From 9dbb56f30af302b4637815ac27c2bdd92bb6cd39 Mon Sep 17 00:00:00 2001 From: Wolfgang Hottgenroth Date: Fri, 24 Jan 2025 13:55:49 +0100 Subject: [PATCH] deploy --- .gitignore | 1 + .woodpecker.yml | 36 +++++++++++++++++++++++++++++++ deployment/deploy-yml.tmpl | 16 ++++++++++++++ deployment/deploy.sh | 43 ++++++++++++++++++++++++++++++++++++++ deployment/secrets.asc | 7 +++++++ 5 files changed, 103 insertions(+) create mode 100644 .gitignore create mode 100644 .woodpecker.yml create mode 100644 deployment/deploy-yml.tmpl create mode 100755 deployment/deploy.sh create mode 100644 deployment/secrets.asc diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f3768d6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +deployment/secrets.txt diff --git a/.woodpecker.yml b/.woodpecker.yml new file mode 100644 index 0000000..fd9dd32 --- /dev/null +++ b/.woodpecker.yml @@ -0,0 +1,36 @@ +steps: + build: + image: plugins/kaniko + settings: + repo: ${FORGE_NAME}/${CI_REPO} + registry: + from_secret: container_registry + tags: latest,${CI_COMMIT_SHA},${CI_COMMIT_TAG} + username: + from_secret: container_registry_username + password: + from_secret: container_registry_password + dockerfile: Dockerfile + when: + - event: [push, tag] + scan_image: + image: aquasec/trivy + commands: + - trivy image $FORGE_NAME/$CI_REPO:$CI_COMMIT_SHA --quiet --exit-code 1 + when: + - event: [push, tag] + deploy: + image: quay.io/wollud1969/k8s-admin-helper:0.1.3 + environment: + KUBE_CONFIG_CONTENT: + from_secret: kube_config + GPG_PASSPHRASE: + from_secret: gpg_passphrase + commands: + - export IMAGE_TAG=$CI_COMMIT_TAG + - printf "$KUBE_CONFIG_CONTENT" > /tmp/kubeconfig + - export KUBECONFIG=/tmp/kubeconfig + - ./deployment/deploy.sh + when: + - event: tag + diff --git a/deployment/deploy-yml.tmpl b/deployment/deploy-yml.tmpl new file mode 100644 index 0000000..f232363 --- /dev/null +++ b/deployment/deploy-yml.tmpl @@ -0,0 +1,16 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: pv-energy-calculator +spec: + schedule: "1 1 * * *" + jobTemplate: + spec: + template: + spec: + containers: + - name: pv-energy-calculator + image: %IMAGE% + envFrom: + - secretRef: + name: pv-energy-calculator diff --git a/deployment/deploy.sh b/deployment/deploy.sh new file mode 100755 index 0000000..6cec4a8 --- /dev/null +++ b/deployment/deploy.sh @@ -0,0 +1,43 @@ +#!/bin/bash + +if [ "$IMAGE_TAG" == "" ]; then + echo "Make sure IMAGE_TAG is set" + exit 1 +fi +if [ "$GPG_PASSPHRASE" == "" ]; then + echo "Make sure GPG_PASSPHRASE is set" + exit 1 +fi + +IMAGE_NAME=gitea.hottis.de/wn/pv-energy-calculator +NAMESPACE=homea +DEPLOYMENT_DIR=$PWD/deployment + +pushd $DEPLOYMENT_DIR > /dev/null +SECRETS_FILE=`mktemp` +pwd +id +echo $HOME +gpg --decrypt --passphrase $GPG_PASSPHRASE --yes --batch --homedir /tmp/.gnupg --output $SECRETS_FILE secrets.asc +. $SECRETS_FILE +rm $SECRETS_FILE + +kubectl create namespace $NAMESPACE \ + --dry-run=client \ + -o yaml | \ + kubectl -f - apply + +kubectl create secret generic pv-energy-calculator \ + --dry-run=client \ + -o yaml \ + --save-config \ + --from-literal=PGPASSWORD="$PGPASSWORD" \ + kubectl apply -f - -n $NAMESPACE + +cat $DEPLOYMENT_DIR/deploy-yml.tmpl | \ + sed -e 's,%IMAGE%,'$IMAGE_NAME':'$IMAGE_TAG','g | \ + kubectl apply -f - -n $NAMESPACE + +popd > /dev/null + + diff --git a/deployment/secrets.asc b/deployment/secrets.asc new file mode 100644 index 0000000..f915804 --- /dev/null +++ b/deployment/secrets.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP MESSAGE----- + +jA0ECQMIVw/NpawXlvj80mwBJYibjsXHXqgIV4lUIoQt//i2pZQjVXAGT5I+QTCy +UGv46tNuY3UtvbMyZI4lVHd/FMYvcAlHAYwzy09xojQTrzQoyvGG2lO0O5wfVn2M +Bj3oiUY4yqLF8FSiotSfFNRJAluifUtyk7onK8Q= +=sY15 +-----END PGP MESSAGE-----