Initial commit

.gitea/workflows/deploy.yaml

@@ -0,0 +1,67 @@
+name: Deploy
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  check-changes:
+    runs-on: ubuntu-latest
+    outputs:
+      changes: ${{ steps.filter.outputs.k8s }}
+      helm: ${{ steps.filter.outputs.helm }}
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+      - uses: dorny/paths-filter@v3
+        id: filter
+        with:
+          filters: |
+            k8s:
+              - 'k8s/**'
+            helm:
+              - 'values/**'
+              - 'helmfile.yaml'
+
+  deploy:
+    runs-on: ubuntu-latest
+    needs: check-changes
+    if: ${{ needs.check-changes.outputs.changes == 'true' || needs.check-changes.outputs.helm == 'true' }}
+    steps:
+      - uses: actions/checkout@v5
+      - uses: https://gitea.t000-n.de/t.behrendt/k_deploy_workflows/.gitea/actions/extract-namespace-from-repo-name@v0
+        id: namespace
+        with:
+          repo: ${{ github.repository }}
+      - uses: azure/setup-kubectl@v4
+      - uses: azure/setup-helm@v4
+      - uses: azure/k8s-set-context@v4
+        with:
+          method: kubeconfig
+          kubeconfig: ${{ secrets.KUBECONFIG }}
+      - name: Set restic backup secret
+        uses: azure/k8s-create-secret@v5
+        with:
+          namespace: ${{ steps.namespace.outputs.namespace }}
+          secret-name: backupsidecar-secret
+          secret-type: generic
+          data: |
+            {
+              "restic_password": "${{ secrets.RESTIC_PASSWORD }}",
+              "restic_rest_username": "${{ secrets.RESTIC_REST_USERNAME }}",
+              "restic_rest_password": "${{ secrets.RESTIC_REST_PASSWORD }}",
+              "gotify_token": "${{ secrets.GOTIFY_TOKEN }}"
+            }
+      - name: Deploy
+        uses: azure/k8s-deploy@v5.0.4
+        with:
+          action: deploy
+          manifests: "k8s/"
+          strategy: basic
+          namespace: ${{ steps.namespace.outputs.namespace }}
+      - name: Deploy helm
+        uses: helmfile/helmfile-action@v2
+        with:
+          helmfile-args: apply

.gitea/workflows/validate.yaml

@@ -0,0 +1,32 @@
+name: Validate
+
+on:
+  push:
+    branches-ignore:
+      - main
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+      - uses: https://gitea.t000-n.de/t.behrendt/k_deploy_workflows/.gitea/actions/extract-namespace-from-repo-name@v0
+        id: namespace
+        with:
+          repo: ${{ github.repository }}
+      - uses: azure/setup-kubectl@v4
+      - uses: azure/setup-helm@v4
+      - uses: azure/k8s-set-context@v4
+        with:
+          method: kubeconfig
+          kubeconfig: ${{ secrets.KUBECONFIG }}
+      - name: Validate
+        uses: azure/k8s-lint@v3
+        with:
+          namespace: ${{ steps.namespace.outputs.namespace }}
+          lintType: dryrun
+          manifests: "k8s/"
+      - name: Validate Helm
+        uses: helmfile/helmfile-action@v2.0.5
+        with:
+          helmfile-args: diff

README.md

@@ -0,0 +1,17 @@
+Template DoDos:
+
+- Add KUBECONFIG secret to your repo
+- Place your k8s files in ./k8s/
+- Replace \<service\> with the name of the service
+- Replace \<url\> with the URL of the service
+- Replace \<auth\> with the authentication method used
+- Replace \<namespace\> with the namespace where the service is deployed in .github/workflows/deploy.yaml
+- Provide a screenshot of the service in action in ./screenshot.png
+
+# Kubernetes Deployment for \<service\>
+
+Deployed to: \<url\>
+
+Authentication: \<auth\>
+
+![Screenshot](screenshot.png)

k8s/10_namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: <namespace>

renovate.json

@@ -0,0 +1,6 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "kubernetes": {
+    "fileMatch": ["^k8s/3.*\\.yaml$"]
+  }
+}