# CI/CD Mode Configuration # Automated pipeline execution let contracts = import "./contracts.ncl" in let oci_defaults = import "../oci_registry/defaults.ncl" in { mode_name = "cicd", description = "CI/CD pipeline automated execution", authentication = { auth_type = "token", token_config = { token_path = "/var/run/secrets/provisioning/token", token_format = "jwt", expiry_seconds = 3600, refresh_enabled = false, }, ssh_key_storage = "kms", }, services = { orchestrator = { deployment = "remote", remote_config = { endpoint = "orchestrator.cicd.local", port = 8080, tls_enabled = true, verify_ssl = true, timeout = 60, retries = 5, }, }, control_center = { deployment = "disabled", }, coredns = { deployment = "remote", remote_config = { endpoint = "dns.cicd.local", port = 53, }, }, gitea = { deployment = "remote", remote_config = { endpoint = "git.cicd.local", port = 443, tls_enabled = true, }, }, oci_registry = oci_defaults.remote_harbor_registry & { endpoint = "registry.cicd.local", remote = { timeout = 60, retries = 5, verify_ssl = true, }, namespaces = { extensions = "cicd-extensions", kcl_packages = "cicd-kcl", platform_images = "cicd-platform", test_images = "cicd-test", }, }, }, extensions = { source = "oci", oci_registry = { enabled = true, endpoint = "registry.cicd.local", namespace = "cicd-extensions", auth_token_path = "/var/run/secrets/provisioning/oci-token", tls_enabled = true, verify_ssl = true, cache_dir = "/tmp/provisioning-oci-cache", }, }, workspaces = { locking = "disabled", git_integration = "required", isolation = "strict", max_workspaces_per_user = 1, }, security = { encryption_at_rest = true, encryption_in_transit = true, dns_modification = "coredns", audit_logging = true, audit_log_path = "/var/log/provisioning/cicd-audit.log", network_isolation = true, }, resource_limits = { max_servers_per_user = 5, max_cpu_cores_per_user = 16, max_memory_gb_per_user = 64, max_storage_gb_per_user = 200, }, } | contracts.ExecutionMode