Compare commits

...

1 Commits

Author SHA1 Message Date
43afad7dba deploy
All checks were successful
Build and Push Container Image / build-and-push (push) Successful in 8m29s
2026-05-23 03:05:16 +02:00
11 changed files with 268 additions and 0 deletions

View File

@@ -0,0 +1,82 @@
name: Build and Push Container Image
on:
push:
branches:
- main
paths-ignore:
- "deploy/**"
env:
REGISTRY: reg.milasholsting.dk
IMAGE_NAME: apps/mal
jobs:
build-and-push:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
config-inline: |
[registry."reg.milasholsting.dk"]
http = false
insecure = true
- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=sha,prefix=sha-,format=short
type=raw,value=latest
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Install Kustomize
run: |
curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash
sudo mv kustomize /usr/local/bin/
- name: Update Kustomize
run: |
IMAGE_TAG=$(echo '${{ steps.meta.outputs.json }}' | jq -r '.tags[] | select(startswith("reg.milasholsting.dk/apps/mal:sha-"))' | cut -d: -f2)
echo "Targeting Tag: $IMAGE_TAG"
cd deploy/overlays/production
kustomize edit set image main=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:$IMAGE_TAG
- name: Commit and Push Change
run: |
git config user.name "Gitea Action"
git config user.email "actions@gitea.io"
git add deploy/overlays/production/kustomization.yaml
if git diff --staged --quiet; then
echo "No changes to commit"
else
git commit -m "chore(deploy): update image to ${{ steps.meta.outputs.version }}"
git push origin main
fi

0
deploy/.gitkeep Normal file
View File

View File

@@ -0,0 +1,12 @@
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: mal-app
spec:
type: kv-v2
mount: secret
path: mal
destination:
name: mal
create: true
refreshAfter: 1h

11
deploy/base/cert.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: mal-tls
spec:
secretName: mal-tls
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
dnsNames:
- mal.melosh.tech

View File

@@ -0,0 +1,72 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: mal
labels:
app: mal
spec:
replicas: 1
selector:
matchLabels:
app: mal
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: mal
labels:
app: mal
spec:
containers:
- name: mal
image: main
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3000
name: http
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 100m
memory: 100Mi
livenessProbe:
tcpSocket:
port: 3000
initialDelaySeconds: 5
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
periodSeconds: 10
readinessProbe:
tcpSocket:
port: 3000
initialDelaySeconds: 2
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
periodSeconds: 10
env:
- name: DATABASE_FILE
value: /app/data/mal.db
- name: GIN_MODE
value: release
- name: PLAYBACK_PROXY_SECRET
valueFrom:
secretKeyRef:
name: mal
key: PLAYBACK_PROXY_SECRET
volumeMounts:
- name: data
mountPath: /app/data
volumes:
- name: data
persistentVolumeClaim:
claimName: mal-data
restartPolicy: Always

16
deploy/base/ingress.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mal-ingress
spec:
entryPoints:
- websecure
- web
routes:
- match: Host(`mal.melosh.tech`)
kind: Rule
services:
- name: mal
port: 3000
tls:
secretName: mal-tls

View File

@@ -0,0 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: mal
resources:
- ./deployment.yaml
- ./ingress.yaml
- ./cert.yaml
- ./service.yaml
- ./pvc.yaml
- ./app-secret.yaml

10
deploy/base/pvc.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mal-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi

14
deploy/base/service.yaml Normal file
View File

@@ -0,0 +1,14 @@
# https://kubernetes.io/docs/concepts/services-networking/service/
apiVersion: v1
kind: Service
metadata:
name: mal
spec:
selector:
app: mal
type: ClusterIP
ports:
- name: mal
protocol: TCP
port: 3000
targetPort: 3000

View File

@@ -0,0 +1,20 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: mal
spec:
replicas: 1
template:
spec:
containers:
- name: mal
resources:
limits:
cpu: "1"
memory: "1Gi"
requests:
cpu: "500m"
memory: "512Mi"
env:
- name: ENV
value: production

View File

@@ -0,0 +1,20 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
# 1. Point to the base manifests
resources:
- ../../base
# 2. Apply the production-specific changes
patches:
- path: deployment.yaml
target:
kind: Deployment
name: mal
namespace: mal
images:
- name: main
newName: reg.milasholsting.dk/apps/mal
newTag: latest