From a0df0c8461e6682d53a9e951bf193fc9244da730 Mon Sep 17 00:00:00 2001
From: Simon Emms <simon@simonemms.com>
Date: Sat, 7 Dec 2024 13:33:25 +0000
Subject: [PATCH] feat: install argocd widget on homepage

---
 .pre-commit-config.yaml                   |  1 +
 modules/kubernetes/argocd.tf              | 27 ++++++++++++++++++-----
 modules/kubernetes/files/argocd.yaml      |  4 ++++
 registry/components/homepage/secrets.yaml |  3 +++
 4 files changed, 30 insertions(+), 5 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index ce4dc10..4a8ea44 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -12,6 +12,7 @@ repos:
           - --no-sort-keys
       - id: check-json
       - id: check-yaml
+        exclude: ^modules
         args:
           - --allow-multiple-documents
       - id: end-of-file-fixer
diff --git a/modules/kubernetes/argocd.tf b/modules/kubernetes/argocd.tf
index 5651491..61bfc61 100644
--- a/modules/kubernetes/argocd.tf
+++ b/modules/kubernetes/argocd.tf
@@ -12,6 +12,15 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+locals {
+  additional_users = {
+    "homepage" = {
+      cap  = "apiKey"
+      role = "readonly"
+    }
+  }
+}
+
 resource "kubernetes_namespace_v1" "argocd" {
   metadata {
     name = "argocd"
@@ -56,6 +65,9 @@ resource "helm_release" "argocd" {
 
   values = [
     templatefile("${path.module}/files/argocd.yaml", {
+      additional_users = yamlencode({
+        for group, user in local.additional_users : "accounts.${group}" => user.cap
+      })
       cluster_issuer = var.cluster_issuer
       domain         = "argocd.${var.domain}"
       oidc_config = {
@@ -83,11 +95,16 @@ resource "helm_release" "argocd" {
           ] : "p, role:org-admin, ${resource}, *, *, allow"
         ],
         # Assign GitHub org
-        flatten([
-          for role, teams in var.argocd_github_teams : [
-            for team in teams : "g, ${var.argocd_github_org}:${team}, role:${role}"
-          ]
-        ])
+        flatten(
+          concat(
+            [
+              for role, teams in var.argocd_github_teams : [
+                for team in teams : "g, ${var.argocd_github_org}:${team}, role:${role}"
+              ]
+            ],
+            [for group, user in local.additional_users : "g, ${group}, role:${user.role}"]
+          )
+        )
       ))
     })
   ]
diff --git a/modules/kubernetes/files/argocd.yaml b/modules/kubernetes/files/argocd.yaml
index 46c6c5e..dd07d2d 100644
--- a/modules/kubernetes/files/argocd.yaml
+++ b/modules/kubernetes/files/argocd.yaml
@@ -31,6 +31,9 @@ server:
       gethomepage.dev/group: Cluster
       gethomepage.dev/icon: argocd
       gethomepage.dev/name: ArgoCD
+      gethomepage.dev/widget.type: argocd
+      gethomepage.dev/widget.url: http://argocd-server.argocd.svc.cluster.local
+      gethomepage.dev/widget.key: "{{HOMEPAGE_VAR_ARGOCD_KEY}}"
     tls: true
     extraTLS:
       - hosts:
@@ -44,6 +47,7 @@ configs:
     oidc.tls.insecure.skip.verify: ${oidc_tls_skip_verify}
     statusbadge.enabled: true
     url: https://${domain}
+    ${indent(4, additional_users)}
   params:
     server.insecure: true
   rbac:
diff --git a/registry/components/homepage/secrets.yaml b/registry/components/homepage/secrets.yaml
index 2ee9aad..9e2279e 100644
--- a/registry/components/homepage/secrets.yaml
+++ b/registry/components/homepage/secrets.yaml
@@ -13,6 +13,9 @@ spec:
   target:
     name: homepage-secrets
   data:
+    - secretKey: HOMEPAGE_VAR_ARGOCD_KEY
+      remoteRef:
+        key: ARGOCD_HOMEPAGE_TOKEN
     - secretKey: HOMEPAGE_VAR_CALENDAR_SIMONEMMS_GMAIL_COM
       remoteRef:
         key: CALENDAR_SIMONEMMS_GMAIL_COM