diff --git a/.tekton/kartograph-agent-runtime-push.yaml b/.tekton/kartograph-agent-runtime-push.yaml index 30672014c..faff84937 100644 --- a/.tekton/kartograph-agent-runtime-push.yaml +++ b/.tekton/kartograph-agent-runtime-push.yaml @@ -615,9 +615,9 @@ spec: value: $(params.git-url) workspaces: - name: basic-auth - workspace: hp-fleet-gitops-auth + workspace: fleet-apps-auth - name: netrc - workspace: hp-fleet-gitops-auth + workspace: fleet-apps-auth taskSpec: params: - name: COMMIT_SHA @@ -658,8 +658,8 @@ spec: mkdir -p "$HOME" if [ ! -f "${WORKSPACE_BASIC_AUTH_PATH}/.git-credentials" ] && [ ! -f "${WORKSPACE_NETRC_PATH}/.netrc" ]; then - echo "ERROR: Secret kartograph-hp-fleet-gitops-auth is missing or empty." - echo "Apply .tekton/kartograph-hp-fleet-gitops-auth.secret.example.yaml in kartograph-tenant." + echo "ERROR: Secret kartograph-fleet-apps-auth is missing or empty." + echo "Apply .tekton/kartograph-fleet-apps-auth.secret.example.yaml in kartograph-tenant." exit 1 fi @@ -677,8 +677,9 @@ spec: SHORT_SHA="${COMMIT_SHA:0:12}" BRANCH="konflux/deploy-tag-${DEPLOY_COMPONENT}-${SHORT_SHA}" + FLEET_APPS_REPO="https://gitlab.cee.redhat.com/hybrid-platforms-gitops/tenant-apps/fleet-apps.git" - git clone --depth 1 --branch main "https://github.com/openshift-online/hp-fleet-gitops" /tmp/repo + git clone --depth 1 --branch main "${FLEET_APPS_REPO}" /tmp/repo cd /tmp/repo FILE="apps/kartograph/overlays/stage/kustomization.yaml" @@ -708,70 +709,13 @@ spec: git checkout -b "$BRANCH" git commit -m "chore(deploy): update ${DEPLOY_COMPONENT} stage image tag to ${SHORT_SHA}" - git push origin "$BRANCH" + git push -u origin "$BRANCH" \ + -o merge_request.create \ + -o merge_request.target=main \ + -o "merge_request.title=chore(deploy): update ${DEPLOY_COMPONENT} stage image tag to ${SHORT_SHA}" \ + -o "merge_request.description=Auto-generated by Konflux push pipeline. Updates newTag for ${IMAGE_SELECTOR} to ${COMMIT_SHA}." + echo "Merge request created for branch ${BRANCH}" - mkdir -p /tekton/run - printf '%s\n' "$BRANCH" > /tekton/run/deploy-branch - printf '%s\n' "$COMMIT_SHA" > /tekton/run/commit-sha - printf '%s\n' "$DEPLOY_COMPONENT" > /tekton/run/deploy-component - printf '%s\n' "$SHORT_SHA" > /tekton/run/short-sha - - name: create-pull-request - image: docker.io/curlimages/curl:8.12.1@sha256:94e9e444bcba979c2ea12e27ae39bee4cd10bc7041a472c4727a558e213744e6 - env: - - name: WORKSPACE_NETRC_PATH - value: /workspace/netrc - script: | - #!/bin/sh - set -eu - - if [ ! -f /tekton/run/deploy-branch ]; then - echo "No deploy branch metadata, skipping PR creation" - exit 0 - fi - - BRANCH=$(cat /tekton/run/deploy-branch) - COMMIT_SHA=$(cat /tekton/run/commit-sha) - DEPLOY_COMPONENT=$(cat /tekton/run/deploy-component) - SHORT_SHA=$(cat /tekton/run/short-sha) - REPO="openshift-online/hp-fleet-gitops" - - export HOME=/tekton/home - mkdir -p "$HOME" - if [ ! -f "${WORKSPACE_NETRC_PATH}/.netrc" ]; then - echo "WARNING: netrc not available, PR must be created manually" - echo "Branch pushed: $BRANCH" - exit 0 - fi - cp "${WORKSPACE_NETRC_PATH}/.netrc" "$HOME/.netrc" - chmod 600 "$HOME/.netrc" - - PAYLOAD=$(mktemp) - chmod 600 "$PAYLOAD" - printf '{"title":"chore(deploy): update %s stage image tag to %s","head":"%s","base":"main","body":"Auto-generated by Konflux push pipeline.\n\nUpdates `newTag` in stage kustomization to `%s`."}' \ - "$DEPLOY_COMPONENT" "$SHORT_SHA" "$BRANCH" "$COMMIT_SHA" > "$PAYLOAD" - - PR_RESPONSE=$(curl -sS --netrc \ - -H "Content-Type: application/json" \ - -d @"$PAYLOAD" \ - "https://api.github.com/repos/${REPO}/pulls") || true - rm -f "$PAYLOAD" - - PR_URL=$(echo "$PR_RESPONSE" | grep -o '"html_url":"[^"]*"' | head -1 | cut -d'"' -f4) - echo "PR created: ${PR_URL:-none}" - - PR_NODE_ID=$(echo "$PR_RESPONSE" | grep -o '"node_id":"[^"]*"' | head -1 | cut -d'"' -f4) - if [ -n "$PR_NODE_ID" ]; then - GRAPHQL_PAYLOAD=$(mktemp) - chmod 600 "$GRAPHQL_PAYLOAD" - printf '{"query":"mutation { enablePullRequestAutoMerge(input: { pullRequestId: \\"%s\\", mergeMethod: SQUASH }) { pullRequest { autoMergeRequest { enabledAt } } } }"}' \ - "$PR_NODE_ID" > "$GRAPHQL_PAYLOAD" - curl -sS --netrc \ - -H "Content-Type: application/json" \ - -d @"$GRAPHQL_PAYLOAD" \ - "https://api.github.com/graphql" > /dev/null 2>&1 || true - rm -f "$GRAPHQL_PAYLOAD" - echo "Auto-merge enabled" - fi workspaces: - name: git-auth optional: true @@ -783,7 +727,7 @@ spec: - name: git-auth secret: secretName: "{{ git_auth_secret }}" - - name: hp-fleet-gitops-auth + - name: fleet-apps-auth secret: - secretName: kartograph-hp-fleet-gitops-auth + secretName: kartograph-fleet-apps-auth status: {} diff --git a/.tekton/kartograph-api-push.yaml b/.tekton/kartograph-api-push.yaml index ee35542a7..8c832e94c 100644 --- a/.tekton/kartograph-api-push.yaml +++ b/.tekton/kartograph-api-push.yaml @@ -615,9 +615,9 @@ spec: value: $(params.git-url) workspaces: - name: basic-auth - workspace: hp-fleet-gitops-auth + workspace: fleet-apps-auth - name: netrc - workspace: hp-fleet-gitops-auth + workspace: fleet-apps-auth taskSpec: params: - name: COMMIT_SHA @@ -658,8 +658,8 @@ spec: mkdir -p "$HOME" if [ ! -f "${WORKSPACE_BASIC_AUTH_PATH}/.git-credentials" ] && [ ! -f "${WORKSPACE_NETRC_PATH}/.netrc" ]; then - echo "ERROR: Secret kartograph-hp-fleet-gitops-auth is missing or empty." - echo "Apply .tekton/kartograph-hp-fleet-gitops-auth.secret.example.yaml in kartograph-tenant." + echo "ERROR: Secret kartograph-fleet-apps-auth is missing or empty." + echo "Apply .tekton/kartograph-fleet-apps-auth.secret.example.yaml in kartograph-tenant." exit 1 fi @@ -677,8 +677,9 @@ spec: SHORT_SHA="${COMMIT_SHA:0:12}" BRANCH="konflux/deploy-tag-${DEPLOY_COMPONENT}-${SHORT_SHA}" + FLEET_APPS_REPO="https://gitlab.cee.redhat.com/hybrid-platforms-gitops/tenant-apps/fleet-apps.git" - git clone --depth 1 --branch main "https://github.com/openshift-online/hp-fleet-gitops" /tmp/repo + git clone --depth 1 --branch main "${FLEET_APPS_REPO}" /tmp/repo cd /tmp/repo FILE="apps/kartograph/overlays/stage/kustomization.yaml" @@ -700,70 +701,13 @@ spec: git checkout -b "$BRANCH" git commit -m "chore(deploy): update ${DEPLOY_COMPONENT} stage image tag to ${SHORT_SHA}" - git push origin "$BRANCH" + git push -u origin "$BRANCH" \ + -o merge_request.create \ + -o merge_request.target=main \ + -o "merge_request.title=chore(deploy): update ${DEPLOY_COMPONENT} stage image tag to ${SHORT_SHA}" \ + -o "merge_request.description=Auto-generated by Konflux push pipeline. Updates newTag for ${IMAGE_SELECTOR} to ${COMMIT_SHA}." + echo "Merge request created for branch ${BRANCH}" - mkdir -p /tekton/run - printf '%s\n' "$BRANCH" > /tekton/run/deploy-branch - printf '%s\n' "$COMMIT_SHA" > /tekton/run/commit-sha - printf '%s\n' "$DEPLOY_COMPONENT" > /tekton/run/deploy-component - printf '%s\n' "$SHORT_SHA" > /tekton/run/short-sha - - name: create-pull-request - image: docker.io/curlimages/curl:8.12.1@sha256:94e9e444bcba979c2ea12e27ae39bee4cd10bc7041a472c4727a558e213744e6 - env: - - name: WORKSPACE_NETRC_PATH - value: /workspace/netrc - script: | - #!/bin/sh - set -eu - - if [ ! -f /tekton/run/deploy-branch ]; then - echo "No deploy branch metadata, skipping PR creation" - exit 0 - fi - - BRANCH=$(cat /tekton/run/deploy-branch) - COMMIT_SHA=$(cat /tekton/run/commit-sha) - DEPLOY_COMPONENT=$(cat /tekton/run/deploy-component) - SHORT_SHA=$(cat /tekton/run/short-sha) - REPO="openshift-online/hp-fleet-gitops" - - export HOME=/tekton/home - mkdir -p "$HOME" - if [ ! -f "${WORKSPACE_NETRC_PATH}/.netrc" ]; then - echo "WARNING: netrc not available, PR must be created manually" - echo "Branch pushed: $BRANCH" - exit 0 - fi - cp "${WORKSPACE_NETRC_PATH}/.netrc" "$HOME/.netrc" - chmod 600 "$HOME/.netrc" - - PAYLOAD=$(mktemp) - chmod 600 "$PAYLOAD" - printf '{"title":"chore(deploy): update %s stage image tag to %s","head":"%s","base":"main","body":"Auto-generated by Konflux push pipeline.\n\nUpdates `newTag` in stage kustomization to `%s`."}' \ - "$DEPLOY_COMPONENT" "$SHORT_SHA" "$BRANCH" "$COMMIT_SHA" > "$PAYLOAD" - - PR_RESPONSE=$(curl -sS --netrc \ - -H "Content-Type: application/json" \ - -d @"$PAYLOAD" \ - "https://api.github.com/repos/${REPO}/pulls") || true - rm -f "$PAYLOAD" - - PR_URL=$(echo "$PR_RESPONSE" | grep -o '"html_url":"[^"]*"' | head -1 | cut -d'"' -f4) - echo "PR created: ${PR_URL:-none}" - - PR_NODE_ID=$(echo "$PR_RESPONSE" | grep -o '"node_id":"[^"]*"' | head -1 | cut -d'"' -f4) - if [ -n "$PR_NODE_ID" ]; then - GRAPHQL_PAYLOAD=$(mktemp) - chmod 600 "$GRAPHQL_PAYLOAD" - printf '{"query":"mutation { enablePullRequestAutoMerge(input: { pullRequestId: \\"%s\\", mergeMethod: SQUASH }) { pullRequest { autoMergeRequest { enabledAt } } } }"}' \ - "$PR_NODE_ID" > "$GRAPHQL_PAYLOAD" - curl -sS --netrc \ - -H "Content-Type: application/json" \ - -d @"$GRAPHQL_PAYLOAD" \ - "https://api.github.com/graphql" > /dev/null 2>&1 || true - rm -f "$GRAPHQL_PAYLOAD" - echo "Auto-merge enabled" - fi workspaces: - name: git-auth optional: true @@ -775,7 +719,7 @@ spec: - name: git-auth secret: secretName: "{{ git_auth_secret }}" - - name: hp-fleet-gitops-auth + - name: fleet-apps-auth secret: - secretName: kartograph-hp-fleet-gitops-auth + secretName: kartograph-fleet-apps-auth status: {} diff --git a/.tekton/kartograph-dev-ui-push.yaml b/.tekton/kartograph-dev-ui-push.yaml index d3b5d151d..5851fd22c 100644 --- a/.tekton/kartograph-dev-ui-push.yaml +++ b/.tekton/kartograph-dev-ui-push.yaml @@ -615,9 +615,9 @@ spec: value: $(params.git-url) workspaces: - name: basic-auth - workspace: hp-fleet-gitops-auth + workspace: fleet-apps-auth - name: netrc - workspace: hp-fleet-gitops-auth + workspace: fleet-apps-auth taskSpec: params: - name: COMMIT_SHA @@ -658,8 +658,8 @@ spec: mkdir -p "$HOME" if [ ! -f "${WORKSPACE_BASIC_AUTH_PATH}/.git-credentials" ] && [ ! -f "${WORKSPACE_NETRC_PATH}/.netrc" ]; then - echo "ERROR: Secret kartograph-hp-fleet-gitops-auth is missing or empty." - echo "Apply .tekton/kartograph-hp-fleet-gitops-auth.secret.example.yaml in kartograph-tenant." + echo "ERROR: Secret kartograph-fleet-apps-auth is missing or empty." + echo "Apply .tekton/kartograph-fleet-apps-auth.secret.example.yaml in kartograph-tenant." exit 1 fi @@ -677,8 +677,9 @@ spec: SHORT_SHA="${COMMIT_SHA:0:12}" BRANCH="konflux/deploy-tag-${DEPLOY_COMPONENT}-${SHORT_SHA}" + FLEET_APPS_REPO="https://gitlab.cee.redhat.com/hybrid-platforms-gitops/tenant-apps/fleet-apps.git" - git clone --depth 1 --branch main "https://github.com/openshift-online/hp-fleet-gitops" /tmp/repo + git clone --depth 1 --branch main "${FLEET_APPS_REPO}" /tmp/repo cd /tmp/repo FILE="apps/kartograph/overlays/stage/kustomization.yaml" @@ -700,70 +701,13 @@ spec: git checkout -b "$BRANCH" git commit -m "chore(deploy): update ${DEPLOY_COMPONENT} stage image tag to ${SHORT_SHA}" - git push origin "$BRANCH" + git push -u origin "$BRANCH" \ + -o merge_request.create \ + -o merge_request.target=main \ + -o "merge_request.title=chore(deploy): update ${DEPLOY_COMPONENT} stage image tag to ${SHORT_SHA}" \ + -o "merge_request.description=Auto-generated by Konflux push pipeline. Updates newTag for ${IMAGE_SELECTOR} to ${COMMIT_SHA}." + echo "Merge request created for branch ${BRANCH}" - mkdir -p /tekton/run - printf '%s\n' "$BRANCH" > /tekton/run/deploy-branch - printf '%s\n' "$COMMIT_SHA" > /tekton/run/commit-sha - printf '%s\n' "$DEPLOY_COMPONENT" > /tekton/run/deploy-component - printf '%s\n' "$SHORT_SHA" > /tekton/run/short-sha - - name: create-pull-request - image: docker.io/curlimages/curl:8.12.1@sha256:94e9e444bcba979c2ea12e27ae39bee4cd10bc7041a472c4727a558e213744e6 - env: - - name: WORKSPACE_NETRC_PATH - value: /workspace/netrc - script: | - #!/bin/sh - set -eu - - if [ ! -f /tekton/run/deploy-branch ]; then - echo "No deploy branch metadata, skipping PR creation" - exit 0 - fi - - BRANCH=$(cat /tekton/run/deploy-branch) - COMMIT_SHA=$(cat /tekton/run/commit-sha) - DEPLOY_COMPONENT=$(cat /tekton/run/deploy-component) - SHORT_SHA=$(cat /tekton/run/short-sha) - REPO="openshift-online/hp-fleet-gitops" - - export HOME=/tekton/home - mkdir -p "$HOME" - if [ ! -f "${WORKSPACE_NETRC_PATH}/.netrc" ]; then - echo "WARNING: netrc not available, PR must be created manually" - echo "Branch pushed: $BRANCH" - exit 0 - fi - cp "${WORKSPACE_NETRC_PATH}/.netrc" "$HOME/.netrc" - chmod 600 "$HOME/.netrc" - - PAYLOAD=$(mktemp) - chmod 600 "$PAYLOAD" - printf '{"title":"chore(deploy): update %s stage image tag to %s","head":"%s","base":"main","body":"Auto-generated by Konflux push pipeline.\n\nUpdates `newTag` in stage kustomization to `%s`."}' \ - "$DEPLOY_COMPONENT" "$SHORT_SHA" "$BRANCH" "$COMMIT_SHA" > "$PAYLOAD" - - PR_RESPONSE=$(curl -sS --netrc \ - -H "Content-Type: application/json" \ - -d @"$PAYLOAD" \ - "https://api.github.com/repos/${REPO}/pulls") || true - rm -f "$PAYLOAD" - - PR_URL=$(echo "$PR_RESPONSE" | grep -o '"html_url":"[^"]*"' | head -1 | cut -d'"' -f4) - echo "PR created: ${PR_URL:-none}" - - PR_NODE_ID=$(echo "$PR_RESPONSE" | grep -o '"node_id":"[^"]*"' | head -1 | cut -d'"' -f4) - if [ -n "$PR_NODE_ID" ]; then - GRAPHQL_PAYLOAD=$(mktemp) - chmod 600 "$GRAPHQL_PAYLOAD" - printf '{"query":"mutation { enablePullRequestAutoMerge(input: { pullRequestId: \\"%s\\", mergeMethod: SQUASH }) { pullRequest { autoMergeRequest { enabledAt } } } }"}' \ - "$PR_NODE_ID" > "$GRAPHQL_PAYLOAD" - curl -sS --netrc \ - -H "Content-Type: application/json" \ - -d @"$GRAPHQL_PAYLOAD" \ - "https://api.github.com/graphql" > /dev/null 2>&1 || true - rm -f "$GRAPHQL_PAYLOAD" - echo "Auto-merge enabled" - fi workspaces: - name: git-auth optional: true @@ -775,7 +719,7 @@ spec: - name: git-auth secret: secretName: "{{ git_auth_secret }}" - - name: hp-fleet-gitops-auth + - name: fleet-apps-auth secret: - secretName: kartograph-hp-fleet-gitops-auth + secretName: kartograph-fleet-apps-auth status: {} diff --git a/.tekton/kartograph-fleet-apps-auth.secret.example.yaml b/.tekton/kartograph-fleet-apps-auth.secret.example.yaml new file mode 100644 index 000000000..cab391026 --- /dev/null +++ b/.tekton/kartograph-fleet-apps-auth.secret.example.yaml @@ -0,0 +1,24 @@ +# Apply in Konflux tenant namespace (kartograph-tenant) after replacing placeholders. +# +# GitLab PAT needs api + write_repository on: +# hybrid-platforms-gitops/tenant-apps/fleet-apps +# Do not commit real tokens. +# +# oc project kartograph-tenant +# oc create -f kartograph-fleet-apps-auth.secret.yaml +# +apiVersion: v1 +kind: Secret +metadata: + name: kartograph-fleet-apps-auth + namespace: kartograph-tenant +type: Opaque +stringData: + .gitconfig: | + [credential] + helper = store + .git-credentials: https://oauth2:REPLACE_WITH_GITLAB_PAT@gitlab.cee.redhat.com + .netrc: | + machine gitlab.cee.redhat.com + login oauth2 + password REPLACE_WITH_GITLAB_PAT diff --git a/.tekton/kartograph-hp-fleet-gitops-auth.secret.example.yaml b/.tekton/kartograph-hp-fleet-gitops-auth.secret.example.yaml index c568b46a1..47a34e34a 100644 --- a/.tekton/kartograph-hp-fleet-gitops-auth.secret.example.yaml +++ b/.tekton/kartograph-hp-fleet-gitops-auth.secret.example.yaml @@ -1,3 +1,6 @@ +# Deprecated: use kartograph-fleet-apps-auth.secret.example.yaml instead. +# ArgoCD deploys from fleet-apps (GitLab), not hp-fleet-gitops (GitHub). +# # Apply in Konflux tenant namespace (kartograph-tenant) after replacing placeholders. # # PAT needs repo + pull_request scope on openshift-online/hp-fleet-gitops. diff --git a/.tekton/kartograph-openshell-gateway-push.yaml b/.tekton/kartograph-openshell-gateway-push.yaml index 25fecbadf..29e18b77e 100644 --- a/.tekton/kartograph-openshell-gateway-push.yaml +++ b/.tekton/kartograph-openshell-gateway-push.yaml @@ -615,9 +615,9 @@ spec: value: $(params.git-url) workspaces: - name: basic-auth - workspace: hp-fleet-gitops-auth + workspace: fleet-apps-auth - name: netrc - workspace: hp-fleet-gitops-auth + workspace: fleet-apps-auth taskSpec: params: - name: COMMIT_SHA @@ -658,8 +658,8 @@ spec: mkdir -p "$HOME" if [ ! -f "${WORKSPACE_BASIC_AUTH_PATH}/.git-credentials" ] && [ ! -f "${WORKSPACE_NETRC_PATH}/.netrc" ]; then - echo "ERROR: Secret kartograph-hp-fleet-gitops-auth is missing or empty." - echo "Apply .tekton/kartograph-hp-fleet-gitops-auth.secret.example.yaml in kartograph-tenant." + echo "ERROR: Secret kartograph-fleet-apps-auth is missing or empty." + echo "Apply .tekton/kartograph-fleet-apps-auth.secret.example.yaml in kartograph-tenant." exit 1 fi @@ -677,8 +677,9 @@ spec: SHORT_SHA="${COMMIT_SHA:0:12}" BRANCH="konflux/deploy-tag-${DEPLOY_COMPONENT}-${SHORT_SHA}" + FLEET_APPS_REPO="https://gitlab.cee.redhat.com/hybrid-platforms-gitops/tenant-apps/fleet-apps.git" - git clone --depth 1 --branch main "https://github.com/openshift-online/hp-fleet-gitops" /tmp/repo + git clone --depth 1 --branch main "${FLEET_APPS_REPO}" /tmp/repo cd /tmp/repo FILE="apps/kartograph/overlays/stage/kustomization.yaml" @@ -700,70 +701,13 @@ spec: git checkout -b "$BRANCH" git commit -m "chore(deploy): update ${DEPLOY_COMPONENT} stage image tag to ${SHORT_SHA}" - git push origin "$BRANCH" + git push -u origin "$BRANCH" \ + -o merge_request.create \ + -o merge_request.target=main \ + -o "merge_request.title=chore(deploy): update ${DEPLOY_COMPONENT} stage image tag to ${SHORT_SHA}" \ + -o "merge_request.description=Auto-generated by Konflux push pipeline. Updates newTag for ${IMAGE_SELECTOR} to ${COMMIT_SHA}." + echo "Merge request created for branch ${BRANCH}" - mkdir -p /tekton/run - printf '%s\n' "$BRANCH" > /tekton/run/deploy-branch - printf '%s\n' "$COMMIT_SHA" > /tekton/run/commit-sha - printf '%s\n' "$DEPLOY_COMPONENT" > /tekton/run/deploy-component - printf '%s\n' "$SHORT_SHA" > /tekton/run/short-sha - - name: create-pull-request - image: docker.io/curlimages/curl:8.12.1@sha256:94e9e444bcba979c2ea12e27ae39bee4cd10bc7041a472c4727a558e213744e6 - env: - - name: WORKSPACE_NETRC_PATH - value: /workspace/netrc - script: | - #!/bin/sh - set -eu - - if [ ! -f /tekton/run/deploy-branch ]; then - echo "No deploy branch metadata, skipping PR creation" - exit 0 - fi - - BRANCH=$(cat /tekton/run/deploy-branch) - COMMIT_SHA=$(cat /tekton/run/commit-sha) - DEPLOY_COMPONENT=$(cat /tekton/run/deploy-component) - SHORT_SHA=$(cat /tekton/run/short-sha) - REPO="openshift-online/hp-fleet-gitops" - - export HOME=/tekton/home - mkdir -p "$HOME" - if [ ! -f "${WORKSPACE_NETRC_PATH}/.netrc" ]; then - echo "WARNING: netrc not available, PR must be created manually" - echo "Branch pushed: $BRANCH" - exit 0 - fi - cp "${WORKSPACE_NETRC_PATH}/.netrc" "$HOME/.netrc" - chmod 600 "$HOME/.netrc" - - PAYLOAD=$(mktemp) - chmod 600 "$PAYLOAD" - printf '{"title":"chore(deploy): update %s stage image tag to %s","head":"%s","base":"main","body":"Auto-generated by Konflux push pipeline.\n\nUpdates `newTag` in stage kustomization to `%s`."}' \ - "$DEPLOY_COMPONENT" "$SHORT_SHA" "$BRANCH" "$COMMIT_SHA" > "$PAYLOAD" - - PR_RESPONSE=$(curl -sS --netrc \ - -H "Content-Type: application/json" \ - -d @"$PAYLOAD" \ - "https://api.github.com/repos/${REPO}/pulls") || true - rm -f "$PAYLOAD" - - PR_URL=$(echo "$PR_RESPONSE" | grep -o '"html_url":"[^"]*"' | head -1 | cut -d'"' -f4) - echo "PR created: ${PR_URL:-none}" - - PR_NODE_ID=$(echo "$PR_RESPONSE" | grep -o '"node_id":"[^"]*"' | head -1 | cut -d'"' -f4) - if [ -n "$PR_NODE_ID" ]; then - GRAPHQL_PAYLOAD=$(mktemp) - chmod 600 "$GRAPHQL_PAYLOAD" - printf '{"query":"mutation { enablePullRequestAutoMerge(input: { pullRequestId: \\"%s\\", mergeMethod: SQUASH }) { pullRequest { autoMergeRequest { enabledAt } } } }"}' \ - "$PR_NODE_ID" > "$GRAPHQL_PAYLOAD" - curl -sS --netrc \ - -H "Content-Type: application/json" \ - -d @"$GRAPHQL_PAYLOAD" \ - "https://api.github.com/graphql" > /dev/null 2>&1 || true - rm -f "$GRAPHQL_PAYLOAD" - echo "Auto-merge enabled" - fi workspaces: - name: git-auth optional: true @@ -775,7 +719,7 @@ spec: - name: git-auth secret: secretName: "{{ git_auth_secret }}" - - name: hp-fleet-gitops-auth + - name: fleet-apps-auth secret: - secretName: kartograph-hp-fleet-gitops-auth + secretName: kartograph-fleet-apps-auth status: {}