GHP publish

roles/drone/defaults/main.yaml

@@ -0,0 +1,50 @@
+drone_enabled: true
+drone_publish: false
+drone_use_external_db: true
+drone_default_values:
+  service:
+    type: ClusterIP
+    port: 80
+  ingress:
+    enabled: true
+    annotations:
+      kubernetes.io/ingress.class: "{{ external_ingress_class if drone_publish else internal_ingress_class }}"
+      cert-manager.io/cluster-issuer: "letsencrypt-prod"
+      cert-manager.io/acme-dns01-provider: "rfc2136"
+      cert-manager.io/acme-challenge-type: "dns01"
+    hosts:
+      - host: "drone.{{ domain }}"
+        paths:
+          - "/"
+    tls:
+     - secretName: "drone.{{ domain }}-tls"
+       hosts:
+         - "drone.{{ domain }}"
+  persistentVolume:
+    enabled: true
+    accessModes:
+      - "{{ drone_storage_mode | default('ReadWriteMany') }}"
+    mountPath: /data
+    size: "{{ drone_size | default('8Gi') }}"
+    storageClass: "{{ drone_storage | default('nfs-ssd') }}"
+  env:
+    DRONE_SERVER_HOST: "drone.{{ domain }}"
+    DRONE_SERVER_PROTO: https
+    DRONE_RPC_SECRET: "{{ drone_rpc_secret | default(omit) }}"
+    DRONE_DATABASE_DRIVER: "postgres"
+    DRONE_DATABASE_DATASOURCE: "postgres://{{ drone_db_username }}:{{ drone_db_password }}@{{ postgres_db_team | default(namespace) }}-postgres.{{ postgres_db_namespace | default(namespace) }}.svc.cluster.local:5432/drone?sslmode=disable"
+    DRONE_DATABASE_SECRET: "{{ drone_database_secret | default(omit) }}"
+    DRONE_GITEA_CLIENT_ID: "{{ drone_gitea_client_id | default(omit) }}"
+    DRONE_GITEA_CLIENT_SECRET: "{{ drone_gitea_client_secret | default(omit) }}"
+    DRONE_GITEA_SERVER: "https://gitea.{{ domain }}"
+
+drone_runner_kube_default_values:
+  rbac:
+    buildNamespaces:
+      - "{{ drone_namespace | default(namespace) }}"
+  env:
+    DRONE_RPC_SECRET: "{{ drone_rpc_secret }}"
+    DRONE_RPC_HOST: "drone.{{ domain }}"
+    DRONE_RPC_PROTO: https
+    DRONE_NAMESPACE_DEFAULT: "{{ drone_namespace | default(namespace) }}"
+

roles/drone/tasks/main.yaml

@@ -0,0 +1,31 @@
+- name: Import secret.yaml to obtain secrets
+  include_tasks: secrets.yaml
+  when:
+    - drone_use_external_db
+    - postgres_enable
+
+- set_fact:
+    drone_combined_values: "{{ drone_default_values | combine(drone_values, recursive=true) }}"
+
+- set_fact:
+    drone_runner_kube_combined_values: "{{ drone_runner_kube_default_values | combine(drone_runner_kube_values, recursive=true) }}"
+    
+- name: Deploy Drone Server
+  community.kubernetes.helm:
+    create_namespace: true
+    release_namespace: "{{ drone_namespace | default(namespace) }}"
+    release_name: "{{ drone_name | default('drone') }}"
+    chart_ref: "{{ drone_chart | default('drone/drone') }}"
+    chart_version: "{{ drone_version | default(omit) }}"
+    release_values: "{{ drone_combined_values | from_yaml }}"
+    wait: true
+
+- name: Deploy Drone Runner Kube
+  community.kubernetes.helm:
+    create_namespace: true
+    release_namespace: "{{ drone_runner_kube_namespace | default(namespace) }}"
+    release_name: "{{ drone_runner_kube_name | default('drone-runner-kube') }}"
+    chart_ref: "{{ drone_runner_kube_chart | default('drone/drone-runner-kube') }}"
+    chart_version: "{{ drone_runner_kube_version | default(omit) }}"
+    release_values: "{{ drone_runner_kube_combined_values | from_yaml }}"
+    wait: true

roles/drone/tasks/secrets.yaml

@@ -0,0 +1,25 @@
+- block:
+  - name: Set DB namespace for secret lookup
+    set_fact:
+      db_namespace: "{{ drone_db_namespace | default(postgres_db_namespace) | default(postgres_namespace) | default(postgres_operator_namespace) | default(namespace) }}"
+
+  - name: Set DB secret name for lookup
+    set_fact:
+      db_secret_name: "drone.{{ postgres_db_team | default(namespace) }}-postgres.credentials.postgresql.acid.zalan.do"
+
+  - name: Lookup Drone DB secret
+    set_fact:
+      drone_db_secret: "{{ lookup('k8s', kind='Secret', namespace=db_namespace, resource_name=db_secret_name) }}"
+
+  - debug:
+      msg: "{{ drone_db_secret }}"
+      verbosity: 2
+
+  - name: Set Drone DB username
+    set_fact:
+      drone_db_username: "{{ drone_db_secret.data.username | b64decode }}"
+
+  - name: Set Drone DB password
+    set_fact:
+      drone_db_password: "{{ drone_db_secret.data.password | b64decode }}"
+