From a4aad68ee6fbf477004551828a2ec0ecf01aa75c Mon Sep 17 00:00:00 2001
From: Julian Vollmer <julianvollmer@gmail.com>
Date: Mon, 26 Jan 2026 17:10:24 +0100
Subject: [PATCH] pipeline #5

---
 .gitea/workflows/deploy.yml | 92 +++++--------------------------------
 1 file changed, 12 insertions(+), 80 deletions(-)

diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index 7636587..7b83e17 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -109,65 +109,31 @@ jobs:
         echo "📦 Image: ${IMAGE_NAME}"
 
     - name: Setup kubectl
-      run: |
-        # Download kubectl directly to avoid permission issues
-        curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
-        chmod +x kubectl
-        sudo mv kubectl /usr/local/bin/
-        kubectl version --client
+      uses: azure/setup-kubectl@v3
+      with:
+        version: 'latest'
 
     - name: Configure kubectl
-      env:
-        KUBECTLSECRET: ${{ secrets.KUBECTLSECRET }}
       run: |
         mkdir -p ~/.kube
 
         echo "🔍 Debugging KUBECTLSECRET..."
-        SECRET_LENGTH=${#KUBECTLSECRET}
-        echo "Secret length: $SECRET_LENGTH"
-
-        # Check if secret is empty
-        if [ "$SECRET_LENGTH" -eq 0 ]; then
-          echo "❌ ERROR: KUBECTLSECRET is empty!"
-          echo "Please configure the KUBECTLSECRET in Gitea repository secrets."
-          echo "Steps:"
-          echo "1. Run: cat ~/.kube/config | base64 -w 0"
-          echo "2. Copy the output"
-          echo "3. Add it as 'KUBECTLSECRET' secret in Gitea"
-          exit 1
-        fi
+        echo "Secret length: ${#KUBECTLSECRET}"
 
         # Try to decode as base64 first, if that fails, use as plain text
-        if echo "$KUBECTLSECRET" | base64 -d > ~/.kube/config 2>/dev/null; then
+        if echo "${{ secrets.KUBECTLSECRET }}" | base64 -d > ~/.kube/config 2>/dev/null; then
           echo "✅ KUBECTLSECRET decoded as base64"
         else
           echo "⚠️  KUBECTLSECRET is not base64, using as plain text"
-          echo "$KUBECTLSECRET" > ~/.kube/config
+          echo "${{ secrets.KUBECTLSECRET }}" > ~/.kube/config
         fi
 
         echo "📁 kubeconfig created at ~/.kube/config"
         chmod 600 ~/.kube/config
-        
-        # Validate kubeconfig
-        if [ ! -s ~/.kube/config ]; then
-          echo "❌ ERROR: kubeconfig file is empty!"
-          exit 1
-        fi
-        
-        # Add insecure-skip-tls-verify to handle self-signed certificates
-        echo "🔧 Configuring TLS settings for self-signed certificates..."
-        CURRENT_CONTEXT=$(kubectl config current-context)
-        CLUSTER_NAME=$(kubectl config view -o jsonpath="{.contexts[?(@.name=='$CURRENT_CONTEXT')].context.cluster}")
-        kubectl config set-cluster "$CLUSTER_NAME" --insecure-skip-tls-verify=true
-        
-        echo "✅ kubeconfig validation and TLS configuration completed"
 
     - name: Test kubectl connection
       run: |
         kubectl version --client
-        echo "Testing cluster connection..."
-        kubectl cluster-info
-        echo "Testing node access..."
         kubectl get nodes
 
     - name: Deploy Feature Branch
@@ -347,65 +313,31 @@ jobs:
         echo "📦 Latest: ${LATEST_IMAGE}"
 
     - name: Setup kubectl
-      run: |
-        # Download kubectl directly to avoid permission issues
-        curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
-        chmod +x kubectl
-        sudo mv kubectl /usr/local/bin/
-        kubectl version --client
+      uses: azure/setup-kubectl@v3
+      with:
+        version: 'latest'
 
     - name: Configure kubectl
-      env:
-        KUBECTLSECRET: ${{ secrets.KUBECTLSECRET }}
       run: |
         mkdir -p ~/.kube
 
         echo "🔍 Debugging KUBECTLSECRET..."
-        SECRET_LENGTH=${#KUBECTLSECRET}
-        echo "Secret length: $SECRET_LENGTH"
-
-        # Check if secret is empty
-        if [ "$SECRET_LENGTH" -eq 0 ]; then
-          echo "❌ ERROR: KUBECTLSECRET is empty!"
-          echo "Please configure the KUBECTLSECRET in Gitea repository secrets."
-          echo "Steps:"
-          echo "1. Run: cat ~/.kube/config | base64 -w 0"
-          echo "2. Copy the output"
-          echo "3. Add it as 'KUBECTLSECRET' secret in Gitea"
-          exit 1
-        fi
+        echo "Secret length: ${#KUBECTLSECRET}"
 
         # Try to decode as base64 first, if that fails, use as plain text
-        if echo "$KUBECTLSECRET" | base64 -d > ~/.kube/config 2>/dev/null; then
+        if echo "${{ secrets.KUBECTLSECRET }}" | base64 -d > ~/.kube/config 2>/dev/null; then
           echo "✅ KUBECTLSECRET decoded as base64"
         else
           echo "⚠️  KUBECTLSECRET is not base64, using as plain text"
-          echo "$KUBECTLSECRET" > ~/.kube/config
+          echo "${{ secrets.KUBECTLSECRET }}" > ~/.kube/config
         fi
 
         echo "📁 kubeconfig created at ~/.kube/config"
         chmod 600 ~/.kube/config
-        
-        # Validate kubeconfig
-        if [ ! -s ~/.kube/config ]; then
-          echo "❌ ERROR: kubeconfig file is empty!"
-          exit 1
-        fi
-        
-        # Add insecure-skip-tls-verify to handle self-signed certificates
-        echo "🔧 Configuring TLS settings for self-signed certificates..."
-        CURRENT_CONTEXT=$(kubectl config current-context)
-        CLUSTER_NAME=$(kubectl config view -o jsonpath="{.contexts[?(@.name=='$CURRENT_CONTEXT')].context.cluster}")
-        kubectl config set-cluster "$CLUSTER_NAME" --insecure-skip-tls-verify=true
-        
-        echo "✅ kubeconfig validation and TLS configuration completed"
 
     - name: Test kubectl connection
       run: |
         kubectl version --client
-        echo "Testing cluster connection..."
-        kubectl cluster-info
-        echo "Testing node access..."
         kubectl get nodes
 
     - name: Deploy to Production