Adrien/projects-platform
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add woodpecker CI/CD

Browse Source
This commit is contained in:
Adrien
2024-02-11 11:51:39 +01:00
parent 52f68f8eb7
commit 4643d14df3
5 changed files with 316 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
init.sh
View File

@@ -108,3 +108,50 @@ kubectl apply -f observability.yaml -n observability
kubectl apply -f carrramba-cert.yaml
kubectl apply -f carrramba-encore-rate-deployment.yaml
# Install NFS server provisioner
helm repo add stable https://charts.helm.sh/stable
helm repo update
helm install nfs-server stable/nfs-server-provisioner --set persistence.enabled=true,persistence.storageClass=scw-bssd,persistence.size=10Gi
# Install CICD
vault write database/config/cicd_woodpecker \
plugin_name=postgresql-database-plugin \
verify_connection=false \
allowed_roles="*" \
connection_url="postgresql://{{username}}:{{password}}@postgres:5432/cicd_woodpecker?sslmode=disable" \
username="postgres" \
password="password"
vault policy write cicd-woodpecker-server vault-cicd-woodpecker-server-policy.hcl
vault policy write cicd-woodpecker-agent vault-cicd-woodpecker-agent-policy.hcl
vault write --force /database/rotate-root/cicd_woodpecker
vault write database/roles/cicd-woodpecker-server \
db_name=cicd_woodpecker \
creation_statements="CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; \
ALTER ROLE \"{{name}}\" SUPERUSER;" \
revocation_statements="ALTER ROLE \"{{name}}\" NOLOGIN;"\
default_ttl="768h" \
max_ttl="768h"
# default_ttl="1h" \
# max_ttl="24h"
vault write auth/kubernetes/role/cicd-woodpecker-server \
bound_service_account_names=woodpecker-server \
bound_service_account_namespaces=cicd \
policies=cicd-woodpecker-server \
ttl=1h
vault write auth/kubernetes/role/cicd-woodpecker-agent \
bound_service_account_names=woodpecker-agent \
bound_service_account_namespaces=cicd \
policies=cicd-woodpecker-agent \
ttl=1h
vault secrets enable -path=cicd-woodpecker-server -description="CI/CD Woodpecker server secrets" kv
vault kv put cicd-woodpecker-server/oauth2-secret key=$(pass dev/git.adrien.run/woodpecker-ci-oauth2-secret)
vault kv put cicd-woodpecker-server/oauth2-id key=$(pass dev/git.adrien.run/woodpecker-ci-oauth2-id)
vault secrets enable -path=cicd-woodpecker -description="CI/CD Woodpecker server secrets" kv
vault kv put cicd-woodpecker/agent-secret key=$(pass dev/git.adrien.run/woodpecker-ci-agent-secret)