kube-cascade/gitea/webhook.yaml

# kubectl create secret generic gitea-update-webhook-token --dry-run=client -o yaml --from-literal=token=`uuid` | kubeseal -o yaml
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
  creationTimestamp: null
  name: gitea-update-webhook-token
  namespace: gitea
spec:
  encryptedData:
    token: AgAv2wu5eGwLjmj/yLUijCG1NacqONc2dK4URGGkXL6Iqe07u6PDLEovWyfdNmRdTRSXN4UpuA95+u4hk+EM0miEcAdfBqW3vzVq8S0oZxb4v00v1GPYYTXk47KKDi8AT1yHftWczU5ibM87T7w/sOWUoGgYxbO8z49c2UDt1Y665B05PyqK+SXQZfifRA2rBeOP8alL/lhzglh1RMYSe939gnhPbKL9j92zFwt5EtGe5qU56gmTG7ki/hydGusFNYt0K2GtoYJAdYIMwkAT+eRvA143+IhzG2RbjG5jXYkFUSTNtd+TtUczWUiFjnpBI0u6Ybd1maQVf+spFGx1lACHxXTkav5LfZoUi2BDzNWglH2sV6sGS/LcHy64BdyOwHQj3TjpkeP2/TLeJYotuEkp60Srh9P6WNxwLxc3X3I8nLu6Qb77msc5xh6BpdPHkTSMXPOAtRQuQaNufyGW8+oy2cJqWELzzE4cTWtx1ThOb29+mWYhjFFbU6WpuL2q4OiumC+9q03SVJh9DebuTMbqRj+Y55EXbRJQeMaHlBpWkAphWKh279dqZwrCLfzNFfNHiQrotRZnfMqwe6Xp2INwhaZsI4lPqZX47I5ISYpP4ZR5sG7op+dfRZzRvFIqtU9I4uAs9utGE5P86t3BsMKXwcr2zcZ/L3r/s1KHWByfdpbZ16lM+VvDGPUjCVILM+W0Fc1nt78wHDqUMMC5UHhTk+hNOUyGejYBmz6R1FVOT6pvzKw=
  template:
    metadata:
      creationTimestamp: null
      name: gitea-update-webhook-token
      namespace: gitea
---
apiVersion: v1
kind: Service
metadata:
  name: gitea-update-webhook
  namespace: gitea
spec:
  internalTrafficPolicy: Cluster
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - port: 12000
    protocol: TCP
    targetPort: 12000
  selector:
    eventsource-name: gitea-update-webhook
  sessionAffinity: None
  type: ClusterIP
---
apiVersion: argoproj.io/v1alpha1
kind: EventBus
metadata:
  name: default
  namespace: gitea
spec:
  jetstream:
    version: latest
    replicas: 3
    persistence:
      storageClassName: nvme
      accessMode: ReadWriteOnce
      volumeSize: 10Gi
    streamConfig: |
      maxAge: 24h
    settings: |
      max_file_store: 1GB       # see default values in argo-events-controller-config
    startArgs:
      - "-D"                    # debug-level logs
---
apiVersion: argoproj.io/v1alpha1
kind: EventSource
metadata:
  name: gitea-update-webhook
  namespace: gitea
spec:
  webhook:
    gitea-update:
      port: "12000"
      endpoint: /gitea-update
      method: POST
      authSecret:
        name: gitea-update-webhook-token
        key: token
---
apiVersion: argoproj.io/v1alpha1
kind: Sensor
metadata:
  name: gitea-update-webhook-sensor
  namespace: gitea
spec:
  template:
    serviceAccountName: gitea-update-webhook-sensor-sa
  dependencies:
  - name: gitea-update-webhook-received
    eventSourceName: gitea-update-webhook
    eventName: gitea-update
  triggers:
  - template:
      name: webhook-job-trigger
      k8s:
        operation: create
        source:
          resource:
            apiVersion: batch/v1
            kind: Job
            metadata:
              generateName: gitea-update-webhook-received-
            spec:
              ttlSecondsAfterFinished: 30
              template:
                spec:
                  containers:
                  - name: echo-contents
                    args:
                    - "nodatareceived"
                    command:
                    - echo
                    image: "bash:latest"
                  restartPolicy: OnFailure
              backoffLimit: 2
        parameters:
        - src:
            dependencyName: gitea-update-webhook-received
          dest: spec.template.spec.containers.0.args.0
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: gitea-update-webhook-sensor-sa
  namespace: gitea
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: gitea
  name: gitea-update-webhook-sensor-k8s-resource-creator-role
rules:
- apiGroups: ["*"]
  resources:
  - "*"
  verbs:
  - "*"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  creationTimestamp: null
  name: gitea-update-webhook-sensor-resource-creator-rolebinding
  namespace: gitea
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: gitea-update-webhook-sensor-k8s-resource-creator-role
subjects:
- kind: ServiceAccount
  name: gitea-update-webhook-sensor-sa
  namespace: gitea
---
apiVersion: v1
kind: Secret
metadata:
  name: gitea-update-webhook-sensor-sa
  namespace: gitea
  annotations:
    kubernetes.io/service-account.name: gitea-update-webhook-sensor-sa
type: kubernetes.io/service-account-token
add webhooks via argo-events with sample job runner 2024-03-10 20:14:26 +00:00			# kubectl create secret generic gitea-update-webhook-token --dry-run=client -o yaml --from-literal=token=`uuid` \| kubeseal -o yaml
			`---`
			`apiVersion: bitnami.com/v1alpha1`
			`kind: SealedSecret`
			`metadata:`
			`creationTimestamp: null`
			`name: gitea-update-webhook-token`
			`namespace: gitea`
			`spec:`
			`encryptedData:`
			token: AgAv2wu5eGwLjmj/yLUijCG1NacqONc2dK4URGGkXL6Iqe07u6PDLEovWyfdNmRdTRSXN4UpuA95+u4hk+EM0miEcAdfBqW3vzVq8S0oZxb4v00v1GPYYTXk47KKDi8AT1yHftWczU5ibM87T7w/sOWUoGgYxbO8z49c2UDt1Y665B05PyqK+SXQZfifRA2rBeOP8alL/lhzglh1RMYSe939gnhPbKL9j92zFwt5EtGe5qU56gmTG7ki/hydGusFNYt0K2GtoYJAdYIMwkAT+eRvA143+IhzG2RbjG5jXYkFUSTNtd+TtUczWUiFjnpBI0u6Ybd1maQVf+spFGx1lACHxXTkav5LfZoUi2BDzNWglH2sV6sGS/LcHy64BdyOwHQj3TjpkeP2/TLeJYotuEkp60Srh9P6WNxwLxc3X3I8nLu6Qb77msc5xh6BpdPHkTSMXPOAtRQuQaNufyGW8+oy2cJqWELzzE4cTWtx1ThOb29+mWYhjFFbU6WpuL2q4OiumC+9q03SVJh9DebuTMbqRj+Y55EXbRJQeMaHlBpWkAphWKh279dqZwrCLfzNFfNHiQrotRZnfMqwe6Xp2INwhaZsI4lPqZX47I5ISYpP4ZR5sG7op+dfRZzRvFIqtU9I4uAs9utGE5P86t3BsMKXwcr2zcZ/L3r/s1KHWByfdpbZ16lM+VvDGPUjCVILM+W0Fc1nt78wHDqUMMC5UHhTk+hNOUyGejYBmz6R1FVOT6pvzKw=
			`template:`
			`metadata:`
			`creationTimestamp: null`
			`name: gitea-update-webhook-token`
			`namespace: gitea`
			`---`
			`apiVersion: v1`
			`kind: Service`
			`metadata:`
			`name: gitea-update-webhook`
			`namespace: gitea`
			`spec:`
			`internalTrafficPolicy: Cluster`
			`ipFamilies:`
			`- IPv4`
			`ipFamilyPolicy: SingleStack`
			`ports:`
			`- port: 12000`
			`protocol: TCP`
			`targetPort: 12000`
			`selector:`
			`eventsource-name: gitea-update-webhook`
			`sessionAffinity: None`
			`type: ClusterIP`
			`---`
			`apiVersion: argoproj.io/v1alpha1`
			`kind: EventBus`
			`metadata:`
			`name: default`
			`namespace: gitea`
			`spec:`
			`jetstream:`
			`version: latest`
			`replicas: 3`
			`persistence:`
			`storageClassName: nvme`
			`accessMode: ReadWriteOnce`
			`volumeSize: 10Gi`
			`streamConfig: \|`
			`maxAge: 24h`
			`settings: \|`
			`max_file_store: 1GB # see default values in argo-events-controller-config`
			`startArgs:`
			`- "-D" # debug-level logs`
			`---`
			`apiVersion: argoproj.io/v1alpha1`
			`kind: EventSource`
			`metadata:`
			`name: gitea-update-webhook`
			`namespace: gitea`
			`spec:`
			`webhook:`
			`gitea-update:`
			`port: "12000"`
			`endpoint: /gitea-update`
			`method: POST`
			`authSecret:`
			`name: gitea-update-webhook-token`
			`key: token`
			`---`
			`apiVersion: argoproj.io/v1alpha1`
			`kind: Sensor`
			`metadata:`
			`name: gitea-update-webhook-sensor`
			`namespace: gitea`
			`spec:`
			`template:`
			`serviceAccountName: gitea-update-webhook-sensor-sa`
			`dependencies:`
			`- name: gitea-update-webhook-received`
			`eventSourceName: gitea-update-webhook`
			`eventName: gitea-update`
			`triggers:`
			`- template:`
			`name: webhook-job-trigger`
			`k8s:`
			`operation: create`
			`source:`
			`resource:`
			`apiVersion: batch/v1`
			`kind: Job`
			`metadata:`
			`generateName: gitea-update-webhook-received-`
			`spec:`
			`ttlSecondsAfterFinished: 30`
			`template:`
			`spec:`
			`containers:`
			`- name: echo-contents`
			`args:`
			`- "nodatareceived"`
			`command:`
			`- echo`
			`image: "bash:latest"`
			`restartPolicy: OnFailure`
			`backoffLimit: 2`
			`parameters:`
			`- src:`
			`dependencyName: gitea-update-webhook-received`
			`dest: spec.template.spec.containers.0.args.0`
			`---`
			`apiVersion: v1`
			`kind: ServiceAccount`
			`metadata:`
			`name: gitea-update-webhook-sensor-sa`
			`namespace: gitea`
			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: Role`
			`metadata:`
			`namespace: gitea`
			`name: gitea-update-webhook-sensor-k8s-resource-creator-role`
			`rules:`
			`- apiGroups: ["*"]`
			`resources:`
			`- "*"`
			`verbs:`
			`- "*"`
			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: RoleBinding`
			`metadata:`
			`creationTimestamp: null`
			`name: gitea-update-webhook-sensor-resource-creator-rolebinding`
			`namespace: gitea`
			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
			`kind: Role`
			`name: gitea-update-webhook-sensor-k8s-resource-creator-role`
			`subjects:`
			`- kind: ServiceAccount`
			`name: gitea-update-webhook-sensor-sa`
			`namespace: gitea`
			`---`
			`apiVersion: v1`
			`kind: Secret`
			`metadata:`
			`name: gitea-update-webhook-sensor-sa`
			`namespace: gitea`
			`annotations:`
			`kubernetes.io/service-account.name: gitea-update-webhook-sensor-sa`
			`type: kubernetes.io/service-account-token`