From d32c1853c8f181b0e55369069e2377a43714c0ec Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Thu, 18 Sep 2025 12:35:28 -0400 Subject: [PATCH 1/2] WIP for Renovate flows. --- ...check-renovate.yml.hold => check-renovate.yml} | 9 +++++++++ ...-pr-deploy.yml.hold => renovate-pr-deploy.yml} | 15 +++++---------- 2 files changed, 14 insertions(+), 10 deletions(-) rename .gitea/workflows/{check-renovate.yml.hold => check-renovate.yml} (51%) rename .gitea/workflows/{renovate-pr-deploy.yml.hold => renovate-pr-deploy.yml} (91%) diff --git a/.gitea/workflows/check-renovate.yml.hold b/.gitea/workflows/check-renovate.yml similarity index 51% rename from .gitea/workflows/check-renovate.yml.hold rename to .gitea/workflows/check-renovate.yml index 1721d46b..d7985ec8 100644 --- a/.gitea/workflows/check-renovate.yml.hold +++ b/.gitea/workflows/check-renovate.yml @@ -18,3 +18,12 @@ jobs: - name: Validate docker-compose.yml run: docker compose config + + - name: Trigger Tar Valon Ansible Deploy + run: | + BRANCH="${GITHUB_REF_NAME}" + curl -X POST \ + -H "Authorization: token ${{ secrets.BOT_GITEA_TOKEN }}" \ + -H "Content-Type: application/json" \ + "https://git.trez.wtf/api/v1/repos/Trez/rinoa-docker/actions/workflows/renovate-pr-deploy.yml/dispatches" \ + -d "{\"ref\":\"${BRANCH}\"}" \ No newline at end of file diff --git a/.gitea/workflows/renovate-pr-deploy.yml.hold b/.gitea/workflows/renovate-pr-deploy.yml similarity index 91% rename from .gitea/workflows/renovate-pr-deploy.yml.hold rename to .gitea/workflows/renovate-pr-deploy.yml index eaea2af5..a5d71000 100644 --- a/.gitea/workflows/renovate-pr-deploy.yml.hold +++ b/.gitea/workflows/renovate-pr-deploy.yml @@ -1,20 +1,15 @@ name: Deploy Renovate Updates on: - workflow_run: - workflows: ["Check Renovate Updates"] - types: - - completed + workflow_dispatch: + # workflow_run: + # workflows: ["Check Renovate Updates"] + # types: + # - completed jobs: deploy: runs-on: ubuntu-latest - if: > - ${{ - github.event.workflow_run.conclusion == 'success' && - contains(toLower(github.event.workflow_run.head_commit.author.name), 'renovate') - }} - steps: - name: Checkout repository uses: actions/checkout@v4 -- 2.52.0 From 0a0aff70077635fe168eca4487741c074ec913a0 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Thu, 18 Sep 2025 19:39:02 -0400 Subject: [PATCH 2/2] Deployment workflow for Renovate-authored PRs. --- .gitea/workflows/check-renovate.yml | 29 ----- .gitea/workflows/renovate-pr-deploy.yml | 150 +++++++++++++----------- 2 files changed, 82 insertions(+), 97 deletions(-) delete mode 100644 .gitea/workflows/check-renovate.yml diff --git a/.gitea/workflows/check-renovate.yml b/.gitea/workflows/check-renovate.yml deleted file mode 100644 index d7985ec8..00000000 --- a/.gitea/workflows/check-renovate.yml +++ /dev/null @@ -1,29 +0,0 @@ -name: Check Renovate Updates - -on: - pull_request: - branches: - - main - types: [opened, synchronize, reopened] - paths: - - 'docker-compose.yml' - -jobs: - validate: - runs-on: ubuntu-latest - if: ${{ contains(toLower(github.event.pull_request.user.login), 'renovate') }} - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Validate docker-compose.yml - run: docker compose config - - - name: Trigger Tar Valon Ansible Deploy - run: | - BRANCH="${GITHUB_REF_NAME}" - curl -X POST \ - -H "Authorization: token ${{ secrets.BOT_GITEA_TOKEN }}" \ - -H "Content-Type: application/json" \ - "https://git.trez.wtf/api/v1/repos/Trez/rinoa-docker/actions/workflows/renovate-pr-deploy.yml/dispatches" \ - -d "{\"ref\":\"${BRANCH}\"}" \ No newline at end of file diff --git a/.gitea/workflows/renovate-pr-deploy.yml b/.gitea/workflows/renovate-pr-deploy.yml index a5d71000..c6f0d1d4 100644 --- a/.gitea/workflows/renovate-pr-deploy.yml +++ b/.gitea/workflows/renovate-pr-deploy.yml @@ -1,93 +1,107 @@ -name: Deploy Renovate Updates +name: Deploy Changed Services on: - workflow_dispatch: - # workflow_run: - # workflows: ["Check Renovate Updates"] - # types: - # - completed + pull_request: + types: [closed] + branches: + - main jobs: deploy: + if: | + github.event.pull_request.merged == true && + github.event.pull_request.user.login == 'renovate-bot' runs-on: ubuntu-latest steps: - - name: Checkout repository + - name: Check out code uses: actions/checkout@v4 - with: - fetch-depth: 0 # we need full history to compute merge-base - - name: Set up Docker - uses: docker/setup-buildx-action@v3 - - - name: Log in to Docker (if needed) - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - - name: Install yq + - name: Detect Renovate update type + id: detect-update run: | - sudo wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq - sudo chmod +x /usr/bin/yq + body="${{ github.event.pull_request.body }}" + echo "PR body: $body" - - name: Get modified services including dependencies - id: modified_services - run: | - echo "Finding modified services in docker-compose.yml..." - - # Find merge-base with previous main commit - BASE_COMMIT=$(git merge-base HEAD HEAD~1) - - # Extract changed services between merge-base and HEAD - CHANGED_SERVICES=$(git diff --name-only $BASE_COMMIT HEAD -- docker-compose.yml \ - | xargs -r -I{} yq e '.services | keys | .[]' {}) - - if [ -z "$CHANGED_SERVICES" ]; then - echo "No services changed, skipping." - exit 0 + if echo "$body" | grep -qE 'Update\s+(patch|minor|major|digest)'; then + echo "update=true" >> $GITHUB_OUTPUT + else + echo "update=false" >> $GITHUB_OUTPUT fi - declare -A VISITED - ALL_DEPLOY=() + - name: Stop if update not patch/minor/major/digest + if: steps.detect-update.outputs.update != 'true' + run: | + echo "::warning::This PR does not involve patch/minor/major/digest update. Skipping deployment." + exit 0 - get_deps() { - local service=$1 - if [[ -n "${VISITED[$service]}" ]]; then - return - fi - VISITED[$service]=1 - ALL_DEPLOY+=("$service") + - name: Get changed services from docker-compose.yml + id: services + run: | + # Fetch previous commit to compare + git fetch origin ${{ github.event.before }} --depth=1 - # Array style depends_on - deps=$(yq e ".services.\"$service\".depends_on[]?" docker-compose.yml 2>/dev/null) - for dep in $deps; do - get_deps "$dep" - done + # Get all image names added/changed in docker-compose.yml + images=$(git diff ${{ github.event.before }} ${{ github.sha }} -- docker-compose.yml \ + | grep -E '^\+.*image:' \ + | sed -E 's/.*image:[[:space:]]*//g' \ + | awk -F: '{print $1}' \ + | sort -u) - # Mapping style depends_on (with condition) - deps_map=$(yq e ".services.\"$service\".depends_on | keys[]" docker-compose.yml 2>/dev/null) - for dep in $deps_map; do - get_deps "$dep" - done - } - - for svc in $CHANGED_SERVICES; do - get_deps "$svc" + # Map images to service names using yq + services="" + for img in $images; do + svc=$(yq e ".services | with_entries(select(.value.image | startswith(\"$img\"))) | keys | .[]" docker-compose.yml) + services="$services $svc" done - echo "Services to deploy: ${ALL_DEPLOY[@]}" - echo "modified_services=${ALL_DEPLOY[@]}" >> $GITHUB_ENV + # Deduplicate and trim + services=$(echo $services | tr ' ' '\n' | sort -u | xargs) + echo "services=$services" >> $GITHUB_OUTPUT - name: Pull images for modified services - if: env.modified_services != '' + if: steps.services.outputs.services != '' run: | - echo "Pulling images for services: $modified_services" - for svc in $modified_services; do + services="${{ steps.services.outputs.services }}" + echo "Pulling images for services: $services" + for svc in $services; do docker compose pull $svc || echo "Failed to pull $svc, continuing..." done - - name: Deploy updated services - if: env.modified_services != '' + - name: Docker Compose Deployment + uses: hoverkraft-tech/compose-action@v2.2.0 + env: + DOCKER_HOST: tcp://dockerproxy:2375 + with: + services: | + ${{ steps.services.outputs.services }} + up-flags: -d --remove-orphans + compose-flags: --profile rinoa-apps + + - name: Docker Compose Healthcheck + uses: jaracogmbh/docker-compose-health-check-action@v1.0.0 + with: + max-retries: 30 + retry-interval: 10 + compose-file: "docker-compose.yml" + skip-exited: "true" + skip-no-healthcheck: "true" + continue-on-error: true + id: health + + - name: Deployment Summary + if: always() run: | - echo "Deploying services: $modified_services" - docker compose up -d $modified_services + echo "### 🚀 Renovate Patch Deployment Summary" >> $GITHUB_STEP_SUMMARY + + if [[ -z "${{ steps.services.outputs.services }}" ]]; then + echo "- No services changed in this patch update." >> $GITHUB_STEP_SUMMARY + exit 0 + fi + + echo "- Updated services: \`${{ steps.services.outputs.services }}\`" >> $GITHUB_STEP_SUMMARY + + if [[ "${{ steps.health.outcome }}" == "success" ]]; then + echo "- ✅ All services passed health checks." >> $GITHUB_STEP_SUMMARY + else + echo "- ⚠️ Some services failed health checks. Check logs above for details." >> $GITHUB_STEP_SUMMARY + fi -- 2.52.0