#!/bin/bash set -euo pipefail # runmefirst.sh — Full CI/CD pipeline infrastructure install # Installs: Gitea config → Woodpecker CI → ArgoCD → Kargo # Tears down ARC first (if present) # Persists state on NFS volumes at nfs://192.168.42.8:/volume1/Kubernetes/pipelines SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" cd "$SCRIPT_DIR" # ------------------------------------------------------- # 0. Tear down ARC infrastructure (if present) # ------------------------------------------------------- echo "--- Step 0: Tearing down ARC infrastructure ---" helm uninstall arc-runner-set --namespace arc-system || true helm uninstall arc --namespace arc-system || true kubectl delete clusterrolebinding arc-runner-rbac --ignore-not-found kubectl delete pv pipeline-arc-pv --ignore-not-found kubectl delete namespace arc-system --ignore-not-found --wait=false echo " ✓ ARC teardown complete" echo "" # ------------------------------------------------------- # 1. Create namespaces # ------------------------------------------------------- echo "--- Step 1: Creating namespaces ---" for ns in woodpecker argocd kargo stonks-beta stonks-paper; do kubectl create namespace "$ns" --dry-run=client -o yaml | kubectl apply -f - echo " ✓ namespace/$ns" done echo "" # ------------------------------------------------------- # 2. Apply NFS PersistentVolumes # ------------------------------------------------------- echo "--- Step 2: Applying NFS PersistentVolumes ---" kubectl apply -f pvs/argocd-pv.yaml kubectl apply -f pvs/kargo-pv.yaml kubectl apply -f pvs/woodpecker-pv.yaml echo " ✓ PVs applied" echo "" # ------------------------------------------------------- # 3. Configure Gitea (admin user, OAuth2 app, repo) # ------------------------------------------------------- echo "--- Step 3: Configuring Gitea ---" bash gitea/setup.sh # Source the OAuth2 credentials for Woodpecker install source gitea/gitea-oauth2.env echo " ✓ Gitea configured (OAuth2 client_id: ${GITEA_CLIENT_ID})" # Ensure Gitea allows webhook delivery to local/cluster addresses GITEA_POD=$(kubectl get pods -n git-server -l app=gitea -o jsonpath='{.items[0].metadata.name}') if ! kubectl exec -n git-server "$GITEA_POD" -- grep -q '\[webhook\]' /data/gitea/conf/app.ini 2>/dev/null; then kubectl exec -n git-server "$GITEA_POD" -- sh -c 'printf "\n[webhook]\nALLOWED_HOST_LIST = *\nSKIP_TLS_VERIFY = true\n" >> /data/gitea/conf/app.ini' kubectl rollout restart deployment/gitea -n git-server kubectl rollout status deployment/gitea -n git-server --timeout=60s echo " ✓ Gitea webhook config added (ALLOWED_HOST_LIST=*)" else echo " ✓ Gitea webhook config already present" fi echo "" # ------------------------------------------------------- # 4. Install Woodpecker CI via Helm # ------------------------------------------------------- echo "--- Step 4: Installing Woodpecker CI ---" helm upgrade --install woodpecker oci://ghcr.io/woodpecker-ci/helm/woodpecker \ --namespace woodpecker \ --values woodpecker/values.yaml \ --set server.env.WOODPECKER_GITEA_CLIENT="${GITEA_CLIENT_ID}" \ --set server.env.WOODPECKER_GITEA_SECRET="${GITEA_CLIENT_SECRET}" \ --wait --timeout 5m echo " ✓ Woodpecker CI installed" echo "" # ------------------------------------------------------- # 5. Apply Woodpecker agent RBAC # ------------------------------------------------------- echo "--- Step 5: Applying Woodpecker agent RBAC ---" kubectl apply -f woodpecker/agent-rbac.yaml echo " ✓ Agent RBAC applied" echo "" # ------------------------------------------------------- # 6. Install ArgoCD via Helm # ------------------------------------------------------- echo "--- Step 6: Installing ArgoCD ---" helm repo add argo https://argoproj.github.io/argo-helm || true helm repo update helm upgrade --install argocd argo/argo-cd \ --namespace argocd \ --values argocd/values.yaml \ --wait --timeout 5m echo " ✓ ArgoCD installed" # Apply repo secret and Applications kubectl apply -f argocd/repo-secret.yaml kubectl apply -f argocd/apps/stonks-beta.yaml kubectl apply -f argocd/apps/stonks-paper.yaml kubectl apply -f argocd/apps/stonks-live.yaml echo " ✓ ArgoCD repo secret and Applications applied" echo "" # ------------------------------------------------------- # 7. Install Kargo via Helm # ------------------------------------------------------- echo "--- Step 7: Installing Kargo ---" helm upgrade --install kargo oci://ghcr.io/akuity/kargo-charts/kargo \ --namespace kargo \ --values kargo/values.yaml \ --wait --timeout 5m echo " ✓ Kargo installed" # Apply Kargo resources kubectl apply -f kargo/project.yaml kubectl apply -f kargo/project-config.yaml kubectl apply -f kargo/warehouse.yaml kubectl apply -f kargo/market-hours-check.yaml kubectl apply -f kargo/stages/beta.yaml kubectl apply -f kargo/stages/paper.yaml kubectl apply -f kargo/stages/live.yaml echo " ✓ Kargo project, warehouse, and stages applied" echo "" echo "=== Pipeline Infrastructure Install Complete ===" echo "" echo "Endpoints:" echo " Woodpecker CI: https://stonks-ci.celestium.life" echo " ArgoCD: https://stonks-argocd.celestium.life" echo " Kargo: https://stonks-kargo.celestium.life"