From a942746cac58a13823966bac62e264cf28e78833 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= <aurelien@bompard.org>
Date: Fri, 22 Mar 2024 17:49:32 +0100
Subject: [PATCH] Badges: extract the rules repo
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
---
 playbooks/openshift-apps/badges.yml           | 11 ++++-
 .../badges/files/deploymentconfig.yml         | 12 +++++
 roles/openshift-apps/badges/files/storage.yml | 13 +++++
 .../badges/templates/checkout-rules-repo.sh   | 12 +++++
 .../badges/templates/configmap.yml            |  2 +
 .../badges/templates/cron-award.yml           |  6 +++
 .../badges/templates/cron-update-rules.yml    | 49 +++++++++++++++++++
 7 files changed, 104 insertions(+), 1 deletion(-)
 create mode 100644 roles/openshift-apps/badges/files/storage.yml
 create mode 100644 roles/openshift-apps/badges/templates/checkout-rules-repo.sh
 create mode 100644 roles/openshift-apps/badges/templates/cron-update-rules.yml

diff --git a/playbooks/openshift-apps/badges.yml b/playbooks/openshift-apps/badges.yml
index de4049f945..4eae2a8111 100644
--- a/playbooks/openshift-apps/badges.yml
+++ b/playbooks/openshift-apps/badges.yml
@@ -21,7 +21,7 @@
         password: "{{ (env == 'production')|ternary(tahrirDBPassword, tahrirstgDBPassword) }}"
     - name: Database creation
       postgresql_db:
-        name: "tahrir"
+        name: "{{ badges_db_name }}"
         owner: "{{ tahrirDBUser }}"
         encoding: UTF-8
 
@@ -97,6 +97,11 @@
       file: service.yml
       objectname: service.yml
 
+    - role: openshift/object
+      app: badges
+      file: storage.yml
+      objectname: storage.yml
+
     # Routes
     - role: openshift/route
       app: badges
@@ -144,6 +149,10 @@
       app: badges
       template: cron-award.yml
       objectname: cron-award.yml
+    - role: openshift/object
+      app: badges
+      template: cron-update-rules.yml
+      objectname: cron-update-rules.yml
 
     - role: openshift/start-build
       app: badges
diff --git a/roles/openshift-apps/badges/files/deploymentconfig.yml b/roles/openshift-apps/badges/files/deploymentconfig.yml
index 805251ad53..f96043d0dd 100644
--- a/roles/openshift-apps/badges/files/deploymentconfig.yml
+++ b/roles/openshift-apps/badges/files/deploymentconfig.yml
@@ -36,6 +36,9 @@ spec:
             - name: etc-badges
               mountPath: "/etc/badges"
               readOnly: true
+            - name: rules
+              mountPath: "/var/lib/badges"
+              readOnly: true
             - name: ipa-config-volume
               mountPath: /etc/ipa
               readOnly: true
@@ -86,6 +89,9 @@ spec:
         - name: etc-badges
           configMap:
             name: badges
+        - name: rules
+          persistentVolumeClaim:
+            claimName: rules
         - name: ipa-config-volume
           configMap:
             name: ipa-client-config
@@ -149,6 +155,9 @@ spec:
             - name: etc-badges
               mountPath: "/etc/badges"
               readOnly: true
+            - name: rules
+              mountPath: "/var/lib/badges"
+              readOnly: true
             - name: ipa-config-volume
               mountPath: /etc/ipa
               readOnly: true
@@ -173,6 +182,9 @@ spec:
         - name: etc-badges
           configMap:
             name: badges
+        - name: rules
+          persistentVolumeClaim:
+            claimName: rules
         - name: ipa-config-volume
           configMap:
             name: ipa-client-config
diff --git a/roles/openshift-apps/badges/files/storage.yml b/roles/openshift-apps/badges/files/storage.yml
new file mode 100644
index 0000000000..0272053084
--- /dev/null
+++ b/roles/openshift-apps/badges/files/storage.yml
@@ -0,0 +1,13 @@
+---
+# The fedora-badges repo
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: rules
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 5Gi
+  storageClassName: ocs-storagecluster-cephfs
diff --git a/roles/openshift-apps/badges/templates/checkout-rules-repo.sh b/roles/openshift-apps/badges/templates/checkout-rules-repo.sh
new file mode 100644
index 0000000000..f7da2ba990
--- /dev/null
+++ b/roles/openshift-apps/badges/templates/checkout-rules-repo.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+set -e
+set -x
+
+DIR=/var/lib/badges
+
+if [ ! -d "$DIR/.git" ]; then
+	git clone https://pagure.io/fedora-badges.git $DIR
+fi
+
+git pull -C $DIR
diff --git a/roles/openshift-apps/badges/templates/configmap.yml b/roles/openshift-apps/badges/templates/configmap.yml
index ba36fca5c0..f94786c743 100644
--- a/roles/openshift-apps/badges/templates/configmap.yml
+++ b/roles/openshift-apps/badges/templates/configmap.yml
@@ -15,3 +15,5 @@ items:
       {{ load_file('fm-tahrir.toml') | indent(6) }}
     fm-fedbadges.toml: |-
       {{ load_file('fm-fedbadges.toml') | indent(6) }}
+    checkout-rules-repo.sh: |-
+      {{ load_file('checkout-rules-repo.sh') | indent(6) }}
diff --git a/roles/openshift-apps/badges/templates/cron-award.yml b/roles/openshift-apps/badges/templates/cron-award.yml
index 7b44c331c3..828bc4c822 100644
--- a/roles/openshift-apps/badges/templates/cron-award.yml
+++ b/roles/openshift-apps/badges/templates/cron-award.yml
@@ -26,6 +26,9 @@ spec:
               - name: etc-badges
                 mountPath: "/etc/badges"
                 readOnly: true
+              - name: rules
+                mountPath: "/var/lib/badges"
+                readOnly: true
               - name: ipa-config-volume
                 mountPath: /etc/ipa
                 readOnly: true
@@ -36,6 +39,9 @@ spec:
             - name: etc-badges
               configMap:
                 name: badges
+            - name: rules
+              persistentVolumeClaim:
+                claimName: rules
             - name: ipa-config-volume
               configMap:
                 name: ipa-client-config
diff --git a/roles/openshift-apps/badges/templates/cron-update-rules.yml b/roles/openshift-apps/badges/templates/cron-update-rules.yml
new file mode 100644
index 0000000000..8b0fe5b20c
--- /dev/null
+++ b/roles/openshift-apps/badges/templates/cron-update-rules.yml
@@ -0,0 +1,49 @@
+#
+### Update the rules repo
+#
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: update-rules
+spec:
+  successfulJobsHistoryLimit: 3
+  failedJobsHistoryLimit: 3
+  concurrencyPolicy: Forbid
+  schedule: "*/15 * * * *"
+  startingDeadlineSeconds: 500
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          restartPolicy: Never
+          containers:
+          - name: badges
+            image: image-registry.openshift-image-registry.svc:5000/badges/fedbadges:latest
+            command: ["bash", "/etc/badges/checkout-rules-repo.sh"]
+            volumeMounts:
+              - name: etc-badges
+                mountPath: "/etc/badges"
+                readOnly: true
+              - name: rules
+                mountPath: "/var/lib/badges"
+                readOnly: true
+              - name: ipa-config-volume
+                mountPath: /etc/ipa
+                readOnly: true
+              - name: keytab-volume
+                mountPath: /etc/keytabs
+                readOnly: true
+          volumes:
+            - name: etc-badges
+              configMap:
+                name: badges
+            - name: rules
+              persistentVolumeClaim:
+                claimName: rules
+            - name: ipa-config-volume
+              configMap:
+                name: ipa-client-config
+            - name: keytab-volume
+              secret:
+                secretName: keytab