flux-charts/mycloud-git-small/templates/woodpecker/release.yaml

{{- $name := printf "%s-woodpecker" .Release.Name }}
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: {{ $name | quote }}
spec:
  chartRef:
    kind: OCIRepository
    name: {{ $name | quote }}
  install:
    {{- toYaml .Values.commons.helm.release.install | nindent 4 }}
  test:
    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
  upgrade:
    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
  driftDetection:
    {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
  interval: 10m
  values:
    {{- $hostCI := .Values.ingress.woodpecker.host | default (printf "ci.%s" .Values.commons.ingress.domain) }}
    {{- $hostGit := .Values.ingress.woodpecker.host | default (printf "git.%s" .Values.commons.ingress.domain) }}
    agent:
      replicaCount: 1
      env:
        WOODPECKER_MAX_WORKFLOWS: 4
        WOODPECKER_BACKEND_K8S_NAMESPACE: {{ .Values.woodpecker.jobs.namespace.name }}
        WOODPECKER_BACKEND_K8S_STORAGE_RWX: false
        WOODPECKER_BACKEND_K8S_POD_LABELS_ALLOW_FROM_STEP: true
        WOODPECKER_BACKEND_K8S_POD_LABELS: |
          {
            "app.kubernetes.io/name": "server",
            "app.kubernetes.io/instance": "{{.Release.Namespace }}-{{ $name }}",
            "app.kubernetes.io/component": "job"
          }
        WOODPECKER_SERVER: "{{ $name }}-server:9000"
      {{- if .Values.commons.networkpolicies.enabled }}
      networkPolicy:
        enabled: true
        egress:
          enabled: true
          dns:
            {{- toYaml .Values.commons.networkpolicies.to.dns | nindent 12 }}
          apiserver:
            {{- toYaml .Values.commons.networkpolicies.to.k8sAPI | nindent 12 }}
          server:
            to:
              - podSelector:
                  matchLabels:
                    app.kubernetes.io/name: server
                    app.kubernetes.io/instance: {{ $name }}
      {{- end }}
      persistentVolume:
        enabled: false
    server:
      env:
        WOODPECKER_OPEN: "true"
        WOODPECKER_HOST: {{ printf "https://%s" $hostCI | quote }}
        WOODPECKER_FORGEJO: "true"
        WOODPECKER_FORGEJO_URL: {{ printf "https://%s" $hostGit | quote }}
        WOODPECKER_ADMIN: {{ join "," .Values.woodpecker.admins | quote }}
        WOODPECKER_DATABASE_DRIVER: postgres
        WOODPECKER_LOG_FILE: "stdout"
      podAnnotations:
        config-hash: {{ include (print $.Template.BasePath "/woodpecker/secret.yaml") . | sha256sum }}
      extraSecretNamesForEnvFrom:
        - {{ $name }}
      metrics:
        enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PodMonitor") }}
      prometheus:
        podmonitor:
          enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PodMonitor") }}
          labels:
            {{- toYaml .Values.commons.prometheus.monitor.labels | nindent 12 }}
        rules:
          enabled: true
          labels:
            {{- toYaml .Values.commons.prometheus.rules.labels | nindent 12 }}
      grafana:
        dashboards:
          enabled: true
          labels:
            {{- toYaml .Values.commons.grafana.dashboards.labels | nindent 12 }}
          annotations:
            {{- toYaml .Values.commons.grafana.dashboards.annotations | nindent 12 }}

      ingress:
        enabled: true
        annotations:
          {{- with .Values.commons.ingress.annotations }}
          {{- toYaml . | nindent 10 }}
          {{- end }}
          {{- with .Values.ingress.woodpecker.annotations }}
          {{- toYaml . | nindent 10 }}
          {{- end }}
        hosts:
          - host: {{ $hostCI }}
            paths:
              - path: /
        {{- if .Values.commons.ingress.tls.enabled }}
        tls:
          {{- with .Values.commons.ingress.tls.override }}
          {{- toYaml . | nindent 10 }}
          {{- else }}
          - secretName: "mycloud-woodpecker-cert"
            hosts:
              - "{{ $hostCI }}"
          {{- end }}
        {{- end }}
      {{- if .Values.commons.networkpolicies.enabled }}
      networkPolicy:
        enabled: true
        ingress:
          http:
            {{- toYaml .Values.commons.networkpolicies.from.ingress | nindent 12 }}
          metrics:
            {{- toYaml .Values.commons.networkpolicies.from.metrics | nindent 12 }}
          grpc:
            - podSelector:
                matchLabels:
                  app.kubernetes.io/name: agent
                  app.kubernetes.io/instance: "{{ .Release.Name }}-woodpecker"
        egress:
          enabled: true
          dns:
            {{- toYaml .Values.commons.networkpolicies.to.dns | nindent 12 }}
          database:
            {{- with .Values.commons.networkpolicies.to.database }}
            {{- toYaml . | nindent 12 }}
            {{- end }}
          extra:
             {{/* need to call git instance*/}}
            - ports:
                - port: 443
                  protocol: TCP
              to:
                {{- toYaml .Values.commons.networkpolicies.from.ingress | nindent 16 }}

      {{- end }}
      persistentVolume:
        enabled: false