feat: Kaniko Job 기반 빌드로 전환

- Docker/DinD 의존성 제거 - Kubernetes Job으로 Kaniko 실행 - Zot 레지스트리로 이미지 푸시 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-10 21:16:16 +09:00
parent f4fc8253e1
commit e62cb61abd
1 changed files with 42 additions and 18 deletions
--- a/.gitea/workflows/build-push.yaml
+++ b/.gitea/workflows/build-push.yaml
@@ -16,23 +16,47 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v4

-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+      - name: Create Kaniko Job
+        run: |
+          cat <<EOF | kubectl apply -f -
+          apiVersion: batch/v1
+          kind: Job
+          metadata:
+            name: kaniko-jovies-${GITHUB_SHA:0:7}
+            namespace: gitea
+          spec:
+            ttlSecondsAfterFinished: 300
+            backoffLimit: 0
+            template:
+              spec:
+                containers:
+                - name: kaniko
+                  image: gcr.io/kaniko-project/executor:latest
+                  args:
+                  - "--context=git://github0213.com/Mayne0213/jovies.git#refs/heads/main"
+                  - "--dockerfile=Dockerfile"
+                  - "--context-sub-path=nextjs"
+                  - "--destination=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest"
+                  - "--destination=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${GITHUB_SHA}"
+                  volumeMounts:
+                  - name: docker-config
+                    mountPath: /kaniko/.docker
+                volumes:
+                - name: docker-config
+                  secret:
+                    secretName: zot-registry-credentials
+                    items:
+                    - key: .dockerconfigjson
+                      path: config.json
+                restartPolicy: Never
+          EOF

-      - name: Login to Zot Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ secrets.ZOT_USERNAME }}
-          password: ${{ secrets.ZOT_PASSWORD }}
+      - name: Wait for Kaniko Job
+        run: |
+          kubectl wait --for=condition=complete job/kaniko-jovies-${GITHUB_SHA:0:7} -n gitea --timeout=600s || \
+          (kubectl logs job/kaniko-jovies-${GITHUB_SHA:0:7} -n gitea && exit 1)

-      - name: Build and Push
-        uses: docker/build-push-action@v5
-        with:
-          context: ./nextjs
-          file: ./Dockerfile
-          platforms: linux/arm64
-          push: true
-          tags: |
-            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
-            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
+      - name: Cleanup
+        if: always()
+        run: |
+          kubectl delete job kaniko-jovies-${GITHUB_SHA:0:7} -n gitea --ignore-not-found