unchained/manoon-headless
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat: implement full CI/CD pipeline with GitHub Actions and Flux
Some checks failed
Build and Deploy / build (push) Has been cancelled
Details

Browse Source 
- Add GitHub Actions workflow to build and push Docker images to GHCR
- Add Dockerfile for multi-stage builds
- Update deployment to use GHCR images
- Add GHCR authentication secrets
- Configure Flux ImageRepository, ImagePolicy, and ImageUpdateAutomation
- Remove init container approach in favor of proper Docker builds

Auto-deploy flow:
1. Push to master triggers GitHub Actions
2. GitHub Actions builds image with commit hash tag
3. Image pushed to ghcr.io/unchainedio/manoon-headless
4. Flux ImageRepository detects new image
5. Flux ImageUpdateAutomation updates kustomization.yaml
6. Flux Kustomization applies new deployment
7. Kubernetes restarts pods with new image
This commit is contained in:
Unchained
2026-03-07 12:26:37 +02:00
parent 2c27fc65d0
commit 8f3bcebbf6
5 changed files with 140 additions and 176 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
.github/workflows/build-and-deploy.yaml vendored Normal file
View File

@@ -0,0 +1,63 @@
name: Build and Deploy
on:
push:
branches: [master, main]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=sha,prefix=,suffix=,format=short
type=raw,value=latest,enable={{is_default_branch}}
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Update kustomization.yaml
run: |
COMMIT_SHA=${{ github.sha }}
SHORT_SHA=${COMMIT_SHA:0:7}
sed -i "s|newTag: .*|newTag: ${SHORT_SHA}|" k8s/kustomization.yaml
- name: Commit and push changes
run: |
git config --local user.email "github-actions[bot]@users.noreply.github.com"
git config --local user.name "github-actions[bot]"
git add k8s/kustomization.yaml
git diff --quiet && git diff --staged --quiet || git commit -m "deploy: update image to ${SHORT_SHA} [skip ci]"
git push

2
Dockerfile
View File

@@ -5,7 +5,7 @@ WORKDIR /app
# Copy package files
COPY package*.json ./
RUN npm ci --prefer-offline --no-audit
RUN npm install --prefer-offline --no-audit
# Copy source and build
COPY . .

174
k8s/deployment-nodejs.yaml
View File

@@ -1,174 +0,0 @@
# Note: Secret 'woocommerce-credentials' must be created manually with real credentials:
# kubectl create secret generic woocommerce-credentials -n manoonoils \
# --from-literal=WOOCOMMERCE_URL="https://manoonoils.com" \
# --from-literal=WOOCOMMERCE_CONSUMER_KEY="ck_6a62a2ac8fa8d50e4757bf3b35c9d052dbbcf09f" \
# --from-literal=WOOCOMMERCE_CONSUMER_SECRET="cs_0ea41d2c8fc232d1e609e559ea8561d02c4406ee"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: storefront
namespace: manoonoils
spec:
replicas: 1
selector:
matchLabels:
app: storefront
template:
metadata:
labels:
app: storefront
spec:
initContainers:
- name: clone
image: alpine/git:latest
command:
- sh
- -c
- |
set -e
apk add --no-cache git
git clone --depth 1 --branch master \
http://gitea.gitea.svc.cluster.local:3000/unchained/manoon-headless.git \
/workspace
echo "Clone complete."
volumeMounts:
- name: workspace
mountPath: /workspace
securityContext:
runAsUser: 0
resources:
limits:
cpu: 500m
memory: 256Mi
- name: install
image: node:20-slim
workingDir: /workspace
command:
- sh
- -c
- |
set -e
echo "Installing dependencies..."
npm install --prefer-offline --no-audit 2>&1
echo "Dependencies installed."
volumeMounts:
- name: workspace
mountPath: /workspace
securityContext:
runAsUser: 0
resources:
limits:
cpu: 2000m
memory: 3Gi
requests:
cpu: 100m
memory: 1Gi
- name: build
image: node:20-slim
workingDir: /workspace
command:
- sh
- -c
- |
set -e
echo "Building Next.js app..."
npm run build
echo "Build complete!"
env:
- name: NODE_ENV
value: "production"
- name: NEXT_PUBLIC_WOOCOMMERCE_URL
valueFrom:
secretKeyRef:
name: woocommerce-credentials
key: WOOCOMMERCE_URL
- name: NEXT_PUBLIC_WOOCOMMERCE_CONSUMER_KEY
valueFrom:
secretKeyRef:
name: woocommerce-credentials
key: WOOCOMMERCE_CONSUMER_KEY
- name: NEXT_PUBLIC_WOOCOMMERCE_CONSUMER_SECRET
valueFrom:
secretKeyRef:
name: woocommerce-credentials
key: WOOCOMMERCE_CONSUMER_SECRET
- name: NEXT_PUBLIC_SITE_URL
value: "https://dev.manoonoils.com"
volumeMounts:
- name: workspace
mountPath: /workspace
securityContext:
runAsUser: 0
resources:
limits:
cpu: 2000m
memory: 2Gi
requests:
cpu: 100m
memory: 512Mi
containers:
- name: storefront
image: node:20-slim
workingDir: /workspace
command:
- npm
- start
ports:
- containerPort: 3000
env:
- name: NODE_ENV
value: "production"
- name: PORT
value: "3000"
- name: HOSTNAME
value: "0.0.0.0"
- name: NEXT_PUBLIC_WOOCOMMERCE_URL
valueFrom:
secretKeyRef:
name: woocommerce-credentials
key: WOOCOMMERCE_URL
- name: NEXT_PUBLIC_WOOCOMMERCE_CONSUMER_KEY
valueFrom:
secretKeyRef:
name: woocommerce-credentials
key: WOOCOMMERCE_CONSUMER_KEY
- name: NEXT_PUBLIC_WOOCOMMERCE_CONSUMER_SECRET
valueFrom:
secretKeyRef:
name: woocommerce-credentials
key: WOOCOMMERCE_CONSUMER_SECRET
- name: NEXT_PUBLIC_SITE_URL
value: "https://dev.manoonoils.com"
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 50m
memory: 128Mi
startupProbe:
httpGet:
path: /favicon.ico
port: 3000
periodSeconds: 10
failureThreshold: 30
livenessProbe:
httpGet:
path: /favicon.ico
port: 3000
periodSeconds: 30
failureThreshold: 3
readinessProbe:
httpGet:
path: /favicon.ico
port: 3000
periodSeconds: 5
failureThreshold: 3
volumeMounts:
- name: workspace
mountPath: /workspace
volumes:
- name: workspace
emptyDir:
sizeLimit: 2Gi

72
k8s/deployment.yaml Normal file
View File

@@ -0,0 +1,72 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: storefront
namespace: manoonoils
spec:
replicas: 1
selector:
matchLabels:
app: storefront
template:
metadata:
labels:
app: storefront
spec:
imagePullSecrets:
- name: ghcr-auth
containers:
- name: storefront
image: ghcr.io/unchainedio/manoon-headless:main
imagePullPolicy: Always
ports:
- containerPort: 3000
env:
- name: NODE_ENV
value: "production"
- name: PORT
value: "3000"
- name: HOSTNAME
value: "0.0.0.0"
- name: NEXT_PUBLIC_WOOCOMMERCE_URL
valueFrom:
secretKeyRef:
name: woocommerce-credentials
key: WOOCOMMERCE_URL
- name: NEXT_PUBLIC_WOOCOMMERCE_CONSUMER_KEY
valueFrom:
secretKeyRef:
name: woocommerce-credentials
key: WOOCOMMERCE_CONSUMER_KEY
- name: NEXT_PUBLIC_WOOCOMMERCE_CONSUMER_SECRET
valueFrom:
secretKeyRef:
name: woocommerce-credentials
key: WOOCOMMERCE_CONSUMER_SECRET
- name: NEXT_PUBLIC_SITE_URL
value: "https://dev.manoonoils.com"
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 50m
memory: 128Mi
startupProbe:
httpGet:
path: /favicon.ico
port: 3000
periodSeconds: 10
failureThreshold: 30
livenessProbe:
httpGet:
path: /favicon.ico
port: 3000
periodSeconds: 30
failureThreshold: 3
readinessProbe:
httpGet:
path: /favicon.ico
port: 3000
periodSeconds: 5
failureThreshold: 3

5
k8s/kustomization.yaml
View File

@@ -1,6 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment-nodejs.yaml
- deployment.yaml
- service.yaml
- ingress.yaml
images:
- name: ghcr.io/unchainedio/manoon-headless
newTag: 2c27fc6 # Updated by GitHub Actions