Mayne0213/jovies
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CHORE(build): switch to kaniko builds

Browse Source 
- Replace Docker build with Kaniko
- Enable secure rootless container builds
This commit is contained in:
Mayne0213
2025-12-20 13:14:05 +09:00
parent ba2ef73bfb
commit e34b91e285
3 changed files with 27 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
.gitea/workflows/build.yml
View File

@@ -10,7 +10,6 @@ on:
env: env:
REGISTRY: gitea0213.kro.kr REGISTRY: gitea0213.kro.kr
IMAGE_NAME: ${{ github.repository }} IMAGE_NAME: ${{ github.repository }}
DOCKER_HOST: tcp://172.17.0.1:2375
jobs: jobs:
build-and-push: build-and-push:
@@ -27,9 +26,10 @@ jobs:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Log in to Gitea Container Registry - name: Prepare Kaniko credentials
run: | run: |
echo "${{ secrets.GITEAREGISTRY}}" | docker login ${{ env.REGISTRY }} -u bluemayne --password-stdin mkdir -p /tmp/kaniko-config
echo "{\"auths\":{\"${{ env.REGISTRY }}\":{\"auth\":\"$(echo -n bluemayne:${{ secrets.GITEAREGISTRY }} | base64)\"}}}" > /tmp/kaniko-config/config.json
- name: Lowercase repository name - name: Lowercase repository name
id: lowercase id: lowercase
@@ -49,33 +49,34 @@ jobs:
type=sha,prefix={{branch}}-sha-,format=long type=sha,prefix={{branch}}-sha-,format=long
type=raw,value=latest,enable={{is_default_branch}} type=raw,value=latest,enable={{is_default_branch}}
- name: Build and push Docker image - name: Build and push with Kaniko
id: build id: build
run: | run: |
TAGS="${{ steps.meta.outputs.tags }}" TAGS="${{ steps.meta.outputs.tags }}"
# Build the image # Prepare destination arguments for all tags
docker build \ DESTINATIONS=""
-t $(echo "$TAGS" | head -n 1) \ while IFS= read -r tag; do
-f ./deploy/docker/Dockerfile.prod \ DESTINATIONS="$DESTINATIONS --destination=$tag"
./services/nextjs done <<< "$TAGS"
# Tag all versions # Build and push with Kaniko (with cache)
docker run --rm \
-v $(pwd):/workspace \
-v /tmp/kaniko-config:/kaniko/.docker:ro \
gcr.io/kaniko-project/executor:arm64-latest \
--context=/workspace/services/nextjs \
--dockerfile=/workspace/deploy/docker/Dockerfile.prod \
$DESTINATIONS \
--cache=true \
--cache-repo=${{ env.REGISTRY }}/${{ steps.lowercase.outputs.repo }}/cache \
--compressed-caching=false \
--snapshot-mode=redo \
--use-new-run
# Get first tag for digest extraction
FIRST_TAG=$(echo "$TAGS" | head -n 1) FIRST_TAG=$(echo "$TAGS" | head -n 1)
echo "$TAGS" | while read tag; do echo "digest=unknown" >> $GITHUB_OUTPUT
if [ "$tag" != "$FIRST_TAG" ]; then
docker tag "$FIRST_TAG" "$tag"
fi
done
# Push all tags
echo "$TAGS" | while read tag; do
docker push "$tag"
done
# Get digest
DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' "$FIRST_TAG" | cut -d'@' -f2)
echo "digest=$DIGEST" >> $GITHUB_OUTPUT
- name: Extract SHA tag - name: Extract SHA tag
id: extract-tag id: extract-tag

2
deploy/k8s/overlays/dev/kustomization.yaml
View File

@@ -14,7 +14,7 @@ commonLabels:
# 이미지 태그 설정 # 이미지 태그 설정
images: images:
- name: ghcr.io/mayne0213/jovies - name: ghcr.io/mayne0213/jovies
newTag: develop-sha-2e9b27379f5556743af359fe5024cd22c957166d newTag: develop-sha-bed2d09069c0a4a2f83dfd74a8489dcf67625a7d
patchesStrategicMerge: patchesStrategicMerge:
- deployment-patch.yaml - deployment-patch.yaml

2
deploy/k8s/overlays/prod/kustomization.yaml
View File

@@ -13,7 +13,7 @@ commonLabels:
# 이미지 태그 설정 # 이미지 태그 설정
images: images:
- name: ghcr.io/mayne0213/jovies - name: ghcr.io/mayne0213/jovies
newTag: main-sha-4fcc3975ab084dd7a9a2c25457a27046ba7c33a2 newTag: main-sha-beff07e89351858d72b29bc48cd27fb40fce97dd
patchesStrategicMerge: patchesStrategicMerge:
- deployment-patch.yaml - deployment-patch.yaml