app: penpot-pr-{{ .BRANCH | sanitizeDNSName }}
# TODO move to staging cluster when ready
env: prod
namespace: penpot
deploy:
  event: pr
cleanup:
  event: branchDeleted
  app: penpot-pr-{{ .BRANCH | sanitizeDNSName }}
chart:
  name: https://github.com/tokens-studio/tokens-studio-for-penpot.git?branch={{ .BRANCH }}&path=/.gimlet/k8s/penpot/
values:
  redis:
    replica:
      replicaCount: 0
  global:
    # Try use the existing redis
    redisEnabled: false
    imagePullSecrets: 
      - name: ghcr-login-secret
  postgresql:
    # use the existing db
    enabled: false
    owner: penpot
    database: penpot
    # Assumed specified in infra
    secret: db-penpot-secrets
    superUser: db-penpot-superuser-secret
  config:
    assets:
      storageBackend: assets-s3
      s3:
        bucket: assets
        endpointURI: http://minio.penpot.svc.cluster.local:80
        existingSecret: 
          penpot-assets-user-0
        secretKeys:
          accessKeyIDKey: CONSOLE_ACCESS_KEY
          secretAccessKey: CONSOLE_SECRET_KEY
      
      # - AWS_ACCESS_KEY_ID=<KEY_ID>
      # - AWS_SECRET_ACCESS_KEY=<ACCESS_KEY>
      # - PENPOT_ASSETS_STORAGE_BACKEND=assets-s3
      # - PENPOT_STORAGE_ASSETS_S3_ENDPOINT=http://penpot-minio:9000
      # - PENPOT_STORAGE_ASSETS_S3_BUCKET=<BUKET_NAME>
    smtp:
      enabled: true
      host: mailslurper
      tls: false
      port: 1025
    publicURI: https://{{ .BRANCH | sanitizeDNSName }}.penpot.dev.tokens.studio
    redis:
      host: penpot-redis-master.penpot.svc.cluster.local
    postgresql:
      # note that this is unchanged
      host: penpot-db-rw
      database: penpot
      existingSecret: db-penpot-secrets
      secretKeys:
        usernameKey: username
        passwordKey: password
  backend:
    image:
      pullPolicy: Always
      repository: ghcr.io/tokens-studio/tokens-studio-for-penpot
      tag: 'backend-pr-{{ .BRANCH | sanitizeDNSName }}' 
  exporter:
    # Unlikely to be used 
    enabled: false
  frontend:
    labels:
      portService: tokens-studio-for-penpot
    image:
      pullPolicy: Always
      repository: ghcr.io/tokens-studio/tokens-studio-for-penpot
      tag: 'frontend-pr-{{ .BRANCH | sanitizeDNSName }}'
    ingress:     
      enabled: true
      annotations:
        cert-manager.io/cluster-issuer: letsencrypt-prod
      hosts:
        - host: "{{ .BRANCH | sanitizeDNSName }}.penpot.dev.tokens.studio"
      tls:
        - secretName: tls-penpot
          hosts:
          - "{{ .BRANCH | sanitizeDNSName }}.penpot.dev.tokens.studio"