feat(actions): bootstrap sol runner
All checks were successful
runner-smoke / smoke (push) Successful in 36s

This commit is contained in:
mpabi
2026-04-12 16:39:26 +02:00
commit b94cc46b78
11 changed files with 376 additions and 0 deletions

View File

@@ -0,0 +1,70 @@
#!/usr/bin/env bash
set -euo pipefail
ORG="${ORG:-trade-next}"
SECRET_NAME="${SECRET_NAME:-K3S_KUBECONFIG_B64}"
GITEA_URL="${GITEA_URL:-https://gitea.mpabi.pl}"
GITEA_TOKEN_FILE="${GITEA_TOKEN_FILE:-/home/user/dev/mcp/tools/tokens/gitea.token}"
SOL_HOST="${SOL_HOST:-149.50.96.162}"
SOL_USER="${SOL_USER:-user}"
SOL_SSH_KEY="${SOL_SSH_KEY:-/home/user/dev/mcp/keys/mpabi/mevnode_mcp}"
DEPLOY_NAMESPACE="${DEPLOY_NAMESPACE:-gitea-actions}"
DEPLOY_SERVICE_ACCOUNT="${DEPLOY_SERVICE_ACCOUNT:-trade-gitops-deployer}"
KUBE_API_SERVER="${KUBE_API_SERVER:-https://149.50.96.162:6443}"
gitea_token() {
cut -d: -f2- "$GITEA_TOKEN_FILE" | head -n1 | tr -d '[:space:]'
}
ssh_sol() {
ssh -i "$SOL_SSH_KEY" -o IdentitiesOnly=yes -o StrictHostKeyChecking=no "$SOL_USER@$SOL_HOST" "$@"
}
API_TOKEN="$(gitea_token)"
if [ -z "$API_TOKEN" ]; then
echo "Gitea API token is empty" >&2
exit 1
fi
CA_DATA="$(ssh_sol "sudo k3s kubectl config view --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}'")"
SA_TOKEN="$(ssh_sol "sudo k3s kubectl -n ${DEPLOY_NAMESPACE} create token ${DEPLOY_SERVICE_ACCOUNT} --duration=8760h")"
if [ -z "$CA_DATA" ] || [ -z "$SA_TOKEN" ]; then
echo "Failed to generate deployer kubeconfig material" >&2
exit 1
fi
KUBECONFIG_B64="$(
cat <<EOF | base64 -w0
apiVersion: v1
kind: Config
clusters:
- cluster:
certificate-authority-data: ${CA_DATA}
server: ${KUBE_API_SERVER}
name: sol
contexts:
- context:
cluster: sol
namespace: default
user: ${DEPLOY_SERVICE_ACCOUNT}
name: sol
current-context: sol
users:
- name: ${DEPLOY_SERVICE_ACCOUNT}
user:
token: ${SA_TOKEN}
EOF
)"
PAYLOAD="$(jq -nc --arg data "$KUBECONFIG_B64" --arg description "k3s deploy kubeconfig for trade-next on sol" '{data:$data,description:$description}')"
curl -fsS \
-X PUT \
-H "Authorization: token ${API_TOKEN}" \
-H "Content-Type: application/json" \
-d "$PAYLOAD" \
"${GITEA_URL}/api/v1/orgs/${ORG}/actions/secrets/${SECRET_NAME}" \
>/dev/null
echo "Organization secret ${ORG}/${SECRET_NAME} updated"