#!/bin/bash -e set -o pipefail function kapply() { for f in "$@"; do kubectl apply -f \ <(envsubst "$(env | xargs printf '$%s ')" < "manifests/$f") done } function kcreatesec() { kubectl create secret generic --save-config --dry-run=client -oyaml "$@" | kubectl apply -f- } function kcreatecm() { kubectl create configmap --dry-run=client -oyaml "$@" | kubectl apply -f- } function kgseckey() { local sec="$1"; shift local key="$1"; shift kubectl get secret "$sec" -o jsonpath="{.data.$key}" | base64 -d } function kgcmkey() { local cm="$1"; shift local key="$1"; shift kubectl get configmap "$cm" -o jsonpath="{.data.$key}" } kapply common/db.yaml export REDIS_HOST=redis export REDIS_DB=0 export REDIS_PORT=6379 export POSTGRES_HOST; POSTGRES_HOST="$(kgseckey postgres-app host)" export POSTGRES_PORT; POSTGRES_PORT="$(kgseckey postgres-app port)" export POSTGRES_DB; POSTGRES_DB="$(kgseckey postgres-app dbname)" export POSTGRES_USER; POSTGRES_USER="$(kgseckey postgres-app user)" export POSTGRES_PASSWORD; POSTGRES_PASSWORD="$(kgseckey postgres-app password)" export GITEA_USERNAME="$(kgseckey gitea-admin username || echo gitea)" export GITEA_PASSWORD="$(kgseckey gitea-admin password || openssl rand -hex 32)" kcreatesec gitea-admin \ --from-literal=email="gitea@$BASE_URL" \ --from-literal=username="$GITEA_USERNAME" \ --from-literal=password="$GITEA_PASSWORD" kcreatesec gitea-secrets \ --from-literal=secret_key="$(kgseckey gitea-secrets secret_key || openssl rand -hex 32)" \ --from-literal=internal_token="$(kgseckey gitea-secrets internal_token || openssl rand -hex 32)" kcreatecm gitea \ --from-file=app.ini=<(envsubst "$(env | xargs printf '$%s ')" < app.ini) kapply common/job.yaml \ common/redis.yaml \ common/app.yaml kubectl rollout restart statefulset app kubectl rollout status sts app for i in {0..9}; do RUNNER_TOKEN="$(kubectl exec app-0 -- curl -sS "http://$GITEA_USERNAME:$GITEA_PASSWORD@app/api/v1/admin/runners/registration-token" | jq -r '.token // empty' || true)" if [ -n "$RUNNER_TOKEN" ]; then kcreatesec runner-secret --from-literal=token="$RUNNER_TOKEN" kapply common/runner.yaml kubectl rollout restart statefulset runner break fi sleep 5 done