148 lines
5.2 KiB
YAML
148 lines
5.2 KiB
YAML
name: Renovate PR Deployment
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
pull_request:
|
|
types: [closed]
|
|
branches:
|
|
- main
|
|
paths:
|
|
- "**/docker-compose.yml"
|
|
|
|
env:
|
|
HC_VAULT_VERSION: "1.18.0"
|
|
VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }}
|
|
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
|
|
|
|
jobs:
|
|
deploy:
|
|
if: |
|
|
github.event.pull_request.merged == true &&
|
|
github.event.pull_request.user.login == 'renovate-bot'
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Check out code
|
|
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
|
|
|
|
- name: Install Vault
|
|
uses: cpanato/vault-installer@main
|
|
with:
|
|
version: ${{ env.HC_VAULT_VERSION }}
|
|
|
|
- name: Detect Renovate update type
|
|
id: detect-update
|
|
env:
|
|
PR_BODY: ${{ github.event.pull_request.body }}
|
|
run: |
|
|
echo "PR body: $PR_BODY"
|
|
|
|
if echo "$PR_BODY" | grep -qE 'Update Type: (patch|minor|major|digest)'; then
|
|
echo "update=true" >> $GITHUB_OUTPUT
|
|
else
|
|
echo "update=false" >> $GITHUB_OUTPUT
|
|
fi
|
|
|
|
- name: Stop if update not patch/minor/major/digest
|
|
if: steps.detect-update.outputs.update != 'true'
|
|
run: |
|
|
echo "::warning::This PR does not involve patch/minor/major/digest update. Skipping deployment."
|
|
exit 0
|
|
|
|
- name: Get changed services from docker-compose.yml
|
|
id: services
|
|
run: |
|
|
git fetch origin ${{ github.event.pull_request.base.ref }}
|
|
|
|
# Extract service=image pairs from HEAD (PR merge result)
|
|
yq -r '.services | to_entries[] | "\(.key)=\(.value.image // "")"' docker-compose.yml \
|
|
| sort > services_head.txt
|
|
|
|
# Extract service=image pairs from BASE (main branch)
|
|
git show origin/${{ github.event.pull_request.base.ref }}:docker-compose.yml \
|
|
| yq -r '.services | to_entries[] | "\(.key)=\(.value.image // "")"' \
|
|
| sort > services_main.txt || true
|
|
|
|
echo "Comparing images between base and head..."
|
|
: > service_changes.txt
|
|
|
|
while IFS== read -r svc img; do
|
|
base_img=$(grep "^$svc=" services_main.txt | cut -d= -f2- || true)
|
|
if [ "$img" != "$base_img" ]; then
|
|
echo "$svc" >> service_changes.txt
|
|
fi
|
|
done < services_head.txt
|
|
|
|
echo "Detected service changes:"
|
|
cat service_changes.txt || true
|
|
|
|
mod_svcs=$(sort -u service_changes.txt | xargs)
|
|
if [ -z "$mod_svcs" ]; then
|
|
echo "docker_svc_list=" >> "$GITHUB_OUTPUT"
|
|
else
|
|
echo "docker_svc_list=$mod_svcs" >> "$GITHUB_OUTPUT"
|
|
fi
|
|
|
|
- name: List of Services for (Re)Deployment
|
|
run: |
|
|
echo -e "${{ steps.services.outputs.docker_svc_list }}"
|
|
|
|
- name: Generate .env file for Docker Compose
|
|
run: |
|
|
vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
|
|
|
|
- name: Gotify Notification
|
|
uses: eikendev/gotify-action@master
|
|
with:
|
|
gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
|
|
gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
|
|
notification_title: "GITEA: [RENOVATE] Docker Compose Deployment @ Rinoa"
|
|
notification_message: "Starting Docker Compose run..."
|
|
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
|
with:
|
|
username: ${{ secrets.DOCKERHUB_USER }}
|
|
password: ${{ secrets.DOCKERHUB_PASSWORD }}
|
|
|
|
- name: Login to GitHub Container Registry
|
|
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ secrets.GHCR_USER }}
|
|
password: ${{ secrets.GHCR_LOGIN_TOKEN }}
|
|
|
|
- name: Login to Private Gitea Registry
|
|
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
|
with:
|
|
registry: git.trez.wtf
|
|
username: ${{ secrets.BOT_GITEA_USER }}
|
|
password: ${{ secrets.BOT_GITEA_PASSWORD }}
|
|
|
|
- name: Docker Compose Deployment
|
|
uses: hoverkraft-tech/compose-action@40041ff1b97dbf152cd2361138c2b03fa29139df # v2.3.0
|
|
env:
|
|
DOCKER_HOST: tcp://dockerproxy:2375
|
|
with:
|
|
services: |
|
|
${{ steps.services.outputs.docker_svc_list }}
|
|
up-flags: -d --remove-orphans --pull always
|
|
compose-flags: --profile rinoa-apps
|
|
|
|
- name: Docker Compose Healthcheck
|
|
id: health
|
|
uses: jaracogmbh/docker-compose-health-check-action@973fbdccf7c8e396b652d3501984c8e530a9fa80 # v1.0.0
|
|
with:
|
|
max-retries: 30
|
|
retry-interval: 10
|
|
compose-file: "docker-compose.yml"
|
|
skip-exited: "true"
|
|
skip-no-healthcheck: "true"
|
|
|
|
- name: Gotify Notification
|
|
uses: eikendev/gotify-action@master
|
|
with:
|
|
gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
|
|
gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
|
|
notification_title: "GITEA: [RENOVATE] Docker Compose Deployment @ Rinoa"
|
|
notification_message: "Deployment completed successfully."
|