Blog: Publication Pipeline

Level 2 (Topic) — The multi-step chain from Git push to live site.

Concept

The blog is not deployed directly from blog-src. It uses a GitOps publication model:

Git push (master) → GitHub Action → Docker Hub → Flux image automation → cluster rollout

Step by Step

  1. Git push to blog-src branch master
  2. GitHub Action Publish Blog runs from .github/workflows/publish.yml
    • Checks out code with submodules: recursive
    • Builds the Hugo site via multi-stage Docker build
    • Pushes tazzo/tazlab-blog:latest and tazzo/tazlab-blog:blog-<N>-<sha>
  3. Flux ImageRepository in tazlab-k8s polls Docker Hub every 1 minute
  4. Flux ImagePolicy selects the highest run number tag
  5. Flux ImageUpdateAutomation commits the new tag to tazlab-k8s master
  6. Flux apps-static Kustomization reconciles and the Deployment rolls out

Tag Contract

TagPurposeExample
latestAlways the most recent buildtazzo/tazlab-blog:latest
blog-<N>-<sha>Immutable per-buildtazzo/tazlab-blog:blog-47-a1b2c3d

Flux uses numerical: order: asc on the immutable tags to pick the latest.

Dockerfile

Multi-stage build:

StageBasePurpose
builderhugomods/hugo:stdBuild static site with hugo --minify
finalnginx:stable-alpineServe static files on port 80

Layer ordering in the Dockerfile is optimized for build cache:

  1. Themes (least frequent changes)
  2. Config + assets + layouts (infrequent changes)
  3. Content (most frequent changes, last)

See Also