ebecaaee5c
- Switch from custom clone override to woodpeckerci/plugin-git built-in clone (handles auth automatically via netrc from GitHub OAuth token) - Add 8.8.8.8 and 1.1.1.1 as CoreDNS upstream resolvers alongside pfSense (fixes intermittent DNS timeouts causing clone failures) - Fix missing comma after heredoc in audit-policy.tf (syntax error)
44 lines
1.5 KiB
YAML
44 lines
1.5 KiB
YAML
when:
|
|
event: cron
|
|
cron: renew-tls-certificate
|
|
|
|
clone:
|
|
git:
|
|
image: woodpeckerci/plugin-git
|
|
settings:
|
|
attempts: 5
|
|
backoff: 10s
|
|
|
|
steps:
|
|
- name: prepare
|
|
image: alpine
|
|
commands:
|
|
- "apk update && apk add jq curl git git-crypt"
|
|
- |
|
|
curl -k https://10.0.20.100:6443/api/v1/namespaces/woodpecker/configmaps/git-crypt-key -H "Authorization:Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" | jq -r .data.key | base64 -d > /tmp/key
|
|
- "git-crypt unlock /tmp/key"
|
|
|
|
- name: renew-tls
|
|
image: alpine
|
|
environment:
|
|
TECHNITIUM_API_KEY:
|
|
from_secret: TECHNITIUM_API_KEY
|
|
CLOUDFLARE_TOKEN:
|
|
from_secret: CLOUDFLARE_TOKEN
|
|
CLOUDFLARE_ZONE_ID:
|
|
from_secret: CLOUDFLARE_ZONE_ID
|
|
commands:
|
|
- "apk update && apk add certbot curl jq"
|
|
- "./modules/kubernetes/setup_tls_secret/renew2.sh"
|
|
|
|
- name: commit-certs
|
|
image: alpine
|
|
commands:
|
|
- "apk update && apk add openssh-client git git-crypt"
|
|
- "mkdir ~/.ssh && ssh-keyscan -H github.com >> ~/.ssh/known_hosts"
|
|
- "chmod 400 secrets/deploy_key"
|
|
- "git add ."
|
|
- "git remote set-url origin git@github.com:ViktorBarzin/infra.git"
|
|
- "git commit -m 'Woodpecker CI Update TLS Certificates Commit' || echo 'No changes'"
|
|
- "GIT_SSH_COMMAND='ssh -i ./secrets/deploy_key -o IdentitiesOnly=yes' git pull --rebase origin master"
|
|
- "GIT_SSH_COMMAND='ssh -i ./secrets/deploy_key -o IdentitiesOnly=yes' git push origin master"
|