[skip ci] wip

.kontinuous/values.yaml

@@ -41,170 +41,7 @@ jobs:
           NEXT_PUBLIC_STRAPI_API_URL: "https://strapi-{{ .Values.global.host}}"
 
     build-api:
-      # use: build
-      checkout: true
-      action: false
-      retry: 0
-      image: moby/buildkit:v0.13.0-rootless
-      # image: ghcr.io/socialgouv/buildkit:v0.13.0-rootless
-      # kubernetes: true
-      cpuLimit: "2"
-      cpuRequest: 500m
-      memoryLimit: 4Gi
-      memoryRequest: 1Gi
-      entrypoint: ["/bin/sh", "-c"]
-      user: 1000
-      group: 1000
-      annotations:
-        container.apparmor.security.beta.kubernetes.io/job: unconfined
-      seccompProfile:
-        type: Unconfined
-      actionSecurityContext:
-        allowPrivilegeEscalation: true
-      envFrom:
-        - secretRef:
-            name:
-              "{{ or $.with.registrySecretRefName
-              $.Values.global.registrySecretRefName }}"
-      env:
-        - name: BUILDKITD_FLAGS
-          value: --oci-worker-no-process-sandbox
-      secrets: "{{ $.with.secrets | toJson }}"
-      volumes:
-        - name: buildkitd
-          emptyDir: {}
-        - name: certs
-          secret:
-            secretName:
-              "{{ or $.with.buildkitServiceClientCertsSecretName
-              `buildkit-client-certs` }}"
-            optional: true
-      volumeMounts:
-        - mountPath: /home/user/.local/share/buildkit
-          name: buildkitd
-        - mountPath: /buildkit-certs
-          name: certs
-          readOnly: true
-      run: |
-        {{ if $.with.registry }}
-        export CI_REGISTRY="{{ $.with.registry }}"
-        {{ end }}
-        export IMAGE_NAME={{ if (or $.with.imageProject $.Values.global.imageProject) }}{{ (print "/" (or $.with.imageProject $.Values.global.imageProject)) }}{{ end }}/{{ or $.with.imageRepository $.Values.global.imageRepository }}{{ if $.with.imagePackage }}{{ (print "/" $.with.imagePackage) }}{{else}}/app{{ end }}{{ if $.with.target }}{{ (print "-" $.with.target) }}{{ end }}
-        export IMAGE_PATH="${CI_REGISTRY}${IMAGE_NAME}"
-
-        {{ $gitDefaultBranch := (or $.with.gitDefaultBranch .Values.global.gitDefaultBranch "main") }}
-        buildctl_options_cache="\
-          "
-
-        {{ if eq $.Values.global.branchSlug $gitDefaultBranch  }}
-        buildctl_options_cache="\
-          $buildctl_options_cache \
-          --export-cache type=registry,mode=max,image-manifest=true,ignore-error=true,ref=$IMAGE_PATH:cache-{{ $.Values.global.branchSlug }} \
-          "
-        {{ end }}
-
-        buildkit_addr={{ or $.with.buildkitServiceAddr $.Values.global.buildkitServiceAddr "tcp://buildkit-service.buildkit-service.svc:1234" }}
-
-        # consistent hashing distribution
-        {{ $buildkitSvcCount := (or $.with.buildkitSvcCount $.Values.global.buildkitSvcCount) }}
-        {{ if $buildkitSvcCount }}
-        ## setup consistent hashing variable
-        export pod_count={{ $buildkitSvcCount }}
-        export pod_hash_ref="$IMAGE_NAME"
-
-        ## get the pod number
-        # pod_num=$(( 0x$(echo "$pod_hash_ref" | md5sum | cut -d ' ' -f 1 | head -c 15) ))
-        # [ $pod_num -lt 0 ] && pod_num=$((pod_num * -1))
-        # pod_num=$(( $pod_num % $pod_count ))
-        pod_num=2
-
-        ## rewrite addr
-        prefix_addr="${buildkit_addr%%.*}"
-        protocol="${prefix_addr%%://*}"
-        # protocol=kube-pod
-        subdomain="${prefix_addr#*//}"
-
-        buildkit_addr=$(echo "$buildkit_addr" | sed "s|$prefix_addr|$protocol://$subdomain-$pod_num.$subdomain|")
-        {{ end }}
-
-        # buildkit_addr="tcp://test-buildkit-service.test-buildkit-service.svc:1235" # enable in debug to emulate service failure
-
-        {{ $buildkitServiceEnabled := (or $.with.buildkitServiceEnabled $.Values.global.buildkitServiceEnabled) }}
-        {{ if $buildkitServiceEnabled }}
-        buildctl_cmd="buildctl --addr $buildkit_addr "
-        buildctl_options_mtls=""
-        if [ -f /buildkit-certs/cert.pem ]; then
-          buildctl_options_mtls="\
-            --tlscacert /buildkit-certs/ca.pem \
-            --tlscert /buildkit-certs/cert.pem \
-            --tlskey /buildkit-certs/key.pem \
-          "
-        fi
-        {{ else }}
-        buildctl_cmd=buildctl-daemonless.sh
-        {{ end }}
-
-        mkdir -p /home/user/.docker
-        echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /home/user/.docker/config.json
-        export LATEST_TAG=""
-        if [ "{{ $.Values.global.isProd }}" = "true" ]; then
-          export LATEST_TAG=",$IMAGE_PATH:latest"
-        fi
-
-        runBuildkit() {
-          tempfile=$(mktemp -u)
-          pipe=$(mktemp -u)
-          mkfifo "$pipe"
-          tee "$tempfile" < "$pipe" &
-
-          $buildctl_cmd \
-            $buildctl_options_mtls \
-            build \
-            --frontend gateway.v0 \
-            --opt source=docker/dockerfile:1 \
-            --local context=/workspace/{{ if $.with.context }}/{{ $.with.context }}{{ end }} \
-            --local dockerfile=/workspace{{ if $.with.context }}/{{ $.with.context }}{{ end }} \
-            --opt filename=./{{ or $.with.dockerfile "Dockerfile" }} \
-            --output type=image,\"name=$IMAGE_PATH:{{ or $.with.imageTag $.Values.global.imageTag }},$IMAGE_PATH:{{ $.Values.global.branchSlug32 }}$LATEST_TAG\",push=true \
-            $buildctl_options_cache \
-            {{ if $.with.buildArgs -}}
-            {{- range $key, $val := $.with.buildArgs -}}
-            --opt build-arg:"{{ tpl $key $ }}={{ tpl (print $val) $ }}" \
-            {{ end -}}
-            {{ end -}}
-            {{ if $.with.secrets -}}
-            {{- range $id, $val := $.with.secrets -}}
-            --secret id={{ or $val.id $id }},env=SECRET_{{ $id | upper }} \
-            {{ end -}}
-            {{ end -}}
-            {{ if $.with.target -}}
-            --target="{{ $.with.target }}" \
-            {{ end -}}
-              >"$pipe" 2>&1
-          return $?
-        }
-
-        set +e
-        runBuildkit
-        status=$?
-        set -e
-
-        if [ "$status" -ne 0 ]; then
-          echo "Command failed. Handling error..."
-          if grep -q -e "listing workers for Build: failed to list workers: Unavailable" -e "closing transport due to: connection error" $tempfile; then
-            echo "buildkit optimized service unavailable, fallback to local build"
-            buildctl_cmd="buildctl-daemonless.sh"
-            buildctl_options_mtls=""
-            runBuildkit
-          else
-            exit $status
-          fi
-        fi
-
-        echo "build succeeded."
-
-        echo "$IMAGE_PATH:{{ or $.with.imageTag $.Values.global.imageTag }}" >$KONTINUOUS_OUTPUT/IMAGE
-
+      use: build
       with:
         imagePackage: api
         context: ./api

api/Dockerfile

@@ -4,24 +4,24 @@ ENV NODE_ENV=production
 
 COPY yarn.lock .yarnrc.yml ./
 COPY .yarn .yarn
-# RUN yarn fetch --immutable
-#
-# COPY . .
-#
-# RUN yarn build && \
-#   yarn workspaces focus --all --production
-#
-# FROM node:20 as runner
-# WORKDIR /app
-# ENV NODE_ENV=production
-#
-# COPY --chown=node:node .yarnrc.yml package.json yarn.lock ./
-# COPY --chown=node:node .yarn .yarn
-# COPY --chown=node:node public ./public
-# COPY --from=builder --chown=node:node /app/node_modules ./node_modules
-# COPY --from=builder --chown=node:node /app/build ./build
-# COPY --from=builder --chown=node:node /app/.strapi ./strapi
-#
-# USER 1000
-#
-# CMD [ "yarn", "start" ]
+RUN yarn fetch --immutable
+
+COPY . .
+
+RUN yarn build && \
+  yarn workspaces focus --all --production
+
+FROM node:20 as runner
+WORKDIR /app
+ENV NODE_ENV=production
+
+COPY --chown=node:node .yarnrc.yml package.json yarn.lock ./
+COPY --chown=node:node .yarn .yarn
+COPY --chown=node:node public ./public
+COPY --from=builder --chown=node:node /app/node_modules ./node_modules
+COPY --from=builder --chown=node:node /app/build ./build
+COPY --from=builder --chown=node:node /app/.strapi ./strapi
+
+USER 1000
+
+CMD [ "yarn", "start" ]