From 81a5fb1fca12364d9ab57b98ec6a7eafcd80f44d Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 16 Jun 2025 08:47:00 -0400 Subject: [PATCH 1/7] Testing out new Docker Compose action. --- .../workflows/pr-cloudflare-docker-deploy.yml | 36 ++++++++++++------- 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index 7bdc714f..30e3c145 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -133,22 +133,32 @@ jobs: - name: Testing service list output run: | echo ${{ steps.modded_svcs.outputs.rinoa_svcs }} + # - name: Docker Compose Dry Run + # timeout-minutes: 360 + # continue-on-error: true + # uses: chaplyk/docker-compose-remote-action@v1.1 + # with: + # ssh_host: 192.168.1.254 + # ssh_port: 22 + # ssh_user: gitea-deploy + # ssh_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }} + # service: ${{ steps.modded_svcs.outputs.rinoa_svcs }} + # compose_file: docker-compose.yml + # pull: false + # build: false + # options: -d --remove-orphans + # env: + # DOCKER_HOST: tcp://dockerproxy:2375 - name: Docker Compose Dry Run - timeout-minutes: 360 - continue-on-error: true - uses: chaplyk/docker-compose-remote-action@v1.1 - with: - ssh_host: 192.168.1.254 - ssh_port: 22 - ssh_user: gitea-deploy - ssh_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }} - service: ${{ steps.modded_svcs.outputs.rinoa_svcs }} - compose_file: docker-compose.yml - pull: false - build: false - options: -d --remove-orphans + uses: hoverkraft-tech/compose-action@v2.2.0 env: DOCKER_HOST: tcp://dockerproxy:2375 + with: + docker-flags: -H ${DOCKER_HOST} + services: ${{ steps.modded_svcs.outputs.rinoa_svcs }} + up-flags: -d --remove-orphans --dry-run + down-flags: --dry-run + compose-flags: --dry-run - name: Gotify Notification uses: eikendev/gotify-action@master with: -- 2.52.0 From 466811c167f94a8a115eb000ac9da4501e2ae15c Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 16 Jun 2025 09:07:47 -0400 Subject: [PATCH 2/7] Env fix for test. --- .gitea/workflows/pr-cloudflare-docker-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index 30e3c145..f785da35 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -154,7 +154,7 @@ jobs: env: DOCKER_HOST: tcp://dockerproxy:2375 with: - docker-flags: -H ${DOCKER_HOST} + docker-flags: -H $DOCKER_HOST services: ${{ steps.modded_svcs.outputs.rinoa_svcs }} up-flags: -d --remove-orphans --dry-run down-flags: --dry-run -- 2.52.0 From 087c4df7d20b1fd80c5e2cff0fd377101c362037 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 16 Jun 2025 09:53:21 -0400 Subject: [PATCH 3/7] Breaking out service list generation to its own job. --- .../workflows/pr-cloudflare-docker-deploy.yml | 82 ++++++++----------- 1 file changed, 36 insertions(+), 46 deletions(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index f785da35..735b8ed9 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -58,26 +58,25 @@ jobs: gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}' notification_title: 'GITEA: PR Check' notification_message: 'PR Created 🎟️' - docker-compose-dry-run: - name: Docker Compose Dry Run - needs: [check-and-create-pr] + generate-service-list: + name: Generate list of added/modified/deleted services runs-on: ubuntu-latest - env: - VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }} - VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }} - VAULT_NAMESPACE: "" - RINOA_REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }} + needs: [check-and-create-pr] outputs: - svc_deploy_list: ${{ steps.modded_svcs.outputs.rinoa_svcs }} + svc_deploy_list: ${{ steps.detected_services.outputs.docker_svc_list }} steps: - name: Checkout uses: actions/checkout@v4 - name: Fetch base branch run: | git fetch origin ${{ github.event.pull_request.base.ref }} - - name: Login to Gitea Container Registry - run: | - docker login -u gitea-sonarqube-bot -p ${RINOA_REGISTRY_PASSWORD} git.trez.wtf + - name: Gotify Notification + uses: eikendev/gotify-action@master + with: + gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}' + gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}' + notification_title: 'GITEA: Services TBD' + notification_message: 'Generating list of services to deploy...' - name: Save both versions of docker-compose.yml run: | git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml @@ -107,8 +106,27 @@ jobs: echo "Detected service changes:" cat service_changes.txt - svc_list=$(paste -sd '|' service_changes.txt) - echo "classified_services=$svc_list" >> "$GITHUB_OUTPUT" + temp_svc_list=$(paste -sd '|' service_changes.txt) + mod_svcs=$(echo "${temp_svc_list}" | sed -e 's/|//g' -e 's/: \(add\|modifi\|delet\)ed/ /g') + echo "docker_svc_list=$mod_svcs" >> "$GITHUB_OUTPUT" + - name: Testing service list output + run: | + echo ${{ steps.detected_services.outputs.docker_svc_list }} + docker-compose-dry-run: + name: Docker Compose Dry Run + needs: [generate-service-list] + runs-on: ubuntu-latest + env: + VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }} + VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }} + VAULT_NAMESPACE: "" + RINOA_REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }} + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Login to Gitea Container Registry + run: | + docker login -u gitea-sonarqube-bot -p ${RINOA_REGISTRY_PASSWORD} git.trez.wtf - name: Install Vault uses: cpanato/vault-installer@main - name: Gotify Notification @@ -118,44 +136,16 @@ jobs: gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}' notification_title: 'GITEA: Docker Compose Dry Run @ Rinoa' notification_message: 'Starting Docker Compose dry run...' - - name: Cache .env Files - uses: actions/cache@v4 - with: - path: .env - key: ${{ runner.os }}-env-${{ hashFiles('docker-compose.yml') }} - - name: Generate modified services list & .env file for Docker Compose Dry Run - id: modded_svcs + - name: Generate .env file for Docker Compose run: | - mod_svcs=$(echo "${{ steps.detect_services.outputs.classified_services }}" | sed -e 's/|//g' -e 's/: \(add\|modifi\|delet\)ed/ /g') - echo ${mod_svcs} vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env - echo "rinoa_svcs=${mod_svcs}" >> "$GITHUB_OUTPUT" - - name: Testing service list output - run: | - echo ${{ steps.modded_svcs.outputs.rinoa_svcs }} - # - name: Docker Compose Dry Run - # timeout-minutes: 360 - # continue-on-error: true - # uses: chaplyk/docker-compose-remote-action@v1.1 - # with: - # ssh_host: 192.168.1.254 - # ssh_port: 22 - # ssh_user: gitea-deploy - # ssh_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }} - # service: ${{ steps.modded_svcs.outputs.rinoa_svcs }} - # compose_file: docker-compose.yml - # pull: false - # build: false - # options: -d --remove-orphans - # env: - # DOCKER_HOST: tcp://dockerproxy:2375 - name: Docker Compose Dry Run uses: hoverkraft-tech/compose-action@v2.2.0 env: DOCKER_HOST: tcp://dockerproxy:2375 with: docker-flags: -H $DOCKER_HOST - services: ${{ steps.modded_svcs.outputs.rinoa_svcs }} + services: ${{ needs.generate-service-list.outputs.svc_deploy_list }} up-flags: -d --remove-orphans --dry-run down-flags: --dry-run compose-flags: --dry-run @@ -168,7 +158,7 @@ jobs: notification_message: 'Docker Compose dry run completed successfully.' cloudflare-dns-setup: name: Cloudflare DNS Setup - needs: [docker-compose-ansible-lints] + needs: [docker-compose-dry-run] runs-on: ubuntu-latest steps: - name: Checkout @@ -309,7 +299,7 @@ jobs: docker-compose-deploy: name: Docker Compose Deployment runs-on: ubuntu-latest - needs: [docker-compose-dry-run, pr-merge] + needs: [generate-service-list, docker-compose-dry-run, pr-merge] env: VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }} VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }} -- 2.52.0 From cae134771011c1a2ade76b47053b86a3e6b3d108 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 16 Jun 2025 10:49:13 -0400 Subject: [PATCH 4/7] Adjusting Docker Compose actions. --- .../workflows/pr-cloudflare-docker-deploy.yml | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index 735b8ed9..db0545db 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -144,7 +144,7 @@ jobs: env: DOCKER_HOST: tcp://dockerproxy:2375 with: - docker-flags: -H $DOCKER_HOST + docker-flags: -H "$DOCKER_HOST" services: ${{ needs.generate-service-list.outputs.svc_deploy_list }} up-flags: -d --remove-orphans --dry-run down-flags: --dry-run @@ -333,21 +333,14 @@ jobs: run: | vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env - name: Docker Compose Deployment - timeout-minutes: 360 - continue-on-error: true - uses: chaplyk/docker-compose-remote-action@v1.1 + uses: hoverkraft-tech/compose-action@v2.2.0 env: DOCKER_HOST: tcp://dockerproxy:2375 with: - ssh_host: 192.168.1.254 - ssh_port: 22 - ssh_user: gitea-deploy - ssh_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }} - service: ${DOCKER_SVC_LIST} - compose_file: docker-compose.yml - pull: false - build: false - options: -d --remove-orphans + docker-flags: -H "$DOCKER_HOST" + services: ${{ needs.generate-service-list.outputs.svc_deploy_list }} + up-flags: -d --remove-orphans + down-flags: --dry-run - name: Gotify Notification uses: eikendev/gotify-action@master with: -- 2.52.0 From 683aae4c06084378b2f56443891cd95f4733e951 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 16 Jun 2025 17:43:45 -0400 Subject: [PATCH 5/7] Env fix for CrowdSec. --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index f5e947fc..f1825021 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -718,7 +718,7 @@ services: environment: DOCKER_HOST: tcp://dockerproxy:2375 GID: 1000 - BOUNCER_KEY_SWAG: ${CROWDSEC_API_KEY} + BOUNCER_KEY_SWAG: ${CROWDSEC_SWAG_API_KEY} COLLECTIONS: >- corvese/apache-guacamole crowdsecurity/home-assistant -- 2.52.0 From e864a2ca50d7897098c8a135ada007076243c1bf Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 16 Jun 2025 18:59:51 -0400 Subject: [PATCH 6/7] Adjusting Docker Compose actions. --- .gitea/workflows/pr-cloudflare-docker-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index db0545db..e5476b4b 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -144,7 +144,7 @@ jobs: env: DOCKER_HOST: tcp://dockerproxy:2375 with: - docker-flags: -H "$DOCKER_HOST" + docker-flags: -H ${DOCKER_HOST} services: ${{ needs.generate-service-list.outputs.svc_deploy_list }} up-flags: -d --remove-orphans --dry-run down-flags: --dry-run -- 2.52.0 From 59cc0bc271a1d90910d6600d8ed7bff2e2853980 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 16 Jun 2025 19:25:59 -0400 Subject: [PATCH 7/7] Adjusting Docker Compose actions. --- .gitea/workflows/pr-cloudflare-docker-deploy.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index e5476b4b..b07ab79b 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -144,7 +144,6 @@ jobs: env: DOCKER_HOST: tcp://dockerproxy:2375 with: - docker-flags: -H ${DOCKER_HOST} services: ${{ needs.generate-service-list.outputs.svc_deploy_list }} up-flags: -d --remove-orphans --dry-run down-flags: --dry-run -- 2.52.0