action/site-publish
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: optional site.yaml 'middlewares' list appended to Ingress middleware annotation

Browse Source 
Lets a site opt into extra file-provider middlewares (e.g. authentik-forwardauth
to auth-gate a site). Backward-compatible: absent/empty key renders the exact
previous annotation.
This commit is contained in:
Donavan Fritz
2026-06-12 13:01:05 +00:00
parent d431fbddb4
commit f1f780f5a3
4 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+5
View File
@@ -48,6 +48,11 @@ type: static # static | hugo | mkdocs
# # so they're both un-uploaded AND un-deleted. Use this
# # for large assets managed out-of-band via aws-cli
# # (e.g. media files updated more often than the site code).
# middlewares: # extra Traefik FILE-PROVIDER middleware names appended to the
# - authentik-forwardauth # Ingress annotation (after https-redirect,retry-upstream).
# # The middleware must already exist in the traefik-dynamic
# # ConfigMap. Use authentik-forwardauth to auth-gate a site
# # (also requires an Authentik proxy provider + app for the host).
```
`.gitea/workflows/publish.yaml`:
scripts/deploy.py
+1
View File
@@ -126,6 +126,7 @@ def render_site_manifests(site_name, action_dir, app_dir, manifests_dir, cfg):
"domain": cfg["domain"],
"aliases": cfg["aliases"],
"namespace": NAMESPACE,
"middlewares": cfg["middlewares"],
}
render_templates(action_dir, template_vars, app_dir, manifests_dir)
scripts/utils.py
+5
View File
@@ -87,6 +87,10 @@ def parse_site_yaml(site_dir):
if not isinstance(excludes, list) or any(not isinstance(p, str) for p in excludes):
die("excludes must be a list of string patterns")
middlewares = cfg.get("middlewares") or []
if not isinstance(middlewares, list) or any(not isinstance(m, str) for m in middlewares):
die("middlewares must be a list of Traefik file-provider middleware names")
site = {
"domain": cfg["domain"],
"type": site_type,
@@ -95,6 +99,7 @@ def parse_site_yaml(site_dir):
"content_dir": cfg.get("content_dir", ""),
"tidy": cfg.get("tidy", True),
"excludes": excludes,
"middlewares": middlewares,
}
print("Site config:")
templates/ingress.yaml.j2
+1 -1
View File
@@ -5,7 +5,7 @@ metadata:
namespace: {{ namespace }}
{%- if site_type != "docker" %}
annotations:
traefik.ingress.kubernetes.io/router.middlewares: https-redirect@file,retry-upstream@file
traefik.ingress.kubernetes.io/router.middlewares: https-redirect@file,retry-upstream@file{% for m in middlewares %},{{ m }}@file{% endfor %}
{%- endif %}
spec:
ingressClassName: traefik