#!/usr/bin/env bash set -euo pipefail ORG="${ORG:-trade-next}" SECRET_NAME="${SECRET_NAME:-K3S_KUBECONFIG_B64}" GITEA_URL="${GITEA_URL:-https://gitea.mpabi.pl}" GITEA_TOKEN_FILE="${GITEA_TOKEN_FILE:-/home/user/dev/mcp/tools/tokens/gitea.token}" SOL_HOST="${SOL_HOST:-149.50.96.162}" SOL_USER="${SOL_USER:-user}" SOL_SSH_KEY="${SOL_SSH_KEY:-/home/user/dev/mcp/keys/mpabi/mevnode_mcp}" DEPLOY_NAMESPACE="${DEPLOY_NAMESPACE:-gitea-actions}" DEPLOY_SERVICE_ACCOUNT="${DEPLOY_SERVICE_ACCOUNT:-trade-gitops-deployer}" KUBE_API_SERVER="${KUBE_API_SERVER:-https://149.50.96.162:6443}" gitea_token() { cut -d: -f2- "$GITEA_TOKEN_FILE" | head -n1 | tr -d '[:space:]' } ssh_sol() { ssh -i "$SOL_SSH_KEY" -o IdentitiesOnly=yes -o StrictHostKeyChecking=no "$SOL_USER@$SOL_HOST" "$@" } API_TOKEN="$(gitea_token)" if [ -z "$API_TOKEN" ]; then echo "Gitea API token is empty" >&2 exit 1 fi CA_DATA="$(ssh_sol "sudo k3s kubectl config view --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}'")" SA_TOKEN="$(ssh_sol "sudo k3s kubectl -n ${DEPLOY_NAMESPACE} create token ${DEPLOY_SERVICE_ACCOUNT} --duration=8760h")" if [ -z "$CA_DATA" ] || [ -z "$SA_TOKEN" ]; then echo "Failed to generate deployer kubeconfig material" >&2 exit 1 fi KUBECONFIG_B64="$( cat </dev/null echo "Organization secret ${ORG}/${SECRET_NAME} updated"