commit 06fa268f4f49b48268e5fb7a3291a6bbe6fe7503 Author: LionsCtl Bot Date: Sat Aug 30 03:34:26 2025 +0000 Initial lionsctl configuration - Vault integration with token authentication - Docker registry configuration (registry.lions.dev) - Kubernetes clusters (k1, k2) - Security policies (Cosign, Trivy, OPA) - Monitoring setup (Prometheus, Grafana) diff --git a/README.md b/README.md new file mode 100644 index 0000000..1a4c571 --- /dev/null +++ b/README.md @@ -0,0 +1,15 @@ +# 🦁 LionsCtl Configuration Repository + +This repository contains the global configuration for lionsctl CI/CD platform. + +## Usage +lionsctl automatically fetches this configuration from: +- **Repository**: https://git.lions.dev/lionsctl-bot/lionsctl-config +- **File**: lionsctl.yaml + +## Configuration Sections +- πŸ” Vault integration +- 🐳 Docker registry +- ☸️ Kubernetes clusters +- πŸ”’ Security policies +- πŸ“Š Monitoring setup diff --git a/lionsctl.yaml b/lionsctl.yaml new file mode 100755 index 0000000..8aeca98 --- /dev/null +++ b/lionsctl.yaml @@ -0,0 +1,141 @@ +# 🦁 Lionsctl Configuration +# This is the default configuration file for lionsctl +# Enterprise-grade CI/CD platform for lions.dev + +version: "2.0.0-alpha" +environment: "development" +log_level: "info" + +# Compatibility settings +compatibility: + enabled: true + version: "2.0" + fallback: true + +# Container registry configuration +docker: + registry: + url: "registry.lions.dev" + namespace: "" + insecure: false + buildkit: + enabled: true + driver: "docker-container" + platforms: ["linux/amd64", "linux/arm64"] + daemon: + host: "unix:///var/run/docker.sock" + timeout: "30s" + +# Git configuration +git: + domain: "git.lions.dev" + base_url: "https://git.lions.dev" + default_branch: "main" + # Credentials managed via Vault + vault_path: "secret/data/lionsctl/git" + auth_method: "token" # token-based auth via HTTPS + +# HashiCorp Vault configuration +vault: + address: "https://vault.lions.dev" + namespace: "" + timeout: "10s" + token: "hvs.PQ5emcpA9SNqvx5sjuuub2TD" + engines: + kv: "secret/" + transit: "transit/" + pki: "pki/" + auth: + method: "token" + path: "auth/token" + role: "lionsctl" + +# Kubernetes configuration +kubernetes: + clusters: + - name: "k1-siib" + context: "k1" + server: "https://k8s-k1.lions.dev" + - name: "k2-sigobe" + context: "k2" + server: "https://k8s-k2.lions.dev" + context: "" # Auto-detect + namespace: "default" + timeout: "30s" + +# Monitoring and observability +monitoring: + prometheus: + url: "https://prometheus.lions.dev" + timeout: "10s" + metrics: + enabled: true + namespace: "lionsctl" + interval: "15s" + port: 8080 + path: "/metrics" + grafana: + url: "https://grafana.lions.dev" + org_id: 1 + tracing: + enabled: true + provider: "jaeger" + service_name: "lionsctl" + sample_rate: 0.1 + logging: + level: "info" + format: "json" + structured: true + +# Build configuration +build: + parallel: true + max_parallel: 4 + timeout: "30m" + cache: + enabled: true + ttl: "24h" + type: "memory" # memory, redis, file + retry: + enabled: true + max_retries: 3 + delay: "5s" + backoff: "exponential" + maven: + goals: ["clean", "package"] + skip_tests: false + offline: false + nodejs: + package_manager: "npm" # npm, yarn, pnpm + registry: "https://registry.npmjs.org" + skip_tests: false + +# Security configuration +security: + signing: + enabled: true + provider: "cosign" # cosign, notary + keyless: true + oidc_token: true + scanning: + enabled: true + provider: "trivy" # trivy, grype, snyk + fail_on: ["critical", "high"] + exclude: [] + timeout: "5m" + policies: + enabled: true + provider: "opa" # opa, falco + action: "warn" # warn, block + compliance: + enabled: true + standards: ["slsa", "sbom"] + reports: true + +# User interface configuration +ui: + color: true + interactive: true + theme: "lions" + progress: true + animations: true \ No newline at end of file