ci(workflows): split deploy workflow and rename publish -> build

- rename .gitea/workflows/build.yml top-level name from "publish" to "build" - remove workflow_dispatch inputs and deploy/promote jobs from build.yml - add new .gitea/workflows/deploy.yml containing: - workflow_dispatch input "sha" - promote-and-deploy job (podman login, promote/push, logout, failure notification) - deploy job (write kubeconfig, rollout restart/status, failure notification)
2025-11-20 13:46:55 +01:00
parent 2f2938455a
commit bb7872370c
2 changed files with 92 additions and 80 deletions
--- a/.gitea/workflows/build.yml
+++ b/.gitea/workflows/build.yml
@@ -1,15 +1,9 @@
 ---
-name: publish
+name: build

 on:
  push:
    branches: [ master ]
-  workflow_dispatch:
-    inputs:
-      sha:
-        description: Commit SHA to promote (defaults to dispatch SHA)
-        required: false
-        type: string

 permissions:
  contents: read
@@ -101,76 +95,3 @@ jobs:
            --form-string "url=${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
            -F "message=Workflow failed on ${{ github.repository }}" \
            https://api.pushover.net/1/messages.json
-
-  promote-and-deploy:
-    if: github.event_name == 'workflow_dispatch'
-    runs-on: docker
-    container:
-      image: quay.io/podman/stable:v5.4
-      options: >-
-        --privileged
-        --security-opt seccomp=unconfined
-        --device /dev/fuse
-        --user root
-    env:
-      CONTAINERS_STORAGE_DRIVER: vfs
-      BUILDAH_FORMAT: docker
-      XDG_RUNTIME_DIR: /tmp/run
-      SHA_INPUT: ${{ inputs.sha }}
-    steps:
-      - name: Podman login
-        env:
-          REGISTRY_USERNAME: ${{ secrets.dockerhub_username }}
-          REGISTRY_PASSWORD: ${{ secrets.dockerhub_password }}
-        run: |
-          mkdir -p /var/lib/containers "$XDG_RUNTIME_DIR"
-          echo -n "$REGISTRY_PASSWORD" | podman login --username "$REGISTRY_USERNAME" --password-stdin "$REGISTRY_SERVER"
-      - name: Promote latest from SHA
-        run: |
-          set -euo pipefail
-          SHA_TO_PROMOTE=${SHA_INPUT:-${GITHUB_SHA}}
-          echo "== Promoting ${RELEASE_IMAGE_NAME}:${SHA_TO_PROMOTE} into production"
-          podman pull "docker://${RELEASE_IMAGE_NAME}:${SHA_TO_PROMOTE}"
-          podman push "${RELEASE_IMAGE_NAME}:${SHA_TO_PROMOTE}" "docker://${RELEASE_IMAGE_NAME}:latest"
-      - name: Logout
-        if: always()
-        run: |
-          podman logout "${REGISTRY_SERVER}"
-      - name: Notify via Pushover on failure
-        if: failure()
-        run: |
-          curl -v \
-            -F "token=${{ secrets.PUSHOVER_TOKEN }}" \
-            -F "user=${{ secrets.PUSHOVER_USER }}" \
-            --form-string "title=HomeAssistant Promote Failed" \
-            --form-string "url=${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
-            -F "message=Workflow failed on ${{ github.repository }}" \
-            https://api.pushover.net/1/messages.json
-
-  deploy:
-    if: github.event_name == 'workflow_dispatch'
-    runs-on: docker
-    needs: promote-and-deploy
-    container:
-      image: bitnami/kubectl
-    steps:
-      - name: Write kubeconfig
-        env:
-          KUBECONFIG_CONTENT: ${{ secrets.kubeconfig }}
-        run: |
-          echo "$KUBECONFIG_CONTENT" > kubeconfig
-      - name: Rollout restart
-        run: |
-          kubectl --kubeconfig=kubeconfig -n ${KUBERNETES_NAMESPACE} rollout restart deployment/hass
-          kubectl --kubeconfig=kubeconfig -n ${KUBERNETES_NAMESPACE} rollout status deployment/hass
-      - name: Notify via Pushover on failure
-        if: failure()
-        run: |
-          curl -v \
-            -F "token=${{ secrets.PUSHOVER_TOKEN }}" \
-            -F "user=${{ secrets.PUSHOVER_USER }}" \
-            --form-string "title=HomeAssistant Deploy Failed" \
-            --form-string "url=${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
-            -F "message=Workflow failed on ${{ github.repository }}" \
-            https://api.pushover.net/1/messages.json
-
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -0,0 +1,91 @@
+---
+name: deploy
+
+on:
+  workflow_dispatch:
+    inputs:
+      sha:
+        description: Commit SHA to promote (defaults to dispatch SHA)
+        required: false
+        type: string
+
+permissions:
+  contents: read
+
+env:
+  REGISTRY_SERVER: docker.io
+  RELEASE_IMAGE_NAME: docker.io/genunix/homeassistant
+  KUBERNETES_NAMESPACE: hass
+
+jobs:
+  promote-and-deploy:
+    if: github.event_name == 'workflow_dispatch'
+    runs-on: docker
+    container:
+      image: quay.io/podman/stable:v5.4
+      options: >-
+        --privileged
+        --security-opt seccomp=unconfined
+        --device /dev/fuse
+        --user root
+    env:
+      CONTAINERS_STORAGE_DRIVER: vfs
+      BUILDAH_FORMAT: docker
+      XDG_RUNTIME_DIR: /tmp/run
+      SHA_INPUT: ${{ inputs.sha }}
+    steps:
+      - name: Podman login
+        env:
+          REGISTRY_USERNAME: ${{ secrets.dockerhub_username }}
+          REGISTRY_PASSWORD: ${{ secrets.dockerhub_password }}
+        run: |
+          mkdir -p /var/lib/containers "$XDG_RUNTIME_DIR"
+          echo -n "$REGISTRY_PASSWORD" | podman login --username "$REGISTRY_USERNAME" --password-stdin "$REGISTRY_SERVER"
+      - name: Promote latest from SHA
+        run: |
+          set -euo pipefail
+          SHA_TO_PROMOTE=${SHA_INPUT:-${GITHUB_SHA}}
+          echo "== Promoting ${RELEASE_IMAGE_NAME}:${SHA_TO_PROMOTE} into production"
+          podman pull "docker://${RELEASE_IMAGE_NAME}:${SHA_TO_PROMOTE}"
+          podman push "${RELEASE_IMAGE_NAME}:${SHA_TO_PROMOTE}" "docker://${RELEASE_IMAGE_NAME}:latest"
+      - name: Logout
+        if: always()
+        run: |
+          podman logout "${REGISTRY_SERVER}"
+      - name: Notify via Pushover on failure
+        if: failure()
+        run: |
+          curl -v \
+            -F "token=${{ secrets.PUSHOVER_TOKEN }}" \
+            -F "user=${{ secrets.PUSHOVER_USER }}" \
+            --form-string "title=HomeAssistant Promote Failed" \
+            --form-string "url=${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
+            -F "message=Workflow failed on ${{ github.repository }}" \
+            https://api.pushover.net/1/messages.json
+
+  deploy:
+    if: github.event_name == 'workflow_dispatch'
+    runs-on: docker
+    needs: promote-and-deploy
+    container:
+      image: bitnami/kubectl
+    steps:
+      - name: Write kubeconfig
+        env:
+          KUBECONFIG_CONTENT: ${{ secrets.kubeconfig }}
+        run: |
+          echo "$KUBECONFIG_CONTENT" > kubeconfig
+      - name: Rollout restart
+        run: |
+          kubectl --kubeconfig=kubeconfig -n ${KUBERNETES_NAMESPACE} rollout restart deployment/hass
+          kubectl --kubeconfig=kubeconfig -n ${KUBERNETES_NAMESPACE} rollout status deployment/hass
+      - name: Notify via Pushover on failure
+        if: failure()
+        run: |
+          curl -v \
+            -F "token=${{ secrets.PUSHOVER_TOKEN }}" \
+            -F "user=${{ secrets.PUSHOVER_USER }}" \
+            --form-string "title=HomeAssistant Deploy Failed" \
+            --form-string "url=${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
+            -F "message=Workflow failed on ${{ github.repository }}" \
+            https://api.pushover.net/1/messages.json