From 45844c6281844913a213cc330484859db720a9b9 Mon Sep 17 00:00:00 2001
From: Kelly <kelly@cannabrands.com>
Date: Mon, 15 Dec 2025 21:19:26 -0700
Subject: [PATCH] ci: Embed kubeconfig, use k8s_token secret for token only

---
 .woodpecker.yml | 27 ++++++++++++++++++++++++---
 1 file changed, 24 insertions(+), 3 deletions(-)

diff --git a/.woodpecker.yml b/.woodpecker.yml
index 4d554f2b..f3a7aa1c 100644
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@@ -151,12 +151,33 @@ steps:
   deploy:
     image: bitnami/kubectl:latest
     environment:
-      KUBECONFIG_CONTENT:
-        from_secret: kubeconfig_data
+      K8S_TOKEN:
+        from_secret: k8s_token
     commands:
       - mkdir -p ~/.kube
-      - printf '%s' "$KUBECONFIG_CONTENT" > ~/.kube/config
+      - |
+        cat > ~/.kube/config << 'KUBEEOF'
+        apiVersion: v1
+        kind: Config
+        clusters:
+        - cluster:
+            certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkakNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUzTmpVM05UUTNPRE13SGhjTk1qVXhNakUwTWpNeU5qSXpXaGNOTXpVeE1qRXlNak15TmpJegpXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUzTmpVM05UUTNPRE13V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFRWDRNdFJRTW5lWVJVV0s2cjZ3VEV2WjAxNnV4T3NUR3JJZ013TXVnNGwKajQ1bHZ6ZkM1WE1NY1pESnUxZ0t1dVJhVGxlb0xVOVJnSERIUUI4TUwzNTJvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVXIzNDZpNE42TFhzaEZsREhvSlU0CjJ1RjZseGN3Q2dZSUtvWkl6ajBFQXdJRFJ3QXdSQUlnVUtqdWRFQWJyS1JDVHROVXZTc1Rmb3FEaHFSeDM5MkYKTFFSVWlKK0hCVElDSUJqOFIxbG1zSnFSRkRHMEpwMGN4OG5ZZnFCaElRQzh6WWdRdTdBZmR4L3IKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+            server: https://10.100.6.10:6443
+          name: spdy-k3s
+        contexts:
+        - context:
+            cluster: spdy-k3s
+            namespace: cannaiq
+            user: cannaiq-admin
+          name: cannaiq
+        current-context: cannaiq
+        users:
+        - name: cannaiq-admin
+          user:
+            token: ${K8S_TOKEN}
+        KUBEEOF
       - chmod 600 ~/.kube/config
+      - sed -i "s|\${K8S_TOKEN}|$K8S_TOKEN|g" ~/.kube/config
       - kubectl set image deployment/scraper scraper=10.100.9.70:5000/cannaiq/backend:sha-${CI_COMMIT_SHA:0:8} -n cannaiq
       - kubectl rollout status deployment/scraper -n cannaiq --timeout=300s
       - REPLICAS=$(kubectl get deployment scraper-worker -n cannaiq -o jsonpath='{.spec.replicas}'); if [ "$REPLICAS" = "0" ]; then kubectl scale deployment/scraper-worker --replicas=5 -n cannaiq; fi