admin/pos-system
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
43f0c794783a212fbdc8a7de05239caa9bcad9da
pos-system/.gitea/workflows/deploy.yaml
Ho Ngoc Hai 43f0c79478
Some checks failed
Build & Deploy to K8s / build-and-deploy (push) Failing after 10s
Details
fix(cicd): use Kaniko Jobs for building Docker images in Gitea Actions 
- Replace docker build with Kaniko Jobs (runner has no Docker daemon)
- Add batch/jobs RBAC for act_runner to create Kaniko Jobs
- Use MinIO ExternalName pointing to existing minio namespace
- Skip build when only K8s configs changed

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-10 20:15:20 +07:00

310 lines
14 KiB
YAML
Raw Blame History

# EN: Build & Deploy GoodGo Platform to K8s staging via Gitea Actions
# VI: Build & Deploy GoodGo Platform len K8s staging qua Gitea Actions
#
# Flow: Push → detect changed services → Kaniko build → push Harbor → kubectl deploy
# Runner: act_runner (host mode, in-cluster kubectl + Kaniko Jobs)
name: Build & Deploy to K8s
on:
push:
branches: [master, main]
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
- name: Clone source from Gitea
run: |
git clone --depth 2 --branch ${{ github.ref_name }} \
https://admin:Velik%402026@gitea.techbi.org/admin/pos-system.git .
- name: Detect changed services
run: |
IMAGE_TAG=$(echo "${{ github.sha }}" | cut -c1-7)
echo "IMAGE_TAG=${IMAGE_TAG}" >> $GITHUB_ENV
CHANGED=$(git diff --name-only HEAD~1 HEAD 2>/dev/null || echo "ALL")
SERVICES=""
check_change() {
local path="$1"
local name="$2"
if echo "$CHANGED" | grep -q "^${path}/" || echo "$CHANGED" | grep -q "ALL"; then
SERVICES="${SERVICES} ${name}"
fi
}
# Core services
check_change "services/iam-service-net" "iam-service"
check_change "services/merchant-service-net" "merchant-service"
check_change "services/order-service-net" "order-service"
check_change "services/fnb-engine-net" "fnb-engine"
check_change "services/catalog-service-net" "catalog-service"
check_change "services/inventory-service-net" "inventory-service"
check_change "services/wallet-service-net" "wallet-service"
check_change "services/storage-service-net" "storage-service"
check_change "services/booking-service-net" "booking-service"
check_change "services/chat-service-net" "chat-service"
check_change "services/social-service-net" "social-service"
check_change "services/promotion-service-net" "promotion-service"
check_change "services/membership-service-net" "membership-service"
check_change "services/mining-service-net" "mining-service"
check_change "services/mission-service-net" "mission-service"
# Ads services
check_change "services/ads-manager-service-net" "ads-manager-service"
check_change "services/ads-serving-service-net" "ads-serving-service"
check_change "services/ads-billing-service-net" "ads-billing-service"
check_change "services/ads-tracking-service-net" "ads-tracking-service"
check_change "services/ads-analytics-service-net" "ads-analytics-service"
# Marketing services
check_change "services/mkt-facebook-service-net" "mkt-facebook-service"
check_change "services/mkt-whatsapp-service-net" "mkt-whatsapp-service"
check_change "services/mkt-x-service-net" "mkt-x-service"
check_change "services/mkt-zalo-service-net" "mkt-zalo-service"
# Frontend
check_change "apps/web-client-tpos-net" "pos-web"
# If K8s configs changed, flag for config deploy
if echo "$CHANGED" | grep -q "^deployments/staging/"; then
SERVICES="${SERVICES} __k8s_config__"
fi
echo "CHANGED_SERVICES=${SERVICES}" >> $GITHUB_ENV
echo "Changed services: ${SERVICES:-none}"
- name: Build and push via Kaniko
run: |
# Filter out __k8s_config__ to get only real services
BUILD_SERVICES=""
for svc in $CHANGED_SERVICES; do
if [ "$svc" != "__k8s_config__" ]; then
BUILD_SERVICES="${BUILD_SERVICES} ${svc}"
fi
done
if [ -z "$BUILD_SERVICES" ]; then
echo "No services to build, skipping"
exit 0
fi
HARBOR="harbor.techbi.org"
PROJECT="goodgo"
GITHUB_REPO="https://github.com/hongochai10/Microservices-Development.git"
BRANCH="${{ github.ref_name }}"
NS="staging"
# Create Harbor docker config secret for Kaniko
kubectl create secret docker-registry kaniko-harbor-secret -n "${NS}" \
--docker-server="${HARBOR}" \
--docker-username="${{ secrets.HARBOR_USERNAME }}" \
--docker-password="${{ secrets.HARBOR_PASSWORD }}" \
--docker-email=admin@techbi.org \
--dry-run=client -o yaml | kubectl apply -f -
get_context() {
case "$1" in
iam-service) echo "services/iam-service-net" ;;
merchant-service) echo "services/merchant-service-net" ;;
order-service) echo "services/order-service-net" ;;
fnb-engine) echo "services/fnb-engine-net" ;;
catalog-service) echo "services/catalog-service-net" ;;
inventory-service) echo "services/inventory-service-net" ;;
wallet-service) echo "services/wallet-service-net" ;;
storage-service) echo "services/storage-service-net" ;;
booking-service) echo "services/booking-service-net" ;;
chat-service) echo "services/chat-service-net" ;;
social-service) echo "services/social-service-net" ;;
promotion-service) echo "services/promotion-service-net" ;;
membership-service) echo "services/membership-service-net" ;;
mining-service) echo "services/mining-service-net" ;;
mission-service) echo "services/mission-service-net" ;;
ads-manager-service) echo "services/ads-manager-service-net" ;;
ads-serving-service) echo "services/ads-serving-service-net" ;;
ads-billing-service) echo "services/ads-billing-service-net" ;;
ads-tracking-service) echo "services/ads-tracking-service-net" ;;
ads-analytics-service) echo "services/ads-analytics-service-net" ;;
mkt-facebook-service) echo "services/mkt-facebook-service-net" ;;
mkt-whatsapp-service) echo "services/mkt-whatsapp-service-net" ;;
mkt-x-service) echo "services/mkt-x-service-net" ;;
mkt-zalo-service) echo "services/mkt-zalo-service-net" ;;
pos-web) echo "apps/web-client-tpos-net" ;;
esac
}
get_image_name() {
case "$1" in
pos-web) echo "web-client-tpos-net" ;;
*) echo "${1}-net" ;;
esac
}
build_with_kaniko() {
local svc="$1"
local context=$(get_context "$svc")
local image_name=$(get_image_name "$svc")
local full_image="${HARBOR}/${PROJECT}/${image_name}"
local job_name="kaniko-build-$(echo ${svc} | tr '_' '-')-${IMAGE_TAG}"
echo "=== Building ${svc} via Kaniko ==="
# Create Kaniko Job
cat <<JOBEOF | kubectl apply -f -
apiVersion: batch/v1
kind: Job
metadata:
name: ${job_name}
namespace: ${NS}
spec:
backoffLimit: 1
ttlSecondsAfterFinished: 300
template:
spec:
containers:
- name: kaniko
image: gcr.io/kaniko-project/executor:latest
args:
- "--dockerfile=Dockerfile"
- "--context=git://${GITHUB_REPO}#refs/heads/${BRANCH}#${context}"
- "--destination=${full_image}:${IMAGE_TAG}"
- "--destination=${full_image}:latest"
- "--cache=true"
- "--cache-repo=${full_image}/cache"
- "--skip-tls-verify"
volumeMounts:
- name: docker-config
mountPath: /kaniko/.docker
resources:
requests:
cpu: 500m
memory: 1Gi
limits:
cpu: "2"
memory: 4Gi
restartPolicy: Never
volumes:
- name: docker-config
secret:
secretName: kaniko-harbor-secret
items:
- key: .dockerconfigjson
path: config.json
JOBEOF
echo "Waiting for Kaniko job ${job_name}..."
kubectl wait --for=condition=complete job/${job_name} -n ${NS} --timeout=600s 2>/dev/null
local result=$?
if [ $result -ne 0 ]; then
echo "ERROR: Kaniko build failed for ${svc}"
kubectl logs job/${job_name} -n ${NS} --tail=30 2>/dev/null
return 1
fi
echo "=== ${svc} built and pushed ==="
}
FAILED=0
for svc in $BUILD_SERVICES; do
if ! build_with_kaniko "$svc"; then
FAILED=$((FAILED + 1))
fi
done
if [ $FAILED -gt 0 ]; then
echo "ERROR: ${FAILED} service(s) failed to build"
exit 1
fi
- name: Deploy to K8s
run: |
if [ -z "$CHANGED_SERVICES" ]; then
echo "No services changed, skipping deploy"
exit 0
fi
HARBOR="harbor.techbi.org"
PROJECT="goodgo"
NS="staging"
# Apply K8s configs if changed
if echo "$CHANGED_SERVICES" | grep -q "__k8s_config__"; then
echo "=== Applying K8s configs ==="
kubectl apply -f deployments/staging/kubernetes/namespace.yaml
kubectl apply -f deployments/staging/kubernetes/configmap.yaml
kubectl apply -f deployments/staging/kubernetes/redis.yaml
kubectl apply -f deployments/staging/kubernetes/rabbitmq.yaml
kubectl apply -f deployments/staging/kubernetes/minio.yaml
kubectl apply -f deployments/staging/kubernetes/ingress.yaml
kubectl apply -f deployments/staging/kubernetes/network-policy.yaml
fi
deploy_service() {
local name="$1"
local image_name="$2"
local manifest="$3"
local image="${HARBOR}/${PROJECT}/${image_name}:${IMAGE_TAG}"
echo "=== Deploying ${name} ==="
kubectl apply -f "deployments/staging/kubernetes/${manifest}"
kubectl set image "deployment/${name}" "${name}=${image}" -n "${NS}"
kubectl patch deployment "${name}" -n "${NS}" \
-p '{"spec":{"template":{"spec":{"imagePullSecrets":[{"name":"harbor-pull-secret"}],"containers":[{"name":"'"${name}"'","imagePullPolicy":"Always"}]}}}}'
}
for svc in $CHANGED_SERVICES; do
case "$svc" in
iam-service) deploy_service "iam-service" "iam-service-net" "iam-service.yaml" ;;
merchant-service) deploy_service "merchant-service" "merchant-service-net" "merchant-service.yaml" ;;
order-service) deploy_service "order-service" "order-service-net" "order-service.yaml" ;;
fnb-engine) deploy_service "fnb-engine" "fnb-engine-net" "fnb-engine.yaml" ;;
catalog-service) deploy_service "catalog-service" "catalog-service-net" "catalog-service.yaml" ;;
inventory-service) deploy_service "inventory-service" "inventory-service-net" "inventory-service.yaml" ;;
wallet-service) deploy_service "wallet-service" "wallet-service-net" "wallet-service.yaml" ;;
storage-service) deploy_service "storage-service" "storage-service-net" "storage-service.yaml" ;;
booking-service) deploy_service "booking-service" "booking-service-net" "booking-service.yaml" ;;
chat-service) deploy_service "chat-service" "chat-service-net" "chat-service.yaml" ;;
social-service) deploy_service "social-service" "social-service-net" "social-service.yaml" ;;
promotion-service) deploy_service "promotion-service" "promotion-service-net" "promotion-service.yaml" ;;
membership-service) deploy_service "membership-service" "membership-service-net" "membership-service.yaml" ;;
mining-service) deploy_service "mining-service" "mining-service-net" "mining-service.yaml" ;;
mission-service) deploy_service "mission-service" "mission-service-net" "mission-service.yaml" ;;
ads-manager-service) deploy_service "ads-manager-service" "ads-manager-service-net" "ads-manager-service.yaml" ;;
ads-serving-service) deploy_service "ads-serving-service" "ads-serving-service-net" "ads-serving-service.yaml" ;;
ads-billing-service) deploy_service "ads-billing-service" "ads-billing-service-net" "ads-billing-service.yaml" ;;
ads-tracking-service) deploy_service "ads-tracking-service" "ads-tracking-service-net" "ads-tracking-service.yaml" ;;
ads-analytics-service) deploy_service "ads-analytics-service" "ads-analytics-service-net" "ads-analytics-service.yaml" ;;
mkt-facebook-service) deploy_service "mkt-facebook-service" "mkt-facebook-service-net" "mkt-facebook-service.yaml" ;;
mkt-whatsapp-service) deploy_service "mkt-whatsapp-service" "mkt-whatsapp-service-net" "mkt-whatsapp-service.yaml" ;;
mkt-x-service) deploy_service "mkt-x-service" "mkt-x-service-net" "mkt-x-service.yaml" ;;
mkt-zalo-service) deploy_service "mkt-zalo-service" "mkt-zalo-service-net" "mkt-zalo-service.yaml" ;;
pos-web) deploy_service "pos-web" "web-client-tpos-net" "pos-web.yaml" ;;
esac
done
# Wait for rollouts
FAILED=0
for svc in $CHANGED_SERVICES; do
if [ "$svc" = "__k8s_config__" ]; then continue; fi
echo "Waiting for ${svc}..."
if ! kubectl rollout status "deployment/${svc}" -n "${NS}" --timeout=180s 2>/dev/null; then
echo "WARNING: ${svc} rollout did not complete"
FAILED=$((FAILED + 1))
fi
done
echo ""
echo "=== Deployment Summary ==="
kubectl get pods -n "${NS}" -o wide
echo ""
kubectl get svc -n "${NS}"
if [ $FAILED -gt 0 ]; then
echo "WARNING: ${FAILED} service(s) did not complete rollout"
exit 1
fi
Reference in New Issue View Git Blame Copy Permalink