viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

fix: CI pipeline image pull auth + shallow clone resilience [ci skip]

Browse source 
- Add WOODPECKER_BACKEND_K8S_PULL_SECRET_NAMES to agent env so step
  pods can pull from private registry (registry.viktorbarzin.me:5050)
- Add fallback in default.yml when HEAD~1 is unavailable (shallow
  clone with depth=1): fetch more history, or apply all platform
  stacks as safe default
- Root cause: pipeline #243 failed because infra-ci:latest image
  couldn't be pulled (no imagePullSecrets on step pods)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin 2026-04-15 14:41:08 +00:00
parent e23153cf03
commit 601a83d84e
2 changed files with 39 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

63
.woodpecker/default.yml
View file

@ -62,34 +62,47 @@ steps:
- | - |
PLATFORM_STACKS="dbaas authentik crowdsec monitoring nvidia mailserver cloudflared kyverno metallb redis traefik technitium headscale rbac k8s-portal vaultwarden reverse-proxy metrics-server vpa nfs-csi iscsi-csi cnpg sealed-secrets uptime-kuma wireguard xray infra-maintenance platform vault reloader descheduler external-secrets" PLATFORM_STACKS="dbaas authentik crowdsec monitoring nvidia mailserver cloudflared kyverno metallb redis traefik technitium headscale rbac k8s-portal vaultwarden reverse-proxy metrics-server vpa nfs-csi iscsi-csi cnpg sealed-secrets uptime-kuma wireguard xray infra-maintenance platform vault reloader descheduler external-secrets"
# Check if global files changed (triggers full platform apply) # Ensure we have enough history for diff (clone may be shallow)
GLOBAL_CHANGED=$(git diff --name-only HEAD~1 HEAD 2>/dev/null | grep -E '^(modules/|config\.tfvars|terragrunt\.hcl)' || true) if ! git rev-parse HEAD~1 >/dev/null 2>&1; then
echo "WARNING: HEAD~1 not available (shallow clone?) — fetching more history"
if [ -n "$GLOBAL_CHANGED" ]; then git fetch --deepen=1 origin master 2>/dev/null || true
echo "Global files changed — applying ALL platform stacks"
echo "$PLATFORM_STACKS" | tr ' ' '\n' > .platform_apply
else
# Detect platform stacks that changed
git diff --name-only HEAD~1 HEAD 2>/dev/null | grep '^stacks/' | cut -d/ -f2 | sort -u > .all_changed
> .platform_apply
while read -r stack; do
if echo "$PLATFORM_STACKS" | grep -qw "$stack"; then
echo "$stack" >> .platform_apply
fi
done < .all_changed
fi fi
# Detect app stacks that changed # If still no parent, apply all platform stacks as a safe fallback
> .app_apply if ! git rev-parse HEAD~1 >/dev/null 2>&1; then
git diff --name-only HEAD~1 HEAD 2>/dev/null | grep '^stacks/' | cut -d/ -f2 | sort -u | while read -r stack; do echo "Cannot determine changed files — applying ALL platform stacks"
if echo "$PLATFORM_STACKS" | grep -qw "$stack"; then echo "$PLATFORM_STACKS" | tr ' ' '\n' > .platform_apply
continue # Skip platform stacks > .app_apply
else
# Check if global files changed (triggers full platform apply)
GLOBAL_CHANGED=$(git diff --name-only HEAD~1 HEAD | grep -E '^(modules/|config\.tfvars|terragrunt\.hcl)' || true)
if [ -n "$GLOBAL_CHANGED" ]; then
echo "Global files changed — applying ALL platform stacks"
echo "$PLATFORM_STACKS" | tr ' ' '\n' > .platform_apply
else
# Detect platform stacks that changed
git diff --name-only HEAD~1 HEAD | grep '^stacks/' | cut -d/ -f2 | sort -u > .all_changed
> .platform_apply
while read -r stack; do
if echo "$PLATFORM_STACKS" | grep -qw "$stack"; then
echo "$stack" >> .platform_apply
fi
done < .all_changed
fi fi
if [ ! -f "stacks/$stack/terragrunt.hcl" ]; then
continue # Skip non-terragrunt dirs # Detect app stacks that changed
fi > .app_apply
echo "$stack" >> .app_apply git diff --name-only HEAD~1 HEAD | grep '^stacks/' | cut -d/ -f2 | sort -u | while read -r stack; do
done if echo "$PLATFORM_STACKS" | grep -qw "$stack"; then
continue # Skip platform stacks
fi
if [ ! -f "stacks/$stack/terragrunt.hcl" ]; then
continue # Skip non-terragrunt dirs
fi
echo "$stack" >> .app_apply
done
fi
PLATFORM_COUNT=$(wc -l < .platform_apply | tr -d ' ') PLATFORM_COUNT=$(wc -l < .platform_apply | tr -d ' ')
APP_COUNT=$(wc -l < .app_apply | tr -d ' ') APP_COUNT=$(wc -l < .app_apply | tr -d ' ')

1
stacks/woodpecker/values.yaml
View file

@ -50,6 +50,7 @@ agent:
env: env:
WOODPECKER_BACKEND: "kubernetes" WOODPECKER_BACKEND: "kubernetes"
WOODPECKER_BACKEND_K8S_NAMESPACE: "woodpecker" WOODPECKER_BACKEND_K8S_NAMESPACE: "woodpecker"
WOODPECKER_BACKEND_K8S_PULL_SECRET_NAMES: "registry-credentials"
WOODPECKER_MAX_WORKFLOWS: "2" WOODPECKER_MAX_WORKFLOWS: "2"
WOODPECKER_AGENT_SECRET: "${agent_secret}" WOODPECKER_AGENT_SECRET: "${agent_secret}"
persistence: persistence: