stonks-oracle/pipelines/woodpecker/values.yaml

# Helm values for Woodpecker CI
# Chart: woodpecker/woodpecker
# Namespace: woodpecker

# --- Server ---
server:
  enabled: true

  # No proxy CA injection — server talks to Gitea internally, proxy would intercept

  env:
    WOODPECKER_HOST: "https://stonks-ci.celestium.life"
    WOODPECKER_SERVER_ADDR: "0.0.0.0:8000"
    WOODPECKER_GRPC_ADDR: "0.0.0.0:9000"
    WOODPECKER_GITEA: "true"
    WOODPECKER_GITEA_URL: "https://git.celestium.life"
    WOODPECKER_GITEA_CLIENT: "5f40e5f2-0153-458e-be5a-2ed5fd1b9054"
    WOODPECKER_GITEA_SECRET: "gto_h3rindnfegcurodm2vvujm7gzr6t5ly4rs2eto2wg57epwoi2x6q"
    WOODPECKER_AGENT_SECRET: "01eede973f522dbea9c1f09afc020ed0934a6f946d5832be5fecacb0da04ce23"
    WOODPECKER_ADMIN: "admin"
    WOODPECKER_PLUGINS_PRIVILEGED: "woodpeckerci/plugin-docker-buildx"

  # Traefik ingress with TLS via cert-manager
  ingress:
    enabled: true
    ingressClassName: traefik
    hosts:
      - host: stonks-ci.celestium.life
        paths:
          - path: /
            backend:
              serviceName: woodpecker-server
              servicePort: 80
    tls:
      - secretName: woodpecker-tls
        hosts:
          - stonks-ci.celestium.life
    annotations:
      cert-manager.io/cluster-issuer: celestium-le-production

  # Persistent volume for SQLite database and build data
  persistentVolume:
    enabled: true
    size: 5Gi
    storageClass: ""

# --- Agent ---
agent:
  enabled: true
  replicaCount: 2

  # Agents must NOT have proxy/CA injection — they communicate with server via gRPC
  # and the proxy blocks port 9000. Builder pods get injection via Kyverno policy
  # matching WOODPECKER_BACKEND_K8S_POD_ANNOTATIONS.
  podAnnotations: {}

  env:
    WOODPECKER_SERVER: "woodpecker-server:9000"
    WOODPECKER_AGENT_SECRET: "01eede973f522dbea9c1f09afc020ed0934a6f946d5832be5fecacb0da04ce23"
    WOODPECKER_BACKEND: kubernetes
    WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker
    WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 5Gi
    WOODPECKER_BACKEND_K8S_STORAGE_RWX: "false"
    WOODPECKER_BACKEND_K8S_STORAGE_CLASS: local-path
    WOODPECKER_BACKEND_K8S_POD_ANNOTATIONS: '{"celestium.life/inject-ca":"true"}'
    WOODPECKER_MAX_WORKFLOWS: "16"