{{- $name := printf "%s-woodpecker" .Release.Name }} --- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: {{ $name | quote }} spec: chartRef: kind: OCIRepository name: {{ $name | quote }} install: {{- toYaml .Values.commons.helm.release.install | nindent 4 }} test: {{- toYaml .Values.commons.helm.release.test | nindent 4 }} upgrade: {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }} driftDetection: {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }} interval: 10m values: {{- $hostCI := .Values.ingress.woodpecker.host | default (printf "ci.%s" .Values.commons.ingress.domain) }} {{- $hostGit := .Values.ingress.woodpecker.host | default (printf "git.%s" .Values.commons.ingress.domain) }} agent: replicaCount: 1 env: WOODPECKER_MAX_WORKFLOWS: 4 WOODPECKER_BACKEND_K8S_NAMESPACE: {{ .Values.woodpecker.jobs.namespace.name }} WOODPECKER_BACKEND_K8S_STORAGE_RWX: false WOODPECKER_BACKEND_K8S_POD_LABELS_ALLOW_FROM_STEP: true WOODPECKER_BACKEND_K8S_POD_LABELS: | { "app.kubernetes.io/name": "server", "app.kubernetes.io/instance": "{{.Release.Namespace }}-{{ $name }}", "app.kubernetes.io/component": "job" } WOODPECKER_SERVER: "{{ $name }}-server:9000" {{- if .Values.commons.networkpolicies.enabled }} networkPolicy: enabled: true egress: enabled: true dns: {{- toYaml .Values.commons.networkpolicies.to.dns | nindent 12 }} apiserver: {{- toYaml .Values.commons.networkpolicies.to.k8sAPI | nindent 12 }} server: to: - podSelector: matchLabels: app.kubernetes.io/name: server app.kubernetes.io/instance: {{ $name }} {{- end }} persistentVolume: enabled: false server: env: WOODPECKER_OPEN: "true" WOODPECKER_HOST: {{ printf "https://%s" $hostCI | quote }} WOODPECKER_FORGEJO: "true" WOODPECKER_FORGEJO_URL: {{ printf "https://%s" $hostGit | quote }} WOODPECKER_ADMIN: {{ join "," .Values.woodpecker.admins | quote }} WOODPECKER_DATABASE_DRIVER: postgres WOODPECKER_LOG_FILE: "stdout" podAnnotations: config-hash: {{ include (print $.Template.BasePath "/woodpecker/secret.yaml") . | sha256sum }} extraSecretNamesForEnvFrom: - {{ $name }} metrics: enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PodMonitor") }} prometheus: podmonitor: enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PodMonitor") }} labels: {{- toYaml .Values.commons.prometheus.monitor.labels | nindent 12 }} rules: enabled: true labels: {{- toYaml .Values.commons.prometheus.rules.labels | nindent 12 }} grafana: dashboards: enabled: true labels: {{- toYaml .Values.commons.grafana.dashboards.labels | nindent 12 }} annotations: {{- toYaml .Values.commons.grafana.dashboards.annotations | nindent 12 }} ingress: enabled: true annotations: {{- with .Values.commons.ingress.annotations }} {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.ingress.annotations }} {{- toYaml . | nindent 8 }} {{- end }} hosts: - host: {{ $hostCI }} paths: - path: / {{- if .Values.commons.ingress.tls.enabled }} tls: {{- with .Values.commons.ingress.tls.override }} {{- toYaml . | nindent 8 }} {{- else }} - secretName: "mycloud-woodpecker-cert" hosts: - "{{ $hostCI }}" {{- end }} {{- end }} {{- if .Values.commons.networkpolicies.enabled }} networkPolicy: enabled: true ingress: http: {{- toYaml .Values.commons.networkpolicies.from.ingress | nindent 12 }} metrics: {{- toYaml .Values.commons.networkpolicies.from.metrics | nindent 12 }} grpc: - podSelector: matchLabels: app.kubernetes.io/name: agent app.kubernetes.io/instance: "{{ .Release.Name }}-woodpecker" egress: enabled: true dns: {{- toYaml .Values.commons.networkpolicies.to.dns | nindent 12 }} database: {{- with .Values.commons.networkpolicies.to.database }} {{- toYaml . | nindent 12 }} {{- end }} extra: {{/* need to call git instance*/}} - ports: - port: 443 protocol: TCP to: {{- toYaml .Values.commons.networkpolicies.from.ingress | nindent 16 }} {{- end }} persistentVolume: enabled: false