Build und CI/CD
Build-System mit Git-Metadaten, Multi-Arch Docker-Images und automatischem Deployment.
Build-Pipeline
Section titled “Build-Pipeline”graph LR
subgraph Build ["Build"]
Info["build-info.sh<br/>Git-Metadaten"]
Vite["Vite Build<br/>SvelteKit → Static"]
end
subgraph Docker ["Docker"]
Stage1["Stage 1<br/>bun:alpine"]
Stage2["Stage 2<br/>nginx:alpine"]
end
subgraph CI ["GitLab CI"]
Assets["build-assets<br/>bun install + build"]
Amd64["build:amd64<br/>Kaniko"]
Arm64["build:arm64<br/>Kaniko"]
Merge["merge-manifest<br/>Docker Manifest"]
Deploy["deploy<br/>Flux Webhook"]
end
Info -->|"Env Vars"| Vite
Vite -->|"build/"| Stage1
Stage1 -->|"Static Assets"| Stage2
Assets --> Amd64
Assets --> Arm64
Amd64 --> Merge
Arm64 --> Merge
Merge -->|"master"| Deploy
Versions-Informationen
Section titled “Versions-Informationen”build-info.sh
Section titled “build-info.sh”Extrahiert Git-Metadaten vor dem Build und exportiert als Umgebungsvariablen:
| Variable | Quelle | Beschreibung |
|---|---|---|
APP_NAME | Default: “Janus Home” | Anwendungsname |
GIT_TAG | git describe --tags | Letzter Git-Tag |
GIT_COMMIT_SHORT | git rev-parse --short | Kurzer Commit-Hash |
GIT_COMMIT_FULL | git rev-parse HEAD | Voller Commit-Hash |
GIT_COMMIT_DATE | git log -1 --format='%ci' | Commit-Datum |
GIT_BRANCH | git rev-parse --abbrev-ref | Branch-Name |
BUILD_DATE | date -u | UTC Build-Zeitpunkt |
Vite Define
Section titled “Vite Define”Die Umgebungsvariablen werden zur Compile-Zeit in den Code injiziert:
define: { __APP_VERSION__: process.env.npm_package_version, __GIT_TAG__: process.env.GIT_TAG, __GIT_COMMIT_SHORT__: process.env.GIT_COMMIT_SHORT, __GIT_COMMIT_FULL__: process.env.GIT_COMMIT_FULL, __GIT_COMMIT_DATE__: process.env.GIT_COMMIT_DATE, __GIT_BRANCH__: process.env.GIT_BRANCH, __BUILD_DATE__: process.env.BUILD_DATE, __APP_NAME__: process.env.APP_NAME,}Docker
Section titled “Docker”Multi-Stage Dockerfile
Section titled “Multi-Stage Dockerfile”Stage 1 (Builder):
- Basis:
oven/bun:1-alpine - Installiert Dependencies mit
--frozen-lockfileFührtbuild-info.shundbun run buildaus
Stage 2 (Runtime):
- Basis:
nginx:alpine - Kopiert statische Assets
- Läuft als non-root User
nginx(UID 101) - Port: 8080
Nginx-Konfiguration
Section titled “Nginx-Konfiguration”| Einstellung | Wert |
|---|---|
| Port | 8080 |
| Gzip | Aktiviert |
| Asset-Cache | 1 Jahr (immutable) |
| SW-Cache | no-cache |
| SPA-Fallback | index.html |
Sicherheits-Header
Section titled “Sicherheits-Header”Content-Security-Policy: default-src 'self'X-Frame-Options: DENYX-Content-Type-Options: nosniffReferrer-Policy: strict-origin-when-cross-originGitLab CI/CD Pipeline
Section titled “GitLab CI/CD Pipeline”Stages
Section titled “Stages”| Stage | Job | Image | Zweck |
|---|---|---|---|
| build-assets | build-assets | oven/bun:1-alpine | Bun install + build |
| build | build:amd64 | Kaniko | Docker Image (amd64) |
| build | build:arm64 | Kaniko | Docker Image (arm64) |
| merge | merge-manifest | docker:27-cli | Multi-Arch Manifest |
| deploy | deploy | alpine:latest | Flux Webhook |
Pipeline-Ablauf
Section titled “Pipeline-Ablauf”- build-assets: Bun installiert Dependencies, führt Build aus
- build: Kaniko baut Docker-Images fur amd64 und arm64 parallel
- merge-manifest: Docker Manifest vereint beide Architekturen
- deploy: Triggered Flux Webhook (nur auf
masterBranch)
Trigger
Section titled “Trigger”- Alle Branches: build-assets, build, merge (kein MR)
- Nur master: deploy via Flux Webhook
Just-Befehle
Section titled “Just-Befehle”| Befehl | Beschreibung |
|---|---|
just install | Dependencies installieren |
just dev | Dev-Server starten |
just build | Produktions-Build mit Git-Metadaten |
just preview | Build-Vorschau |
just lint | ESLint + Prettier |
just check | TypeScript Type-Check |
just test | Vitest ausführen |
just qa | lint + check + test |
just docker-build | Lokales Docker-Image bauen |
just docker-run | Docker-Container starten |
just version X.Y.Z | Version bumpen (package.json + Chart.yaml) |