From 17fff81cb2033da38f1bb21f75d5e68a54088438 Mon Sep 17 00:00:00 2001
From: Pablo Vigo <pvigo@collabora.com>
Date: Fri, 14 Mar 2025 10:41:24 +0100
Subject: [PATCH 1/2] qa-report-app: add compatibility with more instances

For a long time, there was only one instance of the `qa-report-app`,
and all the configuration resided in the values file and its Vault
secret. With the possibility of deploying a development instance, it is
necessary to decouple some variables to be configured from the
inventory file, as some configurations are specific to each environment.

This modification also makes it easier to have more than one instance
of the APP in production if needed.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>
---
 digital-ocean-k8s/roles/qa-report-app/tasks/main.yaml           | 2 +-
 .../roles/qa-report-app/templates/qa-report-app.values.j2       | 2 +-
 inventories/production/qa-report-app.yaml                       | 1 +
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/digital-ocean-k8s/roles/qa-report-app/tasks/main.yaml b/digital-ocean-k8s/roles/qa-report-app/tasks/main.yaml
index 4843fe7..939b36b 100644
--- a/digital-ocean-k8s/roles/qa-report-app/tasks/main.yaml
+++ b/digital-ocean-k8s/roles/qa-report-app/tasks/main.yaml
@@ -6,7 +6,7 @@
     "{{ path | replace('/', '_') }}": >-
       {{ lookup(
             'community.hashi_vault.vault_kv2_get',
-            'qa-report-app/%s' % path,
+            '{{ secret_name }}/%s' % path,
             engine_mount_point='apertis',
             token_validate=True,
             url='https://vault.collabora.com:8200/',
diff --git a/digital-ocean-k8s/roles/qa-report-app/templates/qa-report-app.values.j2 b/digital-ocean-k8s/roles/qa-report-app/templates/qa-report-app.values.j2
index 6193518..3108d55 100644
--- a/digital-ocean-k8s/roles/qa-report-app/templates/qa-report-app.values.j2
+++ b/digital-ocean-k8s/roles/qa-report-app/templates/qa-report-app.values.j2
@@ -33,7 +33,7 @@ config:
   openid:
     client-id: '{{ gitlab_oauth.client_id }}'
     client-secret: '{{ gitlab_oauth.client_secret }}'
-    well-known-url: https://gitlab.apertis.org/.well-known/openid-configuration
+    well-known-url: '{{ openid_well_known_url }}'
   auth-groups:
     - name: apertis-developers
       extra-perms:
diff --git a/inventories/production/qa-report-app.yaml b/inventories/production/qa-report-app.yaml
index ffca7b4..8186e28 100644
--- a/inventories/production/qa-report-app.yaml
+++ b/inventories/production/qa-report-app.yaml
@@ -3,6 +3,7 @@ qa-report-app:
     qa-report-app:
       namespace: qa-report-app
       hostname: qa.apertis.org
+      secret_name: qa-report-app
       certificate_issuer: letsencrypt-issuer
       git:
         url: https://gitlab.apertis.org/infrastructure/qa-report-app.git
-- 
GitLab


From 9df4766abbd6d1b22324daf3940ded37ab50d4cb Mon Sep 17 00:00:00 2001
From: Pablo Vigo <pvigo@collabora.com>
Date: Fri, 14 Mar 2025 11:07:16 +0100
Subject: [PATCH 2/2] qa-report-app: add Dev instance secrets

The dev instance was using production secrets because the Ansible
playbook was not configured to support different environments.

This issue has been resolved, and it's now possible to use
separate configuration files for each instance.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>
---
 .../roles/qa-report-app/templates/qa-report-app.values.j2       | 2 +-
 inventories/development/qa-report-app.yaml                      | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/digital-ocean-k8s/roles/qa-report-app/templates/qa-report-app.values.j2 b/digital-ocean-k8s/roles/qa-report-app/templates/qa-report-app.values.j2
index 3108d55..6193518 100644
--- a/digital-ocean-k8s/roles/qa-report-app/templates/qa-report-app.values.j2
+++ b/digital-ocean-k8s/roles/qa-report-app/templates/qa-report-app.values.j2
@@ -33,7 +33,7 @@ config:
   openid:
     client-id: '{{ gitlab_oauth.client_id }}'
     client-secret: '{{ gitlab_oauth.client_secret }}'
-    well-known-url: '{{ openid_well_known_url }}'
+    well-known-url: https://gitlab.apertis.org/.well-known/openid-configuration
   auth-groups:
     - name: apertis-developers
       extra-perms:
diff --git a/inventories/development/qa-report-app.yaml b/inventories/development/qa-report-app.yaml
index 0c60fb0..0dbd31d 100644
--- a/inventories/development/qa-report-app.yaml
+++ b/inventories/development/qa-report-app.yaml
@@ -3,6 +3,7 @@ qa-report-app:
     qa-report-app:
       namespace: qa-report-app
       hostname: qa.dev-cluster.collabora.dev
+      secret_name: qa-report-app-dev
       certificate_issuer: letsencrypt-issuer
       git:
         url: https://gitlab.apertis.org/infrastructure/qa-report-app.git
-- 
GitLab