feat(forgejo): updated secret ref for a bucket name

Adds a new CronJob for scheduled S3 backups using rclone, along with a corresponding Secret for AWS credentials. This introduces automated backup functionality for the Forgejo server, enhancing data protection and recovery capabilities.

template/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml

@@ -0,0 +1,79 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: forgejo-s3-backup
+  namespace: gitea
+spec:
+  schedule: "0 1 * * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: rclone
+            image: rclone/rclone:1.70
+            imagePullPolicy: IfNotPresent
+            env:
+            - name: SOURCE_BUCKET
+              valueFrom:
+                secretKeyRef:
+                  name: forgejo-cloud-credentials
+                  key: bucket-name
+            - name: AWS_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: forgejo-cloud-credentials
+                  key: access-key
+            - name: AWS_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: forgejo-cloud-credentials
+                  key: secret-key
+            volumeMounts:
+            - name: rclone-config
+              mountPath: /config/rclone
+              readOnly: true
+            - name: backup-dir
+              mountPath: /backup
+              readOnly: false
+            command:
+            - /bin/sh
+            - -c
+            - |
+              rclone sync source:/${SOURCE_BUCKET}/packages /backup -v --ignore-checksum
+          restartPolicy: OnFailure
+          volumes:
+          - name: rclone-config
+            secret:
+              secretName: forgejo-s3-backup
+          - name: backup-dir
+            persistentVolumeClaim:
+              claimName: s3-backup
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: s3-backup
+  namespace: gitea
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 50Gi
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: forgejo-s3-backup
+  namespace: gitea
+type: Opaque
+stringData:
+  rclone.conf: |
+    [source]
+    type = s3
+    provider = HuaweiOBS
+    env_auth = true
+    endpoint = obs.eu-de.otc.t-systems.com
+    region = eu-de
+    acl = private

template/stacks/forgejo/forgejo-server/values.yaml

@@ -1,3 +1,4 @@
+# This is only used for deploying older versions of infra-catalogue where the bucket name is not an output of the terragrunt modules
 {{{- define "BUCKET_NAME" -}}}
 {{{- if (getenv "FORGEJO_BUCKET_NAME") -}}}
 {{{ getenv "FORGEJO_BUCKET_NAME" }}}