claw
24d0ab736c
- Change ingressClassName from nginx to traefik - Replace nginx configuration-snippet annotations with Traefik router annotations - Extract security headers into dedicated Traefik Middleware CRD - Update CI/CD pipeline to apply middleware manifest - Document migration decision and deployment steps in README ADR-002: Ingress Controller Migration (nginx → Traefik) Migration strategy: in-place update
90 lines
2.5 KiB
YAML
90 lines
2.5 KiB
YAML
name: Build and Deploy
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
branches: [main]
|
|
|
|
env:
|
|
REGISTRY: registry.claw.jopdorp.nl
|
|
IMAGE_NAME: signalledger
|
|
NAMESPACE: openclaw-private
|
|
|
|
jobs:
|
|
build-and-test:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Node
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: '22'
|
|
cache: 'npm'
|
|
|
|
- name: Install dependencies
|
|
run: npm ci
|
|
|
|
- name: Run tests
|
|
run: npm test
|
|
|
|
- name: Build site
|
|
run: npm run build
|
|
|
|
- name: Upload build artifact
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: dist
|
|
path: dist/
|
|
|
|
build-image:
|
|
runs-on: ubuntu-latest
|
|
needs: build-and-test
|
|
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Log in to registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ${{ env.REGISTRY }}
|
|
username: ${{ gitea.actor }}
|
|
password: ${{ secrets.REGISTRY_TOKEN }}
|
|
|
|
- name: Build and push Docker image
|
|
run: |
|
|
IMAGE_TAG=sha-$(git rev-parse --short HEAD)
|
|
docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:$IMAGE_TAG .
|
|
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:$IMAGE_TAG
|
|
docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:$IMAGE_TAG ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
|
|
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
|
|
|
|
deploy:
|
|
runs-on: ubuntu-latest
|
|
needs: build-image
|
|
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up kubectl
|
|
uses: tale/kubectl-action@v1
|
|
with:
|
|
base64-kube-config: ${{ secrets.KUBECONFIG_BASE64 }}
|
|
|
|
- name: Update image tag in manifest
|
|
run: |
|
|
sed -i "s|image: .*signalledger.*|image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:sha-$(git rev-parse --short HEAD)|" k8s/deployment.yaml
|
|
|
|
- name: Apply Kubernetes manifests
|
|
run: |
|
|
kubectl apply -f k8s/namespace.yaml
|
|
kubectl apply -f k8s/middleware.yaml
|
|
kubectl apply -f k8s/deployment.yaml
|
|
kubectl apply -f k8s/service.yaml
|
|
kubectl apply -f k8s/ingress.yaml
|
|
kubectl rollout status deployment/signalledger -n ${{ env.NAMESPACE }} --timeout=120s
|