fix(ci): update Gitea Registry CI/CD workflows and enhance image verification
Deployment Config CI / Deployment Config (push) Has been cancelled

This commit is contained in:
2026-05-01 23:55:34 +08:00
parent e0b6c1a9fa
commit 0b5bddc1da
2 changed files with 17 additions and 0 deletions
+8
View File
@@ -228,3 +228,11 @@
- `Dockerfile.ops-web` now builds the operations frontend and serves it through its existing nginx proxy to `ops-api`.
- Verification succeeded with `kubectl kustomize deploy/k3s`, local YAML parsing of 30 rendered Kubernetes objects, `bash -n` for deploy scripts, `git diff --check`, `pnpm --filter ops-web build`, and `pnpm --filter admin-web typecheck`.
- Live `kubectl apply --dry-run=client` validation could not complete locally because the configured kube-apiserver at `127.0.0.1:26443` is not running; run that validation on the target k3s node.
## Gitea Registry CI/CD Boundary - 2026-05-01
- Deployable business images are owned by two CI workflows: `frontend-ci.yml` publishes `frontend` and `ops-web`; `backend-ci.yml` publishes `migrate`, `tenant-api`, `ops-api`, `worker-generate`, `kol-assist-worker`, and `scheduler`.
- `deploy-config-ci.yml` is intentionally validation-only. It checks compose, shell scripts, and a smoke Docker build, but does not push images because deployment config is not a component image boundary.
- The canonical deploy tag is the pushed commit hash first 8 chars. CI uses `git rev-parse --short=8 HEAD`; CD and offline packaging default to the same value.
- Gitea Registry secret name is `REGISTRY_PASSWORD`; Gitea rejects secret names beginning with `GITEA_`.
- CD workflows verify required commit8 image tags in Gitea Registry before pulling or deploying. Missing images are treated as a failed prerequisite, not as a signal to build during CD.
- Offline packaging pulls previously published Gitea Registry images into the package; it does not rebuild business images when `SOURCE_IMAGE_REGISTRY` is set by the workflow.
+9
View File
@@ -697,3 +697,12 @@
- Confirmed the four platform templates are stored in `article_templates` and currently seeded by `server/cmd/dev-seed/main.go`.
- Confirmed production deployment jobs only run database migrations, so a fresh environment can miss the four template records unless dev seed is run manually.
- Decision: add a production-safe platform-template initializer and wire it into the migrate job/image instead of running the broad dev seed path.
## 2026-05-01T07:15:00Z - Gitea Registry CI/CD cleanup
- Kept `deploy-config-ci.yml` validation-only after the user clarified it should not own images.
- Scoped `frontend-ci.yml` to `admin-web` and `ops-web` plus shared packages/Dockerfiles; removed browser-extension typecheck from this workflow.
- Added Gitea Registry publishing to frontend/backend CI with commit8 tags and skip-if-tag-exists behavior through `deploy/scripts/gitea-registry-images.sh`.
- Added commit8 image verification to compose/k3s/offline deployment paths so CD fails if CI has not produced the required image.
- Changed offline package defaults to use commit8 instead of tag names and to pull business images from the Gitea Registry.
- Verification passed: workflow YAML parse, deploy script `bash -n`, and `sh -n` over all workflow run blocks.