gmoker/gitea
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: renovatebot

Browse Source
This commit is contained in:
ange 2024-05-22 18:15:31 +02:00
parent 3a96e92229
commit a05a759489
Signed by: ange
GPG Key ID: 9E0C4157BB7BEB1D
3 changed files with 42 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
app.ini → config/app.ini
View File

24
manifests/bin/deploy.sh
View File

@ -42,8 +42,8 @@ export POSTGRES_DB; POSTGRES_DB="$(kgseckey postgres-app dbname)"
export POSTGRES_USER; POSTGRES_USER="$(kgseckey postgres-app user)" export POSTGRES_USER; POSTGRES_USER="$(kgseckey postgres-app user)"
export POSTGRES_PASSWORD; POSTGRES_PASSWORD="$(kgseckey postgres-app password)" export POSTGRES_PASSWORD; POSTGRES_PASSWORD="$(kgseckey postgres-app password)"
export GITEA_USERNAME="$(kgseckey gitea-admin username || echo gitea)" GITEA_USERNAME="$(kgseckey gitea-admin username || echo gitea)"
export GITEA_PASSWORD="$(kgseckey gitea-admin password || openssl rand -hex 32)" GITEA_PASSWORD="$(kgseckey gitea-admin password || openssl rand -hex 32)"
kcreatesec gitea-admin \ kcreatesec gitea-admin \
--from-literal=email="gitea@$BASE_URL" \ --from-literal=email="gitea@$BASE_URL" \
@ -55,7 +55,7 @@ kcreatesec gitea-secrets \
--from-literal=internal_token="$(kgseckey gitea-secrets internal_token || openssl rand -hex 32)" --from-literal=internal_token="$(kgseckey gitea-secrets internal_token || openssl rand -hex 32)"
kcreatecm gitea \ kcreatecm gitea \
--from-file=app.ini=<(envsubst "$(env | xargs printf '$%s ')" < app.ini) --from-file=app.ini=<(envsubst "$(env | xargs printf '$%s ')" < config/app.ini)
kapply common/job.yaml \ kapply common/job.yaml \
common/redis.yaml \ common/redis.yaml \
@ -65,14 +65,12 @@ kubectl rollout restart statefulset app
kubectl rollout status sts app kubectl rollout status sts app
for i in {0..9}; do RUNNER_TOKEN="$(kgseckey runner-secret token || kubectl exec app-0 -- gitea actions generate-runner-token)"
RUNNER_TOKEN="$(kubectl exec app-0 -- curl -sS "http://$GITEA_USERNAME:$GITEA_PASSWORD@app/api/v1/admin/runners/registration-token" | jq -r '.token // empty' || true)" kcreatesec runner-secret --from-literal=token="$RUNNER_TOKEN"
if [ -n "$RUNNER_TOKEN" ]; then RENOVATE_TOKEN="$(kgseckey renovate-secret token || kubectl exec app-0 -- gitea admin user generate-access-token --username "$GITEA_USERNAME" --token-name RENOVATE --scopes 'write:repository,read:user,write:issue,read:organization' | grep -o '[a-f0-9]\+$')"
kcreatesec runner-secret --from-literal=token="$RUNNER_TOKEN" kcreatesec renovate-secret --from-literal=token="$RENOVATE_TOKEN"
kapply common/runner.yaml
kubectl rollout restart statefulset runner kapply common/runner.yaml common/renovate.yaml
break
fi kubectl rollout restart statefulset runner
sleep 5
done

31
manifests/common/renovate.yaml Normal file
View File

@ -0,0 +1,31 @@
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: renovate
spec:
schedule: '0 0 * * 1'
concurrencyPolicy: Forbid
jobTemplate:
spec:
template:
spec:
restartPolicy: Never
containers:
- name: renovate
image: docker.io/renovate/renovate:slim
imagePullPolicy: Always
env:
- name: LOG_LEVEL
value: debug
- name: RENOVATE_AUTODISCOVER
value: 'true'
- name: RENOVATE_PLATFORM
value: gitea
- name: RENOVATE_ENDPOINT
value: "https://$BASE_URL/api/v1"
- name: RENOVATE_TOKEN
valueFrom:
secretKeyRef:
name: runner-secret
key: token