From 38cf2fb89116560d65ae57222ec0870dab237fd7 Mon Sep 17 00:00:00 2001 From: Mayne0213 Date: Sun, 28 Dec 2025 17:05:14 +0900 Subject: [PATCH] REFACTOR(app): extract kaniko manifest - Create deploy/kaniko/job.yaml as template - Use sed for template variable substitution - Remove inline YAML heredoc from workflow - Simplify workflow logic with template-based approach - Add resource limits for Kaniko container - Improve logging and error handling Benefits: - Better code organization and readability - Easier to maintain and test - Reusable manifest template - Version controlled configuration --- .gitea/workflows/build.yml | 110 ++++++++++--------------------------- deploy/kaniko/job.yaml | 72 ++++++++++++++++++++++++ 2 files changed, 101 insertions(+), 81 deletions(-) create mode 100644 deploy/kaniko/job.yaml diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index 39c3632..c79a399 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -85,99 +85,47 @@ jobs: # Prepare destination arguments DESTINATIONS="" while IFS= read -r tag; do - DESTINATIONS="$DESTINATIONS --destination=$tag" + DESTINATIONS="$DESTINATIONS\n - --destination=$tag" done <<< "$TAGS" - # Create temporary pod name - POD_NAME="kaniko-build-${{ github.run_number }}-$(date +%s)" + # Create unique build name + BUILD_NAME="kaniko-build-${{ github.run_number }}-$(date +%s)" - # Create Kaniko Job - cat < /tmp/kaniko-job.yaml + + echo "📋 Generated Kaniko Job manifest:" + cat /tmp/kaniko-job.yaml + + # Apply the Job + sudo kubectl apply -f /tmp/kaniko-job.yaml # Wait for job to complete - echo "Waiting for Kaniko job to complete..." - sudo kubectl wait --for=condition=complete --timeout=600s job/${POD_NAME} -n kaniko-builds || { - echo "Job failed or timed out. Showing logs:" - POD=$(sudo kubectl get pods -n kaniko-builds -l job-name=${POD_NAME} -o jsonpath='{.items[0].metadata.name}') + echo "⏳ Waiting for Kaniko job to complete..." + sudo kubectl wait --for=condition=complete --timeout=600s job/${BUILD_NAME} -n kaniko-builds || { + echo "❌ Job failed or timed out. Showing logs:" + POD=$(sudo kubectl get pods -n kaniko-builds -l job-name=${BUILD_NAME} -o jsonpath='{.items[0].metadata.name}') sudo kubectl logs -n kaniko-builds ${POD} --all-containers=true || true - sudo kubectl delete job ${POD_NAME} -n kaniko-builds || true - sudo kubectl delete configmap ${POD_NAME}-context -n kaniko-builds || true + sudo kubectl delete job ${BUILD_NAME} -n kaniko-builds || true + sudo kubectl delete configmap ${BUILD_NAME}-dockerfile -n kaniko-builds || true exit 1 } echo "✅ Image built successfully" - echo "digest=unknown" >> $GITHUB_OUTPUT + + # Get digest from logs + POD=$(sudo kubectl get pods -n kaniko-builds -l job-name=${BUILD_NAME} -o jsonpath='{.items[0].metadata.name}') + DIGEST=$(sudo kubectl logs -n kaniko-builds ${POD} -c kaniko 2>/dev/null | grep -oP 'digest: \K[a-zA-Z0-9:]+' | tail -1 || echo "unknown") + echo "digest=${DIGEST}" >> $GITHUB_OUTPUT # Cleanup - sudo kubectl delete job ${POD_NAME} -n kaniko-builds || true - sudo kubectl delete configmap ${POD_NAME}-context -n kaniko-builds || true + sudo kubectl delete job ${BUILD_NAME} -n kaniko-builds || true + sudo kubectl delete configmap ${BUILD_NAME}-dockerfile -n kaniko-builds || true - name: Extract SHA tag id: extract-tag diff --git a/deploy/kaniko/job.yaml b/deploy/kaniko/job.yaml new file mode 100644 index 0000000..2c50c1d --- /dev/null +++ b/deploy/kaniko/job.yaml @@ -0,0 +1,72 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: KANIKO_BUILD_NAME-dockerfile + namespace: kaniko-builds +data: + Dockerfile: | + # This will be replaced by the actual Dockerfile content + DOCKERFILE_CONTENT +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: KANIKO_BUILD_NAME + namespace: kaniko-builds +spec: + ttlSecondsAfterFinished: 600 + backoffLimit: 0 + template: + metadata: + labels: + app: kaniko-build + spec: + restartPolicy: Never + initContainers: + - name: prepare-context + image: alpine/git:latest + command: ["/bin/sh", "-c"] + args: + - | + git clone GIT_REPO_URL /workspace/repo + cd /workspace/repo + git checkout GIT_SHA + cp -r services/nextjs/* /workspace/build/ + cp deploy/docker/Dockerfile.prod /workspace/build/Dockerfile + volumeMounts: + - name: workspace + mountPath: /workspace + containers: + - name: kaniko + image: gcr.io/kaniko-project/executor:latest + args: + - --context=/workspace/build + - --dockerfile=/workspace/build/Dockerfile + - --cache=true + - --cache-repo=CACHE_REPO + - --compressed-caching=false + - --snapshot-mode=redo + - --use-new-run + - --verbosity=info + # DESTINATIONS will be added here + volumeMounts: + - name: workspace + mountPath: /workspace + - name: docker-config + mountPath: /kaniko/.docker + resources: + requests: + memory: "512Mi" + cpu: "500m" + limits: + memory: "2Gi" + cpu: "2000m" + volumes: + - name: workspace + emptyDir: {} + - name: docker-config + secret: + secretName: kaniko-registry-creds + items: + - key: .dockerconfigjson + path: config.json