feat: runtime base image CI, bootstrap token, and deploy plumbing

Add CI step to build cameleer-runtime-base image by downloading the agent shaded JAR from Gitea Maven registry and pushing the image. Wire CAMELEER_AUTH_TOKEN from docker-compose into RuntimeConfig so deployed containers authenticate with cameleer3-server. Add agent.jar to gitignore for local builds. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-07 15:32:42 +02:00
parent 1a0f1e07be
commit 00a3f2fd3f
4 changed files with 18 additions and 1 deletions
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -109,6 +109,21 @@ jobs:
        env:
          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}

+      - name: Build and push runtime base image
+        run: |
+          AGENT_VERSION=$(curl -sf "https://gitea.siegeln.net/api/packages/cameleer/maven/com/cameleer3/cameleer3-agent/1.0-SNAPSHOT/maven-metadata.xml" \
+            | grep -oP '(?<=<value>)[^<]+' | tail -1)
+          curl -sf -o docker/runtime-base/agent.jar \
+            "https://gitea.siegeln.net/api/packages/cameleer/maven/com/cameleer3/cameleer3-agent/1.0-SNAPSHOT/cameleer3-agent-${AGENT_VERSION}-shaded.jar"
+          TAGS="-t gitea.siegeln.net/cameleer/cameleer-runtime-base:${{ github.sha }}"
+          for TAG in $IMAGE_TAGS; do
+            TAGS="$TAGS -t gitea.siegeln.net/cameleer/cameleer-runtime-base:$TAG"
+          done
+          docker buildx build --platform linux/amd64 \
+            $TAGS \
+            --provenance=false \
+            --push docker/runtime-base/
+
      - name: Build and push Logto image
        run: |
          TAGS="-t gitea.siegeln.net/cameleer/cameleer-logto:${{ github.sha }}"
--- a/.gitignore
+++ b/.gitignore
@@ -24,3 +24,4 @@ Thumbs.db

 # Generated by postinstall from @cameleer/design-system
 ui/public/favicon.svg
+docker/runtime-base/agent.jar
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -153,6 +153,7 @@ services:
      LOGTO_M2M_CLIENT_ID: ${LOGTO_M2M_CLIENT_ID:-}
      LOGTO_M2M_CLIENT_SECRET: ${LOGTO_M2M_CLIENT_SECRET:-}
      CAMELEER3_SERVER_ENDPOINT: http://cameleer3-server:8081
+      CAMELEER_AUTH_TOKEN: ${CAMELEER_AUTH_TOKEN:-default-bootstrap-token}
      CLICKHOUSE_URL: jdbc:clickhouse://clickhouse:8123/cameleer
    labels:
      - traefik.enable=true
--- a/src/main/java/net/siegeln/cameleer/saas/deployment/DeploymentService.java
+++ b/src/main/java/net/siegeln/cameleer/saas/deployment/DeploymentService.java
@@ -149,7 +149,7 @@ public class DeploymentService {
                    containerName,
                    runtimeConfig.getDockerNetwork(),
                    Map.of(
-                            "CAMELEER_AUTH_TOKEN", "TODO-api-key",
+                            "CAMELEER_AUTH_TOKEN", runtimeConfig.getBootstrapToken(),
                            "CAMELEER_EXPORT_TYPE", "HTTP",
                            "CAMELEER_EXPORT_ENDPOINT", runtimeConfig.getCameleer3ServerEndpoint(),
                            "CAMELEER_APPLICATION_ID", app.getSlug(),