From 6400976d19afe322889bcabbc6c2a3e0499c8436 Mon Sep 17 00:00:00 2001 From: Torsten Ueberschar Date: Sun, 18 Jan 2026 10:49:21 +0100 Subject: [PATCH] workflow to actions --- .github/actions/build-and-push/action.yaml | 182 +++++++++++++++++ .github/actions/bump-version/action.yaml | 100 ++++++++++ .github/actions/deploy-k8s/action.yaml | 64 ++++++ .../build-and-push-call-example.yaml | 13 -- .github/workflows/build-and-push.yaml | 184 ------------------ .../workflows/bump-version-call-example.yaml | 17 -- .github/workflows/bump-version.yaml | 106 ---------- .github/workflows/deploy-k8s-call-example.yml | 19 -- .github/workflows/deploy-k8s.yaml | 76 -------- README.md | 44 +++-- 10 files changed, 373 insertions(+), 432 deletions(-) create mode 100644 .github/actions/build-and-push/action.yaml create mode 100644 .github/actions/bump-version/action.yaml create mode 100644 .github/actions/deploy-k8s/action.yaml delete mode 100644 .github/workflows/build-and-push-call-example.yaml delete mode 100644 .github/workflows/build-and-push.yaml delete mode 100644 .github/workflows/bump-version-call-example.yaml delete mode 100644 .github/workflows/bump-version.yaml delete mode 100644 .github/workflows/deploy-k8s-call-example.yml delete mode 100644 .github/workflows/deploy-k8s.yaml diff --git a/.github/actions/build-and-push/action.yaml b/.github/actions/build-and-push/action.yaml new file mode 100644 index 0000000..e4dcda1 --- /dev/null +++ b/.github/actions/build-and-push/action.yaml @@ -0,0 +1,182 @@ +name: Build and Push Docker Image +description: Build a Docker image and push to a registry +inputs: + registry: + description: Container registry hostname + required: true + image_name: + description: Full image name including registry + required: false + default: "" + tag: + description: Override image tag (defaults to standard tags) + required: false + default: "" + dockerfile: + description: Path to Dockerfile + required: false + default: Dockerfile + context: + description: Build context + required: false + default: . + push: + description: Push image after build + required: false + default: "true" + registry_username: + description: Registry username + required: true + registry_password: + description: Registry password or token + required: true +runs: + using: "composite" + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + fetch-tags: true + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Resolve image name + shell: bash + env: + REGISTRY: ${{ inputs.registry }} + IMAGE_NAME: ${{ inputs.image_name }} + REPO: ${{ gitea.repository != '' && gitea.repository || github.repository }} + run: | + if [ -z "${IMAGE_NAME}" ]; then + IMAGE_NAME="${REGISTRY}/${REPO}" + fi + echo "IMAGE_NAME=${IMAGE_NAME}" >> "$GITHUB_ENV" + + - name: Log in to container registry + uses: docker/login-action@v3 + with: + registry: ${{ inputs.registry }} + username: ${{ inputs.registry_username }} + password: ${{ inputs.registry_password }} + + - name: Validate registry configuration + shell: bash + env: + REGISTRY: ${{ inputs.registry }} + run: | + if [ -z "${REGISTRY}" ]; then + echo "::error::REGISTRY input is missing or empty" + exit 1 + fi + if [ -z "${IMAGE_NAME}" ] || [[ "${IMAGE_NAME}" == */ ]]; then + echo "::error::IMAGE_NAME is empty or malformed (resolved to '${IMAGE_NAME}')" + exit 1 + fi + + - name: Derive image tags + id: vars + shell: bash + env: + IMAGE_NAME: ${{ env.IMAGE_NAME }} + TAG_INPUT: ${{ inputs.tag }} + run: | + IMAGE="${IMAGE_NAME}" + TAGS=() + + if [ -n "${TAG_INPUT}" ]; then + TAGS+=("${IMAGE}:${TAG_INPUT}") + else + TAG_NAME="" + REF="${GITHUB_REF:-${GITEA_REF}}" + SHA="${GITHUB_SHA:-${GITEA_SHA}}" + BRANCH="" + SHORT_SHA="$(git rev-parse --short=7 "${SHA}")" + + # Extract tag name when we are on a tag ref (e.g. v1.4) + if [[ "${REF}" =~ refs/tags/(.+) ]]; then + TAG_NAME="${BASH_REMATCH[1]}" + fi + + if [[ "${REF}" =~ refs/heads/(.+) ]]; then + BRANCH="${BASH_REMATCH[1]}" + else + # Tag build: detect which branch contains the tagged commit + git fetch --no-tags --depth=1 origin main release develop || true + if git branch -r --contains "${SHA}" | grep -q "origin/main"; then + BRANCH="main" + elif git branch -r --contains "${SHA}" | grep -q "origin/release"; then + BRANCH="release" + elif git branch -r --contains "${SHA}" | grep -q "origin/develop"; then + BRANCH="develop" + fi + fi + + TAGS+=("${IMAGE}:${SHORT_SHA}") + [[ -n "${TAG_NAME}" ]] && TAGS+=("${IMAGE}:${TAG_NAME}") + + case "${BRANCH}" in + main) + TAGS+=("${IMAGE}:latest") + ;; + release*) + TAGS+=("${IMAGE}:latest-rc") + ;; + develop) + TAGS+=("${IMAGE}:latest-dev") + ;; + *) + TAGS+=("${IMAGE}:latest-snapshot") + ;; + esac + fi + + echo "Computed tags:" + printf '%s\n' "${TAGS[@]}" + { + echo "tags<> "$GITHUB_OUTPUT" + + - name: Show build summary + shell: bash + env: + IMAGE_NAME: ${{ env.IMAGE_NAME }} + run: | + echo "Commit: ${GITHUB_SHA:-${GITEA_SHA}}" + echo "Image: ${IMAGE_NAME}" + echo "Tags:" + printf '%s\n' "${{ steps.vars.outputs.tags }}" + + - name: Determine deploy target + id: deploy + shell: bash + run: | + REF="${GITHUB_REF:-${GITEA_REF}}" + SHA="${GITHUB_SHA:-${GITEA_SHA}}" + TARGET="dev" + if [[ "${REF}" == "refs/heads/main" ]]; then + TARGET="prod" + elif [[ "${REF}" =~ refs/tags/ ]]; then + # Tag builds deploy to prod only if the tagged commit is in main + git fetch --no-tags --depth=1 origin main || true + if git branch -r --contains "${SHA}" | grep -q "origin/main"; then + TARGET="prod" + fi + fi + echo "Deploy target: ${TARGET}" + echo "target=${TARGET}" >> "$GITHUB_OUTPUT" + + - name: Build and push image + uses: docker/build-push-action@v5 + with: + context: ${{ inputs.context }} + file: ${{ inputs.dockerfile }} + push: ${{ inputs.push }} + tags: ${{ steps.vars.outputs.tags }} + build-args: | + VITE_KEYCLOAK_URL=${{ vars.VITE_KEYCLOAK_URL }} + VITE_KEYCLOAK_REALM=${{ vars.VITE_KEYCLOAK_REALM }} + VITE_KEYCLOAK_CLIENT_ID=${{ vars.VITE_KEYCLOAK_CLIENT_ID }} diff --git a/.github/actions/bump-version/action.yaml b/.github/actions/bump-version/action.yaml new file mode 100644 index 0000000..667621c --- /dev/null +++ b/.github/actions/bump-version/action.yaml @@ -0,0 +1,100 @@ +name: Bump Version +description: Bump npm version, create tag, and push +inputs: + node_version: + description: Node.js version to use + required: false + default: "24" + gitea_token: + description: Token for checkout/push (optional) + required: false + default: "" +outputs: + tag: + description: Created tag + value: ${{ steps.bump.outputs.tag }} +runs: + using: "composite" + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + fetch-tags: true + token: ${{ inputs.gitea_token != '' && inputs.gitea_token || github.token }} + + - name: Setup Git + shell: bash + run: | + git config user.name "CI Bot" + git config user.email "ci@git.uesome.de" + + - name: Setup Node + uses: actions/setup-node@v3 + with: + node-version: ${{ inputs.node_version }} + + - name: Bump patch version and tag + id: bump + shell: bash + run: | + REF="${GITHUB_REF:-${GITEA_REF}}" + BRANCH="${REF#refs/heads/}" + git fetch origin "${BRANCH}" --tags + git checkout "${BRANCH}" + git pull --ff-only origin "${BRANCH}" + BRANCH_SAFE="$(echo "${BRANCH}" | tr '/[:space:].' '-' | tr -cd '[:alnum:]_-')" + BRANCH_SAFE="$(echo "${BRANCH_SAFE}" | sed 's/^-*//;s/-*$//')" + BRANCH_SAFE="${BRANCH_SAFE:-unknown}" + case "${BRANCH}" in + main) + COMMIT_MSG="$(git log -1 --pretty=%B)" + TARGET_VERSION="" + if [[ "${COMMIT_MSG}" =~ release/([0-9]+)\.([0-9]+) ]]; then + TARGET_VERSION="${BASH_REMATCH[1]}.${BASH_REMATCH[2]}.0" + elif [[ "${COMMIT_MSG}" =~ hotfix/([0-9]+\.[0-9]+\.[0-9]+) ]]; then + TARGET_VERSION="${BASH_REMATCH[1]}" + fi + + if [[ -n "${TARGET_VERSION}" ]]; then + npm version "${TARGET_VERSION}" --no-git-tag-version --allow-same-version + BUMP_CMD="npm version patch --no-git-tag-version" + else + npm version patch --no-git-tag-version + BUMP_CMD="npm version patch --no-git-tag-version" + fi + ;; + develop) + npm version prerelease --preid=dev --no-git-tag-version + BUMP_CMD="npm version prerelease --preid=dev --no-git-tag-version" + ;; + release*) + npm version prerelease --preid=rc-${BRANCH_SAFE} --no-git-tag-version + BUMP_CMD="npm version prerelease --preid=rc-${BRANCH_SAFE} --no-git-tag-version" + ;; + *) + npm version prerelease --preid=nightly-${BRANCH_SAFE} --no-git-tag-version + BUMP_CMD="npm version prerelease --preid=nightly-${BRANCH_SAFE} --no-git-tag-version" + ;; + esac + + VERSION="$(node -p "require('./package.json').version")" + while git rev-parse -q --verify "refs/tags/v${VERSION}" >/dev/null; do + echo "Tag v${VERSION} already exists; trying next version." + ${BUMP_CMD} + VERSION="$(node -p "require('./package.json').version")" + done + + if git diff --quiet; then + echo "No version file changes; tagging current commit." + else + git add package.json package-lock.json 2>/dev/null || true + git commit -m "update version: v${VERSION}" + fi + TAG="v${VERSION}" + git tag "${TAG}" + + git push origin HEAD + git push origin "${TAG}" + + echo "tag=${TAG}" >> "${GITHUB_OUTPUT}" diff --git a/.github/actions/deploy-k8s/action.yaml b/.github/actions/deploy-k8s/action.yaml new file mode 100644 index 0000000..87692ef --- /dev/null +++ b/.github/actions/deploy-k8s/action.yaml @@ -0,0 +1,64 @@ +name: Deploy Image to Kubernetes +description: Update a Kubernetes deployment image and wait for rollout +inputs: + tag: + description: Image tag to deploy (e.g. v1.2.3) + required: true + deployment: + description: Kubernetes Deployment name + required: false + default: oumta-app + container: + description: Container name in the Deployment to update + required: false + default: app + namespace: + description: Kubernetes namespace + required: false + default: oumta-dev + registry: + description: Container registry hostname + required: true + image_name: + description: Full image name including registry + required: false + default: "" + kubeconfig: + description: Kubeconfig content + required: true +runs: + using: "composite" + steps: + - name: Install kubectl + uses: azure/setup-kubectl@v4 + + - name: Resolve image name + shell: bash + env: + REGISTRY: ${{ inputs.registry }} + IMAGE_NAME: ${{ inputs.image_name }} + REPO: ${{ gitea.repository != '' && gitea.repository || github.repository }} + run: | + if [ -z "${IMAGE_NAME}" ]; then + IMAGE_NAME="${REGISTRY}/${REPO}" + fi + echo "IMAGE_NAME=${IMAGE_NAME}" >> "$GITHUB_ENV" + + - name: Configure kubeconfig + shell: bash + env: + KUBECONFIG_CONTENT: ${{ inputs.kubeconfig }} + run: | + mkdir -p ~/.kube + printf '%s' "$KUBECONFIG_CONTENT" > ~/.kube/config + chmod 600 ~/.kube/config + + - name: Update deployment image + shell: bash + run: | + IMAGE="${IMAGE_NAME}:${{ inputs.tag }}" + kubectl set image deployment/${{ inputs.deployment }} \ + ${{ inputs.container }}=${IMAGE} \ + --namespace ${{ inputs.namespace }} + kubectl rollout status deployment/${{ inputs.deployment }} \ + --namespace ${{ inputs.namespace }} diff --git a/.github/workflows/build-and-push-call-example.yaml b/.github/workflows/build-and-push-call-example.yaml deleted file mode 100644 index 1808468..0000000 --- a/.github/workflows/build-and-push-call-example.yaml +++ /dev/null @@ -1,13 +0,0 @@ -name: Build and Push (via reusable workflow) -run-name: ${{ gitea.actor }} triggers build-and-push - -on: - workflow_dispatch: - -jobs: - build-and-push: - uses: tanztee/ci-cd/.github/workflows/build-and-push.yml@main - secrets: - REGISTRY: ${{ secrets.REGISTRY }} - REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} - REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} diff --git a/.github/workflows/build-and-push.yaml b/.github/workflows/build-and-push.yaml deleted file mode 100644 index 8d32a8b..0000000 --- a/.github/workflows/build-and-push.yaml +++ /dev/null @@ -1,184 +0,0 @@ -name: Build and Push Docker Image -run-name: ${{ gitea.actor }} builds and pushes image - -on: - workflow_call: - inputs: - registry: - description: Container registry hostname (defaults to secret REGISTRY) - type: string - default: "" - image_name: - description: Full image name including registry (defaults to REGISTRY/repo) - type: string - default: "" - tag: - description: Override image tag (defaults to standard tags) - type: string - default: "" - dockerfile: - description: Path to Dockerfile - type: string - default: Dockerfile - context: - description: Build context - type: string - default: . - push: - description: Push image after build - type: boolean - default: true - secrets: - REGISTRY: - description: Container registry hostname - required: false - REGISTRY_USERNAME: - description: Registry username - required: true - REGISTRY_PASSWORD: - description: Registry password or token - required: true - -jobs: - build-and-push: - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - env: - REGISTRY: ${{ inputs.registry != '' && inputs.registry || secrets.REGISTRY }} - IMAGE_NAME: ${{ inputs.image_name }} - TAG_INPUT: ${{ inputs.tag }} - REPO: ${{ gitea.repository }} - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - fetch-depth: 0 - fetch-tags: true - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Resolve image name - run: | - if [ -z "${IMAGE_NAME}" ]; then - IMAGE_NAME="${REGISTRY}/${REPO}" - fi - echo "IMAGE_NAME=${IMAGE_NAME}" >> "$GITHUB_ENV" - - - name: Log in to Gitea Container Registry - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ secrets.REGISTRY_USERNAME }} - password: ${{ secrets.REGISTRY_PASSWORD }} - - - name: Validate registry configuration - run: | - if [ -z "${REGISTRY}" ]; then - echo "::error::REGISTRY secret is missing or empty" - exit 1 - fi - if [ -z "${IMAGE_NAME}" ] || [[ "${IMAGE_NAME}" == */ ]]; then - echo "::error::IMAGE_NAME is empty or malformed (resolved to '${IMAGE_NAME}')" - exit 1 - fi - - - name: Derive image tags - id: vars - run: | - IMAGE="${IMAGE_NAME}" - TAGS=() - - if [ -n "${TAG_INPUT}" ]; then - TAGS+=("${IMAGE}:${TAG_INPUT}") - else - TAG_NAME="" - REF="${GITHUB_REF:-${GITEA_REF}}" - SHA="${GITHUB_SHA:-${GITEA_SHA}}" - BRANCH="" - SHORT_SHA="$(git rev-parse --short=7 "${SHA}")" - - # Extract tag name when we are on a tag ref (e.g. v1.4) - if [[ "${REF}" =~ refs/tags/(.+) ]]; then - TAG_NAME="${BASH_REMATCH[1]}" - fi - - if [[ "${REF}" =~ refs/heads/(.+) ]]; then - BRANCH="${BASH_REMATCH[1]}" - else - # Tag build: detect which branch contains the tagged commit - git fetch --no-tags --depth=1 origin main release develop || true - if git branch -r --contains "${SHA}" | grep -q "origin/main"; then - BRANCH="main" - elif git branch -r --contains "${SHA}" | grep -q "origin/release"; then - BRANCH="release" - elif git branch -r --contains "${SHA}" | grep -q "origin/develop"; then - BRANCH="develop" - fi - fi - - TAGS+=("${IMAGE}:${SHORT_SHA}") - [[ -n "${TAG_NAME}" ]] && TAGS+=("${IMAGE}:${TAG_NAME}") - - case "${BRANCH}" in - main) - TAGS+=("${IMAGE}:latest") - ;; - release*) - TAGS+=("${IMAGE}:latest-rc") - ;; - develop) - TAGS+=("${IMAGE}:latest-dev") - ;; - *) - TAGS+=("${IMAGE}:latest-snapshot") - ;; - esac - fi - - echo "Computed tags:" - printf '%s\n' "${TAGS[@]}" - { - echo "tags<> "$GITHUB_OUTPUT" - - - name: Show build summary - run: | - echo "Commit: ${GITHUB_SHA:-${GITEA_SHA}}" - echo "Image: ${IMAGE_NAME}" - echo "Tags:" - printf '%s\n' "${{ steps.vars.outputs.tags }}" - - - name: Determine deploy target - id: deploy - run: | - REF="${GITHUB_REF:-${GITEA_REF}}" - SHA="${GITHUB_SHA:-${GITEA_SHA}}" - TARGET="dev" - if [[ "${REF}" == "refs/heads/main" ]]; then - TARGET="prod" - elif [[ "${REF}" =~ refs/tags/ ]]; then - # Tag builds deploy to prod only if the tagged commit is in main - git fetch --no-tags --depth=1 origin main || true - if git branch -r --contains "${SHA}" | grep -q "origin/main"; then - TARGET="prod" - fi - fi - echo "Deploy target: ${TARGET}" - echo "target=${TARGET}" >> "$GITHUB_OUTPUT" - - - name: Build and push image - uses: docker/build-push-action@v5 - with: - context: ${{ inputs.context }} - file: ${{ inputs.dockerfile }} - push: ${{ inputs.push }} - tags: ${{ steps.vars.outputs.tags }} - build-args: | - VITE_KEYCLOAK_URL=${{ vars.VITE_KEYCLOAK_URL }} - VITE_KEYCLOAK_REALM=${{ vars.VITE_KEYCLOAK_REALM }} - VITE_KEYCLOAK_CLIENT_ID=${{ vars.VITE_KEYCLOAK_CLIENT_ID }} diff --git a/.github/workflows/bump-version-call-example.yaml b/.github/workflows/bump-version-call-example.yaml deleted file mode 100644 index 93d2800..0000000 --- a/.github/workflows/bump-version-call-example.yaml +++ /dev/null @@ -1,17 +0,0 @@ -name: Bump Version (via reusable workflow) -run-name: ${{ gitea.actor }} triggers bump-version - -on: - workflow_dispatch: - push: - branches: - - main - - develop - -jobs: - bump-version: - uses: tanztee/ci-cd/.github/workflows/bump-version.yaml@main - with: - node_version: "24" - secrets: - GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} diff --git a/.github/workflows/bump-version.yaml b/.github/workflows/bump-version.yaml deleted file mode 100644 index 1626889..0000000 --- a/.github/workflows/bump-version.yaml +++ /dev/null @@ -1,106 +0,0 @@ -name: Bump Version -run-name: ${{ gitea.actor }} runs patch update - -on: - workflow_call: - inputs: - node_version: - description: Node.js version to use - type: string - default: "24" - outputs: - tag: - description: Created tag - value: ${{ jobs.bump-version.outputs.tag }} - secrets: - GITEA_TOKEN: - description: Token for checkout/push (optional) - required: false - -jobs: - bump-version: - runs-on: ubuntu-latest - outputs: - tag: ${{ steps.bump.outputs.tag }} - - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - fetch-tags: true - token: ${{ secrets.GITEA_TOKEN }} - - - name: Setup Git - run: | - git config user.name "CI Bot" - git config user.email "ci@git.uesome.de" - - - name: Setup Node - uses: actions/setup-node@v3 - with: - node-version: ${{ inputs.node_version }} - - - name: Bump patch version and tag - id: bump - run: | - REF="${GITHUB_REF:-${GITEA_REF}}" - BRANCH="${REF#refs/heads/}" - git fetch origin "${BRANCH}" --tags - git checkout "${BRANCH}" - git pull --ff-only origin "${BRANCH}" - BRANCH_SAFE="$(echo "${BRANCH}" | tr '/[:space:].' '-' | tr -cd '[:alnum:]_-')" - BRANCH_SAFE="$(echo "${BRANCH_SAFE}" | sed 's/^-*//;s/-*$//')" - BRANCH_SAFE="${BRANCH_SAFE:-unknown}" - case "${BRANCH}" in - main) - COMMIT_MSG="$(git log -1 --pretty=%B)" - TARGET_VERSION="" - if [[ "${COMMIT_MSG}" =~ release/([0-9]+)\.([0-9]+) ]]; then - TARGET_VERSION="${BASH_REMATCH[1]}.${BASH_REMATCH[2]}.0" - elif [[ "${COMMIT_MSG}" =~ hotfix/([0-9]+\.[0-9]+\.[0-9]+) ]]; then - TARGET_VERSION="${BASH_REMATCH[1]}" - fi - - if [[ -n "${TARGET_VERSION}" ]]; then - npm version "${TARGET_VERSION}" --no-git-tag-version --allow-same-version - BUMP_CMD="npm version patch --no-git-tag-version" - else - npm version patch --no-git-tag-version - BUMP_CMD="npm version patch --no-git-tag-version" - fi - ;; - develop) - npm version prerelease --preid=dev --no-git-tag-version - BUMP_CMD="npm version prerelease --preid=dev --no-git-tag-version" - ;; - release*) - npm version prerelease --preid=rc-${BRANCH_SAFE} --no-git-tag-version - BUMP_CMD="npm version prerelease --preid=rc-${BRANCH_SAFE} --no-git-tag-version" - ;; - *) - npm version prerelease --preid=nightly-${BRANCH_SAFE} --no-git-tag-version - BUMP_CMD="npm version prerelease --preid=nightly-${BRANCH_SAFE} --no-git-tag-version" - ;; - esac - - VERSION="$(node -p "require('./package.json').version")" - while git rev-parse -q --verify "refs/tags/v${VERSION}" >/dev/null; do - echo "Tag v${VERSION} already exists; trying next version." - ${BUMP_CMD} - VERSION="$(node -p "require('./package.json').version")" - done - - if git diff --quiet; then - echo "No version file changes; tagging current commit." - else - git add package.json package-lock.json 2>/dev/null || true - git commit -m "update version: v${VERSION}" - fi - TAG="v${VERSION}" - git tag "${TAG}" - - git push origin HEAD - git push origin "${TAG}" - - echo "tag=${TAG}" >> "${GITHUB_OUTPUT}" diff --git a/.github/workflows/deploy-k8s-call-example.yml b/.github/workflows/deploy-k8s-call-example.yml deleted file mode 100644 index 61d02a8..0000000 --- a/.github/workflows/deploy-k8s-call-example.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: Deploy to Kubernetes (via reusable workflow) -run-name: ${{ gitea.actor }} triggers deploy-k8s - -on: - workflow_dispatch: - inputs: - tag: - description: Image tag to deploy (e.g. v1.2.3) - required: true - type: string - -jobs: - deploy: - uses: tanztee/ci-cd/.github/workflows/deploy-k8s.yml@main - with: - tag: ${{ inputs.tag }} - secrets: - KUBECONFIG: ${{ secrets.KUBECONFIG }} - REGISTRY: ${{ secrets.REGISTRY }} diff --git a/.github/workflows/deploy-k8s.yaml b/.github/workflows/deploy-k8s.yaml deleted file mode 100644 index 5ccb2df..0000000 --- a/.github/workflows/deploy-k8s.yaml +++ /dev/null @@ -1,76 +0,0 @@ -name: Deploy Image to Kubernetes -run-name: ${{ gitea.actor }} deploys to k8s - -on: - workflow_call: - inputs: - tag: - description: Image tag to deploy (e.g. v1.2.3) - type: string - required: true - deployment: - description: Kubernetes Deployment name - type: string - default: oumta-app - container: - description: Container name in the Deployment to update - type: string - default: app - namespace: - description: Kubernetes namespace - type: choice - default: oumta-dev - options: - - oumta-dev - - oumta-beta - - oumta-app - registry: - description: Container registry hostname (defaults to secret REGISTRY) - type: string - default: "" - image_name: - description: Full image name including registry (defaults to REGISTRY/repo) - type: string - default: "" - secrets: - KUBECONFIG: - description: Kubeconfig content - required: true - REGISTRY: - description: Container registry hostname - required: false - -jobs: - deploy: - runs-on: ubuntu-latest - env: - REGISTRY: ${{ inputs.registry != '' && inputs.registry || secrets.REGISTRY }} - IMAGE_NAME: ${{ inputs.image_name }} - REPO: ${{ gitea.repository }} - steps: - - name: Install kubectl - uses: azure/setup-kubectl@v4 - - - name: Resolve image name - run: | - if [ -z "${IMAGE_NAME}" ]; then - IMAGE_NAME="${REGISTRY}/${REPO}" - fi - echo "IMAGE_NAME=${IMAGE_NAME}" >> "$GITHUB_ENV" - - - name: Configure kubeconfig - env: - KUBECONFIG_CONTENT: ${{ secrets.KUBECONFIG }} - run: | - mkdir -p ~/.kube - printf '%s' "$KUBECONFIG_CONTENT" > ~/.kube/config - chmod 600 ~/.kube/config - - - name: Update deployment image - run: | - IMAGE="${IMAGE_NAME}:${{ inputs.tag }}" - kubectl set image deployment/${{ inputs.deployment }} \ - ${{ inputs.container }}=${IMAGE} \ - --namespace ${{ inputs.namespace }} - kubectl rollout status deployment/${{ inputs.deployment }} \ - --namespace ${{ inputs.namespace }} diff --git a/README.md b/README.md index df46257..b3fb320 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -## Reusable Workflows +## Actions -This repo provides reusable Gitea Actions workflows that can be referenced with `uses:`. +This repo provides reusable Gitea Actions as composite actions that can be referenced with `uses:`. ### Bump Version @@ -9,9 +9,13 @@ Example: ```yaml jobs: bump-version: - uses: tanztee/ci-cd/.github/workflows/bump-version.yaml@main - secrets: - GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - uses: tanztee/ci-cd/.github/actions/bump-version@main + with: + gitea_token: ${{ secrets.GITEA_TOKEN }} ``` ### Build and Push Docker Image @@ -21,11 +25,16 @@ Example: ```yaml jobs: build-and-push: - uses: tanztee/ci-cd/.github/workflows/build-and-push.yml@main - secrets: - REGISTRY: ${{ secrets.REGISTRY }} - REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} - REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + steps: + - uses: tanztee/ci-cd/.github/actions/build-and-push@main + with: + registry: ${{ secrets.REGISTRY }} + registry_username: ${{ secrets.REGISTRY_USERNAME }} + registry_password: ${{ secrets.REGISTRY_PASSWORD }} ``` ### Deploy Image to Kubernetes @@ -43,11 +52,12 @@ on: jobs: deploy: - uses: tanztee/ci-cd/.github/workflows/deploy-k8s.yml@main - with: - tag: ${{ inputs.tag }} - namespace: oumta-dev - secrets: - KUBECONFIG: ${{ secrets.KUBECONFIG }} - REGISTRY: ${{ secrets.REGISTRY }} + runs-on: ubuntu-latest + steps: + - uses: tanztee/ci-cd/.github/actions/deploy-k8s@main + with: + tag: ${{ inputs.tag }} + namespace: oumta-dev + kubeconfig: ${{ secrets.KUBECONFIG }} + registry: ${{ secrets.REGISTRY }} ```