jason.woltje/professional-website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Next 16 + Payload 3 scaffold with Kaniko CI and Swarm deploy (#1)
Some checks failed
ci/woodpecker/push/web Pipeline failed
Details

Browse Source 
Co-authored-by: Jason Woltje <jason@diversecanvas.com>
Co-committed-by: Jason Woltje <jason@diversecanvas.com>
This commit was merged in pull request #1.
This commit is contained in:
Jason Woltje
2026-04-14 03:21:17 +00:00
committed by jason.woltje
parent c800bef739
commit 8c5a25e976
51 changed files with 9353 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

155
.woodpecker/web.yml Normal file
View File

@@ -0,0 +1,155 @@
when:
- event: [push, pull_request, manual]
- event: tag
variables:
- &node_image "node:24-alpine"
- &install_deps |
corepack enable
pnpm config set store-dir /tmp/pnpm-store
pnpm install --frozen-lockfile
- &enable_pnpm |
corepack enable
pnpm config set store-dir /tmp/pnpm-store
- &kaniko_setup |
mkdir -p /kaniko/.docker
echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$$GITEA_USER\",\"password\":\"$$GITEA_TOKEN\"}}}" > /kaniko/.docker/config.json
steps:
install:
image: *node_image
commands:
- *install_deps
lint:
image: *node_image
commands:
- *enable_pnpm
- pnpm lint
depends_on:
- install
typecheck:
image: *node_image
commands:
- *enable_pnpm
- pnpm typecheck
depends_on:
- install
build:
image: *node_image
environment:
NODE_ENV: "production"
NEXT_PUBLIC_BUILD_SHA: ${CI_COMMIT_SHA:0:8}
NEXT_PUBLIC_BUILD_REV: ${CI_COMMIT_BRANCH:-${CI_COMMIT_TAG}}
commands:
- *enable_pnpm
- pnpm build
depends_on:
- lint
- typecheck
security-audit:
image: *node_image
commands:
- *enable_pnpm
- pnpm audit --prod --audit-level=high || true
depends_on:
- install
docker-build:
image: gcr.io/kaniko-project/executor:debug
environment:
GITEA_USER:
from_secret: gitea_username
GITEA_TOKEN:
from_secret: gitea_token
CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH}
CI_COMMIT_TAG: ${CI_COMMIT_TAG}
CI_COMMIT_SHA: ${CI_COMMIT_SHA}
commands:
- *kaniko_setup
- |
set -e
IMAGE="git.mosaicstack.dev/jason.woltje/professional-website"
SHORT_SHA="$${CI_COMMIT_SHA:0:8}"
DESTINATIONS="--destination $$IMAGE:sha-$$SHORT_SHA"
if [ -n "$$CI_COMMIT_TAG" ]; then
DESTINATIONS="$$DESTINATIONS --destination $$IMAGE:$$CI_COMMIT_TAG"
fi
if [ "$$CI_COMMIT_BRANCH" = "main" ]; then
DESTINATIONS="$$DESTINATIONS --destination $$IMAGE:latest"
elif [ "$$CI_COMMIT_BRANCH" = "develop" ]; then
DESTINATIONS="$$DESTINATIONS --destination $$IMAGE:dev"
fi
/kaniko/executor \
--context . \
--dockerfile Dockerfile \
--build-arg NEXT_PUBLIC_BUILD_SHA=sha-$$SHORT_SHA \
--build-arg NEXT_PUBLIC_BUILD_REV=$${CI_COMMIT_TAG:-$$CI_COMMIT_BRANCH} \
$$DESTINATIONS
when:
- branch: [main, develop]
event: [push, manual]
- event: tag
depends_on:
- build
- security-audit
security-trivy:
image: aquasec/trivy:latest
environment:
GITEA_USER:
from_secret: gitea_username
GITEA_TOKEN:
from_secret: gitea_token
CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH}
CI_COMMIT_TAG: ${CI_COMMIT_TAG}
CI_COMMIT_SHA: ${CI_COMMIT_SHA}
commands:
- |
set -e
IMAGE="git.mosaicstack.dev/jason.woltje/professional-website"
if [ -n "$$CI_COMMIT_TAG" ]; then
SCAN_TAG="$$CI_COMMIT_TAG"
else
SCAN_TAG="sha-$${CI_COMMIT_SHA:0:8}"
fi
mkdir -p ~/.docker
echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$$GITEA_USER\",\"password\":\"$$GITEA_TOKEN\"}}}" > ~/.docker/config.json
trivy image --exit-code 1 --severity HIGH,CRITICAL --ignore-unfixed \
$$IMAGE:$$SCAN_TAG
when:
- branch: [main, develop]
event: [push, manual]
- event: tag
depends_on:
- docker-build
link-package:
image: alpine:3
environment:
GITEA_TOKEN:
from_secret: gitea_token
commands:
- apk add --no-cache curl
- |
set -e
STATUS=$$(curl -s -o /dev/null -w "%{http_code}" -X POST \
-H "Authorization: token $$GITEA_TOKEN" \
"https://git.mosaicstack.dev/api/v1/packages/jason.woltje/container/professional-website/-/link/professional-website")
if [ "$$STATUS" = "201" ] || [ "$$STATUS" = "204" ]; then
echo "Package linked"
elif [ "$$STATUS" = "400" ]; then
echo "Package already linked (OK)"
else
echo "Unexpected response: $$STATUS"
exit 1
fi
when:
- branch: [main, develop]
event: [push, manual]
- event: tag
depends_on:
- security-trivy