ci: add target namespace

ci: deploy job to inherit secrets
ci: deploy manifests
2026-06-01 19:09:54 +02:00 · 2026-06-01 18:33:09 +02:00 · 2026-06-01 18:33:09 +02:00 · 2026-06-01 18:33:09 +02:00 · 2026-05-31 18:34:27 +02:00 · 2026-05-31 18:18:21 +02:00
2 changed files with 22 additions and 64 deletions
@@ -10,48 +10,15 @@ on:
      - "**/*.go"
      - "Dockerfile"
      - "Makefile"
  pull_request:
    branches:
      - main
  workflow_dispatch:
 env:
  DOCKER_REGISTRY: gitea.t000-n.de
 jobs:
  build_and_push:
    name: Build and push
    strategy:
      matrix:
        arch: [amd64]
    runs-on:
      - ubuntu-latest
      - linux_${{ matrix.arch }}
    steps:
      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
      - name: Login to Registry
        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
        with:
          registry: ${{ env.DOCKER_REGISTRY }}
          username: ${{ secrets.REGISTRY_USER }}
          password: ${{ secrets.REGISTRY_PASSWORD }}
      - name: Get Metadata
        id: meta
        run: |
          echo REPO_NAME=$(echo ${GITHUB_REPOSITORY} | awk -F"/" '{print $2}' | tr '[:upper:]' '[:lower:]') >> $GITHUB_OUTPUT
          echo REPO_VERSION=$(git describe --tags --always | sed 's/^v//') >> $GITHUB_OUTPUT
      - name: Build and push
        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
        with:
          context: .
          file: ./Dockerfile
          platforms: linux/${{ matrix.arch }}
          push: true
          provenance: false
          build-args: GOARCH=${{ matrix.arch }}
          tags: |
            ${{ env.DOCKER_REGISTRY }}/t.behrendt/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }}-${{ matrix.arch }}
  create_tag:
    name: Create tag
    runs-on: ubuntu-latest
@@ -73,32 +40,22 @@ jobs:
        run: |
          echo "tag=${{ steps.tag.outputs.new-tag }}" >> $GITHUB_OUTPUT
-  create_manifest:
+  build_and_push_image:
-    name: Create manifest
+    needs: create_tag
-    needs:
+    uses: https://gitea.t000-n.de/t.behrendt/gitea-workflows/.gitea/workflows/build-container.yaml@0.1.1
-      - build_and_push
+    with:
-      - create_tag
+      registry: gitea.t000-n.de/t.behrendt
-    runs-on: ubuntu-latest
+      registry-user: ${{ secrets.REGISTRY_USER }}
-    steps:
+      registry-password: ${{ secrets.REGISTRY_PASSWORD }}
-      - name: Checkout
+      repo-name: authentik-kubernetes-operator
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      tag: ${{ needs.create_tag.outputs.tag }}
-      - name: Get Metadata
+  deploy:
-        id: meta
+    needs: build_and_push_image
-        run: |
+    uses: https://gitea.t000-n.de/t.behrendt/k_deploy_workflows/.gitea/workflows/deploy.yaml@1.1.0
-          echo REPO_NAME=$(echo ${GITHUB_REPOSITORY} | awk -F"/" '{print $2}' | tr '[:upper:]' '[:lower:]') >> $GITHUB_OUTPUT
+    with:
-          echo REPO_VERSION=$(git describe --tags --always | sed 's/^v//') >> $GITHUB_OUTPUT
+      k8s_dir: ./k8s
-
+      namespace: authentik-kubernetes-operator
-      - name: Login to Registry
+      skip_helm_deployment: true
-        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
+      skip_shared_secrets_deployment: true
-        with:
+    secrets: inherit
          registry: ${{ env.DOCKER_REGISTRY }}
          username: ${{ secrets.REGISTRY_USER }}
          password: ${{ secrets.REGISTRY_PASSWORD }}
      - name: Create manifest
        run: |
          docker manifest create ${{ env.DOCKER_REGISTRY }}/t.behrendt/${{ steps.meta.outputs.REPO_NAME }}:${{ needs.create_tag.outputs.tag }} \
            ${{ env.DOCKER_REGISTRY }}/t.behrendt/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }}-amd64
          docker manifest push ${{ env.DOCKER_REGISTRY }}/t.behrendt/${{ steps.meta.outputs.REPO_NAME }}:${{ needs.create_tag.outputs.tag }}
@@ -0,0 +1 @@
 ---
Author	SHA1	Message	Date
t.behrendt	02432eaec4	ci: add target namespace CI / install-dependencies (pull_request) Successful in 23s Details CI / image check (pull_request) Successful in 5s Details CI / check format (pull_request) Successful in 25s Details CI / check lint (pull_request) Successful in 25s Details CI / test (pull_request) Successful in 28s Details CD / Create tag (pull_request) Successful in 6s Details CI / build check (pull_request) Successful in 12m3s Details CD / build_and_push_image (pull_request) Successful in 2m3s Details CD / deploy (pull_request) Failing after 3m0s Details	2026-06-01 19:09:54 +02:00
t.behrendt	1c0ef88c8e	ci: deploy job to inherit secrets	2026-06-01 18:33:09 +02:00
t.behrendt	f97cf9070e	ci: deploy manifests	2026-06-01 18:33:09 +02:00
t.behrendt	e87344958c	ci: modernize cicd	2026-06-01 18:33:09 +02:00
renovate-bot	f5114b26fb	chore(deps): update docker/login-action action to v4.2.0 (#16 ) This PR contains the following updates: \| Package \| Type \| Update \| Change \| \|---\|---\|---\|---\| \| [docker/login-action](https://github.com/docker/login-action) \| action \| minor \| `v4.1.0` → `v4.2.0` \| --- ### Release Notes <details> <summary>docker/login-action (docker/login-action)</summary> ### [`v4.2.0`](https://github.com/docker/login-action/releases/tag/v4.2.0) [Compare Source](https://github.com/docker/login-action/compare/v4.1.0...v4.2.0) - Bump [@actions/core](https://github.com/actions/core) from 3.0.0 to 3.0.1 in [#976](https://github.com/docker/login-action/pull/976) - Bump [@aws-sdk/client-ecr](https://github.com/aws-sdk/client-ecr) and [@aws-sdk/client-ecr-public](https://github.com/aws-sdk/client-ecr-public) to 3.1050.0 in [#960](https://github.com/docker/login-action/pull/960) - Bump [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.86.0 to 0.90.0 in [#970](https://github.com/docker/login-action/pull/970) - Bump brace-expansion from 2.0.1 to 5.0.6 in [#993](https://github.com/docker/login-action/pull/993) - Bump fast-xml-builder from 1.1.4 to 1.2.0 in [#985](https://github.com/docker/login-action/pull/985) - Bump fast-xml-parser from 5.3.6 to 5.8.0 in [#963](https://github.com/docker/login-action/pull/963) - Bump http-proxy-agent and https-proxy-agent to 9.0.0 in [#961](https://github.com/docker/login-action/pull/961) - Bump postcss from 8.5.6 to 8.5.10 in [#979](https://github.com/docker/login-action/pull/979) - Bump tar from 6.2.1 to 7.5.15 in [#991](https://github.com/docker/login-action/pull/991) - Bump vite from 7.3.1 to 7.3.3 in [#986](https://github.com/docker/login-action/pull/986) Full Changelog: <https://github.com/docker/login-action/compare/v4.1.0...v4.2.0> </details> --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41LjQiLCJ1cGRhdGVkSW5WZXIiOiI0My41LjQiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImFjdGlvbiIsImRlcHMiXX0=--> Reviewed-on: #16 Reviewed-by: t.behrendt <2+t.behrendt@noreply.localhost> Co-authored-by: Renovate Bot <renovate@t00n.de> Co-committed-by: Renovate Bot <renovate@t00n.de>	2026-05-31 18:34:27 +02:00
renovate-bot	78cb50d3a6	chore(deps): update docker/setup-buildx-action action to v4.1.0 (#17 ) This PR contains the following updates: \| Package \| Type \| Update \| Change \| \|---\|---\|---\|---\| \| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) \| action \| minor \| `v4.0.0` → `v4.1.0` \| --- ### Release Notes <details> <summary>docker/setup-buildx-action (docker/setup-buildx-action)</summary> ### [`v4.1.0`](https://github.com/docker/setup-buildx-action/releases/tag/v4.1.0) [Compare Source](https://github.com/docker/setup-buildx-action/compare/v4.0.0...v4.1.0) - Bump [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.79.0 to 0.90.0 in [#489](https://github.com/docker/setup-buildx-action/pull/489) - Bump brace-expansion from 1.1.12 to 5.0.6 in [#547](https://github.com/docker/setup-buildx-action/pull/547) [#508](https://github.com/docker/setup-buildx-action/pull/508) - Bump fast-xml-builder from 1.0.0 to 1.2.0 in [#540](https://github.com/docker/setup-buildx-action/pull/540) - Bump fast-xml-parser from 5.4.2 to 5.8.0 in [#496](https://github.com/docker/setup-buildx-action/pull/496) - Bump flatted from 3.3.3 to 3.4.2 in [#499](https://github.com/docker/setup-buildx-action/pull/499) - Bump glob from 10.3.12 to 13.0.6 in [#495](https://github.com/docker/setup-buildx-action/pull/495) - Bump handlebars from 4.7.8 to 4.7.9 in [#504](https://github.com/docker/setup-buildx-action/pull/504) - Bump lodash from 4.17.23 to 4.18.1 in [#523](https://github.com/docker/setup-buildx-action/pull/523) - Bump picomatch from 4.0.3 to 4.0.4 in [#503](https://github.com/docker/setup-buildx-action/pull/503) - Bump postcss from 8.5.6 to 8.5.10 in [#537](https://github.com/docker/setup-buildx-action/pull/537) - Bump tar from 6.2.1 to 7.5.15 in [#545](https://github.com/docker/setup-buildx-action/pull/545) - Bump undici from 6.23.0 to 6.25.0 in [#492](https://github.com/docker/setup-buildx-action/pull/492) - Bump vite from 7.3.1 to 7.3.2 in [#520](https://github.com/docker/setup-buildx-action/pull/520) Full Changelog: <https://github.com/docker/setup-buildx-action/compare/v4.0.0...v4.1.0> </details> --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41LjQiLCJ1cGRhdGVkSW5WZXIiOiI0My41LjQiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImFjdGlvbiIsImRlcHMiXX0=--> Reviewed-on: #17 Reviewed-by: t.behrendt <2+t.behrendt@noreply.localhost> Co-authored-by: Renovate Bot <renovate@t00n.de> Co-committed-by: Renovate Bot <renovate@t00n.de>	2026-05-31 18:18:21 +02:00
renovate-bot	eaa8f2eb98	chore(deps): update docker/build-push-action action to v7.2.0 (#15 ) This PR contains the following updates: \| Package \| Type \| Update \| Change \| \|---\|---\|---\|---\| \| [docker/build-push-action](https://github.com/docker/build-push-action) \| action \| minor \| `v7.1.0` → `v7.2.0` \| --- ### Release Notes <details> <summary>docker/build-push-action (docker/build-push-action)</summary> ### [`v7.2.0`](https://github.com/docker/build-push-action/releases/tag/v7.2.0) [Compare Source](https://github.com/docker/build-push-action/compare/v7.1.0...v7.2.0) - Bump [@actions/core](https://github.com/actions/core) from 3.0.0 to 3.0.1 in [#1525](https://github.com/docker/build-push-action/pull/1525) - Bump [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.87.0 to 0.90.0 in [#1517](https://github.com/docker/build-push-action/pull/1517) - Bump brace-expansion from 2.0.2 to 5.0.6 in [#1534](https://github.com/docker/build-push-action/pull/1534) - Bump fast-xml-builder from 1.1.4 to 1.2.0 in [#1529](https://github.com/docker/build-push-action/pull/1529) - Bump fast-xml-parser from 5.5.7 to 5.8.0 in [#1521](https://github.com/docker/build-push-action/pull/1521) - Bump postcss from 8.5.6 to 8.5.10 in [#1526](https://github.com/docker/build-push-action/pull/1526) - Bump tar from 6.2.1 to 7.5.15 in [#1533](https://github.com/docker/build-push-action/pull/1533) Full Changelog: <https://github.com/docker/build-push-action/compare/v7.1.0...v7.2.0> </details> --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41LjQiLCJ1cGRhdGVkSW5WZXIiOiI0My41LjQiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImFjdGlvbiIsImRlcHMiXX0=--> Reviewed-on: #15 Reviewed-by: t.behrendt <2+t.behrendt@noreply.localhost> Co-authored-by: Renovate Bot <renovate@t00n.de> Co-committed-by: Renovate Bot <renovate@t00n.de>	2026-05-31 18:18:04 +02:00