178 lines
6.5 KiB
YAML
178 lines
6.5 KiB
YAML
name: Renovate PR Deployment
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
pull_request:
|
|
types: [closed]
|
|
branches:
|
|
- main
|
|
paths:
|
|
- "**/docker-compose*.yml"
|
|
|
|
env:
|
|
VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }}
|
|
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
|
|
HC_VAULT_VERSION: "1.21.1"
|
|
|
|
jobs:
|
|
deploy:
|
|
name: Renovate PR Deployment
|
|
if: |
|
|
github.event.pull_request.merged == true &&
|
|
github.event.pull_request.user.login == 'renovate-bot'
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Check out code
|
|
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Get changed services from all Compose files.
|
|
id: services
|
|
run: |
|
|
echo "Getting services from main and ${{ github.ref_name }}"
|
|
|
|
# Dynamically find all docker-compose YAML files (root + compose folder)
|
|
COMPOSE_FILES=($(find . -type f -name 'docker-compose*.yml' | sort))
|
|
|
|
echo "Found Compose files:"
|
|
printf '%s\n' "${COMPOSE_FILES[@]}"
|
|
|
|
# Temp files to store all services
|
|
touch services_main_all.txt services_head_all.txt
|
|
|
|
for f in "${COMPOSE_FILES[@]}"; do
|
|
echo "Processing $f"
|
|
|
|
# Create a safe filename by replacing slashes with underscores
|
|
safe_f=$(echo "$f" | sed 's|[./]|_|g')
|
|
|
|
# Fetch main version
|
|
git show origin/main:"$f" > "main_${safe_f}" 2>/dev/null || touch "main_${safe_f}"
|
|
cp "$f" "head_${safe_f}"
|
|
|
|
# Extract services and append to global list
|
|
yq '.services | keys | .[]' "main_${safe_f}" >> services_main_all.txt 2>/dev/null || true
|
|
yq '.services | keys | .[]' "head_${safe_f}" >> services_head_all.txt 2>/dev/null || true
|
|
done
|
|
|
|
# Sort and deduplicate
|
|
sort -u services_main_all.txt -o services_main_all.txt
|
|
sort -u services_head_all.txt -o services_head_all.txt
|
|
|
|
echo "Creating list of modified services..."
|
|
touch service_changes.txt
|
|
|
|
# Added services
|
|
comm -13 services_main_all.txt services_head_all.txt | while read service; do
|
|
echo "$service: added" >> service_changes.txt
|
|
done
|
|
|
|
# Modified services (parallelized)
|
|
comm -12 services_main_all.txt services_head_all.txt | xargs -n1 -P4 -I{} bash -c '
|
|
service="{}"
|
|
modified=0
|
|
for f in "${COMPOSE_FILES[@]}"; do
|
|
safe_f=$(echo "$f" | sed "s|[./]|_|g")
|
|
yq ".services[\"$service\"]" "main_${safe_f}" > tmp_main.yml 2>/dev/null || continue
|
|
yq ".services[\"$service\"]" "head_${safe_f}" > tmp_head.yml 2>/dev/null || continue
|
|
if ! diff -q tmp_main.yml tmp_head.yml > /dev/null; then
|
|
modified=1
|
|
break
|
|
fi
|
|
done
|
|
if [[ $modified -eq 1 ]]; then
|
|
echo "$service: modified" >> service_changes.txt
|
|
fi
|
|
'
|
|
|
|
echo "Detected service changes:"
|
|
cat service_changes.txt
|
|
|
|
mod_svcs=$(cut -d':' -f1 service_changes.txt | sort | uniq | tr '\n' ' ' | sed 's/ *$//')
|
|
echo "docker_svc_list<<EOF" >> "$GITHUB_OUTPUT"
|
|
echo "$mod_svcs" >> "$GITHUB_OUTPUT"
|
|
echo "EOF" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: List of Services for (Re)Deployment
|
|
run: |
|
|
echo -e "${{ steps.services.outputs.docker_svc_list }}"
|
|
|
|
- name: Get list of Compose files
|
|
id: compose_file_list
|
|
run: |
|
|
compose_list=$(find . -type f -name "docker-compose*.yml" \
|
|
-a ! -name "*windows*" \
|
|
-a ! -name "*gui*" \
|
|
-a ! -name "*macos*" \
|
|
-a ! -name "*hivemind*" \
|
|
-a ! -name "*server*" \
|
|
| sed -e ':a;N;$!ba;s/[\r\n]/ /g')
|
|
|
|
echo "compose_list=$compose_list" >> "$GITHUB_OUTPUT"
|
|
echo "Compose files: $compose_list"
|
|
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
|
env:
|
|
DOCKER_HOST: tcp://192.168.1.252:2375
|
|
with:
|
|
username: ${{ secrets.DOCKERHUB_USER }}
|
|
password: ${{ secrets.DOCKERHUB_PASSWORD }}
|
|
|
|
- name: Login to GitHub Container Registry
|
|
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
|
env:
|
|
DOCKER_HOST: tcp://192.168.1.252:2375
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ secrets.GHCR_USER }}
|
|
password: ${{ secrets.GHCR_LOGIN_TOKEN }}
|
|
|
|
- name: Login to Private Gitea Registry
|
|
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
|
env:
|
|
DOCKER_HOST: tcp://192.168.1.252:2375
|
|
with:
|
|
registry: git.trez.wtf
|
|
username: ${{ secrets.BOT_GITEA_USER }}
|
|
password: ${{ secrets.BOT_GITEA_PASSWORD }}
|
|
|
|
- name: Gotify Notification
|
|
uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4
|
|
with:
|
|
gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
|
|
gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
|
|
notification_title: "GITEA: [RENOVATE] Docker Compose Deployment @ Benedikta"
|
|
notification_message: "Starting Docker Compose run..."
|
|
|
|
- name: Generate .env from Hashicorp Vault
|
|
uses: https://git.trez.wtf/Trez/hc-vault-env@main
|
|
with:
|
|
HC_VAULT_VERSION: ${{ env.HC_VAULT_VERSION }}
|
|
HC_VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }}
|
|
HC_VAULT_AUTH: token
|
|
HC_VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
|
|
HC_VAULT_SECRETS_PATH: benedikta-docker/env
|
|
|
|
- name: Docker Compose Deployment
|
|
uses: cssnr/stack-deploy-action@d58b92bcd776afc57ef12f55bafff71200fd218e # v1.4.0
|
|
with:
|
|
mode: compose
|
|
file: ${{ steps.compose_file_list.outputs.compose_list }}
|
|
name: "ovosmisc"
|
|
host: 192.168.1.250
|
|
user: ovos
|
|
ssh_key: ${{ secrets.RUNNER_SSH_PRIVATE_KEY }}
|
|
args: --remove-orphans ${{ steps.services.outputs.docker_svc_list }}
|
|
env_file: ".env"
|
|
summary: true
|
|
|
|
- name: Gotify Notification
|
|
uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4
|
|
with:
|
|
gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
|
|
gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
|
|
notification_title: "GITEA: [RENOVATE] Docker Compose Deployment @ Benedikta"
|
|
notification_message: "Deployment completed successfully."
|