baff3d7477
ADR-0002 tracer bullet (infra#13), per Viktor's go-ahead. Idempotent script: GitHub mirror repo (create/unarchive/visibility), GHA secrets via gh, Forgejo push-mirror (sync_on_commit) + initial sync, Woodpecker mirror registration, renders build.yml/deploy.yml from templates (single-manifest provenance:false, svu semver to Forgejo, ghcr keep-10 retention, Slack notify-failure, manual-event deploy), removes the old in-cluster build pipeline, commits on the Canonical side. f1-stream stack gains the ghcr-credentials imagePullSecret (first consumer). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
19 lines
673 B
Cheetah
19 lines
673 B
Cheetah
# Auto-deploy, triggered ONLY by the GitHub Actions build POSTing to the
|
|
# Woodpecker API (manual event, with IMAGE_TAG + IMAGE_NAME) after a successful
|
|
# off-infra build+push to GHCR (ADR-0002). event:[manual] (NOT push) so the
|
|
# Forgejo->GitHub mirror's raw pushes don't fire a spurious deploy.
|
|
# The woodpecker-agent SA is cluster-admin — no kubeconfig needed.
|
|
# Generated by infra/scripts/offinfra-onboard.
|
|
when:
|
|
- event: manual
|
|
|
|
steps:
|
|
- name: check-vars
|
|
image: alpine
|
|
commands:
|
|
- "[ -n \"$IMAGE_TAG\" ] || (echo 'IMAGE_TAG not set — refusing to deploy'; exit 1)"
|
|
|
|
- name: deploy
|
|
image: bitnami/kubectl:latest
|
|
commands:
|
|
{{DEPLOY_CMDS}}
|