gitea/manifests/bin/deploy.sh

88 lines
2.9 KiB
Bash
Raw Normal View History

2024-05-10 09:36:32 +00:00
#!/bin/bash -e
set -o pipefail
function kapply() {
for f in "$@"; do
kubectl apply -f \
<(envsubst "$(env | xargs printf '$%s ')" < "manifests/$f")
done
}
function kcreatesec() {
kubectl create secret generic --save-config --dry-run=client -oyaml "$@" | kubectl apply -f-
}
function kcreatecm() {
kubectl create configmap --dry-run=client -oyaml "$@" | kubectl apply -f-
}
function kgseckey() {
local sec="$1"; shift
local key="$1"; shift
local ret
2024-05-10 09:36:32 +00:00
ret="$(kubectl get secret "$sec" -o jsonpath="{.data.$key}" | base64 -d)"
2024-06-05 09:45:48 +00:00
if [ "$?" -ne 0 ] || [ -z "$ret" ]; then
return 1
fi
echo "$ret"
2024-05-10 09:36:32 +00:00
}
function kgcmkey() {
local cm="$1"; shift
local key="$1"; shift
local ret;
2024-05-10 09:36:32 +00:00
ret="$(kubectl get configmap "$cm" -o jsonpath="{.data.$key}")"
2024-06-05 09:45:48 +00:00
if [ "$?" -ne 0 ] || [ -z "$ret" ]; then
return 1
fi
echo "$ret"
2024-05-10 09:36:32 +00:00
}
kapply common/db.yaml
export REDIS_HOST=redis
export REDIS_DB=0
export REDIS_PORT=6379
export POSTGRES_HOST; POSTGRES_HOST="$(kgseckey postgres-app host)"
export POSTGRES_PORT; POSTGRES_PORT="$(kgseckey postgres-app port)"
export POSTGRES_DB; POSTGRES_DB="$(kgseckey postgres-app dbname)"
export POSTGRES_USER; POSTGRES_USER="$(kgseckey postgres-app user)"
export POSTGRES_PASSWORD; POSTGRES_PASSWORD="$(kgseckey postgres-app password)"
2024-05-22 16:15:31 +00:00
GITEA_USERNAME="$(kgseckey gitea-admin username || echo gitea)"
GITEA_PASSWORD="$(kgseckey gitea-admin password || openssl rand -hex 32)"
2024-05-15 16:48:27 +00:00
2024-05-10 09:36:32 +00:00
kcreatesec gitea-admin \
--from-literal=email="gitea@$BASE_URL" \
2024-05-15 16:48:27 +00:00
--from-literal=username="$GITEA_USERNAME" \
--from-literal=password="$GITEA_PASSWORD"
2024-05-10 09:36:32 +00:00
2024-05-22 16:21:43 +00:00
kcreatesec gitea \
2024-06-05 10:30:32 +00:00
--from-literal=secret_key="$(kgseckey gitea secret_key || kubectl run -i --rm --image "$IMAGEAPP" "$RANDOM" gitea generate secret SECRET_KEY)" \
--from-literal=internal_token="$(kgseckey gitea internal_token || kubectl run -i --rm --image "$IMAGEAPP" "$RANDOM" gitea generate secret INTERNAL_TOKEN)" \
--from-literal=oauth2_jwt_secret="$(kgseckey gitea oauth2_jwt_secret || kubectl run -i --rm --image "$IMAGEAPP" "$RANDOM" gitea generate secret JWT_SECRET)"
2024-05-10 09:36:32 +00:00
2024-05-15 21:40:08 +00:00
kcreatecm gitea \
2024-05-22 16:15:31 +00:00
--from-file=app.ini=<(envsubst "$(env | xargs printf '$%s ')" < config/app.ini)
2024-05-10 09:36:32 +00:00
kapply common/job.yaml \
common/redis.yaml \
common/app.yaml
kubectl rollout restart statefulset app
2024-05-22 16:30:19 +00:00
kubectl wait --timeout=5m --for=condition=complete job/createadminuser
2024-05-15 16:48:27 +00:00
2024-05-22 16:21:43 +00:00
kcreatesec runner \
--from-literal=token="$(kgseckey runner token || kubectl exec app-0 -- gitea actions generate-runner-token)"
2024-05-22 16:15:31 +00:00
2024-05-22 16:21:43 +00:00
kcreatesec renovate \
--from-literal=token="$(kgseckey renovate token || kubectl exec app-0 -- gitea admin user generate-access-token --username "$GITEA_USERNAME" --token-name RENOVATE --scopes 'write:repository,read:user,write:issue,read:organization' | grep -o '[a-f0-9]\+$')"
2024-05-22 16:15:31 +00:00
kapply common/runner.yaml common/renovate.yaml
kubectl rollout restart statefulset runner