cycore/radicale
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Move CI to github actions

Browse source
This commit is contained in:
theautomation 2024-01-03 19:37:04 +01:00
parent 70b2eb684b
commit 3728984e9b
5 changed files with 35 additions and 370 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
.github/workflows/ci.yaml vendored Normal file
View file

@ -0,0 +1,35 @@
---
name: Continuous Integration
on:
push:
pull_request:
workflow_dispatch:
jobs:
yamllint:
name: Yaml lint
uses: theautomation/github-actions/.github/workflows/yamllint.yaml@main
build-and-push-image:
name: Build and Push Image
needs: [yamllint]
uses: theautomation/github-actions/.github/workflows/build-and-push.yaml@main
with:
publish: true
dispatch-update-manifest:
name: Repository Dispatch to Update Manifest
needs: [build-and-push-image]
runs-on: ubuntu-latest
steps:
- name: Repository Dispatch
uses: peter-evans/repository-dispatch@v2
with:
token: ${{ secrets.PAT }}
repository: theautomation/gitops
event-type: update-manifest
client-payload:
'{"ref": "${{ github.ref }}", "repository": "${{
github.repository}}", "registry": "ghcr.io", "sha": "${{ github.sha
}}"}'

0
deploy/container/Containerfile → Dockerfile
View file

29
cicd/.yamllint.yaml
View file

@ -1,29 +0,0 @@
---
rules:
braces: enable
brackets: enable
colons: enable
commas: enable
comments:
level: warning
comments-indentation:
level: warning
document-end: disable
document-start:
level: warning
empty-lines: enable
empty-values: disable
hyphens: enable
indentation: enable
key-duplicates: enable
key-ordering: disable
line-length:
level: warning
max: 88
new-line-at-end-of-file: enable
new-lines: enable
octal-values: disable
quoted-strings: disable
trailing-spaces: enable
truthy:
level: warning

148
cicd/pipeline.yaml
View file

@ -1,148 +0,0 @@
---
kind: pipeline
type: docker
name: validate
steps:
- name: yamllint
image: sdesbure/yamllint:latest
commands:
- yamllint -c ./cicd/.yamllint.yaml .
---
kind: pipeline
type: docker
name: build
depends_on:
- validate
steps:
- name: build and push image
image: quay.io/buildah/stable
privileged: true
network_mode: host
environment:
REGISTRY_HOST: "harbor.lan.theautomation.nl/k8s"
CONTAINERFILE: "./deploy/container/Containerfile"
STORAGE_DRIVER: "overlay"
FORMAT: "docker"
CONTEXT: "."
TLSVERIFY: "false"
USERNAME: "robot-drone"
PASSWORD:
from_secret: harbor_registry_drone_password
commands:
- |
echo "Build image..."
buildah --build-arg BUILD_UID=1000 --build-arg BUILD_GID=1000 --storage-driver=$${STORAGE_DRIVER} bud --format=$${FORMAT} \
--tls-verify=$${TLSVERIFY} -f $${CONTAINERFILE} \
-t $${REGISTRY_HOST}/$${DRONE_REPO_NAME}:latest \
-t $${REGISTRY_HOST}/$${DRONE_REPO_NAME}:$${DRONE_BUILD_NUMBER} \
- |
echo "Push image with latest tag..."
buildah push --creds=$${USERNAME}:$${PASSWORD} \
--tls-verify=$${TLSVERIFY} \
$${REGISTRY_HOST}/$${DRONE_REPO_NAME}:latest \
docker://$${REGISTRY_HOST}/$${DRONE_REPO_NAME}:latest
- |
echo "Push image with buildnumber tag..."
buildah push --creds=$${USERNAME}:$${PASSWORD} \
--tls-verify=$${TLSVERIFY} \
--digestfile=/tmp/image-digest \
$${REGISTRY_HOST}/$${DRONE_REPO_NAME}:$${DRONE_BUILD_NUMBER} \
docker://$${REGISTRY_HOST}/$${DRONE_REPO_NAME}:$${DRONE_BUILD_NUMBER}
---
kind: pipeline
type: docker
name: deploy
depends_on:
- build
steps:
- name: upgrade k8s manifest
image: alpine:3
network_mode: host
environment:
REGISTRY_NAME: "k8s"
commands:
- sed -i -e
"s%/$${REGISTRY_NAME}/$${DRONE_REPO_NAME}:.*%/$${REGISTRY_NAME}/$${DRONE_REPO_NAME}:$${DRONE_BUILD_NUMBER}\"%1"
./deploy/k8s/manifest.yaml
- name: push k8s manifest
image: appleboy/drone-git-push:1-linux-amd64
settings:
remote_name: "git@github.com:${DRONE_REPO}"
branch: ${DRONE_BRANCH}
force: false
commit: true
commit_message: "[bot] [skip ci] bump image tag"
author_name: ci-bot
ssh_key:
from_secret: github_ssh_key
- name: apply k8s manifest
image: bitnami/kubectl
volumes:
- name: kubeconfig
path: /.kube
network_mode: host
commands:
- cat ./deploy/k8s/manifest.yaml
- kubectl apply -f ./deploy/k8s/manifest.yaml
volumes:
- name: kubeconfig
host:
path: /var/lib/.kube
---
kind: pipeline
type: docker
name: notify
depends_on:
- deploy
trigger:
status:
- success
- failure
steps:
- name: slack
image: plugins/slack
settings:
webhook:
from_secret: slack_webhook_url
channel: cicd
template: >
{{#success build.status}}
Build and deploy {{build.number}} of {{repo.name}} succeeded.
{{else}}
Build and deploy {{build.number}} of {{repo.name}} failed.
{{/success}}
---
kind: secret
name: harbor_registry_drone_password
get:
path: harbor-registry-drone-password
name: harbor-robot-password
---
kind: secret
name: github_ssh_key
get:
path: github-ssh-keys
name: id_rsa
---
kind: secret
name: slack_webhook_url
get:
path: slack-webhook-url
name: url

193
deploy/k8s/manifest.yaml
View file

@ -1,193 +0,0 @@
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: pv-nfs-radicale-data
labels:
app: radicale
spec:
storageClassName: "freenas-nfs-manual-csi"
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
mountOptions:
- nfsvers=4
- nolock
- noatime
csi:
driver: org.democratic-csi.node-manual
readOnly: false
fsType: nfs
volumeHandle: pv-nfs-radicale-data
volumeAttributes:
server: storage-server-lagg.lan.theautomation.nl
share: /mnt/r01_1tb/k8s/radicale-data
node_attach_driver: nfs
provisioner_driver: node-manual
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pvc-nfs-radicale-data
namespace: tools
labels:
app: radicale
annotations:
volume.beta.kubernetes.io/storage-class: "freenas-nfs-manual-csi"
spec:
storageClassName: freenas-nfs-manual-csi
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
volumeName: pv-nfs-radicale-data
---
kind: SealedSecret
apiVersion: bitnami.com/v1alpha1
metadata:
name: radicale-users
namespace: tools
spec:
encryptedData:
users: AgDNUvOn79Q6gZ46yyVrLTIX9XmzLInMgj/skkqrzNPH2YUh+m23L0c6Rqt538fa4tdPd8mr+//pp9rDIXkRBX5UjXIU/udzxD44uCbDFB9bTzMqltO6QZo9AcEFi2Z5JpQ5CY1cOVcBEgjclUbGih7qQ440uEvGK/IOF8W8LLGTwGcUu68h5PWtOqMJAkavjzhKTEfmRmX3nJbJqRUh4YOiCmq0s9Wm1mfMmpsh7YvrFISmWnGNSkxl6HNzL/EitDNf5dii7g/un4wjDH2QiTzBLIHZMVgaDRKZ/osl+dk51DrvaL7FG7984uN21DTHxnb+j+bfGR6V9mw5Y9soEQvKdk5pquGxNiIbG6QTXBFhh7lXxXy8y6tUbcmMOaR5CvNLAnPNVpVX7AZKT6DbJzKgNE9rWlQgRKEXzmHDCHOYE9E5DltAzdr9NIub0ZXJpjMjGFLsN3h0uaD7zsMr/aHO5Jd/PnaAYHXd2qk7EykPmkYtH1+bk5lmIsU9RAGxmrgBtSrFTkZvLVEx9GTZFZSowtd06D2qZniJ4TxnlrqThfP+d0iAcPJ/q2CBYKUoEZv3hvHvSHORw+T6nTomvLqLCZ8+1OsRFBNI2upMHEr31Yv7NtA3zg4ZNaYsiETLr4g2raBBgkYz5LL3HQ3nGbMMA9b8wFzT8Zq+n6UJOLIfJDFg/YWNgJ3T/S/JJt4p8jLdMu2xLx7hJpYnImfj9HFjmsn4v6SQV+yjdirtWof3B/IqPuDsibq8B31ayJ2DUhdGbwi3mXo3MX/u0lOhGrWk1MW2ByVMG+N4UfoNJt1GyX2tllWrXvY0xTm8G7h73cY1HudiWDg3y/IKU1AZ7Nq0U1TRDUO1dId8AxeFfsJ9wllqIIzysL4wk8sjSeSq9QIitcouM+OBuMJNd6PACawSQah1/tzApLa4fRzJc8PissSAHHc2o/RdyT7kqznPqfl1sUUuCHQeEWVvxw==
template:
metadata:
labels:
app: radicale
name: users
namespace: tools
type: Opaque
---
kind: ConfigMap
apiVersion: v1
metadata:
name: radicale-config
namespace: tools
labels:
app: radicale
data:
config: |-
[server]
hosts = 0.0.0.0:5232
[storage]
filesystem_folder = /data/collections
[web]
type = internal
[logging]
level = info
[auth]
type = htpasswd
htpasswd_filename = /etc/radicale/users
htpasswd_encryption = bcrypt
delay = 1
realm = Radicale - Password Required
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: radicale
namespace: tools
labels:
app: radicale
spec:
replicas: 1
selector:
matchLabels:
app: radicale
template:
metadata:
labels:
app: radicale
spec:
securityContext:
fsGroup: 1000
containers:
- name: radicale
image: "harbor.lan.theautomation.nl/k8s/radicale:33"
resources: {}
command: ["/bin/sh", "/usr/local/bin/docker-entrypoint.sh"]
args: ["radicale", "--config", "/config/config"]
securityContext:
allowPrivilegeEscalation: false
runAsUser: 1000
runAsGroup: 1000
ports:
- containerPort: 5232
protocol: TCP
volumeMounts:
- name: collections
mountPath: /data/collections
- name: config
mountPath: /config/config
subPath: config
readOnly: true
- name: users
mountPath: /etc/radicale/users
subPath: users
readOnly: true
volumes:
- name: config
configMap:
name: radicale-config
- name: users
secret:
secretName: radicale-users
- name: collections
persistentVolumeClaim:
claimName: pvc-nfs-radicale-data
imagePullSecrets:
- name: harbor-registry-creds
---
kind: Service
apiVersion: v1
metadata:
name: radicale
namespace: tools
labels:
app: radicale
spec:
selector:
app: radicale
type: ClusterIP
ports:
- name: dav
protocol: TCP
targetPort: 5232
port: 5232
---
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: radicale
namespace: tools
labels:
app: radicale
annotations:
nginx.ingress.kubernetes.io/configuration-snippet: |-
proxy_set_header X-Remote-User $remote_user;
spec:
ingressClassName: nginx-public
rules:
- host: radicale.theautomation.nl
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: radicale
port:
number: 5232
tls:
- hosts:
- radicale.theautomation.nl
secretName: tls-wildcard-theautomation-nl