2a92a9095e
REFACTOR(ci): migrate from Kaniko to Buildah
...
Build and Push to Zot / build-and-push (push) Successful in 5m40s
- Replace Kaniko with Buildah for OCI-native builds
- Add --format oci flag for Zot compatibility
- Use privileged container for Buildah operations
2026-01-10 23:19:37 +09:00
551726823b
REFACTOR(ci): simplify to kaniko direct push
...
Build and Push to Zot / build-and-push (push) Has been cancelled
- Remove crane container and use kaniko direct push
- Mount dockerconfigjson secret for registry auth
- Fix zot manifest compatibility issue
2026-01-10 23:04:50 +09:00
2dfd4d3d76
FIX(ci): add error handling and debug logging
...
Build and Push to Zot / build-and-push (push) Has been cancelled
- Add -e flag to exit on error
- Add -x flag to trace commands
- Add ls command to verify image.tar exists
2026-01-10 22:58:05 +09:00
cd4f7a3316
FIX(ci): use busybox shell path in crane container
...
Build and Push to Zot / build-and-push (push) Successful in 5m32s
- Change shell path from /bin/sh to /busybox/sh
- Crane debug image uses busybox-based shell
2026-01-10 22:50:35 +09:00
2d81e1d9da
FIX(ci): use crane debug image for shell support
...
Build and Push to Zot / build-and-push (push) Has been cancelled
- Change crane image tag from latest to debug
- Debug tag includes busybox shell for script execution
2026-01-10 22:42:48 +09:00
9e2278c740
fix: use crane for OCI-compatible push to Zot
Build and Push to Zot / build-and-push (push) Failing after 15m1s
2026-01-10 22:09:56 +09:00
b7b5881e7e
fix: copy Dockerfile to nextjs for Kaniko context
Build and Push to Zot / build-and-push (push) Failing after 10m1s
2026-01-10 21:53:42 +09:00
08dd9221a8
fix: remove checkout step (node not available in host mode)
Build and Push to Zot / build-and-push (push) Failing after 10m1s
2026-01-10 21:27:23 +09:00
3e6cad692d
test: add test workflow
Build and Push to Zot / build-and-push (push) Failing after 1s
2026-01-10 21:25:53 +09:00
e62cb61abd
feat: Kaniko Job 기반 빌드로 전환
...
Build and Push to Zot / build-and-push (push) Failing after 3s
- Docker/DinD 의존성 제거
- Kubernetes Job으로 Kaniko 실행
- Zot 레지스트리로 이미지 푸시
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2026-01-10 21:16:16 +09:00
f4fc8253e1
feat: add Gitea Actions workflow for Zot registry
...
Build and Push to Zot / build-and-push (push) Has been cancelled
Replace GitHub Actions with Gitea Actions to build and push
Docker images to the Zot registry.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2026-01-10 20:41:04 +09:00
1fbd0467bd
REFACTOR(repo): simplify project structure
...
- Move services/nextjs/ to nextjs/
- Move Dockerfile.prod to Dockerfile at root
- Remove deploy/ folder (K8s manifests moved to K3S-HOME/web-apps)
- Remove .gitea/ workflows
- Update GitHub Actions for new structure
- Remove develop branch triggers
2026-01-05 02:00:36 +09:00
52712a4d32
PERF(app): optimize kubectl installation
...
- Check if kubectl already exists first
- Use specific version instead of querying stable.txt
- Show download progress
- Skip installation if already present
This should significantly reduce setup time if kubectl
is already included in the runner image
2025-12-28 18:04:14 +09:00
aec80456ef
PERF(config): improve kubeconfig decoding
...
- Remove all whitespace before decoding
- Try both -d and --decode options
- Fallback to using value as-is (if Gitea already decoded)
- Verify YAML validity before using
- Better error handling and diagnostics
2025-12-28 17:56:32 +09:00
9455c521cf
FEAT(config): add debugging for kubeconfig secret
...
- Check if secret is set and show helpful error
- Handle both single-line and multi-line base64
- Show secret length and preview for debugging
- Provide direct link to secrets settings
2025-12-28 17:53:27 +09:00
2a42104912
CHORE(app): use kaniko as separate job
...
Architecture (Option 3 - Recommended):
Runner Pod (DinD maintained)
└─ kubectl create job
└─ Kaniko Pod (isolated)
Benefits:
- Resource isolation
- Parallel builds possible
- Build failures don't affect runner
- Pod-level isolation
- Proper security boundaries
Changes:
- Restore kubectl and kubeconfig setup
- Use kubeconfig from Gitea Secret
- Create Kaniko Job in separate namespace
- Wait for Job completion
- Proper cleanup after build
Infrastructure (already deployed via ArgoCD):
- kaniko-builds namespace
- RBAC for gitea runner ServiceAccount
- Proper permission boundaries
2025-12-28 17:43:22 +09:00
619eabf4c4
CHORE(docker): run kaniko directly
...
Remove Kubernetes complexity:
- Remove kubectl installation and setup
- Remove kubeconfig generation
- Remove Kubernetes Job creation
- Use docker run to execute Kaniko directly
Benefits:
- Much simpler workflow
- No Kubernetes API access needed
- No RBAC complexity in workflow
- Faster execution (no Job overhead)
- Kaniko still builds without Docker daemon
Note: Kaniko infrastructure (namespace, RBAC) kept via
ArgoCD for potential future use or manual kubectl access
2025-12-28 17:40:59 +09:00
7b0f520e54
FIX(k8s): in-cluster kubeconfig access
...
- Set KUBECONFIG env at job level for all steps
- Generate kubeconfig from ServiceAccount token
- Use tokenFile reference for automatic token renewal
- Set proper cluster CA and server URL
- Test connection after setup
This ensures kubectl works correctly inside K8s Pod runner
2025-12-28 17:38:14 +09:00
37a7dbd561
CHORE(deploy): use argocd for kaniko
...
Infrastructure as Code:
- Add Kaniko namespace and RBAC manifests
- Create ArgoCD Application for Kaniko infrastructure
- Kustomize configuration for Kaniko resources
Workflow improvements:
- Remove kubeconfig dependency
- Use in-cluster ServiceAccount (runner runs in K8s)
- Remove all sudo commands
- Simplify Kubernetes access
GitOps workflow:
1. Push manifests to Git
2. ArgoCD auto-syncs infrastructure
3. Gitea runner uses ServiceAccount permissions
4. Kaniko builds run in kaniko-builds namespace
Benefits:
- True GitOps approach
- No secrets management needed
- Declarative infrastructure
- ArgoCD handles reconciliation
- Audit trail in Git
2025-12-28 17:36:10 +09:00
363f71d4a6
REFACTOR(config): use gitea kubeconfig
...
- Remove local kubeconfig detection logic
- Use KUBECONFIG secret from Gitea
- Decode base64-encoded kubeconfig
- Simplify setup and improve security
2025-12-28 17:08:24 +09:00
bf62077841
FIX(config): kubeconfig setup with fallback logic
...
- Add checks for kubeconfig file existence
- Try multiple methods to locate kubeconfig
- Add debugging output for troubleshooting
- Test kubectl connection with fallback to sudo
2025-12-28 17:06:43 +09:00
38cf2fb891
REFACTOR(app): extract kaniko manifest
...
- Create deploy/kaniko/job.yaml as template
- Use sed for template variable substitution
- Remove inline YAML heredoc from workflow
- Simplify workflow logic with template-based approach
- Add resource limits for Kaniko container
- Improve logging and error handling
Benefits:
- Better code organization and readability
- Easier to maintain and test
- Reusable manifest template
- Version controlled configuration
2025-12-28 17:05:14 +09:00
6bf3bff394
FEAT(config): add kubectl and kubeconfig
...
- Install kubectl if not available
- Setup kubeconfig from K3s
- Verify cluster access
2025-12-28 17:01:27 +09:00
9316f068a4
REFACTOR(docker): use kaniko on k8s
...
- Remove Docker dependency completely
- Execute Kaniko as Kubernetes Job in kaniko-builds namespace
- Use init container to clone source code from Git
- Share build context via EmptyDir volume
- Manage registry credentials as Kubernetes Secret
- Add job completion wait and cleanup logic
Benefits:
- No Docker daemon required (true Kaniko usage)
- Cloud-native build process
- Better isolation and security
- Automatic cleanup with ttlSecondsAfterFinished
2025-12-28 16:59:57 +09:00
826ed70e79
FIX(docker): use kaniko executor binary
...
- Download Kaniko executor binary directly
- Remove docker run dependency
- Use absolute paths instead of container volume mounts
- Fixes Docker daemon connection error
2025-12-28 16:54:14 +09:00
e34b91e285
CHORE(build): switch to kaniko builds
...
- Replace Docker build with Kaniko
- Enable secure rootless container builds
2025-12-20 14:02:23 +09:00
673921be5c
REFACTOR(auth): use gitearegistry secret
...
- Change to gitearegistry secret for authentication
- Update registry credentials
2025-12-20 13:04:10 +09:00
c411a6499b
REFACTOR(auth): use gitea secret
...
- Use Gitea-provided secret for registry authentication
- Simplify credential management
2025-12-20 12:45:02 +09:00
2101818450
REFACTOR(auth): use GITEA_PACKAGE_TOKEN
...
- Change to GITEA_PACKAGE_TOKEN for authentication
- Update registry login method
2025-12-20 12:42:20 +09:00
1db60d59ea
FIX(ci): fix gitea registry login
...
- Use github.token for Gitea registry authentication
- Fix CI authentication
2025-12-20 12:38:57 +09:00
ce5894d2be
CHORE(app): switch to Gitea container registry
...
- Migrate from ghcr.io to Gitea registry
- Update image references
2025-12-20 12:29:16 +09:00
5aafac4f7f
FEAT(ci): add Gitea Actions workflow with ghcr.io
...
- Add CI/CD workflow for Gitea Actions
- Configure ghcr.io registry push
2025-12-12 00:17:49 +09:00
35f250eaa1
CHORE(docker): use standard docker build
...
- Use standard docker build for DinD compatibility
- Simplify build process
2025-12-11 23:05:47 +09:00
6480925d47
FIX(ci): fix Gitea Actions context variables
...
- Use github.* instead of gitea.* context
- Fix workflow variable references
2025-12-11 22:59:58 +09:00
5bce035df6
FEAT(ci): migrate to gitea actions
...
- Migrate workflows to Gitea Actions
- Configure container registry push
2025-12-11 19:59:26 +09:00
4de90ec898
FEAT(ci): add Gitea Actions workflows
...
- Add CI and build workflows for Gitea
- Enable automated builds
2025-12-11 11:48:52 +09:00
