From 4af760bde626c8bbbb899e5328a22af9cc26944a Mon Sep 17 00:00:00 2001 From: jordan Date: Tue, 10 Feb 2026 17:47:49 -0700 Subject: [PATCH] fix: inline kubeconfig, use raw token secret --- .woodpecker.yml | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/.woodpecker.yml b/.woodpecker.yml index f94c0b4..7bff520 100644 --- a/.woodpecker.yml +++ b/.woodpecker.yml @@ -26,11 +26,31 @@ steps: deploy: image: bitnami/kubectl:latest environment: - KUBECONFIG_B64: - from_secret: kubeconfig + K8S_TOKEN: + from_secret: k8s_token commands: - - mkdir -p ~/.kube - - echo "$KUBECONFIG_B64" | base64 -d > ~/.kube/config + - | + cat > ~/.kube/config <<'KUBECONFIG' + apiVersion: v1 + kind: Config + clusters: + - cluster: + certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVMVENDQXBXZ0F3SUJBZ0lSQVAzQTUzV0s3NVRhb2F4ZzgyZ3ljTXN3RFFZSktvWklodmNOQVFFTEJRQXcKTHpFdE1Dc0dBMVVFQXhNa1lUQmpZbVprTUdZdE5XUTRaQzAwTVdOakxUZzRNMk10T0ROak1qTXpPVFEwWTJFMQpNQ0FYRFRJMU1EY3hNakF5TVRVek5sb1lEekl3TlRVd056QTFNRE14TlRNMldqQXZNUzB3S3dZRFZRUURFeVJoCk1HTmlabVF3WmkwMVpEaGtMVFF4WTJNdE9EZ3pZeTA0TTJNeU16TTVORFJqWVRVd2dnR2lNQTBHQ1NxR1NJYjMKRFFFQkFRVUFBNElCandBd2dnR0tBb0lCZ1FDZllyMCtqdjA2S2VsZVUwcTRzaGxDaDdTMVVOempYc2MvNGlJLwpQc3hQTExUTmMyb3hnZm9NL2FkWm1HbkVqb01hbThSQ2FIQW1PQ2g5SFlZOW5Vb0JJQVI2V051WkhmSWtyYjM1ClJYSURaV1dqaUhtaHFyc2lJL1BtYlVORGJ3bTNmU1VyY3pVYzVabWkvTHBGYnBVeTFuQnA2SDlpUUU5QWRUdTUKZGdRNmY0RGhnK1RUeVVjMU9tenVJRHIwNVRQbW9oNHEwelN4NGtkSTJOWGNGNTg2WHpVWVBSQVhQV3FmN09kegoxWTY5aW9GQUJpWDRZbTBYK2l1aWw1c0J3dFBnenJ6aSthT3B6ZzJyZlUwQ2RrSmp2cmpUUkI3KzFsVWpXMGFTCmtpakUwY3hGbFBHRDdNOWhkSUFPUUFkeHNXUE5LSHJhLzF2UmVLQkhNem5ub1gxdytVcTdMOUN6aGR4QVJJTGgKajRDSXpVcGtqZkJSTFpRaEhXUUlPMXNJY0ZDc0hjQzc5UVdFNEZDajlLU3RCMGI5MDRUcjF4c3lFRTY0MDZtYgp2L3h0am5jRktHM2ZBc3ArSFhvQ1M3WC9rVmFoYnNnMkUySVo3dTFZNXh0eVlvQ3VwdC9JTlV4dEl6VXI3Nnk2CmtVNDhDcEdBQ1BaY1M4USt2V0tSUFUvMWRJc0NBd0VBQWFOQ01FQXdEZ1lEVlIwUEFRSC9CQVFEQWdJRU1BOEcKQTFVZEV3RUIvd1FGTUFNQkFmOHdIUVlEVlIwT0JCWUVGRXhmblhRRFNsc2ZTRzVveDhjK2Y5TWpuWWVOTUEwRwpDU3FHU0liM0RRRUJDd1VBQTRJQmdRQ1FNSStJZGhiTmsydHRzakdBS1lXcGpXRExXT1d5K2ZRWlA2VktBNWhmCkhxTEU5RmNQNEpSNXUybHU2cThmUUxIZ0tQaW9ZNkR3ellLTWVEeVUwcEgxbm9CbDltRGw3aW5jSDBJd2hxR2wKL0dPNWs4ZmNqam5CaHZmSU1mN0g4SW5NL1BvVDcwVUwwc2xabXFpc3B4SlFkYU5IajFuNkVyeGhOUWlLcFNIZApoZVVZOHdSSWNZMld2Z3Y4ZWIvK2o2YVZROHN0cXRQQTJhQy90dkxNN2wyUjg0R3VWdU82Rm90VzlNWFJMYW9XCncrZUhnK0xtbU1NSGFlMm1DcndZNWY3RHNBdUd5UlJaYmUyL2J3UWs0d2NFU3ZqcEdNaTdJMnRiOWlJNW13NlMKRC9GS1RFMmpaNXl5REVZWmQ3dDd6ZDZYRG02VUFFa2d4NXpUVERTaDUrbFdUVFJNaU9hRVhlck9Cb255WjBZZgpCTUVKakRpREV4THRJUktWSndWR05OWlRER2pQdEZEeDZWUy9ZTzUyemRmWjcwUGtyaWFNLzM4VUJkTFUvbjJTClRFWGU2ekhnN05kMWIzWHJ6Vkh6QStRSit3T2x3dUxpUmgxaEJNRy95YThaanV2RDI1Y2NjeWhpemNkYlBXWnQKT0g2RVE5SDRkV0NpT1R3SHZ3d3pnS2c9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + server: https://34.132.120.94 + name: gke-cluster + contexts: + - context: + cluster: gke-cluster + user: deployer + namespace: projects + name: gke-cluster + current-context: gke-cluster + users: + - name: deployer + user: + token: TOKEN_PLACEHOLDER + KUBECONFIG + - sed -i "s/TOKEN_PLACEHOLDER/$K8S_TOKEN/" ~/.kube/config - kubectl set image deployment/research-notes web=registry.threesix.ai/research-notes/web:${CI_COMMIT_SHA:0:8} -n projects - kubectl rollout status deployment/research-notes -n projects --timeout=120s when: