feat: initial codebase

applications/woodpecker/helmfile.yaml

@@ -0,0 +1,12 @@
+---
+repositories:
+  - name: woodpecker
+    url: https://woodpecker-ci.org/helm-charts
+
+releases:
+  - name: woodpecker
+    namespace: ci
+    chart: woodpecker/woodpecker
+    version: 1.0.3
+    values:
+      - values.yaml

applications/woodpecker/values.yaml

@@ -0,0 +1,108 @@
+---
+# Woodpecker server configuration
+woodpecker:
+  server:
+    image:
+      repository: woodpeckerci/woodpecker-server
+      tag: v1.0.3  # Use a specific version instead of 'latest'
+    replicaCount: 2  # Run multiple replicas for high availability
+    service:
+      type: ClusterIP
+      port: 8000
+    ingress:
+      enabled: true
+      annotations:
+        kubernetes.io/ingress.class: nginx
+        cert-manager.io/cluster-issuer: "letsencrypt-prod"
+      hosts:
+        - host: woodpecker.example.com
+          paths:
+            - path: /
+      tls:
+        - secretName: woodpecker-tls
+          hosts:
+            - woodpecker.example.com
+    env:
+      WOODPECKER_OPEN: "false"  # Disable open registration for production
+      WOODPECKER_HOST: "https://woodpecker.example.com"  # Use HTTPS
+      WOODPECKER_GITHUB: "true"
+      WOODPECKER_GITHUB_CLIENT: "{{ .Env.WOODPECKER_GITHUB_CLIENT }}"
+      WOODPECKER_GITHUB_SECRET: "{{ .Env.WOODPECKER_GITHUB_SECRET }}"
+      WOODPECKER_AGENT_SECRET: "{{ .Env.WOODPECKER_AGENT_SECRET }}"
+      WOODPECKER_GRPC_SECRET: "{{ .Env.WOODPECKER_GRPC_SECRET }}"
+      WOODPECKER_GRPC_ADDR: ":9000"
+      WOODPECKER_SERVER_ADDR: ":8000"
+      WOODPECKER_METRICS_SERVER_ADDR: ":9001"
+      WOODPECKER_ADMIN: "{{ .Env.WOODPECKER_ADMIN }}"
+      WOODPECKER_DATABASE_DRIVER: "postgres"
+      WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Env.POSTGRES_USER }}:{{ .Env.POSTGRES_PASSWORD }}@postgresql:5432/woodpecker?sslmode=require"
+    resources:
+      requests:
+        cpu: 200m
+        memory: 256Mi
+      limits:
+        cpu: 500m
+        memory: 512Mi
+
+# Woodpecker agent configuration
+agent:
+  image:
+    repository: woodpeckerci/woodpecker-agent
+    tag: v1.0.3  # Use a specific version instead of 'latest'
+  replicaCount: 3  # Run multiple agents for better parallelism
+  env:
+    WOODPECKER_SERVER: "woodpecker-server:9000"
+    WOODPECKER_AGENT_SECRET: "{{ .Env.WOODPECKER_AGENT_SECRET }}"
+    WOODPECKER_BACKEND: "kubernetes"
+    WOODPECKER_BACKEND_K8S_NAMESPACE: "ci"
+    WOODPECKER_BACKEND_K8S_VOLUME_SIZE: "20Gi"  # Increased volume size
+    WOODPECKER_BACKEND_K8S_STORAGE_CLASS: "managed-premium"  # Use a production-grade storage class
+    WOODPECKER_BACKEND_K8S_STORAGE_RWX: "true"
+    WOODPECKER_BACKEND_K8S_POD_LABELS: '{"app":"woodpecker-job"}'
+    WOODPECKER_BACKEND_K8S_POD_ANNOTATIONS: '{"prometheus.io/scrape":"true","prometheus.io/port":"9000"}'
+    WOODPECKER_BACKEND_K8S_POD_NODE_SELECTOR: '{"kubernetes.io/os":"linux"}'
+    WOODPECKER_BACKEND_K8S_SECCTX_NONROOT: "true"
+    WOODPECKER_BACKEND_K8S_PULL_SECRET_NAMES: "woodpecker-pull-secret"
+  resources:
+    requests:
+      cpu: 200m
+      memory: 256Mi
+    limits:
+      cpu: 1
+      memory: 1Gi
+
+# PostgreSQL configuration
+postgresql:
+  enabled: true
+  postgresqlUsername: "{{ .Env.POSTGRES_USER }}"
+  postgresqlPassword: "{{ .Env.POSTGRES_PASSWORD }}"
+  postgresqlDatabase: "woodpecker"
+  persistence:
+    enabled: true
+    size: 20Gi
+    storageClass: "managed-premium"  # Use a production-grade storage class
+  resources:
+    requests:
+      cpu: 100m
+      memory: 256Mi
+    limits:
+      cpu: 500m
+      memory: 1Gi
+
+# Prometheus integration
+metrics:
+  serviceMonitor:
+    enabled: true
+    namespace: monitoring
+    interval: 15s
+    scrapeTimeout: 14s
+    selector:
+      release: prometheus
+
+# Logging integration
+logging:
+  fluentd:
+    enabled: true
+    config:
+      logLevel: info
+      fluentdAddress: fluentd.logging:24224