# kubectl create secret generic gitea-update-webhook-token --dry-run=client -o yaml --from-literal=token=`uuid` | kubeseal -o yaml --- apiVersion: bitnami.com/v1alpha1 kind: SealedSecret metadata: creationTimestamp: null name: gitea-update-webhook-token namespace: gitea spec: encryptedData: token: AgAv2wu5eGwLjmj/yLUijCG1NacqONc2dK4URGGkXL6Iqe07u6PDLEovWyfdNmRdTRSXN4UpuA95+u4hk+EM0miEcAdfBqW3vzVq8S0oZxb4v00v1GPYYTXk47KKDi8AT1yHftWczU5ibM87T7w/sOWUoGgYxbO8z49c2UDt1Y665B05PyqK+SXQZfifRA2rBeOP8alL/lhzglh1RMYSe939gnhPbKL9j92zFwt5EtGe5qU56gmTG7ki/hydGusFNYt0K2GtoYJAdYIMwkAT+eRvA143+IhzG2RbjG5jXYkFUSTNtd+TtUczWUiFjnpBI0u6Ybd1maQVf+spFGx1lACHxXTkav5LfZoUi2BDzNWglH2sV6sGS/LcHy64BdyOwHQj3TjpkeP2/TLeJYotuEkp60Srh9P6WNxwLxc3X3I8nLu6Qb77msc5xh6BpdPHkTSMXPOAtRQuQaNufyGW8+oy2cJqWELzzE4cTWtx1ThOb29+mWYhjFFbU6WpuL2q4OiumC+9q03SVJh9DebuTMbqRj+Y55EXbRJQeMaHlBpWkAphWKh279dqZwrCLfzNFfNHiQrotRZnfMqwe6Xp2INwhaZsI4lPqZX47I5ISYpP4ZR5sG7op+dfRZzRvFIqtU9I4uAs9utGE5P86t3BsMKXwcr2zcZ/L3r/s1KHWByfdpbZ16lM+VvDGPUjCVILM+W0Fc1nt78wHDqUMMC5UHhTk+hNOUyGejYBmz6R1FVOT6pvzKw= template: metadata: creationTimestamp: null name: gitea-update-webhook-token namespace: gitea --- apiVersion: v1 kind: Service metadata: name: gitea-update-webhook namespace: gitea spec: internalTrafficPolicy: Cluster ipFamilies: - IPv4 ipFamilyPolicy: SingleStack ports: - port: 12000 protocol: TCP targetPort: 12000 selector: eventsource-name: gitea-update-webhook sessionAffinity: None type: ClusterIP --- apiVersion: argoproj.io/v1alpha1 kind: EventBus metadata: name: default namespace: gitea spec: jetstream: version: latest replicas: 3 persistence: storageClassName: nvme accessMode: ReadWriteOnce volumeSize: 10Gi streamConfig: | maxAge: 24h settings: | max_file_store: 1GB # see default values in argo-events-controller-config startArgs: - "-D" # debug-level logs --- apiVersion: argoproj.io/v1alpha1 kind: EventSource metadata: name: gitea-update-webhook namespace: gitea spec: webhook: gitea-update: port: "12000" endpoint: /gitea-update method: POST authSecret: name: gitea-update-webhook-token key: token --- apiVersion: argoproj.io/v1alpha1 kind: Sensor metadata: name: gitea-update-webhook-sensor namespace: gitea spec: template: serviceAccountName: gitea-update-webhook-sensor-sa dependencies: - name: gitea-update-webhook-received eventSourceName: gitea-update-webhook eventName: gitea-update triggers: - template: name: webhook-job-trigger k8s: operation: create source: resource: apiVersion: batch/v1 kind: Job metadata: generateName: gitea-update-webhook-received- spec: ttlSecondsAfterFinished: 30 template: spec: containers: - name: echo-contents args: - "nodatareceived" command: - echo image: "bash:latest" restartPolicy: OnFailure backoffLimit: 2 parameters: - src: dependencyName: gitea-update-webhook-received dest: spec.template.spec.containers.0.args.0 --- apiVersion: v1 kind: ServiceAccount metadata: name: gitea-update-webhook-sensor-sa namespace: gitea --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: namespace: gitea name: gitea-update-webhook-sensor-k8s-resource-creator-role rules: - apiGroups: ["*"] resources: - "*" verbs: - "*" --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: creationTimestamp: null name: gitea-update-webhook-sensor-resource-creator-rolebinding namespace: gitea roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: gitea-update-webhook-sensor-k8s-resource-creator-role subjects: - kind: ServiceAccount name: gitea-update-webhook-sensor-sa namespace: gitea --- apiVersion: v1 kind: Secret metadata: name: gitea-update-webhook-sensor-sa namespace: gitea annotations: kubernetes.io/service-account.name: gitea-update-webhook-sensor-sa type: kubernetes.io/service-account-token