renovate-bot
8075bbb7bb
Renovate Image Tag Deployment / Renovate PR Deployment (pull_request) Failing after 3m51s
173 lines
6.5 KiB
YAML
173 lines
6.5 KiB
YAML
name: Renovate Image Tag Deployment
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
pull_request:
|
|
types: [closed]
|
|
branches:
|
|
- main
|
|
paths:
|
|
- "**/docker-compose.yml"
|
|
|
|
env:
|
|
HC_VAULT_VERSION: "1.21.1"
|
|
VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }}
|
|
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
|
|
|
|
jobs:
|
|
deploy:
|
|
name: Renovate PR Deployment
|
|
if: |
|
|
github.event.pull_request.merged == true &&
|
|
github.event.pull_request.user.login == 'renovate-bot'
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout full repository
|
|
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
|
|
with:
|
|
fetch-depth: 0 # required so we can access main^1
|
|
|
|
- name: Save docker-compose.yml before merge (old)
|
|
run: |
|
|
git fetch origin main
|
|
if git ls-tree -r origin/main^1 --name-only | grep -q '^docker-compose.yml$'; then
|
|
git show origin/main^1:docker-compose.yml > docker-compose-old.yml
|
|
else
|
|
echo "services: {}" > docker-compose-old.yml
|
|
fi
|
|
|
|
- name: Save docker-compose.yml after merge (new)
|
|
run: |
|
|
git show origin/main:docker-compose.yml > docker-compose-new.yml
|
|
|
|
- name: Detect services with image tag/digest changes
|
|
id: detect_services
|
|
run: |
|
|
set -euo pipefail
|
|
|
|
echo "Flattening docker-compose files..."
|
|
yq eval '... comments=""' docker-compose-old.yml > docker-compose-old-flat.yml
|
|
yq eval '... comments=""' docker-compose-new.yml > docker-compose-new-flat.yml
|
|
|
|
echo "Getting service names..."
|
|
yq eval '.services | keys | .[]' docker-compose-old-flat.yml | sort > services_old.txt
|
|
yq eval '.services | keys | .[]' docker-compose-new-flat.yml | sort > services_new.txt
|
|
|
|
echo "Checking for image changes..."
|
|
: > service_changes.txt
|
|
|
|
comm -12 services_old.txt services_new.txt | while read service; do
|
|
old_image=$(yq eval-all --yaml-fix-merge-anchor-to-spec=true ".services[\"$service\"].image // \"\"" docker-compose-old-flat.yml)
|
|
new_image=$(yq eval-all --yaml-fix-merge-anchor-to-spec=true ".services[\"$service\"].image // \"\"" docker-compose-new-flat.yml)
|
|
|
|
if [ "$old_image" != "$new_image" ]; then
|
|
echo "$service" >> service_changes.txt
|
|
fi
|
|
done
|
|
|
|
echo "Detected services with changed images:"
|
|
cat service_changes.txt || echo "None"
|
|
|
|
changed_svcs=$(sort -u service_changes.txt | xargs || true)
|
|
if [ -z "$changed_svcs" ]; then
|
|
echo "No image tag/digest changes detected."
|
|
echo "docker_svc_list<<EOF" >> "$GITHUB_OUTPUT"
|
|
echo "" >> "$GITHUB_OUTPUT"
|
|
echo "EOF" >> "$GITHUB_OUTPUT"
|
|
exit 0
|
|
fi
|
|
|
|
echo "Collecting direct dependencies..."
|
|
deps_list=""
|
|
for svc in $changed_svcs; do
|
|
deps=$(yq -r ".services[\"$svc\"].depends_on | keys | .[]" docker-compose-new-flat.yml 2>/dev/null || true)
|
|
if [ -n "$deps" ]; then
|
|
echo "$svc depends on:"
|
|
echo "$deps"
|
|
deps_list="$deps_list $deps"
|
|
fi
|
|
done
|
|
|
|
# Combine changed services and their dependencies, deduplicate
|
|
all_svcs=$( (echo "$changed_svcs"; echo "$deps_list") | tr ' ' '\n' | sort -u )
|
|
|
|
echo "Final service list (including direct dependencies):"
|
|
echo "$all_svcs"
|
|
|
|
# Prepare multiline output for GitHub Actions
|
|
echo "docker_svc_list<<EOF" >> "$GITHUB_OUTPUT"
|
|
echo "$all_svcs" >> "$GITHUB_OUTPUT"
|
|
echo "EOF" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Stop if no image changes
|
|
if: steps.detect_services.outputs.docker_svc_list == ''
|
|
run: |
|
|
echo "No image tag/digest changes detected. Exiting."
|
|
exit 1
|
|
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
|
with:
|
|
username: ${{ secrets.DOCKERHUB_USER }}
|
|
password: ${{ secrets.DOCKERHUB_PASSWORD }}
|
|
|
|
- name: Login to GitHub Container Registry
|
|
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ secrets.GHCR_USER }}
|
|
password: ${{ secrets.GHCR_LOGIN_TOKEN }}
|
|
|
|
- name: Login to Private Gitea Registry
|
|
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
|
with:
|
|
registry: git.trez.wtf
|
|
username: ${{ secrets.BOT_GITEA_USER }}
|
|
password: ${{ secrets.BOT_GITEA_PASSWORD }}
|
|
|
|
- name: Gotify Notification (Start)
|
|
uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4
|
|
with:
|
|
gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
|
|
gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
|
|
notification_title: "GITEA: [RENOVATE] Docker Compose Deployment @ Rinoa"
|
|
notification_message: "Starting Docker Compose run..."
|
|
|
|
- name: Generate .env from Hashicorp Vault
|
|
uses: https://git.trez.wtf/Trez/hc-vault-env@main
|
|
with:
|
|
HC_VAULT_VERSION: ${{ env.HC_VAULT_VERSION }}
|
|
HC_VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }}
|
|
HC_VAULT_AUTH: token
|
|
HC_VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
|
|
HC_VAULT_SECRETS_PATH: rinoa-docker/env
|
|
|
|
- name: Docker Compose Deployment
|
|
uses: hoverkraft-tech/compose-action@248470ecc5ed40d8ed3d4480d8260d77179ef579 # v2.4.2
|
|
env:
|
|
DOCKER_HOST: tcp://dockerproxy:2375
|
|
with:
|
|
services: |
|
|
${{ steps.detect_services.outputs.docker_svc_list }}
|
|
up-flags: -d --remove-orphans
|
|
down-flags: --dry-run
|
|
services-log-level: debug
|
|
|
|
- name: Docker Compose Healthcheck
|
|
id: health
|
|
uses: jaracogmbh/docker-compose-health-check-action@973fbdccf7c8e396b652d3501984c8e530a9fa80 # v1.0.0
|
|
with:
|
|
max-retries: 30
|
|
retry-interval: 10
|
|
compose-file: "docker-compose.yml"
|
|
skip-exited: "true"
|
|
skip-no-healthcheck: "true"
|
|
|
|
- name: Gotify Notification (Finish)
|
|
uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4
|
|
with:
|
|
gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
|
|
gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
|
|
notification_title: "GITEA: [RENOVATE] Docker Compose Deployment @ Rinoa"
|
|
notification_message: "Deployment completed successfully."
|