From 8d6269a8b104c3168ae877703e30a06ba1d19101 Mon Sep 17 00:00:00 2001 From: dementhorr Date: Tue, 9 Jan 2024 15:55:14 +0100 Subject: [PATCH] Refractored code --- .../gitea/actions/config-act-runner.yaml | 15 ++++ templates/gitea/actions/config-scripts.yaml | 14 ++++ .../{actions-job.yaml => actions/job.yaml} | 82 ------------------- templates/gitea/actions/role-job.yaml | 26 ++++++ templates/gitea/actions/rolebinding-job.yaml | 23 ++++++ templates/gitea/actions/secret-token.yaml | 22 +++++ .../gitea/actions/serviceaccount-job.yaml | 14 ++++ .../statefulset.yaml} | 15 +--- 8 files changed, 115 insertions(+), 96 deletions(-) create mode 100644 templates/gitea/actions/config-act-runner.yaml create mode 100644 templates/gitea/actions/config-scripts.yaml rename templates/gitea/{actions-job.yaml => actions/job.yaml} (62%) create mode 100644 templates/gitea/actions/role-job.yaml create mode 100644 templates/gitea/actions/rolebinding-job.yaml create mode 100644 templates/gitea/actions/secret-token.yaml create mode 100644 templates/gitea/actions/serviceaccount-job.yaml rename templates/gitea/{actions-statefulset.yaml => actions/statefulset.yaml} (92%) diff --git a/templates/gitea/actions/config-act-runner.yaml b/templates/gitea/actions/config-act-runner.yaml new file mode 100644 index 0000000..6f9423c --- /dev/null +++ b/templates/gitea/actions/config-act-runner.yaml @@ -0,0 +1,15 @@ +{{- if and (and .Values.actions.statefulset.enabled .Values.persistence.enabled) .Values.persistence.mount }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "gitea.fullname" . }}-act-runner-config + labels: + {{- include "gitea.labels" . | nindent 4 }} +data: + config.yaml: | + log: + level: debug + cache: + enabled: false +{{- end }} diff --git a/templates/gitea/actions/config-scripts.yaml b/templates/gitea/actions/config-scripts.yaml new file mode 100644 index 0000000..cbe5cdc --- /dev/null +++ b/templates/gitea/actions/config-scripts.yaml @@ -0,0 +1,14 @@ +{{- if and (and .Values.actions.job.enabled .Values.persistence.enabled) .Values.persistence.mount }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "gitea.fullname" . }}-scripts + labels: + {{- include "gitea.labels" . | nindent 4 }} + annotations: + # helm.sh/hook: post-install + # helm.sh/hook-delete-policy: hook-succeeded +data: +{{ (.Files.Glob "scripts/*.sh").AsConfig | indent 2 }} +{{- end }} diff --git a/templates/gitea/actions-job.yaml b/templates/gitea/actions/job.yaml similarity index 62% rename from templates/gitea/actions-job.yaml rename to templates/gitea/actions/job.yaml index 881fd83..4173f28 100644 --- a/templates/gitea/actions-job.yaml +++ b/templates/gitea/actions/job.yaml @@ -5,70 +5,6 @@ {{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }} {{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }} --- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "gitea.fullname" . }}-scripts - labels: - {{- include "gitea.labels" . | nindent 4 }} - annotations: - # helm.sh/hook: post-install - # helm.sh/hook-delete-policy: hook-succeeded -data: -{{ (.Files.Glob "scripts/*.sh").AsConfig | indent 2 }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ $name }} - labels: - {{- include "gitea.labels" . | nindent 4 }} - app.kubernetes.io/component: token-job - annotations: - # helm.sh/hook: post-install - # helm.sh/hook-delete-policy: hook-succeeded ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ $name }} - labels: - {{- include "gitea.labels" . | nindent 4 }} - app.kubernetes.io/component: token-job - annotations: - # helm.sh/hook: post-install - # helm.sh/hook-delete-policy: hook-succeeded -rules: - - apiGroups: - - "" - resources: - - secrets - resourceNames: - - {{ $secretName }} - verbs: - - get - - update - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ $name }} - labels: - {{- include "gitea.labels" . | nindent 4 }} - app.kubernetes.io/component: token-job - annotations: - # helm.sh/hook: post-install - # helm.sh/hook-delete-policy: hook-succeeded -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ $name }} -subjects: - - kind: ServiceAccount - name: {{ $name }} - namespace: {{ .Release.Namespace }} ---- apiVersion: batch/v1 kind: Job metadata: @@ -154,22 +90,4 @@ spec: parallelism: 1 completions: 1 backoffLimit: 1 ---- -apiVersion: v1 -kind: Secret -metadata: - annotations: - # helm.sh/hook: post-install - # helm.sh/hook-delete-policy: never - argocd.argoproj.io/hook: Skip - argocd.argoproj.io/hook-delete-policy: Never - name: {{ $secretName }} - labels: - {{- include "gitea.labels" . | nindent 4 }} - app.kubernetes.io/component: token-job -{{ $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) -}} -{{ if $secret -}} -data: - token: {{ (b64dec (index $secret.data "token")) | b64enc }} -{{ end -}} {{- end }} diff --git a/templates/gitea/actions/role-job.yaml b/templates/gitea/actions/role-job.yaml new file mode 100644 index 0000000..6f4ab74 --- /dev/null +++ b/templates/gitea/actions/role-job.yaml @@ -0,0 +1,26 @@ +{{- if and (and .Values.actions.job.enabled .Values.persistence.enabled) .Values.persistence.mount }} +{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }} +{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ $name }} + labels: + {{- include "gitea.labels" . | nindent 4 }} + app.kubernetes.io/component: token-job + annotations: + # helm.sh/hook: post-install + # helm.sh/hook-delete-policy: hook-succeeded +rules: + - apiGroups: + - "" + resources: + - secrets + resourceNames: + - {{ $secretName }} + verbs: + - get + - update + - patch +{{- end }} diff --git a/templates/gitea/actions/rolebinding-job.yaml b/templates/gitea/actions/rolebinding-job.yaml new file mode 100644 index 0000000..be2d2de --- /dev/null +++ b/templates/gitea/actions/rolebinding-job.yaml @@ -0,0 +1,23 @@ +{{- if and (and .Values.actions.job.enabled .Values.persistence.enabled) .Values.persistence.mount }} +{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }} +{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ $name }} + labels: + {{- include "gitea.labels" . | nindent 4 }} + app.kubernetes.io/component: token-job + annotations: + # helm.sh/hook: post-install + # helm.sh/hook-delete-policy: hook-succeeded +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ $name }} +subjects: + - kind: ServiceAccount + name: {{ $name }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/templates/gitea/actions/secret-token.yaml b/templates/gitea/actions/secret-token.yaml new file mode 100644 index 0000000..e2b1e12 --- /dev/null +++ b/templates/gitea/actions/secret-token.yaml @@ -0,0 +1,22 @@ +{{- if and (and .Values.actions.job.enabled .Values.persistence.enabled) .Values.persistence.mount }} +{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }} +{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }} +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + # helm.sh/hook: post-install + # helm.sh/hook-delete-policy: never + argocd.argoproj.io/hook: Skip + argocd.argoproj.io/hook-delete-policy: Never + name: {{ $secretName }} + labels: + {{- include "gitea.labels" . | nindent 4 }} + app.kubernetes.io/component: token-job +{{ $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) -}} +{{ if $secret -}} +data: + token: {{ (b64dec (index $secret.data "token")) | b64enc }} +{{ end -}} +{{- end }} diff --git a/templates/gitea/actions/serviceaccount-job.yaml b/templates/gitea/actions/serviceaccount-job.yaml new file mode 100644 index 0000000..5731c0c --- /dev/null +++ b/templates/gitea/actions/serviceaccount-job.yaml @@ -0,0 +1,14 @@ +{{- if and (and .Values.actions.job.enabled .Values.persistence.enabled) .Values.persistence.mount }} +{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ $name }} + labels: + {{- include "gitea.labels" . | nindent 4 }} + app.kubernetes.io/component: token-job + annotations: + # helm.sh/hook: post-install + # helm.sh/hook-delete-policy: hook-succeeded +{{- end }} diff --git a/templates/gitea/actions-statefulset.yaml b/templates/gitea/actions/statefulset.yaml similarity index 92% rename from templates/gitea/actions-statefulset.yaml rename to templates/gitea/actions/statefulset.yaml index 5208996..8fcb07d 100644 --- a/templates/gitea/actions-statefulset.yaml +++ b/templates/gitea/actions/statefulset.yaml @@ -1,19 +1,6 @@ {{- if and (and .Values.actions.statefulset.enabled .Values.persistence.enabled) .Values.persistence.mount }} {{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }} --- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "gitea.fullname" . }}-act-runner-config - labels: - {{- include "gitea.labels" . | nindent 4 }} -data: - config.yaml: | - log: - level: debug - cache: - enabled: false ---- apiVersion: apps/v1 kind: StatefulSet metadata: @@ -22,7 +9,7 @@ metadata: {{- if .Values.actions.statefulset.labels }} {{- toYaml .Values.actions.statefulset.labels | nindent 4 }} {{- end }} - name: act-runner + name: {{ include "gitea.fullname" . }}-act-runner spec: selector: matchLabels: