diff --git a/.gitea/workflows/deployment.yml b/.gitea/workflows/deployment.yml index ea77330b..6824075f 100644 --- a/.gitea/workflows/deployment.yml +++ b/.gitea/workflows/deployment.yml @@ -25,15 +25,13 @@ jobs: id: list-prs run: | tea login add --name gitea-rinoa --url ${{ secrets.RINOA_GITEA_URL }} --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }} - which tea - echo "List all PRs" - tea pr ls --repo ${{ github.repository }} --state all - echo "Check if PR exists for ${{ github.ref_name }}" - pr_state=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head,state --output csv | egrep ${{ gitea.ref_name }} | awk -F, '{print $4}' | sed -e 's|"||g') - echo "PR_STATE: ${pr_state}" - if [ ${pr_state} != open ]; then - tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }}" -d "Automated PR for ${{ github.ref_name }}" - elif [ ${pr_state} = open ]; then + tea login default gitea-rinoa + echo "Checking if PR exists for ${{ github.ref_name }}" + pr_state=$(tea pr ls --repo ${{ github.repository }} --state open --fields index,title,head,state --output csv | egrep ${{ gitea.ref_name }} | awk -F, '{print $4}' | sed -e 's|"||g') + if [ "${pr_state}" != 'open' ]; then + echo "PR does not exist, creating..." + tea pr c -r "${{ github.repository }}" -t "Automated PR for ${{ github.ref_name }}" -d "Automated PR for ${{ github.ref_name }}" + elif [ "${pr_state}" = 'open' ]; then echo "PR already exists, skipping creation..." fi @@ -43,7 +41,7 @@ jobs: runs-on: ubuntu-latest env: VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }} - VAULT_TOKEN: ${{ secrets.RINOA_VAULT_TOKEN }} + VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }} steps: - name: Checkout uses: actions/checkout@v4 @@ -58,7 +56,7 @@ jobs: - name: Generate .env file for linting run: | - vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env + vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env - name: Docker Compose Lint uses: yu-ichiro/spin-up-docker-compose-action@v1 @@ -129,6 +127,8 @@ jobs: name: Update README runs-on: ubuntu-latest needs: [cloudflare-dns-setup] + outputs: + pr-pushed: ${{ steps.commit-readme.outputs.pushed }} steps: - name: Checkout uses: actions/checkout@v4 @@ -147,17 +147,26 @@ jobs: file: ./services.yml - name: Regenerate README - uses: gnpaone/dynamic-update-readme@v1.0.2 - with: - marker_text: "SERVICES_LIST" - markdown_text: | - ${{ steps.service-table.outputs.table }} + run: | + echo "# List of Services" > README.md + echo -e "\n\n" >> README.md + echo "${{ steps.service-table.outputs.table }}" >> README.md - deployment-trigger: - name: Deployment Trigger - needs: [generate-readme, docker-compose-test, regenerate-readme] + - name: Add/Commit README.md + id: commit-readme + uses: EndBug/add-and-commit@v9 + with: + message: "chore: Update README" + add: "README.md" + + pr-merge: + name: PR Merge + needs: [regenerate-readme] runs-on: ubuntu-latest steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Install tea uses: supplypike/setup-bin@v4 with: @@ -166,57 +175,45 @@ jobs: version: '0.9.2' - name: PR Merge + id: pr_merge run: | tea login add --name gitea-rinoa --url ${{ secrets.RINOA_GITEA_URL }} --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }} - tea pr ls --repo ${{ github.repository }} --state all + tea login default gitea-rinoa pr_index=$(tea pr ls --repo ${{ github.repository }} --state open --fields index,title,head,state --output csv | egrep ${{ gitea.ref_name }} | awk -F, '{print $1}' | sed -e 's|"||g') tea pr m --repo ${{ github.repository }} --title "Auto Merge of PR #${pr_index} - ${{ gitea.ref_name }}" --message "Merged by ${{ gitea.actor }}" --output table ${pr_index} - echo "PR_INDEX=${pr_index}" >> $GITHUB_OUPUT - - - name: Gotify Notification - uses: eikendev/gotify-action@master + echo "pr_index=${pr_index}" >> $GITHUB_OUTPUT + + - name: Wait for PR to be merged + run: | + while true; do + pr_state=$(tea pr ls --repo ${{ github.repository }} --state merged --fields index,title,head,state --output csv | egrep ${{ github.ref_name }} | awk -F, '{print $4}' | sed -e 's|"||g') + if [ "${pr_state}" == "merged" ]; then + break + + docker-compose-deploy: + name: Deploy via Docker Compose + runs-on: ubuntu-latest + needs: [pr-merge] + env: + VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }} + VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }} + DOCKER_HOST: tcp://dockerproxy:2375 + steps: + - name: Checkout + uses: actions/checkout@v4 with: - gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}' - gotify_app_token: '${{ secrets.RINOA_GOTIFY_TOKEN }}' - notification_title: 'Ready to Deploy' - notification_message: 'Ready to deploy: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}/jobs/${{ github.job }}' + ref: main - - name: Trigger Deployment - id: deploy-trigger - uses: macnev2013/manual-approval@v1.0.18 - with: - secret: ${{ github.TOKEN }} - approvers: Trez.One - minimum-approvals: 1 - approval-wait: 600 - issue-title: 'Manual Approval for #${pr_index} - ${{ gitea.ref_name }}' - issue-body: | - "Autobots, roll out!" + - name: Install Vault + uses: cpanato/vault-installer@main - # docker-compose-deploy: - # name: Merge and Deploy - # runs-on: ubuntu-latest - # needs: [deployment-trigger] - # env: - # VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }} - # VAULT_TOKEN: ${{ secrets.RINOA_VAULT_TOKEN }} - # steps: - # - name: Checkout - # uses: actions/checkout@v4 - # with: - # ref: main - - # - name: Install Vault - # uses: cpanato/vault-installer@main + - name: Generate .env file for deployment + run: | + vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env - # - name: Generate .env file for deployment - # run: | - # vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env - - # - name: Docker Compose Deployment - # uses: Autom3/docker-deployment-action@3.0.1 - # with: - # remote_docker_host: gitea-deploy@192.168.1.254 - # ssh_private_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }} - # ssh_public_key: ${{ secrets.RINOA_GITEA_PUBLIC_SSH_KEY }} - \ No newline at end of file + - name: Docker Compose Deployment + uses: Autom3/docker-deployment-action@3.0.1 + with: + remote_docker_host: gitea-deploy@192.168.1.254 + ssh_private_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }} + ssh_public_key: ${{ secrets.RINOA_GITEA_PUBLIC_SSH_KEY }} diff --git a/README.md b/README.md index 762e32c1..cb1e9cf3 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,7 @@ # List of Services -`~> yq '.services | to_entries | map({service: .key, image: .value.image})' docker-compose.yml` - + | Service | Image | | --- | --- | | actual_server | docker.io/actualbudget/actual-server:latest | @@ -60,12 +59,12 @@ | it-tools | ghcr.io/corentinth/it-tools:latest | | jellyfin | jellyfin/jellyfin | | jitsi-etherpad | etherpad/etherpad:1.8.6 | -| jitsi-jibri | jitsi/jibri:${JITSI_IMAGE_VERSION:-stable} | -| jitsi-jicofo | jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable} | -| jitsi-jigasi | jitsi/jigasi:${JITSI_IMAGE_VERSION:-stable} | -| jitsi-jvb | jitsi/jvb:${JITSI_IMAGE_VERSION:-stable} | -| jitsi-prosody | jitsi/prosody:${JITSI_IMAGE_VERSION:-stable} | -| jitsi-web | jitsi/web:${JITSI_IMAGE_VERSION:-stable} | +| jitsi-jibri | jitsi/jibri:stable | +| jitsi-jicofo | jitsi/jicofo:stable | +| jitsi-jigasi | jitsi/jigasi:stable | +| jitsi-jvb | jitsi/jvb:stable | +| jitsi-prosody | jitsi/prosody:stable | +| jitsi-web | jitsi/web:stable | | joplin-db | postgres:17-alpine | | joplin | joplin/server:latest | | komodo-core | ghcr.io/mbecker20/komodo:latest | @@ -136,25 +135,23 @@ | wallos | bellamy/wallos:latest | | watchtower | ghcr.io/containrrr/watchtower:latest | | wazuh.agent | opennix/wazuh-agent:latest | -| wazuh.dashboard | wazuh/wazuh-dashboard:${WAZUH_VERSION} | -| wazuh.indexer | wazuh/wazuh-indexer:${WAZUH_VERSION} | -| wazuh.manager | wazuh/wazuh-manager:${WAZUH_VERSION} | +| wazuh.dashboard | wazuh/wazuh-dashboard: | +| wazuh.indexer | wazuh/wazuh-indexer: | +| wazuh.manager | wazuh/wazuh-manager: | | web-check | lissy93/web-check | | whodb | clidey/whodb | | your_spotify | lscr.io/linuxserver/your_spotify:latest | | youtubedl | nbr23/youtube-dl-server:latest | -| zammad-backup | postgres:${ZAMMAD_POSTGRES_VERSION} | -| zammad-elasticsearch | bitnami/elasticsearch:${ZAMMAD_ELASTICSEARCH_VERSION} | -| zammad-init | ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION} | -| zammad-memcached | memcached:${ZAMMAD_MEMCACHE_VERSION} | -| zammad-nginx | ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION} | -| zammad-postgresql | postgres:${ZAMMAD_POSTGRES_VERSION} | -| zammad-railsserver | ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION} | -| zammad-redis | redis:${ZAMMAD_REDIS_VERSION} | -| zammad-scheduler | ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION} | -| zammad-websocket | ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION} | +| zammad-backup | postgres: | +| zammad-elasticsearch | bitnami/elasticsearch: | +| zammad-init | : | +| zammad-memcached | memcached: | +| zammad-nginx | : | +| zammad-postgresql | postgres: | +| zammad-railsserver | : | +| zammad-redis | redis: | +| zammad-scheduler | : | +| zammad-websocket | : | | zitadel | ghcr.io/zitadel/zitadel:latest | | zitadel-pg-db | postgres:16-alpine | - - \ No newline at end of file