Blog: Publication Pipeline
Level 2 (Topic) — The multi-step chain from Git push to live site.
Concept
The blog is not deployed directly from blog-src. It uses a GitOps publication model:
Git push (master) → GitHub Action → Docker Hub → Flux image automation → cluster rollout
Step by Step
- Git push to
blog-srcbranchmaster - GitHub Action
Publish Blogruns from.github/workflows/publish.yml- Checks out code with
submodules: recursive - Builds the Hugo site via multi-stage Docker build
- Pushes
tazzo/tazlab-blog:latestandtazzo/tazlab-blog:blog-<N>-<sha>
- Checks out code with
- Flux
ImageRepositoryintazlab-k8spolls Docker Hub every 1 minute - Flux
ImagePolicyselects the highest run number tag - Flux
ImageUpdateAutomationcommits the new tag totazlab-k8smaster - Flux
apps-staticKustomization reconciles and the Deployment rolls out
Tag Contract
| Tag | Purpose | Example |
|---|---|---|
latest | Always the most recent build | tazzo/tazlab-blog:latest |
blog-<N>-<sha> | Immutable per-build | tazzo/tazlab-blog:blog-47-a1b2c3d |
Flux uses numerical: order: asc on the immutable tags to pick the latest.
Dockerfile
Multi-stage build:
| Stage | Base | Purpose |
|---|---|---|
| builder | hugomods/hugo:std | Build static site with hugo --minify |
| final | nginx:stable-alpine | Serve static files on port 80 |
Layer ordering in the Dockerfile is optimized for build cache:
- Themes (least frequent changes)
- Config + assets + layouts (infrequent changes)
- Content (most frequent changes, last)
See Also
- Detail: CI/CD Detail
- Cluster: Image Automation Detail
- Hub: blog-src