From d03c9283b1c1bc077c4c452c1901ba46e6da6a2e Mon Sep 17 00:00:00 2001
From: Timo Behrendt <t.behrendt@t00n.de>
Date: Wed, 29 Apr 2026 17:17:11 +0200
Subject: [PATCH] remove custom branch and secrets, also rename some things

---
 .gitea/workflows/cd.yaml | 79 ++--------------------------------------
 1 file changed, 3 insertions(+), 76 deletions(-)

diff --git a/.gitea/workflows/cd.yaml b/.gitea/workflows/cd.yaml
index 40c3ba2..0533e21 100644
--- a/.gitea/workflows/cd.yaml
+++ b/.gitea/workflows/cd.yaml
@@ -3,36 +3,21 @@ name: Deploy
 on:
   workflow_call:
     inputs:
-      # Optional: Override the default k8s directory path
       k8s_dir:
-        description: "Path to Kubernetes manifests directory"
+        description: "Override the default k8s directory path (k8s/)"
         required: false
         default: "k8s/"
         type: string
-      # Optional: Override the default helmfile path
       helmfile_path:
-        description: "Path to helmfile.yaml"
+        description: "Override the default helmfile path (hemfile.yaml)"
         required: false
         default: "helmfile.yaml"
         type: string
-      # Optional: Skip Helm deployment even if helmfile exists
       skip_helm_deployment:
         description: "Skip Helm deployment even if helmfile.yaml exists"
         required: false
         default: false
         type: boolean
-      # Optional: Custom secrets to create (JSON array of secret objects)
-      custom_secrets:
-        description: "JSON array of secrets to create. Each secret should have: name, type, data"
-        required: false
-        default: "[]"
-        type: string
-      # Optional: Branch to deploy from
-      deploy_branch:
-        description: "Branch to deploy from"
-        required: false
-        default: "main"
-        type: string
 
 jobs:
   detect-service-type:
@@ -69,8 +54,6 @@ jobs:
     if: needs.detect-service-type.outputs.has_k8s == 'true'
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          ref: ${{ inputs.deploy_branch }}
       - uses: ./.gitea/actions/extract-namespace-from-repo-name
         id: namespace
         with:
@@ -80,29 +63,6 @@ jobs:
         with:
           method: kubeconfig
           kubeconfig: ${{ secrets.KUBECONFIG }}
-      - name: Create custom secrets
-        id: create-secrets
-        run: |
-          # Parse custom secrets from input
-          SECRETS='${{ inputs.custom_secrets }}'
-          if [ "$SECRETS" != "[]" ]; then
-            echo "Creating custom secrets..."
-            echo "$SECRETS" | jq -c '.[]' | while read -r secret; do
-              SECRET_NAME=$(echo "$secret" | jq -r '.name')
-              SECRET_TYPE=$(echo "$secret" | jq -r '.type // "generic"')
-              SECRET_DATA=$(echo "$secret" | jq -r '.data')
-              
-              echo "Creating secret: $SECRET_NAME (type: $SECRET_TYPE)"
-              
-              # Create the secret using kubectl
-              echo "$SECRET_DATA" | kubectl create secret $SECRET_TYPE $SECRET_NAME \
-                --from-literal=secret.json="$SECRET_DATA" \
-                --namespace=${{ steps.namespace.outputs.namespace }} \
-                --dry-run=client -o yaml | kubectl apply -f -
-            done
-          else
-            echo "No custom secrets to create"
-          fi
       - name: Deploy Kubernetes manifests
         uses: azure/k8s-deploy@c7ebd0d5f39477a23f1b5dea0f52e6db04adf28e # v6.0.0
         with:
@@ -120,8 +80,6 @@ jobs:
       inputs.skip_helm_deployment != 'true'
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          ref: ${{ inputs.deploy_branch }}
       - uses: ./.gitea/actions/extract-namespace-from-repo-name
         id: namespace
         with:
@@ -132,29 +90,6 @@ jobs:
         with:
           method: kubeconfig
           kubeconfig: ${{ secrets.KUBECONFIG }}
-      - name: Create custom secrets
-        id: create-secrets
-        run: |
-          # Parse custom secrets from input
-          SECRETS='${{ inputs.custom_secrets }}'
-          if [ "$SECRETS" != "[]" ]; then
-            echo "Creating custom secrets..."
-            echo "$SECRETS" | jq -c '.[]' | while read -r secret; do
-              SECRET_NAME=$(echo "$secret" | jq -r '.name')
-              SECRET_TYPE=$(echo "$secret" | jq -r '.type // "generic"')
-              SECRET_DATA=$(echo "$secret" | jq -r '.data')
-              
-              echo "Creating secret: $SECRET_NAME (type: $SECRET_TYPE)"
-              
-              # Create the secret using kubectl
-              echo "$SECRET_DATA" | kubectl create secret $SECRET_TYPE $SECRET_NAME \
-                --from-literal=secret.json="$SECRET_DATA" \
-                --namespace=${{ steps.namespace.outputs.namespace }} \
-                --dry-run=client -o yaml | kubectl apply -f -
-            done
-          else
-            echo "No custom secrets to create"
-          fi
       - name: Deploy Helm
         uses: helmfile/helmfile-action@02671705b1dda1dc4b0a4ddd4f9f1ea8f4568c6f # v2.4.3
         with:
@@ -163,7 +98,7 @@ jobs:
   # Summary job that always runs to show what was deployed
   deployment-summary:
     runs-on: ubuntu-latest
-    needs: [ detect-service-type, deploy-k8s, deploy-helm ]
+    needs: [detect-service-type, deploy-k8s, deploy-helm]
     if: always()
     steps:
       - name: Deployment Summary
@@ -187,11 +122,3 @@ jobs:
 
           echo "" >> $GITHUB_STEP_SUMMARY
           echo "**Service Type**: ${{ needs.detect-service-type.outputs.has_helmfile == 'true' && 'Helm + Kubernetes' || 'Kubernetes Only' }}" >> $GITHUB_STEP_SUMMARY
-
-          # Show custom secrets info
-          SECRETS='${{ inputs.custom_secrets }}'
-          if [ "$SECRETS" != "[]" ]; then
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "**Custom Secrets Created**: $(echo "$SECRETS" | jq length)" >> $GITHUB_STEP_SUMMARY
-            echo "$SECRETS" | jq -r '.[] | "- " + .name + " (" + (.type // "generic") + ")"' >> $GITHUB_STEP_SUMMARY
-          fi