fix: sunbeam apply and bootstrap reliability
manifests.py: fix REPO_ROOT parents index (was 3, needed 2) which
caused kustomize overlay lookup to resolve against the wrong directory.
tools.py: call ensure_tool("helm") before running kustomize so the
bundled helm v3.17.1 is on PATH; system helm v4 dropped the -c flag
that kustomize 5.6.0 uses for version detection.
gitea.py: pass --must-change-password=false to gitea admin user
change-password, removing the separate Postgres UPDATE workaround that
was fragile and required a second exec into the CNPG pod.
This commit is contained in:
@@ -146,30 +146,15 @@ def cmd_bootstrap(domain: str = "", gitea_admin_pass: str = ""):
|
||||
capture_output=True, text=True,
|
||||
)
|
||||
|
||||
# Ensure admin has the generated password
|
||||
# Ensure admin has the generated password and no forced-change flag.
|
||||
r = gitea_exec("gitea", "admin", "user", "change-password",
|
||||
"--username", GITEA_ADMIN_USER, "--password",
|
||||
gitea_admin_pass)
|
||||
gitea_admin_pass, "--must-change-password=false")
|
||||
if r.returncode == 0 or "password" in (r.stdout + r.stderr).lower():
|
||||
ok(f"Admin '{GITEA_ADMIN_USER}' password set.")
|
||||
else:
|
||||
warn(f"change-password: {r.stderr.strip()}")
|
||||
|
||||
# Clear must_change_password via Postgres
|
||||
pg_pod = kube_out("-n", "data", "get", "pods",
|
||||
"-l=cnpg.io/cluster=postgres,role=primary",
|
||||
"-o=jsonpath={.items[0].metadata.name}")
|
||||
if pg_pod:
|
||||
kube("exec", "-n", "data", pg_pod, "-c", "postgres", "--",
|
||||
"psql", "-U", "postgres", "-d", "gitea_db", "-c",
|
||||
f'UPDATE "user" SET must_change_password = false'
|
||||
f" WHERE lower_name = '{GITEA_ADMIN_USER.lower()}';",
|
||||
check=False)
|
||||
ok("Cleared must-change-password flag.")
|
||||
else:
|
||||
warn("Postgres pod not found -- must-change-password may block API "
|
||||
"calls.")
|
||||
|
||||
def api(method, path, data=None):
|
||||
args = [
|
||||
"curl", "-s", "-X", method,
|
||||
|
||||
Reference in New Issue
Block a user