From be01895c920d336665da893f2460a6f1274a3cb1 Mon Sep 17 00:00:00 2001
From: ordinarthur <@arthurbarre.js@gmail.com>
Date: Thu, 16 Apr 2026 16:50:13 +0200
Subject: [PATCH] ci: add kubectl install + idempotent manifest apply (rebours
 pattern)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .gitea/workflows/deploy.yml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index 2d9eb19..868be1e 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -34,12 +34,31 @@ jobs:
             -t "$PWA_TAG" .
           docker push "$PWA_TAG"
 
+      - name: Install kubectl
+        run: |
+          curl -LO "https://dl.k8s.io/release/$(curl -Ls https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+          chmod +x kubectl && mv kubectl /usr/local/bin/kubectl
+
       - name: Deploy on K3s
         env:
           KUBECONFIG_DATA: ${{ secrets.KUBECONFIG }}
         run: |
           mkdir -p ~/.kube
           echo "$KUBECONFIG_DATA" | base64 -d > ~/.kube/config
+
+          # Appliquer les manifests (idempotent)
+          kubectl apply -f deploy/k8s/namespace.yaml
+          kubectl apply -f deploy/k8s/pwa.deployment.yaml
+          kubectl apply -f deploy/k8s/api.deployment.yaml
+
+          # Pull secret (idempotent)
+          kubectl -n ordinarthur-os create secret docker-registry gitea-registry \
+            --docker-server=git.arthurbarre.fr \
+            --docker-username=ordinarthur \
+            --docker-password="${{ secrets.REGISTRY_PASSWORD }}" \
+            --dry-run=client -o yaml | kubectl apply -f -
+
+          # Rollout
           kubectl -n ordinarthur-os set image deploy/api api=$API_TAG
           kubectl -n ordinarthur-os set image deploy/pwa pwa=$PWA_TAG
           kubectl -n ordinarthur-os rollout status deploy/api --timeout=120s