admin/stonks-oracle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8bee515bd45df2c73327d7be04e610b08bcf9cd8
stonks-oracle/pipelines/runmefirst.sh
T

151 lines
6.4 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
set -euo pipefail
# runmefirst.sh — Full CI/CD pipeline infrastructure install
# Installs: Gitea config → Woodpecker CI → ArgoCD → Kargo
# Tears down ARC first (if present)
# Persists state on NFS volumes at nfs://192.168.42.8:/volume1/Kubernetes/pipelines
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
cd "$SCRIPT_DIR"
# -------------------------------------------------------
# 1. Create namespaces
# -------------------------------------------------------
echo "--- Step 1: Creating namespaces ---"
for ns in woodpecker argocd kargo stonks-beta stonks-paper; do
kubectl create namespace "$ns" --dry-run=client -o yaml | kubectl apply -f -
echo " ✓ namespace/$ns"
done
echo ""
# -------------------------------------------------------
# 1b. Ensure proxy-ca-cert ConfigMap exists in pipeline namespaces
# -------------------------------------------------------
echo "--- Step 1b: Ensuring proxy CA cert ConfigMap ---"
CA_CERT_PATH="/home/celes/nixos-goblin-1-2-3/home.crt"
for ns in woodpecker argocd kargo; do
if ! kubectl get configmap proxy-ca-cert -n "$ns" > /dev/null 2>&1; then
kubectl create configmap proxy-ca-cert --from-file=ca.crt="$CA_CERT_PATH" -n "$ns"
echo " ✓ proxy-ca-cert created in $ns"
else
echo " ✓ proxy-ca-cert already exists in $ns"
fi
done
echo ""
# -------------------------------------------------------
# 2. Apply NFS PersistentVolumes
# -------------------------------------------------------
echo "--- Step 2: Applying NFS PersistentVolumes ---"
kubectl apply -f pvs/argocd-pv.yaml
kubectl apply -f pvs/kargo-pv.yaml
kubectl apply -f pvs/woodpecker-pv.yaml
echo " ✓ PVs applied"
echo ""
# -------------------------------------------------------
# 3. Configure Gitea (admin user, OAuth2 app, repo)
# -------------------------------------------------------
echo "--- Step 3: Configuring Gitea ---"
bash gitea/setup.sh
# Source the OAuth2 credentials for Woodpecker install
source gitea/gitea-oauth2.env
echo " ✓ Gitea configured (OAuth2 client_id: ${GITEA_CLIENT_ID})"
# Ensure Gitea allows webhook delivery to local/cluster addresses
GITEA_POD=$(kubectl get pods -n git-server -l app=gitea -o jsonpath='{.items[0].metadata.name}')
if ! kubectl exec -n git-server "$GITEA_POD" -- grep -q '\[webhook\]' /data/gitea/conf/app.ini 2>/dev/null; then
kubectl exec -n git-server "$GITEA_POD" -- sh -c 'printf "\n[webhook]\nALLOWED_HOST_LIST = *\nSKIP_TLS_VERIFY = true\n" >> /data/gitea/conf/app.ini'
kubectl rollout restart deployment/gitea -n git-server
kubectl rollout status deployment/gitea -n git-server --timeout=60s
echo " ✓ Gitea webhook config added (ALLOWED_HOST_LIST=*)"
else
echo " ✓ Gitea webhook config already present"
fi
echo ""
# -------------------------------------------------------
# 4. Install Woodpecker CI via Helm
# -------------------------------------------------------
echo "--- Step 4: Installing Woodpecker CI ---"
helm upgrade --install woodpecker oci://ghcr.io/woodpecker-ci/helm/woodpecker \
--namespace woodpecker \
--values woodpecker/values.yaml \
--set server.env.WOODPECKER_GITEA_CLIENT="${GITEA_CLIENT_ID}" \
--set server.env.WOODPECKER_GITEA_SECRET="${GITEA_CLIENT_SECRET}" \
--wait --timeout 5m
echo " ✓ Woodpecker CI installed"
echo ""
# -------------------------------------------------------
# 5. Apply Woodpecker agent RBAC
# -------------------------------------------------------
echo "--- Step 5: Applying Woodpecker agent RBAC ---"
kubectl apply -f woodpecker/agent-rbac.yaml
echo " ✓ Agent RBAC applied"
echo ""
# -------------------------------------------------------
# 6. Install ArgoCD via Helm
# -------------------------------------------------------
echo "--- Step 6: Installing ArgoCD ---"
# Clean up leftover ArgoCD CRDs from previous installs (they have resource-policy: keep)
kubectl delete crd applications.argoproj.io applicationsets.argoproj.io appprojects.argoproj.io \
--ignore-not-found > /dev/null 2>&1 || true
kubectl delete sa --all -n argocd --ignore-not-found > /dev/null 2>&1 || true
kubectl delete role --all -n argocd --ignore-not-found > /dev/null 2>&1 || true
kubectl delete rolebinding --all -n argocd --ignore-not-found > /dev/null 2>&1 || true
helm repo add argo https://argoproj.github.io/argo-helm || true
helm repo update
helm upgrade --install argocd argo/argo-cd \
--namespace argocd \
--values argocd/values.yaml \
--wait --timeout 5m
echo " ✓ ArgoCD installed"
# Apply repo secret and Applications
kubectl apply -f argocd/repo-secret.yaml
kubectl apply -f argocd/apps/stonks-beta.yaml
kubectl apply -f argocd/apps/stonks-paper.yaml
kubectl apply -f argocd/apps/stonks-live.yaml
echo " ✓ ArgoCD repo secret and Applications applied"
echo ""
# -------------------------------------------------------
# 7. Install Kargo via Helm
# -------------------------------------------------------
echo "--- Step 7: Installing Kargo ---"
# Clean up leftover Kargo CRDs from previous installs (they have resource-policy: keep)
kubectl delete crd freights.kargo.akuity.io projects.kargo.akuity.io stages.kargo.akuity.io \
warehouses.kargo.akuity.io promotions.kargo.akuity.io promotiontasks.kargo.akuity.io \
clusterpromotiontasks.kargo.akuity.io projectconfigs.kargo.akuity.io \
clusterconfigs.kargo.akuity.io --ignore-not-found > /dev/null 2>&1 || true
# Also clean up any leftover SAs/roles from previous installs that block Helm
kubectl delete sa --all -n kargo --ignore-not-found > /dev/null 2>&1 || true
kubectl delete role --all -n kargo --ignore-not-found > /dev/null 2>&1 || true
kubectl delete rolebinding --all -n kargo --ignore-not-found > /dev/null 2>&1 || true
helm upgrade --install kargo oci://ghcr.io/akuity/kargo-charts/kargo \
--namespace kargo \
--values kargo/values.yaml \
--wait --timeout 5m
echo " ✓ Kargo installed"
# Apply Kargo resources
kubectl apply -f kargo/project.yaml
kubectl apply -f kargo/project-config.yaml
kubectl apply -f kargo/warehouse.yaml
kubectl apply -f kargo/market-hours-check.yaml
kubectl apply -f kargo/stages/beta.yaml
kubectl apply -f kargo/stages/paper.yaml
kubectl apply -f kargo/stages/live.yaml
echo " ✓ Kargo project, warehouse, and stages applied"
echo ""
echo "=== Pipeline Infrastructure Install Complete ==="
echo ""
echo "Endpoints:"
echo " Woodpecker CI: https://stonks-ci.celestium.life"
echo " ArgoCD: https://stonks-argocd.celestium.life"
echo " Kargo: https://stonks-kargo.celestium.life"
Reference in New Issue View Git Blame Copy Permalink