Deployment workflow for Renovate-authored PRs.
Deploy Changed Services / deploy (pull_request) Has been skipped

This commit is contained in:
2025-09-18 19:39:02 -04:00
parent d32c1853c8
commit 0a0aff7007
2 changed files with 82 additions and 97 deletions
-29
View File
@@ -1,29 +0,0 @@
name: Check Renovate Updates
on:
pull_request:
branches:
- main
types: [opened, synchronize, reopened]
paths:
- 'docker-compose.yml'
jobs:
validate:
runs-on: ubuntu-latest
if: ${{ contains(toLower(github.event.pull_request.user.login), 'renovate') }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Validate docker-compose.yml
run: docker compose config
- name: Trigger Tar Valon Ansible Deploy
run: |
BRANCH="${GITHUB_REF_NAME}"
curl -X POST \
-H "Authorization: token ${{ secrets.BOT_GITEA_TOKEN }}" \
-H "Content-Type: application/json" \
"https://git.trez.wtf/api/v1/repos/Trez/rinoa-docker/actions/workflows/renovate-pr-deploy.yml/dispatches" \
-d "{\"ref\":\"${BRANCH}\"}"
+82 -68
View File
@@ -1,93 +1,107 @@
name: Deploy Renovate Updates name: Deploy Changed Services
on: on:
workflow_dispatch: pull_request:
# workflow_run: types: [closed]
# workflows: ["Check Renovate Updates"] branches:
# types: - main
# - completed
jobs: jobs:
deploy: deploy:
if: |
github.event.pull_request.merged == true &&
github.event.pull_request.user.login == 'renovate-bot'
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout repository - name: Check out code
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
fetch-depth: 0 # we need full history to compute merge-base
- name: Set up Docker - name: Detect Renovate update type
uses: docker/setup-buildx-action@v3 id: detect-update
- name: Log in to Docker (if needed)
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Install yq
run: | run: |
sudo wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq body="${{ github.event.pull_request.body }}"
sudo chmod +x /usr/bin/yq echo "PR body: $body"
- name: Get modified services including dependencies if echo "$body" | grep -qE 'Update\s+(patch|minor|major|digest)'; then
id: modified_services echo "update=true" >> $GITHUB_OUTPUT
run: | else
echo "Finding modified services in docker-compose.yml..." echo "update=false" >> $GITHUB_OUTPUT
# Find merge-base with previous main commit
BASE_COMMIT=$(git merge-base HEAD HEAD~1)
# Extract changed services between merge-base and HEAD
CHANGED_SERVICES=$(git diff --name-only $BASE_COMMIT HEAD -- docker-compose.yml \
| xargs -r -I{} yq e '.services | keys | .[]' {})
if [ -z "$CHANGED_SERVICES" ]; then
echo "No services changed, skipping."
exit 0
fi fi
declare -A VISITED - name: Stop if update not patch/minor/major/digest
ALL_DEPLOY=() if: steps.detect-update.outputs.update != 'true'
run: |
echo "::warning::This PR does not involve patch/minor/major/digest update. Skipping deployment."
exit 0
get_deps() { - name: Get changed services from docker-compose.yml
local service=$1 id: services
if [[ -n "${VISITED[$service]}" ]]; then run: |
return # Fetch previous commit to compare
fi git fetch origin ${{ github.event.before }} --depth=1
VISITED[$service]=1
ALL_DEPLOY+=("$service")
# Array style depends_on # Get all image names added/changed in docker-compose.yml
deps=$(yq e ".services.\"$service\".depends_on[]?" docker-compose.yml 2>/dev/null) images=$(git diff ${{ github.event.before }} ${{ github.sha }} -- docker-compose.yml \
for dep in $deps; do | grep -E '^\+.*image:' \
get_deps "$dep" | sed -E 's/.*image:[[:space:]]*//g' \
done | awk -F: '{print $1}' \
| sort -u)
# Mapping style depends_on (with condition) # Map images to service names using yq
deps_map=$(yq e ".services.\"$service\".depends_on | keys[]" docker-compose.yml 2>/dev/null) services=""
for dep in $deps_map; do for img in $images; do
get_deps "$dep" svc=$(yq e ".services | with_entries(select(.value.image | startswith(\"$img\"))) | keys | .[]" docker-compose.yml)
done services="$services $svc"
}
for svc in $CHANGED_SERVICES; do
get_deps "$svc"
done done
echo "Services to deploy: ${ALL_DEPLOY[@]}" # Deduplicate and trim
echo "modified_services=${ALL_DEPLOY[@]}" >> $GITHUB_ENV services=$(echo $services | tr ' ' '\n' | sort -u | xargs)
echo "services=$services" >> $GITHUB_OUTPUT
- name: Pull images for modified services - name: Pull images for modified services
if: env.modified_services != '' if: steps.services.outputs.services != ''
run: | run: |
echo "Pulling images for services: $modified_services" services="${{ steps.services.outputs.services }}"
for svc in $modified_services; do echo "Pulling images for services: $services"
for svc in $services; do
docker compose pull $svc || echo "Failed to pull $svc, continuing..." docker compose pull $svc || echo "Failed to pull $svc, continuing..."
done done
- name: Deploy updated services - name: Docker Compose Deployment
if: env.modified_services != '' uses: hoverkraft-tech/compose-action@v2.2.0
env:
DOCKER_HOST: tcp://dockerproxy:2375
with:
services: |
${{ steps.services.outputs.services }}
up-flags: -d --remove-orphans
compose-flags: --profile rinoa-apps
- name: Docker Compose Healthcheck
uses: jaracogmbh/docker-compose-health-check-action@v1.0.0
with:
max-retries: 30
retry-interval: 10
compose-file: "docker-compose.yml"
skip-exited: "true"
skip-no-healthcheck: "true"
continue-on-error: true
id: health
- name: Deployment Summary
if: always()
run: | run: |
echo "Deploying services: $modified_services" echo "### 🚀 Renovate Patch Deployment Summary" >> $GITHUB_STEP_SUMMARY
docker compose up -d $modified_services
if [[ -z "${{ steps.services.outputs.services }}" ]]; then
echo "- No services changed in this patch update." >> $GITHUB_STEP_SUMMARY
exit 0
fi
echo "- Updated services: \`${{ steps.services.outputs.services }}\`" >> $GITHUB_STEP_SUMMARY
if [[ "${{ steps.health.outcome }}" == "success" ]]; then
echo "- ✅ All services passed health checks." >> $GITHUB_STEP_SUMMARY
else
echo "- ⚠️ Some services failed health checks. Check logs above for details." >> $GITHUB_STEP_SUMMARY
fi