feat: renovatebot #2
@ -42,8 +42,8 @@ export POSTGRES_DB; POSTGRES_DB="$(kgseckey postgres-app dbname)"
|
||||
export POSTGRES_USER; POSTGRES_USER="$(kgseckey postgres-app user)"
|
||||
export POSTGRES_PASSWORD; POSTGRES_PASSWORD="$(kgseckey postgres-app password)"
|
||||
|
||||
export GITEA_USERNAME="$(kgseckey gitea-admin username || echo gitea)"
|
||||
export GITEA_PASSWORD="$(kgseckey gitea-admin password || openssl rand -hex 32)"
|
||||
GITEA_USERNAME="$(kgseckey gitea-admin username || echo gitea)"
|
||||
GITEA_PASSWORD="$(kgseckey gitea-admin password || openssl rand -hex 32)"
|
||||
|
||||
kcreatesec gitea-admin \
|
||||
--from-literal=email="gitea@$BASE_URL" \
|
||||
@ -55,7 +55,7 @@ kcreatesec gitea-secrets \
|
||||
--from-literal=internal_token="$(kgseckey gitea-secrets internal_token || openssl rand -hex 32)"
|
||||
|
||||
kcreatecm gitea \
|
||||
--from-file=app.ini=<(envsubst "$(env | xargs printf '$%s ')" < app.ini)
|
||||
--from-file=app.ini=<(envsubst "$(env | xargs printf '$%s ')" < config/app.ini)
|
||||
|
||||
kapply common/job.yaml \
|
||||
common/redis.yaml \
|
||||
@ -65,14 +65,12 @@ kubectl rollout restart statefulset app
|
||||
|
||||
kubectl rollout status sts app
|
||||
|
||||
for i in {0..9}; do
|
||||
RUNNER_TOKEN="$(kubectl exec app-0 -- curl -sS "http://$GITEA_USERNAME:$GITEA_PASSWORD@app/api/v1/admin/runners/registration-token" | jq -r '.token // empty' || true)"
|
||||
RUNNER_TOKEN="$(kgseckey runner-secret token || kubectl exec app-0 -- gitea actions generate-runner-token)"
|
||||
kcreatesec runner-secret --from-literal=token="$RUNNER_TOKEN"
|
||||
|
||||
if [ -n "$RUNNER_TOKEN" ]; then
|
||||
kcreatesec runner-secret --from-literal=token="$RUNNER_TOKEN"
|
||||
kapply common/runner.yaml
|
||||
kubectl rollout restart statefulset runner
|
||||
break
|
||||
fi
|
||||
sleep 5
|
||||
done
|
||||
RENOVATE_TOKEN="$(kgseckey renovate-secret token || kubectl exec app-0 -- gitea admin user generate-access-token --username "$GITEA_USERNAME" --token-name RENOVATE --scopes 'write:repository,read:user,write:issue,read:organization' | grep -o '[a-f0-9]\+$')"
|
||||
kcreatesec renovate-secret --from-literal=token="$RENOVATE_TOKEN"
|
||||
|
||||
kapply common/runner.yaml common/renovate.yaml
|
||||
|
||||
kubectl rollout restart statefulset runner
|
||||
|
31
manifests/common/renovate.yaml
Normal file
31
manifests/common/renovate.yaml
Normal file
@ -0,0 +1,31 @@
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: CronJob
|
||||
metadata:
|
||||
name: renovate
|
||||
spec:
|
||||
schedule: '0 0 * * 1'
|
||||
concurrencyPolicy: Forbid
|
||||
jobTemplate:
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
restartPolicy: Never
|
||||
containers:
|
||||
- name: renovate
|
||||
image: docker.io/renovate/renovate:slim
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: LOG_LEVEL
|
||||
value: debug
|
||||
- name: RENOVATE_AUTODISCOVER
|
||||
value: 'true'
|
||||
- name: RENOVATE_PLATFORM
|
||||
value: gitea
|
||||
- name: RENOVATE_ENDPOINT
|
||||
value: "https://$BASE_URL/api/v1"
|
||||
- name: RENOVATE_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: runner-secret
|
||||
key: token
|
Loading…
Reference in New Issue
Block a user