From 99fc340efc53c563af620ef54b41c2719c8885eb Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 14:40:31 +0200 Subject: [PATCH] ci: deploy forgejo runner with flux cd --- apps/forgejo-runner/helmrelease.yaml | 27 ++++++++++++++ apps/forgejo-runner/kustomization.yaml | 5 +++ apps/forgejo-runner/runner-secret.yaml | 35 +++++++++++++++++++ apps/kustomization.yaml | 1 + clusters/production/forgejo-runner.yaml | 16 +++++++++ clusters/production/kustomization.yaml | 1 + .../ocirepositories/forgejo-runner.yaml | 8 +++++ 7 files changed, 93 insertions(+) create mode 100644 apps/forgejo-runner/helmrelease.yaml create mode 100644 apps/forgejo-runner/kustomization.yaml create mode 100644 apps/forgejo-runner/runner-secret.yaml create mode 100644 clusters/production/forgejo-runner.yaml create mode 100644 infrastructure/ocirepositories/forgejo-runner.yaml diff --git a/apps/forgejo-runner/helmrelease.yaml b/apps/forgejo-runner/helmrelease.yaml new file mode 100644 index 0000000..f0969de --- /dev/null +++ b/apps/forgejo-runner/helmrelease.yaml @@ -0,0 +1,27 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: forgejo-runner + namespace: forgejo +spec: + interval: 15m + chart: + spec: + chart: forgejo-runner + version: "0.4.28" + sourceRef: + kind: OCIRepository + name: forgejo-runner + namespace: flux-system + values: + forgejo: + url: "https://git.patanix.de" + tokenSecretName: forgejo-runner-token + dind: + enabled: true + # Optional: Runner-Name, Labels, Ressourcen etc. + # name: "my-runner" + # labels: + # - "docker" + # - "k8s" + diff --git a/apps/forgejo-runner/kustomization.yaml b/apps/forgejo-runner/kustomization.yaml new file mode 100644 index 0000000..f2dd991 --- /dev/null +++ b/apps/forgejo-runner/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - runner-secret.yaml + - helmrelease.yaml diff --git a/apps/forgejo-runner/runner-secret.yaml b/apps/forgejo-runner/runner-secret.yaml new file mode 100644 index 0000000..378fb33 --- /dev/null +++ b/apps/forgejo-runner/runner-secret.yaml @@ -0,0 +1,35 @@ +apiVersion: v1 +kind: Secret +metadata: + name: forgejo-runner-token + namespace: forgejo +type: Opaque +stringData: + token: ENC[AES256_GCM,data:uwGkYaziWJ9pNPR2LuEr7+yWU+b2Jp6YnXPDbV8TEyjC/NegAvcfhQ==,iv:Fou5Z/ZjINmQgFIFCoMeHoDP8O6kAzZs/ZrRdttaVzA=,tag:oaM95SQ/NAq6T9CLIqtsCQ==,type:str] +sops: + lastmodified: "2025-05-26T12:30:10Z" + mac: ENC[AES256_GCM,data:KyZi4zu9fUFtyGsxEhS7I2nWEL8eRggczeKyAAstTdfiXSTeyGFFWhu6u5MbtobqYsoSrxc5UbYNJKj8LEIEZtW5cfHgFcebkFu9LSKfgkqTbyJUqivurmXPxYrN/03N/xYvCK5yNA3hLJ1VG9UBTIxduGnfEah4gy079Z5z8H0=,iv:otP6yM2s/DeLZ/kH4I1Vct4cJ2fpl3A2qD0K6MNMSKE=,tag:kA6fKLWKYkbILxfG7q5JUQ==,type:str] + pgp: + - created_at: "2025-05-26T12:30:10Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxd/Yh1BfDklAQ/+IxTzk0xWdqnDbi13ymMGmyog2Z+cdfLtDqLN8A/bLPiL + EBtU8y2GOGJSWz28fXkTWSgXk7OqW2C8vGQ3EQTat88IDhnU0u+k6qSOb8QlpPD+ + hR/+EJOw9mlu/BCrja+Qv0uLa9z/jkTispWfZBdnPOzgqwRySk7X2pQcbzwubHLB + vRUvkznN5maOA4hBB2vjK8D5C3d8C3C6uwmq14SVRY1RAwGbq1q/OYgdGb8/QurQ + Ob5zRVWs35DFoAH4DxCro0pAwgBbTs+sXjFuTNo0aLoxHoMGV0511VC+biZDUWVp + qqT6jHbscQqRJqg2NFL5vAWn/mKsL3qTqeVhatHUraS/WNe8vA/brQxRbI8r+Sdh + /uGKtvIyKfUSTeNAXotOGiQCHlp98icRNemV1vFNS3Uq6qw4Pd5qomyPODv+3za2 + Sk0l1gWxwF2MOdbaf8tTJyXrXjN1RQsL9C68DUVdPggqVoD01euIrej6Obo/u9wq + qQXD7XtfsP2AjUvEwpXJnxVhn5Az5ZIEzmyyxzGpduojPTCxOPNwWIzS6IJmxd+L + tKgSePkFsL32SRM2l1ZSV58bUePkT1QArndyG6+kZnTZCyLz7lCuq/ETIyj6yMpV + b3ICKCwssEiAZAwG/+cYDIjUuvKt4wLNCFHAdqeDI38W+zrN4KNe291PnuxZEenU + aAEJAhCbe3AToXHZr8YvDbylOyk6egwQ+or7ofWANh3pjoF8Sk1Bo3d6Uch8bYsn + Pg1Ft4j9df4Yp5AKlRu3cdmsrm1MTkpsD0hIBqoQDEcsIiaHXFG7fwftPtES80vO + NsfThf7f4T/o + =4A1/ + -----END PGP MESSAGE----- + fp: F20CF3DE0B4ACDFCAF07A9D76399FB237185E764 + encrypted_regex: ^(data|stringData)$ + version: 3.10.2 diff --git a/apps/kustomization.yaml b/apps/kustomization.yaml index 1bed5d0..7928324 100644 --- a/apps/kustomization.yaml +++ b/apps/kustomization.yaml @@ -4,3 +4,4 @@ resources: - home-assistant/ - kitchenowl/ - forgejo/ + - forgejo-runner/ diff --git a/clusters/production/forgejo-runner.yaml b/clusters/production/forgejo-runner.yaml new file mode 100644 index 0000000..3d27676 --- /dev/null +++ b/clusters/production/forgejo-runner.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: forgejo + namespace: flux-system +spec: + interval: 10m + path: ../../apps/forgejo-runner + prune: true + sourceRef: + kind: GitRepository + name: flux-system + decryption: + provider: sops + secretRef: + name: sops-gpg diff --git a/clusters/production/kustomization.yaml b/clusters/production/kustomization.yaml index 2488197..d31dc1e 100644 --- a/clusters/production/kustomization.yaml +++ b/clusters/production/kustomization.yaml @@ -4,6 +4,7 @@ resources: - cert-manager.yaml - kitchenowl.yaml - forgejo.yaml + - forgejo-runner.yaml - ocirepository.yaml - ../../infrastructure - ../../apps diff --git a/infrastructure/ocirepositories/forgejo-runner.yaml b/infrastructure/ocirepositories/forgejo-runner.yaml new file mode 100644 index 0000000..8521b64 --- /dev/null +++ b/infrastructure/ocirepositories/forgejo-runner.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: OCIRepository +metadata: + name: forgejo-runner + namespace: flux-system +spec: + interval: 30m + url: oci://codeberg.org/wrenix/helm-charts