From 1607baba906145e71025330048e5d1835267d5dc Mon Sep 17 00:00:00 2001 From: Celes Renata Date: Sat, 18 Apr 2026 21:14:51 +0000 Subject: [PATCH] ci: persist live fixes to pipeline scripts - grpc addr, storage, remove netpol, webhook config --- pipelines/runmefirst.sh | 132 +++++++++++++++++++++++ pipelines/runmelast.sh | 77 +++++++++++++ pipelines/woodpecker/network-policy.yaml | 20 ---- pipelines/woodpecker/values.yaml | 5 +- 4 files changed, 212 insertions(+), 22 deletions(-) create mode 100755 pipelines/runmefirst.sh create mode 100755 pipelines/runmelast.sh delete mode 100644 pipelines/woodpecker/network-policy.yaml diff --git a/pipelines/runmefirst.sh b/pipelines/runmefirst.sh new file mode 100755 index 0000000..0f7ab40 --- /dev/null +++ b/pipelines/runmefirst.sh @@ -0,0 +1,132 @@ +#!/bin/bash +set -euo pipefail + +# runmefirst.sh — Full CI/CD pipeline infrastructure install +# Installs: Gitea config → Woodpecker CI → ArgoCD → Kargo +# Tears down ARC first (if present) +# Persists state on NFS volumes at nfs://192.168.42.8:/volume1/Kubernetes/pipelines + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +cd "$SCRIPT_DIR" + +# ------------------------------------------------------- +# 0. Tear down ARC infrastructure (if present) +# ------------------------------------------------------- +echo "--- Step 0: Tearing down ARC infrastructure ---" +helm uninstall arc-runner-set --namespace arc-system || true +helm uninstall arc --namespace arc-system || true +kubectl delete clusterrolebinding arc-runner-rbac --ignore-not-found +kubectl delete pv pipeline-arc-pv --ignore-not-found +kubectl delete namespace arc-system --ignore-not-found --wait=false +echo " ✓ ARC teardown complete" +echo "" + +# ------------------------------------------------------- +# 1. Create namespaces +# ------------------------------------------------------- +echo "--- Step 1: Creating namespaces ---" +for ns in woodpecker argocd kargo stonks-beta stonks-paper; do + kubectl create namespace "$ns" --dry-run=client -o yaml | kubectl apply -f - + echo " ✓ namespace/$ns" +done +echo "" + +# ------------------------------------------------------- +# 2. Apply NFS PersistentVolumes +# ------------------------------------------------------- +echo "--- Step 2: Applying NFS PersistentVolumes ---" +kubectl apply -f pvs/argocd-pv.yaml +kubectl apply -f pvs/kargo-pv.yaml +kubectl apply -f pvs/woodpecker-pv.yaml +echo " ✓ PVs applied" +echo "" + +# ------------------------------------------------------- +# 3. Configure Gitea (admin user, OAuth2 app, repo) +# ------------------------------------------------------- +echo "--- Step 3: Configuring Gitea ---" +bash gitea/setup.sh +# Source the OAuth2 credentials for Woodpecker install +source gitea/gitea-oauth2.env +echo " ✓ Gitea configured (OAuth2 client_id: ${GITEA_CLIENT_ID})" + +# Ensure Gitea allows webhook delivery to local/cluster addresses +GITEA_POD=$(kubectl get pods -n git-server -l app=gitea -o jsonpath='{.items[0].metadata.name}') +if ! kubectl exec -n git-server "$GITEA_POD" -- grep -q '\[webhook\]' /data/gitea/conf/app.ini 2>/dev/null; then + kubectl exec -n git-server "$GITEA_POD" -- sh -c 'printf "\n[webhook]\nALLOWED_HOST_LIST = *\nSKIP_TLS_VERIFY = true\n" >> /data/gitea/conf/app.ini' + kubectl rollout restart deployment/gitea -n git-server + kubectl rollout status deployment/gitea -n git-server --timeout=60s + echo " ✓ Gitea webhook config added (ALLOWED_HOST_LIST=*)" +else + echo " ✓ Gitea webhook config already present" +fi +echo "" + +# ------------------------------------------------------- +# 4. Install Woodpecker CI via Helm +# ------------------------------------------------------- +echo "--- Step 4: Installing Woodpecker CI ---" +helm upgrade --install woodpecker oci://ghcr.io/woodpecker-ci/helm/woodpecker \ + --namespace woodpecker \ + --values woodpecker/values.yaml \ + --set server.env.WOODPECKER_GITEA_CLIENT="${GITEA_CLIENT_ID}" \ + --set server.env.WOODPECKER_GITEA_SECRET="${GITEA_CLIENT_SECRET}" \ + --wait --timeout 5m +echo " ✓ Woodpecker CI installed" +echo "" + +# ------------------------------------------------------- +# 5. Apply Woodpecker agent RBAC +# ------------------------------------------------------- +echo "--- Step 5: Applying Woodpecker agent RBAC ---" +kubectl apply -f woodpecker/agent-rbac.yaml +echo " ✓ Agent RBAC applied" +echo "" + +# ------------------------------------------------------- +# 6. Install ArgoCD via Helm +# ------------------------------------------------------- +echo "--- Step 6: Installing ArgoCD ---" +helm repo add argo https://argoproj.github.io/argo-helm || true +helm repo update +helm upgrade --install argocd argo/argo-cd \ + --namespace argocd \ + --values argocd/values.yaml \ + --wait --timeout 5m +echo " ✓ ArgoCD installed" + +# Apply repo secret and Applications +kubectl apply -f argocd/repo-secret.yaml +kubectl apply -f argocd/apps/stonks-beta.yaml +kubectl apply -f argocd/apps/stonks-paper.yaml +kubectl apply -f argocd/apps/stonks-live.yaml +echo " ✓ ArgoCD repo secret and Applications applied" +echo "" + +# ------------------------------------------------------- +# 7. Install Kargo via Helm +# ------------------------------------------------------- +echo "--- Step 7: Installing Kargo ---" +helm upgrade --install kargo oci://ghcr.io/akuity/kargo-charts/kargo \ + --namespace kargo \ + --values kargo/values.yaml \ + --wait --timeout 5m +echo " ✓ Kargo installed" + +# Apply Kargo resources +kubectl apply -f kargo/project.yaml +kubectl apply -f kargo/project-config.yaml +kubectl apply -f kargo/warehouse.yaml +kubectl apply -f kargo/market-hours-check.yaml +kubectl apply -f kargo/stages/beta.yaml +kubectl apply -f kargo/stages/paper.yaml +kubectl apply -f kargo/stages/live.yaml +echo " ✓ Kargo project, warehouse, and stages applied" +echo "" + +echo "=== Pipeline Infrastructure Install Complete ===" +echo "" +echo "Endpoints:" +echo " Woodpecker CI: https://stonks-ci.celestium.life" +echo " ArgoCD: https://stonks-argocd.celestium.life" +echo " Kargo: https://stonks-kargo.celestium.life" diff --git a/pipelines/runmelast.sh b/pipelines/runmelast.sh new file mode 100755 index 0000000..eda929b --- /dev/null +++ b/pipelines/runmelast.sh @@ -0,0 +1,77 @@ +#!/bin/bash +set -euo pipefail + +# runmelast.sh — Pipeline infrastructure teardown +# Removes: Kargo → ArgoCD → Woodpecker (reverse install order) +# Preserves: NFS PVs, NFS data, git-server namespace (Gitea + registry), +# stonks-oracle namespace, stonks-beta, stonks-paper + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +cd "$SCRIPT_DIR" + +echo "=== Pipeline Infrastructure Teardown ===" +echo "" +echo "This will remove Kargo, ArgoCD, and Woodpecker CI." +echo "Preserved: NFS PVs, NFS data, git-server (Gitea + registry), application namespaces." +echo "" + +# ------------------------------------------------------- +# 1. Remove Kargo resources + Helm release +# ------------------------------------------------------- +echo "--- Step 1: Removing Kargo ---" +kubectl delete -f kargo/stages/live.yaml --ignore-not-found || true +kubectl delete -f kargo/stages/paper.yaml --ignore-not-found || true +kubectl delete -f kargo/stages/beta.yaml --ignore-not-found || true +kubectl delete -f kargo/market-hours-check.yaml --ignore-not-found || true +kubectl delete -f kargo/warehouse.yaml --ignore-not-found || true +kubectl delete -f kargo/project-config.yaml --ignore-not-found || true +kubectl delete -f kargo/project.yaml --ignore-not-found || true +helm uninstall kargo --namespace kargo || true +echo " ✓ Kargo removed" +echo "" + +# ------------------------------------------------------- +# 2. Remove ArgoCD resources + Helm release +# ------------------------------------------------------- +echo "--- Step 2: Removing ArgoCD ---" +kubectl delete -f argocd/apps/stonks-live.yaml --ignore-not-found || true +kubectl delete -f argocd/apps/stonks-paper.yaml --ignore-not-found || true +kubectl delete -f argocd/apps/stonks-beta.yaml --ignore-not-found || true +kubectl delete -f argocd/repo-secret.yaml --ignore-not-found || true +helm uninstall argocd --namespace argocd || true +echo " ✓ ArgoCD removed" +echo "" + +# ------------------------------------------------------- +# 3. Remove Woodpecker CI +# ------------------------------------------------------- +echo "--- Step 3: Removing Woodpecker CI ---" +kubectl delete -f woodpecker/agent-rbac.yaml --ignore-not-found || true +helm uninstall woodpecker --namespace woodpecker || true +echo " ✓ Woodpecker CI removed" +echo "" + +# ------------------------------------------------------- +# 4. Delete namespaces (pipeline infra only) +# ------------------------------------------------------- +echo "--- Step 4: Deleting pipeline namespaces ---" +for ns in woodpecker argocd kargo; do + kubectl delete namespace "$ns" --ignore-not-found || true + echo " ✓ namespace/$ns deleted" +done +echo "" + +# NOTE: The following are intentionally NOT deleted: +# - NFS PersistentVolumes (pipeline-argocd-pv, pipeline-kargo-pv, pipeline-woodpecker-pv) +# - NFS data at nfs://192.168.42.8:/volume1/Kubernetes/pipelines/ +# - git-server namespace (Gitea + local registry) +# - stonks-oracle namespace (production workloads) +# - stonks-beta namespace (beta workloads) +# - stonks-paper namespace (paper trading workloads) + +echo "=== Pipeline Infrastructure Teardown Complete ===" +echo "" +echo "Preserved:" +echo " - NFS PVs and data (survives cluster rebuild)" +echo " - git-server namespace (Gitea + registry)" +echo " - Application namespaces (stonks-oracle, stonks-beta, stonks-paper)" diff --git a/pipelines/woodpecker/network-policy.yaml b/pipelines/woodpecker/network-policy.yaml deleted file mode 100644 index c2e5707..0000000 --- a/pipelines/woodpecker/network-policy.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# NetworkPolicy: Allow Traefik ingress to Woodpecker server -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: allow-traefik-to-woodpecker - namespace: woodpecker -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: server - policyTypes: - - Ingress - ingress: - - from: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: kube-system - ports: - - protocol: TCP - port: 8000 diff --git a/pipelines/woodpecker/values.yaml b/pipelines/woodpecker/values.yaml index a611e51..3b178e8 100644 --- a/pipelines/woodpecker/values.yaml +++ b/pipelines/woodpecker/values.yaml @@ -9,6 +9,7 @@ server: env: WOODPECKER_HOST: "https://stonks-ci.celestium.life" WOODPECKER_SERVER_ADDR: "0.0.0.0:8000" + WOODPECKER_GRPC_ADDR: "0.0.0.0:9000" WOODPECKER_GITEA: "true" WOODPECKER_GITEA_URL: "http://gitea-service.git-server.svc.cluster.local:3000" WOODPECKER_GITEA_CLIENT: "" @@ -49,5 +50,5 @@ agent: WOODPECKER_SERVER: "woodpecker-server:9000" WOODPECKER_BACKEND: kubernetes WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker - WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 10G - WOODPECKER_BACKEND_K8S_STORAGE_RWX: "true" + WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 5Gi + WOODPECKER_BACKEND_K8S_STORAGE_RWX: "false"