91 lines
2.3 KiB
Bash
91 lines
2.3 KiB
Bash
#!/usr/bin/env sh
|
|
set -eu
|
|
|
|
db_host="${GITEA_DB_HOST:-postgres-service.postgres.svc.cluster.local}"
|
|
db_port="${GITEA_DB_PORT:-5432}"
|
|
db_name="${GITEA_DB_NAME:-gitea}"
|
|
db_user="${GITEA_DB_USER:-gitea}"
|
|
org_name="${VELES_GITEA_ORG:-veles-alpha}"
|
|
repo_name="${VELES_GITEA_FEEDBACK_REPO:-feedback}"
|
|
team_name="${VELES_GITEA_TESTER_TEAM:-testers}"
|
|
|
|
if [ ! -r /vault/secrets/gitea-db-secret__password ]; then
|
|
echo "Missing readable Vault secret file: /vault/secrets/gitea-db-secret__password" >&2
|
|
exit 1
|
|
fi
|
|
|
|
export PGPASSWORD
|
|
PGPASSWORD="$(tr -d '\r\n' </vault/secrets/gitea-db-secret__password)"
|
|
|
|
psql_base="psql -h ${db_host} -p ${db_port} -U ${db_user} -d ${db_name} -v ON_ERROR_STOP=1 -P pager=off"
|
|
|
|
${psql_base} \
|
|
-v org_name="${org_name}" \
|
|
-v repo_name="${repo_name}" \
|
|
-v team_name="${team_name}" <<'SQL'
|
|
begin;
|
|
|
|
create temporary table veles_acl_ids on commit drop as
|
|
select
|
|
org.id as org_id,
|
|
repo.id as repo_id,
|
|
team.id as team_id
|
|
from gitea."user" org
|
|
join gitea.repository repo
|
|
on repo.owner_id = org.id
|
|
join gitea.team team
|
|
on team.org_id = org.id
|
|
where org.lower_name = lower(:'org_name')
|
|
and org.type = 1
|
|
and repo.lower_name = lower(:'repo_name')
|
|
and team.lower_name = lower(:'team_name');
|
|
|
|
do $$
|
|
begin
|
|
if (select count(*) from veles_acl_ids) != 1 then
|
|
raise exception 'Expected one veles feedback ACL target, found %', (select count(*) from veles_acl_ids);
|
|
end if;
|
|
end $$;
|
|
|
|
update gitea.team team
|
|
set authorize = 1,
|
|
includes_all_repositories = true,
|
|
can_create_org_repo = false
|
|
from veles_acl_ids ids
|
|
where team.id = ids.team_id;
|
|
|
|
insert into gitea.team_repo (org_id, team_id, repo_id)
|
|
select ids.org_id, ids.team_id, ids.repo_id
|
|
from veles_acl_ids ids
|
|
where not exists (
|
|
select 1
|
|
from gitea.team_repo existing
|
|
where existing.team_id = ids.team_id
|
|
and existing.repo_id = ids.repo_id
|
|
);
|
|
|
|
delete from gitea.team_unit unit
|
|
using veles_acl_ids ids
|
|
where unit.team_id = ids.team_id
|
|
and unit.type in (1, 2, 3, 4, 5, 8, 9, 10);
|
|
|
|
insert into gitea.team_unit (org_id, team_id, type, access_mode)
|
|
select ids.org_id, ids.team_id, desired.type, desired.access_mode
|
|
from veles_acl_ids ids
|
|
cross join (
|
|
values
|
|
(1, 0),
|
|
(2, 2),
|
|
(3, 0),
|
|
(4, 0),
|
|
(5, 0),
|
|
(8, 0),
|
|
(9, 0),
|
|
(10, 0)
|
|
) as desired(type, access_mode);
|
|
|
|
commit;
|
|
SQL
|
|
|
|
echo "Veles feedback Gitea ACL ready"
|