chore(task): dump tasks set to deploy gitea on eks

2026-02-09 05:44:23 +00:00 · 2025-07-23 19:17:25 +02:00
parent dd78e4547a
commit 0702e7d543
2 changed files with 115 additions and 0 deletions
--- a/snippets/task/deploy
+++ b/snippets/task/deploy
@@ -0,0 +1,107 @@
+---
+
+version: '3'
+silent: true
+vars:
+  GITEA_ADMIN_SECRET_NAME: gitea-admin-secret
+  HELM_CHART_NAME: gitea
+  HELM_CHART_REPOSITORY: https://dl.gitea.com/charts/
+  HELM_CHART_VERSION: 12.1.0
+  HELM_RELEASE_NAME: gitea
+  HELM_RELEASE_NAMESPACE: gitea
+  HELM_VALUES_FILE: values.eks.yml
+tasks:
+  apply:
+    deps:
+      - ecr:ensure-container-images
+      - ensure-k8s-secret
+    requires:
+      vars:
+        - GITEA_MAILER_PASSWORD
+        - HELM_CHART_NAME
+        - HELM_CHART_REPOSITORY
+        - HELM_CHART_VERSION
+        - HELM_RELEASE_NAME
+        - HELM_RELEASE_NAMESPACE
+        - HELM_VALUES_FILE
+    vars:
+      GITEA_MAILER_PASSWORD:
+        sh: pulumi config get 'giteaMailerPassword'
+    cmd: >-
+      helm --namespace '{{.HELM_RELEASE_NAMESPACE}}' upgrade --install --cleanup-on-fail
+      '{{.HELM_RELEASE_NAME}}'
+      --repo '{{.HELM_CHART_REPOSITORY}}' '{{.HELM_CHART_NAME}}' --version '{{.HELM_CHART_VERSION}}'
+      --values '{{.HELM_VALUES_FILE}}'
+      --set 'gitea.config.mailer.PASSWD'='{{.GITEA_MAILER_PASSWORD}}'
+  diff:
+    requires:
+      vars:
+        - GITEA_MAILER_PASSWORD
+        - HELM_CHART_NAME
+        - HELM_CHART_REPOSITORY
+        - HELM_CHART_VERSION
+        - HELM_RELEASE_NAME
+        - HELM_RELEASE_NAMESPACE
+        - HELM_VALUES_FILE
+    vars:
+      GITEA_MAILER_PASSWORD:
+        sh: pulumi config get 'giteaMailerPassword'
+    cmd: >-
+      helm --namespace '{{.HELM_RELEASE_NAMESPACE}}' diff upgrade
+      '{{.HELM_RELEASE_NAME}}'
+      --repo '{{.HELM_CHART_REPOSITORY}}' '{{.HELM_CHART_NAME}}' --version '{{.HELM_CHART_VERSION}}'
+      --values '{{.HELM_VALUES_FILE}}'
+      --set 'gitea.config.mailer.PASSWD'='{{.GITEA_MAILER_PASSWORD}}'
+  ecr:ensure-container-images:
+    requires:
+      vars:
+        - ECR_URL
+        - IMAGES
+    vars:
+      ECR_URL:
+        sh: yq -r '.image.registry' '{{.HELM_VALUES_FILE}}'
+      IMAGES:
+        sh: >-
+          helm template '{{.HELM_RELEASE_NAME}}'
+          --repo '{{.HELM_CHART_REPOSITORY}}' '{{.HELM_CHART_NAME}}' --version '{{.HELM_CHART_VERSION}}'
+          --values '{{.HELM_VALUES_FILE}}'
+          | yq -rs '[.[].spec.template?.spec.containers[]?.image]|unique|.[]' -
+    cmds:
+      - >-
+          aws ecr get-login-password
+          | docker login --username 'AWS' --password-stdin '{{.ECR_URL}}'
+      - for:
+          var: IMAGES
+        cmd: docker image pull '{{.ITEM}}'
+  enforce-k8s-secret:
+    deps:
+      - ensure-k8s-namespace
+    requires:
+      vars:
+        - GITEA_ADMIN_SECRET_NAME
+        - HELM_RELEASE_NAMESPACE
+    cmds:
+      - >-
+          kubectl --namespace '{{.HELM_RELEASE_NAMESPACE}}' get secret '{{.GITEA_ADMIN_SECRET_NAME}}' &&
+          kubectl --namespace '{{.HELM_RELEASE_NAMESPACE}}' delete secret '{{.GITEA_ADMIN_SECRET_NAME}}'
+      - task: ensure-k8s-secret
+  ensure-k8s-namespace:
+    requires:
+      vars:
+        - HELM_RELEASE_NAMESPACE
+    cmd: kubectl get namespaces '{{.HELM_RELEASE_NAMESPACE}}' || kubectl create namespace '{{.HELM_RELEASE_NAMESPACE}}'
+  ensure-k8s-secret:
+    deps:
+      - ensure-k8s-namespace
+    requires:
+      vars:
+        - GITEA_ADMIN_PASSWORD
+        - GITEA_ADMIN_SECRET_NAME
+        - HELM_RELEASE_NAMESPACE
+    vars:
+      GITEA_ADMIN_PASSWORD:
+        sh: pulumi config get 'giteaAdminPassword'
+    cmd: >-
+      kubectl --namespace '{{.HELM_RELEASE_NAMESPACE}}' get secret '{{.GITEA_ADMIN_SECRET_NAME}}' ||
+      kubectl --namespace '{{.HELM_RELEASE_NAMESPACE}}' create secret generic '{{.GITEA_ADMIN_SECRET_NAME}}'
+      --from-literal 'username=gitea_admin' --from-literal 'password={{.GITEA_ADMIN_PASSWORD}}'