diff --git a/.claude/rules/cicd.md b/.claude/rules/cicd.md index 176d7e3b..d0111db8 100644 --- a/.claude/rules/cicd.md +++ b/.claude/rules/cicd.md @@ -16,6 +16,7 @@ paths: - Docker: multi-stage build (`Dockerfile`), `$BUILDPLATFORM` for native Maven on ARM64 runner, amd64 runtime. `docker-entrypoint.sh` imports `/certs/ca.pem` into JVM truststore before starting the app (supports custom CAs for OIDC discovery without `CAMELEER_SERVER_SECURITY_OIDCTLSSKIPVERIFY`). - `REGISTRY_TOKEN` build arg required for `cameleer-common` dependency resolution - Registry: `gitea.siegeln.net/cameleer/cameleer-server` (container images) +- `cameleer-runtime-loader` image (init container that fetches the deployable JAR before the runtime container starts) is built and pushed by the same `docker` job, but only when files under `cameleer-runtime-loader/` actually changed in the push. Detection runs in the `build` job (`Detect runtime-loader changes` step, diffs `${{ github.event.before }}..${{ github.sha }}`) and is exposed as the `loader_changed` job output. The loader build step uses `if: needs.build.outputs.loader_changed == 'true'`. Build job's checkout uses `fetch-depth: 0` so the diff has access to the prior commit. - K8s manifests in `deploy/` — Kustomize base + overlays (main/feature), shared infra (PostgreSQL, ClickHouse, Logto) as top-level manifests - Deployment target: k3s at 192.168.50.86, namespace `cameleer` (main), `cam-` (feature branches) - Feature branches: isolated namespace, PG schema; Traefik Ingress at `-api.cameleer.siegeln.net` diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 430654f5..e8140eb1 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -30,8 +30,29 @@ jobs: credentials: username: cameleer password: ${{ secrets.REGISTRY_TOKEN }} + outputs: + loader_changed: ${{ steps.loader_changed.outputs.changed }} steps: - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Detect runtime-loader changes + id: loader_changed + run: | + BEFORE="${{ github.event.before }}" + if [ -z "$BEFORE" ] \ + || [ "$BEFORE" = "0000000000000000000000000000000000000000" ] \ + || ! git cat-file -e "$BEFORE^{commit}" 2>/dev/null; then + echo "No prior commit available — assuming loader changed." + echo "changed=true" >> "$GITHUB_OUTPUT" + elif git diff --name-only "$BEFORE" "${{ github.sha }}" | grep -q '^cameleer-runtime-loader/'; then + echo "cameleer-runtime-loader/ changed since $BEFORE." + echo "changed=true" >> "$GITHUB_OUTPUT" + else + echo "No changes under cameleer-runtime-loader/ — skipping image build." + echo "changed=false" >> "$GITHUB_OUTPUT" + fi - name: Configure Gitea Maven Registry run: | @@ -156,6 +177,19 @@ jobs: --push ui/ env: REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }} + - name: Build and push runtime-loader + if: needs.build.outputs.loader_changed == 'true' + run: | + TAGS="-t gitea.siegeln.net/cameleer/cameleer-runtime-loader:${{ github.sha }}" + for TAG in $IMAGE_TAGS; do + TAGS="$TAGS -t gitea.siegeln.net/cameleer/cameleer-runtime-loader:$TAG" + done + docker buildx build --platform linux/amd64 \ + $TAGS \ + --provenance=false \ + --push cameleer-runtime-loader/ + env: + REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }} - name: Cleanup local Docker run: docker system prune -af --filter "until=24h" if: always() @@ -169,7 +203,7 @@ jobs: if [ "$BRANCH_SLUG" != "main" ]; then KEEP_TAGS="$KEEP_TAGS branch-$BRANCH_SLUG" fi - for PKG in cameleer-server cameleer-server-ui; do + for PKG in cameleer-server cameleer-server-ui cameleer-runtime-loader; do curl -sf -H "$AUTH" "$API/packages/cameleer/container/$PKG" | \ jq -r '.[] | "\(.id) \(.version)"' | \ while read id version; do @@ -399,7 +433,7 @@ jobs: run: | API="https://gitea.siegeln.net/api/v1" AUTH="Authorization: token ${REGISTRY_TOKEN}" - for PKG in cameleer-server cameleer-server-ui; do + for PKG in cameleer-server cameleer-server-ui cameleer-runtime-loader; do # Delete branch-specific tag curl -sf -X DELETE -H "$AUTH" "$API/packages/cameleer/container/$PKG/branch-${BRANCH_SLUG}" || true done diff --git a/cameleer-runtime-loader/README.md b/cameleer-runtime-loader/README.md index 137a9852..f7482ecf 100644 --- a/cameleer-runtime-loader/README.md +++ b/cameleer-runtime-loader/README.md @@ -6,6 +6,10 @@ main runtime container starts. Pairs with `DockerRuntimeOrchestrator` / ## Build +CI (`.gitea/workflows/ci.yml`, `docker` job) builds and pushes this image +automatically on pushes that change anything under `cameleer-runtime-loader/`. +Manual build for local testing: + docker build -t gitea.siegeln.net/cameleer/cameleer-runtime-loader: . docker push gitea.siegeln.net/cameleer/cameleer-runtime-loader: