studio/cli
2
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 4 Wiki Activity

fix: sunbeam apply and bootstrap reliability

Browse Source 
manifests.py: fix REPO_ROOT parents index (was 3, needed 2) which
caused kustomize overlay lookup to resolve against the wrong directory.

tools.py: call ensure_tool("helm") before running kustomize so the
bundled helm v3.17.1 is on PATH; system helm v4 dropped the -c flag
that kustomize 5.6.0 uses for version detection.

gitea.py: pass --must-change-password=false to gitea admin user
change-password, removing the separate Postgres UPDATE workaround that
was fragile and required a second exec into the CNPG pod.
This commit is contained in:
Sienna Meridian Satterwhite
2026-03-03 00:57:39 +00:00
parent 0acbf66673
commit fb3fd93f0f
3 changed files with 4 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
sunbeam/gitea.py
View File

@@ -146,30 +146,15 @@ def cmd_bootstrap(domain: str = "", gitea_admin_pass: str = ""):
capture_output=True, text=True, capture_output=True, text=True,
) )
# Ensure admin has the generated password # Ensure admin has the generated password and no forced-change flag.
r = gitea_exec("gitea", "admin", "user", "change-password", r = gitea_exec("gitea", "admin", "user", "change-password",
"--username", GITEA_ADMIN_USER, "--password", "--username", GITEA_ADMIN_USER, "--password",
gitea_admin_pass) gitea_admin_pass, "--must-change-password=false")
if r.returncode == 0 or "password" in (r.stdout + r.stderr).lower(): if r.returncode == 0 or "password" in (r.stdout + r.stderr).lower():
ok(f"Admin '{GITEA_ADMIN_USER}' password set.") ok(f"Admin '{GITEA_ADMIN_USER}' password set.")
else: else:
warn(f"change-password: {r.stderr.strip()}") warn(f"change-password: {r.stderr.strip()}")
# Clear must_change_password via Postgres
pg_pod = kube_out("-n", "data", "get", "pods",
"-l=cnpg.io/cluster=postgres,role=primary",
"-o=jsonpath={.items[0].metadata.name}")
if pg_pod:
kube("exec", "-n", "data", pg_pod, "-c", "postgres", "--",
"psql", "-U", "postgres", "-d", "gitea_db", "-c",
f'UPDATE "user" SET must_change_password = false'
f" WHERE lower_name = '{GITEA_ADMIN_USER.lower()}';",
check=False)
ok("Cleared must-change-password flag.")
else:
warn("Postgres pod not found -- must-change-password may block API "
"calls.")
def api(method, path, data=None): def api(method, path, data=None):
args = [ args = [
"curl", "-s", "-X", method, "curl", "-s", "-X", method,

2
sunbeam/manifests.py
View File

@@ -4,7 +4,7 @@ from pathlib import Path
from sunbeam.kube import kube, kube_out, kube_ok, kube_apply, kustomize_build, get_lima_ip from sunbeam.kube import kube, kube_out, kube_ok, kube_apply, kustomize_build, get_lima_ip
from sunbeam.output import step, ok, warn from sunbeam.output import step, ok, warn
REPO_ROOT = Path(__file__).parents[3] / "infrastructure" REPO_ROOT = Path(__file__).parents[2] / "infrastructure"
MANAGED_NS = ["data", "devtools", "ingress", "lasuite", "media", "ory", "storage", MANAGED_NS = ["data", "devtools", "ingress", "lasuite", "media", "ory", "storage",
"vault-secrets-operator"] "vault-secrets-operator"]

1
sunbeam/tools.py
View File

@@ -102,5 +102,6 @@ def run_tool(name: str, *args, **kwargs) -> subprocess.CompletedProcess:
env = os.environ.copy() env = os.environ.copy()
# kustomize needs helm on PATH for helm chart rendering # kustomize needs helm on PATH for helm chart rendering
if name == "kustomize": if name == "kustomize":
ensure_tool("helm") # ensure bundled helm is present before kustomize runs
env["PATH"] = str(CACHE_DIR) + os.pathsep + env.get("PATH", "") env["PATH"] = str(CACHE_DIR) + os.pathsep + env.get("PATH", "")
return subprocess.run([str(bin_path), *args], env=env, **kwargs) return subprocess.run([str(bin_path), *args], env=env, **kwargs)