updatebot: Schedule updatebot for Firefly-III

Firefly-III only has a single Pod/container to manage with `updatebot`.
2024-08-27 18:11:52 -05:00 · 2024-08-27 18:11:52 -05:00 · 7c1fed7685
parent 5de1379c1f
commit 7c1fed7685
2 changed files with 81 additions and 0 deletions
--- a/updatebot/projects/firefly-iii.toml
+++ b/updatebot/projects/firefly-iii.toml
@ -0,0 +1,13 @@
+[repo]
+url = "https://git.pyrocufflink.net/infra/kubernetes"
+token_file = "/run/secrets/updatebot/gitea.token"
+
+[projects.firefly-iii]
+kind = "kustomize"
+image = "docker.io/fireflyiii/core"
+tag_format = "version-{version}"
+
+[projects.firefly-iii.source]
+kind = "github"
+organization = "firefly-iii"
+repo = "firefly-iii"
--- a/updatebot/updatebot.yaml
+++ b/updatebot/updatebot.yaml
@ -64,3 +64,71 @@ spec:
            secret:
              secretName: updatebot-ssh
              defaultMode: 0640
+
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: updatebot-firefly-iii
+  labels: &labels
+    app.kubernetes.io/name: updatebot-firefly-iii
+spec:
+  schedule: 33 6 * * 1
+  timeZone: America/Chicago
+  concurrencyPolicy: Forbid
+  jobTemplate:
+    spec:
+      template:
+        metadata:
+          labels: *labels
+        spec:
+          restartPolicy: Never
+          containers:
+          - name: updatebot
+            image: git.pyrocufflink.net/infra/updatebot
+            args:
+            - --branch-name
+            - updatebot/firefly-iii
+            securityContext:
+              readOnlyRootFilesystem: true
+            volumeMounts:
+            - mountPath: /etc/ssh/ssh_known_hosts
+              name: ssh-known-hosts
+              readOnly: true
+              subPath: ssh_known_hosts
+            - mountPath: /home/bot/.config/updatebot/config.toml
+              name: updatebot-config
+              readOnly: true
+              subPath: firefly-iii.toml
+            - mountPath: /home/bot/.ssh
+              name: updatebot-ssh
+              readOnly: true
+            - mountPath: /run/secrets/updatebot
+              name: updatebot-secrets
+              readOnly: true
+            - mountPath: /tmp
+              name: tmp
+              subPath: tmp
+          nodeSelector:
+            kubernetes.io/arch: amd64
+          securityContext:
+            runAsNonRoot: true
+            fsGroup: 25167
+          volumes:
+          - name: ssh-known-hosts
+            configMap:
+              name: ssh-known-hosts
+          - name: tmp
+            emptyDir:
+              medium: Memory
+          - name: updatebot-config
+            configMap:
+              name: updatebot-projects
+          - name: updatebot-secrets
+            secret:
+              secretName: updatebot
+              defaultMode: 0640
+          - name: updatebot-ssh
+            secret:
+              secretName: updatebot-ssh
+              defaultMode: 0640