WIP: Start adding CI/CD
Some checks failed
ci/woodpecker/push/helmfile Pipeline failed

This commit is contained in:
Nikolai Rodionov 2024-10-16 21:20:13 +02:00
parent d6613dbe4e
commit 57a1fe0bcb
Signed by: allanger
GPG Key ID: 0AA46A90E25592AD
2 changed files with 89 additions and 0 deletions

40
.woodpecker/helmfile.yaml Normal file
View File

@ -0,0 +1,40 @@
when:
event:
- push
matrix:
include:
- NAME: badhouseplants
ENV: badhouseplants
.opts: &opts
secrets:
- sops_age_key
image: ghcr.io/helmfile/helmfile:latest
backend_options:
kubernetes:
serviceAccountName: woodpecker-ci
#resources:
# requests:
# memory: 1200Mi
# cpu: 2
# limits:
# memory: 1200Mi
# cpu: 2
steps:
diff:
!!merge <<: *opts
when:
- branch:
exclude:
- main
commands:
- sed -i "/\b\(kubeContext\)\b/d" common/environments.yaml
- helmfile -e "${ENV}" diff
diff:
!!merge <<: *opts
when:
- branch:
include:
- main
commands:
- sed -i "/\b\(kubeContext\)\b/d" common/environments.yaml
- helmfile -e "${ENV}" apply

View File

@ -0,0 +1,49 @@
#!/usr/bin/env bash
# you need to have kubectl on PATH with the context set to the cluster you want to create the config for
# Cosmetics for the created config
clusterName="${CLUSTER_NAME}"
# your server address goes here get it via `kubectl cluster-info`
server="${CLUSTER_URL}"
# the Namespace and ServiceAccount name that is used for the config
export namespace='pipelines'
export serviceAccount='woodpecker-ci'
# The following automation does not work from Kubernetes 1.24 and up.
# You might need to
# define a Secret, reference the ServiceAccount there and set the secretName by hand!
# See https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#manually-create-a-long-lived-api-token-for-a-serviceaccount for details
secretName=$(kubectl --namespace="$namespace" get serviceAccount "$serviceAccount" -o=jsonpath='{.secrets[0].name}')
######################
# actual script starts
set -o errexit
ca=$(kubectl --namespace="$namespace" get secret/"$secretName" -o=jsonpath='{.data.ca\.crt}')
token=$(kubectl --namespace="$namespace" get secret/"$secretName" -o=jsonpath='{.data.token}' | base64 --decode)
echo "
---
apiVersion: v1
kind: Config
clusters:
- name: ${clusterName}
cluster:
certificate-authority-data: ${ca}
server: ${server}
contexts:
- name: ${serviceAccount}@${clusterName}
context:
cluster: ${clusterName}
namespace: ${namespace}
user: ${serviceAccount}
users:
- name: ${serviceAccount}
user:
token: ${token}
current-context: ${serviceAccount}@${clusterName}
"