7#g19kq8?f5kBMR$>?$SE)nl33lUCL>6oYZ8zRf~#!Hig%+*0&5{c zratM~JXSJ|!5FDT%-UyHHpIbv=Oc%{>5jw@T0^zNL=KwvG9l&Ts5`TYf;2z+$5;+r z-aclaH23&UG9Fl8u{y!&e%J-y>qZX$ld2$dvSoF&iV5OLJDcx+3PZ7sd7XnWA7?&S zD%uv{Od;`;AbT_zgbKU_rsqg2K3=UO`?&X(pn~`yJ3&#jMwZc}r&>7wSVhOHn>RyxwEJ_U0!iznG=#nIR0xv-Q& zhU(EpVjsk}jx2&Y9Irc!fYLzkF7ojED1xhjCOLP%8-tW>I`xV5bZg6UmWw>aAQmZiZxRI^ZXlroFMjM}RSr7dTZi?F|R z$oIT~#Q|@J{|!?iG|VvIreSk)*)pXwqEkoU`5#mbUR7+$%d#e4sp~DWjg!Q0(xv;u zPu7*tF%V-(7XBM|Ox IajaC~o@|1hf&c&j literal 310 zcmV-60m=T14Fm}T0?vETRTFt=&ic~8WC0&-J9|JK<&u=L=)Fs#;X-U|=MJalS+8y+ z^biJd*J#FBvB~|p&}HP0<=|vefl{f#BtauA^m~nVFa*YAi(LvQ&{k2r7UPKJ#9;x+ zLVUWk=`GiCBXiMcRwf@PEwJgINnKa)1M*oJvTlTyFaAr@Tj>6qHgY|M{J(HDkE`np zc?!k7Spm#Dlma+k>l%unEL_%p%uFi251D>X<3vkc`EY7P=xQ@kb`2zCMxk+JyHa6T z8VN338xkwzISKT*-8==(kxWJE`F-WE)Uiyd0-`uY76O;8*+ES@No)=ENYLZMt~YG= zryd~uWLIH*Mz|WH;P+bbe3%bX6+;$=K&LIs={y|QV^8-7<~gMNQDaIfl=d1auI9+| I+~2*fDDWSY)c^nh diff --git a/kubernetes/values.yaml.enc b/kubernetes/values.yaml.enc index aa23c38883697aa9954e67670a4843335c8916f0..c8db13048f7abe718f29aab2e7d29e6c53dd9fc6 100644 GIT binary patch literal 1760 zcmV<61|Rv14Fm}T0_2&kXHNOWR`Js60n-)ACZJA^x9ETS$@xGn)Wl|2+H3Jt^{sX1 z*E2q#N-J;3LMj`R-)idcxZMDHWK+RRz6y8%bB_kxc*&?Zpu~roK9bf$QJ8^J4vaIi zG8~+YFEsm<n1oGD6^{m z(=Fsw0<5%eAli>$a4_zgMtPpMy2-Y6?PuxbOmdYX^|Nk^|3)lyF1@W z!mgd~yVNP`V#2m!=K84}e?Qa5$Dt@B(-;+ZB7Vd7?tWDo5GkyLd)~d=`lcz#qNZo{ zIfn8-sPjsmJ9w;XFcKoin}^b_DNSDLU3T->W1V4$)DY@$)hdiNOIjUeVn#~{0_r$} z#m(+M{E?`c&xk+Z$$)xR=!E+~V91)d+_kpB#iMN@G{nz8i=LXh-K;7=rF>c?GI)f# z$|o5qB=YljJsy>b;(zu_ZnP(FG-$!xR(hQFck=>snIX(=3RahEHleI|Pu<+)&$ zr(G?Y#2J22r-R&R*E=rZV&f`R7N32|Vog+w`8}V1L+c~1=;&g)0T2%RWjOkJ>eoIiIn-F%iT z8Ufl7klwR;s*y;3pcdv3eJJKX_f-GFc3{FsHpxnDxs{_u9FIT?#Bk^5 z#Y#6)All&WtWC2enL~!EExjGMOfx?r=9ghYTPk0CkN!`9qg+%p5Z>N~d~lA4d0q0cMnIMrH<`y-SgKN=jrp2xy z^w;8Hy!bhex3hbEMKRgw3!?g7VI&?ed2fB!2o#o0-Tp6q!zM z{5e``tL?au7TeRBoN-snV~%zGFq+e(JLGjl^xl9*n-Otig>Y0r=Y+R_aF2z>7NykI z1N&sPis$-_Xt)vXcIjpV%HOqXmMbN(XhlaKx>^Xxu=5(<6tgdHX8Dr)uURzy0>~fa zc)Ss4CRD`g3j?EgG%EfYAGr$@NvHANob7>!a@N9(N_oO}QsgLofzCcLDgS*~V(Q|j z$;b05E#uLhqgajg&AU7uvjPrs)gz+jypo)u2iv-C{|7DkJO;V)TD$9arAY5|1vN6% zWgXjJ#3L&mef3gJx!n&IfYl(iH7#eK6J7v(--0d1mem{?>Yw1VYp5b&|CPxM0o)H= zvCBE9o-Z$_kR+)@Mn)0&r1%V2A!|_2gd&v7B=jj8Jum1Jz6Jl-ZoC#50)k2WKYdz{ z3}Rc~E67hQN~H2@;PwM`98K-@*SF1pWGA1Kze9w zIKT|hYHjv0@Qm3+9BYqVrr2KIJlL4HFhlfbE|9ua-lhf{Q;x;5JeHYZ(~JGb7idHN zWM&&YKMmdPVyDESPHyNqnqLK{Yn5Gp2=0iq&vr_8NG8|>EsrVku{K>ib!YkWn7#F; zK{ji%%Xr-flLOMu1_Z}MQKtUo$hsY0h3y~UV%63~S4Mv^+g>kaFgwA(Mf8H$Y4)?I zR2_9_a8y{C9~h4NIw!7#du_K<&mPqy%FZ!pb>T5P1~EMyw_R~zvfMfGZv5#FqeLd> CwRgq< literal 1759 zcmV<51|a#24Fm}T0%-#%NdqD_hx*d$0i)LyZlNvs6c?9Y)n&doW*fqDbUAqvBK=Cy z@6mCoab-siBsI7vWY0T>HWD-5X4BtG) zdKYI8IsOX@fUvdr2+hG1pKNr>g6pI9{*B?h6c`W~ln-R6dEy zgCn$L7y4#w<9b7A;=F^s2OO2KyAUncx0>2(1d)4lWxN+F)`c>dPKN1TiZ0}tQN-Ty z08}J<=Ht8W{A`Ur>ZPOWe1?85CQ_M$rJsjI)Yt0ACGEzXt8 zW*L_ydbL=HQW0)n<#Pg<#*_wYr8$No1flqdEBnJA9y6rnnSrJpoujlp+C&oT<7${@ zBv2=m_QZ=)6>>=0%D=A2K1=uHqSd=3R?RD{{NCAg}`$oM&npye!!jm5vHP@BY6# zdPP&>cYuI(gdYIE-Q6OZGGO#x=~xF{G4+vq%YxwUK(?>qI%<{&_apivB2hlVckoZs z<)5zi?9Gy#^rir_4{E$AKa!L7Cb%AB{=QX6gV>B+P3zqft*6H}-H?_v+QXB6lJ(Z6 zXPb|;+1%<ofZp=88HyM*=|SZ^nVqFTO#>mL`lC?(IXGH+435FRt(|;!Ols}s*>&(%^FN> zk^KTgVi0T-<|QDuZ{U-mv>4fX6Dp7auLPP-SY`4~Vns@_>?pNZGwG^G>pi5c~sTN}VFHD2E4yKRT1*|W*=7x*O-1LyI%qY1Nx0oCs zXOis3Q$WN@lSN8|aD%+7pv)rQxk`2BvYh=eexNKDNlUz4n)Pp4q546a;8bHA@XA2M7Yr-o!|vf!TL#$lK4pLAdq?7N(|W zFtyXrXT_1_Sm#-_<=b5qe*2a`;Cbj=YI~Ar#qgyCQM8fe)r(YzK3^0vSz+@I^3EMB zSz7!Q8USp;3`qJ|THI`^sxcVzNf;!g-c+uzI+qb-4k>Z|J^z!L@h2u<#dp7i>`!G6 zIpA{3kj4n@nlT`?p8I!I`?NdS?^Hgm)-GV{BqV0gjXBa!1ONS(%=8l>N>g1LA8T*b z2g=RApo5M{mK_35#g-%e9sFd0HQ~B5Rq#;0_=~x$uBd;nrAzPT{iQ|jYr0Jgj zF2qLjL2E(jjdaZL&81}@jj~ZDbnueA!5VyNSxhTN8UteQVKNf%%a6joqIuJEeozny zv6MyPC`a<_Rc+8kY4vU_)ietDbj#jgsh)4*ev&nxK-xYgjq|@ACQE#zmFJW0mJVp%f4P1YWS8O! BU7Y{` From 4b427dc0a6c57a716bb3b3e8f5af3ce3e9c586c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wolfgang=20Hu=C3=9F?= Date: Wed, 29 Nov 2023 12:46:34 +0100 Subject: [PATCH 61/89] Add DKIM to 'values.yaml.template' --- kubernetes/values.yaml.template | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/kubernetes/values.yaml.template b/kubernetes/values.yaml.template index 4171b2f..22e69ca 100644 --- a/kubernetes/values.yaml.template +++ b/kubernetes/values.yaml.template @@ -29,6 +29,11 @@ BACKEND: # SMTP_PORT: "465" # SMTP_IGNORE_TLS: 'true' # SMTP_SECURE: 'true' # true for 465, false for other ports + # optional + SMTP_DKIM_DOMAINNAME: ocelot.social + SMTP_DKIM_KEYSELECTOR: 2017 + # all newlines in one line with "\\n". multi line doesn't work with Helm + SMTP_DKIM_PRIVATKEY: "-----BEGIN RSA PRIVATE KEY-----\\n\\n-----END RSA PRIVATE KEY-----\\n" # most likely you don't need to change this MIN_READY_SECONDS: "15" From f7389c391739c2a1ebf7b30b89f4f04aa81e90f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wolfgang=20Hu=C3=9F?= Date: Wed, 29 Nov 2023 12:52:04 +0100 Subject: [PATCH 62/89] Replace footer URLs with --- branding/constants/links.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/branding/constants/links.ts b/branding/constants/links.ts index 7efac15..c62c846 100644 --- a/branding/constants/links.ts +++ b/branding/constants/links.ts @@ -23,7 +23,7 @@ const DONATE = defaultPageParamsPages.DONATE.overwrite({ // if defined it's dominating externalLink: { // we use 'ocelot-social.herokuapp.com' at the moment, because redirections of 'ocelot.social' subpages are not working correctly - url: 'https://ocelot-social.herokuapp.com/donations', + url: 'https://busfaktor.org/en/spenden', target: '_blank', }, @@ -41,7 +41,7 @@ const IMPRINT = defaultPageParamsPages.IMPRINT.overwrite({ // if defined it's dominating externalLink: { // we use 'ocelot-social.herokuapp.com' at the moment, because redirections of 'ocelot.social' subpages are not working correctly - url: 'https://ocelot-social.herokuapp.com/imprint', + url: 'http://ocelot.social/en/impressum', target: '_blank', }, From a930f11d8f2d0c11136ff0bf9188aaab9cabc5d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wolfgang=20Hu=C3=9F?= Date: Wed, 29 Nov 2023 12:54:27 +0100 Subject: [PATCH 63/89] Encrypt secrets - add domains 'ocelot.social', 'www.ocelot.social' --- .env.enc | Bin 626 -> 625 bytes kubeconfig.yaml.enc | Bin 1515 -> 1518 bytes kubernetes/dns.values.yaml.enc | Bin 310 -> 311 bytes kubernetes/values.yaml.enc | Bin 1760 -> 1762 bytes 4 files changed, 0 insertions(+), 0 deletions(-) diff --git a/.env.enc b/.env.enc index c5174166cf350e28dab94902c308bfa313ef7f73..41179a10ce4d6ecd3934f4ed59a9da7f60bd0da0 100644 GIT binary patch literal 625 zcmV-%0*?KR4Fm}T0#@!S4HSMRL15 zvBFxQ8Vv64j3dBn{%2M|xv9Yy5zNn_zkq~Q?cn3bAz`0A;~y_*neYj|IJjOXBP@Vf+|A;l z_dR-q@iUlLZcSuxq5sb$^8h-4KmyEvbXvHynSEbyw2Jq#5J`Azb>_5{?w3)s%+Cq+s8 LN7BaSS8~)g9v4R3 literal 626 zcmV-&0*(EQ4Fm}T0^h~pLF}RMAMw)Z0hLqKIa6|JJIE*cE~Y16#qz_OC^5{&DtWj9 z@ILbQPC-c%uUPFcK~MqDr}QsJP|vbM)2)bDnObd$D8vs)ZX|D7^zmL&4PD0ejF*Vk zFyIl7AZ-TF%)4OinJtx*1WmU)`FFYm*2_r5?H!gXinVo|!X@t7Fj`y878)6JaI9n^+0n#pX<#f*s zv(Bt>w7f-d%@sd2Fq;86@q@eME;xV^c}xqwz^?}lXk~idh!GURKc2@Dr>$#d4Pg(| zTL6gRWRg?G3m`U;gff2R=Asvz#HGZ0QQzE7;XC9JXYn#g%T5~B#c9YsxoDwo`vlt zt3CBJ{ye)GOeVQoSzy!5aU+eMLcX_yB_0xKTldue`$u_&??l60dYC_0LY#Vbu->>E znVqdjsURgr2F$IN($B<#V5irP7h5A2rAEQ*+e}eb6s2a*BB>v2G5!0OaR+{R@xIGr z1!-lUHG3MH_wES4X3g+0*V+;h zVQAD;IZ|e^IV@*{1SGf^Z!l7b1&T)4*3`Z?rUaWmhFsOY-q1{O#<=(4RTV$im& zF$2ew1X&wiE_aXERHxzLw5dOwk!L3K z_5LBuI2{c(j$e4e4DbVI4h}-4%YBZq*=iUL4?D_ef7v}Bp`W92Yg)NlFs1a40yPCy z4s~y^=CFR+|0VGn=pF(zU~6-UWDC1{dQH-*Ixk^%B$HLe74M}?)tr{Fo(%-^G!G^7v(yyGY>1O z*bk8XjA*svl{i?6W)tw=Gy4$5Kbf+Nz?WLUPmle#MxvJYnM$UeK@5f0)uRIOYBmCm(+oW%LlTS#b0s&ULV0R+w>NXAL=MH#UUU zE~au)?MbpF0Ja*iIx|}|H#n3CS=kZvIih)9#dQ2BClYdMe*!7H#{0099UXuP6fuso z&moyALSAd#L}5|e5gEm1b+jkh1CWrv*l^-7hW+u^&a5@mB|h0vGJ`3cp;kz#oKr^9 zr71~P=G(DM7Q)C&lKCh8Q*|Xi_z`zQZd{iia@Ua^H8TU({wdp7QCq20zF-sUmj#TR zz&8>jXQ|OD7H6@*hIYvKTyILI7Wj1BYlGs5&b| zVd)OB8|^xRp=2XyLQ{^{O0bjm`CGPw6Z@>XWjE9*QxyqR?`Ok#01H{hgLt(f~yO#xDM>{69 zPl`U3BAUc`0oR8Ov6a5G1~f?0L-{XD#YRht3jb-7_9}*k`udAU+NUlh0|!SLUbDRH6uvC4Saa?hg|bo2M_v|Hud@Sj#{mN{bC!!M$Z=Ed zSbBs$!MGi0uc~l?6A|wv=@Dx>eqx$*9F`u|1}EM1U-zy-2lT+@?24ZzI%TV2`>+ed zKV3|ajGu_XgeA`k@W>xRHpyy4IHd00B!~FaI>N1JObjgsY|bTvsXRpFoB1u}fh}Wo zT!SzBkQ;i#PqMRCRBuKs{!Uw1JXHbKZxb85297LfOF%2%s7e%~Cz-OP`}_%YfVD@5 zf(wZzQLUj$`R?vV-f!A{gR+x;5O0;N6f?=@gB!4w_rFqZUfyZTpVlD^2lFgfV2nae z*I~<^#LC=kplu!7oqsqoz)j0!ld4ZRuX(0IQkUl!v_mtV4)$MKt2>c`9 z4`XROTq~?sE$fBW@co00;)8nS7A}PGY*1DLK(5UJu@tRor#Wt)i8I#)$L{8N%K>b{ U?5k#)C3Mc_WkX+YAJIGId-CJlW&i*H literal 1515 zcmV4Fm}T0^qW9WKU$8t?|<80iMIsoomsFPRz}pR=j#TkPoJ+{;{e=0p+2% z5vg3&86I%kX;gAhY$C_n?g~H4ivw*XW@ccSDs452VQhKEsQwlp5L`AF+@hMaRIZ3oOZN}4r?+m~m|E1T;So%@?upAIjD6dSXfQXsQ~!(1qRJ$0=|5JF3J$qwsi zW)xK^_RY=`s1o!{F<9;A{1|y6NPFRX75?022NTpFQhHcJRFVlh?k(3H-hvt+tk1nbWei-kTuJ#1^RoWSpZUYb0WLqK-Ij9+ zjjAJKQsZxHJy7DV8HI%^{JPoD6iOxzcygNDfZl*i&`r>3)YBpf9z?QeohieBkx!6U z%9!HLWze%WmH>Ay)!S{T3GEX#jaqjCM*9IU6z|VVN(E|WjWR)9$GBJ)e=K&`+;20- zkc1MQvQ$bgcIhc%!9ZLV^KqkGRs5N-ZS5d#%o3wX7`sdLN2 zV_udDCJ5c>Dey~KoXk(m54(;gUx(_p4kY_MXhrGZ`W9)-dR#tq8H28j z2+T73jB;>SXB-7fic$NuMw!4NnyyJsrpXKLdX<i1!MZ!m5bZK5( zNFmJPG&3jm3&n`Z$qHRiT0;+ll|_vEmLFUAx}!7{*>1ZF2T+51rI(0@sQUfU{tjTd z@xk?ijj_8cSy9X+%o|`>x!$846a6L#kH)HFU>NSH#400DIBgpM|6=&;Upsk7hrB%4_8X@VW;v=U2hs-(Wj$uoF zayW|FM^!uI$ksKaKqEH-P{0+vp@lD;he%+}b>996CNcT;3;fuB;j{1*= zhQ7gz8<54x)GIAJJr0iruIQZdkFXG$^@?l6YaRi>v=|ZE8RT}o?9P|j8bFvkUME+9 zpMkjWXMg!$&-#RF%Z^>wuJyIi9N#6)3*SF+bot0+(V_N$KMnAyer%v|YMf_>%IEZ- RHvhbtllj^x+UBIR?e;tV?S%jU diff --git a/kubernetes/dns.values.yaml.enc b/kubernetes/dns.values.yaml.enc index cdbe5c203271db56328f252e8d240186ceae99c8..09dc5b46bd7f37ba87da2d586b532bfa3788b687 100644 GIT binary patch literal 311 zcmV-70m%N04Fm}T0v`fZ!)LGPtn$*pWdY_xUG(KUS3Y)>EcWJ`YcO1E^tw7o@M5q9 z%Z7FwhruiV!>%#`8`8TZlXHLRFQigu-J1XOoWkoe3*>oJ+<@3`DsnAg?SHqXFY7%v}OCeAjHkI88V0WXa6$rq& z#gQViqO2GtsXfmx#M*ZdsSeAr)y_9tK(488ZA9>{43g&yFBTn(=`w_WUp!Au6f)St zR9TVcpAdS{3^{1b4(;j7KtMVLvD($mU{l3)MA|*-vbs~7<2xrA+-@pYz!Ig@PE$GV z=nI-^4m+0^e|@mcaXC`@42D`}d`pKtFnAeqI4A2IwT$FIQW>I`xV5bZg6UmWw>aAQmZiZxRI^ZXlroFMjM}RSr7dTZi?F|R z$oIT~#Q|@J{|!?iG|VvIreSk)*)pXwqEkoU`5#mbUR7+$%d#e4sp~DWjg!Q0(xv;u zPu7*tF%V-(7XBM|Ox IajaC~o@|1hf&c&j diff --git a/kubernetes/values.yaml.enc b/kubernetes/values.yaml.enc index c8db13048f7abe718f29aab2e7d29e6c53dd9fc6..dda50429c08313c57f7660b7ce45aff0f4078681 100644 GIT binary patch literal 1762 zcmV<81|9i~4Fm}T0>f+6EKZ6?#q!eX0XNdb?0kSRRxdJD_+Ze22hgHs1wNMD5|=Q4 zU2@K%^4oZaqo9|}^iNT+7m%MKRurxI27`yGem$rK$2-Dp^rj~Yosz=TM~9B58N{14 z*;`12 z!b>W$Cu)9@Ls2MgLZW`LG7JWZ5lE`W*ucF6Ge}bkqmI-{v!3ZZMDS~(`;suw^6+2y zKj6W!g-+eDj3~J5lE&rR{Dd=M%*UwD40Z-qAwFtAaf67ez1NZ4dqR zovEbVBO2-zq5~k6z;$O4a&CTS6d!(_;cw~k$0Cy6L7oVAV7L5)UE+0vg}${<8mnYn znqcOe*$FGE`Fce|?82r`&YE_C;?S&gxnw0+?)uzhU74-lm=GW%e2(w}d#dpgs_J$W z%LJr9?gOWOdlt2LArai`%oy`Dh;@6xEHwrPG|A_26)(_32l+PS!|<)~nhS}TC=!}r zwZ8|_%B+d(hs#Jn*FTo-|2&)a-ksnj6&Oy{Ri-)n{o6(Uu{ok8*48r3q&z>izDN*B z5<^z`yIKW8UOQ~NOh%-^b9zJ9nz5g;WnADp$$x2lR%+88g}|v2mJtZ9EQ%51v?o^N z`fY1OSKii*tg1WI4Fgb1MgMV}z3E{ZxbMtp)RiJowCW4u*b z+TbVgFV~_eCrUFGL**LB4F&~`wXzJKjafJy7Nj%MD=~UP0XCIQ>vqWJU5m?kO*~rKn`36>5Hhg&Nc#;R?t#vdsZ+)^Rq$Hp7dMlh|0eFvq zL@9OFd9W^61)M#qCLu~IEiRCU%yS$V?xepzQ@Tliw&GOWVsH+l6_o+emEDaWrRwEL z0)uVo3H;^3QDi(FOk=_iNzs`9Y)5#H{_^S}e^VspzlY^<-N5z|Xt}L{pl& z?HNdL74GTqO`(t{;{ksLro+xlHuTfYgtv%* za4Zt-)ll}r8-h@!4M$^aMs8^(L8dd8dtYQ+Um)#YKLWl!dE6-HEA+eULRMS^2J37;c53FpCz8nY7?kI3)`-7x~}Eo2aqO!aKLe z;pPFzQtQ+rYn6oaF(a1Q@)1+r5pgZliOe6STSaFd;Kv>|WF0`U*=g`RTinfz&^YUP=2(M`S#m|QVXTo925y2|EinB8tBeYiDw8)O z$4GCYTEaG~8Kqk7y3Ep5WFN;Ve_5_cC zy1)*FtQ#X>Oyxk%>7x8a!5ML`CCoeNQ2Tn$!03wObaaa>oHd!b*H#+(?1-`|IQH*S zbway`NwRY6%h>EEi$d3O#FORN3B`?yOCz^do@&^oy};*2e_O^sV7@Rr4=S@*&`GPe zW8Pd>I~D~aCy|b}7~pr)V}&gz5|*&$vU0=D!Al~4ZGWn`bV*>d=Bj>_6u-xB=ax@| zxFRLa>(Zu4c>WN!U445bPYd*tc>^`;gv`wP_tUnxwhEd{OCW?o;6h4bgFxV5;+^u4 EL54neFaQ7m literal 1760 zcmV<61|Rv14Fm}T0_2&kXHNOWR`Js60n-)ACZJA^x9ETS$@xGn)Wl|2+H3Jt^{sX1 z*E2q#N-J;3LMj`R-)idcxZMDHWK+RRz6y8%bB_kxc*&?Zpu~roK9bf$QJ8^J4vaIi zG8~+YFEsm<n1oGD6^{m z(=Fsw0<5%eAli>$a4_zgMtPpMy2-Y6?PuxbOmdYX^|Nk^|3)lyF1@W z!mgd~yVNP`V#2m!=K84}e?Qa5$Dt@B(-;+ZB7Vd7?tWDo5GkyLd)~d=`lcz#qNZo{ zIfn8-sPjsmJ9w;XFcKoin}^b_DNSDLU3T->W1V4$)DY@$)hdiNOIjUeVn#~{0_r$} z#m(+M{E?`c&xk+Z$$)xR=!E+~V91)d+_kpB#iMN@G{nz8i=LXh-K;7=rF>c?GI)f# z$|o5qB=YljJsy>b;(zu_ZnP(FG-$!xR(hQFck=>snIX(=3RahEHleI|Pu<+)&$ zr(G?Y#2J22r-R&R*E=rZV&f`R7N32|Vog+w`8}V1L+c~1=;&g)0T2%RWjOkJ>eoIiIn-F%iT z8Ufl7klwR;s*y;3pcdv3eJJKX_f-GFc3{FsHpxnDxs{_u9FIT?#Bk^5 z#Y#6)All&WtWC2enL~!EExjGMOfx?r=9ghYTPk0CkN!`9qg+%p5Z>N~d~lA4d0q0cMnIMrH<`y-SgKN=jrp2xy z^w;8Hy!bhex3hbEMKRgw3!?g7VI&?ed2fB!2o#o0-Tp6q!zM z{5e``tL?au7TeRBoN-snV~%zGFq+e(JLGjl^xl9*n-Otig>Y0r=Y+R_aF2z>7NykI z1N&sPis$-_Xt)vXcIjpV%HOqXmMbN(XhlaKx>^Xxu=5(<6tgdHX8Dr)uURzy0>~fa zc)Ss4CRD`g3j?EgG%EfYAGr$@NvHANob7>!a@N9(N_oO}QsgLofzCcLDgS*~V(Q|j z$;b05E#uLhqgajg&AU7uvjPrs)gz+jypo)u2iv-C{|7DkJO;V)TD$9arAY5|1vN6% zWgXjJ#3L&mef3gJx!n&IfYl(iH7#eK6J7v(--0d1mem{?>Yw1VYp5b&|CPxM0o)H= zvCBE9o-Z$_kR+)@Mn)0&r1%V2A!|_2gd&v7B=jj8Jum1Jz6Jl-ZoC#50)k2WKYdz{ z3}Rc~E67hQN~H2@;PwM`98K-@*SF1pWGA1Kze9w zIKT|hYHjv0@Qm3+9BYqVrr2KIJlL4HFhlfbE|9ua-lhf{Q;x;5JeHYZ(~JGb7idHN zWM&&YKMmdPVyDESPHyNqnqLK{Yn5Gp2=0iq&vr_8NG8|>EsrVku{K>ib!YkWn7#F; zK{ji%%Xr-flLOMu1_Z}MQKtUo$hsY0h3y~UV%63~S4Mv^+g>kaFgwA(Mf8H$Y4)?I zR2_9_a8y{C9~h4NIw!7#du_K<&mPqy%FZ!pb>T5P1~EMyw_R~zvfMfGZv5#FqeLd> CwRgq< From 0952f8fd365276856b8b6deb1f16fca22e25a729 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Fri, 25 Oct 2024 01:13:46 +0200 Subject: [PATCH 64/89] refactor: kubernetes workflows * use Github container registry to remove dependency on dockerhub * use sops for secure encryption of secrets * use ONBUILD in docker images for rebranding * use helmfile for deploying various environments --- .env.dist | 23 -- .env.enc | Bin 625 -> 0 bytes .github/workflows/deploy.yml | 57 ---- .github/workflows/publish.yml | 267 ------------------ .github/workflows/push.yml | 84 ++++++ .gitignore | 4 - .sops.yaml | 15 + .../constants/{donation.ts => donation.js} | 0 branding/constants/{emails.ts => emails.js} | 0 branding/constants/{filter.ts => filter.js} | 0 branding/constants/{groups.ts => groups.js} | 0 .../{headerMenu.ts => headerMenu.js} | 0 branding/constants/{links.ts => links.js} | 0 branding/constants/{logos.ts => logos.js} | 0 .../constants/{metadata.ts => metadata.js} | 0 branding/locales/{ => tmp}/de.json | 0 branding/locales/{ => tmp}/en.json | 0 docker/backend.Dockerfile | 6 + docker/maintenance.Dockerfile | 7 + docker/webapp.Dockerfile | 6 + helmfile/environments/default.yaml.gotmpl | 5 + helmfile/environments/staging.yaml.gotmpl | 5 + helmfile/helmfile.yaml.gotmpl | 33 +++ helmfile/scripts/image_tag.sh | 2 + helmfile/secrets/kubeconfig | 40 +++ helmfile/secrets/ocelot.yaml | 95 +++++++ helmfile/values/ocelot.yaml.gotmpl | 41 +++ kubeconfig.yaml.enc | Bin 1518 -> 0 bytes kubernetes/dns.values.yaml.enc | 2 - kubernetes/dns.values.yaml.template | 12 - kubernetes/values.yaml.enc | Bin 1762 -> 0 bytes kubernetes/values.yaml.template | 129 --------- 32 files changed, 339 insertions(+), 494 deletions(-) delete mode 100644 .env.dist delete mode 100644 .env.enc delete mode 100644 .github/workflows/deploy.yml delete mode 100644 .github/workflows/publish.yml create mode 100644 .github/workflows/push.yml delete mode 100644 .gitignore create mode 100644 .sops.yaml rename branding/constants/{donation.ts => donation.js} (100%) rename branding/constants/{emails.ts => emails.js} (100%) rename branding/constants/{filter.ts => filter.js} (100%) rename branding/constants/{groups.ts => groups.js} (100%) rename branding/constants/{headerMenu.ts => headerMenu.js} (100%) rename branding/constants/{links.ts => links.js} (100%) rename branding/constants/{logos.ts => logos.js} (100%) rename branding/constants/{metadata.ts => metadata.js} (100%) rename branding/locales/{ => tmp}/de.json (100%) rename branding/locales/{ => tmp}/en.json (100%) create mode 100644 docker/backend.Dockerfile create mode 100644 docker/maintenance.Dockerfile create mode 100644 docker/webapp.Dockerfile create mode 100644 helmfile/environments/default.yaml.gotmpl create mode 100644 helmfile/environments/staging.yaml.gotmpl create mode 100644 helmfile/helmfile.yaml.gotmpl create mode 100755 helmfile/scripts/image_tag.sh create mode 100644 helmfile/secrets/kubeconfig create mode 100644 helmfile/secrets/ocelot.yaml create mode 100644 helmfile/values/ocelot.yaml.gotmpl delete mode 100644 kubeconfig.yaml.enc delete mode 100644 kubernetes/dns.values.yaml.enc delete mode 100644 kubernetes/dns.values.yaml.template delete mode 100644 kubernetes/values.yaml.enc delete mode 100644 kubernetes/values.yaml.template diff --git a/.env.dist b/.env.dist deleted file mode 100644 index d35240e..0000000 --- a/.env.dist +++ /dev/null @@ -1,23 +0,0 @@ -# GITHUB_OCELOT_REF affects the publish workflow -# GITHUB_OCELOT_REF is a ref (branch, tag, hash) of the ocelot repository -# if this value is not set the github ref just built in the triggering workflow is used. -# if this workflow is triggered by push to master instead of a build-trigger, -# the `master` branch of the ocelot repo is used. -# if you set it to `GITHUB_OCELOT_REF=master` unnessecary builds can occur. -# It is recommended to not set it rather then to set it to `master` -#GITHUB_OCELOT_REF=b2.4.0-351 -#OCELOT_VERSION=2.4.0-351 - -# DOCKERHUB_OCELOT_TAG applies to the deploy workflow -# DOCKERHUB_OCELOT_TAG is a dockerhub tag for the configured (values.yaml) docker images -# if this value is not set the version just built in the triggering workflow is used. -# using `DOCKERHUB_OCELOT_TAG=latest` is the default behaviour of the Kubernetes Chart, -# but its inaccurate if two workflows are running at the same time. -# It is recommended to not set it rather then to set it to `latest` -#DOCKERHUB_OCELOT_TAG=12-ocelot.social2.4.0 - -# DOCKERHUB_BRAND_VARRIANT defines the name of the branded image uploaded to dockerhub. -DOCKERHUB_BRAND_VARRIANT=stage-ocelot-social - -# DOCKERHUB_ORGANISATION defines which dockerhub organisation images will be uploaded to -# DOCKERHUB_ORGANISATION=ocelotsocialnetwork \ No newline at end of file diff --git a/.env.enc b/.env.enc deleted file mode 100644 index 41179a10ce4d6ecd3934f4ed59a9da7f60bd0da0..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 625 zcmV-%0*?KR4Fm}T0#@!S4HSMRL15 zvBFxQ8Vv64j3dBn{%2M|xv9Yy5zNn_zkq~Q?cn3bAz`0A;~y_*neYj|IJjOXBP@Vf+|A;l z_dR-q@iUlLZcSuxq5sb$^8h-4KmyEvbXvHynSEbyw2Jq#5J`Azb>_5{?w3)s%+Cq+s8 LN7BaSS8~)g9v4R3 diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml deleted file mode 100644 index bda0ca9..0000000 --- a/.github/workflows/deploy.yml +++ /dev/null @@ -1,57 +0,0 @@ -name: deploy - -on: - repository_dispatch: - types: [trigger-ocelot-brand-build-success] - -jobs: - deploy: - # see example https://github.com/do-community/example-doctl-action - # see example https://github.com/do-community/example-doctl-action/blob/main/.github/workflows/workflow.yaml - name: Deploy defined version to cluster - runs-on: ubuntu-latest - env: - SECRET: ${{ secrets.SECRET }} - CONFIGURATION: "this" - GITHUB_OCELOT_REF_JUST_BUILT: ${{ github.event.client_payload.ocelot_ref }} - DOCKERHUB_OCELOT_TAG_JUST_BUILT: ${{ github.event.client_payload.BUILD_VERSION }} - steps: - - name: Checkout code - uses: actions/checkout@v3 - - name: Decrypt .env - run: gpg --quiet --batch --yes --decrypt --passphrase="${{ env.SECRET }}" --output .env .env.enc - - name: Load .env - uses: aarcangeli/load-dotenv@v1.0.0 - with: - quiet: true - - name: Set GITHUB_OCELOT_REF - run: | - if [ -z ${GITHUB_OCELOT_REF} ]; then - echo "GITHUB_OCELOT_REF=${GITHUB_OCELOT_REF_JUST_BUILT}" >> $GITHUB_ENV - fi - shell: bash - - name: Checkout Ocelot code - uses: actions/checkout@v3 - with: - repository: 'Ocelot-Social-Community/Ocelot-Social' - ref: ${{ env.GITHUB_OCELOT_REF }} - path: 'ocelot/' - fetch-depth: 0 - - name: Checkout code - uses: actions/checkout@v3 - with: - path: "ocelot/deployment/configurations/${{ env.CONFIGURATION }}" - - name: Set DOCKERHUB_OCELOT_TAG - run: | - if [ -z ${DOCKERHUB_OCELOT_TAG} ]; then - echo "DOCKERHUB_OCELOT_TAG=${DOCKERHUB_OCELOT_TAG_JUST_BUILT}" >> $GITHUB_ENV - fi - shell: bash - - name: Decrypt all secrets - run: ocelot/deployment/scripts/secrets.decrypt.sh - - name: Upgrade Cluster - run: ocelot/deployment/scripts/cluster.upgrade.sh - - name: Sleep for 4 minutes - run: sleep 240s - - name: Reset and seed Neo4j database - run: ocelot/deployment/scripts/cluster.reseed.sh \ No newline at end of file diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml deleted file mode 100644 index a8d4865..0000000 --- a/.github/workflows/publish.yml +++ /dev/null @@ -1,267 +0,0 @@ -name: publish -on: - repository_dispatch: - types: [trigger-ocelot-build-success] - push: - branches: - - master - -jobs: - build_branded: - name: Docker Build Branded - runs-on: ubuntu-latest - env: - SECRET: ${{ secrets.SECRET }} - CONFIGURATION: "this" - GITHUB_OCELOT_REF_JUST_BUILT: ${{ github.event.client_payload.ref }} - OCELOT_GITHUB_RUN_NUMBER: ${{ github.event.client_payload.GITHUB_RUN_NUMBER }} - steps: - - name: Checkout code - uses: actions/checkout@v3 - - name: Decrypt .env - run: gpg --quiet --batch --yes --decrypt --passphrase="${{ env.SECRET }}" --output .env .env.enc - - name: Load .env - uses: aarcangeli/load-dotenv@v1.0.0 - with: - quiet: true - - name: Set GITHUB_OCELOT_REF - run: | - if [ -z ${GITHUB_OCELOT_REF} ]; then - echo "GITHUB_OCELOT_REF=${GITHUB_OCELOT_REF_JUST_BUILT}" >> $GITHUB_ENV - fi - shell: bash - - name: Set DOCKERHUB_ORGANISATION - run: | - if [ -z ${DOCKERHUB_ORGANISATION} ]; then - echo "DOCKERHUB_ORGANISATION=ocelotsocialnetwork" >> $GITHUB_ENV - fi - - name: Checkout Ocelot code - uses: actions/checkout@v3 - with: - repository: 'Ocelot-Social-Community/Ocelot-Social' - ref: ${{ env.GITHUB_OCELOT_REF }} - path: 'ocelot/' - fetch-depth: 0 - - name: Set OCELOT_GITHUB_RUN_NUMBER - run: | - if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then - echo "OCELOT_GITHUB_RUN_NUMBER=${GITHUB_OCELOT_REF}" >> $GITHUB_ENV - fi - if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then - echo "OCELOT_GITHUB_RUN_NUMBER=master" >> $GITHUB_ENV - fi - shell: bash - - name: Checkout Branded Repo code - uses: actions/checkout@v3 - with: - ref: 'master' - path: "ocelot/deployment/configurations/${{ env.CONFIGURATION }}" - fetch-depth: 0 - - name: Build branded images - run: | - ocelot/deployment/scripts/branded-images.build.sh - docker save "${DOCKERHUB_ORGANISATION}/backend-${DOCKERHUB_BRAND_VARRIANT}" > /tmp/backend-branded.tar - docker save "${DOCKERHUB_ORGANISATION}/webapp-${DOCKERHUB_BRAND_VARRIANT}" > /tmp/webapp-branded.tar - docker save "${DOCKERHUB_ORGANISATION}/maintenance-${DOCKERHUB_BRAND_VARRIANT}" > /tmp/maintenance-branded.tar - - - name: Upload Artifact (Backend) - uses: actions/upload-artifact@v2 - with: - name: docker-backend-branded - path: /tmp/backend-branded.tar - - - name: Upload Artifact (Webapp) - uses: actions/upload-artifact@v2 - with: - name: docker-webapp-branded - path: /tmp/webapp-branded.tar - - - name: Upload Artifact (Maintenance) - uses: actions/upload-artifact@v2 - with: - name: docker-maintenance-branded - path: /tmp/maintenance-branded.tar - - upload_to_dockerhub: - name: Upload to Dockerhub - runs-on: ubuntu-latest - needs: [build_branded] - env: - SECRET: ${{ secrets.SECRET }} - DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} - DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} - GITHUB_OCELOT_REF_JUST_BUILT: ${{ github.event.client_payload.ref }} - steps: - - name: Checkout code - uses: actions/checkout@v3 - - name: Decrypt .env - run: gpg --quiet --batch --yes --decrypt --passphrase="${{ env.SECRET }}" --output .env .env.enc - - name: Load .env - uses: aarcangeli/load-dotenv@v1.0.0 - with: - quiet: true - - name: Set GITHUB_OCELOT_REF - run: | - if [ -z ${GITHUB_OCELOT_REF} ]; then - echo "GITHUB_OCELOT_REF=${GITHUB_OCELOT_REF_JUST_BUILT}" >> $GITHUB_ENV - fi - shell: bash - - name: Checkout Ocelot code - uses: actions/checkout@v3 - with: - repository: 'Ocelot-Social-Community/Ocelot-Social' - ref: ${{ env.GITHUB_OCELOT_REF }} - path: 'ocelot/' - fetch-depth: 0 - - - name: Download Docker Image (Backend) - uses: actions/download-artifact@v2 - with: - name: docker-backend-branded - path: /tmp - - name: Load Docker Image - run: docker load < /tmp/backend-branded.tar - - - name: Download Docker Image (Webapp) - uses: actions/download-artifact@v2 - with: - name: docker-webapp-branded - path: /tmp - - name: Load Docker Image - run: docker load < /tmp/webapp-branded.tar - - - name: Download Docker Image (Maintenance) - uses: actions/download-artifact@v2 - with: - name: docker-maintenance-branded - path: /tmp - - name: Load Docker Image - run: docker load < /tmp/maintenance-branded.tar - - - name: Upload to dockerhub - run: ocelot/deployment/scripts/branded-images.upload.sh - - github_tag: - name: Tag latest version on Github - runs-on: ubuntu-latest - needs: [upload_to_dockerhub] - env: - SECRET: ${{ secrets.SECRET }} - GITHUB_OCELOT_REF_JUST_BUILT: ${{ github.event.client_payload.ref }} - OCELOT_GITHUB_RUN_NUMBER: ${{ github.event.client_payload.GITHUB_RUN_NUMBER }} - steps: - - name: Checkout code - uses: actions/checkout@v3 - - name: Decrypt .env - run: gpg --quiet --batch --yes --decrypt --passphrase="${{ env.SECRET }}" --output .env .env.enc - - name: Load .env - uses: aarcangeli/load-dotenv@v1.0.0 - with: - quiet: true - - name: Set GITHUB_OCELOT_REF - run: | - if [ -z ${GITHUB_OCELOT_REF} ]; then - echo "GITHUB_OCELOT_REF=${GITHUB_OCELOT_REF_JUST_BUILT}" >> $GITHUB_ENV - fi - shell: bash - - name: Checkout Ocelot code - uses: actions/checkout@v3 - with: - repository: 'Ocelot-Social-Community/Ocelot-Social' - ref: ${{ env.GITHUB_OCELOT_REF }} - path: 'ocelot/' - fetch-depth: 0 - - name: Set OCELOT_GITHUB_RUN_NUMBER - run: | - if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then - echo "OCELOT_GITHUB_RUN_NUMBER=${GITHUB_OCELOT_REF}" >> $GITHUB_ENV - fi - if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then - echo "OCELOT_GITHUB_RUN_NUMBER=master" >> $GITHUB_ENV - fi - shell: bash - - name: Setup env - run: | - echo "OCELOT_VERSION=$(node -p -e "require('./ocelot/package.json').version")" >> $GITHUB_ENV - echo "BRANDED_VERSION=${GITHUB_RUN_NUMBER}" >> $GITHUB_ENV - echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_ENV - echo "BUILD_COMMIT=${GITHUB_SHA}" >> $GITHUB_ENV - - run: echo "BUILD_VERSION=${BRANDED_VERSION}-ocelot.social${OCELOT_VERSION}-${OCELOT_GITHUB_RUN_NUMBER}" >> $GITHUB_ENV - - name: package-version-to-git-tag + build number - uses: pkgdeps/git-tag-action@v2 - with: - github_token: ${{ github.token }} #${{ secrets.GITHUB_TOKEN }} - github_repo: ${{ github.repository }} - version: ${{ env.BUILD_VERSION }} - git_commit_sha: ${{ github.sha }} - git_tag_prefix: "b" - #- name: Generate changelog - # run: | - # yarn install - # yarn auto-changelog --latest-version ${{ env.VERSION }} --unreleased-only - - name: package-version-to-git-release - continue-on-error: true # Will fail if tag exists - id: create_release - uses: actions/create-release@v1 - env: - GITHUB_TOKEN: ${{ github.token }} #${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token - with: - tag_name: ${{ env.BUILD_VERSION }} - release_name: ${{ env.BUILD_VERSION }} - #body_path: ./CHANGELOG.md - draft: false - prerelease: false - -# TODO correct version - build_trigger: - name: Trigger successful brand build - runs-on: ubuntu-latest - needs: [github_tag] - env: - SECRET: ${{ secrets.SECRET }} - GITHUB_OCELOT_REF_JUST_BUILT: ${{ github.event.client_payload.ref }} - steps: - - name: Checkout code - uses: actions/checkout@v3 - - name: Decrypt .env - run: gpg --quiet --batch --yes --decrypt --passphrase="${{ env.SECRET }}" --output .env .env.enc - - name: Load .env - uses: aarcangeli/load-dotenv@v1.0.0 - with: - quiet: true - - name: Set GITHUB_OCELOT_REF - run: | - if [ -z ${GITHUB_OCELOT_REF} ]; then - echo "GITHUB_OCELOT_REF=${GITHUB_OCELOT_REF_JUST_BUILT}" >> $GITHUB_ENV - fi - shell: bash - - name: Checkout Ocelot code - uses: actions/checkout@v3 - with: - repository: 'Ocelot-Social-Community/Ocelot-Social' - ref: ${{ env.GITHUB_OCELOT_REF }} - path: 'ocelot/' - fetch-depth: 0 - - name: Set OCELOT_GITHUB_RUN_NUMBER - run: | - if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then - echo "OCELOT_GITHUB_RUN_NUMBER=${GITHUB_OCELOT_REF}" >> $GITHUB_ENV - fi - if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then - echo "OCELOT_GITHUB_RUN_NUMBER=master" >> $GITHUB_ENV - fi - shell: bash - - name: Setup env - run: | - echo "OCELOT_VERSION=$(node -p -e "require('./ocelot/package.json').version")" >> $GITHUB_ENV - echo "BRANDED_VERSION=${GITHUB_RUN_NUMBER}" >> $GITHUB_ENV - echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_ENV - echo "BUILD_COMMIT=${GITHUB_SHA}" >> $GITHUB_ENV - - run: echo "BUILD_VERSION=${BRANDED_VERSION}-ocelot.social${OCELOT_VERSION}-${OCELOT_GITHUB_RUN_NUMBER}" >> $GITHUB_ENV - - name: Repository Dispatch - uses: peter-evans/repository-dispatch@v2 - with: - token: ${{ github.token }} - event-type: trigger-ocelot-brand-build-success - repository: ${{ github.repository }} - client-payload: '{"ref": "${{ github.ref }}", "sha": "${{ github.sha }}", "ref_ocelot": "${{ github.event.client_payload.ref }}", "sha_ocelot": "${{ github.event.client_payload.sha }}", "OCELOT_VERSION": "${{ env.OCELOT_VERSION }}", "BRANDED_VERSION": "${{ env.BRANDED_VERSION }}", "BUILD_DATE": "${{ env.BUILD_DATE }}", "BUILD_COMMIT": "${{ env.BUILD_COMMIT }}", "BUILD_VERSION": "${{ env.BUILD_VERSION }}"}' \ No newline at end of file diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml new file mode 100644 index 0000000..20c4576 --- /dev/null +++ b/.github/workflows/push.yml @@ -0,0 +1,84 @@ +name: publish + +on: push + +jobs: + build-and-push-images: + strategy: + matrix: + app: + - name: backend + file: docker/backend.Dockerfile + - name: webapp + file: docker/webapp.Dockerfile + - name: maintenance + file: docker/maintenance.Dockerfile + runs-on: ubuntu-latest + env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }}/${{ matrix.app.name }} + permissions: + contents: read + packages: write + attestations: write + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.1.7 + - name: Log in to the Container registry + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@70b2cdc6480c1a8b86edf1777157f8f437de2166 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=schedule + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=ref,event=branch + type=ref,event=pr + type=sha + - name: Build and push Docker images + id: push + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 + with: + file: ${{ matrix.app.file }} + context: . + push: true + build-args: | + OCELOT_VERSION=hetzner + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + deploy-to-kubernetes: + runs-on: ubuntu-latest + if: github.ref == 'refs/heads/staging' + needs: build-and-push-images + steps: + - uses: mdgreenwald/mozilla-sops-action@d9714e521cbaecdae64a89d2fdd576dd2aa97056 # v1.6.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.1.7 + - run: | + mkdir -p ~/.config/sops/age + echo $SOPS_KEY | base64 --decode > ~/.config/sops/age/keys.txt + env: + SOPS_KEY: ${{ secrets.SOPS_KEY }} + - run: | + mkdir -p ~/.kube + sops decrypt ./helmfile/secrets/kubeconfig > ~/.kube/config + chmod 600 ~/.kube/config + # - run: echo "IMAGE_TAG=sha-$(echo $GITHUB_SHA | cut -c 1-7)" >> $GITHUB_ENV + - uses: helmfile/helmfile-action@80fbb6408b98822310f94d8d1321a2cacf87f78f #v1.9.2 + with: + helmfile-args: apply --environment staging + helmfile-workdirectory: ./helmfile + helm-plugins: > + https://github.com/databus23/helm-diff, + https://github.com/jkroepke/helm-secrets, + https://github.com/aslafy-z/helm-git diff --git a/.gitignore b/.gitignore deleted file mode 100644 index f780ba0..0000000 --- a/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -*.yaml -SECRET -.env -/backup \ No newline at end of file diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..eec3468 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,15 @@ +creation_rules: + - age: >- + age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00, + age1llp6k66265q3rzqemxpnq0x3562u20989vcjf65fl9s3hjhgcscq6mhnjw, + age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp, + age15arcg8x6ltnsacwalvny0h2d4d4wkdmax328mw3v5vda9zm97uqshtavmr, + age1khw2eps099audp3uu5s9rk07qznllh5c8a43gv5dtpnq2a7lue6qrehn5s, + age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5 + +# age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00 SOPS_KEY github secret +# age1llp6k66265q3rzqemxpnq0x3562u20989vcjf65fl9s3hjhgcscq6mhnjw @roschaefer +# age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp @mahula +# age15arcg8x6ltnsacwalvny0h2d4d4wkdmax328mw3v5vda9zm97uqshtavmr @Elweyn +# age1khw2eps099audp3uu5s9rk07qznllh5c8a43gv5dtpnq2a7lue6qrehn5s @ulfgebhardt +# age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5 @Tirokk diff --git a/branding/constants/donation.ts b/branding/constants/donation.js similarity index 100% rename from branding/constants/donation.ts rename to branding/constants/donation.js diff --git a/branding/constants/emails.ts b/branding/constants/emails.js similarity index 100% rename from branding/constants/emails.ts rename to branding/constants/emails.js diff --git a/branding/constants/filter.ts b/branding/constants/filter.js similarity index 100% rename from branding/constants/filter.ts rename to branding/constants/filter.js diff --git a/branding/constants/groups.ts b/branding/constants/groups.js similarity index 100% rename from branding/constants/groups.ts rename to branding/constants/groups.js diff --git a/branding/constants/headerMenu.ts b/branding/constants/headerMenu.js similarity index 100% rename from branding/constants/headerMenu.ts rename to branding/constants/headerMenu.js diff --git a/branding/constants/links.ts b/branding/constants/links.js similarity index 100% rename from branding/constants/links.ts rename to branding/constants/links.js diff --git a/branding/constants/logos.ts b/branding/constants/logos.js similarity index 100% rename from branding/constants/logos.ts rename to branding/constants/logos.js diff --git a/branding/constants/metadata.ts b/branding/constants/metadata.js similarity index 100% rename from branding/constants/metadata.ts rename to branding/constants/metadata.js diff --git a/branding/locales/de.json b/branding/locales/tmp/de.json similarity index 100% rename from branding/locales/de.json rename to branding/locales/tmp/de.json diff --git a/branding/locales/en.json b/branding/locales/tmp/en.json similarity index 100% rename from branding/locales/en.json rename to branding/locales/tmp/en.json diff --git a/docker/backend.Dockerfile b/docker/backend.Dockerfile new file mode 100644 index 0000000..e152205 --- /dev/null +++ b/docker/backend.Dockerfile @@ -0,0 +1,6 @@ +ARG OCELOT_VERSION=master + +FROM ghcr.io/ocelot-social-community/ocelot-social/backend:${OCELOT_VERSION}-code AS build + +FROM ghcr.io/ocelot-social-community/ocelot-social/backend:${OCELOT_VERSION}-base AS branded +COPY --from=build /build . diff --git a/docker/maintenance.Dockerfile b/docker/maintenance.Dockerfile new file mode 100644 index 0000000..32ae532 --- /dev/null +++ b/docker/maintenance.Dockerfile @@ -0,0 +1,7 @@ +ARG OCELOT_VERSION=master + +FROM ghcr.io/ocelot-social-community/ocelot-social/maintenance:${OCELOT_VERSION}-code AS build + +FROM nginx:alpine AS branded +COPY --from=build ./app/dist/ /usr/share/nginx/html/ +COPY --from=build ./app/maintenance/nginx/custom.conf /etc/nginx/conf.d/default.conf diff --git a/docker/webapp.Dockerfile b/docker/webapp.Dockerfile new file mode 100644 index 0000000..e4abd38 --- /dev/null +++ b/docker/webapp.Dockerfile @@ -0,0 +1,6 @@ +ARG OCELOT_VERSION=master + +FROM ghcr.io/ocelot-social-community/ocelot-social/webapp:${OCELOT_VERSION}-code AS build + +FROM ghcr.io/ocelot-social-community/ocelot-social/webapp:${OCELOT_VERSION}-base AS branded +COPY --from=build /build . diff --git a/helmfile/environments/default.yaml.gotmpl b/helmfile/environments/default.yaml.gotmpl new file mode 100644 index 0000000..86a316d --- /dev/null +++ b/helmfile/environments/default.yaml.gotmpl @@ -0,0 +1,5 @@ +{{ $image_tag:= env "IMAGE_TAG" | default (exec "../scripts/image_tag.sh" (list) | trim) }} + +domain: ocelot-social.roschaefer.de +namespace: ocelot-staging +image_tag: {{ $image_tag }} diff --git a/helmfile/environments/staging.yaml.gotmpl b/helmfile/environments/staging.yaml.gotmpl new file mode 100644 index 0000000..856b3b4 --- /dev/null +++ b/helmfile/environments/staging.yaml.gotmpl @@ -0,0 +1,5 @@ +{{ $image_tag:= env "IMAGE_TAG" | default (exec "../scripts/image_tag.sh" (list) | trim) }} + +domain: reformer-network-staging.roschaefer.de +namespace: reformer-network-staging +image_tag: {{ $image_tag }} diff --git a/helmfile/helmfile.yaml.gotmpl b/helmfile/helmfile.yaml.gotmpl new file mode 100644 index 0000000..2120cf1 --- /dev/null +++ b/helmfile/helmfile.yaml.gotmpl @@ -0,0 +1,33 @@ +--- +environments: + default: + values: + - ./environments/default.yaml.gotmpl + staging: + values: + - ./environments/staging.yaml.gotmpl + production: + values: + - ./environments/production.yaml.gotmpl +--- +repositories: + - name: prometheus-community + url: https://prometheus-community.github.io/helm-charts + - name: ocelot-social + url: git+https://github.com/Ocelot-Social-Community/Ocelot-Social@deployment/hetzner/helmfile/ocelot-social?ref=hetzner + +apiVersions: + - monitoring.coreos.com/v1 + +releases: + - name: prometheus + namespace: monitoring + chart: prometheus-community/kube-prometheus-stack + + - name: ocelot-social + namespace: {{ .StateValues.namespace }} + chart: ocelot-social/ocelot-social + values: + - ./values/ocelot.yaml.gotmpl + secrets: + - ./secrets/ocelot.yaml diff --git a/helmfile/scripts/image_tag.sh b/helmfile/scripts/image_tag.sh new file mode 100755 index 0000000..f921945 --- /dev/null +++ b/helmfile/scripts/image_tag.sh @@ -0,0 +1,2 @@ +#!/usr/bin/env bash +echo "sha-$(git rev-parse HEAD | cut -c 1-7)" diff --git a/helmfile/secrets/kubeconfig b/helmfile/secrets/kubeconfig new file mode 100644 index 0000000..6c73d85 --- /dev/null +++ b/helmfile/secrets/kubeconfig @@ -0,0 +1,40 @@ +{ + "data": "ENC[AES256_GCM,data:ulO3Nr7Lpa7sbOnql79JuBSxrNagh1hQct9xTWDFM+9TzsR3g9LKP9f79wQCmNeV6i+lT0mao7RolV59ic5cFN6VhA+yT/D1OCKVoEtMF4T2hDXxJxycybSe21qiA8mFrA/xVM2iD0VS5geM0jIMR+08CkO3yhxe2XeSORG6e782pyoxNlU5JtltU5PX66LmvtdTHblDUix727Oc7YnBHxGkStI77hyqjR9nRELxBJSbBd1dhx5YoTV6lCX2mZF5ZZTmx64EhLio56VSzgFeECgWu5g9vb3iGOXe45jNXg5puwlPQeHyLf6HJqPhKMmLjy8KWVzQ3kJKjiE/y+A4MyBPVD28mSvhEDxFXAipDSfqn+q3ho3ir0/kbcY+cKBAQMxOpEmG5bWHW6UogBTZt14RqfyXEx3c2Y84ce7xZCnSZuOMZzM1FulzuBfoGOKMX7qiDrJw5ITyMGEcFPB1m4niOid7DQm8MCCvD8KPek/ojvIE3iquBEeAn0Wyjp+lOE2llF6D/wy/jx8M8X/9HrvhOqfXY5UyoQH8lglfCRExZriRO0+MOoHYDVVoZQjZsaYND9a7Txb1Gm5Pux6IpMgU8D+lpzvF3iT6Ynec+Lsh1eebD3PG4BUMAWry2Vsopg32MGdnkQoJVjINbo3BuDj8rlPGhDsruhPHGzZ4ZsB340zxq4FZDB3iC1D25YWrewDnrt7AqBL0twJvElIFFTdvDqFlcDsTtcsHyhZtOpSYcCDCMHCSNjBJhdlCGgyxZ4nQ74MxMCYcn9dfeM9JdVTuTAOboI2OYJSD2roi+hsqroNf2rw+gOS/hcwchI3xZvc2tHf4JaWx70uLh0DiNRHcHvegbIBrV2psrKnB6mhXIvnxVrsONXbCLggb2+xCA9mz4HNJczxYB74juSy2Zil3eNAXNkeLUYN3lww+xKF/YBA5eVOFdvjGBV5MT4ImrM6p4ZYkByECAWUhv7jhat0SVgEXRo9zEgzkt6NJTYcSongLIjzNrNrdD/acfIiYDB15vfZ4gj5r82FF3YV59PtXBZHfqi+Gd8XhW8YqPgxL8hp96S83Z77/lQ2V7p4bbi9R7Hr/4e/QhPpjwglyo5eaDxBsgPv6KhPFE4pQO3+aJeiqAH/tulsqpS5gVaGK1iUs/AJzQLd651/JgBaEcZDHo07mfZxwdc8U7OICgjMmBdMZCJ6Rph0BcN+nSHmpJ5peO0zG/CEQXYllL7Zh3Q05TqSBA0MgSi1u8pRSKoTDIW+Vd0C5IzqHwVrFmlNtYGmAdR4c7rzQoMfQmdFAnUyM4TSGOIHiqJievvo759PY0KmW5NfhVUrXHorjQQ66R8j+6vPDW26hwiqM90PtZeRcqbaRDobCM+sZ8bwY5xoyYCmcuq6qz9ijB2TuIU9CSYcBWmtBp0nDO1kURhT4358eSksUXGmoytiwFboPFXmZp6+MHwDeM8IaoFuMVs+bZntOghiU5TbToFPeZC8Yg30icnyw6ZcalyNOcSXYRFUc8JvazFGk08ZRKqNxGw+XjdPqcCyA9L3YShfb3t5Oc4AqkDCvZ0b3lDCZBCtxchIZSPU00PEfsStGCwwX2L/BRtygUdmT//k8Sm6eH1i6/nnKN9Z3+YA+Of7w3jTXSXXcc2wVv5qF7Lv0+0dj0Ts0QAzqCMlmQN568bA0s72WibRnfqdHupRmrdXc/aTZjkiRSKE9jY0CZjQkRBdkJ2Ojnjmi764j1iewWpfH0LY/dA6kwQDTE3IZR1GlS/M/d5makQk04R6kIfm+d9rK/4/GXVJMO8EcQ3n1Arq7/i/G7Yss8DhzGu3tqNhUT3T/x4K0vptoNEX7boxxW4XPXWfWpP/FY+IpUrw+CkXOK6fHPBQvc9EXuWJa0/GGQ2Stsq+Qtgj2pLlVBDiPXUL7tXuHfaKnCUEt1wi3LW3xBZJDtu1Y7Zw97jY3FkVvu2Md47Ze5usRVcykqG3I2KUxFQlFl6ZYWBS+lck03rcjF3a6M1trfueqUQxiW+0cYVSr88bhrB3p85fotIwDALUASq6BXPrF32yWLo0TBz+YITMvouVMFqinXXMS8YkCFuit3AYfEDh/fSpwNl/cMDsCim0KdT+ulnTF/+/crPV0du9E3HvHjQMsk9zFyNXaJPs+prwU3AhorGvOwK8c0yYrgZWdC3SH3VgiUWlfi5+1DxEcm1qP86vUFVtAdy5SeMgIMlds0UK8ejFsMWobcRrynJvHnDFbh6IZoMenwKLqpc7mzuzPUehkpS9HAthHorLs1J7qF69uOkoJBO6i6Qc1/g5ZTYjNcKj9ggusq/mb1hbfelCvxnRxAansf8hfV7GG7AZREhKKN/GPdPMOo8Il+hZeK7Wvk/jMDyReznzi7cSfbCNDypzfVWiHbtuePdbjYHMiWj6xiXD5s/Wp/umZ8mZhhWkesDfY7VSL0CTtHITOm5fARNGYXtAjM4xHYm/C/Z+iaVLl6Y6g4pWvTjzP/l3VqlmOTM/ylG/Ae/zHvCX+c3TNsPqwllT062H/i2yyJexSZHSYin39cwCEyg9YxHMe8yk02ND2zo00w4DOGdWBk1OxUIS2GNRQGN6k21tcqFqnqGz1DDrxOskRkVfy4MZUbw/cKIGLQH9pwtoonFZNr5jioyMDgZCuvXnoLYlXBtWROazpttP1m4sNygjCqZkTPfyQfPOfqnozjMnKq+2zY69zOFP8oWOBE7R0JxrOGqP5FACU7JYweyiNbuFANd2K4sNQUlWswuptwimNDaJ+zYzgQpm9pZsR2OCVlKKkaxo603nLyipM9J+C6OIWWUsxI46ZuYzp1xZAXaouyQycYq1nmc+vLo7chVpLujPtVaaHLGGdELguUnQZVnnXAFvQ4b7tmKd4wA1MT2MVF7dEB3O/E1FTeVheM6e6NYQB6qZHf0ZpOfENri7H3lrTKjFxIcLYl0bedSyjT1nyfXjTkYm7v+UskZjkfRDX7xeVQm8lV2kuDAiOk7xQ5OH1RrNaRf3Xgv4cysWSTb1wWu5iYS6xJzZv0aqL2/wfh/RBfpT/Fr5YKvgZPea/DkA23zs+epdWoMLDlk8LZwGmkmK7oGOAutOTVI2qGzCvT0weE4TC/hCTui8GSc5I6BE/G5QIomFDd2qXGYUjakB2iYzEUVs3/gfkYAylQp7GlAkwyyjjrgxLxtNQxOGWH3D2TCO8KKyND+Z8crxJXAA+3vUjWmjL9FHVx0MXdA2TGOLNbaFST327tIDA6ahlV8dE5+n+iEEFOHGg55F8Dty28W7F/rolXbjrRph60flb3NAK3V4gJmk699Q9wARQ5ZhKdNxLcQx3CezrbLG3AFv5TqzSfES39MNr4KZooBJ2Bvzvubx3K8uS8VjDr5sxx5XhQOVkkKP1cYMpjquwigfbe5Im8gSDH/rdIEg88dZh2jAoC1VP27Yz4Yf5xxtx7v2LyigjD6eLJ4kacVF+qjrWrGqrGPjd7/F5xAsT7F7LNQjI70z25efgUeelupyiNxONnLsYXvK1PNuxJxOY4gO7o83GetKKpTbfD2EDTR4PNYa5Rh6DTp/iu42pvI/pdGKcDVGpiP5hL/NwCaK0dT2FWOfFnntH/nlDDbRkWH0oM3DtKeX44Jd1OBI+LBfkuxpf1eqM0PlgVmg8PlQxMjT/1h4fPdEjcT/xXKhLMHHWj5NWEZBavKDgdqwWEBrKib2htI5wjPkAdqZwEjGEgrLyUINivxP/sDqJIYTCv27n2tc8LLPnfPwkaK6X9QQ0aTJc3ieJ6rbs7GNHfuo0oLZch4kJ9vMojMYucHGY6mdIGOMyN6VazaS/efc7DOElY+qVh3NhsnlRN9c6ZkFrFa5VQfP1HAxlgSRZ9UwH+7fcCfCWGCQB5aP509DgADhiwYe3uOmrwvKbLsvA+gGv9ukc5+a1hj81YOhNMh8B51Tq4s8eslxSfvSA8uBRw4KE+FIX3/JltB3t7GNWh3pY4Lf7wN1a4OMC6qhpUxE=,iv:rrXDWj2gjPcT5sretXzTAmPrlZI39KIttRBtPjhQihE=,tag:u+OmHH6EsbQ6DBla5XBT1A==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1c2RaejgzYmo1U0pTNFI5\nZlRkUlZYUmova2FDdDdISEhwdkIrcVNDMlhnCjE0eUZHZGNobzYvUFRUbGI0YUFO\nT0JNcXpFVGRhRWE2RHd3cEtnK0doLzgKLS0tIC9nbGp5Ry9acVAzUDRUQUxrcGhF\nZVIxV2dkY1ZFY3pWZGdBLzJ1Ym9oVG8KX0++YnBMRArWAoX+ewtBRjkmNIUlr2Qh\nG1/htUWMAyUy9dGEGx3XXqcnj9h7r8Zwpe5wWF7ug+PAIAc9DZMzUg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1llp6k66265q3rzqemxpnq0x3562u20989vcjf65fl9s3hjhgcscq6mhnjw", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5a2I1a1BmeDBtN3Y5aWNw\nN09ka0RaNHJka256RDFlb2pJT1FzSEVxemhnCkRYNFZVMUkvaFFWNDJ4eUliRGxC\nUURGZDV3azFMNzBBczRDNU1Wa1MyWE0KLS0tIFpNZXBDSTY1VzhkdkFENGp4aTVl\nSXFwa1QzUGc2SWFQQU1CaTREL2JGMkUKuzIqWZo9cuiFuZzexACH+QF9CeDmqfb7\nNx9KVa5/0X3mIA0FO0Teb477rs1HKDMuwwra1cPJDg/IjSCfbtKmAw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4bUVQTVJuYVFJbzFYR0ZF\nL1lJNS9NcnR4eE10RnQwc3hwWUtSL1FJaGxFCkh4dFI1VklTV3cra1dZelZ3NG5m\nTDZleUlmTGFESG84Wm5LZkU0R1JXSUkKLS0tIGxHSmJFZWlwM1lna1lFYlZqQUNz\nZVpSSjhUS1Y0U2tLS0hNL3ZSejlwUEkKFURJ37P1vCq0U1VM1X8dU/8kgzgb3dzx\n0fPUhoxSXIlCXDbCx5wahzRXXzWX93TLFSfVyU6KjNOJ5EnK83bpIg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age15arcg8x6ltnsacwalvny0h2d4d4wkdmax328mw3v5vda9zm97uqshtavmr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaVVMvRm83M2ozd3BrcHZw\nTG8yRU9yNnloWUVLZ2xvMzlVdXFUc2ErMm04Ck9hYnhBdi96eTRKNmxvbUtkZWdh\nbzRYSnlBRkpOOG4renVFYkozR1ZtczQKLS0tIGR3Q0h0Yy91d202OUVPbFlYc29h\nUGFTN281YloreFFvUEhtZmYxWkx6NWcKawED4SC91t2HSqdL/9du45jU8LLLKfyD\nYRXxIxTg6+PEPPDQ+0ay51MLJjTQ8ei2tBecDD8Qr6AbN4nFhjzbYQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1khw2eps099audp3uu5s9rk07qznllh5c8a43gv5dtpnq2a7lue6qrehn5s", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOL1BEZ1JtYi9HSzBXUEQ3\nVFg2eUszWGN1eXdVcXZ1UWxndUphRW9iV25JCmNsZnRkQ3B4eHJNK0QyUlE4dHBw\nV3krZGZBaFhGendVYWdxaGhjeWcyTEkKLS0tIEx5cG1LM2dXazViVFNqb0d2Wndu\nZ09xa3RIR3ZmL2w5SEJUckREUk1OQUEKekt3BpgyY1JFYe7FZ8TNWK/01ZAtalG0\n/jOawllVz/Cy58KyoVFb0E94rVQC+3XUFYsZb1uq1JBc/vpfHo+E3w==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLd0hBMUQxRDZOT2FnMnJG\nSjZFNTZrTjlKMEx4U1krL3NVUnlUYk5xTW5FCjlxN0tTZjh4bW4vbnp3QUt2ajB2\naEhaR05EbkNhUndieWpibEdkWnZuUUUKLS0tIG5FSUtlbDBHZFNOQUR5K1lPbFhz\nZmxpVlJ0YmJGOU1YVllKL3g5ODJYTnMKDAhwI7rRIjn0Wbdywd3xJsll8n707JQ2\n+O0lMPMSFm+3kbl6DMx4HiRbw3dmf7cBuPPZftRguM+xlE6ZS3PC/w==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-10-26T13:06:56Z", + "mac": "ENC[AES256_GCM,data:NogQqIBG02rimzrpZ/TTO9T4u+B3F1xVqdl1JvvhCjrqLEZQ53tYcwMDRQV8vK3oan/8cb2AohjqJIRxkgPZA4jkaiIDvFrH/H2uxdDfpzOGqh+SZAUliixN/YdKhtkO1la+r3h982NPh0H9sgP4mCjKQGhqtSwU53of4mzR8ek=,iv:LBzyR44L6VBk03sBG7AptdG7JOPB5XjCR/IqyZpE3pM=,tag:AjxHSa7nKlMKxIs5420PGA==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.9.0" + } +} \ No newline at end of file diff --git a/helmfile/secrets/ocelot.yaml b/helmfile/secrets/ocelot.yaml new file mode 100644 index 0000000..c95d91d --- /dev/null +++ b/helmfile/secrets/ocelot.yaml @@ -0,0 +1,95 @@ +secrets: + acme_email: ENC[AES256_GCM,data:o+2HnrEqa/uXJwqUwdYU14FiZYPfLcKqkQ==,iv:1ouUU4ewzRL4ZDnwJm6BTVg3a64iC5+I2v+AWIF8W2Q=,tag:7ytv959cVmgSmXMC7A8zxA==,type:str] + jwt_secret: ENC[AES256_GCM,data:KkTXkAo3Gl75ywq8ZDNQKA==,iv:nvHqdXhH5/+Ggt8CRZcq+1K25vo6cIiY4D1aoqdTpiI=,tag:eZOSl6Il1Ecl0sj/SjcvSw==,type:str] + webapp: + env: + MAPBOX_TOKEN: ENC[AES256_GCM,data:7Ka4BvQh6NDw9NKUcgGjLwxNHOqhVrZEj/DcGnyv1nXQIG/2WWGGHazAFWUCFpCUmCSaTPSkyLHPFyGQtQ7VAON3AG3tHtv5JvcBb4KDYrjAIzxhAAiHMYFtVJs=,iv:X0YL2dW42TUidJdBlRKb4Vq86X1OzHqipNHTBxmE7ds=,tag:KDH9NwDy6ghqdkXeZxuHgg==,type:str] + backend: + env: + JWT_SECRET: ENC[AES256_GCM,data:8qGviTFMOv9QyoNVwnlFNZ2PmvedbKJM,iv:rmZgs8h2QVsokzMzdGdEcInBLv8AX3xFUjkGhTf3sF0=,tag:SUJpMaIGAb14yg8RxCVUtA==,type:str] + MAPBOX_TOKEN: ENC[AES256_GCM,data:qK6iTYKiWfkvXBodm8zVmfr5ACTTz1+7Pt7Q/hwgv3SYERyo5NyqfsvbVKuDAD90kTCNODpSwUApJE6do/Umedg4s8mrnHXCckIDbX5BztoeHJBehsUC54ELcrQ=,iv:b65yqfdoOX366UXt7HS6nhL8hlZn4l5hQfrhI6NXc+I=,tag:vF48V+TRS5g9ezXhzAJnPw==,type:str] + PRIVATE_KEY_PASSPHRASE: ENC[AES256_GCM,data:05WXBFKIk0BtfUYmkWSwAP+/Y7v18LUow4X/,iv:y7VyymcoRLr2CK96BiErXvKP2Gn/QhECBZyeP+wo8LA=,tag:Hg/fIGyIDMY8P3mWfVupCw==,type:str] + #ENC[AES256_GCM,data:llx+JN8fRqwrLd2ahkmPrhPwcGIkn695l3Ox8VEs9YAR+1wpz3yujA==,iv:4Ctez8zMeqo3cpCCUVy6ZP4T1Z/myPw/FTq+++YAYbc=,tag:al/J8DLqNz6CoLl+TgUdOw==,type:comment] + EMAIL_DEFAULT_SENDER: ENC[AES256_GCM,data:z1EyEokf/TNkFLhRzsCbHew/6T8=,iv:Satr1c8aZQE73ZolC6n+PO74r+Gj3un5Mj0DIYb3n14=,tag:iK6l0GXuhLauBtFXTmLyKQ==,type:str] + SMTP_HOST: ENC[AES256_GCM,data:r0qbaUBB3CSUHR76,iv:TJIx71HW1aBB0sCEd1TB/tTgPBxLR1sdGAEf0t7Qilg=,tag:arXYtwVbIXVaUJpyommokQ==,type:str] + SMTP_USERNAME: ENC[AES256_GCM,data:lZ05DvSu,iv:Tyu7poao1shqKGd/sjTCgGNHU1xgRpjwjMRd+ArGf6o=,tag:dKms4G683JvFzja7YOwYKg==,type:str] + SMTP_PASSWORD: ENC[AES256_GCM,data:c9rnPIaKHIh2LNIJON3ib1IsA09OWGchDxRPRpvrtJw=,iv:08Acxl74lJbYtEEU6crVIYRXwkER8t1XPrhBA2PwEio=,tag:F0xrrt2PkBUMEyp7a81ssw==,type:str] + SMTP_PORT: ENC[AES256_GCM,data:MGmv,iv:IFg6oEncN0ICEmw96XL4EuPKqEZ6KLwU5FJYkveMSpY=,tag:kIVXlt0o5TfhOtRVqU/c4w==,type:str] + SMTP_IGNORE_TLS: ENC[AES256_GCM,data:ORAIWtg=,iv:6X4V3RDeYHrFdBTjsb3Ji0KWsZ2meL8ilqHNGQbcV/M=,tag:R87FgoQwqpes+0ejcOlrPg==,type:str] + #ENC[AES256_GCM,data:wEE3/SPsZqy9LATseOZG7LsCbjG5gY4VUT/TzxhHLJqcYP5I,iv:gcOA0XiUGWq15G4zTRPZ0qZ/XYMTjr+9krbOx0dwpeY=,tag:jd8LTiVT7UQShqMR9zZUZA==,type:comment] + SMTP_SECURE: ENC[AES256_GCM,data:PowbGhU=,iv:a1dK5AVySu749vPQvX9OLfMuD+tZkLNtXTMr17+4KuA=,tag:fuJQ7c4RBl25If01MSAmug==,type:str] + SMTP_DKIM_PRIVATKEY: null + SMTP_DKIM_DOMAINNAME: null + SMTP_DKIM_KEYSELECTOR: null + NEO4J_USERNAME: null + NEO4J_PASSWORD: null + REDIS_PASSWORD: null + neo4j: + env: + NEO4J_USERNAME: "" + NEO4J_PASSWORD: "" +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0MjZ5RGI0YTFIbDk3MnBs + ODN3RUg3ZVhsS1dEeDdodFJaQzg2RjFpcm1vClNzV1NwdEFwaXJnclRNVTJIbzVk + VEc3YUV4eWJLb04valdNV216SnhtbzQKLS0tIHpuR2JGZWp0WnNUdStuL1ZLU0FK + eGEreGNJTnU1OTgxL2ljVVRjUUxraEkKvkV7G56/GtJLbLVHvrq+rJ8npBckvww/ + Tq7/k/YmGV764d3Zb0Vs6TNJhoOvKF6sK645wrFlSzVNj51UxkhWYw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1llp6k66265q3rzqemxpnq0x3562u20989vcjf65fl9s3hjhgcscq6mhnjw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHWTI4M202SmlhbzJnckF3 + ODZrY3ZQQkRLZmQrNmg4Uys2d0JBWWJMWkN3CmNwUi9HT2VYd0paMnJScnFxSXB0 + YThaU2RqWFdHMXczQ1VmdFdJQmJSU00KLS0tIDk4TW5DdUNJY3dnS1JGQUluaTJw + d3ErbWdrZ2I3ZU1ZZGZBZ1JZU0lZMUEKnQHREjKUZ6a2+Es7SlLY46h4NPdeaE8c + w4My+za7IjGSyL6HKqxSBLUS4Q79cI3iBNu8SwikocmEkqQ/DWlC6g== + -----END AGE ENCRYPTED FILE----- + - recipient: age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhTmhYKzUyUGJnRHhjTU5m + TVVFOGl5d3ZFYzE4U216a1YvVUlXTGFvYTM4CkZaMTcvRk1CVDJwek9TT0UvOWMr + SWNrb0pvYTZaTHM4aGRpcG9odDhyUm8KLS0tIEkrSmc4V2c0Q0ltWkdRZWQ5NFEr + Y1VWV0JTRjVmWUU4U1pTZkVhbTVLREEKvCxhsCX//e7XawyJG3XeCGLOUqxCx9No + To4JGg10ciWcW0eqyP5lQfwdlECkmPapNz8gaf40DVpPDij5Nja+zA== + -----END AGE ENCRYPTED FILE----- + - recipient: age15arcg8x6ltnsacwalvny0h2d4d4wkdmax328mw3v5vda9zm97uqshtavmr + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTaHh6b3hpbFJrcHl6eHl6 + MkZmNUJWSTJRUFVNOHJaYld3QWUwSy93aEFNCjZTZnNZRlJRR3VEeXROOFBmY2Qz + SHF2bWMvdm5zNi92SUFlc2FZcFl1Y1kKLS0tIG4wYzdKTWFKaExiTVlFa0tRdzVs + bGFuMlF6bkw2Z1lGNmZTV1R0ZEs2T0EK78at74wFk1B5OgeMSKrGLl3sNiwrzitL + 0kcMVyxfV68mpjb0Cw2WtEUo0jFmKFXi7H5FbJeoPrDG0QFvIvgfsA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1khw2eps099audp3uu5s9rk07qznllh5c8a43gv5dtpnq2a7lue6qrehn5s + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJYXE0V2pFYnU5Slk5Nk5j + Snh2UElZajhMZnlZTjVkcFBSMnF2VFJ6TG40ClBFQzV4SUpUZTZaSWpRdXNIdDBq + ZHFUSG5uUHU0bXhhcEpCejh2elM1M2MKLS0tIEovMDdrUEs5blNvL3R0VGVaMVhw + Q3V1UmU0OUtWRmRuQ1dtMFROUDF6NG8KRJRymV0GaOW7sENEqYogNK2HeArsuY8Y + lVWepYYDoeRWwu7kmzORaEnW6G4m0F3rADfwMrQVTNvZ+1Xn/yFOXg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzbHhMUElKUWhFMERGVWpz + cFRwTVovOStYNUQ4czIxR25MUzNON2ZzRmc0CjNvOGd4bmdjWHhwdEMzTzJkQU1Y + SHJrZG1pQ3pmZnZxWXh4bjkwN3ZvVFEKLS0tIHRhVDgzUHNsMHYrV0RoWCtmR0Nl + Tkx0VFJpN1pZam4yeTNYU1Jnb1JyR1EKJSQYyAi9ZZr+njaXV/62nshPVLtWIcLY + pwP8ikur4tKrbyg7H+/f3+9jPsr2Jw3xxgkeS4GL+DsTwrGDEwoaiw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-10-09T15:57:09Z" + mac: ENC[AES256_GCM,data:VL7iP5uJIiwtFaVuZM88Hc9E5bkyO1kN88tAYd5HfGrTlNAKtINJZRL/ZeG+fNEFNyrtkxs5nfXeCSb0yNop66nWOLpupRBxHVt763Akp/YS/l3qH9UYaDUUkgtPg313pG1vNMiBxss0oE0CDEn+xBxuQFrWUPowG71JuBvHs/Q=,iv:8BE0rDKRBCB7CSVNZNE1wKmhYxiJhbCgI8hh5PACjQ0=,tag:4FUes7xDpSp/KF4AIJiM/A==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.0 diff --git a/helmfile/values/ocelot.yaml.gotmpl b/helmfile/values/ocelot.yaml.gotmpl new file mode 100644 index 0000000..3d4e796 --- /dev/null +++ b/helmfile/values/ocelot.yaml.gotmpl @@ -0,0 +1,41 @@ +domain: {{ .StateValues.domain }} + +cert_manager: + issuer: reformer-network-letsencrypt-prod + +cert_manager: + issuer: {{ .Release.Name }}-letsencrypt-prod + +underMaintenance: false + +global: + image: + pullPolicy: Always + +backend: + image: + repository: ghcr.io/ocelot-social-community/stage.ocelot.social/backend + tag: {{ .StateValues.image_tag }} + storage: "10Gi" + env: + PRODUCTION_DB_CLEAN_ALLOW: "true" + PUBLIC_REGISTRATION: "true" + INVITE_REGISTRATION: "true" + CATEGORIES_ACTIVE: + +webapp: + image: + repository: ghcr.io/ocelot-social-community/stage.ocelot.social/webapp + tag: {{ .StateValues.image_tag }} + +maintenance: + image: + repository: ghcr.io/ocelot-social-community/stage.ocelot.social/maintenance + tag: {{ .StateValues.image_tag }} + +neo4j: + image: + repository: ghcr.io/ocelot-social-community/ocelot-social/neo4j + tag: hetzner + storage: "5Gi" + storageBackups: "10Gi" diff --git a/kubeconfig.yaml.enc b/kubeconfig.yaml.enc deleted file mode 100644 index b12c470b3a60e61a913de1e40c1be76f44d6445a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1518 zcmV1!-lUHG3MH_wES4X3g+0*V+;h zVQAD;IZ|e^IV@*{1SGf^Z!l7b1&T)4*3`Z?rUaWmhFsOY-q1{O#<=(4RTV$im& zF$2ew1X&wiE_aXERHxzLw5dOwk!L3K z_5LBuI2{c(j$e4e4DbVI4h}-4%YBZq*=iUL4?D_ef7v}Bp`W92Yg)NlFs1a40yPCy z4s~y^=CFR+|0VGn=pF(zU~6-UWDC1{dQH-*Ixk^%B$HLe74M}?)tr{Fo(%-^G!G^7v(yyGY>1O z*bk8XjA*svl{i?6W)tw=Gy4$5Kbf+Nz?WLUPmle#MxvJYnM$UeK@5f0)uRIOYBmCm(+oW%LlTS#b0s&ULV0R+w>NXAL=MH#UUU zE~au)?MbpF0Ja*iIx|}|H#n3CS=kZvIih)9#dQ2BClYdMe*!7H#{0099UXuP6fuso z&moyALSAd#L}5|e5gEm1b+jkh1CWrv*l^-7hW+u^&a5@mB|h0vGJ`3cp;kz#oKr^9 zr71~P=G(DM7Q)C&lKCh8Q*|Xi_z`zQZd{iia@Ua^H8TU({wdp7QCq20zF-sUmj#TR zz&8>jXQ|OD7H6@*hIYvKTyILI7Wj1BYlGs5&b| zVd)OB8|^xRp=2XyLQ{^{O0bjm`CGPw6Z@>XWjE9*QxyqR?`Ok#01H{hgLt(f~yO#xDM>{69 zPl`U3BAUc`0oR8Ov6a5G1~f?0L-{XD#YRht3jb-7_9}*k`udAU+NUlh0|!SLUbDRH6uvC4Saa?hg|bo2M_v|Hud@Sj#{mN{bC!!M$Z=Ed zSbBs$!MGi0uc~l?6A|wv=@Dx>eqx$*9F`u|1}EM1U-zy-2lT+@?24ZzI%TV2`>+ed zKV3|ajGu_XgeA`k@W>xRHpyy4IHd00B!~FaI>N1JObjgsY|bTvsXRpFoB1u}fh}Wo zT!SzBkQ;i#PqMRCRBuKs{!Uw1JXHbKZxb85297LfOF%2%s7e%~Cz-OP`}_%YfVD@5 zf(wZzQLUj$`R?vV-f!A{gR+x;5O0;N6f?=@gB!4w_rFqZUfyZTpVlD^2lFgfV2nae z*I~<^#LC=kplu!7oqsqoz)j0!ld4ZRuX(0IQkUl!v_mtV4)$MKt2>c`9 z4`XROTq~?sE$fBW@co00;)8nS7A}PGY*1DLK(5UJu@tRor#Wt)i8I#)$L{8N%K>b{ U?5k#)C3Mc_WkX+YAJIGId-CJlW&i*H diff --git a/kubernetes/dns.values.yaml.enc b/kubernetes/dns.values.yaml.enc deleted file mode 100644 index 09dc5b4..0000000 --- a/kubernetes/dns.values.yaml.enc +++ /dev/null @@ -1,2 +0,0 @@ -  UgeC];W>v,k0\k:Hbˆv+î2һ$s/Rgݢd\FPcS@mp>h\TkgDڜ?;gKeE5#t -Q+W×juK!P6 `wő"%=/w˱7[@omD /2_f+6EKZ6?#q!eX0XNdb?0kSRRxdJD_+Ze22hgHs1wNMD5|=Q4 zU2@K%^4oZaqo9|}^iNT+7m%MKRurxI27`yGem$rK$2-Dp^rj~Yosz=TM~9B58N{14 z*;`12 z!b>W$Cu)9@Ls2MgLZW`LG7JWZ5lE`W*ucF6Ge}bkqmI-{v!3ZZMDS~(`;suw^6+2y zKj6W!g-+eDj3~J5lE&rR{Dd=M%*UwD40Z-qAwFtAaf67ez1NZ4dqR zovEbVBO2-zq5~k6z;$O4a&CTS6d!(_;cw~k$0Cy6L7oVAV7L5)UE+0vg}${<8mnYn znqcOe*$FGE`Fce|?82r`&YE_C;?S&gxnw0+?)uzhU74-lm=GW%e2(w}d#dpgs_J$W z%LJr9?gOWOdlt2LArai`%oy`Dh;@6xEHwrPG|A_26)(_32l+PS!|<)~nhS}TC=!}r zwZ8|_%B+d(hs#Jn*FTo-|2&)a-ksnj6&Oy{Ri-)n{o6(Uu{ok8*48r3q&z>izDN*B z5<^z`yIKW8UOQ~NOh%-^b9zJ9nz5g;WnADp$$x2lR%+88g}|v2mJtZ9EQ%51v?o^N z`fY1OSKii*tg1WI4Fgb1MgMV}z3E{ZxbMtp)RiJowCW4u*b z+TbVgFV~_eCrUFGL**LB4F&~`wXzJKjafJy7Nj%MD=~UP0XCIQ>vqWJU5m?kO*~rKn`36>5Hhg&Nc#;R?t#vdsZ+)^Rq$Hp7dMlh|0eFvq zL@9OFd9W^61)M#qCLu~IEiRCU%yS$V?xepzQ@Tliw&GOWVsH+l6_o+emEDaWrRwEL z0)uVo3H;^3QDi(FOk=_iNzs`9Y)5#H{_^S}e^VspzlY^<-N5z|Xt}L{pl& z?HNdL74GTqO`(t{;{ksLro+xlHuTfYgtv%* za4Zt-)ll}r8-h@!4M$^aMs8^(L8dd8dtYQ+Um)#YKLWl!dE6-HEA+eULRMS^2J37;c53FpCz8nY7?kI3)`-7x~}Eo2aqO!aKLe z;pPFzQtQ+rYn6oaF(a1Q@)1+r5pgZliOe6STSaFd;Kv>|WF0`U*=g`RTinfz&^YUP=2(M`S#m|QVXTo925y2|EinB8tBeYiDw8)O z$4GCYTEaG~8Kqk7y3Ep5WFN;Ve_5_cC zy1)*FtQ#X>Oyxk%>7x8a!5ML`CCoeNQ2Tn$!03wObaaa>oHd!b*H#+(?1-`|IQH*S zbway`NwRY6%h>EEi$d3O#FORN3B`?yOCz^do@&^oy};*2e_O^sV7@Rr4=S@*&`GPe zW8Pd>I~D~aCy|b}7~pr)V}&gz5|*&$vU0=D!Al~4ZGWn`bV*>d=Bj>_6u-xB=ax@| zxFRLa>(Zu4c>WN!U445bPYd*tc>^`;gv`wP_tUnxwhEd{OCW?o;6h4bgFxV5;+^u4 EL54neFaQ7m diff --git a/kubernetes/values.yaml.template b/kubernetes/values.yaml.template deleted file mode 100644 index 22e69ca..0000000 --- a/kubernetes/values.yaml.template +++ /dev/null @@ -1,129 +0,0 @@ -# please duplicate template file and rename to "values.yaml" and fill in your value - -# change all the below if needed -MAPBOX_TOKEN: "pk.eyJ1IjoiYnVzZmFrdG9yIiwiYSI6ImNraDNiM3JxcDBhaWQydG1uczhpZWtpOW4ifQ.7TNRTO-o9aK1Y6MyW_Nd4g" -PRODUCTION_DB_CLEAN_ALLOW: false # only true for production environments on staging servers -PUBLIC_REGISTRATION: false -INVITE_REGISTRATION: false -COOKIE_EXPIRE_TIME: 730 # days (730 days, two years is the default in main code) -CATEGORIES_ACTIVE: false - -BACKEND: - # change all the below if needed - # DOCKER_IMAGE_REPO - change that to your branded docker image - # label is appended based on .Chart.appVersion - DOCKER_IMAGE_REPO: "ocelotsocialnetwork/backend-branded" - CLIENT_URI: "https://staging.ocelot.social" - # create a new one for your network - JWT_SECRET: "b/&&7b78BF&fv/Vd" - PRIVATE_KEY_PASSPHRASE: "a7dsf78sadg87ad87sfagsadg78" - # ocelot.social mail dummy - EMAIL_DEFAULT_SENDER: "devops@ocelot.social" - SMTP_HOST: "mail.ocelot.social" - SMTP_USERNAME: "devops@ocelot.social" - SMTP_PASSWORD: "devops@ocelot.social" - SMTP_PORT: "587" - SMTP_IGNORE_TLS: 'false' - SMTP_SECURE: 'false' # true for 465, false for other ports - # or - # SMTP_PORT: "465" - # SMTP_IGNORE_TLS: 'true' - # SMTP_SECURE: 'true' # true for 465, false for other ports - # optional - SMTP_DKIM_DOMAINNAME: ocelot.social - SMTP_DKIM_KEYSELECTOR: 2017 - # all newlines in one line with "\\n". multi line doesn't work with Helm - SMTP_DKIM_PRIVATKEY: "-----BEGIN RSA PRIVATE KEY-----\\n\\n-----END RSA PRIVATE KEY-----\\n" - - # most likely you don't need to change this - MIN_READY_SECONDS: "15" - PROGRESS_DEADLINE_SECONDS: "60" - REVISIONS_HISTORY_LIMIT: "25" - CONTAINER_RESTART_POLICY: "Always" - CONTAINER_TERMINATION_GRACE_PERIOD_SECONDS: "30" - DOCKER_IMAGE_PULL_POLICY: "Always" - STORAGE_UPLOADS: "25Gi" - RESOURCE_REQUESTS_MEMORY: "1G" - RESOURCE_LIMITS_MEMORY: "2G" - -WEBAPP: - # change all the below if needed - # DOCKER_IMAGE_REPO - change that to your branded docker image - # label is appended based on .Chart.appVersion - DOCKER_IMAGE_REPO: "ocelotsocialnetwork/webapp-branded" - WEBSOCKETS_URI: "wss://staging.ocelot.social/api/graphql" - - # Most likely you don't need to change this - REPLICAS: "2" - MIN_READY_SECONDS: "15" - PROGRESS_DEADLINE_SECONDS: "60" - REVISIONS_HISTORY_LIMIT: "25" - CONTAINER_RESTART_POLICY: "Always" - CONTAINER_TERMINATION_GRACE_PERIOD_SECONDS: "30" - DOCKER_IMAGE_PULL_POLICY: "Always" - RESOURCE_REQUESTS_MEMORY: "1G" - RESOURCE_LIMITS_MEMORY: "2G" - -NEO4J: - # most likely you don't need to change this - REVISIONS_HISTORY_LIMIT: "25" - DOCKER_IMAGE_REPO: "ocelotsocialnetwork/neo4j-community-branded" - DOCKER_IMAGE_PULL_POLICY: "Always" - CONTAINER_RESTART_POLICY: "Always" - CONTAINER_TERMINATION_GRACE_PERIOD_SECONDS: "30" - STORAGE: "5Gi" - RESOURCE_REQUESTS_MEMORY: "2G" - RESOURCE_LIMITS_MEMORY: "4G" - # required for Neo4j Enterprice version - #ACCEPT_LICENSE_AGREEMENT: "yes" - ACCEPT_LICENSE_AGREEMENT: "no" - AUTH: "none" - #DBMS_CONNECTOR_BOLT_THREAD_POOL_MAX_SIZE: "10000" # hc value - DBMS_CONNECTOR_BOLT_THREAD_POOL_MAX_SIZE: "400" # default value - #DBMS_MEMORY_HEAP_INITIAL_SIZE: "500MB" # HC value - DBMS_MEMORY_HEAP_INITIAL_SIZE: "" # default - #DBMS_MEMORY_HEAP_MAX_SIZE: "500MB" # HC value - DBMS_MEMORY_HEAP_MAX_SIZE: "" # default - #DBMS_MEMORY_PAGECACHE_SIZE: "490M" # HC value - DBMS_MEMORY_PAGECACHE_SIZE: "" # default - #APOC_IMPORT_FILE_ENABLED: "true" # HC value - APOC_IMPORT_FILE_ENABLED: "false" # default - DBMS_SECURITY_PROCEDURES_UNRESTRICTED: "algo.*,apoc.*" - -MAINTENANCE: - # change all the below if needed - # DOCKER_IMAGE_REPO - change that to your branded docker image - # label is appended based on .Chart.appVersion - DOCKER_IMAGE_REPO: "ocelotsocialnetwork/maintenance-branded" - - # Most likely you don't need to change this - REVISIONS_HISTORY_LIMIT: "25" - CONTAINER_RESTART_POLICY: "Always" - CONTAINER_TERMINATION_GRACE_PERIOD_SECONDS: "30" - DOCKER_IMAGE_PULL_POLICY: "Always" - RESOURCE_REQUESTS_MEMORY: "500M" - RESOURCE_LIMITS_MEMORY: "1G" - -LETSENCRYPT: - # change all the below if needed - # ISSUER is used by cert-manager to set up certificates with the given provider. - # change it to "letsencrypt-production" once you are ready to have valid cetrificates. - # Be aware that the is an issuing limit with letsencrypt, so a dry run with staging might be wise - ISSUER: "letsencrypt-staging" - EMAIL: "devops@ocelot.social" - DOMAINS: - - "staging.ocelot.social" - - "www.staging.ocelot.social" - -NGINX: - # most likely you don't need to change this - PROXY_BODY_SIZE: "10m" - -STORAGE: - # change all the below if needed - PROVISIONER: "dobs.csi.digitalocean.com" - - # most likely you don't need to change this - RECLAIM_POLICY: "Retain" - VOLUME_BINDING_MODE: "Immediate" - ALLOW_VOLUME_EXPANSION: true \ No newline at end of file From 0fec341e823b3fcc4c83a5747d416c6712bcf72f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Sat, 26 Oct 2024 20:36:32 +0200 Subject: [PATCH 65/89] chore: empty commit to test wei:pull github app From f066a4ea37021e2f97c37748db6096cd7004e2eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Sat, 26 Oct 2024 22:08:58 +0200 Subject: [PATCH 66/89] maintenance mode --- helmfile/values/ocelot.yaml.gotmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helmfile/values/ocelot.yaml.gotmpl b/helmfile/values/ocelot.yaml.gotmpl index 3d4e796..da91fd6 100644 --- a/helmfile/values/ocelot.yaml.gotmpl +++ b/helmfile/values/ocelot.yaml.gotmpl @@ -6,7 +6,7 @@ cert_manager: cert_manager: issuer: {{ .Release.Name }}-letsencrypt-prod -underMaintenance: false +underMaintenance: true global: image: From 013893910310c56bb9d788eace7d9eb094e52d4b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Sat, 26 Oct 2024 22:30:24 +0200 Subject: [PATCH 67/89] remove prometheus prometheu should be installed centrally --- helmfile/helmfile.yaml.gotmpl | 6 ------ 1 file changed, 6 deletions(-) diff --git a/helmfile/helmfile.yaml.gotmpl b/helmfile/helmfile.yaml.gotmpl index 2120cf1..34e6f84 100644 --- a/helmfile/helmfile.yaml.gotmpl +++ b/helmfile/helmfile.yaml.gotmpl @@ -11,8 +11,6 @@ environments: - ./environments/production.yaml.gotmpl --- repositories: - - name: prometheus-community - url: https://prometheus-community.github.io/helm-charts - name: ocelot-social url: git+https://github.com/Ocelot-Social-Community/Ocelot-Social@deployment/hetzner/helmfile/ocelot-social?ref=hetzner @@ -20,10 +18,6 @@ apiVersions: - monitoring.coreos.com/v1 releases: - - name: prometheus - namespace: monitoring - chart: prometheus-community/kube-prometheus-stack - - name: ocelot-social namespace: {{ .StateValues.namespace }} chart: ocelot-social/ocelot-social From 72ec5d4e2b718a1088a83485ef51372b34c33227 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Sat, 26 Oct 2024 22:32:04 +0200 Subject: [PATCH 68/89] undo maintenance mode --- helmfile/values/ocelot.yaml.gotmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helmfile/values/ocelot.yaml.gotmpl b/helmfile/values/ocelot.yaml.gotmpl index da91fd6..3d4e796 100644 --- a/helmfile/values/ocelot.yaml.gotmpl +++ b/helmfile/values/ocelot.yaml.gotmpl @@ -6,7 +6,7 @@ cert_manager: cert_manager: issuer: {{ .Release.Name }}-letsencrypt-prod -underMaintenance: true +underMaintenance: false global: image: From 5b0e1ab07dbc95a8d6b6dddac71bb4cb4e29fc18 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Sat, 26 Oct 2024 23:57:26 +0200 Subject: [PATCH 69/89] fix oversights --- helmfile/environments/staging.yaml.gotmpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helmfile/environments/staging.yaml.gotmpl b/helmfile/environments/staging.yaml.gotmpl index 856b3b4..86a316d 100644 --- a/helmfile/environments/staging.yaml.gotmpl +++ b/helmfile/environments/staging.yaml.gotmpl @@ -1,5 +1,5 @@ {{ $image_tag:= env "IMAGE_TAG" | default (exec "../scripts/image_tag.sh" (list) | trim) }} -domain: reformer-network-staging.roschaefer.de -namespace: reformer-network-staging +domain: ocelot-social.roschaefer.de +namespace: ocelot-staging image_tag: {{ $image_tag }} From 841bc4d66a48d387f051c7f3fe5c1eb6ca05e67c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Sun, 27 Oct 2024 15:26:53 +0100 Subject: [PATCH 70/89] update to new interfaces --- .github/workflows/{push.yml => publish.yml} | 32 ++++++++++++++------- docker/backend.Dockerfile | 4 +-- docker/maintenance.Dockerfile | 4 +-- docker/webapp.Dockerfile | 4 +-- helmfile/environments/default.yaml.gotmpl | 5 ---- helmfile/environments/staging.yaml.gotmpl | 6 ++-- helmfile/helmfile.yaml.gotmpl | 8 +----- helmfile/scripts/image_tag.sh | 2 -- 8 files changed, 30 insertions(+), 35 deletions(-) rename .github/workflows/{push.yml => publish.yml} (69%) delete mode 100644 helmfile/environments/default.yaml.gotmpl delete mode 100755 helmfile/scripts/image_tag.sh diff --git a/.github/workflows/push.yml b/.github/workflows/publish.yml similarity index 69% rename from .github/workflows/push.yml rename to .github/workflows/publish.yml index 20c4576..f7a6f43 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/publish.yml @@ -1,6 +1,16 @@ name: publish -on: push +on: + workflow_dispatch: + inputs: + ocelot_version: + description: Ocelot build image version + required: true + type: string + deploy: + description: Deploy to cluster + required: true + type: boolean jobs: build-and-push-images: @@ -38,13 +48,13 @@ jobs: with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | - type=schedule - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{major}} - type=ref,event=branch - type=ref,event=pr - type=sha + type=schedule,prefix=ocelot-${{ inputs.ocelot_version }}--branded- + type=semver,pattern={{version}},prefix=ocelot-${{ inputs.ocelot_version }}--branded- + type=semver,pattern={{major}}.{{minor}},prefix=ocelot-${{ inputs.ocelot_version }}--branded- + type=semver,pattern={{major}},prefix=ocelot-${{ inputs.ocelot_version }}--branded- + type=ref,event=branch,prefix=ocelot-${{ inputs.ocelot_version }}--branded- + type=ref,event=pr,prefix=ocelot-${{ inputs.ocelot_version }}--branded- + type=sha,prefix=ocelot-${{ inputs.ocelot_version }}--branded-sha- - name: Build and push Docker images id: push uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 @@ -53,13 +63,13 @@ jobs: context: . push: true build-args: | - OCELOT_VERSION=hetzner + OCELOT_VERSION=${{ inputs.ocelot_version }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} deploy-to-kubernetes: runs-on: ubuntu-latest - if: github.ref == 'refs/heads/staging' + if: ${{ inputs.deploy }} needs: build-and-push-images steps: - uses: mdgreenwald/mozilla-sops-action@d9714e521cbaecdae64a89d2fdd576dd2aa97056 # v1.6.0 @@ -73,7 +83,7 @@ jobs: mkdir -p ~/.kube sops decrypt ./helmfile/secrets/kubeconfig > ~/.kube/config chmod 600 ~/.kube/config - # - run: echo "IMAGE_TAG=sha-$(echo $GITHUB_SHA | cut -c 1-7)" >> $GITHUB_ENV + - run: echo "IMAGE_TAG=ocelot-${{ inputs.ocelot_version }}--branded-sha-$(echo $GITHUB_SHA | cut -c 1-7)" >> $GITHUB_ENV - uses: helmfile/helmfile-action@80fbb6408b98822310f94d8d1321a2cacf87f78f #v1.9.2 with: helmfile-args: apply --environment staging diff --git a/docker/backend.Dockerfile b/docker/backend.Dockerfile index e152205..5e5fbda 100644 --- a/docker/backend.Dockerfile +++ b/docker/backend.Dockerfile @@ -1,6 +1,6 @@ ARG OCELOT_VERSION=master -FROM ghcr.io/ocelot-social-community/ocelot-social/backend:${OCELOT_VERSION}-code AS build +FROM ghcr.io/ocelot-social-community/ocelot-social/backend-build:${OCELOT_VERSION} AS build -FROM ghcr.io/ocelot-social-community/ocelot-social/backend:${OCELOT_VERSION}-base AS branded +FROM ghcr.io/ocelot-social-community/ocelot-social/backend-base:${OCELOT_VERSION} AS branded COPY --from=build /build . diff --git a/docker/maintenance.Dockerfile b/docker/maintenance.Dockerfile index 32ae532..b471bbd 100644 --- a/docker/maintenance.Dockerfile +++ b/docker/maintenance.Dockerfile @@ -1,7 +1,7 @@ ARG OCELOT_VERSION=master -FROM ghcr.io/ocelot-social-community/ocelot-social/maintenance:${OCELOT_VERSION}-code AS build +FROM ghcr.io/ocelot-social-community/ocelot-social/maintenance-build:${OCELOT_VERSION} AS build -FROM nginx:alpine AS branded +FROM ghcr.io/ocelot-social-community/ocelot-social/maintenance-base:${OCELOT_VERSION} AS branded COPY --from=build ./app/dist/ /usr/share/nginx/html/ COPY --from=build ./app/maintenance/nginx/custom.conf /etc/nginx/conf.d/default.conf diff --git a/docker/webapp.Dockerfile b/docker/webapp.Dockerfile index e4abd38..1a6b024 100644 --- a/docker/webapp.Dockerfile +++ b/docker/webapp.Dockerfile @@ -1,6 +1,6 @@ ARG OCELOT_VERSION=master -FROM ghcr.io/ocelot-social-community/ocelot-social/webapp:${OCELOT_VERSION}-code AS build +FROM ghcr.io/ocelot-social-community/ocelot-social/webapp-build:${OCELOT_VERSION} AS build -FROM ghcr.io/ocelot-social-community/ocelot-social/webapp:${OCELOT_VERSION}-base AS branded +FROM ghcr.io/ocelot-social-community/ocelot-social/webapp-base:${OCELOT_VERSION} AS branded COPY --from=build /build . diff --git a/helmfile/environments/default.yaml.gotmpl b/helmfile/environments/default.yaml.gotmpl deleted file mode 100644 index 86a316d..0000000 --- a/helmfile/environments/default.yaml.gotmpl +++ /dev/null @@ -1,5 +0,0 @@ -{{ $image_tag:= env "IMAGE_TAG" | default (exec "../scripts/image_tag.sh" (list) | trim) }} - -domain: ocelot-social.roschaefer.de -namespace: ocelot-staging -image_tag: {{ $image_tag }} diff --git a/helmfile/environments/staging.yaml.gotmpl b/helmfile/environments/staging.yaml.gotmpl index 86a316d..cc64193 100644 --- a/helmfile/environments/staging.yaml.gotmpl +++ b/helmfile/environments/staging.yaml.gotmpl @@ -1,5 +1,3 @@ -{{ $image_tag:= env "IMAGE_TAG" | default (exec "../scripts/image_tag.sh" (list) | trim) }} - -domain: ocelot-social.roschaefer.de +domain: staging.ocelot-social.roschaefer.de namespace: ocelot-staging -image_tag: {{ $image_tag }} +image_tag: {{ requiredEnv "IMAGE_TAG" }} diff --git a/helmfile/helmfile.yaml.gotmpl b/helmfile/helmfile.yaml.gotmpl index 34e6f84..b1022f5 100644 --- a/helmfile/helmfile.yaml.gotmpl +++ b/helmfile/helmfile.yaml.gotmpl @@ -1,18 +1,12 @@ --- environments: - default: - values: - - ./environments/default.yaml.gotmpl staging: values: - ./environments/staging.yaml.gotmpl - production: - values: - - ./environments/production.yaml.gotmpl --- repositories: - name: ocelot-social - url: git+https://github.com/Ocelot-Social-Community/Ocelot-Social@deployment/hetzner/helmfile/ocelot-social?ref=hetzner + url: git+https://github.com/Ocelot-Social-Community/Ocelot-Social@deployment/helm/chart?ref=hetzner apiVersions: - monitoring.coreos.com/v1 diff --git a/helmfile/scripts/image_tag.sh b/helmfile/scripts/image_tag.sh deleted file mode 100755 index f921945..0000000 --- a/helmfile/scripts/image_tag.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/usr/bin/env bash -echo "sha-$(git rev-parse HEAD | cut -c 1-7)" From d2a56c433464ff723e526461f1b469d44206b658 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Sun, 27 Oct 2024 20:48:46 +0100 Subject: [PATCH 71/89] refactor: turn staging into default environment --- .github/workflows/publish.yml | 2 +- .../environments/{staging.yaml.gotmpl => default.yaml.gotmpl} | 0 helmfile/helmfile.yaml.gotmpl | 4 ++-- 3 files changed, 3 insertions(+), 3 deletions(-) rename helmfile/environments/{staging.yaml.gotmpl => default.yaml.gotmpl} (100%) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index f7a6f43..12c679b 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -86,7 +86,7 @@ jobs: - run: echo "IMAGE_TAG=ocelot-${{ inputs.ocelot_version }}--branded-sha-$(echo $GITHUB_SHA | cut -c 1-7)" >> $GITHUB_ENV - uses: helmfile/helmfile-action@80fbb6408b98822310f94d8d1321a2cacf87f78f #v1.9.2 with: - helmfile-args: apply --environment staging + helmfile-args: apply helmfile-workdirectory: ./helmfile helm-plugins: > https://github.com/databus23/helm-diff, diff --git a/helmfile/environments/staging.yaml.gotmpl b/helmfile/environments/default.yaml.gotmpl similarity index 100% rename from helmfile/environments/staging.yaml.gotmpl rename to helmfile/environments/default.yaml.gotmpl diff --git a/helmfile/helmfile.yaml.gotmpl b/helmfile/helmfile.yaml.gotmpl index b1022f5..9f4764b 100644 --- a/helmfile/helmfile.yaml.gotmpl +++ b/helmfile/helmfile.yaml.gotmpl @@ -1,8 +1,8 @@ --- environments: - staging: + default: values: - - ./environments/staging.yaml.gotmpl + - ./environments/default.yaml.gotmpl --- repositories: - name: ocelot-social From 67cfcc9590172b526727ef6b62eb3c12f88cfa66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Sun, 27 Oct 2024 21:24:36 +0100 Subject: [PATCH 72/89] better image tagging in helmfile --- .github/workflows/publish.yml | 3 ++- helmfile/environments/default.yaml.gotmpl | 5 ++++- helmfile/scripts/image_tag.sh | 2 ++ 3 files changed, 8 insertions(+), 2 deletions(-) create mode 100755 helmfile/scripts/image_tag.sh diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 12c679b..7a60a5b 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -83,9 +83,10 @@ jobs: mkdir -p ~/.kube sops decrypt ./helmfile/secrets/kubeconfig > ~/.kube/config chmod 600 ~/.kube/config - - run: echo "IMAGE_TAG=ocelot-${{ inputs.ocelot_version }}--branded-sha-$(echo $GITHUB_SHA | cut -c 1-7)" >> $GITHUB_ENV - uses: helmfile/helmfile-action@80fbb6408b98822310f94d8d1321a2cacf87f78f #v1.9.2 with: + env: + OCELOT_IMAGE_TAG: ${{ inputs.ocelot_version }} helmfile-args: apply helmfile-workdirectory: ./helmfile helm-plugins: > diff --git a/helmfile/environments/default.yaml.gotmpl b/helmfile/environments/default.yaml.gotmpl index cc64193..35beae5 100644 --- a/helmfile/environments/default.yaml.gotmpl +++ b/helmfile/environments/default.yaml.gotmpl @@ -1,3 +1,6 @@ +{{ $branded_image_tag:= env "BRANDED_IMAGE_TAG" | default (exec "../scripts/image_tag.sh" (list) | trim) }} +{{ $ocelot_image_tag := env "OCELOT_IMAGE_TAG" | default "master" }} + domain: staging.ocelot-social.roschaefer.de namespace: ocelot-staging -image_tag: {{ requiredEnv "IMAGE_TAG" }} +image_tag: {{ env "IMAGE_TAG" | default (printf "ocelot-%s--branded-%s" $ocelot_image_tag $branded_image_tag) }} diff --git a/helmfile/scripts/image_tag.sh b/helmfile/scripts/image_tag.sh new file mode 100755 index 0000000..f921945 --- /dev/null +++ b/helmfile/scripts/image_tag.sh @@ -0,0 +1,2 @@ +#!/usr/bin/env bash +echo "sha-$(git rev-parse HEAD | cut -c 1-7)" From 5d0da1e282969e290c6805658e2d156fbad1e5ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Sun, 27 Oct 2024 21:28:57 +0100 Subject: [PATCH 73/89] obsolete code --- helmfile/helmfile.yaml.gotmpl | 3 --- 1 file changed, 3 deletions(-) diff --git a/helmfile/helmfile.yaml.gotmpl b/helmfile/helmfile.yaml.gotmpl index 9f4764b..72fef8c 100644 --- a/helmfile/helmfile.yaml.gotmpl +++ b/helmfile/helmfile.yaml.gotmpl @@ -8,9 +8,6 @@ repositories: - name: ocelot-social url: git+https://github.com/Ocelot-Social-Community/Ocelot-Social@deployment/helm/chart?ref=hetzner -apiVersions: - - monitoring.coreos.com/v1 - releases: - name: ocelot-social namespace: {{ .StateValues.namespace }} From e971592128d364cc0109708015115af495f3ba1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Sun, 27 Oct 2024 21:38:55 +0100 Subject: [PATCH 74/89] fix worfklow --- .github/workflows/publish.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 7a60a5b..cf2bde4 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -84,9 +84,9 @@ jobs: sops decrypt ./helmfile/secrets/kubeconfig > ~/.kube/config chmod 600 ~/.kube/config - uses: helmfile/helmfile-action@80fbb6408b98822310f94d8d1321a2cacf87f78f #v1.9.2 + env: + OCELOT_IMAGE_TAG: ${{ inputs.ocelot_version }} with: - env: - OCELOT_IMAGE_TAG: ${{ inputs.ocelot_version }} helmfile-args: apply helmfile-workdirectory: ./helmfile helm-plugins: > From 57e7615c2533b267e685f353e82ca86962fe1154 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Mon, 28 Oct 2024 10:53:42 +0100 Subject: [PATCH 75/89] feat: docker-compose.yml for branding --- .gitignore | 1 + docker-compose.yml | 52 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100644 .gitignore create mode 100644 docker-compose.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4c49bd7 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.env diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..c524a5e --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,52 @@ +services: + webapp: + image: ghcr.io/ocelot-social-community/stage.ocelot.social/webapp:ocelot-${OCELOT_VERSION:-master}--branded-${BRANDED_VERSION:-master} + build: + context: . + dockerfile: ./docker/backend.Dockerfile + target: branded + args: + OCELOT_VERSION: ${OCELOT_VERSION:-master} + environment: + GRAPHQL_URI: http://backend:4000 + ports: + - 3000:3000 + depends_on: + - backend + + backend: + image: ghcr.io/ocelot-social-community/stage.ocelot.social/backend:ocelot-${OCELOT_VERSION:-master}--branded-${BRANDED_VERSION:-master} + build: + context: . + dockerfile: ./docker/webapp.Dockerfile + target: branded + args: + OCELOT_VERSION: ${OCELOT_VERSION:-master} + environment: + CLIENT_URI: http://localhost:3000 + GRAPHQL_URI: http://backend:4000 + NEO4J_URI: bolt://neo4j:7687 + ports: + - 4000:4000 + depends_on: + - neo4j + + maintenance: + image: ghcr.io/ocelot-social-community/stage.ocelot.social/maintenance:ocelot-${OCELOT_VERSION:-master}--branded-${BRANDED_VERSION:-master} + build: + context: . + dockerfile: ./docker/maintenance.Dockerfile + target: branded + args: + OCELOT_VERSION: ${OCELOT_VERSION:-master} + ports: + - 3001:80 + + neo4j: + image: ghcr.io/ocelot-social-community/ocelot-social/neo4j:${OCELOT_VERSION:-master} + environment: + NEO4J_AUTH: none + NEO4J_dbms_allow__format__migration: "true" + NEO4J_dbms_allow__upgrade: "true" + NEO4J_dbms_security_procedures_unrestricted: algo.*,apoc.* + From 78e7f7b3b799213fa74acf89c632f0f117d0b54f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Mon, 28 Oct 2024 14:19:53 +0100 Subject: [PATCH 76/89] feat: use checked in OCELOT_VERSION `workflow_dispatch` only works on the default branch which is inconvenient for development --- .env | 1 + .github/workflows/publish.yml | 34 +++++++------------ .gitignore | 1 - helmfile/environments/default.yaml.gotmpl | 4 +-- .../{image_tag.sh => branded_image_tag.sh} | 0 helmfile/scripts/ocelot_image_tag.sh | 6 ++++ 6 files changed, 21 insertions(+), 25 deletions(-) create mode 100644 .env delete mode 100644 .gitignore rename helmfile/scripts/{image_tag.sh => branded_image_tag.sh} (100%) create mode 100755 helmfile/scripts/ocelot_image_tag.sh diff --git a/.env b/.env new file mode 100644 index 0000000..76a9ce4 --- /dev/null +++ b/.env @@ -0,0 +1 @@ +OCELOT_VERSION=sha-80ff4ef diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index cf2bde4..f67f8cb 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,16 +1,6 @@ name: publish -on: - workflow_dispatch: - inputs: - ocelot_version: - description: Ocelot build image version - required: true - type: string - deploy: - description: Deploy to cluster - required: true - type: boolean +on: push jobs: build-and-push-images: @@ -42,19 +32,21 @@ jobs: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Read $OCELOT_VERSION from file + run: cat .env >> $GITHUB_ENV - name: Extract metadata (tags, labels) for Docker id: meta uses: docker/metadata-action@70b2cdc6480c1a8b86edf1777157f8f437de2166 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | - type=schedule,prefix=ocelot-${{ inputs.ocelot_version }}--branded- - type=semver,pattern={{version}},prefix=ocelot-${{ inputs.ocelot_version }}--branded- - type=semver,pattern={{major}}.{{minor}},prefix=ocelot-${{ inputs.ocelot_version }}--branded- - type=semver,pattern={{major}},prefix=ocelot-${{ inputs.ocelot_version }}--branded- - type=ref,event=branch,prefix=ocelot-${{ inputs.ocelot_version }}--branded- - type=ref,event=pr,prefix=ocelot-${{ inputs.ocelot_version }}--branded- - type=sha,prefix=ocelot-${{ inputs.ocelot_version }}--branded-sha- + type=schedule,prefix=ocelot-${{ env.OCELOT_VERSION }}--branded- + type=semver,pattern={{version}},prefix=ocelot-${{ env.OCELOT_VERSION }}--branded- + type=semver,pattern={{major}}.{{minor}},prefix=ocelot-${{ env.OCELOT_VERSION }}--branded- + type=semver,pattern={{major}},prefix=ocelot-${{ env.OCELOT_VERSION }}--branded- + type=ref,event=branch,prefix=ocelot-${{ env.OCELOT_VERSION }}--branded- + type=ref,event=pr,prefix=ocelot-${{ env.OCELOT_VERSION }}--branded- + type=sha,prefix=ocelot-${{ env.OCELOT_VERSION }}--branded-sha- - name: Build and push Docker images id: push uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 @@ -63,13 +55,13 @@ jobs: context: . push: true build-args: | - OCELOT_VERSION=${{ inputs.ocelot_version }} + OCELOT_VERSION=${{ env.OCELOT_VERSION }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} deploy-to-kubernetes: runs-on: ubuntu-latest - if: ${{ inputs.deploy }} + if: ${{ github.ref == 'refs/tags/staging' }} needs: build-and-push-images steps: - uses: mdgreenwald/mozilla-sops-action@d9714e521cbaecdae64a89d2fdd576dd2aa97056 # v1.6.0 @@ -84,8 +76,6 @@ jobs: sops decrypt ./helmfile/secrets/kubeconfig > ~/.kube/config chmod 600 ~/.kube/config - uses: helmfile/helmfile-action@80fbb6408b98822310f94d8d1321a2cacf87f78f #v1.9.2 - env: - OCELOT_IMAGE_TAG: ${{ inputs.ocelot_version }} with: helmfile-args: apply helmfile-workdirectory: ./helmfile diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 4c49bd7..0000000 --- a/.gitignore +++ /dev/null @@ -1 +0,0 @@ -.env diff --git a/helmfile/environments/default.yaml.gotmpl b/helmfile/environments/default.yaml.gotmpl index 35beae5..ff14844 100644 --- a/helmfile/environments/default.yaml.gotmpl +++ b/helmfile/environments/default.yaml.gotmpl @@ -1,5 +1,5 @@ -{{ $branded_image_tag:= env "BRANDED_IMAGE_TAG" | default (exec "../scripts/image_tag.sh" (list) | trim) }} -{{ $ocelot_image_tag := env "OCELOT_IMAGE_TAG" | default "master" }} +{{ $branded_image_tag:= env "BRANDED_IMAGE_TAG" | default (exec "../scripts/branded_image_tag.sh" (list) | trim) }} +{{ $ocelot_image_tag := env "OCELOT_IMAGE_TAG" | default (exec "../scripts/ocelot_image_tag.sh" (list) | trim) }} domain: staging.ocelot-social.roschaefer.de namespace: ocelot-staging diff --git a/helmfile/scripts/image_tag.sh b/helmfile/scripts/branded_image_tag.sh similarity index 100% rename from helmfile/scripts/image_tag.sh rename to helmfile/scripts/branded_image_tag.sh diff --git a/helmfile/scripts/ocelot_image_tag.sh b/helmfile/scripts/ocelot_image_tag.sh new file mode 100755 index 0000000..6cc9baa --- /dev/null +++ b/helmfile/scripts/ocelot_image_tag.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash +SCRIPT_PATH=$(realpath $0) +SCRIPT_DIR=$(dirname $SCRIPT_PATH) + +set -a; . ${SCRIPT_DIR}/../../.env; set +a; +echo $OCELOT_VERSION From 6894b57008d6087b6bc25b811a31436e0803f3d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Mon, 28 Oct 2024 21:17:24 +0100 Subject: [PATCH 77/89] tagging is actually unnecessaryand and can be done later --- docker-compose.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index c524a5e..d73b131 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,6 +1,6 @@ services: webapp: - image: ghcr.io/ocelot-social-community/stage.ocelot.social/webapp:ocelot-${OCELOT_VERSION:-master}--branded-${BRANDED_VERSION:-master} + image: ghcr.io/ocelot-social-community/stage.ocelot.social/webapp build: context: . dockerfile: ./docker/backend.Dockerfile @@ -15,7 +15,7 @@ services: - backend backend: - image: ghcr.io/ocelot-social-community/stage.ocelot.social/backend:ocelot-${OCELOT_VERSION:-master}--branded-${BRANDED_VERSION:-master} + image: ghcr.io/ocelot-social-community/stage.ocelot.social/backend build: context: . dockerfile: ./docker/webapp.Dockerfile @@ -32,7 +32,7 @@ services: - neo4j maintenance: - image: ghcr.io/ocelot-social-community/stage.ocelot.social/maintenance:ocelot-${OCELOT_VERSION:-master}--branded-${BRANDED_VERSION:-master} + image: ghcr.io/ocelot-social-community/stage.ocelot.social/maintenance build: context: . dockerfile: ./docker/maintenance.Dockerfile @@ -43,7 +43,7 @@ services: - 3001:80 neo4j: - image: ghcr.io/ocelot-social-community/ocelot-social/neo4j:${OCELOT_VERSION:-master} + image: ghcr.io/ocelot-social-community/ocelot-social/neo4j environment: NEO4J_AUTH: none NEO4J_dbms_allow__format__migration: "true" From 8e2884ced67a8277c7566bde3c314a1fa01adc3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Mon, 28 Oct 2024 22:11:54 +0100 Subject: [PATCH 78/89] fix docker-compose.yml --- docker-compose.yml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index d73b131..2fe9141 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,12 +3,15 @@ services: image: ghcr.io/ocelot-social-community/stage.ocelot.social/webapp build: context: . - dockerfile: ./docker/backend.Dockerfile + dockerfile: ./docker/webapp.Dockerfile target: branded args: OCELOT_VERSION: ${OCELOT_VERSION:-master} environment: - GRAPHQL_URI: http://backend:4000 + HOST: 0.0.0.0 + WEBSOCKETS_URI: ws://localhost:3000/api/graphql + GRAPHQL_URI: http://backend:4000/ + MAPBOX_TOKEN: "pk.eyJ1IjoiYnVzZmFrdG9yIiwiYSI6ImNraDNiM3JxcDBhaWQydG1uczhpZWtpOW4ifQ.7TNRTO-o9aK1Y6MyW_Nd4g" ports: - 3000:3000 depends_on: @@ -18,7 +21,7 @@ services: image: ghcr.io/ocelot-social-community/stage.ocelot.social/backend build: context: . - dockerfile: ./docker/webapp.Dockerfile + dockerfile: ./docker/backend.Dockerfile target: branded args: OCELOT_VERSION: ${OCELOT_VERSION:-master} @@ -26,6 +29,9 @@ services: CLIENT_URI: http://localhost:3000 GRAPHQL_URI: http://backend:4000 NEO4J_URI: bolt://neo4j:7687 + MAPBOX_TOKEN: "pk.eyJ1IjoiYnVzZmFrdG9yIiwiYSI6ImNraDNiM3JxcDBhaWQydG1uczhpZWtpOW4ifQ.7TNRTO-o9aK1Y6MyW_Nd4g" + JWT_SECRET: "b/&&7b78BF&fv/Vd" + PRIVATE_KEY_PASSPHRASE: "a7dsf78sadg87ad87sfagsadg78" ports: - 4000:4000 depends_on: @@ -43,7 +49,7 @@ services: - 3001:80 neo4j: - image: ghcr.io/ocelot-social-community/ocelot-social/neo4j + image: ghcr.io/ocelot-social-community/ocelot-social/neo4j:master environment: NEO4J_AUTH: none NEO4J_dbms_allow__format__migration: "true" From 9672ebfe97b4455ddcb73b9e9d3bc0c269fbeb3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Tue, 29 Oct 2024 15:29:06 +0100 Subject: [PATCH 79/89] update to new ocelot helm chart --- helmfile/helmfile.yaml.gotmpl | 10 +++++++++- helmfile/secrets/ocelot.yaml | 5 ++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/helmfile/helmfile.yaml.gotmpl b/helmfile/helmfile.yaml.gotmpl index 72fef8c..02ac5a0 100644 --- a/helmfile/helmfile.yaml.gotmpl +++ b/helmfile/helmfile.yaml.gotmpl @@ -6,7 +6,7 @@ environments: --- repositories: - name: ocelot-social - url: git+https://github.com/Ocelot-Social-Community/Ocelot-Social@deployment/helm/chart?ref=hetzner + url: git+https://github.com/Ocelot-Social-Community/Ocelot-Social@deployment/helm/charts?ref=hetzner releases: - name: ocelot-social @@ -16,3 +16,11 @@ releases: - ./values/ocelot.yaml.gotmpl secrets: - ./secrets/ocelot.yaml + + - name: ocelot-neo4j + namespace: {{ .StateValues.namespace }} + chart: ocelot-social/ocelot-social + values: + - ./values/ocelot.yaml.gotmpl + secrets: + - ./secrets/ocelot.yaml diff --git a/helmfile/secrets/ocelot.yaml b/helmfile/secrets/ocelot.yaml index c95d91d..8a6d669 100644 --- a/helmfile/secrets/ocelot.yaml +++ b/helmfile/secrets/ocelot.yaml @@ -1,6 +1,5 @@ secrets: acme_email: ENC[AES256_GCM,data:o+2HnrEqa/uXJwqUwdYU14FiZYPfLcKqkQ==,iv:1ouUU4ewzRL4ZDnwJm6BTVg3a64iC5+I2v+AWIF8W2Q=,tag:7ytv959cVmgSmXMC7A8zxA==,type:str] - jwt_secret: ENC[AES256_GCM,data:KkTXkAo3Gl75ywq8ZDNQKA==,iv:nvHqdXhH5/+Ggt8CRZcq+1K25vo6cIiY4D1aoqdTpiI=,tag:eZOSl6Il1Ecl0sj/SjcvSw==,type:str] webapp: env: MAPBOX_TOKEN: ENC[AES256_GCM,data:7Ka4BvQh6NDw9NKUcgGjLwxNHOqhVrZEj/DcGnyv1nXQIG/2WWGGHazAFWUCFpCUmCSaTPSkyLHPFyGQtQ7VAON3AG3tHtv5JvcBb4KDYrjAIzxhAAiHMYFtVJs=,iv:X0YL2dW42TUidJdBlRKb4Vq86X1OzHqipNHTBxmE7ds=,tag:KDH9NwDy6ghqdkXeZxuHgg==,type:str] @@ -88,8 +87,8 @@ sops: Tkx0VFJpN1pZam4yeTNYU1Jnb1JyR1EKJSQYyAi9ZZr+njaXV/62nshPVLtWIcLY pwP8ikur4tKrbyg7H+/f3+9jPsr2Jw3xxgkeS4GL+DsTwrGDEwoaiw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-09T15:57:09Z" - mac: ENC[AES256_GCM,data:VL7iP5uJIiwtFaVuZM88Hc9E5bkyO1kN88tAYd5HfGrTlNAKtINJZRL/ZeG+fNEFNyrtkxs5nfXeCSb0yNop66nWOLpupRBxHVt763Akp/YS/l3qH9UYaDUUkgtPg313pG1vNMiBxss0oE0CDEn+xBxuQFrWUPowG71JuBvHs/Q=,iv:8BE0rDKRBCB7CSVNZNE1wKmhYxiJhbCgI8hh5PACjQ0=,tag:4FUes7xDpSp/KF4AIJiM/A==,type:str] + lastmodified: "2024-10-29T14:27:59Z" + mac: ENC[AES256_GCM,data:FlVMBkKZGPkY90XhLifKdQoPPBNr/Qk1UTUjgGM8BzRQ8bFqikxTtXWukAE7JW4bhB+FK7AEwenrGzurMaLoNPQZBCELQQApxwHrTCNlIGPbEHL3jZFFV2hh1cP05r1caGncw2wqYi0G0ozR0PUaDHiw3tqbTV5D8yfa6tumB1I=,iv:zbdnPH/1eLRq7br+DIqHtsSp+eI+TGoR7XZSdD7Cxtc=,tag:JqPaVZSQvBnV/B9BV7pIiQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 From a6951cbac79aecdccddf2c05d422d554c9b2e771 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Tue, 29 Oct 2024 16:05:15 +0100 Subject: [PATCH 80/89] better naming of github image repos --- helmfile/environments/default.yaml.gotmpl | 1 + helmfile/values/ocelot.yaml.gotmpl | 13 ++++--------- 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/helmfile/environments/default.yaml.gotmpl b/helmfile/environments/default.yaml.gotmpl index ff14844..b51a5f7 100644 --- a/helmfile/environments/default.yaml.gotmpl +++ b/helmfile/environments/default.yaml.gotmpl @@ -4,3 +4,4 @@ domain: staging.ocelot-social.roschaefer.de namespace: ocelot-staging image_tag: {{ env "IMAGE_TAG" | default (printf "ocelot-%s--branded-%s" $ocelot_image_tag $branded_image_tag) }} +github_repository: ocelot-social-community/stage.ocelot.social diff --git a/helmfile/values/ocelot.yaml.gotmpl b/helmfile/values/ocelot.yaml.gotmpl index 3d4e796..95c8bc9 100644 --- a/helmfile/values/ocelot.yaml.gotmpl +++ b/helmfile/values/ocelot.yaml.gotmpl @@ -1,8 +1,5 @@ domain: {{ .StateValues.domain }} -cert_manager: - issuer: reformer-network-letsencrypt-prod - cert_manager: issuer: {{ .Release.Name }}-letsencrypt-prod @@ -10,12 +7,12 @@ underMaintenance: false global: image: + tag: {{ .StateValues.image_tag }} pullPolicy: Always backend: image: - repository: ghcr.io/ocelot-social-community/stage.ocelot.social/backend - tag: {{ .StateValues.image_tag }} + repository: ghcr.io/{{ .StateValues.github_repository | lower }}/backend storage: "10Gi" env: PRODUCTION_DB_CLEAN_ALLOW: "true" @@ -25,13 +22,11 @@ backend: webapp: image: - repository: ghcr.io/ocelot-social-community/stage.ocelot.social/webapp - tag: {{ .StateValues.image_tag }} + repository: ghcr.io/{{ .StateValues.github_repository | lower }}/webapp maintenance: image: - repository: ghcr.io/ocelot-social-community/stage.ocelot.social/maintenance - tag: {{ .StateValues.image_tag }} + repository: ghcr.io/{{ .StateValues.github_repository | lower }}/maintenance neo4j: image: From 6652a02c876570906a3b7a7e19dc3c6d2c3f59b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Tue, 29 Oct 2024 17:34:46 +0100 Subject: [PATCH 81/89] deploy on any tag --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index f67f8cb..ec666fa 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -61,7 +61,7 @@ jobs: deploy-to-kubernetes: runs-on: ubuntu-latest - if: ${{ github.ref == 'refs/tags/staging' }} + if: ${{ startsWith(github.ref, 'refs/tags/') }} needs: build-and-push-images steps: - uses: mdgreenwald/mozilla-sops-action@d9714e521cbaecdae64a89d2fdd576dd2aa97056 # v1.6.0 From be5bcf8faa7b11df099a1d6fed285ec0d268c76e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Tue, 29 Oct 2024 17:41:17 +0100 Subject: [PATCH 82/89] refactor: no need to tag OCELOT_VERSION Now we have the version in a file, it's not necessary to encode it in the docker tag. --- .github/workflows/publish.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index ec666fa..3e1e651 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -32,21 +32,21 @@ jobs: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Read $OCELOT_VERSION from file - run: cat .env >> $GITHUB_ENV - name: Extract metadata (tags, labels) for Docker id: meta uses: docker/metadata-action@70b2cdc6480c1a8b86edf1777157f8f437de2166 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | - type=schedule,prefix=ocelot-${{ env.OCELOT_VERSION }}--branded- - type=semver,pattern={{version}},prefix=ocelot-${{ env.OCELOT_VERSION }}--branded- - type=semver,pattern={{major}}.{{minor}},prefix=ocelot-${{ env.OCELOT_VERSION }}--branded- - type=semver,pattern={{major}},prefix=ocelot-${{ env.OCELOT_VERSION }}--branded- - type=ref,event=branch,prefix=ocelot-${{ env.OCELOT_VERSION }}--branded- - type=ref,event=pr,prefix=ocelot-${{ env.OCELOT_VERSION }}--branded- - type=sha,prefix=ocelot-${{ env.OCELOT_VERSION }}--branded-sha- + type=schedule + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=ref,event=branch + type=ref,event=pr + type=sha + - name: Read $OCELOT_VERSION from file + run: cat .env >> $GITHUB_ENV - name: Build and push Docker images id: push uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 From a90047a31a6185e378ee1dbc73587b319eeafbb7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Tue, 29 Oct 2024 21:23:01 +0100 Subject: [PATCH 83/89] update OCELOT_VERSION --- .env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.env b/.env index 76a9ce4..9e9af18 100644 --- a/.env +++ b/.env @@ -1 +1 @@ -OCELOT_VERSION=sha-80ff4ef +OCELOT_VERSION=sha-d120d82 From 2ecbf8e7e28cf99d82b8150e1baadb5ef55cea48 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Tue, 29 Oct 2024 21:43:15 +0100 Subject: [PATCH 84/89] add docker label `ocelot-version` --- .github/workflows/publish.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 3e1e651..4f16f74 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -32,6 +32,8 @@ jobs: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Read $OCELOT_VERSION from file + run: cat .env >> $GITHUB_ENV - name: Extract metadata (tags, labels) for Docker id: meta uses: docker/metadata-action@70b2cdc6480c1a8b86edf1777157f8f437de2166 @@ -45,8 +47,8 @@ jobs: type=ref,event=branch type=ref,event=pr type=sha - - name: Read $OCELOT_VERSION from file - run: cat .env >> $GITHUB_ENV + labels: | + ocelot-version=${{ env.OCELOT_VERSION }} - name: Build and push Docker images id: push uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 From 9ae9020b235c364dda417b45bac498f29beb015d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Tue, 29 Oct 2024 21:56:36 +0100 Subject: [PATCH 85/89] fix image tag generation --- helmfile/environments/default.yaml.gotmpl | 5 ++--- helmfile/scripts/{branded_image_tag.sh => image_tag.sh} | 0 helmfile/scripts/ocelot_image_tag.sh | 6 ------ 3 files changed, 2 insertions(+), 9 deletions(-) rename helmfile/scripts/{branded_image_tag.sh => image_tag.sh} (100%) delete mode 100755 helmfile/scripts/ocelot_image_tag.sh diff --git a/helmfile/environments/default.yaml.gotmpl b/helmfile/environments/default.yaml.gotmpl index b51a5f7..3a52ff8 100644 --- a/helmfile/environments/default.yaml.gotmpl +++ b/helmfile/environments/default.yaml.gotmpl @@ -1,7 +1,6 @@ -{{ $branded_image_tag:= env "BRANDED_IMAGE_TAG" | default (exec "../scripts/branded_image_tag.sh" (list) | trim) }} -{{ $ocelot_image_tag := env "OCELOT_IMAGE_TAG" | default (exec "../scripts/ocelot_image_tag.sh" (list) | trim) }} +{{ $image_tag := env "IMAGE_TAG" | default (exec "../scripts/image_tag.sh" (list) | trim) }} domain: staging.ocelot-social.roschaefer.de namespace: ocelot-staging -image_tag: {{ env "IMAGE_TAG" | default (printf "ocelot-%s--branded-%s" $ocelot_image_tag $branded_image_tag) }} +image_tag: {{ $image_tag }} github_repository: ocelot-social-community/stage.ocelot.social diff --git a/helmfile/scripts/branded_image_tag.sh b/helmfile/scripts/image_tag.sh similarity index 100% rename from helmfile/scripts/branded_image_tag.sh rename to helmfile/scripts/image_tag.sh diff --git a/helmfile/scripts/ocelot_image_tag.sh b/helmfile/scripts/ocelot_image_tag.sh deleted file mode 100755 index 6cc9baa..0000000 --- a/helmfile/scripts/ocelot_image_tag.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/bin/env bash -SCRIPT_PATH=$(realpath $0) -SCRIPT_DIR=$(dirname $SCRIPT_PATH) - -set -a; . ${SCRIPT_DIR}/../../.env; set +a; -echo $OCELOT_VERSION From a8a1311783e5c689563c3ca2f4df6f0d2f3cdb77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Tue, 29 Oct 2024 22:18:52 +0100 Subject: [PATCH 86/89] typos --- helmfile/helmfile.yaml.gotmpl | 2 +- helmfile/values/ocelot.yaml.gotmpl | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/helmfile/helmfile.yaml.gotmpl b/helmfile/helmfile.yaml.gotmpl index 02ac5a0..781bd89 100644 --- a/helmfile/helmfile.yaml.gotmpl +++ b/helmfile/helmfile.yaml.gotmpl @@ -19,7 +19,7 @@ releases: - name: ocelot-neo4j namespace: {{ .StateValues.namespace }} - chart: ocelot-social/ocelot-social + chart: ocelot-social/ocelot-neo4j values: - ./values/ocelot.yaml.gotmpl secrets: diff --git a/helmfile/values/ocelot.yaml.gotmpl b/helmfile/values/ocelot.yaml.gotmpl index 95c8bc9..98ccdeb 100644 --- a/helmfile/values/ocelot.yaml.gotmpl +++ b/helmfile/values/ocelot.yaml.gotmpl @@ -15,6 +15,7 @@ backend: repository: ghcr.io/{{ .StateValues.github_repository | lower }}/backend storage: "10Gi" env: + NEO4J_URI: "bolt://ocelot-neo4j-neo4j:7687" PRODUCTION_DB_CLEAN_ALLOW: "true" PUBLIC_REGISTRATION: "true" INVITE_REGISTRATION: "true" From 282afc6b569c71a1d404f13be4d98327ed49e72a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Tue, 5 Nov 2024 13:14:36 +0100 Subject: [PATCH 87/89] update build image, add webapp env --- .env | 2 +- helmfile/values/ocelot.yaml.gotmpl | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.env b/.env index 9e9af18..2511428 100644 --- a/.env +++ b/.env @@ -1 +1 @@ -OCELOT_VERSION=sha-d120d82 +OCELOT_VERSION=sha-7725002 diff --git a/helmfile/values/ocelot.yaml.gotmpl b/helmfile/values/ocelot.yaml.gotmpl index 98ccdeb..563dece 100644 --- a/helmfile/values/ocelot.yaml.gotmpl +++ b/helmfile/values/ocelot.yaml.gotmpl @@ -16,14 +16,17 @@ backend: storage: "10Gi" env: NEO4J_URI: "bolt://ocelot-neo4j-neo4j:7687" - PRODUCTION_DB_CLEAN_ALLOW: "true" PUBLIC_REGISTRATION: "true" INVITE_REGISTRATION: "true" - CATEGORIES_ACTIVE: + CATEGORIES_ACTIVE: "true" webapp: image: repository: ghcr.io/{{ .StateValues.github_repository | lower }}/webapp + env: + PUBLIC_REGISTRATION: "true" + INVITE_REGISTRATION: "true" + CATEGORIES_ACTIVE: "true" maintenance: image: From 224d44563928e2b35d659e20cd982a9b5f4b90da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Wed, 6 Nov 2024 17:25:17 +0100 Subject: [PATCH 88/89] update build image --- .env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.env b/.env index 2511428..9e04686 100644 --- a/.env +++ b/.env @@ -1 +1 @@ -OCELOT_VERSION=sha-7725002 +OCELOT_VERSION=sha-9e68997 From c9a63e31dfeacd08a4556c14aed9d740f13e6f00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Sat, 9 Nov 2024 17:11:05 +0100 Subject: [PATCH 89/89] change wildcard domain to it4c.org --- helmfile/environments/default.yaml.gotmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helmfile/environments/default.yaml.gotmpl b/helmfile/environments/default.yaml.gotmpl index 3a52ff8..ae9d879 100644 --- a/helmfile/environments/default.yaml.gotmpl +++ b/helmfile/environments/default.yaml.gotmpl @@ -1,6 +1,6 @@ {{ $image_tag := env "IMAGE_TAG" | default (exec "../scripts/image_tag.sh" (list) | trim) }} -domain: staging.ocelot-social.roschaefer.de +domain: staging.ocelot-social.it4c.org namespace: ocelot-staging image_tag: {{ $image_tag }} github_repository: ocelot-social-community/stage.ocelot.social