156 lines
5.8 KiB
YAML
156 lines
5.8 KiB
YAML
name: Renovate PR Deployment
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
pull_request:
|
|
types: [closed]
|
|
branches:
|
|
- main
|
|
paths:
|
|
- "**/docker-compose.yml"
|
|
|
|
env:
|
|
HC_VAULT_VERSION: "1.21.2"
|
|
VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }}
|
|
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
|
|
|
|
jobs:
|
|
deploy:
|
|
name: Renovate PR Deployment
|
|
if: |
|
|
github.event.pull_request.merged == true &&
|
|
github.event.pull_request.user.login == 'renovate-bot'
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Check out code
|
|
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Save docker-compose.yml before merge (old)
|
|
run: |
|
|
git fetch origin main
|
|
if git ls-tree -r origin/main^1 --name-only | grep -q '^docker-compose.yml$'; then
|
|
git show origin/main^1:docker-compose.yml > docker-compose-old.yml
|
|
else
|
|
echo "services: {}" > docker-compose-old.yml
|
|
fi
|
|
|
|
- name: Save docker-compose.yml after merge (new)
|
|
run: |
|
|
git show origin/main:docker-compose.yml > docker-compose-new.yml
|
|
|
|
- name: Detect services with image tag/digest changes
|
|
id: detect_services
|
|
run: |
|
|
set -euo pipefail
|
|
|
|
echo "Flattening docker-compose files..."
|
|
yq eval '... comments=""' docker-compose-old.yml > docker-compose-old-flat.yml
|
|
yq eval '... comments=""' docker-compose-new.yml > docker-compose-new-flat.yml
|
|
|
|
echo "Getting service names..."
|
|
yq eval '.services | keys | .[]' docker-compose-old-flat.yml | sort > services_old.txt
|
|
yq eval '.services | keys | .[]' docker-compose-new-flat.yml | sort > services_new.txt
|
|
|
|
echo "Checking for image changes..."
|
|
: > service_changes.txt
|
|
|
|
comm -12 services_old.txt services_new.txt | while read service; do
|
|
old_image=$(yq eval-all --yaml-fix-merge-anchor-to-spec=true ".services[\"$service\"].image // \"\"" docker-compose-old-flat.yml)
|
|
new_image=$(yq eval-all --yaml-fix-merge-anchor-to-spec=true ".services[\"$service\"].image // \"\"" docker-compose-new-flat.yml)
|
|
|
|
if [ "$old_image" != "$new_image" ]; then
|
|
echo "$service" >> service_changes.txt
|
|
fi
|
|
done
|
|
|
|
echo "Detected services with changed images:"
|
|
cat service_changes.txt || true
|
|
|
|
# Prepare multiline output for GitHub Actions
|
|
echo "docker_svc_list<<EOF" >> "$GITHUB_OUTPUT"
|
|
sort -u service_changes.txt >> "$GITHUB_OUTPUT"
|
|
echo "EOF" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Stop if no image changes
|
|
if: steps.detect_services.outputs.docker_svc_list == ''
|
|
run: |
|
|
echo "No image tag/digest changes detected. Exiting."
|
|
exit 1
|
|
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
|
env:
|
|
DOCKER_HOST: tcp://192.168.1.248:2375
|
|
with:
|
|
username: ${{ secrets.DOCKERHUB_USER }}
|
|
password: ${{ secrets.DOCKERHUB_PASSWORD }}
|
|
|
|
- name: Login to GitHub Container Registry
|
|
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
|
env:
|
|
DOCKER_HOST: tcp://192.168.1.248:2375
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ secrets.GHCR_USER }}
|
|
password: ${{ secrets.GHCR_LOGIN_TOKEN }}
|
|
|
|
- name: Login to Private Gitea Registry
|
|
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
|
env:
|
|
DOCKER_HOST: tcp://192.168.1.248:2375
|
|
with:
|
|
registry: git.trez.wtf
|
|
username: ${{ secrets.BOT_GITEA_USER }}
|
|
password: ${{ secrets.BOT_GITEA_PASSWORD }}
|
|
|
|
- name: Gotify Notification
|
|
uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4
|
|
with:
|
|
gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
|
|
gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
|
|
notification_title: "GITEA: [RENOVATE] Docker Compose Deployment @ Ultima"
|
|
notification_message: "Starting Docker Compose run..."
|
|
|
|
- name: Generate .env from Hashicorp Vault
|
|
uses: https://git.trez.wtf/Trez/hc-vault-env@main
|
|
with:
|
|
HC_VAULT_VERSION: ${{ env.HC_VAULT_VERSION }}
|
|
HC_VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }}
|
|
HC_VAULT_AUTH: token
|
|
HC_VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
|
|
HC_VAULT_SECRETS_PATH: ultima-docker/env
|
|
|
|
- name: Docker Compose Deployment
|
|
uses: cssnr/stack-deploy-action@d58b92bcd776afc57ef12f55bafff71200fd218e # v1.4.0
|
|
with:
|
|
mode: compose
|
|
file: docker-compose.yml
|
|
name: "ultima"
|
|
host: 192.168.1.248
|
|
user: charish
|
|
ssh_key: ${{ secrets.RUNNER_SSH_PRIVATE_KEY }}
|
|
args: --remove-orphans -d ${{ needs.generate-service-list.outputs.svc_deploy_list }}
|
|
env_file: ".env"
|
|
summary: true
|
|
|
|
- name: Docker Compose Healthcheck
|
|
uses: jaracogmbh/docker-compose-health-check-action@973fbdccf7c8e396b652d3501984c8e530a9fa80 # v1.0.0
|
|
env:
|
|
DOCKER_HOST: tcp://192.168.1.248:2375
|
|
with:
|
|
max-retries: 30
|
|
retry-interval: 10
|
|
compose-file: "docker-compose.yml"
|
|
skip-exited: "true"
|
|
skip-no-healthcheck: "true"
|
|
|
|
- name: Gotify Notification
|
|
uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4
|
|
with:
|
|
gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
|
|
gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
|
|
notification_title: "GITEA: [RENOVATE] Docker Compose Deployment @ Ultima"
|
|
notification_message: "Deployment completed successfully."
|