From bfaf4871ebc4a680d0e20c05570b63f594846fd1 Mon Sep 17 00:00:00 2001
From: Neon Vortex <neon-vortex@cluster.local>
Date: Tue, 25 Nov 2025 13:49:00 -0500
Subject: [PATCH] Add Kaniko build automation for resume-site
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Namespace for resume-site resources
- Build trigger CronJob (runs every 5 minutes)
- Kaniko-based image builds to Harbor
- RBAC for build job creation
- PVC for tracking last commit

Follows same pattern as neon-vortex

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 k8s/build-trigger-cronjob.yaml |  39 ++++++++++++
 k8s/build-trigger-pvc.yaml     |  12 ++++
 k8s/build-trigger-rbac.yaml    |  32 ++++++++++
 k8s/build-trigger-script.yaml  | 110 +++++++++++++++++++++++++++++++++
 k8s/kustomization.yaml         |   8 +++
 k8s/namespace.yaml             |   4 ++
 6 files changed, 205 insertions(+)
 create mode 100644 k8s/build-trigger-cronjob.yaml
 create mode 100644 k8s/build-trigger-pvc.yaml
 create mode 100644 k8s/build-trigger-rbac.yaml
 create mode 100644 k8s/build-trigger-script.yaml
 create mode 100644 k8s/kustomization.yaml
 create mode 100644 k8s/namespace.yaml

diff --git a/k8s/build-trigger-cronjob.yaml b/k8s/build-trigger-cronjob.yaml
new file mode 100644
index 0000000..c40ea66
--- /dev/null
+++ b/k8s/build-trigger-cronjob.yaml
@@ -0,0 +1,39 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: resume-site-build-trigger
+  namespace: resume-site
+spec:
+  schedule: "*/5 * * * *"
+  concurrencyPolicy: Forbid
+  successfulJobsHistoryLimit: 1
+  failedJobsHistoryLimit: 1
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          serviceAccountName: build-trigger-cron-sa
+          restartPolicy: Never
+          containers:
+          - name: trigger
+            image: alpine/k8s:1.28.13
+            command:
+            - /bin/bash
+            args:
+            - -c
+            - |
+              apk add --no-cache git bash curl
+              /scripts/trigger-build.sh
+            volumeMounts:
+            - name: script
+              mountPath: /scripts
+            - name: data
+              mountPath: /data
+          volumes:
+          - name: script
+            configMap:
+              name: build-trigger-script
+              defaultMode: 0755
+          - name: data
+            persistentVolumeClaim:
+              claimName: build-trigger-data
diff --git a/k8s/build-trigger-pvc.yaml b/k8s/build-trigger-pvc.yaml
new file mode 100644
index 0000000..666e652
--- /dev/null
+++ b/k8s/build-trigger-pvc.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: build-trigger-data
+  namespace: resume-site
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Mi
+  storageClassName: longhorn
diff --git a/k8s/build-trigger-rbac.yaml b/k8s/build-trigger-rbac.yaml
new file mode 100644
index 0000000..2d5439d
--- /dev/null
+++ b/k8s/build-trigger-rbac.yaml
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: build-trigger-cron-sa
+  namespace: resume-site
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: build-trigger-role
+  namespace: flux-builds
+rules:
+- apiGroups: ["batch"]
+  resources: ["jobs"]
+  verbs: ["create", "get", "list", "delete"]
+- apiGroups: [""]
+  resources: ["pods", "pods/log"]
+  verbs: ["get", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: build-trigger-binding
+  namespace: flux-builds
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: build-trigger-role
+subjects:
+- kind: ServiceAccount
+  name: build-trigger-cron-sa
+  namespace: resume-site
diff --git a/k8s/build-trigger-script.yaml b/k8s/build-trigger-script.yaml
new file mode 100644
index 0000000..ca87b57
--- /dev/null
+++ b/k8s/build-trigger-script.yaml
@@ -0,0 +1,110 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: build-trigger-script
+  namespace: resume-site
+data:
+  trigger-build.sh: |
+    #!/bin/bash
+    set -e
+
+    # Configuration
+    GIT_URL="http://192.168.1.49:13001/admin/resume-site.git"
+    REPO_DIR="/tmp/repo"
+    LAST_COMMIT_FILE="/data/last_commit"
+
+    echo "Checking for new commits..."
+
+    # Clone or update repository
+    if [ ! -d "$REPO_DIR" ]; then
+      git clone "$GIT_URL" "$REPO_DIR"
+    else
+      cd "$REPO_DIR"
+      git fetch origin main
+      git reset --hard origin/main
+    fi
+
+    cd "$REPO_DIR"
+    CURRENT_COMMIT=$(git rev-parse HEAD)
+    SHORT_COMMIT=$(git rev-parse --short HEAD)
+
+    echo "Current commit: $CURRENT_COMMIT"
+
+    # Read last processed commit
+    LAST_COMMIT=""
+    if [ -f "$LAST_COMMIT_FILE" ]; then
+      LAST_COMMIT=$(cat "$LAST_COMMIT_FILE")
+      echo "Last processed commit: $LAST_COMMIT"
+    fi
+
+    # Check if there are new commits
+    if [ "$CURRENT_COMMIT" != "$LAST_COMMIT" ]; then
+      echo "New commit detected! Triggering build..."
+
+      # Create a new build job with unique name
+      TIMESTAMP=$(date +%s)
+      JOB_NAME="build-cron-$SHORT_COMMIT-$TIMESTAMP"
+
+      # Generate build job YAML
+      cat <<EOF | kubectl apply -f -
+    apiVersion: batch/v1
+    kind: Job
+    metadata:
+      name: $JOB_NAME
+      namespace: flux-builds
+      labels:
+        app: resume-site
+        build-trigger: cronjob
+        git-commit: "$SHORT_COMMIT"
+    spec:
+      ttlSecondsAfterFinished: 1800
+      template:
+        spec:
+          restartPolicy: Never
+          initContainers:
+          - name: git-clone
+            image: alpine/git:latest
+            command:
+            - sh
+            - -c
+            - |
+              git clone $GIT_URL /workspace
+              cd /workspace
+              git checkout $CURRENT_COMMIT
+            volumeMounts:
+            - name: workspace
+              mountPath: /workspace
+          containers:
+          - name: kaniko
+            image: gcr.io/kaniko-project/executor:latest
+            args:
+            - "--dockerfile=/workspace/Dockerfile"
+            - "--context=/workspace"
+            - "--destination=images.caffeinetux.com/production/resume-site:latest"
+            - "--destination=images.caffeinetux.com/production/resume-site:$SHORT_COMMIT"
+            - "--cache=true"
+            - "--cache-repo=images.caffeinetux.com/production/resume-site/cache"
+            volumeMounts:
+            - name: workspace
+              mountPath: /workspace
+            - name: docker-config
+              mountPath: /kaniko/.docker
+          volumes:
+          - name: workspace
+            emptyDir: {}
+          - name: docker-config
+            secret:
+              secretName: harbor-registry
+              items:
+              - key: .dockerconfigjson
+                path: config.json
+    EOF
+
+      echo "Build job created: $JOB_NAME"
+
+      # Update last commit
+      echo "$CURRENT_COMMIT" > "$LAST_COMMIT_FILE"
+      echo "Updated last commit reference"
+    else
+      echo "No new commits. Skipping build."
+    fi
diff --git a/k8s/kustomization.yaml b/k8s/kustomization.yaml
new file mode 100644
index 0000000..a2c05ed
--- /dev/null
+++ b/k8s/kustomization.yaml
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - namespace.yaml
+  - build-trigger-rbac.yaml
+  - build-trigger-pvc.yaml
+  - build-trigger-script.yaml
+  - build-trigger-cronjob.yaml
diff --git a/k8s/namespace.yaml b/k8s/namespace.yaml
new file mode 100644
index 0000000..8f09153
--- /dev/null
+++ b/k8s/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: resume-site