feat: CI/CD workflow, Dockerfile, and K8s deployment

- Multi-stage Dockerfile (Maven + Node build, JRE runtime) - Gitea Actions CI: build → docker → deploy - K8s manifests: Deployment, Service (NodePort 30082), Ingress - ServiceAccount + RBAC for kubectl access from pod - Docker socket mount for image builds - Ingress at deploy.cameleer.siegeln.net - SPA config for serving frontend from Spring Boot - cameleer-demo namespace for deployed apps Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-03 09:44:49 +02:00
parent 5ed0d80695
commit 5bbec1e52a
4 changed files with 309 additions and 0 deletions
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -0,0 +1,114 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    container:
+      image: gitea.siegeln.net/cameleer/cameleer-build:1
+      credentials:
+        username: cameleer
+        password: ${{ secrets.REGISTRY_TOKEN }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Build UI
+        working-directory: ui
+        run: |
+          echo '//gitea.siegeln.net/api/packages/cameleer/npm/:_authToken=${REGISTRY_TOKEN}' >> .npmrc
+          npm ci
+          npm run build
+        env:
+          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
+
+      - name: Build Backend
+        run: mvn clean package -DskipTests -B
+
+  docker:
+    needs: build
+    runs-on: ubuntu-latest
+    container:
+      image: gitea.siegeln.net/cameleer/cameleer-docker-builder:1
+      credentials:
+        username: cameleer
+        password: ${{ secrets.REGISTRY_TOKEN }}
+    steps:
+      - name: Checkout
+        run: |
+          git clone --depth=1 --branch=${GITHUB_REF_NAME} https://cameleer:${REGISTRY_TOKEN}@gitea.siegeln.net/${GITHUB_REPOSITORY}.git .
+        env:
+          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
+
+      - name: Login to registry
+        run: echo "$REGISTRY_TOKEN" | docker login gitea.siegeln.net -u cameleer --password-stdin
+        env:
+          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
+
+      - name: Set up QEMU
+        run: docker run --rm --privileged gitea.siegeln.net/cameleer/binfmt:1 --install all
+
+      - name: Build and push
+        run: |
+          docker buildx create --use --name cibuilder
+          docker buildx build --platform linux/amd64 \
+            --build-arg REGISTRY_TOKEN="$REGISTRY_TOKEN" \
+            -t gitea.siegeln.net/cameleer/cameleer-deploy-demo:${{ github.sha }} \
+            -t gitea.siegeln.net/cameleer/cameleer-deploy-demo:latest \
+            --cache-from type=registry,ref=gitea.siegeln.net/cameleer/cameleer-deploy-demo:buildcache \
+            --cache-to type=registry,ref=gitea.siegeln.net/cameleer/cameleer-deploy-demo:buildcache,mode=max \
+            --provenance=false \
+            --push .
+        env:
+          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
+
+      - name: Cleanup
+        run: docker system prune -af --filter "until=24h"
+        if: always()
+
+  deploy:
+    needs: docker
+    runs-on: ubuntu-latest
+    container:
+      image: alpine/k8s:1.32.3
+    steps:
+      - name: Checkout
+        run: |
+          git clone --depth=1 --branch=${GITHUB_REF_NAME} https://cameleer:${REGISTRY_TOKEN}@gitea.siegeln.net/${GITHUB_REPOSITORY}.git .
+        env:
+          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
+
+      - name: Configure kubectl
+        run: |
+          mkdir -p ~/.kube
+          echo "$KUBECONFIG_B64" | base64 -d > ~/.kube/config
+        env:
+          KUBECONFIG_B64: ${{ secrets.KUBECONFIG_BASE64 }}
+
+      - name: Create deployer kubeconfig secret
+        run: |
+          kubectl create secret generic deployer-kubeconfig \
+            --namespace=cameleer \
+            --from-literal=config="$(echo "$KUBECONFIG_B64" | base64 -d)" \
+            --dry-run=client -o yaml | kubectl apply -f -
+        env:
+          KUBECONFIG_B64: ${{ secrets.KUBECONFIG_BASE64 }}
+
+      - name: Deploy
+        run: |
+          kubectl apply -f deploy/deploy-demo.yaml
+
+          kubectl -n cameleer set image deployment/cameleer-deploy-demo \
+            deploy-demo=gitea.siegeln.net/cameleer/cameleer-deploy-demo:${{ github.sha }}
+
+          kubectl -n cameleer rollout status deployment/cameleer-deploy-demo --timeout=120s
+
+      - name: Print URL
+        run: |
+          echo "===================================="
+          echo "Deploy Demo available at:"
+          echo "http://deploy.cameleer.siegeln.net"
+          echo "http://192.168.50.86:30082"
+          echo "===================================="