chore(deps): update dependency next to v15.5.14 [security] - abandoned

destroy-all.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+set -e
+
+export RESOURCE_PREFIX="peeks"
+export AWS_REGION="us-east-2"
+export USER1_PASSWORD="${USER1_PASSWORD:-ChangeMe123!}"
+
+echo "Getting cluster info..."
+export HUB_VPC_ID=$(aws eks describe-cluster --name ${RESOURCE_PREFIX}-hub --region $AWS_REGION --query 'cluster.resourcesVpcConfig.vpcId' --output text 2>/dev/null || echo "vpc-dummy")
+export HUB_SUBNET_IDS=$(aws eks describe-cluster --name ${RESOURCE_PREFIX}-hub --region $AWS_REGION --query 'cluster.resourcesVpcConfig.subnetIds' --output json 2>/dev/null || echo '["subnet-dummy"]')
+
+echo "VPC ID: $HUB_VPC_ID"
+echo "Subnet IDs: $HUB_SUBNET_IDS"
+
+echo "Destroying common addons..."
+cd /Users/shapirov/projects/appmod-blueprints/platform/infra/terraform/common
+terraform destroy \
+  -var="ide_password=${USER1_PASSWORD}" \
+  -var="resource_prefix=${RESOURCE_PREFIX}" \
+  -auto-approve || echo "Common destroy failed, continuing..."
+
+echo "Destroying cluster..."
+cd /Users/shapirov/projects/appmod-blueprints/platform/infra/terraform/cluster
+terraform destroy \
+  -var="hub_vpc_id=${HUB_VPC_ID}" \
+  -var="hub_subnet_ids=${HUB_SUBNET_IDS}" \
+  -var="resource_prefix=${RESOURCE_PREFIX}" \
+  -auto-approve || echo "Cluster destroy failed, continuing..."
+
+echo "Destroying VPC..."
+cd /Users/shapirov/projects/appmod-blueprints/platform/infra/terraform/vpc
+terraform destroy \
+  -var="region=${AWS_REGION}" \
+  -var="resource_prefix=${RESOURCE_PREFIX}" \
+  -auto-approve || echo "VPC destroy failed"
+
+echo "Destruction complete!"

gitops/fleet/members/fleet-spoke-dev/values.yaml

@@ -0,0 +1,7 @@
+externalSecret:
+  enabled: true
+  clusterName: spoke-dev
+  secretStoreRefKind: ClusterSecretStore
+  secretStoreRefName: aws-secrets-manager
+  secretManagerSecretNamePrefix: peeks
+  server: remote

gitops/fleet/members/fleet-spoke-prod/values.yaml

@@ -0,0 +1,7 @@
+externalSecret:
+  enabled: true
+  clusterName: spoke-prod
+  secretStoreRefKind: ClusterSecretStore
+  secretStoreRefName: aws-secrets-manager
+  secretManagerSecretNamePrefix: peeks
+  server: remote

platform/infra/terraform/cluster/versions.tf

@@ -8,10 +8,10 @@ terraform {
     }
   }
 
-  # Backend configuration provided via CLI parameters
-  backend "s3" {
-    # bucket provided via -backend-config
-    key = "clusters/terraform.tfstate"
-    use_lockfile = true
-  }
+  # Backend configuration disabled - using local state
+  # backend "s3" {
+  #   # bucket provided via -backend-config
+  #   key = "clusters/terraform.tfstate"
+  #   use_lockfile = true
+  # }
 }

platform/infra/terraform/common/gitlab_infra/versions.tf

@@ -19,10 +19,10 @@ terraform {
       version = ">= 2.0"
     }
   }
-  # Backend configuration provided via CLI parameters
-  backend "s3" {
-    # bucket and provided via -backend-config
-    key = "gitlabinfra/terraform.tfstate"
-    use_lockfile = true
-  }
+  # Backend configuration disabled - using local state
+  # backend "s3" {
+  #   # bucket and provided via -backend-config
+  #   key = "gitlabinfra/terraform.tfstate"
+  #   use_lockfile = true
+  # }
 }

platform/infra/terraform/scripts/0-init.sh

@@ -234,6 +234,10 @@ main() {
                 if [ "${ready_nodes:-0}" -gt 0 ] 2>/dev/null; then
                     print_status "SUCCESS" "Cluster $cluster_name is ready with $ready_nodes nodes"
                     cluster_ready=true
+                elif [ $cluster_wait -ge 60 ]; then
+                    # After 60 seconds, if no nodes, assume Auto Mode cluster with no workloads yet
+                    print_status "WARNING" "Cluster $cluster_name has no nodes (Auto Mode - nodes created on demand). Skipping."
+                    cluster_ready=true
                 else
                     print_status "INFO" "Cluster $cluster_name has no ready nodes yet, waiting..."
                     sleep 15

platform/infra/terraform/scripts/1-tools-urls.sh

@@ -2,6 +2,8 @@
 
 # Source the colors script
 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+source "${SCRIPT_DIR}/colors.sh"
+source "${SCRIPT_DIR}/utils.sh"
 GIT_ROOT_PATH=$(git rev-parse --show-toplevel)
 
 # Source required utility scripts

platform/infra/terraform/scripts/utils.sh

@@ -193,21 +193,24 @@ configure_kubectl_with_fallback() {
 
 # Validate required environment variables and backend resources
 validate_backend_config() {
-  log "Validating S3 backend configuration..."
-
-  if [[ -z "${TFSTATE_BUCKET_NAME:-}" ]]; then
-    log_error "TFSTATE_BUCKET_NAME environment variable is required"
-    exit 1
-  fi
-
-  # Check if S3 bucket exists and is accessible
-  if ! aws s3api head-bucket --bucket "${TFSTATE_BUCKET_NAME}" 2>/dev/null; then
-    log_error "S3 bucket '${TFSTATE_BUCKET_NAME}' does not exist or is not accessible"
-    exit 1
-  fi
+  log "Skipping S3 backend validation (using local state)..."
+  return 0
 
-  log_success "Backend configuration validated"
-  log "S3 Bucket: ${TFSTATE_BUCKET_NAME}"
+  # log "Validating S3 backend configuration..."
+  # 
+  # if [[ -z "${TFSTATE_BUCKET_NAME:-}" ]]; then
+  #   log_error "TFSTATE_BUCKET_NAME environment variable is required"
+  #   exit 1
+  # fi
+  # 
+  # # Check if S3 bucket exists and is accessible
+  # if ! aws s3api head-bucket --bucket "${TFSTATE_BUCKET_NAME}" 2>/dev/null; then
+  #   log_error "S3 bucket '${TFSTATE_BUCKET_NAME}' does not exist or is not accessible"
+  #   exit 1
+  # fi
+  # 
+  # log_success "Backend configuration validated"
+  # log "S3 Bucket: ${TFSTATE_BUCKET_NAME}"
 }
 
 # Initialize Terraform with S3 backend
@@ -218,14 +221,12 @@ initialize_terraform() {
   local attempt=1
   local delay=30
 
-  log "Initializing Terraform with S3 backend for $module_name..."
+  log "Initializing Terraform with local backend for $module_name..."
 
   while [ $attempt -le $max_attempts ]; do
     log "Attempt $attempt of $max_attempts for terraform init..."
 
-    if terraform -chdir=$script_dir init --upgrade \
-      -backend-config="bucket=${TFSTATE_BUCKET_NAME}" \
-      -backend-config="region=${AWS_REGION}"; then
+    if terraform -chdir=$script_dir init --upgrade; then
       log_success "Terraform initialized successfully on attempt $attempt"
 
       # Check for and resolve state locks before proceeding
@@ -252,7 +253,10 @@ initialize_terraform() {
 force_unlock_if_needed() {
   local script_dir=$1
 
-  log "Checking for Terraform state locks..."
+  log "Skipping state lock check (using local state)..."
+  return 0
+
+  # log "Checking for Terraform state locks..."
 
   # Check DynamoDB lock table directly (much faster than terraform plan)
   local lock_table="${TFSTATE_BUCKET_NAME}-lock"
@@ -365,22 +369,10 @@ cleanup_kubernetes_resources_with_fallback() {
 }
 
 gitlab_repository_setup(){
-  log "Setting up GitLab repository..."
-  # Wait for GitLab to be accessible (5 minute timeout)
-  local timeout=300
-  local elapsed=0
-  while ! curl -sf "https://${GITLAB_DOMAIN}" > /dev/null 2>&1; do
-    sleep 5
-    elapsed=$((elapsed + 5))
-    if [ $elapsed -ge $timeout ]; then
-      log_error "GitLab not accessible after 5 minutes"
-      exit 1
-    fi
-  done
+  log "Setting up GitLab repository (skipping push - will be done by 2-gitlab-init.sh)..."
 
   cd "$GIT_ROOT_PATH"
 
-  git config --global credential.helper store
   git config --global user.name "$GIT_USERNAME"
   git config --global user.email "$GIT_USERNAME@workshop.local"
 
@@ -399,22 +391,7 @@ gitlab_repository_setup(){
   if ! git diff --quiet || ! git diff --cached --quiet; then
     git add .
     git commit -m "Updated bootstrap values in Backstag template and Created spoke cluster secret files " || true
-
-    # Try to pull latest changes first to avoid stale info
-    if ! git pull gitlab main --rebase; then
-      log_warning "Failed to pull and rebase, trying without rebase"
-      git pull gitlab main || log_warning "Pull failed, proceeding with push"
-    fi
-
-    if ! git push --set-upstream gitlab HEAD:main --force-with-lease; then
-      if ! git push gitlab HEAD:main --force-with-lease; then
-        # If force-with-lease still fails, try regular push
-        if ! git push gitlab HEAD:main; then
-          log_error "Failed to push repository to GitLab"
-          exit 1
-        fi
-      fi
-    fi
+    log "Changes committed locally. Run 2-gitlab-init.sh to push to GitLab."
   else
     print_info "No changes to commit"
   fi