@vfarcic/dot-ai 0.102.0 → 0.104.0

package/scripts/backstage.nu

@@ -0,0 +1,349 @@
+#!/usr/bin/env nu
+
+# Configures a Backstage instance with Crossplane integration
+def --env "main configure backstage" [] {
+
+    rm --force --recursive backstage
+    
+    print $"
+When asked for a name for the Backstage app make sure to keep the default value (ansi yellow_bold)backstage(ansi reset)
+Press the (ansi yellow_bold)enter key(ansi reset) to continue.
+"
+    input
+
+    npx @backstage/create-app@latest
+
+    cd backstage
+
+    for package in [
+        "@terasky/backstage-plugin-crossplane-common@1.1.0",
+        "@terasky/backstage-plugin-crossplane-permissions-backend@1.1.1",
+        "@terasky/backstage-plugin-kubernetes-ingestor@1.5.0",
+        "@terasky/backstage-plugin-scaffolder-backend-module-terasky-utils@1.1.0"
+    ] {
+        yarn --cwd packages/backend add $package
+    }
+
+    for package in [
+        "@terasky/backstage-plugin-crossplane-resources-frontend@1.4.0"
+    ] {
+        yarn --cwd packages/app add $package
+    }
+
+    open app-config.yaml
+        | upsert backend.csp.upgrade-insecure-requests false
+        | upsert crossplane.enablePermissions false
+        | upsert kubernetesIngestor.components.enabled true
+        | upsert kubernetesIngestor.components.taskRunner.frequency 10
+        | upsert kubernetesIngestor.components.taskRunner.timeout 600
+        | upsert kubernetesIngestor.components.excludedNamespaces []
+        | upsert kubernetesIngestor.components.excludedNamespaces.0 "kube-public"
+        | upsert kubernetesIngestor.components.excludedNamespaces.1 "kube-system"
+        | upsert kubernetesIngestor.components.customWorkloadTypes []
+        | upsert kubernetesIngestor.components.customWorkloadTypes.0 { group: "core.oam.dev", apiVersion: "v1beta1", plural: "applications" }
+        | upsert kubernetesIngestor.components.disableDefaultWorkloadTypes "${DISABLE_DEFAULT_WORKLOAD_TYPES-false}"
+        | upsert kubernetesIngestor.components.onlyIngestAnnotatedResources false
+        | upsert kubernetesIngestor.crossplane.claims.ingestAllClaims true
+        | upsert kubernetesIngestor.crossplane.xrds.publishPhase.allowedTargets ["github.com"]
+        | upsert kubernetesIngestor.crossplane.xrds.publishPhase.target "github.com"
+        | upsert kubernetesIngestor.crossplane.xrds.publishPhase.target "github.com"
+        | upsert kubernetesIngestor.crossplane.xrds.publishPhase.allowRepoSelection true
+        | upsert kubernetesIngestor.crossplane.xrds.enabled true
+        | upsert kubernetesIngestor.crossplane.xrds.taskRunner.frequency 10
+        | upsert kubernetesIngestor.crossplane.xrds.taskRunner.timeout 600
+        | upsert kubernetesIngestor.crossplane.xrds.ingestAllXRDs true
+        | upsert kubernetesIngestor.crossplane.xrds.convertDefaultValuesToPlaceholders true
+        | upsert kubernetes {}
+        | upsert kubernetes.frontend.podDelete.enabled true
+        | upsert kubernetes.serviceLocatorMethod.type "multiTenant"
+        | upsert kubernetes.clusterLocatorMethods [{}]
+        | upsert kubernetes.clusterLocatorMethods.0.type "config"
+        | upsert kubernetes.clusterLocatorMethods.0.clusters [{}]
+        | upsert kubernetes.clusterLocatorMethods.0.clusters.0.url "${KUBE_URL}"
+        | upsert kubernetes.clusterLocatorMethods.0.clusters.0.name "kind"
+        | upsert kubernetes.clusterLocatorMethods.0.clusters.0.authProvider "serviceAccount"
+        | upsert kubernetes.clusterLocatorMethods.0.clusters.0.skipTLSVerify true
+        | upsert kubernetes.clusterLocatorMethods.0.clusters.0.skipMetricsLookup true
+        | upsert kubernetes.clusterLocatorMethods.0.clusters.0.serviceAccountToken "${KUBE_SA_TOKEN}"
+        | upsert kubernetes.clusterLocatorMethods.0.clusters.0.caData "${KUBE_CA_DATA}"
+        | save app-config.yaml --force
+
+    {
+        app: {
+            baseUrl: "${BACKSTAGE_HOST}"
+        }
+        backend: {
+            baseUrl: "${BACKSTAGE_HOST}"
+            database: {
+                client: "pg"
+                connection: {
+                    host: "${DB_HOST}"
+                    port: 5432
+                    user: "${user}"
+                    password: "${password}"
+                }
+            }
+        }
+    } | to yaml | save app-config.production.yaml --force
+
+    open packages/app/src/components/catalog/EntityPage.tsx
+        | (
+            str replace
+            `} from '@backstage/plugin-kubernetes';`
+            `} from '@backstage/plugin-kubernetes';
+
+import { CrossplaneAllResourcesTable, CrossplaneResourceGraph, isCrossplaneAvailable } from '@terasky/backstage-plugin-crossplane-resources-frontend';`
+        ) | (
+            str replace
+            `const serviceEntityPage = (
+  <EntityLayout>
+    <EntityLayout.Route path="/" title="Overview">
+      {overviewContent}
+    </EntityLayout.Route>`
+            `const serviceEntityPage = (
+  <EntityLayout>
+    <EntityLayout.Route path="/" title="Overview">
+      {overviewContent}
+    </EntityLayout.Route>
+
+    <EntityLayout.Route if={isCrossplaneAvailable} path="/crossplane-resources" title="Crossplane Resources">
+      <CrossplaneAllResourcesTable />
+    </EntityLayout.Route>
+    <EntityLayout.Route if={isCrossplaneAvailable} path="/crossplane-graph" title="Crossplane Graph">
+      <CrossplaneResourceGraph />
+    </EntityLayout.Route>`
+        ) | (
+            str replace
+            `const componentPage = (
+  <EntitySwitch>`
+            `const componentPage = (
+  <EntitySwitch>
+    <EntitySwitch.Case if={isComponentType('crossplane-claim')}>
+      {serviceEntityPage}
+    </EntitySwitch.Case>`
+        ) | save packages/app/src/components/catalog/EntityPage.tsx --force
+
+    open packages/backend/src/index.ts
+        | (
+            str replace
+            `backend.start();`
+            `backend.add(import('@terasky/backstage-plugin-crossplane-permissions-backend'));
+backend.add(import('@terasky/backstage-plugin-kubernetes-ingestor'));
+backend.add(import('@terasky/backstage-plugin-scaffolder-backend-module-terasky-utils'));
+
+backend.start();`
+        ) | save packages/backend/src/index.ts --force
+
+    cd ..
+
+    get cluster data --create_service_account true
+
+    $"export NODE_OPTIONS=--no-node-snapshot\n" | save --append .env
+
+}
+
+# Builds and publishes a Backstage Docker image and Helm chart
+def --env "main build backstage" [
+    tag: string
+    --image = "ghcr.io/vfarcic/idp-full-backstage"
+    --github_org = "vfarcic"
+] {
+
+    docker login $image
+
+    cd backstage
+
+    yarn install --immutable
+
+    yarn tsc
+
+    yarn build:backend
+
+    (
+        docker buildx build
+            --file packages/backend/Dockerfile
+            --tag $"($image):($tag)"
+            --platform linux/amd64
+            .
+    )
+
+    docker image push $"($image):($tag)"
+
+    cd ..
+
+    open charts/backstage/Chart.yaml
+        | upsert version $tag
+        | upsert appVersion $tag
+        | save charts/backstage/Chart.yaml --force
+
+    open charts/backstage/values.yaml
+        | upsert image.repository $image
+        | upsert image.tag $tag
+        | save charts/backstage/values.yaml --force
+
+    helm package charts/backstage
+
+    helm push $"backstage-($tag).tgz" $"oci://ghcr.io/($image)"
+
+    start $"https://github.com/users/($github_org)/packages/container/package/idp-full-backstage"
+
+    print $"
+Click (ansi yellow_bold)Package settings(ansi reset).
+Click the (ansi yellow_bold)Change visibility(ansi reset) button, select (ansi yellow_bold)Public(ansi reset), type (ansi yellow_bold)idp-full-backstage(ansi reset) to confirm, and click the (ansi yellow_bold)I understand the consequences, change package visibility(ansi reset) button.
+Press the (ansi yellow_bold)enter key(ansi reset) to continue.
+"
+    input
+
+    start $"https://github.com/users/($github_org)/packages/container/package/idp-full-backstage%2Fbackstage"
+
+    print $"
+Click (ansi yellow_bold)Package settings(ansi reset).
+Click the (ansi yellow_bold)Change visibility(ansi reset) button, select (ansi yellow_bold)Public(ansi reset), type (ansi yellow_bold)idp-full-backstage/backstage(ansi reset) to confirm, and click the (ansi yellow_bold)I understand the consequences, change package visibility(ansi reset) button.
+Press the (ansi yellow_bold)enter key(ansi reset) to continue.
+"
+    input
+
+    rm $"backstage-($tag).tgz"
+
+}
+
+# Deploys Backstage to Kubernetes with necessary configuration
+def --env "main apply backstage" [
+    tag: string                                   # Available versions can be seen at https://github.com/users/vfarcic/packages/container/idp-full-backstage%2Fbackstage/versions
+    --kubeconfig = "kubeconfig-dot.yaml"
+    --ingress_host = "backstage.127.0.0.1.nip.io"
+    --github_token = "FIXME"
+    --create_service_account = false
+    --disable_default_workload_types = false
+] {
+
+    let cluster_data = (
+        get cluster data  
+            --kubeconfig $kubeconfig
+            --create_service_account $create_service_account
+    )
+
+    {
+        apiVersion: "v1"
+        kind: "Secret"
+        metadata: {
+            name: "backstage-config"
+            namespace: "backstage"
+        }
+        type: "Opaque"
+        data: {
+            KUBE_URL: ($cluster_data.kube_url | encode base64)
+            KUBE_SA_TOKEN: $cluster_data.token_encoded
+            KUBE_CA_DATA: ($cluster_data.kube_ca_data | encode base64)
+            GITHUB_TOKEN: ($github_token | encode base64)
+        }
+    }
+        | to yaml
+        | kubectl --namespace backstage apply --filename -
+
+    (
+        helm upgrade --install cnpg cloudnative-pg
+            --repo https://cloudnative-pg.github.io/charts
+            --namespace cnpg-system --create-namespace --wait
+    )
+
+    (
+        helm upgrade --install backstage
+            oci://ghcr.io/vfarcic/idp-full-backstage/backstage
+            --namespace backstage --create-namespace
+            --set $"ingress.host=($ingress_host)"
+            --set $"ingrestor.disableDefaultWorkloadTypes=($disable_default_workload_types)"
+            --version $tag --wait
+    )
+
+    sleep 60sec
+
+    print $"Backstage is available at (ansi yellow_bold)http://($ingress_host)(ansi reset)"
+
+    start $"http://($ingress_host)"
+
+}
+
+def "get cluster data" [
+    --kubeconfig = "kubeconfig-dot.yaml"
+    --create_service_account = false
+] {
+
+    if $create_service_account {
+
+        {
+            apiVersion: "v1"
+            kind: "Namespace"
+            metadata: {
+                name: "backstage"
+            }
+        } | to yaml | kubectl apply --filename -
+
+        {
+            apiVersion: "v1"
+            kind: "ServiceAccount"
+            metadata: {
+                name: "backstage"
+                namespace: "backstage"
+            }
+        } | to yaml | kubectl apply --filename -
+
+        {
+            apiVersion: "v1"
+            kind: "Secret"
+            metadata: {
+                name: "backstage"
+                namespace: "backstage"
+                annotations: {
+                    "kubernetes.io/service-account.name": "backstage"
+                }
+            }
+            type: "kubernetes.io/service-account-token"
+        } | to yaml | kubectl apply --filename -
+
+        {
+            apiVersion: "rbac.authorization.k8s.io/v1"
+            kind: "ClusterRoleBinding"
+            metadata: {
+                name: "backstage"
+            }
+            subjects: [{
+                kind: "ServiceAccount"
+                name: "backstage"
+                namespace: "backstage"
+            }]
+            roleRef: {
+                kind: "ClusterRole"
+                name: "cluster-admin"
+                apiGroup: "rbac.authorization.k8s.io"
+            }
+        } | to yaml | kubectl apply --filename -
+
+    }
+
+    let kube_url = open $kubeconfig
+        | get clusters.0.cluster.server
+    $"export KUBE_URL=($kube_url)\n" | save --append .env
+
+    let kube_ca_data = open $kubeconfig
+        | get clusters.0.cluster.certificate-authority-data
+    $"export KUBE_CA_DATA=($kube_ca_data)\n" | save --append .env
+
+    let token_encoded = (
+        kubectl --namespace backstage get secret backstage
+            --output yaml
+    )
+        | from yaml
+        | get data.token
+
+    let token = ($token_encoded | decode base64 | decode)
+    $"export KUBE_SA_TOKEN=($token)\n" | save --append .env
+
+    {
+        kube_url: $kube_url,
+        kube_ca_data: $kube_ca_data,
+        token_encoded: $token_encoded,
+        token: $token
+    }
+
+}

package/scripts/cert-manager.nu

@@ -0,0 +1,13 @@
+#!/usr/bin/env nu
+
+# Installs cert-manager for managing TLS certificates in Kubernetes
+def "main apply certmanager" [] {
+
+    (
+        helm upgrade --install cert-manager cert-manager
+            --repo https://charts.jetstack.io
+            --namespace cert-manager --create-namespace
+            --set crds.enabled=true --wait
+    )
+
+}

package/scripts/cnpg.nu

@@ -0,0 +1,14 @@
+#!/usr/bin/env nu
+
+# Installs Cloud-Native PostgreSQL (CNPG) operator
+def "main apply cnpg" [] {
+
+     print $"\nInstalling (ansi yellow_bold)Cloud-Native PostgreSQL \(CNPG\)(ansi reset)...\n"
+
+    (
+        helm upgrade --install cnpg cloudnative-pg
+            --repo https://cloudnative-pg.github.io/charts
+            --namespace cnpg-system --create-namespace --wait
+    )
+
+}

package/scripts/common.nu

@@ -0,0 +1,116 @@
+#!/usr/bin/env nu
+
+# Prompts user to select a cloud provider from available options
+#
+# Returns:
+# The selected provider name and saves it to .env file
+def "main get provider" [
+    --providers = [aws azure google kind upcloud]  # List of cloud providers to choose from
+] {
+
+    let message = $"
+Right now, only providers listed below are supported in this demo.
+Please send an email to (ansi yellow_bold)viktor@farcic.com(ansi reset) if you'd like to add additional providers.
+
+(ansi yellow_bold)Select a provider(ansi green_bold)"
+
+    let provider = $providers | input list $message
+    print $"(ansi reset)"
+
+    $"export PROVIDER=($provider)\n" | save --append .env
+
+    $provider
+}
+
+# Prints a reminder to source the environment variables
+def "main print source" [] {
+
+    print $"
+Execute `(ansi yellow_bold)source .env(ansi reset)` to load the environment variables.
+"
+
+}
+
+# Removes temporary files created during script execution
+def "main delete temp_files" [] {
+
+    rm --force .env
+
+    rm --force kubeconfig*.yaml
+
+}
+
+# Retrieves and configures credentials for the specified cloud provider
+#
+# Examples:
+# > main get creds aws
+# > main get creds azure
+def --env "main get creds" [
+    provider: string,  # The cloud provider to configure credentials for (aws, azure, google)
+    --aws-access-key-id: string,      # AWS Access Key ID (optional, falls back to AWS_ACCESS_KEY_ID env var)
+    --aws-secret-access-key: string,  # AWS Secret Access Key (optional, falls back to AWS_SECRET_ACCESS_KEY env var)
+    --aws-account-id: string,         # AWS Account ID (optional, falls back to AWS_ACCOUNT_ID env var)
+    --azure-tenant: string            # Azure Tenant ID (optional, falls back to AZURE_TENANT env var)
+] {
+
+    mut creds = {provider: $provider}
+
+    if $provider == "google" {
+
+        gcloud auth login
+
+
+    } else if $provider == "aws" {
+
+        mut access_key = $aws_access_key_id
+        if ($access_key | is-empty) and ("AWS_ACCESS_KEY_ID" in $env) {
+            $access_key = $env.AWS_ACCESS_KEY_ID
+        } else if ($access_key | is-empty) {
+            error make { msg: "AWS Access Key ID required via --aws-access-key-id parameter or AWS_ACCESS_KEY_ID environment variable" }
+        }
+        $"export AWS_ACCESS_KEY_ID=($access_key)\n"
+            | save --append .env
+        $creds = ( $creds | upsert aws_access_key_id $access_key )
+
+        mut secret_key = $aws_secret_access_key
+        if ($secret_key | is-empty) and ("AWS_SECRET_ACCESS_KEY" in $env) {
+            $secret_key = $env.AWS_SECRET_ACCESS_KEY
+        } else if ($secret_key | is-empty) {
+            error make { msg: "AWS Secret Access Key required via --aws-secret-access-key parameter or AWS_SECRET_ACCESS_KEY environment variable" }
+        }
+        $"export AWS_SECRET_ACCESS_KEY=($secret_key)\n"
+            | save --append .env
+        $creds = ( $creds | upsert aws_secret_access_key $secret_key )
+
+        mut account_id = $aws_account_id
+        if ($account_id | is-empty) and ("AWS_ACCOUNT_ID" in $env) {
+            $account_id = $env.AWS_ACCOUNT_ID
+        } else if ($account_id | is-empty) {
+            error make { msg: "AWS Account ID required via --aws-account-id parameter or AWS_ACCOUNT_ID environment variable" }
+        }
+        $"export AWS_ACCOUNT_ID=($account_id)\n"
+            | save --append .env
+        $creds = ( $creds | upsert aws_account_id $account_id )
+
+    } else if $provider == "azure" {
+
+        mut tenant = $azure_tenant
+        if ($tenant | is-empty) and ("AZURE_TENANT" in $env) {
+            $tenant = $env.AZURE_TENANT
+        } else if ($tenant | is-empty) {
+            error make { msg: "Azure Tenant ID required via --azure-tenant parameter or AZURE_TENANT environment variable" }
+        }
+        $creds = ( $creds | upsert tenant_id $tenant )
+
+        az login --tenant $tenant
+    
+    } else {
+
+        print $"(ansi red_bold)($provider)(ansi reset) is not a supported."
+        exit 1
+
+    }
+
+    $creds
+
+}