Initial commit

2026-04-06 15:09:16 +02:00
commit a9935624e7
5 changed files with 137 additions and 0 deletions
--- a/.gitea/workflows/deploy.yaml
+++ b/.gitea/workflows/deploy.yaml
@@ -0,0 +1,69 @@
+name: Deploy
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  check-changes:
+    runs-on: ubuntu-latest
+    outputs:
+      changes: ${{ steps.filter.outputs.k8s }}
+      helm: ${{ steps.filter.outputs.helm }}
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          fetch-depth: 0
+      - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1
+        id: filter
+        with:
+          filters: |
+            k8s:
+              - 'k8s/**'
+            helm:
+              - 'values/**'
+              - 'helmfile.yaml'
+
+  deploy:
+    runs-on: ubuntu-latest
+    needs: check-changes
+    if: ${{ needs.check-changes.outputs.changes == 'true' || needs.check-changes.outputs.helm == 'true' }}
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: https://gitea.t000-n.de/t.behrendt/k_deploy_workflows/.gitea/actions/extract-namespace-from-repo-name@c373c34c836716e663e2d6379e686997bfd7746c # 0.0.6
+        id: namespace
+        with:
+          repo: ${{ github.repository }}
+      - uses: azure/setup-kubectl@15650b3ad78fff148532a140b8a4c821796b2d7b # v5.0.0
+      - uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5
+        with:
+          version: "3.15.0"
+      - uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4.0.2
+        with:
+          method: kubeconfig
+          kubeconfig: ${{ secrets.KUBECONFIG }}
+      - name: Set restic backup secret
+        uses: azure/k8s-create-secret@6e0ba8047235646753f2a3a3b359b4d0006ff218 # v5.0.1
+        with:
+          namespace: ${{ steps.namespace.outputs.namespace }}
+          secret-name: backupsidecar-secret
+          secret-type: generic
+          data: |
+            {
+              "restic_password": "${{ secrets.RESTIC_PASSWORD }}",
+              "restic_rest_username": "${{ secrets.RESTIC_REST_USERNAME }}",
+              "restic_rest_password": "${{ secrets.RESTIC_REST_PASSWORD }}",
+              "gotify_token": "${{ secrets.GOTIFY_TOKEN }}"
+            }
+      - name: Deploy
+        uses: azure/k8s-deploy@c8cfec839dc09896b3b8cc40cd13d04792680771 # v5.1.0
+        with:
+          action: deploy
+          manifests: "k8s/"
+          strategy: basic
+          namespace: ${{ steps.namespace.outputs.namespace }}
+      - name: Deploy helm
+        uses: helmfile/helmfile-action@d9fefe29b0d07e9ab187ecfe1d63eff91e0a070c # v2.4.1
+        with:
+          helmfile-args: apply
--- a/.gitea/workflows/validate.yaml
+++ b/.gitea/workflows/validate.yaml
@@ -0,0 +1,34 @@
+name: Validate
+
+on:
+  push:
+    branches-ignore:
+      - main
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: https://gitea.t000-n.de/t.behrendt/k_deploy_workflows/.gitea/actions/extract-namespace-from-repo-name@c373c34c836716e663e2d6379e686997bfd7746c # 0.0.6
+        id: namespace
+        with:
+          repo: ${{ github.repository }}
+      - uses: azure/setup-kubectl@15650b3ad78fff148532a140b8a4c821796b2d7b # v5.0.0
+      - uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5
+        with:
+          version: "3.15.0"
+      - uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4.0.2
+        with:
+          method: kubeconfig
+          kubeconfig: ${{ secrets.KUBECONFIG }}
+      - name: Validate
+        uses: azure/k8s-lint@6aefe5066f95e73d2b140d8835cc95583b886989 # v3.0.1
+        with:
+          namespace: ${{ steps.namespace.outputs.namespace }}
+          lintType: dryrun
+          manifests: "k8s/"
+      - name: Validate Helm
+        uses: helmfile/helmfile-action@d9fefe29b0d07e9ab187ecfe1d63eff91e0a070c # v2.4.1
+        with:
+          helmfile-args: diff
--- a/README.md
+++ b/README.md
@@ -0,0 +1,17 @@
+Template DoDos:
+
+- Add KUBECONFIG secret to your repo
+- Place your k8s files in ./k8s/
+- Replace \<service\> with the name of the service
+- Replace \<url\> with the URL of the service
+- Replace \<auth\> with the authentication method used
+- Replace \<namespace\> with the namespace where the service is deployed in .github/workflows/deploy.yaml
+- Provide a screenshot of the service in action in ./screenshot.png
+
+# Kubernetes Deployment for \<service\>
+
+Deployed to: \<url\>
+
+Authentication: \<auth\>
+
+![Screenshot](screenshot.png)
--- a/k8s/10_namespace.yaml
+++ b/k8s/10_namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: <namespace>
--- a/renovate.json
+++ b/renovate.json
@@ -0,0 +1,13 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "local>t.behrendt/renovate-configs:common",
+    "local>t.behrendt/renovate-configs:k8s",
+    "local>t.behrendt/renovate-configs:action"
+  ],
+  "kubernetes": {
+    "managerFilePatterns": [
+      "/^k8s/.*\\.yaml$/"
+    ]
+  }
+}