Initial commit.
This commit is contained in:
@@ -0,0 +1,133 @@
|
||||
name: Renovate PR Deployment
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
pull_request:
|
||||
types: [closed]
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- "**/docker-compose*.yml"
|
||||
|
||||
env:
|
||||
VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }}
|
||||
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
|
||||
HC_VAULT_VERSION: "1.21.4"
|
||||
|
||||
jobs:
|
||||
deploy:
|
||||
name: Renovate PR Deployment
|
||||
if: |
|
||||
github.event.pull_request.merged == true &&
|
||||
github.event.pull_request.user.login == 'renovate-bot'
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Check out code
|
||||
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Save docker-compose.yml after merge (new)
|
||||
run: |
|
||||
git show origin/main:docker-compose.yml > docker-compose-new.yml
|
||||
|
||||
- name: Detect services with image tag/digest changes
|
||||
id: detect_services
|
||||
run: |
|
||||
set -euo pipefail
|
||||
|
||||
echo "Flattening docker-compose files..."
|
||||
yq eval '... comments=""' docker-compose-old.yml > docker-compose-old-flat.yml
|
||||
yq eval '... comments=""' docker-compose-new.yml > docker-compose-new-flat.yml
|
||||
|
||||
echo "Getting service names..."
|
||||
yq eval '.services | keys | .[]' docker-compose-old-flat.yml | sort > services_old.txt
|
||||
yq eval '.services | keys | .[]' docker-compose-new-flat.yml | sort > services_new.txt
|
||||
|
||||
echo "Checking for image changes..."
|
||||
: > service_changes.txt
|
||||
|
||||
comm -12 services_old.txt services_new.txt | while read service; do
|
||||
old_image=$(yq eval-all --yaml-fix-merge-anchor-to-spec=true ".services[\"$service\"].image // \"\"" docker-compose-old-flat.yml)
|
||||
new_image=$(yq eval-all --yaml-fix-merge-anchor-to-spec=true ".services[\"$service\"].image // \"\"" docker-compose-new-flat.yml)
|
||||
|
||||
if [ "$old_image" != "$new_image" ]; then
|
||||
echo "$service" >> service_changes.txt
|
||||
fi
|
||||
done
|
||||
|
||||
echo "Detected services with changed images:"
|
||||
cat service_changes.txt || true
|
||||
|
||||
# Prepare multiline output for GitHub Actions
|
||||
echo "docker_svc_list<<EOF" >> "$GITHUB_OUTPUT"
|
||||
sort -u service_changes.txt >> "$GITHUB_OUTPUT"
|
||||
echo "EOF" >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: List of Services for (Re)Deployment
|
||||
run: |
|
||||
echo -e "${{ steps.services.outputs.docker_svc_list }}"
|
||||
|
||||
- name: Login to Docker Hub
|
||||
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
||||
env:
|
||||
DOCKER_HOST: tcp://192.168.1.241:2375
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USER }}
|
||||
password: ${{ secrets.DOCKERHUB_PASSWORD }}
|
||||
|
||||
- name: Login to GitHub Container Registry
|
||||
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
||||
env:
|
||||
DOCKER_HOST: tcp://192.168.1.241:2375
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ secrets.GHCR_USER }}
|
||||
password: ${{ secrets.GHCR_LOGIN_TOKEN }}
|
||||
|
||||
- name: Login to Private Gitea Registry
|
||||
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
||||
env:
|
||||
DOCKER_HOST: tcp://192.168.1.241:2375
|
||||
with:
|
||||
registry: git.trez.wtf
|
||||
username: ${{ secrets.BOT_GITEA_USER }}
|
||||
password: ${{ secrets.BOT_GITEA_PASSWORD }}
|
||||
|
||||
- name: Gotify Notification
|
||||
uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4
|
||||
with:
|
||||
gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
|
||||
gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
|
||||
notification_title: "GITEA: [RENOVATE] Docker Compose Deployment @ Benedikta"
|
||||
notification_message: "Starting Docker Compose run..."
|
||||
|
||||
- name: Generate .env from Hashicorp Vault
|
||||
uses: https://git.trez.wtf/Trez/hc-vault-env@main
|
||||
with:
|
||||
HC_VAULT_VERSION: ${{ env.HC_VAULT_VERSION }}
|
||||
HC_VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }}
|
||||
HC_VAULT_AUTH: token
|
||||
HC_VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
|
||||
HC_VAULT_SECRETS_PATH: benedikta-docker/env
|
||||
|
||||
- name: Docker Compose Deployment
|
||||
uses: cssnr/stack-deploy-action@28c3c6f42b225af7100652b459621c0c966fd901 # v1.5.0
|
||||
with:
|
||||
mode: compose
|
||||
file: ${{ steps.compose_file_list.outputs.compose_list }}
|
||||
name: "benedikta"
|
||||
host: 192.168.1.250
|
||||
user: charish
|
||||
ssh_key: ${{ secrets.RUNNER_SSH_PRIVATE_KEY }}
|
||||
args: --remove-orphans ${{ steps.services.outputs.docker_svc_list }}
|
||||
env_file: ".env"
|
||||
summary: true
|
||||
|
||||
- name: Gotify Notification
|
||||
uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4
|
||||
with:
|
||||
gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
|
||||
gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
|
||||
notification_title: "GITEA: [RENOVATE] Docker Compose Deployment @ Benedikta"
|
||||
notification_message: "Deployment completed successfully."
|
||||
Reference in New Issue
Block a user