excalidraw: migrate image build to GHA -> private ghcr (ADR-0002)
The image was still built by hand and pushed to DockerHub (v1..v4), predating the all-builds-off-infra doctrine; Viktor chose to move it onto the standard pipeline while shipping the export/rename feature rather than keep the manual flow. Mirrors the k8s-portal pattern: .github/workflows/build-excalidraw.yml (go test + buildx linux/amd64, pushes ghcr latest+sha), excalidraw ns added to the Kyverno ghcr-credentials allowlist (package is PRIVATE), deployment now pins ghcr :latest with pullPolicy Always + pull secret, Keel force/match-tag/5m annotations seed the metadata (live values win via ignore_changes). DockerHub viktorbarzin/excalidraw-library:v4 stays frozen as the rollback image. Docs: ci-cd.md + .claude/CLAUDE.md image lists updated (also backfilled the missing k8s-portal rows in ci-cd.md). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
parent
1cbc1e962b
commit
8fc657f431
5 changed files with 77 additions and 7 deletions
|
|
@ -43,6 +43,11 @@ locals {
|
|||
# ghcr.io/passionprojectsanca/book-plotter (built by GHA in Anca's repo,
|
||||
# under her own org's ghcr). The deployment references the cloned secret.
|
||||
"plotting-book",
|
||||
# excalidraw: infra-owned image migrated from manual DockerHub pushes to
|
||||
# PRIVATE ghcr.io/viktorbarzin/excalidraw-library (ADR-0002, built by
|
||||
# .github/workflows/build-excalidraw.yml). The deployment references the
|
||||
# cloned secret.
|
||||
"excalidraw",
|
||||
]
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue