Clubpetro-Lab/vanna-clubpetro
9
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
f61b1a05e5
vanna-clubpetro/.gitea/workflows/cd.yml
Dalton Alvarenga 9a6c43edfc
Some checks failed
CD / build (pull_request) Failing after 1s
Details
CD / deploy (pull_request) Has been skipped
Details
fix(ci): build com Kaniko (sem Docker daemon, sem Cloud Build, sem IAM novo) 
Job 1 (build) roda dentro da imagem gcr.io/kaniko-project/executor:debug
e usa _json_key auth do AR. Job 2 (deploy) é runner default + kubectl
e depende do build via 'needs'.
2026-05-06 10:19:19 -03:00

97 lines
3.6 KiB
YAML
Raw Blame History

name: CD
on:
push:
branches: [master, main]
pull_request:
env:
IMG: ${{ secrets.AR_LOCATION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/${{ secrets.AR_REPO }}/${{ gitea.event.repository.name }}:lab-${{ gitea.run_number }}
jobs:
# Build + push da imagem usando Kaniko (sem Docker daemon, sem Cloud Build).
# Roda dentro da imagem oficial do Kaniko que tem busybox + binary executor.
build:
runs-on: ubuntu-latest
container:
image: gcr.io/kaniko-project/executor:v1.23.2-debug
steps:
- uses: actions/checkout@v4
- name: Auth Artifact Registry + Build & Push (kaniko)
run: |
set -e
mkdir -p /kaniko/.docker
# Grava a chave da SA em arquivo via heredoc (preserva quebras/aspas)
cat > /tmp/sa.json <<'__SA_EOF__'
${{ secrets.GCP_SA_KEY }}
__SA_EOF__
# Docker config: Basic Auth com user `_json_key` + JSON da SA
AUTH_B64=$(printf '_json_key:%s' "$(cat /tmp/sa.json)" | base64 -w0)
cat > /kaniko/.docker/config.json <<EOF
{
"auths": {
"${{ secrets.AR_LOCATION }}-docker.pkg.dev": { "auth": "${AUTH_B64}" }
}
}
EOF
/kaniko/executor \
--context dir://. \
--dockerfile Dockerfile \
--destination "${IMG}" \
--cache=true \
--cache-ttl=168h \
--snapshot-mode=redo \
--use-new-run
# Deploy só roda em push pra master/main, depois do build OK.
# Usa runner default (node:18-bullseye) — instala kubectl + gke-auth-plugin.
deploy:
runs-on: ubuntu-latest
needs: build
if: github.event_name == 'push'
steps:
- uses: actions/checkout@v4
- name: Install kubectl + gke-auth-plugin
run: |
apt-get update -qq
apt-get install -y -qq apt-transport-https ca-certificates gnupg curl
curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | gpg --dearmor -o /usr/share/keyrings/cloud.google.gpg
echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" > /etc/apt/sources.list.d/google-cloud-sdk.list
apt-get update -qq
apt-get install -y -qq kubectl google-cloud-cli-gke-gcloud-auth-plugin
kubectl version --client=true
- name: Auth GCP
uses: google-github-actions/auth@v2
with:
credentials_json: ${{ secrets.GCP_SA_KEY }}
- name: Setup gcloud
uses: google-github-actions/setup-gcloud@v2
with:
project_id: ${{ secrets.GCP_PROJECT }}
- name: Deploy hml2
env:
USE_GKE_GCLOUD_AUTH_PLUGIN: "True"
run: |
gcloud container clusters get-credentials ${{ secrets.GKE_CLUSTER }} --region ${{ secrets.GKE_REGION }} --project ${{ secrets.GCP_PROJECT }}
NS=${{ secrets.K8S_NAMESPACE }}
# 1) Aplica manifests (idempotente)
if [ -d k8s ]; then
kubectl apply -n "$NS" -f k8s/
fi
# 2) Atualiza imagem
DEPLOYMENT="${{ gitea.event.repository.name }}-deployment"
if kubectl get deployment "$DEPLOYMENT" -n "$NS" >/dev/null 2>&1; then
CONTAINER=$(kubectl get deployment "$DEPLOYMENT" -n "$NS" -o jsonpath='{.spec.template.spec.containers[0].name}')
kubectl set image deployment/"$DEPLOYMENT" -n "$NS" "$CONTAINER=${IMG}"
kubectl rollout status deployment/"$DEPLOYMENT" -n "$NS" --timeout=600s
else
echo "Deployment $DEPLOYMENT não existe — kubectl apply acabou de criar (1º deploy)"
fi
Reference in New Issue View Git Blame Copy Permalink