mbelfares/airflow3-kube
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

migrate pipeline to gitea

Browse Source
This commit is contained in:
Mohand Ou Idir Belfares
2026-06-18 00:29:54 +02:00
parent bd7a43e151
commit 962f24811b
2 changed files with 0 additions and 157 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/deploy.yml → .gitea/workflows/deploy.yml
View File
deploy.yml
-157
View File
@@ -1,157 +0,0 @@
name: Deploy Stack
on:
workflow_dispatch:
inputs:
service:
description: "Service to deploy"
required: true
type: choice
options:
- all
- airflow
- keycloak
- keycloak-db
- nginx
- monitoring
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup kubeconfig
run: |
mkdir -p ~/.kube
echo "${{ secrets.KUBECONFIG }}" | base64 -d > ~/.kube/config
- name: Setup Helm
uses: azure/setup-helm@v4
- name: Add Helm repos
run: |
helm repo add apache-airflow https://airflow.apache.org
helm repo add codecentric https://codecentric.github.io/helm-charts
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo add oauth2-proxy https://oauth2-proxy.github.io/manifests
helm repo update
- name: Deploy Nginx
if: ${{ inputs.service == 'all' || inputs.service == 'nginx' }}
run: |
helm upgrade --install ingress-nginx ingress-nginx/ingress-nginx \
--namespace ingress-nginx \
--create-namespace
- name: Create Airflow git-sync SSH secret
if: ${{ inputs.service == 'all' || inputs.service == 'airflow' }}
env:
SSH_KEY: ${{ secrets.AIRFLOW_GITSYNC_SSH_KEY }}
run: |
kubectl create namespace airflow --dry-run=client -o yaml | kubectl apply -f -
printf '%s' "$SSH_KEY" | base64 -d > /tmp/gitSshKey
chmod 600 /tmp/gitSshKey
ssh-keyscan github.com 2>/dev/null > /tmp/known_hosts
kubectl create secret generic airflow-gitsync-ssh \
--from-file=gitSshKey=/tmp/gitSshKey \
--from-file=known_hosts=/tmp/known_hosts \
--namespace airflow \
--dry-run=client -o yaml | kubectl apply -f -
rm -f /tmp/gitSshKey /tmp/known_hosts
- name: Deploy Airflow
if: ${{ inputs.service == 'all' || inputs.service == 'airflow' }}
run: |
helm upgrade --install airflow apache-airflow/airflow \
--namespace airflow \
--create-namespace \
--values helm/airflow/values.yaml
- name: Deploy Keycloak PostgreSQL
if: ${{ inputs.service == 'all' || inputs.service == 'keycloak' || inputs.service == 'keycloak-db' }}
run: |
helm upgrade --install keycloak-db oci://registry-1.docker.io/bitnamicharts/postgresql \
--namespace keycloak \
--create-namespace \
--set auth.username=keycloak \
--set auth.password=keycloak \
--set auth.database=keycloak \
--wait
- name: Deploy Keycloak
if: ${{ inputs.service == 'all' || inputs.service == 'keycloak' }}
run: |
helm upgrade --install keycloak codecentric/keycloakx \
--namespace keycloak \
--create-namespace \
--values helm/keycloak/values.yaml \
--wait
- name: Create monitoring namespace
if: ${{ inputs.service == 'all' || inputs.service == 'monitoring' }}
run: |
kubectl create namespace monitoring --dry-run=client -o yaml | kubectl apply -f -
- name: Create Grafana OAuth secret
if: ${{ inputs.service == 'all' || inputs.service == 'monitoring' }}
run: |
kubectl create secret generic grafana-oauth-secret \
-n monitoring \
--from-literal=GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET="${{ secrets.GRAFANA_CLIENT_SECRET }}" \
--from-literal=GF_SECURITY_SECRET_KEY="${{ secrets.GRAFANA_SECRET_KEY }}" \
--dry-run=client -o yaml | kubectl apply -f -
- name: Create oauth2-proxy secrets
if: ${{ inputs.service == 'all' || inputs.service == 'monitoring' }}
run: |
kubectl create secret generic oauth2-proxy-prometheus \
-n monitoring \
--from-literal=client-id=prometheus \
--from-literal=client-secret="${{ secrets.PROMETHEUS_CLIENT_SECRET }}" \
--from-literal=cookie-secret="${{ secrets.OAUTH2_PROXY_COOKIE_SECRET }}" \
--dry-run=client -o yaml | kubectl apply -f -
kubectl create secret generic oauth2-proxy-alertmanager \
-n monitoring \
--from-literal=client-id=alertmanager \
--from-literal=client-secret="${{ secrets.ALERTMANAGER_CLIENT_SECRET }}" \
--from-literal=cookie-secret="${{ secrets.OAUTH2_PROXY_COOKIE_SECRET }}" \
--dry-run=client -o yaml | kubectl apply -f -
# - name: Install/upgrade Prometheus CRDs (server-side, hors Helm)
# if: ${{ inputs.service == 'all' || inputs.service == 'monitoring' }}
# run: |
# kubectl apply --server-side --force-conflicts -f \
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/main/bundle.yaml \
# --field-manager=prometheus-operator
- name: Deploy Monitoring
if: ${{ inputs.service == 'all' || inputs.service == 'monitoring' }}
run: |
helm upgrade --install monitoring prometheus-community/kube-prometheus-stack \
--namespace monitoring \
--create-namespace \
--values helm/monitoring/values.yaml \
--version 61.9.0 \
--timeout 5m
- name: Deploy oauth2-proxy Prometheus
if: ${{ inputs.service == 'all' || inputs.service == 'monitoring' }}
run: |
helm upgrade --install oauth2-proxy-prometheus \
oauth2-proxy/oauth2-proxy \
--namespace monitoring \
-f helm/monitoring/oauth2-proxy-prometheus.yaml \
--cleanup-on-fail
- name: Deploy oauth2-proxy Alertmanager
if: ${{ inputs.service == 'all' || inputs.service == 'monitoring' }}
run: |
helm upgrade --install oauth2-proxy-alertmanager \
oauth2-proxy/oauth2-proxy \
--namespace monitoring \
-f helm/monitoring/oauth2-proxy-alertmanager.yaml \
--cleanup-on-fail