joungmin/tasteby
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix build_spec for ARM64 cross-build with buildx/QEMU, add IAM docs

Browse Source 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
joungmin
2026-03-09 23:53:02 +09:00
parent 745913ca5b
commit 7a896c8c56
2 changed files with 62 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
build_spec.yaml
View File

@@ -1,6 +1,6 @@
version: 0.1 version: 0.1
component: build component: build
timeoutInSeconds: 1200 timeoutInSeconds: 1800
runAs: root runAs: root
shell: bash shell: bash
@@ -13,6 +13,13 @@ env:
- FRONTEND_IMAGE - FRONTEND_IMAGE
steps: steps:
- type: Command
name: "Setup buildx for ARM64"
command: |
docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
docker buildx create --name armbuilder --use
docker buildx inspect --bootstrap
- type: Command - type: Command
name: "Set image tag" name: "Set image tag"
command: | command: |
@@ -27,20 +34,22 @@ steps:
name: "Build backend image" name: "Build backend image"
command: | command: |
cd backend-java cd backend-java
docker build --platform linux/arm64 \ docker buildx build --platform linux/arm64 \
-t "${BACKEND_IMAGE}" \ -t "${BACKEND_IMAGE}" \
-t "${REGISTRY}/backend:latest" \ -t "${REGISTRY}/backend:latest" \
--load \
. .
- type: Command - type: Command
name: "Build frontend image" name: "Build frontend image"
command: | command: |
cd frontend cd frontend
docker build --platform linux/arm64 \ docker buildx build --platform linux/arm64 \
--build-arg NEXT_PUBLIC_GOOGLE_MAPS_API_KEY="${NEXT_PUBLIC_GOOGLE_MAPS_API_KEY}" \ --build-arg NEXT_PUBLIC_GOOGLE_MAPS_API_KEY="${NEXT_PUBLIC_GOOGLE_MAPS_API_KEY}" \
--build-arg NEXT_PUBLIC_GOOGLE_CLIENT_ID="${NEXT_PUBLIC_GOOGLE_CLIENT_ID}" \ --build-arg NEXT_PUBLIC_GOOGLE_CLIENT_ID="${NEXT_PUBLIC_GOOGLE_CLIENT_ID}" \
-t "${FRONTEND_IMAGE}" \ -t "${FRONTEND_IMAGE}" \
-t "${REGISTRY}/frontend:latest" \ -t "${REGISTRY}/frontend:latest" \
--load \
. .
outputArtifacts: outputArtifacts:

50
docs/cicd-architecture.md
View File

@@ -150,6 +150,56 @@ oci → OCI Code Repository ← CI/CD 트리거용
두 리모트에 모두 push하여 소스와 빌드를 동기화합니다. 두 리모트에 모두 push하여 소스와 빌드를 동기화합니다.
### OCI IAM 권한 설정 (빌드/배포용)
OCI DevOps Build Pipeline이 코드 레포, OCIR, 시크릿 등에 접근하려면 **Dynamic Group**과 **IAM Policy**가 필요합니다.
#### Dynamic Group
| 이름 | 설명 |
|------|------|
| `tasteby-build-pipeline` | DevOps 빌드/배포 파이프라인 리소스 |
**Matching Rule:**
```
ANY {
resource.type = 'devopsbuildpipeline',
resource.type = 'devopsrepository',
resource.type = 'devopsdeploypipeline',
resource.type = 'devopsconnection'
}
```
#### IAM Policy
| 이름 | 설명 |
|------|------|
| `tasteby-devops-policy` | DevOps 파이프라인 리소스 접근 권한 |
**Policy Statements:**
```
Allow dynamic-group tasteby-build-pipeline to manage devops-family in tenancy
Allow dynamic-group tasteby-build-pipeline to manage repos in tenancy
Allow dynamic-group tasteby-build-pipeline to read secret-family in tenancy
Allow dynamic-group tasteby-build-pipeline to manage generic-artifacts in tenancy
Allow dynamic-group tasteby-build-pipeline to use ons-topics in tenancy
```
> **참고**: IAM 정책은 적용 후 전파에 최대 수 분이 걸릴 수 있습니다.
> 빌드 실행 시 `RelatedResourceNotAuthorizedOrNotFound` 오류가 나면 정책 전파를 기다린 후 재시도하세요.
#### OCI Code Repository 인증 (HTTPS)
```
Username: <tenancy-name>/oracleidentitycloudservice/<oci-username>
Password: OCI Auth Token (User Settings에서 생성)
```
```bash
# Git remote 추가 예시
git remote add oci https://devops.scmservice.ap-seoul-1.oci.oraclecloud.com/namespaces/<namespace>/projects/tasteby/repositories/tasteby
```
### build_spec.yaml 구조 ### build_spec.yaml 구조
```yaml ```yaml