fix

share/organisation/stages.tf

@@ -64,6 +64,59 @@ resource "kubernetes_secret" "docker-config" {
   }
 }
 
+resource "kubernetes_secret_v1" "ci-git-secret" {
+  count = var.haveGitea&&var.haveFlux?length(local.sorted-stages):0
+  metadata {
+    name = "ssh-credentials-flux"
+    namespace = "${local.sorted-stages[count.index].namespace}"
+  }
+  data = {
+    "identity" = data.kubernetes_secret_v1.ssh-creds-read[count.index].data["ssh-privatekey"]
+    "known_hosts" = data.local_file.known_host[0].content
+  }
+}
+
+resource "kubectl_manifest" "ci-git-repo" {
+  count = var.haveGitea&&var.haveFlux?length(local.sorted-stages):0
+  yaml_body  = <<-EOF
+    apiVersion: source.toolkit.fluxcd.io/v1
+    kind: GitRepository
+    metadata:
+      name: "deploy-git"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.push-labels)}
+    spec:
+      interval: 5m0s
+      ref:
+        branch: main
+      secretRef:
+        name: ssh-credentials-flux
+      url: ssh://git@${var.gitea_ssh_prefix}.${var.domain_name}:${var.gitea_ssh_port}/${var.organization}/deploy.git
+  EOF
+}
+
+resource "kubectl_manifest" "ci-kustomization" {
+  count = var.haveGitea&&var.haveFlux?length(local.sorted-stages):0
+  yaml_body  = <<-EOF
+    apiVersion: kustomize.toolkit.fluxcd.io/v1
+    kind: Kustomization
+    metadata:
+      name: "${var.instance}-${var.component}-deploy"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.push-labels)}
+    spec:
+      interval: 5m
+      path: ./ci
+      prune: true
+      targetNamespace: "${var.namespace}"
+      sourceRef:
+        kind: GitRepository
+        name: "${var.instance}-${var.component}-ci"
+      timeout: 1m
+  EOF
+}
+
+
 resource "kubectl_manifest" "datasets" {
   count = length(local.sorted-datasets)
   depends_on = [kubernetes_namespace_v1.ns]