Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • stackspin/nextcloud
1 result
Show changes
Commits on Source (5)
...@@ -3,11 +3,82 @@ include: ...@@ -3,11 +3,82 @@ include:
- remote: https://open.greenhost.net/stackspin/stackspin/-/raw/main/.gitlab/ci_templates/dummy_job.yml - remote: https://open.greenhost.net/stackspin/stackspin/-/raw/main/.gitlab/ci_templates/dummy_job.yml
- template: 'Workflows/MergeRequest-Pipelines.gitlab-ci.yml' - template: 'Workflows/MergeRequest-Pipelines.gitlab-ci.yml'
.use-kubernetes:
image:
name: alpine/k8s:1.22.6
entrypoint: ["/bin/sh", "-c"]
before_script:
- kubectl config get-contexts
- kubectl config use-context stackspin/kubernetes-agent-setup:stackspin-k8s-agent
.chart-changes-rules:
rules:
- changes:
- templates/**/*.yaml
- taiko-tests/**/*.js
- values-local.yaml.example
- values.yaml
- Chart.yaml
stages: stages:
- lint-helm-chart - lint-helm-chart
- install-helm-chart
- test-helm-chart
- package-helm-chart - package-helm-chart
- release-helm-chart - release-helm-chart
- dummy - dummy
variables: variables:
CHART_NAME: nextcloud-onlyoffice CHART_NAME: nextcloud-onlyoffice
RELEASE_NAME: "nc$CI_MERGE_REQUEST_IID"
delete-helmrelease:
stage: install-helm-chart
script:
- cd ${CHART_DIR:-"."}
- ./fully-delete-helmrelease.sh "$RELEASE_NAME"
environment:
name: helmrelease/$RELEASE_NAME
action: stop
extends:
- .use-kubernetes
- .chart-changes-rules
# This job will fail if a helmrelease didn't exist (yet). For example in a
# first pipeline for an MR.
allow_failure: true
install-helmrelease:
stage: install-helm-chart
needs:
# This job contains the `helm dep` artifacts
- job: lint-helm
# We can't install if there's still an installation from a previous run
# present.
- job: delete-helmrelease
script:
- cd ${CHART_DIR:-"."}
- cp values-local.yaml.example values-ci.yaml
# This sets the domains to files-MR_ID.gitlab.stackspin.net and
# office-MR_ID.gitlab.stackspin.net
- sed -i "s/\.your\.domain/-$RELEASE_NAME.gitlab.stackspin.net/" values-ci.yaml
# Make sure TLS certificate secrets for different MRs do not clash
- sed -i "s/files-cert/files-cert-$RELEASE_NAME/" values-ci.yaml
- sed -i "s/office-cert/office-cert-$RELEASE_NAME/" values-ci.yaml
- helm install --wait "$RELEASE_NAME" . -f values-ci.yaml
environment:
name: helmrelease/$RELEASE_NAME
url: https://files-$RELEASE_NAME.gitlab.stackspin.net
auto_stop_in: 1 week
on_stop: delete-helmrelease
extends:
- .use-kubernetes
- .chart-changes-rules
test-helm-chart:
stage: test-helm-chart
script:
- cd ${CHART_DIR:-"."}
- helm test --logs "$RELEASE_NAME"
extends:
- .use-kubernetes
- .chart-changes-rules
...@@ -21,3 +21,7 @@ ...@@ -21,3 +21,7 @@
*.tmproj *.tmproj
.vscode/ .vscode/
README.md README.md
Screenshot*
CHANGELOG.md
LICENSE
renovate.json
...@@ -3,7 +3,7 @@ apiVersion: v2 ...@@ -3,7 +3,7 @@ apiVersion: v2
description: | description: |
A helm chart for installing NextCloud and setting up ONLYOFFICE integration A helm chart for installing NextCloud and setting up ONLYOFFICE integration
name: nextcloud-onlyoffice name: nextcloud-onlyoffice
version: 0.7.39 version: 0.7.40
appVersion: NC-23.0.3-OO-7.0.1.37 appVersion: NC-23.0.3-OO-7.0.1.37
icon: https://cdn.rawgit.com/docker-library/docs/defa5ffc7123177acd60ddef6e16bddf694cc35f/nextcloud/logo.svg icon: https://cdn.rawgit.com/docker-library/docs/defa5ffc7123177acd60ddef6e16bddf694cc35f/nextcloud/logo.svg
dependencies: dependencies:
......
...@@ -109,4 +109,24 @@ persistent disk (default: 2 GB) if you need more. ...@@ -109,4 +109,24 @@ persistent disk (default: 2 GB) if you need more.
| `onlyoffice.affinity` | Affinity settings | `{}` | | `onlyoffice.affinity` | Affinity settings | `{}` |
| `onlyoffice.tolerations` | List of node taints to tolerate | `[]` | | `onlyoffice.tolerations` | List of node taints to tolerate | `[]` |
## Running tests
This chart comes with [Taiko tests](https://gauge.org/gauge-taiko/) that you can
run by running `helm test <release name>`. Add the `--logs` parameter if you
want to immediately see the console output from the Taiko test.
### Running the tests locally
If the tests fail, you'll want to observe the steps Taiko executes in the
browser. To do so, install Taiko with `npm`. Then you can run the following:
```
# Set environment variables to use with Taiko. Read the script to see the
# possible values and adjust them if necessary.
source get-taiko-vars.sh <release_name>
# Start Taiko and observe its steps in a browser
taiko --observe taiko-tests/test.js
```
[^1]: If you want to test a version that is not on the `main` branch yet, use `https://open.greenhost.net/api/v4/projects/1/packages/helm/unstable` [^1]: If you want to test a version that is not on the `main` branch yet, use `https://open.greenhost.net/api/v4/projects/1/packages/helm/unstable`
#! /usr/bin/env bash
if [ -z "$1" ]; then
echo "Usage: ./fully-delete-chart RELEASE_NAME"
exit 1
else
release="$1"
fi
kubectl delete pod "$release-onlyoffice-documentserver-taiko-test"
kubectl delete job "$release-setup-apps"
# This command can fail, but that is not a problem
kubectl delete pvc \
"$release-nextcloud-nextcloud" \
"data-$release-rabbitmq-0" \
"redis-data-$release-redis-master-0" \
"redis-data-$release-redis-slave-0" \
"redis-data-$release-redis-slave-1" \
"data-$release-mariadb-0"
helm delete --wait "$release"
output=$(kubectl get pod -l "app.kubernetes.io/instance=$release")
until [ "$output" == "" ]
do
echo "waiting for pods to be deleted, pods still running:"
echo "$output"
sleep 5
output=$(kubectl get pod -l "app.kubernetes.io/instance=$release")
done
if [ -z "$1" ]; then
echo "Usage: source get-taiko-vars.sh RELEASE_NAME"
return 1
else
release="$1"
fi
tempfile=$(mktemp)
helm get values "$release" -o json > "$tempfile"
# Set this to true and add SSO details
# if you want to use OIDC-based login in your tests
export USE_SSO_LOGIN=false
export SSO_USERNAME=admin@example.com
export SSO_USER_PW=""
# Nextcloud admin username
export NEXTCLOUD_ADMIN_USERNAME=admin
# Nextcloud admin password imported from the helm values.
NEXTCLOUD_ADMIN_PASSWORD=$(jq -r '.nextcloud.nextcloud.password' < "$tempfile")
export NEXTCLOUD_ADMIN_PASSWORD
NEXTCLOUD_URL=$(jq -r '.nextcloud.nextcloud.host' < "$tempfile")
export NEXTCLOUD_URL
ONLYOFFICE_URL=$(jq -r '.onlyoffice.server_name' < "$tempfile")
export ONLYOFFICE_URL
# Comma-separated list of applications to test. Check if taiko-tests/test.js
# supports testing your application if you want to add apps here.
export INSTALLED_APPS=""
rm "$tempfile"
echo "Imported values from Helm."
const { openBrowser, goto, textBox, into, write, click, toRightOf, below, link, press, image, waitFor, closeBrowser, screenshot } = require('taiko');
const assert = require('assert');
const globalTimeout = 60000
const sso_username = process.env.SSO_USERNAME
const sso_user_pw = process.env.SSO_USER_PW
const installed_apps = process.env.INSTALLED_APPS.split(",")
const nextcloudAdminUsername = process.env.NEXTCLOUD_ADMIN_USERNAME
const nextcloudAdminPassword = process.env.NEXTCLOUD_ADMIN_PASSWORD
const nextcloudUrl = process.env.NEXTCLOUD_URL
const onlyofficeUrl = process.env.ONLYOFFICE_URL
setConfig( {
observeTime: 0,
// Navigation timeout value in milliseconds for navigation after performing openTab, goto, reload, goBack, goForward, click, write, clear, press and evaluate.
navigationTimeout: globalTimeout,
highlightOnAction: 'true'
});
// Unfortunately, the tests are not 100% reliable. For that reason we
// run them 4 times, and assume everything is OK if the tests succeed once
(async () => {
process.exitCode = 1;
for (let i=0; i<4; i++) {
console.log("Running test " + i)
ret = await run_all_tests()
console.log("Ran test " + i + ", ret " + ret)
// If tests succeed, set exit code to 0 and exit loop
if (ret) {
console.log("exiting");
process.exitCode = 0;
break;
}
}
})()
async function sso_login_if_needed (button_text) {
try {
await console.log('Logging in with SSO...')
await text(button_text).exists()
await click(button_text)
await write(sso_username, into(textBox('E-mail address')))
await write(sso_user_pw, into(textBox('Password')))
await click('Go!')
} catch (error) {
await console.error(error)
console.log('Looks like we do not need to login, continuing')
}
}
// Logs the user in with Nextcloud login interface, uses above consts
async function login_if_needed() {
try {
await console.log('Logging in without SSO...')
await write(nextcloudAdminUsername, into(textBox('Username or email')))
await write(nextcloudAdminPassword, into(textBox('Password')))
await click('Log in')
} catch (error) {
await console.error(error)
console.log('Looks like we do not need to login, continuing')
}
}
async function run_all_tests()
{
var returnValue = true;
try {
console.log("Starting tests")
await openBrowser({
// Optimize chrome instances for docker an parallel runs, see:
// https://docs.taiko.dev/taiko_in_docker/
// https://docs.taiko.dev/frequently_asked_questions/#how-can-i-optimize-chrome-instances-for-parallel-runs%3F
args: [
"--disable-gpu",
"--disable-dev-shm-usage",
"--disable-setuid-sandbox",
"--no-first-run",
"--no-sandbox",
"--no-zygote",
"--start-maximized"
]
});
console.log('• Onlyoffice')
await goto(onlyofficeUrl + '/welcome')
await waitFor(async () => (await text("Thank you for choosing ONLYOFFICE!").exists()))
await waitFor(async () => (await text("Document Server is running").exists()))
await goto(onlyofficeUrl + '/healthcheck')
await waitFor(async () => (await text("true").exists()))
console.log('• Nextcloud')
await goto(nextcloudUrl)
if (process.env.USE_SSO_LOGIN == "true") {
await sso_login_if_needed('Log in with Stackspin')
} else {
await login_if_needed()
}
await waitFor(async () => (await text("Recommended files").exists()), globalTimeout)
// Close potential nextcloud first run wizard modal
// https://github.com/nextcloud/firstrunwizard/issues/488
// Unfortunately, we need to sleep a while since I haven't found a
// good way that closes the modal *if* it pops up, since these
// tests should also work on subsequent logins.
await waitFor(5000)
await press('Escape')
// Test password app
if (installed_apps.indexOf("passwords") != -1) {
console.log('• Passwords application')
await click($('li[data-id=passwords]'))
await waitFor(async () => (await $("div.item-list").isVisible()), globalTimeout)
}
// Test if calendar app is enabled
if (installed_apps.indexOf("calendar") != -1) {
console.log('• Calendar application')
await click($('li[data-id=calendar]'))
await waitFor(async () => (await $("table.fc-scrollgrid").isVisible()), globalTimeout)
}
console.log('• Nextcloud Onlyoffice integration')
// Open document and type some text
await click($('li[data-id=files]'))
// Force page reload because of random empty pages for files app
// https://open.greenhost.net/stackspin/nextcloud/-/issues/973
await reload()
await waitFor(async () => (await link({class:'new'}).isVisible()), globalTimeout)
await click(link({class:'new'}))
await click('New document')
// Create random file name because NC20 will complain if file already
// exists
var file_rand = 'test-' + Math.random().toString(16).substr(2, 12)
await press([...file_rand])
await click($(".filenameform>.icon-confirm"), {waitForEvents:['targetNavigated']})
console.log("New tab opened")
loader1Selector = '.loader-page'
loader2Selector = '#asc-loadmark'
waitFor(1000)
console.log("Waiting for loader 1 to disappear")
await waitFor(async () => ! (await $(loader1Selector).exists()), globalTimeout)
console.log("Waiting for loader 2 to disappear")
await waitFor(async () => ! (await $(loader2Selector).exists()), globalTimeout)
console.log("Done loading, testing ONLYOFFICE")
let italicButtonId = '#id-toolbar-btn-italic'
await waitFor(async () => (await $(italicButtonId).isVisible()), globalTimeout)
// Activate italic button
let buttonStateBefore = await evaluate($(italicButtonId), (elem) => {return elem.getAttribute('class')})
await assert.ok(!buttonStateBefore.includes('active'))
// Search for the italic button
await waitFor(async () => (await $('#id_target_cursor').isVisible()), globalTimeout)
await click($(italicButtonId))
let buttonStateAfter = await evaluate($(italicButtonId), (elem) => {return elem.getAttribute('class')})
await assert.ok(buttonStateAfter.includes('active'))
await press([...'Hi from taiko!', 'Enter'])
// Deactivate italic finially
await click($(italicButtonId))
await closeTab()
} catch (error) {
await console.error(error)
console.log('Got an error here')
await screenshot()
returnValue = false;
} finally {
await closeBrowser()
console.log("Browser closed, returning " + returnValue)
return returnValue
}
}
...@@ -19,7 +19,7 @@ To learn more, try: ...@@ -19,7 +19,7 @@ To learn more, try:
{{ if .Values.nextcloud.ingress.enabled }} {{ if .Values.nextcloud.ingress.enabled }}
echo https://{{ .Values.nextcloud.nextcloud.host }}{{ if .Values.nextcloud.nextcloudPort }}:{{ .Values.nextcloud.nextcloudPort }}{{ end }}/ echo https://{{ .Values.nextcloud.nextcloud.host }}{{ if .Values.nextcloud.nextcloudPort }}:{{ .Values.nextcloud.nextcloudPort }}{{ end }}/
{{- else if eq .Values.nextcloud.service.type "ClusterIP" }} {{- else if eq .Values.nextcloud.service.type "ClusterIP" }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ $nextcloudname }}" -o jsonpath="{.items[0].metadata.name}") export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ include "nextcloudname" . }}" -o jsonpath="{.items[0].metadata.name}")
echo http://127.0.0.1:8080/ echo http://127.0.0.1:8080/
kubectl port-forward $POD_NAME 8080:8080 kubectl port-forward $POD_NAME 8080:8080
{{- end }} {{- end }}
...@@ -27,14 +27,13 @@ To learn more, try: ...@@ -27,14 +27,13 @@ To learn more, try:
2. Get your nextcloud login credentials by running: 2. Get your nextcloud login credentials by running:
echo User: {{ .Values.nextcloud.nextcloud.username }} echo User: {{ .Values.nextcloud.nextcloud.username }}
echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ $nextcloudname }} -o jsonpath="{.data.nextcloud-password}" | base64 --decode) echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "nextcloudname" . }} -o jsonpath="{.data.nextcloud-password}" | base64 --decode)
3. Get the ONLYOFFICE URL by running these commands: 3. Get the ONLYOFFICE URL by running these commands:
{{- if .Values.onlyoffice.ingress.enabled }} {{- if .Values.onlyoffice.ingress.enabled }}
{{- range $host := .Values.onlyoffice.ingress.hosts }} {{- range $host := .Values.onlyoffice.ingress.hosts }}
{{- range $.Values.onlyoffice.ingress.paths }} echo http{{ if $.Values.onlyoffice.ingress.tls }}s{{ end }}://{{ $host }}
http{{ if $.Values.onlyoffice.ingress.tls }}s{{ end }}://{{ $host }}{{ . }}
{{- end }}
{{- end }} {{- end }}
{{- else if contains "NodePort" .Values.onlyoffice.service.type }} {{- else if contains "NodePort" .Values.onlyoffice.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "onlyoffice-documentserver.fullname" . }}) export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "onlyoffice-documentserver.fullname" . }})
......
...@@ -6,6 +6,10 @@ Expand the name of the chart. ...@@ -6,6 +6,10 @@ Expand the name of the chart.
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}} {{- end -}}
{{- define "nextcloudname" -}}
{{- printf "%s-%s" .Release.Name "nextcloud" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/* {{/*
Create a default fully qualified app name. Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
......
{{- if .Values.onlyoffice.ingress.enabled -}} {{- if .Values.onlyoffice.ingress.enabled -}}
{{- $fullName := include "onlyoffice-documentserver.fullname" . -}} {{- $fullName := include "onlyoffice-documentserver.fullname" . -}}
{{- $ingressPaths := .Values.onlyoffice.ingress.paths -}}
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
metadata: metadata:
......
apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ .Release.Name }}-taiko-test-js"
labels:
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
data:
test.js: |-
{{ .Files.Get "taiko-tests/test.js" | nindent 4 }}
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "onlyoffice-documentserver.fullname" . }}-taiko-test"
labels:
app.kubernetes.io/name: {{ include "onlyoffice-documentserver.name" . }}
helm.sh/chart: {{ include "onlyoffice-documentserver.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: "{{ include "onlyoffice-documentserver.fullname" . }}-taiko-test"
image: {{ .Values.tests.image.repository }}:{{ .Values.tests.image.tag }}
imagePullPolicy: {{ .Values.tests.image.pullPolicy }}
command:
- "taiko"
- "/var/local/test.js"
# Wait 60 secs for the application to be somewhat ready to receive tests
# This is especially important if you want to run `helm test`
# immediately after installing, like Flux does.
- "--wait-time"
- "60000"
env:
- name: NEXTCLOUD_URL
value: {{ .Values.nextcloud.nextcloud.host }}
{{- if .Values.tests.ssoLogin.enabled }}
- name: USE_SSO_LOGIN
value: "true"
- name: SSO_USERNAME
value: {{ .Values.tests.ssoLogin.username }}
- name: SSO_USER_PW
valueFrom:
secretKeyRef:
name: {{ .Values.tests.ssoLogin.passwordSecret.name }}
key: {{ .Values.tests.ssoLogin.passwordSecret.key }}
namespace: {{ .Values.tests.ssoLogin.passwordSecret.namespace }}
{{- else }}
- name: NEXTCLOUD_ADMIN_USERNAME
value: admin
- name: NEXTCLOUD_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.nextcloud.nextcloud.existingSecret.secretName | default (include "nextcloudname" .) }}
key: {{ .Values.nextcloud.nextcloud.existingSecret.passwordKey | default "nextcloud-password" }}
{{- end }}
- name: ONLYOFFICE_URL
value: {{ .Values.onlyoffice.server_name }}
- name: INSTALLED_APPS
value: "{{ range .Values.apps }}{{ .name }},{{ end }}"
volumeMounts:
- name: taiko-test-js
mountPath: /var/local
volumes:
- name: taiko-test-js
configMap:
name: {{ .Release.Name }}-taiko-test-js
restartPolicy: Never
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "onlyoffice-documentserver.fullname" . }}-test-connection"
labels:
app.kubernetes.io/name: {{ include "onlyoffice-documentserver.name" . }}
helm.sh/chart: {{ include "onlyoffice-documentserver.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "onlyoffice-documentserver.fullname" . }}:{{ .Values.onlyoffice.service.port }}']
restartPolicy: Never
nextcloud: nextcloud:
nextcloud: nextcloud:
host: "files.your.domain" host: "files.your.domain"
password: Set a password here password: CHANGE_ME
ingress: ingress:
enabled: true enabled: true
annotations: annotations:
# Tell traefik to automatically get a TLS certificate # Tell cert-manager to automatically get a TLS certificate
kubernetes.io/tls-acme: "true" kubernetes.io/tls-acme: "true"
hosts: hosts:
- "files.your.domain" - "files.your.domain"
# This information is important for cert-manager, if you use it.
tls:
- hosts:
- "files.your.domain"
secretName: files-cert
# Enable and configure MariaDB chart # Configure MariaDB chart
mariadb: mariadb:
auth: auth:
password: Set a mysql password password: CHANGE_ME
rootPassword: Set a mysql root user password rootPassword: CHANGE_ME
architecture: standalone architecture: standalone
primary: # Enable persistence
persistence: # primary:
## Enable mariadb persistence using Persistent Volume Claims. # persistence:
enabled: true # ## Enable mariadb persistence using Persistent Volume Claims.
size: 512Mi # enabled: true
# size: 512Mi
# Creates a kubernetes cronJob object that runs nextcloud's cron.php
# every 5 minutes (*/5 * * * *)
# cronjob:
# enabled: true
# persistence:
# enabled: true
# size: 2Gi
onlyoffice: onlyoffice:
server_name: "office.your.domain" server_name: "office.your.domain"
jwtSecret: Set any random secret for JWT here jwtSecret: CHANGE_ME
ingress: ingress:
enabled: true enabled: true
hosts: hosts:
- "office.your.domain" - "office.your.domain"
tls:
- hosts:
- "office.your.domain"
secretName: office-cert
database: database:
password: Set a database password for onlyoffice password: CHANGE_ME
rabbitmq: rabbitmq:
auth: auth:
password: Set a password for rabbitmq here password: CHANGE_ME
# apps controls which apps will be installed and enabled in nextcloud # apps controls which apps will be installed and enabled in nextcloud
apps: # apps:
- name: sociallogin # - name: sociallogin
# apps[0].enabled needs to be set to true if you want to enable login via an external # # apps[0].enabled needs to be set to true if you want to enable login via an external
# oauth server. In that case you need to configure all the values in `sociallogin` # # oauth server. In that case you need to configure all the values in `sociallogin`
enabled: false # enabled: false
- name: onlyoffice # - name: onlyoffice
enabled: true # enabled: true
# sociallogin enables login via oAuth/Open-ID Connect # sociallogin enables login via oAuth/Open-ID Connect
sociallogin: # sociallogin:
# Because of how we import these settings, single quotes (') are not allowed # # Because of how we import these settings, single quotes (') are not allowed
# in any of the values below # # in any of the values below
custom_oidc: # custom_oidc:
name: stackspin # name: stackspin
title: Stackspin # title: Stackspin
# The oAuth server needs to provide the endpoints `/userinfo`, # # The oAuth server needs to provide the endpoints `/userinfo`,
# `/oauth2/token` and `/oauth2/auth` and according to the oauth2 standard it # # `/oauth2/token` and `/oauth2/auth` and according to the oauth2 standard it
# needs to be accessible via https with valid certificates # # needs to be accessible via https with valid certificates
authorizeUrl: https://sso.stackspin.example.net/oauth2/auth # authorizeUrl: https://sso.stackspin.example.net/oauth2/auth
tokenUrl: https://sso.stackspin.example.net/oauth2/token # tokenUrl: https://sso.stackspin.example.net/oauth2/token
userInfoUrl: https://sso.stackspin.example.net/userinfo # userInfoUrl: https://sso.stackspin.example.net/userinfo
logoutUrl: "" # logoutUrl: ""
# The client name nextcloud will use to communicate with the oAuth server # # The client name nextcloud will use to communicate with the oAuth server
clientId: nextcloud # clientId: nextcloud
# The password that nextcloud uses when communicating with the oauth server # # The password that nextcloud uses when communicating with the oauth server
# clientSecret: YouReallyNeedToChangeThis # # clientSecret: YouReallyNeedToChangeThis
scope: "openid profile email stackspin_roles" # scope: "openid profile email stackspin_roles"
# The name of a claim that the nextcloud server can retrieve by querying the # # The name of a claim that the nextcloud server can retrieve by querying the
# userInfoUrl of the openID Connect server. For every value in the # # userInfoUrl of the openID Connect server. For every value in the
# groups_claim a corresponding group with an `stackspin_` prefix will be created # # groups_claim a corresponding group with an `stackspin_` prefix will be created
# if they don't exist yet. The user will then be added to those groups. If # # if they don't exist yet. The user will then be added to those groups. If
# the claim contains the value `admin` the user will be granted admin # # the claim contains the value `admin` the user will be granted admin
# privileges. # # privileges.
groupsClaim: "stackspin_roles" # groupsClaim: "stackspin_roles"
style: "" # style: ""
defaultGroup: "" # defaultGroup: ""
groupMapping: # groupMapping:
admin: admin # admin: admin
--- ---
nextcloud: nextcloud:
debug: false debug: false
...@@ -19,10 +20,9 @@ nextcloud: ...@@ -19,10 +20,9 @@ nextcloud:
enabled: true enabled: true
size: 2Gi size: 2Gi
# Creates a kubernetes cronJob object that runs nextcloud's cron.php startupProbe:
# every 15 minutes (*/15 * * * *)
cronjob:
enabled: true enabled: true
failureThreshold: 60
apps: apps:
# OIDC consumer # OIDC consumer
...@@ -201,3 +201,19 @@ sociallogin: ...@@ -201,3 +201,19 @@ sociallogin:
defaultGroup: "" defaultGroup: ""
groupMapping: groupMapping:
admin: admin admin: admin
tests:
image:
# TODO: Make a properly tagged Taiko-only image to use here
repository: open.greenhost.net:4567/stackspin/stackspin/stackspin-ci
tag: main
pullPolicy: IfNotPresent
ssoLogin:
# Set this to "true" to use the OIDC plugin to log in in the tests
# Otherwise, username "admin" and nextcloud.nextcloud.password are used
enabled: false
username: admin
passwordSecret:
name: stackspin-single-sign-on-variables
key: userbackend_admin_password
namespace: flux-system