first commit
This commit is contained in:
Raul Lugo
90
.github/actions/build-push-bump/action.yml
vendored
Normal file
90
.github/actions/build-push-bump/action.yml
vendored
Normal file
@@ -0,0 +1,90 @@
|
||||
name: build-push-bump
|
||||
description: Build and push an OCI image to Gitea registry, then bump resuely/infra stack.env to trigger deploy.
|
||||
|
||||
inputs:
|
||||
registry:
|
||||
description: Registry host (e.g. git.rlugo.dev)
|
||||
required: true
|
||||
image:
|
||||
description: Full image name without tag (e.g. git.rlugo.dev/resuely/auth)
|
||||
required: true
|
||||
infraRepo:
|
||||
description: HTTPS clone URL without credentials (e.g. git.rlugo.dev/resuely/infra.git)
|
||||
required: true
|
||||
stackEnvPath:
|
||||
description: Path in infra repo to env file (e.g. stacks/resuely/prod/stack.env)
|
||||
required: true
|
||||
stackEnvKey:
|
||||
description: Env key to bump (e.g. AUTH_IMAGE_TAG)
|
||||
required: true
|
||||
|
||||
registryUsername:
|
||||
description: Registry username
|
||||
required: true
|
||||
registryToken:
|
||||
description: Registry token/password
|
||||
required: true
|
||||
infraPushToken:
|
||||
description: Token with write access to infra repo
|
||||
required: true
|
||||
|
||||
outputs:
|
||||
tag:
|
||||
description: The built image tag
|
||||
value: ${{ steps.meta.outputs.tag }}
|
||||
|
||||
runs:
|
||||
using: composite
|
||||
steps:
|
||||
- name: Compute tag
|
||||
id: meta
|
||||
shell: bash
|
||||
run: |
|
||||
set -euo pipefail
|
||||
SHORT_SHA=$(echo "${GITHUB_SHA}" | cut -c1-7)
|
||||
TAG="${SHORT_SHA}-$(date +%s)"
|
||||
echo "tag=${TAG}" >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: Login to registry
|
||||
shell: bash
|
||||
run: |
|
||||
set -euo pipefail
|
||||
echo "${{ inputs.registryToken }}" | docker login "${{ inputs.registry }}" \
|
||||
-u "${{ inputs.registryUsername }}" \
|
||||
--password-stdin
|
||||
|
||||
- name: Build and push image
|
||||
shell: bash
|
||||
run: |
|
||||
set -euo pipefail
|
||||
TAG="${{ steps.meta.outputs.tag }}"
|
||||
docker build -t "${{ inputs.image }}:${TAG}" .
|
||||
docker push "${{ inputs.image }}:${TAG}"
|
||||
|
||||
- name: Bump infra stack
|
||||
shell: bash
|
||||
run: |
|
||||
set -euo pipefail
|
||||
|
||||
TAG="${{ steps.meta.outputs.tag }}"
|
||||
|
||||
git config --global user.name "resuely-bot"
|
||||
git config --global user.email "bot@resuely.com"
|
||||
|
||||
rm -rf infra
|
||||
git clone "https://resuely-bot:${{ inputs.infraPushToken }}@${{ inputs.infraRepo }}" infra
|
||||
cd infra
|
||||
|
||||
FILE="${{ inputs.stackEnvPath }}"
|
||||
KEY="${{ inputs.stackEnvKey }}"
|
||||
|
||||
if ! grep -q "^${KEY}=" "$FILE"; then
|
||||
echo "Missing ${KEY} in ${FILE}" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
sed -i "s/^${KEY}=.*/${KEY}=${TAG}/" "$FILE"
|
||||
|
||||
git add "$FILE"
|
||||
git commit -m "deploy(${KEY}): ${TAG}"
|
||||
git push origin main
|
||||
Reference in New Issue
Block a user