Clubpetro-Lab/vanna-clubpetro
9
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Clubpetro-Lab:main
Branches Tags
Clubpetro-Lab:main
Clubpetro-Lab:fix/cloudbuild-quota-project
Clubpetro-Lab:fix/restore-cloud-build
Clubpetro-Lab:fix/welcome-message-bold
Clubpetro-Lab:fix/kaniko-build
Clubpetro-Lab:fix/cloud-build
Clubpetro-Lab:fix/install-docker-kubectl
Clubpetro-Lab:fix/cd-workflow-condition
Clubpetro-Lab:chore/initial-deploy
..
compare: Clubpetro-Lab:fix/welcome-message-bold
Branches Tags
Clubpetro-Lab:main
Clubpetro-Lab:fix/cloudbuild-quota-project
Clubpetro-Lab:fix/restore-cloud-build
Clubpetro-Lab:fix/welcome-message-bold
Clubpetro-Lab:fix/kaniko-build
Clubpetro-Lab:fix/cloud-build
Clubpetro-Lab:fix/install-docker-kubectl
Clubpetro-Lab:fix/cd-workflow-condition
Clubpetro-Lab:chore/initial-deploy

No commits in common. "main" and "fix/welcome-message-bold" have entirely different histories.
main ... fix/welcom

2 changed files with 46 additions and 48 deletions
Show Stats Expand all files Collapse all files

92
.gitea/workflows/cd.yml
View File

@ -6,16 +6,53 @@ on:
pull_request: pull_request:
env: env:
IMAGE_BASE: ${{ secrets.AR_LOCATION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/${{ secrets.AR_REPO }} IMG: ${{ secrets.AR_LOCATION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/${{ secrets.AR_REPO }}/${{ gitea.event.repository.name }}:lab-${{ gitea.run_number }}
jobs: jobs:
# Build + push da imagem usando Kaniko (sem Docker daemon, sem Cloud Build).
# Roda dentro da imagem oficial do Kaniko que tem busybox + binary executor.
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container:
image: gcr.io/kaniko-project/executor:v1.23.2-debug
steps:
- uses: actions/checkout@v4
- name: Auth Artifact Registry + Build & Push (kaniko)
run: |
set -e
mkdir -p /kaniko/.docker
# Grava a chave da SA em arquivo via heredoc (preserva quebras/aspas)
cat > /tmp/sa.json <<'__SA_EOF__'
${{ secrets.GCP_SA_KEY }}
__SA_EOF__
# Docker config: Basic Auth com user `_json_key` + JSON da SA
AUTH_B64=$(printf '_json_key:%s' "$(cat /tmp/sa.json)" | base64 -w0)
cat > /kaniko/.docker/config.json <<EOF
{
"auths": {
"${{ secrets.AR_LOCATION }}-docker.pkg.dev": { "auth": "${AUTH_B64}" }
}
}
EOF
/kaniko/executor \
--context dir://. \
--dockerfile Dockerfile \
--destination "${IMG}" \
--cache=true \
--cache-ttl=168h \
--snapshot-mode=redo \
--use-new-run
# Deploy só roda em push pra master/main, depois do build OK.
# Usa runner default (node:18-bullseye) — instala kubectl + gke-auth-plugin.
deploy:
runs-on: ubuntu-latest
needs: build
if: github.event_name == 'push'
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
# Instala kubectl + auth plugin (gcloud já vem via setup-gcloud).
# Build é feito remoto via Cloud Build (não precisa Docker no runner).
- name: Install kubectl + gke-auth-plugin - name: Install kubectl + gke-auth-plugin
run: | run: |
apt-get update -qq apt-get update -qq
@ -36,63 +73,24 @@ jobs:
with: with:
project_id: ${{ secrets.GCP_PROJECT }} project_id: ${{ secrets.GCP_PROJECT }}
- name: Build & push (Cloud Build, sem Docker local) - name: Deploy hml2
run: |
set -e
IMG="${IMAGE_BASE}/${{ gitea.event.repository.name }}:lab-${{ gitea.run_number }}"
# --gcs-source-staging-dir: pula o auto-detect que precisa de
# storage.buckets.list (project-scope). gitea-cd só tem grant
# na bucket _cloudbuild, não no projeto inteiro.
# --async: gcloud retorna assim que o build é enfileirado. Sem
# isso, gcloud tenta streamar Cloud Logging, exige Viewer/Owner
# no projeto, e --suppress-logs nessa versão do CLI ainda dá
# exit != 0 quando não consegue ler. Polling abaixo é o trade.
BUILD_ID=$(gcloud builds submit \
--tag "$IMG" \
--project=${{ secrets.GCP_PROJECT }} \
--timeout=30m \
--gcs-source-staging-dir="gs://${{ secrets.GCP_PROJECT }}_cloudbuild/source" \
--async \
--format="value(id)")
echo "Cloud Build kicked off: $BUILD_ID"
# Poll até terminar. gcloud builds describe usa cloudbuild.builds.get
# (já incluído em roles/cloudbuild.builds.editor).
while true; do
STATUS=$(gcloud builds describe "$BUILD_ID" \
--project=${{ secrets.GCP_PROJECT }} \
--region=global \
--format="value(status)")
echo "[$(date -u +%H:%M:%S)] build $BUILD_ID: $STATUS"
case "$STATUS" in
SUCCESS) break ;;
FAILURE|INTERNAL_ERROR|TIMEOUT|CANCELLED|EXPIRED)
echo "::error::Cloud Build $STATUS — ver console: https://console.cloud.google.com/cloud-build/builds/$BUILD_ID?project=${{ secrets.GCP_PROJECT }}"
exit 1
;;
esac
sleep 15
done
echo "IMG=$IMG" >> $GITHUB_ENV
- name: Deploy hml2 (apenas em push pra master/main)
if: github.event_name == 'push'
env: env:
USE_GKE_GCLOUD_AUTH_PLUGIN: "True" USE_GKE_GCLOUD_AUTH_PLUGIN: "True"
run: | run: |
gcloud container clusters get-credentials ${{ secrets.GKE_CLUSTER }} --region ${{ secrets.GKE_REGION }} --project ${{ secrets.GCP_PROJECT }} gcloud container clusters get-credentials ${{ secrets.GKE_CLUSTER }} --region ${{ secrets.GKE_REGION }} --project ${{ secrets.GCP_PROJECT }}
NS=${{ secrets.K8S_NAMESPACE }} NS=${{ secrets.K8S_NAMESPACE }}
# 1) Aplica manifests (idempotente — cria PVC/Service/Ingress/Deployment se faltarem) # 1) Aplica manifests (idempotente)
if [ -d k8s ]; then if [ -d k8s ]; then
kubectl apply -n "$NS" -f k8s/ kubectl apply -n "$NS" -f k8s/
fi fi
# 2) Atualiza image # 2) Atualiza imagem
DEPLOYMENT="${{ gitea.event.repository.name }}-deployment" DEPLOYMENT="${{ gitea.event.repository.name }}-deployment"
if kubectl get deployment "$DEPLOYMENT" -n "$NS" >/dev/null 2>&1; then if kubectl get deployment "$DEPLOYMENT" -n "$NS" >/dev/null 2>&1; then
CONTAINER=$(kubectl get deployment "$DEPLOYMENT" -n "$NS" -o jsonpath='{.spec.template.spec.containers[0].name}') CONTAINER=$(kubectl get deployment "$DEPLOYMENT" -n "$NS" -o jsonpath='{.spec.template.spec.containers[0].name}')
kubectl set image deployment/"$DEPLOYMENT" -n "$NS" "$CONTAINER=$IMG" kubectl set image deployment/"$DEPLOYMENT" -n "$NS" "$CONTAINER=${IMG}"
kubectl rollout status deployment/"$DEPLOYMENT" -n "$NS" --timeout=600s kubectl rollout status deployment/"$DEPLOYMENT" -n "$NS" --timeout=600s
else else
echo "Deployment $DEPLOYMENT não existe no ns $NS pulei set image (provavelmente é o 1º deploy e o kubectl apply acabou de criar)" echo "Deployment $DEPLOYMENT não existe — kubectl apply acabou de criar (1º deploy)"
fi fi

2
Dockerfile
View File

@ -7,7 +7,7 @@ ARG VANNA_UPSTREAM_COMMIT=365d0617c1a4567ffee1b19b40c27feb4206bfcf
# ============================================================================ # ============================================================================
# Stage 1 — webcomponent (Node) # Stage 1 — webcomponent (Node)
# ============================================================================ # ============================================================================
FROM node:20-bookworm-slim AS webcomponent FROM node:18-bookworm-slim AS webcomponent
ARG VANNA_UPSTREAM_COMMIT ARG VANNA_UPSTREAM_COMMIT
RUN apt-get update && apt-get install -y --no-install-recommends git ca-certificates \ RUN apt-get update && apt-get install -y --no-install-recommends git ca-certificates \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*