From 5bf9c03cf83e85f1efcb421533af89e9a7270ad5 Mon Sep 17 00:00:00 2001 From: Khue Doan Date: Fri, 5 Jan 2024 00:15:17 +0700 Subject: [PATCH] feat: install Woodpecker CI --- .../files/secret-generator/config.yaml | 7 +++++ platform/woodpecker/Chart.yaml | 7 +++++ platform/woodpecker/templates/secret.yaml | 22 ++++++++++++++ platform/woodpecker/values.yaml | 30 +++++++++++++++++++ scripts/hacks | 1 + 5 files changed, 67 insertions(+) create mode 100644 platform/woodpecker/Chart.yaml create mode 100644 platform/woodpecker/templates/secret.yaml create mode 100644 platform/woodpecker/values.yaml diff --git a/platform/global-secrets/files/secret-generator/config.yaml b/platform/global-secrets/files/secret-generator/config.yaml index ebe92114..93441b1d 100644 --- a/platform/global-secrets/files/secret-generator/config.yaml +++ b/platform/global-secrets/files/secret-generator/config.yaml @@ -25,3 +25,10 @@ - key: token length: 32 special: false + +# Woodpecker +- name: woodpecker.agent + data: + - key: secret + length: 32 + special: false diff --git a/platform/woodpecker/Chart.yaml b/platform/woodpecker/Chart.yaml new file mode 100644 index 00000000..a7b0df91 --- /dev/null +++ b/platform/woodpecker/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: woodpecker +version: 0.0.0 +dependencies: + - name: woodpecker + version: 1.0.3 + repository: https://woodpecker-ci.org diff --git a/platform/woodpecker/templates/secret.yaml b/platform/woodpecker/templates/secret.yaml new file mode 100644 index 00000000..850bbdce --- /dev/null +++ b/platform/woodpecker/templates/secret.yaml @@ -0,0 +1,22 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: woodpecker-secret + namespace: {{ .Release.Namespace }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: global-secrets + data: + - secretKey: WOODPECKER_GITEA_CLIENT + remoteRef: + key: gitea.woodpecker + property: client_id + - secretKey: WOODPECKER_GITEA_SECRET + remoteRef: + key: gitea.woodpecker + property: client_secret + - secretKey: WOODPECKER_AGENT_SECRET + remoteRef: + key: woodpecker.agent + property: secret diff --git a/platform/woodpecker/values.yaml b/platform/woodpecker/values.yaml new file mode 100644 index 00000000..01075e54 --- /dev/null +++ b/platform/woodpecker/values.yaml @@ -0,0 +1,30 @@ +woodpecker: + agent: + replicaCount: 2 + env: + WOODPECKER_BACKEND_K8S_STORAGE_RWX: false + # Agents will spawn pods to run workflow steps using the + # Kubernetes backend instead of running them directly on + # the agent pod, so we can run many workflows per agent. + WOODPECKER_MAX_WORKFLOWS: 10 + server: + env: + WOODPECKER_HOST: https://ci.khuedoan.com + WOODPECKER_WEBHOOK_HOST: http://woodpecker-server.woodpecker + WOODPECKER_GITEA: true + WOODPECKER_GITEA_URL: https://git.khuedoan.com + WOODPECKER_OPEN: true + WOODPECKER_ADMIN: gitea_admin + ingress: + enabled: true + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + ingressClassName: nginx + hosts: + - host: &host ci.khuedoan.com + paths: + - path: / + tls: + - secretName: woodpecker-tls-certificate + hosts: + - *host diff --git a/scripts/hacks b/scripts/hacks index 41f6c57a..af009b31 100755 --- a/scripts/hacks +++ b/scripts/hacks @@ -181,6 +181,7 @@ def main() -> None: ] gitea_oauth_apps = [ + {'name': 'woodpecker', 'redirect_uri': f"https://{client.NetworkingV1Api().read_namespaced_ingress('woodpecker-server', 'woodpecker').spec.rules[0].host}/authorize"} ] kanidm_groups = [