name: Build and Deploy (Kaniko + Kubectl) on: push: branches: [ main ] workflow_dispatch: jobs: # --- 第一部分:构建并推送镜像 (保持原样,稍作变量优化) --- build: runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Build and Push uses: docker://gcr.io/kaniko-project/executor:v1.23.2-debug with: entrypoint: /busybox/sh args: >- -c " HOST='gitea-http.gitea.svc.cluster.local:3000'; RAW_USER='${{ gitea.actor }}'; LOWER_USER=$(echo $RAW_USER | tr '[:upper:]' '[:lower:]'); PASS='${{ secrets.PACKAGES_TOKEN }}'; echo \"DEBUG: Host=\$HOST User=\$LOWER_USER\"; AUTH_STR=$(echo -n \"${RAW_USER}:${PASS}\" | base64 | tr -d '\n'); echo \"{\\\"auths\\\":{\\\"\$HOST\\\":{\\\"auth\\\":\\\"\$AUTH_STR\\\"}}}\" > /kaniko/.docker/config.json; /kaniko/executor --context=. --dockerfile=Dockerfile --destination=\$HOST/\$LOWER_USER/my-docs:latest --destination=\$HOST/\$LOWER_USER/my-docs:${{ github.sha }} --insecure --skip-tls-verify --cache=true " # --- 第二部分:部署到 K8s (新增部分) --- deploy: needs: build # 只有 build 成功才执行 runs-on: ubuntu-latest steps: - name: Deploy to Kubernetes # 使用包含 kubectl 的轻量级镜像 uses: docker://bitnami/kubectl:latest env: # 需要在 Gitea Secrets 中配置 KUBE_CONFIG KUBECONFIG_CONTENT: ${{ secrets.KUBE_CONFIG_TEST }} with: entrypoint: /bin/sh args: >- -c " # 1. 配置 Kubeconfig echo \"$KUBECONFIG_CONTENT\" > /tmp/kubeconfig; export KUBECONFIG=/tmp/kubeconfig; # 2. 准备变量 (保持与 Build 阶段一致的逻辑) HOST='gitea-http.gitea.svc.cluster.local:3000'; RAW_USER='${{ gitea.actor }}'; LOWER_USER=$(echo $RAW_USER | tr '[:upper:]' '[:lower:]'); IMAGE_TAG='${{ github.sha }}'; FULL_IMAGE=\"$HOST/$LOWER_USER/my-docs:$IMAGE_TAG\"; echo \"Deploying image: $FULL_IMAGE\"; # 3. 执行滚动更新 # 注意:请将 'my-docs-deployment' 替换为你 K8s 里真实的 Deployment 名称 # 注意:请将 'my-container' 替换为 Deployment yaml 里定义的容器名称 kubectl set image deployment/my-docs nginx=$FULL_IMAGE -n dev; kubectl rollout restart deployment/my-docs -n dev # 4. 等待部署完成 kubectl rollout status deployment/my-docs -n dev; kubectl get pods -n dev -l app=my-docs "