neon-vortex/webhook-build-trigger-neonvortex.yaml

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: webhook-build-script
  namespace: neonvortex
data:
  trigger-build.sh: |
    #!/bin/bash
    set -e

    echo "===== Git Push Detected - Triggering Build ====="
    date

    # Clone the repository
    echo "Cloning repository..."
    git clone http://192.168.1.49:13001/admin/neon-vortex.git /tmp/repo
    cd /tmp/repo

    # Get commit info
    GIT_COMMIT=$(git rev-parse HEAD)
    GIT_SHORT=$(git rev-parse --short HEAD)
    GIT_MSG=$(git log -1 --pretty=%B | head -1)
    GIT_AUTHOR=$(git log -1 --pretty=%an)

    echo "Commit: $GIT_SHORT ($GIT_COMMIT)"
    echo "Author: $GIT_AUTHOR"
    echo "Message: $GIT_MSG"

    # Generate unique job name
    TIMESTAMP=$(date +%s)
    JOB_NAME="build-${GIT_SHORT}-${TIMESTAMP}"

    echo "Creating build job: $JOB_NAME"

    # Send start notification
    curl -s -X POST "https://notify.caffeinetux.com/message?token=APMvTuncQJmm6vd" \
      -F "title=🔨 Neon Vortex Build Started" \
      -F "message=Commit: ${GIT_SHORT} by ${GIT_AUTHOR} - ${GIT_MSG}" \
      -F "priority=5" || echo "Notification failed"

    # Create the build job in flux-builds namespace
    kubectl apply -f - <<EOF
    apiVersion: batch/v1
    kind: Job
    metadata:
      name: $JOB_NAME
      namespace: flux-builds
      labels:
        app: neonvortex
        build-trigger: webhook
        git-commit: "$GIT_SHORT"
      annotations:
        git-commit-full: "$GIT_COMMIT"
        git-message: "$GIT_MSG"
        git-author: "$GIT_AUTHOR"
    spec:
      ttlSecondsAfterFinished: 1800
      backoffLimit: 0
      template:
        metadata:
          labels:
            app: neonvortex
            build-job: "true"
        spec:
          restartPolicy: Never
          initContainers:
          - name: git-clone
            image: alpine/git:latest
            command:
            - sh
            - -c
            - |
              set -e
              echo "Cloning and checking out $GIT_COMMIT..."
              git clone http://192.168.1.49:13001/admin/neon-vortex.git /workspace
              cd /workspace
              git checkout $GIT_COMMIT
              echo "Repository ready for build"
            env:
            - name: GIT_COMMIT
              value: "$GIT_COMMIT"
            volumeMounts:
            - name: workspace
              mountPath: /workspace
          containers:
          - name: kaniko
            image: gcr.io/kaniko-project/executor:latest
            args:
            - "--dockerfile=/workspace/htlm/Dockerfile"
            - "--context=/workspace/htlm"
            - "--destination=images.caffeinetux.com/apps/neon-vortex:latest"
            - "--destination=images.caffeinetux.com/apps/neon-vortex:$GIT_SHORT"
            - "--cache=true"
            - "--cache-repo=images.caffeinetux.com/apps/neon-vortex/cache"
            - "--label=git.commit=$GIT_COMMIT"
            - "--label=git.short=$GIT_SHORT"
            - "--label=git.message=$GIT_MSG"
            - "--label=git.author=$GIT_AUTHOR"
            volumeMounts:
            - name: workspace
              mountPath: /workspace
            - name: docker-config
              mountPath: /kaniko/.docker
          - name: notify-completion
            image: alpine:latest
            command:
            - sh
            - -c
            - |
              set -e
              apk add --no-cache curl

              echo "Waiting for Kaniko to complete..."
              sleep 10

              # Send completion notification
              curl -s -X POST "https://notify.caffeinetux.com/message?token=APMvTuncQJmm6vd" \
                -F "title=✅ Neon Vortex Build Complete" \
                -F "message=Image built successfully for commit ${GIT_SHORT}. Deployment will update automatically." \
                -F "priority=5"

              echo "Completion notification sent"
            env:
            - name: GIT_SHORT
              value: "$GIT_SHORT"
          volumes:
          - name: workspace
            emptyDir: {}
          - name: docker-config
            secret:
              secretName: harbor-registry
              items:
              - key: .dockerconfigjson
                path: config.json
    EOF

    if [ $? -eq 0 ]; then
      echo "✅ Build job $JOB_NAME created successfully"
    else
      echo "❌ Failed to create build job"
      curl -s -X POST "https://notify.caffeinetux.com/message?token=APMvTuncQJmm6vd" \
        -F "title=❌ Neon Vortex Build Failed" \
        -F "message=Failed to create build job for commit ${GIT_SHORT}" \
        -F "priority=8"
      exit 1
    fi
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: build-trigger-sa
  namespace: neonvortex
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: build-trigger-role
  namespace: flux-builds
rules:
- apiGroups: ["batch"]
  resources: ["jobs"]
  verbs: ["create", "get", "list", "watch", "delete"]
- apiGroups: [""]
  resources: ["pods", "pods/log"]
  verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: build-trigger-binding
  namespace: flux-builds
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: build-trigger-role
subjects:
- kind: ServiceAccount
  name: build-trigger-sa
  namespace: neonvortex
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: webhook-build-listener
  namespace: neonvortex
spec:
  replicas: 1
  selector:
    matchLabels:
      app: webhook-build-listener
  template:
    metadata:
      labels:
        app: webhook-build-listener
    spec:
      serviceAccountName: build-trigger-sa
      containers:
      - name: listener
        image: alpine/k8s:1.28.13
        command:
        - sh
        - -c
        - |
          apk add --no-cache socat bash git curl

          echo "Starting webhook listener on port 8080..."

          while true; do
            echo "Waiting for webhook trigger..."
            echo -e "HTTP/1.1 200 OK\r\nContent-Length: 2\r\n\r\nOK" | \
              socat TCP-LISTEN:8080,reuseaddr,fork STDIO | \
              while read line; do
                if echo "$line" | grep -q "POST /webhook"; then
                  echo "Webhook received! Triggering build..."
                  bash /scripts/trigger-build.sh &
                  break
                fi
              done
            sleep 2
          done
        volumeMounts:
        - name: script
          mountPath: /scripts
      volumes:
      - name: script
        configMap:
          name: webhook-build-script
          defaultMode: 0755
---
apiVersion: v1
kind: Service
metadata:
  name: webhook-build-listener
  namespace: neonvortex
spec:
  type: NodePort
  selector:
    app: webhook-build-listener
  ports:
  - port: 8080
    targetPort: 8080
    nodePort: 30091
    name: webhook
Reorganize to dedicated namespaces with automatic cleanup Namespace Structure: - neonvortex: Application deployment and webhook listener - flux-builds: Build jobs with automatic cleanup - flux-system: Flux CD control plane (unchanged) Automatic Cleanup: - Build jobs: 30-minute TTL after completion - Cleanup CronJob: Runs every 30 minutes - Keeps last 10 successful builds - Deletes failed jobs older than 1 hour - Removes all jobs older than 24 hours Changes: - Moved HelmRelease from default to neonvortex namespace - Moved build jobs from default to flux-builds namespace - Updated webhook listener to create jobs in flux-builds - Updated Flux alerts to monitor new namespace - Cleaned up all resources from default namespace - Added dedicated ServiceAccounts and RBAC per namespace Benefits: - Clean namespace separation for better organization - Automatic job cleanup prevents resource accumulation - Build history maintained (last 10 successful builds) - Improved monitoring and troubleshooting - Default namespace is now clean Comprehensive migration guide in NAMESPACE_MIGRATION_GUIDE.md 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-11-22 23:27:32 -05:00			`---`
			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
			`name: webhook-build-script`
			`namespace: neonvortex`
			`data:`
			`trigger-build.sh: \|`
			`#!/bin/bash`
			`set -e`

			`echo "===== Git Push Detected - Triggering Build ====="`
			`date`

			`# Clone the repository`
			`echo "Cloning repository..."`
			`git clone http://192.168.1.49:13001/admin/neon-vortex.git /tmp/repo`
			`cd /tmp/repo`

			`# Get commit info`
			`GIT_COMMIT=$(git rev-parse HEAD)`
			`GIT_SHORT=$(git rev-parse --short HEAD)`
			`GIT_MSG=$(git log -1 --pretty=%B \| head -1)`
			`GIT_AUTHOR=$(git log -1 --pretty=%an)`

			`echo "Commit: $GIT_SHORT ($GIT_COMMIT)"`
			`echo "Author: $GIT_AUTHOR"`
			`echo "Message: $GIT_MSG"`

			`# Generate unique job name`
			`TIMESTAMP=$(date +%s)`
			`JOB_NAME="build-${GIT_SHORT}-${TIMESTAMP}"`

			`echo "Creating build job: $JOB_NAME"`

			`# Send start notification`
			`curl -s -X POST "https://notify.caffeinetux.com/message?token=APMvTuncQJmm6vd" \`
			`-F "title=🔨 Neon Vortex Build Started" \`
			`-F "message=Commit: ${GIT_SHORT} by ${GIT_AUTHOR} - ${GIT_MSG}" \`
			`-F "priority=5" \|\| echo "Notification failed"`

			`# Create the build job in flux-builds namespace`
			`kubectl apply -f - <<EOF`
			`apiVersion: batch/v1`
			`kind: Job`
			`metadata:`
			`name: $JOB_NAME`
			`namespace: flux-builds`
			`labels:`
			`app: neonvortex`
			`build-trigger: webhook`
			`git-commit: "$GIT_SHORT"`
			`annotations:`
			`git-commit-full: "$GIT_COMMIT"`
			`git-message: "$GIT_MSG"`
			`git-author: "$GIT_AUTHOR"`
			`spec:`
			`ttlSecondsAfterFinished: 1800`
			`backoffLimit: 0`
			`template:`
			`metadata:`
			`labels:`
			`app: neonvortex`
			`build-job: "true"`
			`spec:`
			`restartPolicy: Never`
			`initContainers:`
			`- name: git-clone`
			`image: alpine/git:latest`
			`command:`
			`- sh`
			`- -c`
			`- \|`
			`set -e`
			`echo "Cloning and checking out $GIT_COMMIT..."`
			`git clone http://192.168.1.49:13001/admin/neon-vortex.git /workspace`
			`cd /workspace`
			`git checkout $GIT_COMMIT`
			`echo "Repository ready for build"`
			`env:`
			`- name: GIT_COMMIT`
			`value: "$GIT_COMMIT"`
			`volumeMounts:`
			`- name: workspace`
			`mountPath: /workspace`
			`containers:`
			`- name: kaniko`
			`image: gcr.io/kaniko-project/executor:latest`
			`args:`
			`- "--dockerfile=/workspace/htlm/Dockerfile"`
			`- "--context=/workspace/htlm"`
			`- "--destination=images.caffeinetux.com/apps/neon-vortex:latest"`
			`- "--destination=images.caffeinetux.com/apps/neon-vortex:$GIT_SHORT"`
			`- "--cache=true"`
			`- "--cache-repo=images.caffeinetux.com/apps/neon-vortex/cache"`
			`- "--label=git.commit=$GIT_COMMIT"`
			`- "--label=git.short=$GIT_SHORT"`
			`- "--label=git.message=$GIT_MSG"`
			`- "--label=git.author=$GIT_AUTHOR"`
			`volumeMounts:`
			`- name: workspace`
			`mountPath: /workspace`
			`- name: docker-config`
			`mountPath: /kaniko/.docker`
			`- name: notify-completion`
			`image: alpine:latest`
			`command:`
			`- sh`
			`- -c`
			`- \|`
			`set -e`
			`apk add --no-cache curl`

			`echo "Waiting for Kaniko to complete..."`
			`sleep 10`

			`# Send completion notification`
			`curl -s -X POST "https://notify.caffeinetux.com/message?token=APMvTuncQJmm6vd" \`
			`-F "title=✅ Neon Vortex Build Complete" \`
			`-F "message=Image built successfully for commit ${GIT_SHORT}. Deployment will update automatically." \`
			`-F "priority=5"`

			`echo "Completion notification sent"`
			`env:`
			`- name: GIT_SHORT`
			`value: "$GIT_SHORT"`
			`volumes:`
			`- name: workspace`
			`emptyDir: {}`
			`- name: docker-config`
			`secret:`
			`secretName: harbor-registry`
			`items:`
			`- key: .dockerconfigjson`
			`path: config.json`
			`EOF`

			`if [ $? -eq 0 ]; then`
			`echo "✅ Build job $JOB_NAME created successfully"`
			`else`
			`echo "❌ Failed to create build job"`
			`curl -s -X POST "https://notify.caffeinetux.com/message?token=APMvTuncQJmm6vd" \`
			`-F "title=❌ Neon Vortex Build Failed" \`
			`-F "message=Failed to create build job for commit ${GIT_SHORT}" \`
			`-F "priority=8"`
			`exit 1`
			`fi`
			`---`
			`apiVersion: v1`
			`kind: ServiceAccount`
			`metadata:`
			`name: build-trigger-sa`
			`namespace: neonvortex`
			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: Role`
			`metadata:`
			`name: build-trigger-role`
			`namespace: flux-builds`
			`rules:`
			`- apiGroups: ["batch"]`
			`resources: ["jobs"]`
			`verbs: ["create", "get", "list", "watch", "delete"]`
			`- apiGroups: [""]`
			`resources: ["pods", "pods/log"]`
			`verbs: ["get", "list", "watch"]`
			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: RoleBinding`
			`metadata:`
			`name: build-trigger-binding`
			`namespace: flux-builds`
			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
			`kind: Role`
			`name: build-trigger-role`
			`subjects:`
			`- kind: ServiceAccount`
			`name: build-trigger-sa`
			`namespace: neonvortex`
			`---`
			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: webhook-build-listener`
			`namespace: neonvortex`
			`spec:`
			`replicas: 1`
			`selector:`
			`matchLabels:`
			`app: webhook-build-listener`
			`template:`
			`metadata:`
			`labels:`
			`app: webhook-build-listener`
			`spec:`
			`serviceAccountName: build-trigger-sa`
			`containers:`
			`- name: listener`
			`image: alpine/k8s:1.28.13`
			`command:`
			`- sh`
			`- -c`
			`- \|`
			`apk add --no-cache socat bash git curl`

			`echo "Starting webhook listener on port 8080..."`

			`while true; do`
			`echo "Waiting for webhook trigger..."`
			`echo -e "HTTP/1.1 200 OK\r\nContent-Length: 2\r\n\r\nOK" \| \`
			`socat TCP-LISTEN:8080,reuseaddr,fork STDIO \| \`
			`while read line; do`
			`if echo "$line" \| grep -q "POST /webhook"; then`
			`echo "Webhook received! Triggering build..."`
			`bash /scripts/trigger-build.sh &`
			`break`
			`fi`
			`done`
			`sleep 2`
			`done`
			`volumeMounts:`
			`- name: script`
			`mountPath: /scripts`
			`volumes:`
			`- name: script`
			`configMap:`
			`name: webhook-build-script`
			`defaultMode: 0755`
			`---`
			`apiVersion: v1`
			`kind: Service`
			`metadata:`
			`name: webhook-build-listener`
			`namespace: neonvortex`
			`spec:`
			`type: NodePort`
			`selector:`
			`app: webhook-build-listener`
			`ports:`
			`- port: 8080`
			`targetPort: 8080`
			`nodePort: 30091`
			`name: webhook`