From 0fd5175a1d6097dd35e673cc5433f08a616b86be Mon Sep 17 00:00:00 2001
From: ange <ange@yw5n.com>
Date: Sun, 22 Dec 2024 06:15:20 +0000
Subject: [PATCH] fix: create user from secret instead of env

---
 manifests/bin/createadmin.sh      | 35 ++++++++++++++-----------------
 manifests/common/createadmin.yaml | 17 ++++++++-------
 2 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/manifests/bin/createadmin.sh b/manifests/bin/createadmin.sh
index 3f372e4..88a38d0 100755
--- a/manifests/bin/createadmin.sh
+++ b/manifests/bin/createadmin.sh
@@ -2,32 +2,29 @@
 
 function get_token() {
     kubectl exec app-0 -- gitea admin user generate-access-token \
-            --username "$NAME" \
-            --token-name "${NAME^^}" \
+            --username "$name" \
+            --token-name "${name^^}" \
             --scopes "$scopes" \
         | awk '{print $NF}'
 }
 
-export NAME="$1"
+name="$1"
 scopes="$2"
-export EMAIL="$NAME@$BASE_URL"
-export SECRET="gitea-$NAME"
+email="$name@$BASE_URL"
+secret="gitea-$name"
 
-if ! kubectl get secret "$SECRET" > /dev/null 2>&1; then
-    p="$(openssl rand -hex 32)"
-    kapply common/createadmin.yaml
-else
-    p="$(kgseckey "$SECRET" password)"
+if ! kubectl get secret "$secret" > /dev/null 2>&1; then
+    kcreatesec "$secret" \
+        --from-literal=email="$email" \
+        --from-literal=username="$name" \
+        --from-literal=password="$(openssl rand -hex 32)"
+    SECRET="$secret" kapply common/createadmin.yaml
 fi
 
-opts=()
 if [ -n "$scopes" ]; then
-    token="$(kgseckey "$SECRET" token || get_token)"
-    opts+=(--from-literal=token="$token")
+    kcreatesec "$secret" \
+        --from-literal=email="$email" \
+        --from-literal=username="$name" \
+        --from-literal=password="$(kgseckey "$secret" password)" \
+        --from-literal=token="$(kgseckey "$secret" token || get_token)"
 fi
-
-kcreatesec "$SECRET" \
-    --from-literal=email="$NAME@$BASE_URL" \
-    --from-literal=username="$NAME" \
-    --from-literal=password="$p" \
-    "${opts[@]}"
diff --git a/manifests/common/createadmin.yaml b/manifests/common/createadmin.yaml
index 7fc761d..3afa493 100644
--- a/manifests/common/createadmin.yaml
+++ b/manifests/common/createadmin.yaml
@@ -10,17 +10,20 @@ spec:
       containers:
         - name: createuser
           image: "$IMAGEAPP"
+          envFrom:
+            - secretRef:
+                name: "$SECRET"
           command:
             - bash
             - -c
             - |
-              gitea admin user change-password --must-change-password=false \
-                --username "$NAME" \
-                --password "$PASS" 2> /dev/null \
-              || gitea admin user create --admin --must-change-password=false \
-                --email "$EMAIL" \
-                --username "$NAME" \
-                --password "$PASS"
+              gitea admin user change-password --must-change-password=false
+                --username "$username"
+                --password "$password"
+              || gitea admin user create --admin --must-change-password=false
+                --email "$email"
+                --username "$username"
+                --password "$password"
           volumeMounts:
             - name: config
               mountPath: /etc/gitea/app.ini