philipp/doran
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: build images with kaniko in cluster

Browse source
This commit is contained in:
Philipp 2026-03-28 20:58:32 +01:00
parent eb29cad8a7
commit 3483579a81
1 changed files with 64 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

85
.forgejo/workflows/deploy.yml
View file

@ -14,23 +14,11 @@ jobs:
PROJECT_NAME: ${{ vars.PROJECT_NAME || 'unrip' }} PROJECT_NAME: ${{ vars.PROJECT_NAME || 'unrip' }}
PROJECT_NAMESPACE: ${{ vars.PROJECT_NAMESPACE || vars.PROJECT_NAME || 'unrip' }} PROJECT_NAMESPACE: ${{ vars.PROJECT_NAMESPACE || vars.PROJECT_NAME || 'unrip' }}
PROJECT_DEPLOYMENTS: ${{ vars.PROJECT_DEPLOYMENTS || 'near-intents-ingest,dummy-reactor,dummy-executor,dummy-consumer' }} PROJECT_DEPLOYMENTS: ${{ vars.PROJECT_DEPLOYMENTS || 'near-intents-ingest,dummy-reactor,dummy-executor,dummy-consumer' }}
BUILDAH_ISOLATION: chroot REPO_CLONE_URL: ${{ github.server_url }}/${{ github.repository }}.git
STORAGE_DRIVER: vfs
steps: steps:
- name: Install tooling - name: Install tooling
run: | run: |
apk add --no-cache buildah kubectl netavark aardvark-dns apk add --no-cache kubectl
- name: Checkout
env:
REPO_URL: ${{ github.server_url }}/${{ github.repository }}.git
REPO_TOKEN: ${{ github.token }}
run: |
rm -rf .git
git init .
git remote add origin "https://oauth2:${REPO_TOKEN}@${REPO_URL#https://}"
git fetch --depth=1 origin "$GITHUB_SHA"
git checkout --detach FETCH_HEAD
- name: Load kubeconfig - name: Load kubeconfig
run: | run: |
@ -38,23 +26,78 @@ jobs:
printf '%s' '${{ secrets.KUBECONFIG_B64 }}' | base64 -d > "$HOME/.kube/config" printf '%s' '${{ secrets.KUBECONFIG_B64 }}' | base64 -d > "$HOME/.kube/config"
kubectl get ns kubectl get ns
- name: Login to registry
run: |
buildah login -u '${{ secrets.REGISTRY_USERNAME }}' -p '${{ secrets.REGISTRY_PASSWORD }}' "$REGISTRY_HOST"
- name: Resolve deployment settings - name: Resolve deployment settings
run: | run: |
IMAGE="$REGISTRY_HOST/$PROJECT_NAME:$IMAGE_TAG" IMAGE="$REGISTRY_HOST/$PROJECT_NAME:$IMAGE_TAG"
BUILD_JOB="image-build-${GITHUB_SHA:0:12}"
{ {
echo "IMAGE=$IMAGE" echo "IMAGE=$IMAGE"
echo "BUILD_JOB=$BUILD_JOB"
echo "PROJECT_NAMESPACE=$PROJECT_NAMESPACE" echo "PROJECT_NAMESPACE=$PROJECT_NAMESPACE"
echo "PROJECT_DEPLOYMENTS=$PROJECT_DEPLOYMENTS" echo "PROJECT_DEPLOYMENTS=$PROJECT_DEPLOYMENTS"
} >> "$GITHUB_ENV" } >> "$GITHUB_ENV"
- name: Build and push image - name: Build and push image in-cluster
env:
REPO_TOKEN: ${{ github.token }}
run: | run: |
buildah bud --storage-driver "$STORAGE_DRIVER" --network host -t "$IMAGE" . cat <<EOF | kubectl apply -f -
buildah push --storage-driver "$STORAGE_DRIVER" "$IMAGE" "docker://$IMAGE" apiVersion: batch/v1
kind: Job
metadata:
name: ${BUILD_JOB}
namespace: ${PROJECT_NAMESPACE}
spec:
backoffLimit: 0
ttlSecondsAfterFinished: 3600
template:
spec:
restartPolicy: Never
volumes:
- name: workspace
emptyDir: {}
- name: registry-creds
secret:
secretName: unrip-registry-creds
items:
- key: .dockerconfigjson
path: config.json
initContainers:
- name: checkout
image: alpine/git:2.47.2
env:
- name: REPO_TOKEN
value: ${REPO_TOKEN}
- name: REPO_CLONE_URL
value: ${REPO_CLONE_URL}
- name: GITHUB_SHA
value: ${GITHUB_SHA}
command: ["/bin/sh", "-lc"]
args:
- >-
git clone --depth=1 "https://oauth2:${REPO_TOKEN}@${REPO_CLONE_URL#https://}" /workspace &&
cd /workspace &&
git fetch --depth=1 origin "${GITHUB_SHA}" &&
git checkout --detach "${GITHUB_SHA}"
volumeMounts:
- name: workspace
mountPath: /workspace
containers:
- name: kaniko
image: gcr.io/kaniko-project/executor:v1.23.2-debug
args:
- --context=/workspace
- --dockerfile=/workspace/Dockerfile
- --destination=${IMAGE}
- --cache=true
volumeMounts:
- name: workspace
mountPath: /workspace
- name: registry-creds
mountPath: /kaniko/.docker
EOF
kubectl -n "$PROJECT_NAMESPACE" wait --for=condition=Complete --timeout=20m "job/$BUILD_JOB"
kubectl -n "$PROJECT_NAMESPACE" logs "job/$BUILD_JOB"
- name: Roll deployments to new image - name: Roll deployments to new image
run: | run: |