91 lines
2.4 KiB
YAML
91 lines
2.4 KiB
YAML
name: build-push-bump
|
|
description: Build and push an OCI image to Gitea registry, then bump resuely/infra stack.env to trigger deploy.
|
|
|
|
inputs:
|
|
registry:
|
|
description: Registry host (e.g. git.rlugo.dev)
|
|
required: true
|
|
image:
|
|
description: Full image name without tag (e.g. git.rlugo.dev/resuely/auth)
|
|
required: true
|
|
infraRepo:
|
|
description: HTTPS clone URL without credentials (e.g. git.rlugo.dev/resuely/infra.git)
|
|
required: true
|
|
stackEnvPath:
|
|
description: Path in infra repo to env file (e.g. stacks/resuely/prod/stack.env)
|
|
required: true
|
|
stackEnvKey:
|
|
description: Env key to bump (e.g. AUTH_IMAGE_TAG)
|
|
required: true
|
|
|
|
registryUsername:
|
|
description: Registry username
|
|
required: true
|
|
registryToken:
|
|
description: Registry token/password
|
|
required: true
|
|
infraPushToken:
|
|
description: Token with write access to infra repo
|
|
required: true
|
|
|
|
outputs:
|
|
tag:
|
|
description: The built image tag
|
|
value: ${{ steps.meta.outputs.tag }}
|
|
|
|
runs:
|
|
using: composite
|
|
steps:
|
|
- name: Compute tag
|
|
id: meta
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
SHORT_SHA=$(echo "${GITHUB_SHA}" | cut -c1-7)
|
|
TAG="${SHORT_SHA}-$(date +%s)"
|
|
echo "tag=${TAG}" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Login to registry
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
echo "${{ inputs.registryToken }}" | docker login "${{ inputs.registry }}" \
|
|
-u "${{ inputs.registryUsername }}" \
|
|
--password-stdin
|
|
|
|
- name: Build and push image
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
TAG="${{ steps.meta.outputs.tag }}"
|
|
docker build -t "${{ inputs.image }}:${TAG}" .
|
|
docker push "${{ inputs.image }}:${TAG}"
|
|
|
|
- name: Bump infra stack
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
|
|
TAG="${{ steps.meta.outputs.tag }}"
|
|
|
|
git config --global user.name "resuely-bot"
|
|
git config --global user.email "bot@resuely.com"
|
|
|
|
rm -rf infra
|
|
git clone "https://resuely-bot:${{ inputs.infraPushToken }}@${{ inputs.infraRepo }}" infra
|
|
cd infra
|
|
|
|
FILE="${{ inputs.stackEnvPath }}"
|
|
KEY="${{ inputs.stackEnvKey }}"
|
|
|
|
if ! grep -q "^${KEY}=" "$FILE"; then
|
|
echo "Missing ${KEY} in ${FILE}" >&2
|
|
exit 1
|
|
fi
|
|
|
|
sed -i "s/^${KEY}=.*/${KEY}=${TAG}/" "$FILE"
|
|
|
|
git add "$FILE"
|
|
git commit -m "deploy(${KEY}): ${TAG}"
|
|
git push origin main
|