ansible-role-k8s-ci/tasks/main.yml

---
- name: Gitea setup
  block:
  - name: Install Gitea dynamic files
    k8s:
      state: present
      context: "{{ my_context }}"
      merge_type: merge
      resource_definition: "{{ lookup('template', 'gitea/' + item) | from_yaml }}"
    with_items:
      - gitea-Namespace.yaml.j2
      - gitea-pvc.yml.j2
      - gitea-IngressRoute.yml.j2
#      - gitea-IngressRouteTCP.yml.j2
#  - name: Install Gitea static files
#    k8s:
#      state: present
#      context: "{{ my_context }}"
#      merge_type: merge
#      resource_definition: "{{ lookup('file', 'gitea/' + item) | from_yaml }}"
#    with_items:
#      - gitea-ConfigMap.yaml
#      - gitea-Deployment.yaml
#      - gitea-Service.yaml

  - name: Defined gitea repository
    kubernetes.core.helm_repository:
      name: gitea-charts
      repo_url: "https://dl.gitea.io/charts"
  - name: Deploy latest version of Gitea
    kubernetes.core.helm:
      context: "{{ my_context }}"
      name: gitea
      chart_ref: gitea-charts/gitea
      release_namespace: "{{ gitea_namespace }}"
      values: "{{ lookup('template', 'gitea/helm-value.yaml.j2') | from_yaml }}"
  tags:
    - gitea

- name: Drone setup
  block:
  - name: Defined drone repository
    kubernetes.core.helm_repository:
      name: drone
      repo_url: "https://charts.drone.io"
    tags:
      - drone-server
      - drone-runner
      - drone

  - name: Drone install
    kubernetes.core.helm:
      context: "{{ my_context }}"
      name: drone
      chart_ref: drone/drone
      release_namespace: "{{ drone_namespace }}"
      create_namespace: yes
      values: "{{ lookup('template', 'drone-helm-value.yaml.j2') | from_yaml }}"
    tags:
      - drone-server
      - drone

  - name: Drone Runner install
    kubernetes.core.helm:
      context: "{{ my_context }}"
      name: drone
      chart_ref: drone/drone-runner-kube
      release_namespace: "{{ drone_runner_namespace }}"
      create_namespace: yes
      values: "{{ lookup('template', 'drone-runner-helm-value.yaml.j2') | from_yaml }}"
    tags:
      - drone-runner
      - drone

# https://github.com/aquasecurity/trivy/tree/main/helm/trivy
- name: Trivy Setup
  block:
#  - name: Git clone stable repo on HEAD
#    ansible.builtin.git:
#      repo: "https://github.com/aquasecurity/trivy.git"
#      dest: tmp/trivy
#      version: "{{ trivy_version }}"
  - name: Defined trivy repository
    kubernetes.core.helm_repository:
      name: aquasecurity
      repo_url: "https://aquasecurity.github.io/helm-charts/"
  - name: Deploy trivy chart
    kubernetes.core.helm:
      state: present
      name: trivy
      context: "{{ my_context }}"
      chart_ref: aquasecurity/trivy
      release_namespace: "{{ trivy_namespace }}"
      create_namespace: true
#      values:
#        image:
#          tag: "{{ trivy_version }}"
#        persistence:
#          storageClass: "{{ trivy_storage_classname }}"
#        trivy:
#          gitHubToken: ""
#          cache:
#            redis:
#              enabled: false
#              url: "" # e.g. redis://redis.redis.svc:6379
#        ingress:
#          enabled: false
#          annotations: {}
#            # kubernetes.io/ingress.class: traefik
#          hosts:
#            - host: trivy.{{ traefik_domain }}

  tags:
    - trivy

#- name: Registry setup
#  block:
#  - name: Defined Registry repository
#    kubernetes.core.helm_repository:
#      name: cesanta
#      repo_url: "https://cesanta.github.io/docker_auth/"
#  - name: Deploy latest version of Registry
#    kubernetes.core.helm:
#      context: "{{ my_context }}"
#      name: docker-auth
#      chart_ref: cesanta/docker-auth
#      release_namespace: "{{ registry_namespace }}"
#      values: "{{ lookup('template', 'helm-value.yaml.j2') | from_yaml }}"
#  tags:
#    - registry

# https://github.com/helm/chartmuseum
# https://artifacthub.io/packages/helm/chartmuseum/chartmuseum
- name: ChartMuseum Setup
  block:
  - name: Defined ChartMuseum repository
    kubernetes.core.helm_repository:
      name: chartmuseum
      repo_url: "https://chartmuseum.github.io/charts"
  - name: Deploy trivy chart from local path
    kubernetes.core.helm:
      state: present
      name: chartmuseum
      context: "{{ my_context }}"
      chart_ref: chartmuseum/chartmuseum
      release_namespace: "{{ chartmuseum_namespace }}"
      create_namespace: true
      values:
        persistence:
          enabled: true
#          path: "/storage"
#          storageClass:
          accessMode: ReadWriteOnce
          size: 2Gi
        env:
          open:
            STORAGE: local
        extraArgs: []
        ingress:
          enabled: true
          annotations: {}
          labels: {}
          hosts[0]:
            name: chartmuseum.{{ traefik_domain }}

  tags:
    - chartmuseum