name: Gitea Branch PR & Docker Deployment on: workflow_dispatch: push: branches-ignore: - "main" paths: - "**/docker-compose.yml" env: HC_VAULT_VERSION: "1.21.4" TEA_VERSION: "0.14.0" jobs: check-and-create-pr: if: github.ref != 'refs/heads/main' name: Check and Create PR runs-on: ubuntu-latest steps: - name: Checkout Code uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: fetch-depth: 1 - name: Gotify Notification uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4 with: gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}" gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}" notification_title: "GITEA: PR Check @ Benedikta" notification_message: "Checking for existing PR... 🔍" - name: PR Check/Creation uses: https://git.trez.wtf/Trez/gitea-auto-pr@main with: url: ${{ secrets.TREZ_GITEA_URL }} token: ${{ secrets.BOT_GITEA_TOKEN }} pr-label: docker-compose,manual assignee: ${{ github.actor }} - name: Gotify Notification uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4 with: gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}" gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}" notification_title: "GITEA: PR Check @ Benedikta" notification_message: "PR Check done 🎟️" generate-service-list: name: Generate list of added/modified/deleted services runs-on: ubuntu-latest needs: [check-and-create-pr] outputs: svc_deploy_list: ${{ steps.detect_services.outputs.docker_svc_list }} steps: - name: Checkout uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Fetch base branch run: | git fetch origin ${{ github.event.pull_request.base.ref }} - name: Gotify Notification uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4 with: gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}" gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}" notification_title: "GITEA: Services TBD" notification_message: "Generating list of services to deploy..." - name: Save both versions of docker-compose.yml run: | git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml cp docker-compose.yml docker-compose-head.yml - name: Detect added, deleted, and modified services id: detect_services run: | echo "Getting services from main and ${{ github.ref_name }}" yq '.services | keys | .[]' docker-compose-main.yml | sort > services_main.txt yq '.services | keys | .[]' docker-compose-head.yml | sort > services_head.txt echo "Creating list of modified services..." touch service_changes.txt comm -13 services_main.txt services_head.txt | while read service; do echo "$service: added" >> service_changes.txt done comm -12 services_main.txt services_head.txt | while read service; do yq ".services[\"$service\"]" docker-compose-main.yml > tmp_main.yml yq ".services[\"$service\"]" docker-compose-head.yml > tmp_head.yml if ! diff -q tmp_main.yml tmp_head.yml > /dev/null; then echo "$service: modified" >> service_changes.txt fi done echo "Detected service changes:" cat service_changes.txt mod_svcs=$(cut -d':' -f1 service_changes.txt | sort | uniq | tr '\n' ' ' | sed 's/ *$//') echo "docker_svc_list<> "$GITHUB_OUTPUT" echo "$mod_svcs" >> "$GITHUB_OUTPUT" echo "EOF" >> "$GITHUB_OUTPUT" - name: List of Services for (Re)Deployment run: | echo -e "${{ steps.detect_services.outputs.docker_svc_list }}" docker-compose-dry-run: name: Docker Compose Dry Run needs: [generate-service-list] runs-on: ubuntu-latest outputs: compose_file_list: ${{ steps.compose_file_list.outputs.compose_list }} env: VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }} VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }} VAULT_NAMESPACE: "" REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }} DOCKER_SVC_LIST: ${{ needs.generate-service-list.outputs.svc_deploy_list }} steps: - name: Checkout uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Login to Docker Hub uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 env: DOCKER_HOST: tcp://192.168.1.241:2375 with: username: ${{ secrets.DOCKERHUB_USER }} password: ${{ secrets.DOCKERHUB_PASSWORD }} - name: Login to GitHub Container Registry uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 env: DOCKER_HOST: tcp://192.168.1.241:2375 with: registry: ghcr.io username: ${{ secrets.GHCR_USER }} password: ${{ secrets.GHCR_LOGIN_TOKEN }} - name: Login to Private Gitea Registry uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 env: DOCKER_HOST: tcp://192.168.1.241:2375 with: registry: git.trez.wtf username: ${{ secrets.BOT_GITEA_USER }} password: ${{ secrets.BOT_GITEA_PASSWORD }} - name: Gotify Notification uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4 with: gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}" gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}" notification_title: "GITEA: Docker Compose Dry Run @ Benedikta" notification_message: "Starting Docker Compose dry run..." - name: Get list of Compose files id: compose_file_list run: | compose_list=$(find . -type f -name "docker-compose*.yml" \ -a ! -name "*windows*" \ -a ! -name "*gui*" \ -a ! -name "*macos*" \ -a ! -name "*hivemind*" \ -a ! -name "*server*" \ | sed -e ':a;N;$!ba;s/[\r\n]/ /g') echo "compose_list=$compose_list" >> "$GITHUB_OUTPUT" echo "Compose files: $compose_list" - name: Generate .env from Hashicorp Vault uses: https://git.trez.wtf/Trez/hc-vault-env@main with: HC_VAULT_VERSION: ${{ env.HC_VAULT_VERSION }} HC_VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }} HC_VAULT_AUTH: token HC_VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }} HC_VAULT_SECRETS_PATH: benedikta-docker/env - name: Docker Compose Dry Run uses: cssnr/stack-deploy-action@28c3c6f42b225af7100652b459621c0c966fd901 # v1.5.0 with: mode: compose file: ${{ steps.compose_file_list.outputs.compose_list }} name: "benedikta" host: 192.168.1.241 user: charish ssh_key: ${{ secrets.RUNNER_SSH_PRIVATE_KEY }} args: --remove-orphans --dry-run ${{ needs.generate-service-list.outputs.svc_deploy_list }} env_file: ".env" summary: true - name: Gotify Notification uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4 with: gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}" gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}" notification_title: "GITEA: Docker Compose Dry Run @ Benedikta" notification_message: "Docker Compose dry run completed successfully." pr-merge: name: PR Merge needs: [generate-service-list, docker-compose-dry-run] runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Cache tea CLI id: cache-tea uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: /opt/hostedtoolcache/tea/${{ env.TEA_VERSION }}/x64 key: tea-${{ runner.os }}-${{ env.TEA_VERSION }} - name: Install tea uses: supplypike/setup-bin@8e3f88b4f143d9b5c3497f0fc12d45c83c123787 # v4.0.1 with: uri: https://gitea.com/gitea/tea/releases/download/v${{ env.TEA_VERSION }}/tea-${{ env.TEA_VERSION }}-linux-amd64 name: tea version: ${{ env.TEA_VERSION }} - name: PR Merge id: pr_merge run: | tea login add --name gitea-rinoa --url ${{ secrets.TREZ_GITEA_URL }} --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }} tea login default gitea-rinoa echo "Merging PR..." pr_index=$(tea pr ls --repo ${{ github.repository }} --state open --fields index,title,head,state --output csv | egrep ${{ github.ref_name }} | awk -F"," '{print $1}' | sed -e 's|"||g') tea pr m --repo ${{ github.repository }} --title "Auto Merge of PR ${pr_index} - ${{ github.ref_name }}" --message "Merged by ${{ github.actor }}" ${pr_index} echo "pr_index=${pr_index}" >> $GITHUB_OUTPUT - name: Gotify Notification uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4 with: gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}" gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}" notification_title: "GITEA: PR Merge Successful" notification_message: "PR #${{ steps.pr_merge.outputs.pr_index }} merged." docker-compose-deploy: name: Docker Compose Deployment runs-on: ubuntu-latest needs: [generate-service-list, docker-compose-dry-run, pr-merge] env: VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }} VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }} REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }} steps: - name: Checkout uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: ref: main - name: Login to Docker Hub uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 continue-on-error: true env: DOCKER_HOST: tcp://192.168.1.241:2375 with: username: ${{ secrets.DOCKERHUB_USER }} password: ${{ secrets.DOCKERHUB_PASSWORD }} - name: Login to GitHub Container Registry uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 continue-on-error: true env: DOCKER_HOST: tcp://192.168.1.241:2375 with: registry: ghcr.io username: ${{ secrets.GHCR_USER }} password: ${{ secrets.GHCR_LOGIN_TOKEN }} - name: Login to Private Gitea Registry uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 continue-on-error: true env: DOCKER_HOST: tcp://192.168.1.241:2375 with: registry: git.trez.wtf username: ${{ secrets.BOT_GITEA_USER }} password: ${{ secrets.BOT_GITEA_PASSWORD }} - name: Gotify Notification uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4 with: gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}" gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}" notification_title: "GITEA: Docker Compose Deployment @ Benedikta" notification_message: "Starting Docker Compose run..." - name: Generate .env from Hashicorp Vault uses: https://git.trez.wtf/Trez/hc-vault-env@main with: HC_VAULT_VERSION: ${{ env.HC_VAULT_VERSION }} HC_VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }} HC_VAULT_AUTH: token HC_VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }} HC_VAULT_SECRETS_PATH: benedikta-docker/env - name: Docker Compose Deployment uses: cssnr/stack-deploy-action@28c3c6f42b225af7100652b459621c0c966fd901 # v1.5.0 with: mode: compose file: ${{ needs.docker-compose-dry-run.outputs.compose_file_list }} name: "benedikta" host: 192.168.1.241 user: charish ssh_key: ${{ secrets.RUNNER_SSH_PRIVATE_KEY }} args: --remove-orphans ${{ needs.generate-service-list.outputs.svc_deploy_list }} env_file: ".env" summary: true - name: Gotify Notification uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4 with: gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}" gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}" notification_title: "GITEA: Docker Compose Deployment @ Benedikta" notification_message: "Deployment completed successfully."