From a05a7594898069870748a5c45939711daa8f80e7 Mon Sep 17 00:00:00 2001 From: ange Date: Wed, 22 May 2024 18:15:31 +0200 Subject: [PATCH] feat: renovatebot --- app.ini => config/app.ini | 0 manifests/bin/deploy.sh | 24 +++++++++++------------- manifests/common/renovate.yaml | 31 +++++++++++++++++++++++++++++++ 3 files changed, 42 insertions(+), 13 deletions(-) rename app.ini => config/app.ini (100%) create mode 100644 manifests/common/renovate.yaml diff --git a/app.ini b/config/app.ini similarity index 100% rename from app.ini rename to config/app.ini diff --git a/manifests/bin/deploy.sh b/manifests/bin/deploy.sh index 5288b75..f11015f 100755 --- a/manifests/bin/deploy.sh +++ b/manifests/bin/deploy.sh @@ -42,8 +42,8 @@ export POSTGRES_DB; POSTGRES_DB="$(kgseckey postgres-app dbname)" export POSTGRES_USER; POSTGRES_USER="$(kgseckey postgres-app user)" export POSTGRES_PASSWORD; POSTGRES_PASSWORD="$(kgseckey postgres-app password)" -export GITEA_USERNAME="$(kgseckey gitea-admin username || echo gitea)" -export GITEA_PASSWORD="$(kgseckey gitea-admin password || openssl rand -hex 32)" +GITEA_USERNAME="$(kgseckey gitea-admin username || echo gitea)" +GITEA_PASSWORD="$(kgseckey gitea-admin password || openssl rand -hex 32)" kcreatesec gitea-admin \ --from-literal=email="gitea@$BASE_URL" \ @@ -55,7 +55,7 @@ kcreatesec gitea-secrets \ --from-literal=internal_token="$(kgseckey gitea-secrets internal_token || openssl rand -hex 32)" kcreatecm gitea \ - --from-file=app.ini=<(envsubst "$(env | xargs printf '$%s ')" < app.ini) + --from-file=app.ini=<(envsubst "$(env | xargs printf '$%s ')" < config/app.ini) kapply common/job.yaml \ common/redis.yaml \ @@ -65,14 +65,12 @@ kubectl rollout restart statefulset app kubectl rollout status sts app -for i in {0..9}; do - RUNNER_TOKEN="$(kubectl exec app-0 -- curl -sS "http://$GITEA_USERNAME:$GITEA_PASSWORD@app/api/v1/admin/runners/registration-token" | jq -r '.token // empty' || true)" +RUNNER_TOKEN="$(kgseckey runner-secret token || kubectl exec app-0 -- gitea actions generate-runner-token)" +kcreatesec runner-secret --from-literal=token="$RUNNER_TOKEN" - if [ -n "$RUNNER_TOKEN" ]; then - kcreatesec runner-secret --from-literal=token="$RUNNER_TOKEN" - kapply common/runner.yaml - kubectl rollout restart statefulset runner - break - fi - sleep 5 -done +RENOVATE_TOKEN="$(kgseckey renovate-secret token || kubectl exec app-0 -- gitea admin user generate-access-token --username "$GITEA_USERNAME" --token-name RENOVATE --scopes 'write:repository,read:user,write:issue,read:organization' | grep -o '[a-f0-9]\+$')" +kcreatesec renovate-secret --from-literal=token="$RENOVATE_TOKEN" + +kapply common/runner.yaml common/renovate.yaml + +kubectl rollout restart statefulset runner diff --git a/manifests/common/renovate.yaml b/manifests/common/renovate.yaml new file mode 100644 index 0000000..159e02c --- /dev/null +++ b/manifests/common/renovate.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + name: renovate +spec: + schedule: '0 0 * * 1' + concurrencyPolicy: Forbid + jobTemplate: + spec: + template: + spec: + restartPolicy: Never + containers: + - name: renovate + image: docker.io/renovate/renovate:slim + imagePullPolicy: Always + env: + - name: LOG_LEVEL + value: debug + - name: RENOVATE_AUTODISCOVER + value: 'true' + - name: RENOVATE_PLATFORM + value: gitea + - name: RENOVATE_ENDPOINT + value: "https://$BASE_URL/api/v1" + - name: RENOVATE_TOKEN + valueFrom: + secretKeyRef: + name: runner-secret + key: token