---
# Woodpecker server configuration
woodpecker:
  server:
    image:
      repository: woodpeckerci/woodpecker-server
      tag: v1.0.3  # Use a specific version instead of 'latest'
    replicaCount: 2  # Run multiple replicas for high availability
    service:
      type: ClusterIP
      port: 8000
    ingress:
      enabled: true
      annotations:
        kubernetes.io/ingress.class: nginx
        cert-manager.io/cluster-issuer: "letsencrypt-prod"
      hosts:
        - host: woodpecker.example.com
          paths:
            - path: /
      tls:
        - secretName: woodpecker-tls
          hosts:
            - woodpecker.example.com
    env:
      WOODPECKER_OPEN: "false"  # Disable open registration for production
      WOODPECKER_HOST: "https://woodpecker.example.com"  # Use HTTPS
      WOODPECKER_GITHUB: "true"
      WOODPECKER_GITHUB_CLIENT: "{{ .Env.WOODPECKER_GITHUB_CLIENT }}"
      WOODPECKER_GITHUB_SECRET: "{{ .Env.WOODPECKER_GITHUB_SECRET }}"
      WOODPECKER_AGENT_SECRET: "{{ .Env.WOODPECKER_AGENT_SECRET }}"
      WOODPECKER_GRPC_SECRET: "{{ .Env.WOODPECKER_GRPC_SECRET }}"
      WOODPECKER_GRPC_ADDR: ":9000"
      WOODPECKER_SERVER_ADDR: ":8000"
      WOODPECKER_METRICS_SERVER_ADDR: ":9001"
      WOODPECKER_ADMIN: "{{ .Env.WOODPECKER_ADMIN }}"
      WOODPECKER_DATABASE_DRIVER: "postgres"
      WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Env.POSTGRES_USER }}:{{ .Env.POSTGRES_PASSWORD }}@postgresql:5432/woodpecker?sslmode=require"
    resources:
      requests:
        cpu: 200m
        memory: 256Mi
      limits:
        cpu: 500m
        memory: 512Mi

# Woodpecker agent configuration
agent:
  image:
    repository: woodpeckerci/woodpecker-agent
    tag: v1.0.3  # Use a specific version instead of 'latest'
  replicaCount: 3  # Run multiple agents for better parallelism
  env:
    WOODPECKER_SERVER: "woodpecker-server:9000"
    WOODPECKER_AGENT_SECRET: "{{ .Env.WOODPECKER_AGENT_SECRET }}"
    WOODPECKER_BACKEND: "kubernetes"
    WOODPECKER_BACKEND_K8S_NAMESPACE: "ci"
    WOODPECKER_BACKEND_K8S_VOLUME_SIZE: "20Gi"  # Increased volume size
    WOODPECKER_BACKEND_K8S_STORAGE_CLASS: "managed-premium"  # Use a production-grade storage class
    WOODPECKER_BACKEND_K8S_STORAGE_RWX: "true"
    WOODPECKER_BACKEND_K8S_POD_LABELS: '{"app":"woodpecker-job"}'
    WOODPECKER_BACKEND_K8S_POD_ANNOTATIONS: '{"prometheus.io/scrape":"true","prometheus.io/port":"9000"}'
    WOODPECKER_BACKEND_K8S_POD_NODE_SELECTOR: '{"kubernetes.io/os":"linux"}'
    WOODPECKER_BACKEND_K8S_SECCTX_NONROOT: "true"
    WOODPECKER_BACKEND_K8S_PULL_SECRET_NAMES: "woodpecker-pull-secret"
  resources:
    requests:
      cpu: 200m
      memory: 256Mi
    limits:
      cpu: 1
      memory: 1Gi

# PostgreSQL configuration
postgresql:
  enabled: true
  postgresqlUsername: "{{ .Env.POSTGRES_USER }}"
  postgresqlPassword: "{{ .Env.POSTGRES_PASSWORD }}"
  postgresqlDatabase: "woodpecker"
  persistence:
    enabled: true
    size: 20Gi
    storageClass: "managed-premium"  # Use a production-grade storage class
  resources:
    requests:
      cpu: 100m
      memory: 256Mi
    limits:
      cpu: 500m
      memory: 1Gi

# Prometheus integration
metrics:
  serviceMonitor:
    enabled: true
    namespace: monitoring
    interval: 15s
    scrapeTimeout: 14s
    selector:
      release: prometheus

# Logging integration
logging:
  fluentd:
    enabled: true
    config:
      logLevel: info
      fluentdAddress: fluentd.logging:24224