ZB-Server/it232Abschied
Private
Public Access
1
0
Fork 0
Code Packages Activity

add domain "escape-from-school.de"
All checks were successful
Dynamic Branch Deploy / build-and-deploy (push) Successful in 1m10s

Browse Source
This commit is contained in:
Sebastian Unterschütz
2025-11-26 19:20:39 +01:00
parent fd2b6f00ff
commit e9595b49b1
2 changed files with 39 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
.github/workflows/deploy.yaml vendored
View File

@@ -3,7 +3,8 @@ on: [push]
env: env:
REGISTRY: git.zb-server.de REGISTRY: git.zb-server.de
BASE_DOMAIN: zb-server.de # WICHTIG: Deine echte Haupt-Domain
BASE_DOMAIN: escape-from-school.de
jobs: jobs:
build-and-deploy: build-and-deploy:
@@ -13,30 +14,44 @@ jobs:
- name: Checkout Code - name: Checkout Code
uses: actions/checkout@v3 uses: actions/checkout@v3
# 2. Variablen vorbereiten (VEREINFACHT & KORRIGIERT) # 2. Variablen vorbereiten (MIT HAUPT-DOMAIN LOGIK)
- name: Prepare Environment Variables - name: Prepare Environment Variables
id: prep id: prep
run: | run: |
# Wir nehmen einfach den vollen Repo-Namen (z.B. "User/Repo") und machen ihn klein # 1. Repo und Branch Namen säubern
# Das ist sicherer als cut und owner einzeln zu holen # Voller Pfad für Docker Image (z.B. "user/escape-teacher")
FULL_IMAGE_PATH=$(echo "${{ gitea.repository }}" | tr '[:upper:]' '[:lower:]') FULL_IMAGE_PATH=$(echo "${{ gitea.repository }}" | tr '[:upper:]' '[:lower:]')
# Repo Name für K8s (nur der Teil nach dem /) # Nur der Projektname für K8s (z.B. "escape-teacher")
REPO_LOWER=$(echo "$FULL_IMAGE_PATH" | cut -d'/' -f2) REPO_LOWER=$(echo "$FULL_IMAGE_PATH" | cut -d'/' -f2)
# Branch Name säubern # Branch Name säubern (Sonderzeichen zu Bindestrichen)
BRANCH_LOWER=$(echo "${{ gitea.ref_name }}" | tr '[:upper:]' '[:lower:]' | sed 's/[^a-z0-9-]/-/g') BRANCH_LOWER=$(echo "${{ gitea.ref_name }}" | tr '[:upper:]' '[:lower:]' | sed 's/[^a-z0-9-]/-/g')
# Namespace und URL bauen # 2. Logik: Ist es der Haupt-Branch?
TARGET_NS="${REPO_LOWER}-${BRANCH_LOWER}" if [ "$BRANCH_LOWER" = "main" ] || [ "$BRANCH_LOWER" = "master" ]; then
APP_URL="${TARGET_NS}.${{ env.BASE_DOMAIN }}" # PRODUKTION:
# URL ist direkt die Domain (ohne Subdomain)
APP_URL="${{ env.BASE_DOMAIN }}"
# Namespace ist nur der Projektname (ohne Branch-Suffix)
TARGET_NS="${REPO_LOWER}"
echo "Mode: PRODUCTION (Root Domain)"
else
# ENTWICKLUNG:
# URL ist repo-branch.domain.de
APP_URL="${REPO_LOWER}-${BRANCH_LOWER}.${{ env.BASE_DOMAIN }}"
# Namespace ist repo-branch
TARGET_NS="${REPO_LOWER}-${BRANCH_LOWER}"
echo "Mode: DEVELOPMENT (Subdomain)"
fi
# Image Tag (Commit Hash) # Image Tag (Commit Hash)
IMAGE_TAG="${{ gitea.sha }}" IMAGE_TAG="${{ gitea.sha }}"
# Debug Ausgabe (damit du siehst, ob es geklappt hat) # Debug Ausgabe
echo "DEBUG: Image Path is: $FULL_IMAGE_PATH" echo "DEBUG: Branch: $BRANCH_LOWER"
echo "DEBUG: Target NS is: $TARGET_NS" echo "DEBUG: Namespace: $TARGET_NS"
echo "DEBUG: URL: $APP_URL"
# In Gitea Actions Environment schreiben # In Gitea Actions Environment schreiben
echo "FULL_IMAGE_PATH=$FULL_IMAGE_PATH" >> $GITHUB_ENV echo "FULL_IMAGE_PATH=$FULL_IMAGE_PATH" >> $GITHUB_ENV
@@ -45,20 +60,16 @@ jobs:
echo "APP_URL=$APP_URL" >> $GITHUB_ENV echo "APP_URL=$APP_URL" >> $GITHUB_ENV
echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV
# 3. Kaniko Build (Mit DEBUG Fix) # 3. Kaniko Build
- name: Build and Push with Kaniko - name: Build and Push with Kaniko
uses: aevea/action-kaniko@v0.12.0 uses: aevea/action-kaniko@v0.12.0
with: with:
registry: ${{ env.REGISTRY }} registry: ${{ env.REGISTRY }}
# username/password werden oft nicht gebraucht, wenn Gitea Actions Runner
# im selben Netzwerk ist, aber sicher ist sicher:
username: ${{ gitea.actor }} username: ${{ gitea.actor }}
password: ${{ secrets.PACKAGE_TOKEN }} password: ${{ secrets.PACKAGE_TOKEN }}
# Hier war der Fehler: Wir nutzen jetzt die vereinfachte Variable
image: ${{ env.FULL_IMAGE_PATH }} image: ${{ env.FULL_IMAGE_PATH }}
tag: ${{ env.IMAGE_TAG }} tag: ${{ env.IMAGE_TAG }}
cache: true cache: true
# WICHTIG bei selbst-signierten oder internen Gitea Instanzen:
extra_args: --skip-tls-verify-pull --insecure extra_args: --skip-tls-verify-pull --insecure
# 4. Setup Kubectl (Interner Trick) # 4. Setup Kubectl (Interner Trick)
@@ -72,24 +83,23 @@ jobs:
echo "${{ secrets.KUBE_CONFIG }}" > $HOME/.kube/config echo "${{ secrets.KUBE_CONFIG }}" > $HOME/.kube/config
chmod 600 $HOME/.kube/config chmod 600 $HOME/.kube/config
# Internal DNS Trick # Internal DNS Trick (für Kommunikation innerhalb des Clusters)
sed -i 's|server: https://.*:6443|server: https://kubernetes.default.svc:443|g' $HOME/.kube/config sed -i 's|server: https://.*:6443|server: https://kubernetes.default.svc:443|g' $HOME/.kube/config
# 5. Deploy to Kubernetes # 5. Deploy to Kubernetes
- name: Deploy to Kubernetes - name: Deploy to Kubernetes
run: | run: |
# Namespace # Namespace erstellen (falls nicht existiert)
kubectl create namespace ${{ env.TARGET_NS }} --dry-run=client -o yaml | kubectl apply -f - kubectl create namespace ${{ env.TARGET_NS }} --dry-run=client -o yaml | kubectl apply -f -
# Platzhalter ersetzen # Vollen Image Pfad bauen
# Wir bauen den vollen Image-Pfad für die Ersetzung
FULL_IMAGE_URL="${{ env.REGISTRY }}/${{ env.FULL_IMAGE_PATH }}:${{ env.IMAGE_TAG }}" FULL_IMAGE_URL="${{ env.REGISTRY }}/${{ env.FULL_IMAGE_PATH }}:${{ env.IMAGE_TAG }}"
# Ingress # 1. Ingress anpassen (Hier wird die URL eingesetzt!)
sed -i "s|\${APP_URL}|${{ env.APP_URL }}|g" k8s/ingress.yaml sed -i "s|\${APP_URL}|${{ env.APP_URL }}|g" k8s/ingress.yaml
# App Deployment & Secrets # 2. App Deployment anpassen (Image & Secrets)
# HINWEIS: Falls du keine Secrets hast, nimm Fallback-Werte oder entferne die Zeilen # Nutze Secrets oder Fallback-Werte
ADMIN_USER="${{ secrets.ADMIN_USER || 'lehrer' }}" ADMIN_USER="${{ secrets.ADMIN_USER || 'lehrer' }}"
ADMIN_PASS="${{ secrets.ADMIN_PASS || 'geheim123' }}" ADMIN_PASS="${{ secrets.ADMIN_PASS || 'geheim123' }}"
@@ -97,15 +107,15 @@ jobs:
sed -i "s|\${ADMIN_USER}|$ADMIN_USER|g" k8s/app.yaml sed -i "s|\${ADMIN_USER}|$ADMIN_USER|g" k8s/app.yaml
sed -i "s|\${ADMIN_PASS}|$ADMIN_PASS|g" k8s/app.yaml sed -i "s|\${ADMIN_PASS}|$ADMIN_PASS|g" k8s/app.yaml
# Apply # Anwenden
echo "Deploying to Namespace: ${{ env.TARGET_NS }}" echo "Deploying Resources to Namespace: ${{ env.TARGET_NS }}"
kubectl apply -f k8s/redis.yaml -n ${{ env.TARGET_NS }} kubectl apply -f k8s/redis.yaml -n ${{ env.TARGET_NS }}
kubectl apply -f k8s/app.yaml -n ${{ env.TARGET_NS }} kubectl apply -f k8s/app.yaml -n ${{ env.TARGET_NS }}
kubectl apply -f k8s/ingress.yaml -n ${{ env.TARGET_NS }} kubectl apply -f k8s/ingress.yaml -n ${{ env.TARGET_NS }}
# Force Update # Force Update (damit das neue Image sicher geladen wird)
kubectl rollout restart deployment/escape-game -n ${{ env.TARGET_NS }} kubectl rollout restart deployment/escape-game -n ${{ env.TARGET_NS }}
# 6. Summary # 6. Summary
- name: Summary - name: Summary
run: echo "🚀 Deployed to https://${{ env.APP_URL }}" run: echo "🚀 Deployed successfully to https://${{ env.APP_URL }}"

13
k8s/ingress.yaml
View File

@@ -10,8 +10,7 @@ spec:
ingressClassName: traefik ingressClassName: traefik
tls: tls:
- hosts: - hosts:
- ${APP_URL} # Wird von CI ersetzt - ${APP_URL}
- "escape-from-school.de"
secretName: game-tls-secret secretName: game-tls-secret
rules: rules:
- host: ${APP_URL} - host: ${APP_URL}
@@ -24,13 +23,3 @@ spec:
name: escape-game name: escape-game
port: port:
number: 80 number: 80
- host: "escape-from-school.de"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: escape-game
port:
number: 80