From aafa7e04ed92f5561787a4ba957cdca7f266bdf0 Mon Sep 17 00:00:00 2001 From: Mayne0213 Date: Thu, 11 Dec 2025 20:03:10 +0900 Subject: [PATCH] FEAT(ci): migrate to gitea actions - Migrate workflows to Gitea Actions - Configure container registry push --- .gitea/workflows/build.yml | 181 +++++++++++++++++++++++++++++++++++++ .gitea/workflows/ci.yml | 45 +++++++++ 2 files changed, 226 insertions(+) create mode 100644 .gitea/workflows/build.yml create mode 100644 .gitea/workflows/ci.yml diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml new file mode 100644 index 0000000..b818ee5 --- /dev/null +++ b/.gitea/workflows/build.yml @@ -0,0 +1,181 @@ +name: Build Docker Image + +on: + push: + branches: [main, develop] + tags: + - 'v*' + workflow_dispatch: + +env: + REGISTRY: gitea0213.kro.kr + IMAGE_NAME: ${{ gitea.repository }} + +jobs: + build-and-push: + runs-on: ubuntu-24.04-arm + permissions: + contents: write + packages: write + + outputs: + image-tag: ${{ steps.meta.outputs.tags }} + image-digest: ${{ steps.build.outputs.digest }} + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to Gitea Container Registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ gitea.actor }} + password: ${{ secrets.GITEA_TOKEN }} + + - name: Lowercase repository name + id: lowercase + run: | + echo "repo=$(echo ${{ gitea.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT + + - name: Extract metadata (tags, labels) + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ steps.lowercase.outputs.repo }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=sha,prefix={{branch}}-sha-,format=long + type=raw,value=latest,enable={{is_default_branch}} + + - name: Build and push Docker image + id: build + uses: docker/build-push-action@v5 + with: + context: ./services/nextjs + file: ./deploy/docker/Dockerfile.prod + push: true + platforms: linux/arm64 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + + - name: Extract SHA tag + id: extract-tag + run: | + # Extract the SHA-based tag from the tags list + TAGS="${{ steps.meta.outputs.tags }}" + echo "All tags:" + echo "$TAGS" + echo "---" + + # Get commit SHA (full 40 characters) + COMMIT_SHA="${{ gitea.sha }}" + + # Get current branch name + BRANCH_NAME="${{ gitea.ref_name }}" + echo "Branch: $BRANCH_NAME" + + # Method 1: Extract the full SHA tag from docker/metadata-action output + # docker/metadata-action creates: -sha- + SHA_TAG=$(echo "$TAGS" | grep -oE "${BRANCH_NAME}-sha-[a-f0-9]{40}" | head -n 1) + + # Method 2: If not found, try to extract any branch-sha- tag (fallback) + if [ -z "$SHA_TAG" ]; then + SHA_TAG=$(echo "$TAGS" | grep -oE "${BRANCH_NAME}-sha-[a-f0-9]+" | head -n 1) + if [ -n "$SHA_TAG" ]; then + echo "⚠️ Found SHA tag (may not be full 40 chars): $SHA_TAG" + fi + fi + + # Method 3: Fallback to commit SHA directly (construct the tag) + if [ -z "$SHA_TAG" ]; then + SHA_TAG="${BRANCH_NAME}-sha-$COMMIT_SHA" + echo "⚠️ Could not extract from tags, using commit SHA: $SHA_TAG" + fi + + if [ -z "$SHA_TAG" ]; then + echo "❌ ERROR: Failed to extract SHA tag" + exit 1 + fi + + echo "sha-tag=$SHA_TAG" >> $GITHUB_OUTPUT + echo "✅ Extracted SHA tag: $SHA_TAG" + + - name: Update kustomization with new image tag + env: + GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} + run: | + git config --global user.name "gitea-actions[bot]" + git config --global user.email "gitea-actions[bot]@users.noreply.gitea.com" + + # Validate that SHA_TAG is not empty + SHA_TAG="${{ steps.extract-tag.outputs.sha-tag }}" + if [ -z "$SHA_TAG" ]; then + echo "❌ ERROR: SHA_TAG is empty, cannot update kustomization" + exit 1 + fi + + # Determine overlay based on branch + BRANCH_NAME="${{ gitea.ref_name }}" + if [ "$BRANCH_NAME" = "main" ]; then + OVERLAY="prod" + elif [ "$BRANCH_NAME" = "develop" ]; then + OVERLAY="dev" + else + echo "⚠️ Unknown branch: $BRANCH_NAME, skipping kustomization update" + exit 0 + fi + + KUSTOMIZATION_FILE="deploy/k8s/overlays/$OVERLAY/kustomization.yaml" + + # Check if kustomization file has images section + if grep -q "images:" "$KUSTOMIZATION_FILE"; then + echo "📝 Updating $KUSTOMIZATION_FILE with tag: $SHA_TAG" + + # Update kustomization.yaml with new image tag + # Handle both cases: newTag: (with value) and newTag: (empty) + sed -i.bak "s|newTag:.*|newTag: $SHA_TAG|" "$KUSTOMIZATION_FILE" + + # Verify the update was successful + if grep -q "newTag: $SHA_TAG" "$KUSTOMIZATION_FILE"; then + echo "✅ Successfully updated kustomization.yaml" + rm -f "$KUSTOMIZATION_FILE.bak" + else + echo "❌ ERROR: Failed to update kustomization.yaml" + cat "$KUSTOMIZATION_FILE" + exit 1 + fi + + # Commit and push if there are changes + if git diff --quiet; then + echo "No changes to commit" + else + git add "$KUSTOMIZATION_FILE" + git commit -m "Update $OVERLAY image to $SHA_TAG" + git push + echo "✅ Kustomization updated with new image tag: $SHA_TAG" + fi + else + echo "ℹ️ $OVERLAY overlay uses base image (latest tag), skipping kustomization update" + echo " Image built with tag: $SHA_TAG" + fi + + - name: Display image information + run: | + echo "✅ Image built and pushed successfully!" + echo "📦 Image tags:" + echo "${{ steps.meta.outputs.tags }}" + echo "🔖 SHA tag: ${{ steps.extract-tag.outputs.sha-tag }}" + echo "🔖 Digest: ${{ steps.build.outputs.digest }}" + echo "" + echo "🚀 Kustomization updated with new image tag" + echo " ArgoCD will automatically detect and deploy this new image" + echo " Monitor deployment at your ArgoCD dashboard" diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml new file mode 100644 index 0000000..e2879a5 --- /dev/null +++ b/.gitea/workflows/ci.yml @@ -0,0 +1,45 @@ +name: CI + +on: + push: + branches: [main, develop] + pull_request: + branches: [main, develop] + +jobs: + lint-and-build: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: '20' + cache: 'npm' + cache-dependency-path: services/nextjs/package-lock.json + + - name: Install dependencies + working-directory: services/nextjs + run: npm ci + + - name: Run ESLint + working-directory: services/nextjs + run: npm run lint + + - name: Build Next.js application + working-directory: services/nextjs + run: npm run build + env: + NEXT_TELEMETRY_DISABLED: 1 + + - name: Check build output + working-directory: services/nextjs + run: | + if [ ! -d ".next" ]; then + echo "Build failed: .next directory not found" + exit 1 + fi + echo "✅ Build completed successfully"