Compare commits
9 commits
e225d8f1fc
...
ab8150ccc6
| Author | SHA1 | Date | |
|---|---|---|---|
| ab8150ccc6 | |||
| ea7b51453b | |||
| d4fbf45f75 | |||
| 728e201ec2 | |||
| de505f5471 | |||
| 49ad1b3bc0 | |||
| faaf63cf25 | |||
| eb8b98f259 | |||
| 0cdab3975e |
10 changed files with 76 additions and 15 deletions
|
|
@ -1,20 +1,18 @@
|
||||||
on:
|
on:
|
||||||
push:
|
pull_request:
|
||||||
branches:
|
|
||||||
- dev
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
validate:
|
validate:
|
||||||
runs-on: docker
|
runs-on: docker
|
||||||
|
defaults:
|
||||||
|
run:
|
||||||
|
shell: sh
|
||||||
|
env:
|
||||||
|
DOCKER_HOST: tcp://172.17.0.1:2375
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
- name: Install kubeconform
|
|
||||||
run: |
|
|
||||||
wget -O- https://github.com/yannh/kubeconform/releases/latest/download/kubeconform-linux-amd64.tar.gz | tar xz
|
|
||||||
mv kubeconform /usr/local/bin
|
|
||||||
|
|
||||||
- name: Validate manifests
|
- name: Validate manifests
|
||||||
run: |
|
run: |
|
||||||
kubeconform \
|
kubeconform \
|
||||||
|
|
@ -24,3 +22,46 @@ jobs:
|
||||||
-schema-location default \
|
-schema-location default \
|
||||||
-schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json' \
|
-schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json' \
|
||||||
./manifests/
|
./manifests/
|
||||||
|
|
||||||
|
- name: Create test cluster
|
||||||
|
run: k3d cluster create test --wait
|
||||||
|
|
||||||
|
- name: Install ArgoCD
|
||||||
|
run: |
|
||||||
|
kubectl create namespace argocd
|
||||||
|
kubectl apply -n argocd --server-side -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
|
||||||
|
kubectl apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.27.0/controller.yaml
|
||||||
|
kubectl wait --for=condition=available --timeout=180s \
|
||||||
|
deployment/argocd-server \
|
||||||
|
deployment/argocd-repo-server \
|
||||||
|
deployment/argocd-applicationset-controller \
|
||||||
|
-n argocd
|
||||||
|
kubectl wait --for=condition=available --timeout=60s \
|
||||||
|
deployment/sealed-secrets-controller -n kube-system
|
||||||
|
|
||||||
|
- name: Import SealedSecrets key
|
||||||
|
env:
|
||||||
|
SEALED_SECRETS_KEY: ${{ secrets.SEALED_SECRETS_KEY }}
|
||||||
|
run: |
|
||||||
|
echo "$SEALED_SECRETS_KEY" | kubectl apply -f -
|
||||||
|
kubectl rollout restart deployment/sealed-secrets-controller -n kube-system
|
||||||
|
kubectl rollout status deployment/sealed-secrets-controller -n kube-system --timeout=60s
|
||||||
|
|
||||||
|
- name: Apply ArgoCD apps
|
||||||
|
run: kubectl apply -f apps/
|
||||||
|
|
||||||
|
- name: Wait for ArgoCD sync
|
||||||
|
run: |
|
||||||
|
sleep 10
|
||||||
|
kubectl wait applications \
|
||||||
|
--all \
|
||||||
|
--namespace argocd \
|
||||||
|
--for=jsonpath='{.status.health.status}'=Healthy \
|
||||||
|
--timeout=300s
|
||||||
|
|
||||||
|
- name: Wait for all deployments
|
||||||
|
run: kubectl wait --for=condition=available --timeout=300s deployment --all --all-namespaces
|
||||||
|
|
||||||
|
- name: Cleanup
|
||||||
|
if: always()
|
||||||
|
run: k3d cluster delete test
|
||||||
|
|
|
||||||
|
|
@ -6,7 +6,7 @@ metadata:
|
||||||
spec:
|
spec:
|
||||||
project: default
|
project: default
|
||||||
source:
|
source:
|
||||||
repoURL: http://forgejo.forgejo.svc.cluster.local:3000/jad0s/gitops.git
|
repoURL: https://forgejo.libretalk.eu/jad0s/gitops.git
|
||||||
targetRevision: HEAD
|
targetRevision: HEAD
|
||||||
path: manifests/argocd
|
path: manifests/argocd
|
||||||
destination:
|
destination:
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@ metadata:
|
||||||
spec:
|
spec:
|
||||||
project: default
|
project: default
|
||||||
source:
|
source:
|
||||||
repoURL: http://forgejo.forgejo.svc.cluster.local:3000/jad0s/gitops.git
|
repoURL: https://forgejo.libretalk.eu/jad0s/gitops.git
|
||||||
targetRevision: HEAD
|
targetRevision: HEAD
|
||||||
path: manifests/cert-manager
|
path: manifests/cert-manager
|
||||||
destination:
|
destination:
|
||||||
|
|
|
||||||
|
|
@ -6,7 +6,7 @@ metadata:
|
||||||
spec:
|
spec:
|
||||||
project: default
|
project: default
|
||||||
source:
|
source:
|
||||||
repoURL: http://forgejo.forgejo.svc.cluster.local:3000/jad0s/gitops.git
|
repoURL: https://forgejo.libretalk.eu/jad0s/gitops.git
|
||||||
targetRevision: HEAD
|
targetRevision: HEAD
|
||||||
path: manifests/forgejo
|
path: manifests/forgejo
|
||||||
destination:
|
destination:
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@ metadata:
|
||||||
spec:
|
spec:
|
||||||
project: default
|
project: default
|
||||||
source:
|
source:
|
||||||
repoURL: http://forgejo.forgejo.svc.cluster.local:3000/jad0s/gitops.git
|
repoURL: https://forgejo.libretalk.eu/jad0s/gitops.git
|
||||||
targetRevision: HEAD
|
targetRevision: HEAD
|
||||||
path: manifests/metallb
|
path: manifests/metallb
|
||||||
destination:
|
destination:
|
||||||
|
|
|
||||||
|
|
@ -15,4 +15,4 @@ spec:
|
||||||
syncPolicy:
|
syncPolicy:
|
||||||
automated:
|
automated:
|
||||||
prune: true
|
prune: true
|
||||||
selfheal: true
|
selfHeal: true
|
||||||
|
|
|
||||||
|
|
@ -6,7 +6,7 @@ metadata:
|
||||||
spec:
|
spec:
|
||||||
project: default
|
project: default
|
||||||
source:
|
source:
|
||||||
repoURL: http://forgejo.forgejo.svc.cluster.local:3000/jad0s/gitops.git
|
repoURL: https://forgejo.libretalk.eu/jad0s/gitops.git
|
||||||
targetRevision: main
|
targetRevision: main
|
||||||
path: manifests/traefik
|
path: manifests/traefik
|
||||||
destination:
|
destination:
|
||||||
|
|
|
||||||
14
manifests/cert-manager/hetzner-secret.yaml
Normal file
14
manifests/cert-manager/hetzner-secret.yaml
Normal file
|
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
apiVersion: bitnami.com/v1alpha1
|
||||||
|
kind: SealedSecret
|
||||||
|
metadata:
|
||||||
|
name: hetzner-secret
|
||||||
|
namespace: cert-manager
|
||||||
|
spec:
|
||||||
|
encryptedData:
|
||||||
|
api-token: AgBttsC0QEcJNHaLlNT6QFQzXGDeb8EJtRiQaFisGGsBmEw+Q+mwjg+9QSMqzfP7Ux8NZnUPrrFvzkYeE6AojzQEGhDAaOCBbIss/rPzr2ZYIRKLWtHJywT+pWkT4N9k6SnG6cxCI+GUw7UToSuTlVu14w9uQq1wvxrRcl6XyjmlBUr8ubOCKq9RyOJ9n408K5/7J/jdx+E2roqXo6KfDBDZFdwrQhLHmp4zAuRLTL4vdftkb7jqPyspb8fuQpcKeIrJ2yaVdw2OPkMXtQgWXjereTKyHti/3h4tAP+GlPaxV93ffPeP3j048K4SJVHW2ndm3lxA2z3LDS07+pCXKDfLwU8jiQggKUVDMEXr1zR9Ve027os0oLD9BHUHofoOSF5YLR1nTxB4PWQYXGIuoIiJDEhYZF3HQ8Q+4ZDHL9pNs6AQuoMIO4mWNPYgY5iPsGL8XKjVDafcg2qQTphz7rz3+LW3GBSzLK19vasWcgLNKZQ1iYd9d9N18+KvmJSKVCEm9OI8IA+cUSrt9HzuVfukqBr1rjFqNM9LpihR3RIve9XMI7Gj3Nd8PcpYKg6kpHxRLN6/ORNKWXaooNV+CDqfcJIkW0tLfr/VcOcvIGOKS9d5ysuy/6JEZNpU8IrKtb1oL9PW5ShtWkxQvBKL0ndnM9LMQBRIOXkIOaqomEx2MgRsZkwyEnWqzx1kpRNDLmB5ueyjWpDXOFpocf9ACzrnKb1mwuTWjVh3rBjKY9A2RY4n1UFgNd/1XVk/V4FtGfK6QdnubSaMlSaFEtOtTkEd
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
name: hetzner-secret
|
||||||
|
namespace: cert-manager
|
||||||
|
type: Opaque
|
||||||
|
|
@ -29,6 +29,8 @@ spec:
|
||||||
value: "false"
|
value: "false"
|
||||||
- name: FORGEJO__service__REGISTER_MANUAL_CONFIRM
|
- name: FORGEJO__service__REGISTER_MANUAL_CONFIRM
|
||||||
value: "true"
|
value: "true"
|
||||||
|
- name: FORGEJO__server__ROOT_URL
|
||||||
|
value: "https://forgejo.libretalk.eu"
|
||||||
volumes:
|
volumes:
|
||||||
- name: data
|
- name: data
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
|
|
|
||||||
|
|
@ -14,7 +14,11 @@ spec:
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- name: runner
|
- name: runner
|
||||||
|
<<<<<<< HEAD
|
||||||
|
image: forgejo.libretalk.eu/jad0s/forgejo-runner:latest
|
||||||
|
=======
|
||||||
image: code.forgejo.org/forgejo/runner:3.5.1
|
image: code.forgejo.org/forgejo/runner:3.5.1
|
||||||
|
>>>>>>> e1bf8ad (fix(forgejo): remove extra indentation)
|
||||||
command:
|
command:
|
||||||
- sh
|
- sh
|
||||||
- -c
|
- -c
|
||||||
|
|
@ -24,7 +28,7 @@ spec:
|
||||||
--instance ${FORGEJO_INSTANCE_URL} \
|
--instance ${FORGEJO_INSTANCE_URL} \
|
||||||
--token ${FORGEJO_RUNNER_REGISTRATION_TOKEN} \
|
--token ${FORGEJO_RUNNER_REGISTRATION_TOKEN} \
|
||||||
--name ${FORGEJO_RUNNER_NAME} \
|
--name ${FORGEJO_RUNNER_NAME} \
|
||||||
--labels docker:docker://alpine:latest && \
|
--labels docker:docker://forgejo.libretalk.eu/jad0s/ci-runner:latest && \
|
||||||
sleep 5 && \
|
sleep 5 && \
|
||||||
forgejo-runner daemon
|
forgejo-runner daemon
|
||||||
env:
|
env:
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue