refactor: bootstrap/infra/ci separation (#27)

- Create bootstrap/ dir: cert-manager, traefik-routes, argo-rollouts, kargo, kargo-*-pipeline (not managed by Kargo promotion) - infra/ now only: gitea, gitea-custom (promoted by Kargo) - ci/ unchanged: gitea-runner (promoted by Kargo) - Split kargo/credentials/ into dev/ and prod/ with separate ksops generators - Remove kargo-credentials from AppSet (managed by Pulumi Go code) - Update infra Warehouse: only gitea (was also argo-rollouts, cert-manager) - Update infra Stage dev: only yaml-update for gitea version - Fix test-env warehouse: valid subscription instead of empty array - Update step numbers: bootstrap 1-5, infra 1-2
2026-03-11 13:18:22 +03:00
parent 4dd68859d8
commit f640de781d
34 changed files with 31 additions and 64 deletions
--- a/kargo/credentials/prod/git-creds-infra.prod.enc.yaml
+++ b/kargo/credentials/prod/git-creds-infra.prod.enc.yaml
@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: github-creds
+    namespace: infra
+    labels:
+        kargo.akuity.io/cred-type: git
+type: Opaque
+stringData:
+    repoURL: https://github.com/Kargones/deploy-app-kargo-private.git
+    username: Kargones
+    password: ENC[AES256_GCM,data:2ucqkKTdxBlW2GCRmr4ZqrZZS2KuIcUCkhyF6/dIy0jGiUTM1iQIiQ==,iv:gTnztDCoZX9rfK6cnnoOOs6WD8mmw6tWr2z9JUkj+sA=,tag:I5OgSmjtAbnXxyhCe7y3GA==,type:str]
+sops:
+    age:
+        - recipient: age1xmnaqlrjzpk5hl7uhel9sehqh7zdz8p59qte2myt97aqd7lyeuxszuess7
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0RVRoa2ZTT2llSitDYlRn
+            RU1RRkVNdnFFZWpMU0ZoU2Q0bGRKVFViZEc4CkdaalppTll1Q0c4T29aYks2a3Nq
+            azBaMWtJL3hyQlFVMFpUTjcrQ3BkU0kKLS0tIC80azJYWnhGZHpwK0lWa1FrS1d4
+            WlFjQk9WZVdoSnhnT1lROFZzUWMxb00KJ6i6Vap1FCYYUcTiNh5dyHbSeyXthtdf
+            iQcMjvZlOgKuHVPmaiXv8Mh+AHNl0RgWN2nNEoa1NPhriGU36ZmVWA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age16p0gwk8vt90vy2gm8jjca8rcyd2drv5526e997ukdelnv5ek8unqm0smuk
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzMUx5UkNBZHlZdVhlaXV3
+            OVNXTitPd2lQQXFoanNjb014ODB3ZUVLRHlvCmdBbkpmaXkzSXZxRFdPZEVubVJC
+            NHpyUDVkVjV5QXRPbnBHNkZhclMzc1UKLS0tIGtWcHZGMEorbFNEeStmSW80WE9N
+            RjRLYkhHMmd6UTNUSkxCUUFvMzVkdTAKJhUHz7PDrJca3OIdXyzXzD86/7tkCSm4
+            Q6q6WbscBBMtclrO5EfbHuzUUNuejFRLjeHjvPCBb5z/i6sp6Pxyuw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-03-11T06:58:02Z"
+    mac: ENC[AES256_GCM,data:KetBMvqfuE4eSrQoKmFJ0fkHHAvxFjQJvm9b9haSODfXDUxZ7DOYlVAVrZzf7L9VYFj7iP+yQeW2cLuV0JRH9+CL6u2GuvtK5WPC82NhRK/I5dEF+x3VIFjc3amr62FEuOjPeLOiAqluPeJ3BscW/Gj6UXKrLgrPzmZZgzzBHb4=,iv:fNbOFcpkAmom0Tf7xeoDfyklWNxIhHANS3WguPtrDK4=,tag:lsbhvAgSWdp+XKPKpGU56Q==,type:str]
+    encrypted_regex: ^(password|token|secret|key|privateKey|admin-password|db-password|passwordHash|tokenSigningKey)$
+    version: 3.12.1