From 9209f912548c5023f7ad4e6e6e0ce7c8fcd6eab2 Mon Sep 17 00:00:00 2001
From: SeanOMik <seanomik@gmail.com>
Date: Thu, 7 Sep 2023 11:57:40 -0400
Subject: [PATCH] feat: add woodpecker-ci

---
 cluster/apps/dev/kustomization.yaml           |  2 +-
 cluster/apps/dev/woodpecker/helm-release.yaml | 50 +++++++++++++++
 .../apps/dev/woodpecker/helm-repository.yaml  |  8 +++
 .../apps/dev/woodpecker/kustomization.yaml    |  5 ++
 cluster/apps/dev/woodpecker/secret.sops.yaml  | 62 +++++++++++++++++++
 cluster/apps/kustomization.yaml               |  2 +-
 6 files changed, 127 insertions(+), 2 deletions(-)
 create mode 100644 cluster/apps/dev/woodpecker/helm-release.yaml
 create mode 100644 cluster/apps/dev/woodpecker/helm-repository.yaml
 create mode 100644 cluster/apps/dev/woodpecker/kustomization.yaml
 create mode 100644 cluster/apps/dev/woodpecker/secret.sops.yaml

diff --git a/cluster/apps/dev/kustomization.yaml b/cluster/apps/dev/kustomization.yaml
index e504180..00905f6 100644
--- a/cluster/apps/dev/kustomization.yaml
+++ b/cluster/apps/dev/kustomization.yaml
@@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - ./namespace.yaml
-- ./code
+- ./woodpecker
diff --git a/cluster/apps/dev/woodpecker/helm-release.yaml b/cluster/apps/dev/woodpecker/helm-release.yaml
new file mode 100644
index 0000000..a62c279
--- /dev/null
+++ b/cluster/apps/dev/woodpecker/helm-release.yaml
@@ -0,0 +1,50 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: woodpecker
+  namespace: dev
+spec:
+  interval: 5m
+  chart:
+    spec:
+      chart: woodpecker
+      version: "0.3.2"
+      sourceRef:
+        kind: HelmRepository
+        name: woodpecker-charts
+        namespace: flux-system
+
+  values:
+    agent:
+      enabled: true
+      replicaCount: 4
+
+      extraSecretNamesForEnvFrom:
+      - woodpecker-secret
+
+    server:
+      enabled: true
+
+      env:
+        WOODPECKER_HOST: ci.${SECRET_NEW_DOMAIN}
+
+      extraSecretNamesForEnvFrom:
+      - woodpecker-secret
+
+      ingress:
+        enabled: true
+        
+        annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-production
+          traefik.ingress.kubernetes.io/router.entrypoints: websecure
+
+        hosts:
+          - host: *host
+            paths:
+              - path: /
+                pathType: Prefix
+        
+        tls:
+          - hosts:
+              - *host
+            secretName: wildcard-main-tls
\ No newline at end of file
diff --git a/cluster/apps/dev/woodpecker/helm-repository.yaml b/cluster/apps/dev/woodpecker/helm-repository.yaml
new file mode 100644
index 0000000..8bd18f0
--- /dev/null
+++ b/cluster/apps/dev/woodpecker/helm-repository.yaml
@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: woodpecker-charts
+  namespace: flux-system
+spec:
+  interval: 1m
+  url: https://woodpecker-ci.org/
\ No newline at end of file
diff --git a/cluster/apps/dev/woodpecker/kustomization.yaml b/cluster/apps/dev/woodpecker/kustomization.yaml
new file mode 100644
index 0000000..14a2c31
--- /dev/null
+++ b/cluster/apps/dev/woodpecker/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ./helm-repository.yaml
+- ./helm-release.yaml
\ No newline at end of file
diff --git a/cluster/apps/dev/woodpecker/secret.sops.yaml b/cluster/apps/dev/woodpecker/secret.sops.yaml
new file mode 100644
index 0000000..7dca586
--- /dev/null
+++ b/cluster/apps/dev/woodpecker/secret.sops.yaml
@@ -0,0 +1,62 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: woodpecker-secret
+    namespace: dev
+stringData:
+    WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:tnxRTQp9rMjtiw+DpfqyZUvVmV306vaTJ2jEQurAnLRVt1LukPB3gWl70kucN3C32l65pbo8wxQeE+iezvdoeg==,iv:Aip0Y7jk8spqA5nFSbFwN3Hbdiap93vVtfugw9/ZQqw=,tag:uLkWmBpcYJlXDJ59+dkeqg==,type:str]
+    WOODPECKER_GITEA: ENC[AES256_GCM,data:O01Vgw==,iv:k7llGIBwRJ5m5j4qtqMZCZ0k10KlPrb42gwy4vd0oRI=,tag:aMlGwwG3x/z/z8s4RI0sAA==,type:bool]
+    WOODPECKER_GITEA_URL: ENC[AES256_GCM,data:9JHGaPGoixrYVJaLkByNMQ==,iv:1vOF8wu/p1MfXm+CGfh6uASNkdhPt1tZiV8jJsntMWc=,tag:QUKoxA6c2ZZYEadd28EXXw==,type:str]
+    WOODPECKER_GITEA_CLIENT: ENC[AES256_GCM,data:rgcP9QatRacbcZRq6Nk3x8WZTqpERI8dhKNtKVDYf3eH/uY9,iv:ItFfQO3jbTT9LQYOj3le2mmZngjjw/p8Qvc3FA01+m8=,tag:HLboMzyoX0NJ3T4ltaQ3AA==,type:str]
+    WOODPECKER_GITEA_SECRET: ENC[AES256_GCM,data:2VZTCzsCF6QdNhoW2EZJjtlzXGP2Gtq/vgIjXj06vzzsocWsJEEfE0sHBP/j7qdNxhrevXxxoq8=,iv:2mbgxr5vrczqPwXa06vYMzHKHH8Tv4vW+0UcYD7xdcA=,tag:YTTxiYCq4cb59rQGOxCVAA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2023-09-07T15:57:14Z"
+    mac: ENC[AES256_GCM,data:JSx9qKXiE+gH0HcR6vU4Rr1gmmOM3Fh/7eepY3CaXZhv+ho5J4impdF9BI6wAMMy/M/Ne+wC/4u7vWgplXjReMkqhlfxDE3j5NimEpAFBLD5IeXwGEv4PrB8NJdZK3yOAgF0eBSvutyBVlFAG+i45RQEHuPwVfzbLggBqJsXS4g=,iv:Lxq4bpDk7YvKvA5/lTeMVt8xCfdhQ55obpRW0lkbNzc=,tag:ya0e1GqUDt8s0khdyQ8/Cw==,type:str]
+    pgp:
+        - created_at: "2023-09-07T15:57:13Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAzKleRwoSoixAQ/7B8+EoBCOzsdTjW5oFGvkD0e8gzu8MpcZwfDezvLFJriH
+            jJUcltHZ14c4+UMRHfTlrIUlPXKnBLFD+vfHGywcsySdhbH8zOHm4M3MQ50J6Wkl
+            4sc+Xc5xNFCzkrWHcB8nvxJNhXaEzKgMWmJKFqqjeiHcZcq7ECciiFJBsQR62EHZ
+            srAUgv1VpRpfhoIUk+xnGc2PiiUT8KeXKDa3is4NZGN4J67U0xAWUcWPn0nHx8wU
+            uHJOlXjzGxAhYlRVv0bMDXB913JWqs+ELyofEz6ELHKmqk4VW/oIFGBSpHiSrMJF
+            NaHYAjzIHXRVwwWYDH/U5VrACkoSOMbJl4I5sYAuJ9/huoPXZtgjQbVF3Y0Yyf+U
+            Xg9GfHkGqBq4Dsk5KYQbkwtUmgSKZq7UsBsJTXbRNCtMC1CFaUc8qwe6cmqesqaD
+            nn4flkzj2hRD905IpxOZZrAtYDEwJ6Vv9DqUyxGswktXhRpk67nE8yL7SQK+mFSX
+            SnOOehvmj9l86cX62B4JyAom0b4Mjm0zSlvXsJkLaGgd5Nndbqh7Uj7oiZO5DmtV
+            IfJ6f6deNBXEeGToAeRIkPkgiKiy4/NJlZ67jQVbDv+xQNDo577isVSECCXHx8DX
+            8KxNNLXBpCjoT2DZWG/B3Zj1BqbK0Mo1hencpIjfoEVl30DEgviB/tzEqiF5cGLS
+            XAHNlUvfxIjyjFqjqkTqXBA4k1FDaELvjVMDp+t256gf/n8LiKB9aPvzuU2nSpTm
+            tGMknsl1Kw+ADyOt0+L0FzSthu/TX90F73KQ0qDkrZYf7OpfN9tcjhsjQAqx
+            =2Buf
+            -----END PGP MESSAGE-----
+          fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5
+        - created_at: "2023-09-07T15:57:13Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAy5t8IMoPu4VARAAiLZcAYfQJZPsKIEMpz2rr455lHA89aOLjYNdzE7lPaT+
+            dZKVNsRrayOVye4F97VRkxK2k4jI+2v1pcNl1jDVIFDIqDgv8q9hP+14eFKM/PbG
+            0zMfu41SouETt2WrvHthVQH5kwFYsRfSoVIuy6JV/h7ogilQrJt8wISYM0hIa0rQ
+            IUz+zm2VRsO9dvWwoHfo5Kw9Cxi0HnwtAJKBjR3XmJgY0LSgSpJAskzNaucd2vy7
+            btW7tp70Thd0VlZulJ8gtWrUZ2/lQiyxCh/436ecD5rHFPGJr6HMj/czrqh+txBq
+            ZXa6l3Rl+d7Ky4k1LsjbMVMbWXbh+KJG1vOLTt+Img0RmSw4i5z5PRno9W6EC5pJ
+            jjJlTn8NiRO9+JBuVAZANyAfPeUYNX9y/SumL2ETh1zNDiyieW5H0RPsSWRR0bAH
+            HfLgiFPAyZYeEZy2pWwe5roCR0yBuzBBZJX98igpFuLUkIuA5JkFnvZaqLwr3fHL
+            4HHiQTEN0R32GybU9EjDrREZAf32N6B5pqkKttwTewliJFr2mdxXMwzVxa5Nbi/c
+            PC9xNCh974YHoh3/9bc3vJ4cq0JD/Kdzz5fNNrMz05iu+2wAzjJq/rQYMMZSgC0S
+            s12+X9OunkMWs9zUn+4aez/f5nRnLrg43NFvyrpdJFB45j56VEej4A4xtR9L/SDS
+            XAGsgfcczt5br0l2LCltT7ZxTbfUaVZWhLIua4Bl2vUsBLdQ4RkA1gdfYDXMMwVG
+            Pzy4kgEBB5pXNF56P/MD0oQCRApM8dUOz2dVRVtNF1GM7LPdViyi84XLuaeB
+            =RFn3
+            -----END PGP MESSAGE-----
+          fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
+    encrypted_regex: ^(data|stringData)$
+    version: 3.7.3
diff --git a/cluster/apps/kustomization.yaml b/cluster/apps/kustomization.yaml
index 55c2eb5..ae2787b 100644
--- a/cluster/apps/kustomization.yaml
+++ b/cluster/apps/kustomization.yaml
@@ -11,5 +11,5 @@ resources:
 - ./monitoring
 - ./default
 #- ./game-servers
-#- ./dev
+- ./dev
 #- ./harbor