Merge pull request #112 from HideyoshiSolutions/develop

develop - chore: better and more secure docker cache

.dockerignore

@@ -1,11 +1,12 @@
-node_modules
+node_modules/*
-dist
+dist/*
+.k8s/*
+.github/*
 
-.github
 .gitignore
+.dockerignore
 Dockerfile
 README.md
-.k8s
 
 .env
 .secret

.github/workflows/deploy.yml

@@ -57,17 +57,17 @@ jobs:
               run: |
                 OWNER=$(echo "${GITHUB_REPOSITORY_OWNER}" | tr '[:upper:]' '[:lower:]')
                 REPO=$(echo "${GITHUB_REPOSITORY#*/}" | tr '[:upper:]' '[:lower:]')
-      
+
                 # Determine tag
                 if [ "${GITHUB_REF_NAME}" = "main" ]; then
                   TAG="latest"
                 else
                   TAG="dev"
                 fi
-      
+
                 SHORT_SHA=$(echo "${GITHUB_SHA}" | cut -c1-7)
                 IMAGE_BASE="ghcr.io/${OWNER}/${REPO}"
-      
+
                 echo "IMAGE_LATEST=${IMAGE_BASE}:${TAG}" >> $GITHUB_ENV
                 echo "IMAGE_SHA=${IMAGE_BASE}:sha-${SHORT_SHA}" >> $GITHUB_ENV
 
@@ -80,8 +80,12 @@ jobs:
                 tags: |
                   ${{ env.IMAGE_LATEST }}
                   ${{ env.IMAGE_SHA }}
-                cache-from: type=registry,ref=${{ env.IMAGE_LATEST }}
+                cache-from: |
-                cache-to: type=inline
+                  type=registry,ref=ghcr.io/hideyoshisolutions/frontend-hideyoshi.com:cache-${{ github.ref_name }}-amd64
+                  type=registry,ref=ghcr.io/hideyoshisolutions/frontend-hideyoshi.com:cache-${{ github.ref_name }}-arm64
+                cache-to: |
+                  type=registry,ref=ghcr.io/hideyoshisolutions/frontend-hideyoshi.com:cache-${{ github.ref_name }}-amd64,mode=max,platform=linux/amd64
+                  type=registry,ref=ghcr.io/hideyoshisolutions/frontend-hideyoshi.com:cache-${{ github.ref_name }}-arm64,mode=max,platform=linux/arm64
 
     deploy:
         needs: [docker]
@@ -112,21 +116,24 @@ jobs:
             run: |
               OWNER=$(echo "${GITHUB_REPOSITORY_OWNER}" | tr '[:upper:]' '[:lower:]')
               REPO=$(echo "${GITHUB_REPOSITORY#*/}" | tr '[:upper:]' '[:lower:]')
-              
+              SHORT_SHA=$(echo "${GITHUB_SHA}" | cut -c1-7)
+
               IMAGE_BASE="ghcr.io/${OWNER}/${REPO}"
-              IMAGE_TAG="${{ github.event.inputs.tag || 'latest' }}"
+              IMAGE_TAG="sha-${SHORT_SHA}"
-              
+
               echo "IMAGE_BASE=${IMAGE_BASE}" >> $GITHUB_ENV
               echo "IMAGE_TAG=${IMAGE_TAG}" >> $GITHUB_ENV
 
           - name: Apply Kubernetes Manifests - Configuration
-            run: envsubst < .k8s/config.yml | kubectl apply -f -
+            run: cat .k8s/config.yml | envsubst | kubectl apply -f -
 
           - name: Apply Kubernetes Manifests - Deployment
-            run: envsubst < .k8s/deployment.yaml | kubectl apply -f -
+            run: |
+                cat .k8s/deployment.yaml | envsubst | kubectl apply -f -
+                cat .k8s/deployment.yaml | envsubst | kubectl rollout status deployment/frontend-deployment -n ${KUBE_NAMESPACE} --timeout=120s
 
           - name: Apply Kubernetes Manifests - Service
-            run: envsubst < .k8s/service.yaml | kubectl apply -f -
+            run: cat .k8s/service.yaml | envsubst | kubectl apply -f -
 
           - name: Apply Kubernetes Manifests - Ingress
-            run: envsubst < .k8s/ingress.yaml | kubectl apply -f -
+            run: cat .k8s/ingress.yaml | envsubst | kubectl apply -f -