remove legacy crd and add pipeline

.github/workflows/docker.yml

@@ -1,144 +0,0 @@
-name: Docker
-
-on:
-  push:
-    branches:
-      - main
-
-  pull_request:
-
-# Certain actions will only run when this is the main repo.
-env:
-  MAIN_REPO: ncsa/traefik-certmanager
-  DOCKERHUB_ORG: ncsa
-  PLATFORM: "linux/amd64,linux/arm64"
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    permissions:
-      packages: write
-
-    steps:
-      - uses: actions/checkout@v2
-
-      # calculate some variables that are used later
-      - name: version information
-        run: |
-          # find out what the BRANCH is, in case of a PR we will use the PR-<number>
-          if [ "${{ github.event.release.target_commitish }}" != "" ]; then
-            BRANCH="${{ github.event.release.target_commitish }}"
-          elif [[ $GITHUB_REF =~ pull ]]; then
-            BRANCH="$(echo $GITHUB_REF | sed 's#refs/pull/\([0-9]*\)/merge#PR-\1#')"
-          else
-            BRANCH=${GITHUB_REF##*/}
-          fi
-
-          # calculate the version and all tags
-          if [ "$BRANCH" == "main" ]; then
-            VERSION="$(awk '/^## / { print $2; exit }' CHANGELOG.md | sed -e 's/\[//' -e 's/\]//')"
-            tags="latest"
-            oldversion=""
-            tmpversion="${VERSION}"
-            while [ "${oldversion}" != "${tmpversion}" ]; do
-              oldversion="${tmpversion}"
-              tags="${tags} ${tmpversion}"
-              tmpversion=${tmpversion%.*}
-            done
-          else
-            VERSION="$BRANCH"
-            tags="$BRANCH"
-          fi
-
-          # should we push to dockerhub, and is there a README
-          DOCKERHUB_PUSH="false"
-          DOCKERHUB_README="false"
-          if [ "${{ github.repository }}" == "${{ env.MAIN_REPO }}" ]; then
-            if [ "${{ secrets.DOCKERHUB_USERNAME }}" != "" -a "${{ secrets.DOCKERHUB_PASSWORD }}" != "" ]; then
-              DOCKERHUB_PUSH="true"
-              if [ -e "README.md" ]; then
-                DOCKERHUB_README="true"
-              fi
-            fi
-          fi
-
-          # create a list of all images to be pushed
-          REPO=${GITHUB_REPOSITORY,,}
-          IMAGE="${{ github.event.repository.name }}"
-          IMAGES=""
-          for tag in ${tags}; do
-            if [ "$DOCKERHUB_PUSH" == "true" ]; then
-              IMAGES="${IMAGES}${{ env.DOCKERHUB_ORG }}/${IMAGE}:${tag},"
-            fi
-            IMAGES="${IMAGES}ghcr.io/${REPO}/${IMAGE}:${tag},"
-          done
-          IMAGES="${IMAGES%,*}"
-
-          # save the results in env
-          echo "BRANCH=${BRANCH}"
-          echo "VERSION=${VERSION}"
-          echo "DOCKERHUB_README=${DOCKERHUB_README}"
-          echo "DOCKERHUB_PUSH=${DOCKERHUB_PUSH}"
-          echo "IMAGES=${IMAGES}"
-
-          echo "BRANCH=${BRANCH}" >> $GITHUB_ENV
-          echo "VERSION=${VERSION}" >> $GITHUB_ENV
-          echo "DOCKERHUB_README=${DOCKERHUB_README}" >> $GITHUB_ENV
-          echo "DOCKERHUB_PUSH=${DOCKERHUB_PUSH}" >> $GITHUB_ENV
-          echo "IMAGES=${IMAGES}" >> $GITHUB_ENV
-
-      # setup docker build
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Inspect Builder
-        run: |
-          echo "Name:      ${{ steps.buildx.outputs.name }}"
-          echo "Endpoint:  ${{ steps.buildx.outputs.endpoint }}"
-          echo "Status:    ${{ steps.buildx.outputs.status }}"
-          echo "Flags:     ${{ steps.buildx.outputs.flags }}"
-          echo "Platforms: ${{ steps.buildx.outputs.platforms }}"
-
-      # login to registries
-      - name: Login to DockerHub
-        if: env.DOCKERHUB_PUSH == 'true'
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_PASSWORD }}
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      # build the docker images
-      - name: Build and push docker
-        uses: docker/build-push-action@v2
-        with:
-          push: true
-          platforms: ${{ env.PLATFORM }}
-          cache-from: type=gha
-          cache-to: type=gha
-          tags: ${{ env.IMAGES }}
-          build-args: |
-            BRANCH: ${{ env.BRANCH }}
-            VERSION=${{ env.VERSION }}
-            BUILDNUMBER=${{ github.run_number }}
-            GITSHA1=${{ github.sha  }}
-
-      # this will update the README of the dockerhub repo
-      - name: Docker Hub Description
-        if: env.DOCKERHUB_README == 'true'
-        uses: peter-evans/dockerhub-description@v2
-        env:
-          DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
-          DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
-          DOCKERHUB_REPOSITORY: ${{ env.DOCKERHUB_ORG }}/${{ github.event.repository.name }}
-          README_FILEPATH: README.md

.github/workflows/release.yaml

@@ -1,37 +0,0 @@
-name: Create Release
-
-on:
-  push:
-    branches:
-      - main
-
-jobs:
-  release:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
-
-      - name: get release info
-        id: release_info
-        run: |
-          version="$(awk '/^## / { print tolower($2) }' CHANGELOG.md | head -1)"
-          changelog="$(sed -e "1,/^## ${version}/d" -e "/^## /,\$d" CHANGELOG.md)"
-          changelog="${changelog//'%'/'%25'}"
-          changelog="${changelog//$'\n'/'%0A'}"
-          changelog="${changelog//$'\r'/'%0D'}"
-          echo "::set-output name=version::$version"
-          echo "::set-output name=changelog::$changelog"
-
-      - name: create release
-        if: github.event_name == 'push' && github.ref == 'refs/heads/main' && steps.release_info.outputs.version != 'unreleased'
-        uses: actions/create-release@v1
-        id: create_release
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          tag_name: ${{ steps.release_info.outputs.version }}
-          release_name: Release ${{ steps.release_info.outputs.version }}
-          body: ${{ steps.release_info.outputs.changelog }}

.woodpecker/.build.yaml

@@ -0,0 +1,35 @@
+steps:
+- name: docker
+  image: woodpeckerci/plugin-docker-buildx
+  privileged: true
+  settings:
+    registry: git.ar21.de
+    username:
+      from_secret: REGISTRY_USER
+    password:
+      from_secret: REGISTRY_PASS
+    repo: git.ar21.de/${CI_REPO}
+    tags:
+      - latest
+      - ${CI_PIPELINE_NUMBER}
+  when:
+    - branch: main
+      event: [push, manual]
+- name: docker-build
+  image: woodpeckerci/plugin-docker-buildx
+  privileged: true
+  settings:
+    registry: git.ar21.de
+    username:
+      from_secret: REGISTRY_USER
+    password:
+      from_secret: REGISTRY_PASS
+    repo: git.ar21.de/${CI_REPO}
+    tags:
+      - testing-${CI_PIPELINE_NUMBER}
+  when:
+    - branch:
+        exclude: main
+      event: [push, manual]
+depends_on:
+  - lint

.woodpecker/.deploy.yaml

@@ -0,0 +1,57 @@
+skip_clone: true
+steps:
+- name: bump tag in deployment-repo (prod)
+  image: git.ar21.de/aaron/kustomize-ci
+  commands:
+    - git clone https://git.ar21.de/yolokube/core-deployments.git deployment-repo
+    - cd deployment-repo/traefik-certmanager/overlay
+    - kustomize edit set image git.ar21.de/yolokube/traefik-certmanager=git.ar21.de/yolokube/traefik-certmanager:${CI_PIPELINE_NUMBER}
+  when:
+    - branch: main
+      event: push
+- name: push new tag to deployment-repo (prod)
+  image: appleboy/drone-git-push
+  settings:
+    branch: "${CI_PIPELINE_NUMBER}_traefik-certmanager_prod"
+    remote: ssh://git@git.ar21.de:2222/yolokube/core-deployments.git
+    path: deployment-repo
+    force: false
+    commit: true
+    commit_message: "traefik-certmanager: update image tag to ${CI_PIPELINE_NUMBER} (done automagically via Woodpecker pipeline)"
+    ssh_key:
+      from_secret: FORGEJO_SSH_KEY
+  when:
+    - branch: main
+      event: push
+- name: create pull request (prod)
+  image: git.ar21.de/tom/push-message-randomizer:latest
+  pull: true
+  settings:
+    gitea_address: https://git.ar21.de
+    gitea_token:
+      from_secret: FORGEJO_API
+    owner: ${CI_REPO_OWNER}
+    repo: deploymentrepo
+    branch: "${CI_PIPELINE_NUMBER}_traefik-certmanager_prod"
+    base_branch: main
+    pr_title: "traefik-certmanager: update image tag to ${CI_PIPELINE_NUMBER}"
+    pr_body: |
+      ### ℹ traefik-certmanager image update
+
+      {- random-pr-message -}
+
+      ### Configuration
+
+      📅 **Schedule**: Branch creation - At any time, Automerge - At any time.
+
+      🚦 **Automerge**: Enabled.
+    skip_on_missing_branch: true
+    close_pr_if_empty: true
+    delete_branch_if_pr_empty: true
+    merge_when_checks_succeed: true
+    delete_branch_after_merge: true
+  when:
+    - branch: main
+      event: push
+depends_on:
+  - build

main.py

@@ -147,13 +147,9 @@ def main():
     signal.signal(signal.SIGINT, exit_gracefully)
     signal.signal(signal.SIGTERM, exit_gracefully)
 
-    # deprecated traefik CRD
-    th1 = threading.Thread(target=watch_crd, args=("traefik.containo.us", "v1alpha1", "ingressroutes"), daemon=True)
-    th1.start()
-
     # new traefik CRD
-    th2 = threading.Thread(target=watch_crd, args=("traefik.io", "v1alpha1", "ingressroutes"), daemon=True)
+    th1 = threading.Thread(target=watch_crd, args=("traefik.io", "v1alpha1", "ingressroutes"), daemon=True)
-    th2.start()
+    th1.start()
 
     # wait for threads to finish
     while th1.is_alive() and th2.is_alive():

traefik-certmanager.yaml

@@ -50,7 +50,7 @@ spec:
       serviceAccount: traefik-certmanager
       containers:
       - name: traefik-certmanager
-        image: kooper/traefik-certmanager
+        image: git.ar21.de/yolokube/traefik-certmanager
         imagePullPolicy: Always
         env:
         - name: ISSUER_NAME