cameleer/cameleer-server
1
0
Fork 0
Code Issues 45 Pull Requests Actions Packages Projects Releases Wiki Activity

ci(loader): build & push cameleer-runtime-loader image only when its sources change
All checks were successful
CI / cleanup-branch (push) Has been skipped
Details
CI / build (push) Successful in 3m24s
Details
CI / docker (push) Successful in 2m28s
Details
CI / deploy-feature (push) Has been skipped
Details
CI / deploy (push) Successful in 48s
Details

Browse Source 
The init-container image referenced by DockerRuntimeOrchestrator
(`gitea.siegeln.net/cameleer/cameleer-runtime-loader:latest`) had no CI
producer; it had to be built and pushed by hand. Replicates the
cameleer-saas pattern (single docker job with multiple buildx push
steps), but gates the loader build on a path-diff so unrelated commits
don't rebuild and re-tag a sidecar that didn't change.

- build job: fetch-depth=0 + Detect runtime-loader changes step that
  diffs `${{ github.event.before }}..${{ github.sha }}` for paths under
  cameleer-runtime-loader/. Falls back to `changed=true` when no prior
  commit is reachable (first push to a branch).
- docker job: new `Build and push runtime-loader` step gated on
  `needs.build.outputs.loader_changed == 'true'`. Tags with sha and
  latest/branch-<slug>, --provenance=false for Gitea, no buildcache
  (image is alpine + script).
- Cleanup loops in docker and cleanup-branch jobs include the new
  package.
- Rules and loader README updated.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-04-27 23:13:25 +02:00
parent f772e868e6
commit 724054296e
3 changed files with 41 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.claude/rules/cicd.md
View File

@@ -16,6 +16,7 @@ paths:
- Docker: multi-stage build (`Dockerfile`), `$BUILDPLATFORM` for native Maven on ARM64 runner, amd64 runtime. `docker-entrypoint.sh` imports `/certs/ca.pem` into JVM truststore before starting the app (supports custom CAs for OIDC discovery without `CAMELEER_SERVER_SECURITY_OIDCTLSSKIPVERIFY`).
- `REGISTRY_TOKEN` build arg required for `cameleer-common` dependency resolution
- Registry: `gitea.siegeln.net/cameleer/cameleer-server` (container images)
- `cameleer-runtime-loader` image (init container that fetches the deployable JAR before the runtime container starts) is built and pushed by the same `docker` job, but only when files under `cameleer-runtime-loader/` actually changed in the push. Detection runs in the `build` job (`Detect runtime-loader changes` step, diffs `${{ github.event.before }}..${{ github.sha }}`) and is exposed as the `loader_changed` job output. The loader build step uses `if: needs.build.outputs.loader_changed == 'true'`. Build job's checkout uses `fetch-depth: 0` so the diff has access to the prior commit.
- K8s manifests in `deploy/` — Kustomize base + overlays (main/feature), shared infra (PostgreSQL, ClickHouse, Logto) as top-level manifests
- Deployment target: k3s at 192.168.50.86, namespace `cameleer` (main), `cam-<slug>` (feature branches)
- Feature branches: isolated namespace, PG schema; Traefik Ingress at `<slug>-api.cameleer.siegeln.net`