From 1d2c650225b6c134f90752ff43bd6911b7fb67b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicol=C3=A1s=20Georger?= Date: Sat, 23 Mar 2024 07:19:47 -0300 Subject: [PATCH 1/2] Add kaniko-multiarch.yaml workflow and update .gitignore (expected failure) --- .github/workflows/kaniko-multiarch.yaml | 55 +++++++++++++++++++++++++ .gitignore | 5 ++- 2 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/kaniko-multiarch.yaml diff --git a/.github/workflows/kaniko-multiarch.yaml b/.github/workflows/kaniko-multiarch.yaml new file mode 100644 index 0000000..8ea6471 --- /dev/null +++ b/.github/workflows/kaniko-multiarch.yaml @@ -0,0 +1,55 @@ +name: Build with kaniko container + +on: + push: + branches: + - kaniko + # push: + # tags: + # - 'v*' + # pull_request: + # branches: + # - main + workflow_dispatch: + inputs: + manual-tag: + description: 'Manual Tag' + required: false + default: 'main' + type: string + ghost_version: + description: 'Ghost version' + required: false + default: '5.80.2' + type: string + +permissions: + contents: read + packages: write + id-token: write # needed for signing the images with GitHub OIDC Token + +jobs: + kaniko: + runs-on: ubuntu-latest + env: + DOCKER_USER: ${{ vars.DOCKER_USER }} + DOCKER_PASS: ${{ secrets.DOCKER_PASS }} + GITHUB_USER: ${{ github.actor }} + GITHUB_TOKEN: ${{ github.token }} + PROJECT: ${{ github.repository_owner }} + + container: + image: gcr.io/kaniko-project/executor:debug + options: --entrypoint ["dockerfile=", "context=dir://", "destination="] + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Workdir + run: | + cp ./Dockerfile /workspace/Dockerfile + working-directory: ${{ github.workspace }} + + - name: Credentials as docker config + run: | + echo "{\"auths\":{\"docker.pkg.github.com\":{\"username\":\"${DOCKER_USER}\",\"password\":\"${DOCKER_PASS}\"},\"ghcr.io\":{\"username\":\"${GITHUB_USER}\",\"password\":\"${GITHUB_TOKEN}\"}}}" > /kaniko/.docker/config.json + working-directory: /workspace diff --git a/.gitignore b/.gitignore index 3f63b15..0e425b0 100644 --- a/.gitignore +++ b/.gitignore @@ -103,7 +103,7 @@ kubernetes-deployment/config.json dockermount/ test/ -**.local +**.local.** ghost-upstream/ content/ config.production.json @@ -114,3 +114,6 @@ ghost-local.db .monokle .monokle docker-compose.yml +trustr-production-promote.yaml +trustr-staging-build-monorepo.yaml +trustr-staging-build-not-monorepo.yaml From a3aec25f1f16725e8c450e188b4474208d3046ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicol=C3=A1s=20Georger?= Date: Mon, 1 Apr 2024 07:52:54 -0300 Subject: [PATCH 2/2] Update storageClassName and service labels*** ***Update Dockerfile and deployment resources --- .github/workflows/kaniko-multiarch.yaml | 55 ------------------------- Dockerfile | 7 ++-- deploy/02-pvc.yaml | 4 +- deploy/03-service.yaml | 12 +++--- deploy/05-mysql.yaml | 45 +++++++++++++------- deploy/06-ghost-deployment.yaml | 19 +++++---- 6 files changed, 53 insertions(+), 89 deletions(-) delete mode 100644 .github/workflows/kaniko-multiarch.yaml diff --git a/.github/workflows/kaniko-multiarch.yaml b/.github/workflows/kaniko-multiarch.yaml deleted file mode 100644 index 8ea6471..0000000 --- a/.github/workflows/kaniko-multiarch.yaml +++ /dev/null @@ -1,55 +0,0 @@ -name: Build with kaniko container - -on: - push: - branches: - - kaniko - # push: - # tags: - # - 'v*' - # pull_request: - # branches: - # - main - workflow_dispatch: - inputs: - manual-tag: - description: 'Manual Tag' - required: false - default: 'main' - type: string - ghost_version: - description: 'Ghost version' - required: false - default: '5.80.2' - type: string - -permissions: - contents: read - packages: write - id-token: write # needed for signing the images with GitHub OIDC Token - -jobs: - kaniko: - runs-on: ubuntu-latest - env: - DOCKER_USER: ${{ vars.DOCKER_USER }} - DOCKER_PASS: ${{ secrets.DOCKER_PASS }} - GITHUB_USER: ${{ github.actor }} - GITHUB_TOKEN: ${{ github.token }} - PROJECT: ${{ github.repository_owner }} - - container: - image: gcr.io/kaniko-project/executor:debug - options: --entrypoint ["dockerfile=", "context=dir://", "destination="] - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Workdir - run: | - cp ./Dockerfile /workspace/Dockerfile - working-directory: ${{ github.workspace }} - - - name: Credentials as docker config - run: | - echo "{\"auths\":{\"docker.pkg.github.com\":{\"username\":\"${DOCKER_USER}\",\"password\":\"${DOCKER_PASS}\"},\"ghcr.io\":{\"username\":\"${GITHUB_USER}\",\"password\":\"${GITHUB_TOKEN}\"}}}" > /kaniko/.docker/config.json - working-directory: /workspace diff --git a/Dockerfile b/Dockerfile index a8da14f..37589fd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,8 +9,7 @@ FROM node:hydrogen-bookworm-slim AS build-env ENV NODE_ENV production # Install the latest version of Ghost CLI globally and clean the npm cache -RUN npm install -g "ghost-cli@latest" && \ - npm cache clean --force +RUN npm install -g "ghost-cli@latest" # Define the GHOST_VERSION build argument and set it as an environment variable ARG GHOST_VERSION @@ -23,11 +22,11 @@ ENV GHOST_CONTENT_ORIGINAL /var/lib/ghost/content.orig # Create the Ghost installation directory and set the owner to the "node" user RUN mkdir -pv "$GHOST_INSTALL" && \ - chown node:node "$GHOST_INSTALL" + chown node:node "$GHOST_INSTALL" # Switch to the "node" user and set the working directory to the home directory USER node -WORKDIR /home/node +# WORKDIR /home/node # Install Ghost with the specified version, using MySQL as the database, and configure it without prompts, stack traces, setup, and in the specified installation directory RUN ghost install $GHOST_VERSION --db mysql --dbhost mysql --no-prompt --no-stack --no-setup --dir $GHOST_INSTALL diff --git a/deploy/02-pvc.yaml b/deploy/02-pvc.yaml index 9b713c3..28eb5e8 100644 --- a/deploy/02-pvc.yaml +++ b/deploy/02-pvc.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/component: frontend app.kubernetes.io/part-of: ghost-k8s spec: - storageClassName: longhorn-rwx # Change this to your storageClassName + storageClassName: longhorn-tmp # Change this to your storageClassName volumeMode: Filesystem accessModes: - ReadWriteMany # Change this to your accessModes if needed @@ -33,7 +33,7 @@ metadata: app.kubernetes.io/part-of: ghost-k8s spec: - storageClassName: longhorn-rwx # Change this to your storageClassName + storageClassName: longhorn-tmp # Change this to your storageClassName volumeMode: Filesystem accessModes: - ReadWriteMany # Change this to ReadWriteOnce if you are not using a distributed storage system diff --git a/deploy/03-service.yaml b/deploy/03-service.yaml index 0377ea6..a8e0f03 100644 --- a/deploy/03-service.yaml +++ b/deploy/03-service.yaml @@ -4,11 +4,11 @@ metadata: name: service-ghost-k8s namespace: ghost-k8s labels: - app: service-ghost-k8s - app.kubernetes.io/name: service-ghost-k8s + app: ghost-k8s + app.kubernetes.io/name: ghost-k8s app.kubernetes.io/instance: ghost-k8s app.kubernetes.io/version: "5.8" - app.kubernetes.io/component: service + app.kubernetes.io/component: service-ghost app.kubernetes.io/part-of: ghost-k8s spec: @@ -29,11 +29,11 @@ metadata: name: service-mysql-ghost-k8s namespace: ghost-k8s labels: - app: service-mysql-ghost-k8s - app.kubernetes.io/name: service-mysql-ghost-k8s + app: mysql-ghost-k8s + app.kubernetes.io/name: mysql-ghost-k8s app.kubernetes.io/instance: ghost-k8s app.kubernetes.io/version: "5.8" - app.kubernetes.io/component: database + app.kubernetes.io/component: service app.kubernetes.io/part-of: ghost-k8s spec: ports: diff --git a/deploy/05-mysql.yaml b/deploy/05-mysql.yaml index c67e622..e9565a3 100644 --- a/deploy/05-mysql.yaml +++ b/deploy/05-mysql.yaml @@ -21,9 +21,6 @@ spec: labels: app: mysql-ghost-k8s app.kubernetes.io/name: mysql-ghost-k8s - app.kubernetes.io/instance: ghost-k8s - app.kubernetes.io/version: "5.8" - app.kubernetes.io/component: database annotations: container.apparmor.security.beta.kubernetes.io/mysql-ghost-k8s: runtime/default spec: @@ -41,19 +38,35 @@ spec: - -c - | set -ex - chown -R 999:999 /mnt/mysql || true + echo 'Changing ownership of mysql mount directory to 999:999' + chown -R 999:999 /mnt/mysql || echo 'Error changing ownership of mysql mount directory to 999:999' && true + echo 'Changing ownership of tmp mount directory to 999:999' + chown -R 999:999 /mnt/tmp || echo 'Error changing ownership of tmp mount directory to 999:999' && true + echo 'Changing ownership of socket mount directory to 999:999' + chown -R 999:999 /mnt/var/run/mysqld || echo 'Error changing ownership of socket mount directory to 999:999' && true + exit 0 + + volumeMounts: - name: mysql-ghost-k8s-volume mountPath: /mnt/mysql subPath: mysql-empty-dir + + - name: mysql-ghost-k8s-tmp + mountPath: /mnt/tmp + readOnly: false + + - name: mysql-ghost-k8s-socket + mountPath: /mnt/var/run/mysqld + readOnly: false + resources: requests: - memory: 100Mi - cpu: 100m + memory: 400Mi + cpu: 300m limits: - memory: 200Mi - cpu: 200m - + memory: 1000Mi # You c + cpu: 1000m containers: - name: mysql-ghost-k8s @@ -65,17 +78,17 @@ spec: runAsUser: 999 image: docker.io/mysql:8.2 - imagePullPolicy: IfNotPresent + imagePullPolicy: IfNotPresent # You can change this value according to your needs envFrom: - secretRef: name: mysql-ghost-k8s resources: requests: - memory: 200Mi - cpu: 100m + memory: 400Mi + cpu: 300m limits: - memory: 1Gi - cpu: 1000m + memory: 1Gi # You can change this value according to your needs + cpu: 1000m # You can change this value according to your needs ports: - containerPort: 3306 protocol: TCP @@ -84,13 +97,16 @@ spec: - name: mysql-ghost-k8s-volume mountPath: /var/lib/mysql subPath: mysql-empty-dir + - name: mysql-ghost-k8s-tmp mountPath: /tmp readOnly: false + - name: mysql-ghost-k8s-socket mountPath: /var/run/mysqld readOnly: false automountServiceAccountToken: false + # Optional: Uncomment the following to specify node selectors # affinity: # nodeAffinity: @@ -105,6 +121,7 @@ spec: securityContext: seccompProfile: type: RuntimeDefault + volumes: - name: mysql-ghost-k8s-volume persistentVolumeClaim: diff --git a/deploy/06-ghost-deployment.yaml b/deploy/06-ghost-deployment.yaml index 8d3d856..f60bbb6 100644 --- a/deploy/06-ghost-deployment.yaml +++ b/deploy/06-ghost-deployment.yaml @@ -53,8 +53,8 @@ spec: runAsNonRoot: false resources: limits: - cpu: 500m - memory: 256Mi + cpu: 1000m + memory: 1000Mi requests: cpu: 100m memory: 128Mi @@ -62,18 +62,21 @@ spec: - /bin/bash - '-c' - | - set -e + set -ex # Check if $GHOST_CONTENT/themes/source exists if [ ! -d "$GHOST_CONTENT/themes/source" ]; then # Clone the repository if the directory doesn't exist git clone https://github.com/TryGhost/Source.git $GHOST_CONTENT/themes/source --single-branch --branch=main --depth=1 echo "Cloned Source theme" + # Remove gitconfig file and gitcredentials file. + rm -f $GHOST_CONTENT/themes/source/.gitconfig $GHOST_CONTENT/themes/source/.git-credentials || true else - # If the directory exists, cd into it and pull the latest changes - cd $GHOST_CONTENT/themes/source - git config --global --add safe.directory $PWD - git pull origin main - echo "Pulled latest changes from Source theme" + # If the directory exists, recursively delete it. + rm -rf $GHOST_CONTENT/themes/source + # Clone the repository + git clone https://github.com/TryGhost/Source.git $GHOST_CONTENT/themes/source --single-branch --branch=main --depth=1 + # Remove gitconfig file and gitcredentials file. + rm -f $GHOST_CONTENT/themes/source/.gitconfig $GHOST_CONTENT/themes/source/.git-credentials || true fi chown -Rf 1000:1000 $GHOST_CONTENT || true echo "Assured ownership of the ghost installation"