diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index c07259d..0000000 --- a/.drone.yml +++ /dev/null @@ -1,119 +0,0 @@ ---- -kind: pipeline -type: kubernetes -name: build - -steps: - - name: build - image: mgoltzsche/podman:5.4.0 - privileged: true - environment: - REGISTRY_USERNAME: - from_secret: registry_username - REGISTRY_PASSWORD: - from_secret: registry_password - REGISTRY_SERVER: "docker.io" - RELEASE_IMAGE_NAME: "docker.io/genunix/homeassistant" - commands: - - | - HASS_VERSION=$$(grep FROM Dockerfile|cut -d : -f 2) - podman login --username "$${REGISTRY_USERNAME}" --password "$${REGISTRY_PASSWORD}" "$${REGISTRY_SERVER}" - echo "== Building $${RELEASE_IMAGE_NAME}:$${DRONE_COMMIT_SHA}" - podman build --pull-always --format docker -t $${RELEASE_IMAGE_NAME}:$${DRONE_COMMIT_SHA} . - echo "== Publishing $${RELEASE_IMAGE_NAME}:$${DRONE_COMMIT_SHA}" - podman push $${RELEASE_IMAGE_NAME}:$${DRONE_COMMIT_SHA} docker://$${RELEASE_IMAGE_NAME}:$${DRONE_COMMIT_SHA} - podman push $${RELEASE_IMAGE_NAME}:$${DRONE_COMMIT_SHA} docker://$${RELEASE_IMAGE_NAME}:$${HASS_VERSION} - podman logout "$${REGISTRY_SERVER}" - volumes: - - name: containers - path: /var/lib/containers - when: - branch: - - master - - - name: cleanup - image: mgoltzsche/podman:5.4.0 - privileged: true - environment: - RELEASE_IMAGE_NAME: "docker.io/genunix/homeassistant" - commands: - - podman rmi -f $${RELEASE_IMAGE_NAME}:$${DRONE_COMMIT_SHA} - - podman image prune -f - volumes: - - name: containers - path: /var/lib/containers - when: - branch: - - master - -trigger: - event: - - push - - custom - -volumes: - - name: containers - host: - path: /var/lib/containers ---- -kind: pipeline -type: kubernetes -name: promote - -steps: - - name: promote - image: mgoltzsche/podman:5.4.0 - privileged: true - environment: - REGISTRY_USERNAME: - from_secret: registry_username - REGISTRY_PASSWORD: - from_secret: registry_password - REGISTRY_SERVER: "docker.io" - RELEASE_IMAGE_NAME: "docker.io/genunix/homeassistant" - commands: - - podman login --username "$${REGISTRY_USERNAME}" --password "$${REGISTRY_PASSWORD}" "$${REGISTRY_SERVER}" - - echo "== Promoting $${RELEASE_IMAGE_NAME}:$${DRONE_COMMIT_SHA} into production" - - podman pull docker://$${RELEASE_IMAGE_NAME}:$${DRONE_COMMIT_SHA} - - podman push $${RELEASE_IMAGE_NAME}:$${DRONE_COMMIT_SHA} docker://$${RELEASE_IMAGE_NAME}:latest - - podman logout "$${REGISTRY_SERVER}" - volumes: - - name: containers - path: /var/lib/containers - - - name: cleanup - image: mgoltzsche/podman:5.4.0 - privileged: true - environment: - RELEASE_IMAGE_NAME: "docker.io/genunix/homeassistant" - commands: - - podman rmi -f $${RELEASE_IMAGE_NAME}:$${DRONE_COMMIT_SHA} - - podman rmi -f $${RELEASE_IMAGE_NAME}:latest - - podman image prune -f - volumes: - - name: containers - path: /var/lib/containers - when: - branch: - - master - - - name: deploy - image: bitnami/kubectl:1.32 - environment: - KUBECONFIG: - from_secret: kubeconfig - commands: - - echo "$${KUBECONFIG}" > kubeconfig - - kubectl --kubeconfig=kubeconfig -n hass rollout restart deployment/hass - - kubectl --kubeconfig=kubeconfig -n hass rollout status deployment/hass - -trigger: - event: - - promote - target: - - production - -volumes: - - name: containers - host: - path: /var/lib/containers diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml new file mode 100644 index 0000000..5c39495 --- /dev/null +++ b/.gitea/workflows/build.yml @@ -0,0 +1,176 @@ +--- +name: publish + +on: + push: + branches: [ master ] + workflow_dispatch: + inputs: + sha: + description: Commit SHA to promote (defaults to dispatch SHA) + required: false + type: string + +permissions: + contents: read + +env: + REGISTRY_SERVER: docker.io + RELEASE_IMAGE_NAME: docker.io/genunix/homeassistant + KUBERNETES_NAMESPACE: hass + +jobs: + build-and-publish: + if: github.event_name == 'push' + runs-on: docker + container: + image: quay.io/podman/stable:v5.4 + options: >- + --privileged + --security-opt seccomp=unconfined + --device /dev/fuse + --user root + env: + CONTAINERS_STORAGE_DRIVER: vfs + BUILDAH_FORMAT: docker + XDG_RUNTIME_DIR: /tmp/run + steps: + - name: Checkout + env: + SERVER_URL: ${{ github.server_url }} + REPOSITORY: ${{ github.repository }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + working-directory: ${{ github.workspace }} + run: | + set -euo pipefail + # Install git and ca-certs if missing (works across base distros) + if ! command -v git >/dev/null 2>&1; then + (command -v microdnf >/dev/null 2>&1 && microdnf -y install git ca-certificates tar gzip) \ + || (command -v dnf >/dev/null 2>&1 && dnf -y install git ca-certificates tar gzip) \ + || (command -v apk >/dev/null 2>&1 && apk add --no-cache git ca-certificates tar gzip) \ + || (command -v apt-get >/dev/null 2>&1 && apt-get update && apt-get install -y git ca-certificates tar gzip) + fi + # Prepare auth if provided + HOST=$(echo "$SERVER_URL" | sed -E 's#https?://([^/]+)/?.*#\1#') + # Use token as password with a placeholder username + if [ -n "${GITHUB_TOKEN:-}" ]; then + printf "machine %s login %s password %s\n" "$HOST" "token" "$GITHUB_TOKEN" > $HOME/.netrc + chmod 600 $HOME/.netrc + fi + # Initialize and fetch exact commit + git init + git remote add origin "${SERVER_URL}/${REPOSITORY}.git" + git fetch --depth=1 origin "${GITHUB_SHA}" + git checkout -q FETCH_HEAD + - name: Podman login + env: + REGISTRY_USERNAME: ${{ secrets.dockerhub_username }} + REGISTRY_PASSWORD: ${{ secrets.dockerhub_password }} + working-directory: ${{ github.workspace }} + run: | + mkdir -p /var/lib/containers "$XDG_RUNTIME_DIR" + echo -n "$REGISTRY_PASSWORD" | podman login --username "$REGISTRY_USERNAME" --password-stdin "$REGISTRY_SERVER" + - name: Build image + id: build + working-directory: ${{ github.workspace }} + run: | + set -euo pipefail + HASS_VERSION=$(grep -E '^FROM ' Dockerfile | head -n1 | cut -d ':' -f 2) + echo "HASS_VERSION=$HASS_VERSION" >> "$GITHUB_OUTPUT" + echo "== Building ${RELEASE_IMAGE_NAME}:${GITHUB_SHA}" + podman build --pull-always --format docker -t "${RELEASE_IMAGE_NAME}:${GITHUB_SHA}" . + - name: Push images (SHA and HASS_VERSION) + working-directory: ${{ github.workspace }} + run: | + set -euo pipefail + echo "== Publishing ${RELEASE_IMAGE_NAME}:${GITHUB_SHA}" + podman push "${RELEASE_IMAGE_NAME}:${GITHUB_SHA}" "docker://${RELEASE_IMAGE_NAME}:${GITHUB_SHA}" + echo "== Publishing ${RELEASE_IMAGE_NAME}:${{ steps.build.outputs.HASS_VERSION }}" + podman push "${RELEASE_IMAGE_NAME}:${GITHUB_SHA}" "docker://${RELEASE_IMAGE_NAME}:${{ steps.build.outputs.HASS_VERSION }}" + - name: Logout + if: always() + run: | + podman logout "${REGISTRY_SERVER}" + - name: Notify via Pushover on failure + if: failure() + run: | + curl -s \ + -F "token=${{ secrets.PUSHOVER_TOKEN }}" \ + -F "user=${{ secrets.PUSHOVER_USER }}" \ + --form-string "title=HomeAssistant Build Failed" \ + --form-string "url=${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ + -F "message=Workflow failed on ${{ github.repository }}" \ + https://api.pushover.net/1/messages.json + + promote-and-deploy: + if: github.event_name == 'workflow_dispatch' + runs-on: docker + container: + image: quay.io/podman/stable:v5.4 + options: >- + --privileged + --security-opt seccomp=unconfined + --device /dev/fuse + --user root + env: + CONTAINERS_STORAGE_DRIVER: vfs + BUILDAH_FORMAT: docker + XDG_RUNTIME_DIR: /tmp/run + SHA_INPUT: ${{ inputs.sha }} + steps: + - name: Podman login + env: + REGISTRY_USERNAME: ${{ secrets.dockerhub_username }} + REGISTRY_PASSWORD: ${{ secrets.dockerhub_password }} + run: | + mkdir -p /var/lib/containers "$XDG_RUNTIME_DIR" + echo -n "$REGISTRY_PASSWORD" | podman login --username "$REGISTRY_USERNAME" --password-stdin "$REGISTRY_SERVER" + - name: Promote latest from SHA + run: | + set -euo pipefail + SHA_TO_PROMOTE=${SHA_INPUT:-${GITHUB_SHA}} + echo "== Promoting ${RELEASE_IMAGE_NAME}:${SHA_TO_PROMOTE} into production" + podman pull "docker://${RELEASE_IMAGE_NAME}:${SHA_TO_PROMOTE}" + podman push "${RELEASE_IMAGE_NAME}:${SHA_TO_PROMOTE}" "docker://${RELEASE_IMAGE_NAME}:latest" + - name: Logout + if: always() + run: | + podman logout "${REGISTRY_SERVER}" + - name: Notify via Pushover on failure + if: failure() + run: | + curl -s \ + -F "token=${{ secrets.PUSHOVER_TOKEN }}" \ + -F "user=${{ secrets.PUSHOVER_USER }}" \ + --form-string "title=HomeAssistant Promote Failed" \ + --form-string "url=${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ + -F "message=Workflow failed on ${{ github.repository }}" \ + https://api.pushover.net/1/messages.json + + deploy: + if: github.event_name == 'workflow_dispatch' + runs-on: docker + needs: promote-and-deploy + container: + image: bitnami/kubectl:1.32 + steps: + - name: Write kubeconfig + env: + KUBECONFIG_CONTENT: ${{ secrets.kubeconfig }} + run: | + echo "$KUBECONFIG_CONTENT" > kubeconfig + - name: Rollout restart + run: | + kubectl --kubeconfig=kubeconfig -n ${KUBERNETES_NAMESPACE} rollout restart deployment/hass + kubectl --kubeconfig=kubeconfig -n ${KUBERNETES_NAMESPACE} rollout status deployment/hass + - name: Notify via Pushover on failure + if: failure() + run: | + curl -s \ + -F "token=${{ secrets.PUSHOVER_TOKEN }}" \ + -F "user=${{ secrets.PUSHOVER_USER }}" \ + --form-string "title=HomeAssistant Deploy Failed" \ + --form-string "url=${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ + -F "message=Workflow failed on ${{ github.repository }}" \ + https://api.pushover.net/1/messages.json +