From 962f24811b5fd3606e50d6b890659f8591fcee50 Mon Sep 17 00:00:00 2001 From: mbelfares Date: Thu, 18 Jun 2026 00:29:54 +0200 Subject: [PATCH] migrate pipeline to gitea --- {.github => .gitea}/workflows/deploy.yml | 0 deploy.yml | 157 ----------------------- 2 files changed, 157 deletions(-) rename {.github => .gitea}/workflows/deploy.yml (100%) delete mode 100644 deploy.yml diff --git a/.github/workflows/deploy.yml b/.gitea/workflows/deploy.yml similarity index 100% rename from .github/workflows/deploy.yml rename to .gitea/workflows/deploy.yml diff --git a/deploy.yml b/deploy.yml deleted file mode 100644 index b49daee..0000000 --- a/deploy.yml +++ /dev/null @@ -1,157 +0,0 @@ -name: Deploy Stack - -on: - workflow_dispatch: - inputs: - service: - description: "Service to deploy" - required: true - type: choice - options: - - all - - airflow - - keycloak - - keycloak-db - - nginx - - monitoring - -jobs: - deploy: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup kubeconfig - run: | - mkdir -p ~/.kube - echo "${{ secrets.KUBECONFIG }}" | base64 -d > ~/.kube/config - - - name: Setup Helm - uses: azure/setup-helm@v4 - - - name: Add Helm repos - run: | - helm repo add apache-airflow https://airflow.apache.org - helm repo add codecentric https://codecentric.github.io/helm-charts - helm repo add bitnami https://charts.bitnami.com/bitnami - helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx - helm repo add prometheus-community https://prometheus-community.github.io/helm-charts - helm repo add oauth2-proxy https://oauth2-proxy.github.io/manifests - helm repo update - - - name: Deploy Nginx - if: ${{ inputs.service == 'all' || inputs.service == 'nginx' }} - run: | - helm upgrade --install ingress-nginx ingress-nginx/ingress-nginx \ - --namespace ingress-nginx \ - --create-namespace - - - name: Create Airflow git-sync SSH secret - if: ${{ inputs.service == 'all' || inputs.service == 'airflow' }} - env: - SSH_KEY: ${{ secrets.AIRFLOW_GITSYNC_SSH_KEY }} - run: | - kubectl create namespace airflow --dry-run=client -o yaml | kubectl apply -f - - printf '%s' "$SSH_KEY" | base64 -d > /tmp/gitSshKey - chmod 600 /tmp/gitSshKey - ssh-keyscan github.com 2>/dev/null > /tmp/known_hosts - kubectl create secret generic airflow-gitsync-ssh \ - --from-file=gitSshKey=/tmp/gitSshKey \ - --from-file=known_hosts=/tmp/known_hosts \ - --namespace airflow \ - --dry-run=client -o yaml | kubectl apply -f - - rm -f /tmp/gitSshKey /tmp/known_hosts - - name: Deploy Airflow - if: ${{ inputs.service == 'all' || inputs.service == 'airflow' }} - run: | - helm upgrade --install airflow apache-airflow/airflow \ - --namespace airflow \ - --create-namespace \ - --values helm/airflow/values.yaml - - - name: Deploy Keycloak PostgreSQL - if: ${{ inputs.service == 'all' || inputs.service == 'keycloak' || inputs.service == 'keycloak-db' }} - run: | - helm upgrade --install keycloak-db oci://registry-1.docker.io/bitnamicharts/postgresql \ - --namespace keycloak \ - --create-namespace \ - --set auth.username=keycloak \ - --set auth.password=keycloak \ - --set auth.database=keycloak \ - --wait - - - name: Deploy Keycloak - if: ${{ inputs.service == 'all' || inputs.service == 'keycloak' }} - run: | - helm upgrade --install keycloak codecentric/keycloakx \ - --namespace keycloak \ - --create-namespace \ - --values helm/keycloak/values.yaml \ - --wait - - name: Create monitoring namespace - if: ${{ inputs.service == 'all' || inputs.service == 'monitoring' }} - run: | - kubectl create namespace monitoring --dry-run=client -o yaml | kubectl apply -f - - - - name: Create Grafana OAuth secret - if: ${{ inputs.service == 'all' || inputs.service == 'monitoring' }} - run: | - kubectl create secret generic grafana-oauth-secret \ - -n monitoring \ - --from-literal=GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET="${{ secrets.GRAFANA_CLIENT_SECRET }}" \ - --from-literal=GF_SECURITY_SECRET_KEY="${{ secrets.GRAFANA_SECRET_KEY }}" \ - --dry-run=client -o yaml | kubectl apply -f - - - - name: Create oauth2-proxy secrets - if: ${{ inputs.service == 'all' || inputs.service == 'monitoring' }} - run: | - kubectl create secret generic oauth2-proxy-prometheus \ - -n monitoring \ - --from-literal=client-id=prometheus \ - --from-literal=client-secret="${{ secrets.PROMETHEUS_CLIENT_SECRET }}" \ - --from-literal=cookie-secret="${{ secrets.OAUTH2_PROXY_COOKIE_SECRET }}" \ - --dry-run=client -o yaml | kubectl apply -f - - - kubectl create secret generic oauth2-proxy-alertmanager \ - -n monitoring \ - --from-literal=client-id=alertmanager \ - --from-literal=client-secret="${{ secrets.ALERTMANAGER_CLIENT_SECRET }}" \ - --from-literal=cookie-secret="${{ secrets.OAUTH2_PROXY_COOKIE_SECRET }}" \ - --dry-run=client -o yaml | kubectl apply -f - - - - # - name: Install/upgrade Prometheus CRDs (server-side, hors Helm) - # if: ${{ inputs.service == 'all' || inputs.service == 'monitoring' }} - # run: | - # kubectl apply --server-side --force-conflicts -f \ - # https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/main/bundle.yaml \ - # --field-manager=prometheus-operator - - - name: Deploy Monitoring - if: ${{ inputs.service == 'all' || inputs.service == 'monitoring' }} - run: | - helm upgrade --install monitoring prometheus-community/kube-prometheus-stack \ - --namespace monitoring \ - --create-namespace \ - --values helm/monitoring/values.yaml \ - --version 61.9.0 \ - --timeout 5m - - - name: Deploy oauth2-proxy Prometheus - if: ${{ inputs.service == 'all' || inputs.service == 'monitoring' }} - run: | - helm upgrade --install oauth2-proxy-prometheus \ - oauth2-proxy/oauth2-proxy \ - --namespace monitoring \ - -f helm/monitoring/oauth2-proxy-prometheus.yaml \ - --cleanup-on-fail - - - name: Deploy oauth2-proxy Alertmanager - if: ${{ inputs.service == 'all' || inputs.service == 'monitoring' }} - run: | - helm upgrade --install oauth2-proxy-alertmanager \ - oauth2-proxy/oauth2-proxy \ - --namespace monitoring \ - -f helm/monitoring/oauth2-proxy-alertmanager.yaml \ - --cleanup-on-fail