add renovate
This commit is contained in:
@@ -26,6 +26,10 @@ dependencies:
|
||||
- name: gitea
|
||||
version: 11.0.0
|
||||
repository: https://dl.gitea.io/charts/
|
||||
- name: app-template
|
||||
alias: renovate
|
||||
repository: https://bjw-s.github.io/helm-charts/
|
||||
version: 3.7.2
|
||||
- name: app-template
|
||||
alias: backup
|
||||
repository: https://bjw-s.github.io/helm-charts/
|
||||
@@ -36,6 +40,10 @@ dependencies:
|
||||
- name: valkey
|
||||
version: 2.4.6
|
||||
repository: https://charts.bitnami.com/bitnami
|
||||
- name: valkey
|
||||
alias: valkey-renovate
|
||||
version: 2.4.6
|
||||
repository: https://charts.bitnami.com/bitnami
|
||||
- name: cloudflared
|
||||
alias: cloudflared
|
||||
repository: http://alexlebens.github.io/helm-charts
|
||||
|
||||
@@ -61,6 +61,91 @@ spec:
|
||||
metadataPolicy: None
|
||||
property: client
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: gitea-renovate-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea-renovate-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
app.kubernetes.io/component: renovate
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: RENOVATE_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/gitea/renovate
|
||||
metadataPolicy: None
|
||||
property: RENOVATE_ENDPOINT
|
||||
- secretKey: RENOVATE_GIT_AUTHOR
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/gitea/renovate
|
||||
metadataPolicy: None
|
||||
property: RENOVATE_GIT_AUTHOR
|
||||
- secretKey: RENOVATE_TOKEN
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/gitea/renovate
|
||||
metadataPolicy: None
|
||||
property: RENOVATE_TOKEN
|
||||
- secretKey: RENOVATE_GIT_PRIVATE_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/gitea/renovate
|
||||
metadataPolicy: None
|
||||
property: id_rsa
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: gitea-renovate-ssh-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea-renovate-ssh-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
app.kubernetes.io/component: renovate
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: config
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/gitea/renovate
|
||||
metadataPolicy: None
|
||||
property: ssh_config
|
||||
- secretKey: id_rsa
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/gitea/renovate
|
||||
metadataPolicy: None
|
||||
property: id_rsa
|
||||
- secretKey: id_rsa.pub
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/gitea/renovate
|
||||
metadataPolicy: None
|
||||
property: id_rsa.pub
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
|
||||
@@ -132,6 +132,88 @@ gitea:
|
||||
enabled: false
|
||||
mariadb:
|
||||
enabled: false
|
||||
renovate:
|
||||
global:
|
||||
fullnameOverride: gitea-renovate
|
||||
controllers:
|
||||
main:
|
||||
type: cronjob
|
||||
cronjob:
|
||||
suspend: false
|
||||
concurrencyPolicy: Forbid
|
||||
timeZone: US/Central
|
||||
schedule: 0 * * * *
|
||||
startingDeadlineSeconds: 90
|
||||
successfulJobsHistory: 3
|
||||
failedJobsHistory: 3
|
||||
backoffLimit: 3
|
||||
parallelism: 1
|
||||
containers:
|
||||
main:
|
||||
image:
|
||||
repository: renovate/renovate
|
||||
tag: 39.200.2
|
||||
pullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: RENOVATE_PLATFORM
|
||||
value: gitea
|
||||
- name: RENOVATE_AUTODISCOVER
|
||||
value: 'true'
|
||||
- name: RENOVATE_ONBOARDING
|
||||
value: 'true'
|
||||
- name: RENOVATE_BASE_DIR
|
||||
value: /tmp/renovate/
|
||||
- name: RENOVATE_CONFIG_FILE
|
||||
value: /opt/renovate/config.json
|
||||
- name: RENOVATE_REDIS_URL
|
||||
value: redis://gitea-renovate-valkey-primary.gitea:6379
|
||||
- name: LOG_LEVEL
|
||||
value: debug
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: gitea-renovate-secret
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 128Mi
|
||||
configMaps:
|
||||
renovate-config:
|
||||
enabled: true
|
||||
data:
|
||||
config.json: |
|
||||
{
|
||||
"repositories": ["orgname/repo","username/repo"],
|
||||
"dryRun" : "full"
|
||||
}
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
type: configMap
|
||||
name: gitea-renovate-config
|
||||
advancedMounts:
|
||||
main:
|
||||
main:
|
||||
- path: /opt/renovate/config.json
|
||||
readOnly: true
|
||||
mountPropagation: None
|
||||
subPath: config.json
|
||||
ssh:
|
||||
enabled: true
|
||||
type: secret
|
||||
name: gitea-renovate-ssh-secret
|
||||
advancedMounts:
|
||||
main:
|
||||
main:
|
||||
- path: /home/ubuntu/.ssh
|
||||
readOnly: true
|
||||
mountPropagation: None
|
||||
cache:
|
||||
type: emptyDir
|
||||
advancedMounts:
|
||||
main:
|
||||
main:
|
||||
- path: /tmp/renovate/
|
||||
readOnly: false
|
||||
backup:
|
||||
global:
|
||||
fullnameOverride: gitea-backup
|
||||
@@ -271,6 +353,18 @@ valkey:
|
||||
persistence:
|
||||
enabled: true
|
||||
size: 5Gi
|
||||
valkey-renovate:
|
||||
nameOverride: renovate-valkey
|
||||
architecture: standalone
|
||||
auth:
|
||||
enabled: disable
|
||||
primary:
|
||||
persistence:
|
||||
enabled: true
|
||||
size: 1Gi
|
||||
replica:
|
||||
persistence:
|
||||
enabled: false
|
||||
cloudflared:
|
||||
existingSecretName: gitea-cloudflared-secret
|
||||
postgres-17-cluster:
|
||||
|
||||
Reference in New Issue
Block a user