- Remove all whitespace before decoding
- Try both -d and --decode options
- Fallback to using value as-is (if Gitea already decoded)
- Verify YAML validity before using
- Better error handling and diagnostics
- Check if secret is set and show helpful error
- Handle both single-line and multi-line base64
- Show secret length and preview for debugging
- Provide direct link to secrets settings
Remove Kubernetes complexity:
- Remove kubectl installation and setup
- Remove kubeconfig generation
- Remove Kubernetes Job creation
- Use docker run to execute Kaniko directly
Benefits:
- Much simpler workflow
- No Kubernetes API access needed
- No RBAC complexity in workflow
- Faster execution (no Job overhead)
- Kaniko still builds without Docker daemon
Note: Kaniko infrastructure (namespace, RBAC) kept via
ArgoCD for potential future use or manual kubectl access
- Set KUBECONFIG env at job level for all steps
- Generate kubeconfig from ServiceAccount token
- Use tokenFile reference for automatic token renewal
- Set proper cluster CA and server URL
- Test connection after setup
This ensures kubectl works correctly inside K8s Pod runner
- Add checks for kubeconfig file existence
- Try multiple methods to locate kubeconfig
- Add debugging output for troubleshooting
- Test kubectl connection with fallback to sudo
- Create deploy/kaniko/job.yaml as template
- Use sed for template variable substitution
- Remove inline YAML heredoc from workflow
- Simplify workflow logic with template-based approach
- Add resource limits for Kaniko container
- Improve logging and error handling
Benefits:
- Better code organization and readability
- Easier to maintain and test
- Reusable manifest template
- Version controlled configuration
