i-76238: Remove gitea

argocd/root-app/templates/root-app.yaml

@@ -45,6 +45,8 @@ spec:
         valuesObject:
           argo:
             {{- .Values.argo | toYaml | nindent 12 }}
+          orchestratorDeployment:
+            {{- .Values.orchestratorDeployment | toYaml | nindent 12 }}            
           postCustomTemplateOverwrite:
             {{- .Values.postCustomTemplateOverwrite | toYaml | nindent 12 }}
         {{- end }}

argocd/root-app/values.yaml

@@ -21,3 +21,10 @@ argo:
   autosync: true
 
   enabled: {}
+
+orchestratorDeployment:
+  argoServiceType: ""
+  dockerCache: ""
+  dockerCacheCert: ""
+  enableMailpit: ""
+  targetCluster: ""

design-proposals/optional-gitea-changes.md

@@ -0,0 +1,78 @@
+# Eliminate Gitea as a pre-installer dependency
+
+As part of the [platform installer simplification](platform-installer-simplification.md), one of the goals is to decouple
+the platform from a mandatory internal Gitea instance, making it an optional component required only for specific
+features (like App Orchestration). This document outlines the below architectural and code changes introduced.
+
+## 1. Optional Gitea Installation
+
+The most significant change is that the internal Gitea service is no longer installed by default. It is now
+conditionally deployed based on whether **App Orchestration (AO)** is enabled for the target cluster.
+
+### Logic & Implementation
+
+The system determines whether to install Gitea by checking the cluster's configuration profile for the inclusion of the
+App Orchestration component.
+
+#### Magefile (`mage/`)
+
+- **Detection**: A new method `isAOEnabled(targetEnv)` was added to `mage/config.go`.
+  - It reads the cluster configuration file (`orch-configs/clusters/<env>.yaml`).
+  - It parses the `clusterValues` list.
+  - It returns `true` if it finds a reference to `enable-app-orch.yaml`.
+- **Deployment**: In `mage/deploy.go`, the `gitea` function now wraps the helm install command and account creation
+  logic in a conditional block:
+
+  ```go
+  aoEnabled, _ := (Config{}).isAOEnabled(targetEnv)
+  if aoEnabled {
+      // Install Gitea helm chart
+      // Create accounts (argocd, apporch, clusterorch)
+  }
+  ```
+
+#### On-Prem Installer (`on-prem-installers/`)
+
+- **Shell Script**: `onprem/onprem_orch_install.sh` performs a similar check using `grep`.
+  - It scans the generated profile YAML for `enable-app-orch.yaml`.
+  - It sets the environment variable `INSTALL_GITEA="true"` or `"false"`.
+  - This variable is passed to the `apt-get install` command for the Gitea package.
+- **Go Installer**: The `cmd/onprem-orch-installer/main.go` binary reads the `INSTALL_GITEA` environment variable.
+  - If `false`, it skips the step of pushing artifact tarballs to the internal Gitea repo.
+  - It modifies the `getGiteaServiceURL` function to handle cases where the service might not exist (though currently
+    it defaults to a placeholder if not installed).
+
+## 2. Deployment Repository Source Change
+
+The default source of truth for the Orchestrator's ArgoCD applications has shifted from the internal Gitea instance to
+the public GitHub repository.
+
+### Key Changes
+
+- **Default URL**:
+  - In `mage/config.go` and `installer/cluster.tpl`, the `deployRepoURL` default value was changed from:
+    `https://gitea-http.gitea.svc.cluster.local/argocd/edge-manageability-framework`
+    to:
+    `https://github.com/open-edge-platform/edge-manageability-framework`
+- **ArgoCD Configuration**:
+  - `mage/argo.go`: The `repoAdd` function was updated. It now checks if credentials (`gitUser`, `gitToken`) are
+    provided. If they are empty (which is the case for public GitHub), it adds the repository without authentication
+    flags.
+- **Removal of Sync Logic**:
+  - Previously, `mage deploy` would automatically synchronize the local `orch-configs` and `argocd` directories to the
+    internal Gitea instance using `updateDeployRepo`.
+  - This logic has been removed from the main deployment flow in `mage/deploy.go`. The assumption is that deployments
+    now pull from upstream, or users must manually configure a different repo if they want to deploy local changes.
+
+## 3. Configuration Refactoring
+
+Several changes were made to how cluster configurations are processed to support this flexibility.
+
+- **Template Merging (`mage/config.go`)**:
+  - The `parseClusterValues` function was enhanced to support "self-merging". It can now read a cluster template and
+    merge it with itself to resolve internal references.
+  - Logic was added to programmatically merge the `proxyProfile` into the cluster values, reducing the reliance on
+    complex Helm template logic for proxy settings.
+- **Cluster Template (`orch-configs/templates/cluster.tpl`)**:
+  - Simplified the template by removing explicit conditional inclusions for proxy profiles, as this is now handled by
+    the Go code in `mage`.

go.mod

@@ -83,6 +83,7 @@ require (
 	github.com/go-openapi/swag v0.23.1 // indirect
 	github.com/go-resty/resty/v2 v2.16.5 // indirect
 	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
+	github.com/goforj/godump v1.6.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/btree v1.1.3 // indirect

go.sum

@@ -105,6 +105,8 @@ github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZ
 github.com/go-test/deep v1.0.8 h1:TDsG77qcSprGbC6vTN8OuXp5g+J+b5Pcguhf7Zt61VM=
 github.com/go-test/deep v1.0.8/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/goforj/godump v1.6.0 h1:3Dn8gaw5Xxxefr1ezTGTWrTKSr3ihK+eJ2xzRUoFfHQ=
+github.com/goforj/godump v1.6.0/go.mod h1:/Vy+p50JtOkwsFN5dA1HQ7LS5gtPk3f61DaP4UR2o4s=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-jwt/jwt/v5 v5.2.3 h1:kkGXqQOBSDDWRhWNXTFpqGSCMyh/PLnqUvMGJPDJDs0=

installer/generate_cluster_yaml.sh

@@ -73,6 +73,7 @@ export RESOURCE_DEFAULT_PROFILE='- orch-configs/profiles/resource-default.yaml'
 # -----------------------------------------------------------------------------
 export SRE_TLS_ENABLED="${SRE_TLS_ENABLED:-false}"
 export SRE_DEST_CA_CERT="${SRE_DEST_CA_CERT:-}"
+export GITEA_ENABLED="${GITEA_ENABLED:-true}"
 
 # -----------------------------------------------------------------------------
 # Function: Validate IPv4
@@ -139,6 +140,7 @@ fi
 # -----------------------------------------------------------------------------
 if [ "${DISABLE_CO_PROFILE:-false}" = "true" ] || [ "${DISABLE_AO_PROFILE:-false}" = "true" ]; then
     export AO_PROFILE="#- orch-configs/profiles/enable-app-orch.yaml"
+    export GITEA_ENABLED="false"
 else
     export AO_PROFILE="- orch-configs/profiles/enable-app-orch.yaml"
 fi

mage/Magefile.go

@@ -55,9 +55,8 @@ var argoNamespaces = []string{
 	"orch-infra",    // used when creating a secret for mailpit
 }
 
-// FIXME: Ideally this could be extracted from the cluster configuration and aligned with auth secrets - out of scope for now
-var giteaRepos = []string{
-	"https://gitea-http.gitea.svc.cluster.local/argocd/edge-manageability-framework",
+var EMFRepos = []string{
+	"https://github.com/open-edge-platform/edge-manageability-framework",
 }
 
 // Public GitHub repositories can be useful for specific development workflows.
@@ -491,7 +490,10 @@ func (d Deploy) KindPreset(clusterPreset string) error {
 
 // Deploy kind cluster and Argo CD.
 func (d Deploy) Kind(targetEnv string) error {
-	return d.kind(targetEnv)
+	if err := d.kind(targetEnv); err != nil {
+		return err
+	}
+	return d.preOrchDeploy(targetEnv)
 }
 
 func (d Deploy) Gitea(targetEnv string) error {

mage/argo.go

@@ -92,7 +92,13 @@ func (Argo) login() error {
 
 func (Argo) repoAdd(gitUser string, gitToken string, repos []string) error {
 	for _, repo := range repos {
-		cmd := fmt.Sprintf("argocd repo add %s --username %s --password '%s' --upsert --insecure-skip-server-verification --insecure", repo, gitUser, gitToken)
+		var cmd string
+		if gitUser != "" && gitToken != "" {
+			cmd = fmt.Sprintf("argocd repo add %s --username %s --password '%s' --upsert --insecure-skip-server-verification --insecure", repo, gitUser, gitToken)
+		} else {
+			cmd = fmt.Sprintf("argocd repo add %s --upsert --insecure-skip-server-verification --insecure", repo)
+		}
+
 		if _, err := script.Exec(cmd).Stdout(); err != nil {
 			return fmt.Errorf("adding repo %s: %w", repo, err)
 		}

mage/config.go

@@ -36,7 +36,7 @@ var (
 		"enableMailpit":       false,
 		"dockerCache":         "",
 		"dockerCacheCert":     "",
-		"deployRepoURL":       "https://gitea-http.gitea.svc.cluster.local/argocd/edge-manageability-framework",
+		"deployRepoURL":       "https://github.com/open-edge-platform/edge-manageability-framework",
 	}
 )
 
@@ -122,6 +122,16 @@ func parseClusterValues(clusterConfigPath string) (map[string]interface{}, error
 		return nil, fmt.Errorf("invalid cluster definition: 'root' key is missing in the configuration")
 	}
 
+	// merge the cluster template into itself
+	var fileValues map[string]interface{}
+	if err := yaml.Unmarshal(data, &fileValues); err != nil {
+		return nil, fmt.Errorf("failed to unmarshal cluster template: %w", err)
+	}
+	if root, ok := fileValues["root"].(map[string]interface{}); ok {
+		delete(root, "clusterValues")
+	}
+	deepMerge(clusterValues, fileValues)
+
 	return clusterValues, nil
 }
 
@@ -239,6 +249,7 @@ func renderClusterTemplate(presetData map[string]interface{}) (string, error) {
 		return "", fmt.Errorf("failed to render cluster template: %w", err)
 	}
 
+	var proxyProfilePath string
 	if proxyProfile, ok := presetData["proxyProfile"].(string); ok && proxyProfile != "" {
 		proxyValuesData, err := os.ReadFile(proxyProfile)
 		if err != nil {
@@ -272,6 +283,40 @@ func renderClusterTemplate(presetData map[string]interface{}) (string, error) {
 		if err := proxyTmpl.Execute(proxyOutputFile, proxyValues); err != nil {
 			return "", fmt.Errorf("failed to render proxy template: %w", err)
 		}
+
+		proxyProfilePath = proxyOutputPath
+	} else {
+		proxyProfilePath = "orch-configs/profiles/proxy-none.yaml"
+	}
+
+	// Merge the generated cluster values file with the proxy profile values file.
+	clusterValuesData, err := os.ReadFile(outputPath)
+	if err != nil {
+		return "", fmt.Errorf("failed to read cluster values file '%s': %w", outputPath, err)
+	}
+	proxyValuesData, err := os.ReadFile(proxyProfilePath)
+	if err != nil {
+		return "", fmt.Errorf("failed to read proxy profile file '%s': %w", proxyProfilePath, err)
+	}
+
+	var clusterValues map[string]interface{}
+	if err := yaml.Unmarshal(clusterValuesData, &clusterValues); err != nil {
+		return "", fmt.Errorf("failed to unmarshal cluster values: %w", err)
+	}
+	var proxyValues map[string]interface{}
+	if err := yaml.Unmarshal(proxyValuesData, &proxyValues); err != nil {
+		return "", fmt.Errorf("failed to unmarshal proxy values: %w", err)
+	}
+
+	deepMerge(clusterValues, proxyValues)
+
+	mergedYaml, err := writeMapAsYAML(clusterValues)
+	if err != nil {
+		return "", fmt.Errorf("failed to marshal merged values: %w", err)
+	}
+
+	if err := os.WriteFile(outputPath, []byte(mergedYaml), 0o644); err != nil {
+		return "", fmt.Errorf("failed to write merged values to file: %w", err)
 	}
 
 	return clusterName, nil
@@ -402,6 +447,7 @@ func (Config) getTargetValues(targetEnv string) (map[string]interface{}, error)
 	}
 
 	clusterFilePath := fmt.Sprintf("orch-configs/clusters/%s.yaml", targetEnv)
+	fmt.Printf("Loading cluster values from: %s\n", clusterFilePath)
 	targetValues, err := parseClusterValues(clusterFilePath)
 	if err != nil {
 		return nil, fmt.Errorf("failed to parse cluster values: %w", err)
@@ -474,6 +520,39 @@ func (c Config) isMailpitEnabled(targetEnv string) (bool, error) {
 	return enableMailpit, nil
 }
 
+func (c Config) isAOEnabled(targetEnv string) (bool, error) {
+	if targetEnv == "" {
+		return false, fmt.Errorf("target environment is not specified")
+	}
+
+	clusterFilePath := fmt.Sprintf("orch-configs/clusters/%s.yaml", targetEnv)
+	fmt.Printf("Loading cluster values from: %s\n", clusterFilePath)
+
+	data, err := os.ReadFile(clusterFilePath)
+	if err != nil {
+		return false, fmt.Errorf("failed to read cluster configuration file: %w", err)
+	}
+
+	var rootConfig map[string]interface{}
+	if err := yaml.Unmarshal(data, &rootConfig); err != nil {
+		return false, fmt.Errorf("failed to unmarshal cluster configuration: %w", err)
+	}
+
+	if root, ok := rootConfig["root"].(map[string]interface{}); ok {
+		if clusterValuesPaths, ok := root["clusterValues"].([]interface{}); ok {
+			for _, path := range clusterValuesPaths {
+				if pathStr, ok := path.(string); ok {
+					if strings.Contains(pathStr, "enable-app-orch.yaml") {
+						return true, nil
+					}
+				}
+			}
+		}
+	}
+
+	return false, nil
+}
+
 func (c Config) getDockerCache(targetEnv string) (string, error) {
 	clusterValues, err := c.getTargetValues(targetEnv)
 	if err != nil {