MWiberg/nextjs-slack-clone
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nextjs-slack-clone/.forgejo/workflows/README.md
Mattias Wiberg dbbaae7387
Some checks are pending
/ build-and-push (push) Waiting to run
Details
/ deploy (push) Blocked by required conditions
Details
ci: added action
2025-06-05 21:08:26 +02:00

2.6 KiB
Raw Blame History

Forgejo Actions for NextJS Slack Clone

This directory contains Forgejo action workflow configurations to build, push, and deploy our NextJS Slack Clone application using a secure service account approach.

Workflows

build-and-deploy.yaml

This workflow handles:

  1. Building the Docker image
  2. Pushing the image to the private registry (registrar.mattiaswiberg.com)
  3. Deploying the application using Helm to the Kubernetes cluster with service account authentication

Required Secrets

The following secrets need to be configured in your Forgejo repository settings:

  1. REGISTRY_USERNAME: Username for the private Docker registry
  2. REGISTRY_PASSWORD: Password for the private Docker registry
  3. K8S_SERVER_URL: The Kubernetes API server URL (e.g., https://kubernetes.default.svc or your cluster endpoint)
  4. K8S_CA_CERT: Base64-encoded certificate authority data for your Kubernetes cluster
  5. K8S_SA_TOKEN: The service account token with permissions to deploy your application
  6. NEXT_PUBLIC_SUPABASE_URL: Supabase URL for your project
  7. NEXT_PUBLIC_SUPABASE_ANON_KEY: Supabase anonymous key for your project

Setting Up Service Account Authentication

For secure Kubernetes authentication, we use a dedicated service account rather than a full kubeconfig. This follows security best practices by providing only the necessary permissions for CI/CD deployments.

To set up the required secrets:

  1. Deploy the application once manually to create the service account and role
  2. Get the service account token and cluster details:
# Get the service account token
SECRET_NAME=$(kubectl get serviceaccount nextjs-slack-clone -n default -o jsonpath='{.secrets[0].name}')
TOKEN=$(kubectl get secret $SECRET_NAME -n default -o jsonpath='{.data.token}' | base64 --decode)
echo $TOKEN  # This is your K8S_SA_TOKEN

# Get the cluster CA certificate
CA_CERT=$(kubectl config view --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}')
echo $CA_CERT  # This is your K8S_CA_CERT

# Get the server URL
SERVER_URL=$(kubectl config view --raw -o jsonpath='{.clusters[0].cluster.server}')
echo $SERVER_URL  # This is your K8S_SERVER_URL
  1. Go to your repository settings
  2. Navigate to "Actions" and then "Secrets"
  3. Add each of the required secrets listed above

Manual Trigger

You can also manually trigger the workflow using the "Actions" tab in your repository and selecting the "build-and-deploy" workflow.

Monitoring Deployments

After deployment, you can check the status of your application using:

kubectl get pods -l app=nextjs-slack-clone

Or visit the application at https://chat.mattiaswiberg.com