Trez.One
8c550f1186
Gitea Branch PR & Docker Deployment / Check and Create PR (push) Successful in 20s
Gitea Branch PR & Docker Deployment / Generate list of added/modified/deleted services (push) Successful in 9s
Gitea Branch PR & Docker Deployment / Docker Compose Dry Run (push) Successful in 39s
Gitea Branch PR & Docker Deployment / PR Merge (push) Successful in 21s
Gitea Branch PR & Docker Deployment / Docker Compose Deployment (push) Successful in 33s
369 lines
14 KiB
YAML
369 lines
14 KiB
YAML
name: Gitea Branch PR & Docker Deployment
|
||
|
||
on:
|
||
workflow_dispatch:
|
||
push:
|
||
branches-ignore:
|
||
- 'main'
|
||
paths:
|
||
- 'docker-compose.misc.yml'
|
||
- 'compose/docker-compose*.yml'
|
||
- '**/pr-docker-deploy.yml'
|
||
|
||
env:
|
||
HC_VAULT_VERSION: '1.20.0'
|
||
TEA_VERSION: '0.10.1'
|
||
|
||
jobs:
|
||
check-and-create-pr:
|
||
if: github.ref != 'refs/heads/main'
|
||
name: Check and Create PR
|
||
runs-on: ubuntu-latest
|
||
steps:
|
||
- name: Checkout Code
|
||
uses: actions/checkout@v4
|
||
with:
|
||
fetch-depth: 1
|
||
|
||
- name: Cache tea CLI
|
||
id: cache-tea
|
||
uses: actions/cache@v4
|
||
with:
|
||
path: /opt/hostedtoolcache/tea/${{ env.TEA_VERSION }}/x64
|
||
key: tea-${{ runner.os }}-${{ env.TEA_VERSION }}
|
||
|
||
- name: Install tea
|
||
uses: supplypike/setup-bin@v4
|
||
with:
|
||
uri: https://gitea.com/gitea/tea/releases/download/v${{ env.TEA_VERSION }}/tea-${{ env.TEA_VERSION }}-linux-amd64
|
||
name: tea
|
||
version: ${{ env.TEA_VERSION }}
|
||
|
||
- name: Gotify Notification
|
||
uses: eikendev/gotify-action@master
|
||
with:
|
||
gotify_api_base: '${{ secrets.GOTIFY_URL }}'
|
||
gotify_app_token: '${{ secrets.RUNNER_GOTIFY_TOKEN }}'
|
||
notification_title: 'GITEA: PR Check'
|
||
notification_message: 'Checking for existing PR... 🔍'
|
||
|
||
- name: Check if open PR exists
|
||
id: check-opened-pr-step
|
||
continue-on-error: true
|
||
run: |
|
||
tea login add --name gitea-rinoa --url "${{ secrets.BDIKTA_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
|
||
pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep '\[DOCKER\].*${{ github.ref_name }}' | tail -1 | wc -l)
|
||
echo "exists=$pr_exists" >> $GITHUB_OUTPUT
|
||
|
||
- name: Create PR
|
||
if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }}
|
||
run: |
|
||
tea login default gitea-rinoa
|
||
pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
|
||
pr_index_new=$(expr ${pr_index_old} + 1)
|
||
tea pr c -r ${{ github.repository }} -t "[DOCKER] Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Docker Compose"
|
||
|
||
- name: Gotify Notification
|
||
uses: eikendev/gotify-action@master
|
||
with:
|
||
gotify_api_base: '${{ secrets.GOTIFY_URL }}'
|
||
gotify_app_token: '${{ secrets.RUNNER_GOTIFY_TOKEN }}'
|
||
notification_title: 'GITEA: PR Check'
|
||
notification_message: 'PR Created 🎟️'
|
||
|
||
generate-service-list:
|
||
name: Generate list of added/modified/deleted services
|
||
runs-on: ubuntu-latest
|
||
needs: [check-and-create-pr]
|
||
outputs:
|
||
svc_deploy_list: ${{ steps.detect_services.outputs.docker_svc_list }}
|
||
steps:
|
||
|
||
- name: Checkout
|
||
uses: actions/checkout@v4
|
||
|
||
- name: Fetch base branch
|
||
run: |
|
||
git fetch origin ${{ github.event.pull_request.base.ref }}
|
||
|
||
- name: Gotify Notification
|
||
uses: eikendev/gotify-action@master
|
||
with:
|
||
gotify_api_base: '${{ secrets.GOTIFY_URL }}'
|
||
gotify_app_token: '${{ secrets.RUNNER_GOTIFY_TOKEN }}'
|
||
notification_title: 'GITEA: Services TBD'
|
||
notification_message: 'Generating list of services to deploy...'
|
||
|
||
- name: Detect added, deleted, and modified services
|
||
id: detect_services
|
||
run: |
|
||
echo "Getting services from main and ${{ github.ref_name }}"
|
||
|
||
# Dynamically find all docker-compose YAML files (root + compose folder)
|
||
COMPOSE_FILES=($(find . -maxdepth 2 -type f -name 'docker-compose*.yml' | sort))
|
||
|
||
echo "Found Compose files:"
|
||
printf '%s\n' "${COMPOSE_FILES[@]}"
|
||
|
||
# Temp files to store all services
|
||
touch services_main_all.txt services_head_all.txt
|
||
|
||
for f in "${COMPOSE_FILES[@]}"; do
|
||
echo "Processing $f"
|
||
|
||
# Create a safe filename by replacing slashes with underscores
|
||
safe_f=$(echo "$f" | sed 's|[./]|_|g')
|
||
|
||
# Fetch main version
|
||
git show origin/main:"$f" > "main_${safe_f}" 2>/dev/null || touch "main_${safe_f}"
|
||
cp "$f" "head_${safe_f}"
|
||
|
||
# Extract services and append to global list
|
||
yq '.services | keys | .[]' "main_${safe_f}" >> services_main_all.txt 2>/dev/null || true
|
||
yq '.services | keys | .[]' "head_${safe_f}" >> services_head_all.txt 2>/dev/null || true
|
||
done
|
||
|
||
# Sort and deduplicate
|
||
sort -u services_main_all.txt -o services_main_all.txt
|
||
sort -u services_head_all.txt -o services_head_all.txt
|
||
|
||
echo "Creating list of modified services..."
|
||
touch service_changes.txt
|
||
|
||
# Added services
|
||
comm -13 services_main_all.txt services_head_all.txt | while read service; do
|
||
echo "$service: added" >> service_changes.txt
|
||
done
|
||
|
||
# Modified services (parallelized)
|
||
comm -12 services_main_all.txt services_head_all.txt | xargs -n1 -P4 -I{} bash -c '
|
||
service="{}"
|
||
modified=0
|
||
for f in "${COMPOSE_FILES[@]}"; do
|
||
safe_f=$(echo "$f" | sed "s|[./]|_|g")
|
||
yq ".services[\"$service\"]" "main_${safe_f}" > tmp_main.yml 2>/dev/null || continue
|
||
yq ".services[\"$service\"]" "head_${safe_f}" > tmp_head.yml 2>/dev/null || continue
|
||
if ! diff -q tmp_main.yml tmp_head.yml > /dev/null; then
|
||
modified=1
|
||
break
|
||
fi
|
||
done
|
||
if [[ $modified -eq 1 ]]; then
|
||
echo "$service: modified" >> service_changes.txt
|
||
fi
|
||
'
|
||
|
||
echo "Detected service changes:"
|
||
cat service_changes.txt
|
||
|
||
if [[ -z $(cat service_changes.txt) ]]; then
|
||
echo "watchtower" > service_changes.txt
|
||
echo "Placeholder:"
|
||
cat service_changes.txt
|
||
fi
|
||
|
||
mod_svcs=$(cut -d':' -f1 service_changes.txt | sort | uniq | tr '\n' ' ' | sed 's/ *$//')
|
||
echo "docker_svc_list<<EOF" >> "$GITHUB_OUTPUT"
|
||
echo "$mod_svcs" >> "$GITHUB_OUTPUT"
|
||
echo "EOF" >> "$GITHUB_OUTPUT"
|
||
|
||
- name: List of Services for (Re)Deployment
|
||
run: |
|
||
echo -e "${{ steps.detect_services.outputs.docker_svc_list }}"
|
||
|
||
docker-compose-dry-run:
|
||
name: Docker Compose Dry Run
|
||
needs: [generate-service-list]
|
||
runs-on: ubuntu-latest
|
||
outputs:
|
||
compose_file_list: ${{ steps.compose_file_list.outputs.compose_list }}
|
||
env:
|
||
VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
|
||
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
|
||
VAULT_NAMESPACE: ""
|
||
REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }}
|
||
DOCKER_SVC_LIST: ${{ needs.generate-service-list.outputs.svc_deploy_list }}
|
||
|
||
steps:
|
||
- name: Checkout
|
||
uses: actions/checkout@v4
|
||
|
||
- name: Show Docker‑related env vars
|
||
run: |
|
||
env | grep '^DOCKER_' || true
|
||
|
||
- name: Login to Gitea Container Registry
|
||
run: |
|
||
docker login -u gitea-sonarqube-bot -p ${REGISTRY_PASSWORD} git.trez.wtf
|
||
|
||
- name: Cache Vault install
|
||
id: cache-vault
|
||
uses: actions/cache@v4
|
||
with:
|
||
path: /opt/hostedtoolcache/vault/${{ env.HC_VAULT_VERSION }}/x64
|
||
key: vault-${{ runner.os }}-${{ env.HC_VAULT_VERSION }}
|
||
|
||
- name: Install Vault (only if not cached)
|
||
if: steps.cache-vault.outputs.cache-hit != 'true'
|
||
uses: cpanato/vault-installer@main
|
||
with:
|
||
version: ${{ env.HC_VAULT_VERSION }}
|
||
|
||
- name: Gotify Notification
|
||
uses: eikendev/gotify-action@master
|
||
with:
|
||
gotify_api_base: '${{ secrets.GOTIFY_URL }}'
|
||
gotify_app_token: '${{ secrets.RUNNER_GOTIFY_TOKEN }}'
|
||
notification_title: 'GITEA: Docker Compose Dry Run @ Benedikta'
|
||
notification_message: 'Starting Docker Compose dry run...'
|
||
|
||
- name: Generate .env file for Docker Compose
|
||
run: |
|
||
vault kv get -format=json benedikta-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
|
||
|
||
- name: Get list of Compose files
|
||
id: compose_file_list
|
||
run: |
|
||
compose_list=$(find . -type f -name "docker-compose*.yml" \
|
||
-a ! -name "*windows*" \
|
||
-a ! -name "*gui*" \
|
||
-a ! -name "*macos*" \
|
||
-a ! -name "*hivemind*" \
|
||
-a ! -name "*server*" \
|
||
| sed -e ':a;N;$!ba;s/[\r\n]/ /g')
|
||
|
||
echo "compose_list=$compose_list" >> "$GITHUB_OUTPUT"
|
||
echo "Compose files: $compose_list"
|
||
|
||
- name: Docker Compose Dry Run
|
||
uses: cssnr/stack-deploy-action@v1.4.0
|
||
with:
|
||
mode: compose
|
||
file: ${{ steps.compose_file_list.outputs.compose_list }}
|
||
name: 'ovosmisc'
|
||
host: 192.168.1.250
|
||
user: ovos
|
||
ssh_key: ${{ secrets.BDIKTA_GITEA_PRIVATE_SSH_KEY }}
|
||
args: --remove-orphans --dry-run ${{ needs.generate-service-list.outputs.svc_deploy_list }}
|
||
env_file: '.env'
|
||
registry_host: 'docker.io'
|
||
registry_user: ${{ secrets.DOCKER_HUB_USER }}
|
||
registry_pass: ${{ secrets.DOCKER_HUB_PASSWORD }}
|
||
summary: true
|
||
|
||
- name: Gotify Notification
|
||
uses: eikendev/gotify-action@master
|
||
with:
|
||
gotify_api_base: '${{ secrets.GOTIFY_URL }}'
|
||
gotify_app_token: '${{ secrets.RUNNER_GOTIFY_TOKEN }}'
|
||
notification_title: 'GITEA: Docker Compose Dry Run @ Benedikta'
|
||
notification_message: 'Docker Compose dry run completed successfully.'
|
||
|
||
pr-merge:
|
||
name: PR Merge
|
||
needs: [generate-service-list, docker-compose-dry-run]
|
||
runs-on: ubuntu-latest
|
||
steps:
|
||
- name: Checkout
|
||
uses: actions/checkout@v4
|
||
|
||
- name: Cache tea CLI
|
||
id: cache-tea
|
||
uses: actions/cache@v4
|
||
with:
|
||
path: /opt/hostedtoolcache/tea/${{ env.TEA_VERSION }}/x64
|
||
key: tea-${{ runner.os }}-${{ env.TEA_VERSION }}
|
||
|
||
- name: Install tea
|
||
uses: supplypike/setup-bin@v4
|
||
with:
|
||
uri: https://gitea.com/gitea/tea/releases/download/v${{ env.TEA_VERSION }}/tea-${{ env.TEA_VERSION }}-linux-amd64
|
||
name: tea
|
||
version: ${{ env.TEA_VERSION }}
|
||
|
||
- name: PR Merge
|
||
id: pr_merge
|
||
run: |
|
||
tea login add --name gitea-rinoa --url ${{ secrets.BDIKTA_GITEA_URL }} --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
|
||
tea login default gitea-rinoa
|
||
echo "Merging PR..."
|
||
pr_index=$(tea pr ls --repo ${{ github.repository }} --state open --fields index,title,head,state --output csv | egrep ${{ github.ref_name }} | awk -F"," '{print $1}' | sed -e 's|"||g')
|
||
tea pr m --repo ${{ github.repository }} --title "Auto Merge of PR ${pr_index} - ${{ github.ref_name }}" --message "Merged by ${{ github.actor }}" ${pr_index}
|
||
echo "pr_index=${pr_index}" >> $GITHUB_OUTPUT
|
||
|
||
- name: Gotify Notification
|
||
uses: eikendev/gotify-action@master
|
||
with:
|
||
gotify_api_base: '${{ secrets.GOTIFY_URL }}'
|
||
gotify_app_token: '${{ secrets.RUNNER_GOTIFY_TOKEN }}'
|
||
notification_title: 'GITEA: PR Merge Successful'
|
||
notification_message: 'PR #${{ steps.pr_merge.outputs.pr_index }} merged.'
|
||
|
||
docker-compose-deploy:
|
||
name: Docker Compose Deployment
|
||
runs-on: ubuntu-latest
|
||
needs: [generate-service-list, docker-compose-dry-run, pr-merge]
|
||
env:
|
||
VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
|
||
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
|
||
REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }}
|
||
steps:
|
||
- name: Checkout
|
||
uses: actions/checkout@v4
|
||
with:
|
||
ref: main
|
||
|
||
- name: Cache Vault install
|
||
id: cache-vault
|
||
uses: actions/cache@v4
|
||
with:
|
||
path: /opt/hostedtoolcache/vault/${{ env.HC_VAULT_VERSION }}/x64
|
||
key: vault-${{ runner.os }}-${{ env.HC_VAULT_VERSION }}
|
||
|
||
- name: Install Vault (only if not cached)
|
||
if: steps.cache-vault.outputs.cache-hit != 'true'
|
||
uses: cpanato/vault-installer@main
|
||
with:
|
||
version: ${{ env.HC_VAULT_VERSION }}
|
||
|
||
- name: Login to Gitea Container Registry
|
||
run: |
|
||
docker login -u gitea-sonarqube-bot -p ${REGISTRY_PASSWORD} git.trez.wtf
|
||
|
||
- name: Gotify Notification
|
||
uses: eikendev/gotify-action@master
|
||
with:
|
||
gotify_api_base: '${{ secrets.GOTIFY_URL }}'
|
||
gotify_app_token: '${{ secrets.RUNNER_GOTIFY_TOKEN }}'
|
||
notification_title: 'GITEA: Docker Compose Deployment @ Benedikta'
|
||
notification_message: 'Starting Docker Compose run...'
|
||
|
||
- name: Generate .env file for deployment
|
||
run: |
|
||
vault kv get -format=json benedikta-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
|
||
echo ${DOCKER_SVC_LIST}
|
||
echo ${COMPOSE_FILE_LIST}
|
||
|
||
- name: Docker Compose Deployment
|
||
uses: cssnr/stack-deploy-action@v1.4.0
|
||
with:
|
||
mode: compose
|
||
file: ${{ needs.docker-compose-dry-run.outputs.compose_file_list }}
|
||
name: 'ovosmisc'
|
||
host: 192.168.1.250
|
||
user: ovos
|
||
ssh_key: ${{ secrets.BDIKTA_GITEA_PRIVATE_SSH_KEY }}
|
||
args: --remove-orphans ${{ needs.generate-service-list.outputs.svc_deploy_list }}
|
||
env_file: '.env'
|
||
# registry_host: 'ghcr.io'
|
||
# registry_user: TrezOne
|
||
# registry_pass: ${{ secrets.GHCR_LOGIN_TOKEN }}
|
||
summary: true
|
||
|
||
- name: Gotify Notification
|
||
uses: eikendev/gotify-action@master
|
||
with:
|
||
gotify_api_base: '${{ secrets.GOTIFY_URL }}'
|
||
gotify_app_token: '${{ secrets.RUNNER_GOTIFY_TOKEN }}'
|
||
notification_title: 'GITEA: Docker Compose Deployment @ Benedikta'
|
||
notification_message: 'Deployment completed successfully.' |