724054296e
The init-container image referenced by DockerRuntimeOrchestrator
(`gitea.siegeln.net/cameleer/cameleer-runtime-loader:latest`) had no CI
producer; it had to be built and pushed by hand. Replicates the
cameleer-saas pattern (single docker job with multiple buildx push
steps), but gates the loader build on a path-diff so unrelated commits
don't rebuild and re-tag a sidecar that didn't change.
- build job: fetch-depth=0 + Detect runtime-loader changes step that
diffs `${{ github.event.before }}..${{ github.sha }}` for paths under
cameleer-runtime-loader/. Falls back to `changed=true` when no prior
commit is reachable (first push to a branch).
- docker job: new `Build and push runtime-loader` step gated on
`needs.build.outputs.loader_changed == 'true'`. Tags with sha and
latest/branch-<slug>, --provenance=false for Gitea, no buildcache
(image is alpine + script).
- Cleanup loops in docker and cleanup-branch jobs include the new
package.
- Rules and loader README updated.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
905 B
905 B
cameleer-runtime-loader
Init container that fetches the deployable JAR into a shared volume before the
main runtime container starts. Pairs with DockerRuntimeOrchestrator /
(future) K8s init-container deploys.
Build
CI (.gitea/workflows/ci.yml, docker job) builds and pushes this image
automatically on pushes that change anything under cameleer-runtime-loader/.
Manual build for local testing:
docker build -t gitea.siegeln.net/cameleer/cameleer-runtime-loader:<tag> .
docker push gitea.siegeln.net/cameleer/cameleer-runtime-loader:<tag>
Contract
- Env:
ARTIFACT_URL(signed download URL),ARTIFACT_EXPECTED_SIZE(bytes). - Volume: writes
/app/jars/app.jar. - Exit 0 on success; non-zero on fetch/size failure.
- Runs as UID 1000 (loader user), drops all caps, read-only rootfs except
/app/jars.
See docs/superpowers/plans/2026-04-27-init-container-jar-fetch.md.