~ Rebuild Image

.gitea/workflows/cd.yaml

@@ -1,28 +1,32 @@
 on:
   push:
-    branches: [ main ]
+    branches:
+    - main
+    - dev
+env:
+  NAMESPACE: ${{ github.repository_owner }}
+  DOCKER_REGISTRY: ghcr.io
+  DOCKER_REPOSITORY: ${{ github.repository }}
 jobs:
   build-and-deploy:
+    env:
+      IMAGE: ${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_REPOSITORY }}
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v2
-    - uses: benjlevesque/short-sha@v3.0
-      id: short-sha
-      with:
-        length: 10
-    - name: Set up kpack-cli
+    - name: Install kpack-cli
       env:
-        KPACK_CLI_VERSION: "0.13.0"
+        KPACK_CLI_VERSION: 0.13.0
+        KPACK_CLI_SHA256: 52f0c927a1350f4f1bb281575ec246f406fb96aa69dc974ed10a2fe52c538158
       working-directory: /tmp
       run: |
-        mkdir kp-binaries
-        curl -L "https://github.com/buildpacks-community/kpack-cli/releases/download/v${KPACK_CLI_VERSION}/kp-linux-amd64-${KPACK_CLI_VERSION}" -o kp-binaries/kp-linux-amd64-${KPACK_CLI_VERSION}
-        curl -LO "https://github.com/buildpacks-community/kpack-cli/releases/download/v${KPACK_CLI_VERSION}/kp-linux-amd64-${KPACK_CLI_VERSION}.sha256"
-        sha256sum -c kp-linux-amd64-${KPACK_CLI_VERSION}.sha256 || exit 1
-        sudo mv kp-binaries/kp-linux-amd64-${KPACK_CLI_VERSION} /usr/local/bin/kp
+        set -ex
+        curl -sLO "https://github.com/buildpacks-community/kpack-cli/releases/download/v${KPACK_CLI_VERSION}/kp-linux-amd64-${KPACK_CLI_VERSION}"
+        echo "${KPACK_CLI_SHA256} kp-linux-amd64-${KPACK_CLI_VERSION}" | sha256sum --check || exit 1
+        sudo mv kp-linux-amd64-${KPACK_CLI_VERSION} /usr/local/bin/kp
         sudo chmod +x /usr/local/bin/kp
         kp version
-    - name: Set up kubectl
+    - name: Install kubectl
       uses: azure/setup-kubectl@v4
     - name: Configure kubectl
       uses: azure/k8s-set-context@v1
@@ -31,16 +35,20 @@ jobs:
     - name: Update kpack image
       env:
         SHA: ${{ github.sha }}
-        SHORT_SHA: ${{ steps.short-sha.outputs.sha }}
       run: |
-        kp image patch tutorial-image --replace-additional-tag "ghcr.io/hvg-dev/php-test:sha-${SHORT_SHA}" --git-revision "${SHA}" -n test-builder
+        SHORT_SHA=$(git rev-parse --short HEAD)
+        echo "SHORT_SHA=${SHORT_SHA}" >> $GITHUB_ENV
+        IMAGE_NAME="${GITHUB_REPOSITORY#$GITHUB_REPOSITORY_OWNER/}-${GITHUB_REF##*/}"
+        echo "IMAGE_NAME=${IMAGE_NAME}" >> $GITHUB_ENV
+        kp image patch $IMAGE_NAME --replace-additional-tag "${IMAGE}:sha-${SHORT_SHA}" --git-revision "${SHA}" -n $NAMESPACE
+        kp image status $IMAGE_NAME -n $NAMESPACE
     - name: Wait for build to complete
       run: |
-        BUILD=$(kubectl -n test-builder get image tutorial-image -o jsonpath='{.status.buildCounter}')
-        BUILD_REF=$(kubectl -n test-builder get image tutorial-image -o jsonpath='{.status.latestBuildRef}')
-        kp build logs tutorial-image -n test-builder --build ${BUILD}
-        kp build status tutorial-image -n test-builder -b $BUILD
-        if [ "$(kubectl -n test-builder get build $BUILD_REF -o jsonpath='{.status.conditions[0].status}')" != "True" ]; then exit 1; fi
+        BUILD=$(kubectl -n $NAMESPACE get image $IMAGE_NAME -o jsonpath='{.status.buildCounter}')
+        BUILD_REF=$(kubectl -n $NAMESPACE get image $IMAGE_NAME -o jsonpath='{.status.latestBuildRef}')
+        kp build logs $IMAGE_NAME -n $NAMESPACE --build ${BUILD}
+        kp build status $IMAGE_NAME -n $NAMESPACE -b $BUILD
+        if [ "$(kubectl -n $NAMESPACE get build $BUILD_REF -o jsonpath='{.status.conditions[0].status}')" != "True" ]; then exit 1; fi
 #    - name: Update Kubernetes deployment
 #      run: |
 #        kubectl set image deployment/my-app my-app=<registry>/<repository>:${{ github.sha }}

.github/workflows/cicd.yaml

@@ -1,15 +1,22 @@
 on:
   push:
-    branches: [ main ]
+    branches:
+    - main
+    - dev
 jobs:
   build-image-and-deploy:
     runs-on: ubuntu-latest
     steps:
+
     - uses: actions/checkout@v3
       with:
         fetch-depth: 0
-    - uses: yesolutions/mirror-action@master
+
+    - uses: felegy/mirror-action@master
       with:
-        REMOTE: https://git.saito.systems/felegy/test-php.git
-        GIT_USERNAME: felegy
-        GIT_PASSWORD: ${{ secrets.DEPLOY_REPO_TOKEN }}
+        REMOTE: git@${{ secrets.DEPLOY_REPO }}:${{ github.repository }}.git
+        SSH_CONFIG: |
+          Host ${{ secrets.DEPLOY_REPO }}
+            ProxyCommand cloudflared access ssh --hostname %h
+        GIT_SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
+        GIT_SSH_NO_VERIFY_HOST: "true"

k8s/gitea-runner.yaml

@@ -1,3 +1,25 @@
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: runner-role
+rules:
+- apiGroups: ["*"]
+  resources: ["*"]
+  verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: runner-role-binding
+subjects:
+- kind: ServiceAccount
+  name: default
+roleRef:
+  kind: Role
+  name: runner-role
+  apiGroup: rbac.authorization.k8s.io
+---
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata: