From 16e8c6c8654363890a56597b02a40cb083c33df8 Mon Sep 17 00:00:00 2001 From: "s0wlz (Matthias Puchstein)" Date: Wed, 6 May 2026 15:29:51 +0200 Subject: [PATCH] ci: upgrade Helm to v4.1.4, switch images to Alpine 3.23, disable backup cron MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - release.yml: bump Helm v3.16.2 → v4.1.4; replace --wait with --rollback-on-failure (Helm 4 rename, implies --wait) - Dockerfile: backend builder rust:1.95-slim-bookworm → rust:1.95-alpine3.23 (adds cmake/g++/perl/nasm/sqlite-dev for aws-lc-rs + sqlx); runtime debian:trixie-slim → alpine:3.23 (adds sqlite-libs, uses adduser -D) - cronjob-backup: gate on backup.enabled, pin image to alpine:3.23 - values.yaml: backup.enabled default true - values_override.yaml: backup.enabled: false (disabled until tested) Co-Authored-By: Claude Sonnet 4.6 --- .gitea/workflows/release.yml | 4 ++-- Dockerfile | 9 +++++---- deploy/templates/cronjob-backup.yaml | 4 +++- deploy/values.yaml | 3 +++ deploy/values_override.yaml | 3 +++ 5 files changed, 16 insertions(+), 7 deletions(-) diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml index 53f0ec6..ca659b0 100644 --- a/.gitea/workflows/release.yml +++ b/.gitea/workflows/release.yml @@ -105,7 +105,7 @@ jobs: - name: Set up Helm uses: azure/setup-helm@v4 with: - version: v3.16.2 + version: v4.1.4 - name: Deploy via Helm run: | @@ -113,4 +113,4 @@ jobs: -f ./deploy/values_override.yaml \ --set image.tag=${{ github.ref_name }} \ -n ${{ env.NAMESPACE }} \ - --wait --timeout 5m + --rollback-on-failure --timeout 5m diff --git a/Dockerfile b/Dockerfile index d99d1ed..246f9d7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,7 +10,8 @@ RUN pnpm run check RUN pnpm run build # --- Backend Build --- -FROM rust:1.95-slim-bookworm AS backend-builder +FROM rust:1.95-alpine3.23 AS backend-builder +RUN apk add --no-cache cmake g++ perl nasm sqlite-dev WORKDIR /app/backend COPY backend/Cargo.toml backend/Cargo.lock ./ RUN mkdir src && echo "fn main() {}" > src/main.rs && cargo build --release && rm -rf src @@ -20,9 +21,9 @@ COPY backend/demo ./demo RUN touch src/main.rs && cargo build --release # --- Runtime --- -FROM debian:trixie-slim -RUN apt-get update && apt-get install -y ca-certificates curl && rm -rf /var/lib/apt/lists/* -RUN useradd -u 1000 -m app +FROM alpine:3.23 +RUN apk add --no-cache ca-certificates curl sqlite-libs +RUN adduser -D -u 1000 app WORKDIR /app COPY --from=backend-builder /app/backend/target/release/tutortool ./server COPY --from=backend-builder /app/backend/demo ./backend/demo diff --git a/deploy/templates/cronjob-backup.yaml b/deploy/templates/cronjob-backup.yaml index 8aa0444..e64b73e 100644 --- a/deploy/templates/cronjob-backup.yaml +++ b/deploy/templates/cronjob-backup.yaml @@ -1,3 +1,4 @@ +{{- if .Values.backup.enabled }} apiVersion: batch/v1 kind: CronJob metadata: @@ -25,7 +26,7 @@ spec: topologyKey: kubernetes.io/hostname containers: - name: backup - image: alpine:latest + image: alpine:3.23 command: - /bin/sh - -c @@ -40,3 +41,4 @@ spec: - name: data persistentVolumeClaim: claimName: {{ include "tutortool.fullname" . }}-data +{{- end }} diff --git a/deploy/values.yaml b/deploy/values.yaml index 83fcffe..c7febb4 100644 --- a/deploy/values.yaml +++ b/deploy/values.yaml @@ -48,6 +48,9 @@ httpRoute: # Do not set jwtSecretValue in committed values — provision via kubectl manually. jwtSecretName: tutortool-jwt +backup: + enabled: true + env: DATABASE_URL: sqlite:/data/attendance.db STATIC_DIR: /app/frontend/build diff --git a/deploy/values_override.yaml b/deploy/values_override.yaml index f3587bf..80c0c71 100644 --- a/deploy/values_override.yaml +++ b/deploy/values_override.yaml @@ -7,3 +7,6 @@ image: env: extra: {} + +backup: + enabled: false