feat: renovatebot

2024-05-22 18:15:31 +02:00 · 2024-05-22 18:15:31 +02:00 · a05a759489
commit a05a759489
parent 3a96e92229
3 changed files with 42 additions and 13 deletions
--- a/config/app.ini
+++ b/config/app.ini
--- a/manifests/bin/deploy.sh
+++ b/manifests/bin/deploy.sh
@ -42,8 +42,8 @@ export POSTGRES_DB;       POSTGRES_DB="$(kgseckey postgres-app dbname)"
 export POSTGRES_USER;     POSTGRES_USER="$(kgseckey postgres-app user)"
 export POSTGRES_PASSWORD; POSTGRES_PASSWORD="$(kgseckey postgres-app password)"

-export GITEA_USERNAME="$(kgseckey gitea-admin username || echo gitea)"
-export GITEA_PASSWORD="$(kgseckey gitea-admin password || openssl rand -hex 32)"
+GITEA_USERNAME="$(kgseckey gitea-admin username || echo gitea)"
+GITEA_PASSWORD="$(kgseckey gitea-admin password || openssl rand -hex 32)"

 kcreatesec gitea-admin \
    --from-literal=email="gitea@$BASE_URL" \
@ -55,7 +55,7 @@ kcreatesec gitea-secrets \
    --from-literal=internal_token="$(kgseckey gitea-secrets internal_token || openssl rand -hex 32)"

 kcreatecm gitea \
-    --from-file=app.ini=<(envsubst "$(env | xargs printf '$%s ')" < app.ini)
+    --from-file=app.ini=<(envsubst "$(env | xargs printf '$%s ')" < config/app.ini)

 kapply common/job.yaml \
    common/redis.yaml \
@ -65,14 +65,12 @@ kubectl rollout restart statefulset app

 kubectl rollout status sts app

-for i in {0..9}; do
-    RUNNER_TOKEN="$(kubectl exec app-0 -- curl -sS "http://$GITEA_USERNAME:$GITEA_PASSWORD@app/api/v1/admin/runners/registration-token" | jq -r '.token // empty' || true)"
+RUNNER_TOKEN="$(kgseckey runner-secret token || kubectl exec app-0 -- gitea actions generate-runner-token)"
+kcreatesec runner-secret --from-literal=token="$RUNNER_TOKEN"

-    if [ -n "$RUNNER_TOKEN" ]; then
-        kcreatesec runner-secret --from-literal=token="$RUNNER_TOKEN"
-        kapply common/runner.yaml
-        kubectl rollout restart statefulset runner
-        break
-    fi
-    sleep 5
-done
+RENOVATE_TOKEN="$(kgseckey renovate-secret token || kubectl exec app-0 -- gitea admin user generate-access-token --username "$GITEA_USERNAME" --token-name RENOVATE --scopes 'write:repository,read:user,write:issue,read:organization' | grep -o '[a-f0-9]\+$')"
+kcreatesec renovate-secret --from-literal=token="$RENOVATE_TOKEN"
+
+kapply common/runner.yaml common/renovate.yaml
+
+kubectl rollout restart statefulset runner
--- a/manifests/common/renovate.yaml
+++ b/manifests/common/renovate.yaml
@ -0,0 +1,31 @@
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: renovate
+spec:
+  schedule: '0 0 * * 1'
+  concurrencyPolicy: Forbid
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          restartPolicy: Never
+          containers:
+            - name: renovate
+              image: docker.io/renovate/renovate:slim
+              imagePullPolicy: Always
+              env:
+                - name: LOG_LEVEL
+                  value: debug
+                - name: RENOVATE_AUTODISCOVER
+                  value: 'true'
+                - name: RENOVATE_PLATFORM
+                  value: gitea
+                - name: RENOVATE_ENDPOINT
+                  value: "https://$BASE_URL/api/v1"
+                - name: RENOVATE_TOKEN
+                  valueFrom:
+                    secretKeyRef:
+                      name: runner-secret
+                      key: token