Patrick de Ruiter
2d287824c7
All checks were successful
Code Quality & Security Scan / SonarQube Scan (push) Successful in 43s
Code Quality & Security Scan / TFLint (push) Successful in 19s
Code Quality & Security Scan / Terraform Destroy (push) Has been skipped
Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 24s
Code Quality & Security Scan / Checkov Security Scan (push) Successful in 35s
Code Quality & Security Scan / Terraform Validate (push) Successful in 39s
Code Quality & Security Scan / Terraform Plan (push) Successful in 1m21s
Code Quality & Security Scan / Terraform Apply (push) Successful in 1m36s
The renovate_username value was stored in Vault but not being passed as an environment variable to the container, causing authentication failures with Gitea. Changes: - Added RENOVATE_USERNAME to the environment variables list in main.tf - Value is retrieved from Vault at secret/renovate with key renovate_username This should resolve the "Authentication failure" error in the Renovate container logs, as the username is required for proper Gitea authentication.
96 lines
2.8 KiB
HCL
96 lines
2.8 KiB
HCL
# Get Traefik network
|
|
data "docker_network" "traefik_network" {
|
|
name = "traefik_network"
|
|
}
|
|
|
|
# Create volumes for Renovate
|
|
resource "docker_volume" "renovate_config" {
|
|
name = "renovate-config"
|
|
}
|
|
|
|
resource "docker_volume" "renovate_cache" {
|
|
name = "renovate-cache"
|
|
}
|
|
|
|
# Pull Renovate image
|
|
resource "docker_image" "renovate" {
|
|
name = var.renovate_image
|
|
keep_locally = true
|
|
}
|
|
|
|
# Create Renovate container
|
|
resource "docker_container" "renovate" {
|
|
image = docker_image.renovate.image_id
|
|
name = var.container_name
|
|
hostname = var.container_name
|
|
restart = var.restart_policy
|
|
|
|
# Resource limits
|
|
memory = var.memory_limit
|
|
memory_swap = var.memory_swap_limit
|
|
|
|
# Environment variables for Renovate
|
|
env = concat(
|
|
[
|
|
"RENOVATE_PLATFORM=${data.vault_generic_secret.renovate.data["renovate_platform"]}",
|
|
"RENOVATE_ENDPOINT=${data.vault_generic_secret.renovate.data["renovate_endpoint"]}",
|
|
"RENOVATE_TOKEN=${data.vault_generic_secret.renovate.data["renovate_token"]}",
|
|
"RENOVATE_GIT_AUTHOR=${data.vault_generic_secret.renovate.data["renovate_git_author"]}",
|
|
"RENOVATE_USERNAME=${data.vault_generic_secret.renovate.data["renovate_username"]}",
|
|
"RENOVATE_AUTODISCOVER=${var.renovate_autodiscover}",
|
|
"LOG_LEVEL=${var.log_level}"
|
|
],
|
|
var.github_com_token != "" ? ["GITHUB_COM_TOKEN=${var.github_com_token}"] : [],
|
|
var.extra_env_vars
|
|
)
|
|
|
|
# Network configuration
|
|
networks_advanced {
|
|
name = data.docker_network.traefik_network.name
|
|
}
|
|
|
|
# Volumes
|
|
volumes {
|
|
volume_name = docker_volume.renovate_config.name
|
|
container_path = "/usr/src/app/config"
|
|
}
|
|
|
|
volumes {
|
|
volume_name = docker_volume.renovate_cache.name
|
|
container_path = "/tmp/renovate"
|
|
}
|
|
|
|
# Upload config.js if enabled
|
|
dynamic "upload" {
|
|
for_each = var.upload_config_file ? [1] : []
|
|
content {
|
|
content = templatefile("${path.module}/files/config.js.tpl", {
|
|
platform = data.vault_generic_secret.renovate.data["renovate_platform"]
|
|
endpoint = data.vault_generic_secret.renovate.data["renovate_endpoint"]
|
|
git_author = data.vault_generic_secret.renovate.data["renovate_git_author"]
|
|
username = data.vault_generic_secret.renovate.data["renovate_username"]
|
|
autodiscover = var.renovate_autodiscover
|
|
onboarding_config = var.renovate_onboarding_config
|
|
})
|
|
file = "/usr/src/app/config.js"
|
|
}
|
|
}
|
|
|
|
lifecycle {
|
|
ignore_changes = [
|
|
command,
|
|
entrypoint
|
|
]
|
|
}
|
|
}
|
|
|
|
# DNS CNAME record for Renovate (optional, if web interface is needed)
|
|
resource "dns_cname_record" "renovate_cname" {
|
|
count = var.create_cname_record ? 1 : 0
|
|
|
|
zone = "${var.domain}."
|
|
ttl = 300
|
|
name = coalesce(var.dns_name, var.container_name)
|
|
cname = "hosting.${var.domain}."
|
|
}
|