deploy

.gitignore

@@ -0,0 +1 @@
+deployment/secrets.txt

.woodpecker.yml

@@ -0,0 +1,36 @@
+steps:
+  build:
+    image: plugins/kaniko
+    settings:
+      repo: ${FORGE_NAME}/${CI_REPO}
+      registry:
+        from_secret: container_registry
+      tags: latest,${CI_COMMIT_SHA},${CI_COMMIT_TAG}
+      username:
+        from_secret: container_registry_username
+      password:
+        from_secret: container_registry_password
+      dockerfile: Dockerfile
+    when:
+      - event: [push, tag]
+  scan_image:
+    image: aquasec/trivy
+    commands:
+      - trivy image $FORGE_NAME/$CI_REPO:$CI_COMMIT_SHA --quiet --exit-code 1
+    when:
+      - event: [push, tag]
+  deploy:
+    image: quay.io/wollud1969/k8s-admin-helper:0.1.3
+    environment:
+      KUBE_CONFIG_CONTENT:
+        from_secret: kube_config
+      GPG_PASSPHRASE:
+        from_secret: gpg_passphrase
+    commands:
+      - export IMAGE_TAG=$CI_COMMIT_TAG
+      - printf "$KUBE_CONFIG_CONTENT" > /tmp/kubeconfig
+      - export KUBECONFIG=/tmp/kubeconfig
+      - ./deployment/deploy.sh
+    when:
+      - event: tag
+

deployment/deploy-yml.tmpl

@@ -0,0 +1,16 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: pv-energy-calculator
+spec:
+  schedule: "1 1 * * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+            - name: pv-energy-calculator
+              image: %IMAGE%
+              envFrom:
+                - secretRef:
+                    name: pv-energy-calculator

deployment/deploy.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+
+if [ "$IMAGE_TAG" == "" ]; then
+  echo "Make sure IMAGE_TAG is set"
+  exit 1
+fi
+if [ "$GPG_PASSPHRASE" == "" ]; then
+  echo "Make sure GPG_PASSPHRASE is set"
+  exit 1
+fi
+
+IMAGE_NAME=gitea.hottis.de/wn/pv-energy-calculator
+NAMESPACE=homea
+DEPLOYMENT_DIR=$PWD/deployment
+
+pushd $DEPLOYMENT_DIR > /dev/null
+SECRETS_FILE=`mktemp`
+pwd
+id
+echo $HOME
+gpg --decrypt --passphrase $GPG_PASSPHRASE --yes --batch --homedir /tmp/.gnupg --output $SECRETS_FILE secrets.asc
+. $SECRETS_FILE
+rm $SECRETS_FILE
+
+kubectl create namespace $NAMESPACE \
+  --dry-run=client \
+  -o yaml | \
+  kubectl -f - apply
+
+kubectl create secret generic pv-energy-calculator \
+  --dry-run=client \
+  -o yaml \
+  --save-config \
+  --from-literal=PGPASSWORD="$PGPASSWORD" \
+  kubectl apply -f - -n $NAMESPACE
+
+cat $DEPLOYMENT_DIR/deploy-yml.tmpl | \
+  sed -e 's,%IMAGE%,'$IMAGE_NAME':'$IMAGE_TAG','g | \
+  kubectl apply -f - -n $NAMESPACE
+
+popd > /dev/null
+
+

deployment/secrets.asc

@@ -0,0 +1,7 @@
+-----BEGIN PGP MESSAGE-----
+
+jA0ECQMIVw/NpawXlvj80mwBJYibjsXHXqgIV4lUIoQt//i2pZQjVXAGT5I+QTCy
+UGv46tNuY3UtvbMyZI4lVHd/FMYvcAlHAYwzy09xojQTrzQoyvGG2lO0O5wfVn2M
+Bj3oiUY4yqLF8FSiotSfFNRJAluifUtyk7onK8Q=
+=sY15
+-----END PGP MESSAGE-----