114 lines
4.0 KiB
YAML
114 lines
4.0 KiB
YAML
name: Renovate Image Tag Deployment
|
|
|
|
on:
|
|
pull_request:
|
|
types: [closed]
|
|
branches:
|
|
- main
|
|
paths:
|
|
- "**/docker-compose.yml"
|
|
|
|
env:
|
|
HC_VAULT_VERSION: "1.18.0"
|
|
VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }}
|
|
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
|
|
|
|
jobs:
|
|
deploy:
|
|
name: Renovate PR Deployment
|
|
if: |
|
|
github.event.pull_request.merged == true &&
|
|
github.event.pull_request.user.login == 'renovate-bot'
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout full repository
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0 # Required for branch diffing
|
|
|
|
- name: Install Vault
|
|
uses: cpanato/vault-installer@main
|
|
with:
|
|
version: ${{ env.HC_VAULT_VERSION }}
|
|
|
|
- name: Save both versions of docker-compose.yml
|
|
run: |
|
|
git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml
|
|
cp docker-compose.yml docker-compose-head.yml
|
|
|
|
- name: Detect services with changed image tags/digests
|
|
id: detect_services
|
|
run: |
|
|
echo "Getting services from main and ${{ github.ref_name }}"
|
|
|
|
# Get service names from both files
|
|
yq '.services | keys | .[]' docker-compose-main.yml | sort > services_main.txt
|
|
yq '.services | keys | .[]' docker-compose-head.yml | sort > services_head.txt
|
|
|
|
echo "Checking for image changes..."
|
|
touch service_changes.txt
|
|
|
|
# Only check services that exist in both files
|
|
comm -12 services_main.txt services_head.txt | while read service; do
|
|
img_main=$(yq -r ".services.\"$service\".image // empty" docker-compose-main.yml)
|
|
img_head=$(yq -r ".services.\"$service\".image // empty" docker-compose-head.yml)
|
|
|
|
if [ "$img_main" != "$img_head" ]; then
|
|
echo "$service: image_changed" >> service_changes.txt
|
|
fi
|
|
done
|
|
|
|
echo "Detected services with changed images:"
|
|
cat service_changes.txt
|
|
|
|
mod_svcs=$(cut -d':' -f1 service_changes.txt | sort | uniq)
|
|
echo "docker_svc_list<<EOF" >> "$GITHUB_OUTPUT"
|
|
echo "$mod_svcs" >> "$GITHUB_OUTPUT"
|
|
echo "EOF" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Stop if no image changes
|
|
if: steps.detect_services.outputs.docker_svc_list == ''
|
|
run: |
|
|
echo "No image tag/digest changes detected. Exiting."
|
|
exit 0
|
|
|
|
- name: Generate .env file for Docker Compose
|
|
run: |
|
|
vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
|
|
|
|
- name: Gotify Notification (Start)
|
|
uses: eikendev/gotify-action@master
|
|
with:
|
|
gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
|
|
gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
|
|
notification_title: "GITEA: [RENOVATE] Docker Compose Deployment @ Rinoa"
|
|
notification_message: "Starting Docker Compose run..."
|
|
|
|
- name: Docker Compose Deployment
|
|
uses: hoverkraft-tech/compose-action@v2.3.0
|
|
env:
|
|
DOCKER_HOST: tcp://dockerproxy:2375
|
|
with:
|
|
services: |
|
|
${{ steps.detect_services.outputs.docker_svc_list }}
|
|
up-flags: -d --remove-orphans --pull always
|
|
compose-flags: --profile rinoa-apps
|
|
|
|
- name: Docker Compose Healthcheck
|
|
id: health
|
|
uses: jaracogmbh/docker-compose-health-check-action@v1.0.0
|
|
with:
|
|
max-retries: 30
|
|
retry-interval: 10
|
|
compose-file: "docker-compose.yml"
|
|
skip-exited: "true"
|
|
skip-no-healthcheck: "true"
|
|
|
|
- name: Gotify Notification (Finish)
|
|
uses: eikendev/gotify-action@master
|
|
with:
|
|
gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
|
|
gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
|
|
notification_title: "GITEA: [RENOVATE] Docker Compose Deployment @ Rinoa"
|
|
notification_message: "Deployment completed successfully."
|