From a636d29f0bd56fca4deea7b16abee06eb7625fec Mon Sep 17 00:00:00 2001 From: Unchained Date: Sun, 5 Apr 2026 05:17:30 +0200 Subject: [PATCH 1/9] fix(k8s): handle existing workspace on pod restart The clone init container was failing with 'destination path already exists' when the pod restarted. EmptyDir volumes persist across container restarts but init containers run again. Now checks if workspace exists: - If .git directory exists: fetch and reset to latest master - If not: clean and clone fresh This fixes the CrashLoopBackOff caused by failed clone attempts. --- k8s/deployment.yaml | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/k8s/deployment.yaml b/k8s/deployment.yaml index 56918a0..e3e82ad 100644 --- a/k8s/deployment.yaml +++ b/k8s/deployment.yaml @@ -22,10 +22,20 @@ spec: - | set -e apk add --no-cache git - git clone --depth 1 --branch master \ - http://gitea.gitea.svc.cluster.local:3000/unchained/manoon-headless.git \ - /workspace - echo "Clone complete." + # Clean workspace if it exists (handles pod restarts) + if [ -d /workspace/.git ]; then + echo "Workspace exists, pulling latest changes..." + cd /workspace + git fetch origin master + git reset --hard origin/master + else + echo "Cloning fresh repository..." + rm -rf /workspace/* + git clone --depth 1 --branch master \ + http://gitea.gitea.svc.cluster.local:3000/unchained/manoon-headless.git \ + /workspace + fi + echo "Clone/update complete." volumeMounts: - name: workspace mountPath: /workspace From 3c495f48b74a6a55f56a6809b87d3a6e98fb91a0 Mon Sep 17 00:00:00 2001 From: Unchained Date: Sun, 5 Apr 2026 06:09:55 +0200 Subject: [PATCH 2/9] refactor(k8s): use pre-built GHCR image instead of building in pod - Remove init containers (clone, install, build) - Use ghcr.io/unchainedio/manoon-headless:latest image - Faster pod startup, less resource usage - Image built by GitHub Actions on push to master --- k8s/deployment.yaml | 112 +------------------------------------------- 1 file changed, 1 insertion(+), 111 deletions(-) diff --git a/k8s/deployment.yaml b/k8s/deployment.yaml index e3e82ad..2147446 100644 --- a/k8s/deployment.yaml +++ b/k8s/deployment.yaml @@ -13,112 +13,9 @@ spec: labels: app: storefront spec: - initContainers: - - name: clone - image: alpine/git:latest - command: - - sh - - -c - - | - set -e - apk add --no-cache git - # Clean workspace if it exists (handles pod restarts) - if [ -d /workspace/.git ]; then - echo "Workspace exists, pulling latest changes..." - cd /workspace - git fetch origin master - git reset --hard origin/master - else - echo "Cloning fresh repository..." - rm -rf /workspace/* - git clone --depth 1 --branch master \ - http://gitea.gitea.svc.cluster.local:3000/unchained/manoon-headless.git \ - /workspace - fi - echo "Clone/update complete." - volumeMounts: - - name: workspace - mountPath: /workspace - securityContext: - runAsUser: 0 - resources: - limits: - cpu: 500m - memory: 256Mi - - name: install - image: node:20-slim - workingDir: /workspace - command: - - sh - - -c - - | - set -e - echo "Installing dependencies..." - npm install --prefer-offline --no-audit 2>&1 - echo "Dependencies installed." - volumeMounts: - - name: workspace - mountPath: /workspace - securityContext: - runAsUser: 0 - resources: - limits: - cpu: 2000m - memory: 3Gi - requests: - cpu: 100m - memory: 1Gi - - name: build - image: node:20-slim - workingDir: /workspace - command: - - sh - - -c - - | - set -e - echo "Building Next.js app..." - npm run build - echo "Build complete!" - env: - - name: NODE_ENV - value: "production" - - name: NEXT_PUBLIC_SALEOR_API_URL - value: "https://api.manoonoils.com/graphql/" - - name: NEXT_PUBLIC_SITE_URL - value: "https://manoonoils.com" - - name: DASHBOARD_URL - value: "https://dashboard.manoonoils.com" - - name: NEXT_PUBLIC_OPENPANEL_CLIENT_ID - value: "fa61f8ae-0b5d-4187-a9b1-5a04b0025674" - - name: OPENPANEL_CLIENT_SECRET - value: "91126be0d1e78e657e0427df82733832.c6d30edf6ee673da9650a883604169a13ab8579a0dde70cb39b477f4cf441f90" - - name: OPENPANEL_API_URL - value: "https://op.nodecrew.me/api" - - name: MAUTIC_CLIENT_ID - value: "2_23cgmaqef8kgg8oo4kggc0w4wccwoss8o8w48o8sc40cowgkkg" - - name: MAUTIC_CLIENT_SECRET - value: "4k8367ab306co48c4c8g8sco8cgcwwww044gwccs0o0c8w4gco" - - name: MAUTIC_API_URL - value: "https://mautic.nodecrew.me" - volumeMounts: - - name: workspace - mountPath: /workspace - securityContext: - runAsUser: 0 - resources: - limits: - cpu: 2000m - memory: 2Gi - requests: - cpu: 100m - memory: 512Mi containers: - name: storefront - image: node:20-slim - workingDir: /workspace - command: - - npm - - start + image: ghcr.io/unchainedio/manoon-headless:latest ports: - containerPort: 3000 env: @@ -179,10 +76,3 @@ spec: port: 3000 periodSeconds: 5 failureThreshold: 3 - volumeMounts: - - name: workspace - mountPath: /workspace - volumes: - - name: workspace - emptyDir: - sizeLimit: 2Gi From cc33d317ba238e33946ac76f8ce31821e11bbfcc Mon Sep 17 00:00:00 2001 From: Unchained Date: Sun, 5 Apr 2026 06:12:44 +0200 Subject: [PATCH 3/9] fix(k8s): use latest tag for manoon-headless image Temporary fix until GitHub Actions builds and pushes the image. Workflow will update to specific SHA on next push. --- k8s/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/kustomization.yaml b/k8s/kustomization.yaml index 54dedf0..51e5947 100644 --- a/k8s/kustomization.yaml +++ b/k8s/kustomization.yaml @@ -7,4 +7,4 @@ resources: - ingress.yaml images: - name: ghcr.io/unchainedio/manoon-headless - newTag: 2c27fc6 # Updated by GitHub Actions + newTag: latest # Will be updated by GitHub Actions to commit SHA From 1dec08f857eb252145eecc4fd4c06f30b535232f Mon Sep 17 00:00:00 2001 From: Unchained Date: Sun, 5 Apr 2026 06:15:54 +0200 Subject: [PATCH 4/9] Revert to working deployment while GHCR image builds Will re-apply pre-built image once GitHub Actions successfully pushes image to ghcr.io/unchainedio/manoon-headless --- k8s/deployment.yaml | 112 ++++++++++++++++++++++++++++++++++++++++- k8s/kustomization.yaml | 2 +- 2 files changed, 112 insertions(+), 2 deletions(-) diff --git a/k8s/deployment.yaml b/k8s/deployment.yaml index 2147446..e3e82ad 100644 --- a/k8s/deployment.yaml +++ b/k8s/deployment.yaml @@ -13,9 +13,112 @@ spec: labels: app: storefront spec: + initContainers: + - name: clone + image: alpine/git:latest + command: + - sh + - -c + - | + set -e + apk add --no-cache git + # Clean workspace if it exists (handles pod restarts) + if [ -d /workspace/.git ]; then + echo "Workspace exists, pulling latest changes..." + cd /workspace + git fetch origin master + git reset --hard origin/master + else + echo "Cloning fresh repository..." + rm -rf /workspace/* + git clone --depth 1 --branch master \ + http://gitea.gitea.svc.cluster.local:3000/unchained/manoon-headless.git \ + /workspace + fi + echo "Clone/update complete." + volumeMounts: + - name: workspace + mountPath: /workspace + securityContext: + runAsUser: 0 + resources: + limits: + cpu: 500m + memory: 256Mi + - name: install + image: node:20-slim + workingDir: /workspace + command: + - sh + - -c + - | + set -e + echo "Installing dependencies..." + npm install --prefer-offline --no-audit 2>&1 + echo "Dependencies installed." + volumeMounts: + - name: workspace + mountPath: /workspace + securityContext: + runAsUser: 0 + resources: + limits: + cpu: 2000m + memory: 3Gi + requests: + cpu: 100m + memory: 1Gi + - name: build + image: node:20-slim + workingDir: /workspace + command: + - sh + - -c + - | + set -e + echo "Building Next.js app..." + npm run build + echo "Build complete!" + env: + - name: NODE_ENV + value: "production" + - name: NEXT_PUBLIC_SALEOR_API_URL + value: "https://api.manoonoils.com/graphql/" + - name: NEXT_PUBLIC_SITE_URL + value: "https://manoonoils.com" + - name: DASHBOARD_URL + value: "https://dashboard.manoonoils.com" + - name: NEXT_PUBLIC_OPENPANEL_CLIENT_ID + value: "fa61f8ae-0b5d-4187-a9b1-5a04b0025674" + - name: OPENPANEL_CLIENT_SECRET + value: "91126be0d1e78e657e0427df82733832.c6d30edf6ee673da9650a883604169a13ab8579a0dde70cb39b477f4cf441f90" + - name: OPENPANEL_API_URL + value: "https://op.nodecrew.me/api" + - name: MAUTIC_CLIENT_ID + value: "2_23cgmaqef8kgg8oo4kggc0w4wccwoss8o8w48o8sc40cowgkkg" + - name: MAUTIC_CLIENT_SECRET + value: "4k8367ab306co48c4c8g8sco8cgcwwww044gwccs0o0c8w4gco" + - name: MAUTIC_API_URL + value: "https://mautic.nodecrew.me" + volumeMounts: + - name: workspace + mountPath: /workspace + securityContext: + runAsUser: 0 + resources: + limits: + cpu: 2000m + memory: 2Gi + requests: + cpu: 100m + memory: 512Mi containers: - name: storefront - image: ghcr.io/unchainedio/manoon-headless:latest + image: node:20-slim + workingDir: /workspace + command: + - npm + - start ports: - containerPort: 3000 env: @@ -76,3 +179,10 @@ spec: port: 3000 periodSeconds: 5 failureThreshold: 3 + volumeMounts: + - name: workspace + mountPath: /workspace + volumes: + - name: workspace + emptyDir: + sizeLimit: 2Gi diff --git a/k8s/kustomization.yaml b/k8s/kustomization.yaml index 51e5947..54dedf0 100644 --- a/k8s/kustomization.yaml +++ b/k8s/kustomization.yaml @@ -7,4 +7,4 @@ resources: - ingress.yaml images: - name: ghcr.io/unchainedio/manoon-headless - newTag: latest # Will be updated by GitHub Actions to commit SHA + newTag: 2c27fc6 # Updated by GitHub Actions From c80970bcda76ab314988002270396e501ec16066 Mon Sep 17 00:00:00 2001 From: Unchained Date: Sun, 5 Apr 2026 06:24:36 +0200 Subject: [PATCH 5/9] feat(ci): add Gitea Actions workflow for building and pushing to GHCR Add .gitea/workflows/build.yaml that: - Builds Docker image on push to master - Pushes to ghcr.io/unchainedio/manoon-headless - Tags with commit SHA and 'latest' - Updates k8s/kustomization.yaml with new image tag - Commits and pushes the tag update back to repo Requires Gitea Actions runner to be configured. --- .gitea/workflows/build.yaml | 60 +++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 .gitea/workflows/build.yaml diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml new file mode 100644 index 0000000..f2fa685 --- /dev/null +++ b/.gitea/workflows/build.yaml @@ -0,0 +1,60 @@ +name: Build and Push to GHCR + +on: + push: + branches: [master, main] + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to Container Registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=sha,prefix=,suffix=,format=short + type=raw,value=latest,enable={{is_default_branch}} + + - name: Build and push Docker image + uses: docker/build-push-action@v5 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + + - name: Update kustomization.yaml + run: | + COMMIT_SHA=${{ github.sha }} + SHORT_SHA=${COMMIT_SHA:0:7} + sed -i "s|newTag: .*|newTag: ${SHORT_SHA}|" k8s/kustomization.yaml + + - name: Commit and push changes + run: | + git config --local user.email "gitea-actions[bot]@users.noreply.gitea.io" + git config --local user.name "gitea-actions[bot]" + git add k8s/kustomization.yaml + git diff --quiet && git diff --staged --quiet || git commit -m "deploy: update image to ${SHORT_SHA} [skip ci]" + git push From 29894cd555a874af0a6dfca7322492cdff57bd17 Mon Sep 17 00:00:00 2001 From: Unchained Date: Sun, 5 Apr 2026 06:32:05 +0200 Subject: [PATCH 6/9] chore: trigger Gitea Actions build --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index c2607ae..8cb5b6c 100644 --- a/README.md +++ b/README.md @@ -39,3 +39,4 @@ Check out our [Next.js deployment documentation](https://nextjs.org/docs/app/bui // Auto-deploy test: 2026-03-07T09:02:49Z // Auto-deploy test: 2026-03-07T10:33:23Z // Auto-deploy test 2: 2026-03-07T10:37:05Z +# Trigger build Sun Apr 5 06:32:05 AM EET 2026 From 61b20beffa39933fc0e306dab94cd1a3013ee425 Mon Sep 17 00:00:00 2001 From: Flux CD Date: Sun, 5 Apr 2026 05:02:51 +0000 Subject: [PATCH 7/9] feat: switch to pre-built GHCR image using BuildKit --- k8s/deployment.yaml | 117 +++----------------------------------------- 1 file changed, 7 insertions(+), 110 deletions(-) diff --git a/k8s/deployment.yaml b/k8s/deployment.yaml index e3e82ad..52a0fef 100644 --- a/k8s/deployment.yaml +++ b/k8s/deployment.yaml @@ -13,112 +13,16 @@ spec: labels: app: storefront spec: - initContainers: - - name: clone - image: alpine/git:latest - command: - - sh - - -c - - | - set -e - apk add --no-cache git - # Clean workspace if it exists (handles pod restarts) - if [ -d /workspace/.git ]; then - echo "Workspace exists, pulling latest changes..." - cd /workspace - git fetch origin master - git reset --hard origin/master - else - echo "Cloning fresh repository..." - rm -rf /workspace/* - git clone --depth 1 --branch master \ - http://gitea.gitea.svc.cluster.local:3000/unchained/manoon-headless.git \ - /workspace - fi - echo "Clone/update complete." - volumeMounts: - - name: workspace - mountPath: /workspace - securityContext: - runAsUser: 0 - resources: - limits: - cpu: 500m - memory: 256Mi - - name: install - image: node:20-slim - workingDir: /workspace - command: - - sh - - -c - - | - set -e - echo "Installing dependencies..." - npm install --prefer-offline --no-audit 2>&1 - echo "Dependencies installed." - volumeMounts: - - name: workspace - mountPath: /workspace - securityContext: - runAsUser: 0 - resources: - limits: - cpu: 2000m - memory: 3Gi - requests: - cpu: 100m - memory: 1Gi - - name: build - image: node:20-slim - workingDir: /workspace - command: - - sh - - -c - - | - set -e - echo "Building Next.js app..." - npm run build - echo "Build complete!" - env: - - name: NODE_ENV - value: "production" - - name: NEXT_PUBLIC_SALEOR_API_URL - value: "https://api.manoonoils.com/graphql/" - - name: NEXT_PUBLIC_SITE_URL - value: "https://manoonoils.com" - - name: DASHBOARD_URL - value: "https://dashboard.manoonoils.com" - - name: NEXT_PUBLIC_OPENPANEL_CLIENT_ID - value: "fa61f8ae-0b5d-4187-a9b1-5a04b0025674" - - name: OPENPANEL_CLIENT_SECRET - value: "91126be0d1e78e657e0427df82733832.c6d30edf6ee673da9650a883604169a13ab8579a0dde70cb39b477f4cf441f90" - - name: OPENPANEL_API_URL - value: "https://op.nodecrew.me/api" - - name: MAUTIC_CLIENT_ID - value: "2_23cgmaqef8kgg8oo4kggc0w4wccwoss8o8w48o8sc40cowgkkg" - - name: MAUTIC_CLIENT_SECRET - value: "4k8367ab306co48c4c8g8sco8cgcwwww044gwccs0o0c8w4gco" - - name: MAUTIC_API_URL - value: "https://mautic.nodecrew.me" - volumeMounts: - - name: workspace - mountPath: /workspace - securityContext: - runAsUser: 0 - resources: - limits: - cpu: 2000m - memory: 2Gi - requests: - cpu: 100m - memory: 512Mi + imagePullSecrets: + - name: ghcr-pull-secret containers: - name: storefront - image: node:20-slim - workingDir: /workspace + image: ghcr.io/unchainedio/manoon-headless:latest + imagePullPolicy: Always command: - - npm - - start + - node + - server.js + workingDir: /app ports: - containerPort: 3000 env: @@ -179,10 +83,3 @@ spec: port: 3000 periodSeconds: 5 failureThreshold: 3 - volumeMounts: - - name: workspace - mountPath: /workspace - volumes: - - name: workspace - emptyDir: - sizeLimit: 2Gi From 6236092d777ed5767f34ccc7ab2000ad63fb722a Mon Sep 17 00:00:00 2001 From: Flux CD Date: Sun, 5 Apr 2026 05:07:17 +0000 Subject: [PATCH 8/9] feat: add image policy setter marker for Flux automation --- k8s/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/deployment.yaml b/k8s/deployment.yaml index 52a0fef..5d7c1e0 100644 --- a/k8s/deployment.yaml +++ b/k8s/deployment.yaml @@ -17,7 +17,7 @@ spec: - name: ghcr-pull-secret containers: - name: storefront - image: ghcr.io/unchainedio/manoon-headless:latest + image: ghcr.io/unchainedio/manoon-headless:latest # {"": "flux-system:manoon-headless"} imagePullPolicy: Always command: - node From 37d1894ad4c83dcb33d37b2128b5cbba7607aec2 Mon Sep 17 00:00:00 2001 From: Flux CD Date: Sun, 5 Apr 2026 05:10:32 +0000 Subject: [PATCH 9/9] fix: remove image transformer, use deployment image directly --- k8s/kustomization.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/k8s/kustomization.yaml b/k8s/kustomization.yaml index 54dedf0..34d0502 100644 --- a/k8s/kustomization.yaml +++ b/k8s/kustomization.yaml @@ -5,6 +5,3 @@ resources: - service.yaml - middleware.yaml - ingress.yaml -images: - - name: ghcr.io/unchainedio/manoon-headless - newTag: 2c27fc6 # Updated by GitHub Actions