ci: fix runmelast hanging, add proxy CA injection, clean SA/CRD leftovers on redeploy

pipelines/runmefirst.sh

@@ -9,18 +9,6 @@ set -euo pipefail
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 cd "$SCRIPT_DIR"
 
-# -------------------------------------------------------
-# 0. Tear down ARC infrastructure (if present)
-# -------------------------------------------------------
-echo "--- Step 0: Tearing down ARC infrastructure ---"
-helm uninstall arc-runner-set --namespace arc-system || true
-helm uninstall arc --namespace arc-system || true
-kubectl delete clusterrolebinding arc-runner-rbac --ignore-not-found
-kubectl delete pv pipeline-arc-pv --ignore-not-found
-kubectl delete namespace arc-system --ignore-not-found --wait=false
-echo "  ✓ ARC teardown complete"
-echo ""
-
 # -------------------------------------------------------
 # 1. Create namespaces
 # -------------------------------------------------------
@@ -31,6 +19,21 @@ for ns in woodpecker argocd kargo stonks-beta stonks-paper; do
 done
 echo ""
 
+# -------------------------------------------------------
+# 1b. Ensure proxy-ca-cert ConfigMap exists in pipeline namespaces
+# -------------------------------------------------------
+echo "--- Step 1b: Ensuring proxy CA cert ConfigMap ---"
+CA_CERT_PATH="/home/celes/nixos-goblin-1-2-3/home.crt"
+for ns in woodpecker argocd kargo; do
+  if ! kubectl get configmap proxy-ca-cert -n "$ns" > /dev/null 2>&1; then
+    kubectl create configmap proxy-ca-cert --from-file=ca.crt="$CA_CERT_PATH" -n "$ns"
+    echo "  ✓ proxy-ca-cert created in $ns"
+  else
+    echo "  ✓ proxy-ca-cert already exists in $ns"
+  fi
+done
+echo ""
+
 # -------------------------------------------------------
 # 2. Apply NFS PersistentVolumes
 # -------------------------------------------------------
@@ -87,6 +90,12 @@ echo ""
 # 6. Install ArgoCD via Helm
 # -------------------------------------------------------
 echo "--- Step 6: Installing ArgoCD ---"
+# Clean up leftover ArgoCD CRDs from previous installs (they have resource-policy: keep)
+kubectl delete crd applications.argoproj.io applicationsets.argoproj.io appprojects.argoproj.io \
+  --ignore-not-found > /dev/null 2>&1 || true
+kubectl delete sa --all -n argocd --ignore-not-found > /dev/null 2>&1 || true
+kubectl delete role --all -n argocd --ignore-not-found > /dev/null 2>&1 || true
+kubectl delete rolebinding --all -n argocd --ignore-not-found > /dev/null 2>&1 || true
 helm repo add argo https://argoproj.github.io/argo-helm || true
 helm repo update
 helm upgrade --install argocd argo/argo-cd \
@@ -107,6 +116,15 @@ echo ""
 # 7. Install Kargo via Helm
 # -------------------------------------------------------
 echo "--- Step 7: Installing Kargo ---"
+# Clean up leftover Kargo CRDs from previous installs (they have resource-policy: keep)
+kubectl delete crd freights.kargo.akuity.io projects.kargo.akuity.io stages.kargo.akuity.io \
+  warehouses.kargo.akuity.io promotions.kargo.akuity.io promotiontasks.kargo.akuity.io \
+  clusterpromotiontasks.kargo.akuity.io projectconfigs.kargo.akuity.io \
+  clusterconfigs.kargo.akuity.io --ignore-not-found > /dev/null 2>&1 || true
+# Also clean up any leftover SAs/roles from previous installs that block Helm
+kubectl delete sa --all -n kargo --ignore-not-found > /dev/null 2>&1 || true
+kubectl delete role --all -n kargo --ignore-not-found > /dev/null 2>&1 || true
+kubectl delete rolebinding --all -n kargo --ignore-not-found > /dev/null 2>&1 || true
 helm upgrade --install kargo oci://ghcr.io/akuity/kargo-charts/kargo \
   --namespace kargo \
   --values kargo/values.yaml \