@vfarcic/dot-ai 0.116.0 → 0.117.0

package/scripts/backstage.nu

@@ -1,349 +0,0 @@
-#!/usr/bin/env nu
-
-# Configures a Backstage instance with Crossplane integration
-def --env "main configure backstage" [] {
-
-    rm --force --recursive backstage
-    
-    print $"
-When asked for a name for the Backstage app make sure to keep the default value (ansi yellow_bold)backstage(ansi reset)
-Press the (ansi yellow_bold)enter key(ansi reset) to continue.
-"
-    input
-
-    npx @backstage/create-app@latest
-
-    cd backstage
-
-    for package in [
-        "@terasky/backstage-plugin-crossplane-common@1.1.0",
-        "@terasky/backstage-plugin-crossplane-permissions-backend@1.1.1",
-        "@terasky/backstage-plugin-kubernetes-ingestor@1.5.0",
-        "@terasky/backstage-plugin-scaffolder-backend-module-terasky-utils@1.1.0"
-    ] {
-        yarn --cwd packages/backend add $package
-    }
-
-    for package in [
-        "@terasky/backstage-plugin-crossplane-resources-frontend@1.4.0"
-    ] {
-        yarn --cwd packages/app add $package
-    }
-
-    open app-config.yaml
-        | upsert backend.csp.upgrade-insecure-requests false
-        | upsert crossplane.enablePermissions false
-        | upsert kubernetesIngestor.components.enabled true
-        | upsert kubernetesIngestor.components.taskRunner.frequency 10
-        | upsert kubernetesIngestor.components.taskRunner.timeout 600
-        | upsert kubernetesIngestor.components.excludedNamespaces []
-        | upsert kubernetesIngestor.components.excludedNamespaces.0 "kube-public"
-        | upsert kubernetesIngestor.components.excludedNamespaces.1 "kube-system"
-        | upsert kubernetesIngestor.components.customWorkloadTypes []
-        | upsert kubernetesIngestor.components.customWorkloadTypes.0 { group: "core.oam.dev", apiVersion: "v1beta1", plural: "applications" }
-        | upsert kubernetesIngestor.components.disableDefaultWorkloadTypes "${DISABLE_DEFAULT_WORKLOAD_TYPES-false}"
-        | upsert kubernetesIngestor.components.onlyIngestAnnotatedResources false
-        | upsert kubernetesIngestor.crossplane.claims.ingestAllClaims true
-        | upsert kubernetesIngestor.crossplane.xrds.publishPhase.allowedTargets ["github.com"]
-        | upsert kubernetesIngestor.crossplane.xrds.publishPhase.target "github.com"
-        | upsert kubernetesIngestor.crossplane.xrds.publishPhase.target "github.com"
-        | upsert kubernetesIngestor.crossplane.xrds.publishPhase.allowRepoSelection true
-        | upsert kubernetesIngestor.crossplane.xrds.enabled true
-        | upsert kubernetesIngestor.crossplane.xrds.taskRunner.frequency 10
-        | upsert kubernetesIngestor.crossplane.xrds.taskRunner.timeout 600
-        | upsert kubernetesIngestor.crossplane.xrds.ingestAllXRDs true
-        | upsert kubernetesIngestor.crossplane.xrds.convertDefaultValuesToPlaceholders true
-        | upsert kubernetes {}
-        | upsert kubernetes.frontend.podDelete.enabled true
-        | upsert kubernetes.serviceLocatorMethod.type "multiTenant"
-        | upsert kubernetes.clusterLocatorMethods [{}]
-        | upsert kubernetes.clusterLocatorMethods.0.type "config"
-        | upsert kubernetes.clusterLocatorMethods.0.clusters [{}]
-        | upsert kubernetes.clusterLocatorMethods.0.clusters.0.url "${KUBE_URL}"
-        | upsert kubernetes.clusterLocatorMethods.0.clusters.0.name "kind"
-        | upsert kubernetes.clusterLocatorMethods.0.clusters.0.authProvider "serviceAccount"
-        | upsert kubernetes.clusterLocatorMethods.0.clusters.0.skipTLSVerify true
-        | upsert kubernetes.clusterLocatorMethods.0.clusters.0.skipMetricsLookup true
-        | upsert kubernetes.clusterLocatorMethods.0.clusters.0.serviceAccountToken "${KUBE_SA_TOKEN}"
-        | upsert kubernetes.clusterLocatorMethods.0.clusters.0.caData "${KUBE_CA_DATA}"
-        | save app-config.yaml --force
-
-    {
-        app: {
-            baseUrl: "${BACKSTAGE_HOST}"
-        }
-        backend: {
-            baseUrl: "${BACKSTAGE_HOST}"
-            database: {
-                client: "pg"
-                connection: {
-                    host: "${DB_HOST}"
-                    port: 5432
-                    user: "${user}"
-                    password: "${password}"
-                }
-            }
-        }
-    } | to yaml | save app-config.production.yaml --force
-
-    open packages/app/src/components/catalog/EntityPage.tsx
-        | (
-            str replace
-            `} from '@backstage/plugin-kubernetes';`
-            `} from '@backstage/plugin-kubernetes';
-
-import { CrossplaneAllResourcesTable, CrossplaneResourceGraph, isCrossplaneAvailable } from '@terasky/backstage-plugin-crossplane-resources-frontend';`
-        ) | (
-            str replace
-            `const serviceEntityPage = (
-  <EntityLayout>
-    <EntityLayout.Route path="/" title="Overview">
-      {overviewContent}
-    </EntityLayout.Route>`
-            `const serviceEntityPage = (
-  <EntityLayout>
-    <EntityLayout.Route path="/" title="Overview">
-      {overviewContent}
-    </EntityLayout.Route>
-
-    <EntityLayout.Route if={isCrossplaneAvailable} path="/crossplane-resources" title="Crossplane Resources">
-      <CrossplaneAllResourcesTable />
-    </EntityLayout.Route>
-    <EntityLayout.Route if={isCrossplaneAvailable} path="/crossplane-graph" title="Crossplane Graph">
-      <CrossplaneResourceGraph />
-    </EntityLayout.Route>`
-        ) | (
-            str replace
-            `const componentPage = (
-  <EntitySwitch>`
-            `const componentPage = (
-  <EntitySwitch>
-    <EntitySwitch.Case if={isComponentType('crossplane-claim')}>
-      {serviceEntityPage}
-    </EntitySwitch.Case>`
-        ) | save packages/app/src/components/catalog/EntityPage.tsx --force
-
-    open packages/backend/src/index.ts
-        | (
-            str replace
-            `backend.start();`
-            `backend.add(import('@terasky/backstage-plugin-crossplane-permissions-backend'));
-backend.add(import('@terasky/backstage-plugin-kubernetes-ingestor'));
-backend.add(import('@terasky/backstage-plugin-scaffolder-backend-module-terasky-utils'));
-
-backend.start();`
-        ) | save packages/backend/src/index.ts --force
-
-    cd ..
-
-    get cluster data --create_service_account true
-
-    $"export NODE_OPTIONS=--no-node-snapshot\n" | save --append .env
-
-}
-
-# Builds and publishes a Backstage Docker image and Helm chart
-def --env "main build backstage" [
-    tag: string
-    --image = "ghcr.io/vfarcic/idp-full-backstage"
-    --github_org = "vfarcic"
-] {
-
-    docker login $image
-
-    cd backstage
-
-    yarn install --immutable
-
-    yarn tsc
-
-    yarn build:backend
-
-    (
-        docker buildx build
-            --file packages/backend/Dockerfile
-            --tag $"($image):($tag)"
-            --platform linux/amd64
-            .
-    )
-
-    docker image push $"($image):($tag)"
-
-    cd ..
-
-    open charts/backstage/Chart.yaml
-        | upsert version $tag
-        | upsert appVersion $tag
-        | save charts/backstage/Chart.yaml --force
-
-    open charts/backstage/values.yaml
-        | upsert image.repository $image
-        | upsert image.tag $tag
-        | save charts/backstage/values.yaml --force
-
-    helm package charts/backstage
-
-    helm push $"backstage-($tag).tgz" $"oci://ghcr.io/($image)"
-
-    start $"https://github.com/users/($github_org)/packages/container/package/idp-full-backstage"
-
-    print $"
-Click (ansi yellow_bold)Package settings(ansi reset).
-Click the (ansi yellow_bold)Change visibility(ansi reset) button, select (ansi yellow_bold)Public(ansi reset), type (ansi yellow_bold)idp-full-backstage(ansi reset) to confirm, and click the (ansi yellow_bold)I understand the consequences, change package visibility(ansi reset) button.
-Press the (ansi yellow_bold)enter key(ansi reset) to continue.
-"
-    input
-
-    start $"https://github.com/users/($github_org)/packages/container/package/idp-full-backstage%2Fbackstage"
-
-    print $"
-Click (ansi yellow_bold)Package settings(ansi reset).
-Click the (ansi yellow_bold)Change visibility(ansi reset) button, select (ansi yellow_bold)Public(ansi reset), type (ansi yellow_bold)idp-full-backstage/backstage(ansi reset) to confirm, and click the (ansi yellow_bold)I understand the consequences, change package visibility(ansi reset) button.
-Press the (ansi yellow_bold)enter key(ansi reset) to continue.
-"
-    input
-
-    rm $"backstage-($tag).tgz"
-
-}
-
-# Deploys Backstage to Kubernetes with necessary configuration
-def --env "main apply backstage" [
-    tag: string                                   # Available versions can be seen at https://github.com/users/vfarcic/packages/container/idp-full-backstage%2Fbackstage/versions
-    --kubeconfig = "kubeconfig-dot.yaml"
-    --ingress_host = "backstage.127.0.0.1.nip.io"
-    --github_token = "FIXME"
-    --create_service_account = false
-    --disable_default_workload_types = false
-] {
-
-    let cluster_data = (
-        get cluster data  
-            --kubeconfig $kubeconfig
-            --create_service_account $create_service_account
-    )
-
-    {
-        apiVersion: "v1"
-        kind: "Secret"
-        metadata: {
-            name: "backstage-config"
-            namespace: "backstage"
-        }
-        type: "Opaque"
-        data: {
-            KUBE_URL: ($cluster_data.kube_url | encode base64)
-            KUBE_SA_TOKEN: $cluster_data.token_encoded
-            KUBE_CA_DATA: ($cluster_data.kube_ca_data | encode base64)
-            GITHUB_TOKEN: ($github_token | encode base64)
-        }
-    }
-        | to yaml
-        | kubectl --namespace backstage apply --filename -
-
-    (
-        helm upgrade --install cnpg cloudnative-pg
-            --repo https://cloudnative-pg.github.io/charts
-            --namespace cnpg-system --create-namespace --wait
-    )
-
-    (
-        helm upgrade --install backstage
-            oci://ghcr.io/vfarcic/idp-full-backstage/backstage
-            --namespace backstage --create-namespace
-            --set $"ingress.host=($ingress_host)"
-            --set $"ingrestor.disableDefaultWorkloadTypes=($disable_default_workload_types)"
-            --version $tag --wait
-    )
-
-    sleep 60sec
-
-    print $"Backstage is available at (ansi yellow_bold)http://($ingress_host)(ansi reset)"
-
-    start $"http://($ingress_host)"
-
-}
-
-def "get cluster data" [
-    --kubeconfig = "kubeconfig-dot.yaml"
-    --create_service_account = false
-] {
-
-    if $create_service_account {
-
-        {
-            apiVersion: "v1"
-            kind: "Namespace"
-            metadata: {
-                name: "backstage"
-            }
-        } | to yaml | kubectl apply --filename -
-
-        {
-            apiVersion: "v1"
-            kind: "ServiceAccount"
-            metadata: {
-                name: "backstage"
-                namespace: "backstage"
-            }
-        } | to yaml | kubectl apply --filename -
-
-        {
-            apiVersion: "v1"
-            kind: "Secret"
-            metadata: {
-                name: "backstage"
-                namespace: "backstage"
-                annotations: {
-                    "kubernetes.io/service-account.name": "backstage"
-                }
-            }
-            type: "kubernetes.io/service-account-token"
-        } | to yaml | kubectl apply --filename -
-
-        {
-            apiVersion: "rbac.authorization.k8s.io/v1"
-            kind: "ClusterRoleBinding"
-            metadata: {
-                name: "backstage"
-            }
-            subjects: [{
-                kind: "ServiceAccount"
-                name: "backstage"
-                namespace: "backstage"
-            }]
-            roleRef: {
-                kind: "ClusterRole"
-                name: "cluster-admin"
-                apiGroup: "rbac.authorization.k8s.io"
-            }
-        } | to yaml | kubectl apply --filename -
-
-    }
-
-    let kube_url = open $kubeconfig
-        | get clusters.0.cluster.server
-    $"export KUBE_URL=($kube_url)\n" | save --append .env
-
-    let kube_ca_data = open $kubeconfig
-        | get clusters.0.cluster.certificate-authority-data
-    $"export KUBE_CA_DATA=($kube_ca_data)\n" | save --append .env
-
-    let token_encoded = (
-        kubectl --namespace backstage get secret backstage
-            --output yaml
-    )
-        | from yaml
-        | get data.token
-
-    let token = ($token_encoded | decode base64 | decode)
-    $"export KUBE_SA_TOKEN=($token)\n" | save --append .env
-
-    {
-        kube_url: $kube_url,
-        kube_ca_data: $kube_ca_data,
-        token_encoded: $token_encoded,
-        token: $token
-    }
-
-}

package/scripts/cert-manager.nu

@@ -1,13 +0,0 @@
-#!/usr/bin/env nu
-
-# Installs cert-manager for managing TLS certificates in Kubernetes
-def "main apply certmanager" [] {
-
-    (
-        helm upgrade --install cert-manager cert-manager
-            --repo https://charts.jetstack.io
-            --namespace cert-manager --create-namespace
-            --set crds.enabled=true --wait
-    )
-
-}

package/scripts/cnpg.nu

@@ -1,14 +0,0 @@
-#!/usr/bin/env nu
-
-# Installs Cloud-Native PostgreSQL (CNPG) operator
-def "main apply cnpg" [] {
-
-     print $"\nInstalling (ansi yellow_bold)Cloud-Native PostgreSQL \(CNPG\)(ansi reset)...\n"
-
-    (
-        helm upgrade --install cnpg cloudnative-pg
-            --repo https://cloudnative-pg.github.io/charts
-            --namespace cnpg-system --create-namespace --wait
-    )
-
-}

package/scripts/dot.nu

@@ -1,32 +0,0 @@
-#!/usr/bin/env nu
-
-source ack.nu
-source anthropic.nu
-source argo-workflows.nu
-source argocd.nu
-source aso.nu
-source atlas.nu
-source backstage.nu
-source cert-manager.nu
-source cnpg.nu
-source common.nu
-source crossplane.nu
-source external-secrets.nu
-source gatekeeper.nu
-source github.nu
-source image.nu
-source ingress.nu
-source kro.nu
-source kubernetes.nu
-source kubevela.nu
-source kyverno.nu
-source mcp.nu
-source port.nu
-source prometheus.nu
-source registry.nu
-source storage.nu
-source tests.nu
-source toolhive.nu
-source velero.nu
-
-def main [] {}

package/scripts/external-secrets.nu

@@ -1,110 +0,0 @@
-#!/usr/bin/env nu
-
-# Installs External Secrets Operator (ESO) with optional cloud provider configuration
-#
-# Examples:
-# > main apply external_secrets --provider google --google_project_id my-project
-# > main apply external_secrets --provider azure --azure_key_vault_name my-vault
-def "main apply external_secrets" [
-    --provider: string               # Supported values: `google`, `azure`
-    --google_project_id: string    # Used only if `provider` is `google`
-    --azure_key_vault_name: string # Used only if `provider` is `azure`
-] {
-
-    print $"\nInstalling (ansi yellow_bold)External Secrets Operator \(ESO\)(ansi reset)...\n"
-
-    (
-        helm repo add external-secrets
-            https://charts.external-secrets.io
-    )
-
-    helm repo update
-
-    (
-        helm upgrade --install
-            external-secrets external-secrets/external-secrets
-            --namespace external-secrets --create-namespace
-            --wait
-    )
-
-    if $provider == "google" {
-
-        {
-            apiVersion: "external-secrets.io/v1beta1"
-            kind: "ClusterSecretStore"
-            metadata: { name: "google" }
-            spec: { provider: { gcpsm: {
-                auth: { secretRef: { secretAccessKeySecretRef: {
-                    name: "gcp-creds"
-                    key: "creds"
-                    namespace: "crossplane-system"
-                } } }
-                projectID: $google_project_id
-            } } }
-        } | to yaml | kubectl apply --filename -
-
-        start $"https://console.developers.google.com/apis/api/secretmanager.googleapis.com/overview?project=($google_project_id)"
-            
-        print $"
-(ansi yellow_bold)ENABLE(ansi reset) the API.
-Press the (ansi yellow_bold)enter key(ansi reset) to continue.
-"
-        input
-
-    } else if $provider == "azure" {
-
-        # FIXME: Uncomment and rewrite
-        
-        # az keyvault create --name $RESOURCE_GROUP \
-        #     --resource-group $RESOURCE_GROUP
-
-        # az keyvault key create --vault-name $RESOURCE_GROUP --name "ContosoFirstKey" --protection software
-
-        # export AZURE_UPN=$(az ad user list | jq ".[0].userPrincipalName" -r)
-
-        # export AZURE_SUBSCRIPTION_ID=$(az account show --query id -o tsv)
-
-        # az role assignment create \
-        #     --role "Key Vault Secrets Officer" \
-        #     --assignee $AZURE_UPN \
-        #     --scope "/subscriptions/$AZURE_SUBSCRIPTION_ID/resourceGroups/$RESOURCE_GROUP/providers/Microsoft.KeyVault/vaults/$RESOURCE_GROUP"
-
-        {
-            apiVersion: "external-secrets.io/v1beta1"
-            kind: "ClusterSecretStore"
-            metadata: { name: "azure" }
-            spec: { provider: { azurekv: {
-                authType: "ManagedIdentity"
-                vaultUrl: $"https://($azure_key_vault_name).vault.azure.net"
-            } } }
-        } | to yaml | kubectl apply --filename -
-
-    } else if $provider == "aws" {
-
-        {
-            apiVersion: "external-secrets.io/v1beta1"
-            kind: "ClusterSecretStore"
-            metadata: { name: "aws" }
-            spec: {
-                provider: { aws: {
-                    service: "SecretsManager"
-                    region: "us-east-1"
-                    auth: { secretRef: {
-                        accessKeyIDSecretRef: {
-                            name: "aws-creds"
-                            key: "accessKeyID"
-                            namespace: "crossplane-system"
-                        }
-                        secretAccessKeySecretRef: {
-                            name: "aws-creds"
-                            key: "secretAccessKey"
-                            namespace: "crossplane-system"
-                        }
-                    } }
-                } }
-            }
-        } | to yaml | kubectl apply --filename -
-
-    }
-
-}

package/scripts/gatekeeper.nu

@@ -1,19 +0,0 @@
-#!/usr/bin/env nu
-
-# Installs Gatekeeper (Open Policy Agent) for Kubernetes policy enforcement
-def "main apply opa" [] {
-
-    (
-        helm repo add gatekeeper
-            https://open-policy-agent.github.io/gatekeeper/charts
-    )
-
-    helm repo update
-
-    (
-        helm upgrade --install gatekeeper gatekeeper/gatekeeper 
-            --namespace gatekeeper-system --create-namespace
-            --wait
-    )
-
-}

package/scripts/github.nu

@@ -1,42 +0,0 @@
-#!/usr/bin/env nu
-
-# Retrieves GitHub credentials (token and organization/username)
-#
-# Parameters:
-# --enable-org: Whether to retrieve GitHub organization/user (default: true)
-# --github-token: GitHub token (optional, falls back to GITHUB_TOKEN or REGISTRY_PASSWORD env var)
-# --github-org: GitHub organization/username (optional, falls back to GITHUB_ORG or REGISTRY_USER env var)
-#
-# Returns:
-# A record with org and token fields, and saves values to .env file
-def --env "main get github" [
-    --enable-org = true,
-    --github-token: string,
-    --github-org: string
-] {
-
-    mut token = $github_token
-    if ($token | is-empty) and ("GITHUB_TOKEN" in $env) {
-        $token = $env.GITHUB_TOKEN
-    } else if ($token | is-empty) and ("REGISTRY_PASSWORD" in $env) {
-        $token = $env.REGISTRY_PASSWORD
-    } else if ($token | is-empty) {
-        error make { msg: "GitHub token required via --github-token parameter or GITHUB_TOKEN/REGISTRY_PASSWORD environment variable" }
-    }
-    $"export GITHUB_TOKEN=($token)\n" | save --append .env
-
-    mut org = $github_org
-    if $enable_org {
-        if ($org | is-empty) and ("GITHUB_ORG" in $env) {
-            $org = $env.GITHUB_ORG
-        } else if ($org | is-empty) and ("REGISTRY_USER" in $env) {
-            $org = $env.REGISTRY_USER
-        } else if ($org | is-empty) {
-            error make { msg: "GitHub organization/username required via --github-org parameter or GITHUB_ORG/REGISTRY_USER environment variable" }
-        }
-        $"export GITHUB_ORG=($org)\n" | save --append .env
-    }
-
-    {org: $org, token: $token}
-
-}

package/scripts/image.nu

@@ -1,67 +0,0 @@
-#!/usr/bin/env nu
-
-# Builds a container image
-def "main build image" [
-    tag: string                                  # The tag of the image (e.g., 0.0.1)
-    --registry = "ghcr.io"                       # Image registry (e.g., ghcr.io)
-    --registry_user = "vfarcic"                  # Image registry user (e.g., vfarcic)
-    --image = "silly-demo"                       # Image name (e.g., silly-demo)
-    --builder = "docker"                         # Image builder; currently supported are: `docker` and `kaniko`
-    --push = true                                # Whether to push the image to the registry
-    --dockerfile = "Dockerfile"                  # Path to Dockerfile
-    --context = "."                              # Path to the context
-] {
-
-    if $builder == "docker" {
-
-        (
-            docker image build
-                --tag $"($registry)/($registry_user)/($image):latest"
-                --tag $"($registry)/($registry_user)/($image):($tag)"
-                --file $dockerfile
-                $context
-        )
-
-        if $push {
-
-            docker image push $"($registry)/($registry_user)/($image):latest"
-
-            docker image push $"($registry)/($registry_user)/($image):($tag)"
-
-        }
-
-    } else if $builder == "kaniko" {
-
-        (
-            executor --dockerfile=Dockerfile --context=.
-                $"--destination=($registry)/($registry_user)/($image):($tag)"
-                $"--destination=($registry)/($registry_user)/($image):latest"
-        )
-
-    } else {
-
-        echo $"Unsupported builder: ($builder)"
-
-    } 
-
-}
-
-# Retrieves a container registry address
-#
-# Parameters:
-# --container-registry: Container registry address (optional, falls back to CONTAINER_REGISTRY env var)
-def "main get container_registry" [
-    --container-registry: string
-] {
-
-    mut registry = $container_registry
-    if ($registry | is-empty) and ("CONTAINER_REGISTRY" in $env) {
-        $registry = $env.CONTAINER_REGISTRY
-    } else if ($registry | is-empty) {
-        error make { msg: "Container registry address required via --container-registry parameter or CONTAINER_REGISTRY environment variable" }
-    }
-    $"export CONTAINER_REGISTRY=($registry)\n" | save --append .env
-
-    $registry
-
-}

package/scripts/kro.nu

@@ -1,11 +0,0 @@
-#!/usr/bin/env nu
-
-# Installs Kro (Kubernetes Resource Orchestrator) for orchestrating Kubernetes resources
-def "main apply kro" [] {
-
-    (
-        helm upgrade --install kro oci://ghcr.io/kro-run/kro/kro
-            --namespace kro --create-namespace
-    )
-
-}

package/scripts/kubevela.nu

@@ -1,22 +0,0 @@
-#!/usr/bin/env nu
-
-# Installs KubeVela platform
-#
-# Examples:
-# > main apply kubevela example.com --ingress_class nginx
-def "main apply kubevela" [
-    host: string
-    --ingress_class = "nginx"
-] {
-
-    vela install
-
-    # (
-    #     vela addon enable velaux
-    #         $"domain=vela.($host)"
-    #         $"gatewayDriver=($ingress_class)"
-    # )
-
-    # start $"http://($host)"
-
-}