From b1d56d1cb70d964f0323f9b18f40d066824bf5b7 Mon Sep 17 00:00:00 2001
From: dvirlabs <dvirlabs@gmail.com>
Date: Wed, 18 Feb 2026 11:17:33 +0200
Subject: [PATCH] Update the token

---
 .gitlab-ci.yml | 27 ++++++++++++++++++++-------
 1 file changed, 20 insertions(+), 7 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 14816b7..fd89094 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -34,7 +34,7 @@ deploy:
     set -euo pipefail
 
     # Configure kubectl for k3s cluster
-    export KUBECONFIG=/tmp/k3s.yaml
+    export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
     echo "Configured kubectl to use k3s cluster"
     kubectl cluster-info || echo "Warning: Could not connect to cluster yet"
 
@@ -43,7 +43,7 @@ deploy:
     echo "Updated ${VALUES_FILE} with image.tag=${TAG}"
     
     # Verify the change
-    grep -A 1 "^image:" "${VALUES_FILE}"
+    grep -A 2 "^image:" "${VALUES_FILE}"
 
     # Configure git identity
     git config user.email "gitlab-ci@dvirlabs.com"
@@ -53,20 +53,33 @@ deploy:
     git add "${VALUES_FILE}"
     git commit -m "ci: bump image tag to ${TAG} [skip ci]" || echo "No changes to commit"
 
-    # Push using GITLAB_TOKEN (set as CI/CD variable)
+    # Push using GITLAB_TOKEN (Project Access Token with api scope)
     if [ -n "${GITLAB_TOKEN:-}" ]; then
-      git remote set-url origin "https://oauth2:${GITLAB_TOKEN}@${CI_SERVER_HOST#https://}/${CI_PROJECT_PATH}.git"
-      git push origin "HEAD:${CI_COMMIT_REF_NAME}" && echo "Pushed values.yaml update" || echo "Failed to push, continuing anyway"
+      git remote set-url origin "https://oauth2:${GITLAB_TOKEN}@gitlab.com/${CI_PROJECT_PATH}.git"
+      git push origin "HEAD:${CI_COMMIT_REF_NAME}" && echo "Pushed values.yaml update successfully" || echo "Failed to push, continuing deployment anyway"
     else
-      echo "GITLAB_TOKEN not set, skipping git push (values.yaml updated in workspace)"
+      echo "GITLAB_TOKEN not set, skipping git push (values.yaml is updated locally for this deployment)"
     fi
 
+    # Create namespace if it doesn't exist
+    kubectl create namespace "${NAMESPACE}" --dry-run=client -o yaml | kubectl apply -f -
+
+    # Create or update GitLab registry secret for pulling images
+    echo "Creating/updating image pull secret..."
+    kubectl create secret docker-registry gitlab-registry \
+      --docker-server="${CI_REGISTRY}" \
+      --docker-username="${CI_REGISTRY_USER}" \
+      --docker-password="${CI_REGISTRY_PASSWORD}" \
+      --namespace="${NAMESPACE}" \
+      --dry-run=client -o yaml | kubectl apply -f -
+
     echo "Deploying with Helm..."
     helm upgrade --install "${RELEASE}" "${CHART_PATH}" \
       -f "${VALUES_FILE}" \
       -n "${NAMESPACE}" \
       --create-namespace \
-      --wait --timeout 5m
+      --wait --timeout 10m \
+      --debug
 
     echo "Waiting for deployment to be ready..."
     kubectl -n "${NAMESPACE}" rollout status deploy -l app.kubernetes.io/name=open-meteo-service --timeout=180s