MWiberg/nextjs-slack-clone
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ci: added action
Some checks are pending
/ build-and-push (push) Waiting to run
Details
/ deploy (push) Blocked by required conditions
Details

Browse source
This commit is contained in:
Mattias Wiberg 2025-06-05 21:08:26 +02:00
parent 5c5ffb411b
commit dbbaae7387
2 changed files with 191 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

66
.forgejo/workflows/README.md Normal file
View file

@ -0,0 +1,66 @@
# Forgejo Actions for NextJS Slack Clone
This directory contains Forgejo action workflow configurations to build, push, and deploy our NextJS Slack Clone application using a secure service account approach.
## Workflows
### build-and-deploy.yaml
This workflow handles:
1. Building the Docker image
2. Pushing the image to the private registry (registrar.mattiaswiberg.com)
3. Deploying the application using Helm to the Kubernetes cluster with service account authentication
## Required Secrets
The following secrets need to be configured in your Forgejo repository settings:
1. `REGISTRY_USERNAME`: Username for the private Docker registry
2. `REGISTRY_PASSWORD`: Password for the private Docker registry
3. `K8S_SERVER_URL`: The Kubernetes API server URL (e.g., https://kubernetes.default.svc or your cluster endpoint)
4. `K8S_CA_CERT`: Base64-encoded certificate authority data for your Kubernetes cluster
5. `K8S_SA_TOKEN`: The service account token with permissions to deploy your application
6. `NEXT_PUBLIC_SUPABASE_URL`: Supabase URL for your project
7. `NEXT_PUBLIC_SUPABASE_ANON_KEY`: Supabase anonymous key for your project
## Setting Up Service Account Authentication
For secure Kubernetes authentication, we use a dedicated service account rather than a full kubeconfig. This follows security best practices by providing only the necessary permissions for CI/CD deployments.
To set up the required secrets:
1. Deploy the application once manually to create the service account and role
2. Get the service account token and cluster details:
```bash
# Get the service account token
SECRET_NAME=$(kubectl get serviceaccount nextjs-slack-clone -n default -o jsonpath='{.secrets[0].name}')
TOKEN=$(kubectl get secret $SECRET_NAME -n default -o jsonpath='{.data.token}' | base64 --decode)
echo $TOKEN # This is your K8S_SA_TOKEN
# Get the cluster CA certificate
CA_CERT=$(kubectl config view --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}')
echo $CA_CERT # This is your K8S_CA_CERT
# Get the server URL
SERVER_URL=$(kubectl config view --raw -o jsonpath='{.clusters[0].cluster.server}')
echo $SERVER_URL # This is your K8S_SERVER_URL
```
3. Go to your repository settings
4. Navigate to "Actions" and then "Secrets"
5. Add each of the required secrets listed above
## Manual Trigger
You can also manually trigger the workflow using the "Actions" tab in your repository and selecting the "build-and-deploy" workflow.
## Monitoring Deployments
After deployment, you can check the status of your application using:
```bash
kubectl get pods -l app=nextjs-slack-clone
```
Or visit the application at https://chat.mattiaswiberg.com