From 8f6147d4fed58af50ea9ac00571381b04d0e6a98 Mon Sep 17 00:00:00 2001
From: Alexandre Chappaz <alexandre.chappaz@consensys.net>
Date: Mon, 6 Jan 2025 19:58:37 +0100
Subject: [PATCH] infra

---
 deployment/app/deployment.yaml     |  2 +-
 deployment/app/externalsecret.yaml | 22 ++++++++++++++++++++++
 deployment/argocd/app.yaml         | 19 +++++++++++++++----
 3 files changed, 38 insertions(+), 5 deletions(-)

diff --git a/deployment/app/deployment.yaml b/deployment/app/deployment.yaml
index 41b0a20..8872f0d 100644
--- a/deployment/app/deployment.yaml
+++ b/deployment/app/deployment.yaml
@@ -13,7 +13,7 @@ spec:
     spec:
       containers:
       - name: craig
-        image: 992382534381.dkr.ecr.us-east-1.amazonaws.com/cs-prod-craig-bot:22d746a
+        image: 992382534381.dkr.ecr.us-east-1.amazonaws.com/cs-prod-craig-bot:e4f5133
         resources:
           limits:
             cpu: 2
diff --git a/deployment/app/externalsecret.yaml b/deployment/app/externalsecret.yaml
index f8118af..ef9dc82 100644
--- a/deployment/app/externalsecret.yaml
+++ b/deployment/app/externalsecret.yaml
@@ -28,3 +28,25 @@ spec:
       remoteRef:
         key: craig_secrets
         property: CLIENT_SECRET
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: craig-secrets
+spec:
+  refreshInterval: 1m
+  secretStoreRef:
+    name: default
+    kind: ClusterSecretStore
+  target:
+    name: postgresql-secrets
+    creationPolicy: Owner
+  data:
+    - secretKey: pg-admin-password
+      remoteRef:
+        key: craig_secrets
+        property: pg-admin-password
+    - secretKey: pg-user-password
+      remoteRef:
+        key: craig_secrets
+        property: pg-user-password
diff --git a/deployment/argocd/app.yaml b/deployment/argocd/app.yaml
index 8f8cbf8..9779e74 100644
--- a/deployment/argocd/app.yaml
+++ b/deployment/argocd/app.yaml
@@ -8,10 +8,21 @@ spec:
     name: cs-prod-us-east-1
     namespace: craig-bot
   project: apps-cs-prod
-  source:
-    repoURL: https://github.com/ConsenSys/w3f-craig.git
-    path: deployment/app
-    targetRevision: master
+  sources:
+    - repoURL: https://github.com/ConsenSys/w3f-craig.git
+      path: deployment/app
+      targetRevision: master
+    - chart: postgresql
+      repoURL: registry-1.docker.io/bitnamicharts
+      targetRevision: 16.3.5
+      helm:
+        values:  |
+          auth:
+            existingSecret: craig-secrets
+            database: craig
+            username: craig
+            adminPasswordKey: pg-admin-password
+            userPasswordKey: pg-user-password
   syncPolicy:
     automated:
       prune: true