#!/bin/bash -e set -o pipefail function kapply() { for f in "$@"; do kubectl apply -f <(envsubst < "manifests/$f") done }; export -f kapply function kcreatesec() { kubectl create secret generic --save-config --dry-run=client -oyaml "$@" | kubectl apply -f- }; export -f kcreatesec function kcreatecm() { kubectl create configmap --dry-run=client -oyaml "$@" | kubectl apply -f- }; export -f kcreatecm function kgseckey() { local sec="$1"; shift local key="$1"; shift if ! kubectl get secret "$sec" -ojson | jq -re ".data.\"$key\" // empty" | base64 -d; then return 1 fi }; export -f kgseckey function kgcmkey() { local cm="$1"; shift local key="$1"; shift if ! kubectl get configmap "$cm" -ojson | jq -re ".data.\"$key\" // empty"; then return 1 fi }; export -f kgcmkey kapply common/db.yaml export REDIS_HOST=valkey export REDIS_DB=0 export REDIS_PORT=6379 export POSTGRES_HOST; POSTGRES_HOST="$(kgseckey postgres-app host)" export POSTGRES_PORT; POSTGRES_PORT="$(kgseckey postgres-app port)" export POSTGRES_DB; POSTGRES_DB="$(kgseckey postgres-app dbname)" export POSTGRES_USER; POSTGRES_USER="$(kgseckey postgres-app user)" export POSTGRES_PASSWORD; POSTGRES_PASSWORD="$(kgseckey postgres-app password)" # shellcheck disable=SC1090,SC2016 . <(kubectl run -i --rm --image "docker.io/gitea/gitea:1.22.6-rootless" secrets -- bash <<< 'echo SECRET_KEY="$(gitea generate secret SECRET_KEY)" INTERNAL_TOKEN="$(gitea generate secret INTERNAL_TOKEN)" JWT_SECRET="$(gitea generate secret JWT_SECRET)"' | head -n1) kcreatesec gitea \ --from-literal=secret_key="$(kgseckey gitea secret_key || echo "$SECRET_KEY")" \ --from-literal=internal_token="$(kgseckey gitea internal_token || echo "$INTERNAL_TOKEN")" \ --from-literal=oauth2_jwt_secret="$(kgseckey gitea oauth2_jwt_secret || echo "$JWT_SECRET")" kcreatecm gitea \ --from-file=app.ini=<(envsubst < config/app.ini) kapply common/job.yaml \ common/valkey.yaml \ common/app.yaml kubectl rollout restart statefulset app kubectl rollout status statefulset app kubectl wait --timeout=5m --for=condition=complete job/migrate ./manifests/bin/createadmin.sh gitea ./manifests/bin/createadmin.sh renovate 'write:repository,read:user,write:issue,read:organization' kcreatesec runner \ --from-literal=token="$(kgseckey runner token || kubectl exec statefulset/app -- gitea actions generate-runner-token)" kapply common/runner.yaml common/renovate.yaml kubectl rollout restart statefulset runner