Add Docker build, K8s manifests, and CI/CD deploy pipeline

- Dockerfile: multi-stage build with $BUILDPLATFORM for native Maven builds on ARM64 runners, amd64 runtime target. Passes REGISTRY_TOKEN build arg for cameleer3-common dependency resolution. - K8s manifests: ClickHouse StatefulSet with init scripts ConfigMap, server Deployment + NodePort (30081) - CI: docker job (QEMU + buildx cross-compile, registry cache, provenance=false, old image cleanup) + deploy job (kubectl) - .dockerignore for build context optimization Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-12 19:01:23 +01:00
parent f9a35e1627
commit c228c3201b
5 changed files with 348 additions and 0 deletions
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -3,6 +3,8 @@ name: CI
 on:
  push:
    branches: [main]
+    tags-ignore:
+      - 'v*'
  pull_request:
    branches: [main]

@@ -12,6 +14,10 @@ jobs:
    container:
      image: maven:3.9-eclipse-temurin-17
    steps:
+      - name: Install Node.js
+        run: |
+          apt-get update && apt-get install -y nodejs
+
      - uses: actions/checkout@v4

      - name: Configure Gitea Maven Registry
@@ -40,3 +46,101 @@ jobs:

      - name: Build and Test
        run: mvn clean verify --batch-mode
+
+  docker:
+    needs: build
+    runs-on: ubuntu-latest
+    if: github.ref == 'refs/heads/main'
+    container:
+      image: docker:27
+    steps:
+      - name: Checkout
+        run: |
+          apk add --no-cache git
+          git clone --depth=1 --branch=${GITHUB_REF_NAME} https://cameleer:${REGISTRY_TOKEN}@gitea.siegeln.net/${GITHUB_REPOSITORY}.git .
+        env:
+          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
+      - name: Login to registry
+        run: echo "$REGISTRY_TOKEN" | docker login gitea.siegeln.net -u cameleer --password-stdin
+        env:
+          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
+      - name: Set up QEMU for cross-platform builds
+        run: docker run --rm --privileged tonistiigi/binfmt --install all
+      - name: Build and push
+        run: |
+          docker buildx create --use --name cibuilder
+          docker buildx build --platform linux/amd64 \
+            --build-arg REGISTRY_TOKEN="$REGISTRY_TOKEN" \
+            -t gitea.siegeln.net/cameleer/cameleer3-server:${{ github.sha }} \
+            -t gitea.siegeln.net/cameleer/cameleer3-server:latest \
+            --cache-from type=registry,ref=gitea.siegeln.net/cameleer/cameleer3-server:buildcache \
+            --cache-to type=registry,ref=gitea.siegeln.net/cameleer/cameleer3-server:buildcache,mode=max \
+            --provenance=false \
+            --push .
+        env:
+          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
+      - name: Cleanup local Docker
+        run: docker system prune -af --filter "until=24h"
+        if: always()
+      - name: Cleanup old container images
+        run: |
+          apk add --no-cache curl jq
+          API="https://gitea.siegeln.net/api/v1"
+          AUTH="Authorization: token ${REGISTRY_TOKEN}"
+          CURRENT_SHA="${{ github.sha }}"
+          curl -sf -H "$AUTH" "$API/packages/cameleer/container/cameleer3-server" | \
+            jq -r '.[] | "\(.id) \(.version)"' | \
+            while read id version; do
+              if [ "$version" != "latest" ] && [ "$version" != "$CURRENT_SHA" ]; then
+                echo "Deleting old image tag: $version"
+                curl -sf -X DELETE -H "$AUTH" "$API/packages/cameleer/container/cameleer3-server/$version"
+              fi
+            done
+        env:
+          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
+        if: always()
+
+  deploy:
+    needs: docker
+    runs-on: ubuntu-latest
+    if: github.ref == 'refs/heads/main'
+    container:
+      image: bitnami/kubectl:latest
+    steps:
+      - name: Checkout
+        run: |
+          git clone --depth=1 --branch=${GITHUB_REF_NAME} https://cameleer:${REGISTRY_TOKEN}@gitea.siegeln.net/${GITHUB_REPOSITORY}.git .
+        env:
+          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
+      - name: Configure kubectl
+        run: |
+          mkdir -p ~/.kube
+          echo "$KUBECONFIG_B64" | base64 -d > ~/.kube/config
+        env:
+          KUBECONFIG_B64: ${{ secrets.KUBECONFIG_BASE64 }}
+      - name: Deploy
+        run: |
+          kubectl create namespace cameleer --dry-run=client -o yaml | kubectl apply -f -
+
+          kubectl create secret docker-registry gitea-registry \
+            --namespace=cameleer \
+            --docker-server=gitea.siegeln.net \
+            --docker-username=cameleer \
+            --docker-password="$REGISTRY_TOKEN" \
+            --dry-run=client -o yaml | kubectl apply -f -
+
+          kubectl create secret generic cameleer-auth \
+            --namespace=cameleer \
+            --from-literal=CAMELEER_AUTH_TOKEN="$CAMELEER_AUTH_TOKEN" \
+            --dry-run=client -o yaml | kubectl apply -f -
+
+          kubectl apply -f deploy/clickhouse.yaml
+          kubectl -n cameleer rollout status statefulset/clickhouse --timeout=120s
+
+          kubectl apply -f deploy/server.yaml
+          kubectl -n cameleer set image deployment/cameleer3-server \
+            server=gitea.siegeln.net/cameleer/cameleer3-server:${{ github.sha }}
+          kubectl -n cameleer rollout status deployment/cameleer3-server --timeout=120s
+        env:
+          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
+          CAMELEER_AUTH_TOKEN: ${{ secrets.CAMELEER_AUTH_TOKEN }}