eb2aec5db5
Some checks failed
Build smtp-relay / build (push) Failing after 1m36s
- Move build.sh to scripts/build.sh (convention from project-template) - Add .gitea/workflows/build.yml: triggers on push to main when Dockerfile or config files change, builds :dev tag via Kaniko - Every push → CI builds harbor.manabo.org/library/smtp-relay:dev → ArgoCD Image Updater detects new digest → deploys to hermes Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
107 lines
3.1 KiB
Bash
107 lines
3.1 KiB
Bash
#!/usr/bin/env bash
|
|
# scripts/build.sh [tag]
|
|
# Empaqueta el contexto, sube a MinIO, lanza Kaniko en-cluster, espera.
|
|
set -euo pipefail
|
|
|
|
TAG="${1:-dev}"
|
|
HARBOR="harbor.manabo.org"
|
|
IMAGE="${HARBOR}/library/smtp-relay:${TAG}"
|
|
BUCKET="kaniko-builds"
|
|
CONTEXT_KEY="smtp-relay/context.tar.gz"
|
|
|
|
echo "==> Building ${IMAGE}"
|
|
|
|
echo "==> Packaging context ..."
|
|
tar -czf /tmp/kaniko-context.tar.gz \
|
|
--exclude='.git' \
|
|
--exclude='scripts' \
|
|
--exclude='.gitea' \
|
|
--exclude='README.md' \
|
|
-C "$(git rev-parse --show-toplevel)" \
|
|
Dockerfile entrypoint.sh main.cf master.cf smtpd.conf
|
|
|
|
echo "==> Uploading to MinIO ..."
|
|
mc cp /tmp/kaniko-context.tar.gz "minio/${BUCKET}/${CONTEXT_KEY}"
|
|
rm /tmp/kaniko-context.tar.gz
|
|
|
|
JOB_NAME="kaniko-smtp-relay-$(date +%s)"
|
|
echo "==> Launching Kaniko job: ${JOB_NAME}"
|
|
|
|
cat <<EOF | kubectl apply -f -
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: ${JOB_NAME}
|
|
namespace: kaniko
|
|
spec:
|
|
backoffLimit: 0
|
|
ttlSecondsAfterFinished: 300
|
|
template:
|
|
spec:
|
|
restartPolicy: Never
|
|
imagePullSecrets:
|
|
- name: harbor-pull-secret
|
|
initContainers:
|
|
- name: fetch-context
|
|
image: harbor.manabo.org/library/minio/mc:RELEASE.2025-08-13T08-35-41Z
|
|
command: ["/bin/sh", "-c"]
|
|
args:
|
|
- |
|
|
mc alias set minio \$MINIO_ENDPOINT \$MC_ACCESS_KEY \$MC_SECRET_KEY --api S3v4 &&
|
|
mc cp minio/${BUCKET}/${CONTEXT_KEY} /context/context.tar.gz
|
|
env:
|
|
- name: MC_ACCESS_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: minio-kaniko-creds
|
|
key: access-key
|
|
- name: MC_SECRET_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: minio-kaniko-creds
|
|
key: secret-key
|
|
- name: MINIO_ENDPOINT
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: minio-kaniko-creds
|
|
key: endpoint
|
|
volumeMounts:
|
|
- name: context
|
|
mountPath: /context
|
|
containers:
|
|
- name: kaniko
|
|
image: harbor.manabo.org/gcr/kaniko-project/executor:v1.23.2
|
|
args:
|
|
- "--context=tar:///context/context.tar.gz"
|
|
- "--destination=${IMAGE}"
|
|
- "--snapshot-mode=redo"
|
|
- "--log-format=text"
|
|
volumeMounts:
|
|
- name: context
|
|
mountPath: /context
|
|
- name: docker-config
|
|
mountPath: /kaniko/.docker/
|
|
volumes:
|
|
- name: context
|
|
emptyDir: {}
|
|
- name: docker-config
|
|
secret:
|
|
secretName: harbor-push-config
|
|
items:
|
|
- key: .dockerconfigjson
|
|
path: config.json
|
|
EOF
|
|
|
|
echo "==> Waiting for build (timeout 10m) ..."
|
|
kubectl wait "job/${JOB_NAME}" -n kaniko \
|
|
--for=condition=complete \
|
|
--timeout=600s || {
|
|
echo "==> Build FAILED. Logs:"
|
|
POD=$(kubectl get pods -n kaniko -l "job-name=${JOB_NAME}" -o name | head -1)
|
|
kubectl logs -n kaniko "$POD" --all-containers
|
|
kubectl delete "job/${JOB_NAME}" -n kaniko --ignore-not-found
|
|
exit 1
|
|
}
|
|
|
|
echo "==> Done: ${IMAGE}"
|