fix: revert to init container deployment with webhook auto-restart

- Init containers clone and build fresh code on each pod start
- Webhook triggers kubectl rollout restart on git push
- This provides true auto-deploy without requiring Docker registry

k8s/deployment.yaml

@@ -13,12 +13,101 @@ spec:
       labels:
         app: storefront
     spec:
-      imagePullSecrets:
+      initContainers:
-      - name: ghcr-auth
+      - name: clone
+        image: alpine/git:latest
+        command:
+        - sh
+        - -c
+        - |
+          set -e
+          apk add --no-cache git
+          git clone --depth 1 --branch master \
+            http://gitea.gitea.svc.cluster.local:3000/unchained/manoon-headless.git \
+            /workspace
+          echo "Clone complete."
+        volumeMounts:
+        - name: workspace
+          mountPath: /workspace
+        securityContext:
+          runAsUser: 0
+        resources:
+          limits:
+            cpu: 500m
+            memory: 256Mi
+      - name: install
+        image: node:20-slim
+        workingDir: /workspace
+        command:
+        - sh
+        - -c
+        - |
+          set -e
+          echo "Installing dependencies..."
+          npm install --prefer-offline --no-audit 2>&1
+          echo "Dependencies installed."
+        volumeMounts:
+        - name: workspace
+          mountPath: /workspace
+        securityContext:
+          runAsUser: 0
+        resources:
+          limits:
+            cpu: 2000m
+            memory: 3Gi
+          requests:
+            cpu: 100m
+            memory: 1Gi
+      - name: build
+        image: node:20-slim
+        workingDir: /workspace
+        command:
+        - sh
+        - -c
+        - |
+          set -e
+          echo "Building Next.js app..."
+          npm run build
+          echo "Build complete!"
+        env:
+        - name: NODE_ENV
+          value: "production"
+        - name: NEXT_PUBLIC_WOOCOMMERCE_URL
+          valueFrom:
+            secretKeyRef:
+              name: woocommerce-credentials
+              key: WOOCOMMERCE_URL
+        - name: NEXT_PUBLIC_WOOCOMMERCE_CONSUMER_KEY
+          valueFrom:
+            secretKeyRef:
+              name: woocommerce-credentials
+              key: WOOCOMMERCE_CONSUMER_KEY
+        - name: NEXT_PUBLIC_WOOCOMMERCE_CONSUMER_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: woocommerce-credentials
+              key: WOOCOMMERCE_CONSUMER_SECRET
+        - name: NEXT_PUBLIC_SITE_URL
+          value: "https://dev.manoonoils.com"
+        volumeMounts:
+        - name: workspace
+          mountPath: /workspace
+        securityContext:
+          runAsUser: 0
+        resources:
+          limits:
+            cpu: 2000m
+            memory: 2Gi
+          requests:
+            cpu: 100m
+            memory: 512Mi
       containers:
       - name: storefront
-        image: ghcr.io/unchainedio/manoon-headless:main
+        image: node:20-slim
-        imagePullPolicy: Always
+        workingDir: /workspace
+        command:
+        - npm
+        - start
         ports:
         - containerPort: 3000
         env:
@@ -70,3 +159,10 @@ spec:
             port: 3000
           periodSeconds: 5
           failureThreshold: 3
+        volumeMounts:
+        - name: workspace
+          mountPath: /workspace
+      volumes:
+      - name: workspace
+        emptyDir:
+          sizeLimit: 2Gi