From 7117ef455bb9ce50df7ee9d4463decf98c60d9b3 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Tue, 27 Aug 2024 18:12:03 -0500 Subject: [PATCH] updatebot: Add CronJob for Paperless-ngx Paperless-ngx updates also need to cover Gotenberg and Apache Tika. --- updatebot/projects/paperless-ngx.toml | 32 +++++++++++++ updatebot/updatebot.yaml | 68 +++++++++++++++++++++++++++ 2 files changed, 100 insertions(+) create mode 100644 updatebot/projects/paperless-ngx.toml diff --git a/updatebot/projects/paperless-ngx.toml b/updatebot/projects/paperless-ngx.toml new file mode 100644 index 0000000..aabee4a --- /dev/null +++ b/updatebot/projects/paperless-ngx.toml @@ -0,0 +1,32 @@ +[repo] +url = "https://git.pyrocufflink.net/infra/kubernetes" +token_file = "/run/secrets/updatebot/gitea.token" + +[projects.paperless-ngx] +kind = "kustomize" +image = "ghcr.io/paperless-ngx/paperless-ngx" + +[projects.paperless-ngx.source] +kind = "github" +organization = "paperless-ngx" +repo = "paperless-ngx" + +[projects.gotenberg] +kind = "kustomize" +path = "paperless-ngx" +image = "docker.io/gotenberg/gotenberg" + +[projects.gotenberg.source] +kind = "github" +organization = "gotenberg" +repo = "gotenberg" + +[projects.tika] +kind = "kustomize" +path = "paperless-ngx" +image = "docker.io/apache/tika" + +[projects.tika.source] +kind = "docker" +namespace = "apache" +repository = "tika" diff --git a/updatebot/updatebot.yaml b/updatebot/updatebot.yaml index 18222d7..705f67e 100644 --- a/updatebot/updatebot.yaml +++ b/updatebot/updatebot.yaml @@ -132,3 +132,71 @@ spec: secret: secretName: updatebot-ssh defaultMode: 0640 + +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + name: updatebot-paperless-ngx + labels: &labels + app.kubernetes.io/name: updatebot-paperless-ngx +spec: + schedule: 34 6 * * 1 + timeZone: America/Chicago + concurrencyPolicy: Forbid + jobTemplate: + spec: + template: + metadata: + labels: *labels + spec: + restartPolicy: Never + containers: + - name: updatebot + image: git.pyrocufflink.net/infra/updatebot + args: + - --branch-name + - updatebot/paperless-ngx + securityContext: + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /etc/ssh/ssh_known_hosts + name: ssh-known-hosts + readOnly: true + subPath: ssh_known_hosts + - mountPath: /home/bot/.config/updatebot/config.toml + name: updatebot-config + readOnly: true + subPath: paperless-ngx.toml + - mountPath: /home/bot/.ssh + name: updatebot-ssh + readOnly: true + - mountPath: /run/secrets/updatebot + name: updatebot-secrets + readOnly: true + - mountPath: /tmp + name: tmp + subPath: tmp + nodeSelector: + kubernetes.io/arch: amd64 + securityContext: + runAsNonRoot: true + fsGroup: 25167 + volumes: + - name: ssh-known-hosts + configMap: + name: ssh-known-hosts + - name: tmp + emptyDir: + medium: Memory + - name: updatebot-config + configMap: + name: updatebot-projects + - name: updatebot-secrets + secret: + secretName: updatebot + defaultMode: 0640 + - name: updatebot-ssh + secret: + secretName: updatebot-ssh + defaultMode: 0640