From eda3e9e39cc85e0744fd6b5372ebdadfafcddb58 Mon Sep 17 00:00:00 2001
From: Mattia Verga <mattia.verga@tiscali.it>
Date: Wed, 27 Sep 2023 15:22:02 +0200
Subject: [PATCH] toddlers: enable check-commit-rights on stg

Signed-off-by: Mattia Verga <mattia.verga@tiscali.it>
---
 .../toddlers/templates/cron_playtime.yml      | 53 +++++++++++++++++++
 .../toddlers/templates/fedora-messaging.toml  | 14 +++++
 2 files changed, 67 insertions(+)

diff --git a/roles/openshift-apps/toddlers/templates/cron_playtime.yml b/roles/openshift-apps/toddlers/templates/cron_playtime.yml
index 34dc066210..c4ec255e86 100644
--- a/roles/openshift-apps/toddlers/templates/cron_playtime.yml
+++ b/roles/openshift-apps/toddlers/templates/cron_playtime.yml
@@ -264,4 +264,57 @@ spec:
           - name: fedora-messaging-cert-volume
             secret:
               secretName: toddlers-fedora-messaging-crt
+{% else %}
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: playtime-check-commit-rights
+spec:
+  successfulJobsHistoryLimit: 3
+  failedJobsHistoryLimit: 3
+  concurrencyPolicy: Forbid
+  schedule: "0 8 */2 * *"
+  startingDeadlineSeconds: 500
+  jobTemplate:
+    spec:
+      template:
+        metadata:
+          labels:
+            parent: "cron_playtime_toddlers"
+        spec:
+          restartPolicy: Never
+          containers:
+          - name: toddlers
+            image: image-registry.openshift-image-registry.svc:5000/toddlers/toddlers:latest
+            command: ["/usr/bin/python3", "/code/toddlers/playtime.py", "check-commit-rights"]
+            env:
+              - name: PYTHONPATH
+                value: "/code"
+            volumeMounts:
+             - name: toddlers-secret-volume
+               mountPath: /etc/fedora-messaging
+               readOnly: true
+             - name: fedora-messaging-ca-volume
+               mountPath: /etc/pki/rabbitmq/ca
+               readOnly: true
+             - name: fedora-messaging-key-volume
+               mountPath: /etc/pki/rabbitmq/key
+               readOnly: true
+             - name: fedora-messaging-cert-volume
+               mountPath: /etc/pki/rabbitmq/cert
+               readOnly: true
+          volumes:
+          - name: toddlers-secret-volume
+            secret:
+              secretName: toddlers-secret
+          - name: fedora-messaging-ca-volume
+            secret:
+              secretName: toddlers-fedora-messaging-ca
+          - name: fedora-messaging-key-volume
+            secret:
+             secretName: toddlers-fedora-messaging-key
+          - name: fedora-messaging-cert-volume
+            secret:
+              secretName: toddlers-fedora-messaging-crt
 {% endif %}
diff --git a/roles/openshift-apps/toddlers/templates/fedora-messaging.toml b/roles/openshift-apps/toddlers/templates/fedora-messaging.toml
index 820af42917..11f23714ec 100644
--- a/roles/openshift-apps/toddlers/templates/fedora-messaging.toml
+++ b/roles/openshift-apps/toddlers/templates/fedora-messaging.toml
@@ -379,3 +379,17 @@ handlers = ["console"]
 [log_config.root]
 level = "ERROR"
 handlers = ["console"]
+
+# Configuration section for check_commit_rights
+[consumer_config.check_commit_rights]
+exclude_users = []
+{% if env == "staging" %}
+notify_emails = [
+#    "nobody@fedoraproject.org",
+    "fedora_stg@sparebit.simplelogin.com",
+]
+{% else %}
+notify_emails = [
+    "admin@fedoraproject.org",
+]
+{% endif %}