Update .gitea/workflows/test.yml

.gitea/workflows/test.yml

@@ -187,6 +187,11 @@ jobs:
           docker push $IMAGE_NAME:latest
           docker push $IMAGE_NAME:${{ steps.meta.outputs.image_tag }}
 
+      - name: Tag and push stable
+        run: |
+          docker tag $IMAGE_NAME:latest $IMAGE_NAME:stable
+          docker push $IMAGE_NAME:stable
+
   deploy-to-k3s:
     needs: build-scan-and-push-image
     runs-on: ubuntu-latest
@@ -201,20 +206,30 @@ jobs:
           sudo mv kubectl /usr/local/bin/kubectl
           kubectl version --client
 
-      - name: Configure kubeconfig
+      - name: Prepare CA certificate
         run: |
-          mkdir -p ~/.kube
-          echo "${{ secrets.KUBECONFIG_B64 }}" | base64 -d > ~/.kube/config
-          chmod 600 ~/.kube/config
+          echo "${{ secrets.K8S_CA_CRT_B64 }}" | base64 -d > ca.crt
+          chmod 600 ca.crt
 
-      - name: Render manifest with image tag
+      - name: Render manifest for stable
         run: |
-          sed "s|image: .*|image: ${IMAGE_NAME}:${{ needs.build-scan-and-push-image.outputs.image_tag }}|g" arcade.yaml > rendered-arcade.yaml
+          sed \
+            -e "s|__IMAGE_TAG__|stable|g" \
+            -e "s|__GIT_SHA__|${{ gitea.sha }}|g" \
+            arcade.yaml > rendered-arcade.yaml
 
       - name: Apply Kubernetes manifest
         run: |
-          kubectl apply -f rendered-arcade.yaml
+          kubectl \
+            --server="${{ secrets.K8S_SERVER }}" \
+            --token="${{ secrets.K8S_TOKEN }}" \
+            --certificate-authority=ca.crt \
+            apply -f rendered-arcade.yaml
 
       - name: Wait for rollout
         run: |
-          kubectl -n devsecops rollout status deployment/arcade --timeout=180s
+          kubectl \
+            --server="${{ secrets.K8S_SERVER }}" \
+            --token="${{ secrets.K8S_TOKEN }}" \
+            --certificate-authority=ca.crt \
+            -n devsecops rollout status deployment/arcade --timeout=180s