mocode-software/meldestelle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
46d3d7cf35
meldestelle/.gitea/workflows/docker-publish.yaml
StefanMoCoAt 46d3d7cf35
Some checks failed
Build and Publish Docker Images / build-and-push (., backend/services/mail/Dockerfile, mail-service, mail-service) (push) Successful in 6m11s
Details
Build and Publish Docker Images / build-and-push (., config/docker/caddy/web-app/Dockerfile, web-app, web-app) (push) Failing after 4m20s
Details
### chore: aktualisiere Plan-B-Konfiguration und CI-Workflows 
- **dc-planb.yaml:** Passe Ports und füge Zipkin-Deaktivierung hinzu.
- **Docker-Publish:** Ergänze Bereinigung und Sicherheitsprüfung für Web-Assets.
2026-04-23 02:41:57 +02:00

149 lines
5.3 KiB
YAML
Raw Blame History

name: Build and Publish Docker Images
run-name: Build & Publish by @${{ github.actor }}
on:
push:
branches: [ "main" ]
paths:
- 'backend/**'
- 'platform/**'
- 'core/**'
- 'frontend/**'
- 'config/docker/**'
- 'docker-compose.yaml'
- '.gitea/workflows/docker-publish.yaml'
env:
# Interner Registry-Endpunkt: direkter HTTP-Zugriff, umgeht Pangolin-Tunnel komplett
REGISTRY_INTERNAL: 10.0.0.22:3000
IMAGE_PREFIX: mocode-software/meldestelle
JAVA_VERSION: "25"
GRADLE_VERSION: "9.4.0"
KEYCLOAK_IMAGE_TAG: "26.5.5"
# Workers auf 4 limitiert: verhindert OOM auf dem 16GB Runner (VM 102)
GRADLE_OPTS: "-Dorg.gradle.parallel=true -Dorg.gradle.workers.max=4"
JVM_OPTS_ARM64: "-XX:ActiveProcessorCount=8 -XX:+UseZGC -XX:+UseTransparentHugePages"
jobs:
build-and-push:
runs-on: ubuntu-latest
strategy:
fail-fast: false
# max-parallel: 1 → sequenzielle Ausführung verhindert RAM-OOM auf Zora (16GB VM)
max-parallel: 1
matrix:
include:
# Plan-B fokussiert: Nur Mail-Service + Web-App bauen/pushen (beschleunigt CI deutlich)
- service: mail-service
context: .
dockerfile: backend/services/mail/Dockerfile
image: mail-service
- service: web-app
context: .
dockerfile: config/docker/caddy/web-app/Dockerfile
image: web-app
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up JDK ${{ env.JAVA_VERSION }}
uses: actions/setup-java@v4
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: "temurin"
cache: gradle
- name: Setup Gradle Cache
uses: actions/cache@v4
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
restore-keys: |
${{ runner.os }}-gradle-
# Verhindert mysteriöse Build-Fehler durch korrupte Node/Kotlin-Caches (nur web-app relevant)
- name: Cleanup stale build caches
if: matrix.service == 'web-app'
run: |
rm -rf frontend/shells/meldestelle-web/build/js/node_modules/.cache || true
rm -rf frontend/shells/meldestelle-web/build/js/.yarn/cache || true
rm -rf ~/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-compiler-embeddable || true
- name: Build Frontend (Wasm JS)
if: matrix.service == 'web-app'
run: |
chmod +x gradlew
# Zuerst ALLES löschen, um Stand vom März zu eliminieren
./gradlew :frontend:shells:meldestelle-web:clean
# Neu bauen mit explizitem Production-Flag
./gradlew :frontend:shells:meldestelle-web:wasmJsBrowserDistribution \
-Pproduction=true \
--max-workers=4 \
-Dkotlin.daemon.jvm.options="-Xmx4g"
- name: Stage Web Assets for Docker build
if: matrix.service == 'web-app'
run: |
set -e
DIST_DIR="frontend/shells/meldestelle-web/build/dist/wasmJs/productionExecutable"
# Sicherheitscheck: Wenn die index.html älter als 5 Minuten ist, Build abbrechen
if [ $(find "$DIST_DIR/index.html" -mmin +5) ]; then
echo "❌ FEHLER: Build-Artefakte sind veraltet! März-Leiche erkannt."
exit 1
fi
mkdir -p config/docker/caddy/web-app/_site
rsync -a --delete "$DIST_DIR/" config/docker/caddy/web-app/_site/
echo "✓ Frische Assets vom $(date) gestaged."
# NEU (sauber, nach daemon.json-Fix):
- name: Login to Gitea Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY_INTERNAL }}
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_TOKEN }}
# BuildKit-Instanz mit HTTP-Unterstützung für die interne Registry konfigurieren.
# KEIN sudo, KEIN systemctl, KEIN Neustart — rein konfigurativ.
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
config-inline: |
[registry."10.0.0.22:3000"]
http = true
insecure = true
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY_INTERNAL }}/${{ env.IMAGE_PREFIX }}/${{ matrix.image }}
tags: |
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
type=sha,format=long
- name: Build and push Docker image
uses: docker/build-push-action@v6
with:
context: ${{ matrix.context }}
file: ${{ matrix.dockerfile }}
push: true
platforms: linux/arm64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
provenance: false
sbom: false
build-args: |
DOCKER_BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
VERSION=${{ github.sha }}
GRADLE_VERSION=${{ env.GRADLE_VERSION }}
JAVA_VERSION=${{ env.JAVA_VERSION }}
KEYCLOAK_IMAGE_TAG=${{ env.KEYCLOAK_IMAGE_TAG }}
JVM_OPTS_APPEND=${{ env.JVM_OPTS_ARM64 }}
Reference in New Issue View Git Blame Copy Permalink