Init of preprod branch

README.md

@@ -0,0 +1,16 @@
+# Test webhook trigger
+# Test webhook delivery
+# Webhook test after oauth2-proxy fix
+#Another test
+# Final webhook test
+# Webhook test with separate ingress
+# Test after GitHub App installation
+Test preprod pipeline - Wed Dec  3 21:20:32 CET 2025
+# Test simplified preprod config
+# Test real jobs with full tenant config
+# Trigger build with preprod config repos 1764798016
+# Final test 1764798277
+# Test with zuul-config tenant changes 1764799024
+# Test after base jobs fix 1764799709
+# Test with zuul-jobs base jobs 1764800726
+# Test workspace copy fix - Mon Dec  8 09:56:01 CET 2025

inventory/service/group_vars/cloud-iam-policies.yaml

@@ -0,0 +1,34 @@
+---
+# IAM Custom Policies for OTC Cloud Resources
+# These policies are managed via cloud-identity.yaml playbook
+
+cloud_iam_policies:
+  - name: OBS-Zuul-Logs-Management
+    description: "Policy for Zuul to manage OBS buckets for log storage"
+    cloud: otcci-pool1
+    type: custom
+    policy_type: json
+    policy_document:
+      Version: "1.1"
+      Statement:
+        - Effect: Allow
+          Action:
+            - "obs:bucket:CreateBucket"
+            - "obs:bucket:PutBucketAcl"
+            - "obs:bucket:ListAllMyBuckets"
+            - "obs:bucket:GetBucketAcl"
+            - "obs:object:GetObject"
+            - "obs:object:PutObject"
+            - "obs:object:DeleteObject"
+            - "obs:object:ListMultipartUploadParts"
+          Resource:
+            - "obs:*:*:bucket:zuul-*-logs"
+            - "obs:*:*:object:zuul-*-logs/*"
+
+# IAM Policy Attachments
+cloud_iam_policy_attachments:
+  - policy_name: OBS-Zuul-Logs-Management
+    cloud: otcci-pool1
+    project: eu-de_nodepool_pool1
+    users:
+      - nodepool_preprod

inventory/service/group_vars/cloud-obs-buckets.yaml

@@ -0,0 +1,34 @@
+---
+# OBS Buckets Configuration
+# These buckets are managed via cloud-obs.yaml playbook
+
+cloud_obs_buckets:
+  - name: zuul-preprod-logs
+    cloud: otcci-pool1
+    acl: public-read
+    storage_class: STANDARD
+    description: "Zuul preprod job logs storage"
+    policy:
+      Statement:
+        - Sid: "AllowNodepoolPreproAccess"
+          Effect: Allow
+          Principal:
+            ID:
+              - "domain/OTC00000000001000000449:user/nodepool_preprod"
+          Action:
+            - "GetObject"
+            - "PutObject"
+            - "DeleteObject"
+            - "ListBucket"
+            - "GetBucketAcl"
+          Resource:
+            - "zuul-preprod-logs/*"
+            - "zuul-preprod-logs"
+        - Sid: "AllowPublicRead"
+          Effect: Allow
+          Principal:
+            ID: ["*"]
+          Action:
+            - "GetObject"
+          Resource:
+            - "zuul-preprod-logs/*"

kubernetes/helm_charts/local/anubis/templates/deployment.yaml

@@ -0,0 +1,88 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "anubis.fullname" . }}
+  labels:
+    {{- include "anubis.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "anubis.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "anubis.selectorLabels" . | nindent 8 }}
+        {{- if .Values.anubis.podLabels }}
+        {{- toYaml .Values.anubis.podLabels | nindent 8 }}
+        {{- end }}
+      {{- if .Values.anubis.podAnnotations }}
+      annotations:
+        {{- toYaml .Values.anubis.podAnnotations | nindent 8 }}
+      {{- end }}
+    spec:
+      {{- if .Values.image.pullSecrets }}
+      imagePullSecrets:
+        {{- range .Values.image.pullSecrets }}
+        - name: {{ . }}
+        {{- end }}
+      {{- end }}
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: {{ .Values.anubis.securityContext.runAsUser | default 1000 }}
+        fsGroup: {{ .Values.anubis.securityContext.fsGroup }}
+        seccompProfile:
+          type: RuntimeDefault
+      containers:
+        - name: anubis
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+            runAsUser: {{ .Values.anubis.securityContext.runAsUser | default 1000 }}
+            capabilities:
+              drop:
+                - ALL
+          ports:
+            - name: http
+              containerPort: 8080
+            - name: metrics
+              containerPort: 9090
+          env:
+            {{- range $name, $value := .Values.anubis.env }}
+            - name: {{ $name }}
+              value: "{{ $value }}"
+            {{- end }}
+            {{- if .Values.config.enabled }}
+            - name: POLICY_FNAME
+              value: "{{ .Values.config.path }}"
+            {{- end }}
+            {{- range .Values.anubis.extraEnv }}
+            - name: {{ .name }}
+              {{- if .value }}
+                value: "{{ .value }}"
+              {{- else if .valueFrom }}
+                valueFrom:
+                  {{- toYaml .valueFrom | nindent 14 }}
+              {{- end }}
+            {{- end }}
+          volumeMounts:
+            {{- if .Values.config.enabled }}
+            - name: anubis-policy
+              mountPath: {{ dir .Values.config.path | quote }}
+            {{- end }}
+          resources:
+            {{- toYaml .Values.anubis.resources | nindent 12 }}
+      volumes:
+        {{- if .Values.config.enabled }}
+        - name: anubis-policy
+          configMap:
+            name: {{ include "anubis.fullname" . }}-policy
+        {{- end }}
+      nodeSelector:
+        {{- toYaml .Values.anubis.nodeSelector | nindent 8 }}
+      tolerations:
+        {{- toYaml .Values.anubis.tolerations | nindent 8 }}
+      affinity:
+        {{- toYaml .Values.anubis.affinity | nindent 8 }}