chore(task): dump tasks set to deploy gitea on eks

2026-02-09 05:44:23 +00:00 · 2025-07-23 19:17:25 +02:00
parent dd78e4547a
commit 0702e7d543
2 changed files with 115 additions and 0 deletions
--- a/snippets/helm.sh
+++ b/snippets/helm.sh
@@ -19,9 +19,12 @@ helm search repo --versions --output 'json' … \

 helm show values 'gitlab/gitlab'
 helm show values 'gitlab/gitlab-runner' --version '0.64.1'
+helm show values --repo 'https://grafana.github.io/helm-charts' 'loki' --version '6.30.1'

 helm pull 'ingress-nginx/ingress-nginx' --version '4.0.6' --destination '/tmp' --untar --untardir 'ingress-nginx'

+helm template --repo 'https://prometheus-community.github.io/helm-charts' 'prometheus' 'prometheus'
+helm template 'loki' --repo 'https://grafana.github.io/helm-charts' 'loki' --version '6.30.1' --values 'values.aws.yml'
 helm template --namespace 'gitlab' --values "values.gitlab-runner.yaml" --set global.hosts.hostSuffix='test' \
 	'gitlab-runner' 'gitlab/gitlab-runner'

@@ -60,3 +63,8 @@ aws eks --region 'eu-west-1' update-kubeconfig --name 'custom-eks-cluster' \
 helm --namespace 'kube-system' diff upgrade 'metrics-server' 'metrics-server/metrics-server' \
 	--version '3.12.2' --values 'metrics-server.values.yml' \
 	--set 'args[0]'='--kubelet-insecure-tls'
+
+helm template 'loki' \
+	--repo 'https://grafana.github.io/helm-charts' 'loki' --version '6.30.1' \
+	--values 'staging/values.eks.yml' \
+| yq -rs '[.[].spec.template?.spec.containers[]?.image]|unique|.[]' -
--- a/snippets/task/deploy
+++ b/snippets/task/deploy
@@ -0,0 +1,107 @@
+---
+
+version: '3'
+silent: true
+vars:
+  GITEA_ADMIN_SECRET_NAME: gitea-admin-secret
+  HELM_CHART_NAME: gitea
+  HELM_CHART_REPOSITORY: https://dl.gitea.com/charts/
+  HELM_CHART_VERSION: 12.1.0
+  HELM_RELEASE_NAME: gitea
+  HELM_RELEASE_NAMESPACE: gitea
+  HELM_VALUES_FILE: values.eks.yml
+tasks:
+  apply:
+    deps:
+      - ecr:ensure-container-images
+      - ensure-k8s-secret
+    requires:
+      vars:
+        - GITEA_MAILER_PASSWORD
+        - HELM_CHART_NAME
+        - HELM_CHART_REPOSITORY
+        - HELM_CHART_VERSION
+        - HELM_RELEASE_NAME
+        - HELM_RELEASE_NAMESPACE
+        - HELM_VALUES_FILE
+    vars:
+      GITEA_MAILER_PASSWORD:
+        sh: pulumi config get 'giteaMailerPassword'
+    cmd: >-
+      helm --namespace '{{.HELM_RELEASE_NAMESPACE}}' upgrade --install --cleanup-on-fail
+      '{{.HELM_RELEASE_NAME}}'
+      --repo '{{.HELM_CHART_REPOSITORY}}' '{{.HELM_CHART_NAME}}' --version '{{.HELM_CHART_VERSION}}'
+      --values '{{.HELM_VALUES_FILE}}'
+      --set 'gitea.config.mailer.PASSWD'='{{.GITEA_MAILER_PASSWORD}}'
+  diff:
+    requires:
+      vars:
+        - GITEA_MAILER_PASSWORD
+        - HELM_CHART_NAME
+        - HELM_CHART_REPOSITORY
+        - HELM_CHART_VERSION
+        - HELM_RELEASE_NAME
+        - HELM_RELEASE_NAMESPACE
+        - HELM_VALUES_FILE
+    vars:
+      GITEA_MAILER_PASSWORD:
+        sh: pulumi config get 'giteaMailerPassword'
+    cmd: >-
+      helm --namespace '{{.HELM_RELEASE_NAMESPACE}}' diff upgrade
+      '{{.HELM_RELEASE_NAME}}'
+      --repo '{{.HELM_CHART_REPOSITORY}}' '{{.HELM_CHART_NAME}}' --version '{{.HELM_CHART_VERSION}}'
+      --values '{{.HELM_VALUES_FILE}}'
+      --set 'gitea.config.mailer.PASSWD'='{{.GITEA_MAILER_PASSWORD}}'
+  ecr:ensure-container-images:
+    requires:
+      vars:
+        - ECR_URL
+        - IMAGES
+    vars:
+      ECR_URL:
+        sh: yq -r '.image.registry' '{{.HELM_VALUES_FILE}}'
+      IMAGES:
+        sh: >-
+          helm template '{{.HELM_RELEASE_NAME}}'
+          --repo '{{.HELM_CHART_REPOSITORY}}' '{{.HELM_CHART_NAME}}' --version '{{.HELM_CHART_VERSION}}'
+          --values '{{.HELM_VALUES_FILE}}'
+          | yq -rs '[.[].spec.template?.spec.containers[]?.image]|unique|.[]' -
+    cmds:
+      - >-
+          aws ecr get-login-password
+          | docker login --username 'AWS' --password-stdin '{{.ECR_URL}}'
+      - for:
+          var: IMAGES
+        cmd: docker image pull '{{.ITEM}}'
+  enforce-k8s-secret:
+    deps:
+      - ensure-k8s-namespace
+    requires:
+      vars:
+        - GITEA_ADMIN_SECRET_NAME
+        - HELM_RELEASE_NAMESPACE
+    cmds:
+      - >-
+          kubectl --namespace '{{.HELM_RELEASE_NAMESPACE}}' get secret '{{.GITEA_ADMIN_SECRET_NAME}}' &&
+          kubectl --namespace '{{.HELM_RELEASE_NAMESPACE}}' delete secret '{{.GITEA_ADMIN_SECRET_NAME}}'
+      - task: ensure-k8s-secret
+  ensure-k8s-namespace:
+    requires:
+      vars:
+        - HELM_RELEASE_NAMESPACE
+    cmd: kubectl get namespaces '{{.HELM_RELEASE_NAMESPACE}}' || kubectl create namespace '{{.HELM_RELEASE_NAMESPACE}}'
+  ensure-k8s-secret:
+    deps:
+      - ensure-k8s-namespace
+    requires:
+      vars:
+        - GITEA_ADMIN_PASSWORD
+        - GITEA_ADMIN_SECRET_NAME
+        - HELM_RELEASE_NAMESPACE
+    vars:
+      GITEA_ADMIN_PASSWORD:
+        sh: pulumi config get 'giteaAdminPassword'
+    cmd: >-
+      kubectl --namespace '{{.HELM_RELEASE_NAMESPACE}}' get secret '{{.GITEA_ADMIN_SECRET_NAME}}' ||
+      kubectl --namespace '{{.HELM_RELEASE_NAMESPACE}}' create secret generic '{{.GITEA_ADMIN_SECRET_NAME}}'
+      --from-literal 'username=gitea_admin' --from-literal 'password={{.GITEA_ADMIN_PASSWORD}}'