ci: add repo secret

- updated dockerfile
- updated readme regarding image upload

.gitea_deprecated/workflows/build.yaml

@@ -0,0 +1,73 @@
+name: Build the portfolio website
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+
+jobs:
+  build-portfolio-website:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v2
+        with:
+          node-version: "20"
+
+      - name: Install dependencies
+        run: cd frontend && npm install
+
+      - name: Build the project
+        run: cd frontend && npm run build
+
+  build-and-release-image:
+    runs-on: ubuntu-latest
+    container: catthehacker/ubuntu:act-latest
+    needs: build-portfolio-website
+    if: success()
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # all history for all branches and tags
+
+      - name: Create kubeconfig
+        run: |
+          mkdir -p ~/.kube
+          echo "${{ secrets.KUBE_CONFIG }}" | base64 -d > ~/.kube/config
+          chmod 600 ~/.kube/config
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          driver: kubernetes
+          driver-opts: |
+            namespace=gitea
+            qemu.install=true
+
+      - name: Login to Docker registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ secrets.DOCKER_REGISTRY }}
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Generate timestamp
+        id: timestamp
+        run: echo "timestamp=$(date +%Y%m%d%H%M%S)" >> $GITEA_OUTPUT
+
+      - name: Build Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile
+          push: true
+          tags: |
+            ${{ secrets.DOCKER_REGISTRY }}/taqi/portfolio/my-portfolio-app:latest
+            ${{ secrets.DOCKER_REGISTRY }}/taqi/portfolio/my-portfolio-app:1.0.0-${{ steps.timestamp.outputs.timestamp }}

.trivyignore

@@ -0,0 +1,9 @@
+CVE-2024-4068
+CVE-2024-21538
+CVE-2024-21536
+CVE-2025-7783
+CVE-2024-29415
+CVE-2022-23539
+CVE-2022-24771
+CVE-2022-24772
+CVE-2024-29180

.woodpecker/build.yaml

@@ -0,0 +1,35 @@
+when:
+  - event: [push, pull_request, manual]
+    branch: [master, feature/*]
+
+steps:
+  - name: trivy-scan
+    image: aquasec/trivy:latest
+    commands:
+      - trivy fs --scanners vuln,config --exit-code 1  --ignorefile .trivyignore --severity HIGH,CRITICAL frontend/
+
+  - name: lint-frontend
+    image: node:24
+    commands:
+      - cd frontend
+      - npm install
+      - npm run lint
+
+  - name: build-and-publish
+    image: woodpeckerci/plugin-docker-buildx
+    settings:
+      registry:
+        from_secret: docker_registry
+      repo:
+        from_secret: portfolio_docker_repo
+      tags:
+        - latest
+        - 1.0.0-${CI_PIPELINE_NUMBER} # Ref: https://woodpecker-ci.org/docs/usage/environment
+      skip_tls_verify: false # set to true for testing registries ONLY with self-signed certs
+      build_args:
+        - COMMIT_SHA=${CI_COMMIT_SHA}
+        - COMMIT_AUTHOR_EMAIL=${CI_COMMIT_AUTHOR_EMAIL}
+      username:
+        from_secret: docker-username
+      password:
+        from_secret: docker-password

Dockerfile

@@ -1,5 +1,5 @@
 # Step 1: Build the React app
-FROM node:20 AS build
+FROM node:24-slim AS build
 
 WORKDIR /app
 

README.md

@@ -1,5 +1,4 @@
-My Portfolio Website
-=====================
+# My Portfolio Website
 
 # Overview
 
@@ -31,4 +30,19 @@ docker push $DOCKER_REGISTRY/my-portfolio-app:latest
 
 # Check the registry
 curl -u user:pass https://$DOCKER_REGISTRY/v2/_catalog
-```
+
+# Or if using gitea registry
+curl --netrc -X GET https://gitea.yourdomain.com/v2/_catalog
+```
+
+# CI/CD
+
+Run in Gitea Actions within kubernetes cluster
+
+Current, the project has workflow files for:
+
+- Build and push the container to the registry
+- Deploy the container to the Kubernetes cluster
+
+Thus making a commit to the master branch will automatically build the
+container and deploy it to the cluster.

frontend/package.json

@@ -36,6 +36,9 @@
     "tailwindcss": "^3.4.11",
     "typescript": "^5.5.3",
     "typescript-eslint": "^8.0.1",
-    "vite": "^5.4.1"
+    "vite": "^7.0.6"
+  },
+  "overrides": {
+    "@types/minimatch": "5.1.2"
   }
 }

frontend/src/components/Navbar.tsx

@@ -35,11 +35,13 @@ const Navbar: React.FC<NavProps> = ({ toggleDarkMode, darkMode }) => {
       }
     }
 
-    document.addEventListener('mousedown', handleClickoutside)
+    if (isMenuOpen) {
+      document.addEventListener('mousedown', handleClickoutside)
+    }
     return () => {
       document.removeEventListener('mousedown', handleClickoutside)
     }
-  })
+  }, [isMenuOpen])
 
   const menuItem = [
     { title: 'Home', href: '/' },

frontend/tsconfig.app.tsbuildinfo

@@ -1 +1 @@
-{"root":["./src/App.tsx","./src/main.tsx","./src/vite-env.d.ts","./src/components/Introduction.tsx","./src/components/Navbar.tsx","./src/components/Photo.tsx","./src/components/Skills.tsx"],"version":"5.6.2"}
+{"root":["./src/App.tsx","./src/constants.tsx","./src/main.tsx","./src/vite-env.d.ts","./src/components/Footer.tsx","./src/components/Introduction.tsx","./src/components/Navbar.tsx","./src/components/Photo.tsx","./src/components/Sidebar.tsx","./src/components/Skills.tsx","./src/components/Tooltip.tsx","./src/pages/Experience.tsx","./src/pages/Home.tsx","./src/pages/Interests.tsx","./src/pages/Projects.tsx"],"version":"5.8.3"}

frontend/tsconfig.node.tsbuildinfo

@@ -1 +1 @@
-{"root":["./vite.config.ts"],"version":"5.6.2"}
+{"root":["./vite.config.ts"],"version":"5.8.3"}

scripts/create_kubeconfig.sh

@@ -0,0 +1,144 @@
+#!/usr/bin/env bash
+
+function usage() {
+    echo "--namespace <namespace> --user <user>  --kubeconfig <kubeconfig>"
+}
+
+function create_namespace() {
+    local namespace="$1"
+    kubectl create namespace "$namespace" \
+        --dry-run=client -o yaml | kubectl apply -f -
+}
+
+function create_service_account() {
+    local user="$1"
+    local namespace="$2"
+
+    kubectl create serviceaccount "$user" \
+        --namespace "$namespace" \
+        --dry-run=client -o yaml | kubectl apply -f -
+
+    # Create associated secret
+    kubectl apply -f - <<EOF
+apiVersion: v1
+kind: Secret
+metadata:
+  name: ${user}-secret
+  namespace: ${namespace}
+  annotations:
+    kubernetes.io/service-account.name: ${user}
+type: kubernetes.io/service-account-token
+EOF
+
+    echo "Service account $user created in namespace $namespace"
+}
+
+function create_role() {
+    local user="$1"
+    local namespace="$2"
+
+    kubectl create role "$user" \
+        --verb=get,list,watch,create,update,delete,patch,exec \
+        --resource=pods,pods/exec,services,deployments,secrets,configmaps \
+        --namespace "$namespace" \
+        --dry-run=client -o yaml | kubectl apply -f -
+
+    echo "Role $user created in namespace $namespace"
+}
+
+function create_role_binding() {
+    local user="$1"
+    local namespace="$2"
+
+    kubectl create rolebinding "$user" \
+        --role="$user" \
+        --serviceaccount="$namespace:$user" \
+        --namespace "$namespace" \
+        --dry-run=client -o yaml | kubectl apply -f -
+
+    echo "Role binding $user created in namespace $namespace"
+}
+
+function create_kubeconfig() {
+    local user="$1"
+    local namespace="$2"
+    local kubeconfig="$3"
+
+    SECRET_NAME=${user}-secret
+    CLUSTER_NAME=$(kubectl config view --minify -o jsonpath='{.clusters[0].name}')
+    TOKEN=$(kubectl get secret "$SECRET_NAME" -n "$namespace" -o jsonpath='{.data.token}' | base64 --decode)
+    CA=$(kubectl get secret "$SECRET_NAME" -n "$namespace" -o jsonpath='{.data.ca\.crt}')
+
+    SERVER=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}')
+
+    # Create kubeconfig file with proper indentation
+    cat >"${kubeconfig}" <<EOF
+apiVersion: v1
+kind: Config
+clusters:
+- name: ${CLUSTER_NAME}
+  cluster:
+    server: ${SERVER}
+    certificate-authority-data: ${CA}
+contexts:
+- name: ${CLUSTER_NAME}-${namespace}-ci
+  context:
+    cluster: ${CLUSTER_NAME}
+    namespace: ${namespace}
+    user: ${user}
+current-context: ${CLUSTER_NAME}-${namespace}-ci
+users:
+- name: ${user}
+  user:
+    token: ${TOKEN}
+EOF
+
+    echo "Kubeconfig file created at ${kubeconfig}"
+}
+
+# Main script
+function main() {
+    local namespace=""
+    local user=""
+    local kubeconfig=""
+
+    while [[ "$#" -gt 0 ]]; do
+        case $1 in
+        -n|--namespace)
+            namespace="$2"
+            shift
+            ;;
+        -u|--user)
+            user="$2"
+            shift
+            ;;
+        -k|--kubeconfig)
+            kubeconfig="$2"
+            shift
+            ;;
+        -h|--help)
+            usage
+            exit 0
+            ;;
+        *)
+            usage
+            exit 1
+            ;;
+        esac
+        shift
+    done
+
+    if [[ -z "$namespace" || -z "$user" || -z "$kubeconfig" ]]; then
+        usage
+        exit 1
+    fi
+
+    create_namespace "$namespace"
+    create_service_account "$user" "$namespace"
+    create_role "$user" "$namespace"
+    create_role_binding "$user" "$namespace"
+    create_kubeconfig "$user" "$namespace" "$kubeconfig"
+}
+
+# Call the main function
+main "$@"