vikingowl
2f885c3ca7
Some checks failed
ci/someci/push/woodpecker Pipeline failed
Static site served via nginx-unprivileged on ITSH cloud (tenant-2). Pipeline: lint → docker build+push to somegit.dev → helm deploy. Includes HTTPRoute with TLS, HTTP→HTTPS redirect, health probes, and hardened security context.
48 lines
1.1 KiB
YAML
48 lines
1.1 KiB
YAML
when:
|
|
- event: [push, pull_request]
|
|
|
|
steps:
|
|
lint:
|
|
image: node:24-alpine
|
|
commands:
|
|
- npm ci
|
|
- npx prettier --check .
|
|
- npx svelte-kit sync && npx svelte-check --tsconfig ./tsconfig.json
|
|
when:
|
|
- event: [push, pull_request]
|
|
|
|
docker:
|
|
image: woodpeckerci/plugin-docker-buildx:6
|
|
settings:
|
|
repo: somegit.dev/nachtigall.dev/nachtigall.dev
|
|
tags:
|
|
- '${CI_COMMIT_SHA:0:8}'
|
|
dockerfile: Dockerfile
|
|
registry: somegit.dev
|
|
username:
|
|
from_secret: registry_user
|
|
password:
|
|
from_secret: registry_password
|
|
when:
|
|
- event: push
|
|
branch: main
|
|
|
|
deploy:
|
|
image: alpine/helm:4.1
|
|
environment:
|
|
KUBECONFIG_DATA:
|
|
from_secret: kubeconfig
|
|
commands:
|
|
- mkdir -p ~/.kube
|
|
- echo "$KUBECONFIG_DATA" > ~/.kube/config
|
|
- chmod 600 ~/.kube/config
|
|
- |
|
|
helm upgrade --install nachtigall-dev ./deploy/helm/ \
|
|
--namespace tenant-2 \
|
|
--set image.tag="${CI_COMMIT_SHA:0:8}" \
|
|
--atomic \
|
|
--timeout 5m
|
|
when:
|
|
- event: push
|
|
branch: main
|