Oleks
67b07634ae
- app/: Emdash scaffold (Astro 6, node target) with cmses/plugins/pages collections - app/seed/seed.json: WordPress→Emdash parity for kotkanagrilli.fi (~30 entries) - Dockerfile + docker/entrypoint.sh: multi-stage build, single PVC at /app/state - deploy/helm/: chart mirroring emdash-kotkanagrilli (single-replica, sqlite, kotkan) - deploy/fleet-overlay/: HelmRelease/source/image-automation templates for anton-helm-workloads (staging + production) - .woodpecker/container.yaml: arm64 build, three OCI tags per push (immutable 0.1.<pipeline> + floating <branch> + <branch>-latest) - .ddev/: local dev with nginx proxy to emdash on :4321 - README/DEPLOYMENT/ARCHITECTURE/CLAUDE: docs covering the three-repo pipeline (cms-plugins + anton-helm-workloads + Gitea OCI registry)
79 lines
2.4 KiB
YAML
79 lines
2.4 KiB
YAML
---
|
|
# Watch the Gitea OCI registry for the floating `production` tag. Every
|
|
# push to the production branch retags the new image as `production`,
|
|
# overwriting the previous binding (OCI tag→manifest is single-valued).
|
|
# The image's immutable `0.1.<N>` tag stays in the registry as audit.
|
|
apiVersion: image.toolkit.fluxcd.io/v1
|
|
kind: ImageRepository
|
|
metadata:
|
|
name: cms-plugins-production
|
|
namespace: kotkan
|
|
spec:
|
|
image: git.oleks.space/oleks/cms-plugins
|
|
interval: 1m
|
|
secretRef:
|
|
name: gitea-registry-creds
|
|
---
|
|
# Only the `production` floating tag is in scope. There's at most one
|
|
# match at a time, so alphabetical ordering is a no-op — the policy
|
|
# just resolves to that single tag's current digest.
|
|
apiVersion: image.toolkit.fluxcd.io/v1
|
|
kind: ImagePolicy
|
|
metadata:
|
|
name: cms-plugins-production
|
|
namespace: kotkan
|
|
spec:
|
|
interval: 1m
|
|
imageRepositoryRef:
|
|
name: cms-plugins-production
|
|
filterTags:
|
|
pattern: '^production$'
|
|
# Extract and reflect the resolved digest into helmrelease.yaml.
|
|
# This enables IUA to pin by digest, which makes helm upgrade detect
|
|
# changes when the floating tag is reassigned.
|
|
digestReflectionPolicy: Always
|
|
policy:
|
|
alphabetical:
|
|
order: asc
|
|
---
|
|
# IUA writes the resolved digest into helmrelease.yaml — pinning by
|
|
# digest is what makes `helm upgrade` see a change when the floating
|
|
# tag is reassigned (without digest, tag stays `production` literal and
|
|
# helm upgrade is a no-op).
|
|
#
|
|
# NOTE: `sourceRef` must reference a GitRepository that points at
|
|
# THIS workloads repo (anton-helm-workloads) with write access. If it
|
|
# doesn't exist yet, create one alongside this manifest. The
|
|
# emdash-kotkanagrilli equivalent uses `oleks-fleet-image-automation`
|
|
# because its HelmReleases live in the fleet repo.
|
|
apiVersion: image.toolkit.fluxcd.io/v1
|
|
kind: ImageUpdateAutomation
|
|
metadata:
|
|
name: cms-plugins-production
|
|
namespace: kotkan
|
|
spec:
|
|
interval: 1m
|
|
sourceRef:
|
|
kind: GitRepository
|
|
name: anton-workloads-image-automation
|
|
namespace: flux-system
|
|
git:
|
|
checkout:
|
|
ref:
|
|
branch: main
|
|
commit:
|
|
author:
|
|
email: flux-bot@oleks.space
|
|
name: flux-bot
|
|
messageTemplate: |
|
|
chore(cms-plugins-production): pin new digest
|
|
Files:
|
|
{{ range $filename, $_ := .Changed.FileChanges -}}
|
|
- {{ $filename }}
|
|
{{ end -}}
|
|
push:
|
|
branch: main
|
|
update:
|
|
path: ./cms-plugins-production
|
|
strategy: Setters
|