Files
pikasTech-agentrun/.tekton/agentrun-jd01-v02.yaml
T
root 199d3345cb
Pipelines as Code CI / agentrun-jd01-v02-ci-199d3345cb341d4382d63caf070a719237b2d1f0 Success
ci: publish JD01 GitOps through Gitea
2026-07-05 12:06:07 +00:00

368 lines
36 KiB
YAML

apiVersion: tekton.dev/v1
kind: PipelineRun
metadata:
name: agentrun-jd01-v02-ci-{{ revision }}
namespace: agentrun-ci
annotations:
pipelinesascode.tekton.dev/on-event: '[push]'
pipelinesascode.tekton.dev/on-target-branch: '[v0.2]'
pipelinesascode.tekton.dev/max-keep-runs: '8'
unidesk.ai/ci-source: pipelines-as-code
unidesk.ai/ci-owner: unidesk
unidesk.ai/ci-path: gitea-webhook-pac-tekton
unidesk.ai/ci-retry: gitea-public-read
unidesk.ai/generated-from: config/agentrun.yaml#controlPlane.lanes.jd01-v02
labels:
app.kubernetes.io/part-of: agentrun
agentrun.pikastech.local/lane: v0.2
agentrun.pikastech.local/node: JD01
agentrun.pikastech.local/source-commit: '{{ revision }}'
agentrun.pikastech.local/trigger: pipelines-as-code
spec:
pipelineSpec:
params:
- name: git-url
type: string
default: git@github.com:pikasTech/agentrun.git
- name: git-read-url
type: string
default: http://gitea-http.devops-infra.svc.cluster.local:3000/mirrors/pikasTech-agentrun.git
- name: git-write-url
type: string
default: http://git-mirror-write.devops-infra.svc.cluster.local:8080/pikasTech/agentrun.git
- name: source-branch
type: string
default: v0.2
- name: gitops-branch
type: string
default: jd01-v0.2-gitops
- name: revision
type: string
- name: source-stage-ref
type: string
- name: registry-prefix
type: string
default: 127.0.0.1:5000/agentrun
- name: tools-image
type: string
default: 127.0.0.1:5000/hwlab/hwlab-ci-node-tools:node22-alpine-bun-v1
- name: buildkit-image
type: string
default: 127.0.0.1:5000/hwlab/buildkit:rootless
- name: containerfile
type: string
default: deploy/container/Containerfile
- name: context-dir
type: string
default: .
- name: image-repository
type: string
default: 127.0.0.1:5000/agentrun/agentrun-mgr-env
- name: build-network
type: string
default: host
- name: build-args-json
type: string
default: '["BUN_IMAGE=oven/bun:1-alpine"]'
- name: build-http-proxy
type: string
default: http://127.0.0.1:10808
- name: build-https-proxy
type: string
default: http://127.0.0.1:10808
- name: build-no-proxy
type: string
default: localhost,127.0.0.1,::1,127.0.0.1:5000,localhost:5000,.svc,.svc.cluster.local,.cluster.local,hyueapi.com,.hyueapi.com
- name: container-http-proxy
type: string
default: http://127.0.0.1:10808
- name: container-https-proxy
type: string
default: http://127.0.0.1:10808
- name: container-no-proxy
type: string
default: localhost,127.0.0.1,::1,127.0.0.1:5000,localhost:5000,.svc,.svc.cluster.local,.cluster.local,hyueapi.com,.hyueapi.com
- name: env-identity-files-json
type: string
default: '["deploy/container/Containerfile","deploy/runtime/boot/agentrun-boot.sh","deploy/runtime/boot/agentrun-mgr.sh","deploy/runtime/boot/agentrun-runner.sh","src","scripts","package.json","bun.lock","tsconfig.json"]'
- name: gitops-root
type: string
default: deploy/gitops/node/jd01
- name: artifact-catalog
type: string
default: deploy/artifact-catalog.jd01-v02.json
workspaces:
- name: source
tasks:
- name: build-publish
workspaces:
- name: source
workspace: source
taskSpec:
params:
- name: git-read-url
- name: git-write-url
- name: source-branch
- name: gitops-branch
- name: revision
- name: source-stage-ref
- name: registry-prefix
- name: tools-image
- name: buildkit-image
- name: containerfile
- name: context-dir
- name: image-repository
- name: build-network
- name: build-args-json
- name: build-http-proxy
- name: build-https-proxy
- name: build-no-proxy
- name: container-http-proxy
- name: container-https-proxy
- name: container-no-proxy
- name: env-identity-files-json
- name: gitops-root
- name: artifact-catalog
workspaces:
- name: source
steps:
- name: source-checkout
image: $(params.tools-image)
script: "#!/bin/sh\nset -eu\nroot=\"$(workspaces.source.path)\"\nrm -rf \"$root/repo\"\ngit clone --no-checkout\
\ \"$(params.git-read-url)\" \"$root/repo\"\ncd \"$root/repo\"\ngit fetch origin \"+$(params.source-stage-ref):refs/remotes/origin/unidesk-source-snapshot\"\
\ngit checkout --detach \"$(params.revision)\"\nactual=$(git rev-parse HEAD)\ntest \"$actual\" = \"$(params.revision)\"\
\nENV_IDENTITY_FILES='$(params.env-identity-files-json)' BUILD_ARGS_JSON='$(params.build-args-json)' CONTAINER_HTTP_PROXY='$(params.container-http-proxy)'\
\ CONTAINER_HTTPS_PROXY='$(params.container-https-proxy)' CONTAINER_NO_PROXY='$(params.container-no-proxy)' node\
\ <<'NODE' > \"$root/env-identity\"\nconst { createHash } = require('node:crypto');\nconst { existsSync, lstatSync,\
\ readdirSync, readFileSync } = require('node:fs');\nconst { join } = require('node:path');\nconst files = JSON.parse(process.env.ENV_IDENTITY_FILES\
\ || '[]');\nconst buildArgs = JSON.parse(process.env.BUILD_ARGS_JSON || '[]');\nconst proxy = [`HTTP_PROXY=${process.env.CONTAINER_HTTP_PROXY\
\ || ''}`, `HTTPS_PROXY=${process.env.CONTAINER_HTTPS_PROXY || ''}`, `NO_PROXY=${process.env.CONTAINER_NO_PROXY\
\ || ''}`];\nconst skip = new Set(['.git', '.worktree', '.state', 'node_modules', 'coverage', 'tmp', '.tmp']);\n\
const hash = createHash('sha256');\nfunction collect(input) {\n if (!existsSync(input)) return [{ path: input,\
\ missing: true }];\n const stat = lstatSync(input);\n if (stat.isFile()) return [{ path: input, missing: false\
\ }];\n if (!stat.isDirectory()) return [{ path: input, missing: true }];\n const out = [];\n const stack =\
\ [input];\n while (stack.length) {\n const dir = stack.pop();\n for (const entry of readdirSync(dir, {\
\ withFileTypes: true }).sort((a, b) => a.name.localeCompare(b.name))) {\n if (entry.isDirectory() && skip.has(entry.name))\
\ continue;\n const child = join(dir, entry.name);\n if (entry.isDirectory()) stack.push(child);\n \
\ else if (entry.isFile()) out.push({ path: child, missing: false });\n }\n }\n return out.sort((a, b)\
\ => a.path.localeCompare(b.path));\n}\nfor (const item of buildArgs) { hash.update('build-arg\\0'); hash.update(item);\
\ hash.update('\\0'); }\nfor (const item of proxy) { hash.update('build-container-proxy\\0'); hash.update(item);\
\ hash.update('\\0'); }\nfor (const file of files) for (const entry of collect(file)) { hash.update(entry.path);\
\ hash.update('\\0'); if (!entry.missing) hash.update(readFileSync(entry.path)); hash.update('\\0'); }\nprocess.stdout.write(hash.digest('hex').slice(0,\
\ 24));\nNODE\nBUILD_ARGS='$(params.build-args-json)' node <<'NODE' > \"$root/build-args.txt\"\nconst values =\
\ JSON.parse(process.env.BUILD_ARGS || '[]');\nfor (const value of values) console.log(`build-arg:${value}`);\n\
NODE\nchmod -R a+rwX \"$root\"\nenv_identity=$(cat \"$root/env-identity\")\nprintf '{\"ok\":true,\"phase\":\"\
source-checkout\",\"sourceCommit\":\"%s\",\"sourceStageRef\":\"%s\",\"envIdentity\":\"%s\",\"valuesPrinted\":false}\\\
n' \"$(params.revision)\" \"$(params.source-stage-ref)\" \"$env_identity\""
- name: probe-env-image
image: $(params.tools-image)
script: "#!/bin/sh\nset -eu\nroot=\"$(workspaces.source.path)\"\nenv_identity=$(cat \"$root/env-identity\")\nimage_repository='$(params.image-repository)'\n\
manifest_accept='application/vnd.oci.image.index.v1+json, application/vnd.oci.image.manifest.v1+json, application/vnd.docker.distribution.manifest.v2+json'\n\
repo_path=${image_repository#127.0.0.1:5000/}\nheaders=$(mktemp)\ndigest=''\nif curl -fsSI -H \"Accept: $manifest_accept\"\
\ \"http://127.0.0.1:5000/v2/$repo_path/manifests/$env_identity\" >\"$headers\"; then\n digest=$(awk -F': ' 'tolower($1)==\"\
docker-content-digest\"{print $2}' \"$headers\" | tr -d '\\r' | head -n 1)\nfi\nrm -f \"$headers\"\nif [ -n \"\
$digest\" ]; then\n image=\"$image_repository:$env_identity\"\n printf '{\"ok\":true,\"status\":\"reused\",\"\
sourceCommit\":\"%s\",\"envIdentity\":\"%s\",\"image\":\"%s\",\"digest\":\"%s\",\"repositoryDigest\":\"%s@%s\"\
,\"valuesPrinted\":false}\\n' \"$(params.revision)\" \"$env_identity\" \"$image\" \"$digest\" \"$image_repository\"\
\ \"$digest\" > \"$root/build-result.json\"\n touch \"$root/skip-build\"\nelse\n printf '{\"ok\":false,\"status\"\
:\"cache-miss\",\"sourceCommit\":\"%s\",\"envIdentity\":\"%s\",\"valuesPrinted\":false}\\n' \"$(params.revision)\"\
\ \"$env_identity\" > \"$root/build-result.json\"\nfi\nchmod a+rw \"$root/build-result.json\"\ncat \"$root/build-result.json\""
- name: build-env-image
image: $(params.buildkit-image)
env:
- name: BUILDKITD_FLAGS
value: --oci-worker-no-process-sandbox --oci-worker-net=host --allow-insecure-entitlement network.host
- name: HTTP_PROXY
value: $(params.build-http-proxy)
- name: http_proxy
value: $(params.build-http-proxy)
- name: HTTPS_PROXY
value: $(params.build-https-proxy)
- name: https_proxy
value: $(params.build-https-proxy)
- name: ALL_PROXY
value: $(params.build-https-proxy)
- name: all_proxy
value: $(params.build-https-proxy)
- name: NO_PROXY
value: $(params.build-no-proxy)
- name: no_proxy
value: $(params.build-no-proxy)
securityContext:
privileged: true
runAsUser: 1000
runAsGroup: 1000
script: '#!/bin/sh
set -eu
root="$(workspaces.source.path)"
if [ -f "$root/skip-build" ]; then cat "$root/build-result.json"; exit 0; fi
env_identity=$(cat "$root/env-identity")
image_repository=''$(params.image-repository)''
image="$image_repository:$env_identity"
context_dir=''$(params.context-dir)''
if [ "$context_dir" = "." ]; then context_path="$root/repo"; else context_path="$root/repo/${context_dir#./}";
fi
args="build --allow network.host --frontend dockerfile.v0 --local context=$context_path --local dockerfile=$root/repo
--opt filename=$(params.containerfile) --opt network=$(params.build-network)"
add_opt() { args="$args --opt $1"; }
if [ -n ''$(params.container-http-proxy)'' ]; then add_opt ''build-arg:HTTP_PROXY=$(params.container-http-proxy)'';
add_opt ''build-arg:http_proxy=$(params.container-http-proxy)''; fi
if [ -n ''$(params.container-https-proxy)'' ]; then add_opt ''build-arg:HTTPS_PROXY=$(params.container-https-proxy)'';
add_opt ''build-arg:https_proxy=$(params.container-https-proxy)''; fi
if [ -n ''$(params.container-https-proxy)'' ]; then add_opt ''build-arg:ALL_PROXY=$(params.container-https-proxy)'';
add_opt ''build-arg:all_proxy=$(params.container-https-proxy)''; elif [ -n ''$(params.container-http-proxy)''
]; then add_opt ''build-arg:ALL_PROXY=$(params.container-http-proxy)''; add_opt ''build-arg:all_proxy=$(params.container-http-proxy)'';
fi
if [ -n ''$(params.container-no-proxy)'' ]; then add_opt ''build-arg:NO_PROXY=$(params.container-no-proxy)'';
add_opt ''build-arg:no_proxy=$(params.container-no-proxy)''; fi
while IFS= read -r opt; do [ -n "$opt" ] && add_opt "$opt"; done < "$root/build-args.txt"
args="$args --metadata-file $root/build-metadata.json --output type=image,name=$image,push=true,registry.insecure=true"
buildctl-daemonless.sh $args
metadata_compact=$(tr -d ''\n'' < "$root/build-metadata.json")
digest=$(printf ''%s'' "$metadata_compact" | sed -n ''s/.*"containerimage.digest"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p''
| head -n 1)
test -n "$digest"
printf ''{"ok":true,"status":"built","sourceCommit":"%s","envIdentity":"%s","image":"%s","digest":"%s","repositoryDigest":"%s@%s","valuesPrinted":false}\n''
"$(params.revision)" "$env_identity" "$image" "$digest" "$image_repository" "$digest" > "$root/build-result.json"
cat "$root/build-result.json"'
- name: publish-gitops
image: $(params.tools-image)
env:
- name: GITEA_TOKEN
valueFrom:
secretKeyRef:
name: pac-gitea-agentrun-jd01-v02
key: token
optional: true
script: "#!/bin/sh\nset -eu\nroot=\"$(workspaces.source.path)\"\nbuild_result=\"$root/build-result.json\"\ntest\
\ -s \"$build_result\"\ntemplates_b64=\"W3sicGF0aCI6InNvdXJjZS5qc29uIiwiY29udGVudCI6IntcbiAgXCJsYW5lXCI6IFwidjAuMlwiLFxuICBcInNvdXJjZUNvbW1pdFwiOiBcIl9fQUdFTlRSVU5fU09VUkNFX0NPTU1JVF9fXCIsXG4gIFwiZ2VuZXJhdGVkQnlcIjogXCJ1bmlkZXNrIGNvbmZpZy9hZ2VudHJ1bi55YW1sXCIsXG4gIFwiY29uZmlnU291cmNlXCI6IFwiY29uZmlnL2FnZW50cnVuLnlhbWxcIlxufVxuIn0seyJwYXRoIjoiZGVwbG95L2FydGlmYWN0LWNhdGFsb2cuamQwMS12MDIuanNvbiIsImNvbnRlbnQiOiJ7XG4gIFwibGFuZVwiOiBcInYwLjJcIixcbiAgXCJzb3VyY2VCcmFuY2hcIjogXCJ2MC4yXCIsXG4gIFwiZ2l0b3BzQnJhbmNoXCI6IFwiamQwMS12MC4yLWdpdG9wc1wiLFxuICBcInNvdXJjZUNvbW1pdElkXCI6IFwiX19BR0VOVFJVTl9TT1VSQ0VfQ09NTUlUX19cIixcbiAgXCJzdW1tYXJ5XCI6IFwiYnVpbGQ9MSByZXVzZT0wIHBsYWNlaG9sZGVyPTBcIixcbiAgXCJzZXJ2aWNlc1wiOiBbXG4gICAge1xuICAgICAgXCJzZXJ2aWNlSWRcIjogXCJhZ2VudHJ1bi1tZ3JcIixcbiAgICAgIFwiYXJ0aWZhY3RLaW5kXCI6IFwiZW52LXJldXNlXCIsXG4gICAgICBcInN0YXR1c1wiOiBcIl9fQUdFTlRSVU5fSU1BR0VfU1RBVFVTX19cIixcbiAgICAgIFwiaW1hZ2VcIjogXCIxMjcuMC4wLjE6NTAwMC9hZ2VudHJ1bi9hZ2VudHJ1bi1tZ3ItZW52Ol9fQUdFTlRSVU5fRU5WX0lERU5USVRZX19cIixcbiAgICAgIFwiZGlnZXN0XCI6IFwic2hhMjU2OmFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFcIixcbiAgICAgIFwicmVwb3NpdG9yeURpZ2VzdFwiOiBcIjEyNy4wLjAuMTo1MDAwL2FnZW50cnVuL2FnZW50cnVuLW1nci1lbnZAc2hhMjU2OmFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFcIixcbiAgICAgIFwiaW1hZ2VUYWdcIjogXCJfX0FHRU5UUlVOX0VOVl9JREVOVElUWV9fXCIsXG4gICAgICBcImVudklkZW50aXR5XCI6IFwiX19BR0VOVFJVTl9FTlZfSURFTlRJVFlfX1wiLFxuICAgICAgXCJlbnZJbWFnZVwiOiBcIjEyNy4wLjAuMTo1MDAwL2FnZW50cnVuL2FnZW50cnVuLW1nci1lbnY6X19BR0VOVFJVTl9FTlZfSURFTlRJVFlfX1wiLFxuICAgICAgXCJlbnZEaWdlc3RcIjogXCJzaGEyNTY6YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYVwiLFxuICAgICAgXCJlbnZSZXBvc2l0b3J5RGlnZXN0XCI6IFwiMTI3LjAuMC4xOjUwMDAvYWdlbnRydW4vYWdlbnRydW4tbWdyLWVudkBzaGEyNTY6YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYVwiLFxuICAgICAgXCJib290Q29tbWl0XCI6IFwiX19BR0VOVFJVTl9TT1VSQ0VfQ09NTUlUX19cIixcbiAgICAgIFwiYm9vdFNjcmlwdFwiOiBcImRlcGxveS9ydW50aW1lL2Jvb3QvYWdlbnRydW4tYm9vdC5zaFwiLFxuICAgICAgXCJwcm92ZW5hbmNlXCI6IHtcbiAgICAgICAgXCJzb3VyY2VDb21taXRJZFwiOiBcIl9fQUdFTlRSVU5fU09VUkNFX0NPTU1JVF9fXCIsXG4gICAgICAgIFwic291cmNlXCI6IFwidW5pZGVzay15YW1sLW9ubHlcIixcbiAgICAgICAgXCJjb25maWdTb3VyY2VcIjogXCJjb25maWcvYWdlbnRydW4ueWFtbFwiLFxuICAgICAgICBcInZhbHVlc1ByaW50ZWRcIjogZmFsc2VcbiAgICAgIH1cbiAgICB9XG4gIF1cbn1cbiJ9LHsicGF0aCI6ImRlcGxveS9naXRvcHMvbm9kZS9qZDAxL2FyZ29jZC9wcm9qZWN0LnlhbWwiLCJjb250ZW50Ijoie2FwaVZlcnNpb246IGFyZ29wcm9qLmlvL3YxYWxwaGExLGtpbmQ6IEFwcFByb2plY3QsbWV0YWRhdGE6IHtuYW1lOiBhZ2VudHJ1bi1qZDAxLXYwMixuYW1lc3BhY2U6IGFyZ29jZCxsYWJlbHM6IHthcHAua3ViZXJuZXRlcy5pby9wYXJ0LW9mOiBhZ2VudHJ1bixhZ2VudHJ1bi5waWthc3RlY2gubG9jYWwvbGFuZTogdjAuMixhZ2VudHJ1bi5waWthc3RlY2gubG9jYWwvbm9kZTogSkQwMX19LHNwZWM6IHtkZXNjcmlwdGlvbjogQWdlbnRSdW4gdjAuMiBHaXRPcHMgbGFuZSxzb3VyY2VSZXBvczogW2h0dHA6Ly9naXRlYS1odHRwLmRldm9wcy1pbmZyYS5zdmMuY2x1c3Rlci5sb2NhbDozMDAwL21pcnJvcnMvcGlrYXNUZWNoLWFnZW50cnVuLmdpdCxnaXRAZ2l0aHViLmNvbTpwaWthc1RlY2gvYWdlbnRydW4uZ2l0XSxkZXN0aW5hdGlvbnM6IFt7c2VydmVyOiBodHRwczovL2t1YmVybmV0ZXMuZGVmYXVsdC5zdmMsbmFtZXNwYWNlOiBhZ2VudHJ1bi12MDJ9XSxjbHVzdGVyUmVzb3VyY2VXaGl0ZWxpc3Q6IFt7Z3JvdXA6IFwiXCIsa2luZDogTmFtZXNwYWNlfV0sbmFtZXNwYWNlUmVzb3VyY2VXaGl0ZWxpc3Q6IFt7Z3JvdXA6IFwiKlwiLGtpbmQ6IFwiKlwifV19fVxuIn0seyJwYXRoIjoiZGVwbG95L2dpdG9wcy9ub2RlL2pkMDEvYXJnb2NkL2FwcGxpY2F0aW9uLXYwMi55YW1sIiwiY29udGVudCI6InthcGlWZXJzaW9uOiBhcmdvcHJvai5pby92MWFscGhhMSxraW5kOiBBcHBsaWNhdGlvbixtZXRhZGF0YToge25hbWU6IGFnZW50cnVuLWpkMDEtdjAyLG5hbWVzcGFjZTogYXJnb2NkLGxhYmVsczoge2FwcC5rdWJlcm5ldGVzLmlvL3BhcnQtb2Y6IGFnZW50cnVuLGFnZW50cnVuLnBpa2FzdGVjaC5sb2NhbC9sYW5lOiB2MC4yLGFnZW50cnVuLnBpa2FzdGVjaC5sb2NhbC9ub2RlOiBKRDAxfX0sc3BlYzoge3Byb2plY3Q6IGFnZW50cnVuLWpkMDEtdjAyLHNvdXJjZToge3JlcG9VUkw6IGh0dHA6Ly9naXRlYS1odHRwLmRldm9wcy1pbmZyYS5zdmMuY2x1c3Rlci5sb2NhbDozMDAwL21pcnJvcnMvcGlrYXNUZWNoLWFnZW50cnVuLmdpdCx0YXJnZXRSZXZpc2lvbjogamQwMS12MC4yLWdpdG9wcyxwYXRoOiBkZXBsb3kvZ2l0b3BzL25vZGUvamQwMS9ydW50aW1lLXYwMn0sZGVzdGluYXRpb246IHtzZXJ2ZXI6IGh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2YyxuYW1lc3BhY2U6IGFnZW50cnVuLXYwMn0sc3luY1BvbGljeToge2F1dG9tYXRlZDoge3BydW5lOiBmYWxzZSxzZWxmSGVhbDogdHJ1ZX0sc3luY09wdGlvbnM6IFtDcmVhdGVOYW1lc3BhY2U9dHJ1ZSxBcHBseU91dE9mU3luY09ubHk9dHJ1ZV19fX1cbiJ9LHsicGF0aCI6ImRlcGxveS9naXRvcHMvbm9kZS9qZDAxL3J1bnRpbWUtdjAyL2t1c3RvbWl6YXRpb24ueWFtbCIsImNvbnRlbnQiOiJ7YXBpVmVyc2lvbjoga3VzdG9taXplLmNvbmZpZy5rOHMuaW8vdjFiZXRhMSxraW5kOiBLdXN0b21pemF0aW9uLHJlc291cmNlczogW25hbWVzcGFjZS55YW1sLHBvc3RncmVzLnlhbWwsbWdyLnlhbWwscnVubmVyLXJiYWMueWFtbF19XG4ifSx7InBhdGgiOiJkZXBsb3kvZ2l0b3BzL25vZGUvamQwMS9ydW50aW1lLXYwMi9uYW1lc3BhY2UueWFtbCIsImNvbnRlbnQiOiJ7YXBpVmVyc2lvbjogdjEsa2luZDogTmFtZXNwYWNlLG1ldGFkYXRhOiB7bmFtZTogYWdlbnRydW4tdjAyLGxhYmVsczoge2FwcC5rdWJlcm5ldGVzLmlvL3BhcnQtb2Y6IGFnZW50cnVuLGFnZW50cnVuLnBpa2FzdGVjaC5sb2NhbC9sYW5lOiB2MC4yLGFnZW50cnVuLnBpa2FzdGVjaC5sb2NhbC9ub2RlOiBKRDAxfX19XG4ifSx7InBhdGgiOiJkZXBsb3kvZ2l0b3BzL25vZGUvamQwMS9ydW50aW1lLXYwMi9wb3N0Z3Jlcy55YW1sIiwiY29udGVudCI6InthcGlWZXJzaW9uOiB2MSxraW5kOiBMaXN0LGl0ZW1zOiBbe2FwaVZlcnNpb246IHYxLGtpbmQ6IFNlcnZpY2UsbWV0YWRhdGE6IHtuYW1lOiBhZ2VudHJ1bi12MDItcG9zdGdyZXMsbmFtZXNwYWNlOiBhZ2VudHJ1bi12MDIsbGFiZWxzOiB7YXBwLmt1YmVybmV0ZXMuaW8vcGFydC1vZjogYWdlbnRydW4sYWdlbnRydW4ucGlrYXN0ZWNoLmxvY2FsL2xhbmU6IHYwLjIsYWdlbnRydW4ucGlrYXN0ZWNoLmxvY2FsL25vZGU6IEpEMDF9fSxzcGVjOiB7c2VsZWN0b3I6IHthcHAua3ViZXJuZXRlcy5pby9uYW1lOiBhZ2VudHJ1bi12MDItcG9zdGdyZXN9LHBvcnRzOiBbe25hbWU6IHBvc3RncmVzLHBvcnQ6IDU0MzIsdGFyZ2V0UG9ydDogcG9zdGdyZXN9XX19LHthcGlWZXJzaW9uOiBhcHBzL3YxLGtpbmQ6IFN0YXRlZnVsU2V0LG1ldGFkYXRhOiB7bmFtZTogYWdlbnRydW4tdjAyLXBvc3RncmVzLG5hbWVzcGFjZTogYWdlbnRydW4tdjAyLGxhYmVsczoge2FwcC5rdWJlcm5ldGVzLmlvL3BhcnQtb2Y6IGFnZW50cnVuLGFnZW50cnVuLnBpa2FzdGVjaC5sb2NhbC9sYW5lOiB2MC4yLGFnZW50cnVuLnBpa2FzdGVjaC5sb2NhbC9ub2RlOiBKRDAxfX0sc3BlYzoge3NlcnZpY2VOYW1lOiBhZ2VudHJ1bi12MDItcG9zdGdyZXMscmVwbGljYXM6IDEsc2VsZWN0b3I6IHttYXRjaExhYmVsczoge2FwcC5rdWJlcm5ldGVzLmlvL25hbWU6IGFnZW50cnVuLXYwMi1wb3N0Z3Jlc319LHRlbXBsYXRlOiB7bWV0YWRhdGE6IHtsYWJlbHM6IHthcHAua3ViZXJuZXRlcy5pby9wYXJ0LW9mOiBhZ2VudHJ1bixhZ2VudHJ1bi5waWthc3RlY2gubG9jYWwvbGFuZTogdjAuMixhZ2VudHJ1bi5waWthc3RlY2gubG9jYWwvbm9kZTogSkQwMSxhcHAua3ViZXJuZXRlcy5pby9uYW1lOiBhZ2VudHJ1bi12MDItcG9zdGdyZXN9fSxzcGVjOiB7Y29udGFpbmVyczogW3tuYW1lOiBwb3N0Z3JlcyxpbWFnZTogcG9zdGdyZXM6MTYtYWxwaW5lLHBvcnRzOiBbe25hbWU6IHBvc3RncmVzLGNvbnRhaW5lclBvcnQ6IDU0MzJ9XSxlbnY6IFt7bmFtZTogUE9TVEdSRVNfREIsdmFsdWVGcm9tOiB7c2VjcmV0S2V5UmVmOiB7bmFtZTogYWdlbnRydW4tdjAyLW1nci1kYixrZXk6IFBPU1RHUkVTX0RCfX19LHtuYW1lOiBQT1NUR1JFU19VU0VSLHZhbHVlRnJvbToge3NlY3JldEtleVJlZjoge25hbWU6IGFnZW50cnVuLXYwMi1tZ3ItZGIsa2V5OiBQT1NUR1JFU19VU0VSfX19LHtuYW1lOiBQT1NUR1JFU19QQVNTV09SRCx2YWx1ZUZyb206IHtzZWNyZXRLZXlSZWY6IHtuYW1lOiBhZ2VudHJ1bi12MDItbWdyLWRiLGtleTogUE9TVEdSRVNfUEFTU1dPUkR9fX0se25hbWU6IFBHREFUQSx2YWx1ZTogL3Zhci9saWIvcG9zdGdyZXNxbC9kYXRhL3BnZGF0YX1dLHZvbHVtZU1vdW50czogW3tuYW1lOiBkYXRhLG1vdW50UGF0aDogL3Zhci9saWIvcG9zdGdyZXNxbC9kYXRhfV19XX19LHZvbHVtZUNsYWltVGVtcGxhdGVzOiBbe21ldGFkYXRhOiB7bmFtZTogZGF0YX0sc3BlYzoge2FjY2Vzc01vZGVzOiBbUmVhZFdyaXRlT25jZV0scmVzb3VyY2VzOiB7cmVxdWVzdHM6IHtzdG9yYWdlOiA1R2l9fX19XX19XX1cbiJ9LHsicGF0aCI6ImRlcGxveS9naXRvcHMvbm9kZS9qZDAxL3J1bnRpbWUtdjAyL21nci55YW1sIiwiY29udGVudCI6InthcGlWZXJzaW9uOiB2MSxraW5kOiBTZXJ2aWNlQWNjb3VudCxtZXRhZGF0YToge25hbWU6IGFnZW50cnVuLWpkMDEtdjAyLW1ncixuYW1lc3BhY2U6IGFnZW50cnVuLXYwMixsYWJlbHM6IHthcHAua3ViZXJuZXRlcy5pby9wYXJ0LW9mOiBhZ2VudHJ1bixhZ2VudHJ1bi5waWthc3RlY2gubG9jYWwvbGFuZTogdjAuMixhZ2VudHJ1bi5waWthc3RlY2gubG9jYWwvbm9kZTogSkQwMX19fVxuLS0tXG57YXBpVmVyc2lvbjogdjEsa2luZDogU2VydmljZSxtZXRhZGF0YToge25hbWU6IGFnZW50cnVuLW1ncixuYW1lc3BhY2U6IGFnZW50cnVuLXYwMixsYWJlbHM6IHthcHAua3ViZXJuZXRlcy5pby9wYXJ0LW9mOiBhZ2VudHJ1bixhZ2VudHJ1bi5waWthc3RlY2gubG9jYWwvbGFuZTogdjAuMixhZ2VudHJ1bi5waWthc3RlY2gubG9jYWwvbm9kZTogSkQwMX19LHNwZWM6IHtzZWxlY3Rvcjoge2FwcC5rdWJlcm5ldGVzLmlvL25hbWU6IGFnZW50cnVuLW1ncn0scG9ydHM6IFt7bmFtZTogaHR0cCxwb3J0OiA4MDgwLHRhcmdldFBvcnQ6IGh0dHB9XX19XG4tLS1cbnthcGlWZXJzaW9uOiBhcHBzL3YxLGtpbmQ6IERlcGxveW1lbnQsbWV0YWRhdGE6IHtuYW1lOiBhZ2VudHJ1bi1tZ3IsbmFtZXNwYWNlOiBhZ2VudHJ1bi12MDIsbGFiZWxzOiB7YXBwLmt1YmVybmV0ZXMuaW8vcGFydC1vZjogYWdlbnRydW4sYWdlbnRydW4ucGlrYXN0ZWNoLmxvY2FsL2xhbmU6IHYwLjIsYWdlbnRydW4ucGlrYXN0ZWNoLmxvY2FsL25vZGU6IEpEMDF9fSxzcGVjOiB7cmVwbGljYXM6IDEsc2VsZWN0b3I6IHttYXRjaExhYmVsczoge2FwcC5rdWJlcm5ldGVzLmlvL25hbWU6IGFnZW50cnVuLW1ncn19LHRlbXBsYXRlOiB7bWV0YWRhdGE6IHtsYWJlbHM6IHthcHAua3ViZXJuZXRlcy5pby9wYXJ0LW9mOiBhZ2VudHJ1bixhZ2VudHJ1bi5waWthc3RlY2gubG9jYWwvbGFuZTogdjAuMixhZ2VudHJ1bi5waWthc3RlY2gubG9jYWwvbm9kZTogSkQwMSxhcHAua3ViZXJuZXRlcy5pby9uYW1lOiBhZ2VudHJ1bi1tZ3J9LGFubm90YXRpb25zOiB7YWdlbnRydW4ucGlrYXN0ZWNoLmxvY2FsL2xhbmU6IHYwLjIsYWdlbnRydW4ucGlrYXN0ZWNoLmxvY2FsL3NvdXJjZS1jb21taXQ6IF9fQUdFTlRSVU5fU09VUkNFX0NPTU1JVF9fLGFnZW50cnVuLnBpa2FzdGVjaC5sb2NhbC9lbnYtaWRlbnRpdHk6IF9fQUdFTlRSVU5fRU5WX0lERU5USVRZX199fSxzcGVjOiB7c2VydmljZUFjY291bnROYW1lOiBhZ2VudHJ1bi1qZDAxLXYwMi1tZ3IsY29udGFpbmVyczogW3tuYW1lOiBtZ3IsaW1hZ2U6IDEyNy4wLjAuMTo1MDAwL2FnZW50cnVuL2FnZW50cnVuLW1nci1lbnZAc2hhMjU2OmFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWEsaW1hZ2VQdWxsUG9saWN5OiBJZk5vdFByZXNlbnQscG9ydHM6IFt7bmFtZTogaHR0cCxjb250YWluZXJQb3J0OiA4MDgwfV0sZW52OiBbe25hbWU6IEFHRU5UUlVOX0xBTkUsdmFsdWU6IHYwLjJ9LHtuYW1lOiBEQVRBQkFTRV9VUkwsdmFsdWVGcm9tOiB7c2VjcmV0S2V5UmVmOiB7bmFtZTogYWdlbnRydW4tdjAyLW1nci1kYixrZXk6IERBVEFCQVNFX1VSTH19fSx7bmFtZTogQUdFTlRSVU5fU09VUkNFX0NPTU1JVCx2YWx1ZTogX19BR0VOVFJVTl9TT1VSQ0VfQ09NTUlUX199LHtuYW1lOiBBR0VOVFJVTl9CT09UX0NPTU1JVCx2YWx1ZTogX19BR0VOVFJVTl9TT1VSQ0VfQ09NTUlUX199LHtuYW1lOiBBR0VOVFJVTl9CT09UX01PREUsdmFsdWU6IG1ncn0se25hbWU6IEFHRU5UUlVOX0JPT1RfUkVQT19VUkwsdmFsdWU6IGh0dHA6Ly9naXRlYS1odHRwLmRldm9wcy1pbmZyYS5zdmMuY2x1c3Rlci5sb2NhbDozMDAwL21pcnJvcnMvcGlrYXNUZWNoLWFnZW50cnVuLmdpdH0se25hbWU6IEFHRU5UUlVOX0VOVl9JREVOVElUWSx2YWx1ZTogX19BR0VOVFJVTl9FTlZfSURFTlRJVFlfX30se25hbWU6IEFHRU5UUlVOX1JVTlRJTUVfTkFNRVNQQUNFLHZhbHVlOiBhZ2VudHJ1bi12MDJ9LHtuYW1lOiBBR0VOVFJVTl9JTlRFUk5BTF9NR1JfVVJMLHZhbHVlOiBodHRwOi8vYWdlbnRydW4tbWdyLmFnZW50cnVuLXYwMi5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwfSx7bmFtZTogQUdFTlRSVU5fUlVOTkVSX0lNQUdFLHZhbHVlOiAxMjcuMC4wLjE6NTAwMC9hZ2VudHJ1bi9hZ2VudHJ1bi1tZ3ItZW52QHNoYTI1NjphYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhfSx7bmFtZTogQUdFTlRSVU5fUlVOTkVSX1NFUlZJQ0VfQUNDT1VOVCx2YWx1ZTogYWdlbnRydW4tamQwMS12MDItcnVubmVyfSx7bmFtZTogQUdFTlRSVU5fUlVOTkVSX0pPQl9OQU1FX1BSRUZJWCx2YWx1ZTogYWdlbnRydW4tamQwMS12MDItcnVubmVyfSx7bmFtZTogQUdFTlRSVU5fUlVOTkVSX0lETEVfVElNRU9VVF9NUyx2YWx1ZTogXCI2MDAwMDBcIn0se25hbWU6IEFHRU5UUlVOX0JBQ0tFTkRfUkVUUllfTUFYX0FUVEVNUFRTLHZhbHVlOiBcIjVcIn0se25hbWU6IEFHRU5UUlVOX0JBQ0tFTkRfUkVUUllfSU5JVElBTF9CQUNLT0ZGX01TLHZhbHVlOiBcIjEwMDBcIn0se25hbWU6IEFHRU5UUlVOX0JBQ0tFTkRfUkVUUllfTUFYX0JBQ0tPRkZfTVMsdmFsdWU6IFwiMzAwMDBcIn0se25hbWU6IEFHRU5UUlVOX1JVTk5FUl9SRVRFTlRJT05fTUFYX1JVTk5FUlMsdmFsdWU6IFwiM1wifSx7bmFtZTogQUdFTlRSVU5fUlVOTkVSX1JFVEVOVElPTl9DTEVBTlVQX09SREVSLHZhbHVlOiBvbGRlc3QtaW5hY3RpdmUtbGFzdC1hY3RpdmUtZmlyc3R9LHtuYW1lOiBBR0VOVFJVTl9SVU5ORVJfUkVURU5USU9OX0FDVElWRV9IRUFSVEJFQVRfTUFYX0FHRV9NUyx2YWx1ZTogXCI5MDAwMDBcIn0se25hbWU6IEFHRU5UUlVOX1JVTk5FUl9SRVRFTlRJT05fTUFUQ0hfTEFCRUxTX0pTT04sdmFsdWU6IFwie1xcXCJhcHAua3ViZXJuZXRlcy5pby9wYXJ0LW9mXFxcIjpcXFwiYWdlbnRydW5cXFwiLFxcXCJhcHAua3ViZXJuZXRlcy5pby9uYW1lXFxcIjpcXFwiYWdlbnRydW4tcnVubmVyXFxcIixcXFwiYXBwLmt1YmVybmV0ZXMuaW8vY29tcG9uZW50XFxcIjpcXFwicnVubmVyXFxcIn1cIn0se25hbWU6IEFHRU5UUlVOX1JVTk5FUl9SRVRFTlRJT05fSk9CX05BTUVfUFJFRklYRVMsdmFsdWU6IFwiYWdlbnRydW4tamQwMS12MDItcnVubmVyLGFnZW50cnVuLXYwMi1ydW5uZXIsYWdlbnRydW4tdjAxLXJ1bm5lclwifSx7bmFtZTogQUdFTlRSVU5fUlVOTkVSX1JFVEVOVElPTl9BR0VfQkFTRURfQ0xFQU5VUF9FTkFCTEVELHZhbHVlOiBcImZhbHNlXCJ9LHtuYW1lOiBBR0VOVFJVTl9SVU5ORVJfUkVURU5USU9OX0FHRV9CQVNFRF9NQVhfQUdFX0hPVVJTLHZhbHVlOiBcIjQ4XCJ9LHtuYW1lOiBBR0VOVFJVTl9DQU5DRUxfREVMSVZFUllfTU9ERSx2YWx1ZTogbWFuYWdlci1lcG9jaH0se25hbWU6IEFHRU5UUlVOX0NBTkNFTF9HUkFDRUZVTF9BQk9SVF9NUyx2YWx1ZTogXCIxNTAwMFwifSx7bmFtZTogQUdFTlRSVU5fQ0FOQ0VMX0tJTExfRVNDQUxBVElPTl9NUyx2YWx1ZTogXCIzMDAwMFwifSx7bmFtZTogQUdFTlRSVU5fQ0FOQ0VMX1NUQUxFX0hFQVJUQkVBVF9GRU5DSU5HX01TLHZhbHVlOiBcIjkwMDAwMFwifSx7bmFtZTogQUdFTlRSVU5fQ0FOQ0VMX0xBVEVfV1JJVEVfRkVOQ0lOR19FTkFCTEVELHZhbHVlOiBcInRydWVcIn0se25hbWU6IEFHRU5UUlVOX0NBTkNFTF9FVkVOVF9TVEFHRVMsdmFsdWU6IFwiYWNjZXB0ZWQscGVyc2lzdGVkLGRlbGl2ZXJlZCxhYm9ydGluZyx0ZXJtaW5hbGl6ZWQsZmVuY2VkLGxhdGUtd3JpdGUtcmVqZWN0ZWRcIn0se25hbWU6IEFHRU5UUlVOX1JVTk5FUl9FR1JFU1NfUFJPWFlfVVJMLHZhbHVlOiBodHRwOi8vMTI3LjAuMC4xOjEwODA4fSx7bmFtZTogQUdFTlRSVU5fUlVOTkVSX05PX1BST1hZX0VYVFJBLHZhbHVlOiBcImxvY2FsaG9zdCwxMjcuMC4wLjEsOjoxLC5zdmMsLnN2Yy5jbHVzdGVyLmxvY2FsLC5jbHVzdGVyLmxvY2FsLGh5dWVhcGkuY29tLC5oeXVlYXBpLmNvbVwifSx7bmFtZTogQUdFTlRSVU5fQVBJX0tFWSx2YWx1ZUZyb206IHtzZWNyZXRLZXlSZWY6IHtuYW1lOiBhZ2VudHJ1bi12MDItYXBpLWtleSxrZXk6IEhXTEFCX0FQSV9LRVl9fX0se25hbWU6IEFHRU5UUlVOX01BTkFHRVJfUkVDT05DSUxFUl9CQVRDSF9TSVpFLHZhbHVlOiBcIjIwXCJ9LHtuYW1lOiBBR0VOVFJVTl9NQU5BR0VSX1JFQ09OQ0lMRVJfRU5BQkxFRCx2YWx1ZTogXCJ0cnVlXCJ9LHtuYW1lOiBBR0VOVFJVTl9NQU5BR0VSX1JFQ09OQ0lMRVJfSU5URVJWQUxfTVMsdmFsdWU6IFwiMzAwMDBcIn0se25hbWU6IEFHRU5UUlVOX1BPU1RHUkVTX1BPT0xfTUFYLHZhbHVlOiBcIjRcIn0se25hbWU6IEhXTEFCX1JVTlRJTUVfTEFORSx2YWx1ZTogdjAuM30se25hbWU6IE9URUxfRVhQT1JURVJfT1RMUF9UUkFDRVNfRU5EUE9JTlQsdmFsdWU6IGh0dHA6Ly9vdGVsLWNvbGxlY3Rvci5wbGF0Zm9ybS1pbmZyYS5zdmMuY2x1c3Rlci5sb2NhbDo0MzE4L3YxL3RyYWNlc30se25hbWU6IE9URUxfU0VSVklDRV9OQU1FLHZhbHVlOiBhZ2VudHJ1bi1tYW5hZ2VyfSx7bmFtZTogVU5JREVTS19OT0RFX0lELHZhbHVlOiBKRDAxfSx7bmFtZTogVU5JREVTS19NQUlOX1NFUlZFUl9JUCx2YWx1ZTogNzQuNDguNzguMTd9XSxyZWFkaW5lc3NQcm9iZToge2h0dHBHZXQ6IHtwYXRoOiAvaGVhbHRoL3JlYWRpbmVzcyxwb3J0OiBodHRwfX0sbGl2ZW5lc3NQcm9iZToge2h0dHBHZXQ6IHtwYXRoOiAvaGVhbHRoL2xpdmUscG9ydDogaHR0cH19LHJlc291cmNlczoge3JlcXVlc3RzOiB7Y3B1OiAxMDBtLG1lbW9yeTogMjU2TWl9LGxpbWl0czoge2NwdTogODAwbSxtZW1vcnk6IDFHaX19fV19fX19XG4tLS1cbnthcGlWZXJzaW9uOiByYmFjLmF1dGhvcml6YXRpb24uazhzLmlvL3YxLGtpbmQ6IFJvbGUsbWV0YWRhdGE6IHtuYW1lOiBhZ2VudHJ1bi1qZDAxLXYwMi1tZ3ItcnVubmVyLWpvYi1jb250cm9sbGVyLG5hbWVzcGFjZTogYWdlbnRydW4tdjAyLGxhYmVsczoge2FwcC5rdWJlcm5ldGVzLmlvL3BhcnQtb2Y6IGFnZW50cnVuLGFnZW50cnVuLnBpa2FzdGVjaC5sb2NhbC9sYW5lOiB2MC4yLGFnZW50cnVuLnBpa2FzdGVjaC5sb2NhbC9ub2RlOiBKRDAxfX0scnVsZXM6IFt7YXBpR3JvdXBzOiBbYmF0Y2hdLHJlc291cmNlczogW2pvYnNdLHZlcmJzOiBbY3JlYXRlLGRlbGV0ZSxnZXQsbGlzdCx3YXRjaF19LHthcGlHcm91cHM6IFtcIlwiXSxyZXNvdXJjZXM6IFtwb2RzXSx2ZXJiczogW2RlbGV0ZSxnZXQsbGlzdCx3YXRjaF19LHthcGlHcm91cHM6IFtcIlwiXSxyZXNvdXJjZXM6IFtwZXJzaXN0ZW50dm9sdW1lY2xhaW1zXSx2ZXJiczogW2NyZWF0ZSxnZXQsbGlzdCx3YXRjaCxkZWxldGVdfV19XG4tLS1cbnthcGlWZXJzaW9uOiByYmFjLmF1dGhvcml6YXRpb24uazhzLmlvL3YxLGtpbmQ6IFJvbGVCaW5kaW5nLG1ldGFkYXRhOiB7bmFtZTogYWdlbnRydW4tamQwMS12MDItbWdyLXJ1bm5lci1qb2ItY29udHJvbGxlcixuYW1lc3BhY2U6IGFnZW50cnVuLXYwMixsYWJlbHM6IHthcHAua3ViZXJuZXRlcy5pby9wYXJ0LW9mOiBhZ2VudHJ1bixhZ2VudHJ1bi5waWthc3RlY2gubG9jYWwvbGFuZTogdjAuMixhZ2VudHJ1bi5waWthc3RlY2gubG9jYWwvbm9kZTogSkQwMX19LHN1YmplY3RzOiBbe2tpbmQ6IFNlcnZpY2VBY2NvdW50LG5hbWU6IGFnZW50cnVuLWpkMDEtdjAyLW1ncn1dLHJvbGVSZWY6IHthcGlHcm91cDogcmJhYy5hdXRob3JpemF0aW9uLms4cy5pbyxraW5kOiBSb2xlLG5hbWU6IGFnZW50cnVuLWpkMDEtdjAyLW1nci1ydW5uZXItam9iLWNvbnRyb2xsZXJ9fVxuLS0tXG57YXBpVmVyc2lvbjogcmJhYy5hdXRob3JpemF0aW9uLms4cy5pby92MSxraW5kOiBSb2xlLG1ldGFkYXRhOiB7bmFtZTogYWdlbnRydW4tamQwMS12MDItbWdyLXByb3ZpZGVyLXNlY3JldC1tYW5hZ2VyLG5hbWVzcGFjZTogYWdlbnRydW4tdjAyLGxhYmVsczoge2FwcC5rdWJlcm5ldGVzLmlvL3BhcnQtb2Y6IGFnZW50cnVuLGFnZW50cnVuLnBpa2FzdGVjaC5sb2NhbC9sYW5lOiB2MC4yLGFnZW50cnVuLnBpa2FzdGVjaC5sb2NhbC9ub2RlOiBKRDAxfX0scnVsZXM6IFt7YXBpR3JvdXBzOiBbXCJcIl0scmVzb3VyY2VzOiBbc2VjcmV0c10sdmVyYnM6IFtjcmVhdGUsZGVsZXRlLGdldCxsaXN0LHBhdGNoLHVwZGF0ZV19XX1cbi0tLVxue2FwaVZlcnNpb246IHJiYWMuYXV0aG9yaXphdGlvbi5rOHMuaW8vdjEsa2luZDogUm9sZUJpbmRpbmcsbWV0YWRhdGE6IHtuYW1lOiBhZ2VudHJ1bi1qZDAxLXYwMi1tZ3ItcHJvdmlkZXItc2VjcmV0LW1hbmFnZXIsbmFtZXNwYWNlOiBhZ2VudHJ1bi12MDIsbGFiZWxzOiB7YXBwLmt1YmVybmV0ZXMuaW8vcGFydC1vZjogYWdlbnRydW4sYWdlbnRydW4ucGlrYXN0ZWNoLmxvY2FsL2xhbmU6IHYwLjIsYWdlbnRydW4ucGlrYXN0ZWNoLmxvY2FsL25vZGU6IEpEMDF9fSxzdWJqZWN0czogW3traW5kOiBTZXJ2aWNlQWNjb3VudCxuYW1lOiBhZ2VudHJ1bi1qZDAxLXYwMi1tZ3J9XSxyb2xlUmVmOiB7YXBpR3JvdXA6IHJiYWMuYXV0aG9yaXphdGlvbi5rOHMuaW8sa2luZDogUm9sZSxuYW1lOiBhZ2VudHJ1bi1qZDAxLXYwMi1tZ3ItcHJvdmlkZXItc2VjcmV0LW1hbmFnZXJ9fVxuIn0seyJwYXRoIjoiZGVwbG95L2dpdG9wcy9ub2RlL2pkMDEvcnVudGltZS12MDIvcnVubmVyLXJiYWMueWFtbCIsImNvbnRlbnQiOiJ7YXBpVmVyc2lvbjogdjEsa2luZDogU2VydmljZUFjY291bnQsbWV0YWRhdGE6IHtuYW1lOiBhZ2VudHJ1bi1qZDAxLXYwMi1ydW5uZXIsbmFtZXNwYWNlOiBhZ2VudHJ1bi12MDIsbGFiZWxzOiB7YXBwLmt1YmVybmV0ZXMuaW8vcGFydC1vZjogYWdlbnRydW4sYWdlbnRydW4ucGlrYXN0ZWNoLmxvY2FsL2xhbmU6IHYwLjIsYWdlbnRydW4ucGlrYXN0ZWNoLmxvY2FsL25vZGU6IEpEMDF9fX1cbi0tLVxue2FwaVZlcnNpb246IHJiYWMuYXV0aG9yaXphdGlvbi5rOHMuaW8vdjEsa2luZDogUm9sZSxtZXRhZGF0YToge25hbWU6IGFnZW50cnVuLWpkMDEtdjAyLXJ1bm5lci1zZWNyZXQtcmVhZGVyLG5hbWVzcGFjZTogYWdlbnRydW4tdjAyLGxhYmVsczoge2FwcC5rdWJlcm5ldGVzLmlvL3BhcnQtb2Y6IGFnZW50cnVuLGFnZW50cnVuLnBpa2FzdGVjaC5sb2NhbC9sYW5lOiB2MC4yLGFnZW50cnVuLnBpa2FzdGVjaC5sb2NhbC9ub2RlOiBKRDAxfX0scnVsZXM6IFt7YXBpR3JvdXBzOiBbXCJcIl0scmVzb3VyY2VzOiBbc2VjcmV0c10sdmVyYnM6IFtnZXRdfV19XG4tLS1cbnthcGlWZXJzaW9uOiByYmFjLmF1dGhvcml6YXRpb24uazhzLmlvL3YxLGtpbmQ6IFJvbGVCaW5kaW5nLG1ldGFkYXRhOiB7bmFtZTogYWdlbnRydW4tamQwMS12MDItcnVubmVyLXNlY3JldC1yZWFkZXIsbmFtZXNwYWNlOiBhZ2VudHJ1bi12MDIsbGFiZWxzOiB7YXBwLmt1YmVybmV0ZXMuaW8vcGFydC1vZjogYWdlbnRydW4sYWdlbnRydW4ucGlrYXN0ZWNoLmxvY2FsL2xhbmU6IHYwLjIsYWdlbnRydW4ucGlrYXN0ZWNoLmxvY2FsL25vZGU6IEpEMDF9fSxzdWJqZWN0czogW3traW5kOiBTZXJ2aWNlQWNjb3VudCxuYW1lOiBhZ2VudHJ1bi1qZDAxLXYwMi1ydW5uZXJ9XSxyb2xlUmVmOiB7YXBpR3JvdXA6IHJiYWMuYXV0aG9yaXphdGlvbi5rOHMuaW8sa2luZDogUm9sZSxuYW1lOiBhZ2VudHJ1bi1qZDAxLXYwMi1ydW5uZXItc2VjcmV0LXJlYWRlcn19XG4ifV0=\"\
\ngit_write_url='$(params.git-write-url)'\ngit_auth_url=\"$git_write_url\"\nif printf '%s' \"$git_write_url\"\
\ | grep -q '^http://gitea-http\\.'; then\n test -n \"${GITEA_TOKEN:-}\"\n git_auth_url=$(printf '%s' \"$git_write_url\"\
\ | sed \"s#^http://#http://x-access-token:${GITEA_TOKEN}@#\")\nfi\nrm -rf \"$root/gitops\"\ngit clone \"$git_auth_url\"\
\ \"$root/gitops\"\ncd \"$root/gitops\"\ngit fetch origin \"$(params.gitops-branch)\" || true\nif git rev-parse\
\ --verify \"refs/remotes/origin/$(params.gitops-branch)^{commit}\" >/dev/null 2>&1; then git checkout -B \"$(params.gitops-branch)\"\
\ \"refs/remotes/origin/$(params.gitops-branch)\"; else git checkout --orphan \"$(params.gitops-branch)\"; git\
\ rm -rf . >/dev/null 2>&1 || true; fi\ngit rm -rf --ignore-unmatch \"$(params.gitops-root)\" \"$(params.artifact-catalog)\"\
\ source.json >/dev/null 2>&1 || true\nrm -rf \"$(params.gitops-root)\" \"$(params.artifact-catalog)\" source.json\n\
TEMPLATES_B64=\"$templates_b64\" BUILD_RESULT=\"$build_result\" node <<'NODE'\nconst { mkdirSync, readFileSync,\
\ writeFileSync } = require('node:fs');\nconst { dirname } = require('node:path');\nconst templates = JSON.parse(Buffer.from(process.env.TEMPLATES_B64,\
\ 'base64').toString('utf8'));\nconst build = JSON.parse(readFileSync(process.env.BUILD_RESULT, 'utf8'));\nconst\
\ replacements = new Map([\n ['__AGENTRUN_SOURCE_COMMIT__', build.sourceCommit],\n ['__AGENTRUN_ENV_IDENTITY__',\
\ build.envIdentity],\n ['sha256:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa', build.digest],\n\
\ ['__AGENTRUN_IMAGE_STATUS__', build.status],\n]);\nfor (const file of templates) {\n let content = file.content;\n\
\ for (const [from, to] of replacements) content = content.split(from).join(to);\n mkdirSync(dirname(file.path),\
\ { recursive: true });\n writeFileSync(file.path, content);\n}\nNODE\ngit add source.json \"$(params.artifact-catalog)\"\
\ \"$(params.gitops-root)\"\nif git diff --quiet --cached; then changed=false; else changed=true; git -c user.email=agentrun@unidesk.local\
\ -c user.name='UniDesk AgentRun PaC' commit -m \"deploy: render AgentRun $(params.gitops-branch) from PaC\";\
\ fi\ngit remote set-url origin \"$git_auth_url\"\ngit push -u origin \"$(params.gitops-branch)\"\ngitops_commit=$(git\
\ rev-parse HEAD)\nBUILD_RESULT=\"$build_result\" CHANGED=\"$changed\" GITOPS_COMMIT=\"$gitops_commit\" node <<'NODE'\n\
const { readFileSync } = require('node:fs');\nconst build = JSON.parse(readFileSync(process.env.BUILD_RESULT,\
\ 'utf8'));\nconsole.log(JSON.stringify({ ok: true, status: 'succeeded', phase: 'gitops-publish', changed: process.env.CHANGED\
\ === 'true', gitopsCommit: process.env.GITOPS_COMMIT, sourceCommit: build.sourceCommit, envIdentity: build.envIdentity,\
\ imageStatus: build.status, digest: build.digest, valuesPrinted: false }));\nNODE"
params:
- name: git-read-url
value: $(params.git-read-url)
- name: git-write-url
value: $(params.git-write-url)
- name: source-branch
value: $(params.source-branch)
- name: gitops-branch
value: $(params.gitops-branch)
- name: revision
value: $(params.revision)
- name: source-stage-ref
value: $(params.source-stage-ref)
- name: registry-prefix
value: $(params.registry-prefix)
- name: tools-image
value: $(params.tools-image)
- name: buildkit-image
value: $(params.buildkit-image)
- name: containerfile
value: $(params.containerfile)
- name: context-dir
value: $(params.context-dir)
- name: image-repository
value: $(params.image-repository)
- name: build-network
value: $(params.build-network)
- name: build-args-json
value: $(params.build-args-json)
- name: build-http-proxy
value: $(params.build-http-proxy)
- name: build-https-proxy
value: $(params.build-https-proxy)
- name: build-no-proxy
value: $(params.build-no-proxy)
- name: container-http-proxy
value: $(params.container-http-proxy)
- name: container-https-proxy
value: $(params.container-https-proxy)
- name: container-no-proxy
value: $(params.container-no-proxy)
- name: env-identity-files-json
value: $(params.env-identity-files-json)
- name: gitops-root
value: $(params.gitops-root)
- name: artifact-catalog
value: $(params.artifact-catalog)
when:
- input: unidesk-yaml-only
operator: in
values:
- unidesk-yaml-only
taskRunTemplate:
serviceAccountName: '{{ service_account }}'
podTemplate:
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
securityContext:
fsGroup: 1000
params:
- name: git-url
value: '{{ repo_url }}'
- name: git-read-url
value: '{{ git_read_url }}'
- name: git-write-url
value: '{{ git_write_url }}'
- name: source-branch
value: '{{ source_branch }}'
- name: gitops-branch
value: '{{ gitops_branch }}'
- name: revision
value: '{{ revision }}'
- name: source-stage-ref
value: '{{ source_snapshot_prefix }}/{{ revision }}'
workspaces:
- name: source
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: '{{ workspace_pvc_size }}'